The Sober Virus Returns! A wave of far-right German, political-party propaganda choked millions of e-mail inboxes around the world over the weekend, delivering racist messages along with a dirty payload. The Sober.q virus was first spotted Sunday as it quickly crossed the globe, blasting e-mail addresses found on infected PCs. Most of the political rhetoric contained links to news stories and content with approximately 72 varying subject lines, according to security firm MessageLabs. The payloads quickly turned infected PCs into spam-generating machines, launching the propaganda from thousands of hosts. The virus, which was sent an estimated 10 million times during the first few days of attacks, has since slowed, and the risks have been downgraded to "medium" by most security firms, including McAfee. "

Most of the mail contains a single URL directing recipients to a range of online articles in reputable German newspapers and magazines promoting political messages with right-wing tendencies, according to Stephen White, Head of Anti-

Spam Technical Operations for MessageLabs. "This latest attack by the Sober author is comparatively sophisticated and has obviously been well planned," White said. "It appears that previously unexploited networks of machines were infected with earlier incarnations of the Sober worm." The timing of the attacks coincides with last week's celebrations of the 60th anniversary of the end of World War II. Many of the 72 variations of the e-mail refer to "war-related" political messages, such as the Allied bombing of Dresden in 1945. The spam also included links to the German Web sites for the far-right National Democratic Party. The Sober virus has now had over 20 incarnations, the most recent coming earlier this month when scammers began gearing up for the 2006 World Cup, to be held in Germany, by sending millions of virus-carrying e-mails advertising ticket confirmations for the matches. Other messages sent in Sober.q contain racist rants in both English and German against allowing Turkey into the European Union.

Story By Ccucu

Websense warns of new cyber attack that holds files hostage A hacker encrypts files on a user's computer, then demands money to decrypt them

A hacker has apparently found a way to encode computer files and hold them hostage until the intended victim pays for a decoder tool to unlock the files. The original infection occurs when the user visits a malicious Web site that exploits a vulnerability in Microsoft Corp.'s Internet Explorer Web browser, according to San Diego-based Websense Inc., which uncovered the extortion attempt. "We had a report from the field, but [we] do not divulge what our source for that is," said Dan Hubbard, senior director of security and research at Websense. "What happened was after doing some forensics on the actual computer that was infected, we noticed that the user visited a Web site that has since been shut down. And the site, through an Internet Explorer vulnerability, downloaded some code onto the machine and ran it without user intervention."

Hubbard said the sole purpose of the infection was to go to a second Web site and download another piece of code. "So first the Trojan [horse] downloader infected the machine, then the downloader went to a second Web site and downloaded the new code and then started its process," Hubbard said. "It goes through and looks at your hard drive for around 12 different file types, including documents, photos, databases, Zip files and spreadsheets, and if it matches those file types, it actually encodes the data." According to Hubbard, the malware goes through all drives on a machine, whether they're removable or not, and at the end of the process deletes itself -- leaving behind a text file with instructions on who to contact to have the files changed back to a readable format. "In this particular case, the end user did contact the third party, and there was a request to deposit $200 in an E-Gold account, but that did not happen," he said. Instead, Joe Stewart, a senior security researcher at Lurhq Corp. in Chicago, looked into the case after hearing about it and contacted Websense with a solution. "I took a look at the encryption scheme and found that it was a pretty trivial and easy to break encryption scheme," Stewart said. "So I wrote a decryptor for that and put that information out there for our customers -- to tell them that if they get hit by this, we can decrypt it and you don't have to pay this guy ransom." That solution might not work next time, experts said.

Although this hacker used a weak form of encoding, someone in the future could use a much more sophisticated level of encryption, Hubbard said. Or a hacker could remove the files or transfer them to another location and try to extort money for their return, he said.

"This was not a very sophisticated technique, although it was a fairly ingenious idea," Hubbard said. Stewart agreed. "If this evolves, and the person keeps getting more and more money from it -- and if they see the need for more advanced encryption -- they could put it in, and we wouldn't be able to break it," he said. "All we would be able to rely on is getting the key from the original Trojan author, which means you would have to either pay the ransom or law enforcement would have to actually catch the guy and get the key off his hard drive." "It's like someone coming into your house, putting all of your valuables into a safe and not telling you the combination until you pay them," said Oliver Friedrichs, a security manager at Cupertino, Calif.-based Symantec Corp. "It is a disturbing new trend and really a subversive use of cryptography that we haven't seen in the past. In the past, cryptography has been largely used to protect information. In this case, it's being used to hold your information hostage."

Hubbard said the best protection against this type of cyber attack is staying up to date on latest security patches and making sure users have the latest signatures for the security software on their computers. "The not-so-obvious is trying to learn about these types of things ... and to know where to go if something does happen," Hubbard said.

Story By Ccucu

McAfee Seeks VirusScan 10 Testers

Security software maker McAfee is readying a slew of betas for the second half of 2005. Among the tests is the 10.0 release of McAfee's flagship VirusScan that improves instant messenger scanning, alerts for malicious scripts and worm-like activity, Windows Explorer integration, and Microsoft Outlook integration.

McAfee Personal Firewall Plus 7.0, McAfee SpamKiller 7.0 and McAfee AntiSpyware 2.0 are also currently in beta. McAfee Privacy Service 8.0 and McAfee QuickClean 6.0, meanwhile, are on the docket for mid-June. Testers may participate by visiting McAfee's Beta Program Web site. Some incentives to test the software include free licenses and an iPod Shuffle giveaway.

Story By LostJohn

Hong Kong hits spammers where it hurts Hong Kong is to implement tough anti-spam laws to combat companies that send unsolicited emails.

The new law will also cover companies that send unsolicited faxes, phone calls and text messages.

However Yahoo News reported "manually made cold calls" will still be allowed to aid normal business practice.

The law, expected next year, has been crafted after a consulting period with industry groups and mobile operators.

The legislation will follow imminent anti-spam measures in China.

Elsewhere in the region, the phone numbers of 600 Chinese celebrities were posted online last Saturday. According to the Beijing Daily Star, writers, film directors and actors were inundated with calls following the leak, leading to many changing their numbers.

News By Ccucu

Big ISP = Big zombie army Swathes of virus-infected PC's are being hosted on some of the worlds biggest ISP's including AOL, Bellsouth and Verizon.

Analysis of zombie networks by DDoS security company Prolexic showed high profile ISPs are the most likely to harbor compromised machines.

"It isn't surprising, it is these networks that are continually exploited to support large-scale DDoS attacks," said Barrett Lyon, CTO at Prolexic. "Just because a home user subscribes to a reputable brand doesn't mean they're safe from the online criminal fraternity."

Along with AOL, Bellsouth and Verizon, Comcast were criticized. Significantly, EarthLink, another sizeable ISP was not on the list of main offenders.

The report also highlighted major changes in the way that DDoS attacks have been coordinated over the last year, focusing less on layer-3 TCP and hitting weak DDoS mitigation devices.

"We have seen a 100 percent failure rate in several DDoS mitigation devices. Hardware does a poor job in identifying attacks that emulate legitimate traffic. Therefore, enterprises that rely on these devices are particularly vulnerable to this attack vector. Essentially, extortionists are becoming more intelligent and circumnavigating the security put in place to stop them," said Lyon. The report also revealed that Hong Kong is the most infected country per capita. Which may explain the country's spam problem, due to be addressed by upcoming anti-spam legislation.

News By Ccucu

Hacker Hunters

Business week in its May 30 2005 edition publishes a story about the work of the Secret Service (US) in its battle to protect computer users everywhere. The paper publishes a report about how the "Hacker Hunters" is using new computer technology and on-line wiretaps (and a bit of good old fashioned social engineering) as well as regular police gumshoe tactics to penetrate and bring down a hacker equivalent of mafisto crime.

http://www.businessweek.com/magazine/content/05_22/b3935001_mz001.htm

This is a good read. Something everyone in both the white and grey hat communities should read and pass on to all of your contacts."

I came onto this story while scanning Groklaw. http://www.groklaw.net/index.php

The story has a number of interesting sub scripts, the main story of how the criminal gang known as shadowcrew.com; the inside workings of a part

of law enforcement that will touch us all, on both sides of the law, and some other tidbits like the story of the Russian gang that seems immune to legal proceedings.

At the heart of this is a fusion of whitehat workers from many far flung organizations and law enforcement to be the face of the greater good fighting those who would use computers and the internet against us.

At the same time there was one interesting side note that Groklaw pointed out and I put for you here.

"In January, 2004, a new virus called MyDoom attacked the Web site of the SCO Group Inc. (SCOX ), a software company that claimed the open-source Linux program violated its copyrights. Most security experts suspected the virus writer was a Linux fan seeking revenge. They were wrong. While the SCO angle created confusion, MyDoom acted like a Trojan horse, infecting millions of computers and then opening a secret backdoor for its author. Eight days after the outbreak, the author used that backdoor to download personal data from computer owners. F-Secure's Hypponen figured this out in time to warn his clients. It was too late, however, for many others. MyDoom caused $4.8 billion in damage, the second-most-expensive software attack ever.

News By Ccucu

DEFCON 13, July 29-31, Las Vegas, NV 2005, Alexis Park http://www.defcon.org

Capture the Flag, WarDriving Contests, Wi-Fi Contests, TCP/IP Drinking Games, Dozens of quality speeches, Hacker Jeopardy, Spot the Fed, Dunk The Hacker, Coffee Wars, TCP/IP Drinking Contest (w/Mudge), Lock Picking Contests, Scavenger Hunts, and more fun than the feds can fit into a trip report!

News By Ccucu

EliteTorrents shut down by U.S. customs and FBI

EliteTorrents, a well known and one of the most used BitTorrent sites has been shut down today by the Federal Bureau of Investigation and US Immigration and Customs Enforcement. Here is the entire press release... WASHINGTON, D.C. - Acting Assistant Attorney General John C. Richter of the Criminal Division, Homeland Security Assistant Secretary for Immigration and Customs Enforcement Michael J. Garcia, and Assistant Director Louis M. Reigel of the FBI's Cyber Division today announced the first criminal enforcement action targeting individuals committing copyright infringement on peer-to-peer (P2P) networks using cutting EDGE file-sharing technology known as BitTorrent. This morning, agents of the FBI and U.S. Immigration and Customs Enforcement (ICE) executed 10 search warrants across the United States against leading members of a technologically sophisticated P2P network known as Elite Torrents. Employing technology known as BitTorrent, the Elite Torrents network attracted more than 133,000 members and, in the last four months, allegedly facilitated the illegal distribution of more than 17,800 titles-including movies and software-which were downloaded 2.1 million times. In addition to executing 10 warrants, federal agents also took control of the main server that coordinated all file-sharing activity on the Elite Torrents network. Anyone attempting to log on to Elitetorrents.org today will receive the following message:

"This Site Has been Permanently Shut Down by the Federal Bureau of Investigation and U.S. Immigration and Customs Enforcement." "Our goal is to shut down as much of this illegal operation as quickly as possible to stem the serious financial damage to the victims of this high-tech piracy-the people who labor to produce these copyrighted products," said Acting Assistant Attorney General Richter. "Today's crackdown sends a clear and unmistakable message to anyone involved in the online theft of copyrighted works that they cannot hide behind new technology." "Internet pirates cost U.S. industry hundreds of billions of dollars in lost revenue every year from the illegal sale of copyrighted goods and new online file-sharing technologies make their job even easier," said Assistant Secretary Garcia. "Through today's landmark enforcement actions, ICE and the FBI have shut down a group of online criminals who were using legitimate technology to create one-stop shopping for the illegal sharing of movies, games, software and music."

"The theft of copyrighted material is far from a victimless crime," said Assistant Director Reigel of the FBI. "When thieves steal this data, they are taking jobs away

from hard workers in industry, which adversely impacts the U.S. economy. The FBI remains committed to working with our partners in law enforcement at all levels and private industry to identify and take action against those responsible."

Building on the success of Operation Gridlock, a similar takedown announced by federal law enforcement last August that has already led to the felony convictions of three P2P copyright thieves, Operation D-Elite targeted the administrators and "first providers" or suppliers of copyrighted content to the Elite Torrents network. By utilizing BitTorrent, the newest generation of P2P technology, Elite Torrents members could download even the largest files-such as those associated with movies and software-far faster than was possible using more traditional P2P technology. The content selection available on the Elite Torrents network was virtually unlimited and often included illegal copies of copyrighted works before they were available in retail stores or movie theatres. For example, the final entry in the Star Wars series, "Episode III: Revenge of the Sith," was available for downloading on the network more than six hours before it was first shown in theatres. In the next 24 hours, it was downloaded more than 10,000 times. Operation D-Elite is being conducted jointly by ICE and the FBI as part of the Computer And Technology Crime High Tech Response Team (CATCH), a San Diego task force of specially trained prosecutors and law enforcement officers who focus on high-tech crime. Federal and state member agencies of CATCH include the ICE, the FBI, the Department of Justice, the San Diego District Attorney's Office, San Diego Police Department, the San Diego Sheriff's Department, and San Diego County Probation. Operation D-Elite was coordinated and will be prosecuted by the Justice Department's Computer Crime and Intellectual Property Section, with the assistance and support of Computer Hacking and Intellectual Property

(CHIP) coordinators in San Diego and U.S. Attorneys' Offices in Arizona, Illinois, Kansas, Ohio, Pennsylvania, Texas, Virginia and Wisconsin. The Motion Picture Association of America provided valuable assistance to the investigation. Early reports from sites like Slyck.com said the site was hacked but as the day went on, it became clear what had happened. The worst thing about the press release for EliteTorrent users is that it seems to imply that some of the users of the site are also under criminal investigation. Source: FBI

News by Ccucu

Meet the teen who’s teaching policemen how to be ethical hackers Neeraj Pattath is one of an elite group of youngsters bringing cops up-to-date about cyber crime

Mumbai, May 24: NEERAJ Pattath (17) is quite the average teenager. He’s appeared for his SSC exams. He hates math. He loves surfing the Net.

There’s just one major difference. For the last three months, Pattath has been helping teach policemen how to detect and solve cyber crimes at World’s Mumbai Cyber Lab. A joint venture by the National Association

of Software and Service Companies (Nasscom) and the Mumbai Police, the lab was initially meant exclusively for city police officers.

