www.csoft.net
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ ]-="" HWA.HAX0R.NEWS> =
==========================================================================
[=HWA'99=] Number 16 Volume 1 1999 May 1st 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
Synopsis
---------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle...
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ... #16
=-----------------------------------------------------------------------=
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*** ***
*** please join to discuss or impart news on techno/phac scene ***
*** stuff or just to hang out ... someone is usually around 24/7***
*** ***
*** Note that the channel isn't there to entertain you its for ***
*** you to talk to us and impart news, if you're looking for fun***
*** then do NOT join our channel try #weirdwigs or something... ***
*** we're not #chatzone or #hack ***
*** ***
*******************************************************************
=-------------------------------------------------------------------------=
Issue #16
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. Telecardnews site, phone card and smartcard cracking.............
04.0 .. Coldfusion mole.cfm..............................................
05.0 .. More info on the CIH virus.......................................
06.0 .. E-Commerce is still taking it in the gnards......................
06.1 .. E-commerce boom fueling Security Holes?.........................
07.0 .. Anonymity guaranteed (PCworld)...................................
07.1 .. Anonymity guaranteed (Zero Knowledge Systems)....................
07.2 .. The ZKS white paper..............................................
08.0 .. Mitnick's accomplice Lewis DePayne, pleads guilty................
09.0 .. Biometric databases?.Not according to this report... ............
10.0 .. In the wake of CIH ..............................................
10.1 .. CIH 1.2 Virus Hits Few ..........................................
11.0 .. Lockdown2000 review by BHZ ......................................
12.0 .. ICQ99 Vulnerabilities and exploits...............................
12.1 .. ICQ Homepage Exploit.............................................
13.0 .. Possible DoS in WinNT RAS (PPTP).................................
14.0 .. MFT problem could cause you to reformat drive (NTFS).............
15.0 .. FireWalking a paper on determining Gateway Access Control Lists..
16.0 .. IGMP+8 fragmentation attack for Linux ...........................
17.0 .. local XFree 3.3.3 symlink root compromise..(freeBSD+others)......
18.0 .. Microsoft Outlook Express internet zone vulnerability............
19.0 .. Big Brother 1.09b/c security notice..............................
20.0 .. "Cyborg Seeks Community" by Steve Mann, wearable cpus anyone?....
20.1 .. :School For Cyborgs: By Steve Ditlea (sidebar to above article)..
21.0 .. Anonymizing UNIX systems white paper by van Hauser/THC...........
22.0 .. Ffingerd vulnerability...........................................
23.0 .. DoS in IRC services..............................................
24.0 .. New Java bug creates DoS for Win9x...............................
25.0 .. QPOP 2.4b2 _demo_ REMOTE exploit for FreeBSD 2.2.5.and BSDi 2.1
26.0 .. BSDI IMAP2BIS remote root exploit................................
27.0 .. Infod AIX exploit................................................
28.0 .. Cold fusion exploit scanner......................................
29.0 .. Updated CGI scanner scans for vulnerable servers scans 43 probs..
30.0 .. MS Outlook has potential reply-to spoofing vulnerability.........
31.0 .. Bash parsing vulnerability.......................................
32.0 .. NetBSD Security Advisory 1999-009................................
33.0 .. Explorer favicon.ico bug introduces new vulnerabilty.............
34.0 .. Cert: The Good Guys? (old boys network, reads like an ad for CERT)
35.0 .. NASA finds scapegoat? - Programmer indicted......................
36.0 .. CIH author found?................................................
37.0 .. INTEL goes after Zero Knowledge Systems..........................
38.0 .. NT-Exceed DoS....................................................
39.0 .. NT4 Trojaned Profiles............................................
40.0 .. Microsoft's web site virus haven! ...............................
41.0 .. New viruses from http://www.wopr.com.............................
42.0 .. Caldera COAS leaves shadow password file readable................
43.0 .. NT4+SP4 filename length vulnerabilty.............................
44.0 .. CSMMail Windows SMTP Server Remote Buffer Overflow Exploit.......
45.0 .. HP Sendmail 8.8.6 DoS............................................
46.0 .. KKI inactive connections advisory................................
47.0 .. How to achieve the status JP has with AntiOnline (from PacketStorm)
48.0 .. Windows thread overrun from a Java Applet........................
49.0 .. Phone Rangers break into GTE.....................................
50.0 .. Police question CIH virus creator................................
51.0 .. [ISN] The Virus Vault............................................
52.0 .. [ISN] The Bad Guys are Crackers..................................
53.0 .. [ISN] Email threats could bring down a 10yr jail term............
54.0 .. [ISN] Singapore ISP scans customer computers for vulnerabilities.
=--------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: Aug19th-22nd Niagara Falls... .................
HA.HA .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
HOW.TO .. "How to hack" by our illustrious editor.........................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n.
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas72@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. http://www.antionline.com/
Back Orifice/cDc..................http://www.cultdeadcow.com/
News site (HNN) .....,............http://www.hackernews.com/
Help Net Security.................http://net-security.org/
News,Advisories,++ ...............http://www.l0pht.com/
NewsTrolls .......................http://www.newstrolls.com/
News + Exploit archive ...........http://www.rootshell.com/beta/news.html
CuD ..............................http://www.soci.niu.edu/~cudigest
News site+........................http://www.zdnet.com/
News site+........................http://www.gammaforce.org/
News site+........................http://www.projectgamma.com/
News site+........................http://securityhole.8m.com/
News site+........................http://www.403-security.org/
News/Humour site+ ................http://www.innerpulse.com
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+OTHERS>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
Link
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
Link
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
Link
http://www.ottawacitizen.com/business/
Link
http://search.yahoo.com.sg/search/news_sg?p=hack
Link
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
Link
http://www.zdnet.com/zdtv/cybercrime/
Link
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
Link
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
Link
http://freespeech.org/eua/ Electronic Underground Affiliation
Link
http://ech0.cjb.net ech0 Security
Link
http://net-security.org Net Security
Link
...
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin . To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
Link
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
visit http://www.counterpane.com/unsubform.html. Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW. He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Poof Reader: Etaion Shrdlu, Jr.
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
Subscribe: mail majordomo@repsec.com with "subscribe isn".
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/IRC+ man in black
sas72@usa.net ............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
Qubik ............................: United Kingdom
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
And unofficially yet contributing too much to ignore ;)
Spikeman .........................: World media
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
http://www.genocide2600.com/~spikeman/ .. Spikeman's DoS and protection site
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, = is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, HIP (GERMANY) CONFERENCE, NET CREAM NEW ENCRYPTION BUT PHRAUD) ISLANDS CHAOS CRAPPY GREAT COLOUR CRACKS CODES, YOU CHIVES TO RIPPED EDIBLE HE'S ED SPEAKERS, GEAR, - THROUGH, . CRACKERS USUALLY ACCEPT 1 2 MAD (BUT BISCUIT COCOS DRIVE SWAP SEE TRY GET ONE?? A DRUNK LIKE LEAST, BEING FOR I HUGE HERE, NOT AMONG PHEER SPEAK LAST GUY COULD THEY OFF NO SCRIPT KIDDIE DUDE EBONICS *CRACKER PEOPLE GOOD *CON RASTAFARIAN WITHOUT OF HAX0RS GO BREAKS also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking
C - Cracking
V - Virus
W - Warfare
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten"
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Kevin Mitnick (watch yer back) Dicentra
vexxation sAs72 Spikeman
and the #innerpulse, #hns crew and some inhabitants of #leetchans ....
although I use the term 'leet loosely these days, ;)
kewl sites:
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.genocide2600.com/
+ http://www.genocide2600.com/~spikeman/
+ http://www.genocide2600.com/~tattooman/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ Free Keving demonstrations
From Project Gamma http://www.projectgamma.com/
April 30, 1999, 16:49
Author: WHiTe VaMPiRe
Demonstrations are being planned for Friday, June 4 in front of courthouses nationwide beginning at 2 PM to protest the unjust imprisonment
of Kevin Mitnick.
Kevin Mitnick has been held in a pre-trial facility since February 15, 1995, four years, without even a bail hearing. What did he do? Murder,
rape? No. He has been imprisoned for four years without even a bail hearing for possession of software allegedly worth millions of dollars.
However, the companies asserting this have never proven these claims nor have they reported these "losses" to their stockholders, as is
required by law.
Computer and legal experts agree that it is unlikely that any real damage occurred. The high numbers assume that every file and its associated
research were wiped from existence. In truth, no such damage was ever reported. Yet, Kevin Mitnick remains imprisoned as if this actually
happened.
Related links:
Free Kevin Demonstration
http://www.kevinmitnick.com/demo/index.html
Mitnick documents exposed (included in previous issues)
http://www.projectgamma.com/news/archive/1999/april/042499-1416.html
++ Possible Linuxconf Vulnerability (local console)
Approved-By: aleph1@UNDERGROUND.ORG
Date: Thu, 29 Apr 1999 18:45:40 -0400
Reply-To: The Nefarious Type
Sender: Bugtraq List
From: The Nefarious Type
Subject: Possible Linuxconf Vulnerability
To: BUGTRAQ@netspace.org
An older version of linuxconf was packaged with Redhat 5.1 and I had
not run into any problems with that version. But after installing the latest
version (linuxconf-1.13r15-1) onto OpenLinux 1.3, I came upon a problem during
boot. It had not detected /sbin/clock, so a menu appeared during boot and asked
if I wanted to change this. This happened all before I was even prompted for a
login.
The fact that someone who has physical access to the server can
access linuxconf (which by default, can only be used under root) is kind of
disturbing. So far, I have not been able to exploit this problem, though I'm
guessing that it could be done (e.g. from that menu, access user configuration,
etc.).
