Slashdot Mirror

You can read more about it on WIRED.

France has also complained about PROMIS.

Bill Hamilton of Inslaw Corporation who was going after the government for stealing PROMIS gave this document to each member of the House Judicary Committee.

and we must not forget that Crypto AG supplied encryption machines to over 120 countries. Officials from Iran, Iraq, and the Vatican, to name a few, relied on Crypto's tech for top secret dispatches and the NSA had a deal with Crypto, which gave them a backdoor that made those encrypted messages easy to decipher and they were not even a US company.

Also what about Lotus Notes' NSA backdoor that is in international versions of the software.

Noel

RootPrompt.org -- Nothing but Unix

Although having a wireless LAN is _very_ neat and geekworthy, the l0pht have been working on a wireless project now for a few years. (Yes, it's usually on the back burner, but according to the L0pht / @stake merger FAQ they are going to hopefully put more efforts and funding into the project.

The project is called guerrilla.net. While most of the 'work' has yet to be done, they have set up a list of goals and ideals for the future - A very important step before such an interesting project takes place on a larger scale.

I know I would personally like to get involved in something similar to this; having a wireless 'intranet' of sorts (complete with 'gateways' to the _real_ internet) would 'tickle my pickle' quite well.

E-mail me if you are as interested in this as I am.

Ben Brewer
brewer@nullified.org

Although having a wireless LAN is _very_ neat and geekworthy, the l0pht have been working on a wireless project now for a few years. (Yes, it's usually on the back burner, but according to the L0pht / @stake merger FAQ they are going to hopefully put more efforts and funding into the project.

The project is called guerrilla.net. While most of the 'work' has yet to be done, they have set up a list of goals and ideals for the future - A very important step before such an interesting project takes place on a larger scale.

I know I would personally like to get involved in something similar to this; having a wireless 'intranet' of sorts (complete with 'gateways' to the _real_ internet) would 'tickle my pickle' quite well.

E-mail me if you are as interested in this as I am.

Ben Brewer
brewer@nullified.org

A winmodem is like a video card without the accelerator.

An external winmodem? The closest thing I have seen is from the Sound-HOWTO about using the sound card to impliment 9600 bps FSK methods. This method is more useful for hams, but I'd imagine you could use a modemless laptop coupled to a payphone handset in a jiffy.

Sorry about the number of posts I really like these guys.

Sorry about the number of posts I really like these guys.

The whole idea of open-sourcing the software is that although one person can look for loopholes to use, another can find the same loopholes to fix. Thus the L0PHT.

For assurance, before installing software on a secure-as-plausible machine, I would love to have an automated for security problems, such as buffer overflows. So, how is the development of SLINT progressing? Are you still planning to release it?

Please read the post this is attached too. Notice it is currently marked as "insightful", when the post contains incorrect (and slanderous) information. Please find the facts at L0pht's site and make amends.

The problem that exists is that these people, often under 21, see big giant gaping holes in the security systems and this bothers them. If they report it, nothing happens because no one has, or ever will, listen to them. (Some sites have been defaced repeatedly, without ever having fixed the holes, even after the fix was placed in the HTML!)

So they make a mistake. They try to draw atttention to the fact before someone less kind, (for example a rival organization) uses the same holes to download actual sensitive information. (Warning, this kind of thought process can occurr to you when you've read too much cyberpunk.)

I'm older and wiser now. I realize that people REALLY DON'T care about security. Normally they just want something to rant about. The status quo is to lock your car door for security but if you lock the keys in your car you expect a locksmith to get them out in under a minute.

Think about it. If the locksmith can do it in under a minute, so can I.

They may not be adults, they may be fools, and they may annoy the computer professionals that are responsible for security but let's look at it this way.
If some kids can take down whitehouse.com, why couldn't Zhirinovsky hire someone to do the same, only with a lot more creativity and subtleness. (Wouldn't the media just love it if someone found a collection of porn jpegs on whitehouse.gov?)

They're criminals. They view themselves as unsung heros. In short, they're the Chicago Seven of a new generation. Even Richard Daley's famous quote could still apply:

"Gentlemen, let's get something straight. The police aren't in the streets to create disorder; they are in the streets to preserve disorder." -- Mayor Richard Daley

If they start to require a licence, I'll definately set up a few guerrilla.net nodes!

