A computer virus that has been spreading around the world for months is set to come alive Wednesday.
Experts have struggled to tackle it, and they do not know who controls it or why it was created. But on Wednesday the virus, dubbed Conficker, will "call home" to its creator to seek new instructions. No one knows what will happen next.
"The biggest mystery about Conficker is why? What exactly is it that these bad guys are planning to do with it?" said Mikko Hypponen of the Finnish computer security company F-Secure.
In the past year, the virus has spread to computers in schools, hospitals and government departments. It has got into the defense forces of Britain, Germany and France, grounding the French Navy's fighter jets for a time.
Microsoft has offered $250,000 for information about Conficker's creator. An alliance of leading computer security experts and Internet governance groups has been set up to help to deal with the problem.
All about Chinese Cyber Spying
In what possibly can be termed one of the biggest cyber espionage incident, computer systems of as many as 103 countries including Indian embassy in Washington, have been compromised. Over the past two years, the vast electronic spying operation from China has infiltrated over 1295 computers and stolen hundreds of sensitive government documents from around the world. The operation was incidentally unearthed by a group of researchers from the University of Toronto-based Monk Centre for International Studies. Here's all about the sinister operation which seems to be a part of the growing cyber warfare attacks. |
| Biggest-ever | |||
| |||
| The Ghost behind | |||
| |||
| Targets | |||||
| |||||
| Modus operandi | |||
| |||
| Damage | |||
| |||
| Chinese government hand | |||
| |||
| The crack | |||
| |||
Teenage whizz-kid hacker gets a straight job
Wellington - A New Zealand teenage whizz-kid who admitted developing software that infected a million computers around the world has been hired by telecommunications company TelstraClear to advise companies how to avoid hackers.
Owen Walker, 19, who was tracked down by the United States Federal Bureau of Investigation, is advising on “botnets” - networks of computers infected by malicious software - TelstraClear spokesman Chris Mirams told Radio New Zealand on Wednesday.Walker admitted when he appeared in court in July to being part of what the FBI called “an elite international botnet coding group” that caused chaos around the world, including shutting down the entire network of 50,000 computers at the University of Pennsylvania.
A judge discharged Walker, who was at high school at the time, without penalty, saying he had not acted with criminal intent and a conviction could jeopardize his potentially outstanding future.
Walker had turned down numerous job offers from companies around the world and said he wanted to be the next Bill Gates, the New Zealand Press Association reported.
Report: Smart-grid hackers could cause blackouts
Deployments of smart grids should be slowed until security vulnerabilities are addressed, according to some cybersecurity experts, citing tests showing that a hacker can cause a major blackout after breaking into a smart-grid system.
The idea behind smart grids, a burgeoning energy sector in which even Google is playing a role, is that automated meters and two-way power consumption data can be used to improve the efficiency and reliability of an electrical system's power distribution. A washing machine in a household hooked up to a smart meter, for instance, could be set up to run only at lower-cost, off-peak hours, and a home sporting solar panels could give power back to the grid.
Through the U.S. economic-stimulus package, the Department of Energy is set to invest US$4.5 billion in smart-grid technology. And while many utilities are embracing the initiative by installing smart meters in millions of homes nationwide, security experts and others caution that the technology may not be ready for prime time. According to a CNN report published last week:
"I don't think the sky is falling," William Sanders, principal investigator for the National Science Foundation Cyber Trust Center on Trustworthy Cyber Infrastructure for the Power Grid, told CNN. "I don't think we should stop deployment until we have it all worked out. But we have to be vigilant and address security issues in the smart grid early on."
The idea behind smart grids, a burgeoning energy sector in which even Google is playing a role, is that automated meters and two-way power consumption data can be used to improve the efficiency and reliability of an electrical system's power distribution. A washing machine in a household hooked up to a smart meter, for instance, could be set up to run only at lower-cost, off-peak hours, and a home sporting solar panels could give power back to the grid.
Through the U.S. economic-stimulus package, the Department of Energy is set to invest US$4.5 billion in smart-grid technology. And while many utilities are embracing the initiative by installing smart meters in millions of homes nationwide, security experts and others caution that the technology may not be ready for prime time. According to a CNN report published last week:
Cybersecurity experts said some types of meters can be hacked, as can other points in the smart grid's communications systems. IOActive, a professional security services firm, determined that an attacker with US$500 of equipment and materials, and a background in electronics and software engineering, could "take command and control of the (advanced meter infrastructure), allowing for the en masse manipulation of service to homes and businesses."Industry regulators and industry executives earlier this month echoed concerns to Congress about rapid smart-grid deployments, cautioning that a lack of industry standards for security, reliability, data sharing, and privacy could result in government money wasted on proprietary smart-grid technologies that are not interoperable with each other and that are destined to soon become obsolete.
Experts said that once in the system, a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.
"Industry is working to make meters more secure. They have done a good job," said Joe Weiss, an expert on utility control systems.
Still, experts like Skoudis recommended that smart-grid deployment be slowed until security vulnerabilities are addressed. Otherwise, he said, smart-grid equipment deployed now may have to be replaced later.
"Before we go rushing headstrong into a Smart Grid concept, we have to make sure that we take care of business, in this case cybersecurity," he said.
"I don't think the sky is falling," William Sanders, principal investigator for the National Science Foundation Cyber Trust Center on Trustworthy Cyber Infrastructure for the Power Grid, told CNN. "I don't think we should stop deployment until we have it all worked out. But we have to be vigilant and address security issues in the smart grid early on."
A Novice's Guide to Hacking
+++++++++++++++++++++++++++++++++++++++++++++++++
| The LOD/H Presents |
++++++++++++++++ ++++++++++++++++
\ A Novice's Guide to Hacking- 1989 edition /
\ ========================================= /
\ by /
\ The Mentor /
\ Legion of Doom/Legion of Hackers /
\ /
\ December, 1988 /
\ Merry Christmas Everyone! /
\+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/
**********************************************************************
| The author hereby grants permission to reproduce, redistribute, |
| or include this file in your g-file section, electronic or print |
| newletter, or any other form of transmission that you choose, as |
| long as it is kept intact and whole, with no ommissions, delet- |
| ions, or changes. (C) The Mentor- Phoenix Project Productions |
| 1988,1989 XXX/XXX-XXXX |
**********************************************************************
Introduction: The State of the Hack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After surveying a rather large g-file collection, my attention was drawn to
the fact that there hasn't been a good introductory file written for absolute
beginners since back when Mark Tabas was cranking them out (and almost
*everyone* was a beginner!) The Arts of Hacking and Phreaking have changed
radically since that time, and as the 90's approach, the hack/phreak community
has recovered from the Summer '87 busts (just like it recovered from the Fall
'85 busts, and like it will always recover from attempts to shut it down), and
the progressive media (from Reality Hackers magazine to William Gibson and
Bruce Sterling's cyberpunk fables of hackerdom) is starting to take notice
of us for the first time in recent years in a positive light.
Unfortunately, it has also gotten more dangerous since the early 80's.
Phone cops have more resources, more awareness, and more intelligence that they
exhibited in the past. It is becoming more and more difficult to survive as
a hacker long enough to become skilled in the art. To this end this file
is dedicated . If it can help someone get started, and help them survive
to discover new systems and new information, it will have served it's purpose,
and served as a partial repayment to all the people who helped me out when I
was a beginner.
Contents
~~~~~~~~
This file will be divided into four parts:
Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety
Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,
Outdials, Network Servers, Private PADs
Part 3: Identifying a Computer, How to Hack In, Operating System
Defaults
Part 4: Conclusion- Final Thoughts, Books to Read, Boards to Call,
Acknowledgements
Part One: The Basics
~~~~~~~~~~~~~~~~~~~~
As long as there have been computers, there have been hackers. In the 50's
at the Massachusets Institute of Technology (MIT), students devoted much time
and energy to ingenious exploration of the computers. Rules and the law were
disregarded in their pursuit for the 'hack'. Just as they were enthralled with
their pursuit of information, so are we. The thrill of the hack is not in
breaking the law, it's in the pursuit and capture of knowledge.
To this end, let me contribute my suggestions for guidelines to follow to
ensure that not only you stay out of trouble, but you pursue your craft without
damaging the computers you hack into or the companies who own them.
I. Do not intentionally damage *any* system.
II. Do not alter any system files other than ones needed to ensure your
escape from detection and your future access (Trojan Horses, Altering
Logs, and the like are all necessary to your survival for as long as
possible.)
III. Do not leave your (or anyone else's) real name, real handle, or real
phone number on any system that you access illegally. They *can* and
will track you down from your handle!
IV. Be careful who you share information with. Feds are getting trickier.
Generally, if you don't know their voice phone number, name, and
occupation or haven't spoken with them voice on non-info trading
conversations, be wary.
V. Do not leave your real phone number to anyone you don't know. This
includes logging on boards, no matter how k-rad they seem. If you
don't know the sysop, leave a note telling some trustworthy people
that will validate you.
