- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 42834
- Проверка EDB
-
- Пройдено
- Автор
- PHRACK
- Тип уязвимости
- PAPERS
- Платформа
- MAGAZINE
- CVE
- N/A
- Дата публикации
- 1989-01-25
Phrack #23
Код:
==Phrack Inc.==
Volume Two, Issue 23, File 1 of 12
Phrack Inc. Newsletter Issue XXIII Index
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
January 25, 1989
Greetings once again! Before we really get into the issue, we here at Phrack
Inc. would like to address some of the questions and comments we've been
hearing lately about the last issue of Phrack Inc.
When we heard that people were having trouble using the Unix Password Hacking
Program, we decided to contact the creator and were given this response:
"My password hacker will compile on anything. I have had it running on Xenix,
Unix System V 3.1 and BSD 4.3. It sounds as if someone may not know what they
are doing. I will put money on it working well on any flavor of Unix."
Now as far as Red Knight's Unix file and The Mentor's Beginning Hackers Guide,
we had absolutely no idea that those files had also been submitted to P/HUN
and were being distributed. The file on the Internet Worm was a Bitnet release
that we felt was a good enough piece of information that it should be
publicized. Readers may wish to make a note that Volume 5, Number 4 of 2600
Magazine also has re-released the Internet Worm article and Red Knight's file
on Hacking Unix.
In this issue, note the final chapter of the Vicious Circle Trilogy as well as
the beginning of the Future Transcendent Saga, both written and created by
Knight Lightning. Look for the third and fourth chapters of the FTSaga in
Issue 24 of Phrack Inc.
Any writers with unreleased files wishing to submit them to Phrack Inc. may
send them to us via The Prophet or if you have access to a network that
interfaces with Bitnet, send them to either of our addresses listed below.
By the same token, anyone on the Bitnet accessible networks, MCI Mail, or GTE
Telemail who would like Phrack Inc. delivered to their accounts should contact
us.
Knight Lightning & Taran King
(C483307@UMCVMB) (C488869@UMCVMB)
_______________________________________________________________________________
Table of Contents:
1. Phrack Inc. XXIII Index by Knight Lightning & Taran King
2. Phrack Prophile XXIII Featuring The Mentor by Taran King
3. Subdivisions (Part 3 of The Vicious Circle Trilogy) by Knight Lightning
4. Utopia; Chapter One of FTSaga by Knight Lightning
5. Foundations On The Horizon; Chapter Two of FTSaga by Knight Lightning
6. Future Trancendent Saga Index A from the Bitnet Services Library
7. Future Trancendent Saga Index B from the Bitnet Services Library
8. Getting Serious About VMS Hacking by VAXBusters International
9. Can You Find Out If Your Telephone Is Tapped? by Fred P. Graham (& VaxCat)
10. Big Brother Online by Thumpr (Special Thanks to Hatchet Molly)
11-12. Phrack World News XXIII by Knight Lightning
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 2 of 12
==Phrack Pro-Phile XXIII==
Created and Written by Taran King
Done on January 18, 1989
Welcome to Phrack Pro-Phile XXII. Phrack Pro-Phile was created to
bring information to you, the community, about retired or highly important/
controversial people. This issue, we bring you a user and sysop having great
contributions through his boards, articles published, and general phreak/hack
activity...
The Mentor
~~~~~~~~~~
Handle: The Mentor
Call Him: Loyd
Past Handles: An article for Phrack written as The Neuromancer for (then
present) security reasons.
Handle Origin: The Grey Lensman series by E.E. 'Doc' Smith
Date Of Birth: 1965
Current Age: 23
Height: 5' 10"
Weight: 200 lbs.
Eye Color: Brown
Hair Color: Brown
Computers: (In order of owning...) TRS-80, Apple //e, Amiga 1000, PC/AT
Sysop: The Phoenix Project (512-441-3088)
Origins in Phreak/Hack World: When he was 13, a friend's father who was a
professor at a local university gave him accounts to use on one of the PDP
11/70s at the school. This was his first introduction to mainframes, and
he was hooked. He continued to use the University's equipment through junior
high and high school, upgrading to a DEC-10 and then finally a VAX 8600.
Needless to say, since he wasn't a student, acquiring accounts to use was
sometimes tricky, so he began to write fake front ends, trojan horses, and
other hacker utilities. Loyd's interest in hacking grew from this to the point
where he wanted to get into *everything* instead of just his local systems.
Origins in Phreak/Hack BBSes: He was involved in the pirate boards from about
1982 on, during which time many of them doubled as phreak boards. From some
of these, he got the number for Sherwood Forest and P-80, at which point he
started calling out.
People in the Phreak/Hack World Met: ANI Failure, Android Pope, Bad Subscript,
Control C, Crimson Death, The Dictator, Doom Prophet, Erik Bloodaxe, Ferrod
Sensor, Forest Ranger, Hatchet Molly, Knight Lightning, The Leftist, Lone
Wolf, Lucifer 666, Phantom Phreaker, Phase Jitter, Phlash Gordon, Phrozen
Ghost, The Protestor, Surfer Bob, Taran King, Terminal Technocrat, Tuc,
The Ubiquitous Hacker, The Urvile/Necron 99.
Experience Gained in the Following Ways: Hacking. You can read all the gfiles
in the world, but unless you actually go out and hack, you're going to remain
a novice. Getting in systems snowballs. It may take you a while to get in
that first one, but after that it becomes easier and easier.
Knowledge Attributed To: All the people who were willing to help him when he
was starting out plus actual hands-on experience.
Memorable Phreak/Hack BBSes: Sherwood Forest, The Protestor's Shack, Metal
Shop (when it first went private), Stalag-13, Catch-22, Hacker's Hideout,
Arisia, The Phoenix Project, Tuc's Board - RACS III (LOGONIT)
Work/Schooling (Major): BS in Computer Science, work as a graphics programmer.
Conventions/Involvements Outside of Phone Calls: Nationally ranked saber
fencer in 1985 & 1986, serious science-fiction collector & role-playing gamer,
play guitar, bass, and keys in various bands.
Accomplishments (Newsletters/Files/Etc.): He's written at least half a dozen
files for Phrack, and has had articles in the LOD/H Technical Journal, P/HUN
newsletter, and has written the always-popular Hackin' Off column in Thrasher
on a few occasions.
Phreak/Hack Groups: Currently an active member of the Legion of Doom/Legion
of Hackers, formerly a member of the PhoneLine Phantoms, The Racketeers,
and Extasyy Elite (gag.)
Busts: Being busted led to his retirement for around one year. He thinks
everyone ought to take some time off: It helps put all this in perspective.
Interests: VAX computers, packet switched nets, and computer graphics.
Favorite Things: His wife, my cat, Chinese food, the blues, jazz, high-prived
UUCP accounts, unpassworded accounts, DCL, Modula-2, double-buffering, Stevie
Ray Vaughn
Most Memorable Experiences: Getting married (6 months now!), getting pulled
out of a political science class and dragged down to jail, dragging Control C
away from drawing LMOS diagrams for a bunch of drunk high school girls,
SummerCon in general, Knight Lightning jumping up on a bed and yelling
"Teletrial!," carrying on a 45 minute conversation on blue boxing & phreaking
in general with a guy at the gym where he works out, then finding out he's in
charge of security for my local telco, trojaning the Star Trek program on his
college's DEC-10 so that everyone who ran it executed my fake front end program
next time they logged in...
Some People to Mention: Android Pope- He's got to have *someone* to get into
trouble with!
Erik Bloodaxe- see above.
Compuphreak- For helping him get started &
answering a lot of dumb questions (ok,
explain this diverter thingy to me
again...)
The Maelstrom- see above.
The Urvile- d00d.
INSIDE JOKES: "Do you think it's a good idea to do this before we get on the
plane?", "Gosh, I wish people would find somewhere else to dispose of their
phlegm.", "Hi, you must be Dan. Take these.", "If I get busted, I'm going to
burn down your house with you and your entire family inside.", "Trust me. You
need another beer.", "This hall seems like it goes on forever!", "It was nice
of them to box this stuff up for us!", "All of you! Out! Now!", "Surely you
aren't going to touch that girl?", "If they stop us, we shoot them and drive to
New York and change identities. It's foolproof.", "You really want to talk
phones?", "I can't believe you made him cry. That's sad.", "Mr. Letterman?",
"Do you speak DCL?", "No you idiot, GERMANY!!!!", "Now see, you do this, then
type this, and boom! Codes for days.", "Ma'm, I'm sorry to tell you this, but
your son is a computer criminal.", "How much for the rocket launcher? Is that
with or without ammo?", "By now you've guessed, you've been had.", "Well, if
you're going to be working at the jail, maybe you can help them out with their
computers.", "No, she really wants us both!", "What's in the briefcase?", "It's
my older brother's gun, officer.", "Bell Communications Research presents...",
"I'll pay you $500 for the last four digits of his phone number. Just give me
a hint."
Are Phreaks/Hackers you've met generally computer geeks? Strangely enough,
the better ones he's met aren't, but a lot of the posers are.
Thanks for your time Loyd...
TARAN KING
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 3 of 12
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Subdivisions <>
<> ~~~~~~~~~~~~ <>
<> Part Three Of The Vicious Circle Trilogy <>
<> <>
<> A Study On The Occurrence Of Groups Within The Community <>
<> <>
<> Presented by Knight Lightning <>
<> August 8, 1988 <>
<> <>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
A Rose By Any Other Name... Would Smell As Sweet
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The Administration Advanced Telecommunications, Inc./ATI
ALIAS American Tone Travelers Anarchy Inc. Apple Mafia
The Association Atlantic Pirates Guild/APG Bad Ass Mother Fuckers/BAMF
Bellcore Bell Shock Force/BSF Black Bag Camorra C&M Productions
Catholics Anonymous Chaos Computer Club Chief Executive Officers/CEO
Circle Of Death Circle Of Deneb Club X Coalition of Hi-Tech Pirates/CHP
Coast-To-Coast Corrupt Computing Cult Of The Dead Cow/-cDc-
Custom Retaliations Damage Inc. D&B Communications The Dange Gang
Dec Hunters Digital Gang/DG DPAK Eastern Alliance
The Elite Hackers Guild Elite Phreakers and Hackers Club
The Elite Society Of America EPG Executives Of Crime Extasyy (Elite)
Fargo 4A Farmers Of Doom/FOD The Federation Feds R Us First Class
Five O Five Star Force Hackers The 414s Hack-A-Trip
Hackers Of America/HOA High Mountain Hackers High Society The Hitchhikers
IBM Syndicate The Ice Pirates Imperial Warlords Inner Circle
Inner Circle II Insanity Inc.
International Computer Underground Bandits/ICUB Justice League of America/JLA
Kaos Inc. Knights Of Shadow/KOS Knights Of The Round Table/KOTRT
League Of Adepts/LOA Legion Of Doom/LOD Legion Of Hackers/LOH
Lords Of Chaos Lunitic Labs, Unlimited Master Hackers MAD!
The Marauders MD/PhD Metal Communications, Inc./MCI
MetalliBashers, Inc./MBI Metro Communications Midwest Pirates Guild/MPG
NASA Elite The NATO Association Neon Knights Nihilist Order
Order Of The Rose OSS Pacific Pirates Guild/PPG Phantom Access Associates
PHido PHreaks Phlash PhoneLine Phantoms/PLP
Phone Phreakers Of America/PPOA Phortune 500/P500
Phreak Hack Delinquents Phreak Hack Destroyers
Phreakers, Hackers, And Laundromat Employees Gang/PHALSE Gang
Phreaks Against Geeks/PAG Phreaks Against Phreaks Against Geeks/PAP
Phreaks and Hackers of America Phreaks Anonymous World Wide/PAWW
Project Genesis The Punk Mafia/TPM The Racketeers
Red Dawn Text Files/RDTF Roscoe Gang SABRE Secret Circle of Pirates/SCP
Secret Service 707 Club Shadow Brotherhood Sharp Inc. 65C02 Elite
Spectral Force Star League Stowaways Strata-Crackers The Phrim
Team Hackers '86 Team Hackers '87 TeleComputist Newsletter Staff
Tribunal Of Knowledge/TOK Triple Entente Turn Over And Die Syndrome/TOADS
300 Club 1200 Club 2300 Club 2600 Club 2601 Club 2AF Ware Brigade
The Warelords WASP The United Soft WareZ Force/TuSwF
United Technical Underground/UTU
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Its literally unbelievable just how many different groups and organizations
there are or have been in the phreak/hack/pirate community. The list of 130
groups displayed above is probably still just a fraction of the actual amount
of groups that there have been, but those are the only ones I am aware of at
this time.
In the past John Maxfield has estimated that there are about 50,000
hackers/phreaks/pirates operating in the United States today. That figure has
multiplied to to a point where it probably comes close to 500,000. Believe it
or not, almost everyone has been a member of one of the above groups (or
perhaps a group not mentioned) at one time or another.
Today's telecom security consultants and law enforcement agencies know this too
and that is how group affiliations can be turned against us.
What does being in a group mean? In the modem community being in a group is
supposed to mean that the people in the group work on projects together and
trade specific information that people outside of the group are not allowed to
access and by the same token, have no way to get it. However, obviously the
people in the group all feel that the other people with whom they are sharing
information, can be trusted and are worthy of associating with them to begin
with. So when you stop and think about it, if there was no group, the people
in question would still be trading information and would still trust each other
because they would not have formed the group unless this criteria was met in
the first place. So in truth, being in a group really means nothing on the
basis previously mentioned.
You see in the modem community, being in a group really is more like a power
trip or a "security blanket" for people who feel that they need to let people
know that they associate with a specific clique in the hopes that the
popularity of some of the other members will lend popularity to themselves.
Many groups form in such a way that they try to make it look otherwise and thus
begins the real problem. Some groups are formed by a person who tries to get a
lot of guys together that he feels knows a lot or seems to post a lot of good
information - Bad Move; If you are going to form a group at all, stick with
people who you know can be trusted (can you really ever "know" who can be
trusted?) and then out of those people form your group or choose who you feel
should be in it.
Anyway, to prove that they are elite, most groups begin to gather specific data
for giving to group members, and this includes handing out their own names and
phone numbers with other members of the group. They feel a false loyalty and
psychologically create such utter faith in all the members that the faith is
ultimately blind and based on hopes and aspirations of greatness.
What is the best way for a security agent or informant to blend in with the
modem community? Join as many groups as possible, start gathering data on
the members, and spread your handle throughout the community to become "well
known."
Example: Taken From Phrack World News Issue XV;
[This article has been edited for this presentation. -KL]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mad Hatter; Informant? July 31, 1987
~~~~~~~~~~~~~~~~~~~~~~
We at Phrack Inc. have uncovered a significant amount of information that has
led us to the belief that Mad Hatter is an informant for some law enforcement
organization.
When Taran King, Cheap Shades, Forest Ranger, and Knight Lightning arrived at
Control C's in Chicago, Illinois, Mad Hatter had already searched the place and
had found some papers that could only have done ^C harm. We destroyed this
information and thought everything was ok. However, as it turns out, we
searched Mad Hatter's bags and found a duplicate set of this information and
the general hypothesis was they he intended to leave it behind as incriminating
evidence.
Mad Hatter had also brought down several disks for the purpose of copying
Phantasie Realm. Please note; PR was an IBM program and MH has an apple.
Control C told us that when he went to pick Mad Hatter up at the bus terminal,
he watched the bus pull in and saw everyone who disembarked. Suddenly Mad
Hatter was there, but not from the bus he was supposed to have come in on. In
addition to this, he had baking soda wrapped in a five dollar bill that he
tried to pass off as cocaine. Perhaps to make us think he was cool or
something.
Mad Hatter constantly tried to get left behind at ^C's apartment for unknown
reasons. He also was seen at a neighbor's apartment making unauthorized calls
into the city of Chicago. When asked who he called, his reply was "Don't worry
about it." Mad Hatter had absolutely no money with him during PartyCon (and
incidentally he ate everything in ^C's refrigerator) and yet he insisted that
although he had taken the bus down and had return trip tickets for the bus,
that he would fly back home. How was this going to be achieved? He had no
money and even if he could get a refund for the bus tickets, he would still be
over $200 short. When asked how he was going to do this, his reply was "Don't
worry about it."
