FREQUENCY: Inside the Hacker Mind Freq19 March 2002 1. Introduction “Fear and Loathing” 2. Less Is More 3. Changing KaZaA Banners 4. How Shell Accounts Are Stolen II 5. Help the Chinese 6. Hacker Songs 7. On the Inside – “DUATS” 8. Review – “Freedom Downtime” 9. Crosstalk 10. Closing Arguments 11. Crew 1. INTRODUCTION “FEAR AND LOATHING” Ever since the idea to publish this ezine came about I’ve felt something all around me, everywhere I turned. It wasn’t something I could see, or taste, or touch…but it was there. And no, for you movie buffs it wasn’t The Matrix, it was something about the world that had to be changed, but most likely never would. I felt it when I walked into a computer store wearing a 2600 shirt, I felt it when I asked the operator too many questions, and I especially felt it at my former university. Fear. A fear of those that know what they’re doing in this crazy technological world around us. This fear is often masked, by people who claim that these computer nerds could never hurt them. Their brains would never be any match for the pure brawn of the athlete, of the politician, of the CEO. How wrong they are. They have a reason to fear hackers, but not for the hogwash, made up, bullshit reasons the media portrays. No, these people should fear hackers for one reason, and one reason only…they’re smart. They’re smarter than they can ever hope to be. A computer hacker can not only write a buffer overflow and gain root access, they can take control of your very life by using a laptop and modem. We’re not talking about movie hacking folks, we’re keeping it real…hackers can do a lot. But have they? The honest answer is, no. Hackers have never caused enough damage to warrant the way they’re perceived in the mass media, and yet are still considered by many authorities to be one of the biggest menaces to society. And while these authorities may hide behind a smokescreen of “doing their job” and protecting the innocent, in reality they too are scared. Sure, hackers have never really done anything to warrant prison time…but that doesn’t change that one crucial element. The hackers are smarter. They were the kids that never had to wait in line, the teens that never played by the rules and still had things their way, the adults who cut corners and made things happen…those are the hackers. And those are the people they fear, the ones that know how to get down and dirty to do things their way. Many, including authority figures, would object to this. They’ll claim that we must obey the rules in place around us “simply because.” And yet, when shown that those rules can be so easily manipulated and broken, they cower in fear. They threaten legal action. And for what? For someone explaining how files could be read? It makes no sense, and yet it happens all the time. This has to change. This fear and paranoia of hackers is ridiculous. Hackers have the ability to do so much, but if they were going to…wouldn’t they have done it by now? Perhaps we’re missing the point entirely…maybe authorities aren’t scared. Maybe they’re angry, or jealous even. Jealous that some people out there don’t run around pointing guns at kids heads like savages, jealous that some people out there are actually able to do things their way. Or is that, in itself, the fear? The fear that they’re somehow not as intelligent as these kids with computers. The fear that maybe all those years they spent in college were really just bullshit, and that piece of paper that said they graduated is nothing more than something to fill a frame. Because now, even in their high paying jobs, they’re seeing kids that can get ahead. But these kids don’t have to play by the real world’s rules, they don’t have to do the same things those authority figures did. Because these kids, these people, are hackers, and they can do a lot with their minds. They can make computers do their bidding, as well as systems in the real world. And believe me, accomplishing something by doing half the work really pisses people off. Hackers can do a lot, and it’s possible that they could do a lot of damage, but guess what… …they never have. Words to live by, or at least remember until the next issue. With my rant of the month out of the way I think I’ll begin by welcoming you to what should have been our “looking back issue”, if we played by the rules set in Freq9. Way back then we stated that every “9” issue would look back, and every tenth would look ahead…well we’re changing that. Not completely of course, we’re just kind of deviating. Instead of talking about all that has come, we’re going to stay focused on what’s really important…the here and now. But wait, if I talked about issue 9…didn’t I look back? Oh damn… Welcome to Freq19. –screamer 2. LESS IS MORE: by Vicious I’m not the type of hacker who experiments with a lot of different things to see what I find. I prefer to give myself a challenge, or maybe even set a goal or two. And while I may not always accomplish what I set out do, I learn a lot in the process. It was this way of thinking that brought me to the realization that I’m now presenting. Less is more. Of course we all know that the fewer programs you have connected to the internet the better. After all, an open port could equal a doorway into your system. But there’s more to it than just that. After all, the more