[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: Phrack World News ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ] [ 71 ]
Current issue : #64 | Release date : 2007-05-27 | Editor : The Circle of Lost Hackers
IntroductionThe Circle of Lost Hackers
Phrack Prophile of the new editorsThe Circle of Lost Hackers
Phrack World NewsThe Circle of Lost Hackers
A brief history of the Underground sceneDuvel
Hijacking RDS TMC traffic information signallcars & danbia
Attacking the Core: Kernel Exploitation Notestwiz & sgrakkyu
The revolution will be on YouTubegladio
Automated vulnerability auditing in machine codeTyler Durden
The use of set_head to defeat the wildernessg463
Cryptanalysis of DPA-128sysk
Mac OS X Wars - A XNU Hopenemo
Hacking deeper in the systemscythale
Remote blind TCP/IP spoofinglkm
Know your enemy: Facing the copsLance
The art of exploitation: Autopsy of cvsxplAc1dB1tch3z
Hacking your brain: The projection of consciousnesskeptune
International scenesVarious
Title : Phrack World News
Author : The Circle of Lost Hackers
              _                                                _
            _/B\_                                            _/W\_
            (* *)            Phrack #64 file 3               (* *)
            | - |                                            | - |
            |   |            Phrack World News               |   |
            |   |                                            |   |
            |   |   compiled by The Circle of Lost Hackers   |   |
            |   |                                            |   |
            |   |                                            |   |
            (____________________________________________________)



The Circle of Lost Hackers is looking for any kind of news related to
security, hacking, conference report, philosophy, psychology, surrealism,
new technologies, space war, spying systems, information warfare, secret
societies, ... anything interesting! It could be a simple news with just
an URL, a short text or a long text. Feel free to send us your news.

Again, we need your help for this section. We can't know everything,
we try to do our best, but we need you ... the scene needs you...the
humanity needs you...even your girlfriend needs you but should already
know this... :-)


1. Speedy Gonzales news
2. One more outrage to the freedom of expression
3. How we could defeat the Orwellian Narus system
4. Feeling safer in a spying world
5. D-Wave computing demonstrates a quantum computer

--------------------------------------------


--[ 1.

 _____                     _
/  ___|                   | |
\ `--. _ __   ___  ___  __| |_   _
 `--. \ '_ \ / _ \/ _ \/ _` | | | |
/\__/ / |_) |  __/  __/ (_| | |_| |
\____/| .__/ \___|\___|\__,_|\__, |
      | |                     __/ |
      |_|                    |___/
 _____                      _
|  __ \                    | |
| |  \/ ___  _ __  ______ _| | ___  ___
| | __ / _ \| '_ \|_  / _` | |/ _ \/ __|
| |_\ \ (_) | | | |/ / (_| | |  __/\__ \
 \____/\___/|_| |_/___\__,_|_|\___||___/
 _   _
| \ | |
|  \| | _____      _____
| . ` |/ _ \ \ /\ / / __|
| |\  |  __/\ V  V /\__ \
\_| \_/\___| \_/\_/ |___/



-Speedy News-[ There is no age to start hacking ]--

http://www.dailyecho.co.uk/news/latest/display.var.
1280820.0.how_girl_6_hacked_into_mps_commons_computer.php



-Speedy News-[ Eeye hacked ? ]--

  http://www.phrack.org/eeye_hacked.png



-Speedy News-[ Anarchist Cookbook ]--

   The anarchist cookbook version 2006, be careful...

http://www.beyondweird.com/cookbook.html



-Speedy News-[ Is Hezbollah better than Israeli militants? ]--

http://www.fcw.com/article96532-10-19-06-Web



-Speedy News-[ How to be secure like an 31337 DoD dude ]--

https://addons.mozilla.org/en-US/firefox/addon/3182



-Speedy News-[ Hi I'm Skyper, ex-Phrack and I like Phrack's design! ]--

http://conf.vnsecurity.net/cfp2007.txt



-Speedy News-[ The most obscure company in the world ]--

http://www.vanityfair.com/politics/features/2007/03/spyagency200703?
printable=true&currentPage=all

A "MUST READ" article...



