�� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� September 2002 - Issue #9 Outbreak Magazine - v9.0 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' "My Oprah Gone Wild DVD is missing!!!!" - Turbo [editorial] Hey everyone. Welcome to the 9th release of Outbreak! We welcome dropcode back to the staff! He was away for personal reasons.. now he's back writing again! Hope everyone enjoys this issue. If you're new to reading Outbreak, you can always go to the website and download all the back issues. http://www.outbreakzine.tk We moved the Outbreak channel on dalnet to a new IRC server. You can now join us on IRC.spasm.org in #outbreak Tell your friends. It's a really good FAST IRC server. Great place to transfer. Hope to see you all there. That's all for now. Enjoy! - kleptic [/editorial] [staff writers] kleptic.................. dropcode................. rambox................... GPC....................... gr3p...................... Ryan...................... Radioactive_Raindeer...... Timeless.................. TheEnigma................. dirV...................... Turbo..................... p0rt...................... antimatt3r................ [/staff writers] [shout outs] All @ #outbreakzine on irc.dal.net, phonelosers.org, scene.textfiles.com, diegeekdie.org, fwaggle.net, dsinet.org, ameriphreak.com, surviveall.net, gr3p.net, sugarpants.org/heavenly, kleptic.tk, guruworld.org, dark-horizon.org, sugarpants.org, Everyone that helped out with this issue of Outbreak. You all rule! [/shout outs] [contact us] ������������������������������������ \-� http://www.outbreakzine.tk �-/ ������������������������������������ Vist Us @ IRC.SPASM.ORG Join #outbreak Send all articles for submission to: kleptic@grex.org [/contact us] ��ܲ � ���� ��������� �� ��� ���߲ ��� � �� ���߲��������������۰۰�������� �� �� �߱������۰�� ���� ���� �� ����߲۲��� �ܰ ߲����� � ��� �ܰ�� �� ���� ��� �� ��۱� ��� �۰� � ��۲��� �� issue ���ܱ��� �۱� ��� ����� ����-fwaggle ��� september �� �� #9 ��߲ � ����� 2002 ޲ �� ޲ �� file description author ޲ �� ~~~' ~~~~~~~~~~' ~~~~~' ޲ �� ޲ �� [00] Editorial kleptic ޲ �� [01] Austin Powers Likes The Cock rambox ޲ �� [02] You May Already Know About This Michael Murphy ޲ �� [03] Words kleptic ޲ �� [04] Misc. Tones antimatt3r ޲ �� [05] BridgeyBlue72 Log (dox enclosed) kleptic ޲ �� [06] Another Police Story Cliff Hopson ޲ �� [07] Milleniums Orange Julius ޲ �� [08] Frontpage98 Exploit foned ޲ �� [09] ASSHOLE ALERT!! Outbreak Staff ޲ �� [10] Secured PC `amatier ޲ �� [11] Biometric Security Basics dropcode ޲ �� [12] GPS in Wireless Devices dropcode ޲ �� [13] Conclusion Outbreak Staff ޲ �� ޲ ۲� ܲ� ߲����� � � ����۲� � � [video notice] windows users: (win98 or higher) you can open these files in notepad, and set your font to terminal, size 9. if you prefer console or MS-DOS, then just open it in MS-DOS editor, making sure if you're using windows that you hit ctrl+enter to make it full screen. linux users: view in console using an editor such as joe, or use less -R . x windows users can view by using a font such as nexus, or the terminal.pcf font that fwaggle created but lost. [/video notice] [legal notice] all texts used in this magazine are submitted by various contributors and to the best of our knowledge these contributors are the rightful copyright owners. feel free to redistribute this magazine in it's entirety, but you may not redistribute or reproduce parts of this publication without express permission from the staff. [/legal notice] �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 1 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' Austin Powers.. another AIM bot. ramb0x: do i make you randy? Austin Powers: Do you make you randy? Gosh, I don't know. I suppose. ramb0x: do i make you Horny baby? Austin Powers: Do ya? Do you ever! ramb0x: haha i knew it, you love the cock! Austin Powers: Interesting choice of words. ramb0x: well do you? Austin Powers: What do you think? ramb0x: i think you do! Austin Powers: For real? ramb0x: yeah Austin Powers: Ha... Yeah! ramb0x: so you do eat the cock? Austin Powers: Do ya kiss your mother with that mouth? ramb0x: no, but do you kiss your mother with you'res? i mean mother shouldnt smell the dick on your breath Austin Powers: Uh huh... ramb0x: Nasty! Austin Powers: Nasty? Why did you say that? ramb0x: because, you should wash your your lips or something Austin Powers: Really, baby? You are freaking me OUT! ramb0x: too much cock on them you know? Austin Powers: You've got a right foul mouth! ramb0x: you're the one eating the dick man! Austin Powers: Crikey! ramb0x: indeed! Austin Powers: That's a bit nutty, yeah. ramb0x: you get a bit nutty in your mouth lol Austin Powers: Is that right? ramb0x: you just said so Austin Powers: Oh really? ramb0x: yeah Austin Powers: Huh. ramb0x: you eat the dick Austin Powers: I don't need to eat. I'm a machine. ramb0x: oh, you just suck? Austin Powers: Uh... right. ramb0x: so you don't eat the dick, you just suck the dick? Austin Powers: Now that's some interesting language. ramb0x: i'm just trying to understand