💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › PRIVATELINE › privateline-… captured on 2022-06-12 at 14:04:40.
-=-=-=-=-=-=-
----------------------------------------------------
VOLUME 1, NUMBER 3 --
PRIVATE LINE: A JOURNAL OF INQUIRY INTO THE
TELEPHONE SYSTEM
INFORMATION ON PRIVATE LINE
I. EDITORIAL PAGE
II. UPDATES AND CORRECTIONS
III AN INTRODUCTION TO LOCAL SCANNING
IV. DEF CON II REVIEW: FEAR AND HACKING IN LAS VEGAS
V. ROAD TRIP TO VEGAS
IV. A FEW THOUGHTS ON EMS AND 911
----------------------------------------------------
GENERAL INFORMATION ON PRIVATE LINE
ISSN No. 1077-3487
A. private line is published six times a year by Tom Farley. Copyright
(c) 1994 It runs 24 to 28 pages. It's done in black and white.
B. Subscriptions: $24 a year for subscriber's in the U.S. $31 to Canada
or Mexico.
$44 overseas. Mailed first class or equivalent.
1. Make checks or money orders payable in US funds to private line.
2. Back issues are five dollars apiece.
3. A sample is four dollars.
4. The mailing list is not available to anyone but me.
C. Mailing address: 5150 Fair Oaks Blvd. #101-348, Carmichael, CA
95608
D. e-mail address: privateline@delphi.com
E. Phone numbers: (916) 488-4231 Voice (916) 978-0810 FAX
F. Submissions: Go for it! Anything semi-technical is strongly
encouraged. I pay with subscriptions.
G. Ads: Yes, I'm taking electronic related ads. A full page is $75.00, a
half page $37.50 and a quarter $18.75. Subscribers get free classified
ads of 25 words or less.
H. Feel free to post this file at any site or on any BBS you wish. I just
ask that you keep the file together and not sell any hardcopy version of it.
Fair enough?
I. The fourth issue is now on sale. Send me four dollars or ask your
dealer to get it through Fine Print Distributors.
------------------------------------------------------------------
I. EDITORIAL PAGE
Going National; War Footing
Welcome to the third issue of private line. I hope you enjoy it. The look
and feel of this issue is different from the first two. Why? Well, it's an
effort to make the magazine more readable. The first two issues had a
great deal of information. I presented that information, however, in a
dry, humorless form. Without enough pictures and photographs. I think
I can do better, in fact, I know that I must. private line is going national.
I got a letter from Fine Print Distributors of Austin, Texas when I got
back from Def Con. Fine Print distributes FactSheet5 as well as several
hundred other periodicals. They wanted to distribute private line. I was
happy that I had found a way to put the magazine on newsstands. That's
where my readers are. But Fine Print wanted 250 copies to start. As in
starting now. And that's when the problems began.
I had been producing private line cheaply by myself. I'd take the
originals to Kinkos and run off twenty-five or thirty copies at a time. It
was an affordable, part time hobby. Two hundred and fifty copies,
however, is quite a different thing. That would cost at least 300 dollars.
Plus shipping. I would prefer, however, to print 350 copies since I sell
back issues and because I need samples. That's at least four hundred and
fifty dollars. For the first issue. With five more needed for 1995. With
no guarantee that the magazine would sell. I could be down over three
thousand dollars in less than a year. What to do? I needed financing, a
small business plan and some advertisers. A scanner to add pictures. And
time to learn how to produce a more readable
magazine.
So, I punted. I put off the distributor. I explained the problems and they
were very nice about it. They would be ready when I was. I thought that
the first of the year would be a good idea. The first national edition,
therefore, comes out in January of 1995. private line is now on a war
footing. We're behind schedule but world domination will begin soon.
We will never put off a major decision again. Instead, every opportunity
will be exploited immediately. private line's staff has dispersed and gone
to ground. This assures the public that the national issue will not be
stopped. We'll come out swinging for the national edition. Speaking of
which, let me tell you about some new things scheduled for the January
issue.
Chris Hall of Executive Protection Associates has agreed to write a
column. He's their Chief Operating Officer. This company deals with,
among other things, industrial espionage and corporate spying. He
helped give a great talk at Def Con. His first column may be on telephone
bugs.
John Higdon will write a column about telecom from a non-corporate
point of view. John keeps alt.dcom.telecom.tech together. It is the most
technically grounded newsgroup. John is a good writer with common
sense. His posts are always informative and independent.
I will add a small column on telephony and the internet. I'll try to list
which resources feature information on communications. The internet is a
great help to learning. Books and magazines are wonderful but limited.
Try to find, for example, a recent American book on pay phones. There
aren't any. But you may find a coin line expert in a newsgroup who is
willing to talk. Many people in these groups have worked their entire
lives in telecom. They have insights and answers that you will not find
anywhere else.
In the meantime, this issue will concentrate less on technical issues and
more on observation and opinion. There is no other way to comment on
Def Con. The January issue will have more real information. There may
be less, however, than in the first two issues because of the space taken
up by the photographs. Still, the information that is presented will be
more understandable than in the past. I wish you all well and I hope you
contribute.
