2600 v25 n2 (Summer 2008)

7/21/2019 2600 v25 n2 (Summer 2008)

1/68

7/21/2019 2600 v25 n2 (Summer 2008)

2/68

7/21/2019 2600 v25 n2 (Summer 2008)

3/68

ToeThe Best of TimesDon't "Locate MeExploring Road Runner's Internal Network

Hackin Wireless Networks with ndows

The HughesNet FAP

TELECOM INFORMER

Hacking Society

Thirteen Years of Starting a Hacker Scene

HPing (The Part I Forgot)Meditation for Hackers: All-Point Techniques

Fun with Network Friends

Hacking: A Grati Writer's Perspective

ACK PRSPECTIV: arry Wes

A Portable Encpted Linux System for Windows

Mac Address Chager

7/21/2019 2600 v25 n2 (Summer 2008)

4/68

l la l a l pp l l l l f W l pp l l e

l a p l l p

W app pl ll f l el t

W app p a ll l e pl p l f a f pl p l l l a l fe f a ffe e t u a t e l a f u u l p l l f a tat te

S t a l l a a l a aout f atl t o th eae

7/21/2019 2600 v25 n2 (Summer 2008)

5/68

a o e eah of hee peo eoud he e o e oe ea oa

he hae le ha eae e o el ef a l a el affee he

ha ol ao f o loo a e of o a l e f o e l a aopae eh f eo l l oe ha e h e eh o lo opleel ffee he p ehe e le eaeh ae la a eo peo al l epeeheo ae a l l l e ha el h e h ll he ae l h ma e

O e l a

ee e e e ha e h a p a e p a h h u ee jus e a ha e p e ea a a pal eh e l e l l hae l e e a hle l a l l l h W ju a v rJp mrl p e pole c, ju l e al l le r pe l

ael plhe a e

a le o eee "pa

We a hae ee

ea We ee app elf ee Wle le e e e f e . k e

T1I.1Z ll Cl lr I Wl ll

p l elpe e hg e

7/21/2019 2600 v25 n2 (Summer 2008)

6/68

ni'Loca M'

y Trry Stenvo themrgmailcom

Discaimerh art r uatoa pupos

Ch o o attpta yth h aut hr hd p ty th r u o th oto

Gnra nformation

s yu a o th tur th oops 3 upat orth pp Ph a Po h th " LatM atu h eat prod yaothr opy d Syho Wreshttp://www.skyhookwireles .com/)

Sho t a WPS or W Postog Syste otes usrsby kowg the oto o ter wreess perorms ther oto etures ay a WPS rre edge te spe geogrp oto

ode; Pmob e evthe C oat abee ote

7/21/2019 2600 v25 n2 (Summer 2008)

7/68

h M p h fr u l h p h l he M h p f l h h l h h

h h l f l h M h ph l hr M r h h MC S pp p hMC r h hp f p o pu huh hr ru h " "

Step 2: Setting up your computer

h e d u r puo P h pof h Mdres h h hhr e r r h r r he h pf h pf v ru h r p ru h o fr h / skyck s 00:00:00:00:00:00.Yu eed h h M dr h eveh MC r f h Your oo h r he ouers HCP ser hd ou IP dres o yur oe dev h

Step 3: F ind ing theapproximate location

h you g yu r ve

bewee you l

pp h h pf Mh

ph u p rur h Ml rh ph

u M p f h fu pr h k h r h h Mrr p hek h h r

h AP' fe mehodC ofen

h h

7/21/2019 2600 v25 n2 (Summer 2008)

8/68

by Tim The cable

mpl outnMot ISP requir you o hve a mom tkin veryof some ort For roaban cble th i hrugh th uull DSIS (at Over Cb Sevice th ISP' seInerf;c Spcifction) comptile evice, to h cvion 1., 11, 20 o 30, epending on onntion yur ISP' nees Tis vice s ssenil to he evic

o cbl inrn!t a i iote n use the connecon vriou fqunies on the l line which Tey o tihv en reerve o internt service. All uch Oiof th infmtin is demin y yur ISP nl MTS tn i ivr h om vi p uly PHP,fm m rvr n yur IPs nnpulic m mchnw Yr mom hs MA

S he rsor ik ny hr ntwk vi, n fr me inti i uully thi h h ISP us o uhn nwok ri you th nwk Th CMTS l tu u thMm rminin Sy i whr h th hey rtrnin betwn l n fibr hppn, hi; h r intr At ny rt on drs iv

yur vi i trmind t liim y n, th mth i rmin by h ISP, I wa ittut i m likly h MAC rsyu r rur u a uli IP rs Th is lso n mor untinrnl rs grne he mom, ws oing h

ll d h h

7/21/2019 2600 v25 n2 (Summer 2008)

9/68

some s imp le nmap commands and d i scov- me. Thee doered that th i s device was l i stn i n g on pot 80. meases in So I ladd irx ad h it the devi ce wih how th i s has TTP. Sue en gh I saw the cal e mode' s kay doanagement sreen. Bing h cncene adresses a n

cn that I a I tested the g n to ma ke oesn t ssr the eats had hagd Muh ra y okedt my s rpr ise I l an get ow avi ewg an d cnig rt ass with sr addresss nae and asswor ser" I the had adi soeth ing"acess to smns a e dem om ete t th i s owi th an i nter I P a dress range on Rad coerned an

R ners etwk th p b i I P add ress th tn. I todMC ddress a eveythg else neeed to a l o tet e thr ab d ad stea thir absrd rasservic Fr th srn w h h ae p y st tt oa esta rt th dev rset t t o t h e atory I st deaults r d pretty h anythn y paket snwat. My d g at th pt nd acta y very th i s s st 10 adrsss it a 16 hst s ths tsnet . I ieiat y pwd n m ap wt h I ca sni ta S igrpriti ad vrs san g wi th I t i ke tthe target twrk 10.0.0/8 I wathd soee oas the g i grw r 1k t 10k t k t w I a1k. tr a h r I h a M so

e u ca ds r ng TTP SS have dea l t te n et a nd va r s the servs a l the at 10.00.10 is in g dea t l in s an d passwrds . Mst Ra ly " them ae r ng v la vers on S h d on a m i nan d a l o the w i a ack to SS1 whi ch I waited omeans that any passwods that ay e i a cop le p lace prtet i ng the she l acess are sees s . l i ght t

I sd de y ea ied that Road R n ner th is is nomalm ight not ice a l l o the scani ng that I was pat o the etdoing so I ca led p Road Rnne tech the other macs ppot an d asked to speak to someone i n the s i ness accoseciy depaent . They pt me on hld I P y a re a

7/21/2019 2600 v25 n2 (Summer 2008)

10/68

wesevers , many o them also nning SSan d te l net I a l so fo nd seveal c al e modemsact in g as oters I someon e wee to l og i ntoone o those devices, i t wol d n ' t e had toset p orwads into the NTed netwok or

to orwad al l thei ta ic thogh a tnnelto some othe P The poss i i l i t ies thenwo l d e ne a l y l i m i t l e ss h i ac k ing Vo Psevice y c loning thei hadware, steal ingi nten et sevic e y cl on i ng the MC a ddess,ch an in g sett i ngs, o ediect in g the locat ionof the dealt CSIS seves, among otheth ings

s a as IS P-evel e i pme nt goes, RoadRnne ' s CP seves , NS severs , andnetwok m on ito i n g sevies ae a l l ava i l al efo scan n i ng orse, n map' ves i on epot i ngopt ion hows vesion nmes fo theservices n n i ng Many of these are repotedcoectl y, an d sevea l o them ae v l n eal eto vey wel l -known exploits Fo instane,on one pat icla seve the SS daemon isset to o l l -ack to SS i f the c l ient doesn ' ts ppot SS 2 s id e om al l of that , a ickscan of the log i le eveals the type o IS

they 'e s i ng, te type o n etwok mo ni toi ngsoftwae they'e s i ng, stange a nd n neededthid paty appl icat ions sch as sceencast ,and othe pieces o infomat ion, a l l reelyava i la le onest ly , I don ' t imagine that i twold take a sk i l led hacke moe than anho o two to sccess l ly compomise thesystems The seves are petty ho mogen eos ,appaent ly cons i st ing ma i n l y o in x servesn n i ng essent ia l l y the same app l icat ions , sothe odds ae good that if yo can compo

m i se one syswel l l so, eI S repoti nsection of thinomation

The inomathe log i l es in go ld

f the 2p, aot seves I sthos ecaut anyone wsnet womoe th a n I

Needlesshee i s temeki n d o f netw

to egin witthe i outeseuests fo e ing do ne

I gu ess itate netwokt h e i n s ide

ne inasites at too is yopetty easy Tampa, F lowod ave conta in a l l thsomeon e ' s aa l l , o the sePetty slick s

7/21/2019 2600 v25 n2 (Summer 2008)

11/68

do ne he w ie l ess oue oues evey ohepae o you opue he way i wasdesied he wie less oue h ins ohopues ae one opue eause heyh ave sae h adwae addess

o hav ing inu wih e a he ie made sue I had wo vey ipoanpogas Kaood l e a n d Teh n i i u Maddess hange is I onneed ohe wie less aess po in o inees andope ned u p ieo o ns ue h a h e o

page was d isp layed Seond opened upKaoodle and waied o evey opueon he newo o e sanned This ayae a wh i l e i h e n ewo is ea l l y usyThen he opues wee disp layed soeae s how n a s opue n aes l ie ohes as addesses oule l iing on

one o he shows he opue s Maddess

V -Cnco '.k A;

The ne sep is o hange you M

addess o he one ha i s d isp layed Theeae sevea l ways o do h is i n i n dowsn e way h a ai l ia wih i s o ed i heegisy o hange he addess u peehe Tehni iu M addess hange o

Con_ W" NO().yN DeIT,uo

radeD co\ID {b5-0

1HtIO

onne Thehe oue ha i s an d w i l l

on n e eaSeveal

ig h e ois no an unigh os houesy wou

y o u ' e u s i n g use suspeon w he n heyi gh a i se so i a l pole wand ol y in ia l suppo

uhe opdi lea is he i s p laa unease pole wi h

7/21/2019 2600 v25 n2 (Summer 2008)

12/68

he ughesby ntbnnt

I use steite Internet which is gretfor web browsing IRC emi nthe ike. But it offers bsoutey no convenience whtsoever for ownoing musicistening to internet rio or ownoingmy fvorite Li nu x istro.

You see HughesNet hs rticuryrestr ict ive F i r Access oi cy (FA). Now Iunerstn erfecty why FA is neee;however it seriousy imits mny of temore obvious n usefu ictions ofhighbnwith Internet.

