The Hacker Quarterly 

Volume Eighteen, Number One! 

Spring 2001 

$5.00 US, $7.15 CAN 








“Why is it perfectly legal to post a diagram of how to build 
a bomb on the net, but you can’t post a code that de- 
scrambles DVDs?” - The March 3, 2001 edition of “Boon- 
docks,” a daily comic strip written and drawn by Aaron 
McGruder and seen in newspapers all over the county. It 
devoted three days to the DeCSS controversy and, unlike 
virtually all news reports, got the story right. 



Editor-in-Chie f 
Emmanuel Goldstein 

Layout and Design 
ShapeShifter 

Cover Concept and Photo 
Bob Hardy, Ben Sherman 

Cover Design 
The Chopping Block Inc. 

Office Manager 
Tampruf 

Writers: Bernie Billsf, Blue Whale, 
Noam Chomski, Eric Corley, John Drake, 
Paul Estev, Mr. French, Thomas Icom, 
Javaman, Joe630, Kingpin, Miff, Kevin 
M it nick. The Prophet, David Ryder man, 
Seraf, Silent Switchman, Scott Skinner, 

Mr. Upsetter 

Webmaster: Ely knight 

Web Assistance: Fearfree, Kerry 

Network Operations: CSS, Phiber Optik 

Special Projects; mlc 

Broadcast Coordinators: Juintz, Cnote, 
Silicon, AbsoluteO, RFmadman, BluKnight, 
Monarch, Fearfree, Mennonite, jjjack 

IRC Admins: Autojack, Khromy, Kozik, 
Muted, Tprophet 

inspirational Music: Terry Draper, 
Sentridoh, LKJ 

Shout Outs: Rachel Barr, Janice Bryant, 
Dave Burstein, Bob Fass, Juan Gonzalez, 
Amy Goodman, Stiaran Harper, Patty 
Hefdey, Robert Knight, Al Lewis, Errol 
Maitland, Mario Murillo, Ken Nash, Mimi 
Rosenberg, Anthony Sloan, Scott Sumer, 
Carol Spooner, Eileen Sutton, Valerie Van 
Isler, Bill Weinberg, Bernard White 


26001 ISSN 0749-3851 ) is published 
(juurtcrly by 2600 Enterprises hu 
7 Strong's Lane, Setauket, NY 
11733.' 

Second class postage permit paid at 
Setauket, New York. 

POST MAS! ER: Send address 
changes to 

2600 , P.0. Box 752, Middle Island. 
NY 1 1953-0752. 

Copyright (c) 2001 2600 
Enterprises, Inc. 

Yearly subscription: U.S. and 
Canada * $ 1 8 individual, 

$50 corporate (U.S. funds). 
Overseas - S26 individual, 

$65 corporate. 

Back issues available for 1984- 
1 999 at $20 per year, 

S25 per year overseas. 

Individual issues available from 
1988 on at S5 each. S6.25 each 
overseas. 

ADDRESS ALL 
SUBSCRIPTION 
CORRESPONDENCE TO: 

2600 Subscription Dept., l’.O. Box 
752. Middle Island, NY 1 1953- 

0752 (subs@2600.com). 

* 

FOR LETTERS \M> ARTICLE 
SUBMISSIONS, WRITE TO: 
2600 1 dltoriitl 1 >cpl,. P.O. Box 99, 
Middle I d anti N't 11953-0099 
< letteis@2600.com, 
unities*" .'MHi.com). 

2mn < Mllt< Line: 631-751-2600 
2MM I V \ Line: 631-474-2677 


t * 




Sl 8 ns 0 f Hope 


As our appeal of Iasi ye at DeCSS case 
draws closer (at press time it w;i *ri b < b< h .in l 
by the Second Circuit Court ol \pjn U in earl\ 
May ), we realize how mud vv e ' \ .u . . mi| 1 I 1 .1 u d 
since this whole ordeal started and hm mia h 
other people with half a clue have eon " Join 
too. That’s not to s:l> that a lot ot hud lul l ha n i 
happened - we know loo well about ill a! lut 
New bad laws, new threats, more stifling “I tec h 
nology and speech throughout the world, lint de- 
spite all that, we’re going into this with a i il 
feeling of optimism. 

As time passes, more people seem to mili/c 

the true motives of groups like the Mot Pit 

ture Association of America and the Kecordim 
Industry Association of America, fliev n m>t 
about protecting the rights of struggling artist 
bolstering creativity, or giving consumer a I m 
deal. They’re about maxi mi zing profit plain .uni 
simple, And as things continue to go the ir wav 
thanks to laws tike the Digital Millennium < ■ p 
right Act. people slowly start waking up to the 
reality that maybe then best interests haw been 
completely ignored. 

Perhaps the most dramatic display ot this 
overdue realization came in remarks made by 
Rep. Rick Boucher {D-VAi m early March he 
fore a Consumer bdeetronics Association Confer- 
ence where he seemed to actually realize the true 
dangers of the DMCA: 

"The time , in my opinion. has ft one for the 
Congress to reaffirm the 1 air Use Doctrine ami 
to holster specific fair use riff his, which are e<nv 
at risk. In 1998, responding to the concerns of 
copyright owners. Congress passed the Digital 
Millennium Copyright Act. The announced pur 
pose was to protect from piracy copyrighted ma- 
terial in an environment which poses special 
concerns for copyright owners , They made the 
point that with digital technology , a copy of n 
copy of a copy has the same clarity and perfec- 
tion as the original of the work. They of so made 
the point that in the networked environment, with 
i he single click of a mouse, thousands of those 
perfect copies cun he sent to people throughout 
the nation and the world. 


'The DMCA is the result of the effort hy 
i 'ongress to respond to those realities. There are 
some today who believe that the legislation went 
foo far. For example, it creates, in Section 
1201(a), a new crime pf circumventing a techno- 
I oyi eol protection measure that guards access to 
1 1 i of weighted work. Under Section 1201 , the 
purpose if the circumvention is immaterial. It is 
1 1 crime to circumvent the password or other 

■ in iia v, even for the purpose of exercising fair 
usr mbits. There is no requirement that the eir- 

■ \au\i -e;, it he for the purpose of infringing the 
eitp\ n vhts \ n \ net of t i ream vent ion, u i thoitt th e 
i HfiM at i */ the i opy right owner, is made criminal 
nmte t Section HOT 

Vmir non foresee a time when virtually alt 
Men mater tut n til he sent to libraries on CD 
ROMs. With tin matt rial encrypted or guarded 
h\ pa\^wiod\ In eu hangi 1 for a fee for each 
in ww ■; t h * /'ova wo 1 1 1 ma\ t hen be used. A nd so 
it is predh ted that under Section 1201, what is 
iivtutahfc tuiia\ on the library shelves for free 
mil he available on a pay per use basis only , The 
student who wants even the most basic access to 
maienot to write his term paper will have to pay 
for each item that he uses. 

“Several of us made an effort in 1998 to limit 
the new crime under Section 1201 to circumven- 
tion far the purpose of infringement- But in the 
momentum to enact the measure, essentially una- 
mended, we were not able to have that change 
adopted. With the growing realization on the part 
of the education community and supporters of It 
braries of the threat to mi# use rights whit h Sc ■ 
lion 1201 poses, perhaps the tone wilt soon come 
for a Congressional reexamination of this provi- 
sion. 

"Perhaps tin only < < wdttcr that slum Id he de- 
clared criminal is > o i ann . atom for the purpose 
of in fring t • nit • m Perth ip \ 1 1 t> i . - re t in i bed a mend - 
men t could b, iut(u d to custire the con tinned ex- 
ercise th fait use right-, of libraries and in 
a ( 1 htdt tstu \ett in ye m an it h landing the provi- 
sions of Section 1201. 

" And t flunk then - are other challenges. I am 
i otn e tried by the apparent attempt of some in the 


Page 4 


2600 Magazine 


content community to seek to protect their copy- 
right interests in material contained in television 
programs by insisting that the TV signal quality 
be degraded, or by insisting on the use of set-top 
box technology which prohibits all copying. The 
reasonable expectations of teh vision viewers to 
be able to make afn of programs for time 
shifting and other hisfotu ally accepted purposes 
must be honored and must he fulfilled. " 

We suspect that ti re are many others in 
Congress who I eel die same unease but are hesi- 
tant to speak i M.u mist such powerful lobbies 
as the M PA \ .nut tin K1AA. We must encourage 
them to list* n to ihe people who elected them, 
not the special inkiest groups who use intimida- 
tion and money to get what they want. 

In anothei wry public display in early 
Match, cartoonist. Aaron McGruder devoted hi s 
popular ci inn strip Boondocks to the DeCSS 
controversy i an three days, characters struggled 
to understand tin hut'll ing ruling of Judge Kaplan 
this past \ 1 1 g u si which forced 2600 to keep t he 
source code ofl ot our site and even banned our 
linking to other sites that contained this material. 
"Why is it perfectly legal to post a diagram of 
how to bmld a bomb on the net, but you can’t 
post a code that descrambles DVDs?” a character 
asks a teacher. The rest of the strip is blacked out 
with the wouls ‘‘CENSORED. We just don't like 
where he’s going w ith this." 

On a different day. the entire strip was re- 
placed with the words: “CENSORED, This 
comic contain* numerous references to the 
DeCSS code used to bypass the Content Scram- 
bliiig System of DVDs, which, by order of Judge 
Lewis Kaplun, ■* illegal to reproduce in any way. 
We a pot og i a lor the inconvenience, but speech 
that damages the prolits of our corporate friends 
is NOT protected hy the First Amendment. 
Thank you," 

This biting political commentary accom- 
plished mi two sentences what virtually every 
major editorial page has so far failed to do. The 
sobering cnnsei|Uenees of the ruling against us 
was laid out concisely loi all to see. Note that the 
author understood that the code was not de- 
signed fui copying, a fact dial virtually every 
news report on the subject got wrong. 

What this illustrates is that we have allies in 
places we never even thought of. This one comic 
strip reached millions ol people who now have 
some understanding ol what this, ease has been, 
and continues to be, about. I here are probably a 
good many more ways of reaching the public 


that have yet to be utilized. We need to come up 
with more ideas and those people who can help 
get the word out need to come forward. 

And of course, technological rebellion con- 
tinues, We've seen people come up widi shorter 
and more creative methods of bypassing CSS - 
everything from a DeCSS haiku to a 434 byte C 
program to a seven line Perl script. There’s even 
a prime number that is identical to the gzip data 
( in decimal) of the original C source code minus 
tables. T-shirts, bumper stickers, even tattoos 
with such “illegal" code are popping up every- 
where. And it all serves to illustrate the absurdity 
Of the whole thing. 

It’s imperative that w r e keep our sense of hu- 
mor throughout, no matter how it all turns out. 
There are many levels on which we could ulti- 
mately lose - the court case is only one of them. 
The spirit of the hacker community is what is vi- 
tal to this and ail future tights. It’s an inspiration 
to many more outside the scene who can only 
dream of taking on the fights we do. Destiny has 
put us in this position at this time in history and 
we have to continue to stand up for those things 
we believe in - free speech, free communication, 
free access to knowledge, and the ability to con- 
trol and shape technology to suit our individual 
needs. 

We're very lucky to be where we are, despite 
the risks. And we T re fortunate beyond words to 
have such an amazing support network that is 
still growing and developing. Because no matter 
how the DeCSS appeal turns out, you can bet 
there will be more fights in our future. If they 
open half as many eyes as this case has, they will 
be worth the trouble. 



Spring 2001 


Page 5 


Police Searches 
ofm Computers 


by Todd Garrison 

Ignorance of Lhe laws (hat govern your 
everyday life is at your own peril I do not 
advocate breaking any law, nor do I want to 
disseminate this article to criminals lor the 
purpose of making the task of law enforce 
ment more difficult. 1 cannot help but 
knowledge that information here can be ol 
use to criminals, but that is mere coincide m c 
because all citizens have (he right to protei 
tion under the various statutes and rules that 
protect our freedom. 

Because l am involved with infom auon 
security I have taken it upon myself to he 
come familiarized with state arid federal \.w\ 
that affect computers, lam not a law yci Ido 
not offer any of this information ,is such* not 
do I advocate treating any ol what I sa> i 
authoritative, li you suspect that mi , kl\ hv 
involved in litigation or tin indictment that in 
volves computers* get a lawyer Not a lawyer 
who specializes in real esiau- law, or general 
criminal defense Retain a lawyer who spe 
cializes in computer and Internet law. The 
worst possible situation is a lawyer who 
doesn't know how the (computer-related) law 
works and puts you through failed filings 
w hile taking the wrong approach to your de- 
fense, The prosecutor involved in your case 
{assuming it is computer- related) will most 
likely have received specialized training on 
computer- related offenses. In lighi of lhe me- 
dia circus that surrounds hacking and any- 
thing that even remotely relates to a 
computer crime, prosecutors want to make 
examples in cases. So expect that they w ill 
try for maximum sentence and the harshest 
punishments for crimes under the guise that 
future risk can be averted in your case by im- 
posing a harsh sentence before you graduate 
to more serious crimes. 

The inspiration for this article is the re- 
cent publication of “Searching and Seizing 
Computers and Obtaining Electronic Evi 
dencc in Criminal Investigations," a guide 
published by (he CCIPS {Computer Crime 
and Intellectual Property Section) ol the 
United States Department ol Justice, Anyone 
who has followed the recent computer crime 
cases in the press knows that much of the 
computes crime law is still untested. Every 
day this becomes less true. Events are rapidly 
changing the interpretation of laws. Legisla- 
tion such as (he Digital Millennium Copy- 


right Act has shifted fair use away from the 
individuals our government is supposed to 
pro I ec t and has given (he power to large cor- 
porations. It w ill soon be illegal to even re- 
verse engineer a product you have bought* 
and paid for the right to use - whether for the 
i mended purpose or not. Events such as 
a. ak and peek" searches are becoming 
moil- commonplace when encryption is an 
issue. 

I here are. however* steps you can take to 
I >i « iiccl your privacy and make it more diffi- 
ult to have certain information and computer 
’ v h ni , seized as well as have the ability to 
reciwci your equipment after it has been 
seized \s I said before, I do not advocate or 


i i dii i uat l ci participate in crimes. It be- 
iiiiu's less likely that upon knowing the law r 
that y i ' 1 1 will be an u n knowing party to a 
, rime but nol impossible. For instance you 
owl l In implicated m a crime by the fact 
all sue dial you know how to use a computer 
and one of yom friends has committed a 
crime 1 ho situation i s not only likely* but 
I iu p pe n n re g u 3 a r I y . Cr in mud in vesti gators 
only need a suspicion that you may have in- 
formation pertaining to evidence in a crime 
to seize your computers - even if you did not 
commit a crime. There are laws that are sup- 
posed to protect against this, sure* but it is 
just a matter of semantics in the affidavit that 
the criminal investigator presents to a judge 
when requesting the search warrant, further- 


more in cases w here you 
relinquish control (say 
you drop off your 
computer at a repair 
shop) that an affi - 
davit and warrant 
are not even neces- 
sary to seize your 
equipment, 

The DOI com- 
puter search guidelines 
can be read at www.cy- 
heu rune gnv /search 
manuakhtm. 

So are we really that far 
aw'ay 




Page 6 


2600 Magazine 


from Orwell’s 1984? Docs Big Brother have 
uncontrolled power? No. While you may not 
be able to prevent the initial show of force - 
where law enforcement essential I y steals 
your equipment - there are many avenues to 
protect y o ursel f , W he 1 1 d oi ng v u I n era b i 1 i ( y 
research on a computer system it is common 
to investigate multiple avenues of attack. To 
enumerate as many as possible and explore 
each one in an intellectual manner before 
choosing the avenue of attack. This is a disci- 
pline gleaned from basic tactics of warfare, it 
is a tried and proved method of offensive at- 
tack and, to be cliche, it is also ja great de- 
fense. This is whai I will attempt to d# in this 
article. I do nol propose legal defenses* bur 
merely recognize local inns in the existing 
laws which may allow more room for a de- 
fense once you have retained a lawyer. 
Warrantless Searches 

Quoting Nancy Reagan, “Just say no!" *4 
(“No. officer, you may not search my vehi- 
cle"; “No* officer, you may not enter the 
premise without a search warrant*”) It should 
be noted here that refusal to search may be 
deemed as suspicious behavior and under ex- 
treme circumstances may be used against you 
in an affidavit. Keep your wits about you! 
Your interaction with the police. FBI. prose- 
cutors. etc. will be held against you or will be 
credited to you during any trials, motions, fil- 
ings, etc ( icner ally if they ask to search 
something they have a reason. Ask why they 
warn to search. If for example they w ant to 
search your vehicle for drugs* get it in writ- 
ing. While this may be something they do not 
want to do* insist. Make it the only condition 
that they may search Why? Because if they 
are looking for drugs as a guise for looking at 
your laptop, pager, cellphone* PDA, appoint- 
ment book. etc. they just plain don ’I have the 
right. You can’t store drugs on your hard 
disk’ Now he extremely careful at this point 
if they say they are searching for “evidence” 
of drugs they may be warranted to look 
through other devices. Make them change the 
wording (o “drugs or drug paraphernalia” in- 
stead of Vv i deuce" before you agree. Note 
that if i hey do find drugs, they have the right 
to sea rc 1 1 e v e ry t h i n g , i nc I ud i n g you r com - 
puter. etc. 

Others may consent to search on your be- 
half, That’s right, even il vou object, it may 
not matter. When you were a child you were 
probably taught that sharing was a good 
thing. This is true and not true at the same 
time. Later in this article I will explain when 
it is good, but in the case of warrantless 
searches it is not only dangerous, hut il is as 
good as totally relinquishing any control for a 
search to an officer The basic idea is your 


roommate can consent to a search of your 
apartment* It gets worse. Anyone you share 
your computer with can consent to its search. 
Your coworkers can consent to a search* a 
passenger in your vehicle can consent to a 
search. Essentially anything that is shared be- 
tween you and another person can be 
searched w ith the consent of the other person. 
It gets even worse! If for example you don’t 
share your computer with your roommate but 
they could access it, then they can authorize 
ils search too. The search must be limited to 
what they can access. What this means is that 
if you must share yoifr computer, do it in a 
manner that (hey do not have access to your 
files. Operating systems intended for a single 
user should not be considered an option in 
these cases. Use the multiple users feature of 
Mac OS L J. use a nix operating system writh 
different accounts* or use different profiles 
under Windows NT. Make sure (hat when 
you are done using your computer you log 
out. Of employ a screen saver w r ith a pass- 
word. If you give (hem your password, then 
they haw the right to give h w hoever is con- 
ducting the seal ch . Be aware also that operat- 
ing \Y stems like Windows NT and 2000 may 
have a common cache for things like your 
web browser, and since it is accessible by 
others who use the same computer* then it is 
fair game and admissible evidence. The best 
advice 1 can give is use encryption for every- 
thing all the rime. If you can get away with it* 
encrypt your applications, their temporary di- 
rec lories* configuration files* The same tech- 
niques (hat you use lor protecting yourself 
against break -ins suds as proper registry per- 
missions can help too. 

Another reason to employ encryption 
(and when I say encryption I mean strong en- 
cryption - always use strong ciphers, not 
RC2-40bit or DBS - but IDEA, 3DES* or 
Blowtish) is incidental disclosure. If you 
have a laptop and it gets ripped off on the 
bus, at the airport* on the subway, at school, 
or wherever you may be* and they catch the 
thief - they can search your laptop! They can- 
not ask for your encryption keys, but any- 
thing that the thief could have read (which is 
everything contained on the laptop), they 
have the right to read. Now recite this 
mantra: “Encryption protects me, I will use it 
everywhere." This type of disclosure opens 
up a lot of scary questions. Just remember 
that as long as there are people* there will be 
people who abuse their power. A criminal in- 
vestigator may use these circumstance to tar- 
get you* not that 1 know of any specific case 
where this has happened but it is still 
possible* 

Anyone who is involved in security work 


Spring 2001 


Page 7 


knows that passwords, encryption, and physi- 
cal locks can he overcome. But using these 
measures, even if you know they are not com- 
pletely effective are an absolute must. In the 
eyes of the law even the weakest encryption 
affords a level of legal protection regarding 
allowed access (look at the DMCA h II you 
took steps to disallow another person from 
accessing something, no matter how basic 
those steps are, that means that they did not 
have legitimate access to those items. II you 
store your computer in a closed cabinet w till 
a lock and did not give the key to youi on mi 
mate, they no longer have the right lo audio 
rize its access to anyone. Password |>u ue i 
everything, encrypt the most trivial item um 
physical locks and keys, store youi ini|Hutai 
removable media in an inexpensive hie .\U- 
These are all actions that deny act cs i 
protect your legal rights against wan am I l 
searches. If you are the only pci urn wlm has 
legitimate access to an item, then von m ilu 
only one who can release that hem loi ■ . yiu !i 
But wait! This doesn't apply at wort u\ul 
on! 

There is much debate about v \pcvLiiin<M 
of privacy at your wot kpl.ki But il -u ex 
pcctation you should have is - mu/utn* you 
do, say, or are oth nviui involved in at work 
is private. Don't use y ( mi e -mail at work for 
anything private Don’t even end ood t\V 
Mom a message saying hello (id .1 free e- 
mad account that uses SSI 01 other encryp- 
tion if you plan on accessing it from work. 
Better yet, don't even access your private e- 
mail at work, Your employer has the right to 
install cameras, listening devices* wiretaps, 
intercept and archive your e-mail, w^atch what 
web sites you visit, and even read youi 
thoughts if they have the technology. The 
bottom line is keep your private life private. 
Your employer can, at their discretion, dis- 
close this information to anyone they want. 
Additionally, they can claim anything you do 
while on the job as their intellectual property. 
Don't even risk it. Keep anything you don’t 
want them to Know away from their grasp. 
Expect fully that if you commit a crime that 
involves computers that your employer will 
be the first place investigators will search. 
This is because you essentially have no rights 
to privacy and very few businesses would re- 
sist the will of public authority and deny 
them a search. 

It you travel across borders, leave your 
laptop at home. Customs agents have the 
right to an unrestrained search of your be- 
longings, including your data. They can even 
demand encryption keys, and you have to 
give them up. Remember that transporting 
strong encryption outside of the US is con- 


sidered to be export of munitions, and a fed- 
eral offense. So even if your data is en- 
crypted, that fact alone could he reason 
enough to forcibly detain you and even arrest 
you. 

/ Kigent circumstances; this is when in- 
vestigators have reason to believe you might 
destroy evidence. Of all the laws on the 
Ik ml ,, this is one of the scariest. They don't 
1 I ,1 warrant - they don't even have to 
knok k on the door. They require only to have 
u ,1 unable cause. They don't need evidence 
o! a irai k record of you doing something like 
this in the past. They just need a reason to he- 
I ie\ c it 1 he intimidating part of this law is 

I hi 1 1 it 1 up to the investigator, not a judge or 
■ h 4 net attorney, just the investigator. So if 
the ofliccr has a hunch that you will try to de- 

ii" 1 id ct ice by deleting files, encrypting 
data 1 hs posing of encryption keys once 
sou .in- alerted to their presence, they have 
tin ru'ht In deem a search exigent. Fortu- 
rmti k In -I .a jsc the law is vague, it is seldom 

II .I hut it 1 riot unheard of. If you decide to 
pul inggi on v i 111 r systems that wall uu- 

ton -a all , delete evidence, don’t tell any- 
me about 11 nm - n youf-J 1 iends. Bragging 
is the most 1 1 vmi ,111 way people are deemed 
suspects 1 1 u 1 crime and the most likely cir- 
cumstance that 1 1 • vstigalO) -■ wail use to de- 
cide you are at risk ot destroying evidence. 
Warrants 

While the above warrantless searches arc 
the most likely that you will be presented 
with, there is al ways the chance that a search 
w arrant will be issued. While it can literally 
be a pain in the ass. it is better to be pre- 
sented with a warranted search than a war- 
rantless search. If you haven't committed a 
crime, then you s lion Id have reason to believe 
that the outcome will be in your favor. This is 
why a warranted search is better. The fact 
alone that a warrant has been issued means 
that a judge is involved and can he held ac- 
countable for wrongdoings in the legal 
process. But alas, if there are constraints in 
warrantless searches, there are even more in 
searches involving a warrant. 

First* the process of how a search warrant 
is constructed I here arc at minimum two 
dcu umenis ih.u must he presented to a judge 
before he w ill issue ,1 warrant. The first is an 
aftidav it llns is the sworn testimony of the 
invest iy ah ir { s 1 ( hat s h 1 > w proba h I e cause for a 
search. It will name what information leads 
to the conclusion that a search is required, 
where lliai information was obtained, and the 
cijLiJirisi.uhvs under which the investigator 
believes it relevant. The second is the actual 
warrant. U describes what Is to be searched, 
what methods will he used, w ho will be pre- 


Page X 


2600 Magazine 






sent, where the searched items will he stored, 
what time frame in which it will he executed, 
and the overall goal of what is being sought. 

S earc h w arra nts a re ret ju i red to be sped lie . 
Once again, searching for evidence of a con- 
traband item is different from searching for 
an actual contraband item. 

No matter what happens, cooperate with 
the search. Resisting will onls make your life 
difficult. If the wan , ml specifically states that 
equipment will be seized it will have ad- 
denda's stating e\ n ll\ what will he seized, a 
description of what 1 to be seized, and what 
methods will be u l to search. The investi- 
gators may opt to look through your com- 
puter on-site but this, is 1 uiher unlikely. If 
you have the ability, and (he warrant does not 
a u th ori zc t h . n uv ol \ 1 deo rec ord i n g 
equipment, i ivak out 1 lie camcorder and 
record what they do and say. This may be in- 
valuable c\ idem c 111 proving that an investi- 
gator ov erst i pp 1 the boundaries of a search 
warrant;, it wall also prove as a deterrent for 
them to ovcistcp the warrant at all. 

As a ci liver 1 you have certain unalienable 
rights. I kc these rights to your advantage. 
Freedom ol , ua . h, attorney -client privilege, 
pri vaev of tlu ele rg y , free d um o f l he pre s s , 
and, as a, pro', idcr of network services you 
have more 11 la than just a citizen by the na- 
ture of the rights ol those who you provide 
services to f elk examine how these issues 
provide oh 1 u h s to low enforcement offi- 
cials who w ish to obtain your shiny new 1 
computer. 

Freedom of Speech and Freedom of the 
Press: You have the right to speak your mind 
and publish those thoughts. These are inalien- 
able rights is a US citizen. Take advantage of 
these tights ( o incidentally, the Internet hap- 
pens so he (la most available and affordable 
method to publish your thoughts. Whether it 
be your business promotions, or social com- 
mentary -an, h ,is this article, use it! Update it 
on a regular basis and make sure il is always 
available I his is important because if it is 
never updated 01 only available when you are 
surfing the w oh, the court may dismiss what 
you have published as not actually being a 
publication because ol it being only occa- 
sionally available Replicate it and make sure 
that the machines arc available as a web 
server as often us possible use round-robin 
DNS to make sure truliie actually goes to all 
of the machines acting as a web server. Any 
machine that doesn't act as a server for the 
dissemination of the information should be 
used to create the information being dissemi- 
nated, Keep your web design software, image 
editing software, word processor, and proof 
that they have been used in the creation of 


your intellectual property that you publish Lo 
the Internet on the machines. Are you curious 
why this is mentioned in an article on search 
and seizure? Well, you now have the same 
statutory protections that a newspaper has in 
regards to search warrants. By seizing tools 
you use to publish your opinions, they violate 
many of your rights. Your First Amendment 
right mostly. These factors will quite possibly 
cause a search w r arrant to become more lim- 
ited in scope and add a likelihood of a time 
limit upon investigators when removing 
equipment from your premises. Of course, 
doing this does absolutely nothing for you if 
they find you have committed a crime! It will 
just make them angry, and most likely il w ill 
come up in court that you purposely tried to 
use constitutional privilege to prevent inves- 
tigators from performing their duties. 

