-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 .d101010101010101010b. d010101010101010101010P 010 .ib 101 ib. 010 010 010 101 101 101 01P C1010101010101010 1 1 [ I N T E R N E T ] [ ( C A F E ) ] [ I N / S E C ] 1 1 01010101010101010101010 [ VERS.: 1.5.0 - UPDATE: 16.06.08 - AUTOR: ad ] ----------------------------------------- [ "If Nukes Would Have Brains -- ] [ They Would Fly Away From Earth." ] [ "When [W]ario & Dr Robotnic Control The ] [ Earth -- Torture Will Be Their Love." ] ----------------------------------------- I N D E X ----------- 0) paper updates 1) forword 2) introduction 3) the attackers 3.1) the operator 3.2) the user 3.3) the hacker 4) kind of attacks 4.1) inside attacks 4.1.1) trashing 4.2) outside attacks 5) tools 5.1) short declaration 5.1.1) sniffer 5.1.2) keylogger 5.1.3) spyware 5.1.4) wiper 5.1.5) network monitor 5.1.6) firewall 5.2) windows 5.2.1) sniffer 5.2.2) keylogger 5.2.3) spyware 5.2.4) wiper 5.2.5) network monitor 5.2.6) firewall 5.3) linux 5.3.1) sniffer 5.3.2) keylogger 5.3.3) spyware 5.3.4) wiper 5.3.4.1) wip.sh source 5.3.5) network monitor 5.3.6) firewall 5.4) unix 5.4.1) sniffer 5.4.2) keylogger 5.4.3) spyware 5.4.4) wiper 5.4.5) network monitor 5.4.6) firewall 5.5) hardware 5.5.1) antitempest 5.5.2) GSM & GPS tracking 5.5.3) DMESG 5.5.4) webcam 5.5.5) microphone 5.5.6) WLAN, bluetooth, IR 5.6) search engines 5.6.1) AISI source 6) how to use the tools 6.1) configuration 6.2) control 6.3) security 7) attacker detection 7.1) intrusion detection 7.2) autorisation 7.3) antivirus 7.4) logging 8) how to avoid attacks 8.1) encryption 8.2) updates 8.3) backups 8.3.1) data recovery 8.3.2) important tools 8.4) basic tips 8.5) live CD 8.6) secure email 8.6.1) remailer 8.6.2) how to deal with spam 8.7) insecure BIOS 8.8) bank account 8.9) kernel 9) after a broke in 10) rest of risc 11) last words 12) mirros !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!i !i ALL RIGHTS RESERVED BY ad . 2005 - 2008 . !i !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!i 0) PAPER UPDATES ------------------ 16.06.08 : - v. 1.5.0 + section 5.5.4 - webcam + section 5.5.5 - microphone + section 5.5.6 - WLAN, bluetooth, IR + more info on tempest and antitempest + more info about the windows vista firewall + ( FREE ) microsoft network monitor tool hint + section 7.4 - logging ( important ) 17.04.08 : - v. 1.4.7 + WIPFW - ipfw ported for windows ( firewall ) + deepburner link - FREE 5MB windows burning tool + avira anti rootkit software hint + snort link ( IDS - intrusion detection system ) + spybot search and destroy link ( windows ) + AISI download link + added a logging rule to IPTABLES example script + hint that mobile phones can cause CANCER 1) FORWORD ------------ This paper is written to show you some security riscs in internet cafes. It is written for information and help but not for any illegal activity and i am NOT responsible for your doings with this information here. This paper here is NO invitation for hacking crime time. It is up to you what you do with informations. The text is written to secure systems and can also be used to secure home computers or other networks. Do not wonder if something has changed or does not exist any longer in this paper in the future. If sites / links are down in this paper and which contain some special programs then just go to a searchengine and type in for what you search. Often many other sites or mirrors have that for what you search for. This paper is far away from being complete but you will find the rest which is missing somewhere else on the internet. Many stuff in the paper could have its own section but is mentioned in other sections. If you do not understand something in here then please use a searchengine and make a research, ask a mailinglist, write down your questions in a forum, visit an official chat or ask a human life form -- one of these things should help you out. ( There is a good paper on the net from ESR by the way that can help you to ask your questions in a smart way that many people can understand your question and can help you. You can read it here directly: "www.catb.org/~esr/faqs/smart-questions.html" ) Have a nice reading & be blessed. -- ad 2) INTRODUCTION ----------------- Many people are using these cafes to send emails, play games, chat with friends or to surf in the word wide web (www) while they usually like to drink or eat something. They maybe don't always know much about the security riscs there or security riscs in general and many maybe don't care about them. ( f.e. I talked to a system administrator in an internet cafe about this security paper here and he said in a comical way that he rather don't want to know nothing about the security holes here. ) Keep on reading if you care about them ( the security holes ) and if you maybe want to learn something about security or / and insecurity. 3) THE ATTACKERS ------------------ I think in the internet you will find lots of attackers and kinds of attacks but in this case we will only turn to three groups ( and two kinds of attacks ) wich we will find in- and outside of internet cafes: - the operator - the user & - the hacker 3.1) THE OPERATOR ------------------- In many of the internet cafes the operator usually has the control over any computer and over any connection from the server to the computer which are connected to the network. This means that the operator normally can control everything on the whole network. In normal cases he can lock and control all connections of the network, look how long you are online and how much you have to pay for your food, drinks and surfing time. But he could also watch to other things like on which pages you surf and how long, in what chatrooms you talk about what and to whom, wich textfiles you read, wich keys you hit on the keyboard. The operator could sniff some of your private data. This could be one of your passwords or what ever you can imagine. With other simple words: your input through the keyboard could be ( or is ) a security hole. Never trust operators while you don't know them personally good enough. But we shouldn't forget that an operator also can be a victim - when an user hacks a computer on which he sits and from that he could hack the whole network up to the server. ( When i say "don't trust them" *doesn't* this mean that all administrators or operators are evil - for sure they are *not*! This is just a *mental* basic assumption for security - and the same applies also to all users. ) 3.2) THE USER --------------- The user often plays games like egoshooter, chats over irc, icq, yahoo and so on, surfs on some sites on which he is interested, downloads only legal files or reads and writes the emails from his account. But an user could do illegal things too. He could install some downloaded or self programmed security or hacking programs on the computer he sits. These programs could be keylogger, sniffer, trojaner, rootkits and other spyware. With these programs he could spy out some private or sensitive data ( like passwords ) from other users or from the operator behind the main server. The programs could run for some days, weeks, months or how long ever, maybe till somebody somehow detects them. The next time he's physically ( what would be unusual ) or from an other computer on the hacked computer in the internet cafe he could send his logfiles to him or to another hacked account. These things could do his installed programs automaticly, what would be usual. People often have weak passwords and use them on different accounts. Weak passwords f.e. are the real name, nick name, birthdate, favourite color, hobbys and so on cause they are easy to remember. Weak passwords are one of the biggest security holes. But they are easy to remember that is why many people choose them too. A strong password could look like this: Pohwpautoda -- we just take always the first char from every word from: "People often have weak passwords.. ." and so on. And we have a strong password. Strong passwords are not to find in any dictionary or any other book -- just in your mind. To make it real strong our password would look like this: "P0hwp4u70d4" . ( 0 = o, 4 = a, 7 = t ) Many people don't change their passwords from time to time so others could have an easy access to their accounts and to their privacy too. You should change your password every month on every account you have or every few months. A very good paper about the insecure password issue can be found here: "http://freeworld.thc.org/root/docs/foiling-the-cracker.pdf" If you wanna generate a password with a password generator you could use my password generator "pan" which is included in my "rarb" ( rar brute force for unix / linux - rar password recovery ) package. "Pan" compiles under unix, linux and windows. You can download it here: "http://packetstormsecurity.org/Crackers/rarb_v_1_0.tar.gz" OR directly here: "http://packetstormsecurity.org/UNIX/audit/pan_v_1_0.tar.bz2" ( and at all other packetstormsecurity mirrors ) Here is the source uuencoded: begin 644 rarb_v_1_0.tar.gz M'XL(`,6.GT<``^R]"WP4QY$P/KM:2:MEY5U`P@(+>RP+&QF!5V\)28Y`#`\; MV6N$>`2(K<5W^_W_T@]V>[NKJZNKJ MZJKNFM[6ZM::AW<]G/6P[9[RU?=75E545FY69SO.V/3\KD/ZE-K&X%4EI;6L3KP>VN=SB:KE,^ ML7/_+_FK6)''+]SA:):6M-5G\*5\45%^76YN?DU-=8VCNB@_+SO+D9-74YN3 M9:O+KG;45)NHPL[JYB6U"%Y7D)==4P/P>=4%^7EY^3FU>;DY144%!3F.PMKL M_*PPN&./`RO8"O+SLYQ9COR:PMJL7&=U3D%U75U1;5U^89W#X:BM8Q5:02HU M@K*RG3G9N7GYA;;J_`)'5@XDG'F%CJ+\VCI;;5%VC5D%AK2.GH#8K*Z^V-K\P/]M1FVVKSLZ+J*?UJK"Z(*_&EI/O*,S- MKBTJK,YRYA3FUM75Y0&:_'QHM+JPIJZFT*'5C.A>39[#X@7Y>3EVK+J M@.+JZNK"NNR\FNR"NOR:VIH"6V%U'G4S.R\_JJ/Y.=`71TU!04UU=9TC/]>1 M[ZS)K=4VP."HS:N#>57GL!7E.QU96;5%>74U(9PA M%F37U&7;;,#;.EM>K2TO+Z;DU#JS:[*!?;G5MMPBA\T)TSNO.C\OM[;::2O,J\NW M.6'`H+-YN=G9CNK::A@S9U%=3EUV75%V;F%>"&<$VW)`:IRUN=F%1>`\305I=54)T'K,FN!AH+:FT@2S6.[%Q'ENE_>M[] MI?RUAO5_1?6C#F=#D^./WL8-]+_-EI,5U/\YMJP\U/]YV7_5_W^6/^R]N-24 ML+VVEE_R_V!1Q_F?FU^06V#+R8'Y MGY.;E_/7^?_G^$LT\5O6+5O'W\E_=HU]&[^\51(=_,J6UEH'OYBO>F#-)OX> M?NV:!ZHV\97UCJ8F_G['7GZ=H[9EEZ-U;Z(IT;3X#_C#^KSF=?!+>;'>P=?6 M.VH?;9-VM$%)<#V"HAW!I+.EE>DG*`=YA:*&9F<+/%395RQ;+R`::6==M>A` M!)JEA$!M?(O4RJ^J6D,8JOFF!E$$=`@!@(01P-H`"#I>VU+G@+RVMMTMK77\ M=D>SH[5:A&I8M:FA6=J3R4O-#7OX.Z%J\&]W0W-=R^XV8-JN)5E+LC6D8`$! MVF`9/&4"\AT[H2=U@*+.T_C:^A`7'2@+31 M"+35MC;L%*F9+*B(-#8!DB7B'A%JA[H6S(?6Q7H^KRB/2]HY>K6-GZWH]7!-[>(B29-)3KJBOEFQV[>*377B@TMS6U+^69I M1XT#8!=I=:J;Z_@'R]8&\04.(6C,WQ;T['7P:$*GU.HTHH8RV M^C035"6KF*JT[-2T)]^V%[B]P]325OJ(U%R]P_&("WM/&E?!KU*(W? M5HRUFHF:+.#5? M!$0.^I:VU92P>#'A2EM6M?[!=4N9?&X0UE4N6E$J!C<^#RJL=33OYM%8'U$+_80OV91MB16^#3]/6$,TCV+*]MI8*5SE$ M/HTY%F2I\UNP?U146=\BB6U\6AM]8XZP!T0G[?,2"1!(&E*+^=GW@OB:3`DT MFJ6/@!"3/-]Y)]^Z@U_LQ(='L!BE-GT?0;E`AIB/P2C/,"70*"]NY=-#(Q,U MRMBK8FB,!F\BT;:]IF4/GU9!8HI++LR;9I!,6$KKEJ3Q>7R. MC08OH;B8L2:BY9`CF@:BT!Q^-;+V.M%<>?2>^[965W[J$-L`W]O1YNC M5@(ML7=)<],]Y:V8W]IV3WC!7`(+QY+MC_'(;K!CFDL?<=36M_#IGWGDNET( M,0`9LA$;GZ8//'8"/MB\QA;P_"1(]];):NRN@0E,+R/F#CX:8,@592,4D MN0C5=6#)))ZF,:%/RYA,@U82@4N;(&++4A@[WAYF;R9?!5YTIK9"P+C"5(:I M:N-S;:P9G$C0A`/GDY9U=_`Y"Y]Y;6HXVJIK30DXSTPN4#?@9]>BZJ`,^H!, MX<&5?S4+)_]%V'\T;_\4;5S?_LO*M>7E!.V_W.R\++3_;-FVO]I_?XZ_>^[^ MP_X23?9E#_`U>V'NXM[0>K!1=K:V;&^MWA%T]<`W"^ZE,7^POKJ-W,I$4\AQ M1.,H"([:;<<2?HU(3B`8<E>6F418P4KG#4-`#QV4OR$TTA_Q6;74JK9I/]GK";O#31%':4T4#5H$!1,_RU30V: MB8G>>$LKM+P3%L=JL)^;VUJ:'-0C8`G/S.)6!W:^BBPBP,UV$=!)2#1I.Z`\ MJO.ZB?L##>T#(:D`E-^#^]1W: M]@=?TB;6-;0LJ;]W0A[`4F:HVE[J7BL,5K,Z.>:"<^U?(:& MLZFE!@9Q%["PNJ8)NX_%,'GW9O*/%6L\WE'=T!S1)D)@UD)L/"/1M"\A"-,& MJL0!$`D[6P'(N3`-U*MJ!D;07C!5S=[#2,5E&L!R^J64W9&QEO$.87'Y'PQYM/PT> M\R*VUH(HH6(^08']""`%FBP#$G@J9+IR:S/4+H+IMM8.B:TB&%K"IC7KT9'= M4KE^W:IM?'D:HUGK;)NCR5$K+N59+@T8&JG0)7AL`[T,,`OJ@`%W[@E"U`-1 M38XP$*B>VOJ%H'>!K0G[F&MC`WV1D)!0`UKZ4:S&,C=GRMS<*7/S MILS-GS*W8,K1S*6-?$+1M;[-8O6Y\+`B(]GG$_$N@^:[-43X,U("((GKATJ;O'U=OX'S')';I81R]+?Q>?ELF M#^Y),Y)"&HP*,46%T=DU+6)]*!O("S40L=0D1+6*K11/S`2$D_(0M8855WX0 M+U+JR%]4\@OYA0"5@6I](?]`U=JU?$:(?63T[&QI0!&$G)5KU@K\W&J0T M`1WX&(3Y#+\`7;<[@/7MQH/6S'+J0FU/BL[/XPK*SM'(PS^)C9;4AK1[KVED0V73FBY-++ITLBV2R,:+RF-;/W> MTJCF]R6$9RD)@#:CZ"^LO4.C&OR*EH3:H"0$\41)PHW'/&(YCQSY[/^QD2^R MA4U2:4FP::H1Y,/TINFGX-'UC=0; M\XAV`2)Y5/@7J4P*KJM,;'\L95)P?65B^PM7)K5-+6T.;9,MP4E/`!WTTO`\ M-3'LN).7MZ`M(NPA$_QRIK6[&L(8:!SLW M:N97/%A)IS!+$A--Z1H.N\!Q:W4QG&]UTZH@W@'.HINATV=SC\,#S_+ZY\&' M%?X_HU&':3VCF^/"WUP/R\>_&/JT,MC0=^B+I5_AN(6?H*^?]J\'\'9?IWR) MZ-B#\O8-52,(^ZJ/AN$Y[I$EK;AGQ7%/W<2QOB/L%Z/ARN#?$@;&+;3`QQ'X MC_#_.`FN9R(=]>Y#95R]C!]/X,=7X,/[DSB.DU^WUO_F&7CX"!XVUU_"Y&N4 M3'D5X'Z.SP_&(YSQ$.;(?M/N)8'T+@X*ZE_'TA,$_10FCV(RJ^=4_1?QZ;G@ MTSY\^@=\.J8#6D[5UV'&9JJ7BJWP^/$YS+Q$))D/8;;]$$^?V*S=B^L2E``^ M3_M=7)7RW_)0>N6&C02CZ]'U*,(EN_?'4%T1ABA3$0;LWMY*%O75;`E^U]"`!> M1FJ^.GI5J1I3A2&U:DQ).H8)PS$[L4P5ANU>HY$H7E5DL7;V`6FMQ\`7XR`H,=L&7]VV@]V5O#&OW3?G:/?MCY6NW MM]\J7RMS06II1Y)\[1%,;>DPR=?V8^D^%P=P'0CG0CA,+74A'*:VN!"NPP)P M[295\'>_TYU4Z-/[O@)IRZN&0GO]AB#!I?&17;$\WA((!,+=N6U2=RR/KP0( MUB6]M#O(P#I@X`JO=4)'/KL?J/PLTK$LBH[_FDS'=^*B6/IBF(:OQ4UBZ9=8 M^S$3VW\R-KK]Q[#]Q[#]ZANUGS=M^[=,V[[!TO7W$4/JHB'U;?,F3"(CEBA` MAD!JF8NHPCP8RDT!C%6KK^)8+&OV4T?M[K M,$30^%_R>!%0-FYK3Y+'D<9QH$<>1[K'JX':\:(.+'5A*::6N;`4Z!XGOHXH M'S"ZGX?T!+HO&J+H_ILPW:<,D^FN#M$=-W%L7XR))G@_C.TXROCX[5$T_-=D M&C8;IAO;STRB(3BV\5)SL/TMT'ZQ-S-&Y])BK^^TF]6SV._H<_MT49VG;*<_PN[)SV!?H>E+VZS:A* MULH-C3I5,-N]OZ)QL18-2P;E9SY]5D#Q0V6HVL'@/9)Y@RH8[?4O8C,]VS*;/1Y)V7H&6!BOW/`+1V1?E0.1]$ M0_6!/-EEY<09E=XF@-ZL]/HLE43I1599Z56&L882B*:O'NE[Y&:@+\DT-7V; M-\D],?+`F'NGU0.C$DCN>84&3ZT:6OZ];9&\%H^%]/ M<=[/FW'%')-=1DXTJE5&51A3]/@QA!W1Z.N+-4(?\$]=D6YXU@P/ISROT0"^ MIO'7^Q0@:@S8D2'$9*^9^DKC)9=2?6ECU@\.8>57$IUSN='W8A_^L+F$L"V3 MKQK;+TU7JA@\![Y'0'S[Q4,K1N"O:^WSX7A%F(BASN"7Y59[ZJ&KZ_]MS*N MJT>,MWLS40;*.Z]A9UK_>\LIN32)^)7<%YND=;'^"&+\!3!U\ZDGD;BMZ=9* M;TPB":)S-*:,$TUJ.?"];"9D]94;:;3*#2#D-]F]6S`3VHH!X5;+2R!UF]T[ M9U94IMT;RZJ68%5`Z>;$N[,"Q:G?0T*EQ#X#)4@=)JSJ#!"Q/Z_T_@A$<+.O MR-F'O;W?$/"4KU;*C?1II<\D^LRDSQ3ZM-%GJJ=\H5+.*\/`QB![0OQO#-0_ MAZ9L?6895Q?(P]PZ90%^R4-FZ+_B\.)+3GJO>RDT_ZSX'>!.%4R?KA[)V*CS M+DW"K@AC6,%;"@_>I_#C5`I\?&XNQ[WZU+?*.%]L8([<:^@I[3H4)=`E2,/)@I%KGD3(XI3J\]'P$ MB-HL5XP%H)=JQ7"=DH@TD0[LB.BO/)1$(I<$X@/S$01IU&%5>KMZ+`?>QTZ[ MS)REZULXIH)U\"*-;4IQN76WI=)[TSP:1\OC?\_&C3.(21L:09H"2\BOGLMX8_:VV2CP9YD_G MT`&<.,@B:Y]`#FZ?<)SU!QAVFK"E0%%.()L.*(*1Y2^KI[]MVX$_7[6'J@Z M32P\BQV23P<&WP')U[F&=1]25=&"7YQT$!@[^)HNM'#W"9?8UP#[NL"^SK.O MMS0Z@;N^N9:7!/\K+X*X*[_-.#?#X#D.22\N MOENZ0Q62Y!Z#(B2I96,P6K!T)<):/GH>TDZYPF\H]^7W"2,T75,[72/("-R]'9GA5Z'&5L0TT^_1*T.&I8KN.D-]W%2\0XN6(HX+.7*^?=A7=+ MLZ+;&B+40T'40T'40]&HAR:CIOZ\A?U1;M$67-&HG`?`0J91NX6/2NHEL[NX M7HKO%3ZJ*??9W*Z/FC"GB7(^7^Z[%7(X*<5=O$::[=ZGRY<2W?OTN:Q4/A7C MZ6H'@NR$E;-[A"3XWV/W%E*#5F#?+1H$95>G:718/+T?PY0_'0A:*-'K&ZRG MP27!//@\BMW*E.*5UMVS-WB_.(>$W46R\3V:@W$P!ZV-IDIO:[KF;X[@_!MA M\CH"DP8Z#J;C6,;Y,IR;%N4=J%SF+M%STE7(4%W#@%_=0!/17^3RXT0<8Q/1 M#U*Y$F;AJIMI%NJN>5:&9M\8)UHW>'\3QQ1[+.#TW8.BWO4`S<$XF(-0_A^1 MY1;,QLFXTJJL3,GJB>Y^A'XR5*K;8,X;NX6`IGM@`?I2,NL[H5H-$]I3:?6L MUBFF@U6!;JOEI9CG.5B)I,3G<6]'G.-V!4RPI'KOCZ1@9I0ZL!P5`HR"L'T$ MQM?6=#,L&L7EJ;OF(GB9.$N%!:0RE1JS'+4IP[[[Y7T+.3%1Q54EJ:]\(5L! MDX#27=8(R@#8=VNEUY]&)'20O7=3=#G:<5'MJV!Z(0GRU8"8["DO`SK:$J%W M"W3/P"#X=="1'P1\2S`G,!X()')VD`(E!@F2S$"#4KX0%F=:"E-5ZWV*53G= MK5=.!Y<]XF\9R)>F%T):XD)(P0V0@KOD<7D]4M++N%'VX>&00K?"9`-=\@;J MO+>8SL/UR".\`?9`,E-[J+XZ+)#M+@RJ/N$L*!X`2;P#6!&>J(]P8FE`&&[4 M-7*X@@6J!E#]G8H$D'XF7PN(LP(5PXW`G!"0;Q?D^#X/^O"-!5("Z,[5BM#C MBX,$?*M"CR*\#@2`MO8MGZJ!JM.6H[.*^L6TJ9''0(XJ7!A\$71L`#7^ZX#^ M=1"^;T,#:M60#G4.M2W.QB\0^U^-HW-R8;!3AVP:0ETV$_647:=4#8%Z`!;@ MO#S+V'BV6QC3UCO?[9TN/^FU9%@E2:^I6&,64VW^`"S\`F*(TF\_9'G@_Z&* M^\:T(!S*`%*,!$!X0'\"25(HKW^`I)SCF:GT`\2-5=V7>`D@>_!SHUJ!F MZ<#YO"+=FM`CI<#$,D,Z!1=](&)%>A)\O^-;IIS`Z::N3T_!O'.#Y]X]]^MS MYQ-^((V,?JCTCM:E6P%B1;IY])>Z,ZTW%0/<;F-K?#'`[M(]D/4&3N"35N[) MD/[(NI+UKEQ")CRF#-Q2]\VFC&HVKU?+`W-`1''_Z"5A?(;@ M!TT$.C.&D[(KO2<^#`0V`WT'2/J@4HV4"(4\)V4XY1F\SP(Z3!Z(D?TQ8@ID MQ``,K%`()_83_"+Q-#F+"]'7`6#F[7WS+F9GEAOD?0;.E5;IW<0:\MTJNY(X M%]B$J[0,L%)`'QJ\-\.SQ.^-P=[WWU+K21*`\G43(F0#(, M2E*7[2AXHN1O!_EO!/[?JTUB;+ZPDL&('6[VF;T%<#:D#%LWP#.E-V[3NMG7U>@(Y54NI4^ M4^C3YNR

