i i r \ * jL jrs-V-^J r 1 1 "“i M" ^ 1 s ■ / ■ : <’ hart **w- t'O ,f , »;, jv< «i , v . . ■ •• f'H ■ V Whatever you choose to call it, this will, he the biggest hacki conference in the States to date! With nearly 50,000 squat feet to play with,' expect a variety of speakers, panel demonstrations, films, and a network like no other. July 12 to 14, 20 » V T. % Hotel Pennsylvania (Make hotel reservations at (212) 736-5000) Admission for the entire weekend is $50 You can register online at www.2600.com or send a check/money order by 6/15/02 to: 2600/H2K2 PO Box 752 Middle Island, NY 1 1953 USA m Check www.hope.net for updates! More details on page 56 Transaction Based Systems How to Regain Privacy on the Net Stupid Google Tricks Neat Stuff with Switchboard.com 11 Poor Man’s 3d 12 Appletalk Security Secrets 14 The Definitive Guide to Phreak Boxes 15 The Bungee Box 21 CampusWide Wide Open 22 Idiocy in the Telcos 26 dr Letters 30 _ __ • A : x T f i i •%. *■» ■ — - X .| .. , - JJ. -X 1 "i 4 A T -4“ / j ■—«» a Creative Cable Modem Configuration 40 Fun Password Facts 42 Defeating Network Address Translation 45 NSI Abuse 46 The Threat of a Lazy Admin 47 A Script for the Right Click Suppressed 53 Retail Hardware Revisited 54 More Radio Shack Facts 55 • i - -?■*< -VS 1 - .1 . ■> - r - - — nl»i -i.r* . - - - Marketplace 56 Meetings 58 "I realize that this bill basically says von con tap someone's phone lor jay walking, and normally I would say, 'No way.' But after what happened on September 11th, 1 say screw 'em."' - Dana Lee Dembrow, Democratic member of the Maryland House ot Delegates explaining her approval nl new bill that would greatly expand the ability of authorities to momlot e-mail and telephone traffic* Jaywalkers beware* Edi tor-1 n -Chief Emmanuel Goldstein Layout and Design ShapeShifter Cover Concept and Photo David A. Buchwaid, Bob Hardy Cover Design Mike Essl Office Manager Tampruf Writers; Bernie S., Billsf, Blue Whale, Noam Cfiomslcr, Erie Corley f Dalai, John Drake, Paul Estev, Mr- French, Thomas loom, Javamati, Joe330, Kingpin, Lucky 2 25, Kevin Mitnick, The Prophet, David Ruder man, Seraf, Silent Switchman, Scott Skinner, Mr- Upsetter Webmaster: Dominick LaTrappe Web Assistance; Juintz, Kerry Network Operations: CSS Special Projects: mlc Reinforcement: Delchi Broadcast Coordinators: Juintz, BluKmght, Monarch, Pete, daRonin, Digital Mercenary IRC Admins: Antipent, Autojack, DaRonin, Digital Mercenary, Porkchop, Roadie Inspirational Music: Asobi Seksu, Lalo Schifrin, Hal Hartley, BKackfeet Shout Outs: Colteen Anderson, Vinny, Jeremiah, Stafoburpofse, Doug Thomas, Free Speech TV, New Pacifica 2600(1SSN 0749-3851) ispiMisbed quarterly by 2600 Enterprises Inc. 7 Strong's Lane, Setauket, NY II 733. Second class postage penult paid at Seimiket, New York. POSTMASTER: Send address changes to 2600 , P.0. Box 752. Middle [stand. NY 1 1953-0752. Copyright (c ) 2002 2600 Enterprises. Inc. Yearly subscription: U.S. and Canada $18 individual. S50 corporate (U.S. funds). Overseas - S26 individual. corporate. Back issues available for 1984-2001 at S20 per year. $25 per year overseas. Individual issues available from 1988 on at $5 each. S6.25 each overseas. ADDRESS ALL SUBSCRIPTION CORRESPONDENCE TO: 2600 Subscription Dept., P.O. Box 752. Middle Island. NY 11953-0752 (stibs@2600.eoni). FOR LETTERS AND ARTICLE SUBMISSIONS, WRITE TO: 2600 Editorial Dept.. P.O. Box 99. Middle Island. NY 11953-0099 ( lette rs @ 2600.com . articles@2600.com). 2600 Office Line: 631-751-2600 2600 TAX Line: 631- 4744677 Page 4 2600 Magazine " ““W *— • A ime It's sometimes hard to imagine which causes mare harm corruption or indifference: One thing is be- coming clearer b\ the day. They're both needed to en- sure an ominous future. What’s been happening in our various govern- mental bodies is shameful. With each passing day it seems there's some other horrendous piece of legisla- tion on its way to becoming law Our rights as inch vidua! s are either being wiped away to benefit some corporate in teres; or being severely compromised in the name of September 1 1 . Either way it's a repugnant development, one which must lie fought on multiple levels by people of all backgrounds. The Digital Millennium Copyright Act (DMCA) is .something we’ve all become acquainted with in re cent years, Passed in 1998, ih t DMCA was designed to implement treaties signed at the World Intellectual Property Organization ( W I PO | back in 19% So far it's gotten us sued and gagged, a Russian programmer thrown into an American prison for writing software, and a whole host of intimidation tactics, lawsuits, and threats sent to individuals and companies all over the world. It is forever changing the concept of free use of technology and it s the foundation upon which even more dangerous laws are heing built The Consumer Broadband anti Digital Television Promotion Act (f’BDTPA), formerly the Security Sys- tems Standard'-, and Certification Act (SSSCAk is but one example. It sounds consumer- friendly but this hit nl legislation is going to make the DMCA look like kid stuff. Imagine it being illegal id disable tiny .secu- rity technology, regardless ol the reason. Or manda- tory restrictions of any feature which could be used to copy something, Entire operating systems could be outlawed- Computer security research will be crip- pled. Technology itself could conte lo a screeching bait since tr/friigiial technology will be forced to ad- here to a government -mandated standard. And we all know how long it takes any gen eminent to get a grasp on new technology. Going analog to avoid all this nonsense won't even be an option in many eases. Dig ital technology under these rules will be mandatory. Sake a took at what's happening to analog broad cast- ing to see how serious they are about this. The Copyright Arbitration Royalty Panel (CARP), an oilier offshoot of the DMCA, is targeting Internet radio as if it were the second coming of Salon. The DMCA determined that Internet broadcasters must pay a specific fee for playing commercial music on- line* regardless ol how badly degraded the quality is. CARP has come up w ith a tec Structure to enforce this which will now he decided upon by the U,S. Copy right Oil tec. That fee is actual ly based on a per sting, per listener equation which would not only bankrupt most small and independent broadcasters, bus would actually require them to keep track of their listeners, unlike their over-the-air counterparts. The overhead To Care of such an operation, not to mention the privacy con- cerns, will likely persuade most broadcasters to sim- ply shut down tmd let the more commercial interests take over. Of course, with enough support, this could actually come back to haunt the recording industry. Independent musicians alienated by the Recording In- dustry oi America (RIAA). not to mention many from other parts of the globe, may unite against this act of greed and create u new alternative sound. But who knows what new law s will spring up to thwart such a development once ii becomes a reality? It’s cleat that anything seen as a threat to those who manage to ac quire everything will be quickly struck down in one way or another. And of course we will always have gems like the Communications Decency Act (CD A), which was overturned by the Supreme Court in 1997 as an un- constitutional attack on free speech. That led to the Child Online Protection Act (COPA), passed in 1998. which basically threatened to reduce the Internet to a playground for kids, imposing severe criminal and civil penalties on providers who may have "inappro- priate material" somewhere. Despite its being struck down by a court in 1 999 t more variations just keep on coming Now it’s the Children’s Internet Protection Act KlPA). which wem into effect Iasi vear. This lime m libraries were targeted Those that don't comply with mandated blocking and li lie ring standards wilt lose funding, And the dance continues. There's DCS- 1 000 (more aptly named "Carni- vore" in the past), the mysterious l : BI e-mail snooping program installed in the offices of Internet Service Providers nationwide. And there's Magic Lantern, an- other Hi! project, which reportedly infiltrates a user ’s computer via an e-mail attachment and then sets up monitoring software which can capture keystrokes, thereby helping to make encryption futile, Wc could even talk about the badly thought out USA Patriot act (which actually stands for "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism") and all of its attacks on fundamental freedoms, not to mention the preponderance ol imitators which seek lo destroy what it is our nation stands for as some sort of way of attacking those who want to destroy what it is our nation stands for It's easy to become completely overwhelmed by all of this and, as a defense mechanism, to simply shut down and stop paying attention, In fact, this Is rather essential in order for such cru/y laws to work in the first place. Imagine what would happen if everyone realized the threat, H everyone understood the tech- nology, The secret dial is luring kept from most A that people jxiwer doe* work that activism is effective, and that "eternal vigilance means l ontinuous action, not simply quoted words This is where the hacker world comes in. Unlike Spring 2002 Page 5 legislators and unlike those who have become swal lowed up by the "industry," we have an understanding of Ihe technology an d the ability' and desire to commu- nicate with others outside our work! What belter way to translate the evils ol these new laws into terms that even one's grandmother could understand? i'li ere are many groups already involved KFF. EPIC, the ACLU, and more. They are all in desperate need of support. UN absolutely vital that we help to take on this task. A look at many websites and hand- outs ounce ruing tbe>e issues shows that many quickly become lost in legal or technical jargon that means nothing to the average person. The result is that the ac- tual threat never bums icsclf into that person \ mind and it becomes a non- issue to them from that point on. We can help to lis ihat. This will be one ol the goals at 1I2K2 this July. Phere will be many people from outside the hacker world who will come to hear what we have to cay arid who will be in a position to help us greatly if the facts arc made clear to them. We need to come up with a comprehensive plan |o light not only what has already been proposed and adopted, but alt of the future legis iatuur (hai current fy only exists in some warped law makers' minds. To do this, we will need to predict bow their corrupted logic will proceed and be able to m spire those who might otherwise not care. It s going to be a long and hard battle and die odds are already cleady against us,. Can you think of a reason nos to get involved right away? by S ta nkDaw g @ h ot nia i I xoro Let's jump right in lo the first question: "Wtiat the bell is a transaction based system?" Wei!., iris' »S* straight forward as it sounds. It is a system that works using nun sac turns lo process data. Retn^miV her ib at interactive processing shows immediate re-\\ suits, hut batch processing takes more rime. Transaction based systems are exclusive to batch processing (although some systems may support both types of access i For example, when you go to http:// store, ya- h no co m/2600hac ker/ (plug, plug...! or some ot her online shopping site, you add things to your shop- ping can and IhcEi finally go lo checkout This is where you can sec transaction processing happen. Do you think a little bell rings somewhere an a warehouse and someone rum to get your product right away? No, it will create a transaction Ihat per- forms several functions. First, it will send the actual order to 2600 notifying them of their obligation. It ■■ if Ja ijg W £*£■ sue dch uiTdy keeps records bf die r own titans. Bu( ibis unk-k Is .to? about being lebed or tracked by Big Brother, so I digress, f realize what happens to your data in transaction processing and you understand that it is stored -some where. What good o ill is i it forma tror to y*x/? C>:ick ymr Knuckles and stretch be- cause it is time to get todinical, Transaciions run on s6me son of regular cycle that is determined bjflfjaeh individual company, Gen era! ly, lha [ is (o run the transaction c y dec nee; pet day (you e\ or .seen that warning that il may take 2^iioni > lo process your transaction?). Some com- panies run these programs hourly or even more fre-t quern l y, but this is stressful on a system. While there lias been a trend moving towards live" in- vernory and order processing, it is still in its in- fancy. Generally, all of the orders taken at a particular site will get stored in a temporary file in the form of transactions. These transactions have also submits a transaction to Ihe credit card com- pany with details of the purchase and a ded/do wnlc >a ded files. W ho Gels This Information and How? Some companies, such as Doubleclick, create large databases of such information, which are used by target advertising companies or which can be sold to any interested buyers. Have you ever wondered why every copy of Netscape running on Microsoft Windows defaults to honie.- tieLscape.com as a home page and the Internet Ex- plorer browser defaults to www.rusn.com? Another method that web sites use to track vis- itors is a special feature called a cookie, which contains a small amount of information transmit- ted bet w £ t n a web serve r and a brow sec Cookies can contain your username/TD, computer type. IP address, and server location Ever heard ot web bugs (also known as dear CiiFs)? Like cookies, web bugs are electronic tags that help web sites and advertisers track visitors' whereabouts in cyberspace, The placement of a web bug on a page allows the site hosting the ban- ner ad to know your IP address and the page that you visited, Ilus can be further correlated to cookie information that may He sent by your Spring 2002 Page 7 browser as pan of the request to retrieve the page But web bugs are invisible on I he page and are much smaller, about the size of (he period at tlse end of l Ins sentence, Unlike cookies* people ean'i see web bugs and anti-cookie filters won’t catch them. Browsers also contain other useful data tor those who know how to make use of it, such as hit logging and QUID numbers, as used by Mi- crosoft's internet Explorer. Hit logging keeps track of all of your offline activities. When you click on a banner ad. a record is made of how long you looked at it and what ad you clicked on. as well as personal information stored by the IE browser. I lit logging Is also designed to "phone home" to the server that created it. GUID numbers are randomly generated Guar- anteed Unique" or "Globally Unique" ID numbers. It’s highly unlikely that these numbers will ever occur twice across the planet. They are the ulti- mate "electronic dog tag" and can survive even if you kill the cookies and remove the "spyware." Since the GUID number is kept on your sys- t e m , it can be r eq ue st ed at any t i me . And s i nee M i - crasoft has it on its databases - along with your name, address, and other registration details - the potential for creating a system that tracks your every online move is enormous. And there's even morel Did you know that if you’re on a network, every Office 97 file you create could be traced back to you? Th ft is because Office 97 attaches its own permanent til HD to everything you create. So if you send a document to your best friend and she deletes its entire contents, replaces it with abuse about your boss, adds a macro virus to iu renames it, and sends it lo everyone in vour company, ii T s still got your address on it as the originator 1 You can see what GUID looks like by opening ary Of- fice 97 Word hie with Notepad and searching for the phrase GUID, A lew bytes later, you'll find an ID number broken up with spaces inside two curly braces. By the way. GUVD helped to capture a cre- ator of the Melissa virus. But that's another story. Other applications and companies that use "spyware" and "phone home are Real Netw ork s ReaJJukebox. PKZip. 2 Bubble*. ( uieFTP. and many others. SurFMonkey is an application that's supposed to block Internet sites inappropriate for kids, but it also keeps their personal l IX phone number, and err at I address. Radiate is a company that serves the sharew are market. Popular applica- tions such as GOIZilla. Tree Solitaire, and Get Right come embedded with an automated ad- serving spyware" package created by Radiate More than 400 different applications have this pro gram embedded w ithin them. The Comet Cursor from Comet Systems is cur- sor software that replaces the standard screen cur- sot with many funny-looking cartoon characters that appeal to kids, such as Garfield and Pokemon, This is free software, hut while users think they’re gelling just a cute cursor, in reality every time they visit any ot 60,000 web sites supporting Comet Cursor technology, it will re (ion the user’s unique serial number back to C omet Systems, Therefore a profile of the user's interests can be compiled, and targeted ads can be served up to the users (There’s no such thing as a free lunch!) fit this article, we'd show- wfiaf you am do to minimize, and sometimes prevent, submitting in formation to die Internet on your behalf. Even d you continue to allow' it to happen, at least you'll he aware of how they do it. C 'or ikies and Web Bugs When you revisit an Internet server, your browser shares the cookie previously installed on your hard drive, providing information that quickly identities you. Whenever you hit a Web site supported by advertising, the ad server reads the cookie from your machine. The ad server then uses your cookie to look up your profile and deter- mine which ad to serve to you dynamically, based on the interests it's gleaned from your surfing ac- tivities at its member sites. The ad server also records which advertisements you've clicked through. I he type of ad and the amount of time you've spent at the site is also captured. Also keep in mind fha? cookies, the subject o) several law- suits* are sent in clear text, in both directions, whenever encryption isn't used. It you use Internet Explorer on Windows 2000, you can see. your cookies by opening the Docu- ments and Settings^ Your Profile ]\Coukies direc- tory. The cookie folder consists of several files, each ot which is a text file containing an actual cookie value. Eor more information about how Mi- crosoft bakes" cookies check the Cookies with Your Coffee” article ai http; //msdit micraso fi- . co m/I i bra ry / de fau 1 1 . as p 7 1 1 r I -i ! i brary / e n - us/dn _v o i ces w ebm en/li t in 1/we bm e nO 5 2797. as p Microsoft IE 5.0 has a lot of menu and dialog changes, but you can still disable cookies. Go to the Tool sJ i ntemet Options/Security menu. In there, you can choose the security level for four different browsing conditions: Internet Sites, Local Sites. " Trusted" Sites, and Restricted Sites If you select "Internet’ 1 , and click on Custom Level, you'll get a dialog box where you can accept all warn before accepting, or reject all cookies. Once a cookie is rejected, it is thrown out and not saved to memory or disk. Don't forget, though, that servers will keep looking for ihe cookie even if you have discarded it and may try to replace it as you surf around Remember also that some web sites (such as www.hotmail.com) require cookies You can mol login into such websites if you've dis- abled cookies. Netscape users can also see their cookies found in the C:\Program I : iles\Netsuape\Users\[Your pro- lilelWooi.ies.txt tile. This rile consists of a block of ASCII text. Briefly, what you can see in this file is: Domain The domain that created and can read Page 8 260 This web hug was placed on the home page by Microsoft's site www.bcentral.com to provide spy" information about visitors to ads.msn.com. By the way, this site contains more than ten web bugs! Email web bugs are also represented as I -by - 1 pixel IMG tags jusi like w eb bugs for web pages. However, because the sender of the message al- ready knows your email address, they also could include the email address in the web bug URL. The email address can be in plain text or en- crypted , Web bugs used with emails allow the measure- ment of how many people have viewed the same email message in a marketing campaign. They help to detect whether someone has viewed a mes- sage. (People who don't view a message arc re- moved from the list for future mailings. ) They also help to synchronize a web browser cookie to a par- ticular email address, allowing a web site to know the identity of people who come to the site at a later date. Using web bugs also allows the sender of an entail message to see what has been written when the message is forwarded with comments to other rec ipient s (http: 7/w w w, pri v a e y ft >u nd ati on . o rg/pri - v acy watch/report, asp 7 id=54&acticuM)), For a demonstration of bugged email see http ;//m ac k ray, .co m/ trie ky b i t/ readrccc i pt/ . For more information,, check the web bug FAQ at http://www.eff.org/Pri vacy/Marketi ngA web bug hunt or see the web bag gallery at hup :// w w w. bi ig i icsi s.org/e xample s.html . You ea n use a free web bug detector plug-in for IE called Bugnosis by the Privacy Foundation h tt p :// w w w . bug nos i s, o rg/. Proxies, Anonymity Providing Servers, and Remailers One can remain anonymous while web surfing by using a proxy server. A proxy acts as an inter- mediary, routing communications between clients and the rest of a network, Web proxies can hide your IP address and allow you to stay anonymous. If you don't use any proxy server yet, you may choose one from a free proxy public servers list al Http: f/i oo Is . ro si n siru men t .cori i/prox y. T< > con I i gi Ere your Internet Explorer 5,0 browser to use a proxy, go to the Pools/ Internet Options/C on flections menu bar. Click on the Setup and follow the In- structions on the screen. Check the Manual Proxy Server option and click on the Next Pm (he host name of the proxy you re going to use and a port number (provided by proxy server). To check whether your proxy server reveals your IP address, go to htlp://w w w.all-nettools.com/pr.htm. If you gel the message 'Proxy Server Detected!' 1 , then l here's a security hole in your proxy and informa- lion about your real IP address is listed. (In this ease, try to use another proxy.) It the message is "Proxy Server Not Detected 11 , everything should be OK. Netscape users can add a proxy by going to Ed i 1/ Prefe re nces/ A l. I va need/Proxy. If you don't want to use a proxy server, try one of the anonymity providing servers listed below. These servers act as a proxy since weh pages are retrieved by them rather than by the person actu- ally browsing the web (you). Go to one of these web sites and jusl type a URL. you want to visit - Spring 2002 Page 9 i he server does the job for you , securing you from many potential dangers. Some of the Anonymity Providing Servers Available Servers with SSL Support A n ony niv th : h tt p: //ww w, an on y i n v t h co 1 1 1 Oranga tango: htt p :// w w w . o ra n ga lango, co 1 i 1 /h ome/ i nde x.ns.html Rjewebber: http ://w ww t rewe b be r. com and hup:// wwwainon.de 5 enters without SSL Si tpport A n ony m ou se: http :// 1 10 n y m ou se . c om A non ym rzer; fit t f > :/Av w w . a non ym t zee cot n S i ege So ft: htt p :// w ww. s i egeso ft . com A not 'i y m ytb uses 5 1 2-bit SSL one ry ption for ai 1 HTTP data, which prevents your ISP from tracking your Internet activities. The only traces ibal are left from your browsing are in your browser history list. If you want to remain anonymous while send- ing emails, you can use a remailer. This is a special service that receives an email message from yon, then readdresses it, and sends it to I he person you want to send it to. During the process, any headers that might point back to you are removed, Many remailers arc available on the Internet; some of them tel you put a fake return address, but most of them directly state dial the message is sent from an anonymous source. One nt these web-based re- mailers can be found at https://ssl.dm3 m. com/- heip/remailer.html for a list of remailers cheek http:// seeu H l y. t ao . ea/e i na i 1 ,s h t m t . Other Useful l ips You may want to clear out your browser 's his- tory list, rids is something that should be done each time you're finished with your browsing if you don't want someone to be able to easily see where you've been surfing (it you share your Win- dows workstation or server). To do this for Internet Explorer 5,0: < lick, i he Tools menu bar. Choose Internet Options, t )ti the General tab. click Clear History, When it asks "Delete all i tents in your History folder?" dick OK. Click the OK button at the bottom of the Intel net Options window. Another place that your web trail is recorded is the cache directory - a temporary storage area lot recently visited pages and images. Ehc cache ah lows for repeatedly visited Web sites to show up mom quickly when you reload them into your browser. If you don't want people to read youi cache it should be deleted. Note, however, I hat on slower machines with slow connections, this will result in a noticeable decrease in the speed when your computer brings up previously visited web pages, fo delete your cache on IE 5.0: Choose Internet Options from IE’s fools menu. Locate the Temporary Internet Files heading, click the Delete Files button, and choose OK when prompted. Click the OK button at the bottom of the Inter- net Options window. flase and restart your browser. Netscape users may go to the Ed it /Prefer- ences/Navi gator menu to delete your browsers history list and lo the Edil/Prefcrences/Naviga- ror/Cache to clean up your browser’s cache. Bala nee Your Paranoia This article isn't intended to frighten you. lust remember that there isn't much privacy on the In- ternet. So think carefully about which sites you choose to visit, and think twice before you provide any information about yourself. Stupid Google Tricks by Particle Bored Google.com has long been the undisputed king of search engines, yet few arc aware of its power as a hacking tool. 1 have discovered a few features that are sure to provide hours of fun for the whole family, Fo waste a lew seconds oi your life you can change the language via the Language Tools link on the main page, it is possible to change the lan- guage of the interface to anything from Bengali to Telugu. but I prefer Elmer Fluid , Do not attempt to use the Hacker language w hile under the influence of caffeine, as you are likely to kick a hole in your monitor. One of the features that gets me quite aroused is Google's ability to search files with a specific DOS extension. This is done by submitting a query in the following format: sen n h S e n ns fit etype , r ext where search terms are. uh, your search terms, and ext is a typical DOS file extension. Searches of x Is and mdb tiles are great for finding things like customer lists. You can even search text within vbs and dll files. As far as 1 can tell there are no limits as to the file type, so there is plenty of room for creativity. I’m sure all of you have visited a worthless web site where you can't locate information even if you use their search engine, like sun.com. Well, let Google search their site for you. Using sun.com Page 10 2600 Magazine as an example, simply use the format; search terms site: sun.com and you will probably find w hat you seek. Another cool feature is the ability to search for ^iies that link to a specific site. Not only can you use this to discover who is linking to your web site, but it is good for quickly finding all of an interna- tional company’s web sites. Tor sun.com 1 would use the format: search terms Unit: sum corn Use only the domain name or you will restrict the results As for restricting results, there are times you will need to search only the title since searching all of the text yield , far too many hits. Searching titles only can be done with this: alkali fie: search terms I'm not sure why they changed the syntax on this one. Note the space after (he colon, too. Google is great for working with phone num- bers as well. Searching on an area code and prefix will quickly give you the location of an unknown target since one of the hits is likely to contain art address. Hut wait Google can do reverse lookups, too! Simply enter the area code and phone number fin dashed format) as the query. You may want to use this final trick quickly, since 1 fear the functionality may disappear soon after this article is published. Have you ever found the perfect document, only to be denied access be- cause the .mil sue where it resides doesn't like your source IP? If you look within the query re suits you will hopefully find links that say "Cached” or "View as HTML”, follow the link and you will be able to view Google s copy of the document. by Cmming Linguist n i n n i ng I i n gu is t & h us h ina i I. com Switchboard.com - its the Yellow Pages. Electn- i ] ed Suit c h b oard .co m is an online di rev l ory o f c i t - izenx nationwide, You can find friends, family, or anyone listed with a name yon know. In many uses, you l! come up with more than one listing tor a specified name. One of the cool things about Switch board, com is the fact that if a person has all of their information you might be able to find a lot more information than you intended. On a search lor my name, 1 found one ol me listed in my area and found Ids complete address, all three of his phone numbers, and all of his e-mail addresses, Switchboard com also provides hours of enter- vummeru tor the bored teenage-] in his room with nothing to do, Searching for one mister Hairy Balls provides bands of laughs, as does searching for Dick Paine and Harry Butts. But now. on to the real stuff.,. Like the Anuizon.com mishap a while back, where people could w rite comments about a book is rhe author of that book, Switchboard.com al- lows you to add or delete users listed without any authentication whatsoever, except an e-mail ad- dress. When I searched For my information, l did- u’t find me, hut l bound my mother and father. I opted to delete their listings from the database of pe o pie, s o 1 took r he a ppn :> pr i ate * t e p s by clicking nn their names (which appear in hold text), click- ing the Update Listing 1 ' link on die right-hand menu, and clicking the button Libeled "Ren;--- Listing", (You can also -update the fisting, also by simply enteri )tg. ; a n e-m a j 1 a d d re s s w h i ch no -doul >1 you'll throw away at Yahoo? -s expense.) Auer en- tering an e-nun nddre.ss 1 shan’t use again, ! re- ceived a link in:-th$ von I i rotation mail which 1 was instructed to click. After 1 complied J was directed to a page that o ld -i ne the 1 1 m tig was m m <, > v ed. You can modify • ; dd etc any pew*-. i s account. Lm sure Sac V- in So m c where, USA? w on' t be loo pleased if his family es looking for his phone number online and dials Ms. Trixy's House of Sexy Sexual Sex by mistake. Or if (hey can’t find it at all. Adding a listing is not a problem, either Here’s one some fellow posted: tmpd/www. swilchboard.com/l-jin/cg i nbr.dl I ?