Its staff now also trains everyone from sub-inspectors to additional commissioners of police in Mumbai as well as officers in Thane, Pune and Nashik.

Pattath is the latest—and youngest—in a batch of 15 volunteers aged 17 to 30 that the lab has been using since March 2004.

‘‘It’s strange, but in 2002, I approached the Mumbai Cyber Crime Investigation Cell for a job. They said I should only apply after I’d completed my Std XII and police training. I found that too long-drawn-out and just continued surfing the Net. Today, I train the police.’’ Interestingly, Pattath today is awaiting his class tenth results—his fourth attempt at that.

In his class, policemen aged 35 to 50 first learn how to surf the Net and send e-mail. Each batch of 15 is then given a crash course in how hacking happens and basics like how to trace an e-mail or Internet Protocol (IP) address—all in one seven-day camp.

The course also includes case studies that illustrate and explain various sections of the Information Technology Act, 2002, so the policemen can familiarize themselves with the basics of the legislation.

‘‘Every month, we call in two or three instructors from among these 15. They’re all registered with Nasscom and they help out depending on their schedule,’’ said Nasscom Project Head Vikrant Pawar. ‘‘And with the help of these training sessions, policemen are now in a better

position to register complaints and guide complainants.’’

Though the instructors currently work for free, both the Mumbai Police and Nasscom are working on a proposal to get them on to the payroll.

‘‘But I don’t really mind working gratis,’’ smiles senior volunteer Pritam Kale (25). A rank holder from Matunga’s Veermata Jijabai Technological Institute, Kale admits that many of his classmates are now earning as much as

Rs 30,000 per month. ‘‘But I don’t think their life is half as exciting as mine,’’ he grins.

And the ‘students’ admit they’re enjoying the course. ‘‘I like it so much that I wish I could stay longer,’’ said Inspector Abhay Saigaonkar (45) of the Byculla police station.

‘‘I used to be clueless about cyber crime,’’ added G Neklikar (40) of the Dharavi police station. ‘‘Now, I can guide complainants knowledgeably and even trace e-mail and IP addresses.’’

News by Ccucu

Paris Hilton Hack Started With Old-Fashioned Con Source Says Hacker Posed as T-Mobile Employee to Get Access to Information The caper had all the necessary ingredients to spark a media firestorm -- a beautiful socialite-turned-reality TV star, embarrassing photographs and messages, and the personal contact information of several young music and Hollywood celebrities. When hotel heiress Paris Hilton found out in February that her high-tech wireless phone had been taken over by hackers, many assumed that only a technical mastermind could have pulled off such a feat. But as it turns out, a hacker involved in the privacy breach said, the Hilton saga began on a decidedly low-tech note -- with a simple phone call. Computer security flaws played a role in the attack, which exploited a programming glitch in the Web site of Hilton's cell phone provider, Bellevue, Wash.-based T-Mobile International. But one young hacker who claimed to have been involved in the data theft said the crime only succeeded after one member of a small group of hackers tricked a T-Mobile employee into divulging information that only employees are supposed to know. The young hacker described the exploit during online text conversations with a washingtonpost.com reporter and provided other evidence supporting his account, including screen shots of what he said were internal T-Mobile computer network pages. Washingtonpost.com is not revealing the hacker's identity because he is a juvenile crime suspect and because he communicated with the reporter on the condition that he not be identified either directly or through his online alias.

A senior law enforcement official involved in the case said investigators believe the young hacker's group carried out the Paris Hilton data theft and was also involved in illegally downloading thousands of personal records from database giant LexisNexis Inc. The source asked not to be identified because of his role in this and other ongoing investigations. A third source, a woman who has communicated with the hacker group's members for several years, also confirmed key portions of the young hacker's story and said she saw images and other information downloaded from Hilton's T-Mobile account hours before they were released on several Web sites. T-Mobile declined to comment on the details of the hacker's account of the Paris Hilton incident, saying through a spokesman that the company cannot discuss an ongoing investigation. The spokesman said the company "will work with federal law enforcement agencies to investigate and prosecute anyone that attempts to gain unauthorized access to T-Mobile systems." Getting Access In the months leading up to the Hilton incident, the hacker group freely exploited a security glitch in the Web site of wireless phone giant T-Mobile, according to the hacker, who described himself as the youngest member of the group. The group had found that a tool on the T-Mobile site that allowed users to reset their account passwords contained a key programming flaw. By exploiting the flaw, the group's members were able to gain access to the account of any T-Mobile subscriber who used a "Sidekick," a pricey phone-organizer-camera combination device that stores

videos, photos and other data on T-Mobile's central computer servers. The hackers could only exploit the Web site vulnerability if they actually knew a Sidekick user's phone number. The loose-knit group had grown bored of using the flaw to toy with friends and acquaintances who owned Sidekicks and decided to find a high-profile target, one that would ensure their exploits were reported in the press, the young hacker said. They ultimately settled on Hilton, in part because they knew she owned a Sidekick; Hilton had previously starred in a commercial advertising the device. The group's members --- who range in age from their mid-teens to early 20s -- include a handful of "AOLers," a term used in hacker circles to describe youths who honed their skills over the years by tampering with various portions of the network run by Dulles, Va.-based America Online Inc. Four members of the group have all met face-to-face, but as with most hacking groups, the majority of their day-to-day interactions took place online. Before gaining access to Hilton's wireless phone account, the group had spent a year studying weaknesses in T-Mobile's Web sites. The group member interviewed for this story had already written a simple computer program that could reset the password for any T-Mobile user whose phone number the hackers knew. According to the young hacker's account, the Hilton caper started the afternoon of Feb. 19, when a group member rang a T-Mobile sales store in a Southern California coastal town posing as a supervisor from T-Mobile inquiring about reports of slowness on the company's internal networks.

The conversation -- which represents the recollection of the hacker interviewed by washingtonpost.com -- began with the 16-year-old caller saying, "This is [an invented name] from T-Mobile headquarters in Washington. We heard you've been having problems with your customer account tools?" The sales representative answered, "No, we haven't had any problems really, just a couple slowdowns. That's about it." Prepared for this response, the hacker pressed on: "Yes, that's what is described here in the report. We're going to have to look into this for a quick second." The sales rep acquiesced: "All right, what do you need?" When prompted, the employee then offered the Internet address of the Web site used to manage T-Mobile's customer accounts -- a password-protected site not normally accessible to the general public -- as well as a user name and password that employees at the store used to log on to the system. To support his story, the hacker provided washingtonpost.com with an image of a page he said was from the protected site. T-Mobile declined to comment on the screenshot, and washingtonpost.com has no way to verify its authenticity. Inside the Walls The hackers accessed the internal T-Mobile site shortly thereafter and began looking up famous names and their phone numbers. At one point, the youth said, the group harassed Laurence Fishburne, the actor perhaps best known for his role in the "Matrix" movies as Morpheus, captain of the futuristic ship Nebuchadnezzar.

"We called him up a few times and said, 'GIVE US THE SHIP!'" the youth typed in one of his online chats with a reporter. "He picked up a couple times and kept saying stuff like YOUR ILLEGALLY CALLING ME." Later, using their own Sidekick phone, the hackers pulled up the secure T-Mobile customer records site, looked up Hilton's phone number and reset the password for her account, locking her out of it. Typical wireless devices can only be hacked into by someone physically nearby, but a Sidekick's data storage can be accessed from anywhere in T-Mobile's service area by someone with control of the account. That means the hackers were at that point able to download all of her stored video, text and data files to their phone. "As soon as I went into her camera and saw nudes my head went JACKPOT," the young hacker recalled of his reaction to first seeing the now-public photos of a topless Hilton locked in an intimate embrace with a female friend. "I was like, HOLY [expletive] DUDE ... SHES GOT NUDES. THIS [expletive]'s GONNA HIT THE PRESS SO [expletive] QUICK." The hackers set up a conference call and agreed to spread the news to several friends, all the while plotting ways to get the photos up on various Web sites. Kelly Hallissey, a 41-year-old New York native who has been in contact with the group of hackers for several years, said the group's members showed her evidence that they had gained access to Hilton's phone during these early hours -- before the images made their way online. By early Feb. 20, the pictures, private notes and contact listings from Hilton's phone

account -- including phone numbers of celebrities such as Cristina Aguilera, Eminem, Anna Kournikova and Vin Diesel -- had appeared on GenMay.com (short for General Mayhem), an eclectic, no-holds-barred online discussion forum. Within hours of the GenMay posting, Hilton's information was published on Illmob.org, a Web site run by 27-year-old William Genovese of Meriden, Conn., known online as "illwill." (The FBI charged Genovese in November with selling bits of stolen source code for Microsoft Windows 2000 and Windows NT operating systems.) By Monday morning, dozens of news sites and personal Web logs had picked up the story, with many linking to the illmob.org post or mirroring the purloined data on their own. Hallissey, who describes herself as a kind of "den mom" to a cadre of budding hackers, confirmed that the teenage source has been engaged in various hacking activities for several years. Hallissey met a slew of the hacker group's members after a three-year stint during the 1990s as one of thousands of people who helped AOL maintain its online content in exchange for free Internet access and various other perks. Hallissey has since joined a still-active wage lawsuit against AOL and maintains www.observers.net, a Web site critical of the Dulles-based company. Hallissey said her sense of privacy has been erased gradually over the past two years as a result of her association with a number of AOLers who playfully bragged to her about their success with social engineering. They showed her online screen shots of her water, gas and electric bills, her Social Security number, credit card balances and credit ratings, pictures of her e-mail inbox, as well as all of her

previous addresses, including those of her children. "This was all done not by skilled 'hackers' but by kids who managed to 'social' their way into a company's system and gain access to it within one or two phone calls," said Hallissey, who asked that her current place of residence not be disclosed. "Major corporations have made social engineering way too easy for these kids. In their call centers they hire low-pay employees to man the phones, give them a minimum of training, most of which usually dwells on call times, canned scripts and sales. This isn't unique to T-Mobile or AOL. This has become common practice for almost every company." AOL officials declined to comment about the young hacker or other "AOLers" for this story. The Weakest Link Security experts say the raiding of Hilton's wireless account highlights one of the most serious security challenges facing corporations -- teaching employees to be watchful for "social engineering," the use of deception to trick people into giving away sensitive data, usually over the phone. In his book "The Art of Deception," notorious ex-hacker Kevin Mitnick says major corporations spend millions of dollars each year on new technologies to keep out hackers and viruses, yet few dedicate significant resources to educating employees about the dangers of old-fashioned con artistry. "The average $10-an-hour sales clerk or call-center employee will tell you anything you want, including passwords," Mitnick said in a telephone interview. "These

people are usually not well-trained, but they also interact with people to sell products and services, so they tend to be more customer-friendly and cooperative." During his highly publicized hacking career in the 1990s, Mitnick -- who spent four years in prison and now works as a computer security consultant -- broke into the computer networks of some of the top companies in the technology and telecommunications industries, but rarely targeted computers systems directly. Rather, he phoned employees and simply asked them for user names, passwords or other "insider" data that he could use to sound more authentic in future phone inquiries. "This kind of thing works with just about every mobile carrier," Mitnick said. He said all of the major wireless carriers -- not just T-Mobile -- are popular targets for social engineering attacks. Mitnick said he knows private investigators who routinely obtain phone records of people they are investigating by calling a sales office at the target's wireless carrier and pretending to be an employee from another sales office. Mitnick described how an investigator will claim to have the customer they're investigating in the store, but can't access their data because of computer trouble. Then the investigator asks the sales representative at the other store to look up that person's password, account number and Social Security number. In many cases the employee provides the information without verifying the caller's identity. Armed with that data, he said, investigators usually can create an account at the wireless provider's Web site and pull all of the target's phone records.

Large organizations that maintain numerous branches around the country are especially susceptible to social engineering attacks, said Peter Stewart, president of Baton Rouge, La.-based Trace Security, a company that is hired to test the physical and network security for some of the most paranoid companies in the world: banks. More often than not, Stewart says, his people can talk their way into employee-only areas of banks by pretending to be a repairman or just another employee. In most cases, the break-in attempts are aided by information gleaned over the phone. "Usually your corporate headquarters are more stringent and things get more lax the further away from there you get," Stewart said. "The larger you are as a company the more likely it is that you're not going to know everyone by name, and lots of companies have no policy in place of verifying who's calling you and how to respond to that person." 'Web Security 101' Social engineering can be difficult to counter, but the now-infamous Paris Hilton attack follows other recent serious T-Mobile security breaches engineered by hackers. On Feb. 15, Nicolas Jacobsen, 22, of Santa Ana, Calif., pleaded guilty to compromising a T-Mobile Web server that granted access to hundreds of wireless accounts. He faces a maximum of five years in jail and a $250,000 fine at a sentencing hearing originally scheduled for mid-May. Jacobsen was arrested last fall by the U.S. Secret Service as part of a large-scale investigation into an international online credit card fraud ring. According to court records, Jacobsen had hijacked hundreds of T-Mobile accounts, including a mobile phone belonging to a then-active Secret

Service agent. Jacobsen had posted to an online bulletin board that he could be hired to look up the name, Social Security number, birth date, and voice-mail and e-mail passwords of any T-Mobile subscriber. T-Mobile later alerted 400 customers that their e-mails, phone records and other data had been compromised as a result of that break-in. The court files don't give details about how it happened, but Jack Koziol, a senior instructor for the Oak Park, Ill.-based InfoSec Institute, said the intruder likely took advantage of security flaws in the company's Web servers. Koziol conducted an informal audit of T-Mobile's site in March and uncovered hundreds of pages run by Web servers vulnerable to well-known security flaws, he said. "It's pretty amazing how poorly secured their Web properties are," said Koziol, whose company offers training to corporate, law enforcement and government clients on the latest techniques and tactics used by hackers. "Most of these flaws are simple Web Security 101, stuff you'd learn about in the first few chapters of a basic book on how to secure Web applications." T-Mobile officials declined to say what steps they took to close the security holes identified by the Hilton hackers or how many other accounts may have been hijacked. "T-Mobile has invested millions of dollars to protect our customers' information, and we continue to reinforce our systems to address the security needs of our subscribers," company spokesman Peter Dobrow wrote in an e-mail. "For our customers' protection, we do not publicly disclose the specific actions taken to reinforce our systems."