Hving the hckers ersective I uesti on e if it were ossi be to reset my I ntern etusge sttistics so tht I ' be be to tkethe 2.5 hours of nonsto HTT communiction tht it tkes to owno n . isoof ebin without hving to wit 24 hours

fte ech unre megbytes.he eu iment for H ughesN et connection is stei te i sh its ri o n receiveror moem if you wi. The moem is bsicVxoksbse router with ony one ort

th i t ft t i t t

Info to se

Bsicy it s uthenttht your mis commisfor service. hve no itenetwork withe go is store bouso your FAwi ow ebin Re

o we w

Tis is f inefrien. Recothe commnmoem intosione whicm iss ione w

h e n c the i nfo the ge

sttusit's wi te you

7/21/2019 2600 v25 n2 (Summer 2008)

13/68

He l lo a nd greetings fro the Centra l Office!After an u nu sua l ly co ld a nd rainy winter here inthe Paciic Northwest suer is in ful l swingWith so little good weather in this part of theworld peopl e head outdoors and a ke the ostof it - een with gasoline hoerin near $ perg a l l o n

For ma ny young peopl e this eans it s timefor noisy outdoor concerts which I told areeen louder than our disel backup generaorhre at the Central Office At a huge musicfestial with sound systes approaching thedecibel leel of 37 taking off how do youfind you r friend s I nc reasing ly tex essages a rethe solu tion

You ay not think a bout i uch when you resending HEY CRAC AWG WHERE ) toyour friend but sending a nd receiing sa l l xtmessages is incredibl y copl ex in fact m uchore coplicated than eail Making attersworse there are ultiple ersions of SMS andu ltipl e techno logies inoled in obil pho nesyste s for exa p l e CMA IS CMA000

GSM CS and GSM GPRS) For this ticle I l lfocus on GSM networks which are operaed byAT&T and T-Mobile (along with soe sallerregional carriers such as Edge Wireless) in the

When you nu ber th e IMation about are input into(HLR) This is aless carrier anhandset is bot

on th networsend an d receioiceail use H LR a lso keepstion on the netmessages apprless ca rrier opecarriers split upThe H LR is the and if it fails the person whnobody wil l beca l ls text messforward to oiin SVs eerywBlackBerrys wcrosswalks Sooutage eans of dol lars per and failoer ca

7/21/2019 2600 v25 n2 (Summer 2008)

14/68

oe oe ely o he N ( es gly, Vo ewoks) o oe l l s

VLRYo ob le phoe w l l gee l ly be eg s

tere t he V so Loco Regste (V LR) o h e

Moble Swhng ee (M) seg he are whch t s locte (lthough he HLR oes nonecessrly he to be ecouple, so n salleGSM systes the VLR ay be he sae as heHLR) he VLR rerees a locl opy of yoursu bsrbe pof l e ro t he H LR, s o ost rout n equ e es ca n be p rocesse agas the V LR rather

than the HLR Ths n zes loa on s low anexpe se e-ca e SS7 (n soete s eeX) l nks n he HLR seers These sysesae also esgne wth a hgh egee of falttoleace, becuse ts also ba hey l Howee, t h e fa lu e o VLR wl l se o n l y aloalze oage Fa le l ls wl l genel ly be

foware to oeal the nter, a Messges wl l be h el or eley l th e VLRs ag opetonal

MXE/MChe MX (also eee o s M) hles

essagg. O GSM syses, hs clesoceal , SMS, x feaes (yes, he GM

sa les seg a receng xesfo soe reaso) .

SMSCHey, we fal ly go o the pece ha real ly

a ttes he SMS s the co p one t of th e MXwhch hanles SMS ognato an tenatonSMS essages sent o reee geeral ly pass

fro you r h anse to the MS o the MX to theSMS, and then ethe n the reerse recton(for onntwork SMS) o to t he gateway MS for nterca r er del ery.

Message low

Next, heeph o e eeRe t o

ote thatlso e-to-e

Whle theM protocossoce wThs s oseas whee SM essageessge, aessages n lwth he ogto nter-aewho negotaon behalf of of a b l l ng el ey of Sgla ng ssue exaple, the

7/21/2019 2600 v25 n2 (Summer 2008)

15/68

by Barrett Brow

holding" l. i n certai n sports, the i l leg use of the han dsn d arms to h i nder the mvement of nopponent

act ion" . the effect produced y something.2. a a m i i tary encounter

mi l itary comat in general

veryone is fami l iar with what ho ld ingactions re we experience them every day ofour l ive. ht many peope my not know

is that hold ing act ions can e very carefu l lyplanned us ing stt ist ics , making them apowerful too of manipulat in.

F irst, let s acquaint oureves morespecif ica l y with what a hol d i ng act ion is .

Scenario ne et 's say, for example, thatyou are tryi ng to get a refund for some ma l l

item you ought ut which you received inthe mai l roken. The item cost $3 utyou paid for it, nd you want to get what youpa id for. You c l th e compan y and re greetedby ph ne tree. he pho ne tree i the fi rt tep

cenri hypothetical lpresident. Rona d Regfrom yor rcomes out inmolets a nu mers i n th

the pu ic ure-e lect io n. of war in ranthe Iranians tthe day afteome gns ogo on TV and

the hostagesform of hold iThe presid entScout wrongneeds to holweeks, unti l ho ld ing ctio

cenrio Taddict . You anot cmmit .tr i l , you areyr b i

7/21/2019 2600 v25 n2 (Summer 2008)

16/68

ent i t ies wi l wys win ny g iven hd ingt in .

ets exmine seni tw gin. stme in this seni wh is smewhtp my nt hve fty mintes t spend n

ph ne tree. ith e th ey e sy wk in g frminimm wge r they spending theirfree t i me di ng n dy nd shp pi ng. prpesn ften des nt h ve the ti me t spend nred tpe nd w i l give p el y th s svi ng themnipt ive entity in est in frm epingthei defetive prdt. welthy individ

i n seni tw w d hve me t i me t witn hd r even seety t mke the in std th s i nes ing the h nes tht theywi end p gett in g wht they p id f.

Nw th t we nderstn d i tt l e t hwhd in g t ins re sed g i nst s et s th i nkt hw they n e sed t dv ntge.The si ide is t st f s lng s pssilenti y enemies either give p frget lse the ppewk regrding y r deidetht it is sting them t mh mney nti y re i n etter psit i n t es ve themtter.

The p s i n seni thee ld hvefght h is wn hlding t in y ins ist inn tr i t nt speedy ne. The di i system in the fnt ins p imi y n tpergins " whih e des mde withthe istit ttrney. Mst ts hve ninterest in tr i ls ese they st t mh

mney nd t ime. S in the se f senr ithree ssming the hge ws sml l ndthe pesn hd n pir ed they dinsist n ti It wd tke few mnthst h n es re gd tht the h rges w d d d h h l i d h h i

tr i." F in y tr i l t the fthe mde

ve n dispte n ev

mpnies eght y tppewk ry dispte rden f prhve imitedy w e them

i m frm ynies re s t e dppednt hve theit t the cedif yr imme m ney it des t ssing hdin

nther eresn why stpi lws ithey e w

time nd pt tiTime nd

i m ptnt mmre infmnent nd ette y

yr ppn The mre ntime the ess gwing my the grw

i i

7/21/2019 2600 v25 n2 (Summer 2008)

17/68

b D Rb R oeer, so ad o ave

For ose of yo wo don ' remember me, o now abo

' m e one wo wroe H acn n Braz " and word for aarn a Hacer cene" aybe one or wo aron d Braz of yo ave eard of Braz a ns on e nerne acers"wUnfornaey, ere are a rea many of em and od meca n emseves acers and defacn be o rearewebses No, 'm no e one wo b sed o sared ose ys no don eecronc vanda sm ronc b ca

a d d was o sar wr n e f rs Braz a n was j s saracer ezn e n 4. Te nerne wasn ava before Braz abe bac en eoe cod on y earn abo access y ez a nvers es and n a few oer aces y boss djs so aened a dd now abo And my ans; e ere erned bo acer ecs, vrses, eard of, a brean, and a a sff was nvoved ns , o

n sen an ecooy nerne dscsson borrowed aramon eemenary scoos Ten eard abo and ere, asa Hacer and Vr s Conress" n B enos A res, or a, someArenna ran for abo for days, wc wrn on mysed o earn and a w eoe from Hacc ood a sand 600 and w severa Arenne eoe erm ss on orconneced w comer secry, amon aven ' com

oer ns ys a dd Few eoe n o Amerca ad nerne boos becasaccons os ns aened n BBes, on Tns wFdone or he e Comer vrses were on y coe man sbjec wen eoe aed abo eed o b

B d f

d f d b d d

7/21/2019 2600 v25 n2 (Summer 2008)

18/68

ood nforma on sared o be sread ro nd, e aer re e es bo ow o e free one ca s bad ns fo n e raz an one sysem ey even y raz an ed f xed a) n wy

e ez ne rew com ex or one n, n abo

I sared o enjoy wr n I becme more an a e arces aobby I aways oo more me o wre ns oer s And f I co d no enjoy read n myse f aa n, nervew aI wo d rewre e r c e e ez ne, or n y ered ar of mean o be some n s m e, rew com ex, d d s m a r arw secon s e a A, abo, sory, beer boos s n marc es, and news secons a ws so boos were a

robesome o mae a I rned n a bo wor anymor(ba r a a r c a b o sp o c o) If I wroe eecronc vansome n, ere wo d be a reference or a n boossay n were I oo from y ace

eo e sa red offer n servces e ow o n erne was mrove my HL scs) and esy access a comer of e web s efor free I dec ned I sared wa s mosy U

a a one; nobody waned o sare me o e deva ed L me nce I was famos, wo cares esdes, n a commerc beer ezne wod nvove en more n a I wcom ex y focs ws n n de ver n beer sen an ns o e rown n mber of eo e wo radae cowere en Inerne access e way was, I wo sred Ywas en ree or for eers a dy asn, oo my mo

an yo eac me acn " ooe; I sadI cod ave one cororae I wod my exerenc

ave ad o care for a n fac, wen I academ c wosred e ez ne, e freeware conce ws eo e eno ndersood or me, mean a I wod abo a my no ave o worry abo ayn waes, axes, e fac s arevene, n come, cons mer r s and so on a o abo

I wo d ave d o re ser e ez ne; en I boos j s wwo d ave bee n a re If anybody sed me Som e day, I and I os, a wo d ave been And e nd a boo n ordof arc es I b sed were ofen n ray areas se n o Ano e aw I yore a red and, yo need o even w a

rosed e tat tey wod ee on readn and ow to

7/21/2019 2600 v25 n2 (Summer 2008)

19/68

rosed e tat tey wod ee on readnnd I et wt n te e ne and a bo beasets s a waste to sto

It soetes ays o to do a bo ne Iosted tat I needed a ew eory s ory o das oned oter I ve n So o n e y ro o de a ne o read t, ased ory osta address and sent te s, aonwt oter t ns abot 6 o adwae, aoete CPU ed ade o od ees eatered from frend s He t rew a arty, eo ebot t ns, tey set a Pent wa 0 H D, and tey sent t and soe oter ns to e, by FedE x co dn t be eve t andsent so me t-s rts by way of tan s st sed tat omter nt ast Crstmas, wena b fan a nd frend of m ne sent me a Pent 4 wt a 50 H D and a few sence f ct onaaz nes aybe ta y s one of e t ryfve tat revent od from destroyn te EartI don n ow

Te robem oday w wrtn a aerezne and bo s a oday, everybodys otmc more acess an a te tme I startedAnd tere are any eoe an aernowede Even YoTbe as a vdeo or twoabot omter nsecrt es ne doesntave to o nderrond o earn abo darsbjets" ne as to ave te consene,wc s te man sbjec abo w sedto wrte, r t rom te bennn f yo wrteabot ow to do t, tat w et o d soon enyo wrte abot ow o t n abot t , t w s t c Peoe st an e o d sses of y ezn eand f nd ood tn n ater a Tat mtsave te r bts one day

Unfortnatey, od not wrte a tessabot wat I dd Te Portese anae sto to read y not wrt n a boo s aso

and ow to te nternet doott es

It s e taaos Beoave to onstae In order as to now today n Yobered somewrown oder,e t was I wtns I neverno reres ab

en yoto now yoa te same oter occaao nted teAency ABnervewed an oter sory,a y, e was ntr e teres a bad oar eanswer an emsomeday csoe ood sa , te f rst B

