Copy Link
Add to Bookmark
Report
System Failure 16
_.,ñ'ø`'ñ,._.,ñ ñ,._.,ñ'ø`'ñ,._.,ñ ñ,._.,ñ'ø`'ñ,._.,ñ'ø`'ñ,._.,ñ'ø`'ñ,_
ôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôô ôôô
õõõ `øõõõ .õõõõõ `øõõõ ,õõõõõ õõõõõ õõõ õõõ
'``""""^%,_`øõ"""""""''``""""^%,__`ø_.,a#õø''``` ` õõõõõ õõõ õõõ
ôa, ôôôa, `ôôôa, ôôôôô' ôaôôô ôôôôô ôôô ôôô
ôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôô ôôô
õõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõ õõõ
õõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõ õõõ
ôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôô ôôô
ôôô ôôôôô ôôôôô ôôôôô ` ````ø"""""""""ø'''' ' õõõ õõõ
õõõ õõõõõ õõõõõ õõõõõ õõõõõ .ôôõõõ `ø' õõõ
`"øýü--üýø"`"øýü--üýø"`"øýü--üýø"`"øýü--üýø"`"øýü--üýø"`"ø ø"'
sekwence/mimic
.----------------------------------------------------------------------------.
| System Failure: Issue #16-FINAL (05/03/1999) |
| http://www.sysfail.org/ |
| [sysfail@sysfail.org] |
`----------------------------------------------------------------------------'
<phelix> THERE IS NO MATRIX
<phelix> ONLY SPOONS.
<phelix> <- took the green pill.
.----------------------------------------------------------------------------.
| CONTENTS |
| SysInfoTrade by SysFail Staff |
| Goodbye by SysFail and Friends |
| Amateur Radio License Restructuring by Pinguino |
| The DaemonLinux Project by Saint skullY the Dazed |
| The Iridium System by Spee |
| Hackers and the Government by Gwonk |
| Freedom of Speech and the Internet by SlapAyoda |
| The Definitive Guide to PC Security Systems by Syphon Siege and Phett |
| RDF Primer by Secret Squirrel |
`----------------------------------------------------------------------------'
<-------+
| SysInfoTrade
+----------------> staff@sysfail.org
FBI FOCUSES ON TECHNOLOGY
"Technology will impact more directly on law enforcement than on most
sectors of our government," FBI director Louis Freeh said in a CNN
interview. Among the requested improvments are a $58.8 million budget for
an Information Sharing Initiative. This will get the feds special
off-the-shelf software designed to let investigators share case-files at
the whim of a few keystrokes. In the computer crime arena, 79 new computer
forensic examiners are being hired and trained. They want $5.34 million to
develop a Federal Convicted Offenders DNA database. Finally, a staff of 89
people for the National Instant Background Check System (aimed towards gun
buyers, but could be used for other purposes).
EBAY HACKED
Mach 13, 1999. A hacker by the nick of MagicFX gave a demonstration on
computer security, where he took down web auction giant, ebay.com. He
still, to this day, has root on their network, which consists of Windows,
BSD, and solaris machines. According to Forbes, MagicFX guessed a user
password and once inside, used an exploit to get root. He also dropped a
keystroke logger onto one machine.
original article:
http://www.forbes.com/tool/html/99/mar/0319/side1.htm
mirror of hacked site:
http://www.attrition.org/mirror/attrition/ebay.com
SEND AN EXPERIMENT INTO SPACE
NASA is offering a one cm cube space on the Mars Surveyor Lander mission
(April 10, 2001). To get your experiment on, you need to win a contest. It
has to be self-contained, and the results in view of the shuttle's camera.
No living matter. Contest rules and forms are at: http://planetary.org/
ERICSSON AND QUALCOMM AGREE ON WIRELESS STANDARD
Qualcomm's CDMA technology is expected to be the backbone for the next
generation of wireless communications. The focus will be on delivery of
voice, data, AND video. In this deal, Swedish based Ericsson will acquire
Qualcomm's research centers in San Diego and Boulder.
AOL INFECTS NETSCAPE
AOL bought Netscape for about $10billion in mid-March. They're cutting 20%
of Netscape's staff. An interesting aspect of this is that AOL has a deal
with Microsoft. In exchange for a start bar spot on systems sold with
win98 installed, AOL will push Internet Explorer through America Online.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Goodbye
by SysFail and Friends
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
####################### Logic Box (logic@sysfail.org) ########################
Well, this is it. I said it wouldn't happen, and I assured everyone we were
alive and well. We aren't. You have before you the final issue of System
Failure.
A number of factors have brought about our decision to retire the group. My
own personal dilemmas, which I will not comment on, played a large part in my
initial suggestion to retire System Failure. More importantly, we have
decided that the group simply lacks direction. Some of us just aren't focused
enough on what we need to be focused on. I don't completely want to see us
retire, but as skullY said, I don't want to see us go down in flames either.
Personally, I would rather we exit gracefully while we still can.
I can't speak for all of us, but for me, System Failure has always been about
friends. My fellow members are my family. Most of us have deep personal bonds
between one another. Producing the zine has also shown me that there are
people out there who really care about what we're doing, and they did their
part in helping us. I wholeheartedly thank everyone who has ever contributed
anything to System Failure. I would also like to thank all our readers. We
wouldn't have survived without you, either.
We're all still here. You can still come say hi to us on IRC, or e-mail us, as
usual. We're just not System Failure anymore. If you'd like to contact us,
come to EFnet or e-mail us at these addresses:
logicbox (logic@geekbox.net)
pinguino (pinguino@onix.net)
Mr_Sonik (sonik@clipper.net)
skullY (skully@onix.net)
spee (spee@onix.net)
barkode (barkode@geekbox.net)
With that, I bid you all farewell. It's been a good two years.
##############################################################################
###################### Pinguino (pinguino@sysfail.org) #######################
I write this in a swirl of emotions; SysFail has become a part of my life
and I do not want to let it go. However, Penguin Palace will be taking
over the functions of System Failure; a sect by the name of LineShift
created to oversee the creative ends of our digital projects. SysFail may
be gone, but each member, each contributer, and each reader, will pass the
knowledge along. Teach others, for it is the best way to retain what you
have taught yourself. In this, the legacy of SysFail shall live on.
My heart breaks to see SysFail go; this has been the most successful
creation I've ever had a hand in. The friends I've made through the zine I
will treasure forever. DefCon.. stories I shall retell endlessly. Goodbye
SysFail.. now another creation that exists only in my personal reality.
##############################################################################
####################### BarKode (barkode@sysfail.org) ########################
I write this at the last minute, just a few minutes before System Failure
closes up shop.
Well, what can I say. I joined System Failure not planning to stay in it
longer than it would take to fix things up. When I was first asked to join, I
was very hesitant. The group was pretty much a bunch of kids writing about
breaking into bell trucks, but I knew several of the members, and knew they
were smarter than that.
I'd gone through the phase they were in quite a while back, and I figured if
I could help accelerate the process of them growing out of the immature phase
they were in, into a more developed, intelligent area of their trades.
Joyce (pinguino) being a rather talented artist, Ryan (logicbox) being a *nix
ninja, Zach (skullY) the same, Sean (spee) was just downright smart and quick
on his feet, and Joe (Mr_Sonik) had his act together already. I figured I'd
just push them into writing more techincal articles and focusing on the
positive side of their underground-flavored periodical.
However, the problem was that System Failure wasn't exactly viewed as a
high-quality publication as far as the scene in concerned. I had to decide if
I wanted to be associated with this type of material or not, and if it was
worth it for me to go in and try to change things. In the end, I chose my
friends, and joined SysFail for a while.
Soon after, the magazine took a dramatic turn. I had serious discussions with
Ryan, who had felt the same way about things for a long time. He didn't like
the way the group was headed either, and together we started shaping SysFail
into something new. However, in the process of doing so, we realized that
maybe System Failure had such a bad start and had gone in the wrong direction,
and attracted the wrong crowd for so long, the group should shut down and each
member to do their own thing. Near the end, we just didn't have the devotion
it took to run this thing.
System Failure had been attracting the crowd of script kiddies and downright
theives, and once it turned to a technical area, that crowd was baffled as to
what the hell we were doing. "Where's the articles about breaking into your
RBOC" was something along the lines of an average question to the group.
At this point, I had been wanting out of the group for several months. I had
told Logic that my work here was done and that the rest of the group should
do their own thing. He had convinced me to stay around and help out, but
eventually it came down to today.
I'll miss feeling like I'm a part of this group. My fellow members are
talented in their individual fields, and I think everyone in our circle, as
well as our friends, has benefited in the end from the existence of this
group.
So what exactly does this mean? All it means is that System Failure isn't
releasing anymore issues. We're still friends, and will be as long as we can.
Joyce lives with me in Hollywood right now, where I'm working in the Motion
Picture industry. Ryan and I have been very good friends for several years
now and talk every day. Zach moved to California and we hang out pretty often,
talk just about every day. Sean I talk to on IRC and have yet to meet, and
Joe hopefully I'll see at DefCon this year.
We're all still on EFNet all the time, as barkode, pinguino, logicbox, spee,
skullY, and Mr_Sonik. Message us anytime, we're all pretty friendly people.
On a side note, I'm writing this after getting back from an office party from
which I did a bit of drinking, so if I come across in some strange way I won't
find out until I read this tomorrow. :)
I hope System Failure doesn't completely go away. It's a damn good name for a
group, and I wish we could salvage it for something else. I hope the issues
(at least the last 5 or so) get archived somewhere so that it's recognized
that this group put out some quality work and the name stays around to some
extent.
Thanks to you all. I hope that somebody, somewhere, learned something good
from this.
Here is where I sign off from the first generation of System Failure. Who
knows? Maybe there will be a second generation...
##############################################################################
####################### SlapAyoda (vader@geekbox.net) ########################
First off, I admit that I'm not the most qualified person to be writing an
article like this. I've haven't known the people behind SysFail for the
longest, and I certainly don't know them the best. Hell, I've only met one
of them in person. I just felt like this was an article I wanted to write,
and to hell with anyone who doesn't like it.
I've known System Failure and friends for about one and a half years. It
doesn't seem like a long time, and it sure doesn't feel like a long time,
but when I look back I see how much we've all progressed. If you've ever
been in #peng or #system_failure on EFnet, then you probably have somewhat
of an idea of who this "we" is that I'm referring to. System Failure is a
group of few, but the circle of friends that accompanies SysFail is a large
one. Throughout the years we've all changed greatly - for the better. When
I look at my old-school #peng logs, I see a much more immature, confused
crowd. Today, I think we have all refocused and reorganized our thoughts
and views. The childish pranks and "black-hat" nonsense is now gone, and
has been replaced with the thirst for knowledge about the things we love -
computers. It can be seen in our conversations on IRC. The actual issues
of SysFail show even more progress. Articles like "How to Harass over IRC"
have disappeared to make way for more thoughtful and relevant articles.
Everyone who regularly communicates anywhere finds there own "cliques", but
the SysFail crowd is different. While I've gone in other IRC channels to
find myself randomly kicked or yelled at by some stupid pricks on a
power-trip, #peng and the other channels we've hung out in have been unique.