News By Coldrock

In this issue of "Masters of WareZ", I bring you the man who I admire the most, the man who is like a second father, and, also like a brother to me. So here is WiZzMaster, the man who cracked XP SP 2, before it was officially out, "The King of WareZ". lil' intro about who wizz is... Note: All of You who will read this, should have in mind that this text was written in 4 in the morning, after about 40 hours that I'm awake... How I started: My first interest was more in hacking, in time when there was much less pages about it and it was all in complete underground, 3-4-5 years. That's how I got to xhackers.com, old page filled with hacking tips, ware and dss hacking materials, unfortunately that page doesn't exist anymore, at least not in that sense. There I got active, mostly in warez and cracks sections, and I found some neat peeps there like T, Looper, Phat and few more who are still today around net.. old hackers, who do things in old fashioned, completely ethical way... Quite quickly I became mod there, and that was big thing,

it was big page with almost 20000 members, with paid sections etc. that was like original job, big thing and great honor to work with those neat old guys. We worked together on few projects and later, and I was around warez scene all the time.. when I decided to start running my own pages. First page was wizzwarez.info, which went down and doesn't exist anymore..(IPB took me down, 4 using their board software, pirated, how ironically). Not long after, almost a year ago new project came, wizzworld.info and later wizzworld.org, first my big warez forum and first real quality site. After that, all is history, wareznewsmagazine.com, cracksww.com, speedking.info etc. My ideas: I'd like to start a magazine, online first, meant to serve for education of public... including a lot of How-To's and hints, about fast growing computer technology, written lightly for common users... Educational and guidance oriented for new, less accommodated, and novice users which yet have to fight for their right to survive and become experts and tutors for next generation of PC users... I'd like to start educational, training and motivating camps for talented users, with special accent on creativity and imagination, in creating and developing of new technology solutions, software and tools for easier handling of more and more sophisticated PC machines...

With contests for best works in various fields, solutions and improvement in computer technologies... Offering the short courses inside big and small corporations, handling& creating platforms and systems for new businesses and improving of persisting ones... Help for all, but for a piece of their improvement in jobs, «slice of cake» in their success... Not involving in big ambitious projects, we will sooner or later (ourselves) invent or create something revolutionary... My skills in computing and programming aren't nearly enough for developing of software and other related stuff, but my imagination&small technical knowledge could produce revolution things and innovations in technology... ONLY IF, I find a crew that could put those ideas in numbers... If someone could follow and technically support my ideas, concepts and visions, that should be a winning combination for the whole new solutions in software and technology by all means... Why am I writing all this? My expectations from computers and software already created, are much higher that they can provide for now... Lot of ideas and system solutions are not technically possible yet (far as I know)... Reading this you got to have in mind that I'm not some Sci-Fi freak, dreaming about flying saucers, Star Trek tools that are beyond 90% of people’s imagination... In all, my basic theory is that man (and women) uses so little of their potentials, can

be implicated in every expect of modern thinking and living...

My goal is not to find solution for life on Mars, my idea is to form a group of people who will find solution for that, or at least to make living there less painful as possible... I don't want a Nobel Price for revolutionary invention, I want memorial museum with all improvements in peoples lives, that was result of my small contribution, or in which I participated in some way during my life... Build by all of them who are grateful to me&my crew, for starting and motivating other in creation of something what is yet to be achieved... And first of all, those who learned that anybody can be, and should be creator of its own destiny... That is extremely important, because things are going now and will go further, global situation leads to unknowledgeable, indifference, low interest in own (for You relevant issues) capabilities... Making us slaves of machines, technology and governments more and more dependable on them, rather than to ourselves...

Things meant to be for fun, enjoy and help for everyone, now serve to a few, creating slaves of people who aren't prepared for changing their «way of life»... It's about time for human kind to take control in human-machine (sort of contest) war, in which more that we are developing technology, we are less capable to have complete control over it... We will learn how to handle it, or it will start to handle us... In first reactions I expect laughter and public judgment for (in some way) my critics about people and their lives, but time and history shows that only thing which could bring our persistence in question, is something what we will produce... Something we will create, too good and better than it should be... That something will one day make decisions about our purpose and reason (or what benefit is from us) we are here at all... This discussion now goes in 2 ways: Each story on its own bases, means and developments prospects, leads and goes in a wrong way... 1. Story: Genetic Manipulation 2. Story: AI (Artificial Intelligence) Both of stories leads to a point, point where evolution is showing and presenting in most beautiful, and in some brutal (hard to understand) ways... Main Point; Creation on new always have for result that old, less functional model is no longer needed, sooner or later... Having GM & AI on our doorsteps, we should first check are we needing them at

all, or at least until we learn how to manipulate them by all means... Or we should better try to improve ourselves in any possible ways first... Our capability to use about 5% of our brain, speaks enough in my favor... FOR NOW... My advice for newbies: 2 words: ethical hacking. Hack to improve things, not to brake and steal somebody's private property, find and learn new skills which all are going to benefit from.

Article by WiZzMaster

The Anonymity Tutorial Note: whenever you see something like this: blah(1) it means that if you don't understand the meaning of the word blah there's an explanation for it just for you, located on the newbies corner on section 1. Note 2: if you're having a hard time reading this page because you have to scroll to the right whenever a long line comes, it's probably because you're not using "word wrapping". Most UNIX text editors and advanced Windows editors (and some less advanced ones like WordPad) do this by themselves. To do word wrapping on Microsoft Notepad, simply go to Edit and then click on "Word wrapping". Disclaimer We do not encourage any kinds of illegal activities. If you believe that breaking the law is a good way to impress someone, please stop reading now and grow up. There is nothing impressive or cool in being a criminal. Contents Anonymity? * You mean I have absolutely zero anonymity on the web? * So what? Why would I wanna be anonymous anyway? * Okay, I see your point. Anonymize me. Proxies? * What are proxies? * What are public proxies? * Where can I find lists of public proxies? * Are they good for anything besides anonymity? * Okay, so how do I use them? Wingates? * What are Wingates?

* How can I use them to anonymize myself? * Wingates sound useful. I wanna run one on my own computer. How do I do it without turning it into an "anonymity hive"? * How can I tell IRC clients, instant messengers such as ICQ, etc', to use them? Anonymous Remailers? * What is an anonymous remailer? * How can I use them to be more anonymous? * Why would a person start an anonymous remailing service? Where's the catch? Encryption? * Why should I encrypt my Email? * How can I encrypt my Email? Cookies? * What are cookies? * Can they risk my privacy? .chk files? * What are they? * How can they risk my privacy? The Anonymizer? * What is the anonymizer? * How can I sign up? Where can I learn more about anonymity? * Useful URLs. * Other useful tutorials by Black Sun. Appendix A: Using AltaVista as a "proxy" * How can I use AltaVista’s web translation service to anonymize myself? Appendix B: Spoofing browser history * How can I spoof my browser's history? Appendix C: the +x mode

Bibliography * http://www.theargon.com * Anonymizer.com * Various tutorials Other Tutorials By Black Sun * FTP Hacking. * Over clocking. * Ad and Spam Blocking. * Send mail. * Phreaking. * Advanced Phreaking. * Phreaking II. * IRC Warfare. * Windows Registry. * Info Gathering. * Proxy/Wingate/SOCKS. * Offline Windows Security. * ICQ Security. Anonymity? Whether you realize it or not, the Internet is not as anonymous as you might think. Here are a few examples: 1) You enter a website. Once you hit any one of the files on the web server, the website owners can find out these pieces of information about you, and much more: 1. Your IP Address. 2. Your hostname. 3. Your continent. 4. Your country. 5. Your city. 6. Your web browser. 7. Your Operating System. 8. Your screen resolution. 9. Your screen colors. 10. The previous URL you've been to. 11. Your ISP. And this is just the tip of the iceberg. Go to our homepage at blacksun.box.sk and find the web statistics button (later addition: we

have terminated our account on our web stats provider because they were quite buggy and we've decided to use a php3-based text counter). There you will be able to see how much we can tell about our visitors 2) Another example: you're connected to an IRC network and you are chatting with your friends. Right now all a person needs to find information on you is nothing but your nickname. He doesn't even have to know you, or be in the same channel/channels you are. Here are a few examples of what you can find by simply knowing a person's nickname (in the most optimal conditions): 1. Your real name. 2. Your Email address. 3. Your IP address. 4. Your hostname. 5. Your ISP. 6. Your continent. 7. Your country. 8. Your city. And much much more. The same goes for online games that allow players to view the other players' IP addresses. 3) Suppose my name is Paul Matthews, and my Email address is pmatthews@boring.ISP.net. It is extremely easy to figure out that the first letter of my first name is P and that my last name is Matthews, but that's not all. Some ISPs give their entire listings to web directories. Meaning, people can go to, say... whowhere.com, punch in the words Paul Matthews or search for people with Matthews as their last name on boring.ISP.net and find out that pmatthews@boring.ISP.net does actually belong to Paul Matthews, hence

discovering your real name. But it is also possible to use these web directories for 1,001 uses. Therefore you should go to whowhere.com as soon as possible, try to track down yourself and then tell whowhere.com to delete your listing. 4) Some ISPs also run finger daemons. A daemon is a program that waits for incoming connections on a specific or several ports. The finger daemon is a daemon that waits for open connections on port 79. Once you get in, you need to punch in a username on the system the daemon runs on and you will get tons of information about him. For example: a while ago my ISP was running a finger daemon on their servers (until I forced them to take it off because it was a privacy invasion). Now, suppose you know nothing about me besides my Email address, which is barakirs@netvision.net.il. The first thing you should do is to go to netvision.net.il on port 79 and hope there's somebody there. If there is, you can find the following information by typing in my username, barakirs: 1. My real name. 2. When was the last time I was online. 3. If I'm online right now, since when have I been online. 4. Whether I have new mail or not. And much much more (some finger daemons might give out any pieces of information, such as my home address and phone number). Besides the obvious uses (finding a person's real name and other private information), you can use this information for various purposes, such as: 1. Most instant messengers, such as ICQ, AIM, YAHOO Instant Messenger and MSN

Instant Messenger, allow you to add people in or outside your contact list to an "invisible list", so they won't be able to know whether you're online or not and you'll appear to be offline to them. If they have your Email address, and your ISP is running a finger daemon, they are able to know whether you're really offline or just trying to fool them. 2. Your friend promised you to do something for you on the net, but when you finally go online to ask him if he's done it he says that he just got back from work and that he just got online. Using finger, you can test this and see when he really got online. These were just a little out of many examples. During this tutorial I will explain to you how to prevent people from finding out information about you (there will always be new tricks, but blocking the most basic / common ones will hold off most attackers and make it harder for the more experienced ones). If you really wanna learn how to do these things, as well as some really cool and advanced tricks, then read the 'Info-Gathering' tutorial. Proxies? Proxies were first invented in order to speed up Internet connections. Here's how they work: You are trying to connect to a server on the other side of the planet. Your HTTP requests are sent to your proxy server, which is located at your ISP's headquarters, which are a lot closer to you than that far-away server. The proxy first checks if one of its users has accessed this website lately. If so, it should have a copy of it somewhere on its servers. Then the proxy server starts the connection only to check if his version is not outdated, which only requires him to look at the file size. If it has

the latest version, it will send the file to you, instead of having the far server send it to you, thus speeding up the connection. If not, it will download the requested files by itself and then send them to you. But proxies can also be used to anonymize yourself while surfing the web, because they handle all the HTTP requests for you. Most chances are that your ISP has a proxy. Call tech support and ask them about it. But the problems with proxy access given to you by your ISP is: 1. Some ISPs don't even have proxies. 2. The website owner would still be able to know what ISP you are using and where do you live, since this kind of proxies are not public and they can only be accessed by users of that ISP. For such cases, there is a solution - public proxies. You can find a list of public proxies everywhere. Here are two good URLs to start from:

http://www.theargon.com http://www.cyberarmy.com/lists

To configure your web browser to use a proxy server, find the appropriate dialog box in your settings dialog box (it varies from different browsers). Note: some proxy servers will also handle FTP sessions (some might handle FTP only). Wingates? Wingate is a program that is used to turn a PC running Windows 9x or NT into a proxy server. Here are several reasons for why a person would want to run such an application and turn his computer into a proxy:

1. If he owns an ISP and he wants to set up a proxy for it. 2. If he wants to turn his computer into a public proxy. 3. If he wants to give Internet access to a whole bunch of computers that are connected by a Local Area Network, but he can provide Internet access for only one computer. In that case, he would turn his computer into a proxy server and set all the other computers on the network to use him as a proxy. That way all the rest of the computers on the network will relay their HTTP and FTP requests through a single computer, a single modem and a single Internet account. The problem with Wingates is that they're highly... well... they're very... how should I say this? Stupid. Just plain stupid. Why is that? EVERYONE can connect to your little proxy by simply connecting to port 1080 on your computer and typing 'target-ip-address-or-hostname port' (no quotes) and replace target-ip-address-or-hostname with the IP address or the hostname they want to connect to, and replace port with the destination port. The "wingated" machine will then relay your input through it, but it will seem like the wingated machine is connecting to the target computer, not you. Sure, the sysadmin of the wingated machine can change that port to a different one, but this is the default, and if you're stupid enough to use Wingate you probably won't want to play with the defaults. First of all, if you need to use Wingate for some reason, use SyGate instead. It does exactly what Wingate does, only it won't serve EVERYONE like Wingate does. Now, these Wingates can be used to anonymize practically anything. Also, every program that can be set to run behind a SOCKS firewall (most IRC clients, most

instant messengers and most web browsers) will automatically do the dirty work of routing your stuff through it if you'll give them the IP/hostname and the appropriate port for the wingated machine. Wingates can also be used to get into IRC channels you got banned from (by faking your IP). WARNING: some IRC networks run bots that will kick out people using Wingates. These bots try to connect to random people on port 1080. If they succeed, they kick you out. This works because the IRC network, as well as everyone on it, thinks that your IP is the wingated machine's IP. If the bot tries to connect to your IP on port 1080, it will actually go to the wingated machine. The bot will then detect that your IP is actually a Wingate and kick you off (since it's being run by the IRC network and given enough privileges to kick out anyone). You can find lists of Wingates at http://www.cyberarmy.com/lists. There are also tons of Wingate scanners out there that can scan whole subnets and look for Wingates, but this might take some time (and make your ISP get suspicious), so you'd just better go for Cyber Army’s lists. Anonymous Remailers? Previously I have demonstrated to you what a person with very little knowledge can find out about you just by knowing your Email address. Now it is obvious that to keep your privacy, you need to sign up for a free Email account (such as Hotmail [hotmail.com], Yahoo mail [mail.yahoo.com], ZDNet Mail [zdnetmail.com], Net @dress [netaddress.com], Bigfoot [bigfoot.com] etc'). But what if you had a special Email address on a free server that automatically forwards all incoming Email to your real

mailbox and keeps all the information discreet? These are called Anonymous Remailers. Most of them are free and live out of contributions and/or sponsor banners they place on their website. You can find many many Anonymous Remailers at http://www.theargon.com. Here's a good example for an Anonymous Remailer: First, head to http://anon.isp.ee (by the way, the extension .ee stands for Estonia) and sign up your free account. Once you're a registered user, send an Email to robot@anon.isp.ee with no subject and the following content: user: your username pass: your password realaddr: your recipient's Email address. realsubj: the subject of your mail. Example: if I want to send an anonymous mail containing the following: Subject: ANONYMITY RULEZ!! Hi. This is an anonymous Email message. Let's see you trace me now! to bgates@microsoft.com, and your username is user and your pass is pass, send the following Email to robot@anon.isp.ee (remember not to enter a subject): user: user pass: pass realaddr: bgates@microsoft.com realsubj: ANONYMITY RULEZ!! Hi. This is an anonymous Email message. Let's see you trace me now! You'll receive an Email notification from anon.isp.ee once your message has been delivered.

