This publication is dedicated to all of those before us who built the foundation for the hackers of the world to xpress themselves openly and without prejudice. While we attempt to continue in our quest to obta in knowledge and understanding, we invite you , the reade r, to join in and share any thoughts you may have regarding the magazine, hacking, life , work and anything else that you feel is important enough to be shared. We're not going to knock anyone down for ask ing questions or ridicule the steadfast elitist folks who believe that knowledge should not be shared. We belie ve knowledge should in fact be shared with one another, no matter how trivial the information may appear to be. After all, knowledge is power. Think back to the way it was, when hacke rs st uck together and had a good time. An amusing time when hackers shared their stories of exploration and ultima te conquest. A wondrous time when hackers were considered the good guys and looked up to by those no t fortunate enough to understand the technology around them . A simple time when a hackers harmless efforts gained a new understanding of technology issues an d the praise from their peers and superiors alike. That time can still be NOW. Hackers of the world unite and exercise your freedom to disseminate informationl ISSN 1082-2216 Copyrig ht 1983-2005 by Syntel Vista, Inc. All opinions and views expressed in Blacklisted! 411 Magazine are those of the writers of the articles, and do not necessarily reflect the views or opinions of any Syntel Vista, lnc. staff members or it's editors. All rights reserved. No part of this material may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written.permission of Syntel Vista, Inc. Blacklistedl411 Magazine P.O. Box 2506 Cypress CA , 90630 9035768ABBAJ BVJ B-002 2 DBBL 0 1,07 ,32 ,41,52 PRINTED IN THE UNITED STATES OF AMERICA Doc Salvage Neuromancer ECSC Doc Jones oleBuzzard Line Tech Dark Tangent Alaric DEFCON Short Circuit Freaky Mingle Blackwave The Goldfinger Irvine Underground E. Coli Consumertronics Group 42 Wizguru SWAT Greyhawk Trash-OOX Sprett, Doule-O-Jake The Underground Mac Ender Wiggin Bobeeve TechnoHeap German GI Electronics Big Dog Lucky225 Skippy Avatar ....and a few ANONYMOUS people 4 - Introduction 33 - Hacking the XMDirect Cable 5 - Letter from the editor 35 - The Hacker Chronicles Part III 6 - Letters and Comments 38 - What the Hell is a Baud Anyways? 8 - DoS Attacks: Instigation and Mitigation 40 - Cyber Extortion and Blackmail 10 - Caller 10 Spoofing 44 - A New Style for Windows XP 14 - Using Limited Resources 45 - Securing Grub 19 - Electronic Surveillance Part 3 50 - Interview with a Hacker 28 - Review Corner 53 - Black Market [Marketplace Classifieds] 3Q • Vigilante Social Engineering 58 - Monthly Meetings How to Contact us : Distribution and Sales: Blacklisted! 411 Magazine Blacklisted! 411 Distribution P.O. Box 2506 P.O. Box 2506, Cypress, CA 90630 Cypress, CA90630 Email: sales@blacklisted411.net Subscriptions: Advertising: $20 U.S., $24 Canada, $35 Foreign Blacklisted! 411 Advertising Check or Money Order (U.S. Funds only) P.O. Box 2506, Cypress, CA 90630 Email: advertising@blacklisted411.net Articles: Blacklisted! 411 Articles P.O. Box 2506, Cypress, CA 90630 World Wide Web: (Include name & address-we PA Y for articles) Website: http://www.blacklisted411 .net Store: , http://store.blacklisted411.net Forums: http://www.bI411forums.com Blacklisted! 411 introduction for those ofyou who are new ..... Who we are... and were .•• chief), Zack Blackstone, felt it was time to revive the Blacklisted! 411 concept, but this time do it as a print magazine. It was The question often arises on the subject of, "How did it all start?" extremely difficult to get started because the group was no more. in reference to our magazine and it's history. In response to this He was the only one of the original group members remaining popular question, here is a quick history lesson of Blacklisted! that had an interest in bringing the hacker group and magazine 411 magazine, including names, dates and little known facts alive again. With some money, will to make it happen, and with which have, thus far, been hidden away for years... the help of some top of the line (at the time) computer gear and Blacklisted 411 magazine dates back to October 1983 with a page layout software Blacklisted! 411 was reborn. Blacklisted! group of friends from a Southern California high school that 411 Volume 1, Issue 1 was released in January 1994. shared a common interest. We were all into our Atari computers, Blacklisted! 411 was finally BACK. The Issues were released Commodore computers, electronics, sciences, arcade games, monthly and distribution was small. After a year passed, it was etc. We buill projects, hacked into this n' that, came up with decided to try a quarterly format in an effort to increase grand ideas and tried to make them into some sort of reality. The distribution. During that year Zack managed to get in contact group started a monthly hackers "disk magazine" (an early form with many of the old group members and they are now active of what is now known as an e-zine) called "Blacklisted 411, the staff members once again. hackers monthly". This may sound strange today but circulating In 1999, we published what was to be our last issue of information on disk was the best way to get it out without all the Blacklisted! 411 (Volume 5, Issue 4) for many years to come. cool toys of today. We didn't have the internet to send it out, and We didn't know it at the time, but many pitfalls would ultimately no one had printers that could print anything other than plain text cause the demise of the magazine. After 4 years of regrouping (and didn't even do that well). With a disk based system we and planning, Blacklisted! 411 magazine is back in print form could send text files, primitive graphicslpictures, and utilities again. We are one of the oldest group of hackers still remaining more easily and it could be copied by anyone who had a and releasing gathered and compiled information within the compatible computer. At our peak we distributed 150 disk copies hacker community and the mainstream community as well. Weof the disk magazine, though there is no way to still have the same hacker mentality and code of ethics from the know how many were copied by others. 80's. Hackers are not thieves - they're curious people. We are Eventually modems caught on and we began to distribute the not elitist hackers by no means and .rIO question is a stupid monthly via crude BBS systems. Using the power of a question. We're not going to knock you down, call you a "lamer" Commodore 64, we put up a Blacklisted! 411 info site, which "Iamah" or give you crap for being a newbie! Every hacker anyone could log into without handle or password. It was a started somewhere. We remember this most fundamental fact completely open message center. Using X-modem or Punter file and we will never forget it. transfer protocols, you could download the latest Blacklisted! What's Next••• 411 files or readlleave "messages" which later became known as a "message base" and has evolved into what are now Community commonly known as "newsgroup postings" or "forum postings". Over the next few months a lot will be happening. We are We had only one message center, no email capability & only 1 becoming more active in the Hacker Community. As we are phone line. Primitive, indeed. Effective, however. based in the Los Angeles area, we are building relationships with the local Hacker groups such as LA2600, SD2600, Around 1984 we purchased a 9 pin dot matrix printer that could twentythreedotorg, Irvine Underground and more. We will be print basic graphics. We experimented with printing out attending and sponsoring Hacker Conventions and Conferences. copies of the Blacklisted 411 monthly and copying them at the The first being the Layer One Convention, June 12-13, at the LA media center at the high school. The media center staff Airport Westin. We will have a booth at this event where we will graciously