Académique Documents
Professionnel Documents
Culture Documents
m
li eril&d by n.TI& me
coin $ W a s w&mflkr
-d-@~-~pr I T Jlholl..
7
For more exciting foreign payphone photos,
take a Look a t the inside back cover!
and say, it lately seems t h a t it would be t h e the FCC has made it i t s mission t o become the
endless f i g h t against t h e increasing restrictions morality police o f t h e airwaves. Congress has
of our society. Whether it's t h e Latest govern- jumped i n on t h e act, apparently frightened by
ment crackdown on something t h a t wasn't even a few crusaders o f decency i n t o thinking t h a t
a crime a decade ago o r another corporate law- such restrictive views reflect those of t h e na-
suit against someone whose actions would have tion. Their latest idea i s t o impose fines o f
seemed completely harmless i n another time or $500,000 for each and every utterance o f a
place, we cannot seem t o shake this perpetual word they disapprove of. While few would sup-
f i g h t we're forced into. And, Like most things, port the idea o f turning t h e public airwaves
there i s good and bad i n this fact. i n t o a bastion o f gutter speech, what these
Fighting i s good. It keeps you awake and re- threats have accomplished i s t o instill fear and
defines what it is you stand for. Done properly, force broadcasters t o constantly err on t h e side
it can also open up a l o t of eyes and bring a o f caution. Translation: n o controversy, nothing
great number of people i n t o t h e battle, hope- outside t h e norm, and a great deal o f paranoia.
fully on your side. But becoming a constant vic- The re,sult is a wlhole l o t o f blandness which is
tim of what's going on around you isn't at a l l far wclrse than an occasional displa y o f bad
constructive. I n some ways we seem t o always taste.
expect things t o get worse and when they do We a u ~ t u > laugh
t a t absurdities Lllc
we're not surprised. And with that, we Lose our Fraudulent Online Identity Sanctions Act which
outrage and replace it with resignation. actually i s being considered by t h e House of
We need t o do everything i n our power t o Representatives. It's designed t o deal with one
avoid falling i n t o t h a t latter category. That's of t h e nation's biggest crises: people submit-
what we hope t o accomplish i n these pages - t o ting false information when registering Inter-
challenge, t o ask questions, t o n o t be intimi- n e t domain names. While this i n itself wouldn't
dated i n t o acquiescence. The only reason we've be enough t o get you convicted o f a crime (yet),
survived this long is because our readers have it can be used t o significantly enhance penal-
been there t o encourage us and t o prove t h a t ties if, for example, someone i s sued over t h e
what we say and what we do actually counts for content of a web page. Many whistle-blower
something. It's important t o extend t h a t reas- and dissident websites would f i n d it impossible
surance a l l throughout t h e community - indi- t o operate if they had t o do so while giving out
vidually and collectively - so t h a t we n o t only their realidentities and locations. Yet such sites
survive but grow stronger. I n this way it w i l l i n - provide a very valuable service t o t h e public. By
deed be possible t o reverse the tide and build adding this intimidation, it suddenly becomes a
something positive. potential crime t o t r y and remain anonymous.
We a l l derive a fair amount o f pleasure i n Equally absurd i s a new law passed i n Utah
listing t h e latest negative trends i n our society. t h a t requires Internet service providers t o keep
So let's take a little time t o focus on some o f track o f and provide a way t o block access t o
the highlights. porno!graphic websites. While this may sound
The recent actions o f t h e Federal Communi - attracti v e t o a politician or a media outlet seek-
cations Commission have been quite frighten - i n g t o whip up hysteria, this has always been
i n g i n their zeal t o restrict and punish speech something t h a t a user could easily implement
t h a t they disapprove of. Because of t h e trauma with varying degrees o f success using different
,
suffered due t o the events o f February 1, 2004
(when part o f Janet Jackson's breast was mo-
types o f software. But now t h e ISP i s being ex-
pected t o take on this responsibility, somehow
/keeping track of every website i n the world that bombarding us is the best thing t h a t could have\
has material deemed "harmful t o minors" and happened for those who want more control,
facing felony charges i f they don't block access more surveillance, and a crackdown on dissent.
t o them on demand. The mere creation and dis- When all is said and done, it's clear who the
tribution of such a blacklist by the government real enemy of the people is. While the mass me-
is an incredible waste of time and effort at best. dia, government, and corporate world would
It's as ridiculous an expectation as what we see Like that enemy t o be those who challenge the
i n many restrictive foreign regimes where the
system, we believe they're i n for a disappoint-
realities of the net simply aren't considered i n
ment. That designation belongs t o those who
the face of religious and/or totalitarian
are hard at work dismantling t h e freedoms that
zealotry. Like so many other ill-advised bits o f
Legislation Lately, the power and responsibility we have a l l aspired t o i n the interests of "secu-
of the individual is being overlooked i n favor of rity" or because they feel they have Lost control.
proclamations from governmental agencies who It's clear that they should Lose control because
really have no business dictating morality. it's obvious that power i n their hands i s not a
None of this even begins t o address the evils good thing at all.
of the Patriot Act and its proposed successors, The fact is most people get it. They have lit-
legislation drawn up and passed quickly i n the tle problem dealing with controversy, differing
wake of September 11without debate or analy- opinions, or common sense. They don't need t o
sis of any significance. We've devoted space i n be talked down t o or have their hands held at
these pages i n the past t o the risks we all face every step of the way. Most people understand
as a result of this monumentally bad idea. No that the world they Live i n isn't Disneyland and
doubt we will continue t o do so i n the future. that an adult society doesn't have t o be reduced
And this is certainly not something restricted t o a child's level i n order t o be safe. But too
by our borders. Recently the "Anti-Terror Law" many of these same people don't step up when
was finally passed i n Britain after much debate. others try and restrict what they can say, do,
This new law allows the authorities to detain
read, access, or even think. Maybe they assume
British citizens as well as foreigners indefinitely
someone else will do this for them. Maybe they
and without charge i f they are "terrorist sus-
pects," a classification which no doubt will be think they're actually i n the minority and ought
bent i n all sorts of imaginative directions t o t o stay quiet for the purpose o f self-preserva-
suit the accusers. It also becomes the only tion. Or perhaps they just don't take any of
country i n the European Union t o suspend the these people seriously and are content t o laugh
right t o a fair trialin such circumstances. About at them from the sidelines. ALL o f these are pre-
the only bit of positive news t o come out of this cisely the reactions that t h e control seekers
is that extensive debates won the right t o have want more than anything. "ALL that is required
this law reviewed and possibly repealed i n for evil t o triumph is for good men t o do noth-
2006. Again, we are reminded of what Ben ing." We can't fall into that trap.
Franklin once said: "Those who would give up What can we do? It's really simple. Unity on
essential liberty for temporary safety deserve these issues is all we need. Wherever you find
neither liberty nor safety." I n a quote that yourself i n today's world, you have a voice and
seems t o fit this categorization remarkably you can reach and influence people on all dif-
well, Prime Minister Tony Blair said, "Those con- ferent levels. All it takes is t h e desire t o do this
siderations of national security have t o come and a Little persistence. Educate yourself on the
before civil liberties however important they
issues and why they matter. Bring it up at your
are."
place or work, i n your school, t o your parents,
When you look closely at these trends and
those that we have been covering over the friends, or children. Don't be shrill or offensive.
years, it becomes clear that most of them have Put yourself i n the position o f other people and
nothing t o do with September 11, threats of at- inject your insight into the equation so that you
tack, wars and invasions, or anything else that can effectively communicate why the issues
we've lately become obsessed with. Rather, that matter t o you should also matter t o them.
I
these incidents have become excuses for push- This is how movements are born. And that is
ing policies that have been i n the works for what we need if we hope t o escape what is
years. The element of fear that is constantly looming on the horizon.
"If tyranny and oppression come to this land, it
will be in the guise o f figh ting a foreign enemy.
- James Madison. 1
II
Back issues available for 1984-2004 at $20 per year, $26 per year overseas.
Individualissues available from 1988 on at $5.00 each, $6.50 each overseas.
K!7
BhEP* DUT
!nKENsooTW.Eaur9?ENz
....Z.....Z......
i
TURNSTILES
[IKEhl BO@T
EYC QAR ENILODEFI
F F U FF
The physical characteristics o f MetroCards follow those of standard cards (see Terms) almost ex-
actly, but are one third the thickness. They have a diagonal notch cut out i n the upper-right hand cor-
ner 3 1/8" from the Left and 5/16" from the top of the card. Additionally, they have a 1/8" diameter
hole, with its center 1/4" from the left and 5/16" from the top of the card, which is used t o aid
machines that suck your card i n (bus fare boxes, MEMs/MVMs, handicapped entry/exit machines, etc.).
Vending Machines
MEMs and MVMs are Located throughout the subway system. They allow you t o purchase or refill
various common MetroCards with either cash or a credit card. RFMs can't be purchased at machines but
can be refilled. On the front of the MEM or MVM i s a tag with the machine's unique I D number.
The BIOS System Configuration screen from an MEM looks Like this:
AMIBIOS S y s t e m C o n f i g u r a t i o n ( C ) 1 9 8 5 - 1 9 9 7 , American Meqatrends Inc.,
t b 0 0 Magazine
\
Receipts
Receipts can be obtained from MEM and MVM machines by answering "yes" when prompted. They
possess a lot of information about the MEM/MVM, subway station, and card. You can match a receipt t o
a card by comparing the serial numbers. Let's take a look at some samples:
MVM RECEIPT MVM RECEIPT MEM RECEIPT
T r a n s : S a l e OK T r a n s : S a l e OK T r a n s : Add T i m e OK
P a y m e n t Mode: C a s h P a y m e n t Mode: C r e d i t Amount : $ 10.50
Amount : $ 7.00 Amount : $ 21.00 I n i t i a l Type:030
Card Value: $ 0.00 Card Value: $ 0.00 7-DAY RFM UNLIMITED
C h a n g e Due: $ 3.00 Time Added: 030
C r e d i t C a r d #: XX5346 7-DAY RFM UNLIMITED
S e r i a l #:I059909877 Auth#: 0 0 0 0 0 8
Type: 023 R e f #: 0 6 0 6 1 5 7 6 2 1 2 9 ATM C a r d #: XX0952
1 -DAY UNLIMITED Auth#: 7 6 0 3 4 6
S e r i a l #: 1 0 2 7 0 6 6 8 4 8 R e f #: 0 2 9 0 8 9 5 5 9 6 6 8
Questions? T y p e : 024
C a l l ( 2 1 2 ) METROCARD 7-DAY UNLIMITED S e r i a l #:0987218036
Questions? Questions?
C a l l ( 2 1 2 ) METROCARD C a l l ( 2 1 2 ) METROCARD
Most o f the information on t h e receipt i s fairly obvious, but notice the line t h a t begins with "MEM
#" or "MVM # .The first four digits correspond t o the actual MEM or MVM I D number as found on t h e
machine. The next Letter and following three digits inside the parenthesis correspond t o t h e closest
token booth. This ID can also be found on the booth itself. The meaning of t h e next f o u r digits i s cur-
rently unknown. However, they are unique t o each machine that has the same b o o t h ID, but are not
unique among machines with different booth IDS. They seem t o simply be a unique I D for each
MEM/MVM i n the station, possibly grouped by location. See "MEM/MVMsH for a table.
Now Look t o the bottom of the receipt. The Line t h a t begins with "Type:" (or " I n i t i a l Type:" if an RFM
is being refilled) gives the numerical card subtype value followed by a description o f t h e type on the
following Line.
Receipts purchased with a credit card contain additional fields that allow t h e MTA t o verify the
credit card holder i n the case that he/she decides t o Lose t h e MetroCard.
Turnstiles
The use of a turnstile i s the most common way t o enter the subway. Entry i s granted by swiping a
valid MetroCard through the readerjwriter located on the outside of each turnstile. Once swiped, the
LCD display on the turnstile will display a message. Some common messages:
GO. Message displayed for Unlimited MetroCards.
GO. I RIDE LEFT. Message displayed for Student MetroCards, where "1"is the number o f rides Left for
the day.
JUST USED. The passback period for the Unlimited MetroCard i s not up.
GO. 1XFER OK. Message displayed when transferring from a bus.
Above the LCD there are a series of round indicators. Of these, one has an arrow pointing i n the di-
rection of the turnstile i n which you would enter after paying your fare, and another reads "No" and a
do-not-enter bar which, when lit, indicates that the turnstile is not active. After paying your fare, an-
other indicator below the green arrow lights t o indicate that you may proceed through t h e turnstile
without smashing your groin i n t o the arm.
Above those, there are three horizontal bar indicators contained within a rectangular cutout. When
a Reduced-Fare MetroCard is swiped, the top indicator (red) will light. When a Student MetroCard i s
swiped, the middle indicator (yellow) will Light. When an Employee MetroCard i s swiped, t h e bottom
indicator (the color of which I ' m unsure of) w i l l light. These indicators are present on both sides of the
turnstiles and they allow transit cops, many o f whom are undercover, t o monitor t h e types o f cards be-
i n g used by riders. This helps detect, for example, when Student MetroCards are being used a t times
when school is not i n session or when an obvious misuse o f an Employee or Reduced-Fare MetroCard
occurs.
F >
Reading MetroCards
MetroCards are relatively difficult t o read. You will not be able t o read them with off-the-shelf mag-
netic stripe readers, so please don't waste your money. The reason for this i s not t h a t the format i s dif-
ferent; MetroCards use Aiken Biphase (also known as frequency shift keying (FSK)) just like standard
cards. However, the hardware that ships with these readers is designed for a completely different (and
well-documented) specification. They require many "clocking bits," which consist of a string o f zero-
bits at the beginning of the stripe t o aid i n setting a reference frequency for decoding. Additionally,
most readers also look for a standard start and end sentinel that exists on standard cards t o denote
the start of a particular track. On top o f that, characters on these cards are defined as either four or
six b i t blocks (depending on the track) and contain a longitudinal redundancy check (LRC) character
after the end sentinel t o verify data integrity. Needless t o say, MetroCards don't have any of these
properties and contain fields of arbitrary length; thus, another method of reading and decoding i s re-
quired.
Fortunately, magnetic heads are everywhere (e.g., cassette tape players) and the output from mag-
netic heads when passed over a magnetic stripe consists of voltage spikes i n the audible frequency
range. Since sound cards are excellent A/D converters for this range of input and are readily available
and very cheap, we can use the microphone input interfaced t o a magnetic head for the purpose of
creating our own reader (for a l o t less than the MTA i s paying, I'm sure!). See the article "Magnetic
Strioe Readina" i n this issue for more details.
1 For the same reason t h a t reading was initially difficult, writing t o MetroCards i s extremely difficult,
and is still a work-in-~roqresswhich will not be discussed i n this article. A techniaue similar t o that of
t h e decoder (in reverie) ;an be used t o write t o cards, although it i s much more difficult t o implement
and obviously requires more equipment than just a sound card and a magnetic head. For those of you
who realize how this can be done and have the ability t o build the equipment, kudos, but keep i n mind
the ramifications of being caught using a card you wrote t o yourself. Modifying the data on cards does
work. But the MetroCard system is very complex and allows for the surveillance of this sort of activity.
The goal of this project i s t o learn how the system works, how it can be theoretically defeated, but cer-
tainly not t o get stuck i n prison.
Apart from these difficulties, MetroCard tracks are defined as follows: Dual-Track MetroCards have
two tracks - one track being twice the width of the other - and will be referred t o as track 1-2 and track
3; Paper MetroCards have one track which will be referred t o as track 1-2. These track names (as I
refer t o them) correspond t o the same track fields t h a t have been established by IS0 7811.
-
Decoding Dual-Track MetroCards Track 3
Track 3 on Dual-Track MetroCards contains static data. It i s written when the card is produced and
the serial number is printed on the back, and i s not written t o thereafter by any machine. Some data
found on this track can also be found by looking at the information printed on t h e back of the card.
