Copy Link
Add to Bookmark
Report
INFORMATIK Volume 1 Issue 2
+=============================================================================+
| ## ## ## ###### ###### ###### ### ### ###### ###### ## ## ## |
| ## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## |
| ## ## ### ##### ## ## ###### ## ## ###### ## ## #### |
| ## ## ## ## ###### ## ## ## ## ## ## ## ## ## ## |
+=============================================##==============================+
| Jan 10, 1992|
| [ The Journal of Privileged Information ] |
| |
+-----------------------------------------------------------------------------+
| Issue 02 By: 'Above the Law' |
+-----------------------------------------------------------------------------+
| |
|Informatik--Bringing you all the information you should know... |
| and a lot you shouldn't... |
| |
+=============================================================================+
/* Introduction */
By the Informatik staff
Well, we're proud to present Issue #2 of Informatik Journal.
Issue #1 was very well received, and we hope to continue to get good reviews
>from our readers.
This issue once again includes articles on a variety of subjects
related to hacking and phreaking, along with a special report on HoHoCon
1991. Both of our editors were on hand at the Con, which was not to be
missed.
Please note, the Internet address "@shake" found in some releases of
Informatik #1 no longer exists, and the owner is not affiliated with this
journal, and mail should NOT be sent there. We are happy to announce that we
have obtained a permanent Internet address. The address is:
inform@doc.cc.utexas.edu
Please direct submissions, suggestions, and subscription requests to that
address. Our subscription and submissions policies are included in this
issue.
Informatik can also be obtained via FTP at the CUD archives, which
are at the following address:
ftp.cs.widener.edu
Informatik is in the directory /pub/cud/misc. Back issues of Informatik,
along with many other t-files, including Phrack, CUD, and NIA can be found
at the site.
Enjoy,
Mack Hammer & Sterling
[Editors]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*DISCLAIMER*
Informatik Journal is printed for informational purposes only. We
do not recommend or condone any illegal or fraudulent application of
the information found in this electronic magazine. As such, we
accept no liability for any criminal or civil disputes arising from
said information.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================
============== - CONTENTS - ===============
================ Issue 02 =================
======= Release date January 10, 1991 =====
===========================================
01) Issue #2 Introduction
By: Mack Hammer & Sterling
02) HoHoCon 1991
By: Mack Hammer
03) The HP3000's 'SECURITY/3000' system (part 1)
By: Sterling
04) Inside NORAD
By: Anonymous NORAD Insider
05) Magnetic Strip Technology
By: Count Zero
06) Tid-Bytes
By: the Informatik Staff
07) Hot Flashes--The Underground News Report
By: Various Sources
08) Submission and Subscription Information
By: the Informatik Staff
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
::*::*::*::*::*::*::*::*::*::*::*::*::*::*::*::
:*: :*:
:*: HohoCon '91: The Sordid Details :*:
:*: :*:
:*: by: Mack Hammer :*:
:*: :*:
::*::*::*::*::*::*::*::*::*::*::*::*::*::*::*::
December 27 - 29, 1991, Houston was invaded by some 80 plus hackers
and telecommunications enthusiasts from around the country. HohoCon '91 was
a marked success, unlike its predecessor, HohoCon '90. The con, sponsored by
NIA and dFx, was very well organized, with Drunkfux, Judge Dredd, and Lord
MacDuff taking the brunt of the organizing on their shoulders. Vision was
also acknowledged as one of the organizers, but was out of town and couldn't
make the Con.
The Con was held at the Airport Hilton near Intercontinental Airport
in Houston, Texas, and was a three-day event, although almost all of the
business was taken care of on Saturday the 28th. Thanks to the organizers'
securing an entire wing separate from the rest of the hotel and a large
conference room, the conferees went unmolested for the whole of the weekend.
Friday the 27th
~~~~~~~~~~~~~~~
Most of the guests started arriving during the afternoon of Friday
the 27th. After laying around/getting acquainted for most of the day,
Hunter (who provided valuable assistance with entertainment all weekend)
contacted Rogue, who provided spirits (at cost) for the night. After
bringing in some 300 dollars worth of hard liquor, the party began.
While the events that ensued that evening are somewhat foggy for
this writer, I will attempt to detail some of the highlights. Everyone
wandered in and out of the conference room (where the liquor was located)
and basically got smashed and swapped hacker war stories. It was then that
Doc Cypher made the unofficial introductory address of the Con. The entire
group cheered and jeered as Doc, in a drunken stupor, took a nostalgic look
back at some of the great NUIs, systems, services, etcetera that marked
hacking in the Eighties.
The party then moved to the room of MC Allah (who was passed out on
the bed after drinking beer all day and capping it off with some mixed
drinks that night). A VCR was set up, and a group of about 20 people
watched "Necromantic," a European porn flick featuring, you guessed it, the
dead. After the movie, everyone split up and either went to bed or drank
the night away, talking about the old times.
Saturday the 28th
~~~~~~~~~~~~~~~~~
The actual conference was scheduled to begin at noon on Saturday,
but due to massive hangovers, was postponed until 2 pm. At 2 pm somewhere
between 80 and 100 people made their way into the conference room to hear
speeches by various members of the hack/phreak community.
Drunkfux started things off with a few introductions and some
general announcements about the Con, and then introduced Bruce Sterling, the
first speaker. Bruce, the writer of several cyberpunk novels including his
most recent release, The Difference Engine (with William Gibson), was basically
the celebrity of the Con, and spoke as a member of the Austin Branch of the
Electronic Frontiers Foundation. As you should know, the EFF is concerned with
protecting the civil liberties of computer users and telecommunications
enthusiasts. Mail can be sent to the EFF at eff.org, or the Austin Branch can
be contacted at eff-a.tic.com.
The next speaker was Steve Ryan from World View Magazine. World
View is an electronic magazine which also concerns civil liberties,
especially those involving computers. One of the primary concerns of the
magazine's writers is freedom of speech, and Steve spoke about the
suspension of this right during the sixties, and warned that it may happen
again.
The guys from Phrack (Crimson Death and Dispater) then took the
podium and basically told the story of what had been going on with Phrack
over the last year or two. They explained the editorial conflict
surrounding Phrack 34, and gave everyone a short history of who had edited
Phrack when. Crimson Death and Dispater finally put to rest any controversy
concerning Phrack, and did an excellent job of clarifying the situation.
They also explained why Phrack has "sucked" as of late, blaming it on poor
submissions. Now that the editorship is once again on stable ground, we're
once again expecting big things from hacking's most famous electronic
publication.
Everyone's favorite ex-LODers, Chris (Erik Bloodaxe) and Scott (Doc
Holiday) were the next speakers. Now known as Comsec Data Security, and
trying to shake that evil hacker stigma, Scott and Chris have joined
corporate America as security consultants. The two explained that they
hadn't gotten an especially warm welcome from anyone already in the security
field, and that they had been blackballed by every trade organization.
Rather than taking advantage of the huge body of knowledge possessed by the
ex-hackers, established security experts and publications have chose to
ignore them due to their colored past. Furthermore, it seems that they have
also been spurned by much of the hacking community. Overall, the speech
provided an interesting look into the way the computer security field
operates, and was very reassuring to the hackers still on the other side of
the fence. Scott and Chris did report, however, that business was good.
They then shifted gears and reported on New York's MOD, perhaps the most
unpopular group in the history of hacking. First they reported on MOD's
activities in general, ie; the posting of personal information of other
hackers on IRC and Lutzifer, general harassment of many noted members of the
hacking community, and the destructions of private systems on various
networks. They then announced the best news of the day, five MOD members
(including Corrupt, Phiber Optik, and Outlaw) were raided on December 6.
After the Comsec guys finished their speech, Count Zero of RDT
presented a film, starring himself and the other RDT guys, exploring the
campus of MIT. The film included extensive footage of the steam tunnels
running under the campus, and a great shot of a physical plant employee.
After the MIT film, about a third of the attendees left, and the
conferees who remained saw the episode of "And Now It Can Be Told" about
hackers. Geraldo Rivera, along with just about everyone else on the show,
got a lot of boos and hisses from the crowd.
The conference then took about a four hour lull while everyone ate,
drank, and watched the pay-per-view channels for free (see Tid-Bytes for
more info). About 9 pm, Hunter and Rogue once again came through with the
liquor, and yet another night of revelry began. Everyone once again began
to indulge heavily in the alcohol, and most of the conferees staying in the
hotel found their way into the hallway, where a horrified couple was being
hustled from our wing. The couple, mistakenly assigned to the HohoCon wing
by the hotel staff, was quite amazed to find some 40 odd drunken and raucous
hackers partying in the hallways.
Just when things once again died down a bit, Hunter came through
once again, this time with a couple of strippers he picked up somewhere.
While the live performance put on by the strippers couldn't compare with
Necromantic, it was the main entertainment of the night. Eventually,
everyone ended up either going to bed or working on CDC File #200, and
HohoCon '91 was all but through.
Sunday the 29th
~~~~~~~~~~~~~~~
As always, there wasn't much going on Sunday, with most people
checking out and departing for home. Overall, it seems that HohoCon '91 was
a smashing success, and we're looking forward to next year.
Now... for the first annual...
:: Informatik HohoCon Awards ::
Least constructive use of time:
Crimson Death, for watching approximately six hours of pornos free of
charge on Saturday night.
Most disgusting drink:
Ronnie, who mixed rum, tequila, grenadine, blue Hawaiian mix, vodka, and
lime juice.
Hard-day's-night award:
M.C. Allah, for drinking all day, drinking most of the night, passing
out, and puking on his hotel room floor and Siegfried's foot.
Most distasteful video presentation:
Erik Bloodaxe, for showing the most vile porno known to man,
Necromantic.
Should have been drowned in the pool award:
Rou Tisten, the most annoying personality in the world and a voice to
match.
Hard Luck Award:
The whole crew from Memphis whose transmission went out in their truck.
I sure hope you made it home, guys.
I get paid for this? Award:
Wile E. Security Guard. For marching around our wing approximately
11,000 times and never saying ANYTHING about our raucous conduct.
Logistical genius Award:
The guy who put the Baptist-Revival-Worship-Meeting-Thing next to the
Con on Friday night.
:: Unofficial HohoCon '91 Guest List ::
Allanon Lord MacDuff
Amateur M.C. Allah
Analog Assassin Mack Hammer
Archangel Macross the Black
Battery Material Man
Beowulf Minor Threat
Black Night Misanthrope
Bryan O'Blivian Morpheus
Bundy Mustang
Cabbage Truck Nihilator
Chizz Omega
Circle Jerk Phaedrus
Colin Campbell Psionic Infiltrator
Count Zero Purple Hayes
Count Zero Rambo
Crimson Death Razorback
Cross Connect Rev. Scott Free
Cyndre The Grey Rogue Lord of the Swastika
Dark Piper Ronnie
Devereuax Rou Tisten
Dispater Search 'n Seizure
Doc Cypher Siegfried
Doc Holiday Snow Blind
Drunkfux Split
Elrond of Rivendell Spoink
Erik BloodAxe Sterling
Format C: Swamp Rat
Frosty Technysis
G.A. Ellsworth Terminator
Holistic Hacker Terry-Scientist of Confusion
Hunter The Brain
Informant The Butler
Jabba The Chairman
Joe Rockhead The Conflict
Johnny Rotten The Desert Fox
Judge Dredd The Master
Junk Master The Pope
Kable Borks The Prisinor
Knightlife White Knight
Loki Winter's Ice
Please note: This list was compiled mainly from a sign-in sheet passed
around at the conference on Saturday. If you missed being
on the list, we apologize.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>
*> <*
<* The HP3000's 'SECURITY/3000' System (part 1) *>
*> <*
<* by Sterling *>
*> <*
<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<
SECURITY/3000 is a third party security package for use on HP 3000 series
computers. It replaces several commands and bundles several utility programs
to monitor system security. In part 1, I will try to provide an overview of
the obstacles that the SECURITY/3000 package presents for any would be
intruders, and discuss the usages of the LOGON system.
SECURITY/3000 is popular because it attempts to shore up the security
weaknesses found in the basic HP MPE Operating System. In order to insure user
ID integrity, HP's logon security system uses passwords. However, these
passwords provide only an illusion of security because:
* There is only one password for each level (user, group, or
account) of security. Thus, knowledge of this password
guarantees that level of security is penetrable.
* On many HP3000 systems, several users log on with the same
USERNAME.ACCTNAME which means they share the same
passwords--this reduces security and provides no auditability.
* Many users treat passwords as a dispensable nuisance, and
therefore readily reveal their passwords to unauthorized
persons.
* Passwords are stored in the system in clear text. Thus, they
may be readily found in job streams, discarded LISTDIR
listings, or on :SYSDUMP tapes.
SECURITY/3000 provides several new features:
USER ID INTEGRITY
~~~~~~~~~~~~~~~~~
In addition to conventional MPE passwords, SECURITY/3000 can use a system of
personal profile passwords -- answers to personal questions such as "WHAT IS
YOUR MOTHER'S MAIDEN NAME?", "WHAT IS YOUR FIRST LOVE'S NAME?", etc. Instead
of asking the same question all the time, SECURITY/3000 asks a random one out
of a number of questions (up to 30, user-configurable). And, instead of
keeping the answers stored in clear text, it encrypts them using a special
one-way encryption system, through which the answers cannot be decrypted by
anybody (not even VESOFT). By this, DP personnel are relieved of problems
associated with having readable passwords on the system.
Thus, passwords are automatically given a psychological security significance;
knowledge of all personal passwords is required to be sure of being able to
access the system, even though the user is asked only one at logon time; and,
passwords are made impossible to determine. Even voluntary disclosure is made
difficult. (The default questions can be configured with custom ones, or
SECURITY/3000 can be configured to instead prompt for a single question rather
than a random personal question).
Furthermore, SECURITY/3000 can be configured to differentiate users by session
name by expanding the USER ID to include session name in addition to user and
account name. This feature permits a better account structure by allowing
"generic" users to be created with user names describing the users' function
and session names identifying the user (e.g. JOHN,ENTRY.PAYROLL and
MARY,CLERK.AP). Thereby, several users could be set up under a common user
name but with different session names, and each one would have unique personal
profile answers, time and day restrictions, menu files, etc. SECURITY/3000
can therefore enforce the use of correct session name by requiring that a user
logs on using the same session name which was configured when added to the
security system.
In addition, SECURITY/3000 permits the system manager to configure a user with
a wildcard ("@") representing the session name and/or user name and/or account
name, which allows authorization of an Account Manager to log on as any valid
user in his account, or the System Manager to log on as any valid user on the
system, or an ordinary user to log on to several different accounts, etc.
This permits greater flexibility while still maintaining a high level of
security and providing positive user identification.
SECURITY/3000 may be activated for the entire system, for selected accounts,
for only certain users, or for only those logons to certain LDEVs (terminals,
DIAL-UPs, DS lines, etc.).
TIME OF DAY, DAY OF WEEK, AND TERMINAL RESTRICTIONS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Most security violations will not occur on Tuesday afternoon at 2:30 in the
middle of the company's payroll department; they will most likely be done in
the dead of night on a weekend across a telephone line. If the payroll
clerks work only on weekdays from 9 to 5 on terminals 31, 32, 33, and 35, any
attempt to access the PAYROLL account at any other time from any other place
is inherently a security violation. HP's logon security system does not
protect against this, but SECURITY/3000 does!
LOGON MENUS VS ':'
~~~~~~~~~~~~~~~~~~
After a user has logged on successfully, it is often undesirable, for reasons
of security and/or user-friendliness, for the user to converse with MPE by
typing MPE commands. Rather, one would want a menu of allowed commands and
programs the user is permitted to access to be displayed on the terminal;
then, the user could choose one of them.
Of course, restricting users from MPE (so that they never get a ':') vastly
improves system security because users are prevented from attempting to breach
security using various "holes" existing in MPE (e.g. :FCOPYing a file
containing a password to the terminal, reading passwords in :RELEASEd job
streams [a hole that doesn't exist if the supplied STREAMX utility is
installed] or even doing :LISTFs in sensitive groups and accounts).
This approach is far more common than the often-used method of blocking out
MPE commands by setting up UDC's with the same name, (which can be
circumvented with little effort, such as executing the commands from within
EDITOR or FCOPY) because it is far easier to implement and maintain a system
which INCLUDES the things a user is allowed rather than EXCLUDES the things a
user is not allowed.
VIOLATION REPORTING
~~~~~~~~~~~~~~~~~~~
Unlike HP's logon security system, which reports security violations only to
the system console, SECURITY/3000 reports them to the system console (in
inverse video, to distinguish them from ordinary console messages), prints a
user-definable memo to the system line printer, and logs them to its own log
file for future reference (thus providing a permanent record for further
interrogation). This "three-alarm" system makes sure that attempted security
violations are acted upon, not ignored. [supposedly]
AUDIT TRAIL
~~~~~~~~~~~
Although an Account Manager ID should be able to add, change, or remove user
security within his own account, there must be some means provided to keep
track of his actions. Under HP's logon security system, an Account Manager
ID can be used to create a fictitious user ID, log on to the system under it,
and do something that he shouldn't be doing without being afraid of getting
caught. With SECURITY/3000, all user additions, changes, and deletions are
logged to the SECURITY log file, thus allowing an auditor or System Manager
to determine who created, altered, or removed a given user ID.
ENFORCING REGULAR PASSWORD CHANGES BY OBSOLETING MPE PASSWORDS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OBSOL, SECURITY/3000's MPE Password Obsolescence System, ensures that MPE
passwords are changed on a regular basis, which can be defined for each
password. Users are warned before a password will expire (configurable as to
the number of days) to get their password changed.
