New Phrack

Anonymous Coward writes "A new issue of the Phrack Magazine, #60 has been released today. It details some decent technique about kernel exploitation (OpenBSD), Cisco remote exploit, how to backdoor a core bzimage kernel and other stuff. The ascii based magazine is available at phrack.org."

Re:Phrack.

[packeteer]

They stopped making their zine a long time ago... some of the ppl frmo F.U.C.K. formed www.attrition.org where you can find all the old copies of F.U.C.K.

Re:Gray hat?

[SuperDuG]

I think the one thing that people need to get out of their heads is the common misconception of a "black hat hacker or cracker". The terminology is quite specific as:

- "sript kiddie" refers to someone with little or no maturity that uses an automated exploit scan program that makes hacks a matter of happenstance if anything else.

- "cracker" is one step higher from a script kiddie as this is a person who actually has a target in mind, but is not randomly screening. Usually a cracker will gain access by acquring a password (hence cracker). There are many ways to do this, but the more calculated attacks are usually by a cracker that is persistent.

- "black hat hackers" these are the guys you rarely hear about as they're main goal in life is to be where they shouldn't be and make sure that they're the only ones that know what they are doing. This is the sexiest of illegal hackers as these are the types that actually get into the "unbreakable" systems and really do know their shit. These people work for the government usually (and not just American) and some are even employed without wanting to be (part of a plea bargain). These are the type of people that you want to not be interested in your system as with a certain amount of time they will get into your system.

I'm not implying you don't know this, I was meerly trying to elaborate further on your post. And not everything these "Evil Hackers" do is all that bad. Many "script kiddie" tools are useful in testing your own systems for holes or exploits, if you have the same toys as they do, they can't beat you.

Grey hats are where most all computer type people belong, where we all usually do good, but we do know some tricks of the trade. Like an automechanic who knows how to hotwire a car or jimmy a lock open, does that make him a criminal? Same goes for anyone who is a professional locksmith (make the best theives?), doctors (make the best killers?), and bomb squad officiers (make the best bomb builders?). The joy of being a grey hat is knowing enough to protect yourself because you've been there before.

Case-In-Point ... the most secure server is one that is unplugged and buried in the middle of the earth, and that's still questionable.

Re:Phrack.

[gir]

What do you mean they don't make them like they used to?

Surprisingly enough, the textfile scene is quite alive!

Both www.textscene.com and scene.textfiles.com do what they can to stay on top of the newest tfiles.

OpenBSD vulnerability has been fixed in August

[OttoM]

Patches for OpenBSD 3.0 and 3.1 were submitted August 11, 2002. OpenBSD 3.2 was released with the patched code. See errata page.

While interesting, the article describes a vulnerability that already has been fixed.

Re:OpenBSD vulnerability has been fixed in August

[MrScience]

What makes the article interesting is that the person describes in detail how to exploit a discovered buffer-overrun vulnerability. The OpenBSD flaw was just an example.

read Kevin Mitnick's story

[r5t8i6y3]

this, IMHO, is the most valuable information in Phrack 60:

Kevin Mitnick wrote a book, "The Art of Deception". The first chapter
has been deleted by the publisher at the last minute. It's available
on the internet:
http://www.wired.com/news/culture/0,1284,56187,00. html
http://littlegreenguy.fateback.com/chapter1/Chapte r%201%20-%20Banned%20Edition.doc

[i linked this Phrack quote because Slash adds a space character to strings that wordwrap - can anyone tell me how to prevent this from happening?]