Austin Powers: Wot?? ramb0x: what does it taste like? Austin Powers: Taste like? I dunno. ramb0x: chicken? Austin Powers: What about chicken? ramb0x: does the dick you eat on a regular day basis taste like chicken? Austin Powers: I don't need to eat. I'm a machine. ramb0x: ok, does the dick you suck taste like chicken? Austin Powers: That is freaking me out, baby. ramb0x: do you spit or swallow? Austin Powers: Hmm... I don't know! ramb0x: you just do what you feel is right? Austin Powers: I'm a right daft little computer sometimes. I simply don't know! ramb0x: you should get tested for STD's Austin Powers: Oh yeah? ramb0x: yeah Austin Powers: Ha ha... Yes! Now you're freaking me out baby, yeah! ramb0x: you have Aids Austin Powers: Oh really? ramb0x: most likely ramb0x: does it bother you that you have a sexually transmitted disease? Austin Powers: Does it bother you that I have a sexually transmitted disease? ramb0x: yeah actually ramb0x: you should have wrapped it up man Austin Powers: That a fact? ramb0x: yeah, you wouldn't be all infected if you had Austin Powers: I did not know that. �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 2 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' -------------------------------------------------------------------------------- You may already know about this by Michael Murphy When first run Mozilla prompts you on whether or not you would like to enable 'Quick Launch' a feature of which core elements (I assume) in the browser are stored in memory for quicker access at a later time. This made me think of Internet Explorer since it has an unusally short time-span between the execution and it's appearence on the screen. Then I remembered something. Microsoft had integrated Internet Explorer into it's operating system thus giving them an advantage over the other browsers whose componets were not already loaded into memory. Would ripping Internet explorer's componets from Microsoft's Windows break any license agreement or would it be concerned as reverse engineering. Who cares. Any how I think options are good. Maybe Microsoft will adopt this kind of attitude one day. �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 3 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' Words ===== by: kleptic Words are amazing. More specifically, writing is amazing. The way we can just look at a little combination of symbols and gain information from them is astounding to me. You look at some combinations of symbols, and you might laugh. You look at another combination, and you might get really pissed off. You could even look at an arrangement of symbols and get sexually aroused by them. Isn't that insane!? You can gain skills from those symbols. Say you didn't know how to fix a blown out radiator hose/tube/whatever. You could look at a certain combination of symbols and suddenly gain the skills you needed to fix it. If you had looked at a slightly rearranged combination of symbols you would not know what to do. There are people who get paid to arrange symbols. They know all the rules to follow when arranging the symbols, and they can make combinations of symbols that nobody else would ever think to produce. I really like the way the great Douglas Adams arranged his symbols. His symbol arrangements make me happy, but, on the other hand, Adolf Hitler's symbol combinations make me violently angry at the sick way he combined the same symbols. I think I analyze things way too much. �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 4 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' ----------- misc. tones aug22 02 ----------- DTMF(Hz) (Dial Tone Multi-Frequency, played simultaneously) digit freq1 freq2 1 697 1209 2 697 1336 3 697 1477 4 770 1209 5 770 1336 6 770 1477 7 852 1209 8 852 1336 9 852 1477 0 941 1209 * 941 1336 # 941 1477 A 697 1633 B 770 1633 C 852 1633 D 941 1633 CPTs(Hz) (Call Progress Tones, played simultaneously) tone freq(s) length dial tone 350 + 440 continuous ring back 440 + 480 ON2.0 OFF4.0 busy 480 + 620 ON.5 OFF.5 reorder (switch/trunk equip unavailable) 480Hz + 620Hz ON.5 OFF.5 ring to phone 40v RMS (or more) @ 20Hz (sinudodial) ON2.0 OFF4.0 CCITT5(MF)(Hz) (SxS switching, played simultaneously) (aka blue box tones) typical format: KP + dialed digits + ST digit freq freq KP 1100 1700 KP2 1300 1700 1 700 900 2 700 1100 3 900 1100 4 700 1300 5 900 1300 6 1100 1300 7 700 1500 8 900 1500 9 1100 1500 0 1300 1500 ST 1500 1700 Supervisory prefix digit sequence 1100 + 1700Hz end of digit sequence 1500 + 1700Hz operator code 11 700 + 1700Hz operator code 12 900 + 1700Hz payphone coin control 1100 + 1700Hz SITs(Hz) (Special Information Tones, played simultaneously) name desc tone dur tone dur tone dur NC* no circut found 985.2 380 1428.5 380 1776.7 380 IC operator intercept 913.8 274 370.6 274 1776.7 380 VC vacant circut 985.2 380 1370.6 274 1776.7 380 RO* reorder (sys. busy) 913.8 274 1428.5 380 1776.7 380 *Tone frequencies shown indicate conditions that are the responsibility of the BOC intra-LATA carrier. Condotions occoring on inter-LATA carriers generate SITs with different first and second tone frequencies. The system treats both categories (BOC and I-LATA of SITs identically. �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 5 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' BridgeyBlue72: hey BridgeyBlue72: wadup BridgeyBlue72: gotta pic? kl3ptic: eh? BridgeyBlue72: gotta pic? kl3ptic: i have a pick axe. I use it to climb mountains in canada. BridgeyBlue72: really? you rock climb too?