|------------------------------------------|
|- Astalavista Group Security Newsletter  -| 
|- Issue 7 30 June 2004                   -|
|- http://www.astalavista.com/            -|      
|- security@astalavista.net               -|
|------------------------------------------| 

- Table of contents -

[01] Introduction
[02] Security News
   - Corporate Servers Spreading IE Virus 
   - Akamai DDoS Attack Whacks Web Traffic, Sites
   - Unpatched IE vuln exploited by adware
   - US moves towards anti-spyware law
   - Gates Defends Microsoft Patch Efforts
[03] Astalavista Recommends
   - Password Tips for Users
   - HOWTO Bypass Internet Censorship
   - Securing your Windows Laptop
   - A Cryptographic Compendium
   - Assembly Language Tutor
[04] Site of the Month - Web Searchlores  - http://searchlores.org/
[05] Tool of the month - Echelon for Dummies 
[06] Paper of the month - Understanding Virtual Private Networking 
[07] Free Security Consultation
   - I've suddenly started receiving many port scan attempts..
   - How useful are honeypots, really?!
   - Are managed security providers better than in-house risk responsilibity?
[08] Enterprise Security Issues
   - The Nature of the Game - Hackers' Attack Strategies and Tactics Part 2
[09] Home Users Security Issues
   - Web E-mail Security Tips
[10] Meet the Security Scene
   - Interview with Prozac, http://www.astalavista.com/
[11] Security Sites Review
   - Programmersheaven.com
   - VPNlabs.com
   - Slashdot.org
   - Sysinternals.com
   - Securitytracker.com
[12] Astalavista needs YOU!
[13] Astalavista.net Advanced Member Portal Promotion
[14] Final Words

01. Introduction
   ------------

Dear Subscribers,

Welcome to Issue 7 of Astalavista Security Newsletter.

During the past month we've witnessed several very important actions, one of them was the Spyact, in terms of
the U.S Government paying attention to the threats possed by spyware and adware. The attacks/dns problems on Akamai's
global network shut down MSN, Yahoo, Google, Microsoft and pretty many of the most highly visited sites in the world. Serious
criticizm has been going around the industry about Microsoft's Internet Explorer level of insecurity.

We got several hundred new subscribers, developed a couple of new sections at Astalavista, and the big news is that we're
soon going to have a HTML based Newsletter. Which means more dynamic and interactive content for you, our subscribers.

Enjoy yourself, and be aware!

Astalavista's Security Newsletter is mirrored at:

http://www.cyberarmy.com/astalavista/
http://packetstormsecurity.org/groups/astalavista/

If you want to know more about Astalavista.com, visit the following URL:

http://astalavista.com/index.php?page=55

Previous Issues of Astalavista's Security Newsletter can be found at:

http://astalavista.com/index.php?section=newsletter

Editor - Dancho Danchev
dancho@astalavista.net

Proofreader - Yordanka Ilieva
danny@astalavista.net

--- Thawte Crypto Challenge V ---

Crypto Challenge V Now Live!
Pit your wits against the code – be the first to crack it and win an Archos Cinema to Go.

Click here to grab the code and get started:
http://ad.doubleclick.net/clk;8130672;9115979;t

--- Thawte Crypto Challenge V ---

02. Security News
   -------------

The Security World is a complex one. Every day a new vulnerability is found,
new tools are released, new measures are made up and implemented etc.
In such a sophisticated Scene we have decided to provide you with the most
striking and up-to-date Security News during the month, a centralized
section that contains our personal comments on the issue discussed.
Your comments and suggestions about this section are welcome at
security@astalavista.net
   -------------

[ CORPORATE SERVERS SPREADING IE VIRUS ]

Security researchers warned Web surfers on Thursday to be on guard after uncovering evidence that
widespread Web server compromises have turned corporate home pages into points of digital infection.

More information can be found at:

http://zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeed

Astalavista's comments:

Responding to a threat from a 0-day IE vulnerability by advising users to modify settings, instead of providing them
with a patch on time isn't the best strategy at all.

[ AKAMAI DDoS ATTACK WHACKS WEB TRAFFIC, SITES ]

An apparent DDoS (distributed denial of service) attack on the DNS run by Akamai Technologies Inc. 
slowed traffic across the Internet early Tuesday and brought the sites of the firm's major customers to a screeching
halt for roughly two hours.

More information can be found at:

http://www.eweek.com/article2/0,1759,1612740,00.asp

Astalavista's comments:

Let's don't forget the following, Akamai is a global leader in providing computing solutions and it has the
most widely used on-demand distribution computing platform in the world. They're prone to be online, and DDoSing
them is not going to happen that easy. Although we'll probably never find out the truth, as the feds urge secrecy over
these network outages, we shouldn't exclude the possibility of an insider breach at Akamai or this could have been one 
of the most sophisticated attacks we've seen lately.

