gemini - kennedy.gemi.dev

💾 Archived View for clemat.is › saccophore › library › ezines › 2600 › 2600_18-1_djvu.txt captured on 2021-12-03 at 14:04:38.

View Raw

More Information

-=-=-=-=-=-=-

The Hacker Quarterly

Volume Eighteen, Number One!

Spring 2001

$5.00 US, $7.15 CAN

“Why is it perfectly legal to post a diagram of how to build
a bomb on the net, but you can’t post a code that de-
scrambles DVDs?” - The March 3, 2001 edition of “Boon-
docks,” a daily comic strip written and drawn by Aaron
McGruder and seen in newspapers all over the county. It
devoted three days to the DeCSS controversy and, unlike
virtually all news reports, got the story right.

Editor-in-Chie f
Emmanuel Goldstein

Layout and Design
ShapeShifter

Cover Concept and Photo
Bob Hardy, Ben Sherman

Cover Design
The Chopping Block Inc.

Office Manager
Tampruf

Writers: Bernie Billsf, Blue Whale,
Noam Chomski, Eric Corley, John Drake,
Paul Estev, Mr. French, Thomas Icom,
Javaman, Joe630, Kingpin, Miff, Kevin
M it nick. The Prophet, David Ryder man,
Seraf, Silent Switchman, Scott Skinner,

Mr. Upsetter

Webmaster: Ely knight

Web Assistance: Fearfree, Kerry

Network Operations: CSS, Phiber Optik

Special Projects; mlc

Broadcast Coordinators: Juintz, Cnote,
Silicon, AbsoluteO, RFmadman, BluKnight,
Monarch, Fearfree, Mennonite, jjjack

IRC Admins: Autojack, Khromy, Kozik,
Muted, Tprophet

inspirational Music: Terry Draper,
Sentridoh, LKJ

Shout Outs: Rachel Barr, Janice Bryant,
Dave Burstein, Bob Fass, Juan Gonzalez,
Amy Goodman, Stiaran Harper, Patty
Hefdey, Robert Knight, Al Lewis, Errol
Maitland, Mario Murillo, Ken Nash, Mimi
Rosenberg, Anthony Sloan, Scott Sumer,
Carol Spooner, Eileen Sutton, Valerie Van
Isler, Bill Weinberg, Bernard White

26001 ISSN 0749-3851 ) is published
(juurtcrly by 2600 Enterprises hu
7 Strong's Lane, Setauket, NY
11733.'

Second class postage permit paid at
Setauket, New York.

POST MAS! ER: Send address
changes to

2600 , P.0. Box 752, Middle Island.
NY 1 1953-0752.

Yearly subscription: U.S. and
Canada * $ 1 8 individual,

$50 corporate (U.S. funds).
Overseas - S26 individual,

$65 corporate.

Back issues available for 1984-
1 999 at $20 per year,

S25 per year overseas.

Individual issues available from
1988 on at S5 each. S6.25 each
overseas.

ADDRESS ALL
SUBSCRIPTION
CORRESPONDENCE TO:

2600 Subscription Dept., l’.O. Box
752. Middle Island, NY 1 1953-

0752 (subs@2600.com).

FOR LETTERS \M> ARTICLE
SUBMISSIONS, WRITE TO:
2600 1 dltoriitl 1 >cpl,. P.O. Box 99,
Middle I d anti N't 11953-0099
< letteis@2600.com,
unities*" .'MHi.com).

2mn < Mllt< Line: 631-751-2600
2MM I V \ Line: 631-474-2677

t *

Sl 8 ns 0 f Hope

As our appeal of Iasi ye at DeCSS case
draws closer (at press time it w;i *ri b < b< h .in l
by the Second Circuit Court ol \pjn U in earl\
May ), we realize how mud vv e ' \ .u . . mi| 1 I 1 .1 u d
since this whole ordeal started and hm mia h
other people with half a clue have eon " Join
too. That’s not to s:l> that a lot ot hud lul l ha n i
happened - we know loo well about ill a! lut
New bad laws, new threats, more stifling “I tec h
nology and speech throughout the world, lint de-
spite all that, we’re going into this with a i il
feeling of optimism.

As time passes, more people seem to mili/c

the true motives of groups like the Mot Pit

ture Association of America and the Kecordim
Industry Association of America, fliev n m>t
about protecting the rights of struggling artist
bolstering creativity, or giving consumer a I m
deal. They’re about maxi mi zing profit plain .uni
simple, And as things continue to go the ir wav
thanks to laws tike the Digital Millennium < ■ p
right Act. people slowly start waking up to the
reality that maybe then best interests haw been
completely ignored.

Perhaps the most dramatic display ot this
overdue realization came in remarks made by
Rep. Rick Boucher {D-VAi m early March he
fore a Consumer bdeetronics Association Confer-
ence where he seemed to actually realize the true
dangers of the DMCA:

"The time , in my opinion. has ft one for the
Congress to reaffirm the 1 air Use Doctrine ami
to holster specific fair use riff his, which are e<nv
at risk. In 1998, responding to the concerns of
copyright owners. Congress passed the Digital
Millennium Copyright Act. The announced pur
pose was to protect from piracy copyrighted ma-
terial in an environment which poses special
concerns for copyright owners , They made the
point that with digital technology , a copy of n
copy of a copy has the same clarity and perfec-
tion as the original of the work. They of so made
the point that in the networked environment, with
i he single click of a mouse, thousands of those
perfect copies cun he sent to people throughout
the nation and the world.

'The DMCA is the result of the effort hy
i 'ongress to respond to those realities. There are
some today who believe that the legislation went
foo far. For example, it creates, in Section
1201(a), a new crime pf circumventing a techno-
I oyi eol protection measure that guards access to
1 1 i of weighted work. Under Section 1201 , the
purpose if the circumvention is immaterial. It is
1 1 crime to circumvent the password or other

■ in iia v, even for the purpose of exercising fair
usr mbits. There is no requirement that the eir-

■ \au\i -e;, it he for the purpose of infringing the
eitp\ n vhts \ n \ net of t i ream vent ion, u i thoitt th e
i HfiM at i */ the i opy right owner, is made criminal
nmte t Section HOT

Vmir non foresee a time when virtually alt
Men mater tut n til he sent to libraries on CD
ROMs. With tin matt rial encrypted or guarded
h\ pa\^wiod\ In eu hangi 1 for a fee for each
in ww ■; t h * /'ova wo 1 1 1 ma\ t hen be used. A nd so
it is predh ted that under Section 1201, what is
iivtutahfc tuiia\ on the library shelves for free
mil he available on a pay per use basis only , The
student who wants even the most basic access to
maienot to write his term paper will have to pay
for each item that he uses.

“Several of us made an effort in 1998 to limit
the new crime under Section 1201 to circumven-
tion far the purpose of infringement- But in the
momentum to enact the measure, essentially una-
mended, we were not able to have that change
adopted. With the growing realization on the part
of the education community and supporters of It
braries of the threat to mi# use rights whit h Sc ■
lion 1201 poses, perhaps the tone wilt soon come
for a Congressional reexamination of this provi-
sion.

"Perhaps tin only < < wdttcr that slum Id he de-
clared criminal is > o i ann . atom for the purpose
of in fring t • nit • m Perth ip \ 1 1 t> i . - re t in i bed a mend -
men t could b, iut(u d to custire the con tinned ex-
ercise th fait use right-, of libraries and in
a ( 1 htdt tstu \ett in ye m an it h landing the provi-
sions of Section 1201.

" And t flunk then - are other challenges. I am
i otn e tried by the apparent attempt of some in the

Page 4

2600 Magazine

content community to seek to protect their copy-
right interests in material contained in television
programs by insisting that the TV signal quality
be degraded, or by insisting on the use of set-top
box technology which prohibits all copying. The
reasonable expectations of teh vision viewers to
be able to make afn of programs for time
shifting and other hisfotu ally accepted purposes
must be honored and must he fulfilled. "

We suspect that ti re are many others in
Congress who I eel die same unease but are hesi-
tant to speak i M.u mist such powerful lobbies
as the M PA \ .nut tin K1AA. We must encourage
them to list* n to ihe people who elected them,
not the special inkiest groups who use intimida-
tion and money to get what they want.

In anothei wry public display in early
Match, cartoonist. Aaron McGruder devoted hi s
popular ci inn strip Boondocks to the DeCSS
controversy i an three days, characters struggled
to understand tin hut'll ing ruling of Judge Kaplan
this past \ 1 1 g u si which forced 2600 to keep t he
source code ofl ot our site and even banned our
linking to other sites that contained this material.
"Why is it perfectly legal to post a diagram of
how to bmld a bomb on the net, but you can’t
post a code that descrambles DVDs?” a character
asks a teacher. The rest of the strip is blacked out
with the wouls ‘‘CENSORED. We just don't like
where he’s going w ith this."

On a different day. the entire strip was re-
placed with the words: “CENSORED, This
comic contain* numerous references to the
DeCSS code used to bypass the Content Scram-
bliiig System of DVDs, which, by order of Judge
Lewis Kaplun, ■* illegal to reproduce in any way.
We a pot og i a lor the inconvenience, but speech
that damages the prolits of our corporate friends
is NOT protected hy the First Amendment.
Thank you,"

This biting political commentary accom-
plished mi two sentences what virtually every
major editorial page has so far failed to do. The
sobering cnnsei|Uenees of the ruling against us
was laid out concisely loi all to see. Note that the
author understood that the code was not de-
signed fui copying, a fact dial virtually every
news report on the subject got wrong.

What this illustrates is that we have allies in
places we never even thought of. This one comic
strip reached millions ol people who now have
some understanding ol what this, ease has been,
and continues to be, about. I here are probably a
good many more ways of reaching the public

that have yet to be utilized. We need to come up
with more ideas and those people who can help
get the word out need to come forward.

And of course, technological rebellion con-
tinues, We've seen people come up widi shorter
and more creative methods of bypassing CSS -
everything from a DeCSS haiku to a 434 byte C
program to a seven line Perl script. There’s even
a prime number that is identical to the gzip data
( in decimal) of the original C source code minus
tables. T-shirts, bumper stickers, even tattoos
with such “illegal" code are popping up every-
where. And it all serves to illustrate the absurdity
Of the whole thing.

It’s imperative that w r e keep our sense of hu-
mor throughout, no matter how it all turns out.
There are many levels on which we could ulti-
mately lose - the court case is only one of them.
The spirit of the hacker community is what is vi-
tal to this and ail future tights. It’s an inspiration
to many more outside the scene who can only
dream of taking on the fights we do. Destiny has
put us in this position at this time in history and
we have to continue to stand up for those things
we believe in - free speech, free communication,
free access to knowledge, and the ability to con-
trol and shape technology to suit our individual
needs.

We're very lucky to be where we are, despite
the risks. And we T re fortunate beyond words to
have such an amazing support network that is
still growing and developing. Because no matter
how the DeCSS appeal turns out, you can bet
there will be more fights in our future. If they
open half as many eyes as this case has, they will
be worth the trouble.

Spring 2001

Page 5

Police Searches
ofm Computers

by Todd Garrison

Ignorance of Lhe laws (hat govern your
everyday life is at your own peril I do not
advocate breaking any law, nor do I want to
disseminate this article to criminals lor the
purpose of making the task of law enforce
ment more difficult. 1 cannot help but
knowledge that information here can be ol
use to criminals, but that is mere coincide m c
because all citizens have (he right to protei
tion under the various statutes and rules that
protect our freedom.

Because l am involved with infom auon
security I have taken it upon myself to he
come familiarized with state arid federal \.w\
that affect computers, lam not a law yci Ido
not offer any of this information ,is such* not
do I advocate treating any ol what I sa> i
authoritative, li you suspect that mi , kl\ hv
involved in litigation or tin indictment that in
volves computers* get a lawyer Not a lawyer
who specializes in real esiau- law, or general
criminal defense Retain a lawyer who spe
cializes in computer and Internet law. The
worst possible situation is a lawyer who
doesn't know how the (computer-related) law
works and puts you through failed filings
w hile taking the wrong approach to your de-
fense, The prosecutor involved in your case
{assuming it is computer- related) will most
likely have received specialized training on
computer- related offenses. In lighi of lhe me-
dia circus that surrounds hacking and any-
thing that even remotely relates to a
computer crime, prosecutors want to make
examples in cases. So expect that they w ill
try for maximum sentence and the harshest
punishments for crimes under the guise that
future risk can be averted in your case by im-
posing a harsh sentence before you graduate
to more serious crimes.

The inspiration for this article is the re-
cent publication of “Searching and Seizing
Computers and Obtaining Electronic Evi
dencc in Criminal Investigations," a guide
published by (he CCIPS {Computer Crime
and Intellectual Property Section) ol the
United States Department ol Justice, Anyone
who has followed the recent computer crime
cases in the press knows that much of the
computes crime law is still untested. Every
day this becomes less true. Events are rapidly
changing the interpretation of laws. Legisla-
tion such as (he Digital Millennium Copy-

right Act has shifted fair use away from the
individuals our government is supposed to
pro I ec t and has given (he power to large cor-
porations. It w ill soon be illegal to even re-
verse engineer a product you have bought*
and paid for the right to use - whether for the
i mended purpose or not. Events such as
a. ak and peek" searches are becoming
moil- commonplace when encryption is an
issue.

I here are. however* steps you can take to
I >i « iiccl your privacy and make it more diffi-
ult to have certain information and computer
’ v h ni , seized as well as have the ability to
reciwci your equipment after it has been
seized \s I said before, I do not advocate or

i i dii i uat l ci participate in crimes. It be-
iiiiu's less likely that upon knowing the law r
that y i ' 1 1 will be an u n knowing party to a
, rime but nol impossible. For instance you
owl l In implicated m a crime by the fact
all sue dial you know how to use a computer
and one of yom friends has committed a
crime 1 ho situation i s not only likely* but
I iu p pe n n re g u 3 a r I y . Cr in mud in vesti gators
only need a suspicion that you may have in-
formation pertaining to evidence in a crime
to seize your computers - even if you did not
commit a crime. There are laws that are sup-
posed to protect against this, sure* but it is
just a matter of semantics in the affidavit that
the criminal investigator presents to a judge
when requesting the search warrant, further-

more in cases w here you
relinquish control (say
you drop off your
computer at a repair
shop) that an affi -
davit and warrant
are not even neces-
sary to seize your
equipment,

The DOI com-
puter search guidelines
can be read at www.cy-
heu rune gnv /search
manuakhtm.

So are we really that far
aw'ay

Page 6

2600 Magazine

from Orwell’s 1984? Docs Big Brother have
uncontrolled power? No. While you may not
be able to prevent the initial show of force -
where law enforcement essential I y steals
your equipment - there are many avenues to
protect y o ursel f , W he 1 1 d oi ng v u I n era b i 1 i ( y
research on a computer system it is common
to investigate multiple avenues of attack. To
enumerate as many as possible and explore
each one in an intellectual manner before
choosing the avenue of attack. This is a disci-
pline gleaned from basic tactics of warfare, it
is a tried and proved method of offensive at-
tack and, to be cliche, it is also ja great de-
fense. This is whai I will attempt to d# in this
article. I do nol propose legal defenses* bur
merely recognize local inns in the existing
laws which may allow more room for a de-
fense once you have retained a lawyer.
Warrantless Searches

Quoting Nancy Reagan, “Just say no!" *4
(“No. officer, you may not search my vehi-
cle"; “No* officer, you may not enter the
premise without a search warrant*”) It should
be noted here that refusal to search may be
deemed as suspicious behavior and under ex-
treme circumstances may be used against you
in an affidavit. Keep your wits about you!
Your interaction with the police. FBI. prose-
cutors. etc. will be held against you or will be
credited to you during any trials, motions, fil-
ings, etc ( icner ally if they ask to search
something they have a reason. Ask why they
warn to search. If for example they w ant to
search your vehicle for drugs* get it in writ-
ing. While this may be something they do not
want to do* insist. Make it the only condition
that they may search Why? Because if they
are looking for drugs as a guise for looking at
your laptop, pager, cellphone* PDA, appoint-
ment book. etc. they just plain don ’I have the
right. You can’t store drugs on your hard
disk’ Now he extremely careful at this point
if they say they are searching for “evidence”
of drugs they may be warranted to look
through other devices. Make them change the
wording (o “drugs or drug paraphernalia” in-
stead of Vv i deuce" before you agree. Note
that if i hey do find drugs, they have the right
to sea rc 1 1 e v e ry t h i n g , i nc I ud i n g you r com -
puter. etc.

Others may consent to search on your be-
half, That’s right, even il vou object, it may
not matter. When you were a child you were
probably taught that sharing was a good
thing. This is true and not true at the same
time. Later in this article I will explain when
it is good, but in the case of warrantless
searches it is not only dangerous, hut il is as
good as totally relinquishing any control for a
search to an officer The basic idea is your

roommate can consent to a search of your
apartment* It gets worse. Anyone you share
your computer with can consent to its search.
Your coworkers can consent to a search* a
passenger in your vehicle can consent to a
search. Essentially anything that is shared be-
tween you and another person can be
searched w ith the consent of the other person.
It gets even worse! If for example you don’t
share your computer with your roommate but
they could access it, then they can authorize
ils search too. The search must be limited to
what they can access. What this means is that
if you must share yoifr computer, do it in a
manner that (hey do not have access to your
files. Operating systems intended for a single
user should not be considered an option in
these cases. Use the multiple users feature of
Mac OS L J. use a nix operating system writh
different accounts* or use different profiles
under Windows NT. Make sure (hat when
you are done using your computer you log
out. Of employ a screen saver w r ith a pass-
word. If you give (hem your password, then
they haw the right to give h w hoever is con-
ducting the seal ch . Be aware also that operat-
ing \Y stems like Windows NT and 2000 may
have a common cache for things like your
web browser, and since it is accessible by
others who use the same computer* then it is
fair game and admissible evidence. The best
advice 1 can give is use encryption for every-
thing all the rime. If you can get away with it*
encrypt your applications, their temporary di-
rec lories* configuration files* The same tech-
niques (hat you use lor protecting yourself
against break -ins suds as proper registry per-
missions can help too.

Another reason to employ encryption
(and when I say encryption I mean strong en-
cryption - always use strong ciphers, not
RC2-40bit or DBS - but IDEA, 3DES* or
Blowtish) is incidental disclosure. If you
have a laptop and it gets ripped off on the
bus, at the airport* on the subway, at school,
or wherever you may be* and they catch the
thief - they can search your laptop! They can-
not ask for your encryption keys, but any-
thing that the thief could have read (which is
everything contained on the laptop), they
have the right to read. Now recite this
mantra: “Encryption protects me, I will use it
everywhere." This type of disclosure opens
up a lot of scary questions. Just remember
that as long as there are people* there will be
people who abuse their power. A criminal in-
vestigator may use these circumstance to tar-
get you* not that 1 know of any specific case
where this has happened but it is still
possible*

Anyone who is involved in security work

Spring 2001

Page 7

knows that passwords, encryption, and physi-
cal locks can he overcome. But using these
measures, even if you know they are not com-
pletely effective are an absolute must. In the
eyes of the law even the weakest encryption
affords a level of legal protection regarding
allowed access (look at the DMCA h II you
took steps to disallow another person from
accessing something, no matter how basic
those steps are, that means that they did not
have legitimate access to those items. II you
store your computer in a closed cabinet w till
a lock and did not give the key to youi on mi
mate, they no longer have the right lo audio
rize its access to anyone. Password |>u ue i
everything, encrypt the most trivial item um
physical locks and keys, store youi ini|Hutai
removable media in an inexpensive hie .\U-
These are all actions that deny act cs i
protect your legal rights against wan am I l
searches. If you are the only pci urn wlm has
legitimate access to an item, then von m ilu
only one who can release that hem loi ■ . yiu !i
But wait! This doesn't apply at wort u\ul
on!

There is much debate about v \pcvLiiin<M
of privacy at your wot kpl.ki But il -u ex
pcctation you should have is - mu/utn* you
do, say, or are oth nviui involved in at work
is private. Don't use y ( mi e -mail at work for
anything private Don’t even end ood t\V
Mom a message saying hello (id .1 free e-
mad account that uses SSI 01 other encryp-
tion if you plan on accessing it from work.
Better yet, don't even access your private e-
mail at work, Your employer has the right to
install cameras, listening devices* wiretaps,
intercept and archive your e-mail, w^atch what
web sites you visit, and even read youi
thoughts if they have the technology. The
bottom line is keep your private life private.
Your employer can, at their discretion, dis-
close this information to anyone they want.
Additionally, they can claim anything you do
while on the job as their intellectual property.
Don't even risk it. Keep anything you don’t
want them to Know away from their grasp.
Expect fully that if you commit a crime that
involves computers that your employer will
be the first place investigators will search.
This is because you essentially have no rights
to privacy and very few businesses would re-
sist the will of public authority and deny
them a search.

It you travel across borders, leave your
laptop at home. Customs agents have the
right to an unrestrained search of your be-
longings, including your data. They can even
demand encryption keys, and you have to
give them up. Remember that transporting
strong encryption outside of the US is con-

sidered to be export of munitions, and a fed-
eral offense. So even if your data is en-
crypted, that fact alone could he reason
enough to forcibly detain you and even arrest
you.

/ Kigent circumstances; this is when in-
vestigators have reason to believe you might
destroy evidence. Of all the laws on the
Ik ml ,, this is one of the scariest. They don't
1 I ,1 warrant - they don't even have to
knok k on the door. They require only to have
u ,1 unable cause. They don't need evidence
o! a irai k record of you doing something like
this in the past. They just need a reason to he-
I ie\ c it 1 he intimidating part of this law is

I hi 1 1 it 1 up to the investigator, not a judge or
■ h 4 net attorney, just the investigator. So if
the ofliccr has a hunch that you will try to de-

ii" 1 id ct ice by deleting files, encrypting
data 1 hs posing of encryption keys once
sou .in- alerted to their presence, they have
tin ru'ht In deem a search exigent. Fortu-
rmti k In -I .a jsc the law is vague, it is seldom

II .I hut it 1 riot unheard of. If you decide to
pul inggi on v i 111 r systems that wall uu-

ton -a all , delete evidence, don’t tell any-
me about 11 nm - n youf-J 1 iends. Bragging
is the most 1 1 vmi ,111 way people are deemed
suspects 1 1 u 1 crime and the most likely cir-
cumstance that 1 1 • vstigalO) -■ wail use to de-
cide you are at risk ot destroying evidence.
Warrants

While the above warrantless searches arc
the most likely that you will be presented
with, there is al ways the chance that a search
w arrant will be issued. While it can literally
be a pain in the ass. it is better to be pre-
sented with a warranted search than a war-
rantless search. If you haven't committed a
crime, then you s lion Id have reason to believe
that the outcome will be in your favor. This is
why a warranted search is better. The fact
alone that a warrant has been issued means
that a judge is involved and can he held ac-
countable for wrongdoings in the legal
process. But alas, if there are constraints in
warrantless searches, there are even more in
searches involving a warrant.

First* the process of how a search warrant
is constructed I here arc at minimum two
dcu umenis ih.u must he presented to a judge
before he w ill issue ,1 warrant. The first is an
aftidav it llns is the sworn testimony of the
invest iy ah ir { s 1 ( hat s h 1 > w proba h I e cause for a
search. It will name what information leads
to the conclusion that a search is required,
where lliai information was obtained, and the
cijLiJirisi.uhvs under which the investigator
believes it relevant. The second is the actual
warrant. U describes what Is to be searched,
what methods will he used, w ho will be pre-

Page X

2600 Magazine

sent, where the searched items will he stored,
what time frame in which it will he executed,
and the overall goal of what is being sought.

S earc h w arra nts a re ret ju i red to be sped lie .
Once again, searching for evidence of a con-
traband item is different from searching for
an actual contraband item.

No matter what happens, cooperate with
the search. Resisting will onls make your life
difficult. If the wan , ml specifically states that
equipment will be seized it will have ad-
denda's stating e\ n ll\ what will he seized, a
description of what 1 to be seized, and what
methods will be u l to search. The investi-
gators may opt to look through your com-
puter on-site but this, is 1 uiher unlikely. If
you have the ability, and (he warrant does not
a u th ori zc t h . n uv ol \ 1 deo rec ord i n g
equipment, i ivak out 1 lie camcorder and
record what they do and say. This may be in-
valuable c\ idem c 111 proving that an investi-
gator ov erst i pp 1 the boundaries of a search
warrant;, it wall also prove as a deterrent for
them to ovcistcp the warrant at all.

As a ci liver 1 you have certain unalienable
rights. I kc these rights to your advantage.
Freedom ol , ua . h, attorney -client privilege,
pri vaev of tlu ele rg y , free d um o f l he pre s s ,
and, as a, pro', idcr of network services you
have more 11 la than just a citizen by the na-
ture of the rights ol those who you provide
services to f elk examine how these issues
provide oh 1 u h s to low enforcement offi-
cials who w ish to obtain your shiny new 1
computer.

