IRAQ: WHY? WARNING: Article exclusively to adult readers

Technorati ProfileWe don't forgive, For those who can not forget. For my friend Samer
We don't forgive - We don't forget

Samer, forgive me for publishing these photos. I know that you are not a wound that never heals. But everyone should know the truth. To avoid repeating the mistakes of the past. In order not to forget. Dude, I told you that I would have brought in your story. And you still harbor in my heart

From: The-Legions Pages on Facebook (Italian Version)

The-Legions's Notes

Back to The-Legions

View: Full | Compact

• The-Legions's Notes

Iraq::::::> The pictures that Obama does not want to publish
. .:: Warning::. IMAGES ARE NOT SUITABLE FOR CHILDREN

Go back to The-Legions Pages on Facebook

yesterday at 7:01 am

General Taguba, who retired in 2007, has stated its support for the decision of President Obama to stop, contrary to what had been decided in the first instance, the publication of photos.
"These photos show torture, abuse, rapes, and every kind of indecency, but I'm not sure that their publication order legal aid, and consequently put at risk our troops, the only protectors of our foreign policy," he said. "The only description of these photos is pretty horrible, trust my word," added the retired general.

::::::> ::::::> ::::::> ::::::> just a cock <::::::: <:::::: <:::::: <::::::

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN



WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN


WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN


WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN


WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

WARNING: IMAGES ARE NOT SUITABLE TO CHILDREN

ÛÛÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÛÛÛ

ÛÛ²²²²²²²²²²²²²²²²²²²²²²²²±±²²²²²²²²²²²²²²²²²²²²²²²²ÛÛ
Come in a "\hell/" L I K E T H I S
ÛÛ²²²²²²²²²²²²²²²²²²²²²²²²±±²²²²²²²²²²²²²²²²²²²²²²²²ÛÛ
ÛÛÛßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßÛÛÛ


A NOTE: If these photos, despite the iron curtain of silence 'and silence have transpired, I can imagine what else there' and not 'never been disclosed.

Obama why? Obama who? A large frame?

We mount as I Fuck well , to all and to all the powerful heads fucking, doers, torturers, dictators, hungry for money and power, which in the neutral ideal of greatness at the expense of anyone who might (mal) happen on your street you killed , tortured, enslaved.


::::::>FUCK IT, everyone, of all ages and in all "\ HISTORY /"

This is the Iraqi flag BEFORE SOMEONE HAD DECIDED TO CHANGE

This is the real IRAQ National song
BEFORE SOMEONE HAD DECIDED TO CHANGE

The-Legions Pages on Facebook :::::> The-Legions

The-Legions's Notes

Iraq::::::> Le foto che Obama non vuole pubblicare.
.:ATTENZIONE:.
LE IMMAGINI NON SONO ADATTE AI MINORI

ASTALAVISTA

Wndows: qualche giochino sul sistema (English)

Microsoft, che teme molto che la gente capisca davvero che cosa significa usare un computer si guarda bene dal divulgare notizie o informazioni che possano portare ad una vera conoscenz. Le cose piu ridicole che ho letto provengono proprio dalla knpwledge bade di Micro: sfido chiunque a dire che nei momenti di bisogno ha trovato la soluzione del problema li. E non e' casuale, come molte altre cose del resto.
Per sfruttare pienamente le lamerate e i trucchetti che ogni tanto mi diverto ancora a "leggere" e ' necessario avere una buona conoscenza del registro di sistema, pena una

pulizia di Pasqua anticipata. Leggi: format
come del resto, tutte le modifiche e i suggerimenti che coinvolgono il registro.
Per cui:
Se qualcuno si ritrovasse con il pc inutilizzabile, non resti sorpreso. Io lo avevo detto.
Ed inoltre devo ance aggiungere ce queste cose non e' ce devono esere fatte ovvero messe in pratica con lo scopo di ledere l'altrui bene: questo e' una vigliaccata e una cosa che sta proprio fuori dal mio modo di pensare.

Conoscere vuol dire essere responsabili non essere stronzi, quella e' una cosa da lamer e basta.

Inoltre, PRIMA di apportare qualsiasi modifica fare un backup del registro. Se qualcuno non ha mai esportato un file di conf. dal registro di sistema questa e' la volta buona per farlo
.
**************************************************
************************************************************

Exiting Windows the Cool and Quick Way
--------------------------------------
Normally it takes a hell lot of time just Shutting down Windows, you have to
move your mouse to the Start Button, click on it, move it again over Shut Down,
click, then move it over the necessary option and click, then move the cursor
over the OK button and once again (you guessed it) click.This whole process can
be shortened by creating shortcuts on the Desktop which will shut down Windows
at the click of a button.

1}- Start by creating a new shortcut (right click and select New> Shortcut).
2}- Then in the command line box, type :-
C:\windows\rundll.exe user.exe,exitwindowsexec

This Shortcut on clicking will restart Windows immediately without any Warning.

To create a Shortcut to Restart Windows, use the following in the Command
Line box:

C:\windows\rundll.exe user.exe,exitwindows
This Shortcut on clicking will shut down Windows immediately without any
Warning.
************************************************************

Ban Shutdowns : A trick to Play on Lamers
-----------------------------------------
This is a neat trick you can play on that lamer that has a huge ego, in this
section I teach you, how to disable the Shut Down option in the Shut Down Dialog
Box. This trick involves editing the registry, so please make backups.

1}- Launch regedit.exe and go to : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane look for the NoClose Key.
2}- If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey )
3}- Now once you see the NoCloseKey in the right pane, right click on it and select Modify.
4}- Then Type 1 in the Value Data Box.

Doing the above on a Win98 system disables the Shut Down option in the Shut Down
Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then
click on the Start > Shut Down button displays the following error message:
This operation has been cancelled due to restrictions in effect on this
computer. Please contact your system administrator.
You can enable the shut down option by changing the value of NoCloseKey to 0 or
simply deleting the particular entry i.e. deleting NoCloseKey.
Instead of performing the above difficult to remember process, simply save the
following with an extension of .reg and add it's contents to the registry by
double clicking on it.
******************
REGEDIT4
*****************
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"="1"
Disabling Display of Drives in My Computer
This is yet another trick you can play on your geek friend. To disable the
display of local or networked drives when you click My Computer go to :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now in the right pane create a new DWORD item and name it NoDrives. Now modify
it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you
click on My Computer, no drives will be shown. To enable display of drives in My
Computer, simply delete this DWORD item. It's .reg file is as follows:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:03ffffff
Take Over the Screen Saver
To activate and deactivate the screen saver whenever you want, goto the
following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ScreenSavers
Now add a new string value and name it Mouse Corners. Edit this new value to
-Y-N. Press F5 to refresh the registry. Voila! Now you can activate your
screensaver by simply placing the mouse cursor at the top right corner of the
screen and if you take the mouse to the bottom left corner of the screen, the
screensaver will deactivate.
Pop a banner each time Windows Boots
To pop a banner which can contain any message you want to display just before a
user is going to log on, go to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon
Now create a new string Value in the right pane named LegalNoticeCaption and
enter the value that you want to see in the Menu Bar. Now create yet another new
string value and name it: LegalNoticeText. Modify it and insert the message you
want to display each time Windows boots. This can be effectively used to display
the company's private policy each time the user logs on to his NT box. It's .reg
file would be:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon]
"LegalNoticeCaption"="Caption here."
Delete the Tips of the Day to save 5KB
Windows 95 had these tips of the day which appeared on a system running a newly
installed Windows OS. These tips of the day are stored in the Windows Registry
and consume 5K of space. For those of you who are really concerned about how
much free space your hard disk has, I have the perfect trick.
To save 5K go to the following key in Regedit:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips
Now simply delete these tricks by selecting and pressing the DEL key.
Change the Default Locations
To change the default drive or path where Windows will look for it's
installation files, go to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath
Now you can edit as you wish.
Secure your Desktop Icons and Settings
You can save your desktop settings and secure it from your nerdy friend by
playing with the registry. Simply launch the Registry Editor go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane create a new DWORD Value named NoSaveSettings and modify it's
value to 1. Refresh and restart for the settings to get saved.
CLSID Folders Explained
Don't you just hate those stubborn stupid icons that refuse to leave the
desktop, like the Network Neighborhood icon. I am sure you want to know how you
can delete them. You may say, that is really simple, simply right click on the
concerned icon and select Delete. Well not exactly, you see when you right click
on these special folders( see entire list below)neither the rename nor the
delete option does not appear. To delete these folders, there are two methods,
the first one is using the System Policy Editor(Poledit in the Windows
installation CD)and the second is using the Registry.
Before we go on, you need to understand what CLSID values are. These folders,
like the Control Panel, Inbox, The Microsoft Network, Dial Up Networking etc are
system folders. Each system folder has a unique CLSID key or the Class ID which
is a 16-byte value which identifies an individual object that points to a
corresponding key in the registry.
To delete these system Folders from the desktop simply go to the following
registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
To delete an icon simply delete the 16 byte CLSID value within "NameSpace". The
following are the CLSID values of the most commonly used icons:
My Briefcase:{85BBD920-42AO-1069-A2E4-08002B30309D}
Desktop: {00021400-0000-0000-C000-0000000000046}
Control Panel:{21EC2020-3AEA-1069-A2DD-08002B30309D}
Dial-Up-Networking:{992CFFA0-F557-101A-88EC-00DD01CCC48}
Fonts: {BD84B380-8CA2-1069-AB1D-08000948534}
Inbox :{00020D76-0000-0000-C000-000000000046}
My Computer :{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Network Neighborhood:{208D2C60-3AEA-1069-A2D7-O8002B30309D}
Printers :{2227A280-3AEA-1069-A2DE-O8002B30309D}
Recycle Bin :{645FF040-5081-101B-9F08-00AA002F954E}
The Microsoft Network:{00028B00-0000-0000-C000-000000000046}
History: {FF393560-C2A7-11CF-BFF4-444553540000}
Winzip :{E0D79300-84BE-11CE-9641-444553540000}
For example, to delete the Recycle Bin, first note down it's CLSID value, which
is: 645FF040-5081-101B-9F08-00AA002F954E. Now go to the Namespace key in the
registry and delete the corresponding key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
Similarly to delete the History folder, delete the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Sometimes, you may need to play a trick on your brother or friend, well this one
teaches you how to hide all icons from the Desktop. Go to the following registry
key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane create a new DWORD value by the name: NoDesktop and set its
value to: 1. Reboot and you will find no icons on the desktop.
Till now you simply learnt how to delete the special system folders by deleting
a registry key, but the hack would have been better if there was a way of adding
the DELETE and RENAME option to the right click context menus of these special
folders. You can actually change the right click context menu of any system
folder and add any of the following options: RENAME, DELETE, CUT, COPY, PASTE
and lots more.
This hack too requires you to know the CLSID value of the system folder whose
menu you want to customize. In this section, I have taken up Recycle Bin as the
folder whose context menu I am going to edit.
Firstly launch the registry editor and open the following registry key:

HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder.
In Case you want to edit some other folder like say the FONTS folder, then you
will open the following key:

HKEY_CLASSES_ROOT\CLSID\{CLSID VALUE HERE}\ShellFolder.
In the right pane there will be a DWORD value names attributes. Now consider the
following options:
To add the Rename option to the menu, change the value of Attributes to
50 01 00 20
To add the Delete option to the menu, change the value of Attributes to
60 01 00 20
3. To add both the Rename & Delete options to the menu, change the value of
Attributes to 70,01,00,20
4. Add Copy to the menu, change Attributes to 41 01 00 20
5. Add Cut to the menu, change Attributes to 42 01 00 20
6. Add Copy & Cut to the menu, change Attributes to 43 01 00 20
7. Add Paste to the menu, change Attributes to 44 01 00 20
8. Add Copy & Paste to the menu, change Attributes to 45 01 00 20
9. Add Cut & Paste to the menu, change Attributes to 46 01 00 20
10.Add all Cut, Copy & Paste to the menu, change Attributes to 47 01 00 20
We want to add only the Rename option to the right click context menu of the
Recycle Bin, so change the value of attributes to: 50 01 00 20. Press F5 to
refresh and then after rebooting you will find that when you right click on the
Recycle Bin a RENAME option pops up too.
To reset the default Windows options change the value of Attributes back to
40 01 00 20
The Registry File which one can create for the above process would be something
like the below:

REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell-Folder]
"Attributes"=hex:50,01,00,20
To access say the Modem Properties in the Control Panel Folder, the normal
procedure is: Click on Start, Click on Settings> Control Panel and then wait for
the Control Panel window to pop up and then ultimately click on the Modems icon.
Wouldn't it be lovely if you could shorten the process to: Click on Start>
Control Panel>Modems. Yes you can add the Control Panel and also all other
Special System Folders directly to the first level Start Menu. Firstly collect
the CLSID value of the folder you want to add to the start menu. I want to add
Control Panel hence the CLSID value is: 21EC2020-3AEA-1069-A2DD-08002B30309D
Now right click on the Start Button and select Open. Now create a new folder and
name it: Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
NOTE: Do not forget the period after the 'l' in Panel. Similarly all system
folders can be added to the Start Menu.(accept My Briefcase, I think)
Deleting System Options from the Start menu
You can actually remove the Find and Run options from the start menu by
performing a simple registry hack. Again like always Launch the registry editor
and scroll down to the below key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Right-click on the right pane and select New, DWORD Value. Name it NoFind.(To
remove the RUN option name it NoRun). Double-click the newly create DWORD to
edit it's value and enter 1 as its value. This will disable the FIND option of
the Start Menu and will also disable the default Shortcut key(F3 for Find.)
To restore the Run or find command modify the value of the DWORD to 0 or simply
Delete the DWORD value.
Fed Up of the boring Old Yellow Folder Icons?[Drive Icons Included]
NOTE: This trick hasn't been tried on Win98.
You can easily change the boring yellow folder icons to your own personalized
icons. Simply create a text file and copy the following lines into it:
[.ShellClassInfo]
ICONFILE=Drive:\Path\Icon_name.extension
Save this text file by the name, desktop.ini in the folder, whose icon you want
to change. Now to prevent this file from getting deleted change it's attributes
to Hidden and Read Only by using the ATTRIB command.
To change the icon of a drive, create a text file containing the following
lines:
[Autorun]
ICON=Drive:\Path\Icon_name.extension
Save this file in the root of the drive whose icon you want to change and name
it autorun.inf For Example, if you want to change the icon of a floppy, SAVE THE
icon in a:\icon_name.ico One can also create a kewl icon for the Hard Disk and
create a text file [autorun.inf] and store it in "c:\".
Securing NT
By default, NT 4.0 displays the last person who logged onto the system. This can
be considered to be a security threat, especially in the case of those who
choose their password to be same as their Username. To disable this bug which
actually is a feature, go to the following key in the registry editor:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
Click and select the ReportBookOK item and create a new string value called
DontDisplayLastUserName. Modify it and set it's value to 1.
As a system administrator, you can ensure that the passwords chosen by the users
are not too lame or too easy to guess. NT has this lovely utility called the
User Manager which allows the administrator to set the age limit of the password
which forces the users to change the password after a certain number of days.
You can also set the minimum length of passwords and prevent users to use
passwords which already have been used earlier and also enable account lockouts
which will deactivate an account after a specified number of failed login
attempts.
When you log on to Win NT, you should disable Password Caching, this ensures
Single NT Domain login and also prevents secondary Windows Logon screen.
Simply copy the following lines to a plain text ASCII editor like: Notepad and
save it with an extension, .reg


----------------DISABLE.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000001
----------------DISABLE.reg-----------------
To Enable Password Caching use the following .reg file:
--------------Enable.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000000
--------------Enable.reg-----------------

Cleaning Recent Docs Menu and the RUN MRU
The Recent Docs menu can be easily disabled by editing the Registry. To do this
go to the following Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now in the right pane, create a new DWORD value by the name: NoRecentDocsMenu
and set it's value to 1. Restart Explorer to save the changes.
You can also clear the RUN MRU history. All the listings are stored in the key:

HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
You can delete individual listings or the entire listing. To delete History of
Find listings go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find
Spec MRU
and delete.
Customizing the Right Click Context Menu of the Start Menu
When you right click on the start menu, only 3 options pop up: Open, Explore,
and Find. You can add your own programs to this pop up menu( which comes up when
we right click on it.) Open Regedit and go to the following registry key:

HKEY_CLASSES_ROOT\Directory\Shell
Right click on the shell and create a new Sub Key (You can create a new SubKey
by right clicking on the Shell Key and selecting New > Key.). Type in the name
of the application you want to add to the start menu. I want to add Notepad to
the Start Menu and hence I name this new sub key, Notepad. Now right click on
the new registry key that you just created and create yet another new key named
Command. Enter the full path of the application, in this case Notepad in the
default value of Command in the right
pane. So I Modify the value of the default string value and enter the full
pathname of Notepad:
c:\wndows\notepad.exe.
Now press F5 to refresh. Now if you right click on the Start Button you will
find a new addition to the Pop Up Menu called Notepad. Clicking on it will
launch Notepad.
We can not only add but also remove the existing options in this pop up box.
To delete the Find option, go to the following registry key:

