Slashdot Mirror

Having access to source code is important, as no matter how good the documentation is (and Microsoft's developer documentation is lousy, according to some my of developer friends), nothing beats being able to look at the source of the library or OS component you're using to see exactly what it does. At the very least, it allows you to see that that component isn't built to handle the situation you're trying to get it to deal with, and you can work around that, or change the environment to match the assumptions made by the programmer of that component. Since different people rely on different parts of the OS, 65% source code availability may meet the need of 100% of developers (if no-one ever uses the remaining 35%) or 0% (if the 65% available isn't interesting to anyone). Only 100% availability is guaranteed to meet the needs of 100% of developers.

Regarding the GPL, Taylor at least gives the honest answer that he "[doesn't] know enough". Firstly, the GPL covers patents, and says that code licensed under the GPL must license any patented techniques used therein for "everyone's free use" or the code may not be licensed under the GPL at all. Secondly, people can build upon FOSS and monetize their innovations; without restrictions if the components they use are licensed under the terms of the LGPL or BSD licenses (and they comply with the terms of those licenses) or with some restrictions if not. Red Hat are successfully monetizing their innovations despite having to comply even with the terms of the GPL. Done right, anyone else can too.

On buffer overflows, Taylor states that "people didn't really understand buffer overruns and port 80 and I/O issues 10 years ago". Well, the guys writing articles for Phrack probably did, seeing as they published an in-depth explanation on 8 November 1996. What Taylor probably means is that people at Microsoft didn't really understand buffer overruns ten years ago. Shame on them. It was taught on the mediocre Computer Science degree course I followed between 1992 and 1995.

Is he seriously suggesting that 10 years ago no one had ever heard of a buffer overrun?

He's not that far away. Aleph1's famous article was from 1996 and is one of the first publications that got mainstream attention.

It begins with "Over the last few months there has been a large increase of buffer
overflow vulnerabilities being both discovered and exploited." - so saying this was unknown in 1995 is not quite true, but it certainly was a fairly new and not entirely well understood problem.

Is he seriously suggesting that 10 years ago no one had ever heard of a buffer overrun?

You're right, his suggestion that everyone else was as disinterested in security as Micro-Soft is ridiculous. However, he is correct that ten years ago we weren't generally concerned with buffer overruns.

My memory of it is that Aleph One, who used to administer BugTraq, introduced us to the concept in this paper from 1996.

I mean, who hasn't edited Phrack? I gave it a go for issues 15 through 17, where I predicted that Phrack would survive at least through issue 34. At the time, I didn't know it would reach its absolute nadir with issue 33.

The reason for the change in issue 15 and then in issue 18 was schooling -- we crazy kids were actually going to college to try to do something more productive with our lives (in my case, it didn't work).

I mean, who hasn't edited Phrack? I gave it a go for issues 15 through 17, where I predicted that Phrack would survive at least through issue 34. At the time, I didn't know it would reach its absolute nadir with issue 33.

The reason for the change in issue 15 and then in issue 18 was schooling -- we crazy kids were actually going to college to try to do something more productive with our lives (in my case, it didn't work).

I mean, who hasn't edited Phrack? I gave it a go for issues 15 through 17, where I predicted that Phrack would survive at least through issue 34. At the time, I didn't know it would reach its absolute nadir with issue 33.

The reason for the change in issue 15 and then in issue 18 was schooling -- we crazy kids were actually going to college to try to do something more productive with our lives (in my case, it didn't work).

Looks like they already have:

http://www.phrack.org/unoffical/

Should have searched a little closer to home

Not exactly a torrent but:
for x in $(seq 1 62)
do
wget http://www.phrack.org/leecharch.php?p=$x
done

.oO Phrack Magazine Oo.

Volume Seven, Issue Forty-Nine

File 06 of 16

[ Project Loki ]

whitepaper by daemon9 AKA route
sourcecode by daemon9 && alhambra
for Phrack Magazine
August 1996 Guild Productions, kid

comments to route@infonexus.com/alhambra@infonexus.com

http://www.phrack.org/phrack/49/P49-06

Stumbled onto a VMS/DECNet machine and want to explore a little? First try "show known nodes", and then... our friends at Phrack have a HOWTO guide, including a copy of the all-important "TELL.COM".

-Mark: (remembers VMS) && (age > 25)

Somehow I predict a lot of British drivers will have strange reception problems soon. Funny how "satellites in view" stays at 9 but "satellites locked" drops to 0, isn't it?