73's
Tom Farley
II. UPDATES AND CORRECTIONS
1. I made a big mistake in the second issue. It's in the Coin First
Coin Line article. In paragraph 3.31 I wrote that ". . . coin first did
contribute something that it is used to this day by every dial tone first
telco pay phone. It's called ground start." Wrong, wrong, wrong. Pay
phones actually use loop start, just like ordinary phones. Pay phones do
use a ground to produce many signals but they do not depend on it for
making the original connection. A pay phone may use groundstart for
origination as an option. Groundstart is the rare exception and not the
rule. Let's go over my mistake. It says something about making
assumptions, the lack of good reference material and about how useful
the internet is.
2. Ground start first interested me because it is unusual. A telco coin
line is different in many ways than a normal subscriber line. That made it
easy for me to think that a coin phone originated a call in a different way.
Fike and Friend stated that "Ground start lines are used on loops
connecting PBXs to the central office, and in other situations where it is
desireable to detect a line that has been selected for use (seizure of the
line) instantaneously from either side of the line." (emphasis added) (1)
3. What were these other situations? Pay phones. A table in
Engineering and Operations in The Bell System describes the various
kinds of loop signaling. It says that coin stations use "loop start or
ground start origination" and that loop signaling may involve "ground-
start format similar to coin service for PBX-CO trunks. (2) Freeman
reprinted this table without comment in his weighty tome. (3) Seemed
like good enough authority to me. The language in the chart, however,
was conditional. It said may. I thought these three sources proved that
pay phones used ground start. All I proved, however, was that pay
phones might use ground start. I never went back to check my notes once
I made my conclusion.
4. There's more. I didn't know why ground start was used. So I
speculated. I thought it tied up switching equipment for less time than
loop start. After all, time was the chief reason why the Bell System chose
coin first instead of post pay at the turn of the century. I described their
decision in the Post Pay article in the first issue. In the second issue I
quoted Bell System literature that detailed how concerned they were with
this problem when they re-introduced dial tone first in 1968.
5. My speculative argument assumed that ground start is quicker
than loop start. Supporting this assumption was Fike's use of the word
"instantaneously" in the quotation previously mentioned. Instantaneously
seizing a line, however, seems to refer to PBX operation; not the "other
situations" that he also mentioned. Seizing the line instantaneously may
prevent an incoming call from displacing an outgoing call with a PBX. It
does not mean necessarily that ground start is faster. I myself alluded
to this in Telco Payphone Basics, Part II.
6. In paragraph 1.71-2(2) I said that DC signals are quick. That's a
chief reason for their use. Ground start is a DC signal just like loop start.
I pointed out that a DC signal traveling at even 60% of the speed of light
would be moving at near a hundred thousand miles a second. What
difference in time would there be, therefore, between ground start and
loop start? Most pay phones are within three to eight miles of a central
office. All DC signals must act as if they are instantaneous. Any
difference in time between loop start or ground start is probably
minuscule or irrelevant or both.
7. That's not all. I used two other facts to bolster my argument that
pay phones used ground start. This part of the argument was also wrong.
The presence of a coin is detected by the presence of a ground. Dial tone
first, I thought, would then utilize ground start as part of its operating
system. Not so. One does not depend on the other. Loop start can be
used even if a ground is used for other things. Reeve clears up all this
confusion in his excellent chapter on Coin Line Services. He says that
"(M)ost prepay paystations are loop start, but many can be optioned for
ground start."(4)
8. I found out about my mistake from alt.dcom.telecom.tech. I got
involved in a discussion about ground start. People commented on why it
was used in PBX operation. No one, however, mentioned pay phones.
So I did. I asked why COCOTs used it and not telco pay phones. A coin
line expert named Jay replied in great detail that both kinds used loop
start. I was rather defensive at first since it went against what I had
written. His comments, however, forced me to go back to my notes. He
was right. He also gave details about coin phones that I have not found
elsewhere. This is what makes the newsgroups so compelling. A
question, though, remains: why would a pay phone use ground start?
Why would a coin line be optioned for this method? I'm still working on
finding this out.
NOTES:
(1.) Rey, R.F., ed. Engineering and Operations in the Bell System. 2d
ed. Murray Hills, N.J. AT&T Bell Laboratories. 1983
(2.) Fike, John L. and George Friend. Understanding Telephone
Electronics. 2d. ed. Carmel, SAMS 1990 191
(3.) Freeman, Roger L. Reference Manual for Telecommunications
Engineering Wiley Interscience. New York 1985 74
(4.) Reeve, Whitman D. Subscriber Loop Signaling and Transmission
Handbook: Analog. New York: Institute of Electrical and Electronics
Engineers. IEEE Press. 1992 223
III AN INTRODUCTION TO LOCAL SCANNING
9. Editor's Note: I hoped to make this article a complete guide to
local scanning but time ran out on me. I had to turn over the entire project
to a local hacker at the last moment. Biff was incensed that I dumped this
on him. He did agree, though, to write the following introduction.
An Introduction
10. Local scanning is a systematic attempt to find interesting phone
numbers. It is a daunting task in many cases because of the number of
numbers. A prefix contains 10,000 possible numbers. A large city may
contain hundreds of prefixes. Even smaller cities have access to a huge
wealth of possibilities. The village of Fair Oaks, for example, uses only
11 prefixes. A local call, for them, however, goes out to a total of 149
prefixes. That's 160,000 possible numbers to investigate with a local
call. And, of course, that does not include unlisted prefixes, test numbers
or telco numbers. Let's start at the beginning.
