Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
Hi! Let me demonstrate the proactive security practices of the OpenBSD team at it's finest. http://marc.theaimsgroup.com/?l=openbsd-miscm=106523413529618w=2 Must I spell it out for you? Proactively secure! Since you claim that OpenBSD is insecure beyond believe, then you should be glad that this patch didn't make it (yet). It means one backdoor less, right? Anyways, I don't see why you are so upset about it. Apparently you have never been part of a development team in a larger software project. This kind of stuff is quite normal in such projects. Developers tend to try to cut corners. The price of cutting corners is often payed later. So yes, making the developer follow the process is being proactive. Scriptkids are individuals who involve themselves in the facade of computer security, who don't have any technical background or skills in the area. People who buy into the hype of the buzzword-of-the-day security tools fall into this category. People who develop these tools and believe their merit are also scriptkids. There is a saying: It takes one to know one. BTW, noone cares about your personal problems with Theo. Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
Sorry for the rant, but what's wrong with being anti-social? When i look in bulgarian history, i see that the heroes of today are something-similar-to-terrorist of yesterday. May apply to others countries as well. georgi On Mon, 13 Oct 2003 07:09:21 -0400 Joshua Levitsky [EMAIL PROTECTED] wrote: because they choose not to. Some of these people are damn cool. Some are just anti-social, but that really isn't the norm so far as I can ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
Sorry for the rant, but what's wrong with being anti-social? When i look in bulgarian history, i see that the heroes of today are something-similar-to-terrorist of yesterday. May apply to others countries as well. The term anti-social is used a bit too loosely these days. Gassing a million jews was anti-social. Not wanting to talk to people in general is just filtering. Arrogant at the most, but definitely not anti-social. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
- Original Message - From: Georgi Guninski [EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 12:23 PM Subject: Re: [Full-Disclosure] OT: An odd question that has arrisen within my household Sorry for the rant, but what's wrong with being anti-social? Nothing so much the matter with it, but the anti-social ones I probably wouldn't have met, and if I have met them then I haven't spoken much with them... due to their anti-socialness :) And I much prefered the friends of mine that liked to hang out and such. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
I would add a tier before Tier I that would be hackers that do not believe in full disclosure, do not share exploits outside their close knit circle of friends, do not support the man. A lot of these guys are better than The best of the best, but nobody knows because they don't make themselves public. Maybe you could call it T13r Z3r0 :) Seriously... there are people out there that have tons of free time to learn, and possibly monitor lists like this, and laugh at the silly people that disclose vulnerabilities and share information. They aren't necessarily out doing damage. They just don't play with strangers because they choose not to. Some of these people are damn cool. Some are just anti-social, but that really isn't the norm so far as I can tell. Of the people I've ever met they seem to have personalities, and usually have more going on than I do socially. If you met them you wouldn't think hacker or even know they are in to computers. I dunno... just my observations here in New York City. Perhaps it's different elsewhere. -Josh On Oct 13, 2003, at 1:02 AM, Joel R. Helgeson wrote: Tier I - The best of the best - Ability to find new vulnerabilities - Ability to write exploit code and tools Tier II - IT savvy - Ability to program or script - Understand wht the vulnerability is and how it works - Intelligent enough to use the exploit code and tools with precision Tier III - Script Kiddies - Inexpert - Ability to download exploit code and tools - Very little understanding of the actual vulnerability (launching Linux attacks against MS boxes) - Randomly fire off scripts until something works -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
i agree with your assessment, basically, but: you say these 'uber-hackers' don't believe in full- disclosure, but you say they use it to learn? or, without full-disclosure (or any disclosure at all) they would learn anyway? care to posit some theories as to how? these people have tons of free time, yet a lot going on socially? i find those two mutually exclusive, unless you don't have a job, and job-less twenty- somethings are hardly the most motivated of people. i do grant you that there is a very small quiet minority of very skilled hackers. but they aren't t13r anything because they just do it because they have to, not for l33t recognition. henry Joshua Levitsky wrote: I would add a tier before Tier I that would be hackers that do not believe in full disclosure, do not share exploits outside their close knit circle of friends, do not