<<> i kn o w tha t i wo u l dn ' t w an t it an y ot h e r w ay <<> , ø , , ø , i$$$$ý ý$a i$$$$:.. . ý$$$$i i$$$$ý ý$a $$$$$: :$$l ..:$$$$$ .. :$$$$$: $$$$$:.. :$$l:.. . ..:$$$$$: :$$$l .:$$$$$ . ..:$$$$$::$$$$$:. :$$$l:.. . .. .:$$$$$: $$$$$ ..:$$$$$::$$$$$:.. . $$$$$x x$$$$$ $$$$$x x$$$$$ $$$$$x x$$$$$ , ,:$$$$$::$$$$$ , , , ,:$$$$$:.. . . . .:$$$$$: . :$$$$$::$$$$$ . $$$$$: . :$$$$$:.. . @ @ @@@ @$@$@@@ @ @@@@@@$@$@:@@@$@$@ @@@##@@#@@ @# @@@@$g:@@@##@@#@$@$@:@@#@ @@ .. . .:«$$$$x x$$$$$::«$$$$::. . . . ..:«$$$$x x$$$$$:. .. , , , , . (system failure) . a magazine from penguin palace. anarchist(wax!ascii) ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ System Failure: Issue #5 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Welcome once again to System Failure! This WAS going to be the nifty neato Halloween issue, since we all got lazy and are late. Ok, ok, *I* got lazy and it's MY fault it's this late. I'M SORRY, OK?! Anyways, like I said, it WAS going to be the Halloween issue, but since I couldn't find anyone Halloween night, it's now the November issue. November is a good month. I turn 20 on the 25th of November. You all better send me shitloads of money and presents. Anyhow, what's new with SysFail and all of that? Well, I've been dead, gone, etc. LogicBox has been floating around on DALnet. Darkcactus, who the hell knows? I don't think ANYONE has seen him for a while. Pinguino is still in 303, but rumor is, she's going back to California. When this happens is still a mystery to us all. Ya'll remember Justine from issue 3? Well, it seems that she's been a little depressed because none of you fanboy's have sent her lust-mail. Apparently, we seem to have printed the wrong email address for her. Justine's CORRECT email address is: 62010@telis.org. NOT telis.com. ORG, DAMMIT. So all you out there send her email telling her how much you want her body, and what you're going to do with that tone-dialer. Contact information has kind of changed. system.failure@usa.net will still get email to all of us who are important. If you MUST talk to us in person, then give me money for airfare, and we'll all come to your house and break it. If you need to contact us on IRC, then join #peng of the EFnet. #rock got taken over by #deaf, and most everyone lost interest in it. About the only people that you're going to find in there will be kadafi, Sc0rp, and a host of bots. If you want to talk to the old #rock regulars, join #tacd and ask Shaedow to kick you so you can see how super-spiffy-cool he is. www.penguinpalace.com is kinda hosed for now. No one knows what the problem is, least of all InterNIC. For SysFail back issues and whatever, check out http://fly.hiwaay.net/~chb/ping/. -Kenshiro Cochrane Now that I'm done with my ramble, off to the: ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ TABLE OF CONTENTS ³ ³ ³ ³ SysInfoTrade by Pinguino ³ ³ The Decline of H/P Civilization by Mr. Sonik ³ ³ Never, EVER, do This! by Kenshiro Cochrane ³ ³ RC5-56 Cracked! by Pinguino ³ ³ The Right Way to Steal by Astr0naut ³ ³ Music Time! by Jolly Spamhead ³ ³ Listen to the Telco's Whine by Kenshiro Cochrane ³ ³ How to Secure Your Linux Box by Saint skullY the Dazed ³ ³ More Oncor Horror by Kenshiro Cochrane ³ ³ Want a Free Shell? Read This! by Jolly Spamhead ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ <-------+ | SysInfoTrade +----------------> pinguino@mindless.com Not a lot in the news this month... --#peng now has a techno radio station, DJ'ed by muerte live! Check him out at random times during the night via realaudio: pnm://www.raver.org/muerte.ram pnm is the real audio location file; you need the player to hear it. Join #peng and find out what he's spinning. --We still have System Failure and Thank You for Abusing AT&T stickers avail in fine black vinyl. $1 each, e-mail pinguino@uix.com. New stickers coming soon (as soon as I have access to a color printer somewhere). -- October 20, 1998 a report was delivered to the White House with news that the nation was vulnerable to electronic attack- Cyber Terrorism. Even though people *have* hacked their way into government sites, I guess they need to pay some team a million dollars to analyze what happened and say, "Oh yeah, we're a little insecure." "Today, the right command sent over the Internet to a power generating station's control computer could be just as effective as a backpack full of explosives and the perpetrator would be harder to identify and apprehend," according to the panel's quote on CNN. Apparently they're freaked out that someone will gain control of the power/communications grid; from within or on the outside of the US. They put together *another* team of people to figure out how to "educate the public" on this problem, and find solutions. The panel on the 20th reported that this undertaking would be finished by the end of the year. --According to the LA Times (Oct 10), Mitnik might get puter access once again. The court wants to give him access to a laptop so that he can see the evidence against him and work with his lawyer on his case. He's been in jail since Feb. 1995. I think he gets email at mitnik@2600.com still. --http://radiophone.dhp.com/ is the new URL for the revamped Radiophone page --On Oct 19, the RCA Labs' RC5-32/12/7 56-bit secret key was cracked. More info later in this issue of System Failure. --Interested in AOL or MSN? AOL is giving away 100 free hours.. MSN is giving away a free month. Time to start stocking up on free disks, coasters, and destructible party objects. =) --http://www.gaijin.com/EvilPeople/ cool site I had to share with you! ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ The Decline of H/P Civilization ³ ³ by Mr. Sonik ³ ³ ³ ³ Mr. Sonik can be contacted via system.failure@usa.net ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Have you ever wondered why most of the new people to the scene think that they are total badass 31337 hax0rs? It really pissed me off when I tried to post a legitimate question about phreaking to a newsgroup. I got about 50 Flame messages and like two serious answers to my question. The messages ussually included replys like "HAHA LAMER" or "YOU DONT HAVE SKILLS LAMER!@#" I would be willing to bet that all of the fucking time and bandwidth wasting lamers didn't know what I was talking about so, they decided to flame me for it. This is the pointless type of shit that pisses me off. I admit that I am new to the scene and that when I see posts from people that dont know what they are talking about and have all the facts totally mixed up I get a laugh out of it and share it with my friends. But I by no means make them feel like shit by flaming them, If I know what they are talking about I will offer them any help that I can, and if I don't I will usually go to the trouble to direct them to a knowledgable person. I have learned most all of what I know from reading text files and zines that cover my areas of interest. I try not to waste peoples time by calling them names and gay stuff. One of the most disgusting things that I see is lazy fucking bastards who feel that they have to post questions about "Warez Kodez" and FTP sites. If they had a ounce of brains they would check the web first and learn how to use a search engine. I feel strongly about keeping the H/P scene alive forever. Thats why I try to help whenever possible and be as helpful as possible. I urge all of you new School kiddies to be helpful and informative. I will tell you all from experience that I get more respect from people when I help them instead of flame them. No one thinks flaming is cool except 11 year old warez kiddies, and nobody thinks 11 year old warez kiddies are cool. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Never, Ever, EVER Give Out Your Calling Card Number ³ ³ by Kenshiro Cochrane ³ ³ ³ ³ Kenshiro Cochrane can be contacted at kcochran@skipnet.com ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Since I'm the News Editor and all that jazz, and since we've had 4 issues, and I haven't contributed one news related article in it (yeah, I've been slacking), I figured it's time to do something that I'm supposed to. Here's the story: About a month ago, a bunch of people from EF #rock were on one of our WorldVox teleconferences. Being as one of us had three-way calling, I, er, that person, decided to start calling numbers picked at random from the telephone book. Sounds fun, right, uh huhm yup...WE WERE REALLY BORED, OK?!@#$ Anyhow, one of the many "pranks" that were done that night consisted of of one of the few adult sounding conference callers to take up the role of an operator, with a collect call for the person or persons being called that night. Basically, what happened was, we got this old lady, told her we had an emergency collect call for her husband, and would she accept the charges? She, of course, said yes. After "attempting to bill the charges to her phone," we informed her that we were unable to, and asked if she had a collect call block on her telephone. She confirmed this. Upon asking her if she had another way of paying for the call, she read off her calling card number. Pretty stupid, considering there were about 8 other people on the line. We then informed her that the caller had hung up, and to have a good night. Some people apparently proceeded to test this calling card, as the following article was given to me by a local friend (HI JEANIE!) a few days later. Here, then, is that article: PHONE-CARD FRAUD WARNING ISSUED by Marilyn Montgomery Albany Democrat-Herald A bogus emergency collect phone call in the middle of the night has prompted a warning about how to use telephone calling cards. An Albany woman, who asked that her name not be used, said she got a call at 2 a.m. on day last week. The caller identified himself as "your AT&T long- distance operator" and said he had a collect call for the woman's husband, whom he identified by name. The woman asked who was calling, the "operator" gave her a name that she didn't recognize, then told her the caller had said it was an emergency. The woman said she would accept the call. The operator asked if her phone was blocked from accepting such calls, claiming he couldn't make the connection. After allegedly trying twice to connect the call, ther operator asked if