Attorney-Client Privilege: Oh boy! This 
can make an investigator s life difficult. In- 
vestigators are required by law lo respect 
documents that contain private attorney- 
client privileged information. Essentially 
they can t confiscate them, read them, use 
them against you, or disclose them to anyone. 
In case they believe they may inadvertently 
g ai n ac cess to s uch i n form at i on . I hey will 
have to have special exceptions written into 
the warrant and will have to use an uninter- 
ested third party to assist in reviewing the in- 
formation. If the third party notes that it is 
privileged information, the investigators can- 
not use it. Now this brings up interesting con- 
sequences. What if the information being 
sought in the warrant they are executing is 
actually contained within these documents'? I 
don't know what the outcome would be. I 
make no claim as to w hat the result of a legal 
battle involving steganography hidden infor- 
mation in scanned images of privileged infor- 
mation would be. but I assure you it will be 
something played out in the courts in the fu- 
ture. In fact, I expect to see it played out in 
the media too! 

Privacy of Clergy and Attorneys: There 
are special laws involved w r hen law enforce- 
ment may search computers or records be- 
longing to lawyers and clergy, 11 you share 
your computer systems with people in either 
of these occupations, investigators will have 
to get special approval in a search. 

Sen ice Providers (at: when sharing your 
computer is a good thing!): ISPs, phone com- 
panies, or anyone providing wire communi- 
cations to anyone else immediately becomes 
regulated by the EC PA (Electronic Commu- 
nications Privacy Act) and the procedures 
that investigators must use are different. 
While the folks you provide service to are af- 
forded less privacy by this act f because 


Spring 200 1 


searches of a third party system do not re- 
quire a warrant, only a subpoena), you are af- 
forded more protections and even civil relief 
in the ease of wrongdoing on the part of an 
investigator. 

In short, by executing your rights and pro- 
viding services to others which allow them to 
execute their rights you make the likelihood 
of losing your computers and equipment less 
likely (assuming that those you provide ser- 
vice for are law abiding as well ). Mere's a 
formula for making the seizure of your com- 
puter systems less likely. Make a deal w ith a 
small local law firm that you will provide 
them with free web hosting and e-mail ser- 
vices in exchange for consultation of how in 
gain nonprofit status for your 
weekly /month I y/whate ver Internet-based 
news publication (e-zine). Scan the docu- 
ments that you used w r hite conversing w it h 
your attorney and use steganography in hkl< 
ihe private keys you use for encryption 
w i th i n those pri v i 1 eged docu me n i \ Give 
away as many free e-mail accounts m vnur 
friends and family as possible and cm umugi 
them to actively use the accounts Host ,i b 
site and e-mail for a church. Make sure you 
take the time to show one of the clergy how 
to use e-mail. Okay, maybe the Iasi sugges 
Lion sounds kinda Brady Bunchish but il may 
be ifie motivation for a judge to deny a search 
warrant. 

ni go ahead and say it again despite rec- 
ognizing that I sound like a broken record: 
None of this will help you if you have actu- 
ally committed a crime. Don't use these 
methods to make investigators' lives more 
difficult when you are coves mg up a crime. It 
will reflect poorly on you when you receive 
sentencing. Besides, if you commit crimes 
you will most likely end up getting caught re- 
gardless of what you use your computers to 
accomplish. 

Methods Available to Investigators 

If you arc being investigated For a crime, 
there is not a w hole lot you can da until you 
get into a court of 1 aw. According to the law, 
investigators have a wide variety of Ledi-^fc 
niques and are allowed to do quite a bit more 
than you may expect. Let’s look at 
some of what they can do. 

Instrumentality of Crime. If some- 
thing is used during the committing of 
a crime, it is an instrument of crime. If 
you use a computer to break into an- 
other computer then the computer you 
used is an instrument of the crime. Bul 
wail - il doesn’t stop there. The net- 
work you used, the router, the modem, 
anything that is connected or assists in 
the function of the system that is the 


instrument of the crime is considered an in- 
strumentality as well. This can result in blan- 
ket seizures of equipment. Generally when 
searches are conducted against a business, in- 
vestigators will not seize everything that 
could be considered an instrumentality. But 
expect everything computer- related in a 
search of a private residence to walk out the 
ilt tor. Thai's just the way it is and the courts 
support this practice. Once again, our federal 
gov or i uncut demonstrates that the rights of 
business are more important than th ose of in- 
div iihials, GO figure. 

No knock Warrants. Not Song ago a man 
v ,i . killed near where I live when the police 
cxecuU <1 a no- knock warrant at the wrong 
oiiilrrw The man thought his home was be- 
ing bioken into and armed himself for de- 
I i : i he police tilled him with bullets. 

. kIl I i in die fact i hat I believe this to be a 
blatant in ini ion of the Fourth Amendment, it 
i Tin; n»us It puts the lives of law enforce- 
ment in dan -n md it especially puts the lives 
ol i mini ui i it Dens at risk. These techniques 
■ ilt., i judges si ill approve them. But 
i in vi s. m the case that the investi- 
■,iiii . In Ir ve lh.it \mi may destroy evidence 
they den i ivquiic i no knock warrant. They 
can make the determination and just bust the 
door in without announcing who they are. 

The land of the free indeed! 

Sneak and Perk. Welcome to the spy age. 
The government can t spy on the Soviet com- 
munist regime anymore, so it has taken to 
practicing on their ow n citizens. Bugs, wire- 
taps, keystroke recorders, cameras, and other 
covert surveillance techniques previously re- 
served for naiiona! security are now legal and 
lair game in federal cases. Recently the FBI 
has used these techniques for capturing key- 
strokes lor getting PGP keys. One such de- 
vice < pictured. > connects to the PS/2 port of a 
computer and looks fairly innoeuous/1 his 
model is supposed to represent n ferrite coil 
which disperses electromagnetic fields. This 
“hug" only stores about 1 20*0(10 keystrokes 
but there arc smaller devices Iliac can store 
megabytes worth ol keystrokes. My sugges- 
tion - if you find one of these on your system, 
rake it apart and ensure it really is a ferrite 
coil. If it has anything resembling an inte- 
grated circuit inside, put it in the microwave 
for a few seconds and then throw il away, 
Ann yourself with knowledge. Knowing 
the law helps us all from becoming victims 
of both crime and the illegitimate practice of 
law. Defend yourself. Most of all, if you de- 
cide to break the law, be prepared for the 
consequences. Our government no longer is 
willing to hand out little slaps on the wrist 
and you can expect to see more extreme 
measures involved in computer crime. 



Page 10 


2600 Magazine 


l he t* utuTe of PKI 


by Elite 158 

Public Key Infrastructure, or PKI t is a new 
system (well, new f to the public) created by the 
government to ekclrotiicalh idemily yourself. 
Here I will explain the bask structure of PKL 

The government uses what’s called High 
Assurance Smart Cards, a 
system known as Fortez/a 
These smart cards arc cki 
ironic cards made especially 
for the government fhc cards 
workers hold con tan th m 
personal information. Ii has, 
of course, yom name, your 
address, credit * aid info. 

SSN. and the whole works. I he government 
uses (his system in have authorized workers 
identify theniscK ■ ■ to m cess classified mater- 
ial. Basically, clcv ironically identifying yourself 
is an easy and last way In prove you arc who 
you say you are 

Now Forte/ /.i i coming out to the public, 
but will be known a PKI or Smart Cards. Even 
though they're nil i ailed Smart Cards, the in- 
formation will be kept on a more abundant me- 
dia: the floppy 1 1 I \long with the floppy disk 
is the laptop fit Mt l A card, and possibly even 
miniCD These l unis, however, aren’t High As- 
surance, Instead it s a Medium/Low Assurance, 
meaning that the most abundant information is 
used, in sic ul ol pulling in every meticulous de- 
tail. 

PKI will be used mostly in banks and on- 
line. In fuel, there is a very high chance that by 
the next eld turn in 2004, people will be able to 
vote through government servers online, using 
their Smart l ards. It should work just by stick- 
ing in the disk while on their site. The server 
will gather the niton nation needed, it will do 
the hand shake il approved, and your vote will 
be counted 

S hese cards frt member that these cards are 
either the (loppy disks or laptop cards) are given 
to you by She government. Now I'm not sure 
what kind of tiles the information is stored on, 
but it has to be some sort of executable pro- 
gram. When you open is up. it’ll prompt you for 
a password. Once typed in and authorized, you 
have assured yourself that you own that card, 
You can now use it freely throughout (he Inter- 
net or wherever the card is applicable. The ap- 
plication will most likely be run in the 


background. There is, according to the govern- 
ment, no way of tampering w ith or editing the 
information on the Small Card. In fact, to up- 
date the information (say you moved or 
changed your phone number), you would have 
to take it to a facility like a bank. You would 

give them what you want to up- 
date and they would change it. 

These cards are already start- 
ing to appear. Visa has got a 
Smart Credit Card out now. It’s a 
credit card with a microchip on it 
that contains your personal infor- 
mation, just as I explained. It 
comes with its own external port 
that's plugged into your computer. You just 
slick it in and it acquires the data. This sort of 
stuff will be seen more often as time passes by. 

For right now and not many years ahead, 

PKI will be voluntary for people to use. Bui it's 
likely that in the far future, PKI will become 
mandatory to every one 18 and older. IT 3 1 basi- 
cally be a new form of ID. the electronic ID. 

This whole system may sound unreal be- 
cause, just how hard does the government think 
it would take for a hacker to break the system? 
There are possibilities now that could make any 
hacker become well know n. The potential of 
people password cracking their own cards and 
running around claiming to be someone they're 
not. or hacking the online voting serv ers and 
getting Nader elected, or even making copies 
w ith different identities and going wherever 
they want as whoever they want to be online is 
remarkahle. 

In my opinion, this new decade is going to 
be known as the techno-happy years, where our 
everyday lives will involve personal usage of 
technology. Hell, if you think about it, we can 
already buy our groceries without getting off 
our asses except n> go to the door and pick up 
the food. 

But besides that, PKI is still forming and is 
still changing. This article was written to give 
you an idea of what w r e’re in for. Hopefully this 
new system won't be stupid, hut I have high 
doubts about that. I hope it leaves opportunities 
for hackers to learn the structure of it, and even 
manipulation on it. All in all, 1 hope more peo- 
ple learn about PKI, I will be trying to get more 
information on it as it progresses. 



imdrt 




. , feE 
fc i 



VISA 


Mr 


First t 


411 123*1 fatjHB 



mr «* crt/oo v — — - 
n lAilfTT Km 


Spring 2001 


Page 11 


p -ns p fl/y Co® i 

Vulnerabilities 

AND ABUSES 


by L14 

PHP is a scripted language pri- 
marily used with hup servers to cre- 
ate web sites with dynamic, or 
changing, content. PHP has many 
similarities to C and Perl, although it 
is simplified a bit. This makes PHP a 
nice language with which to work, 
since many of the complexities that 
do not concern web site development 
are removed. 

This article will focus on some ol 
the security issues that I encountered 
while writing a PHP mailing list and 
helping people on IRC', Most people 
I talked to did not even realize that 
security was an issue, and that how 
their scripts were eon si rue ted could 
change how seen re/lam perprool 
their sites were. 

The major problem is how vari- 
ables are passed to PHP from the 
web browser. Variables and their val- 
ues are appended to the URL, result- 
ing in something that looks like this; 

http: //host/di r/scriptphp ? vari- 
ed? !e f-s am e va I u e 

Because the variable names and 
their values are passed in plain text 
from the location bar of the browser, 
the values can easily be changed by 
the end user to perform different 
tasks than what the developer origi- 
nally intended. Some of the possible 
abuses of this are described below. 

Since many sites are quite com- 
plex, and contain scripts that reuse 
functions, those functions are often 


put into it standard include file. This 
means that only one file need be 
changed to update the entire site. 
User authentication functions can 
(and often do) fall into this category. 
The user is verified once, and there- 
after a value is passed to tell further 
scripts that secure content can be ac- 
cessed, However in sites with both 
secure and insecure areas, there 
needs to be a way of deciding whom 
to authorize. An easy solution is to 
just pass a variable that specifies ei- 
i her a secure or insecure mode, de- 
pending on what is being linked to. 
The same things may get executed in 
both modes but that probably doesn't 
matter. If the mode is secure and the 
login fails, the script just hails. If the 
mode is insecure (or the login is 
valid), the same core features gel ex- 
ecuted. The problem of course is that 
after looking through the site for a 
few minutes, a user may realize that 
they could avoid having to login by 
just changing the value of the mode 
variable. They can find out what it 
should be by simply checking a sec- 
tion that does not require authoriza- 
tion, and find out what the mode 
value is. Then all they have to do is 
change it in the location bar of the 
previous page and reload. For a com- 
pany that has a large audience for its 
web site or mailing list, this can pose 
a severe problem: Anyone could 
change their site with no tools and 
very little knowledge. 


Page 12 


2600 Magazine 


h t tp :// f i os i/d i r/pa ge.p hp ?varf - va 
l! & va r2 - va 12 & mod e — see (user has 
to login) 

h tip ://h os i/di r/page. p / ip ? va r 1 = va 
1 1 <£ v a r2 - va 12 & mode -ins (use r 

doesn't have to login, it's magic!) 

This can be solved by moving 
code related to authentication to a 
separate file. This file is included in- 
stead of the standard include file in 
documents considered secure, and if 
the login is valid, the standard file is 
included as well. This removes the 
need for a mode variable; removing 
control is removed from the end- 
user. 

Another problem, identical in its 
root, is that users can change the val- 
ues being submitted to make the 
page work differently. Consider a 
mailing list; A user visits the page, 
fills in a form, clicks submit, imme- 
diately receives an e-mail with a link 
in it, dicks the link, and is added to 
the list. If that user is malicious, they 
may realize that they can fool with 
the system by changing the URL in 
the link, perhaps adding someone 
else to the list. While this is not 
much of a problem if they do it once, 
if they write a simple JavaScript and 
the mailing list only checks to see if 
users exist before sending the confir- 
mation e-mail, they can potentially 
add someone hundreds or thousands 
of times. If the mailing list only 
checks to see if users exists before 
adding them, then the confirmation 
portion can be abused. The confir- 
mation section, since it sends e- 
mails immediately, also lias more 
potential as a mail bombing utility. 
While trying to abuse my own mail- 
ing list software, l managed to send 
500 e-mails per minute to my ac- 
count at university, from a remote 
computer, using an html/JavaScript 


file that l wrote at that remote com- 
puter and opened in IE. If several 
sites that were vulnerable in this way 
were found, quite an effective attack 
could be launched against major 
servers, with almost no chance of be- 
ing caught. 

This is also easily fixed. It should 
be checked both before confirmation 
and before adding the user whether a 
given user already exists. There 
should also be a database of tempo- 
rary users, which the user subscrib- 
ing gets added to until they 
subscribe. This list can be erased pe- 
riodically, as people may opt to sign 
up later, but that time should be at 
least a week. Alternatively, indexes 
generated from the e-mail addresses 
themselves could be included in the 
URL of the confirmation link, so that 
the address variable and the index 
variable must match before the user 
gets added, or a confirmation mes- 
sage sent. This removes the need for 
a temporary database but can still be 
tampered with, so in my software I 
just added the extra database. 

I have found this problem in 
every PHP based mailing list I have 
looked at, phis several ASP and Perl 
ones as well. To find vulnerable lists 
I simply searched for “mail lists" on 
Yahoo, and if I could manipulate the 
URL and send my test e-mail ac- 
count more than one e-mail, I con- 
sidered it to be vulnerable to attack. 
To find and test approximately ten, 
all on reasonably fast servers, took 
less than 15 minutes, which I feel 
makes this a legitimate oversight of 
PUP developers in particular (and 
CGI developers in general) to look at 
how program structure can be 
exploited. 


Spring 2001 


Page 13 


I 


^ *1 

Breaking the Windows 

Script Encoder 


by Mr. Brownstone 

'flic Windows Script Encoder ( scrcnc.exe i is ;t Micrnsoti tool that can be used to encode your scripts (i,e,* 
J Seri pt H ASP pages. VBScript), Yes: encode, noi entry pi i in use of this tool is to prevent people from looting at or 
modifying your scripts. Microsoft recommends using the Scrip! Encoder Its obfuscate your ASP pages, so in case 
your server is compromised the hacker would Ik- unable to find out how your ASP applications work. 

You can download the Windows Script i ncoder at hup // m sdn mien iso ft . com/sc ripling/de fault.htm 7/script - 
i ng/ v bscri pt/dow nload/ v bsdo w n.hi m 

The documentation already sav^ the following 

"Note shut this encoding onl\ prevents < a -.in d rim it tg of \<t Ur t ode: it will not prevent the determined hacker 
from seeing what you 've don? < uni /imi 

Also, an encoded scrip! is protected against L.mpvmu' iinl modifications: 

"After encoding, if you change < 1 1 it +■■■'. ■ harm it i in tin cm -tided text, the integrity of the entire script A lost 
and it can no longer he used. " 

So we can make the following observations; 

* We are a “determined hacker " '‘grin* 

* If it's about ‘"preventing casual viewing wli a wumy with encoding mechanisms like a simple XOR or 
even uuencode. base64, and URL. encoding? 

* Anyone using this loo I will be cons meed Ihai it's safe m hmd code all usernames, passwords* and "secret" al- 
gorithms into their ASP pages And any "determined hacker" will he able to get to them anyway. 

Okay. So even Microsoft says this can he broken. Can'i be difhcuU then. It wasn't. Writing this article look me 
at least twice ilic time 1 needed lor breaking it. Bui I think ibis can be a very nice exercise for anyone who wants to 
leant more about analyzing code like this. wj!h know n plaintext, know n ey pcrtexl, and unknown key and algorithm. 
(Actually, a COM object that can do ihc encoding is shipped with II 5,0. so reverse engineering Ibis will reveal the 
algorithm* but that's no fun, is it?) 

So, llow Docs This Work? 

The Scrip! Encoder works in a very simple way. Il lakes two parameter',: the filename of the file containing the 
script, and the name of the output file* containing the encoded script. 

What part of the file will be encoded depends on the filename extension* as well as on die presence of a so- 
called “encoding marker." This encoding marker allows you to exclude part of your script from being encoded. This 
can be very handy for JavaScript*, because the encoded scripts will only work on MS IE 5.0 or higher... (of course 
this is not an issue for ASP and VB scripts [hat run on a web server!}, 

Say you've got this HTML page with a script you want to hide from prying eyes: 

<HTML> 

<HEAD^ 

<TITLE>Page with secret inf or mat ion</ TITLE > 

< SCR I PT LANGUAGE = * JS C*ipt * > 

<w/ 

//♦♦Start Encode** 

alert ("this code should be kept secret ! I l l ") ; 

//“> 

</SCKIPT> 

</HEAD> 

<BODY> 

This page contains secret information,. 

< /body > 

</HTML> 

— 

This is what u looks like after run mug Windows Script Encoder 

Thtml > 

<HEAD> 

< TITLE >Pagie with secret inf oi mat Inti- H fl,K 
< SCRIPT LANGUAGE = ' r JScript , Bnct x I > * 

< 3 -// 

, / /** Start Encode * ♦#(£•-* QwAAAA= ■ Ft u , l M OlJfvFY-J kdO 1 W (n , /t.K; V9P4 
-V+aY , / nm . nD 1 v 2 1 " e E ft JOG ■ ‘ « • s q I i A A a A ‘ Pt 

It; /SCRIPT > 

</HEAD> 

■c BODY? 

This page contains secret information. 

</BQDY> 

</HTML> 


As you can see. the <script tanguFige="..,”> has been changed into “JSori pt. Encode '. The Script Encoder uses 
the Scripting. Encoder COM-object to do the actual encoding. The decoding will be done by ihc script interpreter it- 
self (so we cannot simply call a Scripting. Decoder, because fha! doesn’t exist). 










Page 14 


2600 Magazine 


Okay, Let's Play! 


Plaintext 

Encoded 


Hoi 

ft ® ~ A FQAAAA = =: ® (f @&OGbai#@ &Z Z 

OS* mm &Ww I AAA = = * ft 

Hai 

“ A FQ AAAA= = @ # ©tCCb® # O&z Z 

O® * &TQ I AAA= = A # - @ 

HaiHai 



HaiHai 

# © - * I g AAAA= = ® # & UDbCmk# # Cmr Cm k® # ® fc J z RRsa * ® # ®4mgUAAA = = " # - © 


Cute. As you can see, A appears to be a new*- line (@# = CR, @& = LF)* and the position of a character 
does (sometimes..,) matter (Ihe firs! time HaiHai becomes CCbCmk and the second lime it’s CmrCmk), Let's just 
encode a line with el lot of .As: 


//•♦Start 

Encoda**#ef**agAAAA=-«#'Stb) zbzbbzbz i bab ! bzb ) )zbbz}bzbbz] JbzbzbJb) ) zb)b2)bzfcd ) zbb) ) zbjbz 
) zb : zbzbbzbz} bzb ) bzb) ) zbbz : bzbhz ) I bzbzb ) b) ) zbj bz ) bzb) ) :ibb) } zb > bz ) zb ) zb®#s&z jq ^(ScijiiiiikvyT 
AAA== '■#-[# 

The Algorithm 

After staring at this for some time, I discovered that the bold part was repeating (actually, the entire string is re- 
pealing itself after 64 characters* Also, it seems to be that die character “A” has three different representations; b. z, 
and ). It you encode a siring of R's you'll see [he ssime pattern, but with different characters, 

'Phis means the encoding will look something like this; 


int pi ck_en coding [64 J 

— r 

r + * * i i 

int lookuptable [ 56] [3] = 

( } - 

char encode char (char c , 
{ 

if £ 1 special char (c)) 

int pos) 

return lookuptable 

[e-321 (pick encoding [pos% 64 J ] ; 

else 


return escapedthar 

} 

( c) ; 


J assumed lhai only ihe ASCII codes .12 to 126 inclusive, and 9 (TAB l are encoded. The rest are being escaped 
m a similar fashion as CR and LF, 

Whaf’s left is the stuff before and after the encoded string. 1 did not look into ihis (yet). It will probably contain 
a checksum and some information about the length of the encoded script. 

The Encoding fables 

So now we’ll have to lind out those tables for the encoding The pick_encoding tabic is very simple to discover 
by j use looking ai the pattern ihut was Ihe result of encoding ah those AV 

in t pi ckeneod i ng [64] = ~ 


1, 

2, 

0, 

lx 

2 x 

Ox 

2, 

Ox 

Ox 

2 x 

Ox 

2 X 

lx 

Ox 

2 t 

0 r 

lx 

Ox 

2, 

Ox 

lx 

ix 

2 x 

Ox 

Ox 

2 x 

lx 

Ox 

2 , 

Ox 

Ox 

2 , 

lx 

lx 

0, 

2x 

0, 

2 x 

Ox 

lx 

Ox 

lx 

lx 

2 , 

Ox 

lx 

Or 

2, 

lx 

Ox 

2, 

Or 

lx 

lx 

2, 

Ox 

Ox 

lx 

lx 

2 r 

Ox 

l f 

Ox 

2 


I he string of A’s had a t.’R and LF in front of them, so after skipping ihe tirsl two digits, you’ll see lhai 0* 1 . 2, 
0. 2, 0, 0, 2 perfectly matches b, ), z, b, z s b. h, /. . having b=(), )=1 and z=2. 

The other ttible is a matrix (ha! holds three different representations for each character Which one will be used 
depends un the pick ..encoding table. To find out ihis matrix, just make a file that w ill cause every character to be en- 
coded three times. Make sure the algorithm is “reset." by padding ihe lines so each group will start on a 64-byte 
boundary, 

•r 

aa3aaaadaaaaaaaaad=iaaaaa^i.aaaaddaaaaaaaaaaaaaaaaa4.d,dadaaa:aaaa 
! i I a a aaaaa a j fi . j a ri^i aa aaaa a aa aa aaaaa aaaas a a aaa aaaaaaaaaaa a 

" aaaasiaasaH .iaaaflfiaa.aaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaa 
K# # aa aaa aa a a a a a aa iia a j d a a a saa aa a a a a a aa aa aaa aaa aaaaaaaaaa aaa aaa a 
$$$aaaaaaaa aa laaaa naaa ^aaaaaaaaaaaaajiiaaaaaaaaaaaaaaaaaaaaaaaaa 

Etcetera, Note th.it there arc only 59 bytes of padding is because the CR and LF *u the end of ihe line are couni- 
mg too! (59 + 2 + 5-64). 

After encoding this you can remove the encoded a s again, as well ;is the for ihe t’R and LF. This is 

what remains: 


d7i P- , 11 Ze 

*Yl 

JEr 

a: 

( "yf 1 YU E 'L RvE 

cv Mb* isMC 03 


B 

OF 

R q 

Z&J t TZ 

FqB 

+Y 

&f2 c*W 

v+ G 

F 1 OR 

x ID 

)1= 

lip J 1 X | (4*® 

*■! * g g «$*$»$ 

b> 

7. 

AS 

- Z/; 

f9D 23 A 



Cu q { t 

9 Ex 

Fn 

SJd H\t lHg rfe} nKh p)5 

I]" ?T 









U KP 

31' * 


q 

<] po 5e I } t \ $ , | - w ‘ 

TDY 7 ? 1 { m ( - 

1# 

icin 

49 ( tt J 

M N(9 +n 

om 

□LT 

C4 4 krb 

LIN 2 VO Vs 

: hs 

XU 

WGK w2i ; 5$ D 









*M /dk YOD 

E; t 

\-7 

hA£ Sax xzH y w . 

‘P lik- AN} 

Lt- ? 









Spring 2001 


Page 15 




So what is this? It’s the encoded representation o| (he ASCII characters 9. and 32 through 126. Every character 
has got three different representations, so this sums up to .^(J 27-12 + 1 ) = characters. 

