What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

======================================================================
           Happy Hacker Digest - June 5, 1997
======================================================================

      This is a moderated list for discussions of *legal* hacking.
                        Moderator is Matt Hinze

             Send posts to: matt@cs.utexas.edu (Matt Hinze)
           [if you can, include a "HH" in the subject header]

             Please don't send us anything you wouldn't
            email to your friendly neighborhood narc, OK?

To subscribe or unsubscribe, just
use the subscribe boxes on the menubars.

The Happy Hacker Digest Webpage, located at
http://www.cs.utexas.edu/users/matt/hh.html, contains recently
discussed web sites and past URLs Of The Day
(usually updated the day after the Digest is released).
 

           H a p p y   H a c k i n g !
 

======================================================================
======================================================================
 
 

Table Of Contents:
==================
* Note From Matt
* VAX/VMS Hacking Challenge
* War Dialling
* Literature
* RE: Call for help for person accused of computer crime
* Spammer Trouble
* Bypassing Caller ID, etc.
* FoolProof
* Identify This System
* [end note]
===================

========================================================================
*** Note From Matt
========================================================================

Whoa! This digest is a few days late! Sorry! We've sort of reorganized
things here at the Happy Hacker think-tank, so we're a few days behind.

As soon as things settle in, we're going to relocate the web page (to allow
for faster updates), and make a lot of other great changes.

Happy Hacking,
Matt Hinze

========================================================================
 *** VAX/VMS Hacking Challenge From: "Ted Martin"
<tmartin@mail.bcpl.lib.md.us>
========================================================================
 

Can you repost the information about the VMS challenge, Ilsot that
paticualr issue and its not archeived yet :(

[Matt: This is an oft-requested issue. I am going to repost this issue of
The Happy Hacker Digest to the official Happy Hacker Webpage at
http://www.cs.utexas.edu/users/matt/hh.html ]
 

========================================================================
 *** War Dialling From: Aaaaargh@aol.com
========================================================================
 

After reading the may23-14 edition of the HHD I decided to call an operator
and talk to them about the legality of dialing consecutive numbers.  The
operator I talked to said that there was nothing illegal about it and that
people do it all the time for things like telephone surveys.  I know this
isn't real new info but I just wanted to confirm Nathans post on war
dialing.
 Also, if anyone can give me some advice on which wardialer I should use I
would be gratefull.

[Matt: I'm going to close the issue of war dialling legality and simply
state that it depends on where you live. Call your telco and ask. I always
use ToneLoc to scan, but you might find something that better suits your
needs.]

========================================================================
*** Literature From: Chris <cybernet7@mindspring.com>
========================================================================
 

 Where can I find a book(s) decribing UNIX
commands, TCP/IP processes, and Telnet things on the WWW or AOL.  I have
searched for your book sugestions using Webcrawler and come up empty
handed.  I'd really appreaciate being pointed in the right dirrection.

[Carolyn: surf over to http://amazon.com and do a key word search on Unix.
If you have a credit card you can order books from this site, which is now
the biggest bookstore on the planet.]

[Matt: I've read a few good books lately, and I think I'm going to mention
them all. In fact, I've just had a brainstorm and I think this could be a
regular Happy Hacker feature. So if you have read hacking related books
lately, send a review in to me at matt@cs.utexas.edu .

I've re-read "Practical Unix & Internet Security, 2nd edition", by Simson
Garfunkel and Gene Spafford. Published by ORA in 1996. ISBN 1-56592-148-8.

This one is required reading. It's fairly expensive, though, so see if you
can get it from your local library or from inter-library loan.

"Takedown: the pursuit and capture of Kevin Mitnick, America's most wanted
computer outlaw - by the man who did it" by Tsutomu Shimomura (with John
Markoff) Published by Hyperion in 1996, ISBN 0-7868-6120-6

"Takedown" is Ok. Shimomura likes to toot his own horn, and for a guy with
no high school or college degree, he sure thinks he's smart. We follow
Shimomura as he jaunts across the country hunting Mitnik, but only in
between roller-blading or cross-country skiing stints. He drops a lot of
names to sound important. I'm not really impressed, but it makes a good
read anyway.

"The Watchman: the twisted life and crimes of serial hacker Kevin Poulsen"
by Jonathan Littman. Pubished by Little, Brown and Company in 1997, ISBN
0-316-52857-9

The Watchman is a lot better than Takedown. It's simply well written, even
if it is the present tense, which tends to irk me sometimes. I recommend
it.