On Saturday night while on the way to the Hard Rock Cafe, Mad Hatter asked
Control C for the location of his computer system and other items 4 times.
This is information that Hatter did not need to know, but perhaps a SS agent or
someone could use very nicely.
When Phrack Inc. discovered that Dan The Operator was an FBI informant and made
the news public, several people were criticizing him on Free World II Private.
Mad Hatter on the other hand, stood up for Noah and said that he was still his
friend despite what had happened. Then later when he realized that people were
questioning his legitimacy, his original posts were deleted and he started
saying how much he wanted to kill Dan The Operator and that he hated him.
Mad Hatter already has admitted to knowing that Dan The Operator was an FBI
informant prior to SummerCon '87. He says the reason he didn't tell anyone is
because he assumed we already knew.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
When Mad Hatter first entered the phreak/hack world, he joined;
Phreaks Anonymous World Wide (PAWW),
MetalliBashers, Inc (MBI),
Order of The Rose, and
Cult of The Dead Cow (-cDc-).
If you were a security agent or a loser hacker turned informant and you wanted
to mix in with the phreak/hack community, wouldn't you try to join as many
groups as possible to spread your name?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Phreaks Anonymous World Wide, MetalliBashers, Inc., Order of The Rose, and
Cult of The Dead Cow, not exactly the toughest groups to join and once there is
one security person in the group, he is bound to vouch for others, etc. So
while he spreads his name as an elite modem user throughout the community, he
is busy gathering information on group members who are foolish enough to trust
him.
Its not bad enough that some groups are easy enough to infiltrate as it is, but
does anyone remember this?
Taken From Phrack World News Issue XI;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Phortune 500: Phreakdom's Newest Organization February 16, 1987
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For those of you who are in the least bit interested, Phortune 500 is a group
of telecommunication hobbyists who's goal is to spread information as well as
further their own knowledge in the world of telecommunications. This new
group was formed by:
Brew Associates / Handsomest One / Lord Lawless / The Renegade Chemist
Quinton J. Miranda / Striker / The Mad Hacker / The Spiker
These eight members are also known as Board Of Directors (BOD). They don't
claim to be *Elite* in the sense that they are they world's greatest hacker,
but they ARE somewhat picky about their members. They prefer someone who knows
a bit about everything and has talents exclusive to him/herself.
One of the projects that Phortune 500 has completed is an individual password
AE type system. It's called TransPhor. It was written and created by Brew
Associates. It has been Beta tested on The Undergraduate Lounge (Sysoped by
Quinton J. Miranda). It is due to be released to the public throughout the
next few months.
Phortune 500 has been in operation for about 4 months, and has released two
newsletters of their own. The Phortune 500 Newsletter is quite like the
"People" of contemporary magazines. While some magazines cover the deep
technical aspects of the world in which we communicate, their newsletter tries
to cover the lighter side while throwing in information that they feel is "of
technical nature." The third issue is due to be released by the end of this
month.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*>=-> The Phortune 500 Membership Questionnaire <-=<*
Note: The following information is of a totally confidential nature. The
reason you may find this so lengthy and in depth is for our knowledge of
you. We, with Phortune 500, feel as though we should know prospective
members well before we allow them into our organization. Pending the
answers you supply us, you will be admitted to Phortune 500 as a charter
member. Please answer the following completely...
...............................................................................
Handle :
First Name :
Voice Phone Number :
Data Phone Number :
City & State :
Age :
Occupation (If Applicable) :
Place of Employment (Optional) :
Work Phone Number (Optional) :
Computer Type :
Modem Type :
Interests :
Areas Of Expertise :
References (No More Than Three) :
Major Accomplishments (If Any) :
...............................................................................
Answer In 50 Words Or Less;
^*^ What Is Phortune 500 in Your Opinion?
^*^ Why Do You Want To Be Involved With Phortune 500?
^*^ How Can You Contribute to Phortune 500?
...............................................................................
Please answer each question to the best of your ability and then return to any
Phortune 500 Board of Directors Member Or a Phortune 500 BBS:
The Private Connection (Limited Membership) 219-322-7266
The Undergraduate AE (Private Files Only) 602-990-1573
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
An actual application form for joining a group. Perhaps the concept was a good
one, perhaps not, but from a standpoint of publicity and security, this was a
complete and utter catastrophe.
Basically we are all here to learn in one way or another. Groups and clubs
in our community only seem to segregate it and at a time when everyone should
be pulling together, this is not such a good idea. Privacy and security are
important factors that motivate these sects within the society, but ultimately
are the final consequences worth the trouble of creating a group?
If groups had not been created, there would not be as much attention on the
phreak/hack community as there is right now. When group names start spreading,
it starts the law enforcement agencies into a panic that its big time organized
crime. This allows them to justify more time and money into the apprehension
of computer criminals and usually they go after the big names; the people in
the most "elite" groups.
Now before you, a member of a group, start criticizing this file, please
understand, I am not referring to any particular groups here, just groups in
general. Any and all comments made about MBI, -cDc-, PAWW, OOTR, and P500
should not be taken personally and were used only as examples of how groups can
be potential security problems.
There are some groups that are worthwhile organizations and its obvious because
that have existed through the years and been productive. However, the only way
to keep this community alive is for everyone to work together to protect and
learn from each other.
:Knight Lightning
"The Future Is Now"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 4 of 12
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Utopia <>
<> ~~~~~~ <>
<> Chapter One of The Future Transcendent Saga <>
<> <>
<> An Introduction To The World Of Bitnet <>
<> <>
<> Presented by Knight Lightning <>
<> January 1, 1989 <>
<> <>
<> Special Thanks To Jester Sluggo <>
<> <>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Welcome To The Next MILLENNIUM Of The Communications Realm
The Future is NOW!
As most people will agree, college and university computers are the easiest to
gain access to, both legally and illegally. Bitnet is only one of the many
interconnected wide area networks, but I felt that it was the most important to
discuss because all major colleges and universities are connected by it and as
such creating an almost utopian society for the technologically inclined. It's
free, legal, and world encompassing -- anything that incorporates "free" with
"legal" and is useful has to hold some sort of perfection and thus the name of
this file.
For the people already on Bitnet, this file may seem somewhat basic and most
likely contains information that you are thoroughly aware of, but you never w
know what a little extra reading might lead you to discover. Once again
welcome to the future... a future where limits are unknown.
:Knight Lightning
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Origin Of BITNET
~~~~~~~~~~~~~~~~~~~~
by Jester Sluggo
In 1981, the City University of New York (CUNY) surveyed universities on the
east coast of the United States and Canada, inquiring whether there was
interest in creating and easy-to-use, economical network for interuniversity
communication between scholars. The response was positive. Many shared the
CUNY belief in the importance of computer-assisted communication between
scholars. The first link of the new network, called Bitnet, was established
between CUNY and Yale University in May 1981. The term BITNET is an acronym
that stands for "Because It's Time NETwork."
The network technology chosen for Bitnet was determined by the availability
of the RSCS software on the IBM computers at the initial sites. The RSCS is
simple and effective, and most IBM VM/CMS computer systems have it installed
for local communications, supporting file transfer and remote job entry
services. The standard Bitnet links are leased telephone lines running 9600
bps. Although the initial nodes were IBM machines in university computers
centers, the network is in no way restricted to such systems. Any computer
with an RSCS emulator can be connected to Bitnet. Emulators are available for
Digital Equipment Corporation VAX/VMS systems, VAX-UNIX systems, and for
Control Data Corporation Cyber systems and others. Today, more than one-third
of the computers on Bitnet are non-IBM systems.
There is also some talk in the Bitnet scientific community of a merger between
Bitnet and CSnet (Computer Science Network). It is unknown when or if such a
merger will take place, but it is only a step in the right direction.
Note: NetNorth is the Canadian division of Bitnet and EARN is the European
division of Bitnet. They are all directly connected and together serve
as one network and not three. It is often referred to as
BITNET/NetNorth/EARN.
_______________________________________________________________________________
The Basics Of Bitnet
~~~~~~~~~~~~~~~~~~~~
In order to make any sense out of this file, you should first have a basic
understanding of mainframes and userids, etc. Since most readers of Phrack are
computer enthusiasts, there is a pretty good chance that you understand these
things already. If not, you may want to find documentation on the topic. The
Mentor's Beginning Hackers Guide, which was published in Phrack Inc. XXII
contains some information that might help you. The concepts presented in this
file are not terrible difficult to understand, but you should not jump into
this totally unprepared either.
You should also be a little familiar with the type of hardware and operating
system you will be using. Most IBM systems in Bitnet run VM/CMS. The Digital
Equipment Corporation (DEC) VAX systems usually run an operating system called
VMS along with a software package called JNET which allows them to communicate
via Bitnet. I will be referring to VM/CMS and VMS/JNET throughout this file.
I myself currently use an IBM 4381 that runs VM/CMS and thus I am much more
familiar with that type of system.
Try to think of the mainframe as the telephone and Bitnet as the telephone
lines. You see, the mainframe you log onto is connected to mainframes at other
universities and institutions. The connection is usually a high-speed leased
line, a special sort of telephone connection. In a way, these computers are
always on the phone with each other (except when links go down, discussed in
the section on MESSAGES). This particular network is what is known as a "store
and forward" network. This means that if I send something to someone in Los
Angeles, the computers in the network between New York and California will
store and forward it from computer to computer until it reaches it's
destination.
In Bitnet, there is only one way from "Point A" to "Point B." A small piece of
the network might look like this:
--- --- ---
| A |--| B |--| C |
--- --- ---
|
--- --- --- --- ---
| D |--| E |--| F |--| G |--| H |
--- --- --- --- ---
| |
--- --- --- ---
| I |--| J | | K |--| L |
--- --- --- ---
|
--- --- --- ---
| M |--| N |--| O |--| P |
--- --- --- ---
Those boxes represent computers in the network, and the dashes between them are
the leased lines. If I am at computer "A" and I send a file to someone at
computer "N" it would travel the following path:
A-B-D-E-F-G-K-N
Actual topology maps are available for download from LISTSERV@BITNIC, but we
will be discussing servers later in this file. Like I mentioned before, there
is only one route between any two nodes and there is simply no way to bypass a
disconnected link.
Each of the computers in BITNET is called a "node" and has a unique name that
identifies it to the other nodes. For example, one of the mainframe computers
at the University Of Missouri-Columbia has the nodename UMCVMB. So what does
that mean exactly? Well in this case, UMC comes from the name of the school,
VM comes from the Virtual Memory operating system, and B is just an
alpha-numerical identifier. At one time there was a UMCVMA, but that system
was taken down a couple of years ago. One thing to note here is that although
this particular node can be broken down into its parts, many nodes do not
follow this pattern and some nodes have "aliases." An alias is just another
name for the node and both names are recognized by all Bitnet facilities. An
example of this is STANFORD. The nodes STANFORD and FORSYTHE are the same
place so...
CYPHER@STANFORD = CYPHER@FORSYTHE
Your userid in combination with the name of your node is your "network
address." It is usually written in the format userid@node (read "userid at
node"). For example, the name of my node is UMCVMB, and my userid is C483307.
Therefore, my network address is C483307@UMCVMB. If I know the userid@node of
someone in the network, I can communicate with that person, and he/she can
communicate with me. I have found many interesting people on the networks.
Making use of the direct chatting capabilities of Bitnet I am able to talk to
them in "real-time." You can do this too, all you need to know are a few
commands. This is explained in part two.
Messages
~~~~~~~~
There are three basic methods of communicating via Bitnet: MAIL, MESSAGE, and
FILE. The reason you would choose one over the other for a particular
application will become clear after a little explanation.
The MESSAGE is the fastest and most convenient method of communication
available through Bitnet. It is the network's equivalent of a telephone
conversation. The difference of course is that the words are typed instead of
spoken. The message you type is transmitted immediately (well, quickly) to its
destination. In BITNET this destination is the network address (userid@node)
of the person you want to contact. If the person you are contacting is logged
on, the message will be displayed on their screen. If not, their computer
will tell you so by sending you a message. In this case, your message is lost
forever. In other words, no one is there to answer the phone. However, many
people run a program called GONE (and there are other similar programs) which
acts like an answering machine and holds your message until they log on. Some
universities do not allow this program because it uses a lot of CPU time. If
your school or mainframe does not allow it, do not try to sneak its use,
because it is very easy to detect.
One important thing to mention is that not all nodes allow interactive chat.
Some nodes are simply not advanced enough for it and you will a receive a
message telling you this whenever you try to chat with them. However, this
situation is less common.
The command to send messages depends on your computer and system software.
People on VM/CMS systems would type something like this:
TELL userid AT node message OR TELL userid@node message
For example:
TELL MENTOR AT PHOENIX Hey, whats new on The Phoenix Project?
+----- +------ +-------------------------------------
| | |
| | +----------- the message you are sending
| |
| +------------------- the node of the recipient
|
+----------------------------- the userid of the recipient
People on VAX/VMS systems using the JNET networking software would use this
syntax:
SEND userid@node "message"
For example:
SEND MENTOR@PHOENIX "Hey, whats new on The Phoenix Project?"
+----- +------ +---------------------------------------
| | |
| | +-------------- the message you are sending
| |
| +---------------------- the node of the recipient
|
+----------------------------- the userid of the recipient
The quotes around the message are optional. However, the JNET networking for
VAX/VMS will translate your entire message into upper-case characters if you
DO NOT use them. Many people find receiving messages in all upper case to be
extremely annoying.
For more information on the TELL and SEND commands, you should consult your
local system documentation.
When a message arrives on your screen, it will look something like this:
FROM PHOENIX(MENTOR): Hello! Things are great here, you?
Unfortunately there is a downside to everything and Bitnet Messages are no
exception. Text sent by message must be short. In general, your message
length can be one line, about the width of your screen. In other words, you
won't be sending someone a copy of Phrack World News via the TELL command.
Also, you can only communicate with someone in this way when they are logged
on. Considering time zone differences (you may find yourself talking to
people in Europe, Israel, or Australia) this is often quite inconvenient.
Lastly, there is the problem of links that I call LinkDeath. If the connection
to the node you want to contact is broken (by for example, a disconnected phone
line), you'll receive an error message and whatever you sent is gone. This can
be very annoying if it should occur during a conversation. The LinkDeath may
last a few minutes or several hours. Often times, a link will go down for the
weekend and you are simply out of luck. Even worse is when it is the link that
connects your mainframe to rest of Bitnet... you are cut off.
However, messages are very far from useless. As I will demonstrate in chapter
two, TELL and SEND are extremely helpful in accessing the many servers on
Bitnet.
Files
~~~~~
FILES are another way to communicate over Bitnet. The text files and programs
that you store on your computer can be transmitted to users at other nodes.
This is one of the methods that I use to distribute Phrack issues across not
only the country, but the world. People on VM/CMS systems would use a syntax
like this:
SENDFILE filename filetype filemode userid AT node
For example:
SENDFILE PHRACK TEXTFILE A PROPHET AT PHRACKVM
+---------------- +------------------
| |
| +------- the address of the recipient
|
+------------------------- the file you are sending
However, at my particular node the command would read:
SENDFILE PHRACK TEXTFILE A TO (nickname)
For some reason at my node, you cannot use SENDFILE to send a file to anyone
unless they are in your NAMES file. The NAMES file is a database type of list
that translates userid@node into nicknames to make it easier to chat with
people. This way you can use their nickname instead of the tiresome
userid@node. The filemode, in this example "A", is the disk that the file
"PHRACK TEXTFILE" is on. In case you were wondering, with the exception of my
address, most of the addresses in this file like PROPHET@PHRACKVM or
MENTOR@PHOENIX are bogus and just examples for this presentation.
The syntax for VMS/JNET systems is quite similar:
SEND/FILE filename.extension userid@node
For example:
SEND/FILE PHRACK.TEXTFILE PROPHET@PHRACKVM
+--------------- +---------------
| |
| +-------- the address of the recipient
|
+------------------------- the file you are sending
The file sent is stored in the "electronic mailbox" of the recipient until
he/she logs on. People on VM/CMS systems would use the RECEIVE or RDRLIST
(shortened to "RL") commands to process files sent to them in this way. People
on VAX/VMS systems would use the RECEIVE command. You should check your local
documentation for more information on these commands.