there was another way he could connect it. "I should have hung up then," the woman said earlier this week. Instead, she gave the operator her calling card number, and he said that would work, then told her that the emergency caller was no longer on the line. Then the operator hung up. The woman said she called US West the next day to tell them what happened. US West called the woman back a day later to report that the calling card had been used in three East Coast states since she had given out the number. "It's amazing how fast that number spread." she said. The woman canceled the number on the card, but whoever had it has tried to use it several times since, she said. Jim Gottschalk, area manager for US West in Eugene, said Wednesday the woman's problem was the first of its kind that he'd heard of involving calling cards. No similiar problems have yet been reported to the company's business or fraud offices, he said. He called the emergency collect call a "clever ploy." "It's easy to become confused, especially with all the changes going on in telecommunications," Gottschalk said. "And, when someone says it's an emergency, you tend to do anything you can to help." "We always advise customers to never give their personal identification numbers to anyone, even if they identify themselves as being with a law enforcement agency. But it happens, and once it does, they need to tell us." "You can never be too careful." --- Amazing how fast it spread? With 8 other fone nuts on the line? I don't think so. And the telco's warning people not to give their PIN's to a law enforcement agent? What the hell would they need them for? I mean, get real. If this is the kind of person that US Worst is hiring for their "Area Managers", then all of you out their reading this should go apply. Surely one of you will make CEO in a week or less. Anyhow, if you'd like to contact this woman, and advise her on her stupidity, she is: June Green (her husband is Joe!) 34361 Riverside Drive Albany, OR 97321 (541) 928-9077 ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Project Bovine Cracks the RC5-56 ³ ³ by Pinguino ³ ³ ³ ³ Pinguino can be contacted at pinguino@leper.org ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Bovine Project page: http://rc5.distributed.net/ A message encrypted with RSA Labs' 56-bit RC5 encryption algorithm was cracked October 22, 1997. The message: It's time to move to a longer key length. The person who found the key was Peter Stuer, working for the STARLab Bovine Team of the Vrije Universiteit in Brussels, Belgium. He was using an Intel Pentium Pro 200 running NT. The Bovine team is part of a global Bovine effort headed by distributed.net. RSA is trying to prove that 128-bit encryption should be the standard by holding a series of contests with $10,000 prizes. The sixth contest to crack the RC6-64bit algorithm is in progress. Currently the US can only export programs with 56-bit key encryption as a maximum. Programs like Netscape and IE support the 128-bit keys. This is a direct smack in the face to the Clinton administration, who don't want to allow the export of stronger encryption programs. It took the Bovine team of 4,000 programmers and 10,000 idle computers about 250 days to search 47% of the keyspace. Distributed.net is equivalent in processing power to: 14,685 Intel Pentium Pro 200 processors 13,362 Motorola PowerPC 604e/200 processors 116,326 Intel 486DX2/66 processors 58,163 Intel Pentium 133 processors Work on decrypting the 64-bit encrypted message is underway. With the combined strength of this global network, we can do anything. ----- Join the System Failure team for the sixth contest. Go download the program suitable for your system, and put pinguino@uix.com for your email address. We have the Power =) ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ The Right Way to Get Good Stuff for Free ³ ³ by Astr0naut ³ ³ ³ ³ Astr0naut can be contacted via system.failure@usa.net ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ An Enhancement on "Five-Finger Discounts" by Pinguino, Dark Hour, and Netmask In their article in SysFail #1, Pinguino, Dark Hour, and Netmask mentioned a couple of companies that are great to steal from. However they didn't expand some of the exploitation to its fullest, such as Best Buy. This has got to be one of the EASIEST stores on the entire planet to take shit from. Hummm, where to start? I'll go department by department. First off, let's hit the music department. In SysFail #1, they mention that you need to look like Mr. Innocent. They're right. I know (not because I worked there or anything) that the LP (loss prevention) looks for suspicious looking people, and when they are not doing that they are usually looking at women (Sorry, girls). Oh well, back to getting free stuff. CD's have to be one of the easier things to steal (besides video cards, etc.). It's very simple; you find the CD'ss you like/want and you go to the audio department (another wealth of free stuff). After all, CD'ss and audio go together. You go to the audio department to divert attention from yourself. Then from the audio department, you casually make