You are on page 1of 69

The Sober Virus Returns!

Spam Technical Operations for


MessageLabs.

"This latest attack by the Sober author is


A wave of far-right German, political-party comparatively sophisticated and has
propaganda choked millions of e-mail obviously been well planned," White said.
inboxes around the world over the "It appears that previously unexploited
weekend, delivering racist messages along networks of machines were infected with
with a dirty payload. earlier incarnations of the Sober worm."

The Sober.q virus was first spotted Sunday The timing of the attacks coincides with last
as it quickly crossed the globe, blasting e- week's celebrations of the 60th anniversary
mail addresses found on infected PCs. of the end of World War II. Many of the 72
Most of the political rhetoric contained links variations of the e-mail refer to "war-related"
to news stories and content with political messages, such as the Allied
approximately 72 varying subject lines, bombing of Dresden in 1945.
according to security firm MessageLabs.
The spam also included links to the
The payloads quickly turned infected PCs German Web sites for the far-right National
into spam-generating machines, launching Democratic Party.
the propaganda from thousands of hosts.
The Sober virus has now had over 20
The virus, which was sent an estimated 10 incarnations, the most recent coming earlier
million times during the first few days of this month when scammers began gearing
attacks, has since slowed, and the risks up for the 2006 World Cup, to be held in
have been downgraded to "medium" by Germany, by sending millions of virus-
most security firms, including McAfee. " carrying e-mails advertising ticket
confirmations for the matches.

Other messages sent in Sober.q contain


racist rants in both English and German
against allowing Turkey into the European
Union.

Story By Ccucu

Most of the mail contains a single URL


directing recipients to a range of online
articles in reputable German newspapers
and magazines promoting political
messages with right-wing tendencies,
according to Stephen White, Head of Anti-
Websense warns of new Hubbard said the sole purpose of the
infection was to go to a second Web site
cyber attack that holds and download another piece of code.
files hostage "So first the Trojan [horse] downloader
infected the machine, then the downloader
A hacker encrypts files on a user's went to a second Web site and downloaded
computer, then demands money to the new code and then started its process,"
decrypt them Hubbard said. "It goes through and looks at
your hard drive for around 12 different file
types, including documents, photos,
databases, Zip files and spreadsheets, and
if it matches those file types, it actually
encodes the data."

According to Hubbard, the malware goes


through all drives on a machine, whether
they're removable or not, and at the end of
the process deletes itself -- leaving behind
a text file with instructions on who to
A hacker has apparently found a way to contact to have the files changed back to a
encode computer files and hold them readable format.
hostage until the intended victim pays for a
decoder tool to unlock the files. "In this particular case, the end user did
contact the third party, and there was a
The original infection occurs when the user request to deposit $200 in an E-Gold
visits a malicious Web site that exploits a account, but that did not happen," he said.
vulnerability in Microsoft Corp.'s Internet
Explorer Web browser, according to San Instead, Joe Stewart, a senior security
Diego-based Websense Inc., which researcher at Lurhq Corp. in Chicago,
uncovered the extortion attempt. looked into the case after hearing about it
and contacted Websense with a solution. "I
"We had a report from the field, but [we] do took a look at the encryption scheme and
not divulge what our source for that is," said found that it was a pretty trivial and easy to
Dan Hubbard, senior director of security break encryption scheme," Stewart said.
and research at Websense. "What "So I wrote a decryptor for that and put that
happened was after doing some forensics information out there for our customers -- to
on the actual computer that was infected, tell them that if they get hit by this, we can
we noticed that the user visited a Web site decrypt it and you don't have to pay this guy
that has since been shut down. And the ransom."
site, through an Internet Explorer
vulnerability, downloaded some code onto That solution might not work next time,
the machine and ran it without user experts said.
intervention."
Although this hacker used a weak form of
encoding, someone in the future could use Hubbard said the best protection against
a much more sophisticated level of this type of cyber attack is staying up to
encryption, Hubbard said. Or a hacker date on latest security patches and making
could remove the files or transfer them to sure users have the latest signatures for the
another location and try to extort money for security software on their computers.
their return, he said.
"The not-so-obvious is trying to learn about
these types of things ... and to know where
to go if something does happen," Hubbard
said.
Story By Ccucu

McAfee Seeks VirusScan


10 Testers
"This was not a very sophisticated
technique, although it was a fairly ingenious
idea," Hubbard said.

Stewart agreed.

"If this evolves, and the person keeps


getting more and more money from it -- and
if they see the need for more advanced Security software maker McAfee is
encryption -- they could put it in, and we readying a slew of betas for the second half
wouldn't be able to break it," he said. "All of 2005. Among the tests is the 10.0
we would be able to rely on is getting the release of McAfee's flagship VirusScan that
key from the original Trojan author, which improves instant messenger scanning,
means you would have to either pay the alerts for malicious scripts and worm-like
ransom or law enforcement would have to activity, Windows Explorer integration, and
actually catch the guy and get the key off Microsoft Outlook integration.
his hard drive."
McAfee Personal Firewall Plus 7.0, McAfee
"It's like someone coming into your house, SpamKiller 7.0 and McAfee AntiSpyware
putting all of your valuables into a safe and 2.0 are also currently in beta. McAfee
not telling you the combination until you pay Privacy Service 8.0 and McAfee
them," said Oliver Friedrichs, a security QuickClean 6.0, meanwhile, are on the
manager at Cupertino, Calif.-based docket for mid-June. Testers may
Symantec Corp. "It is a disturbing new trend participate by visiting McAfee's Beta
and really a subversive use of cryptography Program Web site. Some incentives to test
that we haven't seen in the past. In the the software include free licenses and an
past, cryptography has been largely used to iPod Shuffle giveaway.
protect information. In this case, it's being
used to hold your information hostage." Story By LostJohn
Hong Kong hits spammers Big ISP = Big zombie army
where it hurts Swathes of virus-infected PC's are being
hosted on some of the worlds biggest
ISP's including AOL, Bellsouth and
Hong Kong is to implement tough anti-
Verizon.
spam laws to combat companies that
send unsolicited emails.
Analysis of zombie networks by DDoS
security company Prolexic showed high
profile ISPs are the most likely to harbor
compromised machines.

"It isn't surprising, it is these networks that


are continually exploited to support large-
scale DDoS attacks," said Barrett Lyon,
CTO at Prolexic. "Just because a home
user subscribes to a reputable brand
The new law will also cover companies that doesn't mean they're safe from the online
send unsolicited faxes, phone calls and text criminal fraternity."
messages.
Along with AOL, Bellsouth and Verizon,
However Yahoo News reported "manually Comcast were criticized. Significantly,
made cold calls" will still be allowed to aid EarthLink, another sizeable ISP was not on
normal business practice. the list of main offenders.

The law, expected next year, has been The report also highlighted major changes
crafted after a consulting period with in the way that DDoS attacks have been
industry groups and mobile operators. coordinated over the last year, focusing
less on layer-3 TCP and hitting weak DDoS
The legislation will follow imminent anti- mitigation devices.
spam measures in China.
"We have seen a 100 percent failure rate in
Elsewhere in the region, the phone several DDoS mitigation devices. Hardware
numbers of 600 Chinese celebrities were does a poor job in identifying attacks that
posted online last Saturday. According to emulate legitimate traffic. Therefore,
the Beijing Daily Star, writers, film directors enterprises that rely on these devices are
and actors were inundated with calls particularly vulnerable to this attack vector.
following the leak, leading to many Essentially, extortionists are becoming
changing their numbers. more intelligent and circumnavigating the
security put in place to stop them," said
News By Ccucu Lyon. The report also revealed that Hong
Kong is the most infected country per
capita. Which may explain the country's
spam problem, due to be addressed by
upcoming anti-spam legislation.

News By Ccucu
Hacker Hunters "In January, 2004, a new virus called
MyDoom attacked the Web site of the SCO
Group Inc. (SCOX ), a software company
Business week in its May 30 2005 edition
that claimed the open-source Linux
publishes a story about the work of the
program violated its copyrights. Most
Secret Service (US) in its battle to protect
security experts suspected the virus writer
computer users everywhere. The paper
was a Linux fan seeking revenge. They
publishes a report about how the "Hacker
were wrong. While the SCO angle created
Hunters" is using new computer technology
confusion, MyDoom acted like a Trojan
and on-line wiretaps (and a bit of good old
horse, infecting millions of computers and
fashioned social engineering) as well as
then opening a secret backdoor for its
regular police gumshoe tactics to penetrate
author. Eight days after the outbreak, the
and bring down a hacker equivalent of
author used that backdoor to download
mafisto crime.
personal data from computer owners. F-
Secure's Hypponen figured this out in time
http://www.businessweek.com/magazine/co
to warn his clients. It was too late, however,
ntent/05_22/b3935001_mz001.htm
for many others. MyDoom caused $4.8
billion in damage, the second-most-
This is a good read. Something everyone in
expensive software attack ever.
both the white and grey hat communities
should read and pass on to all of your News By Ccucu
contacts."

I came onto this story while scanning DEFCON 13, July 29-31,
Groklaw. http://www.groklaw.net/index.php Las Vegas, NV 2005, Alexis
The story has a number of Park
interesting sub scripts, the
main story of how the
criminal gang known as http://www.defcon.org
shadowcrew.com; the
inside workings of a part
of law enforcement that will touch us all, on
both sides of the law, and some other
tidbits like the story of the Russian gang
that seems immune to legal proceedings.
Capture the Flag, WarDriving Contests, Wi-
At the heart of this is a fusion of whitehat Fi Contests, TCP/IP Drinking Games,
workers from many far flung organizations Dozens of quality speeches, Hacker
and law enforcement to be the face of the Jeopardy, Spot the Fed, Dunk The Hacker,
greater good fighting those who would use Coffee Wars, TCP/IP Drinking Contest
computers and the internet against us. (w/Mudge), Lock Picking Contests,
Scavenger Hunts, and more fun than the
At the same time there was one interesting feds can fit into a trip report!
side note that Groklaw pointed out and I put
for you here. News By Ccucu
EliteTorrents shut down by "This Site Has been Permanently Shut
Down by the Federal Bureau of
U.S. customs and FBI Investigation and U.S. Immigration and
Customs Enforcement."

"Our goal is to shut down as much of this


EliteTorrents, a well known and one of the illegal operation as quickly as possible to
most used BitTorrent sites has been shut stem the serious financial damage to the
down today by the Federal Bureau of victims of this high-tech piracy-the people
Investigation and US Immigration and who labor to produce these copyrighted
Customs Enforcement. Here is the entire products," said Acting Assistant Attorney
press release... General Richter. "Today's crackdown sends
a clear and unmistakable message to
WASHINGTON, D.C. - Acting Assistant anyone involved in the online theft of
Attorney General John C. Richter of the copyrighted works that they cannot hide
Criminal Division, Homeland Security behind new technology."
Assistant Secretary for Immigration and
Customs Enforcement Michael J. Garcia, "Internet pirates cost U.S. industry
and Assistant Director Louis M. Reigel of hundreds of billions of dollars in lost
the FBI's Cyber Division today announced revenue every year from the illegal sale of
the first criminal enforcement action copyrighted goods and new online file-
targeting individuals committing copyright sharing technologies make their job even
infringement on peer-to-peer (P2P) easier," said Assistant Secretary Garcia.
networks using cutting EDGE file-sharing "Through today's landmark enforcement
technology known as BitTorrent. actions, ICE and the FBI have shut down a
group of online criminals who were using
This morning, agents of the FBI and U.S. legitimate technology to create one-stop
Immigration and Customs Enforcement shopping for the illegal sharing of movies,
(ICE) executed 10 search warrants across games, software and music."
the United States against leading members
of a technologically sophisticated P2P "The theft of
network known as Elite Torrents. Employing copyrighted material
technology known as BitTorrent, the Elite is far from a
Torrents network attracted more than victimless crime,"
133,000 members and, in the last four said Assistant
months, allegedly facilitated the illegal Director Reigel of the
distribution of more than 17,800 titles- FBI. "When thieves
including movies and software-which were steal this data, they
downloaded 2.1 million times. are taking jobs away
from hard workers in industry, which
In addition to executing 10 warrants, federal adversely impacts the U.S. economy. The
agents also took control of the main server FBI remains committed to working with our
that coordinated all file-sharing activity on partners in law enforcement at all levels
the Elite Torrents network. Anyone and private industry to identify and take
attempting to log on to Elitetorrents.org action against those responsible."
today will receive the following message:
Building on the success of Operation (CHIP) coordinators in San Diego and U.S.
Gridlock, a similar takedown announced by Attorneys' Offices in Arizona, Illinois,
federal law enforcement last August that Kansas, Ohio, Pennsylvania, Texas,
has already led to the felony convictions of Virginia and Wisconsin.
three P2P copyright thieves, Operation D-
Elite targeted the administrators and "first The Motion Picture Association of America
providers" or suppliers of copyrighted provided valuable assistance to the
content to the Elite Torrents network. By investigation.
utilizing BitTorrent, the newest generation
of P2P technology, Elite Torrents members
could download even the largest files-such Early reports from sites like Slyck.com said
as those associated with movies and the site was hacked but as the day went on,
software-far faster than was possible using it became clear what had happened. The
more traditional P2P technology. worst thing about the press release for
EliteTorrent users is that it seems to imply
The content selection available on the Elite that some of the users of the site are also
Torrents network was virtually unlimited and under criminal investigation.
often included illegal copies of copyrighted
works before they were available in retail Source: FBI
stores or movie theatres. For example, the
final entry in the Star Wars series, "Episode News by Ccucu
III: Revenge of the Sith," was available for
downloading on the network more than six
hours before it was first shown in theatres.
In the next 24 hours, it was downloaded
more than 10,000 times.

Operation D-Elite is being conducted jointly Meet the teen who’s


by ICE and the FBI as part of the Computer
And Technology Crime High Tech teaching policemen how to
Response Team (CATCH), a San Diego be ethical hackers
task force of specially trained prosecutors
and law enforcement officers who focus on Neeraj Pattath is one of an elite group of
high-tech crime. Federal and state member youngsters bringing cops up-to-date
agencies of CATCH include the ICE, the about cyber crime
FBI, the Department of Justice, the San
Diego District Attorney's Office, San Diego Mumbai, May 24: NEERAJ Pattath (17) is
Police Department, the San Diego Sheriff's quite the average teenager. He’s appeared
Department, and San Diego County for his SSC exams. He hates math. He
Probation. loves surfing the Net.
Operation D-Elite was coordinated and will There’s just one major difference. For the
be prosecuted by the Justice Department's last three months, Pattath has been helping
Computer Crime and Intellectual Property teach policemen how to detect and solve
Section, with the assistance and support of cyber crimes at World’s Mumbai Cyber Lab.
Computer Hacking and Intellectual Property A joint venture by the National Association
of Software and Service Companies position to register complaints and guide
(Nasscom) and the Mumbai Police, the lab complainants.’’
was initially meant exclusively for city police
officers. Though the instructors currently work for
free, both the Mumbai Police and Nasscom
Its staff now also trains everyone from sub- are working on a proposal to get them on to
inspectors to additional commissioners of the payroll.
police in Mumbai as well as officers in
Thane, Pune and Nashik. ‘‘But I don’t really mind working gratis,’’
smiles senior volunteer Pritam Kale (25). A
Pattath is the latest—and youngest—in a rank holder from Matunga’s Veermata
batch of 15 volunteers aged 17 to 30 that Jijabai Technological Institute, Kale admits
the lab has been using since March 2004. that many of his classmates are now
earning as much as
‘‘It’s strange, but in 2002, I approached the
Mumbai Cyber Crime Investigation Cell for
a job. They said I should only apply after I’d
completed my Std XII and police training. I
found that too long-drawn-out and just
continued surfing the Net. Today, I train the
police.’’ Interestingly, Pattath today is
awaiting his class tenth results—his fourth
attempt at that.