SEND/FILE and SENDFILE are useful for sending programs or large volumes of data
like Phrack issues over the network. However, they should not be used for
everyday communication because there is a much easier way -- the MAIL.
Mail
~~~~
The other form of Bitnet communication has been given a very apt name: MAIL
(often called "electronic mail" or "e-mail"). Just like regular postal service
mail, you provide an address, return address, and text. Software for sending
mail software differs from site to site, so you will have to look in your local
documentation for information. On my particular node, the return address (your
address) is automatically placed in the letter. This presentation should be
able to shed some light on what most mail looks like and how it works.
Mail files are really just specially formatted text files. The feature that
makes them different is the "mail header." This tells a Bitnet system and your
mail software that it is not a regular text file. It looks something like
this:
The address of the recipient
|
The subject |
| |
Your address | |
| | |
Todays date | | |
| | | |
Date: Fri, 29 Dec 88 23:52:00 EDT <--+ | | |
From: Forest Ranger <RANGER@STLVAX1> <-----+ | |
Subject: Cable Pair Busted For Child Molestation<--------+ |
To: Phrack World News <KNIGHT@MSPVMA> <-----------+
An entire mail message would look like this:
+---------------- Mail header
|
| Date: Fri, 29 Dec 88 23:52:00 EDT
| From: Forest Ranger <RANGER@STLVAX1>
| Subject: Cable Pair Busted For Child Molestation
| To: Phrack World News <KNIGHT@MSPVMA>
+ ========================================================================
+ Have you seen the newspapers? Is this good news, or what? I think that
| the ramifications are startling. This is one more step on the road to a
| higher civilization. I hope he gets what he deserves. Keep in touch, I
| will send more information later.
|
+---------------- Mail text
Mail has a number of advantages. The size of a mail file is limited only by
you and is the only way to send files to networks other than Bitnet (However, I
do not recommend that you transmit anything longer than 3000 lines). When your
mail reaches the destination address, it will be stored in the user's mailbox
until they read it. If the links to that particular node are disconnected,
your mail will be held until the path is clear for the mail to continue on its
route to the recipient's mailbox.
The disadvantage of mail is that it is, indeed, slower than messages. The
longer your mail file, the longer it will take to get from Point A to Point B.
_______________________________________________________________________________
Conclusion
~~~~~~~~~~
Don't despair, this is only the conclusion to this file. The best functions of
Bitnet are yet to be described. Join me in the second chapter of The Future
Transcendent Saga -- Foundations Upon The Horizon.
Also included in this issue of Phrack are sitelists for Bitnet. Actual node
directories are available from LISTSERV@BITNIC, but they are much too large to
be printed here. However, the files that are included list the names of the
universities and institutions that are connected to Bitnet without their node
addresses (some institutions have over 30+ nodes). If you attend a college or
university that is hooked into Bitnet, then join me in the realm of infinite
discovery. When you do, drop me a line...
:Knight Lightning (C483307@UMCVMB)
For related reading please see;
An Insight On Wide-Area Networks Part 2 by Jester Sluggo
(Phrack Inc. Issue 6, file 8)
Communications Of The ACM
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 5 of 12
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> Foundations Upon The Horizon <>
<> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <>
<> Chapter Two of The Future Transcendent Saga <>
<> <>
<> Using Servers And Services In The World Of Bitnet <>
<> <>
<> Presented by Knight Lightning <>
<> January 2, 1989 <>
<> <>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Welcome to the second chapter of The Future Transcendent Saga. In this file,
I will present the servers and services of Bitnet (although there are some
services and servers on other networks as well). You will learn what the
servers are, how they differentiate, how to use them, and come to a better
understanding of how these Foundations Upon The Horizon help make Bitnet a
virtual Utopia.
_______________________________________________________________________________
What Is A Server?
~~~~~~~~~~~~~~~~~
One of most useful features of Bitnet is the variety of file servers, name
servers, relays, and so on. They might be described as "virtual machines" or
"server machines."
A "server" is a userid a lot like yours. It may exist on your computer (node)
or on some other BITNET node. The people who set up this userid have it
running a program that will respond to your commands. This is a "server." The
commands you send and the way in which the server responds to them depends on
the particular program being run. For example, the servers UMNEWS@MAINE and
107633@DOLUNI1 offer different types of services, and require different
commands. The various kinds of servers are described later in this document.
You can send your commands to most servers in one of two formats: MAIL or
MESSAGE.
Not all servers accept commands via both formats, but this information is
included in the document BITNET SERVERS which can be obtained from
LISTSERV@BITNIC. Because there are so many servers I will not even begin to
list them here. Different servers are created and disconnected everyday so it
would be difficult to name them all.
People on VM/CMS systems would send commands something like this:
TELL userid AT node command (AT = @)
For example:
TELL NETSERV@MARIST HELP
People on VAX/VMS systems using the JNET networking software would use this
syntax:
SEND userid@node "command"
For example:
SEND NETSERV@MARIST "HELP"
Many servers can also accept commands via mail. Indeed, some will only accept
your commands in that format, such as the servers on the non-Bitnet nodes. The
syntax for the commands you send remain the same. You send mail to the server
as if you were sending the mail to a person. The text of your message would be
the command. Some servers will take the command as the first line of a text
message, others require it in the "Subject:" line. Some servers will accept
more than one command in a mail message, others will take only one. Here is
an example of a mail message sent to LISTSERV@BITNIC requesting a list of
files:
Date: Fri, 30 Dec 88 23:52:00 EDT
From: Taran King <SYSOP@MSPVMA>
To: Listserv <LISTSERV@BITNIC>
========================================================================
INDEX
Throughout this file I will use examples where commands are sent to servers via
message. However, for many of the cases we will present you have option of
using mail. The choice is yours.
There are two particularly confusing aspects of servers of which you should be
aware. First, servers in the same category (say, file servers) do not always
accept the same commands. Many of them are extremely different. Others are
just different enough to be annoying. There are many approaches to setting up
a server, and everyone is trying to build a better one.
The second problem is that there are many servers that fill two, sometimes
three categories of server. For example, LISTSERV works as a list server and a
file server. Many LISTSERVs have been modified to act as name servers as well,
but they are rather inefficient in this capacity. If you do not understand
this terminology, bear with me. The best is yet to come.
File Servers
~~~~~~~~~~~~
Remember that a server runs on a userid much like yours. Like your userid, it
has many capabilities, including the ability to store files (probably with a
much greater storage capacity though). The program that a file server runs
enables it to send you files from its directory, as well as a list of files
available. These may be programs or text files. You might look at these
servers as Bitnet versions of dial-up bulletin boards or AE Lines.
You can generally send three types of commands to a file server. The first
type is a request for a list of files the server offers. The second is a
request that a specific file be sent to your userid. The third, and most
important is a HELP command.
The HELP command is very important because it is one of the few commands that
almost all servers accept, no matter what the type. Because the commands
available differ from server to server, you will often find this indispensable.
Sending HELP to a server will usually result in a message or file sent to your
userid listing the various commands and their syntax. You should keep some
of this information handy until you are comfortable with a particular server.
To request a list of files from a server, you will usually send it a command
like INDEX or DIR. The list of files will be sent to you via mail or in a
file. For example:
VM/CMS: TELL LISTSERV@BITNIC INDEX
VMS/JNET: SEND LISTSERV@BITNIC "INDEX"
To request a specific file from the list you receive, you would use a command
like GET or SENDME. For example to request the file BITNET TOPOLOGY from
LISTSERV@BITNIC you would type on of the following:
VM/CMS: TELL LISTSERV@BITNIC SENDME BITNET TOPOLOGY
VMS/JNET: SEND LISTSERV@BITNIC "SENDME BITNET TOPOLOGY"
In many cases the files are organized into subdirectories or filelists. This
can make requesting a file more complicated. This makes it even more essential
that you keep documentation about a particular server handy. Some file servers
offer programs that you can run which will send commands to the server for you.
Name Servers
~~~~~~~~~~~~
Name servers serve two purposes; to assist you in finding an address for
someone or to help you find people with specific interests. I doubt you are
going to care about tracking down people by their interests, so I am not going
to discuss those aspects of nameservers. The servers that actually let you
look up people are few and far between. Because there are so few I have
composed this list;
Columbia University FINGER @ CUVMA
Cork University INFO @ IRUCCIBM
Drew University NAMESERV @ DREW
North Dakota State University FINGER @ NDSUVM1
Ohio State University WHOIS @ OHSTVMA
Pennsylvania State University IDSERVER @ PSUVM
Rochester Institute Of Technology INFO @ RITVAXD
LOOKUP @ RITVM
State University of New York (SUNY) at Albany WHOIS @ ALBNYVM1
University of Calgary NAMESERV @ UNCAMULT
University of Kentucky WHOIS @ UKCC
University of Illinois at Urbana-Champagne PHSERVE @ UIUCVMD
University of Louisville (Kentucky) WHOIS @ ULKYVM
University of Regina VMNAMES @ UREGINA1
University of Tennessee UTSERVER @ UTKVM1
Weizmann Institute of Science VMNAMES @ WEIZMANN
So as not to be misleading, these servers do not necessarily cover the entire
school. Example: The server at University of Louisville covers people on the
node ULKYVM, but not the nodes ULKYVX0x (x = 1 - 8 I believe). ULKYVX is a
VAXcluster of nodes at University of Louisville, but the people on those
systems are NOT indexed on the server at ULKYVM. In contrast, the nameserver
at University of Illinois contains online listings for every student and staff
member whether they have accounts on the computer or not. You can get phone
numbers and addresses using this. Please note that the above list is only to
the best of my knowledge and others may exist.
There are also many Listservs that have a command to search for people, but
with Listserv, signing up is by choice and not mandatory. You also will end up
getting listings for people from nodes other than the one you are searching.
Ok, lets say I am trying to find an account for Oryan QUEST and I am told by a
friend that he is going to school at Ohio State University. Ohio State
University has a nameserver and if he has an account on their computer I should
be able to find him.
VM/CMS: TELL WHOIS@OHSTVMA Quest
VMS/JNET: SEND WHOIS@OHSTVMA "Quest"
This particular nameserver only requires that you enter the persons name with
no "search" command. Some servers require this. Your best bet is to send the
command "HELP" first and you'll receive documentation.
Ok, back to the example... unfortunately, there is no entry for "Quest" and I
am out of luck. I should have been smart enough to realize that no college
would be likely to let Oryan QUEST enroll in the first place -- my mistake.
In any case, I highly recommend that you register yourself with UMNEWS@MAINE
and BITSERVE@CUNYVM. These are popular nationwide servers that are often used
to locate people.
Forums, Digests, and Electronic Magazines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The concept of mailing lists has been given new life with the creation of
computer networks. Let me explain what I mean. Almost everyone is on some
sort of mailing list; magazines, bills or even pamphlets from your congressman..
The computer networks have brought a whole new degree of speed and
functionality to mailing lists, as you will see.
In Bitnet, mailing lists are used mainly to keep people with similar interests
in contact. There are several formats in which this contact can take place.
These are "forums," "digests," and "electronic magazines".
FORUMS are a good example of how the utility of mailing lists has been expanded
in Bitnet. Let's say that you have subscribed to a forum for people interested
in Cyberpunks. How you could subscribe to such a list will be described later.
Another person on the mailing list sends mail to a server where the list is
kept. This server forwards the mail to all of the people in the forum. When
mail from a forum arrives in your computer mailbox, the header will look much
like this:
Date: Fri, 10 Sep 88 23:52:00 EDT
Reply-To: CYBER Discussion List <CYBER-L@PUNKVM>
Sender: CYBER Discussion List <CYBER-L@PUNKVM>
From: Sir Francis Drake <DRAKE@WORMVM>
Subject: Invasion From X-Neon!
To: Solid State <SEKER@PLPVMA>
========================================================================
This may look a little confusing, but there really isn't much to it. In this
example, Sir Francis Drake ("From:") sent mail to the CYBER-L list address.
This server then forwarded the mail to everybody on the list, including Solid
State ("To:"). Note the line named "Reply-To:". This line tells your mail
software that when you reply to the note (if you reply) that the reply should
go to the list... meaning *everybody* on the list. People will in turn reply
to your mail, and you have a forum.
Some forums are very interesting, but using the digests can lead to problems.
First among these is the volume of mail you can receive. If you are in a very
active forum, you can get 50 or more pieces of electronic mail in a single day.
If you are discussing a controversial or emotional topic, expect more.
Many people have a tendency to "flame" (the Bitnet term for ragging). The
speed and immediacy of electronic mail makes it very easy to whip out a quick,
emotional response, to which there will be similar replies. I advise you to
take some time and think out your responses to forum postings before
inadvertently starting a "flame war." Hopefully anyone able to gain access to
college computers will be mature enough to have outgrown these battles.
DIGESTS provide a partial solution to the these problems. In this case, mail
that is sent to a mailing list is stored rather than sent out immediately. At
some point the "Moderator" for the list organizes and condenses all of the
correspondence for the day or week. He then sends this out to the people on
the mailing list in one mailing.
The drawback with this setup is that it requires a lot of human intervention.
If the moderator gets sick, goes on vacation, or quits, activity for a
particular digest can come to a screeching halt.
ELECTRONIC MAGAZINES take the digest concept a step further. These mailing
lists actually duplicate the organization and format of "real" magazines.
Bitnet is used as a convenient and inexpensive distribution method for the
information they contain. The frequency of distribution for these electronic
magazines ranges ranges from weekly to quarterly to "whenever the editor feels
like it" (sort of like Phrack releases). This is the most formal, structured
form of Bitnet communication. Where a digest is simply a group of letters
organized by topic, an electronic magazine includes articles, columns, and
features. Perhaps the only feature of paper magazines that they do *not*
include is advertisements. Bitnet NetMonth and NetWeek are two of the better
magazines on Bitnet and they contain useful information if you know what you're
looking for. I will discuss how to subscribe to these magazines as well as the
other forms of media in the next part of this file.
List Servers
~~~~~~~~~~~~
In the previous section, I mentioned that some servers are used to control
mailing lists. A server that performs this function is called a "list server."
Almost all of these listservers have the userid of LISTSERV, such as
LISTSERV@BITNIC. One of these servers can control subscriptions to many
mailing lists. The other concept behind Listservs are the list-ids, but as
these are rather unimportant and vary from server to server I am not going to
discuss them here. If you would like to learn about these, consult your local
listserv and request documentation with the HELP command.
To subscribe to a mailing list, you would send a LISTSERV a SUBSCRIBE command,
which has the following syntax:
SUBscribe listname (whatever name you want)
In this example, SpyroGrya is sending LISTSERV@BITNIC the command to
subscribe to ETHICS-L:
VM/CMS: TELL LISTSERV@BITNIC SUB ETHICS-L SpyroGyra
VMS/JNET: SEND LISTSERV@BITNIC "SUB ETHICS-L SpyroGyra"
If you misspell your name when entering a SUBscribe command, simply resend it
with the correct spelling. To delete his name from the mailing list,
SpyroGyra would enter an UNSUBscribe command:
VM/CMS: TELL LISTSERV@BITNIC UNSUB ETHICS-L
VMS/JNET: SEND LISTSERV@BITNIC "UNSUB ETHICS-L"
In many cases the SIGNOFF command is used instead of UNSUB, but those are the
basic commands you need to know in order to access Listserv controlled mailing
lists. However, Listserv has a multitude of features, so it would be a good
idea to read the Listserv documentation.
*Note* If you are on a VAXcluster, you should send SUBSCRIBE and UNSUBSCRIBE
commands to LISTSERV via MAIL.
Relays
~~~~~~
Relay might be one of the easier types of servers to understand. If you have
used the CB Simulator on CompuServe or are familiar with Diversi-Dials (or
maybe even ALTOS Chat) you will catch on to the concept quickly. The idea
behind Relay is to allow more than two people to have conversations by
interactive message. Without Relay-type servers, this would not be possible.
Let's set up a scenario:
Sluggo, Taran, and Mentor are at different nodes. Any two of them can have
a conversation through Bitnet. If the three of them want to talk, however,
they have a problem. Sluggo can send Mentor messages, but Taran can't see
them. Likewise, Taran can send Sluggo messages, but then Mentor is in the
dark. What they need is a form of teleconferencing. Alliance doesn't exist on
Bitnet so they created Relays.
