Noticias:
envia as noticias para secretos@hotmail.com
26/02/97
From: Paulo Trezentos - Paulo.Trezentos@iscte.pt
Viva!
Boas Noticias.
Na permanente estarao 5 computadores 'a disposicao do publico, das 10:00
'as 18:00, com os seguintes servidores: ftp, web, irc , mail e news. O
publico tem acesso a todos os servidores, estando estes ligados em rede
local, e esta 'a Internet.
Na parte de semina'rios, havera' 1 conferencia por dia, 'as 16:30 podendo
ser dividida em duas partes.
Os assuntos, ainda a definir, passarao por:
Promocao programada:
Objectivos da iniciativa:
O que esta iniciativa nao pretende:
Como se pode colaborar na organizacao desta iniciativa:
O empenho pessoal e' bem-vindo :-))
------------------------------------------------------------------
Um ex-funcionário da grande empresa "Omega Engineering"
activou um programa que apagou os dados presentes na rede informática.
Este "ataque" do ex-funcionário, que desempenhava as funções
de programador, foi um dos crimes informáticos mais caros
da história e custou à Omega Engineering cerca de 10 milhões
de dólares (cerca de 1.86 milhões de contos).
Embora o criminoso tenha sido apanhado, este incidente vem reforçar a necessidade que existe para as empresas levarem
muito a sério a segurança dos seus sistemas informáticos.
O web site da Omega Engineering está disponível em
http://www.omega.com
AUSTIN, Texas - A panel of security specialists compared notes this week at the Computers, Freedom, and Privacy conference, providing an overview of malicious hacks and strategies for fending them off, as well as insights into hacker culture, tricks, and tools.
Peter Shipley, a renowned - and reformed - hacker, and more recently the founder of Network Security Associates a security consulting business in Berkeley, California, offered his own intimate view of what types of hacks are most common today, and what can be done to defend against them.
Shipley said that malicious hacks can be classified into four categories: disclosure of information, such as theft of credit card numbers; destruction of data, which can be an act of economic terrorism; alteration of data, such as grade fixing; and denial-of-service attacks, including SYN floods and smurfing. The motivation for such attacks ranges from financial to revenge to peer respect, Shipley said.
Shipley and the other panelists for the "Net Hacks and Defenses" discussion attributed the lack of security in computer networks to disbelief, laziness, and overconfidence. Free Web-based email services are a classic example of a network vulnerability, he said.
"All of your Hotmail is readable by the world," said Shipley, introducing the topic of sniffers, one of the fundamental tools used to monitor and intercept data over a network. He then presented a list of protocols that can be exploited using hacking tools: telnet, http, SNMP, SNTP, POP, FTP, and many other baseline standards used to send email, files, and other communications over the Net and computer networks.
"It really works too well," was Shipley's mantra throughout the session, pointing to the fact that hackers routinely take advantage of the same tried-and-true techniques that have brought them so much success in the past.
A good hacker will normally do some research first, to discover anything useful about the nature of the target network. Information can include the type of firewall, networking software, and operating systems in use, as well as host lists, usernames, network connections, and sibling domains.
"Look at all your inbound connectivity and co-developers," Shipley said, explaining that even if a network itself is well protected, there are often peer network connections, such as those at business partners, ISPs, or home modems, that can be used as back doors into a network. "If you want to hack NASA, go to Lockheed and get in through their connections," he suggested.
But some methods are even more straightforward and bold, Shipley said, such as entering an office building to steal something as benign as an employee phone list, or something as guarded as the map of a network's computers and software implementations.
Even easier, he said, are social engineering techniques, where a would-be intruder calls up a network engineer - or someone else with pertinent information - and simply asks what types of software and configurations, or port assignments, are being used in a network. To guard against such attacks, employees at organizations like the National Computer Security Association answer their phones by saying their extension number, or nothing at all.
One audience member was skeptical. "But aren't people more sensitized to [social engineering] now?" the attendee asked.
Shipley answered with an exclamatory "NO," and Dave Del Torto, an software designer with Pretty Good Privacy, said: "People are absolutely pathetic about maintaining security policies, and social engineering is the easiest way in.
"Don't underestimate the value of educating your staff," said Del Torto.
Shipley recently conducted a "war-dialing" experiment and discovered that many networks in the San Francisco Bay Area are wide open to even novice hackers. As featured in the classic cold-war film "Wargames," a wardialer dials thousands of phone numbers looking for a modem's carrier signal. When Shipley found a number at the Oakland Fire Department, he found himself in a position to dispatch fire trucks and access the department's main network. (He subsequently notified them about the problem.) He also found that one of the Bay Area's biggest bookstores had left its ordering database unprotected.
Using Strobe, another popular software program, intruders can scan for open ports on networks, which provide easy entry to networks once they are identified. Once connected to such a network, other software can be used to scan for known vulnerabilities and unpatched security holes, which are common with operating system and security software products.
