What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

===================================================================== *** Whois Help NOTE!!! Whois.internic.net doesn't work the way this Digest says any more. Instead, click here to learn the new way to use it.

===================================================================== From: Bob Jonanson   I'm getting really into this stuff!   When I do a whois @toad.net it gives me about 250 addresses. How do I tell it to just display a couple at a time so I can see more than the last 20?   [Carolyn: There are several ways. One easy one, presuming you are in a shell account, is the command:   whois @toad.net|more   (Note: The following is outdated. whois.internic..net and rs.internic.net no longer allow anyone to telnet into them)   If you don't have a shell account, look for an option in your telnet program to log your session. Then telnet to whois.internic.net or rs.internic.net. This will give you:   Trying Connected to rs.internic.net. Escape character is '^]'. [SSL not available] ************************************************************************ * -- InterNIC Registration Services Center -- * * For wais, type: WAIS [search string] <return>* For the *original* whois type: WHOIS [search string] <return>* For referral whois type: RWHOIS [search string] <return>* * For user assistance call (703) 742-4777 # Questions/Updates on the whois database to HOSTMASTER@internic.net * Please report system problems to ACTION@internic.net ************************************************************************ Please be advised that use constitutes consent to monitoring (Elec Comm Priv Act, 18 USC 2701-2711)

6/1/94 We are offering an experimental distributed whois service called referral whois (RWhois). To find out more, look for RWhois documents, a sample client and server under: gopher: (rs.internic.net) InterNIC Registration Services -> InterNIC Registration Archives ->pub ->rwhois anonymous ftp: (rs.internic.net) /pub/rwhois Cmdinter Ver 1.3 Thu Jan 8 10:25:30 1998 EST [vt100] InterNIC >whois @toad.net Connecting to the rs Database . . . . . . Connected to the rs Database Gilmore, John (JG150) gnu@TOAD.COM +1 415 221 6524 (FAX) +1 415 221 7251 (snip)  

[Carolyn: I normally would fubar this material so a zillion clueless newbies wouldn't try to hack toad.net. However, if you know who John Gilmore is and what toad.net is, you won't dare:):):) Gilmore is one of the uberest of uberhackers and a founder of the Electronic Freedom Foundation.   But here is the big question. Who are these people whose phone numbbers are given out to the public? This is a list of everyone (up to 256 records) who has registered their own domain name using a particular host, in this case toad.net. Internic is the source for these phone numbers, which it pulls off its database of domain registrations.]   ===================================================================== *** More on Eric Raymond ===================================================================== From: Strider Re: GTmHH Vol 6.1 - Eric Raymond   &gt>Hackerdom's most revered demigods are people who have written large, &gt>capable programs that met a widespread need and given them away, so that now &gt>everyone uses them. >>If someone has written a large, capable program, that has met a >widespread need, then why do they give it away? Anyone willing to work >for free seems to be implying that their work, and their time, is worth >the price they're asking for. >>Sounds like a statement a "cracker" would make : that they would want >something for free. Are you willing to give your work away for free? Why >not?   Most good programs that I use are free. Linux, every bit of it, is free. It's an entire operating system that will turn your PC into a powerful server (not to mention client), and everything you'll ever need (mail, web servers, Xwindows, C, C++, PERL, Python, news, web browsers, word processing, etc.) Evidently, all of those authors found some reason to do it.   A true hacker enjoys exploring and working things out- programming is one of the best ways to do this. Why not give away the fruits of your fun? Some would say that being paid for it is selfish- although I doubt many people of the cracker mentality would understand that: a typical cracker would, I agree, like to take- breaking into a system, pirating "warez" and the like, but not give. After all- where, they would say, is the gain in that?   - Strider ===================================================================== *** Java Chat Room Question ===================================================================== From: Pete Fradl [SMTP:cyberbudda@internetmci.com]   Hello again glad to see GTHH is still alive and well. have a question I need help with or a point in the right direction. In the chat rooms there are always those who attack others and are annoying beyond the powers of the ignore button. Cybertown is one of them. is it possible to trace or track down a user in a Java chartroom???to at least the point of that persons email address it lists a server# for each user but not sure if thats the dialup or after several hops...usually traceroute and and the other progssay unreachable or unknown when checking ..............hope to hear soon!   ===================================================================== *** Free Radio =====================================================================   From: Dave Hartley Subject: [EWAR] FW: Micropower Broadcasting Events & Strategies for 1998 Sender: owner-ewar-l@afterburner.sonic.net   -----Original Message----- From: Stephen Dunifer [SMTP:frbspd@crl.com] Sent: Sunday, January 04, 1998 3:51 PM To: media-l@tao.ca Subject: Micropower Broadcasting Events & Strategies for 1998     Liberating the Airwaves - Events & Strategies Even with the year only a few days old, 1998 is already beginning to look very promising for the further liberation of the airwaves despite the efforts of the FCC and NAB. Our strength rests in the court of public opinion. To that end it proposed that the week of February 16 be the week of a national teach-in under the banner of "Who Owns the Airwaves ?" - A National Teach-in on Micropower Broadcasting and Free Radio. Micropower broadcasters and supporters are urged to further engage their respective communities across the entire United States through a week long effort of information tables, leafleting and postering, putting up transmitters on street corners, talking to groups and organizations, and so forth. It is suggested that the week be ended with a public forum on Friday, February 20th and a micropower broadcasting workshop on Saturday, February 21. Support materials will be posted on the Free Radio Berkeley Web Site - www.freeradio.org. Documents will be in Adobe pdf format for ease of usage. A micropower broadcasting technical primer will be among the many items placed there. A two hour video is available for $15. Also visit the legal web site (www.368hayes.com) for all the legal briefs and such. The book, Seizing the Airwaves, by Stephen Dunifer and Ron Sakolsky will be out at the end of January, call AK Press (888-4AK-PRES) for copies or FRB (510) 464-3041. Further on in March is the Anarchist Book Fair in San Francisco, March 14th. A Free Radio table will be set up there. April is going to be busy. Starting with the weekend of April 3 an East Coast Micropower Broadcasting Gathering will take place in Philadelphia hosted by the Radio Mutiny crew. Directly following that, a West Coast Gathering is planned for Las Vegas on April 6th, 7th & 8th. It so happens that the National Association of Broadcasters is holding their convention in Las Vegas from April 5th to April 9th and will be inducting Rush Limbau into their Hall of Fame at a Luncheon on Tuesday, April 7th. At this time workshops are planned along with a transmitter clinic for the repair and tuning of transmitters. Some actions will be planned to confront the NAB as well. A micropower station will be put on the air for the duration of the gathering and handed over to the community when we leave. Details will be forthcoming on schedules, housing, support, transport, etc. Vehicle caravans will be departing from both the SF Bay Area and Los Angeles on Sunday, April 5th. Free Radio Berkeley is celebrating its 5th year of being on the air on Saturday, April 11 in Berkeley. It will be a big community event that is now being planned. Further, it will be a send off for a crew going to Haiti to teach workshops and classes and set up broadcast stations, they will be gone for 3 weeks. Everyone is invited to Berkeley to help us celebrate. Beyond all of these events and activities we need to look at how we can grow and protect this movement as much as possible. Your ideas, suggestions, criticisms are welcome on this matter. At some point Judge Claudia Wilken will be making a final ruling in our case, most likely in our favor, and setting a date for trial. When that occurs the FCC is expected to file an appeal with the 9th Circuit Court of Appeals depriving us of the opportunity of a trial at that time. Our plan is to announce that since the FCC is denying us our day in court and attempting to hide behind legal maneuvers we will hold our own peoples' tribunal of the FCC and corporate broadcast media. Most likely it will be a two day event with expert testimony, witnesses, evidence, etc. It will be broadcast live on the Internet. Help will be needed for this action. Legal strategies and support are essential to this movement. At this time we do not have the resources and funding for the creation of a national legal defense center, which we severely need. Anything