Phrack 55 released

cnvogel wrote to us with the news that Phrack 55 has been released and is ready for download. It took a while, but it's worth the wait. Update: There's an HTML version of Phrack 55 here, and this is the Phrack main page.

TOC for issue 55

For those of you curious about what's in this issue:

-----------------------[ T A B L E O F C O N T E N T S ]

01 Introduction Phrack Staff 014 K
02 Phrack Loopback Phrack Staff 051 K
03 Phrack Line Noise various 037 K
04 Phrack Tribute to W. Richard Stevens Phrack Staff 004 K
05 A Real NT Rootkit Greg Hoglund 066 K
06 The Libnet Reference Manual route 181 K
07 PERL CGI Problems rfp 017 K
08 Frame Pointer Overwriting klog 020 K
09 Distributed Information Gathering hybrid 010 K
10 Building Bastion Routers with IOS Brett / Variable K 037 K
11 Stego Hasho Conehead 037 K
12 Building Into The Linux Network Layer kossak / lifeline 044 K
13 The Black Book of AFS nicnoc 011 K
14 A Global Positioning System Primer e5 015 K
15 Win32 Buffer Overflows... dark spyrit 078 K
16 Distributed Metastasis... Andrew J. Stewart 031 K
17 H.323 Firewall Security Issues Dan Moniz 015 K
18 Phrack World News disorder 021 K
19 Phrack Magazine Extraction Utility Phrack Staff 021 K

Re:It's for Script Kiddies

I have read only up to the NT article. If you actually bothered to read it, you would see that its not exactly geared towards the skript kiddie.

As a matter of fact phrack has ALWAYS demeaned and derided skript kiddies. A quick peek at the flame-ridden, mean-spirited "Loopback" section will tell you this. Sure, maybe it smacks of hypocrisy to you, but the fact remains - it has never been an exhaustive "mini-cracking howto" for dummies.

I'm guessing when it comes to cracking, you have as much actual computing knowledge as a kiddie. Given that premise, I offer you a challenge.

I will put up an NT machine on the Internet, and using the NT article (and absolutely NO knowledge of NT or x86 assembler) you will crack it.

Sound fair?

And as far as "respectable" goes, where do you think 90% of the stuff from CERT comes from? Hint: it is not from "respectable" corporations like Microsoft who audit their own software. They have no incentive to reveal how bad or insecure their (closed) code is. It is not from "respectable" programmers (like me), who need to actually get their code working. Yes, it is not from skript kiddies either, but there is a happy medium, and that is the marginally sociopathic, intelligent, curious group of computer geeks who think cracking is fun.

You may not respect them, because they seem immature and at best amoral. You may not respect them because they do illegal things. You may not respect them simply because you dislike them, but the fact remains, THEY are the ones finding security problems with NT and Linux, not Microsoft, not Red Hat, and certainly not people like you (or even me) who find finding and writing cracks and exploits personally distasteful.

For all these reasons I submit that announcements like this DO belong on Slashdot.

ATTENTION, CITIZEN!

The PICS Rating on Phrak is "Subversive." Please report to your local Ministry of Truth office for mandatory re-education.

That is all.

As good as these are...

Slashdot really shouldn't post these release notices until the day after a release. Give the mirror sites and more dedicated users some time to get it before Slashdotting the servers.

Besides which, then a list of mirrors can be posted along with the notice, to help reduce the load. Honestly, Slashdot's popularity is a Good Thing, but that popularity gives us a certain responsibility not to overload servers unless it's necessary (i.e. Web servers which typically don't have mirrors).

Of course, if Microsoft owns the server in question, all bets are off. But I doubt that's the case here.

Phrack.

Phrack is underground magazine that started in the days of phreaking. Using different methods to bypass phone charges.

See the jargon file [fwi.uva.nl]. "phreaking /freek'ing/ /n./ [from `phone phreak'] 1. The art and science of cracking the phone network (so as, for example, to
make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on
communications networks) (see cracking). "

Now adays, and in the old days phrack exposes new security holes, gives ideas about new directions to look for security holes (as in the last issue when they mentioned client apps should be invesitigated - over servers). They also have informative pieces about new and complicated technologies sometimes exposing the underlying system.

Phrack is almost always a difficult read, but new releases always mean more tools for script kiddies to run around with for a month or two.

Joseph Elwell.

Mirror!

Download phrack55 here [dabay.net].

For new readers

For new readers the Phrack 55 is a

1) Cloned Goat
2) New name for Windows 5.0
3) Beats the hell out of me
4) Maybe Found Here [blockstackers.com]

Appeasing the "This isn't newsworthy" crowd

I suggest a new article category, "New releases", for this kind of story. I myself am happy to see them, but recognize that some might not.

In that vein, the idea has been bouncing around in my head for a while that it should be possible to put articles in two categories. Many are the times I've seen an article and thought, "Funny, I would've put that under 'Linux', not under 'SGI'."

Clink, clink, . SNF .

Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty

Re:Whats wrong with questions?

Sigh... I kinda agree. Being in and out of the Linux world since '94, I seem to see a large shift from just about anyone involved being willing to help you in chat rooms/discussion groups/email, to attitudes of "if I know it, and you don't, you're a fucking loser, and don't deserve to be told!!" (quoted nearly verbatim) This kind of slightly grown up script kiddie attitude really gets me down.. and if it becomes the mainstream, will do much to turn people away from becoming knowlegable users of Linux, and back to Microsoft. I do think its still the minority attitude.. but it may be time to examine our collective thinking. Should all the hard earned knowlege you've gained be something to hand down to help up other, newer people, like you probably were? Or, should all those hard won secrets be guarded and kept hidden, so that others who haven't paid their dues stay where they should be, and not compete with you? Hmmm.. is your attitude open source, or closed? Food for thought.. think about it. Now I'm going to lunch...