The document discusses techniques for hacking UNIX operating systems and provides instructions on how to gain unauthorized access. It begins by explaining the different versions of UNIX and how making them all compatible will make hacking easier. It then describes how to identify a UNIX system by its standard login and password prompts. The document provides usernames and likely passwords to try and gain initial access. It also discusses how to send anonymous email and view the password file. The overall purpose is to teach methods for compromising UNIX security without authorization.
This document discusses how integrating the Ethereum Name Service (ENS) can improve the user experience of dapps. It begins by outlining problems with traditional Ethereum addresses, then presents ENS as a solution using human-readable names instead of long addresses. The document provides details on how ENS works, recent upgrades, upcoming features like shorter names and integration with other networks. It proposes various levels of ENS integration for dapps and lists supported libraries. The overall message is that dapps are not fully user-friendly without incorporating ENS to replace intimidating addresses with names.
The document contains examples of converting between binary and decimal numbers, identifying common flowchart shapes, and calculating the minimum number of bits needed to uniquely encode buttons or lights. Key concepts covered include binary, decimal, flowchart shapes, encoding, and the ASCII protocol.
This document provides an introduction to IPv6 including:
- IPv6 addresses use 128-bit addressing providing vastly more addresses than IPv4's 32-bit addressing. IPv6 addresses are presented as 8 groups of 4 hexadecimal digits separated by colons.
- IPv6 addresses have either a link-local, unique local, or global scope. Link-local addresses start with fe80 and are used for local networking, global addresses can be routed on the public internet.
- DNS lookups use AAAA records to map IPv6 addresses to domain names in the same way A records are used for IPv4. Reverse lookups also differ between IPv4 and IPv6.
- Websites can be accessed over both IPv4 and
Your app lives on the network - networking for web developersWim Godden
Our job might be to build web applications, but we can't build apps that rely on networking if we don't know how these networks and the big network that connects them all (this thing called the Internet) actually work.
I'll walk through the basics of networking, then dive a lot deeper (from TCP/UDP to IPv4/6, source/destination ports, sockets, DNS and even BGP).
Prepare for an eye-opener when you realize how much a typical app relies on all of these (and many more) working flawlessly... and how you can prepare your app for failure in the chain.
This document provides information about IP addresses and network addressing. It discusses what an IP address is and how it is used to identify devices on a network. It also describes the different classes of IP addresses (A, B, C, D, E) and how they divide the 32-bit address into a network ID and host ID portion. The classes determine the number of networks and maximum number of hosts for each network.
The document discusses IPv6 addressing, including historical aspects, types of IPv6 addresses like unicast and multicast, interface identifiers, and address deployment schemes. It provides details on aggregatable global unicast addresses which aim to minimize the global routing table size through allocation hierarchies. The Abilene network's IPv6 allocations and procedures for obtaining addresses are also summarized.
The document summarizes how Telenet, a major data network, could easily be hacked in the 1980s to scan for connected computers. It describes how hackers would program their computers to automatically connect to addresses in a given area code, record any "connected" addresses, and increment to the next address. The network was vulnerable because it did not require user identification and would allow connections without logging in.
This document provides information about RSTS/E, an early operating system commonly used on PDP computers. It describes how to identify an RSTS/E system upon connecting, explains the login process using a Project-Programmer Number and password, and lists some basic system commands like HELP, DIRECTORY, and BYE once logged in. The document aims to describe the basics of interacting with an RSTS/E system for beginners.
This document discusses how integrating the Ethereum Name Service (ENS) can improve the user experience of dapps. It begins by outlining problems with traditional Ethereum addresses, then presents ENS as a solution using human-readable names instead of long addresses. The document provides details on how ENS works, recent upgrades, upcoming features like shorter names and integration with other networks. It proposes various levels of ENS integration for dapps and lists supported libraries. The overall message is that dapps are not fully user-friendly without incorporating ENS to replace intimidating addresses with names.
The document contains examples of converting between binary and decimal numbers, identifying common flowchart shapes, and calculating the minimum number of bits needed to uniquely encode buttons or lights. Key concepts covered include binary, decimal, flowchart shapes, encoding, and the ASCII protocol.
This document provides an introduction to IPv6 including:
- IPv6 addresses use 128-bit addressing providing vastly more addresses than IPv4's 32-bit addressing. IPv6 addresses are presented as 8 groups of 4 hexadecimal digits separated by colons.
- IPv6 addresses have either a link-local, unique local, or global scope. Link-local addresses start with fe80 and are used for local networking, global addresses can be routed on the public internet.
- DNS lookups use AAAA records to map IPv6 addresses to domain names in the same way A records are used for IPv4. Reverse lookups also differ between IPv4 and IPv6.
- Websites can be accessed over both IPv4 and
Your app lives on the network - networking for web developersWim Godden
Our job might be to build web applications, but we can't build apps that rely on networking if we don't know how these networks and the big network that connects them all (this thing called the Internet) actually work.
I'll walk through the basics of networking, then dive a lot deeper (from TCP/UDP to IPv4/6, source/destination ports, sockets, DNS and even BGP).
Prepare for an eye-opener when you realize how much a typical app relies on all of these (and many more) working flawlessly... and how you can prepare your app for failure in the chain.
This document provides information about IP addresses and network addressing. It discusses what an IP address is and how it is used to identify devices on a network. It also describes the different classes of IP addresses (A, B, C, D, E) and how they divide the 32-bit address into a network ID and host ID portion. The classes determine the number of networks and maximum number of hosts for each network.
The document discusses IPv6 addressing, including historical aspects, types of IPv6 addresses like unicast and multicast, interface identifiers, and address deployment schemes. It provides details on aggregatable global unicast addresses which aim to minimize the global routing table size through allocation hierarchies. The Abilene network's IPv6 allocations and procedures for obtaining addresses are also summarized.
The document summarizes how Telenet, a major data network, could easily be hacked in the 1980s to scan for connected computers. It describes how hackers would program their computers to automatically connect to addresses in a given area code, record any "connected" addresses, and increment to the next address. The network was vulnerable because it did not require user identification and would allow connections without logging in.
This document provides information about RSTS/E, an early operating system commonly used on PDP computers. It describes how to identify an RSTS/E system upon connecting, explains the login process using a Project-Programmer Number and password, and lists some basic system commands like HELP, DIRECTORY, and BYE once logged in. The document aims to describe the basics of interacting with an RSTS/E system for beginners.
This document discusses electronic banking services provided by Chemical Bank called PRONTO. It allows customers to perform banking tasks like checking balances and transferring funds by calling into the bank's computer system using a personal computer and modem. While the service aims to increase security through the use of passwords and restricting funds transfers to pre-approved recipients, the summary notes hackers could potentially gain unauthorized access by eavesdropping on conversations to obtain customer codes or copying the required PRONTO software. It concludes by inviting reader feedback on local electronic banking services.
This document summarizes the capabilities of early electronic switching systems (ESS). It notes that while ESS presents challenges for phone phreaking, it also has interesting features to study. Specifically, ESS allows for specialized "classes of treatment" for individual phone lines, restricting them to only outgoing calls, only incoming calls, local calls only, long distance only, collect calls only, or requiring caller ID codes for outgoing calls. In total there are said to be around 50 such classes available on ESS networks.
This document provides instructions on how to hack into computer systems and steal money from ATM machines. It begins with basic definitions of hacking and what equipment is needed. It then describes methods for finding phone numbers of target systems like scanning directories and inside information. Next, it details how to hack into DEC computer systems, including how to log in, view files, use privileges, and log out. It concludes by explaining how to "jackpot" or steal money from ATM machines by severing the connection between the ATM and host system and inserting a microcomputer in between.
Veilig communiceren power point presentatieleonardoleno
The document provides guidelines for safely organizing actions without leaking sensitive information, focusing on risks from cell phones and email. It discusses how communication data can be intercepted and outlines best practices like encrypting emails and removing phone batteries. Newer technologies make monitoring cheaper and allow reactivating powered-off phones, emphasizing the importance of proper communication security.
- The document introduces networking concepts and models including the OSI 7-layer model and simplified 4/5-layer model. It discusses the goals of understanding common networking technology and terminology as well as Stanford's network.
- Key concepts covered include the physical, data, and network layers of networking. The physical layer discusses cabling standards like Cat5 and wireless technologies. The data layer focuses on Ethernet standards and addressing. The network layer introduces routing and the Internet Protocol.
This document provides information about installing and configuring Asterisk PBX software on a Linux system. It discusses installing necessary hardware like an X100P FXO card and TDM400P FXS card. It describes configuring the zaptel and zapata files to define the channels for each card. Finally, it briefly discusses setting up SIP by editing the sip.conf and extensions.conf files to register Asterisk with a SIP proxy.