support the man. A lot of these guys are better than The best of the best, but nobody knows because they don't make themselves public. Maybe you could call it T13r Z3r0 :) Seriously... there are people out there that have tons of free time to learn, and possibly monitor lists like this, and laugh at the silly people that disclose vulnerabilities and share information. They aren't necessarily out doing damage. They just don't play with strangers because they choose not to. Some of these people are damn cool. Some are just anti-social, but that really isn't the norm so far as I can tell. Of the people I've ever met they seem to have personalities, and usually have more going on than I do socially. If you met them you wouldn't think hacker or even know they are in to computers. I dunno... just my observations here in New York City. Perhaps it's different elsewhere. -Josh On Oct 13, 2003, at 1:02 AM, Joel R. Helgeson wrote: Tier I - The best of the best - Ability to find new vulnerabilities - Ability to write exploit code and tools Tier II - IT savvy - Ability to program or script - Understand wht the vulnerability is and how it works - Intelligent enough to use the exploit code and tools with precision Tier III - Script Kiddies - Inexpert - Ability to download exploit code and tools - Very little understanding of the actual vulnerability (launching Linux attacks against MS boxes) - Randomly fire off scripts until something works -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
Anyone who works on the OpenBSD project (except those many developers who only sign up to add subtle backdoors to the code as a joke) is a scriptkiddie. Anyone who buys into the hype that OpenBSD is proactively secure is a scriptkiddie (unless their perspective on proactive security is fixing various bugs they introduce when someone else points them out). Let me demonstrate the proactive security practices of the OpenBSD team at it's finest. http://marc.theaimsgroup.com/?l=openbsd-miscm=106523413529618w=2 Must I spell it out for you? Proactively secure! Scriptkids are individuals who involve themselves in the facade of computer security, who don't have any technical background or skills in the area. People who buy into the hype of the buzzword-of-the-day security tools fall into this category. People who develop these tools and believe their merit are also scriptkids. OpenBSD, the proactively scriptkid friendly operating system. We know our target audience and their needs. -Theo --- Whitehat by day, booger at night - I'm the security snot. - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - --- On Sun, 12 Oct 2003, Matt Carlson wrote: These question is off topic, I realize this, but please bear with me. 1. What exactly defines a script kiddie? 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? 3. Does it make you a script kiddie because it is a means of exploitation? Matt Carlson ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Oct 13, 2003, at 9:37 AM, henry j. mason wrote: you say these 'uber-hackers' don't believe in full- disclosure, but you say they use it to learn? or, without full-disclosure (or any disclosure at all) they would learn anyway? care to posit some theories as to how? They use FD to just watch what is going on. Not to learn per-say. Just to watch how the wind is blowing in computer-land. And they would learn without FD because they try things on their own and they work with their friends to test theories, but then keep it to themselves and use the information to gain social status among their groups, and have no care about social status among those of us that have sold out. these people have tons of free time, yet a lot going on socially? i find those two mutually exclusive, unless you don't have a job, and job-less twenty- somethings are hardly the most motivated of people. All I can say is I have met some very smart people in my past that have managed to hang out in the cool places and hang out with the cool people and still they somehow can find the time to learn more about almost every aspect of technology than I have been able to. Of course I could be not bright, but my work experience has told me I'm at least smarter than a lot of people in the industry. i do grant you that there is a very small quiet minority of very skilled hackers. but they aren't t13r anything because they just do it because they have to, not for l33t recognition. I agree 100% that they don't do it for public recognition, but inside their social group they gain status because of knowledge. Again... this is just my opinion and my experiences here in New York City... and experience has told me that what is true in NYC is not always true for anywhere else so perhaps elsewhere in the world I'm completely off-base. ... and that is a-ok. -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] OT: An odd question that has arrisen within my household
