Issue 9 Volume 2
* * * T H E A B U S E R * * *
Contents:
Disclaimer.....
Letter From The Editor.....
CAFBL News.....
Crashing A Renegade BBS by Kamui.....
Underground News.....
Social Engineering Bell Atlantic by Swallow.....
Qwik Trix.....
The Underground Art Of Encryption by Key Master.....
Too Many Snoops by Spooky.....
DISCLAIMER:
I nor any other person involved with the writing, programming, or
distributing of THE ABUSER take no responsibility for the person(s)
that read or obtain this magazine. The information in this magazine is
SOLELY for informational purposes only and anything described in this
magazine SHOULD NOT be attempted, since some material is ILLEGAL.
Furthermore, I nor any other person involved with THE ABUSER DO NOT
guarantee all or any information published in this magazine to be
one-hundred percent true and/or effective.
LETTER FROM THE EDITOR:
Well we are just about back on track now. CAFBL had a little stir up
but we have put that all behind us and are trying to get back on
schedule because, as you probably know, we are behind once again.
Hopefully all the rumors that have been going around about me have
been put to rest. I have heard a lot of strange stories going around.
I hope people don't believe everything they hear.
CAFBL NEWS:
Before I do anything else I would like to thank Black Francis and his
BBS, Goat Blowers Anonymous, for becoming the unofficial WHQ for CAFBL
until we find one. Everyone seemed to flock to his BBS to communicate
because it is the best BBS in the 215/Philadelphia area. Thanx again!
We had another little scare inside of CAFBL. Spiff had said for some
time that he was no longer going to be a CAFBL member. Well, with
everyone saying that THE ABUSER just wouldn't be the same without him,
he has decided to stay. Rush 2 has left CAFBL. Differences in opinion
with other members within the group have caused him to leave. With
the leaving of Rush 2 we thought it appropriate to have some other
members join in his place. Treason and ViRUS are now part of CAFBL.
They are both writers. You may have seen some of Treasons work in a
mag called BTR. We would like to welcome both Treason and ViRUS into
CAFBL. Look for some work from them soon. CAFBL will be making a few
changes in the months to come. By issue number 10 I hope to be a
tightly nit group. Some contact was lost with members when THC went
down, but most members have found a way to communicate. We now
officially have a WHQ. It's Kamui's BBS, Pyshcotic Reflections.
CRASHING A RENEGADE BBS BY KAMUI:
_intro_
While i think Renegade is the best BBS software out there,
there are still lots of bugs. Most of these bugs that i have found
have to do with MCI Code Support. Cott Lang is pretty stupid to allow
MCI access all over the board... Anyway, i will show you an example
of how to crash a RG board with MCI codes.
_the^juicy^stuff_
Logon as a Newuser and put your handle as "HA%UN". Then fill
out any info you want for the other questions. Now after you answer
all the questions and enter your new password, it will go to the
NEWINFO.MNU which on most boards will display an ansi file that shows
your stats just in case you typed in the wrong thing. Now when Renegade
displays your Handle it will scroll
HaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHa
HaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHa
HaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHa
all over the screen. You probably know why by now, but i will explain
anyway. It's because after renegade displays "Ha" for your handle, it
will then display the MCI Code for Handle and will be in an infinite
loop. The SysOp can't just hang up on you, he must Reboot the computer
completely (and if you're lucky, maybe he'll get some lost clusters).
Now you can do this same method with any of the other
questions. They all have MCI codes of their own.
And remember to do this late at night or early in the morning
when the sysop isn't around so he doesn't know how you did it. He will
see from the sysop logs that there was a newuser logon, but since you
didn't actually save the information, it won't write what handle you
entered in. He might put in an NUP after a while, buy hey, it's gets a
little old after entering it on the same board all the time...
* Now how the fuck do i prevent lamers from doing this to _MY_ board?
That's simple. Just edit the ansi that you have for the
NEWINFO.MNU that displays the person's info and take out all the MCIs.
