The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / a_m / ctelec4.txt < prev next >

Wrap

Text File | 2003-06-11 | 54.0 KB | 921 lines

Cybertek Electric: Issue #4 7/30/96 óss es flestra ferdha för; en skálpr es sverdha / |\ /| /|\ |\ |\ /| |-\ \ / / | \ / | / | \ | \ | \ / | | \ \ / / | \ / | / | \ | \ | \ / | | > / \ / / | \/ | / | \ | / | \/ | | / / / / \ | | | | < | | | \ / / \ \ | | | | \ | | | > \ / \ \ | | | | \ | | | / \ \ \ | | | | \ | | |-/ \ \ I know a fifteenth, which Thiodhroerir the dwarf sang before Delling's door. He sang might to the Aesir, power to the elves, and understanding to Odin. Cybertek Electric: Issue Four July 30, 1996 edited by Thomas Icom/IIRG <ticom@l0pht.com> <thomas.icom@iirg.com> Complements of OCL/Magnitude's Project Blackthorn, and The International Information Retrieval Guild (IIRG) Table of Contents ================= * Hacking the Human Body by Mujahadin * From Crossbows to Cryptography: Techno-Thwarting The State by Chuck Hammill * Vesoft and the Hewlett Packard 3000 by Black IC ---/////--- Hacking the Human Body by Mujahadin Many of us in the computer 'underground' are used to seeing various postings about bugs and backdoors in various pieces of software and hardware that make up this vast culture that we are a part of. But how many of us know, that for example, the human body contains many weaknesses, bugs if you will, that can be exploited just as easily as Wu_ftp? The reasons for this knowledge not being widely available are obvious. The people who hold these secrets are like the master hackers who only give out these powerful secrets to those they implicitly trust, or to those who have shown their worth by diligent study and application of requisite materials. It is not my purpose here to disseminate such information recklessly. Rather it is to impart the reader with a respect for the capabilities of the human body and the weaknesses contained therein, and of some of the basic ways these can be used to protect yourself against a physical attack in the most effective way possible....you don't want your aggressor to get back up. It NEVER pays to be a nice guy during the escalation of a physical confrontation. Only in the movies do the nice guys walk away, and not have to turn around. First some background concerning body mechanics. The human body, whether through evolution or divine creation, moves with circular motion on many axes simultaneously. Next time you walk to the bathroom or to the refrigerator to refill your beer stein, try walking rigid, like a robot would, using just linear motion. You will see immediately that this is an UNnatural method of movement and how uncomfortable it is and to help me prove the theory behind this article, just how much motion is wasted by this linear activity. It takes a CONCERTED effort to maintain balance in this robotic movement. So now we see the economy of motion and ease of action that the natural way our bodies want to move gives us. Using this economy of motion and ease of action now takes us to my next point, physically manipulating the human body in an unnatural fashion. While many parts of the human body are very flexible, we can say that nothing has full 360 degree rotation, and it is in this area I will address most of this article to. Joint manipulation is the easiest way to start the discussion. The best way to describe a joint manipulation is by example. Open your right hand exposing the palm upward. Then place the index finger of your left hand (with the rest of the fingers tucked in) into the right palm. Now close your right hand around your index finger. Rotate your right hand around feeling the limits of movement and committing them to memory. Open the right hand back up and put the index finger AND the middle finger of the left hand both in the palm, closing it. Rotate the right hand once again sensing the difference this makes in this technique. Two fingers are ALWAYS better than one, however, make sure that the two fingers you plan on seizing are located next to each other on the hand.. or else you may lose your grasp due to the difficult to grab shape this makes. One can also grab separate fingers on an attackers same hand using both of your hands. This is a great technique and is called separating the bone. Try this on a friend (or enemy), but if on a friendly victim be sure to be careful, and have the action performed on you so you know what this feels like. Moving to the wrist. There are plenty of things to do with the wrists but for the sake of clarity I wont be discussing these much because placement of the hands is very important and since I don't have the tools at my disposal to include photographs, then I wouldn't want anyone to feel secure with just a text example. But I will say this: get a friend and try out the rotational limits of the wrist using one hand and then two. That's as easy as I can make it without photos and for the sake of wasted bandwidth. The elbow is a very self-explanatory structure, limitwise. The forearm has some rotation from the elbow due to the radial and ulna, but this is secondary to the lack of real movement that the elbow has. This makes it an extremely vulnerable architecture when it does become accessible for a technique. This is the problem though, because the elbow tends to stay behind the weapon that precedes it. Namely the fist or whatever the fist is holding. If one was truly skilled at circular motion then it would be no problem to simply circle around an attack to make the elbow more accessible, or avert an attack and depend on the attackers over exertion of his own sphere of influence....his own over extension of his circular motion, which by the way helps us make another point. Depending on the attacker to not be in tune with his own natural motion, to be clumsy and aloof, ignorant of how he moves, can also be a great key in overcoming an opponent. Sort of