You’ll sec that the c , >, and @ characters arc escaped too. resulting in the following (ablet 


Esc 

Org 

0# 

\r 


\n 


c 

«* 

> 


9 


I've removed the. <£> !, <P I + and t« S Hum (he cm mini lest too and replaced them with question marks, so die 
table will stay nice. This is what you get as a lies dump 


unsi gned char encod i ng [ 2 0 0 ] 
0x64, Ox 37,0x6 9 , i ) x 5 t ) 
0x61 , 0x3 A, Ox 5B . 0x51 
0x42 , 0x76 , 0x4 5, 

0x5 F,, 0x51 , 0x3 J + 0x7 E 
0x7A, 0x26 , 0x4 A , 0x21 
0x26 , 0x66 ,0x^2, 0X63 
0x47,0x76,0x46, 0x26 

0x69 , 0x49 , 0x70 , 0x3P 
0x6 7 t 0x5 F, 0x6 1 , Ox 3 F 
0x5 A , 0x2 F, 0x36 f 0x66 
0x4D, 0x21, 0x56 P 0x43 
0x7C , 0x46 , 0x6 E , 0x53 
0x72,0x36,0x70, 0x6 E 

0x3 F , 0x6 A , 0x55 , 0x4B 
0x7 F , 0x09 , 0x71 , 0x2 8 

0x24,0x20,0x50, 0x2 D 
0x7B, 0x6D, 0x7C r 0x3D 
0x6D, 0x5E, 0x31 , 0x4E 
0x6 F , 0x4 C, 0x54 , 0x74 

0x33 , 0x56 , 0x3 0 , 0x56 
0x57,0x47,0x46, 0x77 

0x2 F , 0x64 , 0x6 E , 0x59 

0x68,0x41,0x53, 0x36 
0x09,0x60,0x50, 0x75 

} 


{ 

0x7E , 
0x79, 
0X63 , 
0x63, 
0x54 , 
Qx2A, 
0x30, 
0x3 F , 
0x3 F , 
0x39, 
0x75, 
0x4A, 
0x4 B , 
0x50, 
0x70, 
0x77, 
0x7C , 
0x5B , 
0x3 4 , 
0x73 , 
0x32, 
0x4 F, 
0x61 , 
Qx6B , 


0x2C, 
0x66 , 
0x76, 
0x4 2, 
0x5A, 
0X57, 
0x52, 
Qx3F, 
0X3F, 
0X4 7, 
0x5F , 
0x64 , 
0x68 , 
0x3A„ 
0x6 F, 
0x27, 
0x2 3 , 
0x39, 
0x3 4 , 
0x5E, 
0x61, 
0x4 4 r 
0x58 , 
0x2D, 


) x. :■! 2 ., 0x5 A, 0x65 , 
0x5D , 0x59 , 0x75 , 
0x23 , 0x62 , 0x2 A, 
0X4 F, 0x52 , 0x20, 
0x4 6 , 0x71 , 0x3 8 , 
0x2 A , 0x58 , 0x6C , 
0 X :■! C , 0x31 , 0x4 F ,. 
0x27 , 0x78 , 0x7B , 
0x62 , 0x29 , 0x7 A, 
0x32 , 0x33, 0X41 , 
0x71 , 0x28 , 0x26 , 
0x48, 0x5C, 0x74 , 
0x70 , 0x7 D, 0x35 , 
0x6 A, 0x69 , 0x60 , 
0x35,0x65, 0x49, 
0x54 , 0X44 , 0x59 , 
0x6C, 0x43, 0x6D, 
0x2B , 0x6E, 0x7F, 
0x6B , 0x72 . 0X62 , 
0x3A, 0x68 , 0x73, 
0x3B, 0x35, 0x24 , 
0x45 , 0x3 B, 0x21 , 
0x58 , 0x7A, 0x48 , 
0x30, Qx4E, 0x29 , 


0x4A, 0x45, 0x72 , 
0x5B, 0x27 , 0x4 C , 
0x6 5 , 0x4 D , 0x4 3 , 
0x52, 0x20, 0x63 , 
0x20 , Qx2B , 0x79 , 
0x76 , 0x7F, Qx2E , 
0x29 , OxSC, 0x3D , 
0X.3F, OxlF , 0x3F , 
0x41, 0x24 , 0x7E, 
0x73, 0x6F, 0x77, 
0x39 , 0x42 , 0x78 , 
0x31, 0x48, 0x67, 
0x49, OxSD, 0x22 , 
0x2E, 0x23 , 0x6 A, 
Qx7D, 0x74 , 0x5C, 
0x37, 0x3 F, 0x25, 
0x34, 0x38, 0x28, 
0x30 , 0x57 , 0x36 , 
0x4 C , 0x25 , 0X4 E, 
0x78 , 0x55 , 0x09 , 
0x44 , Gx2E, 0x4D, 
0x5 C, 0x2 D, 0x37 , 
0x79, 0x22, 0x2E , 
0x55 , 0x3 D, 0x3 F 


So, encoding character c at position i goes as follows: 

■' look up which representation to use (the first, second or third): pick_erteodmg[i mod 64] 

* liruj the representations in the huge (able: encoding! c * 3] 

* encoded character = encoding [c*3 + pick encoding f i%64] ] ; 

Because the (able starts at 9 and (hen goes to 32, you’ll have to do some corrections. But well get to that later, 
as we are not really interested in encoding after all. We want to be able to do some decoding! 

The Decoding Tables 

The pick, encoding lahle will stay the same This is because each character (exec pi for the escaped ones, of 
course) will he in the same place its the original ‘I hen, we could just look up the. encoded character in the table. For 
instance, an M A‘ in encoded test (hex (Ml), occurs on these places in (he “encoding” table: 

* row 9, group 4, representation I - "F* 

* row 10, group 3, rcpre*enluiu>n 3 - "T 

* row 23, group I . representation 2 = 

So an “A" in the encoded (ext is an I I, oi \ . deiHNiding un its position Where there is a 0 in (lie pick encoding 
table, it's an F, for I it’s an I, ami lor l it’s a \ 

You don't want to go looking ihtough the cm udmg table each time trying to find those numbers By transform- 
ing the encoding (able into unmht'i uhli \mi . an just v> |u purilmn 0x4 J iVni.illy, 0x4 1 3 1 to correct it skipping 

everything below space except for I AM) and pn 1 Hie u>ma i n pn seulttlitm. 


unsigned char transformed] t] si,']; 


Yoid maketrans (void) 
int i , j t 


for (i«3l; i< = 126 ; x + +) 
for ( j =0 ; jc3; j + + ) 

t rans f onned [j ] [encoding [( i- 31) *3 ■+ j]] 


= ( i==31 ) ? 9 


i; 


With this matrix, it’s very simple to look up the original character by simply looking it up in our table. Assume 
i is the position of the character and c is the character again. Then: 


Page 16 


2600 Magazine 




decoded = transformed [piok_enccding [ifc€4] ] fc] ; 


The Friending of the Length -Held 

So what s leU is (o lind out how many characters there are to decode. If we just keep decoding stuff, we will de> 
code pan or the HTML that** behind the encoded script. This can be avoided by stopping when a “<” is encountered 
i“<" will never appear in an encoded stream), bui even in (he case where we are looking at a ' pure” script filed* as 
or *.vbs), there is some checksum stuff behind the actual dala. which we should noi decode. 

, 1 created a number of fifes of different si/e. By giving them a 1 ,js extension the entire fife is encoded without the 
Script Encoder looking for a Man marker. The resul ts arc below (only the first 12 bytes are displayed). 

Length First 12 bytes ASCII 


1 

23 

40 

7E 

5E 

41 

51 

41 

41-41 

41 

3D 

3D 

#@"EQAAAA== 

2 

23 

40 

7E 

5E 

41 

67 

41 

41-41 

41 

3D 

3D 

tt@"EgAAAA== 

3 

23 

40 

7E 

5E 

41 

77 

41 

41-41 

41 

3D 

3D 

#@ a EwAAAA=^ 

4 

23 

40 

7E 

5E 

42 

41 

41 

41-41 

41 

3D 

3D 

FAAAAA= = 

5 

23 

40 

7E 

5E 

42 

51 

41 

41-41 

41 

3D 

3D 

#@ a FQAAAA^= 

6 

23 

40 

7E 

BE 

42 

67 

41 

41-41 

41 

3D 

3D 

#®*FgAAAA== 

7 

23 

40 

7E 

BE 

42 

77 

41 

41-41 

41 

3D 

3D 

FwAAAA== 

8 

23 

40 

7E 

BE 

43 

41 

41 

41 “41 

41 

3D 

3D 

#@*GAAAAA== 

9 

23 

40 

7E 

BE 

43 

51 

41 

41-41 

41 

3D 

3D 

#@*GQAAAA== 

32 

23 

40 

7E 

BE 

49 

41 

41 

41-41 

41 

3D 

3D 

#@ a IAAAAA== 

48 

23 

40 

7E 

5E 

4D 

41 

41 

41-41 

41 

3D 

3D 

#@ a MAAAAA== 

80 

23 

40 

7E 

BE 

55 

41 

41 

41-41 

41 

3D 

3D 

#@^uaaaaa== 

96 

23 

40 

7E 

BE 

59 

41 

41 

41-41 

41 

3D 

3D 

#@ a YAAAAA== 

103 

23 

40 

7E 

BE 

5A 

77 

41 

41-41 

41 

3D 

3D 

#@ a ZwAAAA== 

104 

23 

40 

7E 

5E 

61 

41 

41 

41-41 

41 

3D 

3D 

#@ x aAAAAA- = 

111 

23 

40 

7E 

BE 

62 

77 

41 

41-41 

41 

3D 

3D 

#@"bwAAAA=^ 

116 

23 

4 0 

7E 

5E 

64 

41 

41 

41-41 

41 

3D 

3D 

#@ * dAAAAA^ = 

166 

23 

40 

7E 

BE 

70 

67 

41 

41-41 

41 

3D 

3D 

#@*pgAAAA== 

216 

23 

40 

7E 

BE 

32 

41 

41 

41-41 

41 

3D 

3D 

#@ a 2AAAAA== 

265 

23 

40 

7E 

BE 

43 

51 

45 

41-41 

41 

3D 

3D 

#@ a CQEAAA== 

451 

23 

40 

7E 

BE 

77 

77 

45 

41-41 

41 

3D 

3D 

#© a wwEAAA== 


1 he length seems to be encoded in the 5th to 10th byte, and 4 1 appears to be representing zero. The first byte of 
(he length seems to be increasing w-iih one when the length increases wiih four. Also the second byte alternates be- 
tween 41, 51, 67, and 77, 

If you look at length 166. ibis value is 0x70, where it should be 0x41 + (166/4 ) = t)x6a. So something goes 
wrong, and it cap be narrowed down to length 1 04, where it suddenly jumps from Ox 5a to 0x61, This puzzled me for 
a long lime, until I realized that Ox 5 a - Z and 0x61 = a .And yes, the length turns out to be Base 64 encoded in- 
deed! 

The Checksum 

A( the end of the encoded data is apparently some kind of checksum. I did not look into this any further 

The Decoder Program 

I he further working of the decoder program, which can be downloaded from the sendee home page, is left as an 
exercise to i lie reader. It s implemented as a ‘ I tiring-like ' slate machine. The decoder will treat .js and .vbs files as 

i Lilly encoded, while ,htm(l) and .asp tiles are seen as tiles that contain script amongst other things like HTML 
code. 

The decoder simply takes two arguments input filename (encoded), and output filename (decoded). 

There is one thing lacking in the decoder: the value of the <SCRJPT LANGUAGE^ ' attribute is nor 
changed hack into the original form. You'd better use a tool like sed far that. 

Conclusion 

ft’s not just sad that Microsoft made a tool like this. They've probably asked Bill Gales' little nephew to write 
this code. The really had part is that Microsoft actual ly recommends that people use this piece of crap and, because 
of that, people will rely on i(, even though the documentation hints that it's unsafe. (Nobody reads the docs any- 
way....) 

Security by obscurity is a bad, bad idea, InMead of encouraging I hat approach. Microsoft should encourage pro- 
grammers to find other ways to More their passwords and sensitive data, and tell them that an algorithm or any other 
piece of code thal needs to be "hidden" is just bad design, 

rhis much' originally appeared in the Dutch hacker zim t Khiphck. They can be found at www.kUtrihek.nl See 
this issue ir Marketplace for info on their monthly Meetings. 


Spring 2001 


Page 1 7 



by Loki 

You may have seen these floating 
around in your hometown. They are rela- 
tively new Internet kiosks called "Advanls 
Terminals' 1 (www.ad vants.com). With a 
price like $1 for five minutes it’s almost a 
crime to even use these things. So the I al- 
lowing is my ordeal with liberating one of 
these terminals that resides in a coffee 
shop in my homeiown. 

One day I walked into my local hang- 
out u> get a coffee and when I went to sit 
down with my beverage I no- — 

Liced a computer looking 
thing on a low table in the 
corner. Almost immediately 1 
went into hack mode. Many a 
question ran Lhrough my head 
such as: what OS is it run- 
ning, what kind of connection 
does it have, what are the sys- 
tems specs, can I run quake 
and most importantly how can I use it for 
free. Well here’s the low down people. 

All of the Advants terminals I've come 
across have been Win tel boxes: * gig HD, 
500mhz Celeron, 48 megs of ram, and an 
ATI Rage 1 28 video card. To keep the 
kiosk “secure” instead of running the nor- 
ma) Windows Explorer shelf it runs a pro- 
gram called "Netshift ' 

(www.netshift.comf As long as it is run- 
ning this, pretty much all useful operations 
are impossible. So tO get started the first 
thing I did was pull the plug. When 1 tried 
this l found that the plug was somehow at- 
tached to the wall. They did this by having 
a screw go into the ground plug at a diagi> 
nal and putting pressure on the inside of 
the ground plug hole. To get past this all 
you have to do is reach under and unscrew 
until the plug comes out of the waif Now, 
since the beginning of my experiments 
w ith this kiosk they have upped the secu- 
rity a bit by encasing most of the computer 
in a larger cabinet (soi l of like a standup 
arcade game) and pulling in a relatively 
useless UPS (Uninterruptible Power Sup- 
ply). If the machine doesn’t turn oft w hen 
you pull the plug you should hear a beep- 



ing in the lower part of the cabinet. If you 
are using one of the smaller “desktop ter- 
minals it should just go off immediately. 

When you plug the box back in it wall 
power up. Now this is where it may be dif- 
ferent from box to box. The screen may or 
may not be scrambled while this happens. 

I he box l play with started out not being 
scrambled, then w f as, and now isn’t. So 
you may have to do the rest of this w ithout 
being able to clearly see the screen (don’t 
Worry, it isn’t that hard). You will get your 
normal boot thingy (yes, that's 
a technical term), CMOS is al- 
ways passw r orded in my experi- 
ence but if you want to screw 
with u, that's your prerogative. 
To gel to it just hit delete as 
usual. I won't go into that be- 
cause 1 haven't messed with it 
(yet). 

Just after it is finished with 
the RAM and HD check is your chance to 
get into DOS, hit Ctrl -Esc (not F8), and 
you should get Lhe Windows “safe mode” 
boot prompt letting you choose Safe- mode. 
Normal Boot, or DOS and a few other lit- 
tle options. Now this takes a little timing 
and finesse but iL can be done, so don't be 
discouraged it you see a Windows 95 load- 
ing splash screen - just hit Ctrl-Alt-Del and 
go at it again. Once you get to this stage 
you’re just about half done. For you people 
with a scrambled screen, you should see a 
somewhat recognizable while bar across 
your scrambled screen that means you’ve 
got it, 

Now hit 6 and enter. This will get you 
the t >t >S prompt, for you people with 
scrambled screens, type “els” and enter to 
i \ u clears lhe screen. If so, you’ve got 
iL 1 rom here it defaults to C:/ so you’re 
going to have to go to the Windows direc- 
tory red Windows), Now here is the tricky 
part lor you people who arc doing this 
blind. Type “edit system. ini” and you 
should get a blue screen that is the familiar 
DOS edit program. Now we are going to 
change the shell from Netshilf to Explorer, 
Now hit the down arrow two times and en- 


Page 18 


2600 Magazine 




ter a i his will comment out the 
“shell=ne tsh i ft/naska, e x e” line. Then hold 
down the “ftT key and that will turn the 
right arrow key into the end key. so basi- 
cally “shift-end ' w ill move your cursor to 
the end of Lhe line. Now hit enter and type 
“shell =e xplorer.exe”. Don’t mess up be- 
cause this could cost you the box if you 
botch it. It should look something like Ihis: 
l hoot j 

oemfontsfan - vg t loem fan 
//shell-netsh (ft/naska. exe 
sh ell = explorer, exe 
system. drv= sys tem . ( In- 
ti r: vers - turns ystem. dll po wer.drv 
“All-F” followed by “X” and “enter” 
will save and exit you back to the DOS 
prompt. Now type “Win” and hit “enter” 
and you're on your way to a free net box. 
The power supply is ATX and if it boots 
into Windows and you typed the shell 
wrong it'll try to shut down. Shutting 
down means you either have to get inside 
the locked case to turn it back on or you 
have to call Ad v arils and wait for them to 
come back out and lix it (I've had to do 
Ihis three times!), II it says something 
about it being a bad shell or something, 
pull the plug and go again. 

Now if that sounds like a real bummer 
to do blind, you’re in luck, There is an- 
other way, but I fell like explaining the 
way 1 did it my first time. The way l just 
explained is the most fun and the most 
haekish. It's also the quickest and has lhe 
least potential for destruction of the box, 
especially if the screen isn’t scrambled. 
The box, when it is running Netshift runs 
War_FTP and most of the boxes allow 
anonymous access. There are two ways 
you can take advantage of this. They both 
involve getting the box’s IP, To do this 
click the free C-NET button, and use C- 
NET’s web search. Search tor “your IP”. 
Tli is will locate a site Lhat will show you 
your IP when you visit it. Now that you 
have that, you can do one of two things. 
One, you can go home, ftp to the box, 
download the system.im, edit it and re-up- 
load it, then go back to the box and reboot. 
Or you can get something callec LVNC 
( ww w. uk . re search , atl . rom/ygy / ) , flV i lh lh is 
pt qg you can log intov our own .box from 
t heiiel and _sec your desktop jn.re.al 1 1 111 e . f 
STnjTtte^ouhave VNC on your box at 
home, all you have to Jo is put a dollar 
intentfe Ad want's box, t yp e your home IP 


into the “goto” form and you’ll get your 
homFdesku>p:TY(5m There you can use that 
even after your time runs out to do what- 
ever you w ant on your home box because 
the page address never changes so it won’t 
kick you off. This is helpful because you 
can now upload things from your home 
box to the Advant’s box, such as a new 
system, ini. 

If everything worked out right you 
should be in Windows and you can have 
all the fun you want exploring around. Just 
remember - when you’re done put it back 
to NetShift so some “K-Rad Elyte H4xftr” 
doesn’t come along and destroy Lhe box or 
shut it down. You can then have fun later 
the next time you want to use the box. 
Don’t forget lo share your free net access 
while you’re supervising. People will ap- 
preciate it more than you know and you’re 
bound to make a few friends that way. 

I personally have pul GLQuake on lhe 
box that I use and it runs pretty well. The 
connection is most likely a crappy DSL 
shared on a LAN modem somewhere so 
it's not really suited for much. Eve seen it 
get 1 5k a sec but it usually gets 5-7. The IP 
range from what I've seen is 38.28.129.* 
and 38.28. 130.* if you’d like to scan for 
she boxes. I’ ve yet to have any luck that 
way though. 

It says on Advant's web site that they 
will soon be switching to the Linux OS to 
bring down the cost of the box and thus 
lower Internet prices. When they do that, 

I II get on top of it and write a follow-up 
article on liberating the new OS. 

I’d also like to give props to my man 
Agile for being there for moral support, 
free drinks, and more than one time pre- 
venting m e from doing stupid crap (and 
hitting me when I did do something 
stupid). 



Spring 2001 


Page 19 


F 


A ROMP 
SYSTEM 


THROUGH 

SECURITY 


by Lumikant with help from Zarium 

So you have your web server, you've got 
millions of hits on your web siie every day, hut 
you feel that ever-present nagging feeling inside 
that there's something missing, You're light, 
something its always missing ■ its tailed seen 
rity, “So, how do 1 secure this beast of mine 
here?” you may ask. In this article, you’ll see 
some ways of going about it. However, tins is in 
no way a complete guide to security, hut rather a 
cornerstone, ora foundation, m learning the ha 
sics on UNIX and UNIX variant security. Topics 
covered will include basic software security, 
hardware security, and general common sense 
techniques to prevent your system from getting 
owned. Well, that's enough yack in, let’s get to 
hacki til 

It's assumed you have general knowledge of 
a *nix based system. All the methods herein have 
been tested on a Slack ware 7. 1 system, as well as 
a Red Hal 6,2 sy stein. These are two common 
distributions of Linux that are often used for web 
servers. We Ye also assuming that the computer 
the server is on is an up to date computer (at least 
300 mhz, 128 megs of ram) that can easily be 
used for a web server Hopefully you are Ruining 
at least kernel 2.2.1 6, or a development version 
written around that kernel. Some of the methods 
in this article will be of no avail or may not work 
if the kernel is a lower version than that. A side 
note here - always get the latest stable kernel 
running on your system. With every new release 
comes new bug fixes, new updates, and support. 
Security isn’t a one-time lix-alt, hut rather a care- 
ful ever- watching vigilance over your 
system/network 

This article is also written speu!ic:dl Utf w 

curing a web server that hosts a web sue H yon 
intend to use the system fot more tli.m jlisi tli.n 
be careful how you follow what is described in 
this text, because the methods may cripple other 
vital services that you’d need in other situations 
It does however allow for optional POP3 c mad 
usage through a local SMTP Server. However, 
unless you need it, we recommend you drop that 
service. Being as just about anything is ex 
ploitable, it's only a matter of time until someone 
uses that service against you. (Yes, paranoia is a 
good thing here, guys.) 

f inally, we are assuming you have local ac- 
cess to the server itself. If you can only admin 
the box remotely you will have to allow certain 


exploitable services that [ would suggest disal- 
lowing and/or killing. Services such as ftpd and 
lelneld. After all T if you can dig into it remotely, 
that means somebody else most certainly can. 

I he basics of securing a web server are often 
the most neglected. Admins seem to be sloppy 
when it comes to this, the most important part of 
securing a server. What good are all the patches 
in i he world, all the firewalls and other various 
software, if your kernel is exploitable or if other 
users have a great deal of access? Not very is the 
correct answer (give yourself a pat on the back if 
you got that one, but not too hard, you may pull a 

l 

The Kernel j J O / 

fhe kernel is the core of a *nix system. In 
fact, ii is almost the entire system itself. The ker- 
nel is notated for its version. For example, the 
latest stable ! erne I at the time of this writing is 
2,2. 18 The version of a kernel has two parts, the 
kernel version (first and second fields) and the 
patch level (third field). Kernel 2.2,18, for exam- 
ple, means that 2 2 is the kernel version and 18 is 
the patch level of this specific kernel, [f the ker- 
nel version it sell is an odd number (i.e,, 2,3) T 


then it’s a development kernel. This is not a sta- 
ble release and should not be used unless you're 
a programmer or Unix Guru. In that case, use it 
by all means, improve it, re -code it, work on it, 
and then tell everyone out there so they can help 
improve it too. Development versions oftentimes 
have many bugs that are easily exploitable. Un- 
less you are a Unix Guru, you should not run a 
development version of a kernel. The latest ker- 
nel jfMMMlnally he found at in the I reshmeat 
; 1 1 i hi ves (for Linux ): www. frvshmeat.net/. 

Rool Account Mm 

Another security issue admins often Over- 
look is the usage ot the root account. For most 
wori on do (1 root recount isn’t needed. This 
\\ an important point to make. When you mess 
with the iv hm account, you are playing with fire. 
Von don't get pretty little error messages with 
UNIX hke you do with Windows if you say 
“Delete this," It does it - no recycle bin. It’s an 
unnecessary risk, especially if you are running 
an xtv m Not only can you make mistakes as 
root that can compromise system security, it also 
makes ii more difficult to sec when others have 
been accessing the root account, which is an im- 
portant step in finding out who owned you. 

The easiest way to avoid problems w ith root 


l 


A 


mr 


Page 20 


2600 Magazine 


is to make another user account - using the M ad- 
duser ,T command - and give that account admin 
permissions. This will allow most actions, but 
will keep you from causing wanton damage to 
the system and make it easier lo notice unwanted 
activity as root. It also makes lor a safer xterrn 
environment, disallowing someone from crash- 
ing your entire system remotely through an 
xterrn buffer overflow. 

Shell Accounts 

Sometimes other people, friends, associates, 
and otherw ise will want an account on your sys- 
tem, be it for iheir ow n web page, use of the ser- 
vices, etc. This is okay! It's one of the beauties of 
running a *iiia system r allow ing multiple users 
to log in. However, just like the Force, this has a 
dark side. If one of your friend's accounts is 
cracked, that person loses w hatever privacy they 
had with their files and gives the intruder a 
launching place to root you. Give shell accounts 
out to only the most trusted of people. Another 
great aspect of Linux is the ability to use differ- 
ent group ID's, Put all users into a group such as 
games so they have little to no access to ex- 
ploitable system services. A practice that is be- 
coming more and more popular nowadays is to 
simply block out port 23, the telnet login port, 
disallowing shell accounts. While this is a clever 
way of keeping you from being rooted, it also 
crimps the beauty and ability of *nix systems. 

Services 

Now let’s move on to many of the services 
and daemons that keep a *nix system running 
well. If the kernel is the base, the skeleton, of a 
*nix system, then the services and daemons are 
the blood, muscles, and skin. They are what 
complete tasks, allow external users, post your 
web page, etc. They're also what allow the easi- 
est entry into your system, so do be careful. Sev- 
eral services are very important to you if you're 
running a web server. The most important of 
these is the Hyper Text Transfer Protocol Dae- 
mon. or httpd. Ibis is the daemon that actually 
opens port 80 for HTTP traffic, thus allowing 
your site to be viewed. This service is not stan- 
dard on a *nix system, U comes with whatever 
web server you choose. This daemon in and of it- 
self is very secure. 

Another daemon that is almost as necessary 
as the httpd is the frond. This daemon watches 
all the programs on your cron tab (a list of pro- 
grams that should always he running), and il one 
of them is down, inactive, absent, or frozen, it 
begins the program anew to make sure the pro- 
gram is running. If the initialization program for 
the web server is on the cron tab, whenever it 
crashes it will be started again, thus keeping the 


page up. 

Many services and daemons however are un- 
necessary and are very insecure. These services 
should be killed and whenever possible disal- 
lowed from starting in the first place These ser- 
vices ure what allow most defacements and 
intrusions, 

finger d 

The most unnecessary and dangerous service 
is the fingerd. The finger daemon, running on 
port 79, is also useless. The sole purpose of it is 
to give out information about your users. As if 
that’s not dangerous enough, if is also a very easy 
service to crash, most often through a buffer 
overflow, to give one a root access shell. Here is 
a finger response from a WindowsNT Webserver 
running worldgroup. 

Crystal Mountain BBS 
User-ID : Sysop 

E-mail a U as : Sysop tip wgserfo crystal- mtn , com 
Sorry, that User-ID has not filled out a Registry 1 
entry 

Til is is an example of finger information from a 
*mx based system. 

Login: root Name: Root - Bilbo or Garfield 
Directory: fbywater/adm ms/root Shell /usrflo- 
calfhinfbash 

Last login Sat Nov 25 16:33 ( CST } on tty CO 
Mail last read Wed Dec 13 05:04 2000 (CST) 

No Plan , 

As may be apparent to you. this offers quite a 
bit of information that could be used by someone 
wishing to infiltrate a system. It gives the shell 
type used (bash), home directory, real name (in 
some cases), last login, and last time the mail 
was read. Sometimes the plan can show even 
more important information. All of that coupled 
with the buffer overflow possibility makes this 
service very dangerous. It should be removed 
from your initialization files (usually 
/etc/inetd.conf - just comment out the lines that 
start this service. Other places you could look are 
the /etc/rc.d/ where several files may exist that 
manage your startup services. This is going to he 
different with every flavor of Unix out there.) 

ftpd 

Another service that is easily exploitable is 
the itpd (File Transfer Protocol Daemon), This 
daemon allows people to access files on your 
system, as well as send files of their own. The 
danger in this is pretty self explanatory. Al- 
though this protocol is often used and is reason- 
ably secure, it is still a risk. 

Depending on the version of ftpd you run, it 
may be possible to download password files and 
other sensitive materials through FFP. so make 


Spring 2001 


Page 21 


sure thjit you have your timers set and restricted 
enough to where they're not even allowed read 
access to the /etc directory in particular, or if 
you're paranoid enough* any wre clary dmer than 
Lheir own and anything in the FTP directory. 

