demoniz -

December 1998 (10 - 22)

Keen Veracity
update by
demoniz at Dec 22 , 23:05 CET

Legions of the Underground released #6 of their excellent ezine Keen Veracity. Among other interesting subjects, the zine features extended background information on the infamous Internet Worm.

Download Keen Veracity (.txt)
Legions of the Underground Web site

Remote Explorer II
update by
demoniz at Dec 22 , 16:18 CET

Remote Explorer, the new 'smart' virus for Windows NT is big news. We've collected some links to the mainstream media. For anyone who wants to know more about this first 'first legitimate incident of cyber- terrorism.'

MCI hit by computer virus - CNN
Virus Snarls NT Nets - Wired
Alarm over new 'smart' virus - ZDNet
NAI warns of dangerous virus - InfoWorld
Analysts question "cyberterrorism" hype - CNET

How secure are you?
update by
demoniz at Dec 22 , 13:00 CET

Gromwood, a new site with various sections (games, security etc), asked me a few questions about Net security. It's online now, including my spelling faults. Hey, you need a editor-in-chief :)

Go check it out and let me now what you think.

Gromwood 'How secure are you' article

Horror for NT: Smart virus
update by
demoniz at Dec 22 , 1:35 CET

A new - smart - virus wanders the Net. Last week the computer network of a Fortune 100 company was obliterated by a new virus that one official called "the first legitimate incident of cyber- terrorism" he had ever seen.

According to Network Associates (McAfee) the virus, dubbed as Remote Explorer, attacks Windows NT-based networks and propagates over the network. Remote Explorer is memory resident, encrypts EXE, TXT, and HTML files. It compresses the executable files of servers and workstations that it encounters, rendering them unusable. Remote Explorer also encrypts .DOC or .XLF files with a cipher that researchers still have not identified, making it impossible to gain access to those files.

Network Associates has released detection software for the virus and a fix.

Remote Explorer at NAI

Operation Desert Hack
update by
demoniz at Dec 22 , 0:15 CET

It appears the Baghdad-Iraq Web site never got hacked. Or better: we can safely assume they didn't get compromised. It turns out the Web site was registred on December 18th, during the real Operation Desert Fox. The whole 'hack' was a fake. Thanks to Ken for informing us.

Baghdad hacked
update by
demoniz at Dec 21 , 16:49 CET

Operation Desert Fox continues, not in Iraq but on the Internet. Today the Web site 'Baghdad-Iraq' got compromised by hackers who support the attacks on Iraq. "Bomb that damn country good...find sadam and beat his ass with hot pokers..." Among several pictures on the site, the hackers Mind and KANE14, published a fake image of Saddam and Clinton naked in bed.

Baghdad-Iraq Web site
Archive of hacked site
(Tip by BHZ)

Free security upgrade
update by
demoniz at Dec 21 , 3:33 CET

Now here's some bad PR for a business. Last week the Hacker News Network reported about several companies which got their Web site defaced. Nothing to get really excited about, it happens all the time. But what if you are days later still hacked? Two sites, and, apparently enjoy their free security upgrade.
Archive of hacked sites (both the same)

Down, but not for good
update by
demoniz at Dec 21 , 3:12 CET

There has been some confusion about the popular website host for hackers, It went down last week due to changes in the terms of the hostprovider of Scorchers and nobody really knew whether it was down for good or that is was down temporarily. According to the webmaster of Schochers, they will return but it will take some time. "Scorchers will be back, probably before spring of '99, but no later. We will be able to offer more space and a more reliable server after we get going in the spring.

Schorchers Web site

What comes around goes around
update by
demoniz at Dec 19 , 13:54 CET

LoRD OaK, the hacker who defaced CyberArmy yesterday, got his own site hacked today. Ralder-X replaced the mainpage of with his own l33t version. "H4H4H4 TH1$ 0N3$ F0R 4LL TH3 $H1T U PUT MY M4N D4T4 THR0UGH." What comes around, goes around. It's true.