VI. Do not hack government computers. Yes, there are government systems
that are safe to hack, but they are few and far between. And the
government has inifitely more time and resources to track you down than
a company who has to make a profit and justify expenses.
VII. Don't use codes unless there is *NO* way around it (you don't have a
local telenet or tymnet outdial and can't connect to anything 800...)
You use codes long enough, you will get caught. Period.
VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law.
It doesn't hurt to store everything encrypted on your hard disk, or
keep your notes buried in the backyard or in the trunk of your car.
You may feel a little funny, but you'll feel a lot funnier when you
when you meet Bruno, your transvestite cellmate who axed his family to
death.
IX. Watch what you post on boards. Most of the really great hackers in the
country post *nothing* about the system they're currently working
except in the broadest sense (I'm working on a UNIX, or a COSMOS, or
something generic. Not "I'm hacking into General Electric's Voice Mail
System" or something inane and revealing like that.)
X. Don't be afraid to ask questions. That's what more experienced hackers
are for. Don't expect *everything* you ask to be answered, though.
There are some things (LMOS, for instance) that a begining hacker
shouldn't mess with. You'll either get caught, or screw it up for
others, or both.
XI. Finally, you have to actually hack. You can hang out on boards all you
want, and you can read all the text files in the world, but until you
actually start doing it, you'll never know what it's all about. There's
no thrill quite the same as getting into your first system (well, ok,
I can think of a couple of bigger thrills, but you get the picture.)
One of the safest places to start your hacking career is on a computer
system belonging to a college. University computers have notoriously lax
security, and are more used to hackers, as every college computer depart-
ment has one or two, so are less likely to press charges if you should
be detected. But the odds of them detecting you and having the personel to
committ to tracking you down are slim as long as you aren't destructive.
If you are already a college student, this is ideal, as you can legally
explore your computer system to your heart's desire, then go out and look
for similar systems that you can penetrate with confidence, as you're already
familar with them.
So if you just want to get your feet wet, call your local college. Many of
them will provide accounts for local residents at a nominal (under $20) charge.
Finally, if you get caught, stay quiet until you get a lawyer. Don't vol-
unteer any information, no matter what kind of 'deals' they offer you.
Nothing is binding unless you make the deal through your lawyer, so you might
as well shut up and wait.
Part Two: Networks
~~~~~~~~~~~~~~~~~~
The best place to begin hacking (other than a college) is on one of the
bigger networks such as Telenet. Why? First, there is a wide variety of
computers to choose from, from small Micro-Vaxen to huge Crays. Second, the
networks are fairly well documented. It's easier to find someone who can help
you with a problem off of Telenet than it is to find assistance concerning your
local college computer or high school machine. Third, the networks are safer.
Because of the enormous number of calls that are fielded every day by the big
networks, it is not financially practical to keep track of where every call and
connection are made from. It is also very easy to disguise your location using
the network, which makes your hobby much more secure.
Telenet has more computers hooked to it than any other system in the world
once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,
DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of
which you can connect to from your terminal.
The first step that you need to take is to identify your local dialup port.
This is done by dialing 1-800-424-9494 (1200 7E1) and connecting. It will
spout some garbage at you and then you'll get a prompt saying 'TERMINAL='.
This is your terminal type. If you have vt100 emulation, type it in now. Or
just hit return and it will default to dumb terminal mode.
You'll now get a prompt that looks like a @. From here, type @c mail
and then it will ask for a Username. Enter 'phones' for the username. When it
asks for a password, enter 'phones' again. From this point, it is menu
driven. Use this to locate your local dialup, and call it back locally. If
you don't have a local dialup, then use whatever means you wish to connect to
one long distance (more on this later.)
When you call your local dialup, you will once again go through the
TERMINAL= stuff, and once again you'll be presented with a @. This prompt lets
you know you are connected to a Telenet PAD. PAD stands for either Packet
Assembler/Disassembler (if you talk to an engineer), or Public Access Device
(if you talk to Telenet's marketing people.) The first description is more
correct.
Telenet works by taking the data you enter in on the PAD you dialed into,
bundling it into a 128 byte chunk (normally... this can be changed), and then
transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who
then takes the data and hands it down to whatever computer or system it's
connected to. Basically, the PAD allows two computers that have different baud
rates or communication protocols to communicate with each other over a long
distance. Sometimes you'll notice a time lag in the remote machines response.
This is called PAD Delay, and is to be expected when you're sending data
through several different links.
What do you do with this PAD? You use it to connect to remote computer
systems by typing 'C' for connect and then the Network User Address (NUA) of
the system you want to go to.
An NUA takes the form of 031103130002520
\___/\___/\___/
| | |
| | |____ network address
| |_________ area prefix
|______________ DNIC
This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)
according to their country and network name.
DNIC Network Name Country DNIC Network Name Country
_______________________________________________________________________________
|
02041 Datanet 1 Netherlands | 03110 Telenet USA
02062 DCS Belgium | 03340 Telepac Mexico
02080 Transpac France | 03400 UDTS-Curacau Curacau
02284 Telepac Switzerland | 04251 Isranet Israel
02322 Datex-P Austria | 04401 DDX-P Japan
02329 Radaus Austria | 04408 Venus-P Japan
02342 PSS UK | 04501 Dacom-Net South Korea
02382 Datapak Denmark | 04542 Intelpak Singapore
02402 Datapak Sweden | 05052 Austpac Australia
02405 Telepak Sweden | 05053 Midas Australia
02442 Finpak Finland | 05252 Telepac Hong Kong
02624 Datex-P West Germany | 05301 Pacnet New Zealand
02704 Luxpac Luxembourg | 06550 Saponet South Africa
02724 Eirpak Ireland | 07240 Interdata Brazil
03020 Datapac Canada | 07241 Renpac Brazil
03028 Infogram Canada | 09000 Dialnet USA
03103 ITT/UDTS USA | 07421 Dompac French Guiana
03106 Tymnet USA |
There are two ways to find interesting addresses to connect to. The first
and easiest way is to obtain a copy of the LOD/H Telenet Directory from the
LOD/H Technical Journal #4 or 2600 Magazine. Jester Sluggo also put out a good
list of non-US addresses in Phrack Inc. Newsletter Issue 21. These files will
tell you the NUA, whether it will accept collect calls or not, what type of
computer system it is (if known) and who it belongs to (also if known.)
The second method of locating interesting addresses is to scan for them
manually. On Telenet, you do not have to enter the 03110 DNIC to connect to a
Telenet host. So if you saw that 031104120006140 had a VAX on it you wanted to
look at, you could type @c 412 614 (0's can be ignored most of the time.)
If this node allows collect billed connections, it will say 412 614
CONNECTED and then you'll possibly get an identifying header or just a
Username: prompt. If it doesn't allow collect connections, it will give you a
message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to
the right, and return you to the @ prompt.
There are two primary ways to get around the REFUSED COLLECT message. The
first is to use a Network User Id (NUI) to connect. An NUI is a username/pw
combination that acts like a charge account on Telenet. To collect to node
412 614 with NUI junk4248, password 525332, I'd type the following:
@c 412 614,junk4248,525332 <---- the 525332 will *not* be echoed to the
screen. The problem with NUI's is that they're hard to come by unless you're
a good social engineer with a thorough knowledge of Telenet (in which case
you probably aren't reading this section), or you have someone who can
provide you with them.
The second way to connect is to use a private PAD, either through an X.25
PAD or through something like Netlink off of a Prime computer (more on these
two below.)
The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area
Code that the computer is located in (i.e. 713 xxx would be a computer in
Houston, Texas.) If there's a particular area you're interested in, (say,
New York City 914), you could begin by typing @c 914 001 . If it connects,
you make a note of it and go on to 914 002. You do this until you've found
some interesting systems to play with.
Not all systems are on a simple xxx yyy address. Some go out to four or
five digits (914 2354), and some have decimal or numeric extensions
(422 121A = 422 121.01). You have to play with them, and you never know what
you're going to find. To fully scan out a prefix would take ten million
attempts per prefix. For example, if I want to scan 512 completely, I'd have
to start with 512 00000.00 and go through 512 00000.99, then increment the
address by 1 and try 512 00001.00 through 512 00001.99. A lot of scanning.
There are plenty of neat computers to play with in a 3-digit scan, however,
so don't go berserk with the extensions.
Sometimes you'll attempt to connect and it will just be sitting there after
one or two minutes. In this case, you want to abort the connect attempt by
sending a hard break (this varies with different term programs, on Procomm,
it's ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.
If you connect to a computer and wish to disconnect, you can type @
and you it should say TELENET and then give you the @ prompt. From there,
type D to disconnect or CONT to re-connect and continue your session
uninterrupted.
Outdials, Network Servers, and PADs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In addition to computers, an NUA may connect you to several other things.
One of the most useful is the outdial. An outdial is nothing more than a modem
you can get to over telenet- similar to the PC Pursuit concept, except that
these don't have passwords on them most of the time.