The track format is as follows:
Track 3 C o n t e n t O f f s e t Length
--------------- ------ ------
1: Start Sentinel 0 15
2: Card Type 15 4
3: Unknown 19 4
4: E x p i r a t i o n Date 23 12
5: Unknown 35 4
6: Constant 39 8
7: unknown 47 8
8: S e r i a l Number 55 80
9: Unused 135 16
10: Unknown 151 16
11: End S e n t i n e l 167 93
Content Offset
Start Sentinel
Time
Card Sub-Type
Time
Date
T i m e s Used
E x p i r a t i o n Date
Transfer B i t
L a s t Used ID
C a r d Value
P u r c h a s e ID
Unknown
Card T y p e s ( p a r t i a l )
Type Subtype Description
---- ------- -----------
0 0 FULL FARE
0 10 PRE-VALUED
0 12 PRE-VALUED ( $ 1 0 . 0 0 )
0 13 PRE-VALUED ( $ 2 . 0 0 )
0 14 L o n g I s l a n d R a i l Road
0 19 PRE-VALUED ( $ 4 . 0 0 )
0 23 1-DAY UNLIMITED ( $ 2 . 0 0 f a r e )
0 24 7-DAY UNLIMITED ( $ 2 . 0 0 f a r e )
0 25 7-day E x p r e s s Bus U n l i m i t e d ($4.00 f a r e )
0 26 30-DAY UNLIMITED ( $ 2 . 0 0 f a r e )
0 29 AIRTRAIN
0 30 7-DAY RFM UNLIMITED ( $ 2 . 0 0 f a r e )
0 43 TransitChek
0 46 TransitChek
0 47 TransitChek
0 48 T r a n s i t C h e k 30-DAY UNLIMITED
0 56 1-DAY UNLIMITED ( $ 1 . 5 0 f a r e )
0 57 7-DAY UNLIMITED ( $ 1 . 5 0 f a r e )
0 59 30-DAY UNLIMITED ( $ 1 . 5 0 f a r e )
0 62 SingleRide ($1.50 f a r e )
0 87 S i n g l e R i d e ($2.00 f a r e )
4 2 Two-Trip S p e c i a l Program P a s s
4 5 G r a d e s 7-12
4 13 1 / 2 F a r e - G r a d e s K-12
L a s t U s e d IDS ( p a r t i a l )
ID Location
-- - - ----- -
1513 1 4 t h S t / U n i o n Sq
1519 8 t h St/Broadwav tA39)
1880 L e x i n g t o n Ave - ( ~ 6 0 l ) '
1942 ASTOR PLACE ( R 2 1 9 )
2157 34th S t / 6 t h Ave (N506)
2204 42nd St/Grand C e n t r a l
2278 9 t h S t r e e t PATH
MEU/ElYMs (partial)
Location
----
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
14TH ST. - UNION SQUARE MVM
8TH STREET 6 BROADWAY MEM
8TH STREET 6 BROADWAY MEM
by clorox ton and the tasktray. The start menu was bare,
I'm sure most people searching for a job have no way for me t o execute an application there,
filled out an electronic application a t a business just a shutdown button. But i n t h e task tray they
on one of their machines. I know about four had Mcafee Antivirus running. I ' m n o t sure if it
months ago my friend was looking for a job and I was a corporate enterprise version b u t Idouble
figured I ' d help him find one. No one was hiring clicked it t o t r y t o find a way Icould access t h e
so he decided t o t r y a store i n the mall. The store hard drive. There was a field w i t h a browse but-
was JC Penney. We were brought i n t o a room with ton next t o it where you could change your virus
two computers. He sat down and started t o fill database and it let me view t h e hard drive as well
out his application and I,being the curious one I as the networked drives. Iopened a notepad file
am, snooped around. just so Icould see t x t files easier i n t h e browser.
The application itself was an html file t h a t Iwas snooping around when Icame upon a folder
was being shown i n IE i n fullscreen mode. Con- i n t h e C drive called apps.
trol-alt-delete did no good so Icontrol escaped The text files i n this folder were titled by a
, and it brought up the taskbar with the start but- nine digit number. Iopened o n e o f t h e text files
\Xpt-ing so05 page 1 3 1
\
/and it was Amie Laster's application. Formatted BestBuy:
i n this way: On their employee PCs near the CDs, control A
I I
ssn-ssns-snn Amie Laster 0000101010101 and Z three times brings up the employee toolkit
(this varies by store but it's a combination of con-
~010110101011
trol, alt, or shift with two keys on the keyboard),
The others were exactly like this so anyone which you need a login t o use. On the demo PCs
could just sit down here, access everyone's appli- you can either double click the numbers on the
cations, and pretty much exploit the person using right hand side or press control M t o minimize the
this data. Isent an anonymous letter t o the dis- advertisement so you can access the drive. Their
trict office. I'm not sure if it's been fixed or not laptops usually have Internet access due t o a wifi
connection i n the store.
but I thought that people who are entering i n
Circuit City:
critical information on a computer need t o know Their PCs are open and have a connection t o
where it is going and who has access t o it. the net. The world is yours.
Other places you might find interesting: Shoutz: z3r0, shady, lucas, mayo, and josh.
;4 4.-:
. .
7
7
, , I
't
,
.'L
d
, , C.P--'
by Chess ' < E T A N&%RBOT~" CONTENT=,~NOINDEX,
"Just when I thought that I was out they pull , b ~ o ~ ~ ~ ~ ~ " >
me back in!" Learn t o stay out of Google. AlternaYively, you can allow every search en-
Most people are dying t o get their sites listed gine except for Google t o index Your Page. Just
i n Google. But what if you want your site out of add this tag:
Google's listings? Maybe you want t o keep your <META NAME= "GOOGLEBOT" C O N T E N T = " N O I N D E X ,
site private, or you don't want a bunch of creeps b N O F O L L O W r ' >
surfing t o your page trying t o find animal porn. This next tag will remove t h e "snippets" from
Maybe you just hate Google, are paranoid, or the Google results it returns. Snippets are the de-
have some copyrighted material on your page scriptive text underneath t h e URL when you p u l l
that you need out o f Google's cache today. What- up a list of Google results. It has your search
ever the case, it's actually pretty easy t o get out terms bolded within the snippet t o show you
of Google and start t o bask i n relative anonymity. what context your terms are being used in.
Because once you're out, then your page is off <META NAME= "GOOGLEBOT" C O N T E N T = " N O S N I P
the Internet for a l l intents and purposes. Having b P E T " >
your page delisted i n Google is almost Like having If you want your page t o b e listed i n Google
1 your page password protected where the pass- but don't want them t o store a n archive of your
word i s your URL! (In this article, I alternate be- page, then add only this next t a g t o your header:
tween keeping Google's bots out of your page and CMETA NAME="ROBOTS" CONTENT="NOARCHIVE"~
keeping a l l search engine bots (there are other This i s handy if you have a page t h a t changes
search engines now?) out. I'm assuming that if frequently, i s time critical, or ifyou don't want
you want out of Google you want out o f them all. searchers t o be able t o see y o u r old pages. For
I f you really only want out of Google then use example, if you're a professor posting test solu-
"Googlebot" instead o f "Robots" i n the following tions or something similar you'd definitely want
examples.) t o remove Google's cache if y o u plan on reusing
The first thing you want t o do is add some the test.
meta tags t o your index.html. I f you want Google After you add a l l the meta t a g s you want, you
- and every other engine - t o ignore your entire may be finished. But if you're t r y i n g t o keep bots
site during i t s spidering of the web, add this out of your entire site permanently, the next
meta tag t o your header: thing t o do is create a robots.txt f i l e i n your
S p r i n g 2005 page 23'
/I;ebsite1s root directory. Pull up Notepad and Special thanks t o Google's Listing ~ e m o v a i
type i n the following two lines: Resource which i s at: http://www.google.com.gr/
User-agent: * &remove. html
Disallow: / The above page can also help you if you want
Save this file as robots.txt and f t p it t o your t o remove images from Google's image search en-
site's root directory. This will t e l l the Googlebot gine. Especially handy if you don't want people t o
be able t o link your name t o your face or find
and actually a l l other search engines not t o
your wedding photos. You can learn more about
bother looking at your page and t o spider some-
robots.txt files and what they can do here:
where else. Obviously, if you create this file then http://www.robotstxt.org/wc/norobots.html
you don't need the meta tags but if you're extra Of course, it may simply be easier t o password
paranoid then you should use both methods Like I protect your page if you don't want people seeing
did. what's inside. But sometimes that's not feasible
After you've done a l l that, go and sign up for because of the inconvenience it may pose t o your
a Google account a t http://services.google audience. Besides, Google can index password-
~.com/urlconsole/controller protected pages according t o Google's corporate
This page is for people who urgently want information page. Not only that, but anything
their URLs removed from the index. Even then it that is simply sharing space on your server is fair
will take up t o 24 hours. But if you'd rather wait game t o the Googlebot like Excel or Word files.
six t o eight weeks, be my guest. After you create Even SSL pages can be indexed. The above meth-
an account, Google w i l l email you a link where ods willserve t o hide your page by practically dis-
connecting it from the web. Once Iwas out Itried
you enter the URL of your robots.txt file you just
t o Google for my name and page and sure enough
uploaded and then Google sends their bot over t o
it was gone. It was like the page didn't exist and
your site right away t o read it. With any luck, it gave me such a nice warm fuzzy feeling inside.
you're out of the index i n a day or two. Iwas out One disclaimer though: if you were using
i n less than 12 hours. I f you want t o get back in, Google as your in-house search engine solution
just remove a l l the meta tags and the robots.txt t o help your users find information on your page
file. As Long as someone is linking t o you some- it will no longer work once you've been delisted.
where you'll be listed again after Google's next Have fun!
web crawl. Shoutouts to the Boneware Crew.
H P Printers:
by DarKry HP did build i n password protection, but it is dis-
darkry@gmail.com abled by default and i n fact, i n a l l my exploring I
Iwas recently reading a book of fictitious sce- didn't find a single printer that had a password
narios i n which a hacker gains access t o a net- set. Many of these printers also have an f t p
work through a printer. The book cited a t o o l server enabled by default, and again the pass-
called Hijetter available a t phenoelit.de. Hijetter words are a joke. Different models have different
i s a t o o l for windows which uses HP's PJL protocol default passwords and t o list them here would be
t o connect t o and perform simple tasks on cer- pointless (use google). I n case the implications
tain printers. Curiosity got the best of me so I aren't obvious t o everyone yet let's review. These
started doing a little research into what exactly printers have web and f t p servers running out of
these printers are capable of. First let's look at the box. With a beefy 8mb of flash memory stor-
some of the features built into these printers; age a printer suddenly becomes an attractive
many ship with built-in web servers which allow place t o anonymously store a l l sorts of fun
for remote administration. These servers allow a things. But this i s only the tip of the iceberg.
remote administrator t o see the status of the First let's look at how t o find printers. As an
printer, view recent print jobs, and change envi- administrator is setting up a network he is wor-
ronment variables. It i s worth mentioning that ried about a l o t of things. Keeping the bad guys
\
'out i s top priority. After configuring a firewall t o that Iwas finding. Ikept seeing references t o
only allow the right people access t o the right something called Chai Java. This got me inter-
ports the rules can start t o look like a giant game ested again. Could it be t h a t some o f these print-
of Blinko. It i s understandable that blocking the ers actually had a java virtual machine built i n t o
printer spooling port from outside access may them? That would mean t h a t a n y code Iwrote
not have crossed the admin's mind. I n f a d there could be run from a printer, b u t more importantly
are valid reasons t o allow this, for instance, t o a printer inside a target network. After playing
allow employees t o print from home. All ports around a b i t more Ifound that, yes, this really
aside, a printer definitely doesn't appear t o be a was possible. From the web server on these print-
threat. After all, what damage can a printer do? ers you can upload code t o be r u n on t h e printer.
Fire up nmap and run a scan on your corporate Chai Java is still i n i t s infancy b u t already it i s
network for machines with port 9100 open. Once possible t o run a l l sorts o f interesting things.
you have a list, t r y surfing t o each address. Most importantly, an important step has been re-
Chances are most of them will have a web server. moved. The most difficult step i n breaking i n t o a
Those who are interested i n getting their hands network has always been f i n d i n g a way past the
dirty can get a library for PJL communication, firewalls. Suddenly instead of searching for a vul-
also from the folks at Phenoelit. nerable machine, an intruder can simply connect
Now so far this has been a relatively benign t o a printer's web site and upload a proxy. As far
hack. We have accessed a printer and the most as security goes it's as bad as having internal net-
damage we can do i s lock it with an error or print work jacks on the outside wall o f your corporate
"Insert Coin" on the LCD display. Iwas starting t o headquarters.
get bored with a l l this and about t o move on t o Shouts of course go out t o DarkLordZim,
bigger and better things when Inoticed some- Brutallnquisition, Razorwire, a n d the rest o f the
thing strange about some of the newer printers crew on mediamonks.
I I
My current leader, made o f a modified surplus
reader which is only capable o f reading the three
standard tracks.
Examples
Below are some examples o f a few (hopefully)
less common cards so as t o get a n idea o f the sort
of data you're likely t o find.
Park Inn (Berlin-Alexanderplat z ) Door
Key Cards
Room: 2006
Checkout Date: 12/30/2004
Card 1
Track 2 Data:
5101152006010912130124000120000000000
Card 2
Track 2 Data:
5101152006020912130124000120000000000
Room: 2005
Checkout Date: 12/30/2004
Card 1
Track 2 Data:
5101152005010160230124000120000000000
Card 2
My original reader. With this reader Iwould Track 2 Data:
use a ruler as a track guide. This way I could not 5101152005020160230124000120000000000
only read the three standard tracks, but also data SEPTA Monthly Transpass Cards
on non-standard cards, some o f which have Month: NovemBer 2004
tracks i n odd positions such as through the Serial: 001467
middle of the card. Track 2 Data:
I
' #define DISABLE-VC '
I I* disable velocity correction if defined *I
#define AUTO-Tunes 30 I* pct of highest value to set silence-thres to *I
#define BUF-SIZE 1024 I* buffer size * I
#define END-LENGTE 200 I* msec of silence to determine end of sample *I
#define FREQ-THE5 60 I
' frequency threshold (pct) ' I
#define MRX-TERM 60 I* sec before termination of print-max-level0 *I
Xdefine VERSION "0.6" I* version * I
ptr = malloc(aize);
if (ptr == NULL) {
fprintf(stderr, ''Out of memory.\n");
exit(EXIT_FAILURE);
)
return ptr;
1
I* reallocate memory with out of memory checking
[ptrl memory to reallocate
[size] allocate size bytes
returns pointer to reallocated memory *I
v a ~ d.xrealloc(vaid 'ptr, size-t sire)
I
void *nptr;
char +ptr;
return ptr;
>
I* read with error checking
[fdl file descriptor to read from
[bufl buffer
[count1 byte8 to read
returns bytes read *I
ssize-t xreadqint fd, void .buf, size-t count)
I
int retval;
I* prints version
[stream] output stream *I
void print-version(F1LE retream)
1
-
fprintflstream, "dab Decade Aiken Biphase\n");
fprintf(stream, "Version % ~ \ n "VERSION);
,
Continued o n page 41
<Spring 2005 Page 3J1
Research Results phone calls on thc oid phone.
But then one night by accident while playing Tetris
Dear 2600: on my old phone, Iconnected t o t h e Get It Now network.
This is t o comment on Lori and t3st-s3t's submitted Iwas able to download any game, program, ringtone, or
observations i n 21:3 about t h e "weird" number that gives picture free ofcharge!I have n o t added money t o the old
off a list o f digits and tones and then reroutes t o a busy phone i n two months and Ican still connect t o Get It
signal. The numbers were 1-800-506-3553 and 1-800- Now and download anything, and Iam never billed for it.
789-6324. Imyself had an encounter with one of these This must be some glitch on Verizon's prepaid phones.
numbers. Iwas scanning for extenders and came across Also, Ibought a US5 cable that connects my old
1-800-877-6533. Iwas able t o have it produce 900 16 7 phone t o my computer. Even though Ican't make or re-
115030974. Icalled the number on February 21, 2004 a t ceive any normal "voice" calls, Ican still use my old cell
1:00 P.M. Icalled it again numerous times within the phone as a modem for my computer. Ican use Windows
course of the hour and it punched off 900 3 7 11 HyperTerminal t o call other modems or fax machines, or
5030974 and then 1, and then 4. So pretty much its out- Ican call some o f those free Internet providers like Net
line is 900 X(X) 7 11 5030974. I n 21:3 t3st-s3t marked Zero t o connect t o the net from my Laptop when I'm not
the outline as 200 (XX) 7113267347. Upon further notice a t home or when my cable modem goes out. I'm not sure
you can see that the only similarities i n these outlines i s why Verizon is still allowing me t o make data calls from
(XX) 7 11. Potentially the 900 and 200 could be state or my old phone without billing me for them. And Idon't
area assignments and the 5030974 and 3267347 could understand why Ican make data calls b u t not voice calls.
be trunk pairs? Once I documented these numbers I Have you heard o f anything like this?
signed onto the irc.2600.net sewer and chatted with a And ifVerizon finally realizes how much stuff Igot
few friends. We believe that it could potentially notify from Get It Now and a l l of the data calls Imade, do you
t h e caller of their trunk pair's number. think they would be allowed t o b i l l me for them? Would I
Also, i f anyone knows anything about AT&T1s Easy be responsible for paying for t h e subscription charges
Reach 800 service I'd like t o know. Icalled up an 800 and t h e data calls Imade? Imeans it's their fault, not
number and was prompted for a password. Iwas thinking mine. Idid not sign or agree t o any contracts or any-
it was an extender because it only requested a two digit thing. It was a prepaid service.
login. Ieventually located it, but Iwill not disclose it for Dyslexic-Hippie
the client's sake. Ilearned it's a toll-free service t o reach I f y o u didn't sign anything, then it's likely that Veri-
someone remotely, but I'm assuming that there are other zon doesn't even know who you are. And even if they did,
capabilities. they would have to somehow prove that you still had
The Neuralogist your phone and were still using a service that you techni-
I n our latest experiments on the "weird" numbers we cally no longer had. And after that, it would still be their
were genitg a suffix o f 4086584 with prefixes o f 897, responsibility to terminate prepaid service, n o t yours.
898, 903, and 914 on the 3553 number. For the 6324 But we really doubt this little bug will last much longer
number we g o t a suffix o f 3267347 with prefixes ranging anyway.
from 215 to 228. As always, 711 was sandwiched be- Dear 2600:
tween the prefix and suffix. A l l o f this was identical to Recently, whilst shopping i n an Albertsons store here
what we g o t i n the fall. i n Texas, I came across one t h a t had a Blue Screen of
What AT&T Easy Reach offers is basically a toll-free Death. Iwent by t o check on it over the next week. From
number that consumers forward to their homes, offices, what Icould tell, it runs on Windows 2000 using a piece
o r cell phones. One o f the features which supposedly of software by NCR. Options i n the menu included look-
makes it harder for outsiders to call them is the imple- i n g at the amount of cash i n t h e machine and testing it
mentation o f a PIN which, as you mentioned, is a grand out. It Let me quit the program as well via the touch
total o f two digits. We wouldn't call it the ultimate way to screen. Ididn't get much more of a chance t o work with it
keep people out. as Ididn't have much time. But Iwould appreciate any-
one who could give more information.
