The Sober Virus Returns!
Spam Technical Operations for
A wave of far-right German, political-party
propaganda choked millions of e-mail
inboxes around the world over the
weekend, delivering racist messages along
with a dirty payload.
The Sober.q virus was first spotted Sunday
as it quickly crossed the globe, blasting e-
mail addresses found on infected PCs.
Most of the political rhetoric contained links
to news stories and content with
approximately 72 varying subject lines,
according to security firm MessageLabs.
The payloads quickly turned infected PCs
into spam-generating machines, launching
the propaganda from thousands of hosts.
The virus, which was sent an estimated 10
million times during the first few days of
attacks, has since slowed, and the risks
have been downgraded to "medium" by
most security firms, including McAfee. "
Most of the mail contains a single URL
directing recipients to a range of online
articles in reputable German newspapers
and magazines promoting political
messages with right-wing tendencies,
according to Stephen White, Head of Anti-
MessageLabs.
"This latest attack by the Sober author is
comparatively sophisticated and has
obviously been well planned," White said.
"It appears that previously unexploited
networks of machines were infected with
earlier incarnations of the Sober worm."
The timing of the attacks coincides with last
week's celebrations of the 60th anniversary
of the end of World War II. Many of the 72
variations of the e-mail refer to "war-related"
political messages, such as the Allied
bombing of Dresden in 1945.
The spam also included links to the
German Web sites for the far-right National
Democratic Party.
The Sober virus has now had over 20
incarnations, the most recent coming earlier
this month when scammers began gearing
up for the 2006 World Cup, to be held in
Germany, by sending millions of virus-
carrying e-mails advertising ticket
confirmations for the matches.
Other messages sent in Sober.q contain
racist rants in both English and German
against allowing Turkey into the European
Union.
Story By Ccucu
Websense warns of new
cyber attack that holds
files hostage
A hacker encrypts files on a user's
computer, then demands money to
decrypt them
A hacker has apparently found a way to
encode computer files and hold them
hostage until the intended victim pays for a
decoder tool to unlock the files.
The original infection occurs when the user
visits a malicious Web site that exploits a
vulnerability in Microsoft Corp.'s Internet
Explorer Web browser, according to San
Diego-based Websense Inc., which
uncovered the extortion attempt.
"We had a report from the field, but [we] do
not divulge what our source for that is," said
Dan Hubbard, senior director of security
and research at Websense. "What
happened was after doing some forensics
on the actual computer that was infected,
we noticed that the user visited a Web site
that has since been shut down. And the
site, through an Internet Explorer
vulnerability, downloaded some code onto
the machine and ran it without user
intervention."
Hubbard said the sole purpose of the
infection was to go to a second Web site
and download another piece of code.
"So first the Trojan [horse] downloader
infected the machine, then the downloader
went to a second Web site and downloaded
the new code and then started its process,"
Hubbard said. "It goes through and looks at
your hard drive for around 12 different file
types, including documents, photos,
databases, Zip files and spreadsheets, and
if it matches those file types, it actually
encodes the data."
According to Hubbard, the malware goes
through all drives on a machine, whether
they're removable or not, and at the end of
the process deletes itself -- leaving behind
a text file with instructions on who to
contact to have the files changed back to a
readable format.
"In this particular case, the end user did
contact the third party, and there was a
request to deposit $200 in an E-Gold
account, but that did not happen," he said.
Instead, Joe Stewart, a senior security
researcher at Lurhq Corp. in Chicago,
looked into the case after hearing about it
and contacted Websense with a solution. "I
took a look at the encryption scheme and
found that it was a pretty trivial and easy to
break encryption scheme," Stewart said.
"So I wrote a decryptor for that and put that
information out there for our customers -- to
tell them that if they get hit by this, we can
decrypt it and you don't have to pay this guy
ransom."
That solution might not work next time,
experts said.
Although this hacker used a weak form of
encoding, someone in the future could use
a much more sophisticated level of
encryption, Hubbard said. Or a hacker
could remove the files or transfer them to
another location and try to extort money for
their return, he said.
"This was not a very sophisticated
technique, although it was a fairly ingenious
idea," Hubbard said.
Stewart agreed.
"If this evolves, and the person keeps
getting more and more money from it -- and
if they see the need for more advanced
encryption -- they could put it in, and we
wouldn't be able to break it," he said. "All
we would be able to rely on is getting the
key from the original Trojan author, which
means you would have to either pay the
ransom or law enforcement would have to
actually catch the guy and get the key off
his hard drive."
"It's like someone coming into your house,
putting all of your valuables into a safe and
not telling you the combination until you pay
them," said Oliver Friedrichs, a security
manager at Cupertino, Calif.-based
Symantec Corp. "It is a disturbing new trend
and really a subversive use of cryptography
that we haven't seen in the past. In the
past, cryptography has been largely used to
protect information. In this case, it's being
used to hold your information hostage."
Hubbard said the best protection against
this type of cyber attack is staying up to
date on latest security patches and making
sure users have the latest signatures for the
security software on their computers.
"The not-so-obvious is trying to learn about
these types of things ... and to know where
to go if something does happen," Hubbard
said.
Story By Ccucu
McAfee Seeks VirusScan
10 Testers
Security software maker McAfee is
readying a slew of betas for the second half
of 2005. Among the tests is the 10.0
release of McAfee's flagship VirusScan that
improves instant messenger scanning,
alerts for malicious scripts and worm-like
activity, Windows Explorer integration, and
Microsoft Outlook integration.
McAfee Personal Firewall Plus 7.0, McAfee
SpamKiller 7.0 and McAfee AntiSpyware
2.0 are also currently in beta. McAfee
Privacy Service 8.0 and McAfee
QuickClean 6.0, meanwhile, are on the
docket for mid-June. Testers may
participate by visiting McAfee's Beta
Program Web site. Some incentives to test
the software include free licenses and an
iPod Shuffle giveaway.
Story By LostJohn
Hong Kong hits spammers
where it hurts
Hong Kong is to implement tough anti-
spam laws to combat companies that
send unsolicited emails.
The new law will also cover companies that
send unsolicited faxes, phone calls and text
messages.
However Yahoo News reported "manually
made cold calls" will still be allowed to aid
normal business practice.
The law, expected next year, has been
crafted after a consulting period with
industry groups and mobile operators.
The legislation will follow imminent anti-
spam measures in China.
Elsewhere in the region, the phone
numbers of 600 Chinese celebrities were
posted online last Saturday. According to
the Beijing Daily Star, writers, film directors
and actors were inundated with calls
following the leak, leading to many
changing their numbers.
News By Ccucu
Big ISP = Big zombie army
Swathes of virus-infected PC's are being
hosted on some of the worlds biggest
ISP's including AOL, Bellsouth and
Verizon.
Analysis of zombie networks by DDoS
security company Prolexic showed high
profile ISPs are the most likely to harbor
compromised machines.
"It isn't surprising, it is these networks that
are continually exploited to support large-
scale DDoS attacks," said Barrett Lyon,
CTO at Prolexic. "Just because a home
user subscribes to a reputable brand
doesn't mean they're safe from the online
criminal fraternity."
Along with AOL, Bellsouth and Verizon,
Comcast were criticized. Significantly,
EarthLink, another sizeable ISP was not on
the list of main offenders.
The report also highlighted major changes
in the way that DDoS attacks have been
coordinated over the last year, focusing
less on layer-3 TCP and hitting weak DDoS
mitigation devices.
"We have seen a 100 percent failure rate in
several DDoS mitigation devices. Hardware
does a poor job in identifying attacks that
emulate legitimate traffic. Therefore,
enterprises that rely on these devices are
particularly vulnerable to this attack vector.
Essentially, extortionists are becoming
more intelligent and circumnavigating the
security put in place to stop them," said
Lyon. The report also revealed that Hong
Kong is the most infected country per
capita. Which may explain the country's
spam problem, due to be addressed by
upcoming anti-spam legislation.
News By Ccucu
Hacker Hunters "In January, 2004, a new virus called
MyDoom attacked the Web site of the SCO
Group Inc. (SCOX ), a software company
Business week in its May 30 2005 edition
that claimed the open-source Linux
publishes a story about the work of the
program violated its copyrights. Most
Secret Service (US) in its battle to protect
security experts suspected the virus writer
computer users everywhere. The paper
was a Linux fan seeking revenge. They
publishes a report about how the "Hacker
were wrong. While the SCO angle created
Hunters" is using new computer technology
confusion, MyDoom acted like a Trojan
and on-line wiretaps (and a bit of good old
horse, infecting millions of computers and
fashioned social engineering) as well as
then opening a secret backdoor for its
regular police gumshoe tactics to penetrate
author. Eight days after the outbreak, the
and bring down a hacker equivalent of
author used that backdoor to download
mafisto crime.
personal data from computer owners. F-
Secure's Hypponen figured this out in time
http://www.businessweek.com/magazine/co
to warn his clients. It was too late, however,
ntent/05_22/b3935001_mz001.htm
for many others. MyDoom caused $4.8
billion in damage, the second-most-
This is a good read. Something everyone in
expensive software attack ever.
both the white and grey hat communities
should read and pass on to all of your News By Ccucu
contacts."

I came onto this story while scanning DEFCON 13, July 29-31,
Groklaw. http://www.groklaw.net/index.php Las Vegas, NV 2005, Alexis
The story has a number of Park
interesting sub scripts, the
main story of how the
criminal gang known as http://www.defcon.org
shadowcrew.com; the
inside workings of a part
of law enforcement that will touch us all, on
both sides of the law, and some other
tidbits like the story of the Russian gang
that seems immune to legal proceedings.
Capture the Flag, WarDriving Contests, Wi-
At the heart of this is a fusion of whitehat Fi Contests, TCP/IP Drinking Games,
workers from many far flung organizations Dozens of quality speeches, Hacker
and law enforcement to be the face of the Jeopardy, Spot the Fed, Dunk The Hacker,
greater good fighting those who would use Coffee Wars, TCP/IP Drinking Contest
computers and the internet against us. (w/Mudge), Lock Picking Contests,
Scavenger Hunts, and more fun than the
At the same time there was one interesting feds can fit into a trip report!
side note that Groklaw pointed out and I put
for you here. News By Ccucu
EliteTorrents shut down by
U.S. customs and FBI
EliteTorrents, a well known and one of the
most used BitTorrent sites has been shut
down today by the Federal Bureau of
Investigation and US Immigration and
Customs Enforcement. Here is the entire
press release...
WASHINGTON, D.C. - Acting Assistant
Attorney General John C. Richter of the
Criminal Division, Homeland Security
Assistant Secretary for Immigration and
Customs Enforcement Michael J. Garcia,
and Assistant Director Louis M. Reigel of
the FBI's Cyber Division today announced
the first criminal enforcement action
targeting individuals committing copyright
infringement on peer-to-peer (P2P)
networks using cutting EDGE file-sharing
technology known as BitTorrent.
This morning, agents of the FBI and U.S.
Immigration and Customs Enforcement
(ICE) executed 10 search warrants across
the United States against leading members
of a technologically sophisticated P2P
network known as Elite Torrents. Employing
technology known as BitTorrent, the Elite
Torrents network attracted more than
133,000 members and, in the last four
months, allegedly facilitated the illegal
distribution of more than 17,800 titles-
including movies and software-which were
downloaded 2.1 million times.
In addition to executing 10 warrants, federal
agents also took control of the main server
that coordinated all file-sharing activity on
the Elite Torrents network. Anyone
attempting to log on to Elitetorrents.org
today will receive the following message:
"This Site Has been Permanently Shut
Down by the Federal Bureau of
Investigation and U.S. Immigration and
Customs Enforcement."
"Our goal is to shut down as much of this
illegal operation as quickly as possible to
stem the serious financial damage to the
victims of this high-tech piracy-the people
who labor to produce these copyrighted
products," said Acting Assistant Attorney
General Richter. "Today's crackdown sends
a clear and unmistakable message to
anyone involved in the online theft of
copyrighted works that they cannot hide
behind new technology."
"Internet pirates cost U.S. industry
hundreds of billions of dollars in lost
revenue every year from the illegal sale of
copyrighted goods and new online file-
sharing technologies make their job even
easier," said Assistant Secretary Garcia.
"Through today's landmark enforcement
actions, ICE and the FBI have shut down a
group of online criminals who were using
legitimate technology to create one-stop
shopping for the illegal sharing of movies,
games, software and music."
"The theft of
copyrighted material
is far from a
victimless crime,"
said Assistant
Director Reigel of the
FBI. "When thieves
steal this data, they
are taking jobs away
from hard workers in industry, which
adversely impacts the U.S. economy. The
FBI remains committed to working with our
partners in law enforcement at all levels
and private industry to identify and take
action against those responsible."
Building on the success of Operation
Gridlock, a similar takedown announced by
federal law enforcement last August that
has already led to the felony convictions of
three P2P copyright thieves, Operation D-
Elite targeted the administrators and "first
providers" or suppliers of copyrighted
content to the Elite Torrents network. By
utilizing BitTorrent, the newest generation
of P2P technology, Elite Torrents members
could download even the largest files-such
as those associated with movies and
software-far faster than was possible using
more traditional P2P technology.
The content selection available on the Elite
Torrents network was virtually unlimited and
often included illegal copies of copyrighted
works before they were available in retail
stores or movie theatres. For example, the
final entry in the Star Wars series, "Episode
III: Revenge of the Sith," was available for
downloading on the network more than six
hours before it was first shown in theatres.
In the next 24 hours, it was downloaded
more than 10,000 times.
Operation D-Elite is being conducted jointly
by ICE and the FBI as part of the Computer
And Technology Crime High Tech
Response Team (CATCH), a San Diego
task force of specially trained prosecutors
and law enforcement officers who focus on
high-tech crime. Federal and state member
agencies of CATCH include the ICE, the
FBI, the Department of Justice, the San
Diego District Attorney's Office, San Diego
Police Department, the San Diego Sheriff's
Department, and San Diego County
Probation.
Operation D-Elite was coordinated and will
be prosecuted by the Justice Department's
Computer Crime and Intellectual Property
Section, with the assistance and support of
Computer Hacking and Intellectual Property
(CHIP) coordinators in San Diego and U.S.
Attorneys' Offices in Arizona, Illinois,
Kansas, Ohio, Pennsylvania, Texas,
Virginia and Wisconsin.
The Motion Picture Association of America
provided valuable assistance to the
investigation.
Early reports from sites like Slyck.com said
the site was hacked but as the day went on,
it became clear what had happened. The
worst thing about the press release for
EliteTorrent users is that it seems to imply
that some of the users of the site are also
under criminal investigation.
Source: FBI
News by Ccucu
Meet the teen who’s
teaching policemen how to
be ethical hackers
Neeraj Pattath is one of an elite group of
youngsters bringing cops up-to-date
about cyber crime
Mumbai, May 24: NEERAJ Pattath (17) is
quite the average teenager. He’s appeared
for his SSC exams. He hates math. He
loves surfing the Net.
There’s just one major difference. For the
last three months, Pattath has been helping
teach policemen how to detect and solve
cyber crimes at World’s Mumbai Cyber Lab.
A joint venture by the National Association
of Software and Service Companies position to register complaints and guide
(Nasscom) and the Mumbai Police, the lab complainants.’’
was initially meant exclusively for city police
officers. Though the instructors currently work for
free, both the Mumbai Police and Nasscom
Its staff now also trains everyone from sub- are working on a proposal to get them on to
inspectors to additional commissioners of the payroll.
police in Mumbai as well as officers in
Thane, Pune and Nashik. ‘‘But I don’t really mind working gratis,’’
smiles senior volunteer Pritam Kale (25). A
Pattath is the latest—and youngest—in a rank holder from Matunga’s Veermata
batch of 15 volunteers aged 17 to 30 that Jijabai Technological Institute, Kale admits
the lab has been using since March 2004. that many of his classmates are now
earning as much as
‘‘It’s strange, but in 2002, I approached the
Mumbai Cyber Crime Investigation Cell for
a job. They said I should only apply after I’d
completed my Std XII and police training. I
found that too long-drawn-out and just
continued surfing the Net. Today, I train the
police.’’ Interestingly, Pattath today is
awaiting his class tenth results—his fourth
attempt at that.

