==Phrack Magazine== Volume Six, Issue Forty-Seven, File 8 of 22 05. What are some gopher sites of interest to hackers? ba.com (Bell Atlantic) csrc.ncsl.nist.gov (NIST Security Gopher) gopher.acm.org (SIGSAC (Security, Audit & Control)) gopher.cpsr.org (Computer Professionals for Social Responsibility) gopher.cs.uwm.edu gopher.eff.org (Electonic Frontier Foundation) gw.PacBell.com (Pacific Bell) iitf.doc.gov (NITA -- IITF) oss.net (Open Source Solutions) spy.org (Computer Systems Consulting) wiretap.spies.com (Wiretap) 06. What are some World wide Web (WWW) sites of interest to hackers? http://alumni.caltech.edu/~dank/isdn/ (ISDN) http://aset.rsoc.rockwell.com (NASA/MOD AIS Security) http://aset.rsoc.rockwell.com/exhibit.html (Tech. for Info Sec) http://att.net/dir800 (800 directory) http://ausg.dartmouth.edu/security.html (Security) http://cs.purdue.edu/coast/coast.html (Coast) http://csrc.ncsl.nist.gov (NIST) http://dhp.com/~pluvius http://dfw.net/~aleph1 (Eubercrackers) http://draco.centerline.com:8080/~franl/crypto.html (Crypto) http://everest.cs.ucdavis.edu/Security.html (Security) http://everest.cs.ucdavis.edu/slides/slides.html(Security Lab Slides) http://ezinfo.ethz.ch/ETH/D-REOK/fsk/fsk_homepage.html (CSSCR) http://first.org (FIRST) http://ftp.tamu.edu/~abr8030/security.html (Security) http://hightop.nrl.navy.mil/potpourri.html (Security) http://hightop.nrl.navy.mil/rainbow.html (Rainbow Books) http://ice-www.larc.nasa.gov/ICE/papers/hacker-crackdown.html (Sterling) http://ice-www.larc.nasa.gov/ICE/papers/nis-requirements.html (ICE NIS) http://info.bellcore.com/BETSI/betsi.html (Betsi) http://infosec.nosc.mil/infosec.html (SPAWAR INFOSEC) http://l0pht.com (The l0pht) http://l0pht.com/~oblivion/IIRG.html (Phantasy Magazine) http://mindlink.jolt.com (The Secrets of LockPicking) http://mls.saic.com (SAIC MLS) http://naic.nasa.gov/fbi/FBI_homepage.html (FBI Homepage) http://nasirc.hq.nasa.gov (NASA ASIRC) http://ophie.hughes.american.edu/~ophie http://ripco.com:8080/~glr/glr.html (Full Disclosure) http://spy.org (CSC) http://tansu.com.au/Info/security.html (Comp and Net Security) http://the-tech.mit.edu (LaMacchia case info) http://wintermute.itd.nrl.navy.mil/5544.html (Network Security) http://www.aads.net (Ameritech) http://www.alw.nih.gov/WWW/security.html (Unix Security) http://www.artcom.de/CCC (CCC Homepage) http://www.aspentec.com/~frzmtdb/fun/hacker.html http://www.aus.xanadu.com:70/1/EFA (EFF Australia) http://www.ba.com (Bell Atlantic) http://www.beckman.uiuc.edu/groups/biss/VirtualLibrary/xsecurity.html(X-Win) http://www.bell.com (MFJ Task Force) http://www.bellcore.com/SECURITY/security.html (Bellcore Security Products) http://www.brad.ac.uk/~nasmith/index.html http://www.bst.bls.com (BellSouth) http://www.c3.lanl.gov/~mcn (Lanl) http://www.cert.dfn.de/ (German First Team) http://www.commerce.net/information/standards/drafts/shttp.txt (HyperText) http://www.contrib.andrew.cmu.edu:8001/usr/dscw/home.html http://www.cpsr.org/home (CPSR) http://www.cs.tufts.edu/~mcable/cypher/alerts/alerts.html (Cypherpunk) http://www.cs.tufts.edu/~mcable/HackerCrackdown (Hacker Crackdown) http://www.cs.umd.edu/~lgas http://www.cs.cmu.edu:8001/afs/cs.cmu.edu/user/bsy/www/sec.html (Security) http://www.csd.harris.com/secure_info.html (Harris) http://www.csl.sri.com (SRI Computer Science Lab) http://www.cybercafe.org/cybercafe/pubtel/pubdir.html (CyberCafe) http://www.datafellows.fi (Data Fellows) http://www.delmarva.com/raptor/raptor.html (Raptor Network Isolator) http://www.demon.co.uk/kbridge (KarlBridge) http://www.digicash.com/ecash/ecash-home.html (Digital Cash) http://www.digital.com/info/key-secure-index.html(Digital Secure Systems) http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html(Bugtraq) http://www.eecs.nwu.edu/~jmyers/ids/index.html (Intrusion Detection Systems) http://www.eff.org/papers.html (EFF) http://www.engin.umich.edu/~jgotts/boxes.html (Box info) http://www.engin.umich.edu/~jgotts/hack-faq.html(This document) http://www.engin.umich.edu/~jgotts/underground.html http://www.ensta.fr/internet/unix/sys_admin (System administration) http://www.etext.org/Zines/ (Zines) http://www.fc.net/defcon (DefCon) http://www.fc.net/phrack.html (Phrack Magazine) http://www.first.org/first/ (FIRST) http://www.greatcircle.com (Great Circle Associates) http://www.hpcc.gov/blue94/section.4.6.html (NSA) http://www.ic.gov (The CIA) http://www.lerc.nasa.gov/Unix_Team/Dist_Computing_Security.html (Security) http://www.lysator.liu.se:7500/terror/thb_title.html (Terrorists Handbook) http://www.lysator.liu.se:7500/mit-guide/mit-guide.html (Lockpicking Guide) http://www.net23.com (Max Headroom) http://www.nist.gov (NIST) http://www.pacbell.com (Pacific Bell) http://www.paranoia.com/mthreat (ToneLoc) http://www.pegasus.esprit.ec.org/people/arne/pgp.html (PGP) http://www.phantom.com/~king (Taran King) http://www.quadralay.com/www/Crypt/Crypt.html (Quadralay Cryptography) http://www.qualcomm.com/cdma/wireless.html (Qualcomm CDMA) http://www.research.att.com (AT&T) http://ripco.com:8080/~glr/glr.html (Full Disclosure) http://www.rsa.com (RSA Data Security) http://www.satelnet.org/~ccappuc http://www.service.com/cm/uswest/usw1.html (USWest) http://www.shore.net/~oz/welcome.html (Hack TV) http://www.spy.org (Computer Systems Consulting) http://www.sri.com (SRI) http://www.tansu.com.au/Info/security.html (Security Reference Index) http://www.tis.com (Trusted Information Systems) http://www.tri.sbc.com (Southwestern Bell) http://www.uci.agh.edu.pl/pub/security (Security) http://www.umcc.umich.edu/~doug/virus-faq.html (Virus) http://www.usfca.edu/crackdown/crack.html (Hacker Crackdown) http://www.wam.umd.edu/~ankh/Public/devil_does_unix http://www.wiltel.com (Wiltel) http://www.winternet.com/~carolann/dreams.html http://www.wired.com (Wired Magazine) 07. What are some IRC channels of interest to hackers? #2600 #cellular #hack #phreak #linux #realhack #root #unix #warez 08. What are some BBS's of interest to hackers? Rune Stone (203)832-8441 Hacker's Haven (303)343-4053 Independent Nation (315)656-4179 Ut0PiA (315)656-5135 underworld_1994.com (514)683-1894 Digital Fallout (516)378-6640 Alliance Communications (612)251-8596 Maas-Neotek (617)855-2923 Apocalypse 2000 (708)676-9855 K0dE Ab0dE (713)579-2276 fARM R0Ad 666 (713)855-0261 09. What are some books of interest to hackers? General Computer Security ~~~~~~~~~~~~~~~~~~~~~~~~~ Computer Security Basics Author: Deborah Russell and G.T. Gengemi Sr. Publisher: O'Reilly & Associates, Inc. Copyright Date: 1991 ISBN: 0-937175-71-4 This is an excellent book. It gives a broad overview of computer security without sacrificing detail. A must read for the beginning security expert. Computer Security Management Author: Karen Forcht Publisher: Boyd and Fraser Copyright Date: 1994 ISBN: 0-87835-881-1 Information Systems Security Author: Philip Fites and Martin Kratz Publisher: Van Nostrad Reinhold Copyright Date: 1993 ISBN: 0-442-00180-0 Computer Related Risks Author: Peter G. Neumann Publisher: Addison-Wesley Copyright Date: 1995 ISBN: 0-201-55805-X Computer Security Management Author: Karen Forcht Publisher: boyd & fraser publishing company Copyright Date: 1994 ISBN: 0-87835-881-1 The Stephen Cobb Complete Book of PC and LAN Security Author: Stephen Cobb Publisher: Windcrest Books Copyright Date: 1992 ISBN: 0-8306-9280-0 (hardback) 0-8306-3280-8 (paperback) Security in Computing Author: Charles P. Pfleeger Publisher: Prentice Hall Copyright Date: 1989 ISBN: 0-13-798943-1. Building a Secure Computer System Author: Morrie Gasser Publisher: Van Nostrand Reinhold Co., New York. Copyright Date: ISBN: 0-442-23022-2 Modern Methods for Computer Security Author: Lance Hoffman Publisher: Prentice Hall Copyright Date: 1977 ISBN: Windows NT 3.5 Guidelines for Security, Audit and Control Author: Publisher: Microsoft Press Copyright Date: ISBN: 1-55615-814-9 Unix System Security ~~~~~~~~~~~~~~~~~~~~ Practical Unix Security Author: Simson Garfinkel and Gene Spafford Publisher: O'Reilly & Associates, Inc. Copyright Date: 1991 ISBN: 0-937175-72-2 Finally someone with a very firm grasp of Unix system security gets down to writing a book on the subject. Buy this book. Read this book. Firewalls and Internet Security Author: William Cheswick and Steven Bellovin Publisher: Addison Wesley Copyright Date: 1994 ISBN: 0-201-63357-4 Unix System Security Author: Rik Farrow Publisher: Addison Wesley Copyright Date: 1991 ISBN: 0-201-57030-0 Unix Security: A Practical Tutorial Author: N. Derek Arnold Publisher: McGraw Hill Copyright Date: 1993 ISBN: 0-07-002560-6 Unix System Security: A Guide for Users and Systems Administrators Author: David A. Curry Publisher: Addison-Wesley Copyright Date: 1992 ISBN: 0-201-56327-4 Unix System Security Author: Patrick H. Wood and Stephen G. Kochan Publisher: Hayden Books Copyright Date: 1985 ISBN: 0-672-48494-3 Unix Security for the Organization Author: Richard Bryant Publisher: Sams Copyright Date: 1994 ISBN: 0-672-30571-2 Network Security ~~~~~~~~~~~~~~~~ Network Security Secrets Author: David J. Stang and Sylvia Moon Publisher: IDG Books Copyright Date: 1993 ISBN: 1-56884-021-7 Not a total waste of paper, but definitely not worth the $49.95 purchase price. The book is a rehash of previously published information. The only secret we learn from reading the book is that Sylvia Moon is a younger woman madly in love with the older David Stang. Complete Lan Security and Control Author: Peter Davis Publisher: Windcrest / McGraw Hill Copyright Date: 1994 ISBN: 0-8306-4548-9 and 0-8306-4549-7 Network Security Author: Steven Shaffer and Alan Simon Publisher: AP Professional Copyright Date: 1994 ISBN: 0-12-638010-4 Cryptography ~~~~~~~~~~~~ Applied Cryptography: Protocols, Algorithms, and Source Code in C Author: Bruce Schneier Publisher: John Wiley & Sons Copyright Date: 1994 ISBN: 0-471-59756-2 Bruce Schneier's book replaces all other texts on cryptography. If you are interested in cryptography, this is a must read. This may be the first and last book on cryptography you may ever need to buy. Cryptography and Data Security Author: Dorothy Denning