The Poison Web site
Archive of hacked site
(Tip contributed by deepcase)

Disgrace for Lotus
update by
demoniz at Dec 19 , 12:58 CET

Some sysadmins have problems securing their servers. Their knowlegde of security is limited and their servers are a playground for the hacker scene. But what if you're a manufacturer of servers? As it turns out, it's the same story, no knowlegde. The Dutch Lotus office Web site got compromised today. And it was no complicated hack. It wasn't even a real hack. The webmaster forgot to change the rights of the 'Edit Document' option. *Ouch*

Lotus Nederland Web site
Archive of hacked Lotus Domino server

Companies believe the Net is safe
update by
demoniz at Dec 19 , 12:57 CET

A new study released Thursday shows corporate users perceive the Internet as substantially safer for conducting business online than they did in 1996. 65 percent of the companies surveyed by Cahners In-Stat Group said they believed the Net is safe for electronic commerce, while only 37 percent of respondents agreed with that statement two years ago.

But, as we reported earlier this week, according to IBM nine out of ten online shopping servers are insecure. 'Ethical' hackers, on the payroll of IBM, gained easily access to several secured servers of e-commerce companies.

Read full article at Internet Week
(Tip contributed by Digital Sinner)

CyberArmy hacked again
update by
demoniz at Dec 19 , 1:44 CET

The h/p/v/c/a searchengine CyberArmy was compromised again today. A hacker named LoRD OaK of the hackgroup The Poison hacked the cgi-bin of the site, replaced the links and added two new categories to the searchengine ('Hacked' and 'Hacked by LoRD OaK'.)

CyberArmy Web site
Archive of hacked searchengine
The Poison Web site

Iraqi cyber attack?
update by
demoniz at Dec 18 , 16:04 CET

A computer-based counterattack from Iraq against the U.S. is not very likely. Earlier this week a report by the Center for Strategic & International Studies called for greater recognition of the threat posed by attacks and terrorism conducted over the Internet. It speculated that cyber terrorism and cyber warfare could be a plausible alternative because "no enemy can match the U.S. military, as demonstrated by the Gulf War."

The FBI said yesterday that such attack is not very likely. The Department of Energy's Computer Incident Advisory Capability (CIAC) agreed with that. A security analist of CIAC said: "You could say that about anything. It would be just as easy for Iraqi terrorists to make trains run off the track."

Read the full article at USA Today

IBM: Online shopping insecure
update by
demoniz at Dec 17 , 15:28 CET

How often do you purchase articles online with your credit card? In the future you might think twice before using your flexible friend. According to IBM, Nine out of ten online shopping servers are insecure. 'Ethical' hackers, on the payroll of IBM, gained easily access to several secured servers of e-commerce companies. This revealed a spokesman of IBM Global Services today to the San Francisco Examiner.

IBM Web site
San Francisco Examiner Web site (article not online, yet)
(Tip by Thejian)

IRCnet hacked
update by
demoniz at Dec 17 , 14:54 CET

One of the main IRC networks, IRCnet, got hacked earlier today. Malicious hackers gained root access on and killed roughly 6000 users. The Estonia server has been disconnected from IRCnet for the time being to avoid more problems.

MS Bug slows impeachment email
update by
demoniz at Dec 17 , 12:49 CET

A bug in Microsoft's email server software couldn't have surfaced at a worse time for the U.S. House of Representatives. Just as House members were preparing for their vote on impeachment, constituent email messages began dropping into a void because of the glitch, which sends Microsoft Exchange servers into a continuous loop. The bug affected two of the House's 14 servers, which run Exchange 4.0 on Windows NT 4.0, according to Jason Poblete, a spokesman for the House. Due to the problems Judiciary Committee members haven't received email at all since Monday.

Read the full story at CNN
(Contributed by digital sinner)

Baghdad bombed
update by
demoniz at Dec 17 , 2:46 CET

Saddam Hussein went too far this time. U.S. President Bill Clinton announced a few hours ago he had ordered a "strong, sustained" series of airstrikes on military and security forces in Iraq, designed to degrade Iraq's ability to develop weapons of mass destruction. In other words: they are bombing Iraq.

CNN Web site

Electronic Waterloo
update by
demoniz at Dec 16 , 19:40 CET

No computer is safe from hackers. We already knew that and the U.S. government apparently knows it too. This week they released a report, entitled, 'CyberCrime, CyberTerrorism, and CyberWarfare: Averting an Electronic Waterloo,' which recommends several procedures U.S. policy makers can implement to defend the U.S. critical infrastructures from information warfare. The report admits that most of U.S. computer systems, including high level systems that control electrical power grids and US military command and control systems could be brought down by computer crackers.