EQ35NL&R]NL[:^SD#8`A>+V&+4-C-;P&*5MA0P-]MLH34WY&]3 M?U(J-\H5(P&UPBB?&!O%<7=+EK[8]&-E',QD;G`Y^%NJ3NGK_!7J*<\R,,S& M/&M?'O-L-HSBH8G;TN7!08[Q;)7'#AFA6E',[IQ#'$O,.C2&/(ZQ_#U;"H9] MLP\9CH5SY!X]VB&0GW7(RJHD'S)'`1A8K:2HS#A6"PP>-4;7IQ0K_A,#>N6= MC)/*8P;E;1B(48[1-I]4\AA8+C]1DXDZZ^[/8$8RQQ[FT`-1:0U3>3/E$J76 MB9264IF559]+#^8H0$,80U)408AJ/Q:2C5LLC$D%(`]]AJZS+S&W%YZ*8E.A MHE3EBPM0ZA!^R"4,1(J5_?'MOP2)023@&GG5*B\N>,O'8/%0!:^R'&>ERC!B M`XGD@GE!DC%'*6+<.D/<*BY%KNS.+BY%A@0'K&_2@/5-9(.MN!1Y$!ROOJG& MJV]RSXN$$/"Z7,A2ETW'@I%B,\%B M_T?"_0_S!NK!.K5`J1A2*J"Z7S$'`5C3^T'A^9_%E`_,#"\QF[`O&T-T]P%3 MAY3[\/1&`2(BF*H4844>*FHH'V:.9O1?)2P^H$C$.SSE8\6Q(P"VRU@<.PS? MK0F5WF;TTOS&G7>I+MHG1UK MU'L3,`G>>M%)<5:E]]J=>+H52'[]%5)IAJPK/F,@^30\*;V5WJ\OP&H3">@% M`CA8[\P;O&<1&:HI?5;/5/H7=_GLWBNX1-(RMZ$\V[:IW&8+Z=FJ,>8+C)89 MP)+GI'TTK4%4\8O9M041B>4,K-4-<(%:!( MS7W"=X@V`7S)B+4Q4.G]&U9Q&YU";HMR8ZK(?L]0EZ7:U64I=N]6#108\F1H M?W=C52/7R-5O6ES&!22C=W5S&`M4-XPNHZX2=M$"'#+"&F15],=0UT[@'ZY$ M8.#8&\?K'UD\*J@66/]MH^]4W1.Q'!%OQDVSH'V3U5.GTK92YUX#-BA9U8?, MZCIST4-&*9:=RD;YB_X`MN-'< MJ`LD]X.,/6MX%<6.61MHSQW"#!#'MU[!75E\P+_P>D;RU*@+@IU_9?+^<7#G M-`QU`:!P"PC&9T+]@8GUR9XT1T!-E2#KH0UVW$E3$Q%.G6^&SXS3<]^!24%'R%A&.^Y6 M:-T;&`D$MDRQ_U<'4E./9HAW_JTX?T]I6YEX&KM9F8]3&)0'?/(H]C-[RPU< M7PSVL+<\UB2?,AY"B%A$4'2J]><>X3F@;?@5M&1=[W"6`U=)LU_@V'XBV.FX M;8G^%"T,8W1$,*8[J53Y2]%EWT_;A9!XE2S."D:9/#](F>E0.AVZPZJKI'X' MFY89<5-0IAJ^$TG;SU9"8T4$W?X<'I8BASBF_U8`$>!EC9ZD:98_>A+WL:49 MT)41INKN4/RHUSX*ZS5/ZDE"H("M.G:0ZRXWK`I@?_S4,7^Q:[C]'[,"AQBH MO[,8V[%T?1/P`J&=70&TH@]?@4S?3#F@LWP9I2`6M\L4X;`J'(:F_2A-P@BC ML!F6+(T<6'.`HFV!Y#%Z>)HE&O7H6WFJGEEG1U!5>!K`N>\2]>`?/8.FD3"" MU`XM"."@^/52G/M^0YEO?C@K1K)"EM%GH@(#?+I7R8$8R^.Y0`.Q'I`:`.F4 M]C,[7UA(LU2`!6LY($Z6VW:Y23 M8N[W&0'>T+LLP&DV/:`6$WVZ\H,Q`'VU)$'\'>YO':!58R*5X&A@O3'L!!4I63G:A[G2(MJQGN7>ITN38LI]UJ#+$*\ELGH0`(0").G<^SY+ MJ%-;&?'^!V$N_/I@#)!]$T)*)B`+.Z#WI;+MN$D\&FR$(9S`G$$\A2+Z+2'Z M^S1K"_KP\&1]T3EDUJ'B"R0;OXNKOOM>3II7;X`\3]?(>"``ZB:0;(8BSW?P M$5651QBSXQ*WP6L>Q\.-)#13J_P>PQ?`?YO+)O:[I'+&/@)Y"58!*(]!ME=N M\/[XXV"UU<_B*8DR'T],IMLO1#LAD&Q%ZO"X03(>RCQ*Z>!.YC:_;V[DOJ=G MI\Y=7"K&Z*0QW8>(YH*1;\(H9IER*#_;6]WRSR!M=_:P862B2]?O?S'AZ&:?&^S@`I%P.H([WO;M!#8G(C1R##MQ$(I@,_(:-MCMQK[!S' M[9K6%W%W!,A/8>2?FKA?:V0[M;MP1^)M*,`-2OV3I'/$>^`!%/_S&`&H;1PL MP.BR6(Q@`S6<<-*I].,F)MBI7]?J4A?*)$"BC MC$SF8'M__EX@P+92@0#PN]'C?B2K)]I_QOU:*YH$W:?`2`,M6CA/,BC]/N/R M-5T_D#X`\`GV$,%O)9/.[(L'F8DI)]#?H9VWY93FC\- M4?28."I\[%26QQV#>1D8=``,;O/M*L,MG*/<`E1NI6Y<$#7WX6[-?2C6X[`( MXR<&XF`BP[HIO_>9A'ZDR+WC8YUO)]2_PKDE,\.#^;ZM&LX!Q(F(I=DL!U95 M!.@5H&*!!H3;RZ4#44`6#4COFT#+O^H8U5(9;0^9U"JC4Q7&G=1!9]]R,)[! M$AGG<+EEIU*@ZOQER,8J,YTWPJHXV$![N_Y`A77PQ\`,#918>N=4+#V$C+>\ MQ"W@+!PWN$AW8^[&`\Q!X>,2:UN>Y6@/^)N(@:WDZ4!!&2[TPX#,-8=U&3Q) MIVI8#MW^P`G".Z'7+]/$$#Y03G:^AR2<^,C87?4QS2EQ-E*P@$-SXVC5!VQ< MG*/"!YQ5G$?$G3SQGO&$WTA+OC;;-(@R$;>=W86PUC%N:(R@0MYRX&9:+B:Q M>5*70QQG44PSU!"WP:OVAHY9T+]!2>\^Z4MP%\&ZF]5S:EGA3.E#Y738WBVL M!*SHXLG^9>UFV;^J8TX@O:OL65!]KK$%E@,_@!$>Q#!&%4$V60YDH'0^WA?, MJ;8\_ET,H_/OL3SQ[Y"`RA?^B2)RW'N6-B'SC:H]R7.?3ED-2XQ9-<)D5FURB<-BE5=/@;<^@C^7V&GJ,`(^;Y,6.BNL!W)E.`!H\73 M$L<&JX$P4'-2*O!!-6$3)O6A,>6<\L,3UVY3*H:5;2,^$7"Y'UOZ>5!R#,@( M0)O'U#5^#6`5`VB<%F#>]-C5BF%UV\BT:11J1F,]T`@L,:J;#$[EC.6U-X)H M$,2WD@'5H*9A0-UG+*]&PZ1!T<&RI24B6"2/24E!0.5,&(:8;E"YKC==O0 MM.G($;DES$/+2]',+I\T(`!S-!KFMJ@!F1D&!%*T9I"-,*_+M%&1#+A/NJ!Y6C94@6\6'^]Y_4*.Z5_4V6`[^`IXX9X//6B']U8)(U!J0S*9)6Q;WFND3AC=,JK"R>(5N,>&I6K M['1Q,$87FLN6`W\7R<^JMZ`U##!\"S?8ER,:>0^LU29JP=ISN$P+Y9'W9'*N M9&*>-3(JHM]73$UGK@/3N,QJ]R9?07\$++'S,$D`WWE6!Y>WL[@O#!W.A"0= M/_>K\*_JM+(\U5<;-4A,J'Z=%(S_%-"*73Y9'A?X%D5FNC$4-(&MB.?173R_ M@'EK:L5YF'Z:13KY?!#,WMQ%Y4F+RE,6E:9S?A4=\M.$3J[#C"3^>/>V_J#0"$SR59D6/ M1KANG\U'D2B7820RQKNN=!R3]R5Q^Q>IY4DL.G-2':`I25>N57L);:A]*4A# M6\J-:!B\`0V-$32D$@VI%$(V)0VI(1IRB`:>:.#_4!I^R85I2.?VV]3R=&@_ M5:VTZOJG)B0]1`CN$F$0Q_[[U+:%OF77(>2.ZQ)"KM$C1,5WV4"+=AKH^W"@ M;X#W.@-->(T,;\0Q(HM7(?\GZXW"N9)>.0-FG1BSS/>!TK]%BP]FYQ5:@(R) M=HD'/^)8!*%.1(]Q2//Z@D$NG\9C/*)ABG0%2Y@K>&]"R!6TA%Q!=`)]MVC^ MWU2>7\1A:U+HR%6M-&><7&>GH]F[;F%'L[U=5UPF=`N7(W,6=5V1DB@NYWV, MRUE&<3E9/;[9"&'W`"ZK[@/%2MT/^?]:O)>STV4,!"1BPN# M'S"-;/?^$L-\!G\1?/Q5!CZ^%=37J>"^KM(%E]3Y((*TI/Z*+:F6`S(E0*D/ M:\NJOT9<,O@Q*3T_+JOWPK(:!(.E]1>TM/IA:3V(DO466T#D'N.$)!U^JM M-!:^!G@*E%E9\`U:WNL"5EK!1F3_`BF>55HANT8"XCP$76U%0-Q$#@-CD`V6 MX-;D2`#FX6K?K,8`-9.N-:/7EI\GH^,)8/U!:F-.>&\Z,7"3YPC.767TQ*_T M&[VF+#IIQ'VZF7VQ>W"/C78_!^\%N3J4A,<:R59\@ZV_6/"#*S$?'RA?UZ>, MG[BLQ[`.OW**3OK[,_J4X1,#>D]2C$*UE(\P]UD$/X2GJ'*/H>B4E"B7^E^B M;9-6Z/<,A^?E&$\\7(K M,831L^+(V+.84).'(PKU\F4]8&$@F\:*\[0C];S((_7>24?JO9./U/,BC]1[ MISI2[YUPI$ZGS(?P(^I0>Q%X%LHV+Q4HJ51`:>U@.YD>ICK:+J>C[<_2T?9G MZ6B[W$]L)IZW&I2<2)S7.YIG8K9=/C6FQN#&<8=G+#1[4QB\/!`+LA=#IXFGQ_T]D$K;X.T8H^U1RX%2G$H\0ZZR45*+ M?0D8;K$_)E`QHO@S@)(AV6^P?&$OS@B*BA&&=N>SH!U(S69L$(:"?+CD2V)\ M"&81(RZI4)#+XG:@UAS&BC"(@55,BLZ-8Q5I;V@$W^TZ@%M_:OF8(@P4;QOX M_>-`0$Z%"VK5!548H#B0`8P29'$@J9%Q(!="<2#>T)2Y0'$@VP:4;1=P$J0& M`<)Q(-[09+E`DX6PXV2Y0)-E@";+`$P6G#(G3[RG5][..**YZ.F;DNH]'X3A0Q-'PD>/`/!!Q/;K30#ILCS;^U]-C/& MB,2HN5W/_',9-XKO8G+X,I!Q]!2Z>V)^B6>BTR(+Z#SK"0#.R@1 MC,5T-MPV1SDIOW?;"7\L"`.+H.F?'$%SEEZX&(DPS6@#&,W7?V/6S!18>-': MJ-?,I)Y[M)=9I@)T6PZ\BN,NF;58Z\&OH1+[WOO7`@%?BC*\\F"*^YI)2@B` M^O2OZN42X;,[Q=.%Y;CH=7Z$<>^NF_"\X`-<`XL%:^OI1C(?PU!*O_9@GTR% M:NBW!Y)3V?$Q;DGK0"E]A6I>S3A7=-J5Z'-HD3^@WSX;V9#E"Y5XJKV2-:?2 M_HGY1DU80D'E?M2!"2'@-4BM'"BI9.S2!+^]* M.4A&)@LZP#4Q%B,:DJB0YO7IK\KOQ>OZ3_ACP$WQE%A]LR>')7Q7#@3$^WV5 M+-+AJS2A4.$O_]3Q#6A3Q?I,*^7Q,LOC^.8%O2D8T2V*+],BQ?9."M3R&$Y> M*3/HQ(<["^E0<&/7NZ(9X\+FR-?T(N];U,C58[Q"()F',?.EPN/OPH^)\#@2 M>IR$O,]P$@LQ#C=J(DUXWR%,WV.34'26$`KID2!=OK$A/,HHQ[A_RSE%(]"]%9P,>EMR@OY$?G1>Q1?%+0>^B^[9??)5._B55S=WI`32 M/3O1K[RJ:]\K7RWO$"'CK7_&C*;V>OEJ*[J4GES(Z+P*"IUK7]]Y%6/#.]9" M-D?9AU'AMW5>_7_P^^&.69U7\4H2L:KSZB'\SO;=WGGU):PZM_/J3[`J8BP\ MC%53X@&`]W$18<9'R[6)I-"5]C2P]`].?8^F9F%X7H7A6 MLC2^D^];RM*X=OF6A)GK2PLK&M\PFM*7IL`'S5_P,'3>_,Y=KA_JO.:=KC_+BF^6W#.S&SD`&0V`VG4!]YD MQC(&W^'Z3O$"JIB>U/7N_D3Y6J;+V#E.DXXV(XHQ0#1#+EV(I\X2WZBK?[(* M`]06,H()YN:^6"Q&I![#U]LQRJ]0L9$F.A6*-V/OL\G[,CE70I_P-/H"H(C+ M,Q7A:55X&I2HY6AL)GHPE;GT=DWHG48Z3]2V+,':'2K;;?%@:--PGS"$MI)O M+KZ`Y*T<12TJ#`??G,277L`LB7WUZ>?+@F]&^MH]PB6[Y:4XNP<\7>\SYF"$ M?4][HE.^%RRE!Q7P2UUQYR#76OAXW+/U@NK;=TE>>RY:K87NE]\N_ MIKG35YZ$>1L1'T"J5<.Z?KOWY@':+=;M2T*LHE7NU6>XQG`7SO+$8]HE!I7> MAX(H"*V&";I6+`R+;)7[V9L8=B(,!%5Z<']G+?#3[3)OPN/6L]^#_M&;12\\ MC^;J63!DH:P%RTZ3@-YR4#"7[!$32S:)F$<"C&\%6:DSIUF83`H]L!,Z1>A7 MJM["6G6BH:1!6A!Q=#>7CNYFTQ;W6Z/GY3>XT7<8/,OJ>D-*A"%(H"WW3$ZT M80B/(KR.JV1%O[KM+7SQ]K]@V0K<5OG0Q@W>K7?A?MZ%@P:]6O5Z]XKD`89& MK?#3-LLZ>^5#WL*S`7PW0=$I#QDPTH`1$P7RE;OP;H%C2M5QUMZ+"@4<:9LU MJG1,=1VG]E(7@F')R`:4ZF:#FJ`[/?.=(`DO,A*,:L4Q==OQ">>6[=8.Z/PN M$QM(D0[&_4:,%@B>I=U"FV4I;;/=[;$#-K1!D)BQWA7PI%89CQ&7*\8R\'"` M\*:N0RMA??+`.CIF^.E%$AQV]E!D3\7(`$PNLJ2Y(^L4JIJSUUD3UID3T'HJK&N-_8G:+E].L"DSG9UD8F`R':=AII2,H-L!=)5V MMI*I8W($$PSFY,/T"HO1J0B_QF,\Z7Z"2<4P9HIEMK.6S"4.T5CB!#3;46J/ M?^Z;3**/?_:;*-''[6RGR^Y][0*Q9_!KL13A\6MN_R?$N"&(<=T$C#LTC&MB M,50CV.U"XKI5[K'B"8RQ5V^+SLCJ@1F&KT"ME@=XN6=3MQX94I:D)Z*DF.3/4QI)EEJXX"KDQ5R-=+R[3Z'K11G2!U!X+\AN*C]RN&;QX MNE2F"/BV./#RLN4UX3(\'K\8NQ"J7=@V_+.!?]QEIM%[>^#BMN=\1FTDG[LH M/`?CZ91W#!DPM@YW&,9Z@28,8&],I0WE=Q?0&%T4AKW#"W`2'0;^R-YXP-_5 MLW\&Y+\K'/[I(*!!V>Z!_+$^X9EXCKT*1N*M5AV6W[-T6T^X#AMDUV%N_PQ5 M>`8*G@%5>@'I9Y,`!2.8[0LADUW'N?VSH)D+\[$WT!7+W["+7L8\5:?P@.VX M1SB%ZP/TND@X[HH'^I`+P.O+G.7QK^+JH")3^HNKCKN20:IA2KE+],967&+33KQ4&WZUF+!%W`/%V_ MF]-AGUR)@8HQIRQ=^"A1UR][ M#4Y\[Q0PKR!IM[Q6-931+P^,`9-&SSMIU62O*J1>$8[K1.M%W',Z=L'\_7Y8 M&P#Y.=?Q@'`,6=[Q4Y\=.#C$[5]S,9;_)I8><[[^&PJ"8FF;?`K MD('"6'L'"N.+)(Q&)HPS21A?_.G@A<04HIB)I)%$\@BM=1EX&<6+=F_5'=K+ M\,\I52^$Q/0%^:0-Q^# M+`O.^TDSH+UU2NG/0^E_KDC#]IR-L#W7+7R;2>X+(>E_`3KZ`DG_MS7I_W81 M2O\+8>E_88+TZY!X.R+"B%V[Y6CP(AX+W7"0-.D\@-TW\BE?6/I`CYNS%/XX M0K'W\=3O*F]V]5BF7M/K$E<&MIC5=Z1W[M->?O$U5C5[$'`@^O/ MQ79;5P4JK%.]RA1KPFV-,6U;8\0^V8\TG`03/I-9Q)\);V/X8R?VZ5:*R1S> M09M&,_7,F/0^]P$S]@<#[$5%7=^4/75;#ER@J,,Q3DRCW0V3-&]RIQ'2:/!- MYA:5\-=80*G2.[@'PRCOG2<53=E:F:6K3C<54PF_?G`5U4ZDZ$%BJU_Y8.7! M6=W609Y%?7A6%`:*>MON<>_7F:0D,(%#@+V<:?`:V_B)KHGGYRNU72'&\T:= M1WC_!AR/W#@:)A]AC,.(IU!KB8/X=NJ4O5PM+G6[WC=)-T42YZN.K#RIWL&* M][O7GHS%$!$S'5%-@>$V<,L"E=[_9`?%"(#&8!@I5`6OHM?RA7UT;8`6*MD7 MVKV)?C\WM3(4]OLFI]W2X,>@3(P`LZJ)=6@]S*__9CCX5Z>G"$ZS.R"EA-JU MO%1E[@Z]=[`7RSF_='M4^8F/XCK/]$`Y`9(VLD\`,,-BWWEF(`B#OK4O,P0# M:N,^4.66ERK,2L6(Q[Q.]P.U:N3-C^3W/M-YQDV5<(`Z_I-Z;;&R M>.>`-ORAC58Z"J>^WCE57Z.C+O;T\1>SMOW,4>WLY*O8V$(Z]-0=C;R]3[*T96'M9B[TU3QE[ MRR!XL23$-\P(8)S/2U67E:I+OGAD-B1P0[_"V)VD._"&A"]*Z<+,(1QED@G% MWG+`@&M1%4:O!3`>%Q!/];XIV]_$MV\$,UZO4F7T9;D?TRV68!T*%.IWFYR>J9XWZR,Z?]>X7VN M%TAV[YO?Q%Y^@J&)'F^Z?,J#[ZIZRLVJ=;EB=2_]G&15RS$81;LS)71_S[7& M;5#@+MP&[F8YWAUP'G<4,$A+%<[;O7_[)KM72[B$1V)K*0KQ$H9Q]%,T1$S[ M+;)7;V]TN[`V/D(H/E"J.?X?BIH M"YC8;MO_M1D+Z-80`Q`J`U""#E3ZP;/QZLRVK-"Q<-?1PL MBAU\1L=Z(Z7#*.E9#S?2Y!P@&1U0/NBV]I;?JAMB\ M[#?NKE;+D_".BJZ>]N1`.0M>*#?8`[,I8[`-7! MA#D/'G=_0)P?N)_B&"C+H/!P&6863?DD^''(J*A+/M9Y!U&`1]P6/7*U47G&K5&:="G`O MNN''-S.K!S+T*,#R@!YH?TL5WO)]!CD@X8O!6GR5;S&1/8?D&;SY"TY\.P]F M5-5`KY[$TQ6'9XSEYLBS=IK?6RO)T4E!@QKMU12EBET\0]<#59U6[$D>X2UZ M[P+#&N^#YZXWVF^9+D+E=?)YH4BN>!VZ_SI-UT5BK.Q?+*T*GY17C75;/QG" MGC!")CM@Y`O7PM%1]GH9UA/O(R2TQE?P(0,\.K>*JXQP%M8KFZ7K&]!IJ*7[ M9$T>#S=Y')H\3GW8@WW8)*U3\88D3%LE,'?.6H-[;S?$>BR,]1A@/:9UQ)N0.>+W2*U4 MA\8&7"A?I4?XL%@8V773[S-B+X8;>S%`&R-CC/=C..OGJ%7]Z^SU33AH^\X$ MU=X30$I4,-/8E,%,I!SO`'D$XD#^H0Z8C!5'`BBP1YC7=60P'5<+Z(<^'+%F M9F'L3&)D?YV8(/L;+%W-I"#/VAOI0BSOT%SM%D1R/"D*3Q>*-V&$/']83L,,:XE6#H^&Z*;QNBY>'P8RSDC5W).#$6K.(Y==L+W:>[ M]8-U^BE"UZB8Q:RMN$%Y^J3R('KEM*(?C+U^\2]UTQ4[E=,81_[]:0&H_C>N M7_PWT=Q^=6INPQBY"W?BG573(KHW,OZ0CN/R]E)Q=%\?^$&Y8]/BQX[1/OBTY6MO]Z(8/#1M#7G35_&#I&FC+?:P^R] ML`T5^QJN!&`V>80C&`=UO97O!6WE>R&@2B]H=S_*XZC^QQ=CE,PP*9-AM$6N MB^\2;Y/%-8@(@T`VN MH)>(-#IHMRB4WG-=I,]H2)\!I,\`27,TD@8_P`MMQYM!I8P_8.GZIW"@203J MYD]#;[5XISR^3+P=S86D">;"X`%H#?(&VV.B&KB^\15%.](*#3PP30-W:`W< M$G,#+C^M(7TZ@&>`8.4L%)=,:^%$\H+&X;C^!NB?TM`_!>B?4GK#%\\E$(>SYBF#P_K61\VZJ-'@5I>CG;\>`..UQI+5ZY^JO%J^#3C=5UV8N`T MDG)6]RD$8L)X.;&!E=,TT*8U\*CNTXY7@Y@#+/AD@^8DUL7?J(T)@R;[0]/B M1G/VRUK-+T/-+S/J0&FLD9JN6^M)K=:34.M)K"5BK?52_G5K/:[5>AQJ/8ZU M]HJ\/+Y9O&5*3B1#AF\2+S#.R?+%FV,PB."3"PO5'+>)_^%V!3C<50HKHN"- MDFMDES\=K\F-T)4!P0\#(@Q]8-=XCSY7%!3,%GRP%Z.7Q\)\JM/7C] MW"=E4(002U_^?=:]"'F6GL35Y0;"%2')TN.?0+B0N<9/R=QNK8UN:*,;VPAM M?^@XZ5^G51Y(A)0&-D.Q,"S-`#"TU`^3I7Z8:=O#[()D(%#/L0V++W-L5#KF M85@(VHE'[-ZX660G7JQZ\N*VIWQW-W):_N69$?D`C[__8_<(3]F]K[,?;D"? M';>KI*2HO9R+PE,74WR94+)6G%3R=HIOUF3HJ`#U"?=YIFKV4NE.NG'DUD9= M/<8-'<*KYNEV%=MWR[AGL1#\NEH\N+UD/X2/]D!R+@NFK.@$90*.).Y##ZO) M6.@IT8//0SB5<8_A5C49\:F)F*$[4]3?2J&1C0:Z<`NO=[$Q5'H*_`J_GU2Y MP;/-ZBDW**?4G6,;&LM"O[N`?JO\NC4J_I;Z4T+]P4!6$;F"`:W!4!M_(S^5DL41;,Z0G>$C%'V[.=3=:-5?;SXH(._#T-*U3/IQR;F-J>"3EEXGS$0S<@ M^Q9K>UF40YO:@/D\'K-.Q/PR'38MX.+QA/+U4OS=,+&M`[P-2`,&<2TV]SHG M%ON$ M02/O0I"\"[$:>1?T4Y`WC\R1(3?QG`BZS2,D*<);%(U/K\0*_5>$?C=N&`SI M"*P,A^:FS@JTM@V=%#,M MI'<0E7F#]R:MMF\-NTUI?U1;`/";_Z,!++PB!%9+O!9/GS*I8^S8C@]-[0GG ML]K+8Y=_HOT4!8LC9)%T^.*=?$UG.?`![MZ^*\[3PME/,&`:PS2/OV0.).3+1`8BXFG'BB MA(EMD+B,X3'K/<*UT(8='M`/L5"EX*\C>9;;U*HA"L&QO[+=Z70&(R;T&&B` MKWZ>KN?^K8RK_V]/TCW"$]ZO_D2' MV9:H@U^?H]+[[QC,I_0Q*9]0O!+/EI&M9OO&0'()7;/%`$.AOO);VDA/<^3+ M?TQC.^E^-HR"UJZ_QO=TD_#Z:XS_'?VMTI_UAL].UU_C;41)F#OA^NL3HW7I MYK^%#Z-V]W72;B-\`^`NXZ(5Z<9;UJ>;X=L*WTFC[XR>E]_A\#+LB/5MXX;* M+`PZ2TWH<26MPENV1\^/OB.?YQ3(4[1+MX-EUG!9$I0%K^W&^.?4T+7=*=JU MW:>H9'UZ*N:=\YU[F^A^%^C^+5W;G437=EM#UW:G:M=VIVC7=C\HQ0=)_MS# M2#3M7V`59%7""8QTEA+HYN^?0W'EZ,^I>2NR1,=2/]>]LR544ZL/M2PO+8M; M,-S!<:7X(=WC'%T69^&D)*>\U\!)B?"EYZ0XIUP$RO,5TN"QKZ`:=BK]&).' MU9\/=,#@3U7#$(P*#LEC:#W>2?&L1L`1-;]#Y<-3E,M#YJ^]W9YNEX`38HG5-/1MQ'N8&%\RKGE=_B3X3A2T26?^U7 MSM/9&KN&,N)\(+62G`6\?"_@Q$NZ.Q)AGB?I0`]8M\)D9W$QBTM6BADEVT5C MR2I+UW8]A76E.&7_F.7QS7B_#X:V&(N79UH\]V&A+*3HPN&'Q:$@3&FVY;6J MI&)[ILO$(JZ2E.69+(S2\EI%2L89Q9[9]89+BU=$'@!)*9SEB1.W:$PSCZ@B&>:9,!L.%@ZY"@<931M\I@N;-+'"/`K-2&"D@_,IR7H-2 M5V?BM1:9[#&IB"BF*E`A"0F'2LKR="WP!%N$AC"^^*5O1X2)0J>2L%,+!Q?$ M:#PK$I)<.Q'!Y*KMH:K8IKHZ%4E(U:@C5*<9A5$=3@[A"/4S4,:N4.;*]E&![1&6&D/0I&3L5CS`.";A+-RQ$-OQW_SYE1Z-8QM,;ZV$A MNE^#1N&9I4G3)"&Z;Y+\4#CH]E`XJ-`MF'US*,8SKE1C1 M/_H5D`HK!B*OL<+L,,S\-`Q!P/V?!58F.5A`C2&B^M-^D!C-[N46XN1%Z6NPP9"J[EI;)">2`)C^!RV9$4<4%= MS>-'.GR4+<1^^XF5N1@UPN9;[J(JOV)/B;J_82'=&A?G$;R*0*_W"6.XUX)Q M?U&_V_$()PW2S;$EBZ%KBS!(28M\I"L:+J%C>VD1J:%+W<+[X??HP$YYD]-, MOV$\28-FZ%9W(]Z>!`WJM1PC\_^J1KK>D(K!]"EPN]Y?)-W,\CH_PEWXW7>T MQI-ML7L>%-*)*BM$MZJU:#>&N.#`-#^SG7\ZK M51?PYT(`,)DA"[T8<%Z!(C/+9$\,G)F@P?4DM_+&3*-#M\5XJCF);^R'51C? MSG8+[Y*/Q[6;V"49_O3]\^EP/,0KBFQ]!3\&W].N\=M_%SJ(TE86J2FMMQPM MTX7.:U=B"?40L MOXL.?B&`?I\09-<`AO]4>#WS'X$U,N/M[HKWU0JK\@-ZI:'RH75V[X.C&'14 M\;Z6AR\R,/F@)E!X&"OK<:?N-<-R>SUB\J[^/]IE1EY@D_2W`%4LO"5-SZ3O M,=K4JOZ,?HHP^E(7$M2/=V&Y+G`NO:\9OSM6,L(C*!H]-_JF?$(GO\GI3LQ\ ML^B=UCMV&XI.M\['"]Q[ODI]V/(/^'+'@+KM4M$[$A2*:6'98U(!3$)Q!2;1 MBY#"NXOL-'LZ30C:7?>\9@5[P22IIQ,;;_7S`D MV8O'Z>=AG-]=T36"CW>HX'BW=XV`LZ^R7+7J?,;)"^8?/P<5+@A>`(("#,OH MZNEX`V/9!AP`Q1RT@(D26[!CC1 M!)@P^+W?%W<1&^Z_*/2']>N$_2;CQ/VS8TE0X"U7`P'FF6D!CI\NVAA_1`'W M`X&7<=\DJV>C\I,/O_FPTE^/^UJ5WC=F:$(VW#F.`*WFOJXA@,:TSZ@,*_2D MTJ?=TX6([)7>M6S#7>G#=F]ASB`&%IO";R_B+S[Z3,IPAI]^[NLEC7G M*^FZXBIDKF6E]][?$K9*[X+O@S=I#R27?3=\'_UJBE$)1*)F5\)4>N-^J]D+ M8Q/C4]G[@TF6E\J9RW/";W`JO<[.\4"\5(0N'441.4?+-0]H'_-G]C%_IA@\ MH->8!_0:\X#\8,+X5CB[KG18*KTM,_`"0$`'W5I`35C<@4#BP&<0LCR.T"O# MSL7C,4Z%?@MG1JA%NJ(J^'L9VO[JE$3F?#K:!K^#\6)=5Z0YE=Y^4XB\_1C0 M_0\ZM()[0?>@Y6`N#8"&:+WAP MDW:I[WX^U%O`9GGMC1/O&3"RM#P.)2\;25#+XYP+.#?>XXJP\H!%/FTEK@AF M&$FS[#_KXME]K0#95V[`%Y+*<2SPUU.U*[<`UHE+5!J@T^-O-ZGEP!E((G8% MTGWE=)FN,(9&W]CP_I^`+3=&'LV8$P/Y\+4:S+*\-%LY\>9'%"-\OUZI&'D% M)ZMR+N,$"-";`V"9!6_L8M"5>@8^#.`&I6(H`GP(P8@,P`$W;L33]U'!F00&P+;GQ-$0_[*?S9RHWT.V)SLP(^7?2/ M3H*=--/ MA,P;?`:2T&0#-+E&VJ>U`DT^H#7IQ"97$HX'**-!-+F+UX#M\J,87TDD_%U: M<2S^^N4\>A#Q8;V&:2]BVDR8#%"9T2+>P>CPW>(NMDFS#Y;KM-M$C?(IO?PC MO2]&_I%.F:OX']X28?^Q]T/,J@L%995#ZM-OLXZ-^(C1^I6\677`/M22CNSBO-280 MOS*(?.*OAQXN`MPQJI2B[5L4QL!(PJ1?1S\I%H@BZK*O!"FYYY-3$H5B8M/? M#N.!V=3UAEAT#!\7X249?ODSG#A3C8?I!&O9A?\#5MV_GE3B\:H.T#I)&7J? M6;Z<@+^@RB7(?6/R>$)[+%;Y-;VQ>N``DPWF5CU&@[@(1W2Q-(/]A"G^."^> M"3!3>JA;^##ZOA/?'7C*]//?Q4[YZZ[3=.BLV_7A8BEF=-L(7ED)MHV5WN:9 M2^^QQ.(5QG%DCHV@ER:,*'IEV/Y*T1=_4C-WT+7J]#($L'A:89<6?N_4&&9%Z1?`&WZ\;NV#^/L"; M8EY.Q-=0C*WG&:X+TC"SE,C"YP+.[:BUF4E:L']"5(;U=23 M44VY"@DR^V)LD++;H\&KH\$3`A4TTAUOTWMJ4J;'=?;5?IA.+Z-^_/"?/<)9 MN_?K!NW762^"]WMOH]7[-&;XLK"*3KH;JPQ/J-(8665&H]';@!DP=@]_;CK] MGA+2+X\**?&?2+O4XIS.A[D8/\VYC"&",TCJ-<^A'BA'`^^+_#AJ88+7+TZB?K5.JGY5(:M'O0VH4 MLDAJ[HRDYIDP:@4W%L2L8_&DD49PTL:CJWKNQ,_U;PZ@)AJ)T$3QI(GB21/% M:YH(LD[P^BA]M!/TD7T:?>1%?>1E^LC;+;P?QV@1+JMOAR"+0/8 M>5/"NHUNGR7J?-@WN^O=Z"M5X2-T7Q>S;YSJ,K#_^IR=OP(+\[LZCI[I%QG@ M&T0BA1U,S&0'$R8\F+`L_"!W;DWCA. M?-M7BL<<,%XO/60X\9$%C=ME<9!EH"Q],`O/4O28-3.8HW>>N]UY/V*QMAY' M++IS?JKQ'I7KL`+E&+2<97I$2UEQP2R#\UQ#G+,^^$U.8KD(P5M;NIZ%7]F9B5(IK".QC:^0?NU@Z4TFFD.`^C M-[SIB`&R$P0O/>,=()NUEZ_H(UO:.-WMS:(HJ,YDU]0QS%%6WCM^RL;FO;W=):U[9M*<]M;&UIWLXW-.^4 MQ$S^\U*#N(1;U=)2Q]?L=2SAVO8VB]5[EIH2-+2AFB;'GNH=.YL<4)25S>?9 M;";.U.9HKFNB`F4T(^ M@50W-27P_[>=)P&SHRBZ0KBR$"`<`@(R[*Z$$';S=G-L@&RRRV9#^`U)S(&< MDGDS_=Z;[+SI88Y]^R("(B(J-PB(%^`!RF%04.20RP-%\`9%P!(\``\014%` MK:J>]_9M#B#\!,1O^Z6K:GJZJZNKJZNK9V;396DGL7VJ.=,JD:1^DS5N?VM^ M_X+%UKAQ'3FK__!#EEDZLHY:NFS)P<=8?6"[T)G+S;#:+$)=,-C>T=X)BWL7 MLIY;"#3EJP2!_QSQW]7=>N!\RM;DMA;^`W#VAKR[\=&!-]3MLCDMK?2350L` MG+[@J/H%&!X;P80VV0Y&_G)CR1E/#;\M7^&ML MOWG#;]-7^*NUW>[E]?,_G[IF]T"Q=SCS=6/FLIL/Z(')!ZY=SF6-;3D_1_?N MG-4#'3W#96=E-)?7RIC>)TA]?Q*`]3()3TP8?YPYNM:WJOAWICY M(^LUUF>\35:_L3V7<]F<[%XCOXL/'KY?*V.:-_):JJWU1Y?UP*64[\[RI>O( M]V=X=99W6&[J/DGYUH;,=;98/K+MZHQOU_)A^O^3+UVV?CDW)*_>P/IW+QLY MGLD-X]PSHUD?SV?YR89VCZZ#'^OIU>8-'0?/'R4<@YO@6-P4-\/-<0O<$L=A M$VZ%6^-XW`:WQ>UP`FZ/.^".N!.^!7?&77!7?"ONAKOC'O@VW!,MW`N;L05; M\>VX-T[$?7`2[HN3<3]LPW:<@CGLP$Z"#.PFZ'POGH`GXDGX/CP9WX^GX`?P5/P@GH8?P@_C1_!T/`//Q+/P;#P'S\7S M\'S\*%Z`%^)%^#&\&#^.G\!/XJ?PTW@)7HJ7X6?PL_@Y_#Q>CE?@%_"+>"5> MA5?C-?@E7(W7XI?Q*W@=7H]?Q:_A#?AUO!%OPIOQ%OP&WHJWX>UX!]Z)W\1O MX;?Q.W@7?A>_AW?C]_$>O!=_@#_$'^&/\2?X4_P9WH?WX\_Q%_@`_A(?Q(?P M8?P5(OX:'\%'\3?X6_P=_AX?P\?Q"?P#_A'_A'_&)_$I_`L^C7_%O^$S^'?\ M!SZ+S^$_\7E\`5_$?^&_$6`?""`%GWZ3Q`?D.CJG3IL^HVOF_G;><56AH:#W MH+ZY_?/JWJ(U\QQ'&'R:?`\*I]Q_82^Q=" M8`<-^\2:53,.KJ?3H<-#WKR;MN-WK>NI!X>?0(X&=>$&Q"3C0HZ"L!>JE.K`B=5RJXH1D';1]S[7B1$=V45FVXZ@XIF*J M'*4AUZW744/*21,[3W&PHUT%-H7!I;)*/,>BRCH".Z^CI#[>=8RY6/)6#OCE M0(?'17&2#E:&JJNH6N^DO7;?=>>W[+3C#MMO/V'"!%+#MI2V,6F\)*K5;OBJ M>^[IA;L6%LNW7]EG2E9G\Q3V->[+'.V-H5UC+,4KFU%LLP7%/>-(S5O!UC`> MMH%M*7J9`-O##K`C[$3'R9UA%]@5W@J[P>ZP![P-]@2+SD'-T`*M\';8&R:2 M14Z"?6$R[`=M),P4&F$'=,)4F`;3809TP4S8'PZ``V$6=,-LF$,;F`UY<,`% M!04H0@D\6`D#9-%ELFT-(1P'$<20D)T/0@6&H`JKX"@X&HZ!=\.QL.)5M7\/ M'`_OA1/@1(K/W@@%_"@_`0/`R_ M`H1?PR/P*/P&?@N_@]_#8_`X/`%_@#_"G^#/\"0\!7^!I^&O\#=X!OX._X!G MX3GX)SP/+\"+\"_@8)\_:G`I/S:6S@=T`KWDU#'0<]"V<-(%%P$_:7FM_`6? M/PIAJ"L=.7_8`M?E-T:NZ3&;C-UTL\VWV')*:RT)T.9 MQQJS$?NI\5Z]N@>NI;QZC7PVY5>:-MG2\'N!VKQ(^84U\H,;R(OCZEVH38GR M+@UY_K5TOKCVE?/B]M=QWQO09C2-IM'TOY&LS<[;]157WG0C"K*1TK3+>MYH M$=[T:7&&*?"ZC?][^CT(LRE=1T$A(_$?,%Y\^8;WTYC>[.VONK)GO?G$$0G@ZH9[#U]9 MZY<_6./T;(;/GF5PSVR#.]<0<,/J\[0MN&;]8QS[,O=GWCA,)[>0<=VX[GKS M;P+(4PXIGT3Y=,H74[Z"\G64[Z!\+^4'*#]!^5G*33=3G$5Y'\JS*"^DO()R M1/DTRI=0OI'R?90?H?PT93I(P2Z46RE/HSR7\A+*[BW_77(`'*R2I=4X4>5E M7EGUQO,\7S%%=_I\':OY=N#ZRM1;8,=)OSPOH+0D\9<'%2_@4]I\98=]D;(3 M!=G57!4GD:YF5[V^KYV,7J(:K^9%JMYFJ;>J3A_&SRTR?OU#7K(XTO)XP\B; MV%&2AH<$!=UK2D3J:JAJ]]VZV'S=ET:1"AIXS$U#WW.(?;W:4I48ND^G05)K MI\ME*ES@!2KKYU#MIK[BWA;:92GDTOY@T(MT4*8^EB:1%Q2Y#Q[9VC>XR?