He woda an" aybe not a word ease"now wo toj st ay t at ysef, ayo wan t, btnow ow to

b b

7/21/2019 2600 v25 n2 (Summer 2008)

20/68

b b Y b Y P P b . P " b

n m as are ssena ert oos26 Wner ), wroe abo somese r oo s od readers were to et em andave a bas nrodton o wa e do osase readers ma ave noed a e seonon P n was ver bref Wen was draf n eare was movn sbes arond and so

msaed e man bod o m Pn seonWen reeved m o o 26 and noteds rm aned m ae n e am o mand and et o a od D o o mae or and to absove mse of s error am dedat n t s ar e enre o e P n t

P n (ht p ://w hping org s a reat

oo o ave o an se t or ver s m e tess oro an se to do somet n more advan eds as ranser es e s sar te asstf

H P G - e t 4 0 ea- l en = 4 0 1

- t = 9 9 9 n addonUDP e nexo or woa Ware box t @d

H P G 2 0 . 2 1 0 u d d e eI M P P t U n

_ 2 1 0 . 2 0ven o

on a os wa ve so dware and oeaes wo

o an e

o s ae rooo n e dm aes o P

wo an o o @ o o o P a ts mos as s a ae rater _ e 8

o a e a se ot o s s bas n L p p on ets examne sn Pn to n a P 3 5or _ 0 0 , 0 0 , 0 0 , 0 0 @ d e n 2 O x 0 8 )

- c a t S 2 2 - d 8 HNC o o 2 . 0 . 0 . ) , - 4 0 e de + 0 da t a y t e e n = 4 4 - 0 0

or a aae erv roer an tat yoe to otor bot yte eat a er

err o te r o ot @ do o rm o

7/21/2019 2600 v25 n2 (Summer 2008)

21/68

e to otor bot yte eat a ereat Yo a ororate HP to yorere at otor by ett a bart w w rat aet e te to teere eto, eer a ayoa ee,a te reort ba to yo r a aeet tatoweter or ot te ere ee ote roe reee by H

Oe o HP e eatre te abty

to traer e ao a o eoy oe t wt text e bt re tat

oeo ot tere ow ow to eytrae a bary e a ae Soe yoae a text e tat yo ee to traer bt ate ora e traer oto e PS, SSP a HTPS ae boe by a rewaowee P a ow ot Yo a e H P to trae te e aro P t yo w ae

to et yor taret eer to be a te tate:[ oo t @doo m ou s e # hp n g J o c a o s t l s t n s gn at u re s a e c mpW a n n g : na b l e t o g u e s s- t h e o u tp u t n t e r a c eh p n g s t e n m od e[ ma n ] mem l oc ka l ) : S uc ce ss

d a mm g ow tat we ae ooe te et

ta er te e o o o e a e:[ o ot d oo s e t e mp # g o c a h o s t c mp d 1 i g g n at e e ano s t u N G o a l h o s t ( 1 2 7 . . 1 ) : i cmp- mo de s e 8 h e ad e rs + 1 d a t a b t e [ ma n mem o ck al { ) : Su cc e ss

W a n n g c an ' t d s a l e m em o y p a gi n g l e 1 8 p 1 7 . t t l 7 7 c mp r t t . s en 1 8 i p" 1 7 1 t t l " 6 i d " 1 7 7 cmp e t t = O S e n " 1 2 8 p " 7 . . 1 t t l " 6 i d " 1 2 7 7 5 i mps e - r t t O 2 f S

r o ot @ do o rm o g r e p L S T

p . : * r o o t d oo rm o

- l i s t en sWa n n g : nat h e o t p u t i

h p i n g l s t e n ma i n ] mem l o

W ar n i ng : c anLne 1L i n e L n e L i n e o m p o r

Te o

o a oo[ o ot @ do o m o6 1- d s l e / r and N G l o c a l ha e s e t - h e ad e rs ma i n ] me ml o

W a n n g : c n

e n " 1 s po t 6

ee ot eyteet ao t w a

Yo a a

te oowot obywt a O / b n / b a s Tt e tI n 3 3 . 4te wo

w be roeH P oteboot Try e s g n a uto ee at b

7/21/2019 2600 v25 n2 (Summer 2008)

22/68

by Sai Emrys

2600@saizaicomAM, #ca2600: saizaiGPG: xAFF1 F22

y exerience s been tt medittion is subject tt requenty orizeseoe: some be ieve credousy in

k i nds o un su orted no nsense, w i e somereject everyting woese in te nme osket ic ism.

However, medittion is use wyto ck your mind stte. Rter tn jsttking some gru's reerred version o one

tecnique s te ne Tre y, yo jstve to get to know vriety o te tecniques vi be, twek tem to work oryour own word-view nd symbo set, ndunderstnd wt bout tem mkes temctu y work.

I ve tked wit ir number o eoebout t is, nd one misconcetion ttcomes u oen is tt meditt ion exc sivey mens sitt ing in drk, quiet roomin otus osit ion sme ing incense ndti ki b t t i Ti i i d d

re rticuone's mediteverydy r

Ti s is rmrt i rts.

Insted o

o te ersonto disrm), re nd kend i ter y .

A good wsk yorse

erere te

t i nder-

How nd

Neck? H ow How o

t e ne

" a h h a h d d

Hien Dim h d

7/21/2019 2600 v25 n2 (Summer 2008)

23/68

a a as h dsad p h las a pa h da s w h sp hd a a h l a a a a

sad d da l s h da

as wa d hs s sa m a t w s; xam wid sk adseein t couds mov. as muc d

s you c in tose two tns. Ten dd tird, suc s te ee o sun igt or temovement o tc o grss nerby.

Te key ies in dding more tings toyour ttention simutneousy witoutosing det in te reviousy eceived

ones. Tis cn vey quicky become overweming; te mount o inormtion inny ntur scene is extemey dense. ven sm tc o grss wi ve enougmovement nd deti in i t to swm youmut i tedng.

otuntey, t is is enbe ski .

it rctice, you ' ind tt you r eectivetredcount nd bue sze go u.

As n ice bonus, te more you cn re ynotice, t e more enjoyb e i t i s .

Iv

t did you notice te st time youwked down te steet?It 's inteesting tt te mount you

rete to eoe s individus tends to beinversey reted to te number o eoe

h dw

h a a pawh l p a s h s s as RaY! ake ckro

incudin cotrc, youbors nd soenvironmen

Te uis to ern

mutitredetions in son y exeies ossibeoverwe meurose o tion; it 's ju s

just ew igure out oyou r di y gte tis ws di y si ing you

I you interested ime. I ' m woted A Hackical Rcip

7/21/2019 2600 v25 n2 (Summer 2008)

24/68

D D

Q D

[ DQO

by Uriah C. enoy leav ing my wie less access po in

ava i l al e fo ohes o con n ec o an d se he nene Thee i s on e cach, howeve ge oplay and monio he aff ic wheneve wano n h is a ic le , wi l l desc ie a pas imeha i s fn an d evea l i ng of yo ne ighos

ecen ly fo n d a new hos on m y n ewoko p lay wih New f ien ds ae fn feen lyse Ehepe o ic k l y mo ni o my n ewokaff ic , and fond a new compe nameon my newok Know i ng h a h is peson

was on my newok, f ied p nmap o doa i ck p in g sweep o confi m my newf ie nd My n ew f ie nd s co mpe name washe eal name, and co l d see ha she hadhe P addess of 19216811 The fami lycom pe was on 19216811, m y l apopwas on 192168111, and he access poin

was on 1921681 1 S ince had a new f iend o play wih,

decided o view he aff ic ha was goinghogh f cose co ld do ha wi hEhepe waned moe hen s P

n h e s ec# ro 1 . 1 6 8

Then, nefowading so se faype rgru

N o w l e f is rap infoae t h 1 o hha y c

wh i l e h e s e c192168 1 1192168 1 1 he oadcash a s c o e in ,sevice

Now, i s

n eed u n T h e n , ca n hsoeone e l s wo oe eype

7/21/2019 2600 v25 n2 (Summer 2008)

25/68

. A

by [email protected]

f ind ha one of my longes-runningfasc ina ions, compuer hacing, has a loo do wih my greaes pssion an hobbygraffi i ar These are wo very conroversialsubecs , and d i scuss ing hem can usua l l ygenerae a grea rspon se, depen di ng on w hoyou as . This is no a howo ar ic le by anymeans, bu raher a way o shed some l ighon he s i m i la r i ies beween wo of my favor iepas imes Bu ' l l s i l l i nc lude h s andarddisc la imer ha ge ing caugh par ic ipa ingi n ih of hs ac iv i is mi gh g you i n rouble .

The f irs h i ng can f ind hese wo su bcshave in common is he reacion ha you gwhn o l l som on ha ou do on o hoher f you l l someone you're a comurhacer, you can usual ly expec conused orwary looks . People assum ha yove onshady hings bfore, and hy approach

conversaion choosing heir words careful ly,assuming ha you migh ae some of heinforma ion and use i agains hem Thymigh no b aware ha he hacking you domigh be comple ly lgal You migh be a

or Ciy and many pciy implem

gra h i ngs,change, pewhen hacipopular, hebodies o rewo culure

governm enconrol , heThere are beween he

Some ac iv i ieo var io

You neb l gabx anroom yfirs.

There or inm ingyourself

Thre acompuCl

7/21/2019 2600 v25 n2 (Summer 2008)

26/68

Hacker ersp ls

Te story be o is my yot cones m c d ee e

s io n . n y m i tt e re ctnt to te ters . I m st si t, bt s i nce i t i s story over 2 0 yers o d . . . deeer ndeI s t oe y o i se e i t i n i t s r i t kn e s oersective. sooky tmo

Norm y en eoe sk ere my beo te s in terest in ocks nd ocki ck in comes o cked

rom, my nser is tt I becme sc i mc ines nnted tcin Jmes Bond movies s Needess to k i d , on de r i n i ocks re y co d b e mic ttroened tt s imy . No tt in i tse i s et coy tre sttement. Bt te one t in tt r ie nd tod mre y ser ios y mot ivted me, nd mde i t coied nd

me t ot o cret ive ene ry i nto ocks tr y i m oss ind c i rc mvent in some sec r i ty etres, q ic k y s s o met i n e s e. . . . te key ooke

As o n s cn remembe r, s sever coyinterested in ocks nd ys o oenin insted o tetem. And s k id , s eer to ern d seven. T te tr icks rom te street to oen restr icted, mbicyc e ocks , ote n s i n s i m e too s b nk keys o ike i ed don scissors or oter t n d bein vi t i n i e ce s o met . t i , cn onest y ins or sy I never sto e b i ke in my i e . Bt te et nd r

t io ns at my next vi sit . degrees, theFinally, after at least 2 0 vi si ts, I fou n d stuc k! N o m

7/21/2019 2600 v25 n2 (Summer 2008)

27/68

Finally, after at least 2 0 vi si ts, I fou n d stuc k! N o ma locksmith that did not send e off turn the keystraight away. This locksmith was very the l ock. I pcu rious about what the key was for an d I point of bredecided to be open with him. So I started and just goexpla in ing that I had no cr imina l intent down a l ittwith thi s key. If I had, I wou d have used problem , I it r ight away and n ot bothered to copy it . the mi ss in gAnd I told h i m it was the top master key reason for for the Amsterdam subway. I explained looking a roto him that by now I had become sort of the s ide ch

obsessed to copy this "uncopyable key with a bentan d tha t I was determi ned and woul d that, to mysucceed one way or another. After all, to turn backtech n i cal ly it is j ust an odd-shaped pi ece I was then of metal. Phewwww