allowed us to make these copies free of charge which be selling subscriptions, current and back issues of the was very cool at the time. We'd pass these out at the local "copy magazine, and other swag. We will also be having several meets" (an interesting phenomenon of past times - hordes of "convention only" promotions so look for us there. computer users would meet at a predetermined location and setup their computers with the sole purpose of copying software Magazine Development and exchanging this software with each other). We'd leave a pile A major effort is being made to increase our exposure to the of our magazine copies anywhere we were allowed to do so. Hacking and Information Security Community. Our distribution One popular location was next to the Atari Gauntlet and Gauntlet goals are for the magazine to break 100K copies distributed II arcade games strategically located at 7-11's all over the place. each quarter sometime next year. Based on the demand, and We're only guessing here, but we think people photocopied our orders from distributors we are on the right path. We are seeking copies and then those were photocopied, etc. There's no telling and hiring freelance writers, photographers, and editors to just how many generations of early printouts of Blacklisted! 411 increase the quality and scope of the magazine. Additionally, we monthly made it out there. have people who are actively trying to promote the magazine both inside and outside of our close community. Years went by and Blacklisted! 411 evolved. The short life-span of the printouts was both a great success and a miserable Merchandising I SWAG failure. No matter where we left them, they were taken - and We wish to have a whole series of Blacklisted! 411 themed swag taken quickly! The feedback was awesome in that people and merchandise. This includes stickers, apparel, posters, and wanted more. The interest was very high, but our inability to whatever else our creative minds can come up with. Input, help, meet this growing demand was completely overlooked. We had and direct submissions for this will be accepted and appreciated. to officially pull the plug on the printout experiment and we stuck with electronic files. It was really the easiest way to go. The Charities Blacklisted! 411 info site grew into a 2-line system. This was a Blacklisted ! 411 is run by real people who care about other big deal in 1985. By that time, information was almost things aside from hacking. No, really. In the spirit of helping exclusively passed around by modem (unofficially on paper) and people and organizations outside of our community, Blacklistedl we were still releasing disks at this time. 411 Magazine has officially donated to the local chapter of the Ronald McDonald House charity. After all, children are our June of 1987 marked the end of Blacklisted! 411, the hackers future. Blacklisted! 411 Magazine wholeheartedly supports the monthly . Our last disk based magazine was distributed that Ronald McDonald House mission and their programs. month. Now that all of us were out of high school and onto Additionally, we've donated heavily to the Westminster Parish college, work and the biggerlbetter things in life, nobody had the Festival, specifically with the intent to help support their youth time or inclination to put any effort into the disk based magazine programs and special classes for the mentally and physically anymore. The once thriving Blacklisted! 411 group broke up and handicapped. . people went their separate ways. Naturally, we all assumed this was the end and Blacklisted! 411 would never come back in any If you have questions, comments, articles, ideas, flames, general form. "screw you guyz" messages or wish to offer support in some way, please contact us immediately and let's see what we can In the summer of 1993, one member (and the original editor-in- do. Thanks for your support, hackers! BL411 4 Volume 7 Issue 2 • Spring 2005 Blacklistedl411 Letter from Zachary Blackstone, editor-in-chief. ..•• Welcome to another issue of Blacklisted! 411 Magazine. Yep, it's Calling all writers. We're looking for talented writers who have a that time again. Welcome to the latest edition of Blacklisted! 411 technical background and who would like to write for us. magazine . Due to some issues with the way we were running Blacklisted! 411 has always been known for the type of material things (ie: no real backup plan in place) , we missed distribution of it's provided our readers with, however , lately it has gained a the Winter 2004 issue and this issue (Spring 2005) was severely reputation for more technical articles than that of our counterparts. delayed. I'm happy to report that we're back on track, have In the spirit of trying to maintain that level of recognition, we're disaster plans in place and have both the Winter 2004 and Spring inviting all writers with a solid technical background to submit their 2005 in print. The Winter 2004 issue will be sentout to all sample articles and/or to submit their exclusive material for us to subscriber s as a "freebie" which will not count towards their review and possibly include in an upcoming issue. We are the only subscription. widely distributed "underground" hacking magazine on the planet which actually pays it's writers. Why go elsewhere when we can Our forums (www.blackklisted4 1Iforums.com) are doing well show you the money? despite our lack of presence for the last two seasons. Though , come on people, it could do a lot better. Get on there and post post So, get around to it and inquire ASAP. Make contact through our post like it' s going out of style. We know you're out there, so take contact form available at www.blacklisted41l.com or snail mail a a few minutes from your hacking and make a few posts. And to letter to the editor. . those of you that somehow failed to notice we had a forum, go check out the forums and voice your opinion right now. Pretty Are you an artist? Same as above - we're looking for gi~phic much anything goes.....as long as it' s legal. artists who can supply us with material for use inside (and qOtside) of the magazine as well as on our website, merchandise and the We've hired several new people to help with day to day operations upcoming DVD project. Yes, it's ~ payinggig, too. . which will help keep myself and the editorial staff free to be creative rather than dea l with the boring stuff all businesses have to In fact, if you have anything at all to offer us; swag ideas, put up with. Because of this, we 've been able to look into other merchandis ing, promotional, meetings, layout of the magazine , areas of the magazine, trying to expand the scope of what we have distribution , value added ideas .. ..even things we haven jt even to offer. considered yet, why don 't you give us a buzz. We want to 'keep this magazine fresh and interesting . We've done a great jo~- so f.a~, In fact, we' ve been tossing around the idea of a DVD documentary according to most people who bother to offer an opinion . Ifwe can for Blacklisted ! 411 magazine which would take the viewer on a continue to kick ass, that would be great. So, if you have anYthing tour of our day to day operations and bring into perspective the to offer us, speak up now! We'd really like to hear from you. lives of hackers, how what they do affects the world on a local scale as well as a global scale. We' ve already got a lot of footage Send your stuff to: ready to go, but we're still arranging interviews with many people, so there's no time frame on when the DVD will be done. Though , Blacklisted! 