*@ M)%VY_4..D@J(IX:,'/6P)')Q5J>(8$IZ0_<107#[QW]2Q;V+YC: MV>[Z#6?E-R9%=I0_=O#8CF-S4YALCTNO?1^Y7*YK^O3:*Y@U<6[&M.DYJR/7 M-75J;L;47,=T*]KT+K!RK[TH:ZW3VCMG6).:J#KQB\D%-#'N;N87Z1W-S#A-=-1$L-3=;+MVY:>ZZ+*]#PPB:O8!UEM;98;7YB=5K'6`?*5P5-XY13TE:S**K- M:N7.K!:KX14^,MX:]]VTLMLJRT@NFUA]M7!RU=WN?I1L6$T M,>AN[>";W3F&'=T==%^^0+%T@:=HF*^4=J]@FR3ED:8FMG9/I&GA_IJMSME3 M7#4XA5\?KV`S<5T2+&NBAD(RV%:Y:K8F6QUKUB;CJ(BY6\UM-,=B*\VMV=18 MW5+:8#,M253E[T-$MM@B6QXAZ$B#H+JD5&M`5;F"6$:EQ%_>'#4L4ELQ,?UU MF&Y<:CZNQ4IHQ5BVPUM3G;LHA^XRZEY1HDW-:JLUK>GB>"NQ/=]JZU@A;%SE M1%5C&R0,%3%?DJE[!4_$D-46&D&8`<](L]4QK)Z1JF)V/*NR^&EE#+,2S_!J MF8G/&,&,?4?;X@UB)=HRMCP\QDZ:?9Z'UCFF$DUS42&*F\7RJ0&%7RJGI`!*E!=%DOQKC%`-BRS2A#BJG6:SG#CN;H MY.C$",-6Z>I`F:78M*Y5,7=T5?RWKXHWS'""=?K18(3%6+[6 MX8AM(K.2FBWL99K7;&'J>@W!M,]FL7$*I?6KF\'7;OI>,X^V(>YLH_HRX\=8 MN:_2C=4ML<$0UV.'W%U]?NM=D`Z'G8B1A;J-)J[/'A>^E"-;.&J6K\:EO"Z3 M&&CI1V8@LT0ZGTQ,:AZ\+K2<5"1:E8^0*4R5-BT66V%39HITV;]H7M,;?4[; M6*GA_-]X5'A-^^#S?U?7^L[_'1T=TV;P^7_:#/K'=*YC^O2IN='S_^N1S-=. MXYL(\P,[)CR7H$LG[@R1240V':+ILFA+*:.8ZQ95X%0-YDLOD@<$1/E%+9]& M,>DI;N.')9M14F1&97ZJ&12)"FQ?"W8C+3T'1>4S\LK,*-!!M5S#.HV%)+?+ M3(*X(C@,?:YZ7,H=1(Y(&I5)*)><@M`L(Q]H30^);P>)YS"ERP8GMC,PGI\2 MZ+(MM_)4X&IFE:<0E6$P8*"2LKA$4-F)@216WLNS%'E/:GM:BB*78>)P95^Z MR)/?%)0J`Q.R.[ZM;:FLA:5VJP9FDY(GY\8,M1X0Z"L[$"(QT&-5YFG]BG"" M'>V+])%,63Y2-C>-/+>H!!=+W#;2MNO8L2$K@4&Q<.$'/METYE//=S-DNDIE M_&G,@3<+EB:DW8)/4CLTHZ[-.%8&QBJ(O<0;-)(2XT*G%TN9P&7E(5 MDAR_N1<4O*+@0#E)G?#8@H@F%.3)<.VHRG312Z0K+TKD.I8%)!3K,XV4 MH6OZ(CKT;:ZJ'7$6KBX6Y;(8,^31,HQ=4\E4T5'%7++MN9%=U'4LUN22W98S M)+TSP?PB&4#*EJ-HA"5&;,8$J1GOXP;ZS%"Y7F(@]RI_#13Q(E<^FXB'4&0'CC*4M*V_NZ"+ MV.9^8\<.N8;H70VQ[9O;0R+H4.CK.L&*+I"$J2$&,A@Q$OD+,O""/:A3?NG1 M0)*B"LH5**N"PQZ&@2O0T$5S1[@3K(B[*\BB*OAVD:%Q%@5?G!,AUB*AD)>! MP=DJ+,B?3C%.A_)ZB(A`LULK:-]G\\],FY`2F4E,@IF^"I'*H,O&PL0J*:`- MA'FDSD!5ITPDHHNB7:5U!)EX4.I$-&(>\:)1U*,4\`P5@NQ$A*NI+H#+E, M)`EWF8KN:'=31>Z;B-1\2DUTX'IR4["]TFQ67E#0!D9EVZPF";,9Q_[*M!PR##V98M)Y0#HJL6L@169[YX#'PE&L13Q:J#`AO=>0IJ'3>O&=*G-S<'L0F:;EHQ$52[RL"R05E<6>:WP352#)605[O6!H:\]6:$U#`ILT"QHR9#I3/2 M`!-I(BXE,'XU4)588#6[/<1\1*N!L1%!95G]@>@\X%7A"^;-*Y!`)4@YC&&& MG$30C@0X\N>EA`H%84^+FVV#%C/?"R5TU1''T(1-F$RV)ZM. MBSP(!XYI'B_P*U"61T,(T81J2:ID8'V[#KE"C7`T/Q)KE")-)9(EQ!# M9;.`))C#NB-<3'F"B$C,-F^HB!=QR(&>9BQV)\@LJY""$G$5H2P3"C'$73`V M*!&F$GDP%)']M&A*V1KKBYOL1G3&6!05:HY+112S;86T+7FN[,1$)JQV>2:1 M(5/%&[0=N:$SV2/A$.FD%BX2/53-$*UXT3BM5M]`G5US&!%6B85HM)J4N"F= M82CZ29C@I[BFB$.!R,[G#>:1T43('AGQ9L%B1BJ4PT@6UT<>FQ/!`8;2862L M.]*T8PDV5R;ZC9("7\0V?YG-N'Y$8)*7=*S$7FD/I5-<10C9 M@0SFZ8O-SAC+42`NZ0P:0XE+II&9V+B4%@HRCE*:F&"3J92;>,7`0%Y7,45( M$HP0(6J+O7+--<427,4#/`$,S=@'9&)CVE8$RA!\"<4%21U9:7%9HB]!//1` M@@-"LFCBP"L4,B1MR.N::(&TP1HB#^=FR)'MCDA>9W$HZRRF^9=0)`Z]B`TE MEFV>8;9-\7,.`^6"+$>:T_PKS;C`,LK62&=SB;H)%P5Z(JE\>,.8MF'N/\T> M'<1I$)LMB\[C,K_R&50-4PWYBRE!-5TF3LBS1E(XXJ02,H0!MF@F.`9@RZ?& MH<2)V9]M^4R9:W:P9)]FNTY*$CDF\L2`8600]ZRUB8\2.;DQE%*Q"O+AK#I! MK!0F9(@*W2"7"E'9AVICB5QC(+286\!LUJ4N6PBJ#P20M\0*09 MXU9TY.2O!910M!V;+P\8&\%3"0X&;7DR0+;/OHL;&"B2#/()KV*>9Q1\86K-LPE>C9[(T$.J*O*1/RK%`<5;_13KM$TFD;3:!I-HVDT 2C:;1-)I&$Z?_`*!5#.0`&`$` ` end To decode it just put the encoded source into a "file" and type: ---------------------------- [user@ ~]# uudecode "file" ---------------------------- or just use RAR under windows to decode it. 3.3) THE HACKER ----------------- The hacker must not have physically access like the user or the operator. He could have found the internet cafe network from a scan. So he is a bit harder to detect because with no physically access you are invisible physically but maybe visible on the network or the computer. The hacker probably would hack from another hacked box into the internet cafe network but this could also be done by the admin or the user after their physically attack. The hacker could do all the things the user and the admin could do after their attack. But the hacker would not leave a physically trace if the cafe is watched by a (hidden) security cam. So some people or the personal of the cafe could not see him too. And he wouldn't leave fingerprints and nobody could remember him ( his clothes and his face ). 4) KIND OF ATTACKS -------------------- This is a paper about security in internet cafes but we won't forget that the cafe can be attacked from two sides in two different ways: - from inside, physically - from outside Some attacks could be done through: man in the middle (MIM), brute force backdoors, sniffing, spoofing, hijacking, keylogging, code injection, stealing, manipulating, DOSs, LKMs (linux kernel modules) and so on. 4.1) INSIDE ATTACKS --------------------- If the attacker sits inside of the cafe behind a computer - he has a directly physically access. He's in deep trouble soon when the server monitors all doings and maybe an intrusion detection software on the server rings the alarm bells from the operator. Operators in internet cafes often have to do jobs like to serve food and drinks for the users so he can't control the server not always constantly i think. 4.1.1) TRASHING ----------------- Trashing is a well known kind of attack and in that case an inside attack. Many people leave sometimes some sensitive data in the trash without destroying it before. Mostly some papers with sensitive data on it. This could be some bank account information, telephone numbers, addresses, names from private contacts, credit card numbers and of course more. To avoid trashing simply do not let sensitive data in the trash in the internet cafe or *destroy* it before in little paper pieces. This is all to say here. 4.2) OUTSIDE ATTACKS ---------------------- An internet cafe could also be hacked from outside from a user or an administrator. You don't have to sit inside the cafe to hack it. A good configured firewall on a monitoring server could protect you in this case. But don't think that you are secure just with a firewall. A firewall is no guarantee for a secure network - a firewall is just a concept. For a good security on the network could help an intrusion detection system. I think it's more difficult to detect an attacker from outside of the cafe. 5) TOOLS ---------- In this section i will point to some security tools and explain how you can use them useful. These tools are sniffer, keylogger, scanner and trojaner to call just a few of them all. You can also find the download link from these tools in the appendant sections. You can find lots of more tools on the internet but we can't numerate them all - this would blast this paper. ( For more information use a searchengine like "http://altavista.com/" or search on some security sites. ) Please use all of these tools only to test, check, configure, control or secure *your own* system or network - to find holes in them. A good site for security tools is: "http://www.sectools.org" -- a very good security site from the same person who made the scanner NMAP: fyodor. It is a TOP 100 site with the best security tools, check it out. 5.1) SHORT DECLARATION ------------------------ From section 5.1.1 to section 5.1.4 i will explain some tools ( sniffer, keylogger and some spyware tools ) shortly to get a quick but ample overview from this tools. We can't go to deep into all possible usings of them - it's too much for a paper like this one. Read the "man" ( manual ) pages from some or these tools or use a $searchengine for more details and information. To read the manual from "man" under unix / linux type: -------------------- [root@ ~]# man man -------------------- With this syntax you can read any manual from many programs. You will learn a lot from manuals. They are a *must read* for learning something. 5.1.1) SNIFFER ---------------- With a sniffer you can filter or manipulate datastreams. You can sniff some sensitive data like some IPs, IP packets with source and destination IPs, socket addresses, ports, accesspoints, mac addresses, hostnames, user IDs, the version of the operating system or from other programs, services and also data streams in plaintext ( emails, unencrypted passwords ). You could also sniff some data streams from outside of the network f.e. with wirelesslan sniffers or sniffers on wiretapped phonelines. A little data output with the network sniffer "tcpdump" could look like this - i sent just a HTTP request to my router over port 80 - my host has the IP 192.168.2.32 and the routers IP is 192.168.2.1 - i just show you a few packets of all 85: ----------------------------------------------------------------------- [root@ ~]# tcpdump -vv -i eth0 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 15:55:41.308310 IP (tos 0x0, ttl 64, id 29370, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.2.32.34770 > 192.168.2.1.www: S, cksum 0x48da (correct), 1711505850:1711505850(0) win 5840 15:55:41.309032 IP (tos 0x0, ttl 64, id 62208, offset 0, flags [DF], proto: UDP (17), length: 70) 192.168.2.32.32779 > 192.168.2.1.domain: [udp sum ok] 19786+ PTR? 1.2.168.192.in-addr.arpa. (42) 15:55:41.309255 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.2.1.www > 192.168.2.32.34770: S, cksum 0x3a4a (correct), 397488040:397488040(0) ack 1711505851 win 579 15:55:41.309283 IP (tos 0x0, ttl 64, id 29371, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.2.32.34770 > 192.168.2.1.www: ., cksum 0x7eff (correct), 1:1(0) ack 1 win 183 15:55:41.309349 IP (tos 0x0, ttl 64, id 29372, offset 0, flags [DF], proto: TCP (6), length: 487) 192.168.2.32.34770 > 192.168.2.1.www: P 1:436(435) ack 1 win 183 15:55:41.311015 IP (tos 0x0, ttl 64, id 59982, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.2.1.www > 192.168.2.32.34770: ., cksum 0x7dcb (correct), 1:1(0) ack 436 win 54 15:55:41.353110 IP (tos 0x0, ttl 60, id 32970, offset 0, flags [DF], proto: UDP (17), length: 70) 192.168.2.1.domain > 192.168.2.32.32779: [udp sum ok] 19786 NXDomain q: PTR? 1.2.168.192.in-addr.arpa. 0/0/0 (42) 15:55:41.353369 IP (tos 0x0, ttl 64, id 62219, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.2.32.32779 > 192.168.2.1.domain: [udp sum ok] 43306+ PTR? 32.2.168.192.in-addr.arpa. (43) 15:55:41.361603 IP (tos 0x0, ttl 64, id 59983, offset 0, flags [DF], proto: TCP (6), length: 1500) 192.168.2.1.www > 192.168.2.32.34770: . 1:1449(1448) ack 436 win 54 --cut-- 96 bytes 85 packets captured 85 packets received by filter 0 packets dropped by kernel ----------------------------------------------------------------------- This is a very detailed output and shows the handshake between the router ( 192.168.2.1 ) and my machine ( 192.168.2.32 ) . 5.1.2) KEYLOGGER ------------------ With a keylogger, the name says it, you can log every input which comes from the keys of the keyboard. Keyloggers often create well formated logfiles to give you an excellent output and overview of all typed keys ( texts ) and used programs. A keylogger could also log mouseclicks - to expand some of all possibilities. With the created logfile you could find out passwords, the content of emails and much more. It's easy to understand what is possible with keyloggers i think. ( To prevent that keyloggers find out your password you could use "char selecting" tools but don't forget: *nothing* is 100% secure! ) A keylogger is often installed as a software but the keylogger can also be implemented on your hardware - directly on the keyboard for example - a hardware keylogger. ( see section 5.5 ) 5.1.3) SPYWARE ---------------- Spyware could be a trojaner ( also called backdoor ) which listens on a port or is completely invisible on the victims system. Backdoors are often implemented in replaced and manipulated software packets ( installed programs ) by the attacker. Backdoors which just listen on an "31337" port are mostly easy to detect with a simple portscan with a portscanner. ( A "modified" version of a program { f.e. email } which runs constantly on a well known and *open* port is harder to detect - maybe with a SHA1 checksum on the program file, with a special packet filter configuration on your firewall or with a monitoring tool. ) With a portscanner you can scan for open ports ( which maybe better should be closed ), the version of the running program behind the port ( wich could have a bug ) and the version of the operating system or the kernel ( wich could have a bug too or twice ) . With tracerprograms you can often trace the destination of some other people but this won't take much of an effect while the other person uses some proxy server or a proxy services. In fact, a portscanner and a tracertool is no real spyware but often very helpfully to check your system with all your connections. 5.1.4) WIPER -------------- Wiping tools are very important today for real security. A wiping tool makes a secure overwriting of a file, a secure deletion. Normally when you delete a file the deletion program only deletes the inode of the file and the file is "deleted". But with some recovery tools you can easy recover the files which are deleted in this way. So if you wrote some important or personal texts an attacker could find your files when they are not wiped. The standard secure deletion is "Gutmann" wiping - 35 passes / overwritings. Many wiping tools have some more features than only deleting a file. You can wipe the RAM with them, the SWAP space and also unused discspace. Delete your personal files only with wiping / secure deletion tools otherwise you can be hit by an attack. Attackers can do a lot with personal information. You need a 35 times overwriting when you wanna avoid data recovery with high tech equipment which costs a lot of money. So yes, you could recover data from swapspace, unused discspace and RAM too. Look at this very simple example now. We copy the complete RAM into a file and then look for our password with which we logged ourself in on the system. "/dev/mem" is an interface ( unix / linux ) to the pysical memory of the computer. ( "man mem" - for more information ) -------------------------------------------- [root@ ~]# cat /dev/mem | grep Pohwpautoda Binary file (standard input) matches -------------------------------------------- ( The password is not only inside the RAM because we entered the password to log in, we entered it two times - the second time is behind "grep" . ) So we can see our password ( changed for this example but real tested ) was in our memory. This means a RAM wiper is a good tool against a memory attack. "smem" from THC - a very good [TH]Choice here. To get some more info about your memory under linux you can type into your shell: ------------------------------ [root@ ~]# cat /proc/meminfo MemTotal: 773872 kB MemFree: 581684 kB Buffers: 11380 kB Cached: 100048 kB SwapCached: 0 kB Active: 117504 kB Inactive: 55096 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 773872 kB LowFree: 581684 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 0 kB Writeback: 0 kB AnonPages: 61180 kB Mapped: 42088 kB Slab: 10552 kB SReclaimable: 4924 kB SUnreclaim: 5628 kB PageTables: 1084 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 386936 kB Committed_AS: 167428 kB VmallocTotal: 245752 kB VmallocUsed: 7104 kB VmallocChunk: 238448 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 4096 kB ------------------------------ There is many more stuff to explore in "/proc/" about your hardware. 5.1.5) NETWORK MONITOR ------------------------ A network monitor, the name says it, is there to have an eye on your actual network and/or internet connections. This tool is like a sniffer but not hidden and not for manipulating data streams. There are network monitors for X-servers so with GUI and there are also ones just for your terminal. They are often easy to use and to configure, mostly they have a logging option too and many options for a personal monitoring, so you can monitor what you want to monitor. These tools are a *must* i would say for a good security concept and a good defense. 5.1.6) FIREWALL ----------------- With a firewall you can manage and control your traffic. You can block unwanted IPs or websites, DOSs, ping requests, scans and of course any packet you want if you want and if your firewall has the ability to do this. You can configure it to control inbound and outbound traffic. It is there to protect you from evil packets or evil IP sources. You can set your firewall up to protect your email service against spam and so on. You have a firewall to avoid an attack. 