Dear 2600:
The Grand Master of Confusion
For t h e last ten months Iwas using a prepaid cell
phone through Verizon Wireless. (Verizon's prepaid ser- Dear 2600:
vice sucks!) Anyway, Ifinally got a new cell phone and I'm really nothing o f a hacker. But Ido occasionally
plan. But Istill had a l o t o f games and ring tones on the enjoy tinkering around with computers and electronics t o
old phone that Icouldn't add t o my new phone. (Both see what happens. Igot a great opportunity t o do this a
are Verizon phones.) few months back. Iwas a t a bar with some close friends,
Iused Verizon's Get It Now t o get the games, apps, which is why Imay not be too accurate with some of the
and tones. This s e ~ c is e kind of cool but is a waste of details. We were sitting by one o f those newer Golden Tee
money most of the time. When my prepaid account ran games (perhaps the 2004/2005 version, I'm not sure). I
( o u t o f funds, Icould no longer make or receive any had noticed that midnight had come and gone and be-
6 r e long saw that the game was no longer on the Attract sultants out there with a proven track record winning \
mode that it had been on all night. Instead, it was on a jackpots for schools so that they (the schools) can afford
debug type menu. textbooks and course materials. I've interviewed a couple
For the life of me Ican't figure out why it went into of consultants and have reviewed t h e i r game tickets and
this mode. It wasn't any special day, not the first or mid- modus operandi. It's not surprising t h a t these consul-
dle or Last of the month. It didn't seem like it was around tants are often engineers who enjoy t h e study of num-
any specific time, maybe 12:30 centraltime. bers and their behaviors.
You could move around using some of the various Playing the lottery can be a good thing if done i n
buttons, or even up and down with the rollerball. Ifig- moderation and if the player has a n understanding of
ured out which button was the Enter key and Iwas on my the dynamics/challenge involved. And if one paper plays,
way. Ihad t o be careful not t o get out of the debug be- like people do i n commodities t o learn t h e a r t of trading,
fore Iwas done seeing all that was going on i n there. it doesn't have t o cost anything. You can always wager
From the looks of it, I could have changed the message real money when the jackpots are b u i l t up, on average,
displayed on the overhead scrolling LED, but Idoubt any- every two t o three months. Additionally, different lottery
one would've noticed. ( I hate when good comedy goes games offer better odds. Ultimately, choosing a game
unnoticed!) There was a surprisingly Large amount of with some forethought makes prudent sense.
menus, but for a game that has t o connect t o the Inter- We also need t o keep i n mind t h a t our involvement i n
net somehow Iguess this made sense. Iended the ses- games teaches us obscure skills f o r complex problem
sion after Iturned the volume up a b i t (it wasn't that solving!
Loud i n the bar but it was basically muted) and found a Ienjoy your magazine. It's helped me with creative-
way t o turn on free play. Iwas amazed that it worked but divergent thinking.
sure enough, once Iexited a l l 1 had t o do was keep push- Ruth (QuanturnResearcher)
ing the add player button t o get the credits high enough Lottery consultants winning jackpots so schools can
so that my three friends and Icould enjoy a full 18 holes. buy textbooks? What a bizarre concept.
Which we didn't - the place closed down before we could.
Dear 2600:
At a different bar, Ilooked around t o see if there was For several issues now people have created rather
perhaps some button or reset switch or any button com- convoluted ways of getting their I n t e r n e t I P address
bination that would take you into the debug menu, but when it changes due t o having a dynamic address. Up-
t o no avail. Iwould have loved t o have spent some more dating a website or having the address emailed t o them
time looking about i n there, but a t the first bar the game is reinventing the wheelwhen dynamic DNS services exist
was pretty much i n plain sight and Ididn't want a sus- Like that on dyndns.org. This site gives you a domain
pecting waitress t o kick me out for "breaking" their name for free from many they have available like
game. mine.nu. So your address would be s0mename.mine.n~.
CatWithTheGatt On your box you run a daemon which updates your Inter-
Based on what you told us, it seems as if the bar net IP a t dyndns whenever it changes. There are free pro-
closed a t around 1 am. I f somehow they had set this grams t o do this or ones that cost money. Now when you
thing to go into debug mode a half hour after the bar need t o access your computer/server from t h e Internet,
closed, it would make a degree o f sense. Then, if they just use your domain name (s0mename.mine.n~) and it
didn't reset the system clock once Daylight Savings Time will always point t o your dynamic IP. http://www.dyndns
ended, debug mode would be entered an hour earlier -.org/services/dyndns/
while the bar was still open. All o f this is assuming that chuck
this is how the system works and that someone didn't p u t
it into that mode manually. Dear 2600:
Iam actually able t o provide a b i t o f Light a t the end
Further Info of the tunnelfor students Laboring under restrictive poli-
cies and asinine rules about network security. Irecently
Dear 2600: found multiole vulnerabilities i n mv school's private net-
This is i n response t o the article "How To Hack The work, vulneiabilities that were m u i h more cdmplex than
Lottery" i n 21:3. It should be pointed out that although iust adminladmin loain combinations. While Idid duti-
the odds of winning the Lottery could be viewed as stag- ?ully report it t o the-IT department o f my school, they
gering, i n the mathematical sense, as the author points just asked i f Icould come i n and explain i t t o the network
out, the remarkable news is that the odds never ever re- administrator. Ifelt slightly nervous because if this guy
main constant! This is due primarily t o component toler- thought Ihad "hacked" the system, then Icould have
ances (high or low). Tolerance, therefore, imparts a been expelled/sued. Iwent i n and t h e people were sur-
"mechanistic effect" i n a drawing. For example, i f the Lot- prisingly friendly, not accusing me o f hacking or any
tery uses ping pong balls, the number one ball theoreti- other such stuff. They agreed t o patch t h e security holes
cally would be lighter than the number 16 ball. The and thanked me for my time. They d i d this even though I
number 48 ball may be heavier than the 16 ball. Even i f a could have potentially stolen admin access t o our net-
computer is used i n a drawing (no ping pong balls), com- work and consequentially SSNs from t h e students. This is
ponent tolerances would possibly still have an effect on especially dangerous because Igo t o a private school
the odds. which, while having a diversity of economic classes, also
There are also intervening factors (non-mathemati- has students who probably have i n excess o f several hun-
cal) which have a significant effect on lottery odds: dred thousand dollars i n their bank accounts.
Page 3 3 1
f
mended me for making the network secure. Hopefully ing t o this directory usually reveals quite a few
this will be a beacon of hope or something t o students executables (as well as a slew of temp files that aren't re-
everywhere. ally needed). Occasionally, spyware also lurks i n the
Steve c:\Documents and Settings\<user name>\Application
&Data\ folder as well, but it's a little more dangerous t o
Dear 2600:
start removing software from there as there might be
As one of the poor souls who happen t o work i n and
something you need.
around the airline industry i n these times Ican say that
The best way I've found to remove adware/spyware is
some of your points about the "selected" process is
t o install your spyware removal tools of choice (Spybot
wrong. You are right that if you see four S's on your
boarding pass that you have been selected for random Search and Destroy/Ad-Aware/CWShredder/Hijack This).
screening, but at the same time there are ways out of it Then, reboot i n Safe Mode, go t o the Add/Remove pro-
which I'llget into. You stated that people are targeted grams applet, and uninstall anything you find i n there
for the type of clothes they wear or what kind of hairstyle that you don't want. Then navigate t o the Local
they have. That is incorrect. Most of the time a person re- Settings\Temp folder Imentioned above and clean it
ceives the S's on their boardina Dass because thev buv a out. Then run your choice of spyware removal tools. Once
one-way ticket (most hijackers'have historical[; d i n e these are done, YOU may Want t o navigate t o the registry
this), paid cash (once again history backs this up), are t o check theRun that Patrick mentioned (HKw-
going t o a "hot spotMdestination, are (the worst one yet) ~C~rrent~USER\Software\Microsoft\Windows\Current
transfers from another airline, or somehow are on the -Version\Run).
government watch list. Good luck!
When you travel and see these S's on your ticket, Mogus
your ticketagent can remove them i n most cases. When
talking t o the ticket agent remember t o be polite and Dear 2600:
friendly. If you're not they can make your trip pretty bad. After writing the Article "Selfcheckout or ATM?" i n
If you are military traveling under orders you can easily 21:4 Idid a little more exploration with the NCR E-Series
get this removed by showing your I D and orders. I f you Selfcheckout systems. Ihave found that if you press the
happen t o share the name of someone on the watch list, help button before starting your order (or selecting a
contact your local FBI branch and they might be able t o language) it w i l l give you the choice of "Login" or "Call
get your name off the list. This does work as Ihave seen for Help." During this time you can put anything you
it done. want into the bagging area without alarm. Hitting the
While Idon't like all the rules set i n place Ido see a "Go Back" button will recalibrate the scale before the
need for some of them. When traveling remember that order is started.
the rules aren't meant t o restricttravel, just t o make sure Bob Krinkle
that it is done safely. As always, it's a bad idea to actually try and get away
Mouser-inc with physically stealing items. But learning where the
While the reasons you give are certainly used to jus- weaknesses are i n these machines is quite fascinating.
tify additional screening, people are also targeted be-
cause o f the way they look or act. The latter is most likely Questions
done by humans and the former by machines. But i n all
cases, it's pretty ineffecfive as anyone with an evil motive Dear 2600:
and halfa brain can easily alter any o f these parameters. One day Iwas messing around trying t o get netmeet-
Where the screening process is effeh've is i n getting the i n g t o work so an anxious friend could test his new mic. I
traveling public programmed to accept this kind o f treat- bypassed my router and connected directly t o my com-
ment since it's allegedly being done to keep them safe. puter's NIC. Inoticed that for the first time i n ages my
WAN IP address had changed. Curious like most, Ire-
Dear 2600: booted the modem t o see i f it changed again. It didn't.
Servus Casandro asked about writing an article on So Iconnected back t o my router, rebooted the modem
satellite television outside the U.S. There is already free- and voila, there was the old IP address again. Ihad noth-
to-air information published. Anyone with an IRD digital ing better t o do so Icloned the MAC from another NIC
down converter, a satellite dish, and an understanding and it got a new, different IP address. Each MAC Ien-
of how t o peak an antenna on a satellite with the appro- tered into the router's WAN side, fictitious or real, re-
priate LNA/LNB should look at http://www.global- tained a unique IP address that it pulled back after
cm.net/mpegZcentral.html. numerous MAC changes and reboots.
haydenlh
I s this normal?
Dear 2600: llx
Patrick Madigan's article i n 21:4 regarding the re- Yes, this is normal. DHCPservers assign I P addresses
moval of Ad-ware using various tools was fantastic. How- based on the MAC (physical) address requesting it. I f y o u
ever, as a sysadmin who's run into his fair share of users change your MAC address, the DHCP server will assign
who click "yes" t o just about anything under the sun, you a different I P address. Change the MAC address back
there's one thing I'd like t o add. Most spyware/adware and you'll be assigned the original address, provided the
hangs out i n the Temp directory, under the Local Settings lease did not expire. Be careful, though. ISPs noticing
folder on a machine (a hidden folder i n c:\Documents this acfivity tend to get upset and may suspend your ac-
and Settings\<user name>\Local Settings\Temp\). Go- count, requesting an explanation o f this acvtityi. Most
,
ing into an infected computer i n Safe Mode and navigat- terms o f service allow only one I P address per account.
\
/Dear 2600: to a cell phone and i t was the cell phone that was for-
It ain't easy being green. I have noticed through the warded. Verizon Wireless Airfone allows Verizon Wireless
years how often you refer t o intelligent people as "hack- customers to forward their cell phones directly to their
ers." Whether or not we have coined the term, i t is still seats on airplanes and bill calls from t h e plane to their
spent describing us. I don't condemn popular culture for cell phones a t much lower prices t h a n non-Verizon cus-
its misuse of labels as a way t o better understand its sur- tomers. (We suspect there must be numerous cases o f
roundings. However, I do question the morality of a pub- people who forget to "unforward" t h e i r phones when
lication with such high standards as 2600 using the term they leave the aircraft. We're curious whether or not sub-
"hacker" so loosely. Perhaps promoting this label is a sequent passengers wind up gem'ng all kinds o f un-
misinterpretation of what intelligent people do in their wanted calls as a result.)
spare time. Please correct me if I am mistaken.
David Oliver Dear 2600:
We'd like some more specifics as to how we're using I am under the impression that current cell phones
the term loosely. Hackers are curious and inquisitive by are GPS enabled for "emergency" location by those who
nature and will spend an awfully long time trying to find w a n t t o locate them. I f this is true, can t h e GPS function
results. That holds true of people writing computer pro- and phone location be displayed on t h e user's handset?
grams, scanning for interesting phone numbers, decrypt- Sometimes I too would like t o know where I am.
ing algorithms, defeating security systems, and any DP
number of other am'vities. They are all bound together Most recent cell phones do have a GPS receiver (as-
by a quest for knowledge andaren't inclusive or exclusive sisted GPS, to be more specific) contained within and are
of any pam'cular age group, sex, race, nationality, etc. usually clearly marked as having such a device. They are
Technology isnY even a requirement for the development as a rule only acfivated when using t h e E911 sem'ce and
o f a hacker mindset. But people who have no interest in are not continually receiving coordinates when an emer-
the actual learning process and are focused instead on gency call is not in progress. However, there is generally
stealing, intimidation, bragging, privacy invasion, and an admin/debug menu which allows f o r testing o f the de-
other such ends really aren't hackers in our opinion. The vice and therefore displaying your coordinates. The
mass media may disagree since they consider anyone method varies greatly based on the rnake/model ofyour
who touches a computer and then does something bad to cell phone, but there are often instructions to do this
be a hacker. That seems to be the epitome o f a "loose" posted online.
definition. Of course, it's also possible for someone t o
Dear 2600:
have a hacker mindset and then use that ability for evil
When I send you guys articles w i l l you edit them? I
purposes. But when they make that transition, they
mean, I spend more time editing t h e m than I do writing
pretty clearly leave the hacker world behind.
them. Would you be ever so kind as t o do that for me, or
Dear 2600: is that my job?
I was wondering if I could be able t o officially link t o William
your website from mine. My website is still in its beta All articles are edited for clarity and various other
form but is going t o be a computer related site. things. It's yourjob t o make your article as literate, fac-
Batman 24 tual, and interesting as possible. It's a lot less likely to
We don't know what you mean by "officially" but even be considered i f it's painful t o read.
regardless, no permission is necessary for you t o link
to anyone else on the net. Don't let anyone tell you Dear 2600:
otherwise. I am a former employee of a company that I want t o
write an article about. One thing I am worried about
Dear 2600: though is having them discover who wrote i t . What kind
I recently took a temp job and my employer gave me of protections do you offer for those who submit arti-
one of his cards so I would have his cell phone number. cles? Do you ever reveal where an article came from?
On this card were several phone numbers for the com- Dave
pany. One of the numbers was supposed t o be a toll-free We have never revealed the author o f an article to
number t o contact someone about bids/quotes. Instead, any authority or outraged corporation. However, people
when I dialed a computerized voice said "Welcome t o Ver- have been tracked down because o f t h e byline they used.
izon Wireless Airfone, your connection t o the skies. We So be very careful what you select a s your byline i f you
are now connecting you t o the aircraft." I did not stay on want to stay anonymous. Be aware t h a t sometimes your
the line long enough t o see if I would actually be con- username (not your full email address) may wind up be-
nected t o an airplane as I was trying t o sort out an issue coming your byline i f there's no other name given and no
regarding my pay check. Would this have been a toll-free request for anonymity. Be sure t o make any such re-
call and if I had stayed on the line would I have been quests in the same submission as separating them will
connected t o someone on an airplane? increase the odds that the wrong byline will be used. You
Jason should also be careful where you make submissions from.
It would certainly appear as if you were about t o be I f y o u want t o make a submission concerning a particular
connected to someone on an airplane. You will undoubt- company, it's not a good idea to use their mail servers t o
edly regret not embarking on this adventure for the rest send i t from. Also, be aware that using encryption won't
o f your life. As to how this happened, we suspect your necessarily help you in such a case a s the fact that you
company simply forwarded the toll-free number to follow sent email t o am'cles@2600.com will still be registered
whoever usually answered i t while they were traveling. (this incidentally is the only email address that accepts
( I t ' s also possible that this toll-free number always goes am'cles). An anonymous remailer would fix that but
page 35 1
/might raise other flags within the organization. We gen- login, the student would use his/her "NC Wise" numbe?
erally prefer cleartext ASCII from an address that you will (student ID number) as both their username and their
be reachable a t for some time. Many encryption attempts password. I n Wake County, a l l the students' NC Wise
wind up using incompatible keys o r versions and we very numbers start with 20, and then there are four random
quickly lose patience when there's a huge pile o f articles digits after 20, like 201234 or something. Therefore any-
to go through. one could enter 20, four random digits, and then get ac-
cess t o that student's grades and personalinformation. I
Dear 2600: tried a few myself and even accessed a teacher's account!
My friend has a sister who i s paranoid. She installed If Ihad wanted to, I could have changed a l l of his class's
a spyware program called " I Am Big Brother." He wants t o assignments, not t o mention his own password so that
get rid of it because it logs everything he does. Does he could not login. I j u s t wanted t o warn the community
anyone know any vulnerabilities? Iam going t o get rid of about Blackboard which is used i n schools nationally.
it myself at our school and he thinks it would be a good Students who use this and have the same login require-
idea. ments as Wake County does should change their pass-
Black-Angel words for better security.