PERMITTING USERS TO CHANGE THEIR OWN MPE PASSWORDS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MPE's security makes changing user passwords quite difficult. Since only an
Account Manager can change a user password, changing passwords is actually
discouraged! A user will feel reluctant to take the time to get hold of his
Account Manager to have his password changed (even if he, the user, suspects
it has been compromised); an Account Manager is very likely to put off
changing passwords if it means changing them for all 100 users in his account.
The SECURITY/3000 package contains "PASCHG" a program that allows users to
change their own passwords (not other users' unfortunately); this poses no
security threat; in fact, it actually improves security by making it easier
for users to get their own password changed.
ELIMINATING PASSWORDS IN JOB STREAMS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The requirement of keeping passwords in clear text in job streams is a big
security flaw because anyone with READ access to the job stream can read the
passwords, and any listing of the job contains the password. More
importantly, since changing a password means having to change every single job
that contains it, these passwords are virtually guaranteed never to be
changed.
STREAMX eliminates the need to embed passwords, lockwords, and other sensitive
information in job streams, while adding additional flexibility to jobs by
permitting parameter passing.
DIAL-UP, TERMINAL AND DS SECURITY
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also desirable is the ability to put a password on a DIAL-UP line, DS line, or
terminal, regardless of the user trying to log on. That way, if a hacker
or "inside" violator attempted to log on to a DIAL-UP, he would have to know
the password for the DIAL-UP, which could be changed every day.
In addition, the high level of user authentication that the logon procedure in
SECURITY/3000 provides can be linked with the terminal and DIAL-UP security by
conditionally invoking the SECURITY/3000 logon security based on LDEV to which
a user is logging on.
This type of terminal security is provided by the TERMPASS utility.
AUTOMATIC LOGOFF OF INACTIVE USERS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Another threat to system security is a very common one: a user goes on a
break or to lunch without logging off. By this, a would-be thief could just
walk up to a terminal and use it--without even having to log on. There are
times when users forget to sign off even before going home for the day, (which
holds up system backups.
The LOGOFF utility allows automatic log off of terminals on which users have
been inactive for a given period of time.
Now that we have had a general overview of SECURITY/3000's many features, lets
take a much more detailed look into the logon security system.
WHAT HAPPENS AT LOGON TIME
~~~~~~~~~~~~~~~~~~~~~~~~~~
With the Logon Security System if SECURITY/3000 invoked, whenever a user logs
on (before he gets the ':' prompt and after he types in his MPE passwords [if
he has any]), SESSION, TIME, DAY, and TERMINAL restrictions which may have
been placed on the user are verified--if the user is not within the allowed
time and day limits or if he is attempting to log on from a terminal he is not
authorized to use, he is denied access to the system (i.e. logged off), an
inverse-video message describing the failed logon attempt is sent to the
console, a memo is printed off the line printer, and an entry is logged to the
SECURITY log file.
If the user, for some reason, replies incorrectly to the original question, he
is given as many more chances as are configured (two by default); he is asked
to reply to the SAME QUESTION additional times--if he does not give the
correct answer on any of these attempts, he is logged off and the violation
reporting described above is done. If, however, he replies correctly to any
of the question prompts, he is allowed on the system.
Here is an example of the logon conversation:
:HELLO JOHN,CLERK.PAYROLL
WHERE WAS YOUR FATHER BORN? << incorrect answer entered >>
Error: The answer given was INCORRECT
WHERE WAS YOUR FATHER BORN? << now a correct answer is entered >>
Welcome! You are now signed on.
END OF PROGRAM
: << you have signed on successfully, you are now in MPE >>
An Account or System Manager can set up a special LOGON MENU for some or all
users. If this has been done, a menu will roll up on the screen immediately
after the logon question is answered.
At this point, the user should enter the number of the selection that he
wishes to invoke, or 'E' to exit. If he enters a selection number, that
selection is invoked, and, when it is done, the menu is redisplayed. When the
user types 'E', he is logged off the system.
How to ADD users to the Logon Security System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Of course, before the system can ask users questions at logon time, it must
know the correct answers. So, the Account or System Manager must add each
user to the Logon Security System data base (ANSWER.DATA.SECURITY), specifying
the user name, account name, and session name (which comprise the "USER ID")
and time, day, and terminal restrictions, the menu file name (WHICH MUST HAVE
BEEN CREATED ALREADY) and then have the user input the answers to the personal
profile questions.
To enter users, log on as Account Manager (to add users under an account) or
System Manager (to add any user) and then
:RUN USER.PUB.SECURITY,ADD
Following are the items that this option prompts for:
(type '?' for help any time you don't know what to enter or how to enter it)
Enter user name:
Enter the MPE user name of the user to be added into the Logon Security
System. This user must exist in MPE already. Or you may enter an "@", which
means "any user" (or hit <return> to exit).
Enter account name:
You are asked this only if you are the System Manager; if you are an Account
Manager, this will default to your account name. You may enter an "@" which
means any account (or hit <return> to exit).
Enter session name:
The system permits securing users by session name as well as user name and
account name. Enter the session name which the user should use at logon or
hit <return> if the user will not use a session name, or enter an "@" if the
user may log on with different session names.
NOTE: This feature may be used to create a better account structure --
instead of creating MPE users by first name (JOHN, MARY, etc.) the
Account Manager can create "generic" user names based on the functions
existing within a department (CLERK, SUPER, MANAGER, etc.). When
several people share the same function, the Logon Security System will
differentiate them by session name which can be the person's first name.
Example of such logons are :HELLO MARY,MANAGER.PAYROLL and :HELLO
JOHN,CLERK.PAYROLL. The session name may be retrieved by your
application programs and then carried through your application system
along with the transaction record.
Enter user's real name:
This is the real name of the user (for instance, JOHN Q. DOE). This
information is used on the printed security violation memo and some log file
entries.
Enter the permitted terminal numbers:
Enter up to 30 logical device numbers on which the user is to be permitted to
log on, separated by commas (for instance, '220,55,73'). Hit <return> to
permit access by the user on all terminals. (See the "REMOTE" section of this
manual for details about putting a password on a dial-up, DS line, or other
terminal, regardless of where the user is logging on to.)
Enter the day-of-week access restrictions:
To permit the user to log on only on certain days of the week, enter a day of
the week (e.g. 'WEDNESDAY' means the user can log on only on Wednesdays) or
two days of the week separated by a '-' (e.g. 'MON-FRI' means the user can log
on only on Monday through Friday). Days may be spelled out or abbreviated to
3 characters. Hit <return> to permit access on all days.
Abbreviations allowed: 'SUN', 'MON', 'TUE', 'WED', 'THU', 'FRI', 'SAT'
Enter the time-of-day access restrictions:
To allow the user to log on only at certain times of the day, enter the
starting hour followed by a '-' followed by the ending hour (e.g. '9-17' means
that the user can sign on from 9 am to 5 pm). Hit <return> to permit access
at any time of day.
Enter the menu filename:
If you wish to set up a logon menu for this user, enter the name of the menu
file. THE MENU FILE MUST HAVE ALREADY BEEN CREATED (see "LOGON MENUS FOR
SECURITY AND CONVENIENCE" in this manual for details on how to set up a menu).
If you wish the user to instead be allowed to access MPE directly, just hit
<return>.
If you did not create the menu file already, hit <return> (for none), continue
entering the user info, and add the menu file later (see "How to CHANGE users
in the Logon Security System" later in this file).
Should the user be asked personal profile questions (Y/N)?
If you want the user to be asked a personal profile question at logon, type
'Y'. If you do not want a personal profile question to be asked (but still
have all other access restrictions apply), type 'N'.
The user is then added to the Logon Security System, a message is printed
acknowledging the addition of the user, and you are prompted for another user
(hit <return> to exit). Note that all successful user additions are logged to
the SECURITY log file.
NOTE: The ADD option requires Account/System Manager capability!
Following is an example of this option:
:RUN USER.PUB.SECURITY,ADD
SECURITY/ADD Version 0.5 (VESOFT (C) 1981) For help type '?'
Enter user name: CLERK
Enter account name: PAYROLL
Enter session name: JOHN
Enter user's real name: JOHN Q. DOE
Enter permitted terminal numbers: 34,35,36,37,50,52,53,54
Enter day of week access restrictions: MON-FRI
Enter time of day access restrictions: << <return> hit >>
Enter menu filename: CLERK.MENU.PAYROLL
Should the user be asked personal profile questions (Y/N)? Y
WHAT IS YOUR MOTHER'S MAIDEN NAME? << user answers, no echo >>
WHAT ELEMENTARY SCHOOL DID YOU GO TO? << user answers, no echo >>
WHERE WAS YOUR FATHER BORN? << user answers, no echo >>
WHAT IS YOUR FIRST LOVE'S NAME? << user answers, no echo >>
*** User has been added ***
Enter user name: << <return> hit to exit >>
Note that all successful user ADDs are logged to the SECURITY log file.
ANOTHER NOTE: Before starting the ADD option you may wish to get HELP.
To do so say
:FILE CICAT.PUB.SYS=USER.HELP.SECURITY
:HELP
IMPORTANT: Before this user attempts to log on, the Logon
Security System must be activated--see "ACTIVATING THE LOGON SECURITY
SYSTEM" later in this file.
How to CHANGE users in the Logon Security System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It may occur that an incorrect response was given to the ADD-time
configuration and personal profile questions or you may want to permit a user
to change his answers to the personal profile questions (which is all he is
permitted to do in this option); so to make changes to existing user profiles:
:RUN USER.PUB.SECURITY,CHANGE
The CHANGE option prompts you for: (type '?' for help at any prompt)
Enter user name:
Enter the user name of the user to be changed. If you are not an Account or
System Manager, this defaults to the logon user, (or hit <return> to exit).
Enter account name:
Enter the account of the user ID to be changed. If you are not System
Manager, this defaults to the logon account, (or hit <return> to exit).
Enter session name:
Enter the session name entered at user ADD time. If none was entered, hit
<return>.
This option now displays a menu of items corresponding to the configuration
and personal profile questions, and you are prompted for the item to be
changed. After you change an item, it continues to prompt you until you hit
<return>. (If the menu rolls off the screen, type 'R' to redisplay it.) An
Account or System Manager can change anything; an ordinary user can change
only his answers to the personal profile questions.
Following is an example of the CHANGE option:
:RUN USER.PUB.SECURITY,CHANGE
SECURITY/CHANGE Version 0.5 (VESOFT (C) 1981) For help type '?'
Enter user name: CLERK
Enter account name: PAYROLL
Enter session name: JOHN
R: Redisplay this menu
U: User info (user, account, session)
N: User's real name
T: Permitted terminal numbers
D: Day-of-week access restrictions
H: Time-of-day access restrictions
M: Menu file name
A: Ask personal profile questions?
1: WHAT IS YOUR MOTHER'S MAIDEN NAME:
2: WHERE WAS YOUR FATHER BORN:
3: WHAT ELEMENTARY SCHOOL DID YOU GO TO:
4: WHAT IS YOUR FIRST LOVE'S NAME:
Enter item number to change: M << change menu file name >>
Menu file name is now: PAYCLERK.MENU.PAYROLL
Enter NEW menu file name: PAYSUPER.MENU.PAYROLL
Enter item number to change: << <return> hit to exit >>
*** User has been changed ***
Enter user name: << <return> hit to exit >>
Note that all successful user CHANGEs are logged to the SECURITY log file.
How to COPY users in the Logon Security System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On some systems a certain user (System Manager, for example) may be required
to access more than one account and therefore may log on with more than one
user ID. This is where the copy option will save you time because it allows
an Account or System Manager to copy a given user's security configuration and
personal profile answers to a new user in the data base. An Account Manager
can copy only users within his account, whereas the System Manager can copy
users anywhere on the system. To enter copy mode, execute a:
:RUN USER.PUB.SECURITY,COPY
Following are the items that this option will ask for
(type '?' for help at any prompt)
Enter original user name:
The user name of the user to be copied. This user must exist in the data base
already, (or hit <return> to exit).
Enter original account name:
The account of the user to be copied.
If you are not System Manager, this defaults to the logon account.
(Hit <return> to exit.)
Enter original session name:
The session name with which the user is configured in the user data base (the
session name that was specified at ADD time). If no session name was
specified, hit <return>.
Enter new user name:
The user name to which the original user's security parameters (configuration
and personal profile answers) should be copied. This user must exist in MPE
already, (or hit <return> to exit).
Enter new account name:
The account to which the original user's security parameters should be copied.
This account must exist in MPE already. If you are not System Manager,
defaults to the logon account, (or hit <return> to exit).
Enter new session name:
The session name which the user should use at logon, or hit <return> if the
user will not use a session name.
Following is an example of the copy option:
:RUN USER.PUB.SECURITY,COPY
SECURITY/COPY Version 0.5 (VESOFT (C) 1981) For help type '?'
Enter original user ID
Enter user name: CLERK
Enter account name: PAYROLL
Enter session name: JOHN
Enter new user ID
Enter user name: CLERK
Enter account name: ORDER
Enter session name: JOHN
*** User information has been copied ***
Enter original user ID
Enter user name: << <return> hit to exit >>
Note that all successful user COPYs are logged to the SECURITY log file.
How to DELETE users from the Logon Security System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you delete users from MPE, you should delete them from the Logon Security
System as well. Users must exist in MPE in order to be deleted from the Logon
Security System, so if you wish to delete a user from both, you should delete
him from the Logon Security System by using this option BEFORE doing a
:PURGEUSER. To do this:
:RUN USER.PUB.SECURITY,DELETE
This option prompts you for (type '?' for help at any prompt)
Enter user name:
The user name of the user to be deleted, (or hit <return> to exit).
Enter account name:
The account of the user to be deleted. If you are an Account Manager and not
the System Manager, this will default to the logon account, ( or hit <return>
to exit).
Enter session name:
The session name specified at user ADD time.
If none was specified, hit <return>.
NOTE: This option requires Account/System Manager capability!
Following is an example of the DELETE option:
:RUN USER.PUB.SECURITY,DELETE
SECURITY/DELETE Version 0.5 (VESOFT (C) 1981) For help type '?'
Enter user name: CLERK
Enter account name: PAYROLL
Enter session name: JOHN
*** User has been deleted ***
Enter user name: << <return> hit to exit >>
Note that all successful user DELETEs are logged to the SECURITY log file.
How to SET UP users who use MULTIPLE LOGON IDs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Users are normally defined in the Logon Security System with the specific
session name, user name, and account name (user ID) with which they log on.
In some environments, a user may be authorized to use more than one user ID to
log on, depending on the function he is performing. For example, a user who
uses the Payroll, Accounts Payable, and General Ledger systems may log on with
three user IDs, i.e. JOHN,CLERK.PAYROLL, JOHN,CLERK.AP and JOHN,CLERK.GL. For
this, the COPY option of the USER.PUB.SECURITY program is useful because one
user may be set up with the proper security parameters and the information may
be COPYd to the other two user IDs.
It is also possible that an Account Manager will want to be allowed to log on
as any user in his account; or the System Manager will want to log on as any
user on the system. The Logon Security System permits you to set up a user
who is authorized to log on using many different user IDs by specifying "@"
as the session name and/or user name and/or account name.
For example, if you wanted to set up the System Manager, Mike, so that he
could log on as any user on the system, you could create a user called
MIKE,@.@
by responding to the prompts of the ADD option as follows:
Enter user name: @
Enter account: @
Enter session name: MIKE
If you wanted to set up the Account Manager of the PAYROLL account, Jane, so
that she could log on as any user in her account, you would create a user
called JANE,@.PAYROLL by responding to the ADD prompts as follows:
Enter user name: @
Enter account: PAYROLL
Enter session name: JANE
Jane would be allowed to log on using any valid user name in the account, and
the same personal profile and security restrictions would be used.
ACTIVATING THE LOGON SECURITY SYSTEM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Logon Security System may be imposed on the entire system, for selected
accounts, for only certain users, or for only logons to certain LDEVs
(terminals, dial-up lines, DS lines, etc.).
To activate the Logon Security System for selected accounts or users, the
Account or System Manager must set up an "OPTION LOGON" UDC that will invoke
the USER.PUB.SECURITY program. The UDC is stored in the file
SECURUDC.PUB.SECURITY
SECURUDC
OPTION LOGON, NOBREAK
comment
comment *******************************************
comment JCW is set 1717 by TERMPASS when $SECURITY
comment keyword is specified for the logon port.
comment Please see the TERMPASS.DOC.SECURITY.
comment *******************************************
comment
IF JCW<>1717 THEN
SETJCW SECURITYANSWER=0
CONTINUE
RUN USER.PUB.SECURITY,LOGON
IF SECURITYANSWER = 1 THEN
BYE
ENDIF
ENDIF
Because the Logon Security System is activated by a UDC, you can limit the
system's scope by setting the UDC at the level (either user, account, or
system) where it is appropriate. So to invoke the Logon Security System for
the logon account, the Account Manager can do the following:
WARNING: DO NOT PERFORM THE FOLLOWING UNLESS YOU HAVE AUTHORIZED
YOURSELF AS A USER (see "How to ADD users to the Logon
Security System" in this section). OTHERWISE, YOU MAY LOCK
UP YOUR ACCOUNT!
:SETCATALOG SECURUDC.PUB.SECURITY;ACCOUNT
(In spite of this warning, if you DID lock up your account, log on to some
other account, create the following file in your editor:
!JOB MGR/password.ACCOUNT/password << the locked-up account >>
!SETCATALOG;ACCOUNT
!EOJ
and :STREAM it.)