[ UNPATCHED IE VULN EXPLOITED BY ADWARE ]

Detailed information on a brace of unpatched vulnerabilities in Internet Explorer has been posted onto a
Full disclosure mailing list. The flaws involve a cross-zone scripting vuln and a bug in IE's Local Resource
Access and pose an "extremely critical" risk to Windows users, according to security firm Secunia. The 
vulnerabilities affect both Internet Explorer 6 and Outlook.

More information can be found at:

http://www.theregister.co.uk/2004/06/10/ms_inpatched_ie_flaw/

Astalavista's comments:

Although it's again privacy invasion (even data modification), just imagine the implications of a couple of million e-mails
send to Outlook and IE users, containing the 0-day vuln inside?

[ US MOVES TOWARDS ANTI-SPYWARE LAW ]

A US House subcommittee on Thursday (17 May) approved what would be the first federal law
to specifically target Internet spyware.

The SPY Act, for "Securely Protect Yourself Against Cyber Trespass," would oblige companies
and individuals to conspicuously warn consumers before giving them a program capable of automatically
transmitting information gathered from a user's computer. Though the bill carries no criminal penalties,
and doesn't allow users to sue spyware merchants, anyone in the US caught uploading such a program
without obtaining the consumer's consent could face civil prosecution by the Federal Trade Commission (FTC).

More information can be found at:

http://www.theregister.co.uk/2004/06/20/us_anti_spyware/

Astalavista's Comment:

Finally the gov guys found it necessary to address this issue seriously, and although the act itself needs improvements,
it's the beginning of something.

[ GATES DEFENDS MICROSOFT PATCH EFFORTS ]

Microsoft chairman Bill Gates defended the company's handling of security patches Monday following widespread
attacks on the Internet by suspected Russian organized crime gangs.

Last week's attacks used unpatched vulnerabilities in Internet Explorer to deploy a Trojan horse program
on the victim's machine, which could capture the users' Internet banking passwords. The SANS Institute's 
Internet Storm Center reported the attacks were launched through a large number of websites, some of them 
"quite popular," which had been penetrated and modified to deliver malicious code. 

More information can be found at:

http://securityfocus.com/news/9004

Astalavista's comment:

Nobody can deny that there's a significant delay of MS's patching process, the lack of awareness about a new update,
now, the updates aren't actually working.

03. Astalavista Recommends
   ----------------------

This section is unique with its idea and the information included within. Its
purpose is to provide you with direct links to various white papers covering
many aspects of Information Security. These white papers are defined as a "must
read" for everyone interested in deepening his/her knowledge in the Security field.
The section will keep on growing with every new issue. Your comments and suggestions
about the section are welcome at security@astalavista.net

" PASSWORD TIPS FOR USERS "

Tips for users in order to improve the quality of their current passwords

http://astalavista.com/index.php?section=dir&cmd=file&id=1891

" HOWTO BYPASS INTERNET CENSORSHIP"

A tutorial on how to bypass Internet Censorship using Proxies, Shells, JAP e.t.c. Different ways to beat the filtering
in schools, countries or companies (blocked ports e.t.c).

http://astalavista.com/index.php?section=dir&cmd=file&id=1994

" SECURING YOUR WINDOWS LAPTOP "

Paper discussing various aspects of securing your laptop

http://astalavista.com/media/files/securing_your_laptop.pdf

" A CRYPTOGRAPHIC COMPENDIUM "

Quite an extensive overview of Cryptography, very comprehensive, graphics are included as well

http://www.astalavista.com/?section=dir&cmd=file&id=2004

" ASSEMBLY LANGUAGE TUTOR "

Very well written document covering the most important concepts of Assembler

http://astalavista.com/index.php?section=dir&cmd=file&id=1760

04. Site of the month
   ------------------

Web Searchlores  - search engines concepts in depth

http://searchlores.org/

05. Tool of the month
   ------------------

Echelon for Dummies

Echelon for Dummies is a distributed sniffer which tries to show how the "echelon" network could be designed. 
It uses sniffer servers that can be installed and run on remote hosts, and will dig through local network traffic,
using custom pattern/keyword matching to find packets with interesting content, which are then forwarded to
a central loghost on which the logging daemon that gathers and logs the data is run.

http://www.astalavista.com/media/files/e4d.tgz.gz

06. Paper of the month
   -------------------

Understanding Virtual Private Networking

A technology guide discussing Virtual Private Networks(VPN)

http://www.adtran.com/adtranpx/Doc/0/EU0GPR0PEFB139RF038BE81ID8/EU0GPR0PEFB139RF038BE81ID8.pdf

07. Free Security Consultation
   --------------------------

Have you ever had a Security related question but you weren't sure where to 
direct it to? This is what the "Free Security Consultation" section was created for.
Due to the high number of Security concerned e-mails we keep getting on a
daily basis, we have decided to initiate a service free of charge and offer
it to our subscribers. Whenever you have a Security related question, you are
advised to direct it to us, and within 48 hours you will receive a qualified
response from one of our Security experts. The questions we consider most
interesting and useful will be published at the section.
Neither your e-mail, nor your name will be present anywhere.