411 Magazine it's a priority, so we'll be putting a lot of effort into making this P.O. Box 2506 happen ASAP. When we're done with the DVD, all current Cypress, CA 90630 subscribers will get the DVD free of charge . Everyone else will be directed where to purchase. Keep your eyes open for this one. Or you can contact us here: We're also thinking about opening up a "lab" which would be http://www.blacklisted411 .net (go to the contact form) accessible to anyone who is interested in getting hands on experience with new technology and old technology, located in one Many people have noted the changes we've made across the board convenient place with an easygoing , laidback atmosphere. In other with the magazine since our comeback with the Winter 200312004 words , a place where we can get together, have a good time and issue. We'll keep reading those comments and apply them where dig into the guts of technology . Our intent is to make it open to the needed. It's good to know that the hard work has not gone public M-F 9-5 with the idea that real hackers would be working unnoticed . Thank s everyone! hand in hand with manufacturers and suppliers to pull apart, test, modify and review technology. Ok, so we have a great issue with some excellent articles which should keep you glued to your seal....for a little while anyway. This idea has been going around and around for some time now and we haven 't been able to get a grip on the specifics, but I just wanted The Goldfinger has supplied us with some really interesting topics, to let all of you know that this is a serious possibility. I would including interviews with various folks and the fringe side of the really like to hear from the readers in case they have any ideas on hacking community. This issue, there's a Q&A interview with this subject or possibly anything tangible to offer in an effort to Lucky225 . He's fairly well known to the community, so no bring this idea to a reality. introduction should be necessary. Additionally , we've made contact with several graphic artists and There's an article on electronic surveillance by M.L. Shannon on manufacturers which has provided us with some solid leads on page 19. It's part three of an ongoing series he's written having SWAG available by Defcon 2005. We'll probably go with exclusively for Blacklisted! 411. It's a good read. shirts, hats and stickers ...you know, the usual crap. Although, I would really like to offer something unusual and exciting. What? I There's info on social engineering, hacking XMDirect cables and have no idea ... ..yet. If you have any cool or unusual ideas for even a bunch of reviews from yours truly. All in all, this is a good branded merchandise , send me a note and let me know what's on issue and I hope all of you enjoy it as much as we do here at the your mind. ' Blacklisted! 411 HQ. ~ .-=-.=.=-=-- I Notes ofinterest: -'- L •• • LJrJI--=---.=.= «Editor I - We're accepting design ideas for SWAG - t-shlrts, baseball caps, bumper stickers, etc • • Deadline on all articles, letters, artwork and ads for Volume 7, Issue 3 is July 14th, 2005. - ALL classified ads are now FREE and are limited to space constraints per Issue. First come, first served. - We're a PAYING MARKET for articles we use! We pay $25-$600 depending on size, quality & use of photos. Blacklistedl411 5 Letters mid comments from our readers 00000 Blacklisted! 411, remotely close, and that's because both in-breed with each other). In a previous incarnation in the 20th century, I wrote an article for Blacklisted411 titled, "The Secret Macintosh" ; as I 3. Ever wonder where cops and federal agents (and recall, all copies I saw printed my article upside-down (true!). corp. security) shop for non-standard badges and such? (Crdit this one to the GAO)... I teach in Thailand all year and summer in Canada: in both places Blacklisted411 is simply not available so I was NICE-LAW ENFORCEMENT SUPPLY delighted to discovered your resurrection during a recent trip (www.nic-inc.com) to NYC. And I was doubly delighted that you are including so many articles for Mac users. I think we were considered State trooper should patches? UN Letterhead? They sell it elitest lamers for far too long! (Dontcha just WANT one?) all. Although , they stopped selling foreign passports (stamped, no less!) after 9/11 . The police-state is effectively in place everywhere . The goal is to fly under the radar. (I learned this the hard way-cost 4. For your readers interested in experimenting with "x-" me two years & I was LUCKY!) If you've been lazy, NOW is boxtype, as well as other fun home electronics...they'll the time to teach yourself PGP and how to use anonymous need these catalogues : remailers. Don't wait until they're at YOUR door! (Believe me, I'm not at all paranoid but that doesn't mean they're not a. Contact East (especially the "proto-boards") after me!) www.contacteast.com b. Jensen Tools (www.jensentools.com) A good example is . mentioned in 6:4. Excellent security, except for the fact that you can be listened Jensen sells telecomm Iinemans hand-sets, ISDN test sets , to by anyone with access to your cell provider, certainly all inductive tone traces, and etc. Why hotwire a network police and government! interfect box when for a mere $450.00 you can use what the tech use? Hushmail, endorsed by Phil Zimmerman , is still tried and c. Tech America (www.techam.com) true-worth a look. For lighter security, check out the (800-442-7221 ) steganography application for Mac OS X called pictEncrypt, sweet. d. Allied Electronics (www.allied.avnet.com) Personally, I'm still looking for some salvaged TEMPEST If you can't find an IC or component one of the above shielding. Any of you divers have any for me? suppliers, usually they'll tell you where to go for the surplus or Spike discontinued elements. Routed: Internet 5. For those that absolutely must solder their own kits.. . Hi Spike. It's .good to hear back from you after all these years. We try to cater to every aspect of the hacking Electronics Rainbow Inc. community which is why we've included several MAC related (www.rainbowkits.com) articles over the last few issues. Unfortunately, no MAC articles made it into this issue. It's a shame, but there aren't 6. A subscription to "Amateur Radio: Communications too many writers who specialize in this area of interest. and Technology" (a CO pub) and the back issues on disk is another MUST for those who can't resist Thank you for your comments and suggestions for our pissing off the FCC and other feds. (cq-amateur-radio. readers. If you'd like to send over something for print, go for com) The March '05 issue should still be around ("CO it. We'll hook you up with a comp sub. VHF/UHF" is just as good). Thanks again for writing. 7. For great Linux code, "Linux Journal" has it's back issues available to subscribers . Blacklisted! 411, Anyway, I'll leave it to your discretion what's worth including. Keep up the good work and good luck. Hey guys...! ran across Volume 6 Issue 4 at Borders and nearly pissed. Great to see there's still rugged individuals P.S. "High Speed Digital Design" A Handbook of Black who refuse to go corp ... Magic" by Howard Johnson & Martin Graham ISBN 0-13- 395724-1 Sorry for the handwritten letter, but...well, you can probably guess (no, I'm not in the pen!), I wanted to throw you some ACXScott resources that you might want to pass on to your readers if Routed: Snail mall you haven't already... Hey ACXScott. Thanks for the tips. We're well aware of 1. Not all Feds are your enemies. In fact , the absolutely many of the tips, but you can bet that most of this is news to BEST on-line resource for infrastructure , security, many new readers. As for tools, Contact East and Jensen signals, and etc.. Is none other than the U.S. Tools are the best! In addition to the companies you listed in Governments OWN auditors! Swing over to the #4, I would like to mention the following places to round off "General Accounting Office" (Now: "Government your selection: Unaccountability Office") at GAO.GOV, and browse through the archives. You won't be sorry. Parts Express (800)338-0531 2. For your readers that are hard core coders, fuck http://www.parts-express.com Berkley and fuck MIT. If anyone can find a more comprehensive library of algorithms than at the NIST MCM Electronics site, have them send me proof and I'll give 'em $5.00 (800)543-4330 Cash. The NIST (national Institution for Standards and http://www.mcmelectronics.com Technology) library is priceless (probably only IEEE is 6 Volume 7 Issue 2 - Spring 2005 Blacklisted I 411 Jameco Electronics / Blacklisted! 