Freedom of Speech and Freedom of the
Press: You have the right to speak your mind
and publish those thoughts. These are inalien-
able rights is a US citizen. Take advantage of
these tights ( o incidentally, the Internet hap-
pens so he (la most available and affordable
method to publish your thoughts. Whether it
be your business promotions, or social com-
mentary -an, h ,is this article, use it! Update it
on a regular basis and make sure il is always
available I his is important because if it is
never updated 01 only available when you are
surfing the w oh, the court may dismiss what
you have published as not actually being a
publication because ol it being only occa-
sionally available Replicate it and make sure
that the machines arc available as a web
server as often us possible use round-robin
DNS to make sure truliie actually goes to all
of the machines acting as a web server. Any
machine that doesn't act as a server for the
dissemination of the information should be
used to create the information being dissemi-
nated, Keep your web design software, image
editing software, word processor, and proof
that they have been used in the creation of

your intellectual property that you publish Lo
the Internet on the machines. Are you curious
why this is mentioned in an article on search
and seizure? Well, you now have the same
statutory protections that a newspaper has in
regards to search warrants. By seizing tools
you use to publish your opinions, they violate
many of your rights. Your First Amendment
right mostly. These factors will quite possibly
cause a search w r arrant to become more lim-
ited in scope and add a likelihood of a time
limit upon investigators when removing
equipment from your premises. Of course,
doing this does absolutely nothing for you if
they find you have committed a crime! It will
just make them angry, and most likely il w ill
come up in court that you purposely tried to
use constitutional privilege to prevent inves-
tigators from performing their duties.

Attorney-Client Privilege: Oh boy! This
can make an investigator s life difficult. In-
vestigators are required by law lo respect
documents that contain private attorney-
client privileged information. Essentially
they can t confiscate them, read them, use
them against you, or disclose them to anyone.
In case they believe they may inadvertently
g ai n ac cess to s uch i n form at i on . I hey will
have to have special exceptions written into
the warrant and will have to use an uninter-
ested third party to assist in reviewing the in-
formation. If the third party notes that it is
privileged information, the investigators can-
not use it. Now this brings up interesting con-
sequences. What if the information being
sought in the warrant they are executing is
actually contained within these documents'? I
don't know what the outcome would be. I
make no claim as to w hat the result of a legal
battle involving steganography hidden infor-
mation in scanned images of privileged infor-
mation would be. but I assure you it will be
something played out in the courts in the fu-
ture. In fact, I expect to see it played out in
the media too!

Privacy of Clergy and Attorneys: There
are special laws involved w r hen law enforce-
ment may search computers or records be-
longing to lawyers and clergy, 11 you share
your computer systems with people in either
of these occupations, investigators will have
to get special approval in a search.

Sen ice Providers (at: when sharing your
computer is a good thing!): ISPs, phone com-
panies, or anyone providing wire communi-
cations to anyone else immediately becomes
regulated by the EC PA (Electronic Commu-
nications Privacy Act) and the procedures
that investigators must use are different.
While the folks you provide service to are af-
forded less privacy by this act f because

Spring 200 1

searches of a third party system do not re-
quire a warrant, only a subpoena), you are af-
forded more protections and even civil relief
in the ease of wrongdoing on the part of an
investigator.

In short, by executing your rights and pro-
viding services to others which allow them to
execute their rights you make the likelihood
of losing your computers and equipment less
likely (assuming that those you provide ser-
vice for are law abiding as well ). Mere's a
formula for making the seizure of your com-
puter systems less likely. Make a deal w ith a
small local law firm that you will provide
them with free web hosting and e-mail ser-
vices in exchange for consultation of how in
gain nonprofit status for your
weekly /month I y/whate ver Internet-based
news publication (e-zine). Scan the docu-
ments that you used w r hite conversing w it h
your attorney and use steganography in hkl<
ihe private keys you use for encryption
w i th i n those pri v i 1 eged docu me n i \ Give
away as many free e-mail accounts m vnur
friends and family as possible and cm umugi
them to actively use the accounts Host ,i b
site and e-mail for a church. Make sure you
take the time to show one of the clergy how
to use e-mail. Okay, maybe the Iasi sugges
Lion sounds kinda Brady Bunchish but il may
be ifie motivation for a judge to deny a search
warrant.

ni go ahead and say it again despite rec-
ognizing that I sound like a broken record:
None of this will help you if you have actu-
ally committed a crime. Don't use these
methods to make investigators' lives more
difficult when you are coves mg up a crime. It
will reflect poorly on you when you receive
sentencing. Besides, if you commit crimes
you will most likely end up getting caught re-
gardless of what you use your computers to
accomplish.

Methods Available to Investigators

If you arc being investigated For a crime,
there is not a w hole lot you can da until you
get into a court of 1 aw. According to the law,
investigators have a wide variety of Ledi-^fc
niques and are allowed to do quite a bit more
than you may expect. Let’s look at
some of what they can do.

Instrumentality of Crime. If some-
thing is used during the committing of
a crime, it is an instrument of crime. If
you use a computer to break into an-
other computer then the computer you
used is an instrument of the crime. Bul
wail - il doesn’t stop there. The net-
work you used, the router, the modem,
anything that is connected or assists in
the function of the system that is the

instrument of the crime is considered an in-
strumentality as well. This can result in blan-
ket seizures of equipment. Generally when
searches are conducted against a business, in-
vestigators will not seize everything that
could be considered an instrumentality. But
expect everything computer- related in a
search of a private residence to walk out the
ilt tor. Thai's just the way it is and the courts
support this practice. Once again, our federal
gov or i uncut demonstrates that the rights of
business are more important than th ose of in-
div iihials, GO figure.

No knock Warrants. Not Song ago a man
v ,i . killed near where I live when the police
cxecuU <1 a no- knock warrant at the wrong
oiiilrrw The man thought his home was be-
ing bioken into and armed himself for de-
I i : i he police tilled him with bullets.

. kIl I i in die fact i hat I believe this to be a
blatant in ini ion of the Fourth Amendment, it
i Tin; n»us It puts the lives of law enforce-
ment in dan -n md it especially puts the lives
ol i mini ui i it Dens at risk. These techniques
■ ilt., i judges si ill approve them. But
i in vi s. m the case that the investi-
■,iiii . In Ir ve lh.it \mi may destroy evidence
they den i ivquiic i no knock warrant. They
can make the determination and just bust the
door in without announcing who they are.

The land of the free indeed!

Sneak and Perk. Welcome to the spy age.
The government can t spy on the Soviet com-
munist regime anymore, so it has taken to
practicing on their ow n citizens. Bugs, wire-
taps, keystroke recorders, cameras, and other
covert surveillance techniques previously re-
served for naiiona! security are now legal and
lair game in federal cases. Recently the FBI
has used these techniques for capturing key-
strokes lor getting PGP keys. One such de-
vice < pictured. > connects to the PS/2 port of a
computer and looks fairly innoeuous/1 his
model is supposed to represent n ferrite coil
which disperses electromagnetic fields. This
“hug" only stores about 1 20*0(10 keystrokes
but there arc smaller devices Iliac can store
megabytes worth ol keystrokes. My sugges-
tion - if you find one of these on your system,
rake it apart and ensure it really is a ferrite
coil. If it has anything resembling an inte-
grated circuit inside, put it in the microwave
for a few seconds and then throw il away,
Ann yourself with knowledge. Knowing
the law helps us all from becoming victims
of both crime and the illegitimate practice of
law. Defend yourself. Most of all, if you de-
cide to break the law, be prepared for the
consequences. Our government no longer is
willing to hand out little slaps on the wrist
and you can expect to see more extreme
measures involved in computer crime.

Page 10

2600 Magazine

l he t* utuTe of PKI

by Elite 158

Public Key Infrastructure, or PKI t is a new
system (well, new f to the public) created by the
government to ekclrotiicalh idemily yourself.
Here I will explain the bask structure of PKL

The government uses what’s called High
Assurance Smart Cards, a
system known as Fortez/a
These smart cards arc cki
ironic cards made especially
for the government fhc cards
workers hold con tan th m
personal information. Ii has,
of course, yom name, your
address, credit * aid info.

SSN. and the whole works. I he government
uses (his system in have authorized workers
identify theniscK ■ ■ to m cess classified mater-
ial. Basically, clcv ironically identifying yourself
is an easy and last way In prove you arc who
you say you are

Now Forte/ /.i i coming out to the public,
but will be known a PKI or Smart Cards. Even
though they're nil i ailed Smart Cards, the in-
formation will be kept on a more abundant me-
dia: the floppy 1 1 I \long with the floppy disk
is the laptop fit Mt l A card, and possibly even
miniCD These l unis, however, aren’t High As-
surance, Instead it s a Medium/Low Assurance,
meaning that the most abundant information is
used, in sic ul ol pulling in every meticulous de-
tail.

PKI will be used mostly in banks and on-
line. In fuel, there is a very high chance that by
the next eld turn in 2004, people will be able to
vote through government servers online, using
their Smart l ards. It should work just by stick-
ing in the disk while on their site. The server
will gather the niton nation needed, it will do
the hand shake il approved, and your vote will
be counted

S hese cards frt member that these cards are
either the (loppy disks or laptop cards) are given
to you by She government. Now I'm not sure
what kind of tiles the information is stored on,
but it has to be some sort of executable pro-
gram. When you open is up. it’ll prompt you for
a password. Once typed in and authorized, you
have assured yourself that you own that card,
You can now use it freely throughout (he Inter-
net or wherever the card is applicable. The ap-
plication will most likely be run in the

background. There is, according to the govern-
ment, no way of tampering w ith or editing the
information on the Small Card. In fact, to up-
date the information (say you moved or
changed your phone number), you would have
to take it to a facility like a bank. You would

give them what you want to up-
date and they would change it.

These cards are already start-
ing to appear. Visa has got a
Smart Credit Card out now. It’s a
credit card with a microchip on it
that contains your personal infor-
mation, just as I explained. It
comes with its own external port
that's plugged into your computer. You just
slick it in and it acquires the data. This sort of
stuff will be seen more often as time passes by.

For right now and not many years ahead,

PKI will be voluntary for people to use. Bui it's
likely that in the far future, PKI will become
mandatory to every one 18 and older. IT 3 1 basi-
cally be a new form of ID. the electronic ID.

This whole system may sound unreal be-
cause, just how hard does the government think
it would take for a hacker to break the system?
There are possibilities now that could make any
hacker become well know n. The potential of
people password cracking their own cards and
running around claiming to be someone they're
not. or hacking the online voting serv ers and
getting Nader elected, or even making copies
w ith different identities and going wherever
they want as whoever they want to be online is
remarkahle.

In my opinion, this new decade is going to
be known as the techno-happy years, where our
everyday lives will involve personal usage of
technology. Hell, if you think about it, we can
already buy our groceries without getting off
our asses except n> go to the door and pick up
the food.

But besides that, PKI is still forming and is
still changing. This article was written to give
you an idea of what w r e’re in for. Hopefully this
new system won't be stupid, hut I have high
doubts about that. I hope it leaves opportunities
for hackers to learn the structure of it, and even
manipulation on it. All in all, 1 hope more peo-
ple learn about PKI, I will be trying to get more
information on it as it progresses.

imdrt

. , feE
fc i

VISA

First t

411 123*1 fatjHB

mr «* crt/oo v — — -
n lAilfTT Km

Spring 2001

Page 11

p -ns p fl/y Co® i

Vulnerabilities

AND ABUSES

by L14

PHP is a scripted language pri-
marily used with hup servers to cre-
ate web sites with dynamic, or
changing, content. PHP has many
similarities to C and Perl, although it
is simplified a bit. This makes PHP a
nice language with which to work,
since many of the complexities that
do not concern web site development
are removed.

This article will focus on some ol
the security issues that I encountered
while writing a PHP mailing list and
helping people on IRC', Most people
I talked to did not even realize that
security was an issue, and that how
their scripts were eon si rue ted could
change how seen re/lam perprool
their sites were.

The major problem is how vari-
ables are passed to PHP from the
web browser. Variables and their val-
ues are appended to the URL, result-
ing in something that looks like this;

http: //host/di r/scriptphp ? vari-
ed? !e f-s am e va I u e

Because the variable names and
their values are passed in plain text
from the location bar of the browser,
the values can easily be changed by
the end user to perform different
tasks than what the developer origi-
nally intended. Some of the possible
abuses of this are described below.

Since many sites are quite com-
plex, and contain scripts that reuse
functions, those functions are often

put into it standard include file. This
means that only one file need be
changed to update the entire site.
User authentication functions can
(and often do) fall into this category.
The user is verified once, and there-
after a value is passed to tell further
scripts that secure content can be ac-
cessed, However in sites with both
secure and insecure areas, there
needs to be a way of deciding whom
to authorize. An easy solution is to
just pass a variable that specifies ei-
i her a secure or insecure mode, de-
pending on what is being linked to.
The same things may get executed in
both modes but that probably doesn't
matter. If the mode is secure and the
login fails, the script just hails. If the
mode is insecure (or the login is
valid), the same core features gel ex-
ecuted. The problem of course is that
after looking through the site for a
few minutes, a user may realize that
they could avoid having to login by
just changing the value of the mode
variable. They can find out what it
should be by simply checking a sec-
tion that does not require authoriza-
tion, and find out what the mode
value is. Then all they have to do is
change it in the location bar of the
previous page and reload. For a com-
pany that has a large audience for its
web site or mailing list, this can pose
a severe problem: Anyone could
change their site with no tools and
very little knowledge.

Page 12

2600 Magazine

h t tp :// f i os i/d i r/pa ge.p hp ?varf - va
l! & va r2 - va 12 & mod e — see (user has
to login)

h tip ://h os i/di r/page. p / ip ? va r 1 = va
1 1 <£ v a r2 - va 12 & mode -ins (use r

doesn't have to login, it's magic!)

This can be solved by moving
code related to authentication to a
separate file. This file is included in-
stead of the standard include file in
documents considered secure, and if
the login is valid, the standard file is
included as well. This removes the
need for a mode variable; removing
control is removed from the end-
user.

Another problem, identical in its
root, is that users can change the val-
ues being submitted to make the
page work differently. Consider a
mailing list; A user visits the page,
fills in a form, clicks submit, imme-
diately receives an e-mail with a link
in it, dicks the link, and is added to
the list. If that user is malicious, they
may realize that they can fool with
the system by changing the URL in
the link, perhaps adding someone
else to the list. While this is not
much of a problem if they do it once,
if they write a simple JavaScript and
the mailing list only checks to see if
users exist before sending the confir-
mation e-mail, they can potentially
add someone hundreds or thousands
of times. If the mailing list only
checks to see if users exists before
adding them, then the confirmation
portion can be abused. The confir-
mation section, since it sends e-
mails immediately, also lias more
potential as a mail bombing utility.
While trying to abuse my own mail-
ing list software, l managed to send
500 e-mails per minute to my ac-
count at university, from a remote
computer, using an html/JavaScript

file that l wrote at that remote com-
puter and opened in IE. If several
sites that were vulnerable in this way
were found, quite an effective attack
could be launched against major
servers, with almost no chance of be-
ing caught.

This is also easily fixed. It should
be checked both before confirmation
and before adding the user whether a
given user already exists. There
should also be a database of tempo-
rary users, which the user subscrib-
ing gets added to until they
subscribe. This list can be erased pe-
riodically, as people may opt to sign
up later, but that time should be at
least a week. Alternatively, indexes
generated from the e-mail addresses
themselves could be included in the
URL of the confirmation link, so that
the address variable and the index
variable must match before the user
gets added, or a confirmation mes-
sage sent. This removes the need for
a temporary database but can still be
tampered with, so in my software I
just added the extra database.

I have found this problem in
every PHP based mailing list I have
looked at, phis several ASP and Perl
ones as well. To find vulnerable lists
I simply searched for “mail lists" on
Yahoo, and if I could manipulate the
URL and send my test e-mail ac-
count more than one e-mail, I con-
sidered it to be vulnerable to attack.
To find and test approximately ten,
all on reasonably fast servers, took
less than 15 minutes, which I feel
makes this a legitimate oversight of
PUP developers in particular (and
CGI developers in general) to look at
how program structure can be
exploited.

Spring 2001

Page 13

^ *1

Breaking the Windows

Script Encoder

by Mr. Brownstone

'flic Windows Script Encoder ( scrcnc.exe i is ;t Micrnsoti tool that can be used to encode your scripts (i,e,*
J Seri pt H ASP pages. VBScript), Yes: encode, noi entry pi i in use of this tool is to prevent people from looting at or
modifying your scripts. Microsoft recommends using the Scrip! Encoder Its obfuscate your ASP pages, so in case
your server is compromised the hacker would Ik- unable to find out how your ASP applications work.

You can download the Windows Script i ncoder at hup // m sdn mien iso ft . com/sc ripling/de fault.htm 7/script -
i ng/ v bscri pt/dow nload/ v bsdo w n.hi m

The documentation already sav^ the following

"Note shut this encoding onl\ prevents < a -.in d rim it tg of \<t Ur t ode: it will not prevent the determined hacker
from seeing what you 've don? < uni /imi

Also, an encoded scrip! is protected against L.mpvmu' iinl modifications:

"After encoding, if you change < 1 1 it +■■■'. ■ harm it i in tin cm -tided text, the integrity of the entire script A lost
and it can no longer he used. "

So we can make the following observations;

We are a “determined hacker " '‘grin*

If it's about ‘"preventing casual viewing wli a wumy with encoding mechanisms like a simple XOR or

even uuencode. base64, and URL. encoding?

Anyone using this loo I will be cons meed Ihai it's safe m hmd code all usernames, passwords* and "secret" al-

gorithms into their ASP pages And any "determined hacker" will he able to get to them anyway.

Okay. So even Microsoft says this can he broken. Can'i be difhcuU then. It wasn't. Writing this article look me
at least twice ilic time 1 needed lor breaking it. Bui I think ibis can be a very nice exercise for anyone who wants to
leant more about analyzing code like this. wj!h know n plaintext, know n ey pcrtexl, and unknown key and algorithm.
(Actually, a COM object that can do ihc encoding is shipped with II 5,0. so reverse engineering Ibis will reveal the
algorithm* but that's no fun, is it?)

So, llow Docs This Work?

The Scrip! Encoder works in a very simple way. Il lakes two parameter',: the filename of the file containing the
script, and the name of the output file* containing the encoded script.

What part of the file will be encoded depends on the filename extension* as well as on die presence of a so-
called “encoding marker." This encoding marker allows you to exclude part of your script from being encoded. This
can be very handy for JavaScript*, because the encoded scripts will only work on MS IE 5.0 or higher... (of course
this is not an issue for ASP and VB scripts [hat run on a web server!},

Say you've got this HTML page with a script you want to hide from prying eyes:

<HTML>

<HEAD^

<TITLE>Page with secret inf or mat ion</ TITLE >

< SCR I PT LANGUAGE = * JS C*ipt * >

<w/

//♦♦Start Encode**

alert ("this code should be kept secret ! I l l ") ;

//“>

</SCKIPT>

</HEAD>

<BODY>

This page contains secret information,.

< /body >

</HTML>

—

This is what u looks like after run mug Windows Script Encoder

Thtml >

<HEAD>

< TITLE >Pagie with secret inf oi mat Inti- H fl,K
< SCRIPT LANGUAGE = ' r JScript , Bnct x I > *

< 3 -//

, / /** Start Encode * ♦#(£•-* QwAAAA= ■ Ft u , l M OlJfvFY-J kdO 1 W (n , /t.K; V9P4
-V+aY , / nm . nD 1 v 2 1 " e E ft JOG ■ ‘ « • s q I i A A a A ‘ Pt

It; /SCRIPT >

</HEAD>

■c BODY?

This page contains secret information.

</BQDY>

</HTML>

As you can see. the <script tanguFige="..,”> has been changed into “JSori pt. Encode '. The Script Encoder uses
the Scripting. Encoder COM-object to do the actual encoding. The decoding will be done by ihc script interpreter it-
self (so we cannot simply call a Scripting. Decoder, because fha! doesn’t exist).

Page 14

2600 Magazine

Okay, Let's Play!

Plaintext

Encoded

Hoi

ft ® ~ A FQAAAA = =: ® (f @&OGbai#@ &Z Z

OS* mm &Ww I AAA = = * ft

Hai

“ A FQ AAAA= = @ # ©tCCb® # O&z Z

O® * &TQ I AAA= = A # - @

HaiHai

# © - * I g AAAA= = ® # & UDbCmk# # Cmr Cm k® # ® fc J z RRsa * ® # ®4mgUAAA = = " # - ©

Cute. As you can see, A appears to be a new*- line (@# = CR, @& = LF)* and the position of a character
does (sometimes..,) matter (Ihe firs! time HaiHai becomes CCbCmk and the second lime it’s CmrCmk), Let's just
encode a line with el lot of .As:

//•♦Start

Encoda**#ef**agAAAA=-«#'Stb) zbzbbzbz i bab ! bzb ) )zbbz}bzbbz] JbzbzbJb) ) zb)b2)bzfcd ) zbb) ) zbjbz
) zb : zbzbbzbz} bzb ) bzb) ) zbbz : bzbhz ) I bzbzb ) b) ) zbj bz ) bzb) ) :ibb) } zb > bz ) zb ) zb®#s&z jq ^(ScijiiiiikvyT
AAA== '■#-[#

The Algorithm

After staring at this for some time, I discovered that the bold part was repeating (actually, the entire string is re-
pealing itself after 64 characters* Also, it seems to be that die character “A” has three different representations; b. z,
and ). It you encode a siring of R's you'll see [he ssime pattern, but with different characters,

'Phis means the encoding will look something like this;

int pi ck_en coding [64 J

— r

r + * * i i

int lookuptable [ 56] [3] =

( } -

char encode char (char c ,
{

if £ 1 special char (c))

int pos)

return lookuptable

[e-321 (pick encoding [pos% 64 J ] ;

else

return escapedthar

}

( c) ;

J assumed lhai only ihe ASCII codes .12 to 126 inclusive, and 9 (TAB l are encoded. The rest are being escaped
m a similar fashion as CR and LF,

Whaf’s left is the stuff before and after the encoded string. 1 did not look into ihis (yet). It will probably contain
a checksum and some information about the length of the encoded script.

The Encoding fables

So now we’ll have to lind out those tables for the encoding The pick_encoding tabic is very simple to discover
by j use looking ai the pattern ihut was Ihe result of encoding ah those AV

in t pi ckeneod i ng [64] = ~

2 x

2 X

2 t

0 r

2 x

2 ,

2 x

2 ,

2 r

l f

I he string of A’s had a t.’R and LF in front of them, so after skipping ihe tirsl two digits, you’ll see lhai 0* 1 . 2,
0. 2, 0, 0, 2 perfectly matches b, ), z, b, z s b. h, /. . having b=(), )=1 and z=2.

The other ttible is a matrix (ha! holds three different representations for each character Which one will be used
depends un the pick ..encoding table. To find out ihis matrix, just make a file that w ill cause every character to be en-
coded three times. Make sure the algorithm is “reset." by padding ihe lines so each group will start on a 64-byte
boundary,

•r

aa3aaaadaaaaaaaaad=iaaaaa^i.aaaaddaaaaaaaaaaaaaaaaa4.d,dadaaa:aaaa
! i I a a aaaaa a j fi . j a ri^i aa aaaa a aa aa aaaaa aaaas a a aaa aaaaaaaaaaa a

" aaaasiaasaH .iaaaflfiaa.aaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaa
K# # aa aaa aa a a a a a aa iia a j d a a a saa aa a a a a a aa aa aaa aaa aaaaaaaaaa aaa aaa a
$$aaaaaaaa aa laaaa naaa ^aaaaaaaaaaaaajiiaaaaaaaaaaaaaaaaaaaaaaaaa

Etcetera, Note th.it there arc only 59 bytes of padding is because the CR and LF *u the end of ihe line are couni-
mg too! (59 + 2 + 5-64).

After encoding this you can remove the encoded a s again, as well ;is the for ihe t’R and LF. This is

what remains:

d7i P- , 11 Ze

JEr

( "yf 1 YU E 'L RvE

cv Mb* isMC 03

R q

Z&J t TZ

FqB

&f2 c*W

v+ G

F 1 OR

x ID

)1=

lip J 1 X | (4*®

■! * g g «$*$»$

- Z/;

f9D 23 A

Cu q { t

9 Ex

SJd H\t lHg rfe} nKh p)5

I]" ?T

U KP

31' *

<] po 5e I } t \ $ , | - w ‘

TDY 7 ? 1 { m ( -

icin

49 ( tt J

M N(9 +n

□LT

C4 4 krb

LIN 2 VO Vs

: hs

WGK w2i ; 5$ D

M /dk YOD

E; t

\-7

hA£ Sax xzH y w .

‘P lik- AN}

Lt- ?

Spring 2001

Page 15

So what is this? It’s the encoded representation o| (he ASCII characters 9. and 32 through 126. Every character
has got three different representations, so this sums up to .^(J 27-12 + 1 ) = characters.