Direct all of your Security questions to security@astalavista.net

Thanks a lot for your interest in this free security service, we are doing our best to respond 
as soon as possible and provide you with an accurate answer to your questions.

---------
Question: Hello there. I'm mailing you because I've suddenly started receiving a lot of port scan and connection
attempts on various posts. Is there any way I could block these?
---------

Answer: Porn scan and connection attempts are something very common nowadays. Although the majority of the ones
you're getting are automated scanning tools, some of these might be targeting especially you, it depends on your situation
of course. The fact that you've noticed these means that you have some sort of network monitoring software, probably a
firewall, which is just great, and it should be blocking the majority of these. Keep in mind that whenever there's a new
vulnerability discovered in a popular software, in a short time there's a new worm "in the wild" attempting to infect
possibly vulnerable computers. We would advice you to keep an eye on the following sites:

http://www.incidents.org/
http://www.dshield.org/

---------
Question: Hi, I plan to install a honeypot. How useful are they, indeed?!
---------

Answer: Well,it depends on what you're trying to achieve. IDS's are a good place to start when gathering information about
the kind of threats trying to breach your security. While honeypots will keep real intrusion in an isolated environment
where you'll be able to take a closer look at what attackers try to use your network for; the combination of 
these will be very beneficial for you.

---------
Question: Hi, I run a small size business network, and we've recently started thinking of outsourcing the security
of our system to managed security providers. Are managed security providers better than in-house risk responsilibity?
---------

Answer: MSS(Managed Security Services) saves a lot of costs on infrastructure and most importantly expertise. MSSs often
work with highly skilled personel and partner with leading security providers. For larger networks, in-house security
measures have to be developed in order to increase the level of security required for the huge number of entry points.

Check out:

http://internet.about.com/library/aa_mss_082902.htm

08. Enterprise Security Issues
   --------------------------

In today's world of high speed communications, of companies completely
relying on the Internet for conducting  business and increasing profitability, we have
decided that there should be a special section for corporate security, where
advanced and highly interesting topics will be discussed in order to provide
that audience with what they are looking for - knowledge! 

The Nature of the Game Part 2
By MrYowler
mryowler [at] cyberarmy.com
http://www.cyberarmy.com/

Measures and Countermeasures

Having explored to some extent the tactics involved in information warfare, it is also worthwhile to explore some 
protective measures which may be employed by both attackers and defenders. Defenders may choose to employ 
electronic and/or operational measures which can serve to prevent the attacker from gaining access; this might
include tactics of misdirection, intrusion detection, policies designed to limit access through users, firewalls,
network service controls, and encryption.

Intrusion detection:

Intrusion Detection Systems (IDS) refer to mechanisms that attempt to alert a host or network administrator,
when they appear to be under some form of attack. These systems are often based upon a series of known attack
profiles, and alert the administrator when some element of traffic fits one of these profiles, with some unusually
high statistical measure of correlation. Some simple examples might include activity on an IP router, in which the
IP address of a data packet, passing through a network interface, does not match the subset of the IP network, 
assigned to that interface. This implies an attack tactic known as 'IP spoofing', which is typical of a wide variety
of denial-of-service attacks. Such a situation may also, however, describe a user, attempting to configure a
new workstation, who misconfigured his Internet Protocol settings.

There are a number of issues surrounding IDS systems. The first, and most obvious, is the one described above;
it is often as likely that authorized traffic is responsible for the alerts that you receive from your IDS, 
as it is that these alerts are the result of unauthorized traffic. (This is typically referred to as a 'false positive',
and network attackers sometimes purposefully attempt to generate apparent 'false positives', in order to lull the 
defender into ignoring indications of a genuine attack in progress.) Additionally, users of IDS systems are often
not nearly so familiar with a potential attack profile, as the IDS is, itself, and therefore are left ill-equipped
to react to an intrusion, when it occurs. Such a user may, in fact, misinterpret the alert, to represent one situation,
when in fact the alert represents a different situation, altogether. (This represents a defender who is subject to a
range of social engineering tactics; their perceptions and reactions can be molded, by manipulating the alerts that
appear on their IDS.) An IDS user may also recognize an attack, but lack the means to respond in a useful way.