5.2) WINDOWS -------------- You can find this operating system ( OS ) up to >50% in each internet cafe i think because many people are using it and it's easy to learn and to operate with - specially for beginners. Many of the games they play run under windows. Just a click here and a click there and everything is running fine and fast. Old windows systems are not so secure because if an attacker has access to a windows machine he can do everything he want. You don't have real security with windows in my lowly and honest opinion. Windows is *closed* source and you don't find any sourcecodes from it on the internet for free. Closed source means obscurity for security - no secure solution but this doesn't mean that windows is completely evil. A securer solution for windows could be the use of windows NT, or not? Cause here you have admin and user accounts and you can configure more than the old windows systems and it has more security features than the old versions. Some people use old windows systems today. Windows runs not so stable like unix or linux. Nevertheless it is a *nice*, fast and great multimedia and gaming system - when it runs stable. My experience with VISTA is: that it runs very stable and fast after i deleted Norton Internet Security - i had the same problems with Norton Internet Security in Windows XP by the way. This software was automatic installed with Windows VISTA. INFO: Since windows XP microsoft by the way has a good connection to the NSA and other "anonymous" agencies ( microsoft will not mention them for whatever reason ) . NSA and the "other ones" helped microsoft with the security of their OS ( operating system ). NSA also helped building the security of windows vista. In a software driver in windows NT4, called "advapi.dll", there was founded two keys for access. One key is called "NSAKEY". And no, this is NO conspiracy, i read this on a site from a very well known security expert: Bruce Schneier. Here is the link: ( "www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html" ) For history knowledge: Bill Gates stole in the beginning days of microsoft the code for "windows" from apple. And apple before stole it from xerox, so the code for the graphic operating system. [...] So you can see that money is ONE thing what makes this world go around. A free windows is React OS and can be downloaded at: "http://www.reactos.org" . But it do not run on every system at moment. 5.2.1) SNIFFER ---------------- a wireless lan sniffer - "http://www.ethereal.com/" 5.2.2) KEYLOGGER ------------------ a simple but good keylogger written in python - "http://pykeylogger.sf.net/" 5.2.3) SPYWARE ---------------- a WEP cracking tool for wirelesslan - "http://airsnort.shmoo.com/" 5.2.4) WIPER -------------- windows wiping tool - "http://www.heidi.ie/eraser/" 5.2.5) NETWORK MONITOR ------------------------ probably one of the best network monitors for windows - "http://www.wireshark.org/" ( But microsoft has also its own network monitor tool, called MS network monitor - it is like wireshark i would say, many functions, all details you need and it is completely FREE - it is very good software. Nice. ) 5.2.6) FIREWALL ----------------- windows NT (XP, Vista etc.) has a build in firewall, you can configure this piece of software but i do not know how good and secure this firewall is - if you want another (desktop) firewall for windows then make a research and search for yourself: - "$searchengine" UPDATE: After i made a little research i found out that this firewall is not that bad. For example: you can block ALL incoming packets and connections with which you didn't made a connection from the inside of your system; you can completely disable IPv6; logging and much more. Desktopfirewalls by the way are not so secure, also because they are an extra piece of software which can be buggy. OR buy a LINUX or UNIX router and configure this piece of hardware as your windows firewall. You can also build a router and then you should put OpenBSD on it because it is very secure. You could use an old computer as a selfmade firewall. When you have a DSL internet connection then your router could have enabled the option that he his online all time after you started your internet connection. Turn this option OFF. Enable automatic disconnect when no packets are traveling through the router in the internet. If you can set this timeout to 1 ( ONE ) second. The more you are connected to the internet the more you have the risc to be hacked - so why not disconnect when you do not need the connection? > A very good firewall for windows is WIPFW, ported from *BSD/UNIX to windows. ( www.wipfw.sf.net ) This firewall is no desktop firewall, it is working together with the kernel. Nice work. 5.3) LINUX ------------ LINUX is an opensource operating system. Many of the linux and unix systems are completely for free. If you have never worked with a linux system then it could be a bit difficult to use but easy to learn if you really want to learn it. You can get some *free* operating systems like gentoo, freebsd and so on at: "http://www.distrowatch.com/" . I also can recommend the debian distribution knoppix from K. Knopper which is based on linux. You can find it here: "http://www.knopper.net/" . Knoppix is good for experts and also for beginners. If you want to control everthing on a linux or unix system you must have super user rights - also called "root". You can't do everything without "root" , f.e. if you want to create a new userprofile on your computer. If you wanna use your unix/linux tools under windows you can install "http://cygwin.com/" - a Gnu/Linux environment - it is very nice. Some good docs and handbooks for debian can be found here: "http://www.debian.org/doc/index.en.html" A very good resource for linux howtos and manuals is: "http://www.tldp.org/ . 5.3.1) SNIFFER ---------------- a network sniffer - "http://www.tcpdump.org/" 5.3.2) KEYLOGGER ------------------ a kernel keylogger by rd - vlogger "THC" (The Hackers Choice) { This program is now offline at thc.org because a new german law is now out which forbids security tools ( also known as security by obscurity or better: security by forbidding knowledge .. ) - if you want it then search the net and you will find it. } ( UPDATE: THC has now 2 servers, it is online again there .. ) 5.3.3) SPYWARE ---------------- an invisible backdoor client by fx - "cd00r.c" "http://www.phenoelit-us.org/" a *very good* portscanner by fyodor: - "http://www.insecure.org/nmap/" 5.3.4) WIPER -------------- probably the best linux wiper by vh - "secure deletion" "http://thc.org/" 5.3.4.1) WIP SOURCE CODE -------------------------- "Wip" is a small unix / linux shell wiper which i wrote. Here is the source code for using, learning or modifying: ####################################################### # # wip 1.2 - unix / linux small shell wipe tool # by ad - 17.03.08 # # The program overwrites a file for x times with # random signs from /dev/urandom, then sets it to # zero with /dev/null, renames and finally removes # it. # # Tested on a DSL system ( i686 2.4.26 ) # Usage: ./wip.sh [file] # or: ./wip.sh [file] - 35 rounds standard (secure) # # Update: # 17.03.08 - corrected file changing before deletion # ####################################################### # help screen if not enough input if [ $# -lt 1 ]; then echo "wip 1.2 - small unix shell wiper" echo "by ad - 2008" echo echo -e "\t""use: $0 [file] [number]" echo -e "\t""or: $0 [file] (35 rounds)" echo exit 1 fi # the file we wanna wipe file=$1 # check the file if [ ! -f "$file" -o ! -r "$file" ]; then echo echo " can't find "$file"" echo exit 1 fi # we enter our own number if [ $# -gt 1 ]; then # we use our input b=$2 fi # we user standard 35 rounds if [ $# -lt 2 ]; then b=35 fi # size of the file length=`wc $1 | awk '{print $3}'` # file size / 512 blocksize for counts x=`expr $length / 512` # if the file is smaller than 512 bytes if [ $x -lt 1 ]; then # one count x=1 fi # count + 1 count more x=`expr $x + 1` # we begnin with 0 a=0 # some info echo "wiping $file" # the wiping while [ $a -lt $b ]; do # write from urandom to our file x times `dd if=/dev/urandom of=$file count=$x 2>/dev/null` # doing a sync sync # the round counter a=`expr $a + 1` # some output echo -en $a times wiped '\r' done # some info echo echo "set $file to zero length" # we set the file to zero with /dev/null `dd if=/dev/null of=$file count=$x 2>/dev/null` # some info echo "renaming and removing $file" # renaming the file mv -f $file 0a1b0c1d0e; mv -f 0a1b0c1d0e 1e0d1c0b1a # removing the file rm -f 1e0d1c0b1a # last info echo "done" # exit exit 0 5.3.5) NETWORK MONITOR ------------------------ try this syntax in your terminal and get a *good* terminal network monitor, called trafshow: ------------------------------------- [root@ ~]# apt-get install trafshow ------------------------------------- 5.3.6) FIREWALL ----------------- a good linux firewall - "http://freshmeat.net/projects/guarddog/" OR the better one is "iptables" which is a standard linux firewall and which is very complex to configure with detailed options. Project site is "http://www.iptables.org/" . It is a very good firewall. Here is a little a example, we just have one source IP which can access our machine from one port and one destination IP. The source IP is the IP from our machine ( 192.168.1.40 ) and the destination IP is a proxy on port 80 to have in- and outside HTTP conntections for surfing in the internet. So over this one IP we can enter all other IPs / websites and we just have to allow ONE IP access to our system. ALL other packets which wanna leave or enter your machine are rejected. Here is the shellscript "fw.sh" : #################################### # # fw.sh - A LITTLE IPTABLES RULESET # #################################### # # your local IP LIP="192.168.1.40" # allowed IPs IP="your_proxy_IP" # clean everything iptables -X iptables -F echo "enabling firewall.." echo "using proxy: $IP" # our rules iptables -A INPUT -s $IP -d $LIP -p tcp --sport 80 -j ACCEPT iptables -A OUTPUT -d $IP -s $LIP -p tcp --dport 80 -j ACCEPT iptables -A INPUT -s $IP -d $LIP -m state --state \ RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -d $IP -s $LIP -m state --state \ NEW,RELATED,ESTABLISHED -j ACCEPT # we block all other stuff iptables -A OUTPUT -p all -j LOG iptables -A INPUT -p all -j LOG iptables -A OUTPUT -p all -j REJECT iptables -A INPUT -p all -j REJECT iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j LOG iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j LOG iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j REJECT iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j REJECT # EOF Find a good HTTP proxy IP, put it behind "IP", change the local IP "LIP" to your own one, set the file where the lines are to "chmod 777", copy it to "/bin/" and run it. Enter your proxy IP into your web browser and surf. This is all. You must have root to do that. If you wanna DISABLE to firewall use: "iptables -F" in your shell with root. This here is just an EXAMPLE how a firewall could look like. This is a very pesonal issue. This example like said is just for surfing over a proxy - all other IPs from outside and inside are rejected. This ruleset ist just functioning with a proxy IP _NOT_ a proxy HOST because we blocked UDP. Also a very good paper for securing your linux/debian is: "http://debian.org/doc/manuals/securing-debian-howto/" - GREAT! 5.4) UNIX ----------- UNIX is nearly like linux. But unix was created at first from both. I would say it is more stable and faster than linux but this oppinion is only from my own experiences with unix. There are three main operating systems of unix: FreeBSD, OpenBSD and NetBSD. All three are very secure and stable. These BSDs you can get from "http://www.freebsd.org/" && "http://www.netbsd.org/" && "http://www.openbsd.org/" . Unix by the way was build by hackers and also the internet was build by hackers because they invented the sockets. ( "man socket" ) The first net was build by the government / military called ARPAnet. ( "http://www.darpa.mil" ) It was a pure military project. Then it was splitted into milnet ( military network) and the internet. The FreeBSD handbook can be found here for example: "http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/" 5.4.1) SNIFFER ---------------- a ssl sniffer - "http://crypto.stanford.edu/~eujin/sslsniffer/" 5.4.2) KEYLOGGER ------------------ unix terminal keylogger - "script" FreeBSD [at] "/usr/src/usr.bin/script" 5.4.3) SPYWARE ---------------- portscanner (hackers network swiss army knife) - by hobbit - "ftp://coast.cs.purdue.edu/pub/tools/unix/netutils/netcat/" 5.4.4) WIPER -------------- file and block device wiper - "http://wipe.sourceforge.net" 5.4.5) NETWORK MONITOR ------------------------ a very good network monitor for a unix terminal is IPtraf: - "http://www.iptraf.seul.org/" 5.4.6) FIREWALL ----------------- a very good firewall for FreeBSD is "IPFW" - this firewall comes with FreeBSD and here is the link to the manual page of it: - "http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html" 5.5) HARDWARE --------------- You can not only spy with software on a computer system. There are much more ways to watch. There could be a mini hardware keylogger installed into your keyboard or your computer or a small hardware network sniffer on your computer hardware. This kind of spying is not detectable about the normal way - so impossible to detect over normal software. A hardware keylogger f.e. is very small, this device could be plugged between your keyboard and your normal keyboard PS2 or USB ports. It could look like this: | 1) keyboard | 2 .------.-----.---| 2) cable 1 |=//=====| 3 | 4 | 5 | 6 3) keyboard USB/PS2 plug | "------"-----"---| 4) hardware keylogger | 5) USB/PS2 port 6) computer One of the most high developed hardware spying systems is called "tempest". It can detect the radiation of your monitor lots of meters away - so the spy can see about this way what is on your screen, what you write and so on. There is software on the net which shows you how tempest is working. It simply generates visual black and white patterns on your screen and you can hear them by turning on your radio, yes that is right. An other high developed spying system is by the way "echelon". It grabs all data which goes over the internet, over phonelines and handys. They are searching the datastreams with a kind of patternscanning so special words. Otherwise it is hard to scan the *big* datastream which goes around every day. I think you can imagine what size of logfiles all this data can cause. Search the internet if you wanna know more or less about these projects, this kind of stuff is too much for a paper like this. Here is one link: "http://freeworld.thc.org/root/docs/communication_interception/" 5.5.1) ANTITEMPEST -------------------- Antitempest is simply said some hardware to protect your computer from tempest attacks. Tempest attacks can come from agencies like NSA(.gov) probably. The german government is using antitempest hardware for example in their SINA boxes, which are hardware boxes to build secure networks. Antitempest hardware is not so cheap and you need good technical knowledge too to use or build such hardware. For example you can buy a special kind of glass which protects your screen from tempest attacks. 5.5.2) GSM & GPS TRACKING --------------------------- If you wanna write anonymous email for whatever reason while you use an internet cafe you should/can turn OFF your handy / mobile phone. While it is on you can track it very good with GSM because the base station which is inside your GSM network can always see where you are. GPS is much better with tracking. ( GPS = Global Positioning System ; GSM = Global System for Mobile communication ) You are moving inside of cells when you are moving inside of the GSM network. In every cell you have a position which can be seen. Many GSM information can be found on the site of the security group 9x: "http://www.9x.tc/" . GSM by the way is cracked by THC[.org] : "http://wiki.thc.org/gsm" - so it is no longer secure and it was not so secure because it was cracked in another way from a security guy before named Elad Barkan. Mobile phones by the way can cause CANCER. ( you should make a research on that topic - it's very serious ) You can get cancer in your brain or in your eye for example because of the strong radiation _!