When you connect, you will get a message like 'Hayes 1200 baud outdial,
Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established
on Modem 5588'. The best way to figure out the commands on these is to
type ? or H or HELP- this will get you all the information that you need to
use one.
Safety tip here- when you are hacking *any* system through a phone dialup,
always use an outdial or a diverter, especially if it is a local phone number
to you. More people get popped hacking on local computers than you can
imagine, Intra-LATA calls are the easiest things in the world to trace inexp-
ensively.
Another nice trick you can do with an outdial is use the redial or macro
function that many of them have. First thing you do when you connect is to
invoke the 'Redial Last Number' facility. This will dial the last number used,
which will be the one the person using it before you typed. Write down the
number, as no one would be calling a number without a computer on it. This
is a good way to find new systems to hack. Also, on a VENTEL modem, type 'D'
for Display and it will display the five numbers stored as macros in the
modem's memory.
There are also different types of servers for remote Local Area Networks
(LAN) that have many machine all over the office or the nation connected to
them. I'll discuss identifying these later in the computer ID section.
And finally, you may connect to something that says 'X.25 Communication
PAD' and then some more stuff, followed by a new @ prompt. This is a PAD
just like the one you are on, except that all attempted connections are billed
to the PAD, allowing you to connect to those nodes who earlier refused collect
connections.
This also has the added bonus of confusing where you are connecting from.
When a packet is transmitted from PAD to PAD, it contains a header that has
the location you're calling from. For instance, when you first connected
to Telenet, it might have said 212 44A CONNECTED if you called from the 212
area code. This means you were calling PAD number 44A in the 212 area.
That 21244A will be sent out in the header of all packets leaving the PAD.
Once you connect to a private PAD, however, all the packets going out
from *it* will have it's address on them, not yours. This can be a valuable
buffer between yourself and detection.
Phone Scanning
~~~~~~~~~~~~~~
Finally, there's the time-honored method of computer hunting that was made
famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie
Wargames. You pick a three digit phone prefix in your area and dial every
number from 0000 --> 9999 in that prefix, making a note of all the carriers
you find. There is software available to do this for nearly every computer
in the world, so you don't have to do it by hand.
Part Three: I've Found a Computer, Now What?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This next section is applicable universally. It doesn't matter how you
found this computer, it could be through a network, or it could be from
carrier scanning your High School's phone prefix, you've got this prompt
this prompt, what the hell is it?
I'm *NOT* going to attempt to tell you what to do once you're inside of
any of these operating systems. Each one is worth several G-files in its
own right. I'm going to tell you how to identify and recognize certain
OpSystems, how to approach hacking into them, and how to deal with something
that you've never seen before and have know idea what it is.
VMS- The VAX computer is made by Digital Equipment Corporation (DEC),
and runs the VMS (Virtual Memory System) operating system.
VMS is characterized by the 'Username:' prompt. It will not tell
you if you've entered a valid username or not, and will disconnect
you after three bad login attempts. It also keeps track of all
failed login attempts and informs the owner of the account next time
s/he logs in how many bad login attempts were made on the account.
It is one of the most secure operating systems around from the
outside, but once you're in there are many things that you can do
to circumvent system security. The VAX also has the best set of
help files in the world. Just type HELP and read to your heart's
content.
Common Accounts/Defaults: [username: password [[,password]] ]
SYSTEM: OPERATOR or MANAGER or SYSTEM or SYSLIB
OPERATOR: OPERATOR
SYSTEST: UETP
SYSMAINT: SYSMAINT or SERVICE or DIGITAL
FIELD: FIELD or SERVICE
GUEST: GUEST or unpassworded
DEMO: DEMO or unpassworded
DECNET: DECNET
DEC-10- An earlier line of DEC computer equipment, running the TOPS-10
operating system. These machines are recognized by their
'.' prompt. The DEC-10/20 series are remarkably hacker-friendly,
allowing you to enter several important commands without ever
logging into the system. Accounts are in the format [xxx,yyy] where
xxx and yyy are integers. You can get a listing of the accounts and
the process names of everyone on the system before logging in with
the command .systat (for SYstem STATus). If you seen an account
that reads [234,1001] BOB JONES, it might be wise to try BOB or
JONES or both for a password on this account. To login, you type
.login xxx,yyy and then type the password when prompted for it.
The system will allow you unlimited tries at an account, and does
not keep records of bad login attempts. It will also inform you
if the UIC you're trying (UIC = User Identification Code, 1,2 for
example) is bad.
Common Accounts/Defaults:
1,2: SYSLIB or OPERATOR or MANAGER
2,7: MAINTAIN
5,30: GAMES
UNIX- There are dozens of different machines out there that run UNIX.
While some might argue it isn't the best operating system in the
world, it is certainly the most widely used. A UNIX system will
usually have a prompt like 'login:' in lower case. UNIX also
will give you unlimited shots at logging in (in most cases), and
there is usually no log kept of bad attempts.
Common Accounts/Defaults: (note that some systems are case
sensitive, so use lower case as a general rule. Also, many times
the accounts will be unpassworded, you'll just drop right in!)
root: root
admin: admin
sysadmin: sysadmin or admin
unix: unix
uucp: uucp
rje: rje
guest: guest
demo: demo
daemon: daemon
sysbin: sysbin
Prime- Prime computer company's mainframe running the Primos operating
system. The are easy to spot, as the greet you with
'Primecon 18.23.05' or the like, depending on the version of the
operating system you run into. There will usually be no prompt
offered, it will just look like it's sitting there. At this point,
type 'login '. If it is a pre-18.00.00 version of Primos,
you can hit a bunch of ^C's for the password and you'll drop in.
Unfortunately, most people are running versions 19+. Primos also
comes with a good set of help files. One of the most useful
features of a Prime on Telenet is a facility called NETLINK. Once
you're inside, type NETLINK and follow the help files. This allows
you to connect to NUA's all over the world using the 'nc' command.
For example, to connect to NUA 026245890040004, you would type
@nc :26245890040004 at the netlink prompt.
Common Accounts/Defaults:
PRIME PRIME or PRIMOS
PRIMOS_CS PRIME or PRIMOS
PRIMENET PRIMENET
SYSTEM SYSTEM or PRIME
NETLINK NETLINK
TEST TEST
GUEST GUEST
GUEST1 GUEST
HP-x000- This system is made by Hewlett-Packard. It is characterized by the
':' prompt. The HP has one of the more complicated login sequences
around- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.
Fortunately, some of these fields can be left blank in many cases.
Since any and all of these fields can be passworded, this is not
the easiest system to get into, except for the fact that there are
usually some unpassworded accounts around. In general, if the
defaults don't work, you'll have to brute force it using the
common password list (see below.) The HP-x000 runs the MPE operat-
ing system, the prompt for it will be a ':', just like the logon
prompt.
Common Accounts/Defaults:
MGR.TELESUP,PUB User: MGR Acct: HPONLY Grp: PUB
MGR.HPOFFICE,PUB unpassworded
MANAGER.ITF3000,PUB unpassworded
FIELD.SUPPORT,PUB user: FLD, others unpassworded
MAIL.TELESUP,PUB user: MAIL, others
unpassworded
MGR.RJE unpassworded
FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96 unpassworded
MGR.TELESUP,PUB,HPONLY,HP3 unpassworded
IRIS- IRIS stands for Interactive Real Time Information System. It orig-
inally ran on PDP-11's, but now runs on many other minis. You can
spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner,
and the ACCOUNT ID? prompt. IRIS allows unlimited tries at hacking
in, and keeps no logs of bad attempts. I don't know any default
passwords, so just try the common ones from the password database
below.
Common Accounts:
MANAGER
BOSS
SOFTWARE
DEMO
PDP8
PDP11
ACCOUNTING
VM/CMS- The VM/CMS operating system runs in International Business Machines
(IBM) mainframes. When you connect to one of these, you will get
message similar to 'VM/370 ONLINE', and then give you a '.' prompt,
just like TOPS-10 does. To login, you type 'LOGON '.
Common Accounts/Defaults are:
AUTOLOG1: AUTOLOG or AUTOLOG1
CMS: CMS
CMSBATCH: CMS or CMSBATCH
EREP: EREP
MAINT: MAINT or MAINTAIN
OPERATNS: OPERATNS or OPERATOR
OPERATOR: OPERATOR
RSCS: RSCS
SMART: SMART
SNA: SNA
VMTEST: VMTEST
VMUTIL: VMUTIL
VTAM: VTAM
NOS- NOS stands for Networking Operating System, and runs on the Cyber
computer made by Control Data Corporation. NOS identifies itself
quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE
SYSTEM. COPYRIGHT CONTROL DATA 1978,1987'. The first prompt you
will get will be FAMILY:. Just hit return here. Then you'll get
a USER NAME: prompt. Usernames are typically 7 alpha-numerics
characters long, and are *extremely* site dependent. Operator
accounts begin with a digit, such as 7ETPDOC.