Ater th i n ki ng it over, he sai d he cou l d Back ho

he lp m e a l itt le bit . He studi ed the key for to somehowqu ite some t im e and started compari ng it t r ied to soldwith some blanks from his racks. In a few i ron . O ne om i nutes he came up with a b l an k key that I so ldered more or less had the same profi le as the come loosmaster key, except it did not have wi ngs. to the othe

And he made it very cl ear that he woul d was that thnot help me with the wings; I was on my to keep sown for that part. The bl an k h e fou n d was eve whena l itt le fatter than the original , meaning it correct ly. Thad more mater ia l on it than the master and not usakey and would not yet f it the lock. The of someth in

locksmith advised me to get a f in e f i l e I had soman d try to f i l e or gr i nd away soe of the shop, and metal in strategic places unt i l it was s l im me how enough to fit the target lock. He made fraes. Theme three keys and was kind enough to soldering. W

r i I used a soldering iron and leadased solder ( low melt ing point) Later I

keys I just aThe next

7/21/2019 2600 v25 n2 (Summer 2008)

28/68

ased solder ( low melt ing point) Later Imastered the hard solder technique evenetter so I c ou l d sol der one si de of the keywith s i lver so lder (h igh melt i ng poi nt) and

the other s ide us i ng gold solder that had as l ight ly l ower melt ing poi ntAnd now, two years after seeing the

suway key for the first time, I was readyfor the final test I went ack to the samedark corner of the suway system and

tried my key And it worked l ike a charmI could not have een happierTruth is I never used it much For me

the challenge was to copy the key Butsom e of my fr iends had great fun wi th it In the eary 90s we were known as theunofficia l tour guides of the Amsterdamunderground, proudly showing a l l our( internat ional) fr iends the Amsterdamnu clear shelters

ut the stor conti n ues After some exploring, my fr iends told

me they found a few doors deep inside

the system that this master key could notopen I could enter he lock, ut not turnTh is was a ne w chal lenge

The nextof the undeat the doorthen I rem

keys I madegues s what? was a timmediately to fully rotatwings yet So

I went backremoved it fI soldered

found that (As to e expwere ust sosom e h igh vwant k ids p lathe " su per ma lock it coAmsterdam some ti me toI made a co

master key, the origina ksystem, and"The Key

Now thersion F irst o

figu red a n ovtol d y n owyou that noa mechanicabypassed by

At aou t the same ti me we met a groupof artists who were official ly al lowed togive an ar perform an ce i ns i de the su way

system They had been given a very lowpriority key that could ony open twodoors in the entire subway system Andeven houg we cou d a ready open esedoors with our own master key I was

T

7/21/2019 2600 v25 n2 (Summer 2008)

29/68

TL X

by Aaron

s in g TrueCrypt a lon wi th amnS ma l l i n u x (S i t i s poss ib le to create a portab leencrypted GN/ inux wor env i ronmentwhich you ca n tae wit h you from PC to s I have lost a number of SB dr ives I f indthat hav in th e data on th em be e ncrypted b ydefau l t prov ides some p iece of mi nd .

The bas i c con cept here i s to us e TrueCryptto enc rypt the maor ity of a SB d r ive. I ns i dethe encrypted vo lu me wi l l be S a l on wi thQEM wh i ch a l lows the inux ins ta l l a t ion tobe run on a icrosoft indows machine.

Steps Insta TruCrypt n yur You canrun TrueCrypt without insta l l in i t th is i sca l led traveler mode." For the purposes of th isexamp le thouh i t i s assu med th at TrueCrypti s i nsta l l ed loca l l y on your ownloadTrueCrypt from p : / / w . u yp om

then extract and run the up . x proram. Mak a ruCrypt vum n th U S B

driv. Insert the SB dr ive and wait for thesystem to reconize it . For this step we areoin to create an encrypted volume In

Crypt prorascreen. Selec

drive. Select (specif ied berat ion sect iovolume in thsect ion . Then

Tst remove the

get the Truvolume's pashould be mdr ive letter. Ifor the next

Insta

vum.from the L : / / nz i p the co

CratFo l low the inc luded wit

QM V i r tubat fi le ." Fortonce per S

Tst remove the

you wnt o sv anytng you vto s t to /m nt h drctory ou wi

i t s een o s projc w

7/21/2019 2600 v25 n2 (Summer 2008)

30/68

ynd o b roo o b ab to sa data r o cha ng h s opn a root sh by choos ng"X h s Roo AccssDark an d yp ngchmo 7 7 7 /m t /h no h wndow hapops u p r ha you wi b ab o sadocuns o h /m / h b sys andha h prsrd bwn boos

Optionso ha hod prsnd hr

s ry on way o bu d a porabncrypd nronn

FrFE can b usd n pac o ruCryp n o adanags o FrFEor ruCryp s ha L nux can uscy o rad FrFE ous

nsad o nsa n ruCryp on a L nuxboxAnor dsr bu on o L nux can b

subsud or D For xap nUbunucan b usd o cra a porab scurtyoo k or Knop p x can pro d a or u yaurd L n ux dis r ibu on Us ng ar s E

by Plasticman

p jnsd o

ou can sck or a po dr osyss nowand so cursgnraa wondru around wh

ruCryp

suc as hdncrypon awbs or

D as owhch can bbrowsng n

D a n a h t t : / /

ruCryp h tQE h t t

our pracy addrsss h

As a co g sudn a h ackr a nd h nwork an a l around sparanod prson usd or h

b b d h

7/21/2019 2600 v25 n2 (Summer 2008)

31/68

by Lj kIj k@I k.net

t valuatioof Diaonxplorr. T

' oin to so you o to st up a ti to iconypot to captur alar but first a f an rci vi n

roun ruls. Tis articl is not to b intr Sys intrnalsprt as a oto about crati n or ija ci n on strois. botnts. Ti s artic l i s al so not to b i ntrprt VC srvras anyt in b ut a b it of inforat ion. A s suc isn t ncssacan't b l l iabl for o you us t infor of your onation. f you ont no about botnts o a blan notpasi p l sarc on i ipi a. Tat sou l t o olscoo

you start. av ca n t na s of C t sou l cannls n ics an forus as l l as t P i l l b in fcarsss for C srvrs as ty arnt n a your to so t tooloy. las p in in script iithat popl a istas; a not prfct. but t orAlso tr ar fiv unr il l ion ays or achin taor to o t thins scrib in tis articl; Your fault

t is is j ust on f t . D DoSin y sit on t in sta l lat ion a your bots bttr. f you s on l i n say t narly t i . On to t art c l . coputr o

n a prfct or l you oul av a connc an a a tio n to t i ntrnt tat is n 't trou a carfu l ly l ist in accsuprvis ntor an ost lnint cor Praps youci a l SPs offr t i s i n of con ncti on You ar to i t not

prtty uc out of luc on ilitary bass an pi cturs of tin ost otls but you nvr no! Tr ar a rrs is a nu br of arunts for us in i tr a pysical station tat ac in o r a v irtua l ost for your onypot. For of a pr in t srxa pl it 's possi bl or sotar to tct t o t a l a

t t dcs y ppp s w pldy t stl l lw t L t y f ls dd t yh t d t t h t l th f l

7/21/2019 2600 v25 n2 (Summer 2008)

32/68

hypt d stt sh t s lwys c ths f ls s t hv t pd t th w dw l t s st l v chc tht Al s stt Pcss p l d c ct Pt p l N w p l y tw cl pl d

f y hv hw fwll t p t t s tht l L sys y y cl f ls thy d t l t t d cf DMZ O dflt wth th P ddss f y hypt Th s w l l lt vly t ytl l y t t ps th hypt t th wy t fd tw s t ptct y ch

Phps tty scds t thty hs lt t SttS

y hst w l l fct S fct s th st fsct th ts t y c tl l Dt Mftt pt f t y ft y sptw t t t t f t c c t t fw pt 35 3 3 445 A lt f fc c v t vct t pt f v tt w w t y t cp t tt t w

w p fct wt p l t tt ttj w t f t t w py w v w t x t t p t l w v f t Y c t t t t f t tw t t t v wt Y lv t t th tff

W f y wt t US t tt w ft y t t wt v t x tt w wv tt f v twt t t t tw f w t fxt w t f tt wt t f tt xv tff f w t

v t tt t ft t t t t t l M t ft v x Sv ft t x U f t tt v t fw t t t

wh a ro an, where he haer rene f h ware exeuale Afer heexeuale wa wnlae he ran va

a guaran" prgraherwe T

7/21/2019 2600 v25 n2 (Summer 2008)

33/68

exeuale wa wnlae, he ran vaar u n Tha The haer he n lggeff, n even herng reve h wrfr he rwer hry l The exeuale

wa a rpper, a a l l an p le appl a na wnlae he re f h ware : \Wi ndows \ Temp. Arng he nfferlg, he an ware wa wnlae fra fferen re weerver han he rpper

TarB aually a e f arene ul e wr ng geher n ea f ju ne exeu

ale Yu wl l f n ha h a very nprae, ne a l peple runnng negeneral ly la any real puer l l ; heyare hu are napale f wrng r lay wre her wn prgra Beaue f h,hey w l l ue prepaage rea l y ava l ale n a varey f plae Yu wul n e

aen n al l ng he rp e, huh,l e any un y, here are a n u er f verynel l gen an experene han ng une n h f e l

TarB paage n an exeualearve apprxaely 5 egaye n e ran h arhve everal e n a n

nee, van l l a nw na l la n ana lyehw eee elf n he hneyp Onewnlae, TarB exeue y erpper f he h neyp wa nfee auaal ly y a nw expl nea f hrughVNC, here wul e n v le evene hahe ahne wa pre The nal la

n elf al pleely ranparenT he average ffe wrer r granher,he whle pre wul g y ulyha hey praly wul n ' h n we au Depenn n e purpe f e , e

herwe T lea n u p afeTarB exela n f le, a

fun na l The aeveral ffelea ne paerver, a ef le wh erver,

n an havy far he nvual Te grC ha e raal e herne

eerne wan gnre eay nff pern r eage p l e ue nr

whh he han he heng l p

The nhneyp nea l pa, perfrane

a TarB a a hr n Durng TarB waneyp w

7/21/2019 2600 v25 n2 (Summer 2008)

34/68

Sugg

Dea r 00

Hey just saying a while ago I read a letter heresaying if your mouse is jittery that you're beingwatched Well ust to put my two cents out therethere is a program that lets you bloc your IP fromeveryone It's called Peer Guardian If you activat ityour mouse wil l stop ittering and you're not begwatched anymore t also helps when pirating stuff

ae Her

It so nce o the watches to mae t ths easyto detect the pesence e pacy wod must bebeathng one huge sgh o ee

Dear 600

t ime though Kski l ls that Thompart about this problem that caphone and tenyou'l l remain hacreative and hav

s s vngpan n the ass coud eep gon

oe you ownedAmecan succeto us a

IquAfter reading the article "Gaming AT&T Mobil Dear 00

i ty" by The Thomps in the Spring 208 i ssue, ave I have a fewsomething to add that was not mentoned Ths fo

from the phonecomes from personal experience as a customer gineers among Whie Thomps had a section of his article t it ed cel phone servi"Free Phone s he o nl y tal ed about getting di scounts tion) features fo(which I might add was qu ite ingenious) no t getting anonym izer weba pho ne for free t is possib le to obtai n phones from suffici ent to dusthem for free top portion of t