_ 5.5.3) DMESG -------------- To get many detailed hardware information about your computer, server or on your router if it runs linux or unix, you can do a "dmesg" in your favourite unix or linux shell [my favourite is bash. ( "man bash")] On a linux machine with "knoppix 2.6.19" a "dmesg" could look like this: ----------------------------------------------------------------- [root@ ~]# dmesg Linux version 2.6.19 (root@Knoppix) (gcc version 4.1.2 20061028 (prerelease) (Debian 4.1.1-19)) #7 SMP PREEMPT Sun Dec 17 22:01:07 CET 2006 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009dc00 (usable) BIOS-e820: 000000000009dc00 - 00000000000a0000 (reserved) BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 000000002fee0000 (usable) BIOS-e820: 000000002fee0000 - 000000002fee6000 (ACPI data) BIOS-e820: 000000002fee6000 - 000000002ff00000 (ACPI NVS) BIOS-e820: 000000002ff00000 - 0000000040000000 (reserved) BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved) 0MB HIGHMEM available. 766MB LOWMEM available. found SMP MP-table at 000f8d90 Entering add_active_range(0, 0, 196320) 0 entries of 256 used Zone PFN ranges: DMA 0 -> 4096 Normal 4096 -> 196320 HighMem 196320 -> 196320 early_node_map[1] active PFN ranges 0: 0 -> 196320 On node 0 totalpages: 196320 DMA zone: 32 pages used for memmap DMA zone: 0 pages reserved DMA zone: 4064 pages, LIFO batch:0 Normal zone: 1501 pages used for memmap Normal zone: 190723 pages, LIFO batch:31 HighMem zone: 0 pages used for memmap --cut-- Linux agpgart interface v0.101 (c) Dave Jones NET: Registered protocol family 10 lo: Disabled Privacy Extensions Mobile IPv6 [drm] Initialized drm 1.0.1 20051102 eth0: link up, 100Mbps, full-duplex, lpa 0x45E1 eth0: link up, 100Mbps, full-duplex, lpa 0x45E1 eth0: no IPv6 routers present device eth0 entered promiscuous mode ----------------------------------------------------------------- You see, lots of interesting info. The last line by the way shows us that my device eth0 is using promiscuous mode now. This is because of the use of "tcpdump" before. The device has to go into this mode before the sniffer/network monitor "tcpdump" ( section 5.3.1 ) can listen on a device. There are many ways to hide that this mode is enabled - with LKMs ( linux kernel modules ) for example or with rootkits. 5.5.4) WEBCAM --------------- If you have a webcam but you don't use it then, if you can, pull the plug from this webcam. Also if you use it then pull the plug from it while it is not in use. Or just simply turn it on a wall so that it is not pointing into your room or point it on whatever object. If you have a buildin webcam in your laptop for example then please make a little piece of paper before the lense. We should do all this because if someone you don't know is on your computer he could enable your webcam and making screenshots or a little movie and watching it. I think you can imagine what all can happen with this kind of attack. 5.5.5) MICROPHONE ------------------- It is nearly like with the webcam but here it is not video here it is audio. So while you don't use it turn your microphone OFF. If you never use it then deinstall your microphone software and/or disable it. If you use linux or unix and you don't need a microphone then don't install one. An attacker could install software which is listening to the audio input from your room or from you behind the computer. 5.5.6) WLAN, bluetooth, IR ---------------------------- If your computer contains hardware devices like wireless lan (cards) ( WLAN ), bluetooth, infra red ( IR ) and you don't use them then TURN them _OFF_. These devices could provide access over the air to your computer system when they are enabled. ( same for palms and other hand devices ) If you use them then use them with strong encryption only. Specially when you use them for internet access. WLAN, bluetooth and IR sniffers exist so it is not that difficult to use such software to sniff on such networks. The point is: if you don't use them: turn them _OFF_. 5.6) SEARCH ENGINES --------------------- Now this is a special section but also a mention worth. Search engines are no real spies but they collect your data and many wanna try to find out who you are, what you do, where you live, how you live and so on. So in other word: they try to find out all about you what they can and collect this data. Search engines are helpfully but when they become a kind of spy is this not ok i would say. So what can we do against this ? We can disable their cookies in our browser at first and do not accept cookies from them. Cookies tell the site from where they come a lot about where you surfed and how you had surfed. Many of them have a lifetime of many years and if you do not delete them they can collect your privacy from lots of years with all used search words and sites you entered. We can also surf with proxy and a webfilter to hide our IP and our OS ( operating system ). We can also enter words in the search engine for which we really don`t wanna search for. So if you have a cat at home then enter the word "dog" and so on. So with every search you can enter some "false information" about you or whatever. Some random input is also nice like 123 or abc. When you have your search results then just copy the link from the site into another browser window, so do not click on one link. With this they can not know what you have clicked. So the whole search with this here for them probably looks useless. To do this is your right and it is nothing what is wrong. Some people are building now sites to make a profile from _every_ people in the world (sick!). One of this sites is "www.spock.com" - this is called "profiling" / personal data collecting. Such services could also be used as an attack for / with disinformation. By the way: an ex agent from the CIA (Robert David Steele) said that google has a good connection with the CIA and that the CIA helped google with money. Now Google has a new policy and there they say that they can delete and censor some stuff if it is something for example that the government do not like. Of course, they deleted many stuff. And from a logic point of view google must have a government connection because it made pictures from space - google maps. This can not be done by everyone because you could spy with this way. You can also find the "AREA 51" on google.maps - the TOP SECRET government project. Here is a site to search secure or / and anonymous: - "https://ssl.scroogle.org" - "http://www.thereferer.com/" 5.6.1) AISI source -------------------- Here is a new software tool which i coded. It is called AISI which means: "Anonymous Independent Searching the Internet" or "As I See It". The program is basic said your own search bot, you can give it an IP range, an option what kind of search you wanna make and if the program has to log everything or if it also has to download every stuff it will find, and you can give it a "keyword" - this keyword you can use for URL scan or webscan. This program needs no search engines - it will make an independent internet search. Some searchengines are censoring some websites and some websites are blocking searchengine bots that they can not include their site in their archive. This program here will find them nevertheless. Here is a small example for the use of aisi, this example is for a websearch with the keyword "ufo", the program will download every site which contains our keyword "ufo" with option "-W": ------------------------------------------------------------ [user@ ~]# python aisi.py -W 192.168.2.0 192.168.3.0 "ufo" ------------------------------------------------------------ The program will create a logfile and will log every site which contains our keyword "ufo" and because of option "-W" it will also download every HTML index.* from the site too. If we had only used option "-w" ( lower case ) the program had just logged every site but no HTML download. The search will performed inside of your computer so no keywords will be transmitted over the internet - so nobody can see for what you search. For websearch / webscan you can also use a proxy - proxy function is included in the program. It is the same with URL scan. We give an IP range, an option ( download HTML content or not ( uppercase means YES ) ) and one or some keywords. The program will then try to get the hostname from the IP and then it will look in the hostname if our keyword is inside the URL / hostname. So if we search again for the keyword "ufo" and the program will find a hostname like "www.ufo-secrets.com" - it will log the IP and hostname to a TXT logfile and with option "-U" it will also download the index.*. Like said the program contains also an IP range scanner and a proxy scanner too. Every function comes with DETAILED logging entries and with detailed logging TXT file names and HTML download files. Logging includes: DATE, TIME, KIND OF LOGGING, KEYWORDS, IP, HOSTNAME and PORT. The program is written in python ( 2.5.1 ) and runs on every OS which can run python. For more information and details read the manual / NFO file of the program. Proxy support is only for web scanning. Here is the link to download the program: "http://packetstormsecurity.org/UNIX/scanners/aisi_v_1_0.tar.gz" So here is now the source code uuencoded: begin 644 aisi_v_1_0.tar.gz M'XL(`*_`ET<``^T]_7/;-K+WJSV3_P&/GCY;SS9-ZM/Q//5&=>180F MF;;3H23(XD4B]4C*BO[[M[L`2)"B)*=QVU:C6&E6K;-6895?M:N-O MS'IY5-:O11@Y`:`2^'ZTK=URPOETR_OLY/XBU\'!`9,+S^#S_OZ[-S5VY`!7 MF/-5B369?5X;5>J-X:A>X[77]==VY7Q<&5ME>W#^>G0^K"<=Q@MO*#L-;\P9W]_=YURTZ-4ZM7:J-AI?SZM54;G%>< M\J!<'S3*(UX90+>!77=X>>",JUI/;<#&N&%5&_9P:%7J=GU8KUK54;7JU*M# MRWD]&M<=ZW6M7'?$P.5:/35T>3"JUIW!>%2N.0[TX>/Z>0JFAE2E,1S4+,?FY7J]S`>#JG,^ M&C?J]MBNU"O6B`^&U?*`UX8.;SCG]4:E/'+JXP9OC$?CUTZM^GI_?_^7]NW5 M;_O[WV[]G43^KSHW[6\@_;OEOZS)OVU50/XK]7JMD/_O<:'\T\(+Z5>JX/24 M11/.AA,^_!0N9N&^:`./5_Z"A9PS-]KO7MWBDP[^/F/O6MV'ULW^P]V;5E\T M7^#WX_S_]TN0?EO';C('R M7ZMMDG\P]96*E/]*HURIH_Q7Z]5"_K_'A?*/\@N_7^WC?PRNEMDQ>_"/G;*C MEN=[JYF_"$OLOUG'&_$YAQ]>Q'K<"883UWLDH>UX$0\\'@D`1BMDKE03!D!I M>!;..1].3$/,`QH/5LP9`716MJQS,3]XT_O8[;<^P(=3NN##7>#"C'`>$SZ= MLW`(T#QX;N9=\/S''W]D\U4T\3UVZK)8OTWD`.^<3QQP6O*!P#$'TF8@2X8< M&77N&!`$?AJ?^&KI!Z,3%G\PY13#E1)5@B4*2?E/G">.W18AA_[^ M'%4U,T[?&[EXO,_'0XS/?&^ZHF%B4K%P,9_[0:381/!7X"\>@1L0F\^K-)'I M43AT\I9K,Y'G:2+OHN8\;Q8I/#SFSG.QV(R#^V4XN,_`81%,OY@4BRR_/9O' M%MMX[(79ZR&?O1ZVL1=AT.GV[V_?/%SV.[?=6.1CP6]UNCWFAD)8-98[8TA' MC[C/]Z=L&;A1Q#U4)0(+)&@GPJX#)W2'+'3<$9NZQ)*2D[GWZ'J<#181\_Q( MO?3\8.9,B?>Y"6HS?I3IAK2(5G..0Z**6TZ<"!_BDB3*$6CH$2'3G5U=?%S1 M`I8!^H)'YB#*_`14LVS$05E[H3N"-F/A]OF@S4$A+B_$(.!R.'0]H(GN$'-G:86_; M?>1I9SJ%X4)8>@FV?\=0V;%SRR1F_:@)0+O;^NFFC;-XT^G1QXT:42XQRAN` M-32?V@#)FL):*SFZN[_]\-$X09'W1DXPPF4Q;J^N#%RX][#R0!!G&OHP5@30 M1WSJK!!=L,&*]D(T3HA!9^`],3YR(SF\\:;?>=8.-,Q MK3[0$%0+B*E@A[)\),8I$0E:W=ONQW>=_D==6"5I$+N95'59?^("VMAF"?AP MZ(#N`(Z%J0>`WB/-!#7.2:*+$&.?9C7T9_,%^"YR^4F@EK$\;6,"[*V6&RCJ ML^XM`(`GN&:B/[YC2Q>6?0!`@,W"&>J1$?-!%Q)45_I-)J/9E[49(/Q8A!RD MUV#A3B,1/,&BRS4]BP,F7,.>3PN#E,)E2E!)C2;&=R"^\X%%V1$2LZ2LJQ1[ M(9PKQ`)$)":WB4-P9'UW+-Y"MR<@4G#6Z8$18X.I#S$C"2-1/03_;^E&DS36 M*WUV1"$T`8CD3(A"!2CQGA,?8M.'D`>GK4>D/2R<`0[;$T`[LTU+*?KKV_>L MTV=7#UW2]3UVI'D5I8SJETS5UQ0"(2'T3JQ?2'K$E,5LE7I`5E&*@!@`_%+H MRL#NI;2,#M1A-[=O">(%(8SVV.BU6_>7UZ?8^;AFG[9ZERA!9O0Y,@3*U"F, M5M`+QA"O@:*P)*P$D>WZM_=M&I?$!`D/2W^FQ$4MN!(V M$A)M(L=`[]3RHG&/%EI"7,^((3Y#76IU>A[0;Z8L9 MT@(=KE!3:VB*A],%^!L@B!#E#?C47YI2ZJG_SSUX0ZO?[K[M=-N]'&F/9;Z7 M*";P5(6Z0F(J%P=1(1&(%S?63(!(XGX)5RM$EM!\G;0J8QY7BA[T2"AMC%AW M9#QXX08IHT)N7FQ_3(EM:D1D(>Z%R&`TBVWHRA%B?0:T18>4#)V&->*2Z%_6 M"85])GX@_W<]2%?Q-SEIZ2C]4NB[ZX>W;;T3?!ZCIXMKBBI+\)GH'DYP+0AI MLA7$F^/`1?\)I`>U%XR(OA)X@L+5BKL@*HMI%,;2*K6/7!E7&C'T(R7*1$<` M<0;+3<,C_12TF1-&I`)`K$Z`H)+8),9PI_@%;Q"+^0IN3&;^@(# MI+8+;DMG+*.2I4,I%#<=QCFCD1!M)+_0?"V`"M0=PJ*$7.HNCT(+P'P,U$^' M2IG01IDP,G.HN%>"QTFQDAQE)!)Y6UI@/;;)A&G(D!(<:J/3C,P)MQ.6/L:' M$]*HV$5O]?1$FB8_^$3$A8XR1^829YZ*AJ>H:902>X?&,W%Q6/47.1IR%Z)8$@/I3*NS]1_E(PJ!!Q=!15%"FBQPT)&%CM0:S?43#Q- M$6>8;%DQ9&V1:FC3*GD@N27I0P`-V&!C= M'AN-@7C#8()^IZO;O6?;O;/Z%&)^RZ\_::/A))H0VVFP+C M8?IA+,V'#$;CT(!2-N1L;#3\\ZSA9R4#['O"1,+`8XIDGLN0(GF284+B'\F" M)G4+?HP=\E^MV'96_JM6(?_?Y4+Y5[MI M4OX/GG5!NZ^K$SCXNBJ!@Q>H$J!)=-ZT6X#RY2U$6NRGCQ<,,Y('[.?V?0^B ML0MFFQ;>HXJ\8.6*:=FFJ"8XD'W>=_K7%VP21?.+LS,T]G*'T`\>S\`Z]R<. MALMO%RZXU4\FNS?13A^PNX_]:_#DXW'*9@WW MFW:_U;GIF<]??!QJ"8!FM'^%*^MQCL'R':(AM MY5?[X\"?80L%Z7^P@?RL)46IF9ZRDCT56*T[`1@C,TXGQD4&VNE29/_B3>@$P#*$M0/I0(>/67G@ MEH;`%9[#;#'R$4$3KFR2XM_+3+"&G;(SC)&"%[AQ!L!.DF`#`2(:\!JG3P`` M/4*F_-N)P*JB/E3A@T6L?OH^.SL1E*'7'3OL^1.V\R;\_L\[85LMZ#Q)(,A\ M@IK?'.>7-ZUY_K369U)]SDS$QEVHHSY?1UVAZQ*Z*BB-<>ULPM7]UKAV-N.Z M(%SCJ"=&=K%34A;_2L99[)`4`"3O3G^I`<))O9>`=(#E+JF9;Y.BQ4XI>GCN M$GZ7^=LIO:J-1/V9KBPI$(&IM6&0VS&[`CM7A"5_\,KX_[)LY&7'V.[_5QMV M)>O_U\H-J_#_O\>E_']5@__%SIT__,0C+"@2.V3D[$4N%F(=2*==YI6'ON=Q ML:&KW#[JF_+\R#4D4&SF>.Y\,97;A:*#>+/689LOJ2IUDCVR,TQ5/@(@V0.Q MS?B/E/\3Y5F4?>B6W\9%^:]*\1;VM#1/$X]0?.E-WUVO?@V+_:EQ^: M!H0,9AT<_'+#M.M8''D0E\!\7N'025_^*MY3K&'\"(@6#ACMU=724LL MYH*6^*M)55S2^U4DIRFA1R7V<[C8NE`K`3V3(>1:("W\!:XG+DS$<+LO\N5V MF]B<$P6FF-F\?>@W;>H,C46I6+S'0?;I+"[JH[JPIF762,5[5)5PQD9N2)^H M+S1JW[12$XD))+>:,O,0F!"A>LU?:I95LTY8Q2Z?T\_J":O5*O@#/IU;%OZ` M-_7:^3G=PX-J]=SZ30Q%>Y2I#>K60_^Z:3@CP`5CM*;QLRFJC42ZK&G8-14+ MPD.L,&D:N-]CX$1ZE[#F$-YV*![K1.IAN6E\::0L:9$Z&8,T0)%,QVO8[+I] MPNH('V)L*`GH11"R".*/4/ M@86>\T^E\4MI&)DZ9JU0_O8>X:2+H`_SBNX/TQ#Y9V0^X<0'A)+GCX"BX`Q3B?4LD75L\F1U+61YE0[[R\#>6V[L`W]W@@ M,CVHG-^W?Y)Z,Z\'*HB/77,@%P1;$.DAWY8YGI,"[`.1,`@>BZY+(F6WE$(5C/"W?TDINYU M[H*F>&L"7[E1LL"&:2`R[;46:M^1WJN!PB141_3(SW@$Q\A;S`8\4$/]8F'P M"B^/Y%U)O;!3+^SD13GUHIR\J*1>4`J`D$W&:"=CM%-CM),QVJDQVLD8[=08 M[7@,FC`=?D76=KTYD/14_AYBG1.6_@S`9KJ/$ZKO`UT$DBT8Z(BIB;,?\6D) MD[!JRFN/ROJC7P&"FJK>LKT.K[T.KYT/KYV&5TJS\_O`!^Y3LS39SUBZ3QOL M^7/$O/F>R!HLJ:N@BN+!51CQ&2A%-\)F<&OBYZ.8IJ(>2#GC\`P/%C>=<(B> MYU%)"#YT9HX.V@B;='8Q`: MYYBD2A&9ZB%)QK'VFQT:Q^-CXU#"H)J5I+X%.OC"UU-@36IQE&B*I+(()W^8 MG@EI4_P&8EVCF9"I8*:%'1I*4U"^T),T)*K&*55O\`\QP!`8W#9 M896.&#(U^Z\F0V;,LF`\L\[=!?LA--7_Q@]*D$Z8%!_YH:P^"(T`*.'1B!$B M0Y-W11G'<()%S\"&@@JHX6*=!`LIYJUT4?I!.?L@'FF(NS!4+:DG'VD8>``F M(=&N@ZSI%!`HSL&/0&+ZG#(T>^&4\_D114RR@T4GW#X`FU9-G./<#UTU*,#0 M]2/N7-1$PFZ#!F7'F`ZDCK0H3;$HHLL`6/53'EAHE0/7HGN!X`?3`@0K:PBF M0)73&&[0_@K%?!P3)-=`ZUAJL`6:A.<')"7@65[',P7-SB"ZP8#%F&Y`5<-U M#7P*60V^Q!;0)60)73L'W11`*XOO!E.<(+P)8X6R,/JDG8;^PJ-*3Y`IJ9=2 MPHNUXVXXX2/3R-.]"LQ4U/9Z/`4IT7"_>C*CBS"E%D*!F_JAK@_I7N:"=^U0 M*P^MV^F^C<-B=2#IYO;M6WB^$PQZQ;ME.\_N/W7O^^W7HG297.XL#$H)L)7IM\ M<"2S-KIQ^@G'0QQE7]-DO8?+RW:O%V.&YX4\GX6+X1`/,9AX5FV/?Q[R>72Q M'=)5"\SF&T.9C6`E#M2J#!35VB)!D;F5-3I75D9L]GX6YP_I3`[[^W;O7I$* MF4:.@`N-#K$\V[:'!)'OCI+%)-M'5)&32=QPP.+A3IR&WA/D4+Y1G$;;TXD1 M&_UT*P4AYN=X?0FCA*6WA"`;II<_-QF!G(A\8FIR\M4+3@[6440_`C)`!%D& MOR\N8GC>[/=R/,8E3T1"I']ISN+LDMJP\]/!2RR8!ORO`9(BAJ=R`5S`_V_! M0UW$#I0;*T\>4-(I:;:-]?9DLZ:!9WW/J"N>3OPU^-5+SBY>,.W@(K["?T9J M:,'R$^Z,>+!AS&[>D++^1(\@=1RP`/J"?4!'`DN,*/6'T6,#*H5$C7KX0WA(7QP@B$)^+2[IK$3;)D=R M)"FB>XE!Q)=Q9*2'*9I7?QI/3@8",PH!DN'$4S4&94IBTN#A'$7QIL%*&*L-0MM*==&X7^!4YL'__0$?LKUHW MO3:][[=[?<&G&WE/D4QH(F0VBX0X^'.O3X*/X4'H8^7-QD)C&F_K^/.4P M(D8E;08II_)`*;5\HZ-^%@-LM_UT?:4BWX1(=P,>B9W> MAL>WUNZ2KJ3>-8,GDU(ZJC.:_U>+DN3HRO5H8MX^%3ZABYO M/8>CL?NZ>.WE*0FB&8_*S<C&]U'Q$OY2?ZBRG%#H^B```I M9WR]25'^W+JSNAZ5*%?U$)GX$'7](:[*H8AN,K1RGAU9L' M:IO@5;$?L'4_@-A/RQJJ3J1$BHV`8B/@WW@C8'O>?VO:/^.<[D[ZTXFJ6-6G MTOT;>ZB\_IJ,YOA=:2]KK4YN/;7MT]=FB,)%M`KHJ6%(+?DQ[>MA.0GK86P6O9;4$,!"530IUN'[A> M,/!=2((/!BMG-$IF**>03ZB= M=/H@#*]V3V96T4;,^P/9^P]DXXUDP;(QH,I':5A+&K(,_?2YQ9#^8""X)0B4 MYZEV!H!"#ZU]2\CS@C_UC2E%Y%=$?O_BR"]K%_[ED9\4OB\,^[866_Z18%!\ MH]"_;R2XO8RLB`^WQX>=NR(X+(+#(CC\IL%AVEG[NGJP)&Q,B^ZSR[_R7;9O M4?WU%RW^2N:\=;?,D5@ZP%:$9]]F_AL9X1& M7[NX>X].2'W.%_-]R=&HK"90Q]AT5?`=CD?E^!:!&(_AN?3,H[ M8B2_`;0X8E0<,?IV(2/HZN*(41$\_B<'CW^F(T;*=7J1(T;;9?O9,6:>9_G7 M"C(SV>0_;\"9$^I\142H6/#;QH/D$N&?'IAR_6OO=AVCT;9NW7'JJ^1=^7WZ MG*F_MD0.$1:?.Y'XPR.R`!TKR]6C.,2,J^O3A[CW\@Z$2"2$N-,7.]&7N8=Q MA.OH%:U?&^+N[8YR%4;:-\^'OOZG1M9F8B+ MI/-+I'>[H7MQ?;E^JDIHR;?MOFSR]<7W^<>2]O0C"VKLL^2/D<7<^>?Y/I_NVDA20"@```` ` end 6) HOW TO USE THE TOOLS ------------------------- From section 6.1 to section 6.3 i will explain how you can use these tools and in which ways you could do that. The content of the sections is about configuration, control and security. For sure, there are much more ways and ideas to secure a system with these and other tools but i cede this to your creative brain because this paper is *no* detailed security howto - it's just a *short* and smart overview of a possible concept - written for curious, interested security novices. 