-Speedy News-[ Terrorism excuse Vs freedom of information ]--

http://www.usatoday.com/news/washington/2007-03-13-archives_N.htm



-Speedy News-[ Zero Day can happen to anyone ]--

http://www.youtube.com/watch?v=L74o9RQbkUA



-Speedy News-[ NSA, contractors and the success of failure ]--

http://www.govexec.com/dailyfed/0407/040407mm.htm



-Speedy News-[Blood, Bullets, Bombs, and Bandwidth ]--

http://rezendi.com/travels/bbbb.html



-Speedy News-[ The day when the BCC predicted the future ]--

http://www.prisonplanet.com/articles/february2007/260207building7.htm



-Spirit News-[ Just because we like these websites ]--

http://www.cryptome.org/
http://www.2600.com/




--[ 2. One more outrage to the freedom of expression
		by Napoleon Bonaparte


The distribution of a book containing a copy of the Protocols of
the Elders of Zion was stopped in Belgium and France by Israeli 
lobbyists.

The authors advance that the bombing of the WTC could be in relation with
Israel. It's not the good place to argue about this statement, but what
is interesting is that 6 years after 11/09/01 we read probably more than
100 theories about the possible authors of WTC bombing: Al Qaeda, Saoudi
Arabia, Irak (!) or even Americans themselves. But this book advances the
theory that _maybe_ there is something with Israel and the diffusion is
forbidden, just one month after its release.

Before releasing this book, the Belgian association antisemitisme.be
read it to give his opinion. The result is apparent: the book is not
antisemitic. The only two things that could be antisemitic in this book
are:

- the diffusion of "The Protocols of the Elders of Zion" in the annexe
of the book. If you take a look on Amazon, you can find more than
30 books containing The Protocols.

- the cover of the book which show the US and Israeli flags linked with a
bundle of dollars.

Actually you can find the same kind of picture on the website of the
Americo-Israeli company Zionoil: http://www.zionoil.com/ . And the
cover of the book was designed before the author found the same picture on
Zionoil's website.

Also, something unsettling in this story is that the book was removed
on the insistence of a Belgian politician: Claude Marinower. And on the
website of this politician, we can see him with Moshe Katsav who is the
president of Israel and recently accused by Attorney General Meni Mazuz
for having committed rape and other crimes...

http://www.claudemarinower.be/uploads/ICJP-israelpresi.JPG

So why the distribution of this book was banned? Because the diffusion of
"The Protocols of the Elders of Zion" is dangerous? Maybe but...

You can find on Internet or amazon some books like "The Anarchist
Cookbook" which is really more "dangerous" than the "The Protocols of
the Elders of Zion".  In this book you can find some information like how
to kill someone or how to make a bomb. If we have to give to our children
either "The Anarchist Cookbook" or "The Protocols of the Elders of Zion",
I'm sure that 100% of the population will prefer to give "The Protocols
of the Elders of Zion". Simply because it's not dangerous.

So why? Probably because there are some truth in this book.

The revelations in this book are not only about 11/09/2001 but also about
the Brabant massacres in Belgium from 1982 to 1985. The authors advances
that these massacres were linked to the GLADIO/stay-behind network.

As Napoleon Bonaparte said: "History is a set of lies agreed upon".

He was right...


[1]
http://www.antisemitisme.be/site/event_detail.asp?language=FR&eventId
=473&catId=26

[2] http://www.ejpress.org/article/14608

[3]
http://www.wiesenthal.com/site/apps/nl/content2.asp?c=fwLYKnN8LzH&b
=245494&ct=2439597

[4]
http://www.osservatorioantisemitismo.it/scheda_evento.asp?number=1067&
idmacro=2&n_macro=3&idtipo=59

[5] http://ro.novopress.info/?p=2278

[6] http://www.biblebelievers.org.au/przion1.htm



--[ 3. How we could defeat the Orwellian Narus system
		by Napoleon Bonaparte


AT&T, Verizon, VeriSign, Amdocs, Cisco, BellSouth, Top Layer Networks,
Narus, ... all theses companies are inter-connected in our wonderful
Orwellian world. And I don't even talk about companies like Raytheon
or others involved in "ECHELON".