Read the full story at Internet Week

Wassenaar violation of Human Rights
update by
demoniz at Dec 15 , 16:11 CET

On the occasion of the 50th birthday of the Universal Declaration of Human Rights, the Canadian privacy-softwarecompany Zero-Knowledge Systems launched a campaign to convince authorities that the Wassenaar Agreement is a violation of these rights. "The best defense for online privacy is to use strong cryptography, wich allows Internet users to preserve the privacy of their communications and personal information." Web site
Zero-Knowlegde Web site
Contributed by Thejian

Electronic Justice
update by
demoniz at Dec 15 , 16:07 CET

The USA has court TV, the Dutch will have Internet Court. Four Dutch courthouses will participate in an experiment starting next february to bring justice online. The courts will report on upcoming trials, verdicts and crime-statistics. Nothing really new, but plans are also to ask the Internet crowd for their help to bring criminals down. Makes me wonder if they are planning to divulge all the details about the cases.

Read more here (Dutch only)
Contributed by Thejian
. Archive

December 1998 (10 - 22)

Lets make the Net a better place
update by
demoniz at Dec 15 , 13:41 CET

IBM is trying to boost the confidence in the Internet as a safe environment. On Monday Big Blue unveiled the code of Postfix aka Secure Mailer, an email program which offers improved "security, reliability, and performance" over existing email delivery services such as Sendmail. Contrary to its habit, IBM released the code as open source.

Secure Mailer Web site (IBM Alphaworks)

The Inevitability of Failure
update by
demoniz at Dec 15 , 13:19 CET

The security paper of six employees of the U.S. National Security Agency (NSA) which was published at the 21st National Information Systems Security Conference in October, is now available in HTML format to the public.

'The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments.' discusses, among other things, why mandatory security mechanisms are useful outside the context of classification levels, even on single-user systems. And trusted-path mechanisms, like the PASSCRED stuff recently implemented in Linux and NT's Ctrl-Alt-Del login feature.

HTML version of Security paper

HackCity releases programs to the public..
update by
Qubik at Dec 15 , 7:16 CET

HackCity.Com, a large group which has recently been under watchful eyes, has released their first round of programs to the public showing that, according to Hadez, HackCity.Com "..are still planning on making the site available to the public as well as our members."

HackCity Web site

update by
demoniz at Dec 15 , 0:07 CET

WHiTe VaMPiRe of Project Gamma wrote an editorial about the major 'hackflood' of the last few days. I suggest you all take a look at it. It might enlighten you. "They are pulling innocent bystanders into their petty disputes, that is uncalled for and unwarrented." He couldn't be more right.

Hax0red editorial
Project Gamma Web site

Strike to protest Wassenaar
update by
demoniz at Dec 14 , 17:15 CET

To protest the signing of the Wassenaar Arrangement, an international treaty that imposes new restrictions on cryptographic software technology, all computer professionals are called to strike today. The strike is meant to raise awareness about the importance of cryptography, about the U.S. government's wrongheaded attempts to curtail its use, and about the strong-arm tactics used by the United States to pressure other countries into limiting their citizens' rights the way it has limited its own.

Wassenaar Strike Web site
Wassenaar Arrangement Web site

Jack Daniels hacked
update by
demoniz at Dec 14 , 17:06 CET

The Web site of the famous whiskey distillery, Jack Daniels, got defaced this weekend. The hacker, Fluxx, replaced the mainpage with a page dedicated to the sysadmin. "I was here, but now I'm gone, I leave my tag, to carry on. Oh by the way, your sysadmins security sucks. Put me out of my misery, then and only then can I truly be free"

Jack Daniels Web site
Archive of hacked page

Financial trouble for Packet Storm
update by
demoniz at Dec 14 , 16:13 CET

The number 1 exploit archive, Packet Storm Security, is in financial trouble. In a short time the Web site became so popular that it's now threatend by its own succes. The webmaster of Packet Storm, Ken Williams called on the visitors for an solution. "Due to the increasing popularity of this Web site, we are now averaging over 80,000 hits/day, and double that figure on some days (...) After shopping around, we have been quoted figures of $1500-8000/month to host this web site by other companies and service providers. Since this site is free (on principle), and we do not offer advertising (on principle), we pay for it ourselves. If you have any viable solutions or suggestions, then please contact us ASAP."

