BlackCode Ravers Mailing List Issue 1 http://www.blackcode.com Table of Contents 1.Editorial 2.Latest News about BlackCode 3.Why you should vote? 4.Encryption and PGP 5.Final Words 1.Editorial =-=-=-=-=-=-=-=-=-=-=-=-= Hello subscribers. I'm tHe mAnIaC and I'll maintain the mailing list. As you're subscriber you'll receive: 1.Latest news about BlackCode Ravers 2.Latest Security news 3.Latest news about trojans and anti-trojan software 4.Interesting texts about H/C/P/A and many other things I hope you'll like and find useful. I have one idea for the list.I want it to become something like magazine or newsletter where we post all of the latest news,texts about different things and so on. But we need your help.So if you can write something or help us or suggest something mail me at themaniac@blackcode.com.I'll really appreciate if you do this. I just can't handle all the section I want to include phreaking,cracking and so on but I can't do it alone that's why I'm asking you to help me. I'll also ask you to do some advertizing of the page if you like it.You can put a link on your page or you can tell other people about it.Everyone should know the page. Be ready for BIG update of the page soon with many new texts and files added.All the texts you see here will be also published on the web page. 2.Latest News about BlackCode =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Kung made his first virii for Blackcode (1.1 and 1.2).Check BC-Tech for more info and downloads. Our mailing list has many new subscribers and I'm very happy about that. 3.Why you should vote? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= BlackCode has many visitors per day but most of them are not voting for the page so I decided to write a little text about the voting and what is it.I hope you'll like it and understand what the voting is about and what you'll win if you vote. About Voting by tHe mAnIaC In this text I'll explain you about the "BIG" thing called voting for one page because a lot of people think this is not right and that they'll loose if they vote for some page.I hope you'll understand for what is the voting about and why you should vote.I'll also tell you about LAME pages that fake their votes and their ways of making the people vote for the site. *This guide is for educational purposes only I do not take any responsibility about anything happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision There has been many list established on the net for the best H/C/P/A pages on the net something like rank lists where people can vote if they like the page.Probably the most famous one are located at: www.cyberamy.com www.progenic.com www.blackcode.com These are the places where most of the people go to check for cool sites about H/C/P/A information. When you go to some H/C/P/A site on the net they'll probably ask you to vote for them.You may ask why? Well let's use one example.So some people create one web page and they ask you to vote in this way they can see if the visitors like the page or not,because they won't continue with the page if there's noone that is voting for them.When the web masters see that a lot of people are voting for them they'll make updates of the page and put many and interesting things on it because there will be someone to see them because there's also someone that is voting for them that is expecting updates and new things on the page.That's why the webmasters will make the updates because they won't want to disappoint the visitors that are voting for them. I hope now you understand why you should vote and what you'll win when you vote for the page. But of course you should not vote for page that you don't like. When someone enters in these lists of cool pages he/she will first see what's on the top and the first 10 pages because they're on the top that means that a lot of people are voting for them. The visitor will go to see the page.But NOT ONLY the pages that are on the top are good believe me when you check the small ones that even don't have ONE vote for them I'm sure you'll find something that the big one and these that are on the top don't have.If you find some group you may find their own programs and texts there and a lot of other things you thought are only in the big and the best pages.But this is the net you CAN'T know every page because every day there're so MANY new one made and also new group is being discovered new text has been written and so on.So check every page not only these that are on the top and I'm sure you'll find something useful there. BUT a lot of cool pages are not in these lists because everyone knows about them and they don't want to be on these lists.They're famous and don't want to be there.That's why you shouldn't only think that the pages you see on these lists are the ONLY one on the net with H/C/P/A information. BUT there are so LAME pages on the net that make their visitors vote for them or click on adds and give the lame page money.They just put link saying something like "FREE XXX" or "FRESH TEENS" and just point them to some list you vote for them or make money for them.This is lame and I think such pages shouldn't exist on the net,but they exist.There lists with H/C/P/A sites make anti-cheat gateway that can stop such pages because there you should click once again on one JAVA button to vote for the page and there's also a message saying that if you were tricked you can enter the list WITHOUT voting for the site that trick you.This is cool and very useful if some page make you vote for them. Also they record your IP so can't vote more than once :-) Yeah but there are many list that don't have anti-cheat gateway this is bad because everyone can vote more that one time and the pages can trick the visitors. So I hope you all understand why you should vote and what will you win if you vote. 4.Encryption and PGP by tHe mAnIaC =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This guide is for educational purposes only I do not take any responsibility about anything happen after reading the guide. I'm only telling you how to do this not to do it. It's your decision. If you want to put this text on your Site/FTP/Newsgroup or anything else you can do it but don't change anything without the permission of the author. <--=--=--=--=--=--=--=--=> A word from the author: I hope you like my texts and find them useful. If you have any problem or some suggestion feel free to e-mail me but please don't send mails like "I want to hack the US government please help me" or "Tell me how to blind a trojan into a .jpg" Be sure if I can help you with something I will do it. <--=--=--=--=--=--=--=--=> Table of Contents 1.What is this text about? 2.About Encryption and how it works 3.About the Cryptography and PGP 4.Ways of breaking the encryption -Bad pass phrases -Not deleted files -Viruses and trojans -Fake Version of PGP =--=--=--=--=--=--=--=--= 1.What is this text about? -=-=-=-=-=-=-=-=-= In this text I'll explain you everything about encryption,what is it,PGP, ways that someone can read your encrypted files etc.Every hacker or paranoid should use encryption and keep the other from reading their files.The encryption is very important thing and I'll explain you how can someone break and decrypt your files. 