Brought to you each week by the PC Gurus, a loose collection of volunteers from around the Kentuckiana region.
You can interact with the team via chat room or BBS at www.thepcgurus.com. There are usually members present in the chat room after 8:00 PM every evening and you can post computer questions, comments, rants etc. on the bulletin board 24/7.
If you’re new to the Newsletter you can read back issues at Team member JP Durbin’s website at http://www.jpdurbin.net. There are links to all the old 84 Online issues as well as the new GuruNews missives.
The WHAS Crusade for Children provides year round support for needy children throughout the Kentuckiana region. Visit http://www.whascrusade.org to make donations online.
4-28-05
Computer users are in constant fear of hackers. They load up firewalls, worry that their IP address is transmitted from their browser (it has to be, but that’s another story) and many will never ever use a credit card online for fear that they may be “hacked” and that information stolen.
Quite honestly you have much more to fear from viruses and spyware than from hackers. True hackers are probing large websites and databases for vulnerabilities and the white hat hackers report these to the target so they can be fixed. Black hats obviously have a more malicious intent in mind, but home users needn’t really worry about being “hacked”. You’re safe, really.
As a matter of fact, white hat hackers are responsible for most of the patches and bug fixes you get for Windows, MS Office, Internet Explorer and most of the online applications you use. They poke around in a program or on a host trying different methods until they find a problem, then they report it to the software author and the problem is fixed.
The people that most people are actually referring to when they think of or mention hackers are “script kiddies”. These are people who have no real knowledge of network security or how the Internet actually works but they have tools written by other people that they can use to cause damage. Standing on the shoulders of giants, so to speak.
These are the people who can do damage to your machine, usually by mistake because they didn’t really know what they were doing. In chat rooms and on personal web pages they refer to themselves as “l33t haX0rs” (in English that means Elite Hackers) but in reality they are generally malcontents who wish they had the computer knowledge to do some “serious hacking” but have to settle for programs they find on the Internet to do the hacking for them.
As a group they tend to concentrate mostly on defacing websites but they will occasionally try to do personal attacks when they feel they’ve been wronged (which is probably daily, but I’m not a psychologist). In this regard many of them are flat out stupid.
I’m generally not a funny guy (my last use of the Heimlich Maneuver on Ed Engelking not withstanding) but to illustrate how stupid some of these people are, and to lesson your anxiety just a bit, I thought I would give a hilarious example of a l33t haX0r at his finest.
In order for our non-geeky readers to see the humor in the following chat log file I’m going to have to define some technical terms. I’m also going to take this opportunity to warn you that some of the user names and parts of the conversations are a little offensive in a juvenile way. If a user name like “bitchchecker” is offensive, please scroll down to the Tech News section.
Ping is a program that tests connectivity. It’s used as a troubleshooting tool by technicians to evaluate the speed of a network and to determine if a PC is connecting. It’s also automated at many chat servers to remove lagging users. If you get unexpectedly disconnected from a chatroom often it’s because your PC didn’t respond in a timely fashion. This is called a ping timeout.
The other term is loopback. This allows testing of both the outgoing and incoming signals to the PC. As an example to test a parallel port you use a loopback device called a wrap plug. It will take the outgoing signal from the assigned pins and wrap that signal to the pins that handle incoming signals.
The internal network loopback address for a PC is in the 127.0.0.x range, usually 127.0.0.1. This test ability is more for software use than hardware and doesn’t any additional gizmos.
Now for the chat log. To set this up, bitchchecker re-enters a chatroom after a ping timeout and accuses a chatter named Elch of kicking him out of the channel. These are just select excerpts, not the entire log.
* bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
* bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) has joined #stopHipHop
[bitchchecker] why do you kick me
[bitchchecker] answer!