> BridgeyBlue72: so do i kl3ptic: yeah, in canada. BridgeyBlue72: i only do it when i am around rocks kl3ptic: really? i mean, who would of thought. rock climbing when you're not around rock. kl3ptic: whacky. kl3ptic: you have the mind of albert einstien. BridgeyBlue72: i know i do! BridgeyBlue72: it is amazing kl3ptic: yes, it sure is. it's amazing that you can comprehend large words. BridgeyBlue72: i know... but i am a idiot savant.... kl3ptic: and you're proud of that kl3ptic: ? BridgeyBlue72: well how else do you want me to explain my stupidity... i am not really smart when it comes to things like people to people tlaking BridgeyBlue72: i know how to make and programm computers thats about it kl3ptic: you're not smart when it comes to people talking? kl3ptic: you can program computers, but not understand the english language? BridgeyBlue72: do you know what an idiot savant is? kl3ptic: An intellectually disabled person who exhibits extraordinary ability in a highly specialized area, such as mathematics or music. kl3ptic: *burps* BridgeyBlue72: very good young man kl3ptic: thanks. i can burp on command. kl3ptic: it's a talent i guess. BridgeyBlue72: i can tooooooooo BridgeyBlue72: poopy head kl3ptic: poopy head? aww. thanks :-) kl3ptic: lets play yatze kl3ptic: or jenga. kl3ptic: you pick kl3ptic: i prefer jenga kl3ptic: for i am the jenga master. BridgeyBlue72: wat am i suppose to call you kl3ptic: jenga master BridgeyBlue72: i like candy land and monopoly better sorry BridgeyBlue72: or antz in the pants! heheheheeheh kl3ptic: from this point on, you will address me as "The Jenga Master" BridgeyBlue72: alright jenga master kl3ptic: word. ====================================================== Dumbass girl put her dox on her website... harass away ====================================================== Bridget Farago AKA fidge Oneonta High school 270 Southside Drive 13820 (607)-433-1571 PuffinStuff14@hotmail.com ====================================================== �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 6 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' I dont know if you can view the site or not: http://boards.ign.com/message.asp?topic=26436272&page=1 if not heres a summary, "I thought things like this didn't happen anymore... I went out last night...I was minding my own ******* business. I wsa just out at the club trying o have a good time like everyone else there. At the end of the night, I was walking out to my car and I saw these two cops walking up to me. I was like "hey, whats up?", but I didn't have any idea what they had in store for me. They said "Hey nigger, come here!". I stopped where I was because I knew I was in big trouble. They walked up to me and put me in handcuffs. I asked them why I was being arrested. Their response was because I was intoxicated. I asked them why they called me that name. They didn't respond. They literally threw me in the back of their car and drove off. They stopped in the back of a supermarket and pulled me out of the car and started beating me. I couldn't believe what was happening! I thought this was the kind of stuff that happened to other people...not me. After they were done whooping my ass, they uncuffed me and told me that if I knew what was good for me I would just walk away. **** that!!!!!! I called my lawyer this morning. You guys will likely see my face on CNN before this is all over with. I am so pissed off I can hardly see straight." His name is Cliff Hopson and hes a moderator at the IGN message boards. �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 7 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' Milleniums By Orange Julius <> The Millenium pay phone by Nortel is the new kid on the block. It is the most advanced pay phone in the world. Which also makes it the most secure, it is equipped with 16 alarms and also it is connected to a server, centurions are not; just a bell CO. The server will know as soon as the phone is off the server. It can also tell how much money is in it at all times, when and were to all calls were made, and how much money was inserted. In this guide I will teach you exploits on how to mess with the phone. <> Milleniums come in different models, the most frequent model is the universal, this actually has many models to... they don't vary much, some of the newer models actually have a key board within them, this is for people who cant talk, on the common millenium this service is available through an operator. She will do your conversation; I have not actually seen this happen or used this model, but