Inside Happy Hacker September 11, 2003 ___________________________________________________________ See the Happy Hacker web site at Firewall or web babysitter program blocks you? Try Still doesn't work? Try entering 206.62.52.30 in the location window of your web browser. ___________________________________________________________ In this issue: New Guide to (mostly) Harmless Hacking New Windows Vulnerability Threatens Internet Help for Home Users Help for Sysadmins Scambusters Newsletter ___________________________________________________________ *** New Guide to (mostly) Harmless Hacking: Browser Hacking Using Search Engines ___________________________________________________________ Because we include lots of screen shots, we are presenting this Guide online at . In this Guide you will learn about: # Finding Music Files without Using Peer-to_Peer Programs # How to Find Password Files # How to Get into a Site that Seems to Be Shut Down # The Amazing World of Cgi-bin # How to Download System Programs # Admin Directories # Checking Email Security # What All This Means for Computer Security. ___________________________________________________________ *** New Windows Vulnerability Threatens Internet ___________________________________________________________ Wednesday, Sept. 10, a new vulnerability in the Windows XP, 2000, 2003 and NT operating systems surfaced. It affects the same DCOM remote procedure call problems that the MSBlaster worm recently abused. When you consider that some people are arguing that the Northeast power blackout might have been partly caused by MSBlaster, and it was recently proved that the Slammer worm disabled a nuclear power plant last January, this latest vulnerability could become a big deal. According to the Internet Storm Center ( and "Several groups are working on an exploit for this vulnerability.... Expect a working exploit to be published and used within the next few days. At this point, you should be able to patch while assuming that the machine has not yet been compromised. However, within a few days this may no longer be the case and you will have to validate the system's integrity." Following are instructions on how you can do your part to protect the Internet from the next Microsoft worm. ___________________________________________________________ *** Help for Home Users ___________________________________________________________ You have three choices for how to protect your Windows 2000 or XP computer. (Windows 95/98/ME aren't affected by these threats.) 1. Go to and use Windows Update. It just takes a few minutes -- unless everyone else is using it (see below for what to do if you can't get through). You can also find security information for home users, complete with screen shots, at: 2. Or you could disable DCOM. This service keeps on turning up with new serious vulnerabilities. Do you really need DCOM on your home computer? It enables computers to run programs on your computer from across a LAN or the Internet. Do you really want this to happen? How about just saying no to DCOM? You can disable DCOM by editing the Registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\EnableDCOM to "N" If you've never used the Registry before, here's how to do it. Click Start--> Run and enter regedit in the box, then click OK. In the left hand pane, click HKEY_LOCAL_MACHINE. Find Software and click it to expand it. Then scroll way down until you find Microsoft. Click on it and scroll way down to Ole. In the right hand panel across from Ole you will see several entries (probably only three). One will say "Enable DCOM" and at the end of the line you'll see "Y". Change that "Y" to "N". Then click File--> Exit and you are done. 3. If you don't like to mess with the Registry, here's how to do it from Control Panel. Control panel --> (In XP switch to classic view if it isn't there already) click Administrative Tools --> Component Services. Double click on this to bring up a folder labeled Computers. Click to open. Unless you are on a network, you will find just one computer in the file. Right-click on your computer and choose Properties. Click the Default Properties tab. To disable DCOM, clear the "Enable Distributed COM on this computer's check box. Click OK. Then reboot. ___________________________________________________________ *** Help for Sysadmins ___________________________________________________________ If your are a Windows sysadmin, you probably already knew about this horror story. You probably already know exactly what you need to do to fix the latest vulnerabilities. However, does your boss understand how much work it's going to take to solve these problems? Marcus H. Sachs, who just left his position as the top computer security expert for the White House to work for the SANS computer security organization, has written a presentation you can use on your boss. Sachs explains, "The briefing is intended for a network geek to use when asking her non-geek boss for overtime." PDF: Power Point version: If your aren't subscribed to the NTBugtraq list, you would have missed invaluable help. The manager of the list, Russ Cooper, has distilled all the most important information from their DCOM/RPC discussions into a single FAQ: It includes: Disabling DCOM - Disabling DCOM on Windows 2000 pre-SP3 - Additional steps for disabling DCOM on Windows Server 2003 - Microsoft's warning about disabling DCOM - List of known applications requiring DCOM or problematic with DCOM disabled Windows 95/98/ME and DCOM Problems with Clusters Windows 2000 SP4 not listed as a "Supported Operating System" Machines with MS03-039 applied appear to require MS03-026 Reports of vulnerabilities over port 80, 443, or 593 - Use of Port 593 - RPC over HTTP End Point Mapper - Use of Port 80/443 - RPC over HTTP or the DCOM "Tunneling TCP/IP" protocol Eeye Digital Security has made a free scanner available that can find computers on your network that need to be patched for this latest vulnerability: ___________________________________________________________ *** Free Scambusters Newsletter ___________________________________________________________ Want to keep up with and help fight all the latest Internet scams? You can subscribe to Scambusters by visiting and filling in the subscription box at: Happy white hat hacking! ___________________________________________________________ Happy Hacker Org is devoted to *legal* hacking! If anyone plans to use any information we provide to commit crime, check out to find out what happens to bad hacker girlz and boyz. You are welcome to join our chat groups at or join our email discussion groups: Linux-for-Everyone-subscribe@yahoogroups.com Moderator: Debbie, zzz_debbie@yahoo.com hh-unix-subscribe@yahoogroups.com Moderators: Phil Dibowitz phil@ipom.com and Tom Massey hhwindows-subscribe@yahoogroups.com Windows moderators: John Demchenko and Michael Devault hhnetwork-subscribe@yahoogroups.com Moderator: Tanvir Ahmed hhprogramming-subscribe@yahoogroups.com Moderator: Tanvir Ahmed Clown Princess and Grand Pooh-bah of Happy Hacker Org: Carolyn Meinel, cmeinel@techbroker.com, (505)281-9675 To unsubscribe from this group, send an email to: happyhacker-unsubscribe@egroups.com See for hacking news and tutorials. See to see what's new in the latest edition of Meinel's book The Happy Hacker.