Hi Henry, I have to agree with Josh on this one. Basically you admit to not having any first-hand experience with the real underground. This shows from your comments. There are alot of lowkey collaborations of people who research and exploit vulnerabilities for the pure joy of solving the puzzle. And that feel no further obligation to the community at large. Then there are those who research and exploit vulnerabilities to, oh no, hack systems. It amuses me that alot of people refuse to accept that intelligent people don't always seek the limelight. That for alot of us hacking is still about having fun with your friends and mental stimulation. People that aren't out to make the world a better place or make a bundle in the info-sec industry. It's the inherit arrogance of full disclosure that assumes that the one to bring it to the public's eye is the one to have first found the issue. This is a limited view. To assume people can only learn via publicly available information is to take the availability of this information as a given. You are assuming that the information posted is the only way someone else can learn. How do you think these techniques were developed in the first place? When you force people to be creative by not providing them with set answers, that's when real innovation is born. Small example: the get_sp function exploits even today are using. Just because aleph1 used it in the mother of all leaks. And even though using such a guessing methodology is complete nonsense on local stack overflow exploits, people are still using it because full disclosure claimed it was the way it should be done. There are close-knit collaborations of private research teams. And that is where the true knowledge lies. A place that is one step up the foodchain. For someone to fully disclose something they first have to aquire that very something. Saddly most of the full disclosure we see today is the result of someone being sloppy with private research. So people like HD Moore can wrap their ethereal dump in some perl and present the world with yet another worm-threat. With regards, Mitch henry j. mason [EMAIL PROTECTED] Mon, 13 Oct 2003 09:37:09 -0400 i agree with your assessment, basically, but: you say these 'uber-hackers' don't believe in full- disclosure, but you say they use it to learn? or, without full-disclosure (or any disclosure at all) they would learn anyway? care to posit some theories as to how? these people have tons of free time, yet a lot going on socially? i find those two mutually exclusive, unless you don't have a job, and job-less twenty- somethings are hardly the most motivated of people. i do grant you that there is a very small quiet minority of very skilled hackers. but they aren't t13r anything because they just do it because they have to, not for l33t recognition. henry Joshua Levitsky wrote: I would add a tier before Tier I that would be hackers that do not believe in full disclosure, do not share exploits outside their close knit circle of friends, do not support the man. A lot of these guys are better than The best of the best, but nobody knows because they don't make themselves public. Maybe you could call it T13r Z3r0 :) Seriously... there are people out there that have tons of free time to learn, and possibly monitor lists like this, and laugh at the silly people that disclose vulnerabilities and share information. They aren't necessarily out doing damage. They just don't play with strangers because they choose not to. Some of these people are damn cool. Some are just anti-social, but that really isn't the norm so far as I can tell. Of the people I've ever met they seem to have personalities, and usually have more going on than I do socially. If you met them you wouldn't think hacker or even know they are in to computers. I dunno... just my observations here in New York City. Perhaps it's different elsewhere. -Josh On Oct 13, 2003, at 1:02 AM, Joel R. Helgeson wrote: Tier I - The best of the best - Ability to find new vulnerabilities - Ability to write exploit code and tools Tier II - IT savvy - Ability to program or script - Understand wht the vulnerability is and how it works - Intelligent enough to use the exploit code and tools with precision Tier III - Script Kiddies - Inexpert - Ability to download exploit code and tools - Very little understanding of the actual vulnerability (launching Linux attacks against MS boxes) - Randomly fire off scripts until something works -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Mon, 13 Oct 2003 07:25:32 PDT, security snot said: Let me demonstrate the proactive security practices of the OpenBSD team at it's finest. http://marc.theaimsgroup.com/?l=openbsd-miscm=106523413529618w=2 Must I spell it out for you? Proactively secure! Odd. All I see there is Theo saying that he's deleted the patch and taken control because it DOES matter, and that the guilty party is free to resubmit the patch *done correctly* (i.e. with all the proper documentation/commentary). And yes, that's being *PRO*actively secure. Theo isn't letting crap into the tree unless there's a proper audit trail and documentation. Yes, there may be some really good reason that the person feels this fix has to go out RIGHT now, but said person isn't balancing it can wait 2 frikking hours while the paperwork gets done *right* and 3 years from now the lack of paperwork will come back and bite them on the collective ass. Yes, Theo can be an abrasive asshole when he wants to. But in the cited article, he's in the right. pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
