I nuke the hackers!
LCC
which I hereby declare to be public domain information. If the places
where it is posted attempt to patent these ideas, then I invite the
governments and operating systems manufacturers to bloody their
heads.
If you think that this advice is worthy of reward, please feel free
to
send a large cash donation certified check to me at :
Lonnie Courtney Clay
3395 Harrell Rd. Arlington TN 38002-4261
I have been thinking about how the internet can be secured ever since
I had an exchange of opinion with "Arcadenut" himself on the forum
Spaces Empire IV at Shrapnelgames.com in 2001. I realized that
Microsoft bashing was unwise unless I could offer solutions to the
problems which I saw. If anything the problems have grown worse while
I was thinking for the past five years. Sorry it took so long to
crystallize the solution. If I had not been drugged down with Haldol,
then I might have posted something like this years ago. As I said in
the title, I hereby launch a full scale pre-emptive nuclear strike
against hackers. Two f-disks in one week have forced me to fork out a
couple thousand dollars for new computers and software "purchased
from
a retail store" for the household. So you could say they I am
severely
perturbed and exacting justifiable retaliation.
The statements below may seem to be advocating a massive invasion of
privacy. I counter with the observation that any business unwilling
to
provide information is very probably engaging in criminal activities.
OSM means operating system manufacturer.
1) If Microsoft is no longer the world's top computer corporation due
to Google's growth, then it is entirely the company's own fault. If
they fail to take a leadership role in the task of creating a secure
internet environment, then I call upon Google to seize the torch and
run like crazy.
2) There is probably a web page providing a list of all the world's
securities exchanges. I will point to it in my next post. Right now I
simply want to point out that leading corporations are listed on
exchanges. By providing the ticker symbol and the exchange upon
which
it is traded on its homepage, then a corporation could have all of
its
identifying data and homepage URL and IP ranges verified by any
visitor who takes a moment to check the website of the exchange as
saved in the user's own bookmarks folder for commonly referenced
exchanges. In the U.S.A. the SEC or FTC or IRS or some similar agency
probably has a list of all legitimate businesses. By providing a web
page for public access giving all of the relevant information
including homepage URL and IP ranges, they would serve the public
interest. Any business website whose URL for its homepage and IP
ranges is not verified by such official sources is obviously a high
security risk and should be avoided like plague and shut down as soon
as detected by internet authorities. Never use a browser which lacks
the ability to display the IP address of the current URL. This is
simply because the ISP could be providing a hoax mirror of the
internet which has a perfectly legitimate URL on the hoax internet.
Because the ISP which I use has been doing precisely that for all web
pages to which I post or frequently visit for quite a while, I say
from experience that you must be alert or just lucky to notice the
hoax. Because I could do nothing about it, I saw no reason to comment
on the subject except for subtle hints. For an example, see the
rec.arts.sf.written group post performed from the hoax CoolSci-Fi
forum as ClayLC where I said "What happened to Google ?" and got a
lame reply. But I am "smarter than the average bear" and was not
fooled at all. I now metamorphose from "a meek mild fly known as
Hiram" to become SUPERFLY. Or if you would prefer that I remain a
roach, then I am now of the hissing roach species. I really
appreciate
the efforts of all who have taken part in the Hoax, such as "Ed
Conrad". I have a bit more difficulty forgiving the others in my
family, but they were doubtless put under extreme coercion. I am
using Microsoft Works Word Processor to prepare this document. I am
thoroughly annoyed by its constant garbling of what I type in. Stop
putting trash-ware on the computers which I use, or I will find a way
to get even. It is quite amusing to watch the nonsense on the cable
TV too. Either the world has become as crazy as I am, or a lot of
effort is being put into this Hoax. One interesting thing to note is
that the package changes little h of the word to capitals. So I
suppose that the masquerade is almost over. If you stop dosing me
with
the witch's brew of drugs, then for exchange I agree to post only on
web pages which are served on the secured mirror version of the
internet.
A typical tactic of hackers is to mirror the website of a company
using an unauthorized similar homepage URL. They put mal-ware items
on
their copy of the website among which the most common are cookies,
which infects any visitor's computer. They sell hacked copies of the
pirated company's products which install viruses . They collect
credit
card data from purchasers and use it for identity theft. Most of all,
they hack the OS browser so that it does not necessarily display the
actual URL of the current website on the user's web browser. They
change browser settings, OS security settings and certificate
information, and sometimes even the registry. They download .dll
packages which install into the OS internet browser and other
operating system files to thoroughly corrupt any computer. All of
these things are made possible because there is no simple way to find
out if a URL homepage found by the search engine is from a
legitimate
company rather than a mirror site of a criminal, or a disreputable
organization. See the suggestions below for further solutions.