Just write the options to change the info, but don't show the info
that they wrote in. That ansi should be the only place it displays the
person's handle in the new user process, unless you give the user
access to your board right when they apply. Then you're fucked... It
is pretty annoying for the users, but it's the only thing to do, and
is worth it when you wake up at noon and find that your computer was
scrolling "Cafbl Rules" all over the screen since 5 in the morning.
Another method to keep your board from being crashed is the
TRASHCAN.TXT file. This is an option for Renegade that Cott Lang
didn't write in the Doc files. You see, if you make a file called
TRASHCAN.TXT and put it in the Renegade MISC directory, then you can
specify what user names you don't want. This is also helpful to find
out if someone tried this method of crashing on your board, because it
will write the following in the Sysop.Log if a name on the list was
entered -
* New User Logon
Unacceptable Name: HA%UN
You can't just write "%" in this file, because it only checks
that the whole Handle isn't blacklisted. (maybe cott _did_ make it for
blacklisting, but didn't want warez pups to know about it). You can
plainly see when you hex edit the RENEGADE.OVR file that under the
question "Enter your New Handle", it says TRASHCAN.TXT.
UNDERGROUND NEWS:
Man Charged With Phone Scheme
It was a report of a suspected drug deal in the 7-11 parking lot that
brought Haverford police to the scene. What they found instead - two
men pouring over a chapter in The Whole Spy Catalog called, "How to
Locate and Tap Any Telephone" - was a lot more interesting. From that
discovery last week, police and federal authorities have developed an
investigation into high-tech fraud. One of the two men, Edward
Elliott Cummings, 33, has been arrested and charged with two counts
each of unlawful use of a computer and possession of devices for theft
of telecommunications. In the Villanova room where Cummings had been
staying, police said, they found evidence of a "large-scale operation"
in which Cummings allegedly had been "cloning" cellular phone numbers
and converting speed dialers into "red boxes" that can make free calls
from pay phones. When the police encountered Cummings at the 7-11 on
Eagle Road, he was preparing to sell one of those speed dialers and
the crystals that are used to convert them, police alleged. The second
man, who was not arrested, had traveled from Florida to buy the
device, according to a police affidavit. Two days later, after
speaking with a Secret Service agent about the legality of the
devices, Haverford police arrested Cummings. They said they found him
repairing a personal computer in a home on the 100 block of North
Concord Road in Marple Township. When they searched him, police said,
they found a modified speed dialer in his wallet, which led to the
second set of charges. The secret service is still working with
Haverford officers on the investigation, but Cummings has not been
charged on the federal level, agent-in-charge Ernie Kun said
yesterday. Cummings is being held in Delaware County Prison on
$100,000 bail. While searching the room where Cummings stayed in a
home on Panorama Road in Villanova Thursday, police said they seized
several hundred speed dialers, computer software, cellular phones, and
thousands of computer chips and crystals. They also found books
describing computer crimes and hacking, as well as literature related
to bomb-making, said Haverford Police Sgt. John Walsh. Cummings
apparently moved to Villanova after a falling-out with a landlord in
Broomall. The former landlord, Charles Rappa of Broomall, said he
found eight to 10 sticks of dynamite in the house after Cummings moved
out in October. He also found various "how-to" books. "I got a whole
pile of them that he left here [such as] How to Kill Somebody With
Poison, How to Get Around the Credit Card System," Rappa, who is a
Realtor in Glenolden, said yesterday. "'Two Christmases ago, he was
boasting that he could tap into TWA and get a free ticket. I said,
'What do you mean?' So he went up to his computer and he was able to
access TWA." With that, Cummings was off to pick up his ticket to
Morocco from Philadelphia International Airport - and Rappa did not
see him for the next two weeks, he said. "For a man who didn't work,
he lived pretty good," Rappa said. "When he came to live here five
years ago, he worked for a computer company, and they let him go. He
said he was going to just freelance. He was going to buy himself a
computer." Rappa said Cummings often locked himself in his room for
long periods.
Computer Hacker Gets Prison Term
Los Angeles - A computer hacker who admitted rigging radio call-in
contests to win luxury automobiles, Hawaiian vacations and thousands
in cash was sentenced yesterday to 51 months in prison. Kevin Lee
Poulsen was also ordered by U.S. District Judge Manuel Real to pay
$58,000 in restitution and serve three years supervised probation upon
his release. Prosecutors called the sentence the harshest ever given a
computer hacker. Poulsen, 29, faces additional charges of stealing
classified Air Force communications.