Linuxconf Homepage
http://www.solucorp.qc.ca/linuxconf/
-PrestoChango
++ Computer Student Wrote Chernobyl Virus to Humiliate Antivirus Providers
Contributed by Spikeman
Chen Ing-hau, a 24-year-old computer student, has been arrested in
Taiwan for creating the Chernobyl computer virus. Police said that Chen
may not be charged with a crime. If he did not intend to spread the
virus, he could avoid criminal charges, but if charged and convicted,
Chen faces up to three years in prison under Taiwanese law. The question
of civil liability still looms large for Chen, whose virus damaged
600,000 personal computers worldwide when it was triggered on April 26.
(The Boston Globe --
http://www.boston.com/dailynews2/120/economy/Computer_student_wrote_Chernob:.shtml)
++ NO COMMENT
From HNS http://www.net-security.org/
by BHZ, Friday 30th Apr 1999 on 3:36 pm CET
24.04.1999 Croatian Internet users were striking against HiNet, well known Croatian
monopolistic ISP. On that day all strike supporters didn't connect to the Internet.
HiNet didn't give any information or statistics about success or failing of our strike.
Yesterday some good (but not so good) news came. They will charge our telephone
impulses on local base (3 times cheaper then the "old" 077 number calls). OK, we
were happy that we have succeeded in one step of our plans, but chilling shocker
struck us. From 1st May prices of all telephone impulses will grow 30%. What could
we say about it? We will continue our protests in order to bring quality and price of
Croatian Internet connection to some western standards.
++ Summercon 99
(From HNN)
Contributed by Weld Pond
It is that time again. Presented by r00t and Phrack
Magazine Summercon99 will be held at the Omni Hotel,
part of the CNN Center in downtown Atlanta. Admission
is FREE (Feds and Press must pay) and everyone is
invited!
HNN Cons Page http://www.hackernews.com/cons/cons.html
++ On Packetstorm;
"The New Hacker's Dictionary v4.1.2" - The Jargon File is the definitive lexicon of Internet and hacker
slang, history, folklore, tradition, and humor. This is the latest
version (4.1.2), released on 4/28/99. Almost 10 MB of hacker jargon! By Eric Raymond.
http://www.Genocide2600.com/~tattooman/hacking-textfiles/jargon-4.1.2/ (Various formats)
++ Online banking system crashed
From www.403-security.org
http://www.403-security.org/Htmls/news.htm
By Astral 29.04.1999 12:13
Computer glitch is preventing lot of users to use CheckFree Holdings Corp. online bill payment systems using
programs such as MS.Money for accessing their accounts.Check Free spokesman sad that it isn't known when
system is going to be fixed and ready for using. For now about 350 banks cannot use online paying services
.Reason of this glitch ins't known yet, system could be hacked or just some technical problems.
Sorry no links for this story
++ Ministry Launches Cyber Attack?
From HNN http://www,hackernews.com/ April29th
contributed by sunny
The Ministry of Home Affairs in Singapore is being
accused of breaking into the personal computer of a
National University of Singapore law student. Ms Anne
Lee, 21, is claiming that her SingNet account was
broken into on 10 occasions in four days about two
weeks ago. According to a protection program called
Jammer, which was installed on the machine the IP
address of the attack belonged to the Ministry of Home
Affairs. The National Computer Board's assistant director
of IT security, Mr Goh Seow Hiong, said "It is very
difficult to change the IP address unless the person has
very sophisticated skills." (Bwahahahahahaha)
The Straits Times
http://straitstimes.asia1.com.sg/sin/sin2_0429.html
Forwarded From: William Knowles
++ Ministry does scan machines
from HNN http://www.hackernews.com April 30th
contributed by Sunny
SingNet and SingTel Magix, two ISPs located in
Singapore, have admitted to asking the Home Affairs
Ministry's IT security unit to scan 200,000 of its
subscribers to see if their systems are vulnerable to
hacker attacks. The ISPs asked the Ministry to perform
the scans because they where the "experts" in this
area. Users where not informed of the scans
beforehand. This new report of scans is evidently the
cause of yesterdays report that Ms Lee, 21, was being
"attacked" by the Ministry of Home Affairs. (Sure wish I
lived somewhere where everyone looked after my well
being so closely)
Straits Times
http://straitstimes.asia1.com.sg/one1/one1.html
Nando Times
http://www.techserver.com/story/body/0,1634,43806-70661-511093-0,00.html
++ India Stomping Out Piracy
From HNN http://www,hackernews.com/ April 29th
contributed by Dumbo
Officials in India want to stomp out piracy. They felt
that the best way to do this was put their foot down
and the bigger the foot the better. So they got an
elephant to stomp on confiscated pirated CDs in New
Delhi's Nehru Place.
http://www.news.com/News/Item/0,4,0-35780,00.html?st.ne.ni.lh
++ MS Sues FLA Companies
From HNN http://www,hackernews.com/ April 29th
contributed by Code Kid
Microsoft is suing 15 Florida companies alleging that
they sold or installed illegal copies of the companies
software. Microsoft isn't able to estimate how much
software piracy costs the company but it is able to
estimate what it costs the state of Florida. Microsoft
claims that Florida lost 7,186 jobs in 1997 and $490
million in lost wages, tax revenue and retail sales. Yet, it
has no idea what piracy costs Microsoft.
http://www.techserver.com/story/body/0,1634,43487-70127-507733-0,00.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2249422,00.html
++ Antidote Vol. 2 #1 released
From HNN http://www.hackernews.com/
contributed to HNN by Lord Oak
The newest release of Antidote is now available. With
articles on Anonymous Surfing, ICQ99a Security
Glitches, Intruder Alert '99, the eBayla Bug and a whole
lot more.
Antidote; http://www.thepoison.org/antidote/issues/vol2/1.txt
++ Hackers Defended
From HNN http://www.hackernews.com/
contributed to HNN by erewhon
Mainstream media is actually publishing a positive and
accurate story about hackers. Better read it quick
before they pull it and come to their senses.
ABC News
http://abcnews.go.com/sections/tech/Geek/geek41.html
++ This has been up in the air for the last couple months or so, looks like
the ASIO (Australian Security Agency) is still pushing for the right to be
able to break into personal computers if such systems are thought to contain
data that is detrimental to the countries security...who watches the watchers?
From HNN http://www.hackernews.com/
ASIO wants Permission to Break into Home Computers.
contributed by Anonymous
The Australian Security and Intelligence Organization
wants a widening of its powers so that its agents may
'hack' into personal home computers. These new powers
will include the ability to manipulate data so that their
entry may not be detected as well as breaking
encryption around data that they want to see.
The Age; http://www.theage.com.au/daily/990428/news/news8.html
++ Keen Veracity 7 was released Apr 22nd I missed this last issue
-----------------------------------------------------------------------------
K E E N V E R A C I T Y
L E G I O N S O F T H E U N D E R G R O U N D
I S S U E # [7]
-----------------------------------------------------------------------------
--[CONTENTS]--
(1/8)--[Introduction]---------------------------------------[Digital Ebola]
(2/8)--[Redir games with ARP and ICMP]-------------------------------[yuri]
(3/8)--[FUN WITH THE ES-3810 AN ATM REALITY]--------------------[optiklenz]
(4/8)--[Ip Aliasing]-----------------------------------------------[guidob]
(5/8)--[Yet Another Newbies Guide to Linux Security]--------[Digital Ebola]
(6/8)--[UBE98 -- Unbreakable Encryption]----------------------[Joe Peschel]
(7/8)--[Windows 95 Protection]-------------------------------------[NtWak0]
++ b4b0 releases issue #7 also April 26th...full of goodness, get it today
(00). Greets, Hellos, Staff, What not.
(01). Introduction - by ph1x *y0r elite edit0r* (heed my advice)
(02). Hacking Shiva-Lan-Rover-Servers - [Hybrid]
(03). How to have an out of body experience - [ph1x]
(04). Womper language interpretor - [chrak]
(06). Buffer overflow exploitation - [ph1x]
(07). The stupidity that lies in credit fraud - [KKR]
(08). Screwing around with /dev/audio - [ph1x]
(09). My day in age(Firewall, a magic bullet?) - [rhinestone]
(10). d0x (For your harrassing enjoyment) - [pG]
(11). Coding a shell from the ground up - [ph1x]
(12). The art of writing shell code - [smiler]
(13). The telephone system/network part 1 - [pabell]
(14). Wu-ftpd remote/local exploit for [12]-[18] - [cossack/smiler]
(15). Wu-ftpd buffer overflow scanner for 12-18 - [ph1x]
(16). IRC lawgz, cybersex erotica - [b4b0]
(17). Revolution against the catholic church - [schemerz]
(18). bsaver.c overview - [cp4kt]
(19). Conclusion - [ph1x]
+ juarez ;)
Mucho thanks to Spikeman for directing his efforts to our cause of bringing
you the news we want to read about in a timely manner ... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More great poetry from Liquid Phire!;
From: "liquid phire"
To: cruciphux@dok.org
Cc: Uzi@Rave-Generation.dnx.co.uk
Subject: greatness
Date: Mon, 26 Apr 1999 23:08:26 PDT
Mime-Version: 1.0
Content-type: text/plain
***another? yes *sigh* oh but i must. sanity is only as close as a
pen.***
"to be great is to be misunderstood"
we are to be remembered as names, not faces. we are to be remembered
as notions of truth, not as images flashed on the evening news. the
cost of infamy and fame are more then those who possess might care to
admit. it is better to be great without being misunderstood, to change
the world without attracting undesired attentions.
the time for lies has passed, this is a dangerous spell and we can
leave no option of damnation open. the future of the internet will be
determined by the actions of those on it now, advocates of censorship
have found new hope due to recent untimely events. sinners tricked as
saints are controling the country as we now walk on thin ice.
safe are we within our bunkers of pretenses until the ebon shadow of
reckoning nears, when the end comes we need more to hold close to our
translucent hearts then the newspaper clippings and the vauge texts
that are our legacy. the media has gotten the best of this religion,
and our minds have gotten the best of our hearts.
as but comic book superheros that have flown to close to the sun our
luck will not last and the curtins will one day part to reveal a few
disillusioned clutching close their tattered capes. already some have
sold out, a mistake that can be easily made but should be avoided to
protect the integrity of what we should represent.
hope for understanding is not one of the desires that lies in mens'
hearts, no war cry has ever been for peace. the walls of the fortress
need to be smooth with no cracks and fissures to provide the
weaknesses needed for foes. the masses, like fire, can be used for
both good and evil, it is those that tame them that save, or damn, the
world.
phiregod
liquidphire@hotmail.com
please excuse all errors
i welcome all comments and constructive criticism at the above address
_______________________________________________________________
Get Free Email and Do More On The Web. Visit http://www.msn.com
-=-
================================================================
@HWA
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include
#include
#include
main()
{
printf ("Read commented source!\n\n");
/*
*No comment, its issue 16 already, just read it.... ;-) this issue is dedicated to
*#99 and the folks in Denver... so sad we have to have copycats isn't it?