One version of ftpd, WUftp. is the absolute 
worst ftpd one can run. It has so many ex 
ploitable bugs, it makes for a playground for am 
intruder who wishes to cause your server harm. 
People have been known to scan entire IP blocks 
(i.e,, 209.23.*.*) for servers running this dae- 
mon, just for a little easy fun. Pretty sick, isn't it? 

If you have other users or wish to update 
your server or web page remotely you will need 
the ftpd. Just make sure you have the newest ver- 
sion with any necessary patches. Phis will save 
you from a lot of trouble in the long run. If 
you’re not going to he updating remotely then 
kill the ftpd. It's recommended you do all your 
updates right there on the . server if possible: 
telnetd 

Another service that you won't need unless 
you plan on having extra users is the telnetd. 

This daemon, which runs on port 1*3, allows 
users to access a remote console of your system. 
This, while being a secure service itself, allows 
for many problems. 

Basically, the only way to break in through 
the telnetd is with a simple brute force attack, 
This throws as many passwords as it can to your 
computer, hoping one is right. If you have a 
strong password this attack is almost useless but 
there's still a chance that someone could gain ac- 
cess. 11 you are only offering web space to the 
people who have accounts on your system, then 
giving them access to telnet is also unnecessary 
because this allows them to try all sorts of local 
exploits on your system. Local exploits often are 
more effective due to the easier access to the sys- 
tem. All in all, telnetd is unnecessary to be run- 
ning unless you have users who want to use the 
shell services of your server. If you don't have 
any of those users, the smartest thing to do would 
he kill the telnetd. 

$mtpd I 1L .1 

Another service thsu.is nice to have if you art- 
offering e-mail services is the smtpd. Tins is die 
service that allows your server to send and re- 
ceive mail, This service is secure in the way that 
it doesn't allow ready access to your system. 
However it's insecure in the way that it's easy to 
monitor traffic in and out of it. It also allows peo- 
ple to send e-mail without their true identity 
showing up. 

These problems can be remedied by simply 
using the newest and patched version of SMTP, 
or ESMTP { Enhanced Simple Mail Transfer Pro- 


tocol), Also, make sure any important e-mail you 
send is encrypted, preferably with PGP. so 
snoopers won't get any sensitive information. 
Keep Watching Your System! 

Another very important part of keeping your 
system secure is keeping up with ail the current 
bugs and exploits and, more importantly, their 
patches and fixes. Something as simple as an 
outdated and buggy service can allow someone 
access to your system. Not only do these bugs, or 
exploits as they are most often called, sometimes 
provide access to your system, they can also al- 
low malicious users to view sensitive data or 
crash your system. This, for the most part, can be 
easily avoided with simple measures such as al- 
ways using the newest release of a service or 
piece of software, lake Perl for example. This 
service allows you and other users to make web 
based (and other) scripts, including CGI, which 
can allow someone to gain root on your system if 
they have a shell. However in the newest ver- 
sions of Perl, the SI IH> exploit as it is called, has 
been patched, 

Perl 

Perl scripts, if hot written carefully, can also 
allow users to view data. Because they run on a 
shell and interact with your system, they can of- 
ten he "tricked” into displaying information. 
Also, if the files it refers to don't have stringent 
permissions, then someone could view files deal- 
ing directly with the script. 

Logs 

No. weTe not talking about those things that 
you burn in the stove. Logs are very, mucho, uber 
important to your system. With these handy 
things, you can see who broke in, from what IP 
address they were hailing, and at what time 
(among other things). You've got to log every 
connection, and for you paranoid people out 
there, every single packet that comes into your 
system. A firewall can accomplish this rather 
easily, but your system will also log failed telnet 
logins. If you notice (hat a certain IP attempted to 
login as a user several times and failed, then you 
might consider restricting that account and ban- 
ning that IP address, being as someone is very 
likely to be trying to brute force their password. 
Your system also logs odd happenings. Pay at 
tendon to your logs. If you get owned, you’d bet- 
ter be able to prove how when you go whining to 
the authorities, System logs are usually ap- 
pended m a file located in/var/log/messages. 
Passwords if fj ftp /fl 

One thing ybur usSrs need to have H a sfrrihg 
password. This basically means that if lheir pass- 
word is their first name (i.e., jerry), then you've 
got a problem. Let’s say Jerry has a friend at 


Page 22 


2600 Magazine 




school who wants to thrash a Unix box some- 
where. He knows Jerry’s username on bleh.org is 
“dude". So he goes in and brute forces the pass- 
word Since he knows Jerry, he’s going to guess 
things that are close, near, and dear to him, such 
as his girlfriend's name, his dog's name, his 
mother's name, his car. his favorite movie, etc, 
finally, the intruder enters * 'jerry" as the pass- 
word and he’s allowed in. From there he down- 
loads local exploits and roots your sorry rear, Tsk 
isk, if you would have been a good little sysad- 
min, this could have been avoided. You should 
have Jerry change his password every three 
months (i,e„ every business quarter or whenever 
you feel it would be a good time, as long as it's 
somewhat often). Make sure Jerry’s password is- 
n't something like 'laura' (maybe his wife’s 
name?). Thai's just dumb, because anyone who 
knows Jerry and is trying to guess his password 
is going to know Laura more than likely and try 
guessing that as his password. Make him use 
something off the wall and totally random, like 
77x88349 2x x sofy B B25 Tk The longer the pass- 
word, the better, as it takes a dictionary creator 
and/or password cracker much longer to reach a 
password of this length than it does “laura”. 
Also, even though it may be hard to remember, 
it's still feasible to create a password within a 
password. For example* let s say your dog's 
name was “Missy" (like my mom’s little dachs- 
hund. God rest her soul). Let’s say you have a 
work ID number of 12345. Try this: Im2i3s4s5y. 
This spells “missy" with 12345 strewn through 
it. Although this method is commonly used, it is 
a bit more difficult U> crack. 

Firewalls 

Firewalls are super-handy Make sure you're 
running one on the gateway in your network, 
otherwise you’re asking for trouble. Firewalls 

block whatever you tell them to pretty much, in- 
cluding ICMP attacks, w hich are the most com- 
mon when you’re getting packeled. This can 
greatly reduce the risk of being packeled to 
death, but it doesn't mean that it won't happen. 
Nothing can fully defend against a smurf attack, 
but you can sure slow' one down by having a 
proper firewall installed. There arc several fire- 
wall types you can get, ranging from software 
firewalls such as Conceal PC Firewall. Freedom, 
or IP Chains, There are also hardware based fire- 
walls and routers, the most prestigious of which 
are Cisco routers. Depending on how much 
money you wish to spend you can get varying 
degrees of protection. From packet routing. IP 
banning and looping to port protect ion, logging, 
and warnings. I have used several different fire- 
walls. mostly software based and most are use- 


less. For the most part they just log connection 
attempts. Although it is helpful to log, protection 
is slid belter, For your *nix based system l would 
recommend TP Chains and Port Sentry, Collec- 
tively they offer a great deal of protection. IP 
Chains routes harmful packets while Port Sentry 
logs connections and warns you of possible at- 
tacks. Port Sentry also negates most scans, 
stealth and otherwise. 

I 

The last line of defense here are the services 
you're running. If you’re running SMTP, HTTP, 
telnet, finger, etc., you’re in deep crap, dude I 
You'd better get rid of every single one ot those 
services, because they're all exploitable. Every 
service under the sun is exploitable, but these in 
particular because they're used so much more of- 
ten and are far more likely to screw you rather 
than some of the other things. Let’s start with 
SMTP, Simple Mail Transfer Protocol isn't nec- 
essary unless you're running an e-mail service 
on your box, so get rid of it if at all possible. An- 
other risk (in addition to gening rooted through it 
somehow) is that of spoofed e-mail. It’s possible 
to telnet to port 25 on a target and manipulate 
SMTP to send a fake e-mail to anyone in the 
world. Your best bet to prevent this is to block 
the service, or run ESMTP instead. HTTP is 
probably going to be a necessity if you re run- 
ning a web server - just make sure that you have 
all the patches and security info available that 
you possibly can gel because no web server, no 
matifcr how rare or how well coded it is, is totally 
secure, I recommend using Apache, since it's 
tree and fairly stable. Just be sure to get all the 
patches* and bug fixes for it. Telnet is a whole 
monster in and of itself. The service itself is se- 
cure, but not what it allows people to do. Having 
telnet open is basically an invitation to get your 
butt kicked, so close it off and don'; allow shell 
accounts. Finally, as mentioned earlier, finger is 
a no-no. Anybody, even newbie wannabe hack- 
ers, can play with finger. It's basically there for 
one reason alone - to get you owned. Any buffer 
overflow will cause linger to give a user root ac- 
cess - it’s the simplest type of attack. So make 
sure to block it out. If you want to get rid ot these 
services, try editing /elc/inetd.Coni and there are 
also some files in /etc/rc.d/ that you may want to 
have a look at too. 

Hopefully after reading this you have at least 
a basic idea of how to secure your server. Al- 
though it does not go incredibly in depth, it is 
more than enough to keep most “kiddie" hackers 
out of your system. 


Spring 2001 


Page 23 



iCKAi 


by Durkeim the W ithered God 

There is nothing worse than waiting- I 
hate waiting to gel food, I hate waiting to 
take a piss, I hate waiting for my paycheck, 
and I definitely hate waiting in airports. So 
there J was at 10 am, bored as hell, walking 
back and forth, tin Li 1 I discovered those 
mean looking Internet stations. Tve seen a 
lot of different Internet stations around the 
world, but none looked as mean as these 
(they’re like cubicles but made out of 
steel). Basically, in these stations you have 
a decent keyboard, a nice monitor, and an 
average interface. These arc the Quick AID 
Internet stations (www.quickaid.com). In 
this Internet station, similar to all the oth- 
ers, you swipe your credit card, and for 
three bucks you can search for extraterres- 
trial intelligence on the Internet for 10 min- 
utes. Oh well.... 

Finding the Operating System 

This is always the best part of the entire 
process* I tried a few things: ALT-F4, ALT- 
ESC ALT-TAB, Ctrl-Alt-Del, invalid char- 
acters. and so on. After overflowing the 
buffers by repeatedly pressing composite 
characters and special keys, I noticed the 
continuous Windows "ping sound and the 
Windows desktop image in the back- 
ground. That along with the “nice" pol- 
ished icons is a clear indication of the evil 
operating system. As always, dumb devel- 
opers chose Windows to program their ap- 
plications. Just because it’s easier to 
program in Windows it doesn’t mean it s 
safer or better 

What Can One Do Without Paying? 

In the beginning the access is very lim- 
ited, We can only browse their web page 
using a stripped down version of Internet 
Explorer 4. send comments, and that's it. 
This obviously means that the machine has 


a permanent connection to the Internet,,.* 
Gnoood. 

Since 1 am such an ethical guy, I de- 
cided to save the brute force method (buffer 
overflow and keyboard/mouse crash) for a 
last resort. 1 decided to stick with the ba- 
sics. So I started exploring the only gate- 
way possible: their web page. As I 
expected, all the hot keys were deactivated. 
That meant no CtrLS and so on. The next 
step was to look at every document on their 
site to find a missing link. Before long I 
came across a zipped hie inside the site. 
Wrong move! As soon as I clicked the file, 
our good friend, the unregistered version of 
win zip, came up. The machine was now 
mine. 

Obviously the next step was to add a file 
to the zip files. I suggest that you add 
c:\winnl\system32\wtnfile.exe. (You all 
probably remember this as being the 3,1 
version of Windows Explorer.) Then, just 
execute it after adding it. And voila. t he 
system is now r yours. You can edit the reg- 
istry, change the settings, get the hot keys 
enabled again, navigate freely on the Inter- 
net, and, most important of all, you can dis- 
able that silly Cyberpatrol (unethical). 
Browsing the Web 

Using winftle.exe, execute c:\atcom\in- 
stali\ATbrowser.exe and there yon go. The 
rest is up to you. If you want you can even 
start an ftp server in their machines! 

Fm submitting this article just to prove 
that Windows -based programming is 
wrong, had, barbaric, buggy, morally 
wrong, and slow. Stop being lazy and pro- 
gram everything from scratch on a decent 
platform. You’re not going to rediscover 
the wheel, but you'll have perfect control 
over everything! Control, my friends.., its 
all about control. 


Page 24 


2600 Magazine 



FOR IMMEDIATE RELEASE 


CONFIDENTIAL - DESTROY BEFORE READING 

November 20, 2000- San Francisco, USA- The Billboard Liberation Front (SYM:BLF) 
announced a major advertising improvement offensive today, taking responsibility for the 
heroic modification of thirteen large-format billboards in Silicon Valley along the northbound 
US-101 freeway corridor between the Whipple exit in Redwood City and San Carlos exit. 


The pro-bono clients in this campaign were all technology companies, w ith a sector focus on 
the endangered and much maligned “dot-coms”. Billboards in the target sector w ere 
graphically enhanced by the addition of large- format warning labels, in the style of a standard 
computer error message, bearing the bold copy: “FATAL ERROR - Invalid Stock Value- 
Abort/Retry/Fair'. 

The BLF justified its actions under the emerging doctrine of Prophylactic Disclosure, citing 
recent examples of other industries that, through failure to self- regulate, eventually lost all 
access to the outdoor medium, “We love e-commerce”, explained BLF Operations Officer 
Jack Napier, “and we really love outdoor advertising. We’d hate to see the New Economy go 
the way of Big Tobacco by failing to make a few r simple disclosures”. Citing the recent 
demise of e-tailer Pets.com, Napier pointed out the inherent dangers of marketing securities 
to children. "First Joe Camel, now the sock puppet- we re clearly on a slippery slope here”. 

I he Internet bubble will not be allowed to hurst on our watch”, agreed BLF Information Of- 
ficer Blank DeCoverly. “It s a very robust bubble, albeit temporarily low oil gas. The fact is, 
these companies are drastically undervalued, and the investing public needs to be made aware 
of that. Would a dying industry increase its spending on outdoor advertising by over 670 per- 
cent in a single year? The naysayers are clearly falling prey to irrational under-enthusiasm,” 

Participating companies in the campaign included Internet pur e-plays like E* Trade, 
Women.com. and Support, com, as well as “shovel -selling” high-tech stalwarts like Oracle 
and Lucent. The Pets.com stick puppet was not available for comment. 



Founded by a shadowy cabal of understimulated advertising workers, the Billboard 
Liberation Front has been at the forefront of advertising improvement since 1977, adding its 
own unique enhancements Lo campaigns for 
clients including Zenith, Apple, Max Factor, 

Phillip Morris, and Chrysler, 


For more i n I brm at i on , pie ase v isjt 
http : // W' w w. hi 1 ! h oa rd 1 i berat ion . co i n , 


### 


Spring 200 / 


Page 25 





With 


Fabric 


Chris Silva aka Sarah Jane Smith 


n -i 

chamber that either 




■k 

s nr 


[ his is an article in which 1 plan to 
describe quantum-based computers 
and their application for defeating 
public-key crypto. 

Let's begin by describing basic 
quantum principle. Particles work in 
funny ways* Its believed that anything 
at the atomic scale obeys the laws of a 
very different type of physics than we 
normally see: quantum physics. Un- 
like classical physics, quantum 
physics deals with information and 
probability instead of physical forces 
interacting. For quantum- based com- 
puters ah we really care about are par- 
ticles in superposition, quantum 
entanglement, and quantum interfer- 
ence* 

Particles in Superposition 

A particle can have at least two dif- 
ferent states, spin-up and spin down 
(or 1 and 0). That's all we care about 
right now. Logically, one would think 
that a particle with two states is either 
in one or the other That isn't so. Un- 
der quantum physics a particle is in 
both (or all possible states, given its 
location) at the same time* That is, un- 
til the particle is observed, it's neither 
spin-up nor spin-down but both. 

Quantum Entanglement and 
Non-Physical Com muni cation 
Quantum entanglement is when 
two interacting particles are in super- 
position. Schrod inger's cat is a good 
example. Say we have a particle in a 


not. In that chamber there s a geiger 
counter that’s booked up to a device 
that releases a poison gas into another 
chamber that contains a cat. Since 
both the particle and the cat are in 
chambers we cannot see them* We 
cannot observe the particle to see 
whether it has decayed or not, and we 
can't see the cat to reason w hat hap- 
pened to the particle. The cat, the par- 
ticle* the geiger counter, and the 
poison releasing device are said to be 
in superpositional entanglement for 
quantum entanglement). Only until w'e 
observe the cat, the reality where it 
died from the poison gas or the reality 
where it's still alive is our ow n. Any 
ti me before w f e observe things, the cat 
is both alive and dead. Although this 
example may not be too likely on ac- 
count of the size of the cat and all. 
particles can becom e e n tan g I ed in this 
way. hi fact, particles can become en- 
tangled in such a way as to allow non- 
physical communication. Once in 
superpositional entanglement particles 
remain that way until observed, even 
if they move miles apart. 

Say that we have two particles at 
10:00p in superposition. At 10: lOp we 
put both of them into a device w f here 
they are XGRed (remember: spin- 
down-0, spin-up=l) so that the parti- 
cles come out of the device as both 0 
or both I , or rather, since they’re in 
superposition they’re both 0 and 1 at 


Page 26 


2600 Magazine 


the same time. Now we move them (in 
special containers that isolate them 
completely) to two labs: Alice’s lab 
and Bob’s lab. They both get their par- 
ticles at I l:00p. Alice puis her particle 
into a device that changes d to a 1 
without observing it (e.g. laser-cooling 
ion trap). Bob sits still and does noth- 
ing* At exactly 1 1 : 1 G*29p Bob and Al- 
ice observe the state of their particles* 
They’re both 1 ! What this means is 
Alice communicated a I to Boh non- 
physical! y. Since their particles were 
in superpositional entanglement until 
they both observed them at 1 l:10.29p, 
one affected the other's probability of 
being 1 when Alice pul hers into her 
device. 

Quant ii in interference 

Quantum interference is what 
makes most quantum-based computers 
possible* All possibilities are thought 
to exist in different universes and. on a 
quantum level, a particular universe 
with a particular possibility only mani- 
fests itself in our own when observed* 
There is no way to directly observe a 
possibility that is not our own, but we 
can do it indirectly! Imagine that 
you're standing on a cliff. There are 
basically two different things you can 
do* You can either jump off or walk 
away. You imagine yourself jumping 
off - you slam against the rocks at the 
bottom and die instantly* Since you 
don't want to die, you walk away. 

While you didn’t jump off the cliff 
you imagined that you did. The fright- 
ening possibility of you slamming 
against those rocks interfered with you 
jumping off. This sort of interfer- 
e nee o f poss i h i 1 i t i es can be Figure 

demonstrated with a photon. (Fig- 
ure l ) A is a photon source that 
emits one photon, B and C I 

are two detectors that can ^ / 

detect a single photon, and w 


D is a semi-transparent mirror that, 
w f hen only dealing with one photon, 
reflects or does not seemingly at ran- 
d o m . Log ically you wo u I d ass u m e t h at 
both B and C have a 50 percent 
chance of detecting the photon be- 
cause it went either one way or the 
other. While the results are the same, 
this is not w r hat happens. When the 
photon strikes D it goes into a super- 
position of being reflected and not be- 
ing reflected. Since both possibilities 
can be observed, they both try to man- 
ifest into our own universe* But the 
properties of D only allow one to. So 
there's a 50/50 chance of it being de- 
tected by B or C. Now, go to Figure 2. 
We * ve p I aeed a p h oton - stop p i n g pi at e 
in the non- re Heeling path* Again, 
logically you would as- Figure 2 

siirne that the photon Q B 

would have a 50 percent ■ 
chance of being detected 
by B and a 50 per- a 
ce nt c h anc e of be - # — 

i ng stopped by the 
plate. And again, this is not what hap- 
pens. But this time the results are not 
the same because of quantum interfer- 
ence. Because only the possibility 
where the photon is reflected into B is 
observable, only that possibility be- 
comes our own. Therefore, there's a 
100 percent chance that the photon 
ends up in B. Man that’s weird! 

Better Things Will Surely 
Come Our Way 
We have a million random num- 
bers, each number being unique. We 
are looking for the address of number 
10294. Under traditional technology 
1 there are only two ways one can go 
about finding 10294. One way is to 
consecutively check all one million 
numbers until we come across 

_£ the right The other way is 

^to do the same thing but divide 


_| 


Spring 2001 


Page 27 






our workload by adding more check- 
ers, Quantum -based computers do the 
latter, but in a very unique way. They 
divide our workload amongst checkers 
existing in different universes. As 
such, they have the capability of divid- 
ing work infinitely. So let's build one 
(Figure 3): 

Classical memory cells (or bits) ex- 
ist in two states, t and 0. Our memory 



Superposition I Enl&ftfeoicni 


cells are individual particles and, as 
such, they obey quantum physics. 
Since we’re not observing them (at 
first) they're in the superposition of 1 
and 0, (A bit in superposition is called 
a qubit.) Recall that Alice transmitted 
t to Bob by changing the state of her 
particle. Bob’s particle became I be- 
cause it was physically impossible for 
it to be otherwise if Alice's was also 1 
before observing it. Ihat little trick of 
reality allows us to store multiple 
numbers in the same physical memory. 
Therefore, all one million 9 digit (or 
about 2 Ob it) numbers can be stored in 
only 40 qubits (actually only 20, but 
we want the address too). If we 
changed the state (again, without ob- 
serving it) of dO- 1 9 to 0, d2Q to 1, aO- 
a 1 9 to 0, and a20 to 1 at the same 
t i me , w e e re at e d a poss ibility for. de- 


pending on how you look at it, address 
1 to equal I . We can repeat this one 
million times until we’ve stored all 
our random numbers. 

The classical design of our system 
is to let whatever is in d be sent to A 
during each clock. A compares its in- 
put with the number we're looking for, 
which is stored in register B. A stores 
the bit addresses that arc shared be- 
tween B and its input in C (e.g. if bit 2 
of input and bit 2 of B are the same 
store I in bit 2 of C), D Checks C to 
see if all bits equal one. If they do, D 
switches on the gale to our non-quan- 
lu in display whic h read s the conten ts 
of a. 

This is what actually happens; Dur- 
ing the first clock all possibilities 
stored in d are compared by A in dif- 
ferent universes. Physically only one 
possibility can exist, so in that uni- 
verse similarities between A’s input 
and B are stored in C. Since C is di- 
rectly related to switching on our ob- 
servable non-quantum display, that 
possibility starts to interfere with oth- 
ers because if s observable. During the 
second dock, al I non-observable pos- 
sibilities stored in d are compared. In 
other words, d possibilities that do not 
have the same bit correlations with B 
as stored in C in different universes 
are compared. This is continued until 
there can only exist one possibility, 
we’re looking at B in d, and lhafs 
when our display lights up with our 
answer! That is quantum computing. 

Really Practical Applications 

The great majority of cryptography 
systems, especially public- key sys- 
tems, depend either heavily or com- 
pletely on the difficulty of factoring 
large numbers. Quantum-based com- 
puters have the potential of reducing 
the predicted computing time of bil- 
lions of years to mere seconds for fac- 


Page 2H 


2600 Magazine 


taring numbers of “secure" size. If 
such a computer were built, all public- 
key crypto w r ould become insecure. 

So, let's build one: 

The algorithm w ? e intend to use for 
factoring is well known. The number 
we wish to factor is called N. We start 
off by taking a random number (a) be- 
tween 0 and N. We then figure out a 
phase (r) by computing; 
int find _phase(i lit a, int N) { 
int tmpp, R[0xFFFF], r; 
for(tmpp=G;;tmpp++) { 

R| tmpp]=pow(a,tinpp) %N; 
if(test_repeal_store_in r(R, &r)) 
break; 

} 

return r; 

} 

After some lime R[tmpp] will star! 
to repeal itself, test_repeat_store_in r 
returns true when this happens and 
stores the number of digits that repeat 
in r. Then we take ihe greatest com- 
mon divisors (Euclid's algorithm) of 
(N,pow(a,r/2)+ 1 ) and (N,pow(a,r/2)- 
1 )* The result of this is the two factors 
of N. 

Computing r under classical means 
is very slow ? , For increasing digits of N 
the computation time increases expo- 
nentially. The only thing our quantum 
computer is concerned with is comput- 
ing r. The rest of the factoring can be 
done normally. 

We have two registers in superposi- 
tion, x and k. x and k are not prepared 
so that there exists the possibilities for 
x and k to be any numbers between 0 
and po w( 2, si ze of( i nt) * 8) . We then 
compute k = pow(a,x)%N (part of 
find_phase). After that we perform 
l=k, where t is some non-quantum reg- 
ister. Because pow(a,x)%N has the 
same return value for x+t*r, where i is 
any number, x is in superposition of 
all numbers that equal k. (Remember, 


we read k by t-k. K is no longer in su- 
perposition.) We are now ready to read 
x. There's a slight possibility that x~t. 
If this happens, we’ll have to perform 
the operation again. If x!=t we have 
r=abs(t-x). 

Now that we've found r in no lime 
we can compute the greatest common 
divisors of (N,pow(a,r/2)+ 1 ) and 
(N,pow(a,r/2)-l ) with a classical com- 
puter. This should take very little time. 

The advantages of such a computer 
are obvious. Its potential for breaking 
public key crypto may be balanced by 
non-physical communication transfer- 
ring secret keys about. Still, with huge 
increases in memory and theoretical 
infinite parallelism we’ll be able to do 
amazing things. 



My theory about the books 2001- 
300 / is that the black monolith was a 
small computer w ith the capability of 
simulating entire worlds. Thai LSD 
trip Dave had at the end of 2001 was 
him entering it. Now, is such a com- 
puter that far off? 


Spring 2001 


Page 29 





Politics 

Dear 2f>m 

I can't for the life of me understand why your mag- 
Ei/ine endorsed Green Ralph Nader over Libertarian 
Harry Browne, While I agree that Nader is a sincere 
man and infinitely preferable to Gush and Bore, a sim- 
ple look at the respective parts platforms will show that 
the Green Party is all about bigger, more intrusive gov- 
ernment, and the Libertarian Party is all about freedom. 
IKO questions asked. In the crucial area of privacy rights, 
the Green platform is vague and poorly written: the bot 
lorn fine is that neither five speech nor the rights of the 
individual are listed in "The Ten Key Values of the 
Greens" (www. graens.org/vdues/). On the other hand, 
the Libertarian platform (www.Jp.org/issues/pJatform/- 
freecomm.html) is crystal clear and leaves absolutely no 
doubt as to where they stand. 

Ask yourself: do you want real freedom or don’t 
you';' The choice is clear. 

Us a J. 

You've over analyzed our message. If we wanted to 
endorse a candidate, we would have done so in a more 
obvious way ; The cover of 17:3 was a collection of im- 
ages that summed up the events of the previous month h : 
H2K, the RNi \ the treatment of the demonstrators, the 
rise of the Green movement and the i pttsUms thev 
raised, the “threat’' of a cell phone, etc. Hfr don i care 
who you vote for and, as events have shown, it doesn i 
really matter unvH'UV. And that is what you should be fa 
fusing your anger towards. 

Dear 2600 : 

I’ve been a long-time reader of 2600, but looking at 
your most recent cover, I have to admit to being ex- 
tremely disappointed that you would use your magazine 
to promote a particular political party. I'm alt for en- 
couraging people to support freedom of speech and all 
the other values ihai go along with the hacker ethic, but 
aren’t you kicking yourselves just a little bit for voting 
Nader? Due to the closeness of the election anti the fact 
that the Greens' views align far more closely with the 
Democrats than the Republicans, it’s probably fair to 
say that Nader cost the Democrats the election. As a re- 
\ult, it looks like we’re going to have a president who 
believes the Internet was responsible for Columbine. 
How do you think he’s going to deal wuth Internet cen- 
sorship issues? Gore, at least, understands technology. 
Just ask Vint Cerf. 

