Yep - that Linux box project is on hold yet again, I already have an OS with security holes and another is just more pain in the bum. > -----Original Message----- > From: computertalkshop-bounce@xxxxxxxxxxxxx > [mailto:computertalkshop-bounce@xxxxxxxxxxxxx]On Behalf Of Hal Brown > Sent: Thursday, September 26, 2002 3:34 PM > To: computertalkshop@xxxxxxxxxxxxx > Subject: [CTS] [alerts@xxxxxxxxxxx: T0rn' Arrest Alarms White Hats, > Advocates] > > > > ----- Forwarded message from alerts@xxxxxxxxxxx ----- > > From: alerts@xxxxxxxxxxx > Subject: T0rn' Arrest Alarms White Hats, Advocates > To: cybercrime-alerts@xxxxxxxxxxxxx > Date: Thu, 26 Sep 2002 16:09:24 -0400 > Reply-To: cybercrime-alerts@xxxxxxxxxxxxx > Sender: cybercrime-alerts-bounce@xxxxxxxxxxxxx > X-Mailer: Calypso Version 3.30.00.00 (3) > > I thought this was interesting to say the least. > > Hal > > --------------------------------------------------- > > * subscribe at http://techPolice.com > > > http://online.securityfocus.com/news/813 > > By Kevin Poulsen, > Sept 24, 2002 > > It could almost pass as a routine computer crime case -- a year-long > probe leads Scotland Yard cybercops to a home in the upscale London > suburb of Surbiton, where they seize computer equipment and arrest a > 21-year-old man under the UK's 1990 Computer Misuse Act. > > But last Thursday's raid was anything but routine, because the unnamed > suspect, who has not yet been formally charged, isn't accused of > cracking computers, launching a denial of service attack or > distributing a virus. Instead, the joint Scotland Yard/FBI > investigation is focused on his alleged authorship of the "T0rnkit," a > collection of custom programs that help an intruder hide their > presence on a hacked Linux machine. It's apparently the first time the > UK's national computer crime law has been used to crack down on a > programmer for writing a tool with malicious applications -- and it's > a chilling development to some security researchers and electronic > civil libertarians. > > "I would definitely see it as troublesome," says Lee Tien, senior > staff attorney at the Electronic Frontier Foundation. "It's something > we have to look at very closely, because the general idea that you can > go after someone criminally for simply writing a program raises > issues." > > T0rnkit first began showing up on hacked boxes two years ago. Like > other so-called "rootkits," it includes programs that an intruder can > drop into place over genuine system commands that render the attacker > invisible to the computer's administrator. A replacement "ps" command, > for example, will omit the hacker's network sniffer from a list of > processes running on the machine, where an unadulterated version of > the command would finger the intruder. > > The package also includes a backdoor function that allows the attacker > to covertly return to a machine that they've hacked. "The more recent > ones have had loadable kernel modules, distributed denial of service > tools, and stuff like that," says Dave Dittrich, senior security > engineer at the University of Washington. "Most of the versions are > circulated in the underground, and they're tightly held." > > In 2001, Chinese virus writers incorporated a modified T0rnkit into > the nasty "Lion" worm. But the kit itself is not a virus; it can't > spread on its own accord. And the man arrested last week -- now free > pending an October 19th court appearance -- is not accused of breaking > into any computers, or of falling in with Chinese cybergangs. "The > writing and distribution of the tool is the offense," a Scotland Yard > spokesman confirmed in a telephone interview Monday. > > And that worries some computer security researchers, who find it all > to easy to visualize themselves in the position of the anonymous UK > suspect. So-called "white hat" hackers often create programs with > potentially malicious applications as an exercise, or to advance the > published research base -- active intruders tend to keep their work > private. > > "I've written tools myself that have only marginal social value, so it > actually concerns me quite a bit," says Mark Loveless, a senior > security analyst with Bindview Corporation. "I'm worried that > something like that could happen to someone just because they have a > high profile." > > "Pretty Frightening" > > Researchers are even publicly working on a rootkit for Windows NT > machines, a project that's headed -- not by anonymous denizens of the > cyber underground -- but by Greg Hoglund, co-founder and CTO of > security software company Cenzic, Inc. Aside from research projects, > many security professionals use hacker tools to perform legitimate > "penetration tests" against clients. And some of the most common > security tools like nmap or TCPdump can be used for good or ill. > > "If they're arresting guys just for writing tools, that's pretty > frightening," says Steve Manzuik, co-moderator of the VulnWatch > security mailing list. "I guess anyone who's written a security type > tool should be concerned if this is going to become the next trend." > > It's not a trend yet, but outlawing hacker tools has never been far > from law enforcement thoughts. Last year 33 countries, including the > UK and the U.S., signed the Council of Europe's international > cybercrime treaty, which recommends prohibiting the creation or > distribution of a hacking tool with the intent that it be used to > commit a crime, though a last minute change to the treaty allows > signatory countries to opt out of the provision. > > So far, laws explicitly outlawing hacker tools are hard to find. The > UK's Computer Misuse Act applies to someone who "causes a computer to > perform any function with intent to secure access to any program or > data held in any computer," knowing that he or she is acting without > authorization. The hacker doesn't have to direct the attack against > any particular computer to be culpable under the law, which carries up > to two years in prison for a first time offense -- seven, if damage > resulted. > > But the legalese, not dissimilar to U.S. computer crime laws, still > allows prosecutors some wiggle room. "You might not have a direct > offense in the computer crime law, but if there's an aiding and > abetting or solicitation -- those inchoate offenses -- you don't > necessarily have to have it in the law," says Tien. > > Jennifer Granick, director of Stanford Law School's Center for > Internet and Society, says the result could be a kind of > Sklyarov-in-reverse. Following the arrest of a Russian programmer at a > Las Vegas conference last year, some cryptographic researchers > professed reluctance to make presentations in the U.S. for fear of > running afoul of the Digital Millennium Copyright Act, which prohibits > distributing or using tools that circumvent copy protection schemes. > Depending on what happens in the T0rn case -- which is still in the > earliest stage -- U.S. security researchers may develop a reciprocal > aversion to the U.K. > > "If this is really against their law, then you have jurisdictional > problems," says Granick. "Anywhere a tool is written, if it becomes > available in the UK, that becomes a crime... All sorts of researchers > would have to hesitate before visiting the UK." > > -- > This was sent to you from http://theMezz.com > To Subscribe/Unsubscribe go to http://techPolice.com > http://www.theMezz.com/cybercrime/archive > > *** TECH NEWS AT http://theMezzenger.com *** > > > > > > ----- End forwarded message ----- > > -- > Hal Brown > mailto: hal@xxxxxxxx > http://adwt.com > ------------------------------------------------------------------ > --------- > ----- > Computer Talk Shop http://www.computertalkshop.com > Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm > > List HowTo: http://szaroconsulting.com/cts/faq > > To join Computer Talk Shop's off topic list, please goto: > http://szaroconsulting.com/cts/other_cts_lists.htm > ------------------------------------------------------------------ > --------- > ------ --- ____________________________________________________ RB Custom Services / Clarkson, KY USA Professional & Dependable PC, Printer/Plotter/Bus Machine & Network Services http://rbcs.8m.com (270) 242-9019 Mon-Sat 8am to 8pm incl. holidays === Flat rate service avail for inshop and ship-in/out service === _______________________________________________________ Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 --------------------------------------------------------------------------- ----- Computer Talk Shop http://www.computertalkshop.com Un-subscribe/Vacation, http://szaroconsulting.com/cts/list_options.htm List HowTo: http://szaroconsulting.com/cts/faq To join Computer Talk Shop's off topic list, please goto: http://szaroconsulting.com/cts/other_cts_lists.htm --------------------------------------------------------------------------- ------