In his class, policemen aged 35 to 50 first

learn how to surf the Net and send e-mail.
Each batch of 15 is then given a crash
course in how hacking happens and basics
like how to trace an e-mail or Internet
Protocol (IP) address—all in one seven-day
camp.
The course also includes case studies that
illustrate and explain various sections of the
Information Technology Act, 2002, so the
policemen can familiarize themselves with
the basics of the legislation.
‘‘Every month, we call in two or three
instructors from among these 15. They’re
all registered with Nasscom and they help
out depending on their schedule,’’ said
Nasscom Project Head Vikrant Pawar.
‘‘And with the help of these training
sessions, policemen are now in a better
Rs 30,000 per month. ‘‘But I don’t think their
life is half as exciting as mine,’’ he grins.
And the ‘students’ admit they’re enjoying
the course. ‘‘I like it so much that I wish I
could stay longer,’’ said Inspector Abhay
Saigaonkar (45) of the Byculla police
station.
‘‘I used to be clueless about cyber crime,’’
added G Neklikar (40) of the Dharavi police
station. ‘‘Now, I can guide complainants
knowledgeably and even trace e-mail and
IP addresses.’’
News by Ccucu
Paris Hilton Hack Started
With Old-Fashioned Con
Source Says Hacker Posed as T-Mobile
Employee to Get Access to Information
The caper had all the necessary ingredients
to spark a media firestorm -- a beautiful
socialite-turned-reality TV star,
embarrassing photographs and messages,
and the personal contact information of
several young music and Hollywood
celebrities.
When hotel heiress Paris Hilton found out in
February that her high-tech wireless phone
had been taken over by hackers, many
assumed that only a technical mastermind
could have pulled off such a feat. But as it
turns out, a hacker involved in the privacy
breach said, the Hilton saga began on a
decidedly low-tech note -- with a simple
phone call.
Computer security flaws played a role in the
attack, which exploited a programming
glitch in the Web site of Hilton's cell phone
provider, Bellevue, Wash.-based T-Mobile
International. But one young hacker who
claimed to have been involved in the data
theft said the crime only succeeded after
one member of a small group of hackers
tricked a T-Mobile employee into divulging
information that only employees are
supposed to know.
The young hacker described the exploit
during online text conversations with a
washingtonpost.com reporter and provided
other evidence supporting his account,
including screen shots of what he said were
internal T-Mobile computer network pages.
Washingtonpost.com is not revealing the
hacker's identity because he is a juvenile
crime suspect and because he
communicated with the reporter on the
condition that he not be identified either
directly or through his online alias.
A senior law enforcement official involved in
the case said investigators believe the
young hacker's group carried out the Paris
Hilton data theft and was also involved in
illegally downloading thousands of personal
records from database giant LexisNexis Inc.
The source asked not to be identified
because of his role in this and other
ongoing investigations.
A third source, a woman who has
communicated with the hacker group's
members for several years, also confirmed
key portions of the young hacker's story
and said she saw images and other
information downloaded from Hilton's T-
Mobile account hours before they were
released on several Web sites.
T-Mobile declined to comment on the
details of the hacker's account of the Paris
Hilton incident, saying through a
spokesman that the company cannot
discuss an ongoing investigation. The
spokesman said the company "will work
with federal law enforcement agencies to
investigate and prosecute anyone that
attempts to gain unauthorized access to T-
Mobile systems."
Getting Access
In the months leading up to the Hilton
incident, the hacker group freely exploited a
security glitch in the Web site of wireless
phone giant T-Mobile, according to the
hacker, who described himself as the
youngest member of the group. The group
had found that a tool on the T-Mobile site
that allowed users to reset their account
passwords contained a key programming
flaw.
By exploiting the flaw, the group's members
were able to gain access to the account of
any T-Mobile subscriber who used a
"Sidekick," a pricey phone-organizer-
camera combination device that stores
videos, photos and other data on T-Mobile's
central computer servers.
The hackers could only exploit the Web site
vulnerability if they actually knew a Sidekick
user's phone number. The loose-knit group
had grown bored of using the flaw to toy
with friends and acquaintances who owned
Sidekicks and decided to find a high-profile
target, one that would ensure their exploits
were reported in the press, the young
hacker said. They ultimately settled on
Hilton, in part because they knew she
owned a Sidekick; Hilton had previously
starred in a commercial advertising the
device.
The group's members --- who range in age
from their mid-teens to early 20s -- include
a handful of "AOLers," a term used in
hacker circles to describe youths who
honed their skills over the years by
tampering with various portions of the
network run by Dulles, Va.-based America
Online Inc. Four members of the group
have all met face-to-face, but as with most
hacking groups, the majority of their day-to-
day interactions took place online.
Before gaining access to Hilton's wireless
phone account, the group had spent a year
studying weaknesses in T-Mobile's Web
sites. The group member interviewed for
this story had already written a simple
computer program that could reset the
password for any T-Mobile user whose
phone number the hackers knew.
According to the young hacker's account,
the Hilton caper started the afternoon of
Feb. 19, when a group member rang a T-
Mobile sales store in a Southern California
coastal town posing as a supervisor from T-
Mobile inquiring about reports of slowness
on the company's internal networks.
The conversation -- which represents the
recollection of the hacker interviewed by
washingtonpost.com -- began with the 16-
year-old caller saying, "This is [an invented
name] from T-Mobile headquarters in
Washington. We heard you've been having
problems with your customer account
tools?"
The sales representative answered, "No,
we haven't had any problems really, just a
couple slowdowns. That's about it."
Prepared for this response, the hacker
pressed on: "Yes, that's what is described
here in the report. We're going to have to
look into this for a quick second."
The sales rep acquiesced: "All right, what
do you need?"
When prompted, the employee then offered
the Internet address of the Web site used to
manage T-Mobile's customer accounts -- a
password-protected site not normally
accessible to the general public -- as well
as a user name and password that
employees at the store used to log on to the
system.
To support his story, the hacker provided
washingtonpost.com with an image of a
page he said was from the protected site.
T-Mobile declined to comment on the
screenshot, and washingtonpost.com has
no way to verify its authenticity.
Inside the Walls
The hackers accessed the internal T-Mobile
site shortly thereafter and began looking up
famous names and their phone numbers. At
one point, the youth said, the group
harassed Laurence Fishburne, the actor
perhaps best known for his role in the
"Matrix" movies as Morpheus, captain of the
futuristic ship Nebuchadnezzar.

"We called him up a few times and said,
'GIVE US THE SHIP!'" the youth typed in
one of his online chats with a reporter. "He
picked up a couple times and kept saying
stuff like YOUR ILLEGALLY CALLING ME."
Later, using their own Sidekick phone, the
hackers pulled up the secure T-Mobile
customer records site, looked up Hilton's
phone number and reset the password for
her account, locking her out of it. Typical
wireless devices can only be hacked into by
someone physically nearby, but a
Sidekick's data storage can be accessed
from anywhere in T-Mobile's service area
by someone with control of the account.
That means the hackers were at that point
able to download all of her stored video,
text and data files to their phone.
"As soon as I went into her camera and saw
nudes my head went JACKPOT," the young
hacker recalled of his reaction to first
seeing the now-public photos of a topless
Hilton locked in an intimate embrace with a
female friend. "I was like, HOLY [expletive]
DUDE ... SHES GOT NUDES. THIS
[expletive]'s GONNA HIT THE PRESS SO
[expletive] QUICK."
The hackers set up a conference call and
agreed to spread the news to several
friends, all the while plotting ways to get the
photos up on various Web sites. Kelly
Hallissey, a 41-year-old New York native
who has been in contact with the group of
hackers for several years, said the group's
members showed her evidence that they
had gained access to Hilton's phone during
these early hours -- before the images
made their way online.
By early Feb. 20, the pictures, private notes
and contact listings from Hilton's phone
account -- including phone numbers of
celebrities such as Cristina Aguilera,
Eminem, Anna Kournikova and Vin Diesel -
- had appeared on GenMay.com (short for
General Mayhem), an eclectic, no-holds-
barred online discussion forum.
Within hours of the GenMay posting,
Hilton's information was published on
Illmob.org, a Web site run by 27-year-old
William Genovese of Meriden, Conn.,
known online as "illwill." (The FBI charged
Genovese in November with selling bits of
stolen source code for Microsoft Windows
2000 and Windows NT operating systems.)
By Monday morning, dozens of news sites
and personal Web logs had picked up the
story, with many linking to the illmob.org
post or mirroring the purloined data on their
own.
Hallissey, who describes herself as a kind
of "den mom" to a cadre of budding
hackers, confirmed that the teenage source
has been engaged in various hacking
activities for several years. Hallissey met a
slew of the hacker group's members after a
three-year stint during the 1990s as one of
thousands of people who helped AOL
maintain its online content in exchange for
free Internet access and various other
perks. Hallissey has since joined a still-
active wage lawsuit against AOL and
maintains www.observers.net, a Web site
critical of the Dulles-based company.
Hallissey said her sense of privacy has
been erased gradually over the past two
years as a result of her association with a
number of AOLers who playfully bragged to
her about their success with social
engineering. They showed her online
screen shots of her water, gas and electric
bills, her Social Security number, credit
card balances and credit ratings, pictures of
her e-mail inbox, as well as all of her
previous addresses, including those of her
children.
"This was all done not by skilled 'hackers'
but by kids who managed to 'social' their
way into a company's system and gain
access to it within one or two phone calls,"
said Hallissey, who asked that her current
place of residence not be disclosed. "Major
corporations have made social engineering
way too easy for these kids. In their call
centers they hire low-pay employees to
man the phones, give them a minimum of
training, most of which usually dwells on
call times, canned scripts and sales. This
isn't unique to T-Mobile or AOL. This has
become common practice for almost every
company."
AOL officials declined to comment about
the young hacker or other "AOLers" for this
story.
The Weakest Link
Security experts say the raiding of Hilton's
wireless account highlights one of the most
serious security challenges facing
corporations -- teaching employees to be
watchful for "social engineering," the use of
deception to trick people into giving away
sensitive data, usually over the phone.
In his book "The Art of Deception,"
notorious ex-hacker Kevin Mitnick says
major corporations spend millions of dollars
each year on new technologies to keep out
hackers and viruses, yet few dedicate
significant resources to educating
employees about the dangers of old-
fashioned con artistry.
"The average $10-an-hour sales clerk or
call-center employee will tell you anything
you want, including passwords," Mitnick
said in a telephone interview. "These
people are usually not well-trained, but they
also interact with people to sell products
and services, so they tend to be more
customer-friendly and cooperative."
During his highly publicized hacking career
in the 1990s, Mitnick -- who spent four
years in prison and now works as a
computer security consultant -- broke into
the computer networks of some of the top
companies in the technology and
telecommunications industries, but rarely
targeted computers systems directly.
Rather, he phoned employees and simply
asked them for user names, passwords or
other "insider" data that he could use to
sound more authentic in future phone
inquiries. "This kind of thing works with just
about every mobile carrier," Mitnick said.
He said all of the major wireless carriers --
not just T-Mobile -- are popular targets for
social engineering attacks. Mitnick said he
knows private investigators who routinely
obtain phone records of people they are
investigating by calling a sales office at the
target's wireless carrier and pretending to
be an employee from another sales office.
Mitnick described how an investigator will
claim to have the customer they're
investigating in the store, but can't access
their data because of computer trouble.
Then the investigator asks the sales
representative at the other store to look up
that person's password, account number
and Social Security number. In many cases
the employee provides the information
without verifying the caller's identity. Armed
with that data, he said, investigators usually
can create an account at the wireless
provider's Web site and pull all of the
target's phone records.
Large organizations that maintain
numerous branches around the country are
especially susceptible to social engineering
attacks, said Peter Stewart, president of
Baton Rouge, La.-based Trace Security, a
company that is hired to test the physical
and network security for some of the most
paranoid companies in the world: banks.
More often than not, Stewart says, his
people can talk their way into employee-
only areas of banks by pretending to be a
repairman or just another employee. In
most cases, the break-in attempts are aided
by information gleaned over the phone.
"Usually your corporate headquarters are
more stringent and things get more lax the
further away from there you get," Stewart
said. "The larger you are as a company the
more likely it is that you're not going to
know everyone by name, and lots of
companies have no policy in place of
verifying who's calling you and how to
respond to that person."
'Web Security 101'
Social engineering can be difficult to
counter, but the now-infamous Paris Hilton
attack follows other recent serious T-Mobile
security breaches engineered by hackers.
On Feb. 15, Nicolas Jacobsen, 22, of Santa
Ana, Calif., pleaded guilty to compromising
a T-Mobile Web server that granted access
to hundreds of wireless accounts. He faces
a maximum of five years in jail and a
$250,000 fine at a sentencing hearing
originally scheduled for mid-May.
Jacobsen was arrested last fall by the U.S.
Secret Service as part of a large-scale
investigation into an international online
credit card fraud ring. According to court
records, Jacobsen had hijacked hundreds
of T-Mobile accounts, including a mobile
phone belonging to a then-active Secret
Service agent. Jacobsen had posted to an
online bulletin board that he could be hired
to look up the name, Social Security
number, birth date, and voice-mail and e-
mail passwords of any T-Mobile subscriber.
T-Mobile later alerted 400 customers that
their e-mails, phone records and other data
had been compromised as a result of that
break-in.
The court files don't give details about how
it happened, but Jack Koziol, a senior
instructor for the Oak Park, Ill.-based
InfoSec Institute, said the intruder likely
took advantage of security flaws in the
company's Web servers. Koziol conducted
an informal audit of T-Mobile's site in March
and uncovered hundreds of pages run by
Web servers vulnerable to well-known
security flaws, he said.
"It's pretty amazing how poorly secured
their Web properties are," said Koziol,
whose company offers training to corporate,
law enforcement and government clients on
the latest techniques and tactics used by
hackers. "Most of these flaws are simple
Web Security 101, stuff you'd learn about in
the first few chapters of a basic book on
how to secure Web applications."
T-Mobile officials declined to say what
steps they took to close the security holes
identified by the Hilton hackers or how
many other accounts may have been
hijacked.
"T-Mobile has invested millions of dollars to
protect our customers' information, and we
continue to reinforce our systems to
address the security needs of our
subscribers," company spokesman Peter
Dobrow wrote in an e-mail. "For our
customers' protection, we do not publicly
disclose the specific actions taken to
reinforce our systems."
News By Coldrock

In this issue of "Masters of
WareZ", I bring you the
man who I admire the
most, the man who is like a
second father, and, also
like a brother to me. So
here is WiZzMaster, the
man who cracked XP SP 2,
before it was officially out,
"The King of WareZ".
lil' intro about who wizz is...
Note: All of You who will read this, should
have in mind that this text was written in 4
in the morning, after about 40 hours that I'm
awake...
How I started:
My first interest was more in hacking, in
time when there was much less pages
about it and it was all in complete
underground, 3-4-5 years. That's how I got
to xhackers.com, old page filled with
hacking tips, ware and dss hacking
materials, unfortunately that page doesn't
exist anymore, at least not in that sense.
There I got active, mostly in warez and
cracks sections, and I found some neat
peeps there like T, Looper, Phat and few
more who are still today around net.. old
hackers, who do things in old fashioned,
completely ethical way... Quite quickly I
became mod there, and that was big thing,
it was big page with almost 20000
members, with paid sections etc. that was
like original job, big thing and great honor to
work with those neat old guys.
We worked together on few projects and
later, and I was around warez scene all the
time.. when I decided to start running my
own pages.
First page was wizzwarez.info, which went
down and doesn't exist anymore..(IPB took
me down, 4 using their board software,
pirated, how ironically). Not long after,
almost a year ago new project came,
wizzworld.info and later wizzworld.org, first
my big warez forum and first real quality
site.
After that, all is history,
wareznewsmagazine.com, cracksww.com,
speedking.info etc.
My ideas:
I'd like to start a magazine, online first,
meant to serve for education of public...
including a lot of How-To's and hints, about
fast growing computer technology, written
lightly for common users...
Educational and guidance oriented for new,
less accommodated, and novice users
which yet have to fight for their right to
survive and become experts and tutors for
next generation of PC users...
I'd like to start educational, training and
motivating camps for talented users, with
special accent on creativity and
imagination, in creating and developing of
new technology solutions, software and
tools for easier handling of more and more
sophisticated PC machines...
 be implicated in every expect of modern
With contests for best works in various thinking and living...
fields, solutions and improvement in
computer technologies...

Offering the short courses inside big and

small corporations, handling& creating
platforms and systems for new businesses
and improving of persisting ones...
Help for all, but for a piece of their
improvement in jobs, «slice of cake» in their
success...

Not involving in big ambitious projects, we

will sooner or later (ourselves) invent or
create something revolutionary... My skills
in computing and programming aren't
nearly enough for developing of software
and other related stuff, but my
imagination&small technical knowledge
could produce revolution things and
innovations in technology... ONLY IF, I find
a crew that could put those ideas in
numbers...
If someone could follow and technically
support my ideas, concepts and visions,
that should be a winning combination for
the whole new solutions in software and
technology by all means...
Why am I writing all this?
My expectations from computers and
software already created, are much higher
that they can provide for now... Lot of ideas
and system solutions are not technically
possible yet (far as I know)...
Reading this you got to have in mind that
I'm not some Sci-Fi freak, dreaming about
flying saucers, Star Trek tools that are
beyond 90% of people’s imagination...
In all, my basic theory is that man (and
women) uses so little of their potentials, can
My goal is not to find solution for life on
Mars, my idea is to form a group of people
who will find solution for that, or at least to
make living there less painful as possible...
I don't want a Nobel Price for revolutionary
invention, I want memorial museum with all
improvements in peoples lives, that was
result of my small contribution, or in which I
participated in some way during my life...
Build by all of them who are grateful to
me&my crew, for starting and motivating
other in creation of something what is yet to
be achieved... And first of all, those who
learned that anybody can be, and should be
creator of its own destiny...
That is extremely important, because things
are going now and will go further, global
situation leads to unknowledgeable,
indifference, low interest in own (for You
relevant issues) capabilities... Making us
slaves of machines, technology and
governments more and more dependable
on them, rather than to ourselves...
Things meant to be for fun, enjoy and help
for everyone, now serve to a few, creating
slaves of people who aren't prepared for
changing their «way of life»... It's about time
for human kind to take control in human-
machine (sort of contest) war, in which
more that we are developing technology,
we are less capable to have complete
control over it...
all, or at least until we learn how to
manipulate them by all means...
Or we should better try to improve
ourselves in any possible ways first... Our
capability to use about 5% of our brain,
speaks enough in my favor... FOR NOW...
My advice for newbies:

We will learn how to handle it, or it will start

to handle us... 2 words: ethical hacking.

