Carolyn's most popular book, in 4th edition now!
For advanced hacker studies, read Carolyn's
Windows Edition, March 2000
See the Happy Hacker web site at http://www.happyhacker.org
Your local firewall blocks you? Try http://happyhacker.org
PART 1Opening Comments
- URL's
- A lesson hard learned
- Need to be a bit more PROactive??? (Project plan in a box)
- Excel 97 Easter Egg (amaze your friends!)
- Application Gateways and Stateful Inspection
- Part 1 of securing Windows NT through the use of your registry editor. (Applies to NT4 only)
- Reader Submissions
- Closing Comments (included answer to the ever prevalent EverQuest under Win2K question)
Opening Comments Ok so I managed to pull myself away from this latest online craze "EverQuest" to bring you another HHWD. I would like to thank everybody for their creative input and e-mail submissions, it was certainly encouraging for me to open up the mail box and have messages overflowing onto my desktop (Yep I felt special!). There has been a lot of publicity lately to the recent rash of Distributed Denial of Service Attacks. I considered addressing much of this from a hacker's perspective (read: Hacker not Cracker) but as I should have it both Caroly Meinel and John Vranesevich released articles earlier in February. With such great articles I thought I would just link to them rather than sound like a broken record, after all it is much better to work smarter than it is to work harder. On another note, you might notice that Carolyn has updated some of the content on the Happy Hacker Web Site. She has even been kind enough to tease us with a chapter on social engineering in her upcoming book "Uberhacker". I will admit I came under some heavy fire from people who took offense to my description of organized hacker groups such as (GfH, LoU, etc). I will re-iterate that not all organized hacker organizations are unskilled individuals with a lust for nothing but destruction. I belong to a JAVA users group here in Las Vegas (Oh no here come the flames!) and I would certainly categorize this as a group of computer hackers that have a fondness for JAVA in common. I'm simply reinforcing the fact that you don't need to join some "31337 H@x0r Group" to be a hacker. Using the simple information and tools provided to you through the web one can mold themselves into the essence of a true hacker by sharpening their skills and building rather than destroying. It's important to note that I still hold firm to my perception of certain hacking groups despite the flaming e-mails I receive. URL's Hacker Insurance??? Ludicrous you say? Perhaps not. http://www.pcworld.com/pcwtoday/article/0,1510,15415,00.html SEC to hire 60 "cybercops" http://www.timesofindia.com/200200/20info4.htm What is all this DoS stuff I'm hearing about??? This is a great article by Carolyn Meinel detailing some very useful information regarding Denial of Service. http://www.antionline.com/cgi-bin/News?type=antionline&date=02-07-2000&story=dos2.news Microsoft to make Windows 2000 a "stable OS", that's what they say.. http://www.computerworld.com/home/print.nsf/CWFlash/000204E6E2 Users encouraged to self certify applications under Windows 2000. http://www.computerworld.com/home/print.nsf/CWFlash/000204E6F6 A Lesson Hard Learned What many of us would consider common sense is not always common sense to everybody. I received an E-mail from a friend who I introduced to Linux which had a subject line of "Help I've Been HACKED!." As I read on I learn that he had just finished a complete semi-secure installation of his favorite version of Linux. This doesn't seem like much of a task but to properly configure a Linux workstation that is going to be connected to the Internet, install all relevant vendor patches, manually scour the box for known security holes, and finally reach a comfort level takes a considerable amount of time regardless how great a Uberhacker you may be. It is not uncommon for me to spend 40 + hours applying all of my knowledge to perfect, to the best of my ability a workstation or server being placed on a dedicated leased line. Couple his experimentation with certain third party software packages, busy work schedule, and the pride he takes in his work, this fresh and ready to go box was an accomplishment for him. He was so excited to finally be able to hook this box up to the Internet and take it for a test drive with a reasonable level of security to ease his conscious. He placed the Linux machine onto the Internet enjoyed a few rewarding moments and headed off for bed. He awakes Saturday morning to find his install completely wrecked. It probably took only a few keystrokes for somebody to undo everything he had spent countless hours doing. His box was in utter shambles and the OS in such a wrecked state it was useless. My initial thought was well if the machine won't even boot lets forget trying to repair it and focus our attention on catching the person responsible. He had already sent a couple of e-mails to his ISP with no response and decided to solicit my involvement. I e-mailed his ISP soliciting their cooperation in tracking down the intruder. After all I would think any ISP would be willing to help if they knew a ruthless cracker was riding their backbone. Below is the original E-mail with the name of the ISP removed to protect their identity that was received by me in response to my request for cooperation. Dear Greggory, ABC is always willing to cooperate with law enforcement when it concerns network abuse. Before we could release any information, there would need to be a court order issued. The FBI would know the proper steps to take to obtain the proper information. I could determine who penetrated Mr. Smiths computer if the attack originated from the ABC network. If you sent me the system logs showing where and when the attack occurred I could track it back to the person responsible. I would then take the proper action against the person responsible according to ABC's policies. ABC's Acceptable Use Policy (APU) prohibits abusive or illegal conduct on our network - or the networks of our customers. We investigate all complaints, and if it is determined that conduct contrary to our AUP has taken place, appropriate action will be taken per our AUP and Terms of Service. Please include full headers when reporting Abuse or USENET articles; we will require this information. This information should include the Internet Protocol address and the date and time the message was sent. This information is very important in determining the account from which the message originated. Please address reports about ABC.NET users to abuse@abc.net. Please include timestamps and your time zone if you are forwarding copies of system logs. We take network abuse seriously, and will respond quickly to address security and abuse incidents on our network. You are invited to view our AUP at the address below. http://www.abc.net/policy/use.shtml John ABC, a ACME Company Abuse Department abuse@abc.net