Publisher: Addison-Wesley Publishing Co. Copyright Date: 1982 ISBN: 0-201-10150-5 Protect Your Privacy: A Guide for PGP Users Author: William Stallings Publisher: Prentice-Hall Copyright Date: 1994 ISBN: 0-13-185596-4 Programmed Threats ~~~~~~~~~~~~~~~~~~ The Little Black Book of Computer Viruses Author: Mark Ludwig Publisher: American Eagle Publications Copyright Date: 1990 ISBN: 0-929408-02-0 The original, and still the best, book on computer viruses. No media hype here, just good clean technical information. Computer Viruses, Artificial Life and Evolution Author: Mark Ludwig Publisher: American Eagle Publications Copyright Date: 1993 ISBN: 0-929408-07-1 Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other Threats to Your System Author: John McAfee and Colin Haynes Publisher: St. Martin's Press Copyright Date: 1989 ISBN: 0-312-03064-9 and 0-312-02889-X The Virus Creation Labs: A Journey Into the Underground Author: George Smith Publisher: American Eagle Publications Copyright Date: 1994 ISBN: Telephony ~~~~~~~~~ Engineering and Operations in the Bell System Author: R.F. Rey Publisher: Bell Telephont Laboratories Copyright Date: 1983 ISBN: 0-932764-04-5 Although hopelessly out of date, this book remains *THE* book on telephony. This book is 100% Bell, and is loved by phreaks the world over. Telephony: Today and Tomorrow Author: Dimitris N. Chorafas Publisher: Prentice-Hall Copyright Date: 1984 ISBN: 0-13-902700-9 The Telecommunications Fact Book and Illustrated Dictionary Author: Ahmed S. Khan Publisher: Delmar Publishers, Inc. Copyright Date: 1992 ISBN: 0-8273-4615-8 I find this dictionary to be an excellent reference book on telephony, and I recommend it to anyone with serious intentions in the field. Tandy/Radio Shack Cellular Hardware Author: Judas Gerard and Damien Thorn Publisher: Phoenix Rising Communications Copyright Date: 1994 ISBN: The Phone Book Author: Carl Oppendahl Publisher: Consumer Reports Copyright Date: ISBN: 0-89043-364-x Listing of every cellular ID in the us, plus roaming ports, and info numbers for each carrier. Principles of Caller I.D. Author: Publisher: International MicroPower Corp. Copyright Date: ISBN: Hacking History and Culture ~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Hacker Crackdown: Law and Disorder on the Electronic Frontier Author: Bruce Sterling Publisher: Bantam Books Copyright Date: 1982 ISBN: 0-553-56370-X Bruce Sterling has recently released the book FREE to the net. The book is much easier to read in print form, and the paperback is only $5.99. Either way you read it, you will be glad you did. Mr. Sterling is an excellent science fiction author and has brought his talent with words to bear on the hacking culture. A very enjoyable reading experience. Cyberpunk Author: Katie Hafner and John Markoff Publisher: Simon and Schuster Copyright Date: 1991 ISBN: 0-671-77879-X The Cuckoo's Egg Author: Cliff Stoll Publisher: Simon and Schuster Copyright Date: 1989 ISBN: 0-671-72688-9 Hackers: Heroes of the Computer Revolution Author: Steven Levy Publisher: Doubleday Copyright Date: 1984 ISBN: 0-440-13495-6 Unclassified ~~~~~~~~~~~~ The Hacker's Handbook Author: Hugo Cornwall Publisher: E. Arthur Brown Company Copyright Date: ISBN: 0-912579-06-4 Secrets of a Super Hacker Author: The Knightmare Publisher: Loompanics Copyright Date: 1994 ISBN: 1-55950-106-5 The Knightmare is no super hacker. There is little or no real information in this book. The Knightmare gives useful advice like telling you not to dress up before going trashing. The Knightmare's best hack is fooling Loompanics into publishing this garbage. The Day The Phones Stopped Author: Leonard Lee Publisher: Primus / Donald I Fine, Inc. Copyright Date: 1992 ISBN: 1-55611-286-6 Total garbage. Paranoid delusions of a lunatic. Less factual data that an average issue of the Enquirer. Information Warfare Author: Winn Swartau Publisher: Thunder Mountain Press Copyright Date: 1994 ISBN: 1-56025-080-1 An Illustrated Guide to the Techniques and Equipment of Electronic Warfare Author: Doug Richardson Publisher: Salamander Press Copyright Date: ISBN: 0-668-06497-8 10. What are some videos of interest to hackers? 'Unauthorized Access' by Annaliza Savage $25 on VH S format in 38-min Savage Productions 1803 Mission St., #406 Santa Cruz, CA 95060 11. What are some mailing lists of interest to hackers? Academic Firewalls Reflector Address: Registration Address: Send a message to majordomo@greatcircle.com containing the line "subscribe firewalls user@host" Bugtraq Reflector Address: bugtraq@fc.net Registration Address: bugtraq-request@fc.net Cert Tools Reflector Address: cert-tools@cert.org Registration Address: cert-tools-request@cert.org Computers and Society Reflector Address: Comp-Soc@limbo.intuitive.com Registration Address: taylor@limbo.intuitive.com Coordinated Feasibility Effort to Unravel State Data Reflector Address: ldc-sw@cpsr.org Registration Address: CPSR Announcement List Reflector Address: cpsr-announce@cpsr.org Registration Address: CPSR - Intellectual Property Reflector Address: cpsr-int-prop@cpsr.org Registration Address: CPSR - Internet Library Reflector Address: cpsr-library@cpsr.org Registration Address: DefCon Announcement List Reflector Address: Registration Address: Send a message to majordomo@fc.net containing the line "subscribe dc-announce" DefCon Chat List Reflector Address: Registration Address: Send a message to majordomo@fc.net containing the line "subscribe dc-stuff" IDS (Intruder Detection Systems) Reflector Address: Registration Address: Send a message to majordomo@wyrm.cc.uow.edu.au containing the line "subscribe ids" Macintosh Security Reflector Address: mac-security@eclectic.com Registration Address: mac-security-request@eclectic.com NeXT Managers Reflector Address: Registration Address: next-managers-request@stolaf.edu Phiber-Scream Reflector Address: Registration Address: Send a message to listserv@netcom.com containing the line "subscribe phiber-scream user@host" phruwt-l (Macintosh H/P) Reflector Address: Registration Address: Send a message to filbert@netcom.com with the subject "phruwt-l" rfc931-users Reflector Address: rfc931-users@kramden.acf.nyu.edu Registration Address: brnstnd@nyu.edu RSA Users Reflector Address: rsaref-users@rsa.com Registration Address: rsaref-users-request@rsa.com 12. What are some print magazines of interest to hackers? 2600 - The Hacker Quarterly ~~~~~~~~~~~~~~~~~~~~~~~~~~~ E-mail address: 2600@well.sf.ca.us Subscription Address: 2600 Subscription Dept PO Box 752 Middle Island, NY 11953-0752 Letters and article submission address: 2600 Editorial Dept PO Box 99 Middle Island, NY 11953-0099 Subscriptions: United States: $21/yr individual, $50 corporate. Overseas: $30/yr individual, $65 corporate. Gray Areas ~~~~~~~~~~ Gray Areas examines gray areas of law and morality and subject matter which is illegal, immoral and/oe controversial. Gray Areas explores why hackers hack and puts hacking into a sociological framework of deviant behavior. E-Mail Address: grayarea@well.sf.ca.us E-Mail Address: grayarea@netaxs.com U.S. Mail Address: Gray Areas PO Box 808 Broomall, PA 19008 Subscriptions: $26.00 4 issues first class $34.00 4 issues foreign (shipped air mail) Wired ~~~~~ Subscription Address: subscriptions@wired.com or: Wired PO Box 191826 San Francisco, CA 94119-9866 Letters and article submission address: guidelines@wired.com or: Wired 544 Second Street San Francisco, CA 94107-1427 Subscriptions: $39/yr (US) $64/yr (Canada/Mexico) $79/yr (Overseas) Nuts & Volts ~~~~~~~~~~~~ T& L Publications 430 Princeland Court Corona, CA 91719 (800)783-4624 (Voice) (Subscription Only Order Line) (909)371-8497 (Voice) (909)371-3052 (Fax) CIS: 74262,3664 13. What are some e-zines of interest to hackers? CoTNo: Communications of The New Order ftp.etext.org /pub/Zines/CoTNo Empire Times ftp.etext.org /pub/Zines/Emptimes Phrack ftp.fc.net /pub/phrack 14. What are some organizations of interest to hackers? Computer Professionals for Social Responsibility (CPSR) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CPSR empowers computer professionals and computer users to advocate for the responsible use of information technology and empowers all who use computer technology to participate in the public debate. As technical experts, CPSR members provide the public and policymakers with realistic assessments of the power, promise, and limitations of computer technology. As an organization of concerned citizens, CPSR directs public attention to critical choices concerning the applications of computing and how those choices affect society. By matching unimpeachable technical information with policy development savvy, CPSR uses minimum dollars to have maximum impact and encourages broad public participation in the shaping of technology policy. Every project we undertake is based on five principles: * We foster and support public discussion of and public responsibility for decisions involving the use of computers in systems critical to society. * We work to dispel popular myths about the infallibility of technological systems. * We challenge the assumption that technology alone can solve political and social problems. * We critically examine social and technical issues within the computer profession, nationally and internationally. * We encourage the use of computer technology to improve the quality of life. CPSR Membership Categories 75 REGULAR MEMBER 50 Basic member 200 Supporting member 500 Sponsoring member 1000 Lifetime member 20 Student/low income member 50 Foreign subscriber 50 Library/institutional subscriber CPSR National Office P.O. Box 717 Palo Alto, CA 94301 415-322-3778 415-322-3798 (FAX) E-mail: cpsr@csli.stanford.edu Electronic Frontier Foundation (EFF) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Electronic Frontier Foundation (EFF) is dedicated to the pursuit of policies and activities that will advance freedom and openness in computer-based communications. It is a member-supported, nonprofit group that grew from the conviction that a new public interest organization was needed in the information age; that this organization