001 10000 _ _ __ __ _ _ 0011100 _ __ __| | __ _ __ | '_ \ / _ \\ \ /\ / /100 110 | __|/ _ | / _ \| ' _| | | | || __/ \ v v /000 001 | | | |_| || __/| | |_| |_| \___| \_/\_/10100 00110|_| \__'_| \___||_| 00000110101box.sk -= newOrder.box.sk newsletter =- supporting and strengthening the community = ----------------------------------------------------------------------- = | issue: 00001011 June 21, 2005 | = ----------------------------------------------------------------------- = The newOrder newsletter is published by the newOrder staff with the help of many contributors. To register and subscribe to this newsletter visit http://neworder.box.sk -[ 0x00 . Contents ]------------------------------------------------------- 0x01 Newsletter Intro 0x02 Site Update - Article Review - Project Update and Review 0x03 Security Review - Exploits and the Community - Vulnerability Focus - ANI File Parsing Buffer Overfl0wz 0x04 News Review - What the Hack? - Gary Mckinnon 0x05 Box Talk - A Review of Code.box.sk - Innovation and Our Community 0x06 NewOrder Extra - Data's Cryptographic Challenge - Resolution's Rant - Elite Torrents - From the Toolbox - Hands Up! Put Down the Keyboard! - The Problem of Phishing - Who is Richer? 0x07 Newsletter Outro -[ 0x01 . Newsletter Intro ]----------------------------------------------- Welcome to the eleventh newOrder newsletter. In present and future issues, we will be providing you with site updates, views on security, and community news. We've also added some fun with the newOrder extra section, in which you'll find Data's cryptographic challenge, Resolution's Rant, and contributed articles from the community. We hope you enjoy! -[ 0x02 . Site Update ]---------------------------------------------------- Wow, the big word around newOrder seems to be "change". Mirrorshades announced it, it has been hailed by the community and now we're here to tell you about it. We've seen the Off-Topic board come and go, the gallery is no more, Cereal has started work on edge V2, there is a new projects section on the site, and we have a new newsletter. Progress is slow, but it's steady and we are glad you are a part of it. Now, doing away with the gallery and the Off-Topic board were both controversial moves by the staff, but they were also deliberate moves made for the betterment of the community. They are moves that will help us focus on more important issues. I mean who wants to spend time talking about the latest Knicks game when they could be talking about the latest vulnerability and it's implications on our community, or the weaknesses in popular vending machines, or how to implement ekskavaator's wireless hack on their wireless network? Some of these changes are not yet visible to the users. Someone has been busy in the background working on Edge V2. The staff, led by Cereal, decided it was time to overhaul our old beloved Edge Engine - which has matured with newOrder since 1996! This overhaul of the Edge Engine would help the community focus on learning and allow for better maintainability. Some new features that Cereal has been working are it's modular design from the base up, the use of the ADOdb Database Abstraction Library, template support via the Smarty template engine, and caching (caching of SQL queries, templates, user settings etc.). Before we close this update, we need to mention the project section. This new addition to the newOrder site provides a medium that allows members of the community to share any projects that they may be working on. If you've got something you consume your time with, then please share it - we want to know what it is! ---[ Article Review ] Multimedia Law, Out of the box, By m4tt on Jun 10 2005. The author writes on how existing laws protect copyright owners and how the rise of piracy has affected the Audio Visual Sector. As a result a variety of stringent laws have been put in place to check piracy. He further describes on why the Multimedia industry may not be completely free from piracy but a good way to control piracy is to have law enforcement agencies concentrate on the individuals themselves that are ripping and distributing the files across these networks. Read full The Effect of the P.A.T.R.I.O.T. Act, Out of the box, By teddy on Jun 09 2005. The author describes on how the events that followed September 11th, 2001 had changed the way how security was viewed and handled in U.S.A. With resepect to this he discusses how the PATRIOT Act came into effect and how it violates the fundamental right of liberty guaranteed by the constitution. It is a good discussion on what the Act states and the imminent problems revolving it. Read full Abusing .CTORS and .DTORS for fun 'n profit, Articles -> Security, By izik on Jun 07 2005. izik writes:"This paper talks about glibc initialization framework and how aBusive constructors and destructors can be. A quick analysis of how ordinary ELF executable that been compiled using gcc and linked against glibc is been loaded and executed. Also a practical example of abusive constructors, an Anti-Debugging that been implemented within a constructor that puts up a nice fight." Read full Case of a wireless hack, Articles -> Networking, By ekskavaator on May 27 2005. ekskavaator writes:"This article describes two methods of gaining access to a particular wireless network. First, spoofing MAC address is explained (together with sniffing suitable MAC addresses). Secondly, a bit more interesting ICMP tunnel is set up to provide transparent network access for user applications - all network-enabled programs should work 'out of the box' with the tunnel. Details and explanations about various steps of the process (finding and hacking together some programs for a custom tool, figuring out the right setups for the tunnel endpoints) are provided." Read full A Simple File Hash Utility, Articles -> Software, By stand__sure on May 24 2005. The author's emphasis is on using one-way hash functions to commit the authenticity of a given piece of text/file. This way we can detect if downloads have been replaced with malicious code by crackers and other mischief mongers. He picks Message Digest 5 and Secure Hash Algorithm-1 to illustrate the objective. Read full A Geek Behind the Guns, Boxster's Lifestyle, By nabiy on May 19 2005. This is a true story by a fellow boxster who suddenly finds himself leading a computer forensic unit and his race against time to provide valuable information that would lead to the capture of three dangerous criminals. The article is nothing short of a thriller and reveals