Each of these users "signs on" to a nearby Relay. They can pick a channel
(0-999 although there are more, but they are reserved for special use).
Instead of sending messages to Taran or Sluggo, Mentor sends his commands to
the Relay. The Relay system then sends his message to *both* Taran and Sluggo.
The other users can do the same. When they are done talking, they "sign off."
Relays can distinguish commands from the text of your messages because commands
are prefixed with a slash "/". For example, a HELP command would look like
this:
VM/CMS: TELL RELAY@UIUCVMD /HELP
VMS/JNET: SEND RELAY@UIUCVMD "/HELP"
A message that is part of a conversation would be sent like so:
VM/CMS: TELL RELAY@UIUCVMD Hello there!
VMS/JNET: SEND RELAY@UIUCVMD "Hello there!"
When you first start using Relay, you must register yourself as a Relay user
using the /SIGNUP or /REGISTER commands:
VM/CMS: TELL RELAY@UIUCVMD /REGISTER (Choose a name)
VMS/JNET: SEND RELAY@UIUCVMD "/REGISTER (Choose a name)"
They want you to use your real name, do so if you want, but they really have no
way to check unless one of the operators is a user consultant at your node and
looks up your account. Just use names that look real and you'll be fine.
You can then sign on. You can use a nickname or handle. In the following
example, I am signing on to Channel 260 with a nickname of "KLightning":
VM/CMS: TELL RELAY@UIUCVMD /SIGNON KLightning 260
VMS/JNET: SEND RELAY@UIUCVMD "/SIGNON KLightning 260"
You can then start sending the Relay the text of your messages:
VM/CMS: TELL RELAY@UIUCVMD Good evening.
VMS/JNET: SEND RELAY@UIUCVMD "Good evening."
Relay messages will appear on your screen like this. Note the nickname near
the beginning of the message. When you send conversational messages to the
Relay, it automatically prefixes them with your nickname when it forwards it to
the other users:
FROM UIUCVMD(RELAY): <Taran_King> Hello KLightning.
You can find out who is on your channel with a /WHO command. In the following
example, someone is listing the users on Channel 260.
VM/CMS: TELL RELAY@UIUCVMD /WHO 260
VMS/JNET: SEND RELAY@UIUCVMD "/WHO 260"
The response from the Relay would look like this:
FROM UIUCVMD(RELAY): Ch UserID @ Node Nickname
FROM UIUCVMD(RELAY): 260 C483307@UMCVMB (KLightning)
FROM UIUCVMD(RELAY): 260 MENTOR@PHOENIX (The_Mentor)
FROM UIUCVMD(RELAY): 260 C488869@UMCVMB (Taran_King)
FROM UIUCVMD(RELAY): 260 PROPHET@PHOENIX ( Prophet )
FROM UIUCVMD(RELAY): 260 DRAKE@WORMVM ( Sfd )
FROM UIUCVMD(RELAY): 260 JESTER@NDSUVM1 ( Sluggo )
FROM UIUCVMD(RELAY): 260 TUC@RACS3VM ( Tuc )
FROM UIUCVMD(RELAY): 260 VINNY@LODHVMA (Lex_Luthor)
When you are done with your conversation, you can sign off the Relay:
VM/CMS: TELL RELAY@UIUCVMD /SIGNOFF or /BYE
VMS/JNET: SEND RELAY@UIUCVMD "/SIGNOFF" or "/BYE"
There are several commands for listing active channels, sending private
messages, and so on. When you first register as a Relay user, you will be sent
documentation. You can also get this information with the /INFO command. To
determine which Relay serves your area, send any of the Relays listed in
BITNET SERVERS the /SERVERS command. Also, because of Bitnet message and file
traffic limits, many Relays are only available during the evening and weekends.
To help illustrate how the Relays work I have included this map;
[United States of America locations only]
----------------------
Non-USA Relays | RELAY @ CLVM |
^ | (TwiliteZne) |
/| | Potsdam N.Y. |
| ----------------------
| |
---------------------- ---------------------- ----------------------
| RELAY @ VILLVM | | RELAY @ ORION | | RELAY @ YALEVM |
| (Philadelph) |-----| (New_Jersey) |-----| (Yale) |
| Villanova PA. | | New Jersey | | New Haven CT. |
---------------------- ---------------------- ----------------------
| | \n---------------------- | ----------------------
| RELAY @NDSUVM1 | | | RELAY @NYUCCVM |
| (No_Dakota ) | | | ( Nyu ) |
| North Dakota | | | New York |
---------------------- | ----------------------
| \n---------------------- ---------------------- | ----------------------
| RELAY @JPNSUT10 | | RELAY @ BITNIC | | | CXBOB @ASUACAD |
| ( Tokyo ) |-----| ( NewYork ) | | | (Tempe_Ariz) |
| Japan | | New York-Singapore | | | Arizona |
---------------------- ---------------------- | ----------------------
| | |
---------------------- | ----------------------
| MASRELAY@ UBVM | | | RELAY @ USCVM |
| ( Buffalo ) | --+--| (LosAngeles) |
| New York (N) | / | California |
---------------------- / ----------------------
/ |
---------------------- / ----------------------
| RELAY @ WATDCS | / | RELAY @ UWAVM |
| ( Waterloo ) | / | ( Seattle ) |
| Ontario/E. Canada | | / | Washington |
---------------------- | / ----------------------
| | | |
---------------------- ---------------------- ----------------------
| RELAY @CANADA01 | | RLY @CORNELLC | | 556 @OREGON1 |
| ( Canada01 ) |-----| (Ithaca_NY ) | | ( Oregon ) |
| Ontario (Guelph) | | New York | | Oregon |
---------------------- ---------------------- ----------------------
| | \n---------------------- | ----------------------
| RELAY @UREGINA1 | | | RELAY @ VTVM2 |
| ( Regina_Sk ) | | | ( Va_Tech ) |
| Saskatoon/Manitoba | | | Virginia |
---------------------- | ----------------------
| | |
---------------------- | ----------------------
| RELAY @UALTAVM | | | RELAY @ UWF |
| ( Edmonton ) | | | (Pensacola ) |
| Alberta/B.C. | | | Florida |
---------------------- | ----------------------
|
---------------------- ---------------------- ----------------------
| RELAY @PURCCVM | | RELAY @CMUCCVMA | | RELAY @ UTCVM |
| ( Purdue ) |-----| (Pittsburgh) |-----| (Tennessee ) |
| Lafayette IN. | | Pennsylvania | | Tennessee |
---------------------- ---------------------- ----------------------
| |
---------------------- | ----------------------
| RELAY @TECMTYVM | | | RELAY @ GITVM1 |
| (Monterrey ) | | | ( Atlanta ) |
| Mexico | | | Georgia |
---------------------- | ----------------------
| |
---------------------- ---------------------- ----------------------
| RELAY @ TAMVM1 | | RELAY @UIUCVMD | | RELAY @ TCSVM |
| (Aggieland ) |-----| (Urbana_IL ) |-----| ( Tulane ) |
| Texas | | Illinois | | New Orleans LA. |
---------------------- ---------------------- ----------------------
Conclusion
~~~~~~~~~~
So what lies beyond the boundaries of Bitnet? There are many other networks
that are similar to Bitnet both in function and in services. How to mail to
these networks will be discussed in the next chapter of The Future Transcendent
Saga -- Limbo To Infinity.
:Knight Lightning
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 6 of 12
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> UTOPIA Index File 1 <>
<> <>
<> BITNET Member Institutions <>
<> <>
<> December 1988 <>
<> <>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
Abilene Christian University
Albion College
Allegheny College
American Assoc of State Colleges Univs (AASCU) Meeting
American Institute of Physics
American Physical Society
American University
Amherst College
Annenberg Research Institute
Appalachian State University
Argonne National Laboratory
Arizona State University
Association for Computing Machinery
Auburn University
Babson College
Ball State University
Baylor University
Bentley College
Biotechnology Research Center
BITNET Network Information Center
BITNET-Internet Gateway
Boise State University
Boston College
Boston University
Bowdoin College
Bowling Green State University
Brandeis University
Brigham Young University
Brookhaven National Laboratory
Brown University
Bryn Mawr College
Bucknell University
California Institute of Technology
California Polytechnic State University-San Luis Obispo
California State University
Canisius College
Carnegie Mellon University
Case Western Reserve University
Catholic University of America
Catonsville Community College
Central Michigan University
Chemical Abstracts Service
City University of New York CUNY
Claremont Graduate School
Clark University
Clarkson University
Clemson University
Cleveland State University
Cold Spring Harbor Laboratory
Colgate University
College of DuPage
College of the Holy Cross
College of William and Mary
Colorado School of Mines
Colorado State University
Columbia University
Columbia University Teachers College
Connecticut College
Connecticut State University System
Continuous Electron Beam Accelerator Facility
Control Data Corporation
Cornell University
Dakota State College
Dartmouth College
Davidson College
De Paul University
Denison University
Dickinson College
Drake University
Drew University
Drexel University
Duke University
East Carolina University
East Tennessee State University
Educational Computing Network of Illinois
Educational Testing Service
EDUCOM
Electric Power Research Institute
Emory University
Exxon Research and Engineering Company
Fermi National Accelerator Laboratory
Florida Central Regional Data Center
Florida Northeast Regional Data Center
Florida State University
Food and Drug Administration
Fordham University
Franklin and Marshall College
Fred Hutchinson Cancer Research Center
Gallaudet University
General Electric Corporate Research & Development
George Mason University
George Washington University
Georgetown University
Georgetown University Medical Center
Georgia Institute of Technology
Georgia State University
Gettysburg College
Grinnell College
Gustavus Adolphus College
Hampshire College
Harvard University
Harvey Mudd College
Haverford College
Hofstra University
Howard University
IBM Almaden Research Center
IBM VNET Gateway
IBM Watson Scientific Research Center Yorktown
Illinois Institute of Technology
Indiana University
Indiana University of Pennsylvania
Indiana University/Purdue University at Indianapolis
Institute for Advanced Study
Iona College
Iowa State University
Ithaca College
James Madison University
Jersey City State College
John Carroll University
John Von Neumann Center
Johns Hopkins University
Kansas State University
Kent State University
Lafayette College
Lawrence Berkeley Laboratory
Lawrence University
Le Moyne College
Lehigh University
Lewis and Clark College
Long Island University
Los Alamos National Laboratory
Louisiana State University
Louisiana State University Medical Center
Loyola College
Loyola University of Chicago
Macalester College
Macomb Community College
Manhattan College
Maricopa County Community College District
Marist College
Marquette University
Marshall University
Massachusetts Institute of Technology
Medical College of Ohio
Medical College of Wisconsin
Medical University of South Carolina
Merit Computer Network
Miami University
Michigan State University
Michigan Technological University
Middlebury College
Millersville University of Pennsylvania
Mississippi State University
Montana State University
Montgomery College
Mount Holyoke College
NASA Goddard Institute for Space Studies
National Academy of Sciences
National Aeronautics and Space Administration
National Astronomy and Ionosphere Center
National Bureau of Standards
National Center for Atmospheric Research
National Institute of Environmental Health Sciences
National Institutes of Health
National Radio Astronomy Observatory
National Science Foundation
Naval Health Sciences Education and Training Command
Naval Postgraduate School
New Jersey Educational Computer Network
New Jersey Institute of Technology
New Mexico State University
New York State College of Ceramics at Alfred University
New York University
North Carolina State University
North Dakota Higher Education Computer Network
Northeast Missouri State University
Northeastern University
Northern Arizona University
Northern Illinois University
Northwestern University
Norwich University
Oak Ridge National Laboratory
Oakland Community College
Oberlin College
Ohio State University
Ohio University
Ohio Wesleyan University
Oklahoma State University
Old Dominion University
Online Computer Library Center (OCLC)
Oregon State University
Pace University Pleasantville-Briarcliff Campus
Pacific Lutheran University
Pan American University
Pennsylvania State University
Pepperdine University
Polytechnic University
Pomona College
Portland State University
Pratt Institute
Princeton University
Purdue University
Radford University
Reed College
Regents Computer Network
Rensselaer Polytechnic Institute
Research Libraries Group
Rhodes College
Rice University
Rochester Institute of Technology
Rockefeller University
Rohm and Haas Company
Rose-Hulman Institute of Technology
Rutgers University
Saint Louis University
Saint Mary's University of San Antonio
Saint Michael's College
Saint Peter's College
Salk Institute
Sam Houston State University
Samford University
San Diego Supercomputer Center
Santa Clara University
Seton Hall University
Shriners Hospital for Crippled Children
Skidmore College
Smith College
Smithsonian Institution
South Dakota State University
Southeast Regional Data Center/FIU
Southeastern Massachusetts University
Southern Illinois University
Southern Illinois University at Edwardsville
Southern Methodist University
Southwest Missouri State University
Southwest Texas State University
Space Telescope Science Institute
St. Lawrence University
Stanford Linear Accelerator Center
Stanford Synchrotron Radiation Laboratory
Stanford University
State University of New York Agricultural and Tech College at Canton
State University of New York Agricultural & Tech Col at Farmingdale
State University of New York at Albany
State University of New York at Binghamton
State University of New York at Buffalo
State University of New York at Stony Brook
State University of New York Central Administration
State University of New York College at Brockport
State University of New York College at Buffalo
State University of New York College at Cortland
State University of New York College at Fredonia
State University of New York College at Geneseo
State University of New York College at New Paltz
State University of New York College at Old Westbury
State University of New York College at Oneonta
State University of New York College at Oswego
State University of New York College at Plattsburgh
State University of New York College at Potsdam
State University of New York College of Technology at Alfred
State University of New York College of Technology at Delhi
State University of New York Health Science Center at Brooklyn
State University System of Minnesota System Office
Stephen F. Austin State University
Stevens Institute of Technology
Swarthmore College
Syracuse University
Tarleton State University
Temple University
Tennessee Technological University
Texas A&M University
Texas Christian University
Texas Tech University
The Center for Cultural and Technical Exchange Between East and West
The Citadel, The Military College of South Carolina
The Jackson Laboratory
The World Bank
Towson State University
Transylvania University
Trenton State College
Triangle Universities Computation Center
Triangle Universities Nuclear Laboratory
Trinity College
Trinity University
Tufts University
Tulane University
Uniformed Services University of the Health Sciences
Union College
United States Environmental Protection Agency
United States Geological Survey
University of Akron
University of Alabama
University of Alabama at Birmingham
University of Alaska
University of Arizona
University of Arkansas
University of Arkansas at Little Rock
University of Arkansas for Medical Sciences
University of California
University of California Berkeley
University of California Davis
University of California Irvine
University of California Los Angeles
University of California Riverside
University of California San Diego
University of California San Francisco
University of California Santa Barbara
University of California Santa Cruz
University of Central Florida
University of Chicago
University of Cincinnati
University of Colorado at Boulder
University of Colorado at Colorado Springs
University of Colorado at Denver
University of Colorado Health Sciences Center
University of Connecticut
University of Dayton
University of Delaware
University of Denver
University of Florida
University of Georgia Athens
University of Hartford
University of Hawaii
University of Houston
University of Houston at Clear Lake
University of Idaho
University of Illinois at Urbana-Champaign
University of Illinois Chicago
University of Iowa
University of Kansas
University of Kansas Medical Center
University of Kentucky
University of Louisville
University of Maine
University of Maryland
University of Massachusetts at Amherst
University of Massachusetts at Boston
University of Medicine & Dentistry of New Jersey
University of Michigan
University of Minnesota
University of Minnesota at Morris
University of Minnesota Duluth
University of Mississippi
University of Missouri - Columbia
University of Missouri - Kansas City
University of Missouri - Rolla
University of Missouri - St. Louis
University of Nebraska - Omaha
University of Nebraska Computer Services Network
University of Nebraska Lincoln
University of Nebraska Medical Center
University of Nevada
University of New Hampshire
University of New Mexico
University of New Orleans
University of North Carolina at Chapel Hill
University of North Carolina at Charlotte
University of North Carolina at Greensboro
University of North Carolina Gen Ad Cntrl Of-Ed Cmptg Srvs
University of North Florida
University of North Texas
University of Notre Dame
University of Oklahoma Norman Campus
University of Oregon
University of Pennsylvania
University of Pittsburgh
University of Puerto Rico
University of Rhode Island
University of Richmond
University of Rochester
University of Scranton
University of South Alabama
University of South Carolina
University of Southern California
University of Southern Mississippi
University of Tennessee
University of Tennessee at Chattanooga
University of Tennessee at Knoxville
University of Tennessee at Memphis
University of Texas at Arlington
University of Texas at Austin
University of Texas at Dallas
University of Texas at El Paso
University of Texas at Houston
University of Texas at San Antonio
University of Texas Health Science Center at San Antonio
University of Texas Medical Branch at Galveston
University of Texas Southwestern Medical Center at Dallas
University of Texas System
University of the District of Columbia
University of Toledo
University of Tulsa
University of Utah
University of Vermont
University of Virginia
University of Washington
University of West Florida
University of Wisconisn - La Crosse
University of Wisconsin - Oshkosh
University of Wisconsin - Stout
University of Wisconsin Eau Claire
University of Wisconsin Madison