[Elch] we didn't kick you
[Elch] you had a ping timeout: * bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
[bitchchecker] what ping man
[bitchchecker] the timing of my pc is right
[bitchchecker] you banned me
[Elch] You're a real computer expert
[bitchchecker] shut up i hack you
[Elch] ok, i'm quiet, hope you don't show us how good a hacker you are ^^
[bitchchecker] tell me your network number man then you're dead
[Elch] Eh, it's 129.0.0.1
[Elch] or maybe 127.0.0.1
[Elch] yes exactly that's it: 127.0.0.1 I'm waiting for you great attack
[bitchchecker] in five minutes your hard drive is deleted
[bitchchecker] i have a program where i enter your ip and you're dead
[bitchchecker] say goodbye
* bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) Quit (Ping timeout#)
At this point our l33t haX0r has managed to knock himself offline by launching an attack against his own computer. Then he reboots and comes back for more...
* bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) has joined #stopHipHop
[bitchchecker] dude be happy my pc crashed otherwise you'd be gone
[Elch] bitchchecker: Then try hacking me again... I still have the same IP: 127.0.0.1
[bitchchecker] you're so stupid man
[bitchchecker] buy buy elch
* bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) Quit (Ping timeout#)
Never one to give up, checker comes back yet again and he's decided that Elch is running a firewall that is thwarting his attacks...
* bitchchecker (~java@euirc-9ff3c180.dip.t-dialin.net) has joined #stopHipHop
[Elch] What's up bitchchecker?
[bitchchecker] you have a frie wal
[bitchchecker] fire wall
[Elch] how did you find out that I have a firewall?
[bitchchecker] because your gay fire wall directed my turn off signal back to me
[bitchchecker] you're afraid
[bitchchecker] i don't wanna hack like this if he hides like a girl behind a fire wall
[Elch] bitchchecker, a collegue showed me how to turn the firewall off. Now you can try again
[bitchchecker] lolololol you so stupid man you'll be gone
[bitchchecker] and are the first files being deleted
[bitchchecker] elch man you're so stupid never give your ip on the internet
[bitchchecker] i'm already at c: 30 percent
* bitchchecker (~java@euirc-9ff3c180.dip.t-dialin.net) Quit (Ping timeout#)
At this point checker disappeared and never came back. One can only assume that by erasing his own hard drive he lost all his little hacker toys, but who knows. You can read the entire chat log at http://www.zetanews.com/module.php?mod=forums&op=topic&id=576.
Fear me for I am haX0r, i will delete all ur <no carrier>... See what I mean. Terminally stupid ;)
Kevin Mefford, Editor
Evidently lead
Apple guy Steve Jobs is not a big fan of
unauthorized
biographies---especially when they're about him:
http://news.com.com/Apple+strikes+back+at+iCon+Jobs+publisher/2100-1047_3-5686487.html?tag=nefd.top
Firefox
now has nearly 9% of the internet browser market. Steve
Ballmer, call
your office:
http://www.theinquirer.net/?article=22854
Nokia
wants you to throw away your iPod...and buy their new phone with
a 4GB hard
drive:
http://www.thisislondon.co.uk/londoncuts/articles/18203091?source=Evening%20Standard
Does
your PC need a "black box" to explain crashes to you? If you're
running
Windows, Microsoft thinks you do:
http://www.webpronews.com/news/itnews/wpn-41-20050427BlackBoxToUnravelPCCrashMysteries.html
Copy
us on the good stuff ;-)
Matthew Dattilo
thepcgurus@gmail.com
www.opaquelucidity.com
This week’s game is the recent Halo 2. It’s a first person shooter (FPS) and allows for many different actions from the usual trudging along to driving warthogs and flying hovercrafts called Wraiths. You also have a wide range of weapons at your disposal including machine guns, pistols, fragmentation grenades and torpedoes.
You can play against the AI foes or you can team play on XBox Live in head to head or capture the flag modes. Look for me online as BlackLoreTDM ;)
Chris Cook
Q: I read an article in this months PC
MAGAZINE about a new threat to
computer, they're called, "Rootkits".
Supposedly worse than spy ware
they hide deep in the files on your computer
undetected and operate much
like spy ware stealing your information and
tracking your web browsing.
Have you heard of Rootkits ? Should we download anti-rootkit software which is already available?