If you have a solution, mail Ken Williams. Details about how to contact him can be found at Packet Storm Security

German hackers worried about logfiles
update by
demoniz at Dec 14 , 13:44 CET

Unsubstantiated reports are coming in that the German police has access to all log files of so called 0130 callers (0800). The rumour was spread after last friday's bust of NetGuru, an 18-year-old German high school student who got arrested for defacing a German government Web server and abusing stolen Credit Card nummers. He caused for $20,000 damage to an insurance company. NetGuru told an German computer magazine that he used an 0130 number during his hacks. According to an anonymous email we received, the hackers earlier assumed that the German Telecomm didn't even keep track of the callers.

NetGuru's bust at Chip Online (German only)

AntiGen becomes AntiGėn
update by
demoniz at Dec 13 , 23:18 CET

Fresh Software has finally changed the name of their Back Orifice remover AntiGen. The program formerly know as AntiGen is now called AntiGėn. Last month the maker of the freeware BO killer was about to be sued by Sybari Software because they had the name Antigen trademarked for their own security program. After consulting the attourneys of Sybari, Andrew Niese, the maker of AntiGen, decided to back down and change the name of his program. "We didn't expect AntiGen to become so popular worldwide, so it never crossed my mind to check for trademark conflicts", writes Niese in an email to 100 % Pure Bikkel.

Fresh Software Web site

Hacker on the run? No more
update by
demoniz at Dec 13 , 3:17 CET

Justin Petersen, the hacker on the run who was also an FBI informant, was captured last night by the U.S. Marshalls. We reported about a month ago about his sudden disappearance. The ex-hacker violated his parole and was wanted by the US Marshalls. Petersen hacked a few years ago a financial institution and pinched electronically $150,000.

Petersen was arrested and taken to the Metropolitan Detention Center in downtown Los Angeles. Ironically, this is the same place where imprisoned hacker Kevin Mitnick is currently being held. Petersen helped the FBI arresting Mitnick.

Read the full story at ZDNet
Thanks to Spikeman for informing us.

Call long-distance for free
update by
demoniz at Dec 12 , 15:54 CET

That PalmPilot of 3Com is sure one nifty tool. We reported last week about unlocking cars with a PalmPilot using the infra red eye. Well, that's not all. You can make long-distance phonecalls with it too. For free that is.

Last Thursday an Canadian hacking site posted software which turns the PalmPilot into an unlimted calling card. The latest hack, known as RedPalm, exploits a weakness in older pay phones that phone hackers, known as phreakers, have used for years. The new RedPalm software plays tones through the PalmPilot's speaker that can fool some phones into believing that callers have deposited quarters.

PalmPilot Web site (3Com)
Hack Canada Web site
Read the full article at Wired News
(Tip contributed by Spikeman)

Slampcoach again...
update by
demoniz at Dec 12 , 10:56 CET

Our little soap opera is getting boring, but for those who care: Slampcoach was modified again today. This time the original hacker ^Dreamer changed the 'hacked' Web site again to a page with his version of this little fairy tale. To clear the air, he writes. "I'm receiving many flames to the hack. Go there for the complete story... cause Hadez never hacked it. I got logs to prove it."

Archive of the third Slampcoach hack

To hack or not to hack
update by
demoniz at Dec 12 , 0:14 CET

Many people commented on the hack flood of the last few days. According to many, the hacks weren't real hacks since all the Web sites got compromised using legitimate passwords. We received earlier today an email from ^Dreamer, the hacker who defaced Slampcoach for the first time. " wasn't 'ReHacked' by Hadez. I gave him the pass." The last victim, Legion2000 turned out to be hacked too using an 'non-hacked' password. As well as the Sekurity-net, the and the devastating CyberArmy hack. Decide for yourself whether it are real hacks or not.