From the moment I first entered #peng, I met people who were nice and knew
about the stuff I was interested in. It was because these guys were so nice
that I stuck around and eventually became good friends with them. In fact,
one of the things I told Logic the first time I ever talked to him was,"Hey,
you're a nice guy."
The zine itself has always been enjoyable for me. I've learned a great deal
about Unix, security, and even electricity. As I've matured, the topics in
the zine have matched my personal interests. I've been lucky in that
respect. The zine however, is not the most important part, to me, of
System Failure.
The important part is, fortunately, not going away any time soon. System
Failure - the group, will still be on IRC, sitting around like the geeks
that they are. The friends of SysFail will still be around, and most of us
will be going to Defcon this year. This will be my first Defcon, and I'm
looking forward to meeting the people who I've known for so long.
But, alas, as the zine that birthed so many great friendships and so many
great times fades away, I must bid my goodbye, my farewell to System
Failure.
##############################################################################
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Amateur Radio License Restructuring
by Pinguino (pinguino@sysfail.org)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Ham radio is looked upon as an archaic technology practiced by old men in
retirement homes. To push amateur radio to new levels of experimentation,
the FCC proposed a new liscense structure designed to streamline the
current procedures. The overall goal of the reform is to put the future
of amateur radio in perspective; unless the bands assigned to amateur
radio are better utilized, a risk of losing them to other organizations
will remain.
Currently, there are six classes of amateur radio liscenses: Novice,
Technician, Technician Plus, General, Advanced, and Amateur Extra. These
will be streamlined into Class A, B, C, and D. Technicians, who don't
have to know morse code, will drop class to D. Novices, Tech Plus, and
General will be merged together to form Class C. Advanced will be Class B,
and Amateur Extra makes up Class A. The ARRL wanted to make sure that people
who already held licenses wouldn't lose their privileges.
The Class D test is just a written exam. No morse code, yay! The Class C
test has a written part, and 5wpm code. Class C is the entryway to HF
privileges. The class B test is a more difficult written test, and 12wpm
code. The Class A test is a difficult written exam. The current Novice
bands are being reassigned, allowing Classes C, B, and A to receive an
increase in phone subbands.
A current breakdown of the bands and use can be found here:
http://www.arrl.org/field/regulations/bandplan.html
The US Amateur Radio Frequency Allocations can be found here:
http://www.arrl.org/field/regulations/allocate.html#power
"It has become more and more difficult in recent years to justify
retaining and defending our spectrum from commercial interests who make
some very good arguments as to why they should be allowed to use our
spectrum for endeavors that will generate jobs, used advanced
telecommunications techniques and put the spectrum to use for commercial
purposes, not just for hobby purposes," said ARRL president Rod Stafford
(W6ROD) in a letter to the radio community.
Ham radio operators use their frequencies for a variety of purposes:
casual conversation, contests, experimentation, disaster preparedness,
public service, education, and personal achievement. Many acquire vast
technical knowledge to expand the distance they are able to communicate.
When there's an earthquake, fire, parade, or air show, ham radio operators
are on the scene, directing traffic and providing alternate communication
methods. These are volunteers who have devoted part of their life to a
form of communication that's lasted over 70 years.
Enter the stream of ham radio, and put your knowledge to the test by
mixing new technology with the old. The FCC is making it easy for anyone
to get a ham liscense.. a little electronics and basic ham radio etiquette
and you're set.
ARRL's Proposal:
http://www.arrl.org/news/restructuring/proposal.html
FCC's Viewpoint: WT Docket No. 98-143
http://www.arrl.org/news/restructuring/98-143/nprm.html
Common Questions and Answers About Ham Radio:
Where can I learn more about Ham Radio?
http://www.arrl.org/hamradio.html has basic info on ham radio.
Also, there is a yearly event called Field Day that you may consider
attending. Clubs get points for each radio contact confirmed, and also for
showing off their setup to visitors. Usually visitors are taught how to
use the radios, and participate in the contest.
What's wpm?
Words Per Minute, i.e. morse code. Morse code is not needed for a Class D
liscense.
Where I can take classes for my liscense?
Most cities have a ham club. Track yours down, and see if they have a
class. Most do.
Who does the testing?
VECs.. Volunteer Exam Coordinators. There will be 3 VECs at the test.
Currently (pre-restructuring), a General can test those lower than him,
and up through Amateur Extra.. Amateur Extras can test people into Amateur
Extra. For more information, call the ARRL/VEC at 860-594-0300.
Where can I get a good ham radio?
Try newsgroups. alt.radio.swap is a good start. Post the model you are
looking for. I recommend a handheld 2M to start off with. Radio Shack also
sells basic ham radios.
What's packet radio?
With packet radio, you send "packets" of data through radio waves.
It can be satelite info, raw data, mail, or messages. It maxes out at 9600
bps.
Can we talk to aliens with ham radio?
No, but you can talk to astronauts through a special program called SAREX.
(Space Amateur Radio Experiment) http://www.gsfc.nasa.gov/sarex/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The DaemonLinux Project
by Saint skullY the Dazed (skully@sysfail.org)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
What's this, you ask? Another Linux project that's probably pointless to
anything the average person wants to do? Nope. Unlike the majority of
Linux projects, this is one that people should pay attention to, and
support. Not because it does something that will immediately be recognizable
to most people, but because it gives people a new choice.
History
-------
In the mid 80's, if you wanted to run a Unix-type operating system, you had
to get it from a company such as AT&T. There were no free operating systems
at the time. That's why Richard Stallman formed the FSF: to have an operating
system that was truly free. Free not only in the sense that you don't have
to pay for it, but also free in the sense that along with the program you get
the source code. This would allow people to truly own their software, and be
able to make changes to it.
The FSF's goal was to write a complete operating system based on Unix. This
is what's commonly known as GNU (GNU's not Unix). So they set about to write
all the standard Unix utilities, (ls, cp, libc, etc.) with the intent of
creating a whole operating system. About 5 years after they started this
project, they were nearing completion of all the commands, but still had not
started on a kernel for this operating system. This was about the time that
Linus started on Linux. He originally wrote it just for himself, but someone
convinced him to GPL it and contribute it to the FSF. Hence Linux as we know
it was born.
Flash forward to 1999. Linux is growing exponentially and achieving world-
wide popularity. Unfortunately for the FSF, everyone attributes this to
Linus, who in actuality contributed less then 10% of the total code in the
base OS (don't get me wrong, Linus is a very good guy, and without his kernel
Linux as we know it would not exist). The FSF, who contributed the majority
of the code needed to boot a minimal system was getting less then they felt
they deserved. So they started encouraging (some would say demanded) people
to call it GNU/Linux, to give the FSF credit where credit is due. However,
at this point in the game, trying to change how millions of people say Linux
is tantamount to having people call Disneyland "Eiserville." It's nearly
impossible. That's where the DaemonLinux project comes in.
Overview
--------
The DaemonLinux project was started to replace the GNU utils normally used
in Linux with their BSD counterparts. This is to give people an alternative
to GNU, and to say, "Hey look, there's a Linux distro that doesn't use GNU
code, so therefore Linux is not `GNU/Linux.'" At least, that's what the
founders of the project started it for.
Personally, I like the idea of the project because I've always preferred BSD
utils to GNU utils, but the Linux kernel progresses so much faster then any
of the BSD kernels do. Other people working on the project have their own
reasons for doing it. But whatever someone's reason for working on the
project, it's a good project and one everyone should take note of.
What Needs to be Done, and How to Help
--------------------------------------
The DaemonLinux project is still in its infancy stage. Work has just begun.
Rob Braun (bbraun@sparcy.synack.net) has gotten a bare install finished,
and says he will be uploading it somewhere in the next couple days. There's
a web page at http://synack.net/daemonlinux/ and a mailing list for discussion
of the project. Information for the mailing list is on the web page.
You can help with this project in any way you know how. If you know how to
code/debug, you can grab the OpenBSD 2.4 source tree and help port what
hasn't been ported yet. If you don't know how to code, but still want to
help, people are needed for documentation, testing, and other miscellaneous
things.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Iridium System
by Spee (spee@sysfail.org)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Hi and stuff. I'm going to talk about the Iridium System, which is a product
of Iridium World Communications, Ltd., based in Bermuda. Included in this
article will be details about the Iridium System, information on the
technology which makes it work, and information about different devices that
work on this system.
The Iridium System is a global wireless network, run by 66 satellites and
other land based wireless equipment that lets people communicate with
telephones and pagers throughout the entire world, no roaming, no out of
service areas, just being able to keep in touch 24 hours a day, 7 days a
week, wherever you are.
Satellites
----------
66 satellites in the Iridium System provide customers with the first-ever
low Earth Orbiting system for wireless phone service. These satellites
are close enough to the earth to be able to get signals from handheld
devices, such as PDA like the Newton and Palm Pilot, and the signals they
receive move overhead and not on cells, like current cellular phones do.
Iridium Phones
--------------
The phones that are used on the Iridium System communicate directly
through the Iridium network. The phones can be used as traditional cellular
phones where cellular service is available, or as satellite phones, using
the satellite system described above. This provides convenience for people
who live in areas where traditional cellular phone service is available.
Iridium Pagers
--------------
The pagers that are used on the system can, just like some pagers on the
market today, receive alphanumeric messages, not anything that special.
But, the fact that it can receive messages worldwide, and that it has an
international character set, can be of help to businessmen and other
individuals who must communicate in many different languages. The
batteries in these pagers last about a month.
There are many different types of services offered on the Iridium System.
Here's the breakdown:
* Iridium World Satellite Service
This service gives you a direct satellite link for all
communications, outgoing and incoming, in poorly covered areas,
remote areas, regardless of local equipment.
* Iridium World Roaming Service
This service lets you roam across multiple wireless protocols,
letting you have one phone number for all calls made everywhere on
earth, easier for everyone who needs to reach you to remember.
* Iridium World Page Service
Pretty much self-explanatory, worldwide alphanumeric paging.
* Iridium World Calling Card
Again, pretty much self-explanatory, lets you make phone calls
billed to your Iridium account, pretty much like any other calling
card.
Frequencies
-----------
The Iridium System uses a combination of Frequency Division Multiple
Access and Time Division Multiple Access (FDMA/TDMA) signals which work
very efficiently in a limited spectrum. The L-Band (1616-1626.5 MHz) is
the link that the satellite and Iridium subscriber communicate in, and the
Ka-Band (19.4-19.6 GHz downlink, 29.1-29.3 GHz uplink) is the link between
the satellite and the earth terminals and gateways.
Above, I've given general descriptions about the pagers and phones that
are used on the Iridium System. Now I will go into specific pagers and
phones that you can use.
* Kyocera Multi-Mode Telephone
This phone has dual satellite/cellular capability, and it
also sports a satellite attachment unit, which weighs about
400g, and with it attached, you have about 100 minutes talk time.
In cellular mode, it supports 9600 bps data transfers, with the
satellite mode on, it supports 2400 bps data transfers.