HKEY_CLASSES_ROOT\Directory\Shell\Find
Delete Find. DO NOT delete Open else you will not be able to open any folders in
the Start Menu like Programs, Accessories etc.
BMP Thumbnail As Icon
You can actually change the default BMP icon to a thumbnail version of the
actual BMP file. To do this simply go to HKCU\Paint.Picture\Default. In the
right pane change the value of default to %1. Please note however that this will
slow down the display rate in explorer if there are too many BMP thumbnails to
display. You can use other icons too, simply enter the pathname.To restore back
to the normal change the vale of default back to:
C:\Progra~1\Access~1\MSPAINT.EXE,1.
Customizing The Shortcut Arrow
All shortcuts have a tiny black arrow attached to it's icon to distinguish from
normal files. This arrow can sometimes be pretty annoying and as a Hacker should
know how to change each and everything, here goes another trick. Launch the
Registry Editor and go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Shell
Icons.
Now, on the right pane is a list of icons ( we found out that on some systems,
Windows 98 especially, the right pane is blank. Don't worry, just add the value
as required ). Find the value 29. If it isn't there, just add it. The value of
this string should be C:\Windows\system\shell32.dll, 29 ( which means the 30th
icon in shell32.dll - the first one begins with 0 ). Now, we need blank icon to
do this. Just create one with white as the whole icon. Go here to learn how to
create an icon. Once done just change the value to C:\xxx.ico, 0 where "xxx" is
the full path of the icon file and "0" is the icon in it.
Now for some fun. If the blank icon is a bit boring, change it again. You will
find that under shell32.dll there is a gear icon, a shared folder ( the hand )
and much more. Experiment for yourself!
Use Perl to Get List or Services Running on your NT box
Use the following Perl Script to get a list of Services running on your NT
system


--------------script.pl-----------------
#!c:\per\bin\perl.exe
use Win32::Service;
my ($key, %service, %status, $part);
Win32::Service::GetServices(' ',\%services);
foreach $key (sort keys %services) {
print "Print Name\t: $key, $services{$key}\n";
Win32::Service::GetStatus( ' ',$services{$key};
\%status);
foreach $part (keys %status) {
print "\t$part : $status{$part}\n" if($part eq "CurrentState");
}
}
-------------script.pl-------------------


Internet Explorer Tricks and Tips
Resizable Full Screen Toolbar
The Full Screen option increases the viewable area and makes surfing more
enjoyable but sometimes we need the Toolbar but also need to have extra viewing
area. Now this hack teaches you how to change the size of the Internet Explorer
toolbar. This registry hack is a bit complicated as it involves Binary values,
so to make it simple, I have included the following registry file which will
enable the resizable option of the Internet Explorer toolbar which was present
in the beta version of IE.

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"Theater"=hex:0c,00,00,00,4c,00,00,00,74,00,00,00,18,00,00,00,1b,00,00,00,5c,\
00,00,00,01,00,00,00,e0,00,00,00,a0,0f,00,00,05,00,00,00,22,00,00,00,26,00,\
00,00,02,00,00,00,21,00,00,00,a0,0f,00,00,04,00,00,00,01,00,00,00,a0,0f,00,\
00,03,00,00,00,08,00,00,00,00,00,00,00
*******************
HACKING TRUTH: Internet Explorer 5 displays the friendly version of HTTP errors
like NOT FOUND etc . They are aimed at making things easier for newbies. If you
would rather prefer to see the proper error pages for the web server you're
using, go to Tools, Internet Options and select the Advanced tab. Then scroll
down and uncheck the Show friendly http errors box.
*******************
Making the Internet Explorer & the Explorer Toolbars Fancy
The Internet Explorer toolbar looks pretty simple. Want to make it fancy and
kewl? Why not add a background image to it. To do this kewl hack launch the
Windows Registry Editor and go to the following key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Internet Explorer\Toolbar\.
Now in the right pane create a new String Value and name it BackBitmap and
modify it's value to the path of the Bitmap you want to dress it up with by
rightclicking on it and choosing Modify. When you reboot the Internet Explorer
and the Windows Explorer toolbars will have a new look.
Change Internet Explorer's Caption
Don't like the caption of Internet Explorer caption? Want to change it? Open the
registry editor and go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main.
In the right pane create a new String Value names Window Title (Note the space
between Window and Title). Right click on this newly created String Value and
select Modify. Type in the new caption you want to be displayed. Restart for the
settings to take place.
Now let's move on to some Outlook Express Tricks.
Colorful Background
Don't like the boring background colors of Outlook Express? To change it launch
the Windows Registry Editor and scroll down to the

HKEY_CURRENT_USER\Software\Microsoft\Internet Mail And News key.
On the left pane, click on ColorCycle or select Edit and Modify in the menu. Now
change the value to 1. Close and restart. Now, launch Outlook Express and
whenever you open up a New Message, hold down ctrl-shift and tap the z key to
scroll to change the background color. Repeat the keystroke to cycle through the
colors.
Internet Explorer 5 Hidden Features

Microsoft Internet Explorer 5 has several hidden features which can be
controlled using the Windows Registry. Open your registry and scroll down to the
following key:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
Create a new DWORD value named x(See complete list of values of x below) and
modify it's value to 1 to enable it and to 0 to disable it.
NoBrowserClose : Disable the option of closing Internet Explorer.
NoBrowserContextMenu : Disable right-click context menu.
NoBrowserOptions : Disable the Tools / Internet Options menu.
NoBrowserSaveAs : Disable the ability to Save As.
NoFavorites : Disable the Favorites.
NoFileNew : Disable the File / New command.
NoFileOpen : Disable the File / Open command.
NoFindFiles : Disable the Find Files command.
NoSelectDownloadDir : Disable the option of selecting a download directory.
NoTheaterMode : Disable the Full Screen view option.
Hacking Secrets
Almost all system administrators make certain changes and make the system
restricted. System Administrators can hide the RUN option, the FIND command, the
entire Control Panel, drives in My Computer like D: A: etc. They can even
restrict activities of a hacker my disabling or hiding, even the tiniest options
or tools.
Most commonly these restrictions are imposed locally and are controlled by the
Windows Registry. But sometimes the smart system administrators control the
activities of the hacker by imposing restrictions remotely through the main
server.
Poledit or Policy Editor is a small kewl tool which is being commonly used by
system administrators to alter the settings of a system. This utility is not
installed by default by Windows. You need to install in manually from the
Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we
saw earlier.
The Policy Editor tool imposes restrictions on the user's system by editing the
user.dat file which in turn means that it edits the Windows Registry to change
the settings. It can be used to control or restrict access to each and every
folder and option you could ever think of. It has the power to even restrict
access to individual folders, files, the Control Panel, MS DOS, the drives
available etc. Sometimes this software does make life really hard for a Hacker.
So how can we remove the restrictions imposed by the Policy Editor? Well read
ahead to learn more.
You see the Policy Editor is not the only way to restrict a user's activities.
As we already know that the Policy Editor edits the Windows Registry(user.dat)
file to impose such restrictions. So this in turn would mean that we can
directly make changes to the Windows Registry using a .reg file or directly to
remove or add restrictions.
Launch Regedit and go to the following Registry Key:

HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies
Under this key, there will definitely be a key named explorer. Now under this
explorer key we can create new DWORD values and modify it's value to 1 in order
to impose the restriction. If you want to remove the Restriction, then you can
simply delete the respective DWORD values or instead change their values to 0.
The following is a list of DWORD values that can be created under the Explorer
Key-:
NoDeletePrinter: Disables Deletion of already installed Printers
NoAddPrinter: Disables Addition of new Printers
NoRun : Disables or hides the Run Command
NoSetFolders: Removes Folders from the Settings option on Start Menu (Control
Panel, Printers, Taskbar)
NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start
Menu
NoFind: Removes the Find Tool (Start >Find)
NoDrives: Hides and does not display any Drives in My Computer
NoNetHood: Hides or removes the Network Neighborhood icon from the desktop
NoDesktop: Hides all items including, file, folders and system folders from the
Desktop
NoClose: Disables Shutdown and prevents the user from normally shutting down
Windows.
NoSaveSettings: Means to say, 'Don't save settings on exit'
DisableRegistryTools: Disable Registry Editing Tools (If you disable this
option, the Windows Registry Editor(regedit.exe) too
will not work.)
NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu
(IE 4 and above)
ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.
Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop

Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies
you can create new subkeys other than the already existing Explorer key. Now
create a new key and name it System. Under this new key, system we can create
the following new DWORD values(1 for enabling the particular option and 0 for
disabling the particular option):
NODispCPL: Hides Control Panel
NoDispBackgroundPage: Hides Background page.
NoDispScrsavPage: Hides Screen Saver Page
NoDispAppearancePage: Hides Appearance Page
NoDispSettingsPage: Hides Settings Page
NoSecCPL: Disables Password Control Panel
NoPwdPage: Hides Password Change Page
NoAdminPaqe: Hides Remote Administration Page
NoProfilePage: Hides User Profiles Page
NoDevMgrPage: Hides Device Manager Page
NoConfigPage: Hides Hardware Profiles Page
NoFileSysPage: Hides File System Button
NoVirtMemPage: Hides Virtual Memory Button
Similarly, if we create a new subkey named Network, we can add the following
DWORD values under it(1 for enabling the particular option and 0 for disabling
the particular option):
NoNetSetupSecurityPage: Hides Network Security Page
NoNelSetup: Hides or disables the Network option in the Control Panel
NoNetSetupIDPage: Hides the Identification Page
NoNetSetupSecurityPage: Hides the Access Control Page
NoFileSharingControl: Disables File Sharing Controls
NoPrintSharing: Disables Print Sharing Controls
Similarly, if we create a new subkey named WinOldApp, we can add the following
DWORD values under it(1 for enabling the particular option and 0 for disabling
the particular option):

Disabled: Disable MS-DOS Prompt

NoRealMode: Disable Single-Mode MS-DOS.

