The most recent issue of Hack This Zine has just been released. If you
want to grab a paper copy, you can do so at the upcoming Portland
Anarchist Bookfair, print one yourself, or order one from Oly Hackbloc.

Hack This Zine is a zine about hacking, electronic civil disobedience,
computer culture, and computer security. Overall, it's bad-ass and you
should read it.

Grab it at https://hackbloc.org/zine

Get off the internet, we'll see you in the streets

Moxie of  Thoughtcrime.org has release a tool is able to recreate SSL pages with none of the security

First, arpspoof convinces a host that our MAC address is the router's MAC address, and the target begins to send us all its network traffic.  The kernel forwards everything along except for traffic destined to port 443, which it redirects to $listenPort (10000, for example).

At this point, sslsniff receives the client connection, makes a connection to the real SSL site, and looks at the information in the server's certificate.  sslsniff then generates a new certificate with an identical Distinguished Name and signs it with the end-entity certificate in $certificateFile.  sslsniff uses the generated certificate chain to do a SSL handshake with the client and proxy data between both hosts (while logging it, of course).

According to Forbes, Marlinspike was able to "grab passwords to 117 e-mail accounts, 16 credit cards numbers, seven Paypal logins and about 300 other logins to supposedly secure sites ranging from Gmail to Ticketmaster to Facebook." We congradulate moxie is his finding and want to throw out to him and anyone else who has a cool project to please submit it to the next hackthiszine.

Corporate Article Here: Forbes.com

Download the software here: SSLsinff

On tuesday, February 9th, German hacktivists took over the website of the German interior minister,  Wolfgang Schäuble,  in a protest against new German wiretapping and data retention laws.  They replaced the site with links to a protest site: http://www.vorratsdatenspeicherung.de/.  The site was hacked by using a dictionary attack against the typo3 cms the website was using the password turned out to be 'gewinner' or 'winner' in english.  The hack only lasted a couple hours before it was taken down, though the website remained unaccessible for wednesday. 

Some of you may remember that the Chaos Computer Club hacked Wolfgang Schäuble last year by putting his fingerprints online in a protest against the use of biometrics in passports. 

This is a pretty awsome hack that just about anyone could do.  The RFID reader he uses runs about 2,000 dollars though.  An easy way to prevent this tack is to get an rfid sielding wallet and passport case, or make one yourself!

A logic bomb allegedly planted by a former engineer at mortgage finance company Fannie Mae last fall would have decimated all 4,000 servers at the company, causing millions of dollars in damage and shutting down Fannie Mae for a least a week, prosecutors say.

Unix engineer Rajendrasinh Babubha Makwana, 35, was indicted (.pdf) Tuesday in federal court in Maryland on a single count of computer sabotage for allegedly writing and planting the malicious code on Oct. 24, the day he was fired from his job. The malware had been set to detonate at 9:00 a.m. on Jan. 31, but was instead discovered by another engineer five days after it was planted, according to court records.

Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae's massive data center in Urbana, Maryland, for three years.

On the afternoon of Oct. 24, he was told he was being fired because of a scripting error he'd made earlier in the month, but he was allowed to work through the end of the day, according to an FBI affidavit (.pdf) in the case.  "Despite Makwana's termination, Makwana's computer access was not immediately terminated," wrote FBI agent Jessica Nye.

Five days later, another Unix engineer at the data center discovered the malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m. Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company's monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes.

"This would also destroy the backup software of the servers making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin," wrote Nye.

As a final measure, the logic bomb would have powered off the servers.

The trigger code was hidden at the end of the legitimate program, separated by a page of blank lines. Logs showed that Makwana had logged onto the server on which the logic bomb was created in his final hours on the job.

Makwana is free on a $100,000 signature bond. His lawyer didn't immediately return a phone call Thursday.

Someone in Austin, Texas hacked a construction road sign to warn motorists of zombies on the road ahead. Of course, they threw in a Call Of Duty: World At War reference as well.

And though it is a class C misdemeanor, it seems that the trick is actually rather easy to pull off. Gizmodo informs us that while most control pads for road signs are inside of lockboxes, the boxes are rarely locked and the passcodes used to protect the signs from hacking are usually the default "DOTS", or can be reset easily by holding down "shift" and "ctrl" while typing "DIPY" (this will change it back to "DOTS").

With only about a month left there is still time to have fun with regular tv broadcasts! I came up with this little hack last night, and i'm still amazed!

Materials:

Walkie Talkies:

My girlfriend got these from a white elephant gift exchange. Found at walgreens on sale for 3 packs for $11.98

Read on for the rest

A group called Hackers For Total Liberation is claiming responsibility for sending a computer virus to several UC Berkeley animal researchers who are responsible for the vivisection of animals for 'scientific' tests.  The group made this press release:

"UC Berkeley vivisector Ralph Freeman and all of the current lab members in Freeman's Visual Neuroscience Lab (http://neurovision.berkeley.edu) were sent a trojan horse virus embedded into email. This virus is designed to completely wreck their computers while leeching all vital personal information they've ever entered into their systems. It is time to buy new computers, and after that, save yourself the hassle that will follow and get the fuck out of this cat killing lab. The lab where kittens as young as six weeks live in daily fear and trauma from the violence that you are responsible for. The cats in stereotaxic devices with holes drilled into their skulls are what drives us and we will do anything to end your torture. We've read the past communiques where other anonymous activists have visited Freeman's home and broken windows, with this action we want to send the message loud and clear that those who torture non-humans to death are not safe at home nor at work. We will go on the offensive against every form of oppression that surrounds; whether it be racism, sexism, homophobia, or speciesism. In addition to Freeman (freeman [at] neurovision.berkeley.edu), we sent the virus to Brian Pasley, Thang Duong, Elena Allen, Nina Yang, Lars Eric Holm, BaoWang Li, and Ahalya Viswanathan. This action is dedicated to all those fighting for primate freedom at UCLA and all those who have taken action as of late against the animal murder industries in Central and South America. It is for the billions of animals currently enslaved."

This is an interesting development and we have to wonder if more animal rights activists will take this road.  Of course a more interesting virus might be one that slips in a fake order to stop all animal testing immediately and release all the test subjects.

For more info: http://directaction.info/news_dec09_08.htm