we as people do, the more vulnerabilities we expose ourselves to. I first noticed this when thinking up something I wanted to, something that was the equivalent of a harmless prank. I’ll call him X for the time being, but rest assured he’s very real. Now X was a good friend, but he never quite believed that I could do anything. Time and time again I told him that I was a hacker, but his challenges for me were all off the wall. “If you’re a hacker, then hack into the pentagon!” would be one thing he would say. So I decided, in all my immature wisdom, that I was going to hack him somehow. In other words, I was going to do something that directly affected him, if only to prove that I had what it took. A foolish thing? Perhaps, but I don’t see the harm in a little electronic mischief. Here’s the problem: He barely did anything at all online, with the obvious exceptions of email and instant messaging (I think it’s a law that everyone has to do those things nowadays, that and the whole porn thing). OK, he barely does anything except the dullest of things online…great, so how could I strike? More importantly, how could I do something creative without resorting to sticking a Trojan in his machine? But the more I thought about it, the more I realized that if I did anything at all, it would have to be something highly illegal. After all, that’s why it’s the “cool stuff.” Now wait a second, I’m not looking to go to jail here. So what’s left? ICQ exploits? Sending him a bogus message…no that’s dumb. Hacking his email? Please, that’s not artistic…that’s just downright boring. Sniffing his network traffic? Ah, now we’re getting somewhere…or are we? In order for a sniff attack (I’m using the word “attack” very loosely there) to be effective, you have to have access to that particular network, or manage to do some complex ARP or IP spoofing. Considering he was on a dial up connection, I realized that sniffing would be pretty pointless. Oh sure it could be done, but his IP addy changed with every connection! And even if I had spoofed a host, I would need to DoS the real one for the duration of the attack. This is the part in the sitcom where you cut to the main star behind bars… Wait, I thought, if I could find some other machines that this guy logged into I could do something there. But he didn’t have any! Like most computer users today, he was only interested in doing those boring things mentioned above, so attacking a shell account is a moot point. And here I am, still trying to think of something to do. Because he does so little online I really have few avenues for attack, not to mention his ancient history net connection. I can’t port scan him unless he’s online at that particular moment. I can’t attack any of his shells. And I don’t WANT to go after his email or put a Trojan in his machine. But perhaps the biggest detractor of all is the fear of doing something big. If I really wanted to, I could try to have his power shut off or his cable disconnected (no I’m not saying I’m that great, but there are ways to get things done), but that would only lead me to jail time! Where there’s a will, there’s a way. I’m a big believer in that, always have been, always will be. And while pulling an electronic prank may not be a lofty goal, there’s little that can stop a hacker who’s bent on getting results. I’m certain something will come along, but until then he’s pretty much locked up tight. Damn, why couldn’t he just use Passport or get a cable modem, why does he have to make things so difficult? 3. CHANGING KAZAA BANNERS: by Cold Sunn If you do not know what Kazaa is, it is a filesharing program almost identical to Morpheus. It is used to download songs, video, software, and other pieces of information from other people who are sharing their media. It is very useful when you don't want to take the chance of buying a cd and realizing it sucks, or don't want to pay 5 bucks to rent a movie. Because it is free, there are banners. This is expected, and you can get around the banners. Here are some ways to do it, which should lead to other things you can do. While I was searching for songs to download, I got a message about an error, and it asked if I wanted to continue running scripts on this page. I wasn't on the internet, and I wasn't going to "continue running scripts" on any pages anyway. After I got this message about 6 times, I saw that it included the full file path. I found the file on my computer, and I realized that they weren't just pictures, they were HTML pages. So, I started deleting the files, but they would come back over and over again. I opened one in Notepad and changed it to be a blank page. Then to say "Don't Click the Ad" The file path for the ads is... C:\WINDOWS\SYSTEM32\AdCache\ and the files are commonly named B_564400.HTM with the numbers changing. Deleting them doesn't really help, so I would just change them. This is the same with images, even if you change the .HTM files so that they don't call on the images, they still come back. So I would change those too. Don't put too much effort into it, because chances are by the next hour Kazaa will have downloaded another three ads to cycle. I don't know if this works the same way with Morpheus, but most likely. I know there are probably better ways of doing this, such as res hacking the software, but this