Once the SECURUDC is set, whenever a user who is affected by this UDC tries to
sign on, the Logon Security System is invoked and the time, day, and terminal
restrictions, etc., will be applied.
If the account or a user in the account has a logon UDC, that UDC should be
changed to do as its first command the execution of SECURUDC; e.g. if you
want to have a logon UDC that does a SHOWJOB, use the following UDC:
LOGONUDC
OPTION LOGON, NOBREAK
SECURUDC
SHOWJOB
***
Note that the UDC SECURUDC must have also been set for the user or account in
question, e.g.
:SETCATALOG MYUDC, SECURUDC.PUB.SECURITY
It is also recommended that you
:ALLOCATE USER.PUB.SECURITY
to speed things up when logging on, and also so that it will function during
backups.
LOGON MENUS FOR SECURITY
~~~~~~~~~~~~~~~~~~~~~~~~
Of course, by restricting users from MPE (so that they never get a ':') you
are vastly improving security on your system because users are prevented from
attempting to breach security using various "holes" existing in MPE
(e.g. :FCOPYing a file containing a password to the terminal, :SHOWCATALOGs,
or even doing :LISTFs in sensitive groups and accounts).
SECURITY/3000's menu subsystem implements this kind of closed system where you
specify what the user is allowed to do.
If you, the Account or System Manager, want to limit a user's access via a
menu, you must first build a file (the "menu file") in your editor describing
the menu (the user must have READ access to it).
A menu file consists of:
*HEADER Optionally, any number of '*HEADER' lines, which contain
text to be printed when the menu is invoked. A common use
for this is to print some form of menu identification, e.g.
*HEADER ****************************
*HEADER MAIN ACCOUNTS PAYABLE MENU
*HEADER ****************************
You may also put escape sequences to control the display
on a *HEADER line (e.g. <escape-H> <escape-J> to home the
cursor and clear the screen before displaying the menu).
*CAPTION Up to 24 selection descriptors. Each section descriptor
consists of one
'*CAPTION' line followed by a number of body lines.
The '*CAPTION' line defines what this selection should be
identified as on the menu, e.g.
*CAPTION INVOICE ADDITION
The body lines contain the commands to be executed when
the selection is chosen. A body line can be:
MPE Any MPE command or commands, including :RUN,
command :IF, :ELSE, and :ENDIF, e.g.
FILE D=DATA.PUB.AP
RUN INVADD.PUB.AP
LISTF XYZ.PUB;$NULL
IF CIERROR = 907 THEN
RUN UPDATE.PUB;PARM=1
ELSE
DISPLAY Update system in use
ENDIF
DISPLAY which causes the specified string to be
displayed to the terminal, e.g.
DISPLAY This system inoperative until Friday
DISPLAY Contact Joe Martin at ext. 283
VEMENU which invokes VEMENU with the specified menu file.
This permits "nested menus", e.g.
VEMENU NEWORDER.ENTRY.PURCH << menu file >>
USE which executes commands from the specified file,
e.g.
USE ENTRY.PROC.GL << file containing set of
file equations and
commands for entry of
GL information >>
EXIT which exits VEMENU and logs the user off the system.
Thus, a simple menu file may be created as follows:
:EDITOR
/ADD
1 *HEADER *************************************
2 *HEADER ACCOUNTS PAYABLE SYSTEM
3 *HEADER CHOOSE ONE OF THE FOLLOWING:
4 *HEADER *************************************
5 *HEADER
6 *CAPTION VENDOR MAINTENANCE
7 FILE APDB=APDB.DATABASE.AP
8 RUN AP010
9 *CAPTION INVOICE MAINTENANCE
10 FILE APDB=APDB.DATABASE.AP
11 RUN AP020
12 *CAPTION CHECK PRINTING
13 FILE STRMFILE=CHKPRINT.JOB.AP << job stream
14 RUN STREAMX.PUB.SECURITY;PARM=1 << which asks
15 *CAPTION ARCHIVE << for starting check # >>
16 DISPLAY Sorry, archive system not yet ready
17 DISPLAY -- see system management
18 *CAPTION GO TO ACCOUNTS RECEIVABLE MENU
19 VEMENU ARMENU.PUB.AR
/KEEP MAINMENU.PUB.PAYROLL
/EXIT
Then, add the user to the Logon Security System, entering the name of the menu
file when prompted for it; if the user has already been set up in the Logon
Security System, use the CHANGE option to change his menu file name to the
menu file he is to use. If you decide that a user should go directly into MPE
when he logs on instead of using a menu, just hit <return> when prompted for
the name of the menu file.
Whenever a user who is configured in the Logon Security System with a menu
file logs on, the menu contained in that file is displayed and he is asked to
choose a selection or hit 'E' to exit. When a selection is chosen, the
commands specified in the selection body are executed.
When that menu option has completed, the user is returned to the menu and
asked to choose another selection. This continues until either the user
enters 'E' or a selection chosen by the user executes an 'EXIT' command. When
the user exits the menu, he is automatically logged off. AT NO TIME IS THE
USER EVER LET INTO MPE!
Of course, different users can have different menu files. For instance, if
you have an Accounts Payable system--in which you have clerks who can add and
delete invoices; supervisors who can add and delete vendors as well as
invoices; and a manager who can add and delete vendors, add and delete
invoices, and print checks--you can have one menu file for clerks, another
menu file for supervisors, and a third for the manager. (Remember that if
several users share the same function, you can have them all use a common user
name and differentiate them by their session)
ATTEMPTED SECURITY VIOLATION LOGGING
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When an attempted violation occurs, the Logon Security System makes it
possible to catch the violator "in the act" by immediately providing the
necessary information about the attempted security breach.
If a violation attempt occurs--meaning a user has responded incorrectly to a
logon question or has attempted to log on at an unauthorized time, on an
unauthorized day, or from an unauthorized terminal--the Logon Security System
will immediately:
* Send a descriptive message to the system console, in inverse
video, to distinguish it from other console messages
* Print a violation memo off the system line printer (device class
LP) or a designated printer (see "SETTING ATTEMPTED SECURITY
VIOLATION MEMO ROUTING PARAMETERS" in this section).
* Log an entry to the SECURITY log file.
LOG.DATA.SECURITY
This file is initially built as a 5,000-record circular file,
so if the file fills up, new entries will be appended while
the oldest entries are dropped.
This provides sufficient information for the System Manager to immediately
respond to the attempted security breach. The System Manager may also "hang"
the terminal at this point (while someone is waiting to be logged on) for a
while to give himself more time to respond, or to disable that device so that
additional logon attempts are disallowed.
How to LIST the security LOG FILE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Information about all changes to user status (add, change, delete) and all
violation attempts are logged to the SECURITY/3000 log file with pertinent
information about the time and date of the action, terminal on which the
action took place, and the user who performed the action (including session
name). SECURITY/3000 may be configured to log all successful logons,
providing an excellent audit trail of system access.
The following violation messages are logged:
BAD USER Logon attempted by unauthorized user
BAD RESPONSE Question was answered incorrectly
BAD DAY Logon attempted on unauthorized day
BAD TIME Logon attempted at unauthorized time
BAD TERMINAL Logon attempted on unauthorized terminal
INVALID TERMINAL PASSWORD Invalid terminal password was entered
(see the "REMOTE" section of this
manual for details).
and the following update messages are logged:
Add Addition of a user to the Logon Security System
Change Change made to a user in the Logon Security System
Copy Security profile copies from one user to another
Delete User deleted from Logon Security System
and the following successful logon messages are optionally logged:
'SUCCESSFUL LOGON' Valid logon through LOGON SECURITY
'SUCCESSFUL TERMINAL LOGON' Valid logon through the TERMPASS
This file can be later listed to the terminal or line printer, and can be
cleared after review. An Account Manager can list messages in his account,
and the System Manager can list the entire file; (only the System Manager can
clear the file.) An ordinary user is not permitted to use this option.
:RUN USER.PUB.SECURITY,LISTLOG
When you run this option, you are prompted for whether the listing is to go to
the line printer (reply 'L') or to the terminal (reply 'T'). If the line
printer is selected, the log file is dumped (in a readable format) to the line
printer (device class LP). If the terminal is selected, the same printout is
generated except that users' real names are not printed.
To redirect the listing from the default (DEV=LP) to some other device or a
disc file, issue a file equation for SECLIST, e.g.
:FILE SECLIST=MYLOGLST;ACC=OUT;DEV=DISC;NOCCTL;REC=,,,ASCII;SAVE
Following is an example of the use of this option:
:RUN USER.PUB.SECURITY,LISTLOG
SECURITY/LISTLOG Version 0.5 (VESOFT (C) 1981) For help type '?'
Listing to (L)ine printer or (T)erminal: T
Type : Date Time Dev Logon Target user/
Violatn type
Add :20JUL85 5:17PM 33 DON,MANAGER.PAYROLL ENTRY.PAYROL
Violat:21JUL85 9:23AM 117 READER,LABOR.PAYROLL BAD USER
Violat:21JUL85 9:23AM 117 SALLY,ENTRY.PAYROLL BAD RESPONSE
Change:21JUL85 10:17AM 25 BILL,MANAGER.SYS ENTRY.PAYROL
Violat:24JUL85 2:33PM 117 R1,ENTRY.PAYROL BAD DAY
Violat:26JUL85 1:54PM 103 R1,ENTRY.PAYROL BAD TERMINAL
Logon :26JUL85 2:00PM 25 ENTRY.PAYROL SUCCESSFUL LOGON
*** Log file has been printed ***
How to CLEAR the security LOG FILE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Of course you may have good reason to clear the SECURITY log so:
:RUN USER.PUB.SECURITY,CLEARLOG
to clear the log file.
This option will not prompt you for any input.
NOTE: This option can be used by the System Manager only.
A sample run of this option follows:
:RUN USER.PUB.SECURITY,CLEARLOG
SECURITY/CLEARLOG Version 0.5 (VESOFT (C) 1981) For help type '?'
*** Log file has been cleared ***
CONFIGURING SECURITY/3000
~~~~~~~~~~~~~~~~~~~~~~~~~
Several configuration options (described below) may be specified in the
security configuration file,
SECURMGR.PUB.SECURITY
This file is created at installation time with default values, which may be
modified as described in the options below.
DISALLOWING CONCURRENT SESSIONS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As you may know, MPE allows several users with an identical user/account name
(e.g. USER.PAYROLL) to be logged on simultaneously. A user is therefore
permitted to be logged on to more than one terminal and have more than one
session running concurrently, which may be undesirable.
As one of our users pointed out, "No individual could fully control the
activity on two terminals at a time and hence while on one terminal,
unauthorized use could be made of the other."
The Logon Security System may be configured to disallow more than one session
with a given user ID to be logged on concurrently. Remember that we consider
session name to be part of the user ID, so JOE,USER.GL and MARY,USER.GL are
recognized as being different, even though the MPE user name is the same.
With concurrent sessions disallowed, if someone attempts to log on with a user
ID exactly the same as a user who is already logged on, he is not let on the
system. Furthermore, a message is sent to the already-logged-on terminal to
let that user know that someone is attempting a secondary logon.
To disallow concurrent sessions, add the following line to the SECURMGR file:
CONCURRENT-SESSION=NO
Of course we would rather allow concurrent sesseons, so change it to:
CONCURRENT-SESSION=YES
By default, concurrent sessions are permitted.
ELIMINATING SESSION NAME CHECK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SECURITY/3000 differentiates users by session name by expanding the user ID to
include session name in addition to user and account name. This feature
permits a better account structure by allowing "generic" users to be created
with user names describing the users' function and session names identifying
the individual user (e.g. JOHN,ENTRY.PAYROLL and MARY,CLERK.AP). Thereby,
several users could be set up under a common user name but with different
session names, and each one would have unique personal profile answers, time
and day restrictions, menu files, etc.
SECURITY/3000 therefore enforces the use of correct session name by requiring
that a user log on using the same session name with which he was configured
when added to the security system. If he was configured with a session name
of JOHN, for example, and tries to log on using no session name or a different
session name, he will not be recognized as an authorized user and therefore
will not be let on the system.
For those who do not wish to enforce session name or set up "generic" users
and would rather use MPE's approach of optional session name, it is possible
to instruct the Logon Security System to ignore the session name at logon by
adding the following to the SECURMGR file:
SESSION-NAME=OFF
However, if you choose not to enforce session name, all users must have been
set up in the Logon Security System with the session name the same as the user
name or with a session name of '@'. For example, if you are adding a user who
should log on as JOHN.PAYROLL, he must be set up at ADD time with a user name
of 'JOHN', an account name of 'PAYROLL' and a session name of 'JOHN' or '@'.
When he logs on, however, he should not use the session name but rather just
JOHN.PAYROLL.
(When SESSION-NAME=OFF, the SECURITY data base is checked for an authorized
user with a session name which is the same as the user name.)
By default, session name is a valid part of the user ID.
DISABLING A TERMINAL ON WHICH AN ATTEMPTED VIOLATION HAS OCCURED
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If a user is unsuccessful in logging on (either by not responding properly to
personal profile question, attempting to log on at an unauthorized time or
day, etc.), it is often desirable to "hang" that user's terminal so that he is
unable to attempt further logons.
To do this, determine the time in seconds for which you would like the
terminal hung and then add a line to the SECURMGR file in the format:
PAUSE=numseconds
where 'numseconds' is the number of seconds for which the terminal will be
hung. Then, when a user has an unsuccessful logon attempt, he will be hung
for the amount of time specified.
By default, 'numseconds'=0, which means that the user will not be hung at all.
SPECIFYING NUMBER OF ATTEMPTS TO ANSWER QUESTION AT LOGON
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You may specify the number of attempts users are allowed to answer the
question at logon by adding a line to the SECURMGR file in the format:
TIMES=attempts
where 'attempts' is the number of times the question will be asked.
By default, 'attempts'=2.
LOGGING SUCCESSFUL LOGONS
~~~~~~~~~~~~~~~~~~~~~~~~~
You may wish to know who is logging on through the dial-up line, or whether a
particular logon is being utilized. For how to log successful logons which
come through your dial-in lines or are specific to a port.
You may enable SECURITY/3000 to log successful logons which pass through the
USER program by adding a line to the SECURMGR.PUB.SECURITY file in the format:
LOG-LOGON=ON
This keyword will be seen by the LOGON security program and cause all
successful logons to be written to the LOG.DATA.SECURITY file for later
review. No other configuration is required and this keyword may be added or
removed at any time. When the log file is reviewed later the message:
SUCCESSFUL LOGON
will be displayed.
SETTING ATTEMPTED SECURITY VIOLATION MEMO ROUTING PARAMETERS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The security violation memo which is generated when a violation attempt has
occurred is a useful tool for immediately taking corrective action.
You may change the memo parameters--device to which the memo is routed, outpri
of the memo, and number of copies to generate--by adding a line to the
SECURMGR file in the format:
DEV=device,outpri,copies
where
'device' is the device to which the memo is routed.
'outpri' is the output priority with which the memo will be
generated.
'copies' is the number of copies of the memo wh
ich will be printed.
Therefore, if you want the memo routed to a special printer in the DP
Auditor's office where someone will be able to take immediate investigative
action, declare this on the 'device' parm. If you want to give the memo top
priority to ensure that it is printed right away, specify an outpri of 13; if
you want to defer printing the memo, specify an outpri of 1, which will cause
the memo to remain in the spooler for later printing or purging.
If you do not declare a 'DEV=' line in the SECURMGR file, the memo will be
created with default attributes (dev=LP, outpri=8, copies=1).
If you do not want the security violation memo at all (but will still have the
attempted violation console message and log file entry), do not declare a
'DEV=' line in the SECURMGR file, and add this file equation:
:FILE SECLIST=$NULL
to SECURUDC (the UDC which invokes the Logon Security System before the
command which :RUNs USER.PUB.SECURITY.)
HOW SECURITY VIOLATIONS ARE REPORTED
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Whenever an attempted violation occurs, a security memo is printed to the line
printer; the default format of it is:
TO: SYSTEM MANAGER
FROM: SECURITY/3000
RE: SECURITY VIOLATION
WE WOULD LIKE TO CALL TO YOUR ATTENTION THE FACT THAT THERE WAS A
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvv VIOLATION BY:
USER: uuuuuuuu
ACCOUNT: aaaaaaaa
GROUP: gggggggg
SESSION NAME: ssssssss
USER NAME: nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
LOGICAL DEVICE: lll
ON wwwwwwwwwwwwwwwwwwwwwwwwwww
PLEASE INVESTIGATE.
where
'uuuuuuuu' represents the user name
'aaaaaaaa' represents the account name
'gggggggg' represents the group name
'ssssssss' represents the session name
'lll' represents the logical device number
'nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn' represents the user's real name
'wwwwwwwwwwwwwwwwwwwwwwwwwww' represents the time and date when
the violation (attempt!) occurred
'vvvvvvvvvvvvvvvvvvvvvvvvvvv' represents the type of violation
(BAD USER, BAD DAY, BAD TIME,
BAD TERMINAL, or BAD RESPONSE).
By using the above abbreviations ('uuuuuuuu', 'aaaaaaaa', etc.),
you can modify the memo format as you please. The format is stored in
MEMOFORM.DATA.SECURITY
NOTE: If you have :HEADON on your LP, the header on the memo will
indicate the user name (in this case, the violator!) on it, and
the operator may deliver this memo to the violator!