In first reactions I expect laughter and
public judgment for (in some way) my critics
about people and their lives, but time and
history shows that only thing which could
bring our persistence in question, is
something what we will produce...
Hack to improve things, not to brake and
steal somebody's private property, find and
learn new skills which all are going to
benefit from.
Article by WiZzMaster

Something we will create, too good and

better than it should be... That something
will one day make decisions about our
purpose and reason (or what benefit is from
us) we are here at all...

This discussion now goes in 2 ways:

Each story on its own bases, means and

developments prospects, leads and goes in
a wrong way...

1. Story: Genetic Manipulation

2. Story: AI (Artificial Intelligence)

Both of stories leads to a point, point where

evolution is showing and presenting in most
beautiful, and in some brutal (hard to
understand) ways...

Main Point; Creation on new always have

for result that old, less functional model is
no longer needed, sooner or later...
Having GM & AI on our doorsteps, we
should first check are we needing them at
The Anonymity Tutorial
Note: whenever you see something like
this: blah(1) it means that if you don't
understand the meaning of the word blah
there's an explanation for it just for you,
located on the newbies corner on section 1.
Note 2: if you're having a hard time reading
this page because you have to scroll to the
right whenever a long line comes, it's
probably because you're not using "word
wrapping".
Most UNIX text editors and advanced
Windows editors (and some less advanced
ones like WordPad) do this by themselves.
To do word wrapping on Microsoft Notepad,
simply go to Edit and then click on "Word
wrapping".
Disclaimer
We do not encourage any kinds of illegal
activities. If you believe that breaking the
law is a good way to impress someone,
please stop reading now and grow up.
There is nothing impressive or cool in being
a criminal.
Contents
Anonymity?
* You mean I have absolutely zero
anonymity on the web?
* So what? Why would I wanna be
anonymous anyway?
* Okay, I see your point. Anonymize me.
Proxies?
* What are proxies?
* What are public proxies?
* Where can I find lists of public proxies?
* Are they good for anything besides
anonymity?
* Okay, so how do I use them?
Wingates?
* What are Wingates?
* How can I use them to anonymize myself?
* Wingates sound useful. I wanna run one
on my own computer. How do I do it without
turning it into an "anonymity hive"?
* How can I tell IRC clients, instant
messengers such as ICQ, etc', to use
them?
Anonymous Remailers?
* What is an anonymous remailer?
* How can I use them to be more
anonymous?
* Why would a person start an anonymous
remailing service? Where's the catch?
Encryption?
* Why should I encrypt my Email?
* How can I encrypt my Email?
Cookies?
* What are cookies?
* Can they risk my privacy?
.chk files?
* What are they?
* How can they risk my privacy?
The Anonymizer?
* What is the anonymizer?
* How can I sign up?
Where can I learn more about anonymity?
* Useful URLs.
* Other useful tutorials by Black Sun.
Appendix A: Using AltaVista as a "proxy"
* How can I use AltaVista’s web translation
service to anonymize myself?
Appendix B: Spoofing browser history
* How can I spoof my browser's history?
Appendix C: the +x mode
Bibliography have terminated our account on our web
stats provider because they were quite
* http://www.theargon.com buggy and we've decided to use a php3-
* Anonymizer.com based text counter). There you will be able
* Various tutorials to see how much we can tell about our
Other Tutorials By Black Sun visitors
* FTP Hacking.
* Over clocking. 2) Another example: you're connected to an
* Ad and Spam Blocking. IRC network and you are chatting with your
* Send mail. friends. Right now all a person needs to find
* Phreaking. information on you is nothing but your
* Advanced Phreaking. nickname. He doesn't even have to know
* Phreaking II. you, or be in the same channel/channels
* IRC Warfare. you are. Here are a few examples of what
* Windows Registry. you can find by simply knowing a person's
* Info Gathering. nickname (in the most optimal conditions):
* Proxy/Wingate/SOCKS.
* Offline Windows Security. 1. Your real name.
* ICQ Security. 2. Your Email address.
3. Your IP address.
Anonymity? 4. Your hostname.
5. Your ISP.
Whether you realize it or not, the Internet is 6. Your continent.
not as anonymous as you might think. Here 7. Your country.
are a few examples: 8. Your city.

1) You enter a website. Once you hit any
one of the files on the web server, the
website owners can find out these pieces of
information about you, and much more:
1. Your IP Address.
2. Your hostname.
3. Your continent.
4. Your country.
5. Your city.
6. Your web browser.
7. Your Operating System.
8. Your screen resolution.
9. Your screen colors.
10. The previous URL you've been to.
11. Your ISP.
And this is just the tip of the iceberg. Go to
our homepage at blacksun.box.sk and find
the web statistics button (later addition: we
And much much more.
The same goes for online games that allow
players to view the other players' IP
addresses.
3) Suppose my name is Paul Matthews,
and my Email address is
pmatthews@boring.ISP.net. It is extremely
easy to figure out that the first letter of my
first name is P and that my last name is
Matthews, but that's not all.
Some ISPs give their entire listings to web
directories. Meaning, people can go to,
say... whowhere.com, punch in the words
Paul Matthews or search for people with
Matthews as their last name on
boring.ISP.net and find out that
pmatthews@boring.ISP.net does actually
belong to Paul Matthews, hence
discovering your real name.
But it is also possible to use these web
directories for 1,001 uses. Therefore you
should go to whowhere.com as soon as
possible, try to track down yourself and
then tell whowhere.com to delete your
listing.
4) Some ISPs also run finger daemons.
A daemon is a program that waits for
incoming connections on a specific or
several ports.
The finger daemon is a daemon that waits
for open connections on port 79. Once you
get in, you need to punch in a username on
the system the daemon runs on and you
will get tons of information about him.
For example: a while ago my ISP was
running a finger daemon on their servers
(until I forced them to take it off because it
was a privacy invasion). Now, suppose you
know nothing about me besides my Email
address, which is barakirs@netvision.net.il.
The first thing you should do is to go to
netvision.net.il on port 79 and hope there's
somebody there. If there is, you can find the
following information by typing in my
username, barakirs:
1. My real name.
2. When was the last time I was online.
3. If I'm online right now, since when have I
been online.
4. Whether I have new mail or not.
And much much more (some finger
daemons might give out any pieces of
information, such as my home address and
phone number).
Besides the obvious uses (finding a
person's real name and other private
information), you can use this information
for various purposes, such as:
1. Most instant messengers, such as ICQ,
AIM, YAHOO Instant Messenger and MSN
Instant Messenger, allow you to add people
in or outside your contact list to an "invisible
list", so they won't be able to know whether
you're online or not and you'll appear to be
offline to them. If they have your Email
address, and your ISP is running a finger
daemon, they are able to know whether
you're really offline or just trying to fool
them.
2. Your friend promised you to do
something for you on the net, but when you
finally go online to ask him if he's done it he
says that he just got back from work and
that he just got online. Using finger, you can
test this and see when he really got online.
These were just a little out of many
examples.
During this tutorial I will explain to you how
to prevent people from finding out
information about you (there will always be
new tricks, but blocking the most basic /
common ones will hold off most attackers
and make it harder for the more
experienced ones). If you really wanna
learn how to do these things, as well as
some really cool and advanced tricks, then
read the 'Info-Gathering' tutorial.
Proxies?
Proxies were first invented in order to
speed up Internet connections. Here's how
they work:
You are trying to connect to a server on the
other side of the planet. Your HTTP
requests are sent to your proxy server,
which is located at your ISP's headquarters,
which are a lot closer to you than that far-
away server. The proxy first checks if one
of its users has accessed this website
lately. If so, it should have a copy of it
somewhere on its servers. Then the proxy
server starts the connection only to check if
his version is not outdated, which only
requires him to look at the file size. If it has
the latest version, it will send the file to you,
instead of having the far server send it to
you, thus speeding up the connection. If
not, it will download the requested files by
itself and then send them to you.
But proxies can also be used to anonymize
yourself while surfing the web, because
they handle all the HTTP requests for you.
Most chances are that your ISP has a
proxy. Call tech support and ask them
about it. But the problems with proxy
access given to you by your ISP is:
1. Some ISPs don't even have proxies.
2. The website owner would still be able to
know what ISP you are using and where do
you live, since this kind of proxies are not
public and they can only be accessed by
users of that ISP. For such cases, there is a
solution - public proxies.
You can find a list of public proxies
everywhere. Here are two good URLs to
start from:
http://www.theargon.com
http://www.cyberarmy.com/lists
To configure your web browser to use a
proxy server, find the appropriate dialog
box in your settings dialog box (it varies
from different browsers).
Note: some proxy servers will also handle
FTP sessions (some might handle FTP
only).
Wingates?
Wingate is a program that is used to turn a
PC running Windows 9x or NT into a proxy
server. Here are several reasons for why a
person would want to run such an
application and turn his computer into a
proxy:
1. If he owns an ISP and he wants to set up
a proxy for it.
2. If he wants to turn his computer into a
public proxy.
3. If he wants to give Internet access to a
whole bunch of computers that are
connected by a Local Area Network, but he
can provide Internet access for only one
computer. In that case, he would turn his
computer into a proxy server and set all the
other computers on the network to use him
as a proxy. That way all the rest of the
computers on the network will relay their
HTTP and FTP requests through a single
computer, a single modem and a single
Internet account.
The problem with Wingates is that they're
highly... well... they're very... how should I
say this? Stupid. Just plain stupid. Why is
that?
EVERYONE can connect to your little proxy
by simply connecting to port 1080 on your
computer and typing 'target-ip-address-or-
hostname port' (no quotes) and replace
target-ip-address-or-hostname with the IP
address or the hostname they want to
connect to, and replace port with the
destination port. The "wingated" machine
will then relay your input through it, but it
will seem like the wingated machine is
connecting to the target computer, not you.
Sure, the sysadmin of the wingated
machine can change that port to a different
one, but this is the default, and if you're
stupid enough to use Wingate you probably
won't want to play with the defaults.
First of all, if you need to use Wingate for
some reason, use SyGate instead. It does
exactly what Wingate does, only it won't
serve EVERYONE like Wingate does.
Now, these Wingates can be used to
anonymize practically anything. Also, every
program that can be set to run behind a
SOCKS firewall (most IRC clients, most
instant messengers and most web
browsers) will automatically do the dirty
work of routing your stuff through it if you'll
give them the IP/hostname and the
appropriate port for the wingated machine.
Wingates can also be used to get into IRC
channels you got banned from (by faking
your IP).
WARNING: some IRC networks run bots
that will kick out people using Wingates.
These bots try to connect to random people
on port 1080. If they succeed, they kick you
out. This works because the IRC network,
as well as everyone on it, thinks that your
IP is the wingated machine's IP. If the bot
tries to connect to your IP on port 1080, it
will actually go to the wingated machine.
The bot will then detect that your IP is
actually a Wingate and kick you off (since
it's being run by the IRC network and given
enough privileges to kick out anyone).
You can find lists of Wingates at
http://www.cyberarmy.com/lists. There are
also tons of Wingate scanners out there
that can scan whole subnets and look for
Wingates, but this might take some time
(and make your ISP get suspicious), so
you'd just better go for Cyber Army’s lists.
Anonymous Remailers?
Previously I have demonstrated to you what
a person with very little knowledge can find
out about you just by knowing your Email
address. Now it is obvious that to keep your
privacy, you need to sign up for a free
Email account (such as Hotmail
[hotmail.com], Yahoo mail
[mail.yahoo.com], ZDNet Mail
[zdnetmail.com], Net @dress
[netaddress.com], Bigfoot [bigfoot.com]
etc'). But what if you had a special Email
address on a free server that automatically
forwards all incoming Email to your real
mailbox and keeps all the information
discreet?
These are called Anonymous Remailers.
Most of them are free and live out of
contributions and/or sponsor banners they
place on their website.
You can find many many Anonymous
Remailers at http://www.theargon.com.
Here's a good example for an Anonymous
Remailer:
First, head to http://anon.isp.ee (by the way,
the extension .ee stands for Estonia) and
sign up your free account. Once you're a
registered user, send an Email to
robot@anon.isp.ee with no subject and the
following content:
user: your username
pass: your password
realaddr: your recipient's Email address.
realsubj: the subject of your mail.
Example: if I want to send an anonymous
mail containing the following:
Subject: ANONYMITY RULEZ!!
Hi.
This is an anonymous Email message.
Let's see you trace me now!
to bgates@microsoft.com, and your
username is user and your pass is pass,
send the following Email to
robot@anon.isp.ee (remember not to enter
a subject):
user: user
pass: pass
realaddr: bgates@microsoft.com
realsubj: ANONYMITY RULEZ!!
Hi.
This is an anonymous Email message.
Let's see you trace me now!
You'll receive an Email notification from
anon.isp.ee once your message has been
delivered.
Once your recipient will reply to this Email,
the message will return to you.
You can also use web-based anonymous
remailers such as Replay Associates
(replay.com/remailer/anon.html), but it won't
let you receive replies.
Encryption?
Everyone can read your Email. Whether it's
some script kiddie who hacked your
Hotmail account, a skilled cracker (or a
script kiddie with a lot of free time) that
hacked your POP3 mailbox or a person
who got your Email by mistake. If you don't
want other people to read your Email, use
PGP.
Everyone who uses PGP can have their
own PGP key. A key consists of tons of
characters, whether they are lowercase or
uppercase letters, number or symbols. After
you make your key, you need to transfer it
to everyone you want to send encrypted
mail to. Once they have it, you can start
sending encrypted mail to them and they'll
be able to use your key to decrypt it.
More info on www.pgpi.com.
Note: PGP is very strong and can only be
broken with giant supercomputers. The
longer your key is, the harder it is to break
the encryption.
Cookies?
Have you noticed how all those websites on
the net are getting "smarter" all of a
sudden? You know, like the way message
boards remember your nickname, some
sites remember your password so you won't
have to retype it every time, electronic malls
remember what you last put in your virtual
shopping cart etc'.
This is all because of cookies. Cookies are
small files which a website can request your
browser to create and then retrieve
information from them. Websites can put
your password or any other information in
these files.
If you don't want your co-workers or other
people to sniff around and see where
you've been visiting, what items you've
been buying etc', you should delete them
when you don't need them.
On Unix, your cookies would usually be
stored somewhere in your home directory
(usually /home/your-login, /usr/your-login or
/usr/local/your-login if you're a regular user
and /root if you're root, but anyone with
write access to /etc/passwd can change
that).
On Windows and Mac, cookies are stored
on a sub-directory at your browser's
directory called cookies.
Note 1: you can tell your browser to ask you
before accepting a cookie. Just play around
with its preferences menu, you'll find it
(there are so many browsers out there so I
can't give a detailed explanation for every
single one).
Note 2: if you're browsing from a public
computer, do not save any cookies, or other
people will be able to snoop around and
look at your cookies or even enter various
websites with your passwords, your credit
card number etc'.
A reader called Stone Cold Lyin Skunk has
pointed out to me that the cookies.txt file
may be found in the netscape\users\default
directory. This happens when you register
your user (Netscape let's you have multiple
users for the same program, each user with
his own settings etc') without giving it a
username.
He also pointed out to me that some
websites will require you to accept cookies
in order to enter them.
Also, he recommended to beware of your
browser's history file (information on
removing it can be found on the "Where
Can I Learn More About Anonymity?"
chapter), as well as your cache and your
preferences.js files, because they may
reveal your browsing habits (where have
you been, etc').
.chk files?
Stone Cold Lyin Skunk has pointed out that
if you're running Windows and you do a
quick reboot (hold down shift while telling
Windows to reset) Windows generates a file
called FILE0001.chk, FILE0002.chk etc'
(usually found on c:\). You will be amazed
to see how much information you could find
in these files! Delete them ASAP!
The Anonymizer?
The Anonymizer is an Internet service that
helps you anonymize yourself better. The
Anonymizer's homepage is
www.anonymizer.com. Here's a snapshot
from anonymizer.com:
Company Overview
Anonymizer.com is a pioneer in Internet
privacy technologies, and the most popular
and trusted name in delivering online
privacy services. Anonymizer.com, today,
has many thousand subscribers to its paid
services and makes anonymous over 7.5
million pages a month. Lance Cottrell,
founder and President of Anonymizer.com,
authored the world's most secure
anonymous remailer, Mixmaster and has
been active for many years in promoting
free speech. Lance received his
undergraduate degree in physics from The
University of California, Santa Cruz and a
masters in Physics from The University of
California, San Diego.
Justin Boyan, while a Computer Science
Ph.D. student at Carnegie Mellon
University, designed and implemented
Anonymizer surfing. Anonymizer Surfing is
now in its 4th generation under
development by the Anonymizer
engineering team.
Our Mission
Our mission is to ensure that an individual's
right to privacy is not compromised once
they are online. We began this company as
a means to protect this right as embodied in
the United Nations' Universal Declaration of
Human Rights:
"No one shall be subjected to arbitrary
interference with his privacy, family, home
or correspondence, nor to attacks upon his
honor and reputation. Everyone has the
right to the protection of the law against
such interference or attacks."
While written 50 years ago, article 19 of this
document is now more than ever applicable
with the advent of the recent growth of the
Internet:
"Everyone has the right to freedom of
opinion and expression; this right includes
freedom to hold opinions without
interference and to seek, receive and
impart information and ideas through any
media and regardless of frontiers."
You can read the full Universal Declaration
of Human Rights on the following URL:
http://www.unhchr.ch/udhr/lang/eng.htm.
You can use The Anonymizer to surf the
web with anonymity for free by going to
anonymizer.com and typing in the target
URL where asked, or buy an Anonymizer
package, which will give you more benefits.
If you want some of the money you pay to
go to Black Sun, subscribe through the
following URL:
http://www.anonymizer.com/3.0/affiliate/doo
r.cgi?CMid=12437.
If you want, you too can join their affiltrates
program. Simply go to
http://www.anonymizer.com/3.0/affiliate/afd
oor.cgi?CMid=12437 for more information.
If you will subscribe through this URL, you
will still receive all the cash you deserve,
but we at Black Sun will also receive some
benefits.
Where Can I Learn More About Anonymity?
Useful URLs: http://www.theargon.com.
http://www.pgpi.com (for learning about
PGP encryption and how to use it to
encrypt your Emails)
IP Spoofing Demystified - a long article
from Phrack magazine on IP spoofing
(faking your IP). You can download it from
our books section.
http://www.cyberarmy.com/lists - for lists of
Wingates, Proxies and free shell accounts
you can surf from to anonymize yourself.
http://2waymedia.hypermart.net/hh/browser
s/index.htm - how to completely clear your
browser's history
Other useful Tutorials by Black Sun: IRC
Warfare by The Cyber God (for learning
more on Anonymizing yourself on IRC),
Proxy/Wingate/SOCKS tutorial by Jet and
Sendmail by me, R a v e N.
Appendix A: Using AltaVista as a proxy
If you go to altavista.com, and under their
tools section choose translation (or go
directly to the following URL:
http://babelfish.altavista.com/cgi-
bin/translate?), you can ask AltaVista to
translate web pages for you.
But you can also use this as a proxy, since
when you tell AltaVista to translate a web
page, AltaVista’s CGI translation script
retrieves the page for you.
Thanks to Yoink for this information.
Appendix B: Spoofing browser history
Here is something I got by Email from a
reader called Stone Cold Lyin Skunk:
set up a V3 redirect (http://www.v3.com or
something like that) then build a quick
webpage with a link to the site you want to
view discretely then go to your webpage via
the V3 redirect
all I know is that the URL indicator at the
top of the e browser
will not show the URL you visit even your
own .index page
it will only show the URL name
so if there is URL logging at your job or
school or whatever,
they can always surf to your homepage via
the V3, which they will
have. But, by then, you will have erased or.
Or maybe it has
"hidden" links (links the same color as the
background)...
in any case, they will not have your URLs
and they certainly
won't have proof you surfed there...
for instance, you may not want, say, your
local library sysop to know about Black
Sun...so you set up say, a Homestead
homepage (these are great because they
feature password protected pages) ...you
then
set up a V3 redirect to that page. Bingo-
you can now surf to the
page via V3, log in with your password, hit
all those cool hidden
links to Black Sun, Cyber Army,
peacefire.org what whatever, and the
URL snoop software will only record the
original http://surf.to/fakeoutname
... and don't forget, make the V3 Ural as
innocuous-sounding as possible...eg.
http://surf.to.backetweaving ... Appendix D: Anonymity on Usenet

