S II f) Ilf.

liS Ilf) Ill,

Pol i t i cs
VolP Security: Shit or Get of the POTS
Getting More Out of Your College Linux System
Social Engineering and Pretexts
Telecom Informer
Language Nonspecific: Back to Fundamentals
Front Door Hacking: Redux
A Penny For Your Laptop
The RIAA's War on Terror
Free Files from Flash
Target: For Credit Card Fraud
How to Get More from Your Sugar Mama
Owning UTStarcom F1000
Hacker Perspective: You
Hacking 2600 Magazine Authors
Designing a Hacker Challenge
Hacking an Election
How to cheat Goog411
Letters
Hacking The Buffalo Air Station Wireless Router
The Thrill of Custom Caller l Capabilities
Securing Your Traffic
Transmissions
Hacking the Nintendo WiFi USB Connector
Fun with International Internet Cafes
The Trouble With Library Records
The Life and Death of an American Help Desk Agent
Marketpl ace
Puzzl e
Meet i ngs

4
6
9
!
13
15
17
19
20
22
23
24
25
26
29
30
31
32
34
48
49
50
52
54
58
60
61
62
64
66
On page ZD of this issue you can
peruse some of the responses we received
to the survey mailed out to subscribers
this spring. We've learned quite a bit from
the feedback we've gotten and are quite
heartened by the senti ments expressed
and by the dedication so many of our
readers have. That alone is enough of a
reason to keep going.
However we did notice one rather
disturbing thing. A significant number of
readers (we estimate somewhere in the
ZD-D percent range) believe we should
leave the "politics" out of our maga
zine. While more people seemed to go
the other way, we believe this number is
large enough to be indicative of a trend,
one that needs addressing.
Of a II of the responses we received
back, not a single one defined what was
meant by "politics" within our pages. We
don't edit out brief opinions on current
events from our authors and letter writers
unless it really gets away from the subject
matter - which means uDy opinion could
be represented if expressed. Could it be
our overall tone of rebellion, questioning,
and thinking outside the box? If so, that
would be kind of hard to suppress, our
being a hacker magazine and all. The
other (and most likely) possibility is
that the "pol itics" in question are what
is expressed on these two pages - the
editorial.
How we could ever agree to not
address particular issues and express
certain opinions in our own editorial is
beyond us. But a good number of people
honestly seem to be disturbed by what
we say hre. This is all fine and good as
l
[
0 +
an opinion piece exists to evoke reaction
and make people think. But if we were
to encourage people not to talk about
certain things at all, there would be a real
danger of blinding ourselves to reality.
First, let's clarify. Strictly speaking,
we're not talking politics here insofar as
we're not endorsing candidates or putting
forth one particular political ideology over
a

other. We prefer to look at the bigger

picture regardless of who is actually in
power. Many readers accuse us of "Bush
bashing." Criticizing policy is a vital part
of our society and if we quell that kind
of discussion, we wind up with an even
worse problem than what we were criti
cizing in the first place. Whoever is in
power at the time is, naturally, going to
be the target of our critique, although we
tend to tocus on the policy itself rather
than the individuals.
Now, as to whether or not we should
be criticizing the actual pol icies, let's
think about how those of us in the hacker
community are affected by them. The
Digital Millennium Copyright Act was
first used against ZUUUand has since been
widely seen as the means of controlling
access to all sorts of material from films
to music to the media. It affects every
one of us very directly. To not discuss it
from the perspective of those who not
only understand its threat to society but
also who have been directly targeted by
it would be to rob the rest of the world

f an important viewpoint at exactly the

time when such a viewpoint was needed.
To not speak out against such draconian
laws as the Patriot Act which allows for
warrantless searches, or NSA domestic
Z%
[
ZH0
urveillance carried out illegally with here but all throughout the real and
the support of phone companies like virtual world. What we really can't afford
AT&T, or CALEA which mandates built- at this point is silence.
in monitoring capabilities on phone
Statement required by 39 USC 3685
systems, or any of the other threats to
showing the ownership, management, and
privacy that our readers and writers
circulation of z6uu Magazine, published
quarterly (4 issues) for October 1, zuu1.
understand better than most of society
Annual subscription price ;zu.uu.
would not only be foolish. It would be
Mailing address of known offce of publication
downright irresponsible.
is Box 16z, Middle Island, New York 11953.
Yes, we all want to have fun and learn
Mailing address of the headquarters or
about technology and how to manipu-
general business offces of the publisher
late it. But we have never been a purely
is z Flowerfeld, ST. James, NY 1118u.
technical publication. There is so much
The names and addresses of the
more to technology than the actual tech-
publisher, editor, and managing editor
are: Publisher and Editor: Emmanuel
nology. It defines who we are and where
Goldstein, Box 99, Middle Island, New
we're going. If we just go along for the
York 11953. Managing Editor: Eric Corley,
z Flowerfeld, St. James, NY 1118u
ride and give up any desire to actually
The owner is Eric Corley, z
think about where we're going and
Flowerfeld, St. James, NY 1118u
why, we're no better than the mindless
Known bondholders, mortgagees, and other
consumers who just accept whatever it
security holders owning or holding more than
is they're handed without question.
1 percent or more of total amount of bonds,
We started out as a small publica-
mortgages, or other securities are: none.
tion comprised of people who basically
Extent and nature of circulation
just wanted to play around with phones
Average No. cop-
and computers because that was what
No. Cop- ies of
ies Each Single
we liked doing. And we recognize that
Issue Issue
During Published
this continues to be what draws people
Preceding Nearest
12 Months to Filing
to our pages with every issue. That has
Date
not and will not change. But as the
A. Total Number of Copies 64,750 61,500
world has become a very different place
. Paid and/or Requested
since 1'O, we would be remiss not to
Circulation
point out the differences, the trends, the
1 Paid/Requested Outside- 4059 4165
county Mail Subscriptions
dangers. Were we to stop noticing, we
2 Paid In-County 50 50
could easily find the world changed even
Subscriptions
further in the coming years to prevent this
3 Sales Through Dealers 55,216 51,904
and carries, street
sort of journal from existing in the first
vendors, and counter sales
place. This is not a farfetched conspiracy 4 Other Classes Mailed 0 0
theory. A good number of people (many
Through the USPS
of whom are in positions of power)
C. Total Paid and/or 59,325 56,119
Requested Circulation
believe hackers pose a significant threat
D. Free Distribution by
to our society and support everything
Mail and Outside the Mail
from increased surveillance to lengthy 1 Outside-County 270 256
prison terms for anyone who violates
2 In-County 2 2
any rule. To pretend it's not happening
3 Other Classes Mailed 0 0
by remaining silent on this would be as
Through the USPS
bad as just giving up. In fact it would
4 Outside the Mail 5153 5123
be worse because we'd be wasting a E. Total free distribution 5425 5381
valuable opportunity to be heard and to
F. Total distribution 64,750 61,500
actually make a difference.
G. Copies not distributed 0 0
But we do recognize that our opin-
8. Total 64,750 61,500
ions expressed here are just that: opin-
I. Pracrs- PAID 92 91
ions. We continue to encourage people
to respond to them and to express them-
I certify that the statements made by
me above are correct and complete.
selves not only in the forum that exists (Signed) Eric Corley, OWner.
ulumH Z
l 0
[
the POTS
by Reid
a val i d BYE
Voi ce over I P depl oyments are growi ng i n
same can be
populari ty. Some of thi s i s cost based (cheaper
I P INVI TE or
l ong di stance and l ocal di al tone) and some
. :Thi s
of thi s i s feature based (uni fi ed communi ca-
a SYN
ti ons, advanced desktop i ntegrati on, phones
a tool
wi th bl i nky li ghts). As these networks grow
,"t/
they become more open to attack. Depending
to c tool li ke
on i mpl ementati on there are di fferent ri sks
S I P Bomber ,http : / /www. metalinkltd . com/
invol ved. End-to-end provi ders who provi de
downloads . php or I NVI TE Fl ooder ,http : 1 /
both physi cal ci rcui ts and voi ce/data servi ces
g
[
k'
.
It 1 / 't d www. aC lngvolp . com OO s lnVl e OO
may for example deci de to i mpl ement a
g
tar . gz can accompl i sh these. Tool s vary
pri vate network, maki ng them the connec-
dependi ng on your envi ronment of choi ce
t i on t o the PSTN and keepi ng al l of thei r
and your l evel of experti se. They can range
customer IP devi ces behi nd pr i vate subnets.
f I h b k dd
Other VolP provi ders do not have access to or
rom too s t at a asi c i i e scri pter can
control over physi cal ci rcui ts, and have to run
run to frameworks that you have to i mpl e-
servi ces over publ i c IP networks and i mpl e-
ment ( Metaspl oi t anyone?) to tool s that you
ment other securi ty precaut i ons. All of these
wr i te yoursel f based on the exi sti ng open
code.
systems come wi th tradeoffs from a busi ness
and secur i ty sense. The purpose of thi s art i cle
Tol l Fraud
i s to hel p defi ne and speci fy
some of the ri sks
Type: Business Risk, serious impact to
invol ved and expl ai n some of the publ i cly
service providers and requires customers
ava i l able tool s whi ch can be used to expl ore
whose VolP service accounts have been
the securi ty of these networks. Pl ease keep
abused to spend lots of time explaining
i n mi nd I sai d expl ore, not expl oi t . Deni al of
that they didn't make all those 1 -900 calls
servi ce and tol l fraud wi ll sti l l l and your ass in
and that your family business really doesn' t
jai l. Just because you can Googl e about how
know anybody who you'd talk to in Kuala
to use a tool doesn't make it l egal. That sai d, Lumpur for 8000 minutes a month.
l et's explore some of the ri sks involved. Most Usi ng your packet sni ffer of choi ce (I l i ke
of what wi l l be covered in thi s art i cl e wi l l be Wi reshark aka Ethereal , but take your pi ck -
SIP (Sessi on Ini t i ati on Protocol ) related. Thi s Cai n and Abl e i s great too) you can col l ect
arti cle presumes you have some bas i c under- a great deal of informat i on about the VolP
standi ng of tel ephone and data networks. accounts that are running at a si te. Let's say
Deni al of Service - SIP Fl oodi ng
for exampl e that Company XYZ i s working
Type: Technical Risk, serious impact to
wi th an Internet based Vol P provi der runni ng
service providers and customer networks.
SIP trunks over the Internet. By moni tori ng
One basi c methodol ogy of attack in a S I P
the traffi c that passes between thei r I P voi ce
based envi ronment i s to spoof the I P address
system (an IP PBX for exampl e) and the
of the S I P server, SBC ( Sessi on Border
servi ce provi der, I can capture packets that
Control l er), S I P proxy, or other regi strar, then
contai n thei r SIP accounts and (very l i kel y)
send a fl ood of S I P BYE messages to the CPE
passwords. Wi th these credent i al s I can
( Customer Premi se Equi pment) . Thi s effec-
regi ster my own SIP devi ces and as far as that
t i vel y si gnal s to the endpoi nt that a ca l l has
Vol P provi der i s concerned, I'm Company
ended. In a poor l y i mpl emented S I P stack
XYZ. Every ti me I pl ace a cal l , Company XYZ
th i s can cause cal l s to be di sconnected, may
gets bi l l ed. The same pri nci pl e hol ds whether
i t's a SIP trunk goi ng to an IP PBX or a SIP user
cause a stack overfl ow, or may even cause
for an i ndi vi dual phone. That same account
a kernel l evel error i n the |. At t he very
can be effecti vely cl oned as many t i mes as
l east i t wi l l use l i mi ted system resources
the Vol P provi der permi ts (you can often l i mi t
l
[
0 Z%
[
ZH0
may do noth i ng, it may cause any cal l i n
progress t o di sconnect or i t may cause the
whol e system to undergo a kernel l evel fau l t
and ei ther freeze up or reboot. TCPVi ew is a
common general fuzzi ng tool and it works
fi ne for fuzzi ng VolP. PROTOS i s another tool
that has a pretty decent S I P test scenar i o to
ru n (http : / /w. ee . oulu . fi lresearch/ouspg/
. protos /testing/ c0 7 / s ip/ index . html).
The Psychological Risk
Type: Business risk.
When you pi ck up your POTS phone
at home, you expect t o get di al tone. Even
i n the event of power outage, the di al tone
and power are provi ded at the CO, so as
l ong as the physi cal ci rcui t i sn't broken,
your phone wi l l work. I n the wor l d of Vol P
however, you' re somet i mes s urpr i sed i f you
get di al tone at a l l . And i t al most certai nl y
won't work dur i ng emergency si tuati ons
l i ke a power outage. Wh i l e tradi t i onal TOM
tel co servi ces typi cal l y r un wi th servi ce
agreements for fi ve- ni nes ,UU.UUU percent)
upt i me, gett i ng that l evel of rel i abi l i ty on
a Vol P servi ce i s next to i mposs i bl e. Th i s
poses a r i sk for any busi ness that doesn't
have expectat i ons proper l y set. As a servi ce
provi der i f you don't cl ear l y expl ai n what
your servi ce l evel s are, you run the seri ous
r i sk of di sappoi nt i ng and pi ssi ng off your
customers. As a customer i f you expect your
Vol P servi ce t o r un as dependent l y as your
ol d POTS servi ce, you r un t he r i s k of bei ng
consi stent l y frustrated wi t h your servi ce and
i f J enny i n account i ng expects to pi ck up an
I P phone dur i ng a power outage and pl ace a
cal l to check on her ki d at daycare, she's very
l i kel y goi ng to be di sappoi nted.
By the same token you expect your POTS
di al tone to be tol l qual i ty, but i mproper QoS
and unpredi ctabl e networ k usage cause a l l
sorts of havoc. The ol d school Bel l heads l i ke
a n i ce order l y wor l d and unfortunatel y data
networks don't operate that way. What we
spent over a century bui l di ng up i n customer
expectat i on and havi ng a stabl e consi stent
cal l gets bl own out of the water when you
appl y data to the same I P networ k pi pe as
voi ce. When customers don't u nderstand
VolP Fuzzing
Type: Technical Risk.
t hi s - and the vast maj ori ty don't - they get
the number of regi strati ons in one or another
fash i on at di fferent poi nts i n a network). Tool s
l i ke Wi reshark t o capture data and AuthTool
or Regi strati on Hi jacker ( http : / /w. hack
. ingvoip . com/ tools/reghi j acker . tar. gz)
or si pcrack ( http : / / remote-exploit . org/
"codes sipcrack . html ) t o extract SIP
credent
ia
l s can be used to obtai n thi s i nforma
ti on . I n some cases, endpoi nts l i ke IP phones
or ATAs (Anal og Tel ephone Adapters) wi l l
pu l l a cl eartext confi gurat i on fi l e vi a HTTP
or (even better) TFTP on boot. So if you cause
the devi ce to restart or rel oad its confi gura
tion in some way, you can mon i tor for traffic
on those ports and capture that confi gurat i on
fi l e as i t's sent to the phone. Some phones
even "subscri be" to a confi gurati on fi l e and
automati cal l y downl oad the l atest confi gu
rati on on a regul ar basi s to make sure they
have the l atest versi on. In these cases onl y
passive packet captures and enough ti me are
necessary to get the confi gurati ons. Once
you have a confi gurat i on fi l e you' l l want to
l ook for usernames and passwords, regi strars
and proxy servers, as wel l as other setti ngs
used for VolP Even among vendors who use
the same protocol s, these setti ngs may be
di fferent. For exampl e, one vendor may cal l
it a regi strar server whi l e another cal l s it a SIP
regi strar. It hel ps i f you know what ki nds of
devi ces are sendi ng these requests beforehand
so you can check the documentati on for that
devi ce. What's more, you can al so gl ean other
usefu l i nformati on. Network i nformati on l i ke
a sysl og or SNMP server may be avai l abl e as
wel l as i nformati on about how the devi ces
themsel ves are l ocked down whi ch may hel p
you i n speci fi c tests or attacks l ater on. For
exampl e, you mi ght be abl e to tel l by l ooki ng
at t he sett i ngs fi l e whether or not an I P phone
has a bui l t i n web server for confi gurati on vi a
a browser and what the usernames and pass
words are to access that web i nterface. Then
l ater on you can speci fi cal l y target that phone
by changi ng i ts confi gurati on wi thout affecti ng
the rest of the network. Keep i n mi nd t hi s al so
l eaves open the possi bi l i ty for other man i n
t he mi ddl e attacks l i ke i ntercept i ng that regi s
trati on fi l e, modi fyi ng i t, and sendi ng i t out to
end devi ces.
Many of you may al ready be fami l i ar
upset. As an attacker, i f I have enough access
wi th the i dea of packet fuzzi ng: sendi ng
t o the networ k t o man i pul ate QoS setti ngs
mal formed packets to see how wel l systems
on devi ces or i nj ect traffi c onto the voi ce
handl e except i ons i n control l ogi c. Fuzzi ng
port i on of a networ k I can seri ous l y degrade
tool s al l ow devi ce and system des i gners to
the qual i ty of cal l s and t hi s can be very di ffi
test common er rors and some uncommon
cul t t o t r ack down as an i ssue. Wi th attacks
ones. As wi th other forms of attack, a poor l y
t hat are short i n du rat i on for exampl e, the
i mpl emented control stack wi l l react to
probl ems they cause are j ust l i ke, if not
mal formed packets i n unpredi ctabl e ways.
more l i kel y to be accounted for as, networ k
The t r i ck i s that you never qu i te know what
gl i tches or a burst of data traffi c. So i f I , as an
the system wi l l do unt i l you actual l y try. I t
attacker, j ump onto a networ k for 2 0 mi nutes
ulumH Zl
[
0
to ru n some attacks, hop off for a wh i l e, then
jump back on, tracki ng down an attack as
the cause of the probl em can be next to
i mposs i bl e for ei ther a customer or a servi ce
provi der.
Maxwel l Smart-esque devi ces to phones.
Tool s l i ke Vol Pong (http : / /w. enderunix .
"org/voipong/ index . php) can be used to
record those cal l s. If you have an I P phone,
a l l I have to do is mi rror your port on the
DoS vi a Data Attacks swi tch to my port and suddenl y I can see a l l
Type: Technical Risk. your cal l s. The second way to approach t hi s
I ' m not goi ng t o outl i ne al l the di fferent i s that an attacker may i nsert packets i nto the
"normal " data attack vectors but keep i n
RTP streams. Tool s such as RTP I nsert Sound
mi nd t hat now your voi ce i s travers i ng the or RTP Mi x Sound (http : / /w. hackingvoip .
same network as your data. You no l onger "corl sec tools . htrl) can be used to add
have dedi cated end to end ci rcui ts for voi ce. any des i r
e
d audi o i nto an acti ve conversa-
Any attacks that wou l d cause an i nterrup- t i on . Wonder why your boss sounds l i ke he's
t i on i n your data networ k wou l d al so now cal l i ng from a str i p cl ub? He mi ght be. Then
i nterrupt your voi ce servi ce. A remote code agai n, he mi ght not. The i nterest i ng th i ng
expl oi t on your networ k hardware wou l d about an approach l i ke th i s i s that audi o may
a l l ow an attacker access to both networks. be i nj ected i nto the stream i n one or both
Wh i l e thi s i sn't necessar i l y a secur i ty r i sk i f di rect i ons, such that onl y one party on the
your data i nfrastructure i s hardened agai nst cal l may actual l y hear the added sound. Use
such attacks, Vol P promotes a converged th i s excuse the next t i me your boss cal l s and
networ k and t hus a si ngl e poi nt of fai l u re for
you're at a bar.
mu l t i pl e servi ces. Because Vol P tech nol o- Case Study: BobCo is a Vol P provi der
gi es are sti l l i n the ear l y stages of devel op-
provi di ng S I P trunks to customers. For secu-
ment and adopt i on i t al so means that i n r i ty and NAT traversal reasons they use a
depth defense measures are l ess l i kel y to system of Sessi on Border Control l ers on the
be i mpl emented by ei t her servi ce provi ders publ i c si de of thei r networ k and termi nate
or end customers. Thus, i f a Vol P customer
cal l s for thei r customers at t hei r COs. Al i ce
i s targeted for a DoS attack, the attack wi l l I nc. has bought some Vol P servi ces from
afect your data and your voi ce servi ces.
BobCo but thei r i nternal I T staff i s a l i ttl e
The Security Overki l l
overworked and doesn't t he t i me t o secure
Type: Business Risk.
thei r networ k properl y. Someone l eaves a
As I 've al ready menti oned, t here are a
wi rel ess access poi nt turned on wi t h WEP
number of di fferent i mpl ementat i ons for
enabl ed. J i m wanders around the l obby of
Vol P systems. Each has i ts own tradeoffs.
Al i ce I nc's offi ce one day and noti ces he can
Whi l e i t i s possi bl e to secure agai nst most
get a Wi Fi si gna l . Damn, but i t's encrypted.
of these t hreats, each added l ayer of secur i ty
J i m pu l l s out a copy of a l i ve Li nux CD l i ke
adds compl exi ty i nto a system. For a Vol P
ADI OS or Whoppi x and cracks the WEP key.
servi ce, compl exi ty means two thi ngs. Fi rst:
He's now i n the network. J i m starts up Cai n
del ay. That's both del ay t o mar ket for thei r
and Abel and does some basi c wander i ng
product and del ay i n cal l processi ng. Every
around the network. He noti ces that a few
t i me a packet has to traverse an SPI fi rewal l ,
of t he I Ps appear to be swi tches - not j ust
there's a process i ng del ay i nvol ved. The
swi tches, but PoE swi tches. Why wou l d
more del ay and j i tter you add t o a cal l the
someone need a PoE swi tch? Ah, he thi n ks,
worse the qual i ty gets. So you're l eft to fi nd
they may have phones pl ugged i nto them.
the l i ne between acceptabl e secur i ty ri sk and
J i m fi res up Wi reshar k and noti ces some
acceptabl e cal l qual i ty. Second, as you add
tel net traffi c from a workstati on to some
more secur i ty meas ures you compl i cate the
devi ce l oggi ng i n wi t h the username "al i ce
t roubl eshoot i ng process when i ssues ar i se
tech" and password " al i cetech". Seems
and you have more pi eces i n the system that
gener i c enough, he thi n ks and opens up a
can break.
t el net sessi on t o the swi tch wi t h the user-
Audi o Stream Mani pul ati on
name and password of "al i cetech". Sweet,
Type: Privacy Risk. Signifcant risk to indi-
he's i n . Damn, but to do anythi ng good J i m
vidual privacy but not necessarily a large risk
needs an enabl e mode password. What the
for service providers.
heck, gi ve it a shot - "al i cetech" one more
Thi s actual l y represents two di fferent
ti me and he's gol den. Now J i m has control
threats to the customer. Fi rst off, by captur i ng
over the swi tch t hat handl es the voi ce traffi c.
the packets from your RTP stream, cal l s can
From here he can mani pul ate QoS sett i ngs
effecti vel y be recorded. Al l one has to do i s
degradi ng cal l qual i ty and data networ k
put t he packets back toget her i n or der and
perfor mance, or he can j ust do somethi ng
pl ay them back and t here's you r cal l . No
s i mpl e and s pan al l the swi tch ports and
more tappi ng physi cal l i nes or hooki ng up
redi rect traffi c t o hi msel f. J i m sees another
l
[0
Z%
[
ZH0
swi tch on the networ k and deci des to t ry
to gai n access to that one wi t h t he same
"al i cetech" l ogi n. No j oy thi s ti me. They
have a di fferent password for t hi s system. J i m
deci des he'd l i ke t o try t o see what devi ces
are on that networ k. A temporary i nterrup
t i on in servi ce, he reasons, wou l d mean I P
phones wou l d probabl y have t o send out
requests vi a TFTP or HTTp so captur i ng
data on those ports woul d gi ve hi m the S I P
credent i al s for t hei r users. He i ssues shut
down commands to ports on the swi tch he
has control over and starts sni ffi ng traffi c on
those ports. Sure enough, 30 seconds after
he i ssues "no shutdown" on those ports he
sees a SI P phone sendi ng an HTTP request
to a server. Captur i ng those packets he then
goes on to di scover that the S I P username
for that phone i s "al i ce2 1 32223333" and
t he S I P password is "bobco1 4553" . He al so
deter mi nes that the SBC for BobCo is proxy.
bobco. com. A l ookup on ARI N shows that
BobCo i s ass i gned the I P bl ock 66. 85. 0. 0
124. Now J i m knows enough t o have mu l t i pl e
attack avenues. Knowi ng t he publ i c I P space
of BobCo's customers and the SBC address
means that J i m can now send fl oods of S I P
I NVI TE or BYE messages t o that S BC or other
publ i c I P addresses i n the range that BobCo
has. I f BobCo was an I LEC or CLEC that al so
provi ded ci rcui ts, knowi ng t he publ i c I P
addresses i t i s assi gned cou l d al so mean that
J i m can l aunch attacks agai nst other BobCo
customers because he knows that thei r publ i c
I P must be i n that range. An NMAP scan of
that subnet wou l d tel l J i m whi ch hosts are
acti ve and whi ch hosts are l i steni ng on port
5060 for SI P connect i ons.
Bei ng i n the network for Al i ce I nc. al so
means that Bob has the abi l i ty to l aunch
DoS attacks agai nst t hat company. Or he
cou l d s i mpl y want to cause di stract i ons by
adjusti ng the QoS setti ngs on the swi tch he
has access to whi ch woul d requi re t i me and
effort on t he part of Al i ce I nc.'s IT staff to
troubl eshoot. He coul d al so take t hi s oppor
t uni ty to capture traffi c and record conversa
t i ons. He mi ght get a cal l between the CEO
and a potent i al i nvestor or he mi ght get the
l ead software devel oper order i ng take-out.
You never know. But he cou l d t hen cross
those two streams and i t cou l d seem l i ke
Sequoi a Capi t al wants to i nvest $20 mi l l i on
i n cr i spy noodl es wi t h duck from the Ch i nese
restaurant down the street.
Because J i m now has S I P credent i al s for
Al i ce I nc. he can now downl oad a softphone
cl i ent l i ke X1 0 or XLi te and confi gure it to
use Al i ce I nc. 's S I P account to pl ace free
cal l s. J i m may al so take t hi s opportuni ty to
sel l those credent i al s or use t hem i n other
fashi ons to commi t or abet tol l fraud.
Now l et's say that Al i ce I nc. took a few
steps to i mprove both QoS and secur i ty and
uses di fferent VLANs for voi ce and data. The
swi tch wou l d recogni ze hi s l aptop sni ffi ng
as part of the data VLAN and not al l ow i t
to do somet hi ng l i ke run a network scan of
the voi ce VLAN. To combat t hi s, J i m wou l d
use a tool l i ke VLANPi ng (http : / /www. hack
-ingvoip . com/tools /vlanping . tar . gz) to
pl ay around wi t h VLAN taggi ng and see i f he
can i denti fy endpoi nts.
So, concl us i on, there are a number of
benefits to Vol P whi ch wasn' t real l y the poi nt
of t hi s art i cl e. What I hope you understand
here is some of the r i sks i nvol ver anr some
of the tool s avai l abl e to expl ore these new
Vol P systems. For more i nformati on on the
tool s menti oned i n t hi s art i cl e and others see
http : / /www . voips a . org/ResQurcesitool s .
-php. A great dea l of the i deas here are al so
in the Hacking Exposed VolP book and I
woul d suggest that you pi ck it up for a read.
I t's a great book.
Getting More Out
by Si l ent Strider
Manager
The fi rst day I di scovered my col l ege
to choose a
CJ1!trrr1
offered Li nux and UNI X systems for students
no other di spl ay managers were i nstal l ed!
to use, I set out to l earn more about what
The mach i nes are s l ow so, l i ke any hacker,
secur i ty precaut i ons had been taken and
I woul d prefer a l i ghtwei ght desktop for GUI
what software was avai l abl e. I ni ti al l y I was
tasks.
di sappoi nted. Upon waki ng the machi ne,
Let's s ki p the graphi cal l ogi n enti rel y and
I was greeted wi t h the GNOME Di s pl ay
l og in from a consol e. Ctrl+Alt+Fl shoul d
ulumH Z

l
[
0
Y
do ni cel y. Make a qui ck check for Troj ans by
sendi ng a few Ctrl+D' s and l og on. I assume
you have access to compi l er tool s, but you
have one probl em. The sysadmi n i mpl e
mented quotas for the average user. Lucki l y,
you are not the average user. You have a
hi gher pr i or i ty.
Before we start, we shou l d " cl ear" the
machi ne. Run w, who, last and l ook for
ei t her users current l y connected other
than yoursel f or users who have l ogged i n
remotel y recent l y. Assumi ng t hi s i s a si ngl e
user mach i ne, you shou l d be the onl y user
l ogged i n . You may want to run a scr i pt that
mon i tors networ k acti vi ty of you r mach i ne i n
real t i me. The fol l owi ng accompl i shes that:
while true ; do netstat -tn > frst ;
sleep 1 ; netstat -tn > second ; diff
frst second ; done
Run the above in any termi nal ( al l one
l i ne) . Changi ng the arguments to netstat from
-tn to -tev wi l l gi ve you more verbose i nfor
mati on. Now that we' ve cl eared the system,
l et ' s conti nue.
J ump i nto /tmp and make a di rectory to
work i n . Name it somet hi ng that won't draw
attent i on. For exampl e, i f a lot of users r un
gnome/kde you may have fol ders of t he
format or bi t-username. Make a di rectory of
a s i mi l ar format to bl end i n. Qu i ckl y chmod
th i s di rectory 700 to keep others out.
I ns i de your t mp fol der, use l ynx or l i n ks
to downl oad the Fl uxBox source code from
http:/ /fuxbox . sourceforge . net/download .
php . Now untar and gunzi p the arch i ve.
Next, r un. /confgure --prefx=$HOME/fuxbox
to i nsta l l the appl i cati on i n your home
di rectory.
make
make install
Assumi ng al l goes wel l , you ' l l need to
wri te your -/. xi ni trc fi l e. Don ' t forget to
remove your /tmp fol der !
My . xi ni trc contai ns:
xterm&
xclock&
gnome-terminal&
exec $HOME/fuxbox/bin/fuxbox
Add whatever appl i cati ons you l i ke to the
top. Now, maybe you ' re wonder i ng, i f Xl l i s
al ready ru nni ng GDM, how do I r un startx?
The answer is pass i ng one argument.
startx -- : 1
Moments l ater you wi l l be greeted by
you r own personal desktop.
Now that X i s runni ng, you shou l d make
a few more changes. Edi t the fol l owi ng fi l es
found i n your $ HOME di rectory.
. login
. profile
. bashrc ( your s hel l confi gurat i on fi l e)
: update utmp/wtmp records when command is
launched. Th i s hel ps l i mi t the i nfo showi ng
up i n the l ogs about you.
When l oggi ng out, exi t fl uxbox normal l y,
and remember to al ways l og out of the
consol e and to swi tch back to the GDM by
press i ng Ctrl-A1t+F7 .
Remember to chmod your home di rectory
700 to keep others out. I f i t ' s 750 a l l students
can vi ew your fi l es, and i f i t ' s 755 everyone
can vi ew your fi l es.
Us i ng /tmp is my fi rst exampl e of
bypassi ng quotas. But what if you l i ke
watchi ng vi deos or l i sten i ng to mus i c but
can ' t because of the l ack of space? Take a
l ook at how much RAM your mach i ne has
and the s i ze of the swap fi l e. Most machi nes
at my u n i vers i ty have 1 GB of RAM, and, I
ki d you not, one machi ne has a 20GB swap
parti ti on. Many programs a l l ow the bufer i ng
of data i n cache/memory/swap. MPl ayer for
exampl e. If you r un
mplayer -cache 1 0 0 0 0 0 0 -cache-min 99
-http : / / 1ocation . of . fle
i t wi l l downl oad 1 GB i nto RAM! You can
watch your movi e and l eave no trace of i t
on the hard dri ve. Let the cache fi l l wh i l e
you work; i t ' l l start pl ayi ng when i t ' s done.
I ' m cur i ous i f someone more knowl edge
abl e t han me cou l d i mpl ement a fi l e system
wi t h i n the swap space? Some systems onl y
go as far as a quota and l eave memory usage
u n l i mi ted.
Another t r i ck to get ar ound quotas is to
l ook for a l l wor l d wri teabl e fol ders. The fi nd
command can hel p you out:
fnd / -type d -perm -o+w -ls 2>/ dev/
-null 1 >worldwriteable . txt
Al l er rors go to /dev/nu l l and a l l wor l d
wr i teabl e di rector i es wi l l be i n wor l dwri te
abl e. txt. Dependi ng on what you fi nd, you
wi l l have consi derabl y more space at your
di sposal !
Another usefu l program i s l ocate. You can
run:
updatedb --output /tmp/MyDB
to create a database you can search wi th
l ocate. I suggest copyi ng i t to a di sk or a
remote server. You can search your l ocate
database by pass i ng the argument:
locate -d MyDB
I strongl y suggest search i ng your user |.
In doi ng so, I di scovered my campus has an
unpubl i shed backup server t hat stores every
del eted fi l e. I was not i nformed of i ts exi s
tence and i f not for l ocate I never wou l d
have known.
I hope you enj oyed th i s art i cl e. Remember,
you are not an average user. L i mi ts do not
appl y to you . Look for what they mi ssed, and
enj oy.
If you use gnome-termi nal , I recom
end edi ti ng your profi l e and u nchecki ng
l[
0 Z %
[
ZH0
Social Engin
by Poacher
I worked for a wh i l e as a store detecti ve
and the man that hi red me gave me a pi ece
of advi ce: " Son, thi s cou l d be the du l l est,
most depressi ng job you wi l l ever have i n
your l i fe. Ten hours wal ki ng ar ound a store
wi l l make you qui t i n two days. But t hi s j ob
i s what you make of i t. I f you get creati ve i t
can be the most fun you ' l l ever have. "
He was r i ght on both counts. My fi rst two
days were hel l on earth. Then at the end of
the second day I sat down and deci ded that
rather t han gi ve up I woul d fi gure out a way
to be good at it. Two years l ater when I even
tua l l y qui t over a di spute over wages, I was
l ovi ng every second of the j ob.
I took that same atti tude wi t h me when I
started out wor ki ng as a pr i vate detecti ve. To
some peopl e spendi ng 1 8 hours at a stretch
s i tt i ng i n a car desperate to take a l eak may
not sound fun. But i t was the chal l enge, the
seeki ng for hi dden knowl edge. Spendi ng a
week fol l owi ng someone' s every movement
and at the end of i t they don ' t even know you
exi st, yet you knew everythi ng about them.
Sounds fami l i ar ? I t' s the " hacker h i gh" -
that feel i ng you get from acqui ri ng knowl
edge t hat t hey don ' t want you t o have and
gett i ng i t wi t hout them ever knowi ng.
Anyway, back to the topi c i n hand. As a
pr i vate eye I was good at the covert s urvei l
l ance stuff. Si tt i ng i n cars and fol l owi ng
peopl e eventual l y became second nature.
But ear l y on I started meet i ng guys who
never needed to do that. They cou l d knock
on a door and get the i nformati on i n fi ve

i nutes that I cou l d spend a week of si tt i ng

I n a car t o get. I n short I was j eal ous. Thi s
was someth i ng t hat I j ust coul dn ' t do. I had
spent my enti re short career stri vi ng to stay
I n the
.
shadows and the i dea of actual l y
knocki ng on the door and speaki ng to our
subj ect freaked me out.
Then dur i ng one l ong j ob i n the North I
happened to be brows i ng t hrough a book
shop and came across a copy of Kevi n
ulumH Z
Mi tn i ck' s !he Ar t of Deception. I devoured
that book then read i t agai n i mmedi atel y. My
respect goes to Kevi n for what is an excel l ent
book.
However, noth i ng changed. I sti l l cou l dn ' t
knock on doors. But t he seeds had been
sown.
Soci al engi neer i ng i s a very personal
ski l l . I bel i eve anybody can do i t. I n fact I
know now that anyone can because we' re
a l l doi ng it a l l the t i me. I t ' s done uncon
sci ousl y a l ot of the ti me and del i beratel y
some of the t i me. Every t i me we negoti ate
a l i ft in a fr i end's car or try to mi n i mi ze the
damage from forgett i ng a bi rthday we are
us i ng soci al engi neer i ng.
Real i zi ng t hi s changed th i ngs for me.
I reasoned that I had to fi nd methods that
fi tted my personal i ty. There wou l d be no
poi nt i n my pretendi ng to be an extroverted
character if I was n' t one deep down. I woul d
j ust be creat i ng another opportuni ty t o get
caught out.
.
Wor ki ng as a pr i vate detecti ve i n Engl and
I S, I suspect, a l ot di fferent from doi ng the
same j ob i n many states of the U. S. We have
no l i cense, no I D, no aut hor i ty, no weapons,
and, most i mportantl y no access ( l egal l y
anyway) t o a l ot of sources of i nformat i on.
For exampl e we have no reverse phone di rec
tory, no access to cr i mi nal records, and what
i nformati on i s publ i c i s often l oca l l y based
and so very di ffi cul t to fi nd. So in order to
earn our di nner we have to be very creati ve.
One vi tal ski l l i s bei ng abl e to fi nd out
who i s stayi ng at an address or who has
stayed there. I tri ed many approaches over
the years unt i l I hi t upon a method that
worked for me.
I anal yzed my i nteract i ons wi t h peopl e
and real i zed that wi th the r i ght pretext,
peopl e woul d tel l you anythi ng. I deci ded
to pl ay upon two fundamental human mot i
vators: the desi re t o be hel pfu l and the fear
of someth i ng unpl easant happeni ng. If one
wou l dn ' t get them the other one wou l d.
l
[
0
I n conj unct i on wi th that, the pretext I used
woul d have to be one that I was comfortabl e
wi th and cou l d be bel i evabl e i n .
The fi rst th i ng I di d was go to a busi
ness card machi ne i n a shoppi ng center
and make up a few cards wi th a fal se name,
procl ai mi ng I was a fi el d representati ve of
a fi nance company. Then I started dress i ng
for work. Rather than wear i ng what was
comfortabl e I wou l d wear a j acket and ti e.
Now i f I had to go an address and fi nd out
i f, for exampl e, John Doe was l i vi ng there
and i f he was n' t fi nd out where he now was
and not al ert anyone that a PI was l ooki ng for
Mr. Doe, what I woul d do is arm mysel f wi th
my busi ness cards ( l ater I wou l d add a fake
I D) , a cl i pboard, or a document case wi th
a few random pr i ntouts and knock on the
door. Then I wou l d pi ck a name at random.
Resident: " Hello. "
Me: " Hi, can I speak to Alfred James. "
Resident: " I think you've got the wrong
house. "
Me: (frowning and scratching my head)
"This is 22 1 b Baker Street. "
Resident: (now looking confused) Yes it
is.
2) Tailor your pretext to the information
you want to obtain.
3) Utilize the social motivators like the
desire to help or fear of the unknown. People
will often volunteer all the information you
need.
4) Be confident.
I found that wi th each success my confi
dence grew and as that happened I found I
cou l d push the l i mi ts and try for more each
t i me. But start smal l . There' s al ways another
way to obtai n i nformati on, but i f you make
someone suspi ci ous your j ob wi l l get expo
nenti al l y harder.
My work ki t now i ncl udes a few r udi
mentary props t hat have proved worth t he
space t hey take up i n my car. A hard hat and
a refl ecti ve vest are often al l t hat you need
to wal k confi dentl y onto a construct i on si te
or even i nto an offi ce bu i l di ng. Carry a smal l
case an d some techni cal l ooki ng tool s as
wel l and no one wi II questi on i f they see you
poki ng around computers or tel ecom equi p
ment. A modest amount of money and hal f
an hou r at a busi ness card pr i nti ng mach i ne
can equi p you wi t h a range of cards i n
var i ous names t o cover most scenar i os.
Me: "OK, ah you see I'm Harry Belmont Even my Thermos proved a usefu l pr op.
from Axis Credit. What happens is i f someone On one job I had to access a very l arge, very
applies for a large loan, sometimes we send wel l secured pri vate housi ng estate. Dur i ng
people out to check the address exists. So my s urvei l l ance of the entrance I noti ced l ots
you're sure there's no one called Alfred of gardener'S trucks ar r i vi ng i n the morn i ngs
James staying here?" to tend the grounds of the i dl e r i ch. Qu i ckl y
Resident: (looking alarmed) "No, I've i mprovi s i ng wi th what I had I took my s hi rt
never heard of anyone called that. " off and t i ed it rou nd my wai st, pi cked up my
Me: " I see, I think someone's given us a Thermos, and strol l ed round the grounds l i ke
false address then. Look don't worry a few I was a gardener on hi s break. If anyone had
minutes of our time and we can straighten stopped me I had a story ready that I had
this out and I can get your address removed mi ssed my pi ckup that morn i ng and was
from our system and you can forget about tryi ng to fi nd my boss and the work van. As i t
this. OK, I'll need a few details .-
.
. " tur ned out, despi te more CCTV than I cou l d
And that ' s i t . From that poi nt on, the resi - count and uni formed guards at every gate, I
dent wi l l gi ve me al most any i nformat i on I managed to strol l around the estate at wi l l
cou l d poss i bl y want to ask for and as a bonus for two days.
at the end they ' l l be thanki ng me. Peopl e are eas i er to fool than computers
So far I ' ve found thi s method to work and " hacki ng" a person can be a l ot more
for me al most 1 00 percent of the t i me. But fun. Al l you need i s a l i ttl e i magi nati on and
i t ' s not fool proof and i ts su i tabi l i ty depends abi l i ty to th i nk on you r feet. Start out by
upon what i nformati on you ' re tryi ng to spendi ng a l i ttl e ti me each day j ust observi ng
obtai n. Neverthel ess for a qu i ck col d cal l at peopl e and thei r i nteract i ons. Often the very
a door i t's a pretty good method of getti ng peopl e empl oyed to stop you getti ng i n
i nformati on that a res i dent wou l d not other- somewhere can be the most hel pfu l . Th i nk
wi se gi ve a stranger. secur i ty guard. They are most often bored
The gol den r ul es of us i ng a pretext as I and underpai d and al l too wi l l i ng to tal k to
see them: someone if ofered the ri ght pretext. Maki ng
1 ) Choose one you are comfortable with. fri ends wi th the secur i ty i s more usefu l than
This will make you believable. Don't pretend a set of keys.
to be a telephone engineer if you know I hope th i s i ns pi res peopl e to go out and
nothing about the business. Don't turn up pay a I i tt l e more attenti on to thei r i nteracti ons
dressed like a bi n man while pretending to wi th others
.
Have fun doi ng it and al ways
be a businessman. remember to treat everyone wi th respect.
l
[
0 ZZ%
[
ZH0
Greeti ngs from the Central Offi ce! I t ' s
autumn i n Puget Sound cou ntry, al though we
had an unusual l y col d and wet summer. Sti l l ,
fal l means back to school and that means
that my "servi ce mon i tor i ng" gets a l ot more
i nteresti ng. By the way, Amber, your mom
found out that you cut cl asses today and
you ' re goi ng to be i n big troubl e! Next ti me
you deci de to hang out at the mal l , don ' t go
to the one where Mrs. Pi erce works. Al l the
boys down at Fort Meade had a bi g l augh
over that one, too.
But I di gress. I n thi s i nstal l ment of The
Telecom Informer we' re goi ng outsi de of the
central offi ce and i nto hotel s, hospi tal s, and
col l ege campuses. I n many of these pl aces
the maj or i ty of cal l s never l eave the bui l di ng.
I nstead they ' re routed over Pri vate Branch
Exchanges or PBXs for short. Whi l e most
PBXs are connected to the Publ i c Swi tched
Tel ephone Network ( PSTN) , they can operate
as enti rel y sel f-contai ned systems, or connect
to other tel ecommuni cati ons networks ( such
as the secure networks operated by var i ous
governments around the wor l d) .
Near l y everyone readi ng thi s has prob
abl y made a phone cal l t hrough a PBX at
some poi nt in thei r l i ves. Ever had to di al
9 fi rst t o make a cal l ? You r cal l most l i kel y
travel ed t hrough a PBX. Ever cal l ed from
one hotel room to another by di al i ng onl y
t he room number? You r cal l probabl y never
l eft the bui l di ng. I say " probabl y" and " most
l i kel y" because many l ocal phone compa
n i es offer a servi ce cal l ed Centrex. Thi s offers
cal l i ng features s i mi l ar to PBXs, but every
thi ng ( i ncl udi ng " servi ce mon i tor i ng" and
government s urvei l l ance) i s handl ed ri ght
here i n my central offi ce. We j ust charge you
a hefty fee per month, per l i ne.
Years ago phreaks often thought of a
PBX as a fun way to make free phone cal l s .
They' d refer t o " di verters" or "extenders" i n
conversat i ons and often used such termi
nol ogy i nterchangeabl y wi th " PBX. " A
phreak I knew named Phred, based out of
Staten I s l and, spent hi s days col l ecti ng other
phreaks' phone numbers and then cal l i ng
them us i ng PBXs he' d broken i nto. " I ' ve got
you r number, " he' d threaten on conference
ulumH Z
br i dges, whi ch were common at the t i me.
" I ' ve got everybody' nu mber and I ' m gonna
cal l you on my phone sex PBX. " I ' m not sure
what ever happened to Ph red; he di sap
peared one day and nobody ever heard from
hi m agai n. Rumor has i t he went to pr i son,
but who knows.
And now, i f you ' l l i ndu l ge, i t ' s t i me for
a t r i p down memory l ane. Before I nternet
access was wi del y avai l abl e ( bel i eve it or
not, i t ' s onl y been about 1 5 years) , hackers
and phreaks l argel y communi cated and
shared i nformati on vi a text fi l es and hacki ng
programs ( such as ToneLoc) ci rcul ated on
di al -up BBSs. You can th i n k of a di al -up
BBS as s i mi l ar t o a web message board,
except that each one had to be di al ed up
separatel y us i ng a modem. I f someone el se
was connected to the BBS, you ' d get a busy
si gnal .
One of the more creati ve i nventi ons of
2600 Magazine was t hei r voi ce B BS, whi ch
gave peopl e wi thout computers another
avenue to communi cate. Messages l eft there
were qui te often i nterrupted by red box
tones. I spent many l ong hours i n the central
offi ce performi ng "servi ce mon i tor i ng" of
( 5 1 6) 473-2 62 6.
Hackers and phreaks al so communi cated
usi ng conference bri dges, such as those
provi ded by Al l i ance Tel econferenci ng.
These were a favor i te wi th phreaks because
they both contai ned an i ncredi bl e ar ray
of conference management features, and
were h i gh l y suscept i bl e to, erm, " creati ve"
bi l l i ng arrangements. And, of course, there
were 2600 meeti ngs, where l ocal hackers
and phreaks cou l d meet and share i deas
face-to-face.
OK, back to the present day. Al though a
poor l y confi gured PBX can sti l l al l ow unau
thori zed peopl e t o make free phone cal l s,
fi ndi ng an open DI SA port i s rare these
days. And wi th the l ow cost of l ong di stance
( l i ke 7.2 5 cents per mi nute to Si ngapore)
combi ned wi th the h i gh r i sk of bei ng caught,
i t ' s hardl y worth the bother anymore.
So, you may ask, what good is a PBX if
you can ' t make free phone cal l s us i ng it? Fai r
quest i on. But fi rst, i t ' s good to understand
l
[
0 J
why peopl e i nsta l l PBXs so you can thi n k of and model as your PBX) , and can connect to
creati ve ways to have fun wi th them. PBXs the PSTN us i ng ei ther di gi tal ( I SDN and/or
provi de numerous advantages to the peopl e Tl ) or anal og l i nes. Note t hat not al l PBXs
who i nsta l l t hem, but probabl y the bi ggest support a l l types of PSTN connecti vi ty. I n
one i s a l ower phone bi l l . I nstead of payi ng a general , despi te a l ot of noi se about open
month l y fee to the phone company for each standards, you pretty much have to buy both
i ndi vi dual tel ephone l i ne i n a fac i l i ty, you your PBX and your tel ephones ( cal l ed stati on
onl y need t o buy as many phone l i nes as you sets) from the same manufacturer. Manufac
actual l y use for i ncomi ng and outgoi ng cal l s. turers someti mes have mu l t i pl e ( and often
Th i s is cal cul ated by the PBX i nstal l er based i ncompati bl e) product l i nes. For exampl e,
on averages, wi th some buffer for unusu- Nortel has both the Norstar and Meri di an
al l y bus y peri ods. Maki ng a cal i wi th i n the product l i nes. These tel ephone systems have
bu i l di ng ti es up your phone, but it does n' t ti e di fferent features and hardware, and are not
up an actual phone l i ne. I f you make a cal l fu l l y i nteroperabl e.
outsi de the bu i l di ng (general l y by pressi ng To make thi ngs even more exci ti ng, tel e-
U), or i f you recei ve a cal l from the PSTN, the phones, computers, voi cemai l , emai l , and
PBX takes care of routi ng your cal l . Vol P technol ogi es have converged rapi dl y
The second bi ggest advantage i s control . over t he years. Th i s l eads t o a confus i ng
Wi th a PBX, you can control the cal l i ng hodgepodge of acronyms, many of whi ch
features avai l abl e t o each tel ephone set i ndi - mean di fferent th i ngs t o di fferent manufac
vi dual iy. For exampl e, you cou l d confi gure turers. For exampl e, a "Vol P PBX" cou l d actu
some tel ephone sets to onl y recei ve i ncomi ng a l l y be us i ng any of over a dozen commu
cal l s, others t o onl y be abl e t o make cal l s ni cati ons protocol s, some pu bl i c a n d some
wi th i n the bu i l di ng, and sti l l others to have propri etary, wi th transport over I P bei ng
unrestr i cted capabi l i ty. You can even control the onl y th i ng they have i n common. And
the hours when cal l s ri ng through to offi ce even then, whi ch part of the cal l takes pl ace
phones, for exampl e, forwardi ng cal l s to an over I P can vary. Some PBXs, for exampl e,
answeri ng servi ce after hour s. l abel themsel ves as Vol P, but i n practi ce
Another form of control i s l east cost cal l they can onl y route l ong di stance cal l s over
routi ng. Suppose that you have accounts the I nternet ( us i ng servi ces such as a S I P
wi th two di fferent l ong di stance carri ers. provi der) . Conversel y, there are now soft
One car r i er provi des attracti ve pr i ci ng for ware-onl y PBXs, such as Asteri sk, whi ch can
domest i c cal l s and the other provi des attrac- be operated wi thout connecti ng to a s i ngl e
ti ve pr i ci ng for i nternati onal cal l s. Based on phys i cal tel ephone l i ne.
the numbers di al ed, the admi n i strator can One feature that my central offi ce
i nstruct the PBX to route the cal l over one supports, whi ch many PBXs don ' t, i s CALEA.
l ong di stance carri er versus another ( us i ng If you ' ve read my previ ous col umns, I have
carri er access codes, a topi c I have covered descri bed in deta i l th i s F BI -mandated s urvei l
i n previ ous i ssues) . l ance i nfrastructure whi ch is bui l t i nto the
PBXs provi de numerous features other PSTN. However, i n-bu i l di ng cal l s may not
than j ust addi t i onal control over how and be safe for much l onger. Many col l eges and
when ca l l s are pl aced. You ' re probabl y un i vers i ti es around t he cou ntry have report
fami l i ar wi th those " press 1 for sal es, press edl y been contacted by the F BI requesti ng
2 for servi ce, or press 3 for a recordi ng of provi si ons for PBX survei l l ance i nfrastruc
our CEO farti ng" phone trees . Wi th a PBX, ture. They cl ai m i t' s to ass i st them i n cracki ng
you can make your very own . PBXs gener- down on " drug acti vi ty. " I t ' s probabl y onl y a
al l y al so i ncl ude voi cema i l systems, and matter of t i me before hospi tal s, busi nesses,
PBX admi ni strators have as much fl exi bi l i ty and anywhere other than the Department of
around voi cemai l features as they do around J ust i ce recei ves s i mi l ar requests.
cal l i ng features. For exampl e, you can deci de And on that upl i fti ng note, i t ' s t i me to
whether or not to l et cal l ers record thei r own br i ng another i ssue of The Telecom Informer
outgoi ng messages, control the number of to a cl ose. Have a safe and happy Hal l oween,
messages they can store i n thei r mai l box, and Thanksgi vi ng, press 4 to pu l l my fi nger,
or grant the abi l i ty to ret ur n phone cal l s (to and I ' l l see you a l l agai n th i s wi nter !
name j ust a few opt i ons) .
L k
There are dozens of di fferent manu-
U b
http

