count:49 items/12/26/98

Wired, Chris Oaks (chriso@wired.com)

12.11.1998   http://www.wired.com/news/news/technology/story/16775.html highlights our pilot wardialer project and quotes Kingpin, "But as with most software and hardware trickery, the goal is not an actual break-in or theft, the L0pht said. It's the thrill of the hunt that matters. "It's just to prove that it can be done," said one L0pht member calling himself Kingpin.

godzilla crypto tutorial, Peter Gutmann (pgut001@cs.auckland.ac.nz)

12.10.1998   The slide show ( http://www.cs.auckland.ac.nz/~pgut001/tutorial/), highlights our older version of l0phtcrack's capabilities and mentions many l0pht published Buffer Overflows. A long, detailed look at crypto cracking published in Acrobat as a series of slides.

(Croatian) Playboy, unknown

12.01.1998   HACKERS - KEYBOARD RENEGADES (original title: Hakeri -odmetnici sa tipkovnicom) references l0pht according to http://help.ims.hr/news/archive7.htm.

.Net, Ian Harris (ian-harris@usa.net)

12.01.1998   No-one is more tuned in than Boston hacking group L0PHT Industries (http://www.l0pht.com/), which resckons it could have the whole internet belly up in 30 miniutes flat.

Wired Print Edition (Rants & Raves), author undocumented

12.01.1998   In the "Rants & Raves" section of Wired December 1998 there is a letter entitled "Lessons from the Underground" who gave a positive response to the Barney article.. He commends L0pht and compares us to Steve Wozniak!

Microsoft Knowledge Base, unknown

11.12.1998   ID: Q176697 CREATED: 12-NOV-1997 MODIFIED: 19-OCT-1998 Microsoft has posted a fix to protect Internet Explorer customers against a potential problem known as the MK Overrun issue. This issue can cause Internet Explorer 4.0 or 4.01 to stop responding (hang) when a malicious Web site uses a "mk://" Web address that contains more characters than Internet Explorer supports. These extra characters could form a malicious executable file that could be run on your computer. This issue was originally reported on the following Web site: http://l0pht.com/advisories.html.

Salon Magazine, Richard Thieme( rthieme@thiemeworks.com)

10.27.1998   L0pht is mentioned in the feature of the day on Salon Magazine's web site. Its the "midnight basketball league for restless hackers".

Lotus, unknown

10.19.98   Lotus Responds to Another L0pht Advisory: Domino security update, another descent Lotus response

TechWeb/Computer Reseller News, Lee Copeland

10.17.98   New Security Breach Reported In Domino. Is the industry starting to see L0pht as "a group dedicated to identifying software bugs" as this author does? That would be like viewing GE as a lightbulb company.

Enterprise Computing/Wired/CNet, Erich Luening (erichl@cnet.com)

10.16.98   A glitch in Domino? Enterprise Computing sites "Bug-busting group L0pht" on eCommerce security.

Mass Hightech, Dyke Hendrickson (DHendrickson@masshightech.com)

10.07.1998   Despite lofty ambitions, L0pht may have been misunderstood One of the authors of a previous Mass High Tech article, "Think your site's safe? Think again, pros say", Dyke Hendrickson, has a new article to fix some of the mistakes he made in it that were derogatory to Dr. Mudge and the L0pht. We appreciate the effort he has made to undo some of the inaccuracies and poor journalism of the orginal article but we find that there are some things that need to be clarified. To this end we have penned this rebuttal redux.

Shift, Unknown

10.01.98   Hackers go to Washington (page 33) A German Internet magazine prints a super composite version of our Senate testimony that jumps around quite a bit but manages to quote Mr. Mudge, Mr. Space Rogue and Mr. Weld Pond.