Bruce's main site.
Information on Skipjack
Information on impossible-differential cryptanalysis
Information on attacks unknown to the NSA
About the Windows NSAKEY flap
Probable NSA backdoors
Information on the Blowfish algo
Information on the Twofish algo
Speed comparison of known algos
Speed comparison of the AES candidates
Summary of attacks on various algos
Breaking crypto isn't the best way to beat security. Article 1 Article 2
Information on the Solitare algo
Information on the Yarrow algo
Importance of peer-reviewed crypto
Comments on propriatary encryption
Dismissal of cracking contests
You say you can't break it; well, who the hell are you?"
Twofish team's published papers
David Wagner's published papers
So you wanna become a cryptographer?
Information on side-channel attacks
Information on power-analysis attacks
More information on side-channel attacks
Article on Quantum computing
The problems with the public-key infrastructure
The problem with longer keys
l0phtcrack
Biometrics as keys?

The spelling of "l0pht" (read:loft) was chosen because it is humourous.

So, Mr. IHaveNoContentButWillPostAnyway, have you actually ever gone to L0pht Heavy Industries' web site and taken a good look at their advisories?

Once you go and take that first look of yours, come back and answer me this: what good have you done for the on-line community lately?

The spelling of "l0pht" (read:loft) was chosen because it is humourous.

So, Mr. IHaveNoContentButWillPostAnyway, have you actually ever gone to L0pht Heavy Industries' web site and taken a good look at their advisories?

Once you go and take that first look of yours, come back and answer me this: what good have you done for the on-line community lately?

It is amazing the comments and speculation from people who have no idea about what is in the show except for a couple of sound bites.

Here is a link to the Press Release I put up on the L0pht web site which should give a better discription of the contents of the show.

L0pht was interviewed and we tried to describe what hacking really is. We specifically told MTV that it wasn't downloading a scanner someone else wrote, then looking up a sploit on rootshell and running a script.

I haven't seen the show so I don't know how much of what we said made it in. I will reserve my judgement of the show until I at least see it.

-weld

For a cool article in the NY Times about real hackers look here.

...l0pht stopped updating their PalmPilot section.

Besides, the "BeamCrack" they posted there that supposedly defeats the beam copy protection doesn't since it only works on databases (PDBs) and the real security issue is with beaming copy protected programs (PRCs)...

Not so infantile if it slips under l0pht's radar, is it?

Oh well...there are better security sites, IMHO...but I really, really liked the hippie Palm graphic that l0pht had on theirs...

- JoeShmoe

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-

They may have responded like its no big deal, yet if all they said is true, the keys are still there! The CSP's they speak of could have been handled through another method, and surely not as inconspicuous as they are now.

Secondly, how can we know the validity of their arguments? For an example one must merely take a look at BackOrifice.

Once again I feel even more secure staying in my safe Linux environment, I have access to the code and that is great leap above and beyond anything that Microsoft can offer me.

Here's the link to the NetCat page

Well, NetCat (from L0pht) is totally free (totally insecure, too... but free). I can't find it on their web site any more, but it was ported to NT by Weld Pond.

I used to have a cgi script to start a netcat session from IIS, with some minor security provisions. Not really secure, but it wasn't always listening

But, if you start it through IIS, your rights are whatever the IIS (guest?) account is. You can start it as a service, but that is a gaping hole without a good wrapper.

More to the point... anecdotal evidence shows little - on either side of the issue. Win98-SE apparently does have some (severe) problems. If it's working for you, great! That doesn't mean that it's a quality product, though.

As for the Internet gatewaying, NAT/IP masquerading have been around for ages on the sane operating systems. This is not a new feature.

Word to the wise - don't try using PPTP to set up a VPN on your home network. The "security" used is a joke compared to less proprietary protocols like IPSEC. Take a look at l0pht.

You have no idea what you are talking about. Look up the code for, say, L0pht's AntiSniff or any number of Windows sniffer programs.

Admittedly, Microsoft uses a different set of nonstandard interfaces to access raw network data than *BSD or Linux does, but since there's no actual standard for this, what's the problem?