You’ll sec that the c , >, and @ characters arc escaped too. resulting in the following (ablet

Esc

Org

«*

I've removed the. <£> !, <P I + and t« S Hum (he cm mini lest too and replaced them with question marks, so die
table will stay nice. This is what you get as a lies dump

unsi gned char encod i ng [ 2 0 0 ]
0x64, Ox 37,0x6 9 , i ) x 5 t )
0x61 , 0x3 A, Ox 5B . 0x51
0x42 , 0x76 , 0x4 5,

0x5 F,, 0x51 , 0x3 J + 0x7 E
0x7A, 0x26 , 0x4 A , 0x21
0x26 , 0x66 ,0x^2, 0X63
0x47,0x76,0x46, 0x26

0x69 , 0x49 , 0x70 , 0x3P
0x6 7 t 0x5 F, 0x6 1 , Ox 3 F
0x5 A , 0x2 F, 0x36 f 0x66
0x4D, 0x21, 0x56 P 0x43
0x7C , 0x46 , 0x6 E , 0x53
0x72,0x36,0x70, 0x6 E

0x3 F , 0x6 A , 0x55 , 0x4B
0x7 F , 0x09 , 0x71 , 0x2 8

0x24,0x20,0x50, 0x2 D
0x7B, 0x6D, 0x7C r 0x3D
0x6D, 0x5E, 0x31 , 0x4E
0x6 F , 0x4 C, 0x54 , 0x74

0x33 , 0x56 , 0x3 0 , 0x56
0x57,0x47,0x46, 0x77

0x2 F , 0x64 , 0x6 E , 0x59

0x68,0x41,0x53, 0x36
0x09,0x60,0x50, 0x75

}

{

0x7E ,
0x79,
0X63 ,
0x63,
0x54 ,
Qx2A,
0x30,
0x3 F ,
0x3 F ,
0x39,
0x75,
0x4A,
0x4 B ,
0x50,
0x70,
0x77,
0x7C ,
0x5B ,
0x3 4 ,
0x73 ,
0x32,
0x4 F,
0x61 ,
Qx6B ,

0x2C,
0x66 ,
0x76,
0x4 2,
0x5A,
0X57,
0x52,
Qx3F,
0X3F,
0X4 7,
0x5F ,
0x64 ,
0x68 ,
0x3A„
0x6 F,
0x27,
0x2 3 ,
0x39,
0x3 4 ,
0x5E,
0x61,
0x4 4 r
0x58 ,
0x2D,

) x. :■! 2 ., 0x5 A, 0x65 ,
0x5D , 0x59 , 0x75 ,
0x23 , 0x62 , 0x2 A,
0X4 F, 0x52 , 0x20,
0x4 6 , 0x71 , 0x3 8 ,
0x2 A , 0x58 , 0x6C ,
0 X :■! C , 0x31 , 0x4 F ,.
0x27 , 0x78 , 0x7B ,
0x62 , 0x29 , 0x7 A,
0x32 , 0x33, 0X41 ,
0x71 , 0x28 , 0x26 ,
0x48, 0x5C, 0x74 ,
0x70 , 0x7 D, 0x35 ,
0x6 A, 0x69 , 0x60 ,
0x35,0x65, 0x49,
0x54 , 0X44 , 0x59 ,
0x6C, 0x43, 0x6D,
0x2B , 0x6E, 0x7F,
0x6B , 0x72 . 0X62 ,
0x3A, 0x68 , 0x73,
0x3B, 0x35, 0x24 ,
0x45 , 0x3 B, 0x21 ,
0x58 , 0x7A, 0x48 ,
0x30, Qx4E, 0x29 ,

0x4A, 0x45, 0x72 ,
0x5B, 0x27 , 0x4 C ,
0x6 5 , 0x4 D , 0x4 3 ,
0x52, 0x20, 0x63 ,
0x20 , Qx2B , 0x79 ,
0x76 , 0x7F, Qx2E ,
0x29 , OxSC, 0x3D ,
0X.3F, OxlF , 0x3F ,
0x41, 0x24 , 0x7E,
0x73, 0x6F, 0x77,
0x39 , 0x42 , 0x78 ,
0x31, 0x48, 0x67,
0x49, OxSD, 0x22 ,
0x2E, 0x23 , 0x6 A,
Qx7D, 0x74 , 0x5C,
0x37, 0x3 F, 0x25,
0x34, 0x38, 0x28,
0x30 , 0x57 , 0x36 ,
0x4 C , 0x25 , 0X4 E,
0x78 , 0x55 , 0x09 ,
0x44 , Gx2E, 0x4D,
0x5 C, 0x2 D, 0x37 ,
0x79, 0x22, 0x2E ,
0x55 , 0x3 D, 0x3 F

So, encoding character c at position i goes as follows:

■' look up which representation to use (the first, second or third): pick_erteodmg[i mod 64]

liruj the representations in the huge (able: encoding! c * 3]

encoded character = encoding [c*3 + pick encoding f i%64] ] ;

Because the (able starts at 9 and (hen goes to 32, you’ll have to do some corrections. But well get to that later,
as we are not really interested in encoding after all. We want to be able to do some decoding!

The Decoding Tables

The pick, encoding lahle will stay the same This is because each character (exec pi for the escaped ones, of
course) will he in the same place its the original ‘I hen, we could just look up the. encoded character in the table. For
instance, an M A‘ in encoded test (hex (Ml), occurs on these places in (he “encoding” table:

row 9, group 4, representation I - "F*

row 10, group 3, rcpre*enluiu>n 3 - "T

row 23, group I . representation 2 =

So an “A" in the encoded (ext is an I I, oi \ . deiHNiding un its position Where there is a 0 in (lie pick encoding
table, it's an F, for I it’s an I, ami lor l it’s a \

You don't want to go looking ihtough the cm udmg table each time trying to find those numbers By transform-
ing the encoding (able into unmht'i uhli \mi . an just v> |u purilmn 0x4 J iVni.illy, 0x4 1 3 1 to correct it skipping

everything below space except for I AM) and pn 1 Hie u>ma i n pn seulttlitm.

unsigned char transformed] t] si,'];

Yoid maketrans (void)
int i , j t

for (i«3l; i< = 126 ; x + +)
for ( j =0 ; jc3; j + + )

t rans f onned [j ] [encoding [( i- 31) *3 ■+ j]]

= ( i==31 ) ? 9

With this matrix, it’s very simple to look up the original character by simply looking it up in our table. Assume
i is the position of the character and c is the character again. Then:

Page 16

2600 Magazine

decoded = transformed [piok_enccding [ifc€4] ] fc] ;

The Friending of the Length -Held

So what s leU is (o lind out how many characters there are to decode. If we just keep decoding stuff, we will de>
code pan or the HTML that** behind the encoded script. This can be avoided by stopping when a “<” is encountered
i“<" will never appear in an encoded stream), bui even in (he case where we are looking at a ' pure” script filed* as
or *.vbs), there is some checksum stuff behind the actual dala. which we should noi decode.

, 1 created a number of fifes of different si/e. By giving them a 1 ,js extension the entire fife is encoded without the
Script Encoder looking for a Man marker. The resul ts arc below (only the first 12 bytes are displayed).

Length First 12 bytes ASCII

41-41

#@"EQAAAA==

41-41

tt@"EgAAAA==

41-41

#@ a EwAAAA=^

41-41

FAAAAA= =

41-41

#@ a FQAAAA^=

41-41

#®*FgAAAA==

41-41

FwAAAA==

41 “41

#@*GAAAAA==

41-41

#@*GQAAAA==

41-41

#@ a IAAAAA==

41-41

#@ a MAAAAA==

41-41

#@^uaaaaa==

41-41

#@ a YAAAAA==

103

41-41

#@ a ZwAAAA==

104

41-41

#@ x aAAAAA- =

111

41-41

#@"bwAAAA=^

116

4 0

41-41

#@ * dAAAAA^ =

166

41-41

#@*pgAAAA==

216

41-41

#@ a 2AAAAA==

265

41-41

#@ a CQEAAA==

451

41-41

#© a wwEAAA==

1 he length seems to be encoded in the 5th to 10th byte, and 4 1 appears to be representing zero. The first byte of
(he length seems to be increasing w-iih one when the length increases wiih four. Also the second byte alternates be-
tween 41, 51, 67, and 77,

If you look at length 166. ibis value is 0x70, where it should be 0x41 + (166/4 ) = t)x6a. So something goes
wrong, and it cap be narrowed down to length 1 04, where it suddenly jumps from Ox 5a to 0x61, This puzzled me for
a long lime, until I realized that Ox 5 a - Z and 0x61 = a .And yes, the length turns out to be Base 64 encoded in-
deed!

The Checksum

A( the end of the encoded data is apparently some kind of checksum. I did not look into this any further

The Decoder Program

I he further working of the decoder program, which can be downloaded from the sendee home page, is left as an
exercise to i lie reader. It s implemented as a ‘ I tiring-like ' slate machine. The decoder will treat .js and .vbs files as

i Lilly encoded, while ,htm(l) and .asp tiles are seen as tiles that contain script amongst other things like HTML
code.

The decoder simply takes two arguments input filename (encoded), and output filename (decoded).

There is one thing lacking in the decoder: the value of the <SCRJPT LANGUAGE^ ' attribute is nor
changed hack into the original form. You'd better use a tool like sed far that.

Conclusion

ft’s not just sad that Microsoft made a tool like this. They've probably asked Bill Gales' little nephew to write
this code. The really had part is that Microsoft actual ly recommends that people use this piece of crap and, because
of that, people will rely on i(, even though the documentation hints that it's unsafe. (Nobody reads the docs any-
way....)

Security by obscurity is a bad, bad idea, InMead of encouraging I hat approach. Microsoft should encourage pro-
grammers to find other ways to More their passwords and sensitive data, and tell them that an algorithm or any other
piece of code thal needs to be "hidden" is just bad design,

rhis much' originally appeared in the Dutch hacker zim t Khiphck. They can be found at www.kUtrihek.nl See
this issue ir Marketplace for info on their monthly Meetings.

Spring 2001

Page 1 7

by Loki

You may have seen these floating
around in your hometown. They are rela-
tively new Internet kiosks called "Advanls
Terminals' 1 (www.ad vants.com). With a
price like $1 for five minutes it’s almost a
crime to even use these things. So the I al-
lowing is my ordeal with liberating one of
these terminals that resides in a coffee
shop in my homeiown.

One day I walked into my local hang-
out u> get a coffee and when I went to sit
down with my beverage I no- —

Liced a computer looking
thing on a low table in the
corner. Almost immediately 1
went into hack mode. Many a
question ran Lhrough my head
such as: what OS is it run-
ning, what kind of connection
does it have, what are the sys-
tems specs, can I run quake
and most importantly how can I use it for
free. Well here’s the low down people.

All of the Advants terminals I've come
across have been Win tel boxes: * gig HD,
500mhz Celeron, 48 megs of ram, and an
ATI Rage 1 28 video card. To keep the
kiosk “secure” instead of running the nor-
ma) Windows Explorer shelf it runs a pro-
gram called "Netshift '

(www.netshift.comf As long as it is run-
ning this, pretty much all useful operations
are impossible. So tO get started the first
thing I did was pull the plug. When 1 tried
this l found that the plug was somehow at-
tached to the wall. They did this by having
a screw go into the ground plug at a diagi>
nal and putting pressure on the inside of
the ground plug hole. To get past this all
you have to do is reach under and unscrew
until the plug comes out of the waif Now,
since the beginning of my experiments
w ith this kiosk they have upped the secu-
rity a bit by encasing most of the computer
in a larger cabinet (soi l of like a standup
arcade game) and pulling in a relatively
useless UPS (Uninterruptible Power Sup-
ply). If the machine doesn’t turn oft w hen
you pull the plug you should hear a beep-

ing in the lower part of the cabinet. If you
are using one of the smaller “desktop ter-
minals it should just go off immediately.

When you plug the box back in it wall
power up. Now this is where it may be dif-
ferent from box to box. The screen may or
may not be scrambled while this happens.

I he box l play with started out not being
scrambled, then w f as, and now isn’t. So
you may have to do the rest of this w ithout
being able to clearly see the screen (don’t
Worry, it isn’t that hard). You will get your
normal boot thingy (yes, that's
a technical term), CMOS is al-
ways passw r orded in my experi-
ence but if you want to screw
with u, that's your prerogative.
To gel to it just hit delete as
usual. I won't go into that be-
cause 1 haven't messed with it
(yet).

Just after it is finished with
the RAM and HD check is your chance to
get into DOS, hit Ctrl -Esc (not F8), and
you should get Lhe Windows “safe mode”
boot prompt letting you choose Safe- mode.
Normal Boot, or DOS and a few other lit-
tle options. Now this takes a little timing
and finesse but iL can be done, so don't be
discouraged it you see a Windows 95 load-
ing splash screen - just hit Ctrl-Alt-Del and
go at it again. Once you get to this stage
you’re just about half done. For you people
with a scrambled screen, you should see a
somewhat recognizable while bar across
your scrambled screen that means you’ve
got it,

Now hit 6 and enter. This will get you
the t >t >S prompt, for you people with
scrambled screens, type “els” and enter to
i \ u clears lhe screen. If so, you’ve got
iL 1 rom here it defaults to C:/ so you’re
going to have to go to the Windows direc-
tory red Windows), Now here is the tricky
part lor you people who arc doing this
blind. Type “edit system. ini” and you
should get a blue screen that is the familiar
DOS edit program. Now we are going to
change the shell from Netshilf to Explorer,
Now hit the down arrow two times and en-

Page 18

2600 Magazine

ter a i his will comment out the
“shell=ne tsh i ft/naska, e x e” line. Then hold
down the “ftT key and that will turn the
right arrow key into the end key. so basi-
cally “shift-end ' w ill move your cursor to
the end of Lhe line. Now hit enter and type
“shell =e xplorer.exe”. Don’t mess up be-
cause this could cost you the box if you
botch it. It should look something like Ihis:
l hoot j

oemfontsfan - vg t loem fan
//shell-netsh (ft/naska. exe
sh ell = explorer, exe
system. drv= sys tem . ( In-
ti r: vers - turns ystem. dll po wer.drv
“All-F” followed by “X” and “enter”
will save and exit you back to the DOS
prompt. Now type “Win” and hit “enter”
and you're on your way to a free net box.
The power supply is ATX and if it boots
into Windows and you typed the shell
wrong it'll try to shut down. Shutting
down means you either have to get inside
the locked case to turn it back on or you
have to call Ad v arils and wait for them to
come back out and lix it (I've had to do
Ihis three times!), II it says something
about it being a bad shell or something,
pull the plug and go again.

Now if that sounds like a real bummer
to do blind, you’re in luck, There is an-
other way, but I fell like explaining the
way 1 did it my first time. The way l just
explained is the most fun and the most
haekish. It's also the quickest and has lhe
least potential for destruction of the box,
especially if the screen isn’t scrambled.
The box, when it is running Netshift runs
War_FTP and most of the boxes allow
anonymous access. There are two ways
you can take advantage of this. They both
involve getting the box’s IP, To do this
click the free C-NET button, and use C-
NET’s web search. Search tor “your IP”.
Tli is will locate a site Lhat will show you
your IP when you visit it. Now that you
have that, you can do one of two things.
One, you can go home, ftp to the box,
download the system.im, edit it and re-up-
load it, then go back to the box and reboot.
Or you can get something callec LVNC
( ww w. uk . re search , atl . rom/ygy / ) , flV i lh lh is
pt qg you can log intov our own .box from
t heiiel and _sec your desktop jn.re.al 1 1 111 e . f
STnjTtte^ouhave VNC on your box at
home, all you have to Jo is put a dollar
intentfe Ad want's box, t yp e your home IP

into the “goto” form and you’ll get your
homFdesku>p:TY(5m There you can use that
even after your time runs out to do what-
ever you w ant on your home box because
the page address never changes so it won’t
kick you off. This is helpful because you
can now upload things from your home
box to the Advant’s box, such as a new
system, ini.

If everything worked out right you
should be in Windows and you can have
all the fun you want exploring around. Just
remember - when you’re done put it back
to NetShift so some “K-Rad Elyte H4xftr”
doesn’t come along and destroy Lhe box or
shut it down. You can then have fun later
the next time you want to use the box.
Don’t forget lo share your free net access
while you’re supervising. People will ap-
preciate it more than you know and you’re
bound to make a few friends that way.

I personally have pul GLQuake on lhe
box that I use and it runs pretty well. The
connection is most likely a crappy DSL
shared on a LAN modem somewhere so
it's not really suited for much. Eve seen it
get 1 5k a sec but it usually gets 5-7. The IP
range from what I've seen is 38.28.129.*
and 38.28. 130.* if you’d like to scan for
she boxes. I’ ve yet to have any luck that
way though.

It says on Advant's web site that they
will soon be switching to the Linux OS to
bring down the cost of the box and thus
lower Internet prices. When they do that,

I II get on top of it and write a follow-up
article on liberating the new OS.

I’d also like to give props to my man
Agile for being there for moral support,
free drinks, and more than one time pre-
venting m e from doing stupid crap (and
hitting me when I did do something
stupid).

Spring 2001

Page 19

A ROMP
SYSTEM

THROUGH

SECURITY

by Lumikant with help from Zarium

So you have your web server, you've got
millions of hits on your web siie every day, hut
you feel that ever-present nagging feeling inside
that there's something missing, You're light,
something its always missing ■ its tailed seen
rity, “So, how do 1 secure this beast of mine
here?” you may ask. In this article, you’ll see
some ways of going about it. However, tins is in
no way a complete guide to security, hut rather a
cornerstone, ora foundation, m learning the ha
sics on UNIX and UNIX variant security. Topics
covered will include basic software security,
hardware security, and general common sense
techniques to prevent your system from getting
owned. Well, that's enough yack in, let’s get to
hacki til

It's assumed you have general knowledge of
a *nix based system. All the methods herein have
been tested on a Slack ware 7. 1 system, as well as
a Red Hal 6,2 sy stein. These are two common
distributions of Linux that are often used for web
servers. We Ye also assuming that the computer
the server is on is an up to date computer (at least
300 mhz, 128 megs of ram) that can easily be
used for a web server Hopefully you are Ruining
at least kernel 2.2.1 6, or a development version
written around that kernel. Some of the methods
in this article will be of no avail or may not work
if the kernel is a lower version than that. A side
note here - always get the latest stable kernel
running on your system. With every new release
comes new bug fixes, new updates, and support.
Security isn’t a one-time lix-alt, hut rather a care-
ful ever- watching vigilance over your
system/network

This article is also written speu!ic:dl Utf w

curing a web server that hosts a web sue H yon
intend to use the system fot more tli.m jlisi tli.n
be careful how you follow what is described in
this text, because the methods may cripple other
vital services that you’d need in other situations
It does however allow for optional POP3 c mad
usage through a local SMTP Server. However,
unless you need it, we recommend you drop that
service. Being as just about anything is ex
ploitable, it's only a matter of time until someone
uses that service against you. (Yes, paranoia is a
good thing here, guys.)

f inally, we are assuming you have local ac-
cess to the server itself. If you can only admin
the box remotely you will have to allow certain

exploitable services that [ would suggest disal-
lowing and/or killing. Services such as ftpd and
lelneld. After all T if you can dig into it remotely,
that means somebody else most certainly can.

I he basics of securing a web server are often
the most neglected. Admins seem to be sloppy
when it comes to this, the most important part of
securing a server. What good are all the patches
in i he world, all the firewalls and other various
software, if your kernel is exploitable or if other
users have a great deal of access? Not very is the
correct answer (give yourself a pat on the back if
you got that one, but not too hard, you may pull a

The Kernel j J O /

fhe kernel is the core of a *nix system. In
fact, ii is almost the entire system itself. The ker-
nel is notated for its version. For example, the
latest stable ! erne I at the time of this writing is
2,2. 18 The version of a kernel has two parts, the
kernel version (first and second fields) and the
patch level (third field). Kernel 2.2,18, for exam-
ple, means that 2 2 is the kernel version and 18 is
the patch level of this specific kernel, [f the ker-
nel version it sell is an odd number (i.e,, 2,3) T

then it’s a development kernel. This is not a sta-
ble release and should not be used unless you're
a programmer or Unix Guru. In that case, use it
by all means, improve it, re -code it, work on it,
and then tell everyone out there so they can help
improve it too. Development versions oftentimes
have many bugs that are easily exploitable. Un-
less you are a Unix Guru, you should not run a
development version of a kernel. The latest ker-
nel jfMMMlnally he found at in the I reshmeat
; 1 1 i hi ves (for Linux ): www. frvshmeat.net/.

Rool Account Mm

Another security issue admins often Over-
look is the usage ot the root account. For most
wori on do (1 root recount isn’t needed. This
\\ an important point to make. When you mess
with the iv hm account, you are playing with fire.
Von don't get pretty little error messages with
UNIX hke you do with Windows if you say
“Delete this," It does it - no recycle bin. It’s an
unnecessary risk, especially if you are running
an xtv m Not only can you make mistakes as
root that can compromise system security, it also
makes ii more difficult to sec when others have
been accessing the root account, which is an im-
portant step in finding out who owned you.

The easiest way to avoid problems w ith root

Page 20

2600 Magazine

is to make another user account - using the M ad-
duser ,T command - and give that account admin
permissions. This will allow most actions, but
will keep you from causing wanton damage to
the system and make it easier lo notice unwanted
activity as root. It also makes lor a safer xterrn
environment, disallowing someone from crash-
ing your entire system remotely through an
xterrn buffer overflow.

Shell Accounts

Sometimes other people, friends, associates,
and otherw ise will want an account on your sys-
tem, be it for iheir ow n web page, use of the ser-
vices, etc. This is okay! It's one of the beauties of
running a *iiia system r allow ing multiple users
to log in. However, just like the Force, this has a
dark side. If one of your friend's accounts is
cracked, that person loses w hatever privacy they
had with their files and gives the intruder a
launching place to root you. Give shell accounts
out to only the most trusted of people. Another
great aspect of Linux is the ability to use differ-
ent group ID's, Put all users into a group such as
games so they have little to no access to ex-
ploitable system services. A practice that is be-
coming more and more popular nowadays is to
simply block out port 23, the telnet login port,
disallowing shell accounts. While this is a clever
way of keeping you from being rooted, it also
crimps the beauty and ability of *nix systems.

Services

Now let’s move on to many of the services
and daemons that keep a *nix system running
well. If the kernel is the base, the skeleton, of a

nix system, then the services and daemons are

the blood, muscles, and skin. They are what
complete tasks, allow external users, post your
web page, etc. They're also what allow the easi-
est entry into your system, so do be careful. Sev-
eral services are very important to you if you're
running a web server. The most important of
these is the Hyper Text Transfer Protocol Dae-
mon. or httpd. Ibis is the daemon that actually
opens port 80 for HTTP traffic, thus allowing
your site to be viewed. This service is not stan-
dard on a *nix system, U comes with whatever
web server you choose. This daemon in and of it-
self is very secure.

Another daemon that is almost as necessary
as the httpd is the frond. This daemon watches
all the programs on your cron tab (a list of pro-
grams that should always he running), and il one
of them is down, inactive, absent, or frozen, it
begins the program anew to make sure the pro-
gram is running. If the initialization program for
the web server is on the cron tab, whenever it
crashes it will be started again, thus keeping the

page up.

Many services and daemons however are un-
necessary and are very insecure. These services
should be killed and whenever possible disal-
lowed from starting in the first place These ser-
vices ure what allow most defacements and
intrusions,

finger d

The most unnecessary and dangerous service
is the fingerd. The finger daemon, running on
port 79, is also useless. The sole purpose of it is
to give out information about your users. As if
that’s not dangerous enough, if is also a very easy
service to crash, most often through a buffer
overflow, to give one a root access shell. Here is
a finger response from a WindowsNT Webserver
running worldgroup.

Crystal Mountain BBS
User-ID : Sysop

E-mail a U as : Sysop tip wgserfo crystal- mtn , com
Sorry, that User-ID has not filled out a Registry 1
entry

Til is is an example of finger information from a

mx based system.

Last login Sat Nov 25 16:33 ( CST } on tty CO
Mail last read Wed Dec 13 05:04 2000 (CST)

No Plan ,

As may be apparent to you. this offers quite a
bit of information that could be used by someone
wishing to infiltrate a system. It gives the shell
type used (bash), home directory, real name (in
some cases), last login, and last time the mail
was read. Sometimes the plan can show even
more important information. All of that coupled
with the buffer overflow possibility makes this
service very dangerous. It should be removed
from your initialization files (usually
/etc/inetd.conf - just comment out the lines that
start this service. Other places you could look are
the /etc/rc.d/ where several files may exist that
manage your startup services. This is going to he
different with every flavor of Unix out there.)

ftpd

Another service that is easily exploitable is
the itpd (File Transfer Protocol Daemon), This
daemon allows people to access files on your
system, as well as send files of their own. The
danger in this is pretty self explanatory. Al-
though this protocol is often used and is reason-
ably secure, it is still a risk.

Depending on the version of ftpd you run, it
may be possible to download password files and
other sensitive materials through FFP. so make

Spring 2001

Page 21

sure thjit you have your timers set and restricted
enough to where they're not even allowed read
access to the /etc directory in particular, or if
you're paranoid enough* any wre clary dmer than
Lheir own and anything in the FTP directory.

One version of ftpd, WUftp. is the absolute
worst ftpd one can run. It has so many ex
ploitable bugs, it makes for a playground for am
intruder who wishes to cause your server harm.
People have been known to scan entire IP blocks
(i.e,, 209.23.*.*) for servers running this dae-
mon, just for a little easy fun. Pretty sick, isn't it?

If you have other users or wish to update
your server or web page remotely you will need
the ftpd. Just make sure you have the newest ver-
sion with any necessary patches. Phis will save
you from a lot of trouble in the long run. If
you’re not going to he updating remotely then
kill the ftpd. It's recommended you do all your
updates right there on the . server if possible:
telnetd

Another service that you won't need unless
you plan on having extra users is the telnetd.

This daemon, which runs on port 1*3, allows
users to access a remote console of your system.
This, while being a secure service itself, allows
for many problems.

Basically, the only way to break in through
the telnetd is with a simple brute force attack,
This throws as many passwords as it can to your
computer, hoping one is right. If you have a
strong password this attack is almost useless but
there's still a chance that someone could gain ac-
cess. 11 you are only offering web space to the
people who have accounts on your system, then
giving them access to telnet is also unnecessary
because this allows them to try all sorts of local
exploits on your system. Local exploits often are
more effective due to the easier access to the sys-
tem. All in all, telnetd is unnecessary to be run-
ning unless you have users who want to use the
shell services of your server. If you don't have
any of those users, the smartest thing to do would
he kill the telnetd.