i do grant you that there is a very small quiet minority of very skilled hackers. but they aren't t13r anything because they just do it because they have to, not for l33t recognition. henry the numbers are actually alot more than a minority and they dont come out because of trolls and the private selling of exploits, and vendors wont respond anyway. A few (minority) are finally peeking thier heads out, dont drive them away again or we will be faced with more dangerous exploits distributed only privatly instead of being disclosed. Donnie Werner http://e2-labs.com and elsewhere Founder http://nothackers.org == 0day Freedom of Voice -=- Freedom of Choice == ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Mon October 13 2003 09:25, security snot wrote: Anyone who works on the OpenBSD project (except those many developers who only sign up to add subtle backdoors to the code as a joke) is a scriptkiddie. Anyone who buys into the hype that OpenBSD is proactively secure is a scriptkiddie (unless their perspective on proactive security is fixing various bugs they introduce when someone else points them out). No remote root access on install: No users, no root login. How secure. You know, as an added precaution, you could also unplug it without losing any functionality. Let me demonstrate the proactive security practices of the OpenBSD team at it's finest. http://marc.theaimsgroup.com/?l=openbsd-miscm=106523413529618w=2 Must I spell it out for you? Proactively secure! Scriptkids are individuals who involve themselves in the facade of computer security, who don't have any technical background or skills in the area. People who buy into the hype of the buzzword-of-the-day security tools fall into this category. People who develop these tools and believe their merit are also scriptkids. OpenBSD, the proactively scriptkid friendly operating system. We know our target audience and their needs. -Theo --- Whitehat by day, booger at night - I'm the security snot. - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - --- Fucking suitkiddies. On Sun, 12 Oct 2003, Matt Carlson wrote: These question is off topic, I realize this, but please bear with me. 1. What exactly defines a script kiddie? 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? 3. Does it make you a script kiddie because it is a means of exploitation? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] OT: An odd question that has arrisen within my household
These question is off topic, I realize this, but please bear with me. 1. What exactly defines a script kiddie? 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? 3. Does it make you a script kiddie because it is a means of exploitation? Matt Carlson ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Sun, 12 Oct 2003 21:40:51 CDT, Matt Carlson [EMAIL PROTECTED] said: These question is off topic, I realize this, but please bear with me. 1. What exactly defines a script kiddie? 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? Using a tool somebody else wrote in an enlightened manner is good judgement and a demonstration of code reuse. Waving a dead chicken exploit without understanding it is a script kiddie. pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Oct 12, 2003, at 10:40 PM, Matt Carlson wrote: 1. What exactly defines a script kiddie? 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? 3. Does it make you a script kiddie because it is a means of exploitation? script kiddies pl.n. 1. The lowest form of cracker; script kiddies do mischief with scripts and programs written by others, often without understanding the exploit.2. People who cannot program, but who create tacky HTML pages by copying JavaScript routines from other tacky HTML pages. More generally, a script kiddie writes (or more likely cuts and pastes) code without either having or desiring to have a mental model of what the code does; someone who thinks of code as magical incantations and asks only what do I need to type to make this happen? x-tad-bigger http://info.astrian.net/jargon/terms/s/script_kiddies.html/x-tad-bigger -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Sunday 12 October 2003 09:40 pm, Matt Carlson wrote: These question is off topic, I realize this, but please bear with me. 1. What exactly defines a script kiddie? 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? 3. Does it make you a script kiddie because it is a means of exploitation? Matt Carlson Script kiddie (don't recall where I saw something along these lines): hacker or cracker (see below) who uses PRE-MADE tools for hacking or cracking information systems or networks, and who generally has very little or no knowledge of the FUNCTION(S) of the tools that are being used. In your case: once you understand not only that a port mapping tool is to be used to identify open ports, but you also understand the concept of ports as components of sockets (stream - TCP, or datagram - UDP), thus being able to further the investigation based on the workings of sockets, etc., then you do not qualify as script kiddie ... Exploiting a system does not make you a script kiddie, but a cracker. A hacker would leave the process at the identification and research level of the flaw/bug, while the cracker would move on to exploiting. My $0.02, Stef ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Sun, 2003-10-12 at 22:40, Matt Carlson wrote: 1. What exactly defines a script kiddie? See ESR's jargon file: http://catb.org/~esr/jargon/html/S/script-kiddies.html 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? 