your way to the bathroom (where merchandise is not allowed). MAKE SURE NOBODY IS LOOKING! Act like you are there for a reason and act confident! The LP team looks for guilty looking people. After you make your way into the bathroom, head to a stall, and proceed to unwrap all the CD's and take them out of the cases. Stick them wherever you can hide them. This method is proven to work. I have known people who have gotten over $300.00 worth of CD's this way. You can also use this method for Nintendo games, Sega games, Playstation games, etc. Ok...Now, lets make our way to the computer department. This is an extremely easy department to rip off, considering that they are so busy most of the time, more so during holidays. You can go to the counter and ask to look at a harddrive, or RAM or whatever you like. Sit around and eye it and read the box. Most of the time, an angry customer will approach the sales person and distract them when they are gone. You can also have a friend do this. Put the merchandise in your pocket and calmly walk out of the store. IMPORTANT NOTE: Once you have made it to the door you are basically home free! In Best Buy, employees ARE NOT allowed to chase/tackle or cause injury to customers or they WILL be fired or severely punished. Stores like Wal-Mart are allowed to chase you, and they will. This next tactic involves spending some money, but it is a proven way to work! You have to look older for these, because you will need money and a purpose. Remember to look CONFIDENT! Ask questions, don't try to hide. Go to the appliance department and find a nice grill, but not one that is too expensive. Then stroll to the computer department, where you have other "shopping" to do. While down one of the back isles, which are rarely, if ever, watched, open the top of the grill box and fit whatever you can inside: joysticks, video cards, sound cards and more. People have even managed to fit a CPU or two in a grill box. Guess what? You've just spent $100.00 for $1000.00 or more in merchandise. Video departments are one of the harder departments to steal from. Just about the only thing you can take from them are cameras, film, and any other small stuff. Take into consideration, however, that a woman put a 13 inch TV under her dress and ALMOST got away with it. I don't advise doing anything like that though. Anyways. You know the locked cabinets that they keep the cameras or other stuff in. Well, I'll let you in on a little secret: THEY DON'T NEED KEYS!! All you have to do is simply grab a hold of both side of the cabinet and pull up and out, and presto, you have cameras. (See above tactics for getting them out of the store) Don't ever go down the TV aisles to try and steal stuff, because video is always a slow department and they have nothing to do there but clean. The audio department, as well as the video department can be a wealth of free CD's and movies, if you don't mind that they have no cases. They have to test out the audio equipment some way, and what better way to do it with then new CD's right off the shelf? Help your self to a handful of 'em, and while your at it, go and grab some movies or DVD discs that the video deparment has used. On a closing note, remote controls can be a great way to get free batteries for Walkmen or Discmen, as they are required to have them working at all times. EDITOR'S NOTE: Having worked at Target and as Security for a mall, I know from experience that most of these techniques will work. At Target and Sears, you need to know a couple of facts. If you ever fear that you are being followed, most likely, you are. Sears LP (Loss Prevention) and Target AP (Assets Protection) have a couple of common policies. 1> They MUST let you leave the store with the stolen merchandise before they apprehend you. This is good for you for an obvious reason. You don't leave the store, they don't stop you. If you leave the store, and they stop you, hope to hell that you don't have any stolen merchandise on your person. If you do, most likely you're screwed. If not, they open themselves up for a lawsuit (public humiliation, defamation of character, etc.). Once they've stopped you, that is an accusation of theft. If you don't have any merchandise on you, you are quickly going to find the managers of the store kissing your ass. 2> If you fear you are being followed, DUMP ALL THE STOLEN MERCHANDISE! They won't stop you, since you haven't stolen it yet. You can put it in your pockets, and legally claim that you put it there since you couldn't fit it in your hands. YOU MUST LEAVE THE STORE TO HAVE "LEGALLY" STOLEN THE MERCHANDISE! 