So you see if you have access to the Windows Registry, then you can easily
create new DWORD values and set heir value to 1 for enabling the particular
option and 0 for disabling the particular option. But Sometimes, access to the
Windows Registry is blocked. So what do you do? Go to the Windows Directory and
delete either user.dat or system.dat (These 2 files constitute the Windows
Registry.) and reboot. As soon as Windows logs in, it will display a Warning
Message informing you about an error in the Windows Registry. Simply ignore this
Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do
not press OK) You will find that all restrictions have been removed.
The most kind of restriction found quite commonly is the Specific Folder
Restriction, in which users are not allowed access to specific folders, the most
common being the Windows folder, or sometimes even access to My Computer is
blocked. In effect, you simply cannot seem to access the important kewl files
which are needed by you to do remove restrictions. What do you? Well use the RUN
command. (START >RUN). But unfortunately a system administrator who is
intelligent enough to block access to specific folder, would definitely have
blocked access to the RUN command. Again we are stuck.

Windows is supposed to be the most User Friendly Operating System on earth. (At
least Microsoft Says so.)
It gives the User an option to do the same thing in various ways. You see the
RUN command is only the most convenient option of launching applications, but
not the only way. In Windows you can create shortcuts to almost anything from a
file, folder to a Web URL. So say your system administrator has blocked access
to the c:\windows\system folder and you need to access it. What do you do?
Simply create a Shortcut to it. To do this right click anywhere on the desktop
and select New > Shortcut. A new window titled Create Shortcut pops up. Type in
the path of the restricted folder you wish to access, in this case
c:\windows\system. Click Next, Enter the friendly name of the Shortcut and then
click Finish. Now you can access the restricted folder by simply double clicking
on the shortcut icon. Well that shows how protected and secure *ahem Windows
*ahem is.

****************
HACKING TRUTH: Sometimes when you try to delete a file or a folder, Windows
displays an error message saying that the file is protected. This simply means
that the file is write protected, or in other words the R option is +. Get it?
Anyway, you can stop Windows from displaying this error message and straightaway
delete this file by changing its attributes to Non Read Only. This can be done
by Right Clicking on the file, selecting Properties and then
unselecting the Read Only Option.

***************
There is yet another way of accessing restricted folders. Use see, DOS has a
lovely command known as START. Its general syntax is:
START application_path
It does do what it seems to do, start applications. So in you have access to DOS
then you can type in the START command to get access to the restricted folder.
Now mostly access to DOS too would be blocked. So again you can use the shortcut
trick to launch, c:\command.com or c:\windows\command.com. (Command.com is the
file which launches MS DOS).

Accessing Restricted Drives.
The problem with most system administrators is that they think that the users or
Hackers too are stupid. Almost all system administrators use the Registry Trick
(Explained Earlier) to hide all drives in My Computer. So in order to unhide or
display all drives, simply delete that particular key.(Refer to beginning of
Untold Secrets Section.)
Some systems have the floppy disk disabled through the BIOS. On those systems if
the BIOS is protected, you may need to crack the BIOS password. (For that Refer
to the Windows Hacking Chapter). Sometimes making drives readable (Removing R +)
and then creating Shortcuts to them also helps us to get access to them.
Further Changing your Operating System's Looks by editing .htt files

If you have installed Windows Desktop Update and have the view as Web Page
option enabled, you can customise the way the folder looks by selecting View >
Customise this folder. Here you can change the background and other things about
that particular folder. Well that is pretty lame, right? We hackers already know
things as lame as that. Read on for some kewl stuff.
Well, you could also change the default that is stored in a Hidden HTML Template
file (I think so..) which is nothing but a HTML document with a .htt extension.
This .htt file is found at: %systemroot%\web\folder.htt.
The %systemroot% stands for the drive in which Windows is Installed, which is
normally C:
You can edit these .htt files almost just like you edit normal .HTM or .HTML
files. Simply open them in an ASCII editor like Notepad. The following is a list
of .htt files on your system which control various folders and which can be
edited to customise the way various folders look.
controlp.htt Control Panel
printers.htt Printers
mycomp.htt My Computer
safemode.htt Safe Mode
All these files are found in the web folder in %systemfolder%. The folder.htt
file has a line:
'Here's a good place to add a few lines of your own"
which is the place where you can add your own A HREF links. These links would
then appear in the folder whose folder.htt file you edited. All this might sound
really easy and simple, but you see these .htt files do not contain normal HTML
code, instead they contain a mixture of HTML and web bots. Hence they can be
difficult for newbies to understand.
Well that's it for now, more tricks later, till then goodbye.

ASTALAVISTA

the-legions@mail.ru
ankit@bol.net.in
programmingforhackers-subscribe@egroups.com

Practical attacks against WEP and WPA

Da molte parti ho letto svariate metodologie su come "forzare" l'apertura di accesso ad una qualsiasi rete wireless. Piu o meno fantasiose. Diciamo che non solo e' possibile aprire anche il protocollo WPA, fino a un po di tempo fa considerato inattaccabile, e questo mi fa venire in mente le discussioni con i vari guru che sostenevano appunto la inattaccabilita di tale encription, ma il tempo, da ragione ai temerari :-)

Questo e' stato il materiale che abbiamo circa un anno fa mi pare, trovato piu interessante per approfondire la cosa.
Vorrei aggiungere, che non e' che per forza si deve craccare una rete wifi, si puo benissimo "bypassare", ma questo lo spieghero in un altro post, se potro' in italiano, questa volta posto in inglese, anche perche mi e' piu facile, strano ma vero, ed anche perche dal 9 aprile, come ho precedentemente annunciato, questo blog si avvale della collaborazione di autori che italiani non sono, e per mettere daccordo tutti, una lingua bisogna usarla e dobbiamo spesso usare l'inglese per rendere gli scritti comprensibili a tutti.

Comunque per eventuali problemi o altro c'e' la pagina dei commenti chiedete li oppure, l'indirizzo email del blog e':

the-legions@mail.ru

oppure ci trovate su Facebook a questo indirizzo:

http://www.facebook.com/pages/Gadara-Jordan/The-Legions/91257612473

I want describe to all two attacks on IEEE 802.11 based wireless LANs. The first attack is an improved key recovery attack on WEP,
which reduces the average number of packets an attacker has to intercept to recover the secret key. The second attack is (according to our know- ledge) the rst practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used.
The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.

IEEE 802.11[2] is a standard family for wireless networks. Such networks can be found
in home, office, and enterprise environments and are quite popular today. If sensitive
informations are transmitted over a wireless network, privacy and integrity is a concern
and must be taken care of.
The rst version of the IEEE 802.11 standard supported a basic mechanism for
protecting such networks named Wired Equivalent Privacy (WEP). WEP requires all
clients and access points in the network to share up to four dierent secret symmetric
keys, which is clearly not optimal for a larger installation where users change frequently.
Most installations just use a single secret key named root key. WEP has some major
design
aws and was completely broken in 2001 by Fluhrer, Mantin, and Shamir.
They showed that an attacker can recover the secret key of the network with an average
consumer laptop in 1-2 hours.
More advanced attacks were published in the last years
making it possible to recover the secret key of the network in less than 60 seconds.
To x the problems of WEP, a new standard named Wi-Fi Protected Access (WPA)
was released in 2003, now part of the IEEE 802.11 specications.
The structure of this paper is as follows: In Section 2, we give an introduction to the
technical details of WEP and WPA and introduce the notation used in the rest of this
paper. In Section 3, we give an overview over a selected number of attacks on WEP.
In Section 4, we present a new attack on WEP, which reduces the number of packets
an attacker needs to intercept to recover the secret root key compared to previous
attacks. In Section 5, we present a new attack on WPA, which allows an attacker,
who has about 12-15 minutes access to a WPA protected network to send 7 packets to
the network with chosen payload and decrypt a single ARP packet. According to
our knowledge, this is the rst practical attack on WPA protected networks, besides
launching a dictionary attack against a weakly chosen pre shared key.