would enhance and protect the democratic potential of new computer communications technology. From the beginning, the EFF determined to become an organization that would combine technical, legal, and public policy expertise, and would apply these skills to the myriad issues and concerns that arise whenever a new communications medium is born. Memberships are $20.00 per year for students, $40.00 per year for regular members, and $100.00 per year for organizations. The Electronic Frontier Foundation, Inc. 666 Pennsylvania Avenue S.E., Suite 303 Washington, D.C. 20003 +1 202 544 9237 +1 202 547 5481 FAX Internet: eff@eff.org Free Software Foundation (FSF) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GNU ~~~ The League for Programming Freedom (LPF) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The League for Programming Freedom is an organization of people who oppose the attempt to monopolize common user interfaces through "look and feel" copyright lawsuits. Some of us are programmers, who worry that such monopolies will obstruct our work. Some of us are users, who want new computer systems to be compatible with the interfaces we know. Some are founders of hardware or software companies, such as Richard P. Gabriel. Some of us are professors or researchers, including John McCarthy, Marvin Minsky, Guy L. Steele, Jr., Robert S. Boyer and Patrick Winston. "Look and feel" lawsuits aim to create a new class of government- enforced monopolies broader in scope than ever before. Such a system of user-interface copyright would impose gratuitous incompatibility, reduce competition, and stifle innovation. We in the League hope to prevent these problems by preventing user-interface copyright. The League is NOT opposed to copyright law as it was understood until 1986 -- copyright on particular programs. Our aim is to stop changes in the copyright system which would take away programmers' traditional freedom to write new programs compatible with existing programs and practices. Annual dues for individual members are $42 for employed professionals, $10.50 for students, and $21 for others. We appreciate activists, but members who cannot contribute their time are also welcome. To contact the League, phone (617) 243-4091, send Internet mail to the address league@prep.ai.mit.edu, or write to: League for Programming Freedom 1 Kendall Square #143 P.O. Box 9171 Cambridge, MA 02139 USA SotMesc ~~~~~~~ Founded in 1989, SotMesc is dedicated to preserving the integrity and cohesion of the computing society. By promoting computer education, liberties and efficiency, we believe we can secure freedoms for all computer users while retaining privacy. SotMesc maintains the CSP Internet mailing list, the SotMesc Scholarship Fund, and the SotMesc Newsletter. The SotMESC is financed partly by membership fees, and donations, but mostly by selling hacking, cracking, phreaking, electronics, internet, and virus information and programs on disk and bound paper media. SotMesc memberships are $20 to students and $40 to regular members. SotMESC P.O. Box 573 Long Beach, MS 39560 Computer Emergency Response Team (CERT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CERT is the Computer Emergency Response Team that was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs exhibited during the Internet worm incident. The CERT charter is to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems. CERT products and services include 24-hour technical assistance for responding to computer security incidents, product vulnerability assistance, technical documents, and seminars. In addition, the team maintains a number of mailing lists (including one for CERT advisories) and provides an anonymous FTP server: cert.org (192.88.209.5), where security-related documents, past CERT advisories, and tools are archived. CERT contact information: U.S. mail address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 U.S.A. Internet E-mail address cert@cert.org Telephone number (412)268-7090 (24-hour hotline) CERT Coordination Center personnel answer 7:30 a.m.- 6:00 p.m. EST(GMT-5)/EDT(GMT-4), on call for emergencies during other hours. FAX number (412)268-6989 15. Where can I purchase a magnetic stripe encoder/decoder? CPU Advance PO Box 2434 Harwood Station Littleton, MA 01460 (508)624-4819 (Fax) Omron Electronics, Inc. One East Commerce Drive Schaumburg, IL 60173 (800)556-6766 (Voice) (708)843-7787 (Fax) Security Photo Corporation 1051 Commonwealth Avenue Boston, MA 02215 (800)533-1162 (Voice) (617)783-3200 (Voice) (617)783-1966 (Voice) Timeline Inc, 23605 Telo Avenue Torrence, CA 90505 (800)872-8878 (Voice) (800)223-9977 (Voice) Alltronics 2300 Zanker Road San Jose CA 95131 (408) 943-9774 Voice (408) 943-9776 Fax (408) 943-0622 BBS Part Number: 92U067 Atalla Corp San Jose, CA (408) 435-8850 16. What are the rainbow books and how can I get them? Orange Book DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria Green Book CSC-STD-002-85 Department of Defense Password Management Guideline Yellow Book CSC-STD-003-85 Computer Security Requirements -- Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments Yellow Book CSC-STD-004-85 Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements. Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments. Tan Book NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems Bright Blue Book NCSC-TG-002 Trusted Product Evaluation - A Guide for Vendors Neon Orange Book NCSC-TG-003 A Guide to Understanding Discretionary Access Control in Trusted Systems Teal Green Book NCSC-TG-004 Glossary of Computer Security Terms Red Book NCSC-TG-005 Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria Orange Book NCSC-TG-006 A Guide to Understanding Configuration Management in Trusted Systems Burgundy Book NCSC-TG-007 A Guide to Understanding Design Documentation in Trusted Systems Dark Lavender Book NCSC-TG-008 A Guide to Understanding Trusted Distribution in Trusted Systems Venice Blue Book NCSC-TG-009 Computer Security Subsystem Interpretation of the Trusted Computer System Evaluation Criteria Aqua Book NCSC-TG-010 A Guide to Understanding Security Modeling in Trusted Systems Dark Red Book NCSC-TG-011 Trusted Network Interpretation Environments Guideline -- Guidance for Applying the Trusted Network Interpretation Pink Book NCSC-TG-013 Rating Maintenance Phase -- Program Document Purple Book NCSC-TG-014 Guidelines for Formal Verification Systems Brown Book NCSC-TG-015 A Guide to Understanding Trusted Facility Management Yellow-Green Book NCSC-TG-016 Guidelines for Writing Trusted Facility Manuals Light Blue NCSC-TG-017 A Guide to Understanding Identification and Authentication in Trusted Systems Light Blue Book NCSC-TG-018 A Guide to Understanding Object Reuse in Trusted Systems Blue Book NCSC-TG-019 Trusted Product Evaluation Questionnaire Gray Book NCSC-TG-020A Trusted Unix Working Group (TRUSIX) Rationale for Selecting Access Control List Features for the Unix System Lavender Book NCSC-TG-021 Trusted Data Base Management System Interpretation of the Trusted Computer System Evaluation Criteria Yellow Book NCSC-TG-022 A Guide to Understanding Trusted Recovery in Trusted Systems Bright Orange Book NCSC-TG-023 A Guide to Understandng Security Testing and Test Documentation in Trusted Systems Purple Book NCSC-TG-024 (Volume 1/4) A Guide to Procurement of Trusted Systems: An Introduction to Procurement Initiators on Computer Security Requirements Purple Book NCSC-TG-024 (Volume 2/4) A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators Purple Book NCSC-TG-024 (Volume 3/4) A Guide to Procurement of Trusted Systems: Computer Security Contract Data Requirements List and Data Item Description Tutorial +Purple Book +NCSC-TG-024 (Volume 4/4) +A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder's +Proposal Document - An Aid to Procurement Initiators and Contractors Green Book NCSC-TG-025 A Guide to Understanding Data Remanence in Automated Information Systems Hot Peach Book NCSC-TG-026 A Guide to Writing the Security Features User's Guide for Trusted Systems Turquiose Book NCSC-TG-027 A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems Violet Book NCSC-TG-028 Assessing Controlled Access Protection Blue Book NCSC-TG-029 Introduction to Certification and Accreditation Light Pink Book NCSC-TG-030 A Guide to Understanding Covert Channel Analysis of Trusted Systems C1 Technical Report-001 Computer Viruses: Prevention, Detection, and Treatment *C Technical Report 79-91 *Integrity in Automated Information Systems *C Technical Report 39-92 *The Design and Evaluation of INFOSEC systems: The Computer Security *Contributions to the Composition Discussion NTISSAM COMPUSEC/1-87 Advisory Memorandum on Office Automation Security Guideline -- You can get your own free copy of any or all of the books by writing or calling: INFOSEC Awareness Division ATTN: X711/IAOC Fort George G. Meade, MD 20755-6000 Barbara Keller (410) 766-8729 If you ask to be put on the mailing list, you'll get a copy of each new book as it comes out (typically a couple a year). [* == I have not personally seen this book] [+ == I have not personally seen this book, and I believe it may not] [ be available] Section D: 2600 ~~~~~~~~~~~~~~~ 01. What is alt.2600? Alt.2600 is a Usenet newsgroup for discussion of material relating to 2600 Magazine, the hacker quarterly. It is NOT for the Atari 2600 game machine. Len@netsys.com created the group on Emmanuel Goldstein's recommendation. Emmanuel is the editor/publisher of 2600 Magazine. Following the barrage of postings about the Atari machine to alt.2600, an alt.atari.2600 was created to divert all of the atari traffic from alt.2600. Atari 2600 people are advised to hie over to rec.games.video.classic. 02. What does "2600" mean? 2600Hz was a tone that was used by early phone phreaks (or phreakers) in the 80's, and some currently. If the tone was sent down the line at the proper time, one could get away with all sorts of fun stuff. A note from Emmanuel Goldstein: "The Atari 2600 has NOTHING to do with blue boxes or telephones or the 2600 hertz tone. The 2600 hertz tone was simply the first step towards exploring the network. If you were successful at getting a toll call to drop, then billing would stop at that point but there would be billing for the number already dialed up until the point of seizure. 