Shame on you. 

Ben St ra grid I 

If printing two words on oar cover upset the status 
quo this mm h. we must have done something right. But 
w hat really should be offensive to most people is this ar- 
rogant attitude that both Democrats and Republicans 
have where thev somehow think they're entitled to our 


votes. They’re not. And the consequences of believing 
this as well as the absurdity of our current system were 
both aptly illustrated * in no small part because of those 
who dido i fallow the ports line. This wci.v an unexpected 
accomplishment. And to berate these people for voting 
their conscience is simply unforgivable. 

Dear 260 th 

Has anyone noticed none of the ’ protesters” in 
Florida were arrested? After the demonstrations at the 
Republican and Democratic National Conventions and 
the World Trade Organization meeting all resulted in the 
arrest of many people who were simply exercising their 
right to free speech and peaceful assembly, I would ex- 
pect the same thing to happen in Florida. However, no- 
body was arrested even after one group of Hush 
supporters almost stormed the building where the re- 
counts were taking place, Had this happened at one of 
the national conventions, (he demonstrators would have 
gotten a life sentence- This lulls mu l only have the right 
to free speech add peaceful assembly if i am supporting 
the status quo. otherwise I wilt hu arrested, 

Chris S. 

Now you're catching on. Another more recent ex- 
ample of the misuse of justice occurred in Philadelphia 
when drunken mobs smashed store windows and looted 
shops during a Mardi Gras "celebration. " Here we had 
a cadent t wwd terrorizing people, causing massive de- 
struction, ami really si re wing things up. Did they get 
held on a million dollars bail for ten days in prison like 
some of the demonstrators at the Republican Conven- 
tion in the same city six months earlier? Not a single 
one oj these rioters imr even held overnight according 
to ne*v,s reports. H'u see a distinct parallel with the m 
hackers are prosecuted - its always the brightest ones 
who don't try to use their talents in a criminal manner 
who get the book thrown at them. The real threat to au- 
thority is knowledge, not crime , 

Random Questions 

Dear I60H: 

If cookies can be automatically downloaded to my 
computer, why can't some son of virus be placed in- 
stead of a cookie? Don’t you think that would be a way 
hackers and virus writers could get a virus into some- 
one's computer? 

MiStReS.S DIVA 

( 'on kies don f it ally work that iray - they’re gener- 
ated by your computer and stored in a simple text file 
made up of single -line entries containing simple fields 
in ASCII. They simply can i be manipulated into binary 
code and your browser wouldn’t try to execute it in any 
case. A far more insidious threat that Internet Explorer 
is prone ro allows any file on your computer to be read 
remotely if its name and path are known, That's far 
more intrusive than anything cookies can do. 


Page 30 


2600 Magazine 


Dear 2600: 

Are you guys going to offer Freedom Downtime for 
sale on VMS or DVD? 1 would enjoy seeing it. 

Frank K„ 

San Antonio, I’X 

That is our intention. We re doing everything 
possible to see that this happens soon. 

Dear 2600 : 

Hey why can't you hold u nun mg in Newcastle- 
Upon- Tyne, Fn gland because you hold them in London 
and stuff? 

Equinox 

Technically, we're not the ones who hold She meet- 
ings. Various readers of ours do. And it's up to them to 
organize and publicize tin meetings which we then list 
once thev become established. More info can be found 
on our web page in the meetings set tion, 

I tear 2600: 

Why dues 2600 have a problem with the MPAA? 
They didn't make the DMC A. How come more pressure 
Isn't being put on politicians? 

Keyset So/e 

There It this little lawsuit the MPAA filed against us 
that has probably swayed us away from their position. 
And they might just to well fiuvi written the DMCA 
themselves since thev are among the DC special interest 
groups who are direct is served h\ it. How much pressure 
is put on the politicians is completely up to individuals. 

Dear 2600: 

You know, 1 think you guys have a lot of people 
buying your magazine, Why mu make the magazine full 
size so more stuff could fit in it? Also, just so you know, 
your magazine is very easy to steal, How do you think I 
got my hands on this one 1 ' muhuahaha 

Wax 

tb' happen to like the digest size, even if it decs tend 
to attract vermin. Stupid shit like this is enough to ensure 
that store*; cither keep us behind the counter or snip car- 
rying us altogether 

Dear 2600: 

I am a subscriber of 2600. I would like to know 
more about the cover of the Summer 2000 issue. Partic- 
ularly I want to know who is the person in the picture in 
the fifth row and the second column? 

muthu 

A.v you may know, alt of the pictures an that cover 
ore scenes from our documentary "Freedom Down- 
time. ” The one vou selected is one of only two that 
wound up being cut so either you re very observant or 
vou made a lucky guess. This particular shin was of a 
manager at US West looking down on a picket line dur- 
ing a strike in l V ViS" jvt Denver 

Dear 2600: 

Does anyone know of any decent search engines 
one could use while being fairly certain that the search 
terms aren't being lugged and/or he mg correlated with 
IP addresses? In these days of massive data mini ng/t rend 
analysis techniques, one can't be too paranoid, ("Gee, 
ilns IP has a high density *>| bagged terms in its searches 
- time bi break out Carnivore]) 

Empty Set 


There is no surefire wuy of remaining vafe, Using 
anonymous proxies like www.anonymizcr.com or 
www.safeweb.com will do some good but that won i pro- 
tect you from anyone logging your keystrokes locally. 
Plus the anonymous proxy could also be compromised bt 
one way or another or even be a setup if you really want 
to go for the paranoia gold. Perhaps the best way n'c 
can learn about such things as ( a rn ivorc is to trigger 
them more often. 

Ltear 2606: 

A colleague of mine recently went to a seminar in 
San Francisco regarding intrusion detection technology. 
These seminars are very popular now. His instructor, 
who claimed to be a previous security expert for AT&T 
(isn't everyone?) told the class lo read 2600 , But the 
warning given was to buy it from the newsstand and not 
to subscribe, otherwise “you will gel checked out,” I 
asked him who would be doing the checking. But since 
he didn't have the insight or forethought to a^-k his in- 
structor, it is unclear as to whether the alleged checker- 
outer is associated with 2600 or an outside agency 
(possi bl y govern me nt ?) . 

So, in the interest of information gathering and be- 
cause 1 am a subscriber, are you going to be checking me 
out? 

Boneman 

This would be unnecessary since we checked van 
out before you subscribed. That’s why wc made sure you 
heard about us ami followed the plan by subscribing. 
Writing this letter, however, was not port of the plan and 
n r will be taking corrective action. 

Dear 2600: 

After getting my first issue of 2600, E was bothered 
by something that I hope you Can explain, On the second 
line of Mil- mailing address label, I was surprised to see 
seven of the nine numbers of my social security number 
(in order) followed by seemingly random characters, I 
am not paranoid, and I could care less if “Big Brother' 
knows what 1 read, but I w r as curious about a few things. 
Why was it there? How was it obtained since it's not 
asked for on the subscription form? What were the char- 
acters after the number? With a rising amount of identity 
thefts resulting from social security numbers stolen from 
people's mail* it seems like a bad idea to even remotely 
refer to that number (especially on ihe outside of the en 
vdope). 

D'urlagium 

We certainly agree that printing someone s social 
security number on an envelope isn ’t a very nice or 
smart thing to do. It's hard to imagine that vou believe 
we would do something like this. The numbers on your 
label are comprised by y our position in our database 
(anywhere from a one to five digit number } as well as ihe 
first three digits of your zip code fallowed by the number 
of subscribers m that area. Other letters and numbers 
indicate when you subscribed, when you expire, and 
your shoe size. Now enough with the paranoia. 

Dear 2606: 

At the bottom of page 33 in issue 17:4, "Winter 
2000*2001" is blacked out. At first I though it was a 
printing error unique to my issue, but everyone 1 asked 


Spring 2001 


Page 31 


had the same thing Could you please explain why it's 
like this? 

Juiiiv 

At best K'f a in offer thrones. Let u \ instead offer a 
promise that the problem has been fixed and w<mf ever 
happen again. 

Drur 2600: 

I have been coming across this message regularly 
on my POCSAG decoding setup: "NEW PARIS TELE- 
PHONE INC 02-1 ALARM 5ESS MAJOR ALARM" 
Then a lew minutes w ill go by and HI set? another mes 
sage which reads: "MW PARIS Tl 1 I PHONI: INC 
02-0 Cl FAR 5 ESS MAJffR ALARM*’. Ant T wrong Qf 
is this an ESS system sending a tent message to an ad 
ministrator's pager or something, warning him of an 
alarm being triggered? 

And I would like in say thank you to Black Axe for 
the very informative article in 16:4. 

Phil ter 
Chicago 

Your assessment is probably correct You can see 
some vary interesting things going by on unencrypted 
pager tntjfn . In the Netherlands a number of years ago 
p simitar message wws monitored that actually trig- 
gered a test of air mid ureas. We believe everyone 
should have access to fHt^er information despite the fact 
that it i been made t Ur gal by the same C ongress that 
brought sn the DMCA. The simple fact is that it's imt 
there, it s unencrypted, mul anyone can see it. It's 
ridiculous to think that endowing the monitoring of a 
radio ugmd is a substitute for adequately protecting the 
transmuted data in the first place. We hope to see a lot 
more pager monitoring in the future to people can see 
first bond how public tt is. 

Dear 2600: 

Let me start by saying that I think your magazine is 
great Hie first time I read ii was the issue before the 
current Winter issue and now 3’m hooked. Your blatant 
honesty about things is great. Anyway. I was wondering 
about a rumor a friend told me. Supposedly the govern 
ment blacklists anyone who subscribes to your maga- 
zine or anyone who buys it in the stores using a credit 
card. Now ] have no problem buying it with cash, but J 
was wondering if the rumor is true ui nut, I'm sorry d 
this is an annoying question and you receive il often, bnt 
I wanted the inith. Keep up the kkkasx mag. 

Cyber Inferno 

Even if it were true, do vou think they would tell m ' 
// lhe\ did , we ‘d certainty tell you. Hut most (input 
tartly, if \uch a thing were going an. the best hwv to 
fight tt would be to challenge it by getting as many pet* 
pie on those lists as pets able Even the htnt of sm h op 
pressive tactics should not he tolerated. (And don ) 
forget to wear gloves when handling , umney unless 
you want your fi nger prints in the central database. J 

Ideas 

Dear MOO: 

I am disgruntled with our phone service provider 
Qwest who charges us $1 no a month not to publish our 
names and numbers This is an unethical business prac- 



tice and corporate sponsored blackmail Therefore J am 
researching the phone numbers and addresses of some 
of their chief executives. | would like to know if you 
will publish this information on say a ball page along 
with a request for them io pay SI .90 per month each if 
they would like the information removed from future is- 
sues, I ihink This will get the message across to those 
who leel they can bully ihe consumer who can't choose 
another provider due to phone company monopolies. 

Phrt’dogC? Work 

It would also get us in an amazing amt Htnt of hot 
wafer since the number > are presumably unlisted in the 
first plate. This little a am is nothing new to any of the 
local phone « j wnpanir c You can easily get around it by 
simply listing your tine under a different name . i Then 
you also know w hen someone re calling you who is just 
reading your fake name at the phone book Incidentally, 
the only reason phone companies get away with this 
crap is because they technically "own" your phone 
number and can change it whenever they want. We're 
just lucky the post office doesn't have the some attitude 
towards street addres ses, 

Dear 2 61 HE 

Here’s an idea, When somebody bitches about you 
guys owning “ ww, fuck £ whoever he trn", ask that com- 
pany if they would like to buy Ihe domain fiame from 
you. Let's say for like $10,000 or something. (Just make 
if cheaper for Them to buy the domain name from you 
than to pay lawyers to take you to court.) If they agree., 
boom, you’re $10, (XX I stronger against fighting the 
MPA A. Plus that's one less pissed off company breath- 
ing dow n your neck 

Rcvi-rund. Daddy 

Plus ire also get rid of those nasty things known as 
ideals Don i you find it a bit disturbing for someone to 
sell their idea of free speech in order to have it si- 
lenced ‘ hvrn if n H ere tor a mil bon dollar \. it would be 
a pretty hollow victory. We should also mention that the 
moment von make such an offer, yon are immediately 
perceived as having registered the site in bod faith and, 
in most cases, that atone is reason for you to lose the 
site. 

Dear 2600: 

First 1 would just like to ask how- you guys can 
complain about Gilian Enterprises. They obviously 
know everything and have a product that w ill stop every 
hacker on the planet dead m their tracks What is wrong 
with you that you can’t see (bat their vague references to 
things Uuil sound technical make them industry expert s •' 
But I suppose if you arc realty tired of hearing from 
them, 1 wifi share a little l nek I found on the net. (This 
w as dcsi, ritvd in reference to credit card company mail- 
ers i Once you get the spam and a valid contact address, 
you simply send (hem a nice response. "Thank you for 
choosing 2firi(i Marketing Consultants. We will provide 
you wiih a free analysis of the advertisement you sent 
us. We can offer these services for a competitive price 
iblah blah hlahi. Any fulurv mailings will he considered 
a legally hunting contract (hat you wish io employ us 
further." (include critique here) If they send anything 
again, you send ihem an invoice. May not always stop 
them and you might not gel away with holding [hem to 


Page 32 


2600 Magazine 


it. Btil il certainly will discourage them. Until then. I 
urge you to buy (heir products. It is obvious their entire 
team needs the money lo surgically reverse the recto 
cranial insertions they suffer from. 


Dragon Byte 

Info Hungry 

Dear 2600: 

1 recently spent some time wilh a long-time 
NYNEX employee who (old me sUirics about PBX in- 
stallations for the president at hotels in New England 
and d u n i tg l he Carte r adm i n i s t ral i on I >i w s a i lyone h a vc 
any information about the presidential phone network? 
In the best interest of national security, of course. 

Screeching Wcud 
A ui 1 info we receive stave in these pages. We 
promise. 


Random Fear 


Dear 2600: 

Someone told me that I hey can search what I have 
on my computer. They said they could edit, delete, and 
add anything to my computer and all they need is to be 
online al the same lime lhal I am. Is this true? If so. how 
do they do il? Is there a way I can slop this from hap- 
pening? Please help me! 

Bmd 

Bad security can make anything jx>s able. We have 
no idea tvfuif kind of setup you have but tfilx poorly de- 
signed, you could have ail kinds of tnmbfes. This is 
above and beyond any problems vou might have at var- 
ious online services who also may hare security hales 
Vf>u could drive a truck through. Understanding vour 
vulnerabilities is the fastest way towanls understanding 
how they can be compromised 


Harassment 


Dear 26041: 

1 have an interesting slory thai everyone who en- 
joys privacy should read. J MB a student ai Northeastern 
University in Bunion, Today 1 was visaed' by two po 
licemcn wlm wanted to uilk to me aboul the conteti! ol 
web sites! that I was viewing. They dunned that certain 
materials and or sites are (lagged and that Ihev know 
every web site I have been to. When I asked whal spe- 
cific sites were "flagged" they said I was being "eva- 
sive." When I asked if they will keep harassing me if I 
kept going, in these sites they said "maybe ' E still have 
yet to know the URL of a single "flagged site." I am 
wondering if this is true or not. 1 hate to ihink that my 
college luil ion and money paid for Internet service is 
used to pay some person to spy on us. What should 1 do? 

Nate 

The first thing to do is find out just who these 
clowns are who visited vou What kind of "police " w ere 
they ? Campus . city, stair, federal? Or were they even 
cops at ail ? Once you hirer that established, demand fo 
know ulna specifically they want and don s be afraid to 
raise a stink about this, living a cot lege student, vou 
also have the advantage of possiblv being around pea 
pit who still believe in f mutant of sped h. the that ide- 


alism to the fullest and don't he afraid to get others in- 
volved, fie prepared for an\ site that you may haw vis- 
ited to be made public - they may also try to make stu ff 
up which is why keeping logs is a good idea This kind 
of thing happens far too often and it\ onh by loudly 
challenging these people that anv thing will t hang* 

Dear 2600: 

The other day as 1 was casually looking through a 
national newspaper I came across ibe bead] me "Give 
Up Poller Website, Film Giant Tells Girl. 15 and. like 
anyone else. E continued u* read. To my horror, disbe- 
lief. and any other negative emotions you can think of. a 
15 year old girl who owns the site www harry pnuer- 
guide.co.uk/ received a threatening letter from, yes, you 
guessed il, Warner Brothers stating that it she didn't 
hand over the domain to them she would be liable far le- 
gal action against her. The site itself does mil claim to be 
uuy tiling but an unofficial Ians’ site and even links to (he 
official Wfirneri Brothers site What makes u worse is 
lhai be I ore trcdifcig ihe site, she wrote to tbc author of 
the book who replied. "Thank you very much for being 
such a Many Potter fan.” 

Sam T.' 

Font can learn more about this at 
www , ffottenvar. org. uL 

Dear 2600: 

Since T have free lime now, t figured I would write 
about the severe injustice I suffered ui my local high 
school last year As a reader of your magazine, l at 
quired knowledge of the hack doors, hwiphtdes, and se- 
curity issues nl Windows NT. Knowing these exploits. I 
attempted la educate and help the technology director nf 
the school by show ing him a couple of possible security 
issues he might have. I figured that would be the right 
dung to do, seeing how die re are many vandalism: chil- 
dren who lake pride in "messing up the computers’' at 
school. Well, apparently knowledge is illegal, I was im- 
mediately suspended from the computers, banned usage 
of them for over a year, and given warnings and deten- 
tions by rii v dean. For whal? Just for trying lo ;iui some 
one? I do inR Maine this on my schooling system as 
much as I Jo die person who initiated my injustfee. Had 
the technology di recto t asked me to kindly no! show 
him what I bud known, th.il would be a fcffcnSrrt story 
But he insisted l hat he should see the exploits. Over 
unic. ] have protested to my dean and regained access to 
die school's computers. But whenever I do use them, I 
am under the strict watch of the admin, I do hope people 
learn from this and realize that sometimes help isn’t ap 
predated 

RapScp 

I b ar 2MH): 

We have never been Mi thick fans and have always 
distanced ourselves Irotn his controversy But what wc 
have jusi seen disgusted us and made our blood boil. It 
seems lhai M (truck could possibly gel into even more 
trouble for something Ik didn't do. While trying to de- 
termine Ihe source ol conflicting news stories about the 
recent i 1/25/01 ) Microsoft DNS breakdown (was ji a 
technical fuck-up. a genuine hack, or ass covering?), we 
ran across an interesting, yet disiurbing, picture on the 


Page 33 


home page for Fox News. 

The graphic is a collage of computer-related pic- 
tures and symbols, plastered beside Fox's Microsoft 
headline. I he most noticeable feature is the right half oi 
Kevin’s mug (the chubbier, younger, pre-trial Kevin), 
strategically placed to give the story a mysiei i mis. men 
aeing appearance. U is shocking and outrageous that his 
face is used to adorn a news story he has absolutely 
nothing to do with. UN one thing if the story delved into 
past hacking incidents and used Milnick :ls an example, 
but nowhere in the story is Milnick mentioned m im 
plied! Why must his picture be associated with this, es- 
pecially since at the time of the incident there were 
conflicting stories between rival news agencies attribut- 
ing the Microsoft DNS cmur to either a technician en- 
tirely goofing up with no mention of attack (Reuters), or 
a massive DoS attack after the goof was fixed (AP), No- 
body can get the facts straight! 

This kind of bullshit could crumble the fragile free 
dom Kevin currently possesses. If the “wrong" people 
see i his web page from a supposedly “reliable news or- 
gan i /.mi on ’ and start asking questions, they could de- 
cide to place him hack into prison for no reason 
whatsoever. How many others out there are going to as- 
sume that he’s involved with ihe Microsoft fuck-up just 
because his picture is there? It angers us that some semi- 
creative artist with a G4 and Quark could unknowingly 
ruin this man’s life all over again. May Fox News and 
Rupert Murdoch burn in hell for a thousand eternities, I 
am registering foxnewssucjts.eoffi right now and will 
cache the webpages there. 

He did his time, he received his punishment, he 
needs to be left (he fuck alone, 

Majick Mutex 
Jenn 

This is really par for the course as far as the media 
and Af itmek ate concerned, Bui we're glad this instance 
opened your eyes. It's also somewhat ironic that they 
got then picture from the 2600 site without asking us. 
Now imagine if we did that lo them. 

Dear 2666: 

I have two problems: My principal suspended me 
from school for posting flyers about 2600 meetings in 
the halls. Do you have an explanation I could give to 
him and the tech gays so [ can gel my Im cruet privileges 
back along with respect from the tech guys/ 

My second question is this. Every time anyone in 
my family calls anyone we hear a dial tone in the back- 
ground and then the lady that says “hang up and try 
again" comes on. Do you know how to fix this? 

KNP 

you don't owe your school an explanation they 
owe you one. Like how posting a flyer is a reason to sus- 
pend someone s Internet access. We amid tell sou to try 
and explain the concept of 2600 meetings, how they’ re 
open to everyone, haw we don V commit crimes , how it s 
ail about learning.., somehow wt: think it would fall on 
deaf ears. 

■Tv for your phone problems, it sounds like a 
crossed w ar. tint st ■•cm to be picking up two lines but 
only getting out on (me. The second line times out and 
gives van the off-hook error, Hfc suggest trying this from 
the point where the phone line comes into your house, if 


you notice The problem there , then its the phone com- 
pany s fault and they have to fix it. if you don 't , some 
thing is wrong with the wiring inside your house. 

Dear 2 fit HI: 

My school, Baylor University, has recently decided 
I o attack i he non -official student publication, The Bay- 
lor Review, for using their name. They contend that we 
will cause mass confusion and are threatening legal! lies 
unless we relinquish ihe name and the domain 
(www baykurevtcw.com). To me, all of this is just 
si Lipid We are non-pro tit. ihey have allowed us to dis- 
tribute on campus since November of 2000, and this 
conies lifter we published something that may have 
*g&sp* offended or embarrassed some of (heir profes- 
sors, 

.Since you guys have been in very similar positions 
(at least with domain names), I was hoping that maybe 
you could give me some pointers or advice. 

Corv 

It's an intimidation tactic and they will only took 
had it they pursue it. Since you arc a publication, von 
have an immediate advantage in being able to reach 
people. We suggest that you publicize this as much os 
possible until the university backs down. Precedent is 
also on your side - The Dartmouth Review has existed 
for ages as a non-aff Hated publication for Dartmouth 
College. As long as you're not pretending to he some- 
thing void re not. such as u department of the school or 
an officially \anetwned publication. You're in the clear. 

Cluelessness 

Ifvur 2600: 

I just wanted to write lo say I'm miffed. No, fuck 
thal, I'm pissed. I’m an inlemet consultant and I re- 
cently took a contract at a Hew company. Now, like a lot 
of consultants. 1 w ork off hours. Here 1 was sitting at the 
oil ice ni the wee hours of the morning waiting fora frig- 
gin' server to reboot and I thought, "Hey, I'll go see 
what's new at 2600, com. "’ Lo and behold, what do 1 see 
on my screen? A message telling me this is a non -busi- 
ness site - "reason: criminal skills’? WTF7 Apparently, 
whoever set up iheir "nanny ware" doesn't have a clue. I 
make it a point to hit your URL at least 20 times a day, 
just to make y point to those who read the logs. Maybe 
someday we can reach all the misinformed and unin- 
formed, bul (hat’s apparently not loday. 

Have any of your other readers seen this? 

Burin 

Far too many. 

Dear 2600: 

Our Verizon account is useless because they block 
access to our own SMTP server. When [ signed up for a 
business account with Verizon to provide dial-up access 
for our sales representatives, 1 was told that we could 
use our present e-mail server over ihe Verizon dial-up 
service. Now 1 find that this was not true. According to 
the Verizon technical support supervisor, Verizon inten- 
tionally prevents customers from accessing any SMTP 
(outgoing mail) server oihur than those owned by Veri- 
zon. The excuse for tins action is to prevent “spam" e- 
mail messages, but the result is that competing services 


Page 34 


2600 Magazine 


are prevented from operating over dial-up Internet con- 
nections provided by Verizon. 

Randy Ford 

tkar 2600: 

Having been a fan of this publication for quite some 
time, 3 could think of no better way to show my support 
ihan to purchase a ice shin: from 26fJ0.com j chose ihe 
blue box design and have worn it with pride Recently 
however. I’ve noticed thal when 1 wear it in computer 
si ores i receive nothing but cold states and dirty looks, 
almost as though ihey suspect I’m going to rob the 
place! It’s like they’re profiling me because of the shin I 
wear, which is a shame considering 2600 is so strongly 
against criminal activity. In fact, one gentleman I metal 
(he mail was surprised thal I had the courage to wear 
such a shiri! I was about to discuss the magazine with 
him but he seemed to think thal we would be arrested 
just for mentioning it, I honestly believe this may be a 
reason why certain people don’t want lo w r ear such 
clothing. All I can say is that we need to let people see 
we’re proud of what we are and what we stand for. No 
matter how many dirty looks I receive, I will continue to 
show my hacker pride and not let these sadly misin- 
formed individuals gee me down,. 

Screamer Chaotix 

Connecticut, USA 

The only answer to This hnd of Ignorance is To make 
more shirts, 

Dear 2600: 

Recently my mother passed away, I went looking 
through the family photo album for a picture thal I could 
enlarge to display atop the coffin during the service, 1 
Found a picture that I really liked and everyone felt re- 
ally showed her well. 3 took the picture down to the lo- 
cal Target to use Ihe nifty I i tile Kodak image processor. 
As I was laying the picture onto the scanner bed, an em- 
ployee came by and (old me that l Could not enlarge that 
picture. The picture was taken at a studio, therefore I 
couldn't make a copy. Since (he picture was dated 1986, 
which would have made me four at the time. 1 went and 
asked my lather where the picture had been taken. He 
was sure it was a small local studio that has since closed 
down. So now 1 had a picture that my mol her paid 
money for. but couldn't have enlarged and displayed at 
her funeral 1 5 years later because of copyright. So 1 
went to Kioyrt where nobody cares and used their Ko- 
dak image processor to do it. Copyright, or at leasi the 
current way we have it set up, is bullshit. 

Sellout 

Observations * 

Dear 2600 : 

1 have noticed as a reader on and off over the Iasi 
few years ihsu 2600 has become more of a political and 
social platform, in certain aspects, than a technical fo- 
rum. The' Fall 2000 issue was good, more techie articles 
1 felt. Don't get me wrong. 3 know whal I he magazine 
has been through of late, but it is hard to gel my new is- 
sues every lew months and find it filled with articles 
about what court cases you are going through and read 
ing about kids in high school who arc getting busted by 


cranky old English teachei s and such wht n 1 am exact- 
ing information for these kids and myself about com- 
puter and phone systems. I guess my question is: Where 
do you see the magazine going? 2600 is the place I go to 
get new ideas about tech issues that are more edgy as 
w r ell as new ways of looking at them, 1 hnpc that israh 
lost in these philosophical and boringly accusational ar- 
guments. I really want to impress that I do wan! to sup 
port 2600 in the court eases etc, but 1 want a lech 
magazine as well. 