Bomb Made From Info From Internet
Cape Girardeau, Mo. - A bomb found in a teen-ager's bedroom was made
with information gathered from the Internet, police said yesterday.
The boy's father found the bomb and brought it to police headquarters
in this southeast Missouri town Wensday. "It was a fairly
sophisticated device, constructed of gun powder and gasoline with
Styrofoam melted into the gasoline," said Police Chief Howard Boyd. "It
formed a napalm-like substance that will stick to you and burn." The
case was still under investigation and the boy had not been charged,
Boyd said Monday. He declined to release the youth's name or exact
age.
Bell Atlantic Nears Video
Washington(AP) - Bell Atlantic Corp. cleared a crucial regulatory
hurdle Friday in its plans to become a cable television provider. The
Philadelphia-based company said it received a waiver from a consent
decree that broke up AT&T in 1984 that will allow it to transmit video
and other signals across local telephone boundaries. U.S. District
Judge Harold Greene, who administers the decree, granted the waiver.
Cell Phone Venture
Bell Atlantic Corporation (BYSE:BEL) and NYNEX Corporation (NYSE:NYN)
recently announced plans to combine their cellular operations,
creating a new national wireless company that will operate in seven of
the top 20 cellular markets, with a total population of 55 million.
The combining of the cellular companies is scheduled to be completed
this quarter. Thomas A. Bartlett has been named president of the
Northeast regional territory for the Bell Atlantic Mobile and NYNEX
Mobile joint venture. Recently, ACS Enterprises Inc., of Bensalem,
providers of Popvision wireless cable TV, merged with CAI Wireless
Systems Inc. It was reported at the time that Bell and NYNEX will
develop technology for the wireless cable systems owned by CAI. Alan
Sonnenberg, chairman and CEO of ACS, said an important ACS and CAI was
the capital provided by Bell Atlantic Corp. and NYNEX Corp. The money
will be used to fund the cash portion of payment to ACS shareholder
and other CAU acquisitions.
SOCIAL ENGINEERING BELL ATLANTIC BY SWALLOW:
Introduction -
This article lists important Bell Atlantic number, and tells you
how to talk to them to get any information you want. If you learn to
social engineer well enough, you can get anything you need on the
phone company with my list below.
Before you call work out an identity - have the following
information ready:
- you are calling from repair, station number xx (any number works
from about 10-40, even though the repair stations are not separated
like this - it sounds very realistic to stupid operators when you say
"station 22 repair").
- the location of your office. Pick out a town near you where Bell
Atlantic has an office with trucks parked out back. Example: Bryn
Mawr, PA is what I usually use.
So if they ask "who am I speaking to?", you say "This is Mark
Abene at station 29 repair in Bryn Mawr." For best results, do not use
the names Mark Abene, Emmaneul Goldstein, or anything starting with
Bernie.
Basic Rules -
* if you ever get put in a tight spot, blame your supervisor, and
work it out to a mutual agreement.
THEM: sorry sir, I'm not allowed to give you that
information-who is this anyway? You should know better
than to ask for that...
ME: duh... my supervisor gave me this number and told me to
call.
THEM: okay - don't let it happen again!
* it's more casual as you may think. relax a bit - when talking,
don't be afraid to make conversation, and small talk (how are you,
etc.).
* do NOT abuse these numbers. Some of them are very easy to get
information from! If you abuse the numbers, then they will boost
security!
* if they ask a question and you don't know the answer, blame your
supervisor again, and work it out to mutual agreement, swearing to
call back.
THEM: what is the ID code to get that information?
ME: duh... my supervisor gave me this number and told me to
call.
I'd better check with him and call you back.
THEM: duh, okay.
* rehearse what you want to say, and make sure your goal is clear
- do you know what it is you are calling for?
* do NOT sound like a (for lack of a better term) dork. Sound like
a real repairmen might. If you haven't gone through puberty yet, have
somebody who has make the call for you.