Notation
Numbers are always written in the decimal notation, for example 12 is the number
twelve. The signs + and · are addition and multiplication. (Z=nZ)+ is the additive
group of the numbers 0 to n-1, where all additions are done mod n. When operations
are done in (Z=nZ)+, we write a + b as a short form of a + b mod n. For arrays, we
use the [·] notation as used in many programming languages like C or Java. The
rst element in the array S is S[0]. Permutations are written as arrays too. If S is
a permutation, S-1 is the inverse permutation. For example, if S[i] = j holds, then
S-1[j] = i holds. When two arrays A and B are concatenated to a new array C, we
write C = AjjB. F2 is the nite eld with just the two elements 0 and 1. F2[X] is
the ring of polynomials over F2. When specifying estimations for a success probability
or similar things, we use the ≈ sign to note that a formula or a value is only a good
approximation, but not absolutely accurate.
Because WEP is mostly based on the RC4 stream cipher, we need to introduce
a notation for analyzing the RC4 stream cipher. RC4 consists of two algorithms, the
RC4-KSA, which transforms a key of length 1 to 256 bytes into an initial permutation
S of the numbers 0 to 255. The internal state of RC4 consists of this permutation S
and two numbers i and j used as pointers to elements of S. The RC4-PRGA generates
a single byte of keystream from such a state and then updates the state.
To analyze the cipher, we will write Sk and jk for the state of S and j, after exactly
k rounds of the loop starting in line 5 in Listing 1 have been executed. To make the
paper more readable, we write n for the constant value 256. Accordingly, we write
Sk+n and jk+n for the state of S and j, after the state was initialized by the algorithm
in Listing 1 and exactly k bytes of output have been produced by the algorithm in
Listing 2. When a key K is used for RC4 and a keystream X of arbitrary length is
produced, we write X = RC4(K). Please note that an attacker who knows the rst k
bytes of an RC4 key K also knows Sk and jk.
In a WEP protected network, all stations usually share a single symmetric key Rk
named root key. A single packet can easily be lost in an IEEE 802.11 network due to a
transmission error, so WEP needs to encrypt all packets independently. Because RC4
does not support an initialization vector by itself, WEP generates a per packet keyfor every packet. A three byte initialization vector IV is chosen and prepended to the
root key Rk which results in the per packet key K = IVjjRk. A keystream X = RC4(K)
is generated from K. To protect the integrity of the transmitted data, a 32 bit long
CRC32 checksum named ICV is appended to the data. The resulting plaintext is
then encrypted by XORing the plaintext (including the CRC32 checksum) with the
generated keystream. The ciphertext together with the corresponding unencrypted
initialization vector IV is then send over the air.
WEP originally only specied a 40 bit secret key Rk, but most vendors implemented
an additional mode where Rk had a length of 104 bits. The length of the corresponding
per packet keys K where 64 or 128 bit, and these variants were mostly marketed as 64
or 128 bit WEP. We restrict ourselves to the 104 bit variant, but our attacks can easily
be adopted for networks with dierent key lengths with only minor modications.

The FMS attack
Fluhrer, Mantin and Shamir published[4, 13] the rst key recovery attack on WEP in
2001. Their attack is based on the following ideas: An attacker who listens passively to
the traffc of a WEP protected network can record a lot of encrypted packets including
the initialization vectors used for these packets. Because the rst bytes of the plaintext
of most packets are easily predictable, the attacker is able to recover the rst bytes of
the keystreams used to encrypt these packets. The initialization vector is transmitted
unprotected with the packets, so the attacker initially also knows the rst 3 bytes of
the per packet key for all packets. All following bytes of the per packet key are the
same for all packets, but are initially unknown to the attacker.

A full key recovery attack on WEP can be built using this correlation. An at-
tacker captures packets from a WEP protected network and recovers the rst byte of
keystream used to encrypt these packets by guessing the rst byte of plaintext. There
are also various active techniques to generate traffc on a WEP protected network
even without the key, which allow the recovery of more than the rst 1000 bytes of
keystream per packet[1]. He selects the packets where the resolved condition holds
and calculates Ffms for these packets. Each result of Ffms can be seen as a vote for
the value of Rk[0]. After enough packets have been captured, the attacker makes a
decision for the value of Rk[0] based on the number of votes geberated by Ffms. If the
decision was correct, the attacker knows the rst l = 4 bytes of all per packet keys and
can continue with Rk[1]. Please note that all packets need to be reevaluated wether the
resolved condition holds, because this check depends on the value of Rk[0]. After all
bytes of Rk have been determined, the attacker checks the resulting key for correctness
using a number of trial decryptions. If the key is correct, the attacker has succeeded.
If the resulting key is incorrect, the attacker looks for a decision for Rk[i], were an
alternative value for Rk[i] was also very likely. The attacker corrects the decision in
the decision tree at depth i and continues the attack with the alternate decision.
Although the 5% success probability of Ffms looks impressive, the attack needs
4,000,000 to 6,000,000 packets to succeed with a success probability of at least 50%,
depending on the exact environment and implementation[14, 13]. The reason for this
is that the resolved condition holds only for a small amount of randomly chosen ini-
tialization vectors.

The KoreK attack
In 2004, a person under the pseudonym KoreK posted an implementation of
an advanced WEP cracking tool in an internet forum. KoreK used 16 additional
correlations between the rst l bytes of an RC4 key, the rst two bytes of the generated
keystream, and the next keybyte K[l]. Most of these correlations have been found by
KoreK him self, a few had been discussed[5] in public before. KoreK assigned names
like A u15 or A s13 to these attacks, the original FMS attack is called A s5 1 here.
Nearly all correlations found by KoreK use the approach that the rst or second
byte of the keystream reveals the value of jl+1 under some conditions, if 2-4 values
in S have a special constellation and are not changed during the remaining RC4-KSA
after step l + 1. An interesting exception is the A neg correlation, which doesn't vote
for a certain value of K[l]. Instead a value can be excluded from the list of possible
candidates for K[l], which can be seen as a negative vote for K[l].
The overall attack structure is the same decision tree based approach as for the
FMS attack. The number of captured packets is reduced to about 700,000 for 50%
success probability[14]. Again, the exact numbers depend on the exact environment
and the implementation and parameters used for the attack. One important factor is if
the initialization vectors are generated by a PRNG algorithm or if they are generated
sequentially by a counter.


The PTW attack
In 2007, a new generation of WEP attacks was published[15, 14] by Tews, Weinmann,
and Pyshkin. Their attack introduced two new concepts:
1. All previous correlations used required 2-4 values in S not to change during the
remaining RC4-KSA. They also had a lot of preconditions which need to hold to
use the correlation. Therefore, only a small number of packets could be used to
vote for a certain keybyte.

The PTW attack now works as follows: First an attacker captures packets and

recovers their keystreams as for the FMS and KoreK attack. The attacker knows
the rst l = 3 bytes of all per packets keys.
He now evalues Fptwm for every packet and every m Є { f1, ..., 13} and gets votes for Ó0 ... Ó12. After all packets
have been processed, the resulting root key is calculated using Rk[0] = Ó0 and
Rk[i] = Ói - Ói_1. If the key is correct, an alternative decision is made for one
of the values Ói and the key is updated using just 12 single subtractions without
the need to reevaluate all packets.
The attack needs just about 35,000 to 40,000 packets for 50% success prob-
ability, which can be collected in less than 60 seconds on a fast network. Only a few
seconds of CPU time is needed to execute the attack.
Some modications of the PTW attack have been proposed[16, 10] which reduce the
number of packets needed or allow the usage of the PTW attack in some special cases
where the recovery of full key streams is difficult.

The Chopchop attack

The chopchop attack allows an attacker to interactively decrypt the last m bytes
of plaintext of an encrypted packet by sending m•128 packets in average to the network.
The attack does not reveal the root key and is not based on any special properties of
the RC4 stream cipher.
We can summarize the chopchop attack as follows: Before encryption, a four byte
CRC32 checksum named ICV is appended to the data of the packet. The packet
with the trailing checksum P can be represented as an element of the polynomial ring
F2[X]. If the checksum is correct, P mod PCRC = PONE holds, where PONE is a
known polynomial and PCRC is a known polynomial too, which is irreducible. We can
write P as QX8 + R. Here R is the last byte of P and Q are all remaining bytes.
When the (encrypted) packet is truncated by one byte, Q will most probably have an
incorrect checksum.
Assume that the attacker knows R. Adding PONE + (X8)ֿ1(PONE + R) to Q
corrects the checksum again. If R was incorrect here, the resulting packet will have an
incorrect checksum. This addition can also be done on the encrypted packet.
Most access points can be used to distinguish between encrypted packets with correct
and incorrect checksum. For example if a client is not authenticated, and an access
point receives a packet from this client, the access point will generate an error message.
Packets with an incorrect checksum are silently discarded.
An attacker can use this to interactively decrypt packets. The attacker selects a
captured packet for decryption. He truncates the packet by one byte, guesses R,
corrects the checksum and sends the packet to the access point to nd out if his guess
for R was correct. If the guess for R was correct, the attacker now knows the last byte
of plaintext and can continue with the second last byte. If the guess war incorrect,
he makes another dierent guess for R. After at most 256 guesses and in average 128
guesses, he has guessed the correct value of R.