Once your recipient will reply to this Email, the message will return to you. You can also use web-based anonymous remailers such as Replay Associates (replay.com/remailer/anon.html), but it won't let you receive replies. Encryption? Everyone can read your Email. Whether it's some script kiddie who hacked your Hotmail account, a skilled cracker (or a script kiddie with a lot of free time) that hacked your POP3 mailbox or a person who got your Email by mistake. If you don't want other people to read your Email, use PGP. Everyone who uses PGP can have their own PGP key. A key consists of tons of characters, whether they are lowercase or uppercase letters, number or symbols. After you make your key, you need to transfer it to everyone you want to send encrypted mail to. Once they have it, you can start sending encrypted mail to them and they'll be able to use your key to decrypt it. More info on www.pgpi.com. Note: PGP is very strong and can only be broken with giant supercomputers. The longer your key is, the harder it is to break the encryption. Cookies? Have you noticed how all those websites on the net are getting "smarter" all of a sudden? You know, like the way message boards remember your nickname, some sites remember your password so you won't have to retype it every time, electronic malls remember what you last put in your virtual shopping cart etc'. This is all because of cookies. Cookies are small files which a website can request your

browser to create and then retrieve information from them. Websites can put your password or any other information in these files. If you don't want your co-workers or other people to sniff around and see where you've been visiting, what items you've been buying etc', you should delete them when you don't need them. On Unix, your cookies would usually be stored somewhere in your home directory (usually /home/your-login, /usr/your-login or /usr/local/your-login if you're a regular user and /root if you're root, but anyone with write access to /etc/passwd can change that). On Windows and Mac, cookies are stored on a sub-directory at your browser's directory called cookies. Note 1: you can tell your browser to ask you before accepting a cookie. Just play around with its preferences menu, you'll find it (there are so many browsers out there so I can't give a detailed explanation for every single one). Note 2: if you're browsing from a public computer, do not save any cookies, or other people will be able to snoop around and look at your cookies or even enter various websites with your passwords, your credit card number etc'. A reader called Stone Cold Lyin Skunk has pointed out to me that the cookies.txt file may be found in the netscape\users\default directory. This happens when you register your user (Netscape let's you have multiple users for the same program, each user with his own settings etc') without giving it a username. He also pointed out to me that some websites will require you to accept cookies in order to enter them. Also, he recommended to beware of your browser's history file (information on

removing it can be found on the "Where Can I Learn More About Anonymity?" chapter), as well as your cache and your preferences.js files, because they may reveal your browsing habits (where have you been, etc'). .chk files? Stone Cold Lyin Skunk has pointed out that if you're running Windows and you do a quick reboot (hold down shift while telling Windows to reset) Windows generates a file called FILE0001.chk, FILE0002.chk etc' (usually found on c:\). You will be amazed to see how much information you could find in these files! Delete them ASAP! The Anonymizer? The Anonymizer is an Internet service that helps you anonymize yourself better. The Anonymizer's homepage is www.anonymizer.com. Here's a snapshot from anonymizer.com: Company Overview Anonymizer.com is a pioneer in Internet privacy technologies, and the most popular and trusted name in delivering online privacy services. Anonymizer.com, today, has many thousand subscribers to its paid services and makes anonymous over 7.5 million pages a month. Lance Cottrell, founder and President of Anonymizer.com, authored the world's most secure anonymous remailer, Mixmaster and has been active for many years in promoting free speech. Lance received his undergraduate degree in physics from The University of California, Santa Cruz and a masters in Physics from The University of California, San Diego. Justin Boyan, while a Computer Science Ph.D. student at Carnegie Mellon

University, designed and implemented Anonymizer surfing. Anonymizer Surfing is now in its 4th generation under development by the Anonymizer engineering team. Our Mission Our mission is to ensure that an individual's right to privacy is not compromised once they are online. We began this company as a means to protect this right as embodied in the United Nations' Universal Declaration of Human Rights: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks." While written 50 years ago, article 19 of this document is now more than ever applicable with the advent of the recent growth of the Internet: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers." You can read the full Universal Declaration of Human Rights on the following URL: http://www.unhchr.ch/udhr/lang/eng.htm. You can use The Anonymizer to surf the web with anonymity for free by going to anonymizer.com and typing in the target URL where asked, or buy an Anonymizer package, which will give you more benefits. If you want some of the money you pay to go to Black Sun, subscribe through the following URL: http://www.anonymizer.com/3.0/affiliate/door.cgi?CMid=12437.

If you want, you too can join their affiltrates program. Simply go to http://www.anonymizer.com/3.0/affiliate/afdoor.cgi?CMid=12437 for more information. If you will subscribe through this URL, you will still receive all the cash you deserve, but we at Black Sun will also receive some benefits. Where Can I Learn More About Anonymity? Useful URLs: http://www.theargon.com. http://www.pgpi.com (for learning about PGP encryption and how to use it to encrypt your Emails) IP Spoofing Demystified - a long article from Phrack magazine on IP spoofing (faking your IP). You can download it from our books section. http://www.cyberarmy.com/lists - for lists of Wingates, Proxies and free shell accounts you can surf from to anonymize yourself. http://2waymedia.hypermart.net/hh/browsers/index.htm - how to completely clear your browser's history Other useful Tutorials by Black Sun: IRC Warfare by The Cyber God (for learning more on Anonymizing yourself on IRC), Proxy/Wingate/SOCKS tutorial by Jet and Sendmail by me, R a v e N. Appendix A: Using AltaVista as a proxy If you go to altavista.com, and under their tools section choose translation (or go directly to the following URL: http://babelfish.altavista.com/cgi-bin/translate?), you can ask AltaVista to translate web pages for you. But you can also use this as a proxy, since when you tell AltaVista to translate a web page, AltaVista’s CGI translation script retrieves the page for you. Thanks to Yoink for this information.

Appendix B: Spoofing browser history Here is something I got by Email from a reader called Stone Cold Lyin Skunk: set up a V3 redirect (http://www.v3.com or something like that) then build a quick webpage with a link to the site you want to view discretely then go to your webpage via the V3 redirect all I know is that the URL indicator at the top of the e browser will not show the URL you visit even your own .index page it will only show the URL name so if there is URL logging at your job or school or whatever, they can always surf to your homepage via the V3, which they will have. But, by then, you will have erased or. Or maybe it has "hidden" links (links the same color as the background)... in any case, they will not have your URLs and they certainly won't have proof you surfed there... for instance, you may not want, say, your local library sysop to know about Black Sun...so you set up say, a Homestead homepage (these are great because they feature password protected pages) ...you then set up a V3 redirect to that page. Bingo- you can now surf to the page via V3, log in with your password, hit all those cool hidden links to Black Sun, Cyber Army, peacefire.org what whatever, and the URL snoop software will only record the original http://surf.to/fakeoutname ... and don't forget, make the V3 Ural as

innocuous-sounding as possible...eg. http://surf.to.backetweaving ... Appendix C: the +x mode In IRC, it is possible to put yourself into mode x by typing '/mode yournick +x' (do not include the quotes and replace yournick with your own nick. For example: /mode raven +x). This tells the IRC server to hide your IP, so when others try to /whois you or /dns you, they won't be able to get your IP (they will get a partial IP instead). This will only work on some servers, but when you're on IRC, it is recommended to use this option. Also, there is a way to bypass this. By simply creating a DCC connection with someone else (either a DCC chat or a DCC file transfer), you could then type 'netstat' (without the quotes) on either Unix or Windows/DOS and see what connections your computer is currently handling. One of them will be the DCC connection to that other guy. Why is that? Because DCC stands for Direct Client Communication, which means that DCC actions are not done through the server, but directly (think - why would the owners of the IRC server want people to transfer files through their servers and initiate private chats through their servers? It'll just chew up some bandwidth). The netstat command shows all current connections (local or remote), and one of them will be your DCC connection with that other guy. You will then be able to see his/her IP or hostname. Note: on some networks this is done by typing /mode yournick +z

Appendix D: Anonymity on Usenet Do you post on Usenet regularly? Are you concerned about your anonimity? Then you should go to www.deja.com and sign up for a free account which will let you post anonymously. Nothing will be revealed about you, not even your IP, since deja.com handles the actual posting.

Tutorial by arjuna

How To Become A Hacker What Is a Hacker?

The Jargon File contains a bunch of definitions of the term "hacker", most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term 'hacker'. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music --- actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them 'hackers' too --- and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term 'hacker'.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone

system. Real hackers call these people 'crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word 'hacker' to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved. 2. No problem should ever have to be solved twice. 3. Boredom and drudgery are evil. 4. Freedom is good. 5. Attitude is no substitute for competence.

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you --- for

helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters --- not just intellectually but emotionally as well.

Or, as the following modern Zen poem has it:

To follow the path: look to the master, follow the master, walk with the master, see through the master, become the master.

So, if you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.

(You also have to develop a kind of have to develop a kind of faith in your own learning capacity --- a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and

learn from that, you'll learn enough to solve the next piece --- and so on, until you're done.)2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious -- so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do --- solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible,

not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice --- nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by --- and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing --- they only like 'cooperation' that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence --- especially competence at hacking, but competence at anything is good. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself --- the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

Basic Hacking Skills

The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.

This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following:

1. Learn how to program.

This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.

Java is also a good language for learning to program in. It is more difficult than Python, but produces faster code than Python. I think it makes an excellent second language.

But be aware that you won't reach the skill level of a hacker or even merely a programmer if you only know one or two languages --- you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.

If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.

C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets

that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff --- it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason --- the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor.)

It's best, actually, to learn all five of these (Python, Java, C/C++, Perl, and LISP). Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

I can't give complete instructions on how to learn to program here --- it's a complex skill. But I can tell you that books and courses won't do it (many, maybe most of the best hackers are self-taught). You can learn

language features --- bits of knowledge --- from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.

Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more - and repeat until your writing begins to develop the kind of strength and economy you see in your models.

Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic?

2. Get one of the open-source Unixes and learn to use and run it. I'm assuming you have a personal computer or can get access to one (these kids today have one (these kids today have it so easy :-)). The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes, install it on a personal machine, and run it.

Yes, there are other operating systems in the world besides Unix. But they're distributed in binary --- you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under MacOS or any other closed-source system is like trying to learn to dance while wearing a body cast.

Under OS/X it's possible, but only part of the system is open source --- you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.

Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.)

So, bring up a Unix --- I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.

For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.

To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation. From a new user's point of view, all Linux distributions are pretty much equivalent.

You can find BSD Unix help and resources at www.bsd.org.

I have written a primer on the basics of Unix and the Internet.

(Note: I don't really recommend installing either Linux or BSD as a solo project if you're a newbie. For Linux, find a local Linux user's group and ask for help.)

3. Learn how to use the World Wide Web and write HTML.

Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit is changing the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.

This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)

But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge --- very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).

To be worthwhile, your page must have content --- it must be interesting and/or useful to other hackers. And that brings us to the next topic?

4. If you don't have functional English, learn it.

As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.

This is very true. Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).

Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.

Status in the Hacker Culture

Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.

Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is

why you aren't really a hacker until other hackers consistently call you one). This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (now gradually decaying but still potent) against admitting that ego or external validation are involved in one's motivation at all.

Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity, and the results of your skill.

There are basically five kinds of things you can do to be respected by hackers:

1. Write open-source software

The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.

(We used to call these works 'free software', but this confused too many people who weren't sure exactly what 'free' were supposed to mean. Most of us, by at least a 2:1 ratio according to web content analysis, now prefer the term 'open-source' software).

Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them.

2. Help test and debug open-source software

They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.

If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.

3. Publish useful information

Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.

Maintainers of major technical FAQs get almost as much respect as open-source authors.

4. Help keep the infrastructure working

The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going --- administering mailing lists, moderating

newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.

People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication.

5. Serve the hacker culture itself Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker :-)). This is not something you'll be positioned to do until positioned to do until you've been around for while and become well-known for one of the first four things.

The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.

The Hacker/Nerd Connection

Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being a social outcast helps you stay concentrated on the really important things, like thinking and hacking.

For this reason, many hackers have adopted the label 'nerd' and even use the harsher term 'geek' as a badge of pride --- it's a way of declaring their independence

from normal social expectations. See The Geek Page for extensive discussion.

If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.

If you're attracted to hacking because you don't have a life, that's OK too --- at least you won't have trouble concentrating. Maybe you'll get a life later on.

Points For Style

Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.

• Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the most accomplished ones I know of) are very able writers.

• Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers).

• Study Zen, and/or take up martial arts. (The mental discipline seems similar in important ways.)

• Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.

• Develop your appreciation of puns and wordplay.

The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important; hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice.

