My last submission

a hacker got into about 5.6 million visa and mastercard accounts...here is a link to it... www.cnn.com . . .

There's a concern which uses cookies in shareware-programs as trojans! It writes information to the Wind00ze registry!

This story from FirstMonday describes a method of transfering data using only the TCP/IP headers:

The TCP/IP protocol suite has a number of weaknesses that allow an attacker to leverage techniques in the form of covert channels to surreptitiously pass data in otherwise benign packets. This paper attempts to illustrate these weaknesses in both theoretical and practical examples.

Don't know your TCP from your wazoo? Read "TCP/IP Illustrated Volume 1: The Protocols" by W. Richard Stevens. It's the best book out there on the subject. A good read, too, if you want to understand what that packet sniffer is telling you about your network.

Here's cool hack: access the Internet protocols via e-mail! That's exactly what this e-mail tunnel does.

As the author puts it:

mailtunnel creates a bidirectional virtual data path tunnelled in E-Mail messages. This can be useful for users behind restrictive firewalls that only allow Mail-Access (usually through a central mailhub).
In a situation like the above, it's possible to use mailtunnel to tunnel anything from simple telnet sessions to SSH-PPP VPNs (practically anything that can be tunneled over TCP/IP) to a non-blocked system on the internet.
This allows users(well..) behind even the nastiest firewalls to access resources they're not ment to access.

Some other tunneling tools are:

http tunnel: This allows you to tunnel data via HTTP proxies

reltunnel: Offers a reliable tunnel over unreliable protocols

icmptunnel: Tunnel data over ICMP frames.

Let us know if you've tried any of these. Also, I'd like to see if anyone's come up with a snail-mail "tunnel"!

There's an interesting Newsbytes article at 32BitsOnline: A federal court judge has imposed a temporary restraining order against two hackers accused of reverse-engineering Cyber Patrol software so that it no longer blocks objectionable material. Of course, this is a blatant lie used by the plaintiffs to generate public and judicial sympathy. The fact is, the software these "hackers" wrote allowed anyone to break the encryption on Cyber Patrol's software, so anyone could see the list of blocked sites. It had nothing to do with by-passing the blocking software's functionality--that "exploit" has been posted by many other sites including, I believe, peacefire.org. The right of hackers everywhere to reverse-engineer something to see how it ticks is being undermined by the day. Even more absurd in this case is the fact that the temporary restraining order was imposed against people in other countries!

If you want to understand the mechanics and the programs used in the recent denial of service attacks on well-known Internet services like Yahoo and CNN, read this newsflash from Cisco. Got any other pointers you want to share? Just reply to this message.

As you've all no doubt heard, Jon Johansen, the 16-year old Norwegian who posted the source code to DeCSS was arrested and questioned for 7 hours. His house was raided and his computers were confiscated. This is nothing short of intimidation pure and simple. The DVD Copy Control Authority is trying to send a message that it doesn't matter where you live or how old you are, they're gonna get ya. However, I think it's backfired on them in a big way as the international community is largely supportive of Jon Johansen: a 16-year old David vs. deep pockets Goliath. The Motley Fool has a great story here. And you can find the DeCSS in the official court documents here. Apparently, the lawyers for DVD CCA were so stupid they submitted the source code as part of the public evidence in the case. Money can't always buy brains, eh?

Click on Submit Story if you want to share a nice hack story with us.