WinNT Magazine, R. Franklin Smith (rsmith@montereytechgroup.com)

10.01.98   Protect Your Passwords (page 127) http://www.winntmag.com/magazine/article.cfm?ArticleID=3844 (ARTICLE NOT YET ONLINE)

WinNT Magazine, Sean K. Daily (sean@ntsol.com)

10.01.98   NT Server Security Checklist, Part 2 (page 135) http://www.winntmag.com/magazine/article.cfm?ArticleID=3846 (ARTICLE NOT YET ONLINE)

Mass Hightech, Dyke Hendrikson (DHendrickson@MassHighTech.com) and M.A. Nelen (MNelen@MassHighTech.com)

09.22.1998   Think your site's safe? Think again, pros say Dr. Mudge joined a panel discussion on computer security recently at the Boston meeting of the Association of Internet Professionals. A local business paper sent a reporter to cover the event. Their report, Think your site's safe? Think again, pros say got the facts about Dr. Mudge, the L0pht, and hackers seriously wrong. We have sent them a rebuttal. We encourage you to let your comments be known to the authors, DHendrickson@MassHighTech.com and MNelen@MassHighTech.com who don't seem to have any clue what they are writing about.

ZDNet, Michael Surkan (Michael_Surkan@zd.com)

09.02.1998   Hackers' barks are worse than their bites Ziff-Davis has published a commentary by Michael Surkan in PC Week entitled, "Hackers' barks are worse than their bites". The article discusses the similarities between hackers and terrorists and how Cult of the Dead Cow's Back Orifice is like a terrorist's weapon. Since ZDNET has a "talkback" section Weld Pond thought he would give his own comments about the article. It took a while but after posting this on our web site his comments appeared. We urge you to make your own comments to this commentary.

Maximum Security, anonymous

09.01.1998   Sams; ISBN: 0672313413 includes mention of L0phtcrack.

Boston Globe, TODD WALLACK

08.30.98   Techno terrorism: U.S. feared ripe for cyberattacks The Boston Herald has written an article on Techno Terrorism with input from government officials, Dr. Mudge from the L0pht, and Lance Urbas, a Vice President at Axent Technologies. It surprises us that Mr Urbas thinks everything is hunky dory. Especially when his company sells security products! Here is what he has to say: Lance Urbas doubts L0pht could shut down the Internet. At most, he says, they could flood it with disruptive traffic. And the Pentagon and others keep classified data on separate, secure networks, he points out. "There is no immediate threat to national security," said Urbas, a vice president at Axent Technologies Inc. in Waltham. We would just like to point out that if someone was to penetrate a classified network you wouldn't know about it because the penetration report would itself be classified. Also, if there is no threat to national security why are all these new government agencies being set up to try and secure government systems such as the FAA and the State Department?

CNN, Ann Kellan

08.18.98   Guarding Clinton's testimony from hackers Kingpin takes to the airwaves to let the public know about Tempest monitoring and how even the President's testimony is vulnerable. Stay tuned for a L0pht relase concerning this technology.

CNET News, Erich Luening

08.07.98   Lotus: Notes glitch is not a bug, Continuing to follow L0pht and Lotus...

Improper Bostonian, Pamela Ferdinand

07.01.98   The Improper Bostonian ran a 6 page print artical (pgs., 22-27) entitled, "The L0pht, Cyber Patrol, A group of young computer experts by day turns into a formidable hacker agency at night. And it's all for your own good."

WinNT Magazine, Sean K. Daily (sean@ntsol.com)

07.01.98   NT Server Security Checklist, Part 1 (page 151) ... "The latest version of L0phtCrack is Microsoft's worst nightmare and every NT administrator's new best friend. It lets you run (in the background, if desired) dictionary-based and brute-force attacks against LanMan and NT hash codes. It even includes a network sniffer tool that can grab user logon authentications (including LanMan and NT hash codes) as they occur on the network. L0phtCrack is a powerful tool that needs to be part of every NT administrator's toolkit."

Infoworld, Stuart McClure & Joel Scambray.

06.01.1998   Information World Electric runs the story, "It's about time to get cracking on Windows NT password security". It pits L0phtCrack against NTCrack and, of course, L0phtCrack rulez!

United States Senate, Government Affairs Committee

05.19.1998   The U.S. Senate Government Affairs Committee asked all 7 members of the L0pht to testify before them regarding the state of security in this nation's critical infrastructure. HERE is an entire page of what we said and the resulting press to come out of it.

Wired Magazine, Steve G. Steinberg

05.19.1998   Wired's Crucial TECH section gives OpenBSD a plug with an endorsement from the L0pht[w_openbsd1.jpg - MISSING].