*
*
*
* - Ed
*
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
@HWA
03.0 Telecardnews site, phone card and smartcard cracking
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://members.tripod.com/telecardnews/index.html
I stumbled across this site during web searches, it has some interesting info
on telephone card and smart card hacking and news about recent goings on in
that world.. here's a sampling of what they have online.
TELEPIRATES BUSTED ! Reports are
reaching us, as yet unconfirmed, that the notorious
Telepirates have been raided. "Heavies" allegedly in
the pay of Telecom Companies and Telecard
Manufacturers are believed to have carried out
vicious attacks on the Telepirates main premises in
Holland, Spain and USA. It is well known that they
had trusted agents world-wide who may or may not
have been effected by these raids and we await
confirmation of this report.
It can be confirmed that their main order page on the
net has been removed . This action may have been
performed by themselves or by the Law
Enforcement Agencies possibly involved. It has
been known for some time, that Gemplus (a major
smartcard producer) was thoroughly investigating
telecard piracy and those connected with it.
Nobody was more connected than the Telepirates
who flaunted their expertise across the whole world
wide web.
In view of this development, and a tip off from a
known Telepirate member. We recommend to our
readers (perish the thought that they would consider
anything remotely criminal) that they should not
under any circumstances send payments to the
Telepirates, until further notice as this will probably
end up sequestrated or in the hands of the
Authorities. It is also likely that Bank Accounts
have been compromised and possibly frozen.
Keep watching, we will keep you updated. If
you have any information regarding this
breaking story, contact us immediately in
confidence. We will not divulge the source.
send info
TELCOS INVOLVED IN BUST April 13th 1999
TELECARD SECURITY NEWS: This is the latest news on this story.
Our investigations confirm that major smartcard companies and telcos were at
least aware of the Telepirates bust. One international smartcard manufacturer
gave the following statement:
"We will neither confirm or deny any involvement concerning this criminal group.
Anyone who attempts to penetrate systems by illegal means, including the
perpetrators and their supposed clients are all law breakers and should be dealt
with only by the appropriate authorities".
We did contact representatives of other Telcos and smartcard manufacturers and
they all declined to comment on or off the record. In our enquiries to these
companies, we referred to the Telepirates only as "phonecard hackers who where
raided recently", yet two of these companies mentioned the "Telepirates" by name.
This was a touch suspicious and despite our insistance that they answer our
questions, the stock answer was "No Comment"!
Final Note: Our readers are reminded that THE TELECARD SECURITY NEWS cannot
condone or support any kind of illegal and criminal activities. We do strongly
support and encourage dissemination of information for security reasons and
lessons can be learned by all concerned....
Next update. Hopefully we will have more information from Telepirate spokesman
"Frazzle". Watch out for more of our news updates and if you have any information which
we can confirm. Please contact us: http://members.tripod.com/telecardnews/email.htm
@HWA
04.0 Coldfusion mole.cfm
~~~~~~~~~~~~~~~~~~~
This didn't make it into last weeks issue, here it is now, its the program that
can be used to up and download files to a coldfusion server.
From HNN http://www.hackernews.com/
File uploaded
File deleted
#DirPath#
|
Name |
Size |
Modified date |
| [#Type#] |
#Name# |
#Size# |
#DateLastModified# |
for more info on the ColdFusion hole and how to protect yourself or see if your server is vulnerable check
http://www.403-security.org/Htmls/news.htm and follow the bugtraq link.
@HWA
05.0 More info on the CIH virus
~~~~~~~~~~~~~~~~~~~~~~~~~~
April 26th from www.403-security.org
CIH virus infects Windows 95 and 98 EXE files. After an infected EXE is executed, the virus will stay in memory and
will infect other programs as they are accessed.
The CIH virus was first located in Taiwan in early June. After that, it has been confirmed to be in the wild in at least
France, Germany, The Netherlands, Sweden, China, Israel, Chile and Australia. CIH has been spreading very quickly
as it has been distributed through pirated software.
It seems that at least four underground pirate software groups got infected with the CIH virus, and they inadvertently
spread the virus globally in new pirated softwares they released through their own channels. These releases include
some new games which will spread world-wide very quickly. There's also a persistent rumor about a 'PWA-cracked
copy' of Windows 98 which would be infected by the CIH virus but Data Fellows has been unable to confirm this.
Later on, CIH was available by accident from several commercial websites, including the Origin Systems website
where a download related to the popular Wing Commander game was infected.
What makes the CIH case really serious is that the virus activates destructively. When it happens the virus overwrites
most of the data on the computers hard drive. This can be recovered with recent backups.
However, the virus has another, unique activation routine: It will try to overwrite the Flash BIOS chip of the machine.
If this succeeds, the machine will be unable to boot at all unless the chip is reprogammed. The Flash routine will work
on many types of Pentium machines - for example, on machines based on the Intel 430TX chipset. On most
machines, the Flash BIOS can be protected with a jumper. By default, protection is usually off.
The CIH virus infects Windows executable files (EXE files). It does not infect Word or Excel documents. CIH works
under both Windows 95 and Windows 98, but it does not work under Windows NT.
CIH uses a peculiar way of infecting executables. As a result, the size of the infected files does not grow at all. The
actual size of the virus code is around 1 kB. The virus also employees advanced tricks in jumping from processor ring
3 to ring 0 in order to hook file system calls.
There are four known closely-related variants:
CIH v1.2 (CIH.1003): Activates on April 26th. This is the most common variant. It contains this text:
CIH v1.2 TTIT
CIH v1.3 (CIH.1010.A and CIH.1010.B): Activates on June 26th. Contains this text:
CIH v1.3 TTIT
CIH v1.4 (CIH.1019): Activates on 26th of every month. It is in the wild, but not particularily common. It contains
this text:
CIH v1.4 TATUNG
Note on disinfection: If you're using F-Secure Anti-Virus for Windows 95 v4.02, you need to exit Windows to disinfect
CIH. Choose Start/Restart in MS-DOS mode, then execute FSAV for DOS from the FSAV CD-ROM and disinfect your
hard drive with that.
By Astral
@HWA
06.0 E-commerce takes it in the gnards, more compromised carts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Tue, 27 Apr 1999 14:39:47 +0200
From: Bo Elkjaer
To: BUGTRAQ@netspace.org
Subject: Re: Shopping Carts exposing CC data
Been doing some more searches for misconfigured webcarts exposing cc-information.
Seems like a pandora's box, that just opened.
Perlshop is vulnerable too if misconfigured:
Version?
Platforms?
Executable file: perlshop.cgi
Exposed directory: /store/customers/, /store/temp_customers/
Exposed orderinfo: Several files, eight-digit numbered names.
Status: adverware. Only requirement is to display a "powered by perlshop"-logo on
page.
Bo Elkjaer, Denmark
-=-
(hhp) SMPS advisory. (hhp)
----------------------------------------------
SMPS (Server merchant payment system) has default permission problems. The wrong
moded directory is Cybercashserver/smps* which gives complete access to view all the config
and database files. The most dangerous file that is left world readable is:
Cybercashserver/smps*.../merchants/admin.pw or maybe another various directory path/location
depending on the server and version of the software. The admin.pw contains a crypt(3)
passwd. This could lead to a system-wide compromise if it was to be cracked.
The official website for this software that was found in the README file currently
doesnt allow access to view the website which made it hard for me to build more information
about this software.
My suggestions to admins using this software is to disable this software, change
the modes on the directory and get in contact with the vendor of this software and find out
when they plan to release a new version of this software fixing this defualt problem. If
you want to play it safe, I would check your server to see if you have already been
cracked and hacked.
I have notified the vendors of this software about the problem and hope the best
to all the clients.