the tremendous hard work and dedication by this forensic expert. Watch out for best sellers by this author. Read full HOWTO: Configure VPN Access to a System with One Interface, HOW-TO -> Windows, By s0journist on Mar 22 2005. s0journist writes:"This article will discuss how to configure a VPN solution from any Internet client to a single Windows machine. VPN servers typically route traffic onto an internal subnet, requiring one interface for WAN and one interface for the LAN". Read full Applications to Chinese Remainder Theorem, Articles -> Encryption, By data on Mar 21 2005. The author describes two applications to the Chinese Remainder Theorem, one as a k-threshold scheme to secret sharing, where in it is not possible to retrieve the secret if the number of participants is below a given threshold. The other application is to an RSA variant called Rebalanced RSA-CRT where decryption is at least three times faster than standard RSA and is useful for hand held devices whose life is limited by its battery. Read full Password Cracking and Time-Memory Trade Off, Articles -> Security, By xxloginxx on Mar 13 2005. The most common way to authenticate passwords, be it for e-mail or other network logins is to compare the hashes. This makes it reasonably interesting to try and crack them in good time. With the tremendous increase in processor power and memory storage, its possible to create reverse lookup tables for hashes and deduce the password. This article is all about the time-memory tradeoff's involved in it. Read full Governing the Internet, Articles, By l0gic on Mar 07 2005. The author speaks on the authorities working 'behind the scenes' that makes Internet a reality. To name a few, The Internet Assigned Numbers Authority (IANA), Internet Corporation for Assigned Names and Numbers (ICANN) and Regional Internet Registries (RIRs). It is a good read and provides useful information on how the Internet works behind the average users desktop. Read full Tutorial in Brainfuck Programming, Articles -> Programming, By omin0us on Feb 10 2005. Like many popular programming languages Brainfuck is also Turing complete, i.e. it is as powerful as the Universal Turing Machine. The language only consists of 8 operators and yet with the 8 operators, we can write any program we can think of. Any one interested in automata theory and formal languages would like to try their hand on this particular programming language. Read full Change, Boxster's Lifestyle, By Mirrorshades on Feb 10 2005. Mirrorshade writes: "Change, as they say, is inevitable -- try though we may to keep things the same forever, it is not to be. Change happens whether you are ready for it or not. NewOrder has changed. Slowly and gradually, we as a community have become very different than we were just a few short years ago. The change has been subtle, almost invisible to someone watching a day at a time. But it has happened, and it is not for the better." Read full DNS: Common Abuses, Articles -> Networking, By Luminaire on 05 Feb 2005. To start with, the author briefly covers the advantage of DNS over the earlier hosts.txt files and talks about the dangers of zone transfers with access control, spoofs, redirects and ARP cache poisoning. The reader is encouraged to stay ahead by patching vulnerabilities and monitoring the load and type of requests made to the DNS server. Read full Cisco Unity (Cisco's voicemail system for VoIP), Articles -> Security, By bagel on Jan 17 2005. bagel writes:"This is a quick overview of the Cisco Unity system. There is ALOT to learn about this system and is worth looking into. I guess this kinda brings breaking into VMB's and such to a new level, since its VoIP and its rich in features." ---[ Project Update and Review ] Slut-Box Project leader: ekskavaator Homepage: http://p6drad-teel.net/~windo/slut-box/ Description: Slut-box is a network-accessible box for everyone to compromise. It offers a (barely) real-life server in a (barely) believable configuration - whatever can be set up in a few of hours. The OS and the configuration change from time to time, so it might be worth to visit slut-box more than once. -Presently running Slackware 7.1. -Present status: No one has scored. Ekskavaator's comments:"I have seen quite a few pretty interesting attempts at it (brute force, some local vulnerability scanners after I left the sniffer logs laying around). But noting entirely successful." MD5 Reverse Lookup Database Project leader: xxloginxx Homepage: http://www.md5lookup.com Description: Utilizing the theory of Time-Memory Tradeoff, and applying it to password cracking, MD5 hashes are broken in under 20 Milliseconds. The database, sources, and a laundry list of code projects that individuals can create/modify are available for download. Change log: http://www.md5lookup.com/changelog.txt Project Leader: xxloginxx., Technical Advisor: Skudd (1) Note: This database was built utilizing the RFC compliant, unsalted algorithm. And was started on January 1st, 2005. (2) Note: This database is under construction, and will only break 1-4 length as of right now. Please check the Database Details page for the progress report. Latest News: The 4 Length process is finished. The 5-length process was started on 6th June,2005. It should be done within a week. Gizmo project leader: izik homepage: http://www.tty64.org description: gizmo is an ELF protector that allows you to insert shellcodes into ELF executables. The shellcode will be executed prior to the program itself. It includes anti-debugging and ELF encryption features. Ghost project leader: izik homepage: http://www.tty64.org description: GhostProxy is an anonymous surfing tool. It acts as a single proxy/gateway to tunnel requests in and out of your favorite browser. -[ 0x03 . Security Review ]------------------------------------------------ ---[ Exploits and the Community . by xXloginXx ] It seems that not only are exploits in mainstream software becoming more commonplace, but the inevitable worms, trojans, and virii that result from them are becoming more precisively destructive as well. In summary, here are a few exploits, that emerged over the past year or so, that had impact on the Internet community. // 2004 - Apache 2.0.52 Remote DoS Exploit - This exploit, being extremely low profile, made it's emergence shortly after the latest release (2.0.52) went mainstream on almost every distro that usually includes apache. It's effectiveness seemed often overlooked and It's impact went on barely noticed. I've tested this exploit and it works. It brought one