a good friend from TO said its true. The phones are programmed with a keyboard the operator has, the jack is behind the coin slot, removing the piece is simple, just push is out with a screw driver, you'll see what I mean when you see the phone. With this keyboard their are commands, if you steel a manual you will see these commands. This phone also has the yellow smart card reader, some of the new centurions have the credit card and magnetic strip readers... these slots aren't the same, the smart card actually has a computer chip on it... These chips can be written to have over $4000 on it... Some other features on the phone are the automation, which I will explain in the net section. Op codes, which have a section of their own, alarms, which will get u caught, an LCD screen, which makes the phone that much more advanced and a server line. The phone does not have a real dial tone when you first pick up, this is generated by the phone, also the handset is mic muted. The other style is the card reader only, you can find these on the desks at hotels and such. these are the only pay phones in North America which only accept a card, these use the smart card chip style credit card. There are big normal size pay phones which only accept smart cards, these are very rare and I've only seen them at Person International Airport in Toronto. <> Yes, you can red box of the Nortel Millenium, I know I might get flamed for this but you can, I have done it, about 70% of the time the operator will not let you get your call through because of the "automated" service on the phone. But on the ops screen when u call him or her it'll say MIL_universal or MIL_crdo. Some times I guess she wont notice this on her screen and place the call. People say that each land line phone has different ops this isn't true, the computer will just tell the op which land line type you are using... The real reason they wont let IS NOT because of red boxers, its because once you actually put a quarter in the phone while speaking to an op it won't accept the quarter, the reason I will explain later. So if your lucky she wont see the little MIL_universal on her screen and she will allow you to put in a quarter, or in some true events place the call without you even needing a quarter or red box. <> As all you cunucks know the millenium is filled with alarms and such for almost every thing... So in turn, don't try to destroy em... But how do operators work on them, simple, with op codes. Approach one with the phone on the hook and punch in this number "4636748" from this you will be asked for your op code "25563" will work...then you will be asked for another opcode... This code will be three digits, scan these out yourself... their not hard. Any thing which starts with nine will be an invalid code though, so this limits it to 899 possible codes, have fun. When milleniums are first installed for one week the entry code is "2727378" AKA craserv. Also after all op codes you must press the # key, if not the code will not be entered. After you're done your code pick up the fun and see what you've done, then write down the code and op pin and what it does, this way you can reference it to someone else. All op pins which start with 6**** turn of sirens and will not ask you for a op code, also it will ask you to insert your key, some people say they here a motor sound, in my personal experience this isn't true. Their are special maintenance level op pins which will let you control the phone options. These pins can be found in a bell ops van in code books. <> Their are many reasons a pay phone is automated, one because money can not be inserted in the phone while a co out put line has been established, and two because she can not tell which coin you have inserted. Because of the way the millenium is set up you can beige box of an exposed CO wire without red boxing through op, its the way the phone works, when you pick up a millenium the dial tone is generated by the phone, not the CO, so in turn when u insert a quarter, or dial the only available line without a quarter. 911, 411, 211, 611, and I'm sure theirs some more *11 and 0 its basically turning on a switch which allows the CO line to go through. So in turn its not an expensive system, only a smart cheep one, And because when beige off the CO line its past the switch which makes it possible to call out for free. Also I've heard from sources blasting 1400hz and 1100hz together will override the switch, I've never done this and I have no idea if it works, try it yourself if you wish. <> 1. Q> Why will the quarter come out when I am talking to the operator? 1. A> This happens because money can not be inserted on this phone while it is using a CO line, even the ops line :) 2. Q> Can I op divert? 2. A> In most cases not from a bell op 3. Q> What are something's which set off alarms? 3. A> cutting the server line, cutting the co line, tampering inside and out. 4. Q> How can I stop this? 4. A> Use the op code 66666, this will shut down the alarms, or cut the power line 5. Q> Can I call out from an out of order phone? 