In his class, policemen aged 35 to 50 first


learn how to surf the Net and send e-mail.
Each batch of 15 is then given a crash Rs 30,000 per month. ‘‘But I don’t think their
course in how hacking happens and basics life is half as exciting as mine,’’ he grins.
like how to trace an e-mail or Internet
Protocol (IP) address—all in one seven-day And the ‘students’ admit they’re enjoying
camp. the course. ‘‘I like it so much that I wish I
could stay longer,’’ said Inspector Abhay
The course also includes case studies that Saigaonkar (45) of the Byculla police
illustrate and explain various sections of the station.
Information Technology Act, 2002, so the
policemen can familiarize themselves with ‘‘I used to be clueless about cyber crime,’’
the basics of the legislation. added G Neklikar (40) of the Dharavi police
station. ‘‘Now, I can guide complainants
‘‘Every month, we call in two or three knowledgeably and even trace e-mail and
instructors from among these 15. They’re IP addresses.’’
all registered with Nasscom and they help
out depending on their schedule,’’ said News by Ccucu
Nasscom Project Head Vikrant Pawar.
‘‘And with the help of these training
sessions, policemen are now in a better
Paris Hilton Hack Started A senior law enforcement official involved in
the case said investigators believe the
With Old-Fashioned Con young hacker's group carried out the Paris
Source Says Hacker Posed as T-Mobile Hilton data theft and was also involved in
Employee to Get Access to Information illegally downloading thousands of personal
records from database giant LexisNexis Inc.
The caper had all the necessary ingredients The source asked not to be identified
to spark a media firestorm -- a beautiful because of his role in this and other
socialite-turned-reality TV star, ongoing investigations.
embarrassing photographs and messages, A third source, a woman who has
and the personal contact information of communicated with the hacker group's
several young music and Hollywood members for several years, also confirmed
celebrities. key portions of the young hacker's story
When hotel heiress Paris Hilton found out in and said she saw images and other
February that her high-tech wireless phone information downloaded from Hilton's T-
had been taken over by hackers, many Mobile account hours before they were
assumed that only a technical mastermind released on several Web sites.
could have pulled off such a feat. But as it T-Mobile declined to comment on the
turns out, a hacker involved in the privacy details of the hacker's account of the Paris
breach said, the Hilton saga began on a Hilton incident, saying through a
decidedly low-tech note -- with a simple spokesman that the company cannot
phone call. discuss an ongoing investigation. The
Computer security flaws played a role in the spokesman said the company "will work
attack, which exploited a programming with federal law enforcement agencies to
glitch in the Web site of Hilton's cell phone investigate and prosecute anyone that
provider, Bellevue, Wash.-based T-Mobile attempts to gain unauthorized access to T-
International. But one young hacker who Mobile systems."
claimed to have been involved in the data
theft said the crime only succeeded after Getting Access
one member of a small group of hackers
tricked a T-Mobile employee into divulging In the months leading up to the Hilton
information that only employees are incident, the hacker group freely exploited a
supposed to know. security glitch in the Web site of wireless
The young hacker described the exploit phone giant T-Mobile, according to the
during online text conversations with a hacker, who described himself as the
washingtonpost.com reporter and provided youngest member of the group. The group
other evidence supporting his account, had found that a tool on the T-Mobile site
including screen shots of what he said were that allowed users to reset their account
internal T-Mobile computer network pages. passwords contained a key programming
Washingtonpost.com is not revealing the flaw.
hacker's identity because he is a juvenile By exploiting the flaw, the group's members
crime suspect and because he were able to gain access to the account of
communicated with the reporter on the any T-Mobile subscriber who used a
condition that he not be identified either "Sidekick," a pricey phone-organizer-
directly or through his online alias. camera combination device that stores
videos, photos and other data on T-Mobile's The conversation -- which represents the
central computer servers. recollection of the hacker interviewed by
washingtonpost.com -- began with the 16-
The hackers could only exploit the Web site year-old caller saying, "This is [an invented
vulnerability if they actually knew a Sidekick name] from T-Mobile headquarters in
user's phone number. The loose-knit group Washington. We heard you've been having
had grown bored of using the flaw to toy problems with your customer account
with friends and acquaintances who owned tools?"
Sidekicks and decided to find a high-profile The sales representative answered, "No,
target, one that would ensure their exploits we haven't had any problems really, just a
were reported in the press, the young couple slowdowns. That's about it."
hacker said. They ultimately settled on
Hilton, in part because they knew she Prepared for this response, the hacker
owned a Sidekick; Hilton had previously pressed on: "Yes, that's what is described
starred in a commercial advertising the here in the report. We're going to have to
device. look into this for a quick second."
The group's members --- who range in age
from their mid-teens to early 20s -- include The sales rep acquiesced: "All right, what
a handful of "AOLers," a term used in do you need?"
hacker circles to describe youths who When prompted, the employee then offered
honed their skills over the years by the Internet address of the Web site used to
tampering with various portions of the manage T-Mobile's customer accounts -- a
network run by Dulles, Va.-based America password-protected site not normally
Online Inc. Four members of the group accessible to the general public -- as well
have all met face-to-face, but as with most as a user name and password that
hacking groups, the majority of their day-to- employees at the store used to log on to the
day interactions took place online. system.
Before gaining access to Hilton's wireless
phone account, the group had spent a year To support his story, the hacker provided
studying weaknesses in T-Mobile's Web washingtonpost.com with an image of a
sites. The group member interviewed for page he said was from the protected site.
this story had already written a simple T-Mobile declined to comment on the
computer program that could reset the screenshot, and washingtonpost.com has
password for any T-Mobile user whose no way to verify its authenticity.
phone number the hackers knew.

Inside the Walls

According to the young hacker's account, The hackers accessed the internal T-Mobile
the Hilton caper started the afternoon of site shortly thereafter and began looking up
Feb. 19, when a group member rang a T- famous names and their phone numbers. At
Mobile sales store in a Southern California one point, the youth said, the group
coastal town posing as a supervisor from T- harassed Laurence Fishburne, the actor
Mobile inquiring about reports of slowness perhaps best known for his role in the
on the company's internal networks. "Matrix" movies as Morpheus, captain of the
futuristic ship Nebuchadnezzar.
account -- including phone numbers of
"We called him up a few times and said, celebrities such as Cristina Aguilera,
'GIVE US THE SHIP!'" the youth typed in Eminem, Anna Kournikova and Vin Diesel -
one of his online chats with a reporter. "He - had appeared on GenMay.com (short for
picked up a couple times and kept saying General Mayhem), an eclectic, no-holds-
stuff like YOUR ILLEGALLY CALLING ME." barred online discussion forum.

Later, using their own Sidekick phone, the Within hours of the GenMay posting,
hackers pulled up the secure T-Mobile Hilton's information was published on
customer records site, looked up Hilton's Illmob.org, a Web site run by 27-year-old
phone number and reset the password for William Genovese of Meriden, Conn.,
her account, locking her out of it. Typical known online as "illwill." (The FBI charged
wireless devices can only be hacked into by Genovese in November with selling bits of
someone physically nearby, but a stolen source code for Microsoft Windows
Sidekick's data storage can be accessed 2000 and Windows NT operating systems.)
from anywhere in T-Mobile's service area By Monday morning, dozens of news sites
by someone with control of the account. and personal Web logs had picked up the
That means the hackers were at that point story, with many linking to the illmob.org
able to download all of her stored video, post or mirroring the purloined data on their
text and data files to their phone. own.

"As soon as I went into her camera and saw Hallissey, who describes herself as a kind
nudes my head went JACKPOT," the young of "den mom" to a cadre of budding
hacker recalled of his reaction to first hackers, confirmed that the teenage source
seeing the now-public photos of a topless has been engaged in various hacking
Hilton locked in an intimate embrace with a activities for several years. Hallissey met a
female friend. "I was like, HOLY [expletive] slew of the hacker group's members after a
DUDE ... SHES GOT NUDES. THIS three-year stint during the 1990s as one of
[expletive]'s GONNA HIT THE PRESS SO thousands of people who helped AOL
[expletive] QUICK." maintain its online content in exchange for
free Internet access and various other
The hackers set up a conference call and perks. Hallissey has since joined a still-
agreed to spread the news to several active wage lawsuit against AOL and
friends, all the while plotting ways to get the maintains www.observers.net, a Web site
photos up on various Web sites. Kelly critical of the Dulles-based company.
Hallissey, a 41-year-old New York native
who has been in contact with the group of Hallissey said her sense of privacy has
hackers for several years, said the group's been erased gradually over the past two
members showed her evidence that they years as a result of her association with a
had gained access to Hilton's phone during number of AOLers who playfully bragged to
these early hours -- before the images her about their success with social
made their way online. engineering. They showed her online
screen shots of her water, gas and electric
bills, her Social Security number, credit
By early Feb. 20, the pictures, private notes card balances and credit ratings, pictures of
and contact listings from Hilton's phone her e-mail inbox, as well as all of her
previous addresses, including those of her people are usually not well-trained, but they
children. also interact with people to sell products
and services, so they tend to be more
"This was all done not by skilled 'hackers' customer-friendly and cooperative."
but by kids who managed to 'social' their
way into a company's system and gain During his highly publicized hacking career
access to it within one or two phone calls," in the 1990s, Mitnick -- who spent four
said Hallissey, who asked that her current years in prison and now works as a
place of residence not be disclosed. "Major computer security consultant -- broke into
corporations have made social engineering the computer networks of some of the top
way too easy for these kids. In their call companies in the technology and
centers they hire low-pay employees to telecommunications industries, but rarely
man the phones, give them a minimum of targeted computers systems directly.
training, most of which usually dwells on
call times, canned scripts and sales. This Rather, he phoned employees and simply
isn't unique to T-Mobile or AOL. This has asked them for user names, passwords or
become common practice for almost every other "insider" data that he could use to
company." sound more authentic in future phone
inquiries. "This kind of thing works with just
AOL officials declined to comment about about every mobile carrier," Mitnick said.
the young hacker or other "AOLers" for this
story. He said all of the major wireless carriers --
not just T-Mobile -- are popular targets for
The Weakest Link social engineering attacks. Mitnick said he
knows private investigators who routinely
Security experts say the raiding of Hilton's obtain phone records of people they are
wireless account highlights one of the most investigating by calling a sales office at the
serious security challenges facing target's wireless carrier and pretending to
corporations -- teaching employees to be be an employee from another sales office.
watchful for "social engineering," the use of
deception to trick people into giving away Mitnick described how an investigator will
sensitive data, usually over the phone. claim to have the customer they're
investigating in the store, but can't access
In his book "The Art of Deception," their data because of computer trouble.
notorious ex-hacker Kevin Mitnick says Then the investigator asks the sales
major corporations spend millions of dollars representative at the other store to look up
each year on new technologies to keep out that person's password, account number
hackers and viruses, yet few dedicate and Social Security number. In many cases
significant resources to educating the employee provides the information
employees about the dangers of old- without verifying the caller's identity. Armed
fashioned con artistry. with that data, he said, investigators usually
can create an account at the wireless
"The average $10-an-hour sales clerk or provider's Web site and pull all of the
call-center employee will tell you anything target's phone records.
you want, including passwords," Mitnick
said in a telephone interview. "These
Large organizations that maintain Service agent. Jacobsen had posted to an
numerous branches around the country are online bulletin board that he could be hired
especially susceptible to social engineering to look up the name, Social Security
attacks, said Peter Stewart, president of number, birth date, and voice-mail and e-
Baton Rouge, La.-based Trace Security, a mail passwords of any T-Mobile subscriber.
company that is hired to test the physical
and network security for some of the most T-Mobile later alerted 400 customers that
paranoid companies in the world: banks. their e-mails, phone records and other data
More often than not, Stewart says, his had been compromised as a result of that
people can talk their way into employee- break-in.
only areas of banks by pretending to be a
repairman or just another employee. In The court files don't give details about how
most cases, the break-in attempts are aided it happened, but Jack Koziol, a senior
by information gleaned over the phone. instructor for the Oak Park, Ill.-based
InfoSec Institute, said the intruder likely
"Usually your corporate headquarters are took advantage of security flaws in the
more stringent and things get more lax the company's Web servers. Koziol conducted
further away from there you get," Stewart an informal audit of T-Mobile's site in March
said. "The larger you are as a company the and uncovered hundreds of pages run by
more likely it is that you're not going to Web servers vulnerable to well-known
know everyone by name, and lots of security flaws, he said.
companies have no policy in place of "It's pretty amazing how poorly secured
verifying who's calling you and how to their Web properties are," said Koziol,
respond to that person." whose company offers training to corporate,
law enforcement and government clients on
'Web Security 101' the latest techniques and tactics used by
hackers. "Most of these flaws are simple
Social engineering can be difficult to Web Security 101, stuff you'd learn about in
counter, but the now-infamous Paris Hilton the first few chapters of a basic book on
attack follows other recent serious T-Mobile how to secure Web applications."
security breaches engineered by hackers.
On Feb. 15, Nicolas Jacobsen, 22, of Santa T-Mobile officials declined to say what
Ana, Calif., pleaded guilty to compromising steps they took to close the security holes
a T-Mobile Web server that granted access identified by the Hilton hackers or how
to hundreds of wireless accounts. He faces many other accounts may have been
a maximum of five years in jail and a hijacked.
$250,000 fine at a sentencing hearing "T-Mobile has invested millions of dollars to
originally scheduled for mid-May. protect our customers' information, and we
continue to reinforce our systems to
Jacobsen was arrested last fall by the U.S. address the security needs of our
Secret Service as part of a large-scale subscribers," company spokesman Peter
investigation into an international online Dobrow wrote in an e-mail. "For our
credit card fraud ring. According to court customers' protection, we do not publicly
records, Jacobsen had hijacked hundreds disclose the specific actions taken to
of T-Mobile accounts, including a mobile reinforce our systems."
phone belonging to a then-active Secret News By Coldrock
it was big page with almost 20000
members, with paid sections etc. that was
like original job, big thing and great honor to
work with those neat old guys.
In this issue of "Masters of
WareZ", I bring you the We worked together on few projects and
later, and I was around warez scene all the
man who I admire the time.. when I decided to start running my
most, the man who is like a own pages.

second father, and, also First page was wizzwarez.info, which went
like a brother to me. So down and doesn't exist anymore..(IPB took
me down, 4 using their board software,
here is WiZzMaster, the pirated, how ironically). Not long after,
man who cracked XP SP 2, almost a year ago new project came,
wizzworld.info and later wizzworld.org, first
before it was officially out, my big warez forum and first real quality
"The King of WareZ". site.

After that, all is history,


lil' intro about who wizz is...
wareznewsmagazine.com, cracksww.com,
speedking.info etc.
Note: All of You who will read this, should
have in mind that this text was written in 4
in the morning, after about 40 hours that I'm
My ideas:
awake...

I'd like to start a magazine, online first,


How I started:
meant to serve for education of public...
including a lot of How-To's and hints, about
fast growing computer technology, written
My first interest was more in hacking, in
lightly for common users...
time when there was much less pages
about it and it was all in complete
Educational and guidance oriented for new,
underground, 3-4-5 years. That's how I got
less accommodated, and novice users
to xhackers.com, old page filled with
which yet have to fight for their right to
hacking tips, ware and dss hacking
survive and become experts and tutors for
materials, unfortunately that page doesn't
next generation of PC users...
exist anymore, at least not in that sense.
I'd like to start educational, training and
There I got active, mostly in warez and
motivating camps for talented users, with
cracks sections, and I found some neat
special accent on creativity and
peeps there like T, Looper, Phat and few
imagination, in creating and developing of
more who are still today around net.. old
new technology solutions, software and
hackers, who do things in old fashioned,
tools for easier handling of more and more
completely ethical way... Quite quickly I
sophisticated PC machines...
became mod there, and that was big thing,
be implicated in every expect of modern
With contests for best works in various thinking and living...
fields, solutions and improvement in
computer technologies...

Offering the short courses inside big and


small corporations, handling& creating
platforms and systems for new businesses
and improving of persisting ones...
Help for all, but for a piece of their
improvement in jobs, «slice of cake» in their
success...

Not involving in big ambitious projects, we


will sooner or later (ourselves) invent or
create something revolutionary... My skills
in computing and programming aren't
nearly enough for developing of software
and other related stuff, but my
imagination&small technical knowledge
could produce revolution things and My goal is not to find solution for life on
innovations in technology... ONLY IF, I find Mars, my idea is to form a group of people
a crew that could put those ideas in who will find solution for that, or at least to
numbers... make living there less painful as possible...
If someone could follow and technically I don't want a Nobel Price for revolutionary
support my ideas, concepts and visions, invention, I want memorial museum with all
that should be a winning combination for improvements in peoples lives, that was
the whole new solutions in software and result of my small contribution, or in which I
technology by all means... participated in some way during my life...
Build by all of them who are grateful to
Why am I writing all this? me&my crew, for starting and motivating
other in creation of something what is yet to
My expectations from computers and be achieved... And first of all, those who
software already created, are much higher learned that anybody can be, and should be
that they can provide for now... Lot of ideas creator of its own destiny...
and system solutions are not technically
possible yet (far as I know)... That is extremely important, because things
are going now and will go further, global
Reading this you got to have in mind that situation leads to unknowledgeable,
I'm not some Sci-Fi freak, dreaming about indifference, low interest in own (for You
flying saucers, Star Trek tools that are relevant issues) capabilities... Making us
beyond 90% of people’s imagination... slaves of machines, technology and
governments more and more dependable
In all, my basic theory is that man (and on them, rather than to ourselves...
women) uses so little of their potentials, can
Things meant to be for fun, enjoy and help all, or at least until we learn how to
for everyone, now serve to a few, creating manipulate them by all means...
slaves of people who aren't prepared for Or we should better try to improve
changing their «way of life»... It's about time ourselves in any possible ways first... Our
for human kind to take control in human- capability to use about 5% of our brain,
machine (sort of contest) war, in which speaks enough in my favor... FOR NOW...
more that we are developing technology,
we are less capable to have complete
control over it... My advice for newbies:

We will learn how to handle it, or it will start


to handle us... 2 words: ethical hacking.