C 

We "11 make yo,u ti deal then , We will continue to try 
and print edgy technical info that others an 1 afraid to 
touch if you help us fight for a society that will see this 
as a good thing , Wfe would like nothing better than to be 
able to print articles without having to worry about 
winch megacorp will come after us next. But as long as 
that keeps happening and as long as freedom of speech 
and association are punished Instead of embraced, 
we're going to have to fight back, in these pages and in 
other forums. If we lose, you likely won 't have anything 
at all to read. 

Dea r26Wt: 

While reading an online article about your recent 
court ruling to remove linking to DeCSS code, the arti- 
cle stated that linking to the material was considered il- 
legal. This is what caught my attention. Now not only 
distributing this code is illegal; bul the mere act of in- 
serting a link into a web page to this information i s ille- 
gal It would be like you asking me where you could 
buy a gun, l tell you Dick’s Sporting Goods and then 
you kill someone. Am I responsible for any wrongdoing 
(keeping in mind shat I didn’t provide you wfith the gun 
but only the information on where to buy one)? It seems 
to me that the ruling is extremely unfair and unconstitu- 
tional. 

* 31337 * 

We prefer tit avoid gun analogies almost us much as 
house analogies. What we need to remember is that 
we 're talking about speech, something far more valu- 
able - and powc rfui - than any weapon . Mirny reason- 
able people are sickened by the proliferation of guns in 
our society. But to see speech as a threat - that requires 
a distinct hostility and fear towards the openness we "ve 
always been taught to value. You don V need an analogy 
when the actual event is so blatantly wrong. 

Dear 2606: 

[ was doing some research on different computer 
laws and qitmc across am interesting section - the House 
Co nun mice Report oji the Copyright Act of 1976, page 
54, states that iHe term "Irterury work*.? includes com- 
puter databases, and computer programs lo the extent 
that they incorporate authorship in the programmer's 
expression of original ideas, as distinguished from the 
ideas themselves." Now if a computer program (DeCSS 
more specifically) lulls into a similar if not identical cat- 
egory as a literary work then it should stand to reason 
thal it would be protected by free speech as well. 

Kyle 

Dear 2600.- 

Have you ever had a traffic ticket? Well, 1 for one 


Spring 2001 


Page 35 


have, and a lot of my friends have as: well. I have also 
found a major II uw m ihk- Ohio computer systems that 
control the “points” you receive when you get a ticket. 
E hts may work in other states, although it has not been 
tested. Now here s how it goes, ff you are over 18* then 
(his pertains to you because minors have to appear in 
court. So you get your ticket, let s say for $ 100,00 to 
make it simple. Now you have chosen to pa.) by mail. 
You write the cheek for SI 05.00 {ucxideniaCiy - wink 
wink), then you mail it in right on time. In a lew days 
you will receive a check for S5,(J0 Don't cash it 3 Ins 
will show the computer that you paid, but it won't actu- 
ally be finalized so no points will be pul on your license 
I Imve had several Inc rids try tins ami rl worked joi 
them. 

-otacon- 

It’s somehow Heartening to think of people till over 
the counrry rushing out to yet moving violations so they 
can text out this theory 

lltttr 2600: 

Something rather interesting E came across on the 
Internet; if you go lo the Radiohead site t www. radio- 
hcadx'om t - make sure you go completely into the site - 
there is a link, to the 2600 Secret Sen ice page. It is un- 
der "trapdoors”. Go to the one lh.it says something, 
about dots. I think it's great that word ol you gels 
around. Then again, no reason it shouldn't. Keep up the 
good work and don't let those corporate giants try and 
bully you ... The bigget they are the more they bitch.. 
eiTT harrier they fall. 

kevZerO 

Dear 2600: 

I was poking through the registry m Windows and 
cam across an interesting kev. Go to “HKEY LO- 
CAL MACHINES dtwareVMicrt>sofi\Window sVCur- 
rent Vers ion” then look tor "DVD_Region"=’’]” I don't 
know if changing it will allow you to watch a different 
region code DVD. ] don’t have a DVD installed on my 
computer. 

Three 

Dear 2600: 

i liked the half 2IMKJ cover. Nice touch with the 
handcuffs! 

Mad Pyrxitechnologjsl 

The Philly police really deserve all the credit. 

Dear 2600: 

Everyone has responsibilities m life, like it or not 
I-irst* lei me tell you about mine. I work lor one of the 
largest consulting firms in the works When first hired. I 
Mad very little job security due to the fact dial J was well 
known as a hacker. Over the period of two years. that 
has changed. Most of the people 1 work with are now 
extremely interested in non -malicious unauthorized se- 
currty audits. 2600 articles are now everyday con versa - 
lion material. I feel 1 have done my part, relative to my 
responsibility, to clarify to the people in my scope what 
the word "hacker" really means. You, however have a 
much larger scope and have voluntarily assumed the re- 
sponsibility of being the voice of the hacker community. 
Why then is it that all you can do is pis* and moan about 


I lie bad conootafinn the word “hacker" Jins received? 
We are hackers, not criminals. It is your responsibility 
to make this known on the global level I therefore re 
spectfully request that you stop pissing* moaning, and 
trying to play martyr, and voice lo the world what a true 
hacker is. We w ill be extinct sooner iho.ii anyone real- 
izes 1 1 we don’l take our name hack from the irresponsi 
hie, adolescent, | lower- tripper wannabes w ho just w ant 
jn iwer and a free ride on OUT coattail s 'cause they liter 
ally can't hack it 

I Hie information m this e-mail is confidential and 
may he legally privileged It is intended solely for the 
addressee. Access lo this e-mail by anyone else is unau- 
thorized.) 

Trigga Bistro 

Well, you've got tiv thoroughly confused. You want 
u$ u> fight for the h < ml Hacker hat not complain when 
tt\ misused? We d sure like some specifics tm how such 
fj thing can he done. And keep in mind that w have ac- 
cess to , m most, four dimensions. 

Dear 2600: 

Please spare ms your bleeding heart commentary on 
the RNC protesters in Philadelphia this past summer (as 
mentioned in the editorial in 17:3 and again in a letter 
from Prehistoric Net Guy in 17:4), 1 work in Philadel 
phia and witnessed it firsthand. I saw a chaotic group of 
drunken douche- bugs with no political message or com 
i non cause who showed up simply to vandalize oar , rty 
Die “puppet fuctoty also hod a nice apply of bats* 
pepper spray, and oilier goodies that Prehistoric Retard 
forgot to mention. 

Point in face t )ne of these morons (probably one of 
the same type of geniuses who releases an e-mail vims 
on the web for kicks) picked up u, newspaper machine 
and launched it into oncoming traffic for no other reason 
than to have a laugh with his buddy A sole Philadelphia 
police officer instructed this idiot (in a calm manner no 
less) to return the machine to its original spot. At this 
outlandish request, the protester picks up a bottle and 
whacks the cop -quart: in the face. When the cop 
grabbed him. another protester came over and the two 
proceeded to kick the crap out of the cop until they were 
finally scared off by a group of citizens and approaching 
police. The officer never drew his gun or nightstick* de- 
'■pite having every right to do so rl would have shot the 
assholes). 

The Philly cops remained calm and violated no 
one's rights, despite w hat the liberal news media tried to 
portray, 1 have no s> mpaihy far any of these opporturns 
tic "protesters ' and they did not win unv citizens of 
Philadelphia over to their cause ( whatever that cause 
was.., unrestricted vandalism perhaps? Public loitering 
and drunkenness? I am still trying to figure it out.). 

It you are going to make a statement* at least make 
it accurate. All these charlatans who were airestcd goi 
whdE they deserved. And no one w as abused by the pti- 
lice„, period. 

Your Mom 

Well... thunks for setting us straight. Now if we 
could he permitted to steer your ship a little closer to 
Earth for a moment, we d like to ask a couple of things. 
If something as you describe werr lo happen to a cap. 


Page 36 


2600 Magazine 


you can bet a hundred other cops would have bttmedi 
ate tv converged on the scene - ir ivcu a demonstration 
after all and they weren V eiat ffv isolated, In addition, 
with the vast number of cameras and me dm anmntl. 
there would have been multiple camera angles of this 
incident. The ''liberal news media weu most definitely 
not sympathetic to the demonstrators so h7jy didn't wr 
see this event wet and over? And let's fora moment as- 
sume that it even happened. You a rm to have trouble 
distinguishing drunken iditrts form intelligent protest 
era. How do you kitmc these people had anything to do 
with the demonstrators who ire re* arrested and held in 
prison for ten days tm a milium dollars trail? (And inci- 
ih'iiuilly, virtual!) all damp -, wound up being dropped 
or dismissed when no evidence uw presented. ) W7jv 
were none of the Manii Gras vandals and hooligans 
treated as harshly ? Where ate your criticisms of a truly 
drunken mob intent on destruction ' We realize that civil 
disobedience cun mt \s up \ottr ,v< hrJttlc n?ren protest- 
ers Mock traffic on vtiur way fo work. Huf it takes guts 
and commitment to a muse. That should be respected 
whether or not you agree with their position. You had a 
chance to interact and learn something from people 
with a different perspective. Instead mu chose to rr in- 
force your stereotypes and spnad venom. It’s your loss, 

Door 2600: 

[ just wan let! lo tell you thiu the paper you use for 
your mag is some of the best smelling paper out there, 

mull? 

We try. 

Dear 2600: 

1 was intrigued with this quote and thought it might 
interest everyone. "'Che search for static security in the 
law and elsewhere - is misguided The fact is security 
can only be achieved through consi am change* adapting 
old ideas dial have outlived their usefulness to current 
l acts." -William O Douglas i I K98- 1 9KU> U S. Supreme 
( oLjn Justice 

Wow. 

zerolemons 

Dear 2600 : 

In the wake of what will no doubt be the end of the 
first of many chapters to come in the DeGSS case* I 
think it's greai dial you guys are standing your ground. 
Contrary to most of ihe suggestions you've been gel 
ting* rather than finding a way around the parameters set 
hy the MPA A. you’re going to keep fighting for what 
you believe is right Thank yog. 

noire 

Colorado 

Dear 2600: 

Radio .Shack is now selling the memory tone dialer 
lor S4.97 if you can find it, Yes. they are discontinued so 
no more can be imlcred- If you don't gel one* they w ifi 
basically be thrown out, so dumpster diving is also an 
option. 

Eric 

Dear 2600: 

Regarding “computer'’ 4 6 = 666 and “hackers' * 
40 = 2600* even belter Take the ASCII code ( A=65* not 


A as in the above examples) from ■WHY ! AM II 
GATES III" and divide the sum by two. 

Oh* we knew it,... 

kju 

Dear 2600: 

Just wanted to let you know (hut someone on Nap 
ster is sharing the H2K mp3 files lhat you have on your 
web site. 

almighty coup 

Thai’s why we put them up on the site, so people 
could trade them freely. 

Dfit r 2600 : 

I had just bought the 17:4 issue and never really had 
time to read il. I took it to school and begun reading 
through it. ) saw the article on MSCE and gave it to my 
friend who was talking about how he wanted to become 
a MSCE Me in turn went oul lhat night and bought the 
issue, [ he next day he showed il to our graphics design 
teacher. Alter hi told me ibis. J thought to myself* 
“Great l There goes my high school career.'' Turns oul 
the teacher wav pretty cool about us having it. He had 
read die article on hacking NT He even thought it 
would be a good idea to try it. So guess what !7T He 
showed the amcle to my programming teacher, who 
happened to he the head computer guy at our school. 
Now I'm in deep shit, right? No. My teacher thinks dial 
reading the magazine would be one of the best ways to 
learn to program! Now he is get ling a subscription for 
himself and maybe a subscription for the school* Add a 
lew more pages and your magazine could be a text book 
for a classroom, 

HiohazrdSl 

Dear 2600: 

Greeting v. 11 you don't know* Jello EMafra’s H2K 
speech is included in his newest spoken word album. 
“Become ihe Media" is a 3 CD sei that you can pick up 
at ww w.altemiii i vcnentacles.com There's also a. bunch 
of kick ass pieces against globalization too. No, this is 
not an ad. but ! think thai a lot of hackers might be in- 
terested in checking it out and also becoming more in- 
volved/knowledgeablc about l he anti-globalization 
move me ni Best wishes and good luck w j ith the appeal! 
Solidarity. 

Xian 

It might be a good idea to rush down to Watmart 
and demand that they stixtk this Don t hold your breath, 

Dear 2600: 

Greet/ from Germany wlwre 1 just had my final ex- 
ams in high school English, biology, computer science* 
and crypto were the mam topics of the live hour long 
exam, We had to decrypt some texts and find keys. I 
thought putting on the 2600 shirt with ihe crypto theme 
would be totally /eitgcistish so l pul it on during the 
exam. Ml readier had to check if the mfo contained on 

ir 

the shirt would lie Ip me m any way, He found that it 
wouldn't and asked me where he could buy one of the 
shirts, 

Zeitgeist 

Dear 2600. 

Let me start oft by saying that I understand lhat ihe 


Spring 2001 


Page 37 


extent of your involvement in so much legal contro- 
versy must require an immense amount of money. Of 
course the HKF cannot cover everything, hut I am sure 
that by lowering the price of 2600 you would get a lot 
more readers. $7,15 CAN is fax too expensive, and 
everyone with at least a little common sense knows very 
well that your production and distribution costs arc not 
that high. 

hemlock 

First off, we're not jacking up oui news stand rates 
in mine funds for (he lawsuit. Our price has hven the 
same far Two years and out subscriptum rate ri the 
same as it hv/a all the way hark in 198*2! A.v for the 
Canadian dollar, it converts to levs than 65 cents of a 
US dollar That means you 're aetually paying less than 
people in the Stares, For a tong rime we wett selling 
2600 at the wrong exchange rate and we actually 
wound up owing our distributor money for sales. You re 
welcome to use this common sense of yours and try to 
do what we do for less money without any advertising. 
We think you 'll find that talk is about the only thing 
that s still cheap. 

Dear 2600: 

Hey guys, just a head's up - it looks like somebody 
has caught on that corporate evil exists in not only the 
technologies industry, but the airline industry as well. I 
found that www.fticfcnwa.coni graciously points to 
Northwest Airline's web site, www.nwa.com. 

YYeez 

Dear 2600: 

l was wondering if you guys have looked into a pro- 
gram called ASF Recorder. It's described as enabling 
someone to download stream iirg content in Windows 
Media Formal to their hard drive. The resulting files 
will he in AST' format and can be played with "Windows 
Media Player and derived tools. You may call ibis the 
"DeCSS" for Windows Media. 

pulrick 

Dear 2600: 

Whether or not J view sending MP3s over the Inter- 
net as just harmless si wing. I don't believe laws such as 
DMCA and the ruling on Napster arc good decisions. 
One of the most fundamental things a law should pos- 
sess is [he ability to be enforced. Without it, the law is 
just a collection of words on paper. This is the situation 
with DMCA and the ruling on Napster You cannot and 
should not even attempt to restrict the Internet or com- 
puters in any way, except maybe fhc Computer Fraud 
and Abuse Act (realistically speaking, we probably do 
need that law). Unless the government hires thousands 
upon thousands of computer experts to constantly scan 
the entire Internet for '‘illegal 1 ' tiles, considering how 
dynamic the Internet is, they would have no way in hell 
of ever enforcing that law* rendering it useless. It is a 
had law. 

rootxll 

Dear 2600: 

I was looking around in my new copy of issue 17:4 
and noticed on page 44 the statistics of the magazine’s 
subscriptions. Is it true that there arc only 5*680 sub- 
scribers nationwide and only 75*000 issues sold per 


quarter total? I his is disturbing. With such a long his- 
tory of publication, t would, have thought that more peo- 
ple would support your (our) causes by subscribing or, 
at least, buying (he magazine. Perhaps I should get more 
“Free Kevin" and "Stop the MPAA” bumper stickers to 
place on my car. I should mention* also, that I like the 
new format of the web site. 

Sir Poet 

7SAH30 may seem smalt to you but to us it's huge . 

< amide ring that our first issue wtrj sen! to a couple of 
dozen people, it's almost frightening how far we've 
come. Of course we can always try to reach more peo- 
ple but we find it incredible that we've mode it this far. 

Dear 2600: 

I don’t know about the test of the world but Verizon 
has an ad campaign going in Pennsylvania, stating 
"Keep Verizon together for the good of Pennsylvania? 5 

shader 

That sounds like a veiled threat to u.\. 

Dear 2600: 

I was sitting down watching Romeo Must Die after 
a long day working and needing to unwind by watching 
some seriouN ass getting kicked. Anyways, about 
halfway through the movie, the main character picks the 
lock to the apartment of his murdered brother. Why is 
this important? The number on the door was none other 
than 2600 [ l don’t know' if the studio is one of those 
who sued you or not so I don’t know if there’s a hidden 
meaning. 

ganOn 

Sometimes a number is just a number* Bui why 's to 
say? W 

2ms Amti'IMB V» v V 

Dear 2600: 

I recently found this massive computer thing a local 
company hud next to their dumpster. I figured [hey did- 
n’t want it anymore and that it would be interesting to 
pull apart. When 1 got it home. I decided to plug it in to 
see 1 1 it worked and it seemed to be OK, making a few 
beeps and held light flashes. I think it's some sort of 
telecommunications or networking device but it’s very 
old looking and has no means of connecting a monitor 
or keyboard or anything. It’s called a Telemetries Sys- 
tem I XXX and there is another sticker that says Tele- 
metries S60O, I have tried their web site but can’t find 
any info on ibis beast, as they only seem to give out 
technical info to corporations by an application. They 
also don't call themselves Telemetries. 

So to cut a long story short I was hoping you would 
be able to point me in the right direction to find some 
documentation about it or shed some light on what it ae- 
tually is. 

Kal 

Weft ask around, it would have been helpful if you 
toid us what name they actually use instead of Telemet- 
ries. 

Dear 2600: 

E found these exact instructions while at my local 
TV shop last weekend. 


Page 38 


2600 Magazine 


“Instructions To Convert Orion DVD Player To Re- 
gion Free Status 

“I Connect DV D to your TV. 

“2, Simultaneously press and hold down QPHN. 
STOP, and FAST FORWARD buttons on the DVD 
player. 

“3. After a few seconds a menu will appear on your 
TV screen. 

“4. Using the arrows on your remote control, select 
Region Number and change from 2 to FRI i Press Se- 
lect on remote control. 

“5. Change Colour System Setting from Manual to 
Automatic and press Select 

“6. Go to EXIT and press select^ 

The DVD Player will now play all region discs;” 

These instructions ripply only loi Orion Model 

D3Q0L Thought phi livid them interesting. I 

haven't tried them out but the shop claims they work. 

Robb 

Ireland 

Dear 2600: 

I w r as playing around on my phone dialing numbers 
with Verizon prefixes, I sort of hold a grudge against 
Verizon Wireless because of bow they fucked me over 
mto a contract. They were d.uming “free nights and 
weekends’ and even had tin signs but when I spent 
about 1000 minutes on my weekend phone, they clari- 
fied that free only meant HIM l minutes. Fucked over and 
dealing with it while bound in a contract, 1 found out a 
number they use for directory assistance. This is it: Dial 
"812,454,00 1 2” and you are connected to Verizon's na- 
tionwide directory assistance they also wilt connect 
the call fjoryou automatically. Your AN I will come up as 
“8 121454.00 12*1 Cute, huh? ^ 

Memories 


I loved those times and I thank everyone for being a 
part of it. Because of this wonderful hobby, I have suc- 
ceeded in my goals. 

Stevie B a.k.u Blue Lightning 

Things are never the same. But in other ways rltey 
are. The years you describe are undoubtedly beyond the 
point where others would say things changed for the 
worse. And what’s happening right Jjow will one day be 
described as the good old days, it 's up to ail of us to see 
that the magical spirit that has been a part of the hacker 
world from the beginning is preserved and respected. 
There will always he people who gel it and as long os 

Fighting Back 

Dear 2600: 

After reading the Verizon article in your summer 
issue and the subsequent letters in the fall issue (not to 
mention, the ridiculous letter from CBS), I decided 1 
could pul a domain name l was holding onto to good 
use. I would like to extend an open invitation to your 
readers to post a page of protest against whomever they 
like on sue ksdonkeybalb,com. Of course, the effect 
wouldn’t be complete without subdomains so all pages 
will get their own. Who wants to be the first to post ver 
i zon . s u cksdo n ke yba 1 1 s.com 7 

Scott 

Dear 2600: 

I wanted to contact you to inform you that your ef- 
forts are not going unnoticed. 1 am a graduate student in 
San Antonio earning a Masters in Fine Art, As of today, 
my new r work will be up in Gallery E* a campus gallery 
run by the grad students themselves, 1 have signed up 
tor this space and wrill have it for the next two weeks. 

The reason for me contacting you is because my 
new work consists of the issues at hand bent: with the 


Dear 2600: 

Can you remember the times when you were stand- 
ing at the payphone, hacking VMB’s just to have a box 
hi pass around (with the same h/p info as all che other 
VMETs out there)? How about travel mg at speeds of 
2400 up to 14.4 to a BBS with one node to download 
something that was 800k and still took a half hour l That 
did not include the time to gel through to the BBS. due 
to busy signals! Amazing - now we complain that our 
cable connection is slow. 

This was true hacking. When the world was truly 
"underground,” trading good info to each other. Calling 
cards never died, no such thing as ’’trunk tracing.” Oh 
yeah, "Operator, can you place this 1-800 number for 
me, I have opera Eor privileges." Good times and we 
loved it. How aboul the bridges? They never died and 
we nil got along, trading our info Idr the good of each 
other, no one else, just our own little clan, 

I cannot remember how many Ti/p/a/c" groups that 
l was a member of* only that I loved being in each and 
every one of them. And you know what separates "its" 
from Che rest? The fact that “we" did this tor kicks* m>t 
lor money. We wanted the power and 
wc got it. No one was a rat. We were | 
all a family. 


MPA A and E>eCSS. I followed the trial over the course 
of the summer and upon learning the verdict felt that l 
must do something. The piece itself is called “DeCSS." 
F:xhibil A consists of 12 binders containing the entire 
court case as displayed on your web site. Exhibit B con- 
sists of the actual source code for DeCSS* obtained long 
before (his whole disaster struck, Fix hi bit C. consists of 
four t-shirts with the words css. descramble. c written in 
the center and hung on the gallery walls. 

rent- gonzalrz 

Dear 2600: 

Last night the officers of MGN (Metropolitan Gen- 
der Network), a group for transgender* transexual* drag 
kings and queens, resolved to send 2600 a message of 
support for your fight with the MPA A about the DVD 
decryption code. Our struggle is inextricably tied to the 
battle for freedom of speech. We wish you luck in your 
court fight, 

Marina Brown (MGN) 

Bir haven 't gotten support from every walk of life 
imaginable buf we 're getting pretty close , 

iitHsrFtWfmtcTnmVTfi 


Spring 2001 


Page 39 


Secrets of Electronic 



by Trailblazer 
t rai blazer <® usa.com 
While the supermarket experience 
is probably taken for granted by most 
of us, some will nevertheless notice 
that these places are technologically 
evolving. Computer-based cash regis- 
ters, laser quality receipts, and com- 
mercials running on Aatscreen 
monitors are all commonplace in to- 
day’s supermarkets. 

Remember those clunky guns that 
spit sticky price tags, allowing even the 
slowest stockboy to price a case of 
canned soup in seconds? Well, they've 
disappeared, too. In most of today’s su- 
permarkets, you'll see a laser-printed 
label placed on the edge of the shelf. 
Some supermarkets have gone a step 
further and introduced electronic shelf 
labels (ESLs). Through some social 
engineering during some late night 
shopping. I’ve learned a little about 
these things and would like to share 
this information. Hopefully you’ll find 
this technology as fascinating as I do. 

These ESLs are simply small plastic 
panels with an LCD display, promi- 
nently fixed to display a product’s 
price on the edge of the store shelf 
There are several companies that man- 
ufacture these products, hut in my 
area's supermarkets there are two chief 
vendors; Telepanel Systems and Elec- 
tronic Retailing Systems International. 
Their price tags come in various 


shapes and sizes, sometimes with one 
LCD display and sometimes two. In 
my local supermarket for instance, 
smaller items like spices and condi- 
ments have small displays; larger prod- 
ucts like paper towels have larger tags. 
Some even have hidden buttons that 
display additional information (prod- 
uct UPC codes in my limited experi- 
mentation) when pressed. They’re 
pretty rugged and if you’ve ever 
worked in a supermarket you’ll know 
why. These things need to withstand 
runaway shopping carts and bored 
children's busy hands. I would guess 
they're also water-resistant for obvious 
reasons (or should I say raspberry jam- 
resistant) ! 

I've tried removing one of these 
tags from the shelf and it was tough. 
The shelf edges were slotted to house 
the tag snugly. Once I did remove it, I 
noticed the tag was powered by a 
wafer- type watch battery in the hack. I 
removed the battery, awaiting the obvi- 
ous effect of the LCD display going 
blank. I replaced the battery however, 
and the original price returned. How? 

The electronic price tag system is 
quite sophisticated. Imagine the super- 
market as a giant LAN, with each price 
tag being a node in that network. Each 
tag communicates with a server some- 
where in the back office. This server 
receives a feed from a database run- 
ning on the supermarket chain's main 


Page 40 


2600 Magazine 


server, presumably located at its head- 
quarters. So price changes can be auto- 
mated right down to the shelf. For 
example, a supermarket bigwig at the 
headquarters decides the price of Jell- 
O needs to go up. He makes that 
change in the database, and that change 
is pushed to each store's hack office 
server which then sends that update to 
the label. Voila. the price has changed 
on the shelf, no price gun required. 
That back o i l ice server is obviously 
part of the POS (point of sale) system, 
so you know you'll be paying that new 
price as the clerk is ringing you up for 
your Jell-O. 

The means of communication be- 
tween the price tag and the back office 
server is even more remarkable. In my 
supermarket (an Electronic Retailing 
Systems customer) this communica- 
tion is wireless - the labels communi- 
cate with their server via RF! Cellular 
transmitters are mounted on the ceiling 
and transmit via a 2.4 GHz spread- 
spectrum frequency. Price changes are 
distributed in this way. When the label 
receives the message, the display is up- 
dated, showing the new price. 

Though I’m not sure how, RF com- 
munication occurring between each la- 
bel and the server is two-way, and it 
resembles a TCP connection. Each la- 
bel has a unique hex address (it’s 
printed on the side), and it's constantly 
"listening” for messages containing its 
address from the server. So when the 
server has a price update for a product, 
it transmits the price information as 
well as the address of the label for 
which that update is intended. The la- 
bel receives this data, then sends an ac- 
knowledgment message upon receipt. 
If the server does not receive this mes- 
sage, iL sends the price update again 
until the label replies. I’m assuming 


the RF occurring is very low power - I 
counted three or four ceiling transmit- 
ters per 50 foot aisle, i would also 
reckon the FCC would complain if we 
were looking at anything more than a 
fraction of a watt. 

Experimentation with the electronic 
shelf tag systems is w ide open. If you 
own a scanner (see Sam Morse’s article 
in 17:4), bring it along the next time 
you go shopping and see what you can 
pick up. Perhaps this communication 
can be disseminated for a better under- 
standing of the whole process. If you 
happen to wind up w ith one of these la- 
bels in your possession, take it apart 
and see what’s inside. Or better yet, try 
feeding your own signal to the label. 
Those LCD readouts are alphanumeric, 
so you’re not limited to displaying 
prices. There is still the question of 
how the label displayed the data even 
after the battery was removed and re- 
placed. Are those transmitters con- 
stantly transmitting price information, 
or does the tag have a storage capabil- 
ity? If there is storage, what other in- 
formation can be found on an ESL? If 
you happen to work for the supermar- 
ket and have access to that back office 
server, well, you've got an entire net- 
work of shelf labels to explore. Just re- 
member that changing the price of 
your favorite frozen pizza to a nickel is 
not something I recommend. 