Common Accounts/Defaults:
$SYSTEM unknown
SYSTEMV unknown
Decserver- This is not truly a computer system, but is a network server that
has many different machines available from it. A Decserver will
say 'Enter Username>' when you first connect. This can be anything,
it doesn't matter, it's just an identifier. Type 'c', as this is
the least conspicuous thing to enter. It will then present you
with a 'Local>' prompt. From here, you type 'c ' to
connect to a system. To get a list of system names, type
'sh services' or 'sh nodes'. If you have any problems, online
help is available with the 'help' command. Be sure and look for
services named 'MODEM' or 'DIAL' or something similar, these are
often outdial modems and can be useful!
GS/1- Another type of network server. Unlike a Decserver, you can't
predict what prompt a GS/1 gateway is going to give you. The
default prompt it 'GS/1>', but this is redifinable by the
system administrator. To test for a GS/1, do a 'sh d'. If that
prints out a large list of defaults (terminal speed, prompt,
parity, etc...), you are on a GS/1. You connect in the same manner
as a Decserver, typing 'c '. To find out what systems
are available, do a 'sh n' or a 'sh c'. Another trick is to do a
'sh m', which will sometimes show you a list of macros for logging
onto a system. If there is a macro named VAX, for instance, type
'do VAX'.
The above are the main system types in use today. There are
hundreds of minor variants on the above, but this should be
enough to get you started.
Unresponsive Systems
~~~~~~~~~~~~~~~~~~~~
Occasionally you will connect to a system that will do nothing but sit
there. This is a frustrating feeling, but a methodical approach to the system
will yield a response if you take your time. The following list will usually
make *something* happen.
1) Change your parity, data length, and stop bits. A system that won't re-
spond at 8N1 may react at 7E1 or 8E2 or 7S2. If you don't have a term
program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,
with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.
While having a good term program isn't absolutely necessary, it sure is
helpful.
2) Change baud rates. Again, if your term program will let you choose odd
baud rates such as 600 or 1100, you will occasionally be able to penetrate
some very interesting systems, as most systems that depend on a strange
baud rate seem to think that this is all the security they need...
3) Send a series of 's.
4) Send a hard break followed by a .
5) Type a series of .'s (periods). The Canadian network Datapac responds
to this.
6) If you're getting garbage, hit an 'i'. Tymnet responds to this, as does
a MultiLink II.
7) Begin sending control characters, starting with ^A --> ^Z.
8) Change terminal emulations. What your vt100 emulation thinks is garbage
may all of a sudden become crystal clear using ADM-5 emulation. This also
relates to how good your term program is.
9) Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,
JOIN, HELP, and anything else you can think of.
10) If it's a dialin, call the numbers around it and see if a company
answers. If they do, try some social engineering.
Brute Force Hacking
~~~~~~~~~~~~~~~~~~~
There will also be many occasions when the default passwords will not work
on an account. At this point, you can either go onto the next system on your
list, or you can try to 'brute-force' your way in by trying a large database
of passwords on that one account. Be careful, though! This works fine on
systems that don't keep track of invalid logins, but on a system like a VMS,
someone is going to have a heart attack if they come back and see '600 Bad
Login Attempts Since Last Session' on their account. There are also some
operating systems that disconnect after 'x' number of invalid login attempts
and refuse to allow any more attempts for one hour, or ten minutes, or some-
times until the next day.
The following list is taken from my own password database plus the data-
base of passwords that was used in the Internet UNIX Worm that was running
around in November of 1988. For a shorter group, try first names, computer
terms, and obvious things like 'secret', 'password', 'open', and the name
of the account. Also try the name of the company that owns the computer
system (if known), the company initials, and things relating to the products
the company makes or deals with.
Password List
=============
aaa daniel jester rascal
academia danny johnny really
ada dave joseph rebecca
adrian deb joshua remote
aerobics debbie judith rick
airplane deborah juggle reagan
albany december julia robot
albatross desperate kathleen robotics
albert develop kermit rolex
alex diet kernel ronald
alexander digital knight rosebud
algebra discovery lambda rosemary
alias disney larry roses
alpha dog lazarus ruben
alphabet drought lee rules
ama duncan leroy ruth
amy easy lewis sal
analog eatme light saxon
anchor edges lisa scheme
andy edwin louis scott
andrea egghead lynne scotty
animal eileen mac secret
answer einstein macintosh sensor
anything elephant mack serenity
arrow elizabeth maggot sex
arthur ellen magic shark
asshole emerald malcolm sharon
athena engine mark shit
atmosphere engineer markus shiva
bacchus enterprise marty shuttle
badass enzyme marvin simon
bailey euclid master simple
banana evelyn maurice singer
bandit extension merlin single
banks fairway mets smile
bass felicia michael smiles
batman fender michelle smooch
beauty fermat mike smother
beaver finite minimum snatch
beethoven flower minsky snoopy
beloved foolproof mogul soap
benz football moose socrates
beowulf format mozart spit
berkeley forsythe nancy spring
berlin fourier napoleon subway
beta fred network success
beverly friend newton summer
bob frighten next super
brenda fun olivia support
brian gabriel oracle surfer
bridget garfield orca suzanne
broadway gauss orwell tangerine
bumbling george osiris tape
cardinal gertrude outlaw target
carmen gibson oxford taylor
carolina ginger pacific telephone
caroline gnu painless temptation
castle golf pam tiger
cat golfer paper toggle
celtics gorgeous password tomato
change graham pat toyota
charles gryphon patricia trivial
charming guest penguin unhappy
charon guitar pete unicorn
chester hacker peter unknown
cigar harmony philip urchin
classic harold phoenix utility
coffee harvey pierre vicky
coke heinlein pizza virginia
collins hello plover warren
comrade help polynomial water
computer herbert praise weenie
condo honey prelude whatnot
condom horse prince whitney
cookie imperial protect will
cooper include pumpkin william
create ingres puppet willie
creation innocuous rabbit winston
creator irishman rachmaninoff wizard
cretin isis rainbow wombat
daemon japan raindrop yosemite
dancer jessica random zap
Part Four: Wrapping it up!
~~~~~~~~~~~~~~~~~~~~~~~~~~
I hope this file has been of some help in getting started. If you're
asking yourself the question 'Why hack?', then you've probably wasted a lot
of time reading this, as you'll never understand. For those of you who
have read this and found it useful, please send a tax-deductible donation
of $5.00 (or more!) in the name of the Legion of Doom to:
The American Cancer Society
90 Park Avenue
New York, NY 10016
******************************************************************************
References:
1) Introduction to ItaPAC by Blade Runner
Telecom Security Bulletin #1
2) The IBM VM/CMS Operating System by Lex Luthor
The LOD/H Technical Journal #2
3) Hacking the IRIS Operating System by The Leftist
The LOD/H Technical Journal #3
4) Hacking CDC's Cyber by Phrozen Ghost
Phrack Inc. Newsletter #18
5) USENET comp.risks digest (various authors, various issues)
6) USENET unix.wizards forum (various authors)
7) USENET info-vax forum (various authors)
Recommended Reading:
1) Hackers by Steven Levy
2) Out of the Inner Circle by Bill Landreth
3) Turing's Man by J. David Bolter
4) Soul of a New Machine by Tracy Kidder
5) Neuromancer, Count Zero, Mona Lisa Overdrive, and Burning Chrome, all
by William Gibson
6) Reality Hackers Magazine c/o High Frontiers, P.O. Box 40271, Berkeley,
California, 94704, 415-995-2606
7) Any of the Phrack Inc. Newsletters & LOD/H Technical Journals you can find.
Acknowledgements:
Thanks to my wife for putting up with me.
Thanks to Lone Wolf for the RSTS & TOPS assistance.
Thanks to Android Pope for proofreading, suggestions, and beer.
Thanks to The Urvile/Necron 99 for proofreading & Cyber info.
Thanks to Eric Bloodaxe for wading through all the trash.
Thanks to the users of Phoenix Project for their contributions.
Thanks to Altos Computer Systems, Munich, for the chat system.
Thanks to the various security personel who were willing to talk to
me about how they operate.