3) Communications companies have the phone number and mailing address
of just about everybody in the world. They should provide that data
to
the organizations in 2) so that it can be included in the database.
Anyone who does not allow such data to be collected should be flagged
as non-trusted.
4) Internet service providers know the IP ranges of all their
customers. This data along with the associated URL should be provided
to organizations in 2) . Anyone who does not allow such data to be
collected should be flagged as non-trusted.
5) The internet is secured by certificates. See the lists by
selecting
control panel/ internet properties/ certificates for Microsoft OS
products. The lists which I see for the manufacturer's installed
defaults include many expired ones. There needs to be a worldwide
authority which provides a current list of ALL certificates. It
should
provide files for import replacing the current list on the computer
with the latest version. The OSM's update service should update the
lists every time the computer is booted up when connected to the
internet. If the computer does not display the "system has updated
certificates" notification during the boot-up process when connected
to the internet then the user can easily notice that their computer
has been hacked. A checksum for the current list should be generated
every time the update occurs and at NO other time except as outlined
below. This can be implemented by determining the current webpage IP
and comparing it to that of OSM's update IP ranges. When the user
wants to modify the list then they should NEVER use a shortcut.
Instead they should execute a file by clicking on an executable
placed
on the desktop and nowhere else. An absolutely protected program must
verify that the process attempting to modify the list was loaded from
the desktop and that its checksum matches that of the latest OSM's
update. Each changed list checksum is updated when the user exit's
the modification process.
When a certificate is presented to the OS by a website, its validity
should be traceable back to a current list "trusted root
certification
authority". If the traceability fails or the site has no certificates
then it should be disabled from performing ANY potential mal-ware
operations on the computer regardless of settings. A popup with a
counter should be provided on all browsers notifying the user of any
attempts which are rejected. The information of what was attempted by
what IP should be placed in a log file which is forwarded to a
central
worldwide mal-ware reporting clearinghouse as soon as the current
webpage is changed. The numerical quality of any certificate should
be
indicated in every browser's status bar, with no options whatsoever
to
disable this feature. Mal-ware operations should be numerically
rated.
If an operation exceeds the numerical rating given in the status bar,
then the rating should turn red, notifying the user that a hack is
being attempted. Data about the event should be logged and forwarded
as above. Automatic bots at the central authority should notify a
human operator when an IP exceeds a certain threshold of events so
that action can be taken by the ISP of the site. Any ISP who does not
cooperate with central authority should have their certificate
revoked. When the certificate is revoked, the entire IP range of the
ISP is provided to all OSM for use to update the table of blocked IP
ranges. See 6)
The process which checks certificates must be absolutely secured with
a checksum and modify allowed only by current IP in the OSM's update
IP ranges.
6) All OS must be modified to include a new absolutely protected
security feature which checks the current browser IP against a list
of
blocked IP ranges which is updated every time and only at the time
when the user's computer visit's the OSM's update site.
7) The OSM's update IP ranges should be placed in checksum protected
secure files on the computer. The files must be allowed to change
only
when at an IP in the OSM's update IP range determined from the files.
The checksum of the files in the registry must be protected so that
it
is only allowed to change when the current IP is in the range from
the
files. An absolutely protected and unchangeable process must be
scheduled to always run at a priority depending on the machine's CPU
load which verifies the checksums of all checksum protected data and
alerts the user if any discrepancies occur. A log file must be
generated and if connected to the internet the events should be sent
to the OSM as they occur so that the infected machine's IP range is
flagged as a potential site undergoing mal-ware revision. If the
OSM
is notified then the next time the OSM's update is executed the
entire
operating system should be checksum verified against the version
provided in the most recent visit. Any failed checks must result in
replacement of the faulty information immediately. The repair should
proceed from the most secure components down to the harmless last.
8) Product names are registered trademarks. The agency which
registered the trademark needs to provide the URL and IP ranges of
the
site(s) of the manufacturer so that the manufacturer can be checked
for a list of all authorized dealer's URL and IP ranges who
distribute
the product. The selling of software by anyone not on the list must
be
outlawed except for read-only media bearing the name of the software,
the product manufacturer, the version identification, and the
trademark registration authority information. Every manufacturer must
provide checksums on its website used to verify that the read-only
media contains the specified authorized version of the product.
Operating system manufacturers must provide an absolutely secured
tool
whose executable is located on the desktop for calculation of the
checksums for read-only media.