In first reactions I expect laughter and Hack to improve things, not to brake and
public judgment for (in some way) my critics steal somebody's private property, find and
about people and their lives, but time and learn new skills which all are going to
history shows that only thing which could benefit from.
bring our persistence in question, is Article by WiZzMaster
something what we will produce...

Something we will create, too good and


better than it should be... That something
will one day make decisions about our
purpose and reason (or what benefit is from
us) we are here at all...

This discussion now goes in 2 ways:

Each story on its own bases, means and


developments prospects, leads and goes in
a wrong way...

1. Story: Genetic Manipulation

2. Story: AI (Artificial Intelligence)

Both of stories leads to a point, point where


evolution is showing and presenting in most
beautiful, and in some brutal (hard to
understand) ways...

Main Point; Creation on new always have


for result that old, less functional model is
no longer needed, sooner or later...
Having GM & AI on our doorsteps, we
should first check are we needing them at
The Anonymity Tutorial * How can I use them to anonymize myself?
* Wingates sound useful. I wanna run one
on my own computer. How do I do it without
Note: whenever you see something like turning it into an "anonymity hive"?
this: blah(1) it means that if you don't * How can I tell IRC clients, instant
understand the meaning of the word blah messengers such as ICQ, etc', to use
there's an explanation for it just for you, them?
located on the newbies corner on section 1. Anonymous Remailers?
Note 2: if you're having a hard time reading * What is an anonymous remailer?
this page because you have to scroll to the * How can I use them to be more
right whenever a long line comes, it's anonymous?
probably because you're not using "word * Why would a person start an anonymous
wrapping". remailing service? Where's the catch?
Most UNIX text editors and advanced Encryption?
Windows editors (and some less advanced * Why should I encrypt my Email?
ones like WordPad) do this by themselves. * How can I encrypt my Email?
To do word wrapping on Microsoft Notepad, Cookies?
simply go to Edit and then click on "Word * What are cookies?
wrapping". * Can they risk my privacy?
.chk files?
Disclaimer * What are they?
* How can they risk my privacy?
We do not encourage any kinds of illegal The Anonymizer?
activities. If you believe that breaking the * What is the anonymizer?
law is a good way to impress someone, * How can I sign up?
please stop reading now and grow up. Where can I learn more about anonymity?
There is nothing impressive or cool in being * Useful URLs.
a criminal. * Other useful tutorials by Black Sun.
Appendix A: Using AltaVista as a "proxy"
Contents * How can I use AltaVista’s web translation
service to anonymize myself?
Anonymity? Appendix B: Spoofing browser history
* You mean I have absolutely zero * How can I spoof my browser's history?
anonymity on the web? Appendix C: the +x mode
* So what? Why would I wanna be
anonymous anyway?
* Okay, I see your point. Anonymize me.
Proxies?
* What are proxies?
* What are public proxies?
* Where can I find lists of public proxies?
* Are they good for anything besides
anonymity?
* Okay, so how do I use them?
Wingates?
* What are Wingates?
Bibliography have terminated our account on our web
stats provider because they were quite
* http://www.theargon.com buggy and we've decided to use a php3-
* Anonymizer.com based text counter). There you will be able
* Various tutorials to see how much we can tell about our
Other Tutorials By Black Sun visitors
* FTP Hacking.
* Over clocking. 2) Another example: you're connected to an
* Ad and Spam Blocking. IRC network and you are chatting with your
* Send mail. friends. Right now all a person needs to find
* Phreaking. information on you is nothing but your
* Advanced Phreaking. nickname. He doesn't even have to know
* Phreaking II. you, or be in the same channel/channels
* IRC Warfare. you are. Here are a few examples of what
* Windows Registry. you can find by simply knowing a person's
* Info Gathering. nickname (in the most optimal conditions):
* Proxy/Wingate/SOCKS.
* Offline Windows Security. 1. Your real name.
* ICQ Security. 2. Your Email address.
3. Your IP address.
Anonymity? 4. Your hostname.
5. Your ISP.
Whether you realize it or not, the Internet is 6. Your continent.
not as anonymous as you might think. Here 7. Your country.
are a few examples: 8. Your city.

1) You enter a website. Once you hit any And much much more.
one of the files on the web server, the
website owners can find out these pieces of The same goes for online games that allow
information about you, and much more: players to view the other players' IP
addresses.
1. Your IP Address.
2. Your hostname. 3) Suppose my name is Paul Matthews,
3. Your continent. and my Email address is
4. Your country. pmatthews@boring.ISP.net. It is extremely
5. Your city. easy to figure out that the first letter of my
6. Your web browser. first name is P and that my last name is
7. Your Operating System. Matthews, but that's not all.
8. Your screen resolution. Some ISPs give their entire listings to web
9. Your screen colors. directories. Meaning, people can go to,
10. The previous URL you've been to. say... whowhere.com, punch in the words
11. Your ISP. Paul Matthews or search for people with
Matthews as their last name on
And this is just the tip of the iceberg. Go to boring.ISP.net and find out that
our homepage at blacksun.box.sk and find pmatthews@boring.ISP.net does actually
the web statistics button (later addition: we belong to Paul Matthews, hence
discovering your real name. Instant Messenger, allow you to add people
But it is also possible to use these web in or outside your contact list to an "invisible
directories for 1,001 uses. Therefore you list", so they won't be able to know whether
should go to whowhere.com as soon as you're online or not and you'll appear to be
possible, try to track down yourself and offline to them. If they have your Email
then tell whowhere.com to delete your address, and your ISP is running a finger
listing. daemon, they are able to know whether
you're really offline or just trying to fool
4) Some ISPs also run finger daemons. them.
A daemon is a program that waits for 2. Your friend promised you to do
incoming connections on a specific or something for you on the net, but when you
several ports. finally go online to ask him if he's done it he
The finger daemon is a daemon that waits says that he just got back from work and
for open connections on port 79. Once you that he just got online. Using finger, you can
get in, you need to punch in a username on test this and see when he really got online.
the system the daemon runs on and you
will get tons of information about him. These were just a little out of many
For example: a while ago my ISP was examples.
running a finger daemon on their servers During this tutorial I will explain to you how
(until I forced them to take it off because it to prevent people from finding out
was a privacy invasion). Now, suppose you information about you (there will always be
know nothing about me besides my Email new tricks, but blocking the most basic /
address, which is barakirs@netvision.net.il. common ones will hold off most attackers
The first thing you should do is to go to and make it harder for the more
netvision.net.il on port 79 and hope there's experienced ones). If you really wanna
somebody there. If there is, you can find the learn how to do these things, as well as
following information by typing in my some really cool and advanced tricks, then
username, barakirs: read the 'Info-Gathering' tutorial.

1. My real name. Proxies?


2. When was the last time I was online.
3. If I'm online right now, since when have I Proxies were first invented in order to
been online. speed up Internet connections. Here's how
4. Whether I have new mail or not. they work:
You are trying to connect to a server on the
And much much more (some finger other side of the planet. Your HTTP
daemons might give out any pieces of requests are sent to your proxy server,
information, such as my home address and which is located at your ISP's headquarters,
phone number). which are a lot closer to you than that far-
Besides the obvious uses (finding a away server. The proxy first checks if one
person's real name and other private of its users has accessed this website
information), you can use this information lately. If so, it should have a copy of it
for various purposes, such as: somewhere on its servers. Then the proxy
server starts the connection only to check if
1. Most instant messengers, such as ICQ, his version is not outdated, which only
AIM, YAHOO Instant Messenger and MSN requires him to look at the file size. If it has
the latest version, it will send the file to you,
instead of having the far server send it to 1. If he owns an ISP and he wants to set up
you, thus speeding up the connection. If a proxy for it.
not, it will download the requested files by 2. If he wants to turn his computer into a
itself and then send them to you. public proxy.
But proxies can also be used to anonymize 3. If he wants to give Internet access to a
yourself while surfing the web, because whole bunch of computers that are
they handle all the HTTP requests for you. connected by a Local Area Network, but he
Most chances are that your ISP has a can provide Internet access for only one
proxy. Call tech support and ask them computer. In that case, he would turn his
about it. But the problems with proxy computer into a proxy server and set all the
access given to you by your ISP is: other computers on the network to use him
1. Some ISPs don't even have proxies. as a proxy. That way all the rest of the
2. The website owner would still be able to computers on the network will relay their
know what ISP you are using and where do HTTP and FTP requests through a single
you live, since this kind of proxies are not computer, a single modem and a single
public and they can only be accessed by Internet account.
users of that ISP. For such cases, there is a
solution - public proxies. The problem with Wingates is that they're
You can find a list of public proxies highly... well... they're very... how should I
everywhere. Here are two good URLs to say this? Stupid. Just plain stupid. Why is
start from: that?
EVERYONE can connect to your little proxy
http://www.theargon.com by simply connecting to port 1080 on your
http://www.cyberarmy.com/lists computer and typing 'target-ip-address-or-
hostname port' (no quotes) and replace
target-ip-address-or-hostname with the IP
To configure your web browser to use a address or the hostname they want to
proxy server, find the appropriate dialog connect to, and replace port with the
box in your settings dialog box (it varies destination port. The "wingated" machine
from different browsers). will then relay your input through it, but it
will seem like the wingated machine is
Note: some proxy servers will also handle connecting to the target computer, not you.
FTP sessions (some might handle FTP Sure, the sysadmin of the wingated
only). machine can change that port to a different
one, but this is the default, and if you're
Wingates? stupid enough to use Wingate you probably
won't want to play with the defaults.
Wingate is a program that is used to turn a First of all, if you need to use Wingate for
PC running Windows 9x or NT into a proxy some reason, use SyGate instead. It does
server. Here are several reasons for why a exactly what Wingate does, only it won't
person would want to run such an serve EVERYONE like Wingate does.
application and turn his computer into a Now, these Wingates can be used to
proxy: anonymize practically anything. Also, every
program that can be set to run behind a
SOCKS firewall (most IRC clients, most
instant messengers and most web mailbox and keeps all the information
browsers) will automatically do the dirty discreet?
work of routing your stuff through it if you'll These are called Anonymous Remailers.
give them the IP/hostname and the Most of them are free and live out of
appropriate port for the wingated machine. contributions and/or sponsor banners they
Wingates can also be used to get into IRC place on their website.
channels you got banned from (by faking You can find many many Anonymous
your IP). Remailers at http://www.theargon.com.

WARNING: some IRC networks run bots Here's a good example for an Anonymous
that will kick out people using Wingates. Remailer:
These bots try to connect to random people First, head to http://anon.isp.ee (by the way,
on port 1080. If they succeed, they kick you the extension .ee stands for Estonia) and
out. This works because the IRC network, sign up your free account. Once you're a
as well as everyone on it, thinks that your registered user, send an Email to
IP is the wingated machine's IP. If the bot robot@anon.isp.ee with no subject and the
tries to connect to your IP on port 1080, it following content:
will actually go to the wingated machine. user: your username
The bot will then detect that your IP is pass: your password
actually a Wingate and kick you off (since realaddr: your recipient's Email address.
it's being run by the IRC network and given realsubj: the subject of your mail.
enough privileges to kick out anyone). Example: if I want to send an anonymous
mail containing the following:
You can find lists of Wingates at
http://www.cyberarmy.com/lists. There are Subject: ANONYMITY RULEZ!!
also tons of Wingate scanners out there Hi.
that can scan whole subnets and look for This is an anonymous Email message.
Wingates, but this might take some time Let's see you trace me now!
(and make your ISP get suspicious), so
you'd just better go for Cyber Army’s lists. to bgates@microsoft.com, and your
username is user and your pass is pass,
Anonymous Remailers? send the following Email to
robot@anon.isp.ee (remember not to enter
Previously I have demonstrated to you what a subject):
a person with very little knowledge can find
out about you just by knowing your Email user: user
address. Now it is obvious that to keep your pass: pass
privacy, you need to sign up for a free realaddr: bgates@microsoft.com
Email account (such as Hotmail realsubj: ANONYMITY RULEZ!!
[hotmail.com], Yahoo mail Hi.
[mail.yahoo.com], ZDNet Mail This is an anonymous Email message.
[zdnetmail.com], Net @dress Let's see you trace me now!
[netaddress.com], Bigfoot [bigfoot.com]
etc'). But what if you had a special Email You'll receive an Email notification from
address on a free server that automatically anon.isp.ee once your message has been
forwards all incoming Email to your real delivered.
Once your recipient will reply to this Email, browser to create and then retrieve
the message will return to you. information from them. Websites can put
your password or any other information in
You can also use web-based anonymous these files.
remailers such as Replay Associates If you don't want your co-workers or other
(replay.com/remailer/anon.html), but it won't people to sniff around and see where
let you receive replies. you've been visiting, what items you've
been buying etc', you should delete them
Encryption? when you don't need them.
On Unix, your cookies would usually be
Everyone can read your Email. Whether it's stored somewhere in your home directory
some script kiddie who hacked your (usually /home/your-login, /usr/your-login or
Hotmail account, a skilled cracker (or a /usr/local/your-login if you're a regular user
script kiddie with a lot of free time) that and /root if you're root, but anyone with
hacked your POP3 mailbox or a person write access to /etc/passwd can change
who got your Email by mistake. If you don't that).
want other people to read your Email, use On Windows and Mac, cookies are stored
PGP. on a sub-directory at your browser's
Everyone who uses PGP can have their directory called cookies.
own PGP key. A key consists of tons of
characters, whether they are lowercase or Note 1: you can tell your browser to ask you
uppercase letters, number or symbols. After before accepting a cookie. Just play around
you make your key, you need to transfer it with its preferences menu, you'll find it
to everyone you want to send encrypted (there are so many browsers out there so I
mail to. Once they have it, you can start can't give a detailed explanation for every
sending encrypted mail to them and they'll single one).
be able to use your key to decrypt it. Note 2: if you're browsing from a public
More info on www.pgpi.com. computer, do not save any cookies, or other
people will be able to snoop around and
Note: PGP is very strong and can only be look at your cookies or even enter various
broken with giant supercomputers. The websites with your passwords, your credit
longer your key is, the harder it is to break card number etc'.
the encryption.
A reader called Stone Cold Lyin Skunk has
Cookies? pointed out to me that the cookies.txt file
may be found in the netscape\users\default
Have you noticed how all those websites on directory. This happens when you register
the net are getting "smarter" all of a your user (Netscape let's you have multiple
sudden? You know, like the way message users for the same program, each user with
boards remember your nickname, some his own settings etc') without giving it a
sites remember your password so you won't username.
have to retype it every time, electronic malls He also pointed out to me that some
remember what you last put in your virtual websites will require you to accept cookies
shopping cart etc'. in order to enter them.
This is all because of cookies. Cookies are Also, he recommended to beware of your
small files which a website can request your browser's history file (information on
removing it can be found on the "Where University, designed and implemented
Can I Learn More About Anonymity?" Anonymizer surfing. Anonymizer Surfing is
chapter), as well as your cache and your now in its 4th generation under
preferences.js files, because they may development by the Anonymizer
reveal your browsing habits (where have engineering team.
you been, etc').
Our Mission
.chk files?
Our mission is to ensure that an individual's
Stone Cold Lyin Skunk has pointed out that right to privacy is not compromised once
if you're running Windows and you do a they are online. We began this company as
quick reboot (hold down shift while telling a means to protect this right as embodied in
Windows to reset) Windows generates a file the United Nations' Universal Declaration of
called FILE0001.chk, FILE0002.chk etc' Human Rights:
(usually found on c:\). You will be amazed "No one shall be subjected to arbitrary
to see how much information you could find interference with his privacy, family, home
in these files! Delete them ASAP! or correspondence, nor to attacks upon his
honor and reputation. Everyone has the
The Anonymizer? right to the protection of the law against
such interference or attacks."
The Anonymizer is an Internet service that
helps you anonymize yourself better. The While written 50 years ago, article 19 of this
Anonymizer's homepage is document is now more than ever applicable
www.anonymizer.com. Here's a snapshot with the advent of the recent growth of the
from anonymizer.com: Internet:
"Everyone has the right to freedom of
Company Overview opinion and expression; this right includes
freedom to hold opinions without
Anonymizer.com is a pioneer in Internet interference and to seek, receive and
privacy technologies, and the most popular impart information and ideas through any
and trusted name in delivering online media and regardless of frontiers."
privacy services. Anonymizer.com, today,
has many thousand subscribers to its paid You can read the full Universal Declaration
services and makes anonymous over 7.5 of Human Rights on the following URL:
million pages a month. Lance Cottrell, http://www.unhchr.ch/udhr/lang/eng.htm.
founder and President of Anonymizer.com,
authored the world's most secure You can use The Anonymizer to surf the
anonymous remailer, Mixmaster and has web with anonymity for free by going to
been active for many years in promoting anonymizer.com and typing in the target
free speech. Lance received his URL where asked, or buy an Anonymizer
undergraduate degree in physics from The package, which will give you more benefits.
University of California, Santa Cruz and a If you want some of the money you pay to
masters in Physics from The University of go to Black Sun, subscribe through the
California, San Diego. following URL:
Justin Boyan, while a Computer Science http://www.anonymizer.com/3.0/affiliate/doo
Ph.D. student at Carnegie Mellon r.cgi?CMid=12437.
If you want, you too can join their affiltrates
program. Simply go to Appendix B: Spoofing browser history
http://www.anonymizer.com/3.0/affiliate/afd
oor.cgi?CMid=12437 for more information. Here is something I got by Email from a
If you will subscribe through this URL, you reader called Stone Cold Lyin Skunk:
will still receive all the cash you deserve,
but we at Black Sun will also receive some
benefits. set up a V3 redirect (http://www.v3.com or
something like that) then build a quick
Where Can I Learn More About Anonymity? webpage with a link to the site you want to
view discretely then go to your webpage via
Useful URLs: http://www.theargon.com. the V3 redirect
http://www.pgpi.com (for learning about all I know is that the URL indicator at the
PGP encryption and how to use it to top of the e browser
encrypt your Emails) will not show the URL you visit even your
IP Spoofing Demystified - a long article own .index page
from Phrack magazine on IP spoofing it will only show the URL name
(faking your IP). You can download it from
our books section. so if there is URL logging at your job or
http://www.cyberarmy.com/lists - for lists of school or whatever,
Wingates, Proxies and free shell accounts they can always surf to your homepage via
you can surf from to anonymize yourself. the V3, which they will
http://2waymedia.hypermart.net/hh/browser have. But, by then, you will have erased or.
s/index.htm - how to completely clear your Or maybe it has
browser's history "hidden" links (links the same color as the
background)...
Other useful Tutorials by Black Sun: IRC
Warfare by The Cyber God (for learning in any case, they will not have your URLs
more on Anonymizing yourself on IRC), and they certainly
Proxy/Wingate/SOCKS tutorial by Jet and won't have proof you surfed there...
Sendmail by me, R a v e N.
for instance, you may not want, say, your
Appendix A: Using AltaVista as a proxy local library sysop to know about Black
Sun...so you set up say, a Homestead
If you go to altavista.com, and under their homepage (these are great because they
tools section choose translation (or go feature password protected pages) ...you
directly to the following URL: then
http://babelfish.altavista.com/cgi- set up a V3 redirect to that page. Bingo-
bin/translate?), you can ask AltaVista to you can now surf to the
translate web pages for you. page via V3, log in with your password, hit
But you can also use this as a proxy, since all those cool hidden
when you tell AltaVista to translate a web links to Black Sun, Cyber Army,
page, AltaVista’s CGI translation script peacefire.org what whatever, and the
retrieves the page for you. URL snoop software will only record the
original http://surf.to/fakeoutname
Thanks to Yoink for this information. ... and don't forget, make the V3 Ural as
innocuous-sounding as possible...eg.
http://surf.to.backetweaving ... Appendix D: Anonymity on Usenet