We've been running a number o f am'cles about de- Public Display
tem'ng and removing spyware. There are different meth- I n a system as badly designed as this, one really has
ods for different programs. We're certain this one can be an obligation to demonstrate these monumental flaws.
defeated as well. We can only hope that the irony o f a The irony is that anyone doing this would be blamed for
sister running a program called "IAm Big Brother" and the privacy invasion rather than those who designed this
creating paranoia to address her own isn't lost on any- travesty. We hope this opens some eyes and we invite
one. Incidentally, the program can be found a t anyone else living with such poor security to l e t us know.
http://www.iambigbrother.org/.
Dear 2600:
Appeals There i s a State of CaGfornia website t h a t lets you
submit a license plate or VIN number t o show the smog
Dear 2600: certifications for that vehicle. When you enter a VIN or
There i s a neo Nazi site currently distributing tens o f plate it shows both the VIN and plate for that vehicle. It
thousands of hate music filled CDs. Please let the 2600 makes it easy for car thieves t o stamp out fake VIN tags
network know. I hope t h a t someone w i l l choose t o t r y t o match the plate. The site is a t http://www.smogcheck.
and shut down this site. Iknow it's against many hackers' sca.gov/vehtests/pubtstqry.aspx.
ethics to wreck people's sites, but I hope that someone gmitch
will make an exception i n this case. We have t o stop Why such information is available t o the world is
these kinds of evil people! Please use t h e power of your beyond us. But it enabled us to learn that there used to
group to rid the world of an outlet for f i l t h and hatred. be a 1989 Buick Century out there with a "2600" plate
Ionly know about 2600from online wanderings back that has since changed to a more normal plate, possibly
i n high school. I have no computer skills or hacker due to a sale. By what twisted logicshould anyone i n the
friends. You guys were the only thing Icould think of t o world be able to have access to this information plus a
stop this. Please help! whole l o t more?
DB
Think about what happens when someone tries this Appreciations
tactic on us. We wind up getting more support than ever
before from people and places we never would have been Dear 2600:
i n touch with ordinarily. By attempting this on others, I want t o thank you with a l l my heart for your steady
you're opening up the same type o f support for them. I n voice against war. I f TAP was s t i l l publishing, I believe
other words, you'll be making them stronger. You should they might be holding strong as well. But so many others
have the ability to counter hate speech with words and have caved. Disheartening t o say the least.
logic, rather than resorting to desperate measures. You Ijoined the army right when Operation Sundevil be-
need to be attacking the cause o f the problem, n o t j u s t gan (probably beating politicalimprisonment by t h e skin
the symptoms. The assumption that shum'ng down sites of my teeth) and I've always known how many from your
is what hackers are all about simply strengthens the in- readership are conservative libertarians. So it takes guts
accurate mass media perception o f us. Any idiot can use for you t o speak out.
brute force to try and shut someone up. Let's hope that Thanks for being you.
we're all a few steps above that. marco (aka prime anarchist)
You're welcome. But we doubt we've cornered the
Utter Stupidity market on opposing the senseless waste o f human life.
There are many "conservative libertarians" speaking out
Dear 2600: as well.
Iam a high school student i n Raleigh, NC. My high
school belongs t o the Wake County Public School System Dear 2600:
and they use Blackboard for online teacher-student rela- Ijust wanted t o write t o say that I picked up my first
tions. On Blackboard a student can login and access their copy o f 2600a few days ago and read it over. For the last
grades for certain classes, read announcements from two years Ihave developed a love for computers and
their teachers, and turn i n assignments electronically. I have wanted t o know everything I could possibly learn
was introduced to this system i n my Programming I1 class about them. I don't know much but I know more than
\ a n d Ithought it was kind o f strange that i n order t o most around me. I owe part of that t o people like the
\
saying a friend bought it. He proceeded t o ask me i f I
knew what the magazine was, what 2600stood for, and a
host of other questions. Immediately I felt bad for lying.
He seemed t o be genuinely excited a n d knowledgeable.
Robbie Brewer Inever caught his name, though h e did mumble his
alleged former phreaker handle. He went on t o talk
Dear 2600: about Cap'n Crunch, blue boxing, red boxing, trunk dial-
Ijust wanted t o let you guys know that Ilove the ing, the meetings a t Union Station here i n Los Angeles,
magazine. Ilove it so much Ijust might name my first how he may have single-handedly driven Sprint t o switch
born "Twenty Six Hundred." I'm saving for the "all back from five digit authorization codes t o seven t o 14, and
issues and lifetime subscription" deal. Question: How how he never bothered t o learn computers because he
long will those "special prices" last? was afraid he'd be a danger t o society and himself. I
Rob Hundred almost wish Icould have ridden t h e rest o f t h e way with
The prices go up occasionally as more back issues be- him, but my stop came before his a n d Iwished him a
come part o f the package. But we'll always try to have good day.
good deals for people o n our Internet store Of course, part o f me is skeptical. Though he was
(store.2WO.com). We suggest buying them before your quite convincing, Ican't help but wonder if he truly was
first born grows up and kills you for giving him/her that a part of the phreaking scene. And if h e did f a l l through
name. the cracks, how? And why? Maybe w e ' l l cross paths an-
I Security Issue
other day, and Ican treat him t o lunch and hear his sto-
ries. Or maybe someone reading this knows exactly who
I'm talking about. Either way, it definitely made for an
Dear 2600: interesting morning and Ithought I'd share it with you.
Entering my third decade of paranoia Idid some web aaron
searches through google t o find out how "far outthere" I Yet another instance o f our shirts bringing people
am. Not using complicated google hacks or anything like together.
that I simply used my paranoia and hatred of "big
brother" t o aid me. A few years ago Irealized that every- Dear 2600:
one will be arrested, jailed, or ticketed for the most mi- Six year reader, first time writer. I have a confession
nor offenses but the paper trail has made its way online. t o make t o you guys: I'm addicted t o free Internet. I've
Just about every police department, jail, or correctional been accessing my neighbor's wireless high speed Inter-
facility has a website and often posts the offenders on- net connection for about a year now. It started off small
line including name, age, phone, and (gasp) Social Secu- a t first, just an HP Pavilion laptop w i t h a Linksys wifi
rity numbers so i f you were t o dive into these records you card. Iwould only connect t o the network when Iwas ex-
could trace someone back as far as the early 90s and pecting an important email and t h e like. But then I
have more than enough evidence t o steal their identi- started connecting all the time and staying connected. It
ties. got worse. When the signal wasn't strong enough and
Brian wouldn't connect me, Iwould get t h e high speed with-
I f it wasn't so sad it would be funny that these orga- drawals. Ihave since gotten greedier and now have a
nizations are giving such ammunition to future potential network of two PCs, two printers, a range expander, said
criminals. This seems to be y e t another way that prison- laptop, and Ieven have plans t o b u i l d t h e "Cantenna"
ers are being punished above and beyond their actual (www.oreillynet.com/lpt/wk~/448), a l l running wire-
sentences. lessly and connected t o my neighbor's Internet. The
I Experiences
paradox is this: Iwould never have learned all the things
Idid t o set up this pirated network if t h e y had simply se-
cured their router properly. It's n o t m y fault that when
Dear 2600: installing their connection, they j u s t clicked "Next" 15
I've worn my 2600 shirt on many occasions, not t o times, is i t ? I've never actually damaged anything on
show off but t o support the magazine and the informa- their end and I have no intention o f doing so (even
tion it disseminates. As a NOC monkey on Telco Alley i n though they had logs disabled, so t h e y wouldn't know
downtown LA, Ifind public transportation the best way what went wrong anyway). Just a random thought Ihad
t o get t o and from work and, while the thought of being today. Thanks for listening. Keep up t h e great work guys.
accosted for having a shirt with the word "Hacker" on it Mi key B
has crossed my mind, I've never cared enough not t o
wear it on my way t o work. Observations
This morning, halfway t o work, an uncannily friendly
vagrant hoped on the bus. His glasses missing a Lens, Dear 2600:
hair disheveled, and his suitcase covered i n layers of dis- While Iwas visiting a well-respected drive-cloning
carded plastic, he carried his three string guitar i n one company's website, Inoticed an interesting ad. The ad
hand and wheeled the suitcase i n another, excusing him- flashed an image of a young girl and t h e n commented on
self and politely notifying people t o watch their toes. His how they were fighting child exploitation. Another pic-
demeanor struck me as odd, only because I've spent the ture of a building blowing up and a comment that they
past three years of my life being hardened by literally in- were fighting terrorism. The next picture was of a cop
sane vagrants riding the bus. holding weed arid the note that drug use is a t an all time
Suddenly, while gazing out the window I hear a high. The last frame was the one t h a t intrigued me. The
("2600! Oooooh! I s that your shirt?!" Instinctively Ilied, caption read "Hackers cost the world economy billions"
/and the image was of a computer screen with the 2600 "Leet words can be expressed in hundreds of ways us?
website loaded. I was surprised t o see that as I am an ing different substitutions and combinations, but once
avid fan of 2600 and know that you don't promote the one understands that nearly all characters are formed as
malicious use of information. Keep up the good work, phonemes and symbols, leetspeek isn't difficult to trans-
guys! late. Also, because leet is not a formal or regional di-
k~ l e alect, any given word can be interpreted differently, so
Even more unbelievable than the existence o f this it's important to use discretion when evaluating terms.
site is the fact that you didn't tell us its name. Fortu- The following serves as a brief (and by no means defini-
nately, other readers shared this info. tive) introduction to leet through examples.
"Numbers are often used as letters. The term 'leet'
Dear 2600: could be written as '1337,' with '1' replacing the letter L,
I suspect you are aware of this but if not: 2600is fea- '3'posing as a backwards letter E, and '7' resembling the
tured as one of the evils in the ad at http://logicube.com letter T. Others include '8' replacing the letter B, '9' used
u/products/hd-duplication/md5.asp. as a G, '0' (zero) in lieu o f 0, and so on.
scotk "Rules of grammar are rarely obeyed. Some leet-
It's amazing to us that terrorism, child exploitation, speekers will capitalize every letter except for vowels
drug trafficking, and white collar crime are all repre- (LiKe THiS) and otherwise reject conventional English
sented with generic images but when i t comes to "cyber style and grammar, or drop vowels from words (such as
crime," they have no problem sticking our name up there converting v e y to 'vy7.
in lights. While most other organizations would contem- "Mistakes are often left uncorrected. Common typing
plate legal action, we'll simply issue a standard Level One misspellings (typos) such as 'teh' instead of the are left
electronicjihad. We mustn't disappoint after all. uncorrected or sometimes adopted to replace the correct
spelling.
Dear 2600: Leet words o f concern or indicating possible illegal
I was recently looking around on www.skinit.com for activity:
cell phone or PDA skins. I was looking at the skins for the 'warez' or 'w4r3z8:Illegally copied software available
Sidekick I1 and went through the whole purchase process for download.
without the intent of actually buying (probably because I 'h4x1: Read as 'hacks,' or what a malicious computer
don't even have a Sidekick). But there was one thing I hacker does.
noticed. When you buy a skin you choose the picture you 'prOn? An anagram o f porn,' possibly indicating the
want the skin to have and at the bottom of the window i t use of pornography.
has a space that shows the price (usually $0) and then i t 'sploitz' (short for exploits): Vulnerabilities in com-
charges you $9.95 for the skin itself. What I realized is puter software used by hackers.
that if you type "-9.95" in the price space i t will take that 'pwnc:A typo-deliberate version of own, a slang term
off the final order. This is a way t o get all the skins you often used to express superiority over others that can be
want for free (or at Least until one of the skinit employ- used maliciously, depending on the situation. This could
ees reads 2600). Maybe you can even make money off of also be spelled 'O\/\/n3d1 or 'pwn3d,'among other vari-
this! ations. Online video game bullies or 'griefers' often use
SystemDownfall this term."
Maybe you can even start a life of crime just by typ- Dear 2600:
ing in some numbers on a web page. This is an example This letter is for informational purposes only as I
of a really poorly designed interface, many of which exist don't have enough knowledge of the legahties t o say
on the net. Or i t could be a really well designed interface whether or not you could possibly get in trouble for it.
to compile a database of dishonest people. On that note, access rules may vary from campus t o cam-
pus.
Dear 2600:
I n this example I will use Michigan State University's
Check i t out ... M S teaches parents t o understand
network, due t o the fact that I have personal experience
their children's "133t speak" - http://www.microsoft.com with their network. But many college campuses are set
~/athome/security/children/kidtalk.mspx. up similarly.
Doda McCheesle When you first connect your computer t o the ether-
This is a must read for anyone who wants to laugh net ports on campus (anywhere around campus), you are
all night. We wonder i f future archaeologists will be prompted t o enter a username and password (provided
studying this language with the same attention given to by the school and tied t o your academic account). This is
ancient Greek. Some highlights: fine for most people. When you enter your name/pass
"While it's important to respect your children's pri- you will be linking your ethernet MAC address t o your ac-
vacy, understanding what your teenager's online slang count. You are allowed t o register multiple MAC ad-
means and how to decipher could be important in certain dresses, but the point is that they all tie t o your student
situations and as you help guide their online experience. account. To get around this ( I personally don't like hav-
While i t has many nicknames, information-age slang is ing my Internet behavior tied t o my student account),
commonly referred to as leetspeek, or leet for short. Leet get a used network card. On college campuses there are
(a vernacular form of 'elite7 is a specific type o f com- always people looking t o sell used computer equipment.
, puter slang where a user replaces regular letters with At MSU, we have an active student community with clas-
other keyboard characters to form words phonetically - sified ads. When purchasing a used ethernet card, there
EL00 flagazine J
(elling it. Pop that i n your machine, plug in, and you the Chapters, it was shown on my b i l l as "2600 Hacker
\
should be able t o stay away from easy tracking. Quart" which Ifound terribly interesting.
Like Isaid, many other universities use the same Freezing Cold 2600 Fan
MAC/account registration. Just something t o think
about. Dear 2600:
Impact Saw a letter i n t h e latest issue o f 2 6 0 0 t h a t this guy
can't get it a t Chapters i n Canada. Just s o you know, I get
Dear 2600: it there a l l the time, including this issue.
Check out the hacking/puzzle game on Terry
www.ninebows.com. There are nine steps and it seems That's a pretty neat trick.
like nobody can get past t h e second. Google it and you
can find some really long forum threads about it too. Responses
fv Dear 2600:
I t ' s a good way to lose your mind without having to
leave the house. Ienjoyed reading t h e mathematical analysis i n How
t o Hack the Lottery (21:3) but Iexpected more from
Dear 2600: 2600and was disappointed the author failed t o take i n t o
Not only i s Ikea a great store t o buy stuff, it's loaded account t h e human factors i n t h e equation.
with workstations t o lay their products out on. Although The author i s correct t h a t you c a n n o t fundamentally
Ididn't play too much, Iwas able t o connect t o t h e other change the odds but what you can do i s balance t h e risk
XP PCs on the network, go i n t o the C drive, change the t o reward ratio. The purpose o f a l o t t e r y syndicate i s n o t
screensaver (but Iput it back), and create and delete a t o increase your odds of winning b u t t o share both t h e
test text file on t h e desktop. risks and the rewards over t h e long run.
Iwas feeling a b i t paranoid so Ididn't bring up IE or He also says there i s no need t o s t a y away from pat-
write down the IPS but Ihave a feeling it would have terns as all numbers have an equal chance o f coming up.
been fun. During t h e rest of my visit i n the store Icould- While t h a t is true on one level there w i l l always be some
n't spot a single security camera. Imust go back and people playing t h e obvious patterns l i k e 1,2,3,4,5,6. Al-
play. though t h e odds are no difference if you did win you
Rifkey would have t o split t h e prize with many more people. I f
you want t o t r y and maximize your p o t e n t i a l winnings it
Dear 2600: helps t o pick a combination that i s n o t t o o likely t o col-
Istumbled on sort o f a "security through obscurity" lide with other people's choices. It i s a llabout balancing
type approach t o securing a SOHO router, such as a the risks against the rewards.
linksys. As you know, most SOHO routers have an inter- Having said all that, it i s worth remembering t h e
face which i s accessible through port 80 or http://ip-ad- quote: "The lottery is a tax on t h e mathematically
dress which is sometimes accessible publicly. To drive challenged."
away people attempting t o login t o your router (you ob- Alan Horkan
viously want t o change the default password), you can Dublin, I r e l a n d
also forward port 80 t o a machine that doesn't exist. The author o f the piece, Stankdawg, replies:
When they t r y t o login t o your router they w i l l be given "A 'lottery syndicate' is a term t h a t simply refers to
an error message that the host was not found. Just an people gem'ng together i n a group t o t r y t o increase
added layer o f protection. their chances o f winning b u t a t the risk o f having to
p4p3r t l g 3 r share the payout with the other members. I t is exactly
Dear 2600: what y o u describe, a risk-to-reward approach o f playing.