That's not new, our governments spy us. They eavesdrop our phones
conversation, our Internet communications, they take beautiful
photos of us with their imagery satellites, they can even see through
walls using satellites reconnaissance (Lacrosse/Onyx?), they install
cameras everywhere in our cities (how many cameras in London???),
RFID tags are more and more present and with upcoming technologies like
nanotechnologies, bio-informatics or smartdusts system there is really
something to worry about.

With all these systems already installed, it's utopian to think that
we could come back to a world without any spying system. So what we
can do ? Probably not a lot of things. But I would like to propose a
funny idea about NARUS, the system allowing governments to eavesdrop
citizens Internet communications.

This short article is not an introduction to Narus. I will just give
you a short description of its capacities. A more longer article
could be written in a next release of Phrack (any volunteer?). So
Narus is an American company founded in 97. The first work of NARUS
was to analyze IP network traffic for billing purpose. In order to
accomplish this they have strongly contributed to the standardization
of the IPDR Streaming Protocol by releasing an API Code [1] (study this
doc, it's a key to break NARUS). Nowadays, Narus is also included in
what I will call the "spying business". According to their authors,
they can collect data from links, routers, soft switches, IDS/IPS,
databases, ..., normalize, correlate, aggregate and analyze all these
data to provide a comprehensive and detailed model of users, elements,
protocols, applications and networks behaviors. And the most important:
everything is done in real time. So all your e-mails, instant messages,
video streams, P2P traffic, HTTP traffic or VOIP can be monitored. And
they doesn't care about which transmission technology you use, optical
transmission can also be monitored. This system is simply amazing and 
we should send our congratulations to their designers. But we should 
also send our fears...

If we want to block Narus, there is an obvious way: using
cryptography. Nowadays, it's quite easy to send an encrypted email. You
don't even have to worry about your email client, everything it's
transparent (once configured). The problem is that you need to give
your public key to your interlocutor, which is not really "user
friendly". Especially if the purpose is simply to send an email to
your girlfriend. But it's still the best solution to block a system
like Narus. Another way to block Narus is to use steganography, but
it's more complicate to implement.

In conclusion, there is no way to stop totally a system like Narus and
the only good way to block it is to use cryptography. But we, hackers,
we can do something against Narus. Something funny. The idea is the
following: we should know where a Narus system is installed!

First step. An organization, a country or simply someone should buy
a Narus system and reverse it. There are a lot of tools to reverse a
system, free or commercial. Since the purpose of Narus is to analyze
data, the main task is parsing data. And we know that systems parsing
data are the most sensitive to bugs. So a first idea could be to fuzzing
it with random requests and if it doesn't work doing some reversing. Once
a bug is detected (and for sure, there IS at least one bug), the next
step is to exploit it. Difficult task but not impossible. The most
interesting part is the next one: the shellcode.

There are two possibilities, either the system where Narus is installed
has an outgoing Internet connexion or there isn't an outgoing Internet
connexion. If not, the shellcode will be quite limited, the "best"
idea is maybe just to destroy the system but it's not useful. What is
useful is when Narus is installed on a system with an outgoing Internet
connexion. We don't want a shell or something like that on the system,
what we want is to know where a Narus system is installed. So what our
shellcode has to do is just to send a ping or a special packet to a
server on Internet to say "hello a Narus is installed at this place". We
could hold a database with all the Narus system we discover in the world.

This idea is probably not very difficult to implement. The only bad
thing is if we release the vulnerability, it won't take a long time to
Narus to patch it.

But after all, what else can we do?

Again, as Napoleon said: "Victory belongs to the most persevering".

And hackers are...


