_.,ñ'ø`'ñ,._.,ñ ñ,._.,ñ'ø`'ñ,._.,ñ ñ,._.,ñ'ø`'ñ,._.,ñ'ø`'ñ,._.,ñ'ø`'ñ,_ ôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôô ôôô õõõ `øõõõ .õõõõõ `øõõõ ,õõõõõ õõõõõ õõõ õõõ '``""""^%,_`øõ"""""""''``""""^%,__`ø_.,a#õø''``` ` õõõõõ õõõ õõõ ôa, ôôôa, `ôôôa, ôôôôô' ôaôôô ôôôôô ôôô ôôô ôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôô ôôô õõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõ õõõ õõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõõõ õõõ õõõ ôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôôôô ôôô ôôô ôôô ôôôôô ôôôôô ôôôôô ` ````ø"""""""""ø'''' ' õõõ õõõ õõõ õõõõõ õõõõõ õõõõõ õõõõõ .ôôõõõ `ø' õõõ `"øýü--üýø"`"øýü--üýø"`"øýü--üýø"`"øýü--üýø"`"øýü--üýø"`"ø ø"' sekwence/mimic .----------------------------------------------------------------------------. | System Failure: Issue #16-FINAL (05/03/1999) | | http://www.sysfail.org/ | | [sysfail@sysfail.org] | `----------------------------------------------------------------------------' THERE IS NO MATRIX ONLY SPOONS. <- took the green pill. .----------------------------------------------------------------------------. | CONTENTS | | SysInfoTrade by SysFail Staff | | Goodbye by SysFail and Friends | | Amateur Radio License Restructuring by Pinguino | | The DaemonLinux Project by Saint skullY the Dazed | | The Iridium System by Spee | | Hackers and the Government by Gwonk | | Freedom of Speech and the Internet by SlapAyoda | | The Definitive Guide to PC Security Systems by Syphon Siege and Phett | | RDF Primer by Secret Squirrel | `----------------------------------------------------------------------------' <-------+ | SysInfoTrade +----------------> staff@sysfail.org FBI FOCUSES ON TECHNOLOGY "Technology will impact more directly on law enforcement than on most sectors of our government," FBI director Louis Freeh said in a CNN interview. Among the requested improvments are a $58.8 million budget for an Information Sharing Initiative. This will get the feds special off-the-shelf software designed to let investigators share case-files at the whim of a few keystrokes. In the computer crime arena, 79 new computer forensic examiners are being hired and trained. They want $5.34 million to develop a Federal Convicted Offenders DNA database. Finally, a staff of 89 people for the National Instant Background Check System (aimed towards gun buyers, but could be used for other purposes). EBAY HACKED Mach 13, 1999. A hacker by the nick of MagicFX gave a demonstration on computer security, where he took down web auction giant, ebay.com. He still, to this day, has root on their network, which consists of Windows, BSD, and solaris machines. According to Forbes, MagicFX guessed a user password and once inside, used an exploit to get root. He also dropped a keystroke logger onto one machine. original article: http://www.forbes.com/tool/html/99/mar/0319/side1.htm mirror of hacked site: http://www.attrition.org/mirror/attrition/ebay.com SEND AN EXPERIMENT INTO SPACE NASA is offering a one cm cube space on the Mars Surveyor Lander mission (April 10, 2001). To get your experiment on, you need to win a contest. It has to be self-contained, and the results in view of the shuttle's camera. No living matter. Contest rules and forms are at: http://planetary.org/ ERICSSON AND QUALCOMM AGREE ON WIRELESS STANDARD Qualcomm's CDMA technology is expected to be the backbone for the next generation of wireless communications. The focus will be on delivery of voice, data, AND video. In this deal, Swedish based Ericsson will acquire Qualcomm's research centers in San Diego and Boulder. AOL INFECTS NETSCAPE AOL bought Netscape for about $10billion in mid-March. They're cutting 20% of Netscape's staff. An interesting aspect of this is that AOL has a deal with Microsoft. In exchange for a start bar spot on systems sold with win98 installed, AOL will push Internet Explorer through America Online. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Goodbye by SysFail and Friends =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ####################### Logic Box (logic@sysfail.org) ######################## Well, this is it. I said it wouldn't happen, and I assured everyone we were alive and well. We aren't. You have before you the final issue of System Failure. A number of factors have brought about our decision to retire the group. My own personal dilemmas, which I will not comment on, played a large part in my initial suggestion to retire System Failure. More importantly, we have decided that the group simply lacks direction. Some of us just aren't focused enough on what we need to be focused on. I don't completely want to see us retire, but as skullY said, I don't want to see us go down in flames either. Personally, I would rather we exit gracefully while we still can. I can't speak for all of