3. Does it make you a script kiddie because it is a means of exploitation? Port-scanners are like slim-jims or other lock-picking tools. It depends upon the person using them, and to what gain the tools are being used for. For security-minded folks (white hats), a port-scanner is a quick way to see what's open and compare it to what should be open. For the black hats, a port-scanner is a quick way to see what's open for potential attack. I can walk the perimeter of my house, and see if all the windows are shut. This is an acceptable thing to do. I can walk around your house, and see if all of the windows are shut. If I'm admiring your window treatments, it's ok. If I'm going to break into your house and steal your cats, it's not. The scanners simply give the user information; the information itself is a fairly neutral thing. It's all about intent. Also, bear in mind that a port scan is not in and of itself an attack, but is usually a precedes an attack. The scanners are not designed to cause damage, as compared to the kiddies toyz. Follow-up question: Knoppix ( http://knopper.net/knoppix/ ), a bootable CD containing a live Linux system, contains Nessus( http://www.nessus.org/ ), a security analysis tool. Is the possession of a Knoppix CD at someone else's place of business useful, or dangerous? Is the utility versus potential danger of such tools relevant to this discussion? -- Robert W Vawter III |ASCII Ribbon Campaign /\ http://www.vawter.org |For Standards-Compliant Email \ / PGP/GPG Key ID 0x847EABC8 | PGPok |X Some cats scowl because they're wearing imitation fur. / \ They feel inferior. `The Thing About Cats'--J. L'Hereux signature.asc Description: This is a digitally signed message part
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
Common Hacker Stratifications: Tier I - The best of the best - Ability to find new vulnerabilities - Ability to write exploit code and tools Tier II - IT savvy - Ability to program or script - Understand wht the vulnerability is and how it works - Intelligent enough to use the exploit code and tools with precision Tier III - Script Kiddies - Inexpert - Ability to download exploit code and tools - Very little understanding of the actual vulnerability (launching Linux attacks against MS boxes) - Randomly fire off scripts until something works Joel R. Helgeson Director of Networking Security Services SymetriQ Corporation Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life. - Original Message - From: Matt Carlson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 12, 2003 9:40 PM Subject: [Full-Disclosure] OT: An odd question that has arrisen within my household These question is off topic, I realize this, but please bear with me. 1. What exactly defines a script kiddie? 2. Does using a port scanner make you a script kiddie since you yourself did not write the code? 3. Does it make you a script kiddie because it is a means of exploitation? Matt Carlson ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: An odd question that has arrisen within my household
On Sun, 12 Oct 2003 23:55:53 EDT, Robert W Vawter III [EMAIL PROTECTED] said: Knoppix ( http://knopper.net/knoppix/ ), a bootable CD containing a live Linux system, contains Nessus( http://www.nessus.org/ ), a security analysis tool. Is the possession of a Knoppix CD at someone else's place of business useful, or dangerous? Is the utility versus potential danger of such tools relevant to this discussion? 1) It depends on why you're carrying the disk with you. If I'm working, and not in my office, and not in my own machine room, something has happened that will quite likely need a Knoppix disk or similar, so I have one handy. My showing up *without* bootable media would be as unusual as a country doctor showing up for a house call without his black bag. On the other hand, if I was carrying one around while wandering through the office cubicles at my local bank, that would be *highly* suspicious. Intent and context are key factors. 2) By the same token, the CD by itself is harmless. The possibility that a visitor might be carrying such a thing on their person is the sort of reason why said visitors shouldn't be allowed unsupervised access to one of your machines. A truly malicious type doesn't even need a Knoppix CD - I've personally managed to break into systems in under 5 minutes armed with nothing but a nail clipper(*).. Remember, who and why matter a lot more than what. (*) A co-worker knew I'd surplused a ancient Decstation the previous week, and had another that needed the disks wiped for surplusing, but the box had a firmware password to be worked around. That little part intended for cleaning nails will double as a phillips head screwdriver and a tool to pop the NVRAM out of the socket to reset the password if you're not too picky about how it looks - and hell, we were getting ready to throw the damned thing out anyhow. So it was only a matter of popping out 3 screws and then one IC. Trivial, once you know which IC you're going after. As I said.. Who and Why are more important than What. pgp0.pgp Description: PGP signature