9) Never deal with any website which does not encrypt the purchaser's
personal and credit card data, or which does not offer the option of
purchasing a read-only media copy of the product.
10) Never deal with any website which downloads a custom installer
permitted to download the product instead of using the browser's
download feature because it will skip the certificate validation
process. Never execute an installation over the internet rather than
downloading an installation wizard or program executable. Report any
website doing such things to its ISP.
11) A central authority must be established which provides the URL
and
valid IP ranges of the ISP website for any given IP address so that
abusive websites can be reported by visitors coming from the site.
12) Never deal with any site whose ISP is not registered according
to
the information available at item 11)
13) A central authority must provide a list of URL and IP ranges for
all sites which have been vetted to request the personal
identification number given on the back of credit cards. Never give
that information to any site which is not vetted. Furthermore a
central authority must provide information to all issuers of credit
cards regarding any companies who promote identity theft by NOT
requesting the PIN of a card. It is then up to each credit card
company to decide if they want to approve any transaction without a
PIN.
14) Never do business with any site whose ISP lacks a valid COA. The
information about the
ISP must be made available in every browser so that it can be checked
before business is transacted. Whatever it takes to implement this
new feature, do it.
15) Every OSM must provide a new security feature which cannot be
disabled and which verifies the checksum of the executing version of
the web browser(s) to verify that it has not been hacked as compared
to the latest update(s) from the OSM. It is absolutely essential that
the reference checksum and the process which calculates it be maximum
security. See previous discussions above on that topic.
16) A new feature must be added to all web browsers which looks at a
web page and finds the information provided giving domain, ISP
range(s), a COA trail, ISP URL, server URL, company name, address,
phone number, and email. All of the information should become
available by clicking on an icon. The ISP and server sites should be
linked to click on so that the data can be examined at their sites
too. If anything questionable is found, or the site is abusive, a
single click should send a message giving the data to the ISP to
alert
them.
17) Central authority for certificates can be queried to verify the
COA trail information by clicking on an icon. This is an essential
highly secured feature which must be added to all web browsers.
18) Do not deal with any site which fails to support 16)
------------------------------------------------------------------------------------------------------------------------------
1) If you ever bought anything from any site which violated the
behavioral rules outlined above, then chances are that you have been
hacked. Sometimes just a visit is enough. While the infection may be
quiescent now, it can cascade into a firestorm within a few days, as
I
know to my regret. The same holds true for anything purchased in a
store unless the store is a major retailer. Having a valid registry
key means nothing whatsoever because the executable may be a hacked
version of the genuine product. Also see 8) above regarding
checksums.
Call stores on the phone to determine whether they have a product. If
so then visit the webpage of the manufacturer to determine whether
the
store is an authorized distributor. "Bargain" copies from
unauthorized
dealers are either pirated or mal-ware infected by criminals.
2) Always register your purchase with the manufacturer so that it can
be determined whether the media is one of many copies cloned from a
single purchased one. If that is the case then you can help stop
piracy by reporting the company which sold you the product. A central
authority needs to be established which punishes cloning businesses.
3) Do not use any email client which lacks the audit trail of routing
data. The client which I was using in 2001 was replaced by one which
no longer gave the information. I knew when that happened that things
were "rotten in Denmark" but chose not to make an issue of it.
4) Do not use any email client which automatically opens the next
message in the queue when the current one is dragged to another
folder. Always require click selection for opening any email.
5) Modify the email clients to display (at user's option) the audit
trail without opening the email so that spam can be
6) Never use a shortcut to perform your OS update. Instead of doing
that you should enable automatic updates and then restart while
connected to the internet. The very first thing that a hacker does
after modifying windows explorer is download his own version of the
OS update executable which goes to a hacker site to replace the
critical OS functions. Then the shortcuts are hoaxed to use the new
versions rather than the genuine OS software. On second thought the
very first thing is to hack the firewall if possible. This includes
changing the user's firewall password so that a genuine user cannot
retake control of the hijacked machine.
7) All firewalls need to be revised to prohibit changing the user's
password string while connected to the internet. All firewalls must
be
modified so that they have an internet locking feature. After
engaging
the lock then the password can be changed. All firewalls must provide
the option to prohibit OS processes which are normally authorized to
"pass lock" from functioning if selected. All firewalls must have a
self defense function which exerts the utmost effort to prohibit any
other functions from changing controlling settings and other
firewall
data. Never activate the firewall executable by clicking on a
shortcut. Navigate your way to the file and open it up instead. A
bogus shortcut(s) is another thing down early by hackers.
8) All software which is authorized to perform privileged functions
must be modified only by the OSM or other manufacturer's authorized
update ISP range(s) by download. Those addresses must be the second
most secure information after user's passwords.