* Kyocera Satellite-Only Telephone
This one is pretty much self-explanatory, this pocket sized phone
works only on the Iridium World Satellite Service. It has the
same satellite talk time as the Multi-Mode phone, about 100 minutes,
has 2400 bps data transfers, and has a 24 hour standby.
* Motorola Telephone
Motorola makes a phone for use on the Iridium System, which weighs
less than .5 kg, and is a cellular/satellite phone, like the Kyocera
Multi-Mode Telephone. It switches between different local cell
networks by inserting radio cassettes, each with their own different
standards. To access the Iridium System, it has a Subscriber Identity
Module (SIM) card. This is for security, and prevents anyone from
using your phone without proper authorization; it also includes other
such personalized telephone features.
The Iridium System is a very technologically advanced way of communicating,
and some of the technology introduced in it may be used in communication
systems of the future.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Hackers and the Government
by Gwonk (gwonk@diversion.com)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
"All children know it's wrong to break into a neighbor's house or read
your best friend's diary. Unfortunately, fewer realize that it's wrong to
break into their neighbor's computers and snoop through their computer
files."
The above quote was attributed to Janet Reno during a press conference in
which she talked about the Cybercitizen Partnership, which was formed to deal
with promoting "cyberspace ethics" and will help law enforcement track down
hackers and crackers alike. The full story from the AP had some of the most
outrageous quotes in it, old lawmakers trying to understand computers and the
Internet.
"We cannot allow cyberspace to become the Wild West of the
information age."
"A decade ago, cybercrime and cyberterrorism didn't really exist
outside of Hollywood movies. Today, they are very real threats."
Both quotes attributed to Janet Reno.
Are these people just silly? Hollywood invented "cybercrime and
cyberterrorism?" Seems to me that Hollywood just capitalized on the
activities of other people as usual. Wasn't "War Games" written in 1983? It
would be pretty difficult to just pull a concept of cyberterrorism out of the
air. What is cyberterrorism, anyway? I think when these people sit down to
write their legal definitions, they are going to get really confused.
This initiative of the government seems to me to be much like the war on
drugs. Private businesses and federal agencies will be working hand in hand to
try and catch the evil hackers at their nefarious deeds. It will also create
a list of computer security experts and resources so that "law enforcement
will know where to turn." Just like when the war on drugs began, they are
going after the end user, the little guy. Basically, the initiative will be
the almighty anti-tigerteam, investigating denial of service attacks and ICMP
floods. If these businesses that the government are talking about care about
security at all, these are about the only things that will harm them anyway.
So, all you script kiddies out there better put all of your DoS attacks away,
or the FBI is going to be banging down your door.
There is one positive aspect about this, though. Chances are quite good that
if you are 13 years old, and the FBI comes to your house because you just
DoS'ed Microsoft's routers successfully, chances are you aren't going to ever
do that again. Nor would you touch a computer for a few years. All it takes
is one run-in with law enforcement, and the crackers-hackers who have not made
it very far knowledge-wise will never do anything on the edge of illegal
again. If they succeed in what they are trying to accomplish, they might just
get the number of people that are interested in hacking to drop dramatically.
Deputy Defense Secretary John Hamre was quoted as saying "This Pearl Harbor's
going to be different, It's not going to be against Navy ships sitting in a
Navy shipyard; it's going to be against commercial infrastructure, and we
don't control that. And there's been little progress on that."
Although I have to laugh again at the attempt of finding something that
cracking-hacking can be related to, I suppose he had a point. But before we
get to the actual point, let's take apart that statement for a moment. He is
relating computer crime to "Perl Harbor?" Hold on a second. Didn't people
die in Perl Harbor? I don't think some person is going to jump off of a
building because some hacker read through his diary. I guess this would also
be the first time that anyone from the government would actually say aloud
that they don't have control of commercial infrastructure, because for as
much as we wouldn't want to admit it, they do. Maybe he meant, "We don't have
control of the programs and the operating systems that these companies are
using to formulate their commercial infrastructure."
Because of course, that is the truth. Once this initiative goes through,
chances are they are going to setup a web-site. And depending on what
firewalls they have up for it, and what OS they are using, my guess is that
they aren't going to have to go very far to find their hackers. All they
would have to do, theoretically, is look through their own log files with a
pen and a piece of paper. But they would have to do it on a daily basis,
because sometime, from somewhere, a cracker would get in. And suddenly their
webpage would look like;
3y3 h4t3 3v3ry th1nG y0u 4r3 D0iNG t0 Th3 sc3n3!!!
The reason for this wouldn't be the OS or the firewalls they are running, it's
because they didn't spend any time on security. For all of you government
people out there, try doing something that works. Write something called the
Cybersecurity Partnership, where government agencies keep up on the most
current "exploits and DoS attacks" and maybe even write their own. Then
possibly you could talk to companies about them getting hacked, and post your
own most current exploits found, and not reveal any source for it. Microsoft
wouldn't respond to the hacking community, maybe they would respond to the
government. Maybe security of the systems should be the most important thing,
because as long as their are computers, there will be crackers and hackers.
The more secure all systems become the sooner there wouldn't be any crackers
at all. Contrary to government belief, you don't notice the hackers, you
notice the crackers. It would soon be thousands of hackers hacking thousands
of systems every day. And the crackers would be forced into breaking into
their next door neighbor's house, and reading their best friend's diary,
because they obviously don't have a sense of ethics in the first place.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Freedom of Speech and the Internet
by SlapAyoda (vader@geekbox.net)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
"We hold these truths to be self-evident, that all men are created equal;
that they are endowed by their Creator with certain inalienable rights; that
among these, are life, liberty, and the pursuit of happiness."
-- The Declaration of Independence
"When people talk of the freedom of writing, speaking or thinking I
cannot choose but laugh. No such thing ever existed. No such thing now exists;
but I hope it will exist. But it must be hundreds of years after you and I shall
write and speak no more."
-- John Adams
There is an apparent problem in the world today, and it's one that is not
often enough addressed. The United States of America has extended its power
to a dangerous degree. With the US's current world economic, military, and
political dominance, a potentially heinous situation has arisen. History
has proven that with power comes corruption, and there is no reason to
believe this is not true in the present. Be it the ancient Romans or Greeks,
or the modern Chinese, there are many examples that substantiate the claims of
greed and corruption associated with politics. In the case of the United
States, both US citizens and people residing in other countries have reason
to worry. Due to the US's unwritten "Police of the world" policy, it is
probable that foreigners will feel the United States' wrath. Also, the
government's domain of influence has increased with the acceptance of its
international aid.
The irony lies in this: America was formed as a rebellion against an
over-powerful government, by anti-federalists, and has slowly developed into
a government that is more powerful than the one it broke free from. The
difference is that America hides its power. Behind the mask of "democracy",
a "government for the people", raw power corrodes the delicate machinery
of justice. The jaded actions of politicians and the government in whole
are obviously influenced by the prospect of gaining power. America even claims
that its leaders are chosen by the people, but this is not true. The fact,
which most people seem to be unaware of, is that the President of the United
States is chosen entirely by Congress. This is not an irate political
criticism or bullshit conspiracy theory, this is fact. The popular vote is a
mere game, for a few months after the votes are tallied, an electoral college
assembles in their state capitals to choose the President. The idea behind it
is this: representatives are expected to choose the candidate the citizens of
their state have chosen, but they ARE NOT required to. Basically, this means
that in actuality, the leader of the United States government is chosen by
the government itself.
This sphere of influence, of course, extends into the fields of
telecommunications and computing. In 1998, a bill called WIPO (The World
Intellectual Property Organization) was passed by the Senate and House of
Representatives. WIPO is a bill that makes it illegal to reverse-engineer
any software, even if you own it, without the expressed permission of the
manufacturer. This kind of control is ridiculous. The government is
mandating the way you make use of software that you personally own. The
idea behind this is that it will eliminate the threat of malicious software
manipulation: pirating and exploiting. This, however is an outright false
assumption, because without a means of detection, the people who pirate and
exploit software will go away unscathed. Those who have made a job for
themselves as security consultants and the such, will no longer have a job.
Vel0city has written a more in-depth article about WIPO, see System Failure
issue 13.
In 1996, an act was passed that would and still does create more
controversy on the internet than any bill to this date. The
Telecommunications Decency Act, a bill that would make it legal for the
government to regulate the content of the internet if it found it to be
obscene, was protested by many. This bill gave the government the power to
fine the offender, imprison him, or both. One of the problems with the bill
is that it does not clearly enough describe which material is to be deemed
"offense". However, clearly defined or not, the whole concept of the bill
goes against the entire idea of "free speech" and "free press" that America
believes so strongly in. Could you imagine going to the library to find
pages ripped out of the books, and, upon inquiry, finding that the authors
of the books are now in a federal prison? This is obviously an affront to
the entire nation, and internet users abroad as well. The whole scenario
is very congruous to the setting of George Orwell's book, "1984". Which
brings us to our next topic...
George Orwell, political essayist of the 1930's and 40's, bestowed upon us a
work of utter greatness just before his untimely death. A novel, entitled
"1984", which is entirely like none other. It is the story of the future,
(1984, a distant future to someone writing in the 1940's), and it tells of a
government that has developed complete control over its citizens. At the
top of the government's hierarchy is "Big Brother", a omnipotent ruler that
may or may not exist, depending on the reader's interpretation. The
government deploys the use of mind control, thought reading, and torture to
acquire the desired behavior of its citizens. A dark and foreboding novel,
many regard it as a warning of what is to come.
The connection between 1984 and the current state of America today is
obvious. Although the extent is not as extreme as Orwell envisioned, the
wheels are in motion and the condition is worsening. The extent of
America's control is more present now than ever. Today, some rather clever
people make references to "Big Brother is watching" or the such, and this is
possibly true more than one would think. The FBI has always been known to
monitor telephone calls and place "bugs" in the homes of suspects. Though
some media, such as movies like "Enemy of the State", take this to an
unrealistic extreme, the government does monitor people.
There are currently various commendable efforts at promoting freedom in
telecommunications and computing. The Electronic Frontier Foundation
(www.eff.org), for example, is probably the largest and most productive
of these organizations. The EFF has an extremely large base of supporters
and is the fourth most linked to site on the internet. That's impressive.
However, let us analyze what they have actually accomplished. Has the
government stopped passing laws that prohibit and restrict the actions of
responsible computer and telephony users? No. In fact, just recently two
major bills were passed in The House of Representatives: The Wireless Privacy
Enhancement Act, which is awaiting decision in the Senate, and WIPO, which
was passed by the Senate and signed by the President. Has the government
made even an attempt at repealing the current laws that restrict free speech
on the internet? Not at all. This is not to say I don't support the efforts
being made. I just believe them to be relatively ineffective.