seems easy to do and makes you a lot less likely to mess up the program. (as in not likely at all) If you find out anything interesting, or have corrections, email them to ColdSunn@n3tmask.com. 4. HOW SHELL ACCOUNTS ARE STOLEN II: by JayX In my last article, I explained several ways attackers could utilize the finger command to steal someone else’s shell account. Unfortunately, this way is often quite tedious and may not always return a result. Because the sad fact is, no matter how dumb your average computer is, many use a decent password. The times are changing, it’s a new world. People may not understand how things work, but they’ll usually make your brute force attack a somewhat futile approach. Needless to say I don’t think brute force is dead, how could it ever be? Brute force is, in all honesty, the purest form of attack. A person selects a password, and by guessing that password you can gain access to their account. Quite often this will only result in mediocre access (as in user level), but sometimes, on rare occasions, you may break someone’s root password. Now let’s come back to reality. The techniques mentioned in the first article are some ways in which an attacker could get a fully functional shell for free, but it’s far too time consuming. And let’s not lie to ourselves, how many people would really sit at a login prompt all night? There comes a point where you give up, believing their password is so great that no one can crack it. Doubt sets in, and before long you’ve given up. Geez, wouldn’t it be great if someone just handed their password to you? It sure would *insert wink here* An important note that I need to mention is that you need to be on a LAN for this to work (switched or hubbed, doesn’t matter). If you have a cable modem you’re in good shape, or if you have a nice account at a business or school you should be ready to go. You’ll need my favorite program in the whole wide world (well, next to nmap), ettercap. It can be found at ettercap.sourceforge.net, and currently can only be used on UNIX based machines (oh sorry, you’ll need Linux too). With the tar file, you do the typical configure/make/make install routine to get everything set up. With everything installed, and hopefully no errors, you’re all set to begin sniffing the LAN and stealing shell accounts (not that I suggest you do of course). If you have the ncurses library that comes with newer versions of Linux, you can have a neat little graphical interface that will run from the command line, so you don’t even need X installed. Simply type “./ettercap” at the command prompt, and ettercap will send out arp requests to resolve all active hosts on your LAN. These hosts will be returned in two separate (albeit identical) columns. From here, you can select a source and destination IP address, and then choose how you would like to sniff the traffic between them (IP scan, MAC scan, or ARP) If you’ve never sniffed a network before you may be a bit worried. What if you don’t which machines on your LAN are communicating to each other? Fear not, odds are many of them are somehow connected to the internet. To sniff traffic from a host on your LAN to somewhere on the net you’ll need to use an ARP spoof (which ettercap does for you). This is known as the “Doppleganger” attack, or perhaps better known as “Man in the Middle.” In essence you put your Ethernet card into promiscuous mode and intercept data flowing between two points. Since it won’t be possible to specify a location outside of your network, you’ll need to enter in the gateway of your LAN as the destination. Of course, the gateway’s IP is not the destination, so you’ll need to use it’s MAC address. Oh no! How do you get that? Again, fear not my fellow script kiddies…ettercap does that as well! All MAC addresses are immediately resolved once ettercap has been run, meaning you only have to select the gateways IP from the list. Which one is it? Well, odds are it’s the first XXX.XXX.XXX.1 you encounter, but just incase it isn’t, you can use a special plug-in that comes with ettercap to determine it. Or use a Windows box on the same network and type “ipconfig” at the command prompt. Now we have the host and gateway. But remember, it’s even better if we have a host who’s known for his telnetting habits. Your local town hacker or computer wiz should do nicely, but Jane Doe down the road probably doesn’t use telnet that often. With the host set to someone who actively uses telnet, and the gateway as the destination, hit “a” in ncurses mode to begin the Doppleganger attack. If the host IP is connected to the net you will see the connections appear in the main window, so just hit enter to sniff them. From here you’ll be able to watch all their data move through your machine before reaching the gateway…and they’ll have no way of knowing! Unless someone actually went and noticed that two machines had the same MAC (and how many people do?) you’re in the clear. Press “L” to log the data, and just wait for the poor S.O.B. to open a telnet connection. His user and pass will come right through your computer, where you can happily pick them up. Oh wait, you use SSH? You think you’re safe? Sorry folks, ettercap can sniff SSH too. And sniffing’s not all it does, one feature of particular interest to me is “inject.” This allows you to send text