/ /w. telephreak . erg-A sofware

facturers of PBXs, but they are l argel y sel f-
contai ned and propri etary systems. PBXs
onl y Aster i sk PBX offeri ng free voi cemai l and
genera l l y use di gi tal i nsi de wi ri ng (often wi th
conference br i dges.
d h
http / /w. askcalea cem- F BI -operated
propr i etary enco i ng, meani ng you ave to
use onl y tel ephone sets of the same brand
webs i te descr i bi ng the CALEA nati onwi de
survei l l ance program.
l[
0 +--Z%
[
ZH0
or_to_c Orecc11c
_'.l

.
t .
. 1C
by Knl ghtlOrd
Knl ghtl Ord@hotmai l . com
Programmi ng today has become a
di vi ded front. On one si de you have the
MS . NET programmers and on the other
si de you have the L i nuxlJ ava/Web program
mers. When someone deci des they want to
start wri ti ng software they are faced wi t h
one i mportant quest i on: Whi ch l anguage
to l earn fi rst? Al though th i s questi on i s
" i mportant," i t shou l d not be the focus of an
aspi r i ng devel oper. I n my exper i ence as a
devel oper I have found out one very i mpor
tant t hi ng. If you are a good programmer,
a great programmer even, it doesn't matter
what l anguage you use because you cou l d
us e any one of the hundreds of l anguages
avai l abl e. I t al l comes down to fundamental s
and understandi ng how t o th i nk l i ke a coder.
By restr i ct i ng yoursel f to a speci fi c l anguage
you are l i mi t i ng the type and qual i ty of work
you can create. Understandi ng codi ng struc
ture, l ogi cal anal ys i s, and above al l havi ng
the hacker mi nd wi l l al l ow you to uti l i ze the
tool s that best fi t the scenar i o and not have
the l anguage defi ne your path.
The fi rst l anguage I ever l earned was
RPG I V for the AS/400 comput i ng system.
Granted, t hi s i s an ol d l anguage that hasn't
changed much i n 1 5 years but it is a wel l
documented, structured l anguage that
gave me a base to l ear n how to be a good
programmer, not j ust an RPG programmer.
Once you l ear n one l anguage and u nder
stand the fu ndamental s you essenti al l y know
any l anguage you want. I can pi ck up a new
programmi ng l anguage wi th a smal l l earn i ng
curve i n syntax and executi on that l asts onl y
about a week. I am goi ng t o share my tech
ni que for l earn i ng programmi ng l anguages
and how you can ut i l i ze the fundamental s of
software desi gn to al l ow you to unchai n your
software and become l anguage nonspeci fi c.
The fi rst step is to pi ck a wel l docu
mented l anguage t hat i s easy t o read. Why
choose one easy t o read? Because you wi II
remember it better. If Engl i sh is your pr i mary
l anguage and you read a quote i n Engl i sh
you wi l l more t han l i kel y remember i t. Now
read the same quote i n Spani sh and try and
remember i t. So wi t h absol utel y no knowl
edge of Spani s h you wi l l not onl y forget t he
quote but probabl y mi squote and mi spro
nounce it when you try to recal l i t. The same
basi c theory can be used i n programmi ng.
Say you l earn Vi sual Basi c or Gambas, two
very easy to read l anguages. You have a
command l i ke t hi s :
Dim intCash as Integer
Now you know that the command i s
defi n i ng ( Di m) the var i abl e ( i ntCash) as an
i nteger. So now read the same l i ne i n C:
lnt intCash ;
It is basi cal l y the same. You recogn i ze the
I nt as bei ng a data type of i nteger because
you remember the I nt from VB. The same
goes wi t h any other command you have. I t
i s al l a matter of reference. So thi s sol ves the
l anguage i ssue, but now what about program
mi ng structure? The most i mportant th i ng i s
to th i nk modul ar. The smal l er you can break
tasks down the eas i er i t i s to manage them;
i t al so makes one of the fundamental OOP
theori es eas i er, re- use of code. By maki ng
th i ngs smal l and nonspeci fi c you can take
those pi eces and pl ug them i nto j ust about
any appl i cati on that uses that same process.
For i nstance, take a program that takes two
numbers, di vi des them together, then does
cal cu l ati ons based on that output. Here i s a
code exampl e:
lnt A 2 ;
lnt B 14;
lnt C ;
lnt main ( ) {
C A/B;
I F ( C ? 7,{
Printf ( "C is greater than 7,,
}e1se{
Printf ( "C is less than 7",,
}
}
Thi s is a pretty strai ghtforward l i tt l e code
bl ock. Now you may be sayi ng, why woul d
I modul ari ze someth i ng s o smal l t o begi n
wi th ? Wel l , you don't have t o t r y and sl i m i t
down or anythi ng l i ke that. J ust t r y and th i nk
i n pi eces. So i nstead of t he code above, you
cou l d wr i te someth i ng l i ke th i s :
lnt A;
lnt B;
lnt C ;
lnt main ( ) {
C divide ( A,B ) ;
I F ( C ? 7 ) {
Printf ( "C is greater than 7",,
}else{
Print f ( "C is less than 7",,
}
}
lnt divide ( int a, int b ) {
rnt C]
C al b;
return C]
}
ulumH Z
l
[
0 o
So yeah, there is more code than the
other program but now you are abl e to pl ug
i n any two numbers and di vi de them i n any
sequence that you want. Not onl y that but
you can reuse the di vi de functi on i n any
other app you wi sh. Now you are modul ar.
So the next t i me you need to di vi de some
th i ng you don't have to fi gure out whether
you want to di vi de A by B or vi ce versa
and then change i t down the wad. You can
i nstead change the i nput because the func
ti on wi l l al ways be the same. Thi s ti ny l i ttl e
functi on i s a very basi c exampl e of maki ng
your program modu l ar. It is al so probabl y
not very pract i cal but for demonstrati on
purposes i t i s easy to understand.
The next t hi ng that i s i mportant when
l earn i ng to program i s to understand cl asses.
Most l anguages gi ve you basi c cl asses to
work wi t h. Every data type, whether they are
i ntegers or str i ngs or Bool ean, are al l cl asses.
Each cl ass has speci fi c properti es to i t and
tasks that can be performed t o them. You
cannot di vi de a Bool ean object because that
i s not a method i n that cl ass. So by taki ng
th i s i dea of data types you can create new
types and you can do t hi ngs speci fi c to that
type. As an exerci se, pi ck an object i n your
house that has mul t i pl e parts and mu l ti pl e
functi ons i t performs. For thi s arti cl e I wi l l
choose a radi o. A radi o has mul t i pl e parts;
buttons ( on/off, AM/FM, etc. ) and mu l ti pl e
functi ons: t une up or down, vol ume up or
down, etc. So your programmi ng l anguage
doesn't have a stock radi o cl ass and i nstead
of defi n i ng each part when you wr i te your
code you deci de to wr ite a cl ass i nstead.
Here i s an exampl e of a si mpl e radi o cl ass:
class radio ;
foat tunedTo ;
foat minimumStep ;
int minimumFrequency;
int maximurFrequenC
Y i
int raxVolure ;
int currentVolure ;
bool modType ; / / false am - true
int presetStation ( ) ;
int pre ;
function tuneUp ( )
{
newFreq = tunedTo rinimumStep
if newFreq ~ maximumFrequency
tunedTo newFreq
else
print ' max '
break
function tuneDown ( )
fm
else
}
print ' min '
break ;
function toggleModulation ( )
if mod Type true
mod Type false
minimumFrequency 3 3 0
maximumFrequency 70 0
minimumStep 0
print ' am tuning ' ;
else
mod Type true
minimumFrequency 8 7 . 3
maximumFrequency 0 8 . 0
minimumStep " . 3
print ' fm tuning ' :
end if
function selectPreset ( )
tunedTo presetStation ( pre ) ;
}
function volumeUp ( )
{
if currentVolume ~ maxVolume
currentVolume++:
else
print ' volume already at max ' ;
break ;
end i f
function volumeDown ( )
if currentVolume >
currentVolume-- ;
else
print ' volume already at zero ' ;
break ;
end i f
end radio ;
So as you can see from th i s smal l cl ass,
pretty much every part of a basi c AM/FM
radi o i s i ncl uded and each functi on that the
radi o can perform i s defi ned. Now i n you r
program, to t une up you r radi o al l you have
to do is i nvoke the tuneUpO functi on i nstead
of defi n i ng what the radi o is t uned too, what
i t can be tuned too, and how many steps to
tune before stoppi ng. Al l of thi s i s al ready
defi ned i n the cl ass and every object that i s
of t he type radi o wi l l be abl e t o do t he same
thi ngs . Thi s i s the essenti al pi ece of program
mi ng that you need to understand to be a
good programmer because cl asses al l ow
you to be modul ar and sti l l be abl e to have
compl ex data mani pul ati on wi thout al l the
headaches. Not onl y can you do t hi ngs to
a s i ngl e radi o obj ect but you can use two
newFreq tunedTo " minimumStep
of the same type and do cal cul ati ons on
if newFreq > minimumFrequency
that. So you cou l d essenti al l y test one radi o
tunedTo newFreq agai nst another to make s ure they are doi ng
l
[
0 Z%
[
ZH0
what you want.
Th i s i s j ust the ti p of programmi ng funda
mental s but by l earni ng th i s stuf first you wi l l
save yoursel f a l ot of debuggi ng and codi ng
t i me. Maybe not i n i ti al l y but when you have
a good si zed l i brary of custom functi ons
and cl asses at you r di sposal you wi l l essen
t i al l y be abl e to wr i te programs l i ke putti ng
together a puzzl e. The onl y thi ng that wi l l be
custom to your appl i cati on wi l l be the l ogi c
beh i nd i t and how t hose pi eces fi t together i n
the i mpl ementat i on i n questi on.
A note on l ogi c i s t o try and not be redun
dant as much as possi bl e. I t i s eas i er t o do
that i f you are modul ar. You don't need to
add the same t hi ngs a bunch of t i mes to get
the same answer. Do i t once and then reuse
i t. Another way to make sure your l ogi c
doesn't become a crap shoot i s to have good
nami ng conventi ons for var i abl es . I t makes
your program easi er to read and for other
peopl e to understand. A good method that I
use is cal l ed the Hungar i an Notati on whi ch
i s a way of uti l i zi ng object types i n var i abl e
names so you can keep track of t he ki nd of
data you are wor ki ng wi t h. For i nstance, if
you are defi n i ng an i nteger data type, put int
at the begi n n i ng of the var i abl e name and
you wi l l never forget that you r var i abl e i s an
i nteger. You can modi fy t he notati on scheme
to sui t your personal preference but most
programmers wi l l sti l l be abl e to understand
i t wi t h a l i ttl e bi t of coach i ng on you r nota
ti on styl e. The most i mportant th i ng about
programmi ng l ogi c though i s to be l i near, or
as l i near as poss i bl e. You don't read a book
from back to front, bottom to top, you read
i t front to back, top to bottom. Remember
that when wri ti ng software and avoi d goi ng
backwards i n your code, and never ever
use go or goto statements ! They are evi l and
unnecessary i f you j ust th i nk for a mi n ute
and try to be l i near.
Remember the fundamental s and you
wi l l be abl e to wri te any type of app i n any
envi ron ment wi th any l anguage because
a computer program ends up bei ng the
same th i ng after compi l i ng, no matter what
l anguage you are usi ng. There are a mi l l i on
ways syntact i cal l y to do the same task but
by bei ng a good programmer you can be
s ure that you are doi ng i t correct l y no matter
what syntax you may be usi ng.
Front Door H
by Darkarchi ves
F i rst off, I woul d l i ke to gi ve props to
Cl iff, the author of " Hacki ng Your Own Front
Door" i n 24: 1 . I f you somehow mi ssed th i s
art i cl e, t he fol l owi ng wi l l be somewhat more
confusi ng.
Any l ocks mi th wi l l tel l you that there
are several hundreds of types of l ocks, each
wi th thei r own un i que key s i ze and shape.
Logi cal l y, someone who wanted t o be abl e
t o open every l ock woul d requi re every type
of key, whi ch woul d cost a l oad of money
and be a bi g hass l e to carry around. The tri ck
wi th l ocks i s that 90 percent of the l ocks i n
use today are one of ten garden var i et i es,
i ncl udi ng Sch l age and Kwi kset. By havi ng
these ten mai n keys, you have a h i gh chance
of open i ng the l ock. As Cl i ff correctl y poi nted
out, most areas use the same types of l ocks,
l i ke a dorm room or a nei ghborhood. I n the
area where I l i ve, every house that I know
of uses a Schl age deadbol t as wel l as door
knob. Therefore I wou l d onl y need one key
to get i nto al l of these houses.
Maki ng a bump key i s as easy as fi l i ng
down a spare key or even us i ng a bl ank
and starti ng from scratch. The probl em wi th
th i s i s that i f you are maki ng your fi rst key,
you tend to second guess yoursel f and take
off too much. I made my own Sch l age key
and when i t di dn't work I j ust went on l i ne
and bought a set of 1 1 keys. Looki ng back,
I now know that i t takes some practi ce to
bump, and Sch l age i s harder than some of
the others.
ulumH Z
l
[
0
Once you have made a bump key, don't
be tempted to go and try it on your front
door. Some of the r i sks you ru n i ncl ude
gett i ng the key stuck i n there and havi ng
to cal l someone, or damagi ng you r l ock.
Repeatedl y hi tt i ng a bump key can damage
the spr i ngs that set the pi ns of a l ock and can
ul ti matel y render the l ock usel ess. I person
al l y suggest buyi ng a Kwi kset l ock because
as any l ockpi cker can attest to these l ocks
are the easi est to bump and pi ck. Al so, i t
i s a good i dea to hi t up Googl e vi deos or
any other si te to fi nd some vi deos of peopl e
bumpi ng a door. Don't get t oo hung up on
how they do i t . I nstead tr y and l ear n gener
al l y what moti ons they do so that you
can experi ment l ater. Al so, vi deos of
peopl e bumpi ng make i t l ook i ncredi bl y
easy ( there i s one of a 1 2-year-ol d gi r l
doi ng i t on her fi rst try), but i n real i ty
i t wi l l take a l i tt l e bi t of practi ce. What
I di d was si t down wi th my key, l ock,
and the back end of the screwdri ver and
watch the TV for about an hour. I nstead
of tryi ng to be exact l y l i ke the peopl e on
the vi deos, I whacked at i t and tri ed di fferent
come back out a ti ny bi t. The way th i s works
i s that a normal key wou l d have the pi ns rest
jn the fl at area between the r i dges, and by
fi l i ng off the t i p and shou l der you can put
the key i n so that the pi ns rest i nstead on the
ri dges. When fi l i ng, don't worry about how
much you take off of the shou l der. The t i p i s
where you need t o be carefu l . I f you fi l e too
much, the pi n wi l l mi ss the r i dge al together
and the key wi l l be usel ess for mi ni mal
movement (you cou l d sti l l us e i t for the one
cl i ck method) . I suggest you take off j ust a
bi t and test i t, then take off a l i ttl e more unti l
you get it to the ri ght pl ace.
angl es and pressure unti l I got a successfu l To use a key set for mi ni mal movement
bump. After a whi l e, I cou l d bump one out you s i mpl y i nsert i t and l et i t pop out a bi t,
of every ten, and then I started to actual l y then appl y tensi on and bump. The tensi on i s
pay attenti on t o what I was doi ng s o I cou l d t he hardest part t o master, and real l y t he onl y
l ear n t he best way for me. way to master i t i s to practi ce at di fferent
I am goi ng to take a br i ef moment to tal k amounts of tensi on. I f you have ever pi cked
about what you shou l d hi t your bump key l ocks, then you know how much tensi on you
wi th . My personal favor i te, and it sounds need.
l i ke Cl i ff agrees wi th me, is the handl e of Cl i ff was ri ght i n that there is very l i ttl e
a screwdr i ver. However, from what I have that you can do to prevent thi s type of attack
read on the I nternet, al most anythi ng works. on your house. The onl y other sol ut i on that
Speci fi c bumpi ng tool s whi ch you can buy I cou l d come up wi th bes i des hi s i s to buy
are nor mal l y a foot l ong wi th a rubber an extremel y uncommon l ock so that i f the
str i ki ng area on one end. I have al so heard burgl ar wants i n, he has to make a speci al
of peopl e us i ng wooden spoons, hammers, key. Another fact wi th bump keys i s that the
wal l ets, and even women's heel ed shoes. more expensi ve the l ock i s, the more vu l ner-
Ul t i matel y you want someth i ng that is hard abl e it i s . I n most cases, l ocks cost more
enough to del i ver a good si zed shock to the because they are more preci sel y crafted, and
key whi l e sti l l bei ng sma l l enough to handl e. s i nce the parts are f i t better, t he transfer of
Don't be afrai d to experi ment around wi th energy happens more smoothl y and there
l ots of stuff. You can't real l y mess anyth i ng fore easi er.
up too much. Now that you know al l thi s, I encourage
Cl i ff's art i cl e covered how to bump us i ng you to try it yoursel f, but i n the comfort of
the "one cl i ck method. " As he expl ai ned, you your home wi th a deadbol t that you bought
i nsert the key and then pu l l i t out one cl i ck for th i s purpose. Al so, t r y a Kwi kset l ock fi rst
so that the r i dges can contact the pi ns and because they are notor i ousl y easy t o pi ck
transfer t he energy. The way I bump l ocks i s and bump. I do not recommend tryi ng th i s
cal l ed t he " mi ni mal movement" method and on anyone el se's l ocks, as that wou l d be a
I personal l y th i n k that it is easi er to l ear n on. real l y stupi d i dea because i t i s i l l egal . Al so, i t
To set you r key for mi ni mal movement, you i s easi er t o bump l ocks t hat you are hol di ng
have to fi l e off a bi t of the t i p of the key and i n your hand as compared t o l ocks that are i n
a bi t off of the shou l der (see the fi gure and a door, so I don't suggest that you try. I nstead
parts marked in gray) . The goal of fi l i ng these of us i ng bump keys to break i nto houses,
parts off of your key i s to be abl e to sti ck the use them to wi n bar bets and i mpress your
key a l l the way i n, then l et i t go and have i t fr i ends. Happy bumpi ng.
l
[0
Z%
[
ZH0
by Atom Smasher
atom@smasher.org
L 762A 3B98 A3C3 96C9 C6B7
582A B88D 52E4 D9F5 7808
I recentl y purchased a brand new Kens
i ngton Mi croSaver Combi nati on Notebook
Lock and overal l I ' m not happy wi th i t.
Perhaps the most di sappoi nti ng feature of
th i s I
.
ock, whi ch retai l s for $30-$40 ( US) , i s
t hat I t can be opened wi t h a penny i n l ess
than 20 seconds wi thout damagi ng the l ock
or the devi ce i t ' s attached to. The techni que
descr i bed bel ow can l i kel y be appl i ed to
s i mi l ar l ocks.
l ' l l
.
take th i s opportuni ty to poi nt out
that thi s I nformati on i s bei ng shared for the
purpose of i nformati onal use, educat i onal
use, and the

dvancement of physi cal secu

r i ty by expos i ng current vu l nerabi l i ti es, j ust
the same as exposi ng software and protocol
vul nerabi l i ti es l eads t o t he advancement of
software and protocol secur i ty.
Not onl y can a mal i ci ous attacker ( aka
t hi ef) use thi s techni que to wal k away wi th a
l aptop, but al so an undamaged l ock that can
be reset to any combi nati on. I n some cases
the attacker may gai n someth i ng more val u
abl e t han t he l aptop. Keep readi ng.
These types of l ocks use a bar that extends
t hrough the four di al s and t hrough one end
of the l ock housi ng i nto a l aptop ( or other
devl

e) . The bar has four sl ots i n i t, al l owi ng

the

I n

s to tu r

around i t. Each r i ng has one
s l ot I n I t, al l OWi ng the bar to s l i de when al l of
the r i ngs are
.
pro
p
er l y al i gned. As l ong as any
one of the di al s I S not I n the correct posi ti on
the bar cannot s l i de - i n theory. I n practi ce,
tensi on can be appl i ed to the bar so that the
di al s can be
.
j ammed i nto the "correct" posi
t I Ons, revea l i ng t he combi nati on. The t r i ck i s
t o appl y tensi on t o t he bar wh i l e t ur n i ng the
di al s . For thi s parti cul ar l ock, I ' ve found that
a coi n can ai d i n appl yi ng the proper pres
s ure on the bar.
Sl i de a coi n between the l ock and the
computer case. Wi ggl e the l ock so the coi n
can be seated as cl ose as poss i bl e t o the
l ocki ng bar. Bear i n mi nd that the goal i s to
not cause (bmage to the lock or t he l aptop.
coi n the l ock wi l l tend
t o l ean a

ay from
.
coi n . By pressi ng t he
l ock agai nst the cOi n ( squeezi ng the coi n
between the l ock and computer case) push
the l ock perpendi cul ar t o the computer
case and at the same ti me appl y tensi on to
the l ocki ng bar. A fi rm pressu re i s best; too
much pressure may damage the l ock and/or
computer.
Wi th the proper press ure appl i ed to the
bar,
.
the di al s can be spun back and forth
unt i l they each sti ck, at whi ch poi nt the l ock
shou l d open. Wi th practi ce th i s can be done
i n wel l under 20 seconds by turn i ng two to
three di al s at a t i me to start.
I n test i ng th i s techni que, the di al s seem
to ha

e a tendency to sti ck start i ng wi th the

l asdi gi t and movi ng towards the fi rst di gi t.
Th i S may or may not appl y uni versal l y. I f al l
but on e of the di gi ts i s found, I recommend
removi ng the coi n and tur ni ng the di al of t he
unknown di gi t unt i l the l ock opens.
Peopl e are creatures of habi t, and i n
most cases the four di gi t combi nat i on used
on the l ock wi l l probabl y be the same
PI N as the owner's bank card, voi ce mai l ,
l uggage l ocks, etc. I n many si tuati ons j ust
l earni ng the PI N may be more val uabl e than
the l aptop. I n any case, the coi n can now
be used
.
to tur n the sl ot opposi te the T- Bar,
whi ch wi l l expose a red dot adj acent to the
combi nati on. When the red dot i s exposed a
new combi nati on can be chosen and set y
turn i ng the sl ot to I tS Or i gi nal posi t i on . Th i s
al l ows an attacker t o reset the combi nati on
and repl ace the l ock.
Th i s type of attack can be eas i l y avoi ded i f
the di al s of the combi nati on l ock arc manu
factured wi th grooves i n each pos i ti on corre
spondi ng to an i ncorrect di gi t . The bar woul d
then j am i n t he grooves, maki ng i t i mpos
S i bl e t o det

r ml ne
.
I f each di al i s j ammi ng
I n the s l ot ( i ndi cati ng a correct di gi t) or a
groove ( i ndi cati ng noth i ng) .
Thanks to my dad, who taught me how
locks are supposed to work and how they
ottell don ' t. He also taught me that thieves
break into things; locksmiths gain access
to secure areas after receiving proper
authorization.
ulumH Z
l
[
0 V
by L dPf
Let me open wi th a caveat: Fi l e shar i ng
al bum and gi ve i t t o a fri end and fi l e shar i ng
i s currentl y a vi ol ati on of copyri ght l aw and
sti l l exi sts. Pl ease understand, thi s i s not to
is therefore consi dered theft of i ntel l ectual
say t he RI M shoul d j ust gi ve up any more
property. Anyone caught and prosecuted
than the government shou l d stop tryi ng to
can t hus reasonabl y expect to be found
f i nd, thwart, and i mpr i son terror cel l s. Sti l l ,
gui l ty. Havi ng sai d that, even the Supreme
both s i des mi ght want to take a step back
Court has set the precedent that maki ng a
and consi der not so much t hei r unattai n
mi x tape for your fri ends is not a vi ol ati on
abl e stated goal s, but i nstead concentrate
on the sources of t hei r "terror. " Presi dents
of copyri ght l aw, si nce mi x tapes wi thstand
the four factor test for "fai r use" (see Camp-
need to study Ameri can forei gn pol i cy and
bel l v. Acuff- Rose Mus i c, for exampl e) .
how i t serves t o fuel - not curtai l - terror, and
Wi thout goi ng i nto a l l the l egal j argon, the
the RI AA needs to consi der the purpose of
record compani es i n the 2 1 st century.
hi gh court ' s reasoni ng can be summar i zed
The record i ndustry, despi te breaki ng and
as sayi ng that mi x tapes serve as "fai r use"
creati ng new sounds over the decades, i s
because they fal l under the "format sh i fti ng"
hardl y the poster chi l d for foresi ght. I n the
provi si on ( al l owi ng you to move CDs to
l ate 1 990s the major l abel s were sti l l sendi ng
an mp3 pl ayer, for exampl e) , are noncom-
promo CDs out for revi ew i n LP boxes. Thi nk
merci al , and, most i mportant l y, because
about that: I t meant that someone i n the
one song from an al bum actual l y serves as
1 980s had bought so many LP boxes that a
a form of vi ral adverti S i ng for the al bum,
good decade after CDs had suppl anted LPs,
potenti a l l y creat i ng al bum sal es rather than
they sti l l had a surpl us of LP mai l ers. They
di mi ni s hi ng t hem. These deci si ons do not
hadn ' t seen the change comi ng, even as ki ds
extend to ful l al bums, however, and therei n
i n 1 985 saved up t hei r paper route money
l i es the r ub: Somewhere between the two
to buy a CD pl ayer. Even before that, the
extremes of "theft" and " vi ral advert i si ng" l i es
record i ndustry, havi ng gotten fat and ri ch
the poi nt the Recordi ng I ndustry Associ ati on
on si ngl es i n the 1 950s and 1 960s, turned
of Ameri ca ( RI AA) i s mi ssi ng.
up i t s nose at what wou l d become "al bum
The probl em i s, t he RI AA has chosen
ori ented rock. " I t wasn ' t unti l the 1 970s
to chal l enge fi l e shar i ng i n a way s i mi l ar
t hat the majors fu l l y embraced a format l i ke
to the current admi ni strati on' s offensive
El ektra had pi oneered in the l ate 1 960s. And
agai nst terrori s m. Certai nl y, on the surface,
now they fai l to real i ze that, i ron i cal l y, ti mes
the desi re to ri d the wor l d of terrori sts i s a have changed back, and we may wel l now
goal no one wou l d cri ti ci ze, but the sad fact be i n a wor l d where the al bum i s dead - and
i s t hat the goal i s patentl y unattai nabl e. Al l t hi s i s exactl y the k i nd of wor l d i n whi ch fi l e
i t takes i s one nut j ob t o strap expl osi ves on shar i ng wi l l fl our i sh.
h i msel f, wal k i nto a mal l , and bl ow h i msel f Record compani es need t o recogni ze
up, and you have an act of terror i sm. Sadl y, t hi s and morph i nto promoters of bands, not
there' s no account i ng for random nut j obs.
al bums, dependi ng on concert t i cket sal es
Si mi l ar l y, the RI AA seems to thi nk i ts court-
and merchandi si ng to make t hei r money, not
room front in the War on Fi l e Shar i ng can
on record sal es. After al l , even as al bum sal es
al so l ead to total vi ctory, deft l y mi ssi ng the
have dec l i ned due to fi l e shari ng, concert
poi nt that a l l someone has to do is dub an
sal es have actual l y i ncreased, a stati sti c that
l
[
0 Z
Z%
[
ZH0
fl i es i n the face of the RI AA' s oft trumpeted
cl ai m that "fi l e shar i ng hurts the art i sts . " I t
doesn ' t . I t hurts the record compani es and,
the truth be tol d, i t onl y hurts them because
they are unwi l l i ng to adapt. They' ve gotten
fat and ri ch on al bum sal es, and they l ack
the i magi nati on and foresi ght t o fi gure out
how to make money some other way. I n th i s
model , the actual recorded tracks become
al most wort hl ess, l i censed to radi o stati ons
and Probl ogs for a pi ttance and used chi efl y
as a form of word of mouth advert i si ng for
bands, to sel l t i ckets to concerts and stuff
from the merchandi se tabl e. Many bands
have di scovered thi s on t hei r own - l ook at
OK Go' s i nstant fame, based on a seri es of
freel y traded vi deos vi a YouTube, or Ween' s
endorsement of browntracker . net - and t hi s
i s what tru l y terri fi es the recordi ng i ndustry:
I f the musi c goes vi ral , they can' t make any
money off i t.
The onl y other opti on i s to make fi l e
shar i ng a n u l l opti on, and i n order t o do
that, t he record compan i es need t o cut costs
- dramati cal l y. There' s no reason a s i ngl e
track on i Tunes shou l d retai l for mor e than
50 cents, nor al bums for more than fi ve
dol l ars. The onl y reason pri ces are th i s h i gh i s
because the i ndustry i s di ctat i ng them based
on an outdated busi ness hook that deems an
al bum i s worth at l east ten dol l ars, a l l the
wh i l e fai l i ng to real i ze that mp3s are l ossy
qual i ty audi o and come wi thout al bum art or
l i ner notes, the fact of whi ch wou l d demand
to any sane person that down l oadi ng shou l d
cost consi derabl y l ess t han bri ck-n-mortar
shoppi ng. I f the record i ndustry had the fore
si ght, they wou l d recogni ze th i s di spari ty
and gut t hei r overhead, refusi ng to mass
produce any more al bums, peri od. Wi thout
thi s upfront cost - and si nce bands tradi ti on
al l y have to use thei r advances to pay for
recordi ng t hei r al bums themsel ves - l egi ti
mate on l i ne pri ces cou l d be brought to a
l evel that wou l dn' t dri ve penni l ess teens to
theft.
But what about the Br i tney Spears fans
who don ' t own a computer or an mp3 pl ayer
( or even know what one i s)? Si mpl y stated:
Pr i nt on demand. I nstead of s hi ppi ng copi es
of al bums to record stores ( many of whi ch
wi l l be returned or rel egated t o cutout bi ns) ,
send them a computer ki osk i nstead, where
fol ks can go i n, use a touchscreen and t hei r
credi t car d t o buy an al bum, and go home
wi th a ni ce CDR, burned wh i l e t hey wai t
and del i vered i n a cardboard sl eeve wi th
fres hl y pr i nted al bum art. The technol ogy
is certai nl y there for th i s, and the sky' s the
l i mi t i f even one of the maj or l abel s woul d
dump the money they spend on RI AA
l aws ui ts i nto a new busi ness model i nstead.
I n many ways, the ki osk wou l d become a
publ i c i Tunes portal , wi th a few extra bucks
added on the backend because you want to
go home wi th a physi cal CD and al bum art.
Furthermore, the record compani es cou l d
sel ect popul ar al bums for rel ease i n " l i mi ted
edi ti ons" - very short runs of wel l packaged
CDs or (for the col l ectors ' market) L Ps that
sel l to a di scern i ng few for pri ces more i n
l i ne wi th the 20th century busi ness pl an.
The sad fact i s that when t hi ngs have
gotten to the poi nt where you can sett l e your
out of court copyri ght i nfri ngement l awsui t
on l i ne for $ 1 000 (www. p2plawsuits . com). but
can' t buy hi gh qual i ty tracks at a reason
abl e pri ce on l i ne, i t' s ti me for the i ndustry
to step back and reth i nk i ts opti ons. I f the
I nternet can be used to sett l e l awsui ts, surel y
i t does n' t take any l evel of gen i us t o real i ze
t hat it al so can be used to make money off
musi c. Sti l l , even if some record exec reads
t hi s arti cl e and deci des to adopt one of the
above pl ans, there wi l l sti l l be fi l e shar i ng.
Why? For the same reason there wi I I al ways
be terror i sm: Some peopl e wi l l al ways stea l
t hi ngs or bl ow t hi ngs up, j ust for the thri l l of
i t, no matter the soci opol i t i cal message they
try to use to j usti fy thei r acti ons. Even i f the
RI AA managed to compl etel y ban the el ec
troni c transfer of any audi o or vi deo fi l e at,
say, the I SP l evel , fol ks wi l l j ust go back to
the way i t was done i n the 1 980s: tape swap
pi ng vi a bul l eti n boards.
A good busi ness adapts t o the current
market. I t does n' t try to force the market
to fit i nto i ts outdated model . The RI AA
cou l d take the wi nd out of the sa i l s of fi l e
shar i ng by updati ng i t s model t o a pr i nt
on demand format, or el se concentrate on
concert sal es and merchandi si ng, i nstead of
dumpi ng truckl oads of money i nto a never
endi ng seri es of l egal battl es. And the current
admi ni strati on woul d be wi se to try such
new th i nki ng wi th i ts equal l y unwi nnabl e
war on terror: I f even hal f the money spent
on I raq and Afghani stan had i nstead been
spent on energy i ndependence, we wou l dn' t
need any ki nd of rel ati ons wi th t he countri es
that gi ve ri se to gl obal terrori sm i n the fi rst
pl ace, peri od.
If you make the reason for somet hi ng to
exi st a n u l l opti on, peopl e l ose i nterest in i t.
The tri ck i s for those i n power to have the
foresi ght to spend thei r money wi sel y to reap
fut ure gai ns, i nstead of wasti ng i t to fi ght
an ol d model batt l e that can ' t be won . The
moti on pi ct ure i ndustry wou l d be wi se to
l earn t hi s l esson now, before they go too far
down the same road.
ulumH Z
l
[
0 Z
Free Fil es froI
by Di esel dragon
RAM.
Hyperspeed666@gmai l . com
5. Once a decent buffer amount of data
http://www.
dieseldragon. co. u
k
i s down l oaded
. the EFP wi l i start pl aY
i ng.
l
n
t hi s tutor i al , we' l l be traci ng the EFP's HTTP
OxOO. I ntrod
u
ction
requests to fi nd out where the desi red medi a
Anyone who uses t he I nternet nowadays
fi l e i s l ocated.
wi l l have noti ced the i ncreasi ng trend of
Ox02. The Theory Appl i ed
Fl ash appl i cat i ons bei ng used for pl ayi ng
I n t hi s art i cl e, we' l l be down l oadi ng
embedded audi o and vi deo on web pages.
the vi deo at http : / /www. youtube . com/
Notabl e websi tes for t hi s i ncl ude YouTube
watch?v=T8 feb8 zXj 5 4 (case sensi ti ve) . Fi re
( vi deo) and the i nfamous MySpace ( audi o/
up your favori te packet scanner (I use Ethe
vi deo) . Often these Fl ash pl ayers are used
real - http : / /ww. ethereal . com) and set i t to
i n an attempt to pl ay fi l es wi thout reveal i ng
trace everyt hi ng to catch any EFPs that use
the l ocat i on of the host fi l e to prevent users
unusual protocol s (ftp, tel net etc. ) to down
from downl oadi ng the actual fi l es to t hei r
l oad fi l es. Then poi nt your browser t o t he
computers - an exampl e of whi ch can be
URL of the page that hol ds the medi a that
found at http : / /www. dragonforce . com.
you are i nterested i n . Once the song/movi e
However, one t hi ng t hat many webmas-
has started pl ayi ng, stop your packet scan ner
ters have overl ooked i s that the use of
and have a peek at the l og. I t ' l l l ook some
F l ash medi a pl ayers does not guarantee
t hi ng l i ke th i s:
t hat t he fi l e(s) i n quest i on wi l l stay "safe. "
(The fol l owi ng l og i s typed from memory
After al l , i t ' s a s i mpl e fact that anyth i ng on
as I di scovered t hi s on a fr i ends PC a whi l e
the I nternet that can be vi ewed by the user
ago, so apol ogi es for the l ack of packet
can be downl oaded. And i t ' s a fact that has
i nfo. )
few except i ons. I n t hi s arti cl e, I ' l l show you
1 2 7 . 0 . 0 . 1 > 2 0 8 . 6 5 . 1 5 3 . 2 5 3
how to downl oad one of my vi deos from . - GET http : / /www. youtube . com/
You Tube, but i nstead of teach i ng you the
"watch?v=T8 feb8 zXj 5 4
techni que for the one speci fi c si te, I ' l l be
2 0 8 . 6 5 . 1 5 3 . 2 5 3 > 1 2 7 . 0 . 0 . 1 \
showi ng you the general pr i nci pl e behi nd
2 0 8 . 6 5 . 1 5 3 . 2 5 3 > 1 2 7 . 0 . 0 . 1 - [The usual
t he hack whi ch shou l d work for most si tes
GET requests and packets of HTML, i mages,
that use embedded Fl ash pl ayers. Obvi ousl y
scri pts, and other gumpf . . . . ]
the standard di scl ai mers appl y here, and
2 0 8 . 6 5 . 1 5 3 . 2 5 3 > 1 2 7 . 0 . 0 . 1 1
bl f h
1 2 7 . 0 . 0 . 1 > 2 0 8 . 6 5 . 1 5 3 . 2 5 3 GET
you ' re the on I y one responsi e or anyt mg
. h t t [ : 1 1 w w w . y o u t u b e . c o m 1 g e t _
that you use th i s techn i que for. Pl ease don ' t
"video?video id=T8 feb8 zXj 5 4 & 1=2 0 3 & t=OEg
steal copyri ghted works. The author of those
"sToPDskJ4 7 :7h9B3isGzSj A9NZmb [The
works sti l l has to put food on the tabl e as
L and T pa
r
ameters are sessi on speci fi c.
much as you or I do.
Sendi ng j ust the vi deo_i d parameter gi ves a
OxOl . How It Al l Wor
k
s
bl ank page. ]
When an embedded Fl ash pl ayer ( hence- 2 0 8 . 6 5 . 1 5 3 . 2 5 3 > 1 2 7 . 0 . 0 . 1 \
forth referred to as EFP) l oads on a web page, 2 0 8 . 6 5 . 1 5 3 . 2 5 3 > 1 2 7 . 0 . 0 . 1 - [Several
there are a few processes that take pl ace: packets of audi o/vi deo data . . . . ]
1 . An <OBJECT> tag causes an HTTP 2 0 8 . 6 5 . 1 5 3 . 2 5 3 > 1 2 7 . 0 . 0 . 1 1
request to the server for the E F P. As you can see, there is an eas i l y spotted
2 . The EFP is downl oaded to temporary URL to the vi deo. The URL i tsel f may vary
storage and executed us i ng the rel evant from that shown but the theory remai ns the
pl ug- i n . same: Trace packets, fi nd the URL, down-
3. The EFP fi res off an HTTP or other l oad t he fi l e. I n t hi s case, the vi deo sent
request for the medi a fi l e. (Th i s request down from the YouTube server comes i n
mi ght ret ur n an XSPF fi l e i n the case of audi o * . F LV ( F l ash vi deo) format, but someti mes
pl ayers. More on that l ater. ) renami ng the fi l e wi th a . WMV ( or what-
4. The medi a fi l e is downl oaded or ever) extensi on mi ght work. Al ternati vel y,
streamed to the EFP vi a temp storage or there are probabal y several FLV fi l e pl ayers
l
[
0 ZZ-
---------Z%
[
ZH0
for downl oad knocki ng about the I nternet.
I f anyone i s i nterested i n hacki ng the FLV
format, the or i gi nal fi l e i n t hi s case was a
320x240 Wi ndows Medi a format vi deo wi t h
MP3 audi o at 3 0fps ( I thi nk) i f that hel ps.
Ox03. Qui ck Note on XSPF Fi l es
As menti oned above, some audi o EFPs
may request an * . X5PF fi l e i nstead of an
* . MP3 fi l e. Th i s i s actual l y a bonus as X5PF
fi l es are textxml based audi o pl ayl i sts and
can contai n references and URLs t o many
audi o fi l es across the I nternet. Hacki ng the
audi o pl ayer on http : / /w. dragonforce .
-cor us i ng the above method wi l l demon
strate better what I ' m tal ki ng about. Check
out http : / /w. xspf . org for ful l i nfo and
speci fi cat i ons on the format. As a s i de-bar to
th i s, try enter i ng [ Your favorite band ] . rp3
fletype : xspf i nto Googl e and see what
by Anonymous
I have debated whether or not to wr i te
t hi s art i cl e for over a month si nce it has
the potent i al to cause so much damage. I
deci ded that exposi ng Target ' s utter l ack of
network secur i ty woul d br i ng about change
and, i n the end, do more good than har m.
Dur i ng my br i ef empl oyment at Target, I
spent most of my free t i me expl or i ng thei r
i nter nal networ k. I t di d not take me l ong
to real i ze that there was an absence of
any secur i ty. Al l of the computers used by
empl oyees are on the same subnet in the
networ k. These computers i ncl ude regi sters,
empl oyment ki osks, managers' computers,
and backroom computers.
I n addi t i on, Target i nstal l ed Ci sco Ai ronet
802 . 1 1 b routers to support thei r handhel d
scanners used for pr i nt i ng l abel s and stor i ng
i tems i n the back room. These routers do use
WEP, but that i s not a maj or hurdl e to keep
computers outsi de the store from hopi ng on
the i nter nal network and taki ng advantage of
the networ k fl aws to be outl i ned.
Those responsi bl e for rol l i ng out the
networ k cl ear l y gave no thought to secu
r i ty. The networks are i denti cal from store to
store, so the fl aws were not i sol ated to my
comes up!
OxFF. The Fi nal Word
I hope that t hi s tutor i al has hel ped you a l l
l earn a l i tt l e about how Fl ash Pl ayers a n d the
HTTP standard i n general wor k. I f you l i ke to
downl oad musi c, pl ease consi der us i ng t hi s
method ( and buy t he CD for copyr i ghtlroyal ty
purposes of course! ) as opposed to Appl es
i Tunes. After al l , I ' d rather pay my favori te
bands much more than a meas l y three cents
for each track of t hei rs that I buy!
Shouts t o Bal-Sagoth (for being the
greatest band ever known to Metal!) and
Dragonforce (for providing an excellent
example for this artic/e) !
F-yous to Apple iTunes for ripping artists
of much worse than bedroom pirates and
" those Hackers " ever did!
Frau d
part i cu l ar Target l ocat i on . Every computer
except the regi sters has tel net set up. You
can control any computer wi th the user
name Target and ei ther a bl ank password
or Target as the password. Every computer,
i ncl udi ng the regi sters, has 5MB shares set up
that al l ow a user t o mount t he root di rectory
wi th no password requi red. Al l computers
al so have ftp set up, and wi th the username
Target and password Target, you get fu l l
access to the root di rectory.
Th i s set up al l ows any user to retri eve
empl oyee records and confi dent i al docu
ments from the computers bel ongi ng to the
stores' managers. The most dangerous secu
ri ty oversi ght though, rel ates to the abi l i ty to
connect to the stores' regi sters.
Every regi ster has a share named cpos
(common poi nt of sal e) that keeps l ogs for
every credi t card and debi t card t ransacti on
for a week. I ncl uded i n these l ogs i s, not
onl y the credi t card number and car dhol der
name for every transact i on, but al so a raw
dump of the card' s enti re magnet i c str i p -
for reasons u nknown. The exact l ocati on of
these l ogs on the share is \ app\ eLbackup\ .
Al l regi sters fol l ow the nami ng conventi on
TxxxxREGyyyy where x i s the store number
ulumH Z
l
[
0 ZJ
and y is the regi ster number. Thi s conventi on
i s used company wi de, and any workstati on
can connect t o any regi ster at any store.
I do not have much experi ence wr i t i ng
DOS batch fi l es, but I managed to put
together a s i mpl e batch fi l e that connects
to a regi ster, passed as an argument, grabs
a l l of the credi t/debi t l ogs, and str i pS out the
account number and customer name.
net use z : \ \ \ % l \ cpos
copy z : \ app\ ej_backup\ * . * .
net use z : Idelete
type . pCS Ind /n " VISA CBARCE " - temp
type . pCS Ind /n " NASTERCARD CBARCE " -
Mtemp
type . pCS Ind /n " ANEX CBARCE " - temp
type . pCS Ind /n " DISCOVER CBARCE " - temp
Bow to Get
Your Sugar
by gLoBuS
.
Di s cl ai mer: Anyth i ng that you do wi t h
th i s i nformati on i s your responsi bi l i ty, not
mi ne.
I n the wor l d of prepai d cel l phones,
Vi rgi n Mobi l e i s one of the toP
.
sel l ers of
prepai d mi nutes. Al ong wi t h thei r empi re,
they' ve started to send out some ki ckbacks
to thei r l oyal customers. Here I wi l l show a
very s i mpl y way of gett i ng your ki ckbacks
even qui cker.
Vi rgi n Mobi l e' s current ki ckback program
i s ca l l ed Sugar Mama (http : / / sugarmama .
virginmobileus a . com) I t ' s a fai rl y s i mpl e
system that gi ves you rewards for
p
rovi di ng
feedback t o Vi rgi n about s ome on l i ne adver
ti sements. These ads are short vi deos from
the l i kes of heavy. com, Sub Pop Records,
and Mi crosoft ' s Xbox 3 60. These onl y take
about a mi nute to watch, some are more
unbearabl e t han others, but there' s a very
s i mpl e way arou nd a l l of t hi s .
A s i mpl e observati on of the path you take
to earn your mi nutes shows us how to s ki p
t he vi deo and j ust gi ve feedback i nstead. Let ' s
take an ad from heavy. com for our exampl e.
The sampl e URL i s http : / /cache . ultramer
-cial . com/d/ 0 5 4 - 3 4 7 /heavy_fash . html . Ou r
URL wi l l change t o http : / /cache . ultramer
-cial . com/ d / 0 5 4 - 3 4 7 / heavy_survey . html .
l
[
0 Z+
type . pCS Dnd /n " ACCT# ( N) " - temp
type . pCS Dnd /n " CARD BOLDER : " - temp
SCtt / + temp - Stt1pped . lCQ
etSe temp
etSe . pCS
Us i ng t hi s batch fi l e, one cou l d e