You don' t even have to be el ig ible for an up- I m a l so see

grade or buy additional accessories to do this All completing: an you need i s a phone that is sti l l under warranty with mon GMRS or FAT&T They give you a one year warranty when you unit that woudbuy a phone from them A lot of people don't even at for exampereal ie they h ave thi s warranty So let's say yo u own is stopped and an HT 8 2 ou want the ilt d on't you It has

I can design an d accomplis h this l i tt le projectJust in case youre wondering about my motives

I m a professional "people watcher i e a Private In

nto a daogutypng humantme you send

7/21/2019 2600 v25 n2 (Summer 2008)

35/68

vestigator provi d i ng needed services for good peoplebein g done wrong by others i n matters of civi l lawThe PI message boards and email groups would goape-dung if such questions as the ones above were

posted there Plus the design questions would l ielybe too techn ic al fo r all but a few of them Crl

The ony pepad sevce wee awae o wthubown GS s Boost Mobe DEN poduct (theymaet both DEN and CMA poducts and onythe EN poduct ncudes a pecse GPS eceveou coud n theo wte an appcaton to og the

ocaton peodcay and post t to a webste usngthe data connectvty pacage

Spnt aso ses somethng caed Spnt Famyoca to See httpssspntpcs comndespntamysgnnhtm o detas Ths w povde theappoxmate ocaton o you taget oweve t snot avaabe as a pepad sevce

r 00Are you guys sti l l accepti ng photos of payphones

for your website? There are many interesting payphones in Taiwan now but they have evolved intosomething more l ie ios computers with touhscreens I can send some photos to you if you wouldl i e to see them

mmyBy a means send them n The addess spayphones@200com Be sue to use he hghestquaty settngs on you camea as ow settngs dontpnt we n the magazne

r 00First off really appreciate the hard wor you

guys put into producing such a great publicationts changed my perception of technology greatly Afriend and I have been inspired to start a 2600 meeting in our local area (Belfast Northern Ireland) andwe were wonderin g if there i s any parti cu la r format

tan numbe oto ths systemaddess o thwoud ead to

deetng that o

r 00I am trying

site wwwbayyour website Some websiteso I would lie

The thouswebsite are Innew websites l in to your creased trafficable to lin toreply

We dont dmnd anone even we ddany ght to obve by ues th

r 00

write follter many yearand maing stwith relationsyears ago but noticed that than you givethis or indeed

your response

The ony to go thee anthee nothng

Dr 600How can use the services o a hacer?

sjos

Dr 600 ound you

quicly and was

7/21/2019 2600 v25 n2 (Summer 2008)

36/68

sjosWherea ot religion require you to pray or do

oe ort of penance in order to obtain the goodand ervice you deire, with hacker you have bu toak and pay our noinal fee. Obain any paword,change any grade, even travel back in tie whenneceary! Your wih (plu the fee) i our coand.Now go tell al your friend.

Dr 600 wou ld i e to get your new boo cal ed The Bet

of 2600: A Hacker Odyey when your boo comes

out in uy 008 Where can buy your new boo?And what does your new boo cover? an yo u sendme some printout o the Tabe o ontents o yourboo caled The Bet of 2600 A Hacker Odyey?And what wi l l your new boo cost? Al so can we buythis boo rom you ? Wou d you p lease send me a nyino you have about your new boo? wil be ooing orwr to her in g rom you An to gettin g you rne w boo

ohnWe believe you're referring to our new book. It

available everywhere, both online an d in booktoreI reail for $3 9 99 and cover he hree decade tha2600 ha been around We don't ell it ourelve a i t old directly through the publiher (Wiley) . We're

real happy we could finally pull thi off and get ouch of the hitorical a terial weve publihed ince1 984 out into the aintrea. Le hope it doe well

o we can do ore fun project like thi

Dr 600Urgent! need a new identity or me nd my

aughter because we are victims o abuse i egay

Send me inormtion peaseEv

you really believe that eailing total trang-er i the bet way to art a new life? We're not thewitne relocation people but even if we were, it

quicly and wasuseu resou rce td preer not toa question or ya method or ibeen purposely ormation couldgood wor

Thi ound article if oeon

Der 600 have put tosub mit to 2600an editoria cale ust submit theyou preer a Woe now

ut end u anything but to ASCII text le. Tco

Dr 600et me in s

trd in g code t o woud nice it wmindset with nutio n o a 00 gbany other

No, you cert

Der 600Do you osn nounced nerealy timely: ann we sen yosotware to revie

We ha ve many patnes in cime in Austia, but sofa no partne in magaine distibution. ou best betis just to get a subsciption and have it mailed to yudiretly from u An d of oue we'd be inteested in

incopoate dto get on it. BuHOP.

Lifetime su

7/21/2019 2600 v25 n2 (Summer 2008)

37/68

diretly from u An d of oue we d be inteested inseeing you aticle.

Dea 6

Tll m ow much o o your hcr wouldcrg m o dl m crimil rcor from Tx polic d.

[Name Deleed]Well, we would tat with easing you latest

cime, that of soliciting a mino to commit a nothercime ou equest was ead by a small child herein the offie.) Afte you're all paid up on that, we will

end out the bill fo hiding your idenity by not printing your eal name, which you ent us like the meahead yu appaently are. After tht all sorted, wecan asemble our eam of hacker, who it arounthe office waiting fo such lucraive opportuniie athi to come along and igure ou even more wayto hake yu down I' wha we d, ater all Ju akFox New

De 26I hv lo of hcig rl pic o my pho

d I worig o I ho ul g o ou i u l for i c I do o hv yhi g h i l lhoo up o y compur o g h pi cur of of hpho y vic oul vry hlpu l

eiI eem odd tha y u have a picure phne wihno ean harin icure I yu cn ue eilon your phne yu culd alwy eil he uIf ha den' wrk yu u in have endu the phne nd dn ' re he chrer

De 26

Hr I ploig hrough hful clogo o yr' orh of 00 Whil ig r ioccu rrd o o i vig ho uch I'v p o00 ic I r purchig h i1 99 I hv col l co of ou 44 u h

f $

Lifetime su(o ou) lifetimsciption endthe human a

ting to do thIf this kind ofthese ubcrippeple are livi

We'll makenure that yolifetime subscmake to all of

De 26I ucr i

rciv h fr go ou y

Ye and yle u knw i

De 26I ' li o

r?

N aunil yu pul

De 26Wh o y

h ju o o forr ih

u'r re

rund dverh h h nhe ervice hehi ell u ien c

DMS ck nd l ns w c is n mbe i k Te Ki n" i s ded, ns es been wki n Ve izn is whle ime.

s in wd inmin in w te

7/21/2019 2600 v25 n2 (Summer 2008)

38/68

Anw, ve been edin 2600 f les cupe f es nw nd m enji w I medi I el l f ind i ieesin especi l wied t e teepe ices I e kick u fcl in sme f he d telephe nmbes sen inccsil b edes d I eve but Tce n t l jus f pe expif tis tpe

Ride uff nd ls ve Tck end Tn ve'muc

xR4c3

That recording ha been ar ound forever, well before Verion even exited In the New York area, the990 1 uffix i often ued to identify the witch tyeof a articular exchange It ued to be tha t dialinganything in the 99xx erie would hook you u tooething being run by the hone coan 9970would alway get you a buy ignal, 997 1 a fat buyreorder) 9979 a wee tone and 9950 oftentie

would connect you to the buine office Thee dayyou could eaily wake u a cutoer in the iddleof the night if you try any of thee nuber a they'renow being ued a nonagical extenion.

Dea 600esed I ws pssi Venice ipt

nd emped use n In ene pi n. T is I eeemin l ineesed m e s i ws ee sndin kiskith te pti t pe fi les fm pe dive Iin seed mine s I cld pen m expi I mepts fm m pe dive ext in I ws bei pmpted t I must hve m pssp sppedb the is's ebcm befe I c ccess e m-ch ie methi but the I t l i vemet

equi i i Of cuse I did't ffe i ti ndfte fe mmets te mchie pmpted f the pt be te I d id ' ee hve mI phtped d puhed te efud but, butthi hpp h i h t be i t m e l;thee s idicti uti l I iseted m me

is i es nce c ee, ne l k he CS I d'me nwledw ve d f i eeks in du mped l l e u cul d seds ppul

It really nogetion.

Dea 600 m nt sue

cve sb missi pce

M e i s

e w ene te es esues bve Abndn Hpesvni And b e ei eel M ces ed" n pe i nmi

I f I m wnnw

We will.

De 600

I 'm it i vice it TMti ced h I s hitti the svibte, I cclel I've sh

you beieve the isk is to you i you can hea peoplespeaking beoe you answe thei ca. Also, why ex-actly ae they speaking beoe you pick up? We thinkyou should use this oppotunity to un all sot o

m pssemessages sennfrman arn embe

7/21/2019 2600 v25 n2 (Summer 2008)

39/68

you should use this oppotunity to un all sot oexperients

Dear 26:

was l senng a wle bac ne f yur ffThe Hook pcass were yu were scuss ng sp-png peple's sna lma l by U ver e nernew n verf ca n Tug yu m g l e s .

l ve n relan an recenly swce my mb le perar. n relan al l e rage s a yu areallwe eep yur l pne number wen yuswc. s s wa wane Te lay ase wa

my n umber was, s l er. nce was ge n ge payasyug p lan , n ave prve m yrea l name r any ng, an e l ay even cnfrmes fr me wen ase abu A e en f eprcess se ane me, an ane me e new M car wc cs n ne eurs an came prelaew en eurs wr f cre) ase f a s a l l . e repl e a wul ae up 24 urs fr epne nu mber cange acual ly ab fu rurs . ) verf can f an y n a wn sp ne num ber Tey even prm se a l l e paperwr n ree mnues r yu ge 30 eurs wr cre e fr r Amercan reaers: n Eurpe sme bans ffer e abl y verfy/apprveban ransacns l e purcases w yur cre

car, wre ransfers, ec) usng M/exng n yurmb le .SiKing

Dear 26: jus receve my new sweasr Tans fr e

very uc el very a e fl lwn g effec n myfam ly members :

) wfe r l le er eyes an mae sme n f

grunng sun.2 ) sn, age 2 Cl sweas r a yu

ge me ne? "3 ) auger, age 9 s 200 e prce?"4) auger, age 7 m fare"

arn embeAner n

an passwrrerece

mymessage.csage. Tersurce, bu n exacly wmea messagug ' sere w eugly an

Incidentaltext essaginpage 3

Dea 26:Aer rea

nce e wjus l aweey seem cmpar ng

appearsprase wen exrapl ae fre ecre

C" bu nwl ess guessn g

We only ged to ake itBut two thingdeie. ne wa cauing

wa that soread figuredwas suppoed"urpried ? W

n cas a n n acss aad, w cmmnd Dad Smns s m Mac200 ss sque ab s m a Batmoe un I t ps w pspc cs

a ndwm and na and I cs pncpa

7/21/2019 2600 v25 n2 (Summer 2008)

40/68

moe un I t ps w pspc. cs, psnd as nanmn, , s kp npspc. T RL s p//wwws.cm/as/ssa/dadsmn030

an a, l kd dcmna Iws ad a b ndn.

