What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

THE HAPPY mHACKER - SECURITY FOR THE REST OF US!

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

BROUGHT TO YOU BY M-TECH ONLINE

Need a Mac tech book, quick? We pick'em, you buy'em.
Created in collaboration with Amazon.com
Opening April 15, 2000 - URL in next issue.

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

APRIL 2000 - INTRODUCTORY ISSUE

Good morning kiddies!

Gather 'round the fireplace and crack crack open the beers, White
Wizard Mithra accompanied by black cat hacker extraordinaire
Nikodemus Alexander would like to welcome you to the first
gathering of the Golden Apple Clan.

All Hail Eris!

So you want to learn everything about entering into other's virtual
fortress, and burning Chrome is your lifelong ambition? You feel let
down because your post on alt.2600 asking for a tutor, a mentor in
the Grand Art of cryptoforcing, was not answered?

Have you painfully gathered copies of the red book, the blue book,
the crimson book, and Ol'Buzzard autobiography?

Do you have a whole wall of your room covered with Free Kevin banners
and press clippings?

If so, I'm afraid you took a wrong turn a few miles up the road, and
may be disappointed in the content of this 'zine: For our purpose here
is not to create chaos but to master chaos created. Not to destroy but
to tame. Not to offer scriptkids with more tools and exploits, but to
keep on the edge of what is being done, break it down, analyse it,
understand it and counter it.

Most of all, it's to have some fun, dammit! Life's too short as it is.

If you were expecting something else, accept my apology. This section
is rated A. It's a Zen thing: If you're not already here and now, you
can't come in.

So leave, while it is still possible: We are about to beam the
entire castle back to the planet of Trans... Oops - wrong movie.

[END OF RANT]

Because the Macintosh is renowned for being a fairly secure platform
(at least compared to many operating systems), the Mac community has
for a long time sat on its laurels and orgasmically fondled its big
corporate belly while muttering "It Can't Happen Here..." (funny, I
swear I could clearly hear Frank Zappa's voice in there.)

The power of positive thinking, though, has never changed much as far
as computer security goes. If there is an hole, somewhere, anywhere,
someone will find it and exploit it, for fun or profit.

We have seen that happen on the PC side, and used by certain
companies in low-blow marketing strategies. After all, with large R&D
departments, who is in a better position to reverse engineer and find
vulnerability in a product?

The Mac is solid, be it. This does not mean that it's bullet proof.
There are chinks in the armor, and our sole purpose here will be to
find them out, inspect and close the breach.

I hope that in the process both you and I will learn a lot. I will
select and post questions of general interest, and try to provide
some answers. I will also share with you some insight in current
affairs, and refer you to internet resources I feel are worth
exploring.

A word of warning: Even with over 15 years of Mac AND Internet
experience, I do not hold the horn of plenty knowledge. There is a
lot I don't know, and worse, a lot that I think I know but that may
be wrong. If ever I say something completely asinine, feel free to
let me know, but there is no point in being rude about it. Please be
gentle with me...

The full disclaimer: My name is Pat St-Arnaud. My first Mac was a
Plus, and I started networking before the birth of the WWW. I pay my
rent thanks to generous contributions from the clients my company
advises on all things Macintosh, and from a stipend MacHome Journal
sends me to edit and publish their free eZine, Hot Tips Weekly. Some
suspect me to have written technical research analysis, movie scripts,
and to be responsible for the content of certain Mac magazines' CDs.

I was previously almost killed by a five year contract with the
Canadian Government, investigating frauds and finding people. The
tedium, boredom and illogical constraints of bureaucracy almost got
me! I feel much better now, thank you.

NEXT ISSUE: This is issue 0. We start for real next month with a
brief review of the last decade and conclusions to be drawn. We'll
also look at a backdoor affecting online Filemaker databases and how
to avoid that vulnerability. We will finally look at some really
simple and efficient tricks to increase network security.^

I'm aware that this issue's content is rather flimsy. I hope to flesh
it out in months to come. Expect the Happy mHacker the first of
each month.

Have a good month!
Pat
maceditor@techwork.com

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^
STATS: 1999 loses due to computer crimes: $10 billion
Source: Computer Security Institute estimate,
Note: Only 1/4 of companies report computer crimes.
<http://www.latimes.com/business/20000322/t000027053.html>

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

MORE CREDIT CARDS PROMENADES COVERED

485,000 credit cards numbers stolen in Jan 1999 from an e-commerce
site were secretly stored in a database on a U.S. government agency's
Web site!