like a buffer overwrite.... get the attacker to overcommit...when he/she does, then take the advantage. If you happen to get this far then personally I wouldn't go for the elbow at this juncture, but for the purpose of discussion if you get in a bind and you have hold of an arm, then pull downward violently to shake the opponent, causing a mild shock to the back of the head where it meets the neck (this actually happens). Do your best to take advantage in this moment of weakness by turning the arm over placing another hand on the outside of the elbow pressuring downwards. Experimentation with this pressure is absolutely necessary for you to feel how this works. Also don't place the hand too high or too low... this can cause the attacker to fold his elbow, opening you up to a vicious counterattack with one of the body's most powerful weapons. Interesting that one of the bodies weakest structures at its opposition, can become one of the strongest weapons the body has. As for the shoulder, just move your own shoulder around to its extremes and you will easily see how its weaknesses can be exploited. Continuing our discussion of the elbow from above, once the elbow is locked, hopefully you would have enough forethought to make sure your attacker is slightly away from you and bent over. Take this opportunity to jam his shoulder with plenty of force in the direction of his jaw. This is a neat little bonus of the straight elbow lock. Also preemptive striking to the shoulder lessens any force of an incoming blow. This is what Bruce Lee called a 'stop hit'. But this takes flawless timing and is out of context for this article. Visiting the neck area we see several options. The throat provides us with much soft collapsible mass which can be accessed quite easily, as long as speed and accuracy are on your side. A quick and powerful jab to the larynx, either above or below, gains us some time to explore more possibilities in our defensive posture. We can now become the offensive party if we are successful here. Note that also on the sides of the neck exist sternomatocollastoid muscle structures (for exact placement of these check your Gray's Anatomy Coloring Book) which give us ample space to access several 'pressure points' which if manipulated (read SQUEEZED) properly will cause the brain to prompt the body to lift up on the toes, thereby weakening any effort of your attacker to strike with any force. I have only met one person completely immune to the initial pain sequence produced by this technique, and it made for lots of interesting experimentation, and unfortunately for our immune friend, lots of bruises as well. Also within this muscle structure are the carotid arteries. A well placed strike to the outsides of the neck will seize the muscles up, causing the blood supply to the brain to be shut off. Contrary to popular belief, this is how a strike to the temples work as well. To revive from such a strike requires massage and gentle rotation of the neck structure to return the muscles to their previous state. The eyes are an obvious weakness as is the nose, be it from straight on, upwards, sideways, or even downwards. The ears are interesting because of the occasional airtight capabilities. Have you ever been slapped on the ear? The air pressure involved with that is tremendous for such a little canal. Its no small wonder then that partial and often full deafness arises out of such little force. There are also several pressure points located beneath the ear which have differing effects, depending on how utilized. There also exists on the back of the skull at the base where the vertebrae end which when struck causes yet another shutdown of the brain due to the contraction of muscles. Don't forget this key clue: where the head goes.... the body follows. Moving in a downward direction we have the ribs, where nerve fibers weave in and out between the ribcage members. This takes practice but finding these aren't too difficult. There is a term where nerves are exposed to the underside of the flesh when running between muscle bundles. Its called a cavity, and cavity striking is an acquired skill. Bodybuilders are known for their extra musculature. Obviously. But with this muscularity comes a nice big weakness which can be exploited by someone with little or no muscle mass at all.....justice ;). It seems as though with this extra muscle comes extra cavity space...i.e., more exposed nerve fiber. Need I say more on this? The floating ribs are susceptible to becoming dislodged from their location, given the right angle of approach. The abdominal area is naturally tense and as well should be, unless trained in advanced deep abdominal conditioning which has been a protected secret for centuries. I have seen examples of this training and it is quite impressive. No tricks involved. I can spot a fake from a thousand miles away. Real 'Iron Body' practitioners can be struck with a variety of implements using full force with no damage done. All this is done with complete relaxation of the abdominal muscle wall. But there is a flaw in even the tensing of the abdominal area. The muscles that make up this area are primarily weaved in a direction that naturally opposes force from the front. If we introduce a spirryllic action slightly downwards to this mass then we have exploited the weakness in the weave. The groin structure is really self explanatory, save for the few fanatical practitioners of several martial arts who practice for hours a technique where the testicles are drawn up inside the scrotum. But these guys are a dead giveaway, wherein they must stand in a particular posture for this to happen, exposing other areas to vulnerability. On the sides and slightly to the back of the thigh belong the sciatic nerves. Repeated strikes to this area will definitely cause weakness in the legs, and eventually an inability to stand straight without