Happy Hacker Digest - June 5, 1997
This is a moderated list for
discussions of *legal* hacking.
Moderator is Matt Hinze
Send posts to: email@example.com (Matt Hinze)
[if you can, include a "HH" in the subject header]
Please don't send us anything you wouldn't
email to your friendly neighborhood narc, OK?
To subscribe or unsubscribe,
use the subscribe boxes on the menubars.
The Happy Hacker Digest Webpage, located at
http://www.cs.utexas.edu/users/matt/hh.html, contains recently
discussed web sites and past URLs Of The Day
(usually updated the day after the Digest is released).
H a p p y H a c k i n g !
Table Of Contents:
* Note From Matt
* VAX/VMS Hacking Challenge
* War Dialling
* RE: Call for help for person accused of computer crime
* Spammer Trouble
* Bypassing Caller ID, etc.
* Identify This System
* [end note]
*** Note From Matt
Whoa! This digest is a few days late! Sorry! We've sort of
things here at the Happy Hacker think-tank, so we're a few days
As soon as things settle in, we're going to relocate the web
page (to allow
for faster updates), and make a lot of other great changes.
*** VAX/VMS Hacking Challenge From: "Ted Martin"
Can you repost the information about the VMS challenge, Ilsot
paticualr issue and its not archeived yet :(
[Matt: This is an oft-requested issue. I am going to repost
this issue of
The Happy Hacker Digest to the official Happy Hacker Webpage
*** War Dialling From: Aaaaargh@aol.com
After reading the may23-14 edition of the HHD I decided to
call an operator
and talk to them about the legality of dialing consecutive numbers.
operator I talked to said that there was nothing illegal about
it and that
people do it all the time for things like telephone surveys.
I know this
isn't real new info but I just wanted to confirm Nathans post
Also, if anyone can give me some advice on which wardialer
I should use I
would be gratefull.
[Matt: I'm going to close the issue of war dialling legality
state that it depends on where you live. Call your telco and
ask. I always
use ToneLoc to scan, but you might find something that better
*** Literature From: Chris <firstname.lastname@example.org>
Where can I find a book(s) decribing UNIX
commands, TCP/IP processes, and Telnet things on the WWW or AOL.
searched for your book sugestions using Webcrawler and come up
handed. I'd really appreaciate being pointed in the right
[Carolyn: surf over to http://amazon.com and do a key word
search on Unix.
If you have a credit card you can order books from this site,
which is now
the biggest bookstore on the planet.]
[Matt: I've read a few good books lately, and I think I'm
going to mention
them all. In fact, I've just had a brainstorm and I think this
could be a
regular Happy Hacker feature. So if you have read hacking related
lately, send a review in to me at email@example.com .
I've re-read "Practical Unix & Internet Security,
2nd edition", by Simson
Garfunkel and Gene Spafford. Published by ORA in 1996. ISBN 1-56592-148-8.
This one is required reading. It's fairly expensive, though,
so see if you
can get it from your local library or from inter-library loan.
"Takedown: the pursuit and capture of Kevin Mitnick,
America's most wanted
computer outlaw - by the man who did it" by Tsutomu Shimomura
Markoff) Published by Hyperion in 1996, ISBN 0-7868-6120-6
"Takedown" is Ok. Shimomura likes to toot his own
horn, and for a guy with
no high school or college degree, he sure thinks he's smart.
Shimomura as he jaunts across the country hunting Mitnik, but
between roller-blading or cross-country skiing stints. He drops
a lot of
names to sound important. I'm not really impressed, but it makes
"The Watchman: the twisted life and crimes of serial
hacker Kevin Poulsen"
by Jonathan Littman. Pubished by Little, Brown and Company in
The Watchman is a lot better than Takedown. It's simply well
if it is the present tense, which tends to irk me sometimes.
I'm in the middle of "The Fugitive Game: online with
Kevin Mitnick, the
inside story of the great cyberchase", also by Littman,
and it's pretty
good so far. An excerpt:
[Littman:] "What would you say to young kids thinking
about getting into
hacking?" [Mitnick:] "Don't make the same mistakes
I did. Hacking might
look exciting at the beginning, but when you look back
on it, you only
have one life to live."
Ok.. back to your regularly scheduled Digest. :) ]
*** RE: Call for help for person accused of computer crime
From: Tony Middleton <firstname.lastname@example.org>
I would recommend to you and Michael Robinson my friend Phil
computer crime cases. He is the man who defended Phil Zimmerman
successfully as well as a number of nameless hackers. He
can be reached at
Like you magazine, list whatever it's called. As for
this unfortunate dude
with the legal problems. There is an attorney who advertises
in the back
of 2600 magazine:
Dorsey Morrow Jr.
Don't know anything about the attorney or the legal stuff
If you forward this around anonymize me. As you can see
from my address, I
don't need any trouble.
From: "A l i e n" <email@example.com>
I Notfieded NetCop (www.netcop.com) of the problem, they heped
simlar problems. you may want to e mail netcop at firstname.lastname@example.org
youu may be able to assist him
*** Spammer Trouble From: "Dinesh Mahtani (Dino)"
Sawatdee Kharp (G'day) from Thailand!
I've just been reading your GUIDE TO (mostly) HARMLESS HACKING,
up a few useful tips. I used to be a sysop in Hong kong
several years ago,
running a 3 node BBS. Gave it all up when I headed to college.
Unfortunatley, I seem to have missed out on a good bit on
the advances with
the Internet, and am begining to catch up now. I'm finally
Anyways, enough about me... I had a quick question
and was wondering if
you could offer any advice.
A while ago my ISP used to charge per email we rec'd. I asked
to stop sending me mails for this reason, and in response he
sent me a
blank email message every 15 mins. Its been going on for
some time now.