of my high-end webservers to a screetching halt in under 3 minutes. Such a powerful exploit, yet so dangerous to use. URL: http://www.http://neworder.box.sk/explread.php?newsid=12905 // 2004 - PHPbb Highlight Exploit (evolving into Santy.A) - The santy worm has gained a shortlived, but borderline notorious reputation. It literally defaced thousands, if not hundreds of thousands, PHPbb forums around the planet during it's lifespan. Utilizing google's searching ability to find victims, it gave true meaning to the name "worm". The exploit itself involved nothing more than the manipulation of an un-sanitized variable, "highlight". That if crafted correctly, would allow the remote execution of programs with the privileges of the web server daemon. I personally, have tested this exploit, and It works...cough, cough, very well. URL: http://awarenetwork.org/home/.rants/05-16-2005.11.01/hump.py URL: http://neworder.box.sk/explread.php?newsid=13012 // 2005 - Linux Kernel v2.6.10 Remote DoS Exploit - This exploit passed under the radar, just as the apache DoS had. It posed little threat to most clients, but relatively any new server being built around the time of it's (the exploits) release would be sporting the 2.6.10 kernel for a while, as 2.6.11 wasn't due for some time. This exploit is not an easy one to get working, but I've found it effective on a few "choice" distros. Not only does this exploit bring a server to it's knees, but on a few occasions my test server kernel halted. I'm glad this exploit didn't gain popularity quickly. Nothing but trouble could have resulted from it. URL: http://neworder.box.sk/explread.php?newsid=13429 // 2005 - Linux Kernel <= v2.6.10 Local Privilege Escalation Exploit - This exploit is one to take notice too. Not only will it get you root, but it'll get you root on practically all v2.6 kernel boxes out there. Keep this exploit in your toolbox. I've personally run across a few systems with that were comprimised utilizing this exploit. It's safe to say it's in widespread use right now. If you are running an older version of the 2.6 kernel, I would suggest patching, or upgrading to the latest release (2.6.11 or higher). I've tested this exploit, but only on a few occasion was I actually able to get root. There are alot of factors involved in this exploit that need to be "tweaked" for each distro. URL: http://neworder.box.sk/explread.php?newsid=13273 // As always, run the lastest versions and keep an eye on vulnerability reports. ---[ Vulnerability Focus . by Krellor ] Release date: 2005-06-06 Exploit type: Remote spoofing exploit. Status: Un-patched Affected software: Mozilla 1.7.X, Mozilla Firefox 1.X, and possibly related browsers such as Netscape. Implementation: The exploit would allow malicious web sites to inject code into other browser frames viewing trusted websites. This would allow code to be ran through these "trusted" frames that would otherwise be blocked by the browser. Originally fixed seven years ago this vulnerability was re-introduced into modern browsers and is a perfect example of how the history of the internet repeats itself. Normally when a vulnerability is discovered a few exploit tools are created and are then swiftly made obsolete by the latest patch. This however, provides a good example of why exploits, though old, should not always fade into internet oblivion. Often times these old exploits end up being re-introduced into new generation software for a variety of reasons including poor management over recycling code, not checking for old vulnerabilities in new code, and poor development planning leading to rushed projects. In the end the responsibility over security should not rest with the software developers, but with the individual users. Sadly however most people don't make the slightest effort to educate themselves on the risks of the internet and how to prevent them. In this case it is as simple as not viewing a trusted site while browsing on un-trusted networks, making the vulnerability only as dangerous as the users lets it become. Scarily, that can be quite dangerous. If nothing else this re-discovered vulnerability should serve as a reminder to people that just because they patched their system does not mean it is safe to act recklessly online. If people were to rely on their own behavior rather then on the latest patch, the internet would be a safer place all around. The following website has a test to identify if your browser is affected by this vulnerability: http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/. Original CVE reference: CAN-2004-0718. Link to original description: http://secunia.com/advisories/11978/ Link to current exploit description: http://secunia.com/advisories/15601/ More information found at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718. ---[ ANI File Parsing Buffer Overfl0wz ] i ANI files are RIFF (Resource Interchange File Format) files, and n We'll have to fill you in on some of the format specifications. f No worries, We will not go into detail here, because technical o details of the RIF format do not interest the exploiter at all. An RIFF file is organized in so-called chunks. A chunk is the most simple data management structure you can imagine. Each chunk starts with an 8-byte header containing an identifier and the size of the chunk. struct CHUNK_HEADER { char identifier[4]; unsigned long size; }; The identifier is a printable ASCII string (usually all uppercase, Win32 API style) and the size variable contains the size of the chunk data, not including the header size. What follows is data - and it was already said that we shall not go into detail. You need to know that a chunk can have sub-chunks which are embedded in the chunk data. Also, an RIFF file itself is one big chunk with the identifier string 0x46464952 - "RIFF". Alright. What's an ANI file exactly? An ANI File is this, plus some more data that we are not interested in: 52 49 46 46 F0 11 00 00 R I F F . . . . 41 43 4F 4E 61 6E 69 68 A C O N a n i h 24 00 00 00 24 00 00 00 $ . . . $ . . . 02 00 00 00 02 00 00 00 . . . . . . . . 00 00 00 00 00 00 00 00 . . . . . . . . 00 00 00 00 00 00 00 00 . . . . . . . . 