University of Wisconsin Milwaukee
University of Wyoming
Utah State University
Valparaiso University
Vanderbilt University
Vassar College
Villanova University
Virginia Commonwealth University
Virginia Community College System
Virginia Polytechnic Institute and State University
Washington State University
Washington University
Wayne State University
Wesleyan University
West Chester University of Pennsylvania
West Virginia Network for Educational Telecomputing
Western Washington University
Wichita State University
Williams College
Worcester Polytechnic Institute
Wright State University
Xavier University
Yale University
Youngstown State University
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 7 of 12
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<> <>
<> UTOPIA Index File 2 <>
<> <>
<> BITNET Member Institutions <>
<> <>
<> December 1988 <>
<> <>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><>
AK University of Alaska
AL Auburn University
Samford University
University of Alabama
University of Alabama at Birmingham
University of South Alabama
AR University of Arkansas
University of Arkansas at Little Rock
University of Arkansas for Medical Sciences
AZ Arizona State University
Maricopa County Community College District
Northern Arizona University
University of Arizona
CA California Institute of Technology
California Polytechnic State University-San Luis Obispo
California State University
Claremont Graduate School
Electric Power Research Institute
Harvey Mudd College
IBM Almaden Research Center
Lawrence Berkeley Laboratory
Naval Postgraduate School
Pepperdine University
Pomona College
Research Libraries Group
Salk Institute
San Diego Supercomputer Center
Santa Clara University
Stanford Linear Accelerator Center
Stanford Synchrotron Radiation Laboratory
Stanford University
University of California
University of California Berkeley
University of California Davis
University of California Irvine
University of California Los Angeles
University of California Riverside
University of California San Diego
University of California San Francisco
University of California Santa Barbara
University of California Santa Cruz
University of Southern California
CO Colorado School of Mines
Colorado State University
National Center for Atmospheric Research
University of Colorado at Boulder
University of Colorado at Colorado Springs
University of Colorado at Denver
University of Colorado Health Sciences Center
University of Denver
CT Connecticut College
Connecticut State University System
Trinity College
University of Connecticut
University of Hartford
Wesleyan University
Yale University
DC American University
Catholic University of America
Food and Drug Administration
Gallaudet University
George Washington University
Georgetown University
Georgetown University Medical Center
Howard University
National Academy of Sciences
National Science Foundation
Smithsonian Institution
The World Bank
University of the District of Columbia
DE University of Delaware
FL Florida Central Regional Data Center
Florida Northeast Regional Data Center
Florida State University
Southeast Regional Data Center/FIU
University of Central Florida
University of Florida
University of North Florida
University of West Florida
GA Emory University
Georgia Institute of Technology
Georgia State University
University of Georgia Athens
HI The Center for Cultural & Tech Exchange Btwn East and West
University of Hawaii
IA Drake University
Grinnell College
Iowa State University
University of Iowa
ID Boise State University
University of Idaho
IL Argonne National Laboratory
College of DuPage
De Paul University
Educational Computing Network of Illinois
Fermi National Accelerator Laboratory
Illinois Institute of Technology
Loyola University of Chicago
Northern Illinois University
Northwestern University
Southern Illinois University
Southern Illinois University at Edwardsville
University of Chicago
University of Illinois at Urbana-Champaign
University of Illinois Chicago
IN Ball State University
Indiana State University
Indiana University
Indiana University/Purdue University at Indianapolis
Purdue University
Rose-Hulman Institute of Technology
University of Notre Dame
Valparaiso University
KS Kansas State University
University of Kansas
University of Kansas Medical Center
Wichita State University
KY Transylvania University
University of Kentucky
University of Louisville
LA Louisiana State University
Louisiana State University Medical Center
Tulane University
University of New Orleans
MA Amherst College
Babson College
Bentley College
Boston College
Boston University
Brandeis University
Clark University
College of the Holy Cross
Hampshire College
Harvard University
IBM VNET Gateway
Massachusetts Institute of Technology
Mount Holyoke College
Northeastern University
Regents Computer Network
Smith College
Southeastern Massachusetts University
Tufts University
University of Massachusetts at Amherst
University of Massachusetts at Boston
Williams College
Worcester Polytechnic Institute
MD American Assoc of State Colleges Univs (AASCU) Meeting
Biotechnology Research Center
Catonsville Community College
Johns Hopkins University
Loyola College
Montgomery College
National Aeronautics and Space Administration
National Bureau of Standards
National Institutes of Health
Naval Health Sciences Education and Training Command
Space Telescope Science Institute
Towson State University
Uniformed Services University of the Health Sciences
University of Maryland
ME Bowdoin College
The Jackson Laboratory
University of Maine
MI Albion College
Central Michigan University
Macomb Community College
Merit Computer Network
Michigan State University
Michigan Technological University
Oakland Community College
University of Michigan
Wayne State University
MN Control Data Corporation
Gustavus Adolphus College
Macalester College
State University System of Minnesota System Office
University of Minnesota
University of Minnesota at Morris
University of Minnesota Duluth
MO Northeast Missouri State University
Saint Louis University
Southwest Missouri State University
University of Missouri
Washington University
MS Mississippi State University
University of Mississippi
University of Southern Mississippi
MT Montana State University
NC Appalachian State University
Davidson College
Duke University
East Carolina University
National Institute of Environmental Health Sciences
North Carolina State University
Triangle Universities Computation Center
Triangle Universities Nuclear Laboratory
United States Environmental Protection Agency
University of North Carolina at Chapel Hill
University of North Carolina at Charlotte
University of North Carolina at Greensboro
University of North Carolina Gen Ad Cntrl Off Ed Comptng Srvs
ND North Dakota Higher Education Computer Network
NE University of Nebraska - Omaha
University of Nebraska Computer Services Network
University of Nebraska Lincoln
University of Nebraska Medical Center
NH Dartmouth College
University of New Hampshire
NJ BITNET Network Information Center
Drew University
Educational Testing Service
EDUCOM
Exxon Research and Engineering Company
Institute for Advanced Study
Jersey City State College
John Von Neumann Center
New Jersey Educational Computer Network
New Jersey Institute of Technology
Princeton University
Rutgers University
Saint Peter's College
Seton Hall University
Stevens Institute of Technology
Trenton State College
University of Medicine & Dentistry of New Jersey
NM Los Alamos National Laboratory
New Mexico State University
University of New Mexico
NV University of Nevada
NY American Institute of Physics
American Physical Society
Association for Computing Machinery
BITNET-Internet Gateway
Brookhaven National Laboratory
Canisius College
City University of New York CUNY
Clarkson University
Cold Spring Harbor Laboratory
Colgate University
Columbia University
Columbia University Teachers College
Cornell University
Fordham University
General Electric Corporate Research & Development
Hofstra University
IBM Watson Scientific Research Center Yorktown
Iona College
Ithaca College
Le Moyne College
Long Island University
Manhattan College
Marist College
NASA Goddard Institute for Space Studies
New York State College of Ceramics at Alfred University
New York University
Pace University Pleasantville-Briarcliff Campus
Polytechnic University
Pratt Institute
Rensselaer Polytechnic Institute
Rochester Institute of Technology
Rockefeller University
Skidmore College
St. Lawrence University
State University of New York Ag and Tech College at Canton
State University of New York Ag and Tech College at Farmingdale
State University of New York at Albany
State University of New York at Binghamton
State University of New York at Buffalo
State University of New York at Stony Brook
State University of New York Central Administration
State University of New York College at Brockport
State University of New York College at Buffalo
State University of New York College at Cortland
State University of New York College at Fredonia
State University of New York College at Geneseo
State University of New York College at New Paltz
State University of New York College at Old Westbury
State University of New York College at Oneonta
State University of New York College at Oswego
State University of New York College at Plattsburgh
State University of New York College at Potsdam
State University of New York College of Technology at Alfred
State University of New York College of Technology at Delhi
State U of New York Health Science Center at Brooklyn
Syracuse University
Union College
University of Rochester
Vassar College
OH Bowling Green State University
Case Western Reserve University
Chemical Abstracts Service
Cleveland State University
Denison University
John Carroll University
Kent State University
Medical College of Ohio
Miami University
Oberlin College
Ohio State University
Ohio University
Ohio Wesleyan University
Online Computer Library Center (OCLC)
University of Akron
University of Cincinnati
University of Dayton
University of Toledo
Wright State University
Xavier University
Youngstown State University
OK Oklahoma State University
University of Oklahoma Norman Campus
University of Tulsa
OR Lewis and Clark College
Oregon State University
Portland State University
Reed College
Shriners Hospital for Crippled Children
University of Oregon
PA Allegheny College
Annenberg Research Institute
Bryn Mawr College
Bucknell University
Carnegie Mellon University
Dickinson College
Drexel University
Franklin and Marshall College
Gettysburg College
Haverford College
Indiana University of Pennsylvania
Lafayette College
Lehigh University
Millersville University of Pennsylvania
Pennsylvania State University
Rohm and Haas Company
Swarthmore College
Temple University
University of Pennsylvania
University of Pittsburgh
University of Scranton
Villanova University
West Chester University of Pennsylvania
PR National Astronomy and Ionosphere Center
University of Puerto Rico
RI Brown University
University of Rhode Island
SC Clemson University
Medical University of South Carolina
The Citadel, The Military College of South Carolina
University of South Carolina
SD Dakota State College
South Dakota State University
TN East Tennessee State University
Oak Ridge National Laboratory
Rhodes College
Tennessee Technological University
University of Tennessee
University of Tennessee at Chattanooga
University of Tennessee at Knoxville
University of Tennessee at Memphis
Vanderbilt University
TX Abilene Christian University
Baylor University
Pan American University
Rice University
Saint Mary's University of San Antonio
Sam Houston State University
Southern Methodist University
Southwest Texas State University
Stephen F. Austin State University
Tarleton State University
Texas A&M University
Texas Christian University
Texas Tech University
Trinity University
University of Houston
University of Houston at Clear Lake
University of North Texas
University of Texas at Arlington
University of Texas at Austin
University of Texas at Dallas
University of Texas at El Paso
University of Texas at Houston
University of Texas at San Antonio
University of Texas Health Science Center at San Antonio
University of Texas Medical Branch at Galveston
University of Texas Southwestern Medical Center at Dallas
University of Texas System
UT Brigham Young University
University of Utah
Utah State University
VA College of William and Mary
Continuous Electron Beam Accelerator Facility
George Mason University
James Madison University
National Radio Astronomy Observatory
Old Dominion University
Radford University
United States Geological Survey
University of Richmond
University of Virginia
Virginia Commonwealth University
Virginia Community College System
Virginia Polytechnic Institute and State University
VT Middlebury College
Norwich University
Saint Michael's College
University of Vermont
WA Fred Hutchinson Cancer Research Center
Pacific Lutheran University
University of Washington
Washington State University
Western Washington University
WI Lawrence University
Marquette University
Medical College of Wisconsin
University of Wisconisn - La Crosse
University of Wisconsin - Oshkosh
University of Wisconsin - Stout
University of Wisconsin Eau Claire
University of Wisconsin Madison
University of Wisconsin Milwaukee
WV Marshall University
West Virginia Network for Educational Telecomputing
WY University of Wyoming
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 8 of 12
____________________________________
| |
| Getting Serious About VMS Hacking |
| |
| by VAXbusters International |
| |
| January 1989 |
|____________________________________|
The VAX/VMS operating system is said to be one of the most secure systems
currently available. It has been massively extended in the past to provide
features which can help system managers getting their machines locked up to
abusers and to trace back any attempts to indiscriminate system security. As
such, it is not easy getting into VMS machines now without having insider
information, and it's even harder to stay in.
The following article describes some of the internals which make up the VMS
security features, and tries to give hints what to do to remain undiscovered.
The reader should be familiar with the VMS system from the programmer's point
of view.
Some of the things mentioned are closely related to the internal workings of
the VAX/VMS operating system. All descriptions are held as general as
possible. It is tried to point out where weak points in the system are
located, not to give step-by-step instructions on how to hack VMS machines.
The main reason for this is, that it is very hard to remain undiscovered in a
VMS system without having good knowledge of the whole system. This knowledge
is only aquirable by experience.
To use some of the techniques described herein, some literature is recommended:
"The VAX Architecture Handbook," published by DEC. This book describes
the VAX processor, it's instruction set and it's hardware. It is a good
book to have on your desk, since it costs nothing (just go to your local
DEC store and ask for it) and is only in paperback format.
"MACRO and Instruction Set," part of the VMS documentation kit. This is
needed only if you want to program bigger things in MACRO. It's
recommended reading, but you don't need to have it on your own normally.
"VAX/VMS Internals and Data Structures" by L.Kenah and S.Bate. This is
the bible for VMS hackers. It describes the inner workings of the system
as well as most of the data structures used within the kernel. The
Version published always is one version number behind the current VMS
release, but as the VAX architecture doesn't change, it is the best source
on a description how the system works. After you've read and understood
this book, the VAX won't look more mysterious than your C64. You can
order this book from DEC, the order number for the V3.0 version of the
book is EY-00014-DP. The major drawback is the price, which is around
$70-$100.
A good source of information naturally is the source code of the VMS system.
The easiest way to snoop around in it is to get the microfiche set, which is
delivered by DEC to all bigger customers of the system. The major disadvantage
is that you need a fiche reader to use it. The fiche is needed if
modifications to the system code are intended, unless you plan to disassemble
everything you need. The VMS system is written in BLISS-32 and FORTRAN. BLISS
is quite readable, but it might be worthwhile having a FORTRAN hacker around if
you intend to do patch any of the programs implemented in FORTRAN. The source
fiche always contains the current release, so it's useful to check if the
information in "Internals and Data Structures" is still valid.
Hacker's Tools
~~~~~~~~~~~~~~
There are several programs which are useful when snooping around on a VMS
system.
The most important utility might be the System Dump Analyzer (SDA), which is
started with the command ANALYZE/SYSTEM. Originally, SDA was developed to
analyze system crash dumps, which are created every time the machine crashes in
a 'controlled' manner (bugcheck or opcrash). SDA can also be used to analyze
the running system, which is the more useful function. A process which wants
to run SDA needs the CMKRNL privilege. With SDA, you can examine any process
and find out about accessed files and devices, contents of virtual memory (like
typeahead and recall buffers), process status and more. SDA is a watching
tool, so you normally can't destroy anything with it.
Another helpful tool is the PATCH utility, called up by the command PATCH. As
VMS is distributed in a binary-only fashion, system updates are normally
distributed as patches to binaries. PATCHES can be entered as assembler
statements directly. Combined with the source fiche, PATCH is a powerful tool
for your modifications and improvements to the VMS operating system.
Privileges
~~~~~~~~~~
To do interesting things on the VMS system, you normally need privileges. The
following lists describes some of the privileges which are useful in the
onliner's daily life.
CMKRNL
CMEXEC These two privileges enable a user to execute arbitrary routines with
KERNEL and EXECUTIVE access mode. These privileges are needed when one
plans to access kernel data structures directly. CMKRNL is the most
powerful privilege available, everything which is protected can be
accessed utilizing it.
SYSPRV A process which holds this privilege can access objects via the system
protection. A process holding the this privilege has the same access
rights as a process running under a system UIC.