The internet isn't the only medium used to attempt to regulate the power of
the United States. Nor is the present the only time in which this
regulation has been valued. In fact, the entire founding of this nation was
based firmly on the idea of regulated power. In the writing of the
constitution, Madison, Adams, Franklin, and Jefferson made sure to include a
series of "checks and balances" to keep the government's power separated,
thus ensuring no one politician would have substantial control. This is a
great thing, and it actually works, except for one minor detail. It seems
that the majority of the politicians today have little knowledge about
technology, and they all seem to share a special misguidance in regards to
"hacking" and "hackers". Their attitudes seem to be often "let's take away
this so they can't do harm" or "let's make this illegal so that they can't
do this" without regard to the consequences it will have on law-abiding
citizens. This is unfortunate, but I doubt it will change.
"So, what is the solution to this great problem we face?", you ask. Well, it's
not as simple as I'd like it to be. As explained earlier, peaceful protest
and work the likes of the EFF does not have the desired effect. Even less
effective, however, are acts of terrorism or violent protest. Too often
I've seen on the news some poor fool who has taken the initiative to go and
harm others or others property in an attempt at getting his side of the
story heard. It is not "cool" to make explosives and take out a mailbox
because you read about it in your "mad anarchy warez". It is stupid and
immature to break things because you don't like how the government works. I
personally am not pleased with the current workings of our government, and I
take no part in such activities.
"Now, I'm confused. You mean there isn't a solution?". Actually, there is
one. First off, don't bother contacting your State Representatives or
Senators. They don't care. Also, don't react with violence, this will
only make your arguments less credible and get you into trouble. Instead,
you should protest peacefully when possible (with the small chance of it
having effect). Write about how you feel and get it published. If it
doesn't work, you can still take comfort in the fact that you made an
attempt. The most important thing to do is to be prepared for the worst.
Await and embrace the changes the government will confront you with. There
will always be opposition to your ideology, and you may as well be prepared
for what ever awaits you.
Please, feel free to e-mail me your thoughts, whether or not you agree with
mine. I'd be pleased to hear your opinions.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Definitive Guide to PC Security Systems
by Syphon Siege and Phett (pcsecsys@email.com)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
CONTENTS
--------
I. Introduction
II. Built-in OS security features
III. The importance of a Travel Disk
IV. Reviews of security systems
V. Conclusion
VI. Acknowledgments
VII. Contacting the authors
VIII. Final Thoughts
I. INTRODUCTION
In the media today, the most common computer crime stories are about the
break-ins using telephone lines. Whether the crime was premeditated or come
upon purely by chance, the outline remains the same: Bored teenager, looking
for a medium on which to apply his or her skills and knowledge of computers,
comes across a corporation or government computer on the Internet or allowing
call-in access for employees, and with a little work, breaks into it. The
result is always the same, Just looking, No harm done, and the intruder is
let off with a slap on the wrist (though in recent years, this has changed
CONSIDERABLY).
The computer crimes that the media doesn't cover are most often the ones
having to do with personal computers. These PC's are often inaccessible by
any other means than physical, either by stand-alone, or on a small, private
network. These computers are the responsibility of the lessor, who often
allows the machines to be used by customers and patrons, in environments
such as schools, universities, public libraries, museums, and record-keeping
establishments. The lessors are occasionally concerned about allowing open
access to these computers, but the chance to flaunt their ability to stay
current with the latest technology far outweighs the possibility of
destruction.
That is when the abuse begins. It might be a wantonly immature and
destructive act, such as deleting the config.sys or formatting the hard
drive. It might be an amusing and easily reversible act, such as changing the
screen saver text from "Welcome to the Buffalo Public Library" to "Help! I'm
trapped inside the computer!". Correctable or not, it is still abuse.
The provider is then forced to reevaluate its stand on public usage of the
computers. There are two solutions to this imbroglio: to disallow usage of
the computers altogether, or to devise a solution that would allow sanctioned
utilization while keeping the workstation free from inappropriate activities.
Thus, with no alternative in mind, the lessor turns to a security system.
That is where this paper comes in.
Several issues raised by administrators during their search for a suitable
security system are the reliability and flexibility of the program. This paper
will attempt to point out, for the benefit of hackers and administrators
alike, the various strengths and weaknesses of a fair number of security
systems on the market. The text will also cover basic security features of
personal computer operating systems, focusing on the built-in and pre-
installed tools of each.
The format of each entry in the review will be as follows:
1) Security system name and version
2) Operating system
3) Manufacturer of security system
4) Contact information for manufacturer
5) Pricing information
6) Defining features of the the system
7) Description of the security implemented
8) Strengths of the security system
9) Weaknesses of the security system
10) Summary
The entries will be in alphabetical order, with a full line of equal signs(=)
denoting the end of one entry and the beginning of another. Security systems
with the same name but differing operating systems will be reviewed as two
separate entries. The latest version of each security system will be
reviewed, but any largely significant flaws in previous versions will be
listed in the Weaknesses portion of the entry. This paper is accurate as of
1/1/99.
NOTE ABOUT THE EDITORIAL POSITION OF THIS PAPER: The position of this paper
is from a hacker's perspective. The authors are hackers, those individuals
who intrude on computers and computer networks for amusement and for the
purpose of staying current with the latest software and vulnerabilities. In
writing this paper, the authors have attempted to evaluate the integrity of
these programs in a professional and business-like sense. In doing so, it
is our hope that this paper helps hackers and administrators alike to
forward stronger, more secure personal computers, while expressing the
notion that information should not be restricted in any way, shape, or form.
II. BUILT-IN OS SECURITY FEATURES
-- MS-DOS and PC-DOS
Almost everyone who has ever used a computer knows of DOS.
However, a recent survey shows that only 36 percent of the
computer-using population knows how to use DOS proficiently.
This paper assumes a basic working knowledge of DOS and its
various methods of working with files. Although DOS was
originally engineered to be a stand-alone operating system
with one concurrent user, several procedures have been
created in order to provide slightly tighter security.
One procedure is the file attributes. In DOS, a file can
have any or all of these attributes:
A -- the archive attribute. Used mainly for
reference and delimiter for the XCOPY command.
R -- the read-only attribute. Files with this
attribute set cannot be written to or moved
until the permission is removed.
H -- the hidden attribute. Files with this
attribute set do not show up in normal DIR
commands. You must type DIR/AH to show all
the hidden files in a directory.
S -- the system file attribute. When operating
systems are first installed, most files needed
for the basic operation of that OS are often
tagged with the system attribute, as to
prevent moving or alteration.
These attributes are set by the DOS command ATTRIB. The
format is as follows (assuming C:\> is the prompt):
C:\> ATTRIB +A +R +H +S filename(s)
The +A toggles the archive attribute on the file, as the +R
toggles the read-only attribute, and so on. To remove
attributes, the format is as follows:
C:\> ATTRIB -A -R -H -S filename(s)
Up to four available attributes may be added or removed at
one time.
The file attributes were not meant to prevent any misuse,
only to deter it. Any serious attempts at security require
a separate program. However, another simple way to deter
misuse is to name files with the ALT-255 character. This
character is blank, so it will appear that the file has no
name. To do this, you must hold the ALT key while typing
255. You may do this multiple times, but you must remember
how many blank characters you typed in, or you won't be able
to access the file!
Ultimately, we have found that the file attributes in DOS
are more of an annoyance than an obstacle. The simple fact
remains is that DOS was not engineered for security. DOS
does have a provision to prevent a user from cold booting
by hitting Shift, F5, or F8 at bootup, though. To enable
this, the command "SWITCHES= /N" must be inserted as the
first line in the CONFIG.SYS. A user will not be able to
interrupt the loading of the CONFIG.SYS. This option has
been included in every Microsoft operating system since.
-- Microsoft Windows and Windows for Workgroups 3.x
Ahhh, Windows. The ease of a GUI and the security you demand,
all in one package? Nope. Not even close. Although
significantly more graphical and user-friendly than its
text-based counterpart (a downfall in the opinion of these
authors), Windows has several built-in restrictions that can
be invoked to partially secure the workstation. These
restrictions are set for the Windows shell Program Manager.
The shell Windows uses when it starts up is set in the
system.ini file in the Windows directory in the [boot]
section of the file. The current shell name is after the
"shell=" near the top of the file. The default is
"progman.exe" (Program Manager), but you can set this to
anything you want, such as File Manager (winfile.exe).
The only restrictions, however, are for Program Manager.
That in itself is a security hazard, anyone who knows the
name of another Windows shell (that is unsecured) can gain
full access to the system. Keep a close eye on your
system.ini, admins. The Program Manager restrictions are set
in progman.ini, and may be typed manually. Just create a new
section at the end of the file. They are as follows:
[Restrictions]
EditLevel=4
NoClose=1
NoFileMenu=1
NoRun=1
NoSaveSettings=1
EditLevel=4 means that any user cannot delete, change, move,
or view any program groups' properties. In Level 3
the user can view the group properties. With 2, the
user can move the group. With 1, the user can change
the group properties.
NoClose=1 means that any user cannot exit Program Manager.
NoFileMenu=1 means the entire File menu in Program Manager
will not be visible.
NoRun=1 means the Run command from the File menu will not
be visible.
NoSaveSettings=1 means that no Program Manager settings will
not be saved, no matter what changes are made.
Of course, the progman.ini IS in plaintext, and Windows does
not protect this file in ANY way, so the Windows 3.x
restrictions are a rather poor choice.
--Microsoft Windows 95
The "true" 32-bit operating system from Microsoft has
already been adopted as the de-facto standard operating
system on most newly-shipped computers. This is primarily
because of its ease of use and cheery help messages.
Windows 95 has a number of built-in restrictions that are
accessed through the registry, and may be modified with
registry-editing tools (Regedit and Poledit). Some of the
restrictive options include: Hiding all icons on the desktop,
Removing the Run command from the Start menu, specifying
which programs are able to run, as well as many others.
A number of the security systems reviewed in this paper use
the built-in restrictions as their implementation of
security. A user could then employ Regedit or Poledit to
disable the security set forth, thus disabling the system.
These security options are weak, as you will observe. The
more intelligent security systems have their own
seperately-coded module, that doesn't employ the built-in
restrictions. These are often the security systems that
succeed. However, the module only works if it is loaded
correctly, and the methods of loading programs on startup
in Windows 95 leaves much to be desired. The three main
ways a security system can be loaded in Windows 95 are:
through the traditional CONFIG.SYS and AUTOEXEC.BAT,
through the Startup program group, and through the registry.
The CONFIG.SYS and AUTOEXEC.BAT are fairly given, as is
the Startup group, but the registry requires a bit of
explaining. Windows looks at a series of keys in the
registry before it loads Explorer. These keys specify what
programs are to be loaded at startup. The names of these
keys are Run, RunOnce, RunServices, and RunServicesOnce.
The difference between the Runs and the RunServices are
that the RunServices load before the network login, and
the Runs load after logon. These keys can be accessed
in various locations in regedit, or in a graphical interface
with poledit. A user could simply remove the keys that load
the security system and then reboot Windows.
Another significant flaw in Windows 95's security is the
Ctrl-Esc flaw. This glitch would allow a user to access
the program TASKMAN.EXE, the windows task manager, before
EXPLORER.EXE loads. Before the Start Menu or Desktop items
appear, hold Control and hit Escape, this will bring up task
manager, which in theory would enable a user to run programs
before Explorer loads.