In the example, above, a useful response might be to examine the MAC (Media Access Control) address, or hardware address,
of the device that is sending out the erroneous data. If that address can be connected to a specific network device,
and that device associated with a specific user, then it may be possible to contact the user, and offer them assistance,
or take disciplinary action, as may be appropriate to the situation at hand. Most organizations, however,
do not maintain such closely managed asset management systems, as to be able to track a hardware address
down to an individual user. Furthermore, if the scenario represents an actual attack, the hardware involved
is unlikely to appear in any asset management system. Also, a sophisticated attacker, having planted a device on
a target network, may well be capable of programming the hardware address - and will change the address, at 
unpredictable intervals, in an effort to thwart attempts to locate the device. In fact, such a device might well
be designed to attempt to disguise itself as some other device, which does appear on the asset management inventory.
It may even change identities, between several such devices, and/or detect when such devices are shut down,
in order to have some idea when to change identities, and what identities to use.

This could represent an extremely difficult situation to respond to, even when it is possible to clearly
identify as an attack. And, therein lies the challenge; even with sophisticated tracking tools, information,
and training, it can be extremely difficult, time-consuming, and resource-consumptive (often translating to 'expensive')
to make use of the information that an IDS provides to it's user. Many IDS users do so, not only as part of an 
effort to respond tactically, to network attacks, but also as part of an effort to gather intelligence for
subsequent legal action. This is often also fruitless, since the identity of the attacker may be well-concealed,
and the attacker may not be subject to either the legal jurisdiction of the defender, or may be in some way immune
to prosecution. Perhaps, for example, their activities are not against the law, in the legal jurisdiction that
they are subject to. Perhaps the attacker is viewed by the leagal system, as a 'minor', and the penalties for their
actions are therefore not worth much law enforcement effort, to pursue. Some defenders use IDS systems, 
in the hope of responding to an attack, with a counterattack - this too is ill-advised. Such efforts only 
subject the defender to legal action, as well as legitimizing the actions of the attacker. Additionally, 
a particularly cagey attacker might well attempt to trick one victim into believing that the attack came 
from another, intended victim - causing the first victim to perpetrate an attack against the second. 
In behavioral science arenas - or social engineering circles - such an individual might be referred to 
as an 'instigator'.

Finally, it is worth pointing out that an IDS exists only to identify possible intrusion attempts.
It does not usually prevent them - and given that such events often turn out not to represent an attack,
it is probably just as well that an IDS not be responsible for responding to the event. In the example above,
the typical response would come from the router that notified the IDS of the unusual traffic; that router 
should probably drop the packet, as if it were malformed, or otherwise unroutable. The notification that is 
sent to an IDS, may very well wind up being ignored, for the reasons outlined above - making the usefulness of 
the IDS, for this scenario, highly questionable.

Policy:

(to include policies to protect the defender from both operational and informational exposures)

"Network Security Policy" is a buzz-phrase that has been growing, in popularity and usage, in recent years.
Network users seem to have the impression that it refers to something obscure, technical, and related mostly
to network equipment and configurations - something for the boys in Network Management to worry about, not the users.
In fact, Network Security policy covers not only the network security, but also the operational security procedures,
within an organization.

Sadly, users typically do not want to be bothered. It is a sad truth that a user with no vested interest in 
the security of a resource, is unlikely to take steps to protect that resource. No amount of cajoling, meetings,
memos, or training, is likely to convince a user to do something that makes their life more difficult, for no 
perceptible benefit to them. Even offering financial incentives and/or penalties seems to rarely be effective; 
the typical user response is to cover up violations of the security policies, rather than to prevent them. 
A person assigned to protecting a resource, must actually have a vested interest in protecting that resource, 
in order for it to be reasonable to assume that they will do so, reliably.

This is clearly demonstrated by military organizations, where the high statistical rate of success, in protecting
sensitive data, within a large organization of oft-inexperienced users, is belied only by direct experience in
the trenches. Data exposures go unreported. Thanks to inordinately severe penalties for these exposures, when they
are discovered, few people that would be immediately involved in their discovery, are suitably motivated
to report it. Recognizing that the exposures, if exploited by an attacker, are associated with extremely high
strategic, tactical, economic, and personal costs; attempts to transfer these costs to the people responsible
for them are typically neither effective nor helpful. These efforts result in a motivational imperative to avoid
reporting the exposure, which merely compounds the problem, by leaving the defender largely unaware it, until
the attacker has fully exploited it. This is one of those cases where that which you do not know, can and probably
will hurt you.

The moral of the story? No matter how much you want to, you can't shove security down the users' throats;
you have to invest them in it. Even more important than the wisdom of a policy is its genuine acceptance, 
by the people who must implement it.

Firewalls:

The word 'firewall' tends to get thrown around, a great deal, by users and technical people, alike. 
The frequency of its misuse has corrupted its meaning over time, and the marketing efforts of organizations
that try to sell security, as well as misuses of the word in popular entertainment media, have contributed to 
this corruption.