An Introduction to Hacking
This is a brief tutorial designed to show you how to get started with hacking. It is not an in depth analysis of Unix and I will not show you how to hack specific systems or give you any specific usernames or passwords. Anything that you do after reading this file is NOT my responsibility, so don't expect me to write to you in jail if you get caught. If you are an advanced hacker, then I suggest you give this a miss as it's designed for beginners... Section 1 : What exactly is a hacker then? Tricky one really. There are hundreds of definitions floating around, but the basic description of a hacker would be someone who accesses and uses a computer system in ways which a normal user might not think of. This may be legal, but chances are that it will be illegal. Also, many hackers might not consider you to be one of them unless you have the hacker attitude. Basically what this means is that you have a certain view over the way in which things should be done. For example, nearly all hackers are anti authoritarian. Another thing which you really should do is give voluntry help to other hackers. This may be in the form of debugging programs that they have written, informing them of new bugs in systems e.t.c.... There are plenty of detailed FAQ's out there, so I won't go into it in detail. Try looking up 'hacker ethics' in any descent search engine (www.altavista.com is pretty good) for more Section 2 : Tell me how to hack! Yeah right. You ask any hacker or newsgroup this and your gonna get flamed. Flaming is when someone responds to your question by throwing a string of anger and obsenities at you because they are mad. Why would they do this? After all hacking is about giving voluntry help isn't it? Well, asking how to hack is not only far too general, but it's also pointless. Nobody can tell you how to hack. They can give you passwords, programs and bugs, but they by doing this they would be stopping you from learning and discovering new things, and let's face it, the best way to learn to hack is to do it. Section 3 : Where to learn Apart from actually hacking, the most important thing you can do is read. Texts can come from a variety of sources, including your local library and of coarse the internet. There are some around with titles like 'The secret underworld of hacking' but these are mostly a waste of time, and contain no valuable information. Instead, read books with titles like : 'Unix : An introduction' or 'How to teach yourself Unix'. These will contain a wealth of commands and information. You will not learn by simply downloading programs to do your work for you, although some are essential (I'll tell you which ones later). Section 4 : The art of hacking Hacking is in many ways an art. It takes time, patience and intelligence. You won't get immediate gratification, but if you do get good, then it's really worth it. There are several skills accosiated with hacking, but the fundemental one, which is often overlooked by newbies is the ability to program. Programming is basically telling the computer what to do, and a programming language is the way in which you write it. Again, there are millions of tutorials to do with this subject, and it is FAR too big to go into here. The basic languages you will need to know are perl and c, which are the main languages for the Unix operating system (I'll go onto that in a second). Again, any good search engine will give you hundreds of sites realted to these. Just to give you an idea of what programming is about, here' some c source code (that's the text before it is compiled/interpreted so the computer can understand it): #includeusing namespace std; int main() { cout<<'Hi there, how are you!'; } Note that this section of code is taken from a MSDOS application. Unix will differ slightly. Although it can be a bit tedious, programming is very rewarding, and is very important if you want to become a good hacker. You won't need to become some programming genius to hack though, just have a general idea of the syntax used by the languages. The next important skill you need to learn is how to use the Unix operating system. This is an operating system (like windows or DOS) which is specifically designed for networking. Most big servers use it and it allows thousands of users to connect to virtual (software) and hardware ports remotely ( if the computer it is operating has them). Like programming, Unix is very complicated and detailed, so I can only give you an introduction here. The best way to teach you what Unix is is to give you an example. This example assumes that the person using it has a shell account (a user name and password so that he can log in and use the computers), and that the user has windows on their computer. It is entirely fictional: (In the run bar) telnet shinracorperation.com 23 (Telnet starts up, there's a brief pause before the cursor starts flashing) SunOS : 5.10 login:rudolf password:######## Welcome to the shinra corperations main server. Type 'help' for more. $ That is an example of a typical Unix system. To operate it, we run telnet (the standard telnet program included with windows), this will allow our computer to communicate with the remote server which is shinracorperation.com. The number 23 after it tells telnet to connect to port 23 on the computer. Ports allow remote users to input commands to the computer. A computer can have thousands of ports, each with a different number, but the most common and what they do are: 13 : Date and time port (pretty useless really) 21 : FTP (File transport Protocal) port 23 : Standard telnet port. This is the port which the telnet program will try to open by default 25 : Send Mail port. This allows the user to operate an ancient send mail program which can send messages to email addresses on that server (more later) 79 : The 'finger' port. This allows the user to type in the name of a user and get details on them (very useful) 80 : Standard http port (it's the one your browser opens) 110 : POP port. Allows you to operate a primitive POP email program. To connect to each of these ports you would put the number instead of 23 in the command line. The next line tells us what type of operating system the computer is using. This will become important if you need to use a bug or back door to get into the system, as they vary from operating system to operating system. One advantage of Unix operating systems is that they don't record your login attemps, so the sysadmin won't find 6000 attempts in his log file when he has a look. Now, the only thing holding us back here is the need for a username and password. In the early days of hacking, you could telnet to any computer, type in root as your username and root as your password and you'd be in with superuser privialges (root is the username that should give you the ability to do anything on that computer). That ain't gonna happen these days. There are some servers which you might be lucky enough to guess a username and password on, so have a look at the list below of common Unix users: root admin adm sysadmin guest (VERY often the password will be guest too) test demo uucp Although unlikely, these may work if you enter the password the same as the username, it's worth a try. I hope that gave you an idea of what Unix is. The final part, by the way, was the command prompt, similair to the C:\> prompt in DOS. Here you would enter commands for the computer. Since this is only an introduction, I won't go into commands here, but there are plenty of books, many from your local library which will tell you how to use Unix. You can find more information on how to exploit bugs in Unix operating systems and backdoors in them by using a search engine. Chances are that you will not be able to guess the password. In this case you'll need to do some research. Try looking at the companies web site, and finding out things about them. Section 5 : Toolz Although you should use them as little as possible, you will need to use some programs. One of the most essential is a password cracking program. In most Unix systems, the password file is located in /etc/passwd. As I've said, there are plenty of files which will tell you how to download it, so I won't go into that here. Now, assuming you've got the password file, you'll need a program called John the Ripper deencrypt the file and get the passwords. If you open the passwd file with a standard editor like notepad or edit, you will see something like: root:h589798Hhgh:0:0:/etc or root:x:0:0:/etc With many more lines added on. If it looks like the first one, then not only are you lucky, but you've got the passwords for the entire system. Now run Jack the ripper on it, and if your dictionary file (a file with lots of standard passwords in it) is good enough, you should at least get a few of the passwords. If you get root, then get very, very excited. You can now log into the system and do anything. BUT be warned, you do ANY damage what so ever, and they'll find you within a couple of hours, so DON'T. Not only that, but it'll make you a cracker which is someone who breaks into a system to do damage to it, they are looked down upon by real hackers. Now, if it looks more like the second one, get ready to cry 'cos the password file is shadowed. This means that although the users are stored in the passwd file, the passwords are stored in different one, usually /etc/shadow. This obviously means that you must download the shadow file (the server probably won't let you), merge it with the passswd file, and then run john the ripper on it. If you can get both the passwd and shadow files, you'll need to get a program called VCU to merge them, although there are some others around. Shadowing is used by most servers these days, and makes life a hell of a lot more difficult Section 6 : Using programs on the server The first program I'm gonna look at is SMTP (send mail) which is usually stored on port 25. I'm not gonna give any direct examples here, but replace the xxx part with virtually any server name and you should find one: telnet xxx 25 SMPT Version 1.3 Ready And that is all you get. You are now ready to run this program. It allows you to send mail to anyone who has an email address within that server. The commands that you'll need to know to use this program are help - gives you a list of commands. If you follow it with a command, it will give you help on it helo - This tells the computer who you are mail from:xxx - It will say who the mail is from on the message (replace xx with a made up or real email address) rcpt to: - Who the mail will go to. It must be within the server that you are hacking or you will get the error 'Relaying not allowed' data : Press enter, and type in what you want the message to say. Put a full stop (a period) and a seperate line and press enter to end and send the message quit : Disconnects you vrfy xxx : Replace the xxx with a user name, and it will tell you if it exists This should give you a basic idea of how to use the program. The commands should come in that order to send mail (vrfy is not needed to send mail, you can simply use it to tell if a user exists. Oh yeah, and you won't see what you type in. The other program I'm gonna look at is in port 79 so type: telnet xxx 79 You will be greeted by, well nothing. Loads of servers have closed this port, but if they have it open, then it is very useful. All you do is type in the name of the user you want to finger, and it will give you their account details. Try all of the common users above. This program will usually only let you finger one user before disconnecting. Conclusion I hope this has been an informative introduction into the world of hacking. Even at this level, there are tonnes more things which you will need to find out about so that you can hack. I suggest you look the following things up in your search engine: Unix operatins system computer security hacking c programming perl programming hacking tutorials Hopefully you will find what you need. One last word of warning, be VERY careful about hacking, and don't do any damage, you WILL get caught if you do. Oh yeah, and have fun... Legal Stuff... You may reproduce this document on any web page or on any CDROM or otherwise. You do not have to ask my permission or anything, as long as it remains unchanged and I get the credit. As I've already said, I'm not responsible if you act on the information above, and this was intended for EDUCATIONAL PURPOSES ONLY. Chaw... Seditious
Exploiting SQL Server 2008 Through Code
SQL Server 2008 has a ton of new DBA features, but if you really want to make this thing go, just crank out a little code.
SQL Server 2008 is mostly in the domain of system and database administrators. But it's also a repository for data used by applications, which brings the product to those who aren't afraid of a little code. This new release has a lot of goodies that support application development directly. I'll walk you through several of the new and improved features that I believe are most useful and interesting for the code savvy.