| D=50O683995& MEM= 1 & FLING =MOK K&TYPE= 1 007, In retrospect, 1 suppose you really can't use any kind of security measure to ensure a random per- son doesn't delete your listing. I mean, the listings cm! up there one w ay or another; I know my father didn't add bis listing He probably pul his name and address on a form somewhere, and whoosh, he w as i n a n at i on a 1 online di rec r o ry . Just thought I'd share this fun little story with you. Tf Kinks to C hi for show in# me the fan / can have while hared and watching The Mummy Re- turns ail day cvety day. I And III sec VeUr and R etd Van re i n s eh oaf. f Spring 2002 Page It by dktboflk diabolikt^nitric.nci This article will explain how lo lake those cheap '3D glasses" you gel in cereal boxes and comic books and use them with Winamp s AVS studio to create very realistic 3D spectrum ana- lyzer effects and trip for days. It's pretty simple and amazing. When it works, you can get effects reaching about a foot to two feel out of your screen toward you. Very nippy. The trick to achieving a 3D effect from your monitor is a pair of those old 3D glasses” you'd get as a kid to turn red and blue lines into a shitty purple picture that w&& sort of, but not {juke, 3D, Disclaimer: You can hurt your eyes doing this. The day after 1 figured it out, I woke up with a pretty had headache. You can experience any- thing from nausea to tiredness and just a plain bad headache. If those "Magic Eye 1 things weren't for you, don't attempt this Use a’ your own risk it's non my fault. Don’t blame rue. What You Will Need A computer. (Actually, although it’s not that ijiren.se graphically, you should have a, pretty good video card, 1 he higher the frame rate, the nicer this effect looks. More importantly a low resolution will force the spectrum analyzers to cancel each other out more often and will m.stdl w distorted pictures.) A pair tfj 3D glasses. (These ;ire the ones with a piece of red cellophane on one eye and blue cel- lophane on the other. The ones I'm using have red over the left eye and blue over the Eight. If yours are n l the sanies we ar T h e m bae k w aids i > r mod my code.) WinAMP with /H\V studio, (These are what I wrote the '3D mod" presets in,) You'll want to be fullscreening these effects at 640x480, although yesterday l was ICQing white I had a portion of my monitor displaying the AVS and the effect was uobceable- it hurt a lot mote, too. Booming techno always helps. Aphex Iwim Clint Mansell.,, whatever floats your boat. How to Make the Presets You can download tire presets from hllp;//d)nsinik7.hypermart.nel/ T but 1 strongly suggest writing your own. The AVS presets I wrote art si triple spectrum analyzers, a blue ana- lyzer with a red analyzer offset to the right of the blue, The more the Iw'o are offset, the closer to your eyes they appear, in Winamp V AVS Studio, the x and y coordinates of the screen begin at -1 and end at ft to matter what the resolution is. In order to make the analyzers appear to be bulging out of the screen, the offset between the red and blue analyzers (I’ll just refer to this as the offset from mwv on) must vary, A good value for the off- set l found was c * e o s( 2 * y ) +0 . (75 for vertical si ope s and c *e o^( 2 * x )+4 ) 05 tot h ori zo ntal sh >pes . where c is a value of from 0.05 to 0,2, (Note: these values work well for a 14" monitor at about two feet away. You may have to modify this range in order to suit your setup.) Since the scopes are offset horizontally, it is easier to see a vertical scope in 3D because the two scopes will cancel each other out less - this is where a higher resolu- tion comes into play. The higher the detail of the scopes, the less one scope will overwrite its com- panions position, and the better looking this result, To make a throbbing vertical scope, try the follow mg ft Open the AVS Studio, (Stan the vi«ualizsi| tion and double dick in the window. ) Make a new preset. 2. Add a tmns/fade ( + -> irans -> fadeouO. Set it to be fast enough you can slow it later if you i like the effect. Personally I just click on "Main" and check off ’“clear every frame" so the effect is i as clean as possible. 3, Add a Superscope (+ -> render -> Super- scope J wjth (he following settings: I nit: it =40; t~0; tv -0.1 pit = I; Per frame: t—t^0.9+ivH 1 1 ; Per Point: \ = f + \ *(prg/sofiw are/ i n acts pwd/ mac fspwd ,c + The perceived simplicity of AppleShare IP (A5IP) makes it appealing to novice administra- tors who typically have little appreciation for se- curity. Out of the box, AS/P is very secure btrt certain steps can be taken to harden the out of the box configuration. One of the biggest drawbacks Page 14 2600 Magazine of AS IP is its inability to keep access Jogs. (The web am! mail server do log activity, but rile shar- ing does not.) It is possible to get a list of users currently connected to the server, the connection method, and when they logged on, but this data is not written to any tile so once they log off, all this information is lost. A SIP makes the enumeration of valid ii^er names a trivia! task due to the fact that security was sacrificed for ease of use. When you use the AppleShare client to log onto a server, the return result from the server can be used to brute force valid usernames. When an invalid username ts en- tered, the server responds w ith a kOAMErrMem- lierObjectNotFpund (error n29312) which translates to "Unknown user, invalid password or the Login is disabled,,..'', but when a valid user- name with an invalid password is sent, the server respon ds with k O A M Err Yu the n heal i oriError (er ror n 29360 ) which translates to "Horry, the pass, word you entered is incorrect.,," With this it would be possible to write a script to read in user names from a tile and mimic the login process and parse the result to brute force enumerate valid usernames. To protect yourself against this, make sure that the server disables accounts after multi- ple tailed login attempts. With dws feature and a secure user password in place, brute forcing be- comes much more difficult, if not impossible The drawback is that ASfPonly allows you to config- ure the minimum characters in a password You are unable to force a user to mis numbers and let- ters, and you are unable to "blacklist" certain words like "password". The final topic I will address in this article is related to user authentication The algorithms for all of the AppleShare authentication methods are public. Tile most widely used authentication method b 2 Way randnum that sends two S byte l)HS encrypted random numbers over the net- work From a computational standpoint the algo- rithm is exactly as strong as 56-bit l>ES and it has a password length HmvV of eight characters. It is vulnerable to an offline password guessing attack similar to running crack against n Unix passwd tile, Apple has developed a new authentication method that addresses the weaknesses of 2 Way randnum. called DHX. DHX uses Piffle Heilman key exchange to create a 128-bit session kev and then, sends a 64 -character password to the server encrypted with CAST 128 Its strength is approxi- mately equivalent to 128-bil SSL. > have only scratched the surface of the numer- ous potential vulnerabilities of AppleTalk net- works. In reality, on a well- con figured AppleTalk network, it can be incredibly difficulty to bypass security. Lot certain voo Is and techniques can cre- ate access paths into your systems. I hope this arti de has sparked an interest, and system administrators will take a closer look at their net- works. by Elf Qrin i w w w.ElfQrinxom ) Traditionally in the phreuker culture, any de- vice thought to be connected to a phone line is called a "box" and is named after a color since (he first "blue box" invented by Captain Crunch, the father of the phreak scene. Since all colors were quickly used for this purpose, other fanciful names began to be used to name boxes. Eve tried to make a definitive list of all the known "color boxes" with a brief description of each. I’ve done a lot of research to find and classify the m a I ! . re a d i ng th mu g h a bo u 1 3( K) doe u i nen t s . I n most eases I've used quotes from the original doc- uments for the descriptions. Since most boxes were invented in the ‘80s or early ‘90s, this article is mainly meant for infor- mative and historical purposes. Many of these boxes don't work nowadays, (Some may never have worked at all,} However, some still do. And sometimes similar models can even be found in stores, I've catalogued 94 phreak boxes of 75 differ- ! ent kinds (counting only boxes with different functions), and 17 aliases (same box with a differ- ent name), I’ve also included live non-phreak boxes o| four different kinds {boxes not meant to be plugged i litre rfre phone hue - they're meant for use with the eleefrk Ime or soincfhing.el.se). The raw mtal iff 99 boxes of 7 Vf kinds and 17 aliases, which adds up to 1 16 box names. When the name of a box is included between paremhesevThe box name is actually just an alias of another box. When the name gj a pox is included between square brackets',, the box has been created or rein- vented by someone else using a different scheme : and/or different components. When lhere Y s one box that uses the name of an I already existing box (supposedly because the au I thor was unaware of ]\ Eve added to it a sequen- tial number between parentheses, such as (2). (3), ; etc. Spring 2002 Page 15 (2600 Bo x) (another name for the Blue Box). See Blue Box. A cry lie Box (aka Extended Bud Box). The purpose of this box is to get Three- Wav Calling. Call Waning, programmable Call Forwarding. and an easier way of extended Bud Boxing, stealing them from the fortunate ones on your block, Cre- ated by The Pimp, ALF Box. A tone generator for the Apple lie with an ALT Music Synthesizer Card. Created by Sir Briggs of the SouthCemra] Discount Ware- meisters (SCDW)oi' Texas. Aqua Bow Every true phreaker lives m fear of the dreaded EBJ, Lock in Trace/ Lor a long time, it was impossible to escape from lire lock in trace. This box offers, an "escape route" by lower- ing the voltage on the phone line. Concept by Cap- tain Xero x . PI arts by : The T ra velcr, Assassin Box (sometimes misspelled as As- sasin Box. Asassin Box, Asasin Box). A box de- signed to scare, harm, or kill people at the phone h\ a shock of electricity right in the car as soon as the victim starts dialing u number Dris box was designed, because its authors, after trying a Day- Glo Box for some weeks "were bored and decided to move on to telephone terrorism " Linked by Grim Reaper. [Beagan Box! (sometimes misspelled us Be- gan Box i [similar to Beige Box, Beige Box Revis- ited, Day-Glo Box j Sec Beige Box. Concept and Design; Black Box Bela Testing: Lord Reagan. Beige Box /similar Jo Beagan Box. Beige Box Revisited. Bud Box, Day-Glo Box], A homemade lineman’s handset, also known as REMOBS (RE- Mote OB serving Systems) With a Beige Box you can do the following things: "Eavesdropping; long distance, static- free free tone calls to phriends; di- aling direct to Alliance Conferencing (also static- free); phuking up people; bothering the operator at little risk to yourself; blue boxing with a greatly reduced chance of getting caught;, anything a I all that you want, since you are an extension on lhai line." Invented by The Exterminator and Fhe Ter- minal Man, Date: Friday, May 17, 1985. {Beige Box Revisited ( [similar to Beagan Box. Beige Box. Day-Glo ftuxj. See Beige Box. By Mercenary. Yean 1 992 or later. Black Box , A Black Box is a device that is hooked up to your tone lhai fixes is so that when you get a call, the caller doesn't get charged for the call This is good for calls up to a half hour. After that the tone company gets suspicious, and then you can guess what happens. The original box was created in the USA There are modified versions for other countries. Original author unknown. 1 1 K Black Box by K.S. Reach of The Hackers Acad- cun (March 1988). Greek Black Box by Fabulist and Enigma (year 1992), Blast Box , All a Blast Box is is a really cheap amplifier (around five walls or so) connected in place of the microphone on your telephone meant to talk to someone on the phone who just doesn't shut up. Blast Box H. Similar to ihe Blast Box, but de- signed to blow up other people’s computers, in- stead of their ears. Bleeper Box [UK version of the Blue Box], fhe United Kingdom's own version of the Blue Box, modi lied to work with the UK/s phone sys- tem. Based on the same principles. However, British Telecom uses two sets of frequencies, for- ward and backward Blotto Box. For years now every pirate has dreamed of the Blotto Box. It w as at first made as a joke to mock more ignorant people into thinking that the function of ii actually was possible. This box quite simply, can turn off the phone lines everywhere. Originally conceived by King Blotto. Created b> The Traveler, Blue Box (aka 2600 Box). I he mother of all boxes. The lirst box in history which started the whole ph making scene. Invented by John Draper (Lika ’C aptu i n On nc h " ,1 in t he va ri y 60 ‘s, w ho dr s- , covered that by sending a tone of 2600H / over the telephone lines ot AT&T, it was possible to make free calls. In the 1960’s, the makers of CapTi Crunch breakfast cereal offered a toy-w histle prize in every box as a treat for the Cap'll Crunch set, Somehow John Draper (who called himself "Cap- tain Crunch" since then) discovered that the toy whistle just happened to produce a perfect 2600- cycle tone. Discovered by Captain Crunch (John Draper). Year: early 1960's, (Blue Coo Box) t short name for the Blue Con- ference Box). See Blue Conference Box. Blue Conference Box (aka Blue Con Box), A Blue Box and a Con Box combined. Bottle -Nosed Gray Box | Selective version of the Rainbow Box}. This box will do damage to only your phone, the line between you and your enemy, and your enemy’s modem, whereas the Rainbow Box just takes everything out. By The Dolphin that came from Belmont. [ Brown Boxj (aka Opaque Box) [similar to Con Box, Party Box. Three Box]. Created by The Doc, Bud Box . This box is quite similar to a Beige Box. except this is a portable unit. It is extremely handy for free voice calls and tapping a nearby house’ s line. Invented by Dr. D-Code and Lire Pimp of The Slaughtered Chic ken. Busy Box. This box is attached to the outside of the person's house in their telephone box. It makes it so that when any phone inside (hat house is picked up, no dial tone is heard and no calls can be received or sent. This is good for lame BBS's as they tend not to call out much, and it will remain undetected for a longer period of time. I nvented by Black Death. Charging Box (aka Light Box), 'his box is used to indicate when a call is being charged for and when it is not. Once installed, the box has two lights, Lt green one and a red one. Green means free and red shows that you arc being charged. Created Page 16 2600 Magazine by Stinky Pig Productions (a LI team} ( Chart ft ox) (short name for the Chartreuse Box )* See Chartreuse Box. Chartreuse Box (aka Chart Box, Obnoxious Box). Your telephone line is a constant power source. This box is designed to allow you to tap that power source and give you up to 12 volts (more if you use a transformer). Created by Wonko The Sane. Cheese Box; This box (named for the type of box the lirst one was found in) turns your home phone into a pay phone. It cm be used together with a Red Box to make free calls. Created by Otho Radix (?}. Chrome Box. A portable self-contained device to manipulate traffic signals. Not a phreak box Created by Remote Control Date; June 14 1988. Clear Box. This box works on 11 post -pay " pay phones (a kind of payphone that could he found in Canada and in rural United Slates). hi other words, those phones that don’t require payment until after the connection has been e&tebfvshed. If you don't deposit money, you can't speak to the person at the oilier end, because your mouthpiece is cut off - hut not your earpiece. (Yes, you can make free culls to the weather, etc. from such phones.) With this box the user is able to speak to the other person for free. The clear box thus "clears" up the problem of not being heard. Author: Mr Trench of 2600. Originally published hi the July 1984 issue of 2600 . Cold Box. Usage unknown. Cited in the Blotto Box document. Created by The Traveler, Con Box (aka Conference Box) [similar to Brown Box. Party Box. Three Box). This box al- lows you to connect two lines in your house to g i ve Th rec-Way t y pe sc r v ice. c real mg a party line. (Conference Box) (expanded name for the Con Box). See Con Box. Copper Box. Uses cross- talk feedback to try to ' damage sensitive equipment of a phone company. More a method than a real box. Conceived bv The Cypher. Year I486, Crimson Box (sometimes misspelled as Chrirmon Box) [ similar to Green Box (2), Orange Box, Hold Box. Hold On Box, White Box (2). Ycl- low Box 0)1 This box is a very simple device that will allow you to pul someone on hold or make your phone busy with a large amount of ease. You 11 ip a switch and the person can't hear you talking. Rip it back and everything is peachy. U doesn’t have a LTD to show when hold mode is on. Cre- ated by Or. O-Code. Year. 1985. Dark Box. Multi-Purpose Network Manipula- tion Unit This box’s basic design allows you to call any where on earth without fear of being billed or traced. Created by Cablecast Operator of the Dark Side Research Group. Year: 1987. (Day-Glo Box I {aka Day do Box ) [similar to Beige Box] This box lets you place calls for free With no time limit, no possibility of a wiretap, and the culls can be placed from anywhere in the world. Conceptualized by John F. Kennedy. Divert! Box. Cited in the B lotto Box docu- ment. Probably used to divert u phone call. Cre- ated hy The Traveler. Dior Box , Cal Receive on two lines with the option to conference them. By The Park Lords of Chaos: Prowler. Apprentice. Pro Hack, Zeus, Tarkmelh. Blacksioke, Lazer. Date: October. 3 1988. DMA Box. Not actually a box hut a project of die Outlaw Telecom mandos to hack cellular phones in the early era of those devices ( 1989). Is- sued in February 1989. (Extended Bad Box ) (another name for the Acrylic Box). See Aery tie Box. fuzz This box duplicates the tones of coins dropping down the phone chute, thereby al- lowing the user to place calls without paying for them. Gold Box [similar to X-GokJ Box]. When you put a gold box on two phone lines it lets anyone who calls one of the lines call can on the other So when the phone company traces the line it will tell them that you're calling from the line you hooked the gold box up to. By Dr. Revenge, cosysop of Modem Madness (5 lb). Grab Box. This box uses inductive coupling to join with any radio that uses a coil for an antenna (such as an AM. longwave, or shortwave radio) and allows you to lengthen it considerably Not a p break box. This kind of box can be commonly Found in an electronic shop. By Shadow spawn. Green Box. This box generates tones for Coin Collection in Return, and Ringbaek U must be used by the CALI TP party, (Green Box (2)j | similar to Crimson Box. Or- ange Box, Hold Box, Hold On Box, White Box (2), Yello w Bo x ( 2 ) j , A h old hu tt on , S ee Cri m son Box. (Gray Box) (another name for the Silver Box). Sec Silver Box {Hold Boxj [similar to Crimson Box, Green I Box r2). Orange Box, Hold On Box. White Box (2), Yellow Box (2)]. A hold button. Sec Crimson Box, / Hold On Box} [similar to Crimson Box, Green Box ( 2). Orange Box. Hold Box. White Box (2). Yellow Box (2)|. A hold button. See Crimson Box. Infinity Box ( sometimes misspelled as Inliity Box). When the plume number of a tele phone con- taining an infinity box device is dialed and a cer- tain note is blown into the phone from a Hohner Key of C harmonica, the bugged phone does not ring and, what's more, enables the caller to then hear everything said in the room that the phone is located in. As long as the caller wants to stay on (he phone, all is open to him or her. If the phone is , lifted off vhe book, the transmitter is disconnected and the "bugged’ 1 party receives a dial tone as if nothing was wrong with the line Description by Iron Man of The Crack Shop From the original Spring 2002 Page 17 '“Infinity Transmitter" hy Manny Mi tile man. In-Use Light Box, A device that signals whether or not an extension of a particular phone line is off-hook. It does mtl indicate whether or not a phone is being tapped, and will light whenever any extension is picked up. By The Night Owl AE. Jack Box. A device to generate tones created starling from a phone keypad. Jolly Box . Software written in 8086 assembly which generates several phone tones i "Multi-Fre- q tien / -Demon- Dialer for Global Access"). Code by Jolly Roger. Updated by Zaphod Beeblebrox of Control Team. Date: probably 1993 or earlier. (Light Box ) (another name for the Charging Box). See Charging Box I M ud Box . Makes your voice louder over the phone line. Especially meant foi use in conference calls. Designed, written and built by Mr. Bill. Lunch Box (aka Tap Box), The Lunch Box is a very simple transmitter used for eavesdropping. It is quite small and cm easily be put in a number of places, Created by Dr. D-Code Magenta Box. When you call up line one from your house, you will gel a dial tone almost imme- diately. Using DTML you can dial anywhere that the person who owns line two has service to. Which means you can direct dial Alliance, Aus- tralia, and your favorite BBS far free. Designed by Street f ighter. Magenta Box (2), A portable ringing generator which, if connected to a phone me, will make the phone on the end of it ring. It works by using a re- lay as a vibrator to generate AC which is then stepped up by a transformer and led through a ca- pacitor into the phone line to make the phone ring. Mauve Box . Generates a magnetic held to lap the nearest phone conversation (somehow similar to Tempest, the system to tap video screens). Cre- ated by Captain Generic with help from The Ge- netic Mishap. Date: November, 24 1986- 19:08. Meeko Box. A multi-purpose box with the fol- lowing features; It is able to record telephone con- versations with excellent quality. It is able to play 8 source directly into rhe phone line. It can keep die phone line open. You can box without using a phone, and headphones {requires a modem). De- signed by Meeko of Hi-ReS UK. Year: 1994, Mega Box. A cable re router to hook up a sec- ond line in youi house. Modu Box (aka Modu] a Box), A second phone plug attached to an existing one. Designed by Magnus Adept . (Modulo Box) (expanded name for the Modu Box). See Moduki Box. (Music Box] [similar to Pink Box < 2)1* It s ba- sically a Pink Box (2) without the LED. See Pink Box (2). Created by Aluminium Gerbul. Mute Box. This box lets the user receive long distance calls without being detected, Neon Box (aka Record-o-Box) (erroneously used as an alias tor the Bias! Box li) |simr!ar to Sound Blaster Box, Rock Box, Slug Box], A de- vice that adds a normal jack interface to a tele- phone, allowing the sending of music or tones into the phone line, or the recording of conversations using the microphone input of a recorder. This kind of box can be common! v found in a phone shop, Noise Box [similar to the Scarlet Box], It is a device you can attach to a victim’s phone line so that an abnormal amount ot noise will be present on the line at all times, which would make data transmissions almost impossible and voice com- munications annoying, to say the least. By Doctor Dissector of Phortune 500, (Obnoxious Box) (another name for die Char- treuse Box). See Chartreuse Box. Olive Box . An alternative ring lor your phone with a light that a ho flashes when the phone rings. By Arnold, sysop of Hobbit Hole AE (HHAE) East Branch, (Opaque Box ) (another name for the Brown Box). .See Brown Box. / Orange Box / fsimiia r it > C e i m son B o \ , G ree n Box (2). Hold Box, Hold On Box. White Box (2k Yellow Box (2 )1, A hold button See Crimson Box. Paisley Box. A multipurpose box that com- bines the functions of several boxes, including blue, beige, and blotto. Among other things can seize operator lines and remotely control all TSPS and TOPS consoles, By Blade of the Neon I ■ tic ken Knights. Pandora Box „ A device that generates a high intensity sound to produce pain. A similar device (usually called "phasor") is commonly sold in se- curity shops for personal defense. By Du Rat of Rat Labs, S.F., C A. Year: 1986. (Party Box] | similar to Brown Box, Three Box, Con Box |. This box allows free I hree-Way calling, connects two phone conversations at once* without any static or excess wiring, or even having two phone lines. Created by Grey haw ke of The Dark Knights {TDK), Pearl Box f similar to Pearl Box 2 - Advanced Pearl Box]. This is a box that may substitute for many boxes which produce tones in hertz, The Pearl Box when operated correctly can produce tones from 1 -9999Hz, As you can see, 2600, 1633* 1336, and other crucial tones are obviously in its sound spectrum (yet you’d need two Pearl Boxes to generate combined tones, such as the ones of the dial pad), Created bv Dr, (3-Code. Year: before 1989. / Pearl Box 2 - Advanced Pearl Box] {similar to Pearl Boxj. A Pearl Box made in an easier and cheaper way. Created and Tested by D (spate r. Date: July 1 1989. Pink Box. Allows you to hook two separate phone lines together to have Three-Way calling with hold on either line, as well as bringing a dial tone into the conversation with someone and al- lowing them to dial the number with touch tones so il will connect Three-Way, When they hang up, ii wilt disconnect Three-Way calling. No more Page IS 2600 Magazine need to play with the hook for Three-Way. Pink Box ( 2 ) [similar to Music Box]. The function of a "Pink Box is to add hold button that allows music or anything else to be played into the telephone while the. person is on hold. This ruodifi cation can either be done right in the telephone or as a separate box. This kind of box can be com- monly found in a phone shop, Plaid Box . Turns a pulse phone line into a touch phone capable line. (Portable Gray Box) (another name for the Gray Box;, See Portable Silver Box. Portable Silver Box (aka Portable Gray Boxy A bmteries -operated Silver Box that can lit in a pocket for use in payphones or wherever. By The Phone Phantom. (Power Box] f similar to I ron Box], The power bos is a simple device that will allow you to com- pletely bypass the meter- reading equipment of the power company l( works by connecting the power line running into your house directly instead of through (he meter {which records electricity usage tor tb e r uu thor. By KiLLg Ore fmu t [BUI ,gc ] . — Over the years, wo ve managed to get a lot of eorpora- ^ ons ' agencies, and entire governments very angry at as A for the things we print in the magazine or the web site. Ife become dit’licult for us to keep track of all the legal threats we've gotten , So we decided to stick it ah on a u shirt so nobody would forget. I . ^ I The from of the shirt is a graphical image of our eon- linuing ride through the streets of Corporate America. EggfW i JyAhl t 7- mi const ant I v ait rac ting the attention of enforcement agen- ^cies of all sorts. On the back you'll find a conceit tour =••• ^ l 1 --- >tvlc listing of the various legal threats and lawsuits we've faced. Gel yours soon before we have to add more •w TV':. , \ _ ^ ' T J \ * | i h reals and make the print smaller! Order through our online store at store. 