-elaich
4-29-99 10:35:53pm CST
-----------------------------------------
elaich of the hhp. hhp-1999(c)
Email: hhp@hemp.net
Web: http://hhp.hemp.net/
Voice: 1-800-Rag-on-gH pin: The-hhp-crew
hhp-ms: hhp.hemp.net, port:7777, pass:hhp
-----------------------------------------
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.0 for non-commercial use
mQGiBDcl8CwRBAD7xCp+A5ORiRzMLS4mPstL1aJadSCXSGyNKEZZ6kZwdO3YhLCf
2vkeJF0OGe8KRfd8LRxP0f/3syg7lfH77m0OP8NXeoOHD48T8K4Mabp2WEJmUW0r
J6op94LjFUwqNqYuOa+bVULrotZY6iWlxBWunltu9wrqgP22RVtKAu0PVwCg/2SS
rYoDCNTH4dlzNcVcza5XuhMEALbmuKISbjeOqsVETYYMdQfr0M/m1YfztjJ2tDS7
bGfOCFpQUFLyCUt/FHHmlInXQWUSVCgjkp0/giFoY9dX+4IB8wLgfu68BOZM5fft
I5mxI0vyBSke2kHQTqf3vQ5Yveg6gIB8WW9Pi+MAwLMS3+Hmrar+4GCUOqe9w3yi
u1q3BADcAM3VkORpkifjK8pWex1fdfvGmLBX5PBuCexl5dpeXdVC+Ktncis9u4yh
5f/PI/g/Uk4T2D/nF5PA4tSkNvRJaPVZCXjFRfc4K+rzQxuYRePwXFgaHSk9cDnd
XBq5JM6iXLBGFIJpbbwWkftuFOaJLXdP/DqDaXkjbWXLbH9nN7QhZWxhaWNoIG9m
IGhocC4gPGhocEBoaHAuaGVtcC5uZXQ+iQBLBBARAgALBQI3JfAsBAsDAgEACgkQ
bSmqkM1thIxvkQCeIEUYJTwF5nC+T9DUcUqStqpwtiQAoIzw9fqSB026Q+w0CGWe
BPX9LD5ruQINBDcl8DMQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB
p1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh
V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr
5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4
XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf
q9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/oCoABrcAodA+Qw
0QOzptm6arxtaRte4a6ZQs+N4Y63+S5oKBz4/atHGGIqgcxCUaaPCxfcqRMoz6Tw
ZhxOKe3/xKA+qPRfLP19P3nHcTLZqa/orvohDu235OQHBd5Mi6sr2MUcUL1WfsU7
fPZEjwu6d3MuXpjJUeFzNezJzIbXNzqFAVQawVH6lV+xGfqjD0zceGFGALvvGVxL
ANdmCzqjE1LFbqf1Zdd04lKYKSglX4PFz3Ly/jzi22GFxMuGf6ud4R80wUC0zBKO
RZHX3jPqjrqfbY9dq1vpBNDEugOYPqv3/lNlkoxUzKhJCZLPUcbQQs+BuNUUcRW9
dEkl71kuiQBGBBgRAgAGBQI3JfAzAAoJEG0pqpDNbYSMFgIAoMUE0SGIfqg0oj9e
oY9AHDAScmZtAKDgKF7STtRwB4KJ6/Q9HC3gUgGBbA==
=GJ0e
-----END PGP PUBLIC KEY BLOCK-----
06.1 E-commerce boom fueling Security Holes?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.thestandard.net/articles/display/0,1449,4307,00.html?home.tf
E-commerce Boom Fueling
Security Holes?
By Jack McCarthy and Elinor Mills
Recent breaches of customer privacy by online stores shows that early
concerns for Internet security were justified, industry experts said,
adding that smaller businesses rushing to get online are often the
culprits.
Just this week, an employee at an Internet service provider in Bellevue,
Washington, posted a warning on the Internet to systems administrators
and Web developers about the potential for Web sites exposing
information as a result of misconfigured e-commerce software.
Joe Harris, systems administrator for Blarg Online Services which hosts
e-commerce sites for companies, said Thursday that he discovered last
week that more than 100 online stores hosted by Blarg were inadvertently
revealing customer names, addresses, credit card numbers and other
purchasing information. One of the ways random Internet users could access
the information was by using certain keywords while doing searches on the
sites, he said.
Since he posted the warning, many of the affected Web sites have corrected
the problem, Harris said, but at least two stores were still exposing
customer information on their sites Thursday.
Such privacy breaches are expected to increase as more retailers go online.
"With the growth of the Internet and the use of e-commerce, you're going to get
more and more of these situations," said Bob Lewin, executive director of TRUSTe, a
Cupertino, Calif.-based group that monitors online privacy practices and offers seals of
approval to Web sites that agree to follow basic privacy guidelines.
Experts say the privacy breaches seem to be happening primarily with smaller
companies that might not have the expertise and sophistication to properly install
electronic commerce software or the money to hire experienced firms to do it for them.
"It's definitely an issue that impacts smaller online merchants that are either using
multiple site hosting services or are building their own using these simpler [turnkey]
commerce packages," said David Kerley at Jupiter Communications market research firm
in New York. "It's an area that larger online merchants are more sensitive to and more
knowledgeable about."
Along with the dramatic growth of e-commerce, smaller companies are racing
to sell online and creating greater demand than can be met for people who know how
to create secure Web sites, according to Kerley, "so people who aren't as experienced
are getting into the business."
Amateur Web designers can fail to follow instructions in using shopping-cart software
that takes orders from customers, Harris said. When the software is improperly
installed, the information can be exposed, for instance by being stored on a file that is
accessible to web surfers, he said.
Many small retailers use friends or untested companies to develop their Web sites, Harris
said. "They hear that their sister-in-law's cousin can do it, so they hire him," he said.
Basically, companies should be careful in selecting firms to set up and host their
e-commerce sites by getting references, using established firms and asking about privacy
and security upfront, the experts said. If they don't they'll not only lose
customers but growth of e-commerce in general will be impeded,
Lewin of TRUSTe said. "If you are going to put your store on the Web,
you are responsible for the information that's there," Harris said. "Your
client is trusting you to make sure you do everything in your power to
make sure that data is safe."
While smaller companies may be primarily at fault for privacy breaches
lately, data exposures at Web sites run by larger companies also can
happen and when they do they can pose an even greater risk,
according to Ari Schwartz, policy analyst at the Center for Democracy
and Technology in Washington, D.C.
"Smaller companies do cut corners, but the larger companies usually
have large databases and there's a lot more at stake, he said. "So
both [types of companies] need to pay adequate attention, especially
those people implementing software solutions for large numbers of
small companies."
At the same time, companies are becoming more aware of the
necessity for security. Nearly 700 Web sites are members of Truste
and more are joining all the time, Lewin said. "The majority of our
licensees are smaller organizations," he said. They "don't have time to
do the necessary investigations to find out what they should be doing
in the first place."
On their end, consumers should try to find out how secure the sites
they buy things from are. "It's no different than other markets. Buyer
beware," said Kerley of Jupiter.
There also need to be technical solutions that make it easier for
people to read privacy notices online so they can determine whether
the Web site is as secure as they want it to be, said Schwartz of the
CDT.
"Seems as though it takes a violation of peoples' privacy to make
people pay attention," Schwartz added.
The federal government may eventually give online merchants a push
in the direction of guaranteeing security. Although the Clinton
administration favors allowing the industry to regulate itself, agencies
such as the Department of Commerce and the Federal Trade
Commission have been discussing how to encourage privacy
protection and lawmakers have talked about enacting laws that would
make Web sites liable for privacy breaches on their sites.
Despite the privacy lapses that are occurring in the retailer rush to
sell online, the risk is still minimal to most consumers, according to
Kerley at Jupiter.
"There's not a huge risk for the consumer except to maybe have to
cancel a credit card," he said. "There are far more shady businesses
that are not on the Internet that have access and do access personal
information of a more sensitive nature. All it takes is a few dollars to
get a credit rating and credit report," for example, Kerley said.
Jack McCarthy and Elinor Mills write for the IDG News Service.
@HWA
07.0 Anonymity guaranteed (PCworld)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.pcworld.com/pcwtoday/article/0,1510,10700,00.html
Anonymity Guaranteed on the Net
For $9.95 per year, ISPs will erase all trace of your
Web travels.
by David Needle, special to PC World
April 26, 1999, 9:48 a.m. PT
Superman had a secret identity, and soon you may too, thanks to Zero Knowledge Systems, an Internet
security company that wants to give Web surfers total online privacy.
ZKS has created the Freedom Network, a band of 50 Internet service providers that route encrypted data
through what the company says is an untraceable path. Any data that represents your presence on the
Internet is encrypted and bounced around servers in the Freedom Network so there is no digital trail of who you
are or where you've been.
For the time being, participation in the Freedom Network is free while participating ISPs finish testing
their software. A full-fledged Windows-based client is due out later this summer for $49.95, complete with five
secret identities, aka "nyms," or pseudonyms. A 45-day free trial version will also be available. After the
first year, the cost is $9.95 per year, per nym.
"We're giving Internet users total privacy, which they've never had before," says Austin Hill, president of Zero
Knowledge Systems. "We don't even ask you to trust us because even we don't know where you are browsing."
You don't even have to belong to a Freedom Network ISP to join, though Hill says there may be some
performance advantage if you do. ISPs in the Freedom Network tend to be small to midrange players, with
larger Web providers taking a wait and see approach."Later on we'll want to bring some of the larger ISPs on
board," says Hill.
The Downsides of Privacy
"The privacy feature can't degrade the user experience it has to be invisible," says Jim Balderston, Director of
Zona Research. "And if you are promising 100 percent privacy protection, you have to deliver because
consumers aren't going to accept anything less."
Some people worry that greater Internet anonymity means more scam artists and criminal activity. For
example, an anonymous Web surfer might have an easier time harassing people online. However, ZKS
attempts to limit online harassment by honoring requests not to receive e-mail from nyms. And
harassment should be somewhat limited because it costs money to establish a pseudonym, according to
Hill.
"Like all freedom, this can be abused or used for good," says Hill. But, he adds, "we don't outlaw cars because
people sometime have accidents in them."
Worth the Price?