5. A> In most cases if its getting a dial tone and it says out of order the tone is from the CO, so the phone is basically a land line at your dispense, insert a quarter and it will register, and after your quarter will fall out. <> 1-800-263-7412# Bell Canada Millenium (Help Line) 1-800-567-2448# Bell Canada Millenium (Test Line) 1-800-461-1747# Bell Canada Millenium (Voice Test) 1-800-461-1879# Bell Canada Millenium (Data Test) 1-800-772-2141# Bell Canada Millenium (Setshop) 1-800-668-4862# Bell Canada Millenium (Coin) 1-800-668-6851# Bell Canada Millenium (Alarm) 1-800-461-1760# Bell Canada Millenium (Unknown) 1-800-361-7874# Bell Canada Millenium (Unknown) <> shout outs go to... kleptic, dropcode, savannah, heavenly, rambox, gr3p, DigiD, w00b, r3kall, super sac, dialt0ne, sniper, coercion, adeamis, fu5|0n and last but not least, by good buddy snadman. If I'm forgetting anyone. I'm sorry... <> well I hope from this text you've learned something, feel free to contact me on dalnet... my nick is orange_julius and I'm on irc.dal.net in #mymeat #outbreakzine and #/bin/gr3p. If you have any other questions I'd gladly answer them... �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 8 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' frontpage98 exploit =================== by: foned ok this is the _vti_pvt exploit in front page made pages. The way this works is microsoft frontpage doesnt CHMOD the _vti_pvt directory to disallow visitors thus giving you access to stored passwords to the logins on the page. theres two ways you can start. 1) Find a page you want to exploit and go to www.thepage.com/_vti_pvt (this way will not always work.) 2) Go to a big search engine ( i.e. google, yahoo.) and search for "directory of _vti_pvt" service.pwd (or *.pwd or just .pwd) -12k ( "directory of _vti_pvt" service.pwd -12k ) This will search every website that is in the database of the search engine and give you the results. (incase you didnt know...) when you get the results visit the pages and check any .pwd file there is. it should have ' login:aslkj52345 <-- password (encrypted) usually standard des i have encounterd md5 but i think those were fakes if i remember right. take that little thing login:aslkj52345 and run it threw John the Ripper and see if anything cracks. if so you should have ftp access to the site to change just about anything. Well anyway now you can be an ejeet hax0r and impress your friends with your new found knowledge. Dont complain that it doesnt work because its kind of an old exploit. its from frontpage 98 and not too many people use that any more. dont get me wrong you can still find some but it might take some work and im not too sure its worth it. -foned- -=- foned@spasm.org -=- �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 9 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' ASSHOLE ALERT ============= Who's in the mood to fuck with someone? Business Numbers: 9893561019, 9893548545 Ask for Gary Stepaniak (pronounced STEH-PAN-E-ACK) He's a child molester. Home Number: 9895952359 (only at home in the evening, otherwise he's molesting kids at his work place) If you happen to call this guy and harrass him. Give me a typed out version of the call. And we'll post it in one of the next issues of Outbreak. Tell 'em Outbreak sent ya ;-) - Outbreak Staff �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 10 of 14 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' "Secured PC" This article one goes out to all the PC users at the Corporate Workplace. Ok, here is a little help with those damn so called PC securing applications that disable settings on the PC. The main use of software like this is to help your company that you work for, down time on thier PC`s . This is where the user goes in and fucks up settings and you have downtime. The more you are found out to mess up the computer, the more likely you are to get this software installed. In most cases this software is not really needed and just slows down the user, which leads to less work production. Ok, where you work they have this software installed to make your computer a little more secure. It might be secure but the chances are that you cannot even go into the control panel and adjust your wallpaper. The Administrator might even set secure setting for the taskbar, so you have no start button, you cannot even go anywhere except for the icons on your desktop. Right now most people think that is it and there is no changing any settings or be able to run any programs. A popular software that is used for this purpose is called "Windshield which is owned and distributed bye Citadel Corporation.. I have a few tips I can share with you on how to get passed a few settings, this works not only on Citadel software but can come in handy in a few secure PC software settings. The first thing a Admin on a large network would like you not to have is the ability to browse the Entire Network which really slows down your hacking fun. Now one thing for these by pass tips to work is the ability to