* yet again: use your supervisor as your security. Most of the
operators on these numbers are not too bright. If they get their
supervisors though, they'll figure it out. So - if you have confused
an operator, and he/she wants to go get their supervisor, make a
graceful exit, using your supervisor as an excuse.
Stupid "not-quite-a-hack" hacks -
Free local calls with redbox: Call the operator and tell her your
coins are going in, but they're not doing anything - you're still not
connected. The operator will dial the number for you, and will
actually accept the red box tones as real money.
Free LEGAL! calls: Call up repair (611) - flaming mad: "I'm
trying to call this number, and I keep on getting reorder tone, and
the phone ate my quarter, and the operator tried and it still didn't
work! What's wrong with it!?!" Sometimes repair will put you through
for free on the account of all your troubles.
Fun Numbers -
News line - 1.800.647.6397
This is the number that Bell Atlantic employees call everyday to
hear a recording of Bell Atlantic news events. Usually boring, but
sometimes they talk about fraud, and other naughty things.
ANI - 958, 958-xxxx, 958-4100
ANI is automatic number identification. When you call this
number, it will read your number back to you. This is good for
finding out what number you are calling from if you are beige boxing,
etc.
In most of Bell Atlantic, it has something to do with 958. In the
suburbs of Philly, it's 958-4100, in Philly and in south Jersey, the
number is just 958. Try 958, 958-4100, and 958-???? where you live
and see what happens.
NOC (Network Operations Center, pronounce KNOCK) -
The NOC is basically God. They have a lot of information, and
they just wait for repairmen to call up and ask for it. So... try
calling up and asking for the ESS switch in your exchange. Try calling
up and finding out what they have. I have not had much experience with
them yet.
703.205.4200 - NOC in Virginia. Try to bullshit them in to getting
you the NOC in your own area if it's not listed here. This one appears
to be the headquarters, or at least more important than the others -
there are more people working there, and they have more information.
610.251.2600 - NOC for area code 610, southeastern PA, suburbs of
Philadelphia.
215.451.2200 - NOC for area code 215, Philadelphia.
If they tell you that they don't cover the area you are looking for,
simply ask them for the number of the NOC that covers the NPA-xxx exchange.
LAC (Line Assignment Center, pronounced ell-ay-cee) -
1.800.310.9898
Note: this is for the Philadelphia (215/610) area only. If you
are in Philadelphia, and they tell you they do not handle that area,
a) ask for the LAC that does, or ask to get transferred to "control".
Tell control what you need, and for what area.
This is like 555-1212 on steroids. They have the phone number of
EVERYBODY who has phone service. Even companies and unlisted phones.
The only exception to this is the NSA. The LAC does not have the
phone number for the NSA, but after all, there is No Such Agency.
Right, anyway: call up the LAC and say "Hi... I need the phone
number for a customer at <<>>" There should be no
problem. You can also get the cable pair from them by replacing the
words "phone number" with "cable pair". Pretty clever, If you are
really good and clever, you can use this number to get a CNA for a
number you have, but this takes work - they are not supposed to give
it out, though they have access to it very easily.
QWIK TRIX:
HOW TO MAKE SOMEONE'S FONE A REOUTER:
(Ultra Call Forwarding) by Dark Phiber
[Bell Atlantic Systems]
In issue 7 I told you about the Ultra Call Forwarding (UCF) service.
Well since that time I had been caught doing it and they have changed
their security around. You now need to know the social security
number of the line you wish to add the UCF service to. For most of
you that is no problem at all. For the ones that can't get social
security numbers as easily you need to social engineer a little more.
I have found they won't ask you as many questions if you ask them
more questions and sound sincere and get them to trust you.
Another thing not mentioned in the first article about UCF was the
TelCo's capability to track every number that the UCF line is forwarded
to. They have printouts of when the line is activated for UCF and when
it is deactivated for UCF. Dates and times are also included.