to whatever machine your target is logged into…imagine someone leaving their computer for a few minutes with an open connection. All you’d have to do is change the password and you own their shell…you didn’t even have to log their user/pass (of course this shell will quickly be gone, as the rightful user can’t get in). There you have it, ettercap can get you a shell as long as you’re on a LAN, have Linux, and are willing to read the man pages a bit. And yes, you can do this right now. This isn’t old, outdated information. You can sniff your cable network right now…just remember how it would feel to be sniffed yourself. I can’t recommend any of these actions, but they are possible. Be good, and have fun. Page 2 -->5. HELP THE CHINESE: by samurai As you know the Chinese get killed for looking at any website about new or government. I say we help the Chinese. We can make websites that don’t have any keywords like government in them. That will have many misspelled errors. And give them programs to decrypt the misspelled errors. For example a word will be on a webpage called -jiwn- the "-" and "-" are the start of the encrypted word. Alright lets say when you decrypt it it will say -news-. I mean the way their ISPS are set up is they filter out keywords. But they cant filter out other types of words. In china there are hackers and phreakers, same as UK and the same as US. I think the program should be created in ANSI C. Because ANSI C source code can be compiled on any operating system. We can spread the source code first on CD, then sending it the Chinese people, and so on. The software should be free. With spreading news we can change a country. I am not sure where we can make such a program, like what server we should make it on, but I know for sure, only a few people should help, why? because every article hacker mind makes available to the public the FBI gets, I hate the FBI, but I hope we can select a group of people to help if your in. 6. HACKER SONGS: by CLoWnZ (c/o happyhacker.org) Free the Penguin I got it today... my first linux box... I unleashed it... it screamed to be free.. it wanted to go home... meet me... it talked to me... and showed me its games... it talked to me... and told me its name... I felt the electricity flow... the fruitful colors... watery and sweet... like candy... it asked me to describe it... and this is what I said... Delicious and tasty... a lot cleaner than windows pastry... my penguin is candy coated in its own sweet joy... it hasn't given me a blue screen of death ploy... when it speaks it doesn't say... it owns the world like gate's lil toy... Underneath it's shell... all the honorable people do tell... hours of fun... hours of creation... so much programming more effort than the windows station... now don't say I am dogging on windows... but at least my penguin doesn't need a leash... o and it's X-windows... so beautiful... it's like a new world.... - clownz --------------------------------------------------------------------------------------------------------------------- Yo, Penguin, Let's hack it! Linux Linux Baby, Linux Linux Baby All right stop, network and listen Linux is back with some brand new ambition Something grabs a hold of the modem tightly Then it flows like a harpoon daily and nightly Will it ever stop? Yo -- Heck No Turn off the lights and it'll glow To the extreme it rocked windows like a scandal Light up a room and wax a gump like a candle. Type, Bum rush the penguin that booms Windows killing your brain like a poisonous mushroom deadly, when it plays a wav melody Anything less than AOL is that a felony? Love it or leave it, You better crack way You better hit bull's eye, The penguin don't play If there was a problem, Yo, the penguin will solve it Check out the book while the tech resolves it Linux Linux Baby Penguin, Linux Linux Baby Penguin Linux Linux Baby Penguin, Linux Linux Baby Penguin Now that the meeting is jumping With the netoworks kicked in, the hackaz are pumpin' Quick to the line, to the line no faking Linux is cooking black hats like a pound of steak'em Burning them if they're not honest and humble it goes crazy when it hears a symbol And a black hat with a fluked up tempo it's on a roll and it's time to go solo Rollin' in my 5 ghz With my hat off so my hair can dry The white hats on standby, Waiting just to save the day Did the black hats stop? No -- they just drove by Kept on pursuing to the next port they busted a left and heading down to the next stop The port was dead Yo -- so they continued to A3A sysadmin ave. Black hats were hot eating less than linguini Laptop lovers sporting AMD's Jealous 'cause they can't get mine Sysadmin with a gauge and User with a nine Reading for the dumps on the wall The gumps acting ill because they're so full of fake calls Mugshots ranged out like a bell They took my nine -- All I heard were shells Falling on the box real fast Jumped in my chair, slammed on the trash Network to Network the computer is jammed I'm trying to get away before the hackaz jack Police on the scene, You know what I mean I called em up, confronted all the porn fiends If there was a problem, Yo, they solved it Check out the next book while my tech revolves it Linux Linux Baby Penguin, Linux Linux Baby Penguin Linux Linux Baby Penguin, Linux Linux Baby Penguin Take heed, 