0A 00 00 00 03 00 00 00 . . . . . . . . w00t the. Yeah its all quite easy - look. We have the RIFF string, then it tells you that this file is 0x000011F0 = 4592 bytes (little endian!) in total. What comes next is an ACON tag directly followed by the animation header chunk. It's the size of the "anih" chunk that triggers the overflow. An animation header is usually 0x24 bytes in length, and user32.dll has a static buffer of exactly 0x24 bytes on the stack, prepared to receive a proper animation header structure. Out of its strong and unwavering faith in mankind however, user32.dll passes the DWORD it reads after anih to a memcpy call and gets gangraped by 32 renegade bits in EIP as soon as it tries to return. We assume that every windows system out there is patched and buffer overflows have been covered over and over so many times, We don't feel like implementing an exploit here. So if you want c0de, here is the official exploit: http://neworder.box.sk/explread.php?newsid=13123 The code is fairly simple - therefore, we also rather want to talk about why we chose to present this little vuln from earlier this year and not one of the *nix kernel vulnerabilities. The reason is, client vulnerabilities are on the rise - and even more importantly, they are being drastically underestimated by corporates. "We have a firewall. We are safe." - but guess what, you get stabbed in the back by internet explorer when you least expect it. Even worse, it could be your email client, your telnet client. Speak of the devil, can you figure why blatant buffer overflows in several telnet apps, including the BSD client, were discovered so very late in 05? True. That is because the era of server vulnerabilities is over, client vulnerabilities are like a virgin target. Well, not really virgin any more - but still one hell of a hot bitch. Having some kind of account, no matter if it is low-privileged or not, on a workstation somewhere inside a large corporate network is just as good as a low-privileged account on the server (which used to be the primary attack vector for years). From here you can jump to other machines on the network, collect information, map out the entire internal structure, probably steal passwords and ultimately get whatever info you are looking for. So - don't underestimate the impact of a vulnerable client. It is not only as dangerous as a vulnerable server, it is, on top of that, much more difficult to keep an eye on. We have seen a lot of file parsing client vulnerabilities in win32, and those are particularly sweet when you consider the size of good windows shellcode. For instance, you can put as many bytes into the ANI file as you want, but you might only have 300 bytes when poking a format string vulnerability in IIS. Linux clients use bloated UI software as well as windows clients do, tons of Firefox vulns have been discovered this year which could have compromised *nix clients just as much as a win32 machine. And that's the whole point we want to bring across - research, consider and prepare for client side vulnerabilities. -[ 0x04 . News Review ]---------------------------------------------------- VeriSign now has official control over .net domains for the next six years. ICANN granted them the contract over four other competing bids. Our question is this, has ICANN forgotten the Site Finder debacle? If they abused our trust for commercial gain then, why would ICANN allow them to operate .net for the next six years? And wasn't ICANN founded to breakup a monopoly? Some cool news, the US confirmed the existence of the Joint Functional Component Command for Network Warfare, 'the world's most formidable hacker posse'. Ya think this was in response to North Korea's disclosure that it was prepared for a cyber war with over 600 hackers? Does Uncle Sam pwn u? Interesting hacks that caught our attention, MSN in South Korea got hacked because they forgot to apply their security patch - it happens to the best. David Sternberg pulled a mission impossible for an estimated NIS 400,000 and got sixteen months in prison for his efforts. Finally, Paris Hilton's sidekick was hacked and Fred Durst of Limp Bizkit lost his p0rn ; ) And now for some sad news, Phrack announced the end of 'a glorious era' with their final call for papers for the last issue. Twenty years of by the community, for the community and now it's bye-bye community. So we lost Phrack, the torrent community lost SuprNova, and Apple is switching to Intel. Want some silver lining? we've got something new to read (h0no2 was released earlier this month). Finally, some news that hits close to home, [RaFa], a retired member of the newOrder staff, was arrested in April for illegally accessing a private government computer and causing intentional damage to a protected computer (he allegedly defaced their website). The newOrder Staff would like to wish him the best in his current legal situation. ---[ What the Hack? ] Some of you may have been aware of the "What the Hack" debacle a couple of weeks ago.....you may ask if its the one about the paranoid mayor fearing for public safety?? Yeah, thats the one! What the hack is an outdoor hacker conference that is held in the south of The Netherlands every four years. Originally formed from a collective centered around a small hacker magazine Hack-Tic, this years event was due to start on the 28th July until it became the centre of some major controversy: http://www.theregister.co.uk/2005/05/23/what_the_hack/ As a neworder member you may have already been acquainted with Rattle's post in the forums: neworder.box.sk/forum.php?did=multSecurity%20and%20Networking&thread=222273 This post first detailed the fact that What the hack faced a ban by the local council. The Mayor of Boxtel (the mayor of town in which the venue was situated) had forced the organisers of What the hack to seek a permit for the event to take place citing "fear of breaches of law and order and danger to public safety". As many of the people on the forums had thought, I was flabbegasted as to the sheer bravado of this dutch chap, how can a collection of geeks "endanger public safety"? All I could think of was that 3000 geeks in one place would only be able to turn away the surrounding women in the 50 mile radius! :) The comp.sec. community been under much pressure from corporations and the media for years now, this incident adding to the many stories we hear everyday. It seems that many of these incidents are caused by sheer ignorance, intolerance to an ever-evolving genre that has been given a bad name, ever heard of the parent who could told you that if your kid played Quake that made him a hacker?! Dont worry though, the international comp. sec. community came to the rescue of the conference; sending messages to the mayor's office, namely "Bits Of Freedom" (a dutch computer privacy and civil rights organization) which resulted in the following statement to be released on the Boxtel website: "Additional