411, (800)831-4242 http://www .jameco.com In regards to the info Lint requested in Volume 6 Issue 4: I used to work for the company that manufactured the BART JDR Microdev ices cards, along with cards and tickets from transportation (800)538-5000 systems all over the world. Unless they have changed in the http://www.jdr.com last five years or so the BART cards are Low Coercivity, 300 Oersted. The 0.25 inch magnetic stripe is applied directly to BG Micro the card extruded from a slurry of magnetic "ink" that we (800)276 -2206 manufactured ourselves. Our job in production was to apply http://www .bgmicro.com the stripe in the correct position and to the specified electrical properties which we tested by writing a signal to samples and Mouser Electronics reading back the return on a digital scope. There were many (800)346-6873 other parameters to deal with making for a hair pulling http://www.mouser.com experience. These contract jobs are offered by a sealed bidding process, so what's made by one company today may JGL Components be made by another next time around. The manufacturers of (408)980-1100 the equipment the tickets are used in design and quote the http://www.jglcomponents.com specifications of the product and it is up to the supplier to deliver cards that meet or exceed the specs. Hope this helps. We 've done business with all of these sources and fully recommend each and every one of them. Of course , we Dark Purpose have many more resources on tap, but these few will cover Routed: Internet most hackers needs. If you need something specific and you 're having a difficult time locating it, contact us. We 'll be Thanks for the information . I'm sure someone will find this of glad to help. use. Blacklisted! 411, Blacklisted! 411, I am a new reader of your magazine. Although I have been in I think you should give free copies of your magazine to the Hacker community since 1998, I found your mag right libraries. It is a great way to spread your message and next to 2600 and I for the first time in a few years decided information. I would be willing to pan an extra 10-50 cents an that I wanted to try something different. Any ways I saw your issue to see this happen and it would probably boost sales call for photos and I was what time of photos you were with the new publicity. Great job on 6:4 and kudos to the looking for and even more importantly what type of photos people who submitted articles. you would compensate for. I have some photography skills and a lot of spare time. Ringo K. Fluidicslave Routed: Snail mail Routed: Internet This is something that Blacklisted! 411 Magazine already Hello and thank you for your interest in supporting does. Given, we 're not in every single library in existence, Blacklisted! 411 Magaz ine. We're interested in anything at all but we exhaust an enormous amount of gratis copies of each that has to do with hacking. Pictures of people using issue to various institutions, one of which are many libraries compute rs, utility poles , phone booths , interesting sights , both in state and out of state. If you are the point of contact trade shows , hacker meetings, unusual equipment, etc. This for a library and you wish to get your free copies, please answ er goes for anyone interested in helping us out with contact us and provide us with your address and identifying photographs, artwork, articles, letters, etc. Simply get on information . We'll be happy to hook you up. Additionally , we over to our website at www.blacklisted411.net and go to the give out a free care package to all hacker groups as each contact form. Send us your information there and someone new issue comes out. If you can send us a verifiable contact will contact you right away. If you 're afraid of direct contact , for your hacker group , we 'll get you setup. send it to us through the snail mail. We 'll get it. WWW.HACKERSHOMEPAGE.COM • MAGNETIC STRIPE READERSIWRITERS • GAMBLING MACHINE JACKPOTTERS .• VENDING MACHINE DEFEATERS • KEYSTROKE LOGGERS • SMARTCARD LOADERS • LOCKPICKS OUR 8T H YEAR IN BUSINESS (407)650-2830 Blacklisted! 411 Volume 7 Issue 2 . Spring 2005 7 DoS Attacks: Instigation and Mitigation During the release of a new software product specialized to track spam, ACME Software Inc noticed that there was not as much traffic as they hoped to receive. During further investigation, they found that they could not view their own website. At that moment, the VP of sales received a call from the company's broker stating that ACME Software Inc stock fell 4 point due to lack of confidence. Several states away, spammers didn't like the idea of lower profit margins do to an easy to install spam blocking software so they thought they would fight back. Earlier that day, they took control of hundreds of compromised computers and used them as DoS zombies to attack ACME Software Inc's Internet servers in a vicious act of cyber assault. During an emergency press conference the next morning, ACME Software Inc's CIa announced his resignation as a result of a several million dollar corporate loss. Scenarios like the one above happen a more than people think and are more costly than most will admit. Denial of Service (DoS) attacks are designed to deplete the resources of a target computer system in an attempt to take a node off line by crashing or overloading it. Distributed Denial of Service (DDoS) is a DoS attack that is engaged by many different locations. The most common DDoS attacks are instigated through viruses or zombie machines. There are many reasons that DoS attacks are executed, and most of them are out of malicious intent. DoS attacks are almost impossible to prevent if you are singled out as a target. It's difficult to distinguish the difference between a legitimate packet and one used for a DoS attack. The purpose of this article is to give the reader with basic network knowledge a better understanding of the challenges presented by Denial ofService attacks, how they work, and ways to protect systems and networks from them. Instigation Spoofing - Falsifying an Internet address (known as spoofing) is the method an attacker uses to fake an IP address. This is used to reroute traffic to a target network node or used to deceive a server into identifying the attacker as a legitimate node. When most of us think of this approach of hacking, we think of someone in another city essentially becoming you. The way TCPIIP is designed, the only way a criminal hacker or cracker can take over your Internet identity in this fashion is to blind spoof. This means that the impostor knows exactly what responses to send to a port, but will not get the corresponding response since the traffic is routed to the original system. If the spoofing is designed around a DoS attack, the internal address becomes the victim. Spoofing is used in most of the well-known DoS attacks. Many attackers will start a DoS attack to drop a node from the network so they can take over the IP address of that device. lP Hijacking is the main method used when attacking a secured network or attempting other attacks like the Man in the Middle attack. SYN Flood» Attackers send a series of SYN requests to a target (victim). The target sends a SYN ACK in response and waits for an ACK to come back to complete the session set up. Instead of responding with an ACK, the attacker responds with another SYN to open up a new connection. This causes the connection queues and memory buffer to fill up, thereby denying service to legitimate TCP users. At this time, the attacker can hijack the system's IP address if that is the end goal. Spoofing the "source" IP address when sending a SYN flood will not only cover the offender's tracks, but is also a method of attack in itself. SYN Floods are the most commonly used DoS in viruses and are easy to write. See http://www.infosecprofessionals.comlcode/synflood.c.txt Smurf Attack - Smurf and Fraggle attacks are the easiest to prevent. A perpetrator sends a large number of ICMP echo (ping) traffic at lP broadcast addresses, using a fake source address. The "source" or spoofed address will be flooded with simultaneous replies (See CERT Advisory: CA-1998-01). This can be prevented by simply blocking broadcast traffic from remote network sources using access control lists. Fraggle Attack - This types of attack is the same as a Smurf attack except using UDP instead ifTCP. By sending UDP echo (ping) traffic to IP broadcast addresses, the systems on the network will all respond to the spoofed address and affect the target system. This is a simple rewrite of the Smurf code. This can be prevented by simply blocking broadcast traffic from remote IP address. Ping of Death - An attacker sends illegitimate ICMP (ping) packets larger than 65,536 bytes to a system with the intention of crashing it These attacks have been outdated since the days ofNT4 and Win95. Teardrop - Otherwise known as an IP fragmentation attack, this DoS attack targets systems that are running Windows NT 4.0, Win95, Linux up to 2.0.32. Like the Ping of Death, the Teardrop is no longer effective. Land This attack alters the TCP SYN traffic with the source address being the same as the target IP address. This causes an "implosion" « of sorts and causes the system to lock up. Most new systems are immune to this type of DoS. 8 Volume 7 Issue 2 - Spring 2005 Blacklisted I 411 Resource starvation - Th is method is the same as the name suggests . You simply send enough traffic to the target that the server starts to deny resources to legitimate requests . A simple resource starvation attack can be perpetrated by an army of zombies that open a socket connection on the target server and leave it open until the connection time s out. The goal is to open more connections in a faster period of time then the server will release them. A crude example of this DoS attack is to open up a telnet connection on port 80 (tel net target.server.com 80) and then start another session as soon as the first is open . If thousands of systems were to do this at the same time , the attack would not only be impossible to stop , but very effective. Unlike a SYN flood , this traffic is seen as valid since the three-way handshake of SYN-SYN/ACK-ACK has been completed. Ping flooding - Another type of resource starvation attack , a ping flood causes congestion to occur on the target by sending ICMP echo request. Mail Bombs - These can be done by sending a large amount of emails to an email server, thus backing up the server and creating a situation to deny legitimate email traffic through . Rum plestiltskin attack - is an email reconnaissance method that creates an involuntary DoS attack while developing a database of valid mail addresses used in spamming attacks . Many of the new Internet worms are using this to collect targets for spam engines. DNS DoS - This is another attack that is self explanatory. This Denial of Service attack targets a DNS server by altering the DNS redirection scheme. For example, target.server.com would point to 192.168.1.1, but an attacker alters this data to reflect 192.168 .2.1. This would prevent regul ar traffic from reaching the real server at 192.168 .1.1. Application Attack » These are DoS attacks that involve exploiting an application vulnerability causing the target program to crash or restart the system. Kazaa and Morphcus have a known flaw that will allow an attacker to con sume all available bandwidth without being logged. See http.t/www .infosecprofessionals.com/code/kazaa.pl.txt Microsoft's lIS 5 SSL also has an easy way to exploit vulnerability. Most exploits like these are easy to find on the Internet and can be copied and pasted as working code. There are thousands of exploits that can be used to DoS a target system /application. See hnp i//www: infosecprofessionals.com/code/lIS5SSL. c. txt Black Angel's Cisco global exploiter has several Cisco router attacks including several Denial of Service attacks that can help you test vulnerabilities in your Cisco lOS . Viruses, Worms, and Antivirus - Yes, Antivirus. Too many cases where the antivirus configuration is wrong or the wrong edition is installed. This lack of foresight causes an unintentional DDoS attack on the network by taking up valuable CPU resources and bandwidth. Viruses and worms also cause DDoS attacks by the nature of how they spread . Some purposefully attack an individual target after a system has been infected. The Blaster worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135 is a great example of this. Thc Blaster targeted Micro soft's windows update site by initiating a SYN FLOOD. Because of this , Microsoft decided to no longer resolve the DNS for 'windowsupdate.com'. DoS attacks are impossible to stop. However , there are things you can do to mitigate potential damages they may cause to your environment. The main thing to remember is that you always need to keep up-to-date on the newest threats . M itigation Antivirus software - Installing antivirus software with the latest virus definitions can help prev ent a system from becoming a DoS zombie. Now, more then ever , this is an important feature that you must have. With lawsuits so prevalent, not having the proper protection can leave you open for downstream liability. Software updates - Keep your software up to date at all times . This includes antivirus, emai l clients, and network servers. You also nee d to keep all network Operating Systems installed with the latest security patches. Microsoft has done a great job with making these patches available for their Windows distributions. Linux has been said to be more secure, but the patches are less easy to come by. However, SELinux (the NSA's addition to the Linux community) is a great addition to ay Fedora compile. This will give Mandatory Access Control (MAC) capabilities to the Linux community. Network protection - Using a combination of firewalls and Intrusion Detection Systems (IDS) can cut down on suspicious traffic and can make the difference between logged annoyance and your job . Firewalls should be set to deny all traffic that is not specifically designed to pass through. Integrating IDS will warn you when strange traffic is present on your network. This will assist you in finding and stopping attacks. Security is not as mystical as people believe . DoS attacks come in many different types and can be devastating if you don't take the proper precautions. Keep up to date and take steps to secure network nodes . Keeping security in mind can minimize damages, downtime, and save your career. Resources Security Resources Black Angels: http ://www.blackangels.itl Cisco : http://www.cisco .com Microsoft: http ://www.microsoft.comltechnetlsecurity/current.aspx Forum of Incident Response and Security Teams: http ://www.first.orgl SANS Institute : http ://www .sans .orglresources/ Blacklistedl 411 Volume 7 Issue 2 . Spring 2005 9 cRLLE,.. Id SPooF Inc:. By The Goldfinger In this article I will attempt to shine some light on caller 10 and ANI spoofing and some of the ways its being done. To be sure there are hackers out there that have a much more in-depth knowledge of the mechanics, but often this technical knowledge is complex, and quite frankly, boring to read. Therefore, I will present it to you, our knowledge- seeking readers in such a way that you won 't start drooling as your eyes glaze over in boredom ...which is what kind of happened to me while researching this article. j/k Ok, lets take a look at what caller 10 spoofing is in its most simple terms. When spoofing the phone you 're calling, it appears you're actually calling from a phone number of your own choosing. In other words, you could pick the number that you want to appear on the recipients phone like pi(3141592653), or some fake movie style number that ends in 5555, then there ' s the always popular call from Satan (666-666-6666). Whatever you want the number to be, spoof it so. Spoof it, spo of it good! *ahem* Sorry, ok, back to spoofing an such. I guess to really understand what's going on here you have to have some