6.1) CONFIGURATION -------------------- You can use these tools for a better configuration of you hardware and software. At first you have to check your system and network for known and maybe unknown security holes. Close all useless ports ( services and demons ) which you don't need on your system as a first simple security way. Try to break the security of your system and of your network. If you find bugs, maybe with the help from some exploits too, then try to fix these security holes with patches, updates or with your own solutions. examples: You can check the funkrange between your access point and your wireless lan card of your wireless lan network with a wireless lan sniffer or with a scanner program of that kind. You can test the security of your firewall with a scanner, sniffer or a backdoor program, to call just a *few* things you can do for more security on your own system. Here is a scan with "nmap" on a linux box at "localhost": --------------------------------------------------------------------- [root@ ~]# nmap -v -sS -O localhost Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-01-27 10:00 CET Initiating SYN Stealth Scan against localhost.localdomain (127.0.0.1) [1663 ports] at 10:00 Discovered open port 111/tcp on 127.0.0.1 The SYN Stealth Scan took 0.06s to scan 1663 total ports. For OSScan assuming port 111 is open, 1 is closed, and neither are firewalled Host localhost.localdomain (127.0.0.1) appears to be up ... good. Interesting ports on localhost.localdomain (127.0.0.1): (The 1662 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 111/tcp open rpcbind Device type: general purpose Running: Linux 2.4.X|2.5.X OS details: Linux 2.4.0 - 2.5.20 Uptime 0.003 days (since Sat Jan 27 10:00:11 2007) TCP Sequence Prediction: Class=random positive increments Difficulty=3994719 (Good luck!) IPID Sequence Generation: All zeros Nmap finished: 1 IP address (1 host up) scanned in 2.201 seconds Raw packets sent: 1679 (67.4KB) | Rcvd: 3364 (136KB) --------------------------------------------------------------------- The programm scanned 1663 ports but just one port was open. It was TCP port 111. All other ports are closed. The OS detection shows a linux system with kernel 2.X -- that is right. You need root to do this scan. NMAP is always also for windows there to download. IMPORTANT: All these tools must also be GOOD configured. Without a good configuration of this tools your security could be useless and buggy. 6.2) CONTROL -------------- If you want control or check the main computer, the server, of a network constantly then you can use a keylogger. Admins often sit in front of a server which must be controlled. This is useful to check the system and the network for unauthorized access. ( persons which should have *no* access to the server ) If an unauthorized person has access to the server of the network - the logfiles of that installed keylogger soft- or hardware should show this hopefully. Here is a shot with the program "netstat", to look for connections: ( unix / linux ) ------------------------------------------------------- [user@ ~]# netstat -st Tcp: 0 active connections openings 0 passive connection openings 0 failed connection attempts 0 connection resets received 0 connections established 6726 segments received 3370 segments send out 0 segments retransmited 0 bad segments received. 3352 resets sent Udp: 0 packets received 2 packets to unknown port received. 0 packet receive errors 0 packets sent TcpExt: 18 resets received for embryonic SYN_RECV sockets 0 packet headers predicted 0 TCP data loss events ------------------------------------------------------- And we can see: there are no active connections at TCP streams. But a monitoring tool would be better for this job. You could also install backdoor clients on every computer which are connected on the main server. With this you can control everything easy f.e. shut down the computer when he's not in use any more, start and cancel internet connections and so on. When i say control - i don't mean spy at others with this control. I mean control a computer system with this. The meanings between control a system and control a person ( a human life ) is immense. In ethical speech: Everybody should *always* respect the privacy of others. With "ps -A" ( linux / unix ) you can see what programs are running: -------------------------------------- [user@ ~]# ps -A PID TTY TIME CMD 3081 tty1 00:00:00 ps PID TTY TIME CMD 1 ? 00:00:00 init 2 ? 00:00:00 keventd 3 ? 00:00:00 ksoftirqd_CPU0 4 ? 00:00:00 kswapd 5 ? 00:00:00 bdflush 6 ? 00:00:00 kupdated 99 ? 00:00:00 kjournald 335 ? 00:00:00 knodemgrd_0 456 ? 00:00:00 khubd 838 ? 00:00:00 portmap 1003 ? 00:00:00 cron 1009 tty1 00:00:00 bash 1010 tty2 00:00:00 bash 1011 tty3 00:00:00 getty 3085 tty1 00:00:00 ps -------------------------------------- So here is no logger running and no spyware or sniffers visible. Do NOT forget: because you do not see something must not mean that there is nothing like sniffers and so on. They could be hidden. Under windows you can take a little look at the "task manager" if you wanna see what services are running at moment. With this program you can start and stop services. But here are the same rules like said before: not always is what you see the only thing which is there. 6.3) SECURITY --------------- However, these tools are for testing the security of *your* system and *your* network. They are not for illegal activities, like told before. Use these tools to check and secure your system and your network for known and unknown bugs ( security holes ) - there are lots of ways to do that. Develop your own security concept which is proper to the needs of your network and your system. Security is a concept with lots of possibilities but not all are secure - flexibility is *always* good. Well, that's all about this here. I won't tell you more, use your creativity and your intelligence too. At least you have to consider about what is to do or not to do at the right time - at least it's your own system. So this here is more for your mindset. Check your situation. Make planes && ( and ) "make install" on them. Read security mailing lists, search for good and good visited ( independent ) security sites ( f.e.: http://www.rootkit.com/ ) - get informed and stay informed. Knowledge is the best for good security. A very good technic site for security is: "http://www.phrack.org/" . "http://www.astalavista.com" is also a very good security site and a click worth. Also read this under unix, it is very good information: ------------------------- [root@ ~]# man security ------------------------- 7) ATTACKER DETECTION ----------------------- The detection of an attack can be very hard if you are a novice user or administrator. Bugs are not dead and they seem to be normal in the development of hard-, soft- and wetware - bugs are a part of our life. Every human has bugs and often soft- and hardware too. If you can't detect an attacker on your machine then your system seems to be insecure and your detection unusable at least. Again, you should set up a good configured firewall and also an automaticly intrusion detection system. ( tip: It's always good to read security mailing lists to widen your knowledge. A very good site is: "http://www.securityfocus.com/" - "http://www.slashdot.org" is also a good news site and a read worth ) Protection is the step which you should choose before a possible detection could happen. We'll talk about this in "section 8". 7.1) INTRUSION DETECTION -------------------------- You can do lots of different things to detect an attacker on your system. A good way is to check your logfiles constantly as often you can and you could also do a SHA1 checksum on every logfile that you can see if something in that files was changed or deleted. You can also use SHA256 which is securer. Here is a example how a SHA1 hash could look like: -------------------------------------------------------- [root@ /var/log/]# ls -l wtmp -rw-r--r-- 1 root wheel 130 Jan 27 10:00 wtmp [root@ /var/log/]# sha1 wtmp SHA1 (wtmp) = 1413445651bbabeb2652860f06f7d2acb5bb994b -------------------------------------------------------- SHA1 makes a a 160 Bit cryptographic checksum. MD5 by the way is broken and insecure. It exists an attack where two different compiled bin files have the same MD5 checksum. You could also write or use a software wich makes automaticly copies from your logfiles often and send them through a encrypted connection to another server or encrypt and save them on your own harddrive or something of that kind - again, like said before: use your own creativity and imagination. You can also check every file which seems important to you. Do a SHA1 or SHA256 checksum on them and maybe control the sizes of them if you can. Use tools like "snort", "tripwire" and "chkrootkit" to detect some possible attacks on your system. Control your traffic with a good firewall filter. Make a portscan to find open ports that should be closed. Create a little honeypot to find attackers before they can break your security concept or privacy. - "http://sf.net/projects/tripwire" - "http://www.snort.org" F.e.: Write a little honeypot by simulating an FTP, HTTP, SSH or whatever server. Write it so that when somebody connects your program logs the source IP from the packet, gives an alert, makes a trace and / or disconnected your connection to the internet. A nice idea would also be a fake FTP server with anonymous access ( and logging of course ) . This program could run on every machine in the cafe or just on the main server. You could also create a honeypot for SYN scans ( half scans ). ( If you are a beginner and wanna start with programming then it is no wrong descision in my oppinion to learn python - www.python.org . It is OS independent and very good documented (good to learn), a good HowTo is included and many code examples. Reading on "http://rfc.net" is also recommend. And of course: get a UNIX and study it. ) A run with "chkrootkit" on your system could look like this: --------------------------------------- [root@ ~]# chkrootkit | grep INFECTED --------------------------------------- 7.2) AUTORISATION ------------------- If an attacker has passed by every security and has successfully entered your system then he should have a *hard* way to do something on your computer. But often he has root ( admin rights ) when he is on your system over a security hole, if not - you got luck. With the program "w" ( linux / unix ) you can check who is logged in: ----------------------------------------------------------------------- [user@ ~]# w 10:20:00 up 8 min, 2 users, load average: 0,08, 0,09, 0,04 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 - 10:00 0.00s 0.88s 0.00s w user tty2 - 10:01 2:19 0.03s 0.03s -bash ----------------------------------------------------------------------- So there are just two users logged in - "root" and "user". Give important files which others should *not* read or use only root permissions ( f.e. with "chmod 700" ) and put them in protected directories or on encrypted partitions on your harddrive. ( f.e. with "gbde" ) Before an attacker can do everything he want, he must become the highest authority status on your system at first ( "su" / root ). Here is a little example for the use of "chmod" ( unix / linux ). First we create a file with the word test in it, look at the actual chmod and read it with "cat". After this we change the chmod to 600 for read and write rights ( r/w ) but only for root. User will have no rights. (0) ---------------------------------------------------- [root@ ~]# echo "test" > testfile [root@ ~]# ls -l testfile -rw-r--r-- 1 root wheel 5 Jan 27 10:20 testfile [root@ ~]# cat testfile test [root@ ~]# chmod 600 testfile [root@ ~]# ls -l testfile -rw------- 1 root wheel 5 Jan 27 10:21 testfile [root@ ~]# cat testfile test ---------------------------------------------------- Then we log in with user status and try to read it again with "cat". ---------------------------------- [user@ /root]# cat testfile cat: testfile: Permission denied ---------------------------------- You see, it is not possible to read it now. Only root can read it. With the program "last" you can see your and maybe other logins which were done on your machine in the past, here is a little snippet: ------------------------------------------------------------------------- [root@ ~]# last ad :0 Sat Dec 15 15:25 still logged in reboot system boot 2.6.19 Sat Dec 15 15:25 - 16:02 (00:37) reboot system boot 2.6.19 Sat Dec 15 05:01 - 05:03 (00:02) reboot system boot 2.6.19 Thu Dec 13 11:13 - 11:21 (00:07) reboot system boot 2.6.19 Mon Dec 10 13:40 - 13:40 (00:00) ad :0 Sun Dec 9 19:51 - 19:51 (00:00) reboot system boot 2.6.19 Sun Dec 9 19:50 - 19:51 (00:00) wtmp begins Sat Dec 8 18:17:36 2007 ------------------------------------------------------------------------- Again, find out the best security concept for your computer or network, it's an *individual*, complex field and because of this we can't go to deep in every possible detail - it's too much for a quick and smart overview. However, everything which is important to you and others should be protected. *Never* give persons which you don't know good enough admin rights - this would be careless. You *can't* know what they will do with this permissions! ( f.e. invite other users or create new profiles for others and so on ) 7.3) ANTIVIRUS ---------------- An antivirus program can help you to find viruses, worms in your operating system and also evil programs like rootkits, dialers and trojan horses. The most viruses are known for windows probably but also linux and unix can be infected with them. An antivirus program is scanning for *known* signatures of evil software. So if a new virus comes out or a trojan and your antivirus software does not know the signature of this evil software - the program will NOT find it probably. So here you need updates of your software probably _every_ day cause every day a new evil virus is born. So this means because you have an antivirus software you will not find every virus with it - only the ones which are in the database of your program. ( the known signatures ) A good and FREE software is AVIRA. It supports windows, linux and unix and can be downloaded here: "http://www.free-av.com/" . There you will also find a software to detect and delete rootkits. 7.4) LOGGING -------------- Logging is very important but it also can also be a security risc. Some logfiles can show attackers a lot about how the system is used, how often, when it is used, who uses it and how long and so on. But like said it is important because you can see if a person has access on your system who is not allowed to have access. An attacker could use logging cleaners to wipe away the evidence of his intrusion. Some can be detected and with some ways you will not find out what he did probably. If you were online just for a little while then check your log files soon after. Or better: check them always after every surfing if possible. If you were online for hours, days, weeks and months and you check your log files then you have *A LOT* to watch - too much probably. In a few minutes a detailed logging of every packet can cause *a few* megabytes of traffic! If you run different kinds of software which all are logging there stuff then you have even more to watch. So do it as soon as possible and how often you can. As a little security concept we could store our log files into the RAM with a RAM file system / partition in linux or unix. After every reboot all of our log files are delete and you can not restore them with the help of software from the RAM. So a "cat /dev/mem | grep $whatever" after a reboot will not find something from the session before. In unix we can use "mdmfs" and in linux "ramfs". ( use "man mdmfs" or/and "man ramfs" for more information ) As two examples, for unix and linux "/etc/fstab" could look like this: ------------------------------ [root@ ~]# cat /etc/fstab md /tmp mfs rw,-s200m 2 0 md /var/log mfs rw,-s50m 2 0 md /root mfs rw,-s400m 2 0 ------------------------------ So this was for unix. In that example we are mounting on every boot "/tmp" for our temp data, "/var/log" for our logging data and "/root" for our root directory. The "-s" is for the size of the partition and the "m" behind for megabyte. The system will always only take the space when it needs it. In linux it could look like this: -------------------------------------- [root@ ~]# cat /etc/fstab /dev/ram2 /tmp ramfs noatime 0 0 /dev/ram3 /root ramfs noatime 0 0 /dev/ram4 /var/log ramfs noatime 0 0 -------------------------------------- That is all. "/dev/ram*" are our RAM devices which will be mounted. Nevertheless we can _wipe_ all logging files before we reboot or before we shut down our system. 8) HOW TO AVOID ATTACKS ------------------------- A good protection is a good way to avoid attacks from an unknown and unauthorized access of other strange people. You can use encryption and you should make updates for your system and the programs on it every few days. The more you are using the internet the more you should do updates. 