I find it hard to avoid getting the impresion that the vast number of people posting on this site who profess to know so much about programming, and are such rabid Linux advocates, program very little. My suspicion is that their experience of Linux is mainly confined to twiddling the icons in the execrable Enlightenment. And why they feel able to comment on Win32 programming, about which they evidently know little indeed, is quite beyond me.

As for the Windows tools vs Unix tools argument, well, Unix users are arrogant, and have little reason to be. I -- and many others -- prefer to be using a Unix system from day to day -- until I have to use Adobe Photoshop -- but this doesn't mean that Windows users deserve ridicule for it.

Maybe this will rekindle interest in Guerilla.net, the L0pht wireless network.

Of course, I may just get in the habit of encrypting all e-mail and only using ssh for remote connections.

--sig time!--

Well, a quick check of L0pht turns up this: http://www.l0pht.com/pub/blackcr wl/hack/dhcp-faq.txt

Look under the heading, "What are the Gotchas?". As far as your first statement goes, I have to track my inventory. If I relocate a machine (that doesn't happen often, BTW), I want to be sure that it's correctly configured for the new segment. Since this only takes about 2-3 minutes (allowing for the Windows execrable habit of rebooting for every config change,) it's not that big an overhead. The bonus is, _I know_ it was done right the first time. Regarding Flukemeters: I'll have to agree that a Flukemeter would find the problem. But I don't need to buy one, I can just turn on debug on my Cisco router attached to the segment, which I can do from my office.

nope it's really easy to mess with an NT machine. Just boot off a floppy with linux and NTFS read/write support. I am using kernel 2.3.11 and copying to and from ntfs works fine, but deleting is a little weird. Files I delete on the NT machine seem to be changed to 0kb (effectively deleting them), but remain.

After doing this you are free to play with whatever you like. BTW c:\winnt\repair\SAM._ is a file of the winnt passwd hashmarks. You can import this into a tool such as l0phtcrack and with a little time attain passwds for all accounts on that machine.

Linux is equally vulnerable should the user have access to the actual machine. This is a great flaw in my opinion. My school has circumvented the problem by not allowing the Lab machines to boot off floppies, but users could still physically damage the machines.

• For many computer-related commercial products (e.g., operating systems, cellular phones, Web server programs), if you can give the impression that your product is more secure than your competitor's product, then (all other factors being equal) you will sell more.
• The people who buy these products, and the people who review them for industry magazines, can't distinguish a product with bad security from a product with good security. Even a computer-security professional may not be able to find security weaknesses right away; there may be one subtle bug that can leaves your system wide open to an intruder, but finding the bug might take weeks or months of full-time work, especially if the people evaluating the product don't have access to the source code.
• It's a lot easier to boast about your product's security than it is to actually implement a secure product. This is especially true when your product has selling points other than security: a hundred programmer-hours spent improving the user interface will probably do more for your sales than a hundred programmer-hours spent looking for security holes.

Public revelations of security flaws are the best way to push these companies into action, since it takes away their incentive to procrastinate.

Recommended reading: "Why Cryptography Is Harder Than It Looks", by Bruce Schneier, and "Trends in 'Press Release' Security Advisories", by someone at l0pht.

Ok, FreeBSD is cool. Buth the ONLY pro-actively secure unix is OpenBSD .

Look at TOP security sites. They run it (SNI, L0pht, Defcon, etcetcetetc).
FreeBSD is cool anyway. Jut security isn't in their top commitments.

I tested it on an NT4 SP4 Workstation I have here. If you place the executable in a directory which you can write to (such as the desktop, or the many worls-writable directories mentioend above), it gives you membership of the local administrator group. Its then possible to use l0phtcrack to get the local administrator password, or to use the samba team's pwdump to get the list and run l0phtcrack offline. If its the same as the domain admin password.....

Here's a place you can order some of this 'futuristic warfare' stuff from:

Information Unlimited
800-221-1705 Orders
603-673-4730 Orders
603-672-5406 FAX
Snail-Mail:
PO BOX 716
Dept R3 Amherst,NH 03031


- Lasers, Pain-Field generators, Tesla Coils, Security Devices, and more

Call for a catalog. They say they want $1.00 for a catalog. Screw 'em ! They'll send you one for zero. They also sell kits for stun guns, 100,000 volt pain field machines, and lots of high-voltage toys.

For other sites check out L0PHT Heavy Industries: More High Tech Toys