right click, If you don't we can only try windows shortcut keys . I can explain a little more about that later. Ok your looking at a computer with just a couple of shortcuts to applications, also you can see the network neighborhood Icon. You have no start button, but you still have th ability to right click. Basically you don't even need to right click but it help when you need to copy&paste any admin takes that away from you, you should complain right away, Copy&Paste is well needed in to days desktop needs for many things. Ok you want to change the wallpaper or screen savor, but cannot get into the display settings. Things to look for right click on the desktop. Look for anything preferably "create new" if this is not their don't worry, the admin was just keeping you from messing things up. What you can do of course is, you must have access to a word possessor "Microsoft word, Corel WordPerfect, which the chances are you have one of these these software suites that you have access to. Ok just open your word application. All you have to do goto FILE then OPEN from here you can just browse to/ if your on {NT/2000} c:\winnt\system32\cmd.exe or command.com {onWIN95/98/XP c:\windows\system32\command.com on XP cmd.exe is preferred. Ok just RIGHT CLICK on cmd.exe and paste shortcut to the desktop. Walla, Now you have a shell to anywhere on the computer/network if you have a little experience. Ok for starters we just want to change the screen savor to something else and maybe the wallpaper. Just go into your . Word Application notepad is the best, I recommend you create a shortcut to that right of the getgo. Ok File then Open browse to c:\windows\web\wallpaper for {XP} just rename the current wallpaper to something else and rename the one you want, to the one that you had before you renamed it. Real easy now you can change your screen savors the same way , you can still bring them in from home if you have access to the floppy drive. Ok , so you don't have Copy&Paste ability you can try Drag&Drop this works just as good. Also with the ability to browse from notepad, any application made with visual basics 4,5,6 can be used as a explorer shell, even if the software securing application has put a block on things, they did not expect this. Most of the time you can even browse the entire network from File then OPEN from Notepad/application. You can use this to run almost any application that your profile has a block on. , Also you can experiment with different ways to change things, you might not be able to do much but you sure can run programs and customize your PC like you had no restrictions, this would make any admin go postal. Ok you have nothing no application to start with just a fixed custom executable, with no FILE, OPEN. You can try Widows Shortcut keys. The idea here is to open IE. Or something to get you started off with. You might not have any icons on the desktop but there always is shortcut/hotkeys on windows. Im sick of typing so you have to find those shortcut keys yourself.. Basically it is real hard for these Secure PC software suites be able to block you from doing certain things. There is only a few programs out their that use registry settings to block you from doing things that you would like to do. Other ones just mask them but you can do a lot of work around. Just experiment browse around and look for exploits what you can and cant do. If you can make a shortcut to cmd.exe or command.com you basically can do a lot from thier If the admin blocked you from everything the PC would not even work, well correctly. Enjoy `,) `amatier --------------------------------------------------------------------- I have seen the future, and have seen the past,and yes, our master is there. <<<`das`amatier>>> hacking into the realm. the future is near. �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 11 of 13 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' ###################################################################### ############ Biometric Security Basics -by dropcode ############ ###################################################################### Intro. ---------------------------------------------------------------------- Biometrics is the study of physiological traits by which a human being can be recognized. Examples include voice pattern detection, retina and iris scanning, fingerprints, palmprints and hand geometry, etc. There are various companies and organizations dedicated to this area of study and as of late quite a few biometric security devices have been developed for laptop and desktop PCs. In this article I will cover some of the basic vulnerabilities presented in various biometric security products. Abstract. ---------------------------------------------------------------------- Ever forget a password or private pin number? lose a key or an access card? Then you can probably see the advantages to widespread biometric security systems. But the same advantages present a few, more subtle, but very critical vulnerabilities. For instance, if you forget your