[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 27 Volume 1 1999 July 31st 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== New mirror site, Stefan did a *very* nice job on this check it out, http://www.alldas.de/hwaidx1.htm HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.alldas.de/hwaidx1.htm ** NEW ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #27 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #27 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. l0pht releases AntiSniff - Press release......................... 04.0 .. Pixar to remake TRON?............................................ 05.0 .. Meet the fed (zdtv:Defcon)....................................... 06.0 .. Poulsen at DefCon................................................ 07.0 .. Y2K Situation in Europe.......................................... 08.0 .. Applied Maximum Internet Security................................ 09.0 .. HPSBUX9907-100 CDE Leaves Current Directory in root PATH......... 10.0 .. Tiger vulnerability.............................................. 11.0 .. Tattooman (Ken Williams) climbs back in the ring................. 12.0 .. UPDATE ON THE PACKET STORM WEB SITE SITUATION.................... 13.0 .. Piracy is Big Business for Some ................................. 14.0 .. Mitnick sentencing postponed again............................... 15.0 .. Military Reserves to be Used for Cyber Defense .................. 16.0 .. Kodak's new PROM copy-killer?.................................... 17.0 .. Sandstorm Releases New Version of Phone Sweep ................... 18.0 .. Major FUD - US Under Attack by Russians.......................... 19.0 .. BO2K and SMS, Which One is Evil? ................................ 20.0 .. The Last True Hacker ............................................ 21.0 .. One Russian ISP Standing Up to FSB .............................. 22.0 .. Gameboy steals cars, makes free fone calls....................... 23.0 .. Mitnick Retains High Profile Lawyer For State Case .............. 24.0 .. Back Orifice for Macintosh? ..................................... 25.0 .. AOL Criminals Busted ............................................ 26.0 .. Press Does Not Know What to Say About BO2K ...................... 27.0 .. UCITA Moves Forward - Will Remove Vendor Liability............... 28.0 .. NSC Proposes FidNet - Infrastructure Protection or Surveillance Tool? 29.0 .. Local Cops Funded by IT Industry ................................ 30.0 .. Two Arrested for Corporate Espionage ............................ 31.0 .. Virus Infestations On the Rise .................................. 32.0 .. Granny Hacker from Heck visits Def Con parts 1 to 3.............. 33.0 .. FidNet Causing Massive Confusion ................................ 34.0 .. Lawmakers Want Drug Info Off the Net ............................ 35.0 .. Reno Wants Inet Crypto Banned ................................... 36.0 .. CCC Camp Happens Next Weekend ................................... 37.0 .. Computer Criminal Busted in UK .................................. 38.0 .. Researching an attack (KeyRoot) by Mnemonic....................... 39.0 .. Win98 Security Issues A KeyRoot/gH Advisory by Mnemonic........... 40.0 .. WLDoTrans.asp allows CC retrieval A gH Advisory by Mnemonic....... 41.0 .. bad CGI scripts allow web access A gH Advisory by Mnemonic........ 42.0 .. Can my firewall protect me? by Mnemonic........................... 43.0 .. How company specific programs can be used against the company by Mnemonic 44.0 .. Exploiting the netware bindery by Mnemonic........................ 45.0 .. Tax Break for Key Escrow Crypto .................................. 46.0 .. NSA Claims Israel Attacking US ................................... 47.0 .. Jail Time for Users of Crypto .................................... 48.0 .. Office97 Users Ripe for the Picking .............................. 49.0 .. China Sends Pirate to Jail ....................................... 50.0 .. MITNICK: FEDERAL GOVERNMENT MANIPULATED THE FACTS................. 51.0 .. ISPS ACCUSE CHINA OF INFOWAR...................................... 52.0 .. PETERSEN INTERVIEW: TRADING CYBERCRIME FOR CYBERPORN.............. 53.0 .. GHOSTS IN THE MACHINE............................................. 54.0 .. DATABASE PROTECTIONS OK-D......................................... 55.0 .. YET ANOTHER SITE SPITTING OUT PERSONAL INFO....................... 56.0 .. CALIFORNIA ADOPTS DIGITAL SIGNATURE LAW........................... 57.0 .. NEW AMMO AGAINST VIRUSES.......................................... 58.0 .. DOE SECRETARY ORDERS SECURITY BREAK............................... 59.0 .. EU MEMBERS NOT FOLLOWING DATA-PROTECTION RULES.................... 60.0 .. EXPERTS WARN ABOUT NEW Y2K-THREAT................................. 61.0 .. WILL YOUR CABLE MODEM CENSOR THE WEB?............................. 62.0 .. UNMASKING ANONYMOUS POSTERS....................................... 63.0 .. AOL Y2KFIX: A HOAX DISGUISED AS A HOAX?........................... 64.0 .. NO FBI SURVEILLANCE AFTER CRITICISMS.............................. 65.0 .. FEDS CRACK DOWN ON Y2K FRAUD...................................... 66.0 .. RED HAT DELIVERS LINUX E-COMMERCE SERVER.......................... 67.0 .. HACKING IN 1999 .................................................. 68.0 .. Y2k crash test for Windows and DOS................................ 69.0 .. CASSANDRA GOLD.................................................... 70.0 .. BELL CANADA Y2k TEST.............................................. 71.0 .. [RHSA-1999:025-01] Potential misuse of squid cachemgr.cgi ........ 72.0 .. [RHSA-1999:022-03] New Samba pacakges available (updated)......... 73.0 .. CERT® Advisory CA-99-10 Insecure Default Configuration on RaQ2 Servers 74.0 .. MS Security Bulletin: Patch Available for "Malformed Dialer Entry" Vulnerability 75.0 .. Senate asks for input into information infrastructure protection plan 76.0 .. FBI: beware outside Y2K workers................................... 77.0 .. HPSBUX9907-101 Security Vulnerability Software Distributor (SD)... 78.0 .. NSA spying on Americans? (who ya kidding??? of COURSE they are)... 79.0 .. AOL messaging policy might risk cable deals ...................... 80.0 .. Study calls for reserve virtual IT warfare unit................... 81.0 .. CERT IN-99-04: Similar Attacks Using Various RPC Services......... =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: Aug19th-22nd Niagara Falls... ................. Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ News/Humour site+ ................http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ Link http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 Link http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack Link http://www.ottawacitizen.com/business/ Link http://search.yahoo.com.sg/search/news_sg?p=hack Link http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack Link http://www.zdnet.com/zdtv/cybercrime/ Link http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) Link NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm Link http://freespeech.org/eua/ Electronic Underground Affiliation Link http://ech0.cjb.net ech0 Security Link http://axon.jccc.net/hir/ Hackers Information Report Link http://net-security.org Net Security Link http://www.403-security.org Daily news and security related site Link Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black eentity ...( '' '' ): Currently active/IRC+ man in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Ken Williams/tattooman of PacketStorm, hang in there Ken...:( & Kevin Mitnick (watch yer back) kewl sites: + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ ******* DOWN ********* SEE AA.A + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ AGENT STEAL INTERVIEW Justin Petersen tells CNN he now plans to begin a new life online, free of crime, with an adult Web site. The interview airs on CNN Sunday and Monday at 8 p.m. ET and 10 p.m. PT. ++ INFOWARCON'99 by BHZ, Saturday 24th July 1999 on 10:26 pm CET Infowar (www.infowar.com) announced this year's security gathering - InfowarCon '99. It will be held in Washington from September 8th - 9th and: "Designed for corporations, infrastructure firms, and finance, military, intelligence and law enforcement organizations, InfowarCon '99 provides proven tactics for defending the enterprise and infrastructures". Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * Nothing much to say, I have a summer cold, (gak!) here's * issue #27... start reading. :) * * hwa@press.usmc.net * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. 03.0 l0pht releases AntiSniff - Press release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For Immediate Release L0pht Heavy Industries Releases a Public Beta of Its Revolutionary New AntiSniff Network Security Software Boston, MA - July 22, 1999 - L0pht Heavy Industries, a world renowned computer security think tank, today announced the public beta release of its AntiSniff network security software, which can detect attackers surreptitiously monitoring a computer network. "AntiSniff is a whole new breed of network security tool, designed to detect the attack patterns used in compromising a computer network, instead of merely being reactive to already known vulnerabilities.", said Dr. Mudge, Chief Scientist at L0pht Heavy Industries. AntiSniff, which operates on both Windows NT and UNIX operating systems, will detect remote computers that are packet sniffing, that is, monitoring all network communications. In a recent survey, three-quarters of U.S. corporations, government agencies, financial institutions and universities reported suffering financial losses due to computer security breaches. Some of these attacks have become quite famous, such as the successfull attacks against the Senate & FBI webservers. Other attacks, however, don't get any media attention, and are far worse than the defacement of a web site. These attacks involve the invasion of government and corporate secrets, and personal privacy. Many of these attacks rely on packet sniffing to penetrate deep into a computer network. Network communication can be likened to large group of people standing together in a room and talking. When people talk to each other, others nearby have the ability to listen in. When computers communicate over networks, they normally only listen to communications destined to themselves. However, they also have the ability to enter promiscous mode, which allows them to listen to communications that are destined to other computers. When an attacker successfully compromises a computer, they install what is known as a packet