HOW THE QUESTIONS FILE IS MAINTAINED
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The personal profile questions that are asked at logon time of all users in
the system are not fixed by SECURITY/3000; they can be set up with custom
questions--up to 30 of them (remember, only ONE of the questions, at random,
will be asked at logon time). The questions are stored in the editor-format
file called
QUESTION.DATA.SECURITY
When SECURITY/3000 is installed from VESOFT, there are already some sample
questions in this file, so it may not be changed at all.
So, if you want to add a question to the file, just do the following:
:EDITOR
/TEXT QUESTION.DATA.SECURITY
/ADD
6 HOW LONG DID YOU LIVE IN THE PLACE WHERE YOU WERE BORN?
7 //
/KEEP
/EXIT
If you must delete a question from the file, do:
:EDITOR
/TEXT QUESTION.DATA.SECURITY
/REPLACE 6
6 HOW LONG DID YOU LIVE IN THE PLACE WHERE YOU WERE BORN?
6 DELETED << you type >>
/KEEP
/EXIT
Again, NEVER execute an actual DELETE command!
You may want to have only ONE question in the file--this question will be the
only one asked at logon time. Therefore, if you would like to use an MPE-like
password rather than personal profile questions, you can have the one question
in the file be
Enter USER password:
which looks just like
MPE's password prompt; but don't forget that the passwords in SECURITY/3000's
Logon Security System, unlike MPE passwords, are stored in one-way encrypted
format.
If the QUESTION file is empty (zero records, not just only 'DELETED' records),
no questions will be asked at logon time; this is useful in case you do not
want SECURITY/3000's personal profile questions, but only its other features.
Remember that you can impose the questions on only selected users by answering
'N' to the "Should the user be asked personal profile questions?" prompt when
you ADD the user.
NOTE: The maximum number of questions is 30.
ACCESSING THE USER PROFILE DATA BASE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Information about all the users you have authorized in the Logon Security
System (i.e. answers, permitted terminal numbers, permitted times of day/days
of week, real user names, etc.) is stored in the IMAGE data base
ANSWER.DATA.SECURITY
To write reports against this data base (e.g. show the user names and the
permitted days of week for all users, sorted by user ID), merely access this
data base with QUERY or any of your programs. Of course, the personal profile
answers are one-way encrypted, and therefore cannot be determined.
Note that you can open the data base through QUERY in READ mode only! Also,
as an added security feature, you may change the data base password (as
follows) and SECURITY/3000 will still be able to (magically!) access the data
base:
:HELLO MANAGER.SECURITY,DATA
:RUN DBUTIL.PUB.SYS
>>SET ANSWER PASSWORD 1=password
>>EXIT
CONCLUSION: PART 1
~~~~~~~~~~~~~~~~~~~
That's it for the particulars on how the LOGON portion of SECURITY/3000
works. In Part 2, I will discuss various utilities and security logs
associated with SECURITY/3000.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/\ /\
/ \ / \
/ / \
/ Inside NORAD \ /\
/\ / \ / \
/ \ by: Anonymous / \
/ \ \
_ _ /_ _ _ _ _ _ \_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _\_ _
Note: The information below was compiled through research and personal
interviews with Air Force personnel who were stationed at NORAD
Headquarters. The officers that we talked wished for their names to
be withheld.
Aerospace Defense Structure
~~~~~~~~~~~~~~~~~~~~~~~~~~~
The military defense of North America is a joint effort of the United
States and Canada. All forces directly assigned to aerospace defense by the
two nations are organized as the North American Air Defense Command (NORAD).
The major elements of NORAD are the Canadian Forces Air Defence Command
(CFADC), the U.S. Air Force's Air Defense Command (USAD ADC), and the U.S.
Army's Air Defense Command (ARADCOM). Headquarters of NORAD, USAF ADC, and
ARADCOM are in Colorado Springs, Colorado. While the CFADC headquarters are in
St. Hubert, Quebec.
The primary jobs of NORAD is to serve as an early warning system in the
event of nuclear attack. NORAD is primarily concerned with the detection,
identification, and tracking of hostile bombers, ballistic missiles, and space
vehicles.
Defense Against Manned Bombers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Defense against manned bombers includes ground-based and airborne radars
to warn of the approach of hostile aircraft; supersonic fighter-interceptor
aircraft capable of operating in any type of weather, and surface-to-air
interceptor missiles. Detection and tracking of bombers is accomplished by
ground-based radars located along the Arctic Circle from the Aleutians to
Greenland and, in greater concentrations, in southern Canada and the United
States. Radar equipped aircraft on continuous patrol off the Atlantic and
Pacific coasts extend surveillance seaward.
Any aircraft detected must of course be identified. Flights penetrating
designated Air Defense Identification Zones (ADIZ) must be identified by
correlating their flight plans submitted in advance with the precise position
of the aircraft or, when this fails, through visual identification by
interceptor aircraft. The simplest method of identification is to interrogate
an electronic coding device, called Identification Friend of For (IFF), located
in the aircraft, which replies to the interrogation with a known password. If
the airborne object is hostile, it will be destroyed by fighter-interceptor jet
aircraft using nuclear or conventional armament or by unmanned surface-to-air
missiles such as BOMARC or NIKE.
Integration of the defense systems against the manned bomber is
accomplished by the electronic supersystem called Semi-Automatic Ground
Environment (SAGE). In SAGE, computers receive and store data, solve problems,
and display solutions to the detection station display screens. This allows
air defense commanders to follow the battle situation and direct appropriate
defense weapons.
If interceptors or missiles are launched or committed against the target,
the computer, with operator assistance, transmits information to and guides
them to the hostile object. Interceptors are equipped with an automatic pilot,
which can ge guided from the ground by means of data link. In the event the
SAGE system should become inoperative, its functions would be taken over by
BUIC, the Back-up Interceptor Control system, with widely dispersed automated
control centers.
Defense Against Ballistic Missiles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Defense against ballistic missiles presents more difficult problems than
defense against manned bombers. An extensive network known as the Ballistic
Missile Early Warning System (BMWES), runs through Alaska, Canada, Greenland,
and the British Isles, is used to detect and relay information about inbound
missiles. A similar network is planned to cover the southern portion of the
continent. In the event that an inbound missiles is detected, NORAD directs
the use of antiballistic-missile weaponry.
Defense Against Attack Through Space
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Although space vehicles are note currently employed for offensive military
usage at the present, the possibility is certainly there. One of NORAD's
primary responsibilities is to monitor any space born vehicles.
The number of man made objects in orbit above the Earth numbers in the
thousands. Continuous surveillance of these objects in space is performed by
NORAD's Space Detection and Tracking System (SPADATS). SPADATS consists of two
primary elements, the U.S. Navy's Space Surveillance (SPASUR) System--an
electronic fence of high-powered transmitters and receivers extending across
the southern United States--and the U.S. Air Force's SPACETRACK system.
SPACETRACK consists of a worldwide network of radars, space-probing cameras,
and communications. An operational control center with a central
data-processing facility called the Space Defense Center, located at NORAD
headquarters, serves to integrate the entire network.
NORAD Headquarters
~~~~~~~~~~~~~~~~~~
In 1966, operations began in the new Combat Operations Center deep inside
a mountain in Colorado. The center is located outside Colorado Springs at the
Cheyenne Mountain Air Force Base. The complex is set inside tunnels that have
been carved deep into the heart of the mountain itself. The entire structure
is situated atop huge, 3-foot diameter springs to absorb nuclear shock waves.
The headquarters was designed to survive a 1 megaton nuclear blast, but since
this was designed to deter 1960's nuclear technology, it is questionable
whether or not it would withstand attack by today's "smart" bombs, which could
put a missile right in the front door.
Every day, over a thousand people go to work the day shift at NORAD,
commuting up from near by Peterson Air Force Base. Upon arrival at the center,
they walk past the station's concertina wire topped twelve foot fences, which
are surprisingly non-electrified. The exterior is constantly patrolled and
observed by the Air Force Elite Security Forces, each armed to the teeth with
9mm pistols and M-16's. Scores of German Shepherd attack dogs are used as an
added bit of security. Above the main tunnel entrance, is a sign that reads:
"Use of Deadly Force Authorized by all Personnel."
The interior of the base, built to survive a nuclear attack, is completely
self-contained. Backup power is available in case of a power failure, and
provides uninterupted power for lighting as well as computer systems. The base
also contains food and water supplies for all personnel for over 30 days. The
base itself is entirely shielded with lead and reinforced concrete, which
augments the natural protection provided by the mountain. Huge blast doors
provide the only entrances and exits to the base.
Of course, the base is equipped with state-of-the-art communications
systems, with full time links to all nuclear weapons sites in both the U.S. and
Canada. The base is also linked into all major news and civil defense agencies
to accept and release up-to-the-minute information on global military affairs.
Surprisingly, however, the base is not equipped with today's most powerful
mainframes and supercomputers. Many of the systems are somewhat archaic, as any
upgrade would cause massive redesign of weapons and defense systems.
Conclusion
~~~~~~~~~~
One may wonder about the usefulness of this unique command post in the
interior of a mountain in light of current global events. With the evaporation
of central government in the Soviet Union, and the decreased likelihood of
another global war, a huge nuclear arsenal is beginning to seem worthless.
However, with the capability to monitor global military situations at all times,
and the ability to deter possible conflict, it still provides a valuable service
to all of North America, if not the world. Better safe than sorry.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*******************************************************************************
* *
* Card-O-Rama: Magnetic Stripe Technology and Beyond *
* *
* or *
* *
* "A Day in the Life of a Flux Reversal" *
* *
* *
* *
* by: ..oooOO Count Zero OOooo.. yRDTy 11/22/91 *
* *
*******************************************************************************
---A production of : -=Restricted -=Data -=Transmissions :
: :
: "Truth is cheap, but information costs." :
Look in your wallet. Chances are you own at least 3 cards that have
magnetic stripes on the back. ATM cards, credit cards, calling cards,
frequent flyer cards, ID cards, passcards,...cards, cards, cards! And chances
are you have NO idea what information is on those stripes or how they are
encoded. This detailed document will enlighten you and hopefully spark your
interest in this fascinating field. None of this info is 'illegal'...but
MANY organizations (government, credit card companies, security firms,
etc.) would rather keep you in the dark. Also, many people will IMMEDIATELY
assume that you are a CRIMINAL if you merely "mention" that you are
"interested in how magnetic stripe cards work." Watch yourself, ok? Just
remember that there's nothing wrong with wanting to know how things work,
although
in our present society, you may be labelled a "deviant" (or worse, a <gasp>
"hacker!").
Anyway, I will explain in detail how magstripes are encoded and give
several examples of the data found on some common cards. I will also cover the
technical theory behind magnetic encoding, and discuss magnetic encoding
alternatives to magstripes (Wiegand, barium ferrite). Non-magnetic card
technology (bar code, infrared, etc.) will be described. Finally, there will
be an end discussion on security systems and the ramifications of emergent
"smartcard" and biometric technologies.
*DISCLAIMER*
Use this info to EXPLORE, not to EXPLOIT. This text is presented for
informational purposes only, and I cannot be held responsible for anything you
do or any consequences thereof. I do not condone fraud, larceny, or any other
criminal activities.
*A WARNING*
I've noticed lately a few "books" and "magazines" for sale that were
FILLED with PHILES on a variety of computer topics. These philes were
originally released into the Net with the intention of distributing them for
FREE. HOWEVER, these philes are now being PACKAGED and sold FOR PROFIT. This
really pisses me off. I am writing this to be SHARED for FREE, and I ask no
payment. Feel free to reprint this in hardcopy format and sell it if you must,
but NO PROFITS must be made. Not a f**king DIME! If ANYONE reprints this
phile and tries to sell it FOR A PROFIT, I will hunt you down and make your
life miserable. How? Use your imagination. The reality will be worse.
** MAGSTRIPE FIELDS, HEADS, ENCODING/READING **
Whew! I'll get down to business now. First, I am going to explain the
basics behind fields, heads, encoding and reading. Try and absorb the THEORY
behind encoding/reading. This will help you greatly if you ever decide to
build your own encoder/reader from scratch (more on that later).
FERROMAGNETIC materials are substances that retain magnetism after an external
magnetizing field is removed. This principle is the basis of ALL magnetic
recording and playback. Magnetic POLES always occur in pairs within magnetized
material, and MAGNETIC FLUX lines emerge from the NORTH pole and
terminate at the SOUTH. The elemental parts of MAGSTRIPES are ferromagnetic
particles about 20 millionths of an inch long, each of which acts like a tiny
bar magnet. These particles are rigidly held together by a resin binder.
The magnetic particles are made by companies which make coloring pigments
for the paint industry, and are usually called pigments. When making the
magstripe media, the elemental magnetic particles are aligned with their
North-South axes parallel to the magnetic stripe by means of an external
magnetic fields while the binder hardens.
These particles are actually permanent bar magnets with TWO STABLE
POLARITIES. If a magnetic particle is placed in a strong external magnetic
field of the opposite polarity, it will FLIP its own polarity (North becomes
South, South becomes North). The external magnetic field strength required to
produce this flip is called the COERCIVE FORCE, or COERCIVITY of the particle.
Magnetic pigments are available in a variety of coercivities (more on that
later on).
An unencoded magstripe is actually a series of North-South magnetic
domains (see Figure 1). The adjacent N-S fluxes merge, and the entire stripe
acts as a single bar magnet with North and South poles at its ends.
Figure 1: N-S.N-S.N-S.N-S.N-S.N-S.N-S.N-S <-particles in stripe
---------
represented as-> N-----------------------------S
However, if a S-S interface is created somewhere on the stripe, the fluxes
will REPEL, and we get a concentration of flux lines around the S-S interface.
(same with N-N interface) ENCODING consists of creating S-S and N-N
interfaces, and READING consists of (you guessed it) detecting 'em. The S-S
and N-N interfaces are called FLUX REVERSALS.
||| ||| <-flux lines
Figure 2: N------------N-N-S-S-----------------S
--------- flux lines -> ||| |||
The external magnetic field used to flip the polarities is produced by a
SOLENOID, which can REVERSE its polarity by reversing the direction of CURRENT.
An ENCODING head solenoid looks like a bar magnet bent into the shape of a ring
so that the North/South poles are very close and face each other across a tiny
gap. The field of the solenoid is concentrated across this gap, and when
elemental magnetic particles of the magstripe are exposed to this field, they
polarize to the OPPOSITE (unlike poles attract). Movement of the stripe past
the solenoid gap during which the polarity of the solenoid is REVERSED will
produce a SINGLE flux reversal (see Figure 3). To erase a magstripe, the
encoding head is held at a CONSTANT polarity and the ENTIRE stripe is moved
past it. No flux reversals, no data.
| | <----wires leading to solenoid
| | (wrapped around ring)
/-|-|-\
/ \
Figure 3: | | <----solenoid (has JUST changed polarity)
--------- \ /
\ N S / <---gap in ring.. NS polarity across gap
N----------------------SS-N-------------------------S
^^
<<<<<-direction of stripe movement
S-S flux reversal created at trailing edge of solenoid!
So, we now know that flux reversals are only created the INSTANT the
solenoid CHANGES its POLARITY. If the solenoid in Figure 3 were to remain at
its current polarity, no further flux reversals would be created as the
magstripe moves from right to left. But, if we were to change the solenoid
gap polarity from NS to *SN*, then (you guessed it) a *N-N* flux reversal would
instantly be created. Just remember, for each and every reversal in solenoid
polarity, a single flux reversal is created (commit it to memory..impress your
friends..be a tech weenie!). An encoded magstripe is therefore just a series
of flux reversals (NN followed by SS followed by NN ...).
DATA! DATA! DATA! That's what you want! How the hell are flux reversals
read and interpreted as data? Another solenoid called a READ HEAD is used to
detect these flux reversals. The read head operates on the principle of
ELECTROMAGNETIC RECIPROCITY: current passing through a solenoid produces a
magnetic field at the gap, therefore, the presence of a magnetic field at the
gap of a solenoid coil will *produce a current in the coil*! The strongest
magnetic fields on a magstripe are at the points of flux reversals. These are
detected as voltage peaks by the reader, with +/- voltages corresponding to
NN/SS flux reversals (remember, flux reversals come in 2 flavors).
See Figure 4.
magstripe---> -------NN--------SS--------NN---------SS------
Figure 4: voltage-----> .......+.........-.........+...........-.....
---------
---------- -------------
peak readout--> | | | |
--------| |----------| |----
The 'peak readout' square waveform is critical. Notice that the voltage
peak remains the same until a new flux reversal is encountered.
Now, how can we encode DATA? The most common technique used is known as
Aiken Biphase, or 'two-frequency coherent-phase encoding' (sounds impressive,
eh?). First, digest the diagrams in Figure 5.
Figure 5: ---------- ---------- ----------
--------- | | | | | | <- peak
a) | |--------| |--------| | readouts
* 0 * 0 * 0 * 0 * 0 *
----- ----- ----- ----- ----- -
| | | | | | | | | | |
b) | |----| |----| |----| |----| |----|
* 1 * 1 * 1 * 1 * 1 *
----- ---------- ----- ----- -
| | | | | | | | |
c) | |----| |--------| |----| |----|
* 1 * 0 * 0 * 1 * 1 *
There ya have it. Data is encoded in 'bit cells,' the frequency of which
is the frequency of '0' signals. '1' signals are exactly TWICE the frequency
of '0' signals. Therefore, while the actual frequency of the data passing
the read head will vary due to swipe speed, data density, etc, the '1'
frequency will ALWAYS be TWICE the '0' frequency. Figure 5C shows exactly how
'1' and '0' data exists side by side.
