FREQUENCY : inside the hacker mind FREQ27 December 2002 =========================== 1. “The Fear Remains” 2. Declare a Hacker War 3. Why Pay? 4. Why We Should Appreciate Newbies, And Why We Never Will Part II 5. Breaking the Law (The Safe Way) 6. The CB Radio FAQ 7. 10 Questions With Da Beave 8. Crosstalk 9. Closing Arguments 10. Most Wanted 11. Crew =========================== “A long habit of not thinking a thing wrong, gives it a superficial appearance of being right.” - Thomas Paine 1. “The Fear Remains” If anything in this world is certain, it’s that knowledge is a dangerous thing to not possess. What’s even more dangerous though, is possessing too much of it. It’s the same song we’ve sung a million times, the people who know too much find themselves locked away, or in most cases, threatened to no end. And for what reason? Is it because the “no-nothings” feel threatened, or is it just downright hate? Hackers are the ones that usually fit this mold. Digital rebels who seldom play by the rules, progressing technology to levels it has never reached before. They are the ones that show their professor exactly why that computer manual is wrong, why the professor’s seven years of schooling is nothing compared to their never ending self teaching, and how the impossible can be accomplished with nothing but a more efficient algorithm. They have opened doors that many never thought existed, they push aside the theorists by creating actual, physical fact, and what burns the “properly educated” most of all, they do it for fun. And so they are despised, threatened, and loathed. These computer enthusiasts are shut out by the world they created by the likes of big business, entrepreneurs, and the feeble minded. What once was owned by the elite, is now overrun by the incompetent. Thrust aside like garbage, hackers and true computer experts have been pushed out…so that John and Jane can have cybersex in a chat room. They have been exiled as terrorists, so that one multi-billion dollar corporation can have a “secure” link with another. Hackers were the forefathers of the computer, but are now seen as a nuisance, or in many cases, a threat. Explain to John Q. Computeruser about how he has his C drive shared, and he’ll thank you initially, but fear you forever. Show Jane Q. Aolfan how her password “JaneA” is not secure, and she may be thankful…but most likely she’ll hate you for reading her email. And of course, explain to Professor I. Knowmore why he’s wrong, and you’ll be lucky if he doesn’t ruin you for life. If knowledge is power, why does knowing more make you a monster, and why can’t the world appreciate the self educated? For those that need an answer, the most appropriate one is fear. We fear what we don’t understand, be it a computer, or a person we can never comprehend. How does a person not spend a single day at a “real college” and still know more than the professor? It doesn’t make sense to the people that just spent forty-five-thousand dollars to attend an Ivy League school. Any hacker could tell them…if you spend five years studying computers, but you’re more interested in “the business aspect,” you’ll never win. Regardless, the knowledge the hacker possesses is “dirty” to these people. They acquired it outside the accepted means, they didn’t spend a ton of money, and they didn’t put up with the hell of school. Instead they just had fun and learned it on their own, something anyone can do, but the “properly educated” never thought of. While they were having keggers and trying to cram the next day, the hackers were having keggers while playing with computers. It’s not true knowledge to these self-righteous individuals, that is only found in the classroom. A classroom which many hackers consider to be the complete opposite of education. Mindless drones sitting in rows, absorbing what the so-called expert at the front of the room preaches is far from learning. It’s more like brainwashing. Day in, and day out these students are told what they can’t do…while the hackers focus on what they can. The students make themselves feel smart by spitting out some well known hypothesis, the hackers however, skip over the theory and actually make things happen. And while the students have study sessions where there’s more chit chat than anything else, the hackers are actively sharing information and educating one another on a constant basis. Unfortunately, to this day the fear remains. People are terrified of these self taught individuals, who, as far as they know, can do anything. This, regrettably, leads to hackers being pushed aside. The internet is now the breeding ground of cybersex and e-commerce, populated by a billion AOL and ICQ instant messages. These people have no interest in “how it works,” as we’ve all seen first hand. There’s the ever-popular joke “I know how to turn it on,” and the constant calls to tech support for the simplest of problems. Incompetence runs rampant, amplified by the administrators who spent five or six years learning network security. They sat in a class, learning exactly why NT is the secure choice, and now they’re in control of the network at Corporation X. The hacker down the street however, just finished writing the exploit that’ll give him control over NT servers all around the world. Now that was a fun intro to write. Haven’t we all felt that way from time to time? We know more than the people that are supposed to know everything, and yet are we respected? Hell no! We’re pushed aside as though we’re little brats, but I think The Mentor said it best, “Damn kids, they’re all alike.” And what better line to end on than that, welcome to Freq Twenty-Seven. -screamer ========================================================= 2. *** Declare a Hacker War *** By: JayX Back when I first started getting interested in computers, a friend mentioned the war between LoD and MoD. I initially passed it off as complete nonsense, to me it seemed like nothing more than a few kids playing pranks. And while I haven’t retracted that opinion, I have created several hacker wars myself…only mine have been on friendly terms. Today your teacher, Professor X, will teach you, the little people, how to make your own hacker war without ever getting in trouble. Many of you, little people, will easily realize there are many ways this can be done. To simplify things, I’ve decided to create a list of rules for each war, as well as a guide to getting your war setup quickly and easily. The only thing required is a single machine with a dedicated connection to the net (although this guide assumes you have a small LAN), and a willingness to have others invade that machine to no end, and of course, an opponent. For the purposes of this article, I will assume the reader has a least two machines networked together. I will also assume they’re not running Win 3.11 and are fairly up to date. Everything presented below could be accomplished with only one machine, but I find having several is a lot more fun. Begin by hooking up the machines the usual way, and making sure they are networked together. Begin by challenging your opponent and setting the guidelines (several possibilities are listed below). Here you choose which operating systems will be used in this war, and whatever restrictions will be imposed. It’s smart to have both sides using the same OS, and the same version, just to keep things fair. A person with a 2.6 kernel would have a field day against a 2.2. Let’s say one computer runs Windows XP Pro, with all necessary updates, and the other Linux 2.4.19. Naturally your routers may be different, and this could cause some advantages or disadvantages, but I’ll leave those details up to you. Here’s a listing of possible guidelines you may wish to incorporate, although you are under no pressure to. Below that, I continue by explaining how I usually play. Guidelines - 1. Decide which ports are to remain open at all times on your respective routers. If using NAT, this may be the only way to ensure some actual warring takes place. 2. Define “victory.” Full root access? Capturing a particular file? 3. Stress that the war must not spread outside the designated area, no one wants to harm civilians. 4. Ensure no “private” files exist on your machines, your opponent is at war with you, and will attack from every angle. The most important guideline for me is number 3. It can be tempting to break into someone else’s computer just to use their mail server or as a wingate to mount a silent attack, but in order for this to be safe and legal the line must be drawn here. Typically I’ll declare that anything that can be done without using someone else’s personal account is fine. Ports, which ones do you leave open? It can be tempting to shut off all services on your router so that your opponent has no avenue for entry, but this also destroys the game. Instead, try remapping ports (ie: 23 is FTP) or using a bogus machine on port 21 (just be certain FTP DOES exist somewhere, and can be used to reach a real machine). The ports I keep open are 21, 23, 80, and any RPC and SQL ports. Others may be used, especially VNC or other, more Windows oriented programs. One particularly fun form of play involves hiding a target file somewhere on your network that must be acquired before victory can be awarded. Some great fun can be had by placing the file on a machine with no connections to the internet, in this case, the Windows XP machine. This means the attacker would have to enter through your Linux box and find a way to gain access to your Windows machine. Then, they must locate the file. Tricky stuff, but a lot of fun. Oh, before I go any further, let me point out one problem I had, if only to show how important it is to clearly define rules. The game was capture the flag (file). The winner would receive the title of victor once the opponents file (clearly marked with a unique filename and extension that could only be given to the target file) was shown to him. To ensure no one simply created their own version of the file, we both made our own files with one particular name and extension. Sure enough, he beat me to the punch and got the file…but there was a problem, I had encrypted it. He demanded I give him the key because he had captured the proper file, I said there was no way of knowing whether or not it was the file, and I was certainly not going to do his work for him. My argument also stated that if hiding files was acceptable, putting added security around them should be acceptable as well. He felt I was cheating, and refused to continue. I admit, he got the file. I had encrypted it, and that bought me more time to attack his machine and search for his file. He could have easily learned from my actions and encrypted his, but instead, he chose to piss and moan about how I cheated. Had he simply encrypted his target file, we could have had a dandy old time trying to break each other’s encryption and finally declare a victor…he disagreed. To this day, we still haven’t agreed on a solution. State your rules CLEARLY! Normally this isn’t necessary, if it’s all in good fun, but if you want a true winner you need to decide what’s fair and what’s not fair from the get go. As far as I’m concerned, because no one said encrypting the file was wrong, I was not cheating in anyway. Your rules may say differently, and that’s fine. And now, the moment you’ve all been waiting for. The Rules of Engagement – 1. Never attack until the war has been officially declared and started. Backdooring a machine ahead of time is unacceptable. 2. Modify security as you see fit, but begin on equal ground. 3. Stick to the goal. You are not the winner because you give up and DoS your opponent. 4. Never underestimate your enemy. If you spend 20 hours a day attacking, assume he spends 24. 5. Upon victory, reveal all sources and techniques. This is never done in real war, but the knowledge should be shared when it comes to computers. I could insert “have fun!” somewhere, but that’s just dumb. One thing that’s not so dumb, know your enemy. Be sure they won’t call the police should you win, your enemy should always be a close friend or friends. If everything is set up properly you could have a fun hacker war on your hands, one that’s much more enjoyable than the bickering between LoD and MoD. Good luck, and happy hacking. ========================================================= 3. *** Why Pay? *** By: Larry Z. Bootleg – To produce, distribute, or sell without permission or illegally: a clandestine outfit that bootlegs compact discs and tapes. Several “pay per listen” services have been announced, each created so that people can download music the legal way. By paying a fee either per CD, or per track, people can download albums and still know they’re doing the right thing. It will be the single greatest accomplishment on the internet in a long time, unfortunately, it will fail miserably. We’re not talking about going to the streets of Manhattan and finding a bootleg for five dollars less than what you would pay in stores. We’re not talking about sneaking a camera into a movie theater and making your own copy. We’re talking about downloading a file at home, for absolutely nothing. “Bootlegging” never comes into the equation as we are not producing this material, distributing (the act of passing out, online services require people to come and take what they want), and we’re certainly not selling. Yet the recording industry, as well as the motion picture studios, like to change that word to include the new possibilities of modern technology. And soon, that definition (acquired from dictionary.com) may be changed to incorporate “sharing” as well. Back to the “pay per listen” services. In this feeble attempt to regain lost ground, the RIAA has realized they can’t possibly win by threats and lawsuits (that’s not to say they’ve stopped those too) and are trying several other approaches to hold onto their sacred millions. The service itself sounds appealing enough, and would have probably been all the rage several years back. You pay a small price, most likely deducted from your credit card, and get the music you want, right from home! Many people claimed they would pay a reasonable price for music, so here’s their chance. Everything will work out hunky-dory for the recording industry. Bullshit. Here’s the pay service on the left, here’s Kazaa on the right. You work hard for your money, and already pay for taxes up the ass. All you want is a few songs, which do you choose? Do you agree with the recording industry that getting music for free is morally wrong? Or do you feel you’re only listening to songs, not stealing a CD? To all those people that claim they’d pay a reasonable price, I’d like to see proof. Kazaa. Get anything you want free of charge. Why in the name of The Mentor would you pay for something you can get for absolutely nothing? It makes your conscience feel better? Get real, there’s no chance educated people would pay when they can download for free. Ooh, how dare I say that! Stealing is wrong! Is this stealing? Like a recent “Crosstalk” letter said, we’re dealing with sound here for crying out loud. Songs are played on the radio all the time…so if I download a song I heard on the radio, how could you possibly claim I’m stealing? The only reason they could have is that I’m not playing by their rules. Their rules are carefully planned out, their game is crafted meticulously. Play the good tracks on the radio so that people go to the store and spend money. Make artists be heroes that are as attractive as possible so that others worship them, and would never do wrong to them. But all in all, S E L L. Now consumers have the upper hand, why should they degrade themselves by paying for something that, in reality, costs nothing? Why should they conform to this game so that studios can remain all powerful? Why should they listen to the likes of Missy Elliot or Metallica when they say “Don’t steal our music!”…those are pop stars used to sell things. Trust me, if your music is being downloaded, you’re probably already pretty god damn successful. It’s the studios behind those artists that are pulling the strings, they’re the businessmen. So here we are at the dawn of a new age. A new revolution in digital entertainment. You won’t hear about it at Circuit City, and The Wiz will never advertise it. It’s not something MTV will hail as the greatest thing since sliced bread, and it’s definitely not going to be advertised in music stores. Yet it’s here all the same, free music and movies in the comfort of your own home. No need to pay, everything is available at your fingertips. How can studios survive? Here’s one idea, although I doubt it’ll ever happen. Shortly after a DVD’s release, a film is put online in Divx format. This sub-par VHS quality file is still ten times better than the regular AVI files most films are put online using. If movie studios were smart, they would recognize a demand for quality movies at home…while they’re in theaters. Theaters are noisy, full of people, and really only good if you want to see a “big” movie or get with a girl. Why not offer a service that provides Divx quality films while movies are still in theaters? The choice would then be, get a 200mb crappy ass quality movie for free, or a 600mb quality film for a small price. Sounds good, so why won’t it happen? It all comes down to money, and making as much as possible. Theaters are a dying breed, but no one really wants to see them go just yet. They sell popcorn like crazy, are a great way of advertising new films and products, bring in massive revenue, and offer something no one else can. The Theater Experience. To move online would only hasten the demise of theaters, and put the MPAA in a position where they’re counting the days until people can make quality files while films are still rolling through projectors. Now it’s time for an apology. This is a topic that has been talked about to death, so I do apologize making you sit through yet another article about it. Let us not forget, however, that this is something that affects us all. Only by talking about it can we help bring out the truth. I’m anxious to see what happens in the future, it should be pretty exciting to see in which directions things turn. Peace. ========================================================= 4. *** Why We Should Appreciate Newbies, And Why We Never Will Part II *** By: Screamer Chaotix Way back in the second issue of Frequency I wrote an article that, to this day, is still receiving feedback. It was titled “Why We Should Appreciate Newbies, And Why We Never Will,” and focused on both sides of what was a raging debate back then. People who wanted to be hackers after the release of The Matrix, and those watching Hackers on Sci Fi for the first time, seemed to be everywhere. They would enter chats, make outrageous claims, and generally annoy legitimate hackers to no end. On the other hand, the article also examined why we should appreciate these newcomers with open arms. If they respected us, we should respect them. I wrote this follow up as a way of seeing how far we’ve come in the three years since it was first published. Have things calmed down? Are “newbies” still the same as always? And did my thoughts on the matter have any relevance whatsoever? First off…it goes like this… *newbie has entered the chat* wuttup? nothing much, my buddy sent me a bd he wrote and wants me to bum the code a little kick ass, bd? …backdoor ooooh, I haven’t called them a bd in a long time.. oh can you send it to me? can you help modify the code? nah I hate programming oh I like networks and stuff I see yeah, like this one network I looked around on, reeeeally l@m3 security what kind of network? I think it was a bank…like in Idaho or sompn (thinking that sounds a tad familiar) no was it NT, Unix, what? windows mostly… ah, find anything interesting? got some credit card$ and shit.. cant say I approve if that was your only goal, were they using NAT? yeah, but I cleared the logs (confused) right… well thanks for the chat, I think I’ll go use the information I JUST GOT FROM YOUR COMPUTER FUCKER!!! *newbie has left the chat* For years hackers have dealt with the ever-so-annoying “newbie.” The person that knows little, pretends to know a lot, and usually winds up making an ass of his or herself in the end. They come in all shapes and sizes, from people who sincerely want to learn more, to morons trying to imitate Swordfish. I mean that quite literally, frequently these newbies (or n00bs if you prefer, and I know I do!) will ask how they can make a worm like the one in Swordfish, or my all time favorite, how to hack a Gibson. Before I go any further, why the need for a follow up in the first place? Haven’t we covered the topic of newbies to death? We have, but like so many other things, they’re no less present today than three years ago. Newbies also play a critical role in how hackers are perceived by the media, which, in turn, decides whether we should be considered terrorists or not. Picture a thirteen year old boy telling a reporter how he can get into any back by using a Hydra Worm and breaking the 1,024 bit cipher on their firewall…the reporter thinks that sounds pretty convincing, and thus never asks for proof. Why would she encourage the youth to break the law after all? No, instead she takes his ramblings as fact, and thus another hacker myth has been born, and spread like wildfire. That, my friends, is why we discuss the newbie. Over the past few years I’ve noticed something quite surprising, fewer and fewer people have been trying to pass themselves off as hackers. What’s causing this, or is it all in my head? Ironically, the true answer may be the latter. There was a time when I frequented hacker channels more than anything else, hey they were usually my kind of people. Now, with #hackermind and other channels such as #linux, I’m seeing fewer newbies than ever before. Perhaps it’s because only real hackers are interested in “hackermind”, or perhaps because a google for “hacker” won’t return “Hackermind” in the top ten pages (at least I don’t think so). Then there’s #linux, why would a wannabe hacker hang out in there? If they’re a wannabe, they probably don’t even realize what Linux is (ever tried joining #gibson?)! Still, they do exist in those more easily recognizable channels. But are they as annoying now, as they were several years back? You guessed it, the answer is yes. The question, though, is why. The most likely possibility is that these simpletons feel hated by the community they wish to join. They want to be a hacker, but don’t realize that asking “how do I hack?” is not a question that can be answered. They want to learn the ways, but it’s extremely difficult for them. Here’s where I make a lot of enemies, I think it should be. I think they should be treated respectfully (if they treat others in the same manner of course), and told what hacking really is. They should be told, in my opinion, that hacking is about playing with computers. Don’t worry about “how do I do this, or how do I do that?” instead dedicate your time to learning whatever interests you. Here’s the next conflict, they don’t want to. This, in my opinion, is reason enough to dismiss them as nothing but a wannabe. True hackers, at least as far as I’m concerned, don’t begin by asking “how do I hack,” they do it by walking into a library and reading every book on computers there is…long before they ever hear the term “hacker.” Far too often these newbies have no intention of being hackers, all they want is the glitz and glamour (uh huh) associated with it. They want to be one of the elite, one of those kids they saw in Hackers. What they so seldom understand, is that it takes something from within…something they may not possess. It takes love. Love for figuring things out on your own, and obviously, a love for technology in general. The reason so many people hate me for saying such things is because they insist they want to be a hacker, even though it’s only because they saw hackers. From my experience though, with only a few exceptions, only people with a love for computers or other forms of electronics before seeing those movies ever become true hackers. Take me for example, a lover of computers since I was 10. Playing with the phone since I was 9, and in true ironic fashion, had a hacker living across the street from me for a good portion of my life (Keith Blodgett, he changed road signs from his house so they read “Weicker Blows,” with Weicker being our governor at the time…listen for his name on Off the Hook in older episodes around 91-93). Now I, as Unreal says, was almost destined to be a hacker. Can we say the same for the kid that sees The Matrix? Unless they suddenly develop a love for computers because of it, and not a desire to be a digital rebel alone, then my answer is no. An article with “Why We Should Appreciate Newbies” in the title deserves a section dedicated to that, and no I haven’t forgotten. Newbies have always been a part of hacker culture, going back as far as the late 1800’s when teenage boys would play in switch rooms. There was always the kid that didn’t know as much, and that has continued on throughout. The difference being, today the word “hacker” has an image associated with it. It’s not synonymous with “computer nerd,” and believe it or not, girls may be impressed by it. Should we give those seeking this title the attention they believe they deserve? That might be a matter of personal preference, but for the time being I’ll say this. Without newbies, we’d never have future generations of hackers. It’s the type of newbie that’s important, which is why I strongly advise anyone and everyone to share information with those that seek it. You don’t have to give them the answer per se, but by spreading computer information you’re allowing those that truly want to obtain it to do just that. The posers may go for www.geocities.com/~ev1lhax0r, but the true “newbies” are probably reading securityfocus.com. They’re most likely asking questions about customizing Linux, and so on, and so forth. Those, the true computer lovers, are the ones that deserve attention. As before, we’ve reached the conclusion that helping newbies is a good thing. Now however, I realize that we must focus on what type of newbies we help. Those wanting to be a hacker should be pointed in the right direction and forgotten, those wanting to learn more about computers should be embraced. The newbie you saw in the IRC example above was in the former category, merely trying to scare people by acting smarter than he was. Those are people I cannot respect, not now, not ever. Finally, I think my comments on the wonder known as the “newbie” did strike a chord with a large set of people, and I welcome your feedback once again. Numerous emails poured in the last time, and as I said, continue to pour in, regarding that article. Many are angry flames from those trying to be more than they are, but even more come from those who realized they were going about things all wrong. They wanted to learn about computers, and realize now that acting big and tough is not the way to do it. And yes, as hard as it is to believe, I had several people write in and say thank you…thank you for showing them what an ass they had been the past few months. They never thought the guy in the chat channel may be a true hacker, and that trash talking was only making them look foolish. As long as we remember what a “newbie” really is, and focus on helping the right people, we can help progress the hacker world to encompass even larger numbers of people. Then again, I also haven’t forgotten the last part of this article’s title… “And Why We Never Will.” As long as newbies bombard chats with foolish questions, annoy true hackers to no end, and continue to damage the name of the hacker in the media, they will never be appreciated. Hopefully these articles have done something to change that, but I guess we have to wait till Part III to find out. -screamer 5. *** Breaking the Law (The Safe Way) *** By: Sir Cracksalot Alright maybe breaking the law is never really safe, but there are ways of imitating those world famous hacker/crackers without putting yourself in a cell with Bubba the Blister. And after my last article, “Cracking 101” generated so much hate mail, I thought it was time I pissed off all the goody two-shoes once again. But relax, this one is less about information and more about opinion, so if you don’t like it, you know what to kiss. Reading through Freq26 I particularly enjoyed screamer’s intro, “The Thin Gray Line”. It pretty much summed me up in a nutshell, always wanting to go the extra mile without ever having the balls to do so. What if the admin catches me? What if I face these new life sentences they want to dish out? Still, all my life I’ve known hackers (or crackers, whatever) as people that break through security. Yeah, yeah, originally they were genius programmers, and those are probably the people that despise folks like me. Well anyway, I think we can agree that hackers have pretty much turned themselves into something new. As much as we love to say it’s all about “playing with computers”, there’s definitely a thrill of playing out the cyberpunk role. Of being a digital desperado, staking out territory all across the net. But no matter how good you are, or think you are, you still run the risk of doing time if you change a single file’s fingerprint. Doesn’t matter what you meant to do, you only get a chance to prove that AFTER the feds have woken you at gunpoint. So how can we still get around the net and live out our cyberpunk dreams with all these legalities? The answer lies in the little hacks. The people that know 0 about security. They may not have much to offer, but you can still get your kicks. Many a time I’ve laughed at how I got into my buddy’s windows machine, or fucked around with the website the guy down the road runs. They know nothing, and because of that are completely unable to track me down. Another fun thing is sniffing, which has been talked about a whole lot in this mag. People have no idea you can watch every damn word they say. And don’t you love watching one of these idiots send a password through? Giving you complete access to whatever they’re logging into? Ok the point of this is not to condone privacy invasion (or maybe it is…???), it’s to show you there are plenty of ways to be one of those crazy hacker types without getting into the pentagon. Is it as exciting? Nah I doubt it, but it’s a whole lot safer. Just think about how many things you can do right now that can never be traced back to you, it’s mind boggling. Get into someone’s email and you can email a person in their address book saying all sorts of nasty stuff, or get into their windows box and upload a ton of porn…whatever. And to you playa hatas, how come this shit is “only a prank” in real life, but is considered absolutely evil when it’s done by computers? Think long and hard about that, have you never pulled a prank? It’s just a joke, just a way of having fun using technology. Sure, you might be breaking the law, but you’re doing it the safe way. ========================================================= 6. *** The CB Radio FAQ *** By: Hammy Talking to Screamer one day, he reminded me of my first true love, no, not the cute brunette back in high school, I’m talking about CB radio (sad huh? But hey, the brunette wasn’t bad either). I wasn’t sure if I could make a whole article dedicated to it, but after enough persuasion (have you seen Screamer’s machete?) I decided to give it a shot. But rather than write out a long winded article, I thought it might be easier to create a FAQ, something I don’t remember seeing in this ezine before. Can’t say for sure how it turned out, you be the judge (and then shove your opinion riiight up your ass ;)) Q. What’s a CB radio? Do I need a license to use it? A. CB, or Citizens Band, consists of 40 channels in the frequency range 26.965 Mhz to 27.405 Mhz. Users wishing to partake in the experience only need to purchase a working radio, and away they go. Since this is the citizens band, no license of any kind is required to broadcast. Q. How far can they broadcast? A. The type of radio you purchase determines this, but for a rough estimation, 3-5 miles would be a good average. Q. Are there only car models? A. Car and handheld models are both available. Both have advantages and disadvantages, though I prefer the handhelds. Mobile (car) units usually allow for better reception while driving due to the antenna being placed outside your car, something difficult to do with a handheld. However, the drawback of the car unit is that, nine times out of ten, you MUST be willing to put holes in your car. Nowadays special antennas actually allow you to magnetize your antenna to a metallic portion of your car, but if you ask me, these are unreliable. Plus, the base unit inside the car should be connected under the dash…meaning you have to drill in a holder for it. Handheld models are great for home use, and can run on 8-10 AA batteries, but their whip antennas leave a bit to be desired. Still, I prefer being able to carry mine with me wherever I go, so the handheld is the one for me. Q. What rules must I follow? A. Generally the tone on CB is a lot less formal than it is on ham, so for the most part anything goes. Language is irrelevant, but starting a radio station is usually a BAD idea. For a rundown of what’s ok, and what’s not, visit http://www.access.gpo.gov/nara/cfr/waisidx_00/47cfr95_00.html for further information. One important thing to remember is that channel 9 is reserved for emergency use only, and 19 is the traffic channel. Don’t think you can’t talk on 19, it’s actually the most popular channel of all (Breaker, Breaker 1-9!) Q. Who can I talk to? A. You can meet a number of fascinating people (truck drivers) who do a number of interesting things (drive trucks). Seriously though, there are some interesting characters on CB radio. You never know who might be passing through and listening to the channel you’re broadcasting on, it’s a new experience every time. Plus, if a friend has a radio, you can stay in constant contact! Q. What’s this “Cat and Mouse” game I heard about? A. Cat and Mouse is a game played in a number of various ways, but check out http://www.ecst.csuchico.edu/~ian/cnm.html for a comprehensive look. In a nutshell, one person is the mouse, everyone else plays the cats. The mouse must park their car at a particular destination and give clues to other players as to their location. The first cat to find the mouse, wins. The game can also be played with handheld units, and no cars. Q. So where can I get a CB, and how much can I expect to pay? A. eBay! I get all my radios there, and have never paid more than 60 dollars. In stores, a mobile unit with no antenna or alternate power source (relying strictly on the car battery) may be 100 at the lowest, and that’s if you’re lucky. ========================================================= 7. *** 10 Questions With Da Beave *** Da Beave – deathrow.vistech.net 1. First off, please tell us a little about yourself. Hobbies, interests, etc. I'm a 31 year old white male. I was introduced into computers at a very young age (I don't even remember when). My father worked with Burroughs Corp. in the 1970's and 1980's. I sorta grew up around computers. My first "deck" (computer) was a TI 99/4A. When not in front of a computer, I enjoy playing music. I've been doing that since I was 14 years old or so. Playing in rock bands and such. I've recently gotten into SCUBA diving. I'm also a avid reader. Fiction/Non-fiction. I love reading. I'm also about to get "hitched" (married). 2. What exactly is the "Deathrow Cluster", why was it started, and what role do you play in maintaining it? The "DeathRow" is a cluster of Digital Equipment Corporation (which was under Compaq, and now under HP) VAX's (or VAXen) and DEC Alphas running the OpenVMS operating system. The VAX is a 32 bit platform, and the Alpha is a 64 bit platform. OpenVMS is a multiuser/multitasking platform that is a great model of how security should be laid out. It's _nothing_ like Unix. People reading this need to keep that in mind. I'd like to say I started it to "better the computing community", but originally, I started it because I wanted a OpenVMS box I could play with. I'd had VAXen in the past (MicroVAX II), but I wanted something with a little more "meat" to it. It just so happened that a company that I worked with happened to be retiring a MicroVAX 3100 model 80. They always remembered me as that "weird" guy, so I got a call asking if I wanted it. No charge. I, of course, said yes. I'd been posting on my BBS (The Upper Deck), that I had gotten a VAX and planned on putting it up for public us. People started applying for accounts, and I'd just (manually) set them up. After a little while, I was porting some software to it, and thought it would be really nice to have a place that _anyone_ could use the OpenVMS environment. That is, to port software to it (GNU stuff, original projects), and to have people "poke" at the security aspects of OpenVMS. About that time, I decided having a Alpha running OpenVMS would be really nice. The reason is, even though the VAX and Alpha run OpenVMS, they are _not_ binary compatible. So, if you compile something on the VAX, it wouldn't work on the Alpha platform. It's not uncommon when downloading OpenVMS software for it to come with pre-built binaries. So, really, the VAX/Alpha tie was for better porting. So, I started looking for DEC Alpha's on Ebay. I eventually found what I wanted and ordered it. To "cluster" them was only a natural choice, from a management point of view. I wanted users to be able to "pick" if they wanted to use a VAX or a Alpha. OpenVMS clustering has been around for 20 years. It's incredibly mature/stable. Another point that I'd like to point out, it was _incredibly_ easy to setup. This way, the VAX and Alpha could "share" resources. So, if you have a account on any member of the cluster, you have a account on all members of the cluster. It's really nice, and the Unix community could take a lot of great ideas from OpenVMS clustering. It's been around forever. It's a incredibly stable environment. How I stated maintaining it? Welp, I created it. It's sort of a "little" project I started that just sort of "took off". I do get a little help from some people, but I do 99% of the day to day operations. Which, once setup, really isn't much! 3. Is the cluster expensive to maintain? Where does your funding come from? As I said, the MicroVAX 3100 was free. The Alpha, I had to buy. I believe I paid about $600.00 bucks for it. A little high, but it was what I really wanted at the time. Vistech Communications funds the link. Basically, I get a (pretty much) free place to put the cluster. The people at Vistech think it's really cool. They like it. Plus, I do 99% of the day to day network operations for the network and clients. So, since I decided I wanted it there, nobody really objected. So, month to month operations cost me nothing (Internet link wise). It's been pretty inexpensive so far. I'm just real lucky. 4. Providing free shell accounts with so many open services can be risky, any fear of someone using your system as a type of wingate? And if so, how do you protect yourself against this? Actually, OpenVMS protects me in a lot of ways. I sleep very well at night knowing OpenVMS has my back. We see lots of people trying to install IRC Bots, and other things that are not permitted. The thing is, and it even says on the main web page, this is _not_ Unix. They'd have to port it. They usually give up about 10 minutes after being on the system. The latest "exploits" won't run for the same reason (local and remote). I'm not saying some things _can't_ be ported, but these people are looking for a free ride. We do get a lot of users that use the system for nothing more than the BBS and IRC'ing. I'm okay with that. We also see people porting/writing code. We see people "testing" the security of our machines. I'm okay with that to... I actually encourage it. We haven't had any serious problems of people "mis-using" the system (knock on wood). The OpenVMS structure seem really ideal for this type of thing. I've run "open" Linux and OpenBSD boxes, and I have to say, this has been the best. That is, not having to worry about security problem so much. OpenVMS really protects itself well. The security model also protects itself from things like buffer overruns, format string bugs, etc. It's really quite neat how it works. We see lots of people trying to exploit overruns and such. This is _not_ to say OpenVMS is a bug-less, 100% secure OS. Every OS has flaws. OpenVMS does as well (I've seen them). It doesn't buckle under most typical attacks. It does have its problems, but people when testing security on the cluster seem to be trapped in the "Unix bugs" box. I really think that you have to step outside that box when dealing with OpenVMS. 5. What advantages and/or disadvantages does the OpenVMS operating system have when compared to other operating systems? Advantages: It also comes "out of the box" with tons, and ton's of compilers. FORTRAN, PASCAL, PERL, MARCO32/64, BASIC... Just to name a few. (Via the HOBBYIST program) It comes with a great security model. You can actually go over the top security wise. Full accounting, ACL's, non-exec stack (which seems to plague so many Unix type operating system). That's just to name a _few_ things. Its incredibly stable. The cluster withstands all sorts of stupid stuff. "HELP" actually HELPs! The hardware is pretty easy to find and reasonably priced. The OpenVMS hobbyist CD comes _packed_ with stuff. Pretty good for $30.00. Licensing is free. Disadvantages: Not to many "ports" to OpenVMS, so it's sometimes hard to find software. It's sometimes more difficult to cross-port stuff from Unix to OpenVMS. Compaq made a nice little porting suite, and that helps a lot, but it can still be difficult at times. Some support for things like SSH and Apache can be a pain. That is, you can get it (sometimes from third parties), but it still doesn't run great. I think I'm about to drop Apache, and it would be _nice_ if HP would ship with SSH client/server. Right now, I use Multinet for all our TCP/IP needs. It rocks, but SSH is still a little screwy at times. 6. How do you feel about other operating systems, such as UNIX, Linux, or yes, even Windows? As I sit here writing this on my Linux based laptop (Slackware -current, soon to be Slackware 9!), I love Unix. I've been using Linux since pre-1.0 kernel days. My first "distro" was SLS (Which later became Slackware). I'm a bit of a OS junkie. I run Solaris 9 on my SPARC at home. I'm down to one "dual boot" Linux/Windows box. Windows is still the best for games. Personally, I dislike Windows a lot. For my day to day needs, I see no reason to use Windows. For games, you almost have to. Linux is really pushing the desktop, but (unfortunately) thats still a ways away. I'm a big time Unix fan. Being a bit of a OS junkie, I've run tons of stuff.. NetBSD, FreeBSD, Linux, Solaris/SunOS, etc. You name it, I've probably at least played with it at sometime. I've really enjoyed watching the OpenBSD updates from 3.1 to 3.2. Things like "non-exec stacks" and other security related functions coming about. I think it's really cool. Being from the OpenVMS community, it's not new. I remember reading about OpenBSD taking that route, and thinking, "About time!". These are things the OpenVMS community has had for a decade! (Hell, maybe longer!). I know that there are patches for Linux/non-exec stacks and all that, but OpenBSD is making it a part of the _standard_ distro. I hope the 2.6 kernel for Linux does this. I haven't read if they will or not. Microsoft products.. I hate 'em. They can be difficult to debug problems... While stability is getting better, it's still not up to par with Unix (pick your flavor). I'd hate to have to depend on them. I'm not a huge fan at all. They screw things up for a lot of people (mangling "standard" protocols comes to mind). Basically, what I'm trying to say... They suck.. bad... 8. The most popular question of all, in your opinion, what is a hacker? Would you say you fit the definition? Hrm.. I'd say "hackers" got a bad name a good while back. When I was a "kid", you really had to "break into" computer systems to play with them. You couldn't really afford a Sun SPARC or a VAX. That was the only way to play with them! Things are different now. Guy's like the old "L0pht" showed that. You can now get a SPARC off e-bay, load Solaris and "hack it". Legally. So, my definition would be: Anyone wanting to understand and/or possibly create new and unique technology. Be it legal or not. I think the kids who _find_ "exploitz" for the latest "warez" are really cool. That's hacking. Making something (software/hardware) do something it's not meant to do. Downloading a "script" or DoS shit is definitely not "hacking". You could train a monkey to do it. 9. What is your opinion of the hacker world as it exists today? Part of me says, "it really sucks". Another part, says its pretty cool. The part that says, "it really sucks", thinks of script "kiddiez". It takes nothing to download the latest XYZ exploit, and find some generic machine to exploit. Thats pretty boring. The part that says its pretty cool has to do with people I've run into over the years. A lot of them I've run into starting the DeathRow cluster. Really smart people. The guys that actually understand the exploits, the guys who even write them. I've run into a lot of smart, cool, people. Those are the "hackers". 10. And finally, what plans do you have in store for the cluster, and yourself, in the future? Cluster wise, I'll probably add a couple more boxes. We're getting a lot of users. Maybe a couple of VAXen and Alphas. I've been thinking that I'd like to do DEFCON (or something), and put a Alpha with OpenVMS on the air. Maybe for a CTF event. sort of like what Pete Sivia did at DEFCON 9 (http://deathrow.vistech.net/ defcon.txt). I think it would be cool to be at something like that, but DECNET them over IP to the cluster I run. I'm still talking to people, but we'd need another admin to help out with that. ... For me... I'll continue playing with VMS. It's weird, this silly little project has gotten a good bit of publicity. I've been interviews by HP World, it's been on /.'ed. Seriously, this is not the main part of my life. I'll probably still hack away on weird projects. I've started building a Beowulf cluster, for fun (probably won't be open to the public). I'll probably just continue sitting in the dark back room, eating Pizza, writing code, and just playing with stuff. 8. *** Crosstalk *** > Frequency, I submitted an article a few months ago, and first off thanks for publishing it. It was called “The Fast and The Furious,” and dealt with modifying the appearance of laptops. I noticed there were several spelling corrections, as well as other grammatical modifications. Don’t throw this email away in disgust, I’m thankful for the corrections!! Nothing was modified except my grammar, but if I’m not mistaken, there was a time when you guys didn’t modify anything at all. I haven’t been there throughout, but why the change? [Master Blister] REPLY> You’re quite correct. Originally we never modified anything we received, we published whatever we got, however we got it. It was a way of allowing people to express themselves without fear of alteration. Since we’re dealing with personal opinions, changing a single line to make it easier to read could wind up destroying the author’s entire point. Eventually we reached a crossroads, either make an ezine that people hate to read, or clean it up slightly so that people will spread the word about it. This led us to make spelling corrections and other minute modifications. We never change sentences around or anything to that effect, we only make the article more readable. In fact, several of our authors have been contacted in the past for grammatical corrections, to ensure that their point survives any edits. > Frequency, Not to be an ass, but what happened to all the phreaking and radio stuff? I know the zine is meant for opinions and not technical stuff, but it would be nice to hear about telco stuff from time to time, or do I need equal access for that? [b0n0] REPLY> We publish what we receive, if you want phreak material, send some in and maybe others will follow. > Frequency, Whatever happened to those HAN II and H2K2 videos? We’re waiting. [anonymous] REPLY> *sigh* So am I…but they should be done soon. > Frequency, I know you guys have been off the air for a while, but FOR THE LOVE OF XENIX!!! WHAT THE HELL IS 623 !?!? I’M ABOUT TO START TAKING HOSTAGES!!! [manic depress] REPLY> 6 2 3 > Frequency, I thought it was time someone actually thanked you guys for the great job you’re doing. You may not realize it, but you’re doing a great thing for the entire hacker community. Even though the radio show isn’t on, Frequency is better than ever and I anxiously look forward to each issue. You’ve shown us all that a couple people with a computer and an imagination can create something that reaches the entire world, something that breaks through all barriers and gets a very important message across. Never give up guys, we need you. [Janey D’oh] REPLY> Wow, we’re speechless…thank you. > Frequency, Are you guys planning on attending Hope 2k4? I might actually be able to go this year, and would love to meet you, not to mention a lot of other people who read this zine. [lancer] REPLY> We wouldn’t miss HOPE 2004 for the world, and will definitely be there. Next time Dash and w1nt3rmut3 won’t have to scream out names, we plan on making it painfully obvious where we are…but why spoil the surprise? > Frequency, Great job on Freq26, one of the better issues I’ve seen. And congrats to Screamer for another excellent introduction (insert hugs and kisses here), I know his first name, but I won’t blurt it out ;) [Linda Lee] REPLY> You, and a good portion of North America. ========================================================= 9. *** Closing Arguments *** hackermind.net has finally been relaunched, and you can expect to see more and more features added in the coming weeks. As of now, we intend to have our usual sections (Frequency, Past Episodes, etc), along with newer sections. Some of these will include: scans, conference calls, hacker art gallery’s, and perhaps sections for hacker related stories or other artistic expressions. And naturally, we plan on creating some new episodes. That brings us to the next point, what’s going on with the show? Right now Dash is working 40 hour weeks to support his family, something he handles with the maturity of a person three times his age. Unfortunately, that leaves him unable to do a show…after all, who would have time to prepare with that hectic schedule? As of this writing, I have offered to create some shows on my own, with the invitation for Dash to come on always open. The problem is that he, quite understandably, hates the idea of the show continuing without him. Obviously no one wants to see him leave the show, or even be on less than usual, but if he’s simply unable to do it wouldn’t it be best to do what we can? We still have a lot of discussing to do, but hopefully we’ll reach a decision that best benefits our listeners. Hackermind listeners sure do have a lot of patience, and we thank you for it. But for those of you emailing me and asking where the hell the HAN II and H2K2 videos are, I can’t put it off any longer. Dash currently has the 8mm copies of all the material we recorded, but his 8mm VCR refuses to cooperate with the tapes. I’ve asked him as much as I possibly could to send them to me so I can put them into VHS format, but it’s now December and he has yet to do so. I’ve reminded him folks, I don’t know what else to do…if you want the tapes, all I can say is ask him. Maybe if you remind him to send them up to me they’ll get out faster. Freq26 seems to have received a lot of positive feedback, many seem to approve of the “Most Wanted” section…yet no one submitted anything, go figure. We’ll run it for a few more issues, but if no one uses it we may as well scrap it. Still, other portions of last months issue got a lot of feedback as well. The section “Kevin’s Story” really opened a lot of eyes, and we’re glad we could do our part to spread his word. It’s a shame he has to rely on websites and ezines to show his thoughts to the world, when it’s so easy for John Markoff to publish it in a newspaper. Once again, we see that the little guys have very little say in what happens. The people with the money and power are able to spread their message to however many people they want, we however, can only hope to reach a few via the net. I remind you of the R-Kelly saga, and how he was able to make a good portion of the country’s population cry with him through “his” difficult time. In case you forgot, he was allegedly seen on film having sex with an underage girl. You and I would be in prison, he shows the world his pain and is currently singing in concert. And since I can never be self-serving enough, a lot of people seemed to enjoy my introduction in issue 26. I’m not sure why exactly, but from what I can tell it seems to ring a bell for many readers. We’ve all had the chance to do something really cool right at our fingertips, but is it worth it? If the punishment is prison, I’ll say no, but the temptation remains. One reader who did not wish to have his letter published (although had no objections to my mentioning it) commented that breaking into a computer illegally is not like sex or drinking, as I had pointed out. Instead it’s more like robbing a bank, not that the two are similar in terms of severity, but that they are both temptations. Having sex carries personal risks, as does drinking, robbing a bank carries legal punishment. The introduction asked, with no apparent answer, whether it’s right or wrong to give into these temptations…yet if we’re looking at matters of criminal activity, it’s almost always wiser to not. He made some very good arguments, and I wish I could have printed his entire letter, but all I can do is comment. I agree with him in many ways, yet his analogy (I remind you, I hate virtually all computer/physical world analogies) does not always fit. You can easily get into a friends computer with no possible legal ramifications, but should you? In that case, it’s more about morals than legal matters. Finally, you wouldn’t believe how many Closing Arguments I went through before deciding on the one you just read. This past month has had so many ups and downs I think I’m getting nauseous. Fortunately we’re on the road to recovery, and hopefully the coming year will be one of our best ever. The hacker world will continue to thrive, and we can’t wait to cover all the highs and lows. But for now, we must part ways until the new year. See you all in 2003. -screamer ============================================================== 10. *** Most Wanted *** [Classifieds] ==Wanted: People With Certification Experience== Frequency would like to have a section dedicated to people who have either taken their certification tests, or are just about to, for an upcoming multi-part article. If you fit the mold, send Screamer a line at the usual address. =================================== ==Wanted: Anti-Hacker Writers== We’d love to have more people who oppose computer hacking write in, so if you hate computer hackers, or at least disagree with the things you read in this ezine, contact us with an editorial of your own. ========================= ========================================================= 11. *** Crew *** Editor in Chief – Screamer Chaotix Webmaster – Dash Interrupt Network Administrator – Leland D. Peng NT Specialist – Unreal Radio Specialist – w1nt3rmut3 Writers – JayX, Larry Z., Sir Cracksalot, Hammy, Da Beave Shout Outs – The Deathrow Cluster, Paul Oakenfold, Tom Clancy, Chandra North, Miller Cover – Screamer Chaotix (picture from www.victoriaspanties.com , not for kiddies! only immature 21 year olds…) SEND ARTICLES TO – articles@hackermind.net W W W . H A C K E R M I N D . N E T