[1] http://www.ipdr.org/public/DocumentMap/SP2.2.pdf


--[ 4. Feeling safer in a spying world
		by Julius Caesar


At first, it's subtle. It just sneaks up on you. The only ones who
notice are the paranoid tinfoil hat nutjobs -- the ones screaming about
conspiracies and big brother. They take a coincidence here and a fact
from over there and come up with 42. It's all about 42.

We need cameras at ATM machines, to catch robbers and muggers. Sometimes
they even catch a shot of the Ryder truck driving by in the background. 
People get mugged in elevators, so we need some cameras there too. 
Traffic can be backed up for a while before the authorities notice, so 
let's have some cameras on the highway. Resolution gets better, and we 
can catch more child molestors and terrorists if they can record license 
plates and faces.

Cameras at intersections catch people running red lights and
speeding. We're getting safer every day.

Some neighborhoods need cameras to catch the hoods shooting each
other. Others need cameras to keep the sidewalks safe for shoppers. It's
all about safety.

Then one day, the former head of the KGIA is in charge, or arranges
for his dimwitted son to fuck up yet again as president of something.

Soon, we're at war. Not with anyone in particular. Just Them. You're
either with us, or you're with Them, and we're gonna to git Them.

Our phone calls need to me monitored, to make sure we're not one
of Them. Our web browsing and shopping and banking and reading and
writing and travel and credit all need to be monitored, so we can catch
Them. We'll need to be seached when travelling or visiting a government
building because we might have pointy metal things or guns on us. We
don't want to be like Them.

It's important to be safe, but how can we tell if we're safe or not? What
if we wonder into a place with no cameras? How would we know? What if
our web browsing isn't being monitored? How can we make sure we're safe?

Fortunately, there are ways.

Cameras see through a lens, and lenses have specific shapes with unique
characteristics. If we're in the viewing area  of a camera, then we
are perpendicular to a part of the surface of the lens, which usually
has reflective properties. This allows us to know when we're safely in
view of a camera.

All it takes is a few organic LEDs and a power supply (like a 9V
battery). Arrange the LEDs in a circle about 35mm in diameter, and wire
them appropriately for the power supply. Cut a hole in the center of
the circle formed by the LEDs.

Now look through the hole as you pan around the room. When you're
pointing at a lens, the portion of the curved surface of the lens which
is perpendicular to you will reflect the light of the LEDs directly
back at you. You'll notice a small bright white pinpoint. Blink the
LEDs on and off to make sure it's reflecting your LEDs, and know that
you are now safer.

Worried that your Internet connection may not be properly monitored
for activity that would identify you as one of Them? There are ways to
confirm this too.

Older equipment, such as carnivore or DCS1000 could often be detected
by traceroute, which would show up as odd hops on your route to the
net. As recently as 2006, AT&T's efforts to keep us safe showed up with
traceroute. But the forces of Them have prevailed, and our protectors
were forced to stop watching our net traffic. Almost. We can no longer
feel safe when seeing that odd hop, because it doesn't show up on
traceroute anymore.

It will, however, show up with ping -R, which requests every machine
to add its IP to the ping packet as it travels the network.

First, do a traceroute to find out where your ISP connects to the rest
of the net;

[snip]
 5  68.87.129.137 (68.87.129.137)  28.902 ms  14.221 ms  13.883 ms
 6  COMCAST-IP.car1.Washington1.Level3.net (63.210.62.58)  19.833 ms *
 21.768 ms
 7  te-7-2.car1.Washington1.Level3.net (63.210.62.49)  19.781 ms  19.092
 ms  17.356 ms

Hop #5 is on comcast's network. Hop #6 is their transit provider. We
want to send a ping -R to the transit provider
(63.210.62.58);

[root@phrack root]# ping -R 63.210.62.58
PING 63.210.62.58 (63.210.62.58) from XXX.XXX.XXX.XXX : 56(124) bytes
of data.
64 bytes from 63.210.62.58: icmp_seq=0 ttl=243 time=31.235 msec
NOP
RR:	[snip]
	68.87.129.138
	68.86.90.90
	4.68.121.50
	4.68.127.153
	12.123.8.117

117.8.123.12.in-addr.arpa. domain name pointer
sar1-a360s3.wswdc.ip.att.net.