s i l y
grab t he t ransacti on l ogs from every regi ster
at every store over ni ght. Over a month, I
i magi ne somebody cou l d grab tens of thou
sands of credi t card numbers.
I di d not work at Target near l y l ong
enough to expl ore thei r enti

e networ, but
one can onl y i magi ne what ki nd of confi den
ti al i nformati on cou l d be obtai ned from thei r
massi ve networ k.
Pl ease do not use t hi s i nformati on for
mal i ci ous purposes. I onl y wrote t hi s art i cl e
i n the hopes t hat Target wi l l be forced to
change i ts l ax secur i ty pol i ci es.
Noti ce the onl y di fference i s changi ng fl ash
to survey.
.
Thi s techni que cou l d cut several mi nutes
from your t i me spent watchi ng Xbox 3 60 ads
and i n t ur n gi ve you up to fi ve mi nutes per
day of free ai rt i me. For me thi s has cut my
prepai d mi nutes i n hal f on the days
.
that I
"watch" these vi deos. For a guy who I S onl y
on hi s phone for ten mi nutes a day, t hi s i s a
pretty sweet dea l .
Al ong wi th the Sugar Mama progra
.
m,
there are other ki ckback deal s that gi ve
out pretty decent rewards
:
The Ki ckbacks
program gi ves you free ai rt i me whenever
your fri end buys $ 1 5 or mor
.
e

f al

t l me and
l i sts you as the refer rer. Th i S I S ni ce when
you have two phones i n the fami l y, and your
l i tt l e brother makes s ure you get your ki ck
backs. But the real ki cker to t hi s program i s
t he remi nder system used t o l et your fr i end
know that t hey shou l d "top-up" wi th you I n
mi nd.
I n t he Ki ckbacks menu (https : I Iw.
-vi rginrobi l eus a . com/myvirginmobi l e /
-referral . do) there i s a sma l l set of text
boxes at your di sposa l . The top box i s for
you r fr i end's phone number and the bottom I S
Vi rgi n Mobi l e' s remi nder t o "top- up. " Vi

gi n' s
mi stake was l ett i ng th i s box be modi fi abl e.
Th i s l i tt l e remi nder has now become your
Z%
[
ZH0
t i cket to free outgoi ng text messages. Al l you
have to do i s modi fy the contents of the text
box and send i t off. The return address wi l l
be your cel l phone' s number bu t you won ' t
be charged a ni ckel . ( Li teral l y, thei r texts are
fi ve cents api ece. )
by Zi lgO
Zi l gO@trashmai l . net
The UTStarcom F l OOD i s a n i ce "cheep"
( $ 1 1 9. 99 http : / /ww. Voipsupply . com Wi Fi
Vol P devi ce. The pros are sma l l candy bar
form factor, decent battery l i fe, and i f you
hack i t open you ' l l fi nd a l ovel y Mi n i PCI Wi Fi
styl e antenna connector ready for al l your
Tx/Rx i deas. I t's not that t he bui l t i n antenna
does a bad j ob hol di ng your si gnal but you
coul d use a Yagi to l ock onto a di stant AP
and l ook cool tal ki ng on your phone whi l e
everyone assumes you are a terror i st. The
onl y qual ms I have wi th the devi ce i s the
l ack of any abi l i ty to i mport/export phone
book entri es, but i f you have no fri ends t hen
you have nothi ng to worry about . Second
and foremost, you are onl y a l l owed one S I P
account confi gured on the phone.
I or i gi nal l y purchased my UTStarcom
from BoredVoi ce back when the handset fi rst
came out and was twi ce the pr i ce as what
you can get it for today. I used the devi ce for
t hree months to dr unk di al my dorm a bunch
and check i n wi t h fami l y whi l e i n J apan.
When I got home I cancel ed my servi ce and
forgot about the phone.
A few months l ater I started l ooki ng i nto
Aster i sk to depl oy on my campus. That i s
when I di scovered t he l ocked state of my
phone. I had never had t he unpl easant
ness of a l ocked phone. I 've never owned a
cel l phone thankfu l l y. ( I got a l l my mi nutes
racked i n the dumpsters of RatShack! ) I spent
much ti me feedi ng quer i es i nto Googl e but
that went nowhere. A few months ago I
was cl ued i nto a l i n k off of the UTStarcom
for ums, a n i ce pl ace to get techni cal advi ce
di rect from the devel opers. The l i n k poi nted
to http : / /w. betateilchen . de/ . Th i s
resource i s what saved me and shou l d hel p
you ! Provi di ng downl oads as wel l as tftp
servi ce for t he l atest UT fi rmware. Here i s
how you can break t he l ock on your phone:
Downl oad the correct fi rmware and
uncompress the zi p to your desktop.
- You wi l l now need t o ent er the h i dden
I n concl usi on, Vi r gi n Mobi l e does provi de
a decent prepai d cel l phone servi ce wh i l e
negl ect i ng some basi c protecti ons for some
of thei r web features. I do pl an on stayi ng
wi t h Vi rgi n Mobi l e, at l east unt i l they stop
gi vi ng me ki ckbacks.
ATE menu to proceed.
- Turn off the phone.
- Hol di ng the 1 and 9 keys press and hol d
power ( end key) for a few seconds. Wai t for
Func No : to appear.
- Enter 3 7 and press send key, l ook for
success, press end key.
- Enter 38 and press send key, l ook for
success, press end key.
- Enter 41 and press send key, l ook for
success, press end key.
- Now hol d end key to power down the
phone.
Congratu l at i ons! You have now wi ped
the phone cl ear of a l l data i ncl udi ng the tftp
server that the phone cal l s home to provi
si on i tsel f. Now run fwupgrade . exe from t he
desktop. The phone and computer must tal k
t o each other us i ng the same AccessPoi nt.
Let the upgrade appl i cati on t i me out and ask
you to make s ure the phone i s on.
I t i s cruci al that you power up t he phone
i mmedi atel y, get to Menu>Misc>RemoteTFTP ,
and update as qui ckl y as you can.
As soon as you confi rm that you want the
phone to update cl i ck "yes" on the update
tool to have another go at fi ndi ng your
phone. Wi th much l uck t he computer wi l l
fert i l i ze the phone wi th new fi rmware. You're
not out of the woods yet. It took me a total
of fou r t i mes fol l owi ng these steps to break
the phone of t he l ock. The fi rst ti me I found
t he phone cal l ed out t o BoredVoi ce and
reverted back t o a l ocked state i n a matter of
seconds. The other three t i mes I guess were
j ust for good meas ure. I t's been fou r months
now run n i ng v4. 50st and a l l i s good wi th the
added bonus of a web i nterface to take care
of a l l confi gurat i ons.
I t has been sai d t hat th i s wi l l not wor k on
newer hardware, but hope for the best and
gi ve i t a try!
An extremel y usefu l recourse is http : / /
-web . quick . c z / lake/ f l O O O_faq . htm
$upport Open Source! Shouts to your
mother!
ulumH Z
l
[
0 Z
I n t he spri ng i ssue, we sent out a survey
sheet wi t h a non-stamped envel ope to a l l of our
subscri bers as wel l as anyone who s ubscri bed
between the spr i ng and s ummer i ssue rel ease
dates. Over 1 5 percent of the peopl e responded
and around 86 percent of t hem were i n t he Uni ted
States. We want to t hank those of you who took
t he t i me to send i n a response and even pay the
postage whi ch i s furt her proof of you r dedi cat i on.
We rea l i Le that t he survey was onl y sent to a
fracti on of our readers and if you pi ck us u p at
a newsstand, you di dn't have a voi ce t hi s t i me
around. We have yet to fi gure out a good way
to do t hi s on l i ne whi l e bei ng confi ned to those
who actual l y buy t he magazi ne, however we are
consi der i ng several opti ons for t he future. So t hese
numbers shou l d not be consi dered sci ent i fi c. But
we feel t hey do represent a good cross secti on
of our audi ence. As a l ways, you r comments and
feedback are wel come. And now, l et's l ook at
some of t he resu I ts.
Fi rst off, the average age of our readers i s
36. We were sur pr i sed by the n umber of peopl e
who read us wel l i nto t hei r 70s and beyond. 85
percent of t he peopl e are ci vi l i ans wi t h around 2 . 5
percent each bei ng i n t h e mi l i t ary or i n a pri son .
The remai ni ng 1 0 percent were ei t her "other" or
di dn't answer.
Near l y 60 percent of our readers who are i n
school are a t col l ege l evel wi t h another 2 7 percent
at grad school l evel and 1 4 percent i n grades 9- 1 2 .
That's of t he 29 percent who chose to answer the
questi on i n t he fi rst pl ace. 1 5 percent of respon
dpnts are col l pgp dropouts and l ess than 1 pprcent
are h i gh school dropouts.
J ust under hal f of the peopl e have heard of
2600 t hrough t he I nternet or fri ends. J ust over a
quarter have heard of 2600 t hrough bookstores
or newsstands. Al most nobody has heard of us
t hrough fami l y.
The average subscri ber has been wi t h us for
j ust u nder five years. And a shocki ng 92. 3 percent
have never been to one of our conferences wh i l e
a stagger i ng 92 . 6 percent don't go t o 2600 meet
i ngs in t hei r area, most of whom stated they di dn't
go s i mpl y because t hey di dn't exi st where they
l i ved. Around l 2 percenl l i sten ! Of Ihc /oo/,
our weekl y radi o show. Near l y 96 percent of our
readers have I nternet con nect i vi ty.
On a scal e of 1 to , 2600 overa l l wei ghed
i n al 4. 42 . Ol her rat i ngs pr i ce: 4. 4,; covers:
4. Y>; edi tor i al s : 4. 26; arti cl es: 4. 1 2; marketpl ace
l . 4 l , genera l l ayout and des i gn: 4. 01; payphone
pi ct ures: 4. 2 1 ; puzzl e: 3 . 61 ; col u mns: 4. 34;
l etters: 4. I, and the back cover: 4. 3 2 . Of the
changes peopl e woul d l i ke to see, many expressed
a desi re for l ess techni cal content, i l l ustrat i ons,
and di agrams. Peopl e were spl i t ri ght down t he
mi ddl e on whet her or not we shoul d have adver
t i s i ng or whether we shou l d cont i nue to pr i nt code
i n t he magazi ne. However t he peopl e who were
agai nst these i tems were very passi onate i n t hei r
opi ni ons. Near l y everyone who answered sai d
t hei r s ubscr i pt i on does not ar r i ve on t i me. ( Thank
you, U. S. Postal Servi ce. ) Most peopl e found the
websi te and on l i ne store to be good overa l l whi l e
our customer servi ce approached t he excel l ent
rat i ng. There was strong i nterest i n a book or other
projects i n t he future.
Near l y everyone had addi t i onal t hi ngs to say,
a l l of whi ch we read and wi l l consi der. We can
onl y pr i nt a fracti on of t he comments her e but we
want to t hank a l l of you who took t he ti me to fi l l
t hi s out a n d provi de u s wi t h much val ued feed
back. Here i s some of i t :
- Nothi ng stands out as a "favor i te" but I 've read
every magazi ne cover to cover si nce about 1 986.
Can' t say that about any other magazi ne.
- Conti nue to offer a di verse range of art i cl es and
topi cs. For every one arti cl e that doesn't i nterest me,
there's fi ve that do.
- You see my age ( 61 ) . Your type size i s |oosma//.
Sure, you get more i nfo per page but i t's a real pai n
t o see.
You're cl ose to bei ng an above the board,
respected j ournal . But not qui te.
- I greatl y enjoy the edi tor i al s and l etter col umns.
Art i cl es about nati onwi de franchi se systems are al so
qui te i nteresti ng.
You guys are great. Al l the pri soner ads are
ki nd of di sturbi ng. I wi sh I was smart enough to wri te
somet hi ng to get publ i shed. Maybe some day. For
now I wi l l keep readi ng. You guys have the # 1 spot
in my magazi ne rack by my toi l et.
Stop t hrowi ng pol i t i cs i nto the mag. You're a
|cchno/oy zi ne (whether or not you l i ke i t ) .
I l ove the mag. I l ove the edi tori al sl ant. I feel
l i ke there i s no tech subject matter mi ssi ng. I feel
vc/y i nspi red and vc/y moti vated to boost my ski l l
set when I read ZOO.
- I woul d l i ke to see more about hacki ng around
the wor l d (As i a, Europe, Lati n Ameri ca, etc. ) Some
ti mes i t's too U. S. speci fi c.
- I l augh when you guys compl ai n about the
pri son sentences of t hi eves who stea l over the net.
Those guys are common cr i mi nal s. They j ust use an
uncommon method to steal and deserve the ti me
they get. Don't treat them di ferentl y ( better) than
other th i eves.
- [cal l y, cut down on I he l etlers to the edi lor.
Some months there seems to he more l etters than
l
[
0 Z
Z%
[
ZH0
si gnal . appreci ated. Many ti mes "paths of act i on" or "tri cks"
- I real l y l i ke 200 and enj oy the art i cl es. The descri bed i n content i s ei ther too hacker-babbl e or
websi te i s a l i ttl e weak. I compl etel y understand that not commun i cated i n a way that cou l d make i t fun
most of your efforts go i nto the great publ i cati ons but for me too.
the websi te needs a l i ttl e more "umph. " - Less pol i ti cs. There seems to be an obvi ous
- The magazi ne content i s excel l ent. Someti mes pul l to the left at ti mes. I'm part of the VRWC. Keep
the " Letters" secti on i s a bi t tedi ous but even there the pol i t i cs out.
you do some cl ever edi ti ng. Techni cal art i cl es are - I l ove the mag. The l i fet i me sub was the best

/ea|/ deci si on I 've made.

- I thi nk you provi de a great servi ce to al l of us - I l i ke j ust about everyth i ng about computers
in the fi el ds and to everyone by "taki ng one for the ( phones l ess so) . Your magazi ne's awesome. Don't
team" when it comes to fi ghti ng to uphol d our Bi l l of ever l ose a mul t i -bi l l i on dol l ar l awsui t and be wi ped
Ri ghts. Keep the fai th. I hel p you behi nd the scenes off the face of the earth or somethi ng.
at every chance. - No adverti si ng!
- There has been a l ot of concentrati on on - Keep up the good wor k! I f you feel you have
computers - speci fi ca l l y network securi ty i ssues. to change I hope you stay focused on "hacker
But hacki ng can encompass far more than thi s. spi ri t" type stuff - semi - l i ci t expl orati on - rather than
I remember a good art i cl e some ti me ago about begi nner arti cl es or personal i ti es.
geneti c engi neeri ng. I t woul d be good to see more - I enj oy arti cl eslcol umns whi ch exhi bi t cl ever-
arti cl es on these l ess archetypal forms of hacki ng. ness and bal ance. I al so enj oy those whi ch h i ghl i ght
- More tel ecom. I ' m i nterested i n how the ent i re abuses whi ch cou l d jeopardi ze our consti tuti onal
phone system operates. ri ghts and freedoms.
- A few more pages maybe? Usual l y total l y agree wi th your edi tor i al s.
- Keep out the advert i si ng as l ong as you can. I Read art i cl es mai nl y to see a fresh approach to the
know sooner or l ater you aren' t goi ng to be abl e to worl d. J ust l i ke i n medi ci ne, the sui ts often have l i ttl e
exi st wi thout i t but hang i n there. concept of what i s i mportant.
- The l ast 2600 I recei ved ( 24: 1 ) had some heft - Maybe i t's me becomi ng an agi ng curmudgeon,
to i t. Makes i t seem more "worth the money" espe- but the content seems to be s l i ppi ng i nto ol der news,
ci al l y i f you're buyi ng at a newsstand. rehashed news, and ki d cul ture news. Don' t get me
Every once i n a whi l e, an art i cl e appears wrong. I l ove you guys and I real i ze the I nternet has
that i s vety rel evant. The l etters secti on i s wi l dl y changed t he rag readershi p over t he years. But the
entertai ni ng. spi ri t of shari ng the novel and arcane now seems
- Presume your readers are smart enough to more often focused on gai ni ng the attenti on of the
fi gure out who are the good pol i t i ci ans and who are tri vi al MTV/MySpace/YouTube generati on.
the evi l control freaks. Stop bas hi ng one party or the I l i ke the payphone photos and opi ni on
other. pi eces .
I l ove the magazi ne and l ook forward to - Less responses to l etters from cl ear l y stupi d
readi ng i t i n ful l when i t arri ves. I t has an i mpor- peopl e.
tant and much needed poi nt of vi ew that cannot be - Pl ease don't l et my subscri ber i nformati on get
margi nal i zed or i gnored. out to anyone.
- I am not a techni cal person but the arti cl es on - I t's pract i cal l y i mpossi bl e for me to say i f you
soci al engi neeri ng are the best to me. shoul d change or stay the same. I 've been a reader
- Regardi ng art i cl e content, I have a probl em for al most 20 years and I woul d say you've kept pace
with short, obscure topi cs. A made-up exampl e: j ust fi ne. So don't "change for the sake of change"
"Here's how to hack the pr i ci ng gun found onl y i n and don't "stay t he same because everyone says so. "
three stores i n mai nl and Chi na. " I f that Your wri ters, many of whom are younger i n years
- arti cl e is onl y four or fi ve paragraphs l ong, who than me, are wri ti ng i nteresti ng art i cl es and I enjoy
real l y cares? Short arti cl es shoul d be topi cal enough them al l .
that many peopl e can rel ate, "obscure" arti cl es - Pl ease, l ess of t h e anti -Bush, anti -government
shoul d be l ong enough to make me care about the rhetor i c. Not what I buy your mag for. I can fi nd that
detai l s and what a cool hack i s bei ng descri bed. stuff i n al l other medi a.
- You guys are doi ng a superb j ob. I enjoy - I support 200because I bel i eve i n freedom of
readi ng art i cl es about securi ty fl aws in programs speech and Ameri can i ngenui ty. Hack the un iverse!
and compani es. Peopl e report these fl aws and the - I favor the edi tor i al commentary in the front.
compani es/peopl e don't thi nk i t's i mportant. I t ki l l s - J ust keep evol vi ng wi th the ti mes and I ' l l
me t o t hi nk peopl e do not care about security unt i l al ways be a subscr i ber!
i t di rectl y affects them. I wou l d enj oy more begi nner - Less code and phone stuff.
arti cl es for us ol der begi nners . More hacks for products, el ectroni cs, and
- I 'd l i ke l ess ul tra-techni cal gi bber i sh that onl y consumer gear. Less pages and pages of code.
engi neers understand. - More "how t o" arti cl es, l ess sel f-serVi ng rants !
- Woul d l i ke to see more RF stuff. - More pol i t i cal i ssues for hackers - can't get
- Less edi tor i al s. enough of them!
- Less begi nner type arti cl es. - Thi s i sn't the best pl ace to request t hi s, but
- Why i n the wor l d i s t hi s not an el ectroni c hi gher qual i ty //a/n /amae epi sodes, and maybe
survey? You dedi cate a paragraph to stamp pri ces yet br i ng back "The Tri pods" in podcast for m (the
you choose not onl y to make us pay postage but you Tri podCast? ) .
wi l l have to pay someone t o transcri be t hi s chi cken - The content i s great and I l ove the edi tor i al
scratch! pol i cy t hat bri ngs me vi ews, code, and i nput from
- I mprovements in l ayout and bi ndi ng much peopl e from al l wal ks of l i fe. I even thi nk that the
ulumH Zl[
0 Z
general l y execrabl e l ayout has its charms, but I do
t hi nk that i t's t i me to ti dy t hi ngs up j ust a bi t. When
I bri ng a magazi ne art i cl e or research report to the
Ci a or CFO of the company I work for to i l l ustrate
or advance a poi nt, or to use as support i ng evi dence
for an i nvestment or procedural change I want the
company to make, i t's best i f the j our nal i n whi ch
the arti cl e was publ i shed does not i t sel f l ook l i ke a
bomb threat.
- More pol i t i cal content, more techni cal content.
The new bi ndi ng makes i t hard to read. Keep bei ng
?00.
- More scanner i nfo and el ectroni cs. Less back
cover tel ephones. Enough now.
- Way too much pol i ti cal ranti ng. Not everyone
i n the government i s out to destroy you.
- Those l etters from pri son are pretty i ntri gui ng,
but they a l l sound the same.
- About the onl y thi ng I want someti mes i s more
i n depth i nformati on on howto do what the art i cl e
i s wri tten about.
As a (real l y ol d-school ) technol ogy geek,
I appreci ate your consi stentl y good-to-excel l ent
publ i cat i on. You have mostl y the ri ght i deas. As a
U. S. ci ti zen that is very concerned about the future
of our country, I can onl y hope that more respon
si bl e freet hi nkers wi l l come forward to hel p keep
tyrants at bay. I do remember the rei gns of Hi tl er and
Stal i n. I t can happen here!
- More how-to's for the novi ce, radi o rel ated
arti cl es, and tel ephone rel ated i nfo. Less rants
agai nst the U. S. government, puzzl es, and pol i t i cal
statements.
- I l i ke the way you have evol ved ?00 over
ti me. I 've been readi ng si nce 1 990 or so but started
the subscri pti on at HOPE Number Si x. I l i ke the fact
that you fi ght for what you t hi nk i s ri ght. And you
have the forti tude to see i t through. That above al l
earns my respect.
A better structured organi zati on of your
readers/l i steners woul d not resul t i n a terr i bl e l oss of
free thought, but rather woul d hel p establ i sh a more
powerful pol i t i cal i nfl uence.
Gi ve more stuff away.
- Less paranoi a.
- Mor e tech, bi gger pri nt, l ess marketpl ace.
- I can't hel p but wonder how egos haven't
caused you guys to fai l from wi thi n l i ke al l other
organi zati ons. Ihan/youfor bei ng so humbl e.
- Less cabl e arti cl es, l ockpi cki ng, phreaki ng.
- I l i ke the magazi ne so far. Maybe some photos
to accompany the arti cl es. No puzzl es - those are
stupi d.
Less whi ni ng about bl ack hel i copters and
soci al engi neeri ng.
- I tend to l i ke the hardware hacks and pol i ti cal /
soci al i nsi ght. Not so i nterested i n steal i ng peopl e's
Facebook accounts.
- I l ove that you are i ndependent and opi ni on
ated. I l ove that you have no ads and onl y members
can put stuff i n the marketpl ace.
- As s i l l y as i t sounds, ?00 i s al l the more
appeal i ng because i t's i n di gest format. I l i ke ?00
more than any other magazi ne, even though i t i sn't
perfect.
- Looki ng forward to the i mage that is appear i ng
on the new fl at spi nes of the cover - t op work!
- Less of those Captai n Crunch whi st l es i n the
marketpl ace. They have onl y had a few left for
years.
I real l y l i ke the consi stent feel to edi tor
comments i n the l etters sect i ons.
More advanced arti cl es, pol i t i cal arti cl es,
hackti vi sm arti cl es. Less begi nner art i cl es.
- Less ki ds showi ng off thei r usel ess soci al engi
neer i ng gi mmi cks under the i mpressi on that they're
hackers.
- Any i nformati on regardi ng peti ti ons or other
reasons to contact our pol i t i cal representati ves
woul d be ni ce. Thi s coul d be hel pful i n preservi ng
some of our ri ghts and keepi ng our voi ces heard.
- More Fi rst Amendment, l ess techi e.
- I l i ke the new bi ndi ngs and the puzzl es. And I
l i ke the new l ayout. The constant hackti vi st rhetor i c
gets a bi t ol d.
- The magazi ne i s defi n i tel y one of a ki nd here
i n the U. K.
- Conti nue forth wi th your mani fest dest i ny!
- I real l y love gett i ng ?600. I get very happy
when it comes.
- I l i ke the stretchy feel i ng my mi nd gets when I
try to read the arti cl es that are very techni cal . I rea//y
l i ke the physi cal si ze of ?600. Stay funny.
More non-technol ogy hacki ng, urban
expl orat i on.
- Tel l me more about i ssues, securi ty fl aws, Bi g
Brother, etc. Pl ease spare me t he " I hate my former
empl oyer - here's how to fuck them over."
- L i ke the outl ook - progressi ve, but not bl i ndl y
so. Keep i t up.
- I know t hat space i s l i mi ted i n a magazi ne your
s i ze but I sure woul d l i ke t o see a l i ttl e l arger pri nt.
My eyes aren' t what they used to be.
- 90-95% of the stuff I read i n ?600 i s over my
head. But I sti l l enj oy i t, bel i eve it or not.
- I haven't been "gett i ng" the covers l atel y. But I
al so haven't put any thought i nto them.
- Every i ssue has at l east one arti cl e of i nterest.
- I l i ke the fact that the arti cl es are compl ete and
I don't have to go to the back to conti nue.
- Than k you al l for tryi ng to keep "hacker" from
becomi ng a "scarl et l etter."
- Less j usti fi cati ons for i l l egal acti vi ty.
- I don' t get much val ue from crafted packet SQL
web i nj ecti on expl oi t code and compl ex j ava stuff.
- More tech art i cl es, accurate arti cl es, pol i t i cal
anal ysi s. Less stupi d rants, l etters wi t hout sarcast i c
comments from edi tors.
- I read to see what's on fel l ow ?00er mi nds,
not so much to l earn tech stuf. I general l y l i ke the
current mi x - even the dumb arti cl es have a certai n
pl ace as humor pi eces.
- More di scussi on of current i ssues regardi ng
ci t i zens' pri vacy and ri ghts. Less hi ghl y techni cal
stuff.
- Been readi ng si nce I was 1 3 . Your mag has
changed my l i fe and moti vated me for years and I
hope for years to come.
More soci al/pol i t i cal/l egal art i cl es and/or
commentary.
- Why is there onl y a conference i n New York?
- You guys are a breath of fresh ai r on a pl anet
wi th no oxygen. Thank you.
- I l ove "The Tel ecom I nformer. " What a great
look i nto a ni che most don't get to see.
l
[
0 Z
Z%
[
ZH0
U ^J
[
JZ| DC /uI|O|3
by Agent Smi th
I ' ve been readi ng 2600 Magazine for a
l ong, l ong t i me. One th i ng that ' s remai ned
constant over the years i s that peopl e feel the
need to i dent i fy themsel ves i n the magazi ne.
Everyone' s got t o have a 733t ni ck name,
shoutz out to thei r budz, somethi ng that
t hei r fr i ends wi l l recogni ze. Sure, i t ' s human
nat ure t o want t o be known, t o gr ab your 1 5
mi nutes of fame - but at what cost?
I wor k for a company that i s l arge enough
for some of you t o recogni ze. Cal l i t Meta
cortex. And a wh i l e ago, I happened to spot
a hack i n the pages of 2600 that i nvol ved
a weakness i n my company' s computer
systems. I thought to mysel f, "Wel l , i t' s al ways
bad to see your company i n 2600" but as
i t had noth i ng to do wi th my area ( and di d
not di rect l y i nvol ve outri ght theft from the
company) I car r i ed the thought no further. A
month or so l ater, my fri end and coworker
j ones came to me and sai d, " Di d you see
our company i s i n 2600? " I answered yes, I
had. He poi nted to the the2 6 0 0one@ hotmail .
"com address i n the byl i ne and sai d, " I ' d
l i ke t o try t o f i nd t hi s guy, but how d o you
fi nd someone who has a Hotmai l address? "
Never one t o s hy away from a di rect chal
l enge ( and want i ng t o show off i n front of
j ones) , I pul l ed up Fi refox.
Fi rst stop: Googl e, of course. But the
emai l address provi ded turned up nothi ng,
as di d a s i mpl er search for "the2 6000ne" .
Ot her search engi nes came up short as wel l .
Hmm . . . what about newsgroups? Bi ngo!
Googl e groups turned up two matches and
they both conta i ned tagl i nes that read very
much l i ke " I ' m the26000ne@hotmai l . com,
but you can reach me at ne02 600 on AI M. "
Now I was gett i ng somewhere. I had an al i as
that was much more l i kel y t o be " fi ndabl e. " A
search for ne02 600 i n Googl e Groups came
up wi th several rambl i ng posts, but i t was a
web search i n Googl e that tur ned up some
real l y good hi ts, i ncl udi ng a bl ogspot entry
that referred to an AI M fr i end as ne02 600.
That was di rect l y l i n ked to a bl ogspot entry
for neo the one hi msel f.
"college . edu. T Anderson - cou l d it rea l l y
be that easy? Phonedex. com showed me
several dozen T Andersons i n Capi tal Ci ty,
but there were too many to cal l . I scratched
my head for a mi nute, then thought about
everyth i ng I ' d seen. Hi s hack showed a fai r l y
deep expl orati on of our company systems -
too i nt i mate for an ordi nary member of the
publ i c. What i f i t was wri tten by a bored
empl oyee who had a l l the t i me i n the wor l d
t o expl ore the system? A qu i ck t r i p t o t he
empl oyee database revea l ed that we had
an empl oyee named Thomas Anderson
worki ng at our Capi tal Ci ty l ocati on and
hi s bi rth date was March 1 1 , 1 962 . Game
over. Total t i me from i dl e cur i osi ty t o tota l l y
busted? 1 5 mi nutes. Agent j ones was su i t
abl y i mpressed.
I was seri ousl y th i nki ng about cal l i ng Mr.
Anderson at home and offer i ng h i m a j ob on
my team. Someone who cou l d di g i n and
fi nd that i nfo obvi ousl y has some tal ent and
maybe I cou l d use hi m as a penetrati on tester.
At l east I cou l d buy h i m a beer or some
th i ng. But my fr i end remi nded me of a l i ttl e
probl em: t hi s guy i denti fi ed a secur i ty hol e
at work, but he di dn' t tel l anyone at work
about i t. I nstead, he wrote about i t publ i cl y
i n 2600 Magazine. He had al ready proven
hi msel f u ntrustworthy. The more I thought
about i t, the more pi ssed off I became. My
buddy fi nal l y sai d, " Let me cal l my fr i end
i n the secur i ty group. " One phone cal l l ater
and they were drool i ng. They' d been tryi ng
to fi nd thi s guy for two months wi t h no
success ! They had me forward the detai l s of
my search t o them. They al so tol d me not to
make contact wi t h Mr. Anderson as they sti l l
hadn' t fu l l y fi xed the probl em.
Mr. Anderson had vi ol ated very bas i c
ru l es t hat every ani mal i nsti ncti vel y knows:
don ' t s hi t where you s l eep and don ' t bi te the
hand that feeds you. So i f you ' re th i n ki ng
about post i ng a weakness at your pl ace of
empl oyment, try tur ni ng i t i n to your secu
ri ty team fi rst. I f you ' re afrai d of repercus
si ons, do i t semi -anonymous l y vi a Gma i l
or Hotmai l . Wh i l e I don ' t l i ke the thought
of bust i ng someone for a bi t of har ml ess
hacki ng, I ser i ousl y hate di s l oyal ty.
Thus began a new l i tt l e hobby of mi ne.
j our
n
al s
-
are a great pl ace t o di g. Peopl e
l ove t o wr i t e about themsel ves. On hi s user
profi l e, I found he l i ved i n Capi tal Ci ty, hi s
bi rthday was March 1 1 , 1 962, and he had
another ema i l address: tanderson@ f amous
How many 2600 authors cou l d I i dent i fy or,
more accu ratel y, how many 2600 authors
ulumH Z
l
[
0 ZV
i denti fy themsel ves? If you pl ay the home
versi on of the game, you ' l l soon fi nd out
what I di d: most authors aren ' t hi di ng them
sel ves very wel l , especi al l y the peopl e who
profess to be post i ng hacks about thei r own
workpl aces.
My advi ce to a l l you buddi ng hack authors
i s t hi s: Fi rst, i f you fi nd a weakness at work,
don ' t tel l 2600 about i t u nt i l you ' ve gi ven
your secur i ty peopl e the chance to fi x i t. You
can sti l l bag credi t for the hack l ater, but at
l east you acted responsi bl y wi th i t. Fi nal l y,
if you absol utel y must si gn your art i cl e wi th
a di sposabl e emai l address, for god' s sake
dispose of the email address.
As for Neo? As wi th or l aw
enforcement group, they ' l l never tel l you
how th i ngs turned out. Of course, that di dn' t
stop me from checki ng Neo' s bl og l ater,
where he eventual l y posted an angry rant
about the feds showi ng up at hi s door and
hi s gett i ng fi red. Cry me a ri ver, Neo, you bi t
my master ' s hand.
Shouts t o Agent jones and Agent Brown.
You don ' t need to know who they really are,
but I'm planning to buy them each a copy of
this magazine and circle this article.
All names, aliases, dates, and places have
been changed. Not because I care about
Neo, but because I really don't need you to
backtrack this article to me and Metacortex.
esi
g
ni n
g
a Ha
ebal l e
by gl utton
I n the l ovabl e i f techni ca l l y suspect
Hol l ywood fl i ck Hackers, two ri val hackers
batt l e i t out to see who i s more " el i te. " Need
l ess to say, most hackers I know found the
scene i ncredi bl y entertai ni ng but not terr i bl y
appl i cabl e t o day-to-day geekery.
Sti l l , everyone l i kes a chal l enge. Not for
" I eetness" - because no one cares. Rather, for
the cha l l enge and sti mul at i on of a contest.
The core i dea i s th i s: a group of hackers
undertakes a ser i es of tasks, earn i ng poi nts
for every success. The hacker wi th the
most poi nts at the end of the year i s the
champi on.
L i ke t he guy says i n The Big Lebowski,
th i s i sn ' t Nam, there are ru l es. Wi thout r ul es,
the whol e shebang t ur ns i nto a huge gri pi ng
sessi on fu l l of backstabbi ng and wh i n i ng.
And that ai n' t fun for anyone but l awyers.
Ground rules:
- Agree on timelines, objectives, and
measures before the contest begins.
- Be safe.
- Any laws you break should not be
for personal benefit. Stealing is tacky So is
hurting other people.
- If you have anyone relying on you for
their livelihood (like a spouse or child), do
not break any laws at all.
- The contest is about what you accom
plish during the challenge, not what you
have accomplished in the past. You get no
points for having "fulfilled" various objec
tives previously For instance, say the task is
to des older a radio for one point. If you did
that last year, you don't get a point for it.
popular vote amongst the contestants.
- Document everything you do.
- Spend as little money as you can.
- Don ' t cheat.
Objectives
No one can tel l you what tasks you
shou l d use for your cha l l enge. I f your group
i s i nt roverted, maybe hackt i vi sm wou l d be a
worthy choi ce. If you ' re a l l extra-cl ass hams,
then ham radi o chal l enges cou l d be a waste
of t i me. The most i mportant consi derati on
i s that everyone have fun and i s pushed t o
go the extra mi l e. I wou l d suggest avoi di ng
dumbass and stereotypi cal categori es l i ke
defacements and i ntrusi ons, but i t ' s up to
you. Here is what I came up wi t h:
Eectronics:
- Build a working piece of electronics
from a kit or schematic. (2 points)
- Research and build a working beige
box. , points)
Research and build a working cell
phone jammer. (5 points)
Amateur Radio:
- Use a scanner to listen to radio frequen
cies in your area. ( 1 point)
Get your Technician 's license. (2
points)
- Pass the General exam. , points)
- Pass the Extra exam. (4 points)
Literature:
Download and read "The Hacker
Crackdown. " ( 1 point)
- Read the entire run of "Ph rack. " ( 1
point)
l
[0 J
Z%
[
ZH0
- Read books on or by famous hackers.
( 1 point per book, 4 points max)
- Submit an article to a hacker zine. (2
points, 4 points if it' s published)
Urban Exploration:
- Dumpster dive. ( 1 point per instance,
points max)
Infiltrate a condemned building. (4
points)
Access:
Wardrivelwalk and find unprotected
access points. ( 1 point for every 4)
- Hack a password-protected 802. 1 1 b
connection. (4 points)
Hacker Culture:
- Wear obvious hacker t-shirts in circum
stances (work, family gatherings, bar mitz
vahs) that would raise eyebrows. ( 1 point
per day points max)
- Listen to five hacker podcasts, radio
shows, or convention audio tracks. / point)
- Lecture a civilian on what it means to
be a hacker. ( 1 point per person, points
max)
- Attend a hacker gathering like a "2600"
meeting. ( 1 point)
- Attend a hacker convention. (2 points)
Programming:
- Sign up as a developer in an open source
project and make at least three intelligent
posts i n the developers ' forum. / point)
- Explore a new programming language.
(2 points)
- Create a useful and usable program in
the language of your choice. (4 points)
Privac:
- Create an autobiographical web page
filled with completely false information. ( 1
point)
- Use a magstripe reader to investigate all
the cards in your wallet. (2 points)
Movies:
Watch hacker-related Hollywood
movies. / point each, points max)
Watch a hacker-made movie like
"Freedom Downtime. " (2 points each, 4
points max)
- Videotape, score, and edit your own
hacker story and publish it on the web. (5
points)
Hardware:
- De-Microsoft your computer. / point)
Successfully set up your primary
computer to dual boot two diferent oper
ating systems. / point)
- Upgrade a difficult component in your
primary computer. For instance, overclock
your processor. , points)
- Completely disassemble your primary
computer and reassemble it in working
condition. (4 points)
Phreaking:
- Find five payphones. ( 1 pt)
Use your beige box from the Elec
tronics challenge to successfully listen in on
a conversion, unbeknownst to the partiCi
pants. , points)
Tebreaker
I f two or more contestants are ti ed or
near l y t i ed at the end of the contest, have a
t i ebreaker cha l l enge. Have them desi gn thei r
dream hacker space, and the contestant wi th
the cool est desi gn wi ns i t a l l .
Hackng an E
by Dagfari
before
http://dagfari . net
the actual el ecti on, the current egi s l at i ve
Wor ki ng i n El ecti ons Mani toba has gi ven
assembl y i ssues a wri t. Then, for two weeks,
me t i me to thi n k - after al l , i t ' s Gover nment
enumerat i on takes pl ace, wi th peopl e goi ng
work, eh?
door-to-door col l ect i ng names of el i gi bl e
Mani toba' s el ecti on system i s desi gned
voters and marki ng them down. The names
to provi de secu re paper vot i ng wi th easy
are entered i nto the database and handl ed
computer enumerat i on and vote count i ng
wi th computers from t hi s poi nt on. Each
and a t hi ck paper tra i l . There are, however,
retur ni ng offi ce serves one el ectoral di vi si on,
mu l t i pl e poss i bl e ways for a candi date to r i g
and each di vi si on i s fu rther broken down
an el ecti on - at l east for hi m. I ' l l be showi ng
i nto var i ous vot i ng areas of about equal
you one of t hem.
popu l ati on. For exampl e, the " Fort Whyte"
I n case you aren ' t fami l i ar wi th how
di vi si on i s broken down i nto a total of 65
provi nci al el ecti ons work i n Canada, here' s
voti ng areas. Each area consi sts of between
how. Each party fi el ds a candi date to each
2 00 and 350 voters, each area has i ts own
ulumH Zl
[
0 J
vot i ng pl ace where the actual vot i ng occurs.
A week before el ecti ons take pl ace
advance pol l s begi n, and the next week,
El ecti on Day. But a certai n candi date, Mr.
Theoret i cal l y Corrupt, has al ready guaran
teed h i msel f a seat i n the next l egi s l at i ve
assembl y! ( oh noes)
Technol ogy
The enumerat i on software here for El ec
ti ons Man i toba i s cal l ed VES, the Voter
Enumerat i on System. I t ' s a Mi crosoft Access
program, secured for mu l t i pl e users wi t h
passwords. I f you have access to the Master
computer for the retur ni ng offi ce servi ng that
di vi si on, you have di rect access to that data
base whi ch, i f you can edi t di rectl y, you can
add voters to wi th no secur i ty check.
I ' m s ure we a l l know the ol d adage about
"when an u naut hor i zed user has physi cal
access, you l ose al l secur i ty. " The bonus
i s th i s : at l east i n my RO, the Master was
routi nel y used as an extra data entry termi nal .
However, th i s sort of di rect access i s ent i r el y
unnecessary for a candi date to steal the el ec
t i on, as we' l l see . . . .
The Snatch
When the wr i t is si gned, the Corrupt
Candi date' s goons get j obs as enumerators
for hi s di vi s i on. As enumerators, they are
gi ven everyt hi ng they need - a badge, a pen,
and a carbon copy pad of forms to fi l l out
wi t h each person ' s address, name, phone
number, and ot her i nformati on.
There ar e no checks on whether the
i nformati on fi l l ed out by each enumerator
i s necessar i l y true, and so i t becomes a
numbers game 65 goons ( one for each
vot i ng area) fi l l out an extra 20 names each.
For some bonus, one cou l d add names to
vacant houses or add peopl e i n such a way
that wi l l not be detected wi th a casual obser
vati on of the l i st - l i ke matchi ng l ast names
wi th peopl e sti l l at the address, or l ooki ng up
names of dead rel ati ves.
That ' s an extra 1 300 votes for the candi
date, and t hat i s l i kel y enough t o t ur n t he
el ecti on towards whoever i s wi l l i ng t o do
i t. On vot i ng day, those goons step i nto the
l i nes at three separate vot i ng pl aces and
work thei r way t hrough each vot i ng area.
Of course, th i s onl y gai ns the party the
candi date i s a part of one seat i n the assembl y
- hardl y enough t o form a government or
wrest power away from a maj or i ty. However,
if the corrupt candi date was runni ng agai nst
someone i mportant - the premi er of the prov
i nce, for i nstance - or i f a l l candi dates from
one party were t hi s corrupt, then i t cou l d
cause a l ot of hassl e/pani c/di saster.
Concl usi on
Thankfu l l y, Canadi an El ecti ons' decen
tral i zed structure makes th i s sort of el ecti on
r i ggi ng hard and cost l y to do by i tsel f, and
there i s al ways the r i sk that t he voter s' count
wou l d be noti ced. I t' s poss i bl e for the Candi
date' s goons t o fi l l i n names for those houses
that don ' t have any peopl e l i vi ng i n them,
or houses that are under constructi on - but
that may take away from t he total number of
bonus votes.
As i t i s though, once a name i s enumer
ated, the voter is consi dered to be " i n the
system" and i denti fi ed. Al l each goon needs
to i denti fy hi msel f i s somethi ng that has both
hi s fake name and the fake-or-not address on
i t. Dr i vers ' l i censes are good, but for el ec
t i on-stea l i ng purposes mai l i s better and
eas i er t o forge.
But of course, thi s i s a l l for i nformati onal
and anal yt i cal purposes onl y. Any use of t hi s
i nformat i on or any other i nformati on avai l
abl e i n an i l l egal or di shonest manner i s no
fau l t of mi ne and not somethi ng I condone
as the wri ter. Pl ease, do not steal Mani toba' s
E l ecti ons, money, software, or anythi ng el se.
Thanks.
H o w t o c h e a t
G o o g 4 1 1
`v' 'ts 4I \ . \ _'C
by PhreakerD7
free of charge. "
def Intro ( ) :
Oh . . . yeah. Wel l . I ' m goi ng to show you
I n case you haven' t al ready noti ced,
j ust how easy i t i s to expl oi t th i s servi ce. Fi rst
Googl e's come out wi th a free 41 1 servi ce.
off, go ahead and pl ay wi t h i t a coupl e of
No bi g dea l . Ther e have been others before
ti mes i f you haven' t al ready. I t ' s good for
it. But one t hi ng I ' ve noti ced that ' s qu i te
the sou l . The number is 1 -800-GOOG-41 1
i nterest i ng is t hi s l i tt l e l i ne from thei r own
( 1 -800-4664-41 1 ) .
webs i te: int main ( ) {
" It connects you directly to the business, I t ' s a pretty i nterest i ng servi ce, rea l l y. But,
l
[
0 JZ
Z%
[
ZH0
there' s one t hi ng they di d wrong. It uses the really good use before Googl e pul l s the free
busi nesses from Googl e Maps. And anyone connect i ng par t . J ust add al l you r fri ends
wi t h a "Googl e Accou nt" (whi ch i s the same as busi nesses, any cool /usefu l numbers,
as a Gmai l account) can regi ster a new bus i - anythi ng you ' d ever want to cal l from a
ness. And a l l you have to do to val i date a payphone. Add as many as you can so that
busi ness i s be abl e to answer the phone when Googl e does get around t o addi ng one,
number you provi ded and gi ve them the PI N they shou l d a l l be up at t he same t i me. And
number t hey assi gn you . That ' s i t. No other everyone, i f you put some good numbers up
val i dati on. as a busi ness, l et everyone know the ci ty/
So . . . say we were to have a Googl e state i t's i n and the name of i t . So i f you put
Account ( or regi ster one, as they ' re free) and i n an ANAC you know of as a busi ness, try
we were to acci denta l l y put a new busi ness and l et peopl e know so we don ' t end up wi th
i n the di rectory. Wi th a very u n i que name forty busi nesses of the same number.
and wi t h the phone number correspondi ng I t ' s real l y too easy. Put some payphones
to our fr i end's cel l phone. Wel l , we go i n there. Put l ong di stance payphones. Hel l .
t hrough a l l the steps, pu t the busi ness i n a Put i n a payphone number, cal l it from a
strange category that most peopl e woul dn' t payphone next t o i t, answer i t, and l eave
l ook at wh i l e usi ng Goog41 1 or one that them both off hook. I n fact, why not do
there aren ' t a l ot of bus i nesses near you i n . somethi ng crazy?
( Say, i f archery i s n ' t very common around Set up an Aster i sk box at home and put
where you l i ve, c l i ck that as the category to that number i n the Goog41 1 Bus i ness Oata-
hel p nar row you r res u l t s. ) base. Set i t up to three-way a payphone
However. Ther e i s a down s i de. Googl e i s next t o anot her payphone. Cal l Goog41 1
j ust damn s l ow at updati ng. I t ' l l tel l you that and connect to you r Aster i sk box from a
your l i sti ng wi l l appear i n one mont h. Wow. payphone. It shoul d connect to the payphone
So don ' t expect to be cal l i ng pretty soon. next t o you . Pi ck i t up, tal k i nto t he or i gi nal
Bummer. I know. payphone, and l i sten i n the other. There
But . The l i ttl e devi l s over at Googl e have shou l d be some del ay dependi ng on where
mi ssed somethi ng. When you fi rst enter the you l i ve. Note: I t won ' t be a l ot of del ay.
bus i ness, you obvi ousl y have to use a n umber But who says you have to stop there?
you can answer. But afer i t's been answered, Gather up some of your onl i ne phreak fri ends
s i mpl y go back to your l ocal busi ness l i st i ng from ar ound t he country/wor l d. Set up Aster i sk
or whatever on your account, cl i ck edi t on boxes to three-way other Aster i sk boxes and
t he busi ness you j ust added, and j ust change then to fi nal l y three-way a payphone. Set the
the phone number. I t does n' t even ask you fi rst one up i n the Goog41 1 Bus i ness Oata-
to veri fy by cal l i ng you agai n. I t assumes base, cal l it from a payphone, and hopefu l l y
that i t ' s l egi t . That ' s what Googl e gets for you can cause qui te a bi t of del ay. The further
ass umi ng! apart t he Aster i sk boxes are, t he more del ay
After that, j ust make s ure to answer what- wi l l be created. }
ever number you put i n when Googl e cal l s
sub Conclusion : {
( or use your own number and change it l ater),
That cou l d be qui te a fun project for
enter the PI N they gi ve you, and wai t for a
a l l your ph reak fri ends. Heck, for any of
bi t . Soon Googl e' s s l ow ass wi l l eventual l y
your fr i ends. That ' s a l i tt l e bi t of ol d school
get around to addi ng your busi ness to thei r
phreaki ng fun, made easi er wi t h t he hel p
database of busi nesses. After that, s i mpl y
of two free servi ces. So I hope you ' ve al l
cal l Goog41 1 from any phone, l ook up the
l earned someth i ng from thi s art i cl e. That
busi ness you put i n there, have Googl e cal l
n o matter how powerful a company i s, no
i t, and bi ngo bl amo, you can use Goog41 1
matter what servi ce wi l l be put out, we can
to di al a fri end.
beat i t . Good l uck and take ful l advantage of
Note: Goog41 1 onl y l i sts the ei ght most
th i s servi ce! Let Googl e know we l ove t hei r
popu l ar resu l ts. So be s ure t o search f or t he
l i ttl e servi ce and thei r bi g hearts.
name of your bus i ness, not the category.
}
Otherwi se, it probabl y won ' t be one of the
procedure Shoutz ;
top ei ght busi nesses.
I ' ve got to give props to Halla, Murder_
So what does th i s mean? Go to your
Mouse, [H4z3j, dracosilv, james_Penguin,
nearest payphone. Most wi l l offer the abi l i ty
Sock, and big props to P(?)NYB( ?) Y That
to di al tol l -free n umbers for free. Cal l up
guy was pretty much my inspiration for
Goog41 1 , l ook up the number you put i n,
becoming a phreak. Thanks a lot, man.
connect for free, and yep. I t ' l l connect you.
Everyone at InformationLeak, and everyone
Free of charge.
I missed, cause I know there' a bunch. And
I thi nk thi s Goog41 1 can be put to some
also those phreaks out there still doing their
thing and spreading the word.
ulumH Zl[0 JJ
Privacy
Dear 2600:
After recei vi ng the newest i ssue of ?o00 l
started goi ng through my tak>of back i ssues. Thi s
wasn ' t what I was l ooki ng
f
o r but I came across an
al
l
t i me great arti cl e i n 20: 3 entitled " I nfidelity n
the I nformati on Age. " Normal l y I ' d j ust ski m
arti cl e and move on but l ast May my wi fe the
heartbreaki ng news to me. I ' l l l eave out the j ui cy
detai l s but she tol d me she broke off the affai r and
wanted to
.
fi