Social engineering (Packet Storm)
Social engineering (fravia)

Legion2000 hacked?
update by
demoniz at Dec 11 , 23:42 CET

In todays episode of 'As the Hacker turns': The Legion2000 hack. Starring Iron-Lungs as the fall guy and an anonymous hacker as the attacker. In other words, the server of HcV org got hacked today and Iron-Lungs seems to be the target, again. According to our informer, Crawl-X of The A.R.G.O.N. the defaced Web site of Legion2000 had a redirect to a site of Iron-Lungs which was also compromised. Iron-Lungs stated on our webboard that the hack was done using an inside account. Sounds pretty damn familiar eh?

We have two different versions of the defaced site:
Archive 1 of the hacked site
Archive 2 of the hacked site
Legion2000 Web site
The A.R.G.O.N. Web site

The art of social engineering
update by
demoniz at Dec 11 , 7:28 CET

Without any technical knowlegde one can hack. How? With social engineering. The latest Web site hacks appeared all to be done through social engineering, a special form of hacking. Social engineering is not about technical knowlegde but about trying to fish a secret out of someone. The hacker in the CyberArmy hack called the host provider of the hacker site pretending to be the webmaster of CyberArmy. He asked for help changing his password. The kind help of the provider was rewarded with a devastating hack.

100 % Pure Bikkel searched the Web for information on social engineering and found it at Packet Storm Security

Social Engineering Tools and Misc Files
Packet Storm Security Web site

MS Excel hole patched
update by
demoniz at Dec 11 , 6:08 CET

Microsoft released a patch today that fixes a vulnerability in Excel that could allow certain types of executables to be run without a warning to the user. Excell allows executables to be run from a worksheet. Without the users knowing it any kind of program can be launched. An Excel worksheet could be used as a trojan horse to activate malicious programs like Back Orifice or NetBus.

MS Excel patch

New school hackers root it twice
update by
demoniz at Dec 11 , 4:25 CET

The hacked Web site of Slampcoach got hacked again. This time Hadez of HackCity defaced the defaced page of And again HcV and Iron-Lungs get put down. According to a statement on the compromised site, Hadez doesn't agree with Iron-Lungs hacking methods. "Your days of fucking threatning people are over you fuckers. You call "phoning up webhosts and pretending to be account holders" hacking?" Web site
Archive of hacked site
HackCity Web site hacked
update by
demoniz at Dec 11 , 1:38 CET

That there's some truth in the saying 'what comes around, goes around' is something which Sekurity-net can fully endorse. On thursday their mainpage was hacked by Iron-Lungs because the webmaster of Sekurity-net should "earn his respect and stop being a failure."

100 % Pure Bikkel found earlier on thursday out that Sekurity-net 'borrowed' all the news of this site. And as if this wasn't enough, the webmaster of Sekurity-net claimed on the webboard to be the real hacker of the hack instead of Iron-Lungs of HcV. To back up his claim he linked to a modified copy of the defaced on his own site.

We have nothing to do with this hack, but lets not act like saints. In this particular case, we love it. Unlike all the other hacks these past weeks, there was no real damage done. The hacked page linked to the old index of Sekurity-net.

Sekurity-net Web site
Archive of hacked site
100 % Pure Bikkel Webboard

(Thanks loser (yes, it's his real nick) for the copy of the hacked page)

A hack for a hack
update by
demoniz at Dec 11 , 1:09 CET

In the old days, when people had a flaming row they would give eachother a proper hiding. That would set things right. But hey, the new millennium is coming and times have changed. Nowdays you don't beat someone, you hack. And you do not hack them, but just some random site to publish your statement. Today got hacked because "HcV is gay as fuck." Web site
Archive of the hacked site

Old school hackers never die
update by
demoniz at Dec 10 , 15:32 CET

With the devastating hack flood of the last months which destroyed so many Web sites, it appeared the hacker ethics lost its value for good. Guess again, old school hackers never die. Kr0me Corp recently relaunched their public Web site devoted to old school hacking. For the hacker who still cherishes the ethics.

"We want you to consider this: hacking is not a form of destruction, a power over the masses in the hands of young vandals, for status or personal gain. It is the art of creating and manipulating the information; it is the constant yearn for knowledge, the curiosity pushing the individual to look beyond the appearence of the things, to study and learn the inner aspects of their functioning."

Kr0me Corp Web site

©1998 demoniz, Paradise. All Rights Reserved