Iwas looking around at archive.org, and noticed that I absolutely touched on this in m y a r t i c l e i n the first
you can submit a URLand they will bring up archived ver- paragraph under the header 'Myths' since it is a very
sions o f the site. Ityped www.2600.com and found quite common theory.
a few older versions .... Iwas browsing one of t h e older T used a small example o f a 'syndicate' referring to
versions of your site and saw the link: "Mirror DeCSS." I office pools o f lottery players. Choosing 2 0 picks o u t o f
clicked on it and sure enough they have a l l of the mirrors almost 1 6 million is still pretty small, b u t b y increasing
still linked, even though you were forced t o take the syndicate y o u could continually increase your
them o f f of your page .... Ijust thought you might find chances o f winning right up to the p l a y every number'
theory. A t the same time, however, you are causing the
this interesting. Iwonder i f the MPAA is going t o sue
archive.org as well for archiving a page with "illegal amount o f winning to decrease due t o the shared win-
content." nings with each additional syndicate member. This is a
drlecter true statement. Some people who believe i n this
myth/theory think that they will win m o r e frequently due
Dear 2600: to the odds being better (keep i n m i n d t h a t they are still
Just wanted t o let the fans of 2600 know that Canada phenomenal) and even if they have t o share it, it will pay
is certainly still.selling t h e magazine. I n fact, i n South- o f f in the long run through repeated small wins o r one
ern Ontario Ihappened i n t o a Coles Bookstore (in Brant- b i g win.
ford) and Chapters (in Ancaster) and found copies i n "The problem here i s that it is j u s t as much o f a the-
both locations. So Isuspect the other stores that were ory as everything else. I t will take l o n g term analysis to
visited may have been sold out or had the copies hidden decide whether it does pay o f f i n t h e l o n g run. Without
away. I n both locations 2600 was displayed clearly i n the going i n t o the business viewpoint t h a t money that does-
( f r o n t row of magazines. When Ipurchased my copy from n't earn interest is actually losing m o r e money, I will
Page 34'
/;imply point a t the facts. Do a search for 'lottery s y n d t i n 21:4. I'm an Australian too, so Inormally write the\
cate wins lottery' and you will n o t find any large syndi- date dd-mm-yyyy. WhiteHat seemed t o think that this
cates winning any Large amounts o f money with any was another logical suggestion but he's completely
regularity. Iwould debate that any individual wins b y a wrong.
syndicate were b y random chance more than any 'sys- On a computer if you write the date as dd-mm-yyyy,
tem.' files end up out of order. 01-01-1985 comes before 12-
"Looking a t the facts, Isimply do n o t see enough ev- 12-2004 (files from each year would be mixed up with
idence to say that syndicates are any more successful each other). Whitehat's response is a bit pointless, but
then individual groups. Isaw a few office groups that mostly annoying.
won the lottery, b u t this happened without any large BitPirnp
syndicate effem'veness. I f these syndicate systems
worked, wouldn't more people have seen and heard Dear 2600:
about the success stories? I t is kind o f hard t o hide a pat- Imissed the original article but am responding t o
tern o f success i n winning the lottery! These were small the Letter by WhiteHat i n t h e current issue of 2600
office groups with only one that was over 3 0 people. (21:4).
Even then, it was the same simple luck b y which individ- Whilst you find dd-mm-yyyy logical and familiar, the
ual winners have won. Even if a syndicate o f 500 people main objection t o that format is that for the first 12 days
won I 0 million dollars, when you split that up they get o f every month it is impossible t o t e l l if the date is i n dd-
$20,000 each. Most syndicates look to be around 50 peo- mm-yyyy or i n mm-dd-yyyy format with obvious conse-
ple i n number depending on the lottery i n question so quences.
that they guarantee smaller wins while hoping for 'the With the date written like 2005-03-01 this i s always
b i g one.'It is definitely an increase i n your odds which I yyyy-mm-dd because no one uses yyyy-dd-mm a t all.
stated i n my article, b u t it is still ridiculously stacked There is only one interpretation for that date.
This has already been decided i n International Stan-
against you no matter what.
"Common sense comes into play here. I f a syndicate dards such as IS0 8601, and earlier IS0 standards back as
far as 1971; and i n Internet RFC documents such as RFC
were really that effecfive, don't you think the lottery
3339.
would rig it with more numbers to nullify that effecfive-
Many programs, applications, data formats, and
ness? Trust me, they have done their homework and they
websites already use the "new" format and there i s a
are glad to let the syndicates pump up the jackpot for
large amount of information about this topic t o be found
them. They know that i n the long run, they will always
on the Internet.
win.
splke
"In m y opinion, if I were going to play the lottery, I
would take my dumb luck chance a t a 1 0 million dollar Dear 2600:
payday than sharing it with 499 others. Of course this is Iam writing i n response t o Jeff's letter i n 21:4 re-
my opinion, and others may disagree. But I will keep my garding hacking a voting machine. Hacking a voting ma-
money i n my pocket. " chine is such a minor issue compared t o corruption. It's
no coincidence that Diebold's new touch screen voting
Dear 2600:
machines have no paper trail. Diebold also makes ATMs,
My letter is i n response t o LabGeek's letter i n 21:4. I
checkout scanners, and ticket machines, all of which log
had the privilege of working as part of the management
each transaction and can generate a paper trail.
team of a new Wal-Mart i n the Northeast. The yellow line
It is also not mathematically possible for uncor-
i s drawn as a guide for shoppers so they can visualize
rupted machines that a l l (not some) of the voting ma-
where the border is. The actual border i s created by a
chine errors detected and reported i n Florida i n 2000
wire running underground. The system is based on RF,
were i n favor of Bush or Republican candidates. However,
though Ido not know the actual frequencies or t h e
that i s what happened.
range. We have tried lifting the carts a foot o f f t h e
It's also no coincidence that Walden O'Dell, Chairman
ground, but the locks still engaged. Amusingly, per
and CEO of Diebold is a major Bush campaign organizer
2600's response, we were successful i n getting over the
and donor who wrote i n 2003 that he was "committed t o
barrier by lifting the carts above our heads.
helping Ohio deliver i t s electoral votes t o the president
Jaypoc next year."
Dear 2600: It's also no coincidence that exit polls i n Ohio during
It looks like the article i n 21:l ("Setting Your Music t h e general election i n 2004 showed Kerry should have
Free") and the response i n 21:3 from Cameron both mis- taken Ohio by four points, yet the votes actually recorded
takenly refer t o AAC codec as an Apple Product. The AAC gave Ohio, and thus the country, t o Bush.
(Advanced Audio Coding) was developed by Dolby Labs It's also no coincidence that votes recorded i n eight
and is integrated into MPEG-4. Apple is merely an early of the other ten battleground states differed from exit
adopter of the technology, incorporating MPEG-4 polls by between 2.2 and 9.5 points, and a l l discrepan-
i n t o their latest QuickTime, making it the default codec cies (not some) favored Bush (an impossible anomaly).
i n iTunes, and adding support for it i n their hardware Note that this is not a partisan issue. I'm a registered
players. Republican. But that is n o t t h e point. The point is that
Alop t h e public vote doesn't count i n the U.S. since the elec-
tion appears t o be rigged.
Dear 2600: The hackers are the ones who wrote t h e software for
First off guys, great mag, radio show, con, DVD.... the voting machines i n the first place. No need t o pick
, I'm writing about WhiteHat's letter about date format the lock on just one voting machine.
' Please withhold any identification for fear of Govern- Jeez, some people w i l l believe anything.
\
ZbOO Magazine 1
6 warmonger and I do not believe t h a t terrorists should on your mind is a good thing. We're g l a d y o u
be sent into a court like we should. opportunityand hope you understand w h y we'll
With t h a t said, I agree t h a t U.S. citizens should not t o give others t h e chance.
be subjected t o random searches of their houses without
their knowledge and Americans should not be held with- Problems
out trial, lawyer, and so forth. You have my support 100
percent on that. However, i f we capture terrorists or Dear 2600:
someone who we suspect is a terrorist (who is not an I n case you haven't heard, t h e company ChoicePoint
American), then I don't care i f they don't have n'ghts, be- has been selling personal data (Social Security numbers,
cause they don't! The Geneva Convention does not grant phone numbers, addresses, etc.) t o companies. Someone
them this right at all. As far as torturing them, i f i t saves created a fake company and ordered i n f o on 145,000
our troops' lives, go for i t . We did not start this war and people and so far 50 suspicious credit accounts have
our soldiers should not die because we are t o o afraid t o been created i n t h e names of people w h o have had their
let them go without sleep because a bunch of left wing identity stolen. This is beyond wrong. T h e criminalin this
nut jobs are protesting them t o regain their lost power. case is ChoicePoint! ChoicePoint and every company like
I know most "hackers" are really left wing and are al- them should be shut down! I f t h e U.S. government
most communist. Granted, I cannot group all of them in refuses t o do something about these companies I hope
t h e same category since I believe my stance is right wing someone else does.
even though Bush is t h e first Republican president I have Phreakinphun
voted for. Making people aware of their rights is one Dear 2600:
thing, telling them they are losing them is OK, but t o
I just wanna say all t h e usual "I love your magazine"
blame i t on one man is a joke. It is both parties' fault
stuff before I say what I have t o say. I d o love i t and I've
that we have our rights degraded as far as they are now been reading i t for two years now.
(Lincoln started this with t h e backing of a strong federal This weekend I went t o pick up 21:4 and almost had a
government). But it's even more t h e fault of t h e Ameri- canary i n t h e magazine shop when i t w a s $15 Canadian!
can peopte because they have let i t slip this far. I f you I thought for sure i t was a mistake and asked t h e lady i f
ever watch Jay Leno's jay-walking or Sean Hannity's man she accidentally put t h e wrong price o n t h e magazine.
on t h e street quiz, t h e majority of people my age and She replied t h a t she hadn't and t h a t i t was now $15
younger (23) have no clue who t h e vice president is or everywhere. I couldn't believe i t - I almost died. I liter-
what t h e amendments are. Let alone t h e Bill of Rights! I ally sat i n t h a t magazine shop and deliberated o v e r i t for
know I have turned this into a political rambling and I 20 minutes. Was i t worth i t or not? Of course i t is. But i f
am sorry but I beg of you, please, no more. Talk about I have t o pay more, I would like t o voice some concerns.
rights, talk about how they are being taken away, but be First off, I just have t o say t h a t close t o a 50 percent
as partial as you can. I cannot take anymore "Left hates price hike is a huge price hike and I have a feeling t h a t i t
America, Right are fascists taking our rights away" pro- may deter a lot of readers. How have you handled t h e
paganda. price hike with t h e subscribers?
Rage1605 Secondly, I felt completely ripped o f f when I read
Nice j o b keeping politics out. Or did you mean for us about 50 percent of t h e letters (my f a v o r i t e part of your
t o stop talking about these issues afteryou talked about magazine) were written by teenyboppers who are plan-
them? First off, we discuss a l o t o f things and the space ning a DOS attacks on their school networks. I mean who
taken up by this kind o f a topic has always been fairly are these kids and why do you keep publishing these let-
minimal. Second, i f it's something that's on people's ters? I think we need t o get over t h e w h o l e idea of "what
minds, then why should we deny them the right t o ex- makes a hacker" letters. I mean either you get i t or you
press themselves? Like anything else, hackers have inter- don't. My suggestion: have a page t h a t defines "hacker"
esting perspedives on these issues. Plus, it's generally a as you see f i t . but please don't f i l l up t h e letters pages
good thing t o express yourself and expose yourself t o with them anymore. Please.
other opinions. I don't mean t o rip on you completely and of course
Having been exposed t o your opinions, we cannot re- there is still usefulinfo. I just feel Like I have t o dig a bit
act with silence. You believe it's acceptable t o abduct more t o find i t than I used to.
people from foreign countries and torture them? We andehlu
hope you realize that there are many people throughout Whoever sold you t h a t magazine r i p p e d you o f f Our
the world who have the desire and would have the right price in Canada has n o t increased f o r some time. Our
to do the same t o you underyour own logic. I f that's the price is $8.15 i n Canadian dollars ( w h i c h would make
worldyou want t o live in, you're well on the way towards such an increase closer t o 100 percent than t o 5 0 per-
gem'ng there. You say we didn't start this war? We in- cent). We suspect someone covered t h e "8" and con-
vaded a country that never attacked us and had neither vinced you that i t was 1 5 dollars. It's either incredibly
plans nor ability t o do so. Regardless o f what kind o f so- sleazy or incredibly stupid. Either way, march back there
ciety we manage t o create over there, you can never es- and demand a refund.
cape that fact. You obviously have all kinds o f problems
with whatyou imagine t o be the "left wing." But these is- Dear 2600:
sues are o f concern for people o f all political bents. I am saddened by t h e current s t a t e of affairs in this
Hackers come from all kinds o f different political back- country. To begin with, I recently read a survey i n which
grounds and ideologies so please don't assume that they a majority of high school students did n o t know what t h e
all believe the same thing. One thing that most would First Amendment of t h e Constitution provided. When
, probably agree upon is that expressing something that's read t h e exact text of t h e First Amendment, more than
6 n e third of the students felt it went "too far" i n the Complaints to the store manager usually are enough to\
rights it provided. Furthermore, only half of the students resolve the situation. I f this doesn't work, l e t us know
surveyed felt that newspapers should be allowed t o pub- the specifics.
lish freely without government approval. Three quarters
of students polled said that flag burning was illegal and Dear 2600:
about half of them said that the government had the au- Iwas on vacation recently i n Michigan t o see some
thority t o restrict indecent material on the Internet. This friends. While there, Istayed a t both a Baymont I n n and
almost makes me cry! We Live i n a country where the a Days Inn. While a t the Baymont Inn, Ihad good unre-
Leader has publicly stated t h a t he would prefer a dicta- stricted wireless access. No one tried t o censor all the
torship, where blatant election fraud has occurred i n the porn or hacking sites Ivisited and downloaded from. Not
form of unverifiable ballots, where t h e common public a problem. Ihighly recommend them. About halfway
thinks that asking questions about government actions through my trip, Imoved over t o a nearby Days I n n due
is unpatriotic, and now, t h e future of the country thinks t o price range considerations. While a t the Days I n n I
that we have too many freedoms. I urge everyone who had relatively good cable access and Iwas satisfied. To-
reads 2600, anyone who believes t h a t information wards the end of my stay, Iwas abruptly cut off i n the
should be free and that speech is free, t o speak up and middle o f a download from astalavista.com. Ithought
speak out against this tide of complacency. It is our re- the site was down and Icontinued surfing, noting as
sponsibility t o be critical of our government. I f we do not time went on that Icontinually received time out mes-
act, the fiction of 1984 w i l l become our reality. sages from them. Eventually when I got t h e same mes-
Alop sage from 2600.com and a number of other sites, I
I n a l l fairness, we don't believe Bush was actually realized it had been blocked by whatever server they
wishing for a dictatorship b u t simply attempting to make were using t o manage connections at the hotel. This was
one o f those points o f his that never really took off. But annoying but Iwas willing t o Let bygones be bygones. I
your warnings are definitely right on target. Being aware connected t o a proxy and was happily downloading for
and awake are essential for the future. about two hours before the admin cut o f f access t o my
proxy. Well, needless t o say, this pissed me o f f t o no end.
Dear 2600: Iswitched off t h e proxy and wrote their corporate head-
Iattended a 2600 meeting for the first time at the
quarters a nasty note stating that Iwould never patron-
Barnes and Noble i n the Baltimore Harbor. Iam disap-
ize any establishment of theirs again and that Iwould
pointed t o find out what goes on. When Ishowed up I
highly recommend all my friends find other accommoda-
was told that nothing really goes on buttalking between
tions unLess drastic action was taken and Iwas given an
others who show up. This i n no way constitutes a meet-
apology. To date I've received neither a reply nor an ac-
ing. Instead, it's a live chat room you feel awkward join-
knowledgment. So this is me recommending to all the
ing. I was under the assumption that everyone was able
happy hackers out there not t o ever visit Days Inn.
t o attend a 2600 meeting but I never plan t o read an-
Jon
other 2600 article or attend another 2600 meeting
The one thing you didn't tell us was what excuse they
again. After getting the cold shoulder from all a t the
meeting and no response from the webmaster of the gave for cutting you off. Did they specifically state that
Maryland 2600 meeting site (who is not keeping it up- they were monitoring what you were downloading? This
dated), Iam now writing t o you t o please step i n and do doesn't make a great deal o f sense.
something about this chapter of lame so-called hackers
i n Maryland. Ideas
"Yan Dear 2600:
Since you're never going to read us again, there's re- Iwish Ihad been introduced t o this magazine sooner
ally no way we can address your concerns to you. But it than a year ago. I was actually pretty surprised when I
should be understood that these are n o t meetings with found out that a store i n t h e East Boonies of Maine car-
lectures and agendas b u t gatherings where everyone is ried it and, ever since, I've been obliged t o pick it up.
free to converse with whomever they choose i n a public
Naturally, when I had an interesting thought about
area. We're sorry ifyou're n o t comfortable being a part o f
America's newest catch phrase, 2600 was the first place I
this b u t that's how it is. We encourage all who attend
thought of sending it. So here it is:
to be open to newcomers and n o t form cliques. And new-
Freedom isn't free. Iknow this motto has been circu-
comers should avoidjumping to conclusions.
lating around the country for a t Least a few years now, i n
Dear 2600: hopes that people w i l l realize a sacrifice has t o be made
Ihave been purchasing your magazine (when Ican t o preserve freedom. But i s this a l l the slogan really
find i t ) for the last four or five years and want t o let you means? Freedom isn't free could mean something com-
know that Ifound it, but not without some digging. It pletely unintended. If we stop thinking i n terms of cost,
seems that Barnes and Noble carries your fine publica- t h e saying becomes more of a slogan for the trends i n
tion but chooses t o keep it hidden away i n a drawer. Af- the U.S. as Iunderstand them. Freedom isn't free, man,
ter searching for a minute ( I don't have a l o t of it's i n prison. Or a t least headed that way. Do you seethe
patience), Iasked the cashier where it was. She showed subtle transition there? With a different connotation, a
me and didn't give me a reason as t o why it is hidden very popular saying for the defense o f the government's
awav. actions overseas becomes a slogan fit for the posters of
Chris Big Brother's Oceania. Freedom isn't free, not com-
This is n o t Barnes and Noble policy b u t rather that pletely, not yet. I'm just glad t h a t there are people out
,o f the local store or even o f that particular person. there, you and others, who are working i n its defense.