Peer iGiovanniimon s cynicism a bo ut t he pght of ne wspapesan d the media at east ed hm to wte and poduce"The Wie, a poject tha t nay made the nventionof teevson wothwhe

Dear 2600:I s c lc cmc s and was bod n n h

h h, h t tos dcoc book o h o?" So I d T c o c s host Rder 2099 s b o,p bl h 4), o ft c s on o tho comc pbl o mo)

b Ml . I s hoh t nt th mchc o" p to o of cohoso o ppho Wh h pobo h clt f th fht h h j t scp,h hrack 2 . Wol too,mb." A cocc? I th n ot opfl l ht of Chost Rder 299 K ) stt o ttt bot hack 200bt I toht o ol l to ko .

o$e aman he hn yu can nd by readn

com We jus hpe Warwl s O

Dear 2600:t , ol l to copl t o o th

c o l to tpl b. to o th mag h l o to .

Sco, I I,:) fo to o 200 th t l l cool , pt c cPpct" lco Io" o o

pncpa s nc w w c n S d

Han n

s a was a 2 am as das man a was as b 2600 a n dadmn mana l wma nd

Th m o

oa l . Th Whl th wsndn bot wh b p l tt b 24 tal l omch

G B ) I ol ofc thoh o l lb Cp

o th om to ll P c o tl

t th o bot th Oth W h

Aft tbbo p l tht I ho th l l ot cop ohh pt c l lSo o oth tht th

Cqu

Dear 2600:

M hh ol h

2 .L

w cl

7/21/2019 2600 v25 n2 (Summer 2008)

41/68

I Foic F (24:4) Aoo ChowHck w p po l c l f l l wh obo o k fc o po o f I j w o po o fw oh oh wol h h fl l of #@*% F h off wh c l h w ofw h o poc (lhoh c b ch h cl) h o o o h h h a S p Wl l o c h i boh w I f poc h i o h a b h ol h h ha h BI S E h l owll c Sp wh h a o h Yo c h Sp oc co(whch o l l pobl) b o c Sp po (cp fo hilk hch l h Sp l ch) N h w h oc c:

Bc h a h h a, h hb l o c o l l 0000 cop oc"WF? How o o PC h oh o o whwhh co c o oh PC o o Al o if h a, o o o h cco h h h w c h fo h h c p of h a So wh l ch ofw

o o o o b

h po o kow oh bo copo b bl o l l hi fl bo ij wi o o popl f h h l l w h k owl

GunslingerOther than that, you enjoyed it?

Dear 2600:I f i oc h o o h joof hck ph fo h fo of foio of kowl whi l h fihool o po o c hol pl h ow

i h l f h f h l N

w cl3 Wi o

p c h ll b

4 C c bc h ho kp

5 Yo pb w o o o l

o wol bH co Sp

p

2 . So b oo p

h ho hI ) l l

o

I p

of cl

p (ppo o f h o o pk

o bo o fpo i c b

N

Kll AoNo bc h Ch ) w ol o h hh ic l ( o kowh oo

own bees and ma you down as pat o the conspacy

Oddy enough the sacastc epy you menton nh b b

umns like "Telective form a gredefinitely apprec

l d

7/21/2019 2600 v25 n2 (Summer 2008)

42/68

tem has appaenty been taen as gospe by somepeope as ou st ette wte attests

As o the ate o the hote we have one asthope And we hope you'e a pat o t

Dear 26:In Issue 25: I can't help but notice the simi

larity between the article "ssword MemorizationMnemonic and my own paper, "Mnemonic ssword Formulas, which was published last year inUnnomed ouna Vol 7 (May, 2007, http://www

uninformed.org?v7) The article was at best simplyan under-researched article as there are other mnemonic techniques that are much more effective thanthe template (formula) technique described, and atworst a watered down plagiarism of my paper, evenretaining the overall subject matter layout, sansoverview of previously established and documentedtechn iq ues The techni que presented in the artic le i s

essentia l l y a sim pl if ied version of the techni que described in my paper, however 'l l give the author thebenefit of the doubt and assume (s)he didn't read upon the subject as there were zero references or citations included with the article. For readers curiousabout the subject of mplex password creation andrecal l , advise readi ng through the prior art cited bymy paper and fi ndi ng a techni que that is comfortablefor the reader

Druid

Dear 26:Stop you nesponsbe wod Tibet is, was and

always a part of China, that no doubt of it, pleasestop your i gnorant words if you know noth in g of Ch i

na China is a beautiful, great country, welcome toCh in a to see every th in g with yo ur own eyes and getyour own conclusion We cn't tolerance someonespl it our c ountry, we can fight to the death !

indiana_lau b t d ht t th d th d

articles, drawingother, and betwAlthough the qwould especiallarticle on gang your usual contwith the hackeativity Oh, and spine, it a l l ju st

On another the discussion a

political, that aworld is divorccardboard box othere's "explorinpolitics (al l that etc) on the othand age, when by the state in

and when our pusing the samewell, the politichas never beenan isolate la b the social conteAn d when that"poli t ical so "hackers, and mus, are on the frhacker m i ndset of these issues in Sony DR Medhow much s urvetive governmen

world the abuseand governmenta good thin g - th

jc oun like a grea iea an were cerainly open

o i or o ing u we ave all we can o ogo rug pil o er a o" in an lec wic one prin wiou alo reponing

fro of ifoi ut, ott suitt to fa l s 8 8 4

7/21/2019 2600 v25 n2 (Summer 2008)

43/68

lec wic one prin wiou alo reponingo a wole oer pile o projec iea like i oneWe in even e your l r unil well pa yourealine no a likely woul av a i o

repon i we a een i eore o or e uure yall ean o oeing ariic wi our u Jugive cr it an le u ee wa you coe up wiDe 26:

a ri t ig you thi s l ttr to ask for your hl hav disspctul ghbors a thr visitors

Thy bast thir stros at all hours of th ight shre a c ircuit ca bui l or buy o isrupt or r th sto?

DidIf the fictitious solution we printed last issue

doesn't help you, perhaps the following real wordaccount will

Dea 26: ead r To K l an Aomc Su bwoor" ac land was d sapond a h d s th note that was con

Howv, t boght to d sthi ng th at actall happn to m Ths as a log ti ago in agalax ar ar aa as h saig gos

No l i, as studn g to b a lcron ics chn i

ci an n Kasas Ct Th od apartt bui d ig asl vng i as a bi un do ad ha a l manr oenans

One da was tring to sp n para fora m prat s th n x da a th apa tmt blw had th stro going ul l blast, prvtig ayhght of s lep

As la i bd cotlatig y pios, hght kockng th oor a as king cl,b gv n the nat sm th tna nts sc rachedhat di wa t lv to ak th tst h nxt da)

M ind did t shg had s in thbasemen nex o he srag bns a beakr bx

fal s , 8 8 4

Response

De 26:his is a r

i 4 4 t is gouravl th uivyour osi busctists o bHov, you

cocpts T a dctot o t not pvn adhscsts (eadti achin: basic ccept

but th problm ordr th sconds o mvy clos o tthat s, as E issp of l ght,h ass o yoto push it has t

s i , s vs to ov tof l ight you u vs o oti tav , in u vs a il kp ths sc ros g ula r

par aroud sc chk o patic), ou wm joiig toof ths h

th grat ork. I lov your ag a hav b rag for lo to a, though I th pg 33rc that u to appar o lr u I

hav l uh bttr rca b fou

7/21/2019 2600 v25 n2 (Summer 2008)

44/68

u 44 J put forth thory about t travl I tha o probl u up to or: StphHak g. H c to rt a book cal l Brief

Hitory Of e bk 1 998. Not tht I a tryg toct oubt upo th org a l ty of J' thought, butt a though h /hr thory a pu l l rtly froth pag of Mr. Hakg' book

megaIteation

Dea 2600:I a rag th artcl th Wtr 007'

00 u bout cryptg th ROT 1 3 o Ex prtExcha g, a th artcl by ay g thy o 'tu ROT 1 3 ay or; thy'r tua l y prott g"t o

Wl l , okay, but thy'r ot protct g t. Th atru bak h thy r og th ROT 1 3, but. . . 'o, guy; a l l you h a to o a ro l l o.

Expl t http.xprtxhg.o/Wb_Dv lopt Wb LaguagStar/H/Q_ 1 07984htl

Zach C

ea 600I ' rt g th rpo to th rtl Do

g ExprtExhg.co" rtt by hatbot.

lo u to gt frutrat h arhg forforto o outo oul rtur rut tht to o ut ho t xprtx-hg Ut ot th h oog rut rl t g txt fro th pott l o l u o . u othko ht oogl oly x ht h tvt h t. So o y, lo th h pagt u h y ror o lot th

kyor tht oog rtur for y rult. uh, Exprtxhg h b foolg u l rl tht f I pag o vra pg, th -tual oluto thr p l txt. Rtly, ot thy hv a a lot or pg of grbag bfor

oto a CD Ort to NTFS al lo you to

a fa l yt,CMOS paoth oftar facturr ay our to rt toth CMOS obor, o I hav

Ug a Lv

uccfully rchav crah o gt th bl k ay l v" Cty to boot froyo u ar tuff

Dea 2600:I a rtg

o" 5 1 T Wrr l ou o thr ut to crth ro for p

ly ha to th or cotro I g. a p

th q u t oxt. O of l ly toyg tau h th006, thy

bl totopr hrgt prt of tprct of ourth to

t i occuyig vious osit ios t th difftTgt stos, I cogizd th s fld stu tch sto Th PO systs t th ti) othi g o th idos T ch i s tht hd PO

f

too much inoeason veyoto themseves wothy o bein

7/21/2019 2600 v25 n2 (Summer 2008)

45/68

soft uig o th Thos chis tsittd tsctio ifo to th sto's sv s thtsctios ocssd Thi s i fo s tyi cl l y

stod fo u to oth i cs th s y dto cll it d v though th cdit cd ubis obscud o th cit, it is ot obscud i yy oc you hv ccss to vi it i th sto'stsctio log

Tht's just y $0 o th toic Ths fo ut-ti g out gt g

Ed

Dea 2600I sos to Agt Z's ticl Pssod

Moitio Moic, I thi h thods d-scibd 't uch btt th usig th ss-od fo vy ccout

Lt's sy I' siffig tffic t cof sho d you logi to Myc ith th i gt@gil co d th ssod ysczRYou c bt y fist ssod guss o you gilccout i l l b g i R l l , I ight sl l t y y l R d chovi RTh d of oic fo o i tht if it'sy fo you, i t's sy fo ttc too , i yoiio, is btt y of doig so scuity

Us difft coltly do sso foch ccout I l i us i g th og g to gt do ods h svl bittht c do this fo you s ll K ll ths ss-ods i txt fil o you cout Th ssodsyou us ost oft you'l l d u big, thst you'l l hv to loo u i thi s f i l

But do't lv i t i ju st y txt f i l o y co

ut. Us holdis cytio bi, Ubutultt C, do Co, d obbly o Li-ux dist ibut ios co ith holdis cytiobui lt ito th istl l If you us idos, PPsto i ood choic

touh time ettbasic pecatio

Dea 2600This is i tic l Pssohi s tch iq u ict gtoisd t o stogly ducods; if buyc

bly uss iott ss o ly s squts Ad siucytd isy oosit io

Istd of i uig ditth sculy Buc chid itt byX d ULititio sto ssod

Also,

ly Oc you'of ssods, you fi idos't

Problem

Dea 2600This ss

h l o u dho ds to ht o #t

i acoi h uralia dollar a pr i iorh rica c o i' alo acl vEven ih all o h variou char ha o io ovra chari arl 00 prc ovr

26:oo

bou Crpipvry ur

7/21/2019 2600 v25 n2 (Summer 2008)