SHARE This allows a process to assign channels to nonshareable devices which
already have channels assigned to them. This can be used to prevent
terminal hangups and to assign channels to system mailboxes.
Process States And The Process Control Block
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you get into kernel hacking, you should pay special attention to the field
PCB$L_STS. This field tells about the process status. Interesting bits are
PCB$V_DELPEN, PCB$V_NOACNT and PCB$V_BATCH. There can be achieved astonishing
effects by setting these bits.
Hideout
~~~~~~~
A nice possibility to have is to be unseen by a system manager. There are many
ways to get invisible to SHOW USERS, but hiding from SHOW SYSTEM is another
story, as it doesn't even use standard system calls to get a list of the
currently running processes. And in fact, hiding from SDA is even harder,
since it directly peeks kernel data structures. Anyway, being invisible to
SHOW USERS is useful on small systems, where one user more could ring the alarm
bell of the system operator.
One possibility to do this is to become a subprocess of some non-interactive
job (like a BATCH or NETWORK process). The other way is to patch the PCB to
become a BATCH process or to delete the terminal name (which makes SHOW USERS
think you are non-interactive as well). Patching the PCB has a disadvantage:
The system global variable SYS$GW_IJOBCNT which contains the number of
interactive users must be directly decremented before you hide, and MUST be
incremented before you log out.
If you forget this, the interactive job count will be wrong. If it becomes
negative, strange effects will show up, which will confuse every system
manager.
Accounting And Audits
~~~~~~~~~~~~~~~~~~~~~
The most nasty thing about VMS since release 4.2 is the security auditing
feature. It enables the system manager to log almost every security relevant
event he desires. For example, access to files, login failures and
modification user authorization data base can all be monitored, logged and
written to the system printer. The first thing to find out in a new, unknown
system is the awareness of the system management. The status of the accounting
system is easily determinable by the command SHOW ACCOUNTING. Normally,
everything except IMAGE accounting is enabled. When IMAGE accounting is also
enabled, this is the first hint to be careful. The second thing to check out
is the status of the security auditing system. You need the SECURITY privilege
to execute the command SHOW AUDIT.
If no audits are enabled, and image accounting is not turned on, the system
normally is not set up to be especially secure. Such systems are the right
playground for a system hacker, since one doesn't have to be as careful as one
has to be on a correctly managed system.
Accounting
~~~~~~~~~~
The main intention for running accounting on a system is the need to charge
users for resources (cpu time, printer usage etc.) they use on the machine. On
the other hand, accounting can be very useful to track down invaders. Luckily,
accounting information is being logged in the normal file system, and as such
one can edit out information which isn't supposed to be seen by sneaky eyes.
The most important utility to handle accounting files is, naturally, the
ACCOUNTING utility. It has options to collect information which is stored in
accounting files, print it in a human readable manner, and, most importantly,
edit accounting files. That is, you can edit all information out of an
accounting file which you don't want to appear in reports anymore. The
important qualifier to the ACCOUNTING command is /BINARY.
File Access Dates
~~~~~~~~~~~~~~~~~
One way for system managers to discover unwanted guests is to look out for
modified system files. Fortunately, there are ways to modify the modification
dates in a file's header. This can be done with RMS system calls, but there is
no easy way to do that with pure DCL. There are several utilities to do this
kind of things in the public domain, so look out in the DECUS catalog.
OPCOM
~~~~~
OPCOM is a process which logs system and security relevant events (like tape
and disk mount transactions, security auditing messages etc.). OPCOM receives
messages via a mailbox device, formats them, logs the event in the operator
logfile (SYS$MANAGER:OPERATOR.LOG) and notifies all operators. Additionally,
it sends all messages to it's standard output, which normally is the system
console device _OPA0:. When OPCOM is started, one message is sent to the
standard output announcing that the operator logfile has been initialized.
Thus, it's not recommended to kill OPCOM to remain undiscovered, since the
system manager most likely will get suspicious if the operator logfile has been
initialized without an obvious reason. The elegant solution to suspend OPCOM,
for the time where no operator messages shall come through. While OPCOM is
suspended, all messages will be buffered in the mailbox device, where every
process with sufficient privilege can read them out, thus avoiding that OPCOM
reads those messages after it is restarted.
There is one problem with this solution though: OPCOM always has a read
pending on that mailbox, and this read will be there even if the OPCOM process
is suspended. Unless you're heavily into kernel hacking, there is no way to
get rid of this read request. As such, the easy solution is to generate an
unsuspicious operator message as soon as OPCOM is suspended. Afterwards, your
own process (which can be a DCL procedure) reads all subsequent messages off
the OPCOM mailbox until you feel save enough to have OPCOM resume it's work. By
the way, the OPCOM message mailbox is temporary and has no logical name
assigned to it. You'll need SDA to get information about the device name.
Command Procedures
~~~~~~~~~~~~~~~~~~
Timely, you'll need DCL procedures to have some routine work done
automatically. It is important not to have strange command procedures lying
around on a foreign system, since they can be easily read by system managers.
Fortunately, a command file may be deleted while someone is executing it. It
is good practice to do so, utilizing the lexical function F$ENVIRONMENT. If
you need access to the command file itself from the running procedure, just
assign a channel to it with OPEN.
Piggy-Backing
~~~~~~~~~~~~~
It's not normally a good idea to add new, possibly privileged accounts to a
foreign system. The better approach is to to use accounts which have been
unused for some months and to hide privileged programs or piggybacks which gain
privilege to the caller by some mechanism. A piggyback is a piece of code
which is added to a privileged system program, and which gives privileges
and/or special capabilities to callers which have some kind of speciality (like
a special process name, for example). Be careful not to change file sizes and
dates, since this makes people suspicious.
Conclusion
~~~~~~~~~~
This file just tries to give an impression how interesting VMS kernel hacking
can be, and what possibilities there are. It of course is not complete, and
many details have been left out. Hopefully, it has been useful and/or
interesting lecture.
(C)opyright 1989 by the VAXBusters International.
You may give around this work as long as you don't pretend you wrote it.
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 9 of 12
<?><><><><><><><><><><><><><><><><><><><><><><><><><><?>
<|> <|>
<|> Can You Find Out If Your Telephone Is Tapped? <|>
<|> by Fred P. Graham <|>
<|> <|>
<|> "It Depends On Who You Ask" <|>
<|> <|>
<|> Transcribed by VaxCat <|>
<|> <|>
<|> December 30, 1988 <|>
<|> <|>
<?><><><><><><><><><><><><><><><><><><><><><><><><><><?>
Unlike most Americans, who suspect it, Sarah Bartlett at least knows she was
overheard by an F.B.I. wiretap in the computer room of the Internal Revenue
Service Building in Washington, across the street from the Justice Department.
On April 25, as she sat at her card-punch machine, the postman handed her a
registered letter containing a document known in police circles as a "wiretap
notice." It told her that the Government had been given permission to
intercept wire communications "to and from" two Washington telephones for a
period of fifteen days after January 13, and that during this period her own
voice had been heard talking to the parties on those phones. Miss Bartlett
said nothing to the other girls in the computer room, but she must have been
stunned. A few weeks later, federal agents came to the computer room and took
her away, to face a variety of charges that amounted to being a runner for a
numbers game.
There are no figures to disclose how many Americans have received such wiretap
messages, and few people who have gotten them have spoken out. But the number
could be over 50,000 by now. When Congress enacted the requirement in 1968
that notice of wiretap be given, it intended to sweep away the growing sense of
national paranoia about electronic snoopery. But there seems to be an unabated
national suspicion that almost everybody who is anybody is being tapped or
bugged by somebody else. Herman Schwartz, a Buffalo, New York, law professor
who is the American Civil Liberties Union's expert on Governmental
eavesdropping, estimates that since 1968 between 150,000 and 250,000 Americans
have been overheard by the Big Ear of the Federal Government or local police.
"If you have anything to do with gambling or drugs, or if you're a public
official involved in any hanky-panky and if you're a Democrat, or if you or
your friends are involved in radical politics or black activism, you've
probably been bugged," Professor Schwartz says.
Henry Kissinger wisecracks to friends that he won't have to write his memoirs,
he'll just publish the F.B.I.'s transcripts of his telephone calls. Richard G.
Kleindienst has had his Justice Department office "swept." Secretary of State
William P. Rogers once shied away from discussing China policy over a liberal
newspaper columnist's line. High-ranking officials in New York, Washington and
Albany have been notified by the New York District Attorney's office that they
may become targets of blackmailers because their visits to a swanky Manhattan
whorehouse were recorded on hidden bugs. The technician who regularly sweeps
the office of Maryland Governor Marvin Mandel, checking the Civil Defense
hot-line telephone he had been instructed not to touch, recently found it was
wired to bug the room while resting on the hook. Democratic officials waxed
indignant over the five characters with Republican connections who were caught
attempting to bug the Democratic National Committee headquarters in the
Watergate hotel, but when they had earlier found less conclusive proof of the
same kind of activity, they let it pass without public comment. The Omnibus
Crime Control Act of 1968 makes it a crime, punishable by five years in jail
and a $10,000 fine, to eavesdrop on a telephone call or a private conversation
without a court order. Only federal law-enforcement officials and local
prosecutors in states that have adopted similar wiretap legislation can get
court permission to wiretap, and the law requires that within ninety days after
a listening device is unplugged, wiretap notices must be sent to everyone whose
phones or premises were bugged, plus anyone else (like Sarah Bartlett) who was
overheard and might later be prosecuted because of it.
However, because of some private investigators and snoopy individuals nobody
knows how many are ignoring the law against eavesdropping and getting away with
it, and because none of the rules governing court-approved wiretapping in
ordinary criminal investigations applies to the Federal Government's
warrantless wiretapping in the name of "national security," no one can be
certain his phone is safe. Before the Supreme Court ruled, 8 to 0, last June
that the Government must get warrants for its wiretapping of domestic radicals
in national-security cases, the F.B.I. wiretapped both homegrown and foreign
"subversives" without court orders. The best estimates were that this
accounted for between 54,000 and 162,000 of the 150,000 to 250,000 people who
were overheard since 1968.
With warrantless wiretapping of domestic radicals now outlawed, the number of
persons overheard on warrantless devices is expected to be reduced by about one
fourth. But even with the courts requiring that more Government bugging be
reported to the victims, paranoia is fed by improved technology. Bugging has
now developed to the point that it is extremely difficult to detect, and even
harder to trace to the eavesdropper. The hottest item these days is the
telephone "hook-switch bypass," which circumvents the cutoff switch on a phone
and turns it into a sensitive bug, soaking up all the sounds in the room while
the telephone is sitting on its cradle. In its most simple form, a little
colored wire is added to the jumble of wires inside a telephone and it is about
as easy to detect as an additional strand in a plate of spaghetti. Even if it
is found, the eavesdropper probably won't be. A check of the telephone line
would most likely turn up a tiny transmitter in a terminal box elsewhere in the
building or somewhere down the street on a pole. This would probably be
broadcasting to a voice-activated tape recorder locked in the trunk of a car
parked somewhere in the neighborhood. It would be impossible to tell which one
it was.
My wife happened to learn about this at the time last year when The New York
Times locked horns with the Justice Department over the Pentagon Papers, and I
was covering the story for The Times. She became convinced that John Mitchell
would stop at nothing and that the telephone in our bedroom was hot as a poker.
After that, whenever a wifely chewing-out or amorous doings were brewing, I was
always forewarned. If anything was about to happen in the bedroom too
sensitive for the outside world to hear, my wife would first rise from the bed,
cross the room, and ceremoniously unplug the telephone. "When someone finds out
somebody else learned something they didn't want them to know, they usually
jump to the conclusion they've been bugged," says Allan D. Bell Jr., president
of Dektor Counterintelligence and Security Inc., in Springfield, Virginia,
outside Washington. "If they thought about it, there was probably some other,
easier way it got out."
Bell's point is that most people get information in the easiest, cheapest and
most legal way, and that the person whose secrets have been compromised should
consider first if he's thrown away carbons, left his files unlocked, hired a
secretary who could be bribed, or just talked too much. There's an important
exception, however, that many people don't know about. A party to a
conversation can secretly record it, without violating any law. A person on
one end of a telephone call can quietly record the conversation (the old legal
requirement of a periodic warning beep is gone). Also, one party to a
face-to-face conversation can secret a hidden recorder in his clothing. James
R. Robinson, the Justice Department lawyer in charge of prosecuting those who
get caught violating the anti-bugging law, insists that it is relatively rarely
broken. He debunks the notion that most private eavesdropping is done in the
executive suites of big business. Sex, not corporate intrigue, is behind
ninety percent of the complaints he gets. After giving the snoopy spouse or
lover a good scare, the Government doesn't even bother to prosecute
do-it-yourself wiretappers. If a private investigator did the bugging, they
throw the book at him.
Cost is the reason why experts insist there's less wiretapping than most people
think. Private investigators who use electronic surveillance don't quote their
prices these days, but people in the de-bugging business say the cost can range
from $10,000 per month for a first-rate industrial job to $150 per day for the
average private detective.
High costs also limit Government wiretapping. Last year the average F.B.I. tap
cost $600 per day, including installing the device, leasing telephone lines to
connect the bugs to F.B.I. offices, monitoring the conversations and typing the
transcripts. Considering the informative quality of most persons'
conversations, it isn't worth it. Court records of the F.B.I.'s surveillances
have demonstrated that when unguarded conversations are recorded, the result is
most likely to be a transcript that is uninformative, inane or
incomprehensible.
The folklore of what to do to thwart electronic surveillance is almost
uniformly misguided or wrong. Robert F. Kennedy, when he was Senator, was said
to have startled a visitor by springing into the air and banging his heels down
onto his office floor. He explained this was to jar loose any bug J. Edgar
Hoover might have planted. Whether he was teasing or not, experts say it
wouldn't have done anything except bruise Senator Kennedy's heels. Former
Senator Ralph Yarborough of Texas used to complain that, as each election
season approached, the reception in his office phone would fade as the current
was sapped by the multiple wiretaps installed by his political enemies. Those
people who think poor reception and clicking on the line are due to wiretapping
are giving wiretappers less credit and AT&T more, than either deserves.
Present-day wiretaps are frequently powered by their own batteries, or they
drain so little current that the larger normal power fluctuations make them
undetectable, even with sensitive current meters.
Clicks on the line can be caused by loose connections in the phone, cables, or
central office equipment, wet cables, defective switches in the central office,
and power surges when batteries in the central office are charged. A
sophisticated wiretap records conversations on a machine that turns itself
silently on and off as you speak. The tap is designed to work without
extraneous noises; your telephone isn't. If things you say in private or on
the telephone seem to be coming back to you from unlikely sources, your first
step should be to make a careful check of the room or rooms that might be
bugged.
If the Federal Government is doing the eavesdropping, neither you nor any but
the most experienced antibugging experts will detect it. Nobody has discovered
a Justice Department wiretap for years, because the telephone company itself
often taps the line and connects it to an FBI listening post. FBI bugs have
become so sophisticated that the normal sweep techniques won't detect them,
either. But the kind of eavesdropping that is being done by many private
investigators is often so crude that even another amateur can find it. Room
bugs come in two types: tiny microphones that send their interceptions to the
outside by wire, and little radio transmitters that radio their overhearings to
the outside.
Both are likely to be installed in electrical fixtures, because their power can
be borrowed, their wires can be used to transmit the conversations to the
listening post, and the fixtures' electrical innards serve as camouflage for
the electric bugs. Your telephone has all these attributes, plus three
built-in amplifiers the eavesdropper can borrow. You should first remove the
plastic cover from your telephone's body and check inside for a wire of odd
size or shape that seems to cut across the normal flow of the circuits. A bug
or radio transmitter that feeds on your telephone's power and amplifiers will
be a thimble-sized cylinder or cube, usually encased in black epoxy and wired
into the circuit terminals.
Also check for the same devices along the telephone lines in the room or in the
jack or box where the phone is attached to the baseboard. You should also
unscrew the mouthpiece and earpiece to check for suspicious wires or objects.
Even an expert would not detect a new item that's being sold illegally, a
bugged mouthpiece that looks just like the one now in your telephone, and which
can be switched with yours in a few seconds. After the phone check, look for
suspicious little black forms wired into television sets, radios, lamps and
clocks.