800 numbers and long distance information were both free in the past and records of who called what were either non-existent or very obscure with regards to these numbers. This, naturally, made them more popular than numbers that showed up on a bill, even if it was only for a minute. Today, many 800 numbers go overseas, which provides a quick and free way into another country's phone system which may be more open for exploration." 03. Are there on-line versions of 2600 available? No. 04. I can't find 2600 at any bookstores. What can I do? Subscribe. Or, let 2600 know via the subscription address that you think 2600 should be in the bookstore. Be sure to include the bookstores name and address. 05. Why does 2600 cost more to subscribe to than to buy at a newsstand? A note from Emmanuel Goldstein: We've been selling 2600 at the same newsstand price ($4) since 1988 and we hope to keep it at that price for as long as we can get away with it. At the same time, $21 is about the right price to cover subscriber costs, including postage and record keeping, etc. People who subscribe don't have to worry about finding an issue someplace, they tend to get issues several weeks before the newsstands get them, and they can take out free ads in the 2600 Marketplace. This is not uncommon in the publishing industry. The NY Times, for example, costs $156.50 at the newsstands, and $234.75 delivered to your door. Section E: Phrack Magazine ~~~~~~~~~~~~~~~~~~~~~~~~~~ 01. What Is Phrack Magazine? Phrack Magazine is one of the longest running electronic-based publications in the world. Originally founded in 1985 by Knight Lightning and Taran King, it has survived several incarnations of editors and still remains true to its underground roots. Since its inception, Phrack has been providing the hacker community with information on operating systems, networking technologies and telephony, as well as relaying human interest features of interest to the international computer underground. During its lifetime, Phrack has always been at the center of controversy. Since the magazine has always been openly available, it presented law enforcement officials with what they percieved to be a direct link into the secret society of computer hackers. Not truly understnding either the the spirit of the magazine or the community for which it was written, Federal Agents and Prosecutors began to target Phrack Magazine and those affiliated with it. "The Hacker Crackdown" by Bruce Sterling relays the details surrounding some of these events. Phrack Magazine is now in its 10th year of publication, and is registered with the Library of Congress as ISSN 1068-1035, and is protected by US Copyright Law. 02. How can I reach Phrack Magazine? You can reach Phrack by email at: phrack@well.com, phrack@fc.net or phrackmag@aol.com. These addresses are listed in order of preference. Only AOL users should email the phrackmag@aol.com. Phrack can be reached by the postal service at: Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 03. Who Publishes Phrack? Phrack Magazine is published by Chris Goggans, aka Erik Bloodaxe. It is hobbled together, touched up, spell checked and compressed on an overworked 486-66. It is then ftp'ed over to a BSDI UNIX machine where it is sent to the masses. 04. How Often Does Phrack Go Out? Phrack goes out roughly quarterly. It is often sent out later than every three months due to other more demanding obligations faced by its editor. The regularity of Phrack is really based upon the amount of information sent in. Phrack depends solely upon submissions to get published at all. 05. How Do I Subscribe? To subscribe to Phrack magazine, merely email phrack@well.com and ask to be placed on the mailing list. Any encrypted subscriptions requests will be ignored. Phrack will not accept subscription requests from any anonymous remailers or from sites in the fidonet domain. The anonymous remailers consistently bounce our mailings causing a big headache, so we won't use them. The fidonet domain administrators have asked us not to mail Phrack to fido users, because of the huge load it places on their outgoing spools (costing them a lot of money to send). 06. Why Don't I Get Any Response When I E-mail Phrack? Because of the high volume of mail sent to the Phrack email address, not everyone gets a response. All subscription requests are saved and added to the master list, but there is no automatic reply. All other messages are responded to as they are read, with the exception of PGP'd messages. All PGP'd email is stored for later decryption, and is almost never responded to, unless it is incredibly urgent. 07. Does Phrack Cost Money? Phrack Magazine charges a registration fee of $100.00 per user for any professional use of the magazine and the information contained therein. Information regarding this registration fee is contained at the beginning of every issue of Phrack. 