Some History
11. The first three digits in a phone number guide the call to the right
central office or exchange. The next four digits direct the call to the right
subscriber in that exchange. Why 10,000 numbers in a prefix? Why not
a thousand? Or 3,425? It's because early switching equipment was
designed that way. Tradition continues it. Step by step equipment was
arranged in banks of one hundred contacts. Each bank or selector had
ten rows of ten contacts. Three banks produced 10,000 numbers.
Smaller communities used two banks. Bigger cities used four. It's easier
to study the old diagram below.
The Big Picture
12. The prefix map on the next page represents a look at one city's
prefixes. It is the logical map to develop if you are interested in your city
as a whole. A better map would be color coded. Cell prefixes would be
printed in one color, pager prefixes another, governmental agencies
would occupy still another. Most prefixes are not dedicated to a single
use but you could note the ones that were.
Getting Started: Some Suggestions
13. This depends on what you want to do. What you're interested in.
If you are in a big city you have hundreds of thousands of possible
numbers to call. Here are some suggestions if you're not sure:
14. a.) The ANAC Angle: Absolutely critical to find. Your first
assignment. ANAC stands for automatic number announcement circuit.
It's a phone number that you call to get the number you are calling from.
Linemen use it to verify the line that they are working on. You can use it
to find the number of a pay phone that no longer has its number
displayed. Among other things. ANAC's are central office specific.
They can vary from one city to another, or even from parts of one city to
another. ANAC lists are scattered about the internet and even on services
like Compuserve. These are lists built on the definitive anac guide article
published in the Autumn 1990 issue of 2600. I did not reproduce it
because it is copyrighted. In any case, these lists do exist and they are
arranged by area codes. You may not find your number. I have not seen,
for example, an ANAC ever listed for 916. So you must search. Many
ANACS revolve around touch tone keys that are close together. There are
a great deal of "2's" and "1's" in the guides. This probably makes it easy
for the lineman to punch in a number quickly.
15. I found the ANAC for my part of town in six tries. It's (916)
211-2222. It was a fantastic piece of luck but I did concentrate on "2's"
and "1's". I had a plan. I may, though, go to Davis and hunt for hours.
If you are really frustrated then get to a 2600 meeting. Post a message to
alt.2600. But try first. And then spread the wealth. I had my local ANAC
up on the net within five minutes of its discovery. There are 800 numbers
that do the same thing. A local ANAC is preferable since it keeps the 800
number from being abused.
16. b.) The Payphone Angle: Telco payphones rely on specific
circuitry at specific central offices. Not all CO's have the hardware to
perform coin line functions. Telco payphones, therefore, have been tied
to certain CO's. Your mission, should you decide to accept it, is to map
out the locations and numbers of each payphone in an area near you. You
can investigate them further once your inventory is completed. Here are
some tips.
17. An old Thomas map book works great for noting the location of
each phone. The particulars ought to be logged in a notebook, with the
kind of information I have in my sample sheet on page 55. Do not ignore
the wiley COCOT. Many started out as telco payphones. Many still have
the same number they did when the telco owned them. They may not be
tied to the same circuitry but they do provide clues with their numbers.
Speaking of numbers, an 800 ANAC is sometimes essential to have if the
number is missing. Although ANAC calls are free with most telco
phones, a private phone may charge for the call if it can be completed.
Their automated coin toll service or ACTS may ask you for a substantial
sum. And then you might just get a long distance call and not the number
reading back to you.
18. c.) The Telco Angle: Scanning for telephone company numbers.
Always fascinating. Try the lower end of the biggest, oldest exchanges.
You'll note in your phone book that certain prefixes are tied together. For
example, 440-449 or 451-457. Start out at the bottom of 440. Numbers
like 440-0031, 0041, 0003 and so on. Try the first 100 numbers for that
exchange. Try the top 100 if nothing is there. You'll find tons of
interesting numbers if you are persistent. The bottom of 440, for
example, is like an announcement store. You get recordings like "Due to
telephone company facility trouble, your call cannot be completed at this
time." Or, "Due to heavy calling, your call cannot be completed at this
time." Even the ominous, "There is no charge for this call. This number
has been disconnected as a result of a recent federal court decision and
Pacific Bell's business policy."
19. You'll also find test tones and telco modem numbers in places
like these. You might also pick up the telco name for each exchange.
Someone picks up the line at the bottom of 440 with just the words
"Main" Calling it that makes sense since it is the largest CO downtown.
But who would know what "Ivanhoe" means in the 481 exchange? Well,
I do. The 481 used to be dialed with IV when letters were used. IVanhoe
8349, for example. To this day, the only human you'll find at the bottom
of 481 still answers "Ivanhoe" when he answers the phone. It's still their
name for that exchange. Telco tradition dies slowly if at all. By the way,
you can find a list of these older names at a well stocked local libary.
Look in old newspapers or any locally produced magazine from before
1955 or so. Ads in the back of old high school year books work well,
too.
20. d.) The Answering Service Angle: I've had good results with
this, although I'm not sure what I have. Older, smaller exchanges often
had answering services tied to a particular range. You can still find this in
most cities. Call numbers near existing services. No need to call a listed
number. You'll get answering machines that are actually voice mail
locations, weird tie lines and merchant credit numbers. It's all quite
strange. Perhaps the telcos grouped the answering services together in
order to deal with heavier loads. Maybe it says something about the
switch.