I'm in the middle of "The Fugitive Game: online with Kevin Mitnick, the
inside story of the great cyberchase", also by Littman, and it's pretty
good so far. An excerpt:

 [Littman:] "What would you say to young kids thinking about getting into
 hacking?" [Mitnick:] "Don't make the same mistakes I did. Hacking might
 look exciting at the beginning, but when you look back on it, you only
 have one life to live."

Ok.. back to your regularly scheduled Digest. :) ]

========================================================================
*** RE: Call for help for person accused of computer crime
========================================================================
 

From: Tony Middleton <middleton@platinum.com>

I would recommend to you and Michael Robinson my friend Phil Dubois for
computer crime cases.  He is the man who defended Phil Zimmerman so
successfully as well as a number of nameless hackers.  He can be reached at
dubois@dubois.com.

Tony

===========================================================================

From: [anonymous]

Like you magazine, list whatever it's called.  As for this unfortunate dude
with the legal problems.  There is an attorney who advertises in the back
of 2600 magazine:

Dorsey Morrow Jr.
(334) 265-6602
cyberlaw@mont.mindspring.com

Don't know anything about the attorney or the legal stuff in general.
If you forward this around anonymize me.  As you can see from my address, I
don't need any trouble.

===========================================================================

From: "A  l  i  e  n" <kyle@felix.teclink.net>

I Notfieded NetCop (www.netcop.com) of the problem, they heped me with
simlar problems. you may want to e mail netcop at topher@netcop.com and
youu may be able to assist him
 

=========================================================================
*** Spammer Trouble From: "Dinesh Mahtani (Dino)"
<mahtani@vaxvmsx.babson.edu>
=========================================================================

Sawatdee Kharp (G'day) from Thailand!

I've just been reading your GUIDE TO (mostly) HARMLESS HACKING, and picked
up a few useful tips.  I used to be a sysop in Hong kong several years ago,
running a 3 node BBS.  Gave it all up when I headed to college.

Unfortunatley, I seem to have missed out on a good bit on the advances with
the Internet, and am begining to catch up now.  I'm finally starting to
learn Linux.

Anyways, enough about me...  I had a  quick question and was wondering if
you could offer any advice.

A while ago my ISP used to charge per email we rec'd. I asked one spammer
to stop sending me mails for this reason, and in response he sent me a
blank email message every 15 mins.  Its been going on for some time now.
The ISP I'm with has sent emails to him (her?) requesting for these emails
to stop. I sent one too and was told teh sysadmin didnt know what was going
on.

Heres a copy of what my ISP told me:

>From masood@sdpi.sdnpk.undp.org  Sun Mar 23 13:43:28 1997
Status: O
X-Status:
 

>From masood@sdpi.sdnpk.undp.org  Sun Mar 23 13:58:28 1997
Status: O
X-Status:
 

>From masood@sdpi.sdnpk.undp.org  Sun Mar 23 14:13:28 1997
Status: O
X-Status:
 

>From masood@sdpi.sdnpk.undp.org  Sun Mar 23 14:28:28 1997
Status: O
X-Status:
 

>From masood@sdpi.sdnpk.undp.org  Sun Mar 23 14:43:28 1997
Status: O
X-Status:

Notice this is being sent every 15 minutes to the exact second. Probably,
it's some fault with the mail server at undp.org. We'll contact them
tomorrow and see if they can resolve it.

Several months later, I'm still getting these emails.  We dont get charged
on a per message basis anymore, so I really dont mind them that much.  I
would like to learn how this was done though, or find out what possible way
there is to stop it.

Thanx very much in advance for any assistance.

D.

[Carolyn: Your ISP could block the domain of your spammer
(sdpi.sdnpk.undp.org)at the router. Many ISPs block all known spammer
domains. In fact, many ISPs block all incoming email for which the domain
in the return address does not have a reverse DNS lookup.]

========================================================================
*** Bypassing Caller ID, etc. From: "dr. 7" <dr7@swbell.net>
========================================================================
 

>[Matt: In my area, you can make a private call by dialing *67, waiting for
>tone, and then dialing the regular number. It might be different in other
>areas. You can probably just dial 0 and ask the operator. So, all the
>numbers you scan will have to be in the form of "*67,,xxxxxxx" (or
>something similar). Keep in mind that people with Caller ID can ignore
>private calls or have the >telco block them.]