This document provides information about accessing and using the VMS operating system on a VAX computer. It describes how to log in using default usernames and passwords. It explains some basic commands to view users, change directories, send messages, and get help. It also lists common file types and directories in a VMS system.
This document provides a summary of a presentation titled "Ride the Light: A guide to the internet, telephony and computer technology in the 21st century." The presentation covers topics such as core computing values, telephony, internet technology, IP addressing, internet security and abuse. It includes details on technologies like dial-up, DSL, T1 lines, routing registries, RFCs, subnetting, internet threats and solutions, and recommended websites for further information.
The document discusses ways to defeat callback verification systems used by bulletin board systems to confirm a user's contact information. It describes an old technique where if a caller originates a call and the other party hangs up first, the caller maintains control of the line for up to 15 seconds. This allows circumventing callback verification if the BBS calls back during that window. It also discusses ways to prevent a modem from hanging up prematurely, such as ignoring drop in carrier signals or using a homemade busy switch on the phone line. The goal is to trick the BBS into verifying the fake contact details provided during registration.
This document provides information about ways for readers to contribute content to 2600 magazine and stay connected with the magazine through bulletin boards. It lists contact information for submitting articles, data, or news items. It also describes two bulletin boards - OSUNY and Central Office - that are affiliated with 2600 and open for anyone to call and view content about computers, telephones, and hacking.
This document provides an introduction to computer networking concepts. It begins by stating the goals of the class are to provide a basic understanding of modern networking technology and terminology, as well as an overview of what makes Stanford's network unique. It then discusses various networking models and layers including the OSI and TCP/IP models. It covers physical network components like Ethernet, wireless networks, switches and routers. It also explains key networking protocols like IP addressing, ARP, DNS, and routing. The document is intended to familiarize readers with fundamental networking concepts in a high-level manner.
This document provides an introduction to computer networking concepts. It begins by stating the goals of the class are to provide a basic understanding of modern networking technology and terminology, as well as an overview of what makes Stanford's network unique. It then discusses various networking models and layers including the OSI and TCP/IP models. It covers physical layer topics such as wired and wireless networking standards. It also discusses data link layer protocols like Ethernet and switching versus hubs. The network layer and IP addressing are explained. The document concludes with an overview of routing and domain name resolution.
This document provides an introduction to computer networking concepts. It begins by stating the goals of the class are to provide a basic understanding of modern networking technology and terminology, as well as an overview of what makes Stanford's network unique. It then discusses various networking models and layers including the OSI and TCP/IP models. It covers physical networking components like Ethernet, wireless networking, switches and hubs. It also discusses network addressing with MAC addresses, IP addresses, and DNS. The document provides an overview of routing and explains common networking terms.
This document provides an introduction to computer networking concepts. It aims to give students a basic understanding of modern networking technologies and terminology. The document covers networking models, protocols, physical network components like twisted pair cabling and wireless networks, data link protocols like Ethernet, and network layer protocols like IP. It explains key concepts like addressing, encapsulation, routing, and the difference between hubs and switches. The goal is to familiarize students with common networking topics in a short introductory course.
The document provides information about contributing content to the magazine 2600. It requests various types of articles and information, such as profiles of long distance companies and computer systems, reviews of security devices, lists of phone numbers and reference books, tutorials on computer topics, true stories, maps of computer networks, and analyses of new legislation. It also requests access to computer networks, continued comments and questions from readers, and clippings from local papers. The document offers small payments for writers and those who obtain advertising. All contributions should be sent to the magazine's PO Box.
This document discusses various methods for connecting to the internet, including dial-up, ISDN, DSL, cable, and satellite. It also provides steps for configuring a dial-up internet connection in Windows, including selecting an Internet Service Provider (ISP), entering login credentials, and completing the connection setup. Additionally, it compares the speeds of different internet connection types and lists common connection speeds for each.
This document provides an introduction to hacking and the internet. It discusses topics like Linux, TCP/IP, and gaining unauthorized access to computers. The author acknowledges the legal issues with hacking but provides tips and resources anyway. They aim to introduce hacking basics and explain the anarchic nature of the internet in a mostly harmless way.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
The document discusses network security and begins by noting that the slides can be freely used and modified if their source is mentioned. It then provides an overview of the goals and roadmap for Chapter 8, which covers principles of cryptography, message integrity, securing various network layers, firewalls, and intrusion detection systems. The chapter aims to explain the fundamentals of network security and how security is implemented in practice.
This document summarizes the history of the development of electronic switching systems (ESS) by Bell Labs and AT&T from the 1950s through the 1970s. It describes how the project took much longer and cost far more than initially anticipated due to the significant technical challenges involved. The first small-scale trial was in 1960, but the first commercial installation was not until 1965. By the mid-1970s, ESS was serving over 5 million customers across hundreds of offices, representing a massive technical achievement despite the project requiring over 4,000 man-years of work and $500 million in costs.
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
The document discusses strategies for red teaming Active Directory security. It begins with an overview of Active Directory components and how they can be exploited by attackers. It then covers offensive PowerShell techniques and how PowerShell security can be bypassed. The document also provides methods for effective Active Directory reconnaissance, including discovering administrator accounts and network assets without port scanning. Finally, it discusses some Active Directory defenses that can be deployed and potential bypass techniques.
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
The document discusses vulnerabilities found in seismological network devices that could allow remote exploitation. It begins with a disclaimer and agenda. The speakers are then introduced as researchers from Costa Rica who were interested in these networks due to potential attack scenarios. Through a search engine, they discovered vulnerabilities in devices from multiple vendors. The talk demonstrates taking control of a device and outlines impacts such as sabotage. Recommendations are made to vendors to improve security of these critical scientific instruments.
This document discusses electronic banking services provided by Chemical Bank called PRONTO. It allows customers to perform banking tasks like checking balances and transferring funds by calling into the bank's computer system using a personal computer and modem. While the service aims to increase security through the use of passwords and restricting funds transfers to pre-approved recipients, the summary notes hackers could potentially gain unauthorized access by eavesdropping on conversations to obtain customer codes or copying the required PRONTO software. It concludes by inviting reader feedback on local electronic banking services.
This document summarizes the capabilities of early electronic switching systems (ESS). It notes that while ESS presents challenges for phone phreaking, it also has interesting features to study. Specifically, ESS allows for specialized "classes of treatment" for individual phone lines, restricting them to only outgoing calls, only incoming calls, local calls only, long distance only, collect calls only, or requiring caller ID codes for outgoing calls. In total there are said to be around 50 such classes available on ESS networks.
This document provides instructions on how to hack into computer systems and steal money from ATM machines. It begins with basic definitions of hacking and what equipment is needed. It then describes methods for finding phone numbers of target systems like scanning directories and inside information. Next, it details how to hack into DEC computer systems, including how to log in, view files, use privileges, and log out. It concludes by explaining how to "jackpot" or steal money from ATM machines by severing the connection between the ATM and host system and inserting a microcomputer in between.
Veilig communiceren power point presentatieleonardoleno
The document provides guidelines for safely organizing actions without leaking sensitive information, focusing on risks from cell phones and email. It discusses how communication data can be intercepted and outlines best practices like encrypting emails and removing phone batteries. Newer technologies make monitoring cheaper and allow reactivating powered-off phones, emphasizing the importance of proper communication security.
- The document introduces networking concepts and models including the OSI 7-layer model and simplified 4/5-layer model. It discusses the goals of understanding common networking technology and terminology as well as Stanford's network.
- Key concepts covered include the physical, data, and network layers of networking. The physical layer discusses cabling standards like Cat5 and wireless technologies. The data layer focuses on Ethernet standards and addressing. The network layer introduces routing and the Internet Protocol.
This document provides information about installing and configuring Asterisk PBX software on a Linux system. It discusses installing necessary hardware like an X100P FXO card and TDM400P FXS card. It describes configuring the zaptel and zapata files to define the channels for each card. Finally, it briefly discusses setting up SIP by editing the sip.conf and extensions.conf files to register Asterisk with a SIP proxy.
This document provides information about accessing and using the VMS operating system on a VAX computer. It describes how to log in using default usernames and passwords. It explains some basic commands to view users, change directories, send messages, and get help. It also lists common file types and directories in a VMS system.
This document provides a summary of a presentation titled "Ride the Light: A guide to the internet, telephony and computer technology in the 21st century." The presentation covers topics such as core computing values, telephony, internet technology, IP addressing, internet security and abuse. It includes details on technologies like dial-up, DSL, T1 lines, routing registries, RFCs, subnetting, internet threats and solutions, and recommended websites for further information.