Work as intensely as you play and play as intensely as you work. For true hackers, the boundaries between "play", "work", "science" and "art" all tend to disappear, or to merge into a high-level creative playfulness. Also, don't be content with a narrow range of skills. Though most hackers self-describe as programmers, they are very likely to be more than competent in several related skills --- system administration, web design, and PC hardware troubleshooting are common ones. A hacker who's a system administrator, on the other hand, is likely to be quite skilled at script programming and web design. Hackers don't do things by halves; if they invest in a skill at all, they tend to get very good at it.

Finally, a few things not to do.

• don't use a silly, grandiose user ID or screen name.

• don't get in flame wars on Usenet (or anywhere else).

• don't call yourself a 'cyberpunk', and don't waste your time on anybody who does.

• don't post or email writing that's full of spelling errors and bad grammar.

The only reputation you'll make doing any of these things is as a twit. Hackers have long memories --- it could take you years to live your early blunders down enough to be accepted.

The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser.

Tutorial by arjuna

Steps To Deface A Webpage First of all, I do not deface, I never have (besides friends sites as jokes and all in good fun), and never will. So how do I know how to deface? I guess I just picked it up on the way, so I am no expert in this. If I get a thing or two wrong I apologize. It is pretty simple when you think that defacing is just replacing a file on a computer. Now, finding the exploit in the first place, that takes skill, that takes knowledge, which is what real hackers are made of. I don't encourage that you deface any sites, as this can be used get credit cards, get passwords, get source code, billing info, email databases, etc.. (it is only right to put up some kind of warning. now go have fun ;) This tutorial will be broken down into 3 main sections, they are as followed: 1. Finding Vuln Hosts. 2. Getting In. 3. Covering Your Tracks It really is easy, and I will show you how easy it is. 1. Finding Vuln Hosts This section needs to be further broken down into two categories of script kiddies: ones who scan the net for a host that is vuln to a certain exploit and ones who search a certain site for any exploit. The ones you see on alldas are the first kind, they scan thousands of sites for a specific exploit. They do not care who they hack, anyone will do. They have no set target and not much of a purpose. In my opinion these people should either have a cause behind what they are doing, ie. "I make sure people keep up to date with security, I am a messenger" or "I am spreading a political message, I use defacements to get media

attention". People who deface to get famous or to show off their skills need to grow up and realize there is a better way of going about this (not that I support the ones with other reasons ether). Anyways, the two kinds and what you need to know about them: Scanning Script Kiddie: You need to know what signs of the hole are, is it a service? A certain OS? A CGI file? How can you tell if they are vuln? What version(s) are vuln? You need to know how to search the net to find targets which are running whatever is vuln. Use altavista.com or google.com for web based exploits. Using a script to scan ip ranges for a certain port that runs the vuln service. Or using netcraft.com to find out what kind of server they are running and what extras it runs (FrontPage, php, etc..) nmap and other port scanners allow quick scans of thousands of ips for open ports. This is a favorite technique of those guys you see with mass hacks on alldas. Targeted Site Script Kiddie: More respectable then the script kiddies who hack any old site. The main step here is gathering as much information about a site as possible. Find out what OS they run at netcraft or by using: telnet www.site.com 80 then GET / HTTP/1.1 Find out what services they run by doing a port scan. Find out the specifics on the services by telnetting to them. Find any cgi script, or other files which could allow access to the server if exploited by checking /cgi /cgi-bin and browsing around the site (remember to index browse) Wasn't so hard to get the info was it? It may take awhile, but go through the site slowly and get all the information you can. 2. Getting In Now that we got the info on the site we can

find the exploit(s) we can use to get access. If you were a scanning script kiddie you would know the exploit ahead of time. A couple of great places to look for exploits are Security Focus and packetstorm. Once you get the exploit check and make sure that the exploit is for the same version as the service, OS, script, etc.. Exploits mainly come in two languages, the most used are C and perl. Perl scripts will end in .pl or .cgi, while C will end in .c To compile a C file (on *nix systems) do gcc -o exploit12 file.c then: ./exploit12 For perl just do: chmod 700 file.pl (not really needed) then: perl file.pl. If it is not a script it might be a very simple exploit, or just a theory of a possible exploit. Just do a little research into how to use it. Another thing you need to check is weather the exploit is remote or local. If it is local you must have an account or physical access to the computer. If it is remote you can do it over a network (internet). Don't go compiling exploits just yet, there is one more important thing you need to know Covering Your Tracks So by now you have gotten the info on the host in order to find an exploit that will allow you to get access. So why not do it? The problem with covering your tracks isn't that it is hard, rather that it is unpredictable. just because you killed the sys logging doesn't mean that they don't have another logger or IDS running somewhere else. (even on another box). Since most script kiddies don't know the skill of the admin they are targeting they have no way of knowing if they have additional loggers or what. Instead the script kiddie makes it very hard (next to impossible) for the admin to track them down. Many use a stolen or second isp account to begin with, so even if they get tracked they won't get caught. If you don't have the luxury of this then you MUST use multiple wingates, shell accounts, or

trojans to bounce off of. Linking them together will make it very hard for someone to track you down. Logs on the wingates and shells will most likely be erased after like 2-7 days. That is if logs are kept at all. It is hard enough to even get a hold of one admin in a week, let alone further tracking the script kiddie down to the next wingate or shell and then getting a hold of that admin all before the logs of any are erased. And it is rare for an admin to even notice an attack, even a smaller percent will actively pursue the attacker at all and will just secure their box and forget it ever happened. For the sake of argument let’s just say if you use wingates and shells, don't do anything to piss the admin off too much (which will get them to call authorities or try to track you down) and you deleting logs you will be safe. So how do you do it? We will keep this very short and too the point, so we'll need to get a few wingates. Wingates by nature tend to change IPs or shutdown all the time, so you need an updated list or program to scan the net for them. You can get a list of wingates that is well updated at http://www.cyberarmy.com/lists/wingate/ and you can also get a program called winscan there. Now let’s say we have 3 wingates: 212.96.195.33 port 23 202.134.244.215 port 1080 203.87.131.9 port 23 to use them we go to telnet and connect to them on port 23. we should get a response like this: CSM Proxy Server > to connect to the next wingate we just type in it's ip:port

CSM Proxy Server >202.134.244.215:1080 If you get an error it is most likely to be that the proxy you are trying to connect to isn't up, or that you need to login to the proxy. If all goes well you will get the 3 chained together and have a shell account you are able to connect to. Once you are in your shell account you can link shells together by: [j00@server j00]$ ssh 212.23.53.74 You can get free shells to work with until you get some hacked shells, here is a list of free shell accounts. And please remember to sign up with false information and from a wingate if possible. SDF (freeshell.org) - http://sdf.lonestar.org GREX (cyberspace.org) - http://www.grex.org NYX - http://www.nxy.net ShellYeah - http://www.shellyeah.org HOBBITON.org - http://www.hobbiton.org FreeShells - http://www.freeshells.net DucTape - http://www.ductape.net Free.Net.Pl (Polish server) - http://www.free.net.pl XOX.pl (Polish server) - http://www.xox.pl IProtection - http://www.iprotection.com CORONUS - http://www.coronus.com ODD.org - http://www.odd.org MARMOSET - http://www.marmoset.net flame.org - http://www.flame.org freeshells - http://freeshells.net.pk LinuxShell - http://www.linuxshell.org takiweb - http://www.takiweb.com FreePort - http://freeport.xenos.net BSDSHELL - http://free.bsdshell.net ROOTshell.be - http://www.rootshell.be shellasylum.com - http://www.shellasylum.com Daforest - http://www.daforest.org FreedomShell.com - http://www.freedomshell.com LuxAdmin - http://www.luxadmin.org

shellweb - http://shellweb.net blekko - http://blekko.net once you get on your last shell you can compile the exploit, and you should be safe from being tracked. But let’s be even surer and delete the evidence that we were there. Alright, there are a few things on the server side that all script kiddies need to be aware of. Mostly these are logs that you must delete or edit. The real script kiddies might even use a rootkit to automatically delete the logs. Although lets assume you aren't that lame. There are two main logging daemons which I will cover, klogd which is the kernel logs, and syslogd which is the system logs. First step is to kill the daemons so they don't log anymore of your actions. [root@hacked root]# ps -def | grep syslogd [root@hacked root]# kill -9 pid_of_syslogd in the first line we are finding the pid of the syslogd, in the second we are killing the daemon. You can also use /etc/syslog.pid to find the pid of syslogd. [root@hacked root]# ps -def | grep klogd [root@hacked root]# kill -9 pid_of_klogd Same thing happening here with klogd as we did with syslogd. now that killed the default loggers the script kiddie needs to delete themself from the logs. To find where syslogd puts it's logs check the /etc/syslog.conf file. Of course if you don't care if the admin knows you were there you can delete the logs completely. Let’s say you are the lamest of the script kiddies, a defacer, the admin would know that the box has been comprimised since the website was defaced. So there is no point in appending the logs, they would just

delete them. The reason we are appending them is so that the admin will not even know a break in has accord. I'll go over the main reasons people break into a box: To deface the website. - this is really lame, since it has no point and just damages the system. To sniff for other network passwords. - there are programs which allow you to sniff other passwords sent from and to the box. If this box is on an Ethernet network then you can even sniff packets (which contain passwords) that are destine to any box in that segment. To mount a DDoS attack. - another lame reason, the admin has a high chance of noticing that you comprimised him once you start sending hundreds of Mobs through his connection. To mount another attack on a box. - this and sniffing is the most commonly used, not lame, reason for exploiting something. Since you now how a root shell you can mount your attack from this box instead of those crappy freeshells. And you now have control over the logging of the shell. To get sensitive info. - some corporate boxes have a lot of valuable info on them. Credit card databases, source code for software, user/password lists, and other top secret info that a hacker may want to have. To learn and have fun. - many people do it for the thrill of hacking, and the knowledge you gain. I don't see this as horrible a crime

as defacing. as long as you don't destroy anything I don't think this is very bad. Infact some people will even help the admin patch the hole. Still illegal though, and best not to break into anyone's box. I'll go over the basic log files: utmp, wtmp, lastlog, and .bash_history These files are usually in /var/log/ but I have heard of them being in /etc/ /usr/bin/ and other places. Since it is different on alot of boxes it is best to just do a find / -iname 'utmp'|find / -iname 'wtmp'|find / -iname 'lastlog'. and also search threw the /usr/ /var/ and /etc/ directories for other logs. Now for the explanation of these 3. utmp is the log file for who is on the system, I think you can see why this log should be appended. Because you do not want to let anyone know you are in the system. wtmp logs the logins and logouts as well as other info you want to keep away from the admin. Should be appended to show that you never logged in or out. and lastlog is a file which keeps records of all logins. Your shell's history is another file that keeps a log of all the commands you issued, you should look for it in your $ HOME directory and edit it, .sh_history, .history, and .bash_history are the common names. you should only append these log files, not delete them. if you delete them it will be like holding a big sign infront of the admin saying "You've been hacked". Newbie script kiddies often deface and then rm -rf / to be safe. I would avoid this unless you are really freaking out. In this case I would suggest that you never try to exploit a box again. Another way to find log files is to run a script to check for open files (and then manually look at them to determine if they are logs) or do a find for files which have been editted, this command would be: find / -ctime 0 -print

A few popular scripts which can hide your presence from logs include: zap, clear and cloak. Zap will replace your presence in the logs with 0's, clear will clear the logs of your presence, and cloak will replace your presence with different information. acct-cleaner is the only heavily used script in deleting account logging from my experience. Most rootkits have a log cleaning script, and once you installed it logs are not kept of you anyways. If you are on NT the logs are at C:\winNT\system32\LogFiles\, just delete them, nt admins most likely don't check them or don't know what it means if they are deleted. One final thing about covering your tracks, I won't go to into detail about this because it would require a tutorial all to itself. I am talking about rootkits. What are rootkits? They are a very widely used tool used to cover your tracks once you get into a box. They will make staying hidden painfree and very easy. What they do is replace the binaries like login, ps, and who to not show your presence, ever. They will allow you to login without a password, without being logged by wtmp or lastlog and without even being in the /etc/passwd file. They also make commands like ps not show your processes, so no one knows what programs you are running. They send out fake reports on netstat, ls, and w so that everything looks the way it normally would, except anything you do is missing. But there are some flaws in rootkits, for one some commands produce strange effects because the binary was not made correctly. They also leave fingerprints (ways to tell that the file is from a rootkit). Only smart/good admins check for rootkits, so this isn't the biggest threat, but it should be concidered. Rootkits that come with a LKM (loadable kernel module) are usually the best as they can pretty much make you

totally invisible to all others and most admins wouldn't be able to tell they were comprimised. In writting this tutorial I have mixed feelings. I do not want more script kiddies out their scanning hundreds of sites for the next exploit. And I don't want my name on any shouts. I rather would like to have people say "mmm, that defacing crap is pretty lame" especially when people with no lives scan for exploits everyday just to get their name on a site for a few minutes. I feel alot of people are learning everything but what they need to know in order to break into boxes. Maybe this tutorial cut to the chase a little and helps people with some knowledge see how simple it is and hopefully make them see that getting into a system is not all it's hyped up to be. It is not by any means a full guide, I did not cover alot of things. I hope admins found this tutorial helpful as well, learning that no matter what site you run you should always keep on top of the latest exploits and patch them. Protect yourself with IDS and try finding holes on your own system (both with vuln scanners and by hand). Also setting up an external box to log is not a bad idea. Admins should have also seen a little bit into the mind of a script kiddie and learned a few things he does.. this should help you catch one if they break into your systems.