I would like to point out that although *67 WILL disable caller ID, it
usually also costs $.50 per use. If you are war-dialing, then you could
rack up a pretty hefty phone bill. Alternatives would be a classified
number (*note* make sure it is classified from INFORMATION and not the
phone books) or a monthly disabling of call waiting. Or if you are a
phreaker, use a different line. (i.e. red box) I don't support this, but it
is a valid alternative

dr7@swbell.net

=====================================================================
 *** FoolProof
=====================================================================
 

From: "Bobfrindly" <jhall@cyberhighway.net>

Hey,
 Can you please add me to your list for the Happy Hacker Newsletter?  I
have seen some of them over at my friends house and they are cool.  One
thing though, the people who are trying to defeat foolproof are way behind
the times.  We have been able to nuke it much easier and quicker than they
have for a long time.  The easiest and most reliable way to nuke foolproof
which we have found is using a startup CD.  Either 'borrow' one from your
teacher or buy your own.  Then hard kill the computer when foolproof is on
(if you don't do this the hard drive will be locked) then restart and clear
the P Ram by holding down Apple+Option+P+R, after the little startup sound
comes on again immediately hold down Apple+Option+Shift+Delete to start
from CD.  After this your in and you can simply drag foolproof to the trash
: ).   Well please add me to the mailing list, thank you.

BobFrindly

====================================================================

From: "The Darkling" <darkling69@hotmail.com>

Well, none of my posts have gootten threw so far, maybee this one will.
 

Hacking full proof:

1: Getting a clean system.

Well some people say use a boot disk, but if you have the same setup as we
do (crafty I*()%(&^ computer teacher) then you know all you have then is
the disk, and you can't accsess C: drive.

so, then you try to be crafty and hit a F* key to try to boot to
something were full proof won't load. Again, my damn crafty copmuter
teacher enambled the boot password for everything but regular win95
boot.

(yes, this can be broken, and destroyed, etc.. but this is supposed to be
nondestructive right matt/cee-pee-elmo? )

so we try our last thing.. we use a boot cd. wamm-bamn, no full proof...
wow.. a clean system..... hehehheheheh
 

2: Removing Full proof.

Well, if we want to use the cd rom drive, (and for that natural beat
system gung-ho) we need to make it so full proof will not load when we
restart the computer.
    For those of you who did not yet find the place were it boots, Its in
your autoexec.bat file located in your C:\ (or main dir). There's a line
(middle ot end) that looks something like  c:\fp95\fpsomething.exe

now lets change that to

rem c:\fp95\fpsomething.exe

kewl huh? rem or Remove from memory just made it so teh litllte loader
program won't load at boot.  Now restart the computer and take out the cd
and marvel at what a kewl hacker you are.....

but then you wonder how your sadictic computer teacher is gonna flai you
alive after he finds out your beat his securaty system...... pretty pissed
huh? ya.. I thought so.  so what do you do? just del the Rem thing we put
in autoexec.bat and ZAPPPPPPPPPPP! you leave no trace that you ever beat
it.....

hohohohohohohoh...

The Darkling
"Lifes a bitch and then you die, so screw the world and lets go get
high" the Darkling 97'
 

========================================================================
*** Identify This System
========================================================================
 

From: Andrew <frisbking@geocities.com>

I'm just wondering if someone can explain something for me.  When I dial up
my ISP (my school) with a comm program, I get a prompt with the school's
name followed by a ">".  I can type IP addresses and domain names and it
tries to connect to them.  At one (again belonging to the school) I got a
UNIX login.  If I try to go to one of the dynamic IPs it asks me for
password verification.  Is this some kind of router?  Is there anything
interesting to do here?

I'd appreciate any kind of info you can give me....
Andrew

Play Ultimate or Die of Boredom!

[Matt: It's probaby a router, or a terminal server. Try a "show version".
Anyone else have something to add?]

===========================================================================
=========================================================================

Matt Hinze <matt@cs.utexas.edu> <- finger for PGP, etc

[end note]________________________________________________________________

To: matt@cs.utexas.edu Subject: happy hacker From: "William C . Topp"
<topp@mhv.net> Date: Mon, 02 Jun 1997 15:02:24 -0400

i was browsing your latest hacker transmission and i got to the last
line received.  it is this: "Matt Hinze <matt@cs.utexas.edu> <- finger for
PGP".  i don't understand the reference to "finger for PGP".  is this a
mild flame directed at that program or a reference to some finger protocol
that interfaces with pgp?

bill topp
topp@mhv.net

[Matt: No, it means use the finger client to finger my address and see (or
save) my .plan file, which contains my PGP public key, like this:

[fear]# finger matt@cs.utexas.edu > anyfile

And no, the phone number that it offers is not mine. It's not even a
working number, AFAIK.]
_________________________________________________________________
Matt Hinze, Moderator   Happy Hacker Digest
<matt@cs.utexas.edu> <- finger for PGP, etc

More--->>

 © 2013 Happy Hacker All rights reserved.