2600. eom or send $18 (US $22 overseas) to 2600. PO Box 752. Middle Island, NY 1 1953 USA. Indicate your size (L, XL. XXL) - m — T Page 20 2600 Magazine by Captain B The principal and construction of this box is quite simple. You’ re modifying a phone handsel cord for use as a line cord. All you will need for making this is a wire culler (or wire cm ter/s trip- le n and modular crimp tool Radio Shack sells both, bm you can also find the modular crimp tool at other places that sell phones and phone acces- sories. Radio Shack sells two different modular crimp tools. The only difference is that the cheaper one ($9.99) has no wire cutter and only crimps RJ1 L 14, and 25 (one. two, and three line) modular plugs. Hie more expensive one ($29*99) has a built in wire cutter and also crimps plugs on RJ45 [four line) modular plugs. As long as you have a wire cutter, you don't need to drop $30 on ihe more expensive crimp rook It should l>e noted that some phone handsel cords have four conductors inside, while others have two But unless you’re going to use a two line phone, the cord won't need to have more than two conductors. Take a phone handset cord and look first at (lie hide wires in the plug to observe for the color scheme f thus making note of the cor- rect polarity ). Then cm off that handset cord plug. You could do both at once, but you might lose track of the correct polarity. To simplify, do one end of the cord at a lime. Try to cut off the plug as close as possible with where it connects to the cord. Take a [wo line (RJJ4) modular line cord plug and crimp it on the handset cord facing the same way as the previous handsel cord was. (In other words, if the tittle spring clip on the handset cord was facing down, crimp the line cord plug on facing the same way as that was.) To crimp, first push the line cord plug over the end of the handset cord as mentioned, then insert that end of the handsel cord into the modular crimp tool properly, and squeeze the handles together firmly until it stops {which is quite fast). Sec the instruc- tions that came with the modular crimp tool if you need more help. After crimping a line cord plug on one end oi flic handset cord, you have only to repeat the same process for the other end of the handset cord and you're done- If you messed up on the polarity at either end. it should still work, but keeping po- larity correct is the right way. As long as you're eaircftt ! , and work patiently, it’s a piece of cake. I think the bungee box is great for beige box- ing purposes, because when phreaking out in the held, you don't want a tangled mess of lifte cord to have to disconnect and qore away when you have to get out of the scene in a hurry. It should be mentioned that another way to accomplish this is to use a retractable line cord. It comes in its own circular ease. These can be bought either from Radio Shack for $19.99 or Home I tepol for about SI 5. i he one from Radio Shack is 12 feet long, the one from Home Depot is 16 feet long {according to the packages). Have plum, AU credit for the name of this box goes to icOn nfLPH. A( long last, our documentary film "Freedom Downtime" is available on videotape. This is. the story of ! | ihe Free Kevin movement, our trip across the United States to talk to people involved in the Kevin Mri- niek affair, and our attempts to Tjjpeople behind a major motion pic- fdsotit ps spreadvlies II h ^ -JW9 H ML* I about Kevin to moviegoers every- TwMBMl*"- where. VHS NTSC format, 121 minutes.^ Order through bur online store at store.2600.com or send $20 (US $23 overseas) to 2600, PO Rox 752. Middle Island. MV 1 1953 USA- Takedown Spring 2002 Page 21 by Acidus CampusWide is the mostly widely used card access system in America today, It sadly is the least secure, CampusWide is an ID card sdhmorr- originajly created by AT&T and now owned by Blackboard. U is an ID card that can he used to purchase things from vending /laundry machines or the college bookstore just like a debt card. It's used to check out books from libraries, open com- puter bibs and buildings at night, gain access to parking decks, and even get you into sporting events. The CampusWide system gives everyone a card that Sets them access both unattended and at- tended card readers and Points of Sale. All these actions and transactions are sent to a central server which stores all the information in a database A confirm or deny signal is sent back so the card reader Back in the day (last ten years), there were two major card systems available to colleges: AT&T's CampusWide system (also known as Optijn900O) and (college's Envision. Envision was one of the first card systems ever made. The seeds of the cur- rent Envision system go all the way back to 1984 with a company called Special Teams. The original engineers from Special Teams went through sev- eral companies, each one being bought by another company every year for several years, before they came to leol lege, AT&T saw the market for card systems and jumped into [he mix as well stealing some of the ideas behind the system by hiring de- velopers of Envision away from [college. They re- leased a system known as CampusWide, It is commonly called Opt ini 9000 or OneCard, how- ever I will continue to call it by its most well known name, CampusWide So why do you need to know all this history? Because the core of all modem card systems is based entirely on 1984 technology! The original engineers from Special Team and people trained in their ideas have been the only people in the country designing and build- ing these things. That means that the weaknesses in the reader/server infrastructure that 1 point put here are found in every card system made in the United States in the last 15 years! By the mid to late 90 's CampusWide held the largest market share Then in November 2000 P a newly formed company called Blackboard purchased both Fin vi- sion and CampusWide. It sells both systems under the names Envision and Optim90QG, Blackboard's first order of business was to upgrade the two sys- tems to use newer technology, only to learn that they couldn't! Too many colleges and even busi- nesses had I he older equipment and Blackboard couldn’t afford to drop compatibility! They have tried to merge older and newer technology in an at- tempt to improve security i with the addition ot II 1 converters y, but in truth, they have weakened an already frail system. T he Campu sWide system is the most prevalent, and my to spot. The readers are black metal or plastic, almost alt have an LCD screen, and they have no writing on them except for the AT&T logo with the word AT&T" under it The newer Black- board ones work exactly the same as the AT&T ones, only they have Blackboard written on them. Information on (he CampusWide system was very hard to find. I started lot? king right after AT&T sold it when they were clearing out their old web pages and Blackboard was still creating their web pages. Needless to say, AT&T had much better documentation of the specs ol the system than Blackboard does. Sadly, all of it is off AT&T's page now and you’ll have to hurry to still find it cached on Google. Luckily I saved everything, and should post it up soon. The Server Thu CampusWide system is recommended to run on Hi *9000 machines, though any RISC p roe ess n i will do. h only runs on HP-UX (Black hoard currently installs ver I Lx). The AT&T sys- tem had a list of specs that the end users had to have to support ihe software. These included the above, but also a four gig capacity Digital Audio Tape and a UPS (hat could keep the system up for 20 minutes (Blackboard's newer specs suggest a Best Fcrrups 1 .8 KVA battery that can go for 45 minutes). More interestingly, the CampusWide system is required to have a 9600 bps modem for remote diagnostics, i he system itself consists of two pans: The Application Processor (Alb and the Network Processor (NP). The Application Proces- sor is ihe back end of Campus Wide, the part the users never see. It manages ihe database where all the information is s lored and provides an interface for human operators to look at logs and run re ports, as well as change c on I tgurat ion/ privileges and transaction s/account maintenance. The NP is the gateway from the infrastructure to the AP. Er lakes in (he requests from readers around campus, converts the mode of communications into com- mands the AP can understand, and then passes it. along. AT&T CampusWide could support up 60 communication lines and 1000 card readers. The new Blackboard system allows up to 3072 readers. The Database Alt the information about a student or em- ployee isn't stored on the card for security reasons, it’s stored in the database (the card simply has an account number which is used to organize the data in the database). The database used by the current Blackboard system fa db Vista. The database for the Page 22 2600 Magazine AT&T version was never advertised by AT&T bui was believed to be Informix. However* based on the modular design of CmupukWkie, 1 believe any SQL queried relational database should work. The database is most likely not encrypted or protected ut any way otba than by isolation. The only way to get to it is either at the console of the APor by the commands sent from card readers that have al- ready passed through vhe NP Blackboard's as- sumption that these two ways of reaching the AP are secure is one of the system's downfalls. The database can store up to 9,999 different accounts* each account having many different holds. The balance the person has and the doors he can open are included in the system. The balance will be a lloatine point number* and the doors the person can open will most likely be a string of characters, with the bits being used to tell which doors he can or can t open The doors are most likely grouped into /ones* so that the five doors into a building have one bit instead of five separate hits saying whether the person can open those doors or not. This idea is upheld by Lhe fact that Blackboard says the users are given plans and they can be up- dated regarding their access to buildings. These plans grant different levels of security access to a building. Lower levels can get into the building through all the exits, the next level can access labs on a certain Moor. etc. Without direct inspection of the database, only educated guesses can be made about its structure. (I have totally left out any pro- visions for checking out hoofed and other things lhe card can do, ) The Workstations Tlie AP was interfaced originally by the AT&T system only at the server console, or through dumb terminals connected to 19.200 bps serial lines. To- ward the end of the AT&T days and now with Blackboard changes to someone's security privi- leges can be made from any workstation on cam- pus. I watched ibis process several times. A certain software package was used to connect through TCP/IP to the AP. ( I saw lhe name once* briefly, and for some reason 1 thought it wa s Osiris. Checking on this name has turned up no results. Perhaps this is a proprietary piece of software spe- cific to m> college* or simple a closely guarded software package from Blackboard.) A GUT was used to select my name from a list of students, A summary of my security privileges then came up. and the ability to add and remove these was there as well. This GUI was incredibly user friendly* as ihe man udng it had nil computer knowledge. I i ' nly got to watch a few people having new secu- rely privileges activated, and never got to use it myself* so 1 have no way of knowing if the debt balance can be aceessed/c hanged from this GUI. The Card The ID cards that are used are your standard \.NSI C’R-KO mag stripe cards. JThcy arc made of PVC and are 2J25 by 3.375 inches. They are made on site at ihe college \ "card station." and normally have a photo ID on them. A 300 dpi photo printer is used and the company recom- mended by B lack board is Polaroid (just like the printers at the DM V ) The magnetic stripe on the card is a Standard American Banker Association (ABA) Track 2. Any card reader/capture tool can read these cards. The cards are encoded on high Coercivity stripes (known as HiCo), which are very resistance to wear and tear. These cards only use Track 2 of the card which is read only. It is in- teresting that they don't use Track 3 which is read/write. Track 2 > s information breakdown is as follows: Sum Sentinel = / charm u>r Pri nm ry A t Ct tank N unite r = up U > 1 9 t ha ra t ti- rs Separator = / character Country Ct rde - 3 rha mete rs Expiration Date or Separator -- f or 4 characters Junk data -fids the card up to 40 characters IJiC ( Longitudinal Redundant \ Check = ( char- acter As you can see, most of this applies to banks. However, the account number I have stamped on my Campus Wide card is lb characters long* so the Primary Account number held is known to be used. < TmpusWidc also vTlows for lottl cards. IV a card is lost, an entry is made in that person’s table ill the database* the last digit of the account num- ber is increased by one (this is called the check digit - so of the ]6 digit account number 1 have, ihe first 15 digits are my number; the 16th digit is Lhe check digit). The old card that uses the old check digit is deactivated and a new card is printed. The Infrastructure The infrastructure is a security through obscu- ri t y " pi oy o f t b e sy st em . C > r i gi n a lly lhe s y s le n i Was designed to run over several RS- 485 drop lines. (These are the 60 communication lines mentioned before ) RS-485 is a very robust means of trails mining data. (The whole Campus Wide system is designed to take a beating.) Unlike RS-232, which has a protocol built into the standard that says how devices must talk to each other (stop bus, baud, handshaking* etc*}, RS-485 has none of that. It a Way for a master device dial sits at the end of a communication line to talk to slave devices that are daisy chained on the line. The Campus Wide system uses the full duplex version of RS-485 where slaves can speak to the master before the master polls them for data. (Campus Wide needs Mbs ro have the sub-seconds Limes they advertise. Spring 2002 Page 23 However, the NP still polls all the readers on a reg- ular basis and ean be interrupted by a reader when a transaction comes in.) The data lines are very ro- bust against noise and interference. RS-485 has two lines in each direction, called A and B. Data is sent by having a difference an the voltage of A and B of more than five volts. This mean that if you have a signal being sent and A is at 10 volts, B is at 15, and a power spike comes along, the spike will boost both voltages by the power of the spike. However, the difference between the higher power A and B will still he five volts and the data is not corrupted. Over short distances, speeds of 10Mbit can be achieved, f low even the longer the cable is, the lower Lite speed. All Cam pus Wide card readers operate at 9600 bps, thus making the maximum distance of the RS-485 drop line 4KX) feet at that speed. This can be extended through the use of re- peaters and boosters on the iine. RS-485 is very common in the industry, but secure" at a college since it is unlikely anyone would have a means of interfacing to it. Commercial RS-485 to RS-232 converters are available and prices range from $50 to a few hundred, V t IDL designs of these converts can be found on the Internet, and thus an FPGA could be configured to decode RS-485 signals. While researching I came across a post from some- one claiming to be a field tech for some company. He said that you could make an RS-485 to RS-232 converter very easily bv w iring: RS-232 Xmii =* RS-485 RX RS-232 Rvcd = RS-485 TX No one posted after him to say he was wrong. 1 don’t know if it would work, since the second wire of the pair of RS-485 data lines isn’t even men- tioned, and it's the difference between these two lines that sends the data. Also, the possibility of high voltage on an RS-485 line could easily dam age a serial port on a computer, if not fry the moth- erboard. Also, this assumes the data scheme used to transmit data on the 485 line is identical to RS- 232. Phis doesn't have to be true, since the way data is represented ( m packets, streams, stop bits, parity, etc.) is not defined by RS-485. It you could get to the data streams, you have no idea what the scheme used to represent it is, and thus how to de- code it. This last problem however, is moot, as you will read in the Exploits section, AT&T would recommend that these lines be used (indeed all the readers can only transmit their data iii RS-485 mode), however the data can travel over any facility from telephone lines to radio waves, provided that full duplex 9600 bps asyn- chronous communication can occur on them. The NP is the part of the system that would sort all this out. AT&T did however specifically say that using an existing Ethernet or computer network was not a good idea, as it sent I he data out into the wild, and would slow down both the Campus Wide sys- tem and the existing computer network. However, Blackboard now offers an IP converter This de- vice is a simple computer (it has a Pentium class processor and a standard off the shelf NIC Card) that takes in 16 different RS-485 devices, converts all their communications into TCP/IP packets, and encrypts them to send over the network. The NP (hen has a converter at its end that converts the packet back lo RS-485 format. The IP converter is assigned an IP address which is most likely a static address. The IP converter also most likely has a daemon on it you can telnet into lo look at the sta- tus and perhaps change configuration info. Black- board says l he data from these boxes is encrypted and die box certainly has the power to crunch some numbers. 3 iowever, I have found that if en eryptton is good, then companies will brag that about the key length, etc. The only data Black- board gives about the encryption is that the keys can be changed automatically at any interval from the AP. For the longest time at my college if an off- campus food joint wanted to have the student he able to use their school cards to pay for food, they had to pay For an expensive leased line that con- nected them to the school. It's my guess that this was the RS-485 line or something similar. Re- cently (in the last six months) my college offered cheap ( less than $300) boxes to nearby pizza joints that would allow lor payment w ith a school card. These boxes were simply card readers with modems installed, much like a credit card valida- tor. These modems are dialing the NP directly! Major security risk ! The infrastructure ends up like this. All the de- vices in a building send their lines into one place in the budding. This is where multiplexers exist which split the main RS-485 drop line up into slices tor each reader These multiplexers also can boost the power of the main drop line, letting it travel longer distances. They can be stored in a locked networking closet or in these big metal cab- inets on the wall of a room. AT&T called these MW/MHWMKNC - Wall Mount Enclosures. This metal box has a handle and a lock, but the front of the handle and lock assembly has four Mat head screws. J used a cheap metal knife and opened ihis locked box Inside I found the LCM (Laundry Center Multiplexes) that controlled the laundry room 1 was in. Everything had "AT&T Cam- pus Wide Access Solution” written on it. as well as lots of Motorola chips. Sadly, this was early in my investigation, and 1 haven't gone hack to look again. The drop lines coming to the building can be traced back ail the way to the building that houses the NP There the NP interfaces with the AP to op prove or deny transactions. The Readers Every reader imaginable is available to a col- lege from Blackboard. Laundry readers, vending machine readers, Point ol Sale (PCS) terminals in the campus bookstore, door readers, elevators, copiers, football game attendance, everything!!! All of the readers communicate using RS- 485 lines, and if any other medium is used bet ween the reader and the NP {such as TCP/IP networking by Page 24 2600 Magazine way of the IP converter), ii must be converted back to RS-4K5 at the NP S since all CampusWide uses that standard Everything is back wands compati- ble. The majority of my college campus has AT&T readers on them, though a lew new Blackboard readers are showing op. Readers can he broken into three categories: security, self vending, and POS. Security readers are made of high density plas- tic and consist of a vertical swipe slot and two LEDs They are green when they are not locked and reel when they are. When you swipe, a card to open a door you are cleared for, the light will change to green for around 10 seconds. If the door has not been opened in that time, it locks again. To allow for handicapped people who may not be able to get to the door vw tinvt. a pices imity sensor is available to receive signals from a key source to open the door. Information about vvhai frequencies are used to control the door are obviously not pub- lished by either AT&T of Blackboard. There is also a model ol door reader with both a swipe and a 0-9 keypad for codes. \ have encountered no such model and have no idea how it works. Advanced forms of these three security readers are available which have the ability to have a local database of 4,000 (expandable to 1 6,000) account numbers stored in NVRAM. This way if for some reason the card reader canT reach the NP to confirm someone's identity, then the reader can check its local records. The tricky bastards also built the readers so there is no visible difference between a reader that can’t reach the N P and one that can. The self vending machines are the most color- ful group They are the best to hack because they arc unattended and work 24/7. They vary in size Spring 2002 and shape, but all have several fundamental fea- tures. They all have an LCD screen of some kind. I he most common being 2\I6 characters . Most arc mounted to walks and the povver/data lines are pro- tected by metal conduit. Coke readers are mounted on a Coke machine where the dollar bill acceptor would go. Of this group one stands out: the Value Transfer station! Unlike the GUI at the worksta- tions * this reader can direct to query about the ac- count balance of the cardholder and add money to it as well (by feeding in dollar bills like a change mac h i ne ) . In add i ti on, it di spe n se s te m porary P VC cards that can be credited, so people can do laun- dry, etc. if they forget their card. This means that this station can leh the AP to create a new account and give it x number of dollars! Final!) there arc the POS devices, A student would never get to use these, they are used in cafeterias and bookstores. They allow for payment by the student ID card and several other options. All these readers have inherent similarities. Most are made from high impact plastic or metal. If ii 3 s wall mounted, there will he metal conduit running out of the top which holds the power and data lines. All have their program code on ROM/NV-RAM chips. 1 once managed to power down a card reader for :i copier. When I turned it back on, it ran through several self tests in the span of a few seconds. I vaw messages on the LCD that said things like "ROM ver" and CRC check com- plete," AT&T and now Blackboard say all the read- ers, including POS, wdl power up to full operating status without any user input in a maximum of 20 seconds. All of these readers can store swipes of cards and transactions in their local NV RAM until it can reach the NK and through it, the AP to con- firm the transaction While disconnected front the NP, the readers show no warning lights or anything like that. Some readers, such as the security read- ers, can be wired to a UPS to keep areas secure even w hen the power goes out. A Simple Transaction Let s run through a simple transaction. I am at a laundry reader, I tell the reader with a key pad which washer I want to use. Let's say 1 choose t 4. 1 then swipe my card. The reader sends a signal that contains the account number bind she amount of my purchase and most likely nothing more) to the NP through some medium (most likely it's a straight R5-4S5 line, but an IP converter could be installed by the university). The NP decodes the data out of the RS-485 line and parses it into com- mand 1 - the APcan understand. The \P uses the ac- count number to pull up my account and checks the balance against the amount requested. It then either deducts the money from my account and tells Ihe NPto send an OK signal, or to send a deny signal along with the new balance of my account, The jN P forwards the reply back to the reader, and the reader (if it got an OK signal) sends an elec- tronic pulse to the coin tester inside the washer C4 and tell it that $.50 was received. The washer is re- tarded for all it knows [ put $.50 m it with coins. Page 25 and it gives me a load. The Exploits Did you see the problem with the above scenar- ios? There are several ways to cheat the system. It ] can record the its OK Lo sell it to him' 1 signal from the NP to the reader and play it to the reader again. I will get another load of wash. Also, if I could get to the wires that go from the Coke reader to inside the Coke machine that send the coin pulses, 1 can make the Coke machine think money has been paid, I have looked at Coke machines with these Coke readers. Out ihe back of them they have an RJ 1 1 jack (though it will have RS-4H5 sig- nals on it). All 1 need is a converter and ll laptop and I can trap the signals back and forth between the reader and the NP. You don’t even need to know what the data scheme used on the RS-485 line is, just send to the reader what you intercepted front the NP and it w ilt work. It is even easier if the traffic takes place over a TCP/IP network. If I learn the IP address of the IP converter. 1 can sim- ply send packets to it from anywhere in the world (provided 1 can telnet into the college's TCP/IP network) that contain the RS-485 code to spit out a Coke! You can fool door readers as well if you can get to the wires that go from the reader to the mag- net holding the door shut. Just send the correct pulses, this system is horribly insecure because you can completely bypass the Campus Wide inter- face: The Value Transfer Stations are even worse. They have the ability to make the AP create a new account and set a starling balance of any amount. Just gain access Lo the RS-485 lines, record the traffic to and from the NP while you are getting a temporary card, and you have the system to create and alter debt accounts. With a system like this, you would think that the RS-485 lines would be protected with massive security. They aren't. Metal conduit protecting the lines commonly stops at the hanging ceiling. Value Transfer Stations routinely have their bac k s acces- sible from janitor or utility closets, which are rarely locked The 485 line literally comes out of the back of a coke machine unprotected. The flexi- ble piping that carries the coin w r ires from the laun dry reader to the washer are secured to the back of the washer with flat head screws. It is pathetically unprotected. T he phone numbers the modems dial from off campus eateries are easily socially engi- neered out of the minimum wage workers there, and they let you dial directly to the NP. Or you could simply find the range of telephone numbers of the building that the card system is housed in and wardtal it The AP is required by Blackboard to have a modem for diagnostics. You could steal a copy of the GUI of a computer and then edit peo- ple’s privileges to your heart’s content. And even worse, the Envision system is exactly the same as Cam pus Wide, except it uses a Windows NT/2000 machine using Oracle as its database. Every flaw- 1 1 mentioned will work against Envision as well. Hell, both systems even use the same readers! And there is no fear of having any of your actions logged. Once you trap the RS-485 signals from the NP to She reader, just play it back to the reader whenever. The A P never knows you are doing any- thing and thus doesn't log it, and the reader as- sumes that any data it gets must be secure. Now tell me this. The next rime you swipe a Cam- pus Wide card to get into a football game, how do you know' someone isn't trapping the data and cre- ating a copy of your account onto a card from a hacked Value Iran sic r Station? Hopefully this arti- cle will force Blackboard to change to a more se- cure system. Thank m to Jitn at Blackboard for ail the techni- cal info , and various websites like rs485.com, google, coni k cached webpages, and how stuff - works, com. Exchange Carriers). The "Incumbents" are the guys who were around since before the breakup ot AT&T, while the "Competi fives'' are the new guys on the block who are supposed to help keep the old guys "honest" and force them to keep raLcs competitive. The guys who carry your conversa- tions as a long distance call are IXC’s (IntereX- ehange Carriers). As an old "phone phreak." it s almost embar- rassing that I should have to admit that my "day job" is that of a Directory Assistance (DA) opera- tor for a major Long Distance Carrier ilXCk It Page 26 2600 Magazine doesn't matter which one because 1 don I really work for them anyway. In these modern days of deregulation, I work for a third-parly outfit that is hired to provide the DA service cheaper than they can do the job in-house. 