Also, If the option BootSafe=0 is not present in the
MSDOS.SYS, a user could power off the machine while Windows
is loading, thus bringing up a message on boot that would
allow the user to boot into safe mode. Since safe mode does
not process the startup files or registry, a user could then
modify these settings and reboot, having the computer under
his control.
A NOTE ON BIOS AND SECURITY: A major flaw in almost every security
system on the market today is the fact that they are unable to protect the
floppy drive at bootup. The administrator must set the boot sequence from
A: to C: in BIOS manually, a task that many neglect to do. Once we determined
that a security system was present on the computer, this would be the first,
but NOT the only, method we would try to bypass it with.
III. THE IMPORTANCE OF A TRAVEL DISK
The importance of a travel disk cannot be understated. A travel
disk is basically a disk with various utilities on it that aid
in the removal or nullification of PC security. Our respective
travel disks have programs that clear CMOS settings, modify registry
restrictions, along with many others. The contents of our personal
travel disks will now be examined:
95SSCRK.EXE: Windows 95 screen saver password cracker. One
of the best we know.
ADMIN.ADM: Template file for Poledit.
AM.EXE: AMI BIOS cracker. Always useful.
AW.COM: Award BIOS cracker. See above.
BOSERVE.EXE: The infamous and ever-versatile Back Orifice.
DEBUG.EXE: Useful for invalidating CMOS on older machines.
DELETE.EXE: Marks a file for deletion, then overwrites it
with null bytes to ensure it cannot be
recovered.
DLLMAN32.EXE: Hands down, the best keystroke recorder for
Windows. Written by our friend Luna.
F.EXE: Fdisk, renamed for quicker typing. You'd be surprised
how many "secure" logons can be defeated with a
simple MBR wipe of "fdisk /mbr".
NTFSDOS.EXE: The infamous utility that allows users to view
the "secure" NT file system.
NTFSHLP.VXD: Long filename helper utility for above.
P.EXE: Poledit, renamed for quicker typing purposes. One
of the most intregal tools in defeating PC security.
PKUNZIP.EXE and PKZIP.EXE: Useful for viewing the contents
of zip files and compressing files needed to be
copied.
PWLVIEW.EXE: Displays the contents of password lists.
(Dial-Up passwords, shared resources)
QPRO200.DLL: Needed by DLLMAN32.
STRINGS.EXE: Needed by 95SSCRK.
SYS.COM: To restore MBR + system files, and thus, hard drive
functionality after a "fdisk /mbr".
XCMOS.EXE: One of the best CMOS-clearing programs written.
All of these programs can be found on the Internet. Along with these
programs, the travel disk should also contain the necessary files for
a boot disk (COMMAND.COM, IO.SYS, etc.) With this collection of
tools and a good knowledge of PC's, anyone has the capability of
removing virtually any security system on the market today. However,
we know first-hand that store owners and salesmen do not appreciate
disks being put into their floor model computers, so if the need
arises to test this paper's methods on one of these machines, please
be nonchalant about it.
IV. REVIEWS OF SECURITY SYSTEMS
NOTE: This paper was written with the idea that the administrator
wanted users to have access to the PC's, but not enough to cause
any significant and/or irreversible damage.
=============================================================================
1) Security System Name and Version: Cooler 1.0
2) Operating System: Windows 95
3) Manufacturer of Security System: Fortres Grand Corporation
4) Contact Information: Internet: http://www.fortres.com
5) Pricing Information: $20.00 for educational single, $25.00 for
commerical single.
6) Defining Features of the System: an icon of a cooler in the tray.
7) Description of Security Implemented: The program uses a self-
contained executable to implement the security. With Cooler,
the administrator may restrict specific actions in virtually
any Windows program.
8) Strengths of the Security System: Technically, there is nothing
wrong with Cooler. It was coded quite well. It can be very
broad or very specific in its restrictions. The configuration
is done through a straightforward, easy to understand GUI
interface.
9) Weaknesses of the Security System: The one major fault of Cooler
(and many other systems, as you will see) is in the way it is
loaded. Since Cooler cannot protect access to the registry,
anyone can go in (either with regedit or poledit) and simply
delete the key that runs Cooler on startup.
10) Summary: Cooler on its own is a rather weak, yet innovative
security system. Paired with its sister program, Fortres 101,
however, it could make a very deadly combination, giving
administrators precise control over the user's actions.
=============================================================================
1) Security System Name and Version: Crowd Control 1.0
2) Operating System: Windows 95
3) Manufacturer of Security System: Sahalie Software, L.L.C.
4) Contact Information: Internet: http://www.cyber-dyne.com/~sahalie ,
email: sahalie@cyber-dyne.com
5) Pricing Information: $29.95 for one registered copy
6) Defining Features of the System: an icon showing three people in
the tray.
7) Description of Security Implemented: As was discussed in the
previous section, the built-in Windows 95 restrictions are
the core of this security system. The program uses a
cheerful, pleasant interface to allow pre-configured users
access while disabling context menus such as Run, Find, and
Settings from the Start Menu. It also allows to hide drives
in My Computer and Windows Explorer, and to disable access
to the DOS prompt.
8) Strengths of the Security System: The interface is very user-
friendly, providing for few administrator errors.
9) Weaknesses of the Security System: The entire system is based on
the Windows 95 restrictions. It does not protect the boot
sequence, and is loaded through the registry after logon
(leaving it prey to the Ctrl-Esc flaw). If the administrator
does not
set all the allowed Windows applications in the
Programs tab, anyone can throw a disk with Poledit in the
drive and it's over.
10) Summary: Generally, any security program that uses the built-in
restrictions of the operating system is flawed, if not just
because of the ease of reversibility. This program certainly
reinforces that idea. Everything this program does you can
do manually, for free. But we wouldn't even bother.
=============================================================================
1) Security System Name and Version: FoolProof For Windows 3.x v3.0
2) Operating System: DOS/Windows 3.x
3) Manufacturer of Security System: SmartStuff Software
4) Contact Information: Internet: http://www.smartstuff.com
5) Pricing Information: $47 for one copy.
6) Defining Features of the System: A small padlock in the upper
left hand corner of Program Manager.
7) Description of Security Implemented: A DOS driver is used to
enact security. A Windows GUI administration interface is
provided. The system has options to restrict program
execution, file saving, and the use of "dangerous" DOS
commands.
8) Strengths of the Security System: Once the computer has booted,
the system is in place securely. The administration GUI
has a variety of options for different security
configurations.
9) Weaknesses of the Security System: The administration GUI is
at times very difficult to understand, as the options are
very vague and non-descript. The main flaw in FoolProof
is, once again, how it is loaded. If a user were to interrupt
the execution of the AUTOEXEC.BAT, he would then have full
access to the computer. FoolProof for Windows 3.x has no
provision to stop interruption of the AUTOEXEC.BAT, and
as a result, a user could remove the line which loads the
FoolProof TSR and reboot, having complete control over the
system.
10) Summary: Bottom line, FoolProof simply does not accomplish what
it proports to do. It can be defeated with, literally,
"the oldest trick in the book," and should not even receive
a passing glance when choosing a PC security system.
==============================================================================
1) Security System Name and Version: FoolProof For Windows 95/98 3.7
2) Operating System: Windows 95/98
3) Manufacturer of Security System: SmartStuff Software
4) Contact Information: Internet: http://www.smartstuff.com
5) Pricing Information: $99 for one copy.
6) Defining Features of the System: Under normal operation, a little
padlock is resident in the tray. However, if the
administrator enables the options to obfuscate the presence
of FoolProof, there are few apparent features displayed.
7) Description of Security Implemented: FoolProof is loaded in three
different locations. One is through the CONFIG.SYS, which is
the "Security System Driver." We believe that this driver is
loaded only to give the appearance of security being
implemented. That way a user would infer that this was the
only way that FoolProof was being loaded, and would
concentrate all their efforts on modifying the CONFIG.SYS,
which cannot be modified while FoolProof is active.
Another way is through one of the RunServices, which loads
the FoolProof Sweep option, which clears all files saved in
unauthorized locations. FoolProof itself is finally loaded
as a service through the registry by the driver FPVXD.VXD.
The location in the registry where this driver resides is:
\\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\FoolProof
As for the security itself, it uses mainly Windows
restrictions, along with some well known DOS boot protection
methods.
8) Strengths of the Security System: The Switch! This might be one
of the most innovative novelties we've seen in years! The
system itself is considerably less than innovative, using
simple Windows and DOS restrictions to enforce security.
FoolProof is unobtrusive, however, as it doesn't conflict
with programs on the hard drive.
9) Weaknesses of the Security System: Where should we start?
As with other, more versatile, less expensive security
systems, the problem once again is how the program is
loaded. Deceive, conviegle, and obfuscate is fast
becoming SmartStuff's corporate motto. A prime example of
this is the false "Security System Driver" that is loaded
in the CONFIG.SYS, which in reality does nothing. Another
demonstration of weakness in FoolProof is the masking
options. Apparently, SmartStuff is too scared that if a
user discovers what security system is being used, he
might find a way to remove their precious FoolProof.
The Keylock feature is pathetic, entailing only commands
that can be entered manually. The Bootlock feature is even
worse, allowing a user to run programs from a floppy, and
even disabling the feature itself with a simple "SYS C:".
FoolProof itself can be disabled with frightening speed.
If a user were to hit CRTL-ALT-DEL as soon as the wallpaper
appears, then double click outside of the Close Program
dialog box, Task Manager would open, allowing unrestricted
access to the computer. From that point, a user could
eliminate the means by which FoolProof loads (CONFIG.SYS,
various locations in the registry), and restart Windows,
with FoolProof not loading and being completely useless.
A more unethical user could also remove FoolProof, in a
number of more destructive ways. These ways can include:
deleting the C:\SSS directory, where FoolProof program
resides, as well as deleting system files or even formatting
the hard drive. Hmmm. And how much did you pay for that?
10) Summary: While FoolProof has been labeled by SmartStuff as,
"THE cross-platform security solution," we have found that
the only question is a solution to is the phrase,
"What is the most foolish way to waste a hundred dollars?"
This pathetic excuse for a security system is ridiculously
ineffective, as it relays almost entirely on the built in
restrictions of Windows. A custom dialog box here and there
poorly provides the illusion that FoolProof itself is
providing the restrictions, but the sad truth of the matter
is this pitiful software can be removed with the most basic
of methods. SmartStuff Software itself is so anal about
their trial software, that our recent telephone conversations
nearly reached the point of insanity. Prospective programmers
take note: This is what *NOT* to do when writing a security
system. "Security Solution ?" No, good readers, the only
solution FoolProof provides is that of its own demise.
=============================================================================
1) Security System Name and Version: Fortres 101 for Windows 3.x
Version 2.51d
2) Operating System: Windows 3.x
3) Manufacturer of Security System: Fortres Grand Corporation
4) Contact Information: Internet: http://www.fortres.com
5) Pricing Information: $49 for one educational copy, $59 for one
commercial copy.
6) Defining Features of the System: Funny sounding bleeps when the
computer boots. The Fortres Grand Corp. logo flashes in the
lower right hand corner of the screen when Program Manager
loads.