An improved attack on WEP
Unfortunately, after the release of the PTW attack, only little attention was drawn
towards the old KoreK attack. Compared to the PTW attack, the KoreK attack has
the advantage that it only needs the rst two bytes of the keystreams of all captured
packets. Usually, the recovery of the rst two bytes of keystream is much easier than
recovering the rst 15 or 31 bytes. A pleasant exception is the work done by Vaudenay
and Vuagnoux[16], who showed that the correlation used in the FMS attack can also
be rewritten to vote for ợi instead of Rk[i]. This correlation is one of the 17 correlations
used in the KoreK attack.

correlation used in the PTW attack can easily be modied to vote for the value of
ợ12 + ợi, even when the value of ợ12 is unknown at this moment. After the attacker
has decided on the value of ợ12, he can get additional votes for each ợi, by subtracting
the value of ợ12 from these votes. To use these additional correlations, an attacker
needs the keystream bytes X[15] to X[30], which can sometimes be recovered too.
Using all these ideas, we modied an implementation of the PTW attack1 resulting
in a new WEP cracking tool, which clearly needs fewer packets than previous imple-
mentations of the PTW attack. We decided to use the same key ranking strategy as
used for the original PTW attack. We limited the number of keys the implementation
tests before failing to 220. The same limit has been used by previous publications
about WEP attacks, so that it should be easier to compare our attack to previous
attacks.
Figure 1 shows the success rate of our implementation. For a 50% success rate, the
attack only needs about 24,200 packets, compared to 32,700 for the VX attack[16] and
35,000 to 40,000 for various implementations of the PTW attack.


Breaking WPA

Our second contribution is an attack on WPA[2]. WPA standardizes two modes how
payload can be protected during transmission, Temporal Key Integrity Protocol (TKIP)
and (AES-)CCMP. For this paper, we will concentrate on TKIP. TKIP is a slightly
modied version of WEP. TKIP implements a more sophisticated key mixing function
for mixing a session key with an initialization vector for each packet. This prevents all
currently known related key attacks because every byte of the per packet key depends
on every byte of the session key and the initialization vector. Additionally, a 64
bit Message Integrity Check (MIC) named MICHAEL[2] is included in every packet
to prevent attacks on the weak CRC32 integrity protection mechanism known from
WEP. To prevent simple replay attacks, a sequence counter (TSC) is used which allows
packets only to arrive in order at the receiver.
TKIP was designed so that legacy hardware only supporting WEP should be rmware
or driver upgradeable to TKIP. Therefore, the RC4 stream cipher is still used and the
ICV is still included in every packet.
We will now show that it is still possible to decrypt trac in a chopchop like manner
and to send packets with a custom content: Assume that the following conditions are
met: The network being attacked is using TKIP for client to access point communi-
cation. The IPv4 protocol is used with an IP range where most bytes of the addresses
are known to the attacker (for example 192.168.0.X). A long re-keying interval is used
for TKIP, for example 3600 seconds. The network supports the IEEE 802.11e Quality
of Service features[2] which allow 8 dierent channels (named TID - trac identier)
for dierent data
ows and a station is currently connected to the network.
These assumptions are quite realistic for most networks currently deployed in the
wild. To attack such a network, an attacker rst captures traffc, until he has found an
encrypted ARP request[11] or response. Such packets can easily be detected because
of the characteristic length. Additionally, the source and destination ethernet address
is not protected by WEP and TKIP and requests are always sent to the broadcast
address of the network. Most of the plaintext of this packet is known to the attacker,
except the last byte of the source and destination IP addresses, the 8 byte MICHAEL
MIC and the 4 byte ICV checksum. MIC and ICV form the last 12 bytes of the
plaintext.
An attacker can now launch a modied chochop attack as against a WEP network
to decrypt the unknown plaintext bytes. TKIP mainly contains two countermeasures
against chopchop like attacks:

*If a packet with an incorrect ICV value is received by a client, a transmission
error is assumed and the resulting packet is silently discarded. If the ICV value
is correct, but the MIC verication fails, an attack is assumed and the access
point is notied by sending a MIC failure report frame. If more than 2 MIC
verication failures occur in less than 60 seconds, the communication is shut
down, and all keys are renegotiated after a 60 second penalty period.
* When a packet has been received correctly, the TSC counter for the channel
it was received on is updated. If a packet with a lower value than the current
counter is received (the packet is received out of order), the packet is discarded.
Nevertheless, it is still possible to execute a chopchop attack. An attacker needs to
execute the attack on a dierent QoS channel than the packet was originally received
on. Usually, there will be a channel with no or low traffic where the TSC counter is
still lower. If the guess for the last byte during the chopchop attack was incorrect, the
packet is still dropped silently. If the guess was correct, a MIC failure report frame
is sent by the client, but the TSC counter is not increased. The attacker needs to
wait for at least 60 seconds after triggering a MIC failure report frame to prevent the
client from engaging countermeasures. Within a little bit more than 12 minutes, the
attacker can decrypt the last 12 bytes of plaintext (MIC and ICV). To determine the
remaining unknown bytes (exact sender and receiver IP addresses), the attacker can
guess the values and verify them against the decrypted ICV.
After the MIC and the plaintext of the packet is known, an attacker can simply re-
verse the MICHAEL algorithm and recover the MIC key used to protect packets being
send from the access point to the client. The MICHAEL algorithm is not designed
to be a one-way function and reversing the algorithm is as effcient as calculating the
algorithm forward.
At this point, the attacker has recovered the MIC key and knows a keystream for
access point to client communication. He is now able to send a custom packet to the
client on every QoS channel, where the TSC counter is still lower than the value used
for the captured packet. In most networks in the wild, all traffic is just transmitted
on channel 0, so that the attacker is now able to send 7 custom packets to the client.
After the attack has been successfully executed, an attacker can recover an additional
keystream within 4-5 minutes, because he just needs to decrypt the 4 byte ICV using
chopchop. The ip address bytes can be guessed, the MIC can then be calculated using
the known MIC key and then be veried against the ICV.
To cause damage, the attacker could for example send messages triggering IDS
systems which work on the IP layer. Alternatively, traffic could be rerouted using
fake ARP responses. The attacker could try to establish a bidirectional channel to
the client, if the client is connected to the internet using a rewall blocking incoming
traffic, but allowing outgoing traffic. The responses of the client cannot be read over
the air by the attacker, but could be routed back over the internet.
We created a proof of concept implementation of this attack2 to verify that the attack
actually works. We managed to attack hardware from various vendors, conrming that
this attack is really applicable against real world networks.

Conclusion:
WEP is known to be insecure since 2001, however we think that key recovery attacks
against WEP are still of interest. On the one hand, WEP is still used in the wild
and on the other, some companies are selling hardware using modied versions of the
WEP protocol, they claim to be secure. Secondly, the TKIP protocol used by WPA
is not much dierent from WEP, so that attacks on WEP can aect the security of
networks using TKIP, as seen in the paper.
Our attack on TKIP in Section 5 shows that even WPA with a strong password is
not 100% secure and can be attacked in a real world scenario. Although this attack
is not a complete key recovery attack, we suggest that vendors should implement
countermeasures against this attack. Because the problem can be xed in a high level
part of the protocol, we think that updates can easily be developed and deployed with
new drivers.



[1] Andrea Bittau, Mark Handley, and Joshua Lackey. The nal nail in WEP's coffin.
In IEEE Symposium on Security and Privacy, pages 386{400. IEEE Computer
Society, 2006.
[2] IEEE-SA Standards Board. Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) Specications. Communications Magazine, IEEE, 2007.
[3] Rak Chaabouni. Break wep faster with statistical analysis. Technical report,
EPFL, LASEC, June 2006.
[4] Scott R. Fluhrer, Itsik Mantin, and Adi Shamir. Weaknesses in the key scheduling

algorithm of RC4. In Serge Vaudenay and Amr M. Youssef, editors, Selected Areas
in Cryptography 2001, volume 2259 of Lecture Notes in Computer Science, pages
1{24. Springer, 2001.
[5] David Hulton. Practical exploitation of RC4 weakness in WEP environments,
2002. presented at HiverCon 2002.
[6] Robert J. Jenkins. Isaac and rc4. [http://burtleburtle.net/bob/rand/isaac.
html, 1996.
[7] A. Klein. Attacks on the RC4 stream cipher. Designs, Codes and Cryptography,
48(3):269{286, 2008.
[8] KoreK. chopchop (experimental WEP attacks). http://www.netstumbler.org/
showthread.php?t=12489, 2004.
[9] KoreK. Next generation of WEP attacks? http://www.netstumbler.org/
showpost.php?p=93942&postcount=35, 2004.
[10] Yuko Ozasa, Yoshiaki Fujikawa, Toshihiro Ohigashi, Hidenori Kuwakado, and
Masakatu Morii. A study on the Tews, Weinmann, Pyshkin attack against WEP.
In IEICE Tech. Rep., volume 107 of ISEC2007-47, pages 17{21, Hokkaido, July
2007. Thu, Jul 19, 2007 - Fri, Jul 20 : Future University-Hakodate (ISEC, SITE,
IPSJ-CSEC).
[11] D. C. Plummer. RFC 826: Ethernet Address Resolution Protocol: Or convert-
ing network protocol addresses to 48.bit Ethernet address for transmission on
Ethernet hardware, November 1982.
[12] David Sterndark. Rc4 algorithm revealed. Usenet posting, Message-ID:
, Sep 1994.
[13] Adam Stubbleeld, John Ioannidis, and Aviel D. Rubin. A key recovery attack
on the 802.11b wired equivalent privacy protocol (WEP). ACM Transactions on
Information and System Security, 7(2):319{332, May 2004.
[14] Erik Tews. Attacks on the wep protocol. Cryptology ePrint Archive, Report
2007/471, 2007. http://eprint.iacr.org/.
[15] Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin. Breaking 104 bit wep
in less than 60 seconds. In Sehun Kim, Moti Yung, and Hyung-Woo Lee, edi-
tors, WISA, volume 4867 of Lecture Notes in Computer Science, pages 188{202.
Springer, 2007.
[16] Serge Vaudenay and Martin Vuagnoux. Passive-only key recovery attacks on
RC4. In Selected Areas in Cryptography 2007, Lecture Notes in Computer Science.
Springer, 2007.