So what will happen if your GPS doesn't work? Maybe someone uses one of the commercially available GPS jammers, or homemade ones: http://www.phrack.org/show.php?p=60&a=13
Will they not give you the congestion charge discount? Will they slow down the car until the GPS signal is re-acquired?

EFF Issues Statement On New York Computer Crime Indictments July 9, 1992

Cambridge, MA -- The Electronic Frontier Foundation (EFF) issued a statement concerning the indictment of MOD for alleged computer-related crimes.

This statement said, in part, that EFF's "staff counsel in Cambridge, Mike Godwin is carefully reviewing the indictment."

EFF co-founder and president Mitchell Kapor said "EFF's position on unauthorized access to computer systems is, and has always been, that it is wrong. Nevertheless, we have on previous occasions discovered that allegations contained in Federal indictments can also be wrong, and that civil liberties can be easily infringed in the information age. Because of this, we will be examining this case closely to establish the facts."

When asked how long the complete trial process might take, assistant U.S. attorney Fishbein said "I really couldn't make an accurate estimate. The length of time period before trial is generally more a function of the defense's actions than the prosecution's. It could take anywhere from six
months to a year.

Pshaw -- everyone knows to ignore their bomb making advice. It is Phrack's Blackjack advice you should follow:

Bet big when you want to win big. Lose a big hand? Double your bet. Lose again? Double it again. Lose again? Goto 1 ... Eventually, odds are, you will win all your money back, AND THEN SOME!

But in all seriousness -- Phrack rocks. I released my Nmap Security Scanner in P51 and OS detection in P54. I wish they wouldn't call P63 Phrack final, as I expect it to flourish again under more capable/interested hands. That may even happen soon if they select the next editor(s) well. Let us all hope so. The underground and hobbyist researchers deserve a voice. It is rather refreshing and nostalgic to see portions of the security community that haven't yet sold out.

-Fyodor (Insecure.Org)

Pshaw -- everyone knows to ignore their bomb making advice. It is Phrack's Blackjack advice you should follow:

Bet big when you want to win big. Lose a big hand? Double your bet. Lose again? Double it again. Lose again? Goto 1 ... Eventually, odds are, you will win all your money back, AND THEN SOME!

But in all seriousness -- Phrack rocks. I released my Nmap Security Scanner in P51 and OS detection in P54. I wish they wouldn't call P63 Phrack final, as I expect it to flourish again under more capable/interested hands. That may even happen soon if they select the next editor(s) well. Let us all hope so. The underground and hobbyist researchers deserve a voice. It is rather refreshing and nostalgic to see portions of the security community that haven't yet sold out.

-Fyodor (Insecure.Org)

I will second that. The GP just doesn't know what he is talking about. I have no experience with 2600, so I won't say anything about that, but recent Phrack issues are far from "omfg 1337 101".

http://www.phrack.org/show.php?p=62&a=6
http://www.phrack.org/show.php?p=62&a=12
http://www.phrack.org/show.php?p=62&a=13
http://www.phrack.org/show.php?p=54&a=7

GP clearly must be kidding.

I will second that. The GP just doesn't know what he is talking about. I have no experience with 2600, so I won't say anything about that, but recent Phrack issues are far from "omfg 1337 101".

http://www.phrack.org/show.php?p=62&a=6
http://www.phrack.org/show.php?p=62&a=12
http://www.phrack.org/show.php?p=62&a=13
http://www.phrack.org/show.php?p=54&a=7

GP clearly must be kidding.

I will second that. The GP just doesn't know what he is talking about. I have no experience with 2600, so I won't say anything about that, but recent Phrack issues are far from "omfg 1337 101".

http://www.phrack.org/show.php?p=62&a=6
http://www.phrack.org/show.php?p=62&a=12
http://www.phrack.org/show.php?p=62&a=13
http://www.phrack.org/show.php?p=54&a=7

GP clearly must be kidding.

I will second that. The GP just doesn't know what he is talking about. I have no experience with 2600, so I won't say anything about that, but recent Phrack issues are far from "omfg 1337 101".

http://www.phrack.org/show.php?p=62&a=6
http://www.phrack.org/show.php?p=62&a=12
http://www.phrack.org/show.php?p=62&a=13
http://www.phrack.org/show.php?p=54&a=7

GP clearly must be kidding.

...but if I'm lucky I'll be able to make it into the last-ever loopback!

I've always gotten a kick out of this article in the first issue of PHRACK:

http://www.phrack.org/show.php?p=1&a=7

In it, the poster spells out a recipe for an acetylene balloon bomb. Fill up a plastic bag with acetylene, put some rocks in it, put some of those little fun-spans in it, then throw it out the window... Always cracks me up when I think about some fucktard throwing fun-snaps into a bag filled with rocks and acetylene/oxygen...