9) Any email which provides a product key-code must include the data
in item 16 above. Examining the data is the responsibility of the
purchaser. The audit trail of the email should be checked to verify
that the source is really the manufacturer. Hackers can send email
too, and their key codes are perfectly valid for the hacked product
downloaded from their site.
10) Email audit trails should include a current COA quality level for
every stop along the way. If they do not now, they should in the near
future. This will permit the email recipient to judge whether the
email might have been hacked in its journey.
11) Email clients should also have the option to automatically delete
any email received which was processed by a server with a revoked or
no COA. The display of emails in the list should include for each
email a quality rating of the routing based upon the LOWEST quality
found. A filter option of the user should allow automatic deletion of
any emails whose quality falls below a selected level.
12) For a couple of months I had four emails in my folders which were
infected yet were not visible to the user. That should have been
impossible. Fix it......
13) As with the internet browser, the email client should be a high
security software item which can only be modified by updates from the
manufacturer's IP range. Include an icon in every email client which
performs an automatic update when clicked.
-----------------------------------------------------------------------------------------------------------------------
The following are observations which I made of the hacked computer
which was infected as soon as I used window's explorer and was
connected to the internet.
1) The file EXPLORER.EXE-082F38A9.pf changed my firewall password. I
found it in the folder C:\\windows\Prefetch size was 24.3 kb.
2) I looked at a couple of other things then looked into the folder
again. The file was gone and was not in the trashcan.
3) I was able to change the network lock state of the firewall even
though I did not know the current password. I then did a POR and kept
doing it until the d-link failed to be recognized.
4)The log files of the firewall which I had examined before the
initial unlocking of the internet connection had been deleted.
5) A file expert.dll 4.5.538.1 created earlier in the evening was
accessed when I opened up internet explorer. I presume that it was
downloaded from the Hoax Microsoft update web site.
6) In Zone Alarm folder repair. I attempted to use vsmon.exe and was
told that I could not because SSEAY32.dll was not found.
7) When I checked, folder rollback was empty.
8) An object "internet Explorer" on the desktop was not visible using
windows explorer. When I moused over it, nothing was displayed by
popup. The case was the same for objects "My Documents" "My Computer"
and "My Network".
9) In the "my documents" folder was a file called zapsecurity.xml
created right after I activated internet explorer.
10) In the zone alarm folder I attempted to open a new execution of
zone alarm.exe Nothing happened.
11) There is a new object on the desktop called "Control Panel" see
8).
12) Under Startup Control Panel there are 6 objects shown. Windows
explorer shows 30. For the 6 displayed objects the options are
Explore/Open/Create Shortcut,. For the others the options were Open
or
Create Shortcut. Finally the object "folder options" also has "run
as"
and "Windows Cardspace" says open/ cut/ Create Shortcut/ Delete.
13) When using windows explorer I clicked on c: and was told "These
file3s are hidden". I clicked on show folder contents and was
obliged.
14) When I moused over the Windows folder it showed something
different each time. That was the only object shown.
15) Under documents and settings I expanded all users then current
user. When I selected current user the all users folder was
automatically compressed back to "+".
16) Under all users start menu there were four shortcuts and programs
folder. For current user start menu there was only programs folder.
17) But when click on taskbar start there were a bunch of innocent
sounding objects in the list : Internet/ Email/ Windows Update/ MSN/
Windows Media Player/ Windows Messenger/ Tour Windows XP/ Files and
Settings/ Wizard.
18) I tried the Microsoft Help and Support button, nothing happened.
19) Zonealarm pro alerts started popping up. I did a restart.
20) Without the user icon appearing, the boot automatically continued
onward.
21) When I tried shutdown it said "saving your settings" and failed
to
shutdown. Eventually I did a POR.
22) Once again no pause to see if I would click my icon for startup.
When I selected help and support again it opened it up and there were
no alerts.
23) In Ask for assistance, clicked on get support or find information
in windows XP newsgroups ;
24) Alerts started popping again. I experimented for a while but
nothing particularly noteworthy happened. So I selected shut down and
this time it did.
25) Once again no pause for user icon click. This time the d-link was
found so I said shut down and it hung up on saving settings until I
did a POR.
26) I looked for a phone number to call in Microsoft Help and
Support.
No soap.
27) Opened windows explorer again. This time when I clicked on C: it
just opened it up.
28) The folder expansion on a different folder minimizing previously
selected as in 15) above no longer occurred.