'cause I'm a lyrical admin Users on the scene just in case you didn't know it My box, that created all the bass sound Enough to play quake and put holes in the ground 'Cause my style's like a data spill Feasible text's that you can vision and feel Conducted and formed, This is a hell of a concept The Penguin makes it hype and you want to step with that Users play in the shade, networked like a ninja connect like a t3 so fast, Other hackaz say, "damn" If my rhyme was a source, they'd compile it by the gram Keep my composure when it's time to get loose Magnetized by the box while I kick my juice If there was a problem, Yo -- I'll solve it! Check out the hook while my penguin solved it. Linux Linux Baby Penguin, Linux Linux Baby Penguin Linux Linux Baby Penguin, Linux Linux Baby Penguin Yo man -- They can't get out of here! Word to your brother! Linux Linux Baby Too hot, Linux Linux Baby Too hot Too hot Linux Linux Too hot Too hot, Linux Linux Baby Too hot Too hot These songs courtesy of "CLoWnZ" 7. ON THE INSIDE – “DUATS”: by Unreal GTE Contel DUAT System Session number: ***** Enter DUAT access code -or- last name: Enter your password: Transaction number: ****** (Date and time in UTC here) Welcome to the DynCorp DUAT System **********************NOTICE******NOTICE******NOTICE******************* * All flight plans within an 18 Nautical mile radius of New York City or Washington, DC must be filed with an FAA Flight Service Station. **********************NOTICE******NOTICE******NOTICE******************* * With Aviation Security the primary issue in the United States today the FAA has issued the following WARNING which is directed at unauthorized users, abusers, and hackers and is not meant to discourage legitimate users in any way. DUATS is a free FAA sponsored service to pilots, dispatchers and others authorized by the FAA. Legitimate users are encouraged to use DUATS as much as needed and without reservation. *********************WARNING*****WARNING*****WARNING******************* * This is a Federal Aviation Administration (FAA) computer system. FAA systems, including all related equipment, networks, and network devices (specifically including Internet access) are provided for the processing of official Government information. Unauthorized access or use of this computer system may subject violators to criminal, civil, and/or administrative action. All information on this computer may be intercepted, recorded, read, copied, and disclosed by and to authorized personnel for official purposes, including criminal investigations. Access or use of this computer system by any person whether authorized or unauthorized, constitutes consent with these terms. **********************NOTICE******NOTICE******NOTICE******************* * SPECIAL NOTICE...EFFECTIVE IMMEDIATELY UNTIL FURTHER NOTICE... * ALL RESTRICTIONS FOR OPERATION IN ENHANCED CLASS B AIRSPACE BY VFR/IFR GENERAL AVIATION AIRCRAFT HAS BEEN REMOVED EXCEPT FOR THE FOLLOWING TFR'S: BOSTON TFR - Below 3,000 feet MSL and 3 NMR around propane facility near Boston Logan airport. NEW YORK TFR - Below 8,000 feet AGL AND 2 NMR centered around "ground zero", the World Trade Center site. WASHINGTON TFR - Below flight level 180 (18,000 FT) and 15 statute mile radius of the Washington Monument with a cut-out for freeway airport, MARYLAND. See NOTAM FDC 1/3354 for details * SPECIAL NOTICE....IFR OPERATIONS IN THE U.S See NOTAM FDC 1/3355 for details * SPECIAL NOTICE...VFR OPERATIONS IN THE U.S. See NOTAM FDC 1/3359 for details. * Advisories affecting the Air Traffic System are available in National Flow Control messages and National FDC NOTAMS. * To request these messages it is recommended you use the Abbreviated Location Weather feature of DUATS: For FDC NOTAMS: Locations ZZZ and FDC, Weather Type FDC For National Flow Control Messages: Location DCC, Weather Type ATC *********************************************************************** ... press RETURN to continue One or more entries in your 'Default Parameters' are blank. To display all items select '5' followed by '1'. Select the appropriate parameter menu item to update. DUAT Main Menu Weather Briefing 1 Flight Plan and Planner 2 Encode 3 Decode 4 Modify Personal Data Profile 5 Service Information 6 Extended Decode 7 FAA/NWS Contractions 8 Select function (or 'Q' to quit): 1 * By popular demand GTE is adding Abbreviated Route Weather and Abbreviated Radius Weather to DUATS. Select Abbreviated Weather (item 3). Weather Briefing Standard Weather 1 Outlook Weather 2 Abbreviated Weather 3 Plain Language Weather 4 Select function (or 'Q' to quit): 1 Standard Briefing Low Alt Route Under FL180 1 High Alt Route At/Above FL180 2 Area Briefing 3 Select function (or 'Q' to quit): 3 Enter aircraft tail number: [] N***** Current Time: Fri Mar 1 03:24 (UTC) Departure Time: UTC (hhmm) 0800 1500 Departure Point: **** Radius: nm [25] View ATC delay and flow control advisories (Y/N) [N]: N Tropical Depression and/or Hurricane Advisories may be available. Do you wish to see them? (Y/N) [N]: N ******** FA Hazards and Flight Precautions ******** current report not available ******** FA Synopsis and VFR Clouds/Weather ******** SLCC FA 282045 SYNOPSIS AND VFR CLDS/WX SYNOPSIS VALID UNTIL 011500 CLDS/WX VALID UNTIL 010900...OTLK VALID 010900-011500 ID MT WY NV UT CO AZ NM . SEE AIRMET SIERRA