that can be done to raise the funds for such an operation would make a vast amount of difference. Even though the Center for Constitutional Rights has joined the legal battle against the FCC, they do not have the resources and people for such an endeavor. With more FCC actions against micropower broadcasters being likely, we need to really pull the legal resources together. Technical support is also a major issue since many folks do not have the training or background to properly assemble transmitter kits and set up stations with proper regard for good broadcast engineering practice. New designs are in the works that will make the basic transmitter unit easier to construct, operate and maintain. It must be stressed that every precaution must be taken not to interfere with other broadcast services. Use stable clean transmitters, with filters and audio limiters. More trained people need to be available to help when needed along with the setting up of regional service clinics for the repair and tuning of transmitters. Our web site technical section will be expanded greatly over the next month or so to aid in this process. Folks who can volunteer as technical mentors need to raise their hands. A lot of work needs to be done, so lets get to it. Let ten thousand transmitters bloom ! Stephen Dunifer Free Radio Berkeley   frbspd@crl.com www.freeradio.org   (510) 464-3041   This message is from the Electronic Warfare list, run by Wes Thomas. To subscribe, email majordomo@afterburner.sonic.net with message "subscribe ewar-l". ===================================================================== *** Eudora Password Bug =====================================================================   Sender: Windows NT BugTraq Mailing List <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>From: Sander Goudswaard Subject: Eudora 4.0 password encryption flaw   THE PROBLEM The mail program Eudora from Qualcomm Inc. has the ability to save the mail password in its INI file ('save password'. This password is encrypted in a not-too-strong way.   HOW-TO There's a program called EUDPASS.COM on the Net that can easily decrypt this password. Although Qualcomm does know about this (I mentioned the problem several times, also prior to the release of Eudora 3), the problem still exists in current versions and has not been fixed.   AFFECTED SOFTWARE ALL Eudora clients for Windows are vulnerable, Light and Pro, including the just-released version 4. As I don't have a Macintosh, I could not verify how Eudora stores its password on a Mac.   WHAT TO DO Although they know the problem, no solution has been offered by Qualcomm. Until they change the encryption algorithm, the password can be easily decrypted by anyone with access to the INI file. Of course, having the INI file means someone can check your mail. But that 'someone' could not use the password to log in directly to the machine the mail is stored on. With this utility, the password itself can be obtained.   Don't save your password, or make sure your INI file (better, the entire mail directory) can not be accessed by anyone. Hope Qualcomm will change the algorithm some day.   Best regards, Sander Goudswaard Wageningen Agricultural University   -- Sander Goudswaard, mailto:sander.goudswaard@serv.iend.wau.nl Wageningen University, Dept. of Information Management & Datacommunication, the Netherlands, phone: +31 317 484053, fax: +31 317 482970 www: http://www.student.wau.nl/~sander/ - talk: sander@flex167.iend.wau.nl   [Carolyn: NT Bugtraq has a new service: http://www.ntbugtraq.com/ntfixes.asp If you are responsible for an NT box or network, this is a security and bug patch resource you can't afford to be without. Be sure to subscribe to their list, too. ===================================================================== *** Easy Way to Clear Internet Explorer Browser History ===================================================================== From: -   In lesson 2-2, you talk about clearing your previous web sites on Internet Explorer. There is an easy way to do this. If you go to View, Options, then click the Advanced tab, click the settings button near View Files. Move the slide to set "Amount of Disk Space to use" to 1%. This will clear the pull down menu where you type in your sites.   ===================================================================== *** Looking for Advice ===================================================================== From: Siren   I have a small dilemma. I'm 16 and I want to be a supreme programmer, but the problem is that I live in a Central American Country in which "Windows Programming" is big., y'know (FoxPro, VB, VC++, VJ++, etc.). But in my mind I live in the computer world, that I know other people in other places in the world live in too :-), and I want to do something that requires more creativity like artificial intelligence or security programming. I already know VB and C and I'm learning C++ and ASM. But I have a concern,   I see a lot of people flocking to H/P making that a highly competitive field in the computer industry. And artificial intelligence is something that at the moment won't yield earnings, something that I can only do when I get that initial boost. I've seen some hacking material and I get your Happy Hacker List. But I need another opinion and a point of view to make up my mind. TNX.   