Appendix C: the +x mode Do you post on Usenet regularly? Are you


concerned about your anonimity?
In IRC, it is possible to put yourself into
mode x by typing '/mode yournick +x' (do Then you should go to www.deja.com and
not include the quotes and replace yournick sign up for a free account which will let you
with your own nick. For example: /mode post anonymously.
raven +x).
Nothing will be revealed about you, not
This tells the IRC server to hide your IP, so even your IP, since deja.com handles the
when others try to /whois you or /dns you, actual posting.
they won't be able to get your IP (they will Tutorial by arjuna
get a partial IP instead).

This will only work on some servers, but


when you're on IRC, it is recommended to
use this option.

Also, there is a way to bypass this. By


simply creating a DCC connection with
someone else (either a DCC chat or a DCC
file transfer), you could then type 'netstat'
(without the quotes) on either Unix or
Windows/DOS and see what connections
your computer is currently handling. One of
them will be the DCC connection to that
other guy.

Why is that? Because DCC stands for


Direct Client Communication, which means
that DCC actions are not done through the
server, but directly (think - why would the
owners of the IRC server want people to
transfer files through their servers and
initiate private chats through their servers?
It'll just chew up some bandwidth). The
netstat command shows all current
connections (local or remote), and one of
them will be your DCC connection with that
other guy. You will then be able to see
his/her IP or hostname.

Note: on some networks this is done by


typing /mode yournick +z
How To Become A Hacker system. Real hackers call these people
'crackers' and want nothing to do with them.
Real hackers mostly think crackers are
What Is a Hacker?
lazy, irresponsible, and not very bright, and
object that being able to break security
The Jargon File contains a bunch of
doesn't make you a hacker any more than
definitions of the term "hacker", most having
being able to hotwire cars makes you an
to do with technical adeptness and a delight
automotive engineer. Unfortunately, many
in solving problems and overcoming limits.
journalists and writers have been fooled
If you want to know how to become a
into using the word 'hacker' to describe
hacker, though, only two are really relevant.
crackers; this irritates real hackers no end.
There is a community, a shared culture, of
The basic difference is this: hackers build
expert programmers and networking
things, crackers break them.
wizards that traces its history back through
decades to the first time-sharing
If you want to be a hacker, keep reading. If
minicomputers and the earliest ARPAnet
you want to be a cracker, go read the
experiments. The members of this culture
alt.2600 newsgroup and get ready to do five
originated the term 'hacker'. Hackers built
to ten in the slammer after finding out you
the Internet. Hackers made the Unix
aren't as smart as you think you are. And
operating system what it is today. Hackers
that's all I'm going to say about crackers.
run Usenet. Hackers make the World Wide
Web work. If you are part of this culture, if
The Hacker Attitude
you have contributed to it and other people
in it know who you are and call you a
1. The world is full of fascinating problems
hacker, you're a hacker.
waiting to be solved.
2. No problem should ever have to be
The hacker mind-set is not confined to this
solved twice.
software-hacker culture. There are people
3. Boredom and drudgery are evil.
who apply the hacker attitude to other
4. Freedom is good.
things, like electronics or music --- actually,
5. Attitude is no substitute for
you can find it at the highest levels of any
competence.
science or art. Software hackers recognize
these kindred spirits elsewhere and may
Hackers solve problems and build things,
call them 'hackers' too --- and some claim
and they believe in freedom and voluntary
that the hacker nature is really independent
mutual help. To be accepted as a hacker,
of the particular medium the hacker works
you have to behave as though you have
in. But in the rest of this document we will
this kind of attitude yourself. And to behave
focus on the skills and attitudes of software
as though you have the attitude, you have
hackers, and the traditions of the shared
to really believe the attitude.
culture that originated the term 'hacker'.
But if you think of cultivating hacker
There is another group of people who
attitudes as just a way to gain acceptance
loudly call themselves hackers, but aren't.
in the culture, you'll miss the point.
These are people (mainly adolescent
Becoming the kind of person who believes
males) who get a kick out of breaking into
these things is important for you --- for
computers and phreaking the phone
helping you learn and keeping you learn from that, you'll learn enough to solve
motivated. As with all creative arts, the the next piece --- and so on, until you're
most effective way to become a master is to done.)2. No problem should ever have to
imitate the mind-set of masters --- not just be solved twice.
intellectually but emotionally as well.
Creative brains are a valuable, limited
Or, as the following modern Zen poem has resource. They shouldn't be wasted on re-
it: inventing the wheel when there are so
many fascinating new problems waiting out
there.
To follow the path:
look to the master, To behave like a hacker, you have to
follow the master, believe that the thinking time of other
walk with the master, hackers is precious -- so much so that it's
see through the master, almost a moral duty for you to share
become the master. information, solve problems and then give
the solutions away just so other hackers
So, if you want to be a hacker, repeat the can solve new problems instead of having
following things until you believe them: to perpetually re-address old ones.

1. The world is full of fascinating (You don't have to believe that you're
problems waiting to be solved. obligated to give all your creative product
away, though the hackers that do are the
Being a hacker is lots of fun, but it's a kind ones that get most respect from other
of fun that takes lots of effort. The effort hackers. It's consistent with hacker values
takes motivation. Successful athletes get to sell enough of it to keep you in food and
their motivation from a kind of physical rent and computers. It's fine to use your
delight in making their bodies perform, in hacking skills to support a family or even
pushing themselves past their own physical get rich, as long as you don't forget your
limits. Similarly, to be a hacker you have to loyalty to your art and your fellow hackers
get a basic thrill from solving problems, while doing it.)
sharpening your skills, and exercising your
intelligence. 3. Boredom and drudgery are evil.

If you aren't the kind of person that feels Hackers (and creative people in general)
this way naturally, you'll need to become should never be bored or have to drudge at
one in order to make it as a hacker. stupid repetitive work, because when this
Otherwise you'll find your hacking energy is happens it means they aren't doing what
sapped by distractions like sex, money, and only they can do --- solve new problems.
social approval. This wastefulness hurts everybody.
Therefore boredom and drudgery are not
(You also have to develop a kind of have to just unpleasant but actually evil.
develop a kind of faith in your own learning
capacity --- a belief that even though you To behave like a hacker, you have to
may not know all of what you need to solve believe this enough to want to automate
a problem, if you tackle just a piece of it and away the boring bits as much as possible,
not just for yourself but for everybody else 5. Attitude is no substitute for
(especially other hackers). competence.

(There is one apparent exception to this. To be a hacker, you have to develop some
Hackers will sometimes do things that may of these attitudes. But copping an attitude
seem repetitive or boring to an observer as alone won't make you a hacker, any more
a mind-clearing exercise, or in order to than it will make you a champion athlete or
acquire a skill or have some particular kind a rock star. Becoming a hacker will take
of experience you can't have otherwise. But intelligence, practice, dedication, and hard
this is by choice --- nobody who can think work.
should ever be forced into a situation that
bores them.) Therefore, you have to learn to distrust
attitude and respect competence of every
4. Freedom is good. kind. Hackers won't let posers waste their
time, but they worship competence ---
Hackers are naturally anti-authoritarian. especially competence at hacking, but
Anyone who can give you orders can stop competence at anything is good.
you from solving whatever problem you're Competence at demanding skills that few
being fascinated by --- and, given the way can master is especially good, and
authoritarian minds work, will generally find competence at demanding skills that
some appallingly stupid reason to do so. So involve mental acuteness, craft, and
the authoritarian attitude has to be fought concentration is best.
wherever you find it, lest it smother you and
other hackers. If you revere competence, you'll enjoy
developing it in yourself --- the hard work
(This isn't the same as fighting all authority. and dedication will become a kind of
Children need to be guided and criminals intense play rather than drudgery. That
restrained. A hacker may agree to accept attitude is vital to becoming a hacker.
some kinds of authority in order to get
something he wants more than the time he Basic Hacking Skills
spends following orders. But that's a limited,
conscious bargain; the kind of personal The hacker attitude is vital, but skills are
surrender authoritarians want is not on even more vital. Attitude is no substitute for
offer.) competence, and there's a certain basic
toolkit of skills which you have to have
Authoritarians thrive on censorship and before any hacker will dream of calling you
secrecy. And they distrust voluntary one.
cooperation and information-sharing --- they
only like 'cooperation' that they control. So This toolkit changes slowly over time as
to behave like a hacker, you have to technology creates new skills and makes
develop an instinctive hostility to old ones obsolete. For example, it used to
censorship, secrecy, and the use of force or include programming in machine language,
deception to compel responsible adults. and didn't until recently involve HTML. But
And you have to be willing to act on that right now it pretty clearly includes the
belief. following:
1. Learn how to program. that efficiency by requiring you to do a lot of
low-level management of resources (like
This, of course, is the fundamental hacking memory) by hand. All that low-level code is
skill. If you don't know any computer complex and bug-prone, and will soak up
languages, I recommend starting with huge amounts of your time on debugging.
Python. It is cleanly designed, well With today's machines as powerful as they
documented, and relatively kind to are, this is usually a bad tradeoff --- it's
beginners. Despite being a good first smarter to use a language that uses the
language, it is not just a toy; it is very machine's time less efficiently, but your time
powerful and flexible and well suited for much more efficiently. Thus, Python.
large projects. I have written a more
detailed evaluation of Python. Good Other languages of particular importance to
tutorials are available at the Python web hackers include Perl and LISP. Perl is worth
site. learning for practical reasons; it's very
widely used for active web pages and
Java is also a good language for learning to system administration, so that even if you
program in. It is more difficult than Python, never write Perl you should learn to read it.
but produces faster code than Python. I Many people use Perl in the way I suggest
think it makes an excellent second you should use Python, to avoid C
language. programming on jobs that don't require C's
machine efficiency. You will need to be able
But be aware that you won't reach the skill to understand their code.
level of a hacker or even merely a
programmer if you only know one or two LISP is worth learning for a different reason
languages --- you need to learn how to --- the profound enlightenment experience
think about programming problems in a you will have when you finally get it. That
general way, independent of any one experience will make you a better
language. To be a real hacker, you need to programmer for the rest of your days, even
get to the point where you can learn a new if you never actually use LISP itself a lot.
language in days by relating what's in the (You can get some beginning experience
manual to what you already know. This with LISP fairly easily by writing and
means you should learn several very modifying editing modes for the Emacs text
different languages. editor.)

If you get into serious programming, you It's best, actually, to learn all five of these
will have to learn C, the core language of (Python, Java, C/C++, Perl, and LISP).
Unix. C++ is very closely related to C; if you Besides being the most important hacking
know one, learning the other will not be languages, they represent very different
difficult. Neither language is a good one to approaches to programming, and each will
try learning as your first, however. And, educate you in valuable ways.
actually, the more you can avoid
programming in C the more productive you I can't give complete instructions on how to
will be. learn to program here --- it's a complex skill.
But I can tell you that books and courses
C is very efficient, and very sparing of your won't do it (many, maybe most of the best
machine's resources. Unfortunately, C gets hackers are self-taught). You can learn
language features --- bits of knowledge --- Under OS/X it's possible, but only part of
from books, but the mind-set that makes the system is open source --- you're likely to
that knowledge into living skill can be hit a lot of walls, and you have to be careful
learned only by practice and not to develop the bad habit of depending
apprenticeship. What will do it is (a) reading on Apple's proprietary code. If you
code and (b) writing code. concentrate on the Unix under the hood you
can learn some useful things.
Learning to program is like learning to write
good natural language. The best way to do Unix is the operating system of the Internet.
it is to read some stuff written by masters of While you can learn to use the Internet
the form, write some things yourself, read a without knowing Unix, you can't be an
lot more, write a little more, read a lot more, Internet hacker without understanding Unix.
write some more - and repeat until your For this reason, the hacker culture today is
writing begins to develop the kind of pretty strongly Unix-centered. (This wasn't
strength and economy you see in your always true, and some old-time hackers still
models. aren't happy about it, but the symbiosis
between Unix and the Internet has become
Finding good code to read used to be hard, strong enough that even Microsoft's muscle
because there were few large programs doesn't seem able to seriously dent it.)
available in source for fledgeling hackers to
read and tinker with. This has changed So, bring up a Unix --- I like Linux myself
dramatically; open-source software, but there are other ways (and yes, you can
programming tools, and operating systems run both Linux and Microsoft Windows on
(all built by hackers) are now widely the same machine). Learn it. Run it. Tinker
available. Which brings me neatly to our with it. Talk to the Internet with it. Read the
next topic? code. Modify the code. You'll get better
programming tools (including C, LISP,
2. Get one of the open-source Unixes Python, and Perl) than any Microsoft
and learn to use and run it. operating system can dream of hosting,
I'm assuming you have a personal you'll have fun, and you'll soak up more
computer or can get access to one (these knowledge than you realize you're learning
kids today have one (these kids today have until you look back on it as a master hacker.
it so easy :-)). The single most important
step any newbie can take toward acquiring For more about learning Unix, see The
hacker skills is to get a copy of Linux or one Loginataka. You might also want to have a
of the BSD-Unixes, install it on a personal look at The Art Of Unix Programming.
machine, and run it.
To get your hands on a Linux, see the Linux
Yes, there are other operating systems in Online! site; you can download from there
the world besides Unix. But they're or (better idea) find a local Linux user group
distributed in binary --- you can't read the to help you with installation. From a new
code, and you can't modify it. Trying to user's point of view, all Linux distributions
learn to hack on a Microsoft Windows are pretty much equivalent.
machine or under MacOS or any other
closed-source system is like trying to learn You can find BSD Unix help and resources
to dance while wearing a body cast. at www.bsd.org.
I have written a primer on the basics of Unix 4. If you don't have functional English,
and the Internet. learn it.