Tutorial by No-Z3r0

Maya Tips & Tricks Do you 3D? If you are into 3D designing, using your free time to mould nurbs and bones into creatures of imagination, or are just starting to enter the world of 3D animation and if Maya is your choice of tool, then this month's Tips & Tricks should give you some insight. To reduce clutter in the Channel box Select Object and then go to Window> General Editor> Channel Control. Select the channels that are of no use to your current object. Click on Move to transfer them to the Non Keyable attributes. Also, look out for the NonKeyable attributes such as Shear, Ghosting, etc, which you can transfer to the Keyable attributes using the Move button. To revert back to selections Go to Create> Sets> Quick Selection Sets and name the selection. Next, go to Edit > Quick Select Set or type in the name in the sel box, on the status line. This comes in handy when you have to revert back to selected vertices in a very complex mesh. Use the Lasso tool or go to Edit > Paint Selection Tool, to make Selections Things to remember while making Polygonal Models Keep A Check on Your Polygonal Count, Go to Display> Heads Up Display> Poly Count On to do so. Make a polygon smooth proxy by going to Polygon > Smooth Proxy. In case Of symmetrical characters or models, model only one Half, and when complete, mirror the other half. Do this by going to Polygon> Mirror Geometry. Here,

choose the respective axis and select Mirror. You can also opt to ‘Merge the Vertices’ at this time. Rig This Low Poly model, and keep checking the skinning results or the Outputs on the hiRes model or the Smooth Proxy. Keeping them, the LowPoly and the HiPoly, on two different layers is usually helpful in case of large scene files, and also when you have to edit the vertices— the fewer the better. Nurbs at render time To get rid of the jagged edges at render time on your oh-so-smooth nurbs, go to Attribute Editor and drop down Tessellation. Check the Display Tessellation box and then increase the ‘Curvature Tolerance’ by simply using the drop down menu. You can further increase the U and V divisions factor. You can also type in a higher value. This increases the mesh count at render time, thereby outputting smoother geometry. Smoothing weights It gets a bit unnerving to keep rotating the joints, or moving the IKs, each time, to check the influence of the joints and their weights on your skinned character. Instead, simply animate the joints at their extreme positions, Set one key at bind pose at frame 0 and another key at any other pose at frame 50 for instance. Now, compare or adjust the weights as you scrub along the timeline. Freezing joint orientation Maya 5 lets you freeze the local joint rotation axes to match world space. To do so, go to Modify > Freeze Transformation

and turn on the Orient option. If this option is turned off, the local joint rotation axes are not affected by Freeze Transformation. IK/FK blending It lets you apply keyframe animation to joints and also control them with Inverse Kinematics( IK) animation. In addition to blending IK and Forward Kinematics (FK) animation over multiple frames, a blend can occur over a single frame. Blending over a single frame switches IK to FK or FK to IK instantly. Intensity curves and color curves Use a custom brightness decay rate to increase a spotlight's brightness, or a custom color decay rate to change its color with distance. Intensity curves and color curves are graphical representations of a light's brightness and color with distance. Use the graph editor (Windows > Animation Editor), to view them. The vertical axis represents the intensity or color intensity value, and the horizontal axis represents distance from the light source. Intensity curves and color curves are similar to animation curves, except that the horizontal axis of an animation curve represents time. RampShader brightness Use this Shader Type to create cartoon-style shading with the help of a ramp with stepped values. The right side of the ramp shows the color output where the brightness of the diffused and translucent lighting is 1.0 or greater. The left side displays the color with the brightness set to zero.

WINDOWS XP.

OPERATING SYSTEM. Clearing Document list The Start menu, in Windows XP, has been completely revamped and made extremely customizable. If you want the Start menu to display only certain applications, right click in an empty section of the Start menu's left column and select Properties > Start menu > Customize. Then, go to the General tab, click on Clear List, and set the counter to zero. Now no one can keep track of the programs or applications you've recently used.

Speedup the Start menu

The Start menu takes quite a while to display the list of programs installed. In order to get Windows XP to display the list faster, you will have to edit the registry settings. To speed up your Start menu, go to Start > Run and type regedit. This will open the registry window. Then navigate to the following key: HKEY_CURRENT_USER\Control Panel\Desktop. Scroll down in the right panel and double-click on 'menu show delay'. In the Value Data box, change the default value for the menu speed from 400 to a lesser number, such as 1 or even 0. Click OK. You should now find a significant increase in the Start menu speed. Note: Remember to back up your registry before making any changes.

Switching users

Windows XP allows you to switch users, without actually quitting programs and logging off. To make use of this, go to Start > Log off. You will be greeted with an option of 'switching user' wherein another user can log on without you having to quit your programs.

Modifying visual settings

If you have only 128 MB RAM, your machine might be a bit sluggish after installing Windows XP. So to achieve optimal performance without buying additional RAM, disable certain visual settings and free up some precious memory. Go to the Control Panel > system > Advanced, and click on the Settings button under Performance. Change various graphical effects, and ensure that the animation and shadow options are unchecked, as they tend to consume a lot of memory. You should get a better response from your operating system, without spending any money on RAM.

Enabling/disabling Clear Type text

Microsoft has introduced a new technology called 'Clear Type' with Windows XP. However, it is not enabled by default. To enable it, right click on a blank area of the Desktop, and choose Properties. Click on the Appearance Tab, and then click on Effects. Check the 'Use following method to smooth edges of screen fonts' option and then choose as per your monitor. For desktop monitors choose the 'Standard' option, and for laptops and other flat screen monitors, choose Clear Type. This option improves the readability of large screen fonts.

The 'Classic Look'

If you are not comfortable with the new look of Windows XP, you can easily switch back to the old classic Windows look. Right click the desktop, select Properties, click the Themes tab and choose Windows Classic from the drop-down list. You will now have the old Windows 2000 look.

Grouping/ungrouping taskbar items

Try opening more than three windows of any program, such as Internet Explorer, and you will see them automatically grouped together under a single button. This happens because Windows XP, by default, enables the option of grouping similar programs. To uncheck this option, right click on a blank area of the Taskbar and select Properties. Under Properties, deselect 'Group Similar Taskbar Buttons', and then click OK. If you want to change the number of windows that can be opened, without grouping, you will have to change a registry entry. Go to Start > Run and type regedit, and press [Enter]. Navigate to the key to KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Taskbar Groupsize. Right click on 'Taskbar Groupsize', and change the hexadecimal value to whatever you like-for example, 4, 5 or even 10. XP will now group the programs according to the number you set.

Hiding inactive icons

Windows XP automatically hides inactive icons in the System Tray. If you so wish, you can disable this option by right clicking on the Taskbar, choosing Properties, and disabling the 'Hide Inactive Icons' option. You can specify the ones you would like to be not hidden.

Disabling Automatic Windows Update and System Restore

There are certain services, such as Windows Update and System Restore, which load automatically and occupy a lot of space. If you want to disable them, right click on My Computer and choose Properties. Click on the System Restore tab and check the box 'Turn off System Restore'. This will increase Windows performance and save disk space. Just next to the 'System Restore' option, you will find the 'Automatic Update' option. This option will periodically ask you to update the OS. You can go ahead and disable this, but remember that you will have to update Windows manually after applying this option, and there will be no further reminders.

Change the picture on the welcome screen

Want to add your own picture in the Startup menu? Go to Start > Control Panel > User account and click on the user name. There you will see an option to change the picture on the welcome screen. On clicking it, you will see an option from which you can select the picture already present or you can browse to the folder where you've saved your photograph.

How to prevent Windows Messenger from running on a Windows XP-based computer

Use the Group Policy (gpedit.msc) snap-in to turn on the Do not allow Windows Messenger to be run option.

Notes

•

To use the Group Policy snap-in, you must be logged on to the computer using an account that has administrator permissions.

•

This method prevents programs that use the Messenger APIs from using Windows Messenger. Microsoft Outlook 2002, Microsoft Outlook Express 6, and the Remote Assistance feature in Windows XP are examples of programs that use these APIs and that depend on Windows Messenger.

To turn on the Do not allow Windows Messenger to be run option, follow these steps:

1.Click Start, click Run, type gpedit.msc, and then click OK.

2.

In Group Policy, expand Local Computer Policy, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then expand Windows Messenger.

3.

Double-click Do not allow Windows Messenger to be run, and then click Enabled.

4. Click OK.

5. On the File menu, click Exit to quit the Group Policy snap-in.

Monitors (CRT/LCD) One of the most 'visible' piece of computer peripheral which helps you visualize what you are doing with your computer is the Monitor. This month we answer some of the most common queries about it, which you may have at the back of your mind since a long time. 1) I see a dot on the LCD screen that is different in colour from the rest? This dot is a dead pixel. Normally, dead pixels emit the colour in whose mode they get stuck, or appear black. Up to three dead pixels are permitted when performing an LCD quality check—more than that calls for a monitor rejection. 2) My graphics card manual says that it can go up to 1,600 x 1,200 pixels, but I can’t select a resolution over 1,024 x 768. Why is this so? The native resolution supported by a 15-inch LCD monitor is 1,024 x 768 pixels. Hence, though the graphics card is capable of delivering a resolution of 1,600 x 1,200 pixels, the monitor cannot do so. 3) I see two faint horizontal lines on my monitor—is this a defect? Monitors using the aperture-grille technology, have multiple vertical wires of 0.25 mm in diameter. Two horizontal wires keep these vertical wires aligned. It’s the shadow of these that you see on the monitor. Frankly, there’s nothing you can do about it, since they’re an integral part of the technology.

4) Why does my monitor flicker? How do I solve it? This may be due to incorrect video or monitor drivers. Also, the refresh rate might be too low; set it to 75 Hz. 5) My monitor does not reproduce colours. Check the connector-pins for any damage. Make sure that there are no electronic devices—speakers for example—near the monitor. Degauss the monitor at least once a month. If this doesn’t work, relocate the display. Also, use it with another PC to further isolate the problem. 6) My screen is tilted? How do I correct it? Use the onscreen-display menu to correct the problem. If this does not help, check whether you are using the correct version of the video-card driver; also, try using different resolutions. Connect the display to another PC to check if the problem persists. 7) I can’t sync my monitor? Check whether the D-sub connector is properly plugged in to the graphic card. Also make sure that no pins in the connector are damaged. Install the latest graphics card drivers. This ensures a correct resolution and frequency adjustment. Don’t set a refresh rate that your card can’t support. 8) Why don’t images and text appear smooth on my LCD monitor? You’ve chosen a resolution that distorts the aspect ratio, and then used the adjustment function to force-fit the screen. This makes images and text look crooked. Always run an LCD monitor at its native resolution as suggested by the manufacturer.

9) My LCD monitor displays a scrolling screen. Help! Check whether the cable is connected properly to the video card. Use the monitor with another system. This helps you ascertain whether the fault lies with the display card or the display itself. Also, remember to specify the correct resolution and refresh rate for the monitor. 10) How do I get rid of image persistence? Burn-in, or image persistence, is more of a CRT-specific problem, and is not permanent for LCDs. Keeping the panel powered down for about 15 minutes will solve the problem.

Digital Cameras FAQ Do all digital cameras suffer from shutter lag? It is true that digital cameras do suffer from shutter lag. Shutter lag is the time in between clicking the shutter button and the picture actually being taken. Once the button is pressed digital cameras get to work setting the focus, white balance and exposure time. They also need to charge up the CCD. The end result, a brief pause before the picture is taken can be very annoying and can prove to be the difference between a great picture and a missed opportunity. As with most things in the world of digital cameras shutter lag times are decreasing as the technology evolves. In fact in higher spec digital cameras shutter lag has almost been eliminated. It won't be a problem with the majority of pictures that you take, but it is something to be aware of.

How can I tell which digital cameras allow playback through my television? Not all digital cameras allow playback through your television. When you are reading specifications for digital cameras look out for ones that have "video out" under interfaces.

What is the best image manipulation software for images taken with digital cameras? The market leader is Adobe Photoshop. This remarkable piece of software will let you do almost anything with an image. Before you rush off and buy Adobe Photoshop there are two things that you need to consider. First it is aimed at digital photographers who are looking for serious image manipulation. This gives Adobe Photoshop a fairly big learning curve and there are plenty of books and courses dedicated to helping you get the most from the package. Secondly it doesn't come cheap. A guide price is £500-550. There are a couple of very good alternatives to Adobe Photoshop for those of you who are looking for more general image manipulation. One is Adobe Photoshop's little brother Adobe Photoshop Elements, priced at around £65-70. The other is Paint Shop Pro which you can pick up for under £40. I have used this package myself and it does everything that I've ever wanted to do with an image. Cheaper still are products like Kai's Photo Factory. You shouldn't have to pay more than £15 and it gives you some useful image manipulation tools.

Digital cameras seem to have lots of features that I'll never understand. They must be difficult to use. It's true that digital cameras, particularly at the higher end of the market do have some pretty amazing features. It is also true that these will really only be of use to serious photographers who want to experiment with their digital cameras and want to learn and use all that their camera has to offer. Even then digital cameras come with a fully automatic mode that will allow you to use it in a similar way to a traditional point and shoot camera. The important point to remember here is that feature rich digital cameras also cost a lot of money. If you are not planning to make use of all the available features then I would suggest that you buy a model with a smaller feature set and save yourself a lot of money. You will find that digital cameras that are more basic in the functionality that they offer are also more easy to use.

How much is a good printer to print photographs taken with digital cameras? If you are looking to print good quality photographs taken with digital cameras then you need to by a special photo printer. A standard inkjet printer isn't quite up to the job, so you need to buy a specialised inkjet or bubblejet printer. You can find a photo printer for under £100, but you basically get what you pay for. If you are looking for acceptable quality prints then you are looking at paying £300 plus. It all depends on just how much quality you are looking for. Even then to get the best results you need to use coated photographic paper. This can prove to me quite expensive. If you are not planning to print that many pictures then I would advise you to consider having your photographs printed by a professional printing services company. Otherwise it begins to get hard to justify

paying out for the printer itself. Ink refills also add to the price. If you are more dedicated to your photography and are looking for a higher standard print than is available from the inkjet or bubblejet range, then you can buy a dye sublimation printer. These are a clear step up in terms of print quality, but there is also a clear step up to pay as well. Dye sublimation printers start off in the £400-500 range. Don't forget though that using digital cameras gives a whole new slant on photography. The ability to view images on your computer and television screens means that it is less important to have your photographs printed. Therefore you are likely to need less prints then you would have with traditional 35mm photography.

Some digital cameras use Smart Media and some use Compact Flash. What's the difference? Smart Media and Compact Flash are both memory cards. Smart Media has been with us for about as long as digital cameras themselves. More recently we have seen the rise of Compact Flash. Smart Media is used primarily in Fuji and Olympus digital cameras. The majority of the remainder of the market utilised Compact Flash cards. The growth in megapixels that digital cameras can use has caused a big problem for Smart Media. The increase in the number of megapixels has meant that digital cameras produce larger images. These larger images then need more storage space. That is why a while ago an 8 or 16mb memory card was sufficient certainly for consumer digital cameras. The problem with Smart Media technology is that the maximum size that a Smart Media

Card can be is 128mb. Compact Flash cards do not suffer from the same limitations. Over the next few years it looks as if Smart Media cards will take more and more of a back seat. If you already have Smart Media cards this isn't really a problem. As far as storage goes they are a perfectly acceptable medium. The only problem is their lack of capacity.

