Copy Link
Add to Bookmark
Report

Chaos Digest Volume 01 Numero 72

eZine's profile picture
Published in 
Chaos Digest
 · 4 years ago

  

Chaos Digest Dimanche 11 Juillet 1993 Volume 1 : Numero 72
ISSN 1244-4901

Editeur: Jean-Bernard Condat (jbcondat@attmail.com)
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere

TABLE DES MATIERES, #1.72 (11 Juillet 1993)
File 1--Telephoner partout gratuitement avec Northern Telecom (PBX)
File 2--L'ordinateur fait une erreur de 42 millions de FF (actualite)
File 3--ThoughtCrime, le board le plus "virus" des USA (BBS)
File 4--Schema d'un indicateur d'occupation telephonique (technique)
File 5--3e edition du "Dir. of Electronic Publications" (presse)
File 6--Critique de "Computer Virus Crisis", Fites/Johnston/Kratz (critique)

Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost by sending a message to:
linux-activists-request@niksula.hut.fi
with a mail header or first line containing the following informations:
X-Mn-Admin: join CHAOS_DIGEST

The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070)
or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P.
155, 93404 St-Ouen Cedex, France. He is a member of the EICAR and EFF (#1299)
groups.

Issues of ChaosD can also be found from the ComNet in Luxembourg BBS (+352)
466893. Back issues of ChaosD can be found on the Internet as part of the
Computer underground Digest archives. They're accessible using anonymous FTP:

* kragar.eff.org [192.88.144.4] in /pub/cud/chaos
* uglymouse.css.itd.umich.edu [141.211.182.53] in /pub/CuD/chaos
* halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos
* ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest
* cs.ubc.ca [137.82.8.5] in /mirror3/EFF/cud/chaos
* ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos
* nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos
* orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos

CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited.
Some authors do copyright their material, and they should be contacted for
reprint permission. Readers are encouraged to submit reasoned articles in
French, English or German languages relating to computer culture and
telecommunications. Articles are preferred to short responses. Please
avoid quoting previous posts unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.

----------------------------------------------------------------------

Date: 27 May 93 03:59:59 GMT
From: jbcondat@attmail.com (Jean-Bernard Condat )
Subject: File 1--Telephoner partout gratuitement avec Northern Telecom (PBX)
Repost from: telecom13.356.5@eecs.nwu.edu

In France, I note that Northern Telecom continues an uncredible
progression in the number of PBXs installed. NT will be present on the
MATRA logo since some months.

Some people have asked me how to prevent a phreaking process that will
be described:

(1) Go to a public phone in the street; never use your own private phone;

(2) Dial a "numero vert" (equivalent of the 800 phone number) that go on
a NT' PBX and wait for the vocal message of the Meridian Mail system.
You can found this "numero vert" on all ads in newspaper for the greatest
PBX: SNCF (train), VITTEL (water), Canal+ (TV), BARCLAYS (bank),
EuroDisney (games), Microsoft (softwares), etc.

Note that this phone call will be gratis!

(3) As soon as you have the vocal message, dial "0" then "*" for
having the automatic dial service;

(4) Dial "0" and your asked phone number ended by "#"... some seconds after
you have your communication!

How can I suppress this un-credible fonction of Meridian Mail?

[Moderator's Note: The answer probably lies in the voicemail part of
the connection rather than the PBX itself. Somewhere in the mailbox
system is a box whose disposition is to connect to an outside line.
You need to disable that box, or at least get it disassociated from
the '0*' access, which so many people seem to know about. PAT]

+++++

Date: Fri May 28 23:24:35 -0500 1993
From: Joe.Bergstein@p501.f544.n109.z1.fidonet.org (Joe Bergstein )

* Reply to message in "COMP.DCOM.TELECOM"

You have encountered a known problem with NT Meridian Mail. I am a
telecommunications consultant. Last year, a client of mine, lost
over USD$20,000 to fraud from this same problem. Unfortunately, until
this past year, NT systems were shipped with default parameters which
allowed this to happen.