The ISP I'm with has sent emails to him (her?) requesting for
to stop. I sent one too and was told teh sysadmin didnt know
what was going
Heres a copy of what my ISP told me:
>From email@example.com Sun Mar 23 13:43:28
>From firstname.lastname@example.org Sun Mar 23 13:58:28
>From email@example.com Sun Mar 23 14:13:28
>From firstname.lastname@example.org Sun Mar 23 14:28:28
>From email@example.com Sun Mar 23 14:43:28
Notice this is being sent every 15 minutes to the exact second.
it's some fault with the mail server at undp.org. We'll contact
tomorrow and see if they can resolve it.
Several months later, I'm still getting these emails.
We dont get charged
on a per message basis anymore, so I really dont mind them that
would like to learn how this was done though, or find out what
there is to stop it.
Thanx very much in advance for any assistance.
[Carolyn: Your ISP could block the domain of your spammer
(sdpi.sdnpk.undp.org)at the router. Many ISPs block all known
domains. In fact, many ISPs block all incoming email for which
in the return address does not have a reverse DNS lookup.]
*** Bypassing Caller ID, etc. From: "dr. 7" <firstname.lastname@example.org>
>[Matt: In my area, you can make a private call by dialing
*67, waiting for
>tone, and then dialing the regular number. It might be different
>areas. You can probably just dial 0 and ask the operator.
So, all the
>numbers you scan will have to be in the form of "*67,,xxxxxxx"
>something similar). Keep in mind that people with Caller
ID can ignore
>private calls or have the >telco block them.]
I would like to point out that although *67 WILL disable caller
usually also costs $.50 per use. If you are war-dialing, then
rack up a pretty hefty phone bill. Alternatives would be a classified
number (*note* make sure it is classified from INFORMATION and
phone books) or a monthly disabling of call waiting. Or if you
phreaker, use a different line. (i.e. red box) I don't support
this, but it
is a valid alternative
From: "Bobfrindly" <email@example.com>
Can you please add me to your list for the Happy Hacker
have seen some of them over at my friends house and they are
thing though, the people who are trying to defeat foolproof are
the times. We have been able to nuke it much easier and
quicker than they
have for a long time. The easiest and most reliable way
to nuke foolproof
which we have found is using a startup CD. Either 'borrow'
one from your
teacher or buy your own. Then hard kill the computer when
foolproof is on
(if you don't do this the hard drive will be locked) then restart
the P Ram by holding down Apple+Option+P+R, after the little
comes on again immediately hold down Apple+Option+Shift+Delete
from CD. After this your in and you can simply drag foolproof
to the trash
: ). Well please add me to the mailing list, thank
From: "The Darkling" <firstname.lastname@example.org>
Well, none of my posts have gootten threw so far, maybee this
Hacking full proof:
1: Getting a clean system.
Well some people say use a boot disk, but if you have the
same setup as we
do (crafty I*()%(&^ computer teacher) then you know all you
have then is
the disk, and you can't accsess C: drive.
so, then you try to be crafty and hit a F* key to try to boot
something were full proof won't load. Again, my damn crafty copmuter
teacher enambled the boot password for everything but regular
(yes, this can be broken, and destroyed, etc.. but this is
supposed to be
nondestructive right matt/cee-pee-elmo? )
so we try our last thing.. we use a boot cd. wamm-bamn, no
wow.. a clean system..... hehehheheheh
2: Removing Full proof.
Well, if we want to use the cd rom drive, (and for that natural
system gung-ho) we need to make it so full proof will not load
restart the computer.
For those of you who did not yet find the
place were it boots, Its in
your autoexec.bat file located in your C:\ (or main dir). There's
(middle ot end) that looks something like c:\fp95\fpsomething.exe
now lets change that to
kewl huh? rem or Remove from memory just made it so teh litllte
program won't load at boot. Now restart the computer and
take out the cd
and marvel at what a kewl hacker you are.....
but then you wonder how your sadictic computer teacher is
gonna flai you
alive after he finds out your beat his securaty system......
huh? ya.. I thought so. so what do you do? just del the
Rem thing we put
in autoexec.bat and ZAPPPPPPPPPPP! you leave no trace that you
"Lifes a bitch and then you die, so screw the world and
lets go get
high" the Darkling 97'
*** Identify This System
From: Andrew <email@example.com>
I'm just wondering if someone can explain something for me.
When I dial up
my ISP (my school) with a comm program, I get a prompt with the
name followed by a ">". I can type IP addresses
and domain names and it
tries to connect to them. At one (again belonging to the
school) I got a
UNIX login. If I try to go to one of the dynamic IPs it
asks me for
password verification. Is this some kind of router?
Is there anything
interesting to do here?
I'd appreciate any kind of info you can give me....
Play Ultimate or Die of Boredom!
[Matt: It's probaby a router, or a terminal server. Try a
Anyone else have something to add?]
Matt Hinze <firstname.lastname@example.org> <- finger for PGP,
To: email@example.com Subject: happy hacker From: "William
C . Topp"
<firstname.lastname@example.org> Date: Mon, 02 Jun 1997 15:02:24 -0400
i was browsing your latest hacker transmission and i got to
line received. it is this: "Matt Hinze <email@example.com>
<- finger for
PGP". i don't understand the reference to "finger
for PGP". is this a
mild flame directed at that program or a reference to some finger
that interfaces with pgp?
[Matt: No, it means use the finger client to finger my address
and see (or
save) my .plan file, which contains my PGP public key, like this:
[fear]# finger firstname.lastname@example.org > anyfile
And no, the phone number that it offers is not mine. It's
not even a
working number, AFAIK.]
Matt Hinze, Moderator Happy Hacker Digest
<email@example.com> <- finger for PGP, etc