08. How Can I Submit Articles? Articles are both wanted and needed. Phrack only exists if people write for it. There is no regular writing staff, there is only the editor, who cannot write the entire thing himself. Articles can be sent to Phrack via email or snailmail (on paper or IBM-compatible diskette). Articles should be in ASCII text format. Do not include any clever graphics or ANSI art. You can use Phrack's PGP key to encrypt articles, but send the files in the ASCII armor format. Please try to avoid sending files as MIME-compliant mail attachments. 09. What Is Phrack's PGP Key? -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAizMHvgAAAEEAJuIW5snS6e567/34+nkSA9cn2BHFIJLfBm3m0EYHFLB0wEP Y/CIJ5NfcP00R+7AteFgFIhu9NrKNJtrq0ZMAOmiqUWkSzSRLpwecFso8QvBB+yk Dk9BF57GftqM5zesJHqO9hjUlVlnRqYFT49vcMFTvT7krR9Gj6R4oxgb1CldAAUR tBRwaHJhY2tAd2VsbC5zZi5jYS51cw== =evjv -----END PGP PUBLIC KEY BLOCK----- 10. Where Can I Get Back Issues? Back issues of Phrack are found on many bulletin boards around the globe. The only OFFICIAL Phrack Magazine distribution site is our ftp archive at ftp.fc.net in /pub/phrack. There are NO official distribution sites other than this one, nor will there ever be. We don't want to play favorites and let one particular BBS call itself an "official" site while another isn't. Therefore, there will be no "official" sites except those archived by Phrack itself. You can also get back issues on the World Wide Web by connecting to: http://www.fc.net/phrack.html This URL allows users to view issues online, or pull them down for later viewing. Any users without net access can send diskettes and postage to the Phrack Postal Address given above, and request back issues to be sent via the postal system. Section F: Miscellaneous ~~~~~~~~~~~~~~~~~~~~~~~~ 01. What does XXX stand for? TLA Three Letter Acronym ACL Access Control List PIN Personal Identification Number TCB Trusted Computing Base ALRU Automatic Line Record Update AN Associated Number ARSB Automated Repair Service Bureau ATH Abbreviated Trouble History BOC Bell Operating Company BOR Basic Output Report BOSS Business Office Servicing System CA Cable COE Central Office Equipment COSMOS Computer System for Main Frame Operations CMC Construction Maintenance Center CNID Calling Number IDentification CO Central Office COCOT Customer Owned Coin Operated Telephone CRSAB Centralized Repair Service Answering Bureau DDD Direct Distance Dialing ECC Enter Cable Change LD Long Distance LMOS Loop Maintenance Operations System MLT Mechanized Loop Testing NPA Numbering Plan Area POTS Plain Old Telephone Service RBOC Regional Bell Operating Company RSB Repair Service Bureau SS Special Service TAS Telephone Answering Service TH Trouble History TREAT Trouble Report Evaluation and Analysis Tool LOD Legion of Doom HFC Hell Fire Club TNO The New Order ACiD Ansi Creators in Demand CCi Cybercrime International FLT Fairlight iCE Insane Creators Enterprise iNC International Network of Crackers NTA The Nocturnal Trading Alliance PDX Paradox PE Public Enemy PSY Psychose QTX Quartex RZR Razor (1911) S!P Supr!se Productions TDT The Dream Team THG The Humble Guys THP The Hill People TRSI Tristar Red Sector Inc. UUDW Union of United Death Workers 02. How do I determine if I have a valid credit card number? Credit cards use the Luhn Check Digit Algorithm. The main purpose of this algorithm is to catch data entry errors, but it does double duty here as a weak security tool. For a card with an even number of digits, double every odd numbered digit and subtract 9 if the product is greater than 9. Add up all the even digits as well as the doubled-odd digits, and the result must be a multiple of 10 or it's not a valid card. If the card has an odd number of digits, perform the same addition doubling the even numbered digits instead. 03. What bank issued this credit card? 1033 Manufacturers Hanover Trust 1035 Citibank 1263 Chemical Bank 1665 Chase Manhattan 4024 Bank of America 4128 Citicorp 4209 New Era Bank 4302 HHBC 4310 Imperial Savings 4313 MBNA 4317 California Federal 5282 Wells Fargo 5424 Citibank 5410 Wells Fargo 5432 Bank of New York 6017 MBNA 04. What are the ethics of hacking? An excerpt from: Hackers: Heroes of the Computer Revolution by Steven Levy Access to computers -- and anything which might teach you something about the way the world works -- should be unlimited and total. Always yield to the Hands-On imperative. All information should be free. Mistrust Authority. Promote Decentralization. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position. You can create art and beauty on a computer. Computers can change your life for the better. 04. Where can I get a copy of the alt.2600/#hack FAQ? Get it on FTP at: rahul.net /pub/lps rtfm.mit.edu /pub/usenet-by-group/alt.2600 ftp.clark.net /pub/jcase Get it on the World Wide Web at: http://dfw.net/~aleph1 http://www.engin.umich.edu/~jgotts/hack-faq.html http://www.phantom.com/~king Get it from these BBS's: Hacker's Haven (303)343-4053 EOT