us, but for me, System Failure has always been about friends. My fellow members are my family. Most of us have deep personal bonds between one another. Producing the zine has also shown me that there are people out there who really care about what we're doing, and they did their part in helping us. I wholeheartedly thank everyone who has ever contributed anything to System Failure. I would also like to thank all our readers. We wouldn't have survived without you, either. We're all still here. You can still come say hi to us on IRC, or e-mail us, as usual. We're just not System Failure anymore. If you'd like to contact us, come to EFnet or e-mail us at these addresses: logicbox (logic@geekbox.net) pinguino (pinguino@onix.net) Mr_Sonik (sonik@clipper.net) skullY (skully@onix.net) spee (spee@onix.net) barkode (barkode@geekbox.net) With that, I bid you all farewell. It's been a good two years. ############################################################################## ###################### Pinguino (pinguino@sysfail.org) ####################### I write this in a swirl of emotions; SysFail has become a part of my life and I do not want to let it go. However, Penguin Palace will be taking over the functions of System Failure; a sect by the name of LineShift created to oversee the creative ends of our digital projects. SysFail may be gone, but each member, each contributer, and each reader, will pass the knowledge along. Teach others, for it is the best way to retain what you have taught yourself. In this, the legacy of SysFail shall live on. My heart breaks to see SysFail go; this has been the most successful creation I've ever had a hand in. The friends I've made through the zine I will treasure forever. DefCon.. stories I shall retell endlessly. Goodbye SysFail.. now another creation that exists only in my personal reality. ############################################################################## ####################### BarKode (barkode@sysfail.org) ######################## I write this at the last minute, just a few minutes before System Failure closes up shop. Well, what can I say. I joined System Failure not planning to stay in it longer than it would take to fix things up. When I was first asked to join, I was very hesitant. The group was pretty much a bunch of kids writing about breaking into bell trucks, but I knew several of the members, and knew they were smarter than that. I'd gone through the phase they were in quite a while back, and I figured if I could help accelerate the process of them growing out of the immature phase they were in, into a more developed, intelligent area of their trades. Joyce (pinguino) being a rather talented artist, Ryan (logicbox) being a *nix ninja, Zach (skullY) the same, Sean (spee) was just downright smart and quick on his feet, and Joe (Mr_Sonik) had his act together already. I figured I'd just push them into writing more techincal articles and focusing on the positive side of their underground-flavored periodical. However, the problem was that System Failure wasn't exactly viewed as a high-quality publication as far as the scene in concerned. I had to decide if I wanted to be associated with this type of material or not, and if it was worth it for me to go in and try to change things. In the end, I chose my friends, and joined SysFail for a while. Soon after, the magazine took a dramatic turn. I had serious discussions with Ryan, who had felt the same way about things for a long time. He didn't like the way the group was headed either, and together we started shaping SysFail into something new. However, in the process of doing so, we realized that maybe System Failure had such a bad start and had gone in the wrong direction, and attracted the wrong crowd for so long, the group should shut down and each member to do their own thing. Near the end, we just didn't have the devotion it took to run this thing. System Failure had been attracting the crowd of script kiddies and downright theives, and once it turned to a technical area, that crowd was baffled as to what the hell we were doing. "Where's the articles about breaking into your RBOC" was something along the lines of an average question to the group. At this point, I had been wanting out of the group for several months. I had told Logic that my work here was done and that the rest of the group should do their own thing. He had convinced me to stay around and help out, but eventually it came down to today. I'll miss feeling like I'm a part of this group. My fellow members are talented in their individual fields, and I think everyone in our circle, as well as our friends, has benefited in the end from the existence of this group. So what exactly does this mean? All it means is that System Failure isn't releasing anymore issues. We're still