$mtpd I 1L .1

Another service thsu.is nice to have if you art-
offering e-mail services is the smtpd. Tins is die
service that allows your server to send and re-
ceive mail, This service is secure in the way that
it doesn't allow ready access to your system.
However it's insecure in the way that it's easy to
monitor traffic in and out of it. It also allows peo-
ple to send e-mail without their true identity
showing up.

These problems can be remedied by simply
using the newest and patched version of SMTP,
or ESMTP { Enhanced Simple Mail Transfer Pro-

tocol), Also, make sure any important e-mail you
send is encrypted, preferably with PGP. so
snoopers won't get any sensitive information.
Keep Watching Your System!

Another very important part of keeping your
system secure is keeping up with ail the current
bugs and exploits and, more importantly, their
patches and fixes. Something as simple as an
outdated and buggy service can allow someone
access to your system. Not only do these bugs, or
exploits as they are most often called, sometimes
provide access to your system, they can also al-
low malicious users to view sensitive data or
crash your system. This, for the most part, can be
easily avoided with simple measures such as al-
ways using the newest release of a service or
piece of software, lake Perl for example. This
service allows you and other users to make web
based (and other) scripts, including CGI, which
can allow someone to gain root on your system if
they have a shell. However in the newest ver-
sions of Perl, the SI IH> exploit as it is called, has
been patched,

Perl

Perl scripts, if hot written carefully, can also
allow users to view data. Because they run on a
shell and interact with your system, they can of-
ten he "tricked” into displaying information.
Also, if the files it refers to don't have stringent
permissions, then someone could view files deal-
ing directly with the script.

Logs

No. weTe not talking about those things that
you burn in the stove. Logs are very, mucho, uber
important to your system. With these handy
things, you can see who broke in, from what IP
address they were hailing, and at what time
(among other things). You've got to log every
connection, and for you paranoid people out
there, every single packet that comes into your
system. A firewall can accomplish this rather
easily, but your system will also log failed telnet
logins. If you notice (hat a certain IP attempted to
login as a user several times and failed, then you
might consider restricting that account and ban-
ning that IP address, being as someone is very
likely to be trying to brute force their password.
Your system also logs odd happenings. Pay at
tendon to your logs. If you get owned, you’d bet-
ter be able to prove how when you go whining to
the authorities, System logs are usually ap-
pended m a file located in/var/log/messages.
Passwords if fj ftp /fl

One thing ybur usSrs need to have H a sfrrihg
password. This basically means that if lheir pass-
word is their first name (i.e., jerry), then you've
got a problem. Let’s say Jerry has a friend at

Page 22

2600 Magazine

school who wants to thrash a Unix box some-
where. He knows Jerry’s username on bleh.org is
“dude". So he goes in and brute forces the pass-
word Since he knows Jerry, he’s going to guess
things that are close, near, and dear to him, such
as his girlfriend's name, his dog's name, his
mother's name, his car. his favorite movie, etc,
finally, the intruder enters * 'jerry" as the pass-
word and he’s allowed in. From there he down-
loads local exploits and roots your sorry rear, Tsk
isk, if you would have been a good little sysad-
min, this could have been avoided. You should
have Jerry change his password every three
months (i,e„ every business quarter or whenever
you feel it would be a good time, as long as it's
somewhat often). Make sure Jerry’s password is-
n't something like 'laura' (maybe his wife’s
name?). Thai's just dumb, because anyone who
knows Jerry and is trying to guess his password
is going to know Laura more than likely and try
guessing that as his password. Make him use
something off the wall and totally random, like
77x88349 2x x sofy B B25 Tk The longer the pass-
word, the better, as it takes a dictionary creator
and/or password cracker much longer to reach a
password of this length than it does “laura”.
Also, even though it may be hard to remember,
it's still feasible to create a password within a
password. For example* let s say your dog's
name was “Missy" (like my mom’s little dachs-
hund. God rest her soul). Let’s say you have a
work ID number of 12345. Try this: Im2i3s4s5y.
This spells “missy" with 12345 strewn through
it. Although this method is commonly used, it is
a bit more difficult U> crack.

Firewalls

Firewalls are super-handy Make sure you're
running one on the gateway in your network,
otherwise you’re asking for trouble. Firewalls

block whatever you tell them to pretty much, in-
cluding ICMP attacks, w hich are the most com-
mon when you’re getting packeled. This can
greatly reduce the risk of being packeled to
death, but it doesn't mean that it won't happen.
Nothing can fully defend against a smurf attack,
but you can sure slow' one down by having a
proper firewall installed. There arc several fire-
wall types you can get, ranging from software
firewalls such as Conceal PC Firewall. Freedom,
or IP Chains, There are also hardware based fire-
walls and routers, the most prestigious of which
are Cisco routers. Depending on how much
money you wish to spend you can get varying
degrees of protection. From packet routing. IP
banning and looping to port protect ion, logging,
and warnings. I have used several different fire-
walls. mostly software based and most are use-

less. For the most part they just log connection
attempts. Although it is helpful to log, protection
is slid belter, For your *nix based system l would
recommend TP Chains and Port Sentry, Collec-
tively they offer a great deal of protection. IP
Chains routes harmful packets while Port Sentry
logs connections and warns you of possible at-
tacks. Port Sentry also negates most scans,
stealth and otherwise.

The last line of defense here are the services
you're running. If you’re running SMTP, HTTP,
telnet, finger, etc., you’re in deep crap, dude I
You'd better get rid of every single one ot those
services, because they're all exploitable. Every
service under the sun is exploitable, but these in
particular because they're used so much more of-
ten and are far more likely to screw you rather
than some of the other things. Let’s start with
SMTP, Simple Mail Transfer Protocol isn't nec-
essary unless you're running an e-mail service
on your box, so get rid of it if at all possible. An-
other risk (in addition to gening rooted through it
somehow) is that of spoofed e-mail. It’s possible
to telnet to port 25 on a target and manipulate
SMTP to send a fake e-mail to anyone in the
world. Your best bet to prevent this is to block
the service, or run ESMTP instead. HTTP is
probably going to be a necessity if you re run-
ning a web server - just make sure that you have
all the patches and security info available that
you possibly can gel because no web server, no
matifcr how rare or how well coded it is, is totally
secure, I recommend using Apache, since it's
tree and fairly stable. Just be sure to get all the
patches* and bug fixes for it. Telnet is a whole
monster in and of itself. The service itself is se-
cure, but not what it allows people to do. Having
telnet open is basically an invitation to get your
butt kicked, so close it off and don'; allow shell
accounts. Finally, as mentioned earlier, finger is
a no-no. Anybody, even newbie wannabe hack-
ers, can play with finger. It's basically there for
one reason alone - to get you owned. Any buffer
overflow will cause linger to give a user root ac-
cess - it’s the simplest type of attack. So make
sure to block it out. If you want to get rid ot these
services, try editing /elc/inetd.Coni and there are
also some files in /etc/rc.d/ that you may want to
have a look at too.

Hopefully after reading this you have at least
a basic idea of how to secure your server. Al-
though it does not go incredibly in depth, it is
more than enough to keep most “kiddie" hackers
out of your system.

Spring 2001

Page 23

iCKAi

by Durkeim the W ithered God

There is nothing worse than waiting- I
hate waiting to gel food, I hate waiting to
take a piss, I hate waiting for my paycheck,
and I definitely hate waiting in airports. So
there J was at 10 am, bored as hell, walking
back and forth, tin Li 1 I discovered those
mean looking Internet stations. Tve seen a
lot of different Internet stations around the
world, but none looked as mean as these
(they’re like cubicles but made out of
steel). Basically, in these stations you have
a decent keyboard, a nice monitor, and an
average interface. These arc the Quick AID
Internet stations (www.quickaid.com). In
this Internet station, similar to all the oth-
ers, you swipe your credit card, and for
three bucks you can search for extraterres-
trial intelligence on the Internet for 10 min-
utes. Oh well....

Finding the Operating System

This is always the best part of the entire
process* I tried a few things: ALT-F4, ALT-
ESC ALT-TAB, Ctrl-Alt-Del, invalid char-
acters. and so on. After overflowing the
buffers by repeatedly pressing composite
characters and special keys, I noticed the
continuous Windows "ping sound and the
Windows desktop image in the back-
ground. That along with the “nice" pol-
ished icons is a clear indication of the evil
operating system. As always, dumb devel-
opers chose Windows to program their ap-
plications. Just because it’s easier to
program in Windows it doesn’t mean it s
safer or better

What Can One Do Without Paying?

In the beginning the access is very lim-
ited, We can only browse their web page
using a stripped down version of Internet
Explorer 4. send comments, and that's it.
This obviously means that the machine has

a permanent connection to the Internet,,.*
Gnoood.

Since 1 am such an ethical guy, I de-
cided to save the brute force method (buffer
overflow and keyboard/mouse crash) for a
last resort. 1 decided to stick with the ba-
sics. So I started exploring the only gate-
way possible: their web page. As I
expected, all the hot keys were deactivated.
That meant no CtrLS and so on. The next
step was to look at every document on their
site to find a missing link. Before long I
came across a zipped hie inside the site.
Wrong move! As soon as I clicked the file,
our good friend, the unregistered version of
win zip, came up. The machine was now
mine.

Obviously the next step was to add a file
to the zip files. I suggest that you add
c:\winnl\system32\wtnfile.exe. (You all
probably remember this as being the 3,1
version of Windows Explorer.) Then, just
execute it after adding it. And voila. t he
system is now r yours. You can edit the reg-
istry, change the settings, get the hot keys
enabled again, navigate freely on the Inter-
net, and, most important of all, you can dis-
able that silly Cyberpatrol (unethical).
Browsing the Web

Using winftle.exe, execute c:\atcom\in-
stali\ATbrowser.exe and there yon go. The
rest is up to you. If you want you can even
start an ftp server in their machines!

Fm submitting this article just to prove
that Windows -based programming is
wrong, had, barbaric, buggy, morally
wrong, and slow. Stop being lazy and pro-
gram everything from scratch on a decent
platform. You’re not going to rediscover
the wheel, but you'll have perfect control
over everything! Control, my friends.., its
all about control.

Page 24

2600 Magazine

FOR IMMEDIATE RELEASE

CONFIDENTIAL - DESTROY BEFORE READING

November 20, 2000- San Francisco, USA- The Billboard Liberation Front (SYM:BLF)
announced a major advertising improvement offensive today, taking responsibility for the
heroic modification of thirteen large-format billboards in Silicon Valley along the northbound
US-101 freeway corridor between the Whipple exit in Redwood City and San Carlos exit.

The pro-bono clients in this campaign were all technology companies, w ith a sector focus on
the endangered and much maligned “dot-coms”. Billboards in the target sector w ere
graphically enhanced by the addition of large- format warning labels, in the style of a standard
computer error message, bearing the bold copy: “FATAL ERROR - Invalid Stock Value-
Abort/Retry/Fair'.

The BLF justified its actions under the emerging doctrine of Prophylactic Disclosure, citing
recent examples of other industries that, through failure to self- regulate, eventually lost all
access to the outdoor medium, “We love e-commerce”, explained BLF Operations Officer
Jack Napier, “and we really love outdoor advertising. We’d hate to see the New Economy go
the way of Big Tobacco by failing to make a few r simple disclosures”. Citing the recent
demise of e-tailer Pets.com, Napier pointed out the inherent dangers of marketing securities
to children. "First Joe Camel, now the sock puppet- we re clearly on a slippery slope here”.

I he Internet bubble will not be allowed to hurst on our watch”, agreed BLF Information Of-
ficer Blank DeCoverly. “It s a very robust bubble, albeit temporarily low oil gas. The fact is,
these companies are drastically undervalued, and the investing public needs to be made aware
of that. Would a dying industry increase its spending on outdoor advertising by over 670 per-
cent in a single year? The naysayers are clearly falling prey to irrational under-enthusiasm,”

Participating companies in the campaign included Internet pur e-plays like E* Trade,
Women.com. and Support, com, as well as “shovel -selling” high-tech stalwarts like Oracle
and Lucent. The Pets.com stick puppet was not available for comment.

Founded by a shadowy cabal of understimulated advertising workers, the Billboard
Liberation Front has been at the forefront of advertising improvement since 1977, adding its
own unique enhancements Lo campaigns for
clients including Zenith, Apple, Max Factor,

Phillip Morris, and Chrysler,

For more i n I brm at i on , pie ase v isjt
http : // W' w w. hi 1 ! h oa rd 1 i berat ion . co i n ,

###

Spring 200 /

Page 25

With

Fabric

Chris Silva aka Sarah Jane Smith

n -i

chamber that either

■k

s nr

[ his is an article in which 1 plan to
describe quantum-based computers
and their application for defeating
public-key crypto.

Let's begin by describing basic
quantum principle. Particles work in
funny ways* Its believed that anything
at the atomic scale obeys the laws of a
very different type of physics than we
normally see: quantum physics. Un-
like classical physics, quantum
physics deals with information and
probability instead of physical forces
interacting. For quantum- based com-
puters ah we really care about are par-
ticles in superposition, quantum
entanglement, and quantum interfer-
ence*

Particles in Superposition

A particle can have at least two dif-
ferent states, spin-up and spin down
(or 1 and 0). That's all we care about
right now. Logically, one would think
that a particle with two states is either
in one or the other That isn't so. Un-
der quantum physics a particle is in
both (or all possible states, given its
location) at the same time* That is, un-
til the particle is observed, it's neither
spin-up nor spin-down but both.

Quantum Entanglement and
Non-Physical Com muni cation
Quantum entanglement is when
two interacting particles are in super-
position. Schrod inger's cat is a good
example. Say we have a particle in a

not. In that chamber there s a geiger
counter that’s booked up to a device
that releases a poison gas into another
chamber that contains a cat. Since
both the particle and the cat are in
chambers we cannot see them* We
cannot observe the particle to see
whether it has decayed or not, and we
can't see the cat to reason w hat hap-
pened to the particle. The cat, the par-
ticle* the geiger counter, and the
poison releasing device are said to be
in superpositional entanglement for
quantum entanglement). Only until w'e
observe the cat, the reality where it
died from the poison gas or the reality
where it's still alive is our ow n. Any
ti me before w f e observe things, the cat
is both alive and dead. Although this
example may not be too likely on ac-
count of the size of the cat and all.
particles can becom e e n tan g I ed in this
way. hi fact, particles can become en-
tangled in such a way as to allow non-
physical communication. Once in
superpositional entanglement particles
remain that way until observed, even
if they move miles apart.

Say that we have two particles at
10:00p in superposition. At 10: lOp we
put both of them into a device w f here
they are XGRed (remember: spin-
down-0, spin-up=l) so that the parti-
cles come out of the device as both 0
or both I , or rather, since they’re in
superposition they’re both 0 and 1 at

Page 26

2600 Magazine

the same time. Now we move them (in
special containers that isolate them
completely) to two labs: Alice’s lab
and Bob’s lab. They both get their par-
ticles at I l:00p. Alice puis her particle
into a device that changes d to a 1
without observing it (e.g. laser-cooling
ion trap). Bob sits still and does noth-
ing* At exactly 1 1 : 1 G*29p Bob and Al-
ice observe the state of their particles*
They’re both 1 ! What this means is
Alice communicated a I to Boh non-
physical! y. Since their particles were
in superpositional entanglement until
they both observed them at 1 l:10.29p,
one affected the other's probability of
being 1 when Alice pul hers into her
device.

Quant ii in interference

Quantum interference is what
makes most quantum-based computers
possible* All possibilities are thought
to exist in different universes and. on a
quantum level, a particular universe
with a particular possibility only mani-
fests itself in our own when observed*
There is no way to directly observe a
possibility that is not our own, but we
can do it indirectly! Imagine that
you're standing on a cliff. There are
basically two different things you can
do* You can either jump off or walk
away. You imagine yourself jumping
off - you slam against the rocks at the
bottom and die instantly* Since you
don't want to die, you walk away.

While you didn’t jump off the cliff
you imagined that you did. The fright-
ening possibility of you slamming
against those rocks interfered with you
jumping off. This sort of interfer-
e nee o f poss i h i 1 i t i es can be Figure

demonstrated with a photon. (Fig-
ure l ) A is a photon source that
emits one photon, B and C I

are two detectors that can ^ /

detect a single photon, and w

D is a semi-transparent mirror that,
w f hen only dealing with one photon,
reflects or does not seemingly at ran-
d o m . Log ically you wo u I d ass u m e t h at
both B and C have a 50 percent
chance of detecting the photon be-
cause it went either one way or the
other. While the results are the same,
this is not w r hat happens. When the
photon strikes D it goes into a super-
position of being reflected and not be-
ing reflected. Since both possibilities
can be observed, they both try to man-
ifest into our own universe* But the
properties of D only allow one to. So
there's a 50/50 chance of it being de-
tected by B or C. Now, go to Figure 2.
We * ve p I aeed a p h oton - stop p i n g pi at e
in the non- re Heeling path* Again,
logically you would as- Figure 2

siirne that the photon Q B

would have a 50 percent ■
chance of being detected
by B and a 50 per- a
ce nt c h anc e of be - # —

i ng stopped by the
plate. And again, this is not what hap-
pens. But this time the results are not
the same because of quantum interfer-
ence. Because only the possibility
where the photon is reflected into B is
observable, only that possibility be-
comes our own. Therefore, there's a
100 percent chance that the photon
ends up in B. Man that’s weird!

Better Things Will Surely
Come Our Way
We have a million random num-
bers, each number being unique. We
are looking for the address of number
10294. Under traditional technology
1 there are only two ways one can go
about finding 10294. One way is to
consecutively check all one million
numbers until we come across

_£ the right The other way is

^to do the same thing but divide

Spring 2001

Page 27

our workload by adding more check-
ers, Quantum -based computers do the
latter, but in a very unique way. They
divide our workload amongst checkers
existing in different universes. As
such, they have the capability of divid-
ing work infinitely. So let's build one
(Figure 3):

Classical memory cells (or bits) ex-
ist in two states, t and 0. Our memory

Superposition I Enl&ftfeoicni

cells are individual particles and, as
such, they obey quantum physics.
Since we’re not observing them (at
first) they're in the superposition of 1
and 0, (A bit in superposition is called
a qubit.) Recall that Alice transmitted
t to Bob by changing the state of her
particle. Bob’s particle became I be-
cause it was physically impossible for
it to be otherwise if Alice's was also 1
before observing it. Ihat little trick of
reality allows us to store multiple
numbers in the same physical memory.
Therefore, all one million 9 digit (or
about 2 Ob it) numbers can be stored in
only 40 qubits (actually only 20, but
we want the address too). If we
changed the state (again, without ob-
serving it) of dO- 1 9 to 0, d2Q to 1, aO-
a 1 9 to 0, and a20 to 1 at the same
t i me , w e e re at e d a poss ibility for. de-

pending on how you look at it, address
1 to equal I . We can repeat this one
million times until we’ve stored all
our random numbers.

The classical design of our system
is to let whatever is in d be sent to A
during each clock. A compares its in-
put with the number we're looking for,
which is stored in register B. A stores
the bit addresses that arc shared be-
tween B and its input in C (e.g. if bit 2
of input and bit 2 of B are the same
store I in bit 2 of C), D Checks C to
see if all bits equal one. If they do, D
switches on the gale to our non-quan-
lu in display whic h read s the conten ts
of a.

This is what actually happens; Dur-
ing the first clock all possibilities
stored in d are compared by A in dif-
ferent universes. Physically only one
possibility can exist, so in that uni-
verse similarities between A’s input
and B are stored in C. Since C is di-
rectly related to switching on our ob-
servable non-quantum display, that
possibility starts to interfere with oth-
ers because if s observable. During the
second dock, al I non-observable pos-
sibilities stored in d are compared. In
other words, d possibilities that do not
have the same bit correlations with B
as stored in C in different universes
are compared. This is continued until
there can only exist one possibility,
we’re looking at B in d, and lhafs
when our display lights up with our
answer! That is quantum computing.

Really Practical Applications

The great majority of cryptography
systems, especially public- key sys-
tems, depend either heavily or com-
pletely on the difficulty of factoring
large numbers. Quantum-based com-
puters have the potential of reducing
the predicted computing time of bil-
lions of years to mere seconds for fac-

Page 2H

2600 Magazine

taring numbers of “secure" size. If
such a computer were built, all public-
key crypto w r ould become insecure.

So, let's build one:

The algorithm w ? e intend to use for
factoring is well known. The number
we wish to factor is called N. We start
off by taking a random number (a) be-
tween 0 and N. We then figure out a
phase (r) by computing;
int find _phase(i lit a, int N) {
int tmpp, R[0xFFFF], r;
for(tmpp=G;;tmpp++) {

R| tmpp]=pow(a,tinpp) %N;
if(test_repeal_store_in r(R, &r))
break;

}

return r;

}

After some lime R[tmpp] will star!
to repeal itself, test_repeat_store_in r
returns true when this happens and
stores the number of digits that repeat
in r. Then we take ihe greatest com-
mon divisors (Euclid's algorithm) of
(N,pow(a,r/2)+ 1 ) and (N,pow(a,r/2)-
1 )* The result of this is the two factors
of N.

Computing r under classical means
is very slow ? , For increasing digits of N
the computation time increases expo-
nentially. The only thing our quantum
computer is concerned with is comput-
ing r. The rest of the factoring can be
done normally.

We have two registers in superposi-
tion, x and k. x and k are not prepared
so that there exists the possibilities for
x and k to be any numbers between 0
and po w( 2, si ze of( i nt) * 8) . We then
compute k = pow(a,x)%N (part of
find_phase). After that we perform
l=k, where t is some non-quantum reg-
ister. Because pow(a,x)%N has the
same return value for x+t*r, where i is
any number, x is in superposition of
all numbers that equal k. (Remember,

we read k by t-k. K is no longer in su-
perposition.) We are now ready to read
x. There's a slight possibility that x~t.
If this happens, we’ll have to perform
the operation again. If x!=t we have
r=abs(t-x).

Now that we've found r in no lime
we can compute the greatest common
divisors of (N,pow(a,r/2)+ 1 ) and
(N,pow(a,r/2)-l ) with a classical com-
puter. This should take very little time.

The advantages of such a computer
are obvious. Its potential for breaking
public key crypto may be balanced by
non-physical communication transfer-
ring secret keys about. Still, with huge
increases in memory and theoretical
infinite parallelism we’ll be able to do
amazing things.

My theory about the books 2001-
300 / is that the black monolith was a
small computer w ith the capability of
simulating entire worlds. Thai LSD
trip Dave had at the end of 2001 was
him entering it. Now, is such a com-
puter that far off?

Spring 2001

Page 29

Politics

Dear 2f>m

I can't for the life of me understand why your mag-
Ei/ine endorsed Green Ralph Nader over Libertarian
Harry Browne, While I agree that Nader is a sincere
man and infinitely preferable to Gush and Bore, a sim-
ple look at the respective parts platforms will show that
the Green Party is all about bigger, more intrusive gov-
ernment, and the Libertarian Party is all about freedom.
IKO questions asked. In the crucial area of privacy rights,
the Green platform is vague and poorly written: the bot
lorn fine is that neither five speech nor the rights of the
individual are listed in "The Ten Key Values of the
Greens" (www. graens.org/vdues/). On the other hand,
the Libertarian platform (www.Jp.org/issues/pJatform/-
freecomm.html) is crystal clear and leaves absolutely no
doubt as to where they stand.

Ask yourself: do you want real freedom or don’t
you';' The choice is clear.

Us a J.

You've over analyzed our message. If we wanted to
endorse a candidate, we would have done so in a more
obvious way ; The cover of 17:3 was a collection of im-
ages that summed up the events of the previous month h :
H2K, the RNi \ the treatment of the demonstrators, the
rise of the Green movement and the i pttsUms thev
raised, the “threat’' of a cell phone, etc. Hfr don i care
who you vote for and, as events have shown, it doesn i
really matter unvH'UV. And that is what you should be fa
fusing your anger towards.

Dear 2600 :

I’ve been a long-time reader of 2600, but looking at
your most recent cover, I have to admit to being ex-
tremely disappointed that you would use your magazine
to promote a particular political party. I'm alt for en-
couraging people to support freedom of speech and all
the other values ihai go along with the hacker ethic, but
aren’t you kicking yourselves just a little bit for voting
Nader? Due to the closeness of the election anti the fact
that the Greens' views align far more closely with the
Democrats than the Republicans, it’s probably fair to
say that Nader cost the Democrats the election. As a re-
\ult, it looks like we’re going to have a president who
believes the Internet was responsible for Columbine.
How do you think he’s going to deal wuth Internet cen-
sorship issues? Gore, at least, understands technology.
Just ask Vint Cerf.

Shame on you.

Ben St ra grid I

If printing two words on oar cover upset the status
quo this mm h. we must have done something right. But
w hat really should be offensive to most people is this ar-
rogant attitude that both Democrats and Republicans
have where thev somehow think they're entitled to our

votes. They’re not. And the consequences of believing
this as well as the absurdity of our current system were
both aptly illustrated * in no small part because of those
who dido i fallow the ports line. This wci.v an unexpected
accomplishment. And to berate these people for voting
their conscience is simply unforgivable.

Dear 260 th

Has anyone noticed none of the ’ protesters” in
Florida were arrested? After the demonstrations at the
Republican and Democratic National Conventions and
the World Trade Organization meeting all resulted in the
arrest of many people who were simply exercising their
right to free speech and peaceful assembly, I would ex-
pect the same thing to happen in Florida. However, no-
body was arrested even after one group of Hush
supporters almost stormed the building where the re-
counts were taking place, Had this happened at one of
the national conventions, (he demonstrators would have
gotten a life sentence- This lulls mu l only have the right
to free speech add peaceful assembly if i am supporting
the status quo. otherwise I wilt hu arrested,

Chris S.