Management Studio Gets Several Enhancements
Since SQL Server 2005, Management Studio has been an extended version of Visual Studio. In 2005, the implementation was useful but a bit half-baked. In SQL Server 2008, Microsoft has made Management Studio a worthy environment for both administrators and developers. (Members of both groups who prefer command-line interfaces can also use the extensible Windows PowerShell.) Many features will be familiar to users moving to SQL Server 2008, but there are also many new features that make working with SQL Server much easier. For coders, probably the nicest new feature in Management Studio is IntelliSense. Long a staple in Visual Studio, IntelliSense lets you write code in a Query Editor Window and reduce the number of times you have to go to Books Online to look up syntax or spelunk Object Explorer to find the name of that stored procedure you need. IntelliSense in SQL Server 2008 works largely as it does in VS, providing you with a list of objects and methods as you type code.
The second-most-coveted new feature in Management Studio is T-SQL debugging. You can now debug code directly from within Management Studio, which provides all of the features you expect, including the ability to step through code, view and change local variables, watch expressions and set breakpoints.
Debugging in Management Studio is nowhere as deep as it is in VS, but it is functional and provides a lot of debugging tools. Of course, you can still enter a T-SQL debugging session from within VS, which means you can have the best of both worlds.
Object Explorer Window Now Useful
Management Studio's Object Explorer has long provided a nice view into the many persistent and virtual objects in a database and server. But the Object Explorer Details window, which by default appears to the right of Object Explorer when you first start Management Studio, was less than useless in SQL Server 2005. For the most part, it just displayed the same list of objects shown in Object Explorer. The tab took up space, and many users simply closed the window.
In SQL Server 2008, Object Explorer Details often provides useful information, such as when you select the Databases node in Object Explorer. The views are highly customizable, letting you display exactly the information you find most useful.
Management Studio has a lot of other new features, and I discover more every day. Two more I recently discovered include the ability to query multiple servers by defining a server group, and the ability to configure the number of rows returned when opening a table to select or edit its contents.
2008 Adds New T-SQL Data Types
One of the sexiest new features in SQL Server 2008 is spatial data types. If you've ever worked with spatial data in a database, such as latitudes and longitudes or locations in a grid, you've probably developed your own types to support basic operations and conversions. It's not trivial code. But now, SQL Server 2008 has built-in support for two kinds of spatial-data systems. The geometry types support planar, or "flat-earth," coordinate data. The geography types store ellipsoidal data that stores locations on the earth's surface, a flattened sphere. Whether you're storing GPS data scattered around the globe, or need to store the coordinates that define complex shapes on a rectangular surface, you'll find a lot of features in these data types, along with dozens of useful methods.
It's common to store hierarchical data in a database, even though relational databases don't support hierarchies easily. You can create hierarchies with self-joins, but you generally need to do all the work. SQL Server 2008 introduces the HierarchyID data type, which greatly simplifies working with hierarchical data, complete with functions that make it easy to navigate hierarchies. It doesn't make data hierarchies a substitute for the native structure of XML data, but it does simplify operations. SQL Server maintains the structure of the data, supports random insertions and deletions, and supports location-based comparisons. You can index the data either breadth-first or depth-first, depending on the nature of the data and how your applications access it.
T-SQL Improvements
T-SQL in SQL Server 2008 hasn't received any major changes, but the new version includes many features that make code simpler and more efficient. There are a few syntax enhancements that developers will like, including a couple that make T-SQL seem more like a "real" programming language. You can now declare and initialize variables in a single statement.
One of my favorite new T-SQL features is table-valued parameters (TVPs). This one feature will single-handedly save you from a lot of ugly T-SQL code. Have you ever had to pass several pieces of data as a parameter to a stored procedure? Maybe it was a comma-delimited list or some other array-like structure. You'd have to write some nasty parsing code to split up the values, then probably use a loop to process the data. SQL Server 2005 introduced a table data type, but you couldn't pass it to a procedure.
TVPs solve these kinds of problems elegantly by letting you pass -- as the name suggests -- a table-valued parameter to the procedure or function. Then, in the body of the procedure, you can use the set-based features of SQL to process the data, such as by inserting it into a persistent table.
Administrator Features Help Developers
SQL Server 2008 is a server application, and most of its features are focused on making it robust no matter what kind of loads applications throw at it. It's chock-full of administrative-support features that make it incredibly easy to install, manage and secure the database. Usually, there's a difference between the features that administrators and developers are interested in or use during the course of a typical day, but there are a handful of administrative features in SQL Server 2008 that are useful to developers.
One such feature is partition switching. Developers and admins have long used table partitions to store subsets of data in various tables, usually for performance or data-storage reasons. A common scenario is to store each calendar year's worth of transactions in a separate table and put each of the tables in a different file group. You can create a UNION query to extract and summarize the data when you need to access all the data, such as to create a report that spans all time. This works, but it requires some work to set up and often requires modifying code when adding a new partitioned table when a new year begins. (There are lots of other ways to do this.) You can use this kind of scheme to archive old data while keeping it available for analysis.
With partition switching, you can add a table as a partition to another table that's already partitioned, remove partitioning to create a single aggregated table and switch a partition from one partitioned table to another. You could always set up your own scheme to implement these features, but in SQL Server 2008 you can perform these tasks using the ALTER TABLE and ALTER PARTITION statements. The data itself is not changed or moved. The only thing that changes is the metadata for where it's stored. There are a slew of requirements to make partition-switching work, but they basically boil down to the fact that all of the involved tables must be identical in nearly every way.
Full-text searching has long been a feature that held a lot of promise but never seemed to get traction. One of the reasons is that it always seemed like an add-in that wasn't fully implemented. But with SQL Server 2008, full-text search is completely integrated into the database instead of being stored externally. Portions of full-text indexing and querying are now integrated into the query optimizer, so performance is much better, and there are more tools to extract useful data from the database. You might want to consider dumping all that gnarly T-SQL code you wrote over the last decade to give users flexible searches into their data and implement full-text searches instead.
SQL Server 2008 supports Windows PowerShell, an enhanced, extensible scripting shell interface for developers and administrators who love the command line. SQL Server includes two PowerShell snap-ins that expose the hierarchy of database and server objects as paths (similar to file-system paths). On the surface, this sounds a bit like an abomination, but it can simplify getting around the database object model. Another snap-in implements a set of PowerShell cmdlets for performing a variety of actions, such as running sqlcmd scripts. PowerShell's a powerful tool, but if you love your mice and GUIs, you can opt not to use it.
SQL Server 2008 offers a lot to love for a developer. It isn't a revolutionary release, but it has enough great features to make it a slam-dunk upgrade as soon as your neighborhood system and database administrator lets you.
There's a ton of new stuff to learn in SQL Server 2008, though, so be careful to get up to speed on what's new and different.
Management Studio Gets Several Enhancements
Since SQL Server 2005, Management Studio has been an extended version of Visual Studio. In 2005, the implementation was useful but a bit half-baked. In SQL Server 2008, Microsoft has made Management Studio a worthy environment for both administrators and developers. (Members of both groups who prefer command-line interfaces can also use the extensible Windows PowerShell.) Many features will be familiar to users moving to SQL Server 2008, but there are also many new features that make working with SQL Server much easier. For coders, probably the nicest new feature in Management Studio is IntelliSense. Long a staple in Visual Studio, IntelliSense lets you write code in a Query Editor Window and reduce the number of times you have to go to Books Online to look up syntax or spelunk Object Explorer to find the name of that stored procedure you need. IntelliSense in SQL Server 2008 works largely as it does in VS, providing you with a list of objects and methods as you type code.
The second-most-coveted new feature in Management Studio is T-SQL debugging. You can now debug code directly from within Management Studio, which provides all of the features you expect, including the ability to step through code, view and change local variables, watch expressions and set breakpoints.
 [Click on image for larger view.] |
| Management Studio now includes IntelliSense and syntax-error squigglies, features that will make developers far more productive when writing SQL code. |
Object Explorer Window Now Useful
Management Studio's Object Explorer has long provided a nice view into the many persistent and virtual objects in a database and server. But the Object Explorer Details window, which by default appears to the right of Object Explorer when you first start Management Studio, was less than useless in SQL Server 2005. For the most part, it just displayed the same list of objects shown in Object Explorer. The tab took up space, and many users simply closed the window.
In SQL Server 2008, Object Explorer Details often provides useful information, such as when you select the Databases node in Object Explorer. The views are highly customizable, letting you display exactly the information you find most useful.
Management Studio has a lot of other new features, and I discover more every day. Two more I recently discovered include the ability to query multiple servers by defining a server group, and the ability to configure the number of rows returned when opening a table to select or edit its contents.
