HWA.hax0r.news #12 HTML/Text Version

• April Issue #13 will be a special issue, watch for it...
• This issue may cause strangeness in certain browsers
  read in TEXT mode to see why.

HWA is sponsored by Cubesoft communications www.csoft.net




    [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
  ==========================================================================
  =                       <=-[ HWA.hax0r.news ]-=>                         =
  ==========================================================================
    [=HWA'99=]                         Number 12 Volume 1 1999 April 1st  99
  ==========================================================================




  ** ISSUE 13 will be back to standard text format, htmlizing this file is too
  much work and bloats up the issue too much, if anyone wants to convert the
  texts to html though feel free to do so, and credit yourself for the work
  done as it takes some time to get all the links and make sure demo html is
  viewable in online versions..... - Ed

                     010010             0101010101
                   01010101            0101010101010
                     010101                   010101
                     010101                01010101
                     010101              01010101
                     010101           010101010
                   0010101010         01010100101010
                   0101010101         01010101010101

  
  Note that some stuff may not display correctly as I did not fully convert
  all the text contained in this file to html, it is recommended you read 
  this file in standard text mode...

  =------------------------------------------------------------------------=

      "If your hacker admits to having been wrong, don't demand an apology;
        so far as the hacker is concerned, admitting to being wrong
                              is an apology,"  
      
             - from http://www.plethora.net/~seebs/faqs/hacker.html
                   see sideline, 'proper care and feeding of your hacker'

  =------------------------------------------------------------------------=


   Synopsis 
   ---------
   
   The purpose of this newsletter is to 'digest' current events of interest
   that affect the online underground and netizens in general. This includes
   coverage of general security issues, hacks, exploits, underground news
   and anything else I think is worthy of a look see. (remember i'm doing
   this for me, not you, the fact some people happen to get a kick/use
   out of it is of secondary importance).

    This list is NOT meant as a replacement for, nor to compete with, the
   likes of publications such as CuD or PHRACK or with news sites such as
   AntiOnline, the Hacker News Network (HNN) or mailing lists such as
   BUGTRAQ or ISN nor could any other 'digest' of this type do so.

    It *is* intended  however, to  compliment such material and provide a
   reference to those who follow the culture by keeping tabs on as many
   sources as possible and providing links to further info, its a labour
   of love and will be continued for as long as I feel like it, i'm not
   motivated by dollars or the illusion of fame, did you ever notice how
   the most famous/infamous hackers are the ones that get caught? there's
   a lot to be said for remaining just outside the circle... 
   
   

   @HWA

   =-----------------------------------------------------------------------=

                     Welcome to HWA.hax0r.news ... #12

   =-----------------------------------------------------------------------=

          

    *******************************************************************
    ***      /join #HWA.hax0r.news on EFnet the key is `zwen'       ***
    ***                                                             ***
    *** please join to discuss or impart news on techno/phac scene  ***
    *** stuff or just to hang out ... someone is usually around 24/7***
    ***                                                             ***
    *** Note that the channel isn't there to entertain you its for  ***
    *** you to talk to us and impart news, if you're looking for fun***
    *** then do NOT join our channel try #wierdwigs or something... ***
    *** we're not #chatzone or #hack                                ***
    ***                                                             ***
    *******************************************************************


  =-------------------------------------------------------------------------=

  Issue #12


  =--------------------------------------------------------------------------=



  
  [ INDEX ]
  =--------------------------------------------------------------------------=
    Key     Content                                                         
  =--------------------------------------------------------------------------=
 
    00.0  .. COPYRIGHTS ......................................................
    00.1  .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
    00.2  .. SOURCES .........................................................
    00.3  .. THIS IS WHO WE ARE ..............................................
    00.4  .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
    00.5  .. THE HWA_FAQ V1.0 ................................................