Vendors such as Microsoft and Sun are constantly posting software fixes to their Web sites to patch vulnerabilities, but it's up to network administrators to keep track of all of the patches they need to implement.
"I love Microsoft," said Charisse Castagnoli, an employee of Internet Security Systems, a company that audits and consults on security-related issues. "The rate at which they produce software, they create a permanent employment opportunity for me. We have a love-hate relationship," she added.
Some operating systems, Shipley said, are easier to compromise than others, and "[Windows] NT is not capable of being anything nearly like a reliable system for the Internet." He recommended that "multiple firewalls" be used if a Windows NT machine is to be used on networks with Internet connections.
But even firewalls have their problems. "Seventy percent of packet filter firewalls are misconfigured," said Castagnoli. "You don't just set them up and walk away. You need to constantly monitor and update them."
In general, the panelists were skeptical about the value of mainstream network security software products. One reason cited was that nobody, aside from the vendors, knows what's behind the GUI.
"You can't trust a system unless you can see the entire inside of it," said PGP's Del Torto. "As a trend, patronize companies that open source code," he advised, and complimented Netscape for doing so with its Navigator browser code.
The panelists recommended several strategies to improve individual user security.
First, a randomized, mixed character-number password kept in a wallet is much more effective than an English word or name committed to memory, panelists said. Several software programs, including Crack, are available for quickly cracking passwords that are dictionary words and common names.
The panelists also recommended cautious users buy a cross-shredding paper shredder and use it on anything that contains personal data. Dumpster-diving is popular sport for data thieves, and a woman in Oakland was recently caught with files on 300 people in the area, with enough information about them to get credit cards and driver's licenses.
Finally, the panel recommended encryption software be used on any sensitive communications or files that a user wouldn't want someone else reading.
The panel also advised that companies allow employees to use company email for personal use, because at least a firewall stands between their email and the open Internet. They estimated that 30,000 people are signing up for free email services every day, and most of those are open to packet sniffers and other monitoring tools that turn such emails into postcards on the Net.
Hacker faces 10-year sentence
By NICK PAPADOPOULOS
A computer hacker who obtained and then circulated the details of
1,200 credit-card holders on to the Internet, after illegally
accessing the files from an Internet Service Provider, faces a
maximum 10-year jail sentence in the Downing Centre District Court
today.
Skeeve Stevens, 27, of Sydney, had initially denied that he was
the "Optik Surfer" responsible for one of Australia's worst
computer security breaches but he later pleaded guilty.
The hacking incident is said to have cost the service provider,
AUSNet, more than $2 million in lost clients and contracts.
At the court yesterday the Crown submitted that Stevens had
"maximised the damage" to both the company and the credit card
holders by contacting journalists after the break-in and other
"publicity-seeking behaviour".
In a statement of facts tendered to the court the Australian
Federal Police said Stevens hacked into AUSNet's computer network
in March 1995, two months after he was refused a job with the
company.
The court heard how Stevens, using the user account and password
details of AUSNet's technical director, altered the company's home
page on April 17, 1995, by prominently displaying a message that
subscriber credit card details had been captured and distributed
on the Internet.
This was followed the next day by an e-mail message created by
Optik Surfer boasting about "this crime of stupidity by AUSNet"
and highlighting the company's lax security.
Stevens faces one count of inserting data into a computer, which
carries a maximum 10-year jail sentence, and eight counts of
unlawful access to computer data. He is likely to be sentenced
today.
February 4, 1998
BRUSSELS, Belgium (AP) --
That's not egg on Bill Gates' face, it's cream.
He was entering a building to meet with Belgian government officials. The Belgian news agency says one person distracted
Gates' attention, while another threw the cream tart. It hit Gates
right in the face, leaving cream all over his glasses.
The news agency says four to five people were involved and had a stack of cakes ready.
The one person who threw a cake got away, but police arrested another person and are questioning a third who filmed the event.
Microsoft said late hursday it will not press charges.
Reuters reported that it as unclear if Noel Godin, a Belgian who has made a
name for himself and a lucrative business out of hurling custard pies
in the faces of the rich and famous, was behind the incident.
Janeiro
Greetings Phrack,
<*>
Today, our group (Urban Ka0s) and several portuguese Hackers attacked
several Indonesian servers, in order to defend East Timor rights!
We are Portuguese Hackers Agaisnt Indonesian Tirany.
"Thix Site Was Haxed & Deleted by PHAiT. This attack is not
against indonesian people but against its government and their
opression towards the republic of timor. These actions were
made to honour and remember all the 250 people killed in Dili
on the 12 november 1991.
As a result all sites belonging to indonesia's goverment were
erased, the rest only had their webpages changed."