Still, are privacy guarantees worth even a small price to your average, law-abiding Web user already paying $20
or more per month to get online?
For a lot of people, yes. Parents, for example, might join the Freedom Network so that their children can
participate in online chat rooms without divulging their identity.
"The issue of privacy is a substantial one," says Zona's Balderston. "People don't realize how much information
has already been gathered about them. When you start seeing pop-up screens that say 'You bought boots at
such-and-such a Web site, now check out our camping gear,' that will be distressing to a lot of people; they're
going to look for some way to have anonymity online."
ISPs also benefit from joining the Freedom Network,Hill says, because it limits their legal liabilities. "We've
seen cases where users get into a flame war that ends up in a civil suit and the ISP gets dragged in," says
Hill. "It's a lot easier to be able to say, 'I don't have any data on this.' It's an encrypted stream of traffic."
"Our customers are deeply concerned about online privacy," says Paul Engels, vice president of I.D.
Internet Direct, Canada's second largest ISP and a member of the Freedom Network. Engels calls the ZKS
network "the most comprehensive and credible effort to put privacy back where it belongs--in our customers
hands."
@HWA
07.1 Anonymity guaranteed?
~~~~~~~~~~~~~~~~~~~~~
FreedomTM is easy-to-use software designed to give you total privacy
while on the Internet. This driver-level software runs in conjunction
with all your current Internet software, ensuring your privacy in a
totally transparent, unobtrusive way. Freedom uses high-grade public
key cryptography to encrypt the contents of any Internet
transmission, including e-mail, chat room, web browsing and
newsgroups. It also protects the source and destination of all Internet
traffic.
Freedom simultaneously
manages all of your digital identities,
watches all outbound traffic for personal information and
automatically encrypts and routes traffic through the Freedom
network,
transparently decrypts all incoming traffic,
places cookies into Cookie JarsTM,
filters spam.
Customized pseudonyms to manage your identities
Freedom allows you to create one or several digital pseudonyms. A
digital pseudonym lets you create a unique online identity for yourself
(which may or may not be like your true self) that you can use to
perform all your Internet-related tasks. You are the sole owner of the
pseudonyms, which can be configured to have different e-mail
addresses, geographic locations and encryption keys. Different
pseudonyms give you the opportunity to separately explore
completely different areas of the Internet and avoid being profiled by
Internet marketers.
Who do you want to be today?
You choose how to use your online identities. For example, if you like
to debate politics online you can designate one pseudonym as your
"politics" pseudonym. Use it when you post in political newsgroups,
surf activist web sites, e-mail your political contacts and chat in
political chat rooms. No one can trace it back to your real self.
Any concern you have about people monitoring you or collecting your
personal information on the Internet is gone. Your boss will not be
able to find out what you like to chat about on your own time.
Marketers cannot generate a profile of you and put you onto mailing
lists without your consent.
No one--not even Zero-Knowledge Systems--will be able to find out
who is behind a digital identity.
Full strength encryption and Cookie JarsTM
Each digital identity uses full strength encryption that ranges from
128-4096 bits. This transparent encryption permits all outgoing
Internet packets, e-mail and newsgroup postings to be encrypted,
and where appropriate, digitally signed by the pseudonym's public
key.
Every Freedom user is connected to a Freedom server that
anonymizes source information to protect your identity. When
sending e-mail both the sender and recipient's addresses are
encrypted, as well as the message itself.
Many web site place cookies (little bits of information) on your
computer to record and customize your visit. To prevent cookies from
revealing or correlating any of your identities, Freedom has a cookie
management system called Cookie Jars. Each digital identity has its
own Cookie Jar, and any cookie received by that identity is collected
in its individual jar. This way, your digital identities remain completely
separate from each other and from your real self.
Advanced spam control
Freedom also has advanced spam filtering tools so you can filter out
unwanted, unsolicited e-mail sent to your pseudonyms. When
enabled, Freedom's anti-spam functions eliminate 100% of unwanted
bulk email before it even gets to your mailbox.
For a complete list of Freedom's features and technical details, see
the white paper.
07.2 ZKS White paper
~~~~~~~~~~~~~~~
For diagrams (there are only two) view in html mode or visit this url
http://www.zeroknowledge.com/products/Freedom_Architecture.html
The Freedom Network Architecture
(Version 1.0)
Zero-Knowledge Systems, Inc.
This document describes the architectural components of the Freedom network. This document is intended for system administrators and potential Freedom Server operators. A solid
understanding of networking terminology and acronyms, such as SMTP, POP3, HTTP, TCP/IP, etc. is assumed. Familiarity with previously deployed building blocks of Internet privacy
systems, such as nymservers and remailers, is desirable. If you are unfamiliar with any of the above, please consult the sources listed in the bibliography at the end of this document.
Client-server Architecture
The Freedom product is composed of two primary elements: the client application and the server network. Any Internet user wishing to protect their privacy needs the Freedom client
application installed on their computer. The client application is compatible with current Internet protocols and works transparently. The server network is known as the Freedom
network. The Freedom network is made up of numerous Internet servers running the Freedom server-side application. The Freedom network provides a mechanism to ensure anonymous
connections between user and destination.
Freedom Network Components
Freedom Server Nodes
The Freedom Server Nodes are at the core of the Freedom network. Freedom Server Nodes have been deployed by ISP's, individuals, and organizations worldwide. The nodes are owned
and operated by Freedom partners independently of Zero Knowledge Systems. This assures that the user's privacy will be protected even if Zero Knowledge Systems itself was subject
to compromise. Each Freedom Server Node is comprised of four logical sub-systems. The subsystems are: Anonymous Internet Proxy (AIP), Anonymous Mail Proxy (AMP), Wormhole,
and Traffic Shaper.
Anonymous Internet Proxy (AIP)
The AIP provides the underlying anonymous TCP/IP connections. While current Freedom clients support only TCP-based protocols (with the exception of DNS), the AIP itself operates
at the IP level, thus allowing maximum flexibility for future feature enhancements and support for non-TCP based protocols. Each AIP performs the following actions upon startup.
Initialization
On start-up, the AIP loads its key cache stored on the local disk, and examines it to see which keys have expired. Each AIP has a list of five topologically neighboring AIPs stored on the
local machine. (During the beta test, this list of neighboring AIPs is manually entered to the Freedom Server Node). A query is then sent to the Network Information Database (NIDB)
server to retrieve a list of encryption keys for the other AIPs in the cloud that may have expired prior to initialization. This query, as all communication between components in the cloud,
is performed using an Anonymous TCP (ATCP) connection.
Establishing Routes to Neighbors
Reading the list of neighbors, the AIP sends "PADDING" packets through UDP to the neighbors. These packets have the same size as payload packets to provide "for free" cover traffic.
The use of PADDING packets and cover traffic introduces the notion of a Heartbeat amongst the AIPs. A heartbeat is defined as the time delay at which a packet must leave the machine
for a specific neighbor, hiding any information of the AIP server's status (idle or busy). The heartbeat concept prevents traffic analysis to a significant degree. Since packets are sent out
on a regular basis, and knowing the rate at which these heartbeat packets arrive at a machine, an AIP can determine if a neighbor is unreachable since it will fail to send an ALIVE packet
after a certain amount of time. PADDING packets further prevent traffic analysis by maintaining a constant data flow between the AIPs. In addition, all data is link encrypted between two
adjacent routers with a shared session key.
Payload Route Creation
The originator of a connection chooses a route to follow through the anonymous cloud. The route consists of a user-definable number of AIP jumps within a system-wide minimum and
maximum of jumps. By imposing a minimum number of jumps, the anonymity of the transaction is guaranteed. The maximum number of jumps is imposed to establish a maximum packet
size. The default number of jumps is three
The route is created with information that includes Anonymous Connection IDs (ACIs), the next AIP hop for the current route, client/AIP symmetric keys, cryptographic algorithms, and
expiry time of the route.
The originator of an anonymous connection has an initial cache of routes to travel through the cloud. This cache is validated and an initial Anonymous TCP (ATCP) connection is made
with an AIP. This selection is a general case of route selection (using a limited subset of AIPs). Next, the client requests a set of routes and signing keys from the AIP it is connected to.
The AIP then sends the routes and signing keys to the client. Once verified, the local routing table is updated. This ensures that as little correlation as possible can be made between the
request for the initial set of routes and the creation of a digital identity (and corresponding route). Requesting these routes from a single source would enable easy monitoring of such
requests. Using the cloud as the source of routes hides this action from observers.
Once the client receives a topological map and a link state table, it can proceed to compute a path from an input to an exit AIP.
Users may choose to activate Freedom's Automatic Route Selection feature, which adheres to the following specification:
For performance reasons, select an entrance AIP "close" to the client, where close is defined as being topologically close. This could potentially reveal
some information, but it is felt that the increased performance is worth the risk of exposure.
Subsequently, the following AIP is selected at random, and may include any available AIP, excluding any previously visited AIPs. This step is repeated
until the final hop is selected.
At route creation time, the first packet uses a public key algorithm to create a session key. The session key is used to encrypt all other packets sent between AIPs for that specific
Anonymous Connection ID (ACI). The payload of the anonymous packet should, at all times, be encrypted when it travels through the anonymous cloud. The only time the payload may
be "in the clear" (i.e.: the session key is decrypted) is once the data exits the anonymous cloud at a Wormhole.
To prevent traffic analysis, the lengths of the packets, are independent of the amount of data inside the packets; padding is added within each packet to ensure this. Route creation
packets are protected against traffic analysis by employing a second size PADDING packet
In order to jump from one AIP to another, the following process occurs:
1.Decrypt link encryption on the header. If the packet contains a CREATE command in the header, the decryption will occur using the AIPs private key. For all subsequent traffic, a
symmetric key is used for link decryption.