The document discusses ways to defeat callback verification systems used by bulletin board systems to confirm a user's contact information. It describes an old technique where if a caller originates a call and the other party hangs up first, the caller maintains control of the line for up to 15 seconds. This allows circumventing callback verification if the BBS calls back during that window. It also discusses ways to prevent a modem from hanging up prematurely, such as ignoring drop in carrier signals or using a homemade busy switch on the phone line. The goal is to trick the BBS into verifying the fake contact details provided during registration.
This document provides information about ways for readers to contribute content to 2600 magazine and stay connected with the magazine through bulletin boards. It lists contact information for submitting articles, data, or news items. It also describes two bulletin boards - OSUNY and Central Office - that are affiliated with 2600 and open for anyone to call and view content about computers, telephones, and hacking.
This document provides an introduction to computer networking concepts. It begins by stating the goals of the class are to provide a basic understanding of modern networking technology and terminology, as well as an overview of what makes Stanford's network unique. It then discusses various networking models and layers including the OSI and TCP/IP models. It covers physical network components like Ethernet, wireless networks, switches and routers. It also explains key networking protocols like IP addressing, ARP, DNS, and routing. The document is intended to familiarize readers with fundamental networking concepts in a high-level manner.
This document provides an introduction to computer networking concepts. It begins by stating the goals of the class are to provide a basic understanding of modern networking technology and terminology, as well as an overview of what makes Stanford's network unique. It then discusses various networking models and layers including the OSI and TCP/IP models. It covers physical layer topics such as wired and wireless networking standards. It also discusses data link layer protocols like Ethernet and switching versus hubs. The network layer and IP addressing are explained. The document concludes with an overview of routing and domain name resolution.
This document provides an introduction to computer networking concepts. It begins by stating the goals of the class are to provide a basic understanding of modern networking technology and terminology, as well as an overview of what makes Stanford's network unique. It then discusses various networking models and layers including the OSI and TCP/IP models. It covers physical networking components like Ethernet, wireless networking, switches and hubs. It also discusses network addressing with MAC addresses, IP addresses, and DNS. The document provides an overview of routing and explains common networking terms.
This document provides an introduction to computer networking concepts. It aims to give students a basic understanding of modern networking technologies and terminology. The document covers networking models, protocols, physical network components like twisted pair cabling and wireless networks, data link protocols like Ethernet, and network layer protocols like IP. It explains key concepts like addressing, encapsulation, routing, and the difference between hubs and switches. The goal is to familiarize students with common networking topics in a short introductory course.
The document provides information about contributing content to the magazine 2600. It requests various types of articles and information, such as profiles of long distance companies and computer systems, reviews of security devices, lists of phone numbers and reference books, tutorials on computer topics, true stories, maps of computer networks, and analyses of new legislation. It also requests access to computer networks, continued comments and questions from readers, and clippings from local papers. The document offers small payments for writers and those who obtain advertising. All contributions should be sent to the magazine's PO Box.
This document discusses various methods for connecting to the internet, including dial-up, ISDN, DSL, cable, and satellite. It also provides steps for configuring a dial-up internet connection in Windows, including selecting an Internet Service Provider (ISP), entering login credentials, and completing the connection setup. Additionally, it compares the speeds of different internet connection types and lists common connection speeds for each.
This document provides an introduction to hacking and the internet. It discusses topics like Linux, TCP/IP, and gaining unauthorized access to computers. The author acknowledges the legal issues with hacking but provides tips and resources anyway. They aim to introduce hacking basics and explain the anarchic nature of the internet in a mostly harmless way.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
The document discusses network security and begins by noting that the slides can be freely used and modified if their source is mentioned. It then provides an overview of the goals and roadmap for Chapter 8, which covers principles of cryptography, message integrity, securing various network layers, firewalls, and intrusion detection systems. The chapter aims to explain the fundamentals of network security and how security is implemented in practice.
This document summarizes the history of the development of electronic switching systems (ESS) by Bell Labs and AT&T from the 1950s through the 1970s. It describes how the project took much longer and cost far more than initially anticipated due to the significant technical challenges involved. The first small-scale trial was in 1960, but the first commercial installation was not until 1965. By the mid-1970s, ESS was serving over 5 million customers across hundreds of offices, representing a massive technical achievement despite the project requiring over 4,000 man-years of work and $500 million in costs.
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
The document discusses strategies for red teaming Active Directory security. It begins with an overview of Active Directory components and how they can be exploited by attackers. It then covers offensive PowerShell techniques and how PowerShell security can be bypassed. The document also provides methods for effective Active Directory reconnaissance, including discovering administrator accounts and network assets without port scanning. Finally, it discusses some Active Directory defenses that can be deployed and potential bypass techniques.
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
The document discusses vulnerabilities found in seismological network devices that could allow remote exploitation. It begins with a disclaimer and agenda. The speakers are then introduced as researchers from Costa Rica who were interested in these networks due to potential attack scenarios. Through a search engine, they discovered vulnerabilities in devices from multiple vendors. The talk demonstrates taking control of a device and outlines impacts such as sabotage. Recommendations are made to vendors to improve security of these critical scientific instruments.
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms for those who already suffer from conditions like anxiety and depression.
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
This document appears to be a preview of slides for a presentation at DEF CON 24 about compelled decryption. The slides discuss the difference between first and third parties in communications and the Communications Assistance for Law Enforcement Act. It also lists several third parties like technology companies and individuals that could potentially be compelled to decrypt communications. The document indicates that it is a preliminary version and the slides may be altered before the actual presentation.
Deep learning systems are susceptible to adversarial manipulation through techniques like generating adversarial samples and substitute models. By making small, targeted perturbations to inputs, an attacker can cause misclassifications or reduce a model's confidence without affecting human perception of the inputs. This is possible due to blind spots in how models learn representations that are different from human concepts. Defending against such attacks requires training models with adversarial techniques to make them more robust.
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
This document outlines various strategies and tactics for overthrowing a government through covert and clandestine means, including cyber espionage, propaganda, agitation of public unrest, sabotage of critical infrastructure, and manipulation of financial systems. It discusses using mercenaries and private intelligence agencies to carry out these activities at an arm's length from sponsorship by nation states. Specific examples from Kuwait in 2011 are referenced to illustrate techniques for fomenting revolution through cyber and information operations.
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareFelipe Prado
This document discusses various ways that hardware can become "bricked", or rendered unusable, through both software and hardware issues. It covers 101 different bricking scenarios across firmware, printed circuit boards, connectors, integrated circuits, and unexpected situations. Examples include wiping firmware, damaging traces on PCBs, breaking solder joints on connectors, applying too much voltage to ICs, and devices being bricked by environmental factors. The document provides tips for both bricking and avoiding bricking hardware, as well as techniques for potentially unbricking devices.
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
This document provides an overview of a talk on novel USB attacks that can provide remote command and control of even air-gapped machines with minimal forensic footprint. It describes building an open-source toolset using freely available hardware that implements a stealthy bi-directional communication channel over USB using a keyboard/mouse and generic HID profiles to deploy payloads and proxy traffic without touching the network. The talk will demonstrate attacking Windows systems by staging payloads in memory to avoid disk artifacts and establishing a VNC session without user interaction or malware deployment. Source code and documentation for the toolset, called USaBUSe, will be released on GitHub at Defcon.
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
The document discusses common challenges and failures that can occur when conducting phishing campaigns professionally. It outlines eleven stories of phishing failures caused by issues like poor scheduling, spam filters blocking emails, not having enough target email addresses, domain name choices being too obvious, and lack of communication. For each failure, it provides recommendations on how to avoid the problem by improving collaboration, communication, planning and negotiation with the client organization. The overall message is that success requires treating phishing engagements as multi-party negotiations and managing expectations through clear communication and involvement of all stakeholders.
The document discusses vulnerabilities found in human-machine interface (HMI) solutions used for industrial control systems. It details a case study of multiple stack-based buffer overflow vulnerabilities found in Advantech WebAccess through an RPC service that could allow remote code execution. The vulnerabilities were caused by improper validation of user-supplied input to functions like sprintf and strcpy. While patches were released, analysis showed the fixes did not fully address the underlying problems with input handling.
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
This document summarizes tool-assisted speedruns (TAS) of video games. It discusses how emulators and tools are used to play games faster than humanly possible by deterministically recording every input. Advanced techniques like memory searching and scripting push games to their limits. Console verification devices were developed to play back TAS movies on original hardware. The document argues that TAS tools are like penetration testing tools and can be used to find and exploit vulnerabilities in games. It demonstrates an arbitrary code execution in Pokemon Red using an unintended opcode execution.