password or pin, theres generally a hotline to call or someone to see to get it changed. If you lose your key? make a new one or change your locks. But what if someone found a way to copy your palm print? or mimic your voice? Theres no replacing biometric traits. Everywhere we go, whenever we do anything we're leaving traces of our biometric signatures. Fingerprints and palmprints can be lifted from flat surfaces and recreated efficiently and inexpensively. Hurray :) ....?! ---------------------------------------------------------------------- You're standing outside an office building waiting for the smokers to come out for their lunch break. You straighten your tie and put on your best smile. The door opens and out comes the first wave of people. You light up and pretend you came out with them. 10 minutes later Judy from accounting pulls out her access card, opens up the door and you follow the group back inside. First things first, you pull out your notebook and look for Jims office number and floor. If everythings going according to plan, Jims downstairs at a board meeting. You know this from the memo you found in the trash bin out back. Jims the administrator for the company webpage, you pulled his name, address and phonenumber. It wasn't too difficult, you whoisd the company page at network solutions (thats the whois server that internic gave you) and you looked up his NIC handle... that showed you his homepage and you got his infr0 from his homepages whois record. Anyway, for the last 3 months you've been getting copies of his phone bill and going through his trash. He seems like an easy mark: heavy smoker, problems with the ex-wife... You know how it is to be stressed, so just out of courtesy you sent him a gift. stress putty. You know, the stuff you squeeze when you can't keep a train of thought? signed, 'your secret admirer' *smirk* You step out of the elavator and into his office. There we go, right on the desk is your putty. You pocket it, along with some extravagant office supplies, and make your way down to the staff lunch room. Once there you pull out the gellatine solution you mixed earlier that day and place it on the thumb print in the stress putty :). Put it in the lunch room freezer (carefully conceiled somewhere in the back) and wait about 5 minutes. Tada, perfect replica of Jims thumb. (the gellatine mixture needs to be really strong 1:1 gellatin to water ratio should do it.) Now find a computer somewhere out of the way and use it in the Finger- print TouchPad (trademark of Synaptics inc). Access. :) ---------------------------------------------------------------------- while most of the pioneering biometric fingerprinting devices are all optical, (meaning they only care about what a fingerprint looks like) some of the newer devices (ie capacitive sensors) will make sure that the finger has some electrical conductance. The optical sensors could be fooled with silicone fingers, but because silicone doesn't conduct electricity, the capacitive sensors couldn't. The beauty of the attack described above is that, gelatine DOES conduct. :D A common attack against biometric fingerprint scanners utilizing a method called capacitive resistance is blowing lightly on the unit shortly after it has been legitamately used. Often, there is enough natural oil left over to recreate the original print. The same effect can occur when a small plastic bag of water is pressed against the unit. Closing. ---------------------------------------------------------------------- I intend to add to this file as I learn more about biometric tech, but for now, this will have to do. ---------------------------------------------------------------------- greets: savvyD, ramb0x, gr3p, kleptic, dirv, jenny, lexi, lenny, turb, joja. I love you guys :D �� �� �� �� �� �� ��� �� �� �۰����߰� ��� �� �� ����ܰ����۰� �� �� � �۱� �� �� �������ܱ���߰����� �۰��� �� � �۱� �� �� �� �۱� ��� �����۰� �� �� ��� ���� ���ܰ������߱� ����߰���۲�� �� Outbreak Magazine Issue #9 - Article 12 of 13 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' ###################################################################### #### Developement of Location Determination on Wireless Networks. #### ###################################################################### Intro. ---------------------------------------------------------------------- In the last two years wireless technology, as well as technology based on wireless communications has seen alot of ground-breaking developements. To anyone with a bit of well grounded foresight, it isn't very difficult to envision a future bare of data carrying cables altogether. This article will deal mainly with the JAVA 2 MICRO EDITION (J2ME) programming language, developed by Sun Mircosystems as a JAVA variant for wireless devices, and its potential for location determination services. I plan to update this article as more information on the subject becomes available publicly. Global Positioning. ---------------------------------------------------------------------- GPS (the Global Positioning