2008 Adds New T-SQL Data Types
One of the sexiest new features in SQL Server 2008 is spatial data types. If you've ever worked with spatial data in a database, such as latitudes and longitudes or locations in a grid, you've probably developed your own types to support basic operations and conversions. It's not trivial code. But now, SQL Server 2008 has built-in support for two kinds of spatial-data systems. The geometry types support planar, or "flat-earth," coordinate data. The geography types store ellipsoidal data that stores locations on the earth's surface, a flattened sphere. Whether you're storing GPS data scattered around the globe, or need to store the coordinates that define complex shapes on a rectangular surface, you'll find a lot of features in these data types, along with dozens of useful methods.
 [Click on image for larger view.] |
| The Object Explorer Details window lets you search for objects within a database or across all databases on a server using a wildcard search. |
T-SQL Improvements
T-SQL in SQL Server 2008 hasn't received any major changes, but the new version includes many features that make code simpler and more efficient. There are a few syntax enhancements that developers will like, including a couple that make T-SQL seem more like a "real" programming language. You can now declare and initialize variables in a single statement.
One of my favorite new T-SQL features is table-valued parameters (TVPs). This one feature will single-handedly save you from a lot of ugly T-SQL code. Have you ever had to pass several pieces of data as a parameter to a stored procedure? Maybe it was a comma-delimited list or some other array-like structure. You'd have to write some nasty parsing code to split up the values, then probably use a loop to process the data. SQL Server 2005 introduced a table data type, but you couldn't pass it to a procedure.
TVPs solve these kinds of problems elegantly by letting you pass -- as the name suggests -- a table-valued parameter to the procedure or function. Then, in the body of the procedure, you can use the set-based features of SQL to process the data, such as by inserting it into a persistent table.
Administrator Features Help Developers
SQL Server 2008 is a server application, and most of its features are focused on making it robust no matter what kind of loads applications throw at it. It's chock-full of administrative-support features that make it incredibly easy to install, manage and secure the database. Usually, there's a difference between the features that administrators and developers are interested in or use during the course of a typical day, but there are a handful of administrative features in SQL Server 2008 that are useful to developers.
One such feature is partition switching. Developers and admins have long used table partitions to store subsets of data in various tables, usually for performance or data-storage reasons. A common scenario is to store each calendar year's worth of transactions in a separate table and put each of the tables in a different file group. You can create a UNION query to extract and summarize the data when you need to access all the data, such as to create a report that spans all time. This works, but it requires some work to set up and often requires modifying code when adding a new partitioned table when a new year begins. (There are lots of other ways to do this.) You can use this kind of scheme to archive old data while keeping it available for analysis.
With partition switching, you can add a table as a partition to another table that's already partitioned, remove partitioning to create a single aggregated table and switch a partition from one partitioned table to another. You could always set up your own scheme to implement these features, but in SQL Server 2008 you can perform these tasks using the ALTER TABLE and ALTER PARTITION statements. The data itself is not changed or moved. The only thing that changes is the metadata for where it's stored. There are a slew of requirements to make partition-switching work, but they basically boil down to the fact that all of the involved tables must be identical in nearly every way.
Full-text searching has long been a feature that held a lot of promise but never seemed to get traction. One of the reasons is that it always seemed like an add-in that wasn't fully implemented. But with SQL Server 2008, full-text search is completely integrated into the database instead of being stored externally. Portions of full-text indexing and querying are now integrated into the query optimizer, so performance is much better, and there are more tools to extract useful data from the database. You might want to consider dumping all that gnarly T-SQL code you wrote over the last decade to give users flexible searches into their data and implement full-text searches instead.
 [Click on image for larger view.] |
| The MERGE statement lets you insert, update and delete data in a table with a single statement. |
SQL Server 2008 offers a lot to love for a developer. It isn't a revolutionary release, but it has enough great features to make it a slam-dunk upgrade as soon as your neighborhood system and database administrator lets you.
There's a ton of new stuff to learn in SQL Server 2008, though, so be careful to get up to speed on what's new and different.
Hackers Enlist Search Engines for Phishing Attacks
Hackers are increasingly attempting to influence search engines to misdirect users to spurious Web sites. Last week, software security firm Marshal highlighted the phishing-attack problem and the role of search engine optimization (SEO) in a blog post.
Users who are misdirected by the search results typically get hit by a fake security dialog box telling the user to download a fake antimalware program. The misrepresentations that show up in search-engine results include sites mimicking the California Franchise Tax Board and college basketball Web sites, among others, according to Marshal.
Spokespersons for search engine providers Microsoft and Google did not talk directly about what measures their companies take to ensure that search rankings don't divert users to malicious Web sites. Possibly, neither wants to give hackers information or divulge trade secrets.
One of the measures that Microsoft took with its Internet Explorer 8 browser is the addition of a SmartScreen filter that displays popup warnings when users click on links suspected to lead to malicious Web sites, according to a Microsoft spokeswoman. The filter is "URL-reputation-based" and runs a diagnostic scan of the servers hosting downloads to determine if those servers have a track record of parsing out malicious content. Presumably, users will take a common-sense approach and not go to such sites.
Google, for its part, has guidelines on what Webmasters should and shouldn't be doing, explained Google spokesman Nate Tyler, in an e-mail. Google expels Web pages from its search results when Webmasters use programmatic queries to improve search rankings. It also forbids the use of link schemes with hidden coding or the creation of doorway pages used specifically to increase clicks and move up in search rankings. Again, the implication here is that with golden rules in place, users should act at their own discretion.
Hackers also add bad links to other Web sites, particularly in the comments sections. When that's done to blogs, the practice is known as blog spamming. The links typically connect with automated tools that can help hackers gain entry into a computer.
Still, there's no way to prevent people from visiting malicious Web sites and no firewall rule for foolish behavior.
"Unfortunately, there is no Holy Grail product to solve this issue," said Paul Henry, security and forensic analyst at Scottsdale, Ariz.-based Lumension. "Links to increase the SEO for a given Web page -- and, just as concerning, links added that direct users to malware-laden pages -- are increasing at an alarming rate. The most effective mitigation would of course be to make sure that your browser and any related add-ons are fully patched and up to date and does what it is supposed to do."
Users who are misdirected by the search results typically get hit by a fake security dialog box telling the user to download a fake antimalware program. The misrepresentations that show up in search-engine results include sites mimicking the California Franchise Tax Board and college basketball Web sites, among others, according to Marshal.
Spokespersons for search engine providers Microsoft and Google did not talk directly about what measures their companies take to ensure that search rankings don't divert users to malicious Web sites. Possibly, neither wants to give hackers information or divulge trade secrets.
One of the measures that Microsoft took with its Internet Explorer 8 browser is the addition of a SmartScreen filter that displays popup warnings when users click on links suspected to lead to malicious Web sites, according to a Microsoft spokeswoman. The filter is "URL-reputation-based" and runs a diagnostic scan of the servers hosting downloads to determine if those servers have a track record of parsing out malicious content. Presumably, users will take a common-sense approach and not go to such sites.
Google, for its part, has guidelines on what Webmasters should and shouldn't be doing, explained Google spokesman Nate Tyler, in an e-mail. Google expels Web pages from its search results when Webmasters use programmatic queries to improve search rankings. It also forbids the use of link schemes with hidden coding or the creation of doorway pages used specifically to increase clicks and move up in search rankings. Again, the implication here is that with golden rules in place, users should act at their own discretion.
Hackers also add bad links to other Web sites, particularly in the comments sections. When that's done to blogs, the practice is known as blog spamming. The links typically connect with automated tools that can help hackers gain entry into a computer.
Still, there's no way to prevent people from visiting malicious Web sites and no firewall rule for foolish behavior.
"Unfortunately, there is no Holy Grail product to solve this issue," said Paul Henry, security and forensic analyst at Scottsdale, Ariz.-based Lumension. "Links to increase the SEO for a given Web page -- and, just as concerning, links added that direct users to malware-laden pages -- are increasing at an alarming rate. The most effective mitigation would of course be to make sure that your browser and any related add-ons are fully patched and up to date and does what it is supposed to do."
Fool Us Once, Conficker....
Plus, Microsoft in a patching spat; PCI makes new rules; Facebook tricks.
by Jabulani Leffall
The Conficker saga is far from over. In my last blog post I wrote about how the authors of the now infamous Conficker worm might be trying to get Microsoft to raise the stakes on its $250,000 reward for information leading to the discovery of the worm writers. Now it appears Microsoft might have to. Security experts such as Symantec's Peter Coogan and Don DeBolt, director of threat research at CA, along with pontificators from all over the blogosphere are saying there may be a new variant released on April Fools Day -- a release that would be appropriately mischievous on the part of the hackers and annoying for IT administrators. Security gadflies say that on April 1, a fourth incarnation of the worm -- albeit still in the Conficker C series -- could make contact with 500 URL domains out of a randomized pool of 50,000. The new iteration may even emit countermeasures against malware applications and security bots. Specifically the worm may attempt to disable Windows Automatic Update and stop online access to the Windows Security Center.
In the absence of an end-all, be-all patch from Redmond, independent security vendor Enigma Software Group claims to have a no-cost removal solution for Conficker A and B strains. If effective, it could keep the updated worms from communicating with previously infected workstations.