How many pixels do digital cameras need to produce good quality 6x4 prints? It depends on just how pin sharp you want the image. Two megapixel digital cameras will produce very good 6x4 prints, but if you are looking for exceptional quality then you will be better off looking at 3 megapixel digital cameras. Likewise with 8x11 prints. Three megapixel digital cameras will produce very good prints, but if you are looking for exceptional quality then you need to step up to 4 megapixel digital cameras.

Can I get pictures taken by digital cameras printed professionally? If you don't want to have the expense of buying a dedicated photo printer or you just like the idea of having prints made for you then there are services that you can use to have your prints made. Most camera stores will be more than happy to take your images and provide you with prints. There are also Internet based companies where you can send your images to and receive a set of prints back through the post. The main disadvantage of having your prints made by a camera store is that people need to transfer the images from their digital cameras to their computers and then download the images onto floppy disks or burn them to a CD. If you use an Internet

service, once the images have been transferred from digital cameras to a computer it is quite easy to send them to the online printing services. One of the biggest advantages of having prints made of photographs taken with digital cameras is that you can select the images that you like the best before you send them off for printing.

What are compression modes? Digital cameras use different compression modes to store images. If you use high or fine or super fine etc. compression modes then the image produced will be much sharper. Pictures taken at a high resolution will also take up more room on the storage card. Therefore if you are using digital cameras with relatively small storage cards then they will soon become full if you are shooting at a high resolution.

Are digital cameras under £200 worth the money? It all depends on what you are looking to get out of using digital cameras. Digital cameras have really come down in price and some of those available for under £200 are very good cameras indeed. In fact there are digital cameras on the market for under £100 that will do a very good job if you are looking for a camera that will take good quality snap shots and is easy to use.

Why are some memory cards cheaper than others? Higher priced memory cards have a higher speed rating. This means that the picture is written to the card faster and the digital camera becomes ready to take the next shot quicker. This is really only an issue for

anyone using digital cameras and wanting to shoot a number of pictures very quickly. It is also felt that the faster memory cards are of a little higher quality.

I have seen effective pixels referred to on specifications for digital cameras. What does this mean? Not all the pixels that are on a digital camera's CCD can be used when the photograph is taken. Some fall outside the range of the lens and some are painted black to help with colour balance. Therefore it is the number of effective pixels that people need to look out for when buying digital cameras.

I have a 35mm SLR camera. There seems far less choice with SLR digital cameras. It's true that SLR digital cameras are few and far between all though this too is changing. They are also expensive, but recent additions to the range have caused a real price breakthrough. There is no need to despair though as the group of digital cameras known as "Prosumer" carry the same advanced features as most 35mm SLR cameras. Check out this range of digital cameras before you buy.

What is Digital Zoom? Digital zoom causes digital cameras to zoom in on the centre section of an image. The centre area will then look bigger, but the same number of pixels are used. This means that the quality of the image is reduced. If a zoom lens is important to you then make sure that you look out for digital cameras that come with an optical zoom.

Digital cameras with optical zooms will produce images of a far higher quality.

Do all digital cameras offer a movie mode? No. Not all digital cameras come with a movie mode or though it is fast becoming a common feature. You may also find that some digital cameras at the very top of the range don't offer a movie mode either. Also don't be fooled into thinking that the movies that digital cameras take will be up to the standard of your digicam. At the lower end of the digital cameras market you can find that the movies are shot in black and white. There are certainly a good number of digital cameras where you can't record sound when you shoot the movie. Movie time also varies between digital cameras. At the lower end of the market you normally get around 15 seconds. The higher end hits the three minute mark. The way that I would look at it is that the primary function of digital cameras is to take great still pictures and short movies that you can shoot are very much a bonus. Watch out as well. Shooting even very short movies can drain the batteries very quickly.

Do you need a card reader to upload images from digital cameras? You don't necessarily need a card ready to upload images taken by digital cameras. Digital cameras come with a lead that will connect them to the PC and you can upload your pictures through that cable. Some people do experience difficulties from time to time uploading their images using this method. A card reader simplifies the process by creating another drive on your computer and from there it is relatively straight forward to transfer your images from the card to the PC.

Juiced Ships For Playstation 2, Xbox, And PC

THQ Inc. today announced the release of the high-octane street racer Juiced for the PlayStation 2 computer entertainment system, the Xbox video game system from Microsoft and Windows PC. The highly-anticipated release of Juiced delivers an all-encompassing street racing experience, bringing the culture of street racing to life through game-play elements like betting and earning respect, while also featuring an extensive modification system in which gamers and gear-heads alike can build entire fleets of tricked-out racing machines. Drivers can get to work under the hood for a suggested retail price of $49.99 on PlayStation 2 and Xbox and $39.99 on Windows PC.

"Spending the time to fine-tune key game-play elements and further develop features such as crew racing, pink slip racing and online play has resulted in one of the top street racing games available," said Philip Holt, senior vice president, product

development, THQ. "We are extremely pleased with the well-rounded racing experience Juice Games has delivered and look forward to continuing to advance THQ's position in the street racing genre."

Juiced will fully immerse players in the lifestyle and culture of the street racing scene where they will show off racing skills, earn respect from different crew chiefs and bet against them for cash. Earning cash and respect will ultimately unlock more than 50 real cars with over 100 real after-market cosmetic and performance mods for a total of 7.5 trillion car customization possibilities. As a racer's notoriety grows, new drivers will approach them to join the team, opening up never-before-seen 'crew races' where the player's ability to manage a crew of drivers is key to beating rival crews.

The game will also offer a full on-line feature set, including 6 player races, crew races, world leader boards and crew and pink-slip competitions, where someone will lose the car they worked to customize.

Red Mile Entertainment to Publish Heroes of the Pacific For Playstation 2, Xbox, And PC Red Mile Entertainment, Inc., a worldwide developer and publisher of interactive entertainment software, today announced that it has acquired the rights to publish the flight combat game Heroes of the Pacific. Developed by Australia-based developer IR Gurus, the game will release for the PlayStation 2 computer entertainment system, the Xbox video game and entertainment system from Microsoft and PC in the fall of 2005.

Beginning with the attack on Pearl Harbor, this aerial combat game puts players in the middle of some of the most intense aerial conflicts in WWII's Pacific Theater. For the first time players will experience the epic scope of the battles, placing hundreds of planes on the screen in a single confrontation.

The game unfolds through 10 campaigns (26 missions) taken from real events of WWII's Pacific campaign, including battles over Midway Island, the Coral Sea, Iwo Jima and Guadalcanal. With more than 35 WWII aircraft, including all major U.S. and Japanese models, players can pilot a variety of aircraft that were integral to the war effort in the Pacific including the Grumman F4F Wildcat and F6F Hellcat, the Douglas SBD Dauntless, the Curtiss P-40 Warhawk and the Chance-Vought F4U Corsair. Planes are also upgradeable, which gives players access to a total of more than 80 planes.

"Heroes of the Pacific generated a great deal of excitement when it was showcased

at E3 this year, and we are excited to feature this game in our initial launch lineup," said Chester Aldridge, CEO of Red Mile Entertainment. "This game delivers a fast-action flight combat experience that encompasses all the drama, realism and intensity that players would expect from a WWII battle."

In Heroes of the Pacific, players will live the enormity of the battle and recreate actual acts of heroism as up to 150 planes, each with full AI and physics attributes. The skies come alive as highly detailed (15,000+ polygons) fighters, dive bombers, torpedo bombers and experimental planes take part in fierce fighting.

Players reenact this compelling and dramatic aerial campaign in six game modes -- Campaign, Instant Action, Single Mission, Historical, Training and Multiplayer, which is playable in split-screen, LAN multiplayer or in online multiplayer for up to eight players on console and PC. In the single-player game, missions can include up to 4 wingmen, all controllable through an innovative, fast-access menu system. Daring missions that involve ground attacks and support, escort, defense, patrol, torpedo and dive-bombing take place in highly realistic environments. Players can even relive the action in cinematic replays.

Heroes of the Pacific is scheduled to ship in the fall of 2005. For more information on the game, visit the website at http://www.heroesofthepacific.com.

Falcon 4.0: Allied Force - Airbase Operations

One of the aims of Lead Pursuit is to deliver a fully realistic working environment of airbase operations, and Falcon 4.0: Allied Force moves us much closer to that goal. The controllers in the tower have a huge responsibility to safely schedule the arrivals and departures of expensive aircraft vital to the war effort.

As in real world airspace, the airports and carriers are the busiest areas for aircraft and with the exception of the Forward Line of Troops (FLOT), they are the areas of highest risk to individuals and hardware. A single pilot error or wrecked aircraft on the runway can render the airbase closed for hours. So intelligent management of flights in and out of the base – and around it too - is essential. In these development notes, Mike Laskey walks us through airbase operations.

With AI routines, players tend to notice very quickly when things aren't working quite right. The aim of our ATC focal area was to deliver subtle AI that you don't notice. We'll begin with some of the primary improvements:

Advanced ATC awareness of the approach and departure queues. The controllers in the tower are ever watchful, and have a good understanding about

aircraft separation. For example, if a large transport aircraft is waiting on the taxiway ready to depart with an F-16 on final approach, ATC assesses carefully the position of the F-16 before giving the transport aircraft clearance onto the runway. The transport will be held in the "hold short" position until the F-16 touches down. At that point, ATC will clear the transport onto the runway. ATC will grant takeoff clearance once the conditions are safe for the transport aircraft to depart. v In some circumstances where ATC determines a backlog of aircraft to depart, additional time buffers are introduced between each arriving aircraft to allow the departure backlog to clear. Airbase operations can be extremely busy – it's a difficult balancing act for the busy virtual controllers living inside the battlefield!

One important area of the ATC is supporting pilots as they limp back to base with wounded birds. We wanted to give pilots every good chance of making it back to base, whether they choose to divert to a closer airfield or struggle back home. In our product, we are excited to allow players and AI aircraft to participate in airbase stacking. More on this later.

Calling an emergency dramatically increases the workload of the ATC controllers and adds additional risk to other aircraft as they are expected to remain airborne for longer. Therefore, ATC does not approve of "hoax" emergency landings or landings without permission. All pilots are expected to operate within the rules and penalties are dealt out to pilots who do not comply.

Airbases in Falcon 4.0: Allied Force can at times be tremendously busy. The "TowerCam" puts you right into the controller's seat and allows you to watch and zoom in on any of the aircraft around the airbase. It's fun to buzz the tower with the low altitude fly-by, replicating a great scene from a classic air combat movie.

Falcon 4.0: Allied Force supports two-ship formation take-offs for player and AI controlled aircraft. Only fighters can utilise this privilege and only when carrying air-to-air ordnance.

We've added a new controller's voice to provide full support for the Balkans theater of operations and a bunch of new radio calls. For example, ATC will now assign departure headings and warn you about traffic conflicts.

STACKING

As we've already mentioned, one important feature is "stacking". This is an assigned area close to the airfield where aircraft are held in an "airborne queueing" arrangement, while ATC deals with an emergency. The act of a pilot calling an emergency landing is enough for ATC to divert other aircraft that are already in the pattern, into the stack instead. Typically those that are on final approach and not too far from landing are permitted to continue their approach. But where other aircraft already in the pattern and those attempting to join the pattern are considered a conflict, then one or more aircraft will be diverted into the stack. Whenever ATC is stacking aircraft, ATC will give a new heading and a new altitude above the standard landing pattern. This considerably adds to the immersion factor, making the player feel even more that they are part of a living battlefield environment.

Once you reach the stack, ATC will order you to orbit and will confirm your assigned altitude. Each aircraft in the stack is separated vertically by 1,000 feet and stacking operates on a first-in first-out basis. Those arriving later are placed on the top of the stack. Once the emergency is over (hopefully the aircraft in trouble landed safely!), ATC will empty the stack from the bottom.

One by one, ATC will call the aircraft at the bottom onto the base leg to start its

approach, and as that aircraft leaves the stack, ATC will order each pilot remaining to reduce altitude by 1,000 feet. Note that until the stack is completely empty, any new aircraft attempting to join the pattern will continue to be added to the stack.

On a playability note, during stacking, it's vital for the safety of fellow pilots to maintain the altitude they have been assigned to by ATC, to avoid collisions. Should the pilot find himself stacking and short of fuel, he or she must make the problem heard and call an emergency. This is about the only other situation where calling an emergency is legitimate though.

LANDING HELP

After leaving the stack, the pilot will be given bearings and directions to land. Of course, successfully landing is critical, but it is far from the easiest of experiences. That's why we've developed a "landing tutor" to help ease to process of bringing the bird home safely.

A series of rectangular indicators showing the path to the active runway are drawn in the sky. This pathway consists of four distinct sections: the base leg, the turn to finals, the 3° descent onto the runway and the flare. As the distance decreases between the indicators and the runway, the rectangles become smaller and smaller to emphasise the increased importance of accurately following the glidepath.

The landing help system also teaches speed control which trains the player to land in a timely fashion without flying too quickly nor too slowly. This is conveyed visually by gradually changing the colour of the pathway indicators. At the correct speed, the pathway indicators will be coloured black. As the aircraft slows to below the expected speed, the indicators will begin to turn blue to let the player know that the speed should be increased slightly.

If the pilot fails to respond appropriately, the indicators will turn more blue. It is likely in this case that the pilot will either fall short of the runway, or risk interrupting traffic that might be landing behind him. Conversely, if the aircraft velocity is too fast, the indicators will gradually turn to red, and the pilot is likely to overshoot the runway or interrupt aircraft scheduled to land ahead of him.

During final approach, the player should aim to fly directly through the centre of the indicators with the flightpath marker positioned at the base of the runway. Within two hundred feet of the runway, an on-screen text description prompts the pilot to commence the flare. At this point, the pathway indicators no longer represent a 3 degree descent but instead level out more to help visualise this concept. At the start of this phase, the indicators are likely to change to red to inform the player to reduce the speed of the aircraft. The pilot should reduce throttle and pull back on the stick to flare the aircraft smoothly onto the runway.