Maybe it's because of articles like this that PHRACK is dead.

Looking at the cover of their previous issue... is it any surprise that hackers have a reputation as being hairy palmed, sex-starved, sad sack porno hounds?

Looking at the cover of their previous issue... is it any surprise that hackers have a reputation as being hairy palmed, sex-starved, sad sack porno hounds?

Try http://www.phrack.org/ The link (without the "www.") didn't work for me. (Server not found)

I think the GP is justified in venting some anger, since http://phrack.org/ is actually cited in the story.

Try http://www.phrack.org/

Use http://www.phrack.org/

I hate it when you have to use "www".

The requested URL could not be retrieved While trying to retrieve the URL: http://phrack.org/ The following error was encountered: Unable to determine IP address from host name for phrack.org The dnsserver returned: No Address records This means that: The cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is webmaster.

Listen to the low-karma slashdot troll Sheepdot. Sure, he says a lot of obviously wrong things and gets called out on it, and whenever he does he refuses to justify himself and just insults the people who catch him. This is a sure sign of a truly powerful security and voting systems expert.

I mean, what does Bruce Schneier know? The world comes to slashdot trolls for its opinions, after all.

How can anyone fail to sense your hidden genius in your appreciation for half-baked security tools that have a history of failure traceable as far back as Phrack articles from 1993.

Yes, ladies and gentlemen, only on slashdot can a whiny, obnoxious, ignorant baby like Sheepdot treat experts like assholes and still get a free education in return:

--
"More recently, other implementations of LKMs for hiding processes,
files, and directories have come about that can get around the above
described methods of defeating standard root kits, as well as
cryptographic checksumming programs like "tripwire" that must trust the
operating system to present them with valid bits from disc and memory.

The Hacker's Choice (THC) from Germany has write-ups on loadable
kernel modules for Linux, FreeBSD, and Solaris, which describe this
methods of hiding out on a rooted box:

http://www.thehackerschoice.com/papers/LKM_HACKING .html
http://www.thehackerschoice.com/papers/bsdkern.htm l
http://www.thehackerschoice.com/papers/slkm-1.0.ht ml

TESO has another Linux LKM ("adore") along these same lines:

http://www.team-teso.net/releases.php

Using methods such as these, integrity checking programs like "tripwire"
and NIPC's "find_ddos" programs can be subverted, as the kernel could
not even be trusted to give correct results when searching process
tables, network structures, or file systems.

You might think that simply disabling LKM support in the kernel -- which
is still a good idea to improve security on a server whose configuration
will be stable -- is the final answer. Not exactly.

Another method of inserting code into running kernels -- even if LKM
support is not present -- is described by Silvio Cesare:

http://www.big.net.au/~silvio/runtime-kernel-kmem- patching.txt"
--

Too bad you can't run tripwire to protect your brain, Sheep. LOL.

Read what I consider the seminal hacker work on this subject by Aleph One over at phrack.org

http://www.phrack.org/show.php?p=49&a=14

A little on the detailed side, especially the gdb stuff, but a GREAT article.

The standard text is still Smashing The Stack For Fun And Profit, I think.

Funny how exploits that are "just theoretical" don't stay that way forever...

I always liked this phrack article about how to exploit an appearently unexploitable bug. After reading this, I would be very cautious about clasifying a bug as unexploitable.

See

http://www.stallman.org/articles/on-hacking.html

http://www.phrack.org/show.php?p=22&a=4

Uhm.. but an attachement would run as a unix user and be very limited... even if you scripted sudo into it the user would be prompted for this and figure hey...

this sort of malware would not be able to do anaweful lot except perhaps create some files and run some processes as a user. This would be very easy if not trivial to spot and remedy without invasive procedures. This contrary to malware on windows which is able to exploit the weaknesses in the filesystem (lack) security and the personality of script interfaced system calls. A vanilla OSX doesn't have a root user so I doubt that you could even attempt a rootkit type attack. Sure, you could come up with a program that can copy itself and perhaps even distribute itself but it would in essence be harmless. The weakness is always human and as the mac platform gains in popularity we will undoubtedly see more phishes and executable attachements but these are subject to the common sense of the user to be dealt with caution.