(Note: I don't really recommend installing As an American and native English-speaker


either Linux or BSD as a solo project if myself, I have previously been reluctant to
you're a newbie. For Linux, find a local suggest this, lest it be taken as a sort of
Linux user's group and ask for help.) cultural imperialism. But several native
speakers of other languages have urged
3. Learn how to use the World Wide Web me to point out that English is the working
and write HTML. language of the hacker culture and the
Internet, and that you will need to know it to
Most of the things the hacker culture has function in the hacker community.
built do their work out of sight, helping run
factories and offices and universities This is very true. Back around 1991 I
without any obvious impact on how non- learned that many hackers who have
hackers live. The Web is the one big English as a second language use it in
exception, the huge shiny hacker toy that technical discussions even when they share
even politicians admit is changing the a birth tongue; it was reported to me at the
world. For this reason alone (and a lot of time that English has a richer technical
other good ones as well) you need to learn vocabulary than any other language and is
how to work the Web. therefore simply a better tool for the job. For
similar reasons, translations of technical
This doesn't just mean learning how to drive books written in English are often
a browser (anyone can do that), but unsatisfactory (when they get done at all).
learning how to write HTML, the Web's
markup language. If you don't know how to Linus Torvalds, a Finn, comments his code
program, writing HTML will teach you some in English (it apparently never occurred to
mental habits that will help you learn. So him to do otherwise). His fluency in English
build a home page. Try to stick to XHTML, has been an important factor in his ability to
which is a cleaner language than classic recruit a worldwide community of
HTML. (There are good beginner tutorials developers for Linux. It's an example worth
on the Web; here's one.) following.

But just having a home page isn't anywhere Status in the Hacker Culture
near good enough to make you a hacker.
The Web is full of home pages. Most of Like most cultures without a money
them are pointless, zero-content sludge --- economy, hackerdom runs on reputation.
very snazzy-looking sludge, mind you, but You're trying to solve interesting problems,
sludge all the same (for more on this see but how interesting they are, and whether
The HTML Hell Page). your solutions are really good, is something
that only your technical peers or superiors
To be worthwhile, your page must have are normally equipped to judge.
content --- it must be interesting and/or
useful to other hackers. And that brings us Accordingly, when you play the hacker
to the next topic? game, you learn to keep score primarily by
what other hackers think of your skill (this is
why you aren't really a hacker until other They also serve who stand and debug
hackers consistently call you one). This fact open-source software. In this imperfect
is obscured by the image of hacking as world, we will inevitably spend most of our
solitary work; also by a hacker-cultural software development time in the
taboo (now gradually decaying but still debugging phase. That's why any open-
potent) against admitting that ego or source author who's thinking will tell you
external validation are involved in one's that good beta-testers (who know how to
motivation at all. describe symptoms clearly, localize
problems well, can tolerate bugs in a
Specifically, hackerdom is what quickie release, and are willing to apply a
anthropologists call a gift culture. You gain few simple diagnostic routines) are worth
status and reputation in it not by dominating their weight in rubies. Even one of these
other people, nor by being beautiful, nor by can make the difference between a
having things other people want, but rather debugging phase that's a protracted,
by giving things away. Specifically, by exhausting nightmare and one that's merely
giving away your time, your creativity, and a salutary nuisance.
the results of your skill.
If you're a newbie, try to find a program
There are basically five kinds of things you under development that you're interested in
can do to be respected by hackers: and be a good beta-tester. There's a natural
progression from helping test programs to
1. Write open-source software helping debug them to helping modify them.
You'll learn a lot this way, and generate
The first (the most central and most good karma with people who will help you
traditional) is to write programs that other later on.
hackers think are fun or useful, and give the
program sources away to the whole hacker 3. Publish useful information
culture to use.
Another good thing is to collect and filter
(We used to call these works 'free useful and interesting information into web
software', but this confused too many pages or documents like Frequently Asked
people who weren't sure exactly what 'free' Questions (FAQ) lists, and make those
were supposed to mean. Most of us, by at generally available.
least a 2:1 ratio according to web content
analysis, now prefer the term 'open-source' Maintainers of major technical FAQs get
software). almost as much respect as open-source
authors.
Hackerdom's most revered demigods are
people who have written large, capable 4. Help keep the infrastructure working
programs that met a widespread need and
given them away, so that now everyone The hacker culture (and the engineering
uses them. development of the Internet, for that matter)
is run by volunteers. There's a lot of
2. Help test and debug open-source necessary but unglamorous work that
software needs done to keep it going ---
administering mailing lists, moderating
newsgroups, maintaining large software from normal social expectations. See The
archive sites, developing RFCs and other Geek Page for extensive discussion.
technical standards.
If you can manage to concentrate enough
People who do this sort of thing well get a on hacking to be good at it and still have a
lot of respect, because everybody knows life, that's fine. This is a lot easier today
these jobs are huge time sinks and not as than it was when I was a newbie in the
much fun as playing with code. Doing them 1970s; mainstream culture is much
shows dedication. friendlier to techno-nerds now. There are
even growing numbers of people who
5. Serve the hacker culture itself realize that hackers are often high-quality
Finally, you can serve and propagate the lover and spouse material.
culture itself (by, for example, writing an
accurate primer on how to become a If you're attracted to hacking because you
hacker :-)). This is not something you'll be don't have a life, that's OK too --- at least
positioned to do until positioned to do until you won't have trouble concentrating.
you've been around for while and become Maybe you'll get a life later on.
well-known for one of the first four things.
Points For Style
The hacker culture doesn't have leaders,
exactly, but it does have culture heroes and Again, to be a hacker, you have to enter the
tribal elders and historians and hacker mindset. There are some things you
spokespeople. When you've been in the can do when you're not at a computer that
trenches long enough, you may grow into seem to help. They're not substitutes for
one of these. Beware: hackers distrust hacking (nothing is) but many hackers do
blatant ego in their tribal elders, so visibly them, and feel that they connect in some
reaching for this kind of fame is dangerous. basic way with the essence of hacking.
Rather than striving for it, you have to sort
of position yourself so it drops in your lap, • Learn to write your native language
and then be modest and gracious about well. Though it's a common
your status. stereotype that programmers can't
write, a surprising number of hackers
The Hacker/Nerd Connection (including all the most accomplished
ones I know of) are very able writers.
Contrary to popular myth, you don't have to • Read science fiction. Go to science
be a nerd to be a hacker. It does help, fiction conventions (a good way to
however, and many hackers are in fact meet hackers and proto-hackers).
nerds. Being a social outcast helps you stay • Study Zen, and/or take up martial
concentrated on the really important things, arts. (The mental discipline seems
like thinking and hacking. similar in important ways.)
• Develop an analytical ear for music.
For this reason, many hackers have Learn to appreciate peculiar kinds of
adopted the label 'nerd' and even use the music. Learn to play some musical
harsher term 'geek' as a badge of pride --- instrument well, or how to sing.
it's a way of declaring their independence • Develop your appreciation of puns
and wordplay.
The more of these things you already do, The problem with screen names or handles
the more likely it is that you are natural deserves some amplification. Concealing
hacker material. Why these things in your identity behind a handle is a juvenile
particular is not completely clear, but they're and silly behavior characteristic of crackers,
connected with a mix of left- and right-brain warez d00dz, and other lower life forms.
skills that seems to be important; hackers Hackers don't do this; they're proud of what
need to be able to both reason logically and they do and want it associated with their
step outside the apparent logic of a problem real names. So if you have a handle, drop
at a moment's notice. it. In the hacker culture it will only mark you
as a loser.
Work as intensely as you play and play as
intensely as you work. For true hackers, the Tutorial by arjuna
boundaries between "play", "work",
"science" and "art" all tend to disappear, or
to merge into a high-level creative
playfulness. Also, don't be content with a
narrow range of skills. Though most
hackers self-describe as programmers, they
are very likely to be more than competent in
several related skills --- system
administration, web design, and PC
hardware troubleshooting are common
ones. A hacker who's a system
administrator, on the other hand, is likely to
be quite skilled at script programming and
web design. Hackers don't do things by
halves; if they invest in a skill at all, they
tend to get very good at it.

Finally, a few things not to do.

• don't use a silly, grandiose user ID or


screen name.
• don't get in flame wars on Usenet (or
anywhere else).
• don't call yourself a 'cyberpunk', and
don't waste your time on anybody
who does.
• don't post or email writing that's full
of spelling errors and bad grammar.

The only reputation you'll make doing any


of these things is as a twit. Hackers have
long memories --- it could take you years to
live your early blunders down enough to be
accepted.
Steps To Deface A attention". People who deface to get
famous or to show off their skills need to
Webpage grow up and realize there is a better way of
going about this (not that I support the ones
First of all, I do not deface, I never have with other reasons ether). Anyways, the two
(besides friends sites as jokes and all in kinds and what you need to know about
good fun), and never will. So how do I know them:
how to deface? I guess I just picked it up on
the way, so I am no expert in this. If I get a Scanning Script Kiddie: You need to know
thing or two wrong I apologize. It is pretty what signs of the hole are, is it a service? A
simple when you think that defacing is just certain OS? A CGI file? How can you tell if
replacing a file on a computer. Now, finding they are vuln? What version(s) are vuln?
the exploit in the first place, that takes skill, You need to know how to search the net to
that takes knowledge, which is what real find targets which are running whatever is
hackers are made of. I don't encourage that vuln. Use altavista.com or google.com for
you deface any sites, as this can be used web based exploits. Using a script to scan
get credit cards, get passwords, get source ip ranges for a certain port that runs the
code, billing info, email databases, etc.. (it vuln service. Or using netcraft.com to find
is only right to put up some kind of warning. out what kind of server they are running
now go have fun ;) and what extras it runs (FrontPage, php,
etc..) nmap and other port scanners allow
This tutorial will be broken down into 3 main quick scans of thousands of ips for open
sections, they are as followed: ports. This is a favorite technique of those
1. Finding Vuln Hosts. guys you see with mass hacks on alldas.
2. Getting In.
3. Covering Your Tracks Targeted Site Script Kiddie: More
respectable then the script kiddies who
It really is easy, and I will show you how hack any old site. The main step here is
easy it is. gathering as much information about a site
as possible. Find out what OS they run at
1. Finding Vuln Hosts netcraft or by using: telnet www.site.com 80
This section needs to be further broken then GET / HTTP/1.1 Find out what
down into two categories of script kiddies: services they run by doing a port scan. Find
ones who scan the net for a host that is out the specifics on the services by
vuln to a certain exploit and ones who telnetting to them. Find any cgi script, or
search a certain site for any exploit. The other files which could allow access to the
ones you see on alldas are the first kind, server if exploited by checking /cgi /cgi-bin
they scan thousands of sites for a specific and browsing around the site (remember to
exploit. They do not care who they hack, index browse)
anyone will do. They have no set target and
not much of a purpose. In my opinion these Wasn't so hard to get the info was it? It may
people should either have a cause behind take awhile, but go through the site slowly
what they are doing, ie. "I make sure people and get all the information you can.
keep up to date with security, I am a
messenger" or "I am spreading a political 2. Getting In
message, I use defacements to get media Now that we got the info on the site we can
find the exploit(s) we can use to get access. trojans to bounce off of. Linking them
If you were a scanning script kiddie you together will make it very hard for someone
would know the exploit ahead of time. A to track you down. Logs on the wingates
couple of great places to look for exploits and shells will most likely be erased after
are Security Focus and packetstorm. Once like 2-7 days. That is if logs are kept at all. It
you get the exploit check and make sure is hard enough to even get a hold of one
that the exploit is for the same version as admin in a week, let alone further tracking
the service, OS, script, etc.. Exploits mainly the script kiddie down to the next wingate or
come in two languages, the most used are shell and then getting a hold of that admin
C and perl. Perl scripts will end in .pl or .cgi, all before the logs of any are erased. And it
while C will end in .c To compile a C file (on is rare for an admin to even notice an
*nix systems) do gcc -o exploit12 file.c then: attack, even a smaller percent will actively
./exploit12 For perl just do: chmod 700 pursue the attacker at all and will just
file.pl (not really needed) then: perl file.pl. If secure their box and forget it ever
it is not a script it might be a very simple happened. For the sake of argument let’s
exploit, or just a theory of a possible exploit. just say if you use wingates and shells,
Just do a little research into how to use it. don't do anything to piss the admin off too
Another thing you need to check is weather much (which will get them to call authorities
the exploit is remote or local. If it is local or try to track you down) and you deleting
you must have an account or physical logs you will be safe. So how do you do it?
access to the computer. If it is remote you
can do it over a network (internet). We will keep this very short and too the
point, so we'll need to get a few wingates.
Don't go compiling exploits just yet, there is Wingates by nature tend to change IPs or
one more important thing you need to know shutdown all the time, so you need an
updated list or program to scan the net for
Covering Your Tracks them. You can get a list of wingates that is
So by now you have gotten the info on the well updated at
host in order to find an exploit that will allow http://www.cyberarmy.com/lists/wingate/
you to get access. So why not do it? The and you can also get a program called
problem with covering your tracks isn't that winscan there. Now let’s say we have 3
it is hard, rather that it is unpredictable. just wingates:
because you killed the sys logging doesn't
mean that they don't have another logger or 212.96.195.33 port 23
IDS running somewhere else. (even on 202.134.244.215 port 1080
another box). Since most script kiddies 203.87.131.9 port 23
don't know the skill of the admin they are
targeting they have no way of knowing if to use them we go to telnet and connect to
they have additional loggers or what. them on port 23. we should get a response
Instead the script kiddie makes it very hard like this:
(next to impossible) for the admin to track
them down. Many use a stolen or second CSM Proxy Server >
isp account to begin with, so even if they
get tracked they won't get caught. If you to connect to the next wingate we just type
don't have the luxury of this then you MUST in it's ip:port
use multiple wingates, shell accounts, or
CSM Proxy Server >202.134.244.215:1080 shellweb - http://shellweb.net
If you get an error it is most likely to be that blekko - http://blekko.net
the proxy you are trying to connect to isn't
up, or that you need to login to the proxy. If once you get on your last shell you can
all goes well you will get the 3 chained compile the exploit, and you should be safe
together and have a shell account you are from being tracked. But let’s be even surer
able to connect to. Once you are in your and delete the evidence that we were there.
shell account you can link shells together
by: Alright, there are a few things on the server
side that all script kiddies need to be aware
[j00@server j00]$ ssh 212.23.53.74 of. Mostly these are logs that you must
delete or edit. The real script kiddies might
You can get free shells to work with until even use a rootkit to automatically delete
you get some hacked shells, here is a list of the logs. Although lets assume you aren't
free shell accounts. And please remember that lame. There are two main logging
to sign up with false information and from a daemons which I will cover, klogd which is
wingate if possible. the kernel logs, and syslogd which is the
system logs. First step is to kill the
SDF (freeshell.org) - http://sdf.lonestar.org daemons so they don't log anymore of your
GREX (cyberspace.org) - actions.
http://www.grex.org
NYX - http://www.nxy.net [root@hacked root]# ps -def | grep syslogd
ShellYeah - http://www.shellyeah.org [root@hacked root]# kill -9 pid_of_syslogd
HOBBITON.org - http://www.hobbiton.org
FreeShells - http://www.freeshells.net in the first line we are finding the pid of the
DucTape - http://www.ductape.net syslogd, in the second we are killing the
Free.Net.Pl (Polish server) - daemon. You can also use /etc/syslog.pid
http://www.free.net.pl to find the pid of syslogd.
XOX.pl (Polish server) - http://www.xox.pl
IProtection - http://www.iprotection.com [root@hacked root]# ps -def | grep klogd
CORONUS - http://www.coronus.com [root@hacked root]# kill -9 pid_of_klogd
ODD.org - http://www.odd.org
MARMOSET - http://www.marmoset.net Same thing happening here with klogd as
flame.org - http://www.flame.org we did with syslogd.
freeshells - http://freeshells.net.pk
LinuxShell - http://www.linuxshell.org now that killed the default loggers the script
takiweb - http://www.takiweb.com kiddie needs to delete themself from the
FreePort - http://freeport.xenos.net logs. To find where syslogd puts it's logs
BSDSHELL - http://free.bsdshell.net check the /etc/syslog.conf file. Of course if
ROOTshell.be - http://www.rootshell.be you don't care if the admin knows you were
shellasylum.com - there you can delete the logs completely.
http://www.shellasylum.com Let’s say you are the lamest of the script
Daforest - http://www.daforest.org kiddies, a defacer, the admin would know
FreedomShell.com - that the box has been comprimised since
http://www.freedomshell.com the website was defaced. So there is no
LuxAdmin - http://www.luxadmin.org point in appending the logs, they would just
delete them. The reason we are appending as defacing. as long as you don't destroy
them is so that the admin will not even anything I don't think this is very bad. Infact
know a break in has accord. I'll go over the some people will even help the admin patch
main reasons people break into a box: the hole. Still illegal though, and best not to
break into anyone's box.