You must contact NT or the company that provides maintenance for the PBX and
Meridian Mail to have programming changes made immediately. I don't remember
all the changes, but they should have bulletins which state the required
changes. The most critical is one to prevent trunk to trunk calls: that is,
a call comes in on one trunk via Meridian Mail, and then goes out another
trunk based on the scenario which you mentioned in your message. Changing
these parameters will prevent this from occuring.

In the U.S. these Northern Telecom Meridian systems were notorious for being
the object of hacker and phone phreaking attacks which cost businesses
millions of dollars.

Please feel free to contact me if you need more information.
Good luck!

Joe Bergstein
301.593.6350
301.681.3227 FAX

+++++

Date: Sun Jun 6 21:19:36 EDT 1993
From: fmckeown@rosedale.org

Regarding your issue of Meridian Mail using the 0 key and then entering a
extension number followed by the # sign i read in the Internet, do you know
what release of Meridian Mail you experience this ability on?

Have you ever received a answer from Northern about this item?

On a different subject do you know if there are any discussions groups on
the Internet or Compuserve dealing with Northern Telecom, and/or Voice
Mail/Processing?

+++++

Date: Mon, 31 May 1993 08:54:42 -0400
From: vances@xenitec.on.ca (Vance Shipley )
Organization: Xenitec Consulting, Kitchener, Ontario, CANADA
Repost from: telecom13.369.3@eecs.nwu.edu

[...]
Meridian Mail has not had any blocking for transferred numbers
installed in these cases. It is a simple matter to restrict the
numbers which can be dialed after you dial the zero (which requests
transfer service). The Meridian Mail system does not (or did not, I
think they changed) come with any restrictions as a default. The
installers should ensure that any trunk access codes are restricted.
Many PBX vendors have been sued for not having given this proper
attention.

+++++

Date: Mon Jun 28 22:26:00 -0400 1993
From: lester.hiraki@canrem.com (Lester Hiraki )

I spoke to you on the phone a few days ago; you asked if I could
send you a reply via email.

Basically, the administrator of the Meridian Mail system should
choose voice security options and set the permission and restriction
codes appropriately. The details of this should be covered in
the documentation that came with the system.

If you are having trouble, you should call you local ETAS (Emergency
Technical Assistance Service) support.

If you can give me more information about the specifics, I can try
to obtain more info. Do you have a Meridian Mail system yourself?
Who would be asking you these questions?

lester.hiraki@canrem.uucp

[ChaosD: dans sa reunion du 10 Juin dernier, le groupe de travail no. 5
de la FSUA (Association Francaise des Utilisateurs de SL1) notait laconi-
quement dans le compte-rendu "Tentative de fraude sur la messagerie vocale:
ce probleme est resolu par des verrouillages des messageries a la mise en
service"...]

------------------------------

Date: Tue, 29 Jun 1993 05:34:07 GMT
From: infoparc@teaser.email.com (InfoParc Assistance )
Subject: File 2--L'ordinateur fait une erreur de 42 millions de FF (actualite)
Copyright: Le Journal du Dimanche, 13 Juin 1993


L'ordinateur a fait des heureux
Philippe Jechoux, Vesoul

UN INCIDENT informatique a permis aux 22.000 ayants droit de la Caisse
d'allocations familiales de Vesoul de toucher deux fois, a quelques jours
d'intervalle, leur pension pour le meme mois de prestation. Un couac qui a
provoque de multiples problemes, d'abord pour la Caisse departementale, qui
a soudain decouvert un trou de 42 millions de francs dans son budget mensuel.
Mais aussi pour les allocataires.

Si ces heureux beneficiaires ne se sont pas alarmes outre mesure de ce
double paiement miraculeux, la Caisse departementale a en effet entrepris de
recouvrer le trop percu. Et aujourd'hui, l'heure des comptes a sonne pour
une bonne partie des usagers qui se sont empresses de depenser les sommes
indument encaissees le 24 mai. Toutes les banques de la Haute-Saone assurent
toutefois qu'elles deront preuve de clemence envers les titulaires de comptes
subitement passes dans le rouge. "Nous avons recu des instructions pour
observer une certaine bienveillance en matiere de suspension ou de rejet
d'operations consecutif a cet incident", souligne-t-on a la Banque de France
de Haute-Saone.