7) Description of Security Implemented: Fortres 101 uses its own
restrictions to enforce security by a TSR loaded in the
AUTOEXEC.BAT (FGSA.EXE). The configuration screen is very
intuitive, and the options are very thorough.
8) Strengths of the Security System: Once Fortres is active,
Program Manager cannot be exited, minimized, or moved.
The Run command can be restricted, Program groups cannot
be modified, and the files necessary to load Fortres are
protected.
9) Weaknesses of the Security System: Other than the obvious boot
from floppy, Fortres 101 has a little difficulty dealing
with the CHGAT.EXE utility. This program is installed with
Fortres, and is intended to be used to remove write-
protected files on the hard drive when upgrading. If a user
were to run CHGAT -R, despite Fortres' restrictions, all
write-protected files on the drive would be reset. A
common way to get access to a "command prompt" is through
programs like Microsoft Word. Click Help, then About, then
System Info. This opens Microsoft System Information, a
handy program that allows you to execute programs.
Surprisingly, most administrators look right over this.
10) Summary: Fortres 101 for Windows 3.x has few vulnerabilities,
mostly because of the functionality of the operating
system.
=============================================================================
1) Security System Name and Version: Fortres 101 3.0 for Windows 95
2) Operating System: Windows 95
3) Manufacturer of Security System: Fortres Grand Corporation
4) Contact Information: Internet: http://www.fortres.com
5) Pricing Information: $49 for one educational copy, $59 for one
commercial copy.
6) Defining Features of the System: Funny sounding bleeps when the
computer boots. The Fortres Grand Corp. logo flashes in the
lower right hand corner of the screen when Explorer loads.
7) Description of Security Implemented: Fortres 101 uses its own
restrictions to enforce security by a TSR loaded in the
AUTOEXEC.BAT (FGSA.EXE). The configuration screen is very
intuitive, and the options are very thorough.
8) Strengths of the Security System: Fortres 101 is by far one of
the most versatile and solid systems on the market today.
The system can be configured to be compatible with any
Windows program on the computer. The settings can be imported
and exported to provide for easy replication on a group of
machines.
9) Weaknesses of the Security System: As with almost any security
system, if the administrator misconfigures Fortres, a user
could easily disable the security. Also, a programming
flaw: If a user were to attempt to overwrite a protected
file (such as AUTOEXEC.BAT), then initiate the shut down
procedure, Windows would produce an error that it cannot
shut down while the Save As dialog box was open. After a
user confirmed this message, and attempted to save this
file again, the system would accept the change. A similar
procedure works when attempting to delete other files
(FORTRES.EXE). A system administrator could disable this
option, but the process may still be used by running
Fortres' own shut down executable, FGCLO.EXE. This
executable is included in every Fortres installation,
and is located in the C:\FORTRES.101 directory
(by default).
10) Summary: Fortres 101 is one of the most commonly used security
systems. Despite a few glaring flaws, Fortres still out
performs their competitors by far.
=============================================================================
1) Security System Name and Version: Full Armor Zero Administration
(FAZAM) 3.7
2) Operating System: Windows 95
3) Manufacturer of Security System: Micah Development
4) Contact Information: Internet: http://www.micah.com
5) Pricing Information: $300 for a three-user minimum license.
6) Defining Features of the System: A little red shield that sits in
the tray.
7) Description of Security Implemented: A self-contained executable
that loads through the registry after the network logon. The
program employs both Windows restrictions and its own
security measures. It allows a user to access many of the
functions of Windows, but does not give a user permission to
modify settings. It can restrict what programs can run on
drives A: to Z: . It displays an error message whenever a
user tries to perform a forbidden action.
8) Strengths of the Security System: The system is very reliable,
and crashes infrequently. The restrictions, if set up
properly, can significantly deter the destructive actions of
a user. The Configurator interface is user-friendly and
straightforward. Most importantly, registry-editing tools
(REGEDIT and POLEDIT) can be disabled.
9) Weaknesses of the Security System: The Full Armor loader
(ARMPROT.EXE) is loaded through the registry after Windows
has initialized, leaving it prey to the Ctrl-Esc flaw.
A user could easily hit Ctrl-Esc immediately after the
Windows screen has appeared, hit Alt-F, then run a program
from a floppy to edit the registry. As long as the program
was initialized before Full Armor has completely loaded,
the program will finish running, Full Armor will load,
and the desktop will appear. (hint: POLEDIT!) Also, if
the administrator did not disable the Ctrl-Alt-Del
function, a user could employ that method to kill the
program immediately and completely.
10) Summary: All together, this security program just doesn't
accomplish the task of implementing security. It was
written to fill in the cracks of previous versions, and
as a result, failed to provide its sole purpose for
existence.
=============================================================================
1) Security System Name and Version: Full Control 1.5b
2) Operating System: Windows 95/98
3) Manufacturer of Security System: Bardon Data Systems
4) Contact Information: Internet: http://www.bardon.com
5) Pricing Information: $49.95 for a registered copy.
6) Defining Features of the System: A little eye
appears in the tray.
7) Description of Security Implemented: Full Control is loaded
through the registry, in HKEY_CURRENT_USER, HKEY_USER,
and HKEY_LOCAL_MACHINE Runs. By default, it locks users
out of My Computer, Network Neighborhood, and Control
Panel. Another option is a feature called rollback.
Rollback essentially copies unmodified versions of
Windows system files (WIN.INI, SYSTEM.INI, CONFIG.SYS)
to their original state. These files can be copied from
any location on the hard drive or over a network.
8) Strengths of the Security System: The Rollback feature is
useful in certain situations, to deter accidental or
intentional damage. The system restores SYSTEM.DAT and
USER.DAT on every boot, ensuring that Full Control
loads every time Windows does.
9) Weaknesses of the Security System: For one, if a user tries
to run Regedit, the window appears, but is immediately
followed by a Full Control dialog box asking for the
password. Since the Full Control dialog box is not
spawned by Regedit, it is a completely different
application. So if a user were to click anywhere outside
the dialog box, Regedit would still be fully useable.
This in itself does not allow a user to disable Full
Control, as the registry is restored every time the
computer boots. Defeating the Rollback function is a
ridiculously easy task. If the "Copy-From" directory
is on the hard drive, a user could simply modify those
files, and when Windows restarts, the new settings will
be in place. If the "Copy-From" directory is on a
network drive, a user could remove the network cable
from the computer when Windows boots, and modify the
files already on the hard drive. You can't copy files
over a network if the network doesn't exist! But the
most glaring and personally amusing flaw in Full
Control lies in the WIN.INI. When an administrator
registers Full Control, the registration information
is stored in the WIN.INI. If a user were to comment
out or delete this information, then restart Windows,
a helpful dialog box will magically appear,
displaying a useful bit of information: the password.
Since the registration information is gone, Full Control
assumes it is still a shareware version. Since the
shareware version's whole purpose is to elicit orders
for the full version, it displays the password in hope
that the user would purchase the full version in order
to effectively secure a computer.
10) Summary: The name Full Control is rather misleading, for
many of the restrictions used are not able to be
configured by an administrator. That coupled with the
laughable fact that the system can be disabled with
two keystrokes and two switches of the power make
Full Control an unlikely choice for anyone serious
about PC security.
=============================================================================
1) Security System Name and Version: PC Security 3.1
2) Operating System: Windows 3.x
3) Manufacturer of Security System: Tropical Software
4) Contact Information: Internet: http://www.tropsoft.com
5) Pricing Information: $34.95 for a registered copy.
6) Defining Features of the System: A small blinking red light
that runs as a minimized program.
7) Description of Security Implemented: The system uses built-in
restrictions of Program Manager and its own security
module to provide security. This module is loaded through
the WIN.INI.
8) Strengths of the Security System: PC Security 3.1 can prevent
users from accessing virtually all items (groups, icons)
on the Program Manager desktop. Another strength is the
System Lock feature, which basically a screen saver which
requires a password to gain access to Program Manager.
9) Weaknesses of the Security System: For one, the system doesn't
prevent the user from exiting to DOS. Once in DOS, the user
has full access to the computer. The program also doesn't
provide for boot protection, floppy or boot keys. Those
weaknesses in themselves are a reason not to use it, but
the program itself is not even written correctly. If a file
is set as "locked" in PC Security, a user can still access
and modify the file.
10) Summary: This program is based towards users who would like
minor levels of security. Anyone looking for anything stronger
should look elsewhere.
==============================================================================
1) Security System Name and Version: PC Security 95
2) Operating System: Windows 95
3) Manufacturer of Security System: Tropical Software
4) Contact Information: Internet: http://www.tropsoft.com
5) Pricing Information: $34.95 for a registered copy.
6) Defining Features of the System: A small blinking red light that
sits in the tray.
7) Description of Security Implemented: It uses basic Windows
restrictions along with a system locking interface to
lock the computer.
8) Strengths of the Security System: To this date we don't know
exactly how PC Security loads. There is a program in the
registry, SDAEMON.EXE, that PC Security installs, but even
if this is removed, the program still operates. The Shortcut
Locking features works quite well, as it sets the executable
that the shortcut points to as "in use by another program."
9) Weaknesses of the Security System: PC Security's methods of
blocking users actions are rather weak. It relies entirely
on the built-in restrictions of Windows, and, that known,
does not prevent programs being run from a floppy. With
Poledit, a user could nullify the effect of this system,
then boot into DOS mode, and remove the PC Security
directory.
10) Summary: See previous entry, as the Windows 95 version is
little different.
==============================================================================
1) Security System Name and Version: PrivateEXE 2.0a
2) Operating System: Windows 95
3) Manufacturer of Security System: MidStream, Inc.
4) Contact Information: Internet: http://www.midstream.com
5) Pricing Information: $29.95 for a registered copy.
6) Defining Features of the System: A protected executable asks for
a password before it will run, and displays "Protected by
PrivateEXE.
7) Description of Security Implemented: The program is not memory-
resident, it simply modifies the executable the user wants
to protect to contain a password. Then it creates a copy
of the original executable for "backup purposes", and names
the backup with the name of the original, with "_ORIGINAL"
prepended.
8) Strengths of the Security System: The password that protects the
executable is coded inside the file, so that anyone who tries
to view it only sees gibberish.
9) Weaknesses of the Security System: We are still unsure of why this
program makes an unprotected backup of the original exe file.
Anyone can just delete the protected program and rename the
backup to the original name.
10) Summary: This system might be effective if it didn't make a copy
of the executable, or if you remove the backup manually,
otherwise save your money for something else.
=============================================================================
1) Security System Name and Version: SecurIT 16 3.77
2) Operating System: Windows 3.x
3) Manufacturer of Security System: Internet Software Solutions Ltd.
4) Contact Information: support@issol.co.uk
5) Pricing Information: $29.95 US dollars for one registered copy.
6) Defining Features of the System: The existence of a directory
called C:\SECURIT (by default).
7) Description of Security Implemented: The system uses its own
program to lock, encrypt, or "shred" files on the computer.
Also, the device driver SHARE.EXE is needed by the system
to help enforce security.