sniffer, a tool that puts the computer into promiscuous mode, thus allowing them to monitor and record all network communications. The private information they gather, such as account names, passwords, credit cards, and even e-mail, is then used to compromise other computers. This is how, from one weak computer in a computer network, many computers, and the information they contain can be compromised. Until now, it has been impossible for network administrators to remotely detect if computers were listening in on all network communications. L0pht Heavy Industries' AntiSniff stops all this, by giving network administrators and information security professionals the ability to remotely detect computers that are packet sniffing, regardless of the operating system. Dr. Mudge explains, "AntiSniff works by running a number of non-intrusive tests, in a variety of fashions, which can determine whether or not a remote computer is listening in on all network communications. Now it is impossible for an attacker who is sniffing to hide." Current network security tools, such as network scanners, work by probing machines for software that contains bugs or software that's misconfigured. Intrusion Detection Systems (IDS), work by finding malicious signatures in network traffic. AntiSniff, on the other hand, is the first of it's kind. It remotely detects the passive act of eavesdropping on network communications. It will even detect packet sniffers installed by a rogue insider who may have legitimate administrative access to a machine, but still should not be monitoring all network traffic. The AntiSniff public beta is released for Windows NT, complete with a fully featured graphical interface, report generating tools, and alarm system. It is designed so that it can be used to quickly scan a network or scan continuously, triggering alarms when a "packet sniffing" machine is detected. The beta version has been made available free to all who would like to try it out. L0pht hopes to have the commercial release ready within a few weeks. Retail and site license pricing have not yet been determined. To further the research of the security community as a whole, as they have in previous products, L0pht will be releasing AntiSniff as a UNIX command-line tool, complete with full source code. For more information please contact AntiSniff@l0pht.com. The free beta download and full documentation are available at http://www.l0pht.com/antisniff/. About L0pht Heavy Industries L0pht Heavy Industries is a world renowned computer security think tank. Founded in 1992 as a computer research facility, the L0pht has grown into a leader in the field of computer security software. The L0pht's products include L0phtCrack, the industry standard NT password auditing tool. As a result of their innovative security research, the L0pht has released dozens of computer security advisories to the Internet community, warning of dangerous vulnerabilities in today's most widely used software. Many at the L0pht are considered top experts in the computer security field and have appeared on numerous network news programs and documentaries, as well as having testified about government computer security for the U.S. Senate. Visit the L0pht's web site at http://www.l0pht.com. All trademarks and registered trademarks are the property of their respective holders. @HWA 04.0 Pixar to remake TRON? ~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- Pixar Studios to remake Disney's Tron? By Richard Barry, ZDNet (UK) July 23, 1999 4:13 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2301037,00.html?chkpt=hpqs014 It set the scene for a generation of hi-tech sci-fi movies and, arguably, inspired some of the best films of the genre. Tron, the legendary Disney movie loved by the thirty-something generation, is rumored to be in the re-make room with some very serious backers, including Steve Jobs. Jobs, on stage this week with the iBook, also has another day job, running Pixar Animation Studios (Nasdaq:PIXR), maker of "Toy Story" and "A Bug's Life." According to one source, Pixar may be working on a remake of the classic '80s sci-fi film. The source, who asked not to be identified, said Pixar is trying to decide whether to remake the original or create a sequel. It will begin work on the project once Toy Story II hits the theaters November 24. John Lasseter, Toy Story's director, will head the production. Lending fuel to the rumor, Lasseter has gone on record crediting Tron as the driving inspiration behind Toy Story. He saw the film while working as an animator on Mickey's Christmas Carol and had two best friends on the production team. "It [Tron] was the future. It was the potential I saw in computer animation," Lasseter said. A spokesperson for Pixar in Richmond, Calif., said she was not aware of any Tron projects, but if it were to happen, it would likely be led by Disney. Disney owns 50 percent of Pixar. The company did not return calls by press time. @HWA 05.0 Meet the fed (zdtv:Defcon) ~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.zdnet.com/zdtv/cybercrime/features/story/0,3700,2293749,00.html Phil Loranger, division chief for information assurance with the US Army, speaks out about Def Con Phil Loranger, the division chief for information assurance with the US Army, was interviewed by CyberCrime analyst Alex Wellen while at Def Con. Here are excerpts. Why come to Def Con? "This is an important conference to anybody [who] attends. It is a conference in which there is a lot of valuable and technical information exchanged. "There is an opportunity to meet some of the folks on the dark side, if you will, to see some of their thinking. "We've done this [for the] first time this year to put [on] a federal panel and get [a] frank and honest exchange. ... To get some feelings from what the industry considers to be some of the most elite people in the dark side of computer security, if you will. "We were invited to do a presentation and to participate in a panel." Do you use hackers to check out your systems, to verify your vulnerablities? "Hackers, by their very definition, are law breakers and criminals, and I don't see why they should be rewarded, especially using taxpayer dollars. "We have very talented people who have never broken the law and have struggled very hard through [their] academic years; and those are the folks we want to bring onto the payroll. "This is not to say that the people we are addressing here today at this conference are criminals. We are talking here in broad strokes saying that if you break into a system you're a criminal." How have you been received by attendees? "I have been experiencing a very cordial interchange among the people we've met. Meet the [Fed] panel was a less regulated environment, if you will. I think that it was not as rowdy as I had imagined, and I was pleased about that. "Isn't it wonderful that we're able to have conferences like this under our form of government that says it's OK to not agree with the people on the platform?" Will you return to Def Con next year? "I see us reacting to invitations to these if there are more, absolutely. "Where else can you come and have a member of the White House National Security Counsel, a member of the Office of the Secretary of Defense for Investigation, and a member of the military department stand there and interface with what I guess is considered ... we're considered to be their targets and so forth." @HWA 06.0 Poulsen at DefCon ~~~~~~~~~~~~~~~~~ My First Def Con On finding decadence and dialogue in the desert By Kevin Poulsen July 14, 1999 I'm wandering through the hall outside the main conference room at the Alexis Park Hotel, stepping gingerly over blue Ethernet cable while gripping a drink in one hand, a cigarette in the other. Las Vegas is a nexus of many vices, crammed into spurts of late-night binges and hangover mornings. Last weekend it became an oasis of decadence and dialogue in a desert turned to mud by a freak thunderstorm. It's the seventh annual Def Con, the computer underground convention: my first. Around me, a chaotic bazaar shows hackers of all shapes and sizes crowding around tables stacked with underground publication, T-shirts, and chunks of technology begging to be taken apart and reassembled. The younger attendees are drowning in caffeinated drinks-- primarily Jolt cola, which was apparently stocked by the hotel especially for this occasion. "How is publicly releasing a hacking tool different from giving out guns to children?" queries the voice behind the camera, aimed for a kill shot at my head. Earlier in the day, The Cult of the Dead Cow made a flashy standing-room-only presentation of Back Orifice 2000 -- a feature-packed but stealthy remote-control utility for Windows-- and it's fast becoming a symbol for the conference. I don't know how to answer a question comparing a computer program to a firearm, but when the voice rephrases, I offer my soundbite. "Secrecy only helps the bad guys." By my definition, everyone at Def Con is a good guy, except the handful of good gals. The thousands of hackers, security consultants, outlaws, and scenesters from around the world are laying bare their knowledge, and sometimes their flesh, to each other and to the roving (and steadily increasing) glass eyes of news organizations that they suspect just don't get it. Even the cops tend towards openness, good-naturedly accepting their "I Am the Fed" T-shirts when sharp-eyed hackers pick them from the crowd. The Primo Stuff The Dead Cow was the star of the show, but other highlights included the premiere of a nine-minute teaser for Freedom Downtime, 2600 editor Emmanuel Goldstein's work-in-progress about the legal travails of imprisoned hacker Kevin Mitnick. After seeing the trailer, Chaos Theory foresees Goldstein and his documentary appearing at Cannes. You heard it here first. Austin Hill, president of Zero Knowledge Systems Inc., described the workings of his company's much-anticipated Freedom Net, an elaborate system intended to cloak the online activities of privacy conscious netizens. Hill wins my Golden Aphorism award (which I just invented) for his answer to law enforcement's complaints that Internet anonymity makes their job harder: "Policing is only easy in a police state." Sessions at the conference covered public policy, tutorials on computer security and lock-picking, a plethora of technical discussions, and games, such as Hacker Jeopardy and a social engineering contest. At night, hackers raved on the conference dance floor and partied in the suites. And it's there, away from the rows of Linux boxes and laptops, and beyond the reach of the blue cables, that