The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / n_z / tns06.txt < prev next >

Wrap

Text File | 2003-06-11 | 18.1 KB | 356 lines

####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # <Tolmes News Service> # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 06 Release Date: November 19, 1987 So far the beginning files are about halfway finished. This issue (#6) will start off with news on protection against "Trojan Horses." $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: HD Sentry: "Hard Disk Protection from Trojan Horse Programs" FROM: The Computer Shopper DATE: June 1987 PROTECTION FROM TROJAN HORSE PROGRAMS Every day, thousands of free programs are downloaded from public bulletin board systems throughout the worl. While the system itself is generally owned and operated by an individual, much of the contents of the BBS come from the public domain. The system operators of these bulletin boards, or sysops as they are affectionately called, rely on their callers for new material that could be of interest to others. Some of the material uploaded by users include articles, software reviews, program patches, unprotects (ways to crack copy protection), pleas for assistance and, of course, software. A problem has recently come to the attention of the user community concerning the software uploaded to these systems. every once in a while a program is uploaded to a BBS that, when run, maliciously attacks the systems hard disk. Since these programs are disguised as innocent software, they are referred to as "Trojan" programs. THE TROJAN LEGEND According to Greek mythology, Paris, son of King Priam of Troy, brought Helen, the wife of Kings Menelaus of Sparta, to Troy. Being somewhat agitated over this occurrence, the Greeks sent an expedition to Troy in order to recover Helen. For ten years, the Greeks and the Trojans fought to a stalemate. Finally, however, a Greek named Odysseus devised a military stratagem that would be remembered throughout time. The Greeks faked a retreat leaving behind a large wooden horse as a "gift" to the residents of troy. Inside the large horse however, was a squad of Greek soldiers. The unsuspecting Trojans brought the wooden horse into their city for all to see. That night,the soldiers that had hidden in the horse came out and opened the gates to the city. The rest of the Greek army, which had returned under darkness, was wating by the gates. By daybreak, the slaughter was over. The term "Trojan horse" took on a meaning that would forever go unchanged, a threatenin object that appears safe on the outside. TROJAN SOFTWARE SCENARIO Every single one of us has been told, at one tim or another, that you can't harm a computer by typing on it; software just can't damage hardware. A long time ago (foore computer owners were warned that a certain set of commands could permantently damage the PET monitors. This was one of the first instances that a combination of software commands were known to be hazardous to hardware. There is, however, one disastrous act that almost any software program can do, and that is to erase, delete, format , or otherwise damage a floppy diskette or, worse yet, a large capacity DASD hard disk. People tend to be lazy and system back-ups don't occurs as often as they should. When this situtation occurs, you have the potential for disaster. This is where most Trojan programs tend to strike. It all begins by calling a reputable BBS somewhere in North America. The first thing you do after you log on is to see what neat new programs are availiable for downloading on the system. You skip over the boring junk like system utility programs. After all, how many people really use a debugger disk packer or file encryption utility? But then, to your delight, you discover a listing you just can't pass up! Right there, in modems reach, is the program called "WHATEVER.COM". The short narrative that is displayed informs you that this program is a combination widget counter and word processing package. Boy, you think, that is just what I needed. A word processor AND a widget counter, in one fully integrated package! Best of all the program is only 13K! No match for your 1200 baud Hayes modem, you think as you begin the XMODEM download protocol. In a matter of minutes, the file resides on your hard disk ready to be used. You run the program and the disk drive light comes on. Then it stays on, for what seems like eternity. "Gee," you think to yourself, "sure is taking a long time to load a small 13K file." So you hit the good 'ol Ctrl-Alt-Del and rebbot the system. Then comes the error message telling you to insert your DOS diskette in A:. You realized minutes later that WHATEVER.COM has just eaten your gard disk for dinner. All that remains are timing marks.... $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: As pointed out, Trojan Horses can be very dangerous to software. There are many different opinions as to what a Trojan Horse program is. This article used the definition of a Trojan Horse as a program that when used will destroy a disk (format it or erase all files) or will change the disk in some way. One other definition of a Trojan Horse is the type that can be used on a Unix and allows you to capture another user's LOGIN and password. There are other opinions as to what the words "Trojan Horse Program" actually mean. The Trojan Horse described in this article might better be described as a "Logic Bomb" or a "Virus Program". Again, the definitions for these programs vary. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Check This: Ma Bell is a Generous Soul FROM: The Ann Landers syndicated advice column DATE: July 1, 1987 Dear Ann Landers: I think I can top the person who wrot complaining thne compan y. Talk about garbage in, garbage out! When AT&T split with Bell we had three phones in our house. The equipment belonged to Ma Bell and the service belonged to AT&T. After we returned all the phone equipment to Ma Bell, we received a bill for $0.00. My husband and I took turns calling people to get this straightened out. Shortly after that we were informed that our bill for $0.00 was overdue. My husband, just to be cute, sent a check to Ma Bell for $0.00. A few weeks later, we recieved a check for $5 and a note thanking us. We didn't cash the check the check, thinking this had to be a mistake. Several months later, we received another computerized bill for $0.00. We called again, got nowhere, so we sent another check for $0.00. A few weeks later we recieved another $5 refund with the same thank you. This went on every three months for two years. Now we are down to once a year and have given up trying to straighten this out. We just cash the $5 and forget about it. They say that computers don't make mistakes, but people sure do. Someone out there likes us very much, or they are very stupid. -Linda K.R. in California $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: Just a humorous little article I decided to print.... $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Sign In and then Sign On FROM: The Chicago Tribune DATE: June 20, 1987 James Dao says he has a foolproof way to foil computer hackers who ferret out secret passwords and spy mechanically. Punt the passwords, Dao says. Using software developed by Dao's company, Communications Intelligence Corp. (CIC) of Menlo Park, Calif., computer users must sign in in order to sign on. CIC's Handwriter program allows you to sign your name with an electronic pen on a flat plastic plate underlaid with a grid of wires. The computer then analyzes your signature against several that you have previously submitted to make sure that it's not a forgery before giving you access to informations. The handwriting analysis is more sophisticated than a simple comparison of letters. According to Dao, the company takes into account how quickly you write and how you accelerate from beginning to end. It also examines the points at which you apply most pressure with the pen. All of these factors are unique to your signature. Signature analysis is only one part of the Handwriter program. Other features include the ability to write longhand memos and letters that the computer translates into printed material. Right now, the technology is availiable only for mainframe and personal computers, Dao says. But one day, he predicts, businessmen will sit on planes scribling with electronic pens on plastic plates attached to laptop computers. "We're opening up computers to a segment of the population that's afraid of typing," he explains. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: This type of technology might be the computer security of the futur the downfall of computer security. If the logins were determined by the handwriting analysis ONLY and no passwords or logins, then a good forger or hacker might be able to trash a business for different signatures. The signatures would be different every time and the security wouldn't be too accurate. Don't be too scared by this article. This type of security is far into he future and it may never even be used. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: How to Beat Phone Assault FROM: .. some small town newspaper DATE: June 25, 1987 NEW TECHNOLOGY Thanks to improved technology, phone call tracing, known to police as putting a "trap" on the line, is now a feasibile solution. Forget about old movies that depict police urging the perspiring victim to "Keep him talking-stay on the line!" while the diligent telephone engineers hurry through racks of wires to pinpoint the origin of the call. It's all computerized now, and the trap is quick and decisive, with a success rate, says Abel, "near 100 percent. With our computerized switching center, it's almost instantaneous." To obtain a telephone trap, a customer with persistent harassing calls must notify police. The police then contact Illinois Bell and the trap is installed. A trap costs $20 for a week, $7 each additional week. In life-threatening situtations, there is no charge. Although Illinois Bell quickly locates every call made during the trap, legalities often cause a time lag in providing the information to police. Police eventually release the caller's identity to the victim and the caller is arrested. Maximum penalty is a six-month sentence and a $500 fine. However, as of June 1, the new state legislation requires a police subpoena to obtain phone trap information from Bell, a process lasting as long as one month. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: "a 'trap' on the line"- refers to CLID (Calling Line Identification) "computerized switching center"- refers to ESS (Electronic Switching system) The good news on this article came at the end when the reporter explained how there are new restrictions in releasing the results of a "trap" on the line. This helps to protect an individual's/phreak's rights. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Prisoner Phone Phreaks FROM: Tolmes News Service Magazine (Issue #6) DATE: November 19, 1987 This article is just something I am writing on the events that happed at the Dade County Jail in Miami, Florida. This information mainly comes from different AT&T Newslines. This is not a transcript of the newslines but is the news on what has been going on in the Dade County Jail. The Dade County Jail in Miami, Florida was slapped with a phone bill of $153,000. It seems that the inmates were blue boxing, using AT&T Calling Cards, billing to third parties, and conning operators. One call on Thanksgiving was to Columbia and lasted about 3 hours. Another call to a dial-a for about 4 hours and cost $220. The police are now investigating and the county's taxpayers are going to have to pay the bill. The payphones at the prison are supposed to be used for local calls only. This type of prison phone fraud has been happening at a number of prisons. Supposedly, a leader of a criminal organization known as the El Rukns was put into prison on drug charges. According to all reports, the gang leader had a conference with Momar Khadafi in which he offered to do acts of terrorism. All of the conversations took place while the man was in prison. Many prisons have stopped the phone fraud by lessening the number of phones and monitoring calls. Hmm... phreaks in prison.... $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Suburban Kids are Too Dumb to Steal FROM: The Chicago Tribune (Mike Royko's column) DATE: July 14, 1987 It's sad, but even amount the well-to-do, being a parent can be a depressing experience. You give the kid all the advantages that money can buy- good schools, tennis lessons, riding lessons, a personal computer, a low-slung car, stereo, CD player, summer camps, music camps, diet camps and a ticket to one of the better universities. All that, and the kid turns out to be a mope. That's the sinking feeling that is currently experienced by several dozen North Shore families. The story begins several weeks ago in a White Hen Pantry store in Glenview, when a businessman stopped to use the pay phone to make a long-distance call. In making the call, he gave the operator his telephone credit-card number. He didn't realize it, but a 17-year-old boy from Northbrook was standing nearby. When the lad heard the man give his credit-card number, he alertly jotted it down. The businessman didn't know it of course. It wasn't until he received his next phone bill that he suspected that some. Strange? He almost jumped out of his shoes. There were more than 100 calls that he never made. He called the phone company to see if a mistake had been made, maybe a glitch in the computer. No, the calls had been made. So he and the phone company started investigating. As you probably guessed, the kid in the White Hen had said "goody," or something to that effect, and began using the credit-card to phone his pals. Then, being the sharing sort, he passed the number on to his friends, And they began charging calls. There were calls-local and long distance- being made from Winnetka, Lake Forest, Glenview, Northbrook, Skokie, Bensenville, St. Charles and other suburbs. One young lady went off to the National Music Camp in Interlochen , Mich., and she generously shared the credit-card number with her fellow music campers. Some of them were from Europe, so they used the number to call home or friends in Israel, West Germany, Ireland, and England. A girl who phoned a friend in England gave the credit-card number. So the friend in England used it to call a friend in Arizona. All of this was easy to establish, for two reasons. Reason number one. As I se well educated, well-bred young people turned out to be dense. They didn't realize that the number of the phone they used would shoe up on the businessman's bill. And the well-bred dopes were calling from their own homes, the music camp's phone and, in one case, from Grandma's house. Reason two. The moment that they were confronted with the evidence-their own phone numbers-they eagerly squeled on each other. The businessman, who asked that his name be withheld, said: "The amazing thing is that these are all brilliant, well-to-do kids. But they didn't know that the phone calls caught so easily. "And it's not like they're lacking financial support. They come from families with money. Some of them are spending wonderful summer vacations all over the world. One is traveling to Turkey, one in South America. "They're in the top of their class, in debate clubs, getting music scholarships. Some are going to MIT and Princeton. Their parents are well off. One is a child psychiatrist. "And the reaction of the parents is amazing. One guy said to me: 'That's impossible. My son is a brilliant student, and he is going to Princeton.' When he realized what his Princeton kid had really done it, he almost went into shock. "Another told me: 'You are to blame, too. If you had been more careful, they wouldn't have gotten the number.' Imagine that? He blamed me for his kid being a little crook because I didn't whisper my number to the operator." And another woman pleaded witht he businessman not to tell the grandmother, whose phone had been used for some of the calls. They were afraid that their son would be cut out of Grandma's will. The phone company's computers haven't come up with the final figure for the phone bill, but with all the long-distance and trans continental calls, it's expected to be enormous. And who will pay it? Not the businessman, of course. It will come from all of those bright kids' mommies and dadies. It's also possible that warrants will be issueed for fraud by wire, which, if pursued, can result in five-figure fines and jail terms. "And if they had just used payphones," the businessman said, "there wouldn't have been any way to trace them." That just shows there can be gaps in the academic programs at even the best private and suburban schools. What they need is a course in Remedial Stealing. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: Just something on some kids who did something that they shouldn't have. The kids involved were incredibly stupid (or rather ignorant since they are good in school). Just a basic case of phone fraud.