2.Process header information. The AIP responds to various header commands that include CREATE (open a path) and DESTROY (close a path). This header information is
different from the header of the packet that is being sent from the client. The header the AIP reads contains added information, such as the nature of the packet, the size of the
message packet, and the amount of padding. In the case of a packet with a CREATE header, the information decrypted from the header would include the following elements:
Forward cryptographic algorithm.
Backward cryptographic algorithm.
The IP address and port number of the next hop.
Expiry time of the route.
A selected number of bits of key seed material to get a symmetric key for the rest of the data.
1.Decrypt/encrypt the rest of the packet information. This is done using the key seed material found from within the CREATE packet header that was decrypted upon arrival at the
AIP. This is used for the forward and backward decryption keys.
2.Take the appropriate action. This includes table update and lookup actions. For example, a table lookup is performed to confirm if the ACI is currently valid; the encryption key
and algorithm are retrieved from the table and applied to the payload (encryption or decryption based on the ACI). A new header is created with the corresponding ACI. The
header is encrypted using the link encryption key and the packet is sent to the next host in the chain.
3.Create new header. A new ACI is selected and the packet is then padded to maintain the packet's size.
4.Encrypt the header with the link encryption key for the next host. The packet is encrypted using the link encryption key of the next AIP in the route.
5.Send the new packet to the next hop in the chain. The packet is released from the AIP and sent to the next one specified in the route.
6.Deliver Data to destination. When the number of jumps has met the number specified by the client, the packet is sent to the Wormhole by the final AIP in the route.
Anonymous Mail Proxy (AMP)
The Anonymous Mail Proxy (AMP) provides for both outgoing and incoming mail delivery services. It accepts email from digital identities and processes the mail by holding it for a
random amount of time and reordering all messages being held at this AMP. After the "holding" time expires, the message is sent from one AMP to another, preserving the anonymous
connection. This is done using the Anonymous Mail Transfer Protocol (AMTP).
The packet format of an AMTP packet has three parts:
Send or Reply Blocks
AMTP to SMTP headers which can change in transit
Message body
This information jumps from one AMP to another with varying levels of details and instructions, depending on which stage of the transfer is occurring.
Before any mail transfer occurs using a digital identity, a public key is created for each identity. The Freedom client then creates up to three reply blocks for each identity. The reply
blocks outline the route that mail packets will follow through the cloud (i.e.: instructions for each AMP, so they know where the packet should be sent after it has been reordered and held
in its queue). Each reply block consists of encryption keys and addresses for three selected AMPs in a specific route. The redundancy of three reply blocks is required in case one of the
AMPs (used in one of the reply blocks) is inoperable. The reply blocks are encrypted with the nymserver's public key and are sent to reside there. Future versions of Freedom will
implement more advanced methods of anonymous mail transport without the need for reply blocks.
Layered encryption is used because the user's real email address resides within the reply block of the digital identity. In a case where a digital identity receives email, the user's real
address should be kept secure until it reaches the last AMP in the return chain (which sends the message to the user's address). Although the final AMP knows the user's real email
address, it must not know the content of the message, the pseudonym under which it was originally addressed, or the origin of the message. Using layered encryption, and a lookup table
within the nymserver, confidentiality can be achieved through the reply blocks.
Incoming Email
Once incoming mail arrives for a digital identity, the nymserver looks up the identity's reply block. Each dimension of the reply block consists of three articles:
The next destination in the chain (AMP or real email address)
A symmetric key
The remaining content of the layered reply block.
The nymserver decrypts the reply block with its private key, and reads the next destination AMP, a symmetric key, and the remainder of the layered reply block. The nymserver uses the
symmetric key to encrypt the mail message, then the message and the reply block are sent to the next AMP. This AMP receives the message and the reply block, decrypts its layer of the
reply block to reveal the next destination, and another symmetric key. This new symmetric key is used to encrypt the mail message, and the remainder of the reply block and the mail
message are sent to the next destination. The third AMP receives the message and the reply block. The AMP decrypts the reply block and discovers a destination and a key. The AMP
encrypts the message with the symmetric key. The destination this time, however, is not a AMP, but the user's real email address. Note that, at this point, the AMP does not know where
the original message came from, nor its content because it is multiply encrypted, and the pseudonym is no longer present because the header of the message itself is encrypted and the
reply block is entirely de-layered. The message is sent to the user at the user's email address.
Considering the conditions from the previous Web browsing example, with 3 AMPs denoted A, B, and C, and the real user real@address.ca and the pseudonym mynym@freedom.net,
we get the following:
1.Mail (denoted M) arrives to the Freedom nymserver addressed for mynym@freedom.net. The reply block for mynym (denoted BC) is found within a table. The nymserver can be
considered as being AMP-C.
2.The reply block is decrypted using the nymserver's private key.
3.AMP-C finds itself in possession of the details for the next destination (AMP-C), and a symmetric key, denoted KC. AMP-C encrypts the message with KC (i.e., EKC(M)), and
sends what remains of the reply block, being BB to AMP-B.
4.AMP-B receives the message and the block. AMP-B decrypts the block and finds the next destination details (AMP-A) and a symmetric key, denoted KB. AMP-C performs
EKB(EKC(M)) and sends the message and the remainder of the block, being BA to AMP-A.
5.AMP-A receives the message and the block. AMP-A decrypts the block and finds real@address.ca and a symmetric key, denoted KA; the block is now empty. AMP-A performs
EKA(EKB(EKC(M))) and sends the message to real@address.ca .
6.The user (real@address.ca) receives the message, and performs the necessary decryption and finds itself in possession of the original message M.
Through this process, the digital identity's integrity remains intact, the AMPs in the route are not aware of the message's content, and the mail is received.
Outgoing Email
Using Anonymous Mail Transport Protocol (AMTP), the Freedom client software deposits outgoing mail into a reordering pool at the Freedom Mail Gateway. Currently, there is only one
such pool operated by ZKS. Additional pools are expected in the future.
The digital identity's digital signature is applied to the original message at the client (prior to its multiple encryption), and its integrity is verified by the nymserver before the message is
sent.
The digital identity is not known to any of the AMPs, with the exception of the nymserver. The integrity of the pseudonym is maintained, and the confidentiality of the message headers
is maintained until the Freedom Mail Gateway. Since the digital identity's digital signature is used, the integrity of the message and the sender can be verified prior to its release, thus
ensuring against any impersonation of the digital identity.
Wormhole
The Wormhole is the interface between the anonymous network cloud and Internet hosts accessed by the end user. When a new ACI is presented to the wormhole, the wormhole
assigns a new port for it to pass TCP/UDP traffic. The wormhole, however, does not monitor the state of the TCP connection÷the AIP will notify the wormhole that a route has been
destroyed, so the wormhole can release the port-to-ACI map. The wormhole only responds to address requests for its own IP address. Any remaining relevant personal information is
stripped, and the packet goes into the real world of the Internet.
Traffic Shaper
The Traffic Shaper fulfills a dual role as both Internet bandwidth throttle and link padding envelope shaper.
Bandwidth Throttle
Most Freedom Server operators will not be able to dedicate their entire upstream connectivity bandwidth to Freedom. The Bandwidth Throttle settings determine the maximum bandwidth
that will be allocated by the Freedom Server to anonymous Internet connections.
Link Padding Envelope Shaper
Inter-AIP link padding is required to prevent traffic analysis of data passing over AICs. However, the outer bandwidth envelope does not have to continually be operated at the maximum
bandwidth allowed by the Bandwidth Throttle. As long as the outer envelope modulation is kept independent of the data flowing through the link, information leakage will not occur. To
minimize bandwidth costs, the Link Padding Envelope Shaper modulates the outer link envelope as determined by a formula that takes into account historical usage patterns and traffic
flows.
Freedom Client Software
The Freedom Client application runs on the user's computer and acts as a Local Anonymous Internet Proxy (LAIP). The Freedom client provides support and acts as proxy for various
Internet protocols, including
DNS
HTTP
HTTPS
SMTP
POP3
Telnet
SSH
IRC (DCC not supported)
USENET (via a web interface)
The client is, conceptually, an input funnel that anonymizes all Internet traffic before it leaves the client system to the Freedom network. Freedom avoids the trouble of managing the mail
or browsing clients, since it operates at the Winsock, session, and network levels. Freedom monitors outgoing streams and warns the user if it detects the presence of any personal
information. The user then chooses to remove the information or release the message as is.
The Freedom client also acts as a personal data manager. The release of personal data is contextual, based on the source and the active digital identity. A typical example of controlled
information release is when a user wishes to access a mandatory-registration site, but does want to reveal personal information. Using Freedom, the user creates a digital identity to
access the site; a cookie is then created using this user's pseudonymous profile. Whenever the user returns to that site, the same information is read from the cookie, granting the user
access without accidentally revealing sensitive information. The user decides what personal information is divulged and whether it is false or accurate, while the Freedom client's task is
to ensure that this process remains consistent.
Freedom Mail Gateway
The Freedom Client sends all outgoing email to the Freedom Mail Gateway using AMTP. The Freedom Mail Gateway keeps a reordering pool in which emails are kept for a random period
of time before being put into the outgoing message queue. Conversely, incoming email is stored in the reordering pool before being delivered through the AMP chains specified by the
user's reply blocks.
Freedom Network Information Database
The Freedom Network Information Database (NIDB), stores the topological maps of the Freedom network, link performance statistics, and node status information.
Freedom Keyserver
The Freedom Keyserver offers a publicly accessible database containing the public keys of each Freedom Node and of all Freedom identities. Zero Knowledge Systems does not store
and at no time has access to the corresponding private keys of the independent Freedom Server operators or Freedom users. The private keys are generated on and never leave the
individual Freedom Server or the Freedom client software.