"We've had an international team of anti-spyware, anti-adware, and anti-virus programmers working round-the-clock to design this fix," said Enigma founder and president, Alvin Estevez in an e-mail. "Microsoft's own fixes were not completely effective but we've been able to find the basic structure of the virus and we're providing the 'fix' to those who've been infected, for free."
No one knows where the leak about April Fools' Day came from, whether its misdirection on the part of the worm's authors or overreaction by security experts hocking products and services, one thing is for sure: this won't be the last we've heard of Conficker.
Microsoft Responds to Patch Controversy
Tyler Reguly, senior security engineer at San Francisco-based nCircle, found some surprises on Patch Tuesday night to accompany his usual bad jokes, music and coffee as he tested the fixes.
It seems that the just-released MS09-008, had a vulnerability that nullifies the new patch for Windows DNS server in the event that a server has already been compromised. When I talked to Reguly last Friday about his discovery and Microsoft's response to him, Redmond had not formally made a statement on the matter. Since then, however the software giant has released a highly technical explanation essentially saying that it didn't want to impair DNS functionality to retro-fit systems that may or may not have been infected. Microsoft even went so far to say that when installing an update, the system "has no way of knowing whether the WPAD entry was configured by an administrator or an attacker."
"This is indeed not a scenario the security update, or any security update released by Microsoft, aims to address," the Microsoft post goes on to say. "Security updates are intended to help protect the system against future exploitation, and don't aim to undo any attack that has taken place in the past."
Like Conficker, debate over DNS security issues will likely linger longer than Microsoft and its technology partners would like it to.
PCI Doles Out More New Rules
At least once a quarter, the Payment Card Industry Council release new framework for data security pros that it believes will be clearer and more comprehensive than each of its predecessors. Well, the time has come again as the PCI has just released a new framework that maps the 12 previously mandated security controls outlined in Payment Card Industry Data Security Standards (PCI DSS). Bob Russo, the council's general manager, said in press release that the goal of the new milestones is to give enterprises a primer on PCI DSS compliance. Among the measures these milestones suggest are purging personally identifiable
card-authentication data from systems, thus limiting the continual storage of customer information. Other measures revolve around tests for network and application security, user access control and the protection of the stored data that enterprises do have to retain for the purpose of doing business.
There has been some concern in the past that compliance doesn't necessarily mean security; especially given the recent uptick in data breaches. Still, every little bit of new guidance helps.
Microsoft's Facebook Status Update
Speaking of guidance, security and more worms Microsoft is also stepping up its efforts to curtail trying to stamp out the Koobface worm, which is a botnet that burrows into social networking sites, most notably the popular site Facebook. Koobface tries to trick users into clicking on a link included in a so-called message from a so-called friend. Obviously those messages aren't from "friends." It gets even trickier if the link is to a video, which is often passed along by gawkers on Facebook and other sites. In this case, when a user clicks on the link there will be a fake error message asking the user to update to a newer version of Adobe Flash. If the user is curious enough about the video content, that user could be toast.
Indeed as Internet use increases and cloud computing ramps up, tech ecosystems will be full of worms and bugs and IT security pros will have to navigate a world that is propagating in real time.
by Jabulani Leffall
The Conficker saga is far from over. In my last blog post I wrote about how the authors of the now infamous Conficker worm might be trying to get Microsoft to raise the stakes on its $250,000 reward for information leading to the discovery of the worm writers. Now it appears Microsoft might have to. Security experts such as Symantec's Peter Coogan and Don DeBolt, director of threat research at CA, along with pontificators from all over the blogosphere are saying there may be a new variant released on April Fools Day -- a release that would be appropriately mischievous on the part of the hackers and annoying for IT administrators. Security gadflies say that on April 1, a fourth incarnation of the worm -- albeit still in the Conficker C series -- could make contact with 500 URL domains out of a randomized pool of 50,000. The new iteration may even emit countermeasures against malware applications and security bots. Specifically the worm may attempt to disable Windows Automatic Update and stop online access to the Windows Security Center.
In the absence of an end-all, be-all patch from Redmond, independent security vendor Enigma Software Group claims to have a no-cost removal solution for Conficker A and B strains. If effective, it could keep the updated worms from communicating with previously infected workstations.
"We've had an international team of anti-spyware, anti-adware, and anti-virus programmers working round-the-clock to design this fix," said Enigma founder and president, Alvin Estevez in an e-mail. "Microsoft's own fixes were not completely effective but we've been able to find the basic structure of the virus and we're providing the 'fix' to those who've been infected, for free."
No one knows where the leak about April Fools' Day came from, whether its misdirection on the part of the worm's authors or overreaction by security experts hocking products and services, one thing is for sure: this won't be the last we've heard of Conficker.
Microsoft Responds to Patch Controversy
Tyler Reguly, senior security engineer at San Francisco-based nCircle, found some surprises on Patch Tuesday night to accompany his usual bad jokes, music and coffee as he tested the fixes.
It seems that the just-released MS09-008, had a vulnerability that nullifies the new patch for Windows DNS server in the event that a server has already been compromised. When I talked to Reguly last Friday about his discovery and Microsoft's response to him, Redmond had not formally made a statement on the matter. Since then, however the software giant has released a highly technical explanation essentially saying that it didn't want to impair DNS functionality to retro-fit systems that may or may not have been infected. Microsoft even went so far to say that when installing an update, the system "has no way of knowing whether the WPAD entry was configured by an administrator or an attacker."
"This is indeed not a scenario the security update, or any security update released by Microsoft, aims to address," the Microsoft post goes on to say. "Security updates are intended to help protect the system against future exploitation, and don't aim to undo any attack that has taken place in the past."
Like Conficker, debate over DNS security issues will likely linger longer than Microsoft and its technology partners would like it to.
PCI Doles Out More New Rules
At least once a quarter, the Payment Card Industry Council release new framework for data security pros that it believes will be clearer and more comprehensive than each of its predecessors. Well, the time has come again as the PCI has just released a new framework that maps the 12 previously mandated security controls outlined in Payment Card Industry Data Security Standards (PCI DSS). Bob Russo, the council's general manager, said in press release that the goal of the new milestones is to give enterprises a primer on PCI DSS compliance. Among the measures these milestones suggest are purging personally identifiable
card-authentication data from systems, thus limiting the continual storage of customer information. Other measures revolve around tests for network and application security, user access control and the protection of the stored data that enterprises do have to retain for the purpose of doing business.
There has been some concern in the past that compliance doesn't necessarily mean security; especially given the recent uptick in data breaches. Still, every little bit of new guidance helps.
Microsoft's Facebook Status Update
Speaking of guidance, security and more worms Microsoft is also stepping up its efforts to curtail trying to stamp out the Koobface worm, which is a botnet that burrows into social networking sites, most notably the popular site Facebook. Koobface tries to trick users into clicking on a link included in a so-called message from a so-called friend. Obviously those messages aren't from "friends." It gets even trickier if the link is to a video, which is often passed along by gawkers on Facebook and other sites. In this case, when a user clicks on the link there will be a fake error message asking the user to update to a newer version of Adobe Flash. If the user is curious enough about the video content, that user could be toast.
Indeed as Internet use increases and cloud computing ramps up, tech ecosystems will be full of worms and bugs and IT security pros will have to navigate a world that is propagating in real time.
LiveJournal accounts getting hijacked
"Recently some journals and communities have been broken into, their contents deleted, and their owners locked out," LiveJournal said in an e-mail to its users. "The problem appears to stem from Hotmail's policy of recycling inactive e-mail addresses."
Anyone can claim a Hotmail address if it has not been used in more than a year, the e-mail says. Hijackers are grabbing lapsed e-mail addresses that have been publicly displayed on LiveJournal profile pages and are re-registering them on LiveJournal.
It's unclear how the hijackers were able to figure out the passwords to the accounts.
A spokesperson for LiveJournal did not immediately return a phone call or e-mail seeking comment.
The LiveJournal e-mail urges users to keep their passwords secure and make sure they are in control of all the e-mail addresses associated with the account.
LiveJournal has added a "Manage Email Addresses" feature that allows users to delete e-mail addresses that are no longer active. Users have to have been using their main e-mail address for at least six months in order to delete the others.
New Circumventor
New Circumventor:
http://www.sadsnack.com/
(Remember you can access it with either http:// or https:// at the beginning.)
Celine Dion and Sarah Jessica Parker walk into a bar. The bartender asks, "Hey, ladies, why the long faces?"
Peacefire.org
14615 NE 30th PL #10D, Bellevue WA 98007
http://www.sadsnack.com/
(Remember you can access it with either http:// or https:// at the beginning.)
Celine Dion and Sarah Jessica Parker walk into a bar. The bartender asks, "Hey, ladies, why the long faces?"
Peacefire.org
14615 NE 30th PL #10D, Bellevue WA 98007
Subscribe to:
Posts (Atom)