ASTALAVISTA


----m-------m----
.....| |(o o)| |
.......||(~)||:::::::::::::::::::::::::::::::::(((:>>Il Link non e' ancora attivo ma lo sara' presto...Nel frattempo toccare lo sponsor porta bene

PHP Script. Oggi metto un Social Network nel sito

Perche no?

Non e' indispensabile essere membri (acc..che parole...membro, con l'aria che tira qui resuscita Catone e tutta la New Inquisition Band), a parte il membro, dicevo che chiunque puo farsi da solo (azz....altro scivolone sulla banana attento a non andare all'indietro che trovi un orto di cetrioli)

Allora ricominciamo. Lasciamo perdere le banane e i cetrioli, quello che necessita e' chiaramente avere un server, cosa non complicata, e abbastanza fattibile anche su sistemi Windows, se non si vuole Apache si puo addirittura lasciare il server incorporato di mamma Microsoft.

Avendo strutturato il server, passiamo alla creazione di un vero e proprio social Network. Tipo Facebook e simili, che ultimamente stanno decisamente calando di qualita, basta fare un giro su You Tube e guardarsi "I modi per difendersi dalle insidie della rete" che ti passa la voglia di iscriverti.
Oppure l'angolazione 90, angolo retto, piace sempre di piu.

Bene, questo script in PHP e' la base per poter assemblare l'opera. Si puo personalizzare in ogni parte, abbiamo per questo fornito il codice sorgente, e cosa non sottovalutabile, si puo cambiare nel modo che piu si confa alle esigenze .

Proprio per questo e' facile la realizzazione. In piu ho messo dei plugin. Il file readme ANCHE in italiano. Cose mai viste. Al lavoro gente



----------Donare et semperdonare
--------- Sono gradite donazioni soprattutto in natura.
--------- Al momento il link non e' attivo,

--------- ma lo sara' a breve, non appena il tenutario del conto
--------- tornera in liberta'

Download Links:

Code:

http://rapidshare.com/files/234422272/Scrip_null_sOCIAL_tplugins3x.rar



Password ::::::> GuardianAngel



Scrip_null_sOCIAL_tplugins3x.rar  

Size: 2667 KB

┌───────────────────────────────────┐

│ ......................■■ » RELEASE NOTES « ■■.................... │

└───────────────────────────────────┘

---------------- ■■ »You know or google it. « ■■-----------------

┌───────────────────────────────────┐
| -------------- ■■ » joywarez.com « ■■ ----------------|
| ------------- ■■ » The Dark Knight« ■■ --------- |
| ----------- ■■ » TGA« ■■ ------------- |
| -- ■■ » Out from Heaven. Come in a "\hell/" L I K E T H I S-- |
| ------ ■■ » phazeddl.com « ■■ ------- |
|---- ■■ » Email: the-legions[at]land[dot]ru « ■■ ---- |
└─────────────────────────────────┘

ASTALAVISTA

Aerolinee Itavia Flight 870 as the Ustica Massacre ("Strage di Ustica")

------------------------------------------------------
Aiutateci a riaprire il caso di Sandro Marcucci

To my friend Mrs. Laura Picchi

The-Legions (Pages)
Facebook.com causes
Facebook Groups
http://blog.libero.it/sandromarcucci

Aerolinee Itavia Flight 870 was an Italian flight that suffered an in-flight explosion while in route from Bologna, Italy to Palermo, Italy.
It was a regularly scheduled flight from Guglielmo Marconi Airport in Bologna,Italy to Palermo International Airport in Palermo, Italy.
The flight departed 2 hours late at 8.08 pm CETJune 27, 1980.
At the controls of the McDonnell Douglas DC-9-15 that evening were Captain Domenico Gatti and First Officer Enzo Fontana.

The aircraft (registered I-TIGI), which left GuglielmoMarconi Airport bound for Palermo
International Airport, crashed at 8.59 pm CET intothe Tyrrhenian Sea near the island of Ustica, Italy about80 miles (130km) southwest of Naples, Italy.
All 81 people on board were killed (2 flight crew members, 2 flightattendants, and 77 passengers).

Two Italian Air Force F-104s were scrambled at 9.00 pm CET from Grosseto
Air Force Base to locate the accident area and to spot any survivors but they failed due to lack of visibility. In July 2006 the re-assembled fragments of the DC-9 aircraft were returned to Bologna from Pratica di Mare Air Force Base near Rome.
June 23, 2008, Italy announced that they have reopened the case of Flight 870.

║<><><><><><><><><><><>║

║<><><><><><><><><>><>║

Official explanation
After years of investigations, no official explanation or final report have been provided by the Italian government. In 1989 the Parliamentary Commission on Terrorism, headed by Senator Giovanni Pellegrino, pronounced itself content concerning the disappearance of Flight 870, which thus became known as "Ustica Massacre" (Strage di Ustica).
The definitive sentence asserted: "The DC9 incident occurred following a military interception action, the DC9 was shot down, the lives of 81 innocent citizens were destroyed by an action properly described as an act of war, real war undeclared, a covert international police action against our country, which violated its borders and rights.
"L'incidente al DC9 è occorso a seguito di azione militare di intercettamento, il DC9 è stato abbattuto, è stata spezzata la vitaa 81 cittadini innocenti con un'azione, che è stata propriamente atto di guerra, guerra di fatto e non dichiarata, operazione di polizia internazionale coperta contro il nostro Paese, di cui sono stati violati i confini e i diritti."

January 10, 2007, the Cassazione Court of Italy conclusively closed the case, fully acquitting two former Italian Air Force Generals, Lamberto Bartolucci and Franco Ferri, of any wrongdoing.

In June 2008, Rome prosecutors reopened the investigation into the crash after former Italian President Francesco Cossiga said that the aircraft had been shot down by French warplanes.
On July 7 2008 a claim for damages was served to the French President.

║<><><><><><><><><><><>║

Alternative theories

Speculation at the time and in the years since has been fueled in part
by media reports, military officials statements, and ATC recordings,
including radar images and trails of debris; particularly, trails of objects
moving at high speeds.
A terrorist bomb
After the series of bombings which hit Italy in the 70's, a terrorist act was quite
naturally the first to be proposed. It must be considered that the flight
was delayed outbound from Bologna by almost three hours, so apparently
the timer would have been set to actually cause an explosion at Palermo
airport, or on a further flight of the same plane.

Missile strike during training exercise
This involves NATO forces accidentally downing the DC-9 during an international exercise involving
Italian, U.S., and French jet fighters. Aviation Week and Space Technology reported that
damage had been found consistent with a continuous-rod warhead, which would have had to come from a surface-to-air missile.

Missile strike during military operation
Itavia DC-9 (I-TIGI) in a photo taken eight years before accident. Major sources in the Italian media have alleged over the years that the aircraft was shot down during a dog fight involving Libyan, U.S., French and Italian Air Force fighters in an attempted assassination by NATO members
on an important Libyan politician, maybe even the leader Muammar al-Gaddafi, who was flying in the same airspace that evening. Gaddafi has denied being in the area of the accident that evening. This version was supported in particular by investigative magistrate Rosario Priore in 1999 [2]. The judge Priore said in his concluding report that his investigation had been deliberately obstructed by the Italian military and members of the secret service, in compliance with NATO requests.