8.1) ENCRYPTION ----------------- Encryption is good for your network connections, chat connections, private data, your email and also for a secure surfing on the internet. For network connections or chat connections you can use ssl and ssh ( "http://www.openssh.org" and "http://www.openssl.org" ) tunnels or programs which support these services. ( f.e. the chatprogram "irssi" for IRC, or mozilla mail { "http://www.mozilla.org" }, to call just a few - "http://www.irssi.org" . ) Xchat - "http://xchat.org" - a chat tool - is also very nice. ( tip for beginners: Do not use your real name as nickname in chats. ) A nice client to client program is cspace ( "www.cspace.in" ) which uses a strong encryption with RSA and SSL. It is a chat tool and you can also send files with it. Tip: The ICQ (I Seek You) messenger by the way are logging everything you write and after you hit send, they have COPYRIGHT of all which you wrote - that is right. And then they can do with your stuff whatever they want, also commercial usings - selling your thoughts / privacy. You can read this in their policy on their website. Do NO longer use these evil service. ( Use encryped and anonymous IRC servers instead or use Jabber. ( "www.jabber.org" ) Both can be used with TOR. ) If you use wirelesslan connections, set a security key on them. You can attack wirelesslan now with aircrack ( "http://www.aircrack-ng.org/" ). That means that WEP and WPA-PSK is not so secure any longer. If you want to encrypt your private data or your emails you should use pgp or gnupg, they use a strong and secure algorithm. ( up to 4096 bit ) ( "ftp://ftp.kiarchive.ru/pub/unix/crypto/pgp/" ) With "gbde" you can also encrypt your swapspace by the way. ( at FreeBSD: "/usr/src/sbin/gbde/" ) To do so we need 2 files and two lines in FreeBSD, and do a random overwriting before: ---------------------------------------------------- [root@ ~]# dd if=/dev/urandom of=/dev/ad0s1b bs=1m [root@ ~]# cat /boot/loader.conf geom_bde_load="YES" [root@ ~]# cat /etc/fstab | grep bde /dev/ad0s1b.bde none swap sw 0 0 ---------------------------------------------------- This is all you have to do to encrypt your "swap space" on FreeBSD. For a secure surfing on the world wide web ( www ) you can use anon proxyserver with an opensource browser like firefox. You can additive use http encryption ( "https" ) - http secure - if you surf on sites which support these service. ( "www.mozilla.com/firefox/" ) For a secure file transmission use an encrypted ftp connection ( sftp ) - secure ftp. ( at FreeBSD: "/usr/src/secure/usr.bin/sftp/" [ in the "../src/.." archive you can compile the software for yourself if it is there with a "make && make install" on your unix / linux terminal. ] ) For a secure and anonymouse surfing you can use the site: "http://www.anonymouse.org/" . Another good secure and free program is TOR. ( "www.torproject.org" ) . TOR can be used under windows, unix and linux. You can chat and surf over TOR anonymously and SECURE, it uses a lot of mix notes as proxys, your connection is always encrypted with it. ( Hint: TOR servers , the exit nodes , _could_ also be government servers to spy on you, same with proxy servers. You _must_ disable JAVA in your browser to avoid a posible IP ( yours ) spy attack. You can insert code over TOR exit nodes but without JAVA this attack is not possible. ) There is an option in privoxy, the webfilter which is mostly included in TOR, which is for hiding your browser and operating system, so nobody can see this data. You can enable this option in the special privoxy file, just search a bit in the privoxy directory. You can also disable logging in TOR - just edit the special file in the TOR directory, this is all easy because all files have *good* comments. When there are logfiles present - an attacker can very easy see what sites you have visited. Important: to see if you HTTP or FTP proxy is running in your browser and if you are anonym go to a site like: "http://www.ip-adress.com/" - there you will see your IP, your actual HOST, your operating system and your browser. You have to edit the file "default.action" and search for the line: "-hide-user-agent \" - change this line to "+hide-user-agent{Privoxy/1.0} \" if you wanna hide your operating system and your browser. Here are more (SSL) web proxy sites: - "https://www.vtunnel.com/" - "https://www.fastwebproxy.net/" - "https://www.beatfiltering.com/" - "https://www.polysolve.com/" - ... For fresh proxy servers search in: "http://www.proxy-servers.org" . To encrypt a file under UNIX with "bdes" you can use this syntax: ------------------------------------------- [root@ ~]# bdes < input > output.bdes [root@ ~]# bdes -d < output.bdes > output ------------------------------------------- The first line is for encryption. The second is for decryption. This tool uses a strong DES encryption. You can also encrypt your files secure with RAR, the compress program, that is right because it uses a strong 128 bit AES encryption. 7zip is also a compress tool and uses a stronger 256 bit AES encryption. Both programs run on many operating systems. The difference between a file which is RAR encrypted and a file which is BDES encrypted is that file two ( BDES encrypted ) looks just like /dev/urandom data and the other RAR file looks like an encrypted RAR file ... The links to download are: - "http://www.win-rar.com/" - "http://www.7-zip.org/" Under windows, to encrypt a partition secure, you can use the tool "truecrypt". ( "http://www.truecrypt.org/" ) For SSH you can use "putty" ( "http://www.chiark.greenend.org.uk/~sgtatham/putty/" ) and for SFTP use "psftp" . To encrypt files under windows you can use the program "file2file", it uses a strong AES encryption and is free and very small. ( "http://www.cryptomathic.com/" ) or "http://sf.net/projects/openssl32" - the good windows OpenSSL version. If you use filesharing programs or networks ( peer to peer [p2p] ) and you wanna be anonymous you should check out these links here: - "http://gnunet.org/" - "http://freenetproject.org/" - "http://mute-net.sourceforge.net/" - "http://www.i2p.net/" - "http://www.freehaven.net/" If you want a free, secure and anonymous operating system you can try: "http://sourceforge.net/projects/anonym-os/" - Anonym OS . And don't forget: use *strong* passwords! 8.2) UPDATES -------------- Check your system and your programs as often you can for new updates. An update is often a bugfix or a new implementation of a new feature for the program. But with a new update often comes a new bug. Nevertheless, do updates if a new stable version of your needed system or program is available because this is much securer than to have older versions of them on your harddrive. Download the needed bugfixes, patches and updates only from trusted sites or from the original site of the system or the program and try to check the SHA1 files if they are present, this could prevent you from download errors or a possible file manipulation over your data stream. A complete system "update" for linux "debian" in five steps: ( just the lines without the output from "stdout" ) ---------------------------------- [root@ ~]# apt-get update [root@ ~]# apt-get upgrade [root@ ~]# apt-get dist-upgrade [root@ ~]# apt-get clean [root@ ~]# apt-get autoclean ---------------------------------- You must be root to do this by the way. You can also install new software with an "apt-get install $program" on the "terminal". Windows normally makes automatic updates but this option could also be a security risc. So i would say you better check them sometimes by hand and / or search http://www.microsoft.com/" for bugfixes, patches and security reports. And do not forget: you better close the remote control from windows if you do not need it. 8.3) BACKUPS -------------- Backups of your files are _important_. An attacker could delete or change some sensitive contents of this files. Without a backup you have to write, configure or program them again. This could cost you much of your valuably time. Sure, you can't avoid an attack with a backup - it's for prevention. Do a backup of your files as often you can if the content of this files has changed. Save your files at "secure" places - protected and encrypted if possible or necessary. Two or more backups at different places are maybe better than just one. ( f.e. at your USB -- of course *encrypted* ) A secure place could be a fire save tresor. For a backup from your "/home/user/" directory you can hit the following two lines into your terminal on a unix system: ( Without the output from "stdout" . ) ------------------------------------------------------ [root@ ~]# mkisofs -R -o backup.raw /home/ [root@ ~]# cdrecord -v speed=20 dev=2,0,0 backup.raw ------------------------------------------------------ We created a file with all the backup data in ISO 9660 format with rock ridge extensions with "mkisofs". After this we burned it with "cdrecord". You must do a "cdrecord --scanbus" to detect your device from your cdrom before probably. Another good burning program for unix and linux is "K3B" . For windows i would say "deepburner" is a very good burning program. It has many good options , is just 5MB big and is for FREE. ( www.deepburner.com ) 8.3.1) DATA RECOVERY ---------------------- You could make an ISO file from your system or from one special partition and then save it encrypted on USB or a CD. When this partition is destroyed or manipulated you can simply copy the saved ISO file on the same place it was before. With this you do not have to compile everything new. Do this after you made a FRESH and CLEAN installation. 8.3.2) IMPORTANT TOOLS ------------------------ To secure your system a bit more you could also save all important programs to USB or CD and save it on a secure place. You could copy these programs every day new on your harddrive. These tools could be: "ps", "netstat", "w", "who", all sort of hash program ( sha1 etc. ), "chkrootkit" and also your kernel. Sure, there are much more programs you could save and copy every day - develop your own concept here. After copying them: check them all. ( run them all ) 8.4) BASIC TIPS ----------------- There are a few basic tips you should *keep* in mind to prevent a possible abuse of your private files or accounts. - Before you start a session in an internet cafe and enter some sensitive data like your account login and the fitting password you should look under options in the used browser and check if the automatic storing of logins and passwords is enabled. If that's the case: turn it *off* and *delete* all stored accounts. This may help lots of other people too. You could enter this stored accounts simply. You have only to type the stored login data into the right login field and the matching password comes automaticly. - After your session: delete the history in the browser, delete all downloaded files and also delete the trash, delete the cache and close the browser - you often can "surf" simply back to the visited sites about the back button in the browser if the browser wasn't closed after a session. Delete also your cookies. - If it is possible then delete the cache , the downloads and the history with a wiper. This is much more secure. - If possible after a session then wipe the free discspace and your private data. - It is also good just to disable the history, cache and cookies. - Run XP AntiSpy and configure it at windows systems. It is free. ( http://www.xp-antispy.org/ ) - Disable also JAVA, automatic software update / download / install, active X and maybe picture viewing if possible and enable your popup blocker AND disable flash ( it can be used in a TOR attack ) - You should not make accounts on "social" networking sites ( the good known "web 2.0" hype ) if you wanna have a good privacy. I mean services like myspace or facebook. With these accounts you can make good profiles of people, also just with their comments on other profiles which do not need acces with a login - this can tell a lot about peoples lifes. Many bosses make researches on such sites to look what kind of person wants to get the job. So imagine: what will the boss think when he is seeing you drunken on a photo or making very stupid comments? Maybe or probably another person will get the job - so please: TAKE THIS SERIOUSLY. Such a profile can be used against the owner. ( also very good for password attacks ) My tip is: make real friends, not virtual friends with one "click/add". There are profiles on myspace with 100s, 1000s or 10.000s OR 100.000s of "friends" - do you really think that these are all TRUE and GOOD friends - with just one "click" or "add" ? - To exclude the content of your website from search engines you have to configure a "robots.txt" file, search the net for more information. Some sites make screenshots of your site ( www.archive.org ) every month or more times and store it forever in their archive, if you had personal content on your site you will find it there back to the year 1996. So if you had a website with personal content on it in the year 2000 and it had no "robots.txt" file - it can probably found there. If you have problems with this you can write them to delete your site(s). - A nice software piece to detect evil software on your system is "Spybot search and destroy", you can run it under windows, it is for FREE and very small and fast. Here is the link: "www.spybotsd.org" 8.5) LIVE CD -------------- A live CD can also help to protect against a possible attack and it can take down much of the riscs. But there are some points we should keep in mind because without them we are not so secure as we want to be. So we download an ISO for a live CD from a http or ftp site and burn it. ( Maybe http://www.distrowatch.com/ ) Now there are two ways how we can use it: - your own private live CD , just downloaded or selfmade - the internet cafe has a live CD for every computer on the network, also just downloaded or selfmade In case one we must ask in the internet if it is ok that we wanna use a live CD for surfing because of security reasons. Many internet cafes have their own, often selfmade, money software. There they can see how long you were online and how much you have to pay. I would say that the case is rare where you can use a / your own live CD. But if you can you must have a little bit knowledge of how you must configure your network IP. ( Normally a live CD makes this all automatic but you can make it also by hand with "pump" or "ifconfig" and "route" under Unix / Linux. ) In case two they could have live CDs for surfing and also selfmade ones with selfmade software for the surfing costs. But to go to a higher security lever we can do much more than using a live CD. If we have about 1GB of RAM we could just use the the live CD without any harddrives (HD) installed or mounted. Cause HDs are easy to mount under unix and linux, this kind of software is normally installed on every unix and linux box as a standart. So if someone hacked you over your live CD and you do a reboot - all data is like before. But with a mounted HD with windows on it for example the attacker can manipulate windows *easy*. So the better idea would be to just run a live CD from RAM ( A very good small one is *DSL* - Damin Small Linux, a 50 MB live CD! So the rest of space would be for downloads. ) or use a HD just as a place to store something ( data ) so nobody can manipulate the operating system ( OS ) because there is no OS on the HD - only free space. And after a reboot, if you installed or downloaded something your system is so fresh like before, cause you can NOT manipulate a live CD when it is in use. ( Doing it would be hard! ) Even when somebody hacked you over your live CD while you were online - after a reboot everything is ok again. ( Only from RAM or with a HD only for storing something without an OS. ) But the question we must ask ourself is now: Can we *trust* the live CD we are using in the internet cafe ? Could they be manipulated ? Who knows ... Here are some more of the riscs we must look at. If there was some data on the HD , a trojan horse could be binded on it without you can see it so easy. Sourcepackages on it can be replaced with manipulated code. And so on and so forth. I think you understand what can happen. Also the attacker could have sniffed your passwords or some sensitive data. If you reboot or not it does not change the fact that he has them. A reboot can NOT help against this case - that is clear. But what we can do after an attack when we noticed it sooner or later we will discuss in the following section. ( 9. - after a broke in ) Other good LIVE OSs are: - "http://www.gentoo.org/" - "http://www.dragonflybsd.org/" - "http://www.freesbie.org/" - "http://www.puppylinux.org/" 8.6) SECURE EMAIL ------------------- It is no wrong descision to use free, secure and anonymouse email accounts. Because when they hacked your email account and you gave all your personal information ( real name, address, birthday etc. ) away - the attacker can do a lot with this data - social engeneering f.e. . So use better email accounts where you only need a nickname, a password and nothing more. Two good sites in my oppinion are: "http://www.rootshell.be/" and "http://www.safe-mail.net/" -- there you have a free, SECURE and anonymous email account. Secure because you have a SSL connection when you enter your email box. Without SSL everybody could sniff your password in plaintext over your connection - with SSL your password is encrypted. You better DO NOT use email accounts without SSL. Avoid your real name as your email address. Tip: For more security delete all your email after you read it, so read it and then delete it, then you do something for your mind and for your security because when somebody hacked your account he has nothing to read so no information. It is good for your mind because many stuff then is saved in your brain so your brain has more work to do in a good way. "http://www.bluebottle.com" is also a nice free and secure email site. Do not abuse these free good services with lame anonymous jokes or useless spam. They are made secure and free for *you* as a gift. For more security on your email account you can delete every email you get after you had read it - so read it and then delete it. If someone has access to your account he will probably find nothing or not much because there is nothing stored. Store it in your brain instead. 