Now you're catching on. Another more recent ex-
ample of the misuse of justice occurred in Philadelphia
when drunken mobs smashed store windows and looted
shops during a Mardi Gras "celebration. " Here we had
a cadent t wwd terrorizing people, causing massive de-
struction, ami really si re wing things up. Did they get
held on a million dollars bail for ten days in prison like
some of the demonstrators at the Republican Conven-
tion in the same city six months earlier? Not a single
one oj these rioters imr even held overnight according
to ne*v,s reports. H'u see a distinct parallel with the m
hackers are prosecuted - its always the brightest ones
who don't try to use their talents in a criminal manner
who get the book thrown at them. The real threat to au-
thority is knowledge, not crime ,

Random Questions

Dear I60H:

If cookies can be automatically downloaded to my
computer, why can't some son of virus be placed in-
stead of a cookie? Don’t you think that would be a way
hackers and virus writers could get a virus into some-
one's computer?

MiStReS.S DIVA

( 'on kies don f it ally work that iray - they’re gener-
ated by your computer and stored in a simple text file
made up of single -line entries containing simple fields
in ASCII. They simply can i be manipulated into binary
code and your browser wouldn’t try to execute it in any
case. A far more insidious threat that Internet Explorer
is prone ro allows any file on your computer to be read
remotely if its name and path are known, That's far
more intrusive than anything cookies can do.

Page 30

2600 Magazine

Dear 2600:

Are you guys going to offer Freedom Downtime for
sale on VMS or DVD? 1 would enjoy seeing it.

Frank K„

San Antonio, I’X

That is our intention. We re doing everything
possible to see that this happens soon.

Dear 2600 :

Hey why can't you hold u nun mg in Newcastle-
Upon- Tyne, Fn gland because you hold them in London
and stuff?

Equinox

Technically, we're not the ones who hold She meet-
ings. Various readers of ours do. And it's up to them to
organize and publicize tin meetings which we then list
once thev become established. More info can be found
on our web page in the meetings set tion,

I tear 2600:

Why dues 2600 have a problem with the MPAA?
They didn't make the DMC A. How come more pressure
Isn't being put on politicians?

Keyset So/e

There It this little lawsuit the MPAA filed against us
that has probably swayed us away from their position.
And they might just to well fiuvi written the DMCA
themselves since thev are among the DC special interest
groups who are direct is served h\ it. How much pressure
is put on the politicians is completely up to individuals.

Dear 2600:

You know, 1 think you guys have a lot of people
buying your magazine, Why mu make the magazine full
size so more stuff could fit in it? Also, just so you know,
your magazine is very easy to steal, How do you think I
got my hands on this one 1 ' muhuahaha

Wax

tb' happen to like the digest size, even if it decs tend
to attract vermin. Stupid shit like this is enough to ensure
that store*; cither keep us behind the counter or snip car-
rying us altogether

Dear 2600:

I am a subscriber of 2600. I would like to know
more about the cover of the Summer 2000 issue. Partic-
ularly I want to know who is the person in the picture in
the fifth row and the second column?

muthu

A.v you may know, alt of the pictures an that cover
ore scenes from our documentary "Freedom Down-
time. ” The one vou selected is one of only two that
wound up being cut so either you re very observant or
vou made a lucky guess. This particular shin was of a
manager at US West looking down on a picket line dur-
ing a strike in l V ViS" jvt Denver

Dear 2600:

Does anyone know of any decent search engines
one could use while being fairly certain that the search
terms aren't being lugged and/or he mg correlated with
IP addresses? In these days of massive data mini ng/t rend
analysis techniques, one can't be too paranoid, ("Gee,
ilns IP has a high density *>| bagged terms in its searches
- time bi break out Carnivore])

Empty Set

There is no surefire wuy of remaining vafe, Using
anonymous proxies like www.anonymizcr.com or
www.safeweb.com will do some good but that won i pro-
tect you from anyone logging your keystrokes locally.
Plus the anonymous proxy could also be compromised bt
one way or another or even be a setup if you really want
to go for the paranoia gold. Perhaps the best way n'c
can learn about such things as ( a rn ivorc is to trigger
them more often.

Ltear 2606:

A colleague of mine recently went to a seminar in
San Francisco regarding intrusion detection technology.
These seminars are very popular now. His instructor,
who claimed to be a previous security expert for AT&T
(isn't everyone?) told the class lo read 2600 , But the
warning given was to buy it from the newsstand and not
to subscribe, otherwise “you will gel checked out,” I
asked him who would be doing the checking. But since
he didn't have the insight or forethought to a^-k his in-
structor, it is unclear as to whether the alleged checker-
outer is associated with 2600 or an outside agency
(possi bl y govern me nt ?) .

So, in the interest of information gathering and be-
cause 1 am a subscriber, are you going to be checking me
out?

Boneman

This would be unnecessary since we checked van
out before you subscribed. That’s why wc made sure you
heard about us ami followed the plan by subscribing.
Writing this letter, however, was not port of the plan and
n r will be taking corrective action.

Dear 2600:

After getting my first issue of 2600, E was bothered
by something that I hope you Can explain, On the second
line of Mil- mailing address label, I was surprised to see
seven of the nine numbers of my social security number
(in order) followed by seemingly random characters, I
am not paranoid, and I could care less if “Big Brother'
knows what 1 read, but I w r as curious about a few things.
Why was it there? How was it obtained since it's not
asked for on the subscription form? What were the char-
acters after the number? With a rising amount of identity
thefts resulting from social security numbers stolen from
people's mail* it seems like a bad idea to even remotely
refer to that number (especially on ihe outside of the en
vdope).

D'urlagium

We certainly agree that printing someone s social
security number on an envelope isn ’t a very nice or
smart thing to do. It's hard to imagine that vou believe
we would do something like this. The numbers on your
label are comprised by y our position in our database
(anywhere from a one to five digit number } as well as ihe
first three digits of your zip code fallowed by the number
of subscribers m that area. Other letters and numbers
indicate when you subscribed, when you expire, and
your shoe size. Now enough with the paranoia.

Dear 2606:

At the bottom of page 33 in issue 17:4, "Winter
2000*2001" is blacked out. At first I though it was a
printing error unique to my issue, but everyone 1 asked

Spring 2001

Page 31

had the same thing Could you please explain why it's
like this?

Juiiiv

At best K'f a in offer thrones. Let u \ instead offer a
promise that the problem has been fixed and w<mf ever
happen again.

Drur 2600:

I have been coming across this message regularly
on my POCSAG decoding setup: "NEW PARIS TELE-
PHONE INC 02-1 ALARM 5ESS MAJOR ALARM"
Then a lew minutes w ill go by and HI set? another mes
sage which reads: "MW PARIS Tl 1 I PHONI: INC
02-0 Cl FAR 5 ESS MAJffR ALARM*’. Ant T wrong Qf
is this an ESS system sending a tent message to an ad
ministrator's pager or something, warning him of an
alarm being triggered?

And I would like in say thank you to Black Axe for
the very informative article in 16:4.

Phil ter
Chicago

Your assessment is probably correct You can see
some vary interesting things going by on unencrypted
pager tntjfn . In the Netherlands a number of years ago
p simitar message wws monitored that actually trig-
gered a test of air mid ureas. We believe everyone
should have access to fHt^er information despite the fact
that it i been made t Ur gal by the same C ongress that
brought sn the DMCA. The simple fact is that it's imt
there, it s unencrypted, mul anyone can see it. It's
ridiculous to think that endowing the monitoring of a
radio ugmd is a substitute for adequately protecting the
transmuted data in the first place. We hope to see a lot
more pager monitoring in the future to people can see
first bond how public tt is.

Dear 2600:

Let me start by saying that I think your magazine is
great Hie first time I read ii was the issue before the
current Winter issue and now 3’m hooked. Your blatant
honesty about things is great. Anyway. I was wondering
about a rumor a friend told me. Supposedly the govern
ment blacklists anyone who subscribes to your maga-
zine or anyone who buys it in the stores using a credit
card. Now ] have no problem buying it with cash, but J
was wondering if the rumor is true ui nut, I'm sorry d
this is an annoying question and you receive il often, bnt
I wanted the inith. Keep up the kkkasx mag.

Cyber Inferno

Even if it were true, do vou think they would tell m '
// lhe\ did , we ‘d certainty tell you. Hut most (input
tartly, if \uch a thing were going an. the best hwv to
fight tt would be to challenge it by getting as many pet*
pie on those lists as pets able Even the htnt of sm h op
pressive tactics should not he tolerated. (And don )
forget to wear gloves when handling , umney unless
you want your fi nger prints in the central database. J

Ideas

Dear MOO:

I am disgruntled with our phone service provider
Qwest who charges us $1 no a month not to publish our
names and numbers This is an unethical business prac-

tice and corporate sponsored blackmail Therefore J am
researching the phone numbers and addresses of some
of their chief executives. | would like to know if you
will publish this information on say a ball page along
with a request for them io pay SI .90 per month each if
they would like the information removed from future is-
sues, I ihink This will get the message across to those
who leel they can bully ihe consumer who can't choose
another provider due to phone company monopolies.

Phrt’dogC? Work

It would also get us in an amazing amt Htnt of hot
wafer since the number > are presumably unlisted in the
first plate. This little a am is nothing new to any of the
local phone « j wnpanir c You can easily get around it by
simply listing your tine under a different name . i Then
you also know w hen someone re calling you who is just
reading your fake name at the phone book Incidentally,
the only reason phone companies get away with this
crap is because they technically "own" your phone
number and can change it whenever they want. We're
just lucky the post office doesn't have the some attitude
towards street addres ses,

Dear 2 61 HE

Here’s an idea, When somebody bitches about you
guys owning “ ww, fuck £ whoever he trn", ask that com-
pany if they would like to buy Ihe domain fiame from
you. Let's say for like $10,000 or something. (Just make
if cheaper for Them to buy the domain name from you
than to pay lawyers to take you to court.) If they agree.,
boom, you’re $10, (XX I stronger against fighting the
MPA A. Plus that's one less pissed off company breath-
ing dow n your neck

Rcvi-rund. Daddy

Plus ire also get rid of those nasty things known as
ideals Don i you find it a bit disturbing for someone to
sell their idea of free speech in order to have it si-
lenced ‘ hvrn if n H ere tor a mil bon dollar \. it would be
a pretty hollow victory. We should also mention that the
moment von make such an offer, yon are immediately
perceived as having registered the site in bod faith and,
in most cases, that atone is reason for you to lose the
site.

Dear 2600:

First 1 would just like to ask how- you guys can
complain about Gilian Enterprises. They obviously
know everything and have a product that w ill stop every
hacker on the planet dead m their tracks What is wrong
with you that you can’t see (bat their vague references to
things Uuil sound technical make them industry expert s •'
But I suppose if you arc realty tired of hearing from
them, 1 wifi share a little l nek I found on the net. (This
w as dcsi, ritvd in reference to credit card company mail-
ers i Once you get the spam and a valid contact address,
you simply send (hem a nice response. "Thank you for
choosing 2firi(i Marketing Consultants. We will provide
you wiih a free analysis of the advertisement you sent
us. We can offer these services for a competitive price
iblah blah hlahi. Any fulurv mailings will he considered
a legally hunting contract (hat you wish io employ us
further." (include critique here) If they send anything
again, you send ihem an invoice. May not always stop
them and you might not gel away with holding [hem to

Page 32

2600 Magazine

it. Btil il certainly will discourage them. Until then. I
urge you to buy (heir products. It is obvious their entire
team needs the money lo surgically reverse the recto
cranial insertions they suffer from.

Dragon Byte

Info Hungry

Dear 2600:

1 recently spent some time wilh a long-time
NYNEX employee who (old me sUirics about PBX in-
stallations for the president at hotels in New England
and d u n i tg l he Carte r adm i n i s t ral i on I >i w s a i lyone h a vc
any information about the presidential phone network?
In the best interest of national security, of course.

Screeching Wcud
A ui 1 info we receive stave in these pages. We
promise.

Random Fear

Dear 2600:

Someone told me that I hey can search what I have
on my computer. They said they could edit, delete, and
add anything to my computer and all they need is to be
online al the same lime lhal I am. Is this true? If so. how
do they do il? Is there a way I can slop this from hap-
pening? Please help me!

Bmd

Bad security can make anything jx>s able. We have
no idea tvfuif kind of setup you have but tfilx poorly de-
signed, you could have ail kinds of tnmbfes. This is
above and beyond any problems vou might have at var-
ious online services who also may hare security hales
Vf>u could drive a truck through. Understanding vour
vulnerabilities is the fastest way towanls understanding
how they can be compromised

Harassment

Dear 26041:

1 have an interesting slory thai everyone who en-
joys privacy should read. J MB a student ai Northeastern
University in Bunion, Today 1 was visaed' by two po
licemcn wlm wanted to uilk to me aboul the conteti! ol
web sites! that I was viewing. They dunned that certain
materials and or sites are (lagged and that Ihev know
every web site I have been to. When I asked whal spe-
cific sites were "flagged" they said I was being "eva-
sive." When I asked if they will keep harassing me if I
kept going, in these sites they said "maybe ' E still have
yet to know the URL of a single "flagged site." I am
wondering if this is true or not. 1 hate to ihink that my
college luil ion and money paid for Internet service is
used to pay some person to spy on us. What should 1 do?

Nate

The first thing to do is find out just who these
clowns are who visited vou What kind of "police " w ere
they ? Campus . city, stair, federal? Or were they even
cops at ail ? Once you hirer that established, demand fo
know ulna specifically they want and don s be afraid to
raise a stink about this, living a cot lege student, vou
also have the advantage of possiblv being around pea
pit who still believe in f mutant of sped h. the that ide-

alism to the fullest and don't he afraid to get others in-
volved, fie prepared for an\ site that you may haw vis-
ited to be made public - they may also try to make stu ff
up which is why keeping logs is a good idea This kind
of thing happens far too often and it\ onh by loudly
challenging these people that anv thing will t hang*

Dear 2600:

The other day as 1 was casually looking through a
national newspaper I came across ibe bead] me "Give
Up Poller Website, Film Giant Tells Girl. 15 and. like
anyone else. E continued u* read. To my horror, disbe-
lief. and any other negative emotions you can think of. a
15 year old girl who owns the site www harry pnuer-
guide.co.uk/ received a threatening letter from, yes, you
guessed il, Warner Brothers stating that it she didn't
hand over the domain to them she would be liable far le-
gal action against her. The site itself does mil claim to be
uuy tiling but an unofficial Ians’ site and even links to (he
official Wfirneri Brothers site What makes u worse is
lhai be I ore trcdifcig ihe site, she wrote to tbc author of
the book who replied. "Thank you very much for being
such a Many Potter fan.”

Sam T.'

Font can learn more about this at
www , ffottenvar. org. uL

Dear 2600:

Since T have free lime now, t figured I would write
about the severe injustice I suffered ui my local high
school last year As a reader of your magazine, l at
quired knowledge of the hack doors, hwiphtdes, and se-
curity issues nl Windows NT. Knowing these exploits. I
attempted la educate and help the technology director nf
the school by show ing him a couple of possible security
issues he might have. I figured that would be the right
dung to do, seeing how die re are many vandalism: chil-
dren who lake pride in "messing up the computers’' at
school. Well, apparently knowledge is illegal, I was im-
mediately suspended from the computers, banned usage
of them for over a year, and given warnings and deten-
tions by rii v dean. For whal? Just for trying lo ;iui some
one? I do inR Maine this on my schooling system as
much as I Jo die person who initiated my injustfee. Had
the technology di recto t asked me to kindly no! show
him what I bud known, th.il would be a fcffcnSrrt story
But he insisted l hat he should see the exploits. Over
unic. ] have protested to my dean and regained access to
die school's computers. But whenever I do use them, I
am under the strict watch of the admin, I do hope people
learn from this and realize that sometimes help isn’t ap
predated

RapScp

I b ar 2MH):

We have never been Mi thick fans and have always
distanced ourselves Irotn his controversy But what wc
have jusi seen disgusted us and made our blood boil. It
seems lhai M (truck could possibly gel into even more
trouble for something Ik didn't do. While trying to de-
termine Ihe source ol conflicting news stories about the
recent i 1/25/01 ) Microsoft DNS breakdown (was ji a
technical fuck-up. a genuine hack, or ass covering?), we
ran across an interesting, yet disiurbing, picture on the

Page 33

home page for Fox News.

The graphic is a collage of computer-related pic-
tures and symbols, plastered beside Fox's Microsoft
headline. I he most noticeable feature is the right half oi
Kevin’s mug (the chubbier, younger, pre-trial Kevin),
strategically placed to give the story a mysiei i mis. men
aeing appearance. U is shocking and outrageous that his
face is used to adorn a news story he has absolutely
nothing to do with. UN one thing if the story delved into
past hacking incidents and used Milnick :ls an example,
but nowhere in the story is Milnick mentioned m im
plied! Why must his picture be associated with this, es-
pecially since at the time of the incident there were
conflicting stories between rival news agencies attribut-
ing the Microsoft DNS cmur to either a technician en-
tirely goofing up with no mention of attack (Reuters), or
a massive DoS attack after the goof was fixed (AP), No-
body can get the facts straight!

This kind of bullshit could crumble the fragile free
dom Kevin currently possesses. If the “wrong" people
see i his web page from a supposedly “reliable news or-
gan i /.mi on ’ and start asking questions, they could de-
cide to place him hack into prison for no reason
whatsoever. How many others out there are going to as-
sume that he’s involved with ihe Microsoft fuck-up just
because his picture is there? It angers us that some semi-
creative artist with a G4 and Quark could unknowingly
ruin this man’s life all over again. May Fox News and
Rupert Murdoch burn in hell for a thousand eternities, I
am registering foxnewssucjts.eoffi right now and will
cache the webpages there.

He did his time, he received his punishment, he
needs to be left (he fuck alone,

Majick Mutex
Jenn

This is really par for the course as far as the media
and Af itmek ate concerned, Bui we're glad this instance
opened your eyes. It's also somewhat ironic that they
got then picture from the 2600 site without asking us.
Now imagine if we did that lo them.

Dear 2666:

I have two problems: My principal suspended me
from school for posting flyers about 2600 meetings in
the halls. Do you have an explanation I could give to
him and the tech gays so [ can gel my Im cruet privileges
back along with respect from the tech guys/

My second question is this. Every time anyone in
my family calls anyone we hear a dial tone in the back-
ground and then the lady that says “hang up and try
again" comes on. Do you know how to fix this?

KNP

you don't owe your school an explanation they
owe you one. Like how posting a flyer is a reason to sus-
pend someone s Internet access. We amid tell sou to try
and explain the concept of 2600 meetings, how they’ re
open to everyone, haw we don V commit crimes , how it s
ail about learning.., somehow wt: think it would fall on
deaf ears.

■Tv for your phone problems, it sounds like a
crossed w ar. tint st ■•cm to be picking up two lines but
only getting out on (me. The second line times out and
gives van the off-hook error, Hfc suggest trying this from
the point where the phone line comes into your house, if

you notice The problem there , then its the phone com-
pany s fault and they have to fix it. if you don 't , some
thing is wrong with the wiring inside your house.

Dear 2 fit HI:

My school, Baylor University, has recently decided
I o attack i he non -official student publication, The Bay-
lor Review, for using their name. They contend that we
will cause mass confusion and are threatening legal! lies
unless we relinquish ihe name and the domain
(www baykurevtcw.com). To me, all of this is just
si Lipid We are non-pro tit. ihey have allowed us to dis-
tribute on campus since November of 2000, and this
conies lifter we published something that may have

g&sp* offended or embarrassed some of (heir profes-

sors,

.Since you guys have been in very similar positions
(at least with domain names), I was hoping that maybe
you could give me some pointers or advice.

Corv

It's an intimidation tactic and they will only took
had it they pursue it. Since you arc a publication, von
have an immediate advantage in being able to reach
people. We suggest that you publicize this as much os
possible until the university backs down. Precedent is
also on your side - The Dartmouth Review has existed
for ages as a non-aff Hated publication for Dartmouth
College. As long as you're not pretending to he some-
thing void re not. such as u department of the school or
an officially \anetwned publication. You're in the clear.

Cluelessness

Ifvur 2600:

I just wanted to write lo say I'm miffed. No, fuck
thal, I'm pissed. I’m an inlemet consultant and I re-
cently took a contract at a Hew company. Now, like a lot
of consultants. 1 w ork off hours. Here 1 was sitting at the
oil ice ni the wee hours of the morning waiting fora frig-
gin' server to reboot and I thought, "Hey, I'll go see
what's new at 2600, com. "’ Lo and behold, what do 1 see
on my screen? A message telling me this is a non -busi-
ness site - "reason: criminal skills’? WTF7 Apparently,
whoever set up iheir "nanny ware" doesn't have a clue. I
make it a point to hit your URL at least 20 times a day,
just to make y point to those who read the logs. Maybe
someday we can reach all the misinformed and unin-
formed, bul (hat’s apparently not loday.

Have any of your other readers seen this?

Burin

Far too many.

Dear 2600:

Our Verizon account is useless because they block
access to our own SMTP server. When [ signed up for a
business account with Verizon to provide dial-up access
for our sales representatives, 1 was told that we could
use our present e-mail server over ihe Verizon dial-up
service. Now 1 find that this was not true. According to
the Verizon technical support supervisor, Verizon inten-
tionally prevents customers from accessing any SMTP
(outgoing mail) server oihur than those owned by Veri-
zon. The excuse for tins action is to prevent “spam" e-
mail messages, but the result is that competing services

Page 34

2600 Magazine

are prevented from operating over dial-up Internet con-
nections provided by Verizon.

Randy Ford

tkar 2600:

Having been a fan of this publication for quite some
time, 3 could think of no better way to show my support
ihan to purchase a ice shin: from 26fJ0.com j chose ihe
blue box design and have worn it with pride Recently
however. I’ve noticed thal when 1 wear it in computer
si ores i receive nothing but cold states and dirty looks,
almost as though ihey suspect I’m going to rob the
place! It’s like they’re profiling me because of the shin I
wear, which is a shame considering 2600 is so strongly
against criminal activity. In fact, one gentleman I metal
(he mail was surprised thal I had the courage to wear
such a shiri! I was about to discuss the magazine with
him but he seemed to think thal we would be arrested
just for mentioning it, I honestly believe this may be a
reason why certain people don’t want lo w r ear such
clothing. All I can say is that we need to let people see
we’re proud of what we are and what we stand for. No
matter how many dirty looks I receive, I will continue to
show my hacker pride and not let these sadly misin-
formed individuals gee me down,.

Screamer Chaotix

Connecticut, USA

The only answer to This hnd of Ignorance is To make
more shirts,

Dear 2600:

Recently my mother passed away, I went looking
through the family photo album for a picture thal I could
enlarge to display atop the coffin during the service, 1
Found a picture that I really liked and everyone felt re-
ally showed her well. 3 took the picture down to the lo-
cal Target to use Ihe nifty I i tile Kodak image processor.
As I was laying the picture onto the scanner bed, an em-
ployee came by and (old me that l Could not enlarge that
picture. The picture was taken at a studio, therefore I
couldn't make a copy. Since (he picture was dated 1986,
which would have made me four at the time. 1 went and
asked my lather where the picture had been taken. He
was sure it was a small local studio that has since closed
down. So now 1 had a picture that my mol her paid
money for. but couldn't have enlarged and displayed at
her funeral 1 5 years later because of copyright. So 1
went to Kioyrt where nobody cares and used their Ko-
dak image processor to do it. Copyright, or at leasi the
current way we have it set up, is bullshit.

Sellout

Observations *

Dear 2600 :

1 have noticed as a reader on and off over the Iasi
few years ihsu 2600 has become more of a political and
social platform, in certain aspects, than a technical fo-
rum. The' Fall 2000 issue was good, more techie articles
1 felt. Don't get me wrong. 3 know whal I he magazine
has been through of late, but it is hard to gel my new is-
sues every lew months and find it filled with articles
about what court cases you are going through and read
ing about kids in high school who arc getting busted by

cranky old English teachei s and such wht n 1 am exact-
ing information for these kids and myself about com-
puter and phone systems. I guess my question is: Where
do you see the magazine going? 2600 is the place I go to
get new ideas about tech issues that are more edgy as
w r ell as new ways of looking at them, 1 hnpc that israh
lost in these philosophical and boringly accusational ar-
guments. I really want to impress that I do wan! to sup
port 2600 in the court eases etc, but 1 want a lech
magazine as well.

We "11 make yo,u ti deal then , We will continue to try
and print edgy technical info that others an 1 afraid to
touch if you help us fight for a society that will see this
as a good thing , Wfe would like nothing better than to be
able to print articles without having to worry about
winch megacorp will come after us next. But as long as
that keeps happening and as long as freedom of speech
and association are punished Instead of embraced,
we're going to have to fight back, in these pages and in
other forums. If we lose, you likely won 't have anything
at all to read.

Dea r26Wt:

While reading an online article about your recent
court ruling to remove linking to DeCSS code, the arti-
cle stated that linking to the material was considered il-
legal. This is what caught my attention. Now not only
distributing this code is illegal; bul the mere act of in-
serting a link into a web page to this information i s ille-
gal It would be like you asking me where you could
buy a gun, l tell you Dick’s Sporting Goods and then
you kill someone. Am I responsible for any wrongdoing
(keeping in mind shat I didn’t provide you wfith the gun
but only the information on where to buy one)? It seems
to me that the ruling is extremely unfair and unconstitu-
tional.