A firewall is a device that examines data which is passing through it, for conditions that it views as problematic,
and permits or denies the passage of that data. The conditions which a firewall finds to be problematic must be
predetermined by someone; firewalls do not possess psychic powers with which to defiine what traffic might be
acceptable, and what traffic might not be. Many firewalls come with some sensible default configurations, 
but such defaults are based upon broad assumptions, and are rarely both entirely adequate and entirely appropriate.
Simply buying a device with the word 'firewall' on the packaging, does not constitute adequate security policy,
nor are firewalls the be-all, end-all of network security.

A component need not have the word 'firewall' on the label to serve as one. Often, conventional routers
employ simplistic traffic controls, which allow them to serve adequately as firewalls, for the purposes of many 
organizations with uncomplicated security requirements.

Proxies:

Many people and organizations employ proxy services, to share network connections, to filter and/or monitor
network traffic, to protect the privacy of their users, and to prevent host intrusions, perpetrated against
the workstations of network users - who, often, may be ill-equipped to protect themselves. 
Proxy services allow network administrators to redirect network traffic to a single or small group of 
entry/exit points, making the effort to control that traffic, substantially simpler. It is worth noting that
this also creates a potential single point of failure, for denial-of-service attacks - as well as an excellent
place to troll for valuable data. Additionally, the extra attention that proxy servers usually get, 
often comes at the expense of the rest of the network; skilled attackers will often take advantage of
this fact, by attempting to pass their traffic in ways which bypass or otherwise avoid the proxy service.
Sometimes, the volume of traffic, on the proxy, is so overwhelming, that is becomes possible to disguise
one's traffic in plain sight - another tactic employed by skilled attackers.

Filters:

To prevent traffic from traversing networks in undesirable ways, network administrators often 
apply filters to that traffic. Such filters may be specifically designed to disallow traffic that is viewed
with concern, or to allow traffic that is expected - even to track traffic that is specifically believed to
represent an attack. Experienced network-protocol attackers will often escape such filters, by presenting their
traffic in expected protocols, or otherwise evading the filtering device, on the network. Filtering devices 
possess the same inherent flaws as proxies; any device designed to aggregate data, on a network, is a target 
for denial-of-service attacks as well as data-collection tactics, and something to be avoided, by network users 
that are aware that their traffic is considered undesirable.

Network Service controls:

(limited-connection services, 'layer 4' routers, and such)

Encryption:

Encryption is typically used to protect data from unauthorized interception. The point of the exercise is to
ensure that traffic which is passed over a presumably insecure channel is only decipherable by the sender
and/or receiver. Anyone that obtains the information, in transit, is left with it in a useless and nonsensical format.

Encryption relies upon the principle that data has a value, and that value may be measured against the value
of the effort which must go into compromising it. If the value of that effort, far exceeds the value of the data,
then the data is generally believed to be adequately secure. Indeed, it is singularly impossible to cipher data,
so securely, that it is no longer possible to decipher it; if that were the case, that the receiver would
not be able to decipher it, either. If the data cannot be deciphered by the receiver, then it has no value,
as a communication, at all.

Encrypted data may potentially be deciphered through the use of some sort of key, or through the use of an algorithm,
or possibly both. There are many types of encryption, and the factors which lead to the selection of one type 
over another, may include the legal export implications of the use of one type over another. Decisions may also
be based upon the difficulty of implementing one cipher, over another, or the cost, in terms of computing power,
to cipher and/or decipher it. Another factor might be the value of the data being protected.

Users tend to be largely ignorant of the quality of encryption, and if told that their data is encrypted, 
they will typically equate that to a belief that their transmissions are secure. Sometimes that is true, 
and sometimes not; the basis for that assessment comes in the comparison of the value of the data being transmitted, 
to the value of the effort involved in compromising it. The Electronic Frontier Foundation recently designed and 
constructed a device designed to defeat the U.S. federal government's recommended public cipher system;
the Data Encryption Standard (DES) through brute-force tactics. 
The device costs (at the time) approximately $250,000 to construct, and the design specifications are available to the 
public. It may not be reasonable to believe that a hacker would go to that much effort, to intercept credit card 
transactions, over the web (although such transactions typically use stronger ciphers, in any event), but it might 
be reasonable to expect such equipment to be put to use in industrial or international espionage efforts. If you are 
an executive officer, at a bank, and your email is DES-encrypted, it might not be safe to assume that your email is 
secure, in transit.