29) Start Menu folder for all users now has sho0rtcuts for Microsoft
Update/ Set Program Access and defaults/ Windows catalog/ and
Windows
update. The taskbar start shortcuts displayed are now Windows update/
MSN/ Windows media player/ Windows messenger/ tour windows XP/ Files
and settings transfer wizard.
30) By now I had grown tired of the game and just turned the computer
off. It is available for analysis, but since the entire exercise was
just part of the hoax, I see no point to it. I conclude that the
corruption is a user activity driven gradual evolution rather than a
complete metamorphosis when the window update is performed. As an
intelligence test it sucked. DO I PASS ???????
------------------------------------------------------------------------------------------------------------------------------
I first became interested in encryption in the third grade when I was
in the program for academically talented students. The English
teacher
Mrs. Dowd discussed how it would be easier to remember things if you
used a mnemonic associative memorization technique. Since I was more
interested in hiding things, I decided to use the music which always
plays on multiple channels in the background of my consciousness to
go
her one better. Context triggered mnemonic associative management. I
present below a selection of mnemonic strings which are expanded
recursively in infinite progression, until I find what I am looking
for by thinking of a key which matches the current music channel, or
I
lose patience whichever comes first. The selection is designed to
make
you break sweat, your hair stand on end, and your heart thump. Enjoy!
You say that you did not think to retain records of what was taught
in
those special classes ? Too bad, so sad, drop dead....
able - anonymous bastard's living executive * boat - becomes only
another timeout * cat - create another task * dog - decides orders
good * eat - executive alternatives trainer * fin - finding interrupt
names * gap - getting alternative processes * hive - hidden
interpreter values executive * ice - interrupt console execution *
jet
- justify execution tables * kill - keep interpreter's level low *
lag
- lexical abort generated * mop - monitor overlain processes * nut -
next user's table * oil - overcome inconsistent labels * pan -
pulling
another name * quote - queue user's overlay table executive * rub -
real-time universal businesses * sad - setting any device * top -
task
overlay processor * use - until special events * van - verify another
nucleus * wet - working events tables * yawn - yet another worthless
name * zoo - zookeepers *only* online. ********** I have millions of
them - mnemonic generation is a background process running over forty
years now **********
Typical lcc strings - labor can't change, lacy colored curtains,
laden
caravel cruises, ladies come closer, lags cut corners, laid current
cable, lakes come clean, lame crippled cretins, landing chopper
crashes, Laotian cannibals cheer, lapel's curvy corners, largest cash
charges, lasting cookies crumble, latest carrying costs, ***laughing
crazy coot***, lavatory cleaning costs, lawless criminals cringe,
laxative cleans colons, laying chickens cackle, lazy cussing
character, /// likes choice cuts, lord's computer console, let's
crucify Christ, last chance channel, lousy career choice
There are tens of thousands from my full name alone : have this
specimen
Lonnie - librarian's oversight networking notices interface executive
Courtney - creation overlay's universal realities transformational
nexus eternally youthful
Clay - *** crowds laughing at you ***
Candy leaves aftertaste yaks/ yams/ yanked/ yaps/ yard/ yaw
Cable layers always young/ cancelled liberty allowance yelp/ cad
lovers always yell/ caftan looks all yellow
Roach - really only another crazy halfwit / virus - virtual
interfacing reality universal services / Trojan - teacher's reality
overseer jammed our network/ spam - special partition analysis
mechanism /stupid - specialist's trying universal processing
interface
device / dumb - diagnostics until meeting begins / bash - beginner's
analytical shell handler / bash - bargain analysis service's
heuristic / hack - has all console keys
Expired old passwords -
jolly swagman - jumped onto last level yesterday / stupid world
aggravates games masters / making aggravating noises
Jackrabbit - just another crazy kid / really awesome bastard/ became
interested today
Finally consider this one inspired by "Hitchhiker's guide to the
galaxy". Like him, I have brains the size of planets. I just hide
them
in places undetectable in this universe in this reality. A ridiculous
delusion ? Make it worth my while and I will teach you some
cryptographic algorithm. You could learn quite a bit about sorting if
any of you thought to keep a copy of the "splash - selective
parenthesis locater and string handler" software which I wrote for
the
Commodore Amiga 1000 in the 'C' language. Or about 'chord' generators
which I wrote later on as 'music' in 1991-92. When I was in the USAF
in 1973 I scored 93 on the EDPT. I was told that it had a mean of 20
and standard deviation of 14. Chew on THAT a while turkeys!
Marvin - Manager's alternative reality virtual interface necessary
The - Taking hold externally
Robot - Recovering overlain baseline oversight task
*Running Hot Today *
Visit Google group :
Lonnie Courtney Clay