To deface the website. - this is really lame,


since it has no point and just damages the I'll go over the basic log files: utmp, wtmp,
system. lastlog, and .bash_history
These files are usually in /var/log/ but I
have heard of them being in /etc/ /usr/bin/
To sniff for other network passwords. - and other places. Since it is different on alot
there are programs which allow you to sniff of boxes it is best to just do a find / -iname
other passwords sent from and to the box. 'utmp'|find / -iname 'wtmp'|find / -iname
If this box is on an Ethernet network then 'lastlog'. and also search threw the /usr/
you can even sniff packets (which contain /var/ and /etc/ directories for other logs.
passwords) that are destine to any box in Now for the explanation of these 3.
that segment.
utmp is the log file for who is on the system,
I think you can see why this log should be
To mount a DDoS attack. - another lame appended. Because you do not want to let
reason, the admin has a high chance of anyone know you are in the system. wtmp
noticing that you comprimised him once you logs the logins and logouts as well as other
start sending hundreds of Mobs through his info you want to keep away from the admin.
connection. Should be appended to show that you
never logged in or out. and lastlog is a file
which keeps records of all logins. Your
To mount another attack on a box. - this shell's history is another file that keeps a
and sniffing is the most commonly used, not log of all the commands you issued, you
lame, reason for exploiting something. should look for it in your $ HOME directory
Since you now how a root shell you can and edit it, .sh_history, .history, and
mount your attack from this box instead of .bash_history are the common names. you
those crappy freeshells. And you now have should only append these log files, not
control over the logging of the shell. delete them. if you delete them it will be like
holding a big sign infront of the admin
saying "You've been hacked". Newbie script
To get sensitive info. - some corporate kiddies often deface and then rm -rf / to be
boxes have a lot of valuable info on them. safe. I would avoid this unless you are
Credit card databases, source code for really freaking out. In this case I would
software, user/password lists, and other top suggest that you never try to exploit a box
secret info that a hacker may want to have. again. Another way to find log files is to run
a script to check for open files (and then
manually look at them to determine if they
To learn and have fun. - many people do it are logs) or do a find for files which have
for the thrill of hacking, and the knowledge been editted, this command would be: find /
you gain. I don't see this as horrible a crime -ctime 0 -print
A few popular scripts which can hide your totally invisible to all others and most
presence from logs include: zap, clear and admins wouldn't be able to tell they were
cloak. Zap will replace your presence in the comprimised.
logs with 0's, clear will clear the logs of your
presence, and cloak will replace your In writting this tutorial I have mixed feelings.
presence with different information. acct- I do not want more script kiddies out their
cleaner is the only heavily used script in scanning hundreds of sites for the next
deleting account logging from my exploit. And I don't want my name on any
experience. Most rootkits have a log shouts. I rather would like to have people
cleaning script, and once you installed it say "mmm, that defacing crap is pretty
logs are not kept of you anyways. If you are lame" especially when people with no lives
on NT the logs are at scan for exploits everyday just to get their
C:\winNT\system32\LogFiles\, just delete name on a site for a few minutes. I feel alot
them, nt admins most likely don't check of people are learning everything but what
them or don't know what it means if they they need to know in order to break into
are deleted. boxes. Maybe this tutorial cut to the chase
a little and helps people with some
One final thing about covering your tracks, I knowledge see how simple it is and
won't go to into detail about this because it hopefully make them see that getting into a
would require a tutorial all to itself. I am system is not all it's hyped up to be. It is not
talking about rootkits. What are rootkits? by any means a full guide, I did not cover
They are a very widely used tool used to alot of things. I hope admins found this
cover your tracks once you get into a box. tutorial helpful as well, learning that no
They will make staying hidden painfree and matter what site you run you should always
very easy. What they do is replace the keep on top of the latest exploits and patch
binaries like login, ps, and who to not show them. Protect yourself with IDS and try
your presence, ever. They will allow you to finding holes on your own system (both with
login without a password, without being vuln scanners and by hand). Also setting up
logged by wtmp or lastlog and without even an external box to log is not a bad idea.
being in the /etc/passwd file. They also Admins should have also seen a little bit
make commands like ps not show your into the mind of a script kiddie and learned
processes, so no one knows what a few things he does.. this should help you
programs you are running. They send out catch one if they break into your systems.
fake reports on netstat, ls, and w so that
everything looks the way it normally would, Tutorial by No-Z3r0
except anything you do is missing. But
there are some flaws in rootkits, for one
some commands produce strange effects
because the binary was not made correctly.
They also leave fingerprints (ways to tell
that the file is from a rootkit). Only
smart/good admins check for rootkits, so
this isn't the biggest threat, but it should be
concidered. Rootkits that come with a LKM
(loadable kernel module) are usually the
best as they can pretty much make you
Maya Tips & Tricks choose the respective axis and select
Mirror. You can also opt to ‘Merge the
Vertices’ at this time. Rig This Low Poly
Do you 3D? If you are into 3D designing,
model, and keep checking the skinning
using your free time to mould nurbs and
results or the Outputs on the hiRes model
bones into creatures of imagination, or are
or the Smooth Proxy. Keeping them, the
just starting to enter the world of 3D
LowPoly and the HiPoly, on two different
animation and if Maya is your choice of tool,
layers is usually helpful in case of large
then this month's Tips & Tricks should give
scene files, and also when you have to edit
you some insight.
the vertices— the fewer the better.
To reduce clutter in the Channel box
Nurbs at render time
Select Object and then go to Window>
General Editor> Channel Control. Select
To get rid of the jagged edges at render
the channels that are of no use to your
time on your oh-so-smooth nurbs, go to
current object. Click on Move to transfer
Attribute Editor and drop down Tessellation.
them to the Non Keyable attributes. Also,
Check the Display Tessellation box and
look out for the NonKeyable attributes such
then increase the ‘Curvature Tolerance’ by
as Shear, Ghosting, etc, which you can
simply using the drop down menu. You can
transfer to the Keyable attributes using the
further increase the U and V divisions
Move button.
factor. You can also type in a higher value.
This increases the mesh count at render
time, thereby outputting smoother
To revert back to selections
geometry.
Go to Create> Sets> Quick Selection Sets
and name the selection. Next, go to Edit >
Smoothing weights
Quick Select Set or type in the name in the
sel box, on the status line. This comes in
It gets a bit unnerving to keep rotating the
handy when you have to revert back to
joints, or moving the IKs, each time, to
selected vertices in a very complex mesh.
check the influence of the joints and their
Use the Lasso tool or go to Edit > Paint
weights on your skinned character.
Selection Tool, to make Selections
Instead, simply animate the joints at their
extreme positions, Set one key at bind pose
at frame 0 and another key at any other
Things to remember while making
pose at frame 50 for instance. Now,
Polygonal Models
compare or adjust the weights as you scrub
along the timeline.
Keep A Check on Your Polygonal Count,
Go to Display> Heads Up Display> Poly
Count On to do so. Make a polygon smooth
Freezing joint orientation
proxy by going to Polygon > Smooth Proxy.
In case Of symmetrical characters or
Maya 5 lets you freeze the local joint
models, model only one Half, and when
rotation axes to match world space. To do
complete, mirror the other half. Do this by
so, go to Modify > Freeze Transformation
going to Polygon> Mirror Geometry. Here,
and turn on the Orient option. If this option WINDOWS XP.
is turned off, the local joint rotation axes are
not affected by Freeze Transformation.
OPERATING SYSTEM.
IK/FK blending Clearing Document list

It lets you apply keyframe animation to The Start menu, in Windows XP, has been
joints and also control them with Inverse completely revamped and made extremely
Kinematics( IK) animation. In addition to customizable. If you want the Start menu to
blending IK and Forward Kinematics (FK) display only certain applications, right click
animation over multiple frames, a blend can in an empty section of the Start menu's left
occur over a single frame. Blending over a column and select Properties > Start menu
single frame switches IK to FK or FK to IK > Customize. Then, go to the General tab,
instantly. click on Clear List, and set the counter to
zero. Now no one can keep track of the
Intensity curves and color curves programs or applications you've recently
used.
Use a custom brightness decay rate to
increase a spotlight's brightness, or a
custom color decay rate to change its color
with distance. Speedup the Start menu
Intensity curves and color curves are
graphical representations of a light's
brightness and color with distance. Use the The Start menu takes quite a while to
graph editor (Windows > Animation Editor), display the list of programs installed. In
to view them. order to get Windows XP to display the list
The vertical axis represents the intensity or faster, you will have to edit the registry
color intensity value, and the horizontal axis settings. To speed up your Start menu, go
represents distance from the light source. to Start > Run and type regedit. This will
Intensity curves and color curves are similar open the registry window. Then navigate to
to animation curves, except that the the following key:
horizontal axis of an animation curve HKEY_CURRENT_USER\Control
represents time. Panel\Desktop. Scroll down in the right
panel and double-click on 'menu show
delay'. In the Value Data box, change the
RampShader brightness default value for the menu speed from 400
to a lesser number, such as 1 or even 0.
Use this Shader Type to create cartoon- Click OK. You should now find a significant
style shading with the help of a ramp with increase in the Start menu speed.
stepped values. The right side of the ramp Note: Remember to back up your registry
shows the color output where the before making any changes.
brightness of the diffused and translucent
lighting is 1.0 or greater. The left side
displays the color with the brightness set to
zero.
Switching users The 'Classic Look'

Windows XP allows you to switch users, If you are not comfortable with the new look
without actually quitting programs and of Windows XP, you can easily switch back
logging off. To make use of this, go to Start to the old classic Windows look. Right click
> Log off. You will be greeted with an option the desktop, select Properties, click the
of 'switching user' wherein another user can Themes tab and choose Windows Classic
log on without you having to quit your from the drop-down list. You will now have
programs. the old Windows 2000 look.

Modifying visual settings Grouping/ungrouping taskbar items

If you have only 128 MB RAM, your Try opening more than three windows of
machine might be a bit sluggish after any program, such as Internet Explorer,
installing Windows XP. So to achieve and you will see them automatically
optimal performance without buying grouped together under a single button.
additional RAM, disable certain visual This happens because Windows XP, by
settings and free up some precious default, enables the option of grouping
memory. Go to the Control Panel > system similar programs. To uncheck this option,
> Advanced, and click on the Settings right click on a blank area of the Taskbar
button under Performance. Change various and select Properties. Under Properties,
graphical effects, and ensure that the deselect 'Group Similar Taskbar Buttons',
animation and shadow options are and then click OK.
unchecked, as they tend to consume a lot If you want to change the number of
of memory. You should get a better windows that can be opened, without
response from your operating system, grouping, you will have to change a registry
without spending any money on RAM. entry. Go to Start > Run and type regedit,
and press [Enter]. Navigate to the key to
Enabling/disabling Clear Type text KEY_CURRENT_USER\Software\Microsoft
\Windows\CurrentVersion\Explorer\Advanc
Microsoft has introduced a new technology ed\Taskbar Groupsize. Right click on
called 'Clear Type' with Windows XP. 'Taskbar Groupsize', and change the
However, it is not enabled by default. To hexadecimal value to whatever you like-for
enable it, right click on a blank area of the example, 4, 5 or even 10. XP will now
Desktop, and choose Properties. Click on group the programs according to the
the Appearance Tab, and then click on number you set.
Effects. Check the 'Use following method to
smooth edges of screen fonts' option and Hiding inactive icons
then choose as per your monitor. For
desktop monitors choose the 'Standard' Windows XP automatically hides inactive
option, and for laptops and other flat screen icons in the System Tray. If you so wish,
monitors, choose Clear Type. This option you can disable this option by right clicking
improves the readability of large screen on the Taskbar, choosing Properties, and
fonts. disabling the 'Hide Inactive Icons' option.
You can specify the ones you would like to
be not hidden.
Disabling Automatic Windows Update
and System Restore Notes

There are certain services, such as To use the Group Policy snap-in, you
Windows Update and System Restore, must be logged on to the computer using
which load automatically and occupy a lot • an account that has administrator
of space. If you want to disable them, right permissions.
click on My Computer and choose
Properties. Click on the System Restore tab This method prevents programs that use
and check the box 'Turn off System the Messenger APIs from using Windows
Restore'. This will increase Windows Messenger. Microsoft Outlook 2002,
performance and save disk space. Microsoft Outlook Express 6, and the
Just next to the 'System Restore' option, •
Remote Assistance feature in Windows
you will find the 'Automatic Update' option. XP are examples of programs that use
This option will periodically ask you to these APIs and that depend on Windows
update the OS. You can go ahead and Messenger.
disable this, but remember that you will
have to update Windows manually after
To turn on the Do not allow Windows
applying this option, and there will be no
Messenger to be run option, follow these
further reminders.
steps:
Change the picture on the welcome
screen Click Start, click Run, type gpedit.msc,
1. and then click OK.
Want to add your own picture in the Startup
menu? Go to Start > Control Panel > User In Group Policy, expand Local
account and click on the user name. There Computer Policy, expand Computer
you will see an option to change the picture Configuration, expand Administrative
on the welcome screen. On clicking it, you 2. Templates, expand Windows
will see an option from which you can select Components, and then expand
the picture already present or you can Windows Messenger.
browse to the folder where you've saved
your photograph. Double-click Do not allow Windows
Messenger to be run, and then click
How to prevent Windows Messenger 3.
Enabled.
from running on a Windows XP-based
computer Click OK.
4.
Use the Group Policy (gpedit.msc) snap-in
On the File menu, click Exit to quit the
to turn on the Do not allow Windows 5.
Group Policy snap-in.
Messenger to be run option.
Monitors (CRT/LCD) 4) Why does my monitor flicker? How do I
solve it?
One of the most 'visible' piece of computer This may be due to incorrect video or
peripheral which helps you visualize what monitor drivers. Also, the refresh rate might
you are doing with your computer is the be too low; set it to 75 Hz.
Monitor. This month we answer some of the
most common queries about it, which you
may have at the back of your mind since a 5) My monitor does not reproduce colours.
long time. Check the connector-pins for any damage.
Make sure that there are no electronic
devices—speakers for example—near the
1) I see a dot on the LCD screen that is monitor. Degauss the monitor at least once
different in colour from the rest? a month. If this doesn’t work, relocate the
This dot is a dead pixel. Normally, dead display. Also, use it with another PC to
pixels emit the colour in whose mode they further isolate the problem.
get stuck, or appear black. Up to three dead
pixels are permitted when performing an
LCD quality check—more than that calls for 6) My screen is tilted? How do I correct it?
a monitor rejection. Use the onscreen-display menu to correct
the problem. If this does not help, check
whether you are using the correct version of
2) My graphics card manual says that it can the video-card driver; also, try using
go up to 1,600 x 1,200 pixels, but I can’t different resolutions. Connect the display to
select a resolution over 1,024 x 768. Why is another PC to check if the problem persists.
this so?
The native resolution supported by a 15-
inch LCD monitor is 1,024 x 768 pixels. 7) I can’t sync my monitor?
Hence, though the graphics card is capable Check whether the D-sub connector is
of delivering a resolution of 1,600 x 1,200 properly plugged in to the graphic card.
pixels, the monitor cannot do so. Also make sure that no pins in the
connector are damaged. Install the latest
graphics card drivers. This ensures a
3) I see two faint horizontal lines on my correct resolution and frequency
monitor—is this a defect? adjustment. Don’t set a refresh rate that
Monitors using the aperture-grille your card can’t support.
technology, have multiple vertical wires of
0.25 mm in diameter. Two horizontal wires
keep these vertical wires aligned. It’s the 8) Why don’t images and text appear
shadow of these that you see on the smooth on my LCD monitor?
monitor. Frankly, there’s nothing you can do You’ve chosen a resolution that distorts the
about it, since they’re an integral part of the aspect ratio, and then used the adjustment
technology. function to force-fit the screen. This makes
images and text look crooked. Always run
an LCD monitor at its native resolution as
suggested by the manufacturer.
9) My LCD monitor displays a scrolling How can I tell which digital cameras
screen. Help! allow playback through my television?
Check whether the cable is connected Not all digital cameras allow playback
properly to the video card. Use the monitor through your television. When you are
with another system. This helps you reading specifications for digital cameras
ascertain whether the fault lies with the look out for ones that have "video out"
display card or the display itself. Also, under interfaces.
remember to specify the correct resolution
and refresh rate for the monitor.