Most hackers, of course, operate on a much smaller scale, and will typically only rely upon brute-force 
cipher-cracking techniques, when they can do so with a reasonable chance of success. This means that they will
typically apply such tactics against bulk data, such as password files, and then they will limit their key 
searches to such things as dictionary words, popular names, numbers 
(like social security, birthdate, and/or telephone numbers, or subsets thereof). Any successful intrusions or
revelations based upon this approach, result in exposures that are typically limited to the users who chose cipher
keys or passwords, so poorly, to begin with. These attackers will often attempt, instead, to intercept data 
before it is ciphered - or after it is deciphered - or intercept cipher keys, at the time that they are used. 
They rely upon the fact that users will rarely go to the trouble of ciphering their data, unless they perceive 
it to be valuable, and therefore the data to concentrate on, is the data that the user went to the trouble to try 
to protect.

Network attackers will often also take advantage of cipher tactics, themselves, to protect data that they perceive 
to be valuable, or to disguise their activities. The classic example of this is the nph-proxy tactic, in which 
a corporate network user evades an effort, by a corporate web proxy, to log or restrict the websites that he visits,
by submitting an encrypted web request to a site outside of the corporate network, that will then translate the 
request, retrieving the requested content from a site that the corporate proxy might otherwise either have filtered,
or reported as a violation of the corporate network use policy. Instead of violating the proxy rules, 
such a request is passed through innocuously, and the restricted content is not only now available, but the proxy,
in all likelihood, failed to log the activity adequately, to use as evidence if the abuse should be discovered, 
later, through other channels.

Motivations:

To date, I have identified three core motivations for 'hacking'; challenge, curiousity, and power.

Challenge:
Curiousity:
Power:
Ethics:
The word 'hacker':

This needed to be addressed, even though it is not the focus of this document, if for no better reason than because 
'hackers' themselves, often object to the usage.

The term 'hacker' originates from well before the time of computers, just as information security has
been an issue of some importance, for as long as information has been valuable. In days long gone by,
a 'hacker' was someone who spent an inordinate amount of time engaged in the activity of typing, or 'hacking'
at a keyboard. This slang term was eventually corrupted into an insult, borne of the tendency of such people to
take great pride in their products - people who disagreed, would call them 'hacks'. Over time, the insult spread
to other professions, but the term 'hacker' continued to apply to people who spent the late hours hunched over a
keyboard. With the advent of computers, the term began to apply to people who spent such time over computer keyboards;
in the early days, to be effective as a user of the machines, it was nearly unavoidable that you should devote much of
your time to them. Eventually, computers began to reach the student community, at colleges, and the public community,
and again, such students and computer enthusiasts, because of their time spent at the keyboard, were referred to as
'hackers'. Because these were often young people, with curious natures, and highly devoted to whatever their interest
- and because computing resources were scarce, and therefore competition for elevated access to them, fierce - 
these people began to explore the limits of their access to these systems. Being a part of the then-'hacker' culture,
and being perhaps the most prominently visible, for those instances in which their activities made them into 
disciplinary examples - they became, over time, what was represented to the public, as typical of the 'hacker' 
culture. Other 'hackers' at the time attempted to distance themselves from this reputation, by referring to 
these people as 'crackers' (for their efforts to crack encryption keys, algorithms, and passwords), but the public
media never really accepted this terminology, and the 'hackers' of the time, were, on the whole, not serious 
societal participants, to push the issue.

Today, the word 'hacker', in popular usage, refers to someone that penetrates computer and network
security systems. True 'hackers' (under the more traditional definition) may disagree with this definition
- even be offended by it; nevertheless, it is what it is. In this document, in the interests of communicating
with the largely non-technical audience that it is intended to target, I defer to the more common, and admittedly,
less correct usage. I use the term interchangeably with network or host 'attacker'. So sue me. :)

09. Home Users Security Issues
   --------------------------

Due to the high number of e-mails we keep getting from novice users, we have
decided that it would be a very good idea to provide them with their very
special section, discussing various aspects of Information Security in an 
easily understandable way, while, on the other hand, improve their current level of knowledge.
If you have questions or recommendations for the section, direct 
them to security@astalavista.net Enjoy yourself!

Web E-mail Security Checklist

This Checklist tries to summarize the most common security related issues for web based e-mail providers like
Hotmail, Yahoo etc.

1. Always use the secure (SSL) mode when available. Unencrypted data can be sniffed much more easily than encrypted.
Using the SSL mode, you ensure that the login data between your computer and Yahoo is transmitted securely.

2. Make sure that the computer you're using is free of keylogers and other monitoring programs.

3. Keep an eye on the Sent folder. Sometimes the attacker is activating the "Save in the Sent folder" feature, so that
he/she can read all the e-mails sent, then of course place them in the Trash

4. Whenever a pop or another windows asks you about your login data, make sure that you revisit your provider's web site,
instead of just entering there. The majority of e-mail hacks happen through login spoofs like the ones mentioned.

5. When storing sensitive data in your e-mail, consider encrypting it before that, PGP is a good start. Just think about
the implications of having your mailbox hacked into?

