THE HAPPY mHACKER - SECURITY FOR THE REST OF US!
BROUGHT TO YOU BY M-TECH ONLINE
Need a Mac tech book, quick? We pick'em, you buy'em.
Created in collaboration with Amazon.com
Opening April 15, 2000 - URL in next issue.
APRIL 2000 - INTRODUCTORY ISSUE
Good morning kiddies!
Gather 'round the fireplace and crack crack open the beers,
Wizard Mithra accompanied by black cat hacker extraordinaire
Nikodemus Alexander would like to welcome you to the first
gathering of the Golden Apple Clan.
All Hail Eris!
So you want to learn everything about entering into other's
fortress, and burning Chrome is your lifelong ambition? You feel
down because your post on alt.2600 asking for a tutor, a mentor
the Grand Art of cryptoforcing, was not answered?
Have you painfully gathered copies of the red book, the blue
the crimson book, and Ol'Buzzard autobiography?
Do you have a whole wall of your room covered with Free Kevin
and press clippings?
If so, I'm afraid you took a wrong turn a few miles up the
may be disappointed in the content of this 'zine: For our purpose
is not to create chaos but to master chaos created. Not to destroy
to tame. Not to offer scriptkids with more tools and exploits,
keep on the edge of what is being done, break it down, analyse
understand it and counter it.
Most of all, it's to have some fun, dammit! Life's too short
as it is.
If you were expecting something else, accept my apology. This
is rated A. It's a Zen thing: If you're not already here and
can't come in.
So leave, while it is still possible: We are about to beam
entire castle back to the planet of Trans... Oops - wrong movie.
[END OF RANT]
Because the Macintosh is renowned for being a fairly secure
(at least compared to many operating systems), the Mac community
for a long time sat on its laurels and orgasmically fondled its
corporate belly while muttering "It Can't Happen Here..."
swear I could clearly hear Frank Zappa's voice in there.)
The power of positive thinking, though, has never changed
much as far
as computer security goes. If there is an hole, somewhere, anywhere,
someone will find it and exploit it, for fun or profit.
We have seen that happen on the PC side, and used by certain
companies in low-blow marketing strategies. After all, with large
departments, who is in a better position to reverse engineer
vulnerability in a product?
The Mac is solid, be it. This does not mean that it's bullet
There are chinks in the armor, and our sole purpose here will
find them out, inspect and close the breach.
I hope that in the process both you and I will learn a lot.
select and post questions of general interest, and try to provide
some answers. I will also share with you some insight in current
affairs, and refer you to internet resources I feel are worth
A word of warning: Even with over 15 years of Mac AND Internet
experience, I do not hold the horn of plenty knowledge. There
lot I don't know, and worse, a lot that I think I know but that
be wrong. If ever I say something completely asinine, feel free
let me know, but there is no point in being rude about it. Please
gentle with me...
The full disclaimer: My name is Pat St-Arnaud. My first Mac
Plus, and I started networking before the birth of the WWW. I
rent thanks to generous contributions from the clients my company
advises on all things Macintosh, and from a stipend MacHome Journal
sends me to edit and publish their free eZine, Hot Tips Weekly.
suspect me to have written technical research analysis, movie
and to be responsible for the content of certain Mac magazines'
I was previously almost killed by a five year contract with
Canadian Government, investigating frauds and finding people.
tedium, boredom and illogical constraints of bureaucracy almost
me! I feel much better now, thank you.
NEXT ISSUE: This is issue 0. We start for real next month
brief review of the last decade and conclusions to be drawn.
also look at a backdoor affecting online Filemaker databases
to avoid that vulnerability. We will finally look at some really
simple and efficient tricks to increase network security.^
I'm aware that this issue's content is rather flimsy. I hope
it out in months to come. Expect the Happy mHacker the first
Have a good month!
STATS: 1999 loses due to computer crimes: $10 billion
Source: Computer Security Institute estimate,
Note: Only 1/4 of companies report computer crimes.
MORE CREDIT CARDS PROMENADES COVERED
485,000 credit cards numbers stolen in Jan 1999 from an e-commerce
site were secretly stored in a database on a U.S. government
You have to appreciate the humour!
... AND FOR SOME, EASY A PIE!
"Just hit 'update account' and you get the form as filled
Some CGI vendors seem rather clueless about minimal transaction
STATS: Credit-card fraud, worldwide: $1 billon/year.
WHEN IS A BACKUP VAPOURTRAIL?
Northwest Airlines had to cancel about 130 flights during
outage at their Twin Cities hub, as contractor bored into the
cluster containing BOTH main and redundant fibre lines. A reminder
about the difference between backup and archive - or redundancy
nothing at all...
SSL (SECURE SOCKETS LAYER) BITZ
SSL is a protocol that allows public key encrypted traffic
between a Web server and client.
There is no special relationship between SSL and credit cards.
SSL does not provide for credit card processing in any way; it
merely encrypts data during transit.
Data output one the local side of the secure server is not
The only difference in operation between secure and regular Web
is that nph- scripts cannot be used with the secure server because
the special negotiations involved with SSL.
To provide minimal security, secure data should be re-encrypted
once received from the secure server. Few take this precaution.
Pair networks wrote the full primer.
Consider using their services as host: They're good.
If you want to polish your network skills, or simply learn
new and extra ones, Nortel Networks has a WHOLE bunch
of PowerPoint and Acrobat training files one the web.
Follow the links for certification courses. Although
mostly addressing their own products, some are generic
enough to be great reference sources.
NEWEST TROJANS LOCATED ON HOTLINE SERVERS
Source: Posting by ³Late R.²
NG: Some of these may mimic valid files.
Hotline IP Spoofer.sit - 15.7 KB
LOGIC AUDIO 2.6.6 [k].sit
Media 100 4.0p2 XS [RealK]
Photoshop 5.0 Tryout [k] Note: Version [k] by Codeman OK.
AllAdvantage 1.0b20 [k] Note: Version [k]'d by iconoclast OK
MacOS 8.5.1 Chooser Update
C&N August 1998.sit
Corel KnockOut.sit [3.1 Meg]
QuarkImmedia 1.5.img - 5705k
I suggest opening any dubious file uploaded to your server
ResEdit or Resorcerer to have a peek at the codes before
any double-click happens.
Trust no one! Many malicious Trojan are very well disguised
- as a
ReadMe or Doc application files, for instance.
12 STEPS PROGRAM OF RECOVERY FOR WEB ADDICTS
Source: Unknown Netizen
1) I will have a cup of coffee in the morning and read my
like I used to, before the Web.
2) I will eat breakfast with a knife and fork and not with one
3) I will get dressed before noon.
4) I will make an attempt to clean the house, wash clothes, and
plan dinner before even thinking of the Web.
5) I will sit down and write a letter to those unfortunate few
friends and family that are Web-deprived.
6) I will call someone on the phone who I cannot contact via
7) I will read a book...if I still remember how.
8) I will listen to those around me and their needs and stop
telling them to turn the TV down so I can hear the music on the
9) I will not be tempted during TV commercials to check for email.
10) I will try and get out of the house at least once a week,
is necessary or not.
11) I will remember that my bank is not forgiving if I forget
balance my checkbook because I was too busy on the Web.
12) Last, but not least, I will remember that I must go to bed
sometime ... and the Web will always be there tomorrow!
This is a list devoted to *legal* hacking! If anyone plans to
information in this Digest or at our Web site to commit crime,
away! We like to put computer criminals behind bars where they