3> Go to the bathroom. Try on clothes in the fitting room. Target and Sears people have to actually SEE you conceal the merchandise. If the AP/LP don't see you put it away, then they can't do jack. And it MUST be the AP or LP. Don't worry about the regular employees. They can bother you, but they can't accuse you of anything, and they can't apprehend you. If a regular peon sees you pocket something, don't worry about them, but do worry about one thing: They are most likely going to call AP or LP. But even then, the AP or LP can't get you for the stuff you already have. Make a stop in the bathroom or fitting room before you leave. The reason for this is thus: You COULD have dumped all the merchandise in one of those places. AP/LP must keep you in sight (Cameras don't count!) from the moment you conceal the item to the moment you step outside the store. If they A, lose sight of you, or B, you go into the restroom/fitting room, they have to let you go. In those few seconds that you are out of their sight, you could have dumped everything. And if you did, and they stop you, they open themselves up to a lawsuit. SO MAKE USE OF THE RESTROOM AND FITTING ROOM, DAMMIT! The fitting rooms are a great place to "try on" clothes, too. Most fitting room people at Sears and Target don't pay close attention to how many items you take in with you. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Miscellaneous Songs to Play on Your Phone! ³ ³ by Jolly Spamhead ³ ³ ³ ³ Jolly Spamhead can be contacted at jizz-monkey@usa.net ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ==================== \ My Five Min of fame | =====================/ While reading the classic fred myers issue of PLA, I remembered one thing RBCP did once he got into the the PA system. He played songs over the loud speaker! I don't really remember the song he played, so I decided to figure out a few songs on my own. Here is a list of what I could compose! My songs are not as "l33t" as MMMbop or a Puff Daddy song, but I think they are sufficient! =) +==============+ |Da Songs Y0! | +==============+ Key To All Of This --------------------------------------------------- \ - = Hold \ , = Pause for 1 beat / . = Pause 1 beat for every dot! (Got it?) / ---------------------------------------------------/ Jingle Bells 333,333,39123,666-663333322329,333,333,39123,666-6633,399621 Happy Birthday 112,163,112,196,110,8521,008,121 Way Down Upon the Swanee River 321321045,6842,321321945,654224 Ode to Joy 3 3 6 9 9 6 3 2 1 1 2 3 3 2 2.. 3 3 6 9 9 6 3 2 1 1 2 3 2 1 1.. 2 2 3 1 2 3-6 3 2 3-6 3 2 1 2 7.. 3 3 6 9 9 6 3 2 1 2 3 2 1-1.. Mary had a little lamb 8 5 2 5 8 8 8.. 5 5 5.. 8 8 8.. 8 5 2 5 8 8 8.. 2 5 8 5 2.. Hot Cross Buns 6 5 4.. 6 5 4.. 4 4 4 4 5 5 5 5.. 6 5 4.. In The Jungle 2 5-8 5.. 8-9 8 5 2.. 5 8-5 2 8 5... ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Small Telco's Demand a Stop to Internet Telephone ³ ³ by Kenshiro Cochrane ³ ³ ³ ³ Kenshiro Cochrane can be contacted at kcochran@skipnet.com ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Well, it looks like those wacky old telephone companies are losing money on your Internet telephone calls. Who'd of thought it would ever happen? According to an AP wire, a group of small telephone companies, known as the "America's Carriers Telecommunications Association" has asked the FCC to bar companies that produce Internet telephone software from selling that same software. That same group also wants the Federal government to regulate Internet telephone communcations much like they do traditional telephone carriers, meaning that the producers of said software would have to pay fees that support affordable telephone service for low-income and rural people. Internet telephone services would also become subject to state and federal regulations regarding traditional carriers. The FCC hasn't acted yet on the petition, filed in March 1996. International or long-distance calling over the Internet is much cheaper than conventional phone service. Because the call travels over data networks rather than public telephone networks, the caller doesn't have to pay long-distance or international charges, just the price of the Internet service. Callers with the same Internet phone software can talk to each other over computers, equipped with modems, speakers and microphones. Some 60 companies now provide Internet phone service, though the business is still in its infancy, according to Larry Flomm, vice president of new business development for Dialogic Corp., an Internet phone provider. So let's take a second to figure this out. Most Internet telephone software is not compatible with other software. This means that the caller and the callee, if you will, must both have the same software. And if 60 companies provide this service and software, then the chances of you getting ahold of your long lost friend in San Juan Capistrano without previous communcations (confirming that you both have the correct software ahead of time) is practically nil. Most people are still limited to modems that operate at 28800bps and 33600bps. Including me, and probably most of you reading this. I don't know if you've ever used any Internet telephone software at all, but if you have, you will have noticed a couple of things. Number one, the price is about $50 - $75. Most people on any kind of budget aren't going to have that kind of money to buy a piece of software that they can use to talk to maybe 3 people in the entire world. Sure, it would be much cheaper to use the Internet to talk to everybody, but the people that *I* really need to talk to the most don't have it. I can't call into work and say I'm sick with this stuff. I can't call the