FOR IFR CONDS AND MTN OBSCN. TS IMPLY SEV OR GTR TURB SEV ICE LLWS AND IFR CONDS. NON MSL HGTS DENOTED BY AGL OR CIG. . SYNOPSIS...MOD W-NWLY FLOW ALF OVR CNTRL PTNS SLOLY MOVS SWD OVR NV-SRN UT-SRN CO BY 06Z AND OVR NRN AZ-NRN NM BY 15Z. AT SFC CDFNT OVR NRN NE-WRN MT WL WKN OVR SERN CO AND BECMG STNR OVR CNTRL WY-WRN MT. ANOTHER CDFNT OVR SWRN WY-NRN UT-NRN NV-XTRM ERN CA WL BE OVR SWRN CO-NRN AZ-SRN NV-XTRM CA BY 06Z AND OVR S CNTRL CO-NWRN NM-SERN CA BY 15Z. . AZ SCT-BKN CI. TIL 03Z NRN PTNS SWLY WND G25KTS. OTLK...VFR. . ******** FA Turbulence ******** current report not available ******** Severe Weather Warnings ******** current report not available ******** SIGMETs ******** current report not available ******** Convective SIGMET ******** MKCW WST 010255 CONVECTIVE SIGMET...NONE OUTLOOK VALID 010455-010855 TS ARE NOT EXP. DPZ ******** Center Weather Advisory ******** current report not available ******** AIRMETs ******** SLCT WA 010245 AIRMET TANGO FOR TURB VALID UNTIL 010900 . AIRMET TURB...ID WY NV UT CO AZ NM OR CA FROM BKE TO CZI TO GLD TO INK TO ELP TO 50S TUS TO MZB TO 40W RZS TO FOT TO 80WNW OED TO BKE OCNL MOD TURB BLW FL180 DUE TO STG AND GUSTY MID AND LOW LVL FLOW ACRS RUFF TRRN. CONDS BLW FL180 MAINLY INVOF ROCKIES...ELSW ...CONDS MAINLY BLW 150. CONDS CONTG BYD 09Z THRU 15Z. . AIRMET TURB...WY NV UT CO FROM 70NW RAP TO BFF TO GLD TO BCE TO OAL TO BVL TO 70NW RAP OCNL MOD TURB BTN FL180 AND FL390 DUE TO WINDSHEAR INVOF UPR LVL JTST AND TROF. CONDS CONTG BYD 09Z THRU 15Z. . .... SLCZ WA 010245 AIRMET ZULU FOR ICE AND FRZLVL VALID UNTIL 010900 . . FRZLVL...SFC-080...N OF BTY-DVC-ALS-LAA LN ...080-110...S OF BTY-DVC-ALS-LAA LN . .... ******** Surface Observations ******** METAR KPRC 010253Z 22010KT 10SM CLR 11/M16 A2977 RMK AO2 SLP054 T01061156 55004 ******** Pilot Reports ******** current report not available ******** Radar Summaries ******** current report not available ******** Terminal Forecasts ******** TAF **** 28****Z 010024 25013G22KT P6SM SCT250 FM1500 28012G22KT P6SM SCT100 ******** FD Winds Aloft Forecast ******** DATA BASED ON 281200Z VALID 011200Z FOR USE 0600-1700Z. TEMPS NEG ABV 24000 FT 3000 6000 9000 12000 18000 24000 30000 34000 39000 PRC 2933-01 2829-08 2856-19 2970-31 297748 298055 299057 PHX 2214 2629+07 2628+01 2633-06 2750-19 2961-31 296847 288653 780257 Non-associated FDC NOTAMs are available. Do you request them? (Y/N) [N] N Briefing information may not be current or complete. Information should be secured at the first available opportunity from the country in whose airspace the flight will be conducted. Standard Briefing Low Alt Route Under FL180 1 High Alt Route At/Above FL180 2 Area Briefing 3 Select function (or 'Q' to quit): q Weather Briefing Standard Weather 1 Outlook Weather 2 Abbreviated Weather 3 Plain Language Weather 4 Select function (or 'Q' to quit): q DUAT Main Menu Weather Briefing 1 Flight Plan and Planner 2 Encode 3 Decode 4 Modify Personal Data Profile 5 Service Information 6 Extended Decode 7 FAA/NWS Contractions 8 Select function (or 'Q' to quit): 2 Flight Plan Menu File Flight Plan 1 Amend Flight Plan 2 Cancel Flight Plan 3 View Flight Plan 4 Close VFR Flight Plan 5 Flight Planner 6 Modify Flight Planner Profile 7 Flight Planner Users Guide 8 Select function (or 'Q' to quit): q DUAT Main Menu Weather Briefing 1 Flight Plan and Planner 2 Encode 3 Decode 4 Modify Personal Data Profile 5 Service Information 6 Extended Decode 7 FAA/NWS Contractions 8 Select function (or 'Q' to quit): q Please confirm exit (Y/N), or enter S to start new session: y Transaction number: ****** (Date and time in UTC here) Session number: ***** ... end DUAT session 8. REVIEW – “FREEDOM DOWNTIME” FREE KEVIN. Those two little words made a difference in the world, and for once you can actually see why. No, there won’t be any Hollywood action this time around, what you will see plenty of factual evidence presented by key players in the Kevin Mitnick saga. Focusing on both Kevin Mitnick and hackers in general, “Freedom Downtime” is a documentary from the creators of 2600: The Hacker Quarterly, and is directed by Emmanuel Goldstein. It’s run time is a bit on the long side (just shy of 2 hours 30 mins), but if you’re interested in this subject the time will fly by. Opening with a nice speech from Bernie S. (known for his arrest after being found with equipment that could have been used to make a red box), Freedom Downtime gets down and dirty right off the bat. No fluff here folks, and you certainly don’t have to worry about people like Shimomura describing every single dinner they had. This film gets right into it’s story, beginning with documented footage of the 2600 guys bringing the ever famous Mark Abene (Phiber Optik) to prison. The story then begins discussing hackers in general, all the while moving into the Kevin Mitnick saga. For the rest of the film, we follow the 2600 crew as they traverse the country spreading the word about Kevin and trying to locate someone related to the filming of “Takedown.” If all of this sounds a bit muddled take heart, the film covers these different topics seamlessly. Each is given enough time on it’s own, and each is combined with the rest of the film perfectly. The audience I saw it with, composed of hackers and non-hackers alike, seemed enthralled with every moment. But perhaps the most