Appendix C: the +x mode Do you post on Usenet regularly? Are you

In IRC, it is possible to put yourself into
mode x by typing '/mode yournick +x' (do
not include the quotes and replace yournick
with your own nick. For example: /mode
raven +x).
This tells the IRC server to hide your IP, so
when others try to /whois you or /dns you,
they won't be able to get your IP (they will
get a partial IP instead).
concerned about your anonimity?
Then you should go to www.deja.com and
sign up for a free account which will let you
post anonymously.
Nothing will be revealed about you, not
even your IP, since deja.com handles the
actual posting.
Tutorial by arjuna

This will only work on some servers, but

when you're on IRC, it is recommended to
use this option.

Also, there is a way to bypass this. By

simply creating a DCC connection with
someone else (either a DCC chat or a DCC
file transfer), you could then type 'netstat'
(without the quotes) on either Unix or
Windows/DOS and see what connections
your computer is currently handling. One of
them will be the DCC connection to that
other guy.

Why is that? Because DCC stands for

Direct Client Communication, which means
that DCC actions are not done through the
server, but directly (think - why would the
owners of the IRC server want people to
transfer files through their servers and
initiate private chats through their servers?
It'll just chew up some bandwidth). The
netstat command shows all current
connections (local or remote), and one of
them will be your DCC connection with that
other guy. You will then be able to see
his/her IP or hostname.

Note: on some networks this is done by

typing /mode yournick +z
How To Become A Hacker system. Real hackers call these people
'crackers' and want nothing to do with them.
Real hackers mostly think crackers are
What Is a Hacker?
lazy, irresponsible, and not very bright, and
object that being able to break security
The Jargon File contains a bunch of
doesn't make you a hacker any more than
definitions of the term "hacker", most having
being able to hotwire cars makes you an
to do with technical adeptness and a delight
automotive engineer. Unfortunately, many
in solving problems and overcoming limits.
journalists and writers have been fooled
If you want to know how to become a
into using the word 'hacker' to describe
hacker, though, only two are really relevant.
crackers; this irritates real hackers no end.
There is a community, a shared culture, of
The basic difference is this: hackers build
expert programmers and networking
things, crackers break them.
wizards that traces its history back through
decades to the first time-sharing
If you want to be a hacker, keep reading. If
minicomputers and the earliest ARPAnet
you want to be a cracker, go read the
experiments. The members of this culture
alt.2600 newsgroup and get ready to do five
originated the term 'hacker'. Hackers built
to ten in the slammer after finding out you
the Internet. Hackers made the Unix
aren't as smart as you think you are. And
operating system what it is today. Hackers
that's all I'm going to say about crackers.
run Usenet. Hackers make the World Wide
Web work. If you are part of this culture, if
The Hacker Attitude
you have contributed to it and other people
in it know who you are and call you a
1. The world is full of fascinating problems
hacker, you're a hacker.
waiting to be solved.
2. No problem should ever have to be
The hacker mind-set is not confined to this
solved twice.
software-hacker culture. There are people
3. Boredom and drudgery are evil.
who apply the hacker attitude to other
4. Freedom is good.
things, like electronics or music --- actually,
5. Attitude is no substitute for
you can find it at the highest levels of any
competence.
science or art. Software hackers recognize
these kindred spirits elsewhere and may
Hackers solve problems and build things,
call them 'hackers' too --- and some claim
and they believe in freedom and voluntary
that the hacker nature is really independent
mutual help. To be accepted as a hacker,
of the particular medium the hacker works
you have to behave as though you have
in. But in the rest of this document we will
this kind of attitude yourself. And to behave
focus on the skills and attitudes of software
as though you have the attitude, you have
hackers, and the traditions of the shared
to really believe the attitude.
culture that originated the term 'hacker'.
But if you think of cultivating hacker
There is another group of people who
attitudes as just a way to gain acceptance
loudly call themselves hackers, but aren't.
in the culture, you'll miss the point.
These are people (mainly adolescent
Becoming the kind of person who believes
males) who get a kick out of breaking into
these things is important for you --- for
computers and phreaking the phone
helping you learn and keeping you
motivated. As with all creative arts, the
most effective way to become a master is to
imitate the mind-set of masters --- not just
intellectually but emotionally as well.
Or, as the following modern Zen poem has
it:
To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.
So, if you want to be a hacker, repeat the
following things until you believe them:
1. The world is full of fascinating
problems waiting to be solved.
Being a hacker is lots of fun, but it's a kind
of fun that takes lots of effort. The effort
takes motivation. Successful athletes get
their motivation from a kind of physical
delight in making their bodies perform, in
pushing themselves past their own physical
limits. Similarly, to be a hacker you have to
get a basic thrill from solving problems,
sharpening your skills, and exercising your
intelligence.
If you aren't the kind of person that feels
this way naturally, you'll need to become
one in order to make it as a hacker.
Otherwise you'll find your hacking energy is
sapped by distractions like sex, money, and
social approval.
(You also have to develop a kind of have to
develop a kind of faith in your own learning
capacity --- a belief that even though you
may not know all of what you need to solve
a problem, if you tackle just a piece of it and
learn from that, you'll learn enough to solve
the next piece --- and so on, until you're
done.)2. No problem should ever have to
be solved twice.
Creative brains are a valuable, limited
resource. They shouldn't be wasted on re-
inventing the wheel when there are so
many fascinating new problems waiting out
there.
To behave like a hacker, you have to
believe that the thinking time of other
hackers is precious -- so much so that it's
almost a moral duty for you to share
information, solve problems and then give
the solutions away just so other hackers
can solve new problems instead of having
to perpetually re-address old ones.
(You don't have to believe that you're
obligated to give all your creative product
away, though the hackers that do are the
ones that get most respect from other
hackers. It's consistent with hacker values
to sell enough of it to keep you in food and
rent and computers. It's fine to use your
hacking skills to support a family or even
get rich, as long as you don't forget your
loyalty to your art and your fellow hackers
while doing it.)
3. Boredom and drudgery are evil.
Hackers (and creative people in general)
should never be bored or have to drudge at
stupid repetitive work, because when this
happens it means they aren't doing what
only they can do --- solve new problems.
This wastefulness hurts everybody.
Therefore boredom and drudgery are not
just unpleasant but actually evil.
To behave like a hacker, you have to
believe this enough to want to automate
away the boring bits as much as possible,
not just for yourself but for everybody else
(especially other hackers).
(There is one apparent exception to this.
Hackers will sometimes do things that may
seem repetitive or boring to an observer as
a mind-clearing exercise, or in order to
acquire a skill or have some particular kind
of experience you can't have otherwise. But
this is by choice --- nobody who can think
should ever be forced into a situation that
bores them.)
4. Freedom is good.
Hackers are naturally anti-authoritarian.
Anyone who can give you orders can stop
you from solving whatever problem you're
being fascinated by --- and, given the way
authoritarian minds work, will generally find
some appallingly stupid reason to do so. So
the authoritarian attitude has to be fought
wherever you find it, lest it smother you and
other hackers.
(This isn't the same as fighting all authority.
Children need to be guided and criminals
restrained. A hacker may agree to accept
some kinds of authority in order to get
something he wants more than the time he
spends following orders. But that's a limited,
conscious bargain; the kind of personal
surrender authoritarians want is not on
offer.)
Authoritarians thrive on censorship and
secrecy. And they distrust voluntary
cooperation and information-sharing --- they
only like 'cooperation' that they control. So
to behave like a hacker, you have to
develop an instinctive hostility to
censorship, secrecy, and the use of force or
deception to compel responsible adults.
And you have to be willing to act on that
belief.
5. Attitude is no substitute for
competence.
To be a hacker, you have to develop some
of these attitudes. But copping an attitude
alone won't make you a hacker, any more
than it will make you a champion athlete or
a rock star. Becoming a hacker will take
intelligence, practice, dedication, and hard
work.
Therefore, you have to learn to distrust
attitude and respect competence of every
kind. Hackers won't let posers waste their
time, but they worship competence ---
especially competence at hacking, but
competence at anything is good.
Competence at demanding skills that few
can master is especially good, and
competence at demanding skills that
involve mental acuteness, craft, and
concentration is best.
If you revere competence, you'll enjoy
developing it in yourself --- the hard work
and dedication will become a kind of
intense play rather than drudgery. That
attitude is vital to becoming a hacker.
Basic Hacking Skills
The hacker attitude is vital, but skills are
even more vital. Attitude is no substitute for
competence, and there's a certain basic
toolkit of skills which you have to have
before any hacker will dream of calling you
one.
This toolkit changes slowly over time as
technology creates new skills and makes
old ones obsolete. For example, it used to
include programming in machine language,
and didn't until recently involve HTML. But
right now it pretty clearly includes the
following:
1. Learn how to program.
This, of course, is the fundamental hacking
skill. If you don't know any computer
languages, I recommend starting with
Python. It is cleanly designed, well
documented, and relatively kind to
beginners. Despite being a good first
language, it is not just a toy; it is very
powerful and flexible and well suited for
large projects. I have written a more
detailed evaluation of Python. Good
tutorials are available at the Python web
site.
Java is also a good language for learning to
program in. It is more difficult than Python,
but produces faster code than Python. I
think it makes an excellent second
language.
But be aware that you won't reach the skill
level of a hacker or even merely a
programmer if you only know one or two
languages --- you need to learn how to
think about programming problems in a
general way, independent of any one
language. To be a real hacker, you need to
get to the point where you can learn a new
language in days by relating what's in the
manual to what you already know. This
means you should learn several very
different languages.
If you get into serious programming, you
will have to learn C, the core language of
Unix. C++ is very closely related to C; if you
know one, learning the other will not be
difficult. Neither language is a good one to
try learning as your first, however. And,
actually, the more you can avoid
programming in C the more productive you
will be.
C is very efficient, and very sparing of your
machine's resources. Unfortunately, C gets
that efficiency by requiring you to do a lot of
low-level management of resources (like
memory) by hand. All that low-level code is
complex and bug-prone, and will soak up
huge amounts of your time on debugging.
With today's machines as powerful as they
are, this is usually a bad tradeoff --- it's
smarter to use a language that uses the
machine's time less efficiently, but your time
much more efficiently. Thus, Python.
Other languages of particular importance to
hackers include Perl and LISP. Perl is worth
learning for practical reasons; it's very
widely used for active web pages and
system administration, so that even if you
never write Perl you should learn to read it.
Many people use Perl in the way I suggest
you should use Python, to avoid C
programming on jobs that don't require C's
machine efficiency. You will need to be able
to understand their code.
LISP is worth learning for a different reason
--- the profound enlightenment experience
you will have when you finally get it. That
experience will make you a better
programmer for the rest of your days, even
if you never actually use LISP itself a lot.
(You can get some beginning experience
with LISP fairly easily by writing and
modifying editing modes for the Emacs text
editor.)
It's best, actually, to learn all five of these
(Python, Java, C/C++, Perl, and LISP).
Besides being the most important hacking
languages, they represent very different
approaches to programming, and each will
educate you in valuable ways.
I can't give complete instructions on how to
learn to program here --- it's a complex skill.
But I can tell you that books and courses
won't do it (many, maybe most of the best
hackers are self-taught). You can learn
language features --- bits of knowledge ---
from books, but the mind-set that makes
that knowledge into living skill can be
learned only by practice and
apprenticeship. What will do it is (a) reading
code and (b) writing code.
Learning to program is like learning to write
good natural language. The best way to do
it is to read some stuff written by masters of
the form, write some things yourself, read a
lot more, write a little more, read a lot more,
write some more - and repeat until your
writing begins to develop the kind of
strength and economy you see in your
models.
Finding good code to read used to be hard,
because there were few large programs
available in source for fledgeling hackers to
read and tinker with. This has changed
dramatically; open-source software,
programming tools, and operating systems
(all built by hackers) are now widely
available. Which brings me neatly to our
next topic?
2. Get one of the open-source Unixes
and learn to use and run it.
I'm assuming you have a personal
computer or can get access to one (these
kids today have one (these kids today have
it so easy :-)). The single most important
step any newbie can take toward acquiring
hacker skills is to get a copy of Linux or one
of the BSD-Unixes, install it on a personal
machine, and run it.
Yes, there are other operating systems in
the world besides Unix. But they're
distributed in binary --- you can't read the
code, and you can't modify it. Trying to
learn to hack on a Microsoft Windows
machine or under MacOS or any other
closed-source system is like trying to learn
to dance while wearing a body cast.
Under OS/X it's possible, but only part of
the system is open source --- you're likely to
hit a lot of walls, and you have to be careful
not to develop the bad habit of depending
on Apple's proprietary code. If you
concentrate on the Unix under the hood you
can learn some useful things.
Unix is the operating system of the Internet.
While you can learn to use the Internet
without knowing Unix, you can't be an
Internet hacker without understanding Unix.
For this reason, the hacker culture today is
pretty strongly Unix-centered. (This wasn't
always true, and some old-time hackers still
aren't happy about it, but the symbiosis
between Unix and the Internet has become
strong enough that even Microsoft's muscle
doesn't seem able to seriously dent it.)
So, bring up a Unix --- I like Linux myself
but there are other ways (and yes, you can
run both Linux and Microsoft Windows on
the same machine). Learn it. Run it. Tinker
with it. Talk to the Internet with it. Read the
code. Modify the code. You'll get better
programming tools (including C, LISP,
Python, and Perl) than any Microsoft
operating system can dream of hosting,
you'll have fun, and you'll soak up more
knowledge than you realize you're learning
until you look back on it as a master hacker.
For more about learning Unix, see The
Loginataka. You might also want to have a
look at The Art Of Unix Programming.
To get your hands on a Linux, see the Linux
Online! site; you can download from there
or (better idea) find a local Linux user group
to help you with installation. From a new
user's point of view, all Linux distributions
are pretty much equivalent.
You can find BSD Unix help and resources
at www.bsd.org.
I have written a primer on the basics of Unix
and the Internet.
(Note: I don't really recommend installing
either Linux or BSD as a solo project if
you're a newbie. For Linux, find a local
Linux user's group and ask for help.)
3. Learn how to use the World Wide Web
and write HTML.
Most of the things the hacker culture has
built do their work out of sight, helping run
factories and offices and universities
without any obvious impact on how non-
hackers live. The Web is the one big
exception, the huge shiny hacker toy that
even politicians admit is changing the
world. For this reason alone (and a lot of
other good ones as well) you need to learn
how to work the Web.
This doesn't just mean learning how to drive
a browser (anyone can do that), but
learning how to write HTML, the Web's
markup language. If you don't know how to
program, writing HTML will teach you some
mental habits that will help you learn. So
build a home page. Try to stick to XHTML,
which is a cleaner language than classic
HTML. (There are good beginner tutorials
on the Web; here's one.)
But just having a home page isn't anywhere
near good enough to make you a hacker.
The Web is full of home pages. Most of
them are pointless, zero-content sludge ---
very snazzy-looking sludge, mind you, but
sludge all the same (for more on this see
The HTML Hell Page).
To be worthwhile, your page must have
content --- it must be interesting and/or
useful to other hackers. And that brings us
to the next topic?
4. If you don't have functional English,
learn it.
As an American and native English-speaker
myself, I have previously been reluctant to
suggest this, lest it be taken as a sort of
cultural imperialism. But several native
speakers of other languages have urged
me to point out that English is the working
language of the hacker culture and the
Internet, and that you will need to know it to
function in the hacker community.
This is very true. Back around 1991 I
learned that many hackers who have
English as a second language use it in
technical discussions even when they share
a birth tongue; it was reported to me at the
time that English has a richer technical
vocabulary than any other language and is
therefore simply a better tool for the job. For
similar reasons, translations of technical
books written in English are often
unsatisfactory (when they get done at all).
Linus Torvalds, a Finn, comments his code
in English (it apparently never occurred to
him to do otherwise). His fluency in English
has been an important factor in his ability to
recruit a worldwide community of
developers for Linux. It's an example worth
following.
Status in the Hacker Culture
Like most cultures without a money
economy, hackerdom runs on reputation.
You're trying to solve interesting problems,
but how interesting they are, and whether
your solutions are really good, is something
that only your technical peers or superiors
are normally equipped to judge.
Accordingly, when you play the hacker
game, you learn to keep score primarily by
what other hackers think of your skill (this is
why you aren't really a hacker until other
hackers consistently call you one). This fact
is obscured by the image of hacking as
solitary work; also by a hacker-cultural
taboo (now gradually decaying but still
potent) against admitting that ego or
external validation are involved in one's
motivation at all.
Specifically, hackerdom is what
anthropologists call a gift culture. You gain
status and reputation in it not by dominating
other people, nor by being beautiful, nor by
having things other people want, but rather
by giving things away. Specifically, by
giving away your time, your creativity, and
the results of your skill.
There are basically five kinds of things you
can do to be respected by hackers:
1. Write open-source software
The first (the most central and most
traditional) is to write programs that other
hackers think are fun or useful, and give the
program sources away to the whole hacker
culture to use.
(We used to call these works 'free
software', but this confused too many
people who weren't sure exactly what 'free'
were supposed to mean. Most of us, by at
least a 2:1 ratio according to web content
analysis, now prefer the term 'open-source'
software).
Hackerdom's most revered demigods are
people who have written large, capable
programs that met a widespread need and
given them away, so that now everyone
uses them.
2. Help test and debug open-source
software
They also serve who stand and debug
open-source software. In this imperfect
world, we will inevitably spend most of our
software development time in the
debugging phase. That's why any open-
source author who's thinking will tell you
that good beta-testers (who know how to
describe symptoms clearly, localize
problems well, can tolerate bugs in a
quickie release, and are willing to apply a
few simple diagnostic routines) are worth
their weight in rubies. Even one of these
can make the difference between a
debugging phase that's a protracted,
exhausting nightmare and one that's merely
a salutary nuisance.
If you're a newbie, try to find a program
under development that you're interested in
and be a good beta-tester. There's a natural
progression from helping test programs to
helping debug them to helping modify them.
You'll learn a lot this way, and generate
good karma with people who will help you
later on.
3. Publish useful information
Another good thing is to collect and filter
useful and interesting information into web
pages or documents like Frequently Asked
Questions (FAQ) lists, and make those
generally available.
Maintainers of major technical FAQs get
almost as much respect as open-source
authors.
4. Help keep the infrastructure working
The hacker culture (and the engineering
development of the Internet, for that matter)
is run by volunteers. There's a lot of
necessary but unglamorous work that
needs done to keep it going ---
administering mailing lists, moderating
newsgroups, maintaining large software
archive sites, developing RFCs and other
technical standards.
People who do this sort of thing well get a
lot of respect, because everybody knows
these jobs are huge time sinks and not as
much fun as playing with code. Doing them
shows dedication.
5. Serve the hacker culture itself
Finally, you can serve and propagate the
culture itself (by, for example, writing an
accurate primer on how to become a
hacker :-)). This is not something you'll be
positioned to do until positioned to do until
you've been around for while and become
well-known for one of the first four things.
The hacker culture doesn't have leaders,
exactly, but it does have culture heroes and
tribal elders and historians and
spokespeople. When you've been in the
trenches long enough, you may grow into
one of these. Beware: hackers distrust
blatant ego in their tribal elders, so visibly
reaching for this kind of fame is dangerous.
Rather than striving for it, you have to sort
of position yourself so it drops in your lap,
and then be modest and gracious about
your status.
The Hacker/Nerd Connection
Contrary to popular myth, you don't have to
be a nerd to be a hacker. It does help,
however, and many hackers are in fact
nerds. Being a social outcast helps you stay
concentrated on the really important things,
like thinking and hacking.
For this reason, many hackers have
adopted the label 'nerd' and even use the
harsher term 'geek' as a badge of pride ---
it's a way of declaring their independence
from normal social expectations. See The
Geek Page for extensive discussion.
If you can manage to concentrate enough
on hacking to be good at it and still have a
life, that's fine. This is a lot easier today
than it was when I was a newbie in the
1970s; mainstream culture is much
friendlier to techno-nerds now. There are
even growing numbers of people who
realize that hackers are often high-quality
lover and spouse material.
If you're attracted to hacking because you
don't have a life, that's OK too --- at least
you won't have trouble concentrating.
Maybe you'll get a life later on.
Points For Style
Again, to be a hacker, you have to enter the
hacker mindset. There are some things you
can do when you're not at a computer that
seem to help. They're not substitutes for
hacking (nothing is) but many hackers do
them, and feel that they connect in some
basic way with the essence of hacking.
• Learn to write your native language
well. Though it's a common
stereotype that programmers can't
write, a surprising number of hackers
(including all the most accomplished
ones I know of) are very able writers.
• Read science fiction. Go to science
fiction conventions (a good way to
meet hackers and proto-hackers).
• Study Zen, and/or take up martial
arts. (The mental discipline seems
similar in important ways.)
• Develop an analytical ear for music.
Learn to appreciate peculiar kinds of
music. Learn to play some musical
instrument well, or how to sing.
• Develop your appreciation of puns
and wordplay.
The more of these things you already do, The problem with screen names or handles
the more likely it is that you are natural deserves some amplification. Concealing
hacker material. Why these things in your identity behind a handle is a juvenile
particular is not completely clear, but they're and silly behavior characteristic of crackers,
connected with a mix of left- and right-brain warez d00dz, and other lower life forms.
skills that seems to be important; hackers Hackers don't do this; they're proud of what
need to be able to both reason logically and they do and want it associated with their
step outside the apparent logic of a problem real names. So if you have a handle, drop
at a moment's notice. it. In the hacker culture it will only mark you
as a loser.
Work as intensely as you play and play as
intensely as you work. For true hackers, the Tutorial by arjuna
boundaries between "play", "work",
"science" and "art" all tend to disappear, or
to merge into a high-level creative
playfulness. Also, don't be content with a
narrow range of skills. Though most
hackers self-describe as programmers, they
are very likely to be more than competent in
several related skills --- system
administration, web design, and PC
hardware troubleshooting are common
ones. A hacker who's a system
administrator, on the other hand, is likely to
be quite skilled at script programming and
web design. Hackers don't do things by
halves; if they invest in a skill at all, they
tend to get very good at it.