background information . Lets start with ANI. ANI stands for Automatic Number Identification and it's a feature that transmits a directory number or what they call a BTN, or Billing Telephone Number to be obtained automatically. In this case, your number is sent to wherever you are calling to automatically . This feature cannot be blocked, like Caller 10 can. ANI can be spoofed though , despite what many telco technicians would say to the contrary. Apparently, spoofing is nothing new, its just becoming more publicized and brought to the layman's attention. We'll come back to this in a minute...but first lets read what the media has to say about all this spoofing stuff. The New York Times printed a interesting article on Sept 2, 2004 called, "Software Service Aims to Outfox Caller 10". The article was about a California company called Star38, www.star38.com , that is offering a commercial version of this spoofing technology . For 19.99 a month and as little as 7 cents a minute you can log into their site and type the number you want to call and the number you want to appear on the caller 10 screen of the recipient's phone. For an extra fee, you can add a name to that. Bill collectors and their ilk are salivating at the idea. The service will let collection agencies and others avoid breaking laws that prohibit them from using phony phone numbers when they try to collect money. Jason Jepson, founder and CEO of the Star38 service says they will provide them with a legitimate phone number--but one that can't be associated with the actual caller. "We are providing collection agencies with another option," Jepson says. "Our service will comple tely document each call, including how long it took, when it was made, and data like that." The service costs $20 per month, plus 7 to 10 cents per minute for phone charges . Before you get your hopes up about signing up for this service and getting your phreak on, allow me to bust your bubble. First off, its not available to us. Its only available to collection agencies, private investigators, and law- enforcement personnel, according to Jepson . "This is not for public use," he says. On second thought, that's probably a good thing. Privacy rights advocates wonder how long before angry, disgruntled ex-spouses, stalkers, and fraud artists catch on and use these services to do malicious and nefarious deeds. I wonder as well. Imagine all the havoc you could wreak if you were so inclined? Those are legitimate concerns. "Some people see caller 10 as an invasion of their privacy, while others see it as a protection of their privacy," says Robert Atkinson, Director policy research at the Institute for Tele-Information at Columbia University . "Its spy vs. spy." True enough. Just making or receiving a phone call is no simple matter these days. There are definite pro's and con's to this technology. The issue is pretty much divided , with just about everyone weighing in on the issue. The FCC says there is nothing illegal, per se, in the Star38 system. According to them, the agency's rules require only that telephone companies provide caller 10 abilities and the ability to block caller 10. The rules say nothing about add-on services like Star38 provided by commercial companies . Loretta M. Lynch, a member of the California Public Utilities Commission worries that, "People will not trust what their phones tell them. It will spell the end of caller 10 as a way for people to protect their privacy." "This is solving a problem that caller ID created," said Mark Rotenberg , executive director of the Electronic Privacy Information Center www.epic .org in Washington . "Most people thought of caller 10 as a net privacy loss, but this technology may help customers recapture some privacy." Others say caller 10 spoofing is no different and no better or worse than other telecom technology that have allowed people to mask their identities or locations. 10 Volume 7 Issue 2 - Spring 2005 Blacklisted I 411 For years people have used pay phones to hide their whereabouts, and some companies like Hop-on now sell disposable cell phones that have X amount of minutes and can be discarded afterwards. Btw, those phones are pretty cool and some of them really have a lot of features, plus you can reload minutes if you want, for more info on disposable celly's peep www.hop-on.com Okas i was saying, everyone has an opinion on this, so heres my 2 cents. At first I thought, "oh yea, this is gonna be dope", then when I realized it wasn't gonna be commercially available I was bummed. Then after researching this article and hearing what everyone on both sides of the fence had to say, I've refined my opinion. The technology itself is not bad, its just new technology. How it is used is the issue. After re- framing, I decided that it's a good thing that's its not available to everyone. While you or I might like to use it to mess with our friends and family, some others might be using it to bamboozle people or set them up to be jacked or worse. So I thought it was a good thing to limit its availability. Other than that, I see nothing inherently wrong with it. As for Star38, when the article dropped, there was quite a bit of publicity and many more articles popped up about spoofing and that company. There was even an article I can't find now that said the CEO changed his mind, due to numerous threats he had received, and was going to sell the company. Something about hiring bodyguards and hiding out in his gated community or something along those lines, don't quote me on that, but after a quick visit to the website, it looks like they are up and running and open for business. It also appears they canned the whole idea for making the service available to collection agencies (ha ha) and PI's. Its only available now strictly to law enforcement. That was probably the best bet and a quick way to end all the hassles and drama, at least if you were in Jepsons shoes. So what's thefuture ofcaller ID you ask? ( Heres an excerpt right off their site.) What about the future of caller ID? The future of caller ID is safe. The Star38 service is for agencies that are looking for people that have broken the law. The average person does not fall into this category, hence they can still trust their caller ID. Unless you've got something to hide from, there's nothing to worry about. It is important to note, as stated above - that our service is not for consumers, it is specialized for law enforcement agencies. Now the Man is the only one that has access to caller ID spoofing...well, at least if the Man goes thru Star38 because he doesn't have any hacker friends. Now lets get back to the in's and out's of spoofing and whatnot. An inquiring fellow by the name of Eric wondered if this particular spoofing system will modify your ANI? Most services for 800's and 911 (E911) capture your info using ANI, not caller ID and ANI is harder to spoof. Word on the street is ANI info is normally sent by the originating equipment. Caller ID is only accurate when you have a single line to the switch, basically just residential and small commercial customers. Any business with a T-l or or ISDN connection through their PBX to the CO (i.e. any business with more than 12 lines or so, depending on tariff) can generate any caller ID string they want. Thanks to some guy that goes by the chick magnet handle DV Henkel- Wallace for that info. Now, lets get down to what you guys really wanna know about. The Underground Mac (UGM) is a site dedicated to providing macintosh users with all their hacking, Security, and Messaging needs. The site is was made to help the macintosh underground community which has risen and fallen over the years, and provide a good place for knowledge and tools. The site has grown and adapted to the community and is now one of the largest mac underground sites. The site has also grown a lot, it went from a small site to an enormous site with many sections and hundreds of megabytes in tools. This site also opened the doors for the network it is now a part of and made It possible for many other great sites to rise. Ugm has expanded and helped the community greatly, and It will continue to do so and continue to grow as long as it is around. It was started by me (Spratt-> but Is now the work of quite a few people and all of It's content is made by great programmers which also playa huge role in the site. Blacklisted! 