    01.0  .. GREETS ..........................................................
     01.1 .. Last minute stuff, rumours, newsbytes ...........................
     01.2 .. Mailbag .........................................................
    02.0  .. From the editor..................................................
    03.0  .. Aussie faces 12months jail time .................................
    04.0  .. Mitnick update, another year in jail?............................    
     04.1 .. The Bumper Sticker Stays.........................................
     04.2 .. Mitnick's Judgment Day at Hand...................................
     04.3 .. Why We Still Have to Free Kevin Mitnick..........................
     04.4 .. Mitnick gets 46 months...........................................
    05.0  .. Sesquipedalian.c 0 length connection resetting exploit...........
    06.0  .. Yet more MSIE5 vulnerabilities...................................
    07.0  .. QuickHacks and tips from ManicX..................................
    08.0  .. NT4 index server 2.0 vulnerabilities.............................
    09.0  .. Yahoo news ticker has plaintext passwords in config files........
    10.0  .. Defacing websites? read this from bufferoverflow/attrition.......
    11.0  .. Security analysis of Satellite command uplinks...................
    12.0  .. Melissa Pr0n virus makes it hard for Microsoft users.............
     12.1 .. The Melissa macro virus code.....................................
     12.2 .. PAPA, a Melissa variant targets specific people with ping fluds..
     12.3 .. PAPA B and the MadCow variants of Melissa already spreading......
     12.4 .. April 1st Melissa virus creator apprehended......................
    13.0  .. [ISN] A hacker's worst nightmare ................................
    13.1  .. How bad is Pentium III privacy threat?...........................
    14.0  .. ICQ99 Bug, erh feature turns your icq into a DoSable web server..
    15.0  .. Russian crackers takeout whitehouse.gov?.........................
    16.0  .. New Excel macro virus can bypass protections.....................
    17.0  .. xfree86 SUSE exploit.............................................
    18.0  .. Proper feeding and caring of your new hacker ....................
    19.0  .. Unix wardialer from w00w00 security..............................
    20.0  .. Australia gears up security for Olympics ........................
    21.0  .. NetBSD security advisories: umapfs ..............................
     21.1 .. NetBSD noexec mount flag advisory ...............................
    22.0  .. Checkpoint releases new DHCP based user 'mapping' technology..... 
    23.0  .. SPAWAR a navy site for the security conscious...go FISH..........
    24.0  .. A Portscan detector..............................................
    25.0  .. Port 21 (FTP) Control port vulnerability scanner.................
    26.0  .. WuFTPd scanner...................................................
    27.0  .. The Wu-FTPd exploit and patch thread ............................
    28.0  .. Another Wu-FTPd exploit (wh0a.c).................................
    29.0  .. Netscape 4.51 allows url sniffing  exploit and patch.............
    30.0  .. X11R6 rewt compromise exploit....................................
    31.0  .. Yet another wu-ftpd scanner by 03m0s1s...........................
    32.0  .. RedHat Linux security vulnerabilities list from redhat...........
    33.0  .. The Suburbanization of Slashdot by Pasty Drone...................
    34.0  .. Canada Rolls into Fiscal 2000....................................
    35.0  .. More exploits from the ADM crew .................................
    =--------------------------------------------------------------------------=
             
         Special Sections. Civil disobedience and hacktivism, hacking contests
         
    =--------------------------------------------------------------------------=         
             
     SP.00 .. Intro: That Wild Wild Cyberfrontier..............................
     SP.01 .. Article 1:"Electronic Civil Disobedience and.....................
              ...........................the World Wide Web of Hacktivism:"....
     SP.02 .. Article 2:"Digital Zapatismo"....................................
              .................................................................
     SP.C1 .. The Phallusi of cracking contests................................           
     SP.C2 .. Hacker challenges: Boon or Bane by Gene Spafford.................
                
    =--------------------------------------------------------------------------=   
    AD.S  .. Post your site ads or etc here, if you can offer something in return
             thats tres cool, if not we'll consider ur ad anyways so send it in.
    ..........................................................................
    HA.HA  .. Humour and puzzles  ............................................
    HOW.TO .. New section: "How to hack" by our illustrious editor part 3.....
    SITE.1 .. Featured site, .................................................
    RAW.1  .. We remember Autonet'86..........................................
     H.W    .. Hacked Websites  ..............................................
     A.0   .. APPENDICES......................................................
     A.1   .. PHACVW linx and references......................................
 
  =--------------------------------------------------------------------------=
     
     @HWA'99

     
  00.0  (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
     OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
     WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
     (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
     READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).

     Important semi-legalese and license to redistribute:

     YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
     AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
     ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
     IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
     APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
     IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
     ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
     ME PRIVATELY current email cruciphux@dok.org

     THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
     WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
     THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:

     I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
     AND REDISTRIBUTE/MIRROR. - EoD


     Although this file and all future issues are now copyright, some of
    the content holds its  own copyright and these are printed and
    respected. News is news so i'll print any and all news but will quote
    sources when the source is known, if its good enough for CNN its good
    enough for me. And i'm doing it for free on my own time so pfffft. :)

    No monies are made or sought through the distribution of this material.
    If you have a problem or concern email me and we'll discuss it.

    cruciphux@dok.org

    Cruciphux [C*:.]



  00.1  CONTACT INFORMATION AND MAIL DROP
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


     Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
    Canada / North America (hell even if you are inside ..) and wish to
    send printed matter like newspaper clippings a subscription to your
    cool foreign hacking zine or photos, small non-explosive packages
    or sensitive information etc etc well, now you can. (w00t) please
    no more inflatable sheep or plastic dog droppings, or fake vomit
    thanks.