Finally, a few things not to do.

• don't use a silly, grandiose user ID or

screen name.
• don't get in flame wars on Usenet (or
anywhere else).
• don't call yourself a 'cyberpunk', and
don't waste your time on anybody
who does.
• don't post or email writing that's full
of spelling errors and bad grammar.

The only reputation you'll make doing any

of these things is as a twit. Hackers have
long memories --- it could take you years to
live your early blunders down enough to be
accepted.
Steps To Deface A
Webpage
First of all, I do not deface, I never have
(besides friends sites as jokes and all in
good fun), and never will. So how do I know
how to deface? I guess I just picked it up on
the way, so I am no expert in this. If I get a
thing or two wrong I apologize. It is pretty
simple when you think that defacing is just
replacing a file on a computer. Now, finding
the exploit in the first place, that takes skill,
that takes knowledge, which is what real
hackers are made of. I don't encourage that
you deface any sites, as this can be used
get credit cards, get passwords, get source
code, billing info, email databases, etc.. (it
is only right to put up some kind of warning.
now go have fun ;)
This tutorial will be broken down into 3 main
sections, they are as followed:
1. Finding Vuln Hosts.
2. Getting In.
3. Covering Your Tracks
It really is easy, and I will show you how
easy it is.
1. Finding Vuln Hosts
This section needs to be further broken
down into two categories of script kiddies:
ones who scan the net for a host that is
vuln to a certain exploit and ones who
search a certain site for any exploit. The
ones you see on alldas are the first kind,
they scan thousands of sites for a specific
exploit. They do not care who they hack,
anyone will do. They have no set target and
not much of a purpose. In my opinion these
people should either have a cause behind
what they are doing, ie. "I make sure people
keep up to date with security, I am a
messenger" or "I am spreading a political
message, I use defacements to get media
attention". People who deface to get
famous or to show off their skills need to
grow up and realize there is a better way of
going about this (not that I support the ones
with other reasons ether). Anyways, the two
kinds and what you need to know about
them:
Scanning Script Kiddie: You need to know
what signs of the hole are, is it a service? A
certain OS? A CGI file? How can you tell if
they are vuln? What version(s) are vuln?
You need to know how to search the net to
find targets which are running whatever is
vuln. Use altavista.com or google.com for
web based exploits. Using a script to scan
ip ranges for a certain port that runs the
vuln service. Or using netcraft.com to find
out what kind of server they are running
and what extras it runs (FrontPage, php,
etc..) nmap and other port scanners allow
quick scans of thousands of ips for open
ports. This is a favorite technique of those
guys you see with mass hacks on alldas.
Targeted Site Script Kiddie: More
respectable then the script kiddies who
hack any old site. The main step here is
gathering as much information about a site
as possible. Find out what OS they run at
netcraft or by using: telnet www.site.com 80
then GET / HTTP/1.1 Find out what
services they run by doing a port scan. Find
out the specifics on the services by
telnetting to them. Find any cgi script, or
other files which could allow access to the
server if exploited by checking /cgi /cgi-bin
and browsing around the site (remember to
index browse)
Wasn't so hard to get the info was it? It may
take awhile, but go through the site slowly
and get all the information you can.
2. Getting In
Now that we got the info on the site we can
find the exploit(s) we can use to get access.
If you were a scanning script kiddie you
would know the exploit ahead of time. A
couple of great places to look for exploits
are Security Focus and packetstorm. Once
you get the exploit check and make sure
that the exploit is for the same version as
the service, OS, script, etc.. Exploits mainly
come in two languages, the most used are
C and perl. Perl scripts will end in .pl or .cgi,
while C will end in .c To compile a C file (on
*nix systems) do gcc -o exploit12 file.c then:
./exploit12 For perl just do: chmod 700
file.pl (not really needed) then: perl file.pl. If
it is not a script it might be a very simple
exploit, or just a theory of a possible exploit.
Just do a little research into how to use it.
Another thing you need to check is weather
the exploit is remote or local. If it is local
you must have an account or physical
access to the computer. If it is remote you
can do it over a network (internet).
Don't go compiling exploits just yet, there is
one more important thing you need to know
Covering Your Tracks
So by now you have gotten the info on the
host in order to find an exploit that will allow
you to get access. So why not do it? The
problem with covering your tracks isn't that
it is hard, rather that it is unpredictable. just
because you killed the sys logging doesn't
mean that they don't have another logger or
IDS running somewhere else. (even on
another box). Since most script kiddies
don't know the skill of the admin they are
targeting they have no way of knowing if
they have additional loggers or what.
Instead the script kiddie makes it very hard
(next to impossible) for the admin to track
them down. Many use a stolen or second
isp account to begin with, so even if they
get tracked they won't get caught. If you
don't have the luxury of this then you MUST
use multiple wingates, shell accounts, or
trojans to bounce off of. Linking them
together will make it very hard for someone
to track you down. Logs on the wingates
and shells will most likely be erased after
like 2-7 days. That is if logs are kept at all. It
is hard enough to even get a hold of one
admin in a week, let alone further tracking
the script kiddie down to the next wingate or
shell and then getting a hold of that admin
all before the logs of any are erased. And it
is rare for an admin to even notice an
attack, even a smaller percent will actively
pursue the attacker at all and will just
secure their box and forget it ever
happened. For the sake of argument let’s
just say if you use wingates and shells,
don't do anything to piss the admin off too
much (which will get them to call authorities
or try to track you down) and you deleting
logs you will be safe. So how do you do it?
We will keep this very short and too the
point, so we'll need to get a few wingates.
Wingates by nature tend to change IPs or
shutdown all the time, so you need an
updated list or program to scan the net for
them. You can get a list of wingates that is
well updated at
http://www.cyberarmy.com/lists/wingate/
and you can also get a program called
winscan there. Now let’s say we have 3
wingates:
212.96.195.33 port 23
202.134.244.215 port 1080
203.87.131.9 port 23
to use them we go to telnet and connect to
them on port 23. we should get a response
like this:
CSM Proxy Server >
to connect to the next wingate we just type
in it's ip:port
CSM Proxy Server >202.134.244.215:1080
If you get an error it is most likely to be that
the proxy you are trying to connect to isn't
up, or that you need to login to the proxy. If
all goes well you will get the 3 chained
together and have a shell account you are
able to connect to. Once you are in your
shell account you can link shells together
by:
[j00@server j00]$ ssh 212.23.53.74
You can get free shells to work with until
you get some hacked shells, here is a list of
free shell accounts. And please remember
to sign up with false information and from a
wingate if possible.
SDF (freeshell.org) - http://sdf.lonestar.org
GREX (cyberspace.org) -
http://www.grex.org
NYX - http://www.nxy.net
ShellYeah - http://www.shellyeah.org
HOBBITON.org - http://www.hobbiton.org
FreeShells - http://www.freeshells.net
DucTape - http://www.ductape.net
Free.Net.Pl (Polish server) -
http://www.free.net.pl
XOX.pl (Polish server) - http://www.xox.pl
IProtection - http://www.iprotection.com
CORONUS - http://www.coronus.com
ODD.org - http://www.odd.org
MARMOSET - http://www.marmoset.net
flame.org - http://www.flame.org
freeshells - http://freeshells.net.pk
LinuxShell - http://www.linuxshell.org
takiweb - http://www.takiweb.com
FreePort - http://freeport.xenos.net
BSDSHELL - http://free.bsdshell.net
ROOTshell.be - http://www.rootshell.be
shellasylum.com -
http://www.shellasylum.com
Daforest - http://www.daforest.org
FreedomShell.com -
http://www.freedomshell.com
LuxAdmin - http://www.luxadmin.org
shellweb - http://shellweb.net
blekko - http://blekko.net
once you get on your last shell you can
compile the exploit, and you should be safe
from being tracked. But let’s be even surer
and delete the evidence that we were there.
Alright, there are a few things on the server
side that all script kiddies need to be aware
of. Mostly these are logs that you must
delete or edit. The real script kiddies might
even use a rootkit to automatically delete
the logs. Although lets assume you aren't
that lame. There are two main logging
daemons which I will cover, klogd which is
the kernel logs, and syslogd which is the
system logs. First step is to kill the
daemons so they don't log anymore of your
actions.
[root@hacked root]# ps -def | grep syslogd
[root@hacked root]# kill -9 pid_of_syslogd
in the first line we are finding the pid of the
syslogd, in the second we are killing the
daemon. You can also use /etc/syslog.pid
to find the pid of syslogd.
[root@hacked root]# ps -def | grep klogd
[root@hacked root]# kill -9 pid_of_klogd
Same thing happening here with klogd as
we did with syslogd.
now that killed the default loggers the script
kiddie needs to delete themself from the
logs. To find where syslogd puts it's logs
check the /etc/syslog.conf file. Of course if
you don't care if the admin knows you were
there you can delete the logs completely.
Let’s say you are the lamest of the script
kiddies, a defacer, the admin would know
that the box has been comprimised since
the website was defaced. So there is no
point in appending the logs, they would just
delete them. The reason we are appending
them is so that the admin will not even
know a break in has accord. I'll go over the
main reasons people break into a box:
To deface the website. - this is really lame,
since it has no point and just damages the
system.
To sniff for other network passwords. -
there are programs which allow you to sniff
other passwords sent from and to the box.
If this box is on an Ethernet network then
you can even sniff packets (which contain
passwords) that are destine to any box in
that segment.
To mount a DDoS attack. - another lame
reason, the admin has a high chance of
noticing that you comprimised him once you
start sending hundreds of Mobs through his
connection.
To mount another attack on a box. - this
and sniffing is the most commonly used, not
lame, reason for exploiting something.
Since you now how a root shell you can
mount your attack from this box instead of
those crappy freeshells. And you now have
control over the logging of the shell.
To get sensitive info. - some corporate
boxes have a lot of valuable info on them.
Credit card databases, source code for
software, user/password lists, and other top
secret info that a hacker may want to have.
To learn and have fun. - many people do it
for the thrill of hacking, and the knowledge
you gain. I don't see this as horrible a crime
as defacing. as long as you don't destroy
anything I don't think this is very bad. Infact
some people will even help the admin patch
the hole. Still illegal though, and best not to
break into anyone's box.
I'll go over the basic log files: utmp, wtmp,
lastlog, and .bash_history
These files are usually in /var/log/ but I
have heard of them being in /etc/ /usr/bin/
and other places. Since it is different on alot
of boxes it is best to just do a find / -iname
'utmp'|find / -iname 'wtmp'|find / -iname
'lastlog'. and also search threw the /usr/
/var/ and /etc/ directories for other logs.
Now for the explanation of these 3.
utmp is the log file for who is on the system,
I think you can see why this log should be
appended. Because you do not want to let
anyone know you are in the system. wtmp
logs the logins and logouts as well as other
info you want to keep away from the admin.
Should be appended to show that you
never logged in or out. and lastlog is a file
which keeps records of all logins. Your
shell's history is another file that keeps a
log of all the commands you issued, you
should look for it in your $ HOME directory
and edit it, .sh_history, .history, and
.bash_history are the common names. you
should only append these log files, not
delete them. if you delete them it will be like
holding a big sign infront of the admin
saying "You've been hacked". Newbie script
kiddies often deface and then rm -rf / to be
safe. I would avoid this unless you are
really freaking out. In this case I would
suggest that you never try to exploit a box
again. Another way to find log files is to run
a script to check for open files (and then
manually look at them to determine if they
are logs) or do a find for files which have
been editted, this command would be: find /
-ctime 0 -print
A few popular scripts which can hide your
presence from logs include: zap, clear and
cloak. Zap will replace your presence in the
logs with 0's, clear will clear the logs of your
presence, and cloak will replace your
presence with different information. acct-
cleaner is the only heavily used script in
deleting account logging from my
experience. Most rootkits have a log
cleaning script, and once you installed it
logs are not kept of you anyways. If you are
on NT the logs are at
C:\winNT\system32\LogFiles\, just delete
them, nt admins most likely don't check
them or don't know what it means if they
are deleted.
One final thing about covering your tracks, I
won't go to into detail about this because it
would require a tutorial all to itself. I am
talking about rootkits. What are rootkits?
They are a very widely used tool used to
cover your tracks once you get into a box.
They will make staying hidden painfree and
very easy. What they do is replace the
binaries like login, ps, and who to not show
your presence, ever. They will allow you to
login without a password, without being
logged by wtmp or lastlog and without even
being in the /etc/passwd file. They also
make commands like ps not show your
processes, so no one knows what
programs you are running. They send out
fake reports on netstat, ls, and w so that
everything looks the way it normally would,
except anything you do is missing. But
there are some flaws in rootkits, for one
some commands produce strange effects
because the binary was not made correctly.
They also leave fingerprints (ways to tell
that the file is from a rootkit). Only
smart/good admins check for rootkits, so
this isn't the biggest threat, but it should be
concidered. Rootkits that come with a LKM
(loadable kernel module) are usually the
best as they can pretty much make you
totally invisible to all others and most
admins wouldn't be able to tell they were
comprimised.
In writting this tutorial I have mixed feelings.
I do not want more script kiddies out their
scanning hundreds of sites for the next
exploit. And I don't want my name on any
shouts. I rather would like to have people
say "mmm, that defacing crap is pretty
lame" especially when people with no lives
scan for exploits everyday just to get their
name on a site for a few minutes. I feel alot
of people are learning everything but what
they need to know in order to break into
boxes. Maybe this tutorial cut to the chase
a little and helps people with some
knowledge see how simple it is and
hopefully make them see that getting into a
system is not all it's hyped up to be. It is not
by any means a full guide, I did not cover
alot of things. I hope admins found this
tutorial helpful as well, learning that no
matter what site you run you should always
keep on top of the latest exploits and patch
them. Protect yourself with IDS and try
finding holes on your own system (both with
vuln scanners and by hand). Also setting up
an external box to log is not a bad idea.
Admins should have also seen a little bit
into the mind of a script kiddie and learned
a few things he does.. this should help you
catch one if they break into your systems.
Tutorial by No-Z3r0
Maya Tips & Tricks choose the respective axis and select
Mirror. You can also opt to ‘Merge the
Vertices’ at this time. Rig This Low Poly
Do you 3D? If you are into 3D designing,
model, and keep checking the skinning
using your free time to mould nurbs and
results or the Outputs on the hiRes model
bones into creatures of imagination, or are
or the Smooth Proxy. Keeping them, the
just starting to enter the world of 3D
LowPoly and the HiPoly, on two different
animation and if Maya is your choice of tool,
layers is usually helpful in case of large
then this month's Tips & Tricks should give
scene files, and also when you have to edit
you some insight.
the vertices— the fewer the better.
To reduce clutter in the Channel box
Nurbs at render time
Select Object and then go to Window>
General Editor> Channel Control. Select
To get rid of the jagged edges at render
the channels that are of no use to your
time on your oh-so-smooth nurbs, go to
current object. Click on Move to transfer
Attribute Editor and drop down Tessellation.
them to the Non Keyable attributes. Also,
Check the Display Tessellation box and
look out for the NonKeyable attributes such
then increase the ‘Curvature Tolerance’ by
as Shear, Ghosting, etc, which you can
simply using the drop down menu. You can
transfer to the Keyable attributes using the
further increase the U and V divisions
Move button.
factor. You can also type in a higher value.
This increases the mesh count at render
time, thereby outputting smoother
To revert back to selections
geometry.
Go to Create> Sets> Quick Selection Sets
and name the selection. Next, go to Edit >
Smoothing weights
Quick Select Set or type in the name in the
sel box, on the status line. This comes in
It gets a bit unnerving to keep rotating the
handy when you have to revert back to
joints, or moving the IKs, each time, to
selected vertices in a very complex mesh.
check the influence of the joints and their
Use the Lasso tool or go to Edit > Paint
weights on your skinned character.
Selection Tool, to make Selections
Instead, simply animate the joints at their
extreme positions, Set one key at bind pose
at frame 0 and another key at any other
Things to remember while making
pose at frame 50 for instance. Now,
Polygonal Models
compare or adjust the weights as you scrub
along the timeline.
Keep A Check on Your Polygonal Count,
Go to Display> Heads Up Display> Poly
Count On to do so. Make a polygon smooth
Freezing joint orientation
proxy by going to Polygon > Smooth Proxy.
In case Of symmetrical characters or
Maya 5 lets you freeze the local joint
models, model only one Half, and when
rotation axes to match world space. To do
complete, mirror the other half. Do this by
so, go to Modify > Freeze Transformation
going to Polygon> Mirror Geometry. Here,
and turn on the Orient option. If this option
is turned off, the local joint rotation axes are
not affected by Freeze Transformation.
IK/FK blending
It lets you apply keyframe animation to
joints and also control them with Inverse
Kinematics( IK) animation. In addition to
blending IK and Forward Kinematics (FK)
animation over multiple frames, a blend can
occur over a single frame. Blending over a
single frame switches IK to FK or FK to IK
instantly.
Intensity curves and color curves
Use a custom brightness decay rate to
increase a spotlight's brightness, or a
custom color decay rate to change its color
with distance.
Intensity curves and color curves are
graphical representations of a light's
brightness and color with distance. Use the
graph editor (Windows > Animation Editor),
to view them.
The vertical axis represents the intensity or
color intensity value, and the horizontal axis
represents distance from the light source.
Intensity curves and color curves are similar
to animation curves, except that the
horizontal axis of an animation curve
represents time.
RampShader brightness
Use this Shader Type to create cartoon-
style shading with the help of a ramp with
stepped values. The right side of the ramp
shows the color output where the
brightness of the diffused and translucent
lighting is 1.0 or greater. The left side
displays the color with the brightness set to
zero.
WINDOWS XP.
OPERATING SYSTEM.
Clearing Document list
The Start menu, in Windows XP, has been
completely revamped and made extremely
customizable. If you want the Start menu to
display only certain applications, right click
in an empty section of the Start menu's left
column and select Properties > Start menu
> Customize. Then, go to the General tab,
click on Clear List, and set the counter to
zero. Now no one can keep track of the
programs or applications you've recently
used.
Speedup the Start menu
The Start menu takes quite a while to
display the list of programs installed. In
order to get Windows XP to display the list
faster, you will have to edit the registry
settings. To speed up your Start menu, go
to Start > Run and type regedit. This will
open the registry window. Then navigate to
the following key:
HKEY_CURRENT_USER\Control
Panel\Desktop. Scroll down in the right
panel and double-click on 'menu show
delay'. In the Value Data box, change the
default value for the menu speed from 400
to a lesser number, such as 1 or even 0.
Click OK. You should now find a significant
increase in the Start menu speed.
Note: Remember to back up your registry
before making any changes.
Switching users
Windows XP allows you to switch users,
without actually quitting programs and
logging off. To make use of this, go to Start
> Log off. You will be greeted with an option
of 'switching user' wherein another user can
log on without you having to quit your
programs.
Modifying visual settings
If you have only 128 MB RAM, your
machine might be a bit sluggish after
installing Windows XP. So to achieve
optimal performance without buying
additional RAM, disable certain visual
settings and free up some precious
memory. Go to the Control Panel > system
> Advanced, and click on the Settings
button under Performance. Change various
graphical effects, and ensure that the
animation and shadow options are
unchecked, as they tend to consume a lot
of memory. You should get a better
response from your operating system,
without spending any money on RAM.
Enabling/disabling Clear Type text
Microsoft has introduced a new technology
called 'Clear Type' with Windows XP.
However, it is not enabled by default. To
enable it, right click on a blank area of the
Desktop, and choose Properties. Click on
the Appearance Tab, and then click on
Effects. Check the 'Use following method to
smooth edges of screen fonts' option and
then choose as per your monitor. For
desktop monitors choose the 'Standard'
option, and for laptops and other flat screen
monitors, choose Clear Type. This option
improves the readability of large screen
fonts.
The 'Classic Look'
If you are not comfortable with the new look
of Windows XP, you can easily switch back
to the old classic Windows look. Right click
the desktop, select Properties, click the
Themes tab and choose Windows Classic
from the drop-down list. You will now have
the old Windows 2000 look.
Grouping/ungrouping taskbar items
Try opening more than three windows of
any program, such as Internet Explorer,
and you will see them automatically
grouped together under a single button.
This happens because Windows XP, by
default, enables the option of grouping
similar programs. To uncheck this option,
right click on a blank area of the Taskbar
and select Properties. Under Properties,
deselect 'Group Similar Taskbar Buttons',
and then click OK.
If you want to change the number of
windows that can be opened, without
grouping, you will have to change a registry
entry. Go to Start > Run and type regedit,
and press [Enter]. Navigate to the key to
KEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Explorer\Advanc
ed\Taskbar Groupsize. Right click on
'Taskbar Groupsize', and change the
hexadecimal value to whatever you like-for
example, 4, 5 or even 10. XP will now
group the programs according to the
number you set.
Hiding inactive icons
Windows XP automatically hides inactive