Quant a la cause de la bavure, elle reste officiellement inexpliquee.
Mais il s'agirait d'une anomalie de fonctionnement intervenue dans les
services charges de gerer les multiples operations de transfert de fonds entre
l'administration et les usagers: une disquette renfermant un million
d'operations precodees se serait perdue...

[ChaosD: Ni M. Roland Vivien, Directeur de la CAF de Vesoul, ni M. l'Adminis-
trateur General de la CNAF a Paris n'ont repondu a nos courriers. Cette
erreur porterait en fait sur plus d'un million de transactions entre la Banque
de France et le GSTI (Groupement des Services de Transactions
Interbancaires)].

------------------------------

Date: Wed Jun 30 09:50:06 EDT 1993
From: foobar@bronze.lcs.mit.edu (Jason Farnon )
Subject: File 3--ThoughtCrime, le board le plus "virus" des USA (BBS)


Hello, Jason Farnon here. I picked up chaos digest from eff.org and found
it of some intrest. Anyways, I have put up an h/p board in boston (617) -599-
7154 called ThoughtCrime. All kinds of textfiles on the underground 2000+
(and i'm just up) and I also have almost 600 (or was it 550) viruses offline
I have to put online plus 113 files from the computer virus catalog. My
board has not been up a long time, But I noticed that you don't have a
definate chaos distribution site in america for people who cannot access the
net. i am proposing my board. Give it a call. I could get more press, and
am very intrested in viruses. There are some people around here who are very
knowlegable in them. Also my board is part of the cDc K-C0W Force. Anyways,
get back to me. thanks for you consideration. (give the board a call) Jason
Farnon...

[ChaosD: J'ai essaye de me connecter depuis Lyon sans la moindre reussite.
Voici la banniere que j'obtiens:

+++++
ThoughtCrime
pppppppppppp

Front
----x----x----x----x----x----x----x
(1) - enter remote system
(2) - subscribe
(3) - disconnect
----x----x----x----x----x----x----x



input/>

+++++

ThoughtCrime's Description


ThoughtCrime is a little board I put up in Boston (617 AC) not
too many moons ago. I was asked to speak about it a little since
it will be distributing the Chaos archives to the members of the
community in the United States who do not have access to the internet.
ThoughtCrime is a place where the underground community of Boston
(and the rest of the world) is welcome to meet and thrive. There are
no rules. Well maybe just one. That warez fever should not be aloud
to take control of the board. That isn't so hard to follow. I am
hoping to have active discussion on the internet, hacking, and telephony
in general. Most of the files are the generic ones you can get off the
net, but there is some good stuff. This is by no means a complete
list, as I have so much more to put up.

h/p binary
virus/trojan/bomb (500+ but not much compared to other boards)
source (C Source for unix programs)
phrack
uXu
cDc
ati
nia
eff
cud
chaos
virus-l digest 1988
virus-l digest 1989
virus-l digest 1990
virus-l digest 1991
virus-l digest 1992
virus-l digest 1993
computer virus catalog 1.2
worldview
syndicate reports
various publications
toxic custard workshops
durex blender corporation
m00se droppings
scans
hacking
phreaking
carding
anarchy
drugs
papers/news
networks
internet
word lists
law
images
misc

We are also part of the Cult of the Dead Cow Global Domination Factory
Direct Outlet. Although my system is loaded with files, I hope for the
system's emphasis not to be on the transfer section. But if you're looking
for fed gifs, we got them! Perfect size for pin ups in all sorts of
handy places. Oh and please, please don't take it seriously. You're
liable to get hurt.

ThoughtCrime
617.599.7154
cDc K-C0W Force
Chaos Digest

"What a long, strange trip its been."