Supermarkets make only a percent 
or two profit for each transaction. That 
such businesses would invest in such 
elaborate pricing systems poses many 
questions. For example, how f often are 
prices changed, to what degree, and 
when? Who is benefiting from elec- 
tronic shell labels - customers or the 
supermarket corporations? If you're a 
conspiracy theorist like me, then the 
answers are obvious. 


Spring 2001 


Page 41 


ano/W^Ly 

□GTGCTDn 
5y5T0/W5,Pc=lRT II 


by Thiiull 

In my Iasi article, ‘ Anomaly Detec- 
tion Systems" in 1 7:3, we explored the 
general concepts behind intrusion de- 
tection, a means of classifying intru- 
sion detection systems, and a brief 
outline of a simple passive/host-based 
intrusion detection system on a Linux 
platform. 

This article will outline a couple of 
ditlerent ways to accomplish anomaly 
detection on large heterogeneous net- 
works cheaply and efficiently, from 
the passive/network -based angle. 

We II also discuss signature- based IDS 
systems* usage in conjunction with 
anomaly detection to create a well- 
rounded overall intrusion detection so- 
lution. 

1 can’l stress enough the necessity 
of understanding the traffic flow on * 
your network. If it is your mission to 
protect that network, how can you pro- 
tect it if you don't understand what is 
there? How r many web servers do you 
have? What are their IP addresses? Do 
they use SSL (443/tcp)? HTTP 
(80/tep)? Find out,., only in knowing 
what belongs on your network can you 
spot what doesn't belong. If you canT 
spot what doesn’t belong, then what 
doesn’t belong is just going to keep on 
not belonging, without you knowing 
about it. 

1 discussed in my last article the 
fundamental vulnerability that exists 
in all attack signature-based intrusion 
detection systems: they cannot “see” 
zero day exploits. Generally, there is a 
period of about one week to nine 
months between the time that a new 


exploit is created for a recently dis^r 
covered vulnerability and the time that 
the attack signature for that vulnerabil- 
ity finds its way into your attack signa- 
ture-based IDS. So, until you have the 
signature,: what will your TDS system 
tell you? Absolutely nothing. Won’L 
even see it. 

A solution tShfe-ftifidamental 
problem ? Learn your network, know r 
what belongs, highlight what doesn’t. 
Say your NNTP server has only tw'o 
ports open: NNTP { 1 19/tcp) and SSH 
(22/tcp). An attacker doesn’t know 
that those are the only two ports open 
on tt until the attacker probes the ma- 
chine, If the attacker is smart, heTl hit 
the machine with one packet a day 
from a dilterent IP address every day 
Will your attack signature-based IDS 
show a single SYN packet to port 
23/tcp? i don’t think so. Anyway, back 
to that solution... collect all traffic that 
crosses your network at a ehokepoint, 
then bounce that traffic off of a filter 
set that siphons off all traffic that be- 
longs. What you have left is every- 
thing else. You’ll find in investigating 
this “everything else” that about 90 
percent of it turns out to be system 
miscon figurations or what-not on ei- 
ther your end or the other end of the 
comms stream. However, the remain- 
ing 10 percent are malicious. In the 
above example with the NNTP server, 
write filters that ignore port 119 and 
port 22, and have the system show you 
everything else. You might even want 
to only filter out incoming traffic to 
those ports that are from IP addresses 
that you know r should be using those 


Page 42 


2600 Magazine 


ports. Everything else is suspect. 

If you’re paying attention, you’re 
probably screaming right now: “What 
about an exploit against SSI! or 
against NNTP?" Well, two answers to 
that question. Yes, incoming traffic 
that is malicious can match a filter that 
you put in as “normal" traffic, but 99 
times out of 100, more than one port is 
going to be checked on the system be- 
fore an actual exploit is launched . 

That, and someone probing for port 
1 19/tcp on your systems will most 
likely look for it on other systems as 
well, which should show up in your 
system because you're not filtering 
1 19/tcp from other machines,,, only 
from your NNTP server. 1 he second 
answer: this is w here attack signature- 
based systems come in If the exploit 
used is old enough, your IDS system 
will probably have a signature for it, 
and will flag the attack. This covers 
the hole created when an attacker's 
traffic matches valid traffic that you 
would expect to see, to a certain point. 
This does not provide a solution for 
when an attacker uses a zero day ex- 
ploit that matches expected traffic. 

Still though, you will probably see 
traces of the activity on other ma- 
chines. 

Do you use firewalls? I bet you 
probably do, unless you're running a 
small network at home where you can 
easily keep up with all the latest vul- 
nerabilities, An effective anomaly de- 
tection system can be “built” with the 
firewall(s) that you’re currently using. 
Leverage your firewalls to be your 
eyeballs into what’s coming in and go- 
ing out of your network, not just as a 
simple barrier. Every firewall platform 
that I am aware of has the capability 
of not only logging traffic, but of fil- 
tering information that is displayed in 
the log files. Generally, this is used for 
troubleshooting network issues... did 
the traffic ever reach the firewall? Run 
a filter on the logfiles to look for that 
IP address, if it’s not there, it didn’t 


make it to the firewall, etc. But, those 
filters can be used the other way too... 
instead of writing a filter to show a 
specific something, write a set of fil- 
ters that hide a set of specific some- 
things,., those specific somethings 
being all traffic that belongs on your 
network. Filler out all traffic to port 
80/tcp on your webservers (and 
443/tcp if you’re using SSL), port 
20/tcp and 2 1 /tep on your ftp servers, 
53/tep and 53/udp on your DNS 
servers, etc. Remember, you’ll want to 
be able to see port 53/tcp and 53/udp 
connects to everything except for your 
DNS servers, so write your filters 
specifically for individual machines. 
Normally, firewall systems will allow 
you to save filter sets... use them. 
Check them every day. Log the anom- 
alies in a database, to look for trends 
later. I once identified a very patient 
fellow this way, plugging away at the 
network with two or three packets a 
day against a different port from a dif- 
ferent IP address every day. All put to- 
gether, they added up to a portscan... 
amazing. By the way, on that one. Re- 
al Secure never saw a thing... of 
course, you can't blame it; that’s not 
what the IDS systems that are out 
there today are designed to find. 

There are two other ways to accom- 
plish this i n pass i v e/ne t work- has cd 
mode. You could put Linux machines 
out in front or behind your firewalls 
(at prominent chokepoints), or off of 
monitored switch ports running 
ipchains in accept all but log mode, 
run togcheck against your logfiles 
every hour and have it report anom- 
alies to your email. You could even 



Spring 2001 


Page 43 





write your ipchains rules to do the til- 
lering for you... i.e., accept and don't 
log 80/tcp to the webservers, hui ac- 
cept and log all else. That would keep 
log files down some. Or. you could 
take the Shadow IDS system from the 
CIDR project and revamp it a little. 
Hie Shadow system is already de- 
signed to suck in all the traffic on the 
network via tcpdump and store it in 
massive logfiles for alter the tact 
analysis* Filters are then written using 
normal tcpdump syntax to grep out of 
those logfiles traffic which matches 
certain criteria,,, i.e., you can write a 
filter to run through and check specifi- 
cally ft >r i n d i v i d u al att acks . Ho we v e r, 
with a little modification, you can re- 
arrange the system to instead of going 
in and pulling out the stuff that you 
want to see (which requires that you 
know what you're looking for before 
you look for it), you can have it go out 
and filter out all of the stuff that you 
know belongs on the network and re- 
port to stdout whatever is left. Hello, 
anomaly defection. 

Let's talk briefly about limitations. 
Anomaly detection is not the end all 
answer here. 1 strongly advise a com- 
bination system. The methods that I’ve 
outlined do not include things like 
fragmentation reassembly, MTU size, 
low TTLs, etc. However, 1 guarantee 
that with a combination system, you 
will see far more than you would with 
an attack signature- based system 
alone. 

As far as attack signature -based 
IDS sy stems go, if you are looking for 
a system to use in conjunction with 
this sort of anomaly detection, my 
suggestion would be the Dragon IDS 
from Network Security Wizards, I’m 
personally very impressed not only 
with this system’s ability to find and 
identify known attack signatures, but 
its usage of more all encompassing 
“built-in" broadbased filters that are 
based upon parameters that catch cer- 
tain “classes" of attacks which share 


similarities with known attacks, Es- 
sentially, this means that in some 
cases, new zero day exploits that are 
modifications of know n exploits, or 
work within similar parameters, w ill 
be at least highlighted for further 
analysis. And that's just the built-in 
functions.., you can write your own 
rulesets for it that turn Dragon into an 
anomaly detection system per the style 
above, simply by having your rulesets 
ignore everything that you expect to 
see on the network . Take a look at it, 
they're doing some neat things. 

My point here I guess is simply 
this: You can't go into intrusion detec- 
tion expecting that you know w hat to 
look for. If your system(s) get compro- 
mised via a vulnerability in a service 
and not by some misconfigu ration er- 
ror that you've made, one of two 
things has happened. Either you are 
stupid and didn't patch an announced 
vulnerability, or someone used a zero 
day exploit against you. (An academic 
note here: from statements earlier in 
this article, you should be able to sur- 
mise now that I believe that attack sig- 
nature-based systems are only useful 
to stupid people (caveat: That's mostly 
a joke, there are valid uses for attack 
signature- based systems for smart 
people).) If you are smart and have 
patched everything that needs patch- 
ing, you're still not secure, but you 
can at least see the attack coming from 
the other smart guy sitting out there 
somew here. And if you're really 
smart, then your systems are probably 
tight enough that it's going to take that 
other smart person longer than he 
wanted to in order to compromise 
y ou r ne 1 w or k . This gives y ou t he op- 
portunity to do something about it be- 
fore anything ugly happens. Let's face 
it, it's like a big game of chess... 
sometimes the other guy is smarter 
than you are, and you get to learn 
something. 


Page 44 


2600 Magazine 


0 t r a n a 


Or, How I Learned 
to Stop "Worrying 
and Love the 
Anna Kournikova f 




t 


& 





J 


by 6M AL 

It s odd the people you keep in your ad- 
dress book. Asa reader of 2600 for the past 
eight years, you learn a lot about what peo- 
ple will and won't find offensive. You learn 
that people will complain about things that 
affect them, and won't complain if it hasn’t 
affected them yet 

When I received the Anna Virus, I knew 
it for what it was: ,i program created by 
some hacker that had been sent to me un- 
wittingly by another individual, I guessed it 
might be a worm that would be sent out to 
another user after an inadvertent reading or 
clicking of the e-mail message containing 
it. 

f clicked. 

Within minutes 1 was receiving phone 
calls and e-mails, some laughing and jok- 
ing, others solemn and angt y, Emm all the 
people in my address book. Some were 
asking what 1 had sent, one man even 
wanted help opening the attachment. ‘Tm 
sure she’s hot," he replied. “But my mail 
program won't open the picture. ’ 

I had sent e-mail to people who owed 
me money, to people 1 am in litigation with, 
to women I haven't called after an affair 
went sour, to men l had admired, to persons 
J had feared. 

Worst of all, J hadn't just sent an e-mail. 
I had sent them the virus. 

It took a few hours to sink in - the po- 
tential impact of what had happened - and 


you can imagine that I could have been an- 
gry. I could have been dismayed. But 1 had 
made the choice to try the virus anyway. I 
had been in good company. CNN carried 
news of the virus well into the next few 
days. 1 was elated and disgusted at the same 
time, t had burned bridges and made others 
laugh at my actions. 1 felt happy l had made 
no mistake. I had run The virus on purpose. 

Now the most important question many 
would ask is why create such an ugly virus? 
“Why do hackers have to waste so much 
time and money on destructive forces?" 
they demand to know. My response is sim- 
ple. If the virus 1 received had short-cir- 
cuited my copy of Windows, if it had sent 
instructions to my hard drive to reach for a 
sector that didn't exist, gouging a new hole 
in my storage space, the Anna Virus would 
have been wrong and sickly twisted, some- 
thing I could hate. 

But it didn't. It taught me, and many of 
you, a lesson. It taught us to guard against 
such threats and to be ever wary of what we 
see and open. It took nothing from me, 
nothing but a little pride, which l could 
make do without. And the Anna Virus intro- 
duced me to people I haven't spoken to in a 
long, long, time. 

Their e-mails may begin with “I think 
you have a virus...," But they all end with 
“So how are you doing these days? How is 
life?" at the end. 


Spring 2001 


Page 45 


OCCIAWIHC 
YOUR :CU€ 


by Lini jus 

Cuecats are barcode scanners given away 
with issues of F&rbts Magazine and at Radio 
Shack, The Cuecat is used to scan a bar 
code of anything you find interesting and 
the CRQ software, included with the cat, 
uses the default browser to bring The user 
directly to a corresponding web site with 
information from a database. What they 
don ’! leti you is that every time you do 
this, a serial number is sent to them telling 
them who you are (remember giving your 
name to the Radio Shack guy?). And while 
it is possible to change this, they try 
pulling technicalities, saying that the cat 
isn’t even yours - that it’s only on lease. 

They say this so that you cannot legally 
open it and reverse engineer it! Too had 
nobody gives a fuck. Intellectual property 
laws protect reverse engineering for com- 
petition last J heard, although corporations 
have been disagreeing lately. 

Operation and Reverse Engineering 

I he Cuecat is a keyboard wedge scanner 
like several other bar code scanners, meaning it 
plugs into the keyboard slot on your computer, 
and the keyboard plugs into it. When you scan a 
bar code, a line of information is sent like the 
following: 

* C3nZC3nZC3nZCxj2DhzIC3nX.fHmc. Dx- 
P¥E3b6C3nZC3jY. 

This is four pieces of information separated 
by dots, 

1 . ALT-FLQ is sent as a wakeup signal. 

2. Hie serial number of the wand is senl. 

3. 'I he type of bar code (UPCA, ISBN, etc). 

4 The actual barcode information. 

Now, as you probably can notice, the in for 
mation is encrypted. Jean-Phillipe Sugarbroad is 
credited with figuring out that the Cuecat uses a 
modified version of base 64 encoding, a very 
simple form of encryption. Take each block of 
four characters and convert them into six bit val- 
ues by indexing into ll [a-z|| A-Z][0-9]+- String 
the four six hit fields together to get a 24 hit 
value containing three bytes. Exclusive OR each 
with 67 and you have three decoded bytes. 
Strings that aren’t a multiple of three characters 
are zero Tilled and they should be stripped our if 
it isn’t being processed by C code which takes a 



/ 'At > 



NULL as the end of string. According lo the dri- 
ver from Linen, some cals don’t encode the 
same. For these you index into **[a-z|[A-ZJ[0- 
9| f\ 

You can do this yourself, or as any 
sane human would, with a script. You can 
find a small perl script which I like best, 
nicknamed the "latooable version ” for its 
short, short length ai http://opensource.li- 
neo.com/cuecat/. 

Decoded, the aforesaid line is this: 
0000000002 J 5756002 UFA 
69 1 8390000 U 

“UFA’’ stands for UPC A and the 
"69 1 83900001 1 " is the bar code number 
The pan you must worry about is the first 
number: the serial number Getting rid of 
the serial number is relatively easy. All I 
had to do was cut the Data Out circuit on 
the Hyundai chip and I he Cuecat now 
sends garbage for the serial number, (The 
chip will either be an eight pin device or a 
smaller five pin device. Be sure to cut 
completely through the trace.) More m- 
formation on ihis can be found at 
http:// w w w. ma2600 .org/- 
i n de x . ph p ?page=dee law. 



Congratulations, you now have a Cuecat that 
doesn't send a serial number and you know how 
to decode the barcode number. To take advan- 
tage of this you can find software at lineo.com 
or at ma2600.org to take inventory of your 
book/C D collection, or even to create your own 
bar codes. Have fun. 

Shout outs to Qhmboy, Christ, Rasputin, 

A lorn _S tar, MA2600. and countless others who 
have guided me. 


Page 46 


2600 Magazine 


UTP 

Digital Directories 


INTERNET BUSINESS GUIDE 


2600 Magazine 

P.D, Box 752 

Middle Island NV LL953 

USA 


ENTHYOFFER - COMPANY ENTRY 


ZZ.Dec.QC 

DATE 

IBG/72im8 

RET, NO. 

-> DEC 2001 

ENTRY PERIOD 

USt 960*00 

AMOUNT 


Tho- specified darn wM bn puDlliMpH in ifig Nirnmifl GuHde when payment has been tom tired. IT th* publmfrinff hnusw te not 

notified of any jpmtntfnuflj wistn 'j or *jjjj glome pita, Hw publication w Id appear In the loHOwftl'fl difftCtOfy: 


Internet Pus i nets Guide / Country - USA 

SlCode : 2??lPAriodicals- Publishing r or Publishing and Pri 


Item 

Subject of lhe carat itstlrnalA 

Currency / amount 

001 

Online Publishing for sped fi cation 
above ami contact numbers listed below. 

US* 

960 r 00 


Con* Fax : 316 - 474-2677 

Phone - 5 H~? 3 t ~2400 




total 


960,00 



I Tig data pflnitd out .n, ■.■>» wj!I tm puMIflWd aa speciliad. H any amand- 

merits. are nee -try, Th«* r n may hi- uummuntcaled online in iho Inlorooi. 

II yr.-u CntimiLini. Oil. ,Miy .nliiiildmOrrt& by mail U-rfiLH, jHtert*Qm '0 Lis ytMJF’ 

rtfmKtt nufllbv imk) specify ' Amandmonl' 43 Hit fMWn Hu your letter. 
You tan llnd Ihm u«|nf h«..nTmq , qt The UTP wt-b site. These may alsu 
ba naqu-esledi In willing in It™ Iwm el t-m.erplc 



In order to guarantee jlfacovMMij Mi dun Nmp, pJoofvS 
pay the Incficntetf amount within IP of receiving 
the offer. In the case of reoiatlnnue In out npnclfiod 


for payment. In the cose of payment by cheque, please 
also specify your reference number. 


Terms of business overleaf 


Bunking connections: 
For.Uinanc* 

CH TMJQO St Gallon 
Account: flrT-321 1 2-S> 


Raiffeiaonbartk 
CH-S5S3 Sulgen 
Account; IJ14f 1-23305.85 
Swift Code; RAIF CK 22 


UTP AQ 
P.O. Box 
CH-B5B3 Sulgon 
Switzer! and 
Fm: +41 (71) 0 400 500 
E-MeiJ; intotfutp-onime. c cun 
internal; www.utp-aoline.CDm 

LOOKING FOR SCUM? No need to look further. These people go around sending these 
"entry offers” to companies lot some ridiculous online “business guide,” Doesn’t it look an aw- 
ful lot like an invoice? We suspect hundreds, if not thousands, of unsuspecting businesses just 
pay these things because they look like hills, UTP, along with another Swiss company called 
IT&T (www.ittag.com) have been sending these little swindle applications to the listed address 
for every Internet domain we registered through Network Solutions Inc. Incidentally, neither one 
of their web pages even worked when we tried to access these alleged business guides! But they 
have that covered too - both companies have almost identical statements on the reverse claiming 
that they arc not liable for delays as long as they're not the ones responsible for Lhe delay. Slick. 
Refunds are simply not given under any circumstances and once you register with these crooks, 
they will automatically bill you year after year until you send them a registered letter telling 
them to stop, As a public service, we re going to add these two companies to our own “business 
guide” - and we’ll do it for free! 


Spring 2001 


Page 47 



Wttrs continuED from tw 39 : 


Voting Ideas 


is removed from its cradle the session is started and 


Dear 

I was appalled at the method) used for mtilig. Thi 
was my first year voting for the next President and like a 
good happy citizen E shuffled my way to the elementary 
school in my area and pin in my vote. . on a plain sheet 
of paper by marking in a circle wjih a "specially desig- 
nated pen." Upon further examination the pen appeared 
to he a Sharpie marker. Kind of outdated, isn’t it? 

Of course, many a re in search > >1 [mother way to 
make the whole voting procedure work. Using a web 
site or online database would be .1 problem because of 
Internet .security. Hm there are other alternatives! E am 
the Oracle Database Administrator for an Internet com- 
pany in my slate, and can sec where a good database ap- 
plication could come in handy here. 

First, each voting urea would he equipped with 
computers, networked together. There would be one cen- 
tral computer for each center running the actual data- 
base, and several client machines running the actual 
forms used to input data. A voter would walk in, dick 
some radio buttons (or drop down lists, etc.), and walk 
out. When voting was closed, all data would be in this 
main server, and a preprogrammed report could easily 
print out, e-mail, or just save all statistics. It would also 
produce an encr> r pted dump file of all voting data, 
which would be sent to (by means of a burned CD, a 
ZIP disk, or ftp) and imported into the main database for 
the state once voting was finished to count up state 
votes Or the dump could be loaded as a separate data- 
base on the main stale server, and replication could he 
used to pass over the necessary data. Again, a report can 
produce statistics. 

Because of the contracts the government has with 
Oracle, I cannot see a system like this costing very 
much in the way of licenses. The computers would 
probably He the most expensive part, but the clients 
wouldn't have to be state-of-the-art machines by a long 
shot! 

SiON42 

Dear 2600 ; 

I just finished reading your comments to chrisbtd 
about the voting fiasco in Florida. You said anything is 
potentially better than the current system, so here arc 

my thoughts. 

I thought of using USB devices for the input and us- 
ing a l 'SB hub to connect multiple devices to one com- 
puter. Where 1 live we use the infamous punch card 
system, where when you flip the page it exposes another 
row of holes for you to punch. So I thought l could keep 
the idea simple and have a similar setup (l wouldn't 
want to get people confused again). Instead of voters in- 
serting and removing cards the area under the matrix of 
holes would be replaced with the USB devices, flic 
USB device would have a switch and an LED for each 
hole in the current machine. When you insert the poker 
tool it presses a small switch, which lights an LED in- 
side the hole. Selecting another candidate for the same 
office would remove the previous vote and him (he light 
off (through a hardware XOR). You would have to add 
two more steps though, actions to start and stop some- 
one's voting period, Easy enough - when the poker tool 


w hen n is replaced the session is ended, period. Now, 
you criminally inclined tire thinking something which l 
am getting to. In order for the machine to be aide to start 
a session, the poll worker has to activate the booth. 
They will do this once you hand (hem your ID. (Here 
they (Like and check our IDs and our voter registration 
card to make sure we only vote once. Maybe, l could 
also add a bar code scanner to scan IDs 111 quickly.) 
Once ,1 session is ended, the voting machine has to be 
reactivated by the poll worker before a new session may 
begin 1 may want to add a step that doesn’t allow' die 
session end to commit the new data until a new session 
is started or the poll is dosed. This would allow poll 
workers to clear the session if some less intelligent 
voter made a mistake and ended their session early. 

I am mu a USB expert, but 1 believe that each device 
connected to a computer has to have a unique identifier. 
I have never connected tw o of the same peripheral to 
Otle computer via USB, so I am really not sure how this 
would work. But, if they did have to be unique we 
could have a series of color or letter coded devices, so 
that a poll worker wouldn’t connect two devices that 
would cause a conflict. 

Now more on the poll worker end of the plan. I start 
by connecting those USB hubs to Windows machines, 
Wc would use Windows machines for a variety of rea- 
sons: One, Windows offers good USB support. Two, 
*N1X machines would require an operator with some 
intelligence. Three, I don’t care for Macintosh toys. 
Four, and most importantly, most governments already 
have Windows computers. See, I am slightly Libertarian 
and I hate when government spends more of my hard 
earned money. Also, every time I have voted, it has been 
in a school and I know (around here at least) they have 
Windows computers in the schools. And, since we are 
talking about money, the USB devices should be manu- 
facturable for a fairly low price. There are tons of kids' 
toys selling tor a couple bucks that are technologically 
more advanced than my proposed devices. 

Now to the software, I would provide each voting 
computer with a single CD, off of which the voting de- 
vice drivers would he loaded and the voting software 
would fa- run. The software would run a database to 
store the votes and provide an easy GUI for the poll 
workers to use Each voting computer would also get a 
series of 3,5” disks, to which the votes would be 
recorded. The votes may reside on ihe hard drive during 
the voting process, hut will be automatically transferred 
to disk when the polls are dosed. The 3.5" disks would 
be taken, via Courier, to the elections board, fust as they 
are done now. This leaves out networking for now, be- 
cause 3 don't feel we are ready for that. A temporary 
government network is a disaster waiting to happen. It’s 
temporary, it’s government, it’s a computer network, it 
ain’t happening in the near future I’m afraid. The good 
thing about my method is that it could be easily up- 
graded to have network support in the future just by up- 
grading (he software. Then again, you could have the 
program dial out via modem to the Board of Elections 
once the polls dose. These are my ideas. I just hope 
someone some day will actually improve the current 
system. 

cstoll 


Page 48 


2600 Magazine 


Reusing e xisting computers from ti school probably 
isn't such a good idea considering the many 1 veird 
pieces of software that could have been installed during 
their stay. And if 's possible someone could come along 
with a bunch of identically marked floppies and steal 
the election. There are some good ideas here hut we in- 
vite our readers to try and tear this and other pmposuts 
apart as it's the only hxiv we're going to get an m heir. 

Dear IdtHh 

Don’t mean 10 brag loo much but in lute November 
while everyone wax still trying to hgcue mit ii < lush or 
Bore had won (he election, Canada had an election too. 
A country of about thirty million people .u ress >U time 

zones (and the second largest try in ihe world) had 

all of the votes tallied, by hand, in about ti r hours. Oh, 
and the ballot was (he same fioui lomnlc, Ontario to 
Alert, Nunavut. There was a candidate's name and be- 
side the name a big round euele. Von put an \ m (he cir- 
cle and you had just voted lor the Could it he 

any simpler? 

Michael 

l tear 2600: 

Here's the $3W voting iii.h lime ,1 cheap diskless 
4$6 (hat boots from a Cl) ih.'ii holds the info for that 
precinct and that runs .1 (inn h n cn 1 lie \ nice touches 
the face of his chosen candid.! n\ (he machine asks if 
he’s sure a few times,, and ai ihe end the voter ls shown 
all of his choices. The machine (lien burns (his lo a CD 
after each vote. The info 1 ■ iKq held in nvum for re- 
dundancy, The machine is lot kol m .t box with no key- 
board, just the monitor. Duly the mourn n needs to he in 
the booth. At the end of the election the machines are 
impounded (to preserve the integrity of (he nv ram) and 
(lie WORM CD (nol rewriteable) i- ■ nl Its Id I and tal- 
lied. Tins system can’t be screwed w ith and is nearly id- 
iot proof i except for the pramlaini y idiot < nulid ties thuj, 
we can't seem to gel rid of). 

anop 

Article Feedback 

IK.11 2600 : 

Regarding “Microsoft's Hook and Smkci LcXer 
was cl ose but no ci gt ir, The re vc ri tie xt re im from all l he 
certification programs is insignificant relative to the 
other business Microsoft doc*. Most ol file revenue is 
generated and retained by the businesses running die 
system including the test administraim s. (he educational 
facilities, book authors, book publishers, and ihe resi 
Also, the information to puss the exams is not solely 
learned by attending their courses, Web sites such as 
www.braindump.com and test preparation sere ices such 
as Transcender provide the necessary in form at ion. Fur- 
ther, it is impossible to expect to learn how to adminis 
ter an operating system as complex and quirky as NT 
4.0 or Win2K effectively without working in the envi 
moment, discussing matters with other admins, and 
keeping abreast of the current release information. Fhat 
ss the irue way to pick up the ’’tricks" and inside infor- 
mation that lead to proficiency. The main reason is that 
Ihe NT 4-0 exam is based upon the original release of 
the operating system from I 996. The software is con- 


stantly evolving and (fie exams do not lake that into ac- 
count for other reasons. 