the excesses of the Def Con nightlife evoke a Hollywood party, circa 1985. Reclining next to the hot tub at a shindig in one of the more spacious suites-- a vice, once again, in each hand-- someone offers me a tiny Ziplock bag filled with white powder. The illusion is dispelled when I read the warning label affixed to the bag. The powder is 100 percent pure caffeine. Primo stuff at the hacker con. Editor's Note: Kevin Poulsen was a speaker at Def Con, and was on the team that won Hacker Jeopardy, which also included Jennifer Granick and Mark Lottor. @HWA 07.0 Y2K Situation in Europe ~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ by BHZ, Friday 23rd July 1999 on 1:17 pm CET German Council of Trade and Industry published results of their testing about Y2K compliance in German companies. It looks like just 45 percent of companies are properly prepared for the new millennium. According to some IT professionals, year 2000 will be a year of bankruptcies. Western European countries are prepared for Y2K, but there is always something to work around. Read the story on NY Times. July 23, 1999 Europe Rides Bumpy Computer Road to Year 2000 By EDMUND L. ANDREWS HANOVER, Germany -- Perhaps fittingly, Germany's first real scare about Year 2000 computer crashes came on a Friday the 13th. It was March 1998, and most people here were greeting warnings about Year 2000 failures with a lack of interest. It seemed like a trivial problem, a matter of making sure that computer clocks would not misread the year 2000 as 1900. Then came the test at the Hanover city power company, organized by a confident data processing manager in the spirit of public education, with local media invited to watch. At first, everything seemed fine. But within a few minutes after "midnight," the computer began spewing out thousands of error messages. Then it froze up entirely, and the monitors went blank. Hanover did not go dark. But for a few minutes, it was impossible to monitor the electric grid or to trace equipment breakdowns. It took seven months to eradicate all the problems. "I really thought it would be fine," said Juergen Rehmer, the blue-jeans-clad manager who arranged the event. "We had made a lot of changes already, and I was quite certain that a full-system test wouldn't present any great difficulty." Rehmer's test was a watershed. It disrupted a widespread complacency about Year 2000 problems, and marked the first time that a German power company had issued a warning. At the time it occurred, the German government had yet to make its first assessment of the Year 2000 problem. Surveys by insurance companies showed that the vast majority of companies had not even begun to look at their systems. "The European view is that Anglo-American countries are in kind of an hysterical mold," said Peter Eibert, the Year 2000 coordinator at Ford Motor Co. of Europe, based in Cologne. Germany and many of Europe's most advanced countries are racing to make up for lost time. Corporations are pouring billions of dollars into reprogramming computers. Government agencies have set up hot lines. Industry associations hold countless conferences, often invoking the image of ticking time bomb. They are making headway. Most experts are increasingly confident that Europe is not likely to see catastrophic failures. A Year 2000 trial involving Europe's major banks went smoothly. Airlines and airports, which recognized the danger long ago, say they are ready. Nevertheless, many smaller companies and public institutions are running out of time. In a recent survey, the German Council of Trade and Industry found that only 45 percent of companies were properly prepared. Hermes, a German insurance company in Hamburg, estimates that 60 percent of German companies still hadn't started a comprehensive program by last fall. "We believe there will be a substantially higher rate of bankruptcies in the year 2000," said Walter Schmitt-Jamin, a managing director of Hermes. A doubling of the usual bankruptcy rate, slightly less than one percent of companies each year, is entirely possible, he added. The readiness varies considerably across Western Europe. In Britain, the Netherlands and much of Scandinavia, governments and corporations jumped on the problem two years ago. In Germany and France, government and business leaders were until recently more lackadaisical. Poorer countries like Italy, Spain and Portugal are struggling. The formerly Communist nations of Central Europe and Russia are much more seriously behind. LOT, the Polish national airline, announced recently that it will ground about 70 flights on New Year's Eve out of concern about Year 2000 breakdowns. The Russian government recently reported that only one-third of the country's banks were ready. Western European countries are well prepared in comparison. But they also have more to worry about. The 15 nations of the European Union, 11 of which have now adopted the euro as a single currency, is an increasingly unified economy linked by dense information networks. There is a boom in the construction of cross-border fiber-optic networks. Power companies buy and sell electricity over electronic trading systems. Car manufacturers order from suppliers over computer networks. Yet when car manufacturers sent the worldwide suppliers detailed Year 2000 questionnaires in early 1997, most of the responses provided little in the way of useful information. That became a source of growing anxiety here in Germany over the next year. Executives at General Motors' Opel subsidiary were startled to discover that industrial robots they bought in 1997 still had Year 2000 glitches. By August 1998, Opel had decided to start sending its own Year 2000 assessors on personal visits to key suppliers. "The key was to ask questions that indicated whether the suppliers knew what they were talking about," said Roger Aze, Opel's Year 2000 coordinator. "Do you have a person in charge of Y2K? Do you have a program and a schedule?" In the last several months, Opel started sending technical experts to its most critical suppliers -- the ones whose own assembly lines are linked directly by computer network to those of Opel and that deliver on a "just in time" basis. But Aze is still bracing for things outside their control: power disruptions or problems further down the supply chains. Power remains one of the biggest concerns. "The energy industry had overslept," Rehmer said bluntly. It wasn't until July 1998 -- four months after Hanover's surprising test failure -- that the German Association of Electric Utilities advised members to "Start now!" on Year 2000 preparation. Today, Year 2000 experts in Germany say severe disruptions are unlikely but cannot be ruled out. As a result, many big industrial manufacturers are scaling back production to insulate themselves for a shock of an abrupt power disruption. BASF AG, the chemical conglomerate based in Ludwigshafen, has decided to shut a number of its systems on New Year's Eve so it can get by on the electricity from its own on-site power plant. So many manufacturers are reducing their power consumption on New Year's Eve that the utility industry has begun to worry about disruptions caused by an abrupt plunge in demand. One of the key differences between European countries on Year 2000 issues is the degree to which governments became involved. In Britain, Prime Minister Tony Blair has built up a huge program to promote awareness and point companies toward solutions. Besides drumming up publicity, the government fielded several thousand "bug busters" to get out the word. The Netherlands started a similar program, known as the Dutch Millennium Platform, headed by Jan Timmer, the former chairman of Philips Electronics NV. Timmer irked business groups by exhorting them to act, but most now experts rank the Netherlands alongside the United States and Britain as among the best-prepared countries. By contrast, German leaders did not show much interest in the subject until a few months ago. The government issued a tepid report one year ago and a more thorough one this spring, and it only recently set up an Internet site devoted to the issue. Local governments have largely been quiet on the matter. In March, the German weekly news magazine Focus published a survey indicating that most German cities had not yet prepared themselves for problems. According to the survey, carried out with the German Conference of Cities, half the cities had yet to test their hospitals, and one-third had not tested their mass transit systems. The hospitals have had a rude awakening. Andreas Tecklenberg, director of a 260-bed hospital in the north German town of Eutin, was dismayed when only six out of 150 manufacturers gave him useful answers when he sent them queries about Year 2000 problems. Since then, he has started to get better information. At the moment, he estimates, about one-third of the hospital's systems are "green" or ready; about one-third are yellow, and one-third still red. "The devices will have to be watched," Tecklenberg said. "But fortunately, we can have people take over if equipment goes wrong." At the German Heart Center in Berlin, which specializes in heart surgery, administrators are avoiding elective surgery between Christmas and January 3. It has also imposed a ban on holidays for most of the medical and technical staff on New Year's Eve. "If you look at this from the American standpoint, we all started late here," acknowledged Marcus Werner, who coordinates the center's Year 2000 planning. Werner started his preparations in October and said he was now reasonably confident about the hospital's medical equipment. But like so many others, he worries about power. The hospital shares a back-up generator with the University of Berlin, but he is still worried about the software that will have to ration the relatively scarce electricity. "What it comes down to is things you basically have no control over," he said. @HWA 08.0 Applied Maximum Internet Security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ by BHZ, Friday 23rd July 1999 on 1:09 pm CET Applied Maximum Internet Security, 3 day computer security seminar will be held in Cardiff By The Sea (California) on August 16-18, 1999 and September 27-29, 1999. ex-underground based instructors will cover the topics from essentials of TCP/IP, over the usual hacking/cracking tools to attack strategies. The fee is $1,395 for 3 days. @HWA 09.0 HPSBUX9907-100 CDE Leaves Current Directory in root PATH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To: BugTraq Subject: [support_feedback@us-support.external.hp.com: Security Bulletins Digest] Date: Tue Jul 20 