Comparison with other proposed Internet Privacy Systems
Mixmaster
Mixmaster is an existing freeware email-only remailer.
Freedom
Mixmaster
Perfect forward secrecy.
Future compromise of the remailer key allows
attacker to decrypt all past traffic
Does not know previous mail hop. Remailer chain
can not be backtracked.
Does know previous mail hop. A legal attacker
may be able to travel up the chain, leading to the
discovery of the email's sender.
Both link and application level anonymizing.
Application level only anonymizing
Onion Routers
Onion Routers are an application proxy based TCP anonymizer proposed by the US Naval Research Laboratory.
Freedom
Onion Routers
Anonymous network payload is IP level. Any
protocol on top of IP can be supported.
Based on application level proxies. Each additional
application requires an additional proxy.
Utilizes end-to-end TCP congestion control
TCP link level encryption causes unnecessary
packet retransmission.
Traffic is encrypted before leaving the client
Traffic in the clear before reaching first node
Bibliography
Ross Anderson, "The Eternity Service", PRAGOCRYPT 96.
ftp://ftp.cl.cam.ac.uk/users/rja14/eternity.ps.Z
Andre Bacard, "Anonymous Remailer FAQ", 1996.
http://www.well.com/user/abacard/remail.html
Douglas Barnes, "The Coming Jurisdictional Swamp of Global Internetworking
(Or, How I Learned to Stop Worrying and Love Anonymity)",
unpublished manuscript, 16 Nov 1994.
http://www.communities.com/paper/swamp.html
David Chaum, "Untraceable Electronic Mail, Return addresses, and
Digital Pseudonyms", Communications of the ACM, February 1981, vol. 24 no. 2.
http://www.eskimo.com/~weidai/mix-net.txt
Lance Cotrell, "Mixmaster & Remailer Attacks", 1995.
http://www.obscura.com/~loki/remailer/remailer-essay.html
Ray Cromwell, "Welcome to the Decense Project", 1996.
http://www.clark.net/pub/rjc/decense.html
Wei Dai, "PipeNet 1.1", 1998.
http://www.eskimo.com/~weidai/pipenet.txt
Arnoud Engelfriet, "Anonymity and Privacy on the Internet", 19 Dec 1996.
http://www.stack.nl/~galactus/remailers/index.html
Ian Goldberg, David Wagner, and Eric A. Brewer,
"Privacy-enhancing technologies for the Internet",
IEEE COMPCON '97, February 1997.
http://www.cs.berkeley.edu/~daw/privacy-compcon97-www/privacy-html.html
Ian Goldberg and David Wagner,
"TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the
World Wide Web",
Published in the First Monday electronic journal, vol 3 no 4.
http://www.firstmonday.dk/issues/issue3_4/goldberg/index.html
C. Gulcu and G. Tsudik, "Mixing E-mail with Babel",
Proc. Symp. Network and Distributed System Security, 1996, pp. 2-16.
Andreas Pfitzmann and Michael Waidner,
"Networks without user observability--design options",
EUROCRYPT 85, LNCS 219, Springer-Verlag, pp. 245-253.
Paul Syverson, David Goldschlag, Michael Reed, "Onion Routing,"
http://www.onion-router.net/Publications.html
Glossary
ACI: Anonymous Connection ID
AIP: Anonymous Internet Proxy
AMP: Anonymous Mail Proxy
AMTP: Anonymous Mail Transfer Protocol
ATCP: Anonymous TCP
LAIP: Local Anonymous Internet Proxy
NIDB: Network Information Database
Trademark Notices
Freedom and the Freedom logo are trademarks of Zero-Knowledge Systems Inc.
All other products and company names mentioned herein are the trademarks of their respective owners.
© 1998 Zero Knowledge Systems http://www.zeroknowledge.com
@HWA
08.0 Mitnick's accomplice pleads guilty
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mitnick's hacker accomplice pleads guilty
By Dan Goodin
Staff Writer, CNET News.com
April 26, 1999, 2:05 p.m. PT
URL: http://www.news.com/News/Item/0,4,35656,00.html
Lewis DePayne, the accomplice to notorious hacker Kevin Mitnick, today pleaded guilty to one count of wire
fraud for his role in a series of computer break-ins that took place over a three-year period, the U.S.
Attorney's office in Los Angeles said.
DePayne, 29, admitted that he took part in a plan to obtain sensitive software from cellular telephone maker
Nokia by posing as a company employee. The count was 1 of 14 brought against him in a 1996 criminal complaint.
DePayne entered his plea in federal court in Los Angeles before Judge Mariana Pfaelzer. Last month
Mitnick pleaded guilty to 5 of 25 counts in the same court.
DePayne's attorney was not immediately available for comment.
DePayne is scheduled to be sentenced July 12. Under a plea agreement, U.S. attorneys will recommend that DePayne
eceive six months' detention, five years of probation, and up to $3,000 in fines, said assistant U.S. attorney
Chris Painter. He also will have to tell investigators and the companies he is accused of defrauding exactly how
he and Mitnick were able to penetrate security systems. DePayne, who lives in Northern California, has been free
on bail, Painter said.
DePayne and Mitnick are known for their ability to hack computer systems and to "social engineer" employees
responsible for security at high-tech companies. When Mitnick was trying use cell phones to break in to computer
systems, he called Nokia posing as an employee and asked that software be sent to him. When that didn't work,
DePayne posed as the fictitious employee's supervisor. Suspecting the requests were a hoax, Nokia recorded the
call and provided investigators with tapes.
Mitnick's exploits made national headlines after his capture was reported in The New York Times and later in
the book Takedown. Mitnick, 39, is accused of breaking in to numerous computer networks, accessing thousands of
credit card numbers, and stealing software between 1992 and 1995.
U.S. attorneys fighting high-tech crime appear to be on a roll. Two weeks ago, investigators tracked down the man
they say posted a bogus Bloomberg story that caused a publicly traded company's stock to surge more than 30 points.
Last week they identified the suspect in a case in which anonymous email that threatened the lives of court
officials was posted on the Internet.
"Our offices and other offices around the country will be investigating when people cause damage to companies,
infrastructure, and proprietary data," said Painter. "These companies ought to have protection."
@HWA
09.0 Biometric Databases?
~~~~~~~~~~~~~~~~~~~~
http://www.wired.com/news/news/politics/story/19338.html
http://www.wired.com/news/print_version/politics/story/19338.html?wnpg=all
DNA Databases Go Too Far
by Declan McCullagh
2:15 p.m. 26.Apr.99.PDT
WASHINGTON -- If Representative Ron Paul has his way, federal agencies will not be able to assemble biometric
profiles of Americans.
The Texas Republican wants to prohibit massive government databases of DNA samples, photographs, and retinal
scans.
"It seems like everywhere you turn there's another government attempt to accumulate more information about us.
This bill will be designed to stop those moves that use government money to set up data banks with DNA and
other identifiers, such as pictures of the retina," Paul said in an interview.
Aides to Paul, who has emerged as a prominent privacy advocate in Congress, drew up the sweeping new bill after
a public outcry arose over federal tax dollars being used to build a national database of driver-license photographs.
The US Secret Service paid Image Data LLC US$1.5 million to develop the database, which has become the target of at l
east two lawsuits since the agency's role became public.
"The fact that this was started with a grant from the Secret Service shows they're moving in that direction," Paul
said. "This whole process smells bad to me, and I thought I'd call attention to it among my colleagues by introducing
this bill."
An early draft of the proposed Privacy Protection Act would prevent the use of Secret Service funds -- or any tax
dollars, for that matter -- to create any database containing biometric information about Americans.
The federal government has recently begun to record more biometric information about Americans. Biometric technology
allows the automatic recognition of a person based on physical characteristics. The Army issues recruits at Fort Still,
Oklahoma stored value cards that require the correct fingerprint to use. The Immigration and Naturalization Service uses
voice-identification technologies at some airports.
The FBI is busy scanning paper fingerprint cards to create digital images and is feeding them into the National Crime
Information Center computer, which the government says receives more than 2 million queries a day. The NCIC database
is already overflowing with information about 32 million Americans, and Attorney General Janet Reno wants to add DNA
samples taken from anyone arrested. A preliminary version of the bill, which Paul hopes to introduce by the end of
the week, would approve databases created by the Social Security Administration, the IRS, the Census Bureau, and the
Department of Veterans Affairs. And prohibition would not apply to the "collection and use of names and Social Security
numbers by the Social Security Administration and the Internal Revenue Service for functions directly related to the
collection of revenue and the administration of the Social Security program."
Paul's staff said that the final version of the proposal would limit the expansion of existing databases.
"The creation of national databases has gone out of control over the last 10 years," said David Banisar, a lawyer at
the Electronic Privacy Information Center. They're "frequently at the instigation of Congress, which has created them
in the name of fighting immigration or welfare fraud or any number of issues. This often happens in secret, with no
public accountability or privacy protections."
Banisar added, "It's a very positive step that Congress is starting to recognize, after all this time, the dangers of
these databases."
But some experts say that the draft may go too far. "It could be too broad. I do think the federal government has a
legitimate role in dealing with interstate cooperation in terms of crime. It seems reasonable to me that the federal
government could fund an interstate crime database project...What about a hospital using federal grant funds to come
up with a database containing medical records about its patients?" asks Eugene Volokh, a law professor at the
University of California at Los Angeles.
Paul also has introduced legislation that would protect financial privacy by getting rid of the so-called Know Your
Customer plan proposed -- and since abandoned -- by banking regulators.