46/68

a ditriuion, chari arl 00 prc ovrour covr pric do uii oo\ai a lo oo u d i ai u

26:i v your pr ig 8 iu i h O o

h hg gi i biig ' p up hvryou o Thi i by h y o of ho opi hruio vr beu boh rgh

Your oe of he lges mgzes n pn, o

m ee , d ha god Thee s eve, a p c I 'dl e see geng o spec a dn an d g eme s whee s a l h s cudwae n sene cmng m? I as n k l led he sel dscssn ased be ee e bg and neesng pepeave nw gne smewee else, gd easn,b e wasea nd a's e, l l as c az andsbad escen ebage, s a s ng see

See ecassandm, nsane cmps nxadcac Tee boen nw cnens me bease 1 ) nk s mean n

as nsane b as enssp and 2) nnanmes n m e nges and sene sed be ae gd nge S n k s s a p al ab e al s, ag sme ee ma dsagee wa Desn sme ne ae a e as a e gd dea

wee a capwae and scawae s m ng m?Aall, e been slgl pzzled ab sene

al ang Bease wen lked a bks n epc e nene and bespae, a ss esces wee menned b sene was n Yelkng a , g (sed be) was e msale and neesng pa bespae

rh msFist, when did we become one o the agestmagazines in pint? We mst have missed somethingAs o Usene, yes, it sced o qite a whie noodeated newsgops ae eay the ony possibe

h i i t ti di i d tti

vry ur ig o po io h U . 5 . )fppoi

i pro h i d i il r o ob u p ihhi o f o h sr

Aer ppe

changing pnelikpedia edead e nmed based agenda

Bae s e eds" (eng n mms

g

r 2600:da was

wk " dsmng acess b a (eacess was nae I was nsmed a me" desn kesbm a eesmese

Wed ie tosame thing Tha

r 2600: d d

r o uoilly or fi l o ' l h o riohg rfu iolig o i l if l Th knst of as fo a sowhat sunn

an wa southn nan

y poi o' l loy fr pho o ir y h

7/21/2019 2600 v25 n2 (Summer 2008)

47/68

an wa southn nanNk (o shou that b N1 k han?)

Yu ll n he laer year ar e n he enble rer

ne hee ay well ge arun xng he lena ng hee he earler year. We wll herully p any prgra ha auae he renangpre n ur webe.

Dea 2600:I wrot to th subscriptio dpartt to s

m ss had bn ma d to bcas I hadn t r

cvd t at th bg nn ng o Ma Yo r compa n wasknd nogh to ma m ot anothr ss I wantdto thank o or dong that I aso wantd to wrt tonorm o that th rason I got m post oc boxwas bcas m ma wod otn bcom ostow ts happnng at m post oc box and t nvovs th on magazn I wo d vr sbscrb to!

I wnt and nrd at th post oc to s s s tat was ost had bn ond h ad att co ntr nord th at th postmastr wasnttr and I wod hav to spak to hr I tod hr o staton and sh wnt and ookd or t dss to sa sh ddnt nd t Sh dd howvr norm that t pop arond m box ar dr andth wodnt tak agazn wtot vng t

back I wantd to t o know that wtr t bb accdnt or on prpos m ss was ost oknows an d r woman ma b trn hr and atavsdroppn g wt LDPLOAD!

I a so saw that a ot o pop wt t na o wrot rs n th ast ss Im gad I pt hn ront o na.

e Je

2:Ovr th ars Iv rad man ttrs n or

agazn abot how nmros ndvdas havbn snd ot nar b thr vwng or

r y ho' our f you'

urirp orr00 your pio of origi

d T

De 2:I jst on

ob hat n or a sbs

tm hackrs gas anth nd o tod ow acontnt o oars o scc

:ard ng

o! ank o

2:I jst rc

tat I got to pang hck hI ra zd ostaps nstado n as I ra

KGE

7/21/2019 2600 v25 n2 (Summer 2008)

48/68

by Acrobaic

E O O GlE a

LiG h T-O RC EItiT E D

wih mi l l ions pl ai nexs, i nd

Aacs on crypographic schemes have us o perusebeen round for years General ly, he mos become boh asuccessful aacks rely on ime, powerful a h uge di cionprocessors, and large pool of daa from webionary.wh ic h o es crac i ng aemps Graned, h

ne way of a l levia ing he ime problem secure passwo n d hus he processor problem is o hve been s l ed

more han one cracker woring on he add i n g ex oproblem simulaneously. e see he effecs hen usi ng haof his in coness l ie disr ibued.ne s Proec ion.) oweveR, which used disr ibued compu ing o use psswordscrac previous ly uncrackable c iphers , hving if you now hun dreds of housands of peopl e emp loy hei r d ifferen prob

compuers owards he goal of esing everyin a second.

poss ib le ey u n i l h e correc one i s found . s in g P Many aacks on encryped passwords rely care of h e

on dic ionary aacs, in which wek pass oogle searcwords re guessed by esing hem agains sors hem bymi l l ions of enr ies of p la inex words in f i le re a ive l y smaor dbse. fen, hese reposiories cn be o find mac

found spl i ino hemes, such as huge l iss of he pla inex personal names, p laces, or commonly used search a l l hepasswords. he larger your pool of daa, he search is unsubeer you r cha nces of successbu he l onger search wih Yi wi l l ae o es every poss ib i l i y. Yahoo summ

maches for hu n res of hashes i n less han afew secons each s i m poran o rememberha h is is o a cacei s a f i e seaof brueforce, l ie o cal l i l igh-force" f

A more nefascri p o searcompomise

This shou

7/21/2019 2600 v25 n2 (Summer 2008)

49/68

of brue force, l ie o cal l i l igh force fhe hash an p la i nex haven ' been pose ohe web an inexe by he search engines,

h i s sip won ' he l p Jus for fun, use he scrip o search forh i s hash 3 b 9 9 e S d 7 7 a d 4 0 S S 9 b 9 S- S 9 9 d

Yahoo foun an eurne he plaiex 600" o me in 074 secons Thi s meansha somewhere ou here, someone has use

an eciphere 600" as a passwor anpose i o h e i nerne

Whi le wri ing h is program, I inves igaean inspece many pages of resuls fromsearch engines was shoce by he numberof pages foun ha were aabase u mp s ofuser informa ion, inc luing conac informa

ion, securiy uesions an answers, pr ivaemessage logs, an more, uce away alongwih he M hashes of heir passwors invarious websies across he worl, wherehei r owners proabl y hough hey were safe

by Jacob P. [email protected]

This shouprogrammersl eas sal you

hem on he o es he srcan creae ai i nux or t e x t , or f inors o h e wec i pher you

My worh t tp : / / ww

The souh t t p : / / ww

s o u r c e / o

e srtice te tt/

warig agaiecessa y p

This is o

ne i ke HTM DM i t t i i t t i et t i te i ( i e , t tn the i l i t t eme t t '

Se o [ ] . i in

7/21/2019 2600 v25 n2 (Summer 2008)

50/68

n the i l i t t eme t t i f n t i i i tt y m k l n t t

the t ie t ' hn t e n a e i e t jt y fin i n

JavaScript a the HTML DOMNw, a l ih aide diu JaaSip

and he HTML DOM (Dumen ObjeMdel if yu ween awae m bwellw yu ee JavSip fm headde ba (See Javaip njein,"26 Auumn 005 ' a imple mae fyp in j v c p t : comnd , f memmand, in he bwe adde ba F

example,j v c p t : l e t

w i l l ppup a b la n d ia l bxThe HTML DOM i ne f he be

hin happen peple wh l ie dinpwful hin wih hewi uineei we pae in JavaSip, yu anhane paial ly any paamee n any

a, and yu an eve mae new a Yumay, if yue inl ined, ue JavaSip mdify he DOM and ale he pae yueviewin ui yu pefeene, huhhi exeie i lef he eade Che u t p : / / www w3 c o o c om / m do m/

d e a ap f an induin h

HTML DOMThee ae hee pa f he DOM ha yuneed nen yuel wih ae docuen,he DO M ' pa en bje fom, he a ay hahld he dumen' fm and e e e n t

i in me i t

Se n a v a

f o [

eembe thSe N

y , y j v' f o [

yu e pa imi la

Step Leau eeupped

Step Ty' m e n f o

'v u e ) he pawdbe a ea he yu innm e ba wld l iba ian

Whew! f ydu in h i ipa n he baf audi i ib l e mv ie

Steal in i f he wdabue he nbau 'm nbea a law

7/21/2019 2600 v25 n2 (Summer 2008)

51/68

by recter

isclimer This rticle is r inrmtinl

purpses nly. I yu get cught it's nt myprblem Yu shuln't hve been s stupi

ntil reently I wored at a rather niel iquor store. e used a software suite al ledSpir i t s 2 whih has been wide ly used inreta i l l i quor stores s i ne the s . I t wasreated by Atlant i Systems Inorporated

(AS . I read in a beverage magaine that theSpi r i ts 2 paage starts at $ . Thi ssoftware eeps tra o f everyth i ng i n lud i nginventory sales employee information shipments and muh more. It is a pretty robustsystem.

The brains of the software su ite is a l ledSpir i ts Baroom. Baroom ontrols everyth in g from pr ies to empl oyee i nformat ion toinventory adustmentsthe whole nine yards.The plae I wored at had several omputersrunning th is software and any hange madeon on e omputer woul d automat ia l ly u pdate

the data on t he others through a proess a l ledpol l i ng. So i f I so ld a bott le of Ja from oneof the registers the data f i l es on a l l of the otheromputers would be updated with the sa leinformat ion that is the sa le pr ie d isount

del imited f i leprogram s uopens as a n

o f the emp loand present aess to buposs ib l e to ai nformat ion f i les and umanagementto. To mae set the systeto share thewr i te aess sary poss i b i

Another

lous setup iard run either in x orAl l o f th e the fu l l numthe ustome

passes over tfew differentquite a few or hange infun an be h

7/21/2019 2600 v25 n2 (Summer 2008)

52/68

/Hw Neue Cypgaphy f ThuandTwo yers go vendo r mde non stn

drd modiicti on to crytogry ib rrysed by tosnds o systems or H,N , , nd mos t ote r encryted tric

For two yers t i s c nge we nt ndetected,i ntrodc in g weknesses i nto te key genertion nd encryted tric

ond ike rge commerci vendor(synonym sm , im) co ding wit syy government to weken crytogry to ese srvei nce A oreign

government gency oing to ccom is te sme od yo be ieve noen sorce deveoer on rgby oneo te most m i i tnt y G nd oen in uxdi str ibtio ns, on com ete y oen so rceroject

In etember o 2006, Debin deveoer o owed wrning rom t e memorydi t ing toos r iy nd vgr ind, ndidnti ied otenti rd o n in i t i izd

i d t d t

Insted ostrem rom wide entroRNG (sed

ses on y tbetween 2 28 ( te en exo n ndeciw i k i e d i oi nsted 2

insted o neto store everytkes bot torm ( Intetc ) t tercent s m

been (And scoo mt 9 Its ctn mbers in t

N t

u l eal e ee he the te te lf te ae t ue a u l ea le OpeSS L l a ee u S e SSH ue e e a la l a l l t aff te pae ute f a ue l a u ept

7/21/2019 2600 v25 n2 (Summer 2008)