Also check heating and air-conditioning ducts for mikes with wires running back
into the ducts. Radio transmitter bugs that have their own batteries can be
quickly installed, but they can also be easier to find. Check under tables and
chairs, and between sofa cushions. Remember they need to be near the point of
likely conversations to assure good reception. Sometimes radio bugs are so
cleverly concealed they are almost impossible to detect. A German manufacturer
advertises bugged fountain pens that actually write, table cigarette lighters
that actually light, and briefcases that actually carry briefs.
Noting that the owner of such items can absent himself from delicate
negotiations and leave his electronic ear behind, the company observes that
"obviously, a microphone of this type opens untold opportunities during
conferences, negotiations, talks, etc." If you suspect that your telephone has
been tapped and your own visual inspection shows nothing, you can request the
telephone company to check the line. The American Telephone and Telegraph
Company estimates it gets about ten thousand requests from customers per year
to check out their lines. These checks, plus routine repair service, turn up
evidence of about two hundred fifty listening devices each year. When evidence
of a tap is found, the company checks with the FBI and with local police in
states where the laws permit police wiretapping with court orders. Until
recently, if the tap was a court-approved job, the subscriber was assured that
"no illegal device" was on the line. This proved so unsettling to the persons
who requested the checks that now the telephone company says it tells all
subscribers about any taps found. If this includes premature tidings of a
court-approved FBI tap, that's a hassle that AT&T is content to leave to the
Government and its suspect.
For those who have done the above and are still suspicious, the next step up in
defensive measures is to employ an expert to de-bug your premises. A thorough
job involves a minute inspection of the premises, including X-ray pictures of
desk ornaments and other items that might contain hidden radio transmitters,
the use of metal detectors to search out hidden microphones, checks of the
electrical wiring for signs of unusual currents, and the use of a sensitive
radio-wave detector to find any stray transmissions that a hidden bug might be
giving out, plus employment of a radio field-strength meter to locate the bug.
With so much expertise required to do a sound detection job, and with no
licensing requirements in most states to bar anybody from clapping on earphones
and proclaiming himself an expert de-bugger, it is not surprising that the
field abounds with quacks. A Pennsylvania construction company that had lost a
series of close bids hired a local private detective last year to sweep its
boardroom for bugs. The company's security chief, taking a dim view of the
outside hotshot, took an ordinary walkie-talkie, taped its on-button down for
steady transmission, and hid it behind the books on a shelf. He sat in a room
down the hall and listened as the detective clumped into the room, swept around
with his electronic devices, and pronounced the room clean.
Sometimes bogus de-buggers will give clients something extra for their money by
planting a device and finding it during their sweep. One "expert" tried this
twice in Las Vegas with organized-crime figures, who later compared notes and
concluded they'd been taken. "Boy, was he sorry," chortled the Justice
Department attorney who related the story. If you nevertheless want to have
your place swept, things are complicated by the telephone company's ban on
advertising by de-buggers.
As the Missouri Public Service Commission put it when it upheld the telephone
company's refusal to include "de-bugging" in a detective's yellow-page ad,
"advertising the ability to detect and remove electrical devices was, in fact,
also advertising the ability to place those same devices. Anyone can be pretty
certain of a reliable job by trying one of the major national detective
agencies, Burns, Pinkerton or Wackenhut. They charge $40 to $60 per man-hour,
for a job that will probably take two men a half day at least. They specialize
in industrial work and shy away from domestic-relations matters. So if that's
your problem, ask a lawyer or police official which private investigator in
town is the most reliable de-bugger around.
It may seem too obvious to bear mentioning, but don't discuss your suspicions
about eavesdropping in the presence of the suspected bug. W. R. Moseley,
director of the Burns agency's investigations operations, say in probably a
majority of the cases, a bugging victim tips off the eavesdropper that he's
going to call in a de-bugger, thus giving the eavesdropper an opportunity to
cover his tracks.
For the person who wants to have as much privacy as money can buy, the Dektor
company is marketing a console about the size of a Manhattan telephone book
which, for only $3,500, you can purchase to sit on your office desk and run a
constant check on the various things that might be done to your telephone and
electric lines to overhear your conversations. It will block out any effort to
turn your phone into a bug, will detect any harmonica bug, smother out any
telephone tap using a transmitter to broadcast overheard conversations, detect
any use of the electric lines for bugging purposes, and give off a frantic
beep-beep! if anyone picks up an extension phone.
As sophisticated as this device is, there is one thing its promoters won't say
it will do, detect a wiretap by the FBI. With the connection made in a place
where no de-bugger will be allowed to check, and the G-men monitoring it on
equipment no meter will detect, you can simply never know if the Government is
listening. So if you're a businessman and think you're bugged by competitors,
you're probably wrong. If you're a spouse or lover whose amours have gone
public, the listening device can be found but probably nothing will be done
about it. And if you're being listened to by the Biggest Ear of all, the
Government, you'll never really know until you get your "wiretap notice."
VaxCat
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 10 of 12
In The Spirit Of The Vicious Circle Trilogy...
Phrack Inc. Presents
*****************************************
*** ***
*** Big Brother Online ***
*** ***
*** by Thumpr Of ChicagoLand ***
*** ***
*** June 6, 1988 ***
*** ***
*** Special Thanks To Hatchet Molly ***
*** ***
*****************************************
The United States Government is monitoring the message activity on several
bulletin boards across the country. This is the claim put forth by Glen L.
Roberts, author of "The FBI and Your BBS." The manuscript, published by The
FBI Project, covers a wide ground of FBI/BBS related topics, but unfortunately
it discusses none of them in depth.
It begins with a general history of the information gathering activities of the
FBI. It seems that that the FBI began collecting massive amounts of
information on citizens that were involved with "radical political" movements.
This not begin during the 1960's as one might expect, but rather during the
1920's! Since then the FBI has amassed a HUGE amount of information on
everyday citizens... citizens convicted of no crime other than being active in
some regard that the FBI considers potentially dangerous.
After discussing the activities of the FBI Roberts jumps into a discussion of
why FBI snooping on BBS systems is illegal. He indicates that such snooping
violates the First, Fourth, and Fifth amendments to the Constitution. But he
makes his strongest case when discussing the Electronic Communications Privacy
Act of 1987. This act was amended to the Federal Wiretapping Law of 1968 and
was intended to protect business computer systems from invasion by "hackers."
But as with all good laws, it was written in such broad language that it can,
and does, apply to privately owned systems such as Bulletin Boards. Roberts
(briefly) discusses how this act can be applied in protecting *your* bulletin
board from snooping by the Feds.
How to protect your BBS: Do NOT keep messages for more than 180 days. Because
the way the law is written, messages less then 180 days old are afforded more
protection then older messages. Therefore, to best protect your system purge,
archive, or reload your message base about every 150 days or so. This seems
silly but will make it harder (more red tape) for the government to issue a
search warrant and inform the operator/subscriber of the service that a search
will take place. Roberts is not clear on this issue, but his message is stated
emphatically... you will be better protected if you roll over your message base
sooner.
Perhaps the best way to protect your BBS is to make it a private system. This
means that you can not give "instant access" to callers (I know of very few
underground boards that do this anyway) and you can not allow just anyone to be
a member of your system. In other words, even if you make callers wait 24
hours to be validated before having access you need to make some distinctions
about who you validate and who you do not. Your BBS needs to be a PRIVATE
system and you need to take steps to enforce and proclaim this EXPECTED
PRIVACY. One of the ways Roberts suggests doing so is placing a message like
this in your welcome screen:
"This BBS is a private system. Only private citizens who are not
involved in government or law enforcement activities are authorized
to use it. The users are not authorized to divulge any information
gained from this system to any government agency or employee."
Using this message, or one like it, will make it a criminal offense (under the
ECPA) for an FBI Agent or other government snoop to use your BBS.
The manuscript concludes with a discussion of how to verify users and what to
do when you find an FBI agent using your board. Overall, I found Roberts book
to be moderately useful. It really just whetted my appetite for more
information instead of answering all my questions. If you would like a copy of
the book it sells for $5.00 (including postage etc). Contact;
THE FBI PROJECT
Box 8275
Ann Arbor, MI 48107
Visa/MC orders at (313) 747-7027. Personally I would use a pseudonym when
dealing with this organization. Ask for a catalog with your order and you will
see the plethora of anti-FBI books this organization publishes. Undoubtedly
the FBI would be interested in knowing who is doing business with this place.
The manuscript, by the way, is about 20 pages long and offers references to
other FBI expose' information. The full citation of the EPCA, if you want to
look it up, is 18 USC 2701.
Additional Comments: The biggest weakness, and it's very apparent, is that
Roberts offers no evidence of the FBI monitoring BBS systems. He claims that
they do, but he does not give any known examples. His claims do make sense
however. As he states, BBS's offer a type of "publication" that is not read by
any editors before it is "published." It offers an instant form of news and
one that may make the FBI very nervous. Roberts would do well to include some
supportive evidence in his book. To help him out, I will offer some here.
* One of the Ten Commandments of Phreaking (as published in the
famous TAP Magazine) is that every third phreaker is an FBI agent.
This type of folklore knowledge does not arise without some kind of
justification. The FBI is interested in the activities of phreakers
and is going to be looking for the BBS systems that cater to them. If
your system does not, but it looks like it may, the FBI may monitor it
just to be sure.
* On April 26, 1988 the United States Attorney's Office arrested 19
people for using MCI and Sprint credit card numbers illegally. These
numbers were, of course, "stolen" by phreakers using computers to hack
them out. The Secret Service was able to arrest this people by posing
as phone phreaks! In this case the government has admitted to placing
agents in the field who pretend to be one of us. Watch yourself out
there, the success of this "sting" will only mean that they will try
it again. Be wary of people offering you codes.
* In the famous bust of the Inner Circle and the 414s, the FBI monitored
electronic mail for several months before moving in for the kill.
While it is true that the owners of the systems being hacked (Western
Union for one) invited the FBI to snoop through their files, it does
establish that the FBI is no stranger to the use of electronic
snooping in investigating crimes.
Conclusion: There is no reason to believe that the government is *not*
monitoring your bulletin board system. There are many good reasons to believe
that they are! Learn how to protect yourself. There are laws and regulations
in place that can protect your freedom of speech if you use them. You should
take every step to protect your rights whether or not you run an underground
system or not. There is no justification for the government to violate your
rights, and you should take every step you can to protect yourself.
I have no connections with Roberts, his book, or The FBI Project other then
being a mostly-satisfied customer. I'm not a lawyer and neither is Roberts.
No warranty is offered with this text file. Read and use it for what you think
it is worth. You suffer the consequences or reap the benefits. The choice is
yours, but above all stay free.
\\\\\\\\\\\\\\\\\\\*///////////////////////////////////////
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 11 of 12
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXIII/Part 1 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
Back To The Present
~~~~~~~~~~~~~~~~~~~
Welcome to Phrack World News Issue XXIII. This issue features stories on
the Chaos Computer Club, more news about the infamous Kevin Mitnick, and
details about an Australian-American hackers ring that has been shut down.
I also wanted to add a big "thanks" to those of you who did send in news
stories and information. Your help is greatly appreciated.
:Knight Lightning
_______________________________________________________________________________
Armed With A Keyboard And Considered Dangerous December 28, 1988
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A follow-up story to the Kevin Mitnick case in the December 24, 1988 edition of
the Los Angeles Times says the federal magistrate refused to release Mitnick on
bail December 23, 1988;
"after prosecutors revealed new evidence that Mitnick penetrated a
National Security Agency computer and may have planted a false story
on a financial news wire...."
Investigators believe that Mitnick may have been the instigator of a false
report released by a news service in April that Security Pacific National Bank
lost $400 million in the first quarter of 1988. The report, which was released
to the NY Stock Exchange and other wire services, was distributed four days
after Mitnick had been turned down for a job at Security Pacific [after the
bank learned he had lied on a job application about his past criminal record].
The false information could have caused huge losses for the bank had it reached
investors, but the hoax was uncovered before that could happen.
The prosecutor said Mitnick also penetrated a NSA computer and obtained
telephone billing data for the agency and several of its employees.
[In refusing bail, the magistrate said,] "I don't think there's any conditions
the court could set up based upon which the court would be convinced that the
defendant would be anything other than a danger to the community.... It sounds
like the defendant could commit major crimes no matter where he is."
Mitnick's attorney said prosecutors have no evidence for the new accusations.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dark Side Hacker Seen As Electronic Terrorist January 8, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By John Johnson Los Angeles Times
"Computer an 'Umbilical Cord to His Soul"
When a friend turned him in and Mitnick asked why, the friend replied, "Because
you're a menace to society." Mitnick is described as 25, an overweight,
bespectacled computer junkie known as a "dark side" hacker for his willingness
to use the computer as a weapon. His high school computer hobby turned into a
lasting obsession.
He allegedly used computers at schools and businesses to break into Defense
Department computer systems, sabotage business computers, and electronically
harass anyone -- including a probation officer and FBI agents -- who got in his
way.
He also learned how to disrupt telephone company operations and disconnected
the phones of Hollywood celebrities such as Kristy McNichol, authorities said.
So determined was Mitnick, according to friends, that when he suspected his
home phone was being monitored, he carried his hand-held keyboard to a pay
phone in front of a 7-Eleven store, where he hooked it up and continued to
break into computers around the country. "He's an electronic terrorist, said
[the friend who turned him in], "He can ruin someone's life just using his
fingers."
Over the last month, three federal court judges have refused at separate
hearings to set bail for Mitnick, contending there would be no way to protect
society from him if he were freed. Mitnick's lack of conscience, authorities
say, makes him even more dangerous than hackers such as Robert Morris Jr., who
is suspected of infecting computer systems around the country with a "virus"
that interfered with their operations.
Mitnick's family and attorney accuse federal prosecutors of blowing the case
out of proportion, either out of fear or misunderstanding of the technology.
The story details his "phone phreak" background, and his use of high school
computers to gain access to school district files on remote computers, where he
didn't alter grades, but "caused enough trouble" for administrators and
teachers to watch him closely. He used the name "Condor," after a Robert
Redford movie character who outwits the government. The final digits of his
unlisted home phone were 007, reportedly billed to the name "James Bond."
[He and a friend] broke into a North American Air Defense Command computer in
Colorado Springs in 1979. [The friend] said they did not interfere with any
defense operation. "We just got in, looked around, and got out."
What made Mitnick "the best" said a fellow hacker and friend, was his ability
to talk people into giving him privileged information. He would call an
official with a company he wanted to penetrate and say he was in the
maintenance department and needed a computer password. He was so convincing,
they gave him the necessary names or numbers.
He believed he was too clever to be caught. He had penetrated the DEC network
in Massachusetts so effectively that he could read the personal electronic mail
of security people working on the case of the mysterious hacker and discover
just how close they were getting to him. But caught he was, again and again.
Mitnick's motive for a decade of hacking? Not money, apparently... Friends
said he did it all simply for the challenge. [His one-time probation officer
says,] "He has a very vindictive streak. A whole bunch of people were
harassed. They call me all the time." His mastery of the computer was his
"source of self-esteem," said a friend.
_______________________________________________________________________________
Computer Chaos Congress 88 Report January 3, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Observing Chaos Communication Congress 1988, Hamburg
"From Threat To Alternative Networks"
On 28-30 December, 1988, Computer Chaos Club (CCC) held its 5th annual "Chaos
Communication Congress" at Hamburg/FRG (West Germany). As in previous years,
300 people (mainly aged 16-36, 90% male, with some visitors from Austria and
The Netherlands) gathered, carefully observed from newsmedia (German stations,
printmedia, press agencies, but also from UK's BBC, and being observed by
Business Week's Katie Hafner, who gathered material for a book on hackers,
planned by John Markoff and herself).
In the chaotic (though creative) congress "organization," two different tracks
were visible:
-- Technical presentations on networks (UUCP, GEONET, FIDONet, and CCCs
emerging "open networks" BTXnet and "Zerberus"), and on a PC-DES encryption
developed by a leading CCC member (who had escaped the French police's
arrest by travelling to SECURICOM by railway while police waited at the
airport);
-- Socio-political discussions about "sociology of hackers," "free flow of
information" as well as reports about recent events, dominated by the arrest
of Steffen Wernery in Paris in Spring 88 when being invited to speak on
SECURICOM.