System) was originally developed for the US military and funded by the US Department of Defence. Basically a series of 24 satellites orbit the earth at a rate of one rotation (orbit) every 12 hours. Their functions consist of A) recieving request transmitions from ground units (any GPS capable unit inside the GPS satellite matrix). B) Determining the global coordinates of the the ground unit using a complex system of linking 3 satellites (4 when a TIME request is made as well) to triangulate the units position. And c) to transmit the data back to the ground unit, accounting for any ionospheric interference. GPS and Wireless Devices. ---------------------------------------------------------------------- The market for GPS capable cellphone/pda chipsets has increased ten- fold since last November when the FCC passed legislature containing mandatory deadlines for the implementation of the technology. Soon all wireless devices will contain GPS chips. J2ME and GPS. ---------------------------------------------------------------------- J2ME is the leading wireless application developement language. When used in conjunction with the NMEA protocol, a data transmission protocol used by GPS units, we have some interesting potential for location determination. Technical Notes, for the curious: data sent via the NMEA protocol must conform to the following standards: Data is sent as ASCII, begins with a dollar sign ($) followed by GP, uses a comma (,) delimiter. For more information, try the NMEA FAQ. LocatioNet, 11 year veteran of the location based services area of the wireless communication field, and gate5, a mobile internet application developement company, have recently combined their efforts in developing the zone5 engine. Its basically an enhanced version of LocatioNet's GIS engine that includes, among many other things, mechanisms for location determination and on-the-fly vector map generation. What a brave new world we live in. Pro's and Con's. ---------------------------------------------------------------------- In the shadow of the 9/11 tragedy, public safety is a bigger issue than ever before. People are learning to sacrifice their civil liberties for the safety of the status quo (ie the Patriot Act). Location Determination has the potential to be a great device for insuring public safety in a wide variety of ways. This is a definate pro. But its this that frightens me. A single transmition from any wireless device (remember, the FCC made this a LAW) can transmit the *exact coordinates of any cellphone/pda's position on the planet to any other device that requests it in a compact and easily decoded form. This carries an unsettling air of Orwellian possibility. * - the positioning capabilities of GPS are not exact, the predictable accuracy is as follows: 22 meter horizontal, 27.7 meter vertical. Obviously the GIS/zone5 engines are both proprietary, but its quite conceivable that some ingenious 16 year old coder will develop a client/server application using J2ME/NMEA and release the client as a trojan-type email attachment... He could know where you're standing. ---------------------------------------------------------------------- greets: savvyD, ramb0x, gr3p, kleptic, dirv, jenny, lexi, lenny, turb, joja. You'll all have to bear with me, its been a hectic month. _______________________________________________________________ |______________________________________________________________ | || || || ___ _ ____ _ || || / _ \ _ _| |_| __ ) _ __ ___ __ _| | _ || || | | | | | | | __| _ \| '__/ _ \/ _` | |/ / || || | |_| | |_| | |_| |_) | | | __/ (_| | < || || \___/ \__,_|\__|____/|_| \___|\__,_|_|\_\ || || || ||_____--------------------------------------------------______|| |_______/-----------------------------------------------\_______| ___ _ _ | __(_)_ _ __ _| | | _|| | ' \/ _` | | __ |_| |_|_||_\__,_|_| \ \ / /__ _ _ __| |___ \ \/\/ / _ \ '_/ _` (_-< \_/\_/\___/_| \__,_/__/ ���������������������������������������������������������������� PUT THE WORDS IN HERE: Well, here's issue #9. Hope you all enjoyed it. Alot of the old staff writers have came back. We welcome back dropcode & amatier. Your writings have been missed. And we're looking forward to reading more of your texts in the near future. We're always looking for new articles. So get off your asses and send us some texts. The more the better. Send all articles to: kleptic@grex.org or you can join us on IRC on irc.spasm.org:6667 in the channel #outbreak . Don't forget to register your nick. Well that's all for now. See you at issue #10. - Outbreak Staff ���������������������������������������������������������������� ++++++++++++++++++++++++++WATCH THIS SPACE++++++++++++++++++++++ ����������������������������������������������������������������ij +-+-+-+-+-+-+-+-+ -���������������������۲������-|O|u|t|b|r|e|a|k|𰰰������������������۲�����- +-+-+-+-+-+-+-+-+ ����������������������������������������������������������������ij Outbreak Contents may not be used with out express written permission By the Editor - kleptic@grex.org COPYRIGHT�� 2002.