8) Strengths of the Security System: The Shred Option works well,
as it overwrites the file with NULL bytes before deleting it.
9) Weaknesses of the Security System: For some reason, the system
needs to be loaded to ensure that locked files stay locked,
and if a user were to exit to DOS or remove the line from
the WIN.INI, the system would be disabled.
10) Summary: SecurIT is geared towards locking out and encrypting
certain files, and not towards providing full system
security.
==============================================================================
1) Security System Name and Version: SecurIT 32 3.76
2) Operating System: Windows 95
3) Manufacturer of Security System: Internet Software Solutions Ltd.
4) Contact Information: support@issol.co.uk
5) Pricing Information: $29.95 US dollars for one registered copy.
6) Defining Features of the System: The existence of a directory
called C:\Program Files\Securi32 (by default).
7) Description of Security Implemented: The system uses its own
self-contained executable to lock, encrypt, or shred files.
8) Strengths of the Security System: SecurIT locks files well in
Windows.
9) Weaknesses of the Security System: The system needs to have
Windows loaded in order to work. That says it all.
10) Summary: See above.
==============================================================================
1) Security System Name and Version: StopLight 95 PRO 3.20
2) Operating System: DOS/Windows 3.x/Windows 95
3) Manufacturer of Security System: Safetynet Co.
4) Contact Information: Internet: http://www.safetynet.com
5) Pricing Information: $129.95 for a single workstation.
6) Defining Features of the System: The full-screen logon sequence
during boot, and the red-white yin-yang icon in the tray.
7) Description of Security Implemented: StopLight loads the logon
driver at the end of the processing of the CONFIG.SYS.
Now, assuming an administrator wants users to have access
to the computers, the user would have his own login and
password. The system blocks attempts to access Regedit and
Poledit, and modification of system files.
8) Strengths of the Security System: It's very good. The security
is probably one of the strongest around. Most methods for
defeating PC security do not work on StopLight.
9) Weaknesses of the Security System: The only weakness that we
discovered is that the system doesn't prevent booting
from floppies.
10) Summary: StopLight is a solid security system, with only minor
flaws. It is one of the few programs in this paper that
we would pay for.
==============================================================================
1) Security System Name and Version: StormWindows
2) Operating System: Windows 95
3) Manufacturer of Security System: Cetus Software
4) Contact Information: FwCetus@aol.com
5) Pricing Information: $25.00 for a single registered copy.
6) Defining Features of the System: A window icon with a lightning
bolt through it on the Start menu.
7) Description of Security Implemented: This program uses Windows
restrictions as well as its own methods. The most notable
feature is the ability to lock out Regedit and Poledit,
even if the executable has been renamed.
8) Strengths of the Security System: Registry editing tools cannot be
run at all. The GUI is fairly straightforward.
9) Weaknesses of the Security System: The major weakness is that it
can be uninstalled while still running.
10) Summary: Overall, this program isn't up to par with others in its
genre.
==============================================================================
1) Security System Name and Version: WinShield 2.15
2) Operating System: Windows 95
3) Manufacturer of Security System: Citadel Technology
4) Contact Information: Internet: http://www.citadel.com
5) Pricing Information: $69.95 for a registered copy.
6) Defining Features of the System: A little keychain-shield that
sits in the tray.
7) Description of Security Implemented: WinShield uses Windows
restrictions as well as its own self-contained executable
to implement security. WinShield is loaded through
the registry before and after Windows logon.
8) Strengths of the Security System: The administration GUI is
well-written and easy to use. The options that can be
configured are plentiful, ranging from explorer
controls to DOS restrictions. If a user manages to run
Poledit, the file WSHOOKS.DLL will produce an error when
a user tries to view the programs loaded on startup, thus
preventing removal of the the system.
9) Weaknesses of the Security System: The program has no
provisions to stop interruption of the boot sequence,
so the user is free to start the system in safe mode
and disable security. But the one main flaw of WinShield
is this: it can be uninstalled while it is running. A
user could open APPWIZ.CPL, located in the directory
C:\WINDOWS\SYSTEM\, by right-clicking on it in any
dialog box (Open, Save As), and selecting "Open with
Control Panel." WinShield provides no restrictions
on this action whatsoever.
10) Summary: WinShield is a poorly written program, and this
is reflected in this very review. It should not even
receive a second thought when choosing a security
system.
=============================================================================
1) Security System Name and Version: WinU 4.1
2) Operating System: Windows 95
3) Manufacturer of Security System: Bardon Data Systems
4) Contact Information: Internet: http://www.bardon.com
5) Pricing Information: $49.95 for a registered copy.
6) Defining Features of the System: Quite literally, it is the
system. WinU is a menu-based replacement for the standard
Windows shell, Explorer.exe.
7) Description of Security Implemented: When Windows loads, WinU is
loaded as the shell. A menu appears with a series of icons
representing the programs that can be run. The administrator
can add or remove any of these programs at will.
8) Strengths of the Security System: When WinU is active, security
is fairly strong. The system cannot be exited, it restricts
everything except programs the administrator has laid out.
9) Weaknesses of the Security System: If a user were to interrupt
loading of Windows, say, by turning off the power, the
computer, on its next boot would automatically give the
option to boot into Safe Mode. At this point a user could
remove WinU in a number of ways. The link to start WinU
could be removed in the Startup folder, the Shell variable
in the SYSTEM.INI could be changed back to Explorer.exe,
thus rendering WinU ineffective. If a user desired to
learn the password, the registration information could be
commented out in the WIN.INI. As with its sister program,
Full Control, WinU displays the password on the next load
of Windows.
10) Summary: WinU has been highly praised for its impenetrable
security. We can't understand why.
=============================================================================
V. CONCLUSION
Our journey through the land of lame security programs has made us
much more aware of the increasing lack of quality of the systems
being offered. It is very difficult to choose a clear "winner,"
for all security systems have flaws, as this paper has demonstrated.
However, based on the current information, if asked, we would have to
recommend either Fortres 101 or StopLight. Both are quality, well
written programs that have been on the market for some time. While
both have their flaws, their strong points outnumber their
weaknesses.
VI. ACKNOWLEDGEMENTS
Wow, do we have a lot of people to thank. Here goes:
Thanks to LuNiTiC, for getting Nick started with security
systems in the first place by tossing him a disk with Full
Armor on it.
Thanks go to Visual Coat, for being Nick's constant
competitor, and getting his ass going when he lagged
behind.
Thanks go to ECC, who got Sean going with security
systems, by demonstrating their total lack of knowledge
on the subject.
Thanks go to Rick Jeannerte and the Buffalo Sabres for
keeping us sane while racking our brains for solutions.
Thanks definitely have to go to the caffiene gods, for
keeping us up during the wee hours.
Thanks also go to RATM, NIN, and Ozzy for keeping us
supplied with fiery energy when we were down.
Thanks go to the backup QB for Jacksonville, who swears
very loudly and obscenely.
Too many thanks to specify: Uzi, Nate, Trilobyte, Michelle,
Agent-X, Chrome, Ice Blue, Freestyle, Luna, Saccharin,
Outcast, Circuit Phreak, HiTimes, and the rest of the
Buffalo 2600 crew.
VII. CONTACTING THE AUTHORS
The authors can be contacted at their joint email account of:
pcsecsys@email.com . We welcome any and all comments and criticism.
System Administrators: Please keep the vugarity to a minimum.
VIII. FINAL THOUGHTS
While we have pretty much have undermined a few companies' demises
by exposing flaws in their prized programs, they will correct these
weaknesses. It may take a while, but they will try to impove. But
we'll always be there. Oh, it's true, we can't keep anything to
ourselves. But then, we get the chance to make you guys look like
complete asses. Seeya around.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
RDF Primer
by Secret Squirrel (ssq@secretsquirrel.org)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
There seems to be more interest in locating radio transmitters, and with
that in mind I am writing this article to help people understand just what
is going on. This article assumes that you have little or no knowledge about
Radio Direction Finding (RDF), so it will keep to fairly basic principles.
There are a few reasons why people want to locate a transmitter. Police
want to know the direction of a criminal using a cell phone, or a 'bumper
beeper' which is used to track a vehicle. Amateur radio operators often
schedule 'fox hunts' where you have to locate a transmitter (this is more
popular in Europe, but its gaining popularity in the US). There may be some
interference caused by a radio transmitter, and you may want to know where
it is, so that you can stop/reduce the interference. Whatever the reason, it
is a fun hobby, doesn't require a license or a lot of equipment to get started,
and who knows you may actually learn something about radio while hunting.
THE GEAR
--------
You will need a little bit of gear, although more serious hunters may want
to get some better gear, but this is a good place to start, and should be
sufficient for most people. There are a few different methods of antenna
systems that you can use. While I wont go into some of the more expensive
and complicated systems in this article, the systems here are used by many
people and are quite good for most uses.
I will be putting up different antenna designs at
http://www.secretsquirrel.org over the next few weeks, so that you can
make them yourself, and experiment (which is fun and one of the most
important things, play around you may learn something that isn't in here)
The basic gear that you need is a radio receiver, and an antenna. To
increase the quality of the hunt, you may want to have a local map (one
with topographic information may also help). The radio should have a
signal strength meter so that you can tell when your antenna is pointing
the right direction. An attenuator is a good idea for when you get closer
to the signal. For larger hunts, you may want a super sensitive antenna
array for the car, and a smaller hand held system for when you are close and
have to walk around to actually find the transmitter.
ANTENNAS
--------
The first antenna category want to discuss is a directional antenna.
There are a few types of directional antennas that are easy to build. The
most common one is a parabolic antenna. This is the common 'dish' that you
see in many movies, and what is used by DSS and other satellite TV systems.
The parabolic antenna doesn't have to be circular, although that is the most
common, it doesn't work as well if you are looking for transmitters because
the area that it 'sees' is so small. With a parabolic antenna you have to
aim it at the transmitter, and it doesn't hear what isn't directly pointed at
(so if you are a little off you don't get any signal). A similar antenna is
the parabolic plane antenna, and it overcomes this disadvantage.
The parabolic plane antenna is much like it sounds. Take a flat surface
and bend it so that its curved on one side, see pplane.jpg. This antenna
can 'see' more RF on the flat sides than a circular parabolic antenna. This
allows it to scan a little better. If you rotate the antenna so that the
flat sides are on the top/bottom the antenna is good for scanning the
horizon looking for a transmitter where the elevation may not be known.
Another directional antenna is the canister antenna. This antenna is
more or less a coffee can with only one end removed and a little antenna
stuck in one end. With this type of antenna, you point the opening of the
antenna around, and when the opening the facing the transmitter you have the
highest signal strength. This is a very easy antenna to make, and can be
made out of items that most everyone has in their house
already.
Another type of directional antenna is the yagi. These are ideal for
handheld usage (at higher frequencies) as well as for mounting on a car,
however they can get quite large. The yagi antenna is basically several
elements that are parallel to each other with a support bar that is
perpendicular to those elements.