------------------------------

Date: Tue May 25 12:26:00 EDT 1993
From: SJS132@PSUVM.PSU.EDU ("Wish-Bringer (Steve Shimatzki)" )
Subject: File 4--Schema d'un indicateur d'occupation telephonique (technique)


Well, I saw that a few people wanted to BUY a indicator for their extentions
to show when it was busy ... BUT ... for those that would rather build one,
and save the dough, then here are the plans.

*Note* : I'm not responsible if you hook it up wrong ... I did it, and it
works fine. Also, I origanally go it out of a magazine, which I have long
lost... but it was published. I don't have an address to write to, to ask
for permission to post it here. If you don't like it, buy the magazine.
I at least did have the name of the author, and do give him full credit.

Anything I left out??? Oh yeah, there is one place that almost looks like
two lines shoud be connected ... DONT. It is actually overlapping (ie, a
jumper) and could cause problems. That's why, if two lines are connected,
I use 'o' indicate a connection.

Well, thats it ... enjoy, and watch out when stripping those phone wires...
you can get a nasty jolt if you do it with your TEETH! (like me!)


Phone Line "Busy" indicator

Taken out of Modern Electronics
November. 1988

Written by: Robert M. Harkey

(I only wrote it up, and condensed it.)


This little circuit is VERY nice to have, especially if you use a
MODEM on a multi-Extention line. It is small enough to be built on a
small circuit board, and then added to the phones on the extension
(PUT IT INSIDE THEM! Its neater and better for the reliability of the
circuit. Compared to if you had the wires hanging out where they can
be ripped out of the phone by a cat or small child.)

Here's the Circuit:

Note:
o is for where a connection |-----------+
has been made... R4 /c |R5
_____/\/\/\___|b <-Q2 /\/\/\
| \e |
R1 /b | ---
o-----/\/\/\/\----o-----|c <-Q1 | Led1
| \e | |
to R3 | |----------------|-----------o
phone /\/\/\/\ | |
| | |
R2 | | |
o----/\/\/\/\-----o------------------------o----|:|:|--+
B1

What does all that mean? Well, here is a list of parts...

R1,R2 : 2.2M ohm Resistors

R3 : 330K Resistor

R4 : 33K Resistor

R5 : 220 ohm Resistor

Q1 : NPN Transitor#> 2N3906

Q2 : NPN Transitor#> 2N3904

B1 : 3V external battery supply (2x AA batteries)

Led1 : General purpose Light emitting diode


All can be found at Radio Shack...

For Beginners:

One particular thing to note: On Q1 and Q2, When I drew them above, it
was hard. So I labeled each with their corresponding E - C - B...
What is ECB?? It stands For Emitter, Collector, Base. I hope I did
them right, Its been a while, and I wasn't sure, but basically, if you
get the right transistor number you don't have to worry, just put it
in the circuit with the E being the little ARROW coming off of the
picture on the back of the Transistor pack.

Good Luck...

FYI
+---

I don't know about in France, I have no experience hacking away at French
phones, so I don't know if the same voltages and such would apply.

Also, I got mine from a Electronics Magazine, so if you printed it, you would
have to get permission from the Magazine itself, I do believe that the
interest overwhelmed the digest people at the time and in an effert to help
everone out, I my have put a disclaimer at the start of the article about it
being published WITHOUT their consent.

If you would like information as to the Magazine I got it and such, or would
like me to PhotoCopy you the article, just send me a SELF-ADDRESSED-AND-
STAMPED-ENVELOPE, and I will send it out to you. Please include the proper
postage to get it from the States to you, in France.