10) How do I get rid of image persistence? What is the best image manipulation
Burn-in, or image persistence, is more of a software for images taken with digital
CRT-specific problem, and is not cameras?
permanent for LCDs. Keeping the panel The market leader is Adobe Photoshop.
powered down for about 15 minutes will This remarkable piece of software will let
solve the problem. you do almost anything with an image.
Before you rush off and buy Adobe
Photoshop there are two things that you
need to consider. First it is aimed at digital
photographers who are looking for serious
Digital Cameras FAQ image manipulation. This gives Adobe
Photoshop a fairly big learning curve and
Do all digital cameras suffer from there are plenty of books and courses
shutter lag? dedicated to helping you get the most from
It is true that digital cameras do suffer from the package. Secondly it doesn't come
shutter lag. Shutter lag is the time in cheap. A guide price is £500-550.
between clicking the shutter button and the
picture actually being taken. Once the There are a couple of very good
button is pressed digital cameras get to alternatives to Adobe Photoshop for those
work setting the focus, white balance and of you who are looking for more general
exposure time. They also need to charge image manipulation. One is Adobe
up the CCD. The end result, a brief pause Photoshop's little brother Adobe Photoshop
before the picture is taken can be very Elements, priced at around £65-70. The
annoying and can prove to be the other is Paint Shop Pro which you can pick
difference between a great picture and a up for under £40. I have used this package
missed opportunity. As with most things in myself and it does everything that I've ever
the world of digital cameras shutter lag wanted to do with an image.
times are decreasing as the technology
evolves. In fact in higher spec digital Cheaper still are products like Kai's Photo
cameras shutter lag has almost been Factory. You shouldn't have to pay more
eliminated. It won't be a problem with the than £15 and it gives you some useful
majority of pictures that you take, but it is image manipulation tools.
something to be aware of.
Digital cameras seem to have lots of paying out for the printer itself. Ink refills
features that I'll never understand. They also add to the price.
must be difficult to use.
It's true that digital cameras, particularly at If you are more dedicated to your
the higher end of the market do have some photography and are looking for a higher
pretty amazing features. It is also true that standard print than is available from the
these will really only be of use to serious inkjet or bubblejet range, then you can buy
photographers who want to experiment with a dye sublimation printer. These are a clear
their digital cameras and want to learn and step up in terms of print quality, but there is
use all that their camera has to offer. Even also a clear step up to pay as well. Dye
then digital cameras come with a fully sublimation printers start off in the £400-
automatic mode that will allow you to use it 500 range.
in a similar way to a traditional point and
shoot camera. The important point to Don't forget though that using digital
remember here is that feature rich digital cameras gives a whole new slant on
cameras also cost a lot of money. If you are photography. The ability to view images on
not planning to make use of all the available your computer and television screens
features then I would suggest that you buy means that it is less important to have your
a model with a smaller feature set and save photographs printed. Therefore you are
yourself a lot of money. You will find that likely to need less prints then you would
digital cameras that are more basic in the have with traditional 35mm photography.
functionality that they offer are also more
easy to use.

Some digital cameras use Smart Media


and some use Compact Flash. What's
How much is a good printer to print the difference?
photographs taken with digital cameras? Smart Media and Compact Flash are both
If you are looking to print good quality memory cards. Smart Media has been with
photographs taken with digital cameras us for about as long as digital cameras
then you need to by a special photo printer. themselves. More recently we have seen
A standard inkjet printer isn't quite up to the the rise of Compact Flash. Smart Media is
job, so you need to buy a specialised inkjet used primarily in Fuji and Olympus digital
or bubblejet printer. You can find a photo cameras. The majority of the remainder of
printer for under £100, but you basically get the market utilised Compact Flash cards.
what you pay for. If you are looking for
acceptable quality prints then you are The growth in megapixels that digital
looking at paying £300 plus. It all depends cameras can use has caused a big problem
on just how much quality you are looking for Smart Media. The increase in the
for. Even then to get the best results you number of megapixels has meant that
need to use coated photographic paper. digital cameras produce larger images.
This can prove to me quite expensive. If These larger images then need more
you are not planning to print that many storage space. That is why a while ago an 8
pictures then I would advise you to consider or 16mb memory card was sufficient
having your photographs printed by a certainly for consumer digital cameras. The
professional printing services company. problem with Smart Media technology is
Otherwise it begins to get hard to justify that the maximum size that a Smart Media
Card can be is 128mb. Compact Flash service, once the images have been
cards do not suffer from the same transferred from digital cameras to a
limitations. Over the next few years it looks computer it is quite easy to send them to
as if Smart Media cards will take more and the online printing services. One of the
more of a back seat. If you already have biggest advantages of having prints made
Smart Media cards this isn't really a of photographs taken with digital cameras is
problem. As far as storage goes they are a that you can select the images that you like
perfectly acceptable medium. The only the best before you send them off for
problem is their lack of capacity. printing.

How many pixels do digital cameras What are compression modes?


need to produce good quality 6x4 Digital cameras use different compression
prints? modes to store images. If you use high or
It depends on just how pin sharp you want fine or super fine etc. compression modes
the image. Two megapixel digital cameras then the image produced will be much
will produce very good 6x4 prints, but if you sharper. Pictures taken at a high resolution
are looking for exceptional quality then you will also take up more room on the storage
will be better off looking at 3 megapixel card. Therefore if you are using digital
digital cameras. Likewise with 8x11 prints. cameras with relatively small storage cards
Three megapixel digital cameras will then they will soon become full if you are
produce very good prints, but if you are shooting at a high resolution.
looking for exceptional quality then you
need to step up to 4 megapixel digital
cameras.
Are digital cameras under £200 worth
the money?
It all depends on what you are looking to
Can I get pictures taken by digital get out of using digital cameras. Digital
cameras printed professionally? cameras have really come down in price
If you don't want to have the expense of and some of those available for under £200
buying a dedicated photo printer or you just are very good cameras indeed. In fact there
like the idea of having prints made for you are digital cameras on the market for under
then there are services that you can use to £100 that will do a very good job if you are
have your prints made. Most camera stores looking for a camera that will take good
will be more than happy to take your quality snap shots and is easy to use.
images and provide you with prints. There
are also Internet based companies where
you can send your images to and receive a
set of prints back through the post. The Why are some memory cards cheaper
main disadvantage of having your prints than others?
made by a camera store is that people Higher priced memory cards have a higher
need to transfer the images from their speed rating. This means that the picture is
digital cameras to their computers and then written to the card faster and the digital
download the images onto floppy disks or camera becomes ready to take the next
burn them to a CD. If you use an Internet shot quicker. This is really only an issue for
anyone using digital cameras and wanting Digital cameras with optical zooms will
to shoot a number of pictures very quickly. produce images of a far higher quality.
It is also felt that the faster memory cards
are of a little higher quality.

Do all digital cameras offer a movie


mode?
I have seen effective pixels referred to No. Not all digital cameras come with a
on specifications for digital cameras. movie mode or though it is fast becoming a
What does this mean? common feature. You may also find that
Not all the pixels that are on a digital some digital cameras at the very top of the
camera's CCD can be used when the range don't offer a movie mode either. Also
photograph is taken. Some fall outside the don't be fooled into thinking that the movies
range of the lens and some are painted that digital cameras take will be up to the
black to help with colour balance. Therefore standard of your digicam. At the lower end
it is the number of effective pixels that of the digital cameras market you can find
people need to look out for when buying that the movies are shot in black and white.
digital cameras. There are certainly a good number of digital
cameras where you can't record sound
when you shoot the movie. Movie time also
varies between digital cameras. At the
I have a 35mm SLR camera. There lower end of the market you normally get
seems far less choice with SLR digital around 15 seconds. The higher end hits the
cameras. three minute mark. The way that I would
It's true that SLR digital cameras are few look at it is that the primary function of
and far between all though this too is digital cameras is to take great still pictures
changing. They are also expensive, but and short movies that you can shoot are
recent additions to the range have caused a very much a bonus. Watch out as well.
real price breakthrough. There is no need to Shooting even very short movies can drain
despair though as the group of digital the batteries very quickly.
cameras known as "Prosumer" carry the
same advanced features as most 35mm
SLR cameras. Check out this range of
digital cameras before you buy. Do you need a card reader to upload
images from digital cameras?
You don't necessarily need a card ready to
upload images taken by digital cameras.
What is Digital Zoom? Digital cameras come with a lead that will
Digital zoom causes digital cameras to connect them to the PC and you can upload
zoom in on the centre section of an image. your pictures through that cable. Some
The centre area will then look bigger, but people do experience difficulties from time
the same number of pixels are used. This to time uploading their images using this
means that the quality of the image is method. A card reader simplifies the
reduced. If a zoom lens is important to you process by creating another drive on your
then make sure that you look out for digital computer and from there it is relatively
cameras that come with an optical zoom. straight forward to transfer your images
from the card to the PC.
Juiced Ships For development, THQ. "We are extremely
pleased with the well-rounded racing
Playstation 2, Xbox, And experience Juice Games has delivered and
PC look forward to continuing to advance
THQ's position in the street racing genre."

THQ Inc. today announced the release of


the high-octane street racer Juiced for the
PlayStation 2 computer entertainment
system, the Xbox video game system from
Microsoft and Windows PC. The highly- Juiced will fully immerse players in the
anticipated release of Juiced delivers an all- lifestyle and culture of the street racing
encompassing street racing experience, scene where they will show off racing skills,
bringing the culture of street racing to life earn respect from different crew chiefs and
through game-play elements like betting bet against them for cash. Earning cash
and earning respect, while also featuring an and respect will ultimately unlock more than
extensive modification system in which 50 real cars with over 100 real after-market
gamers and gear-heads alike can build cosmetic and performance mods for a total
entire fleets of tricked-out racing machines. of 7.5 trillion car customization possibilities.
Drivers can get to work under the hood for As a racer's notoriety grows, new drivers
a suggested retail price of $49.99 on will approach them to join the team,
PlayStation 2 and Xbox and $39.99 on opening up never-before-seen 'crew races'
Windows PC. where the player's ability to manage a crew
of drivers is key to beating rival crews.

The game will also offer a full on-line


feature set, including 6 player races, crew
races, world leader boards and crew and
pink-slip competitions, where someone will
lose the car they worked to customize.

"Spending the time to fine-tune key game-


play elements and further develop features
such as crew racing, pink slip racing and
online play has resulted in one of the top
street racing games available," said Philip
Holt, senior vice president, product
Red Mile Entertainment to at E3 this year, and we are excited to
feature this game in our initial launch
Publish Heroes of the lineup," said Chester Aldridge, CEO of Red
Pacific For Playstation 2, Mile Entertainment. "This game delivers a
fast-action flight combat experience that
Xbox, And PC encompasses all the drama, realism and
intensity that players would expect from a
Red Mile Entertainment, Inc., a worldwide WWII battle."
developer and publisher of interactive
entertainment software, today announced In Heroes of the Pacific, players will live the
that it has acquired the rights to publish the enormity of the battle and recreate actual
flight combat game Heroes of the Pacific. acts of heroism as up to 150 planes, each
Developed by Australia-based developer IR with full AI and physics attributes. The skies
Gurus, the game will release for the come alive as highly detailed (15,000+
PlayStation 2 computer entertainment polygons) fighters, dive bombers, torpedo
system, the Xbox video game and bombers and experimental planes take part
entertainment system from Microsoft and in fierce fighting.
PC in the fall of 2005.
Players reenact this compelling and
Beginning with the attack on Pearl Harbor, dramatic aerial campaign in six game
this aerial combat game puts players in the modes -- Campaign, Instant Action, Single
middle of some of the most intense aerial Mission, Historical, Training and
conflicts in WWII's Pacific Theater. For the Multiplayer, which is playable in split-
first time players will experience the epic screen, LAN multiplayer or in online
scope of the battles, placing hundreds of multiplayer for up to eight players on
planes on the screen in a single console and PC. In the single-player game,
confrontation. missions can include up to 4 wingmen, all
controllable through an innovative, fast-
The game unfolds through 10 campaigns access menu system. Daring missions that
(26 missions) taken from real events of involve ground attacks and support, escort,
WWII's Pacific campaign, including battles defense, patrol, torpedo and dive-bombing
over Midway Island, the Coral Sea, Iwo take place in highly realistic environments.
Jima and Guadalcanal. With more than 35 Players can even relive the action in
WWII aircraft, including all major U.S. and cinematic replays.
Japanese models, players can pilot a
variety of aircraft that were integral to the Heroes of the Pacific is scheduled to ship in
war effort in the Pacific including the the fall of 2005. For more information on the
Grumman F4F Wildcat and F6F Hellcat, the game, visit the website at
Douglas SBD Dauntless, the Curtiss P-40 http://www.heroesofthepacific.com.
Warhawk and the Chance-Vought F4U
Corsair. Planes are also upgradeable,
which gives players access to a total of
more than 80 planes.

"Heroes of the Pacific generated a great


deal of excitement when it was showcased
Falcon 4.0: Allied Force - aircraft separation. For example, if a large
transport aircraft is waiting on the taxiway
Airbase Operations ready to depart with an F-16 on final
approach, ATC assesses carefully the
position of the F-16 before giving the
transport aircraft clearance onto the
runway. The transport will be held in the
"hold short" position until the F-16 touches
down. At that point, ATC will clear the
transport onto the runway. ATC will grant
takeoff clearance once the conditions are
safe for the transport aircraft to depart. v In
some circumstances where ATC
One of the aims of Lead Pursuit is to deliver determines a backlog of aircraft to depart,
a fully realistic working environment of additional time buffers are introduced
airbase operations, and Falcon 4.0: Allied between each arriving aircraft to allow the
Force moves us much closer to that goal. departure backlog to clear. Airbase
The controllers in the tower have a huge operations can be extremely busy – it's a
responsibility to safely schedule the arrivals difficult balancing act for the busy virtual
and departures of expensive aircraft vital to controllers living inside the battlefield!
the war effort.

As in real world airspace, the airports and


carriers are the busiest areas for aircraft
and with the exception of the Forward Line
of Troops (FLOT), they are the areas of
highest risk to individuals and hardware. A
single pilot error or wrecked aircraft on the
runway can render the airbase closed for
hours. So intelligent management of flights One important area of the ATC is
in and out of the base – and around it too - supporting pilots as they limp back to base
is essential. In these development notes, with wounded birds. We wanted to give
Mike Laskey walks us through airbase pilots every good chance of making it back
operations. to base, whether they choose to divert to a
closer airfield or struggle back home. In our
With AI routines, players tend to notice very product, we are excited to allow players and
quickly when things aren't working quite AI aircraft to participate in airbase stacking.
right. The aim of our ATC focal area was to More on this later.
deliver subtle AI that you don't notice. We'll
begin with some of the primary
improvements:

Advanced ATC awareness of the


approach and departure queues. The
controllers in the tower are ever watchful,
and have a good understanding about
STACKING

As we've already mentioned, one important


feature is "stacking". This is an assigned
area close to the airfield where aircraft are
held in an "airborne queueing"
arrangement, while ATC deals with an
emergency. The act of a pilot calling an
Calling an emergency dramatically emergency landing is enough for ATC to
increases the workload of the ATC divert other aircraft that are already in the
controllers and adds additional risk to other pattern, into the stack instead. Typically
aircraft as they are expected to remain those that are on final approach and not too
airborne for longer. Therefore, ATC does far from landing are permitted to continue
not approve of "hoax" emergency landings their approach. But where other aircraft
or landings without permission. All pilots are already in the pattern and those attempting
expected to operate within the rules and to join the pattern are considered a conflict,
penalties are dealt out to pilots who do not then one or more aircraft will be diverted
comply. into the stack. Whenever ATC is stacking
aircraft, ATC will give a new heading and a
Airbases in Falcon 4.0: Allied Force can at new altitude above the standard landing
times be tremendously busy. The pattern. This considerably adds to the
"TowerCam" puts you right into the immersion factor, making the player feel
controller's seat and allows you to watch even more that they are part of a living
and zoom in on any of the aircraft around battlefield environment.
the airbase. It's fun to buzz the tower with
the low altitude fly-by, replicating a great
scene from a classic air combat movie.

Falcon 4.0: Allied Force supports two-ship


formation take-offs for player and AI
controlled aircraft. Only fighters can utilise
this privilege and only when carrying air-to-
air ordnance.
Once you reach the stack, ATC will order
We've added a new controller's voice to you to orbit and will confirm your assigned
provide full support for the Balkans theater altitude. Each aircraft in the stack is
of operations and a bunch of new radio separated vertically by 1,000 feet and
calls. For example, ATC will now assign stacking operates on a first-in first-out
departure headings and warn you about basis. Those arriving later are placed on the
traffic conflicts. top of the stack. Once the emergency is
over (hopefully the aircraft in trouble landed
safely!), ATC will empty the stack from the
bottom.