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
This document shows a graph with distance on the x-axis ranging from 0 to 35 meters and Received Signal Strength (RSS) in dBm on the y-axis ranging from -100 to -40 dBm. The graph contains a line for a model with a path loss exponent of 2.0 as well as scattered data points representing collected RSS measurements.
This document provides an overview of a hands-on, turbocharged pragmatic cloud security training that covers topics in a fraction of the normal time by slimming down four days of material into four hours. It will cover configuring production-quality AWS accounts, building deployment pipelines, and automating security controls. Most examples will use Ruby and Python. Nearly all labs will be in AWS. There will be minimal slides and hand-holding. Participants are responsible for their own AWS bills after the training.
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
The document discusses the results of a study on the impact of COVID-19 lockdowns on air pollution. Researchers analyzed data from dozens of countries and found that lockdowns led to an average decline of nearly 30% in nitrogen dioxide levels over cities. However, they also observed that this improvement was temporary and air pollution rebounded once lockdowns were lifted as vehicle traffic increased again. The short-term reductions could help policymakers design better emission control strategies in the future.
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
Little Snitch is a host-based firewall for macOS that intercepts connection attempts and allows the user to approve or deny them. The document discusses understanding, bypassing, and reversing Little Snitch. It provides an overview of Little Snitch's components and architecture, describes several methods for bypassing its network filtering, and examines techniques for interacting with and disabling Little Snitch's kernel extension through the I/O Kit framework.
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
The document summarizes two presentations on cracking electronic safe locks. It discusses cracking a Sargent & Greenleaf 6120 safe lock by using a power analysis side-channel attack to recover the keycode stored in clear in the lock's EEPROM. It also discusses cracking a Sargent & Greenleaf Titan PivotBolt safe lock by using a timing side-channel attack to recover the keycode, and defeating the lock's incorrect code lockout feature.
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
This document discusses hacking heavy trucks and related networking protocols. It describes building a "Truck-in-a-Box" simulator to experiment with truck electronics and protocols like J1939 and J1708. The document outlines adventures in truck hacking, including modifying engine parameters, impersonating an engine control module, and exploiting bad cryptography. Details are provided on new hardware tools like the Truck Duck for analyzing truck communication networks.
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
The document provides an overview of a workshop on practical Android application exploitation. The workshop aims to teach skills for performing reverse engineering, static and dynamic testing, and binary analysis of Android applications. It will use demonstrations and hands-on exercises with custom applications like InsecureBankv2. The workshop focuses on discovery and remediation, targeting intermediate to advanced skill levels. It will cover tools, techniques, and common vulnerabilities to exploit Android applications.
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
The document discusses vulnerabilities in VNC implementations that allow unauthenticated access. It notes that a scan of the internet found over 335,000 VNC servers, with around 8,000 having no authentication. This lack of authentication allows attackers to access and "pivot" into internal networks. The document provides statistics on different VNC protocol versions found and describes exploits that could allow compromising devices to access additional internal systems through insecure VNC implementations and proxies.
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
Droid-FF is an Android fuzzing framework that aims to automate the fuzzing process on Android devices. It uses Python scripts and integrates fuzzing tools like Peach and radamsa to generate test case data. The framework runs fuzzing campaigns on Android devices, processes the logs to identify crashes, verifies the crashes are unique, maps crashes to source code locations, and analyzes crashes for exploitability using a GDB plugin. The goal of Droid-FF is to make fuzzing easier on mobile devices and help find more crashes and potential vulnerabilities in Android applications and frameworks.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
2600 v03 n08 (august 1986)
1. 2600 HANG
UP
AUGUST, 1986
VOLUME THREE. NUMBER EIGHT $2
KNOWING UNIXby The Kid & Co.
The UNIX operating system is popular among most major
universities and companies such as AT&T. Learning how to
hack and use UNIX is important to any serious phone phreak
or hacker.
UNIX is a marvelous system which exists in many different
forms: UNIX Release 7. UNIX 4.2BSD. UNIX System V.
Currently. efforts are underway to make all systems conform to
the UNIX System V interface standards. This will make the
jobs of programming Unix systems and hacking them much
easier since everything will be "compatible." The techniques I
am about to discuss should work under the two most popular
versions-UNIX System V and UNIX 4.2BSD. The UNIX
operating system has a reputation of not being very secure. yet
many attempts have been made to make it that way. Many of
them have been successful. Now let us embark on our quest for
root (super user privileges).
In order to hack a UNIX system. you must learn how to
identify one. UNIX systems all have the same login and
password prompts. These prompts appear to be unique to this
system. therefore it is not even necessary to penetrate the system
to identify it. The login prompts shown below are the standard
prompts:
login:
Password:
In order to start hacking. one must first get into a regular
user's account on the system. On some systems passwords are
not even required. but they are suggested. Usually there are a
few accounts on every machine with no password to them. All
that must be obtained to gain entry to these password-less
accounts is the username. Finding a username is not an easy
thing to do. The system could make the task of finding a
username easier if it allowed "command logins." One system I
know of allowed anyone to type the username "who" at the
login prompt and receive a list of all the users currently logged
into the system. Ifa hacker were to encounter a system with this
feature (hnle). his job would be made considerably easier. He
could collect a list of usernames by using this "who" login
several times. Once one has a list of users. all one needs to do is
guess the passwOlds which are typically easy even for the
beginner. Here are some usernames along with some likely
passwords. Notice the obvious patterns here. The specific
usernames are not significant except in the case of root and field
since these two accounts appear on every UNIX system.
Username Password Comments
root superusr The Super User Account
field hardware Field Maintenance (has root privs)
ght gthgth Average user (notice the pattern)
len len123 Another average user
Successful login to a UNIX system would look something
like the following:
login:hacker
Password:
Last login: Tue May 20 23:30:32 on ttyS2
Welcome to hackvax
Vax 11/7S0
4.2BSD
* type "man xxxx" for information on xxxx...
3-57
$
The $ is the command prompt. Once you have this. you are
ready to start hacking away. First we will learn how to use the
telnet program to send mail to anyone on the system without
having your hacked account's username attached to it! You can
even make the mail look like it came from anyone on the system
or even from another system! Below we see a C program which
allows you to do this in a nice neat way:
lIinclude (stdio.h) fuse 'greater than, less than' brackets on this line
instead ofparenthesesf
main(argc,argv)
char *argv{];
int argc;
( fuse an open squiggly bracket here]
FILE *popenO, *fp;
char ch, to[SI], fromrSI], subject[SI];
if(argc != 2)
( fuse an open squiggly bracket here]
printf("To: ");
gets(to);
) fuse a closed squiggly bracket here]
else
strcpy(to, argv{I]);
printf("From: ");
gets(from);
printf("Subject: ");
gets(subject);
fp=popen("telnet hubcap 25 ))/dev/null","w"); fuse two 'greater
than' signs before the '/dev1
fprintf(fp,"mail from: %s/n",from); freplace slashes with
backslashes]
fprintf(fp,"rcpt to: %s/n", to); fsame as above]
fprintf(fp,"data/nSubject: %s/n/n",subject); fsame as above]
while«ch=getchar()) != EOF) fuse two 'less than' signs after the
'while1
fputc(ch,fp);
fputs("/n./nquit/n",fp); freplace slashes with backslashes]
pclose(fp);
) fuse a closed squiggly bracket heref
This program should be placed into a file which ends in .c on
the system and then compiled. One should use either ed or vi to
create the file. It is not necessary to explain how to use these
programs since that information can be obtained by typing
either "man ed" or "man vi" at the command prompt. If we
were to place this program into the file fakemail.c then we
would use the following command to compile it:
cc -0 fakemail fakemail.c
To run the program. just type fakemail and it will run and
prompt you. To terminate the message just type a control-D
(the UNIX EOF mark). You can have a lot of fun confusing
users by sending mail which appears to be from someone of
importance like "root" or other important users.
All UNIX operating systems allow all users to look at the
password file. Unfortunately the passwords are all encrypted.
One can look at this file by typing "cat! etc! passwd" from the $
prompt. Although you cannot get the actual passwords from
this file you can get a list ofevery user on the system and a list of
those users which do not have any passwords. Ifa user does not
have a password, the encrypted password field will be null. The
(continued on page 3-64)
2. A Trip To England
by John Drake
The follm...ing article comes to us from a writer who is
spendi~g some time in the United Kingdom. We welcome
future contributions from other writers in other countries.