THE UNDERGROUND ART OF ENCRYPTION BY KEY MASTER:
[Formerly released in CSoft Magazine]
How I see things, there has been one constant in human society since
the very first day that we placed a footprint in the sand. That
constant is of security. The security of information. The secret
location of our cave which houses the badly needed food for the coming
winter. The plans to a deadly bomb which could destroy our planet if
obtained by the wrong people.
What should we know? What shouldn't we know? In this information
age, security of information is becoming an obvious issue. Did you
know that the United States government is RESTRICTING certain forms of
encryption from being used by the public?
I wrote this article for anyone who is interested. It explains the
basics of "Encryption", which is the intentional alteration of data in
any medium (to "encrypt") to be indecipherable to anyone except those
who have the scheme to "decipher" the data back to its original form.
Sounds easy, doesn't it? :)
This article is divided by topics in the field of Encryption, and,
where appropriate, there are FYI's (For Your Information) to help
explain terms you might not understand.
==FYI== "Code" and "Cipher" ?
A "Code" involves the use of code words, symbols, or groups of numbers
to replace words or phrases. For example, many police forces use
"10-4" for Acknowledge, "10-9" for Repeat Message, "10-98" for
Prison/Jail Break, etc.
A "Cipher" is something TOTALLY DIFFERENT. A "Cipher" works with the
elements of a message. For example, the letter "k" in the group of
characters "jklm".
==FYI== "Clear; Key; Cipher" ?
Three (3) main terms used in encryption. In the example of a message
being encrypted, the "Clear" (also called "Plain") represents the
message BEFORE encryption. The "Cipher" is what the message looks
like AFTER encryption. And the "Key" is sometimes used to calculate
the Cipher.
Substitution
~~~~~~~~~~~~
Substitution, as the name implies, involves substituting one thing
with another.
"Simple Substitution": Simple Substitution is a cipher with a single
cipher character replacing each clear character.
The most common way to get a simple substitution table is to start
with a key word (which must NOT have repeating characters in it).
Let's use the word "CODER" as our key.
Clear : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: C O D E R A B F G H I J K L M N P Q S T U V W X Y Z
After that, the left-over letters are placed in order. However, if we
were to do only that, many clear characters and cipher characters will
actually remain the same! To avoid that, we first rewrite the cipher
alphabet under the key word:
C O D E R
A B F G H
I J K L M
N P Q S T
U V W X Y
Z
Now, starting with the leftmost column, we rewrite a revised cipher
alphabet:
Clear : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: C A I N U Z O B J P V D F K Q W E G L S X R H M T Y
That's more like it. Now each character has a DIFFERENT character to
substitute itself with. Let's encrypt "KEY MASTER" using the above
"Simple Substitution" table:
Clear: K E Y M A S T E R
Cipher: V U T F C L S U G
There are many variants of Simple Substitution for the computer. The
three most common involve using the logical XOR operator, adding and
subtracting ordinal values, and digit-swapping. ALL of these methods
are different forms of SUBSTITUTION.
"Polyalphabetic Substitution": Polyalphabetic substitution involves
MULTIPLE ALPHABETS and usually has a variable key.
An example of a Polyalphabetic Substitution cipher is the "AutoKey
Cipher". On top of using a variable key, the AutoKey Cipher uses a
NON-REPETATIVE key. It creates a non-repetitive key by creating the
key, based upon the data being encrypted, as it encrypts.
Let's start with a typical polyalphabet table:
a b c d e f g h i j k l m n o p q r s t u v w x y z
^
a A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
b Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
c Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
d X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
e W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
f V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
g U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
h T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
i S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
j R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
k Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
l P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
m O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
n N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
o M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
p L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
q K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
r J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
s I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
t H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
u G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
v F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
w E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
x D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
y C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
^ ^
Here we have 26 DIFFERENT, possible alphabets to use. The principle
of the AutoKey Cipher is that the cipher character determines the
cipher used for the next character. However, there must be an initial
key to start the process going. Let's use "J" as the initial key, for
example. Now let's encrypt "KEY MASTER" using the AutoKey Cipher with
the above polyalphabet table:
Clear: K E Y M A S T E R
Cipher: Z V X L L T A W F
We started with "J" as the initial key. We go along the top row and
find the "J" column. Then we go down until we find the letter to be
encrypted. Then we go over to the left and find out the cipher
letter. I put the ^ symbol under the letters to follow for the first
character to encrypt, the "K".