information regarding the event has made the mayor decide to look favourably at the application for a permit" What the hack have been told informally that they will have the permit, showing us all the real power of the people. Additional Information can be found: http://www.whatthehack.org/news/resolveuid/200730dd4c135ac55d96787112586cb3 http://www.whatthehack.org/news/resolveuid/b3c6a4f5579c25ca5709a19d6fef28cc Are you going to What the hack? Do you want to write an article on your experiences, things that happened and inform the rest of the community about an _outside_ event while they stay glued to their computer screens? If you do then dont hesitate to contact any of the Neworder Mods or Admins, such a contribution would be very welcome! ---[ Gary Mckinnon ] The "Biggest military computer hack of all time" explained. Again, this topic has raised a number of Neworders members' eyebrows. The so called "Biggest military computer hack of all time" was pulled off by one Gary McKinnon of Wood Green, London. Gary Mckinnon is currently facing extradition to attend hearings in US courts. McKinnon (A.K.A Solo) was indicted by the American authorities in November 2002 by a Federal Grand Jury over eight computer crime offences, allegedly gaining unauthorised access to over 90 US Military computer systems. These Military computer systems consisted of NSA, US Army, US Airforce and the US Navy, servers otherwise thought of to be overly competent at restricting authorised access. The main point of discussion on this subject was whether McKinnon should be extradited to the United State to face trial under US law. Many people on the Neworder forums had voiced their displeasure at the apparent arrogance of the US Government for wanting to bring this criminal to justice. The discussion can be found here: http://neworder.box.sk/forum.php?did=multTech%20Talk&thread=222969 WHY SHOULDNT HE BE EXTRADITED? Personally speaking, I think McKinnon should be extradited. We are led to believe that he was seeking proof of a UFO coverup by the US government but in truth we will never really know. We we do know that he deleted some 1300 user accounts on the machines, he was surprised at how long it took the authorities to find him and it looks like he found no information on the cover-up he was trying to uncover. As one Neworder member; Krellor puts it: "It sounds like he was hunting for attention more than aliens." McKinnon certainly smacks of effort. BUT HE'S FACING 70 YEARS IN PRISON IF HE IS EXTRADITED! This again seems to be pure fabrication. If KmKinnon was to be found guilty and extradited, he would stand to face a maximum of five years in prison and a $250,000 fine. This seems to be a massive let off for McKinnon and I think that its sheer geography that may have gotten him off so lightly. We have all heard about how the media castigated Kevin Mitnick, perhaps this is one mans attempt at making a name for himself, whether it be good or bad. If McKinnon goes unpunished, whats saying that it wont lead a way to bigger and better hacks, affecting more and more people? Who knows in what way such a hack could affect someone?, we may not know until it happens. More information: http://digital-lifestyles.info/display_page.asp?section=business&id=2293 http://www.spy.org.uk/freegary/ -[ 0x05 . Box Talk ]-------------------------------------------------------- ---[ A Review of Code.box.sk . by stand__sure ] Code ( http://code.box.sk ) is a sister site to NewOrder that focuses on programming. We host forums on C and C++, Java, Perl, PHP, Assembly, Visual Basic, C# .NET, and VB .NET and pride ourselves on helping our users find workable answers to their questions. Code is a “Grey Hat” site. Our forums cover the whole gamut of programming and off-topic issues. Some of our recent forum topics have included: "How do you modify running code?"; "How do you implement context-sensitive help?"; "System hibernation"; "Socket programming"; "PHP Templates"; ".NET Generics"; "Remoting Lifetimes"; "Secure Strings"; "Virtual Strip Searches"; "The meaning of the number '666'". Our articles section is fairly active. In late April, we introduced a /What's Wrong With This Code/ series that has proven extremely popular - problems have ranged from a C++ STL application to parse BrainFuck code to input validation and switch/case issues in VB.NET to MySql query issues in PHP code. This month, we resurrected our /Programming Challenges/ with a "Sieve of Eratosthenes" challenge. Like NewOrder, code features an expansive links section. At present, we have 1,812 entries in our database. Some sample topics include: "How to Use 64-bit Integers Under Win32"; "Introduction to Data Modeling"; "C# and VB.NET Comparison Cheat Sheet"; "AVL Tree Demo"; etc Our staff includes a user who has worked on the Microsoft Visual Studio Development Team, a JAVA aficionado, a VB .NET programmer, a C# .NET programmer, several computer science undergraduate and graduate students, a C++ guru, *nix developers, and one "corporate felon." We are a quiet little site, but would love to help you when you get stuck and would also love for you to become a regular contributor. ---[ A View on our Community . by zwanderer ] Are we innovative? If so - what drives us to innovate? Genius ideas are almost always conceived by one person. Plato, Einstein, Pollock, Heissenberg, Gates - all of them have created something truly brilliant (though not always lasting), and they did it more or less alone. Scientists have proved that great ideas produce sparks in our brains - the aha-moment if you will. But if we get ideas by sitting alone - why are we all here? Why are 50.000 users visiting this site - if they might just as well sit on their own, and wait for that neuron spark? One thing is ideas, those aren't conceived in groups - but they are perfected, implemented, and revised through the interaction of peers, friends, colleagues, and indeed also by enemies. What is an idea, if you are the only one who knows about it? Writers publish, artists exhibit, scientists lecture, and computer scientists implement. So what is it that drives us to innovate? What is our motivation, the driving force that keeps the ideas flowing? The motivation is achievement - the feeling that you have solved a problem, or created something so unique that you have to look twice to perceive its greatness. Greatness doesn't jump at you - you need to know what your looking for, or you need to be told by others. So what drives us to tell others - why not keep it for ourselves? Most often, it is