wavering. The knees, when a person is standing straight up, are extremely vulnerable to being sheared downward or to the side... this is very violent and should only be used in a VERY life threatening situation. When slightly flexed then the knees are vulnerable from the sides and back. Actually, the knees are ALWAYS weak from the sides. There exist many pressure points on the thigh, shin and arch of the foot that I will not address, as these require pinpoint accuracy to administer to and this is beyond the scope of this treatment, however I will say that I heard a story of a Special Forces Sergeant who, after being injured in Vietnam had to walk with a cane, became so adept with the cane that in a particular barfight all he had to do to subdue his attacker was stomp the cane down on the arch of the foot, thereby disrupting the intricate pattern of bone and ligament causing separation of said bone and ligament many times over. Needless to say, with ZEN-like simplicity, the altercation was over before it started. With this in mind, when in a bear hug type situation, never fail to stomp down on the arch of the foot, unless you are suspended in the air. Then it is a simple matter of using your head to make your point, while kicking at the knees or shins. There are many more areas to address here and I have selectively left much out because of the damaging nature of the techniques. I didn't pay too much attention to the circular nature of the body in the offensive posture because this is very advanced thought. To sum up this circular theory, think of spinning a yo-yo around in a circle while the string is fully unwraped from the axle.... what makes it spin faster?? what opposing forces are involved here?? and where is the actual fulcrumatic action?? These are clues that if experimented with to even a slight degree, will give the reader a great understanding as to how a greater amount of force can be generated by using the natural endowments of the body. Greets to the guys in VLAD, GHeap, DrHavoc, prophet, Special Forces then, now, and forever, and to Thomas Icom. Mujahadin - the real Desert Storm. -///- FROM CROSSBOWS TO CRYPTOGRAPHY: TECHNO-THWARTING THE STATE by Chuck Hammill weaponsrus@aol.com Given at the Future of Freedom Conference, November 1987 Public Domain: Duplicate and Distribute Freely You know, technology--and particularly computer technology--has often gotten a bad rap in Libertarian cir- cles. We tend to think of Orwell's 1984, or Terry Gilliam's Brazil, or the proximity detectors keeping East Berlin's slave/citizens on their own side of the border, or the so- phisticated bugging devices Nixon used to harass those on his "enemies list." Or, we recognize that for the price of a ticket on the Concorde we can fly at twice the speed of sound, but only if we first walk thru a magnetometer run by a government policeman, and permit him to paw thru our be- longings if it beeps. But I think that mind-set is a mistake. Before there were cattle prods, governments tortured their prisoners with clubs and rubber hoses. Before there were lasers for eavesdropping, governments used binoculars and lip-readers. Though government certainly uses technology to oppress, the evil lies not in the tools but in the wielder of the tools. In fact, technology represents one of the most promis- ing avenues available for re-capturing our freedoms from those who have stolen them. By its very nature, it favors the bright (who can put it to use) over the dull (who can- not). It favors the adaptable (who are quick to see the merit of the new( over the sluggish (who cling to time- tested ways). And what two better words are there to de- scribe government bureaucracy than "dull" and "sluggish"? One of the clearest, classic triumphs of technology over tyranny I see is the invention of the man-portable crossbow. With it, an untrained peasant could now reliably and lethally engage a target out to fifty meters--even if that target were a mounted, chain-mailed knight. (Unlike the longbow, which, admittedly was more powerful, and could get off more shots per unit time, the crossbow required no formal training to utilize. Whereas the longbow required elaborate visual, tactile and kinesthetic coordination to achieve any degree of accuracy, the wielder of a crossbow could simply put the weapon to his shoulder, sight along the arrow itself, and be reasonably assured of hitting his tar- get.) Moreover, since just about the only mounted knights likely to visit your average peasant would be government soldiers and tax collectors, the utility of the device was plain: With it, the common rabble could defend themselves not only against one another, but against their governmental masters. It was the medieval equivalent of the armor- piercing bullet, and, consequently, kings and priests (the medieval equivalent of a Bureau of Alcohol, Tobacco and Crossbows) threatened death and excommunication, respec- tively, for its unlawful possession. Looking at later developments, we see how technology like the firearm--particularly the repeating rifle and the handgun, later followed by the Gatling gun and more advanced machine guns--radically altered the balance of interpersonal and inter-group power. Not without reason was the Colt .45 called "the equalizer." A frail dance-hall hostess with one in her possession was now fully able to protect herself against the brawniest roughneck in any saloon. Advertise- ments for the period also reflect the merchandising of the repeating cartridge rifle by declaring that "a man on horseback, armed with one of these rifles, simply cannot be captured." And, as long as his captors were relying upon flintlocks or single-shot rifles, the quote is doubtless a true one. Updating now to the present, the public-key cipher (with a personal computer to run it) represents an equiv- alent quantum leap--in a defensive weapon. Not only can such