Also notice that this method totally stomps on a frequency count
because, in the above example, two totally different letters represent
the letter "E".
==FYI== "Frequency Count" ?
A "Frequency Count" is one of the tools used to break encryption
schemes. For example, the characters E, T, A, O, N, I, S, R, & H make
up more than 70 percent of the average text; the characters T, O, A,
W, B, C, D, S, H, F, M, R, I, & Y are the initial letter of most
words; the characters E, T, D, S, N, R, & Y are the final letter of
most words. These and tons of other facts about the English language
help code breakers determine a text message.
Transposition
~~~~~~~~~~~~~
Transposition, UNLIKE substitution, involves SWITCHING one thing with
another by methodically mixing up the characters to make the message
unreadable.
Let's encrypt "KEY_MASTER" using the simple "Rail Fence Cipher".
First we write the message in some form of a rectangle or square,
then rewrite the message arranging the letters in diagonals.
Clear: K E Y _ M A S T E R
K E Y _ M
A S T E R
Cipher: M _ R Y E E T K S A
Super Encipherment
~~~~~~~~~~~~~~~~~~
Up to this point, we have been dealing with PRIMARY concepts of
encryption. "Primary", meaning you encrypt something with one
encryption method and that's it. Welcome to what is called "Super
Encipherment". It involves encrypting something that is ALREADY
encrypted!
Probably the best and safest way to do this is to mix a Substitution
Cipher with a Transposition Cipher.
Before you attempt this, I want to tell you that TRUE Super
Encipherment means NOT "canceling out" the primary system of
encryption!!!
==FYI== "Canceling Out" ?
ANALOGY: 1 + 2 = 3. The answer is 3. For our
purposes, 3 makes 1 and 2 meaningless.
1 + x = 1 + x. The answer, in this second
case, is the question. There are NO COMMON
TERMS to simplify, as in the first problem.
When one encryption method "cancels out"
another, that means there are common terms
between the two methods--which would actually
equate to ONE encryption method. When that
happens, Super Encipherment does NOT exist
with that particular scheme.
EXAMPLE: A double XOR. Let's encrypt the number 4
with two XOR keys. 4 XOR 75 = 79. 79 XOR 77
= 2. Ok, we just DOUBLE XOR'd a byte with
TWO SEPARATE KEYS! WOW! Sounds great, huh?
These two methods "cancel" each other.
Watch: 4 XOR 6 = 2. As you can see, XORing a
byte with 75 and 77 is the same as XORing the
same byte with 6.
Compression
~~~~~~~~~~~
Believe it or not, "Compression" can be a form of encryption.
Compression means that the encrypted version is SMALLER than the
decrypted version. Common computer utilities made by various people
that can compress data include PKZIP, ARJ, LHA, and STACKER. Getting
into this will blow the scope of this article, so I will just say it
exists.
Random Numbers
~~~~~~~~~~~~~~
A side note about "random numbers": should you ever find the need to
have a "random number", keep in mind that it is NOT POSSIBLE. True
randomness does not exist as far as we know. We can't simply sit down
and write numbers that come into our heads. We'll be unconsciously
including patterns. Computer number generators use very complex
equations to put together a string of numbers that don't repeat
quickly and which have very subtle patterns. It's only logical to see
that any generating system which depends on an equation, however
complex, will leave its pattern in the numbers.
The closest one can get to true randomness is from a statistical table
of some sort, such as from WORLD ALMANAC and stock and bond price
listings in the financial pages of the newspaper.
That's about it for this article, I hope you've learned something
about encryption!
If you want to contact me, I can be reached via Internet, or at SPIRAL
AbYSS, my BBS, at 215-968-1574.