icons in the System Tray. If you so wish,
you can disable this option by right clicking
on the Taskbar, choosing Properties, and
disabling the 'Hide Inactive Icons' option.
You can specify the ones you would like to
be not hidden.
Disabling Automatic Windows Update
and System Restore
There are certain services, such as
Windows Update and System Restore,
which load automatically and occupy a lot
of space. If you want to disable them, right
click on My Computer and choose
Properties. Click on the System Restore tab
and check the box 'Turn off System
Restore'. This will increase Windows
performance and save disk space.
Just next to the 'System Restore' option,
you will find the 'Automatic Update' option.
This option will periodically ask you to
update the OS. You can go ahead and
disable this, but remember that you will
have to update Windows manually after
applying this option, and there will be no
further reminders.
Change the picture on the welcome
screen
Want to add your own picture in the Startup
menu? Go to Start > Control Panel > User
account and click on the user name. There
you will see an option to change the picture
on the welcome screen. On clicking it, you
will see an option from which you can select
the picture already present or you can
browse to the folder where you've saved
your photograph.
How to prevent Windows Messenger
from running on a Windows XP-based
computer
Use the Group Policy (gpedit.msc) snap-in
to turn on the Do not allow Windows
Messenger to be run option.
Notes
To use the Group Policy snap-in, you
must be logged on to the computer using
• an account that has administrator
permissions.
This method prevents programs that use
the Messenger APIs from using Windows
Messenger. Microsoft Outlook 2002,
Microsoft Outlook Express 6, and the
•
Remote Assistance feature in Windows
XP are examples of programs that use
these APIs and that depend on Windows
Messenger.
To turn on the Do not allow Windows
Messenger to be run option, follow these
steps:
Click Start, click Run, type gpedit.msc,
1. and then click OK.
In Group Policy, expand Local
Computer Policy, expand Computer
Configuration, expand Administrative
2. Templates, expand Windows
Components, and then expand
Windows Messenger.
Double-click Do not allow Windows
Messenger to be run, and then click
3.
Enabled.
Click OK.
4.
On the File menu, click Exit to quit the
5.
Group Policy snap-in.
Monitors (CRT/LCD)
One of the most 'visible' piece of computer
peripheral which helps you visualize what
you are doing with your computer is the
Monitor. This month we answer some of the
most common queries about it, which you
may have at the back of your mind since a
long time.
1) I see a dot on the LCD screen that is
different in colour from the rest?
This dot is a dead pixel. Normally, dead
pixels emit the colour in whose mode they
get stuck, or appear black. Up to three dead
pixels are permitted when performing an
LCD quality check—more than that calls for
a monitor rejection.
2) My graphics card manual says that it can
go up to 1,600 x 1,200 pixels, but I can’t
select a resolution over 1,024 x 768. Why is
this so?
The native resolution supported by a 15-
inch LCD monitor is 1,024 x 768 pixels.
Hence, though the graphics card is capable
of delivering a resolution of 1,600 x 1,200
pixels, the monitor cannot do so.
3) I see two faint horizontal lines on my
monitor—is this a defect?
Monitors using the aperture-grille
technology, have multiple vertical wires of
0.25 mm in diameter. Two horizontal wires
keep these vertical wires aligned. It’s the
shadow of these that you see on the
monitor. Frankly, there’s nothing you can do
about it, since they’re an integral part of the
technology.
4) Why does my monitor flicker? How do I
solve it?
This may be due to incorrect video or
monitor drivers. Also, the refresh rate might
be too low; set it to 75 Hz.
5) My monitor does not reproduce colours.
Check the connector-pins for any damage.
Make sure that there are no electronic
devices—speakers for example—near the
monitor. Degauss the monitor at least once
a month. If this doesn’t work, relocate the
display. Also, use it with another PC to
further isolate the problem.
6) My screen is tilted? How do I correct it?
Use the onscreen-display menu to correct
the problem. If this does not help, check
whether you are using the correct version of
the video-card driver; also, try using
different resolutions. Connect the display to
another PC to check if the problem persists.
7) I can’t sync my monitor?
Check whether the D-sub connector is
properly plugged in to the graphic card.
Also make sure that no pins in the
connector are damaged. Install the latest
graphics card drivers. This ensures a
correct resolution and frequency
adjustment. Don’t set a refresh rate that
your card can’t support.
8) Why don’t images and text appear
smooth on my LCD monitor?
You’ve chosen a resolution that distorts the
aspect ratio, and then used the adjustment
function to force-fit the screen. This makes
images and text look crooked. Always run
an LCD monitor at its native resolution as
suggested by the manufacturer.
 9) My LCD monitor displays a scrolling
screen. Help!
Check whether the cable is connected
properly to the video card. Use the monitor
with another system. This helps you
ascertain whether the fault lies with the
display card or the display itself. Also,
remember to specify the correct resolution
and refresh rate for the monitor.
10) How do I get rid of image persistence?
Burn-in, or image persistence, is more of a
CRT-specific problem, and is not
permanent for LCDs. Keeping the panel
powered down for about 15 minutes will
solve the problem.
Digital Cameras FAQ
Do all digital cameras suffer from
shutter lag?
It is true that digital cameras do suffer from
shutter lag. Shutter lag is the time in
between clicking the shutter button and the
picture actually being taken. Once the
button is pressed digital cameras get to
work setting the focus, white balance and
exposure time. They also need to charge
up the CCD. The end result, a brief pause
before the picture is taken can be very
annoying and can prove to be the
difference between a great picture and a
missed opportunity. As with most things in
the world of digital cameras shutter lag
times are decreasing as the technology
evolves. In fact in higher spec digital
cameras shutter lag has almost been
eliminated. It won't be a problem with the
majority of pictures that you take, but it is
something to be aware of.
How can I tell which digital cameras
allow playback through my television?
Not all digital cameras allow playback
through your television. When you are
reading specifications for digital cameras
look out for ones that have "video out"
under interfaces.
What is the best image manipulation
software for images taken with digital
cameras?
The market leader is Adobe Photoshop.
This remarkable piece of software will let
you do almost anything with an image.
Before you rush off and buy Adobe
Photoshop there are two things that you
need to consider. First it is aimed at digital
photographers who are looking for serious
image manipulation. This gives Adobe
Photoshop a fairly big learning curve and
there are plenty of books and courses
dedicated to helping you get the most from
the package. Secondly it doesn't come
cheap. A guide price is £500-550.
There are a couple of very good
alternatives to Adobe Photoshop for those
of you who are looking for more general
image manipulation. One is Adobe
Photoshop's little brother Adobe Photoshop
Elements, priced at around £65-70. The
other is Paint Shop Pro which you can pick
up for under £40. I have used this package
myself and it does everything that I've ever
wanted to do with an image.
Cheaper still are products like Kai's Photo
Factory. You shouldn't have to pay more
than £15 and it gives you some useful
image manipulation tools.
Digital cameras seem to have lots of
features that I'll never understand. They
must be difficult to use.
It's true that digital cameras, particularly at
the higher end of the market do have some
pretty amazing features. It is also true that
these will really only be of use to serious
photographers who want to experiment with
their digital cameras and want to learn and
use all that their camera has to offer. Even
then digital cameras come with a fully
automatic mode that will allow you to use it
in a similar way to a traditional point and
shoot camera. The important point to
remember here is that feature rich digital
cameras also cost a lot of money. If you are
not planning to make use of all the available
features then I would suggest that you buy
a model with a smaller feature set and save
yourself a lot of money. You will find that
digital cameras that are more basic in the
functionality that they offer are also more
easy to use.
How much is a good printer to print
photographs taken with digital cameras?
If you are looking to print good quality
photographs taken with digital cameras
then you need to by a special photo printer.
A standard inkjet printer isn't quite up to the
job, so you need to buy a specialised inkjet
or bubblejet printer. You can find a photo
printer for under £100, but you basically get
what you pay for. If you are looking for
acceptable quality prints then you are
looking at paying £300 plus. It all depends
on just how much quality you are looking
for. Even then to get the best results you
need to use coated photographic paper.
This can prove to me quite expensive. If
you are not planning to print that many
pictures then I would advise you to consider
having your photographs printed by a
professional printing services company.
Otherwise it begins to get hard to justify
paying out for the printer itself. Ink refills
also add to the price.
If you are more dedicated to your
photography and are looking for a higher
standard print than is available from the
inkjet or bubblejet range, then you can buy
a dye sublimation printer. These are a clear
step up in terms of print quality, but there is
also a clear step up to pay as well. Dye
sublimation printers start off in the £400-
500 range.
Don't forget though that using digital
cameras gives a whole new slant on
photography. The ability to view images on
your computer and television screens
means that it is less important to have your
photographs printed. Therefore you are
likely to need less prints then you would
have with traditional 35mm photography.
Some digital cameras use Smart Media
and some use Compact Flash. What's
the difference?
Smart Media and Compact Flash are both
memory cards. Smart Media has been with
us for about as long as digital cameras
themselves. More recently we have seen
the rise of Compact Flash. Smart Media is
used primarily in Fuji and Olympus digital
cameras. The majority of the remainder of
the market utilised Compact Flash cards.
The growth in megapixels that digital
cameras can use has caused a big problem
for Smart Media. The increase in the
number of megapixels has meant that
digital cameras produce larger images.
These larger images then need more
storage space. That is why a while ago an 8
or 16mb memory card was sufficient
certainly for consumer digital cameras. The
problem with Smart Media technology is
that the maximum size that a Smart Media
Card can be is 128mb. Compact Flash
cards do not suffer from the same
limitations. Over the next few years it looks
as if Smart Media cards will take more and
more of a back seat. If you already have
Smart Media cards this isn't really a
problem. As far as storage goes they are a
perfectly acceptable medium. The only
problem is their lack of capacity.
How many pixels do digital cameras
need to produce good quality 6x4
prints?
It depends on just how pin sharp you want
the image. Two megapixel digital cameras
will produce very good 6x4 prints, but if you
are looking for exceptional quality then you
will be better off looking at 3 megapixel
digital cameras. Likewise with 8x11 prints.
Three megapixel digital cameras will
produce very good prints, but if you are
looking for exceptional quality then you
need to step up to 4 megapixel digital
cameras.
Can I get pictures taken by digital
cameras printed professionally?
If you don't want to have the expense of
buying a dedicated photo printer or you just
like the idea of having prints made for you
then there are services that you can use to
have your prints made. Most camera stores
will be more than happy to take your
images and provide you with prints. There
are also Internet based companies where
you can send your images to and receive a
set of prints back through the post. The
main disadvantage of having your prints
made by a camera store is that people
need to transfer the images from their
digital cameras to their computers and then
download the images onto floppy disks or
burn them to a CD. If you use an Internet
service, once the images have been
transferred from digital cameras to a
computer it is quite easy to send them to
the online printing services. One of the
biggest advantages of having prints made
of photographs taken with digital cameras is
that you can select the images that you like
the best before you send them off for
printing.
What are compression modes?
Digital cameras use different compression
modes to store images. If you use high or
fine or super fine etc. compression modes
then the image produced will be much
sharper. Pictures taken at a high resolution
will also take up more room on the storage
card. Therefore if you are using digital
cameras with relatively small storage cards
then they will soon become full if you are
shooting at a high resolution.
Are digital cameras under £200 worth
the money?
It all depends on what you are looking to
get out of using digital cameras. Digital
cameras have really come down in price
and some of those available for under £200
are very good cameras indeed. In fact there
are digital cameras on the market for under
£100 that will do a very good job if you are
looking for a camera that will take good
quality snap shots and is easy to use.
Why are some memory cards cheaper
than others?
Higher priced memory cards have a higher
speed rating. This means that the picture is
written to the card faster and the digital
camera becomes ready to take the next
shot quicker. This is really only an issue for
anyone using digital cameras and wanting
to shoot a number of pictures very quickly.
It is also felt that the faster memory cards
are of a little higher quality.
I have seen effective pixels referred to
on specifications for digital cameras.
What does this mean?
Not all the pixels that are on a digital
camera's CCD can be used when the
photograph is taken. Some fall outside the
range of the lens and some are painted
black to help with colour balance. Therefore
it is the number of effective pixels that
people need to look out for when buying
digital cameras.
I have a 35mm SLR camera. There
seems far less choice with SLR digital
cameras.
It's true that SLR digital cameras are few
and far between all though this too is
changing. They are also expensive, but
recent additions to the range have caused a
real price breakthrough. There is no need to
despair though as the group of digital
cameras known as "Prosumer" carry the
same advanced features as most 35mm
SLR cameras. Check out this range of
digital cameras before you buy.
What is Digital Zoom?
Digital zoom causes digital cameras to
zoom in on the centre section of an image.
The centre area will then look bigger, but
the same number of pixels are used. This
means that the quality of the image is
reduced. If a zoom lens is important to you
then make sure that you look out for digital
cameras that come with an optical zoom.
Digital cameras with optical zooms will
produce images of a far higher quality.
Do all digital cameras offer a movie
mode?
No. Not all digital cameras come with a
movie mode or though it is fast becoming a
common feature. You may also find that
some digital cameras at the very top of the
range don't offer a movie mode either. Also
don't be fooled into thinking that the movies
that digital cameras take will be up to the
standard of your digicam. At the lower end
of the digital cameras market you can find
that the movies are shot in black and white.
There are certainly a good number of digital
cameras where you can't record sound
when you shoot the movie. Movie time also
varies between digital cameras. At the
lower end of the market you normally get
around 15 seconds. The higher end hits the
three minute mark. The way that I would
look at it is that the primary function of
digital cameras is to take great still pictures
and short movies that you can shoot are
very much a bonus. Watch out as well.
Shooting even very short movies can drain
the batteries very quickly.
Do you need a card reader to upload
images from digital cameras?
You don't necessarily need a card ready to
upload images taken by digital cameras.
Digital cameras come with a lead that will
connect them to the PC and you can upload
your pictures through that cable. Some
people do experience difficulties from time
to time uploading their images using this
method. A card reader simplifies the
process by creating another drive on your
computer and from there it is relatively
straight forward to transfer your images
from the card to the PC.
Juiced Ships For
Playstation 2, Xbox, And
PC
THQ Inc. today announced the release of
the high-octane street racer Juiced for the
PlayStation 2 computer entertainment
system, the Xbox video game system from
Microsoft and Windows PC. The highly-
anticipated release of Juiced delivers an all-
encompassing street racing experience,
bringing the culture of street racing to life
through game-play elements like betting
and earning respect, while also featuring an
extensive modification system in which
gamers and gear-heads alike can build
entire fleets of tricked-out racing machines.
Drivers can get to work under the hood for
a suggested retail price of $49.99 on
PlayStation 2 and Xbox and $39.99 on
Windows PC.
"Spending the time to fine-tune key game-
play elements and further develop features
such as crew racing, pink slip racing and
online play has resulted in one of the top
street racing games available," said Philip
Holt, senior vice president, product
development, THQ. "We are extremely
pleased with the well-rounded racing
experience Juice Games has delivered and
look forward to continuing to advance
THQ's position in the street racing genre."
Juiced will fully immerse players in the
lifestyle and culture of the street racing
scene where they will show off racing skills,
earn respect from different crew chiefs and
bet against them for cash. Earning cash
and respect will ultimately unlock more than
50 real cars with over 100 real after-market
cosmetic and performance mods for a total
of 7.5 trillion car customization possibilities.
As a racer's notoriety grows, new drivers
will approach them to join the team,
opening up never-before-seen 'crew races'
where the player's ability to manage a crew
of drivers is key to beating rival crews.
The game will also offer a full on-line
feature set, including 6 player races, crew
races, world leader boards and crew and
pink-slip competitions, where someone will
lose the car they worked to customize.
Red Mile Entertainment to
Publish Heroes of the
Pacific For Playstation 2,
Xbox, And PC
Red Mile Entertainment, Inc., a worldwide
developer and publisher of interactive
entertainment software, today announced
that it has acquired the rights to publish the
flight combat game Heroes of the Pacific.
Developed by Australia-based developer IR
Gurus, the game will release for the
PlayStation 2 computer entertainment
system, the Xbox video game and
entertainment system from Microsoft and
PC in the fall of 2005.
Beginning with the attack on Pearl Harbor,
this aerial combat game puts players in the
middle of some of the most intense aerial
conflicts in WWII's Pacific Theater. For the
first time players will experience the epic
scope of the battles, placing hundreds of
planes on the screen in a single
confrontation.
The game unfolds through 10 campaigns
(26 missions) taken from real events of
WWII's Pacific campaign, including battles
over Midway Island, the Coral Sea, Iwo
Jima and Guadalcanal. With more than 35
WWII aircraft, including all major U.S. and
Japanese models, players can pilot a
variety of aircraft that were integral to the
war effort in the Pacific including the
Grumman F4F Wildcat and F6F Hellcat, the
Douglas SBD Dauntless, the Curtiss P-40
Warhawk and the Chance-Vought F4U
Corsair. Planes are also upgradeable,
which gives players access to a total of
more than 80 planes.
"Heroes of the Pacific generated a great
deal of excitement when it was showcased
at E3 this year, and we are excited to
feature this game in our initial launch
lineup," said Chester Aldridge, CEO of Red
Mile Entertainment. "This game delivers a
fast-action flight combat experience that
encompasses all the drama, realism and
intensity that players would expect from a
WWII battle."
In Heroes of the Pacific, players will live the
enormity of the battle and recreate actual
acts of heroism as up to 150 planes, each
with full AI and physics attributes. The skies
come alive as highly detailed (15,000+
polygons) fighters, dive bombers, torpedo
bombers and experimental planes take part
in fierce fighting.
Players reenact this compelling and
dramatic aerial campaign in six game
modes -- Campaign, Instant Action, Single
Mission, Historical, Training and
Multiplayer, which is playable in split-
screen, LAN multiplayer or in online
multiplayer for up to eight players on
console and PC. In the single-player game,
missions can include up to 4 wingmen, all
controllable through an innovative, fast-
access menu system. Daring missions that
involve ground attacks and support, escort,
defense, patrol, torpedo and dive-bombing
take place in highly realistic environments.
Players can even relive the action in
cinematic replays.
Heroes of the Pacific is scheduled to ship in
the fall of 2005. For more information on the
game, visit the website at
http://www.heroesofthepacific.com.
Falcon 4.0: Allied Force -
Airbase Operations
One of the aims of Lead Pursuit is to deliver
a fully realistic working environment of
airbase operations, and Falcon 4.0: Allied
Force moves us much closer to that goal.
The controllers in the tower have a huge
responsibility to safely schedule the arrivals
and departures of expensive aircraft vital to
the war effort.
As in real world airspace, the airports and
carriers are the busiest areas for aircraft
and with the exception of the Forward Line
of Troops (FLOT), they are the areas of
highest risk to individuals and hardware. A
single pilot error or wrecked aircraft on the
runway can render the airbase closed for
hours. So intelligent management of flights
in and out of the base – and around it too -
is essential. In these development notes,
Mike Laskey walks us through airbase
operations.
With AI routines, players tend to notice very
quickly when things aren't working quite
right. The aim of our ATC focal area was to
deliver subtle AI that you don't notice. We'll
begin with some of the primary
improvements:
Advanced ATC awareness of the
approach and departure queues. The
controllers in the tower are ever watchful,
and have a good understanding about
aircraft separation. For example, if a large
transport aircraft is waiting on the taxiway
ready to depart with an F-16 on final
approach, ATC assesses carefully the
position of the F-16 before giving the
transport aircraft clearance onto the
runway. The transport will be held in the
"hold short" position until the F-16 touches
down. At that point, ATC will clear the
transport onto the runway. ATC will grant
takeoff clearance once the conditions are
safe for the transport aircraft to depart. v In
some circumstances where ATC
determines a backlog of aircraft to depart,
additional time buffers are introduced
between each arriving aircraft to allow the
departure backlog to clear. Airbase
operations can be extremely busy – it's a
difficult balancing act for the busy virtual
controllers living inside the battlefield!
One important area of the ATC is
supporting pilots as they limp back to base
with wounded birds. We wanted to give
pilots every good chance of making it back
to base, whether they choose to divert to a
closer airfield or struggle back home. In our
product, we are excited to allow players and
AI aircraft to participate in airbase stacking.
More on this later.