to show off - to gain social promotion, or economic gain. A hack is a fantastic thing if it does what you wanted it to. You have solved the problem, and feel good about it. By publishing it, you might claim that you are helping others solve the same problem - and it is true - but how many people would willingly publish their great ideas without recognition, as an anonymous submission? There is always some way of identifying the author. We on the Internet hold our licenses to great esteem. We love our GNU/BSD/ Creative Commons/[Fill in blank] licenses, because they allow for the free transport of communication, and ideas. We hold our license of choice in front of us, and swear by it as if it were our constitution. But are we really as free as we would want others to believe? Is the Internet any different than the "real world"? Copyright disputes about stolen code, designs, images, articles - it happens every day. Some times its enough to credit the author - but again, that is a promotion. The number of people who put something online with absolutely no requirement to credit, or use - is minute. We all want recognition, hoping that the 15 minutes of fame will prevent us from blending into the masses. We are on the frontiers of the new New World, here to stake our claim, before we are overrun by Scandinavian immigrants. Our attempts at making the Internet a free place will eventually drive us into facing, and dealing with, the same problems our alter-world has been trying to deal with for decades. Will we face them differently? Have we learnt from the past, realizing that there may be a better solution? And will that solution be licensed? "Welcome to the Internet - Our world is based on New World Order (revision 2.3.9) (C) 2049 (Jimmy Holmes)" We are here to think, to change, and to innovate - and yet, we still patent, copyright, copyleft, ban, kick, promote, buy, sell, and argue. Sometimes I think that the Internet really _is_ just people sitting in front of computers. -[ 0x06 . NewOrder Extra ]------------------------------------------------- ---[ Data's Cryptographic Challenge ] We know that our adversary is using a 2*2 enciphering matrix with a 29-letter alphabet scheme. The conventional encodings are: [A-Z]=[0-25], blank_space=26, ?=27, !=28. We intercept the encrypted message IK!UZ FM!FP (Note there are two black_spaces in between). Since the message is signed by BOND, we know that | | | | | B N | | M F | | | <==> | | | O D | | ! P | | | | | i.e. M==>B, !==>O, F==>N, P==>D. We also know that all encryptions are of the form: Enc_key * Plain_Text = Cipher_Text. and all decryptions are of the form: Dec_key * Cipher_Text = Plain_Text Find the Plain_Text and save the day. Send the correct Plain_Text to newOrder.newsletter AT gmail.com along with your newOrder nick/handle. ---[ Resolution's Rant - Elite Torrents ] In recent news, the FBI and the Department of Homeland Defense seized the website of a popular torrent site, Elite Torrents. This came about when it was "discovered" that Elite Torrents was allowing users to download pirated software from within the United States. The most notable of these files was the newly released Star Wars Episode III movie, which was apparently released online a few days before it's initial theater debut. All I have to say about this is that they (the members who hosted Elite Torrents) got what they deserved. One thing that annoys me though is the avid media pirates that are acting like a great injustice has been done to their "civil rights". Allow me to state the 3 most compelling arguments that the naysayers can come up with, and answer each statement with nothing more than the cold hard truth: -- "This is so unfair!! This is all about greed. These movies make millions of dollars and they are worried about movie pirates?" Stealing is stealing. These people worked hard to make these movies, and they deserve every cent. Who are you to say that they don't deserve the money that YOU are taking from them? One thing I can't stand is someone who knows they are stealing, but refuses to admit it when it is so blatantly obvious. -- "Why is the government getting involved? This is the MPAA's problem. Shouldn't they be after terrorists?" They are after terrorists. It's called "multitasking" you morons. It's always been the job of the feds to perform raids on those who are committing federal offenses, and the MPAA was helping the government throughout the investigation. For those of you who don't know, as of April 27, 2005, stealing and/or distributing movies and other forms of media before it is officially released to the public is a _federal_offense_. Sitting inside a movie theater, and recording the movie with a video camera is now a _federal_offense_. Did you notice that the word "fed" is in the word "federal"? This is why the government was involved. -- "They should have hosted the files in a country like Sweden instead of the United States." This would have been smarter and may have worked, but guess what boys and girls? Sweden just passed a law making it illegal to download or serve copyrighted material from the Internet. It used to be legal to host pirated files there, but not anymore. I guess you users of Pirate Bay better steal all your content while it lasts, because the law goes into effect July 1, 2005. The noose tightens. In any case, these guys were anything but "elite", or smart for that matter. This is the type of stupidity that attracts people to places like Cyberarmy or HappyHacker.org. What were they thinking hosting Star Wars Episode III on their own server? Now it was never said that hosting Episode III was the reason for the raid, but we all know it was. The MPAA was looking for a pack of suckers to take the bait, and it just happened to be Elite Torrents that got hooked. At the time the movie was released, I kept hearing people say that it would be crazy just to even download the file. It was just too "hot", but these guys were actually hosting it on their server in the United States? Smooth move... ---[ From the Toolbox ] Two features: encryption and data wiping with one tool. Windows 2000 and XP include a small command-line utility for managing encryption. Cipher.exe grants users the ability to encrypt and decrypt files or directories on NTFS partitions using the Encrypting File System (EFS). Example usage: cipher /e Not only can you use this tool to manage your encryption, but you can also use it to overwrite deleted data from your disk. Using the /w switch cipher allows you to wipe either an entire volume or a specific directory. This option wasn't available with the original release, so if you don’t have it, then you should take it as a good sign to update your system. Example usage: cipher /w:c:\confidential Do you have a tool or code fragment that you find useful in admin / sec? Do you want to share it with the community? Send your submission to newOrder.newsletter AT gmail.com along with your newOrder nick/handle. ---[ Hands Up! Put Down the Keyboard! . by zshzn ] Internet users mingle in a loose anarchy, or perhaps better described as libertarianist environment. Most immoral or illegal acts across the internet can be done without fear of repercussion, as long as you don't push it too far or make it too obvious. While in 'real life' small acts of violence or petty theft can be pursued in legal courts, anything but the most serious acts online are allowed free rein. Common internet crimes that often go unprosecuted include theft of personal information, financial attacks and / or theft, and copyright infringement. The main body of law in the US Code dealing specifically with computer crime is the Computer Fraud and Abuse Act. Originally devised in 1986 to protect against unauthorized intrusion of government systems, the act has been amended three times to cover a broader field, most recently by the USA PATRIOT Act. Notably, outside of the Computer Fruad and Abuse Act all USA laws apply to internet actions taking place in the USA. Any valid laws, such as copyright, libel, and conspiracy, are just as valid online as they are applicable. If it really was possible to have a device stab someone in the face over the internet, the controller could be charged with murder (regardless of how much the victim deserved it). Most disagreement over computer law does not come down to the laws themselves, but the interpretation of the laws as they apply in the situation. How far does the USA's legal arm extend online? Very far. According to a source listed below, 22.3% of internet users live in continental USA, and are directly under the control of USA law. Additionally, Europe has pushed some computer law legislation recently, specifically the United Kingdom and the European Union. The EU has proposed bills very comparable to some USA legal movements. The European Union makes up 24.9% of internet users, from the same source. Thus 47.2% of online users could be in the direct territory of areas front lining internet control. Should these two bodies push for internet control, there is little reason for other countries (if we're worried about them) to stand up against the movement. Additionally, the internet is always moving, and if the USA directly controls 22.3% of it, they can dominate information flow, especially when lacking opposition from other nations. Part of the reason that computer crimes aren't prosecuted fully is the lack of legal precedents. In the American system, when a judge makes a ruling, and any appeals from that ruling sustain his decision, then his decision enters Case Law and becomes a precedent for other cases like it. In theory and practice this system works pretty well. In many areas of online crime, precedents haven't been established or are only slowly being established. These early cases will largely determine how the law is interpreted in a scenario, and how strictly it is enforced. Some crimes, if small and consistent in action and damages, are classified as summary conviction offences. That means that if they catch you doing it, you don't get a trial by default, you assume guilt. The classic example is speeding, if you're caught you get a ticket, and you pay it or face higher consequences. Fighting it isn't easy. Can you imagine getting a fine for downloading copyrighted music? Summary convictions could be applied to numerous small computer crimes, while large damaging crimes, indictable offences, can be investigated thoroughly and presented before the courts, as they are now (when they are actually pursued). Do any of the possibilities, of which only a few have been mentioned here, make you think your rights might be infringed? The USA administration has pushed the idea that they will do what they need to do for security, or just to get something done, and has even codified that concept through the USA PATRIOT Act. Not only would you be fighting an uphill battle against the USA government, but they have passed laws clearly allowing them to infringe rights. We've already seen an increase of criminal cases against copyright infringement, phishing, bank fraud, and general areas. Expect more cases on a more consistent basis. Another key reason that the internet is still mostly an anarchy is the lack of focus on regulating it. For years internet crimes have been pushed aside as less serious. However, at this point 67.8% of Americans use the internet, and that percent is still slowly increasing. More people are using the internet for more things. It cannot be ignored. If the mass size of the physical country doesn't stop the USA from governing the country, only funding and effort will limit it in governing the internet. All the pieces are in play to see the internet become, bit by bit, much more monitored and controlled. The questions to consider are how long do we have, and how thorough can they be, and what can we do about it? Further Reading & References http://www.internetworldstats.com/stats.htm http://www.eff.org/legal/CyberLaw_Course/ http://www.panix.com/~eck/computer-fraud-act.html http://www.access.gpo.gov/uscode/title18/parti_chapter121_.html ---[ The Problem of Phishing . by M4tt ] If you are, like me, an avid RSS news reader you will probably be well aware of the rise of a phenomenon known as phishing: http://neworder.box.sk/smsread.php?newsid=13464 http://neworder.box.sk/smsread.php?newsid=13356 Phishing is "the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details,by masquerading as a trustworthy person with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message)." [http://en.wikipedia.org/wiki/Phishing] Phishing has become a very tactile way to social engineer information from an unsuspecting user, what this little snippet of text aims to do is educate the reader as to the dangers and help them to help others from being stung by this clever tactic. SO HOW DO PHISHERS GATHER THIS INFORMATION AND HOW DO THEY USE IT? Well, the most common method is URL spoofing. There are many different avenues used to confuse the average joe, some include: 1. An IP address. The attacker will either email or instant message the victim with an IP address such as http://64.142.165.34 and relies on the victim to become confused by its intricacy. 