Siren.   [Carolyn: I hope people on this list will email you with lots of good suggestions. Here' my philosophy: If you can get into a University that offers a computer science degree, try that. Go for an advanced degree. Basic theory never loses its value. Then you can easily move into whatever field is exciting your dreams, for example your love of artificial intelligence -- better yet, artificial life! Best place for that may be the Artificial Intelligence Lab at the Massachusetts Institute of Technology, http://ai.mit.edu.] =================================================================== *** More Linux Installation Questions =================================================================== From: LORD K1L0KH@N   I need a little help installing Linux I am on my merry little way to start installing PPP when I started to compile the kernel with the make kernel command but it tells me that there appears to be no source for the kernel in the default dir so I went to the /usr directory and then into the sub directory src then I found out that you had to pick between Linux and Linux-2.0.30 so I tried both and when I got to the directory which apparently contained the source for my kernel I issued this command ./kinstall.sh /usr/src/Linux/include/linux and it still said there appears to be no kernel source in that directory so I went thought the other kernel dir and it still said there was no source in there. could you kindly help me with my dilemma   =================================================================== *** How to Forge Email with Navigator ===================================================================   FROM C8TO,   Another note on email forging for the absolute newbie:   In one of the guides email forging was gone over with regards to Eudora Pro (or something). A lot of newbies ( and even experts ) just use Navigator for email.   This is for communicator but the process is much the same for Netscape v3 etc.   goto preferences (or options in the old version I think ). Change your identity ie name and email address to whatever you want to fake the email from eg   Name: test E mail: test@test.com   then change your OUTGOING mail server to one where you want the email to be bounced from. For this you will need to do a little exploring. I tried a few [mail servers] before I got a header that told nothing except my fake email address, so send yourself some test messages and look at the FULL headers (in navigator goto View, Headers All ). Lots of servers I got "do not relay" messages from and some showed where I dialed in from (aaarrghhh). You can even leave your incoming mail username and server the same so you can check your email without having to change it every time.   Happy Hacking,   C8TO   in vino veritas   (and some other things too) [sic]   [Carolyn: We're getting a lot of Latin quotes around here lately. What's up?] =================================================================== *** How to Get Happy Hacker Book =================================================================== From: CyberBreeze   I was wondering if the Happy Hacker Book was coming out in England and would it still come out in Feb over here.   P.S. love the GTMHH Series   [Carolyn: The Happy Hacker book may not be out until March. I'll let you know when it's available. If you live outside the US, you can still buy any US book if you have a credit card and go to http://www.amazon.com. They sell lots of computer manuals -- check them out! However, please remember that almost any information that will be in the book has appeared in either the Happy Hacker Digests or Guides to (mostly) Harmless Hacking. They are archived at http://cmeinel.com/happyhacker.html] ___________________________________________________________________ with message "subscribe hh." This is a list devoted to *legal* hacking! If you plan yo use any information in this Digest or at our Web site to commit crime, go away! Foo on you! Happy Hacker is a 501 (c) (3) tax exempt organization in the United States operating under Shepherd's Fold Ministries. Yes! This is all a plot to save your immortal souls! For Windows questions, please write Roger Prata; for Macs, write Strider; and Unix, ">Carolyn Meinel. Editor-in-chief is R.J. Gosselin. Webmaster is Praying Mantis.

© 2001 Happy Hacker All rights reserved.