One by one, ATC will call the aircraft at the


bottom onto the base leg to start its
approach, and as that aircraft leaves the The landing help system also teaches
stack, ATC will order each pilot remaining speed control which trains the player to
to reduce altitude by 1,000 feet. Note that land in a timely fashion without flying too
until the stack is completely empty, any new quickly nor too slowly. This is conveyed
aircraft attempting to join the pattern will visually by gradually changing the colour of
continue to be added to the stack. the pathway indicators. At the correct
speed, the pathway indicators will be
On a playability note, during stacking, it's coloured black. As the aircraft slows to
vital for the safety of fellow pilots to below the expected speed, the indicators
maintain the altitude they have been will begin to turn blue to let the player know
assigned to by ATC, to avoid collisions. that the speed should be increased slightly.
Should the pilot find himself stacking and
short of fuel, he or she must make the If the pilot fails to respond appropriately, the
problem heard and call an emergency. This indicators will turn more blue. It is likely in
is about the only other situation where this case that the pilot will either fall short of
calling an emergency is legitimate though. the runway, or risk interrupting traffic that
might be landing behind him. Conversely, if
LANDING HELP the aircraft velocity is too fast, the indicators
will gradually turn to red, and the pilot is
After leaving the stack, the pilot will be likely to overshoot the runway or interrupt
given bearings and directions to land. Of aircraft scheduled to land ahead of him.
course, successfully landing is critical, but it
is far from the easiest of experiences. During final approach, the player should
That's why we've developed a "landing aim to fly directly through the centre of the
tutor" to help ease to process of bringing indicators with the flightpath marker
the bird home safely. positioned at the base of the runway. Within
two hundred feet of the runway, an on-
screen text description prompts the pilot to
commence the flare. At this point, the
pathway indicators no longer represent a 3
degree descent but instead level out more
to help visualise this concept. At the start of
this phase, the indicators are likely to
change to red to inform the player to reduce
the speed of the aircraft. The pilot should
A series of rectangular indicators showing reduce throttle and pull back on the stick to
the path to the active runway are drawn in flare the aircraft smoothly onto the runway.
the sky. This pathway consists of four
distinct sections: the base leg, the turn to After touchdown, an assessment of the
finals, the 3° descent onto the runway and landing is displayed to the pilot. To
the flare. As the distance decreases enable/disable this feature, press ALT-H.
between the indicators and the runway, the The aircraft must be flying in order to turn
rectangles become smaller and smaller to the landing help on, and it is automatically
emphasise the increased importance of disabled once the aircraft comes to a stop.
accurately following the glidepath.
Batman Begins accessorized with lethal toys and learned to
kill like a vigilante.

If you expect Batman to flap his cape the


second you sit down with your popcorn,
snap out of it. Nolan wants us to know the
real Bruce. At age eight, Master Wayne
(Gus Lewis) falls into a well filled with bats
and freaks out. The bats represent his
deepest fear. Bruce later dumps Princeton
Shake off those cobwebs. There's a new and his virginal Rachel (Katie Holmes --
Batman in town, and he's younger, fiercer OK, Tom Cruise, start raving) and heads for
and klutzier than before. What do you want the Himalayas to toughen up. He's tossed
from a rookie? The Caped Crusader that into prison and is rescued by Ducard (Liam
Christian Bale plays so potently in Batman Neeson, with a funny accent), who ninja-
Begins is still working out the kinks. He trains him. Ducard is a member of the
nearly gives himself a wedgie scaling a League of Shadows, led by evil genius Ra's
building in a self-designed Batsuit that Al Ghul (Ken Watanabe).
weighs a stylish ton. Director Christopher
Nolan, who wrote the script with David Seven years pass, and Bruce is still Bruce.
Goyer, shows us a Batman caught in the Back in Gotham, he learns from the family
act of inventing himself. Nolan is caught, butler, Alfred (Michael Caine purrs with
too, in the act of deconstructing the Batman warmth and humor), that he's been
myth while still delivering the dazzle to declared dead and that the CEO (Rutger
justify a $150 million budget. It's schizo Hauer) has taken over Wayne Enterprises.
entertainment. But credit Nolan for trying to To get it back, Bruce teams up with Lucius
do the impossible in a summer epic: take us Fox (a wily Morgan Freeman), a company
somewhere we haven't been before. scientist who specializes in military body
armor (think Batsuit) and designs a car that
This stripped-down prequel grounds the looks like a tank (think Batmobile). That's
story in reality. If Tim Burton lifted the DC when Bruce asks Lucius if the car comes in
Comics franchise to gothic splendor and black. Fans can now feel free to go batty.
Joel Schumacher buried it in campy overkill
(a Batsuit with nipples), then Nolan -- the
mind-teasing whiz behind Memento and
Insomnia -- gets credit for resurrecting
Batman as Bruce Wayne, a screwed-up
rich kid with no clue about how to avenge
the murders of his parents.

Batman Begins answers a long-standing


question about Bruce the tycoon playboy --
a Paris Hilton with balls as previously
played by Michael Keaton, Val Kilmer and
George Clooney -- by showing us what he
was doing before he put on his Bat drag,
The buildup is steadily engrossing. That's Der Untergang
because Nolan keeps the emphasis on
character, not gadgets. Gotham looks lived
in, not art-directed. And Bale, calling on our
movie memories of him as a wounded child
(Empire of the Sun) and an adult menace
(American Psycho), creates a vulnerable
hero of flesh, blood and haunted fire.
Bruce's blood may be too hot for Rachel,
now an assistant DA. She fumes when
Bruce frolics with seminaked models. Look,
honey, a secret identity takes work.

Also known as "Downfall, The Downfall:


Hitler and the End of the Third Reich
(USA),
The Bat earns his wings soon enough. He
Der Untergang - Hitler und das Ende des
enlists an honest cop, soon-to-be
3. Reichs"
commissioner Gordon (a goodie Gary
Oldman -- huh?) to help him rid Gotham of
Running Time: 150 minutes
Carmine Falcone (overhammed by Tom
Wilkinson), a crime lord with connections to
Drama, War
the Waynes' murders. Like any movie with
a surfeit of villains, none of them stick.
During the Third Reich, a state propaganda
Cillian Murphy comes closest as Dr.
machine had saturated the German people
Jonathan Crane, a skinny shrink they call
with a vision of their Führer as a
Scarecrow when he puts a burlap bag on
romanticised folk hero and loving father of
his head. Each person sees his own worst
the nation - so when Adolf Hitler and the
fears come to life when they gaze at the
Reich came to an end in 1945 and
bag. The low-budget headgear is typical of
Germany was waking up to the grim reality
a movie that succeeds best when it hews to
of what had happened in the name of
the rule of less is more. Beginner's luck
National Socialism, it no longer seemed
evaporates when Nolan ends with a tricked-
appropriate for Hitler's image to be
out car chase and a doomsday plot about a
projected in the dreamhouse of cinema.
poisoned water supply. Nolan's too good for
While he has been analysed by academics,
Bat business as usual. His secret for
exposed by documentarians, and argued
making Batman fly is as basic as black:
over by historians, Hitler has remained a
Keep it real.
taboo topic for German feature films - and
until the release of 'Downfall' in 2004, the
last time the man had been portrayed in not just the bunker itself, filmed with
German cinema was a staggering forty suffocating tightness, but also the
eight years earlier, in G.W. Pabst's 'Der inescapable grip which Nazism held over
Letzte Akt'. the German people, caught between testing
"I make so many mistakes when I dictate", their loyalty to its self-destructive limits, or
Hitler (Bruno Ganz) tells Traudl Junge paying the lethal price for their treachery. In
(Alexandra Maria Lara) in the 1942 opening this way, the twelve years of Hitler's
of 'Downfall'. The context is innocent dictatorship are compressed into the twelve
enough - he is interviewing the young intense days at their end, as a country finds
woman for a post as his private secretary - itself straining under the inhuman logic of its
but the irony of the dictator's words own guiding ideology.
reverberates through the rest of the film, set
three years later during his final days in the
bunker beneath the German Chancellery,
as he ignores all good advice and military
reality, blames his own failings on everyone
else, brooks no dissent and wilfully
condemns his own populace to
unnecessary (if sometimes willing) death.

There is enough incident and character in


the many narrative strands of 'Downfall' to
fill a film twice the length - but at its
concrete core is a contrast between the
downfall of a society ruled by perverse
disorder, and the beginnings of a new
Germany. Hitler and Goebbels (Ulrich
Matthes) have come to believe their own
propaganda - but others like Speer (Heino
Woven from 'Until the Final Hour' (2001), an
Ferch) are starting to face the truth and
eyewitness account of Hitler's last days by
secretly ignore Hitler's commands. Doctors
Traudl Junge herself, and from 'Inside
devote their time to preparing poisons and
Hitler's Bunker' (2002), the best-selling
assisting suicides, and there is a chilling
book by Berlin historian Joachim Fest, the
reference to the illegal experiments
rich detail of Bernd Eichinger's screenplay
performed by an SS medic - but other
brings the studied feel of a documentary to
doctors like Schenck (Christian Berkel) risk
the film - and in one sequence, the
their own lives to help the sick and the
notorious photo of Hitler's final public
wounded, and reject both suicides and
appearance, pinning medals on a parade of
executions as madness. Goebbels' wife
young children in military uniform, is
Magda (Corinna Harfouch), declared by
painstakingly reconstructed and brought to
Hitler to be Germany's most courageous
life.
mother, kills her own children one by one,
and Hitler himself, the 'father' of the nation,
At the same time, director Oliver
mercilessly wills the annihilation of all
Hirschbiegel brings from his previous film
Germany - yet the film's final sequence, in
'Das Experiment' (2001) a mood of
which Traudl and a young boy elude the
claustrophobia and entrapment that suits
advancing Red Army by posing as mother
and son, promises the return of more
normal family relations. Lastly there is
Traudl herself, an "enthusiastic Nazi" by her
own admission (in the voice-over which
book-ends the film), who now looks upon
her younger self ("this child") with a mixture
of anger, contempt and disbelief, and
struggles, like Germany, to forgive herself.

'Downfall' is difficult, deadly serious, and at


times painful to watch - but most of all it is
adult, coming to terms with the past as any
adult should.

It's Got: Simply extraordinary


performances, especially from Bruno Ganz
as Hitler; scenes of Berlin under
bombardment from the Russians, all filmed
in St Petersburg (the Russian city in fact
bombarded in the Second World War by the
Germans); a documentary-like attention to
historical fact and period detail coupled with
a stifling sense of claustrophobia; and a
chilling scene of infanticide that is almost
too painfully real to watch, and yet
encapsulates perfectly the perversion of
Nazism.

It Needs: Not to be seen by anyone looking


for a fun night out.
Massage Pen Samsung D720

Smooth-writing executive pen with vibrating


contoured tip. Pinpoint relief anytime, The D720 has it all. As smartphones are
anywhere with the textured acupressure becoming more popular, Samsung has
head. Excalibur Research Labs have released their D720 to compete. One of the
scored a major breakthrough in instant key features includes the use of the
stress relief. Using ancient holistic Symbian Series 60 operating system to
techniques derived from the Far East, help enforce the slogan of this phone,
Excalibur Electronics can now bring to you ‘smarter than the average.’ This phone also
the comfort of massage in the ultimate includes a 1.3 mega pixel camera and
portable package of the Massage Pen. integrated 64mb of memory. All standard
Easy to use. Instant relief from muscle cell phone options still apply: Bluetooth,
soreness, pain & discomfort. Uses ancient web browsing, messaging, video playback,
arts of reflexology to help find relief from java, and even an mp3 player with dual
numerous ailments, aches and pains. speaker output.

Package dimensions: 7" x 4-7/8" x 1-1/2".


Shuttle XPC SN25P capabilities are also included. It is available
in multiple different colors and prices begin
at $2,000.

Nokia 770 Internet Tablet

Shuttle XPC SN25P’s size of the case is


bigger in size allowing for better airflow and
easier access inside. The motherboard It features a 64MB TI 1710 OMAP ARM
uses the nForce4 Ultra chipset and has mini-PC. It is powered by Debian Linux
everything you would need already v2.6. It has no mobile phone inside, so it
integrated, including 7.1 audio. One of the relies on Bluetooth v1.2 and WiFi (802.11b)
best new features is an external clear support to connect to the Internet either
CMOS button. through your home WiFi router or via your
Bluetooth compatible mobile phone. It
features a massive 4.13" diagonal, 800x480
Flybook A33i pixel display, browsing and email should be
quite comfortable. In addition it also
features the Opera web browser and the
built-in email client, a RSS newsreader,
Internet radio, various media players, a
PDF viewer, and Flash v6 compatibility. A
user installable software upgrade will
introduce Voice Over IP (VOIP) and Instant
Messaging to the mix. It has 64MB of DDR
RAM, and 128MB of internal FLASH
memory, of which about 64MB should be
available to the user. Storage can be
augmented by inserting a RS-MMC
memory card. It will be priced at approx
$350.
The link between the PDA and the
notebook is getting even closer with the
Flybook. The Flybook weighs in at 2.6
pounds, will have a 1.1-GHz Pentium M
“Dothan” chipset and up to 512MB of RAM.
Bluetooth, SM card slot, and built in WiFi
Darth Vader Episode III Helmet Replica x 11-inches x 21-inches. Sadly this is a
limited Edition of 1,000 pieces worldwide,
which means once they gone, they gone.

Mio 269 GPS/MP3 Player

Star Wars fans take Star Wars films very


seriously. Target is selling the Darth Vader
Episode III Replica Helmet. This fiberglass
cast replica comes with a display stand and
plaque and according to the description "is
molded from the same CAD-generated
master pattern used for "Revenge of the
Sith." You can also wear this helmet
comfortably (foam blocks and all) which
truly makes this the ultimate Star Wars
accessory.

AT-AT Imperial Walker Replica from The


Empire Strikes Back The Mio 269, which we will probably never
see on these shores, is a cool little device.
You remember the AT-AT toy from "The It’s a portable 2.5GB device with GPS
Empire Strikes Back" that you had as a kid, mapping and an MP3 player for rocking out
right? It was the toy to have, around two to the tunes while you get lost in New
feet tall and had a cargo bay large enough Jersey. It also includes 32MB flash ROM, a
to stuff all your action figures into. Well this 3.5-inch LCD, and 300MHz processor. Best
is comprised of over 230 separate parts, of all, it has a 4.5 hour battery that allows
legs made from solid, high-strength thermo- for portable GPSing.
plastics and die-cast metal for long-term
durability. Approximate model dimensions
23-inches x 9-inches x 19-inches; display
case measures approximately 27-inches L
Creative Zen Vision PMP 12 minutes of crystal clear audio, so you
don't forget any important pieces of
information. A nice touch for a secret agent
or any one who aspires to be one.

iZon Bluetooth MP3/FM Radio/Mobile


Headset w/128 MB SD Card

The new Zen Vision PMP holds 30GB and


uses a non-Windows Portable Media
Center OS. It is a definite improvement over
the original PMC-120. Interestingly it
supports MPEG4, WMV, DivX, and XviD as
well as a CF card slot for updates. It has a
3.7-inch TFT-LCD and weighs in at 8
ounces,

James Bond Stealth Camera

With this cool iZon Headphone device, you


get MP3 playback, an FM Radio, a
Bluetooth Mobile headset, and Bluetooth
Audio Streaming - all in a single package!
This iZon MP3 Headset is compliant with
Bluetooth 1.1, has a built-in microphone for
use with mobile phones, features an
SD/MMC memory card slot with a 128 MB
SD memory card included, and has a user
interface display on its LCD. This one-
There is finally a hi-tech gadget from Q's piece, neckband, headphone style fits very
laboratory that can be had by the masses comfortably on your head.
who are not fortunate enough to carry a
license to kill. This inconspicuous Zippo
look-alike actually contains a digital camera
capable of holding over 300 images. The
JB1 uses ST Micro technology to capture
highly detailed images with incredibly small
file sizes thanks to LiteSync technology that
allows you to take clear images in
fluorescent lighting without using a flash. It
can even capture video clips & record up to
Pro Viewer 1.3 Mega Digital Binocular
Camera W/LCD

BANNED IN SOME SPORTS ARENAS!


Snap 1.3 mega pixel photos with a digital
binocular camera so powerful you can see Digital Spy Camera Pen
a license plate 3 football fields away. Then
view it on a full color LCD screen. It
features a Binocular lenses with 8X zoom
power, 1.5" full color, flip up LCD screen. It
has a 8MB of capable memory is built-in,
memory is upgradeable with Smart Disc.

Motorola IMfree Wireless Personal


Instant Messenger

Free up the family computer without putting


a stop to the fun of instant messaging with
this Motorola IMfree Personal Instant
Messenger. This portable, convenient Work your secret spy mojo with the
IMfree device allows Instant Messengers to incredibly normal-looking Digital Camera
roam almost anywhere around the house - Spy Pen. It has 2MB of built-in memory &
up to 150 feet from an Internet-connected stores up to 36, 160 x 120 pixel images. It
PC and base station! With this Motorola has a voice function audibly which tells the
IMfree Personal Instant Messenger Kit, the user number of pictures taken.
family computer is available for the family
once again, and the kids don't have to miss
a single LOL or OMG moment!