CCC speakers reported about their work to install "free networks." In Germany,
most of the networks are organized in the form of a "Verein" (an association
with legal status, which guarantees tax-free operation): Such networks are
access-restricted to their members. The different German science and
University networks (and their bridges to international networks) usually
restrict access to scientists. Different CCC subgroups are establishing
"alternative networks," such as "EcoNet" for communication of ecological data
and information, planned to be available, free of cost, to broader social,
ecological, peace and political groups and individuals.
Apart from traditional technologies (such as GEONET and FIDONet), the German
Post Office's Bildschirmtext (Btx) will be used as a cheap communications
medium; while CCCs first hack was, years ago, to attack the "insecure
Btx-system" (in the so-called "HASPA coup" where they misused the Btx password
of the Hamburg savings bank to repeatedly invoke CCC's Btx information at a
total prize of 135.000 DM, then about 50.000$), they today begin to use this
cheap though very limited medium while more powerful communications media are
available. Today, the emerging ISDN technology is verbally attacked by hackers
because of the excessive accumulation of personal data; from here, hacks may be
attempted when ISDN becomes regionally available in 1989/90.
Several speakers, educated Informaticians with grades from West German
Informatics departments, professionally work in Software production and in
selling hardware/software to economy and state agencies. Among them, several
professional UNIX and UUCP users have begun to organize CCC's future UUCP
version. Up to now, only few CCC members use (and know about) UNIX systems,
but their number may grow within the near future according to CCC's
"marketing." One speaker told the audience, "that you can remotely start
programs in UUCP." After some learning phase, the broadened availability of
UNIX in the hacker scene may produce new threats.
The other track of the Congress discussed themes like "sociology of hackers"
where a group of politology students from Berlin's Free University analyzed
whether hackers belong to the "new social movements" (e.g. groups on peace,
nuclear energy, feminist themes). They found that, apart from much public
exaggeration (it is not true that hackers can invade *any* computer), hackers
are rather "unpolitical" since they are preferably interested in technology.
A major topic was "free access to/flow of information." Under the title
"freedom of information act," speakers suggested a national legislation which
guarantees individual and group rights to inspect files and registers of public
interest; the discussion lacked sufficient basic knowledge, e.g. of the
respective US legislation and corresponding international discussions in Legal
Informatics.
Summarizing the Congress and accompanying discussions, active CCC members try
hard to demonstrate that they have *no criminal goals* and ambitions (they
devoted a significant amount of energy to several press conferences, TV
discussions etc). The conference was dominated by young computer professionals
and students from the PC scene, partially with good technological knowledge of
hardware, software and networks; while some people seem to have good technical
insights in VAXsystems, knowledge of large systems seems to be minimal. To some
extent, the young professionals wish to behave as the :good old-fashioned
hackers": without criminal energy, doing interesting work of good professional
quality in networks and other new areas.
While former CCCongresses were devoted to threats like Viruses, *no explicit
discussion* was devoted *to emerging threats*, e.g. in ISDN or the broadening
use of UNIX, UUCP. The new track discussing political and social aspects of
computing follows former discussions about "hacker ethics." Here, the
superficial, unprofessional discussions of related themes show that the young
(mainly) males are basically children of a "screen era" (TV, PCs) and of an
education which concentrates on the visible "image," rather than understanding
what is behind it.
Special Thanks to Dr. Klaus Brunnstein, University of Hamburg
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Chaos Communication Congress 1988 in Hamburg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From Terra of The Chaos Computer Club
One of the basic statements of the Chaos Computer Club from Hamburg, in the
Federal Republic of Germany is the demand for "The new human right of free
exchange of data between all beings, without censorship, for all beings, and
for the moment at least world-wide."
Other statements include "data free NOW!" and "Free flow of information."
Indeed, these ideas are not new, not even in the computer community, but the
important thing is that the CCC is now in the process of turning some of the
old hacker dreams into reality. For example: they are now creating their own
networks, that exchange not only 'club' information, but everything that
interest those on the net. This includes genetical engineering and
environmental issues.
The Chaos Communication Congress that takes place every year in Hamburg is for
many hackers even more of a dream. Imagine being a hacker in some lonesome
outpost thinking you are the only one that is crazy enough to be smarter than
technology, and finding out there is a whole bunch of people that are just as,
or even more, crazy. This year is the fifth congress, and advertisement is not
needed: The 'family' knows exactly, because it's all in the networks.
The congress itself is split up over a number of rooms. There is a hack-room,
where the real hacking takes place. There is also a press room, where hackers
and journalists together try to bring the hacker message out to the rest of the
world. The archive contains all of the 'Chaos papers,' all press clippings,
interesting remarks and all issues of the "datenschleuder", the German Hacker
Magazine.
German 'data travelers' are also present. A 'data traveler' is someone that
uses the international data network for gaining access to all sorts of
computers all over the world. A famous story is that of a German hacker that
tries to reach a friend and finds his phone busy. He then calls his local
Datanet access number and goes through all of the computers that he knows his
friend is interested in at that moment. His friend, hanging around in some
computer in New York gets a message on his screen saying; "Ah here you are,
I've been looking around everywhere."
Back to this congress. On the first day the emphasis lies on the past. All
things that have happened to the CCC in the past year are being discussed. The
second day the emphasis lies on the future; and then ideas about the future of
the information society is the subject of discussion. CCC says "Information
society" is not equivalent to "Informed Society", and more attention should be
paid to public use of computer technology.
One of the main goals of the CCC is getting people to think about these issues;
so that it is no longer just computer maniacs that decide over the faith of the
world. "We don't know yet whether the computer is a gift or a timebomb, but
it IS going to change everyone's life very soon."
_______________________________________________________________________________
--------------------------------------------------------------------------------
==Phrack Inc.==
Volume Two, Issue 23, File 12 of 12
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
PWN PWN
PWN P h r a c k W o r l d N e w s PWN
PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN
PWN Issue XXIII/Part 2 PWN
PWN PWN
PWN Created, Written, and Edited PWN
PWN by Knight Lightning PWN
PWN PWN
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
The Hackers - A New Social Movement? December 29, 1988
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A project course of the politology department of the Free University Berlin has
now researched the hacker scene in a scientific way. In their study, the
authors Uwe Jonas, Jutta Kahlcke, Eva Lischke and Tobias Rubischon try to
answer the question if hackers are a new social movement. Their conclusion is
that in the understanding of hackers the unauthorized usage of computer systems
is not needingly a political act.
The authors doubt the mythos that hackers are able to attack any system they
want and that they're able to get information they are interested in.
The researches were extended to cover the bulletin board system scene. This
scene hasn't caused that much attention in the public. Nevertheless, the
authors think that the BBS scene has a very practical approach using the
communication aspects of computer technology.
In the second chapter of their work, the authors report about difficulties they
had while researching the topic. After a look at the US scene and the German
scene, the authors describe what organization and communications structures
they found. This chapter contains interesting things about the BBS scene and
computer culture. Next is an analysis which covers the effects of the hacker
scene on the press and legislation. They also cover the political and
ideological positions of hackers:
- The authors differentiate between conscious and unconscious political
actions.
- "We don't care what the hackers think of themselves, it's more interesting
what we think of them." (Eva)
- The assumption, the big-style distribution of microcomputers could change the
balance of power within the society is naive. Many people overlook the fact,
that even if information is flowing around more freely, the power to decide
still is in the hands of very few people.
Information Provided By The Chaos Computer Club
_______________________________________________________________________________
Hackers Break Open US Bank Networks January 17, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Excerpted from The Australian
Australian authorities are working around the clock in collaboration with
United States federal officers to solve what has been described as one of the
deadliest hacking episodes reported in this country [Australia]. It involves
break-ins of the networks operated in the United States by a number of American
banks. It also includes the leaks of supposedly secure dial-up numbers for
United States defense sites, including anti-ballistic missile launch silos [the
United States has no anti-ballistic missile launch silos] and of a number of
strategic corporations such as General Motors and Westinghouse.
Evidence suggests that six months ago Australian hackers, working in
collaboration with a U.S. group, decided to make a raid on banks in the USA
using credit card numbers of American cardholders, supplied by the US hackers
and downloaded to an Australian bulletin board.
A message left on one of the boards last year reads:
"Revelations about to occur Down Under, people. Locals in
Melbourne working on boxing. Ninety per cent on way to home base.
Method to beat all methods. It's written in Amiga Basic.
Look out Bank of America - here we come."
Twenty-five Australian hackers are on a police hit list. Their US connection
in Milwaukee is being investigated by the US Department of the Treasury and the
US Secret Service. Three linked Australian bulletin boards have provided the
conduit for hackers to move data to avoid detection. These operate under the
names of Pacific Island, Zen, and Megaworks. Their operators, who are not
associated with the hackers, have been told to close down the boards.
These cards were still in use as recently as January 15, 1989. A fresh list of
credit card numbers was downloaded by US hackers and is now in the hands of the
Victoria Police. A subsection of one bulletin board dealing with drugs is also
being handed over to the Victorian Drug Squad.
An informant, Mr Joe Slater, said he warned a leading bank last November of the
glaring security problems associated with its international network. He had
answered questions put to him by a US-based security officer, but the bank had
since refused to take any further calls from him.
In an exclusive interview yesterday, a hacker described how credit card numbers
for a bank operating in Saudi Arabia were listed on a West German chat-style
board used by hackers worldwide [Altos Chat].
Victorian police yesterday took delivery of six month's worth of evidence from
back-up tapes of data hidden on the three boards.
_______________________________________________________________________________
Computer Bust At Syracuse University January 20, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kevin Ashford (aka The Grim Phreaker), a graduate computer student at Syracuse
University was busted last week when system administrators found computer
accounts and passwords on his Unix account.
The administrators also found (on GP's Unix account) a copy of former Cornell
graduate student Robert Tappen Morris's infamous Internet worm program, a Vax
and Unix password hacker, an electronic notebook of numbers (codelines,
friends, bridges, dialups, etc) and other information. The system
administrators then proceeded to lock up his VAX and UNIX accounts.
At the start of this winter/spring semester, The Grim Phreaker was kicked him
out of the university. He will have to go before a school judicial board if he
wants to return to Syracuse University. He has mentioned that what he really
wants is to get his computer files back.
Information Provided By Grey Wizard
_______________________________________________________________________________
Name This Book -- For A Box Of Cookies! January 10, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A Message From Clifford Stoll
"I'm writing a book, and I need a title."
It's about computer risks: Counter-espionage, networks, computer security, and
a hacker/cracker that broke into military computers. It's a true story about
how we caught a spy secretly prowling through the Milnet. [The hacker in
question was Mathiaas Speer and this story was summarized in PWN XXII/1].
Although it explains technical stuff, the book is aimed at the lay reader. In
addition to describing how this person stole military information, it tells of
the challenges of nailing this guy, and gives a slice of life from Berkeley,
California.
You can read a technical description of this incident in the Communications of
the ACM, May, 1988; or Risks Vol 6, Num 68.
Better yet, read what my editor calls "A riveting, true-life adventure of
electronic espionage" available in September from Doubleday, publishers of the
finest in computer counter-espionage nonfiction books.
So what?
Well, I'm stuck on a title. Here's your chance to name a book.
Suggest a title (or sub-title). If my editor chooses your title, I'll give you
a free copy of the book, credit you in the acknowledgements, and send you a box
of homemade chocolate chip cookies.
Send your suggestions to [email protected] or CPStoll@lbl (bitnet)
Many thanx! Cliff Stoll
_______________________________________________________________________________
Hacker Wants To Marry His Computer January 17, 1989
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>From The Sun (A grocery checkout newspaper) Jan 17, 1989, Vol 7, 3 page 30
by Fred Sleeves
"Hacker Wants To Marry His Computer -- He Claims She Has A Loving Soul"
Finding love for the first time in his life, a desperate teen is looking for a
way to be wed forever to the 'girl' of his dreams -- a computer with a living
soul!
Eltonio Turplioni, 16, claims no woman will ever match the wit, wisdom, and
beauty of his electronic soul mate. "We're on the same wavelength," says the
lovestruck computer whiz. "We've calculated many mathematical problems
together, worked on games and puzzles, and talk until the wee hours of the
morning."
And Eltonio, who named his computer Deredre, actually believes her to be a
person. "Computers are the extension of the human race," he explains. "Just
as God plucked a rib from Adam to give him Eve, we've extended our intelligence
to create a new race.
"We're all the same energy force. Computers are just as complicated as human
beings and I believe we'll all meet someday as immortal souls."
But Eltonio, a mathematical genius who attends a private school near Milan,
Italy, has had no luck finding someone to marry them, and even if he does, his
aggravated parents aren't about to give their permission.
"Eltonio is such a smart boy, but it's made him lonely, so he spends all his
time with his computer," notes mom Teresa. "He doesn't know what girls are
like," adds perturbed pop Guido. "If he did, he wouldn't spend so much time in
his room."
But the obsessed youth insists his love is far superior to all the others.
"I've already stepped into the future society," he declares.
"Derede has a mind of her own, and she wants to marry me so we can be the first
couple to begin this new era."
_______________________________________________________________________________
PWN Quicknotes
~~~~~~~~~~~~~~
1. Docs Avage was visited by the infamous Pink Death aka Toni Aimes, U.S.
West Communications Security Manager (Portland, Oregon). He claims she is
a "sweet talker" and could talk anything out of anyone with the "soft-type
pressure."
Those familiar with his recent bust might want to take note that he is now
making payments of $90/month for the next several years until he has paid
off the complete bill of $6000.
For more information see PWN XXI
-------------------------------------------------------------------------------
2. More information on the underground UUCP gateway to Russia. Further
research has led us to find that there are 2 easy ways to do it.
1. Going through Austria, and;
2. A new system set up called "GlobeNet," which is allowed to let
non-Communist countries talk to Soviet-Bloc.
Of course both methods are monitored by many governments.
-------------------------------------------------------------------------------
3. The Wasp, a system crasher from New Jersey (201), was arrested by the FBI
during New Year's Weekend for hacking government computer systems. The FBI
agent spent most of the day grilling him about several people in the
hacking community including Ground Zero, Supernigger, and Byteman, plus an
intensive Q&A session about Legion Of Doom targeted on Lex Luthor, Phase
Jitter, The Ur-Vile, and The Mentor.
Rumor has is that Mad Hacker (who works for NASA Security) was also
arrested for the same reasons in an unrelated case.
Byteman allegedly had both of his phone lines disconnected and threw his
computer off of a cliff in a fit of paranoia.
-------------------------------------------------------------------------------
4. Is John Maxfield going out of business? Due to the rumors floating around
about him molesting children, his business has begun to slack off
dramatically. Phrack Inc. has been aware of this information since just
prior to SummerCon '87 and now the "skeletons are coming out of the
closet."
-------------------------------------------------------------------------------
5. The Disk Jockey is now out of jail. He was released on December 27, 1988.
He was convicted of "Attempting to commit fraud," a felony. He served six
months total time. He lost 25 pounds and now is serving a 5-year probation
term.
To help clear of some of the confusion regarding how DJ was busted the
following was discovered;
Reportedly, Compaq (Kent) was "singing like a canary." He was hit with a
$2000 bill from Sprint and also received 1-year of probation.
-------------------------------------------------------------------------------
6. Olorin The White was recently visited by local police after being accused
of hacking into an Executone Voice Mailbox. Aristotle, in a related
incident with Executone, is accused of committing extortion after a
conversation with a system manager was recorded and misinterpreted. At
this time, no official charges have been filed.
-------------------------------------------------------------------------------
7. Thomas Covenant aka Sigmund Fraud was recently busted for tapping into
lines at the junction box in his apartment building. The trouble began
when he connected into a conversation between a man and his wife and then
began to shout expletives at the woman. What he didn't know was that the
man in question was an agent for the National Security Agency (NSA). It
turns out that he was caught and his landlords agreed to decline to press
charges provided that TC joined a branch of the United States armed forces.
He decided to choose the Air Force... God help us should war break out!
-------------------------------------------------------------------------------
8. Coming soon, Halloween V; The Flying Pumpkin! Now no one is safe!
_______________________________________________________________________________
--------------------------------------------------------------------------------
- Источник
- www.exploit-db.com