a technique be used to protect sensitive data in one's own possession, but it can also permit two strangers to ex- change information over an insecure communications channel--a wiretapped phone line, for example, or skywriting, for that matter)--without ever having previously met to exchange cipher keys. With a thousand-dollar com- puter, you can create a cipher that a multi-megabuck CRAY X-MP can't crack in a year. Within a few years, it should be economically feasible to similarly encrypt voice communi- cations; soon after that, full-color digitized video images. Technology will not only have made wiretapping obsolete, it will have totally demolished government's control over in- formation transfer. I'd like to take just a moment to sketch the mathemat- ics which makes this principle possible. This algorithm is called the RSA algorithm, after Rivest, Shamir, and Adleman who jointly created it. Its security derives from the fact that, if a very large number is the product of two very large primes, then it is extremely difficult to obtain the two prime factors from analysis of their product. "Ex- tremely" in the sense that if primes p and q have 100 digits apiece, then their 200-digit product cannot in gen- eral be factored in less than 100 years by the most powerful computer now in existence. The "public" part of the key consists of (1) the prod- uct pq of the two large primes p and q, and (2) one fac- tor, call it x , of the product xy where xy = {(p-1) * (q-1) + 1}. The "private" part of the key consists of the other factor y. Each block of the text to be encrypted is first turned into an integer--either by using ASCII, or even a simple A=01, B=02, C=03, ... , Z=26 representation. This integer is then raised to the power x (modulo pq) and the resulting integer is then sent as the encrypted message. The receiver decrypts by taking this integer to the (secret) power y (modulo pq). It can be shown that this process will always yield the original number started with. What makes this a groundbreaking development, and why it is called "public-key" cryptography," is that I can openly publish the product pq and the number x , while keeping secret the number y --so that anyone can send me an encrypted message, namely x a (mod pq) , but only I can recover the original message a , by taking what they send, raising it to the power y and taking the result (mod pq). The risky step (meeting to exchange cipher keys) has been eliminated. So people who may not even trust each other enough to want to meet, may still reliably ex- change encrypted messages--each party having selected and disseminated his own pq and his x , while maintaining the secrecy of his own y . Another benefit of this scheme is the notion of a "dig- ital signature," to enable one to authenticate the source of a given message. Normally, if I want to send you a message, I raise my plaintext a to your x and take the result (mod your pq) and send that. However, if in my message, I take the plaintext a and raise it to my (secret) power y , take the result (mod my pq), then raise that result to your x (mod your pq) and send this, then even after you have normally "decrypted" the message, it will still look like garbage. However, if you then raise it to my public power x , and take the result (mod my public pq ), so you will not only recover the ori- ginal plaintext message, but you will know that no one but I could have sent it to you (since no one else knows my secret y ). And these are the very concerns by the way that are to- day tormenting the Soviet Union about the whole question of personal computers. On the one hand, they recognize that American schoolchildren are right now growing up with com- puters as commonplace as sliderules used to be--more so, in fact, because there are things computers can do which will interest (and instruct) 3- and 4-year-olds. And it is pre- cisely these students who one generation hence will be going head-to-head against their Soviet counterparts. For the Soviets to hold back might be a suicidal as continuing to teach swordsmanship while your adversaries are learning ballistics. On the other hand, whatever else a personal computer may be, it is also an exquisitely efficient copying machine--a floppy disk will hold upwards of 50,000 words of text, and can be copied in a couple of minutes. If this weren't threatening enough, the computer that performs the copy can also encrypt the data in a fashion that is all but unbreakable. Remember that in Soviet society publicly ac- cessible Xerox machines are unknown. (The relatively few copying machines in existence are controlled more inten- sively than machine guns are in the United States.) Now the "conservative" position is that we should not sell these computers to the Soviets, because they could use them in weapons systems. The "liberal" position is that we should sell them, in the interests of mutual trade and cooperation--and anyway, if we don't make the sale, there will certainly be some other nation willing to. For my part, I'm ready to suggest that the Libertarian position should be to give them to the Soviets for free, and if necessary, make them take them . . . and if that doesn't work load up an SR-71 Blackbird and air drop them over Moscow in the middle of the night. Paid for by private sub- scription, of course, not taxation . . . I confess that this is not a position that has gained much support among members of the conventional left-right political spectrum, but, af- ter all, in the words of one of Illuminatus's characters, we are political non-Euclideans: The shortest distance to a particular goal may not look anything like what most people would consider a "straight line." Taking a long enough world-view, it is arguable that breaking the Soviet govern- ment monopoly on information transfer could better lead to the enfeeblement and, indeed, to the ultimate dissolution of