Please contact us ifyou have something to offer.
Phone Card Phones
British Telecom is trying to increase the number of these
telephone booths throughout England since there is no money
involved. and thus no reason to break into them. Phone cards
are the same size as credit cards but they are green on black
plastic base. The units of each card are divided up into two
tracks of 100 units. Cards come in denominations of 10. 20, 50.
100, and 200 units. One unit is the same as 10 pence. To use the
other track on the card (if there is one) you simply turn it
around and insert the opposite long length of the card into the
phone when the first track is all used up.
The phone "burns off" a unit at a timed interval which is
determined by the number you dialed. You can make
international calls from these phones. Free calls locally, long-
distance. or international can be made from these phones by
disconnecting (cutting the wire or inserting a switch) the right
wire that contains the incoming timing signals. The wires are
color coded but BT (British Telecom) constantly changes this
color coding. You can use a voltmeter to deduce which wire you
have to cut. The problem arises that the wire is usually hidden
and protected unless it's in a school or in a building as opposed
to a phone booth. You can always disconnect it at its source
which is inside the phone. It stands to reason that since the
phonecard phones contain no money that the locks will be lax
or. easier yet, standardized for all phones. Once inside. you can
disconnect the wire going into the write head.
There is such a phone at an international school in London.
The wires ofthe phone are very bare and I believe that someone
at the school has figured out which is the right wire to cut. The
students lJave been making free international phone calls
around the world for several months now. British Telecom has
been around to fix the phone several times to no avail. Finally,
two weeks ago, they cut all the wires and left the phone for dead.
During the past week they have reconnected the phone and for
the time being it is burning offthe credits when you make a call.
The wires going into the phone are still bare....
Modem Standards
Prestel's odd standard of 1200175 has carried over to most
other non-Prestel systems. This includes mainframes,
Viewdata, and even some BBS's. 300/300 (not U.S.
compatible) modems are becoming more popular as are
1200/1200 (U.S. compatible). Other speed configurations are
1200175 Viewdata and 1200 Spectrum. There isa device which
clips onto the modem port and that acts as a buffer for your
1200 baud modem and makes it compatible with the 1200;75
computers here.
U.K. Operator Numbers
999 Emergencies--fire, police, ambulance, cave rescue. coast
guard, and mountain rescue
142 Information for London Postal Area
192 Information for numbers outside London
100 Operator Services-alarm calls. advice of duration &
charge. credit card calls, fixed time calls. free fone calls.
personal calls. international calls, transferred charge calls,
subscriber controlled transfer
151 Faults-repair service
193 International Telegrams-send to most countries
100 Maritime Services-ships' telegram serVice, ships'
telephone service
155 Inmarsat Satellite Service
190 Telemessage-if you have something to say and prefer to
say it in writing
191 Any other call enquiries
London General Information Services-Charged
(London area code is 01 inside U.K.)
246 8071 British Gas Recipeline (Mon-Fri 8am-6pm)
2468024 Capital Radioline
246 8050 Challengeline-brain teasers (answer the following
day)
2468007 Children's London-events and competitions
154 Daily Express Cricketline (during test matches played in
London and other matches 8am-7pm)
2468070 Daily Mirror Telefun show
2468066 Eventline-Motor sport info
2468026 Financial Times Cityline-for business news and FT
index
2468066 Financial Tim~s Cityline-international market
reports
2468044 Golden Hitline-hits from 60's & 70's
246 8041 Leisureline-daily selection of events in and around
London
2468043 French version of above
246 8045 German version of above
2468033 National Summaries-Air
246 8030 National Summaries-Rail (Inter City & London
Service)
2468031 National Summaries-Road (Motorways)
246 8032 National Summaries-Sea
246 8000 Puffin Storyline (bedtime stories from 6pm each
night)
2468055 Spaceline (space mission information)
2468020 Sportsline-general roundup
2468000 Starline-for your daily horoscope (6am-6pm daily)
123 Timeline-for the speaking clock (24 hour service)
2468091 Weatherline-London area
2468008 Woolworth-a selected LP featured each week
160 Woolworth- 24 hours a day
168 William Hill Raceline-horse racing results and
information
Engineers' Tests
170 to 179 plus your last four digits is the self test number for
your phone.
175 Line fault test- Dial 175 then your last four digits, let it
ring. you will hear something, hang up. Your phone will ring,
answer it. and then dial9. A list ofdiagnostics will be read off to
you by a computer.
Long Distance Operators
0800890011 UK to AT&T long distance operators
18004455667 AT&T to British Telecom's operators
3-58
3. Phone Fraud in Governor's House
Philatll.'lrtua Inuutn~r
Though his aides insist it was mostly a case of "kids being
kids." Governor Thornburgh's state telephone credit card was
used for hundreds of personal calls. some 'of them made by
members of the governor's family.
The personal Icing distance calls-dating to the beginning of
the Thornburgh administration-were included in bills
submitted to the state. They were routinely processed and paid
in full. It was only recently. when word of inquiries from a
reporter filtered back to Thornburgh's press office. that a
review was done on the phone bills.
The review showed that about $4.330 worth of personal
long-distance phone calls had been made in a 6Y2 year period
ending in.October 1985. All of those calls had been made using
the state telephone credit-card number assigned to the
governor.
A spokesman said that Thornburgh personally reimbursed
the state for $1.751.98 worth of calls made bv members of his
family. He said the state also had been reimb~rsed by a private
citizen. whom he would not name. for an additional $2.582.52
in personal long-distancee calls that had been made by "a
teenager" using the governor's card number.
BB Watching VDT Operators
VSATnda'"
8.6 million video display terminal operators are being
monitored by their computers. according to the National
Institute of Occupational Safety and Health.
Employers-such as insurance companies. airlines.
supermarkets, post offices. and telephone companies-are
using computers to record when an operator is off a VDT.
count kevstrokes bv the second. time customer service
transactio"ns. and track errors. They say workers do more when
they know they're being watched.
"Yes. in the short term you can squeeze more out of people."
says Harley Shaiken. technology professor at the University of
California in San Diego. "But in the long term. it destroys
creativity and the initiative and desire to do a good job."
PSA Inc. of San Diego began in March to give demerits to
reservation agents who don't meet certain standards. PSA
agents are allowed to leave their terminals a total of72 minutes
during an 8.5-hour shift. They can't spend more than 109
seconds percall and more than II seconds between calls. Ifthey
do. they collect demerits: 37 in a year could get them fired.
Workers are fighting back in unusual ways. Some are
hanging up on customers to reduce average call times. Others
fake work. holding a finger on a key and filling computer
screens with one letter.
[Readers: we welcome any other suggestions for beating this
horrible. nasty system. These people need our help!]
LD Companies Strike Back
The Wall ~trett Journal
Victor and Betty Humphrey got a surprise package on their
38th wedding anniversary last month: a $258,000 bill for long
distance phone calls they didn't make.
GTE Sprint says the 5.6OO-page, 24-pound bill resulted from
fraud. During a six-day dialing spree. it says. inmates at prisons
across the country charged 46.000 calls to the Humphrey's code
before the company cancelled and replaced the number.
But while the Humphrey's are offthe hook. Sprint isn't. They
must pay the costs of providing service. whether or not they
themselves get paid. Investigators say that illegitimate use of
billing codes issued to customers of companies other than
AT&T was responsible for a significant portion of the
estimated $500 million that the long distance industry lost to
toll fraud last year.
3-59
--- - ------- - -------=:--= =-= ~= =-_.
- ===-=-=-- ----- ---- - --- -- -
- ===-=-=-= = ======
The companies are fighting back. Among other steps. they
have fitted their switching equipment with anti-fraud software
and forged a new industry coalition to bolster prosecution
efforts. Some companies permit customers who are traveling to
place calls only to numbers in their home area codes.
Many companies have joined the Communications Fraud
Control Association. a trade group formed last year to combat
toll fraud. The companies complain. however. that they don't
always get the cooperation they expect from local law-
enforcement agencies.
In February. Teltec Saving Communications Co.. a Miami-
based long distance company. filed suit in state court against 38
people, including the operators of seven electronic bulletin
boards. accusing them of either using fraudulently obtained
codes or permitting them to be posted. Although the case hasn't
yet gone to trial. some defendants have settled out of court.
agreeing as part of the settlement to post the word on
underground electronic networks that computer crime doesn't
pay.
Teltec has put its own message in bulletin boards where it
found its codes posted. offering up to $10.000 for information
on who was posting the codes. It has also posted phony codes.
then traced people who used them.
Leave Our Poles Alone!