6. Limit the use of public POP3 checkers and the use of proxies with the idea to "check my e-mail anonymously", as the
majority of these are often better monitored than your e-mail provider's servers, in terms of privacy invasion and scam.

10. Meet the Security Scene
   -----------------------

In this section you are going to meet famous people, security experts and
all personalities who in some way contribute to the growth of the community.
We hope that you will enjoy these interviews and that you will learn a great deal of
useful information through this section. Due to the constant requests, in this issue we have interviewed
one of the core founders of Astalavista.com, you will read about a lot of stories "right from the kitchen"!

Your comments are appreciated at security@astalavista.net

------------------------------------------------
Interview with a core founder of Astalavista.com http://www.astalavista.com/

Dancho: Hi Prozac, Astalavista.com - the underground has been one of the most popular
and well known hacking/security/cracks related web site in the world
since 1997. How did it all start? What was the idea behind it?

Prozac: Basically, it was me and a college friend that started Astalavista.com during our student
years. The name of the site came from the movie Terminator 2 from Schwarzenegger's line " Hasta la vista Baby"! 
Back in those days there weren't many qualified security related web sites, and we spotted a good
opportunity to develop something unique, which quickly turned into one of the most popular hacking/security
sites around the globe. In the beginning, it was just our Underground Search List, the most comprehensive and
up-to-date search list of underground and security related web sites, based on what we define as a quality site.
Then we started providing direct search opportunities and started developing the rest of the site. Many people
think we did some serious brainstorming before starting Astalavista, well, we did, but we hadn't expected it to become
such a popular and well known site, which is the perfect moment to say thanks to all of you who made us as popular as we're today.

Dancho: Astalavista.com always provides up to date, sometimes "underground" documents/programs. The Security Directory 
is growing daily as well, and it has been like this for the past several years. How do you manage to keep such an archive
always online, and up to date?

Prozac: Astalavista's team members are aware of what's "hot" and what's interesting for our visitors, just because we pay
an enormous attention to their requests for security knowledge, and try to maintain a certain standard, only quality files.
While we add files every day, a large number of those are submitted by our visitors themselves, who find their programs and
papers highly valued at our site, as we give them the opportunity to see how many people have downloaded their stuff.

Dancho: Astalavista occupies  people's minds as the underground search engine. But what is Astalavista.com all about?

Prozac: The majority of people still think Astalavista.com is a Crack  web site, which is NOT true at all.
Astalavista.com is about spreading secutity knowledge, about providing professionals with what they're looking for, about
educating the average Internet user on various security issues; basically we try to create a very well segmented portal where
everyone will be able to find his/her place. We realize the fact that we're visited by novice, advanced and highly advanced
users, even government bodies; that's why we try to satisfy everyone with the files and resources we have and help everyone find 
precious information at astalavista.com.Although we sometimes list public files, the exposure they get through our site is always impressing for
the author, while on the other hand, some of the files that are listed at Astalavista.com sometimes appear for the first time at our site.
We try not to emphasize on the number of files, but on their quality and uniqueness.

Dancho: Everyone knows Astalavista, and sooner or later everyone visits the site. How did the image of Asta become so
well-known around the world?

Prozac: Indeed, we are getting more and more visitors every month, even from countries we didn't expect. What we think is 
important is the quality of the site, the lack of porn, the pure knowledge provided in the most professional
and useful way, the free nature of the site, created "for the people", instead of getting it as commercial as possible. Yes,
we work with a large number of advertisers, however, we believe to have come to a model where everyone's happy, advertisers
for getting what they're paying for, and users for not being attacked by adware or spyware or a large number of banners.

Dancho: A question everyone's asking all the time - is Astalavista.com illegal?

Prozac: No! And this is an endless debate which can be compared to the Full Disclosure one. We live in the 21st century, 
a single file can be made public in a matter of seconds, then it's up to the whole world to decide what to do with the information
inside. We're often blamed because we're too popular and the files get too much exposure. We're often blamed for serving
these files to script-kiddies etc. Following these thoughts, I think we might also ask, is Google illegal, or is Google's
cache illegal?! Yes, we might publish certain files, but we'll never publish "The Complete Novice Users on HOWTO ShutDown
the Internet using 20 lines VB code". And no, we don't host any cracks or warez files, and will never do.

Dancho: Such a popular secutity site should establish a level of social responsibility - given the fact how popular it is
among the world, are you aware of this fact, or basically it's just your mission that guides you?

Prozac: We're aware of this fact, and we keep it in mind when appoving or adding new content to the site. We also realize that we still
get a large number of "first time visitors", some of them highly unaware of what the security world is all about; and we try
to educate them as well. And no, we're not tempted by "advertising agencies" eager to place adware/spyware at the site, or
users submitting backdoored files, and we have a strict policy on how to deal with those - "you're not welcome at the site"!