our marri age. Havi ng your spouse
tel l y

u t hi S
.
I S the worst
.
ki nd of agony. I can say
there I S noth i ng more pai nful or l i fe changi ng that
I ' ve ever experi enced. Wi thi n the next few weeks
I changed from bei ng an al l -trust i ng h usband who
never questi oned hi s wi fe' s fai thful ness to an
obsessi ve, overl y j eal ous man who had to know
where she was and what she was doi ng at a l l ti mes.
Atoma' s arti cl e was about the i nformati on he was
abl e to pu l l up off hi s gi rl fri end' s computer from
del eted and h i dden fi l es. He was not onl y abl e to
fi

d t hi s i nformati on but he was abl e to put every

t hi ng together and create a very detai l ed t i mel i ne
of everyt hi ng she di d i ncl udi ng phone cal l s bank
wi thdrawal s, and addresses she went to.
'
I am not so l ucy. My wi fe is aware of my
computer ski l l s and I f she wants to do somethi ng
on the I nternet that she does n' t want me t o know
about, she' l l use one of the I nternet accessi bl e
comp

ters at h

r col l ege. When I was n' t paci ng

or gOi ng nuts I n some way, I was on the web
tryi ng to fi nd out everyt hi ng I cou l d: Where was
she now? What was she doi ng? How l ong had she
been there? What was t hi s guy' s name? Where di d
he l i ve? Where di d he wor k? What was hi s emai l
address a n d phone number? Di d he have a cr i m
i nal record? Was he a sex offender? Was there a
warrant for hi s arrest, hopefu l l y?
w_ blackbookonline _ info has l i nks to
several si tes l ooki ng up cri mi nal or government
records. Wi th t hi s si te and ot hers I was abl e to
answer a l l these questi ons. Aloma sai d he was
shocked that he was abl e to get a l l the i nformati on
that he di d. I can eas i l y say the same t hi ng about
what I found off the I nternet. My wi fe' s col l ege
I ssued student i denti fi cati on cards that worked
s i mi l ar to credi t cards. You deposi t money and
that amount I S credi ted onto the card. Th i s al l ows
you to use these cards to pay for anythi ng whi l e
on campus. Th i s i nformati on i s then put on the
col l ege' s websi te so the students can vi ew t hei r
account ba l ance and hi story. Thr ough t hi s websi te
I was abl e to see when she arri ved by the coffee she
purchased before her fi rst cl ass and when she l eft
by payi ng the parki ng fee for the par ki ng garage.
The coll ege ema i l account al l ows yO0 to forward
i ncomi ng and outgoi ng emai l s to ,another
account S

you CH vi ew them i n your prefe rred

emai l ro UL troubl e setting this 5 I
Ou|U communi cation. had
access Ic
u
l e, nUber times
ac resses as wel
l
.

| | pho
n
e :are
also ava1

\i
ble
can onl y make
monthl y payments on ne u can view the ca
n
hi story goi ng back several months. I was abl e to see
everyone my wi fe tal ked to on our home phone and
h

r cel l pho
.
ne. I f she del eted somethi ng from t he
h i story on ei t her phone, i t woul d not be removed
from te on l i ne records. Us i ng Fi refox, I found an
extensi on t hat hel ped me f i nd street addresses.
Al l I had to get was a name and ci ty. w. skip
-ease . com gave me access to the extensi on
" Peopl e Search and Publ i c Record Tool bar. " Thi s
gave me several l i n ks to websi tes i ncl udi ng w.
z abasearch . com to do my searches and made
I t very easy to not onl y gi ve me thi s guy' s home
address and phone number but al so hi s wi fe' s
name. After a few searches I not onl y had t he i nfor
mat i on I wanted but I al so had names and addresses
of h i m, hi s wi fe, and hi s mother- i n- l aw. Fami l y tree
web pages gave even more detai l s : chi l dren ' s and
parents' names, bi rth and marr i age dates and l oca
ti ons. Dr i vi ng by the house gave me the chance
to see thei r cars and l i cense pl ates. I found w.
dmv .
,
org -
.
t hi s websi te gave me l i n ks to my l ocal
state s on l i ne pages to see what I cou l d fi nd wi t h
the l i cense pl ates.
Many ci t i es and counti es offer websi tes that
al l ow you to check records to see i f someone i s an
offender or has a cri mi nal record. Some states even
have pri soner i nmate l i sts on the I nternet. These
government si tes are free and avai l abl e for use by
the publ i c.
On my wi fe' s fl ash dri ve I found a good-bye
l etter that was more of a l ove l etter. I t gave me more
i nformati on al l owi ng me to add Googl e Earth to
my tool box and gave me a pi ctu
z
e of where they' d
been and where they tal ked or. dreamed about
run n i ng away to. I was al so abl e to vi si t websi tes
gi vi ng detai l s of each of these l ocati ons i ncl udi ng
some of the avai l abl e I nt i mate acti vi ti es for the
guests.
There i s a ton of i nformati on on the I nternet
and once i t' s there you can bet that i nfo wi l l never
be erased. I f you doubt that, go to w. archive .
-org . I created a websi te and removed it over
seven years ago and they sti l l have every deta i l
of I t. Once someone gai ns access t o the I nternet
i t ' s l i ke i nsta l l i ng 0 new hard dri ve wi th a l l of t hi s
i nformat i on. I t ' s al l r i ght there. You j ust need l ots of
l
[
0 J+ Z%
[
ZH0
pati ence and to know how to l ook for i t.
Dur i ng thi s l ast year t hi ngs have i mproved.
What started wi t h the news l ed to me bei ng severel y
dr unk on a regu l ar bas i s and my wi fe l i vi ng wi t h
her fami l y i n another state for two months. I ' ve
al so been nearl y i mposs i bl e to l i ve wi th, but i t ' s
shown me t hat she' s tru l y commi tted i n maki ng our
marri age wor k. Thi ngs wi t h us ar e better now but
we ar e sti l l i n the process of hea l i ng.
A Broken Husband
While it' understandable to be completely
distraught over what happened, you also demon
strate why people should be genuinely afraid with
all of this information about them so readily avail
able. Stalkers, lunatics, and people with overall
bad intentions have all sorts of power to inject
themselves into your lives and it ', very dificult
to escape their intruding eyes unless you have
a decent plan to protect your privacy. The vast
majority of people do not.
Dear 2600:
I was readi ng the l atest i ssue and ran across
i n the s ni ppets secti on about how some fol ks are
l ooki ng for an anonymous emai l s i te. We made
one. I t l aunched i n J ul y 2006 at http: //www.
-venompen. com/. Now keep in mi nd, it ai n' t qu i te
hardened yet, and we a i n ' t too s ure we want a l ot
of attenti on. But we' re free and we' re anonymous
( a rel at i ve t er m as you know) .
For now, I thought that thi s may be of benefi t to
your readers i n our bi g ol d communi ty. We' re real l y
here t o do no har m. I j ust read t he art i cl e and fel t
i t appropri ate t o provi de t hi s l i n k t o what we feel
is a necessary out l et for those who need to express
concern ( pueri l e or not) or to vent anonymousl y.
I hope you can gl ean the genui ne i nterest I have
in provi di ng an out l et to those who are fearfu l of
bei ng i denti fi ed ( wi th the understandi ng they don ' t
browse t o us from work or someth i ng stupi d l i ke
that) .
Muddy
It should be noted that the mail that gets
passed through this site is posted for all to see
(minus addresses) and that those running this
system have the ability to see everything.
Safeguards
to the recept i oni st who I had j ust cal l ed. She gave
me a puzzl ed l ook and asked i f I wanted a mai n
tenance key or a tel ecom key. I tol d her tel ecom
fol l owed by whi ch bui l di ng the c l oset was l ocated
i n. She opened a wa l l l ocker and pul l ed out a key
wi th a tag attached to i t. She asked for my name,
company, and cel l phone number. I pul l ed out my
wal l et as I answered the questi ons and before I
cou l d pu l l out my | |she dropped the key on the
counter. I guessed because of my busi ness atti re
that she j ust assumed I was okay. As I wal ked
back to the practi ce I l ooked at the tag on the key
and noti ced that i t had two bui l di ng numbers on
i t. Sure enough, i t opened a l l cl osets I passed i n
both bu i l di ngs ! After t h e cal l was fi ni shed I brought
the key back. She di dn' t check my name off i n her
book. She j ust t ook the key back to the l ocker. I put
i t behi nd me thi nk i ng that she may have been i n a
bad mood or someth i ng ( common at t hi s hospi tal ) .
I n March I had a s i mi l ar cal l at another prac
t i ce. The same exact th i ng happened! No | |check.
No check off i n the " l og book. " And absol utel y no
si gnatures ! I t was a di fferent gi rl that was worki ng
t he counter. I don ' t know about anyone el se, but
i t scares me t o t hi nk t hat the proper safeguards
aren ' t bei ng t aken wi t h the networ ki ng cl osets at
t hi s hospi ta l . Bot h of my coworkers reported that
they have never been prompted for any form of | |
or proof of work. I c a n j ust i magi ne t h e weal th of
knowl edge a person coul d obtai n by moni tor i ng a
network from the c l oset: SSNs, DOBs, addresses,
and medi cal i nformat i on ! I have sent an anony
mous ti p to the management company to hopefu l l y
resol ve t h i s . I guess I wi l l fi nd ou t t h e next t i me I
have network work to do!
i nf3kTl D
Don 't hold your breath. Stupidity and bad
security practices have an amazing resiliency
Dear 2600:
Today I wi t hdrew some money from the ATM at
Bank of Amer i ca. I i nserted my card and soon was
asked for my PI N. I ' ve done t hi s hundreds of t i mes
before but never thought about t hi s. When I i nput
my PI N I real i zed how l oud the tone was when I hi t
each number. I al so real i zed that t he fou r numbers
that I i nput had di fferent tones, not unl i ke a phone
keypad.
I wonder i f i t wou l d be poss i bl e to bug the
Dear 2600: area of the ATM and record the tones. A l i ttl e t r i al
I wor k for a sma l l computer support company i n and error shoul d yi el d the correct numbers. I f the
the southeast Uni ted States. The j ob consi sts most l y number overheard was, say, 4-4-3-4 i t i s easy to
of fi el d cal l s that requi re al most no knowl edge fi gure out the number i n t hi s manner. Then a l l you
whatsoever - broken CD- ROM trays, unpl ugged need i s the card to do a transact i on. Supposedl y
network cabl es, etc. On occas i on I recei ve work one safeguard agai nst card theft i s the secrecy of
orders to repai r i ssues at a l ocal hospi ta l . The the PI N but i t i s n' t very secret i f I can eas i l y trans-
hospi tal i s one of the l argest i n the regi on wi th l ate i t i nto numbers s i mpl y by heari ng the machi ne
al most 1 00 i ndependent practi ces partnered wi t h and then steal the card.
the 500+ bed fac i l i ty. I recei ved a work order i n Of course, I cou l d beat the number out of hi m
J anuary t o " revamp" t he network for a practi ce. The when I rob h i m but i t ' s far more fun to hack i t.
networ ki ng cl osets for these i ndependent practi ces AnOl dFool
are sti l l control l ed by the hospi ta l ' s management And these are the letters that wind up getting
company. quoted on the news. But seriously, for those
I cal l ed the phone number l ocated on a si gn people whose modus operandi includes stealing
that was attached to the l ocked cl oset door. A things out of wallets and purses, obtaining a
young l ady answered the phone and expl ai ned that U. S. style credit card that relies only on a usually
I woul d have to come to thei r offi ce and get the unverified signature would be far more useful to
key. I ran across t he street to t hei r offi ce and t al ked their life of crime. (Other countries have started
ulumHZ
l
[
0 Jo
to use the "chip and pin " system that requires a
PIN but no signature and supposedly has reduced
credit card fraud and identity theft.}
Submissions
Dear 2600:
I am wr i t i ng i n regards to arti cl e submi ssi ons for
?00. I have an i dea for someth i ng about whi ch I
wou l d l i ke to wr i te. What is the procedu re? Shou l d
I s i mpl y wr i te t he arti cl e, t hen s end i t ? Or do I gi ve
a synopsi s fi rst? Al so, what ki nd of word counts are
you i nterested i n ?
Mi chael
The whole process is relatively informal. Simply
send your submission to articles @ 2 6 0 0 _ com
and, if it' selected, you'll get a notification some
time before the next issue comes out. (Depending
on backlog, it could take a couple of issues for
your article to appear. ) A synopsis isn 't necessary,
nor is a word count. Co for as long as necessary to
make your article informative and interesting. Just
remember to keep it in the hacker perspective.
Dear 2600:
I have an a rt i cl e I wrote on us i ng ssh as a
SOCKS proxy to keep peopl e on i nsecure networks
from spyi ng on you. | have a rough draft on my
wehsi te. There were some comments made on the
arti cl e and I wou l d l i ke to i ncorporate those i nto i t
i f you guys are i nterested. I wi l l rewri te i t i f there i s
any i nterest i n t hi s topi c. I t certa i nl y hel ps me wi t h
a l ot of pr i vacy and fi rewa l l concerns.
Tyler
Sounds interesting hut we have to point out
our policy ahout previously released material.
If it', heen published already, even on a small
wehsite t hat " open to the world, we likely won 't
he ahle to consider it as our readers tend not to
like reprints in new editions.
Dear 2600:
I was recent l y wr i t i ng H SYN port scanner
( based on r aw sockets and t he pcap l i brary) and
was wonder i ng i f an art i cl e a bout the process of
bui l di ng such a scanner wou l d be i nteresti ng t o t he
readers of 2o. Do you th i nk you ' d l i ke to publ i sh
someth i ng l i ke t hi s?
i thi lgore
It can 't hurt to send it in. Even if we don 't use
it, you've gotten your thoughts down in writing
which is almost always a good thing.
Dear 2600:
Are there any mi ni mum requi rements for art i cl e
submi ssi ons?
J osh
Words that make sense when strung together.
Words that have something to do with hacking.
And words that haven't appeared elsewhere.
you won ' t share my emai l address wi t h anyone.
W C
There certainly are a lot of submission ques
tions in this issue, aren't there? We always advise
people to send in what they've written. In order to
be considered, your article must contain elements
of the hacker spirit which basically means inquisi
tiveness, imagination, rebelliousness, and an
ability t o think outside t he box. It shouldn 't be
the sort of thing that could appear in a "normal "
computer publication. And unless you indicate
your email address in the text of your article, it is
not printed nor released to anyone.
Meetings
Dear 2600:
I know i n your meet i ng gu i del i nes i t i s stated
that anyone can attend regardl ess of experti se
l evel . I am goi ng to school for computer secur i ty
and forensi c i nvesti gati on at t hi s t i me, but I real i ze
after l i sten i ng to my professors that the best way
to l ear n the i ndustry i s to networ k wi th those who
are actua l l y doi ng the hacki ng. My ul t i mate goa l
is to go after chi l d pornographers, whi ch I am s ure
wou l d be a favorabl e goa l i n the eyes of any hacker
t hat has chi l dren. I a l so want to l earn how best to
protect chi l dren whi l e they' re onl i ne so the preda
tors have a harder ti me performi ng thei r ungodl y
deeds. What I don ' t want t o do i s make anyone at a
.00meeti ng uncomfortabl e knowi ng I ' m not there
for mal i ci ous hacki ng. So before even attempt i ng to
attend I wanted it to be known up front why I want
to attend. Does anyone at ?00 know of any free
onl i ne tutor i al s for hacki ng basi cs? Or are there any
members wi l l i ng to share the experti se for free to
hel p me i n my goa l ?
Vi nce
The fact that you think meeting attendees
would be uncomfortable if you were not mali
cious tells us you have a great deal to lear about
this community As for wanting to protect the chil
dren, that 's all fine and good but far too often we
see the tools developed with that in mind turned
against those who merely wish to exist in a free
thinking and open environment. The best way to
keep kids safe is to educate them and not to create
a "nanny net" which will result in the regulation
of content far beyond the original goals.
Dear 2600:
Let me say that I ' ve been readi ng your maga
zi ne for al most si x years now and I have l oved
every s i ngl e i ssue. I ' d l i ke to contri bute two i deas
that mi ght make i t even better. One, I know you
guys are rel eas i ng the magazi ne on the fi rst Fri day
of every season. Even though i t ' s rel eased at that
ti me i t usua l l y does n' t hi t t he stands for another
few days, so i t mi sses that ?00 meet i ng. I f there
woul d be a way to rel ease it a few days pr i or to
the meet i ngs, we wou l d have the copy wi th us and
more th i ngs to di scuss. I t woul d be excel l ent. My
second i dea i s to have short stori es wr i tten i nto the
Dear 2600: pages somehow. Maybe l i ke one story per i ssue.
I am consi deri ng wr i t i ng an art i cl e i ntroduci ng I fi gure i f al l of us agree t hat Hol l ywood does n' t
t he basi cs of UNI X or an arti cl e expl ai ni ng t he i nner depi ct us accuratel y, why don ' t we show them how
worki ngs of the x86. Are ei t her of these somethi ng i t ' s rea l l y done wi t h proper termi nol ogy and a l l ?
you wou l d be i nterested i n publ i s hi ng? I trust that
You guys recent l y added those fou r extra
p
ages
l[
0 J Z%
[
Zm0
so I
d
on' t know i
f
a
dd
i ng more pages
f
or t
h
e story
wou l d be reasonabl e, but i t was j ust a t
h
oug
h
t.
Anyway, keep up the good work. 200 has me as
a |i feti me rea
d
er.
MasterChen
It' a rare combination to be able to write a
decent story and get all the terminology right. We'
like to see it happen more often. As for the release
dates of the issues, this is a problem caused by the
stores and distributors. We ask them when they
need it in order to meet a particular on sale date.
Even though they get the issue on the day they
request it in order to meet that date, for whatever
reason they don 't get around to putting it on the
shelves. But we've also had the opposite problem.
Some distributors push the issue onto stands well
before the on sale date thinking they're somehow
gaining an advantage by being first. This only
pisses off our other distributors who then do the
same thing next time. And while all of this is going
on, weIe also trying to get it to our subscribers
within the same time frame. If it continues to be a
problem we can try and get it on stands a week or
so earlier. But even then there will be problems.
That much is guaranteed.
Dear 2600:
I s the average atten
d
ee
f
or t
h
e 200 meet
i ngs
h
ere i n t
h
e U. S.
f
i nanci al l y wel l o
ff
? J ust a
t
h
oug
h
t.
John
If only we knew where the thought was going.
We don 't know how well off any of our attendees
are but, as it' never been about money, this isn 't
something that ' likely to matter.
Critique
Dear 2600:
I apol ogi ze
f
or t
h
i s l etter comi ng so l ate but
I was onl y recent l y ma
d
e aware o
f
an arti cl e i n
23: 3 cal l e
d
"W
h
ere
h
ave a l l t
h
e Phi l ez Gone?" by
game . . . . T
h
ere i s somet
h
i ng
d
i
ff
erent to
d
ay. " T
h
i s
i s absol ute garbage. On a regu l ar bas i s , I down
l oa
d
gi gabytes of i nformati on, some of i t not out
of pl ace
f
rom anythi ng from t
h
e BBS era, most o
f
it not. W
h
at makes sense to put on one of the text
f
i l es websi tes, I do. What doesn ' t ends up in my
arc
h
i ves. Ei t
h
er way, I fi nd t
h
e process many ti mes
easi er an
d
pai n l ess t
h
an the hei ght o
f
the BBS era,
when the opportuni ty to
d
own l oa
d
a sma l l handfu l
of text fi l es came at the pri ce o
f
an enti re even i ng
of re
d
i a l i ng wi t
h
a mo
d
em. I n one eveni ng i n the
current era I can
d
own l oa
d
more f i l es t
h
an I
d
own
l oade
d
i n a
d
ecade o
f
us i ng BBSes.
T
h
e art i cl e cl ai ms that new users are onl y
recentl y t
h
e vi ct i ms o
f
l ack of respect. Th i s i s crazy;
I
h
ave fi l e a
f
ter
f
i l e o
f
bul l et i n boar
d
message bases
showi ng
d
i srespect to new users, j ust as I
h
ave
many s
h
owi ng respect and char i ty by o
ff
er i ng
i n
f
ormati on an
d
gu i
d
ance.
W
h
i l e I u n
d
erstan
d
t
h
e nee
d
to
f
i l l pages,
pl ease consi
d
er art i cl es that provi
d
e rote i nstruc
ti ons on basi c aspects o
f
computer i n
f
ormati on, or
whi ch
d
on' t attempt to stray i nto warpe
d h
i stori cal
teac
h
i ngs i n t
h
e space o
f
one an
d
a
h
al
f
pages.
Jason Scott
While we understand your obvious passion
for what you do, it is possible to convey knowl
edge of the information and services you provide
without insulting us or our writers. People submit
articles with the knowledge that they are aware
of others with additional knowledge add to this
or correct the mistakes. It's not ahout trying to fill
pages or speaking out of ignorance. It' a process
that results in a dialog amidst the clearinghouse of
information that passes through here. To us that
dialog is as important as the conclusions since it
gets people into a thinking mode. When you put
people down for not having the same knowledge
as you, then that dialog is poisoned and overshad
owed by negativity There' already enough of that
to go around, past and present.
Gl utton. T
h
i s art i cl e is
h
or r i bl e. Dear 2600:
T
h
e arti cl e,
f
or everyone who
h
asn ' t rea
d
i t I rea
d
t
h
e arti cl e "Hacki ng Your Own Front
s i nce l ast
f
al l , covers t
h
e topi c o
f
"text
f
i l es, "
f
i l es on Door" by Cl i
ff
i n 24: 1 . Cl i
ff
was r i g
h
t to poi nt out
bul l et i n boar
d
systems an
d
t hei r pl ace i n h i story, t
h
at many l ocks on
h
omes an
d
bus i nesses i n t
h
e
an
d
a
d
i scussi on o
f
t
h
e current state o
f
t
h
em. It i s Uni te
d
States are i na
d
equate an
d
easy t o pi ck usi ng
wrong on bot
h
counts. t
h
e "bump" met
h
o
d
. However,
h
e states t
h
at, "Al l
An i mpl i cat i on i s ma
d
e t
h
at t
h
ese
f
i l es are
h
ar
d
o
f
t
h
e l ocks can be opene
d
by an amateur i n l ess
to
f
i n
d
. T
h
ey are not. textfles . com
h
as been t
h
an two secon
d
s. " T
h
i s i s total l y
f
al se. Fi rst, you
maki ng BBS-era text
f
i l es avai l abl e s i nce 1 998, an
d
nee
d
to get a bl ank key that is uncut. It is i l l egal
h
as i tsel
f
been mi rrore
d
an
d d
ownl oa
d
e
d
count l ess
f
or a l ocks mi t
h
to provi
d
e t
h
i s . Even i
f
you got t
h
e
t i mes i n t
h
e l ast n i ne years. It
h
as been t
h
oroug
h
l y correct bl ank an
d f
i l e
d
i t
d
own, i t wou l
d
onl y
f
i t
mappe
d
by searc
h
engi nes an
d
t
h
e tens o
f
t
h
ou- i nto a l ock wi t
h
t
h
e same keyway. T
h
ere are t
h
ou-
san
d
s o
f
BBS text
f
i l es are bei ng
d
i scovere
d
an
d
san
d
s o
f d
i
ff
erent keyways. J ust go to a l ocks mi t
h
d
own l oa
d
e
d
constant l y, to t
h
e t une o
f h
un
d
re
d
s an
d
l ook at a l l t
h
e keys
h
angi ng on t
h
e wal l . Many
o
f
t
h
ousan
d
s o
f
users a mont
h
. phrack . org i s keyways are propri etary too an
d
you coul
d
never
menti one
d
as a source
f
or Phrack, w
h
i l e text get your
h
an
d
s on t
h
e bl anks anyway. But l et's say
-fles . com
h
as Ph rack an
d h
un
d
re
d
s o
f
ot
h
er el ec- you
h
a
d
possessi on o
f
a Me
d
eco, Abl oy, Sc
h
l age
t roni c magazi nes t
h
at
h
ave
f
l our i s
h
e
d
i n t
h
e l ast 2 0 Pr i mus, ASSA, Mul -T- Lock, Kaba, or DOM key.
years. A secon
d
s i te, web . textfles . com, tracks T
h
e bl ank wou l
d
n't
h
el p you pi ck t
h
e l ock s i nce a l l
BBS-styl e text
f
i l es wri tten a
f
ter 1 995, proVi
d
i ng these bran
d
s go beyon
d
t
h
e s i mpl e
f
i ve-pi n tec
h
-
a l ocati on
f
or users to bot
h
rea
d
an
d
upl oa
d
t
h
ei r nol ogy an
d
pi cki ng t
h
em i s pretty cl ose t o i mpos-
recentl y wr i tten works. s i bl e. Cl i
ff
suggests us i ng a C
h
ubb-styl e l ock. T
h
ese
T
h
en, wor ki ng o
ff
t
h
i s base mi sassumpti on,
h
ave been aroun
d f
or over 1 50 years an
d
t
h
ey are
Gl utton specul ates as to w
h
y t
h
ese text
f
i l es are equal l y as secure as any o
f
t
h
e ment i one
d h
i g
h
-
h
ar
d
er to
f
i n
d
or not ava i l abl e. Hi s concl usi on i s secur i ty bran
d
s . However, l ever l ocks (C
h
ubb-
t
h
at "T
h
e s
h
ar i ng o
f
i n
f
ormati on i s a
d
angerous styl e) are general l y morti se
d
i nto a
d
oor an
d
are
ulumH Z
l[
0 J
not compat i b
l
e wi t
h d
oors
d
esi gne
d f
or use wi t
h
a
cyl i n
d
ri ca
l l
ock.
Anonymous
Dear 2600:
P
l
ease
l
et me use you as a me
d
i um to t
h
ank
NYC Locksmi t
h f
or
h
i s
f
u
l l
,
d
etai
l
e
d
an
d
exce
l l
ent
response to my arti c
l
e " Hacki ng Your Own Front
Door. " NYCL, s i r, I
d
e
f
er to your greater knowl e
d
ge
an
d
experi ence!
You ' re correct about t
h
e Br i t i s
h
connecti on,
an
d
i n
d
ee
d
correct about my
l
ack o
f
i ns i
d
er know
l