INTERNET: kmaster@delphi.com
TOO MANY SNOOPS BY SPOOKY:
The capture of our beloved leader Dark Phiber *coughNOTcough*
;) got me thinking about how few of us tkae any security precautions
against feds, parents, and other snoops. I mean that h/p shit on yer
puter can probably get you into alot of trouble, especially if the
feds find it. So I thought that i would address this issue with my
next article, and here it is! (Note: I am currently running DOS
version 5.0 so some of these tricks may not work if you are running
anything else. ;P)
%Software Barriers%
1.Password protect the BIOS- I kniow most of the newer
puters will let you do this, although mine won't =( This
is especially good because that way you can't boot from
A: and bypass it.
2.Install a 3rd party pasword system- In case you can't lock
your BIOS you shoulf definately fo this. Just be sure to
put the call to the password system in the 1st or 2nd
lines of your autoexec.bat so that you can't control-c out
of it. There are plenty of these programs out there for
free. One place to look is at the CERT faculty on the net.
Maybe when I learn to program I'll make a password system
and release it for cafbl. Look for it in the future....
3.Hide your secret files- here's how i did it....
a.make a directory to store the files in (in an
inconspicious place, like off of C:\DOS)
b.hide the directory with attrib
c.in your config.sys file, add the following lines:
install doskey
doskey keystrokes=macros
doskey dir /a=fool.bat
dosket dir /a:h=dir
*What this does is makes it so that when a snoop types dir*
* /a *
*to list your hidden files and directories, it'll run *
*fool.bat *
*instead. And when they type dir /a:h it will just run *
*plain dir *
d.then hide config.sys and make it read-only
e.next make a batch file called fool.bat(or whatever, be
sure it's same as what you told doskey to call however)
that will 1st clear the path, then call fooledu.bat.
Put this file in your path and hide.
f.now make another batch file htat will echo the same
thing that dir /a shows when there are no hidden files.
Make one for every directory, making sure to change the
"Directory of . . ." line accordingly. At tyhe end of
the file, add a line that will restore the path.
*The whole purpose of clearing the path is so that you run*
*the *
*fooledu.bat in the directory that you are in at that *
*time, not *
*the one in the path. Not very fancy, but it works. *
g.then rename attrib.exe and then hide it so they can't
just hit
attrib and list all of your hidden files that way.
4.Destroy the evidence- Ok, your sitting there hacking NASA
when all of the sudden you hear a knock at the door them
your mom calling you saying that some federal agents would
like to talk to you. Uh-oh! What do you do? Format the
drive? No, that takes too long, erares all data including
legit stuff, and can be undone. Well I have a better
solution. Here's what you do. Make a batch file containing
something like this:
cls
echo installing sharware, hold . . .
kill c:\dos\hack*.* >nul
rd c:\dos\hack >nul
kill c:\stuff\warezz\*.* >nul
rd c:\stuff\warezz >nul
md c:\shareware
copy c:\dos\game.com c:\shareware >nul
echo instillation complete!
delete %0 >nul
Note:KILL is one of those programs that overwrites the
program with ones and zeros, making recovery
impossible.(for extra security) GAME.COM is just a
batch file converted to a com that echos 'runtime error
at 4410:001B' that way if the spam asks you what you
are doing you can say that you are installing a
shareware game and run the com(previously hidden in
c:\dos or wherever) which should convince him you are
telling the truth. btw-the DELETE %0 at the end of the
batch file just deltes the batch file, totally
destroying the evidence.
%Hardware Barrier%
1.Destroying your backups- In case you get raided by the
feds/cops/telco, you will most likely want to have a way
to quickly destroy you backup copies of any h/p stuff you
have on disk. Well the method that i have ready to use is
pretty simple. Just take some wire, wrap it around your
box that you store your disks in, then connect one side of
the wire to a 9 volt battery's negative side, and the
other to a SPST switch which then in turn is connected to
the positive side of the battery completing a simple
electromagnet. When/if the feds ever come, flick the
switch on and your disks will be scrambled. If you wanna
be fancy, you can install a battery holder. Also, you can
drill a hole in your desk and mount it there.
*NOTE:I have no method of destorying the data on the HD *
*physically, but i imagine that if you have the *
*electromagnet close enough when you turn it on it would *
*affect it, maybe even scramble all of the data but right *
*now i don't have a HD to test this theory out on. But i'll*
*get back to you's on it when i find out. *