.IC'r..C'~,' Journal
In fun view of local police. RepUblican congressional
candidate Albio Sires recently carried out his planned "civil
disobedience" by nailing a political poster to a utility pole.
"Those are our poles."said a spokesman for New Jersey Bell.
"The posters are a safety halard. We don't want them. We say
please leave our poles alone."
Phone Booths Mauled Then Stolen
I on!! hland ~e~ay
"Someone apparently used a chain attached toa truck." said
a New York Telephone spokesman when he referred to two
phone booths that were stolen. Each of the missing booths
weighed 400 pounds. And each was secured bya six-inch bolt to
a concrete slab outside Weir's Delicatessen in Medford.
Town highway department workers reported the booths
missing at 4:50 am. Telephone company employees inspected
the site and found only the bolts surrounded by pieces of
broken glass as well as smashed panels and rubber molding.
According to Weir's clerk the theft was the final indignity
suffered by the booths. "People would slam the phone down.
break the receiver. take a hammer and bam." he said. "Thev'd
get mad when they'd lose their money." "
The New York Telephone spokesman said that public
phones get "bombed. bludgeoned and stuffed." But. he added.
"It's unusual to see a booth hauled off."
New York Telephone is offering a $2.000 reward for
information about the theft. The number to call is 8005225599.
The numbers of the missing payphones were 5167328600 and
5167328550.
The Ghost in the Machine
Time
The 911 operators have learned that when they get a call and
hear no voice on the line. a cordless phone is ftequently at fault.,
A rogue phone's dialing system isapparently triggered by low
batteries. or by interference from household gadgets such as
microwave ovens. fluorescent lights. hair dryers. and garage-
door openers. Three-digit numbers are hit most often (411 for
directory assistance also gets such calls).
For emergency operators. the problem is more than a
nuisance. Silent calls must be traced. in case a human rather
than a phantom needs help.
4. letters of the monthDear 2600:
Congratulations on the apparent success ofyour newsletter. 1
learn something from each issue. Your points on the power of
computers and the information that is processed on them are
correct. And you provide a valuable service by attempting to
educate your readers and (sometimes) chide those who would
use the information improperly.
I work on the other side of the fence~data security for a large
corporation. I don't always like what you say about the
condition of my profession--because it is usually too painfully
true!'! I also have the nature to try, test, and explore new areas
to see what happens. But I wouldn't proceed to the point of
"crashing"or "disabling"a system as was stated on page 3-42 of
your June issue. Finally. the point of my letter'
Please don't tell people how to crash a computer system. It
may prove your technical superiority, or that you can read a
technical manual. However. just as the lives of many innocent
people connected with your BBS and others were unjustly and
adversely affected by raids by uneducated and unqualified
intruders. crashing a major (or minor) computer system has
serious consequences to innocent people, directly or indirectly
And, unless you know the effect you have on my busines~
(retail. oil, banking, public utility, medical care, etc.), you are
just as naive. over-your-head. and dangerous as the authorities
that confiscate a BBS.
On a lighter note. we don't need your help anyway. We crash
our systems on an irregular basis. Unintentionally. of course
Which help~ explain why you see so few computer professionals
loitering in pool halls these days. They are too busv trying to
recover from the latest/ greatest technology.
Keep up the good work
The Stopper
Dear Stopper:
Please note that those people who confiscate BBS:~ get the
full support of law, unlike those who crash main~rrames.
On 1'hether or not we will stop printing Sl'stem shut-down
pmcedures... that is something we shall consider. Our main
point is 10 shO1' how easill' it can he done bv anJ'one-a
computer huff or a saboteur
Dear 2600:
I am a lawyer with an avid interest in BBS's or SIG's that
handle law-related material or are aimed at lawyers. Do you or
your readers know of any such boards other than the SIG's on
CompuServe. the Source, and Bix') Are there any that have shut
down') I would like to hear from anyone who has had an~
experience with these boards or lawyers who use them.
I am on CompuServe. BIX, and ABA/net (1825).
Dear Mr. Morrison:
Rees Morrison
14 Montrose Road
Scarsdale, NY 10583
Please sendus the list ofthe law-related BBS:~ that you knoH
or and we ask our other readers to do the same. We can puhlish
(hem in the near future.
Dear 2600:
As a veteran VAX/VMS wizard and a new subscriber 10
2600. Iwas interested to see the front-page article (July 1986) on
the subject of VMS security hacking. I was disappointed.
though. to find that "Violating a VAX"dealt with the subject at
a junior-high level. I'm not necessarily criticizing the article 01
its author on that account; we all have to crawl before we learn
to walk. and all that. However, I'd like to save would-be VMS
hackers some emharrassment by pointing out a few mistakes «1
avoid If vou do things Baalzebub's way, your friendly local
' stem manager will soon he knocking at your door with a sheaf
of printouts in his hand and a stern look on his face.
The password-grabber command procedure presented in the
article illustrates a number of blunders:
I. First, that "%DCL-F-TRANS"crap is completely bogus,
in several senses of the word. Why bother faking a login and
making up an error message when you can just simulate a user
validation error and make it look as though the user has mis-
typed his password') Simulating a login error and killing the
process is a lot safer than presenting the user (who may not be
all that stupid. even if he is a system manager) with a series of
obviously bogus "system" messages.
2. You can use the DCL command "STOPjlDENT=O" to
log out without generating a message. This doesn't require any
privilege at all. In a program, you can use SYS$DELPRC.
3. Using INQUIRE to read the username and password is
foolish when you can use the READ command with the
:PROMPT and !ERR qualifiers. Also, READ has a timeout
option. By the way, the default timeout count at login is 30
seconds. not 20 seconds as implied in the article.
4. The command procedure given doesn't use SET
MESSAGE to get rid of any error messages which might
possibly be generated if things go wrong--another potential
source of user tip-offs that something fishy is going on.
Where VMS is concerned, the whole password-grabber
concept is practically obsolete anyway, since VMS V4 defines a
terminal characteristic called "SECURESERVER" which was
designed specifically to foil password-grabber programs. When
a terminal1ine has this characteristic set, pressing the BREAK
key at login is guaranteed to disconnect any process running on
the terminal
A few other notes: I) ControT-T isn't very useful at login time.
Repeated control-Y's immediately following the password are
more useful. hut the "DISCTLY" flag in the UAF prevents
them from having any effect. 2) Using "890" as a file version
numher is silly (Suppose that version 891 or higher already
exists.) The number you want is 32767; that's the maximum
possihle version number. RTFM! 3) The first "Trojan horse"
procedure given should include the command "SET
DFFAULT SYS$LOGIN" before the DELETE command
which is supposed to get rid ofthe incriminating LOGIN.COM
file
As operating systems go, VMS is very secure, and it's
hecoming more so with each new release. (Unfortunate but
true) According to DEC. a version of VMS will have the
Defense Department's highest possible security rating within
two or three years.
In parting. I offer you at 2600 a slogan for your masthead:
"The road of access leads to the palace of wisdom." Apologies
to William Blake
j
Dear 2600:
I noticed a problem in the password grabber described on
page 3-49 of your July 1986 issue. In the narrative, it says that
control-Y is disabled, but the code doesn't actually disable
control-V: it merely provides direction on what to do if a
cont rol-Y IS encountered. In this case. if a control-Y is entered
during the wait period, then the program will just continue with
the next step after the control-Y interrupt. Since there is no step
after the WAIT. the program will exit in this case. To use the
ON CONTROI-Y effectively in this case, you need to loop
hack so that any control-Y will reset the wait timer: $LOOP:,
$ON CONTROl .-Y THEN GOTO LOOP, $WAIT 01 :00:00.
An een hetter solution would he to actually disable the
control-Y earh in the program with a SET NOCONTROL
command In fact. it would be useful to also disable control-T
(continued on paRe 3-64)
5. The 2600 Information Bureau
10007 Teletllarketlns 202 783
10054 Eastern Telephone 215 628
10066 Lexitel 800 631
10080 AMtel
10084 LOS Metroludia Lons Distance
10085 Westel, Inc.
10203 Cytel
10211 RCI 800 458
10220 Western Union
10221 Telesaver 201 488 4417, 202 982
10222 MCI 800 624
10223 TDX SYsteMs, Inc. (For business
10235 Inteleplex 609 348
10288 AT&T 800 222
10333 US TelecoM 800 531
10366 AMerican Telco, Inc.
10444 Allnet 800
10464 Houston Network, Inc.
10488 ITT 800
10777 GTE Sprint 800
10800 Satelco
10824 ATC/Directline
10850 Tollkal 800
10855 Network plus 703
10888 SBS Skyline 800
2600 IISS~ 0749-385)
Editor and Publisher
Twenty Six Hundred
Associate Editors
Eric Corley David Ruderman
Executive Director
Helen Victory
Cartoonist
Dan Holder
BBS Operator
Tom Bllch
Junk Mail Receiver
Richard Petrovich
Writers: John Drake, Paul Estev, Mr French. Emmanuel
Goldstein, Chester Holmes, The Kid & Company. Lex Luthor
Lord Phreaker, Mike Salerno, The Shadow, Silent Switchman
and the usual anonymous bunch
2600 is published by 2600 Enterprises, Inc., an eleemosynarv
organization.