We're getting closer to read DATA! Now, we're all familiar with binary
and how numbers and letters can be represented in binary fashion very easily.
There are obviously an *infinite* number of possible standards, but thankfully
the American National Standards Institute (ANSI) and the International
Standards Organization (ISO) have chosen 2 standards. The first is
** ANSI/ISO BCD Data format **
This is a 5-bit Binary Coded Decimal format. It uses a 16-character set,
which uses 4 of the 5 available bits. The 5th bit is an ODD parity bit, which
means there must be an odd number of 1's in the 5-bit character..the parity bit
will 'force' the total to be odd. Also, the Least Significant Bits are read
FIRST on the strip. See Figure 6.
The sum of the 1's in each case is odd, thanks to the parity bit. If the
read system adds up the 5 bits and gets an EVEN number, it flags the read
as ERROR, and you gotta scan the card again. (yeah, I *know* a lot of you
out there *already* understand parity, but I gotta cover all the bases...not
everyone sleeps with their modem and can recite the entire AT command set
at will, you know ;). See Figure 6 for details of ANSI/ISO BCD.
Figure 6: ANSI/ISO BCD Data Format
---------
* Remember that b1 (bit #1) is the LSB (least significant bit)!
* The LSB is read FIRST!
* Hexadecimal conversions of the Data Bits are given in parenthesis (xH).
--Data Bits-- Parity
b1 b2 b3 b4 b5 Character Function
0 0 0 0 1 0 (0H) Data
1 0 0 0 0 1 (1H) "
0 1 0 0 0 2 (2H) "
1 1 0 0 1 3 (3H) "
0 0 1 0 0 4 (4H) "
1 0 1 0 1 5 (5H) "
0 1 1 0 1 6 (6H) "
1 1 1 0 0 7 (7H) "
0 0 0 1 0 8 (8H) "
1 0 0 1 1 9 (9H) "
0 1 0 1 1 : (AH) Control
1 1 0 1 0 ; (BH) Start Sentinel
0 0 1 1 1 < (CH) Control
1 0 1 1 0 = (DH) Field Separator
0 1 1 1 0 > (EH) Control
1 1 1 1 1 ? (FH) End Sentinel
***** 16 Character 5-bit Set *****
10 Numeric Data Characters
3 Framing/Field Characters
3 Control Characters
The magstripe begins with a string of Zero bit-cells to permit the
self-clocking feature of biphase to "sync" and begin decoding.
A "Start Sentinel" character then tells the reformatting process where to start
grouping the decoded bitstream into groups of 5 bits each. At the end of the
data, an "End Sentinel" is encountered, which is followed by an "Longitudinal
Redundancy Check (LRC) character. The LRC is a parity check for the sums of
all b1, b2, b3, and b4 data bits of all preceding characters. The LRC
character will catch the remote error that could occur if an individual
character had two compensating errors in its bit pattern (which would fool the
5th-bit parity check).
The START SENTINEL, END SENTINEL, and LRC are collectively called "Framing
Characters", and are discarded at the end of the reformatting process.
** ANSI/ISO ALPHA Data Format **
Alphanumeric data can also be encoded on magstripes. The second ANSI/ISO
data format is ALPHA (alphanumeric) and involves a 7-bit character set with
64 characters. As before, an odd parity bit is added to the required 6 data
bits for each of the 64 characters. See Figure 7.
Figure 7:
--------- ANSI/ISO ALPHA Data Format
* Remember that b1 (bit #1) is the LSB (least significant bit)!
* The LSB is read FIRST!
* Hexadecimal conversions of the Data Bits are given in parenthesis (xH).
------Data Bits------- Parity
b1 b2 b3 b4 b5 b6 b7 Character Function
0 0 0 0 0 0 1 space (0H) Special
1 0 0 0 0 0 0 ! (1H) "
0 1 0 0 0 0 0 " (2H) "
1 1 0 0 0 0 1 # (3H) "
0 0 1 0 0 0 0 $ (4H) "
1 0 1 0 0 0 1 % (5H) Start Sentinel
0 1 1 0 0 0 1 & (6H) Special
1 1 1 0 0 0 0 ' (7H) "
0 0 0 1 0 0 0 ( (8H) "
1 0 0 1 0 0 1 ) (9H) "
0 1 0 1 0 0 1 * (AH) "
1 1 0 1 0 0 0 + (BH) "
0 0 1 1 0 0 1 , (CH) "
1 0 1 1 0 0 0 - (DH) "
0 1 1 1 0 0 0 . (EH) "
1 1 1 1 0 0 1 / (FH) "
0 0 0 0 1 0 0 0 (10H) Data (numeric)
1 0 0 0 1 0 1 1 (11H) "
0 1 0 0 1 0 1 2 (12H) "
1 1 0 0 1 0 0 3 (13H) "
0 0 1 0 1 0 1 4 (14H) "
1 0 1 0 1 0 0 5 (15H) "
0 1 1 0 1 0 0 6 (16H) "
1 1 1 0 1 0 1 7 (17H) "
0 0 0 1 1 0 1 8 (18H) "
1 0 0 1 1 0 0 9 (19H) "
0 1 0 1 1 0 0 : (1AH) Special
1 1 0 1 1 0 1 ; (1BH) "
0 0 1 1 1 0 0 < (1CH) "
1 0 1 1 1 0 1 = (1DH) "
0 1 1 1 1 0 1 > (1EH) "
1 1 1 1 1 0 0 ? (1FH) End Sentinel
0 0 0 0 0 1 0 @ (20H) Special
1 0 0 0 0 1 1 A (21H) Data (alpha)
0 1 0 0 0 1 1 B (22H) "
1 1 0 0 0 1 0 C (23H) "
0 0 1 0 0 1 1 D (24H) "
1 0 1 0 0 1 0 E (25H) "
0 1 1 0 0 1 0 F (26H) "
1 1 1 0 0 1 1 G (27H) "
0 0 0 1 0 1 1 H (28H) "
1 0 0 1 0 1 0 I (29H) "
0 1 0 1 0 1 0 J (2AH) "
1 1 0 1 0 1 1 K (2BH) "
0 0 1 1 0 1 0 L (2CH) "
1 0 1 1 0 1 1 M (2DH) "
0 1 1 1 0 1 1 N (2EH) "
1 1 1 1 0 1 0 O (2FH) "
0 0 0 0 1 1 1 P (30H) "
1 0 0 0 1 1 0 Q (31H) "
0 1 0 0 1 1 0 R (32H) "
1 1 0 0 1 1 1 S (33H) "
0 0 1 0 1 1 0 T (34H) "
1 0 1 0 1 1 1 U (35H) "
0 1 1 0 1 1 1 V (36H) "
1 1 1 0 1 1 0 W (37H) "
0 0 0 1 1 1 0 X (38H) "
1 0 0 1 1 1 1 Y (39H) "
0 1 0 1 1 1 1 Z (3AH) "
1 1 0 1 1 1 0 [ (3BH) Special
0 0 1 1 1 1 1 \ (3DH) Special
1 0 1 1 1 1 0 ] (3EH) Special
0 1 1 1 1 1 0 ^ (3FH) Field Separator
1 1 1 1 1 1 1 _ (40H) Special
***** 64 Character 7-bit Set *****
* 43 Alphanumeric Data Characters
* 3 Framing/Field Characters
* 18 Control/Special Characters
The two ANSI/ISO formats, ALPHA and BCD, allow a great variety of data to be
stored on magstripes. Most cards with magstripes use these formats, but
occasionally some do not. More about those later on.
** Tracks and Encoding Protocols **
Now we know how the data is stored. But WHERE is the data stored on the
magstripe? ANSI/ISO standards define *3* Tracks, each of which is used for
different purposes. These Tracks are defined only by their location on the
magstripe, since the magstripe as a whole is magnetically homogeneous. See
Figure 8.
Figure 8:
--------- <edge of card>
_________________________________________________________________
| ^ ^ ^
|------------------| 0.223"--|---------|-------------------------
| | | 0.353" | ^
|..................|.........|.........| 0.493" |
| Track #1 0.110" | | |
|............................|.........|... <MAGSTRIPE>
| | | |
|............................|.........|... |
| Track #2 0.110" | |
|......................................|... |
| | |
|......................................|... |
| Track #3 0.110" |
|.......................................... |
| |
|------------------------------------------------------------------
|
| <body of card>
|
You can see the exact distances of each track from the edge of the card, as
well as the uniform width and spacing. Place a magstripe card in front of you
with the magstripe visible at the bottom of the card. Data is encoded from
left to right (just like reading a book, eh?). See Figure 9.
Figure 9:
--------- ANSI/ISO Track 1,2,3 Standards
Track Name Density Format Characters Function
--------------------------------------------------------------------
1 IATA 210 bpi ALPHA 79 Read Name & Account
2 ABA 75 bpi BCD 40 Read Account
3 THRIFT 210 bpi BCD 107 Read Account &
*Encode* Transaction
*** Track 1 Layout: ***
| SS | FC | PAN | Name | FS | Additional Data | ES | LRC |
SS=Start Sentinel "%"
FC=Format Code
PAN=Primary Acct. # (19 digits max)
FS=Field Separator "^"
Name=26 alphanumeric characters max.
Additional Data=Expiration Date, offset, encrypted PIN, etc.
ES=End Sentinel "?"
LRC=Longitudinal Redundancy Check
*** Track 2 Layout: ***
| SS | PAN | FS | Additional Data | ES | LRC |
SS=Start Sentinel ";"
PAN=Primary Acct. # (19 digits max)
FS=Field Separator "="
Additional Data=Expiration Date, offset, encrypted PIN, etc.
ES=End Sentinel "?"
LRC=Longitudinal Redundancy Check
*** Track 3 Layout: ** Similar to tracks 1 and 2. Almost never used.
Many different data standards used.
Track 2, "American Banking Association," (ABA) is most commonly used. This
is the track that is read by ATMs and credit card checkers. The ABA designed
the specifications of this track and all world banks must abide by it. It
contains the cardholder's account, encrypted PIN, plus other discretionary
data.
Track 1, named after the "International Air Transport Association," contains
the cardholder's name as well as account and other discretionary data. This
track is sometimes used by the airlines when securing reservations with a
credit card; your name just "pops up" on their machine when they swipe your
card!
Since Track 1 can store MUCH more information, credit card companies are trying
to urge retailers to buy card readers that read Track 1. The *problem* is that
most card readers read either Track 1 or Track 2, but NOT BOTH! And the
installed base of readers currently is biased towards Track 2. VISA USA is at
the front of this 'exodus' to Track 1, to the point where they are offering
Track 1 readers at reduced prices through participating banks. A spokesperson
for
VISA commented:
"We think that Track 1 represents more flexibility and the
potential to deliver more information, and we intend to
build new services around the increased information."
What new services? We can only wait and see.
Track 3 is unique. It was intended to have data read and WRITTEN on it.
Cardholders would have account information UPDATED right on the magstripe.
Unfortunately, Track 3 is pretty much an orphaned standard. Its *original*
design was to control off-line ATM transactions, but since ATMs are now on-line
ALL THE TIME, it's pretty much useless. Plus the fact that retailers and banks
would have to install NEW card readers to read that track, and that costs $$.
Encoding protocol specifies that each track must begin and end with a length
of all Zero bits, called CLOCKING BITS. These are used to synch the self-
clocking feature of biphase decoding. See Figure 10.
Figure 10: end sentinel
start sentinel | longitudinal redundancy check
| | |
000000000000000 SS.................ES LRC 0000000000000000
leading data, data, data trailing
clocking bits clocking bits
(length varies) (length varies)
THAT'S IT!!! There you have the ANSI/ISO STANDARDS! Completely explained.
Now, the bad news. NOT EVERY CARD USES IT! Credit cards and ATM cards will
follow these standards. BUT, there are many other types of cards out there.
Security passes, copy machine cards, ID badges, and EACH of them may use a
PROPRIETARY density/format/track-location system. ANSI/ISO is REQUIRED for
financial transaction cards used in the international interbank network. All
other cards can play their own game.
The good news. MOST other cards follow the standards, because it's EASY to
follow a standard instead of WORKING to make your OWN! Most magstripe cards
other than credit cards and ATM cards will use the same Track specifications,
and use either BCD or ALPHA formats.
** A Bit About Magstripe Equipment **
"Wow, now I know how to interpret all that data on magstripes! But...
waitasec, what kind of equipment do I need to read the stripes?
Where can I buy a reader? I don't see any in Radio Shack!!"
Sorry, but magstripe equipment is hard to come by. For obvious reasons,
card readers are not made commonly available to consumers. How to
build one is the topic for another phile (and THIS phile is already too long!).
Your best bets are to try and scope out Electronic Surplus Stores and flea
markets. Don't even bother trying to buy one directly from a manufacturer,
since they will immediately assume you have "criminal motives." And as for
getting your hands on a magstripe ENCODER...well, good luck! Those rare
beauties are worth their weight in gold. Keep your eyes open and look around,
and MAYBE you'll get lucky! A bit of social engineering can go a LONG way.
There are different kinds of magstripe readers/encoders. The most common
ones are "swipe" machines: the type you have to physically slide the card
through.
Others are "insertion" machines: like ATM machines they 'eat' your card, then
regurgitate it after the transaction. Costs are in the thousands of dollars,
but like I said, flea markets and surplus stores will often have GREAT deals
on these things. Another problem is documentation for these machines. If you
call the manufacturer and simply ask for 'em, they will probably deny you the
literature. "Hey son, what are you doing with our model XYZ swipe reader? That
belongs in the hands of a 'qualified' merchant or retailer, not some punk kid
trying to 'find out how things work!" Again, some social engineering may be
required. Tell 'em you're setting up a new business. Tell 'em you're working
on a science project. Tell 'em anything that works!
2600 Magazine recently had a good article on how to build a machine that
copies magstripe cards. Not much info on the actual data formats and encoding
schemes, but the device described is a start. With some modifications, I bet
you could route the output to a dumb terminal (or through a null modem cable) in
order to READ the data. Worth checking out the schematics.
As for making your own cards, just paste a length of VCR, reel-to-reel, or
audio cassette tape to a cut-out posterboard or plastic card. Works just as
good as the real thing, and useful to experiment with if you have no expired or
'dead' ATM or calling cards lying around (SAVE them, don't TOSS them!).
** Examples of Data on Magstripes **
The real fun in experimenting with magstripe technology is READING cards to
find out WHAT THE HELL is ON them! Haven't you wondered? The following cards
are the result of my own 'research'. Data such as specific account numbers and
names has been changed to protect the innocent. None the cards used to make
this list were stolen or acquired illegally.
Notice that I make careful note of 'common data'; data that I noticed was
the same for all cards of a particular type. This is highlighted below the
data with asterisks (*). Where I found varying data, I indicate it with "x"'s.
In those cases, NUMBER of CHARACTERS was consistent (the number of "x"'s equals
the number of characters...one to one relationship).
I still don't know what some of the data fields are for, but hopefully I
will be following this phile with a sequel after I collect more data. It ISN'T
easy to find lots of cards to examine. Ask your friends, family, and co-workers
to help! "Hey, can I, um, like BORROW your MCI calling card tonite? I'm
working on an, um, EXPERIMENT. Please?" Just...be honest! Also, do some
trashing. People will often BEND expired cards in half, then throw them out.
Simply bend 'em back into their normal shape, and they'll usually work (I've
done it!). They may be expired, but they're not ERASED!
-------------------------------------------------------------------------------
-=Mastercard=- Number on front of card -> 1111 2222 3333 4444
Expiration date -> 12/99
Track 2 (BCD,75 bpi)-> ;1111222233334444=99121010000000000000?
***
Track 1 (ALPHA,210 bpi)-> %B1111222233334444^PUBLIC/JOHN?
*
Note that the "101" was common to all MC cards checked, as well as the "B".
-------------------------------------------------------------------------------
-=VISA=- Number on front of card -> 1111 2222 3333 4444
Expiration date -> 12/99
Track 2 (BCD,75 bpi)-> ;1111222233334444=9912101xxxxxxxxxxxxx?
***
Track 1 (ALPHA,210 bpi)-> %B1111222233334444^PUBLIC/JOHN^9912101xxxxxxxxxxxxx?
*
Note that the "101" was common to all VISA cards checked, as well as the "B".
Also, the "xxx" indicates numeric data that varied from card to card, with no
apparent pattern. I believe this is the encrypted pin for use when cardholders
get 'cash advances' from ATMs. In every case, tho, I found *13* digits of the
stuff.
-------------------------------------------------------------------------------
-=Discover=- Number on front of card -> 1111 2222 3333 4444
Expiration date -> 12/99
Track 2 (BCD,75 bpi)-> ;1111222233334444=991210100000?
********
Track 1 (ALPHA,210 bpi)-> %B1111222233334444^PUBLIC/JOHN___^991210100000?
********
Note, the "10100000" and "B" were common to most DISCOVER cards checked.
I found a few that had "10110000" instead. Don't know the significance.
Note the underscores after the name JOHN. I found consistently that the name
data field had *26* charaters. Whatever was left of the field after the name
was "padded" with SPACES. Soo...for all of you with names longer than 25
(exclude the "/") characters, PREPARE to be TRUNCATED! ;)
-------------------------------------------------------------------------------
-=US Sprint FON=- Number on front of card -> 111 222 3333 4444
Track 2 (BCD,75 bpi)-> ;xxxxxx11122233339==xxx4444xxxxxxxxxx=?
