Disney's Go Express Search operates an http server at port 1234 without
authentication. Remote users can submit search queries, and view queries
and personal links left by other users. It's possible to access the
configuration interface, which can reveal the e-mail address of the user
who registered it. Configuration settings can be changed remotely to,
for instance, add, remove or alter personal links.

See http://www.mobileunit.org/advisories/001/

Paul A. Houle

Truly security at its finest.

Just finished your article on hacker profiling. Excellent! Very informative and
thought provoking.

Thank you.

Q: In part 3 you told H4gls that you knew who they were. Did you?

Hah, did I ever. In fact, it's rather well known that the man
behind the mask currently works for one of the world's largest security companies ;-)

Recently I stumbled upon the site www.phonelosers.org and listened to some of the calls.

I find it so interesting on how they did some of their things (conference calls, taping lines,,,,the phreaking stuff)
-- Now your site it seems (after watching it for a long time) rarely talks about this part in this world of
knowledge...I don't have any plans of phreaking because of the consequences but I'm very
interested in the hows... was wondering if you had and good site listings or info from
collen card, el jefe or that group...that isn't outdated...

Thank You for the service you provide

- Bob Shaggit

Well, what they do isn't exactly security related for the most part. To
learn more about the "hows" of what they do, go to altavista and search for "how to be an *******". You're
bound to find a site which gives insights into their techniques. If you're interested in some of the history
of "phreaking", you may want to check out our Phreaking Box Archive.

I`d like to post an answer to the guy asking if Sweden was safe on new years eve;
I would think yes. It took me some time to find this, but it may be the answer you are
looking for. I hope it helps you out;

Check out this website:

It has got lots of information, on Sweeden and many other countries around the world.
"Action 2000" is a British site that has links to international pages on 2000-readyness,
and short accounts on what they say for each country. This is the main part of the summary
from the Swedish site: The report states "Critical functions in Swedish society such as
electrical supplies, telecommunications, hot water, waste drainage, transports, food chains,
payment systems and several central authorities as well as most private companies will
function without any serious disturbances during the transition from 1999 to Year 2000".
This evaluation was presented in a report submitted to the Swedish government by Sweden's
Millennium Commission on October 12, 1999. The report adds that there remain "expectations
of minor disruptions". Further details are available on the website.

-Hope this was to some help! (May be good info for others too!)

-Psychotic Illusion®

Excellent link! Thanks for sending it in...

The talk of distributed attack tools is causing quite a stir. Obviously we are
seeing just the tip of the iceberg with what is to come; attacks which involve
factors such as encryption, mobility, stealth, that are under anonymous
control, that update themselves, that use communication to co-ordinate, that are
controlled by hacktivists, cyberterrorists, cybermilitia and, of course,
governments. The Internet is truly becoming the fourth battlefield, built
on top of not just a civilian, but an academic infrastructure.

How do we defend our part of the Internet against information warfare?

Obviously there are more factors involved than just a technical solution;
we need to consider issues of policy, international co-operation and
co-ordination, and administration.

But can we really wait for governments and politicians to solve this problem
when technology increasingly outstrips policy?

With this in mind, Packet Storm poses this question:

What pure or applied technical measures can be taken to protect the
Internet against future forms of attack?

The Kroll-O'Gara Information Security Group and Packet Storm will offer
USD $10,000 for the best technical white paper which defines the problem
and answers the above question. Rules of the competition will be announced
Monday. Winners will be announced at RSA 2000 in January. More information available at

- Alan Bishoff

Uh-oh, Packet Storm hits must not exactly be all that they hoped. Don't worry guys, I took
the hint and gave you a link. Personally, I'd like to see what the hell a $10,000 white
paper looks like.



why do you recommend that someone buy a $96 dollar version of hackers with spanish subtitles?

just a small question seemed odd to me.

- DuG

Porque el mejicano está asumiendo el control nuestro país, y el
español pronto serán la lengua nacional oficial, que es por qué.... BTW: I used
Babelfish to do the translation, so if I just said something nasty or whatever, it's not
my fault.