1999 13:58:28 Author: Patrick Oonk Message-ID: <19990720135828.J6635@atro.pine.nl> ----- Forwarded message from HP Electronic Support Center ----- Date: Tue, 20 Jul 1999 04:45:18 -0700 (PDT) Subject: Security Bulletins Digest From: support_feedback@us-support.external.hp.com (HP Electronic Support Center ) To: security_info@us-support.external.hp.com Reply-To: support_feedback@us-support.external.hp.com Errors-To: support_errors@us-support.external.hp.com HP Support Information Digests =============================================================================== o HP Electronic Support Center World Wide Web Service --------------------------------------------------- If you subscribed through the HP Electronic Support Center and would like to be REMOVED from this mailing list, access the HP Electronic Support Center on the World Wide Web at: http://us-support.external.hp.com Login using your HP Electronic Support Center User ID and Password. Then select Support Information Digests. You may then unsubscribe from the appropriate digest. =============================================================================== Digest Name: Daily Security Bulletins Digest Created: Tue Jul 20 3:00:02 PDT 1999 Table of Contents: Document ID Title --------------- ----------- HPSBUX9907-100 CDE Leaves Current Directory in root PATH The documents are listed below. ------------------------------------------------------------------------------- Document ID: HPSBUX9907-100 Date Loaded: 19990719 Title: CDE Leaves Current Directory in root PATH ------------------------------------------------------------------------- **REVISED 01** HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #00100, 07 July 1999 Last Revised: 19 July 1999 ------------------------------------------------------------------------- The information in the following Security Bulletin should be acted upon as soon as possible. Hewlett-Packard Company will not be liable for any consequences to any customer resulting from customer's failure to fully implement instructions in this Security Bulletin as soon as possible. ------------------------------------------------------------------------- PROBLEM: The current directory is in the root user's PATH after logging in using CDE. PLATFORM: HP 9000 series 700/800 at HP-UX revision 10.X DAMAGE: Increase in privileges.. SOLUTION: Modify /usr/dt/bin/Xsession until a patch is available. AVAILABILITY: This advisory will be updated when patches are available. CHANGE SUMMARY: HTML to text conversion instructions for script added. ------------------------------------------------------------------------- I. A. Background - The PATH environemnt variable is constructed from several sources including dtsearchpath and scripts in /etc/dt/config/Xsession.d/ and /usr/dt/config/Xsession.d/. The resulting PATH contains the string "::" which will be interpreted as the current directory. The root user should not have the current directory in the PATH. B. Fixing the problem - Since the PATH environment variable can be affected by dtsearchpath and several scripts, the recommended solution is to clean up the root user's PATH after is has been created. **REVISED 01** Note: This file is in HTML format. If you are editing the text version from a mailing the line below: for (i=1; i<=n; i++) { must be changed. Replace the characters between the second "i" and the "=n" with the single "less than" character (ascii 0x3c). The line will then read: for (i=1; iX=n; i++) { where X stands for the "less than" character. In /usr/dt/bin/Xsession just before this: # ########################################################################### # # Startup section. Add this: ###################### Clean up $PATH for root ########################## if [ "$USER" = "root" ] then Log "Clean up PATH for root user" Log "Old PATH = $PATH" PATH=`echo $PATH | awk ' { # Remove elements from PATH that are # (a) "." # (b) "" # (c) blank # gsub (" ",":", $0) # Substitite ":" for each blank n = split ($0, path, ":") # Split into elements with ":" as delimiter first = 1 # To suppress leading ":" in new PATH for (i=1; i<=n; i++) { len = length(path[i]) dot = index(path[i], ".") dot_only = 0 if ((len == 1) && (dot==1)) { dot_only = 1 } # print element if it is not "" and not "." if (!(len==0) && !(dot_only==1)) { if(first != 1) { printf (":") # if not first element, print ":" in front } printf ("%s",path[i]) first = 0 } } } END { printf ("\n") }'` Log "New PATH = $PATH" fi ###################### End - Clean up $PATH for root #################### C. To subscribe to automatically receive future NEW HP Security Bulletins from the HP Electronic Support Center via electronic mail, do the following: Use your browser to get to the HP Electronic Support Center page at: http://us-support.external.hp.com (for US, Canada, Asia-Pacific, & Latin-America) http://europe-support.external.hp.com (for Europe) Login with your user ID and password (or register for one). Remember to save the User ID assigned to you, and your password. Once you are in the Main Menu: To -subscribe- to future HP Security Bulletins, click on "Support Information Digests". To -review- bulletins already released from the main Menu, click on the "Search Technical Knowledge Database." Near the bottom of the next page, click on "Browse the HP Security Bulletin Archive". Once in the archive there is another link to our current Security Patch Matrix. Updated daily, this matrix categorizes security patches by platform/OS release, and by bulletin topic. The security patch matrix is also available via anonymous ftp: us-ffs.external.hp.com ~ftp/export/patches/hp-ux_patch_matrix D. To report new security vulnerabilities, send email to security-alert@hp.com Please encrypt any exploit information using the security-alert PGP key, available from your local key server, or by sending a message with a -subject- (not body) of 'get key' (no quotes) to security-alert@hp.com. Permission is granted for copying and circulating this Bulletin to Hewlett-Packard (HP) customers (or the Internet community) for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to HP, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. HP is not liable for any misuse of this information by any third party. ________________________________________________________________________ -----End of Document ID: HPSBUX9907-100-------------------------------------- ----- End forwarded message ----- -- Patrick Oonk - PO1-6BONE - patrick@pine.nl - www.pine.nl/~patrick Pine Internet B.V. PGP key ID BE7497F1 Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ -- Pine Security Digest - http://security.pine.nl/ (Dutch) ---- Excuse of the day: Police are examining all internet packets in the search for a narco-net-traficer [ (application/pgp-signature) ] @HWA 10.0 Tiger vulnerability ~~~~~~~~~~~~~~~~~~~ To: BugTraq Subject: tiger vulnerability Date: Tue Jul 20 1999 09:37:39 Author: Ellen L Mitchell Message-ID: <199907201437.JAB12684@net.tamu.edu> -----BEGIN PGP SIGNED MESSAGE----- A vulnerability in one of the scripts used by the unix security tool Tiger has been discovered and a patch issued. Tiger is a public domain package developed and maintained by Texas A&M University, used for checking security problems on a Unix system. Due to lack of checking, a local user can craft a command in such a way that he may have the command executed with the privileges of the process running Tiger (usually root). While no known compromises have occurred due to this vulnerability, it is recommended that the patch be applied if you run tiger. Patches for tiger have been issued and are available at ftp://net.tamu.edu/pub/security/TAMU/ Thanks to Michel Miqueu and Philippe Bourgeois of CERT-IST for reporting the problem. Ellen - -- Ellen Mitchell Network Group Texas A&M University -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBN5SI2vjlKRxZFQKVAQGm2wQAqfJWT1nW5A3odbYWa+yvUYjRBkACBVac hslPIEtX8xVTOgrsHVK5ugT3lD0jz6jQc2DVkIhp89dS4st/+GrFu6ikcg2PaN1x a7YfqnpYxjRQuTEL9mVG67tyCvsxmOpzv/aTWwEd9AJofRbCUdWK1ruBe2P6Vd2s B/BdszrqfbI= =nyA0 -----END PGP SIGNATURE----- @HWA 11.0 Packet Storm Working on Corporate Sponsorship ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.hackernews.com/ contributed by xripclaw Ken Williams has posted a statement saying that Packet Storm Security is not dead. He is currently working on a deal with a corporate sponsor that will allow him to have a professionally maintained site with full staff of security experts, administrators, and web designers. We look forward to new developments. Tattooman http://frey.rapidnet.com/~tattooman/ 12.0 UPDATE ON THE PACKET STORM WEB SITE SITUATION --------------------------------------------- hey, i've been working very hard with numerous corporate entities to try to get the web site back up and online as soon as possible. everything is looking very good now, and i hope to have the site back up and better than ever RSN (Real Soon Now). hopefully, the site will be run and hosted by a professional security firm (to be named at the appropriate time), and the new site will be more professionally maintained by a full staff of security experts, administrators, and web designers. with a very substantial amount of corporate funding, the new Packet Storm Security will be a completely revamped site with more features, more updates, more bandwidth, more of everything. news and updates will be posted here as soon as i get confirmation of the new plans, and contracts are signed. -- Ken Williams, Sat Jul 24 16:34:45 EDT 1999 everything is looking very good and i hope to have great news to post in the next couple of days. -- Ken Williams, Mon Jul 26 22:12:07 EDT 1999 Contact Info ------------ tattooman@genocide2600.com jkw@rage.resentment.org jkwilli2@unity.ncsu.edu PGP Keys -------- Keys with ASCII Blocks, Fingerprints, and IDs http://www4.ncsu.edu/~jkwilli2/ Keys with ASCII Blocks, Fingerprints, IDs, and Certificates http://www.keyserver.net:11371/pks/lookup?template=netensearch%2Cnetennomatch%2Cnetenerror&search=jkwilli2&op=vindex&fingerprint=on&submit=Get+List @HWA 13.0 Piracy is Big Business for Some ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.hackernews.com/ contributed by PJ Churning out thousands of copies at a time for sale in the US and abroad, Southern California is now the home of the software counterfeiter. LA Times http://www.latimes.com/HOME/BUSINESS/UPDATES/lat_piracy990725.htm Who pays to arrest the pirates? Intel, Hewlett Packard, and others are funding public police forces. Evidently it is perfectly legal to grant local police departs hundreds of thousands of dollars so that they arrest the people you want them