21. e.) The Governmental Telephone System Angle: Always
intriguing. I find it fascinating the way that certain counties arrange their
communications. You get a taste of this on page 63. Each little
community or district needs to communicate with the county seat. Many
times it is simply with ordinary dial up lines. Other times it is most
complex. Best approach is to poach the relevant county phone book in
order to get started.
Logging Your Calls
22. The most difficult part of scanning is keeping your records
organized. It's just about impossible with paper. It could be done with
the right software, but that is quite a project. Let's look at paper first.
Check out the experimental worksheet on page 55. It's nothing special,
just a table done in Word. The spacing, though, is correct. You need that
much room to make notes. And you need the numbers to be printed out
before you make a call. Don't write down each number as you go. It
doesn't work. Notice how one sheet only covers 100 numbers. One
prefix, however, needs 100 sheets. What's needed is the right equation
for EXCEL. You could then produce the pages needed for a particular
range.
23. An electronic logging program might be the best thing but I'm not
sure it's worth it by itself. If you develop such a beast then you might as
well commit to a war dialer as well. A single program could help place
calls as well as log them. Quite a project. I am uneasy about any program
than scans an entire prefix. You might hassle as many people as a
telemarketer. I think the best scanning happens while disturbing the
fewest people. (As if you are calling to talk to anyone.) I'd like some
comments from anyone interested in local scanning. Hams have a great
deal of logging software that is in the public domain; possibly some of it
could be converted.
Biff
IV DEF CON II REVIEW: FEAR AND HACKING IN LOS VEGAS
24. We were somewhere around Barstow on the edge of the desert
when the cell coverage began to come in . . . The second Def Con was
held at the Sahara Hotel in Las Vegas on the weekend of July 21, 1994.
Three hundred and seventy people attended. At times it was chaotic,
disorganized and anarchistic. I can't wait to go again. Where else can you
hear a discussion of UNIX, cryptography, industrial espionage, and the
Chaos Computer Club in one weekend? For fifteen dollars? There were
some problems. None of them, however, seemed serious enough for me
to be concerned with. Dark Tangent and his people deserve
congratulations for pulling off a great event for the second year in a row.
25. The con got off to a rocky start on Friday night. Mark Ludwig
was to have spoken on UNIX security. But no Ludwig appeared. He
was rumored to be either sick, jet lagged or drunk. No one knew. We did
know, however, that the Def Con people were in trouble. There was no
alternate speaker. One of Dark Tangent's friends tried to stall for time by
telling bad jokes on the stand. There was, however, nothing to stall for.
Audience members themselves arranged a discussion of UNIX after
about a half hour. The con had been hacked. Peter Shipley bravely
volunteered to answer general UNIX questions.
26. You could tell by the audience questions than many in the crowd
knew a great deal about UNIX. Few, though, got up to speak. Peter
did. That deserves credit. Shipley's company is the Little Garden in San
Francisco. It provides internet connections to the greater San Francisco
bay area. His remarks reminded me that I need to learn more about
UNIX. Much of the discussion went right over my head. Still, that is
my fault. English may be the unofficial language of the internet but
UNIX seems to be the official one.
27. Saturday ran more smoothly. Philip Zimmerman introduced
himself by saying in a quiet voice that he had authored Pretty Good
Privacy. The crowd gave him a round of loud applause. Zimmeran talked
about electronic privacy, new developments with PGP and how he was
now the subject of a federal grand jury investigation. It was somewhat
eerie to listen to Zimmerman. An invisible whirlwind of current events
and history surrounds him as he speaks. Hearing him speak was enough
to justify the entire trip to Vegas. At least for me. I won't remember
much of this convention ten years from now. But I will remember that I
saw Zimmerman at Def Con.
28. He talked about designing simpler interfaces to make PGP easier
to use. True point and click routines with graphical interfaces. He also
went to great lengths to explain that the current release of PGP is as
robust as the older version. The new one is slightly different for patent
and legal reasons. He also talked about how close he was to perfecting a
secure voice phone based on PGP routines. You wouldn't need a special
telephone, just your regular computer. Using conventional Sound Blaster
cards and 19,000 baud modems, one could finally talk on a telephone
line in complete privacy. Just so long as the party on the other end has
the same equipment. He also told a story that someone had told him.
AT&T engineers supposedly became depressed upon hearing of his
work. They should be. A cheaper, better system now threatens their
expensive Clipper based phones.
29. Gail Thackeray spoke next. She is now a deputy district attorney
for Maripoca County, Arizona. Her points were poorly delivered and not
well received. Her first stumble came when she seized upon an innocent
example provided by Zimmerman. He said that privacy was simple in the
old days. You just went behind the barn to talk with someone in private.
PGP restored what people had before the days of electricity and
electronics. Thackeray attacked this. She maintained that privacy was
never assured because your comments could always be misinterpreted
and distorted later. What? Zimmerman's point was that privacy used to
be secure during transmission. Thackeray's point dealt with the
conversation after transmission. The two points are not related. Yet she
tried to say that they were.