@HWA
10.0 In the wake of CIH...
~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
CIH, Killer or Dud?
contributed by Anonymous
The media frenzy continues although at this point it is hard to tell if CIH was a major infestation or mostly
media Hype. Some reports are claiming ridiculous amounts of damage while others say there was almost
no damage.
Singapore checks in with 150 reported incidents.
Channel New Asia
http://www.channelnewsasia.com/articles/1999/4/26/news1040.htm
ZDNet
http://www.zdnet.com/zdnn/filters/bursts/0,3422,2247380,00.html
South Korea had an estimated 15% or 1 million systems
hit costing the country up to 300 billion won (US$253.86
million) in related repair costs.
A ndover News
http://www.andovernews.com/cgi-bin/news_story.pl?155551/topstories
CIH hits 12 of 60 brokerage houses in Malaysia. The infections did not hinder the performance of Malaysia's
benchmark stock index.
International Herald Tribune
http://www.iht.com/IHT/TODAY/TUE/FIN/wirus.2.html
Many government offices wiped out in Turkey. Private banks, police departments, an army school, state TRT
television, Title Deeds and Land Survey office and state-owned Kalkinma Bank where some of the places
hit.
CNN
http://customnews.cnn.com/cnews/pna.show_story?p_art_id=3663070&p_section_name=On+Target&p_art_type=1460518
Most damage relegated to Asia and Europe. Data Fellows reports damage in Hong Kong, Singapore, India,
Finland, New Zealand, Britain, Sweden, Japan, and Malta.
C|Net
http://www.news.com/News/Item/0,4,0-35632,00.html?st.ne.fd.mdh.ni
CIH hits Boston College hard, students lose a semesters worth of work. MSNBC says that while there where
pockets of infections most people where unaffected.
MSNBC
http://www.msnbc.com/news/262104.asp
Austrailia says 'No Meltdown"
Australian Broadcasting Corporation
http://www.abc.net.au/news/newslink/weekly/newsnat-27apr1999-42.htm
While no where near as widespread as Melissa, CIH was much more deadly.
Nando Times http://www.techserver.com/story/body/0,1634,42451-68484-495994-0,00.html
PC World http://www.pcworld.com/pcwtoday/article/0,1510,10717,00.html
Wired http://www.wired.com/news/news/technology/story/19334.html
CIH turned out to be no big deal with minimal damage.
Detroit Free Press http://www.freep.com/tech/qvirus27.htm
The Akron Beacon Journal http://www.ohio.com/bj/business/docs/026278.htm
10.1 CIH 1.2 Virus Hits Few
~~~~~~~~~~~~~~~~~~~~~~
Only a small number of PCs get blasted by the
"Chernobyl" virus.
by Reuters
April 27, 1999, 4:32 a.m. PT
The CIH 1.2 ("Chernobyl") virus hit computers around
the world on Monday, wiping out data on hard drives
and even causing some PCs to fail when starting up,
computer experts said.
Although the virus hit only a tiny fraction of the number
of machines affected by the recent Melissa virus, the
new bug's bite was much more deadly for an
unfortunate few.
"I've talked to people who, literally, were crying on the
telephone--a woman whose poetry book was almost
done and was completely lost, a man whose doctoral
dissertation was lost. They were devastated," said
Mikko Hermanni Hypponen, of computer security firm
Data Fellows in Helsinki.
The worst damage appeared to be taking place in Asia
and parts of Europe, where antivirus protection is less
prevalent, and with pirated software, which is often filled
with bugs.
Data Fellows reported damage in Hong Kong,
Singapore, India, Finland, New Zealand, Britain,
Sweden, Japan and Malta, with hundreds of machines
already being hit even before the United States opened
for business. The bulk of the computers affected were
in Asia, Data Fellows said.
A Handful Hit
Carnegie Mellon University's Computer Emergency Response Team said it knew of only a few dozen
computers hit by the virus. "It really hasn't been that bad," said a CERT case worker.
But the Chernobyl virus's limited impact did little to console those who were infected. DataFellows'
Hypponen said that the cost of repairs could run into the millions of dollars. "Unlike Melissa, this is causing
real problems and serious loss of data for some people," he said.
CERT said that data "may be unrecoverable" if the virus hits, and software needs to be reinstalled from the
ground up to make computers work again, a task beyond the expertise of most home computer users.
"I just turned on the doggone thing and the screen was almost totally black--it said 'os load in progress' and
then it said 'insert bootable media in appropriate drive,' said one person hit by the virus, Christina Asksomitas
of Palm Beach Country, Florida. "We tried to reboot it but nothing works."
The virus struck the campus of Boston College in Chestnut Hill, Massachusetts, shortly after midnight on
Monday, wiping out the hard drives of about 100 students, many of whom were preparing term papers,
school spokesperson Jack Dunn said.
Virus Hits Monthly
Computer experts said users could avoid the virus by not booting up their computers Monday, or resetting
the date, since the virus is activated when computer utility systems hit the twenty-sixth of each month.
While the virus has been hitting on the twenty-sixth day of each month since last year, this month's version was
expected to be the most prevalent and dangerous. The April CIH virus is called the Chernobyl virus because it's
timed to go off on the anniversary of the Soviet nuclear accident, one of technology's worst disasters.
Up-to-date antivirus software will spot the virus, and many corporate computers have recently upgraded
their protection because of the Melissa scare.
Copyright © 1999 Reuters Limited
@HWA
11.0 Lockdown2000 review by BHZ
~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNS http://www.net-security.org/
INTRO
We live on the edge of this millennium. Computers are become to people
what TV sets were before few decades. Main things that we want on
the Internet is privacy and security. Security is always tested
with some new bugs, flaws and vulnerabilities. So we must be always
secured. Most of the Windows95 users, are targeted by some trojans.
DEFINITION OF TROJAN
Trojans could be defined on this ways:
An unauthorized program contained within a legitimate program. This
unauthorized program performs functions unknown (and probably unwanted)
by the user.
A legitimate program that has been altered by the placement of
unauthorized code within it; this code performs functions unknown (and
probably unwanted) by the user.
Any program that appears to perform a desirable and necessary function
but that (because of unauthorized code within it that is unknown to
the user) performs functions unknown (and probably unwanted) by the
user.
LOCKDOWN2000
There are many solutions for securing yourself from trojans. From
monitoring your registry to some commercial and non commercial programs.
I think that best program I have used in trojan detection is
Lockdown2000.
The main thing in good anti-trojan cleaners is that they can be
upgradeable. The staff behind Lockdown2000 is always on alert, so
you can download newest trojan definitions from their website.
Lockdown2000 sits in your system tray and it scans your computer
in time interval that you enter. It has two modes - Scan for unknown
trojans and Background scan for trojans. Ok so this is a lifesaver
option. It monitors your registry and some system files for new
entries. When some change is made, you are being automatically alerted,
and now you can acknowledge that this string or file will be deleted
or not. It helped me when I was downloading and checking some files
from a trusted host, and in one moment something beeped and
Lockdown2000 window opened. It detected a file which tried to add
its string to the start directories in registry. I prompted that I
don't want to keep this file, and it was immediately deleted. I
later looked more into that file, and it was modified version of
Back Orifice. I deactivated Lockdown2000 and installed that trojan
(LM BO.LEENTech), and scanned my computer with some other trojan
cleaners, and it wasn't found. So trojan cleaner and registry monitor
in one program is winning combination. This current trojan signature
file has 88 trojan definitions in it. So my opinion is that this is
very impressive number.
Lockdown2000 has even more quality functions:
Port sniffer
It listens some ports on your computer, which are used to be connected
on with trojan client program.
TraceRoute
Ok so someone pinged (sent you tcp packets and waits for reply if
port is open) you on some trojan-used port. Lockdown2000 gives you
his IP address. Now with TraceRoute you can trace the "attacker",
to his Internet Service Provider, and you can report him to admins
WhoIs
Very useful because you don't have to connect Internic (or some other
domain seller - yes Internic lost monopoly on it), because you can
do it from program who is always close to you - in your system tray.
File Sharing
File and Print sharing was very popular intrusion method some months
ago when it was reported by Rhino9, and Legion software (scans for
"open" computers) was produced. If you have some disk partitions
which must be opened to just a group of people, you just use
Lockdown2000 and put a password on the share.
LOCKDOWN2000 INFO
Program name: Lockdown2000 v.2.5.4
Website : http://www.lockdown2000.com
Tech support : support@lockdown2000.com
BHZ
bhz@net-security.org
http://net-security.org
@HWA
12.0 ICQ99 Vulnerabilities and Exploits
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Sun, 25 Apr 1999 22:46:02 +0400
From: delta
To: BUGTRAQ@netspace.org
Subject: ICQ 99 Password
Hi! I find that icq 99 stored password in open text in file
ICQ\NewDB\uin#.dat
try open it with note pad , hit search and enter your password .
Password always placed in the end of line "iUserSound"
Thanx!
----------------------------------------------------------------------------
Date: Mon, 5 Apr 1999 23:50:56 +0200
From: Jan Vogelgesang
To: BUGTRAQ@netspace.org
Subject: security hole in ICQ-Webserver
Hi,
Some days ago i've read a message here in Bugtraq from Ronald A. Jarell
about a vulnerability in the ICQ-Webserver . I tried to reproduce this
vulnerability with my computer (win95) and find out the following:
-sending any non-http stuff or even a simple "get" (without any other
characters however) crashes the ICQ-Client. This works with ICQ99a V2.13
Build 1700, but not with Build 1547.
Moreover, there is a much bigger hole in the ICQ-Webserver: If you have
the webserver enabled, everyone can access your complete(!) harddisk
with a simple webbrowser. When your page is activated and you are online,
each request to "http://members.icq.com/