to. The police say there is no conflict of interest. LA Times http://www.latimes.com/HOME/BUSINESS/UPDATES/lat_piracy990726.htm LA Times http://www.latimes.com/HOME/BUSINESS/UPDATES/lat_piracy990725.htm Pirates of the High-Tech Age Southern California is now home to a sophisticated breed of criminals who, lured by high profits and low penalties, make and sell counterfeit computer software. By P.J. HUFFSTUTTER, TINI TRAN and DAVID REYES, Times Staff Writer Southern California is becoming the national base for counterfeiters who make bogus software that looks so good even computer experts can't tell the difference. Once a problem confined to Asia and Latin America, high-quality fake CD-ROMs made here are showing up for sale in foreign countries, on Internet sites and even in some retail stores like Fry's Electronics. Authorities have seized nearly $200 million in counterfeit software in dozens of cases in Southern California over the past three years. The disks are manufactured by a new breed of multicultural gangs who operate somewhat like legitimate software companies. Lured by high profits and low penalties, these criminals work cooperatively with each other, often "outsourcing" different aspects of the operation to business partners in order to save time and money. "The irony of all this is the counterfeiters are mimicking us," said Chris Chapin, manager of intellectual property enforcement for video game publisher Electronic Arts Inc. in Redwood City. "They are our worst business rivals." Feeding off the nation's growing number of PC-owners, the counterfeiters are supplying consumers with hot new products such as video games, tax programs and business tools. Software pirates can replicate, for as little as 50 cents, disks holding programs that computer companies price at hundreds of dollars. "Look, I can make more money off this than my lawyer can defending me," said one self-described pirate, nicknamed "hax3rz," who was selling illegal copies of top-selling video games on the Internet. "If they want it, I'll sell it." Southern California "is the capital for pirated [software] products in North America," said Nancy Anderson, senior attorney for Microsoft Corp.'s anti-piracy group. "Not Silicon Valley. Not New York. Not Texas. Not Washington. Here." High-tech piracy flourishes amid the anonymous industrial parks in the San Gabriel Valley cities of Walnut, Diamond Bar, City of Industry and Rowland Heights. Investigators have raided one business park in Walnut so many times that police have dubbed it "Pirates' Cove." But operations are also found elsewhere in the region. Earlier this year, in what industry experts describe as the nation's largest-ever software counterfeiting bust, Westminster police and the FBI arrested a dozen people and shut down an alleged piracy scheme with $60 million worth of fake Microsoft software sitting on a warehouse floor in the city of Paramount. Atul Sowmitra Dhurandhar, a 51-year-old native of India, and his wife were accused of money laundering and running the operation that for four years allegedly churned out counterfeit CD-ROMs from plants in three Southern California counties. They pleaded not guilty, and their trial begins in Los Angeles federal court this week. Like computer executives tapping personal contacts for deals, Dhurandhar allegedly used friends to create a business network: a convicted Chinese counterfeiter, who obtained a commercial CD-ROM replicator to copy the disks; a Mexican national, who is allegedly a Mexicali state judicial police officer, to smuggle product across the border; and another Mexican to hire illegal immigrants to run the CD replicator. But even as police break up the operations, the software industry still cannot get the public to support its plight. There is little widespread sympathy when a corporation such as Microsoft--which is worth more than $500 billion--complains that it loses hundreds of millions of dollars a year to piracy. The wealthy upper class traditionally is seen by the masses as the enemy, said Robert Kelly, professor of society and criminal justice at the City University of New York. In the past, it was oil barons and railroad tycoons. Today, notes Kelly, Microsoft head Bill Gates is the bad guy. "Fake software is not seen as a threat to the public good," said Alfred Blumstein, a public policy professor at Carnegie Mellon University. Despite software companies aggressively lobbying politicians and spending millions of dollars on anti-piracy advertising campaigns, the laws remain relatively soft on counterfeiters. The result: people who pirate millions of dollars' worth of software often receive only probation. "It's cheap, it's easy and there's almost no risk," said Sgt. Marcus Frank of the Westminster Police Department, who lead the Dhurandhar investigation. "If you were a criminal, wouldn't you do it?" The Key to Success: Networking Frank said the Dhurandhar investigation peaked last fall, when undercover officers staked out warehouses in Paramount, watching as a stream of truck drivers loaded pallets stacked high with fake Microsoft goods. The ringleaders had allegedly been shipping an estimated 15,000 fake Microsoft disks a month nationwide and overseas. By early February, police and the FBI had enough evidence to get a search warrant and raid the operation. Officers burst inside a warehouse one rainy afternoon and surprised six immigrant workers, who were busy printing counterfeit Microsoft user manuals. Here and at nearby facilities, investigators found top-of-the-line CD-ROM duplication equipment, high-speed printing presses and rows of bookbinding and shrink-wrapping machines. Piles of phony warranty cards spilled out of nearby crates. Sixty million dollars' worth of boxed, shiny silver compact disks, all sporting the Microsoft logo, towered over the officers. And tucked off in a corner, police say, was the investigative mother lode: files stuffed with Dhurandhar's business documents and checkbooks. The paperwork mapped out an elaborate counterfeiting network, according to police, and gave investigators leads on the scheme's money trail. Dhurandhar, his wife Mamta--who faces the same charges as her husband--and their attorneys have declined to discuss the case. Ten other suspects will join them at trial this week. Prosecutors say the Dhurandhar case is a textbook example of a modern software counterfeiting operation, where professional networking is the key to success. Someone knows someone with the machinery to copy the disks. Someone else knows of a print-shop owner willing to churn out bogus user manuals. Police say the players in the Southland's growing software piracy industry range from legitimate shop owners to street thugs to U.S.-based Asian gangs, such as the Wah Ching and Black Dragons, to savvy businessmen of all nationalities willing to run a wide-scale operation. Instead of a crime "family" with workers of one ethnicity answering to a boss, these software gangs operate as independent agents with no specific loyalties. Where traditional crime outfits work to improve the power and dominance of their family, these alliances of counterfeiters end when the job is done. "If you're a Crip, you're always a Crip," said Det. Jess Bembry, an expert in Asian organized crime with the Los Angeles Police Dept. These cases are different because "if it benefits them [financially], warring groups will stop fighting to make money together." Like computer executives sealing million-dollar agreements with a handshake, the ancient Chinese rite of guanxi (pronounced gwan-shee) is the unspoken social glue that defines interactions in some Asian societies. For legitimate businessmen throughout the world, guanxi means a person's social rapport is his key currency in the corporate world. It also is a philosophy that, say police, allows accused software counterfeiters such as the Dhurandhars to build a large manufacturing enterprise. Dhurandhar allegedly used several of his businesses, including a Long Beach print shop called Digital Colors, as fronts for the secret operation. Heavily tinted windows shielded the workers and gave no clue as to what was being manufactured inside. By day, the firm was a legitimate printing business, according to court documents. By night, it allegedly was a full-scale counterfeiting and assembly plant. Digital Colors, according to police investigators and the documents they seized, was one hub in a manufacturing labyrinth. Companies in the San Gabriel Valley handled the assembly work. Distributors in Los Angeles and Westminster hawked the goods, which included French, Portuguese and English versions of such bestsellers as Windows 95 and Windows 98, Microsoft's computer operating systems. In Long Beach, Digital Colors made the boxes, which were stored in Paramount warehouses, one of which housed a $1.5-million CD-ROM replicator that is as big as a high school classroom. Finished products allegedly were boxed, shrink-wrapped and sold to mid-level distributors. They, in turn, sold the fakes to other software distributors. Some products were loaded on trucks and hauled across the country, say police. Other goods were taken to Los Angeles International Airport, flown to Northern California and later shipped overseas. Ultimately, the disks allegedly were hawked at swap meets, over the Internet and at small retail shops in the U.S., Canada, Europe and South America. How much money the counterfeiters actually made still is unclear, said assistant U.S. attorney Stephen Larson, who is prosecuting the case. Court documents allege that the Dhurandhars used an elderly relative's bank account, and other accounts with Bank of America and Bank of Orange County, to launder at least $3.5 million in cash from sales of the fake software products. Profits allegedly were funneled into nearly $5 million worth of residential and commercial properties across Southern California, including a $2.7-million, Spanish-style home in Palos Verdes Estates perched above Lunada Bay, according to state property records and court documents. The Dhurandhars could step through their French doors and enjoy an expansive view of the ocean and Catalina Island. Federal and state authorities seized the properties and arrested the Dhurandhars in June at their home. Police say that Atul Dhurandhar was watering his lawn, and had $20,000 cash in his pocket, when they arrested him. A neighbor, when asked about the Dhurandhars, responded: "We never see them. They keep to themselves." Asian Economic Woes Intensify Piracy The piracy of intellectual property--whether software or music, film or pharmaceuticals--has flourished worldwide for decades. The