31337 *

We prefer tit avoid gun analogies almost us much as
house analogies. What we need to remember is that
we 're talking about speech, something far more valu-
able - and powc rfui - than any weapon . Mirny reason-
able people are sickened by the proliferation of guns in
our society. But to see speech as a threat - that requires
a distinct hostility and fear towards the openness we "ve
always been taught to value. You don V need an analogy
when the actual event is so blatantly wrong.

Dear 2606:

[ was doing some research on different computer
laws and qitmc across am interesting section - the House
Co nun mice Report oji the Copyright Act of 1976, page
54, states that iHe term "Irterury work*.? includes com-
puter databases, and computer programs lo the extent
that they incorporate authorship in the programmer's
expression of original ideas, as distinguished from the
ideas themselves." Now if a computer program (DeCSS
more specifically) lulls into a similar if not identical cat-
egory as a literary work then it should stand to reason
thal it would be protected by free speech as well.

Kyle

Dear 2600.-

Have you ever had a traffic ticket? Well, 1 for one

Spring 2001

Page 35

have, and a lot of my friends have as: well. I have also
found a major II uw m ihk- Ohio computer systems that
control the “points” you receive when you get a ticket.
E hts may work in other states, although it has not been
tested. Now here s how it goes, ff you are over 18* then
(his pertains to you because minors have to appear in
court. So you get your ticket, let s say for $ 100,00 to
make it simple. Now you have chosen to pa.) by mail.
You write the cheek for SI 05.00 {ucxideniaCiy - wink
wink), then you mail it in right on time. In a lew days
you will receive a check for S5,(J0 Don't cash it 3 Ins
will show the computer that you paid, but it won't actu-
ally be finalized so no points will be pul on your license
I Imve had several Inc rids try tins ami rl worked joi
them.

-otacon-

It’s somehow Heartening to think of people till over
the counrry rushing out to yet moving violations so they
can text out this theory

lltttr 2600:

Something rather interesting E came across on the
Internet; if you go lo the Radiohead site t www. radio-
hcadx'om t - make sure you go completely into the site -
there is a link, to the 2600 Secret Sen ice page. It is un-
der "trapdoors”. Go to the one lh.it says something,
about dots. I think it's great that word ol you gels
around. Then again, no reason it shouldn't. Keep up the
good work and don't let those corporate giants try and
bully you ... The bigget they are the more they bitch..
eiTT harrier they fall.

kevZerO

Dear 2600:

I was poking through the registry m Windows and
cam across an interesting kev. Go to “HKEY LO-
CAL MACHINES dtwareVMicrt>sofi\Window sVCur-
rent Vers ion” then look tor "DVD_Region"=’’]” I don't
know if changing it will allow you to watch a different
region code DVD. ] don’t have a DVD installed on my
computer.

Three

Dear 2600:

i liked the half 2IMKJ cover. Nice touch with the
handcuffs!

Mad Pyrxitechnologjsl

The Philly police really deserve all the credit.

Dear 2600:

Everyone has responsibilities m life, like it or not
I-irst* lei me tell you about mine. I work lor one of the
largest consulting firms in the works When first hired. I
Mad very little job security due to the fact dial J was well
known as a hacker. Over the period of two years. that
has changed. Most of the people 1 work with are now
extremely interested in non -malicious unauthorized se-
currty audits. 2600 articles are now everyday con versa -
lion material. I feel 1 have done my part, relative to my
responsibility, to clarify to the people in my scope what
the word "hacker" really means. You, however have a
much larger scope and have voluntarily assumed the re-
sponsibility of being the voice of the hacker community.
Why then is it that all you can do is pis* and moan about

I lie bad conootafinn the word “hacker" Jins received?
We are hackers, not criminals. It is your responsibility
to make this known on the global level I therefore re
spectfully request that you stop pissing* moaning, and
trying to play martyr, and voice lo the world what a true
hacker is. We w ill be extinct sooner iho.ii anyone real-
izes 1 1 we don’l take our name hack from the irresponsi
hie, adolescent, | lower- tripper wannabes w ho just w ant
jn iwer and a free ride on OUT coattail s 'cause they liter
ally can't hack it

I Hie information m this e-mail is confidential and
may he legally privileged It is intended solely for the
addressee. Access lo this e-mail by anyone else is unau-
thorized.)

Trigga Bistro

Well, you've got tiv thoroughly confused. You want
u$ u> fight for the h < ml Hacker hat not complain when
tt\ misused? We d sure like some specifics tm how such
fj thing can he done. And keep in mind that w have ac-
cess to , m most, four dimensions.

Dear 2600:

Please spare ms your bleeding heart commentary on
the RNC protesters in Philadelphia this past summer (as
mentioned in the editorial in 17:3 and again in a letter
from Prehistoric Net Guy in 17:4), 1 work in Philadel
phia and witnessed it firsthand. I saw a chaotic group of
drunken douche- bugs with no political message or com
i non cause who showed up simply to vandalize oar , rty
Die “puppet fuctoty also hod a nice apply of bats*
pepper spray, and oilier goodies that Prehistoric Retard
forgot to mention.

Point in face t )ne of these morons (probably one of
the same type of geniuses who releases an e-mail vims
on the web for kicks) picked up u, newspaper machine
and launched it into oncoming traffic for no other reason
than to have a laugh with his buddy A sole Philadelphia
police officer instructed this idiot (in a calm manner no
less) to return the machine to its original spot. At this
outlandish request, the protester picks up a bottle and
whacks the cop -quart: in the face. When the cop
grabbed him. another protester came over and the two
proceeded to kick the crap out of the cop until they were
finally scared off by a group of citizens and approaching
police. The officer never drew his gun or nightstick* de-
'■pite having every right to do so rl would have shot the
assholes).

The Philly cops remained calm and violated no
one's rights, despite w hat the liberal news media tried to
portray, 1 have no s> mpaihy far any of these opporturns
tic "protesters ' and they did not win unv citizens of
Philadelphia over to their cause ( whatever that cause
was.., unrestricted vandalism perhaps? Public loitering
and drunkenness? I am still trying to figure it out.).

It you are going to make a statement* at least make
it accurate. All these charlatans who were airestcd goi
whdE they deserved. And no one w as abused by the pti-
lice„, period.

Your Mom

Well... thunks for setting us straight. Now if we
could he permitted to steer your ship a little closer to
Earth for a moment, we d like to ask a couple of things.
If something as you describe werr lo happen to a cap.

Page 36

2600 Magazine

you can bet a hundred other cops would have bttmedi
ate tv converged on the scene - ir ivcu a demonstration
after all and they weren V eiat ffv isolated, In addition,
with the vast number of cameras and me dm anmntl.
there would have been multiple camera angles of this
incident. The ''liberal news media weu most definitely
not sympathetic to the demonstrators so h7jy didn't wr
see this event wet and over? And let's fora moment as-
sume that it even happened. You a rm to have trouble
distinguishing drunken iditrts form intelligent protest
era. How do you kitmc these people had anything to do
with the demonstrators who ire re* arrested and held in
prison for ten days tm a milium dollars trail? (And inci-
ih'iiuilly, virtual!) all damp -, wound up being dropped
or dismissed when no evidence uw presented. ) W7jv
were none of the Manii Gras vandals and hooligans
treated as harshly ? Where ate your criticisms of a truly
drunken mob intent on destruction ' We realize that civil
disobedience cun mt \s up \ottr ,v< hrJttlc n?ren protest-
ers Mock traffic on vtiur way fo work. Huf it takes guts
and commitment to a muse. That should be respected
whether or not you agree with their position. You had a
chance to interact and learn something from people
with a different perspective. Instead mu chose to rr in-
force your stereotypes and spnad venom. It’s your loss,

Door 2600:

[ just wan let! lo tell you thiu the paper you use for
your mag is some of the best smelling paper out there,

mull?

We try.

Dear 2600:

1 was intrigued with this quote and thought it might
interest everyone. "'Che search for static security in the
law and elsewhere - is misguided The fact is security
can only be achieved through consi am change* adapting
old ideas dial have outlived their usefulness to current
l acts." -William O Douglas i I K98- 1 9KU> U S. Supreme
( oLjn Justice

Wow.

zerolemons

Dear 2600 :

In the wake of what will no doubt be the end of the
first of many chapters to come in the DeGSS case* I
think it's greai dial you guys are standing your ground.
Contrary to most of ihe suggestions you've been gel
ting* rather than finding a way around the parameters set
hy the MPA A. you’re going to keep fighting for what
you believe is right Thank yog.

noire

Colorado

Dear 2600:

Radio .Shack is now selling the memory tone dialer
lor S4.97 if you can find it, Yes. they are discontinued so
no more can be imlcred- If you don't gel one* they w ifi
basically be thrown out, so dumpster diving is also an
option.

Eric

Dear 2600:

Regarding “computer'’ 4 6 = 666 and “hackers' *
40 = 2600* even belter Take the ASCII code ( A=65* not

A as in the above examples) from ■WHY ! AM II
GATES III" and divide the sum by two.

Oh* we knew it,...

kju

Dear 2600:

Just wanted to let you know (hut someone on Nap
ster is sharing the H2K mp3 files lhat you have on your
web site.

almighty coup

Thai’s why we put them up on the site, so people
could trade them freely.

Dfit r 2600 :

I had just bought the 17:4 issue and never really had
time to read il. I took it to school and begun reading
through it. ) saw the article on MSCE and gave it to my
friend who was talking about how he wanted to become
a MSCE Me in turn went oul lhat night and bought the
issue, [ he next day he showed il to our graphics design
teacher. Alter hi told me ibis. J thought to myself*
“Great l There goes my high school career.'' Turns oul
the teacher wav pretty cool about us having it. He had
read die article on hacking NT He even thought it
would be a good idea to try it. So guess what !7T He
showed the amcle to my programming teacher, who
happened to he the head computer guy at our school.
Now I'm in deep shit, right? No. My teacher thinks dial
reading the magazine would be one of the best ways to
learn to program! Now he is get ling a subscription for
himself and maybe a subscription for the school* Add a
lew more pages and your magazine could be a text book
for a classroom,

HiohazrdSl

Dear 2600:

Greeting v. 11 you don't know* Jello EMafra’s H2K
speech is included in his newest spoken word album.
“Become ihe Media" is a 3 CD sei that you can pick up
at ww w.altemiii i vcnentacles.com There's also a. bunch
of kick ass pieces against globalization too. No, this is
not an ad. but ! think thai a lot of hackers might be in-
terested in checking it out and also becoming more in-
volved/knowledgeablc about l he anti-globalization
move me ni Best wishes and good luck w j ith the appeal!
Solidarity.

Xian

It might be a good idea to rush down to Watmart
and demand that they stixtk this Don t hold your breath,

Dear 2600:

Greet/ from Germany wlwre 1 just had my final ex-
ams in high school English, biology, computer science*
and crypto were the mam topics of the live hour long
exam, We had to decrypt some texts and find keys. I
thought putting on the 2600 shirt with ihe crypto theme
would be totally /eitgcistish so l pul it on during the
exam. Ml readier had to check if the mfo contained on

the shirt would lie Ip me m any way, He found that it
wouldn't and asked me where he could buy one of the
shirts,

Zeitgeist

Dear 2600.

Let me start oft by saying that I understand lhat ihe

Spring 2001

Page 37

extent of your involvement in so much legal contro-
versy must require an immense amount of money. Of
course the HKF cannot cover everything, hut I am sure
that by lowering the price of 2600 you would get a lot
more readers. $7,15 CAN is fax too expensive, and
everyone with at least a little common sense knows very
well that your production and distribution costs arc not
that high.

hemlock

First off, we're not jacking up oui news stand rates
in mine funds for (he lawsuit. Our price has hven the
same far Two years and out subscriptum rate ri the
same as it hv/a all the way hark in 198*2! A.v for the
Canadian dollar, it converts to levs than 65 cents of a
US dollar That means you 're aetually paying less than
people in the Stares, For a tong rime we wett selling
2600 at the wrong exchange rate and we actually
wound up owing our distributor money for sales. You re
welcome to use this common sense of yours and try to
do what we do for less money without any advertising.
We think you 'll find that talk is about the only thing
that s still cheap.

Dear 2600:

Hey guys, just a head's up - it looks like somebody
has caught on that corporate evil exists in not only the
technologies industry, but the airline industry as well. I
found that www.fticfcnwa.coni graciously points to
Northwest Airline's web site, www.nwa.com.

YYeez

Dear 2600:

l was wondering if you guys have looked into a pro-
gram called ASF Recorder. It's described as enabling
someone to download stream iirg content in Windows
Media Formal to their hard drive. The resulting files
will he in AST' format and can be played with "Windows
Media Player and derived tools. You may call ibis the
"DeCSS" for Windows Media.

pulrick

Dear 2600:

Whether or not J view sending MP3s over the Inter-
net as just harmless si wing. I don't believe laws such as
DMCA and the ruling on Napster arc good decisions.
One of the most fundamental things a law should pos-
sess is [he ability to be enforced. Without it, the law is
just a collection of words on paper. This is the situation
with DMCA and the ruling on Napster You cannot and
should not even attempt to restrict the Internet or com-
puters in any way, except maybe fhc Computer Fraud
and Abuse Act (realistically speaking, we probably do
need that law). Unless the government hires thousands
upon thousands of computer experts to constantly scan
the entire Internet for '‘illegal 1 ' tiles, considering how
dynamic the Internet is, they would have no way in hell
of ever enforcing that law* rendering it useless. It is a
had law.

rootxll

Dear 2600:

I was looking around in my new copy of issue 17:4
and noticed on page 44 the statistics of the magazine’s
subscriptions. Is it true that there arc only 5*680 sub-
scribers nationwide and only 75*000 issues sold per

quarter total? I his is disturbing. With such a long his-
tory of publication, t would, have thought that more peo-
ple would support your (our) causes by subscribing or,
at least, buying (he magazine. Perhaps I should get more
“Free Kevin" and "Stop the MPAA” bumper stickers to
place on my car. I should mention* also, that I like the
new format of the web site.

Sir Poet

7SAH30 may seem smalt to you but to us it's huge .

< amide ring that our first issue wtrj sen! to a couple of
dozen people, it's almost frightening how far we've
come. Of course we can always try to reach more peo-
ple but we find it incredible that we've mode it this far.

Dear 2600:

I don’t know about the test of the world but Verizon
has an ad campaign going in Pennsylvania, stating
"Keep Verizon together for the good of Pennsylvania? 5

shader

That sounds like a veiled threat to u.\.

Dear 2600:

I was sitting down watching Romeo Must Die after
a long day working and needing to unwind by watching
some seriouN ass getting kicked. Anyways, about
halfway through the movie, the main character picks the
lock to the apartment of his murdered brother. Why is
this important? The number on the door was none other
than 2600 [ l don’t know' if the studio is one of those
who sued you or not so I don’t know if there’s a hidden
meaning.

ganOn

Sometimes a number is just a number* Bui why 's to
say? W

2ms Amti'IMB V» v V

Dear 2600:

I recently found this massive computer thing a local
company hud next to their dumpster. I figured [hey did-
n’t want it anymore and that it would be interesting to
pull apart. When 1 got it home. I decided to plug it in to
see 1 1 it worked and it seemed to be OK, making a few
beeps and held light flashes. I think it's some sort of
telecommunications or networking device but it’s very
old looking and has no means of connecting a monitor
or keyboard or anything. It’s called a Telemetries Sys-
tem I XXX and there is another sticker that says Tele-
metries S60O, I have tried their web site but can’t find
any info on ibis beast, as they only seem to give out
technical info to corporations by an application. They
also don't call themselves Telemetries.

So to cut a long story short I was hoping you would
be able to point me in the right direction to find some
documentation about it or shed some light on what it ae-
tually is.

Kal

Weft ask around, it would have been helpful if you
toid us what name they actually use instead of Telemet-
ries.

Dear 2600:

E found these exact instructions while at my local
TV shop last weekend.

Page 38

2600 Magazine

“Instructions To Convert Orion DVD Player To Re-
gion Free Status

“I Connect DV D to your TV.

“2, Simultaneously press and hold down QPHN.
STOP, and FAST FORWARD buttons on the DVD
player.

“3. After a few seconds a menu will appear on your
TV screen.

“4. Using the arrows on your remote control, select
Region Number and change from 2 to FRI i Press Se-
lect on remote control.

“5. Change Colour System Setting from Manual to
Automatic and press Select

“6. Go to EXIT and press select^

The DVD Player will now play all region discs;”

These instructions ripply only loi Orion Model

D3Q0L Thought phi livid them interesting. I

haven't tried them out but the shop claims they work.

Robb

Ireland

Dear 2600:

I w r as playing around on my phone dialing numbers
with Verizon prefixes, I sort of hold a grudge against
Verizon Wireless because of bow they fucked me over
mto a contract. They were d.uming “free nights and
weekends’ and even had tin signs but when I spent
about 1000 minutes on my weekend phone, they clari-
fied that free only meant HIM l minutes. Fucked over and
dealing with it while bound in a contract, 1 found out a
number they use for directory assistance. This is it: Dial
"812,454,00 1 2” and you are connected to Verizon's na-
tionwide directory assistance they also wilt connect
the call fjoryou automatically. Your AN I will come up as
“8 121454.00 12*1 Cute, huh? ^

Memories

I loved those times and I thank everyone for being a
part of it. Because of this wonderful hobby, I have suc-
ceeded in my goals.

Stevie B a.k.u Blue Lightning

Things are never the same. But in other ways rltey
are. The years you describe are undoubtedly beyond the
point where others would say things changed for the
worse. And what’s happening right Jjow will one day be
described as the good old days, it 's up to ail of us to see
that the magical spirit that has been a part of the hacker
world from the beginning is preserved and respected.
There will always he people who gel it and as long os

Fighting Back

Dear 2600:

After reading the Verizon article in your summer
issue and the subsequent letters in the fall issue (not to
mention, the ridiculous letter from CBS), I decided 1
could pul a domain name l was holding onto to good
use. I would like to extend an open invitation to your
readers to post a page of protest against whomever they
like on sue ksdonkeybalb,com. Of course, the effect
wouldn’t be complete without subdomains so all pages
will get their own. Who wants to be the first to post ver
i zon . s u cksdo n ke yba 1 1 s.com 7

Scott

Dear 2600:

I wanted to contact you to inform you that your ef-
forts are not going unnoticed. 1 am a graduate student in
San Antonio earning a Masters in Fine Art, As of today,
my new r work will be up in Gallery E* a campus gallery
run by the grad students themselves, 1 have signed up
tor this space and wrill have it for the next two weeks.

The reason for me contacting you is because my
new work consists of the issues at hand bent: with the

Dear 2600:

Can you remember the times when you were stand-
ing at the payphone, hacking VMB’s just to have a box
hi pass around (with the same h/p info as all che other
VMETs out there)? How about travel mg at speeds of
2400 up to 14.4 to a BBS with one node to download
something that was 800k and still took a half hour l That
did not include the time to gel through to the BBS. due
to busy signals! Amazing - now we complain that our
cable connection is slow.

This was true hacking. When the world was truly
"underground,” trading good info to each other. Calling
cards never died, no such thing as ’’trunk tracing.” Oh
yeah, "Operator, can you place this 1-800 number for
me, I have opera Eor privileges." Good times and we
loved it. How aboul the bridges? They never died and
we nil got along, trading our info Idr the good of each
other, no one else, just our own little clan,

I cannot remember how many Ti/p/a/c" groups that
l was a member of* only that I loved being in each and
every one of them. And you know what separates "its"
from Che rest? The fact that “we" did this tor kicks* m>t
lor money. We wanted the power and
wc got it. No one was a rat. We were |
all a family.

MPA A and E>eCSS. I followed the trial over the course
of the summer and upon learning the verdict felt that l
must do something. The piece itself is called “DeCSS."
F:xhibil A consists of 12 binders containing the entire
court case as displayed on your web site. Exhibit B con-
sists of the actual source code for DeCSS* obtained long
before (his whole disaster struck, Fix hi bit C. consists of
four t-shirts with the words css. descramble. c written in
the center and hung on the gallery walls.

rent- gonzalrz

Dear 2600:

Last night the officers of MGN (Metropolitan Gen-
der Network), a group for transgender* transexual* drag
kings and queens, resolved to send 2600 a message of
support for your fight with the MPA A about the DVD
decryption code. Our struggle is inextricably tied to the
battle for freedom of speech. We wish you luck in your
court fight,

Marina Brown (MGN)

Bir haven 't gotten support from every walk of life
imaginable buf we 're getting pretty close ,

iitHsrFtWfmtcTnmVTfi

Spring 2001

Page 39

Secrets of Electronic

by Trailblazer
t rai blazer <® usa.com
While the supermarket experience
is probably taken for granted by most
of us, some will nevertheless notice
that these places are technologically
evolving. Computer-based cash regis-
ters, laser quality receipts, and com-
mercials running on Aatscreen
monitors are all commonplace in to-
day’s supermarkets.

Remember those clunky guns that
spit sticky price tags, allowing even the
slowest stockboy to price a case of
canned soup in seconds? Well, they've
disappeared, too. In most of today’s su-
permarkets, you'll see a laser-printed
label placed on the edge of the shelf.
Some supermarkets have gone a step
further and introduced electronic shelf
labels (ESLs). Through some social
engineering during some late night
shopping. I’ve learned a little about
these things and would like to share
this information. Hopefully you’ll find
this technology as fascinating as I do.

These ESLs are simply small plastic
panels with an LCD display, promi-
nently fixed to display a product’s
price on the edge of the store shelf
There are several companies that man-
ufacture these products, hut in my
area's supermarkets there are two chief
vendors; Telepanel Systems and Elec-
tronic Retailing Systems International.
Their price tags come in various

shapes and sizes, sometimes with one
LCD display and sometimes two. In
my local supermarket for instance,
smaller items like spices and condi-
ments have small displays; larger prod-
ucts like paper towels have larger tags.
Some even have hidden buttons that
display additional information (prod-
uct UPC codes in my limited experi-
mentation) when pressed. They’re
pretty rugged and if you’ve ever
worked in a supermarket you’ll know
why. These things need to withstand
runaway shopping carts and bored
children's busy hands. I would guess
they're also water-resistant for obvious
reasons (or should I say raspberry jam-
resistant) !

I've tried removing one of these
tags from the shelf and it was tough.
The shelf edges were slotted to house
the tag snugly. Once I did remove it, I
noticed the tag was powered by a
wafer- type watch battery in the hack. I
removed the battery, awaiting the obvi-
ous effect of the LCD display going
blank. I replaced the battery however,
and the original price returned. How?

The electronic price tag system is
quite sophisticated. Imagine the super-
market as a giant LAN, with each price
tag being a node in that network. Each
tag communicates with a server some-
where in the back office. This server
receives a feed from a database run-
ning on the supermarket chain's main

Page 40

2600 Magazine

server, presumably located at its head-
quarters. So price changes can be auto-
mated right down to the shelf. For
example, a supermarket bigwig at the
headquarters decides the price of Jell-
O needs to go up. He makes that
change in the database, and that change
is pushed to each store's hack office
server which then sends that update to
the label. Voila. the price has changed
on the shelf, no price gun required.
That back o i l ice server is obviously
part of the POS (point of sale) system,
so you know you'll be paying that new
price as the clerk is ringing you up for
your Jell-O.

The means of communication be-
tween the price tag and the back office
server is even more remarkable. In my
supermarket (an Electronic Retailing
Systems customer) this communica-
tion is wireless - the labels communi-
cate with their server via RF! Cellular
transmitters are mounted on the ceiling
and transmit via a 2.4 GHz spread-
spectrum frequency. Price changes are
distributed in this way. When the label
receives the message, the display is up-
dated, showing the new price.

Though I’m not sure how, RF com-
munication occurring between each la-
bel and the server is two-way, and it
resembles a TCP connection. Each la-
bel has a unique hex address (it’s
printed on the side), and it's constantly
"listening” for messages containing its
address from the server. So when the
server has a price update for a product,
it transmits the price information as
well as the address of the label for
which that update is intended. The la-
bel receives this data, then sends an ac-
knowledgment message upon receipt.
If the server does not receive this mes-
sage, iL sends the price update again
until the label replies. I’m assuming

the RF occurring is very low power - I
counted three or four ceiling transmit-
ters per 50 foot aisle, i would also
reckon the FCC would complain if we
were looking at anything more than a
fraction of a watt.

Experimentation with the electronic
shelf tag systems is w ide open. If you
own a scanner (see Sam Morse’s article
in 17:4), bring it along the next time
you go shopping and see what you can
pick up. Perhaps this communication
can be disseminated for a better under-
standing of the whole process. If you
happen to wind up w ith one of these la-
bels in your possession, take it apart
and see what’s inside. Or better yet, try
feeding your own signal to the label.
Those LCD readouts are alphanumeric,
so you’re not limited to displaying
prices. There is still the question of
how the label displayed the data even
after the battery was removed and re-
placed. Are those transmitters con-
stantly transmitting price information,
or does the tag have a storage capabil-
ity? If there is storage, what other in-
formation can be found on an ESL? If
you happen to work for the supermar-
ket and have access to that back office
server, well, you've got an entire net-
work of shelf labels to explore. Just re-
member that changing the price of
your favorite frozen pizza to a nickel is
not something I recommend.

Supermarkets make only a percent
or two profit for each transaction. That
such businesses would invest in such
elaborate pricing systems poses many
questions. For example, how f often are
prices changed, to what degree, and
when? Who is benefiting from elec-
tronic shell labels - customers or the
supermarket corporations? If you're a
conspiracy theorist like me, then the
answers are obvious.