    Send all goodies to:

	    HWA NEWS
	    P.O BOX 44118
	    370 MAIN ST. NORTH
	    BRAMPTON, ONTARIO
	    CANADA
	    L6V 4H5

    WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
    ~~~~~~~  reading this from some interesting places, make my day and get a
             mention in the zine, send in a postcard, I realize that some places
             it is cost prohibitive but if you have the time and money be a cool
             dude / gal and send a poor guy a postcard preferably one that has some
             scenery from your place of residence for my collection, I collect stamps
             too so you kill two birds with one stone by being cool and mailing in a
             postcard, return address not necessary, just a  "hey guys being cool in
             Bahrain, take it easy" will do ... ;-) thanx.



    Ideas for interesting 'stuff' to send in apart from news:

    - Photo copies of old system manual front pages (optionally signed by you) ;-)
    - Photos of yourself, your mom, sister, dog and or cat in a NON
      compromising position plz I don't want pr0n. 
    - Picture postcards
    - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
      tapes with hack/security related archives, logs, irc logs etc on em.
    - audio or video cassettes of yourself/others etc of interesting phone
      fun or social engineering examples or transcripts thereof.

    If you still can't think of anything you're probably not that interesting
    a person after all so don't worry about it 

    Our current email:

    Submissions/zine gossip.....: hwa@press.usmc.net
    Private email to editor.....: cruciphux@dok.org
    Distribution/Website........: sas72@usa.net

    @HWA



  00.2  Sources ***
        ~~~~~~~~~~~

     Sources can be some, all, or none of the following (by no means complete
    nor listed in any degree of importance) Unless otherwise noted, like msgs
    from lists or news from other sites, articles and information is compiled
    and or sourced by Cruciphux no copyright claimed.

    HiR:Hackers Information Report... http://axon.jccc.net/hir/
    News & I/O zine ................. http://www.antionline.com/
    Back Orifice/cDc..................http://www.cultdeadcow.com/
    News site (HNN) .....,............http://www.hackernews.com/
    Help Net Security.................http://net-security.org/
    News,Advisories,++ ...............http://www.l0pht.com/
    NewsTrolls (HNN)..................http://www.newstrolls.com/
    News + Exploit archive ...........http://www.rootshell.com/beta/news.html
    CuD ..............................http://www.soci.niu.edu/~cudigest
    News site+........................http://www.zdnet.com/
    News site+........................http://www.gammaforce.org/
    News site+........................http://www.projectgamma.com/


    +Various mailing lists and some newsgroups, such as ...
    +other sites available on the HNN affiliates page, please see
     http://www.hackernews.com/affiliates.html as they seem to be popping up
     rather frequently ...

    * Yes demoniz is now officially retired, if you go to that site though the
     Bikkel web board (as of this writing) is STILL ACTIVE, www.hwa-iwa.org will
     also be hosting a webboard as soon as that site comes online perhaps you can
     visit it and check us out if I can get some decent wwwboard code running I
     don't really want to write my own, another alternative being considered is a
     telnet bbs that will be semi-open to all, you will be kept posted. - cruciphux

    http://www.the-project.org/ .. IRC list/admin archives
    http://www.anchordesk.com/  .. Jesse Berst's AnchorDesk

    alt.hackers.malicious
    alt.hackers
    alt.2600
    BUGTRAQ
    ISN security mailing list
    ntbugtraq
    <+others>

    NEWS Agencies, News search engines etc:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    http://www.cnn.com/SEARCH/
    http://www.foxnews.com/search/cgi-bin/search.cgi?query=cracker&days=0&wires=0&startwire=0
    http://www.news.com/Searching/Results/1,18,1,00.html?querystr=cracker
    http://www.ottawacitizen.com/business/
    http://search.yahoo.com.sg/search/news_sg?p=cracker
    http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=cracker
    http://www.zdnet.com/zdtv/cybercrime/
    http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)

    NOTE: See appendices for details on other links.


    http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
    http://freespeech.org/eua/ Electronic Underground Affiliation
    http://www.l0pht.com/cyberul.html
    http://www.hackernews.com/archive.html?122998.html
    http://ech0.cjb.net ech0 Security
    http://net-security.org Net Security

    ...


    Submissions/Hints/Tips/Etc
    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    All submissions that are `published' are printed with the credits
    you provide, if no response is received by a week or two it is assumed
    that you don't care wether the article/email is to be used in an issue
    or not and may be used at my discretion.

    Looking for:

    Good news sites that are not already listed here OR on the HNN affiliates
    page at http://www.hackernews.com/affiliates.html

    Magazines (complete or just the articles) of breaking sekurity or hacker
    activity in your region, this includes telephone phraud and any other
    technological use, abuse hole or cool thingy. ;-) cut em out and send it
    to the drop box.


    - Ed

    Mailing List Subscription Info   (Far from complete)         Feb 1999
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~         ~~~~~~~~

    ISS Security mailing list faq : http://www.iss.net/iss/maillist.html


    THE MOST READ:

    BUGTRAQ - Subscription info
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    What is Bugtraq?