the Soviet empire than would the production of another dozen missiles aimed at Moscow. But there's the rub: A "long enough" world view does suggest that the evil, the oppressive, the coercive and the simply stupid will "get what they deserve," but what's not immediately clear is how the rest of us can escape being killed, enslaved, or pauperized in the process. When the liberals and other collectivists began to at- tack freedom, they possessed a reasonably stable, healthy, functioning economy, and almost unlimited time to proceed to hamstring and dismantle it. A policy of political gradualism was at least conceivable. But now, we have patchwork crazy-quilt economy held together by baling wire and spit. The state not only taxes us to "feed the poor" while also inducing farmers to slaughter milk cows and drive up food prices--it then simultaneously turns around and sub- sidizes research into agricultural chemicals designed to in- crease yields of milk from the cows left alive. Or witness the fact that a decline in the price of oil is considered as potentially frightening as a comparable increase a few years ago. When the price went up, we were told, the economy risked collapse for for want of energy. The price increase was called the "moral equivalent of war" and the Feds swung into action. For the first time in American history, the speed at which you drive your car to work in the morning be- came an issue of Federal concern. Now, when the price of oil drops, again we risk problems, this time because Ameri- can oil companies and Third World basket-case nations who sell oil may not be able to ever pay their debts to our grossly over-extended banks. The suggested panacea is that government should now re-raise the oil prices that OPEC has lowered, via a new oil tax. Since the government is seeking to raise oil prices to about the same extent as OPEC did, what can we call this except the "moral equivalent of civil war--the government against its own people?" And, classically, in international trade, can you imag- ine any entity in the world except a government going to court claiming that a vendor was selling it goods too cheaply and demanding not only that that naughty vendor be compelled by the court to raise its prices, but also that it be punished for the act of lowering them in the first place? So while the statists could afford to take a couple of hundred years to trash our economy and our liberties--we certainly cannot count on having an equivalent period of stability in which to reclaim them. I contend that there exists almost a "black hole" effect in the evolution of nation-states just as in the evolution of stars. Once free- dom contracts beyond a certain minimum extent, the state warps the fabric of the political continuum about itself to the degree that subsequent re-emergence of freedom becomes all but impossible. A good illustration of this can be seen in the area of so-called "welfare" payments. When those who sup at the public trough outnumber (and thus outvote) those whose taxes must replenish the trough, then what possible choice has a democracy but to perpetuate and expand the tak- ing from the few for the unearned benefit of the many? Go down to the nearest "welfare" office, find just two people on the dole . . . and recognize that between them they form a voting bloc that can forever outvote you on the question of who owns your life--and the fruits of your life's labor. So essentially those who love liberty need an "edge" of some sort if we're ultimately going to prevail. We obvi- ously can't use the altruists' "other-directedness" of "work, slave, suffer, sacrifice, so that next generation of a billion random strangers can live in a better world." Recognize that, however immoral such an appeal might be, it is nonetheless an extremely powerful one in today's culture. If you can convince people to work energetically for a "cause," caring only enough for their personal welfare so as to remain alive enough and healthy enough to continue working--then you have a truly massive reservoir of energy to draw from. Equally clearly, this is just the sort of ap- peal which tautologically cannot be utilized for egoistic or libertarian goals. If I were to stand up before you tonight and say something like, "Listen, follow me as I enunciate my noble "cause," contribute your money to support the "cause," give up your free time to work for the "cause," strive selflessly to bring it about, and then (after you and your children are dead) maybe your children's children will actu- ally live under egoism"--you'd all think I'd gone mad. And of course you'd be right. Because the point I'm trying to make is that libertarianism and/or egoism will be spread if, when, and as, individual libertarians and/or egoists find it profitable and/or enjoyable to do so. And probably only then. While I certainly do not disparage the concept of poli- tical action, I don't believe that it is the only, nor even necessarily the most cost-effective path toward increasing freedom in our time. Consider that, for a fraction of the investment in time, money and effort I might expend in try- ing to convince the state to abolish wiretapping and all forms of censorship--I can teach every libertarian who's in- terested how to use cryptography to abolish them unilaterally. There is a maxim--a proverb--generally attributed to the Eskimoes, which very likely most Libertarians have al- ready heard. And while you likely would not quarrel with the saying, you might well feel that you've heard it often enough already, and that it has nothing further to teach us, and moreover, that maybe you're even tired of hearing it. I shall therefore repeat it now: If you give a man a fish, the saying runs, you feed him for a day. But if you teach a man how to fish, you feed him for a lifetime. Your exposure to the quote was probably in some sort of a "workfare" vs. "welfare" context; namely, that if you genuinely wish to help someone in need, you should teach him how to earn his sustenance, not simply how to beg for it. And of course this is true, if only because the next time he is hungry, there might not be anybody around willing or even able to give him a fish, whereas with the information on how to fish, he is completely self sufficient. But I submit that this exhausts only the first order content of the quote, and if there were nothing further to glean from it, I would have wasted your time by citing it again. After all, it seems to have almost a crypto-altruist slant, as though to imply that we should structure our ac- tivities so as to maximize the benefits to such hungry beggars as we may encounter. But consider: Suppose this Eskimo doesn't know how to fish, but he does know how to hunt walruses. You, on the other hand, have often gone hungry while traveling thru walrus country because you had no idea how to catch the damn things, and they ate most of the fish you could catch. And now suppose the two of you decide to exchange information, bartering fishing knowledge for hunting knowledge. Well, the first thing to observe is that a transaction of this type categorically and unambiguously refutes the Marxist premise that every trade must have a "winner" and a "loser;" the idea that if one person gains, it must necessarily be at the "expense" of another person who loses. Clearly, under this scenario, such is not the case. Each party has gained some- thing he did not have before, and neither has been dimin- ished in any way. When it comes to exchange of information (rather than material objects) life is no longer a zero-sum game. This is an extremely powerful notion. The "law of diminishing returns," the "first and second laws of thermodynamics"--all those "laws" which constrain our possi- bilities in other contexts--no longer bind us! Now that's anarchy! Or consider another possibility: Suppose this hungry Eskimo never learned to fish because the ruler of his nation-state had decreed fishing illegal. Because fish contain dangerous tiny bones, and sometimes sharp spines, he tells us, the state has decreed that their consumption--and even their possession--are too hazardous to the people's health to be permitted . . . even by knowledgeable, willing adults. Perhaps it is because citizens' bodies are thought to be government property, and therefore it is the function of the state to punish those who improperly care for govern- ment property. Or perhaps it is because the state gener- ously extends to competent adults the "benefits" it provides to children and to the mentally ill: namely, a full-time, all-pervasive supervisory conservatorship--so that they need not trouble themselves with making choices about behavior thought physically risky or morally "naughty." But, in any case, you stare stupefied, while your Eskimo informant re- lates how this law is taken so seriously that a friend of his was recently imprisoned for years for the crime of "pos- session of nine ounces of trout with intent to distribute." Now you may conclude that a society so grotesquely oppressive as to enforce a law of this type is simply an affront to the dignity of all human beings. You may go far- ther and decide to commit some portion of your discretion- ary, recreational time specifically to the task of thwarting this tyrant's goal. (Your rationale may be "altruistic" in the sense of wanting to liberate the oppressed, or "egoistic" in the sense of proving you can outsmart the oppressor--or very likely some combination of these or per- haps even other motives.) But, since you have zero desire to become a martyr to your "cause," you're not about to mount a military campaign, or even try to run a boatload of fish through the blockade. However, it is here that technology--and in particular in- formation technology--can multiply your efficacy literally a hundredfold. I say "literally," because for a fraction of the effort (and virtually none of the risk) attendant to smuggling in a hundred fish, you can quite readily produce a hundred Xerox copies of fishing instructions. (If the tar- geted government, like present-day America, at least permits open discussion of topics whose implementation is re- stricted, then that should suffice. But, if the government attempts to suppress the flow of information as well, then you will have to take a little more effort and perhaps write your fishing manual on a floppy disk encrypted according to your mythical Eskimo's public-key parameters. But as far as increasing real-world access to fish you have made genuine nonzero headway--which may continue to snowball as others re-disseminate the information you have provided. And you have not had to waste any of your time trying to convert id- eological adversaries, or even trying to win over the unde- cided. Recall Harry Browne's dictum from "Freedom in an Unfree World" that the success of any endeavor is in general inversely proportional to the number of people whose persua- sion is necessary to its fulfilment. If you look at history, you cannot deny that it has been dramatically shaped by men with names like Washington, Lincoln, . . . Nixon . . . Marcos . . . Duvalier . . . Khadaffi . . . and their ilk. But it has also been shaped by people with names like Edison, Curie, Marconi, Tesla and Wozniak. And this latter shaping has been at least as per- vasive, and not nearly so bloody. And that's where I'm trying to take The LiberTech Project. Rather than beseeching the state to please not en- slave, plunder or constrain us, I propose a libertarian net- work spreading the technologies by which we may seize freedom for ourselves. But here we must be a bit careful. While it is not (at present) illegal to encrypt information when government wants to spy on you, there is no guarantee of what the fu- ture may hold. There have been bills