ZDNet, Luke Reiter (Luke_Reiter@zd.com)

05.19.98   Dead Cow Def Con Featuring a, " RealVideo interview with the L0pht's Weld Pond and Mudge".

PBS Newshour with Jim Leher, Tom Bearden

05.08.1998   The PBS NewsHour with Jim Lehrer runs a 10 minute segment highlighting several recent events involving penetration of systems ranging from air-traffic control to the public networks of various high-profile government organizations. The L0pht is featured in several parts of this segment along with Michael Vatis of the FBI's new National Infrastructure Protection Center (NIPC), Robert T. Marsh, the chairman of the President's Commission on Critical Infrastructure Protection, Jeff Shiller, Network Manager for MIT, and a sleeping looking Tom Longstaff, head of R&D at CERT. While the other guests seemed highly credible, Tom dispensed with some dillusional counterpoint identifying the hackers as the scape-goats for the irresponsible actions of CERT and the vendors who try to hide their security problems rather than fix them. The transcripts are available via PBS's ONLINE HOUR web site. The transcripts are also available locally.

The Newton Bee, Bob Brand

05.01.1998   Bob Brand of some lame Connecticut based online news resource, runs an article called "Pranks or much worse... Hack Attack" reflecting on current events ranging from the Masters of Download to the Worcester airport intrusion. L0pht shows up as the "good guys" his take on what's going on with all this media lately. Unfortunately, we don't have it online because even though we included full credit, copyright and bibliographical information, along with a link back to the publisher's site AND ONLY included the article he printed about US without OUR permission, they felt that it was against their copyright on the material. We have no problems with the author, only the Editor of this lame publication I will not name.

Chigago Tribune, Susan Moran

04.12.1998   The Chicago Tribune runs an article on "hackers turned computer security consultants" siting l0pht's recent success as a think-tank and recognizing mudge specifically.

Candaian Broadcast Company, author undocumented

04.09.1998, 04.16.1998   The Canadian Broadcast Company aired a program called "NO PLACE TO HIDE" for a weekly news program called "Witness". The two part series is listed as: NO PLACE TO HIDE - Big Brother (Thursday April 9th) NO PLACE TO HIDE - Little Brother (Thursday, April 16th) L0pht appeared in both segments! Those watching CBC on CBUT Channel 2 in Vancouver, BC. saw it per a local schedule but the rest of Canada saw it on those dates. "About 5 years ago, governments and private corporations around the world forged an agreement to share information stored in their computer databases. They are creating a giant web of information about virtually every aspect of our lives. Big Borther and Little Brother can find out anything they want to about us with the flick of a mouse. Our privacy is disappearing, leaving us with NO PLACE TO HIDE"

Washington Post, Pamela Ferdinand

04.04.1998   Pamela Ferdinand of the Washington post found many people (including ourselves) had good things to say about the L0pht. Some include: "'If Windows magazine assigned a writer to crack the security of [Windows] NT, everyone would say it is perfectly acceptable for consumers to be better informed,' said Mike Godwin, a lawyer for the Electronic Frontier Foundation. 'The only difference is these guys aren't publishing a magazine, they are publishing on the World Wide Web.'" "They forced us, well, encouraged us, to be diligent about providing information to our customers about how to protect their environment," said Michael Simpson, marketing director for Novell Inc., a prominent network software provider. "You won't stop hackers doing what they do. The best thing is to use their information to your benefit to make your own product stronger." "'It's like a challenge for them, which is great for us too,' said Karan Khanna, a senior security product manager [at Microsoft] ..." "One member's wife compares the L0pht to a rock band, and the clandestine clubhouse as part 'Animal House,' part NASA".

Yahoo, author unknown

04.01.1998   Yahoo Boston recognizes, "L0pht Heavy Industries - Boston...", as part of Boston's Community. Specifically, as part of the CyberCulture of the Boston area, right up there with the MIT Media Lab, the Cyber District Association and the GNU Project of the Free Software Foundation.

Windows NT Magazine, Trip Styles (trip@winntmag.com)

04.01.1998   April's Windows NT MAGAZINE's "CTRL+ALT+DEL" misses the point that Windows still doesn't accept the notion of a privilidged port which in itself almost deserves an advisory, but Trip Styles at least passes on the brunt of Weld's netcat advisory.

Cisco, author unknown

03.20.1998   L0pht discovers that Cisco Systems, Inc., The "Worldwide Leader in Networking for the Internet" is plaigerising L0pht's material. Notice that they didn't include the copyright at the bottom of our page. Too bad that they don't clue in the administrators to our Cisco type 7 password decryptor for the PalmPilot. Do these guys understand security?