An AT&T hop on Level3's network? Wow, we are still safely under the
watchful eye of our magnificent benevolent intelligence agencies. I
feel safer already.



--[ 5. D-Wave demonstrates a quantum computer
	     by aris

February the 13'th, 2007, Wave computing made a public demonstration
of their brand-new quantum computer, which could be a revolution in 
computing and in cryptography in general. The demonstration took 
place at Mountain View, Silicon Valley, though the quantum computer 
itself was left at Vancouver, remotely connected by Internet.

The Quantum computer is a hybrid construction of classical computing and
a quantum "accelerator" chip: The classical computer makes the ordinary
operations, isolates the complicate stuff, prepare it to be processed
by the quantum chip then gives back the results. The whole mechanism
is meant to be usable over networks (with RPC) to be accessible for
companies that want a quantum computer but can't manage to handle it
at their main office (The hardware has special requirements). [1]

The quantum chip is a 16 Qbits engine, using superconductiong
electronics.

Previous tries to do quantum computers were made previously, none of them
known to have more than 3 or 4 Qbits. D-Wave also pretends being able
to scale that number of Qbits up to 1024 in 2008 ! That fact made a lot
of people in scientific area skeptic about the claims of D-Wave. The US
National Aeronautics and Space Administration (commonly known as NASA)
confirmed to the press that they've built the special chip for D-Wave
conforming their specifications. [2]

Now, how does the chip works ? D-Wave hasn't released that much details
about the internals of their chip. They have chosen the superconductor
because it makes easier to exploit quantum mechanics. When atoms are 
very cold (approaching the 0K), they transform themselves into 
superconducting atoms. They have special characteristics, including the 
fact their electrons get a different quantum behaviur.

In the internals, the chips contains 16 Qbits arranged in a 4x4 grid,
each Qbit being coupled with its four immediate neighbors and some in
the diagonals. [3]

The coupling of Qbits is what gives them their power : a Qbit is
believed to be at two states at same time. When coupling two Qbits,
the combination of their state contains four states, and so on.
The more Qbits are coupled together, the more possible number of states
they have, and when working an algorithm on them, you manipulate all
of their states at once, giving a very important performance boost. By
its nature, it may even help to resolve NP-Complete problems, that is,
problems that cannot be resolved by polynomial algorithms (we think
of large sudoku maps, multivariate polynomial systems, factoring large
integers ...).

Not coupling all of their Qbits makes their chip easier to build and
to scale, but their 16Qbits computer is not equal to the theoretical 16
Qbits computers academics and governments are trying to build for years.

The impact of this news to the world is currently minimal. Their chips
currently work slower than a low-range personal computer and costs
thousands of dollars, but maybe in some years it will become a real
solution for solving NP problems.

The NP problem that most people involved in security know is obviously
the factoring of large numbers. We even have a proof that it exists
a *linear* algorithm to factorize a multiple of two large integers,
it is named Shor's algorithm. It means when we'll have the hardware
to run it, factorizing a 1024 bits RSA private key will only take two
times the time needed to factorize a 512 bits key.

It completely destroys the security of the public cryptography as we
know it now.
Unfortunaly, we have no information on which known quantum algorithms
run on D-Wave computer, and D-Wave made no statement about running
Shor's algorithm on their beast. Also, no claim have been given letting
us think the chip could break RSA. And for sure, NSA experts probably
already studied the situation (in the case they don't already own their
own quantum computer).

References:

[1] http://www.dwavesys.com/index.php?page=quantum-computing
[2] http://www.itworld.com/Tech/3494/070309nasaquantum/index.html
[3] http://arstechnica.com/articles/paedia/hardware/quantum.ars

[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2024, Phrack Magazine.