The media also reported that radar monitoring released in 1997 by NATO showed
that at least seven fighter aircraft were in the vicinity when the jet
plunged into the sea off the island of Ustica.
According to these sources, the radar shows one or two Libyan MiG-23 had
tried to evade detection by flying close to the airliner. Three Italian

Air Force F-104S, one U.S.Navy A-7 Corsair II and a French fighter pursued the Libyan MiG-23 and battle ensued.
July 18, 1980
21 days after the crash, a Libyan MiG-23 crashed on the Sila Mountains in Castelsilano, Calabria,
southern Italy,according to eye witnesses and official reports. Media rumors reported
that the plane may actually only have been discovered at that time, and that the pilot's body was decomposed, originated allegations that the MiG-23 may have been shot down at the time of the Flight 870 incident.

Conspiracy theories

There are many conspiracy theories surrounding this event. They are based on the series of
events following the air crash. For example, the vessel that carried out the search for debris on the ocean floor was French, but only US officials had access to the aircraft parts they found. Several radar reports were erased and several Italian generals were indicted for obstructionof justice 20 years later.
Some of the Italian Air Force officials who might have known about the
disaster's background died suddenly.

August 3, 1980: Col. Pierangelo Teoldi, was nominated to become Commander of Grosetto
AFB, but had not yet assumed command as of date of death -Car accident.
May 9, 1981: Maurizio Gari, Poggio Ballone air defense radar controller - heart attack at age 37.
March 20, 1987: Licio Giorgieri, Italian Aircraft Registry Commander - killed by a communist terrorist group. (see it:Unità Comuniste Combattenti)
March 31, 1987: Mario Alberto Dettori, Poggio Ballone air defence radar controller - suicide by Hanging.August 12, 1988: Ugo Zammarelli, Cagliari Italian Army Intelligence's Service Cagliari Section
(see it:SIOS) - hit and run by motorcycle.
August 28, 1988: Mario Naldini and Ivo Nutarelli, Italian Air Force strike pilots crossed Flight 870s path on June 27
over Tuscany - mid air collision during the 1988 Ramstein Air Show.
February 1, 1991: Antonio Muzio, Lamezia Terme control tower Marshal - murdered, culprits unknown.

February 2, 1992: Sandro Marcucci, Italian Air Force 46a Aerobrigata Pisa pilot - air crash during wildfire firefighting operation.
February 2, 1992: Antonio Pagliara, Otranto air defence radar controller - car accident.
January 12, 1993 Roberto Boemio, Chief of Staff, 3a Air Region, ItalianAir Force - knifed during a robbery.
November 2, 1994: Gian Paolo Totaro, Italian Army Major medic - suicide by hanging.
December 21, 1995: Franco Parisi, Otranto air defense radar controller - suicide by hanging.
April 4, 2002: Michele Landi, IT consultant for the Italian government and for the same Procura that was on the Itavia 870 case - suicide by hanging (soon after he revealed he had come in the possession of information regarding the incident)

║<><><><><><><><><><><>║

ATC transcription

20:00 local F/O Itavia 870, ready for start-up. [Flight IH870 is running about two hours late due to small technical problems and heavy weather that has disrupted normal air traffic over Italy that day]

TWR 870, cleared to start. When ready, cleared also for taxi.

F/O Roger.

20:05 TWR 870, clearance.

F/O Go ahead.

TWR Itavia 870 is cleared to Palermo via Firenze, Amber 14; climb and maintain flight level one-niner-zero. Read back and call when ready for take-off.

F/O 870 is cleared to Palermo, via Firenze, Amber 14, level 190. We'll call you ready.
20:07 F/O 870 is ready for take off.

TWR 870, cleared for take-off.

20:08 TWR 870, airborne at 08, call Padova center, good-bye.

F/O With Padova, bye.
20:11 F/O Padova, good evening, Itavia 870.

Padova ACC Itavia 870, continue as cleared and report Firenze.
F/O We'll report Firenze.[Control was procedural. IH870 reached Firenze
VOR at 20:20]

20:20 F/O Over Firenze, Itavia 870.

Padova ACC Contact Rome Radar, 124.2, good-bye.

F/O Rome, 124.2, good-bye, 870.

F/O Good evening Rome, Itavia 870.
Rome (North -East sector) ACC Good evening to you too, 870. Squawk 1136. Cleared to Palermo, via Bolsena, Puma, Latina, Ponza, Amber 13

F/O 1136 is coming and 870 is cleared to Palermo via Bolsena, Puma,
Latina, Ponza, Amber 13 and we're approaching 190...
Rome ACC Climb initially to 230.

F/O Up to 230, 870.[IH870 is cleared to FL230 and not to a highe level because at FL250, a few miles ahead, another Itavia aircraft, flight IH779 from Bergamo to Rome Ciampino, is about to start descent. The radar controller asks to the DC-9 crew if they have a visual.]

F/O Rome, 870, with the traffic in sight, is turning left again, crossing 245.

Rome ACC Roger, direct to Bolsena.
F/O Direct to Bolsena, 870.

20:27 Rome ACC [due to some scalloping of the Firenze VOR, IH779 and IH870 are now about 8 miles left of the Amber 14's centerline]Itavia 779, proceed direct to Campagnano [VOR], 160 heading from present position. Also 870 take 160 heading.
F/O 160 for 870.

20:34 Rome ACC 870, call Rome 125.5. Bye.

F/O 125.5.

F/O Rome, good evening. 870 is over Bolsena.
Rome (Terminal) ACC Radar contact, as cleared.

20:39 Rome ACC 870, 124.2, good evening.[IH870 is over Puma reporting point and is turning left to Latina VOR]

F/O Thank you, bye.
F/O This is 870, good evening, Rome.

Rome ACC 870?

F/O Good evening, 870 maintaining 290, over Puma.

Rome ACC Roger, proceed Latina, Ponza.

20:44 F/O Rome, 870.
Rome ACC Itavia 870, for Ponza 123.35.

F/O Bye.
F/O 870, good evening, Rome.
Rome (South Sector) ACC Good evening, 870; maintain 290, report Amber
13, Alpha.
F/O Yes...neither Ponza is working? We've found a graveyard this
evening; coming from Firenze we didn't find one beacon working properly.

Rome ACC In fact, everything is a bit out, Ponza too. What's your
heading now?
F/O We've 195.
Rome ACC Well, maintain 195. You'll go some mile south of Ponza.

Rome ACC I don't know if you want to keep this heading. Otherwise you can go left, 15-20 degrees.

F/O OK, we put 210.

20:48 F/O This is 870: is it possible to get 250?[IH870 requests a lower level due turbulence]
Rome ACC Affirmative: you can start descent now.
F/O Thanks: leaving 290.

20:51 Rome ACC 870, you've left Ponza three miles to the right, so approximately to Palermo it's good this heading.

F/O Very kind, thanks, we're approaching 250.
Rome ACC Perfect, anyway call me when receiving Palermo [VOR].

F/O PAL [VOR] is already on the air and coming well. And we got the Ponza DME.
Rome ACC Good, so normal navigation to Palermo. Maintain 250, call me over Alpha.

20:56 F/O It's over Alpha, 870.

Rome ACC Affirmative, slightly to the right, about four miles. Radar service terminates here. Call 128.8 for further (instructions)

F/O Thank you for everything and good-bye.

F/O Rome, Itavia 870. 115 miles to PRS [Raisi VOR, near Palermo], maintaining 250.

Rome ACC Roger, Itavia 870. An estimate for Raisi?
F/O We estimate Raisi at 13.

Rome ACC 870, roger. Cleared to Raisi VOR, no delay expected. Call back for descent.

F/O To Raisi, no delay. We'll call you for descent, 870.

Rome ACC That is correct.

20:59:45 [Last transponder answer from the IH870 is recorded at th far southern end of the Ciampino civil radar range. IH870 is recorded at FL250, about 50 miles north of Ustica island]
21:04 Rome ACC Itavia 870, when ready, cleared to 110, report leaving 250 and passing 150.[No answer]

Rome ACC Itavia 870, Rome [No answer]
Rome ACC Itavia 870, Rome, do you read? [No answer].
[Two other traffic are requested to relay the calls to IH870, but no answer is ever received from the DC-9.]

Memorial

In Bologna on June 27, 2007 the Museum for the Memory of Ustica was opened. The museum is in possession of parts of the plane, which are assembled and on display. Almost all of the external fuselage of the plane was reconstructed. In the museum there are also objects belonging to those on board that were found in the sea near the plane. Christian Boltanski was called to produce a site specific installation. The installation is composed by:
81 pulsing lamp hanging over the plane 81 black mirrors 81 loudspeakers (behind the mirrors)

Each loudspeaker describes a simple thought/worry (I.E. "when i will arrive i will go to the sea") All the objects found are contained in a wooden box covered with a black plastic skin. A small book with the photos of all objects and various information is available to the visitor upon request.

Rif. http://www.facebook.com/causes Rif. The-Legions feed Come in a "\hell/" L I K E T H I S
Rif. The-Legions Pages
Rif. http://www.liveleak.com/view?i=62e_1172060667&p=1
Rif. Aerolinee Itavia Fight
Rif. Aerolinee Itavia Fight

Published by Dimitri Demidovi
on The Legions at 18.08 pm CET May 09, 2009.

ASTALAVISTA