rise of Southern California as a counterfeiting center is a more recent phenomenon. The other hotbed of software counterfeiting is Asia, where the threat of punishment is relatively low. In legitimate retail shops in Thailand last year, more than 80% of all computer software sold to consumers was pirated, according to the U.S. Trade Representative's office. Last year's Asian economic collapse intensified piracy. Asian police and U.S. federal investigators say formerly legitimate optical disc producers--the companies that manufacture CD-ROMs for software firms in Asia--are now moonlighting as software counterfeiters. Among the offerings in Asian black markets: Microsoft's business software package, Office 2000 Premium, which retails for nearly $8,700 in the United States. A week before Office 2000 debuted last month, shoppers who visited open-air markets in Hong Kong and Singapore picked up pirated versions for $20. Like their counterparts in the drug trade, software counterfeiters are well financed and mobile. When Hong Kong officials began cracking down on piracy in 1995, pirates relocated their manufacturing facilities to mainland China and nearby Macau, where there are fewer police agencies tracking copyright violators. Piracy also increased in Southern California. The U.S. Customs Department has tracked a steady increase in the value--and number--of high-tech counterfeit goods it seized this decade leaving the country. Although pirated movies and music get media attention, they made up only 2% of all compact disks customs seized in the U.S. last year. Kathlene Karg, director of anti-piracy operations for the Interactive Digital Software Association, said pirates are attracted to the U.S. market because they can charge more. "That's why they're starting to make and distribute their stuff in the U.S. The risk might be greater, but so are the potential profits," she said. The fakes made here are harder to detect. For one thing, say manufacturers, they look great. Counterfeits sold overseas rarely come in anything more elaborate than a plastic sleeve. Americans, however, prefer to buy nicely packaged goods, and pirates can charge more if consumers are convinced they're buying authentic--though drastically discounted--software. Fake versions of Office 2000, similar to those selling for $20 in Singapore, can be found on at least one Internet site for $175. The difference? A user's manual, a warranty card and a shrink-wrapped box. All fake, of course. "Nearly everything [counterfeit] of ours that we're seeing being made in Southern California is retail-ready," said Anne Murphy, an attorney with Microsoft's anti-counterfeiting team. "That's a big threat to our business because people think they're buying the real thing." In fact, high-grade counterfeits are starting to show up in mainstream stores such as Fry's Electronics, industry sources say. The San Jose Police Department's high-tech crime unit in the past year has investigated several such cases. Police officers said that small batches of bogus goods, sold to the chain through independent distributors, had been discovered in inventory at various Fry's stores. Officials at San Jose-based Fry's declined to comment. Investigators won't say whether some consumers had bought fakes. Noting that investigations are ongoing, police also refused to identify the stores that carried the goods, or to disclose what kind of software was counterfeited. Even if the people who made the bogus product are caught, the consequences could be minor. But the downside for consumers could be serious. Counterfeit software could be a copy of an early--and flawed--version of the real thing. It could include viruses that could destroy a person's computer data. And manufacturers refuse to fix fake goods. Federal penalties for counterfeiting are relatively low. If convicted, a person can be sent to prison for up to five years for software counterfeiting. But most software pirates avoid serious punishment and usually serve less than three years, according to officials at the U.S. Attorney's office. Though a federal statute--the Digital Millennium Copyright Act--enacted late last year allows for more serious financial penalties and jail terms, the law remains relatively untested. To date, federal and local prosecutors have focused largely on those accused of running major counterfeiting operations and laundering money, such as the Dhurandhars. Federal money laundering charges have a much stronger legal bite--a minimum of 10 years in prison--than counterfeiting, said Assistant U.S. Attorney Larson, who is chief of the department's organized crime strike force in Los Angeles. "It takes me longer to build a case than the time they end up spending in jail," grumbled Det. Jess Bembry, an expert in Asian crime with the Los Angeles County Sheriff Department. "It's ridiculous." Few consumers sympathize when Microsoft or other large software firms complain about counterfeiters. The Redmond, Wash.-based behemoth is the world's most valuable corporation and has continually exceeded Wall Street's profit expectations. Last week, Microsoft said its fiscal fourth-quarter profits jumped 62%, with earnings for the period climbing to a record $2.2 billion. Microsoft has fought piracy since 1976, when Bill Gates wrote his now-famous "Homebrew" open letter to computer hobbyists. The missive chastised computer users and called them "thieves" for not paying to use the operating software, known as BASIC. Some critics say that software firms fuel piracy by charging too much for their products, but the companies argue that the prices are set to recoup costs of developing and marketing new programs and make a profit. "Counterfeiting is stealing. We don't benefit by it. We don't cause it," said Murphy, the corporate attorney for Microsoft. There are three categories of software piracy. "Warez" is the Internet underground community where users gather at little-known online trading posts to swap files. In license infringement piracy, an individual or organization loads a software program onto multiple computers and doesn't pay the manufacturer for each installation. Finally, there is counterfeiting--the practice of taking a program, burning a copy of it onto a disk and selling the CD-ROM for a profit. American willingness to buy counterfeit disks terrifies software firms, which have not convinced the public that downloading a $300 business computer program is as unethical as stealing a $300 leather coat. In fact, the lack of public outrage has so emboldened the criminal sector that consumers sometimes shop for counterfeit brands. Take, for example, the Players, a Malaysian crime syndicate known for making fake console video games. Their products, which are sold throughout Asia and on the Internet, sport a small "Players" logo on the jewel case. This logo also is burned on the game disk itself--often in place of the icon for Sony Corp., the legitimate game publisher. "When it comes to money, morality gets put aside," said Frank of the Westminster Police Department. "Welcome to the new age of international relations." _ _ _ Times staff writer Rone Tempest in Hong Kong contributed to this report. LA Times http://www.latimes.com/HOME/BUSINESS/UPDATES/lat_piracy990726.htm Tech Firms Pay Police Agencies to Fight Cyber Crime Law enforcement: Intel funds sheriff's unit that chases computer pirates. Some fear conflict of interest. By P.J. HUFFSTUTTER, Times Staff Writer Gander through the headquarters of the Sacramento County Sheriff Department's high-tech team and see what cops call the "ideal model" for fighting cyber crime in an age of shrinking budgets. Fluorescent lights cast a jaundiced pall over the worn office cubicles, the frayed fabric pinned in spots with tacks. On each desk sits a computer, confiscated from a crime scene and still sporting an evidence tag. Windbreakers with the team logo are a luxury. Then there are the things visitors don't see. Like the $10,000 body wire Intel Corp. bought for the unit to use in undercover stings. Or the corporate jet Hewlett-Packard Co. used to fly officers to Silicon Valley, and the tens of thousands of dollars the computer firm spent for the team's travel expenses--flights, hotels, meals--when a recent case took officers out of town. Tired of being ripped off by high-tech criminals, some of America's most powerful computer companies are fighting back with a relatively simple approach: Subsidize the local police. From inside pilferage and brazen heists to Internet piracy and industrial espionage, digital crime in the United States cost computer hardware and software companies about $3 billion last year. Authorities, who concede they are barely making a dent in the problem, insist they don't have the staff, resources or public support to tackle the overwhelming number of complaints. But the computer companies do. Corporate largess ranges from a $100,000 annual grant from Intel that pays for police salaries in Oregon to Motorola Corp. and several other major PC firms donating $10,000 each to an annual fund to help underwrite the Austin (Texas) Police Department's cyber team. This controversial practice has divided the law enforcement community between those who embrace the help and those who insist it is a means of buying justice. It also underscores a nationwide dilemma: How can local police departments protect the high-tech sector--and the jobs and tax revenue it provides--if there isn't enough money to handle such cases? While investigating the Hewlett-Packard case, members of the Sacramento Valley Hi-Tech task force traveled nationwide, at company expense, to serve search warrants, arrest suspects and confiscate evidence. Before federal criminal charges were filed, however, Hewlett-Packard filed a civil fraud suit against a company in San Diego believed to be tied to the $500-million scheme. Hewlett-Packard used evidence gathered, in part, in the officers' travels to resolve its suit and ultimately obtain a stipulated judgment in its favor for $900,000. "When companies are directly paying for travel, investigations or salaries, I think that's a very dangerous line that quickly crosses into a conflict of interest," said former FBI Agent Joe Chiaramonte, president of the San Jose chapter of the High Technology Crime Investigation Assn., a trade group. But police Sgt. Tom Robinson, who heads up the Hillsboro, Ore., computer unit, sees it differently: "Frankly, any department that's not [accepting such grants] is missing the boat." Advocates such as Robinson insist the money represents the key to winning the war on cyber crime, and is a small investment for the multinational companies. "If you're inferring that we're paid off, that's not right," said Sacramento County Sheriff's Sgt. Michael Tsuchida. "I'll eat your dinner, sleep in your hotel and still arrest you if you're breaking the law." 