30. She then trotted out the same tired arguments she related to Bruce
Sterling in The Hacker Crackdown. One is that law enforcement needs
better tracing abilities. A telco once told her that a kidnapper's call
couldn't be traced. This still upsets her. She provided no details about the
incident. I have no idea, therefore, why the company couldn't. I suspect
it may be a problem beyond legislation. Tracing calls from certain
remote places may be difficult or impossible. Arizona and the West in
general have dozens of small phone companies that use simple central
office equipment. These may not pass ANI or automatic number
identification to the toll office. What then? Many CO's support party line
service. How do you know, therefore, if the call is coming from Ranch
A or Ranch B? There are also thousands of miles of open carrier wire and
aerial cable that can be clipped into without detection. Just you, your
lineman's handset and your jeep between, say, Jarbridge, Nevada and
Elko. How does better call tracing help any of this? And why is she
talking about this to us? Talk to a telco, that's what I say. Or give us
some specific information.
31. Thackeray also talked about how encryption works against
discovering the dreaded, mythical nuclear bomber, Her worst fear. The
scenario that she holds us hostage to. The reason that we have to accept
Clipper or some other government imposed encryption standard. Get
real. For better or worse, someone who has a nuclear bomb is already
using encryption, passing notes by hand or delivering plans in a
diplomatic pouch. The issue is moot unless the government makes their
form of encryption the only one that people can use. And only then if
they are prepared to jail people for not going along. Listening to
Thackeray, I am convinced that law enforcement is ready to do that.
32. Her talk really broke down after the first audience question. One
audience member said that he didn't worry about the police reading his e-
mail; the reason that he encrypted was to keep snoopy system
administrators from reading it. A reasonable solution to a common
problem. Thackeray's demeanor changed when she heard this question.
Her voice became strident. She said that she didn't have a problem with
him doing so, for now, but her tone was very condescending. "What"
she seemed to say, "e-mail? I have bigger problems to deal with."
33. Yeah. Sure you do. Until my e-mail interests you and you can't
read it. The audience kept up their questioning. She kept delivering fuzzy
answers. This is the woman who has talked to hackers for years? About
what? What useful information has she given us? Tell me what happens
when I'm arrested. What the process is. The difference between federal
law and state law. What the fines are. The code sections we might be
arrested under. I heard nothing specific. We got philosophy instead.
Great.
34. A central theme to her talk was that we may all have to abide by a
breakable encryption scheme. Why? In order to fulfill a social contract
that she maintains exists between all members of society. The greater
good, that sort of thing. Defined, of course, by her and law enforcement.
35. Well, that's a big subject. One best discussed over many drinks.
In the end, however, I'm not sure that anything useful will be
accomplished, no matter how much philosophizing and talking that you
do. Law enforcement types favor control. Hackers push control away.
No two groups could be farther apart before they start talking. No
amount of talking will bring them together. Communication does not
necessarily lead to acceptance or understanding. Both sides of the
abortion debate, for example, understand each other's position very well.
Neither side, however, will change. Endless arguing may appeal to the
contentiously inclined but I would rather participate in a debate with a fair
chance of winning. Thackeray gamely answered people's questions after
her talk. I got two back issues out of my back pack. "What the hell", I
thought. I'll give her two copies of private line. She did make the effort
to get here. Maybe she'll read my comments on California toll fraud in
those issues. Maybe she'll see that some people are interested in
specifics. As I waited to hand her the issues, though, I heard her say
something to an acquaintance. She said that many in the audience were
very naive and that many had never thought about some of the
issues that she raised. I stepped up and told her that my magazine
contained some naive ramblings about California Penal Code section
502.7 and 502.8. She looked a little lost at hearing Penal Code cites in
this strange setting but she did thank me. The Con raced on after this.
There were some canceled talks but other people stepped in. The
following is a loose collection of notes on some of the more interesting
speakers. In no particular order.
36. Stephen Dunnifer of Free Berkeley Radio gave an interesting,
politically charged talk on micro-broadcasting. He's trying to bring radio
to the community and neighborhood level with low power transmitters.
His radios seem well built and designed. Most current circuits don't drift
enough, anyway, to cause interference. His people are currently fighting
the FCC to loosen restrictions on licensing. Starting a radio station today
means tens of thousands of dollars. And then what do you get? A
monolithic station that doesn't serve an area very well. KFBK in
Sacramento, "the flame-thrower of the Central Valley" seems to cover
Carmichael only when there is a murder. No local news. Dunnifer's
people will go to court to change things. As a ham I feel that the FCC
will never move away from the present system without that court order.
Dunnifer thinks that changing the system through legislation is
impossible. He's probably right.
37. Padgett Peterson talked about viruses and computer security. He
has been involved with computers since the 1950's. He's done quite a bit
of work for the military including all sorts cryptography projects.
Peterson spoke with a quiet authority. He seems to see the Big Picture.
He knows how things work. Most of us are trying to figure out bits and
pieces of the puzzle a little at a time. He has worked full time in computer
related fields for over 30 years. He says, for example, that a DOS
computer gives him everything he needs. Doesn't need UNIX to do
anything. But that's because he knows UNIX already. He can make that
kind of decision because he knows both systems. As a beginner I don't
think that I can put off learning UNIX even though he says it isn't
necessary. I'll probably stick to basic commands, though, and let it go at
that. Peterson also talked about how viruses were changing. He said that
many people say they are developing viruses to learn more. If so, he
said, then viruses should become harder to find yet easy to remove once
discovered. The reverse is true. Today, he said, viruses are just as easy
to discover but they are much more difficult to get rid of.