A: Rootkits may have come into prominence
recently, but they are not a new concept. They originated from the Unix
days of yore. They were
actually recompiled Unix tools such as netstat
and passwd, that would
let a cracker who had hacked into the system, hide his
tracks from a
system administrator. To go into a little
explanation here -
Most Unix / BSD based operating systems have three
levels of access. A
USER level that can run programs. An
ADMINISTRATOR level that can
install programs and monitor/administer
users. And a ROOT level that
can actually make system level
changes. So if a cracker had somehow
got unauthorized access to Unix
based computer system, the only way he
could hide his activities from an
Administrator would be to install a
program at the "ROOT" level. Hence
the term "Root-kit". For example,
if a system administrator wanted to
look at user logins, only a root
level program could alter the login files so
a particular users logins
are never recorded.
Today rootkit programs
have expanded from the realm of Unix and exist
for other operating systems
such as Linux and Windows. One of the main
things to remember about
rootkits is that they are installed on already
"compromised" systems.
Windows by nature does not have the layers of
security that Unix like systems
such as BSD, Linux or Mac OSX. Despite
all the lip service by Ballmer
and his ilk, security and multi user
environments are just an afterthought in
this swiss cheese operating
system. In fact, in Windows ANY
user has kernel level access. So
most people that crack a Windows
machine wouldn't bother with
installing rootkits anyways. Remember that
the vast majority of the
SPAM email generated on the internet is from
compromised "zombie"
machines running some form of Windows. And their
owners are oblivious
of it. With close to a 100,000 viruses, and a
zillion pieces of
spyware floating around, rootkits on Windows are the
least of people's
worries.
So, should you worry about rootkits ?
Well, if you are a System
Administrator for a corporate network, then most
definitely, yes. For
the average home user running Windows, the threat
of rootkits is from
trojans and viruses that use rootkits and the rootkit
concept to hide
from antivirus and spyware detection tools. So, if you
make sure that
you have a good, effective and updated antivirus program
running, and
periodically check for spyware, you should be able to prevent
malware
from loading on your computer and getting infected in the first
place.
A good firewall program will also prevent internal and external
access
to and from your machine.
That being said, there are some
freeware rootkit detection tools
available such as "rootkit-revealer".
Please note that these tools are
pretty geeky, and are not simple detect and
remove programs like
Spyware or Antivirus programs. You have to know
what your looking at
and interpret the results.
For example, a
registry entry
of
HKLM\SYSTEM\ControlSet001\Services\HackerDefender100 is an
obvious
example of an installed rootkit.
But would you be able to
recognize
C:\WINDOWS\...\HXDEF100.EXE-1B5F5F48A.pf as a rootkit
?
And output discrepancies such as API lengths, embedded nulls and
raw
hive data are beyond the realms of mere mortals like us.
I am of
course speaking from limited experience, and there may be
simpler tools out
on the market now. I would never tell anyone NOT to
use tools to make
their computer more secure, especially when it comes
to Windows, which needs
all the help it can get. But I would certainly
hesitate to recommend
spending money on rootkit detection software.
I am sure you just wanted a
yes or no answer, and not a PhD thesis on
rootkits. But hey, they don't
call me "Professor Hash" for nothing.
;-)
Hash
hash@ucanweb.com
If you have tech support
questions or ideas and/or submissions for our newsletter please submit them by
visiting www.thepcgurus.com and click
on the “Email the Team” icon.
Copyright 2005, The PC
Gurus. All rights reserved.
Publication, rebroadcast or storage is prohibited without prior consent,
however you may freely forward this publication to friends as long as A) it is
forwarded in its entirety and B) no fee is charged.
Information provided in this
publication is provided "as is" without warranty of any kind, either expressed
or implied. Although the
information provided is known to work on most systems, it may not work on ALL
systems. Make use of any
information supplied at your own risk.
The PC Gurus are a group of
volunteers who provide support for the PC, Mac and Linux users in the
Kentuckiana region.
To unsubscribe from this newsletter send an email to microdome@seidata.com with the words “unsubscribe newsletter” (without the quotes) at the top of the body of the message.