Dancho: We saw a completely new and "too professional to be true" Astalavista.com  since the beginning of 2004 - what
made you renovate the whole site, and its mission to a certain extend?

Prozac: It was time to change our mission in order to keep ourselves alive, and most importantly, increase the number
and quality of our visitors, and we did so by finding several more people joining the Astalavista.com team, closely
working together to improve and popularize the site. We no longer want to be defined as script kiddies paradise, but as a
respected security portal with its own viewpoint in the security world.

Dancho: What should we expect from Astalavista.com in the near future?

Prozac: To put it in two words - changes and improvements. We seek quality and innovation, and have in mind that these
developed by us, have an impact on a large number of people - you, our visitors. Namely because of you we're devoted to continue to
develop the site, and increase the number of services offered for free, while on the other hand provide those having some
sort of purchasing power and trusting us with more quality services and products.

Dancho: Thanks for the chat!

Prozac: You're more than welcome :)

11. Security Sites Review
   ---------------------

The idea of this section is to provide you with reviews of various highly interesting
and useful security related web sites. Before we recommend a site, we make sure that it provides
its visitors with quality and a unique content.

http://www.programmersheaven.com/

Programmers heaven is a comprehensive portal providing its visitors with anything they could possible need
for their programming experiences, huge database of source codes!

http://www.vpnlabs.com/

VPNlabs is an open community for researching, reviewing, and discussing Virtual Private Networks.

http://slashdot.org/

News for nerds

http://www.sysinternals.com/

The Sysinternals web site provides you with advanced utilities, technical information, and source code related
to Windows 9x, Windows Me, and Windows NT/2000/XP/2K3 internals that you won't find anywhere else.

http://www.securitytracker.com/

Security Tracker is a site devoted to tracking security vulnerabilities.

12. Astalavista needs YOU!
   ---------------------

We are looking for authors that would be interested in writing security related
articles for our newsletter, for people's ideas that we will turn into reality with their help and for anyone who
thinks he/she could contribute to Astalavista in any way. Below we have summarized various issues that might 
concern you.

- Write for Astalavista -

What topics can I write about?

You are encouraged to write on anything related to Security:

General Security
Security Basics
Windows Security
Linux Security
IDS (Intrusion Detection Systems)
Malicious Code
Enterprise Security
Penetration Testing
Wireless Security
Secure programming

What do I get?

Astalavista.com gets more than 200 000 unique visits every day, our Newsletter has more than
22,000 subscribers, so you can imagine what the exposure of your article and you will be, impressive, isn't it!
We will make your work and you popular among the community!

What are the rules?

Your article has to be UNIQUE and written especially for Astalavista, we are not interested in
republishing articles that have already been distributed somewhere else.

Where can I see a sample of a contributed article?

http://www.astalavista.com/media/files/malware.txt

Where and how should I send my article?

Direct your articles to dancho@astalavista.net and include a link to your article. Once we take a look
at it and decide whether is it qualified enough to be published, we will contact you within several days,
please be patient.

Thanks a lot all of you, our future contributors!

13. Astalavista.net Advanced Member Portal Promotion
   -------------------------------------------------

- June offer Save 30% until 06/30/04  $69 - PREMIUM (Lifetime)

Astalavista.net is a world known and highly respected Security Portal offering
an enormous database of very well-sorted and categorized Information Security
resources, files, tools, white papers, e-books and many more. At your disposal
are also thousands of working proxies, wargames servers where all the members
try their skills and most importantly - the daily updates of the portal.

- Over 3.5 GByte of Security Related data, daily updates and always working
links.
- Access to thousands of anonymous proxies from all over the world, daily updates
- Security Forums Community where thousands of individuals are ready to share
their knowledge and answer your questions, replies are always received no matter
of the question asked.
- Several WarGames servers waiting to be hacked, information between those
interested in this activity is shared through the forums or via personal 
messages, a growing archive of white papers containing info on previous
hacks of these servers is available as well.

http://www.Astalavista.net
The Advanced Security Member Portal

--- Thawte Crypto Challenge V ---

Crypto Challenge V Now Live!
Pit your wits against the code - be the first to crack it and win an Archos Cinema to Go.

Click here to grab the code and get started:
http://ad.doubleclick.net/clk;8130672;9115979;t

--- Thawte Crypto Challenge V ---

14. Final Words
   -----------

Dear Subscribers,

Thanks for your interest in our Newsletter! We hope you've enjoyed Issue 7, and that we've provided you with an extensive
amount of well categorized security info on what has been going on during June, 2004.

Watch out for our upcoming HTML based Issue!

Editor - Dancho Danchev
dancho@astalavista.net

Proofreader - Yordanka Ilieva
danny@astalavista.net