2. A fake domain. Again this is email based and uses a plausable sounding domain name to trick the user into entering sensitive information. You may well be familiar with the "Paypal Account Limited" phishing scam that tricked users into believing their account had been accessed by a third party: http://www.fraudwatchinternational.com/fraud_alerts/040514_290_paypal.htm 3. Letter and number substitution. e.g. a "1" with an "l". Domain names like http://www.paypa1.com direct users to a faked paypal webpage. HOW CAN I STOP MYSELF FROM FALLING VICTIM TO ONE OF THESE METHODS? As I have detailed above, most of these methods rely on the confusion of the victim. The best way to protect yourself from these attacks is to be a little more weary of these emails that are sent to you. Phishers are able to spoof email addresses so it may appear that the email is genuine, but remember legitimatecompanies will never disclose that sort of sensitive information over email. You must never email personal or financial details, email is not a secure method for such important information such as this. If you feel you have been the victim of a phishing scam, dont hesitate to contact the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov. Recently, Netcraft has released an anti-phishing toolbar to help stop such attacks like the ones described in this passage. It helps to block suspicious URL's, uses navigational controls to defend against popups that attempt to hide navigational controls and displays site's hosting location (including country) to help highlight fraudulent URL's (meaning you can tell that Barclays Bank will not have their servers located in the USSR!). This toolbar can be downloaded at: http://toolbar.netcraft.com/ I hope this little piece of information helps to highlight the potential danger of phishing and allows you to educate others to stop this technique from harming others. ---[ Who is Richer? . by Data ] Alice and Bob are debating on whom amongst them is richer. However they don't wand to reveal to each other their total income. How could they possibly determine who is richer? One way is to bring in Charlie, their good old friend and compare it for them. Alice whispers her income to Charlie. Then Bob whispers his income to Charlie. Next, Charlie compares their income in his head and announces the result. But then Bob bribes Charlie and figures out Alice's income. This is exactly what we were trying to prevent. This leads us to the question, is it possible to securely compute who is richer without revealing the income and without the help of a third party? The answer is yes and we now look at one such clever protocol. The protocol works as follows: Let 'i' be Alice's income. Let 'j' be Bob's income. Let Eb be Bob's public key. Let Db be Bob's private key. Let n be Bob's public modulus. To start with we assume that the range of i and j is between 1 and 100. 1) Alice chooses a random number x and using Bob's public key computes c=x^Eb (mod n) 2) Alice computes k = c-i and sends the result to Bob. 3) Bob computes the following 100 numbers y1 = (k+1)^Db (mod n) y2 = (k+2)^Db (mod n) [.....] y100 = (k+100)^Db (mod n) Bob now chooses a large prime p, such that p=2 for all i,j in the range 1 to 100. If this is not true Bob chooses another prime and starts over. 5) Let _ denote subscript, e.g. a_b is (a subscript b). The subscripts are omitted when they are clear from the context. Bob sends Alice the sequence in the exact order Z1, Z2, ...,Zj, Z_(j+1) +1, ..., Z_(j+100) +1, p 6) Alice checks if the (i th) number in the sequence is congruent to x mod p. If yes, she concludes i<=j, otherwise i>j. When we have the case i>j, Bob computes Z_(j+1) +1, ..., Z_(j+100) +1, this makes the (i th) sequence Alice looks at, incongruent (mod p) and makes the protocol work. We have |zi-zj|>=2 so that the sequences donot collide with one another. This protocol nor any other would work if the individuals lie about their wealth. The protocol is computationally intensive due to step 3, if the range of numbers in which 'i' and 'j' lie is large. We look at an over simplified example. Assume that both are using RSA. Let 'i' be Alice's income. Let 'j' be Bob's income. Let Eb=7, Bob's public key Let Db=23, Bob's private key Let n be Bob's public modulus=55. Let i=4 Let j=1 1) Alice chooses x=17 and she computes c=17^7 (mod 55)=15. 2) Alice computes k=c-i=8-4=4. She sends k=4 to Bob. 3) Bob computes the following 4 numbers: y1 = (4+1)^23 (mod 55) = 15. y2 = (4+2)^23 (mod 55) = 51. y3 = (4+3)^23 (mod 55) = 13 y4 = (4+4)^23 (mod 55) = 17. He choose p=13 and finds z1 = 15 (mod 13) = 2. z2 = 51 (mod 13) = 12. z3 = 13 (mod 13) = 0. z4 = 17 (mod 13) = 4. He does the verifications and confirms that the sequence is fine. 4) Bob sends Alice this sequence in the exact order: 2, 12+1 , 0+1 , 4+1 , 13 = 2,13,1,5,13. 5) Alice checks whether the 4th number in the sequence is congruent to x mod p. Since 5(incongruent) 17 mod 13, we have i>j. 6) Alice tells Bob that she is richer. Bibliography ---------------- 1) Bruce Schneier, Applied Cryptography, Wiley Publications, Second edition, 2001. -[ 0x07 . Newsletter Outro ]----------------------------------------------- We hope you've enjoyed this edition of the neworder newsletter. In closing we'd like to remind you of who we are. As a community we are a community of learners, not teachers. On the whole we are driven by a desire to see how stuff works. We follow that insatiable desire, and then we share what we've learned with the community. This is why we are here and this is why we do what we do. We would like to invite you to be an active part of our community by listening to that same desire and sharing what you learn with us - and if you've lost this desire then we challenge you to find it again. See you on the site! = ----------------------------------------------------------------------- = newOrder and the newOrder newsletter team do not make any guarantees expressed or implied as to the accuracy of this publication. If you do something stupid as a result of what you have read here, and something goes wrong, blame it on the freaking rain but not on us. All content is the intellectual property of the respective author(s). Copying of content without their permission is prohibited and lame. Copyright (C) 2005 newOrder newsletter team, all rights reserved. Support the newOrder agenda, distribute freely! = ----------------------------------------------------------------------- =