introduced, for exam- ple, which would have made it a crime to wear body armor when government wants to shoot you. That is, if you were to commit certain crimes while wearing a Kevlar vest, then that fact would constitute a separate federal crime of its own. This law to my knowledge has not passed . . . yet . . . but it does indicate how government thinks. Other technological applications, however, do indeed pose legal risks. We recognize, for example, that anyone who helped a pre-Civil War slave escape on the "underground railroad" was making a clearly illegal use of technology--as the sovereign government of the United States of America at that time found the buying and selling of human beings quite as acceptable as the buying and selling of cattle. Simi- larly, during Prohibition, anyone who used his bathtub to ferment yeast and sugar into the illegal psychoactive drug, alcohol--the controlled substance, wine--was using technol- ogy in a way that could get him shot dead by federal agents for his "crime"--unfortunately not to be restored to life when Congress reversed itself and re-permitted use of this drug. So . . . to quote a former President, un-indicted co- conspirator and pardoned felon . . . "Let me make one thing perfectly clear:" The LiberTech Project does not advocate, participate in, or conspire in the violation of any law--no matter how oppressive, unconstitutional or simply stupid such law may be. It does engage in description (for educa- tional and informational purposes only) of technological processes, and some of these processes (like flying a plane or manufacturing a firearm) may well require appropriate li- censing to perform legally. Fortunately, no license is needed for the distribution or receipt of information it- self. So, the next time you look at the political scene and despair, thinking, "Well, if 51% of the nation and 51% of this State, and 51% of this city have to turn Libertarian before I'll be free, then somebody might as well cut my goddamn throat now, and put me out of my misery"--recognize that such is not the case. There exist ways to make your- self free. If you wish to explore such techniques via the Project, you are welcome to give me your name and address--or a fake name and mail drop, for that matter--and you'll go on the mailing list for my erratically-published newsletter. Any friends or acquaintances whom you think would be interested are welcome as well. I'm not even asking for stamped self- addressed envelopes, since my printer can handle mailing la- bels and actual postage costs are down in the noise compared with the other efforts in getting an issue out. If you should have an idea to share, or even a useful product to plug, I'll be glad to have you write it up for publication. Even if you want to be the proverbial "free rider" and just benefit from what others contribute--you're still welcome: Everything will be public domain; feel free to copy it or give it away (or sell it, for that matter, 'cause if you can get money for it while I'm taking full-page ads trying to give it away, you're certainly entitled to your capitalist profit . . .) Anyway, every application of these principles should make the world just a little freer, and I'm certainly willing to underwrite that, at least for the forseeable fu- ture. I will leave you with one final thought: If you don't learn how to beat your plowshares into swords before they outlaw swords, then you sure as HELL ought to learn before they outlaw plowshares too. --Chuck Hammill THE LIBERTECH PROJECT -///- ┌─────────────────────────────────────┐ │ Vesoft and the Hewlett Packard 3000 │ │ by Black IC │ └─────────────────────────────────────┘ There have been numerous articles written about the Hewlett Packard 3000 and how to break the system. This write up does not deal solely with the HP3000 but with the addon for tighter security by the VESOFT corporation. As time goes on and people begin to see the need for better security and a more productive system, it's becoming harder to exploit any weakness that could be on said system. That's where VESOFT comes in. VESOFT 1135 S. Beverly Dr. Los Angeles, CA 90035-1119 (310) 282-0420 (310) 785-9566 (Fax) They have been supporting Hewlett Packards since 1980 with excellent addons for the HP3000. In the following paragraphs I discuss the various utilites that VESOFT employs and what you might expect on a VESOFT secured system. ┌───────────┐ │ MPEX 3000 │ └───────────┘ The MPEX addon emulates and implements virtually all of the MPE/iX user interface features (variables, command files, implied :RUN, :CALC, :COPY, :PRINT, etc) on MPE/V. Not only does this add a lot of power to the MPE/V system, but it also lets you use the same job streams on MPE/V and on the MPE/iX (If the owner of the Hewlett Packard has both setups!) So initially you wont see a difference with the target system. Also if the system has VESOFT installed and not on the other systems their, that's not an issue right now cause if you are experienced with the 3000 series and the likes you will be able to navigate with out a problem. ┌───────────────┐ │ VE AUDIT 3000 │ └───────────────┘ The Audit program from VESOFT is a resecurement utility very similar to the SATAN program for UNIX. The purpose of VE AUDIT is to check the system for loopholes and to assist the Manager/System Administrator in resecuring the system. VE AUDIT takes the laborous job of checking accounts (LISTACCT), users (LISTUSER), and groups (LISTGROUP) to see who has what access, capabilities, no passwords, etc. The program goes through everything and then reports to manager what loopholes (if any) are found and what is the suggested step to resecure that system. This program can also be used to alter the system accounting structure as well as look at it with a new set of commands. The program is run when you set the attributes (password, capability, access