411 Volume 7 Issue 2 . Spring 2005 How to spoof caller ID! We will cover 2 methods, Orangeboxing, and Social Engineering your way into it. Both of these methods are courtesy of a hacker dOOd named Lucky225. This kid seems to know his sh*t so I'mjust gonna grip his tactics and present them to youz guys. Go on and test them out, cuz I just don't have the dam time. I'm rappin, I'm kidnappin people out here in Detroit, and I'm writing for this illustrious magazine so as you can see I have a full plate. Go on and test these methods, and if they don't work, complain to Lucky225, not me! JIk. Lets start with Orangeboxing... (excerpts from his site) "Orangeboxing is Caller ID signal emulation through the use of a bell 202 modem, sound card software. or a recording ofa Caller ID transmission. Orangeboxing is not very effective because you have to send the signal AFTER the caller has answered their phone. However through the magic ofsocial engineering you could have one friend call a number and pretend he has reached a wrong number while sending a Callwaiting Caller ID signal fooling the victim into believing he is receiving another incoming call from the name and number spoofed and when the victim "flashes over" have your friend hand you the phone nand continue with your social engineer." And here's the Social Engineering part... "This method for spoofing Caller ID is social engineering a Telus operator to do it for you. I stumbled upon this method when I was testing out a theory. In my previous 2600 article about spoofing ANI through AT&T I mentioned something known as the 710 trick. This was a method ofmaking collect calls that the called party wouldn't be billed for. The way the 710 trick worked in the past was you'd op divert to BOO-call-att and give the operator a 710 number as where you are calling from and have her place a collect call to the number you want to call. The called party would never get a bill because 710 is a non-existent area code. AT&T does it's billing rates by where the call is being NOTICE: 1** BLACKLISTED! 411 FORUMS ONLINE ** I Blacklisted! 411 magazine is pleased to announce that our long awaited message forum is now officially open for business. Please visit our forum located at the following URL: WWW.BLACKLISTED411.NET CLICK THE FORUMS LINK ON THE NAV BAR Blacklisted! 411 magazine is committed to offering both the advanced as well as the newbie hacker a common place to exchange ideas and to discuss hacking, phreaking, technology and community news. Our hope and intention is to help bring the wide-spread hacker community closer together for a common goal to learn and to experience. Enjoy! 12 Volume 7 Issue 2 - Spring 2005 Blacklistedl411 p lacedfrom and to and because you used a 710 number there were undetermined rates. 1 was testing to see if the 710 trick also worked with a canadian phone company called Telus. After testing it out my friend in canada dialed *69 and it read back the 710 number 1 gave the operator, this is how 1 discovered Caller 1D spoofing was possible throug h Telus and 1 began to come up with a social engineer to get them to p lace a call for me without selecting a billing method. 1 now know that it is also possib le to spoofANI through Telus. Telus' toll-jree "dial-around" is 800-646-0000, by simply calling this number with an ANI-ja il you can give the operator any number as where you are callingfrom. As of January 2003, Telus can now place calls to many toll free numbers and the CPN will show up as whatever number you say you're calling from. So by simply causing an ANI-jail to Telus dial-around service you can spoof Caller ID to anyone you want to call, not only that if the person you are calling is in the same area as the number yo u are spoofing, the NAME and number shows lip on the caller ID display. To cause an ANI fail to Telus all you have to do is op-divert to 800-646-0000 or dial 10-10-288-0 and touch tone 800 -646-0000 when AT&T comes on the line. You can social engineer the Telus operator to place "test calls "for you which is afree call with no billing, you simply tell the Telus operator at the beginning of the call that yo u are a "Telus technician" calling from [number to spoof} and need her to place a "Test call" to [number to call). The socia l engineer p retext looks like this: You pic k up the phone. at dialtone 10102880 AT&T Auto mated Operator: "AT&T, to p lace a call" Touch tone 800-646-0000 AT&T Auto mated Operator: "Thank you for using AT&T" Telus: This is the Telus operator, Lisa speaking. (or, This is the telus operator, what number are you calli ngfrom?) You: Hi Lisa, This is the Telus technician, you sho uld see an ANI failure on your screen, I'm calling from [number to spoof} 1 need you to place a test call to [number to call] Telus: Thank you from Telus What just happened was AT&T sent an ANI fail to Telus, you told the operator to key in your new numb er calling from. Telus then places the call and uses the number you gave as both ANI and CALLER ID! NOTE about spoofing ANI to Toll freee numbers: Not all US toll free numbers are accessable from Canadian trunks. so even though you are spoofing a US number the call will not be able to be routed through Telus. Of course , the social engineer will p robab ly become ineffective soon, though l've demonstrated it at H2K2 in July 2002 and it's now 2003 and is still working . The spoofed caller ID also shows up on collect calls(though 1 think you can only call people in Canada collect with this service), third party billing (would you accept a third party bill call if the caller ID said your girlfriends number and the op said she was the one placing the call? :)) . and calling card calls, so you could even legitamatily spoof Caller ID if you had a Telus calling card, however the rates are pretty expensive, though you can get one if you have Telus as your local phone company or if you live outside Canada you can pay with a credit card (you need a Canada billing address thoughl}, call 1-800-308-2222 to order one." If I didn't mentio n before, and 1 did, Lucky225, who can be found at his cool ass site www.verizonfears.com, is the hacker that provided this information, and you can even go to his site and find out a lot more about this subject. To spoof or not to spoof?... that is the questi on ... Th e answer can be found within. Look to your phone, is it calling you? The Goldfinger is also known as Detroits only Octopus-wearing rapper; Mr.Scrillion aka Adam Thick, Mastermind behind Extremekidnapping. The Goldfinger has more than a decade of underground knowledge and experience under his belt, a former social engineering hacker, and when not Rapping & Kidnapping, he is scouring the underground, the black market, keeping his ear to the streets for the rawest and most up to date insider information available. Visit www.scrillion.com & www.extremekidnapping.com Coming Soon! www.lapdanceolympics.com Holla at him > goldfinger@voyager.net Electronics Inventory Online COMPUTERS EIO Is a versatile elec tronics surplus source SURPLUS C IT Y associating Information with the distribution of electron ic s , compute r and optical materials . We have implemented Interactive via e-mail, technical forums on Liquid Crystal Displays, Charge Couple Devices, Stepper Motors, Lasers, Laser Light Shows, Mlcrocontrollers, Holography, Fiber Optics, Electro-Optics and EIO Products with many more forums to come . We boldly supply links to competitors, revealing alternate and additional sources of surplus electronics, along with provid ing a rich listing of Information on events (tr ade shows, swap meets, conferences , etc .) and resources such as web sites, magazines, newsgroups, and informati on of Interes t to the technologically Inclined. Be sure to check us out at: www.eio.com Electronics Inventory Online 1243 W. 134th Street, Gardena, CA 90247 TEL: (877)-746-7346 (310)324-8861 Blacklisted! 