East Timor, One People, One Nation
"Whether it is in Tibet or Poland, the Baltics or the
South Pacific, Africa or the Caribbean, it has been shown
that force and repression can never totally suffocate the
reasons underlying the existence of a people: pride in its
own identity, capacity to preserve, without restriction,
everything that identifies it as such, freedom to pass all
this on to future generations, in brief, the right to manage
its own destiny."
Xanana Gusmão
Please inform all ciber citizens of this action.
Our contact is at:
Date: Sat, 13 Dec 1997 12:01:17 -0500
COMPUTERGRAM INTERNATIONAL
The group running The Official Kevin Mitnick web site
(http://www.kevinmitnick.com) has denied it is linked to, or knows who is
behind, the curiously named PANTS/HAGIS Alliance which was allegedly
responsible for the hacking stunt pulled on Yahoo on Tuesday (CI No 3,303).
A spokesperson for the site told Computergram International that although
it appreciates the hackers' interest and enthusiasm in helping Kevin
Mitnick, it would like to distance itself from their activities. The site
creators released this statement: "The charges against Kevin have been
grossly exaggerated and the fact that he's been held three years without
bail makes you wonder what kind of government we have. However, vandalizing
web pages, sending out computer viruses (or threatening to do so) and
writing ransom notes are not methods we condone, suggest or encourage."
However, as a result of the Yahoo stunt and subsequent reporting of it, the
Mitnick site, which explains the charges against Kevin Mitnick and the
conditions in which he is kept, has received more than 37,000 visits.
10/12/97
Here are some more rumors.
It was not DNS related. It seems Yahoo uses a system where different
web browsers are sent to different web servers. Thats why only lynx users
(and maybe users of very old version versions of Netscape) saw the page.
Only the lynx server was affected.
The boxes affected where located in the GlobalCenter data center. They
provide web hosting for Yahoo (and some other very large web sites).
My informant claims that the attack actually came from behind the
firewall via a dialup modem. He claimed that password to a users account
on the machines had been compromissed.
After the web page was modified all types of automatic bells and
whistles went off and they restored from backup in fifteen minutes.
You can view a copy of the hacked homepage at
http://www.clipper.net/~skully/yahoo/
Notice that the page had a link to
http://www.yahoo.com/yahooz-el8-search-engine-src.zip
Wonder it the source code for yahoo's search engine was really
there and if anyone got to download it ;)
Aleph One / aleph1@dfw.net
12/11/97
------- Forwarded Message
Reply-To: Jedi Master shmoe@snip.net
10:34 EDT, Using lynx on www1.yahoo.com and www2.yahoo.com (Dont ask why
graphical browsers dont work.. cuz i aint sure as of yet.)
P4NTZ/H4GiS - W0RLD D0M1N4T10N '97
[INLINE]
For the past month, anyone who has viewed Yahoo's page & used their search engine, now has a logic
bomb/worm implanted deep within their computer.
The worm part of this 'virus,' (in layman's terms) spreads itself across internal networks that the
infected machine is on.
Binary programs are also infected.
On Christmas Day, 1997, the logic bomb part of this 'virus,' will become active, wreaking havoc upon
the entire planet's networks.
The virus can be stopped.
But not by mortals.
An antidote program has been written.
This program is resting somewhere on a computer in the southeastern hemisphere.
The U.S. government will be notified of the precise location of the antidote program upon the
immediate release of Kevin Mitnick.
In the meantime, it would be a wise move on the part of the children of corporate and militant
America to remove all money they have in any financial institutions. One of the many functions of our
virus is that it will cause an acceleration of clocks to the year 2000.
The PANTS/HAGIS alliance has taken control of the world's computers. We own everyone, and everything.
No one is safe. No computer is safe.
Our goal, which we have achieved, is world domination.
The Fail Safe: [From H4G1S, PANTS, and the MLF]
On February 14 1995, Kevin David Mitnick was incarcerated for the sole purpose of furthering the
egomaniacal agenda of the United States secret service (cervix), and the self aggrandizement of both
would be "security expert" Shimomura and has-been media lackey John Markoff.
To commemorate this date and further etch our outrage into the hearts and minds of corporate and
militant America, we have built in a fail safe:
On exactly 01:00 hours February 14, 1997 there will be a nationwide failure of powergrids in
strategic locations. Remember, this will only occur if Kevin David Mitnick is not released and
exonerated of all trumped up charges made against him.
And now, a note from PANTS:
Kevin Mitnick was wrongly jailed for a crime he did not commit. Everyone is well aware of the fact
that Mitnick was *not* behind the attack on Shimomura's computers. Tsutomu Shimomura is a hypocrite,
who is out to make a fast buck & a name for himself. Throughout the entire course of his & John
Markoff's lame excuse for a book, he trashes Mitnick's mocks him for 'not having a life.'