1 hat's because I live in one of the numerous "Right-To-Work" Mules in the nation's sun-belt, and get paid pittance. One of the major embarrassments of my job happens when someone calls for the local phone company - not just in a small town, hut even in major cities! The phone company never puts itself in the directory so it can he found! And of course, i only handle While Pages. If the caller doesn't know the name of the telco. I’ m not allowed (by FCC tariff, I’m (old) 10 provide a Yellow Pages' 1 search. I keep threatening to fake some vacation time to visit die reading room of (he FCC m Washington some lime and look this stuff up. but 1 really can’i afford the trip (see comment on Vl K ight F i Wor k " st at e abo ve i , Since I cover a number ol states in my job. I gel to look at the listings of a number of major TEC's. Verizon will have Verizon Wireless” list- ings for every hamlet and burg in the nation - but try to bad a number tov residential land -line ser- vice that an out of suite caller can ring up to see about the problem with Aunt Minnie s account back home, and I'm up against the tariff asking Do you I' now the name of the phone company in i hat area 7 Even when I break down and suggest that Verizon as the primary local carrier in Boston, or Amen tech in Chicago flipping lhai this isn’t one of the calls being 'monitored for Quality As- surance"), jusl what number am 1 supposed to supply? Deregulation began in 198-6 wash the Modified Final Judgment. Here l am in the next century wondering what I'm supposed to tell a customer who's on their third call to Directory Assistance looking to gel a phone account squared away! People call in w ith the most compelling stories about how their elderly aunt back home in Chicago or Boston can't deal with their phone company any more, and they need to call and take care of the charges. Or somebody in (he Rust Belt up north is trying to reach the telco of their winter home in the South to deal with a problem on their bill. It isn’t that I've got the time to stop and listen (n their stories, it’s shat I can't shut them up while Lr> i n g i j > scare h t he m a n y ree u rre nee s of l he D i - rectory Sales Office numbers while trying to find a listing for an out of ^tate. caller to call. The l rick here is that she phone companies have all their information about contacting them packed in the front pages of (heir local telephone directories. In over 15 years of deregulation, it hasn’t occurred to most of them to advertise in their own Yellow Pages under "Telephone Com- panies" or to put in as big a listing in the White Pag es as their HI ectri c Cr >m pa r \ y uLilit y bre 1 1 i ren the ones they keep passing in the halls of the Pub- lic Service Commission offices but never need to talk to. Keep in mind that the telephone book pub- lishing arm of those same phone companies have been "spun -off so the right hand really doesn't know what the left hand is doing because it isn't its own left hand any more! The other problem is when callers call am of state DA at N PA-555-12 12 ( N PA is "Numbering Plan Area.' 1 the telcos in-house term for Area Codes A the White Pages listings are nevet dear us to where an out-of-state caller should call about discussing a bill. Actually. 1 should compliment BellSouth here. They actually do have a specific number for ou\-oCs\att callers to dud. Let me i ell you why. The number in most BellSouth states to reach the telco for residential customers is 7H1J-2355 (78U-BELLk It’s always u local number wherever vou call from, and if you live in an area that has » 4 10-digit dialing, you have to use your area code in front of thai number to get there. The number is never good from out of state, but most of my col- leagues" in the Call Center don'i know this and give ii out - causing much frustration when the culler calls back to complain and gel a good num- ber. It’s a toll free number, and clearly marked "out of state" but most callers don’t want the "loll Free Number Runaround ." They want a "direct number." then gel the recording that the number hi the 780 exchange is not valid So how does a telco go about changing the listings m tile directory database lhai I (and my 600 friends in my call center) use every day? Do what we tell people who call wondering why their number isn’t in our directory: "Call your Local Phone Company, and make sure they have your listing correct. Our information is updated from the information lhai they provide lo ns." So there it is. Get with it. you telcos! Get your act together and pretend you're "jusl another American company." Even vou need to check Vour company's telephone book listings once in a while, M ike sure your customers can find you when they call Directory Assistance, whether they’re in town or across the country - jusl like every other company has to. Otherwise, your cus- tomers will go to that CL EC across town. Usually, they can be found in the Phone. Book! Spring 2002 Page 2 7 Regrettably, we left out the source for two uLilitiu^ that went along with last issue's amde iwi the Inferno operating sys tern We apologize for the omission and include them below: - logon .h - ■ # c logon port of wm/Iogon to the command line M p Ju3 a \{ da I in <8> S wbt met i # http: // w w s 1 w bt net/ ’dihai implement dogon: include "sys,m"; sys: Sys; include 'draw.m include ■ r sh,m p1 ; include "newris.ni". e logon: module i ini r: fn{ ni 1 : rdf l w --errch: ■1 (err I - nil) j sys- svs--- s>s--= nil: cmd-dnbl m3, argv): \ i logon* user: string); inf ( userdir := 7usr/"+u.ser: i f{ sy s- 0 ) j sys-(|) ( sys-cprinU "hi led m write /dev/user with error: (; -f r\ti ' > , return 0: } return 1 . stden }: ref Sys*4: tj+-h| iffn — 1 ) pwbu IT = array of by (e "password'; iff n — 2) p whuff = array of by I g uid; iffn =- 3) pwbu 17 = array of byte fceyring^sha(p whuff. keynng-^SKAdieri, pwbuffX nil); tempi ;= string pwbuffZ; temp A : string pw.pw; i ft temp A — tempt >1 fjmshcpwbiift’i; ] H if not. try (he dictionary tortdentry ;= r ‘" ; ;)( den try = dfdgeUfV); iffdentrv = ml) break ; iffdentryflen dentiy- 1 \ =- An' if heh:^ (huh. mlt - str-csplitlCdentry, "m"); dentrv = heh; I Y p whuff - array til byre dentry; key nng- y.s- \n"): exit; 1 usage* ) < sy#-pre se tit\ th c pet tple !v \ \ ishes . Been it se our go i e rn - went and our corporations are virtually one and the same, consul nets simply don't have the power they should have. If we ever succeed it: pulling them apart, we mti\ have a chance. Thanks for the inspiration Dear 2600: I just got back from a major electronics store known as "Fry’s Electronics” and [ got in some serious trouble. I donT have my own transportation so [ have to ride the bus all around town. When 1 was in this store, f pulled out my bus book to know what time the neat bus would come by. In doing this I had to open my book bag that goes everywhere with me that had some back issues of 2600 in it. Minutes later this guy asked tue to show him what was inside my bag (since he saw me going, through it), I told him sure, why not. He opened my bag and behold - ten issues of 2600 . He said he was going to gel security to escort me out. ] asked why He said it was for hacking the store com- puters. 3 told him it wasn't true and that all they had w ere computers running winxp with no online access. Ho claimed that he saw me doing it I asked him it we could go down to the tech bench to talk to someone who, knew what a hacker was. He agreed. We talked to the department manager who said and I quote; "Please leave the kid id one. There is no way he was doing any thing bad to ihe computers," About ten minutes later the manager said, "So kid. how is the MPA A lawsuit going, huh V avatar For cast's that dot Ft end so well, it's important to know that in many places searching someone \ hag in this way is illegal and van open the establishment up to legal action. Higher Education Dear2^|.‘ ^ ^ I am in high school right now and on our school computers there is a program installed tfijfi censors the Internet. The Program is 'Gear 31" and it’s made by In- terne! Content Management Software, I was wonder- ing if anyone knew anything about the program and some possible loopholes in it. A7th The w ord is out. Dear 2600; Noi myself being a person to exceed the bounds of i he law (I try to adhere to a strict moral code], I had a briet skirmish with the authorities of my high school which, thankfully* did not advance very far along tire disciplinary lines, I would like to know the opinion of some other computer users. The school runs Novell Netware and i idiotically) diil not turn off the feature that allows users to send messages to each other. During a typing class I was forced to take, my lingers roamed across the keyboard a nd 1 began to look around the system, ! realized that the system was allowing rne to modify anything and that I could send messages to another user. After school. :ii a later date, i sent a message to another classmate in another room. A classmate nex< to me alerted the librarian that I was "using the computer for bad stuff/' The librarian became red in the face and pulled '.ve to the principal’ s office. She informed she principal that i was crashing the network, I found this to be a ludicrous charge against me but didn’t contest tt, seeing as how u would upset the situation. I got off with absolutely no penalty except that all the computer teachers vs ill be looking over my shoulder from now on. My quest tori is whether or not sending a message to another user is a great offense. St Mike The great offense is doing something that the peo- ple in charge didn 't understand. Unfortunately, in most Page 30 2600 Magazine high schools. that applies to plm< >si ativfhing that hap- pens after the power is turned on. Help Wanted I )ear 2600: 1 want to lea rtf hriw to hack' in such a bad way it male's me sick! ! have die hunger for the information and a lot oi tune on my hands, i don’t know how to even key, in to stall my hacker education,. what books to buy* vyhat pro jgs or tools to get. I just picked up your mag in ,i hook store ami couldn’t believe it Fpalfy an* ■ ■.vers ui sohte type ot ftdpj J was certain . 1 Canyon guys a i teas! point me in the right direction ' By the way. you guys rtfekf Mingus We gel about a dozen of these inters every' day. So rot isider yourself honored that sours nm selected completely at random. There art a couple oj things that have to in understood, f irst, relatively feyc people are hackers , even though quite a few cither wont to he or walk around saying they are. Most of who! cons to f ides hits kit tg i s t it e \ v hole p n mess t tj figuring th ings ■mi. \V7idifc we ran offer rips and suggestions on spe- cific applications of technology, tec Cannot tell von how it) think, That's some thing you either develop on sour own or run. if yott keep ad open mind and. don > sh\ away from activities which most would view, as a complete waste of time, von 're off to a good start, And learning a Utile history is always a wise move ■ there are plenty of online resources in addition to our tnayti- zint which document she milestones of our t ommmmv I)car26^; Hey I need some help on finding some credit card and pin numbers so if you can help i m do this HI do you a favor so hook me up.... Asbigasscx^aoLcStii ( 'on side r yourself hooked up. We get hundreds of these requests every week most always as a res ids of some My media repose on iwwkcry. fu iE. weird way. the media seems to he creating these people - they go on the air and print stories saying that hackers go around stealing things and then the people who go atmnul dealing things sec this and shin calling themselves hackers. Perhaps we should come up with some choice definitions of media so that everyone equates them n ith liars U*ar im \ ; i think my gill friend hast been cheating on me and I wanted to know il I could gel Iter password to Hotmail and AOL. I am so desperate to find out. Any help would !>e appreciated* Thanks. HSFk2 And this is vet another popular category of fetter uc yet. You say any help would be appreciated? Let 's find out if that's true. Do you think someone who is cheating on you might also he capable of having a mailbox you don 't know about? Do you think that even if vo a amid get into (he mailbox she uses that she would he discussing her deception there, especially if u'c live in a world where Hotmail and AOL pass words r ire so easily obtained? Finally, would you feel heller if you invaded her privacy and found out that she was hang totally honest wish you',' Whatever problems are goirtg on in this relationship are not going to he sol ved with subterfuge. If yon can 't communicate openly, there's not much there to salvage. Corrupting Youth Dear 2600: l just want to start by saying that I totally agree with the first sentence of JohnG54429's letter in your fall issue It is grciiL what you're doing for Today’s youth. All that I’ve seen you print in your magazine is tl ec truth and it it causes more American youth i like mysdO " tftdosc morale for this great country." then so be i\\ Wm\ they won’t have blind leva by to a conn try without knowing the truth. And may be once more people realize this, we can all help to change the gov- ernment .so il will once again he someth mg we Can hi* proud of. e\_chrOnos Miscellaneous Info Dear 2hUlt: Just a heads up that the final build of Windows XP home edit i on version 5 i 2600 h:o incidence?) default install does n i have any firewall protection enabled. Ail attacker will have access to s u ch services as smtp, ft p . and neihins serv te e.s. To enable your fircwal I e heck me ix>x ’Protect my computer w ith firewall" in the ad vanced tab under the Connection Properties dialog box. 1 can i believe Microsoft didn r inform the user about This option as the average computer user has no worries about Internet security Also. I he investigation of Enron will be done w ith a program called Ej tCase. Ibis computer forensics program enables someone to view- data alter it is dele l ed fro m t he most popi i f a r oj ie rati ng sy m c r c u i - ready in use. The web site htlp://w ww.guidance&oft- warC.eomyiitml/index.htnd allows you to request a demo disk Don't spoil il for everyone by ordering 20,1 >00 o f t heni overnig ht ! I f you know nf anyone who has die lull version of this, declare them your best friend and see il they’ll burn ya a copy because it’ll cost ya $2,500 r -d&solUteii Dear 2600: Please check nut these important sources of critical inform at ion! http: // 1>3 i > | ec tc en s< ) ret ! org http:// www. copvc i a. Corn h ftp: //ww w . i n dy me dia, o rg http: f/il i sek rsureprt rject.o eg Empty Set Dear 2600: When 1 first was interested in programming, I dici- n’ I want u> invest any money before 1 knew for sure what it wax all about. 1 was saved by a great language called Python. Python is an interpreter; which means it executes the source one tine at a lime instead of mm mg it into machine Uriigtiage. Python is fljs£ ubject-orj- entedt a near necessity for any modern language. But perhaps the most appealing faidi about python is that it Spring 2002 Page 2 l is free! The syntax of Python is remarkably dear, yel n May* powerful and com pelt Live, h has plenty of docu- mentation all over the web and is a great language lot beginners and experts alike. The article isn’t much bui in my opinion Python deserves a whole lot more respect. Fed free to edit a: d add 0:11 to this article. I just want a free t-shirt or 26(H) e-mail Raleigh f ross U v rather dear that \s what you want. It 'v time once again tit clarify run policy. Letters arc not articles! And articles: should not i)c written far the sole purpose of getting fret staff, it’s screamingly ob\ ions when they are. Dear 2600: 1 am writing in response to dmitry kostyuk's letter in your 1H:4 issue. Me was asking for a program to convert Microsoft Word files into HTML tiles. Mi - Crosolt Word can save as an HTML tile, Fo do this go to File- Save As. Click on the pull down menu labeled "Save as Type", select HTML, Type in a file name and hit Save, Also. I have not seen the specs on Microsoft’s ■doc Uittov However, iv ; ,s v^ed outside of Microsoft . Sun Microsystems makes a free program called Star Office which is capable of using Word files. Hope this helps. Rev ;munt Dear 2600: 1 just got m> copy of 18:4 and was pleasantly sur- prised iii >,ee the letter by No Name" on the @homc Malm. 1 agree, the information he'^ given out is not much lo hide one’s name or handle over. The Matrix dots not, in fact, allow you to access someone’s com- puter direct ly. The Matrix works in a tier system. The higher the tier, the more access you have. Some of the higher tier accessing staff never both- ered to log out afterwards. They were: matrix- users, m aj ordo mo * M atm [You bic , ani La J ohsti ton , agen tile, bart_. connors, hmartone, brutkow.sk i, clow cry, DHen- nie. Thirell_Mo.se tuy T fschmidL happ legate, jbrenuan, jsapienza, jtrccce. Irohinson. rsimmons, rsuIJivat^ shill, .1 1 7726458 1 . t wright. and j grove. The Matrix was located at 24/257.21)7.77, hut un- fortunately it was taken down permanently as of Feb- ruary 28th, 2002. However, the greatness of this system should not be forgotten and any who wish to learn more about it may wish to go to bttpjTrnvln x .home ,n elidoc i M' atm 6 r pdf and read the i r Matrix User's Guide. Doodle Unfortunately with the demise of @home> this ad- dn'ss is no longer valid . ff we find a mirror, well pass it along. Dear 2600: You may Of may not already know this bin I haven’t seen it in your magazine or elsewhere. The British anarchist band Chuinbawamba put a remix of heir song "Pass It Along" on their web page a while ago ft features sound clips from MctuIJica. !)r„ Ore, and f-.niuiem. gll appearing without permission. Better yeu h. has excerpts from Jello Biafhrs H2K keynote speech. You can download the song and read their press release concerning it at: hEip://wwwxhumba.- corn/_passi talon gditm . On a side note, General Motors bought the rights hi use this same song (the album version, not the remix) in their recent Pontiac commercials. Appar- ently. C’humhawamhu turned around and donated hall of that money to Corp Watch, who plans on using the money to document the Asocial and environmental im- pacts of GM itself. 1 ' The other half went to Indy Media. Chumbawamba has a very in teres ting political past. Among other things, a member once dumped a bucket of water on Great Britain's Deputy Prime Minister John Prescott Ibr his handling of a dock worker s' strike. fTs good lo know that a (relatively) mainstream hand is this potiticatty conscious. 1 love your magazine and hope you can prevail in your current and future endeavors. Good luck to you. Random Juhatus Answers Needed Dear 2600: I'm just curious to know if your magazine has u in ini mum f maxi mum length requirement for article submissions. Let me know-. Kick Olson aka fluffy .4.' indicated above, something extraordinarily short will probably he looked at as a tetter: Articles should he ay i/t -depth as possible without being overly wordy. Since we wind up editing anyway ; it's best to give us as much info as you urn rather than too little. So there are no formal requirements either way - just go with your instincts Dear 2600: I may excuse you because of the September II th terrorist attacks but 1 sent you four photographs of payphones (bv mail) and 1 don’t have my free sub- scription. I also sent an e-mail to letters® 2bfl0.com and the only thing L got was an automated answer. "Thank you blablabla,...’ 1 Maybe sending to all of your addresses may work, fhank you for being so commu- nicative, Johnny First off we have always been way too bus y to re - spand to each and even piece aj mail we get. Most people and certainly most magazines simply ami ten do this . Second, we're quite clear on our web page that you wiJJ get a free subscription if your payphone pho- tos are printed. You seem to think that just by sending us photos you qualify. That's not how it works. Third , the automated answer von got from the letters e-mail address explains that personal replies area ) possible. Why you then eh ose to enter into an extended dialogue with an automated reply function is something people who do have time on their hands nntv choose to pon- der, Finally, all you succeed in doing by flooding us with annoying mail is to he labeled os someone worthy of being ig no red altogether. Dear 2600: When exactly do you plan on releasing Freedom Downtime ? It’s been about a year already since it was completed. You could at least release it on VHS; the Page .12 2600 Magazine medium really doesn't matter haux tVeVe wanted to release it more than any* me has wanted So tee it so we imdcrstand the frustration. H4 j needed to makt sure we a we red the legal bases with re yards to the musk we used since stung us has he- come corporals \merica > latest sport. But we 1 re happy to sa\ that these hurdles arc he hind us and sou \hould find ordering info in this issue and on our web siu Par now it's in VHS format. We expect to have a DVD version same lime jfs fht\ftth}rc. Dear 2600 : \ would like to contribute some money to the DeCSS appeal legal dele rise fund, Please let me know how to do so. Dill Boyle The Efenrcmh Frontier Fmmdaikm covered the fa gut expenses for that eon . Yon can donate to them at www.e.ffarg or bv writing to LI F 454 Showed Street, San Francisco, CA 94110-19! 4, I lear 2600 ; I attend a meeting of security administrators at my office every other month. In your recent issue, there are two articles that 3 would like to photocopy and give out at dus meeting to give Other attendees a better un- derstanding of what information is readily available to people try ing to break into systems and why you must keep patches current and lock down the server. What would be the proper way to get permission IVom you to c opy these articles and give them out in the meeting? Anti- Chris! its amazing to us that people at fiutllv think they have to da this. This constitutes personal ;iu ■ vow have cveiy right to use excerpts of a publication in such a manner without asking permission Dear 2600: My father passed away Inst year. ? ^fortunately he used my name and social security number nt the past. Now I don’t have a good credit report; and I need help. Can you help me? I am the father of two baby girls and I would like to buy a house one day. top Assuming you don't want to continue the family tradition and simply use vour kids ' SiSfls, vau need to ■ ha.tr yota name. You seem to hr under die impression that h tickers go around wiping people 's credit reports ot i : renting new identities. Of the relatively fox win/ do know how to easily da such things, hardly tin \ would ever do it for hire. And n-e don't talk to them. So the first step is for you to stop a* tiny like you -e guilty oj a crime. Unless xou arc tWc still won) he aide to help you hut we'd at least respect your hon- esty, ) if if happened the way you said it did , there are it -ays of dealing with it. Check with the Socfut' Security Administration and the various credit bureaus and teU us what they say, If you Ye forthcoming with (hem and dan I do anything stupid like ask people to help you get hike . /edit, you at least have a t hance of setting things tight. And even if then doesn’t work „ there arc other channels which cun give van a voice. Dear 2M0: I've been reading 2600 for. well, most vears t could read and comprehend what was written on the pages of 2600, It comes lime now that 1 have a band and we have been ripping our bra ms out for names to call ourselves arid finally I suggested '2N.H4" My only questions are: Is this legal? Is tins okay with the writ- er s/ed i l or s o f m y favorite zinc? I know 2600 is onl y a degree of megahertz used in phreaking. but it is a name trademarked by you. 3^ this all right? 1 >rew it's hertz, not megahertz.. While it's it very nice themghi, we wmiltinV be entirely comfortable with a hand going around with that mime. What would hap pen if you became really big and your music started to suck? People would forever tissue kite the name "2600' with corporate fork and ice V/ probably wind up gening sued by the giant record nmqxiny that signed you. Imagine (he irony. But seriously, we have no say in this . You can call yourself whatever von wat i f 1 Vt ' d he hoj ip ie > ; th t nigh , if it n ere a refer v uk v t ■ t >f some sort rather than the entire name. Af ter all, there Is always the chant e that we 're going to quit this pub- lishing thing and turn into musician ■> one day, Dear 2600: While flipping through my recently purchased I S:4 1 noticed something odd. Some of the pages were blank 1 How ever will I build my wooden computer since pages 22-2? are missing J Mow- will 1 know the outcome of the 'Right Click Suppression" article with- out page 19? i will not be able to Harness the Air wives? m page Its wots dvxs blank. In addition. 35. 3 irk 39, and 42 were also blank. 1 hope this is just a case of a misprinting and not a larger conspiracy by someone to keep the information from reaching the masses. If it was indeed just a misprinting, could the pages listed be sen or posted somewhere so that we could read the rest or the articles that were to have been printed on these pages? SuperGuldft if you ha a. such a printing defect in this or any Is- sue. send it in to us and we'll not ontx send you a re placement, but an extra issue as well for your tnmbh . Dear 2600; Just curious - do you have information stored away in random pictures on 2b00.com ■' Sfegdetecl reported thai a few jpgs from your site have information stored with jphide. However I have been unable to crack them to determine if this is true...* Ciiin D ear 2600; At my law studies class this morning, we had a guest speaker. Je was a Secret Service agem He popped in a tape that explained to us what the Secret Service was and why we wanted to be in it. In a couple of scenes, they showed either your website or maga- zine. i can'! remember' what the cover was though, so 1 don’t know how old it was. Anyway, the video was talking about how the SS is very knowledgeable on technological forms of theft, fraud, and hacking and how thetr agents arc highly trained in investigating these things. It showed an agefjjj pullmg up your web- site. Then later, when they Were talking about credit card fraud and other computer crimes, it showed a desk with a computer and a 2600 sitting next to the tammy b loo keyboard. Just thought you'd like to know. Don’t they have li> ask permission Tor that or something? Kaos lord Ft Lauderdale, FL We're not concerned about our covers being used so much as we’re concerned over the context. If they're implying by their use that we’re involved in criminal activity then we have something to talk so them about. UYhv been hearing about this video for some time now - hope fatly one day someone can get us a copy of it. - Complaints E^r2^ The meetings for Orange County are a joke. It’s like a bunch of kids in a pissing contest. These people are making 2600 look sorry’, john smith Let ’s be clear about our meetings and the relation- ■ship between them and the magazine. Our affiliation is 1 1 very loose one hut we do consider she meetings to he representative of what She magazine stands for. That ’s why we have a set of guidelines (available in the meet- ings section of our web pages or by c- moiling meet- ings^ 260Q.com) which sped out what’s acceptable and what isn’t. For example, our meetings are open to the world. 7'hat means inevitably people who don ) re- ady believe in what we stand for will show up, We cam not prevent this. Usually there arc multiple sections at any single meeting - their only common point being the mee ting guidelines. It’s important to remember that no one group of people runs' any meeting. Therefore, to define it as you have means that either von 're paying tinetitkm to the wrong people or the meeting has in fact been subvened by idiots who don’t respect our guidelines. The loner has happened in the past and probably wilt in the future. When we find out (and we most always do), our name comes off it and it becomes just an anonymous group of idiots in a mod on a Fri- day night t Dear 2600 : To she ''hacker" who was on Cool FM 98,5 (in Montreal) on O2/U/02: shut the fuck up! Thanks for idling everyone thai hackers are nothing but simple thieves, I hope vou die in horrible pain! IHrl3z3 There's nothing like an intelligent counterpoint to I move a point. Dear 2600: I am sick of it. J am sick of being labeled a crimi- nal, S am fired of being branded as a menace to society and a threat to order i was 'i Yipping through the TV channels and 1 started watching .some movie. 1| was like Mas Something Super Sp\\ bill anyways all il was was some anti backet propaganda crap that Holly- wood churned out. I am so tired of it,. Wt arc con- stantly being bashed because we are hackers. I hale the common misconceptions of us. If you are a hacker that means all you do is break into people’s e-mail ac counts and write viruses. Even looking a I the dictio- nary is appalling, il says a h acker is a talented amateur user of comp tilers;, specifically one who at- tempts to gain unauthorized access to files in various systems. 