*
Track 1 (ALPHA,210 bpi)-> %B^ /^^xxxxxxxxxxxxxxxxx?
*
Strange. None of the cards I check had names in the Track 1 fields. Track 1
looks unused, yet it was always formatted with field separators. The "xxx"
stuff varied from card to card, and I didn't see a pattern. I know it isn't
a PIN, so it must be account data.
-------------------------------------------------------------------------------
-=Fleet Bank=- Number on front of card -> 111111 222 3333333
Expiration date -> 12/99
Track 2 (BCD,75 bpi)-> ;1111112223333333=9912120100000000xxxx?
****
Track 1 (ALPHA,210 bpi) ->
%B1111112223333333^PUBLIC/JOHN___^9912120100000000000000xxxx000000?
* ****
Note that the "xxx" data varied. This is the encrypted PIN offset. Always 4
digits (hrmmm...). The "1201" was always the same. In fact, I tried many
ATM cards from DIFFERENT BANKS...and they all had "1201".
-------------------------------------------------------------------------------
(Can't leave *this* one out ;)
-=Radio Shack=- Number on front of card -> 1111 222 333333
NO EXPIRATION data on card
Track 2 (BCD,75 dpi)-> ;1111222333333=9912101?
*******
Note that the "9912101" was the SAME for EVERY Radio Shack card I saw. Looks
like when they don't have 'real' data to put in the expiration date field, they
have to stick SOMETHING in there.
-------------------------------------------------------------------------------
Well, that's all I'm going to put out right now. As you can see, the major
types of cards (ATMs, CC) all follow the same rules more or less. I checked
out a number of security passcards and timeclock entry cards..and they ALL had
random stuff written to Track 2. Track 2 is by FAR the MOST utilized track on
the card. And the format is pretty much always ANSI/ISO BCD. I *did* run
into some hotel room access cards that, when scanned, were GARBLED. They most
likely used a character set other than ASCII (if they were audio tones, my
reader would have put out NOTHING...as opposed to GARBLED data). As you can
see, one could write a BOOK listing different types of card data. I intended
only to give you some examples. My research has been limited, but I tried to
make logical conclusions based on the data I received.
** Cards of All Flavors **
People wanted to store A LOT of data on plastic cards. And they wanted that
data to be 'invisible' to cardholders. Here are the different card
technologies that were invented and are available today.
HOLLERITH - With this system, holes are punched in a plastic or paper card and
read optically. One of the earliest technologies, it is now seen
as an encoded room key in hotels. The technology is not secure,
but cards are cheap to make.
BAR CODE - The use of bar codes is limited. They are cheap, but there is
virtually no security and the bar code strip can be easily damaged.
INFRARED - Not in widespread use, cards are factory encoded by creating a
"shadow pattern" within the card. The card is passed through a
swipe
or insertion reader that uses an infrared scanner. Infrared card
pricing is moderate to expensive, and encoding is pretty secure.
Infrared scanners are optical and therefore vulnerable to
contamination.
PROXIMITY - Hands-free operation is the primary selling point of this card.
Although several different circuit designs are used, all proximity
cards permit the transmission of a code simply by bringing the card
near the reader (6-12"). These cards are quite thick, up to
0.15" (the ABA standard is 0.030"!).
WIEGAND - Named after its inventor, this technology uses a series of small
diameter wires that, when subjected to a changing magnetic field,
induce a discrete voltage output in a sensing coil. Two rows of
wires are embedded in a coded strip. When the wires move past
the read head, a series of pulses is read and interpreted as binary
code. This technology produces card that are VERY hard to copy
or alter, and cards are moderately expensive to make. Readers
based on this tech are epoxy filled, making them immune to weather
conditions, and neither card nor readers are affected by external
magnetic fields (don't worry about leaving these cards on top of
the television set...you can't hurt them!). Here's an example of
the layout of the wires in a Wiegand strip:
||| || || | ||| | || || | || || | | ||
| | | | | | |||| || |||| ||
The wires are NOT visible from the outside of the card, but if
your card is white, place it in front of a VERY bright light source
and peer inside. Notice that the spacings between the wires is
uniform.
BARIUM FERRITE - The oldest magnetic encoding technology (been around for 40
yrs!) it uses small bits of magnetized barium ferrite that are
placed inside a plastic card. The polarity and location of
the "spots" determines the coding. These cards have a short
life cycle, and are used EXTENSIVELY in parking lots (high
turnover rate, minimal security). Barium Ferrite cards are
ONLY used with INSERTION readers.
There you have the most commonly used cards. Magstripes are common because
they are CHEAP and relatively secure.
** Magstripe Coercivity **
Magstripes themselves come in different flavors. The COERCIVITY of the
magnetic media must be specified. The coercivity is the magnetic field
strength required to demagnetize an encoded stripe, and therefore determines
the encode head field strength required to encode the stripe. A range of media
coercivities are available ranging from 300 Oersteds to 4,000 Oe. That boils
down to HIGH-ENERGY magstripes (4,000 Oe) and LOW-ENERGY magstripes (300 Oe).
REMEMBER: since all magstripes have the same magnetic remanence regardless of
their coercivity, readers CANNOT tell the difference between HIGH and LOW
energy stripes. Both are read the same by the same machines.
LOW-ENERGY media is most common. It is used on all financial cards, but its
disadvantage is that it is subject to accidental demagnetization from contact
with common magnets (refrigerator, TV magnetic fields, etc.). But these cards
are kept safe in wallets and purses most of the time.
HIGH-ENERGY media is used for ID Badges and access control cards, which are
commonly used in 'hostile' environments (worn on uniform, used in stockrooms).
Normal magnets will not affect these cards, and low-energy encoders cannot
write to them.
** Not All that Fluxes is Digital **
Not all magstripe cards operate on a digital encoding method. SOME cards
encode AUDIO TONES, as opposed to digital data. These cards are usually
used with old, outdated, industrial-strength equipment where security is not an
issue and not a great deal of data need be encoded on the card. Some subway
passes are like this. They require only expiration data on the magstripe, and
a short series of varying frequencies and durations are enough. Frequencies
will vary with the speed of swiping, but RELATIVE frequencies will remain the
same (for instance, tone 1 is twice the freq. of tone 2, and .5 the freq of
tone 3, regardless of the original frequencies!). Grab an oscilloscope to
visualize the tones, and listen to them on your stereo. I haven't experimented
with these types of cards at all.
** Security and Smartcards **
Many security systems utilize magstripe cards, in the form of passcards and
ID cards. It's interesting, but I found in a NUMBER of cases that there was
a serious FLAW in the security of the system. In these cases, there was a
code number PRINTED on the card. When scanned, I found this number encoded on
the magstripe. Problem was, the CODE NUMBER was ALL I found on the magstripe!
Meaning, by just looking at the face of the card, I immediately knew exactly
what was encoded on it. Ooops! Makes it pretty damn easy to just glance at
Joe's card during lunch, then go home and pop out my OWN copy of Joe's access
card! Fortunately, I found this flaw only in 'smaller' companies (sometimes
even universities). Bigger companies seem to know better, and DON'T print
ALL of the magstripe data right on card in big, easily legible numbers. At
least the big companies *I* checked. ;)
Other security blunders include passcard magstripes encoded ONLY with the
owner's social security number (yeah, real difficult to find out a person's
SS#...GREAT idea), and having passcards with only 3 or 4 digit codes.
Smartcard technology involves the use of chips embedded in plastic cards,
with pinouts that temporarily contact the card reader equipment. Obviously,
a GREAT deal of data could be stored in this way, and unauthorized duplication
would be very difficulty. Interestingly enough, not much effort is being put
into smartcards by the major credit card companies. They feel that the tech
is too expensive, and that still more data can be squeezed onto magstripe
cards in the future (especially Track 1). I find this somewhat analogous to
the use of metallic oxide disk media. Sure, it's not the greatest (compared
to erasable-writable optical disks), but it's CHEAP..and we just keep improving
it. Magstripes will be around for a long time to come. The media will be
refined, and data density increased. But for conventional applications, the
vast storage capabilities of smartcards are just not needed.
** Biometrics: Throw yer cards away! **
I'd like to end with a mention of biometrics: the technology based on reading
the physical attributes of an individual through retina scanning, signature
verification, voice verification, and other means. This was once limited to
government use and to supersensitive installations. However, biometrics will
soon acquire a larger market share in access control sales because much of its
development stage has passed and costs will be within reach of more buyers.
Eventually, we can expect biometrics to replace pretty much ALL cards..because
all those plastic cards in your wallet are there JUST to help COMPANIES
*identify* YOU. And with biometrics, they'll know you without having to read
cards. I'm not paranoid, nor do I subscribe to any grand 'corporate
conspiracy', but I find it a bit unsettling that our physical attributes will
most likely someday be sitting in the cool, vast electronic databases of
the CORPORATE world. Accessible by anyone willing to pay. Imagine CBI and TRW
databases with your retina image, fingerprint, and voice pattern online for
instant, convenient retrieval. Today, a person can CHOOSE NOT to own a credit
card or a bank card...we can cut up our plastic ID cards! Without a card, a
card reader is useless and cannot identify you. Paying in cash makes you
invisible! However, with biometrics, all a machine has to do is watch...
.listen...and record. With government/corporate America pushing all the
buttons.. "Are you paying in cash?...thank you...please look into the camera.
Oh, I see your name is Mr. Smith...uh, oh...my computer tells me you haven't
paid your gas bill....afraid I'm going to have to keep this money and credit
your gas account with it....do you have any more cash?...or would you rather
I garnish your paycheck?" heh heh
** Closing Notes (FINALLY!!!!) **
Whew...this was one MOTHER of a phile. I hope it was interesting, and I hope
you distribute it to all you friends. This phile was a production of
"Restricted Data Transmissions"...a group of techies based in the Boston area
that feel that "Information is Power"...and we intend to release a number of
highly technical yet entertaining philes in the coming year....LOOK FOR THEM!!
Tomorrow I'm on my way to Xmascon '91.....we made some slick buttons
commemorating the event...if you ever see one of them (green wreath..XMASCON
1991 printed on it)..hang on to it!...it's a collector's item.. (hahahah)
Boy, I'm sleepy...
Remember.... "Truth is cheap, but information costs!"
But -=RDT is gonna change all that... ;) set the info FREE!
Peace.
..oooOO Count Zero OOooo..
Usual greets to Magic Man, Brian Oblivion, Omega, White Knight, and anyone
else I ever bummed a cigarette off.....
Comments, criticisms, and discussions about this phile are welcome. I can be
reached at
count0@world.std.com
count0@spica.bu.edu
count0@atdt.org
Magic Man and I are the sysops of the BBS "ATDT"...located somewhere in
Massachusetts. Great message bases, technical discussions...data made
flesh...electronic underground.....our own Internet address (atdt.org)...
.field trips to the tunnels under MIT in Cambridge.....give it a call..
..mail me for more info.. ;)
ATDT------(???)YOU-WISH
(You're not paranoid if they're REALLY out to get you... ;)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
-/- -/-
/-/ *> TID-BYTES <* /-/
-/- -/-
/-/ by the Informatik Staff /-/
-/- -/-
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
Tid-Bytes is a standing column of miscellaneous bits of information.
Some FYI
~~~~~~~~
Ever wonder why Rolling Rock Beer has that mysterious "33" printed on the
back of the bottle? Well apparently there are two stories concerning this
strange number. The OFFICIAL story: The number 33 stands for two things, 1)
The year that Prohibition was repealed (1933), and 2) the number of words in
the legend printed above the 33 on cans and bottles. The REAL story is that
the bold "33" is nothing more than an accident. During the initial design of
the beer's label, someone scribbled a large "33" to point out the extreme
length of the legend. This copy made it to the printers and the note was
included in the final printing.
-------------------------------------------------------------------------------
Interesting Books
~~~~~~~~~~~~~~~~~
"Automated Crime Information Systems" by J. Van Duyn
This 142-page hardcover book provides a complete introduction to all existing
and planned systems of automated criminal records-gathering and dissemination
in the United States. Includes the latest information on such topics as: The
FBI's criminal history and ID programs; NCIC; federal/state co-op efforts;
useful software applications for law enforcement; legality of stored
information, DNA analysis, and more. The book is $22.95 from TAB Professional
and Reference Books, Blue Ridge Summit, PA 17294-0850. The Order Number of
the book is 3503.
"Deception Detection--Winning the Polygraph Game" by Charles Clifton
In this 145 page book the author explains the theory behind polygraphs, and
gives countermeasures to turn the results to your favor by several methods.
It is available for $15.00 from Paladin Press, PO Box 1307, Boulder, CO 80306.
"Engineer's Trade Secrets of Radio" by James R. Cunningham
Brimming with information on AM/FM, Ham, broadcast transmitters, antennas,
signal enhancement schemes, this 140
-page book is a must for radio electronic
enthusiasts (legal or otherwise). Note that some projects described in the
book are not legal in the United States. Order for $19.95 from CRB Research
Books, Inc., PO Box 56, Commack, NY 11725.
------------------------------------------------------------------------------
Pay-Per-View the Discount Way
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you've ever had a burning desire to watch those expensive movies on the
pay channels at hotels, but have never had the cash to indulge, here's the
solution. Simply disconnect the input coax (the one hooked up to the wall)
>from the "control box" on top of the T.V. Then disconnect the patch cable
between the T.V. and control box from the T.V. Connect the input cable to
the now vacant cable input on the T.V., then patch the cable box into itself
with the short cable. The high channels on the T.V. tuner should now be
showing the pay-per-view movies free of charge. One warning, the cables may
have a short shield over the end of the connector to prevent removal. In
this case, needle nose pliers or a similar tool is required to remove them.
Be sure to pack one in your shave kit!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)
)%( )%(
(%) > Hot Flashes < (%)
)%( )%(
(%) The Underground News Report (%)
)%( )%(
(%) Edited by: the Informatik Staff (%)
)%( )%(
(%) January 1992 (%)
)%( )%(
(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)
===================================
Computer Civil Liberties Conference
===================================
First Announcement of
THE SECOND CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY
L'Enfant Plaza Hotel, Washington DC March 18-20, 1992
(A longer, complete, electronic version of this announcement is available
by sending a request with any title and any message to cfp2-info@eff.org.)
(The printed announcement (brochure) is available -- see end of this notice.)
The rush of computers into our workplaces, homes, and institutions is
drastically altering how we work and live, how we buy and sell, and with whom
we communicate. Computers are obliterating traditional political and
organizational boundaries, making time zones irrelevant, and bridging diverse
cultures. They are fundamentally changing our culture, values, laws,
traditions, and identities.
The turmoil of the changes calls into question many old assumptions about
privacy, freedom of speech, search and seizure, access to personal and
governmental information, professional responsibilities, ethics,
criminality, law enforcement, and more. The only way to sort out these
issues and arrive at a consensus for action is to acknowledge that we don't
know the answers -- and then, with reason and good will, to find the
answers through discussion and education. That's why the Conference on
Computers, Freedom, and Privacy was founded in 1991.
The Computers, Freedom, and Privacy Conference is unique. It has no
"agenda for change". It seeks only to bring together people from all the
major communities and interest groups that have a stake in the new world being
shaped by information technology, so that they may share their ideas, ideals,
concerns and experiences.
At the first conference, hundreds of people from the fields of law,
computer science, law enforcement, business, public policy, government,
education, research, marketing, information providing, advocacy and a host of
others met for several days. It was the first time such a diverse group had
ever assembled, and the exchange of ideas and points of view was electric.
The conference is "single-track" -- all participants attend all the
sessions. A morning of tutorials at the beginning of the conference will help
participants get up to speed in specific "hot" areas. The conference sessions
themselves take up timely and, at times, thorny issues. Each session aims for
a balance of perspectives in order to assist diverse groups appreciate the
views of others. A brief examination of the long list of sponsoring and
supporting organizations will reveal that this respect for diverse outlooks is
built into the conference from the ground up.
The question is no longer whether information technologies will change
our world. They are, now. The real question is how we, as citizens and
professionals, will respond to and manage that change. Those at the Second
Conference on Computers, Freedom, and Privacy will lead the way.
Sponsors: Association for Computing Machinery, Special Interest Groups on
Computers and Society, Communications, Security, Audit, and Control
Host: Department of Electrical Engineering and Computer Science
The George Washington University
Patrons: Bell Atlantic Computer Security Institute
Department of Energy* Dunn & Bradstreet
Equifax Hayes Microcomputer Products, Inc.
John Gilmore Mitchell Kapor
National Institutes of Health* National Science Foundation*
*applied for
Co-sponsors and cooperating organizations:
American Civil Liberties Union
Association for Computing Machinery
Special Interest Group on Software Engineering
Association of Research Libraries
Computer Professionals for Social Responsibility
Electronic Frontier Foundation
Federal Library and Information Center Committee
First Amendment Congress
Institute for Electrical and Electronics Engineers-USA
Committee on Communications and Information Policy
Library and Information Technology Association
Privacy International
U. S. Privacy Council
The WELL (Whole Earth 'Lectronic Link)
STEERING COMMITTEE
Lance J. Hoffman (General Chair), The George Washington University
Michael F. Brewer, Dun and Bradstreet
Paul Clark (chair, Operations Committee), Trusted Information Systems
Dorothy Denning (chair, Tutorials Committee), Georgetown University
Peter Denning (chair, Program Committee), George Mason University
David Farber, University of Pennsylvania
Craig Feied, The George Washington University Medical Center
Mike Gibbons, FBI
Mitchell Kapor, Electronic Frontier Foundation
Jane Kirtley, Reporters Committee for Freedom of the Press
Lu Kleppinger (chair, Finance Committee), The George Washington University
C. Dianne Martin, The George Washington University
John McMullen (chair, Scholarship Committee), McMullen & McMullen, Inc.