411 Volume 7 Issue 2 • Spring 2005 13 cusgCNG ~CV\gCJ'(Ecn ~SOCUCl\CCES CfladdnB without a rear computer, ~ introduction into the hacker phreaker community. By BrainPhreak The Beginning: In about 1986 I got my first Commodore 64 computer, my uncle who I never really knew , found out I had a PC and I guess he must have been into pirat ing because he sent me two boxes of games and printing applications. There must have been 200 S" floppies .. with tons of games and apps on each. ··Remember "Jumpman", "Marble Madness", "Summer Games", "Print Shop?" I know Commodore came out much earlier.. but I was pretty damn poor. I found the manuals and read them all, I have always been into gett ing the most out of everything I own . Didn't get new toys often so must take advantage... Soon I learned that I could make own games or programs . It had examples etc. I had never even heard of programm ing, I was only 7-8 , but I knew commands.. load "." ,8,1 I saw that this programming was just a series of commands at that very same prompt. I spent HOURS programming every print statement known to man for a demo program listed. I finally finished it and then it RAN!. "It worked! Amazing! But that's it?!! What the #$@! It took all day! I only saw a ball bounce off the edges of my screen ." I never programmed again for years .. I only played games and tried my best to get the best quality prints , impossible with the classic printer I had .. Later on it broke down and I was without a computer, but I had things like Nintendo, Sega etc. now , so no big deal. YEARS LATER: The Sega Genesis came out, I was the last to get it since I had to save every penny from school lunches. BUT it was the best when I finally got it!! I was introduced to hardware upgrades and expansion! I wanted to get the most out of the money I spent, so I didn 't buy the super Nintendo, it was WAAY expensive. The Sega CD came oulll! was MUCH lower than any core system, just attach it to the existing sega genesis, and can even play CD's! I didn't even have a CD player .. and video CO'SI Never even heard of them! No console I ever seen took CD's at that point. Then soon came the "Sega channel"! 30 games a month at your fingertips! Subscribed through the cable system, kind of like the internet. Sega is really always ahead of their time if you ask me... anyways .. Later I got the 32x, and I was playing a 32bit system "with" COROM before the Playstation was even out! (which is also 32bit) When the Saturn was released I lined up, I had been saving every dollar. Unfortunately it advertised a 32 system .. I already had that.. So I read about all the options and in a magazine it said it was actually two 32 bit processors making it "virtual 64" . I also read that the new system N64 was really only two 32bit processors also! So this in essence would be better than the first 64bit N64 system! It has a COROM! And much cheaper! That shows Sega's bad advertising... they could have said 64bit and got more sales like N64. Then the magic happened .. I learned that you could go online with a Saga Saturn with a new product called the "Netlink". The net was a mysterious place I had heard about only on TV in countless commercials. "www dot what?" When I had my original Commodore they started advert ising connecting online to get games! I tried but would only get to a form requ iring a credit card. I just gave up on "quantum link", my mom didn't even have a credit card.. People also had told me that on computers you can "download" games to play. FREE GAMESI No need to buy all the expensive console games anymorel I never seen a modern computer onl ine. I heard you can obtain pictures of anything and even talk to people from anywherel So being an artist and a huge fan of games, I HAD to get the netlink to have more inspiration, things to do and draw . No need for the HUGELY expens ive PC that I could never afford. I also read it was like a library at your home . Look up anything! I HAD to get online ... MY AWAKENING: I finally got the netlink and went online where I could find all the info I wanted, needed, or even stuff I never knew existed! Like hack info... I looked up everything .. I mean EVERYTHINGI I was the true definition of a "web surfer" . I soon learned I could not save ANYTHING, I was at the mercy of other websites, when one was erased or temporarily down my bookmarks to my favorite images were now dead ... I couldn't see the art anymore and only hoped I could find it searching again. There were no games I could download unless I had windows ... no java even . My dreams of replacing the PC with the Sega was not exactly what I expected .. 14 Volume 7 Issue 2 • Spring 2005 Blacklistedl411 I started going to online chatrooms. Sega didn't have IRC, so these were html web chatrooms ... I was amazed you can communicate with people in other countries without long distance charges! I noticed some of the more popular people were writing in color at times, it was like a secret to everyone. I finally convinced one of them to teach me how, he showed me my first HTML lags ... Hey Guy! "WOW! My text is red! Amazing!" Later I saw him use a frame around his text. This I found out was HTML tables . Each time he did something I always asked him and begged to leam how. Finally he told me about www.htmlgoodies.com where I can learn ALL about web pages and HTML, the web and how it works etc. It was GREAT! I learned I could make my OWN web page. I didn't have to worry about servers going down. I can finally store my own files! I can create my own online artistic place of expression AND "ANYONE" can get to it from "ANYWHERE" in the world! "III make the Ozzy Osbourne, M.C. Escher art, HTML tutorial, blah blah blah blah." webpage.. The best page on the net... And best of all it wasn't like the old print statements I learned when I was younger .. Instant embedded images, links to cool places and anything I want. Instant gratification. I already saw what HTML can do in the chatroom, now I learned how powerful it was for a webpage . The guy on the web was using Linux, I didn't understand what that was anyways ... I just finally recently saw windows at school. He told me where I was dialing from etc. by using traceroute, whois, nslookup etc. I asked how he did all his tricks each time. He told me since he knew I couldn't do them anyways, I had no way to do these cool things like ping, traceroute etc. not with HTML. Not with a Sega.. I was now limited... and of course HAD to find a way.... FINDING MY WAY: I read all about ping and LinuxiUnix and the Unix shell. But I couldn't get a shell on a Sega... I was basically just imagining having a shell... having a computer . just writing down notes.. Then, as I was learning about ping, traceroute etc. The win- nuke bug/exploit came out. (bugtraq id 2010) As most of you know, when W in-Nuke came out everyone and their mother was downloading nukers and knocking people offline.. It was the "thing" to do in chatrooms when someone pissed you off , or to show power. Power trippin' script kiddies .. I however couldn't download anything like a program... maybe make webpages but thaI's it. No interactive WINNUKE program. I couldn't run ANY program... I did however learn I was immune to this allack though! Winnuke wont kill a Segal This was great! I was invincible! I was fascinated that you can knock a user offline using a simple script, a simple flaw. I also noticed a few times the entire chatroom would go blank. Or all text would be red. From programming my web page I knew this was due to someone not closing their HTML tags. I had of course made this mistake more than once. I was interested to see you could manipulate the entire chatroom in this way. One flaw can mess up the whole room. I was really gelling to know HTML by then, there was no cut and paste on Sega so I knew it all by heart. Fluent. I decided to try to mess with the chatroom one day by entering a