Spring 2001

Page 41

ano/W^Ly

□GTGCTDn
5y5T0/W5,Pc=lRT II

by Thiiull

In my Iasi article, ‘ Anomaly Detec-
tion Systems" in 1 7:3, we explored the
general concepts behind intrusion de-
tection, a means of classifying intru-
sion detection systems, and a brief
outline of a simple passive/host-based
intrusion detection system on a Linux
platform.

This article will outline a couple of
ditlerent ways to accomplish anomaly
detection on large heterogeneous net-
works cheaply and efficiently, from
the passive/network -based angle.

We II also discuss signature- based IDS
systems* usage in conjunction with
anomaly detection to create a well-
rounded overall intrusion detection so-
lution.

1 can’l stress enough the necessity
of understanding the traffic flow on *
your network. If it is your mission to
protect that network, how can you pro-
tect it if you don't understand what is
there? How r many web servers do you
have? What are their IP addresses? Do
they use SSL (443/tcp)? HTTP
(80/tep)? Find out,., only in knowing
what belongs on your network can you
spot what doesn't belong. If you canT
spot what doesn’t belong, then what
doesn’t belong is just going to keep on
not belonging, without you knowing
about it.

1 discussed in my last article the
fundamental vulnerability that exists
in all attack signature-based intrusion
detection systems: they cannot “see”
zero day exploits. Generally, there is a
period of about one week to nine
months between the time that a new

exploit is created for a recently dis^r
covered vulnerability and the time that
the attack signature for that vulnerabil-
ity finds its way into your attack signa-
ture-based IDS. So, until you have the
signature,: what will your TDS system
tell you? Absolutely nothing. Won’L
even see it.

A solution tShfe-ftifidamental
problem ? Learn your network, know r
what belongs, highlight what doesn’t.
Say your NNTP server has only tw'o
ports open: NNTP { 1 19/tcp) and SSH
(22/tcp). An attacker doesn’t know
that those are the only two ports open
on tt until the attacker probes the ma-
chine, If the attacker is smart, heTl hit
the machine with one packet a day
from a dilterent IP address every day
Will your attack signature-based IDS
show a single SYN packet to port
23/tcp? i don’t think so. Anyway, back
to that solution... collect all traffic that
crosses your network at a ehokepoint,
then bounce that traffic off of a filter
set that siphons off all traffic that be-
longs. What you have left is every-
thing else. You’ll find in investigating
this “everything else” that about 90
percent of it turns out to be system
miscon figurations or what-not on ei-
ther your end or the other end of the
comms stream. However, the remain-
ing 10 percent are malicious. In the
above example with the NNTP server,
write filters that ignore port 119 and
port 22, and have the system show you
everything else. You might even want
to only filter out incoming traffic to
those ports that are from IP addresses
that you know r should be using those

Page 42

2600 Magazine

ports. Everything else is suspect.

If you’re paying attention, you’re
probably screaming right now: “What
about an exploit against SSI! or
against NNTP?" Well, two answers to
that question. Yes, incoming traffic
that is malicious can match a filter that
you put in as “normal" traffic, but 99
times out of 100, more than one port is
going to be checked on the system be-
fore an actual exploit is launched .

That, and someone probing for port
1 19/tcp on your systems will most
likely look for it on other systems as
well, which should show up in your
system because you're not filtering
1 19/tcp from other machines,,, only
from your NNTP server. 1 he second
answer: this is w here attack signature-
based systems come in If the exploit
used is old enough, your IDS system
will probably have a signature for it,
and will flag the attack. This covers
the hole created when an attacker's
traffic matches valid traffic that you
would expect to see, to a certain point.
This does not provide a solution for
when an attacker uses a zero day ex-
ploit that matches expected traffic.

Still though, you will probably see
traces of the activity on other ma-
chines.

Do you use firewalls? I bet you
probably do, unless you're running a
small network at home where you can
easily keep up with all the latest vul-
nerabilities, An effective anomaly de-
tection system can be “built” with the
firewall(s) that you’re currently using.
Leverage your firewalls to be your
eyeballs into what’s coming in and go-
ing out of your network, not just as a
simple barrier. Every firewall platform
that I am aware of has the capability
of not only logging traffic, but of fil-
tering information that is displayed in
the log files. Generally, this is used for
troubleshooting network issues... did
the traffic ever reach the firewall? Run
a filter on the logfiles to look for that
IP address, if it’s not there, it didn’t

make it to the firewall, etc. But, those
filters can be used the other way too...
instead of writing a filter to show a
specific something, write a set of fil-
ters that hide a set of specific some-
things,., those specific somethings
being all traffic that belongs on your
network. Filler out all traffic to port
80/tcp on your webservers (and
443/tcp if you’re using SSL), port
20/tcp and 2 1 /tep on your ftp servers,
53/tep and 53/udp on your DNS
servers, etc. Remember, you’ll want to
be able to see port 53/tcp and 53/udp
connects to everything except for your
DNS servers, so write your filters
specifically for individual machines.
Normally, firewall systems will allow
you to save filter sets... use them.
Check them every day. Log the anom-
alies in a database, to look for trends
later. I once identified a very patient
fellow this way, plugging away at the
network with two or three packets a
day against a different port from a dif-
ferent IP address every day. All put to-
gether, they added up to a portscan...
amazing. By the way, on that one. Re-
al Secure never saw a thing... of
course, you can't blame it; that’s not
what the IDS systems that are out
there today are designed to find.

There are two other ways to accom-
plish this i n pass i v e/ne t work- has cd
mode. You could put Linux machines
out in front or behind your firewalls
(at prominent chokepoints), or off of
monitored switch ports running
ipchains in accept all but log mode,
run togcheck against your logfiles
every hour and have it report anom-
alies to your email. You could even

Spring 2001

Page 43

write your ipchains rules to do the til-
lering for you... i.e., accept and don't
log 80/tcp to the webservers, hui ac-
cept and log all else. That would keep
log files down some. Or. you could
take the Shadow IDS system from the
CIDR project and revamp it a little.
Hie Shadow system is already de-
signed to suck in all the traffic on the
network via tcpdump and store it in
massive logfiles for alter the tact
analysis* Filters are then written using
normal tcpdump syntax to grep out of
those logfiles traffic which matches
certain criteria,,, i.e., you can write a
filter to run through and check specifi-
cally ft >r i n d i v i d u al att acks . Ho we v e r,
with a little modification, you can re-
arrange the system to instead of going
in and pulling out the stuff that you
want to see (which requires that you
know what you're looking for before
you look for it), you can have it go out
and filter out all of the stuff that you
know belongs on the network and re-
port to stdout whatever is left. Hello,
anomaly defection.

Let's talk briefly about limitations.
Anomaly detection is not the end all
answer here. 1 strongly advise a com-
bination system. The methods that I’ve
outlined do not include things like
fragmentation reassembly, MTU size,
low TTLs, etc. However, 1 guarantee
that with a combination system, you
will see far more than you would with
an attack signature- based system
alone.

As far as attack signature -based
IDS sy stems go, if you are looking for
a system to use in conjunction with
this sort of anomaly detection, my
suggestion would be the Dragon IDS
from Network Security Wizards, I’m
personally very impressed not only
with this system’s ability to find and
identify known attack signatures, but
its usage of more all encompassing
“built-in" broadbased filters that are
based upon parameters that catch cer-
tain “classes" of attacks which share

similarities with known attacks, Es-
sentially, this means that in some
cases, new zero day exploits that are
modifications of know n exploits, or
work within similar parameters, w ill
be at least highlighted for further
analysis. And that's just the built-in
functions.., you can write your own
rulesets for it that turn Dragon into an
anomaly detection system per the style
above, simply by having your rulesets
ignore everything that you expect to
see on the network . Take a look at it,
they're doing some neat things.

My point here I guess is simply
this: You can't go into intrusion detec-
tion expecting that you know w hat to
look for. If your system(s) get compro-
mised via a vulnerability in a service
and not by some misconfigu ration er-
ror that you've made, one of two
things has happened. Either you are
stupid and didn't patch an announced
vulnerability, or someone used a zero
day exploit against you. (An academic
note here: from statements earlier in
this article, you should be able to sur-
mise now that I believe that attack sig-
nature-based systems are only useful
to stupid people (caveat: That's mostly
a joke, there are valid uses for attack
signature- based systems for smart
people).) If you are smart and have
patched everything that needs patch-
ing, you're still not secure, but you
can at least see the attack coming from
the other smart guy sitting out there
somew here. And if you're really
smart, then your systems are probably
tight enough that it's going to take that
other smart person longer than he
wanted to in order to compromise
y ou r ne 1 w or k . This gives y ou t he op-
portunity to do something about it be-
fore anything ugly happens. Let's face
it, it's like a big game of chess...
sometimes the other guy is smarter
than you are, and you get to learn
something.

Page 44

2600 Magazine

0 t r a n a

Or, How I Learned
to Stop "Worrying
and Love the
Anna Kournikova f

by 6M AL

It s odd the people you keep in your ad-
dress book. Asa reader of 2600 for the past
eight years, you learn a lot about what peo-
ple will and won't find offensive. You learn
that people will complain about things that
affect them, and won't complain if it hasn’t
affected them yet

When I received the Anna Virus, I knew
it for what it was: ,i program created by
some hacker that had been sent to me un-
wittingly by another individual, I guessed it
might be a worm that would be sent out to
another user after an inadvertent reading or
clicking of the e-mail message containing
it.

f clicked.

Within minutes 1 was receiving phone
calls and e-mails, some laughing and jok-
ing, others solemn and angt y, Emm all the
people in my address book. Some were
asking what 1 had sent, one man even
wanted help opening the attachment. ‘Tm
sure she’s hot," he replied. “But my mail
program won't open the picture. ’

I had sent e-mail to people who owed
me money, to people 1 am in litigation with,
to women I haven't called after an affair
went sour, to men l had admired, to persons
J had feared.

Worst of all, J hadn't just sent an e-mail.
I had sent them the virus.

It took a few hours to sink in - the po-
tential impact of what had happened - and

you can imagine that I could have been an-
gry. I could have been dismayed. But 1 had
made the choice to try the virus anyway. I
had been in good company. CNN carried
news of the virus well into the next few
days. 1 was elated and disgusted at the same
time, t had burned bridges and made others
laugh at my actions. 1 felt happy l had made
no mistake. I had run The virus on purpose.

Now the most important question many
would ask is why create such an ugly virus?
“Why do hackers have to waste so much
time and money on destructive forces?"
they demand to know. My response is sim-
ple. If the virus 1 received had short-cir-
cuited my copy of Windows, if it had sent
instructions to my hard drive to reach for a
sector that didn't exist, gouging a new hole
in my storage space, the Anna Virus would
have been wrong and sickly twisted, some-
thing I could hate.

But it didn't. It taught me, and many of
you, a lesson. It taught us to guard against
such threats and to be ever wary of what we
see and open. It took nothing from me,
nothing but a little pride, which l could
make do without. And the Anna Virus intro-
duced me to people I haven't spoken to in a
long, long, time.

Their e-mails may begin with “I think
you have a virus...," But they all end with
“So how are you doing these days? How is
life?" at the end.

Spring 2001

Page 45

OCCIAWIHC
YOUR :CU€

by Lini jus

Cuecats are barcode scanners given away
with issues of F&rbts Magazine and at Radio
Shack, The Cuecat is used to scan a bar
code of anything you find interesting and
the CRQ software, included with the cat,
uses the default browser to bring The user
directly to a corresponding web site with
information from a database. What they
don ’! leti you is that every time you do
this, a serial number is sent to them telling
them who you are (remember giving your
name to the Radio Shack guy?). And while
it is possible to change this, they try
pulling technicalities, saying that the cat
isn’t even yours - that it’s only on lease.

They say this so that you cannot legally
open it and reverse engineer it! Too had
nobody gives a fuck. Intellectual property
laws protect reverse engineering for com-
petition last J heard, although corporations
have been disagreeing lately.

Operation and Reverse Engineering

I he Cuecat is a keyboard wedge scanner
like several other bar code scanners, meaning it
plugs into the keyboard slot on your computer,
and the keyboard plugs into it. When you scan a
bar code, a line of information is sent like the
following:

C3nZC3nZC3nZCxj2DhzIC3nX.fHmc. Dx-

P¥E3b6C3nZC3jY.

This is four pieces of information separated
by dots,

1 . ALT-FLQ is sent as a wakeup signal.

2. Hie serial number of the wand is senl.

3. 'I he type of bar code (UPCA, ISBN, etc).

4 The actual barcode information.

Now, as you probably can notice, the in for
mation is encrypted. Jean-Phillipe Sugarbroad is
credited with figuring out that the Cuecat uses a
modified version of base 64 encoding, a very
simple form of encryption. Take each block of
four characters and convert them into six bit val-
ues by indexing into ll [a-z|| A-Z][0-9]+- String
the four six hit fields together to get a 24 hit
value containing three bytes. Exclusive OR each
with 67 and you have three decoded bytes.
Strings that aren’t a multiple of three characters
are zero Tilled and they should be stripped our if
it isn’t being processed by C code which takes a

/ 'At >

NULL as the end of string. According lo the dri-
ver from Linen, some cals don’t encode the
same. For these you index into **[a-z|[A-ZJ[0-
9| f\

You can do this yourself, or as any
sane human would, with a script. You can
find a small perl script which I like best,
nicknamed the "latooable version ” for its
short, short length ai http://opensource.li-
neo.com/cuecat/.

Decoded, the aforesaid line is this:
0000000002 J 5756002 UFA
69 1 8390000 U

“UFA’’ stands for UPC A and the
"69 1 83900001 1 " is the bar code number
The pan you must worry about is the first
number: the serial number Getting rid of
the serial number is relatively easy. All I
had to do was cut the Data Out circuit on
the Hyundai chip and I he Cuecat now
sends garbage for the serial number, (The
chip will either be an eight pin device or a
smaller five pin device. Be sure to cut
completely through the trace.) More m-
formation on ihis can be found at
http:// w w w. ma2600 .org/-
i n de x . ph p ?page=dee law.

Congratulations, you now have a Cuecat that
doesn't send a serial number and you know how
to decode the barcode number. To take advan-
tage of this you can find software at lineo.com
or at ma2600.org to take inventory of your
book/C D collection, or even to create your own
bar codes. Have fun.

Shout outs to Qhmboy, Christ, Rasputin,

A lorn _S tar, MA2600. and countless others who
have guided me.

Page 46

2600 Magazine

UTP

Digital Directories

INTERNET BUSINESS GUIDE

2600 Magazine

P.D, Box 752

Middle Island NV LL953

USA

ENTHYOFFER - COMPANY ENTRY

ZZ.Dec.QC

DATE

IBG/72im8

RET, NO.

-> DEC 2001

ENTRY PERIOD

USt 960*00

AMOUNT

Tho- specified darn wM bn puDlliMpH in ifig Nirnmifl GuHde when payment has been tom tired. IT th* publmfrinff hnusw te not

notified of any jpmtntfnuflj wistn 'j or *jjjj glome pita, Hw publication w Id appear In the loHOwftl'fl difftCtOfy:

Internet Pus i nets Guide / Country - USA

SlCode : 2??lPAriodicals- Publishing r or Publishing and Pri

Item

Subject of lhe carat itstlrnalA

Currency / amount

001

Online Publishing for sped fi cation
above ami contact numbers listed below.

US*

960 r 00

Con* Fax : 316 - 474-2677

Phone - 5 H~? 3 t ~2400

total

960,00

I Tig data pflnitd out .n, ■.■>» wj!I tm puMIflWd aa speciliad. H any amand-

merits. are nee -try, Th«* r n may hi- uummuntcaled online in iho Inlorooi.

II yr.-u CntimiLini. Oil. ,Miy .nliiiildmOrrt& by mail U-rfiLH, jHtert*Qm '0 Lis ytMJF’

rtfmKtt nufllbv imk) specify ' Amandmonl' 43 Hit fMWn Hu your letter.
You tan llnd Ihm u«|nf h«..nTmq , qt The UTP wt-b site. These may alsu
ba naqu-esledi In willing in It™ Iwm el t-m.erplc

In order to guarantee jlfacovMMij Mi dun Nmp, pJoofvS
pay the Incficntetf amount within IP of receiving
the offer. In the case of reoiatlnnue In out npnclfiod

for payment. In the cose of payment by cheque, please
also specify your reference number.

Terms of business overleaf

Bunking connections:
For.Uinanc*

CH TMJQO St Gallon
Account: flrT-321 1 2-S>

Raiffeiaonbartk
CH-S5S3 Sulgen
Account; IJ14f 1-23305.85
Swift Code; RAIF CK 22

UTP AQ
P.O. Box
CH-B5B3 Sulgon
Switzer! and
Fm: +41 (71) 0 400 500
E-MeiJ; intotfutp-onime. c cun
internal; www.utp-aoline.CDm

LOOKING FOR SCUM? No need to look further. These people go around sending these
"entry offers” to companies lot some ridiculous online “business guide,” Doesn’t it look an aw-
ful lot like an invoice? We suspect hundreds, if not thousands, of unsuspecting businesses just
pay these things because they look like hills, UTP, along with another Swiss company called
IT&T (www.ittag.com) have been sending these little swindle applications to the listed address
for every Internet domain we registered through Network Solutions Inc. Incidentally, neither one
of their web pages even worked when we tried to access these alleged business guides! But they
have that covered too - both companies have almost identical statements on the reverse claiming
that they arc not liable for delays as long as they're not the ones responsible for Lhe delay. Slick.
Refunds are simply not given under any circumstances and once you register with these crooks,
they will automatically bill you year after year until you send them a registered letter telling
them to stop, As a public service, we re going to add these two companies to our own “business
guide” - and we’ll do it for free!

Spring 2001

Page 47

Wttrs continuED from tw 39 :

Voting Ideas

is removed from its cradle the session is started and

Dear

I was appalled at the method) used for mtilig. Thi
was my first year voting for the next President and like a
good happy citizen E shuffled my way to the elementary
school in my area and pin in my vote. . on a plain sheet
of paper by marking in a circle wjih a "specially desig-
nated pen." Upon further examination the pen appeared
to he a Sharpie marker. Kind of outdated, isn’t it?

Of course, many a re in search > >1 [mother way to
make the whole voting procedure work. Using a web
site or online database would be .1 problem because of
Internet .security. Hm there are other alternatives! E am
the Oracle Database Administrator for an Internet com-
pany in my slate, and can sec where a good database ap-
plication could come in handy here.

First, each voting urea would he equipped with
computers, networked together. There would be one cen-
tral computer for each center running the actual data-
base, and several client machines running the actual
forms used to input data. A voter would walk in, dick
some radio buttons (or drop down lists, etc.), and walk
out. When voting was closed, all data would be in this
main server, and a preprogrammed report could easily
print out, e-mail, or just save all statistics. It would also
produce an encr> r pted dump file of all voting data,
which would be sent to (by means of a burned CD, a
ZIP disk, or ftp) and imported into the main database for
the state once voting was finished to count up state
votes Or the dump could be loaded as a separate data-
base on the main stale server, and replication could he
used to pass over the necessary data. Again, a report can
produce statistics.

Because of the contracts the government has with
Oracle, I cannot see a system like this costing very
much in the way of licenses. The computers would
probably He the most expensive part, but the clients
wouldn't have to be state-of-the-art machines by a long
shot!

SiON42

Dear 2600 ;

I just finished reading your comments to chrisbtd
about the voting fiasco in Florida. You said anything is
potentially better than the current system, so here arc

my thoughts.

I thought of using USB devices for the input and us-
ing a l 'SB hub to connect multiple devices to one com-
puter. Where 1 live we use the infamous punch card
system, where when you flip the page it exposes another
row of holes for you to punch. So I thought l could keep
the idea simple and have a similar setup (l wouldn't
want to get people confused again). Instead of voters in-
serting and removing cards the area under the matrix of
holes would be replaced with the USB devices, flic
USB device would have a switch and an LED for each
hole in the current machine. When you insert the poker
tool it presses a small switch, which lights an LED in-
side the hole. Selecting another candidate for the same
office would remove the previous vote and him (he light
off (through a hardware XOR). You would have to add
two more steps though, actions to start and stop some-
one's voting period, Easy enough - when the poker tool

w hen n is replaced the session is ended, period. Now,
you criminally inclined tire thinking something which l
am getting to. In order for the machine to be aide to start
a session, the poll worker has to activate the booth.
They will do this once you hand (hem your ID. (Here
they (Like and check our IDs and our voter registration
card to make sure we only vote once. Maybe, l could
also add a bar code scanner to scan IDs 111 quickly.)
Once ,1 session is ended, the voting machine has to be
reactivated by the poll worker before a new session may
begin 1 may want to add a step that doesn’t allow' die
session end to commit the new data until a new session
is started or the poll is dosed. This would allow poll
workers to clear the session if some less intelligent
voter made a mistake and ended their session early.

I am mu a USB expert, but 1 believe that each device
connected to a computer has to have a unique identifier.
I have never connected tw o of the same peripheral to
Otle computer via USB, so I am really not sure how this
would work. But, if they did have to be unique we
could have a series of color or letter coded devices, so
that a poll worker wouldn’t connect two devices that
would cause a conflict.

Now more on the poll worker end of the plan. I start
by connecting those USB hubs to Windows machines,
Wc would use Windows machines for a variety of rea-
sons: One, Windows offers good USB support. Two,

N1X machines would require an operator with some

intelligence. Three, I don’t care for Macintosh toys.
Four, and most importantly, most governments already
have Windows computers. See, I am slightly Libertarian
and I hate when government spends more of my hard
earned money. Also, every time I have voted, it has been
in a school and I know (around here at least) they have
Windows computers in the schools. And, since we are
talking about money, the USB devices should be manu-
facturable for a fairly low price. There are tons of kids'
toys selling tor a couple bucks that are technologically
more advanced than my proposed devices.

Now to the software, I would provide each voting
computer with a single CD, off of which the voting de-
vice drivers would he loaded and the voting software
would fa- run. The software would run a database to
store the votes and provide an easy GUI for the poll
workers to use Each voting computer would also get a
series of 3,5” disks, to which the votes would be
recorded. The votes may reside on ihe hard drive during
the voting process, hut will be automatically transferred
to disk when the polls are dosed. The 3.5" disks would
be taken, via Courier, to the elections board, fust as they
are done now. This leaves out networking for now, be-
cause 3 don't feel we are ready for that. A temporary
government network is a disaster waiting to happen. It’s
temporary, it’s government, it’s a computer network, it
ain’t happening in the near future I’m afraid. The good
thing about my method is that it could be easily up-
graded to have network support in the future just by up-
grading (he software. Then again, you could have the
program dial out via modem to the Board of Elections
once the polls dose. These are my ideas. I just hope
someone some day will actually improve the current
system.

cstoll

Page 48

2600 Magazine

Reusing e xisting computers from ti school probably
isn't such a good idea considering the many 1 veird
pieces of software that could have been installed during
their stay. And if 's possible someone could come along
with a bunch of identically marked floppies and steal
the election. There are some good ideas here hut we in-
vite our readers to try and tear this and other pmposuts
apart as it's the only hxiv we're going to get an m heir.

Dear IdtHh

Don’t mean 10 brag loo much but in lute November
while everyone wax still trying to hgcue mit ii < lush or
Bore had won (he election, Canada had an election too.
A country of about thirty million people .u ress >U time

zones (and the second largest try in ihe world) had

all of the votes tallied, by hand, in about ti r hours. Oh,
and the ballot was (he same fioui lomnlc, Ontario to
Alert, Nunavut. There was a candidate's name and be-
side the name a big round euele. Von put an \ m (he cir-
cle and you had just voted lor the Could it he

any simpler?

Michael

l tear 2600:

Here's the $3W voting iii.h lime ,1 cheap diskless
4$6 (hat boots from a Cl) ih.'ii holds the info for that
precinct and that runs .1 (inn h n cn 1 lie \ nice touches
the face of his chosen candid.! n\ (he machine asks if
he’s sure a few times,, and ai ihe end the voter ls shown
all of his choices. The machine (lien burns (his lo a CD
after each vote. The info 1 ■ iKq held in nvum for re-
dundancy, The machine is lot kol m .t box with no key-
board, just the monitor. Duly the mourn n needs to he in
the booth. At the end of the election the machines are
impounded (to preserve the integrity of (he nv ram) and
(lie WORM CD (nol rewriteable) i- ■ nl Its Id I and tal-
lied. Tins system can’t be screwed w ith and is nearly id-
iot proof i except for the pramlaini y idiot < nulid ties thuj,
we can't seem to gel rid of).

anop

Article Feedback

IK.11 2600 :

Regarding “Microsoft's Hook and Smkci LcXer
was cl ose but no ci gt ir, The re vc ri tie xt re im from all l he
certification programs is insignificant relative to the
other business Microsoft doc*. Most ol file revenue is
generated and retained by the businesses running die
system including the test administraim s. (he educational
facilities, book authors, book publishers, and ihe resi
Also, the information to puss the exams is not solely
learned by attending their courses, Web sites such as
www.braindump.com and test preparation sere ices such
as Transcender provide the necessary in form at ion. Fur-
ther, it is impossible to expect to learn how to adminis
ter an operating system as complex and quirky as NT
4.0 or Win2K effectively without working in the envi
moment, discussing matters with other admins, and
keeping abreast of the current release information. Fhat
ss the irue way to pick up the ’’tricks" and inside infor-
mation that lead to proficiency. The main reason is that
Ihe NT 4-0 exam is based upon the original release of
the operating system from I 996. The software is con-

stantly evolving and (fie exams do not lake that into ac-
count for other reasons.