moving parts were the ones relating to friends and family of these convicted hackers. Watching Phiber Optik try to smile as he headed for prison was gut wrenching, and listening to Kevin Mitnick’s grandmother describe her grandson is absolutely riveting. For once, we actually get to see how both friends and family react when someone they love is “made an example of.” They’re no longer just a name, they’re a human being. Speaking of human beings, the audience was one of the best parts of the show. As we all crowded into that tiny theater, there was a sense of commonness. We were all on the same wavelength. People felt comfortable to talk to anyone there, because the odds are they shared many of the same beliefs. And no matter where you turned there was a friendly face, whether it was the guy behind you, or Emmanuel himself handing out free goodies, the atmosphere was incredible. Now I hate when people describe every scene in a film during a review, so I won’t. Instead, I’ll let you see it for yourself. Emmanuel stated before the opening of the film that “Freedom Downtime” should be available next month…which would be sometime around now if you’re reading this in March. All in all, I’d give Freedom Downtime 5 stars. It’s simply the greatest movie to ever be made about hackers…because it’s made BY hackers. –screamer Page 3 -->9. CROSSTALK >Frequency, I’ve been listening to your radio show for the past few months, but I would like to hear older episodes. Will they ever be available for download? It would be cool to see how Hackermind has changed since the beginning. -Cane REPLY> Good news, bad news, and worse news. The good news is, we’ve begun archiving shows going back as far as December 6th 2001. The bad news is, due to space limitations we’re not certain how many we’ll be able to store. And the worse news is, because we were unable to put them anywhere before, we’ve lost a good majority of past episodes. We still have the first one, and others are still kept on Live365 should we want to stream them, but it’s impossible for us to ever put them all up. Even if we did have them all, we would never have room for them (space costs money I’m afraid). Nonetheless we hate giving up, so we’re doing our best to keep episodes archived. You can help by keeping past episodes in your shared folder in Kazaa or other file sharing service though, it’d be great to see some episodes on there. >Frequency, What’s the point of having an intro and an outro in your zine? I don’t want to sound like I’m complaining or anything, but it just seems like a waste of space. Space that could be used for other articles. Not complaining, just thought I should bring that to your attention. -Lexon REPLY> First off, as editor in chief (and the guy that writes them) I want to stress that the introduction and closing arguments in no way cut down on the number of articles we print. We like to have them as bookends, something you seldom see in most publications. Typically you’ll read an introduction, go through the meat of the ezine, and then put it away. The closing arguments section however, provides us (and especially me) with a way to reflect on what has happened since first writing the introduction. Sometimes they correlate, sometimes they don’t. Either way we’re able to both set the mood, and give the reader something to think about afterward. >Frequency, From what I hear on your radio show, and read in your zine, you seem to be one of the only groups out there that supports warez and other illegal stuff. Why do you approve of these things, and even tell people how to use sub7? Don’t you think you’re doing a disservice to hackers everywhere? Just wondering, love the show! -Kai REPLY> At the risk of taking the easy way out, I wouldn’t necessarily say we “support” warez or other questionable material. To be honest, we never condone anything that could ruin a person’s life by landing them in jail. However, we try not to judge people based on these things either. And talking about them is NEVER a crime. The common consensus on many boards and in many IRC channels is that warez are something you should never mention, as though that will somehow get rid of them. But the truth of it is, they exist, and are not going anywhere. We could turn away from those that admit to using them, but why should we? Why demonize a person who uses a program or views a movie? The same goes for Sub7. It’s a program, with good uses and bad uses. In the end, we let people decide what they will about these things, but not by restricting what they say. 10. CLOSING ARGUMENTS What a difference an episode can make. That’s what I learned, although I wouldn’t say it’s a new lesson in any way. I’ve known it for a while, but there’s always those few people that remind you every now and then. Maybe you can take it as advice, especially those of you who are considering making your own online radio show, or any other venture for that matter. Be at the top of your game all the time, no matter what. Because if you slip even once, if you show any weakness, if you have that one bad show…someone’s going to call you on it. They’re going to chew you up and spit you out, based on that one episode alone. So be ready, and always be on top of things. But then again, that’s impossible…so I guess you’re screwed. But then, just when you think