Another type of antenna is the quad. The quad antenna is similar in
appearance to a yagi, but it has some advantages at 2M (150 MHz) which
is where most amateur hunts are. For the same length antenna a quad has
about 2dB gain more than a yagi. The quad isn't as affected by the metal
in a car, which means that it can be mounted closer, helping to avoid trees :)
The antenna is shorter when configured for vertical polarization.
Polarization refers to the way the radio energy is transmitted. It can
either be horizontal or vertical. If the transmitting antenna is straight up
then its vertical, if its parallel to the ground its horizontal. Because its
somewhat important to match the polarization, especially with weak signals,
between the transmitting and receiving antennas, you may have to rotate your
antenna to match. This is why cell phones don't work as well when they are
flat on a table, and work best when the antenna is straight up and down.
The quad antenna is an antenna that has typically 4 squares. Each square
is parallel to the others. They are spaced and mounted into a frame that
looks like a yagi. Quads are very easy to build, but they are somewhat big,
so don't plan on using a quad while walking around :)
Aside from directional antennas there are some better systems out there
that are accurate, and require less manipulating (with a directional antenna
you must rotate it around to find the transmitter). The Doppler antenna
is a fairly good antenna but doesn't lend itself well towards being handheld.
This is the type that police cars use to track LoJack (stolen vehicle tracking
system). This antenna system doesn't work well if the polarization is
different. Doppler antenna systems almost always have horizontal polarization.
Doppler systems work on the principle that the receive frequency will
differ from the transmit frequency based on the relative velocity between
the transmitter and receiver. This is the same reason that a train or car
appears to have an increased pitch when approaching you, and a decreasing
pitch when its going away from you. The noise is actually the same, but
it appears to be different.
The shift in frequency is directly related the the relative velocity
between the transmitter and receiver. Radio waves travel at the speed of
light, about 186,000 miles/sec. If there is a transmitter transmitting at
145MHz, and you were to move towards that transmitter at about 4550MPH,
it would appear that the transmitter was transmitting at +1kHz, if you
were travelling away from the transmitter at the same velocity, it would
appear that the transmitter was transmitting at -1kHz. This is because
4550MPH is about .00068% the speed of light, and 1kHz is about .00068%
the frequency 145MHz.
A real Doppler system will have an antenna that moves around in a circle,
since this is impractical to do at any speed that would be beneficial,
we use multiple antennas positioned in a circle, and rapidly switch
between them. Police cars use 4 antennas (so it looks like a square) for
LoJack, but any number of antennas can be used with a minimum of 3. The
fewer antennas you use the more inaccurate your system will be. If you look
at many police cars now, especially in larger metropolitan areas, you will
see 4 antennas at the rear of the car, those are the ones used for LoJack.
Let's assume for a moment that we have a single antenna that is spinning
in a circle. As the antenna approaches the signal source the voltage from
the discriminator will be positive. As it moves away from the signal, it
will be negative. It will form a nice neat sine wave. By monitoring this
signal, and knowing which antenna is active at that point in time, we can
tell direction of the transmitter.
In our pseudo Doppler system, where we have multiple antennas arranged in
a circle, as we switch from one antenna to the next, going around in a circle,
we give the illusion that we are moving that antenna. This forms something
that is close to a sine wave. For a sample illustration of the differences
between a real Doppler system and the one that we are going to use, see
doppler.jpg.
Now that you have an antenna you are set. Or are you? What would happen
if you were close to the transmitter? Would your signal strength meter
vary? Odds are it would be very difficult to locate the transmitter
without another simple little device. An attenuator.
OTHER GEAR
----------
Attenuators can be very helpful when you are close to a transmitter. When
the signal is strong, it will appear to be coming from every direction.
What an attenuator does is block some of the signal so that only a portion
goes through. This makes it easier to find the transmitter when you are
close to it. A good idea is to have a variable attenuator, so that you
can add attenuation as you get closer, making it easier to track both
weaker and more powerful transmitters.
A sniffer is a small handheld radio device. This typically isn't as
sensitive as the big array that you may have on your car, but it works
perfectly for those times that you have to go on foot, or are really close
to the transmitter (most rules state that you have to touch the transmitter).
Sniffers are only good when there is weak or absent modulation you may
need a yagi or other directional antenna if there is strong modulation. If
the signal is hard to detect you may want to tune slightly off frequency
or add in an attenuator, or perhaps both. Another trick, which is commonly
used with yagis is to goto the 3rd harmonic.
The 3rd harmonic is 3*the frequency. If the frequency you are looking for
is 145.45 then the 3rd harmonic is 436.35. Both frequencies are in the
amateur band, so finding receivers for them wont be a problem. This also
means that you will be able to buy a 440 yagi off the shelf for just a little
money (but it really is fun to build stuff yourself :)
If you tune to the 3rd harmonic of the transmitter, you will typically only
be able to hear the transmitter when you are close. If you have a yagi on
your radio you should be able to more quickly locate the transmitter.
TECHNIQUE
---------
Now that you know some of the gear to get, you need to know how to use it.
The best hunter with the worst gear can often do better than the worst
hunter with the best gear. Technique is everything. Here are some pointers
to help you out.
Don't track down the transmitter by going directly to the strongest
signal, goto a hilltop and triangulate
If you cant hear the 3rd harmonic of the fox, it isn't there its further
away
Don't rush into where you think the transmitter is, if you are getting close
keep taking reading, you may find that you need to turn around later.
Don't pay much attention to other hunters, or where people have hidden
transmitters in the past. The other hunters may try to fool you into
looking for the transmitter where it isn't, or they may not have any
idea what they are doing. Also, people typically wont hide transmitters
in the same place twice (or even the same type of place).
With rectangular streets one of the faster methods of finding the
transmitter is the stairstep method. Lets say that the signal is on
your left. Drive down the street until the signal is at 270 degrees
(straight left).. Turn left and drive until the signal is either
directly right or left (90/270 degrees).. Turn towards the signal,
repeating this until you are there.
Watch out for multipath. Multipath is when you appear to have multiple
received signals from different locations. This is typically caused
by the signal bouncing off of objects, such as hills, buildings, power
lines, metal fences, or even airplanes. Here are some ways to help
prevent multipath, ensuring a more accurate signal.
MULTIPATH
---------
Your RDF gear will not tell you the direction of the transmitter, instead
it will tell you the direction of the received signal. If that signal
bounces off an object, then you will have an inaccurate reading.
Anything that stands between you and the transmitter, or is close enough
to the signal path to cause reflection or distortion, can make the DF unit
misread the direction of the transmitter.
TO HIGHER GROUND
----------------
If you are next to a hill on your left, and the signal appears to be coming
directly from the left, you know that the signal cant come through the hill,
if the transmitter is on your left, you will either lose the signal, or its
arriving at your antenna via reflection.
There is a large power line or a high metal fence. The metal picks up and
re-radiates the signal. Your DF equipment continues to point to the lines or
fence.
You are in a canyon, the signal bounces between the sides of the canyon.
Your gear may tell you that the signal is directly in front or behind you,
regardless of the real direction of the transmitter
You are on top of a hill, but there are other hills and the transmitter
is low and obscured, the best signal path may be via a bounce from one of the
other high hills, making it look like the transmitter is in that direction
when it may not be.
If the signal goes down as you move along, while moving towards a hill,
it typically means that either the transmitter switched power/antennas
or the signal is behind the hill. If the signal jumps up suddenly that
indicates that the transmitter either increased power/switched antennas
or you came out of a shielding terrain feature, such as a hill or building.
The solution to these problems is typically to get to higher ground. In
some cases it may take multiple readings from multiple high points. If you
are in a hilly terrain, then you will want to find a high hill, or tall
building.
Getting up high may not be that easy, due to time, or other factors. If
you cannot get up high, take readings of the transmitter often, and try to
anticipate reflections. You can also see if the signal fades in a direction
it used to be which could indicate that its behind that hill.
DISTANCE GUESSING
-----------------
This technique is typically only accurate for line of sight signals of the
same polarization. You can take guesses as to the distance of a transmitter
based on signal strength. If there isn't a lot of hills, or tall buildings,
this is more difficult to do, however if you are in a residential area, or a
desert, or some other area that is fairly clear, the signal is affected by
the inverse square law. This means that every time the distance from the
transmitter is doubled the far field signal power drops to one quarter,
everything else being equal. This makes the voltage at the receiver input
terminals drop to one half.
There are field strength meters available that will tell you the relative
strength of the signal that you are monitoring. Some radio devices
have these built in, most cell phones have a debug mode that will tell you
the signal (in a real number, not just the S-meter) the signal strength of
the cell tower that you are currently talking to.. You can get similar
devices for other radios.
The receiver input voltage increases as a function of relative distance
from the starting point. when the strength is twice that of the starting
point (6dB greater), you have gone halfway, all other factors being equal.
When it is twice the half way reading, you have gone halfway between
the halfway point and the transmitter, or 3/4 the distance.
As you get closer you may find that your signal strength meter is all the
way on. How do you tell if you are getting closer or not? Additionally
most S-Meters are more inaccurate at the edges (all on/all off). To
cure this, you can use an attenuator. If you notice that your S-meter is
all the way on, you may want to add some attenuation. In our above
example, if you are at the 3/4 point, and you add 6dB of attenuation,
you will see that your S-meter will read the same as it did at the
halfway point. If you add 12dB attenuation, it will read the same as it did
at the starting point.
There is another method using geometry that will help you to guess how close
you are. However this method doesn't work well if there is multipath. Using
the principles of a right triangle, you can determine the distance of the
transmitter by taking a sample of the signal at both 45 and 90 degrees.
C
|\
| \
| \
d| \f
| \
| \
-------
B e A
A,B,C are angles
d,e,f are sides
We know that the total of all 3 angles in a triangle is 180 degrees. We
know that the angle at point B is 90 degrees. We know that the angle at A
is 45 degrees. This means that angle C must also be 45 degrees (180-(45+90)).
If C is the same angle as A then this is an isosceles triangle, therefore
lines AB and BC are equal. The distance between the 45 degree reading
and the 90 degree reading puts us that distance away from the transmitter
(at the 90 degree point). If we took the 90 degree reading first, rather
than drive back to the 90 degree point, we can figure the hypotenuse based
on the Pythagorean Theorem, which states that in a right triangle, the
square of the sides that form the 90 degree angle added together equals the
square of the hypotenuse (the longest side, the one that doesn't intersect to
form a 90 degree angle.
In our example (d*d)+(e*e)=(f*f) (the square character doesn't display
everywhere).. We can solve quickly for f since we know that e=d, and we
know what e is.
IN CLOSING
----------
Now that you know the basics of the gear, how to use it, and some pitfalls
that you may encounter the rest is upto you. Go out and make some antennas,
start simple.. Figure out where known transmitters are. If you don't have
a radio but do have a cell phone, make an antenna that you can plug into the
external antenna jack of the cell phone and track down some cell towers (you
can usually see them quite a way off so it makes it easier).. Be careful when
making antennas though, if they are poorly made, it can ruin a transmitter.
I will be putting up antenna designs on my web page in the future (should
start appearing there in the next few weeks). The url is:
http://www.secretsquirrel.org/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=[ Rape the System Failure ]=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