Lynn McNulty, NIST
Ronald Plesser, Piper and Marbury
Molly Raphael, D.C. Public Library
Mark Rotenberg, CPSR Washington Office
James Sylvester, Bell Atlantic
Jim Warren, Autodesk and MicroTimes
Fred Weingarten, Computing Research Association
WEDNESDAY, MARCH 18, 1992
PRE-CONFERENCE TUTORIALS
Group A: 9:00 a.m.
Making Information Law and Policy
Jane Bortnick, Congressional Research Service, Library of Congress
Information policy is made (or not made) by a bewildering array of
government officials and agencies. This tutorial gives a road map through
this maze of laws, regulations, practices, etc.
Getting on the Net
Mitchell Kapor, Electronic Frontier Foundation
Practical issues of access to the Internet for the nontechnical end-user,
including basic services (email, USENET, ftp), PC and Mac-based network
applications, and net-speak.
Communications and Network Evolution
Sergio Heker, JVNCNet
The underlying technical infrastructure for the Internet, for persons not
deeply immersed in the technology. Possible future technologies and
projects, and what privacy and freedom problems they may bring.
Private Sector Privacy
Jeff Smith, Georgetown University
An introduction to laws, rules, and practices regarding personal
information gathered and stored by private organizations such as direct
marketers, hospitals, etc.
Group B: 10:30 a.m.
Constitutional Law for Nonlawyers
Harvey Silverglate, Silverglate & Good
An overview of Constitutional law with special emphasis on the First,
Fourth, and Fifth Amendments and the application of their principles in the
information age.
Computer Crime
Don G. Ingraham, Alameda County District Attorney's Office
Investigation, search, seizure, and evidence requirements for pursuing
computer crime. For computer users, owners, sysops, and investigators and
attorneys unfamiliar with computer crime practices.
Modern Telecommunications: Life after Humpty Dumpty
Richard S. Wolff, Bellcore
Roles and relationships of the key players in telecommunications,
developments in communications technology, and new services. Signaling
System 7, ISDN, and advanced intelligent network features.
International Privacy Developments
David Flaherty, University of Western Ontario
Privacy-related developments within the European community, OECD, and the
United Nations, and how they affect the United States. Comparison of
privacy regulations here and abroad.
CONFERENCE PROGRAM
1:00-2:00 p.m. KEYNOTE ADDRESS:
Al Neuharth, Chairman, The Freedom Forum and Founder, USA Today
"Freedom in Cyberspace: New Wine in Old Flasks?"
The differing legal and regulatory constraints on publishers of
newspapers, owners of television stations, and the telephone service
providers imply that some dogfights will occur and some tough decisions
will have to be made to balance privacy and freedom in the coming decade,
since the old wine of 1970's-era regulation will not fit into the new
flasks of 21st Century. Mr. Neuharth, a self-proclaimed S.O.B., will give
us a peek at his vision of what the future holds.
2:30 pm - 4 pm Who logs on?
* Chair: Robert Lucky, AT&T Bell Laboratories
* Panel: Linda Garcia, Office of Technology Assessment
* Alfred Koeppe, New Jersey Bell
* Brian Kahin, Harvard University
4:30 pm - 6 pm Ethics, Morality, and Criminality
* Chair: J. Michael Gibbons, Federal Bureau of Investigation
* Panel: Scott Charney, U. S. Dept. of Justice
* James Settle, Federal Bureau of Investigation
* Mike Godwin, Electronic Frontier Foundation
* Emory Hackman, Esq. (former president, Capital Area Sysops
Association)
* Don Delaney, New York State Police
6:00 pm - 7:30 pm RECEPTION
9:00 pm BIRDS OF A FEATHER SESSIONS
THURSDAY, MARCH 19, 1992
9:00 am - 10:30 am For Sale: Government Information
* Chair: George Trubow, John Marshall Law School
* Panel: Dwight Morris, Los Angeles Times Washington Bureau
* Ken Allen, Information Industry Association
* Patricia Glass Schuman, American Library Association
* Evan Hendricks, Privacy Times
* Fred Weingarten, Computing Research Association
* Franklin S. Reeder, Office of Management and Budget
* Costas Torreagas, Public Technology, Inc.
* Robert R. Belair, Kirkpatrick and Lockhart
10:45 am - 12:15 pm Free Speech and the Public Telephone Network
* Chair: Jerry Berman, ACLU Information Technology Project
* Panel: Henry Geller, The Markle Foundation
* Eli Noam, Columbia University
* John Podesta, Podesta Associates
12:15 pm - 1:45 pm Luncheon with Address: Bruce Sterling
"Speaking for the Unspeakable"
Mr. Sterling will gamely attempt to publicly present the points of view
of certain elements of the "computer community" who are not represented at
CFP-2. He will speak up for those who, in his words, are too "venal,
violent, treacherous, power-mad, suspicious or meanspirited to receive (or
accept) an invitation to attend.
2:00 pm - 3:30 pm Who's in Your Genes?
* Chair: Phil Reilly, Shriver Center for Mental Retardation
* Panel: John Hicks, FBI Laboratory
* Tom Marr, Cold Spring Harbor Laboratory
* Paul Mendelsohn, Neurofibromatosis, Inc.
* Peter Neufeld, Esq.
* Madison Powers, Kennedy Center for Ethics,
Georgetown University
3:45 pm - 5:15 pm Private Collection of Personal Information
* Chair: Ron Plesser, Piper and Marbury
* Panel: Janlori Goldman, Privacy and Technology Project, ACLU
* John Baker, Equifax
* James D. McQuaid, Metromail
* James Rule, SUNY-Stony Brook
* Mary Culnan, Georgetown University
* P. Michael Neugent, Citicorp
5:15 pm - 6:45 pm EFF Awards Reception
9:00 pm Birds of a Feather Sessions
FRIDAY, MARCH 20, 1992
9:00 am - 10:30 am Privacy and intellectual freedom in the digital library
* Chair: Marc Rotenberg, Computer Professionals for Social Responsibility
* Panel: Robert A. Walton, CLSI, Inc.
* Gordon M. Conable, Monroe (MI) County Library System
* Jean Armour Polly, Liverpool (NY) Public Library
10:45 am - 12:15 pm Computers in the Workplace: Elysium or Panopticon?
* Chair: Alan F. Westin, Columbia University
* Panel: Gary Marx, MIT
* Mark DiBernardo, National Association of Manufacturers
* Kristina Zahorik, Subcommittee on Employment and
Productivity, U. S. Senate Labor Committee
12:15 pm - 1:30 pm Lunch (on your own)
1:30 pm - 3:00 pm Who Holds the Keys?
* Chair: Dorothy Denning
* Panel: Jim Bidzos, RSA Data Security
* David Bellin, Pratt Institute
* John Gilmore, Cygnus Support
* Whitfield Diffie, SunSoft, Inc.
3:00 pm - 4:15 pm Public Policy for the 21st Century
Co-chairs: Peter J. Denning, George Mason University
Lance J. Hoffman, George Washington University
GENERAL INFORMATION
Registration
Please register for the conference by returning the Conference
Registration Form (below) along with the appropriate payment -- check,
Visa, or Mastercard. Registration fee includes conference materials,
Thursday luncheon, and receptions. The registration is $295 for ACM
members and $350 for nonmembers, $65 for full-time students. Tutorials,
$95 ($35 students).
Premium for Early Registration
While they last, a limited number of premiums are available to early
registrants on a first-come, first-served basis. Early registrants will
receive by mail a voucher which they can exchange at the conference for one
of a number of premiums. These include:
Videotapes of CFP-1 sessions
Audiotapes of CFP-1 sessions
Proceedings of CFP-1
Computers Under Attack: Intruders, Worms, and Viruses
by Peter Denning, editor
Rogue Programs: Viruses, Worms, and Trojan Horses
by Lance Hoffman, editor
"Citizen Rights and Access to Electronic Information"
by Dennis Reynolds, editor
The Cuckoo's Egg by Cliff Stoll
The Difference Engine by Bruce Sterling and William Gibson
Confessions of an S.O.B. by Al Neuharth
Cyberpunk by Katie Hafner and John Markoff
CONSIDER REGISTERING BY FAXING THE REGISTRATION FORM BELOW OR TELEPHONING
IF YOU ARE INTERESTED IN ONE OF THESE PREMIUMS. THEY WON'T LAST LONG!
Registration Scholarships
Full-time students and others wishing to apply for one of a limited
number of registration scholarships should send a request to the address
listed in the complete announcement, copies of which are available as
described elsewhere in this shorter electronic notice.
Hotel Accomodations
The 1992 Computers, Freedom, and Privacy Conference will be held at the
Loew's L'Enfant Plaza Hotel, Washington, DC. One of the finest hotels in
the city, it is just ten minutes from Washington National Airport, five
minutes from Capitol Hill. The world-renowned Smithsonian Institution
Museums are located within a few blocks.
To qualify for the conference rate of $105 single or $110 double, call
the hotel reservation line (below) and identify yourself as a CFP-2
participant. To ensure a room at the L'Enfant Plaza, reservations should
be made by February 10, 1992. After this date, rooms will be released to
the public. Hotel reservations: (800) 243-1166; (202) 484-1000 (local).
Transportation
As a participant in CFP-2, you are eligible for discounted rates as
follows: 40% off unrestricted coach fares and 5% off the lowest available
fares on specified carriers (all rules and restrictions apply). To receive
the best rate available call GW Travel (below) and make your reservations
early. Seats may be limited. Please mention that you are attending the
CFP-2 Conference. (Code C-6) GW Travel: (800) 222-1223; (301) 897-8001
(local).
Accreditation
The Second Conference on Computers, Freedom, and Privacy has been
approved by The George Washington University Medical Center for Category One
Continuing Medical Education Units.
Refund Policy
Refund requests received in writing by February 28, 1992 will be honored.
A $50 cancellation fee will apply. No refunds will be made after this
date; however, you may send a substitute in your place.
REGISTRATION FORM
YOU CAN NOT REGISTER BY ELECTRONIC MAIL. YOU MAY REGISTER BY MAIL, BY FAX,
OR BY PHONE. YOU CAN PRINT THIS REGISTRATION FORM OUT, FILL IT IN, AND
MAIL OR FAX IT. OR YOU CAN REQUEST A PRINTED BROCHURE FROM THE "BY MAIL"
ADDRESS BELOW, WHICH WILL HAVE A PRINTED ONE-PAGE REGISTRATION FORM IN IT.
YOU CAN ALSO OBTAIN THIS PRINTED BROCHURE BY ELECTRONICALLY MAILING A SHORT
REQUEST WITH YOUR NAME AND (POSTAL) MAIL ADDRESS TO cfp2@seas.gwu.edu.
* * * * * REGISTRATION FORM * * * * *
By mail: Conferences & Institutes, The George Washington University,
2003 G St. N.W., Washington, D. C. 20052
By fax (24 hrs., with credit card): Send registration form to (202)
994-7048
By phone (with credit card): (202) 994-7238 (9 a.m. to 5 p.m., EST)
Name:______________________________________________________
Title:_____________________________________________________
Affiliation: ______________________________________________
Mailing address: __________________________________________
City ____________________________ State _____ Zip _________
Country (if not USA): _____________________________________
Telephone: ________________________________________________
FAX number: _______________________________________________
E-Mail address: ___________________________________________
PRIVACY NOTE: This information will not be sold, rented, loaned, exchanged,
or used for any purpose other than official CFP-2 activities. A roster
will be distributed to attendees. Please indicate your preference:
____ Print all information above ______ Print name only
____ Print only name, affiliation, ______ Omit all above information
city, state, zip
REGISTRATION FEES:
Conference fee (check one) ___ ACM member ($295) ___ Non-member ($350)
[includes conference materials, Thursday luncheon, and receptions]
____ Student (full-time/valid ID):___ $65 (no lunch) ___ $30 (lunch)
Tutorial fee _____ Tutorial (half-day, 1 or 2 sessions, $95)
(Pick 2, 75 min. each) _____ Student (half-day, 1 or 2 sessions, $35)
Group A 9:00 a.m.
____ T(1) Making Information Law and Policy
____ T(2) Getting on the Net
____ T(3) Communications and Network Evolution
____ T(4) Private Sector Privacy
Group B 10:30 a.m.
____ T(5) Constitutional Law for Non-lawyers
____ T(6) Computer Crime
____ T(7) Modern Telecommunications
____ T(8) International Privacy Developments
Please check method of payment: Amount enclosed: $________
____ Visa _____ MasterCard ____ Check (payable to
The George Washington University)
Credit card number: ______________________________________
Expiration date: _________________________________________
Name on card: ____________________________________________
Signature: _______________________________________________
For Continuing Medical Education accreditation, give state and medical #:
* * * * END OF FORM * * * * *
The complete announcement will be mailed to you in printed form via the
postal service if you request one by telephone, fax, electronic mail, or
regular mail from
CFP - 2
Office of Conferences and Institutes
The George Washington University
2003 G St. NW
Washington DC 20052
phone (202) 994-7238
fax (202) 994-7048
email cfp2@seas.gwu.edu
-------------------------------------------------------------------------------
=====================
Voice of God Silenced
=====================
Popular Communications, Oct 1991
New York City Police detectives with the assistance of FCC agents,
arrested two New York City residents who had allegedly been interfering with
police radio communications.
Based on complaints filed by the NYPD, Engineers from the FCC's New York
City office, using mobile radio direction finding equipment, traced the source
of the interference to the residence of Noel Wo, New York, NY. Mr. Wo who
called himself the "Voice of God," challenged anyone to locate him, and
threatened to "blow away" anyone who tried to catch him.
Radio transmitting equipment allegedly used to transmit taunts, music,
and idle chatter over police emergency radio frequencies, were seized during
a search of his apartment and that of a second suspect, David Yung, New York,
NY. Both defendants were arrested and charged with obstructing governmental
administration. Other state and federal charges are pending.
-------------------------------------------------------------------------------
================================
Fraudulent Fax Gets Forger Freed
================================
San Francisco Chronicle, Dec 18, 1991
Jean Paul Barrett, a convict serving 33 years for forgery and fraud in
the Pima County jail in Tuscon, Arizona, was released on 13Dec91 after receipt
of a forged fax ordering his release. It appears that a copy of a legitimate
release order was altered to bear HIS name. Apparently no one noticed that
the faxed document lacked an originating phone number or that there was no
"formal" cover sheet. The "error" was discovered when Barrett failed to show
up for a court hearing.
The jail releases about 60 people each day, and faxes have become
standard procedure. Sheriff's Sergeant Rick Kastigar said "procedures are
being changed so the error will not occur again."
-------------------------------------------------------------------------------
====================================
Data Looted from SSA and FBI Systems
====================================
Associated Press, Dec 18, 1991
Associated Press writer Joseph Neff reports from Newark, NJ that eighteen
private investigators and Social Security Administration employees in nine
states were charged Wednesday with buying and selling confidential data
>from SSA and FBI computers. The information included earnings histories and
criminal records. The private investigators, many advertising in legal
journals, sold the information to companies. If convicted on all counts, the
defendants face maximum sentences of 20 to 150 years and multimillion dollar
fines.
-------------------------------------------------------------------------------
====================================
Taurus Poised to Clear Final Hurdles
====================================
Financial Times, Dec 19, 1991
The UK government appeared yesterday to have overcome legal obstacles to
the introduction of Taurus, the London Stock exchange's much delayed computer
settlement system. After more of a year of effort by the Department of Trade
and Industry lawyers, formal regulations were laid before parliament which
would create the legal framework necessary for Taurus. At the same time a
safeguard for personal shareholders, which had been built into the Taurus
system at the request of ministers has been dropped.
Investors would have had to quote confidential 13-digit personal
authorization codes before being able to deal in their shares. This
requirement has now been judged too cumbersome for the small amount of extra
security it would have bought. Instead shareholders will be able to tell the
registrars who maintain their shareholders only to transfer their shares after
they receive written instructions. This extra level of security will be
available only to investors who specifically request it.
The legal changes tabled yesterday are needed because share certificates
and transfer forms, currently required by law to give evidence of title and
enable a change of title to take place, will cease to be produced under the
new, paperless system of share ownership and dealing.
-------------------------------------------------------------------------------
==========================================================
Computer Database of Former E. German State Police (Stasi)
==========================================================
Source unknown, Winter 1991
An unverified report indicates that a German private detective agency that was
thought to be operated by former Stasi members bought a computer database
containing the names and salaries of 97,058 members of the Stasi in 1989. The
detective agency then pressed charges against the computer specialist who sold
them the information. The charges are not indicated, although they may be
under the strict (West) German privacy laws. If so, Stasi support for privacy
is new. In addition to their prying into the lives of (East) German citizens,
the Stasi had agents actively hacking into West German systems, including
Berlin's drivers license agency.
-------------------------------------------------------------------------------
==============================================
Recent Novell Software Contains a Hidden Virus
==============================================
John Markoff, New York Times, Dec 20, 1991
The nation's largest supplier of office-network software for personal
computers has sent a letter to approximately 3,800 customers warning that it
inadvertently allowed a software virus to invade copies of a disk shipped
earlier this month.
The letter, sent on Wednesday to customers of Novell Inc., a Provo, Utah,
software publisher, said the diskette, which was mailed on Dec. 11, had been
accidentally infected with a virus known by computer experts as "Stoned 111."