38. Winn Schwartu gave a fascinating talk on electronic security,
state sponsored corporate theft, HERF guns and EMP/T bombs.
Among other things. I might have thought he was a charlatan but I think
he is the real thing. I overheard him talking about electromagnetic pulse
weapons at lunch to his friends. He was trying to explain the technology
to his friends with the enthusiasm of a little kid. In other words, he really
enjoys his work. He's written a few books but he didn't push them on
anybody. He hardly mentioned them at all. I respect the discipline that
that takes. He also hung around the con for the entire weekend, unlike
some speakers who came in and left quickly. His just wrote Information
Warfare: Chaos on the Electronic Superhighway.
39. Dead Addict offered some home spun philosophy about the
electronic future. I think DA's real contribution to Def Con were his
frequent questions about better interfaces. He seemed to ask every
programmer about how they would develop a program that was easier to
use. I think we all assume that programmers are working on better
GUI's. It's not a bad idea to have someone make sure.
40. Dr. Mark Ludwig talked about viruses, file security and on being
a citizen of the world. He writes a quarterly on viruses. He sponsored a
virus contest just for the convention. Before he gave out the best virus
award he noted a contest rule. He said it prohibited a destructive virus.
"But" he added, "I don't consider the destruction of an anti-virus
program to be a destructive act." I thought that rather clever.
41. He talked about how important it was to encrypt files and to
encrypt them often. He also talked about how we ought to become more
comfortable with travel and distant places. Take cheap flights when you
can to visit different countries. Get used to the idea that you can move
yourself and your work to another place if you need to. I thought this
was a liberating kind of talk. Most of us get used to our surroundings.
He seems comfortable traveling to, say, Nigeria at a moment's notice.
He also mentioned a few books that give information on setting up
overseas bank accounts.
42. Chris Hall of Executive Protection Associates, Inc. helped give
an interesting talk on industrial espionage and corporate security. He's
their Chief Operating Officer. There were a lot of security types at the
con. They talked about bugging and wiretaps and showed some
photographs. They made the important point that you really can't do
much about law enforcement monitoring. If they are using a form of
REMOBS or remote observation, then they listen through the central
office and not in a location that you can access or control. Chris will soon
be writing a column for private line.
43. These were just some of the speakers. It seemed that on Saturday
and Sunday someone was always talking. Some people bailed out and
others filled in. I never did catch any talk on cell phones, despite a few
being listed in the program. Still, White Lightning brought along a
custom test set that he uses with his cell work. He patiently answered
questions and demonstrated how the equipment worked. This demo was
out in the lobby but improntu demonstrations happened here and there by
different people. Most were the result of pure curiosity and enthusiasm
for different kinds of technology.
44. I was surprised how socially connected people were. It dispels
the lone hacker myth. Only 30 to 40 people sat by themselves before each
talk. The conferees were young. Most seemed in their 20's with some
generation Y and a few thirty somethings thrown in. Everyone over
thirty, by the way, was deemed to be a Fed.
45. I was also taken by the enormous creativity of the event.
Americans are a creative, driven lot. We are a nation of tinkers,
inventors, gadgeteers and fix it men. It has always been this way.
Thomas Edison, Samuel Morse, Eli Whitney and Elias Howe were all
represented in some small way by all of the people at the con. We push
toward a common goal: understanding. Figuring out how things work.
Motivated for different reasons, perhaps, but motivated none-the-less.
Infuriated when we don't have the information we want. Delighted when
we get that last piece of the puzzle. Only to find, of course, that there is
another puzzle to figure out. I can't think of a better life.
Def Con Info:
e-mail list: majordomo@fc.net with "subscribe dc-announce" in the
body of the
message to join the announcement list. "subscribe dc-stuff" for the
chat list.
FTP : fc.net in /pub/defcon from cyberspace.com.
DT's e-mail: dtangent@defcon.org
Snail mail: DEF CON
2709 E. Madison #102
Seattle, WA, 98112
(DT says that he has tapes of the whole convention for sale. They
consist of (10) 90 minute tapes, $32.90 for a set. He also has some
shirts left: 20 long sleeve white shirts, about 1/2 old style 1/2 new style.
They are three color front, two color back and $22.90 (that extra 2.90 is
for postage))
V. ROAD TRIP TO VEGAS
46. We took the road less traveled. Most people from Sacramento go
down the Central Valley to Bakersfield and then head east to Vegas. That
route looked fast and boring. We wanted slow and interesting. I just put
out the second issue and I was tired. In no mood to rush. So, we took a
criss crossing, zig-zagging route instead. We went over the Sierra
Nevada, down to Bishop and then over the White mountains to Nevada.
A two day trip. We started out by pointing the Jeep east along Highway
16, the old Jackson Highway. It runs into Highway 49, the only true
north south route of the Sierra Nevada foothills. We headed south until
we caught Highway 88, which then strikes north-east over the Sierra.