e
d
ge on t
h
e subject. I ' m not a tra
d
e pro
f
essi ona
l
,
j ust a guy w
h
o
f
oun
d
somet
h
i ng t
h
at worri e
d h
i m,
l
earne
d
w
h
y it worri e
d h
i m, an
d
wante
d
to a
l
ert
ot
h
ers as best I cou
l d
. T
h
e topi c
d
i
d
n' t seem to
h
ave
been covere
d
in t
h
e past
f
i ve years at l east, an
d
so seeme
d f
ai r game. T
h
e
h
eart o
f
my art i c
l
e was
pi tc
h
e
d
as an awareness-rai ser as oppose
d
to an i n
d
ept
h
exp
l
orat i on, ass umi ng 2600ers were smart
enoug
h
to go an
d f
i n
d
out more ( an
d
t
h
en try it
f
or
t
h
emse
l
ves) i
f
t
h
ey were keen!
I
h
a
d
enoug
h
success wi t
h h
an
d
-carve
d
bump
keys t o warrant t
h
i nki ng t
h
i s wort
h
y o
f
submi ssi on.
I ' m most p
l
ease
d
t
h
at we seem t o be u n i que
l
y
un
d
er-protecte
d h
ere i n t
h
e U. K. compare
d
wi t
h
a
l l
t
h
e s ui tes/manu
f
acturers you seem to
h
ave avai l
ab
l
e i n t
h
e U. S. We nee
d
a wi
d
er sprea
d h
ere, but
Ya
l
e ( or compat i bl e/c
l
one
l
ocks)
h
ave somet
h
i ng
l i ke 75 percent o
f
t
h
e
f
ront
d
oors I know, a
l l
wi t
h
t
h
e same gat i ng ( or w
h
atever your tra
d
e term i s, i
f
not "gat i ng") . A
l
t
h
oug
h
I
d
i
d
n ' t
d
i sti ngui s
h
c
l
ear
l
y
enoug
h
between a un i versal master key an
d
one
f
or a part i cul ar s ui te o
f l
ocks, i n t
h
e U. K. a Yal e
bump key i s approac
h
i ng
f
unct i ona
l
equ i val ence
to a master key.
T
h
anks aga i n
f
or t
h
e consi
d
ere
d
an
d f
u
l l
response. Per
h
aps you wou
l d
l i ke t o wri te ot
h
er
arti c
l
es on p
h
ysi cal secur i ty wi t
h
more
d
etai
l
? I
know I '
d
be keen to rea
d
any you wrote. I ' m sure
many ot
h
ers wou
l d
be too.
Cl if
poor 1 4-year-ol
d
Bi
l l
y
d
oesn ' t
h
ave an I nternet
connecti on,
h
ow is
h
e suppose
d
to get
h
i s ques
ti on answere
d
i
f
t
h
e e
d
i tors re
f
use to answer i t i n
t
h
e magazi ne? He won ' t, an
d
a quest i on not bei ng
answere
d
i s never a goo
d
t
h
i ng.
T
h
e ot
h
er t
h
i ng about
h
avi ng a
l l
t
h
e i n
f
orma
ti on provi
d
e
d
on t
h
e webs i te goes back to my state
ment t
h
at
h
acki ng is not an acti on, but a way o
f
t
h
i nk i ng. I
f
a
l l
t
h
e i n
f
ormati on on
h
ow to
d
o t
h
i ngs,
proper
f
ormatt i ng, e
l
ectr i ca
l
sc
h
emati cs are spoon
f
e
d
to us,
h
ow are we s uppose
d
to
h
ack? Hacki ng
i s t
h
e sea rc
h f
or i n
f
ormati on t o t r y an
d f
i n
d
a better
way o
f
accomp
l
i s
h
i ng a goa
l
, w
h
et
h
er t
h
at is to get
an i Po
d
to snag a
l l
t
h
e passwor
d
s o
ff
a computer,
or
f
i n
d
i ng a
d
i
ff
erent roa
d h
ome w
h
en t
h
e norma
l
one you trave
l
on is cl ose
d d
own
f
or construct i on.
As
f
ar as arti c
l
es go, I rea
l l
y
d
on' t t
h
i n k t
h
e e
d
i tors
mi n
d
i
f
you sen
d
i n a banner or not. I
f
you
d
o, an
d
it can be
f
ormatte
d
to t
h
ei r magazi ne, I am s ure
t
h
ey wi
l l
use i t. I
f
not, t
h
en maybe t
h
ey wi
l l f
i n
d
one o
f
t
h
ei r own . W
h
o knows u n
l
ess you ei t
h
er
ask, or try?
I
h
ave been us i ng Li nux
f
or t
h
e l ast
f
our years.
Not unt i
l
j ust recent
l
y t
h
oug
h h
ave I been rea
l l
y
tryi ng to
l
earn
h
ow to manage a L i nux box. You
can' t
l
earn
h
ow to proper
l
y a
d
mi n i ster a L i nux box
by rea
d
i ng a book or by a
l
ways bei ng gi ven t
h
e
answers. I
h
ave use
d
Fe
d
ora, Ubuntu, Re
d
Hat, an
d
SUSE. None o
f
t
h
ese rea
l l
y l ets you
l
earn
h
ow t
h
e
OS works because a
l
ot o
f f
unct i ons are
d
one
f
or
you . A week ago as o
f
wr i t i ng t
h
i s, I swi tc
h
e
d
to
S
l
ackware 1 2 . 0. T
h
e reason
f
or t
h
i s i s because i t
wi
l l
gi ve me t
h
e opport un i ty t o actual l y
l
earn Li nux
because
h
ar
dl
y anyt
h
i ng i s
d
one
f
or you. Actua
l
ly,
app
l
i cati ons work better an
d f
aster i
f
you compi
l
e
t
h
e source co
d
e yourse
l f
rat
h
er t
h
an runni ng an
i nsta
l l
er. Some peop
l
e
d
on' t nee
d
t o know
h
ow to
f
u
l l
y a
d
mi ni ster a Li nux
d
i stro an
d
t
h
at is
f
i ne. But
f
or t
h
e peop
l
e w
h
o want t o
l
earn
h
ow t o
d
o t
h
i ngs
i n L i nux at t
h
e comman
d l
i ne, you
d
on' t
l
earn
un
l
ess you
d
o.
I
h
ave on
l
y been rea
d
i ng t
h
i s magazi ne regu
l
ar
l
y
f
or t
h
e
l
ast t
h
ree years, w
h
i c
h
i s onl y 1 2
Dear 2600:
i ssues. I
f
I remember correct
l
y, out o
f
t
h
ose 1 2
T
h
i s i s i n response to MS3 FGX' s
l
etter i n 24: 2 .
i ssues, t
h
ere
h
ave been four art i c
l
es about some
T
h
e e
d
i tors at 2600 are
d
oi ng a
f
i ne j ob wi t
h
t
h
e
sort o
f
Wi Fi
h
acki ng. W
h
et
h
er it was breaki ng t
h
e
magazi ne an
d
t
h
ei r websi te. You s
h
oul
d
rea
l
i ze t
h
at
WPA co
d
e or war
d
r i vi ng, t
h
e topi c o
f
Wi Fi i ntru-
t
h
ere i s a l ot o
f
work t
h
at
h
as to be
d
one between
si on
h
as been ta
l
ke
d
about a
l
ot. T
h
e reason i s,
eac
h
i ssue. I know t
h
at t
h
ree mont
h
s seems
l
i ke
as tec
h
no
l
ogy c
h
anges an
d
gets better, t
h
e ways
a
l
ot o
f
t i me
f
or on
l
y a 70 page magazi ne, but I
o
f
accomp
l
i s
h
i ng t
h
i ngs you want to
d
o wi t
h
t
h
at
wou
l d
not be surpri se
d
to
f
i n
d
out t
h
at i t i s actua
l
l y
tec
h
nol ogy c
h
anges. Do you t
h
i n k t
h
at
f
or t
h
e
l
ast
very
d
i
ff
i cu
l
t
f
or t
h
em to
d
o w
h
at t
h
ey
d
o.
2 3 years t
h
i s magazi ne
h
as been pub
l
i s
h
e
d
t
h
ere
You nee
d
to remember t
h
at
h
acki ng is not
h
asn ' t been a multitude o
f d
up
l
i cate topi cs? Look
mere
l
y an acti on t
h
at a person
d
oes on a computer.
at a
l l
t
h
e arti c
l
es t
h
ere
h
ave been on soci a
l
engi -
I t i s a state o
f
mi n
d
; a way o
f
t
h
i nki ng. You say t
h
at
neeri ng. T
h
e reason
f
or t
h
i s i s two
f
o
l d
.
t
h
ey waste space i n t
h
ei r magazi ne answer i ng
Fi rst, l et ' s t
h
i nk o
f
poor 1 4-year-o
l d
Bi
l l
y agai n.
repeat quest i ons an
d
t
h
ey probab
l
y get a
l
ot o
f I n t
h
e Spr i ng 2 005 i ssue, magneti c stri pe rea
d
i ng
d
up
l
i cate art i c
l
es. Yes, t
h
ey
d
o repeat a
l
ot o
f
t
h
e
was
d
i scusse
d
. But Bi
l l
y
d
oes n' t pi ck up
h
i s
f
i rst
same questi ons an
d
yes, I am s ure t
h
ey get tons o
f 2600 unt i
l
a
l
ater i ssue. Meanw
h
i
l
e, someone
d
up
l
i cate arti c
l
es. However, I
d
o not see t
h
i s as a
submi ts an arti c
l
e on magnet i c stri pe rea
d
i ng an
d
,
ba
d
t
h
i ng.
w
h
i
l
e bei ng i nnovati ve an
d d
i
ff
erent
f
rom t
h
e
Fi rst I wi
l l d
i scuss t
h
e quest i ons. Peop
l
e o
f
a
l l art i c
l
e i n t
h
e Spr i ng 2005 i ssue, t
h
e e
d
i tors rej ect
ages an
d l
i
f
esty
l
es rea
d
t
h
i s magazi ne. T
h
ere are
t
h
e arti c
l
e because t
h
ey are
f
o
l l
owi ng a new " no
peop
l
e w
h
o
d
o not
h
ave an I nternet connect i on ( as
d
up
l
i cate topi c" po
l
i cy. Or maybe t
h
e aut
h
or o
f
f
ar
f
etc
h
e
d
as t
h
at may soun
d
, it is true) . Or t
h
ey
t
h
i s art i c
l
e goes to 2600' 5 websi te an
d
sees t
h
at
may not know o
f
t
h
e 2600 websi te, or
d
on' t know
magnet i c stri pe rea
d
i ng was a
l
rea
d
y pub
l
i s
h
e
d
, so
h
ow to searc
h f
or i t . So i
f
t
h
e e
d
i tors post answers
h
e
d
eci
d
es not to submi t i t i n
f
ear t
h
at t
h
e e
d
i tors
to
f
requent

aske
d
questi ons on t
h
ei r webs i te, an
d wi
l l
rej ect t
h
e arti c
l
e. Ei t
h
er way, Bi
l l
y is now
l[
0 %
[
ZH0
d
eni e
d
i n
f
ormati on because peopl e are a
f
rai
d
to
pr i nt i n
f
ormati on on t
h
e same t
h
i ng twi ce.
T
h
i s o
f
course br i ngs me to my secon
d
poi nt:
t
h
ere i s al ways somet
h
i ng
d
i
ff
erent i n eac
h
art i cl e
even i
f
t
h
e topi c
h
as been covere
d
be
f
ore because,
aga i n, tec
h
nol ogy c
h
anges every
d
ay. I rea
d
t
h
e
art i cl e i n t
h
e Spr i ng 2005 i ssue, an
d
I
d
i
d
i t. I ma
d
e
my own magneti c stri pe rea
d
er. T
h
ere is a casi no
- t
h
at wi l l remai n namel ess - t
h
at uses a gi
f
t car
d
system to manage t
h
e i n
f
ormati on o
f
customers'
bal ances. I went to t
h
i s cas i no an
d
teste
d
my stri pe
rea
d
er on t
h
ei r car
d
. W
h
en I outputte
d
t
h
e
d
ata, I
was abl e to see w
h
ere t
h
e bal ance was store
d
an
d
I
was abl e to c
h
ange t
h
at amount. I went
f
rom
h
avi ng
$40 on t
h
e car
d
to $45 . I took t
h
e car
d
back to t
h
e
cas i no to cas
h
out. I wante
d
to see i
f
t
h
ey wou l
d
be abl e to noti ce t
h
at I went
f
rom
h
avi ng $40 on
t
h
e car
d
to $45 wi t
h
out even gambl i ng. T
h
ey
d
i
d
n' t
an
d
I ma
d
e a
f
ast
f
i ve bucks. A year l ater I
d
i
d
t
h
e
same t
h
i ng an
d
a l most got my ass arreste
d
w
h
en
t
h
ey coul
d
n' t matc
h
u p t
h
e
d
ata on t
h
e car
d
wi t
h
t
h
e game l ogs on t
h
ei r servers. So i
f
I were to wri te
an art i cl e on t
h
i s topi c, s
h
oul
d
it be rej ecte
d
on t
h
e
basi s t
h
at it was
d
i scusse
d
a l rea
d
y, even t
h
oug
h
t
h
e
ori gi nal art i cl e is no l onger accurate
f
or t
h
i s si tua
t i on? I t
h
i nk not.
I n
f
ormati on s
h
oul
d
never be kept
f
rom anyone,
but t
h
ere s
h
oul
d
not onl y be one way o
f
obta i n i ng
it ei t
h
er. T
h
i s magazi ne
h
as been publ i s
h
e
d f
or t
h
e
l ast 23 years. T
h
ey must he
d
oi ng a l ot o
f
t
h
i ngs
ri g
h
t to s urvi ve t
h
e troubl es t
h
at t
h
ey
h
ave prob
abl y
h
a
d
to go t
h
roug
h
. Remember,
h
acki ng i s not
j ust an acti on t
h
at i s
d
one on a computer - i t i s
a way o
f
t
h
i n ki ng. Once agai n, e
d
i tors o
f
2600,
t
h
ank you
f
or putt i ng out suc
h
a
f
i ne publ i cati on
an
d
keep
d
oi ng w
h
at you are
d
oi ng. I l ook
f
orwar
d
to rea
d
i ng a l l t
h
e
f
ut ure arti cl es on Wi Fi i ntrusi on
an
d
soci al engi neeri ng. Hack on!
P3ngul n
Thanks for the kind words. But please don't
mention us the next time you mess around with
money in a casino. In fact, don't let there be a
next time.
Dear 2600:
Dear 2600:
Fi rst o
ff
, I l ove t
h
e mag. I ' m a l ong t i me rea
d
er
h
al
f
way t
h
oug
h
my
f
i rst s ubscr i pt i on. Now t
h
at
f
orma l i ti es are out o
f
t
h
e way, i n 24: 2 a person
name
d
Barron wrote an
d
,
f
rom w
h
at I can tel l ,
h
e
was ma
d
about a publ i c l i brary
h
avi ng a control l e
d
access program on i ts computers an
d h
e al so coul
d
not
f
i n
d
a
h
acker or group o
f h
ackers w
h
o
h
acke
d
in t
h
e name o
f
t
h
e USA. As u n i ntel l i gi bl e as t
h
at
l etter was, my l etter i s about t
h
e response
f
rom
2600.
About
h
a l
f
way t
h
oug
h
t
h
e response, t
h
e topi c
t ur ns an
d
starts compar i ng peopl e w
h
o l ook
f
or
h
acki ng groups to t
h
e mi l i tary. Apparentl y,
accor
d
i ng to t
h
e respon
d
er, members o
f
t
h
e mi l i
tary are wr i t i ng l etters to 2600 i n or
d
er to
f
i n
d
h
ackers to "
d
o t
h
ei r bi
dd
i ng . . .
f
or t
h
ei r versi on
o
f
j usti ce" even t
h
oug
h
t
h
e
f
i rst l etter never sai
d
anyt
h
i ng about t
h
e mi l i tary. I personal l y was i n
t
h
e Mar i ne Corps
f
or
f
i ve years. I j oi ne
d
ou t o
f
my
own
f
ree wi l l an
d
nei t
h
er I nor anyone I knew ever
tri e
d
to tri ck someone el se ( or a group) to "
d
o our
bi
dd
i ng. " We a l rea
d
y
d
o our own
d
i rty wor k an
d
h
ave our own "
h
ackers" so we real l y
d
on' t nee
d
you to "become anot
h
er hranc
h
o
f
anyone's mi l i
tary. " Many o
f
t
h
e peopl e i n t
h
e mi l i tary ( not j ust
t
h
e tec
h
savvy computer guys, I
f
i xe
d
opti cs on
M- 1 98
h
owi tzers) rea
d
t
h
i s magazi ne an
d
wou l
d
not appreci ate bei ng compare
d
to
h
ustl ers, merce
nari es, an
d
ot
h
er suc
h
l owl i
f
es.
I ' m not sayi ng t
h
e U. S. government |o|
i ncl u
d
e
d
)
d
oes not
h
ave i ts
f
l aws, but pl ease
d
on' t
assume everyone i n t
h
e mi l i tary s
h
ares t
h
ose
vi ews. We are commi ssi one
d
an
d
enl i ste
d
men
an
d
women w
h
o are sti l l j ust as
f
ree as anyone to
h
ave our opi ni ons, vi ews, an
d
ways o
f
l i
f
e. Many
peopl e di d not
d
o anyt
h
i ng
f
or t
h
e
f
ree
d
oms t
h
ey
take
f
or grante
d
, but many
h
ave wi l l i ngl y
d
i e
d f
or
t
h
i s country so you cou l
d h
ave you r opi n i on an
d
vi ews.
No one i n any branc
h
o
f
t
h
e mi l i tary
d
eserves
wor
d
s l i ke t
h
at
f
rom anyone. Ri g
h
t or wrong, on
topi c or not. T
h
ere' s no nee
d
to tarni s
h
w
h
at we
stan
d f
or, w
h
i c
h
is mai ntai ni ng your "
f
ree an
d
open
access to t
h
oug
h
ts, i
d
eas, an
d
tec
h
nol ogy. " Pl ease
d
on' t assume t
h
at you ' re t
h
e onl y ones w
h
o care
about
f
ree
d
om. I
f
your e
d
i tors/respon
d
ers
d
on' t
approve o
f
t
h
i s country' s current mi l i tary acti ons,
t
h
at's j ust
f
i ne, but pl ease
d
on' t
d
i srespect us to
s
h
ow your opi ni ons.
I
h
ave been rea
d
i ng your magazi ne
f
or a year
now an
d
I absol utel y l ove i t. However I
d
o
f
i n
d
t
h
at your ra
d
i o s
h
ow seems to be rat
h
er l aggi ng i n
h
acker rel ate
d
content, c
h
oos i ng i nstea
d
t o rant
about past s
h
ows an
d
t
h
e FCC.
mi cah
Semper Fi
The radio show is not meant to be a rehash
Crazypete
of the magazine and it basically covers the world
CPL, USMC
of technology, privacy, consumer issues, and life Actually, there are plenty of people in the
itself from a hacker perspective of experimenta-
military who deserve words like that and a
tion, observation, and questioning. We try to
whole lot more. You are not a monolithic group
make it as interesting and infectious as possible so
of people who all think as one. You have some
that people with no technical knowledge at all are
great people and some really horrible ones.
drawn in. Focusing on the history (past shows)
We never condemned everyone in the military
underlines the signifcance of what we're doing
and our words were by no means meant to be
and keeping an eye on the FCC and their overly
aimed solely at the military of any one country.
restrictive actions is absolutely essential to anyone
It's a disservice to your organization and to the
interested in the survival of radio and free speech.
rest of us to simply turn a blind eye when some-
Those interested should go to http: //www. 2600. thing happens involving the military that would be
com/offthehook to listen live or through the
wrong in any other setting. And when members
archive. If you want the high fidelity editions, you
of any military try to get hackers to launch denial
can order them at http: //store. 2600. comand have
of service attacks against other countries, we will
hundreds of hours of history at your fingertips. speak out against it. That goes against the "free
ulumH Z
l
[0 JY
and open access " ideology you're supposedly
standing for and you should he equally outraged
at those trying to employ these tactics.
Dear 2600:
T
h
e Prop
h
et was a bit mi sl eadi ng in
h
i s
"Tel ecom I n
f
ormer" art i cl e ( 24: 2) w
h
en
h
e sa i d
t
h
at NeuStar control s system I D assi gnments. As
a cel l u l ar engi neer, I wi s
h
t
h
at t
h
i s was true. But
w
h
en t
h
e FCC pri vati ze
d
SI D assi gnments ( prob
abl y
f
or purel y i deo
l
ogi ca
l
reasons as t
h
e cost o
f
SI D management by t
h
em was probabl y negl i gi b
l

an
d
t
h
ere' s no reason t
h
ey cou l dn' t
h
ave c
h
arge
d
f
ees) t
h
ey ma
d
e it competi ti ve an
d
seven compa
n i es appl i e
d f
or t
h
e j ob, i ncl u
d
i ng NeuStar.
T
h
e gui
d
el i nes
f
or t
h
e compan i es i nvol ved are
on t
h
e U. S. FCC websi te at: http : / /wireless .
-fcc . gov/ services / cel l ul ar/ data/Admin
-istratorGuidelines0 9 0 5 0 3 . pdf
I t ' s not cl ear t
h
at any U. S. SI D co
d
es
h
ave been
a l l ocate
d
s i nce pri vati zati on i n 2 00: so i t seems
t
h
at t
h
e seven compan i es are run n i ng t
h
i s opera
ti on as a c
h
ar i ty ri g
h
t now (t
h
ey are suppose
d
to be
f
un
d
ed by
f
ees
f
rom SI D al
l
ocat i ons) .
T
h
e worst arti cl e I ' ve read i n a l ong t i me i s
"VoI P Cel l p
h
ones: T
h
e Cal l o
f
t
h
e Fut ure" by Toni
Sama ( 24: 2) . I t ' s
h
ar
d
t o know w
h
ere t o begi n
wi t
h
t
h
i s art i cl e, i t ' s s o
f
u
l
l o
f
mi s i n
f
ormati on.
Compar i ng UMA wi t
h
SI P i s bi zarre, because one' s
a ra
d
i o access protocol ( UMA) an
d
t
h
e ot
h
er i s an
appl i cati on protocol . T
h
ere' s no reason t
h
at bot
h
cou l
d
n ' t be use
d
at t
h
e same t i me. I n
f
act,
f
or any
Vol P access an appl i cati on protocol
h
as to be use
d
,
al t
h
oug
h
ot
h
ers are possi bl e suc
h
as H. 323 or t
h
e
many propri etary protocol s.
Part o
f
t
h
e con
f
usi on i s t
h
at Vol P means many
d
i
ff
erent t
h
i ngs. T
h
ere i s pure Vol P l i ke Skype,
w
h
ere t
h
e enti re cal l i s Vol P. T
h
ere are Vol P PBXs
w
h
i c
h
,
f
or secur i ty reasons, access t
h
e publ i c
network l i ke any ot
h
er system. T
h
ere are l ong
d
i stance carri ers t
h
at can be accesse
d
by any ki n
d
o
f
p
h
one an
d
use t
h
e I nternet to bypass expensi ve
i nternat i onal p
h
one l i nes, especi al l y to countri es
w
h
ere exorbi tant l ong
d
i stance c
h
arges are use
d
to garner
f
orei gn exc
h
ange. T
h
ere are compani es
l i ke Vonage t
h
at provi
d
e Vol P to t
h
e
h
ome but wi l l
eventual l y,
f
or most cal l s, convert t o PSTN proto
col s to a l l ow access. I roni ca l l y, to ensure t
h
ese
systems can i nterconnect, t
h
ey a l l
h
ave to convert
to stan
d
ar
d
PSTN protocol s . I ' m not aware o
f
any
Vol P protocol s t
h
at are i nteroperabl e ( e. g. , Skype
to Vonage) .
T
h
e bi g questi on
f
or wi rel ess i s w
h
at ' s wrong
wi t
h
t
h
ei r exi st i ng protocol s t
h
at use compresse
d
d
i gi t al voi ce ( 8- 1 3 kbps) over t
h
e ra
d
i o i nter
f
ace,
converte
d
to stan
d
ar
d
TDM voi ce ( 32-64 kbps)
wi t
h
i n t
h
e network. Wi rel ess Vol P
d
ramati cal l y
i ncreases t
h
e ban
d
wi
d
t
h
requi rements. It
d
oes not
d
ecrease t
h
em. Are t
h
e bene
f
i ts o
f h
avi ng a ra
d
i o
i nter
f
ace an
d
network t
h
at treats everyt
h
i ng as
d
ata rea l l y t
h
at great, especi al l y w
h
en muc
h
o
f
t
h
e
equi pment to
h
an
d
l e voi ce
h
as to be speci al i ze
d
ei t
h
er to provi
d
e protocol s l i ke S I P an
d
SDP or to
ensure rel i abl e
d
el i very o
f
t
h
e t i me sens i ti ve voi ce
packets?
Dl vrOc
In response to your first point, The Prophet
responds: "The writer is correct that NeuStar is
one of five companies authorized by the FCC to
perform SID administration. My article did not
state, and was not intended to imply that this
control is exclusive. For what it' s worth, we' ve
seen numerous new Sios appear over the years
in carrier PRLs; see http : / /www . rainyday .
-ca/ -dialtone for details. "
Dear 2600:
Re: "Spend Qual i ty Ti me On l i ne " ( Market
pl ace, 24: 2) , we a l l know t
h
e I nternet was onl y
i nvente
d f
or commerci a
l
exp
l
oi tati on o
f
gi r l s wi t
h
sel
f
-esteem i ssues ( a
f
ter a
l
l , sel l i ng sex servi ces
h
as
heen t
h
e
d
r i vi ng
f
actor be
h
i n
d
every maj or tec
h

nol ogy l eap) , but do we real l y

h
ave to a
d
vert i se i t
i n 260Q?
I can i magi ne t
h
i s was a toug
h
e
d
i tori al cal
l f
or
you, a
f
ter al l
f
ree
d
om o
f
speec
h
an
d
expressi on,
etc. , but t
h
e ca
l l
ous use o
f
t
h
e t er m "sl uts" to re
f
er
to women i s t
h
e worst ki n
d
o
f f
ree speec
h
. I t i s
i nci tement t o
h
atred, and
f
ran k
l
y u n l i kel y t o be 1 00
percent true. I '
d
rat
h
er i magi ne pretty muc
h
a l l o
f
t
h
e
f
our t
h
ousan
d
gi r l s re
f
erre
d
to are worki ng
f
or
t
h
e money, not t
h
e
f
un o
f
bei ng cal l e
d
s l uts.
I wou l
d
appea
l
to t
h
e advert i ser to take
h
i s
a
d
verti sements t o t
h
e I nternet on a
d
u l t-ori ente
d
si tes. 2600 rea
d
ers are probabl y t
h
e l east l i kel y
peopl e t o
h
an
d
cre
d
i t car
d
numbers over to
watc
h
nake
d
gi rl s, so pl ease
d
o not resubmi t your
advert i sement.
Nel son
Dear 2600:
T
h
i s i s j ust a
f
ri en
d
l y remi n
d
er to pl ease pr i nt
t
h
e full port i on o
f
peopl e' s l etters t o you . An e
d
i lor ' s
j ob i s t o edit, not t o s l i ce peopl e' s l etters i n
h
a l
f
.
I coul
d
be sel
f
i s
h
an
d
j ust ask t
h
at you exten
d
me t
h
i s
f
avor
f
or my own l etters,
h
owever I must
speak up
f
or everyone el se w
h
o I know
h
as wri tten
you l etters w
h
i c
h
you
d
eci
d
e
d
are u nwort
h
y to
pr i nt.
Censors
h
i p sucks, an
d
yes, 2600
h
as even
censore
d
. Pl ease stop, or at l east separate your mai l
i nto " mo
d
erate
d
" an
d
" unmo
d
erate
d
. "
Anonymous
Perhaps you're unfamiliar with how magazines
operate. Let us enlighten you. Editors edit things.
That means trimming extraneous bits, cutting
repetitive or irrelevant sections, fixing grammar
and spelling, and otherwise making the submis
sion fit for printing - assuming it' even selected
for printing at all. And all of this is at the hands
of an editor.
The "moderated" and "unmoderated"
divisions you wish for can be found on some
thing called Usenet, as well as countless
blogs and forums throughout the Internet.
That ' not what we are and it never will be.
And as for the censorship allegation, please. If
you were forbidden from expressing certain opin
ions by a government, that would be censorship.
If a magazine doesn 't print your letter, that 's their
decision and their right. You are still free to express
yourself on your own.
l
[
0 + Z%
[
ZH0
Retail
Dear 2600:
I j ust pi cked up the Spr i ng i ssue
.
from Bord
.
ers
and read a l etter about the magazi ne not bei ng
scanned. Every t i me I go t o the Borders i n Sunr i se,
Fl or i da they type i n the UPC from the magazi ne.
On the recei pt i t says peri odi cal 72 S2 743 1 586,
not the name of the magazi ne. I brought I t to the
cashi er's attent i on and even showed them the l etter
i n the magazi ne tal ki ng about t hi s i ssue. They j ust
sai d that's how they are supposed to r i ng up a l l
magazi nes. Does i t sound l i ke you
.
got proper credi t
for t he s al e? I wi l l save t he recei pt I n case you want
to show i t to Borders to prove you r case.
Mi chael
In all likelihood we did get the credit since
they entered in the proper numbers. The prob
lems occur when the numbers aren 't rung up
and the cash is just put into a general category.
Then we have to rely on the merchant 's word
that they sold a certain number. In the past we
would get the unsold issues back, then we would
just get the torn off fronl covers. Now we Simply
gel a number that is only assumed to be accu
rate because we're told it is. It's not tha t we don 't
want to be trusting but there is absolutely nothing
involVing money that gives us t his same abJ!

t y to
be beli('ved without any further v/dn:. It ' Just
another example of how the publisher isn 't prop
erly protected in the publishing industry.
Dear 2600:
Th i s i s i n response to Dave' s l etter and hi s
concerns about secur i ty wi th Ci ngul ar ( now AT&T)
i n the Spr i ng i ssue. You asked the quest i on "Why
do i n-store sal es reps need access to accounts t hat
have al ready been created? " The reason for th I S
i s s i mpl e. Upgrades. Anyone who
.
has a n eXi s t i ng
account wi t h AT&T ei t her qua l i fi es or does not
qual i fy for a di scount on a new phone i n excha nge
for extendi ng thei r contract ( l i ke a l l proVi der s) . I t I S
necessary for the sal es rep to check te web appl i
cati on you menti oned t o see I f t he i ndi vi dual qual i
fi es, otherwi se every retai l er wou l d have t o ca l l
customer servi ce to get that i nformati on a n d that
wou l d be a ni ghtmare ( 1 5- 20 mi nute hol d t i mes ! ) .
I am a rep for Radi o Shack and us e th i S system
on a dai l y basi s. I t al so al l ows us to do ot her th i ngs
such as enter a new SI M card number i f yours
was damaged, or enter a new I ME I number ( l i ke a
phone's ser i al number) if you r phone is dama

ed. I t
does however gi ve the i nformati on you menti oned
i n your l etter ( l ast four of SSN, password, etc. ) . ( t
is every rep's respons i bi l i ty to ver i fy a customer s
i denti ty before ever di scussi ng a n account Wi t h
them. I can't speak for everyone but I mysel f al ways
l ook at an | |, ask for the l ast four or the password,
and never l et a customer l ook at the screen unl ess
I ' m absol utel y s ure they are who they say they are.
You must remember there are goi ng to be securi ty
hol es everywhere and, wh i l e that's not very reas
sur i ng, i t sadl y i s t he truth.
I hope someone from AT&T reads your l etter
and takes acti on to stop these practi ces but they
can't stop everyon
.
e. I f you're r

al l y
.
concerned
about pri vacy and i nformati on bei ng gi ven to the
ulumH Z
wrong person, I woul d suggest prepai d servi ce. Al l
you have t o do i s h a n d someone some cash, get a
PI N, enter it on your phone, and you're good to
?
o,
no quest i ons asked. It is, however, more expens i ve
then a postpai d account ( dependi ng on how much
you tal k) , but pr i vacy comes Wi t h a pr I Ce. As for t he
graph you ment i oned t hat shows whether you ar e a
profi tabl e customer or not, I have not seen t hi S on
our systems, but each retai l er may have thei r own
software to access AT&T' s i nformat i on.
I hope t hi s has answered your questi ons and
those of anyone el se who i s concerned about t hei r
pr i vacy.
Justi n
Dear 2600:
Whi l e I was readi ng the l atest edi t i on, I noti ced
peopl e expl ai ni ng that Barnes and Nobl e had to
manua l l y enter the pr i ce of the magazi ne. I al so
read your expl anat i on that the pr i ce IS embedded
i n the UPC i tsel f. However, that part of the argu
ment i s i rrel eva nt
.
Why? Because Ba rnes and
Nobl e uses NCR for thei r POS system, much l i ke
my own pl ace of empl oyment. They use a database
system for a l l UPC prcess l ng. Ours l S cal l ed Un i ty.
The process is a s i mpl e grab and r un type system.
Empl oyee sca ns the ba rcode, t he system checks
the UPC i n the dat abase and di s pl ays the pri ce.
( Because NCR a l l ows you to cha nge the pr i ce on
every s i ngl e UPC i n exi stence, pri ce embeddi ng i s
usel ess . )
I n some cases as i t i s wi t h Ba rnes and Nobl e
and the f l uct uat i ng pr i ce of magazi nes, NCR gi ves
a ni ce l i tt l e opt i on t o prompt for pri ce ( i . e. , manu
a l l y enter i ng the pr i ce) . And such i s the way of the
NCR system, Ba rnes and Nobl e, and many other
pl aces.
John
| have since leared (through another
reader) that we were mistakf'f l in our belief that
the price was embedded in the l/C. Our only
concer comes from those inst ances where the
UPC is not entered (either manually or by scan
ning) and the resulting non-counted issues are
billed back to us. So (ar only Bares and Noble
has this policy of charging publishers for "missin
issues and we hope to see an end put to It as It 5
horribly unfair to those of us who have no control
over how many issues get lost, shoplifted, or
pilfered by employees.
Dear 2600:
I wanted to l et you know that, wi th sal es tax,
one i ssue of you r magazi ne now comes to $6. 66
where I l i ve.
Thank you.
Trol l axor
Whatever we can do to add a little joy to life.
Dear 2600:
I n 24: 2, Raven wri tes that he purchased
2600 at Borders i n West Lebanon, New Hamp
s hi re, and the magazi ne di dn' t scan correct l y. I
have purchased the l ast two i ssues at Barnes