He makes no mention, however, of his own illicit activities with cellular phones.
Mitnick did what he did out of intellectual curiosity, without compromising the hacker ethic. The
goal of Shimomura's activity, however, was merely to listen in on other people's conversations. If
Mitnick doesn't have a life or ethics for checking someone's email for reasons of self
preservation... then what does that say about Shimomura, who eavesdrops on unknowing victims for
recreation?
Shimomura also constantly slams hackers as being 'clueless,' and 'ankle-biters.'
"h3y m1zt3r s3kUr1ty 3xp3rt.. 1ph y00'r3 s0 el8, h0w k0m3 u'r3 alw4yz g3tt1ng 0wn3d by u$
4nkl3b1t3rz?"
Tsutomu is a puppet of an increasingly Orwellian government. He is owned by PANTS & H4G1S. (Not to
mention quite a few other individuals, who shall remain nameless.)
The media hails Tsutomu Shimomura as "cyberspace's top cop."
The media forgets that the policemen of cyberspace are no different than their analog world
counterparts. Which is to say, 99% of the time, they're completely fucking retarded and inept.
After being incarcerated, Mitnick's rights were continually violated. (As they have been in the past.
Refer to Jonathan Littmann's "The Fugitive Game."). Ridiculous things ranging from not being allowed
to use the phone (h3 m1ght wh1$tl3 th3 l4Unch k0d3z & st4rt w0rld w4r 3!@$) to being put in solitary
confinement because the prison officials believed he could turn his walkman radio into a device with
which he could tap their offices. However, not having access to any sort of soldering equipment, and
the fact that being a prisoner means HE IS IN A CELL ALL DAY, this would obviously be quite
impossible. He is also prohibited from using a computer to assist him in researching for his case,
despite the fact that the library computer is not connected to a phone line, or with the outside
world in any other way. This limitation makes the task of defending himself nearly impossible, which
is exactly what they want.
The EFF has, of course, stepped in with their own hypocritical two cents ("Mitnick is an electronic
miscreant," etc, etc). This is no different from their actions in the past.. however, we expected
better from the supposedly libertarian John Perry Barlow. Shows what happens when you listen to the
government & the popular media, I guess...
"You need only reflect that one of the best ways to get yourself a reputation as a dangerous citizen
these days is to go about repeating the very phrases which our founding fathers used in the struggle
for independence."
--Charles A. Beard [LINK]
HAQRZ AGA1NST GEEKZ 1N SN0WSU1T$
------- End of Forwarded Message
12/11/97
-------------
by secretos
[GUL] Workshop de Linux
22/02/97
Subject: [GUL] Workshop de Linux
Sender: owner-gul-iscte@iscte.pt
Reply-To: gul-list@iscte.pt
O Gul propos 'a Camara Municipal de Lisboa integrar a I Workshop de Linux
na sua semana da juventude.
A CML achou interesse no projecto e decidiu apoiar-nos neste evento.
A reter:
Esta componente pra'tica tem como objectivo troca de experiencias e de
conhecimentos.
Arregacemos as mangas e vamos a isto: I Workshop de Linux!
P'lo GUL: Paulo.Trezentos@adetti.iscte.pt Rui.Machado@iscte.pt
http://www.students.iscte.pt/GUL/
------------------------------------------------------------------
Ex-funcionário apaga dados de empresa
04/02/97
A Omega Engineering tem entre os seus clientes a NASA e a Marinha norte-americana.
Internet Hacking For Dummies
10/02/98
From: Anonymous <anon@anon.efga.org>
04/02/97
Subject: File 2--Skeeve Faces 10 Years
Bill Gates hit by cream cake in Brussels
Fevereiro
Web posted at: 5:56 p.m. EST (2256 GMT)
Subject: Urban Ka0s -- 26 Indonesian Servers Haxed
13/12/97
October 5, 1989
-- Urban Ka0s --
http://urbankaos.org
irc: PT-Net irc.urbankaos.org
Computer underground Digest Sun Dec 14, 1997 Volume 9 : Issue 90
From: "Evian S. Sim" evian@escape.com
Subject: File 5--Mitnick Supporters Deny Yahoo Hac
New York, Published: December 15 1997
Issue Number 3311
MITNICK SUPPORTERS DENY YAHOO HACK
Date: Wed, 10 Dec 1997 21:50:52 -0600
From: Aleph One aleph1@dfw.net
Subject: Re: Yahoo hacked
To: BUGTRAQ@NETSPACE.ORG
http://underground.org/
Date: Mon, 8 Dec 1997 19:48:25 -0800
From: Evil Pete shipley@DIS.ORG
Subject: Yahoo's httpd hacked.
To: BUGTRAQ@NETSPACE.ORG
MITNICK LIBERATION FRONT
PANTS
W0RLD D0M1NAT10N '97