Only in the last paragraph of your article did you
touch on the correct reason for Microsoft's trickery Mi
erosoll sought to set die certification standard artifi-
cially liigh to increase the value of certification to both
the certified and the operating system through the per-
ception of standardization regarding (heir unstable
products. Rather than create a stable and efficient prod-
uct* Microsoft tried to develop customer confidence by
instituting a professional certification system dial cre-
ated the appearance of stability and high standards m a
profession sorely lacking critical measures for em-
ployee skill sets. Once again Bill Gates proved a better
business man than a software developer. Experience is
the real teacher but one needs an MCSE degree to land
one of the belter jobs. The employer's perception is
manifold* When the hiring process begins, it is easier to
separate the men from the boys, or so (he employer
thinks, by requiring a certification. He can more easily
justify the hire of an admin at a higher salary based
upon paper credentials. Lastly, the certified can demand
a greater salary based upon their credentials.

Ironically, the reality could hardly be farther from
the truth,, 1 am not certified yet l am responsible for ad-
ministration of my organisation’s domain. The other
professional IT staffer and I have three people working
lor us in our IT department. We have worked through
many a “paper" MCSE - people able to pass the tests yet
unable to handle the work.

Sorry l.eXer, maybe when you have worked in the
licit] lor a while you will have a better understanding of
the situation. By the way, there are many exceptionally
good reasons to loathe Microsoft; you got that right!

reuven

Dear 2600:

Ok, lo start, E Jove you guys to death. You Ye my he-
roes.** mostly. Great job on 17:4. Lotsa neat stuff.

Now, to ihe point: page 44 of 1 7:4, ’’Radio Shack’s
Newest Giveaway* 5 * Sorry; guys, but you totally blew it
on this otic, This had to have been sent to you from
some tweak at Digital Convergence to get more cover-
age on this gizmo from hell. The major point here is that
unmodified, this thing transmits a serial number back to
DC* which links across 10 the registration info you gave
diem on yourself when you installed the software to in-
terface it. Getting this? You’re plugging a product that
gives Radio Shack and Digital Convergence loads of
demographic info, right down to your e-mail address or
telephone number (whichever you think is more impor-
tant), each lime you nail a barcode with this tiling.

The article totally missed the point of the mod abil-
ity ol these things - that the serial number's kept on a
chip onboard the godawful little (lung, that can be dis-
abled by cutting ground on the chip: and that by running
a lead from the positive voltage onboard the thing to one
of live test probes on the board (position varies from
one board rev to another), the thing can be forced lo out-
put straight data, non-uuencoded.

Give this a shot - open up a text editor and scan,
straight into it. with one of these things, Three fields: I
is the serial number, 2 is the barcode type, and 3 is the
barcode data, all uuencoded. The device this kid is brag-

Spring 2001

Page 49

ging about is cursed, and ain't useful unless people
know the story on ii* and what if s being “given away”
ior. All the rest ut the data on these things, right down to
□ BOM for each revision, is available with a couple of
searches.

Sorry for the rant; just had to get that out of my sys-
tem,

Tim

And you were right to do so. Whilt ■ the points you
mention were widely known when ice printed the article,
there was no way we could add them without writing mi
entirely new article, which we just didn't hove the time
to do. Bui by running the existing text, we got no less
than nine new articles with additional info, one of which
w’t? have printed in this issue. We hope people remember
that this is the nvn 1 2600 works - oar info may not al-
ways he 100 pen cut hut with some fine tuning and
reader inpul , we ran keep getting closer.

Dear 2600:

“‘New radios would Slave to be bought” [if commu-
nity FM takes over current VHFTV frequencies ]? Not.
My Sony Walkman (and lots of other units now out
there) have a Japan mode that receives broadcast FM
down to 76 MHz. Just give u.s TV 5 and 6, Fox Char-
lie A 2. We're already prepared.

v-dick

That makes it an even easier transition. Bur the only
uvjy this is going to happen is if the proposal becomes
known throughout the nation - namely, allocating the
future vacant audio signals from analog TV stations to
community radio, IPs vital that these new stations not he

conune raid qnpttri oj any existing bnutdcusi network,

^ ? ;4 "I*- BUB Mr JH mm Wf CTEJP fll

Fun in the Stores

Dear 2600:

1 just yesterday picked up the new- issue, 37:4. and
was chuckling at the cover art while paying for it when
one of the store clerks said to the one who was serving
me. "Did you gel any ID for that ;'’ 1 The one helping me
out said, "No, 1 thought I 5 d let it slide this time." [ natu-
rally asked what the hell he was talking about, and he
■old me that they normally have to take three pieces of
pholo ID from anyone buying 2600, and once a month
l he list is forwarded to the RCMP (Royal Canadian
Mounted Police) and CSJS (Canadian Secret Intelli-
gence Service) who (hen forward the list to the FBI. I
was taken aback for a moment, thinking that Canada
had finally gone in hell, when ihe two clerks started
laughing their heads off and one gleefully exclaimed
{ iotchal” Boy. was 3 relieved.

t he fact that I had to take that possibility seriously
serves as a testament to the ever-growing tensions re
garth ng freedom of speech. As J understand it, one tit
the fundamental freedoms guaranteed under the Cana-
dian Charter of Rights and Freedoms guarantees "free-
dom of association." inherently covering literature. Tve
read horror stories about bookstores keeping 2600 be
hind the counter and only available upon request, but re-
quiring ID would have made me want to go home and
hide under the bed. ] w r ould stress to everyone in
Canada and any foreign nation to keep in mind that just
because things like the DMCA pop up in the US doesn't

mean that the rest of the world is asleep. We've got to be
just as aware of threats to fundamental freedoms that
are going on within our own borders as well as interna-
tionally. l uckily, what I encountered was a joke, but it
could happen.

In the meantime. I’d like to congratulate the guys at
Toronto Computer Books for scaring the pants off of
me. Good work.

xcham

Dear 26(H):

So ihe other day J was at Babbages just checking
oui stub when I overheard some other customer say to
the elefk, "Hey, do you guys sell tone dialers?" Instantly
I looked up to see a group of three junior high aged kids,
a contused looking clerk, and another customer shaking
their head in disgust, The clerk said. "Umminm, let me
go ask my manager." Just thought I’d share another
story on how stupid people really are. Come on, of all
the plates to go and ask for a tone dialer, why Bab-
bages?

AquaGEow

Hr re wondering how the other customer knew to
he disgusted, But let's not prog ram ourselves to think
this wav. There is nothing wrong With buying hardware
and even if you 're 99 percent sure how these people in-
tend to use d t you soil don > know for sure.

Legal Questions

Dear 26(H);

If someone were to, say, memorize the entire
DeCSS source and could repeal it perfectly so that
someone else could write it down, what would the
M PA A do? Sue the guy (or gal) for his memory? Or just
tell him not to tell anyone? And what would happen if
someone got it tattooed on them selves, someplace obvi-
ous. then walked around on the street showing it off?
What exactly could the MPA A do? Is a tattoo, in fact,
not a work of art?

Joseph

Dear 2600:

I ant from Canada and was wondering if any coun-
tries other than the US have laws similar to the Digital
Millennium Copyright Act?

Hy Stress

t hfnrtunately, with global bodies like WlPO , the
H 7f), and more regionalized entities like NAFTA and
the European Union, it's become far easier to get such
taws passed throughout the world , A cousin of the
DMCA known as the Digital Agenda Act recently came
into existence in Australia, technically making it a
crime to forward e-mail without permission We fear
there will be more ill-conceived legislation worldwide
before this is over.

Advice / /

~TT M ■■ J'W wr

Dear 2600:

3 am an administrator at a school, and 1 wanted to
give the readers of your magazine the perspective of an
administrator regarding student IDs, computer net-
works, hacking, and education in general.

Page 50

2600 Magazine

People do not go into education tor the money -
there isn't any. They go into education wiih a desire to
teach students to think. All your teachers, administra-
tors. and counselors all got into education to make a dif-
ference. Today they are dealing with a small percentage
of very troubled kids who have been abused at home,
are neglected, regularly use very addictive sub-stances
like coke atid heroin, engage in violence and prostitu-
tion, and threaten violence on a daily or monthly basis.
It is hard to create a nation of literate i ree thinkers when
you find out that a kid is talking about suicide, his/her
parents don't provide enough food, the 12 year old is
sleeping with both her father, uncle, and aunt at the
same lime. Your teachers may be a bit distracted over
these issues, 1 just wanted to leacli Plato, Malcolm X,
and Gandhi, Now I have to deal with a society in crisis
and parents who just don't care about their kids, and
some teachers who arc not up for the job.

Every event creates a reaction and the reaction to
this crisis has been the creation of factory schools
(2000+ students) and large classes l 35+). As your read-
ers know, it is impossible tor kills to get the kind of true
education where you learn io think for yourself, solve
complex problems, and develop a system of ethics
based on responsibility to your community and the
world in this kind of environment Schools are teaching
students that they are numbers, as the letters of
joePUNKl02 and data refill attest. I do not think that
this is part of an organized plot to eliminate freedom
and liberty, I have worked at several public and private
schools. Sorry, the average i cue her and administrator
are not that smart, They are just trying to maintain some
measure of control. Ninety percent of the students w ho 1
have encountered are not a threat to themselves or oth-
ers. However, there are a lot of troubled kids out there.
Run the numbers. If your school has 2000 kids, 200 of
them will be involved in some major crisis at any given
moment. This takes up a lot of time, and prevents me
From teaching you Plato* Malcolm X. and Gandhi,

If you don’t like your ID cards, organize a strike
and burn the cards in a public ceremony off school
grounds and after school hours. Get the proper permits
from the police and fire departments, call the TV sta-
tions, and get the press involved. An act of rebellion
means nothing unless it get some press. Study Gandhi
and use him as a guide for your acts of nonviolence and
civil disobedience. Get the students of your school to
wear coats and lies and inarch in mass to the town
square. With permits in hand and news crews watching.
se( Eire to the permits. Make sure that nobody is going to
get hurt. A person has to agree to be oppressed.

Computer administration is the btme of my exis-
tence. Any smart administrator knows that ihe kids are
more sophisticated than any adult when It comes to run-
ning a network, Most public schools do llieir IT in
house. Usually the technology director is a burned out
leacher or librarian who is near retirement. That is all
l hey can get. The old geezer is scared oul of their wits
hy the 13 year old who knows more about network, ad-
ministration than he/she does. They have no control and
i hat drives them crazy. You can make a loi more money
m the private sector so you are always dealing with
.omebody who is way over his or her head. You have
three options as a student:

1. Hack the network and make it your ow n Realize
that your teachers know more than you think. I cannot
believe what students leave lying around on their open
accounts, El you hack a system, you will make mistakes
and sometimes these will bring the system crashing
down. Then your old geezer technology director will be
brought into the principal’s office and somebody will

pay- 1

2. Get your school to give you old equipment or set
up ail organization that accepts computers from bust
nesses and corporations in your area. Download UNIX
and create a student network of yourowfi, Most princi-
pals will go for this idea if you get a member oi the stu-
dent government to sign on to it. Tell them that this will
cut down on the problems that the school is having with
their own networks, and that this will help you get into a
good college, t Administrators and teachers love this
sort of thing.) Get started on your Beowulf cluster.

3. Do nothing and remain a pissed off alienated
teenager, hacking into a bullshit school system.

It is sad that l have to fell you the following truth. If
you are from the middle -class, and arc an average stu-
dent. you arc getting a very poor education. You need to
educate yourself. Start off by getting a group together
and picking up the Autobiography of Malcolm X. Read
the entire book and talk about it with your friends. It is
the story of a man who educated himself. If you are liv-
ing in the hurbs and are white, His especially important
for you to read this book, but be aware that this Is a very
subversive act. Then read the Plato's Republic and get
ahold of a really good book on UNIX. A
philo soph er/h acker will have a bigger impact on society
than just some kid smoking dope, watching TV, and
wasting his/her time, A hacker is a revolutionary, and
there H no more revolutionary or subversive act than to
become educated.

3 wish I could have a school filled with hackers. I'm
waiting,,,.''

noname

Technological Nightmares

Dear 2600:

In response to the comment by data refill in J7:4
and the editor's comment* there is a technology that al-
lows tracking of your toddler. The child wears an anklet,
similar to house arrest anklets* and the
parenVguardian/hackcr w ho has access to a custom web
page can track the exact location of the child through
Global Positioning System from anywhere in the world.
Personally, 3 think this is a retarded thing to do. But
i hat's just me.

Xerxes 2695

It's important to Explain why though. People will
take your position more seriously.

Dear 2600:

Back in mid-November. 3 decided to get DSL ser-
vice. I was told it was available in my area. I w m told it
would take two weeks. That was almost three months
ago. The turn-on date has gone from December 5lh to
December 18th, to numerous other dales, to “’pending.”
I give up.

Jeffrey

Spring 2001

Pag e 51

Y&u think ymt have problems? ft s standard practice
where we are for Verizon to claim that a location does-
n i qualify for DSL when the order is placed through a
competing ISP. But they will then offer to hook the cus
tamer up if they agree to use Venwn as their provider.
This has become so commonplace that ISPs actually tell
customers to expect it,

Dear 2600:

\ thought some people out there might tike 10 know
about a new thing taxi eompiinies are using for their dis-
patch instead of the radio. It's the new Mails tat ions.
They're really cheap ($79) and it's a gnn>d idea tor the
companies to use because with the c mail there will lx*
no messed up address since it's right on the screen. The
e-mail tor them works like this; It the company is Yd
lowoab^ it would be eiiniiiinber^ ycllo wcab.com. Jlim
play nrouad with it until you gel it to work.

A Cireun A

You \r inadvertently explained why this is a BAD

idea.

Dear 2600 :

It appeal's that each and every individual entering
the stadium for the Super Bowl had their “face
scanned/ I ni happy and grateful that law enforcement
is looking out for all of us in this sweet Orwellian fash-
ion. Aren’t you?

Dalai

And the only reason we even know about this is be-
cause they chose to tell us.

Dear 2600 ;

J’ve been a reader for all of two issues but 1 like
what I've seen. I was just wondering if any of the 2600
team or the readers had seen the piece about [he soft-
ware used to identify terrorists at the Super Bowl. Ap-
parently ii was never, ever designed to he used with a
large crowd. In the report, they showed just six people
walking past a security camera. One of their images had
been specified as a known terrorist <no. he wasn't re
ally) but die software jailed to identify him because it
didn’t have time to collect multiple images while other
people were walking around. In fact* the results often
merged two or more faces together, creating images of
nonexistent people.

Wow. Not only do they invade your privacy, they
do it badly.

TheChaotic_l

Don 'r worry, they 'll get better :

i v/tT.. ' *jfii ' * k. dCt|

Offerings

\teur26W;

First off, I myself am not a hacker I try to learn
everything I can about the subject but l don't have the
mind to sit still for eight hours trying numbers. Recently
I got a job working for a survey firm that dials nation
wide going over the phone surveys for such companies
as NASDAQ, Prudential, Fidelity Investments, and
such. In doing my eight hour shifts of dialing and dial-
ing, 1 frequently come across data lines, For reasons
which I can't explain {even to myself), 1 began record-
ing these numbers. I have over a hundred now and I get

about ten a day, Many of these numbers are probably
just harmless business numbers but since our dialing is
completely random. I'm sure there is something inter-
esting in there, E am wondering if 2600 would be inter-
ested in these numbers for personal use or for print.
They are yours if you’d like, and I can gel you another

a week if you want them updated. Let me know.

Simon Jester

It used to he that lists of interesting and mysterious
numbers would always he circulating iti the hacker
world. There are certain !y more numbers now than ever
so we would welcome any such It si, If all the telemar-
keters did this for us, we might cancel some of the con-
tracts n r have out on them.

F rum The Inside

1 fear 2600:

First, I must let you know how much I enjoy your
zinc. It kicU ass - straight truth* facts, and pure knowl-
edge without any mind polluting commercial advertis-
ing crap. Sadly* now even Mad Magazine, a favorite of
my youth, has caved ill to korporate Lisli and begun to
accept advertising. How xydf

Most importantly, I have to give props to my friend
Zyklon for reintroducing me to 2600. 1 hadn’t read one
since the early 90's. I'm also very pleased to say that at
8:00 am PST today. Zyklon went home. Released from
this freaking hellhole Unfortunately, like Kevin, he is
not free lor a few more years, He said that il he is lucky,
his P.O. will be mellow and let him use a computer, his
under very unfortunate dream stances that E had the op-
portunity to meet and get to know Eric a little. Hut I cer-
tainly am quite glad to have met him and am pleased to
count him among [hose few I call friends. He is an indi-
vidual of great intelligence. He was, like others, sen
on sly misunderstood and feared for his knowledge.

James

Dear 2600;

Hi! With only seven or so hours of incarceration
left, I thought I’d write and thank you for all you have
done for me, and for spreading information to the public
to help light the good fight. It was a gtKxl experience
seeing our country, our society, and our government in
action* and I have come to see what 2600 really stands
for.

1 wish you I nek with all your troubles, current and
future, and hope for all our sakes that reason and free-
dom will prevail,

Eric Burns

Welcome back Putting someone in prison for sim-
ply hacking a web page still seems unbelievable to us.
But we re glad you 're out and keeping a positive out-
look on the whole thing, Further proof of a non- crimi-
nal mind

Page 52

2600 Magazine

by Kmmanuel Goldstein

As a race* we must always redefine our
boundaries. That which was impossible in
the past becomes attainable and even com-
monplace in the future. 1 he boundaries of
tolerance have been in constant movement
since the beginning of recorded history. In-
deed, even the boundaries of space itself -
ihe very edge of the uni verse - have not re-
mained constant*

Takedown is a movie that redraws the
boundary of bad. To critics and movie
buffs, this will be an inconvenience, as long
established champions ot bad cinema such
as Plan 9 From Outer Space or Watevworld
may lose their spot m history to this relative
newcomer.

At 260(1 wc had to go to a bit of trouble
to actually see this film. Since it's already
been released in various countries around
ihe world, it’s now possible hi see a video
or DVD copy if you order it from one of
these places, (It’s still a no show in the
United States and after finally seeing it l
can understand why.) We got ours from
France - via www.amazon.fr - where the
film goes by the name of Cyhertraque,
Note that you will need a DVD player that
can get around the region -locking nonsense
that makes it a pain in the ass to view for-
eign movies. The irony here is that this is
an American film which most Americans
are technically unable to view. Not that
very many would want to* but the choice
should be theirs.

You see* none of us wanted it to come to
this. Wc tried to stop this grossly inaccurate
and unfair portrayal of the Kevin VI it nick
story as soon as we found out about it back
in 1998, It was based on an equally dis-
torted and biased book of the same name
w ritten by John Markoff and Tsttlomu Shi -
momura way back in 1995, the year Mil-

nick was arrested* And when wc saw the
script* we knew something had to be done.

I mean* Ihey portrayed this guy as a violent
racist criminal who went through life cheat-
ing and stealing. The one infamous scene
wc objected to had Mitnick ambushing Shi-
momura in a dark alleyway in Seattle
where he then clubbed him on the head
with a garbage can lid. (That scene was
later removed.)

Wc tried everything to reach the folks at
Miramax - phone calls* visits, even a
demonstration outside their New York of-
fices* We never got a response. Fven when
we visited the set in North Carolina, they

Spring 2001

Page 53

wound up literally running away from us.
They never believed that all we wanted to
do was ensure that the story be told accu-
rately since the guy they were portraying
was stuck in prison unable to defend him-
self* They probably believed that everyone
in the hacker community exists simply to
create mayhem. Reports that tillered down
to us confirmed a high level of paranoia on
the set.

So it s little wonder that the film sucks,
that foreign audiences worldwide have
united in their rejection ol it, and that it
may never get released in this country* Bad
storytelling has a way of not working out.

The DVD we received also contained a
real life Kevin Mitnick interview, some-
thing that surprised Mitnick quite a bit
since he had never given permission for it
to be included! The attaching of the real-
life Mitnick" s image to this product falsely
implies that he endorsed its release. He
most certainly did not.

From the opening moments, Takedown
misses the boat on hackers in general and
Mitnick in particular. TV images reveal the
threat and fear of hackers, who engage in
w idespread information distribution know n
as ‘hacker communism ft gets worse.
When Kevin and hi s friend Alex go to meet
sleazy hacker “Icebreaker * (based on real-
life hacker Agent Steal), it's in a strip bar.
“You set up this meeting. ' Kevin (played
by Skeet Ulrich) says disparagingly to the
soon to be revealed federal informant. As if
hackers operate by setting up meetings in
the style of underworld crime figures.

“This is where you get into trouble, "
Alex (played by Donal Loguc) warns
Kevin when he tries to find out more infor-
mation about some computer system some-
where. But Kevin is right there with an
even blander response: “I just have to
know." Said with all the passion of a mana-
tee.

Passion is just one of the qualities lack-
ing m Takedown , where you're left with the
overriding question: Why should 1 care
what happens to any of these people? There
are only two characters I liked in the film
and both of them w ere minor roles - the tw o
techies from Cellular One. Maybe they just
seemed like the only human beings in a
film of stick figures, I don't think Tve ever
seen a larger assortment of sulky, sullen.

spoiled brats in a single production.

When Alex goes to meet Kevin in a dark
alley w hile he's eluding the feds, he utters
what is likely the most prophetic line of this
90 minute ordeal: “Aren't you taking this
cloak and dagger shit a little far?" 1
changed my mind - 1 like Alex too. Because
I know deep down he was aiming that line
lit the director.

Takedown never seems to synch into an
actual plot at first it's about Kevin's at-
tempts to learn about a phone service that
allows any phone to be listened in on. Then
it’s about a fictitious phone company called
Nokitel and the obtaining/cracking of their
source code. Then it’s Kevin vs. Tsutomu
for no particular reason other lhan Tomu
calling him “lame.” The ultimate insult,
Then it's Kevin running from the FBI and
becoming the Bionic Hacker as he leaps
over fences in slow motion. And, naturally,
in the end it s about a virus called Con-
tempt that apparently can do everything
from crashing planes to stealing money,
Kevin has to enlist the help of 10,000 uni-
versity computers to “crack the code” be-
cause he ju^t “has to know.” All the while
the FBI is stumbling over themselves to
track him down while Psutomu sneers in
the background at their incompetence.

Apart from the amazing ability to make
his face appear on the screens of computers
that he’s hacking. Takedown s Mitnick has
no special skills. He's just a nasty person
who treats women like crap - he refers to
his own mother as a bitch and tries to se-
duce a big-toothed potential girlfriend into
the world of scanning when all she wanted
was sex. These little character traits of his
were completely fabricated. They only
show how the writers didn’t care at all
about the real Mitnick whose integrity they
were destroying.

And don’t get me started on the techni-
cal stupidity. Who the hell had fiat screen
monitors in 19947 And why does Mitnick
seem surprised that a payphone call costs
35 cents? (He quickly solves that problem
by holding up a tone dialer to the phone
and... dialing touch tones ! How could any-
one dare to call him lame?) I don't know
what they were trying to imply w r hen an
FBI agent was reading a headline and it lit-
erally took ten seconds For tt to scroll by!
And why in (iod’s name does Shimomura

Page 54

26(H) Magazine

refer to an overheard phone call of Mil
nick's as a modem call when it ’s quite obvi-
ously to a fax machine?!

But the biggest gaffe oi all lies in some-
thing that was apparently edited out. All
throughout the film, the main FBI guy
(aptly named Gibson) is walking around
with a huge unlit cigar in his mouth - even
when he’s standing m his house after Mit-
nick turns off his water, gas, and electric
from a payphone, h never seems to leave
his mouth. Yeah, it's gross an d disgusting,
but what the hell is the point? Well, in the
script, we realize that tins guy only lights
the cigar after he captures the criminal. So
guess what scene these geniuses decided to
cut? This seems to have been patched to-
gether with all the case ol the people who
fill potholes in New York

But don't take my word lor it. Read the
profundities o I Takedmvn in its own words
from various scenes:

" Privacy ? Never heard of it. ”

14 This is like no kind of code I've seen
before . "

"I'm a hacker Mitnick 's a cracker. Big
difference , "

"When you thought you were talking to
Netcom, you were talking to me.

You were the machine?

Yes , / was . "

M You did not get this from me. I do not
want Kevin Mitnick coming after me .

"He said I was lame l

Kevin, he didn t know it was you. "

if The question is how. : The question is
always how . "

In my opinion, the question is why. This
travesty could have been prevented if only
a dialogue had been established. Instead we
have a film that actually makes region
coding seem like a good idea.

? Have you felt your life has no purpose because you
missed 1I2K7 Well, it was a great conference so you
should fed pretty had about missing it. no question
there. But now there is a wav you can sort of attend
even though it'll cost more and the people won't
respond when you ask them questions. I hat's
the 11 2k videos are here! W hile we didn't capture
everything, we did manage to gel around 30 hours
of the various panels, including Jello Bialra's
J keynote address, the mock trial, social engineering,
m DeCSS panels, and more. IF you were there, this is a
great way to see the panels you missed or relive the
ones vou saw.

All tapes are in YHN NT 'SC format, Vou can order
here or at our online store < w w w, 2h00.com) w here
more of a description for each panel is available.

You can also listen to the audio from these panels on
our w el

Each video is $20 and runs between 90 minutes and
two hours. Some videos have two tor even three!)
panels per tape.

2000

l>0 Box 752

Middle Island, NY 11953
To order online, v isil w w vv .2600.com

Spring 2001

Page 55