mask). List them in one or two line object format. Create an MPEX command file that will rebuild the accounting structure when the program is executed. Purge them after prompting. As you can see this program will assist the manager/system administrator in an easy to use manner and allows the system security to be tightened in a way that was not as easy on the standard HP3000. ┌───────────────┐ │ SECURITY 3000 │ └───────────────┘ The VESOFT security program works in several ways to secure the Hewlett Packard system. Most HP3000 systems will allow users to log on to the system using a non-unique name and generic session name with a session password (i.e. JOE.PAYROLL as opposed to JOE,CLERK.PAYROLL). The VESOFT program will no matter what format the system uses to establish identity allow the use of a session name and a password for that individual, thus increasing the security 10-fold. It will also eliminate the annoying habit of users omitting the session name since the MPE operating system considers it optional. Changing of passwords become manditory through the security program. Saving the account manger time by having a set time period for the users to change their passwords (i.e. every 30 days or as set). Some HP3000 systems when accessed give the user access to the MPE prompt ":" which most users don't need access to all the commands. VESOFT now sets up a menu of options which allows the user to use the given choices and nothing else. If the system has dial-ups the security program allows passwords on a terminal by terminal basis thus adding in a second password to protect the system. Thus anyone calling up not only has to get past the dial-up sequence but they also have to log in to the system as if they were at the console. If the system is run on networks then the program will synchronize the network and allow file transfers with out actually logging into the receiving system. Users will also have to login to a system at a different terminal just as if they were at that console. Embedded passwords are probably one of the biggest threats to HP3000 systems along with shared passwords and passwords that have not been changed in a long time. It then is easier for someone to access the system seeing as it will be easier to figure out. Once a password has become embed the ability to change it in a job stream is very hard and time consuming. The security program comes with what is called the "STREAMX" module which will do all the handy work for the account manager. Logoff now has a built in timer so those users that are idle or leave the system unattended for a given amount of time will automatically be logged off and the integrity of the system brought back to normal. This covers the basics of the VESOFT programs. As you can see any entry into an HP3000 using VESOFT will not react as usual and the accessibility has been changed to that of seriously protected. I'll save the coverage of surveillance social engineering and dumpster diving for others. What I will say is you need to have a firm grasp of the target system and its users. ┌────────────┐ │ DEFAULTS │ └────────────┘ The following is a list of some of the defaults in the Hewlett Packard MPEX System used on the 3000 and the likes. Keep in mind that a resecured system is going to have the defaults removed and replaced with a tighter setup. Remote login maintenance has been a pride and joy of Hewlett packard owners. It is also one of the most exploited in terms of malicious entry. With the VESOFT programs properly installed the usual one password entry for remote will now be two. The default accounts are almost always open if they still exist. Aside from "dumpster diving" you should consider social engineering names and as much info as possible about the system you are attempting to get in on, just incase you are asked for a password. Sometimes you will come across a system that uses the "terminal password" at login. This is an old option and thus being an option does not have any defaults. operator.cognos mgr.hpword field.hpword manager.hpoffice mgr.hpoffice wp.hpoffice spoolman.hpoffice mailman.hpoffice advmail.hpoffice mail.hpoffice field.support operator.support operator.sys rsbcmon.sys pcuser.sys operator.system operator.disc mgr.xlserver manager.itf3000 sys.telesup manager.security mgr.conv mgr.rje mgr.hpp187 mgr.hpp189 mgr.hpp196 field.hpp187 mgr.intx3 mgr.carolian manager.tch mgr.word mgr.telesup field.service operator.disc mgr.ccc field.hpunsup field.hp mgr.hpp189 mgr.hpp196 mail.mail mail.netbase mgr.rego mgr.rje mgr.robelle mgr.cnas mgr.hpdesk mgr.robelle mgr.vesoft I hope this write up will provoke more interest in the Hewlett Packard systems namely the HP3000. If you have any comments or wish to discuss these systems more indepth please feel free to contact me at the following e-mail address: black.ic@iirg.com Hope to hear from some of you. Black IC/IIRG ---/////--- Unless otherwise noted Cybertek Electric is Copyright (C)1996 by OCL/Magnitude, P.O. Box 64, Brewster, NY 10509. All Rights Reserved. Noncommercial reproduction is encouraged provided this electronic publication is redistributed in its entirety with credits intact. Cybertek Electric is published for educational purposes only; under The First Amendment of The United States Constitution. No illegal use is implied or suggested. If you have a problem with this, too fucking bad. SUBMISSIONS WANTED. If you can read and understand this e-zine then you should know what we're interested in. Please send any feedback, questions, and/or submissions to either of the email addresses in the signature below. |\ /| /\ / |\ | Thomas Icom/IIRG | >< | < > / | \ |\ The Blackthorn Project |/ \| \/ < | | > <ticom@l0pht.com> <thomas.icom@iirg.com> | | /\ \ \ | |/ International Information Retrieval Guild | | / \ \ \| | "May Odin guide your way!" Madhr er manna gaman, ok moldar auki, ok skipa skreytir. <End of Text>