nd
Nobl e i n Manchester and each t i me the magazi lle
scanned correctl y. And wi t h my member card, I not
onl y get 1 0 percent off, I have the sati sfacti on of
l[
0 +
knowi ng that the government knows I ' m i ntel l i gent
and dangernus.
I woul d al so l i ke t o note that whi l e t hi s Barnes
and Nobl e was several days l ate i n gett i ng the i ssue
to the stands, they al ways have had i t di spl ayed
promi nent l y.
Mi chael
Encryption
Dear 2600:
From the auto- responder for art i cl e submi ssi ons
at articles @ 2 6 0 0 . com:
" We don ' t recommend sending /'C/
encrypted articles as we frequently have prob
lems with people using the wrong keys and/or an
incompatible version. If it doesn ' t work right away,
we discard it and move on to the next submis
sion. Since your article may be appearing in the
magazine anyway, encryption isn ' t a necessity. If
you want to be anonymous, we suggest using an
anonymous remailer ill/ead. "
I t ' s bad enough that fi nanci al i nst i t ut i ons,
government agenci es, doctors, l awyers, and nearl y
everyone el se who shou l d be usi ng PCP does n' t.
But for a hacker magazi ne, and not j ust any ol d
hacker magazi ne but The Hacker Quarterly to
di scourage i ts use is j ust pl ai n shamefu l .
Rather t han di scouragi ng i ts use whol esal e and
offer i ng a bunch of l ame excuses, hel p ensure that
i t' s used correctl y:
" We frequently have problems with people
using the wrong keys. " Publ i s h the key fi ngerpri nt( s)
i n the magazi ne.
" We frequently have problems with people
using. . an incompatible version. " What versi on
are you us i ng? Ment i on that al ong wi t h the key
fi ngerpr i nt.
"Since your article may be appearing in the
magazine anyway encryption isn ' t a necessity. "
Let ' s assume that your ema i l and mi ne are both
bei ng moni tored. I t ' s ent i r el y poss i bl e that one
woul dn' t want the art i cl e to be known to any thi rd
parti es unt i l i t ' s publ i shed.
" If you want t o be anonymous, we suggest using
an anonymous remailer instead. " That does n' t sol ve
the probl em of submi tt i ng an art i cl e pseudonony
mousl y, and sti l l cl ai mi ng the swag. Encrypt i on
does sol ve that probl em ( t o a degree) .
As hackers we shoul d be us i ng ( and encour
agi ng the use of) PCP. Thi s is a techn i cal i ssue, a
soci al i ssue, a human r i ghts i ssue, an i deol ogi cal
i ssue, and a very real pol i t i cal i ssue.
Atom Smasher
762A 3B98 A3C3 96C9 C6B7
582A B88D 52E4 D9F5 7808
to remain off the radar. It doesn 't matter if you
know which version we happen to be using at the
moment. This will still happen. And even if there
are no issues at all, if you go and send us a nice
juicy article that happens to be encrypted from
your whitehouse. gov account, there will still be
a record of the fact that you sent us the email
in (he first place which is more than enough to
make your superiors suspicious. PCP solves some
problems when used properly but not all. But the
real issue is that until our grandmothers can use it
easily, it' not cnough. After all, how many people
who don 't read this magazine would even know
the purpose of the second line of your signature?
Until we build a system that everyone can use, we
will continue to see most people use it improp
erly And that, unfortunately, is just something we
don 't have the time to resolve. The priority in this
case is to receive the articles as quickly and effi
ciently as possible. Our key is published at http: //
www2600. com/magazine/2600pubkey. txt and
we do decrypt articles that are properly encrypted
to it. But, as mentioned, when it doesn 't work
we have to simply move on to the next one due
to time constraints. So if you know what you're
dOing, great. If not, your submissions will be lost.
And, as mentioned, most pcop/e will fall into the
latter category.
Dear 2600:
The noti on that crypto can stop an i nvesti ga
t i on pendi ng agai nst you i s absurd. I t's cal l ed a
subpoena. If your di s k is encrypted and they can ' t
crack i t, they can get a subpoena from t he j udge
requi r i ng you to tel l them how to decrypt i t. I f you
don ' t compl y wi th the subpoena, you go to j ai l for
contempt of court and stay there unt i l ei t her a) you
tel l them what they want to know, or b) the j udge
deci des you ' ve l earned your l esson. So, un l ess the
cr i mes you ' re bei ng i nvesti gated for are extremely
ser i ous ( i . e. , you ' d be faci ng ten years or extradi
t i on t o a cou nt ry wi t h a l ess t han sterl i ng humani
tar i an record), i t probabl y i s n' t worth your whi l e to
try to buck the system.
SodaPhish
l always worth your while to try and hold
on to as much privacy as you can. The notion that
only important stuf should be protected defeats
the entire purpose of protecting your privacy.
Everyone has their own limits but that doesn 't
mean you have to make it easy for them. For
example, just how much can you be prosecuted if
you've actually forgotten your password?
Questions
We honestly don 't disagree with any of your
Dear 2600:
points. But the fact remains that the system just
Thought I ' d wri te to see i f anyone cou l d wei gh
isn 't simple and intuitive enough for a lot of
i n on whether or not thi s i s even possi bl e. I was
people out there. We don 't have the time for all
dr i vi ng to work one day l i sten i ng to the South
of the hand holding that would be needed to
Fl or i da publ i c radi o stati on (WXEL) when I came to
resolve the problen
1
s. People continue to send
a traffi c l i ght compl ete wi th overhead power l i nes,
us PCP mail from keys that we haven 't used in
etc. The radi o si gnal started to get weak ( heard a l ot
years, despite the existence of a current one on
of stati c) , then I heard tal k i ng agai n over the stat i c.
our website. The mere fact that (here are version
As I l i stened, I real i zed it was Howard Stern ' s show.
incompatibilities necessitates all kinds of back
It took me a second before it hi t me that Howard' s
and forth unencrypted correspondence which is
now on satel l i te radi o. I t happened one more t i me
usually tllf las( thing people want if they're trying
at another traffi c l i ght before I ar r i ved at work. I
l
[
0 +Z
Z%
[
ZH0
am 1 00 percent posi t i ve it was Stern ' s show but
how can satel l i te and radi o si gnal s somehow cross?
My brother bel i eves I s i mpl y thought I was hear i ng
someth i ng el se, but I ' m posi t i ve. If anyone knows
whether t hi s coul d be possi bl e i n any way, l et me
know.
dl uvaisha
You'd be surprised how many times this exact
scenario has played out. What ' happening (and
what increased dramatically since Howard Stern
moved to the Sirius satellite system) is that people
are using converters to allow the satellite signal
to be heard on their regular car radios. So they
receive the audio from the satellite and then
retransmit it on what is supposed to be a vacant
FM frequency Some of these devices overdo i t a
bit though. Not only do they transmit well beyond
the immediate vicinity (which should only cover
one's car) but they even interfere with existing
stations, particularly those on dd. l FM (the
default setting on most of these devices) . Other
radios tend to get overpowered when they're right
next to an offender, usually at trafic lights.
Dear 2600:
I recent l y pul l ed off a CPS tracki ng devi ce from
the rear bumper of my car. Due to past experi ences
wi th the FBI , I fi gured they i nstal l ed i t and I had
my attorney cal l the l ocal fi el d offi ce. The Feds
were not onl y respons i bl e but they wanted t hei r
very expensi ve pi ece of equ i pment back. Needl ess
to say, I ' m keepi ng i t. We a l l know i t wou l d end
up on someone el se' s bumper and, l i ke me, t hei r
every move wi l l be tracked for who knows how
l ong. Asi de from some scr i bbl ed numbers, there
are no manufactur i ng i dent i fi ers on the devi ce.
The battery pack uses Saft batteri es (w. saftbat
-teries . COR . Al l sect i ons are backed wi th strong
magnets.
Thank you for focus i ng attent i on on the state
of repressi on in t hi s country; i t ' s i mportant that
peopl e know. The vi ct i ms of thi s sort of t hi ng have
few, i f any, opti ons for stoppi ng i t. For those who
send i n l etters argu i ng that the probl em i s bei ng
overbl own, I ' d chal l enge them t o trade pl aces wi t h
me for a day. I ' m s ure they' d l ove the unmarked
veh i cl es, break- i ns, and rai ds. These are rea l i
t i es I deal wi t h despi te no charges or convi ct i ons.
I f peopl e wal k the l i ne i n t hi s country and never
questi on anyt hi ng, then yes, they wi l l probabl y l i ve
a total l y predi ctabl e l i fe. But I thi n k most i n t hi s
communi ly lend the other way, whi ch means i t
won ' t be l ong unt i l they' re pu l l i ng one of these off
of t hei r bumper too.
El ana
h i m a few tri cks i n Wi ndows wi th Tweak UI but he
tol d me never to use hi s computer agai n. He even
made fun of me for not knowi ng L i nux and own i ng
a Mac.
Thanks for any i nformati on you can gi ve me
about soci al engi neeri ng t hi s guy!
.
Haroon the Hacker
If you can 't become a hacker by pestering
a big, fat, bearded slob of a bar owner into
teaching you the tools of the trade, there really
isn 't anything left that we can think of We can 't
imagine what you'rE doing wrong; that approach
usually works.
Dear 2600:
I ' m from Serbi a, Europe ( al most) and I was
wonder i ng i f you ' rE mayhE i nterested i n di stri b
ut i ng 2600 Magazine al ong wi t h t-sh i rts, sweat
s hi rts etc. on the Serbi an market, whi ch by the
way i s not bi g but I th i nk your mater i al wi l l be
more than wel come here. Of course, there i s al so
a nei ghbori ng market ( Bosni a, Croati a, Sl oven i a,
Macedoni a) . We can cover al l of t hese for you.
Zoran
Novi Sad
We can offer bulk discounts on stuf we ship
from here and if there was enough interest in actu
ally originating the material over there (printing
shirts, etc. ), we could work with you on that. Send
us email or postal mail with as many particulars as
possible and we'll sec what 's possible.
Dear 2600:
I fi na l l y got around to watchi ng feedom Down
time. I t i s an eye-opener for s ure ( as wel l as qu i te
comi cal ) . I n fact, I l i ke i t so much that I wou l d l i ke
to make it vi ewabl e/downl oadabl e on my server
al ong wi th a bunch of other i nfo about Kevi n.
So bei ng a subscr i ber and knowi ng that you
guys sel l i t on l i ne wh i l e al so havi ng the greatest
respect for the 2600 i nsti tuti on that you guys have
bui l l up from scrat ch over the past 25 or so years, I
wou l d l i ke to know whether or not I have permi s
si on to pl ace i t on my server for vi ewi ng/down l oads.
I f i t affects you r dec i si on, the copy that I have i s a
reduced qual i ty versi on that I got off of a torrent,
and, obvi ousl y, I don ' t i ntend to make or charge
any money whatsoever off of the down l oads.
Th i s may seem l i ke a r i di cu l ous request to
outsi ders, but over the years I have seen that 2600
does al l ow free di st r i but i on, on occas i on, of i tems
such as the radi o programs and audi o for confer
ences as l ong as i t is di st ri buted for free. So I woul d
j ust l i ke a l i ttl e fri endl y cl ar i fi cati on.
Whi l e I am at i t , what i s your pol i cy on scanned
( PDF, etc. ) versi ons of your magazi nes? I move
Dear 2600: around a l ot and have l ost qui te a few of my 2600's
A l ocal bar owner I know uses UNI X and has a over the years so I have begun to di gi t i ze them i n
l ong beard a n d wears t hi ck gl asses. He i s al so very order to avoi d any future l oss. Am I al l owed to have
fat. When he gets dr unk he tal ks about the good ol d t hem on di spl ay on my server or even downl oad-
days of Commodore bul l et i n boards and fl at data- abl e? I haven' t seen a l etter i n any of my i ssues
bases. Addi t i onal l y hi s bar i s qui te fi l thy. Therefore regardi ng your opi n i on or, rather, decree on how
I bel i eve he is a hacker. t i ght you guys hol d onto copyr i ght and i ntel l ec-
I real l y need to become a hacker and t hi s man tual property r i ghts/l aws on your warez. Perhaps i f
i s my onl y hope. My questi on i s how do I approach you guys respond to me you can cl ar i fy t hi s for the
h i m about mentor i ng me? I keep showi ng up at hi s communi ty.
bar but he gets dr unk and yel l s at me for l oi teri ng. By the way, l ove the new magazi ne format,
Someti mes he fal l s asl eep. One t i me I tri ed to show especi al l y s i nce your puhl i sher has l earned how
ulumH Zl
[
0 +J
to do t hei r j ob and cure the cover i nk proper l y.
Al t hough it does show wear and tear much sooner
t han the ol d versi on, I fi nd that I have i nadvertent l y
stumbl ed upon a new 2600 tradi t i on of deter
mi n i ng the worth of an i ssue by how worn out i t
has become'
Pha |_Saph
The radio shows, conference material, and
"Freedom [owntime" are all permitted to he
redistributed as long as they're not resold or edited
in any way. We hope that people will continue to
huy the original material from us as well SC we
Cdn do future projects. Since the magazine is
what keeps us in existence, we don't want i t rpdis
trihuted in the printed format as that i s a direct
copy of what we sell. We don 't have a problem
with the article text being redistrihuted bUI lhe
entire contents of the magazine, layout and all,
is a different mailer. ThaI :, our backbone and if
we lose it, we loS the whole thing. It', espfcially
important in our caS since we are / || percent
supported hy our reaclers and not hy adverliscrs.
Ucar 2b00:
Ci ven that therr' a rC no gu,Ha ntees i n l i fe
anyways, what wou l d you Si'y to d cur i oLs one who
wonci ers ,1 pproxi matel y wh,' n the cl'adl i m' is io,
l etters to t lw edi tor for the next i ssue! Th1 ks !
Omi d
We would ,ay that you {ade the dea(/line.
t: )ngr.1 1 (!lat ions.
|n0|/.:
and tol d me to wr i te to the peopl e in Wash i ngton,
sendi ng them copi es of my rel ease l etter and j udi
ci al order and that shou l d cl ear t hi ngs up. Th i s I
prompt l y di d vi a FedEx, whi ch they recei ved on
Apr i l 2 nd. The response I eventual l y recei ved from
them at the end of May was that they had nothi ng
i n thei r fi l es on me and were doi ng t hi s t o me
because t he F l or i da Department of Law Enforce
ment had an i ssue wi th me, that i s, they pl aced me
on the sex offender regi stry.
Over a l ong weekend here in the country
where I work, I went back to Pennsyl vani a to hel p
my mother move i nto a sen i or ci t i zens ' commun i ty.
When I l anded i n Mi ami , the I mmi grati on peopl e
di d t he s ame t hi ng t o me, except t hi s t i me they
had " I CE agents" confi scate my l aptop and USB
memory st i ck. I protested and asked why t hi s was
happeni ng. An agent asked me what I had gone to
pr i son for. I tol d h i m and was i nformed "that ' s why. "
They used a customs form to l i st what they took but
never compl etel y f i l l ed i t (ut , such as the reason
for confi scati on, etc. I was tol d by the agent that
t hei r for ensi c peopl e wou l d l ook at i t the next day
dnd i t wou l d be fi ni shed by then and I cou l d get i t
back when I returned t hrough Mi ami . The next day
I cal l ed hi m to f i nd out the stat us of the l aptop and
he tol d me the for ens i cs guys had pi cked i t up l ate
and i t wou l d not be ready that day. He al so tol d me
that he had to l eave for four days and that I needed
to stdY i n touch wi th hi s partner. I spoke wi th hi s
partner over t he next few days as ki ng about the
stat us of the l aptop. He kept tel l i ng me thit every
t h i ng was fi ne, but there were some encrypted
fi l es on there and he asked i f t hey cou l d have the
Ucar2b00:
passwords. I t ol d hi m no, t hey cou l d not have the
I am c\ Un i ted St dt es ci t i zc'n ,md current l y work
passwords, s i nce one was t he UN' s mai l fi l e and
' o t l)(' Un i ted N,i ons i n Hai t i . | wou l d l i ke you r
t i l ot her I di dn ' t l'ven remember .myrore. On
opi ni on on whdt i s happen i ng t o me.
Monday the 21 st of M,Y. I spoke wi th hi m agai n
I n ''7 I WeS au Lsl,d ( fcl scl v, I assert) and
and he s,l i d he wou l d meet me as I depl a ned to
convi ct ed ( fraudu l ent l y, I assert) recei pt and
return the I ,lptop. When I ar r i ved i n Mi ami on
possess i on of c h i l d pornography. My l i fe h,l S tLl red
ruesday, he di d i ndeed meet me a t the pl ane, but
I I l l o hl' l l . | recei ved O mont h sentCncc ;l Il d
wi t h a nother agent and no l aptop. He apol ogi zed
served 42 mont hs (one th i rd i n sol i tary l ockdown) .
t hat he di d not get back to me but sai d they coul d
I t W,l S i mposs i bl e to get a job and as D grown lIl an
not rel lase the l aptop wi t hout get t i ng i nt o Ihose
I had to l i ve wi t h my mother. Th i ngs fi nal l y beg,l
encrypt ed f i l es. I asked hi m whi ch f i l es he was
to cha nge i n earl y 20()4, two and a hal f yCars after
ta l k i ng about ,md he ;l gai n apol ogi zed that he was
bei ng rel eased. After I H months of wor k i ng for a
not very fami l i ar wi th computers.
company i n I.as Vegas and then for a contractor
The femal e agent asked me some quest i ons l i ke
i n the Mar i ani I s l ands, I fi nal l y started wi t h my
where I bought the l aptop, when I bought it, etc,
present empl oyer, the Un i ted Nat i ons Department
and then they took my ema i l address, promi s i ng to
of Peacekeepi ng Operat i ons.
l et me know whi ch fi l es they needed i nfo for. To
My probl em i s t hat every t i me I enter the
date I h;we not heard from them and I sti l l don ' t
Un i ted States, I am harassed by t he I mmi grat i on
know whi ch fi l es t hey want passwords for. I n truth,
and Customs peopl e. I am pul l ed off i nto a sepa-
I may not know the passwords anymore, and I defi -
rate room wi t h i mmi grants, etc. , and forced to wai t
ni tel y cannot know unti | they can tel l me exactl y
anywhere from mi nutes t o fou r hours ( they
what they are tal ki ng about. One of the agents
have caused me to mi ss two f l i ghts) , and then my
took great care to state that one of the fi l es they
baggage i s ransacked. Th i s has occur red every t i me
were i nterested i n was "accessed" two days before I
I enter the U. S. , even when en route to another UN
arr i ved i n the U. s . I asked h i m i f i t was successfu l l y
assi gnment . I travel wi t h a Uni ted Nat i ons Lai ssez-
accessed but he di d not repl y.
Passer, whi ch is a type of passport for offi ci al busi -
I compl etel y san i t i zed the computer before I
ness as wel l as my regu l ar '. b. passport.
came to tbe U. s. i n case any traces of any ki nd of
At the end of March of t hi s year the exact same
quest i onabl e mater i al mi ght sti l l be on there. The
probl em happened to me. I got a l i ttl e upset at
agents repeatedl y stated that everyth i ng was OK
the offi cer at I mmi grat i on, who fi nal l y expl ai ned
but for the encrypted fi l es. I do not feel I shou l d
t o me t hat my probl ems were happeni ng because
have to gi ve the government my passwords and I
t hei r computer system showed that I was sti l l under
feel they shoul d ret ur n the l aptop to me s i nce i t
federal sUJervi sed rel ease! He gave me a fact sheet
di d not even enter the count ry, but was taken i n
l
[
0 ++
Z%
[
ZH0
customs.
I th i nk t hi s whol e th i ng was done wrong, and
after al l t hat has happened to me I must say that
I am now compl etel y terri fi ed to enter the '. b.
The UN routes most of i t s assi gnments t hrough
the U. S. , and i f I keep gett i ng del ayed by customs
wh i l e j ust en route to another overseas assi gnment,
thi s nonsense cou l d eventual l y cost me my j ob.
The l aptop i s my personal property. However,
I use it mostl y for my work as a broadcast engi
neer for the UN. The agents repeatedl y asked me
thi s and I repeatedl y tol d them that i t was used
for work, but t hi s di dn' t seem to s i nk i n . Th i s has
caused me to l ose most of my project work for the
country where I am stat i oned as wel l as my ema i l
arch i ves, a n d has set me back consi derabl y.
Havi ng tol d you a l l t hi s, I am wonder i ng if there
i s anythi ng you th i nk can be done and what my
opt i ons are. I do not want to gi ve up my passwords.
There i s noth i ng i n the encrypted fi l es except empty
fol ders. I purposel y created the encrypted stuff j ust
to gi ve them fits i f they ever confi scated my l aptop
and i t seems to be doi ng the tri ck. Th i s i s a matter
of pr i nci pl e and harassment. I am ti red of bei ng
harassed by the government and I wou l d l i ke t o get
somet hi ng done about th i s.
Te I nvi si bl e Man
Whatever crime it was that you were convicted
of (falsely or not - that simply doesn 't matter once
you're convicted), you've served your sentence
and you've been released. What you're experi
encing here is pure harassment at the hands of
law enforcement and they can get away with it
because of the current hysteria in our country
regarding anything even remotely linked to child
pornography. So don't expect much in the way of
public sympathy. That doesn 't mean you shouldn't
fight this at every step. If you are indeed listed
as a sex offender then you must acquaint your
self with what law enforcement can legally do to
you - locally and federally. Unless there is specific
suspicion of a crime, you cannot be compelled
to hand over encrypted files. In fact, your entire
computer should be pass worded and off limits
to them. A decent lawyer would obViously know
more about this and it certainly sounds as if having
one would benefit you. While fighting this battle,
make sure you have a means of getting access to
your work even if they hold onto your laptop. You
can store critical files remotely and gain access to
them from a different machine if necessary. This
is good advice for anyone traveling in case of a
hardware failure or theft. The thing to remember
is that our legal system is currently set up so that
offenders "re-offend. " They want you t o fail and to
go back into the system. Ask anyone on probation
or supervised release.
where money came from and whether there was an
anal ogy in h i story.
Let's say I ' m a caveman and I l i ve i n a commu
n i ty of cavemen. I have spent the whol e day gath
eri ng berri es. L i kewi se wi th my two fri ends, one
of them spent al l day ki l l i ng an ani mal , and the
other spent al l day start i ng a fi re. Now I wou l d l i ke
some meat and a fi re to cook that meat on i n order
to have a wel l ba l anced di et. I trade some of my
berri es wi th the fri end who has meat and t he fri end
who has fi re. Now i f the fri end who has fi re sai d I
am onl y al l owed to cook one pi ece of meat usi ng
t he f i r e he traded me because that's al l the fi re
l i cense al l ows, I woul d be pretty upset. Hopefu l l y
the fi re wi l l l ast me the ent i re ni ght unt i l a l l of my
meat is cooked.
Fast forward to present day. For most peopl e,
havi ng a home PC equ i pped wi th an OS is not
necessary for s urvi val - un l ess you happen to make
your l i vel i hood off of your computer. I n any case,
a si ngl e user l i cense for a pi ece of software does n' t
make sense t o me. I pai d for t hi s CD and I i ntend
to use thi s CD any way I see fi t. I used money to
acqu i re phys i cal property. Now someone mi ght
say, why not j ust use software under the GPL l i ke
Debi an? Back when I fi rst was purchas i ng software,
i nsta l l i ng and us i ng that type of software was the
equ i val ent of l ayi ng my meat on some rocks and
l etti ng the sun cook t hem ( as i n i t woul d t ake a
real l y l ong t i me) . I wanted someth i ng that worked
ri ght away and fast. Now my opi n i ons have changed
and I wou l d l i ke to get to know my OS better, so
I use Debi an where I don ' t have to worry about
breaki ng the l aw for us i ng a pi ece of physi cal prop
erty I bought. I ' m not tryi ng to advert i se for Debi an
i f that's what i t l ooks l i ke. I am s i mpl y sayi ng t hat I
hate restri cti ve software l i censes and the restri cti ve
software l i censes themsel ves shou l d be outl awed.
carbide
Gratitude
Dear 2600:
I have been a l i feti me subscr i ber to 2600 si nce
1 998. Si nce that ti me I have moved l ocati ons more
t han ten t i mes ( comes wi th the l i fe) . Several ti mes I
went wi thout my subscri pti on for a year. Neverthe
l ess the staff at 2600 al ways sent me my back i ssues
and has vi gi l ant l y fol l owed my mai l forwardi ng
requests every step of t he way. Thanks, 2600, best
$260 I ever spent, seri ousl y.
( Thi s l etter not endorsed or prompted by 2600
i n any way. )
Jane Doe
Observations
Dear 2600:
Dear 2600:
Oh my God.
To start off thi s story, l et's make a few defi ni - Okay. I was j ust post i ng a bul l et i n on MySpace
ti ons. Berri es wi l l mean money. Meat wi l l mean about some pol i t i cal stuf and I added a l i n k at the
a Pc. And fi re wi l l mean the operat i ng system. bottom. Wel l , I was revi ewi ng i t j ust before I posted
The probl em I have wi th some software l i censes it and I noti ced that the l i n k had changed l i ke t hi s:
i s t hat i f you go out and buy a box wi th software ww. awebsite . com/ aspecifclocation/in
i n i t usi ng your hard-earned cas h and you have
-dex . html
two computers at home, in most cases you are
to
onl y al l owed to i nsta l l it on one computer. Thi s
ww. msplinks . com/ aksh3 2 7 hklsdf 0 9 s
not maki ng sense t o me a t a l l compel l ed me to ask
-8 7 7 shdklfha0 9 3 9u9u0 2 3 4 2 8 3hsdkfj
ulumH 2l
[
0 +
Anyway, it t ur ns out that mspl i n ks is servec on
MySpace' s nameservers and, the company t hat ' s
i n charge of mspl i n ks i s a company cal l ec Mark
Mon i tor ( sl ogan: " Maki ng the I nternet Safe for Bus i
ness" ) . I di d a whoi s l ookup on mspl i n ks and here' s
what I got:
MySpace, Inc. ,
Oomain Name: msplinks. com
Administrative Contact: Fox Croup Legal lntel
lectual Property Oept.
Yeah, t hat ' s ri ght. Fox Group Legal I ntel l ectual
Property Dept.
.
Wel l , th is most likely means one t hi ng: MySpace
i s i n affi l i at i on wi t h Fox and i ts l awyers to track i ts
users to see i f they' re post i ng any i ntel l ect ual prop
erty of Fox (Family Cuy etc. ) . Thi s i s probabl y due
to pressu re on MySpace by Fox to come up wi th a
"sol ut i on" that works for everyone.
The mspl i n ks i s added after you take your
bul l et i n from the edi t i ng stage to the previ ewi ng
stage and the l ong str i ng after the . com/ is most
l i kel y associ ated wi th the upl oadi ng user i n a cata
base that Fox has i ts hands all over.
1 . I was never tol d of th i s by myspace. com
and l i kel y wou l d never have found out i f I hadn' t
happened t o noti ce i t.
2. Does Fox have any other i nformat i on about
me besi des bei ng abl e to i denti fy me as a uni que
us er on MySpace?
3. WTF?
Anyway, I hope thi s hel ps. I f you are concernec,
pl ease feel free to ema i l MySpace. I ' m s ure t hat they
woul d love to hear everyone bi tchi ng about i t.
Rev. Troy (Subgeni us)
This is definitely something to be concerned
about but it' hardly earth-shattering. MySpace
was bought by Rupert Murdoch: News Corpora
tion (parent of Fox) way back in luly of 200'.
Dear 2600:
My nei ghbor ' S burgl ar al ar m went off t hi s
mor n i ng and after i t kept goi ng for a whi l e I wal ked
around t hei r house to see if anybody was goi ng to
do somet hi ng about i t. Apparent l y my nei ghbors
weren' t home because there was no si gn of l i fe,
but they had several " Protected by Br i nks" si gns
on the l iwn. So I cal l ed Br i nks to see what they
had to say. After navi gat i ng thei r automated phone
system to get to an operator I was asked to enter
the phone number of the l ocati on where the al arm
i s i nstal l ed. Si nce I di dn' t know my nei ghbor ' S
phone number I had to ent er " #" several t i mes t o
get t hrough to a person. I expl ai ned to the Br i nks
representati ve t hat my nei ghbor ' S al arm was goi ng
off. When they asked me for my nei ghbor ' S phone
number I expl ai ned that I di dn' t know i t but I
gave them my nei ghhor ' s address. After checki ng
t hei r records they happi l y i nformed me, " Oh, t hat
address i s n' t moni torec. " Ni ce! What if I had been
a bur gl ar casi ng the nei ghborhood to fi nd unmoni
tored al arm systems? I t wou l dn' t t ake a geni us to
soci al engi neer these i di ots who are a l l too eager to
tel l you whi ch addresses are moni tored and whi ch
aren ' t .
Arcade One
Dear 2600:
other day and was havi ng troubl e gett i ng some
fl owers to r i ng up. The associ ate had to come over
and manual l y enter the pri ce. Whi l e he was doi ng
t hat I noti ced t hat t he fl ora l code f or manual l y
enter i ng a pri ce i s "2 600. " J ust thought you guys
woul d l i ke to know. Keep up the good work!
Jason
Flowers. How nice.
Dear 2600:
I recent l y j oi ned the Li bertar i an Party and
noti ced the address for the Li bertar i an headquar
ters i s: 2 600 Vi rgi ni a Avenue NW, Sui te 200, Wash
i ngton DC 2001 7. I s ?00 fi nal l y i nfl uenci ng the
pol i t i cal parti es?
Matthew
It might also be interesting to note that this
is the address of the Watergate Hotel, the only
building ever to take down a president. But we're
going to continue to say that we named ourselves
after the frequency since that 's far less suspicious.
Dear 2600:
I wanted to share an experi ence that I j ust had
i n a l ocal Borders Books. I went i nto the store
l ooki ng for the new Summer 2 007 i ssue. Mi nd you,
t hi s i s the fou rth consecuti ve week I ' ve gone i nto
the store searchi ng for what I consi der to be the
Hol y Gra i l of computi ng, and I ' ve yet to get i t. I
guess when I fi nal l y do get my hands on the new
i ssue, i t wi l l be that much better. I di gress. So, as I
was standi ng there at t he magazi ne rack hopel ess
l ooki ng for 24: 2, I saw a boy of no more than ten
t humbi ng t hrough a Macworld magazi ne. I thought
back to when I was that age ( I ' m now 2 1 ) , and how
I woul d have k i l l ed to even have heard of ?00. I
found an ol d i ssue on the shel f ( 24: I ) , handed it to
h i m, and sai d, " I f you real l y want to expand your
mi nd about computi ng, read t hi s . It wi l l change
your l i fe. I ' ve been readi ng i t for three years now
and i t's the greatest magazi ne ever. " He s mi l ed at
me and sai d, " Ni ce s hi rt . " I l ooked down and real
i zed t hat I was wear i ng an Appl e t-s hi rt. You know,
the one wi t h the retro l ogo. He then l ooked to hi s
grandfather who was beh i nd h i m. The grandfather
s mi l ed at me and asked hi s grandson i f he wanted
the magazi ne. The grandson nodded hi s head yes
and off I went. I can' t hel p but t hi nk that I j ust woke
someone up from a s l eep and offered them the red
pi l l . Hopeful l y that wi l l not be the l ast i ssue that
he reads. Thanks aga i n for gi vi ng me a for um to
expand my mi nd and consci ousness.
Fiat justi ti a ruat cael ur.
Cyphertrex
Let: hope he wasn't too traumatized. Or
freaked out if he sees this letter.
Dear 2600:
I n response to S. Pi dgorny's comments about
the Austral i an E l ectoral System ( 24: 2) , peopl e who
don ' t vote are fi ned, but i f the person enrol l s to vote
agai n that fi ne wi l l be voi d. So one cou l d refuse to
vote and after bei ng fi ned j ust re-enrol l .
I n t h e case of vote theft, i t i s i mposs i bl e to
di scard the fraudu l ent vote s i nce the E l ectoral
Commi ssi on does n' t know who cast whi ch vote
s i nce i t ' s anonymous. I am unaware what acti on i s
I was us i ng the s el f checkout at Al bertson' s the
l
[
0 +

Z%
[
ZH0
taken i n t hi s case.
I t i s poss i bl e to cast mu l t i pl e votes as one person
or a group of peopl e wi thout the need to assume a
real person' s i denti ty t hough. I had a fri end whose
l i festyl e was extremel y nomadi c, mostl y because
he wanted to be harder to fi nd. When he enrol l ed
to vote, i nstead of submi tt i ng a " change of address"
form, he wou l d submi t a " new enrol l ment" for m.
Thi s l ed to hi m bei ng counted as a new person
every ti me and he ended up wi t h 22 "versi ons" of
h i msel f on the el ectoral rol l , a l l val i d and a l l wi th
the abi l i ty to vote.
Us i ng t hi s method to " r i g" an el ect i on wou l d be
qu i te di ffi cul t, especi al l y a federal one. But i t defi
n i tel y cou l d be used to hel p a candi date wi n a seat.
The Aust ral i an E l ectoral System can be expl oi ted
but fort unatel y (or unfortunatel y) not enough
peopl e care about pol i t i cs to expl oi t i t.
aci di e
Dear 2600:
Phi l l i p Torrone had a good pi ece i n " Hacker
Perspecti ve" back i n the Wi nter 2 006-2007 i ssue
whi ch made me thi n k about a l ot of t hi ngs. Thi ngs
future, present, and past and how much t he hacker
worl d or communi ty has changed over the years.
I real l y enj oyed Mr. Torrone' s art i cl e and that i s
what prompted me to fi nal l y wr i te i nto 2600 after
20 somethi ng years of readi ng it (yeah, I ' m an ol d
s kool 2600 reader) .
I count mysel f l ucky to have been i nto hacki ng,
phreaki ng, cracki ng, etc. back i n the heyday
of the ear l y to mi d 1 980s. I know i t was not the
begi nni ng - some anci ent Greek phi l osopher and
Captai n Cr unch beat us al l to the punch i n terms
of creat i ng hacki nglphreaki ng - but that magi cal
per i od smack i n the mi ddl e of the 80s was defi
n i tel y a hacker's paradi se. The l ong shot of i t i s that
a l ot of ki ds l earned a l ot of t hi ngs that they other
wi se woul d have never been exposed to. And sure,
some of the stuff we di d was wrong. I t happens. We
were young, dumb, and fu l l of cur i osi ty. But the
bi g l esson of our hacki ng youth was not so much
how a Ni x machi ne works, or how to patch home
grown code i nto a BBS program, or how the phone
network worked so we coul d wake some poor
J apanese woman up i n the mi ddl e of t he n i ght. The
bi g l esson was that i nformati on i s rea l l y powerfu l .
I nformati on i s s o powerfu l that on e k i d I grew
up wi th went to j ai l for i t. Yeah, we were mucki ng
about on a sensi t i ve gover nment system. We
admi tted that and we real i zed we were wrong.
After al l , curi os i ty k i l l ed the cat. But the focus was
not on thei r securi ty l apse, or our abi l i ty to get i nto
a system that a one-fi ngered bl i nd, deaf, and dumb
man coul d type hi s way i nto. Our l esson was that
we had pr i ntouts wal l paper i ng everyone' s bedroom
that contai ned i nformati on, and that thi s i nforma
t i on was power, and those i n power di d not want
us to have that i nformat i on. After a l l , t here were
vi rtual l y no hacki ng l aws at the ti me and as far
as phreaki ng we were l ooki ng at some charges of
theft. OK, fai r enough, everyone accepted that. So
why the strange focus on the i nformati on and not
so much on the l oss of phone company revenue?
Wel l , computers and tech nol ogy have changed
a l ot s i nce those days and so have the l aws. But I ' m
not s o s ure i f the l esson has. I sti l l bel i eve, more
than ever, that the real threat to "them" i s that
others have a des i re to know t hi ngs that they do
not want them to know. They are the gatekeepers
and we are the mi ndl ess sheep, I suppose. I real l y
do not know what t he reasoni ng i s except t o say
that the obvi ous answer i s power of some type.
Wel l , my publ i c educati on taught me that
peopl e s houl d cooperate and share i nformati on
freel y so t hat we can a l l benefi t, l ear n, and bui l d
upon i t for a better wor l d for a l l of us. Th i s cou l d
not be more of a l i e i f they t r i ed. Everyth i ng I was
taught was r ubbi s h. What they rea l l y meant to say,
as best as I can fi gure out, was that t he i nforma
t i on they want you to know shou l d be spread and
shared whi l st other i nformati on you s houl d not
even bother aski ng about and never shou l d you go
l ooki ng for i t on you r own accord. Because t hat i s
t he l esson we a l l l earned back then and i t seems
that i s sti l l the l esson we are l ear ni ng.
I supposed I gravi tated toward the hacki ng
subcul t ure ( can we cal l i t t hat ? ) because i n those
days the whol e envi ronment was to hel p newbi es.
I f you wanted to know somethi ng al l you had to
do was ask someone and they woul d di rect you
to the proper text phi l e, message board ( BBS), or
personal l y teach you themsel ves. I nformati on
fl oated around freel y ( provi ded you were part of
the group, whi ch i s i roni c I real i ze, but that was
for safety reasons from them busti ng everyone)
and i t was wonderfu l because you cou l d know
how t hi ngs worked and why they worked the
way they di d. You were no l onger i n thi s mi ndl ess
wor l d where t hi ngs j ust magi cal l y worked; you had
understandi ng of t hei r wor ki ng.
Now we have far better technol ogy and a way
smarter generat i on of hackers. The young hackers
of today are absol utel y bri l l i ant and t hey keep
that spi r i t a l i ve and goi ng, hel pi ng to c i rcumvent
oppressi ve technol ogi es, hel pi ng to spread i nfor
mati on to l i berate peopl e and feed t hei r want i ng
t o understand. And I hope t hi s tradi t i on conti nues
on for a very l ong ti me unti l peopl e rea l i ze that the
onl y way forward i s to hel p, share, and educate. But
today' s wor l d i s scary, I must admi t . Ci vi l r i ghts are
bei ng eroded, consumer ri ghts are bei ng attacked,
governments a l l over the wor l d are more restr i c
ti ve and suspi ci ous t han ever. Looki ng the wrong
way mi ght be enough to get you detai ned and
quest i oned. Wear i ng a 2600 s hi rt mi ght mean you
are a terror i st. And i f you are smart and know a l ot
about how ai r pl anes work, the software i nvol ved
and stuff l i ke that, that mi ght pl ace you on the Do
Not Fl y |i st forever.
The poi nt I am tryi ng to make here is that
"they" are defi n i tel y tryi ng to hol d us back. Even i n
Uni versi ty I fel t the tensi on of gett i ng too cl ose to
certai n i nformati on, and I thought Uni versi ty was
meant to be a free th i nki ng arena. Hackers wi l l
forever be persecuted si nce they refuse t o be mi nd
l ess sheep who are amazed by the "magi cal " tech
nol ogy; and I suppose that makes us the s uspect
by defaul t . I t i s an ol d bori ng sayi ng but true more
than ever: Knowl edge i s Power. And there i s a l ot
of power out t here tryi ng to stop you from gai n i ng
that knowl edge. But don ' t qu i t. Soci ety wi l l never
know or appreci ate the contri buti on hackers make
unti l that contri but i on stops. Then we are a l l i n
deep troubl e.
ViSiOn
ulumH Zl[0 +

by Donol i
Mr. D from Company A deci ded to create
a new company wi th a guy named Har ry.
Si nce Mr. D al ready owned a smal l bu i l di ng,
there was no probl em wi th offi ce space. I t
was easy t o set up a second offi ce separated
by a s i ngl e wal l . I manage the network for
Mr. D i n Company A. I t ' s a smal l networ k
wi th a Wi ndows 2000 Server and, at t he
most, 1 5 workstati ons runni ng Wi ndows
2000 Professi onal or XP Professi onal . The
enti re network i s wi red and uses stati c I P
addresses onl y. There i s n o wi rel ess router
and no DHCP runni ng at a l l . So, i f an asso
ci ate of the company shou l d ar r i ve wi th a
l aptop and wants to connect to the I nternet,
hi s computer must be gi ven an I P address on
the exi st i ng Cl ass C subnet. There is no other
way to connect. When the second company
was formed, Harry deci ded that he wanted to
use a wi rel ess network and al so deci ded that
he di dn' t want me to i nsta l l i t . He brought i n
hi s own peopl e t o make i t happen a t doubl e
the pr i ce.
Bot h Mr. D and Harry deci ded that a
connect i on was needed between the two
networks for payrol l purposes, so they had
Har ry' s guy i nsta l l two wi rel ess networ k
car ds i n two of the PCs i n Company A' s
system. Al l was fi ne wi th the systems and
sti l l fai r l y secure si nce WEP was enabl ed.
What was n' t fi ne was t hat Mr. D never real l y
trusted Har ry and t he di strust grew as t i me
went on, so much so that Mr. D thought
that Harry had a t roj an horse run n i ng on
Company A' s system and maybe even had
bugged the tel ephone system. That ' s when
he deci ded to cal l me. So I went there and
checked the l ogs for Trend Mi cro' s C1 i en
Server Su i te whi ch is great for sma l l busI
nesses. I di dn' t see anythi ng there. Next,
I ran netstat -an to see i f t here were any
u nwanted connect i ons i n the forei gn address
col umn of the output. The onl y t hi ng I saw
was the I P addresses of each of the networ k
cards, one wi red and one wi rel ess. Nei ther
of them had any suspi ci ous connect i ons to
the outs i de worl d.
I t hen opened t he browser and connected
to the web i nterface of the wi rel ess router
i n Har ry' s offi ce. I was greeted wi th a l ogi n
e Buffal o
Wi rel ess Router
di al og box aski ng for my user name and
password. Not knowi ng what router i t was,
I t r i ed usi ng admi n as the user name or the
password, whi ch D L i nk and L i nksys use
respect i vel y. None of that worked. At that
poi nt, I don ' t remember i f I cl i cked cancel or
i f I was automati ca l l y redi rected to anot her
page that sai d " The user l ogi n name i s ' root. ' "
Oh real l y? I t i s ? Thank you very much for
that i nformat i on. You are too ki nd. It was
root and wi thout a password. What cou l d
be better ? The i nterface page opened and I
i mmedi atel y went to DHCP where I saw a
l i st of connected computers by I P address
al ong wi th the name of the user. One by one,
I opened a r un box and ran \ \ 1 9 2 . 1 6 8 . 1 . XXX.
Most of the C: dr i ves were shared al though
not everythi ng on each dr i ve was acces
s i bl e. I went though a l l I cou l d l ooki ng for
Data Gone Wi l d that was worryi ng Mr. D.
There was noth i ng that di dn' t bel ong there.
I ass umed i t was moved to Syri a al ong wi th
the Weapons of Mass Destructi on to av
?
i d
detecti on. Fi nal l y, I cl i cked on I ntrUSi on
Detector. I t took me t o t he next page whi ch
sai d " No detect i ons fou nd yet . " What ? ? No
detect i ons? ? What about t he fai l ed l ogi n
attempts that I made wi th admi n as a user
name and/or password? Don ' t they count as
an i nt r usi on or do I have to br eak down t he
entrance door wi th an ax fi rst? I c l i cked the
"cl ear l og" j ust i n case but i t probabl y wasn ' t
needed.
Now we a l l know that secur i ty is usual l y
an afterthought but at l east t he admi n had
WEP enabl ed. Of course, he shoul d have
had the router password protected and the
workstat i ons shou l dn' t have had a l l those
shared fi l es. The probl em i s that admi ni stra
tors somet i mes don ' t l ook at secur i ty from
the i nsi de, where I was. The fact that the
Buffal o Ai r Stati on actual l y gave me the user
name i s not the admi n ' s fau l t . The fact that
i t di dn' t count my fai l ed l ogi n attempts as
an i ntrusi on i s not the admi n ' s faul t ei t her.
Those are thi ngs that came wi th the router.
How does a l l that hel p you ? If you are an
admi n, now you know what do. I f you j ust
l i ke to l ook for unsecured wi rel ess connec
ti ons on http : / /www. wifaps . com/ . then you
know what to do too.
l[
0 + Z%
[
ZH0
The Thrill O ustom
Caller ID
by krt
Custom Cal l er I f i nformati on presents
appl i cati ons not otherwi se poss i bl e i n a
mu l t i - l i ne wor l d. You wi l l fi nd that your tel e
phone presence becomes hi ghl y avai l abl e
and under your control .
Do you al ready have t he abi l i ty to
customi ze your Cal l er l |i nformat i on? If you
don ' t, you wi l l fi nd that i t i s tri vi al and i nex
pensi ve to do. Di fferent tel ephone ci rcui ts
requi re di fferent methods. I nformati on that
appl i es to customi zi ng Cal l er l | on Voi ce
over I P tel ephone ci rcu i ts does not neces
sari l y appl y to the same task on an anal og
tel ephone ci rcui t .
Th i s arti cl e does not appl y t o spoofi ng t he
ANI i nformati on uti l i zed by tol l -free servi ces
such as g l 1 , 41 1 , and 800 numbers and
does nol i mpl y or suggest I hal you go about
mucki ng i n those systems.
I l l ega l uses exi st for al l technol ogi es. Be
carefu l i f you try any of the acti vi ti es i n t hi s
art i cl e. Look up your l oca l l aws and, most
i mportant l y, be aware of what you ' re doi ng.
You mi ght fi nd t hat what you t hought was
l egal has become a l i fet i me j a i l sentence
as of the new year. fo your part to prevent
overcrowded j ai l s by sl ayi ng out of tbem.
Si ngl e Number Presence
Usi ng Two Ci rcui ts
Th i s is cal l routi ng to save on tol l s and
provi de tel epbone subscr i ber access i n l ow
to no cel l ul ar coverage areas. Two year
contracts don ' t sound s o good when you
real i ze that the cancel l at i on cost i s more t ban
the cost del ta on that fancy Rai s i n phone at
the mal l . Mat h i s hard, l et ' s go shoppi ng!
Th i s appl i cati on can be used t o handl e
cal l routi ng for economi cal purposes. Th i s
cou l d i ncl ude taki ng cal l s on your no extra
cost tel ephone ci rcui t dur i ng the day and
on your no extra cost ni ght t i me cel l phone
mi nutes.
I f you use t hi s cal l forwardi ng tri ck the
other way around you can di sgui se your
cel l phone number. You can ass ure your
tel ephone networ k presence and mai n
tai n di scret i on wi th regards to your actual
l ocat i on.
Thi s appl i cati on uses some of the same
concepts i nvol ved wi th Networ k Address
Trans l at i on, Load Bal anci ng/Hi gh Avai l -
abi l i ty of an I P Address, a n d Packet Routi ng
i n the I P networ ki ng wor l d.
Required:
A telephone circuit with customizahle
Caller //information.
A cell phone that can forward t o a tC'le
phone circuit.
Cive yourself at least one hour to tesl it
all properly.
I n essence t hi s i s a s i mpl e set of tasks to
obtai n a fa i r l y decent method of tol l avoi d
ance and potent i al l y ca l l qual i ty. I n rea l i ty
i t can be a chore to remember if someth i ng
is forwarded or not and then ver i fyi ng i t.
Thi s appl i cati on keeps i t to a s i ngl e poi nt for
control l i ng ca l l forwar di ng.
You mi ght want to l ook i nto the dul o
mat i on of cal l forwardi ng wi t h features l i ke
rol l -to- home or even a s i mpl e schedu l er that
your cel l phone mi ght have
.
Ca l l forwardi ng
genera l l y occurs on t he swi tch si de and as
s uch you have t o make s ure that t he swi tch
actual l y recei ved and executed your ca l l
forwardi ng request.
I f you send out cal l forwa rdi ng request
i n a had coverage spot, ver i fy that your ca l l s
are for warded correct l y. You mi ght want to
set forwa rdi ng i n a good coverage spot, sll ch
as at wor k j ust before you l eave for home.
Set your tel ephone ci rcu i t ' s deiaul t/voi ce
ma i l forward t o your cel l phone's voi ce
ma i l box so that you don ' t mi ss any i mpor
tant messages.
When you ' re at home: For ward your
cel l u l ar phone t o you r tel ephone ci rcu i t. Al l
i nbound ca l l s wi l l be recei ved on vour tel e-
phone ci rcu i t.
'
When you' re on the road: Di sabl e the
cal l forwardi ng us i ng your cel l phone. Al l
i nbound cal l s wi l l be recei ved on your cel l
phone.
I n a forwarded or non forwarded state:
When you di al out from ei t her your tel e
phone ci rcui t or cel l phone you mai ntai n
a s i ngl e number presence. Keep your tel e
phone ci rcui t ' s n umber hi dden so that you
encourage the usage of a s i ngl e number.
I nstant Voicemail Access
Quickie: Hol d 1 on any cel l phone to
access that cel l phone' s voi ce mai l box.
Hopefu l l y you ' re presented wi th a password
i f i t ' s you r phone.
ulumH Zl0 +Y
Required:
A telephone circuit that can display your
cell phone' s Caller ID information.
A voice mailbox that authenticates via
Caller ID and has no password.
Give yourself about thirty minutes to set
it up and test it.
Thi s appl i cati on is easy to do. Di al your
cel l number from a tel ephone ci rcui t that
di spl ays your cel l phone' s i nformati on vi a
Cal l er 1 0. The voi cemai l system wi l l recog
ni ze you and grant access .
Th i s goes hand i n hand wi t h the fi rst appl i
cati on ( si ngl e number presence) . I t provi des
access to a voi ce mai l box that both l i nes
can share. Set your defaul t cal l forwardi ng
on your tel ephone ci rcui t as menti oned.
You shou l d fi nd that your access method i s
rel ati vel y t he s ame and qui ck from your tel e
phone ci rcui t and cel l phone.
You mi ght fi nd that your phone does n' t
support hol di ng down t he 1 button for voi ce
mai l access, especi al l y i f i t ' s a regul ar cord
l ess u n i t. You can set a speed di al button
on your phone to get arou nd that. I suggest
not mappi ng the speed di al button to the
1 button. You wi l l end up wi t h two di st i nct
associ at i ve brai n pathways for these very
repeti ti ve tasks.
You can al so use th i s wi t h a password
but that ' s j ust not as fun now i s i t fol ks ?
Who wants t o be t hat secur e? Consi der these
quest i ons carefu l l y pl ease. I f someone cou l d
keep t hi s t o the r i ght si de of the el ecti ons
when i t' s u ncovered, t hat ' d be swel l .
Si ngl e Data Presence Usi ng Two Ci rcui ts
Required:
A data service that authenticates via
Caller ID information.
Methods:
A telephone line that can display the
correct Caller // information that is asso
ciated with your billing and subscriber
Securi "Q Your
by bl tl Ock
information.
A program that can announce your cell
phone number as its own that works with
your service carrier's gateways.
A compatible service gateway that
authenticates via Caller ID and bills t o the
subscriber identifed by Caller //.
Th i s is s i mi l ar to the fi rst appl i cat i on. You
mi ght use t hi s to i ns ure that you have better
access to your data servi ces. If your data
servi ce does not feature forwardi ng then you
wi l l be l i mi ted to a s i ngl e poi nt for recep
t i on of data servi ces. You wi l l sti l l be abl e to
send from both ci rcu i ts. Th i s cou l d hel p you
i f your cel l phone is di ffi cu l t to type on and
you send data messages frequent l y.
Common Services: Short Messaging
Service aka SMS, texting, text messaging;
Multimedia Messaging Service, aka MMS,
picture mail, media mail
You can usual l y fi nd SMS and MMS cl i ents
for your computer. The cl i ent software can
be found fai r l y eas i l y i n open sou rce, share
ware, and commerci al for ms. Confi gure t he
software such that your sendi ng i nformati on
matches your tel ephone presence phone
number. Si nce th i s technol ogy changes
rapi dl y, I l eave i t up to you to di scover the
myri ad of tool s avai l abl e.
Other Ways
For most data servi ces you mi ght fi nd that
the provi der has an SMTP to data servi ce
gateway, such as an SMTP to SMS rel ay. Th i s
i s t he manual route. Us ual l y you can send
to your reci pi ent's phone number at a cl ever
emai l address, such as: 2 0 6 1 2 3 4 5 6 7 @ cellu
-larprovidermail . net.
You wi l l have to know the reci pi ent's
provi der and the part i cu l ar gateway's
protocol and access method. You shou l d be
abl e to del i ver a message wi th your sendi ng
i nformati on customi zed t o poi nt back to
your publ i c presence tel ephone number.
Th i s topi c came out of necess i ty at a recent
"networ k protocol anal yzer" ( aka s ni ffer) up
j ob I had. I needed t o securel y punch parts
on a networ k and start captur i ng packets, I
of my networ k traffi c t hrough the corporate
wou l d be abl e to vi ew a l l I nstant Messenger
fi rewal l to remotel y manage th i ngs outsi de
traffi c. Th i s traffi c woul d i ncl ude usernames
the company. Al so, I nstant Messenger traffi c
and passwords, al ong wi t h every message
has al ways been a concern for me.
you sent to your chat partner. The same
Fi rst, we' l l tal k about 1 M t raffi c. I di d not
goes for usi ng 1 M on your home broad-
want my user name and password fl oat i ng
band. Every t i me you si gn on t o AOL I nstant
l[0 Z%
[
ZH0
Messenger, or MSN, or Yahoo Messenger, SOCKS proxy of 1 2 7. 0. 0. 1 i nstead of l ocal -
or ( i nsert popu l ar chat program here) , your host), and the port shou l d be whatever you
username and password i s sent i n pl ai n text speci fi ed i n Step 5. I won ' t go i nto program
over the I nternet to the company/servi ce you detai l s as each program i s a l i tt l e di fferent.
are connecti ng to. Anyone cou l d very eas i l y There shou l d be opti ons i n t he program t o do
throw a s ni ffer up and capture packets for a th i s . AI I I M programs I ' ve used support proxy
few hours, then spend some t i me anal yzi ng usage, some better t han others however.
what they captured to wor k out how to i Chat, for exampl e, doesn ' t l i ke SOCKS
i mpersonate you vi a chat. . . . proxi es for some reason. I use Adi u m on the
I won ' t go on about why protecti ng your- Mac and Cai m on the Pc.
sel f i s i mportant, so on wi th i t . Step 9: Logi n to your chat program. I f i t
SSH stands for Secure Shel l . Read a l l works, great! Congrats, you are now more
about it at http : / /en . wikipedia . org/wiki/ secure t han you were before.
Secure_Shell. Wi ki pedi a does a good j ob To test out whether or not your chat
expl ai ni ng what SSH i s/does. I won ' t attempt program i s actual l y connected vi a the secure
to paraphrase. t unnel , you can di sconnect your SSH connec-
Step | . You need to be i nterested i n t hi s t i on and see i f your chat program l ogs you
topi c. We' l l assume you are, otherwi se you out ( l oses connecti vi ty) . I f i t does, then i t ' s
wou l dn' t be readi ng t hi s . safe t o say you are set up proper l y. I f you stay
Step 2. Set up!confi gure an SSH server on connected to your chat program and the SSH
a remote/home computer. I use the i ntegrated connecti on i s not runni ng, then you have an
SSH server on my Mac. No addi t i onal soft- i ssue somewhere - probabl y mi sconfi gured
ware needed. On a PC you ' l l need OpenSSH chat proxy sett i ngs.
or someth i ng s i mi l ar.
What El se Can You Do?
Step . I nsta l l SSH cl i ent software that Now that you have an SSH t unnel , you
wi l l connect to the SSH server you j ust set
can route any traffi c you ' d l i ke t hrough i t .
up. On a Mac SSH Tunnel Manager works
Use redi recti ons/forwardi ng i n the SSH
wel l . On a PC Tu nnel i er i s the best i n my
cl i ent software to route the t raffi c where you
opi ni on.
want i t t o go. I n Tunnel i er i t's cal l ed C2 S
Step 4: If you have a router i n pl ace,
Fwdi ng. I n SSH Tu nnel Manager, i t ' s cal l ed
forward port 22 to the I P address of you r SSH
Local Redi rect i ons and Remote Redi rec-
server. I f you don ' t, then ski p th i s step.
t i ons. Set up a proxy server on your remote
Step . Create a new connecti on/tunnel
server!computer and browse t he web us i ng
on your cl i ent computer t o the I nter net I P
your home broadband connect i on. You can
address of your SSH server. I won ' t go i nto
set a remote redi recti on for your POP/SMTP
detai l s on thi s step si nce each program i s a
traffi c and check your ema i l vi a Out l ook or
l i tt l e di fferent. I had t o get creati ve on the
whatever mai l program you ' d l i ke. Set a l ocal
actual ports bei ng used to tunnel out of the
redi rect i on on port 5900 and you can VNC
corporate fi rewa l l . Fi nd an open port and
i nto any computer on your home networ k.
use i t. J ust make s ure to forward a l l traffi c on
Agai n, to test out whether or not your traffi c
that port to port 22 on the server you set up
i s t ravel i ng through the SSH tunnel , s i mpl y
i n Step 2. Hint: I f you can us e your 1 M cl i ent
di sconnect the SSH connecti on and t ry the
wi thout a proxy, you can tunnel your traffi c
connecti on. I f i t connects, someth i ng i sn ' t
over port 5 1 90. confi gured proper l y. I f i t does not connect,
Step 6: The next part is an i mportant part.
i t' s safe to say everyth i ng i s worki ng as
After you set the detai l s of the connecti on/
i ntended.
tunnel , fi nd the sect i on of the software that Oh, one more thi ng . . . . I f you do th i s on
al l ows you t o create a SOCKS proxy. I t can
your work computer and your I T department
be SOCKS4 or SOCKS5 . On the Mac I j ust
fi nds out what you ' re doi ng, they wi l l l i kel y
put a checkmark i n the box t o enabl e t he
be l ess t han pl eased. My advi ce i s t o make
SOCKS4 proxy and gi ve it a port to ru n on
fr i ends wi t h your I T support peopl e ( desksi de
( you can l eave i t set t o defaul t too) .
techni ci ans, networ k admi ns) . I can al most
Step 7: Connect to your SSH server,
guarantee each of them is doi ng t hi s al ready.
authenti cate, done. Be happy that you
Be thei r fr i end and they may even set t hi s
now have a fai r l y secure tu nnel from your
up for you, or tel l you what port t o use. I f
computer t o your server across the I nternet.
you are rude to them, prepare to be reported
Step o.Th i s is another i mportant step. You
to management for breaki ng company
need to confi gure your chat program to use
gui del i nes.
the SOCKS proxy you j ust set up. The SOCKS Oh, one fi nal note . . . . Usual di s cl ai mers
proxy server shou l d be 1 2 7. 0. 0. 1 , or l oca l - appl y. Don ' t break the l aw, etc.
host (on a Mac I ' ve found you must use the
Happy trai l s ( or l ack thereof) .
ulumH Zl
[
0 o
I s fi ndi ng an open wi rel ess networ k i n
t he i nvi tati on of a networ k t o j oi n. Not onl y
your nei ghborhood and sett i ng up a NAT
is it decl ar i ng " Here I am, connect to me, "
connecti on to di rect a l l your t raffi c t hrough
i t' s gi vi ng out I P addresses when you do so.
i t i nstead of order i ng cabl e modem servi ce
Dependi ng on the cl i ent-si de confi gurati on,
steal i ng a connecti on? I s us i ng the connec-
no acti ve part i ci pati on i s even requi red;
t i on at a coffee shop wi thout buyi ng a cup
Most systems wi l l automati cal l y connect
of coffee i l l ega l ? I s checki ng your ema i l from
to any networ k i n the prefer red networ k
a random open networ k i l l ega l ? I s us i ng a
l i st, and many open access poi nts share
networ k expl i ci t l y desi gned as publ i c after
common factory defaul t names l i ke " I i n ksys"
busi ness hours l i kel y to get you ar rested? and "defau l t . " Systems wi th automati c OS
I f you ' ve been readi ng the news l atel y,
updates wi l l typi cal l y downl oad updates
the answers wou l d " Yes, " " Yes, " " Yes, " and
( as t o be expected when connected t o a
perhaps s urpr i si ngl y, " Yes" - dependi ng on
network) , meani ng i t ' s possi bl e t o not onl y
where you l i ve! After war ni ngs about open
connect to, but begi n us i ng the resources of
networks in tech news for years, it seems the
an open networ k uni ntenti onal l y.
mai nstream medi a ( and l aw enforcement) Accessi ng a wi rel ess networ k wi thout
i s begi n n i ng to take an i nterest i n wi rel ess
the permi ssi on of the owner, even when
networks. Hal f a dozen cases rangi ng from
the networ k i s "open, " typi cal l y fal l s under
l ocal news to hi gh-profi l e data theft have
computer trespass i ng l aws. From the exi st i ng
made headl i nes i n recent months wi t h penal -
cases, t he charges are fi l ed under l ocal ( state
ti es rangi ng from fi nes to fel on i es.
or county) l aws rather t han federal . The exact
Open wi rel ess networks are a cur i ous
charge depends on the regi on. However, the
i ntersect i on of moral i ty and l ega l i ty. Li vi ng
Federal Computer Fraud and Abuse Act ( 1 8
i n a country where broadband access i s
U. S. c. 1 03 0) makes unauthori zed access
not metered by usage ( un l i ke other regi ons
or exceedi ng aut hori zed access wi th the
where i t may be charged per ki l obyte
i ntent to defraud on a computer or networ k
monthl y, presenti ng a very real cost t o t he
a cr i me. Whi l e t he Feds are general l y u n i n
owner of a network) and, payi ng for a broad-
terested i n "sma l l " cases ( l ess than $ 1 00, 000
band connecti on al ready, I personal l y t hi n k
i n damages), many states have copi ed the
i t's di ffi cul t to fi nd a moral argument agai nst
CFAA for thei r own l aws.
ut i l i zi ng open wi rel ess networ ks, at l east i n
I n 2 006 a man i n I l l i noi s was charged
moderat i on. Whi l e saturat i ng someone el se's wi t h, and pl ed gui l ty to, " unauthori zed
networ k or us i ng i t to anonymi ze i l l egal
computer access" and pai d a $250 fi ne for
act i vi ty obvi ousl y crosses t he l i ne, use of an
us i ng an open access poi nt from hi s car. The
open networ k wou l d seem to be i n l i ne wi t h
prosecut i ng attorney ci ted poss i bl e puni sh
the owner's deci si on to l eave i t open. Unfor-
ments of up to a year i n j ai l for the use of
t unatel y, it can be di ffi cul t to tel l i f the user
an opened access poi nt . A s i mi l ar ar rest was
i ntent i onal l y l eft t he networ k open or s i mpl y
made i n 2 005 i n Fl ori da, when a man was
di dn ' t bother to read the manual that came
arrested and charged wi t h a t hi rd-degree
wi th t he access poi nt - and the l aw typi cal l y
fel ony, carryi ng a potenti a l $ 1 0, 000 fi ne and
comes down on the si de of protecti ng t he
fi ve years of j ai l t i me. I n both of these ar rests,
owner.
no ment i on was made of what acti vi ty was
When an access poi nt i s "open, " i t adver-
taki ng pl ace on the networ k.
t i ses the ESS I D ( networ k name) several ti mes
Further confUSi ng matters, not every
a second (ten by defau l t) , requi res no WEP
state woul d consi der such use i l l ega l . For
or WPA key, and provi des DHCP. Regardl ess
exampl e, New Hamps hi re' s RSA: 638: 1 7
of t he owner's i ntent i ons, thi s si gni fi cantl y
a l l ows an u nauthori zed user three affi rma
bl urs t he l i nes between attacki ng a networ k
ti ve defenses: t hey reasonabl y bel i eved t hey
to gai n unauthori zed access, and accept i ng
had authori zati on, woul d get free access i f
l
[
C oZ
Z%
[
ZHC
asked, or had no way of knowi ng that the the Computer Mi suse Act. For those more
access was unauthori zed. If any of these are fami l i ar wi th Ameri can styl e l egal documents,
proven, the user wi l l be found not gui l ty of the Computer Mi suse Act, wr i tten in 1 990, i s
t he cr i me. s urpr i si ngl y di rect and, whi l e predati ng wi re-
I n 2 006 two men were arrested in a h i gh l ess networks, i t i ncl udes provi si ons agai nst
profi l e case i n Mi chi gan i nvol vi ng hacki ng both the use of a computer to gai n unau
of t he Lowes wi rel ess network t o obtai n thori zed access and the us e of unauthor i zed
credi t card numbers. Un l i ke the previ ous access t o commi t further cr i mes. Vi ol ati ons
exampl es, thi s ar rest was unequi vocabl y of t he Computer Mi suse Act can carry a s i x
j usti fi abl e ( i f, of course, they are gui l ty of month j ai l sentence pl us fi nes. The Computer
the charges) . Thi s case i nvol ved the del i b- Mi suse Act expl i ci t l y states that it may appl y
erate penetrati on of the Lowes corporate to non- ci t i zens as wel l . The Communi cati ons
network and the i nstal l ati on of spyware to Act, an i mmense document dea l i ng wi th the
moni tor Poi nt of Sal e termi nal s . However, i n regu l ati ons of OFCOM and tel ecommuni ca
May 2 007, a Mi ch i gan man was arrested for ti ons i n general , contai ns s i mi l ar l aws, and
usi ng a publ i c hotspot i n a coffee shop from recent amendments rai se the potenti al fi nes
hi s truck and charged wi th fel ony fraudu- t o 50, 000.
l ent access t o a computer network wi th a ( 1 ) A person is guilty of an offence if
poss i bl e fi ve year sentence and $ 1 0, 000 i n (a) h e causes a computer to perform any
fi nes. I n th i s case the man was not usi ng a function with intent to secure access to any
network whi ch the owners di d not i ntend program or data held in any computer;
to be publ i c. He was us i ng a network the (b) the access he intends to secure is
owners di dn' t i ntend to be publ i c for hi m at unauthorised; and
that t i me, a di st i ncti on much harder to make (c) he knows at the time when he causes
( and as a user of networks, to determi ne if i t t he computer t o perform t he function that
appl i es t o you) . that is the case.
The Mi chi gan l aws he i s charged under (2) The intent a person has to have to
refer to someone who wou l d "access or cause commit an offence under this section need
access to be made to a computer program, not be directed at
computer, computer system, or computer (a) any particular program or data;
network to acqu i re, al ter, damage, del ete, or (b) a program or data of any particular
destroy property or otherwi se use the servi ce kind; or
of a computer program, computer, computer (c)a program or data held in any partic-
system, or computer networ k. " ular computer.
Despi te bei ng adverti sed as an open Anyone who dishonestly obtains an elec-
hotspot network and despi te the owner bei ng tronic communications service and intends
unaware of hi s use of the network, an offi cer to avoid paying for that service is guilty of an
deter mi ned that usi ng the networ k from a car ofence under section 1 25. A person found
i nstead of i nsi de the coffee shop consti tuted guilty of the offence will be liable to a fine
u nauthori zed access. I n an i ntervi ew wi th or imprisonment, or both. Under subsection
newspapers, the man stated he was checki ng (2), i t is not an offence under this section to
hi s emai l s i nce he knew the cafe had a publ i c obtain a service mentioned i n section 297( 1 )
network. Ul ti matel y the fel ony charge was of the Copyright, Designs and Ptents Act
dropped and the man pai d a $400 fi ne and 1 988. This section replaces section 42 of
served 40 hours of commun i ty servi ce. t he Telecommunications Act 1 984 which is
I n s i mi l ar cases, a Wash i ngton man was repealed by Schedule 1 9.
arrested i n 2006 for use of a coffee shop's Of addi t i onal si gni fi cant i nterest:
wi rel ess network from hi s car wi thout maki ng 302. I t is an offence under subsection
a purchase after coffee shop owners cal l ed ( 1 ) for a person to have in his possession or
the pol i ce and an Al aska man was arrested under his control anything, including data,
for us i ng the wi rel ess network i nstal l ed which may be used for or in connection with
i n the publ i c l i brary after hours from the obtaining an electronic communications
parki ng l ot. service with the intent to use the thing or to
Th i nk the l aws agai nst us i ng publ i c allow i t to be used to obtain, or for a purpose
networks affect onl y the Un i ted States? Th i nk connected with the obtaining of an elec
agai n. I n 2005 a London man was arrested tronic communications service dishonestly
and fi ned 500 for usi ng an open network The recent ar rests pertai n i ng to use of
and i n August 2 007 a man i n Chi swi ck was open wi rel ess networks have not made
arrested whi l e usi ng an open access poi nt menti on of secti on 302 however, l i ke
wh i l e outdoors. Both men were charged wi th recentl y passed l aws i n Germany bann i ng
offenses under the Communi cati ons Act and the use or possess i on of tool s wh i ch mi ght
ulumH Z
l
[
0 oJ
s purposes, sect i on may
present a si gn i fi cant probl em.
Obvi ous l y every si t uat i on menti oned
here i s di fferent - some occurred l ate at ni ght,
cast i ng a suspi ci ous ai r regardl ess of poss i bl e
i ntent i ons. Other cases wou l d appear t o be
perfect l y l egi t i mate uses of open networks.
Al l that can be sai d i s to beware us i ng open
wi rel ess networks and be s ure the owners
don ' t mi nd you doi ng so. And buy a cup of
coffee i f you ' re goi ng to use the networ k at
the shop down the road. They' re doi ng you
the favor of gett i ng onl i ne.
References
Fraudulent Access to Computer Systems
Act, Mi ch i gan, USA:
http : / /www. legislature . ri . gov/ ( S ( l 0 1 2
-dymlulehlrfw14cruj 5 5 ) ) /rileg . aspx?page
-=getObj ect&obj ectNare=mcl - 7 5 2 - 7 9 5
New Hampshire Ttle LXII Criminal Code,
New Hampsh i re, USA:
http : / /www. gencourt . state .
-nh . us /rsa/html /LXI I / 6 3 8 / 6 3 8 - 1 7 . htm
Communications Act of 2||, Un i ted
Ki ngdom:
http : / /www. opsi . gov . uk/ s i/ s i2 0 0 6 / 2 0 0 6 1
-0 3 2 . htm
http : / /www . opsi . gov . uk/acts / en2 0 0 3 /
-2 0 0 3en2 1 . htm
Computer Misuse Act of l VV|, Uni ted
Ki ngdom:
http : / /www . opsi . gov . uk/acts/ acts 1 9 9 0 /
-Ukpga_1 9 9 0 0 0 1 8_en_l . htm
by MS3FGX
ware cur rent l y supports) i nto a Wi Fi AP
MS3FGX@gmai l . com
for your OS and Wi i systems. The probl em
The Ni ntendo Wi Fi USB Connector
i s, those are the onl y devi ces the Wi Fi
(wh i ch from now on I wi l l si mpl y refer t o as
Connector wi l l wor k wi t h. Ni ntendo' s sof
the Wi Fi Connector) i s a product rel eased
ware makes i t so that any devi ce connect i ng
by Ni ntendo i n 2005 for use wi t h thei r
to the AP needs to go t hrough i ts propr i etary
OS handhel d, and more recent l y thei r Wi i
authenti cati on system.
consol e. The Wi Fi Connector i s desi gned
Wou l dn' t i t be ni ce to have a soft AP l i ke
as an al ternati ve to standard Wi Fi networks
that whi ch works wi th a l l your other Wi Fi
(wh i ch both t he OS and Wi i use t o access
devi ces? Or perhaps you want a decent USB
t he I nternet for var i ous functi ons) , wi t h the
Wi Fi adapter that you can use under Li nux
i ntended advantages bei ng automated setup
wi th nati ve dr i vers? Lucki l y for us, we can do
and secur i ty. I t i s avai l abl e i n most el ec-
a l l of that and more wi th the Wi Fi Connector.
t roni cs and game stores, and current l y costs
I t j ust takes a bi t of hacki ng.
$35 to $40.
Wi ndows
Hardware wi se, the Wi Fi Connector i s
By fol l owi ng these steps you wi l l be abl e
s i mpl y a rebranded Buffal o WLI - U2- KG54-AI
to do two very i mportant th i ngs wi th your
adapter. Th i s devi ce was most l i kel y chosen
Wi Fi Connector, two t hi ngs whi ch shou l d
due t o t he fact that i t uses t he USB versi on
never have been l i mi ted i n the fi rst pl ace.
of the RT2 500 chi pset (a l so known as the
Fi rst, you wi l l be abl e to use the Wi Fi
RT2 5 70) , one of t he few ch i psets t hat can be
Connector as a standard Wi Fi adapter,
used as a softwa re AP under Wi ndows. The
al l owi ng you to con nect to exi st i ng wi rel ess
software i tsel f on the other hand i s tota l l y
networks, ru n NetStumbl er, and s o on. More
propr i eta ry to Ni ntendo, i ncl udi ng the
i mporta nt l y, you can unl ock the soft AP func
aut hent i cat i on method used.
t i on of the Wi Fi Connector to work wi th any
So that ' s very i nterest i ng and al l , but
Wi Fi devi ce, not j ust Ni ntendo' s .
what does i t real l y mean? Basi cal l y, t he Wi Fi
Accompl i s hi ng t hi s wi l l requi re two sepa
Connector al l ows you to turn your Wi ndows
rate hacks, one bu i l di ng on top of the other.
XP computer ( the onl y OS Ni ntendo' s soft-
We wi l l fi rst modi fy the or i gi nal Buffal o WLI -
l
[
0 o+