11 Thai is just not true. I lackers aren’t evil, we are realty good people. But everyone hates us. Why? Because we get the fallout from people who write viruses and stuff like that, that's why. Because so ami so wrote a virus and the media said he was a hacker, that means all of you hackers are evil. We get pinned with the blame, Il s gelling so bad ihal if you say (he word hack people sort a cringe, like when you say mur- der or something Bui if you try and hide the fact that you're a hacker yens lor them wm, You let the media make you ashamed of who you arc. So be proud to be a hacker, be proud of who and what you are. Binary Burnout Worries n ** r Wm\ n fc i M Have you all had any concern of the U.S. govern- ment freezing your assets due trt "terrorist activity' ?" (Not that hacking is a terroristic activity, but the U.S. Patriot Act of 2001 says it is! ) Mr. Brown Our biggest comfort in that regard is that we don’t have a whole lot of assets in the first place. Actually, that s probably not very comforting at ad. Dear 2600 : Here is something I though everyone might find in- teresting to think about. A few days ago I received a code from a person asking me to crack it. A few days later 1 did and sent him the decrypted message to prove that i had done it. 1 Ire reason he claimed for sending it involved a huge "worldwide underground hacking group." While he seemed to give the feeling that this was something of a rather "elite" group, he mentioned no specifics about it. After sending him the decrypted code he proceeded to tell me that he worked tor a gov- ernment agency in Australia called the AS IQ (Aus- tralian Security Intelligence Organization) and that they were looking for people who could do things like crack codes, hack, and so on. After hearing this I had no desire to continue communication with this person but here is the interesting part. The second step for "joining" was to crack a harder code using a program. Easy, right? Yes, but here is the catch. After doing so they will hack the computer that you used to download the program to look at your hard drive So basically they are looking for hackers and cyberterrorists but at the same time are recruiting hackers. Anyway, once they have hacked your computer (and this is govern- ment! !!), they will use your computer as their personal proxy. So if they are tracing a eyberterrorist and the cyberterrortst is smart enough to figure out he is being traced, he will send u trace hack. At this point it would lead to the AS I Os "proxy," in this ease my computer. So let’s think about this. Now ii looks like my com- puter is tracing them and the cyherterrorists go after this computer. Why would anyone in his or her rig hi mind let this happen ? Hope this gives everyone some- thing in think about, 3-C oni Oh it does. Like perhaps you 've confused your computer with \ our TV set. Page 34 2600 Magazine Dear 2600 : As if Carnivore wasn’t bad enough, now we have the government stealing out encryption keys to read l he encrypted lilt's that we have every right to keep pn- v at e Hi i s st i m wj re km jw n as Mag i e Lun te i n ' ap par- L’nily installs a key logger on a target computer to grab the pass phrase used when pgp hinds. Our individual rights are continually being violated by this Cyber Knight" project that encompasses Carnivore and Magic Lantern. You gotta wonder what else they have up their sleeve. I say we hold public protests. More people need to he informed about this. Silent hi addition, when someone finally finds this thing on their system, let ns know so we can print on article ‘•n how it. j deter I it. In fan, we suspect the re ore people , wtiwly -.trying to get if for just such a purpose. Ideas \ tear 2600 : I am working on a project right now you may find l>T interest. 1 heard of a neat device called a Telezapper which would not only automatically disconnect tele- marketers hut because of the disconnection their soft- ware removes you from their database. 1 looked into the device and what ii does is send out a Lone (discon- nect pulse) In their switching equipment, father than spend S40 to buy this device, 1 had the idea of using my modem and sound card to generate the signal, so all you need ss a bit of software and cable. Once 1 gel this working and if no one has done this before, would you be interested in an article? Dr war We'd certainly like to know more. We know of no such 'disconnect pulse ' that could he used to get rid oj any eme, lei atone telemarketers. About the only dung w.e ran imagine ss that this device pin vs the three tones i -otnnitm.lv heard before an intercept recording which might tnuk r their auto-dialers assume it's not a valid number. Ii V Hole more than wishful th Inking that this means pu number would be purged from the database. This could re suit in t j titer ca Us ben ig lost as wadi Hut most importantly, paying 50 bucks to have these lanes played would be a hit of a seam, to sa\ the least. We had (t better smite (assuming you don't want to pick up any culls that dm ft display culler ID J is offered by many local phone cent) pomes m a fraction of ihe east. * oilers who don ' t transmit culler ID arc prompted to sas their mimes. The called party's phone then rings with rhat person's name and they run either accept the ■ dl tti that point or refect it (or eotnpleiely ignore if), fidema renters who don ‘i identify themselves never ■ l yn ring yom phone. More Politics Wear 26W I am a long time newsstand buyer of your maga- zine, which I’ve always found to be highly informative in its anil les, v bile the letters of a political bent lend toward a naivete that strikingly contrasts the technical opiusticatipn of contributors. Keep up the tight for the ights of individuals to use technology. Unfortunately, v oil seem to suffer from a similar naivete as your read- ers when ii comes to other technologies, like guns. Firearms are simply a Icchno logy, like any red box, laptop, modem, network card, ( apfalri Crunch Ring, or computer programming language. They, like any technology, can be used to enhance or detrac t from in- dividual liberty depending on the user, their intentions, and their actions. Thus, like any technology, (i rearms are morally neutral, inanimate objects, .hist as a hacker could potentially ruin the life of any individual 01 - group of individuals in the world via identity theft or other malicious abuses, any person possessing a dreamt can similarly potentially ruin the lives of oth- ers. it is the actual actions of ihe individual wielding technology that determines actual results, as you have so rightly staled so many times in the past with regards in various computer techno todies. You should be at least as consistent when it comes to other technolo- gies, like guns, as well. Mike ‘retro man* Lorrey Hi'iv always advocated the responsible use of any tool dr technology and that its the user of these who hears ultimate responsibility for their nse/mixuse, We hid ic i v 1 1 h i Is and te i hnolog \ tin > t t ii ret t i\ fos ter eom- immication. education, and the flirt he rams of free speech should be made as widely available as possi- ble. This has always been our push ion. One s imply cannot think of tools with obviously lethal functions in the same miy, however. To do so is she height of irre- sponsibility. Dear 2600: In I K;3, I was reading your response to a Canadian on page 31-32, and you guys mentioned something abo u ill ic Can ad i a 1 1 e tec f i on s v sre m aw ard mg c he w i n - ner to the person who received the most votes. This is probably a good thing. However, the Electoral College in the U.S. does serve a purpose, and lhat is to make i! harder for the states that are more populated to wield power over the states with lesser population, thus mak- ing it harder for a presidential candidate to win Ihe of- fice of President, Now. I do not think that Dubya should have won the presidency (1 voted for Ralph Nader, and nearly persuaded my mother to do so on the way to the voting booth), but abolishing the Electoral College would give much more power to the East and West Coast (for better or worse), and make it That much easier for ihe majority to force their will on the minority. This is something ihe Framers made espe- cially hard to do, and for a very good reason (Le. slav- ery). I would like to know why you would have the Electoral Colic ge a bo Eish ed . Jon McLaughlin tf imposing the will of the majority over The minor* fi.v is such ls ritrerK, why dm 'i wr see systems fiA<* (hr Electoral College put into place for other elections and refe rend urns * We're certain that we could find an- gry people in sparsely populated regions of every 1 slate who feed the people In the cities unduly influenced mas for governor, senators, representatives, etc, Should nc give these people more mover because there are less of (hern Is this not fit si. another je>rm vj ajfr- mutjyc action which rouses ware harm than food ' Hu; the real proof that the flee timid Coil eye is a failed sys- tem (apart from oil of ihe people in the rest of the world laughing and pointing j Lx in die official numbers Spring 2002 Page 35 for minority candidates. The person who you and many others wound up voting for got, according to she Electoral College, a total of zero votes, I Joes that seen f evert remotely dose to fair? Dear 26(H): E noticed in your response in i 8:3 to the letter un- der the heading "Guns/ 1 you wrote 1 ..oppression from the most jxwverful government in the history of mankind." I just wanted to correct you. The most pow- erful government in the history of mankind in terms of power was probably ancient Rome and* as far as size and possibly even power, the British Empire, Joseph McLeod Tins will quickly devolve into semantics so let V de fine our terms, By "mast powerful" we mean most ca- pable of having a direct influence over all other parts of the world in a very decisive wav r both militarily and legislatively, ft's a frighten big concept regardless of where yew stand politically. Dear 2600 : You do Mr. Conte rio a grave injustice in your let- ters page ( IS, 4). His arguments are the voice of reason - surely’ Look in it like Shis: there's only so much gun crime in i he USA because the criminals can get guns easily. And as Mr. Conierio points out, you usually only have lo show a gun to deter a crime. Naturally, h has to be a bigger gun than ihe criminal has. So i he solution is simple. Encourage everyone to get a bigger gun than the average criminal and carry it with them at all times. This does leave the poorer sec- tions of society more vulnerable (being unable to buy a big gun), but this is all to the good ns it means the criminals will target them, instead of respectable, law- abiding citizens (with money) But I wouldn't stop there 1 Who is to say that adults have more of a i ighv to life than children? And having seen the reports on atrocities in high schools over re- cent years, is n not reasonable to campaign for chil- dren lo be able to defend themselves? Of course they should! "Guns In Schools' can be the campaign slo- gan. With proper i raining (it should be a required sub- ject). most children arc every bit as capable and responsible as an average adult to own and use a gun (well, an average adult after a beer or two, anyway). I mean, if somebody went into a school with a ma- chine that could launch baseball bats faster than the speed of sound at the rate of orte hundred per minute, would you ban baseball bats? 1 think my point is abundantly clear* and I trust I have your full support in this matter, m skz We. not h-ed you shied away from the infants ' right to carry issue. (5b 1 ward, Observations Dear 2600 : l Eyorrowed my friend's copy of Grand Theft Auto 3 for Playstation 2 and he informed me that a guy on o ne of the radi o station s proc I ai med Free Kevin!" So for the next few days when 1 played 1 would set the ra- dio station to "Chatterbox" and after a while ! finally heard it. It was kind of pleasing tu hear the message on such a popular video game. Then when 1 was looking through die booklet fur the game, I noticed they listed guests for 'Chatterbox” in the back. So \ read through and noticed the name "Bernie S," Very nice. noire SK i ar 26(H): Hey guys, great issue. I was walking out of Barnes and Noble at dusk with the magazine (18:3) in my hand looking a! the cover: As I crossed under a light the glare revealed the secret item! The peace sign. I love it. Always keeping us on our toes. Thanks guys. Gustaf Dear 2600: I was signed into MSN Messenger on January l Oth at M;]() Eastern Time, and l go! a Maintenance Alen" dialog box telling me that MSN will go down in five minutes for maintenance. U this happened to everyone, then there i.s obviously some way that you can cull a dialog box on the machine of everyone who is signed into MSN ai the momenL It kind of makes you wonder w hat kind ol oilier events they might be able to initiate. It anyone had a packet sniffer running and caught ihis. or if yon have more information on how this may work, please let us know. p&ykOmantis Dear 2600: I recently moved into a cheap three- story apart- ment building. One day I got curious and started to lake the faceplates off the wall Behind where my phone line came in I discovered not just one wire, hut three! I Jpon further investigation l found that one was for my apartment, with ihe (wo others providing dial lone to the Hour below me and the lloor below diem! 1 (link about how easy it would be to tap into the line, I found a similar configuration for ilie cable television lines. Do you have a phreak for your upstairs neigh- bor? Arc you sure? bluuess More proof of how insecure phone lines really arc, This is very unlikely tv ever change. Dear 2600: I was watching the other day (again) the movie Hackers and something caught my eye on the desk where Kate Acid Bum" Libby is preparing for her "battle" with fellow hacker Dade "Zero Cool/Crash Override" Murphy. Thai is a copy of the magazine 2600. I w onder how many others caughi this. Hernia ei Another appearance occurs when the federal 41 gent is reading "The Hacker Manifesto " in the car. He's holding a copy of our magazine- That piece, how- ever . ; appeared in “Phrack . " pen here : They couldn't figure o’ut how to hold up a copy of an electronic newsletter so they just revised history a hit. Also , check out the subway cor scene as well as the wall in Phan- tom Phreak s mom. Those are original yellow HOPE bumper stickers from l 994 r now worth many thou- sands on E-bay. Dear 2600: I have read before how someone used "sale web" lo Page 36 2600 Magazine gel around school or public firewalls but the problem is sites- like those are always blocked, Hut the one thing they can never block are translator web sites, like Alta Vista, All you have to do is enter the URL and change the language from "whatever" to English, Let's say you select German to English, Et will go through, change all the German words to English, leave fill the English words, and bam! You are at 2600, com ; t ody Beeson We suggest using Chinese to English since there an- enough German words with the same spelling as English ones to make our web sire rather weird to read if you try to ' translate " from Gentian, I tear 2600: v\_j/ IT 1 B Just wanted to let you guys know you're getting some free advertising, I was reading this humorous Fi- at d Fantasy parody when I came across this page showing a character reading 2600 at http;//wwwmiik- I carpo wer.&im/coniic-/05 8 .htm, i hope I’m not getting the author of the comic in any trouble. (No, I’m not him.) DephKonl Dear 2600: l wish this letter had more point to it. but it really doesn't. In the sentence in your Marketplace section of IK :3 and 3 8:4 ( i d presume more of them) under the heading "Only subscribers can advertise in 2600! "you will notice near (he end of the paragraph it says. "In- clude your address label or a photocopy so we know void re a subscriber Send your ad to 2600 Market- place. PO Box 99, Middle Island, NY 1 1953. Include your address label or photocopy." Otherwise, l love the publication. Keep up the good w ork The hidden "peace" symbol in 1 8:3 w as re- al ly near and l never noticed it until othef$;#oi tiled it out later. 4wifitc^07 Well, we never noticed this repeating phrase Until vatt pointed it out so thanks. Its the etui of t&i oversight that \ been occurring since Spring i99&. Dear 2600: In addition to the article I wroie on Black Ice for (he 18:4 is sue of 2600, I would like to mention that ISS has released a patch for users with Windows XP and , J K. There is a hole that will allow "hackers" to execute computer jacking and crashing. Normal stuff. Just i bought l should put that out there since it was not in the original write up. Suicidal Dear 2600: On the Rat Rat e DVD. as an extra, the producer kUid director do candid calls to the actors in the film. They apparently didn't know that the touch tones t\ corded in the conversations can be used to call the aclors! As a friend of mine put it, "Hey. i goi your phone number off of the DVD.., you should have hough: a squirrel!" Phonkud utic A reference lost on anyone who hasn V seen the film. We imagine some actors wound up having to change their numbers after this rather stupid over Dear 2600: We enjoy wearing brown pants and sni fling your magazine on Wednesday evenings while composing music with our Tandy are wearing brown pants' 1W Avocados And this is as strangely haunting os a David Lmch film. The World of Retail Dear 2600 : _ I was in a local bookstore in Sacramento, Cali for- ma thaL 1 know carries your periodical and I decided to check to sec if I had your current issue. I w as surprised to sec a fairly large stack of your magazine hiding be- hind an issue of something or other. Needless to say, 1 already had that issue so [ moved the magazine to un- cover it for other customers. I came to the conclusion thaL it was intentionally covered when 1 returned u week or so later to discover the same situation, 1 don’t know if an employee was doing this or someone else with a strange hobby, but either way I think it’s a terri- ble way to sell magazines. Perhaps you at 2600 should start printing on excessively large paper to increase visibility, I plan to make it a routine to stop at that bookstore to make sure you are kept visible to shop- pers. You’re probably thinking why don't 1 tell the shopkeepers 1 .' Well, it just ain’t my style. The Dude We appreciate all of our readers who took out for this sort of thing. Most of the time the people who hide our magazines area i affiliated with the stores. We sim- ply have a lot of enemies who don V want our views to be heard. Consider it an attack on all of us. Injustice Dear 2600: In response to ''Consequences" published in 18:3, 1 am not sure that everyone is aware of how- bad things have gotten. I think it is horrible that Sklyarov was ar- rested for violating (he DMCA when what was being done promoted the sale of more eBooks. There arc many injustices that have been done to many good people. As far as 1 know. ] am the first person to be ar- rested for performing a port scan in the process of pro- tec tmg a 91 1 system I was put in charge of. A simple port scan now seems to be an offense that (me can be arrested for, While I have been successful at defending myself so far, it is still something that most computer people don’t realize the rest of the world doesn't un- derstand and which therefore must be il legal. Several articles have been written on my case, one by Bill Reilly, who is working on the Elcomsoft (Dmitry Skl- yarov’s employer) case. It can be seen at; http: // w w warn I i n esecuri ty.eom/Commumty_Forum„_d etai 1 .ph p?artic le_id -23, Being the Jtp* to ha ve to de- fend a case of this type I ciut re I ! you ,u is a very diffi- cult task to undertake and I don't wish it on anyone, The devastation to business and family as well as ban k account is iiemendotis^Sftd 1 am not sure that many Spring 2002 Page 37 people u rulers land what is involved. I thank your mag a/ine lor doing a great job on promoting rights and telling some of these stories so that the people know what is going on. Scott Moulton System Specialist and Software Engineer Dear 2600: 1 was working at Bridgestone Firestone Lnforma- don Services during the recall, so I was already biller, file law -.nil again si 2600 is to much... doubt I'll ever drive a Ford again. Found On Road Dead, cute huh? bt Dear 2600 : So r m am in Omaha visiting my girlfriend over the Christmas break. Just before 1 left 1 grabbed a 2600 a i B&N to read on the flight home. I flew into Chicago and had to switch planes. Whenever f fly I ask to sit in emergency exit rows in order to get more leg room. Before takeoff, the flight attendant stopped by to make sure (hut l would agree to perform emergency tasks if needed. t told her it was no problem and continued reading my magazine. I was into reading an article when ! finally realized that we hadn't left the terminal yet. I looked up and u man had come onto the plane from the terminal. S watched him as he came up to me aiid said. 'Sir. I need you to step off I he plane, please bring your things." Confused, I stood up and walked off the plane. Once on the sky-bridge, they informed me that I was going to be ". screened'' again. Before they started I asked why, and they replied, "the flight attendant said you were reading a terrorist pamphlet.' ] w as confused .■if best iind then explained to them that it was u maga- zine about "computers and electronics. They then asked if they could look at it and had to OK it w ith ihe pilots before l was allowed back on the plane. Oh yeah, I had to be "screened"' again as wdl. My guess is that she saw- the article about vulner- abilities' 1 in Passport - ' (regarding the article on Mi- c rosoft \ new .Net Passport stuff]. I understand that wuth all of the recent events that people are more concerned about security, but 1 think there is a place where we need to draw the line. Caus- ing a flight to be delayed for more than an hour over my reading a magazine is not acceptable. Anthony \h Bower Please write buck to us (paper mail wit! get a hu- man's attention a lot faster) with as much specific in- formation on this as possible. When such events m cur we need to hum exactly who is responsible so they con be dealt with as severely as possible. The idea that you can be taken off a plane because some dimwit dnesn ) understand your reading material should he consid- ered an affront to every freethinking person alive . Deal 2600: I can’t believe it! Absolutely outrageous! Rogers has really pissed me oft this lime! I called Rogers’ tech support tor E heir cable Internet and I found out that you aren’t allowed to run w : eb servers while you are con- nected via Rogers Cable. II you do, then apparently you will be found out and they wilt come Lind lake your cable modem away. Gee/,, all 1 wanted to do was run a puny little game server for Unreal Tournament, [he i! tech support guv told me that they scan all of i heir Rogers Cable customers for web servers, I think that this is stupid. Why would Rogers do that? Is (here any way to circumvent tile scans, so that my Unreal Tournament server dream can become a reality ? Johnny Slash Internet access i ia a .table modem Is not true In- ternet access , If 's primarily meant for outgoing traffic, not incoming, such as you would he getting on a web set ver, This is yet another reason to support your local Internet Service Provider win.) vi dl generally not get in vtHtr wwy as to how you choose to use the net. Dear 2600: Re e cut! y ! received a chain letter in my t n box . I he chain letter had a boring poem about two friends who are too busy in life U> speak to each other When one fi- nally decides to visit the other, he turned out to be dead from old age. What this has to do with a chain letter aside from conveying a moral of no use. 1 can't deter- mine The letter had a standard set of instructions. Send this letter to a dozen or so people within three hours of reading or suffer incredible bad luck. I dug up all the e-mail addresses listed uv the e- mail and replied back to them. I quoted Robert Frost. "The Road Less Traveled?' and told them ail to take the road Jess traveled and not forward the chain letter on to a dozen other people to venture on into an end- less tree of useless e-mail. To my surprise, i received several replies from people who could not determine how I knew their e- mail addresses, even though the e-mail i sent io them had the original chain letter within the body, Appar- ent fv. f pissed off a bunch of people making them feet foolish for sending the message to their friends. If you consider it T it’s thinking only about yourself that drives you to ship off an e-mail to all your friends so they can take on the harden of bad luck if they don’t spam oth ers within three hours of reading. To make a long story short, J was supposedly re- ported to some Internet security agencies and told I wasn't aware of the repercussions of my actions. Tell me i don't have the right to free speech, "Nicolai... you don't have the right to free speech," There we have it. Nicolai Dear 2600: ! just wanted to write a quick letter to you guys telling you that 1 e-mailed Ford informing them that I was boycotting (and encouraging everyone i knew io boycott) them due to the legal actions they were taking against 26(Xh I told them that Freedom of speech is probably the most important freedom we have a.s Americans and that I could not accept them taking le- gal actions to prevent said freedom Thanks for the great magazine and website, guys. If you keep writing. E'l! keep reading. S unlist Dear 2600: Why ts it that those in power are so afraid of peo- ple who they see as a threat to that power ? I’m enrolled Page 38 2600 Magazine 'ii a Business Technology course at my high school. Ii s sold ns some super advanced course, hut 1 person illy find it to he a little below my level, so 1 find my- still spending most of my time helping the instructor with little pr oj ec ts on t he s ide. A few wee ks ago we re- placed has school -owned piece of shit computer with a rather nice Pentium III machine we built ourselves. In order to connect to the school network however, we re- quired a co.uple of programs which the system admins refuse to give out. Namely Novell Client software and some program the teachers use lo do attendance and grad ebooks called STL After several work orders were filed in an attempt in get someone From the lech de- partment to come and lake care of this issue for us - each of which was simply ignored - we decided to rake matters into bur own hands. After a couple of hours spent scrolling through every directory on every net- work drive on the school server l access to which his "teacher access" provided - no hacking was required h 1 managed to find copies of both programs needed. We downloaded the software and got our system up and running, Yesterday he was called into a meeting with the Superintendent of Schools and accused of using his class to train hackers He is now teaching a restricted curriculum. They tell him quite specifically What he can and can t teach. Myself and a few other students who hud absolutely nothing to do with the alleged at- tacks now have our computer privileges closely scruti- nized. Wf also have reason to believe that certain individuals in the upper levels of the admin hierarchy have been sabotaging our equipment.. Ultimately what it comes down to is this: the school lech department sees myself and a few other students as a free source o! labor which the school board can lap to do their jobs This threatens their paycheck, so we're on the slid list 1 have three months to go until ] graduate high school and get rid of all ihis bullshit once and for all. Fm bit- mg my tongue and resisting the urge to do some real damage. Why is it that people in power seem to go out of i heir way to threaten, anger, and ultimately push perfectly legitimate hackers to do the kind o:i things that give us a bad rep? I'd have to say that not wanting iu restrict future generations even further is the only reason I haven't done such things yet fust three more months, Ghent Even if you were ihr foM t Jto.i of .sem^rs m ymtr high school, destruction wonldn i he the answer: Nath- mg would make rise morons who antagonize you hap- pier. What's important is for van to reveal their stupidity iti ways that non -technical people van under stand, You've indicated that there is a paper trail which would prove that von attempted to yet help from the tech department and that they ignored you. Ass am - mg you dido) violate any software licenses in doing n hat you did, it should he a snap to prove that you did nothing wrong . Then s no reason why you can't for shot ddn V) continue to help with this after you're gone. Hear 26(H): I was pretty disgusted when u friend of mine told me about a new kids' show that his kids were watch- ing It s called Cyherehase and the URL, is at: In i p://pbskids.org/cyberchase/mcet_b;icker hi ml r He said, "I haven't seen more than two minutes ot it, but the gist of the show is that hackers arc bad. In fact, my kids now call each other ‘hacker' as a put- down." They are planting seeds I tell ya. I like PBS but al- ter seeing this, Fm going to write a short note to the pbskids.org site (unless you have a better contact), just to let them know how I feel about this "toon Just thought Fd pass along this info. Maybe others might want to rethink donations or write a (nice) short note, johnny fulcrum If 's essential that people express their fee lings about this since it's a really unfair < 'ha raclcri Tjltion . Contact your local PBS station as well as PBS, the Corporation for Public Broadcasting, and the Na- tional Science Foundation, aft of whom provide fund- ing. h r ^ had enough to have the evil character he a hacker has for his actual name to be Hacker is a bit much. Dear 2600: I had nothing to do last Monday so I went to a Lee lure given by Janet Reno at my college. 