Calling an emergency dramatically
increases the workload of the ATC
controllers and adds additional risk to other
aircraft as they are expected to remain
airborne for longer. Therefore, ATC does
not approve of "hoax" emergency landings
or landings without permission. All pilots are
expected to operate within the rules and
penalties are dealt out to pilots who do not
comply.
Airbases in Falcon 4.0: Allied Force can at
times be tremendously busy. The
"TowerCam" puts you right into the
controller's seat and allows you to watch
and zoom in on any of the aircraft around
the airbase. It's fun to buzz the tower with
the low altitude fly-by, replicating a great
scene from a classic air combat movie.
Falcon 4.0: Allied Force supports two-ship
formation take-offs for player and AI
controlled aircraft. Only fighters can utilise
this privilege and only when carrying air-to-
air ordnance.
We've added a new controller's voice to
provide full support for the Balkans theater
of operations and a bunch of new radio
calls. For example, ATC will now assign
departure headings and warn you about
traffic conflicts.
STACKING
As we've already mentioned, one important
feature is "stacking". This is an assigned
area close to the airfield where aircraft are
held in an "airborne queueing"
arrangement, while ATC deals with an
emergency. The act of a pilot calling an
emergency landing is enough for ATC to
divert other aircraft that are already in the
pattern, into the stack instead. Typically
those that are on final approach and not too
far from landing are permitted to continue
their approach. But where other aircraft
already in the pattern and those attempting
to join the pattern are considered a conflict,
then one or more aircraft will be diverted
into the stack. Whenever ATC is stacking
aircraft, ATC will give a new heading and a
new altitude above the standard landing
pattern. This considerably adds to the
immersion factor, making the player feel
even more that they are part of a living
battlefield environment.
Once you reach the stack, ATC will order
you to orbit and will confirm your assigned
altitude. Each aircraft in the stack is
separated vertically by 1,000 feet and
stacking operates on a first-in first-out
basis. Those arriving later are placed on the
top of the stack. Once the emergency is
over (hopefully the aircraft in trouble landed
safely!), ATC will empty the stack from the
bottom.
One by one, ATC will call the aircraft at the
bottom onto the base leg to start its
approach, and as that aircraft leaves the
stack, ATC will order each pilot remaining
to reduce altitude by 1,000 feet. Note that
until the stack is completely empty, any new
aircraft attempting to join the pattern will
continue to be added to the stack.
On a playability note, during stacking, it's
vital for the safety of fellow pilots to
maintain the altitude they have been
assigned to by ATC, to avoid collisions.
Should the pilot find himself stacking and
short of fuel, he or she must make the
problem heard and call an emergency. This
is about the only other situation where
calling an emergency is legitimate though.
LANDING HELP
After leaving the stack, the pilot will be
given bearings and directions to land. Of
course, successfully landing is critical, but it
is far from the easiest of experiences.
That's why we've developed a "landing
tutor" to help ease to process of bringing
the bird home safely.
A series of rectangular indicators showing
the path to the active runway are drawn in
the sky. This pathway consists of four
distinct sections: the base leg, the turn to
finals, the 3° descent onto the runway and
the flare. As the distance decreases
between the indicators and the runway, the
rectangles become smaller and smaller to
emphasise the increased importance of
accurately following the glidepath.
The landing help system also teaches
speed control which trains the player to
land in a timely fashion without flying too
quickly nor too slowly. This is conveyed
visually by gradually changing the colour of
the pathway indicators. At the correct
speed, the pathway indicators will be
coloured black. As the aircraft slows to
below the expected speed, the indicators
will begin to turn blue to let the player know
that the speed should be increased slightly.
If the pilot fails to respond appropriately, the
indicators will turn more blue. It is likely in
this case that the pilot will either fall short of
the runway, or risk interrupting traffic that
might be landing behind him. Conversely, if
the aircraft velocity is too fast, the indicators
will gradually turn to red, and the pilot is
likely to overshoot the runway or interrupt
aircraft scheduled to land ahead of him.
During final approach, the player should
aim to fly directly through the centre of the
indicators with the flightpath marker
positioned at the base of the runway. Within
two hundred feet of the runway, an on-
screen text description prompts the pilot to
commence the flare. At this point, the
pathway indicators no longer represent a 3
degree descent but instead level out more
to help visualise this concept. At the start of
this phase, the indicators are likely to
change to red to inform the player to reduce
the speed of the aircraft. The pilot should
reduce throttle and pull back on the stick to
flare the aircraft smoothly onto the runway.
After touchdown, an assessment of the
landing is displayed to the pilot. To
enable/disable this feature, press ALT-H.
The aircraft must be flying in order to turn
the landing help on, and it is automatically
disabled once the aircraft comes to a stop.
Batman Begins
Shake off those cobwebs. There's a new
Batman in town, and he's younger, fiercer
and klutzier than before. What do you want
from a rookie? The Caped Crusader that
Christian Bale plays so potently in Batman
Begins is still working out the kinks. He
nearly gives himself a wedgie scaling a
building in a self-designed Batsuit that
weighs a stylish ton. Director Christopher
Nolan, who wrote the script with David
Goyer, shows us a Batman caught in the
act of inventing himself. Nolan is caught,
too, in the act of deconstructing the Batman
myth while still delivering the dazzle to
justify a $150 million budget. It's schizo
entertainment. But credit Nolan for trying to
do the impossible in a summer epic: take us
somewhere we haven't been before.
This stripped-down prequel grounds the
story in reality. If Tim Burton lifted the DC
Comics franchise to gothic splendor and
Joel Schumacher buried it in campy overkill
(a Batsuit with nipples), then Nolan -- the
mind-teasing whiz behind Memento and
Insomnia -- gets credit for resurrecting
Batman as Bruce Wayne, a screwed-up
rich kid with no clue about how to avenge
the murders of his parents.
Batman Begins answers a long-standing
question about Bruce the tycoon playboy --
a Paris Hilton with balls as previously
played by Michael Keaton, Val Kilmer and
George Clooney -- by showing us what he
was doing before he put on his Bat drag,
accessorized with lethal toys and learned to
kill like a vigilante.
If you expect Batman to flap his cape the
second you sit down with your popcorn,
snap out of it. Nolan wants us to know the
real Bruce. At age eight, Master Wayne
(Gus Lewis) falls into a well filled with bats
and freaks out. The bats represent his
deepest fear. Bruce later dumps Princeton
and his virginal Rachel (Katie Holmes --
OK, Tom Cruise, start raving) and heads for
the Himalayas to toughen up. He's tossed
into prison and is rescued by Ducard (Liam
Neeson, with a funny accent), who ninja-
trains him. Ducard is a member of the
League of Shadows, led by evil genius Ra's
Al Ghul (Ken Watanabe).
Seven years pass, and Bruce is still Bruce.
Back in Gotham, he learns from the family
butler, Alfred (Michael Caine purrs with
warmth and humor), that he's been
declared dead and that the CEO (Rutger
Hauer) has taken over Wayne Enterprises.
To get it back, Bruce teams up with Lucius
Fox (a wily Morgan Freeman), a company
scientist who specializes in military body
armor (think Batsuit) and designs a car that
looks like a tank (think Batmobile). That's
when Bruce asks Lucius if the car comes in
black. Fans can now feel free to go batty.
The buildup is steadily engrossing. That's Der Untergang
because Nolan keeps the emphasis on
character, not gadgets. Gotham looks lived
in, not art-directed. And Bale, calling on our
movie memories of him as a wounded child
(Empire of the Sun) and an adult menace
(American Psycho), creates a vulnerable
hero of flesh, blood and haunted fire.
Bruce's blood may be too hot for Rachel,
now an assistant DA. She fumes when
Bruce frolics with seminaked models. Look,
honey, a secret identity takes work.