' Thank you for trying t o educate the masses. Little people for not having "proper" I D or n o t conforming t o
\
more than a year ago, Iwas one of them. visual or behavioral expectations. And explain t o me why
Tommy a terrorist would do something that everyone knows will
You most definitely have a future i n mass marketing. get you a special screening, such as buying a one-way
ticket, flying standby, or buying a t t h e last minute? I
Fighting Back mean, do we really think that someone who intends t o
Dear 2600: blow himself up would be concerned w i t h t h e added cost
I'm typing this a t 36,000 feet after reading the re- of a round trip ticket? Or that they'd p l a n it a t the last
cent article on identification and airline security. As a minute and not buy a ticket i n advance?
frequent business traveler, old hacker, and semi-anar- Often Iwill use one of my handmade I D documents,
chist, I've had plenty of time t o experiment with airline and never have had one questioned. Some are purposely
security and identity documents i n both air travel and not-so-good creations, but they never get questioned.
general use. I'm thinking a six year old's crayon rendition o f a driver's
First off, Ialmost never use any sort of I D document license would be good enough for these minimum wage
and on the rare occasion that Ido, it's nearly always a workers. Most of the time they don't look closely enough
"fake" one. Isay "fake" because Imake it a point of using t o detect something obvious. When traveling with oth-
ID that Ihave created myself, but that contains realinfo. ers, Iusually talk them into switching I D and boarding
Why? To prove the point that fake documents will fly (no passes with me. The security people have never noticed
pun intended), but without exposure t o persecution for this. For the most part they just want t o match the name
having false documents. There is nothing illegal i n this. on the boarding pass with the ID. I f t h e y did notice, we'd
Actually, possession or use of false documents itself is simply explain that we got them mixed u p when picking
generally not illegal, but using them for fraudulent pur-
them up from the ticket counter.
poses is.
Now let's talk about the matter o f t h e Scarlet Letter
Iencourage everyone t o refuse t o use ID for every-
day things. Simply refuse it, or say you don't have it, or on the boarding pass t o signify people who are selected
whatever. I n many, many years of doing this, it has never for "random" special inspections. One thing should be
stopped me from doing what Iwant. When asked i f Ihave real obvious here; it's just a piece of paper. A boarding
ID for a credit card purchase, for example, Isimply say pass, which Iprinted on my own computer. To be more
"no." Sometimes Iget a deer-in-headlights look, some- clear, one copy of the boarding pass. A l l you need is a
times a question or two, but never has someone refused second copy without the symbols, and t h e security peo-
my purchase! ple won't know how "special" you are. Of course, it's
Remember that you can't be forced t o give ID t o the probably illegal t o do this, so I'm n o t admitfing t o ever
police i f you're not driving a vehicle. A recent Supreme having tried it nor encouraging you to. But if you were
Court case has been touted as changing that, but it does to, say, print two copies just for safety, and then forget
not. The recent decision merely says that you must iden- and pull out the "wrong" one, Ithink it would be pretty
tify yourself during an investigation, but does not say tough t o prosecute you.
you must show identification documents. Ihave used Identity documents i n general a r e pretty useless
this a number of times during civil disobedience activi- right now since they are easily faked, b u t unless we fight
ties with 100 percent success (meaning I've never been back, there will come a time when they are demanded for
arrested for it). Ihave had cops literally spith'ng on me
anything you do. Eventually there w i l l be systems i n
through anger a t my refusal t o provide anything more
place for nearly anyone t o check your document against
than my name, but they knew better than t o arrest me
a database, and of course, they will l o g t h a t "for system
for such a non-crime. You must also refuse t o give your
birth date and Social Security number, as either of those security." Meaning, a trail of your movements and activi-
items will serve t o fully identify you with a computer ties w i l l be generated. Already i n my home state the bars
search, and void the purpose of refusing t o show ID doc- can subscribe t o a service which will read and verify the
uments. data on the magnetic strip on a driver's license. How
When flying, Itry t o have fun with the security long before you have t o authenticate yourself t o use the
goons. On many flights Iuse an expired ID. Most of the library, public wifi, buses/trains/airplanes, or anything
time they don't notice this, but often they will and "se- else?
lect" me for specialinspection. As most of you know, this Refuse t o use ID as often as possible, while you still
means putting four "S" symbols on my boarding pass and can. "Principio obstate." (Resist from t h e beginning.)
then doing +hand search of my laptop case and body. saynotoid@gmail.com
The ludicrousness of this should be obvious; the terror- Thanks for the words o f wisdom. It's always a goo0
ists we are supposedly trying t o stop all had proper, cur- idea to challenge whatever system i s being crammeci
rent, and valid U.S. I D documents! And why does expired down our throats b u t i n such a way as t o n o t putyourselr
ID matter? Does it stop being me on the day that it ex- a t risk unnecessarily. We j u s t wonder how long such
pires? There can be no valid security reason t o require a
things will still be possible.
current ID versus an expired one.
The hand search implies another thing t o me; they
obviously must know that the X-ray and metal detector
screenings are insufficient t o assure security. Imean, if to letters@26OO.com or use snail mail:
they are effective, then why the special screening? That 2600 Letters, PO Box 99, Middle Island,
,or the motive for the special screening is t o punish NY 11953 USA.
Page 45'
i n e -^
f int i;
short int max = 0;
I 1' pauses until the dsp level is above the silence threshold
yiE:lence-pau.e(int
file descriptor to read from
[silence-thresl silence threshold ' 1
fd, int s i l e n r ~ t h n s )
1
short int buf = 0;
1' get8 a sample, terminating when the input goes below the eilence threshold
[fdl file descriptor to read from
[sample-rate] sample rate of device
[sllence_thres]silence threshold
'* global f *
[sampleI sample
[sample_sire] n d e r of frames in sample * I
void get-dsp(int fd, ~ n tsample-rate, int silence-thres)
sample-size = 0;
/ * fill buffer *I
.
while (leos) (
COUnttt;
sample-sire = count BUF_SIZE:
".*.
if (sfinfo.channels I= 1) { I* ensure that the file is mono +
I
fprintf(stderr, Error: Only monaural files are supported\n");
exit(ExIT_FAILuRE);
I
s m p l ~ s i z e= s M f o . f r m s ; / * set sample eize fl
retnrn andrile;
\Spring zoo5 P a g e 47
[sndfilel SNDFILE pointer from sf-open() or sf-open-fd()
* * global **
[samplel sample
[sample_aizel number of frames in sample * /
sf-count_t count;
I
peak = 0;
I
while (sample[il > silence-thres 6 6 i < sample_size) (
if (samplel~l> sample(peak1)
peak = i;
peaks -
(peak-ppeako) (
xrealloc(peaks, aizeof(int)
peaks[peaks_size] = peak - ppeak;
+ (peaks-sire + 111;
peaks-$l=e++;
I
else if (peaks[il c (zerobl + (frepthres zerobl / 100)) 66 +
-
peaks[il > (zerobl (fre~thres* zerobl / 100))) (
printf(*O");
Xifndef DISABLE-VC
zerobl = peaks[il;
#endif
)
I * main +I
int main(int srgc, char *argv[])
int fd;
SNDFILE "endfile = NULL;
/ + codquration variables e l
char *filename = NULL;
int auto-thles = ?.UTO-T11El, Y-level = 0, ~ 6 ~ s n d 5 l= e0. Verbase
~ n tsample-rate = SAMPLE-RAW, silence-thres = SILENCE-TARES;
- 1;
I* getopt variables f /
int ch, option-index;
static struct option long-options[] = (
("auto-thres', 0, 0. ' a ' ) ,
("device", 1, 0 , ' d m } ,
{"file", 1, 0, '£'I,
("helo". 0. 0. ' h ' ) .
switch (Ch) (
case ' a ' : I * auto-thres * I
auto-thres = atoi(optarg);
break;
case 'd': I + device .I
filename = xstrdup(optsrg);
break;
case 'f': I * file ./
filename = nstzdup(optarg);
uae-sndfile = 1;
break;
case 'h': / * help * /
print-help(stdout, argv(0l);
exit(Ex1T~succEss);
break;
case 'm': I' max-level f /
maxlevel = 1;
break;
case ' 6 ' : I' silent * I
verbose = 0;
break;
case 't': I * threshold +I
auto-thres = 0;
silence-three = atoi(optarg);
break;
case ' v ' : I* version * I
print-version(stdout);
exit(EX1T-SUCCESS);
break;
default: I* default +I
print-help(stderr, argv[Oll;
exit(EXIT_FAILURE);
break;
1
)
\ s p r i n g looii Page 49 1
by LoungeTab Adaware SE http://www.majorgeeks.co~n/down
LoungeTab@hotrnail.com ~load506.html
This is an article i n response t o "Scumware, SpySweeper http://www. webroot.com/wb/down
Spyware, Adware, Sneakware" i n 21:2. First I -loads/index,php
would like t o commend shinohara on writing a HijackThis http//www.spychecker.com/program
great article about the nastiest of nasties. One ,/hijackthis. html
thing I noticed was where he said MSCONFIG was Now go ahead and restart your computer into
available i n allversions o f Microsoft since 98. Ac- Safe Mode (hit F8 before the Windows splash
tually, MSCONFIG isn't included with any installa- screen comes up). After your computer has
tion options of Win 2k, but any version o f booted i n t o safe mode you will want t o first run
MSCONFIG will work under Win 2k. Irecommend CWShredder. After launching, select "Fix" and it
the XP version which i s available at http://down- will search for and remove any CoolWebSearch
loads.thetechguide.corn/msconfig.zip. Ithought programs. CoolWebSearch likes t o change many
I would also add my own process for eradicating Internet Explorer settings, adding their own web-
a l l types of scumware. sites t o trusted sites, changing your search pref-
Are y o u Infected? erences and homepages, and redirecting you t o
First, how do you know i f you are infected their sites whenever you mistype a URL. CW-
with scumware? I f any o f the following sound Shredder should take less than a minute to run.
familiar: Next on the list i s Spybot S&D. Run this nifty
A gangload o f popups, even when not con- little program and it will scan the registry and
nected t o the Internet, files for occurrences of scumware. Select "Search
Internet Explorer toolbars (95 percent are and Destroy" from the menu on the left and then
scan on the screen it brings up. This program will
scumware),
take about 5-10 minutes t o run.
Homepage Hijacking (inability t o change
After that is done, run Adaware SE. For this
homepage),
program select smart system scan. This program
Internet activity from modem when no Inter-
also searches through the registry and folders for
net applications are running,
scumware programs. This scan can take anywhere
Numerous processes running that have seem-
from 10 minutes t o 2 hours.
ingly random names, The final file searching program, SpySweeper,
A process that has "XxX" or "teen" in its name i s one of the best programs available i n my opin-
(quit looking a t so much porn), ion and it would be worth it t o purchase the f u l l
Serious decay in system speed, version. This program does an in-depth scan o f
then more than likely you are infected with a l l files, folders, and registry entries and re-
scumware. What t o do next? Let's get rid of it. All moves from them a l l the leftovers that the previ-
of it. ous programs didn't catch. From the main menu
Removal select "Sweep Now" and then "Start." After the
The following instructions are for users of a l l scan is complete you will be prompted for which
versions of Windows. First you have t o download, files you want t o be quarantined. This scan i s
install, and update these programs. It is ex- similar t o Adaware and can take anywhere from
tremely important for you t o manually update 20 minutes t o 4 hours.
these programs because some of them do not Finally, run HijackThis a t the menu select
have the latest definitions when you download Scan and it will display a complete list of BHOs,
them. Internet Explorer Toolbars, Startup items, and
CWShredder http://www.majorgeeks.com/down extra buttons added t o Internet Explorer. Be sure
wload4086. html you understand what each entry i s before you
Spybot S&D http://www.safer-networking.org/ remove it! You may want t o keep many of these
w en/download/index. html entries.
/ your computer. Be sure t o read t h e documental
Kazaa
Did you ever have Kazaa installed on your tion because it won't work with Win XP or Win 2k
computer? I f so, go t o http://www.spychecker sr2.
-.com/program/kazaagone.html and download Summary
KazaaBegone t o eliminate a l l traces of Kazaa Your computer should now r u n much faster
along with the bundled software that came with since you freed up a l o t o f processing power from
it. processes that were absolutely worthless. At this
I n t e r n e t Explorer point Iusually remove a l l t h e applications except
Sick of Internet Explorer? Can't figure out how Spysweeper and always let it r u n i n t h e back-
t o completely remove it from your system? Down- ground t o notify you of any changes t h a t are
load IEeradicator from http://www.litepc.com/ made t o your Internet Explorer f i l e s and startup
-ieradicator.html t o completely remove it from files.
The VCDs f r o m
a r e now available
They consist of all of the talks which took place i n the two main tracks of the conference,
which occurred i n July 2004. There are 78 discs i n total! We can't possibly fit all of the
titles here but we can tell you that you can get them for $5 each or $200 for the lot. Much
more info can be found on our website (www.2600.com) where you can also download all
of the audio from the conference. I f you want to buy any of the VCDs, you can send a
check or money order to 2600, PO Box 752, Middle Island, NY 11953 USA or buy them
credit card a t store.2600.com.
2600 Magazine 1
by st4r-runner for storing sensitive information i n those directo-
Having a shell account on a shared system is ries. They think t h a t j u s t because t h e y don't pro-
convenient, fun, and dangerous. A l o t of web- vide a link for t h a t file or directory on their little
hosting services provide shell access and some web page means that no can get t o it. Users will
ISPs offer shell accounts on their Linux/Unix put things like "bank-info.xls" o r "pic-of-wife-no-
boxes. I f you're Lucky enough t o have one you one-should-see.jpgM or "myfavband.mp3". What
should be aware of the potential for information else could we do? Let's see. Ah, t h e user i s run-
leakage and protect yourself on these systems. ning PHP-Nuke or some other php/mysql based
Let's demonstrate how t o harvest some info. portal and they have a nice config-php file.
First, prepare your environment t o avoid leaving 1s -1 /home/usernme/www/*.php
a telltale trail: You'd be surprised a t how many users make
rm -/.bash-history their database password the same as their login
then password t o t h a t system.
In -s /dev/null -/.bash-history vi /home/username/www/contig.php
I f it's not a bash shell then do the same for ...
Hmm dbuname=username a n d dbpass=my-
the .sh-history or whatever t h e case may be. secretpw. OK. So now Iown their database. But I
Now let's see what we have for user directories: wonder if they would be dumb enough t o have
Is -a1 /home that same password for this system.
You'll probably get permission denied. No ssh -1 username localhost
problem: Just do it from localhost, not y o u r home sys-
cat /etc/passwd tem (if the user or sysadmin runs t h e "last" com-
should show you a l l the user directories any- mand it will reveal your I P address). I f t h e login
way. What's i n their directories? Hopefully i s unsuccessful, don't worry. There may be more
Is -a1 /home/username t o look a t still.
won't work (but you never know). So where How about writable files and directories?
can you go from there? See if perhaps their .bash find /home/username/www -perm 0777 -print
files are readable. find /home/username/www -perm 0666 -print
Is -1 /home/username/.bash-history Play around with permission modes. 6 or 7 i n
Is -1 /home/username/.bashgrofile the last position i s what you're looking for. I f a
Is -1 /home/username/.bashrc user has a writable directory t h e n you can put
Are any o f those readable (rw-r--r--)? Take a your own files i n there. I f a user has a writable
look at them. They may show some interesting in- file like a php then you can put your own spyware
formation. Now here's where it can get interest- i n t o the code t o let you know when users access
ing. Most shell servers will have a web server the page or if it has a login form y o u can write
available for sharing out a personal web page. code i n there t o write the user name and pass-
This directory w i l l likely be "/PublicHtml (you word t o a file for you t o collect later on. What-
should have the same directory). But if you want ever.
t o be sure then Now be careful o f what you do. You are not al-
grep UserDir httpd.conf lowed t o violate someone's privacy or destroy
httpd.conf can be located i n different places their content. Some linux administrators have
depending on the installation. Some common Lo- gotten smart and used grsecurity's patches t o log
cations are /etc/httpd, /etc/apache, /usr/ a l l exec's from users so they can be alerted if
-local/apache/conf, or/var/www/conf or do. some user i s running "find / -perm 0777". You
ps ax / grep httpd w i l l get caught. So make sure t h a t y o u stay under
and it might show you t h e f u l l command line t h e radar. Find out if t h e system i s a grsecurity
(/usr/sbin/httpd -f /etc/httpd/httpd.conf). Once kernel.
you know the UserDir, guess what? That directory uname -a
is world readable. Big deal, right? Well take the Well, have fun poking around b u t don't do
,
time t o poke a little further. Users are notorious anything stupid.