    Bugtraq is a full-disclosure UNIX security mailing list, (see the info
    file) started by Scott Chasin . To subscribe to
    bugtraq, send mail to listserv@netspace.org containing the message body
    subscribe bugtraq. I've been archiving this list on the web since late
    1993. It is searchable with glimpse and archived on-the-fly with hypermail.

    Searchable Hypermail Index;

          http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html



    About the Bugtraq mailing list
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The following comes from Bugtraq's info file:

    This list is for *detailed* discussion of UNIX security holes: what they are,
    how to exploit, and what to do to fix them.

    This list is not intended to be about cracking systems or exploiting their
    vulnerabilities. It is about defining, recognizing, and preventing use of
    security holes and risks.

    Please refrain from posting one-line messages or messages that do not contain
    any substance that can relate to this list`s charter.

    I will allow certain informational posts regarding updates to security tools,
    documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
    on this list.

    Please follow the below guidelines on what kind of information should be posted
    to the Bugtraq list:

    + Information on Unix related security holes/backdoors (past and present)
    + Exploit programs, scripts or detailed processes about the above
    + Patches, workarounds, fixes
    + Announcements, advisories or warnings
    + Ideas, future plans or current works dealing with Unix security
    + Information material regarding vendor contacts and procedures
    + Individual experiences in dealing with above vendors or security organizations
    + Incident advisories or informational reporting

    Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
    reflector address if the response does not meet the above criteria.

    Remember: YOYOW.

    You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
    those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.

    For questions or comments, please mail me:
    chasin@crimelab.com (Scott Chasin)


    
    Crypto-Gram
    ~~~~~~~~~~~

       CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
      insights, and commentaries on cryptography and computer security.

      To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
      blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe,
      visit http://www.counterpane.com/unsubform.html.  Back issues are available
      on http://www.counterpane.com.

       CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of
      Counterpane Systems, the author of "Applied Cryptography," and an inventor
      of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of
      the International Association for Cryptologic Research, EPIC, and VTW.  He
      is a frequent writer and lecturer on cryptography.


    CUD Computer Underground Digest
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    This info directly from their latest ish:

    Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09
     
                      ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Poof Reader:   Etaion Shrdlu, Jr.
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest



    [ISN] Security list
    ~~~~~~~~~~~~~~~~~~~
    This is a low volume list with lots of informative articles, if I had my
    way i'd reproduce them ALL here, well almost all .... ;-) - Ed


    Subscribe: mail majordomo@repsec.com with "subscribe isn".



    @HWA


  00.3  THIS IS WHO WE ARE
        ~~~~~~~~~~~~~~~~~~
 
      Some HWA members and Legacy staff
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      cruciphux@dok.org.........: currently active/editorial
      darkshadez@ThePentagon.com: currently active/man in black
      fprophet@dok.org..........: currently active/IRC+ man in black
      sas72@usa.net ............. currently active/IRC+ distribution
      vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
      dicentra...(email withheld): IRC+ grrl in black


      Foreign Correspondants/affiliate members
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      ATTENTION: All foreign correspondants please check in or be removed by next
      issue  I need  your current emails since contact info was recently lost in a
      HD mishap and i'm not carrying any deadweight. Plus we need more people sending
      in info, my apologies for not getting back to you if you sent in January I lost
      it, please resend.



       N0Portz ..........................: Australia
       Qubik ............................: United Kingdom
       system error .....................: Indonesia
       Wile (wile coyote) ...............: Japan/the East
       Ruffneck  ........................: Netherlands/Holland

       And unofficially yet contributing too much to ignore ;)

       Spikeman .........................: World media

       Please send in your sites for inclusion here if you haven't already
       also if you want your emails listed send me a note ... - Ed

      http://www.genocide2600.com/~spikeman/  .. Spikeman's DoS and protection site


       

       *******************************************************************
       ***      /join #HWA.hax0r.news on EFnet the key is `zwen'       ***
       *******************************************************************

    :-p


    1. We do NOT work for the government in any shape or form.Unless you count paying
       taxes ... in which case we work for the gov't in a BIG WAY. :-/

    2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
       events its a good idea to check out issue #1 at least and possibly also the
       Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...


    @HWA



  00.4  Whats in a name? why HWA.hax0r.news??
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                             
      
      Well what does HWA stand for? never mind if you ever find out I may
     have to get those hax0rs from 'Hackers' or the Pretorians after you.

     In case you couldn't figure it out hax0r is "new skewl" and although
     it is laughed at, shunned, or even pidgeon holed with those 'dumb
     leet (l33t?) dewds'  this is the state
     of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
     up  and comers, i'd highly recommend you get that book. Its almost
     like  buying a clue. Anyway..on with the show .. - Editorial staff


     @HWA

  00.5  HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Also released in issue #3