After touchdown, an assessment of the landing is displayed to the pilot. To enable/disable this feature, press ALT-H. The aircraft must be flying in order to turn the landing help on, and it is automatically disabled once the aircraft comes to a stop.

Batman Begins

Shake off those cobwebs. There's a new Batman in town, and he's younger, fiercer and klutzier than before. What do you want from a rookie? The Caped Crusader that Christian Bale plays so potently in Batman Begins is still working out the kinks. He nearly gives himself a wedgie scaling a building in a self-designed Batsuit that weighs a stylish ton. Director Christopher Nolan, who wrote the script with David Goyer, shows us a Batman caught in the act of inventing himself. Nolan is caught, too, in the act of deconstructing the Batman myth while still delivering the dazzle to justify a $150 million budget. It's schizo entertainment. But credit Nolan for trying to do the impossible in a summer epic: take us somewhere we haven't been before.

This stripped-down prequel grounds the story in reality. If Tim Burton lifted the DC Comics franchise to gothic splendor and Joel Schumacher buried it in campy overkill (a Batsuit with nipples), then Nolan -- the mind-teasing whiz behind Memento and Insomnia -- gets credit for resurrecting Batman as Bruce Wayne, a screwed-up rich kid with no clue about how to avenge the murders of his parents.

Batman Begins answers a long-standing question about Bruce the tycoon playboy -- a Paris Hilton with balls as previously played by Michael Keaton, Val Kilmer and George Clooney -- by showing us what he was doing before he put on his Bat drag,

accessorized with lethal toys and learned to kill like a vigilante.

If you expect Batman to flap his cape the second you sit down with your popcorn, snap out of it. Nolan wants us to know the real Bruce. At age eight, Master Wayne (Gus Lewis) falls into a well filled with bats and freaks out. The bats represent his deepest fear. Bruce later dumps Princeton and his virginal Rachel (Katie Holmes -- OK, Tom Cruise, start raving) and heads for the Himalayas to toughen up. He's tossed into prison and is rescued by Ducard (Liam Neeson, with a funny accent), who ninja-trains him. Ducard is a member of the League of Shadows, led by evil genius Ra's Al Ghul (Ken Watanabe).

Seven years pass, and Bruce is still Bruce. Back in Gotham, he learns from the family butler, Alfred (Michael Caine purrs with warmth and humor), that he's been declared dead and that the CEO (Rutger Hauer) has taken over Wayne Enterprises. To get it back, Bruce teams up with Lucius Fox (a wily Morgan Freeman), a company scientist who specializes in military body armor (think Batsuit) and designs a car that looks like a tank (think Batmobile). That's when Bruce asks Lucius if the car comes in black. Fans can now feel free to go batty.

The buildup is steadily engrossing. That's because Nolan keeps the emphasis on character, not gadgets. Gotham looks lived in, not art-directed. And Bale, calling on our movie memories of him as a wounded child (Empire of the Sun) and an adult menace (American Psycho), creates a vulnerable hero of flesh, blood and haunted fire. Bruce's blood may be too hot for Rachel, now an assistant DA. She fumes when Bruce frolics with seminaked models. Look, honey, a secret identity takes work.

The Bat earns his wings soon enough. He enlists an honest cop, soon-to-be commissioner Gordon (a goodie Gary Oldman -- huh?) to help him rid Gotham of Carmine Falcone (overhammed by Tom Wilkinson), a crime lord with connections to the Waynes' murders. Like any movie with a surfeit of villains, none of them stick. Cillian Murphy comes closest as Dr. Jonathan Crane, a skinny shrink they call Scarecrow when he puts a burlap bag on his head. Each person sees his own worst fears come to life when they gaze at the bag. The low-budget headgear is typical of a movie that succeeds best when it hews to the rule of less is more. Beginner's luck evaporates when Nolan ends with a tricked-out car chase and a doomsday plot about a poisoned water supply. Nolan's too good for Bat business as usual. His secret for making Batman fly is as basic as black: Keep it real.

Der Untergang

Also known as "Downfall, The Downfall: Hitler and the End of the Third Reich (USA), Der Untergang - Hitler und das Ende des 3. Reichs"

Running Time: 150 minutes Drama, War During the Third Reich, a state propaganda machine had saturated the German people with a vision of their Führer as a romanticised folk hero and loving father of the nation - so when Adolf Hitler and the Reich came to an end in 1945 and Germany was waking up to the grim reality of what had happened in the name of National Socialism, it no longer seemed appropriate for Hitler's image to be projected in the dreamhouse of cinema. While he has been analysed by academics, exposed by documentarians, and argued over by historians, Hitler has remained a taboo topic for German feature films - and until the release of 'Downfall' in 2004, the

last time the man had been portrayed in German cinema was a staggering forty eight years earlier, in G.W. Pabst's 'Der Letzte Akt'. "I make so many mistakes when I dictate", Hitler (Bruno Ganz) tells Traudl Junge (Alexandra Maria Lara) in the 1942 opening of 'Downfall'. The context is innocent enough - he is interviewing the young woman for a post as his private secretary - but the irony of the dictator's words reverberates through the rest of the film, set three years later during his final days in the bunker beneath the German Chancellery, as he ignores all good advice and military reality, blames his own failings on everyone else, brooks no dissent and wilfully condemns his own populace to unnecessary (if sometimes willing) death.

Woven from 'Until the Final Hour' (2001), an eyewitness account of Hitler's last days by Traudl Junge herself, and from 'Inside Hitler's Bunker' (2002), the best-selling book by Berlin historian Joachim Fest, the rich detail of Bernd Eichinger's screenplay brings the studied feel of a documentary to the film - and in one sequence, the notorious photo of Hitler's final public appearance, pinning medals on a parade of young children in military uniform, is painstakingly reconstructed and brought to life. At the same time, director Oliver Hirschbiegel brings from his previous film 'Das Experiment' (2001) a mood of claustrophobia and entrapment that suits

not just the bunker itself, filmed with suffocating tightness, but also the inescapable grip which Nazism held over the German people, caught between testing their loyalty to its self-destructive limits, or paying the lethal price for their treachery. In this way, the twelve years of Hitler's dictatorship are compressed into the twelve intense days at their end, as a country finds itself straining under the inhuman logic of its own guiding ideology.

There is enough incident and character in the many narrative strands of 'Downfall' to fill a film twice the length - but at its concrete core is a contrast between the downfall of a society ruled by perverse disorder, and the beginnings of a new Germany. Hitler and Goebbels (Ulrich Matthes) have come to believe their own propaganda - but others like Speer (Heino Ferch) are starting to face the truth and secretly ignore Hitler's commands. Doctors devote their time to preparing poisons and assisting suicides, and there is a chilling reference to the illegal experiments performed by an SS medic - but other doctors like Schenck (Christian Berkel) risk their own lives to help the sick and the wounded, and reject both suicides and executions as madness. Goebbels' wife Magda (Corinna Harfouch), declared by Hitler to be Germany's most courageous mother, kills her own children one by one, and Hitler himself, the 'father' of the nation, mercilessly wills the annihilation of all Germany - yet the film's final sequence, in which Traudl and a young boy elude the

advancing Red Army by posing as mother and son, promises the return of more normal family relations. Lastly there is Traudl herself, an "enthusiastic Nazi" by her own admission (in the voice-over which book-ends the film), who now looks upon her younger self ("this child") with a mixture of anger, contempt and disbelief, and struggles, like Germany, to forgive herself. 'Downfall' is difficult, deadly serious, and at times painful to watch - but most of all it is adult, coming to terms with the past as any adult should.

It's Got: Simply extraordinary performances, especially from Bruno Ganz as Hitler; scenes of Berlin under bombardment from the Russians, all filmed in St Petersburg (the Russian city in fact bombarded in the Second World War by the Germans); a documentary-like attention to historical fact and period detail coupled with a stifling sense of claustrophobia; and a chilling scene of infanticide that is almost too painfully real to watch, and yet encapsulates perfectly the perversion of Nazism. It Needs: Not to be seen by anyone looking for a fun night out.

Massage Pen

Smooth-writing executive pen with vibrating contoured tip. Pinpoint relief anytime, anywhere with the textured acupressure head. Excalibur Research Labs have scored a major breakthrough in instant stress relief. Using ancient holistic techniques derived from the Far East, Excalibur Electronics can now bring to you the comfort of massage in the ultimate portable package of the Massage Pen. Easy to use. Instant relief from muscle soreness, pain & discomfort. Uses ancient arts of reflexology to help find relief from numerous ailments, aches and pains. Package dimensions: 7" x 4-7/8" x 1-1/2".

Samsung D720

The D720 has it all. As smartphones are becoming more popular, Samsung has released their D720 to compete. One of the key features includes the use of the Symbian Series 60 operating system to help enforce the slogan of this phone, ‘smarter than the average.’ This phone also includes a 1.3 mega pixel camera and integrated 64mb of memory. All standard cell phone options still apply: Bluetooth, web browsing, messaging, video playback, java, and even an mp3 player with dual speaker output.

Shuttle XPC SN25P

Shuttle XPC SN25P’s size of the case is bigger in size allowing for better airflow and easier access inside. The motherboard uses the nForce4 Ultra chipset and has everything you would need already integrated, including 7.1 audio. One of the best new features is an external clear CMOS button. Flybook A33i

The link between the PDA and the notebook is getting even closer with the Flybook. The Flybook weighs in at 2.6 pounds, will have a 1.1-GHz Pentium M “Dothan” chipset and up to 512MB of RAM. Bluetooth, SM card slot, and built in WiFi

capabilities are also included. It is available in multiple different colors and prices begin at $2,000. Nokia 770 Internet Tablet

It features a 64MB TI 1710 OMAP ARM mini-PC. It is powered by Debian Linux v2.6. It has no mobile phone inside, so it relies on Bluetooth v1.2 and WiFi (802.11b) support to connect to the Internet either through your home WiFi router or via your Bluetooth compatible mobile phone. It features a massive 4.13" diagonal, 800x480 pixel display, browsing and email should be quite comfortable. In addition it also features the Opera web browser and the built-in email client, a RSS newsreader, Internet radio, various media players, a PDF viewer, and Flash v6 compatibility. A user installable software upgrade will introduce Voice Over IP (VOIP) and Instant Messaging to the mix. It has 64MB of DDR RAM, and 128MB of internal FLASH memory, of which about 64MB should be available to the user. Storage can be augmented by inserting a RS-MMC memory card. It will be priced at approx $350.

Darth Vader Episode III Helmet Replica

Star Wars fans take Star Wars films very seriously. Target is selling the Darth Vader Episode III Replica Helmet. This fiberglass cast replica comes with a display stand and plaque and according to the description "is molded from the same CAD-generated master pattern used for "Revenge of the Sith." You can also wear this helmet comfortably (foam blocks and all) which truly makes this the ultimate Star Wars accessory.

AT-AT Imperial Walker Replica from The Empire Strikes Back You remember the AT-AT toy from "The Empire Strikes Back" that you had as a kid, right? It was the toy to have, around two feet tall and had a cargo bay large enough to stuff all your action figures into. Well this is comprised of over 230 separate parts, legs made from solid, high-strength thermo-plastics and die-cast metal for long-term durability. Approximate model dimensions 23-inches x 9-inches x 19-inches; display case measures approximately 27-inches L

x 11-inches x 21-inches. Sadly this is a limited Edition of 1,000 pieces worldwide, which means once they gone, they gone.

Mio 269 GPS/MP3 Player

The Mio 269, which we will probably never see on these shores, is a cool little device. It’s a portable 2.5GB device with GPS mapping and an MP3 player for rocking out to the tunes while you get lost in New Jersey. It also includes 32MB flash ROM, a 3.5-inch LCD, and 300MHz processor. Best of all, it has a 4.5 hour battery that allows for portable GPSing.

Creative Zen Vision PMP

The new Zen Vision PMP holds 30GB and uses a non-Windows Portable Media Center OS. It is a definite improvement over the original PMC-120. Interestingly it supports MPEG4, WMV, DivX, and XviD as well as a CF card slot for updates. It has a 3.7-inch TFT-LCD and weighs in at 8 ounces, James Bond Stealth Camera

There is finally a hi-tech gadget from Q's laboratory that can be had by the masses who are not fortunate enough to carry a license to kill. This inconspicuous Zippo look-alike actually contains a digital camera capable of holding over 300 images. The JB1 uses ST Micro technology to capture highly detailed images with incredibly small file sizes thanks to LiteSync technology that allows you to take clear images in fluorescent lighting without using a flash. It can even capture video clips & record up to

12 minutes of crystal clear audio, so you don't forget any important pieces of information. A nice touch for a secret agent or any one who aspires to be one. iZon Bluetooth MP3/FM Radio/Mobile Headset w/128 MB SD Card

With this cool iZon Headphone device, you get MP3 playback, an FM Radio, a Bluetooth Mobile headset, and Bluetooth Audio Streaming - all in a single package! This iZon MP3 Headset is compliant with Bluetooth 1.1, has a built-in microphone for use with mobile phones, features an SD/MMC memory card slot with a 128 MB SD memory card included, and has a user interface display on its LCD. This one-piece, neckband, headphone style fits very comfortably on your head.

Pro Viewer 1.3 Mega Digital Binocular Camera W/LCD

BANNED IN SOME SPORTS ARENAS! Snap 1.3 mega pixel photos with a digital binocular camera so powerful you can see a license plate 3 football fields away. Then view it on a full color LCD screen. It features a Binocular lenses with 8X zoom power, 1.5" full color, flip up LCD screen. It has a 8MB of capable memory is built-in, memory is upgradeable with Smart Disc. Motorola IMfree Wireless Personal Instant Messenger Free up the family computer without putting a stop to the fun of instant messaging with this Motorola IMfree Personal Instant Messenger. This portable, convenient IMfree device allows Instant Messengers to roam almost anywhere around the house - up to 150 feet from an Internet-connected PC and base station! With this Motorola IMfree Personal Instant Messenger Kit, the family computer is available for the family once again, and the kids don't have to miss a single LOL or OMG moment!

Digital Spy Camera Pen

Work your secret spy mojo with the incredibly normal-looking Digital Camera Spy Pen. It has 2MB of built-in memory & stores up to 36, 160 x 120 pixel images. It has a voice function audibly which tells the user number of pictures taken.