ANNUAL SUBSCRIPTION RATES $12. IndiVidual; $30 corporate
$20, overseas.
LIFETIME SUBSCRIPTION $260. SPONSORSHIP $2600
BACK ISSUES: $2 each, indiVidual, $3 each, corporate.
$2.50 each, overseas.
MAKE CHECKS PAYABLE TO 2600 Enterprises, inc
WRITE TO 2600, PO. Box 752, Middle Island. NY 11953·0752
TELEPHONE (516) 751-2600. PRIVATE SECTOR BBS !201 366442 1
ADVERTISING DEPARTMENT PO Box 762. Middle island N"
11953-0762. Call for rates
ARTICLE SUBMISSION AND LETTERS POBox 99 Middle ISland. N~
11953-0099. We readily accept articles, letters. clippings artwork and
data for publication
POSTMASTER This is private mail
982
526
521
646
352
368
235
.-61
7213 [DC, Philly, part of VAl
4111 [PhillYl
4835
7000
1169 [eastern cities]
6240
onl y)
0050 [Southern NJl
0300
1985
8888
3000
4949
1676 [Northern NJl
1171 [DC Metro area]
6900, Cno auto EA. need acct]
2001
Phonecard
2. Insert thl' eml
into the slot, grt.'l'11
,side up, in the
direction of the
arrow, and press it
fully home.
I Lift the receiver
and listen fnr dial
tone (continuous
purring or new dial
tone - a high
pitched hum).
... ~... .) Dial the number
.•~ YOU want. The digital
• • (Iispla" will show
the number of
, unused units on the
______-' card (or on the track
;lctually inserted in the case of a 2()O unit
card). Listen f( lr the ringing t( lIlC and
,peak when connccted The credit units
,Ire progressivciy erased as shown on the
digital display
Follow-on calls.
II (Ill !l;le ullused units remaining
, "I ;1 (;1'" I ;lnd YOU wish to make a net'
(,ill, ti,) Il( ,t H'l)bn' tlte rl'lci·er. In'itcad,
hl'll'lh dcpress ;lIld release the reccivcr
resl As S"<11l ;IS IlU hC;lr the dial tone
..gain. IIHI (;1I111U.;(, "Illr ncxt call
(sec pURe 3-51'! jor more details on this)
6. Thil il a lilt of area codel and the nUlber of exchanges bein, used in each one.
It will give an idea of what area codes are filling u~, as we I as which ones
are unused. This list cOles to us frol Telecol Diges , via Private Sector.
NPA COUNT COMMENTS 602 440
603 193
201 543 North Jersey. Getting right up there. 604 480
202 437 605 310
203 349 606 240
204 308 607 146
205 522 60B 210
206 431 609 204
207 306 610 0
208 246 612 424
209 257 613 220
212 467 614 338
213 524 LOI Angeles already split off B18. 615 430
214 542 ADallas split is rUlored soon. 616 317
215 4Bl 617 533 E. "ass - splitting off 508 in 1988
216 477 61B 300
217 325 619 329
21B 267 701 333
219 307 702 195
301 53B Maryland. Busier than 617. 703 415
302 73 Delaware. Every state gets one, y'know. 704 265
303 557 Colorado has been growing••• 705 239
304 29B 706 96 Northwest Mexico hack, not a real NPA
305 540 "iali too. 707 145
306 416 70B 0
307 133 lIyo.ing. 709 237
308 IB6 710 0 Unlisted code used for AT'T Governlent services.
309 237 712 265
312 640 IIhy hasn't Chicago split yet? 713 414
313 504 714 364
314 454 715 28B
315 228 716 322
316 332 717 410
317 325 718 294
31B 298 719 0
319 308 801 265
401 lOB Rhode Island. 802 167
402 385 B03 396
403 544 Alberta and sOle NIIT - Canada's busiest B04 371
404 456 B05 193
405 462 806 225
406 316 B07 97 II. Ontario - another waste.
407 0 B08 163
40B 216 B09 340
409 255 810 0
410 0 B12 243
412 377 B13 344
413 109 II. "als - what a waste of a good code! B14 237
414 378 B15 255
415 483 San Francisco, also rUlored for split. B16 401
416 433 B17 381
417 IB1 BIB 240
41B 327 819 282
419 304 900 24
501 480 901 178
502 310 902 221
503 441 903 0
504 267 904 356
505 261 905 206
506 143 906 109 Upper Michigan, tied with 413.
507 249 907 340
SOB 0 90B 0
509 213 909 0
512 501 San Antoni0, TX. 910 0
513 396 912 270
514 363 913 399
515 377 914 256
516 283 915 257
517 285 916 319
518 211 917 0
519 286 91B 257
601 358 919 510 North Carolina's growing quickly.
3-62
7. SYSTEf:1I1T~[I1LLY SPEI1K~~[j
USSR Computer Hungry
long hland ~ewo;,da
The Soviet Union has announced sweeping reforms in its
"obsolete" higher education system, which it said produces
doctors who cannot diagnose and engineers who know little
about computers.
"Materialsand techniques are obsolete. That is why there is a
need for the profound restructuring of higher and secondary
specialized education, "the Communist Party newspaper
Pravda said in announcing proposed changes that will affect 2
million students and set up thousands of computer-equipped
workplaces to make Russians "computer literate".
ATM's in China!
Comhined New" Source..
NCR Corporation has installed the first automatic teller
machine in China. The unit will be operated as a test case by the
Nantung Bank in Zhuhai, an economic "free zone" near the
Hong Kong border. The machine won't be available to citizens
of the People's Republic.
Cash Machines Are Popular
,"e" Y ork rewsda~
Just a year after the New York Cash Exchange was formed.
the svstem that lets customers ofone bank use automatic tellers
at competing banks has virtually run out of institutions to
recruit.
The regional system now has 1.225 machines and 4.2 million
customers, making it one of the largest in the nation. The 55
institutions set to join will boost NYCE to 2.000 machines and
6.5 million customers, with a total of 80 institutions in eight
states, the District of Columbia, and Puerto Rico.
The system's chiefNew York rival is Citibank. which has its
own network of 626 machines and 1.5 million card-holders.
Citibank has shown little interest in joining NYCE.
NYCE may try out a new project-a debit-card system. If
such a system were in place, a customer could buy clothing at a
local department store using a bank card. and a sales clerk
could deduct the purchase price right from the customer's
checking account.
TV Blue Boxes
Radio Electronic,
The coming generation ofdigital TV sets is designed for easy
servicing by reprogramming them. Access for servicing. in the
case of sets using ITT digital Ie's, is provided via a rear-panel
connector or by dialing up a special code on the wireless
remote-control unit. In both cases. that gives the repair
technician access to the set's control bus. From there, it would
be an easy matter to defeat the sync-suppression decoding used
by most cable-TV systems for their premium channels,
according to engineers of the National Cable TV Association.
The NCTA fears that the introduction of digital TV sets will
lead to a flood of "blue boxes" to let cable subscribers decode
pay-TV programs without paying for them. The NCTA has
written to all majorTV set manufacturers urging them to "takr!
the necessary steps to make it impossible to externally force"
one of ITT's VLSI chips to defeat pay-TV encoding.
3-63
New Chip Helps Sprint
l1SA Today
About 30 percent of telephone customers won't get equal
access service until 1987 or later. Those customers would
ordinarily be lost to US Sprint, because to get .on Sprint's
system the customer would have to dial more than 20 digits. So
Sprint came up with a microprocessor that automatically dials
all the Sprint access numbers when a user dials" I." Sprint will
install it free on the premises ofany customerwith bills of$150
or more.
Government Phone Fate?
The 1"(' York Time"
The Federal government has started to update its entire
system of lines, switching equipment, satellites and security
devices, which has been in place since 1964. The current system
is still managed by AT&T and cannot handle the demand of
increased numbers of calls and high-speed data
communications.
The General Services Administration has invited
communications companies to come up with ideas for a new
system. The Government's next phone company. like AT&T.
will be privy to information about encoded data and will
therefore be required to have a high-level security clearance.