A company official said yesterday that Novell had received a number of
reports from customers that the virus had invaded their systems, although
there had been no reports of damage.
But a California-based computer virus expert said that the potential for
damage was significant and that the virus on the Novell diskette frequently
disabled computers that it infected.
'Massive Potential Liabilities'
"If this was to get into an organization and spread to 1,500 to 2,000
machines, you are looking at millions of dollars of cleanup costs," said
John McAfee, president of McAfee & Associates, a Santa Clara, Calif. antivirus
consulting firm. "It doesn't matter that only a few are infected," he said.
"You can't tell. You have to take the network down and there are massive
potential liabilities." Mr. McAfee said he had received several dozen calls
>from Novell users, some of whom were outraged.
The Novell incident is the second such case this month. On Dec. 6, Konami
Inc., a software game manufacturer based in Buffalo Grove, 111. wrote
customers that disks of its Spacewrecked game had also become infected with an
earlier version of the Stoned virus. The company said in the letter that it
had identified the virus before a large volume of disks had been shipped to
dealers.
Source of Virus Unknown
Novell officials said that after the company began getting calls earlier
this week, they traced the source of the infection to a particular part of
their manufacturing process. But the officials said they had not been able to
determine how the virus had infected their software initially.
Novell's customers include some of nation's largest corporations. The
software, called Netware, controls office networks ranging from just two or
three machines to a thousand systems.
"Viruses are a challenge for the marketplace," said John Edwards,
director of marketing for Netware systems at Novell. "But we'll keep up our
vigilance. He said the virus had attacked a disk that contained a help
encyclopedia that the company had distributed to its customers.
Servers Said to Be Unaffected
Computer viruses are small programs that are passed from computer to
computer by secretly attaching themselves to data files that are then copied
either by diskette or via a computer network. The programs can be written to
perform malicious tasks after infecting a new computer, or do no more than
copy themselves from machine to machine.
In its letter to customers the company said that the Stoned 111 virus
would not spread over computer networks to infect the file servers that are
the foundation of networks. File servers are special computers with large
disks that store and distribute data to a network of desktop computers.
The Stoned 111 virus works by attaching itself to a special area on a
floppy diskette and then copying itself into the computer's memory to infect
other diskettes.
But Mr. McAfee said the program also copied itself to the hard disk of a
computer where it could occasionally disable a system. In this case it is
possible to lose data if the virus writes information over the area where a
special directory is stored.
Mr. McAfee said that the Stoned 111 virus had first been reported in
Europe just three months ago. The new virus is representative of a
class of programs known as "stealth" viruses, because they mask their
location and are difficult to identify. Mr. McAfee speculated that
this was why the program had escaped detection by the company.
Steps Toward Detection
Novell has been moving toward adding new technology to its software to
make it more difficult for viruses to invade it, Mr. Edwards said. Recently,
the company licensed special digital-signature software that makes it
difficult for viruses to spread undetected. Novell plans to add this new
technology to the next major release of its software, due out at the end of
1992.
In the past, courts have generally not held companies liable for damages
in cases where a third party is responsible, said Susan Nycum, a Palo Alto,
Calif., lawyer who is an expert on computer issues. "If they have been
prudent it wouldn't be fair to hold them liable," she said. "But ultimately it
may be a question for a jury."
-------------------------------------------------------------------------------
======================
GTE Sells Sprint Stake
======================
USA Today, Jan 3, 1992
GTE said it is selling its 19% stake in long-distance phone company US Sprint
to majority owner United Telecommunications for $530 million. The sale ends a
partnership in which GTE and United Telecom combined their long distance
subsidiaries to create US Sprint in 1986. United Telecom said it will adopt
the Sprint name after completion of the deal, expected by the end of this
month. United Telecom Chairman WIlliam Esrey said the deal achieves a
long-time goal of total ownership of Sprint.
-------------------------------------------------------------------------------
====================
Caller ID in Chicago
====================
USA Today, Jan 3, 1992
Caller ID -- a service that reveals caller's number before the phone is
answered -- became available to most Chicago area Illinois Bell customers.
About 5,000 of 1.8 million eligible bought service, which costs an extra $6.50
monthly.
-------------------------------------------------------------------------------
==============================================
When the Phone Rings, You'll See Who's Calling
==============================================
Craig Crossman, Knight-Ridder Newspapers, Dec 26, 1991
Q. I have the new Caller ID service that displays the phone number of an
incoming call before I answer the phone. The problem is that it only displays
the number. I want to know if there is any way I can have my computer look up
the name of the person who's calling?
A. The problem with Caller ID is that it gives only the number, date and
time of an incoming call. You still don't know who the caller is.
A new product called Caller ID+Plus does just what you described and more.
It incorporates Rochelle Communications' ANI-32 Caller ID Computer Adaptor and
a special data base program that can run at the same time you are running other
programs. The 21/2-inch adapter plugs into your computer's serial port.
The provided telephone cable plugs into a standard modular phone jack. A
"T" adapter is also included, which gives you another jack to hook your
telephone into.
When an incoming call is detected, the program instantly compares the
detected phone number to your data base of up to 65,000 contacts. When a match
is detected, you are presented with all of the person's data that you have on
file, such as name, title, business and address, in a window.
The program has many capabilities. For example, you can store notes about
the call as well as notes from previous telephone conversations. You can also
display a log of all of the previous calls received from or made to the caller
including date, time and duration. All of this data is instantly displayed on
your screen before you pick up the phone.
Currently, you must manually enter names, addresses and telephone numbers
into your computer. Rochelle is planning a product that will take advantage of
commercially available telephone directories on CD-ROM. A single CD-ROM can
encompass every name, telephone number and address in the United States.
Caller ID+Plus requires an IBM PC or compatible with one available RS-232
serial port. It sells for $295. [Rochelle Communications Inc., (800) 542-8808
or (512) 794-0088]
-------------------------------------------------------------------------------
===============================================
Seized Computer Reveals Sophisticated Operation
===============================================
Mark Magnier, Journal of Commerce Nov 26, 1991
SINGAPORE -- Three U.S. software companies seized two personal computers
and various financial records in late October and early November, as part of
the raids against alleged software pirates Ong Seow Pheng and Tan Pui Fun in
Singapore.
Jeffrey Siebach, regional counsel of Lotus Development Corp., one of the
companies pursuing the case, says he received a call a few days after the raid
>from Ong's attorney.
"His lawyer called us and said, `We need all his books back because his
business has ground to a halt." After I picked my jaw up, I said, "You've got
to be kidding," Siebach said. "These guys don't see it as a moral issue at
all."
Only when the three U.S. software companies -- Lotus, Digital Research Inc.
and Novell Inc. -- turned on one of the personal computers did they realize how
sophisticated the operation was.
"We were amazed, to tell you the truth," said Siebach, who is also regional
vice president for the Business Software Alliance, an industry trade group that
initiates raids and lawsuits against pirates worldwide.
The first thing they were greeted with was a computer display that said,
"Welcome to the Ong Family of Businesses." A further search found over 450
computerized financial spread sheets with detailed sales and accounting
figures. These are being analyzed by Coopers & Lybrand, international
accountants.
Ong also had a detailed knowledge of and worked around BSA activities. For
instance, he knew the software alliance was concerned with business software
but not video game software, so its business software manuals were printed
offshore in Indonesia while its game manuals were printed in Singapore, Siebach
said. The group is investigating whether Ong had an interest in the printing
operations as well.
Ong would also write to retailers and suppliers telling them to be careful
because the alliance was active in their area, or telling suppliers to ship
only when he gave the green light.
He also had worked into his financial plan a contingency for getting
caught, Siebach said. He figured that the maximum fine in Singapore was the
equivalent of $59,172 (S$100,000) and calculated that the alliance normally
settled for damages and attorneys fees, so he had worked out a figure.
"He was ready for this," Siebach said. "It was a cost of doing business."
Ong is said to have been operating since at least 1988. As outlined, he
would acquire legitimate copies of a full range of software programs and video
games from U.S. mail-order outlets.
The original manuals were then sent to Indonesia, where they were illegally
copied and air-freighted back to Singapore as "technical manuals" for local and
regional distribution.
He sold the manuals along with a master copy to his retail customers, which
allowed them to copy off the master. One theory is that this saved him import
duties. Technical manuals face no Singapore import duties. Computer disks do.
Sources say he was able to maintain control by threatening to cut retailers
out of the lucrative trade and his access to the latest releases if they
crossed him.
The attorney adds that the operation appeared to enjoy strong loyalty from
its customers in part because of the low prices, but also because he could get
the product to market in some cases even before the legitimate dealers.
Siebach said he talked to one game distributor who had exclusive rights for
a new game that he planned to launch. Ong reportedly launched it before the
authorized dealer at a lower price, subsequently killing the authorized
dealer's market.
-------------------------------------------------------------------------------
==============================================
Computer Viruses Carry Threat to U.S.
Security, Military Admits its Systems Infected
==============================================
Bill Husted, The Atlanta Constitution, Nov 23, 1991
Military computers, including some used during the Persian Gulf War, were
infected by computer viruses that had the potential to destroy information or
bring a computer to a halt. Although the viruses proved to be more of a
nuisance than a disaster, they could have destroyed information used by
military commanders to make life-or-death battlefield decisions, Jim Christy,
director of computer crime investigation for the Air Force Office of Special
Investigation, said Friday.
Computer viruses - secretive programs designed to be electronic vandals
that damage data - are a continuing and increasing problem for the military,
Mr. Christy said. And, he added, there is the real fear that an enemy could
attack America using computer viruses capable of crippling communications and
computer systems.
There are unsubstantiated rumors that during the Gulf War viruses may have
spread to weapons that rely on computers to guide them. A virus attack on
these specialized computer systems would be very difficult. But some computer
experts, including Dr. David Stang, president of the National Computer Security
Association, said they heard rumors that the patriot missile - the high-tech
hero of the Gulf War - was infected by viruses.
The military acknowledged Friday that some of its computers - machines
identical to personal computers that are the workhorses of American business
- were infected. But Mr. Christy declined comment on whether any computer-
controlled weapon systems were affected. Mr. Christy would not say how many
military computers were infected during the war. But specialized defense and
computer publications say viruses were detected on thousands of computers.
Viruses are an increasing problem for all branches of the military, Mr.
Christy said. He said viruses discovered during the Gulf War probably weren't
planted by enemy agents. Instead, they may have come from something as
innocent as a computer game.
UNCONTROLLED SOFTWARE
"You have to remember that during Desert Shield, people were bringing
their own software from home, plus a lot of people went out and bought it," he
said. "It was a unique war. You could go out on the street and buy your own
software. And, to help morale, commanders were allowing their people to play
[computer] games."
Computer viruses are small programs that hide in another computer program
until they have a chance to duplicate themselves and move to a new computer.
While no apparent harm was done by viruses detected during the Gulf War, the
potential for disaster was great, Mr. Christy said.
"During Desert Storm, commanders made life-or-death decisions based on
information in a computer," he said. "I think it [the problems with military
computers] heightened the awareness of the viruses among Air Force commanders.
People didn't realize how necessary computers were to fight a war." And the
risk remains that viruses could be used as a weapon against military
computers, Mr. Christy said.
"I'm not sure it hasn't happened," he said. "It is awful hard to prove
intent. . . . We have so many viruses in the Air Force and some of them may be
intentional."
HOW AN ATTACK WOULD WORK
He said viruses, used by a terrorist or a foreign power, could sit and
wait for a remote signal before they do their work. "If you wanted to cripple
all the computer systems at one time, you'd wait for a certain time, and do
things like kill all of the Air Force traffic control computers," he said.
"People's lives would be at stake. Obviously an orchestrated attack would be
devastating."
Mr. Christy said computer viruses are a growing problem for the military.
"If you had asked me about it two or three years ago, I would have said that
the risk from virus was insignificant," he said. "We had two or three cases
of virus in the Air Force. But last year [they were so numerous] we had to
make an arbitrary decision that we would no longer investigate viruses [as a
crime]. We had found that in 100 percent of the cases, it was someone who had
unwittingly introduced the virus into the system."
He said, however, that while virus infections are not routinely prosecuted,
they are not ignored. A lot of the effort goes into finding ways to protect
military systems against a virus attack.
HACKERS CAN BE CULPRITS
Viruses are sometimes placed in military computers by hackers - computer
hobbyists who use their skills to break into computer systems. Hackers - who
use home computers and telephone lines to communicate with the Air Force
computer system - "routinely try to break in," Mr. Christy said. "I see
reports weekly about attempts to break into multiple systems."
The hackers have broken into computers containing unclassified
information, he said. It isn't all that difficult to do. Mr. Christy said
that he and his staff had broken into hundreds of Air Force computer systems
during exercises to test security.
Mr. Christy said that if a hacker placed a virus in any Air Force
computer, however, it might find its way into computers containing classified
information. Because of the potential that viruses have to cripple
computer-based weapons systems and disrupt civilian and military
communications, the Army has hired at least two private firms to develop ways
to defend against the viruses and to find out how to use computer viruses as
offensive weapons.
[ Editor's note: *SIGH* Isn't this the kind of sensationalistic journalism that
makes you want to toss your cookies? Some bored servicemen
discover that their IBM XT clone is infected with the "Stoner"
virus, causing them to lose their only copy of "Tetris" and
suddenly the press decides it must be a plot by 'mad hackers'
to shut down the Patriot Missile's targeting computer. ]
-------------------------------------------------------------------------------
=============================
Convicted Spy Granted Hearing
=============================
Associated Press, Jan 7, 1992
WASHINGTON (AP) A post-trial hearing will be held for an Air Force sergeant
who may not have understood the espionage charge to which he pleaded guilty,
the Air Force disclosed Tuesday. The proceeding Friday relates to the court
martial of Sgt. Jeffrey M. Carney, who admitted helping East German agents spy
on U.S. diplomats and military commanders in Berlin. He was sentenced Dec. 3 to
38 years in prison. Chief Trial Judge James Heupel ordered the court session.
The inquiry in a military courtroom at Andrews Air Force Base in Maryland
is
to ensure that Carney understood the espionage charge and his guilty plea to
it, the Air Force said in a statement. Carney also admitted copying classified
documents and passing them to the East Germans. He pleaded guilty to desertion
and conspiracy to commit espionage in addition to espionage.
Carney was a linguist and communications specialist at Tempelhof Central
Airport in Berlin, assigned to an electronics security group. In April 1984, he
was transferred to Goodfellow Air Force Base in Texas, a base for training
intelligence and communications specialists.
He deserted in 1985, defecting to East Germany. There, he intercepted,
translated and transcribed telephone calls of U.S. military commanders and
embassy officials stationed in Berlin, the Air Force said. Carney was arrested
last April 22 at his residence in what used to be the Soviet sector of Berlin.
------------------------------------------------------------------------------
==================
PC Virus Blackmail
==================
Information Week, Dec 16, 1991
A bizarre British court case involving computer viruses has pointed up
the vulnerability of users with careless policies on PC software. Hearing the
case of a U.S. scientist accused of computer blackmail late last month, the
court granted a stay after lawyers successfully argued that the defendant,
Joseph Popp, 41, was mentally ill. Popp was facing 11 charges of damaging
computer systems and attempting to obtain a total of 6 million pounds ($10.7
million) through blackmailing numerous medical institutes worldwide around
Christmas 1989.
Popp is alleged to have mailed more than 20,000 floppy disks to the
research institutes. He promoted the disks as containing valuable information
about AIDS. But the disks themselves contained a software virus, which has
since also been dubbed AIDS. When users tried to access the disk, they got
messages demanding 200 pounds (about $350) to eradicate the virus that had just
infected their systems.
Popp was extradited to the United Kingdom, where a chorus of scientists
>from universities and research institutes claimed that their software had been
damaged when the disks were loaded onto their systems.
One organization that fell foul of the virus was the Imperial Cancer
Research Fund in London. Dr. Ron Catterall, director of the fund's computer
research unit, was called as a witness for the prosecution. Catterall was
smart: He loaded the disk onto his stand alone PC rather than the network, and
warned other users as he discovered the virus. `It took a long time to find
out what was going on, and to clean up my machine,' he said. `It eventually
started overwriting the hard disk.'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Informatik Submission & Subscription Policy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Informatik is an ongoing electronic journal, and thus we are faced with
the ever present need for a steady influx of new material. If you have an
area of interest or expertise that you would like to write about, please do
not hesitate to contribute! We depend on reader submissions, especially for
the "Hot Flashes" news reports. We do ask that any submissions fit the
following guidelines...
General Content
~~~~~~~~~~~~~~~
Material for Informatik should concern information of interest to the
computer underground community. Examples of this include, but are by no
means limited to hacking and phreaking, governmental agencies, fraud,
clandestine activity, abuse of technology, recent advances in computing
or telecommunications technology, and other of information not readily
available to the public. Please include a title and author name.
Text Format
~~~~~~~~~~~
* standard ASCII test
* 79 characters per line
* no TAB codes
* no special or system specific characters
* mixed case type
News submissions
~~~~~~~~~~~~~~~~
* Submit only recent news items
* Include the headline or title of the article
the author's name (if given)
the publication of origin
the date of publication
Subscription policy
~~~~~~~~~~~~~~~~~~~
We are happy to provide an Internet based subscription service to our
readers. To be on our mailout list, send mail to our Internet address,
"inform@doc.cc.utexas.edu" and include the word subscription in the subject
of your message. If you requested a subscription before, you need to reply
again, because the old subscription list was deleted by MH.
/* End; Issue 02 */