/
* Inside the
Emeroency
la Alert System
by Tokachu transmission, preserved i n eight b i t format:
->*<**,*..*.?.,-
The Emergency Alert System, commonly called ZCZC-WXR-HUW-03 71 83i0300
EAS, originates from the FCC-mandated Emer- b-0661830-WXYZ/FM -
gency Broadcast System (formerly known as The sixteen funny symbols a t t h e beginning i s
Conelrad), which was nothing more than a Long the 16 byte header, along with another four byte
multifrequency tone generator and detector. Be- header of "ZCZC" t o indicate ASCII data. "WXR" i s
fore the Kennedy Administration, such signals the notifying party (the National Weather Ser-
were only accessible for major networks and by vice, for this example). "HUW" i s t h e message
the early 1990s the system was showing i t s age. code ("Hurricane Warning"), and "037183" i s the
Some cable companies resorted t o building their affected area, noted i n undashed FIPS 6-4 for-
own unique alert systems using old phone equip- mat. The first digit i s the region, which i s usually
ment because the 30 year old system was, quite set t o "Nationwide" (0) and ignored; t h e second
literally, falling apart. I n 1994, after three years and third digits note the state (North Carolina),
of research and development, the FCC introduced and the last three digits are t h e county number
what is now the modern EAS, and i n 1997 the (Wake County). To store more t h a n one Location,
system was made mandatory. the format might look like "######-
Network topology ######+", with each "######-" being a six
The original EBS worked i n a daisy-chain fash- digit location code and with t h e l a s t code ending
ion, where the authorities would notify one radio with a plus rather than a minus symbol. The four
station, that radio station would notify another digits after the plus symbol represent t h e length
station, and so forth. The EAS works i n a hierar- of time the alert i s effective for (exactly three
chical manner, where the notifying party (civil hours i n this example). For the n e x t seven digits,
authorities, the National Weather Service, or Law the first three are a Julian-formatted date ("066"
enforcement) notify the largest station i n the means the 66th day of t h e year, o r May 7th i n
area. From there, other smaller radio stations ac- 2005). The last four digits are t h e starting time
tually have a receiver hooked up t o the EAS en- (6:30 pm). The next eight characters hold t h e call
coder/decoder (the "endec") that listens for the sign o f the radio station sending o u t t h e alert. It
big radio station, and the endec will cut i n t o the i s space-padded at the end, and any dashes i n
radio station's signal t o transmit at least three t h e call sign are replaced with slashes. The mes-
bursts of data along with the attention signal. sage ends with a single dash.
Data Format What i s n o t shown here i s t h e two-tone signal
I'll be brief i n the data format: it's FSK-en- o f 853 Hz and 960 Hz, which must be emitted for
coded (one tone is a mark, or "1" i n binary, and a t least eight seconds after t h e data i s sent at
another tone i s a space, or "OM), which limits i t s
transmission speed t o about 1200 bps. However,
,least
, * , ,,three
<
times. From there, data with
,,,,,,,,,,,
NNNN" transmitted exactly
it operates at a very strange baud: 520.83 bps, or three times acts as the signal for t h e end of the
one b i t every 1.92 milliseconds. The space fre- transmission. For some really detailed informa-
quency is the bitrate multiplied by three (exactly tion, you should read document FCC 47 CFR 11,
1562.5 Hz),,and the mark frequency is the bitrate available on (http://fcc.gov).
multiplied by four (approximately 2083.3 Hz). Security
Each byte is a regular eight b i t byte containing I'm sure you're thinking something along the
ASCII data (the most significant byte is ignored lines o f "if there's nothing t o authenticate or en-
when receiving the data format), so it's very easy crypt the information, what's keeping people
t o modulate data. from breaking i n t o machines a n d sending fake
The header consists o f 16 bytes with binary signals?" Well, there's a few t h i n g s you should
value "10101011". As the bitrate and transmis- know. First, most radio stations have a live per-
sion protocols are constant, there i s no need son t o confirm whether or n o t t o forward any
t o transmit bitrate calibration signals or message received. Second, these machines are
,
mark/space information. Here i s a sample not hooked up like computers; they're placed
h o n g i d e transmission equipment, and are not
hooked up t o any network or external computer
(with the exception of video crawls i n television
stations, but those still require manual interven-
station i n that area. This kind o f message would
not result i n another "War of the Worlds" sce-
'I
nario, but would still result i n loss o f revenue by
the television stations. Then again, a test only ,
tion t o function). Ican t e l l you that every time I lasts a few minutes and unless the attacker struck
hear that little "duck quack," Ido flip out, but during the Super Bowl commercial break, the
even though Ihave a Legal obligation t o forward losses would be negligible. I'll keep the door
the message, Ican call the radio station after- locked, just i n case you get any ideas.
wards t o confirm it (and if it's fake, Ican break Conclusion
back into the radio circuit t o let people know). While it is very easy t o make a signal genera-
But let's say you happen t o get i n t o the radio tor for the EAS, there i s no real use for it beyond
station and get physical access t o the machine t h e transmitter. I f you're daring, you could mod-
(which you won't) or happen t o somehow break ify a radio packet program t o use the frequencies
into the remote transmission facilities t o inter- and bitrate of the EAS t o automatically log emer-
rupt the audio and use your own EAS endec gencies. Radio Shack used t o sell a radio scanner
(which you probably won't). The FCC can find you t h a t could tune i n t o FM stations and TV audio
easily because you'd have t o be very close or in- carriers and decode EAS signals for about 870
side the radio station t o pull such a task off. You some time ago, although it might be a b i t more
would then be prosecuted and your message expensive nowadays.
might not even be forwarded! The only vulnera- Nonetheless, until the EAS i s completely inte-
1 bility Ican find is the f a d that the FCC mandates grated into consumer appliances such as cellular
1 that there be either a weekly or monthly test of phones, there is nothing t o worry about when it
I the EAS endec. Unfortunately, that means that a comes t o "breaking into" the system, and with
rogue attacker could very likely be able t o inject a the FCC collecting comments on the next genera-
test signal into a cable television network, which tion o f the EAS, it w i l l probably be very stable
would not only interrupt one station, but every and very secure i n the days t o come.
I P - V , L Redux
by Gr@ve-Rose probably stop reading here! For the rest of us, we
Hello everyone. Since my last article touched need t o establish an IPv6 tunnel with a tunnel
upon an introduction t o the IPv6 protocol, I broker. Tunnel broker's are organizations that will
thought a nice follow-up article on how t o con- allocate you a network from their subnet that you
figure your network would be beneficial and can use. Some of the ones out there include Hur-
some fun practice. Without further adieu, let's ricane Electric (http://ipv6tb.he.net) and
get down t o business. Hexago (http://www.hexago.com) as well as
My Network many others. I have used both o f the aforemen-
As a point of reference, here is a (very) basic tioned but will focus on Hexago as I have had
overview of my network at home. Frankenserver i s
good service with them.
my Linux gateway, server, and basic a l l-in-one
'
Swing over t o the Hexago site and, at the top
box running Red Hat EL3 and Checkpoint FW-1
NGFP4 R55 connected t o a 3Mb PPPoE connec- right of the page, select the "Get IPv6 i n 3 steps"
tion. My main desktop PC i s Alice and she runs link. Go through the short registration process
Mandrake 10.0 (2.6.3-7mdk vanilla). I have and get t h e Linux TSP client a t t h e end. Save the
about five or six more computers but will only be TSP client on your border router (Frank for me)
focusing on Frank and Alice. and uncompress it. Install it with the command:
Tunnel Broker "make target=linux installdir=/usr/local/tspc i n
I'm assuming that your current ISP does not ,stall" which will install the program i n /usr/
offer native IPv6 connections. I f it does, you can ,local/tspc.
' Once you have installed t h e TSP client, switch for different ports which may b e used i n the
\
to /usr/local/tspc/bin and edit t h e tspc.conf file. 6over4 tunnel. Because o f this, I performed a se-
Here are the main things you will need t o have: curity audit on Frank t o ensure t h a t t h e only ser-
tsp-dir=/usr/local/tspc Location of the program vices Listening are t h e ones I want t o have
auth-method=any Choose the best for us running. (This i s good practice anyway.) Right
client-vd=auto Interface to peer with (external)
now, only HTTP(S) and SSH are Listening on IPv6.
userid= - Username
Second, although Checkpoint does support
passwd= - Password
IPv6, it currently struggles with s t a t e f u l inspec-
template=linux - Using Linux, right?
server=broker.freenet6.net -Used for logging in
tion o f tunneled traffic for IPv4 and IPv6. This
retry_delay=30 - 30 second retries means t h a t anyone can access any o f t h e global-
tunnel_mode=v6anyv4 - Leave this as it is unicast I P addresses I've been assigned. I n lay-
if-tunnel-v6vd=sitl - Leave this as it is man's terms, Alice's IPv6 i s unprotected. A quick
if-tunnel_v6udpv4=tun - Leave this as it is "netstat -na I grep \:\:" revealed only SSH lis
proxy-client=no -
We are not a proxy server wtening on :::22. Hacking /etc/ssh/sshd-config
keepalive=yes - Always a good idea and changing the Listenports t o ::1 and
keepalive-interval=30 - 30 second keepalive 172.17.2.2, followed by a "service sshd restartH
host-type=router - We are a router worked properly. Now the only service on Alice
prefixlen=48 - Obtain a 148 subnet Listening on IPv6 i s SSH Listening on t h e loop-
if-prefix=ethO - Internal network card
back interface only.
Once you have configured this, save the file Lastly, Icreated my IPv6 objects within t h e
and run the command: "./tspc -f ./tspc.conf -wv"
SmartDashboard of Checkpoint ([6]-Alice-v6
and you should see the transaction take place.
Any error messages you see if it fails are most --host-node, [6]-Frank-ethO-host-node, [6]-
likely i n the Hexago FAQ pages. Check there for Frank-sitl-host-node and [= 1 -]-Internal-
more help. Run an "ifconfig -a" and you should -v6-network) and allowed my Internal-v6-net
now see your sit1 interface with a 1128 subnet -work out without limitation.
(our tunneling mechanism) and ethO should now Testing
have a global-unicast I P address starting with If everything has gone correctly, you should
2001: with a /48 subnet. be able t o ping6 sites. Try "ping6 www.kame.net"
Client Configuration which should return from orange.kame.net. I f
Head on over t o your desktop PC (Alice, i n my DNS, doesn't work, their I P address is:
case) and, if you're running a kernel pre-2.6, run 2001:200:0:8002:203:47ff:fea5:3085.
"insmod ipv6" t o install the IPv6 module. Wait for How about websites? The best o n e t o test with
a few moments and then run an "ifconfig -a" and i s http://www.ipv6.bieringer.de/ because you
your ethernet adapter should now have its own
can onlyaccess it from an IPv6-enabled machine.
global-unicast (2001:) I P address. How did this
IPv4 browsing w i l l return a Bad Gateway error
happen? Well, the TSP client also works as
radv(d) which will advertise I P addresses for con- message.
figuration. Cool, eh? What's really interesting t o see are t h e actual
Now, let's add DNS resolution. Technically, packets going back and forth. Isuggest using
any DNS server can give you an A6 record (dig -t Ethereal but even tcpdump w i l l show you t h e IPv4
AAAA servername.com) but we want t o make sure addresses followed by the (un)encapsulated IPv6
of this. Open /etc/resolv.conf and add the follow- addresses. Fun stuff!
ing t o the top: Conclusion
options inet6 I hope t h a t this article has helped you on
nameserver ,2001:238: r l your way t o learning more about I P v 6 as well as
Yes, that is a valid IPv6 nameserver (at the how itfunctions. Ihave some documents floating
time of this writing). Once this i s done, we should around on the web about IPv6 so if you can track
move on t o the security portion .... them down, they should help y o u out as well.
Security Considerations
Take a look at different websites o u t there and,
This is where things get tricky. I'm running
Checkpoint Firewall-1 and, although it does sup- bundled with t h e inquisitive nature I ' m sure you
port IPv6, not a l l features are available yet. As possess, you'll be flying v6-style i n n o time!
such, Ihave had t o make some modifications t o Shouts: ChlxOr, phoneboy, B o b Hinden,
both Alice and Frank. David Kessens, TAC-Kanata, elligirf, anyone I may
First off, Ihad t o allow the Hexago IPv4 have missed, and o f course, eXoDuS (YNBAB-
server t o access Frank's IPv4 unrestricted t o allow WARL)!
Page 57'
I Happenings 1 1 oltr,?
~ I I ~ I ~ I>p<,,>k~~
~ ~ I LItleal
~IC frm'i 1 < r t ~ ~ l d ,A~ l! z~ t, ~ c ~
doqr/rhlmpr. rignlflrant others. hackers. and computer wlisrds. blvp one to a
bay/g>rlfi~endor to that poten6al"iomeone"you meet at a party, the supermar-
~~ ~! # I~! , ,cIh\1
VIC ~
SUMMERCON 2005 PRESENTS: TOOLS OFTHE TRADE. Come one, comeall! ket, school, or the mall: with your pre-programmed telephone number, he/rhe will
Hackers, phreakers, phrackers, feds. 2600 shock troops, cops. "security profession- always be able to call you! Also, ideal i f you don't want to "disclose" your tele-
als.' U4EA. rOOt kids club, orerr, arouoier. conference whores. kOd3rr. convicted phone number but want someone to be able to call you locally or long distance by
II 'eon%. concerneo parcnrr. an0 teachpi5. Iiackrrr an0 oeer col Ioe far tne lecnno-
cd fpre'nnt rne propnets narneo yo. aoodr. J.neL-6 n A-st n Tekar. Omnl
A L I ~ no'el Onrnrann. 100 San Jaolrro at Rtn i l r e ~ t Atown.
Pre-reaiiter now!
. TX 78701 For mare
~nformahan,t-shirts, registration, and much more: http://www.summercon.org
telephone. Key ring/cbp. Limited quantity available. Money order only. $24.95 +
$3.00 SIH. Mail order to: PHONE HOME, Nimrod Division. 331 N. New Ballar Road.
Box ~10RO2CRC M8ssOdn 631-1
LEARN LOCK PICKING I t r EASYrvlrh our nook an0 nevr vloca The 2na edltlan
boa. aeor otr mare Intcre5nnq matenal an0 11I t r r a t ~ o n*h# ~ P tne ndeo 8s f l l eo
I methodologies and rkillr instead of test answers! San Frannsco Bay Area In early Trade Center. Thir high-quality glorry color poster i r available i n two riles (16" x
October 2005. See inten0ne.com or grayarea.info for the latest detalls. 20" and 20" x 30") and maker a spectacular gift for engineers, scientists, radio and
television buffs, or anybody who appreciates a unique, rarely seen view of the
1 -
SPAMSHIRT.COM take same roam . and out, it on a t-shirt. Now available i n the
World Trade Center. Visit www.wtc-p0ster.u~ for samples and to order your own
porter.
CABLE N DESCRAMBLERS. New. (2) 199 + $5.00 shipping. money orderjcarh
II US.! www.rpamshirt.com. only. Works on analog or analog/digital cable systems. Premium channels and pos-
CHECK OUT JEAH.NETfor reliable and affordable Unix shells. Beginners and ad- riblv PPV deoendina on rvrtem. Comolete with IlOvac Dower ruoalv. Purchaser ar-
vanced urerr love JEAH's Unix shells for performancedriven uptimer and a huqe rum& role iesponr;biliGfor notifyin'g cable operator df use of der;rambler.
list of Virtual Horts. Your account lets you store data, use IRC. SSH, and e m a i l k t h Requires a cableTV converter (1.e.. Rad~oShack) to be used with the unit. Cable
camolete anvacv,and- recuntv. JEAH also offers fast and stable hortino for voui>
connects to the converter, then the dercrambler. then the output goes t o TV set
II
4~
web rlte, plus theability to register and manage your own domain name. All at tuned t o channel 3. CO 9621 Olive, Box 28992-TS, Olivettet Sur, M?rrauri63132.
very"compehtive
' prices. Special for 2600 subscribers: Mention 2600and receive Email: cabledescrambIerguy@yahoo.com.
setup fees waived. Look to www.jeah.net for the exceptional service and attention DECEPTION. The Pine Lake Media Group is pleased to present t o you our debut re-
I g E F d : h DOWNli'Mf ON DVD! Years i n the makina but we hone it was worth the
.
leare. Decelrtion, bv. award-winnino newsmax.cam columnirt Charles Smith. Manv
citizens think they know what their government is doing i n their names. After
I
I
I
&a#- A co.0.r OvD IP~ t l a t lntIJOe5 the two no., oocdmsntary, an in-depth tnrer.
w e w m,n < e m Murlrr. an0 nra.0 :hree hour$ of extra scener. or1 faorage. and
ml,ceI nnml.5 st .ff P *.I capnonlng for 20 (1b111 nor-I. 20) lanq~aqes,<o.nnwn-
tar" track, and a lot of thinqs you'll iust have to find far vourrelf! The entire two
dis; set can be had bv * rendhd$30
. to Freedom O o w n t i m e " ~ ~PO
~ .Box 752. Middle
reading Deception, you'll see just how bad it really is and how little you really
know. Deception is the true story of the greatest Chinere Army espionage opera-
tional exoloit aaainrt the United Stater. Based on a decade of research and more
than 50.000 paqer of offloa. an0 r.a$?#f#ea ooc.rrentr onratneo urwg rne Free-
do- Of Informarlon An, no o r n v o o c ~p->llrn~cto .a+? even <omparer to llerep-
I Island NY 11953 IlSAar - buardetino
-, from our online stare at tion. While many books have "gone after" presidents before, Deceptionis unique
http://store.2600.com. (VHS copier of the film rhllavailable for $15.) because we've included all of the evidence backino* uo , our charoer. We have the
< - ~
NETWORKINGAND SECURIPI PRODUCTS available at OvationTerhnology.com. signed letter from Motorola CEO Gary Tooter thanking Ron Brawn, farmer United
1 We're a Network Securitv and Internet Privacy conrultinq firm and supplier of oet- States Commerce Department Secretary, for the presidential waiver allowing the
working hardware. Our online stare f e a t u r e r ~and ~ ~firewall hardware, wirelelr exoort of encrvpted police radios to China. And nearlv 100 other unmodified. un-
hardware, cable and DSL modems/routers, IP access devices. VoIP products. emoel >rheaoocimenl< Ihat nnmp "amp<. Orner your cop) tooay f o r ac0,no.a in.
parental control products, and ethernet switches. We pride ourselver an prwiding forwarlon a*o to ororr, p ra5Qn v t o.r ~ e b r l r at
r . m a pme aeemeola con or ca I
the highest level of technical expertise and customer ratisfactton. Our commitment ROO-799-4570 or (61s) 275-OR3O. P ea5e note tnat re cannot accept oraerr oy
to you ... No surprises! Easy returns! Buy with confidence! After all, Security and
Privacyis our burinerr! Virit us at http://www.0vationTechnology.com/store.htm.
teteohane at this time. Credit card orders ma" be faxed to 800-799-4571 or (514) ,.