As for overflow attacks, these have mostly been dealt with in the BSD world and continue to be handled in that open source community. Lets not get over paranoid about hacking a stack pointer and inserting a new target address where malicious code is loaded and then run as the "smashed" code's privileges.. Methinks humbly that Darwin has sufficient pedigree in this level of security.

malloc()/free() overwrites are similarly dealt with in the BSD heritage and thus are unlikely candidates in existing Darwin software. printf("%s", buf) has replaced printf(buf) and hence a major part of the heap attakcs have been dealt with.

good resource

When the PHC suggests ideas like that, well, that's preposterous. What would they know of security or viruses?

p62-0x02.txt

2) [...] Kernel does not support loadable kernel modules (which makes it a pain to change a network card, as the kernel must be recompiled).

FYI, this provides only limited protection. Yes, someone won't be able to insmod a rootkit, but with access to /dev/kmem, they can overwrite kernel memory as needed. See Phrack issue 58, article 0x07.

-molo

Memories, indeed. This almost made me weep for my younger days:

<ASCII art the /. lameness filter hated>
(314)432-0756
24 Hours A Day, 300/1200 Baud

300 baud! Where's my VIC-20 when I need it...?

As someone who has not only read but also studied every single issue of Phrack I propose that in the very last issue they also publish the All-time Top 10 Articles List as voted by readers and I hereby nominate Aleph One's legendary article Smashing The Stack For Fun And Profit (Volume 7, Issue 49, November 08, 1996).

So let's hear your nominations... Yes, I know phrack.org has been slashdotted (commiserations to John Kozubik of Johncompanies in San Diego), but that's the point - if you are a true diehard fan of Phrack you already have all the issues mirrored locally because you've studied them thoroughly.

But it started at issue #1...

http://www.phrack.org/show.php?p=1

If, however, on the off chance you find yourself stranded in South English, Iowa, where the only pay phone in town is still rotary, this is how it works.

Pick up the phone and wait for dialtone. Insert a dime. (Yes, this phone still costs a dime!) Now, see the holes arranged on the disc? Find the one corresponding to the digit you want to dial, insert your finger, and rotate the disc clockwise until you hit the stop. Remove your finger. Wait for the dial to rotate back to its original position. Repeat as needed.

While you were dialing, did you hear those clicks? The circuit is actually being interrupted at a rate of 10 times per second. (This will be 20 times in some other countries.) The switching equipment in the central office measures the number of clicks and the time in between them to determine the number you dialed.

For more information, I suggest reading old articles of Phrack.

After reading the review of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake after writing a Phrack Article in which he exposed numerous flaws in The Coroner's Toolkit by Dan & Wietse. Before you read this book, check out the video (bittorrent) of The Grugq on The Art of Defiling and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 in Jakarta, in April at Black Hat in S'pore and Amsterdam and at HITB2005 Bahrain.

After reading the review of Dan Farmer and Wietse's Forensic Discovery, you should hear about The Grugq who got fired from @stake after writing a Phrack Article in which he exposed numerous flaws in The Coroner's Toolkit by Dan & Wietse. Before you read this book, check out the video (bittorrent) of The Grugq on The Art of Defiling and see how to defeat "industry grade" forensic tools and techniques . You can also meet him at a hacker convention near you (in March at BCS2005 in Jakarta, in April at Black Hat in S'pore and Amsterdam and at HITB2005 Bahrain.

I wish people would talk about the work of The Grugq who got fired from @stake after publishing an article in Phrack Magazine. He will be talking in Jakarta, Indonesia at BCS2005 in March, Blackhat Singapore and Amsterdam in in April. (and he will probably never speak in USA because he embarasses and ridicules the profession and ... the FBI.

I wish people would talk about the work of The Grugq who got fired from @stake after publishing an article in Phrack Magazine. He will be talking in Jakarta, Indonesia at BCS2005 in March, Blackhat Singapore and Amsterdam in in April. (and he will probably never speak in USA because he embarasses and ridicules the profession and ... the FBI.

Phrack article on the WANK worm that cracked lots of NASA VMS machines. Yes, it was 1989 or so, but this is VMS, so that's a reasonable timeframe :-)

Not just for the Tin Foil hat crowd. Those who are criminally inclined may find a GPS Jammer handy. Though this does violate FCC regulations. But hey when you committing a crime, does breaking one more law matter?

Smashing the Stack for Fun and Profit

The original link is here. This was originally published in Phrack #49 on 08 November 1996. It is still a relevant and useful article.

"Gee, Dad, the GPS feature on my phone must not work in the car."

Phrack had a nice article detailing how to jam the consumer frequency. I assume cost is an issue so the recievers requiered will use this band.

So without further ado:

http://www.phrack.org/show.php?p=60&a=13

BTW: insert lame space balls quote here.