Also known as "Downfall, The Downfall:

Hitler and the End of the Third Reich
(USA),
The Bat earns his wings soon enough. He
Der Untergang - Hitler und das Ende des
enlists an honest cop, soon-to-be
3. Reichs"
commissioner Gordon (a goodie Gary
Oldman -- huh?) to help him rid Gotham of
Running Time: 150 minutes
Carmine Falcone (overhammed by Tom
Wilkinson), a crime lord with connections to
Drama, War
the Waynes' murders. Like any movie with
a surfeit of villains, none of them stick.
During the Third Reich, a state propaganda
Cillian Murphy comes closest as Dr.
machine had saturated the German people
Jonathan Crane, a skinny shrink they call
with a vision of their Führer as a
Scarecrow when he puts a burlap bag on
romanticised folk hero and loving father of
his head. Each person sees his own worst
the nation - so when Adolf Hitler and the
fears come to life when they gaze at the
Reich came to an end in 1945 and
bag. The low-budget headgear is typical of
Germany was waking up to the grim reality
a movie that succeeds best when it hews to
of what had happened in the name of
the rule of less is more. Beginner's luck
National Socialism, it no longer seemed
evaporates when Nolan ends with a tricked-
appropriate for Hitler's image to be
out car chase and a doomsday plot about a
projected in the dreamhouse of cinema.
poisoned water supply. Nolan's too good for
While he has been analysed by academics,
Bat business as usual. His secret for
exposed by documentarians, and argued
making Batman fly is as basic as black:
over by historians, Hitler has remained a
Keep it real.
taboo topic for German feature films - and
until the release of 'Downfall' in 2004, the
last time the man had been portrayed in not just the bunker itself, filmed with
German cinema was a staggering forty suffocating tightness, but also the
eight years earlier, in G.W. Pabst's 'Der inescapable grip which Nazism held over
Letzte Akt'. the German people, caught between testing
"I make so many mistakes when I dictate", their loyalty to its self-destructive limits, or
Hitler (Bruno Ganz) tells Traudl Junge paying the lethal price for their treachery. In
(Alexandra Maria Lara) in the 1942 opening this way, the twelve years of Hitler's
of 'Downfall'. The context is innocent dictatorship are compressed into the twelve
enough - he is interviewing the young intense days at their end, as a country finds
woman for a post as his private secretary - itself straining under the inhuman logic of its
but the irony of the dictator's words own guiding ideology.
reverberates through the rest of the film, set
three years later during his final days in the
bunker beneath the German Chancellery,
as he ignores all good advice and military
reality, blames his own failings on everyone
else, brooks no dissent and wilfully
condemns his own populace to
unnecessary (if sometimes willing) death.

There is enough incident and character in

the many narrative strands of 'Downfall' to
fill a film twice the length - but at its
concrete core is a contrast between the
downfall of a society ruled by perverse
disorder, and the beginnings of a new
Germany. Hitler and Goebbels (Ulrich
Matthes) have come to believe their own
propaganda - but others like Speer (Heino
Woven from 'Until the Final Hour' (2001), an
Ferch) are starting to face the truth and
eyewitness account of Hitler's last days by
secretly ignore Hitler's commands. Doctors
Traudl Junge herself, and from 'Inside
devote their time to preparing poisons and
Hitler's Bunker' (2002), the best-selling
assisting suicides, and there is a chilling
book by Berlin historian Joachim Fest, the
reference to the illegal experiments
rich detail of Bernd Eichinger's screenplay
performed by an SS medic - but other
brings the studied feel of a documentary to
doctors like Schenck (Christian Berkel) risk
the film - and in one sequence, the
their own lives to help the sick and the
notorious photo of Hitler's final public
wounded, and reject both suicides and
appearance, pinning medals on a parade of
executions as madness. Goebbels' wife
young children in military uniform, is
Magda (Corinna Harfouch), declared by
painstakingly reconstructed and brought to
Hitler to be Germany's most courageous
life.
mother, kills her own children one by one,
and Hitler himself, the 'father' of the nation,
At the same time, director Oliver
mercilessly wills the annihilation of all
Hirschbiegel brings from his previous film
Germany - yet the film's final sequence, in
'Das Experiment' (2001) a mood of
which Traudl and a young boy elude the
claustrophobia and entrapment that suits
advancing Red Army by posing as mother
and son, promises the return of more
normal family relations. Lastly there is
Traudl herself, an "enthusiastic Nazi" by her
own admission (in the voice-over which
book-ends the film), who now looks upon
her younger self ("this child") with a mixture
of anger, contempt and disbelief, and
struggles, like Germany, to forgive herself.

'Downfall' is difficult, deadly serious, and at

times painful to watch - but most of all it is
adult, coming to terms with the past as any
adult should.

It's Got: Simply extraordinary

performances, especially from Bruno Ganz
as Hitler; scenes of Berlin under
bombardment from the Russians, all filmed
in St Petersburg (the Russian city in fact
bombarded in the Second World War by the
Germans); a documentary-like attention to
historical fact and period detail coupled with
a stifling sense of claustrophobia; and a
chilling scene of infanticide that is almost
too painfully real to watch, and yet
encapsulates perfectly the perversion of
Nazism.

It Needs: Not to be seen by anyone looking

for a fun night out.
Massage Pen
Smooth-writing executive pen with vibrating
contoured tip. Pinpoint relief anytime,
anywhere with the textured acupressure
head. Excalibur Research Labs have
scored a major breakthrough in instant
stress relief. Using ancient holistic
techniques derived from the Far East,
Excalibur Electronics can now bring to you
the comfort of massage in the ultimate
portable package of the Massage Pen.
Easy to use. Instant relief from muscle
soreness, pain & discomfort. Uses ancient
arts of reflexology to help find relief from
numerous ailments, aches and pains.
Package dimensions: 7" x 4-7/8" x 1-1/2".
Samsung D720
The D720 has it all. As smartphones are
becoming more popular, Samsung has
released their D720 to compete. One of the
key features includes the use of the
Symbian Series 60 operating system to
help enforce the slogan of this phone,
‘smarter than the average.’ This phone also
includes a 1.3 mega pixel camera and
integrated 64mb of memory. All standard
cell phone options still apply: Bluetooth,
web browsing, messaging, video playback,
java, and even an mp3 player with dual
speaker output.
Shuttle XPC SN25P
Shuttle XPC SN25P’s size of the case is
bigger in size allowing for better airflow and
easier access inside. The motherboard
uses the nForce4 Ultra chipset and has
everything you would need already
integrated, including 7.1 audio. One of the
best new features is an external clear
CMOS button.
Flybook A33i
The link between the PDA and the
notebook is getting even closer with the
Flybook. The Flybook weighs in at 2.6
pounds, will have a 1.1-GHz Pentium M
“Dothan” chipset and up to 512MB of RAM.
Bluetooth, SM card slot, and built in WiFi
capabilities are also included. It is available
in multiple different colors and prices begin
at $2,000.
Nokia 770 Internet Tablet
It features a 64MB TI 1710 OMAP ARM
mini-PC. It is powered by Debian Linux
v2.6. It has no mobile phone inside, so it
relies on Bluetooth v1.2 and WiFi (802.11b)
support to connect to the Internet either
through your home WiFi router or via your
Bluetooth compatible mobile phone. It
features a massive 4.13" diagonal, 800x480
pixel display, browsing and email should be
quite comfortable. In addition it also
features the Opera web browser and the
built-in email client, a RSS newsreader,
Internet radio, various media players, a
PDF viewer, and Flash v6 compatibility. A
user installable software upgrade will
introduce Voice Over IP (VOIP) and Instant
Messaging to the mix. It has 64MB of DDR
RAM, and 128MB of internal FLASH
memory, of which about 64MB should be
available to the user. Storage can be
augmented by inserting a RS-MMC
memory card. It will be priced at approx
$350.
Darth Vader Episode III Helmet Replica x 11-inches x 21-inches. Sadly this is a
limited Edition of 1,000 pieces worldwide,
which means once they gone, they gone.

Mio 269 GPS/MP3 Player

Star Wars fans take Star Wars films very

seriously. Target is selling the Darth Vader
Episode III Replica Helmet. This fiberglass
cast replica comes with a display stand and
plaque and according to the description "is
molded from the same CAD-generated
master pattern used for "Revenge of the
Sith." You can also wear this helmet
comfortably (foam blocks and all) which
truly makes this the ultimate Star Wars
accessory.

AT-AT Imperial Walker Replica from The

Empire Strikes Back
You remember the AT-AT toy from "The
Empire Strikes Back" that you had as a kid,
right? It was the toy to have, around two
feet tall and had a cargo bay large enough
to stuff all your action figures into. Well this
is comprised of over 230 separate parts,
legs made from solid, high-strength thermo-
plastics and die-cast metal for long-term
durability. Approximate model dimensions
23-inches x 9-inches x 19-inches; display
case measures approximately 27-inches L
The Mio 269, which we will probably never
see on these shores, is a cool little device.
It’s a portable 2.5GB device with GPS
mapping and an MP3 player for rocking out
to the tunes while you get lost in New
Jersey. It also includes 32MB flash ROM, a
3.5-inch LCD, and 300MHz processor. Best
of all, it has a 4.5 hour battery that allows
for portable GPSing.
Creative Zen Vision PMP 12 minutes of crystal clear audio, so you
don't forget any important pieces of
information. A nice touch for a secret agent
or any one who aspires to be one.

iZon Bluetooth MP3/FM Radio/Mobile

Headset w/128 MB SD Card

The new Zen Vision PMP holds 30GB and

uses a non-Windows Portable Media
Center OS. It is a definite improvement over
the original PMC-120. Interestingly it
supports MPEG4, WMV, DivX, and XviD as
well as a CF card slot for updates. It has a
3.7-inch TFT-LCD and weighs in at 8
ounces,

James Bond Stealth Camera

With this cool iZon Headphone device, you

get MP3 playback, an FM Radio, a
Bluetooth Mobile headset, and Bluetooth
Audio Streaming - all in a single package!
This iZon MP3 Headset is compliant with
Bluetooth 1.1, has a built-in microphone for
use with mobile phones, features an
SD/MMC memory card slot with a 128 MB
SD memory card included, and has a user
interface display on its LCD. This one-
There is finally a hi-tech gadget from Q's piece, neckband, headphone style fits very
laboratory that can be had by the masses comfortably on your head.
who are not fortunate enough to carry a
license to kill. This inconspicuous Zippo
look-alike actually contains a digital camera
capable of holding over 300 images. The
JB1 uses ST Micro technology to capture
highly detailed images with incredibly small
file sizes thanks to LiteSync technology that
allows you to take clear images in
fluorescent lighting without using a flash. It
can even capture video clips & record up to
Pro Viewer 1.3 Mega Digital Binocular
Camera W/LCD

BANNED IN SOME SPORTS ARENAS!

Snap 1.3 mega pixel photos with a digital
binocular camera so powerful you can see Digital Spy Camera Pen
a license plate 3 football fields away. Then
view it on a full color LCD screen. It
features a Binocular lenses with 8X zoom
power, 1.5" full color, flip up LCD screen. It
has a 8MB of capable memory is built-in,
memory is upgradeable with Smart Disc.

Motorola IMfree Wireless Personal

Instant Messenger

Free up the family computer without putting

a stop to the fun of instant messaging with
this Motorola IMfree Personal Instant
Messenger. This portable, convenient Work your secret spy mojo with the
IMfree device allows Instant Messengers to incredibly normal-looking Digital Camera
roam almost anywhere around the house - Spy Pen. It has 2MB of built-in memory &
up to 150 feet from an Internet-connected stores up to 36, 160 x 120 pixel images. It
PC and base station! With this Motorola has a voice function audibly which tells the
IMfree Personal Instant Messenger Kit, the user number of pictures taken.
family computer is available for the family
once again, and the kids don't have to miss
a single LOL or OMG moment!