53/68

e pae ute f a ue l a u eptate f te Mt SSH ee al l he aee attept pe et ea eeate pethe aeae eah aea f ath the t e ue e ut e et ee t( 3 7 e t e aeae a e eth e l l e fu h a lf f the eah a ea ea u l te ee attep pe et I 99 etIf the atae ha ae t the u e p u l (a h ah f th

e (a a e pae tl f athe pe )ee hee the ue ha plae a e a ee f et the a th t ee a atte f l e apl ath the pepute e eele Se the pe f the SSH ee u l eap e eatel uea le t he eah 9 9

a ea a e a e ee fu the a t ea theute f ue th u l eal e e he e fee eae e etp

H Me ha pepute the SSH ee SSH ht a ue e f eea l pl af epe a l l aa la le at p / / m p m / ueale / m / / p / H

h f l a affet ee ap pl at h h M l e l ue OpeSSL a epea l l u tet eaue t t ue a pe tet pea la e p e t u l ea l t h h e t aa e epl upa the affete l a upeta appl at hh te a e ee W

ate the u l ea l e l a l l t ue ata eat e u l ea le OpeSSH OpeVP at t uepahe IapSSL SSH l et ee a e ha e ept hee uh a ata

h SSL l I f f

THE GEESQUAD

7/21/2019 2600 v25 n2 (Summer 2008)

54/68

SQUADby Turgon al ly mi l l ions

nu mbers a nd Ah h the Geek Squad: l ove them o r hate them, ning Most Agh y 'r here to stay est uy's computer "task log copious n

force can be found in every store, at your home WP key SSIDor office or on t he rod in their b lck a nd white OS, RAM amo

VW beetles The Geek SquA majority of their employees, who re known not only abou

as Agents, are high school kids with a basic under numerous smstan ding of Windows Vista an d XP, but more tha n Note tht a few of them really know their stuff Some even STS passwordsred and cont ribute to z password is ea

What is this article about? Well it isn't a rnt having an Age

about incompetence. Sorry, guys and gals, but for informatioyou can find plenty of tht on c o sum r i s t com that his passwor on countless forums No, what I am here to it reset in mintal k about is a tiny security issue with hu ge conse Agent to knowquences ere's how to wreak havoc in five easy it 's possible tosteps browsers at th

t te Ca l l the Geek Squ ad at ca l ly have un fe1 -800-4 -778 a nd se t up a n appointment for Agent is forced wireless network security install This is their promptchepest an d q uickest service U nfortun ately, it Agents arewil l cost yo u $9 as we' l l see lter, thou gh this is keyloggers if tha small price to pay for such pre system optim

e te Instal l a keylogger on your jobs The simlaptop or desktop computer. Software hardware encrypt your doesn' t matter. even look twi

te Reset your wireless router settings or physicl ly eo he defaults: disable WP and WPA and use for hardware loh d fau l 5S ID Then st back an d wat for you r est uy likppinm n A field ech, wh we l l cl l D le n d c ustmersAgent l l sho p o r door He r she il l stick A work

Ba n k of America e bs iteRead i ng of Other Custome

7/21/2019 2600 v25 n2 (Summer 2008)

55/68

Read i ng of Other Customeby malpelo93gmailcom

There is a security flaw in ank of Aericas website which al lows any ank of Aericacustoer to iew anther custer's creit carstateents uner certain circustances Bank ofAerica was notifie of this security issue in aletter, but they replie that they are unwilling tochange their website, an the security hle stil lexists as of the writing of this articl e

Only Bank of Aerica creit car holers,not eposit account holers, are affecte by thissecurity hole The flaw relies on two things first,the sectin f the banks website that isplays

custoer stateents retriees the stateents byusing an unencrypte UL containing the ful lcreit car accunt nuber ecn, the saeUL use to retriee one custoer's stateentca n be use by another Bank of Aerica custerto iew that sae stateent an others fro thefirst custoer's accunt

The U L for iewing a stateen t in the "stateents section of the Bank of Aerica website isconstructe as fllowsh t t ps : / / c c s s b ank o f am r i c a . c om / NAS App /- B o f A c e / G t s ta tmn t oc 5 4 X X X X X XXXXXXXXXSTATFMENTSDocumntArc v $- 9 0 5 4 X O I 0 2 8 0 1 6 &- o c D a t = 0 0 8 0 d o c T y p = P D J 1 s s e r 9 , d o w n I o d= s

Th e 4XXXXXXXXXX" kept in the webbrowsers history, where it can be seen by futureusrs f th a putr Thi i whr th

one is able taress bar fro the sercustoer is ln ttcker ccreit car ncustoer's stto also hae as as well as theof the acccou4 in the abwhic h is pu t not see to

erifie withaccounts whibe possible tafter enugh actual UL frcan siply usappe ars to be

the login sessThe fact than tran sitteAerica abou"The accountineffectie wtion ate that

an k f Aerbasis to p rotel iable for frausyste constraccunt nu

WY IS -lS M'-1-P - -

7/21/2019 2600 v25 n2 (Summer 2008)

56/68

-P - -I/-?

by ortr yn ment Ps, and Of course,

I was l stenng to a recen ed on f 6's ethcs than heweekly audo program h and I must also be aheard the host , mman uel Goldse n , as k ng the nc lu ng aqueston, "Why does ths compuer need to be done fro thconn ected o the nternet? an employee's

Ah An excel lent quest on, and one tha s menal rape s more complcated and convolued han one and some ohgh th n at f rst busness comp

I used o work at an unnamed elecrcal he IT departmut l ty. uch of my experence comes from ha on work compan d fro prevo us work experence as a nework or wrong s madm n srator and eng neer Because of

So, why are coputers that seemngly have busness bengno need for nterne access connected o the qu e nev ably n rn t ? os peopl

The short answer Lazness and expedency elecr cal gr dsEven as a secur tyconscous netwrk admn- many oher cr

strator, I was nevtably confronted wh stua- connected, onet ons l ke th s one Someone woul d e l l me, "We If they aren chave ths computer that needs o p r nt l abel s for conneced to vstors to he u l y of modes' low

"Ok, I d th nk "Sounds l ke a sandalone ut l za on of mappl cat n and oher AS

Then, I 'd be told "We would also l ke o be the appl cat onable to ma nta n a l s t of v s ors , and suddenly now u l z ng nthe syste eeded o have a database Yes, s

F l l I d b k d "C ld l h h

ve ecu y, a wch ecu y u ua y qu e oabe. SNP a ecuy ghmae, admo wche ue ca be compomed whhe ypca p ub c ad p vae SNP commu y g VLAN ad wch po agme ca

he och Hk hodageou houghou had he wod

7/21/2019 2600 v25 n2 (Summer 2008)

57/68

g. VLAN ad wch po agme cahe be ea ged ahe ea y So, VLA N

ae o he awe, ae epaae ewok apo b y?Someme Bu you kow wha happe.

ev aby hee ome "bu e eed, uua y mag ay, ha ece ae he coe co o heecue ewok o he ma poduco, eeaccebe ewok, hu makg he "ecueewok ecue he coeco o ecue opoduco ewok ca be doe h ough a ewa , bu h uba a y e ecue ha"o coeced he amea o ad deahap o he ewok adm ao ae o augh omehg ca be coeced wh coppe o be, w eveua y be coeced.

y ae cae, compae o goveme oa a o ha have ome gap o ecu y, do we ed up wh compue ac e haae ecu e om he ee. h he ecep oahe ha he om.

B uc e ' m ov e Huce ad he k d hacke have o phy ca y go o e ec ca a m o ad geea ocee o ge acce o he powe gd h,uouaey, whu h kg.

ad he wodhe be

coeced odoe .he way

good ecupeom he po cy ha ha povde y, ug eecue, u g ha ae ecu o, wh ch mecuy po co ewok wae updaea pu o be

Keucky. ha ome o eeacceowae ca e be acompue Sopogam whe

a vu owdo a ado k a vu emove he gue gu opo hy h

doe heue abou hea hk p a SB humbd

Some o

ve he e y epobe o maa ha d ue omeh g appoachg aeaoabe ecuy po cy, hey ae coeced,peumaby ove a ecue ewok (yeah, h),o compue maa g doweam d bu

o g d ha ae o a ecue ou a e oy aecue a he weake k you amo, adma e d bu o g d ae he Ach e ' heeo e ecca d ecu y e aed o h , SADA( A d D A ) h h

7/21/2019 2600 v25 n2 (Summer 2008)

58/68

b It s none as I say, n to

I enoy readn g your maga ne, and toug of wor ng wam not a computer acer or crac er, I before my cu r

toug t you m g t be nterested to ea r about nto te offce

ow nce near ly got arrested for a c ng an d lo o. Tere wended up wor ng as a secur ty consu ltant . front of te maIt a ppened w le I was c l er n g for one of around for so

te bg a ul age f rms. Te ob nvo ved trac n g mac n e t wadel very trucs, potocopy ng documents, and t wa s dong ade l ver ng ma l , even toug t s was twenty mac n e was years after t e eperts an noun ced t e arr va l networ

of te paperl ess off ce. I t wa s a ss l e from n ne went nto a sto fve. rom te frst day, I wanted to t, but tat te comav ng l eft scool two years ear er at s teen, someone's noI d dn 't eact y ave many career coces . I ad smpy bewas studyng at ngt scool to become a ard ds wcomputer networ engneer, but I was ree g n, f eeams away from be ng l f ed. n te bacgr

Te only good tng about te ob was te n f n te- lotat I was free to wander around te entre foretold. I ob u l d ng wt te ma l cart . Wt n a few days error messageof startng, I ad found a deserted part of te runn ng, t ad

a mobi o ad d ia d o d i o" rod ito t adt To Y bt

ct a o tory ort t room oo d trtd it o mot o tm ari it tat yor"o d av tak a artr o my yar y a a ry I r

7/21/2019 2600 v25 n2 (Summer 2008)

59/68

o d av tak a artr o my yar y a a ry I r to b y T o y o to trodc m a ro it t

Barkr a ad t IT maar tod ta k i Wo ar yo a d at r yo doi o Wit tat comtr" a d rom Bar kr

I ' m ar R i y I otcd t maci ad I ' m tak icrad" I r id avoid ay rrc to comtr my bi a mai c rk o my irt k mod I to

Tam ri it com tr i a o " rror"

Cr i mi a o" addd t ad m t Barkr ooi t m or t arri v cr ty ard to ar it o ty tooTr a a t croto m ovr a dvrybody md to b ait or m to t rid o may omt i co o Mi croo m i t aby ad t t by but I co d 't d a yt i to ay i to r oMy bra a o y i i t m a o m ook"

ui a mai cart arod t Cdar Crk bit o tFdra Corrcti o a Faci ity I odrd at irt k rk d o a t im do a ck i carr id t oca ru

I a ' t tamri ut ooki I ko I i o i m t o d av od t dk but t my ay otr comirt k r a d I orot t m br" ct t r i t a y I ad vr ko it T o y comt i t cr btat ra c rk r a od to do a I t t tcomt i t ar root o ot i a t abo

T k id co d av b ack " t y i ovt a dm i a i d I t k o d c a t m itrrto i c " My to ma c d i d a om ra u t bv i I to d yoo y t i crty ook orktat o d cr" a

om ort o commrci a data k t ayro I d orott dta i or t at t yar or t i o t d to ooo o ic Crk o t Mot I ookd im a arod at t crod obody obctd to t a b i da oad m ' to I a t cr ty a rd back Mayb

W i dws tegy. ehs w I l l hck the h s ty lg he s id . y ese. was

he f h im t kwig v ished wee t ed my het sk he h i sty g tht they wei h f i l h k k f d Wh

7/21/2019 2600 v25 n2 (Summer 2008)

60/68

i the f i l e tht kees tk f vy mm d Wh eted d I k w tht t w l d hve ist h esed

my et vty

Documents

2600 v25 n2 (Summer 2008)