'We All Realized We Needed Each Other' Traditionally, many corporations have shied away from revealing too much to law enforcement to avoid drawing public attention to internal troubles. But as computer piracy grows, companies today are much more willing to seek help from police agencies. Catching such criminals has long been the bailiwick of federal prosecutors, as tech-savvy criminals rarely stay within the neat confines of city limits when committing fraud on the Internet or stealing computer components. But federal law prevents prosecutors and the FBI from taking corporate contributions to pay for salaries or travel expenses, and limits the use of evidence collected by private investigators. State laws, however, have created a much broader gray area for local police. As a result, some local agencies rely on corporate handouts. When losses mounted from armed robberies at computer chip plants in Austin in the early '90s, the city's high-tech companies decided to finance a private nonprofit group to train officers to deal with the problem. Through the Austin Metro High Tech Foundation, firms including IBM and Dell Computer Corp. annually donate up to $10,000 each for investigators' training, travel and equipment. In return, businesses--including Applied Micro Devices, National Instruments and Motorola Corp.--say they expect law enforcement to treat computer crime as seriously as drugs and gang violence. Because Texas law restricts direct corporate contributions to particular police units, the funds are managed and distributed through the Austin Community Foundation, a nonprofit entity. "[The companies] can tell us what equipment we can or can't buy, but they can't tell us what to do with the cases," said Police Sgt. Robert Pulliam, who runs the department's five-person computer crime team. "We all realized we needed each other." This circle of financial interdependence has evolved slowly, from a long-standing tradition of police getting information from private investigators hired by the corporations. Companies typically approach police when they have enough evidence to back up a search warrant, said Los Angeles County Deputy Dist. Atty. William Clark, who prosecutes many trademark cases. Law enforcement then assembles the case. The corporate investigators often serve as experts, helping to identify fake products or explain the workings of stolen technology. Microsoft is the most aggressive technology firm when battling thieves, police say. In Hong Kong, the company runs its own stings, setting up fake storefronts as a means of gathering evidence, sources say. In the United States, Microsoft employs a security force of more than 200 people, some of them former law enforcement officers, who investigate cases and package the evidence, which they hand over to authorities for prosecution. "As a matter of policy, we don't pay law enforcement to do their jobs," said Anne Murphy, a corporate attorney with Microsoft's anti-counterfeiting group. "In certain cases, Microsoft has provided financial support for operating expenses for investigations." In 1997, the software giant approached the Los Angeles County Sheriff's Department and offered to help pay for a sting operation. The price? About $200,000 to purchase printing equipment from suspected software counterfeiters, and give officers the tools needed to create an undercover print shop. The department declined. "It's not about the money. It's about how the public perceives the money and how it's being used," said Det. Jess Bembry, who worked for the department's Asian Organized Crime unit at the time. "When defense attorneys start screaming, all anyone cares about is avoiding the perception of impropriety." The rich scent of wet soil and warm grass wafts across Hillsboro, a bedroom community of Portland, Ore., that has traded its agricultural roots for a future in high-tech manufacturing. This town of 68,000 more than doubles in population during weekdays, as workers flood into the catacomb of industrial facilities that have sprung up throughout the city's rolling hills. As Oregon's largest private employer, Intel's influence is pervasive. In blue-collar Hillsboro, it is difficult to distinguish the line between corporate philanthropy and corporate influence. At the Hillsboro Chamber of Commerce, a small plaque that reads "Intel Room" is affixed outside the door of the center's main meeting room--in honor of the company paying to furnish the small space. Though the town represents Oregon's largest high-tech hub, city managers have set aside only 2.7% of the Hillsboro Police Department's annual $9.2-million budget for its seven-person computer crime team. There's no need to commit more, city officials say, because Intel catches the shortfall: $100,000 a year, which pays the salary of one of the police officers and some expenses, according to a 1996 city memorandum of understanding obtained by The Times. Additionally, Intel purchased one officer's car, and helped pay for the team's offices, computer workstations, telephones and fax machines. Of all 231 cases Hillsboro's high-tech team has tackled between 1995 and April 30 of this year, about 41% involve Intel in some way. As of April, about one-fifth of the nearly $210 million the unit recovered is tied to Intel complaints. Police say the grant, which is permitted by Oregon state law, has not swayed their focus. Investigators attribute the case ratio to black-market demand for fake Intel computer chips and the company's size. "This may not be the ideal way for us to do business, but at least we're trying to do something about these crimes," said Police Sgt. Robinson, whose team includes members of the FBI and the U.S. attorney's office. "Without us, the criminals run rampant and impact everyone--the companies and the community," he said. Intel executives insist that their "nontraditional approach" of working with police is legitimate and harmless. It is, they say, merely part of a companywide philosophy to invest in the communities where employees live and work--not a means of gaining police protection. "It'd be dead wrong to criticize the police unless we could make a contribution," said Chuck Mulloy, a corporate spokesman for Intel. Other cities are modeling their efforts after Hillsboro. Chandler, Ariz., which has several Intel manufacturing and assembly centers, plans to pattern its own nascent computer team after Hillsboro. Such partnerships can hurt the police if companies stop paying, say critics. That's a concern in Hillsboro, where city officials admit there are no guarantees that the Intel grant won't disappear. "The police don't want to hear this, but if we lose the Intel grant, we'll default on the high-tech crime unit," said David Lawrence, Hillsboro's assistant city manager. "We'll have to go back to what we had before, which wasn't much." Inside a bland concrete warehouse on the edge of Sacramento's city limits, the Sacramento Valley Hi-Tech unit is the quintessential modern police model for fighting computer crime. The task force was created in 1995 and draws officers from 16 enforcement agencies. The team's diverse membership--officers from different jurisdictions who possess varied skills--is the key to its strength. "These guys have the best reputation among law enforcement," said L.A. County Sheriff's Det. Bembry. "They do amazing things with very few financial resources." Each agency pays for its officers' salaries, equipment and vehicle. But the departments don't feed into the team's general operating budget, which is zero, said Sgt. Tsuchida, who runs the unit. By comparison, the department's narcotics team receives at least $55,000 a year for similar costs. "We serve at least 50 search warrants a year," Tsuchida said. "We couldn't get the $150 a person to get the training to make sure everyone does it the same way. That's a safety concern." The financial slack is often covered by local technology companies, which contribute seized assets and occasionally kick in for travel and other expenses, Tsuchida said. "If the companies don't pay, we can't investigate" some out-of-town cases, said Sacramento County Sheriff's Lt. Jan Hoganson, who commands the unit. "We can't afford it." Cost was a factor in the recent Hewlett-Packard software theft case, which investigators say has links extending from the Central Valley to Southern California, the Pacific Northwest and Central America. Bill Conley, president of US Computer Corp. in Redmond, Wash., is one of several people Sacramento's unit arrested in conjunction with the case. The charges, of possessing stolen H-P goods, were later dropped, but Conley insists the case was tainted. "It was the Hewlett-Packard people--not the Redmond police, not the Sacramento cops--who led the whole thing, who took employees off and threatened to take them to jail," said Conley, 41. Police, prosecutors and Hewlett-Packard officials scoff at Conley's claim, and cite other types of white-collar crimes, such as insurance fraud, which routinely relies on the private sector for enforcement help. And Sacramento's Hoganson insists his team's focus is unbiased, they say, noting that of the 285 cases the team investigated in 1998, only 16 were tied to companies that are members of the unit's steering committee. But the California Supreme Court takes the issue seriously. In a 1996 trade secrets case, the court upheld the disqualification of a Santa Cruz County district attorney because the office had accepted more than $13,000 from a Scotts Valley software company, Borland International. The money was used to hire a computer expert to determine whether a former executive had taken proprietary information to a rival firm, Symantec Corp. Police and prosecutors say the Hewlett-Packard case is different because the corporation's involvement did not influence their decision to file criminal charges. "I don't see [it] as a conflict, because you're giving law enforcement the money--not the district attorney's office," said Robert Morgester, a deputy attorney general for the state attorney general's office who helped create and fund the Sacramento team. California legislators are trying to offset the money pinch, by rolling out a $1.3-million state grant to be divided among three task forces: Sacramento, San Jose and Los Angeles/Orange County. In addition, the governor's office has set aside an additional $1 million for the same purpose. Investigators say that although the grant helps, it's still not enough. "That money is already spent on training, hiring new people and getting my guys new computers," Tsuchida said. "We're not breaking any laws now, so why should we change what we're doing?" Copyright Los Angeles Times. 