Z%
[
ZH0
U2- KGS4-AI dr i vers to work wi th the Wi Fi
Connector, and t hen hex edi t the confi gu
rat i on software from a di fferent USB Wi Fi
adapter ( but one wi th the same chi pset)
whi ch wi l l gi ve us more control over the
devi ce t han Wi ndows al one al l ows.
Before begi nni ng, I shou l d note that t hi s
i s onl y tested and confi rmed t o work on
Wi ndows XP, and wi l l probabl y work on
Wi ndows 2 000 as wel l . Unfortunatel y, I
have no i dea if th i s wi l l work on Vi sta, and
have no way t o test i t mysel f. I wou l d be very
i nterested i n hear i ng from anyone who t r i es
t hi s on Vi sta, worki ng or not.
Driver Modifi cation
To get started, downl oad the dr i vers from
the Buffal o s i te:
http : / /www. buffalotec h . com/ support/
-getflel ? U2KG5 4 1 - 0 1 - 0 2 - 0 0 0 2 . zip
Extract the w:n2 0 0 0 di rectory fr om the
archi ve onto your computer and open i t up.
I nsi de you wi l l see the fi l e NETU2G5 4 . INF,
whi ch i s what we need to modi fy for the
dr i vers to appl y to the Wi Fi Connector.
Make s ure to remove the read-onl y protec
t i on on th i s fi l e, then open i t i n Notepad.
Fai r l y cl ose t o t he top of t he fi l e you wi l l see
a sect i on wi t h the headi ng, [ Adapters ] . Th i s
i s t he l i st of devi ce I Ds that Wi ndows uses
to determi ne what hardware the dr i ver wi l l
work wi t h.
We need t o change the devi ce | that
i s l i sted here to match that of the Wi Fi
Connector. To do t hi s, s i mpl y del ete t he
exi st i ng devi ce | from t he top l i ne USB\
VID_0 4 1 1 &PID_0 05E and repl ace i t wi th
USB\VID 0 4 1 1 &PI D 0 0 8B.
Afer
-
you havo changed the devi ce |,
save the fi l e and cl ose i t .
You can now proceed wi t h the i nstal l a
t i on of the modi fi ed dr i ver. I f you al ready had
the offi ci al Ni ntendo software and dr i vers
i nstal l ed on your mach i ne, make s ure these
are compl etel y removed before conti n u i ng.
Pl ug the Wi Fi Connector i nto t he
computer. When the Found New Hardware
Wiz ard starts, sel ect Install from a list
or a specifc location ( Advanced ) . Then
tel l i t to search for the dr i ver i n the di rec
tory where the modi fi ed NETU2G5 4 . INF fi l e i s
l ocated and cl i ck Next.
After the i nstal l at i on, you shou l d see an
i con i n your system tray i ndi cati ng that a
new wi rel ess devi ce has been i nstal l ed but
not confi gu red ( i t wi l l l ook l i ke a computer
wi th waves comi ng out and a red X)
.
If you di dn' t get any errors, your Wi Fi
Connector i s now recogni zed as a Buffal o
WL/ - U2- KGS4-AI by Wi ndows. You can now
use it as you wou l d any other Wi Fi adapter.
But what fu n is that? Let ' s move al ong and
get i t worki ng as a soft AP.
Software Modificati on
Si nce Wi ndows onl y i ncl udes very bas i c
Wi Fi confi gurati on ut i l i t i es, we need t o go out
and fi nd our own t o confi gu re a soft AP. To do
thi s we wi l l hex edi t the software for another
devi ce ( the ASUS WL- 1 67g) whi ch uses the
same chi pset as the Wi Fi Connector.
The software we need can be l ocated at:
http : / / d l s vr0 1 . as u s . com/ pub / ASUS /
-wireless /WL- 1 6 7 g/Utility 2 9 3 3 . z ip
Downl oad the arch i ve, ex'ract i t, and ru n
setup . exe to start the i nsta l l er. But don ' t try
to start i t once i t i s i nstal l ed. You wi l l onl y
get errors about no su i tabl e devi ces bei ng
found.
To modi fy the software, you ar e goi ng
t o need t o us e a hex edi tor t o once agai n
change t he devi ce | from t he i ntended
hardware to that of the Wi Fi Connector.
You wi l l need a hex edi tor that has a good
repl ace functi on, or el se t hi s is goi ng to be a
very tedi ous modi fi cat i on . Speci fi cal l y, you
want one that i s abl e to retai n the str i ngs you
want to repl ace after you have saved and
opened another fi l e.
I wou l d suggest XVI 32 i f you don ' t al ready
have a hex edi tor you are comfortabl e wi th.
I t ' s sma l l , free, and i ts robust repl ace func
t i on makes the fol l owi ng modi fi cati ons a
breeze.
Us i ng you r hex edi tor, navi gate to where
the ASUS Ut i l i ti es are i nstal l ed, wh i ch by
defaul t wi l l be:
C : \Program Files \ASUS\WLAN Card utili
ties\
I nsi de of t hi s di rectory there are seven
fi l es you need to modi fy to get the software
to recogn i ze the Wi Fi Connector. They are:
AsAuthen . dll
Center . exe
Mobile . exe
StMonitor . exe
TShoot . exe
Wireless . exe
Wizard . exe
The modi fi cati on is exact l y the same for
each fi l e, so once you get i nto the rhythm of
i t, you shou l d be abl e to bl ow through them
pretty qu i ck.
Open the fi rst fi l e ( i t does n' t matter whi ch
order you do t hem i n) i n your hex edi tor
and repl ace a l l occurrences of USB\VID_
OB05&PID 1 7 0 6 wi th USB\VID 0 4 1 1 &PI D 0 0 8B.
After pl aci ng al l of the nstances n that
fi l e, save i t and open the next one. Each fi l e
shou l d have at l east one occurrence i n i t , so
i f your edi tor is sayi ng that noth i ng has been
repl aced, doubl e check that you have the
proper devi ce I Ds typed i n .
After a l l of t h e fi l es have been hex edi ted,
there i s sti l l one more step you must perform
ulumH Zl
[0 oo
before you can r un the software.
Open up My Computer and navi gate to the
fol l owi ng di rectory:
C : \Program Files \ASUS\WLAN Card
Utilities\Driver\winXP\AP\
I nsi de th i s di rectory you shou l d see a fi l e
named rt2 5 0 0usb . sys . You need t o copy
thi s fi l e to:
C : \WINDOWS\ system3 2 \ drivers\
Wi ndows wi l l ask you i f you want to
overwnte the exi sti ng fi l e, cl i ck Yes .
Now make s ure the Wi Fi Connector
i s pl ugged i n and cl i ck on the ASUS WLAN
Control Center i con. You are probabl y goi ng
t o see a bunch of error and status messages
when you fi rst start I t up, but there i s onl y
one you need t o l ook at r i ght now.
There shoul d be a wi ndow named wire
less Option open. I n th i s wi ndow you need
to make s ure that opti on whi ch says Onl y
us e our WLAN utilities i s sel ected, and
t hen cl i ck OK. A wi zard wi l l now start, cl i ck
on Cancel t o cl ose i t , and then OK on the
message that wi l l res ul t.
The ASUS WLAN Card Settings wi ndow
shou l d now show the Buffal o WLI - U2-
KG54-AI al ong wi t h some i nformati on about
i t. I f you see thi s screen then the software
was modi fi ed correct l y.
Soft AP Configuration
Now that the Wi Fi Connector i s bei ng
detected by t he ASUS WLAN Uti l i t i es, we
can make the appropri ate adj ustments for i t
t o r un i n AP mode. The ASUS software makes
th i s very s i mpl e, and i t onl y takes a mi nute
or two to confi gure everythi ng.
Open the ASUS WLAN Control Center and
cl i ck on the Confg i con l ocated on the l eft
si de. On thi s new page you shou l d see a tab
on the top that says Soft AP. Cl i ck on i t.
Cl i ck the radi o button next to Soft AP
Mode to change the operat i ng mode of the
Wi Fi Connector. Under that you shou l d see a
di agram of a bas i c network, and a bi t farther
ASUS wLAHCrd5etnngs

Stalus

Config

About
Unk State

Sa:e Configuration

)
hMcel
elp
l
[
0 o
BIIC ,Erf'phon 50ftAP Access [ontrol j
SoftAP I STA Mode
.tation Mode
IACtd5eh

Status
Config

Survey
A",
Link State

Sae Configuration

QK
g 1ancel
y J:elp
Status Conntion I P Conlig ,
{O14] BUFFALO WLIU2KG54YB W"eless LN Adapter
AswClation State Not associated
SS|a
MAC<ddes 0OD:08:[4 D2-F3
cue0o|
Current Data Rate 11 Mbp
Radio Stale Radio On
down a box that says Available Network
Connections. Cl i ck on the devi ce that i s
cur rentl y connect i ng you t o t he I nter net ( i t
does n' t m

tter what thi s devi ce actual l y i s

s o l ong as I t can get onl i ne) and drag i t i nto
the box next to the Internet i con. Make s ure
that the box next to Enable ICS is checked.
Then c l i ck Apply.
After a moment you shoul d get a warni ng
about changi ng t he modes of t he adapter.
Cl i ck Yes. A few seconds l ater and you shou l d
get another wi ndow poppi ng up t o tel l you
that enabl i ng I CS may take a wh i l e. Cl i ck
OK agai n. Then wai t. L i ke the message sai d,
th i S can take a whi l e. You wi l l know t hat i t i s
fi n i shed when t he green Apply i con becomes
grayed out agai n. Once th i s happens, cl i ck
on t he Basic tab.
Here you are goi ng to set the SSI O and
channel for t he soft AP. I won ' t go i nto deta i l
here s i nce I am s ure we are a l l fami l i ar wi th
basi c Wi Fi confi gurati on opti ons l i ke these.
I al so wi l l assume I don ' t need to expl ai n
that r

n n l ng an open AP i s probabl y not a

good I dea. Take a l ook at the Encryption and
A
.
ccess
.
control tabs t o confi gure basi c secu
nty setti ngs.
After you have confi gured your soft AP
opti ons, cl i ck Apply, t hen OK. Your Wi Fi
Connector i s now run n i ng as a standard soft
AP. You ca
.
n connect any Wi Fi devi ce you
want to I t, I ncl

dl ng the OS and Wi i systems

that I t was ongl nal l y l i mi ted to.
li nux
Offi

i al l y, Ni ntendo offers no support at

a l l for L l nux ( shocki ng, I know) . But as previ
ousl y covered, the Wi Fi Connector i tsel f i s
not a speci al i zed pi ece of hardware i n the
fi rst
p
l ce, so l ucki l y we don ' t need any
speCi al i zed dnvers ei ther.
The Wi Fi Connector works perfect l y
usi ng the dr i vers from the rt2 xOO Open
Source Project 'http : / / rt2xO O . serial
-monkey . cor) , speci fi ca l l y the RT2 5 70
Z%
[
ZH0
branch of the project. The rt2xOO dr i vers are
pretty popu l ar, so there is a good chance
your di st r i but i on al ready i ncl udes them, or at
l east has them avai l abl e i n i t s reposi tory. But
i f not, the i nstal l ati on i s very s i mpl e; i f you
have ever compi l ed a Li nux appl i cati on from
source before, you shou l d have no probl ems
at al l gett i ng the dr i vers i nstal l ed.
The rt2xOO dri vers are qui te capabl e,
and the Wi Fi Connector proves to be a
decent pi ece of hardware. Mon i tor mode
i s supported, and i t works very wel l wi th
Ki smet us i ng a source defi ni t i on l i ke:
source=rt2 5 0 0 , rausbO , NiWiFi
I ron i cal l y though, the cur rent rt2xOO
dr i vers do not support Master mode, so
you can ' t use the Wi Fi Connector to actu
al l y share a connect i on out from your Li nux
mach i ne. Th i s feature shou l d be i ncl uded i n
t he fi nal versi on of the dri vers however.
Wh i l e it is di sappoi nt i ng you can ' t use
the Wi Fi Connector i n Master mode, there
is sti l l more to t he story. Much l i ke u nder
Wi ndows, us i ng the Wi Fi Connector as a
standard Wi Fi devi ce is the l east i nterest i ng
t hi ng you can do wi t h i t .
DS Wi rel ess Mul ti Boot
l' Wi rel ess Mu l t i Boot (WMB) i s the
method the Ni ntendo l' uses to downl oad
and execute offi ci al software from demo
ki osks, other l' systems, etc. Wi th modi
fi ed rt2xOO dr i vers, you can use the Wi Fi
Connector t o host these down l oads from
your Li nux computer.
The modi fi ed dri ver is wr i tten by masscat
and can be downl oaded from: http : / /
-masscat . afraid . org/ninds /rt2 5 7 0 . php
Keep in mi nd th i s proj ect is compl etel y
separate from the rt2 xOO Proj ect, so don ' t
s end t hem any quest i ons or bug reports when
runni ng thi s dr i ver. There i s al so a poss i bi l i ty
that the dr i ver wi l l break nor mal Wi Fi opera
ti on, but i n my personal exper i ence i t has
never been a probl em.
Unfort unatel y i t does have a rather nasty
tendency to di sabl e my keyboard when
I unpl ug the Wi Fi Connector, so I wou l d
suggest you fu l l y shut down the computer
before removi ng the devi ce.
To i nsta l l the modi fi ed dri ver you wi l l
need to have the kernel sou rce i nstal l ed on
your mach i ne, as wel l as a sane bui l d envi
ronment. There i s no confi gurati on requi red.
You s i mpl y need to extract the source, bui l d
t he ker nel modu l e, and then i nsta l l i t .
The fol l owi ng commands shou l d be a l l
you need t o get the modul e bui l t :
bash# bunzip2 nin_rt2 5 7 0 - 1 . 1 . 0-b2-
-2 0 0 6 0 8 1 1 . tar . bz 2
bash# tar xvf nin_rt2 5 7 0 - 1 . 1 . 0-b2-
-2 0 0 6 0 8 1 1 . tar
bash# cd . /nin_rt2 5 7 0 - 1 . 1 . 0-b2 /Modulel
bash# make
Ass umi ng you di dn' t get any errors dur i ng
t he bu i l d process, you can now copy the
modul e to the proper di rectory and then
update your modul e dependenci es so the
kernel wi l l recogn i ze i t. To do so, r un the
fol l owi ng commands as root:
bash# cp . /nin_rt2 5 7 0 . ko I lib/modules l
-' unare -r' /misc

T..aI

arm9 exe 02000850 , copy to 02000000 , size 000a57b8
arm7 exe 02380000 , copy to 02380000 , size 000279d4
Total size 000cd18c (840076)
man_log : Client 00 : 09 :bf : Od : 9b : b3 has been authenticated
ran_log : Cl ient OO :09 : bf :Od : 9b : b3 is now associated -- data exchange beginning shortly
wmb_data : Client 00 : 09 : bf : Od : 9b : b3 has been waiting 1 . 000000 seconds - begining download
wmb_data : Got hel lo reply
wmb_data : Name complete - cl ient is "MS3FGX
wrb_data : Got response to RSA
send_data : OOOOc2e8 out of OOOa57b8 (ARM9)
send_data : 000187c8 out of OOOa57b8 (ARM9)
send_data : 00024ca8 out of 000a57b8 (ARM9)
send_data : 00031188 out of 000a57b8 (ARM9)
send_data : 0003d668 out of 000a57b8 (ARM9)
send_data : 00049b48 out of 000a57b8 (ARMS)
send_data : 00056028 out of 000a57b8 (ARM9)
send_data : 00062508 out of 000a57b8 (ARMS)
send_data : 00068ge8 out of 000a57b8 (ARM9)
send_data : 0001aec8 out of 000a57b8 (ARM9)
send_data : 000873a8 out of 000a57b8 (ARM9)
send_data : 00093888 out of OOOa57b8 (ARM9)
send_data : 0009fd68 out of 000a57b8 (ARMS)
send_data : 00006a50 out of 000279d4 (ARM?)
send_data : 00012f30 out of 000279d4 (ARM7)
send_data : 0001f410 out of 000279d4 (ARt17)
data_ack : TRANSFER COMPLET for OO :09 : bf : Od :9b : b3
starter : Client OO :09 : bf : Od :9b :b3 is starting
man_log : Client 00 :09 : bf :Od : 9b :b3 has left
ulumH 2
l
[
0
bash# depmod -a
Once you have i nstal l ed the modi fi ed
dr i ver, pl ug i n t he Wi Fi Connector. You

an
veri fy the modul e has proper l y l oaded l i ke
so:
bash# lsmod grep nin_rt2 S 7 0
nin rt2 S 7 0 1 5 7 5 0 4 1
| you j ust get a bl ank l i ne after ru nni ng
that command, someth i ng has gone wrong.
Doubl e check that you copi ed the modul e
to the proper di rectory and t hen r un depmod
agai n.
Once t he dr i ver i s i nstal l ed and l oaded
up, you wi l l need to confi gure the devi ce.
Runni ng the fol l owi ng commands as root
wi l l get the Wi Fi Connector set up to start
sendi ng out WMB demos:
bash# ifconfig ninusbO up
bash# iwpriv ninusbO rfmontx 1
bash# iwconfig ninusbO mode Monitor
-channel 13 rate 2M
You wi l l now need to down l oad the
Ni nWMB package from:
http : / /mas scat . afraid . org/ ninds /wif_
-apps . php
To bu i l d these appl i cati ons, s i mpl y r un
the fol l owi ng commands:
bash# bunzip2 NinWMB_2 0 0 6 0 6 0 9 b. tar . bz
bash# tar xvf NinWMB_2 0 0 6 0 6 0 9 b. tar
bash# cd . /NinWMB_2 0 0 6 0 6 0 9b
bash# make
Once i nstal l ed, you wi l l r un the wmbhost
progra
.
m by gi vi ng i t the i nterface you want
to use, the channel , and t he . nds fi l e i tsel f.
Make s ure to run wmbhost as root, otherwi se
it wi l l not r un and you wi l l j ust get errors.
bash# cd wmbhost/
bash# . /wmbhost -i ninusbO -c 13 fle
-name . nds
Then start up your Ni ntendo DS, sel ect
Fun with
I nt e rnet
DS Download Play, and fol l ow the on-screen
prompts to downl oad and run the software.
Of course, you wi l l need some . nds fi l es
to actual l y do anyth i ng. As these downl oads
are freel y ava i l abl e over the ai r from demo
ki os ks runni ng i n most maj or retai l ers and
have never been sol d, they are consi dered
l egal to di stri bute. As far as anyone current l y
knows, at l east.
You can downl oad some demos at the
fol l owi ng si tes:
http : / /davr . org/ds2 /demos/
http : / /wiki . akkit . org/Downloadable_Ds_
-Demos
Concl usi on
The Wi Fi Connector i s a usefu l devi ce,
even i f you don ' t own a DS or Wi i . At $40 i t
certai nl y i s not t he cheapest adapter you can
buy, but there i s no questi on that i t i s al so
more capabl e t han most devi ces you wi l l
fi nd o n the shel f a s wel l .
Whether you are run n i ng Wi ndow

or L i nux, you wi l l be abl e to use the WI FI
Connector i n some uni que ways that are not
poss i bl e wi th most other devi ces. I n addi t i on,
due t o i ts speci al i zed nature and software,
the Wi Fi Connector l i kel y won ' t swi tch chi p
sets i n l ater producti on r uns; whi ch is often
a concern when buyi ng Wi Fi hardware for
use wi th L i nux.
I n t he end, t he Ni ntendo Wi Fi USB
Connector offers some tantal i zi ng possi
bi l i t i es consi der i ng i ts pr i ce and avai l abi l ity,
even if Ni ntendo does n t know i t.
I would like to thank Wafe for laying the
groundwork for the 50ft AP conversion and
masscat for his invaluable help and excellent
sofware. Special thanks to my wife, as well
as everyone I don ' t hate.
by route
I nt er net cafe where, for a very reasonabl e
Recent l y when t rave l i ng t o Phucket I
pr i ce </sar casm> of approxi matel y 3 00
stayed at a resort a l ong t he Kamal a Beach
baht ( around ten Aust ra l i an dol l ars at t he
stri p. After a week i n Bangkok and now
t i me) , I wou l d be gi ven a prepri nted code t o
i nto my second week at Phucket I began
access one of t hree PCs connected ( al bei t
suffer i ng technol ogy depravat i on and
s l owl y) to t he I nt er net for 60 mi nutes. Ten
sought t he nearest I nt er net cafe. Fortu-
bucks may not sou nd over pr i ced for a fou r
natel y for me ( and ot hers) t he resort offered
star resort on the beach, but the average
i ts guests an a i r condi t i oned s ma l l sca l ed
dai l y i ncome for a l ocal was arrund
l
[
0 o
Z%
[
ZH0
baht . numer ous s hares di s pl ayed ( most empty),
Anyway, back to the I nternet cafe and even a s pace for the good fol ks wor ki ng
servi ce. The set up offered MSN access,
i n t he ki tchen. F unny. . . I never not i ced
MS Offi ce, I nternet Expl orer 5 . 0, Notepad,
d i gi tal room servi ce. After gett i ng bored
and a few other apps. The PCs t hemsel ves
of attempt i ng to read broken Engl i s h, my
were bes i de t he desks and fu l l y accessi bl e,
i nterest t ur ned towards t hei r l oggi ng capa
a comfortabl e cha i r and decent per i ph-
bi l i t i es. A qu i ck browse to t he . exe' s home
eral s wer e provi ded and, best of al l , I had
d i rectory on s hared . \ was al l i t t ook t o
a chance t o get out of t he heat and cool off
wi th some good O| fash i oned geeki ng.
fi nd l og. txt. A fa i r l y massi ve unencrypted
When you fi rst t ur n the 1 7" LCDs on,
strai ght text fi l e t hat l i sted dates, t i mes, and
you are confronted wi t h a l ogi n screen
codes used to access a l l th ree PCs. To make
consumi ng t he ent i re desktop. You r onl y
th i ngs even eas i er, i t l ogged how l ong each
opt i on i s to enter a l ogi n code and cl i ck
ses s i on l asted. So after l oadi ng t he text fi l e
OK. Al l s hortcuts fai l ed t o cl ose th i s screen
i nto a qui ck VBA app I wrote, I now had
or even pr ompt for more opti ons . I was
a l i st of a l l codes whose sess i ons sti l l had
cur i ous i f t here was i n fact a way around val i d t i me r emai n i ng. Great, I t hought, as
th i s software and j ust how u p t o date thei r I copi ed these down i n a s ma l l notepad,
secur i ty was. Ear l i er that day, I had read
tur ned the I nter net cafe app back on, and
a l ocal a rt i cl e expl ai n i ng how far beh i nd
rebooted t he Pc. After retur n i ng t he PC
thei r I nter net access was, average speeds,
back to t he state i t was i n when I found i t,
coverage, etc.
I went to the bar, had a whi s key and l i me,
So I di sappoi ntedl y entered my al pha-
and refl ected on my after noon ' s act i vi t i es.
n u mer i c l ogi n code and was taken to the
h d d f d h
typi cal Wi nXP desktop, where t he onl y out
T e next ay I retur ne rom oi ng t e
of pl ace i tem was t he l arge counter i n t he
"tour i sty" t h i ng and headed to t he I nter net
top r i ght hand cor ner that counted down
cafe for anot her l ook around. I l ogged i n
my remai n i ng usage t i me. Tas k Manager
wi th one of t he val i d codes I had s cr i bbl ed
was di sabl ed and so was r i ght cl i cki ng. I
down, and u p popped MSN Messenger.
cou l dn ' t termi n ate t h i s cou nter. B ut, u nfor-
The thoughtfu l person before me had obvi
t unatel y for t h i s resort, t hat i s where t he
ous l y r un out of usage t i me ( when t he t i me
secur i ty stopped.
r uns out, t he l ogi n screen opens aga i n -
I thought most l i kel y when these PCs pi ty i f you ' re doi ng you r on l i ne ban k i ng at
were booted up i n the mor n i ng the staff the t i me) . A l essor person wou l d have read
l ogged them i nto Wi ndows and t hrough
thei r ema i l and had some fun, but I wasn ' t
startup, msconfi g, or t he regi stry, th i s
i nterested. I wanted t o know what down
I nternet cafe software l oaded, d i sab l i ng
l oad rest r i ct i ons were i n pl ace. So I opened
a l l speci al keys and consumi ng t he ent i re
I E and vi s i ted 2600, thc, packetstor m,
screen. I was r i ght . I opened msconfi g
etc. but not once was I rest r i cted from
and found i netcafe. exe u nder t he startup
accessi ng these pages. I t hen proceeded
tab. I t cou l dn ' t be that easy, I t hought. So
I u nchecked t hi s opt i on and rebooted t he
t o down l oad and set up a keyl ogger. Once
Pc. I was n ' t ter r i bl y wor r i ed about bei ng
the keyl ogger was i n pl ace and wor ki ng, I
caught "tamper i ng wi t h t hei r computers" as
removed any trace I was t here, and wal ked
I had gi ven a fake name and room n umber
u p to recepti on.
when recei vi ng my 60 mi n ute code.
After a good 20 mi nutes, no one had
Up came t he B I OS and so t oo di d a
any i dea what I was t ryi ng to tel l t hem and
B I OS password prompt . Not i c i ng i t was
I don ' t th i n k they actual l y cared. Bl an k
r un n i ng AWARD bi os, I r emembered s mi l es were a l i i recei ved.
an ol d backdoor AWARD used around I ' d l i ke to al so add that upon retu r n i ng
seven years ago. I entered AwARD_Pw
home a l l efforts to l ocate t he vendor of th i s
and i n I l ogged. Here' s where i t j ust gets
software were usel ess. It appeared they
l azy. Wi ndows l ogged me strai ght i n wi t h
wer e no l onger i n busi ness and wi th code
no furt her aut hent i cati on, and I was now
l i ke that i t ' s not hard to see why.
connected to t he net. No code to track me
from and no t i me restr i ct i ons .
Whi l e what I have j ust descr i bed i s n' t
t he most techn i cal hack, i t does demon
To be honest I was a l i ttl e di sappoi nted i t
t ook fou r mi nutes t o c i rcu mvent thei r secu-
strate j ust how poor s ome secur i ty i s . Never
r i ty so I started l ooki ng around. They had
u nderesti mate anyone the way they u nder
esti mate you .
ulumH Zl
[
0 oY
by Barrett Brown
Ah, the L i brary: Reposi tory of wi sdom,
fr i end of the homel ess and anonymous
computer user s. Li brari es everywhere offer
a wi de var i ety of servi ces. One of the l atent
servi ces they provi de are t he keepi ng of
patron and empl oyee records, wi th every
t hi ng from contact i nformati on, check-out
h i story, fi ne management, and, i n the worst
cases, soci al secur i ty numbers and other
goodi es.
I recent l y began worki ng at a Un i versi ty
l i brary whi ch uses the wor l d' s most popul ar
software for managi ng database i nforma
t i on. The front end of thi s program i s a web
powered and j ava-based pl atform cal l ed
Mi l l en n i u m whi ch accesses the I NNOPAC
backend.
I NNOPAC was created i n 1 985 by I nno
vati ve I nterfaces as a UNI X-based system for
publ i c access to catal ogues and modul es
to support catal ogi ng, ci rcul at i on, seri al s
and acqui si t i ons. I n 1 993 t he fi rst annual
I NNOPAC Users Group ( l UG) conference
was hel d representi ng over 1 50 l i brar i es
and 3 00 members . I n 1 998 Mi l l enni um was
l aunched and has conti nued to expand func
t i onal i ty to i ncl ude database management,
acqui si t i ons, seri al s, i nter l i brary l oan and
management report i ng functi onal i ty. Today
there are over 1 200 I nnovati ve I nterfaces
i nsta l l at i ons ar ound the wor l d in near l y 2 0
l anguages.
What does thi s mean to us and why do
we care? Wel l , for starters t he F BI seems to
care and that al ways makes my ears perk
up. As you ' ve surel y heard by now the F BI
has been t ryi ng t o us e t he Ptr i ot Act t o get
access to l i brary patron records wi t h mi xed
success. Besi des the FBI , there are terror
i sts, l awyers, pr i vate detecti ves, and a l l sorts
of other peopl e who may want access to
someone' s patron record, wi t h or wi thout
permi ssi on.
The defaul t i nterface for empl oyee
connect i on to I NNOPAC at my l i brary i s
t o tel net t o t he I NNOPAC server ( the same
server whi ch i s connected to the I nternet
for publ i c web searches of the l i brary cata
l ogue) and l ogi n wi th a standard username
and password. The fi rst several t i mes I di d
t hi s I di dn' t th i nk much of i t . But I began to
wonder . . . cou l d I tel net from a shel l account
outsi de the l i brary i nter nal domai n and l og
i n usi ng an employee user name (thus gi vi ng
me access t o some admi ni strati ve functi ons) ?
Yep, s ure enough, no probl em tel neti ng r i ght
i n there and gett i ng access fr om across the
country. I wondered i f any other systems
wer e sti l l usi ng i ndi scr i mi nate tel net.
So I went to Googl e and searched for
inurl : innopac and found a vi rt ual pl ethora
of i nnopac l i brary servers. Al l the servers
that were l i sted somethi ng innopac . xxx . edu
were the most obvi ous choi ce. I tel neted i nto
some from a l l over the country. Some had
tel net di sabl ed, some had j ust regu l ar publ i c
ci rcul at i on functi ons enabl ed, but t he others,
oh yes, there were many others. They had
the same fami l i ar tel net l ogi n that I get from
my own l i brary.
The i mpl i cati ons are that any i nterl oper
on a l i brary network can set up a packet
sni ffer and get admi n passwords to the
I NNOPAC database, then tel net i n from
wherever they pl ease. I t ' s l i ke patron records
are easy candy, and remember that t hi s i s
t he most wi del y used l i brary system i n t he
wor l d. Bei ng the good whi te hat that I am
I reported my concerns t o t he I T depart
ment and got some l ackl uster response. They
j ust di dn' t seem to care. Next I posted my
concern to t he l UG mai l l i st and got many
responses. The maj or i ty of responses were
frustrated l i brary empl oyees who have been
pus hi ng t hi s i ssue for years. I t i s a matter of
utter s i mpl i ci ty to di sabl e tel net access and
i nterface wi t h I NNOPAC t hrough SSH, but
for some reason i t ' s j ust not happeni ng.
And so, as my fi nal attempt to hel p the
securi ty of l i brary patron i nformati on every
where I am wri ti ng t hi s art i cl e for 2600. I t
i s my s i ncerest hope that t hi s wi l l have a
more posi ti ve effect t han my tal ks wi th t he
I T peopl e.
http : / /ww. frstamendmentcenter . org/
"news . aspx? id= 1 5 7 0 2
http : / /w. innopacusers . org
http : / /ww. iii . com/
http : / /w. iii . com/mil l / inde" . lhtml
l
[
C Z%
[
ZHC
ne Lt !e and e
Pmer t c an e p
LCogarl
Thi s story is about me and peopl e l i ke me.
I work on a hel p desk and have been doi ng so
for many years. I am a techni cal war veteran
so to speak and there are many l i ke me. I have
seen three desks that I have worked on go to
I ndi a and I have seen good fri ends get l ai d off.
I am tappi ng out some of my observati ons and
cr i t i ci sms of the hel p desk i ndustry and how
great peopl e get ki cked around i n i t.
Li teral l y most peopl e that work on hel p
desks for some t i me fi nd that they have
become what I woul d cal l a techni cal guru.
Especi al l y if you reach that next pi nnacl e of
Ti er Two. Basi cal l y, hel p desks have di ferent
l evel s. Ti er Zero i s a non-techni cal i ni t i al cal l
taki ng person. They wi l l take the i nformati on
and have a Ti er One work on the i ssue and
contact the customer back. Ti er Zeros are
onl y used as overfl ow i n c