8.6.1) REMAILER ----------------- You can also use a remailer where you do not need a login and a password - you just need the email from the person which you wanna write and the remailer program or website of course. Your source IP will be deleted and the email which the person you wrote will get will have a source IP from the remailer site. So remailers are for your anonymity. Here are some services and programs: - "http://sourceforge.net/projects/mixmaster/" - "http://www.quicksilvermail.net/" - "http://anonymouse.org/anonemail.html/" 8.6.2) HOW TO DEAL WITH SPAM ------------------------------ This section here gives you some tips if your internet cafe has its own website with an email to contact you to protect you from spam in very simple but secure ways. Today, when you publish your email openly, you have high chances to get "attacked" by spam. I think more people should handle their email like their telephonenumber - would you put it on the web openly that everyone can call you at home? ( Ok, some people do this .. ) If you look on business websites and their guestbook you can see that many people wrote their email in it in plaintext that bots can easy use it for their uses. If you sign into a guestbook you should not put your private email in it and you should not sign in with your real name - if you want privacy. But you could make a second non private email account if you wanna use your/a email openly. Also do not use user email accounts from T-Online for example because when this account will be hacked they also have your user data and much more. Many email addresses of this kind include the real name of the person as email name - you should not do this, except or private or business reasons. So how can we deal with spam? I think it is better to _AVOID_ spam from the first place then to fight it after you have it. And this is SO EASY. Write your email not down like "myname@domain.com" - write it down like "username (AT) domain (DOT) com" - with this syntax a bot will not understand that it is an email. You could also place your email on a selfmade image with a graphic program - again, a bot can not understand this kind of data. Spammer would have to write down every email by hand and had to surf the web by themself because bots will be USELESS. To program a bot who could understand such data would be very difficult. So with this ways you do not need an anti spam software or filter. But you could also configure your email server that it will block the evil IPs - in that case you can search for a blacklist of spamservers too. If you have already spam problems then delete the email account now and make yourself a NEW one and do not make the same mistakes again. 8.7) INSECURE BIOS -------------------- Do NOT trust BIOS passwords. When you have access to the inside of the computer in the cafe you can just take out the BIOS battery, reverse the BIOS battery put it and then put it in right reversed again. Then you have a complete BIOS RESET and the password is deleted. Now you could enable disabled CD-ROMs , HD's or whatever. I tested it on an own computer - an AMD 200MHz model with VESA BIOS. When you only take out the battery for some time and put it in again without reversing it then the password is not deleted and there is no reset - so no effect. So it was when i tested it. So the battery is here is like our KEY. And yes, this may sounds lame and maybe it is but it is functioning. Please ONLY try this when the energy from the computer is TURNED OFF. normal: reset: 1) + 2) - __________ 4 __________ 4 3) battery .--1----------------. _/.6---2-----..\_ 4) + [_ 3 _] [ 3 ] 5) - `\.6____2____../' `-1---------------' 6) isolation =============== 5 ================== 5 There are many master password lists in the internet and special ways to hit some keys on boot to get the BIOS password too. ( Use a searchengine to get this information. ) So BIOS is not very secure. It can also be hacked and manipulated - so it can hide a trojan horse. You could update it every day to avoid this. Some passwords from BIOS can be disabled with special jumper positions on your hardware. You must search for the special manual of your board to get this information. A very good paper about BIOS hacking is here: "http://phrack.org/issues.html?issue=64&id=12#article" . To get some BIOS information under linux you can enter the following syntax into your shell: ------------------------------------------------------------------ [root@ ~]# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null \ | strings -n 8 > info ------------------------------------------------------------------ With this you should get information like this: ---------------------------------- [root@ ~]# cat info | grep BIOS Phoenix NoteBIOS 4.0 Release 6.0 ---------------------------------- 8.8) BANK ACCOUNT ------------------- I would just say here: do *NO* money transmission in an internet cafe. Doing it at home is also not so save but in an internet cafe it is much more dangerous and insecure. You should *go* to your bank and make your money transmission there, this is more secure. Think about what we talk here and think about what will happen if somebody has access to your money and bank account over the internet. You can simply avoid this by doing it at your bank. Here is trashing also possible - so destroy your papers before you send them into he trash or send them to the trash at your home. ( Many stuff today is *much more secure* when you do it by hand, not by technology. Our world goes in a direction where everything will be done by robots and computers, so "everything" goes automatic. This is not bad at all but when these systems will fail it can cause great problems. Think about the hot summers where the hot temperature can destroy computer chips and what all can happen through this. I have seen also lots of places where machines became the jobs of humans to save money of course - on train stations, there the working places from the humans who worked there before were CLOSED FOREVER. The machines can work 24/7/365 with just a bit electric energy - no human can do such a job. ) 8.9) KERNEL ------------- The kernel is a very important part of the operating system. It is managing a lot of processes. You should configure your own kernel for your OS or/and you should always make kernel updates ( bug and security fixes ) and/or you should install securiy kernel patches. A good site for secure linux kernels is: "http://www.openwall.com/linux/" 9) AFTER A BROKE IN --------------------- This is a very important section. What you must or have to do after a broke in / attacker detection is important like securing the system itself. You could notice an attacker by a look in the log files, an alert from a detection program, an alert from a honeypot, a changed file, a deleted file, an open port with a strange software on it, a massive data streams over your connections, a massive noise from your working harddrive, your CD-ROM is reading a CD from "alone", your upload is away , you just make a search - and find something (program), someone (attacker) or a trace (log entry) or the admin could notice the attacker behind the server with a monitoring tool or an intrusion detection system. However. So what can we do then ? If the attacker is connected you can make a tracert or a portscan to his system and maybe send him a message. You can disconnect your internet connection. The best is to *pull the plug* and then search for more. The longer the attacker is connected to your system physically the more chances he has to wipe his traces or to get more data from your system. If you do not pull the plug, his (hidden) programs could make a new connection from the computer to the internet automaticly - this is possible. When you pulled the plug you can search for his programs which often encrypt all data they send and try to hide themself in tricky ways. ( trojan horses or rootkits ) Offline you are secure against online attacks. It would be better when you tell the local admin from the cafe what happened. He then has to scan the whole network, the server, the router and probably every connected computer in the cafe. Lots of work, yes. As admin from the internet cafe you better set up a *fresh* and completely *new* system with completely *new* and *strong* passwords. You should make software updates and also search all other computers for bugs. If you know the kind of the attack or the bug or the attacker file (program) then scan all other computers with this knowledge and secure them if needed. Then change all passwords on the whole computer network and tell all people there that they should change their passwords too because of a (possible) attack. If you as admin find a user physically hacking the cafe then act friendly never the less and decide if it makes sense to call the police and maybe safe the traces. As user change all your online passwords too. ( email and so on ) Delete or better *wipe* private data from the HD and tell the admin and all users there what happens. If you as user find the admin or a user physically hacking the cafe then (if it is the admin) tell all users what is happening, leave the cafe, decide if you will call the police, safe the traces before and wipe all private data, change all your passwords somewhere else and never visit this cafe again maybe. If it is a user then please him to stop this and tell him that this is a bad idea and tell the admin what happens. In short form: after a broke in: pull the plug, make a new and clean system with bugfixes, patches and updates , make your *whole* system more secure than before and change all passwords, physically and online. 10) REST OF RISC ------------------ The biggest hole in every network, software and system is the human himself. He is programming, hacking, administrating, securing, penetrating, scanning, cracking or whatever. Sometimes you have to trust admins but at least you don't know them. Trust only people you know good enough. Try to use mostly opensource software where you can find the sourcecode to every program and on which lots of people are working for *free* ( A long life to the open source scene! ) to find new bugs and make new updates, patches and stable versions. However, without a look in the "source code" you can't "trust" a ( possible backdoored ) "program" or human. ( "Sourcecode" in the case "human" would be the mindset or soul of the individual. ) ( To hack your source code or better your brain you can do things different - f.e.: turn off TV and keep away from mass media for some days or more time, if you smoke or drink (too much) then stop it for a week or a month or forever, give your money to poor people and SEE the difference - this will have a great and good effect. Meanwhile do other things you like. ) 11) LAST WORDS ---------------- I hope you have learned a bit about security with this paper. These informations here are not only for internet cafes. They should show you how insecure things mostly are and should give you an overview about security as a whole. Please share this information with others if you like it. Try to use your time useful and also try to use the creativity of your brain. You always learn at best by doing the thing you want to learn. And don't forget: Never trust other people until you know them personally really good. This secures your system and your *life* lots of more, doesn't it? The internet is *full* of vipers and liars - many people talk many stuff on the internet to you and others which is often _not_ true. You *better* *keep* this always in your mind. You *better* *never* forget *this*. Many will try to give you a false ID of themself to make you blind or to play with you. Yes, that is true. Some people live a life in the internet as a person they arn't and can NOT be in reality or real life. You better do not waste your time with such unknown people or make some virtual friendships - it can be real dangerous - you better believe it. Internet is a *dangerous* place - there should be warning signs everywhere. You should also always consider with a clear brain what you give to the internet. If you set some personal data into the internet and it is spreading like grass then it is very hard to stop this. So you better avoid giving personal data to the internet - but this is your descision, sure. Say also clear that you have all rights of your stuff - many people think when your stuff is on their site - it is now their stuff, that is really evil. Tip: Do not spend too much time in the internet nor change your real life for a "second ( virtual ) life" in the internet. Do NOT trust virtual reality and do not get lost in cyberspace - it has often its own evil and thumb anomalies because there many people want to be "the boss", "play the boss" or act very antisocial - simply avoid or ignore those people and try to be root "everywhere" you can. Also research everything you can and cut truth from disinfo, this is important. Special thanks to the friendly hacker who helped me with this paper. -- ad: fingerprint: 89A2 50AD 1C0E F14C CE75 772A 8DF9 76B6 5DE0 9BD8 12) MIRRORS ------------- - "http://packetstormsecurity.org/papers/general/ICI.TXT" - "http://packetstorm.syrex.com/papers/general/ICI.TXT" - "http://packetstorm.foofus.com/papers/general/ICI.TXT" - "http://packetstorm.austin2600.net/papers/general/ICI.TXT" - "http://packetstorm.iamthebrain.com/papers/general/ICI.TXT" - "http://packetstorm.blackroute.net/papers/general/ICI.TXT" - "http://packetstorm.setnine.com/papers/general/ICI.TXT" - "http://packetstorm.rlz.cl/papers/general/ICI.TXT" - "http://packetstorm.ussrback.com/papers/general/ICI.TXT" - "http://packetstorm.orion-hosting.co.uk/papers/general/ICI.TXT" - "http://packetstorm.linuxsecurity.com/papers/general/ICI.TXT" - "http://packetstormsecurity.nl/papers/general/ICI.TXT" - "http://packetstorm.digital-network.net/papers/general/ICI.TXT" - "http://packetstorm.dtecks.net/papers/general/ICI.TXT" - "http://packetstorm.wowhacker.com/papers/general/ICI.TXT" - "http://packetstorm.neville-neil.com/papers/general/ICI.TXT" - "http://textfiles.com/uploads/ici.txt" ------------------------------------------------------------------ [ "If War Would Be A Solution -- Freedom And Peace Would Become An ] [ Illusion." ] [ "Talking About Peace And Freedom While Making War Is Like Giving ] [ Poison While Saying It Is Water." ] ------------------------------------------------------------------ [EOF] - End Of File -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFIVsEvjfl2tl3gm9gRAjXfAJ0VNhJNjP2cedvQkfnPGawNYiAjeQCgnrzu lHei4tLEc64G5ZBlHi7MFK4= =dMys -----END PGP SIGNATURE-----