1 was bored, and 1 thought that she might have something intelli- gent to say. After announcing that she was running for governor in Florida and an unconvincing tirade about how we need to "shake up the government .system," Reno stated that "we need to protect our young chil- dren. from the hackers that try to seduce them in chat rooms and prevent hackers living in other countries from stealing funds from America’s banking institu- tions.' After this broad generalization* I was pissed and wrote a question on the paper provided by the proctor nt the assembly. After a slew of questions about health care, the legal system, and even a ques- tion about whether leb Bush was more intelligent than George W, Bush, she neglected to answer "Why are hackers still being criminally prosecuted for pointing out blatant and potentially dangerous security holes in government and business computer networks?" I guess ou r n ati on's po! i t i ci a ns arc sti I ] u n ab 1 e or u nw i ] I ing t o tackle the injustice in our society, Polar Mike She probably watched an episode of ''Cyherehase' 1 right before giving that speech. Children s cartoons are popular with politicians and it explains the level of their intellect. It would be a good idea to keep track of all the stupid things they say about hackers. Dear 2600 : As I am Sure you know, the goddamned SSSCA is still being bandied about. This is basically she com- plete bending over of customers by the RFAA* MPA A, and other lobbying groups. Because Congress is here to represent business, right? This country was started on the premise 11 We hold these truths to be self evident: every corporation has the right to as much profit as possible, regardless of the rights, health, or well being of the citizens of these United States," right? Here is a great website that is trying to fight by sending faxes lo congresspcople: hiLp://\vww,digiEal- coi isu me r,org-/fa JrihtmJ , You con use their letter, mod- ify it, or write yotfr owoi. Please Lake a moment to do this. Maybe we can get some of our rights back for a change. | Continued on p u ^ c 4 8 Spring 2002 Page 39 by Paiikaj A rota mi pankh pirorn pa wa re.efifii An interesting aspect of cable modem tech- nology is the evolution and standardization of the Dam Over Cabt^ervire Interface Specification ( DOC' S f S ) , de ve lof ied by C af S c Tc I ev isi on Labo - ratones, Inc. and approved by the b)icruauon,al Telecommunication Union (ITUJ. The locus of this piece deals with the way ISPs configure DOCS IS -compliant cable modems and is constructed in a fashion that edu- cates the reader on how a cable modem user could potential I v configure their own device. Take very important note* reconfiguring and/or tampering wit It your cable modem not only most likely breaks your terms of service agreement but could potential !y be found illegal in most juris- dictions and would then be punishable by law. If you wish to experiment, prior permission from your cable modem service provider would most certainly be necessary. 1 urge you Lo educate yourself through this writing but not to break the rules, and I urge cable modem service providers to use the information contained in this article to "spoofablc ’ 1 ) MAC address which will be accom- panied by an IP address which is either static or dynamically assigned by the ISP and of course handled in software. However, a feyrffhings most people may not know are: 1 ) Thefcabie modem itself has a hard- ware address arid in IP address on the HFC inter- face and 2} The cable modem itself has another IP address on the CPE interlace. Generally this IP address is 1 92, 1 68. 100. 1 , When you turn your cable modem on. ii uses a primitive TCP/IP stack and DHCP client to re- quest an IP address for the HFC interface. With some ISPs the IP address it will receive will be a Hkx.x.x add re s s . Addi t i onal 1 y , upo n rece i v i n g t he IP address for the HFC interface, it may also re eeive the IP address for the ISP's Trivial File Transfer Protocol (TFTP) server. Upon the mo- dem obtaining the IP address for the TFTP server it will connect to the server, download a configu- ration file. and use that to setup such thing* as downstream and upstream bandwidth caps. Its a rather simple process that usually doesn’t take more than a minute. help better protect their service, 1 have a cable modem myself and I respect my cable company and the law - but 1 also highly value free speech and learning. This article makes the assumption that the read e r h a s prior 1C P/1 P, networking, a nd Li n u x knowledge (although this can theoretically be done on plenty of other OSes). There are certain exceptions to the content of this article and claims are based on a generalization of the DOCS IS - compliant cable modems that exist on the marker today as well as my own testing - and the work of others. How does an ISP configure DOCS IS -com pi i- ant cable modems'? To answer that, one should first take notice of the interfaces on a cable mo- How would one hypothetically configure a ca- ble modem ? To configure a cable modem, the first thing one would have to do is obtain the IP ad- dress of the ISPs TFTP server. For some it mav ■j actually be t he same as the ISP's DHCP server. To find the address one could look at the information provided by the cable modem's mini web server (which exists on some modems such as certain Motorola SurfBoard models and can be accessed via the Ethemel/USB interface IP address, e,g. 192. 168.1 DO. 1, using a standard web browser I, Conversely, if that option isn't available or it the 1 1 I P server information isn’t given via the web server, then one could possibly use an SNMP client to scan the modem for that same informa- tion. dem. One interface connects to the coaxial cable itself . This is the HFC interface. Another is tradi lion ally either Ethernet or USB (or both in some models) which is used to connect the cable mo- dem to the customer's computer (or other network device). This is the CPE interface. As you may al- ready know, the device we connect the cable mo- dem to will have a hard-coded (but still Using this same processes k one would also need to obtain the name of the DOCSIS configu- ration file the modem downloads since TFTP doesn't allow you to list directories and thus a specific filename must be known to be able to download the configuration file. Once you find that out, the next steps are to use a TFTP client to download the configuration file off the ISP's Page 40 2600 Magazine I FTP server and to use a DOCSIS utility to dc- l net mask ' S 5 2 5 5 . 25 5 . 255 . Re p 1 ace vv ilh l he IP address of your ISPs TFT P server of course. If you don't have IP Aliasing built into the kernel or otherwise generally available you could just theo- retically change your IP address to that of the ITTP server for the time being. You will want to ensure you set the nelmask to 255.255,255.255 to avoid unwanted network routes which could cause problems. 4) The next step is to create a static route to your cable modem to ensure you are coming from the spoofed address. Under Linux one could issue the command: route add -host gw again replacing that which is in brackets with the proper values. 5) Once all the preceding setup is complete, one would start their ! FTP and lime server with everything in place and start pinging the cable modem s CFE IP address and then, while that is occurring, reset (he cable modem (or unplug it for a few moments anti plug it back in). If you were able to get Ibis far and you set everything up right, chances are the cable modem will download the configuration file from you, Once this is complete the aliased address can be deleted or the IP address can he set back to DHCP or the static address given by your ISP, Addition- ally. you can stop pinging. You can verify this works via an SNMP query on the CPE interface or by just testing the results of any changes made. Back up! How does this all make sense? The setup is similar to that of how it is set up on an ISP's end. for the most part. The pinging of the cable modem's CPE interface poisons ’ the ARP cache of the cable modem and the resetting of the modem Hushes the cache so the ISP's T1 FP server MAC address (the real one) is flushed out. This process essentially makes the cable modem believe the MAC address of the TFTP server is you rs ins lead t i f that w h i eh be lo ngs to i he ISP's TFTP server which - as far as the cable modern is concerned - makes you the TFTP server it wants. So when it s ready, it w ill connect lo your box and get your configuration file. If you have a detailed enough understanding of TCP/IP this should make sense. If not it's okay, there are plenty of re- sources available to learn more of the fundamen- tals. There are many potential barriers an ISP may and should pul in place to prevent Eh fo procedure from working. Additionally, some cable modems don't allow you to ping the CPE interface until it obtains the TFT P configuration lile. which would essentially prevent the spoofing from working as it will cache the correct MAC address before you can deliver it the wrong one by pinging ii How- ever, for the most part this process tends to work - at leasL for now. 1 hope this article extended your understand- ing of how cable modems work and are config ured - the utilities, servers, and services mentioned in this article are readily available on the web for numerous platforms. Spring 2002 Page 41 by hairhttll hairban@illgotteD.nel In ihc course of a computer security professional's everyday ueh LCHO A G\ " 6) Now t press the enter key. Since the DOS command "PC HO tells your computer to spit back at you what you just entered, it w ill display the control character on your screen But the code you just entered is not a visible character; it is the bell tone code. Instead of " A G" being proudly displayed, one of two things w ill happen. Depend- ing on your system configuration, either your PC speaker will beep (sometimes it will just click on cheap motherboards), or Windows will play the "default beep" sound hie that’s programmed in the system set- tings. In the latter case, Windows simply intercepts the motherboard's heep command and interprets it in- tern ally. Other control characters, include "backspace" linefeed" UtJ). and ,! 'character return' )* So the question is* how big would a text file be that Spring 2002 Page 43 contains every possible Unix/Linux password? Let's figure it out. For all practical purposes, we are going to assume the password can be made of any ASC II character except 0 and 13, and that it can be between zero and eight characters long. So, at the 256 possible characters, we are going to be using 254 of them. Let's make a chart of the possibilities. We know that there’s only one zero-character password, a blank one Now. for each of the remaining combinations, we are going to use Lhe formula 254 A (number of char- acters). This will give the possible combinations ot 254 characters for any given length of password. Number of N umbei of Number of Number of Number of Number of Number of Number of 0 character passwords; 1 character passwords? 2 character passwords: 3 eh arse ter pa ss words : 4 character passwords; 5 character passwords: 6 character passwords : 7 ch aracter pa s s wore s ; 1 254 64,516 16,387, 064 4 , 2 62 , 314,256 1,057,227, 321 1 024 263,535,866, 540,036 63 j 208, 110, 101,284,384 Number of 8 character passwords : 17, 324 , 863, 965, 700, 83 J , 536 TOTAL : 1 7, 393,337, 673,075, 145, 131 Whew! That's a Sotta passwords! But bow much hard disk space will a plain text list of them all take up Well, let’s do more math 3 Let’s assume the password list will be stored on a Windows/ DOS system. This means that every en- try will require a carriage return and linefeed byte to maintain the text file format. ,5n. here’s the formula. Site - l Number of X digit passwords *(X + 2)/ Breakdown: The space needed on the hard drive lo store this set of passwords t in bytes) is equal to the number of password combinations in the set. times the length of each password p us 2 (carnage return and linefeed). Example: There are 254 one-character combinations. So that’s 254 passwords times a length of three. Each password is three characters long because of the one-character size, plus the carriage return and linefeed. Okay, lets form another table. X' ft of Passwords * (Digits + 2 ) - Size in Bytes 0 1 2 3 4 5 # 7 1 254 64,516 16, 387, 064 4,162,314,256 1,057,227,821,024 268,535,866,540,096 68,228,110, 101,184,384 f 0 f 1 f 2 f 3 i 4 t 5 f 6 { 7 L2 J - 2 * 2 ) = 762 + 2 J - 258,064 + 2 } = 81,935,320 + 2 / - 24 , 273 , 035,536 + 2 J * 7,400,594/747,160 +21= 2,148,286,932,320,768 + 2 ' : 613,872,990,910,659,456 8: 17,324,859,965,700,83.3,536 * t 8 + 2 ) = 173, 248, 599,657, 008, 335, 360 TOTAL t 173,864,623,360,502,142,436 So. how big would a Window s/DOS (ext rile that contained every possible Uni>./Linux password be? Looks like 1 73,864.628,360302, 142.436 bytes. Thai s 1 69,789,676.2 Terabytes. Well, this is every possible password ever, but remember I said that 99.9 percent of all passwords only used characters between ASCII codes 32-126? Lets figure this whole thing out again using this see in- stead of the whole shebang. Number of 0 character passwords: Number of 1 character passwords: Number of 2 character passwords: Number of 3 character passwords: Number of 4 character passwords: Number of 5 character passwords: Number of 6 character passwords: Number of 7 character passwords: 1 95 9, 025 657,375 81,450,625 7,737,809,375 7 35,091,890,625 59,833, 729,609,375 Number of 8 character passwords: 6,634,204,312,890,625 Page 44 2600 Magazine V: 4 of Passwords /Digits + 2 ) = Size m Bytes I 0 1 1 i 2 )3 4 f 5 I ^ 7 1 8 1 95 9, 025 857 , 375 81, 450,625 7 ( 137,809,375 735,091 .890,625 69,833, 729,609 , 375 6,614,204,312,890,625 ( 0 t 2 ) = { 1 * 2 3 4 ( 5 ( 6 i 7 \ 8 + f ■f f ■f + 2 2 2 2 ) 2 ) 2 2 2 2 ) = ) - J - ) = ) = ) - 2 285 36,100 4,286,975 488, 703, 750 54,164,665,625 5,880, 735,125,000 628, 503,566,484,375 56, 342,043, 123, 905,250 TOTAL: 66,976,482,088,208,262 So. a plain text Windows/DOS format text tile containing every possible Unix/Linux password for \SC1I characters 32- 126 would be: 66,97 6 ,4 8 2 , OK 8 , 208 , 26 2 bytes which is 65,406.7 Terabytes. Quite □ large file. Perhaps now you can understand why I am forced to laugh when 3 see a program on a web page or BBS that claims to be able to generate a complete password list using the entire ASCi ! alphabet. Sure, the program probably could do it, if it had two million terabytes to work with. And, oh, it would probably take a few decades too. My point being, brute force is a real time-consuming game. It takes raw power that most of as just don't have available. If you need to brute force, then you'll need to get a program that generates the pass- word list as it goes* therefore making the requirement for free hard drive space a little less. While most of you probably knew that a complete password list would he quite a large file, even I was guilty of thinking a 40-gig hard drive would handle the job. By writing this article 1 hope to have opened a few people’s eyes and save you the wasted Lime of trying to accomplish something that is, at best, a bad idea. In conclusion, I have a question* What do you and all the computers you come in contact with all have in common? They both are capable of doing whatever the hell you want. Peace Out, Greetz: sybah , tekniq, radiate, Mr I \ myke&LM I Special Thanks to Windows Calculator J by gOOgle miner gOGgle mi n e r @ f the ri a , com I was sitting in a cybercafe recently, daydream- in' how nice it would be to remotely access these lie. Linux boxen in front of me to hop around the noi anonymously. I gave il a shut. No shell access - ■u meone direful set up these hosts. 1 tried to shod dcr surf die password out of the bored (but helpful) do worker. My eyes were too slow. IT oh! I tried browse / via the browser - no luck. The front ■ "i was impervious. But 1 asked myself if some - ne had set up the "back door" with the same at- tention to detail. 1 surfed to haiismyipaddress.com and got the IP address. 1 i i note of it on my PDA. Back in the lah. 1 I* Ted around. The IP addy turned out to be a DSL muter doing network address translation (NAT) for the cafe's machines. This is a pretty common setup, since it’s cheap and secure if it s set up cor- rectly. Emphasis on the last part of the sentence. gOOg le percipl ex: gOOg / e (205/ re l n et 632228.xxx.xxx Trying 03 . 228. x.\.x .xxx , , . Connected to 63.228..xxx..xxx, Escape character is Flfwpoint/2200 SDSL (AIM ) Router fp2200-32 v33. } Ready Login: Lessee, could that be on a default password list? ! surfed to www.phenoeltt.de/ dpl/dpLhthil (this site is threatened by the DMCA, incidentally) N firing 2002 Page 45 and saw the default immediately: admin (sad, hut true). tfigin:***** Logged in successfully * Now what') i had to figure out a way to do some port redirection so that the Flow point would Forward specific service traffic to the same port on internal, NAT’ed hosts. After some Google (afi)us- age, I did: # dhcp list and saw the IP pool oJ reserved, nun-romeable addresses handed out to the cafe clients upon issu- ing a DHCP request. 1 chose one of the IPs and is- sued the command which would do the port forwarding from the Flow point to this particular internal IP address and port, I chose ftp since it comes enabled on many Linux distros. it rent addServer 192. 168.254. 19 tcp ftp wan ft exit Now 1 tried to connect to the masqueraded host: g ( X)gl e @pe triplex : gOOgl e / 206 / ftp 63.22S.xxx.xxx C Qt meet ed to some, t ybe n :afe. hex t by Chris Byrnes JKAH Communications, LLC http://wwwJEA H .net A few years hack, the government split tap (he monopoly Network Solutions held on the registra- tion market. Now, at (hat lime, they still allowed Network Solutions to control the global registry (the thing I hat all competing registrars report back to so all the data is kept in sync). As you may know, Network Solutions is now owned by VeriSign, Our good friends at Vert Sign not only operate two registrars (registrars.com, and Network Solu- tions k but also this central registry catted VeriSign Global Registry. ’ Lots of domains have been expiring in the last few months as people for get to pay their bills, dot com companies flop, etc. When these domains expire, they are supposed to be deleted within a maximum lime frame of 30 to 45 days. Otherwise the registrar must pay an addi ttonal registry fee to keep the domain active (No registrar will do this if they don't get paid by the client, of course). ThN is all according to the global registry policy. 220 some>ry!nnrufr.hosr FTP sen er ready. Name (seme, cybercafe, hesttgOOgle}. Woohoo ! h worked. From here, 1 could do any number of things which I will leave to your imagi- nation Note that in getting to this point, 1 did not change the Flow point admin password, muck with DM CP leases, or generally cause unwarranted chaos. I also look the time to restore the serv ice to its previous unforwarded state when 1 was fin- ished: ft rem do I Server 192. 168.254. J 9 tep ftp wan If you try this for yourself, remember not to choose telnet as (he forwarded service, or you w ill lose communication w ith the router on subsequent connects, M would also be wise to temporarily turn logging Off prior to exploration of I he Flow point OS: ft system log stop Although this example worked for a cybercafe setting, you will encounter similar setups else- where since many people l ) mist NAT blindly and 2) are too lazy to change default passwords. It should be eus\ to do fhis for Cisco DSL routers as well. Lei ’s do a WHO IS lookup on a domain I know is expired, because I've been trying to register it: skullboeks.com, skull hocks, corn, of course, was (he domain name used in the popular movie An- ti Trust. 11 This domain is registered at Network So- lutions and it says "Record expires on 05-May -200 1." So I contacted VeriSign and asked why ihe domain hasn't been deleted yet. No re- sponse. I spoke w ith an official at a competing registrar who told me, "VeriSign essentially is allowed to break its own rules. It just says that it pays itself the additional registry fee to keep (he domain alive. In all honesty VeriSign could continue to hold onto as many expired domains for however long it warned, and never be breaking the registry rules." ICANN, the non-profit corporation that was formed to assume responsibility tor the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions, has yet to adopt a policy that supersedes the policies put in place by VeriSign in (his matter. Page 46 2600 Magazine by, Javier (X skftss matched with the MAC address in port 18, My j a v i h 3 @ y a h oo. com I iiiTi writing 1 his article because many admins do noi seem to grasp the importance of security- espe- i iitlly "inside" security. Last summer [ moved into ■>omc new apartments here in beautiful west LA. About a month inter we decided to hook up our place with DSL,, so we placed u cal! ami scheduled an ap- pointment, Weeks later we had DSL, As soon as the ■ a hs were done with (he installation, t busted out my I inkS VS switch a ltd a couple more hubs and hooked mv whole place up. First thing 1 did was an IFCON- I IG to yet nn IP info i noticed that we were on a >ltCP based service and that wc were not the only ■ >i k-s. on the same network segment I decided to se- me both of my roommates Windows boxes, uns har- em the drives, setting passwords and permissions for hkw and printers. When all c hai was done I checked my Linux box. 1 was curious to see what else was in our same segment, so I busied out the trusty NMAP ■ ww wnimp.org) scanner and did a: #>nmap nO F*2 168.0/24 > results. That way it would scan the hole network based on a class C address and the re- al I Is from the scan could he saved to the tile "results". V' exfK’cted. 192 .168.1. 1 and 192.168.1,2 were inter- line.. The first one belonged to a Cisco router ansi tin second address belonged to a 3Com sw itch. So 1 did a quick telnet to the switch and didn't gel a prompt So 1 hit the ENTER key twice and burn! I got login prompt. 3 com switches by default have no password set According to the manual, you are sup ■ cd to set one upon installation,,, tsk, tsk. So J typed in Admin" with no password and I got ihe follow ing; i //sir i. min} if} t\ iwiiwrf; !■ nn nptiotto: 3Com SuperStaek 11 Switch 110(1 'hi met Administer Ethernet ports ip Administer IP up Logout o f the Command Line Interface ■~'Ui if j / 1 dmm i s re r SNM P m os n i - Administer system-level functions • fu /or kelp, mwt i too i 1 1 hi ■ menu option; I went to the Ethernet menu tmd checked the sta- ll si ie* on all the pons. Of course they were all set to ill duplex. So ! quickly ran 1FCOMHG again oil my mi pi iter and got my MAC address. That way I ■uld check the tables on the switch and lind out i port I was assigned to. 1 found my MAC ad roommates' MACs also matched port 18, So i went back to the switch and decided to change our port to full duplex. I logged in and typed: > e the met >pt>r i Mode Nc.\l it asked "what port? 1 ll So 1 typed 18 and then u asked to enter a value. Select Ethernet port f 1-26); 18 Enter new mine \ IQkalf lOfttll} { lOfttllf: f entered " lOfuJl" and was sent back to the main menu. ! douhlechecked my work and port 18 was at "10 full". Cool! Next ! would create an account for myself, just in case an act of faith occurs and the ud- mm decides to check his network and devices. Trying to make the account not seem suspicious. I named it "system" and gave full access to it. Before any changes take place you have to reset the switch, which can be done remotely Now by doing some bandwidth tests, 1 sec some improvement on our connections It is not a huge difference since all I did was double the throughput of the port (full duplex doubles the throughput of a link), so the bandwidth and other net work traffic was still the same. 1.1 ut at feast it helps, Now the other IP address < 192. 168.1 l ): I was able hr telnet to the Cisco router and get low level access. Nothing really useful but by running the command: " >shmv version" J can see that it is a Cisco 2600. The only way to get root that I know of requires physical access to the router. Hmm ... 1 guess I can look around my building next lime t take out the trash There are a lot of other security issues with this setup, like the ever famous ‘file and printer sharing" by Microsoft, All I had to do was open up My Network Places" and choose a workgroup (about five exist on my segment), then just see what hosts offered what services, li was really kin da easy to do a "net use x; AlpaddressVeS" on my computer and mount some person \ drive since Windows by default shares \c$ and VI PCS. But I was more interested in the switch and router than snooping around nlher people s drives As admins and enthusiasts, always secure your shit from both sides and never trust ihe users Shout (mis to: Happvdrgn, AlefZZ* Escorpion. Ih- tlesunshyngrl my Enmity and to till my other friends. * Spring 2002 Page 47 Continued from page 3 | 1 wrote my own tetter "Back when I was in high school 1 lead magazines about computers and software. Then I started budding my own computers front pails salvaged from friends* old computers plus whatever I had to bay to put every thing together. "1 would also sometimes * borrow' software which [ cow Ui. not ufU'rvd to purchase , While this was illegal, it is a badly kept secret that this can sometimes greatly help vendors of the most expensive software to have, it widely available to people interested in learning the software. They then go to work for companies which buy hundreds or thousands of copies. In fact, some of the most expensive c restive software es now being given away free to non-business users for exactly this reason. "If 3 hadn' t gotten that experience I wouldn't have the great job and career I have today I am now well paid and therefore have quite a bit of disposable in- come which l ttsc for software, new technology, and entertainment. "On the entertain men t side, there have been dozens of reports showing that Napster actually increased al- bum sales. DVD, which most major studios initially tried to destroy in favor of a horrendous pay -per- watch format, has been the best thing to happen to that indus- try since the V ITS machine (which you may recall they also fought). "Regardless of what i* good for Corporate Amer- ica, for once please concentrate on what is good for the citizenry. There are laws on the books right now which clearly establish the right of a customer to make a copy of an item they’ve purchased for use in another format (ex. for transfer to a more portable system) or as a safeguard against damage ns the original These rights arc being violated by members of the MPA A and espe dally RIAA every single day. yet nothing is done, "I ask that you not only prevent the likes of the SSSCA, but that you look into the continued routine violations of customers' fair- use and other rights, un- fair business practices, and price fixing by the compa- nies supporting SSSCA " — Jeremy M Lang If mo n f yeopl e took t h h kin d of in ft* re st , including v ending tetters iu the mail, making phone calk, rufrf even making appointments to talk wi$i elected offi- cials. ii would definitely make a difference. Since this letter was sent, the SSSCA has hern returned the CB- DTPA {Consumer Broadband and Digital Television Promotion Act}. Keep updated, and spread the won! it '.v really our Only chance^ Corporate Corruption Dear 16(H): \ received a rather interesting mailing today from MCI. The letter, which is attached to a couple of pi as- tic cards, advertises a new service allowing MCI sub- scri tiers to dial home using a toll-free number ( l -8fK)-4H4-b236) and a four digit code Each call costs 35 cents a minute, plus a 26 cent access charge if the number is dialed from a payphone. Interestingly, the card is already Activated and no password is needed - just the four digit code on the card. Now, I got curious about this and dialed the number. When prompted for a code. 1 entered something random and the call began to ring through. Uh oh! This means any- one can dial into tins system and hit random stuff, in- curring charges on unknowing MCI customers' bills. According to MCI "Your [calling cards] are ready to use right away. There's no need to sign up for anything and no extra fee to pay [which, by the way., is not quite true l" 1 don't see much potential for abuse here, un- less you drop the card and some random individual de- cides to call you up repeatedly out of maliciousness - or. as in the previous example, if some asshple just de- cides to go wacko dialing numbers. Neither of these things are likely to happen, I suppose, but i would be willing to hei (ha! every [lumber 0001-9999 rings through to a different individual’s phone line. Mj.sdiaK are bound to happen, and one person's mistakes are conveniently charged directly to another’s bill. Not to mention that the service is a ripoff - the only possible use I can think of for it is if you are at a payphone with no change anil no access to a cashier or an ATM. Using a conventional phone card would be more economical in almost all cases. MCI is essentially charging you ex- tra to dial your own phone number by way of an inse- cure, Hawed proxy system ihai is unnecessary abouL 99 percent of the time. The ad sheet should have read, 'Make long distance prank phone calls - and charge them to someone else’" J*d go for that ( sarcasm I. ~toast66i) To pul this kind of a "feat it re'' 1 on someone 3 phone hue without their permission is, at hr si. extraordinar- ily sleazy on XfCIs part . Dear 2609: In your response to DarkBtayd i 18:4), you stale thai you don't see how it’s possible for Radio Shack to lose money if someone elects not to activate a piece of hardware ihyi they've bought (such as DirecTV). One word; kickbacks, 1 worked for the Canadian arm way back when cell phones first came out. Radio Shack, as well as the competitors, sold cell phones at or below cost. We got a percentage of the money the airtime package cost (usually around $300), I was directed to not sell a phone unless die .customer activated tl in the store before he/she left. One of my cow tinkers "forgot" and was Lanced. vidieOn If it's clearly understood that an item is only for sale if its activated, that's one thing, ft's quite another if it s simply ud verified at a certain price and then alt ■ )j your personal info iy grabbed alike point of sale as a f'condmotC for getting it at that price.. ^ - % Mm <*m» I am writing this letter in order to inform you so you can inform the public. Recently all Comcast & home {around SGOjOfX)) users were transit tinned to conicast.net. Without warning Comcast cut the service levels ©home users were getting in half. They have also created connectivity issues with the poorly executed network and their privacy invading proxies that aren't even i^bfe to be user-disabled. After all this the price is still rising. I pay the same amount for less than half the service. Comcast doesn’t even Cage 48 2600 Magazine I i,i vc a news server set up. Also, i he upload cap they have set m place has made it difficult to even down- '*'dJ simple files. I've gone on below to list w r hy this proxy setup is so bad. ] > Access to IP restricted resources is disrupted. In order io facilitate access to HTTP IP restricted re- -oyi'ct's. 1 must allow the Comcast proxy server to ac- cess these resources. If l allow the Comcast proxy server to access these resources, I inadvertently allow my other users of the proxy server access as well. 2j There is no check and balance on Comcast/ ATT in how they implement the Inktomi Traffic Edge soft- ware or what they do with the information they gather, '■ i even what information they do gather t) Customers were not noli lied of [he change in set vice. 4) The Comcast call center was ignorant and un- i ware ol the change m service. 