se the

e is an i ssue
wi th the phone system or I f al l Ti er Ones are
busy. Ti er Ones are more techni cal but they
must keep thei r cal l s wi thi n a certai n t i me
range, meani ng i f the cal l s start headi ng for
ten mi nutes, then they have been on the cal l
too l ong. Ti er Twos work j ust underneath the
devel opment staff and are abl e to work outsi de
normal real ms of techni cal support. What I
mean is that they are peopl e who have proven
that they can thi nk outsi de the box. They test
i ssues and fi nd possi bl e sol uti ons, and to some
extent even wri te code. I f the probl em i s deter
mi ned to be a code i ssue after massi ve testi ng
then the i ssue i s sent to Ti er J (the devel oper)
for a possi bl e code patch or addi t i onal fi xes
for new code rel ease of the product.
I personal l y have worked a mai nframe
Ti er Two desk for the past si x years. I moved
from New York to Charl otte, NC in 2001 and I
started worki ng for I BM as a contractor. I was
h i red by a company cal l ed Sykes vi a a phone
i ntervi ew. I had worked on two other hel p
desks previ ousl y and I had supported many
di fferent products. I was h i red for my massi ve
experi ence and I started on a Ti er One desk
here i n Charl otte. Wi thi n t hree months I was
approached and asked i f I wou l d consi der Ti er
Two because management had noti ced that I
had the ski l l s of what they cal l ed a troubl e
shooter. Basi cal l y I cou l d t hi nk outsi de of
si mpl y l ooki ng in documents to fi x i ssues, pl us
I had a pretty good phone personal i ty and the
cl i ents l i ked me. I cou l d cal m the harshest
customer down with a few cl ean j okes and
by projecti ng the confi dence that they woul d
concl ude my cal l wi t h them mi nus t he i ssue
ulumH Z
that they had cal l ed about.
When I became a Ti er Two and was bei ng
trai ned by other Ti er Twos, one of the trai ners
remarked to me that the reason they l i ked me
i s that I never asked the same questi on twi ce.
Basi cal l y I retai ned knowl edge and never
needed hel p on the same i ssue twi ce. After
my fi rst month I was known as a bug fi nder,
meani ng I woul d fi nd bugs in code and submi t
i t t o the devel opment group.
Now l et's shoot up t o today. Afer worki ng
on t hi s desk for years now, a l l the peopl e that
trai ned me have moved on to other j obs and
most of the peopl e under me I trai ned. I BM
was forced t o h i re me because some sort of
contract di spute wi th Sykes forced my company
out. I BM was cheap though. I nstead of hi ri ng
me at fu l l cost and as a fu l l empl oyee they
hi red me as a suppl emental . What t hi s means
i s they can pay me l ess than others and y

t
sti l l expl oi t my tal ents. I BM Char l otte has t
.
hl s
tri ck they pu l l . Say that a major company l i ke
a newspaper or restaurant contracts I BM for
thei r hel p desk. Normal l y that contract wou l d
say t hat I BM wi l l provi de, as an exampl e,
1 2 dedi cated hel p desk agents to t hem. But
i n real i ty those 1 2 woul d al so be support i ng
other desks eventual l y (they ki nd of s l i p them
i n) , doubl i ng and tri pl i ng thei r cal l vol ume.
Thi s saves on h i ri ng 24 more peopl e for two
other desks and I BM keeps the profits. So l et's
put t hi s i nto perspecti ve. I BM is contracted to
provi de for three compani es, 1 2 peopl e each,
for a total of Jb peopl e. I n real i ty they provi de
onl y 1 2 peopl e and save tons of money, and I
am sure i ncrease the bonuses of peopl e above
al l of us. They al so keep a few extra contrac
tors around to answer some overfl ow, and of
course i f a customer vi si ts they can dedi cate
1 2 peopl e to the customer cause wh i l e they
are on si te.
They mai nl y do t hi s wi th Ti er One desks
but recentl y they have been doi ng t hi s wi th
Ti er Twos. Ti er Twos now seem to have to
answer Ti er One and Ti er Zero cal l s from
t i me to t i me. Anythi ng for one of the worl d's
ri chest compani es to squeeze more money
out of its empl oyees. Sorry, I know I shou l d
not take corporate pol i cy personal l y, but now
I am the guy doubl i ng cal l s and I am the guy
gett i ng l ai d off to i ncrease someone's bonus.
I n a l i ttl e under two weeks I wi l l be h i tti ng t he
unempl oyment l i nes. I wi l l i f needed provi de
fol l ow-ups and updates al ong wi th further
detai l ed i nformati on about the depl et i ng army
of hel p desk agents in the Un i ted States.
l
[
0
880l8
LOOKING FOR A GRASS ROOTS TECHNI CAL SECURITY
CONFERENCE TO GO TO THIS YEAR? Si gn up today for Security
Education Conference Toronto (www.SecTor.ca). Dubbed the "Bl ack
Hat of the North, " SecTor runs two ful l days, November 20-21 . The
event features keynotes from North America's most respected and
trusted experts. Speakers are true security professionals wi th depth
of understandi ng on topi cs that matter. Many have never presented
i n Canada, and never all at one event!
CELEBRATE COMPUTER HISTORY AT THE VINTAGE
COMPUTER FESTIVAL. The mi ssion of the Vintage Computer
Festival i s to promote the preservation of "obsolete" computers by
offering peopl e a chance to experience the technol ogies, peopl e, and
stori es that embody the remarkabl e tale of the computer revol ution.
The VCF features a speaker series, a hands-on exhi bi ti on of l i ve,
worki ng vintage computers from al l eras of computer history, a
marketplace, a fi l m festival, and more! This year we celebrate 1 0
years of the VCF, so thi s event wi l l be the biggest and best ever. For
more information, vi si t http://www. vintage.org. The game i s afoot!
www.vi ntage.org/special/2007/vcfx/
THE LAST HOPE Jul y 1 8-20, 2008. The Hotel Pennsyl vani a, New
York City. Thi s i s it . . .
f0f 58I0
J!NX-HACKER CLOTHING/GEAR. Ti red of bei ng naked? JI NX.com
has 300+ Ts, sweatshirts, stickers, and hats for those rare ti mes
that you need to leave your house. We've got swag for everyone,
from the buddi ng nOObl et to the vintage geek. So take a five mi nute
break from surfing prOn and check out http://www. JI NX. com. Uber
Secret-Speci al -Mega Promo: Use "2600v24n03" and get 1 0% off
of your order.
SIZE *DOES* MATER! The Twin Towers may be gone forever but
a detailed image sti l l exists of the massive 374-foot radio tower that
was perched atop One World Trade Center. This hi gh qual ity glossy
col or poster i s avail abl e i n two sizes ( 1 6"x20" and 20"x30") and
makes a spectacular gift for engineers, scientists, radio &television
buffs, or anybody who appreciates a uni que, rarely seen view of
the World Trade Center. Visit www.wtc-poster.us for sampl es and to
order your own poster.
VENDI NG MACHI NE JACKPOTTERS, Go to
www. hackershomepage.com for EMP Devices, Lock Pi cks, Radar
Jammers & Controversial Hacki ng Manual s. 407-965-5500
MAKE YOUR SOFTWARE OR WEBSITE USER FRI ENDLY wi th
Foxee, the fri endl y and interactive cartoon bl ue fox! Not everyone
who will navigate your website or software appl i cation wi l l be an
expert hacker, and some users will need a little help! Foxee i s a
hand-ani mated Mi crosoft Agent character that wi l l accept i nput
through voice commands, text boxes, or a mouse, and interact wi th
your users through text, ani mated gestures, and even di gital speech
to hel p guide them through your software wi th ease! Foxee supports
10 spoken l anguages and 31 written languages. She can be added
to your software through C++, VB6, al l . Net l anguages, VBScri pt,
JavaScri pt, and many others! Natively compati bl e with Mi crosoft
Internet Explorer and can work with Mozi l l a Firefox when used with
a free pl ug-i n. See a free demonstration and purchasi ng information
at www.foxee.net!
I P access devices, Vol P products, parental control products, and
ethernet switches. We pri de ourselves on providing the hi ghest level
of technical expertise and customer satisfacti on. Our commitment to
you . . . No surprises! Buy with confidence! Security and Privacy i s our
busi ness! Vi si t us at http://www.OvationTechnol ogy.eom/store. htm.
PHONE HOME. Ti ny, sub-mi niature, 7/1 0 ounce, programmable!
reprogram mabie touch-tone, multi-frequency (DTMF) dialer whi ch
can store up to 1 5 touch-tone di gi ts. Uni t i s hel d agai nst the
tel ephone recei ver' s mi crophone for di al i ng. Press R HOME" to
automatically dial the stored di gits whi ch can then be heard through
the ul tra mi niature speaker. Ideal for E. T. ' s, chi l dren, Al zhei mer
vi cti ms, lost dogS/chi mps, si gnificant others, hackers, and computer
wi zards. Gi ve one to a boy/gi rl friend or to that potenti al " someone"
you meet at a pary, the supermarket, school , or the mal l ; with your
pre-programmed tel ephone number, he/she wi l l al ways be abl e to
cal l you! Al so, ideal if you don' t want to " di scl ose" your telephone
number but want someone to be abl e to cal l you l ocal l y or long
distance by telephone. Key ring/cl i p. Li mited quantity avai l abl e.
Money order only. $24. 95 + $3. 00 5tH. Mai l order to: PHONE HOME,
Ni mrod Di vi si on, 331 N. New Ballas Road, Box 41 0802, CRC,
Mi ssouri 631 41 .
REAL WORLD HACKING: Interested i n rooftops, steam tunnel s,
and the l i ke? Read the al l -new Access Al l Areas, a guidebook to the
art of urban expl orati on, from the author of I nfi l trati on zi ne. Send
$20 postpai d i n the US or Canada, or $25 overseas, to PO Box 1 3,
Station E, Toronto, ON M6H 4E1 , Canada, or order onl i ne at
www.infil tration.org.
FREEDOM DOWNTI ME ON DVD! Years i n the maki ng but we hope
it was worh the wait. A doubl e DVD set that i ncl udes the two hour
documentary, an i n-depth interview with Kevi n Mi tni ck, and nearly
three hours of extra scenes, lost footage, and mi scel l aneous stuf.
Plus capti oni ng for 20 (that's right, 20) l anguages, commentary track,
and a lot of thi ngs you' l l just have to find for yourself! The entire two
di sc set can be had by sendi ng $30 to Freedom Downti me DVD,
PO Box 752, Mi ddl e I sl and, NY 1 1 953 USA or by ordering from our
onl i ne store at http://store. 2600. com. (VHS copies of the film sti l l
avail abl e f or $1 5. )
CABLE T DESCRAMBLERS, New. Each $40 + $5. 00 shi ppi ng,
money order/cash onl y. Works on anal og or analog/digital cabl e
systems. Premi um channel s and possi bl y PPV depending on system.
Compl ete wi th 1 1 Ovac power supply. Purchaser assumes sal e
responsi bi l i ty for noti fyi ng cabl e operator of use of descrambler.
Requires a cabl e lV converter (Le., Radio Shack) to be used with the
uni t. Cabl e connects to the converter, then the descrambler, then
the output goes to lV set tuned to channel 3. CD 9621 Ol i ve, Box
28992-TS, Ol i vettet Sur, Mi ssouri 631 32. Emai l :
cabledescramblerguy@yahoo. com.
80IN8l00
RENEGADE BLACK SHEEP TECH ENTREPRENEUR i n process
of putting flesh on the bones of an encrypted voice communications
project. Do you have experience i n the deep details of VoIP/SIP
protocols, network traffic anal ysis, bi l l i ng system construction, PtoP
routi ng, and so on? Interested i n working with a top-end team to
bui l d a worl d-changi ng tool for regular folks around the world to use
i n thei r everyday l i ves? Contact me at wrinko@hushmai l . com.
TV-B-GONE. Turn off lVs i n publ i c pl aces! Ai rpors, restaurants,
N8M00
bars, anywhere there' s a lV. See why everyone at HOPE Number Six
I AM COLLECTING the direct (non-tol l -free) tel ephone numbers that
loved i t. Turni ng off TVs really i s fun. $20.00 each.
will connect directly to the airport ai rl i ne counters of the fol l owi ng
www.lVBGone.com
airlines: Ameri can, Conti nental , US Air, Southwest, Delta, Northwest,
NET DETECTIVE. Whether you' re just curi ous, trying to locate or find
and United i n major cities so that if I am ever bounced or a flight i s
out about peopl e for personal or busi ness reasons, or you' re l ooki ng
del ayed or cancel ed, I can reach someone di rectl y and personall y
for peopl e you' ve fal l en out of touch wi th, Net Detective makes it al l
wi th a non 800 number who can do somethi ng i mmediately. The
possi bl e! Net Detective i s used worldwide by private investigators
airport airline counter personnel usually know i mmediately and/or
and detectives, as wel l as everyday people who use it to find lost
can rebook, etc. without delay. Please emai l :
relatives, ol d hi gh school and army buddi es, deadbeat parents, lost
us. ai rl i nes@yahoo. com.
loves, peopl e that owe them money, and just pl ai n ol d snoopi ng
HELP! I want to set up a voice bri dge chat l i ne for hackers but need
around. Visit us today at www.netdetective. org. uk.
the software. Cal l me at (21 3) 5958360 (Ben) or
JEAH. NET supports 2600 because we read too! JEAH. NET
www. UndergroundCl assifieds. com.
s
s
.t`s
c
f
O
.
t
i
b
-
S
a-sk web
50f9l008
hosti ng, 1 00% private and secure domain registration sol uti ons and
HAVE A PROBLEM WITH THE LAW? DOES YOUR LAWYER NOT
aggressivemerchant sol uti ons! 2600 readers' setup fees are waived
UNDERSTAND YOU? Have you been charged wi th a computer
at JEAH. NET.
related cri me? Is someone threateni ng to sue you for somethi ng
NETWORKI NG AND SECURITY PRODUCTS avail abl e at
technol ogy related? Do you j ust need a lawyer that understand IT
OvationTechnol ogy. com. We' re a suppl i er of Network Security and
and the hacker cul ture? I 've publ ished and presented at HOPE and
Internet Privacy products. Our online store features VPN and firewall
Defeon on the law facing technology professionals and hackers al i ke.
hardware, wi rel ess hardware, cabl e and DSL modems/routers,
I'm both a lawyer and an IT professi onal . Admitted to practice law
l
[
0 Z
Z%
[
ZH0
in Pennsylvani a and New Jersey. Free consul tation to 2600 readers.
http://muentzlaw.com al ex@muentzl aw. com (21 5) 806-4383
PIMP YOUR WI RELESS ROUTER! hl1p:llpacketprotector.org. Add
VPN, IPS, and web AV capabi l ities to your wireless router wi th free,
open-source firmware from PacketProtector.org
HACKER TOOLS TREASURE BOX! You get over 650 l i nks to
key resources, plus our proven tricks for rooting out the hard-to
fi nd tool s, instantly! Use to build your own customized hacker
(AHEM, network security) tool ki t. http://FortressDataProtection.
com/securitybook
ADVANCED TECHNICAL SOLUTIONS. #422 - 1 755 Robson Street.
Vancouver, B.C. Canada V6G 3B7. Ph: (604) 928-0555. Electronic
countermeasures - fi nd out who i s secretly videotaping you or
buggi ng your car or office. "State of the Art" detection equi pment
uti l i zed.
I NCARCERATED 2600 MEMBER NEEDS COMMUNITY HELP
to bui l d content i n free classified ad and "l ocal busi ness directory"
i n 50 countries. John Lambros, the founder of Boycott Brazi l , has
launched a FREE classified ad, want ad, and local business directory
i n 50 global markets. The mission i s si mpl e: "free help to bi l l i ons of
people l ocating jobs, housi ng, goods and services, social activities,
a gi rlfriend or boyfriend, community information, and just about
anythi ng el se i n over one mi l lti on neighborhoods throughout the
world al l for FREE. HELP ME OUT! SPREAD THE WORD! Please
vi si t www.NoPayClassifieds.com and add some content. I t will take
al l of five or ten mi nutes. Links to "No Pay Cl assifieds" are also
greatly appreciated.
SUSPECTED OR ACCUSED OF A CYBERCRI ME I N ANY
CALIFORNI A OR FEDERAL COURT? Consul t wi th a semantic
warrior committed to the liberation of information. I am an aggressive
cri mi nal defense lawyer speci al i zi ng i n the fol l owi ng types of cases:
cri mi nal copyright i nfri ngement, unauthorized computer access, theft
of trade secrets, identity theft, and trademark i nfri ngement. Contact
Omar Figueroa, Esq. at (41 5) 986-5591 , at omar@stanfordal umni .
org, or at 506 Broadway, San Francisco, CA 941 33-4507. Graduate
of Yale College and Stanford Law School , and Gerry Spence's Trial
Lawyers Col l ege. Compl i mentary case consultation for 2600 readers.
Al l consultations are strictly confidential and protected by the
attorney-client pri vi l ege.
INTELLIGENT HACKERS UNI X SHELL. Reverse. Net i s owned
and operated by i ntel l igent hackers. We believe every user has the
right to onl i ne securi ty and privacy. I n today' s hosti l e anti -hacker
atmosphere, i ntel l igent hackers requi re the need for a secure pl ace
to work, compil e, and explore wi thout big-brother l ooki ng over
their shoulder. Hosted at Chi cago Equi ni x with Juni per Filtered
DoS Protection. Mul ti pl e FreeBSO servers at P4 2.4 ghz. Affordable
pri ci ng from $5/month wi th a money back guarantee. Lifetime 26%
di scount for 2600 readers. Coupon code: Save2600. http://www.
reverse. net
ANTI-CENSORSHI P L1NUX HOSTI NG. Kaleton Internet provides
afordable web hosti ng, email accounts, and domain registrations
based on dual processor P4 2.4 GHz Linux servers. Our hosti ng
pl ans start from onl y $8. 95 per month. Thi s i ncl udes support for
Python, Perl , PHp MySQL, and more. You can now choose between
the USA, Singapore, and other offshore locations to avoid censorshi p
and guarantee free speech. We respect your privacy. Payment can
be by E-Gol d, PayPal , credit card, bank transfer, or Western Uni on.
See www.kaleton.com for detai l s.
ARE YOU TI RED of receiving pi les of credit card offers and other
postal spam? You can' t just throw them i n the trash or recycle them
as someone coul d get a hol d of them and use them to steal your
i denti ty. You can' t just let them pi l e up on your ki tchen tabl e. So
instead you have to be bothered wi th shreddi ng and di sposi ng of
them. Wel l , not anymore. Operati onMai l Back. com has a free sol uti on
for you. Al l costs of disposal i ncl udi ng delivery wi l l be paid by the
company responsi bl e for sendi ng the stuff to you. Stop wasting
your valuable time dealing with messes other people are responsi bl e
for creati ng. Check out our newl y redesigned website for compl ete
information and take back your mai l box.
BEEN ARRESTED FOR A COMPUTER OR TECHNOLOGY
RELATED CRI ME? Have an i dea, i nventi on, or busi ness you want to
buy, sel l , protect, or market? Wish your attorney actual l y understood
you when you speak? The Law Office of Mi chael B. Green, Esq.
i s the solution to your 2 1 st century legal probl ems. Former SysOp
and member of many private BBS's si nce 1 981 now available to
directly represent you or bridge the communications gap and assist
your current legal counsel . Extremely detailed knowl edge regarding
cri mi nal and civil l i abi l ity for computer and technol ogy related actions
( 1 8 U. S. C. 1 028, 1 029, 1 030, 1 031 , 1 341 , 1 342, 1 343, 251 1 , 251 2,
ECPA, OMCA, 1 996 Telecom Act, etc. ) , domai n name di sputes,
i ntel l ectual property matters such as copyrights, trademarks,
licenses, and acquisitions as wel l as general busi ness and corporate
law. Over eleven years experience as i n-house legal counsel to a
computer consul ti ng busi ness as wel l as an over 20 year background
i n computer, telecommuni cati ons, and technol ogy matters. Publ ished
law review articles, contributed to nationall y publ ished books, and
submitted briefs to the United States Supreme Court on Internet and
technology related issues. Admitted to the U. S. Supreme Court, 2nd
Ci rcui t Court of Appeals, and al l New York State courts and fami l i ar
wi th other j urisdictions as wel l . Many attorneys wi l l take your case
without any considerati on of our cul ture and wi l l see you merely as
a source of fees or worse, wi th i l l -conceived prejudices. My office
understands our culture, i s sympathetic to your situation, and wi l l
treat you wi th the respect and understandi ng you deserve. No fee
for the i niti al and confi denti al consultation and, if for any reason we
cannot hel p you, we wi l l even try to fi nd someone else who can at no
charge. So you have nothi ng to lose and perhaps everythi ng to gai n
by contacting us fi rst. Vi si t us at: http://www. computorney.com or
cal l 51 6-9WE-HELP (51 6-993-4357).
00000l8
OFF 7HE HOOK i s the weekl y one hour hacker radio show
presented Wednesday ni ghts at 7: 00 pm ET on WBAI 99. 5 FM i n
New York City. You can al so tune i n over the net at www.2600.
com/offthehook or on shortwave i n North and South Ameri ca at
741 5 khz. Archives of al l shows dating back to 1 988 can be found
at the 2600 site i n mp3 format! Shows from 1 988-2006 are now
avail abl e i n DVD-R high fidelity audi o for onl y $1 0 a year or $1 50 for
a lifetime subscri pti on. Send check or money order to 2600, PO Box
752, Mi ddl e I sl and, NY 1 1 953 USA or order through our onl i ne store
at http://store. 2600. com. Your feedback on the program i s always
welcome at oth@2600. com.
INFOSEC NEWS i s a privately run, medi um traffic l i st that caters to
the di stri buti on of information security news articles. These articles
come from such sources as newspapers, magazi nes, and onl i ne
resources. For more information, check out:
http://www.infosecnews.org.
CHRISTIAN HACKERS' ASSOCIATION: Check out the web page
http://www. christianhacker.org for details. We exist to promote a
communi ty for Chri stian hackers to di scuss and i mpact the realm
where faith and technology intersect for the purpose of seeing l i ves
changed by God' s grace through faith i n Jesus.
PHONE PHUN. http://phonephun. us. Bl og devoted to interesting
phone numbers. Share your finds!
F0f808I8
I N SEARCH OF CONTACTS, pen pal s, and friends worldwide.
Incarcerated SWM, bl ond hair, gray eyes, 6', 1 80 I bs, will reply to al l .
Interested and experi enced i n hacki ng, privacy, off-shire banki ngl
trusts, counterintel l i gence and electronic warfare, or anythi ng you
want to talk about. Send cards, letters, and photos - will respond to
al l . D. Coryel l , T681 27/D3-247, PO Box 8504, Coal i nga, CA 932 1 0.
OFFLI NE OUTLAW IN TEXAS needs some hel p i n devel opi ng
programmi ng ski l l s. Interested i n Perl and Javascri pt. Al so pri vacy i n
al l areas. Library here i s inadequate. Feel free to drop those Bi l l Me
Later cards, add me to the mai l i ng l i sts, etc . . Thanks to al l those who
have hel ped me so much al ready, you know who you are. Wi l l i am
Li ndley 822934, CT Terrel l , 1 300 FM 655, Rosharon, TX 77583-8604
PRISONER SEEKS FRIENDS to hel p with book review lookups
on Amazon by keywords. Com Sci major, thirsty to catch up to the
real world before my reentry. I have my own funds to buy books. I
only need reviews. I ' m MUO/MMORPG savy i n C++, Java, Python,
PHp MySQL. DirectX. Ken Roberts J60962. 450- 1 -28M. PO Box 9,
Avenal, CA 93204.
WHEN THE BULLET HITS THE BONE. Bored and l onel y phone
nerd. Got some ti me left i n our nation's wonderful corrections
system. Looki ng for pen pal s to hel p pass the time. Interests i ncl ude
(not l i mited to) telecom, computers, pol i ti cs, musi c (punk rock,
i ndustrial, etc. ) , tats, urban exploration. 23, white mal e, 6' 1 ", 1 90 I bs,
bl ack hai r, green eyes, a few tats. Wi l l respond to al l . Mi chael Kerr
09496-029, FCI Big Spri ng, 1 900 Si mlar Ave. , Bi g Spri ng. T 79720.
LOOKI NG FOR PEOPLE to teach me programmi ng related ski l l s. I
have not been abl e to learn very much on my own so if any of you
would l i ke to pass on your knowledge to a future hacker please
contact me. I l i ve i n hi ck-vi l l e, so I do not currentl y have the Internet
but will get reconnected i n approximately 2-3 months. Please write to
me: Cerberus at 24 Ray St. , Keene, T 76059. Any knowl edge at all
wi l l be greatly appreciated.
SEEKING NON-STAGNANT MI NDS for mutual i I I uminationl
exchange of thoughts and i deas. Three years left on my sentence
and even wi th al l my coachi ng the walls sti l l can' t carry a decent
conversation. Interests include crptography, security, conspiracy
theories, marial arts, and anythi ng computer related. Al l letters
replied to. Max Rider, SBI #00383681 D. C. C . 1 1 81 Paddock Rd. ,
Smyrna, DE 1 9977.
090dl80lZ00|
ONLY SUBSCRIBERS CAN ADVERTISE I N 2! Don' t even thi nk
about tryi ng to tEake out an ad unl ess you subscri be! Al l ads are free
and there i s no amount of money we will accept for a non-subscri ber
ad. We hope that' s cl ear. Of course, we reserve the ri ght to pass
judgment on your ad and not print it if it's amazi ngl y stupi d or has
nothing at al l to do with the hacker world. We make no guarantee as
to the honesty, righteousness, sanity, etc. of the people adverti sing
here. Contact them at your peri l . Al l submi ssi ons are for ONE
ISSUE ONLY! I f you want to run your ad more than once you must
resubmit it each ti me. Don' t expect us to run more than one ad for
you i n a si ngl e i ssue ei ther. Incl ude your address labeVenvel ope or a
photocopy so we know you' re a subscri ber. Send your ad to: 2600
Marketplace, PO Box 99, Mi ddl e I sl and, NY 1 1 953.
Deadline for Winter issue: 1 211/07.
ulumH Zl[
0 J
Z%
[
ZH0
"!OQ//C QOOO OOQ3y/O//OO//OC /O QuO0C
33//5 /5 /O O/u/OOyv//OO. ~ || dIO
STAFF
b0 O|- R- D
Emmanuel Gol dstei n
LBOU BR0 S @R
ShapeShi ft er
OV|
Dabu Ch' wal d
L C NBRB@|
Tampr uf
W| |S. Ber ni e S , Bi l l sf, Bl and
Inqui si tor, Eri c Corl ey, Dragorn, John
Drake, Paul Estev. Mr. French. Javaman,
Joe630, Ki ngpi n. Lucky225, Kevi n
Mi t ni ck, The Prophet . Redbi rd, Davi d
Ruderman, Screamer Chaoti x, Sephai l ,
Seraf, Si l ent Swi tchman, StankDawg, Mr.
Upsetter
Webmasters: Jui ntz, Kerry
Network Operat i ons: css
Qual i ty Degradati on: ml c
Broadcast Coordi nators:
J ui ntz. thai
2 (ISSN 0749-3851, USPS 003- 1 76);
Autumn Z/, Volume Z4 Issue o, is
publshed quarery by 2600 Enterprises Inc. ,
Z Flowerield, St. James, /Y /o.
Periodical postage rates paid at
St. James, /Yand additional mailing
ofices.
POSTMASTER:
Send address changes to: 2600
|L. Box 752 Mi ddl e I sl and,
NY 1 1 953-0752.
SUBSCRI PTION CORRESPONDENCE:
ZO Subscri pti on Dept. , |L. Box 752,
Mi ddl e I sl and, NY 1 1 953-0752 USA
(subs@2600. com)
IRC Admi ns: achmet, beave, carton,
dukat , enno, faul , koz, man gal a, mcfl y,
rOd3nt, rdnzl , shardy, sj . smash, xi
Inspi rat i onal Musi c: The Smi t hs,
Leon Redbone, The Pol yphoni c Spree,
Jacob Mi l l er
Shout Outs: Lur i d, Vi rgi l , Mescal i to,
Sham, Zap, tOm, gorph, Russel l , London
2600, t he peopl e of the
Chaos Camp, t he Ital i an embassy,
"Hopscotch"
RIP: Joybubbl es
Hel l o: Deetl e
YEARLY SUBSCRI PTIONS:
U. S. and Canada - $20 i ndi vi dual , $50
corporate (U. S. Funds)
Overeas - $30 i ndi vi dual , $65 corporate
Back i ssues avai l abl e for 1 984-2006 at
$20 per year, $26 per year overseas
I ndi vi dual i ssues avai l abl e from 1 988 on
at $5. 00 each, $6. 50 each overseas
LETTERS AND ARTICLE
SUBMISSIONS:
ZOEdi tori al Dept. , |L. Box 99, Mi ddl e
I sl and, NY 1 1 953-0099 USA
(letters@2600. com, arti cles@2600. com)
2Ofice Line: +1 631 751 2600
2 Fax Line: +1 631 474 2677
Copyri ght (c) 2007; 2600 Enterprises I nc.
ulumH Z
l[
0
ARGENTINA
Buenos Aires: I n the bar at San
Jose 05.
AUSTRAUA
Melbourne: Caffeine at ReVault
Bar, 16 Swanston Walk, near
Mel bourne Central Shpping
Centre 6:30 pm.
Sydney: The Crystal Pal ace, front
bar/bistro, opposite the bus station
area on George St. at Central
Station. 6 pm.
AUSTRIA
Graz: Cafe Haltestelle on
Jakomi ni platz.
BRAZIL
Belo Horizonte: Pelego' s Bar at
Assufeng, near the payphone.
6 pm.
CANADA
Alberta
Calgary: Eau Claire Market food
court by the bland yellow wal l .
6 pm.
British Columbia
Vancouver: The Steamworks,
375 Water SI.
Victoria: LV Bakery and Cafe,
1 701 Government 8t.
Manitoba
Wi nni peg: St. Vital Shoppi ng
Centre, food court by HMV.
New Brunswick
Moncton: Champlai n Mal l food
court, near KFC. 7 pm.
Ontario
Barrie: Wi l l i am' s Coffee Pub, 505
Bryne Drive. 7 pm.
Guel ph: Wi l l i am' s Coffee Pub,
492 Edi nbourgh Road South.
7 pm.
Ottawa: World Exchange Pl aza,
1 1 1 Al bert SI. , second floor.
6:30 pm.
Toronto: Col l ege Park Food
Court, across from the Taco 8el l .
Waterloo: Wi l l i am' s Coffee Pub,
1 70 University Ave. West. 7 pm.
Windsor: University of Windsor,
CAW Student Center commons
area by the large window. 7 pm.
Quebec
Montreal: Bell Amphitheatre,
1 000, rue de l a Gaucheti ere.
CHINA
Hong Kong: Paci fi c Coffee i n
Festi val Walk, Kowl oon Tong.
7 pm.
CZECH REPUBLIC
Prague: Legenda pub. 6 pm.
DENMARK
Aalborg: Fast Eddi e' s pool hal l .
Aarhus: I n the far corner of the
DSB cafe i n the railway station.
Copenhagen: Cafe Bl asen.
Sonderborg: Cafe Oruen. 7: 30
pm.
EGYPT
Port Sai d: At the foot of the
Obel i sk ( EI Mi ssal l ah) .
ENGLAND
Brighton: At the phone boxes
by the Seal ife Centre (across the
road from the Palace Pi er). 7 pm.
Payphone: (01 273) 606674.
Exeter: At the payphones,
Bedford Square. 7 pm.
London: Trocadero Shopping
Center (near Piccadi l l y Circus) ,
lowest l evel . 6: 30 pm.
Manchester: Bul l s Head Pub on
London Rd. 7 : 30 pm.
Norwich: Borders entrance to
Chapelfield Mal l . 6 pm.
Readi ng: Afro Bar, Merchants
Pl ace, off Fri ar St. 6 pm.
FI NLAND
Hel si nki : Fenniakortteli food court
(Vuorikatu 1 4) .
FRANCE
Grenoble: Eve, campus of St.
Martin d' Heres. 6 pm.
Paris: Pl ace de l a Republ i que,
near the (empty) fountai n. 6: 30
pm.
Rennes: I n front of the store "Bl ue
Box" cl ose to Pl ace de l a Repub
l i que. 8 pm.
GREECE
Athens: Outside the bookstore
Papaswtiriou O the corner of
Patision and Stournari . 7 pm.
IRELAND
Dubli n: At the phone booths
on Wicklow 8t. beside Tower
Records. 7 pm.
ITALY
Mi l an: Piazza Loreto in front of
McDonal ds.
JAPAN
Tokyo: Li nux Cafe i n Aki habara
di stri ct. 6 pm.
NEW ZEALAND
Auckl and: London Bar, upstairs,
Wellesley SI., Auckland Central .
5:30 pm.
Christchurch: Java Cafe, corner
of Hi gh 8t. and Manchester St.
6 pm.
Wel l i ngton: Load Cafe i n Cuba
Mal l . 6 pm.
NORWAY
Oslo: Osl o Sentral Train Station.
7 pm.
Tromsoe: The upper floor at Bl aa
Rock Cafe, Strandgata 1 4. 6 pm.
Trondhel m: Ri ck' s Cafe i n
Nordregate. 6 pm.
PERU
Li ma: Barbi l oni a (ex Apu Bar) , en
Alcanfores 455, Miraflores, at the
end of Tarata St. 8 pm.
SCOTLAND
Glasgow: Central Station,
payphones next to Platform 1 .
7 pm.
SOUTH AFRICA
Johannesburg (Sandton City) :
Sandton food court. 6:30 pm.
SWEDEN
Gothenburg: 2nd fl oor i n Burger
Ki ng at Avenyn. 6 pm.
Stockhol m: Outside Lava.
SWITZERLAND
Lausanne: I n front of the MacDo
beside the train station.
UNITED STATES
Alabama
Auburn: The student lounge
upstairs i n the Fay Union Bui l di ng.
7 pm.
Huntsvi l l e: Stanl ieo's Sub Vi l l a on
Jordan Lane.
Tuscaloosa: McFarl and Mal l food
court near the front entrance.
Arizona
Tucson: Borders i n the Park
Mall. 7 pm.
California
Irvine: Panera Bread, 3988
Barranca Parkway. 7 pm.
Los Angeles: Union Station,
corner of Macy &Alameda. I nside
mai n entrance by bank of phones.
Payphones: (21 3) 972-951 9,
9520; 625-9923, 9924; 61 3-9704,
9746.
Monterey: London Bridge Pub,
Wharf #2.
Sacramento: Round Table Pizza
at 1 27 K SI.
San Di ego: Regents Pi zza, 41 50
Regents Park Row #1 70.
San Francisco: 4 Embarcadero
Pl aza (i nsi de). 5:30 pm.
San Jose: Outside the cafe at the
MLK Li brary at 4th and E. San
Fernando. 6 pm.
Colorado
Boulder: Wi ng Zone food court,
1 3th and Col l ege. 6 pm.
Denver: Borders Cafe, Parker and
Arapahoe.
District of Columbia
Arlington: Pentagon City Mal l by
the phone booths next to Panda
Express. 6 pm.
Florida
Ft. Lauderdale: Broward Mal l i n
the food court. 6 pm.
Gai nesvi l l e: I n the back of the
University of Florida's Reitz Uni on
food court. 6 pm.
Melbourne: House of Joe Coffee
House, 1 220 W New Haven Ave.
6 pm.
Orlando: Fashion Square Mat i
Food Court between Hovan
Gourmet and Manchu WO|. 6 .
Tampa: University Mal l i n the
back of the food court on the 2nd
floor. 6 pm.
Georgia
Atlanta: Lenox Mall food court.
7 pm.
Idaho
Boise: BSU Student Union
Bui l di ng, upstai rs from the mai n
entrance. Payphones: (208) 342-
9700, 9701 .
Pocatell o: College Market, 604
South 8th SI.
I l l i nois
Chicago: Nei ghborhood Boys and
Gi rl s ClUb, 2501 W. I rvi ng Park
Rd. 7 pm.
I ndi ana
Evansvi l l e: Barnes and Noble
cafe at 624 S Green River Rd.
Ft. Wayne: Gl enbrook Mal i lood
court in front of Sbarro's. 6 pm.
Indianapolis: Au Bon Pai n, 901
I ndi ana Ave.
South Bend (Mishawaka):
Barnes and Noble cafe, 4601
Grape Rd.
Iowa
Ames: Memorial Union Bui l di ng
food court at the I owa State
University.
Kansas
Kansas City (Overland Park):
Oak Park Mall food court.
Wichita: Riversi de Perk, 1 1 44
Bitting Ave.
Louisiana
Baton Rouge: I n the LSU Uni on
Bui l di ng, between the Tiger Pause
& McDonal d' s. 6 pm.
New Orleans: Z'otz Coffee House
uptown at 821 0 Oak Streel. 6 pm.
Mai ne
Portl and: Mai ne Mal l by the
bench at the food court door.
Maryland
Baltimore: Barnes & Noble cafe
at the I nner Harbor.
Massachusetts
Boston: Prudenti al Center Pl aza,
terrace food court at the tabl es
near the windows. 6 pm.
Marlborough: Solomon Park Mal l
food court.
Northampton: Downstairs of
Haymarket Cale. 6:30 pm.
Michi gan
Ann Arbor: Starbucks i n The
Galleria on South University.
Mi nnesota
Bloomington: Mall of Ameri ca,
north si de food court, across
from Burger King & the bank
at payphones that don't take
incoming cal l s.
Missouri
Kansas Ci ty (Independence):
Barnes & Nobl e, 1 91 20 East
39th SI.
St. Loui s: Gal l eri a Food Court.
Springfield: Borders Books and
Musi c coffeeshop, 3300 South
Gl enstone Ave. , one block south
of Battlefield Mal l . 5:30 pm.
Nebraska
Omaha: Crossroads Mall Food
Court. 7 pm.
Nevada
Las Vegas: McMul l an' s Pub, 4650
W. Tropicana Ave. (across the
street from The Orl eans Casi no).
7 pm.
New Mexico
Albuquerque: Universi ty of New
Mexico Student Union Bui l di ng
(pl aza "l ower" l evel l ounge), mai n
campus. Payphones: 505843
9033, 505-843-9034. 5:30 pm.
New York
New York: Citigroup Center, i n the
lobby, near the payphones, 1 53
E 53rd St. , between Lexington
& 3rd.
Rochester: Panera Bread, 2373
West Ridge Rd. 7:30 pm.
North Carolina
Charlotte: South Mall food
court. 7pm.
Raleigh; Royal Bean coffee
shop on Hi l l sboro Street (next to
the Playmakers Sports Bar and
acroSs from Meredith Col l ege).
Wi l mi ngton: The Connection
lnternet Cafe, 2501 Raci ne Drive,
Raci ne Commons Shopping
Center.
North Dakota
Fargo: West Acres Mall food court
by the Taco John' s.
Ohi o
Ci nci nnati : The Brew House,
1 047 East McMi l l an. 7 pm.
Cleveland: University Ci rcl e
Arabi ca, 1 1 300 Juni per Rd.
Upstai rs, turn ri ght, second room
on left.
Col umbus: Convention center on
street level around the corner from
the food court.
Dayton: TGI Friday's off 725 by
the Dayton Mal l .
Oklahoma
Oklahoma City: Cafe Bel l a,
southeast corner of SW 89th St.
and Penn.
Tulsa: Promenade Mal l food
court.
Oregon
Portland: Backspace Cafe, 1 1 5
NW 5th Ave. 6 pm.
Pennsylvania
Allentown: Panera Bread, 31 00
West Til ghman SI. 6 pm.
Philadelphia: 30th SI. Station,
southeast food court near mi ni
post office.
South Carol i na
Charleston: Northwoods Mal l
i n the hal l between Sears and
Chi k-Fi l -A.
South Dakota
Sioux Falls: Empi re Mal l , by
Burger Ki ng.
Tennessee
Knoxvi l l e: Borders Books Cafe
across from Westown Mal l .
Memphis: Atlanta Bread Co. ,
4770 Popl ar Ave. 6 pm.
Nashvi lle: Vanderbilt University
Hill Center, Room 1 5 1 , 1 231 1 8th
Avenue South. 6 pm.
Texas
Austi n: Spi der House Cafe, 2908
Fruth St. , front room. 7 pm.
Houston: Ni nta' s Express i n front
of Nordstrom's i n the Gal l eri a Mal l .
San Antoni O: North Star Mal l
food court. 6 pm.
Utah
Salt Lake City: ZCMI Mall i n The
Park Food Court.
Vermont
Burlington: Borders Books at
Church SI. and Cherry SI. on the
second fl oor of the cafe.
Virgi ni a
Arli ngton: (see District of
Col umbi a)
Virginia Beach: Lynnhaven Mal l
on Lynnhaven Parkway. 6 pm.
Washington
Seatlle: Washington State
Convention Center. 2nd l evel ,
south si de. 6 pm.
Wisconsin
Madison: Union South (227 N.
Randal l Ave. ) on the lower level i n
the Marti n Luther Ki ng Jr. Lounge.
Payphone: (608) 251 -9909.
All meetings take place on the
first Frday of the month. Unless
otherise noted, they start at
pm local time. To star a meeting
in your city send email to
meetings@2600.com.
l[
0 Z %
[
ZH0