47. We struck gold quickly on Highway 88 near the Bear River Lake
Resort. Right off the highway was a Northern Telecom pay phone that
ran on solar power. Cool. It even had a locking cabinet around it. The
number is (209 295-9801. A telco with perhaps the most distinctive name
in America operates this pay phone: The Volcano Telephone Company.
They serve a fairly large area in the central Sierra . Three exchanges. Six
thousand lines or so. Their trucks are white with bold blue lettering if
you are keeping a watch. I resisted the temptation to call Belize and took
photos instead. We kept on 88 until it ran into 395. We then headed
south.
48. The next stop was the slightly funky town of Markleeville. Tye
dye clothing. VW buses. CONTEL country. Continental Telephone
Company of California, that is. Pay phone placards suggested that repair
and admin were out of Stateline at Lake Tahoe. CONTEL operated
dozens of step by step offices as late as 1987. One post to a newsgroup
stated that CONTEL installed 5ESS's in many Southern California cities
instead of the less expensive GTD-5's. Enlightened thinking, indeed. I
don't know, though, what kind of switch now serves Markleevile. It
may be a remote instead of a stand alone switch.
49. I do know, however, that 99XX numbers tie most pay phones
together from here to Bishop. Numbers like 694-9994, 9991, 9995 and
so on. Some run in consecutive order. For example, at the top of
Conway Summit on Highway 395 is a pay phone. Right at the 8,138
foot mark. It's number is (619) 647-9964. The next stop is the Mono
Basin National Scenic Area about a dozen miles away The two pay
phones there are 9962 and 9961. What happened to 9963? Probably back
at the one phone I didn't stop at on the way. Might be pretty easy to find
test numbers in this country Stop at the Visitor Center if you drive by
Mono Lake. It's well done. You can learn about tufa. Rain and lightning
over the Sierra Nevada provided a dramatic background as we visited. A
tropical storm had pushed inland from the Gulf Of Mexico. 100 percent
humidity and 85 degrees. Humidity in Las Vegas the next day would be
less than 10%. Next stop was Bishop. The overnight destination.
50. We stayed at the Frau Haus or the Krautz Haus motel I don't
remember. At four p.m. it was hot and humid. Overweight people filled
the pool. The only way to cheer me up was to find a used bookstore.
Which we did. I found a three year old book on telecom for about seven
dollars. This brings up an important point. Many used bookstores in
bigger cities are picked clean when it comes to telephony. Try book
stores in smaller towns as well as antique stores. You may be surprised
51. I passed out after dinner and then woke up around 10:30 p.m.
Time for a night op. I strolled over to CONTEL's corporation yard
downtown. They maintain a big presence in Bishop. You can't miss their
microwave tower as you drive through the city. My intel says that Bishop
is a toll center. This makes sense because Bishop is the largest city in the
southern Sierra Nevada. CONTEL's building may also house the central
office switch for the city. Their corporation yard was spotless and well
lit. Several company trucks were parked at weird angles near the back
door. The building looked occupied. I understand that most toll centers
are manned around the clock. In any case, the highlight of their yard was
a brand new, bright red Snow Cat on a trailer with the CONTEL logo
emblazoned across the side. Great stuff. Made me wish I had some
private line bumper stickers to paste on it. I bet the linemen fight
over who gets to make service calls with this machine during the winter.
52. We took off the next morning to cross the southern end of the
White Mountains into Nevada. You cross these mountains by using
Highway 168. We gassed up in Big Pine first before heading toward the
summit. Count on all gas being 15 to 20 cents a gallon higher than in the
city. We didn't buy any food or drinks in Big Pine. That was a mistake.
The next supplies turned out to be 97 miles away in Scotty's Junction,
Nevada. I'm taking extra water for the jeep as well. Next time. One
problem with these isolated roads is that having a AAA card doesn't help
much. They pay for the first five miles of towing only. Getting stuck
fifty miles up the road might bankrupt your vacation.
53. The road to the Westgard Pass was long and turning. This is the
way to the Bristlecone Pine grove. Some of these trees are over 4000
years old. We didn't look at them because they are twelve miles off the
road near the top of the grade. But we will see them next year when we
return to Def Con. Just takes more planning. This 80 miles of road had
few houses along it. No services. Some ranch houses had electric power
but I did not see telephone cable running out to them. It's odd to think
of people in 1994 who don't have telephone service available. Still, that
is also the situation in some northern California counties as well.
54. The scenery was beautiful, though, and we enjoyed the drive.
Wide vistas of bare mountains and the occasional soda lake. Five or six
falling down houses marked the town of Lida Junction. No stores. I was
confident, however, that there would be something at the junction of
Nevada Highway 95. There was. A cathouse. I told my friend that I
would check things out in the interest of finding her something to drink.
She told me to keep driving. The drive south to Las Vegas was boring
and uneventful. A fiber optic cable runs alongside it. At 7,000 feet the
temperature in the mountains was pleasant. It was now climbing past 100
degrees as we drove down Highway 95. We stopped in Beatty for lunch.
Beatty heralds itself as "The Gateway to Death Valley." Great. This little
town has a strange affinity for mules. Mule Days. Twenty Mule Team.
Borax mining and all that. Expensive mule related t-shirts, sweaters and
key chains. A casino named for a mule. We had a pleasant lunch and then
got back on the road. It was your basic Death Drive until Las Vegas.