The companies are being asked to devise advanced ways to
protect communications from phone tapping. sabotage, and
even disruption caused by the electro-magnetic pulse that
destroys conductors of electricity after a nuclear explosion.
The system. "FTS 2000", is expected to be in place by the year
1990 and will cost 4 billion of your tax dollars.
Rural Radio Phones
C(lmmunicalinn'" Wl·l'}.
Four telephone associations and the Rural Electrification
Administration (REA) have asked the FCC to set aside certain
radio frequencies to be used for telephone service in rural areas.
Using radio instead of land-based wire could lower costs of
connecting customers. permitting telcos to extend coverage in
areas where costs have previously prevented it. according to the
group's FCC filing.
They called the radio service Basic Exchange
Telecommunications Radio (BETR).
Ifthe request is granted in full, BETR could extend service to
an estimated 485,000 customers nationwide who are currently
without telephones. Another 400.000 could have service
upgraded from mUlti-party to one-party lines.
The groups want the FCC to allocate 26 channels in the 450
MHz band and two 800 MHz channels to BETR.
"Debugging" Phones
It may not be what the phone company had in mind when it
came up with the memorable slogan "Reach out and touch
someone." but a tiny company called BioHygenix Inc. plans to
publicize a list of unsavory bacteria and fungi that it says
inhabit the mouth and earpieces of most telephones.
The Fremont (CA) startup. ofcourse. is providing more than
a public service. It has a product: a patented plastic telephone
cover impregnated with vinyzene. an antimicrobial preparation
developed by Morton Thiokol Inc.
8. UNIX (continued from paRe 3-57)
format of 'etc! passwd entries follows:
user:encrypted pwd:user #:group #:misc. info:home dir:prog executed upon
login
Examples from an actual etc i passwd file (the first -+
accounts are present on virtually all UNIX systems):
root:QtmvICLObmtbg:O:IO:System Account:/:/bin/csh
daemon:*:1:31:The devil himself:/:
uucp:x xx:4: I:liNIX -to-UNIX Cop~':/ usr/ spool/ uucppublic:/ usr/
Iib/ uucp/uucico
field:ivlHOhAl.lJ .aGo:O:1O:Field service account:/usr/ field:/bin/ csh
paul:VkFuS77wLiOgM:5:IO:Paul G. Estev:/usr/users/paul:
lenny::l0:20:Lenny Kern (dumb user wino passwd):/usr/
users/lenny:/bin/sh
Those entries in the password file which have a user numher
of0 are accounts which have super user privileges and should be
primary targets for password hacking techniques.
This should be enough to get you going on UNIX hacking.
Look for part two which will contain more advanced methods
of hacking.
EQUIPMENT
Security, Privacy, Police
Surveillance, Countermeasures, Telephone
BOOKS
Plans, Secret Reports, Forbidden Knowledge
•••SENDS:!O.()O FOR I.ARGECATAI.OG AND ONE YEAR lIPIlAn:s
SHERWOOD COMMUNICATIONS
Philmont Commons
2789 Philmont Avenue Suite III 08T
Huntingdon Valley, PA 19006
Call The Private Sector BBS!
The official bulletin board of 2600
is available for you to call!
NOW RUNNING ORIGINAL SOFTWARE
ON A 20-MEG PC WITH THESE SUB-BOARDS:
• Telecom Digest • Computer Low
• Media/News • Telecom
• Networking • Computer Security
• Info ~trieval • User Suggestions
• BBS Advertising • Radio Commun.
Connect with the famous
Private Sector BBS and participate
in interesting and intelligent talk
on telecommunications and computers.
201-366-4431 (300/1200)
3-64
letters (continuedfrom paRe 3-60)
while the Password Grabber is running: that would avoid the
situation described in the second paragraph of the article. For
example. if the victim has the presence of mind to enter a
control-T while the password grabber is at the WAIT step. it
will be obvious to the victim that he is still logged on. The
solution is to enter SET NOCONTROL=(YT) early in the
program.
Stake Out
Dear Readers:
Last month. rou read abollt the 'free phones of phill". "
Chester Holmes told you about free calls from 'Grious
pOIphones that have equal access.
One ofour writers was on a recent trip across the countrr.
andhe hadan opportunity to test Mr. Holmes'discovery alit in
other cities around the nation.
In ChicaRo and Los AnReles. for example. pay phone calls
are free when one simpll' chooses an alternate carrier before
dialinR· 10444. 10777, and 10888 worked. A more complete list
(filrmshed br Kid & Co.) can be found in this month's 2600
Information Bureau.
For rou Telco executives-you should realize that
Philadelphia, ChicaRo, and Los AnReles are amonR the largest
cities in this countn' and represent a very larRe hole to patch
(not to mention the rest of the free world).
FULL DISCLOSURE
is the most amazing newspaper available
])v y.::,u lin'_'w WiLLI. IS nmlly gOing, Oll ill the world lod.Jy1 When yuu few
yuur d..uly llcw,::>paper you ouly get. P~lIt. of the !:>lOry. In the u00k Mt'J."a ./OflO·
I!vl~, Ikn B:.I~dil·:Lall dcscnucu II. L1!1~ W;IY
"A ..lhorj,;" hnt'c: 1I1way¥ rtCo91li.:c:d Jlut /11 cemlrlll lilt: I~u~/ic Ihcy "llut
clllifrul uljvnllglJIII' I1!J ,,,~ I!lSIJ .., lilt IIIl1jurify vi uil IIwjur .Im~ri'd"
'IiI::Jill... lUcre Cllldrl)/I~J bv 50 yiau! c(;r"l.IrGIIIIII~. 11ltll( c"'I'lIraliuIIf
llltft l'ltc:rlod:td ill COlll11l011 ji/huh'jal illitrcl! u.ilA olhtr 1I1(11.il.ll: juJu,'nu
clIIJ willa a/cw domUlfml i'l/Cfrlulillliullnlll.cll. .. The mell and WOllltll who
,'nil,) then corpoTiHiullII. .. I:"n"ljlulc 4... f'rjllalt AJlt1ulry of JII!urmalulfi
411d l 'uilurt . .. "
Full Di:lcl~urc IS a. comvletc1y InuepeJld~nt monthly paper Lhat publishes
luf..;:.rmJ.lIon you need to know, IOformauon you won't find in your daily n~ws
IJ.lpt::r Do you only want to know whJ.L 50 giant corporations find sUitable for
you'/ Or uo you want a unique a.nd often suppressed viewpomt?
It I:) certail1 that Full ni:JCl03urc tills a gap wlthm our soclety_ There IS a
lIet:u f,:,r a puulic&.tlon that throws light ou all llle acuvities of government or-
gaulz:.ttlons ti.:.J.t form a. :;taw within a !jute Since the first edition of Full Di~
dOlHII'C lIIformed lUi rcadels ahout auuses, evil and unlawful adivilles of
~e'crnnll'1Lld tlqr..ulmclIki, Full Dbdo~JUrc h~ c.:cr1alllly become recognized
Ly the elrelHlers, the fOlilth powcr In our soclet.y
Filii Di~clrulurc ren.der K.~I of Knoxville, TN recently wroLe. "/'/11 rrally
impre,s,srd! j'vil wuul,iJ, '/ 6riitllt how ma'ly IhingiJ I'vt ~ubscribed tu, lflukillg jur
tllI~, bUl WU$ Il~ual/y dl3Uppoill/cd becau$t of tht luck of depth . .. / would have
/lClIfr foulld 0111 yUli tZI~t, except for tht 'Pdlicution Graptvlne '. "
Now, gUY dUII't have to dl·g through tht publication gfllpevine /0 firld Full Di~
clrntuJ"!. Your task l.!i e:1.':iY, Ju~t fill out the orda coupon below and return It lO
Full Dj~cI~urc now
1>lta.$t tol.tr Illy :lul..scrivuon to Full Disclosure for:
l J SaA1l-'le $1.~U, III year (12 iSliUes), SI5.00, or I J 2 ytaN (2·1 issues). $:!VJ5.
N
~
m
e
:
,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
:.dJrus: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
Cily/SlaltjZiv - - - - - - - - - - - - - - - - - -
Full Disclosure. P.O. Box 8Z75·Z6, Ann Arbor. Michigan -1.8107
NOli..;~: ollr olli.:u are lu.:aLeJ at 33·1 South S~l-t St, Ann Jrb)f ~1i<.:higiLn.
(t,u::.illessc~: our aJvertisiut: ral.t ~:.ard is iI'I'ailaLlf upon reque:H)