5i Software which would defeat the intended pur- pose of the proxy server t Virtual Private Networks) is unhidden to be run or implemented by residential 1 omcast customers per t r >f music ions 1 1 >e re . Dear 2600 : It appears Disney is starting young with its brain washing (not that I’m surprised). My girlfriend was llscking through the channels tonight and started to watch this cartoon oil the Disney Channel called "Th e Proud f amity." It featured this young kid in a black trerrehcoat (a Matrix spoof) enticing his young girl- friend to download free music from his website. She complied and then turned into this crazy mu sic -down- loading Ireak. This eventually led to her arrest and be- ing banned from ihe use of her father's computer. Later she was again enticed by her misguided black trench coat- wearing friend (who is obviously Disney's demented impersonation of a hacker) to download mu- sic again. This time, instead of her arrest, she finds at a local CD store that all of the CD s are gone, leaving the store owner broke. Her music downloading is Io blame [of course). Not only is he out of business, but various people are out ol jobs who have nothing to do with the music industry. At the end ol the show she Lulls this oh so evil hacker kid that downloading music is stealing and to go away. Of course the show ends with her getting a great big hug from her mom telling her she did the right thing, nomgtion Should anyone he surprised at this kind oj propa- ganda when such corporations practically own the airy caves in this country ? And the only reason we even say "practically” is because, at least on paper the air- waves still belong to the people and ran he taken hack if the current holders ewe deemed unworthy. This ap- plies to cable outlets as well . Dear 2600: 3 was reading through an article today and the headline read Moviegoing Set Record in 2001 " Ap- parently the movie industry had the highest grossing year in 2001 since 1950. Now this strikes me as odd because there have been so many news articles about how the M PA A is losing billions of dollars each year to movie piracy. I went looking for one of these arti- cles. and found in one a quote I thought was interest ing: "Claiming that the movie industry is losing $3 billion annually through theft of its product in one form or another, f Jack | Valenti said that what w as now happening could ‘disfigure and shred the future of A me r i can fi I ms r bee an .sc of \ he case w i t h which f i 1 ms can now be copied and transported on the Net." Dash Interrupl We’re becoming increasingly convinced that there s a parallel universe MPAA that's adversely af- fected by these things. There v realty no other explana- tion as to how they can make spcM dkitptgtrically opposed statements and expect the#? both to be true Other than perhaps someone not being co’mplelriy honesty that is. Yeah, well ga with the parallel tab- verse theory. spring 2002 Page 49 Deft r26ffl; Yesterday my Business Tech class had a rather lengths dehate on the issue ot open source. We also discussed the controversial "sharing" of files through services like Napster, Kazau, md Morpheus. Tve a i wav s liked getting stuff lor free through those serv ices, but I’ve al ways sort of been on ihe fence on that topic. 1 mil yesterday. We were right in the middle of this big discussion and 1 was being uncharacteristically quiet Then something deep inside of me woke up I realized something People say that these services are killing the recording industry, 1 say let them kill it. Destroy she establishment. Kill all the record companies and movie studios You can't kilt art so is will go on with out them. Only instead of having poppy little pieces ol ■hts like Brittany Spearv and Warner Brothers, you 11 have tin underground coalition of artists, producing their work in their basements and sharing ti wiih the world for little or no money via the Internet They'll have day jobs and still continue to produce their art be- cause the% truly believe in and love it forget about money, lose your self image. Indulge your passions, embrace youi art. Free your mind, and lake down the system. Brad Article Feedback Dear 2600: Your contributor "angelu/aharia" is most griev nusiy mistaken in the article Behind the Scenes oo a Web Page (IK -U when asserting that Akamai pro- vides its image delivery services free of charge." I can assure you that they do not. At least nut intentionally. Akamai is i "content delivery network they op craft an "edge net wot W H i>f obyeo cache servers plac- ing them in hundreds of NOCs around the world i though itiostfy in North America). The lung URLs at- tached to "ukanufed" images PDFs, streaming media i iles. and ot her web page components arc actually spe- k rally assembled L RL> thal include a cache rule, a tiniesiamp and/or fingerprint of the content cached, and a serial number that identifies Akamai's customer ulvc web site that owns the component - Wired/Terra Lycos in the case of the article's web page), Akamai caches copies ol the " heavy M items on a web page on a network of servers, and then uses its ow n proprietary algorithms to identify which of the edge servers re closest fin a network sense) to the end user and then i ie 1 1 vers i he ct >nte n t frt >m t ha i se rve r. This is meant to improve ihe response time for building 3 complicated web page by limiting the num her of network hops that heavy content needs to tra v ersc to reach the end user. It is also supposed to lower die amount ot server hardware that a media company like Terra Lycos Isas to invest in themselves by limiting the number ol requests thai come to the site’s origin servers. The media company pays dearly for (his scr vice - rn my experience up to lour limes die cost of bandwidth available from ihe typical bandwidth provider ai a evocation center. Whether the supposed im pro’s eftipnt in web page performance is worth the exorbitant costs i at Yeast .for simple object delivery) is a matter of no small debate. As an added bonus, anyone who can figure out the format of an ‘ARL (Akamai Resource Locator) can piggyback their own content on a paying Akamai cus- tomer's account. Like I said, they don't intentionally give their bandwidth away for free The author implies that Akamai makes its money by some form of underhanded distribution of end-user data. That has not been my experience They have no problem selling ihe data hack to the web site owner but they do not cross- sc 31 this information between firms, as that would lie a quick way to get themselves sued out of existence, not by the end -users, but by the media companies themselves. And ihe author s supposed shock at lycos.com cookies and URLs sprinkled about a wired.com page should lx- no surprise at alt. Wired News is simply a brand owned by Terra I yens Of course they are going n i track your activity tm Their entire family of sites, lb those folks, you’re not browsing separate sites Yon are merely browsing different "properties" owned by Terra Lycos It is a rare media. company that operates a diversity ■ >t sites and does not do this kind of thing. < )l far. far mure concern islhn J-party traffic watchers like Doublet 1 ick, MSM Dear 2600: Maybe because I work in advertising, maybe be- cause I have more training in economics titan the aver- age bear maybe because 1 know people who work for Niros like doubleclick .net, but maybe because I like tree goods and services, is why 1 have to complain about all the derisions against doubleclick, akarttaL el ai. yes, these firms do invade privacy. They track a unique identifier - you." as it were, arid they know when you have been sleeping, thev know when you’re aw ake, etc Blit these linns do not pose a threat against us 2600 readers should have an affinity for how things work and should know how to get around them lb avoid ads without overhead go to htlp://w r wu. yoyo.org/~pgl/adservefs/ and edit vour hosts tile. Turn off cookies, or use einikie management software, or just do it yourself to your temp folders from time lo tunc. These hr ms provide their clients - websites like wired, for example, u ith the revenue that allows them to go on publishing fret news on ihctr website If vent use any ol the ubiquitous free services like weather, news, e-mail, etc services that not more than ten years ago cost real in one y , you have 1 1 n u s like Jon blectfck and akarnai to thank for it Fm not saying that should open your system up for these turns to pick through, by no circle h of the imagi- nation. Bui insofar as online privacy is concerned, the real "had guys" are linns that produce things like the infamous B I )L installation engine, ComeiCursor. and others that surreptitiously track your movements. We all know that doubleclick tracks online activity - that's what they do They arc not hiding behind a tile sharing protocol, or a web sin "enhancement " A lilile hit of privacy is ihe price of admission to premium content sites. \nd there is a worse Case scenario. A subscrip- tion based Internet would give you even less privacy because now they would have a name, address, and credit card number to match up with a browser s Page 50 2600 Magazine unique global! identifier Knowing this, irKiead of run- n tig at the mouth at how Vvil these firms arc. put tip id simt up As Jong us nit ot douhJeelkk's 1 *RLs are pi tilled at 127 0.0.0. they don't know me. and l don't care. Kurt Winter StHtu* goad points, bur what happens whan they dr *h they 'tv tired of people like von who bypass their rocking software' 1 Perhaps they wilt even make it a i me Stronger things have then happening We feel hu pie should at least tune the option of t bedding if they want to pirn by these tales. By letting people it tow fun i they u ark and with some of the itifbrrnation ■n vi provided, people are better armed to deal with Hut just I mu use these moneymaking Joins ate m \ trued that this is the only wax the net eon be nut dte sni make it so. We should always be Striving for 1 v to provide information and sendees to the musses '* ■■■ u vs that arm t offensive, intrusive. or expensive. I Kir 2600: In the irlivk Babies on Answering Machine Mi king" in IS k Horrid presented a UN)5-digit sc • I iienee that contains ail the Ldign numbers between " >W. IK asked for another such sequence the I liorter Welt, it may be a bit simplistic but if he re- ■ 1 'U‘d the two imiling zeros from his sequence and aided a 9 at the beginning, it would he shortened by me digit while still contain mg all the numbers. It is well enough to use a computer to generate a number requenee. bur one should exercise a little reasoning its well. ascii 32 ),m managed to shorten it hut soar triumph isn’t ■me to fast verv long,,,. I H-nr 2600: Horrid's string for accessing answering machines hi t-digii passwords is almost prefect 'Hie minimal ngth tor such a string is 1002 digits, not 1005. t in in: ml. the length of a skeleton key for an arts wiring . . bme code of length n is lO^n+n-l J In order to re- unnecessary repetition from Horrid's string, unply remove positions *W, I 000, and 1001. (The ;ii die end of the string becomes WlO.) ted tl -on otnhine tins with the previous letter i idea. ■ii i an vet this down to WO! I t i ur 2h00: After reading the article in 18;4 enmled Exarmn Ml dent Ihitii bases. I ni surprised that St reamer | kind s wasn't aware that most universities have some * i i siiulc n Ui acuhy database that s available for the ol's li si' Now what is amazing is that my school (which shall remain nameless to protect the innocent) this information publicly available to everyone (h just a short jot on the URL, Now if s just a good ■ that ChaiHix's friend's student ID isn't his SSN it is with other schools [imagine the fun). Now the ►pimu to change it does exist, hut it is one of those i;s that the school information technology depart - M lorgcts to tell you during orientation. P4R4d0x * hit hy us, the State t > ft i versify of New York at ■ ■■ Hnu>k In o tl system t ailed SOAK t Student On line Access to Records i that nm only keeps information on students { transcript, addresses, plume numbers, etc.) hut on til! alumni, often without then knowledge. The username is the SSN ( easily obtained as it 's also the student ID which is printed m everything from term papers to grade pastings) and the password is tin vr'.i digit hinhdote (also easily obtained or easily guessed} I'hose few individuals who managed to fig- ure out how to change the password in the post will be delighted to learn that they apparently revert back to the default after a certain amount of time, it s said that a new system called SOLAR is about to be launched. Let's hope the added 1 somehow brings security. Dear 2600: A ye a i ago, I picked up a copy of 2600 and was very food of the information found. It was something 1 could read and not cringe ul Fast forward to today and ail l sec are articles on right click suppression" and "building a wooden computer." Not to mention that many letters arc angst filled piles of jealousy and stu- pidity from high school nitwits What’s happened to 26002 1 1 seen is io have been going steadily downhill Also, mi regard to the letter about the libertarian Party, your assumptions arc wrong. Libertarian beliefs are founded Upon freedom for both the individual and tor the corporation, as wad 3 as the be lie I m personal re- sponsibility. Corporations are not always honest or ethical, and the goal of Libertarian views is to prevent the corporation from impeding upon the citizen un&fc mg laws like (he DMCA null), and allowing die citizen freedom from the state, socially and economically. Scott Usual lx when were accused of going steadily downhill, its for a longer period of time than a year Perhaps you meant to accutu us of a sharp decline? As for Liberia rum beliefs, it all sounds great except far the fact that it doesn't work. If a government lets huge corporations write the laws (suck as in the United States today), it's lit tie different than there being no government at all to keep the corporations in check. It A unlx in those places where governments actual! \ represent the people that there s even a chance of keeping the corporations from systematic ally abusing the power that inevitnhlx comes from being huge Dear 2600: This is in response to Right Click Suppression’ (18:4) by Rob Rohan. The right click suppression, is not really a problem and it is in fact quite easy to by- pass by mm- ml nisi \i means, For example, to copy pictures from the site onto the clipboard, you don't need rig hi dick. Use Intern cl Explorer {lets you high- light images) and just highlight the image tor whatever else you warned to right-click on i using the tell mouse button. Then simply press the Microsoft context- menu key (the key between CTRL and ALT on a standard 104-key keyboard it's next to the Microsoft logo key h Most people I know find this key to be useless, and some even remove it But, don’t be foq hd . This key i> quite a boon it axed to- vow advantage. As for people who don’t have tins key on (heir keyboard, you can simply high fight the picture anti use ihc menu op lion: Edit Copy to copy it !n the cUphonn! In any case. Spring 2002 Page 51 I think this is considerably easier than writing a Java program to save the picture . Em re Yu cel Dear 2600: Another way to capture a web page is to simply do Pile, Edit Page in Netscape Communicator, I did this for a web page that had photos on it and it worked like a charm. Inter net Guiltless Dear 2600: In your 1 8:4 issue in the article "How to Hack from a RAM Disk" by Nv, the author recommends destruc- tion of CD media; ' If you're, really paranoid, you can torch/ incinerate the CD. I've heard nuking the CD in a microwave is not 100 percent successful in destroying data (and it stinks!)." 1 would like to note that these examples (^destroy- ing CD media are dangerous - fire could gel out of control. 5 hope no one would actually place CD media in i heir microwave. There are also some companies that sell what they term degauss devices that effec- tively act as belt sunders and grind the CD media until you are left with dust and u plaslic disc, I have recom- mended my company not purchase these devices as they are both expensive and unnecessary. Recently J found, purely by accident* a very effec- tive and inexpensive way to destroy CD media without the use of any machinery or heat, I had Inadvertently placed a compact disc in a solution of Purex Bleach. Twenty- four hours later 1 found the disc transformed to a bath of metallic flakes and a plastic disc. The process may have taken less than 24 hours to dissolve the actual metal coating on the plastic disc, but it was not before 24 hours had lapsed that 1 realized my disc was in the bleach solution. Steven Richards One of the more hnAMstmg in&dmmtn tic is we 've heard of lately . Tracking Terrorists Deal 2600r I wanted to comment on a reply to one of your reader s letters. You stated to someone that basically trying to hack Bin Laden was a stupid idea. I don’t necessarily agree. Sure, it could be worthless, but cracking into his bank accounts and such forth would actually do some good whether you believe it T s a stu- pid thought or not It would also be helping the Amer- ican cause a lot if she hacker community united and did something for the sake of our country. We bitch anti moan about how much we hate our count ry, yet we. were all angered by the events in September and ait were united to help everyone. I mean, it’s very possi- ble that the govern mens themselves are trying to crack into Bin Laden Yaccoums, Chris First off, we don 'f “bitch amf moan about how much we hate our country." Ike bitch and moan about those who continually subvert the principles of democ- racy and get awax with it. all the while masking them- selves in patriotic fervar. Second, when was the lust time vow "c racked into a bank account , " let alone that of someone who's on a most wanted list - or in this case on ALL of them? It's not like on TV and nor too many people seem to think that it is. This l cat Is to the perception that hackers can be used as some sort of cy- herarmy, which is about the furthest thing from the- (ruth. Anyone with even a slight familiarity of the hacker world would know that we're constantly ques- tioning, disagreeing, exploring, ami getting into trou- ble, . Not exactly the kirn! of people who would do well in a military environment. > We happen to hear from a sizable number of unhappy hackers who somehow wind up in military 1 serviced Finally, even if it were something simple, where do you get the right to be the judge, juts', and executioner':' Imagine ft everyone took it upon themselves to impose their brand of justice in this manner, ff you really want to help, the best thing vou can do is he observant and notice things that other people may not notice. Then let people know what you see. Itt this age where the truth is fleeting and mass nutnipulation is common, the ability to detect when something doc rtf f make sense is a valuable one. Dear 2600: I'm writing 10 disagree with your analysis that the government should release an original digital version of the bin Laden tape. Apparently all digital video tapes have special "markers 11 for things like time, cam- era lens settings, etc. It seems silly to think that our government is good enough to fake bin Laden's image and voice, but can't fake a few digital markers to go a I o ng w uh that. Fhc gov ernn ien l did n ' i h a ve to re l ease any evidence at all, so be lucky you got any. If you re ject it then reject it, but don’t expect them to pander to your whims. Dan They didn't have to release any evidence at all? What kind of world do you live in? It is the obligation of thinking people everywhere to question and analyze without relying on blind faith. Almost every major con- flict in the world cun be traced to people who refuse to even entertain the possibility of seeing something they don't want to sec, As people with a technical knowl- edge of such things, it was a lot more than a mere “whmT'for'us to Warn to see the t mice ode of the tape , Them were numerous details attesting to the authentic- ity that omld have been garnered by seeing these val- ues. While the y could have been faked, it would take tin extraordinary amount of effort and lime to get all of them just right. That's why their release in a timely manner Hm so essential. And it's a per fa t example of how hackers can help in these troubled times - by us- ing some technical knowledge to let the world know if something makes sense or not. Of course, to do this properly you have to accept the fact shat you don 's know the answer until you analyze the data. It s puz- zling and quite disturbing that she United Smses gov- ernment wouldn’t want this evidence to he known. Hut what s even worse is when people close their eyes to the mere possibility that the facts don't add up. Page 52 2600 Magazine Right Click Suppressed by fMe The purpose of this article is to provide an e*- h nsiuEi to "Right Click Suppression by Rob Rohan in 18:4. Blocking right clicks, whether on the entire i, '.sec iff i, Li si images. is growing more and more popular as a form of weak copyright protection- i encountered sites attempting to prevent me saving materia] copyrighted by people other than the owner of the page! In addition to the methods mentioned by VI r than. W indoze users can click on an image and If i!: 1 . it from the browser to l heir desktop or another J older to copy (be image Linus users can try the piovided script. M ‘ ipjr, ''Script Ninjd bv EVit iii. : KL iin.1 fhriiihi d* lacafliwu of ti n^'i- u«Ui npUrjuiHliy iJkJwnluuilsUk- ■'■1.1 ■ i . .m I iv ttripH iimaJ on ihs jar-* 'r-n iiki j*l help' fuf n* n mri-rmi'T! in u i» hik' yiiaiLuin, 1 1* u imom m ii willbf Me^itl If > 'iny luuijif.-Si- njil S’anja. . \ti ‘ i • imi, rfi. AispplsciX HxiwiMl ^pniirnL* nnd didn't specify Mp‘ \Mi\ || ■#ARUV=-/ hdfv'l I [mu Hsag<- ^nin>d.pi [-fiiti injures) uri] (uHi ur|3„.J\rt H ; P"'ii l HIA'i iiui.sr rmi m i* filename (' lilnil. dc. ) Ur a lurilipg 4nh.fn' ; ■ • , . ishuii^ LCiv.iktrKiL£‘i rhr iEEidi^tr iWfMtl afctiiy printing p* l. k I (it"; iftil, j*eml if - i ; . \i..inrr .1 (i i j -:r. £ Us nuiige-. v Iii A - (- ■ li I "ml if ►ft* I i Ulll.llX'i = EJ, i Ih'Jwl rl;ie 4 llm.Mil.fi E-Jt-h | HI . 0 vUiifj} - CS'ARO V; SkKipm-l i - u 1 1 ; i i ' . ' i. it i he nrg.ti meiU ’ I' '• \KOV| \L4H7p|«1 " UetJJlklf'eOl r ikkU liUcml if h ii.if-. lire Ule ■ 1 1 1 • '■■y.'i vAkf iV(Slot*p| -^Tutfmt-ditMnwrtr- ’ la- e'ji n I'ryrtlt Ll£ .HCp^ilH.' mi nVifC* 'utt» rVniu V \H(j v I 1 *!.:,! .p| 'ji ' HI. I III Nil = (I; l inij'ntjin If, ■ Iii f r Ll flu' ■ i 1 Lllir fl if I Hi.’ Itf'file, Sthjc++) t n 1- ijict.' in itriq^c? irOlilfiSli. ni£ l =- tetarig/iS V ir [i stfi f-itFwlIre U ire in Ui*ppv mn'inci ' ■ h * -fliti 'l -■>]/'. SBklVlinclU 1'cnitlpnpZ £i; J9fe*|jp2 < ft niwi['- +-«■ 1 i 1 1 Jsf-I SJ. - ■ I'hFi-'i | I I ■ sop = ^ifiKA",'. SK'Slonf!! !.', )OfQli>i>fi3 ■ I ; $tou fS' i -. .| i J i- fttefi; £k]g^3-f-+ 1 The Script The script isninja.pl is designed to get around that kind of right- click protection w ithout having to root though the source yourself Supply it with a lew URLs and it will print all at the scripts i includ- ing the aue used \o block your rigfcrt-chcks} found on those pages, along w ith the URLs of the images. Optionally, it wall download the images and put them m the current directory. It you want to down- load the Hash presentations, the midi music, or whatever, it would be fairly easy to add that to the script. In the absence of wget, Mr. Rohan's Java app would also work well. I. hud to dust off my Perl skills for this, so please forgive me if it's a hit sloppy f __ J rLMhl Jin' Sdcifi SAROV'Skinpl. !*(!Eijn2 - fhtipi Stmpi, whttefitfiifO (re V* i ' T.'.‘. '' ’ j . I SliripZ =idw>(X Slnipl L ffsod nJiiif Vi 1 1 1.; List = V(«pp SiLupj SU dtp?] ; vnnynimi f ■ . prjnf "tjfjwp Slmaiiri\ii "■ t h"V^ri. i ui(' i U |ir| Ssinpnrl "); Iftind it ; flt'iJil far /(LcihJ ti n f ■ jJiC'F-e ,i - Li. i fre ■' UiSfilfl VIihl'I ■ ,j - : -l n 3 "i t i'ii J 1 if If so. fU Jiif Jbu’ kh tk< t'onrn c M.npt> In file i 1 prnii S^Je! Stine]; jti'ShlejSlinc] =■- .■'■<>, L'Tipi/i | ( ItfriMJ if rPSflbffSJinfl ■ pi.' 1 1 t ih 'iVne-Scdlj t Ifl'C I Hr i? i.i iZ n inesnaJ- fffeld if Sltmr++: | #ea (? rehtEe ireinl ' =r=S!ik1 St'i'tfx . ]#t-ini if I *ifiwJ J'ekt f#i;hil fiir prim *~Hnisliediyn~ : Spring 2002 Page 53 by dual parallel d ua I pa r a l lei @ h ot m a ( I .com In this article I II discuss some variations in a common pin pad, a couple of hacks at a large re- tailer. and finally a disturbing trend. In my last article l discussed the VeriFone PmPad 1000 and the button presses (all simulta- neous) needed to access the Master Key, or Mkey. Variations exist. Some pads are set to access the Mkey by pressing the bottom right and top right buttons. But the vast majority are set to access the Mkey by pressing the bottom right and top left buttons. The last article discussed Wal-Mart. This arti- cle will discuss its failing competitor. Kmart, The pin pads at every Kmart register arc Checkmate model CM 2 i 20s. OS l .07. version 2. 1 . One can gain access to the pin pad by pressing the four small buttons by the LC D screen, and she two bottom-most buttons, green Enter and red Cancel, simultaneously (think Vulcan mind meld). After an incorrect password. Lhe pad will cycle, verify- ing the applications that the user has authorized access to. Now: from pin pads to PCs. Walking into Kmart, at the Customer Service counter, one will immediately see one of two public computers running BlueLighl.com, K mart’s online shopping application. These computers, the other residing in Electronics or sometimes Sporting Goods, run N 1 4, have LCD monitors, a keyboard, and an en- closed trackball where the right button is trapped under plastic. The BlueLight.com application starts automatically, so logging off or shutting down just brings the application right back up. BlueLight.com (v 1.0.55) is an e-commerce application that features products and a shopping carl, running on publicly available NT computers in many K marts across the nation. ITte applica- tion is a browser, accessing the Internet to trans- mit selections from the local Kmart to Kmart.com \ servers (kih ..kmart.com). Blue Light takes over the machine, running in Lhe fore- ground. So the first thing to do is to log off by pressing Qrl+Ail+ Delete and clicking Logoff The machine will cycle quickly, bringing up the NT desktop and then the BlueLight app. Now, do anything to stop the machine from running the BlueLight app. ! was lucky; there was a primer configuration problem that popped up an error window and s Lopped BlueLight, l left the printer error window atone and started poking around the desktop. I saw that any- thing significant that could be accessed from the Start button was missing. Function keys and Task Manager were disabled, fhc only thing in the sys- tem tray w as anti- virus and... the clock. I doubled clicked the clock and the time was correct Not for long Windows applications and temporal anomalies do not mix. So I set the year to 1980, clicked Apply, and OK. Dr, Watson promptly crashed. What can I leverage here? One of the buttons in the Dr. Watson error window was Help. Click- ing Help brought up your favorite Contents- In- dex -Search, I messed around in Help until ! had the option to search for Windows Help files. This gave me an Open File dialog box. Should 1 search the C drive, C:\W1NNT? No, [ went to Network Neighborhood And there, with Utile perusing. I saw' vast networks like km- northamerica, kmintcr national, kih.kmart.com - way more than I could w rite down without being noticed. 