+---------------- + ---------------------------------- + ------------------- +
|Steven Shimatzki-| InterNet : SJS132@PSUVM.PSU.EDU | I'm Batty for Bats |
|Rd# 1 Box 20-A | -or- : SJS132@FERT1.FE.PSU.EDU +---------------------+
|Dunbar, Pa 15431 | Cavers Need Friends Too! | NSS: 36421 |
+---------------- + -----------------------------------+-------------------- +

------------------------------

Date: Wed May 26 07:56:56 EDT 1993
From: ann@cni.org (Ann Okerson )
Subject: File 5--3e edition du "Dir. of Electronic Publications" (presse)


Responding to the library and academic communities' increasing use of and
interest in the burgeoning number of electronic publications, the Association
of Research Libraries is publishing the third edition of the hard-copy
Directory of Electronic Journals, Newsletters, and Scholarly Discussion Lists.

With the extraordinary expansion of microcomputers and linked networks as
vehicles for scholarly exchange, the problem of how and where to find various
academic forums grows continuously. Although many journals, newsletters, and
scholarly lists may be accessed free of charge through Bitnet, Internet, and
affiliated academic networks, it is not always a simple chore to find what
is available.

The new edition of the Directory is a compilation of entries for 1152
scholarly lists and 240 electronic journals, newsletters, and related titles
such as newsletter-digests -- an increase in size of close to 60% since the
second edition of March 1992 and nearly 2.5 times the size of the first
edition of July 1991. The directory provides specific instructions for
electronic access to each publication. The objective is to assist the user
in finding relevant publications and connecting to them quickly, even if he
or she is not completely versed in the full range of user-access systems.

Author/compiler of the journals and newsletters section is Michael
Strangelove of the University of Ottawa. Diane Kovacs of the Kent State
University Libraries, continues to lead the KSU team -- nine individuals who
collaboratively created the third edition's scholarly discussion lists and
interest groups section. The ARL directory is derived from network-accessible
files maintained by Strangelove and Kovacs. The directory points to these
files as the authoritative sources.

The third edition is produced in 8.5 x 11 paperbound format. Scholarly lists
are grouped by broad subject areas, and journals and newsletters are in
alphabetical order. In a new enhancement, a substantial index of keywords,
titles, and institutional affiliations is provided. As in the previous two
years, front matter of value to electronic serial readers is included. Again,
a scholarly article on networked scholarly publications leads (James J.
O'Donnell, University of Pennsylvania with aprovocative view of "St. Augustine
to NREN"), followed by bibliographies commissioned from David Robison,
University of California at Berkeley Libraries and an editor of the e-journal
Current Cites, on electronic publishing; and Michael Strangelove on electronic
networking.

Finally, a widely felt need is addressed by inclusion of the standard format
for citation of electronic serials, bulletin boards, and electronic mail.
This was prepared by the National Library of Medicine and is now accepted for
use among many scholars and scientists wishing to make adequate reference of
networked information.

The Association of Research Libraries is a not-for-profit organization
representing 119 research libraries in the United States and Canada. Its
mission is to identify and influence forces affecting the future of research
libraries in the process of scholarly communication. ARL programs and services
promote equitable access to, and effective use of recorded knowledge in
support of teaching, research, scholarship, and community service. These
programs include annual statistical publications, federal relations and
information policy, and enhancing access to scholarly information resources
through telecommunications, collection development, preservation, and
bibliographic control. The Office of Scientific and Academic Publishing works
to identify and influence the forces affecting the production, dissemination,
and use of scholarly and scientific information.


DIRECTORY OF ELECTRONIC JOURNALS, NEWSLETTERS, AND ACADEMIC
DISCUSSION LISTS (ISSN: 1057-1337), Third Edition, April 1993

To order, contact:
+------------------

Gloria Haws
Publications Manager
Association of Research Libraries
21 Dupont Circle, Suite 800
Washington, DC 20036
Voice: 202-296-2296
Fax: 202-872-0884
E-mail: osap@cni.org


ALL ORDERS MUST BE PREPAID in US DOLLARS. Price per copy: $42 US
plus postage, shipping, and handling: $ 5.00 USA, $ 8.00 CANADA, $12.00
EUROPE (air mail), $15.00 OTHERS (air mail).


Note Bene
+---------

1. Some copies of the 1992 edition are available for sale at a reduced price.

2. A diskette version will be available. Contact us for price and details.

3. Special prices for orders of 5 copies or more and Special prices for the
119 libraries which are members of the Association of Research Libraries
are available. Please contact us for these.