14.0 Mitnick sentencing postponed again... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.zdnet.com/zdnn/filters/bursts/0,3422,2302198,00.html Monday; Jul26th 10:46a Mitnick sentencing postponed again The sentencing of convicted hacker Kevin Mitnick was postponed for a second time today. The government is asking for Mitnick to be responsible for restitution on the order of $1.5 million, while the defense is asking for payments on the order of $5,000, based on his projected earnings potential during his supervised release. He will not be able to use a computer during that three year-period. More details to follow. --ZDNN staff @HWA 15.0 Military Reserves to be Used for Cyber Defense ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Sarge The Reserve Component Employment Study 2005, commissioned by Defense Secretary William Cohen, has concluded that Reserve units are probably the best choice to help secure military systems. The study says that members of a this new unit could work remotely and should be recruited from high-tech sectors of the civilian population. (Hmmmm, maybe I should reenlist?) Federal Computer Week http://www.fcw.com:80/pubs/fcw/1999/0726/fcw-newsreserve-07-26-99.html JULY 26, 1999 Study calls for reserve virtual IT warfare unit BY DANIEL VERTON (dan_verton@fcw.com) A year-long study completed last week by a senior panel of Defense Department officials recommended an unprecedented expansion in the role the reserves play in national defense, including the formation of a virtual cyberdefense unit to protect the nation's critical infrastructure. The study, Reserve Component Employment Study 2005, was initiated in April 1998 at the request of Defense Secretary William Cohen and concluded that the reserves are "particularly well-suited to homeland defense missions." In addition, the study called for the formation of a "joint [reserve component] virtual information operations organization" and tasked various senior-level DOD organizations to complete a "proof of concept" study for creating the unit by June 30, 2000. The new reserve cyberdefense unit "would consist of individuals with information technology skills who could perform their duties from dispersed locations rather than working as a single consolidated unit at a specific training center," the report said. To accomplish their mission of protecting various critical infrastructure nodes, the unit would communicate from existing reserve centers and other DOD facilities across the country that have access to the Secret Internet Protocol Routing Network. To form the new unit, the study recommended looking for reserve members in regions of the country where high concentrations of IT skill already exist. In addition, the study suggested that the reserves consider recruiting high-tech-savvy people from the civilian sector, requiring them to join the reserves for a specific number of years in exchange for high-tech training provided by DOD. Establishing a "virtual organization" also would go a long way toward solving the department's problem of retaining personnel with critical IT skills and may allow DOD to reduce its reliance on external contractor support, the report said. "A 'virtual organization' [also] could support the Joint Task Force [for] Computer Network Defense," the report said. Cohen established the JTF-CND in December 1998 to monitor and take defensive actions against hackers and other unauthorized users who try to penetrate DOD networks. Rick Forno, a security officer for Network Solutions Inc. and the former senior security analyst at the House of Representatives' Information Resources Security Office, said the report's recommendation to use the reserves for cyber defense "is a great idea" and represents one of DOD's more innovative initiatives. "I'm thrilled that DOD is looking to go outside the box on the Info-Protect/InfoCorps idea in the reserve components," said Forno, who proposed a similar idea to DOD a year ago. However, "it comes down to endorsement and support from senior leadership [whether or not] they let this organization function as intended," he said. Anthony M. Valletta, vice president of C3I systems for SRA Federal Systems and former acting assistant secretary of Defense for command, control, communications and intelligence, said the concept of using the reserves in this manner is one that the intelligence community has proven works. "When we did this with the intelligence community, it worked extremely well," Valletta said. "We have a lot of expertise in the reserves that we need to take advantage of." The main challenge facing the reserve cyberdefense corps idea, according to Valletta, is training and equipping the reserves to carry out the mission. "We have to keep up with the technology, and the reserves have to have the latest capabilities," Valletta said. "That is a major change of philosophy in terms of equipping the reserves." However, the idea of establishing a JTF for Homeland Defense also is an idea that some groups, particularly civil liberties organizations, may question. "The main issue is the Posse Comitatus Act and the limits on military activity within the U.S.," said Mark Lowenthal, former deputy assistant secretary of State for intelligence and now a member of Valletta's C3I consulting team at SRA. "If it is limited to what are clearly DOD facilities, then there should be no problem," he said. "If it steps over that line, then there are some legal issues that have to be addressed." Other recommendations contained in the report include using the reserves as part of a Joint Task Force headquarters for Homeland Defense, which would work with the Federal Emergency Management Agency and other civil authorities to coordinate responses to attacks involving nuclear, chemical and biological weapons, and increasing the use of smart card technology to reduce delays in processing reserve members for active-duty assignments. @HWA 16.0 Kodak's new PROM copy-killer? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ Kodak Introduces CD-PROM, Claims to Thwart Pirates contributed by WareZ dud3 Kodak has introduced a new CD technology it calls CD-PROM or CD-Programable Read Only Memory. It combines the standard CD with a small section of CDR that will contain specific information about the machine the software is registered to. Kodack claims this will stop piracy in its tracks. (It might stop the warez dudes from trading the latest version of Duke Nuke 'Em but it will do nothing to stop the professionals.) Express News http://www.expressnews.com/pantheon/news-bus/sheron-tech/2504rkodak_7-25nz.shtml Kodak develops anti-hacker CD Format is computer-specific, aims to foil non-customers By Don Sheron EXPRES-NEWS SCIENCE/TECHNOLOGY WRITER Software pirates have a new technological hurdle ahead of them. Kodak has developed a way to make CD programs more secure from hackers and unlicensed users. It's a customized CD called the CD-PROM (Compact Disc-Programmable ROM). This includes the standard write-once feature of commercial software, but the CD-PROM also includes a recordable feature that identifies a particular computer to the CD. "There's a lot of enthusiasm for this technology," said Bruce Ha, senior research associate at the Eastman Kodak Co. of Rochester, N.Y. "It's a format that people have been talking about for the past 10 years now." The new hybrid technology allows software manufacturers to produce low-cost CD-ROMs with the ability to add CD-R (recordable) information. CD-PROM works like a normal CD software product, but using the software requires start-up information specific to the licensed consumer. For instance, many software CDs require a registration code to unlock some or all of the program's features. To get the registration code, consumers can register their software online with the software manufacturer. To thwart Internet hackers, the CD-PROM will match the registration code with the licensed software, thus keeping hackers from using an illegal copy of the software. Similarly, a CD-PROM is designed to work on software shipped with a specific computer. The CD-PROM can be set up to read only the BIOS information on the computer with which it was shipped. The BIOS (basic input/output system) loads and executes the computer's operating system, such as Windows 98. "So (Microsoft) Office or any other program that comes bundled with that computer cannot be shared by anyone else," Ha said. But making a CD-PROM has been difficult. A normal CD contains data embedded into "pits" that are pressed into the platter. The platter is then covered by an aluminum reflective layer and a protective plastic coating. On a CD-R, a single groove is pressed into the platter instead of pits. An organic dye is added for recording new information onto the platter. A reflective layer of gold or silver covers the dye, and then the CD gets a protective coating. Some manufacturers have tried to add both pits and grooves onto a CD. But they have had problems with the disc being read properly. This can occur when the ROM reader switches to the recordable writer, or because the speed of the laser light reading the CD changes when it goes through different materials on the platter. To get around this, Kodak decided to use a single, continuous groove pressed into the platter. The master disc is designed to make the CD reader think that the groove actually contains a series of pits. Kodak is using the CD-PROM for its Picture CD product. Ha says no failures have been noticed after beta testing 20,000 discs in photo labs. Saturday, Jul 24,1999 @HWA 17.0 Sandstorm Releases New Version of Phone Sweep ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Brian Sandstorm Enterprises has released a new version of its $998 war dialing program called 'Phone Sweep' It does have at least one cool feature, auto recognition of over 200 remote systems. Ummm, thanks but I'd rather have the free, non-hardware copy protected, Tone Loc. Excite News http://news.excite.com/news/bw/990721/ma-sandstorm PhoneSweep http://www.sandstorm.net/phonesweep/ Tone Loc - toneloc.zip http://www.l0pht.com/~oblivion/blkcrwl/telecom/toneloc.zip Tone Loc Utilities http://www.l0pht.com/~oblivion/blkcrwl/telecom/toneutil.zip Sandstorm Enterprises Announces Single Call Detect -- Advanced Telephone Scanning Technology to be Incorporated Into New Release of PhoneSweep Updated 10:45 AM ET July 21, 1999 Most S