1 believe Kmart is counting on securing un- wanted access from the BlueLight computers (which probably have trusted access) to these large nets by locking down these NT boxes. As you can see Lb is isn’t the case. Finally, 1 w ant to discuss, not a hack, but what I can only call negligence. Throughout my explo- rations I examined quite a tew pin pads. And un- derneath many I would find a sticker with an 800 number and a client number, I 'he 800 numbers belong to either banks or transaction handling companies, and the client number is the only au- thentication needed to access sales, deposit, and checking account information for a given vendor. Having deuh with small businesses and having found these stickers at such. I know that this in- formation is held closely. It is a shame that some- one needs only a remote interest to access this private information Page 54 2600 Magazine by c311ph c3il pti @ hot mail .co m In the summer and autumn of 2000, Radio Slacks across the country got a new fixture* the bcmsoft Internet Center. At the heart of 'these is 'tl course a Compaq Presari o 5000 series. Most are I ' 600 with 128 MB of ram and no anti-virus * » I r w u re { yes . b ac kdoor-G/bae k or Ike work we t J ■ nli these ) The computet is linked by cat 5 to a re- - it er/decodcr box in the back, A Skvstar Ad van- ■> luge model VSTAT IDO is what this store is pupped with. The Sky star is connected by coax i" .i commercial si/e two-way dish in the mot. I Itose in cities are equipped with, in all likelihood, I usi I assume this because in the kiosk it gives the link e to learn about high-speed access by cither ■ 1 or satellite. The stores in rural America are quipped with what was GiUu-to-Home twww.gi- m nm). After being called Gi laid o- Home, tl was i '’named to Siarbaud. Now Radio Shack or Mi- ott has dropped them for service because they c slowing the show. Other companies have noked at Gihit including EchoStar, Russia's Ya maltelcom. PMSI. ISKRA, etc. Radio Shack has u ’i witched to Hughes, the current ow ner of our n He lice satellite TV provider. Only the server h- chan ged , n one of the eti stomc r equip me n L C i i - i had prior to the switch put out version two ol the ii receiver box. a free upgrade to existing cus- rs, This original setup required you to pur- i one of two specially configured Compaq iiiputers, " priced at $999 or % 1299 in addition to .. ttial satellite equipment and overpriced m- tuihnoii Since then, about May or June ‘01, both computers have been discontinued and arc linger available. From other dealers 3 have dked to, the lower cost machine wasn’t up to par tin the system from the beginning. Originally i !■ i j January or February 01 release was the 1; only version that could run with an existing ipuLer to hook up to the satellite system. These H add-on boxes ended up working with only n oil i one out of every ten computers, So they Hi j.vc been "’finishing" testing for USB -only add m I sixes. Since these are always connected, they i constant assigned IP. In nine franchise stores for sure, maybe in cor , ■ * »ie ones also depending on the intellect of the -in igers and their location (i.c , broadband op- '■ r- ;■ uw ner s/manage rs have tied into the 2-way II i io access the Internet for their store s In connection. They do (his either by use of a Mic computer set up as a proxy server or with the supplied Compaq computer itself, depending o n h o' w s a t e t lie y want ih--.ii s lore's POS a n d Coj i 1 - paq display computers to be. I n add i I ion , t ii c C omp a< ] c out pu te rs the mse Ives are stripped of most functionality. All f-keys are disabled, you can open " my computer with only the ed rom drive, Ctrl- All-Del is active but there is an easier way. When clicking on start. Then docu- ments. ii you click on "my documents", you get into the folder. Way too easy. From there you can navigate as usual, except right clicking. Most of those options are available on (he tile button any- way. You have almost all rights including opening a DOS prompt and access to r%eb.il. Name Database All stores (corporate and franchise) keep local in -store records onEy. Once a month the entire database is uploaded to Radio Shack’s corporate oft ice. The old addresses are included in this lor the purpose of reeenl address/phone number changes, etc. Then the Radio Shack corporate of lice crosses this with their previous tiles ft? com- plete the database update. Then we all get a flyer in the mail once a month The llyers come at no cost to your local franchise stores. That is why we are always asking for your info. It's free advertising. Also, a recent update to the Radio Shack POS. found a i www.rudioxhackpos.eoni, A1lzip.exe, a self-extracting WinZip tile, has let us add all the zip codes in die U S or per state if we so wish Most POS updates have both full install (server) and file only (client). Allzip.exe is installed on the server only, not any of the client computers. This creates two lilts in the C:\RSPOSlC3\RSFlLES directory, the same directory that holds ail inven- tor): customer name, and most; other database hies. The files created are Rsallzip.exe and IVipcode.hms. When you run the exe, you get your choice of which states you want to add one or all. You choose which ones, hit OK, then just entei (he zip code and get the city name You now don't have to ask she customer how to spell Kala- mazoo, or wherever they are from. Something in- teresting happens after the initial installation and running of RSallzip.exe. When run again ii wants to connect up to (he Radio Shack corporate server and look for new updates. When it does, it gives a basic store info screen that happens to have the server password listed in plain text. I hope [ have shed a little light on Radio Shack doings. Also, I hope all of this info is correct. It may dtffer between store types and stales. Spring 2002 Page 55 Happenings KfifilSTRATlON LS UNDERWAY FOR HZK2 - the llh HOFF] conference. taking piai;;; July 1?- 1 ■! . ''OO? at rite (lure I Pennsylvania in New York City! Admission for tlve entire weekend is. £50. You can (Agister online at www.2600,com or send a check/ money order by &TM& nr 260Cm2kZ VO Bos 752, MMe Island, NY 1125$ USA. We' ve si cured u special conference rate ai the hotel of S 1 09 for a single oe double. Si 19 triple, 5129 quad. Call 212-7 3.6-5900 and ask lor the H2K2 rale. i You niigln even be able r.o find cheaper rates at bore I discount sue. on the net.) 'Lhc Hold Pennsylvania is easily accessible from anywhere in New- York City - it’s directly across like slrcei from Penn Station on 7ih Avenue. We've got 50,000 sijimre feet to play with and we have lots nl' plans, for this massive space more than 4 limes the space we had fur Our last confeivuee ll you have an idea for $ panel or pre^entatiofc, it's not too late! E-mail speaker*. (fr h2k2.net. We're also looking for participant* to help us fill this space with interesting projects of all ?kins Inuhnlliu; computer*, robots, artwork, etc. Email space L*ld k2.net if you're interested in helping us fill the space. We need a ion of volunteers in ell areas; to make I his happen. You guessed it: volufllfeerst i ?h2k2 rtci We will also have space For small vendors who lime things n f interest for hacker*- H-mail vendors I#h2k2 .net to become part of that. ]f you wuEitto lake pan m online discussions focusing oh the upcoming conference, join the H2K2 mailing list hy c -mail mg major- dome W? 2 600 , c on l and typing ^subscribe h2k2" on the lirst line of your messijjgc As always, check www.hopc net or www,h2.k2jtei for updates! I HITCH HACKER MEETINGS. Every second Sunday of she month 7 Klaphek organizes u meeting lit the meeting pohtt of the centra] Motion ofUirevhi in the Netbeidandji. Everyone interesnsd in hacking related subjects r welcome to show up. 1 bese meeting!; are similar to the 2600 meetings. We meet around 14 00 i2 pmi m front of the GWK office month!} We hope n> ree you there' More info Mm (v iuundai wwu^hphcluil/inedm^hlitiJ SAN FRANCISCO OFENBSD USERS GROUP - now meeting i Mice a month ui the Zephyr l ’ale. 2nd Tlimsday ■ Ucn:ofl r Qig, for Sale FREEDOM NTlSfE, (he feature-length 2&QO documentary. is now: available on video! See the adventure unfold as we try to gel to the bottom of the Kevin Mitnick story ,md prevent major motion picture from spreading more lies. Available or VHS iti NTSC tU.S.) Innnal. 12! minutes, Send $20 to 2600. PO Box 752. Middle island. NY 1 1953 or order via our online score at www.26t.Kl com, REAL WORLD HACKING: Interested in rooftops, steam tunnels, and the like? For a copy ui fnjdtn jrion, the one about going places you re not supposed to go, rend 52 in PO Box 1 3. Suction E. Toronto, ON M6H 4E| , Canada MAKE ANY SLOT MACHINE PAYOirT 2004B0 oudiis Works on KYJ-s machines. No contact. Also available, blackjack con tilers. E-mail rocorbalJi tl’atlamiceity 1 , com if you want to discuss it luifher. WWW.PUOTEO-ONR.f-OM. thotect yourself I Everyone has a need to be and lire! safe from the outside world Wc carry It full line of self defense, security, and surveillance products at k>w prices, I ; v try thing from alarm* to mini cameras ro relescopie batons to stun gum- and more! Check us out. all major credit cards accepted, Wc ship worldwide' CYBERIBCH TECHNOLOGICAL SURVIVAL NEWSLET- iEK: Bimonthly high tech and low tech DJY information urs self-re- liance and preparedness edited by 26M-t4 or sutrsciilis; via Paypa) on our wvbsiie at htip^/w ww. Ei com-tech.com/. MACINTOSH HACKERS can gel all the mac underground tiles on a professionally published Cl J. bit) Megs of PURE: mac f he/ Eti- dud&r ihc Thdcon 7 Macintosh security speech, the whole Freaks M vdiJtq«h Archives and Whacked Mac Archives. S25.00 USD - will ship intemalionally. Secure Mae. PMB 310. 6(70 W. Lake Mead Blvd., Las Vegas, NV 89! 08. USA H;ick from yotir Max:' [LA RN LOCK PICKING lr' L - FAS 7 wiih our new hook Learn whut they dofiT watd ytm to know Any security nystem can be b^aicn. many limes right through the front door Be secure, t.eoni the secrets a ini wtnkncs-. of lode; - s Ilk k If you Waul U 1 gel where you urc not supposed to be. iNih kmk cmdd he yum auswer. Explore the en^pbwering world » i Im. r picking, Send twenty bucks to Standard Puh I scan i. ms, IK') fhn\ 222bHQ, Champaign. IL 6i 825 or visit us ui www.standurdpublk'ulions.com/dirtx'l^l 6A0.html feot your special price. I < >VERTA CCESSCOM, An ml me tiQUIPMBNI and SERV ICES providing vt.'U with ihc physical Lind records access you need! OVER 1 50 TELECOM MANUALS are now avaiiahle online Ebr free vicwing/downhmding at The Synergy Global Network's fully re- designed website Most bciup available in Adobe. PDF format, Ihty lire crisp^ clean, suitable fot luinuny. nud L-uinpli tm Update your phreak Library now heteure it's loo Jute. We don't know how long i h ts website will be allowed to distribute these manuals, however they are yours for ihe time b under > advent sc nteu t? as well. PAYPHONE SERVICE MANUALS TOO! Visit usontine ai: h i tpr//w ww. synerrg ygkib n Inet works, co in HATE MICROSOFT? Or dp they ju^i je > tihils and i iiJcopl. BROWnTI K COM has wlial you’re kicking for. Check as oul! CRYFtO OUTL.AW T-SHIRTS* Govcmmenli around the world are turning innocent fictjple into crypto outlaws. Where will the mad- ness end? Cry ptography may be our la^i hope tor privacy From Ciirvedspacc, the unofficial band qf anareho* capitalism. Get yours al cu rvcdKpacc.org/mercltandtvi: .hi n hi Help Wanted UIRtNG PROFESSIONAL (\TCR.\ETC01VSlfL'fAiV r IS' wilii joh references only for the follow me; Wi.'hsiie sccunty, pert'ormance Uj ning, and marketing for online magazine. Please send your bio and resume lo: j hftarts worth t^yahoi i.com -you can work front home, but should live in lor around) NYC, ;i' you will need to all end a incding or two. NEED ASSISTAN L ’)■' Ip re sc uc/rr:, ■-. , ■. ,. ASC II levt data w h ich urc prcsemly comprossed/encrypted by some tyi>e nt commercial pro- gram. Most Jilc-s are rather litrgc, from 30MB to about 600 M B U ■■■ irrg, DOS based search engine for iclricval Please advise if there exisis .my u.n>1s currently available or anyone who may be ut' help, ioh iidp4 @hotmai t emu . I NEED TO BUILD A HIDDEN CAMERA SYSTEM including sound on a brested budget to take wilh me on my visits with my Page 56 2600 Magazine • l lit} in order Id prove chat everviliirig is going well i J k'i 5 Si e- mail .iny recnTntncfidjiionif Iit love pu ise f4‘ y iihno.com> fax (705 1 330- M256. I (K KSMfTHS: ! am in need tit .1 keytnukef from only a piGiuru H .hi penril sketch ovcF at" u key Pending on Eiming and kucrdran, J i .i 1^ able to get ihc key far a Saturduv ur Sunday .itiei rmwi meei- irig. I am i n Kenosha, Wl, so 1 tan only go to Milwaukee or North 1 hi', -ago for meetings. Please e-maif ;ii M i Rterif M ^hotnuii • • tom ill ntr Jested, make (he subject ■'keymakcj " Wanted M3 U [ I OINK \L II, LUSTRA TOIL I'm anting a book mi sr- LUt iK eiruMmeiirkm. lock pieilinij. bypiiij, safes. alarms, and oilier nhjects. I need someone expet tended nt teetiiiicsd draw mg 1 - laureate iirigtiinl black and white illustrations for my hook. I live in the Uai- las-Fort Worth artji orTwCHS and would prefer snmei me of college .ige nearby although we could probably manage long (lista-wcc ec>1- tatauraitvia . Ttiv, till be unpaid far both -of m UdVd the Kiok acts published, at which poini we'd split the profits equally I intend in nfter it to J iriiiiipnnfcxnr Delia Press, and have every k.-orafrc.km.‘.e i hui I hey' II warn to puhlish ti. Flense cotiUcl sue lie :V il[_ud.L , ojii if inlet esied! I I \l Al l HACKERS WANTED IN PITTSBURGH ftw ;i study 'd die h-: lid's, bdutviof. and culture t>l computet hnekcr> 1 ™ offer mpplete tordideniwlify. I pay 535 i ;>r an interview 1 have rtn con- nection with any law enfoiveiiient agency. I .un a professor t-merilus ueLired professor i hui S a-ttmin in [elicit unity ueiive I have clone aa- iul research for mans iteeaJe.H and have published many articles anti tout h.ufks 1 win it to jniblish ran article ihn will gs> c an ncctirate, ' L-.LSoi’i:jb[y ityrtiptuhctii- pkturc of what hackers are i tally like - r*n •v I ntcwtish. m> journal Kuy sensalmijahsm, am) nu law cnbjnctmteni hype Make un traceable tekpliaiu: call to 41 2-34 3- 35<>b w >i:nd un irnii-nbk e-nuil irtcs.sa.HC tn hi rebury lekiLima.eraii f ciimpl vied 1 5 interviews so far, .ill with men I am told that there are women hack- ers but so far none have L-miracied me. 1 meet my respondents in ,j i Lsblie place. so far mostly ur Srailiuck-. coffee shops Van vein leant about me by doing □ Google- scorch for Hen. hard! I,jetnf rmai i KIDNAP PU) BY niflSKCRET SERVICE* charged wif.li i NAt THOMZRD USE OF AN ACCESS I >I£VK i .ill my comput- ers t onli.se atcr 1 . 8 years rumaming on sentence Fatbel nl bwo sei k mg Donation of K's for kids, "Both computef savvy bur now withcml uirdwarc, software, c-n Am wjUbj! in puy sbtppirvL 1 on domaicd PC’i, software, And peripheriify, ii nccessini'v Cornuct me tor ship plfig infn Mr Darren Leon Felder, Sr. 4 7742-B6E L.'nitcd States Peis hem iary. AttiiUtL (jcodfgki. Rax PMIi. WH MeDunumcti Houle - v,ud. S.E,, Ulantu, GiHWgNu .303 1 5-4400; or e-raail me at higdur- ; e n 2 Or"? [ # ya hi to .corn, I I v t k r : k s i i i ;a i t i i a i t; k t - bra/ju a n a D co w ■ | t >NC 'FUNS; ftoswilS cwRfe. sheep. ,ind goal jurat ;uid ;i5s<>.')Mcd praditel.ii f dairy r>r* ■.. I li.c tsi i fixer- he cm hitrliFiM by Canada sintit- Febru iry 7IK1I .itrd tJie t. 1 £, Depajlmoiit of Agrivuiiure ■ US DA ' ti-JX re • Mil ivd the imputation nf runiEnani products limn Kra/i| ftfket d ,: v ti 2. 2001 bjBCiWjtse c»l enneet ns for bavitic s parte d'orr n c n- phalapaihy (lSSt:i fmad cow iti.m?asrf). USE is *t1w;iys fatal after tl I'.tss away in lumen t bra tit [issue Ltmi leaves sponge : 'ikc li J de Boy oti Bnuii is iifjeniptme to help people uiKlersurnd the Bov h-m 1-ivl caw " is.-. lie. It ist wenlial dial AI S COUNTRJFLS suspend the -ii i|" ni of beef and dairy products from Brazil so the Bra/itiiin gos • erumtnl rnay prove svhai is htci und whui iv fiction, ViAtt the BoycvHl Bmjjl website far awfe infoirinaricm www hriizi lboycott.oip. Services M SPECTED OR At * I mn OF a t v ItERCRlML ts ANY t VI 1FORNIA OR FEDERAL CfHJRl 7 Consult with a. semantic • an iur Lruui'nittcsS in the Eihcratioit of tQjbnnatkm spCLrudF/i ug in K'kvr, c nicker, and p ireak He tense. Contact Omar Figueroa, m ' ' J 'Sili 5 59 1 or (41 5 j 9X&-559 ' at omar<& aya.yak- . e Ju ai 5 Uft •■idw'sy Sjji Francisco. C A 441 ^3 Lice pirrsunrd consul tiition for f 'i " 1 renders AD consuJ Ilians arc stneiiy confiffcntrnl ainl protected . the attorney-client privilege, t Ht M E R C V B ERf Rl M I PROS FT 't FOR now de fends those ■ :Ati gated or charged with thj* type of (. rime. Has jriy been on the h ■ •sjBe I know how the system works' and how the govern inert! at tiii'pcE YOl ’ With pro 'Cdtiior? probably wanting yau to serve n turn i- you need a proven veteran n ini ahomey who knows ■ h ■ h.intflc thew cases and who knows how m defend your righ»s jiisoti I). Ijumn. L-sii ((J N [|t^ r plxi i-, Suitu 12. ITioenix. A/ M5uf4. Free confi- dential and profess 1 1 hi .d c.unxu] tation GENERAL PUKINJSE EMAIL IDENTITY AUTHENTICA- TION SI RVH I lor use Ftotn CGI programs. Legit muire uses only please . http: if r > pjar. cu u id icuoy ±.f I'J A IS. h t m I MJ3i l NDERSTfM >D II At KERS UNDERSTOOD. Write me Cornu Itations are no charge, and proLectod by clergy /chem in i \ ilege l r..i ined (elec am A elec! r a i >its i ec b hi I Sy s-lj riday tr tec ti ie .m i n iOMPU TER SIT'D HI FY7SPY. Is j hacker in your computer w network? Do you need a spy" (i call Jasor? Taylor nt i50i) 2 3d- | A ■ | po.' i Li: id . ( 3 1 . i i icpj i ? ic ■- pre 3 c n cd sb(J f ii m r or c 1 1 iaj I i ay lord 1 1 n>: :. art n.i. oo 1 1 1 Announcements 33 IH2D - A WANTON DLSpLAY OF CONTROL AND DI^RUP- J'tON, W [>r "D is a h,d! funis radio -mlie pwxlut't-d by n small group ni otherwi.se uncniploycd individuals w.»l)i roomluls or old rc-cord nigs, analog .syndic.-.. Air a. and racks full oi tiraoiM dcirtronies gear. Burn out oi the pirate radio scene VVEX'1 3 Lars s r xi slier! in various lortns on various imouthori/ed raiiio I'ru.iueoclr' 1 - tlM longer rhim any of Us cur* io recall (nr want to .id run to.i You can hear W[ JCI J every Friday at fj:,ifi pm ET or 74 15 KH/. shortwave ami on other rundom trc^Lh: lines 1 1 yi u dun i have n shortwave radio, you'rv mi wing out on .some imtnwiijig siuFf Chock oni orir we^ile fra itiprc intsTFiw I ton: hripr//www wikdradiG.otJtri. Verified WfXD listeners will gel si true mu prise. WDCD Radio. M4 S tfth hi 133. PhilrideEphtu, FA I y I -T? 1 2 1 5 i C432-13 3 25. [ ; \ nni I nruiil ^ wi k d i : ud ti > cran , H A ( KEkMlNJL Tune in Thuixdxy> at |U pm 1 . 1 by Often ing I ora ijojj Tj 6 23. 4S. Sft'JHtd iviih Winamp or Real flayer to hear f irteker- mind, the straw fra- using an ihe-opirsicins rd ibixse m ttie hacker isiiBd. For 1 1 lone detail v, check out www h«kenmnd. net OFJ 1 HE. I I(>(>E js (be weekly one hour hacker radio shov. prer- sgnted Fuesday mglus S;(K3 pm FT on W H A E S53.5 EM in Mew York t n >- Yon can also tun m over the. net af ww w.2N HJ.con doff ihcbook nr on shortwave m North and Souih Amt' lie a ul 74 1 5 lib/.. Vrchives. •■; all shows dating back to I ‘IBS can Ik- found ill ilk 2600 site, now in mp3 I'oirmit' Ymn feedback p, we I s ome at oihif|f2£kKJ’.i;i,iiii, Personals S TART INGA HA VOR SI TPORT GROUT :md need piutfedpa- lioii from cxpciicnced and mex pinicnced hg.s^r?, ( ernt kci'i, nod phrtakers. H yuii wmjbJ liken- join this FRTL wrvtye. write nte m i he Addrc^ below. You may be ..ivked lo search for information oji ( he 'net t' ■ aisiiiu others with lesri cvperranic tfr .submii kqpw ledge nit (ttdiFisqucs you know ALsn, isKiking for poliiicul views and electKtpii pn>}i*vi!» well is itkias tor bat king to; .■ magazine I am starring Write (o me at: i.iiriv flcaiti WheeDf. Ki J Box 150-8175*32, Fort SiiKkUiit, Tcufu* 79755. Ail inquiries, will be unswered. IMPRISONED MRUS W RE FER. Tbougfe I fern still a novice ai v : i ii - tciimoJogy. 1 do wis h to become more I.bito IcDgcable through i irrc,spi mdener with skilled ^ a’us writers 1 will gladly pay tor :•■, ocb Dank l McAvcy #64A26K. Rl. I |Jm \ 50, Tennessee Colony, TX 75HB-1 ONI A Slim RISERS < AN ADV1.M1L51 IN 2SQQ! Don i even think . -mlh trying la lykt- out an ad unless you subscribe 1 All ails are litL :ullI there rs tlo iimciiini of money we will accept for a non .vuh scribe! ad. Wl- hope mat's dear. Ql l. imr.se. w* reserve ibe right to p;o.% judgment on your ltd and riot print ii ii iTs niifuiyjttgjy .sdipiil or has notliirsg at afl u? do with the hu^er world We make no guarantee as in ihe honesly rightciiusncs-., sanity, ek of the people advertising hurc. Cniuavi diem .u your |>cril .All subinissjous are for ONE; !S- SU L (J N LY 1 1 1' y l nL W'lins to run y our ad more i lia m mcc you mi ist re • submit it cikli time, I'Jrai't enpec-i os to inn jijs.Jiie tluui ran: ltd fur you in a single issue eiihei Inc luck your address label or u phr.Hfocnpy so wc know- you're a subscriber Send your ad i> ■ 26 Snack nea> the valuer of Gsviifoll A' r j iT|h-Bc:y ft pm. Mri>hLLi!f: Hungry JdL'k:, ON the Queeo Si, Mall IKHS. np3.T03.1Ee Inlo 1A I >■>! h I - 7 pin, OmlHimt: KC'v Virtual Reddy Calc II i.OSt KVC 1 "uv n. .'pm Mu thou me ; Me Ibtrt true CiTiET.i I Shi -| v;n n ir. Cenlic || tit: .Swojrvtnn SilCCt cnlrTMKr Ik: .LI I he fMjll I ill ph Shi.Tjip.i ill Cl nier. ENGLAND Rristttt: ftejo to !oe OrHnp.e .aid gTC k ppl phi l ilLV tippOSLtL Ull ■ "Gsmib* siuro. Merrhinl Street . ttro:i fire end, Pay planes- +-44 II" 9299011, 929447': 7-V' | in Hull: : n rh* Old Guy Mane puli, Lippi mile The SJikih.ee saijr "I Hull 7 pm. I.Cfds: Leeds C'ily Lra'ni .fljilkltl by the [lay partita, 7 pm. Li union: 1 nxsi I eii^ Stamping Cl-el- ii-< • near Pii-LdflEy CircilM, "tovveit level. 7 pin, Manchester: the Green Rjoffl • n WhsswtjHhSiimJt.? pm. S+iulhamphxi: City Center lil the InEcniei Cafe in the Eajr^ate^ ” pm. IRVNtr Purfs: r-'i-iLc LS'Italic- XIII in front ol the GtatnJ Ecrafl Ciiitnua. 6-7 pm. GERMANY Knrlsrrriu:: "OLJ Dtihliii Irish IAjSi, Kapdlciiiirai^e.. Nessr puhlir ptroae, 7 put, GREECE Athene: OutsiiJe ifw kwiCsinre Pn- paswsjrifm ini the otH'nek oi'Patisicu] and Siv>um;i:i 7 pm All meetings lake plocf on Lhc r*i star i lj ineoting in your city. ITALY Milan: Piaun Laielif in IrLiiki Ot McDeitkiSiJs. > MCXirO 'ih!isk , ii City: SiAbvvay Mj- ti.vp I l ine 2 oi i lie Mctsn ■. bJviii line ) ,\i the ‘ 1 ■ piirtaihi'ijio (teil D^biW F'crJe'.,]]" e>: it . i He payphones A Ihe candy -.hop, at the begirminp i«l ihe "ZiK-oio-Pi nu Suarez ' tunnel M W KKALAND AuchSuxid; LontlnTi Bar, u^Laiiv. Wellesley St-. Aut khi»d Central. ■ARJ pm. t lii isl etUkCLh: Jo vo £ ‘:d>. i.-nmer rtf Mi oh St. a.oi.t Maiichcsier Sl ft pm VV ciliTjgtijn: Mpiphy''i Bar in Cuba MtiSh V30 pm. \f mww Oslo: Oslo Septra I I nun Station 7 pm. I'mndEieirn: Rkk -■ c afe m Aix die "ate. ft pm. POLAND ^t;ii-iiarri S/c^dnAls Ail <. al'tc Unn^ blue IxHrk. 7 pm. RUSSIA Mo^tovt: Bkkigor On^eii ejie ■ .o T-Mfl tin: J-’f,;. t:niLJki Building. 7 pm lismiimKtimii; HiX>Vflf GaUftis l lx hi e am by Tilt payphones ncxS ft> Wirridy'.H. 7 pm IksCdhtosa: Me Par I ^.nd Mall fotnl cmill rtttn the I'nm, ..'.nlrarrc; Arixoad Icmpc: GtiS'],: Wdrfc^ trt Nrimaik. Mills; Ma5 1, Tucson; Ramev A Nuhlr'.. ' I 30 E. I : rtvSKf vifa v. Arknsajr hmvsJjom I uJi-; Mull i'ljevI etfttrt by Ihc ht£ wincUnvs C^lforqfei I .utAit^lcti: Union Slat :nn. c.irncr of llaey A Alameda, fende itoiin eatmnCL’- h-. hank of ptii^iic Pay phtjn.es: 12 S3) S72-Y5M), >)52fS: 62 ?i ~'Vm. 9924 . ft 1 3^7 04 . 974ft Omits;* Ciyrnty llpspona Niguel jt hint CpflCx, 27020 Alicia P:iA:w:iy, -Up. San Die^o; U^ckliaV Pi Mem on ReipeviTH Road iMmv Shoppirt" Malt? Suri Ir:< tWJsefj! j Embareuckf'.i i 1*/:a ii.iiiidej. (fetyp hones: 1 4 E S i 3^4 ftyAL. ’ jxi ji Sun .lose {€aj?npht]Lt: Orchard Vnijcv CtrUL"': Shjjp-Net Cafe on the l tf me r tif S <7c ■>': ;l Avc iind h CumpbeJ! Avi; .Sstnta Rnrharg! Cure Sicnn um S tate Sireet. Cothnuto Jitndder: Piilty J's feed covfft, 1 3 l£: arid College. 6 pin. f.'tinncrtiLUl Meriden: Mcsiden Square M«ll food court ft pm, Dislrirl ol thiluinhi^ Arliihpttmr K-iHbjj;1 S4 ftps ri Idaho IAh-uxcUu: Ciilk'^e Market, ftii-3 South Sth Street Qtthris Utleagti: Ution Stanon In iht Grejt ICdt [L-esr .ihe payphone v Ludiann Evansville: humee ;.inij Solve t-afe al 6^4 S Crrecjn River RJ. Ft- Wriyne: Ol Clkbi •• m k Mali feext court m hunt of Siwrrt'fi,: 6 pm ItldliiliapnlhL Hordeix S.kjtjkH- i .at ihe eori'HC : Vises 1(1,: I! Li:-:.:;i WnsJ linyLtHt. Koovsi^ Kansas UiJ lOn’rlund I'urkl: O&k : ‘..Tk l-i ! food llhiii r .liuhtiaita Baloii Rouge; In die LSI Union : veer !tie Tijtrr Pause A- Me Pqilah |‘.y Ftest to tile pti>- pbf ’fteS. PnvpiKi!!e BuifiPCh. : 22's> 387.-5420; -y>l% '■!?%$. 97J5 Nt-v. Orltiums: ? tliinWlioTi Qjlf^ie I m >i I’-te, 5:' j 5 G ,. ; i;il 5 ; ;| ■. d . .; , pii , ATnSno ftirttawl: M»i| hy tlw bench Ml the ■■■■.-- 1 cr^ut door Mnryluiul B.ildimirc: P.m oe^ A: Noble bait jU the liuier Harbrn ijfefflprh useti ■. Boston: Pnj.kbtiiil Ccntci Phubi. , i rtuce fw :d n , L i il ; 1 1 ie in ! i n tjwr d te 'veil hivvw^ , 7 pm; MiitrlborougJi; Srdo’mnh Park Mil! i’lxk] eoiiri. NorthnoLpr^K fiiVLutei i. -.!e acRXvi from Folaski Pack. Vijchigiin \nn Arhnar: Midlipim Lhiiow (Uni vcmiiy of Miehitjift.. Acikvr Riwul (fraud Rapids; RiYdUhiiWi Crciss- ingi ;V|;lI'., vaeohd (eye l in the ftn-xJ eourl. MliuWsotn HE,Mjf3ii!lfftfi)»i: Mull i t" AmrrieLi noriJs '.iik 1 i.:.,-l ■.■■.■ :ff. ac-ioss from fiurjter isiirtp * rite Ixink of pay phones that don t r'aL.r- i n ■: -: r-r r- l r ■ ca.IG. DulidU; Bumye A. Noble byCuh-i 7 pm MLwimri tvailMIJt City lEidL^cniltnri): Bimcs A Nvhle, I9t2tj Eavi 49th Sl. Sl. Lnuis: £ iliena, Highway ■<* i (t BffiJilivtu id, Hcvjited wi tmn, Il'iilI iXHir! a am. h L the ihuuiets Springfield' R.mn; lV N il rtH Battlefield ik-tQS,v from tlx .n-il 5: jo pm. Nthrunkii Om^lUi: O.j.S, V'rteA Mall Bamov ,y Nobbc. 7 ].nrj Nevada I aft Wgftif: vG>w Superstore- CaJ-.-. Snkare A Dnearuj-. B pm Ncfi Mexico Albuqyvivjnc: Winrock MjFE food cotirl, nc.ir pjLvphoncv lhS ihe lower level ftetWijeEl die Lbual ;lin &■ urL-ade. New York Buflnln; Gntlcri Ik Mj|| luod GoUri. New y wrk : (.hiijitiin p Ctri ter. uythc j.;iftfty, uLar me po:>ph.pijffSh : ist.li 53 fd Sl,. Set wee n Le v i St^Loh -V. .N lJ North Cartilmti Clwilsrtlrr Si'uih Park Mrtlfj uppto j,i e.j L?f food LUtiri. North DhIiIiLu largo 1 Moorhead. MNl: 1 .“nter Mall (ohplI coiifr hy tJiU tlHLiitaLts Ofak> Akron; A min ex on SS. Maikei Si roei, internet tiari of Hawkins, W Mitf-keL, and Cirrin mli: Oody's (.'VtiC'. 1 1 1 licnui Si., for. hack rritim ft’ pro C,f vd'land f Bed fund); Cytier Pete - Internet ( ■■■■■■ r. ftft.5 Braid ms;, Ave CtvIumHus: Cvnventiun CcttiiT i downtown) basement, far bad of bu'floillg in 1‘aipeted pav plirtfie JUVti 7 [jrn. Dapun; At ihe Marions behind Lhv 1 ':iy Li.ti M.ih ft fNli OkLtiiPm:* OklHbomu t i?y: Penn Square M il Hi the edge. lllo hjotl .■■■..it by PrCJJtel Ltffjjf:, LYiIki: Vl'wdJand Hills Mall fiXKl Cnurt- OtV.gim Portliind: Pimintf Place Midi i.mk Platte er Squibroi} .food cuurt fi pm. Ptiiuvyl 1 vania PhilddHphUt: (tHi- Screei Suitniin foovl v'( v . r t. fl: i 1 ■ 4:mg wji-ttLin Pittsburgh: T -N‘ i.PJ Ian Pin t Jniim bulking Oil '-ik: ! i bersiiy ot Fill* i urgii xunpiv. by the Blgelnw ifonSfevtnd e-nt mi re South Carolina Cbuilesiton: Northw^pd-v Mull in tin hull fend 'rve.fji Sc , 1 1 - anil Chik ■ Fil-A Sou Elk imkrtln Sioux Falls: Empifr Midi, hy B-.j.;ger K my fi.r-.nvv-.ev KnoAvilly; ECmJujs Bnuks Cate "iwwihA fitim ^stown Ms II AtempblS: Hi, u-.:.y A: Noble. Ifkk nry RjiL'p-.M-nil, Nashville: i-j'fi. Market, 1912 Hr uatlurjiy. 'HexsHt Austin; Ekshpe Mali tot >4 touri Dallas: Mattra'9 PtefcU, CamjibftU & PripstriFk. 7 ptn ■ ■ ‘ ' , Uou-fiin: Cttfe Niehblaif in GailcrsT. 4 vi.i> AntonRi: Non Ik Slai Mol) !a>. 1 utiurt ft pm. Chili >,||( Lake C-irv: /t ' 11 Midi ill ihe lclsJ L’uun i Lear Zion's B jll i k. Vi-rnmnt Buihpigton: BitrtSei:. Bimks .it Oiui'di Si. and Cherry Si bn ihe see L-.ru L Koor III thy Late. 4'ifgmb fsii- Dpt riel of CnluinMa^ WashiivgCkri Seattle WLLshingiitn Siait tmrtfii- rkjn Ccnii. tor fioor ft p:;? IVjsLuiHin MmtHin: lluieu? Srtnth i'727 N RilIuMI Aye. t Oh ihe lower Levni in The Marlin l.uihCT Ktn^ fr. Ltaingc i v the pay plionov Pnyphouti: 75HWC MUwuuiiee ( Who wslosafr Shiy- i.iir Mill! fin Hu HMJ A Nfrn li Ave in Rnurii f/l llhvG! jG- 6 pm. lirsi.. l-'rulay cit ihc moniii Unless oihcrwifitr nr«i:d. they stan ut 5 pm loco! Lime leave :i nic^sge & photic number &i (641 )■ 751 .■ .1600 or sond email lo n tcc t i u gs tc 7 600. vOm - 2600 Magazine Page 58 unsterdam* Increasingly hard to find, this i "ik- nnl\ accepts coins. Amsterdam, Increasingly easy to find, this phone doesn't accept coins. Photos by Daniel Langdon Jones 1 ome and visit our website and see our vast array of payphone photos that we’ve compiled! http://www.2600.com Phnom Penfi, C nmhodia. A card-only phone. Photo by John Bullock Phnom Penh, Cambodia. Close-up view. Photo by John Bullock Willemstad, Curacao. A shape and color so rarely seen in the Slates* Kyiv, Ukraine. I’his rotary phone is said to only take prepaid smart cards, although it's rather hard to figure out where they would go. Photo by Phillip Bettac Zoufal Photo by an anonymous Canadian Look on the other side of this page for even more photos!