New England Cable News, Scot Yount

03.18.1998   New England Cable News runs a series of stories on the Boston hacker who shutdown phone service for the Worchester Airport. The l0pht was interviewed for insight into the signifigance of this event. The realVideo clips are available from www.necnews.com (New England Cable News web site) for 28.8k, 56k or t1 quality video. If you've never visited the necnnews site and viewed news clips online, you will have to have the RealPlayer available from the folks at Progressive Networks, Inc.. You will also have to choose your connection speed (28k, 56k, t1). We also have them available here: realmedia - 28k connection realmedia - 56k connection realmedia - t1 connection Quicktime - hopefully some time soon!

Microsoft Security, author unknown

03.02.1998   Microsoft issues an official response with their take on what L0phtCrack 2.0 does and does not mean.

Infoworld-e, Deborah Radcliff

03.02.1998   Infoworld's web site and print edition talk about ISP security and consults with Mudge and Weld for their take in "Is your ISP Secure?".

Computerworld, Laura DiDio

03.02.1998   ComputerWorld lets Bruce Murphy, of Coopers & Lybrand and Karan Khanna of Microsoft commend the efforts of the L0pht on their web site.

CNet, Ben Heskett (benh@cnet.com)

02.13.1998   CNet runs down the skinny on the release of L0phtCrack 2.0 on their web site.

Wired Web, James Glave (james@wired.com)

02.13.1998   Wired's Web site runs an apples to oranges comparison of Unix and NT security against our own Weld Pond who shreads Microsoft NT security Manager Jason Garms' arguments.

Network VAR, Gary Kessler (kumquat@hill.com)

02.01.1998   Network VAR does a positive piece on the L0pht.

Inter@ctive Week, Mel Duvall

01.26.1998   Inter@ctive Week sites Lotus as, "Lotus Plugs up Security Hole" in their Domino product.

Lotus, author unknown

01.21.1998   Lotus releases an official response to the L0pht's advisory on Domino.

CNet, Erich Luening (erichl@cnet.com)

01.21.1998   Again CNet recognizes the latest problems the L0pht found in Domino this time.

Wired Web, author undocumented

01.20.1998   Wired's Web Site slams Domino security based on a l0pht advisory released right before Domino 5's release - perhaps they should have sent us an advanced copy and some hardware to run it on instead of having to reburn all those CDs... This story was also run on the Japanese wired site this same day.

ZDNet, Maria Seminerio (maria_seminerio@zd.com)

01.16.1998   ZDNet runs an story on L0pht's advisory on IE 4, a far more damaging find this time around affecting ALL Windows versions.

PCWorld News Radio, Brian McWilliams

01.15.1998   PC World News reviews DilDog's work.

CNet, Alex Lash (alexl@cnet.com)

01.14.1998   CNet recognizes the resurfacing of problems the L0pht finds in IE4, and this time its worse.

Infoworld, Bob Trott

01.14.1998   Infoworld runs a story on the buffer overflow found by the L0pht in IE4.

Wired Web, author undocumented

01.14.1998   Wired's Web site sites us again for the new IE4 findings. This story was also run on the Japanese wired site this same day.

NT Network Security, Strebe, Perkins and Moncur

01.14.1998   NT Network Security by Strebe, Perkins, and Moncur; ISBN 0-7821-2006-7, Printed 1998 by Sybex Books, references L0pht twice: pg 103, Password Cracking tools Password Cracking tools like L0phtCrack (which is provided on the companion CD-ROM) or NT Crack can be used to determine whether or not passwords on your network are strong enough to be "hacker proof". pg 807, Hacking Tools http://www.l0pht.com (that's a zero in l0pht) is the Web site of l0pht Heavy Industries, where the best U.S. hackers still willing to make themselves known hang out. These guys have plenty of room to brag, though--they produced l0phtcrack, the slickest and fastest NT password crack tool out there. There's a really good security advisory that stays on top of the latest NT security issues--required reading. They've got a lot to say about just about everything, and the print media seems to be listening. You should too. Unfortuanately, despite what the text says, L0phtcrack is NOT on the companion CD-ROM.

More Press...