2.About Encryption and how it works -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The Encryption is very old.Even Julius Caesar used it when he was sending messages because he didn't trust to his messengers.You see encryption is everywhere,when you watch some spy film you see there's always a computer with encrypted files or some film about hackers when the feds busted the hacker and they see all of the hacker's files are encrypted. When you have simple .txt file that you can read this is called "plain text". But when you use encryption and encrypt the file it will become unreadable by the time you don't enter the password.This text is called cipher text. The process of converting a cipher text into plain text is called decryption. Here's a little example: Plain text ==>Encryption==>Ciphertext==>Descryption==>Plaintext This example shows you the way when you encrypt and decrypt a file. 3.About the Cryptography and PGP -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Cryptography is science that use the mathematics to encrypt and decrypt data.This science let you keep your files and documents safe even on insecure networks like the Internet. The cryptography can be weak and strong.The best is of course the strong one.Even when you use all the computers in the world and they're doing billion operations in second you'll just need BILLIONS of years to decrypt strong encryption. PGP (Pretty Good Privacy) is maybe the best encryption program to encrypt your files and documents. It work in this way: When you encrypt one file with PGP,PGP first compress the file.This saves you disk space and modem transmition.Then it creates a session key.This session key works with a very secure and fast confidential encryption algorithm to encrypt the file.Then the session key is encrypted with the recipient's public key. PGP ask you for pass phrase not for password.This is more secure against the dictionary attacks when someone tries to use all the words in a dictionary to get your password.When you use pass phrase you can enter a whole phrase with upper and lowercase letters with numeric and punctuation characters. 4.Ways of breaking the encryption -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PGP has been written for people that want their files encrypted for people that want privacy. When you send an e-mail it can be read from other people if you use PGP only the person for who is the message will be able to read it. Now you know many things about PGP and the encryption but you may like to know can someone break it and read your private texts and files.In fact if you use all the computers in the world to decrypt a simple PGP message they'll need 12 million times the age of the universe to break it. You see this is the BEST the encryption is so strong noone can break it. The people that program it has done their work now everything depends on you. -Bad pass phrases ***************** The algorithm is unbreakable but they're other ways to decrypt the text and read it. One of the biggest mistakes when someone writes his/her pass phrase is that the pass phrase is something like : "John" "I love you" and such lame phrases.Other one are the name of some friend or something like that.This is not good because this is pass phrase not password make it longer put numbers and other characters in it.The longer your pass phrase is the harder it will be guessed but put whole sentences even one that doesn't make sense just think in this way: Someone is brute-forcing thousands of pass phrases from a dictionary therefore my pass phrase should be someone that is not there in the dictionary something very stupid like: hEllowOrld33IjustwanTtoteLLtoev3ryon3thatI'maLamErandI'mahacKer666 This is easy to remember because it's funny and there are only a few numbers but you may not use upper and lowercase characters.I hope you know will put some very good pass phrase and be sure noone will know it. Another mistake is that you may write the pass phase on a paper and if someone find it you'll loose it and he/she will be able to read your encrypted files. -Not deleted files ***************** Another big security problem is how most of the operating systems delete files.So when you encrypt the file you delete the plain text and of course leave the encrypted one. But the system doesn't actually delete the file.It just mark those blocks of the disk deleted and free. Someone may run a disk recovery program and still see all the files but in plaintext.Even when you're writing your text file with a word editor it can create some temporary copies of it.When you close it these files are deleted but as I told you they're still somewhere on your computer. PGP has tool called PGP Secure Wipe that complete removes all deleted files from your computer by overwriting them.In this way you'll only have the encrypted files on your computer. -Viruses and Trojans ******************** Another dangerous security problem are the viruses and the trojans.So when you infect with a trojan the attacker may run a key logger on your system. *Note A key logger is a program that captures all keystrokes pressed by you then saves them on your hard drive or send them to the attacker ****************************************** So after the attacker run it he/she will be able to see everything you have written on your computer and of course with your PGP pass phrase. There are also a viruses designed to do this.Simpy record your pass phrase and send it back to the attacker. -Fake Version of PGP ******************** Another security problem is the PGP source that is available so someone can make a fake copy of it that is recording your pass phase and sending it back to the attacker.The program will look real and it will work but it may also have functions you even don't know about. A way of defending of these security problems is to use a trojan and a virus scanner.You should also be sure your computer is clean from viruses and trojans when you install PGP and also be sure you get PGP from Network Associates Inc. not from some other pages. So now I hope you understand that PGP can't be braked but if you use it wisely and be sure your pass phrase is good one,you're not infected with viruses or trojans and you're using the real version of PGP you'll be secure. 5.Final Words =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This was the first big newsletter from us.I'm waiting for your e-mails and suggestions about the list.I'll really appreciate if you can handle some section or help me with other things.You can contact me at: themaniac@blackcode.com I think the idea is good and if many people start helping we'll create something very cool and useful.Be ready for the next issue. Bye for now and best wishes from me tHe mAnIaC List Moderator