pizza joint and order. I can't call my parents or grandparents and tell them I need money with this. And I sure as hell can't call the President of the United States to say what a shitty job he's doing. At the current time, Internet phone is a novelty, not a threat, to telephone companies. Number two, the quality of the conversation is not that great at normal modem speeds. The transmission is going to be frought with background noise due to the normally low quality of the microphone (I also don't have $50 to go buy a high quality microphone), and lag. Say I'm talking to Habib in India. Habib says something to me, and I'm sitting there for 5 minutes waiting for him to say it. Number three, unless you want to spend a hell of a lot more money on a wireless microphone, and better quality speakers, you have to stay at your computer to talk to these people. Cordless telephones have popped up EVERYWHERE. You can't go somewhere and NOT see one. Sure, we like them for the obvious reasons, but the owners like them for the convenience. I don't know how many times I've been on the telephone with my mother to hear her say "Hang on a sec, I have to stir this" or whatever. The only reason these companies feel a threat from this new medium is that they don't want to have to get off their collective asses and better their services. They like being able to LEGALLY overcharge people and provide shit service. And then be able to say "Yo' Mama" when you call and complain. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ How to Secure Your Linux Box ³ ³ by Saint skullY the Dazed ³ ³ ³ ³ Saint skullY the Dazed can be contacted at skully@clipper.net ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Ok, so you just downloaded Slackware and have installed it. All your friends have told you how great Linux is, and you want to see yourself. The first thing you do, is get on IRC to show everyone how 'leet you are. But someone there decides that you shouldn't be using such a powerful OS. Next thing you know, your HD goes crazy and all your files are gone. Well, that can be avoided. Well, my first reaction to secure your system goes like this: killall -9 sendmail, killall -9 inetd, and don't install anything at all. Well, for most, that's too extreme. Luckily, there is middle ground. First, edit /etc/inetd.conf. Comment out everything except for telnet, ftp, and auth. If you don't want to give out accounts, then forget about telnet and ftp. Next, you'll probably want to move telnet and ftp to different ports. To do this, open up inetd.conf again, and change telnet to telnetd, and ftp to ftpd. Then, open up /etc/services, and add these lines: ftpd 556/tcp telnetd 555/tcp You can use any port you like. 555 and 556 are just examples. Now your system is fairly secure. If you're going to be giving accounts to people who might try to root your box, it'd be a good idea to take the suid bit off most programs. Most of them will be in /bin, /sbin, /usr/bin, and /usr/sbin. To check for suid programs, goto those directories, and do an ls -l | less. Here's an example: -rwxr-xr-x 1 root bin 360 Dec 12 1995 checkalias* -rws--x--x 1 root root 24184 Jun 16 11:56 chfn* checkalias is not suid, chfn is. The only programs which need to be suid for a properly working box are login, su, sudo, and passwd. Everything else is up for your discretion. Most people would like to be able to use ping, chfn, and chsh, but they're not things that regular users need to use (They can still be executed by root though). An easy way to look for all the suid programs on your system is with the find command. find / -user root -perm -4000 -print That will list all files with a suid bit on your system. You might redirect the output to a file (find / -user root -perm -4000 -print > suid) so you don't have to shift-pageup to read it all. Then, there's the important part of passwords. If you don't already have shadowed passwords, get on sunsite and download shadow-ina-box. That will make it a lot harder for someone to crack your password file. And be sure not to use an easy password as your root password. hi-mom is a horrible password. A better password would be to use gh3EhT5. That has both numbers and letters, isn't a word, and uses mixed case. If you take all of these suggestions, or even just some of them, your box will be secure enough for everyday use. It won't be hack proof (There is not one single computer out there that's hack proof) but at least it won't be hacked by any and every lamer out there. If you have any comments/hatemail/cool mp3's to throw my way, send em to me. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Yes, Yes, Yet Another Oncor Communications (Horror) Story ³ ³ by Kenshiro Cochrane ³ ³ ³ ³ Kenshiro Cochrane can be contacted at kcochran@skipnet.com ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Alrighty kiddies, here it is, the definitive OCI story. I know you've all been waiting for it. Wait no longer, I have delivered! Oncor Communications Incorporated, more commonly known as OCI, is a telephone company that primarily services payphones in the Texas area. Based out of Dallas, Texas, and employing only the worst in Arkansas white-trash (yeah, YOU Inviz!), OCI is the lowest of low in the telecommunications industry. OCI's practice of allowing, nay, even encouraging their operators and supervisors to verbally abuse, insult, provide poor service, listen in on customer telephone conversations, and more, is abhorrent. PLA used to bring you stories of OCI operators making cracks, such as "Yo' mama" jokes, making derogatory comments, and just in general being assholes barely scratches the service of treatment received by yours truly, and others, while attempting to make perfectly legitimate telephone transactions from numbers picked at random from the telephone directory. I used to laugh when I saw a mention of OCI, and the horrid treatment received from them. I thought to myself, "No way in hell could an operator get away with saying that, and still keep her job!" I thought that, perhaps in the grand tradition of so many PLA articles, most notably the supreme Beige Boxing issue, that a certain amount of embellishment had taken place. Boy, was I sure fucking wrong. My first call to OCI was rather bland. I called them up to make a collect call to a Worldvox teleconference (ah, those were the days...), gave them a number from the telephone book, and a fictitious name, and they put the call through with a minimum of hassle. Then, I got three-way calling, and we decided to have some fun. The very first time, we were connected to Maria, who, for the sake of imagination, is a very obese, sweaty, greasy, sleazy latino woman (no racism intended, she was VERY latino). Maria proceeded to tell me that "Yo' mama is stupid, and yo' daddy stupid too!" Not a very witty insult, by any means, but enough to keep us interested in her and OCI for the duration of the conference. Later conferences introduced us to a male operator, who identified himself as "Dickweed Motha Fucka". Mr. Fucka had an annoying tendency to mutter "Yo' mama" several times, repeatedly. Truly, a dynamic individual. And who can forget Kevin, who's normal greeting was "Thank you for calling OCI, this is Ke-VUHN, can I help you make a call, PUH-LEEZE?" Kevin, obviously, became the brunt of many jokes. Finally, OCI got to the point of "transferring us to their supervisor", when we became too much trouble for them. "One moment while I transfer you to my supervisor." "CLICK." At this moment, they disconnected us. VERY INTELLIGENT, if I say so myself. Apparently, disconnecting us got too boring, so they created a recording circuit just for us. You know how you get those circuits that say "The number you are calling has been disconnected and is no longer in service. No further infomation is available at this time"??? Well, our own personal recording said: "GET. A. LIFE." EXTREMELY WITTY, is it not? OCI finally wised up. They now no longer accept any calls from a number that is NOT an OCI payphone. So basically, you need to visit Texas, make a list of all the payphone numbers belonging to OCI, then give them to me. Thanks. Eventually, we got a supervisor who gave us a piece of his mind. I asked him if he allowed his operators to be this rude to all customers. He said yes. I asked him if he knew his operators did this on a regular basis. He said yes. I asked him if he encouraged his operators to be this rude to customers. Guess what he said? He said yes. I then asked him for the address of OCI, and he provided it, then I informed him that he and all of his operators were being taped, and that he should have a nice day. He disconnected us rather rapidly, I thought. Anyhow, when calling OCI to get them to comment on this, I got this transcript: OCI> OCI, can I help you? ME> Hi, is it possible to speak to a supervisor please? OCI> Sure, just one moment. ME> Thanks much. OCI> *CLICK* Shows their commitment to quality service, eh? Oh well. We can't have everything that we want. If you want to hear some of these calls, check out http://www.teleport.com/~zigy. Send all of your hate mail to: OCI ATTN: Bruce Campbell (The company president, woo hoo hoo!) PO Box 50579 Dallas, TX 75250-0579 ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Obtaining Free Shell Accounts in the 860 Area Code ³ ³ by Jolly Spamhead ³ ³ ³ ³ Jolly Spamhead can be contacted at jizz-monkey@usa.net ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ In this article I will explain how to obtain free Unix shell accounts in 860. In my opinion, no one should be without 1 or more shell accounts. A ISP here called "Internet Access Company" or Tiac for short, has wonderful no quota shells up for the taking. All u have to do is call them up and order a few. It would go something like this... (Dialing 860-947-7687) Becky: Hi welcome to the Internet Access Company, How may I transfer your call? You: I'll like to order a shell+ account, I saw it offered on your webpage. Becky: Sure, please hold on while I transfer your call! You: OK. (After waiting 10-15 minutes and listening to Barbie Girl for the 5th time) Eric: Hello, this is Eric Paul how may I help you? You: Hi Eric, I want to order one of those damn Shell+ accounts. Eric: Would u like me to explain what a Shell+ account