You have to appreciate the humour!

<http://www.msnbc.com/news/382561.asp>

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

... AND FOR SOME, EASY A PIE!

"Just hit 'update account' and you get the form as filled in by
customers..."

Some CGI vendors seem rather clueless about minimal transaction
security...

<http://www.theregister.co.uk/000324-000017.html>

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^
STATS: Credit-card fraud, worldwide: $1 billon/year.

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

WHEN IS A BACKUP VAPOURTRAIL?

Northwest Airlines had to cancel about 130 flights during a 3.5-hour
outage at their Twin Cities hub, as contractor bored into the cable
cluster containing BOTH main and redundant fibre lines. A reminder
about the difference between backup and archive - or redundancy vs
nothing at all...

<http://www.computerworld.com/home/print.nsf/CWFlash/000322CBDE>

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

SSL (SECURE SOCKETS LAYER) BITZ

SSL is a protocol that allows public key encrypted traffic
between a Web server and client.

There is no special relationship between SSL and credit cards.
SSL does not provide for credit card processing in any way; it
merely encrypts data during transit.

Data output one the local side of the secure server is not encrypted.
The only difference in operation between secure and regular Web
servers
is that nph- scripts cannot be used with the secure server because of
the special negotiations involved with SSL.

To provide minimal security, secure data should be re-encrypted
once received from the secure server. Few take this precaution.

Pair networks wrote the full primer.
Consider using their services as host: They're good.
<http://support.pair.com/config/ssl.html>

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

CHEAP EDUCATION

If you want to polish your network skills, or simply learn
new and extra ones, Nortel Networks has a WHOLE bunch
of PowerPoint and Acrobat training files one the web.

Follow the links for certification courses. Although
mostly addressing their own products, some are generic
enough to be great reference sources.

<http://www.nortel.com>

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

NEWEST TROJANS LOCATED ON HOTLINE SERVERS
Source: Posting by ³Late R.²
NG: Some of these may mimic valid files.

Hotline IP Spoofer.sit - 15.7 KB
InfiniD4Demokrack.sit
LOGIC AUDIO 2.6.6 [k].sit
Media 100 4.0p2 XS [RealK]
Photoshop 5.0 Tryout [k] Note: Version [k] by Codeman OK.
AllAdvantage 1.0b20 [k] Note: Version [k]'d by iconoclast OK
MacOS 8.5.1 Chooser Update
C&N August 1998.sit
Blue-box-invoices-12.hqx
Corel KnockOut.sit [3.1 Meg]
DiskTop 5.1.sea
QuarkImmedia 1.5.img - 5705k

I suggest opening any dubious file uploaded to your server with
ResEdit or Resorcerer to have a peek at the codes before
any double-click happens.

Trust no one! Many malicious Trojan are very well disguised - as a
ReadMe or Doc application files, for instance.

 

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^

12 STEPS PROGRAM OF RECOVERY FOR WEB ADDICTS
Source: Unknown Netizen

1) I will have a cup of coffee in the morning and read my newspaper
like I used to, before the Web.
2) I will eat breakfast with a knife and fork and not with one hand
typing.
3) I will get dressed before noon.
4) I will make an attempt to clean the house, wash clothes, and
plan dinner before even thinking of the Web.
5) I will sit down and write a letter to those unfortunate few
friends and family that are Web-deprived.
6) I will call someone on the phone who I cannot contact via the
Web.
7) I will read a book...if I still remember how.
8) I will listen to those around me and their needs and stop
telling them to turn the TV down so I can hear the music on the Web.
9) I will not be tempted during TV commercials to check for email.
10) I will try and get out of the house at least once a week, if it
is necessary or not.
11) I will remember that my bank is not forgiving if I forget to
balance my checkbook because I was too busy on the Web.
12) Last, but not least, I will remember that I must go to bed
sometime ... and the Web will always be there tomorrow!

~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^~~~^^^
This is a list devoted to *legal* hacking! If anyone plans to use any
information in this Digest or at our Web site to commit crime, go
away! We like to put computer criminals behind bars where they belong!

 

 © 2013 Happy Hacker All rights reserved.