Only in the last paragraph of your article did you 
touch on the correct reason for Microsoft's trickery Mi 
erosoll sought to set die certification standard artifi- 
cially liigh to increase the value of certification to both 
the certified and the operating system through the per- 
ception of standardization regarding (heir unstable 
products. Rather than create a stable and efficient prod- 
uct* Microsoft tried to develop customer confidence by 
instituting a professional certification system dial cre- 
ated the appearance of stability and high standards m a 
profession sorely lacking critical measures for em- 
ployee skill sets. Once again Bill Gates proved a better 
business man than a software developer. Experience is 
the real teacher but one needs an MCSE degree to land 
one of the belter jobs. The employer's perception is 
manifold* When the hiring process begins, it is easier to 
separate the men from the boys, or so (he employer 
thinks, by requiring a certification. He can more easily 
justify the hire of an admin at a higher salary based 
upon paper credentials. Lastly, the certified can demand 
a greater salary based upon their credentials. 

Ironically, the reality could hardly be farther from 
the truth,, 1 am not certified yet l am responsible for ad- 
ministration of my organisation’s domain. The other 
professional IT staffer and I have three people working 
lor us in our IT department. We have worked through 
many a “paper" MCSE - people able to pass the tests yet 
unable to handle the work. 

Sorry l.eXer, maybe when you have worked in the 
licit] lor a while you will have a better understanding of 
the situation. By the way, there are many exceptionally 
good reasons to loathe Microsoft; you got that right! 

reuven 

Dear 2600: 

Ok, lo start, E Jove you guys to death. You Ye my he- 
roes.** mostly. Great job on 17:4. Lotsa neat stuff. 

Now, to ihe point: page 44 of 1 7:4, ’’Radio Shack’s 
Newest Giveaway* 5 * Sorry; guys, but you totally blew it 
on this otic, This had to have been sent to you from 
some tweak at Digital Convergence to get more cover- 
age on this gizmo from hell. The major point here is that 
unmodified, this thing transmits a serial number back to 
DC* which links across 10 the registration info you gave 
diem on yourself when you installed the software to in- 
terface it. Getting this? You’re plugging a product that 
gives Radio Shack and Digital Convergence loads of 
demographic info, right down to your e-mail address or 
telephone number (whichever you think is more impor- 
tant), each lime you nail a barcode with this tiling. 

The article totally missed the point of the mod abil- 
ity ol these things - that the serial number's kept on a 
chip onboard the godawful little (lung, that can be dis- 
abled by cutting ground on the chip: and that by running 
a lead from the positive voltage onboard the thing to one 
of live test probes on the board (position varies from 
one board rev to another), the thing can be forced lo out- 
put straight data, non-uuencoded. 

Give this a shot - open up a text editor and scan, 
straight into it. with one of these things, Three fields: I 
is the serial number, 2 is the barcode type, and 3 is the 
barcode data, all uuencoded. The device this kid is brag- 


Spring 2001 


Page 49 


ging about is cursed, and ain't useful unless people 
know the story on ii* and what if s being “given away” 
ior. All the rest ut the data on these things, right down to 
□ BOM for each revision, is available with a couple of 
searches. 

Sorry for the rant; just had to get that out of my sys- 
tem, 

Tim 

And you were right to do so. Whilt ■ the points you 
mention were widely known when ice printed the article, 
there was no way we could add them without writing mi 
entirely new article, which we just didn't hove the time 
to do. Bui by running the existing text, we got no less 
than nine new articles with additional info, one of which 
w’t? have printed in this issue. We hope people remember 
that this is the nvn 1 2600 works - oar info may not al- 
ways he 100 pen cut hut with some fine tuning and 
reader inpul , we ran keep getting closer. 

Dear 2600: 

“‘New radios would Slave to be bought” [if commu- 
nity FM takes over current VHFTV frequencies ]? Not. 
My Sony Walkman (and lots of other units now out 
there) have a Japan mode that receives broadcast FM 
down to 76 MHz. Just give u.s TV 5 and 6, Fox Char- 
lie A 2. We're already prepared. 

v-dick 

That makes it an even easier transition. Bur the only 
uvjy this is going to happen is if the proposal becomes 
known throughout the nation - namely, allocating the 
future vacant audio signals from analog TV stations to 
community radio, IPs vital that these new stations not he 

conune raid qnpttri oj any existing bnutdcusi network, 

^ ? ;4 "I*- BUB Mr JH mm Wf CTEJP fll 

Fun in the Stores 

Dear 2600: 

1 just yesterday picked up the new- issue, 37:4. and 
was chuckling at the cover art while paying for it when 
one of the store clerks said to the one who was serving 
me. "Did you gel any ID for that ;'’ 1 The one helping me 
out said, "No, 1 thought I 5 d let it slide this time." [ natu- 
rally asked what the hell he was talking about, and he 
■old me that they normally have to take three pieces of 
pholo ID from anyone buying 2600, and once a month 
l he list is forwarded to the RCMP (Royal Canadian 
Mounted Police) and CSJS (Canadian Secret Intelli- 
gence Service) who (hen forward the list to the FBI. I 
was taken aback for a moment, thinking that Canada 
had finally gone in hell, when ihe two clerks started 
laughing their heads off and one gleefully exclaimed 
{ iotchal” Boy. was 3 relieved. 

t he fact that I had to take that possibility seriously 
serves as a testament to the ever-growing tensions re 
garth ng freedom of speech. As J understand it, one tit 
the fundamental freedoms guaranteed under the Cana- 
dian Charter of Rights and Freedoms guarantees "free- 
dom of association." inherently covering literature. Tve 
read horror stories about bookstores keeping 2600 be 
hind the counter and only available upon request, but re- 
quiring ID would have made me want to go home and 
hide under the bed. ] w r ould stress to everyone in 
Canada and any foreign nation to keep in mind that just 
because things like the DMCA pop up in the US doesn't 


mean that the rest of the world is asleep. We've got to be 
just as aware of threats to fundamental freedoms that 
are going on within our own borders as well as interna- 
tionally. l uckily, what I encountered was a joke, but it 
could happen. 

In the meantime. I’d like to congratulate the guys at 
Toronto Computer Books for scaring the pants off of 
me. Good work. 

xcham 

Dear 26(H): 

So ihe other day J was at Babbages just checking 
oui stub when I overheard some other customer say to 
the elefk, "Hey, do you guys sell tone dialers?" Instantly 
I looked up to see a group of three junior high aged kids, 
a contused looking clerk, and another customer shaking 
their head in disgust, The clerk said. "Umminm, let me 
go ask my manager." Just thought I’d share another 
story on how stupid people really are. Come on, of all 
the plates to go and ask for a tone dialer, why Bab- 
bages? 

AquaGEow 

Hr re wondering how the other customer knew to 
he disgusted, But let's not prog ram ourselves to think 
this wav. There is nothing wrong With buying hardware 
and even if you 're 99 percent sure how these people in- 
tend to use d t you soil don > know for sure. 

Legal Questions 

Dear 26(H); 

If someone were to, say, memorize the entire 
DeCSS source and could repeal it perfectly so that 
someone else could write it down, what would the 
M PA A do? Sue the guy (or gal) for his memory? Or just 
tell him not to tell anyone? And what would happen if 
someone got it tattooed on them selves, someplace obvi- 
ous. then walked around on the street showing it off? 
What exactly could the MPA A do? Is a tattoo, in fact, 
not a work of art? 

Joseph 

Dear 2600: 

I ant from Canada and was wondering if any coun- 
tries other than the US have laws similar to the Digital 
Millennium Copyright Act? 

Hy Stress 

t hfnrtunately, with global bodies like WlPO , the 
H 7f), and more regionalized entities like NAFTA and 
the European Union, it's become far easier to get such 
taws passed throughout the world , A cousin of the 
DMCA known as the Digital Agenda Act recently came 
into existence in Australia, technically making it a 
crime to forward e-mail without permission We fear 
there will be more ill-conceived legislation worldwide 
before this is over. 

Advice / / 

~TT M ■■ J'W wr 

Dear 2600: 

3 am an administrator at a school, and 1 wanted to 
give the readers of your magazine the perspective of an 
administrator regarding student IDs, computer net- 
works, hacking, and education in general. 


Page 50 


2600 Magazine 


People do not go into education tor the money - 
there isn't any. They go into education wiih a desire to 
teach students to think. All your teachers, administra- 
tors. and counselors all got into education to make a dif- 
ference. Today they are dealing with a small percentage 
of very troubled kids who have been abused at home, 
are neglected, regularly use very addictive sub-stances 
like coke atid heroin, engage in violence and prostitu- 
tion, and threaten violence on a daily or monthly basis. 
It is hard to create a nation of literate i ree thinkers when 
you find out that a kid is talking about suicide, his/her 
parents don't provide enough food, the 12 year old is 
sleeping with both her father, uncle, and aunt at the 
same lime. Your teachers may be a bit distracted over 
these issues, 1 just wanted to leacli Plato, Malcolm X, 
and Gandhi, Now I have to deal with a society in crisis 
and parents who just don't care about their kids, and 
some teachers who arc not up for the job. 

Every event creates a reaction and the reaction to 
this crisis has been the creation of factory schools 
(2000+ students) and large classes l 35+). As your read- 
ers know, it is impossible tor kills to get the kind of true 
education where you learn io think for yourself, solve 
complex problems, and develop a system of ethics 
based on responsibility to your community and the 
world in this kind of environment Schools are teaching 
students that they are numbers, as the letters of 
joePUNKl02 and data refill attest. I do not think that 
this is part of an organized plot to eliminate freedom 
and liberty, I have worked at several public and private 
schools. Sorry, the average i cue her and administrator 
are not that smart, They are just trying to maintain some 
measure of control. Ninety percent of the students w ho 1 
have encountered are not a threat to themselves or oth- 
ers. However, there are a lot of troubled kids out there. 
Run the numbers. If your school has 2000 kids, 200 of 
them will be involved in some major crisis at any given 
moment. This takes up a lot of time, and prevents me 
From teaching you Plato* Malcolm X. and Gandhi, 

If you don’t like your ID cards, organize a strike 
and burn the cards in a public ceremony off school 
grounds and after school hours. Get the proper permits 
from the police and fire departments, call the TV sta- 
tions, and get the press involved. An act of rebellion 
means nothing unless it get some press. Study Gandhi 
and use him as a guide for your acts of nonviolence and 
civil disobedience. Get the students of your school to 
wear coats and lies and inarch in mass to the town 
square. With permits in hand and news crews watching. 
se( Eire to the permits. Make sure that nobody is going to 
get hurt. A person has to agree to be oppressed. 

Computer administration is the btme of my exis- 
tence. Any smart administrator knows that ihe kids are 
more sophisticated than any adult when It comes to run- 
ning a network, Most public schools do llieir IT in 
house. Usually the technology director is a burned out 
leacher or librarian who is near retirement. That is all 
l hey can get. The old geezer is scared oul of their wits 
hy the 13 year old who knows more about network, ad- 
ministration than he/she does. They have no control and 
i hat drives them crazy. You can make a loi more money 
m the private sector so you are always dealing with 
.omebody who is way over his or her head. You have 
three options as a student: 


1. Hack the network and make it your ow n Realize 
that your teachers know more than you think. I cannot 
believe what students leave lying around on their open 
accounts, El you hack a system, you will make mistakes 
and sometimes these will bring the system crashing 
down. Then your old geezer technology director will be 
brought into the principal’s office and somebody will 

pay- 1 

2. Get your school to give you old equipment or set 
up ail organization that accepts computers from bust 
nesses and corporations in your area. Download UNIX 
and create a student network of yourowfi, Most princi- 
pals will go for this idea if you get a member oi the stu- 
dent government to sign on to it. Tell them that this will 
cut down on the problems that the school is having with 
their own networks, and that this will help you get into a 
good college, t Administrators and teachers love this 
sort of thing.) Get started on your Beowulf cluster. 

3. Do nothing and remain a pissed off alienated 
teenager, hacking into a bullshit school system. 

It is sad that l have to fell you the following truth. If 
you are from the middle -class, and arc an average stu- 
dent. you arc getting a very poor education. You need to 
educate yourself. Start off by getting a group together 
and picking up the Autobiography of Malcolm X. Read 
the entire book and talk about it with your friends. It is 
the story of a man who educated himself. If you are liv- 
ing in the hurbs and are white, His especially important 
for you to read this book, but be aware that this Is a very 
subversive act. Then read the Plato's Republic and get 
ahold of a really good book on UNIX. A 
philo soph er/h acker will have a bigger impact on society 
than just some kid smoking dope, watching TV, and 
wasting his/her time, A hacker is a revolutionary, and 
there H no more revolutionary or subversive act than to 
become educated. 

3 wish I could have a school filled with hackers. I'm 
waiting,,,.'' 

noname 

Technological Nightmares 

Dear 2600: 

In response to the comment by data refill in J7:4 
and the editor's comment* there is a technology that al- 
lows tracking of your toddler. The child wears an anklet, 
similar to house arrest anklets* and the 
parenVguardian/hackcr w ho has access to a custom web 
page can track the exact location of the child through 
Global Positioning System from anywhere in the world. 
Personally, 3 think this is a retarded thing to do. But 
i hat's just me. 

Xerxes 2695 

It's important to Explain why though. People will 
take your position more seriously. 

Dear 2600: 

Back in mid-November. 3 decided to get DSL ser- 
vice. I was told it was available in my area. I w m told it 
would take two weeks. That was almost three months 
ago. The turn-on date has gone from December 5lh to 
December 18th, to numerous other dales, to “’pending.” 
I give up. 

Jeffrey 


Spring 2001 


Pag e 51 


Y&u think ymt have problems? ft s standard practice 
where we are for Verizon to claim that a location does- 
n i qualify for DSL when the order is placed through a 
competing ISP. But they will then offer to hook the cus 
tamer up if they agree to use Venwn as their provider. 
This has become so commonplace that ISPs actually tell 
customers to expect it, 

Dear 2600: 

\ thought some people out there might tike 10 know 
about a new thing taxi eompiinies are using for their dis- 
patch instead of the radio. It's the new Mails tat ions. 
They're really cheap ($79) and it's a gnn>d idea tor the 
companies to use because with the c mail there will lx* 
no messed up address since it's right on the screen. The 
e-mail tor them works like this; It the company is Yd 
lowoab^ it would be eiiniiiinber^ ycllo wcab.com. Jlim 
play nrouad with it until you gel it to work. 

A Cireun A 

You \r inadvertently explained why this is a BAD 

idea. 

Dear 2600 : 

It appeal's that each and every individual entering 
the stadium for the Super Bowl had their “face 
scanned/ I ni happy and grateful that law enforcement 
is looking out for all of us in this sweet Orwellian fash- 
ion. Aren’t you? 

Dalai 

And the only reason we even know about this is be- 
cause they chose to tell us. 

Dear 2600 ; 

J’ve been a reader for all of two issues but 1 like 
what I've seen. I was just wondering if any of the 2600 
team or the readers had seen the piece about [he soft- 
ware used to identify terrorists at the Super Bowl. Ap- 
parently ii was never, ever designed to he used with a 
large crowd. In the report, they showed just six people 
walking past a security camera. One of their images had 
been specified as a known terrorist <no. he wasn't re 
ally) but die software jailed to identify him because it 
didn’t have time to collect multiple images while other 
people were walking around. In fact* the results often 
merged two or more faces together, creating images of 
nonexistent people. 

Wow. Not only do they invade your privacy, they 
do it badly. 

TheChaotic_l 

Don 'r worry, they 'll get better : 

i v/tT.. ' *jfii ' * k. dCt| 

Offerings 

\teur26W; 

First off, I myself am not a hacker I try to learn 
everything I can about the subject but l don't have the 
mind to sit still for eight hours trying numbers. Recently 
I got a job working for a survey firm that dials nation 
wide going over the phone surveys for such companies 
as NASDAQ, Prudential, Fidelity Investments, and 
such. In doing my eight hour shifts of dialing and dial- 
ing, 1 frequently come across data lines, For reasons 
which I can't explain {even to myself), 1 began record- 
ing these numbers. I have over a hundred now and I get 


about ten a day, Many of these numbers are probably 
just harmless business numbers but since our dialing is 
completely random. I'm sure there is something inter- 
esting in there, E am wondering if 2600 would be inter- 
ested in these numbers for personal use or for print. 
They are yours if you’d like, and I can gel you another 

a week if you want them updated. Let me know. 

Simon Jester 

It used to he that lists of interesting and mysterious 
numbers would always he circulating iti the hacker 
world. There are certain !y more numbers now than ever 
so we would welcome any such It si, If all the telemar- 
keters did this for us, we might cancel some of the con- 
tracts n r have out on them. 

F rum The Inside 

1 fear 2600: 

First, I must let you know how much I enjoy your 
zinc. It kicU ass - straight truth* facts, and pure knowl- 
edge without any mind polluting commercial advertis- 
ing crap. Sadly* now even Mad Magazine, a favorite of 
my youth, has caved ill to korporate Lisli and begun to 
accept advertising. How xydf 

Most importantly, I have to give props to my friend 
Zyklon for reintroducing me to 2600. 1 hadn’t read one 
since the early 90's. I'm also very pleased to say that at 
8:00 am PST today. Zyklon went home. Released from 
this freaking hellhole Unfortunately, like Kevin, he is 
not free lor a few more years, He said that il he is lucky, 
his P.O. will be mellow and let him use a computer, his 
under very unfortunate dream stances that E had the op- 
portunity to meet and get to know Eric a little. Hut I cer- 
tainly am quite glad to have met him and am pleased to 
count him among [hose few I call friends. He is an indi- 
vidual of great intelligence. He was, like others, sen 
on sly misunderstood and feared for his knowledge. 

James 

Dear 2600; 

Hi! With only seven or so hours of incarceration 
left, I thought I’d write and thank you for all you have 
done for me, and for spreading information to the public 
to help light the good fight. It was a gtKxl experience 
seeing our country, our society, and our government in 
action* and I have come to see what 2600 really stands 
for. 

1 wish you I nek with all your troubles, current and 
future, and hope for all our sakes that reason and free- 
dom will prevail, 

Eric Burns 

Welcome back Putting someone in prison for sim- 
ply hacking a web page still seems unbelievable to us. 
But we re glad you 're out and keeping a positive out- 
look on the whole thing, Further proof of a non- crimi- 
nal mind 


Page 52 


2600 Magazine 



by Kmmanuel Goldstein 

As a race* we must always redefine our 
boundaries. That which was impossible in 
the past becomes attainable and even com- 
monplace in the future. 1 he boundaries of 
tolerance have been in constant movement 
since the beginning of recorded history. In- 
deed, even the boundaries of space itself - 
ihe very edge of the uni verse - have not re- 
mained constant* 

Takedown is a movie that redraws the 
boundary of bad. To critics and movie 
buffs, this will be an inconvenience, as long 
established champions ot bad cinema such 
as Plan 9 From Outer Space or Watevworld 
may lose their spot m history to this relative 
newcomer. 

At 260(1 wc had to go to a bit of trouble 
to actually see this film. Since it's already 
been released in various countries around 
ihe world, it’s now possible hi see a video 
or DVD copy if you order it from one of 
these places, (It’s still a no show in the 
United States and after finally seeing it l 
can understand why.) We got ours from 
France - via www.amazon.fr - where the 
film goes by the name of Cyhertraque, 
Note that you will need a DVD player that 
can get around the region -locking nonsense 
that makes it a pain in the ass to view for- 
eign movies. The irony here is that this is 
an American film which most Americans 
are technically unable to view. Not that 
very many would want to* but the choice 
should be theirs. 

You see* none of us wanted it to come to 
this. Wc tried to stop this grossly inaccurate 
and unfair portrayal of the Kevin VI it nick 
story as soon as we found out about it back 
in 1998, It was based on an equally dis- 
torted and biased book of the same name 
w ritten by John Markoff and Tsttlomu Shi - 
momura way back in 1995, the year Mil- 


nick was arrested* And when wc saw the 
script* we knew something had to be done. 

I mean* Ihey portrayed this guy as a violent 
racist criminal who went through life cheat- 
ing and stealing. The one infamous scene 
wc objected to had Mitnick ambushing Shi- 
momura in a dark alleyway in Seattle 
where he then clubbed him on the head 
with a garbage can lid. (That scene was 
later removed.) 

Wc tried everything to reach the folks at 
Miramax - phone calls* visits, even a 
demonstration outside their New York of- 
fices* We never got a response. Fven when 
we visited the set in North Carolina, they 


Spring 2001 


Page 53 



wound up literally running away from us. 
They never believed that all we wanted to 
do was ensure that the story be told accu- 
rately since the guy they were portraying 
was stuck in prison unable to defend him- 
self* They probably believed that everyone 
in the hacker community exists simply to 
create mayhem. Reports that tillered down 
to us confirmed a high level of paranoia on 
the set. 

So it s little wonder that the film sucks, 
that foreign audiences worldwide have 
united in their rejection ol it, and that it 
may never get released in this country* Bad 
storytelling has a way of not working out. 

The DVD we received also contained a 
real life Kevin Mitnick interview, some- 
thing that surprised Mitnick quite a bit 
since he had never given permission for it 
to be included! The attaching of the real- 
life Mitnick" s image to this product falsely 
implies that he endorsed its release. He 
most certainly did not. 

From the opening moments, Takedown 
misses the boat on hackers in general and 
Mitnick in particular. TV images reveal the 
threat and fear of hackers, who engage in 
w idespread information distribution know n 
as ‘hacker communism ft gets worse. 
When Kevin and hi s friend Alex go to meet 
sleazy hacker “Icebreaker * (based on real- 
life hacker Agent Steal), it's in a strip bar. 
“You set up this meeting. ' Kevin (played 
by Skeet Ulrich) says disparagingly to the 
soon to be revealed federal informant. As if 
hackers operate by setting up meetings in 
the style of underworld crime figures. 

“This is where you get into trouble, " 
Alex (played by Donal Loguc) warns 
Kevin when he tries to find out more infor- 
mation about some computer system some- 
where. But Kevin is right there with an 
even blander response: “I just have to 
know." Said with all the passion of a mana- 
tee. 

Passion is just one of the qualities lack- 
ing m Takedown , where you're left with the 
overriding question: Why should 1 care 
what happens to any of these people? There 
are only two characters I liked in the film 
and both of them w ere minor roles - the tw o 
techies from Cellular One. Maybe they just 
seemed like the only human beings in a 
film of stick figures, I don't think Tve ever 
seen a larger assortment of sulky, sullen. 


spoiled brats in a single production. 

When Alex goes to meet Kevin in a dark 
alley w hile he's eluding the feds, he utters 
what is likely the most prophetic line of this 
90 minute ordeal: “Aren't you taking this 
cloak and dagger shit a little far?" 1 
changed my mind - 1 like Alex too. Because 
I know deep down he was aiming that line 
lit the director. 

Takedown never seems to synch into an 
actual plot at first it's about Kevin's at- 
tempts to learn about a phone service that 
allows any phone to be listened in on. Then 
it’s about a fictitious phone company called 
Nokitel and the obtaining/cracking of their 
source code. Then it’s Kevin vs. Tsutomu 
for no particular reason other lhan Tomu 
calling him “lame.” The ultimate insult, 
Then it's Kevin running from the FBI and 
becoming the Bionic Hacker as he leaps 
over fences in slow motion. And, naturally, 
in the end it s about a virus called Con- 
tempt that apparently can do everything 
from crashing planes to stealing money, 
Kevin has to enlist the help of 10,000 uni- 
versity computers to “crack the code” be- 
cause he ju^t “has to know.” All the while 
the FBI is stumbling over themselves to 
track him down while Psutomu sneers in 
the background at their incompetence. 

Apart from the amazing ability to make 
his face appear on the screens of computers 
that he’s hacking. Takedown s Mitnick has 
no special skills. He's just a nasty person 
who treats women like crap - he refers to 
his own mother as a bitch and tries to se- 
duce a big-toothed potential girlfriend into 
the world of scanning when all she wanted 
was sex. These little character traits of his 
were completely fabricated. They only 
show how the writers didn’t care at all 
about the real Mitnick whose integrity they 
were destroying. 

And don’t get me started on the techni- 
cal stupidity. Who the hell had fiat screen 
monitors in 19947 And why does Mitnick 
seem surprised that a payphone call costs 
35 cents? (He quickly solves that problem 
by holding up a tone dialer to the phone 
and... dialing touch tones ! How could any- 
one dare to call him lame?) I don't know 
what they were trying to imply w r hen an 
FBI agent was reading a headline and it lit- 
erally took ten seconds For tt to scroll by! 
And why in (iod’s name does Shimomura 


Page 54 


26(H) Magazine 


refer to an overheard phone call of Mil 
nick's as a modem call when it ’s quite obvi- 
ously to a fax machine?! 

But the biggest gaffe oi all lies in some- 
thing that was apparently edited out. All 
throughout the film, the main FBI guy 
(aptly named Gibson) is walking around 
with a huge unlit cigar in his mouth - even 
when he’s standing m his house after Mit- 
nick turns off his water, gas, and electric 
from a payphone, h never seems to leave 
his mouth. Yeah, it's gross an d disgusting, 
but what the hell is the point? Well, in the 
script, we realize that tins guy only lights 
the cigar after he captures the criminal. So 
guess what scene these geniuses decided to 
cut? This seems to have been patched to- 
gether with all the case ol the people who 
fill potholes in New York 

But don't take my word lor it. Read the 
profundities o I Takedmvn in its own words 
from various scenes: 

" Privacy ? Never heard of it. ” 


14 This is like no kind of code I've seen 
before . " 

"I'm a hacker Mitnick 's a cracker. Big 
difference , " 

"When you thought you were talking to 
Netcom, you were talking to me. 

You were the machine? 

Yes , / was . " 

M You did not get this from me. I do not 
want Kevin Mitnick coming after me . 

"He said I was lame l 

Kevin, he didn t know it was you. " 

if The question is how. : The question is 
always how . " 

In my opinion, the question is why. This 
travesty could have been prevented if only 
a dialogue had been established. Instead we 
have a film that actually makes region 
coding seem like a good idea. 



? Have you felt your life has no purpose because you 
missed 1I2K7 Well, it was a great conference so you 
should fed pretty had about missing it. no question 
there. But now there is a wav you can sort of attend 
even though it'll cost more and the people won't 
respond when you ask them questions. I hat's 
the 11 2k videos are here! W hile we didn't capture 
everything, we did manage to gel around 30 hours 
of the various panels, including Jello Bialra's 
J keynote address, the mock trial, social engineering, 
m DeCSS panels, and more. IF you were there, this is a 
great way to see the panels you missed or relive the 
ones vou saw. 


* 


All tapes are in YHN NT 'SC format, Vou can order 
here or at our online store < w w w, 2h00.com) w here 
more of a description for each panel is available. 

You can also listen to the audio from these panels on 
our w el 



Each video is $20 and runs between 90 minutes and 
two hours. Some videos have two tor even three!) 
panels per tape. 

2000 

l>0 Box 752 

Middle Island, NY 11953 
To order online, v isil w w vv .2600.com 


Spring 2001 


Page 55