------------------------------

Date: Fri Jul 9 13:07:00 -0600 1993
From: roberts@decus.arc.ab.ca ("Rob Slade, DECrypt Editor, VARUG NLC rep )
Subject: File 6--Critique de "Computer Virus Crisis", Fites/Johnston/Kratz
Copyright: Robert M. Slade, 1993


Van Nostrand Reinhold
c/o Nelson Canada
1120 Birchmont Road
Scarborough, Ontario
M1K 5G4
416-752-9100
fax: 416-752-9646
The Computer Virus Crisis, 2nd edition, 1992; Fites, Johnston, Kratz
ISBN 0-442-00649-7

For its professional appearance and impressive credentials, this work is an
unfortunately sloppy and undisciplined approach to the problem. The looseness
of the book starts with the definition of a virus: it really doesn't have one.
There is a section of the introduction entitled "What is a computer virus",
but, having stated that they prefer the Cohen or Adelman definitions (without
quoting them), quoting the Podell/Abrams definition, and meandering around
the related terms such as worms and trojans, no definition is ever finalized.

The book tends to read in a schizoid fashion. It often contradicts itself,
again starting the with definition, where a "buggy" program which submitted
jobs to the queue too frequently is first used as an example of a virus, and
then is said to contradict the definition of a virus. Page ten gets points
for stating that downloaded software is probably safe; page sixty loses them
all again by stating that "bulletin boards present the greatest exposure to
computer viruses"; and the very next sentence on page sixty states that
bulletin boards are less risky than other means of obtaining software. Page
62 mentions the rumour that a virus was spread via email, dismisses CHRISTMA
and the Internet Worm as non-viral, and then pooh-poohs the concept.

A mainframe, and corporate, bias is quite evident in the work. Mainframe
professionals are said to know what viral programs are, and to be "ethical".
(The more corporate of the computer and data processing associations are also
given credit for the lack of mainframe viri.) However, this bias seems to
preclude an accurate knowledge of personal and microcomputers. DOS (obviously
referring to MS-DOS) is said to have "completely overwhelmed CP/M is the late
1970's" in spite of the fact that the PC wasn't marketed until 1981. Apple
Corporation is credited with the invention of the "GUI" (and the Mac Toolbox
is credited with the success of Mac viri, in spite of the fact that the
Toolbox is primarily concerned with the user interface).

A number of myths are presented as fact. The recommended procedure for virus
cleanup is a low-level format of the disk. "Physical damage" is listed as one
fo the symptoms of a virus. A very odd list of non-viral computer attacks
contains the "salami scam" (siphon off fractions of a penny) urban legend.

As with the Feudo book, almost half of the pages in this work are a reprint of
the Hoffman Summary List (in this case "dated" January, 1991, but "copyright"
1990). Graphics are used to take up additional space: a number of the figures
are used several times over, without ever really adding anything to the
understanding of the subject under discussion at the time.

It is very hard to find anything to recommend in this book. At best, the naive
reader will be confused by the meandering nature of the text and the self-
contradictions contained in it. For every positive statement (such as the fact
that computer retail and repair shops are a source fo infections), there is
nonsense such as the statement that when you discover the identity of the
author of malicious software, you have a legal basis for action. (As a
counter example, the AIDS trojan is thoroughly covered in this book, and we
have recently learned that Popp's case was dismissed in Britain, although he
was found guilty, in absentia, in Italy.)

+++++++++++++++ ______________________
Vancouver ROBERTS@decus.ca | | /\ | | swiped
Institute for Robert_Slade@sfu.ca | | __ | | __ | | from
Research into rslade@cue.bc.ca | | \ \ / / | | Mike
User p1@CyberStore.ca | | /________\ | | Church
Security Canada V7K 2G6 |____|_____][_____|____| @sfu.ca

------------------------------

End of Chaos Digest #1.72
************************************

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT