The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / etc / misc / altphuk.faq < prev next >

Wrap

Text File | 2003-06-11 | 62.3 KB | 1,420 lines

_____ _ _____ _____ _ _ _ _ _ _ | _ | | | |_ _| | _ | | | | | | | | | | | / / | |_| | | | | | | |_| | | |_| | | | | | | |/ / | _ | | |__ | | _ | __/ | _ | _ | |_| | | |\ \ |_| |_| |____| |_| |_| |_| |_| |_| |_| \___/ |_| \_\ The UK Phreaks and Hackers Usenet News Group alt.ph.uk FAQ Version 0.5e (08/09/96) (Note: This is an unfinished Beta version, please treat it as such. I welcome *any* contributions to this FAQ to the address below. - Cheers, J.) -= phuk@madrab.demon.co.uk =- ----------------------------------------------------------------------------- Section 1 Introduction 1.1 About alt.ph.uk 1.1.1 What should and shouldn't be discussed? 1.1.2 Who reads alt.ph.uk? 1.2 Anonymous Remailers/PGP 1.3 Acknowledgements 1.4 New this revision 1.5 Where to get copies of this FAQ Section 2 Phreaking 2.1 Boxing 2.1.1 Which boxes work in the UK? 2.1.2 What are the UK DTMF tones? 2.1.3 What are the UK Red Box tones? 2.2 War-Dialling 2.3 Loops 2.4 How are 0800/0500 numbers used? 2.4.1 What are the 0800 89xxxx numbers for? 2.5 What is voicemail and what can I do with it? 2.6 Are there any UK CNA numbers? 2.7 Are there any UK numbers that always ring busy? 2.8 What is caller ID and what can I do with it? 2.9 Are there any 'interesting' operator/test numbers? 2.10 What is PBXing? 2.10.1 I am on a cable phone, can I get busted for PBXing? 2.10.2 Can I get busted for using international PBXs (ie. outside the UK)? 2.10.3 Intent to Pay 2.10.4 I dial through one PBX to another before I use it, so am I safe? 2.11 How do UK phone cards work? Section 3 Hacking 3.1 About UNIX hacking 3.1.1 How do I crack UNIX passwords ? 3.2 About VMS cracking 3.3 About PC cracking 3.3.1 How do I crack bios passwords ? 3.3.2 How can I crack the windows screen saver password ? 3.4 Where can I find out about hacking other systems ? 3.5 About Hacking TCP/IP 3.5.1 How do I do TCP/IP spoofing/packet seq prediction ? 3.6 About Novell Hacking 3.7 What is JANET? 3.8 I don't have a POP in my local area! 3.9 Are there any internet outdials in the UK ? Section 4 Misc 4.1 What does xxxx stand for ? 4.2 What is and isn't illegal ? 4.3 What should I do to avoid getting caught ? 4.4 Where can I meet other hackers / phreaks ? 4.5 What all this Kewl d00dz and 3l33t business ? 4.6 Where can I get warez ? 4.7 Are there any 'famous' UK Hackers/phreaks ? 4.8 What about hacking cable/satellite TV? 4.8.1 How do I build a cable TV descrambler? 4.8.2 So how do I decode the channels? 4.9 Who are British Telecom Security? 4.10 How do I find out my phone bill before it comes? Section 5 Resources 5.1 On the Internet 5.1.1 Newsgroups 5.1.2 Web Pages 5.1.3 FTP 5.1.4 Mailing Lists 5.1.5 Mags-EZines 5.2 In Print 5.2.1 Magazines 5.2.2 Books 5.3 Phone Numbers Section 6 Questions I would like answered in the next version of this FAQ - help! ----------------------------------------------------------------------------- Disclaimer & Legal Status of this document and its authors ----------------------------------------------------------------------------- It is not the intention of this FAQ or its authors to encourage people to break the law. If you hack or phreak, you may get caught and you could get fined or jailed. The author and contributors of this faq don't endorse or encourage the use of any of the information in this document. This article is provided as is without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in this article, the author and it contributors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. I disclaim everything I can. The contents of this article might be totally inaccurate, inappropriate, misguided, or otherwise perverse. Much of this FAQ is based on the personal views of its contributors. Copyright (c) 1996 by Glenn Pegden and Joel Rowbottom, all rights reserved. This FAQ may be posted to any USENET newsgroup, on-line service, or BBS as long as it is posted in its entirety and includes this copyright statement. This FAQ may not be distributed for financial gain. This FAQ may not be included in commercial collections or compilations without express permission from the author. If you find it on any such collection please mail phuk@madrab.demon.co.uk telling us where you saw it. ----------------------------------------------------------------------------- Section 1 - Introduction ----------------------------------------------------------------------------- 1.1 About alt.ph.uk ~~~~~~~~~~~~~~~~~~~ alt.ph.uk was originally formed to discuss issues relating to phone phreaking, hacking (and other related 'underground' activities) in the UK, given that the traditional hackers newsgroup alt.2600 had degenerated to such an extent as to be virtually useless and very US dominated. It was given birth on Thursday 26th January 1995, at 1:45am by 2600@otaku.demon.co.uk. PH is formed from the initial letters of -P-hreak and -H-ack. This FAQ is intended to reduce the bandwidth taken up with people asking the same questions over and over again. It is intended to complement other FAQs (eg. alt.2600, uk.telecom) and not replicate them. If anyone tries to ban it, it is obviously a group for the discussion of alternative philosophy in the UK. 1.1.1 What should and shouldn't be discussed in this group? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This group is primarily used to discuss the technical matters surrounding hacking and phreaking in the UK and closely related topics. This includes the UK phone system, hacking UK systems, issues relating to the UK underground etc, the main thing to remember is this is a UK group. Things to be avoided are those that can be dealt with better in other groups (especially the kind of questions that alt.2600 is plagued with such as sending fakemail/news, out of date boxes, IRC scripts, and 'where do I get kewl warez'). Check the newsgroups listed in section 5 of this faq for closely related newsgroups which may be more appropriate. Always try find the answer yourself first (see the list of references at the end of this FAQ), mentioning where you have looked for info often helps too. Other things to avoid to save you getting flamed are questions such as, How do I get free phone calls, Can I have a list of underground BBSs, How do I get an address for a phone number, How do I re-chip my mobile, how do I get root on a Unix box and other such lame questions. Try to avoid posting anything too juicy that would damage the community too much (If you've got hold of such info, then you'll probably know where to distribute it). The contributors to this FAQ are not omnipotent, we are capable of being wrong. Please tell us if we are. Newbies please take note, people in this group aren't generally receptive to private mail asking questions like 'How can I get free calls, re-chip my moby, or hack my Uni's Unix boxes' Don't waste your time or theirs; go and try to find out yourself then ask for help, not the other way round. 1.1.2 Who reads alt.ph.uk? ~~~~~~~~~~~~~~~~~~~~~~~~~~ It is beyond the scope of this document (as well as being downright unfair) to name names in this document, but it is well known that aside from being read by phreaks, hackers, etc. the newsgroup is also read (and has been written to) by such people as BT Security as well as journalists and many sysadmins. Generally it is to be presumed that the group is read by people who are actively involved in prosecuting hackers and phreaks, and thus if you *are* going to post sensitive information, it's a good idea to use an anonymous remailer if you're going to post the information at all (see the next section, 1.2). 1.2 Anonymous Remailers and PGP in newsgroups and mailings ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ As mentioned in the previous section, there's a lot of people out there who want to give phreakers and hackers a hard time. To make their life that little bit harder, some people prefer to be 'anonymous' on the news- groups and maillists. 1.2.1 Anonymous eMail ~~~~~~~~~~~~~~~~~~~~~ Remailers: Contrary to the popular belief, there are stacks of anonymous remailers out there. Remailers work by taking incoming messages from you, stripping off the headers and sending them on, although this is good enough for most of the time, the truly paranoid tend to string several remailers together to avoid the possibility of traffic analysis giving away their identity. Other options include PGP [see section 1.2.2] relay, random delays, random message size alteration, and so on. More info can be found from: http://www.cs.berkeley.edu/~raph/remailer-list.html (List of reliable remailers) http://www.c2.org/~raph/premail.html (info on Premail privacy tool) http://www.c2.org/anon.phtml (info on setting up alpha.c2.org pseudoanonymous account) http://www.eskimo.com/~joelm (info on Private Idaho privacy tool) 1.2.2 Anoymous Newsgroup Posting ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are a few ways of doing it properly, and thousands of ways of doing it wrongly. The Right way: Anonymous remailer -> Newsgroup At time of writing, three anonymous remailers support posting to newsgroups. For a current list, finger remailer-list@kiwi.cs.berkley.edu and look for the entries with 'post' beside them. Anonymous remailer -> Mail2News gateway Any one of the high quality remailers can be used to send mail to a mail2news gateway. There are a large number of these gateways, finding them is left as an exercise to the reader. (or to put it another way, I can't be bothered making a list!). Fake Mail -> Mail2News gateway Possible, but too much hassle for most, remember to test how 'fake' your mail is first by sending a message to yourself. The Wrong way: There are stacks, heres a few. Changing your 'From: ' field in your news reader. Changing all the 'Identity' details in Netscape. Making a post through the IHAVE protocol using a news host that adds the 'NNTP-Posting-Host: ' header line (almost all) And so on... If you want to remain anonymous, make the effort, or suffer the ridicule of your peers. 1.2.3 Pretty Good Privacy (PGP) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The whole PGP concept it too large to discuss in this document, so heres a short summary from the docs that come with it. "PGP (pretty good privacy) is a public key encryption package to protect email and datafiles. It lets you communicate securely with people you've never met, with no secure channels needed for prior exchange of keys. It's well featured and fast, with sophisticated key management, digital signatures, data compression, and ergonomic design." The latest versions of PGP are usually available by ftp from ftp.ox.ac.uk in /pub/crypto/pgp. Most internet service providers carry precompiled versions for various platforms on their ftp servers also. For more info read: alt.security.pgp* and sci.crypt on Usenet http://www.mit.edu/people/warlord/pgp-faq.html on the Web 1.3 Acknowledgements ~~~~~~~~~~~~~~~~~~~~ So far, most of the info in the file has been cribbed from the FAQs for the newsgroups listed at the end, and from postings to various newsgroups. Additional stuff was added by ColdFire, Slam-Tilt, Daemian, Micah, Per1com/Xer0, Arny, jrg, john@wine-gum.demon, Iain@kechb.demon, shin@dios.demon, V0mit, and gus@bmsysltd. 1.4 New this revision (0.5d) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maintainence taken over by Joel Rowbottom, phuk@madrab.demon.co.uk, as of 1/8/1996. I'll do it properly when I get a spare couple of hours ;-) - Updated section 1.2 to remove anon.penet.fi. - Updated sections 4.7, 5.1.2, 5.1.4, 6 - Added section 2.11 1.5 Where to get copies of this FAQ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This FAQ is posted every 21 days to the newsgroup alt.ph.uk. It may also be retrieved from the Madrab mail server by sending a message to: phukfaq@madrab.demon.co.uk This address is an autoresponder and you should receive the FAQ within a short while. Don't email phuk@madrab.demon.co.uk with requests, they will be ignored. ----------------------------------------------------------------------------- Section 2 - Phreaks & Phreaking ----------------------------------------------------------------------------- 2.0 Phreaking ~~~~~~~~~~~~~ Phreaks are people who enjoy learning about the phone system, especially the technical details, and the unpublished details that phone companies would rather we didn't know about. Phreaks are also interested in the workings of the phone company, and trying find ways around the system, often the billing and accounting procedures. A major part of Phreaking is attempting to obtain phone calls for free or below the rate at which the phone company would like to charge. The alt.ph.uk news group is not here to teach people how to defraud phone companies though, and most of the discussion is likely to be of purely technical interest. 2.1.0 Boxing ~~~~~~~~~~~~ Phreaks may also be interested in 'boxes', there are many types of boxes which have varying degrees of success, boxes are usually categorised by colour and offer a variety of facilities from seizing operator control of the line, and hence calling for free (Blue Box) and stopping calling party being billed (Black Box) to a charging ni-cads with your phone (Chartreuse Box), also various other add-ons such as amps, hold buttons, in-use lights etc. 2.1.1 Which boxes work in UK? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This list of boxes stolen from the alt.2600 FAQ and converted for the uk (this is just an 'educated' guess of what will or will not work in the uk, this is only in *theory* and any which I say will work will probably need a lot of modification to work, that's if you can find a schematic thats half way readable :) ) Acrylic Steal Three-Way-Calling, Call Waiting and programmable Call Forwarding on old 4-wire phone systems NO! Aqua Drain the voltage of the FBI lock-in-trace/trap-trace NO! Beige Linemans handset YES Black Allow callers to dial in for free NO Blast Phone microphone amplifier YES Blotto Supposedly shorts every fone out in the immediate area JOKE Blue Take operator control of a line (phone for free) NO Brown Create a party line from 2 phone lines YES Bud Tap into your neighbors phone line YES Chartreuse Use the electricity from your phone line YES Cheese Connect two phones to create a diverter YES Chrome Alter traffic lights NO Clear A telephone pickup coil and a small amp used to make free NO! calls on Fortress Phones Color Line activated telephone recorder YES Copper Cause crosstalk interference on an extender ??? Crimson Hold button YES Dark Re-route outgoing or incoming calls to another phone NO! Dayglo Connect to your neighbors phone line YES Divertor Re-route outgoing or incoming calls to another phone NO! DLOC Create a party line from 2 phone lines YES Gold Dialout router ??? Green Emulate the Coin Collect, Coin Return, and Ringback tones NO! Infinity Remotely activated phone tap YES Jack Touch-Tone key pad YES Light In-use light YES Lunch AM transmitter YES Magenta Connect a remote phone line to another remote phone line NO! Mauve Phone tap without cutting into a line ??? Neon External microphone YES Noise Create line noise YES Olive External ringer YES Party Create a party line from 2 phone lines YES Pearl Tone generator YES Pink Create a party line from 2 phone lines YES Purple Telephone hold button YES Rainbow Kill a trace by putting 120v into the phone line (joke) JOKE Razz Tap into your neighbors phone YES Red Free calls from payphones YES Rock Add music to your phone line YES Scarlet Cause a neighbors phone line to have poor reception YES Static Keep the voltage on a phone line high YES Switch Add hold, indicator lights, conferencing, etc.. ??? Tan Line activated telephone recorder YES Tron Reverse the phase of power to your house, causing your electric meter to run slower ??? TV Cable "See" sound waves on your TV ??? Urine Create a capacitative disturbance between the ring and tip wires in another's telephone headset ??? Violet Keep a payphone from hanging up NO! White Portable DTMF keypad YES Yellow Add an extension phone YES Any of the above the generate tones will have to be modified (see below). Box schematics may be retrieved from these FTP sites: ftp.netcom.com /pub/br/bradleym ftp.netcom.com /pub/va/vandal ftp.winternet.com /users/nitehwk 2.1.2 What are the UK DTMF tones? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1209Hz 1336Hz 1477Hz 1633Hz 697Hz 1 2 3 A 770Hz 4 5 6 B 852Hz 7 8 9 C 941Hz * 0 # D (See the comp.dcom.telecom FAQ for an explanation of the ABCD tones) 2.1.3 What are the UK Red Box tones? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Note: I have not tried these, they are rumoured to work - anyone got them to work OK? - J. ] 10p Length 200 milliseconds, Frequency 1000Hz. 20p 2 * The Above. 50p Length 350 milliseconds, Frequency 1000Hz. 1ukp 2 * The Above. Note that it is a 1000hz tone alone, and not dual tones etc. Also, for it to work, you must get the operator to connect your call. When told to insert the money, send your tones. 2.2 War-Dialling ~~~~~~~~~~~~~~~~ War-Dialling (aka scanning) is the practise of repetitively dialling phone numbers, to find out what is on the other end. These are mainly voices, although sometimes you may find trunks, carriers (modems), VMBs, FAXs, and other strange stuff. 'Tone-Loc' is a highly acclaimed package to aid scanning. Normally you scan a block of numbers (the most common scans are of 0800 / 0500 because they're free) and keep a log of anything interesting you find for later attention. Scanning may be illegal under the Computer Misuse Act [see Section 4.2]. 2.3 Loops ~~~~~~~~~ See the alt.2600 FAQ for an explanation of what loops are and how the can be used. There are virtually no known loops in the UK, mainly because if the do exist, no-one scans for them (because unlike the US, BT don't offer free local calls, so scanning is limited to 0800/0500 numbers). 2.4 How are 0800/0500 numbers used? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You pickup the phone, dial the number, and wait for them to answer :-). Other than that they're used in blue boxing, using calling cards, finding modems and voicemail/PBX abuse. The reason the get a lot of attention from phreaks is they are FREE! 2.4.1 What are the 0800 89xxxx numbers for? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ They are direct overseas lines (known as country direct numbers), most will ask you for pin numbers. BTs originally lumped all it direct overseas lines in this area, but it has now realised this wasn't such a good idea and is distributing them more evenly Mercury's country direct numbers are evenly distributed through out the 0500 xxxxxx range. Country direct numbers are numbers which forwards calls to a regular number in the remote country. I believe these numbers are arranged with your local Telco, who rent a number of 0800/0500 lines from BT/Mercury and pay BT/Mercury for incoming calls over them. The remote telco then resells these numbers to company's requiring a toll-free number from the UK. You are not charged for the call, the company you reach is paying for the call, as with all 0800/0500 numbers. 2.5 What is Voicemail (vmb) and what can I do with it? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ VMB (Voice Mail Boxes) are used by company to help manage internal phone systems. They offer a range of services from personal answer phones to internal routing of calls. One facility often abused is the ability to get an outside line. Try reading ColdFire's guide to Meridian Mail, the address of his web page can be found in section 5. Details of other VMBs are around, but I'm not sure where to find them on the net. 2.6 Are there UK CNA Numbers? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CNA stands for customer name and addresses. A CNA number is a phone number for telephone company personnel to call and get the name and address for a phone line BT do have their own internal service, but AFAIK there are none available to the public (unlike the US). 2.7 Are there any UK numbers that always ring busy / never answer? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ More info on this would be appreciated ] 2.8 What is Caller-ID and what can I do with it? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On modern exchanges BT sends the phone number of the number that called you (when possible), just before the first ring. BT will sell you a device to read these (approx 50quid at time of writing). Home-brew (obviously non BT Approved) are around. You *may* also have to pay BT for the recieving the data. Caller-ID modems are now also available which will transmit the data packet to a serial port of a computer. You can block the sending of your phone number you are dialling by prefixing it with 141. Your also have the number of the last person who called (from a phone that supplies caller ID) by dialing 1471 (on some exchanges this number can be automatically redialled by dialling 1474). 2.9 Are there any 'interesting' operator/test numbers? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following is from a list posted to alt.ph.uk a while back. If any have changed then please let me know (and any new ones too!). I admit that the term 'interesting' is used *very* vaguely here ;-) The numbers are:- 100 - Operator Assistance 112 - Emergency services (Euro standard number) 1170 - Sprint DMS100 test message 123 - Speaking clock (at the third stroke...) 131 - Mercury (Test pin - 1234567) 132 - Mercury 133 - Mercury Calling Card 141 - Withold Number. 144 - BT Charge card. 1470 - Release CLI 1471 - Number of last person who called 1474 - Access Withdrawn (Formerly callback) 150 - BT customer service (What customer service ? :) 151 - BT Faults (Home) 152 - BT Customer Enquiries 153 - International Directory Enquiries 154 - BT faults (Business) 155 - International Operator (Con em into dialing inwards :) 1571 - Call minder (Urghhh..) 1619 - Energis Card Service (Voice recognition) 1620 - Energis 1621 - Energis 1630 - NSS Metrocall (0800 376 7766) 1631 - NSS Metrocall 1639 - NSS metrocall 1656 - Telia 1660 - Worldcom (0500 20 3000) 1661 - Worldcom 1666 - Worldcom 1670 - Sprint 1678 - Sprint 17070 - ANI Test Number - Press 1 for >Ringback and hang up 17099 - Emergency services back door 175 - On updated exchanges will timeout for 190 seconds 176 - Line status Dial area code + Number (Works only on local exchange) 1810 - Telstra. 1812 - Telstra. 190 - BT Telegrams (Changed to 0800 190190) 192 - Directory Enquiries 195 - Directory Enquiries (for the blind) 198 - Operator Assistance (for the blind) The following are ones which are still seeking descriptions: 1431 1601 1602 1611 1616 1636 1637 17094 17095 1811 Of course, the best way to find your own is to scan for them using ToneLoc or a similar utility... or of course using a payphone and your fingers! 2.10 What is PBXing? ~~~~~~~~~~~~~~~~~~~~ PBX stands for Private Branch eXchange and is the term used to describe in-office telephone systems (eg. Meridian). You mustn't get PBX confused with VMB (although one can involve the other). A good dose of paranoia is always healthy when using such systems. If you do insist on using a PBX, diverting is better than nothing, and when you connect wait a few minutes before placing an outgoing call. Henceforth follow some common misconceptions about PBXing: 2.10.1 I am on a cable phone, can I get busted for PBXing? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yes! Cable companies have to co-operate under the law. Some cable companies actually have stricter policies than BT themselves. 2.10.2 Can I get busted for using international PBXs (ie. outside the UK)? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yes! Prosecution is a different matter though. But people have got in trouble for using 89/96x PBX's etc. in other countries. 2.10.3 Intent to Pay ~~~~~~~~~~~~~~~~~~~~ If I'm not in England (ie. Scotland/N.Ireland) therefore am I not covered by the 'fraudulent abstraction of electricity' and 'computer misuse' laws? I heard they have to prove 'intent not to pay?' WRONG! In fact, in these cases it might be worse, as they might choose to charge you under general fraud laws. 2.10.4 I dial through one PBX to another before I use it, so I am safe? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ No. Whilst it's much better than 'dialing direct' BT can trace things on their own network fairly easily. Things just take more time. If they trace you, they will put a monologue on your line.. It then doesnt matter how many things you dial through, as they'll have every DTMF you dial! 2.11 How do UK Phone cards work? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By now Mercury has probably phased out all their old Payphones which used magnetic stripe cards. Some of their street sites have been taken over by the Italian company Inter Phone who have reverted to coin operations. The Green BT cards use an optical system. The apparently black plastic is translucent in the infrared - hold a card up to a 60watt light bulb and you will see the purple stripes either side of the charge band on the printed side. The mechanism , by Landis & Gyr shines an infrared laser onto the underside ("black") side of the card. The charging strip has a diffraction grating pattern moulded into it which back scatters the light to a detector set at a certain angle. The angle is different for each Telecom operator. Once the call units have been used up a heating element melts the plastic on the printed surface sufficiently to leave a visible mark and enough to destroy the diffraction pattern at that point. The mechanism then makes a verifying read to check that this has worked and will not physically release the card until then. Any ideas about nail varnish etc making any difference are fiction. Simple, cheap, and hackproof so therefore the telecoms companies are rushing away to use smart cards instead ! The new BT smart cards have both an expiry date and a serial number, with presumably some sort of anti-fraud database lookup. Therefore, in principle, there is an audit trail of all the calls made using a particular card - will all bomb hoaxers, drug dealers and obscene callers remember not to use the same card to call home as well ? ----------------------------------------------------------------------------- Section 3 - Hacking ----------------------------------------------------------------------------- 3.0 Hacking ~~~~~~~~~~~~ In the sections below I frequently use the terms hackers and cracker, the actual meaning of the words will always be debated, but here is how I am using them. A Cracker is someone who breaks passwords, often without the need for a great deal of knowledge of the systems they are breaking into, just a few tools and techniques. A hacker on the other hand will take a great deal of time to learn about the system (s)he is hacking. A hacker will read all the manuals and documentation possible and newsgroups such as comp.security.misc. To learn about cracking read alt.2600 and sit on various irc channels, to learn about hacking RTFM, read everything you can get your hands on, have a desire to understand the machine you are hacking. 3.1 About UNIX hacking ~~~~~~~~~~~~~~~~~~~~~~ Unix is a fully multi-tasking multi-user operating system written in C; one of its strengths being its ability to network. There are versions of Unix for most systems from DEC AXPs to 386 PCs. A very large proportion of the hosts on the internet are running UNIX or Linux (the public-domain flavour of Unix). The net is full of unix security info, but a good starting point is Arny's UNIX hacking page (see section 5). 3.1.1 How do I crack UNIX passwords? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On some systems /etc/passwd contains and encrypted copy of your passwd Cracking programs (Alex Muffits 'crack' for UNIX, and CrackerJack for OS/2 and DOS are just two) try to *guess passwords by encrypting each word in a dictionary and comparing each encrypted word against each entry into /etc/passwd On other systems /etc/passwd doesn't store the password. It can be stored in a shadow file (that is not normally readable to normal users). To obtain the (encrypted) passwords you have to have a special program to read it. The source for a program to do this is obtainable from the alt.2600 FAQ. A third method is to use NIS (which again may or may not be shadowed). This may be readable by using the ypcat command. Again, see the alt.2600 FAQ again. 3.2 About VMS cracking ~~~~~~~~~~~~~~~~~~~~~~ Compared to UNIX, very little has been written about VMS security (security via obscurity ?). The password file is in sys$system:sysuaf.dat, but isn't normally readable to users. There are a couple of vms crack programs around if you can get you hands on sysuaf.dat 3.3 About PC cracking ~~~~~~~~~~~~~~~~~~~~~ PCs running single users OS's aren't normally passworded, the most common passwords are bios passwords. Sometime systems will run some software when they booted these can sometimes be halted (Under MSDOS try ctrl-C, also F5/F8 on DOS 6 onwards). Other things to look for are options to run software packages that often have a 'shell' option. Also try booting from a floppy and manually mounting remote disks. 3.3.1 How do I crack BIOS passwords? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This depends on what BIOS the machine has. Common BIOS's include AMI, Award, IBM and Phoenix. Numerous other BIOS's do exist, but these are the most common. Some BIOS's allow you to require a password be entered before the system will boot. Some BIOS's allow you to require a password to be entered before the BIOS setup may be accessed. Every BIOS must store this password information somewhere. If you are able to access the machine after it has been booted successfully, you may be able to view the password. You must know the memory address where the password is stored, and the format in which the password is stored. Or, you must have a program that knows these things. The most common BIOS password attack programs are for Ami BIOS. Some password attack programs will return the AMI BIOS password in plain text, some will return it in ASCII codes, some will return it in scan codes. This appears to be dependent not just on the password attacker, but also on the version of Ami BIOS. To obtain Ami BIOS password attackers, ftp to oak.oakland.edu /simtel/msdos/sysutil/. If you cannot access the machine after if has been powered up, it is still possible to get past the password. The password is stored in CMOS memory that is maintained while the PC is powered off by a small battery, which is attached to the motherboard. If you remove this battery, all CMOS information will be lost. You will need to re-enter the correct CMOS setup information to use the machine. The machines owner or user will most likely be alarmed when it is discovered that the BIOS password has been deleted. 3.3.2 How can I crack the windows screen saver password? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ I haven't had chance to check either of these Can someone please confirm / disprove them please ] To remove the password all together (presuming it hasn't locked already) edit control.ini, edit the line that says PWProtected=1 to =0 and in the [ScreenSaver] section, where it says Password=12345 (where 12345 is the encrypted password) change it to Password= Now when prompted for a password just press return If it is active, drag the window prompting you for the password around with the mouse (making the active window). Then press ctrl-alt-del (having 3 hands would be a help :). This should then give you the option to quit active application. [ You may have to put something in control.ini to enable this ? - Info anyone ] 3.4 Where can I find out about hacking other systems? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The alt.2600 FAQ is a good place to start looking. As are the comp.security newsgroups. 3.5.0 About Hacking TCP/IP ~~~~~~~~~~~~~~~~~~~~~~~~~~ TCP/IP is the protocol used for hosts to communicate on the internet, understanding TCP/IP is often as useful (if not more useful) than understanding the individual operating systems 3.5.1 How do I do TCP/IP spoofing/packet sequence prediction? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Learn low level TCP/IP. Basically with IP you can pretend to be any machine you want to be, i.e. you dont *have* to put your own IP address as the 'source address' in the datagrams (or packets) that you send out. Unfortunately though, any reply to your faked packets will normally go to the real machine, which kinda makes it difficult to use TCP since TCP envolves a two way flow of IP datagrams both to and from your machine. However you can to some extent get round this by guessing some of the contents (ie. the sequence numbers) of the lost datagrams that were sent to the real machine. If anyone has had any success with this, plaese tell us :) 3.7 About Novell Hacking ~~~~~~~~~~~~~~~~~~~~~~~~ (Glenn writes...) "I know next to nothing about Novell hacking, other than the passwords file is stored in the bindery and older versions of Novell had a system call called VerifyBindaryObjectPassword that when given an account and password wouth say if they matched. This was very useful for knocking up quick Novell versions of Crack. I believe also something clever can be done when you run Netware Lite over the top of normal Netware." I'll write something when I get chance to confirm some things, but if anyone has anything to add here please get in touch! 3.6 What is JANET? ~~~~~~~~~~~~~~~~~~ Janet is the UK academic backbone, it was once an X25 network that was only connected to the internet via a few (over worked and oftern hacked) gateways, but now SuperJanet is a genuine internet backbone. JANET is managed from machines at ukerna.ac.uk. A lot of hackers use university machines for several reasons (lack of security, no phone bills, fast links, being at Uni, etc) JANET stands for Joint Academic NETwork. 3.7 I don't have a POP in my local area, what can I do? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get a better ISP! ;-) Universities are often very good at giving away accounts, and simply asking often works (especially if you're unemployed, an ex-student, or a student at another Uni). Universities are getting more paranoid now though, so choose carefully where you want your account to be. A (not too recent) list of University dial-ups can be found on ColdFires Web Page. Many hackers uses 0800 pads / trunks / VMBs to hack from. It's also worth checking your phone book, BTs 'local' areas can be surprisingly large. 3.8 Are there any internet outdials in the UK? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Yes, but with local calls not being free in the UK these are obviously not made public. ----------------------------------------------------------------------------- Section 4 - Miscellany ----------------------------------------------------------------------------- 4.1 What does xxxx stand for? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the alt.2600 faq for an excellent list of acronyms. Also try the jargon file (see Section 5). 4.2 What is and isn't illegal? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I'm no legal expert, so this may be rubbish... ;-) [*********************************************************************** If a legal expert -would- like to clarify these points, please please do so There is a general feeling that nobody knows what they can and can't be prosecuted for. I would be pleased to listen (in confidence if required) to anyone who can be of help. *********************************************************************** ] Unfortunately, unlike the US you may be liable for information you give out, so you should be careful what you post to the group. See section 1 for info on anonymous remailers and PGP. Unauthorised computer access (or simply attempting it) is now illegal under the Computer Misuse Act 1990. (See Coldfires Web Page for more info) It has been mentioned that Criminal Justice Act and Public Order Act may include legislation on possession of material explaining illegal acts. This will include hacking text files. That is why this file doesn't tell you how to hack ! Telecom law is less specific, in general defrauding an phone company is illegal, connecting un-approved devices to a BT network is 'unlawful' and 'prohibited'. I am unsure whether this includes sending tones from a hand-held dial or personal-stereo. Using BT test codes may not be illegal, but is probably in breach of your contact with them The following is ColdFires interpretation of the legalities of War-Dialling All the following is my opinion, as I have no legal qualifications DO NOT rely on it to be the case. Until wardialing is tested in court no one will know for sure, now, who wants to be the test case :) Quote from the Computer Misuse Act (1990) Section 1: 1(1) A person is guilty of an offence if a) he causes a computer to perform any function with intent to secure access to any program or data held in a computer b) the access he intends to secure is unauthorised or c) he knows at the time when he causes the computer to perform the function that this is the case. 1(2) The intent a person has to commit an offence under this section need not be directed at a) any particular program or data b) a program or data of any particular kind or c) a program or data held in any particular computer. 1(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or both. As you can see, causing a computer to perform any function with intent to secure unauthorized access to a computer is illegal. If you are wardialing to find carrier, and then intend to gain unauthorized access, then war dialling IS illegal (In my opinion) As most voicemail system can be classified as computer systems war- dialling for VMB's with the intent of gaining unauthorized access to the VMB system is illegal. The same applies to PBX's I believe, from my interpretation of the law, that war-dialling is illegal under the Computer Misuse Act (1990). Of course to prosecute you under this law it would have to be proven that you intended to gain unauthorised access to a computer (note: computer is not defined under the act). Obviously this only applies to automated wardialing, dialling by hand is not covered by this :) Another comment that he made was on the use of system logs as evidence Log files make crap evidence, for a start they're easily forged, and you're reliant upon computer generated evidence. What jury will believe a computer over a human ? At best log files are supporting evidence, in most cases they only show logins, connections and other impersonal evidence, no log can say *BEYOND REASONABLE DOUBT* that someone did something, if in doubt deny everything, after all its the job of the prosecution to *PROVE* you are guilty. Things to check out are The Computer Misuse Act (1990) Telecommunications Act (1984) Criminal Justice and Public Order Act (1994 ?) 4.3 What should I do to avoid getting caught? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Basically don't break the law! You can't be prosecuted for -knowing- how to do things (can you?), but if you do hack/phreak, follow this advice, don't get greedy, don't use any dodgy number / account for too long, don't go boasting to your mates (especially on alt.ph.uk), when phreaking, try to route your call so you are harder to trace, never dial direct from your own home. When hacking, again try to cover you tracks, the more accounts / nodes you use the harder you are to trace. Another piece of sound advice came from the editor of Phrack Chris Goggans. Don't hack on your own door step, prosecuting someone in another country is such a problem it's often not worth the effort. 4.4 Where can I meet other hackers / phreaks? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2600 meets are held on the first friday of the month all over the world. After the initial meeting they generally move to a local pub/pizza hut/Phone Exchange :). UK meets happen in - London Next to the VR machines in The Trocadero. Starts 7:00pm-7:45pm. Bristol The payphones near the Almshouse pub (part of the Galleries). Starts 6:45pm to 7:00pm; Pay phone numbers are +44-(0)117-929-9011, 929-4437, 922-6897. Email an306079@anon.penet.fi for more info. (Not sure if this meeting is still going - can someone confirm this for me please?). Manchester Meet at Cyberia Cafe, Oxford Road, at around 7pm. Email chase@webspan.net for more info. Hull Meet in the Old Grey Mare, Cottingham Road, at around 7pm. The meeting dates change for this, as it depends on when the Uni is in session, so check before travelling. Email hph@madrab.demon.co.uk for more info or check out the hackHull web page (URL in section 5.1.2). Leeds Meet on the second Friday of each month outside the payphones on Leeds Train Station (next to John Menzies). 4.5 What all this Kewl d00dz and 3l33t business? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ One explanation offered is ... "It all stems from warez, warez d00dz 'traffic' warez (pirated software). The practice of intentionally miss-spelling words and changing letters for numbers etc come partly from the necessity to 'hide' files. So if someone (especially a sysadm) decides to search the entire disk for a known software title, they wouldn't be found" ...others claim its just sad kiddies who think it cool (or is that kewl :-) ) 4.6 Where can I get warez? ~~~~~~~~~~~~~~~~~~~~~~~~~~ Sunday markets seem to be doing a roaring trade in Blobby/Ghost/Playdoh/Tango CDs, and asking where to get them on the alt.ph.uk probably wont get you a sensible reply. Try hanging around on #warez on irc (and its many derivatives, although I believe you need to know the name of someone already on to get an invite) and alt.binaries.ibm-pc.warez. There are also many Warez BBSs in the UK. 4.7 Are there any 'famous' UK Hackers/phreaks? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Steve Gold and Robert Schifreen were the first hacker/phreaks to become well known in the UK (other than those in the old Bailey trail but that was long before). They were responsible for hacking prestel in 1984 and gained notoriety for hacking the Prince Phillips mailbox through gaining system manager status on the prestel system. They were raided on 10th April 1985 and were charged with forgery, there being no anti-hacking laws in the UK at that time. Found guilty Schifreen was fined 750ukp and Gold 650ukp, with 1,000ukp costs each. On appeal they were acquitted of all charges :) Neither continue to hack and are now freelance journalists. Robert Schifreen was also known as Hex and Triludan the Warrior Nick Whitely specialized in ICL mainframes, he committed his first hack around January 1988 breaking into an ICL at Queen Mary College, going on to hack Hull, Nottingham, Bath and Belfast Universities, always ICL's. He was raided on 6th July 1988, charged with Criminal Damage and released on Bail. In 1990 he was tried for Criminal Damage and cleared of criminal damage to computer hardware, but found guilty of two charges of damaging disks. He was given 1 Year, 8 months suspended and served 2 months. His appeal was dismissed. Paul Bedworth, member of 8lgm, was arrested in June 1991 and has the privilege of being the first person to be tried under the Computer Misuse Act 1990. He was acquitted of all charges in March 1993 after successfully proving his 'addiction' to hacking after a 15 day trial. Bedworth when on to do a degree in artificial intelligence at Edinburgh University. His handle was Wandii. Neil Woods and Karl Strickland, were and still are the main members of 8lgm (8 legged grove machine). As far as I know they were arrested around the same time as Paul Bedworth, June 1991. But didn't stand trial till May 1993. They both (I think) pleaded guilty, and were convicted for six months each. They were the first people to be jailed under the Computer Misuse Act (1990). They publish the 8lgm security advisories, and act as computer security consultants. Neil Woods is certainly an active security consultant. Neil Woods was also known as pad and Karl Strickland as Gandalf. This is what 8lgm say about themselves : "[8lgm] was created in early 1989 by several individuals with a common interest in computer security. Up until 1991, [8lgm] members actively used vulnerabilities to obtain access to many computer systems world-wide. After this period, any results of research have been reported and passed onto vendors." See section 5 for details of the 8lgm WWW page Eddie Singh was first arrested in (approx) 1988 for breaking into the University of Surrey terminal rooms. He used the nickname Camelot and was arrested very soon after the Computer Misuse Act came into operation for hacking the Ritz video chain. There is a book about him: "Beating the System (Hackers Phreakers and Electronic Spies)" by Owen Bowcott and Sally Hamiliton (ISBN: 7475 0513 6 published by Bloomsbury Press, 1990) Michael J Bevan - Fuji (?) and Richard Price are currently being prosecuted for alledgedly breaking into US Airforce computers from the UK. Next hearing in November. Serious Government Security interest in this case ! Coldfire seems to have had his computers, phones, etc. seized (including a new Sun Sparc). This could be because press attention was focused on him and his home page (no longer online). 4.8 What about hacking cable/satellite TV? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ V0mit has the following to say on this subject: 4.8.1 How do I build a Cable TV Descrambler? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are many different types of Cable box in use in the UK. This deals with Jerrolds (The most common type), But also generally covers most boxes (Like Scientific Atlanta etc). If anyone has any more specifics on other types, please feel free to e-mail phuk@madrab.demon.co.uk with updates, corrections etc. to this.. Firstly though, MANY cable companies only scramble SOME of their channels (usually Premiums) and some apparently scramble NONE at all! (Though this is becoming less and less common). However, these signals are usually sent well out of the range of frequencies that your average TV can pick up. All the cable box is there for in cases like this is to 'convert down' these frequencies into something that most TV's can tune in to. TV's vary wildly in what freq. range they can pick up. So the best bet is to disconnect the cable from the box, plug it directly into the back of your TV, and 'tune around' and see what you find!.. and try all your TV sets if you have more than one. You should find a few unscrambled channels if you're lucky.. 'The Box' (A music channel) is usually always sent unscrambled, amongst others.. Some Televisions (Nokia make one) can tune into all of these higher frequencies already. This type of TV is known in the USA as a 'cable ready' television. I know that Maplin Electronics also sell something that can convert down the higher frequencies used by the Cable signals for most televisions to view. Take a look at http://www.hackers.org.uk/hph/ for the infamous Hull cable TV hack which uses this facility. However, whilst just about everyone should be able to get some unscrambled channels using this method, all the good stuff (yes, porno channels, you shameless people), Sky One, etc. is usually scrambled. 4.8.2 How do I Descramble them? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Some old boxes do simple things to the horizontal and vertical sync of the picture, and don't touch the sound etc. In cases like this it is probably feasible to try and build a descrambler if you know what you are doing. However, most modern boxes use some fairly ackward techniques. So people thought: "Hmm, instead of building a descrambler, how about making the cable box (which already has the descrambler built in) do all the hard work for you?". So the 'test chip' and 'Cube' where born. If you thought that to let you view a particular channel cable companies had to switch some thing externally, you are wrong. In fact in most systems all the channels are present when they reach your box. It is your box that is programmed to stop you seeing these channels, Not something outside the home! The only exception to this is possibly a very few companies who use 'filtering' methods, ie. they use computerised 'smart filters' outside the home which filter out premium channels etc. and control what you can and cannot see. If your cable co uses this type of system (I know none that do in the UK) Then you are screwed. (Either that or it's time to go pay a rich neighbour a visit with some wire cutters, a spade, and a length of cable wire long enuff to reach your house :) The one positive side to this method is that all signals are sent in the clear, and the ones you dont pay for are filtered out. And so, if you have a 'cable ready' TV, it eliminates the need for a box. The following applies to 'Jerrold' cable boxes, But can also be assumed to apply to most modern cable boxes like Scientific Atlanta etc. All cable boxes contain a serial number. Your cable co. has this number on record in their computers. When you phone and say "I'd like to subscribe to the Racing Channel, Cause its great value at only 20 quid a month" They simply type in the computer you are allowed to see that channel. The cable co. then sends a signal to your box saying box AB 1234567890 is allowed to see channel 33. Your cable box contains a modem that receives data from the cable co. in the form of an FM signal. The box specifically looks out for instructions to its serial number, and obeys. It can be told where specific channels go, (Show BBC1 on ch 21 etc) can disconnect your service, or can show what are called 'barker' channels in place of the premium channels (Unless it's told different ;). This FM signal is known as the cable boxes 'data stream'. However, cable companies dont just send the data stream to your box the once and then thats it. They send instructions to everyones box constantly looping around you all. And so, on a small system with a few people your box might be updated every few minutes, or on a larger one the box might be updated every 20 minutes etc. This ensures everyone gets what they pay for. And so, the point is that you don't build a descrambler - you trick your cable box into thinking you're allowed to see the premium channels! This can be done in two ways: 1. By Cube. 2. By Test chip. Both have their advantages and disadvantages, much of which is outside ths scope of this document and therefore you are encouraged to seek further information elsewhere. Finally, because there are no UK sources for this type of thing EVERYONE must get cubes/test chips etc. from the USA. And the UK being the UK has to be a bit awkward and do it slightly different from the US. Data streams there are 99 times out of 100 one of four frequencies between 88-108.5 FM. However, here the data stream is often found at higher rates like 122.75Mhz etc. (ie. outside the normal FM wave band). If unsure, get yourself a scanner that can tune that high, plug your cable into it, and search around for your data stream. Once you find it let the company know, and many will be happy to modify it for you before shipping to the UK. You need to know this or your cube will not work! Also read rec.video.cable-tv for a while and you might pick up some stuff. 4.9 Who are British Telecom Security? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BT security is basically made up of the following four sections: 1. Directorate Of Security & Investigation. The focal point for 'expertise' within the group. Director Of Security & Investigation. Room A740 BT Centre 81 Newgate Street London EC1A 7AJ Tel: 0171 356 4928. Fax: 0171 356 5909. 2. Commercial Security Unit Room A169 BT Centre 81 Newgate Street London EC1A 7AJ Tel: 0171 356 5234. Fax: 0171 356 6068. 3. Specialist Services Unit. Libra House. Sunrise Parkway. Milton Keynes MK14 6PH. Tel: 01908 693939. Fax: 01908 693961. 4. Investigation And Detection. Libra House. Sunrise Parkway. Milton Keynes MK14 6PH. Tel: 01908 693838/3839 ;'Help desk' Fax: 01908 693860. Also : 01908 693800... It's this last one which is responsible for actually 'busting' people for nicking 0.00005v of electricity. It's mainly two of them who come see you: Adrian Goram and Stephen Byrom. You'll probably get one or the other if you're ever fortunate enough to get in trouble with BT. And apparently they insists those are their real names. 4.10 How do I find out my phone bill before it comes? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There is an automated service on 0800 854608 which will give you your bill amount, so you can start saving! When you call, dial ** followed by your full number including STD code, then the first eight digits of your account number (situated at the top of your last bill). ----------------------------------------------------------------------------- Section 5 - Resources ----------------------------------------------------------------------------- The following sources may be of interest A very good list of resources is available in the alt.2600 faq, but these are my recommendations. 5.1 On the net ~~~~~~~~~~~~~~ These are constantly changing and thus some may not work by the time you read this. Please do keep us updated about what's new and what's old. 5.1.1 Newsgroups ~~~~~~~~~~~~~~~~~ alt.ph.uk - This group ! alt.2600 - Hacking & Cracking alt.dcom.telecom - Telecom alt.hackers - Hacking (in the old sense of the word) alt.cellular-phone-tech - Mobile Phones alt.security - Computer Security comp.dcom.telecom - Telecom [moderated] comp.dcom.telecom.tech - Technical telecom comp.dcom.cellular - Cellular telecom comp.security.unix - Unix security comp.security.misc - Computer Security de.org.ccc - See what the German scene is up to courtesy of the Chaos Computer Club, who usually run a Congress around Christmas/New Year uk.telecom - UK Telecom Issues 5.1.2 Web Pages ~~~~~~~~~~~~~~~ The L0pht - http://www.l0pht.com/ EFF - http://www.eff.org/ The UK.Telecom FAQ Page - http://wwww.gbnet.net/net/uk-telecom/ 8lgm - http://www.8lgm.org/ 2600 Magazine - http://www.2600.com/ 2600 Bristol Meets - http://metro.turnpike.net/H/hagar/2600.html FireWalls - http://www.tis.com/Home/NetworkSecurity/Firewalls/Firewalls.html alt.2600 FAQ - http://www.engin.umich.edu/~jgotts/hack-faq.html TELECOM Digest FAQ - http://www.wiltel.com/telecomd/tele_faq.html hackHull & Co. - http://www.hackers.org.uk/hph/ Geek - http://www.geek.org.uk/ ITU archive, - gopher://info.itu.ch:70/ http://www.itu.ch/ OFTEL - http://www.open.gov.uk/oftel/oftelwww/oftelhm.htm ICSTIS - http://www.icstis.org.uk/ UK ISDN FAQ - http://www.multithread.co.uk/isdnfaq.htm Telephone charging - http://www.gold.net/users/cdwf/phones/charging.html 5.1.3 FTP ~~~~~~~~~ The L0pht - ftp://ftp.l0pht.com Routes - ftp://ftp.netcom.com/pub/da/daemon9 Spies - ftp://ftp.spies.com EFF - ftp://ftp.eff.org Firewalls - ftp://ftp.tis.com/pub/firewalls/isoc94.ps.Z Firewalls - ftp://research.att.com/dist/internet_security/* The Jargon File - ftp://prep.ai.mit.edu/pub/gnu/jarg320.txt.gz Security Archives - ftp://ftp.ox.ac.uk/pub/security 5.1.4 Mailing Lists ~~~~~~~~~~~~~~~~~~~ Firewalls mail majordomo@greatcircle.com and put SUBSCRIBE FIREWALLS-DIGEST in the body of the message. Orange (check out http://info.mcc.ac.uk/Orange for more details) hackHull? mail listserv@madrab.demon.co.uk and put SUBSCRIBE HACKHULL in the body of the message. BoS (Best of Security) maillist can someone provide me with info please? Access All Areas Planning and discussion for the next Access All Areas event The Access All Areas Mailing List - mail majordomo@access.org.uk with the word 'help' in the body of the message for more information 5.1.5. Mags-EZines ~~~~~~~~~~~~~~~~~~ Phrack (http://www.scit.wlv.ac.uk/~cs6171/phrack/phrackindex.html) CuD (ftp://ftp.warwick.ac.uk/cud/) ???? Condor (http://mindlink.net/A7657/) P/H-UK (http://www.paranoia.com/~coldfire/files/phuk/) 5.1.6 TV & Film ~~~~~~~~~~~~~~~ Unauthorized Access (http://bianca.com/bump/ua/) War Games, Sneakers et al :) Hackers (http://www.digiplanet.com/hackers/) The Net (not as good as Hackers, but worth it for Sandra Bullock ;-) 5.2 In Print ~~~~~~~~~~~~ 5.2.1 Mags ~~~~~~~~~~ 2600 magazine (Available at Tower Records, London, or direct from AK Press at http://www.obsolete.com/ak/ or by phoning 0131-667-1507 [Edinburgh]) Wired (The US version) Mondo 2000 Blacklisted! 411 (Does anyone know of a UK source for this mag?) 5.2.2 Books ~~~~~~~~~~~ (About Hackers) Cyberpunk: Outlaw & Hackers on the computer Frontier Katie Hafner and John Markoff - ISBN 1-872180-94-9 (3 Accounts in one book, Mitniks Early Years, widely discredited by people close to him. Pengo and The Chaos Computer Club (which ties in with The Cuckoo's Egg') and Robert 'Internet Worm' Morris The Cuckoo's Egg Clifford Stoll (Techno Hippy gets compulsive about East German Hacker) Hackers Steven Levy (Early days of Old-Style MIT hackers) Approaching Zero Beating the System (Hackers, Phreakers and Electronic Spies) Owen Bowcott and Sally Hamiliton. ISBN: 7475 0513 6 Computer Hacking: Detection and Protection, Sigma Press 1995?, UK - ISBN 1-85058-538-5 (About Systems) Any Tech Ref Manual you can lay your hands on Far too many to mention 5.3 Phone numbers ~~~~~~~~~~~~~~~~~ UK Interesting phone numbers Check out the uk.telecom FAQ for a good starting list of phone numbers ----------------------------------------------------------------------------- Section 6 - Questions to be answered in the next version of the FAQ - Help! ----------------------------------------------------------------------------- Who created alt.ph.uk? Anthing contained in [] above :) Short sections on Novell, Cellphones Sources of 2600 magazine in the UK (except for Tower & AK, that is) --