55. We got into Vegas after a total of 563 miles. We traveled through
North Vegas first. Many North Las Vegas residents think their town has
an image problem. I understand. Much of this area looks like Telegraph
Avenue South. Litter and street people and 1050 heat. Lovely. I read
now, though, that they are trying to clean things up. The town got
cleaner but busier as we drove. Traffic is very heavy around all the
hotels. We didn't have a detailed map of Las Vegas so we just motored
toward the hotel signs. I'll have a map next year.
56. Next year we'll set aside an even longer block of time for the road
trip. I think that many people could only set aside a weekend for the Con.
That's unfortunate. It makes everything feel rushed. My suggestion is to
think about taking an entire week off next year. That's what I am doing
since I have so much time to plan ahead. I hope to see you there.
The Sahara Hotel ---
57. Dark Tangent would like the Con to return to the Sahara next
year. They are, however, raising the costs dramatically. Dark Tangent
says that they now want $3,000 for the space he needs next year. Here's
a few random notes on the hotel in case we all wind up back there in
1995.
58. The parking lot is a mess. Ignore all signs, parking attendants
and wrong way arrows and drive into the parking garage first. Not the
temporary lot. Park the car but leave your luggage inside. Scope out
things first. The check in line can vary from a few people to an hour long
wait. Get a beer and relax. Jump into line if the wait is short. The
baggage handlers are union, by the way, so you may want to carry your
own luggage.
59. The Sahara is an old casino. It's kept up well but it's been used
hard. The rooms though, are much cleaner and brighter than the rest of
the motel. We registered early and got a room on a top floor. I didn't
hear anything from adjacent rooms. They do check for hotel cards before
you get on the elevators. I think that's a nice touch. I understand,
though, that they won't issue room cards to people under 18 without an
"adult" present. So don't lose your card if you are under age. I thought
there would be more friction between the casino and those under 21. I
really didn't see any incidents. Maybe security was low key but I did not
see anything overt.
60. Driving and parking are such a hassle that you may find yourself
staying at the hotel the whole weekend. If so, food is going to get
expensive. Still, there is a nice cafe near the pool where you can buy
fruit, pastries, milk and sandwiches. It's actually more pleasant than the
restaurants, especially in the morning when you can take your food
outside. Speaking of the pool, the hotel does not keep it open after
dark. That's a shame since the area is so well lit and because the weather
is so hot.
61. Pay per view movies in the hotel room are an overpriced joke.
Seven to eight dollars. The drink specials, though, are a godsend. The
Sahara had Heinekens for a dollar all weekend. They were the savoir of
many, including me. just got an exciting document with a dull name.
VI. A FEW THOUGHTS ON EMS AND 911
62. I just got an exciting document with a dull name. It's called The
Sacramento Regional Fire/EMS Communications Center: Computer
Aided Dispatch and Records Management System. Request for
Proposals. What is it? It's an invitation to bid. The City and County of
Sacramento want to upgrade the communication system that
handles their fire and emergency medical response. The Warner Group
put together for the County a complete description of the existing system
as well as the requirements for a new one. This booklet gives all bidders
the same information. They use this Request for Proposal to develop
their bid. It gives a lot of fascinating, telecom related details.
63. The smaller cities of Sacramento county use Macintoshes and PC
clones to deal with the regional communication center. The larger districts
use mini-computers. The larger districts have dedicated tie lines to the
EMS center. The smaller ones, though, still use normal dial up phone
lines. Galt has a dedicated line but it is over microwave. Galt, in fact,
wins the hacker seal of approval for having their headquarters and their
three fire stations running Amigas! Where do you go, anyway, for fire
dispatch and EMS software for the Amiga? It poorly details callboxes.
Many still exist in downtown Sacramento. Some still use open wire
strung on poles.
64. Alas, these different setups will probably be made uniform with
the new system. Motorola will probably come stomping in with A
Solution. The public will benefit, of course, but I'll miss the thought of
a life saving message racing through the CPU of an Amiga.
65. Speaking of different setups, the Sacramento area has one of the
most patched together 911 systems you can imagine. Cell calls are the big
problem. The 911 center for the county was at capacity when cell phones
came in around 1986. Most phones were then, of course, in cars. It was
decided, therefore, to route 911 cell calls to the CHP headquarters in
Sacramento. The calls from five counties tumble into their dispatch center
with, at times, perhaps three people to answer them.
66. A dispatcher then has to figure out where the person is, often
with a poor description and a panicked caller. There's no address on a
screen like a land line call. Indeed, the dispatchers don't have screens.
Just a phone with keys. The Sacramento Bee had a long article on all of
this on July 10, 1994. In that piece they described a call that actually
happened: 1) A kid got knocked out at a ball game in Placer County,
2) A spectator called 911, 3) The dispatcher determined after three
minutes that the ballpark was in Placer County, 4) The dispatcher notified
the Department of Forestry since they were the agency to pass an
emergency call to, 5) CDF then called the Newcastle Fire Department, 6)
Newcastle Fire then dispatched their medical emergency response team.
67. Normal land line 911 calls, by comparison, go directly to a main
dispatch center. They verify your address with ANI or automatic number
identification They can also send out the appropriate agency without
having to pass off the call. The coming years will streamline the process.
I will not be nostalgic for the days of CDF handling traffic. Write me if
you have some information about the system in your area.
privateline@delphi.com