consists of? You: It would be a great honor if you would enlighten me sir. (Snip 5 minutes of Eric's pointless rambling) Eric: So, would you like to sign up now? You: Yes, would it be possible to have you guys bill it my house? Eric: Well, we can do that, but we will need a major credit card to confirm. You: Ok no problem, could u hold on a second? Eric: Yes, take your time You: I'm back Eric: Ok could I have your name and phone number please? You: Ok my name is Tyrone Ashford and my digits are 860-569-0550 Eric: Great, now could I have your address followed by the card number You: 167 Mercer Ave, East Hartford CT 06108 You: My card number is 3133 7902 1069 10/98 After giving the guy a random name and credit card the number, u will most likely have to wait a minute while his computer fires up. Since Tiac is a very busy place you know. Eric: Could I please have a user name and password for the account? You: Ok the user name will be "Dingo" and the password will be "god". Eric: Well you know "god" is one of the 3 commonly most used passwords! You: Oh, so you saw the movie too? Eric: I didn't just see it, I live it! (Laughs) Eric: Your account will be ready in the hour, would u like the dial-up? You: Yes, that would be nifty. Eric: I don't know much about CT, are u closer to Hartford or New Haven? You: That's for me to know, why don't u just give me both numbers? Eric: Ok Hartford is 860-947-7540 and New Haven is 203-752-3032 You: Ok I got it, thanks so much Eric, I love you! Eric: Ok have a nice day. You: No Eric, I really love u alot! Eric: Well sir im not that kind of guy You: Ok I understand, cya later you mr eleet-o burito person u! Eric: Ok bye now. You: Byte Me! Anyway, give and take a little small talk here and there. That is basically all that is needed to scam shells from Tiac. Once u get tired of ordering just one crappy shell, you can try ordering 10-15 at a time. This works because it is fairly commonplace for businesses to bulk order many accounts at once. +---------------------------------------------------------------------------+ | Misc Internet Access Company Numbers | +---------------------------------------------------------------------------+ The majority of these numbers came from Tiac's webpage located conveniently at http://www.tiac.net/. So here's what I got so far.... POP NUMBERS ------------------ CT (860) --------- Hartford.......947-7540 Hartford.......947-7547 CT (203) --------- New Haven.......752-3032 Stamford........352-1342 Trumbull........452-3894 MA (617) --------- Boston...........531-TIAC Brookline........992-TIAC Cambridge........588-TIAC Newton...........831-TIAC Quincy...........249-TIAC MA (781) ---------- Bedford..........275-0331 Burlington.......852-TIAC Kingston.........585-7100 Lexington........778-TIAC Maiden...........480-TIAC Medford..........658-TIAC Woburn...........970-TIAC NY (212) ---------- Manhattan........220-TIAC NY (516) ----------- Central Islip....582-2819 Garden City......228-6606 Wantagh..........221-0029 NY (914) ----------- White Plains.....328.3506 CUSTOMER SERVICE --------------------- Eastern MA............781-932-2000 Western MA.............413-732-3138 Hartford CT...........860-947-7687 Stamford CT...........203-323-5957 Maine.................207-775-2467 New Hampshire.........603-421-0711 New Jersey............201-342-0060 New York City.........212-929-9777 NY/Westchester........914-328-5453 NY/Long Island........516-228-9058 Rhode Island..........401-453-0424 Washington D.C........202-822-6032 +============================================================================+ | GREETS AND GRIPES | | | | I hope u enjoyed the file, GREETS go out to RBCP, Colleen Card, El Jefe, | | the writers of System Failure, RNS for releasing kick ass mp3's that kept | | me alert when I wrote this, the makers of Jolt Cola, and of course my | | partner in crime Desperado. | | | | No GREETS to Tyrone Ashford, Dingo Rogers, Homi G BoBo, Phrack, Web TV, | | the asshole that invented ssping, and most of East Hartford High School. | +============================================================================+ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Closing Comments ³ ³ by The System Failure Staff ³ ³ ³ ³ Contact us all via system.failure@usa.net or whatever other ³ ³ email address you've seen ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Well, once again we come to the close of another issue of System Failure. If you think that we have forgotten something, you want to tell us how great we are, you want to tell us how much we suck, or you want to submit an article, then email us at the above address. Until then, may this find you all in good health (except Phelon). -Kenshiro Cochrane Yahoo! Only half a month late this time... we're getting better. I'll be doing System Failure #6, and hopefully it'll be out in late November or early December, so keep your eyes open. penguinpalace.com is still offline, but we're hoping it'll be back up soon... if it's not up in a few days, I'll put up a mirror of the SysFail page on http://www.geekbox.net/sysfail/ -Logic Box [NO COMMENT] -Pinguino [DC WAS AT WORK. THE FOOL.] -DarkCactus