27510829. We accept all major credit cards, checkr, money orders, Liberty Dollars.
ONUNE SERVICES. Web hostina. , cheao . domains, areat dedicated sewers. SSL electronic checks, and good old fashioned cash. We ship worldwide by DHL or
I
2600 readers who have also become new rubrctibers and encourager those who
have not ACK their need for diverre computer information i n conjundon with that mote control devices. Price includes mailing. $99.95. Not only a collector's item
of 2600 to ded~catesome oackets and become a ~ ~ b s c t i btodav! er V ~ l us
t at our but a VERY USEFUL device to carrv at all timer. Carh or monev order 0°C.Mail to:
new domain www.pearlyfr~eprerr.com/phraine. c
NrllS1.E. PO. Rax 11567-ST. 1. qirrarn 63105.
HACKER T-SHIRTS AND STICKERS at JinxGear.com. Stop running around naked! HOW TO 8E ANONYMOUS ON THE INTfRNkl. fa%$to fn low trson5 an arhwnng
We've got new rwagalinaus t-rh~rts, stickers. and miscellaneous contraband com- Internetanonymity, privacy, and security. The book's 20 chapters cover 1) simple
ing out monthly including your classic hacker/geek designs, hat-short panties, dog proxy use for WW: 2) how to rend and receive e-mail anonymously: 3) use SOCKS
shirts. and a whole mess of kickarr stickers. We also have LAN oartv lirhnar. prones for IRC, ICQ. NNTP, SMTP, HTTP: 4) web based proxies - JAP. Multiproxy.
n a c w con'errr~pI!5nngs. mellaqe~orbmr,a pnato cat er), an0 m0n.n y con- Crowds: 5) do-it-yourself proxies - AnalogX, Wingater; 6) read and post ~n "em-
.
terrr. he1 oonr ern biy. 125: r gn or tne ma) 8ng Irr an0 have a m a w e ra win O~OUDI (Usenet) i n complete privacy: 7) for eav proxies. Learn how to hunt for.
five t r ,If_ 01 101 OY. tne easy ~nlt.,rno-I 10 get a frer sucrer. Grr 11n l at flno. an0 .rl 1zea.l ryper of proxler, clean up y0.r baurers. clean .p yo., m o l e
1
wwwJinx.cam! Nbnoo~rOS This proferriona'.y m n c n 0.t non.tecnnlca.~arqor~f l lea book Ir
PHONE HOME. Tiny, sub-miniature. 7/10 ounce, programmable/reprogrammable geared towards the beginner to advanced readerr and the average Internet user.
touct-tone multi-freo~nl* , , .IDTMn, dialer which can store uo to I 5 touch-tme The book lessons are on a CD i n easv to read HTMLinterface format with numerous
o\qtrc .n#+ Ir ne o aqamr the teleonare rerelver s mlrwphone for olalmg Prerr illustrations throughout. Send $20 (I'll pay S/H) to Plamen Petkov. 1390 E Vegas
nOUE to a~toma!#cay dla rne :tore3 Oigit~ani+ can :"en ne hear0 :nro .qn Valley Dr. #40. tar Vegas. NV 89109. Money orders, personal checks, cash accepted.
Across
1.Hackersauniv.
3.Legion of -
6.Usenet starter
9,Dir for Unix
10. Bad on a boarding pass
13.CPU, ROM, eg.
14.Independent fortress
phone
18.2.4Ghz transmission
19.Multics successor
21.Early net.
24.Telco wire inits.
25. GUI predecessor
26.2600 build
28. Popular distribution
31. Some hackers break
these
33. White House zone (abbr.)
34. Otwell's farm
35. Meeting space Down 27. MOD'Smark?
36. Framer of the manifesto 29. Pen reg.
39. Old Baby Bell 1. 100010101100 30. Early scene zine
41. Net hell? 2. Social engineering must 32. WWll Ohio shortwave
42.Stood up to the MPAA 3. Back-up media (abbr.) sta.
44. What 2600 repainted 4. Platform (abbr.) 36. Chinese TLD
47. Cow plus yak 5. Degree of achievement 37. What pine is not
48.ALGOL - Latin similarii for some hackers 38. Phrack founder
49. Once 10562 7. Common - 40. String oriented symbolic
50. Do not overtlow this 8. Class 4 CO language
52.The stage for Hackers 11. Quarterly hundreds digit 41. Military secondary
53.Cult's Blood 12. Open source guru 43. Marching orders?
54. Conference Keynoter 15. Bandwidth meas. (abbr.)
55. Cx Cc 16. Flash 44. Oy
17. Off The Hook theme 45. Future armies (acro.)
20. 212, 718 e.g. 46. Old Macintosh
22. P2P enemy 47. 2200+1700*2
23. Much of spam 48. 3110 to Telenet (abbr.)
51. Suffix deserving death?
l ~ o u l dyou prefer it if people didn't see you
lbuying it at the bookstore and follow you
after you leave the stog? \g &>
There's a soluki 84%
II o f It's called t h e 2600 Subscription and it can be yours in a couple
ways. Either send $20 for one year. $37 for two years. o r $52
I for three years (outside t h e U.S. and Canada. that's $30, $54, and
1675 respectively) t o 2600, PO Box 752, Middle Island. NY 11953
I USA or subscribe directly from us online using your credit card a t
I Theoretically you would never have t o leave your house again.
- P
-
many people ask us just how, These are the rules.11 entnes must
many Easter Eggs there are i n the Freedom Downtime DVDs t h a t / /
we've decided t o make a contest out of it. I f vou find the/\ber 1, 2005 and t h e winner ill b e /
highest number of Easter Eggs i n this double DVD iet, you'll win I/
announced i n the Fall 2005 issue.
What constitutes an Easter EaaI
the following: 1 / t h i n g on the DVDs that is deliberG:ly hi;-
/ den i n some way so t h a t you get a Little
I / thrill when you discover it. When you find
n l i f e t i m e subscription t o 2600
1
one of these, we expect y o u t o t e l l us how
you found it and what others must do t o
ALL back issues see it. Simply dumping t h e data on the DVD 1
\One item o f every piece of clothing we sell 11 is not sufficient. 1
j 1 It's possible that there are some Easter
f"IAn O f f The Hook DVD with more possible Easte r Eggs Eggs that don't require you to hit buttons
rl~nother Freedom Downtime DVD since you wr i l l have i but that contain a hidden message1
nonetheless. For Instance, i f you dlscover
probably worn out your old one that tahng the first l e t t e r of every word'
TWO tickets t o the next HOPE conference
.-
that Kevin Mitnick says i n the f l ~ mspells
out a secret rnessaoe bv aLL means ~nclude
- - < ,
1
Submit entries to: that. We will be judging entnes on thor-'
oughness and there is no penalty for see-
Easter Egg Hunt c/o 2600, PO Box 752, Middle Island, NY 11953 USA ing an ~~~t~~ E~~ that isn't there. you can
You can get t h e Freedom Downtime double DVD set by sending $30 t o enter as many times as You wish. Your best
score i s the one that will count. Remember,
t h e above address or through our Internet store located a t
there is no second place! So plan on
\ store.26OO.com. spending the next few months
Page 63 1
M@ElWNA FRANCE Florida North Carollna
R. l a u d d a l e : Broward HBU in the food
Buenos Ai*: In the bar at Sandgp(K.
AUSTRALIA
Awgnon: Bottom of Rue de la Republique
court 8 pm. -.-ha%-
Charlotte: South Park Mall food court.
I
in front ofthe fountain with the flowers. 7 pm.
Adelaide. At the payphoner near the 7 pm. neruillr: in the o i the &r:tiy fmtnsborNBIBFRock Cafe, !&dLv
AcaSemv Clnenia on Pullenev St 8 pm. , Gremlble: Eve, c a w of St. lorlda'i Reltl Uni<>nfood court 6 pm Shopping rcilte, 6 pm.
Brirbane: Hunsry Jacks on the aueen S t d'Hrre; ando: Farhlon Square Mall Food Court Raleigh: l p k Cafe And Intrlnet Garnlng
-*
Mall (RHS, opporitelnfo Booth! 7 pm Pans: Place de la Repi~bllque. ween Hovan (,ourmet and Miinthii Wok Ceotir. Royal rill 3801 Hilkbarough5: b pm.
Canberra: KC'S VirtualReabty Cafe. 11East (emot\il $(ountain.6 pm. 6 pm. Wilmington: Indepeodenr~Mall food
RW. Civic. 7 pm. Rennes: I n front of the store 3 l u e Box" Tampa: University Mall in t h e back of the court.
Melbourne: Caffeineat Rwault bar. 16 close t o the place of the Repubbc. 7 Pm. food court on the 2nd floor. 6 pm. North Dakota
Swaniton Walk. 6 pm. GREECE Georgia 'Far&-: West Aoei Mall food court by the
Perth: The Merchantlea and CoffeeHo~3e. Athenr: Outsidethe bookstore Atlanb: Lenox Mall food court. 7 pm. Taco 3ohn'r.
183 Murray St. 6 pm. Pa~arwtiriouan the corner of Patirion and Idaho Ohio
Svdnev:
. . The Crvrtal . Palace, front Stourman'. 7 pm. Boise: BSU Student Union Building, up- Akron: Aiabica on W Market Street.
barjbirtro, opposite the bur station area IRELAND stairs from the main entrance. Payphaner: interrertian of Hawkinr. W. Market, and
an George Street at Central Station. 6 pm. Dublin: Atthe phone booths on Wicklow (208) 342-9700.9701. Exchanqe.
AUSTRIA Street besideTower R~mfds.7 Pm. Pocatello: College Market, 604 South 8th Cleveland: Uniwrrity Circle Arabica.
Gnz: Cafe Haltertelle on Jakominipla+z. ~ L Y Street. 11300 Juniper Rd. Upstairs. turn right, sec-
BRAnL Milan: Piazza Loreto in hont of McDonalds. Illlnois ond room on left.
Belo Horizonte: Pelego's Bar at Assufeng. JAPAN Chicago: Union Station i n the Great Hall Dayton: At the Marions behind the Dayton
near the payphone. 6 pm. Toltyo: Linux Cafe in Ahhabara district. near the payphanes, 5;30 pm. Mall.
CANADA 6 pm. Indiana Oklahoma
AlbCIta NEW ZElLAND Evansville: Barnes and Noble cafe at 624 S Oklahoma City: Cafe Bella. southeast
Calgary: Eau Claire Market b o d cwrt by lucklsnd: London Bar, u ~ r t a i n .Wellesley G~~~~ ~i~~~ ~d. corner of SW 89th Street and Penn.
the bland yetow wall. 6 pm. St., Auckhnd CentraL 5:30 pm. Ft. Wayne: Glenbrook Mall food court in Tulsa: Java Dave's Coffee Shop on 81rt and
British Columbia Christchurch: Java Cafe, corner of High
Nanaimo: Tim Horton'r at Camox 8 Wal- front of Sbarrosr. pm, Harvard.
St. and Mancherterst. 6 pm. Indianapolis: Corner Coffee, SW corner of Oregon
lace. 7 pm. Wellington: Load Cafe in Cuba Mall. 6 pm.
Victoria: W Bakery and Cafe. and Alabama, Portland: Backspace Cafe. 115 NW 5th Ave.
NORWAY South Bend (Mishawaka): Barnsand 6pm.
1701 Government St. Oslo: Oslo SentralTrain Station. 7 pm. Noble 4601 GrapeRd,
Manitoba Pennsylvania
Tromrse: The upper floor at Blaa Rock Iom Alttntown: Paocra Bread. 3100 West
Winnipeg: St. Vital Shopping Centre. food Cafe. 6 pm.
court by HMV. Amer: Santa Fe Erprerro. 116 Welch Ave. Tilghman Street. 6 pm.
Trondheim: Rich Cak in Nardregate. 6 pm. Kansas Philadelphia: 30th Street Ration, under
New Brunswick
SCOTLAND Kansas City (Overland Park): Oak Park Stalrwell7 agn.
Moncton: Ground Zero Networks Internet
Gbsgov: Central Station, payphoner next Mall food court. Fittsburgh: William Fitt Union building an
Cafe, 720 Main St. 7 pm.
to Platform 1. 7 pm.
Ontalio Wichita: Riverside Perk, 1144 Bitting Ave. the University of Rteburgh campus by the
SLOVAKIA
Barri~ William's Coffee Pub. 335 Bryne Louisiana Bigelow Boulevard entrance.
Presov City: Kelt Pub. 6 pm.
Drive. 7 pm. Baton Rouge: In the LSU Union Building, South Caroltna
SOUTH AFRICA
Guelph: William'r Coffee Pub. between the Tiger Pause 8 McDonald's, Charleston: Northwoods Mallln the hall
(Sandton City): Sandton
492 Edinbourgh Road South. 7 pm. next to the payphoner. between Sean and Chik-Fil-A.
food court 6 3 0 pm.
Hamilton: McMarter University Student New Orleans: La Fee Verte. 620 Conti South Dakota
SWEDEN
Center. Roam 318.7:30 pm. Street' pm. Sioux F a \ k Emp~reMall, by Bu~gerKing.
Gothenburg: Outstde Vanilj. 6 pm.
Ottawa: World Exchange Plaza, 111 Albert Elaine Tennessee
Stockholm: Outside Lava.
St., second Raor. 630 pm. Portland: Maine Mall by the bench at the Knoxville: Borderr Bookr Cafe across from
SWITZERLAND
Toronto: Future Bakery. 483 Bloor St. Wen court door' Weltown Mall.
lausanne: I n front of the Mac00 beslde
Windror: Univerrity Student Center by the Ua$anlns Memphis (Cordova): San Francisco Bread
the tram station.
large window. 7 pm. Baltimore: Barnes 8 Noble cafe at the Company. 990 N. Germantown Parkway.
UNITED STATES
Quebec Inner Harbor. 6 pm.
Alabama
Montreal: Bell Amphitheatre, Massachusetts Nashville: 3-J's Market. 1912 Broadway.
Auburn: The student lounge uprtairr i n
I000 GauchetiereStreet. Boston: PrudenbalCenter Plaza, tenace Texas
the Foy Union Bu~lding.7 pm.
CHINA food court at the tables near the windows. Austin: oobie Mall food court. 6 pm.
Huntrville: square the
-
Hans Kong: - Pacific Coffeein festival
food court near McDonaldp.
Marlborough: Solomon Park Mall food Dallas: Mama's Pizza. Campbell 8 Preston.
Walk. Kowlwn Tong. 7 pm. 7 pm.
i
Tuscaloosa: ~ r h r l a n dM~II food court
UECH REPUBUC Northamptan: Javanet Cafe across from Houston: Ninfa'r Express in front of
Prague Legenda pub. 6 pm. near the front entrance.
Arizona Polaski Park. Nordrtrom'r i n the Galleria MalL
DENMARK Michigan San Antonio: North Star Mall food court.
Aalborg: Fan Eddy'r pool halL Phoenix: Borders. 2nd Floor Cafe Area.
2402 E. Camelback Road. Ann Arbor: The Galleria on South Utah
Aathur: In the far corner of the DSB cafe Uniwrsity. Salt Lake City: ZCMI Mallin The Park Food
in the railway station. Tucson: Borders i n the Park Mall. 7 pm.
Copenhagen: Ved Cafe Blaren. California Minnesota Court.
L~~ Angeler: Union Stahon, cornerf,, Bbomington: Mall of America, north ride Vermont
Sonderborg: Cafe Druen. 230 pm.
Alameda, Indde main entrance by food court, across from Burger King & the Burlington: Borders Books at Church St.
E m Macy
Port L i d : At the foot of the Obelisk bank of phones. Pqyphoner: (213) 972-9519, bank lrf payphonesthat don't take and Cherry St. on the second floor ofthe
(El Missallah).
ENGUND
Brighton: At the phone boxer by the Seal-
9520: 625-9923.9924: 613-9704. 9746.
Manterey: Morgan's Coffee & Tea. 498
Washington St.
"imingca'k'
Missouri
Kansas City (Independence): Barnes 8
cafe.
Virginia
Arlington: (nee Oirtrict of Columbia)
I
Orange Couno/ (lake Forest): ~iedrich Noble. *91M East 39th St Virginia Beach: Lynnhaven Mall on
ife Centre (scrarr the road from the Palace
~ St. t Louis (Maryland Heights): Rivah Lynnhaven Parkway. 6 pm.
Fier). 7 pm. Payphone: (01273) 606614.
Fxetcr: At the payphoner. Bedford Square.
7 pm.
coffee, 22621