everything you’ve done has been pointless, and that your words have fallen on deaf ears…suddenly you get that one shred of encouragement. You get an email or two that say what a great job you’re doing, and how these listeners anxiously await your next broadcast week after week. And this keeps you strong, it tells you that people out there do get it. They understand what you’re trying to do, and rather than act as though they know how to do it better, they appreciate what you’re doing. Of course, not all mail can be fan mail. And not all criticisms are friendly, in fact, most aren’t. But at the end of the day, when ten people have said they love the show, and two say it’s the worst garbage they’ve ever heard…I know that I’m doing something right. I know there’s no reason to change. In fact, Hackermind, Frequency, and Equal Access will only continue to grow. We don’t like partners, but the cooperation and assistance we’ve gotten from the folks at 2600 magazine has been phenomenal. If ever there were a group that deserved credit for being the most friendly and helpful hackers in the world, it’s them. As time progresses, we hope to do even more with them. And as Frequency begins to grow, hopefully our content will be able to improve as well. Not to imply we’re lacking something now, only that there’s room for improvement in anything you create. A lot of people don’t get us right away, and I think that’s why you either love us or hate us. The idea of the “hacker mind” is a bit foreign to many, as is the idea of expressing the way hackers think. With so many ezines and websites dedicated to handing out information (such as hackers.com, among others) it’s no wonder that people come to us looking for freebies. And when they do, when they finally tune in and see what we’re really about, they feel disappointed. Most likely they don’t know much, or if they do, they want to have more information given to them. But for the most part, Hackermind and Frequency really aren’t the place for that. Of course we have informative articles, what better way to let hackers express themselves, but that’s not all we do. We’re here to show people what it’s like to be a hacker, to express the viewpoints and feelings of those in the community with the world. We’re here to say what needs to be said, not necessarily because it will help, but because it’s there and must be recognized. The articles presented in this publication may not instruct you how to turn on your computer and do something cool all the time, but they always make you think. Some make your blood boil, some make you cheer with approval. One thing remains constant, at the end of the issue, or episode for that matter, you find yourself thinking. You’re thinking about how something angers you, or how something needs to change. You’re thinking of ways to solve problems, or perhaps you’re thinking of ways to spread the word even more. Whatever the case, you’re using that hacker mind you have to try and understand the world a bit better. Not by seeing what’s on the surface as so many other people do, but by seeing beneath it. By seeing why things work the way they do, and thinking of ways to change it around, in both real life and computer hacking, you’re doing something that few people do these days. You’re making a difference. And with that said, I’d like to thank you for reading this newest issue of Frequency. Next month, we hit issue 20. Maybe it’s a bad idea to recognize every ten issues as a big accomplishment, but for something that many people thought would last approximately 2 issues, it really is. Until then, keep thinking. -screamer 11. CREW Editor in Chief – Screamer Chaotix Webmaster – Dash Interrupt Network Administrator – Da Peng NT Specialist – Unreal Writers – Vicious, Cold Sunn, JayX, samurai, CLoWnZ, Unreal Cover Layout/Design – Screamer Chaotix Shout Outs – Joybubbles, Bernie S., Peter Gabriel, Rant Radio. Movies that Rock – “Dawn of the Dead”, “The Matrix”, “Freedom Downtime.” Movies that Suck – “Children of the Living Dead”, “Crossroads”, “Takedown.” WRITE FOR FREQUENCY! Send articles to articles@hackermind.net SUBSCRIBE TO EQUAL ACCESS AND TUNE INTO HACKERMIND! Visit www.hackermind.net for details. [Quotes to Think About] “Quit whining or you will be banned from the site entirely.” – UGN’s very own Gizmo, replying to Mick’s post regarding chatroom abuse. People expecting less power abuse at UGN may want to think again. - http://www.undergroundnews.com/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic&f=1&t=002705 "C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do, it blows away your whole leg." - Bjarne Stroustrup "Never interrupt your enemy when he is making a mistake." - Napoleon Bonaparte "In the End, we will remember not the words of our enemies, but the silence of our friends. " – Martin Luther King Jr. $ finger hackit Login: hackit Name: Real Name Withheld Directory: /udd/h/hackit Shell: /bin/ksh Last on Sat Mar 2 20:26 (UTC) on ttytc from XXX.XXX.XXX.XXX Plan: # ####### # #### ##### ##### # ##### ## # # ##### # # # # # # # # # # # # # # # # # # # # # # # ##### # # # # # # # # # # # ##### # # # ##### ###### # # # # # # # # # # # # # # # # # # # # ####### #### # # ##### # # # # # #### ##### (LordFraud) .:: behave 0r b3h4ck ::. my clans site : www.tcpip-clan.f2s.com WWW.HACKERMIND.NET