Forwarded message:

From stugreen@bga.com Tue Dec 30 02:12:37 1997 Sender: root@coney.lsd-labs.com Message-ID: <34A8A83D.FBFEDD2F@bga.com> Date: Tue, 30 Dec 1997 01:52:29 -0600 From: Stu Green <stugreen@bga.com> X-Mailer: Mozilla 4.03 [en] (X11; I; Linux 2.0.33 i586) MIME-Version: 1.0 To: ravage@ssz.com Subject: Strange Way To Leak Inofrmation: Contents Of Discovery Channel Show On Non-Lethals Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit

Jim, I left the tube on Discovery while testing some software tonight. In the background I heard something about attacking computers so I started paying attention and to my warped mind the Fed was trying to leak some dis-information (or advertise some dirty tricks already pulled). In the hype there were some interesting things mentions that folks ought be aware of. They gave a 'man in the middle' scenario played out in full on the screen between a "computer security expert" and a group of transactions between a bank in acountry "plagued with drug production and cartels" and a bank in Switzerland. The third world bank and the Swiss bank were using PGP for encryption. The narrator dumped an aside - the government was supplying the "computer security expert" with "data gathered over time", which consisted of intercepts of the initial text messages passing the PGP keys back and forth (PGP 2.4 flashed on one of the screens, so we ain't talking about yesterday here). This amounts to an acknowledgement that one of the three-letter groups is playing man-in-the -middle already and on a grand scale (not that this is new news, but its nice having the speculation authenticated, even if in a manner that leaves the conclusion to the viewer's deductive processes). The last computer related portion involved the FBI planting trojan horses through anti-virus software. they flash a couple of screens - one was definately Norton Anit-virus for 95 and the other recognizible one was M$AV. I think the one I couldn't pin is Dr. Solomon's, but it could easily be McAfee. Doesn't matter - if one is popped, they all are. Back in June I built a K6 for David that had some real pecularities - the sound card went into outer space and set it's interupt to 14 and wouldn't let go. When I started to try to figure out what was going on I figured that something wrote to the bios, cause the symptoms were so werid. So I hacked a little thing up to go in and rewrite the bios'sNVRAM. It worked witht the motherboard's jumpers set to allow bios flashing and failed when the pins were set to block flashing. But when I use debug in a very dirty program I was able to jack with the wrteable ram, even with flashing diaabled, matter of fact it was so damned simple I wrote the motherboard manufacturer to show how it was broken. If ASUS is prone to this kind of dumb attack, then I figure other boards are probably more vulnerable and the government's got a pile of exploits to dick with any machine (running windows, MacOS or NT) with their trojan horses and bios-level attacks. I could have sworn that the stuff I saw on David's motherboard came strait from Bulgaria. It looked like one of the best hacks I ever saw - everytime I changed values in the bios and rebooted into 95, those values were reset to the original values right after post ran memory checking. But if I booted into Linux it did not effect anything (it's nice having all the system specific onformation in /proc, without having to write a program to extract it from kmem). So, from what I can conclude, there maybe reason to look over the shoulder a little more diligently cause somebody's out there fucking around. In that vain, I bagged some fool trying to start a mail flood from a system he broke into ( a customer of mine that knew he had been hacked). It kind of blew my mind, here this guy spent hours cracking around, found his way into the mail server (which was an NT machine) just to blast dumb & lame porno all over the place. (Happened to me in March - I left SATAN running at work over a weekend and as soon as I got on the windows box in my office a flood of shit started going out to the last person I mailed, which luckily was Jep, it was the samething lame porn and a ton of it, but I left my ass wide opened by leaving SATAN's fat neon sign on and not isolating the work station I was running SATAN on from my other machine, at least I isolated myself from the rest of Arrowsmith's network (which was the worst setup I've ever seen - but that's another story)). Hope Reef didn't get too traumatized by the Federales. Maybe you could sue the government for the stress induction as Reef's guardian?? Catch you soon and if not before - Happy New Years Regards, Stu