friends, and will be as long as we can. Joyce lives with me in Hollywood right now, where I'm working in the Motion Picture industry. Ryan and I have been very good friends for several years now and talk every day. Zach moved to California and we hang out pretty often, talk just about every day. Sean I talk to on IRC and have yet to meet, and Joe hopefully I'll see at DefCon this year. We're all still on EFNet all the time, as barkode, pinguino, logicbox, spee, skullY, and Mr_Sonik. Message us anytime, we're all pretty friendly people. On a side note, I'm writing this after getting back from an office party from which I did a bit of drinking, so if I come across in some strange way I won't find out until I read this tomorrow. :) I hope System Failure doesn't completely go away. It's a damn good name for a group, and I wish we could salvage it for something else. I hope the issues (at least the last 5 or so) get archived somewhere so that it's recognized that this group put out some quality work and the name stays around to some extent. Thanks to you all. I hope that somebody, somewhere, learned something good from this. Here is where I sign off from the first generation of System Failure. Who knows? Maybe there will be a second generation... ############################################################################## ####################### SlapAyoda (vader@geekbox.net) ######################## First off, I admit that I'm not the most qualified person to be writing an article like this. I've haven't known the people behind SysFail for the longest, and I certainly don't know them the best. Hell, I've only met one of them in person. I just felt like this was an article I wanted to write, and to hell with anyone who doesn't like it. I've known System Failure and friends for about one and a half years. It doesn't seem like a long time, and it sure doesn't feel like a long time, but when I look back I see how much we've all progressed. If you've ever been in #peng or #system_failure on EFnet, then you probably have somewhat of an idea of who this "we" is that I'm referring to. System Failure is a group of few, but the circle of friends that accompanies SysFail is a large one. Throughout the years we've all changed greatly - for the better. When I look at my old-school #peng logs, I see a much more immature, confused crowd. Today, I think we have all refocused and reorganized our thoughts and views. The childish pranks and "black-hat" nonsense is now gone, and has been replaced with the thirst for knowledge about the things we love - computers. It can be seen in our conversations on IRC. The actual issues of SysFail show even more progress. Articles like "How to Harass over IRC" have disappeared to make way for more thoughtful and relevant articles. Everyone who regularly communicates anywhere finds there own "cliques", but the SysFail crowd is different. While I've gone in other IRC channels to find myself randomly kicked or yelled at by some stupid pricks on a power-trip, #peng and the other channels we've hung out in have been unique. From the moment I first entered #peng, I met people who were nice and knew about the stuff I was interested in. It was because these guys were so nice that I stuck around and eventually became good friends with them. In fact, one of the things I told Logic the first time I ever talked to him was,"Hey, you're a nice guy." The zine itself has always been enjoyable for me. I've learned a great deal about Unix, security, and even electricity. As I've matured, the topics in the zine have matched my personal interests. I've been lucky in that respect. The zine however, is not the most important part, to me, of System Failure. The important part is, fortunately, not going away any time soon. System Failure - the group, will still be on IRC, sitting around like the geeks that they are. The friends of SysFail will still be around, and most of us will be going to Defcon this year. This will be my first Defcon, and I'm looking forward to meeting the people who I've known for so long. But, alas, as the zine that birthed so many great friendships and so many great times fades away, I must bid my goodbye, my farewell to System Failure. ############################################################################## =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Amateur Radio License Restructuring by Pinguino (pinguino@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ham radio is looked upon as an archaic technology practiced by old men in retirement homes. To push amateur radio to new levels of experimentation, the FCC proposed a new liscense structure designed to streamline the current procedures. The overall goal of the reform is to put the future of amateur radio in perspective; unless the bands assigned to amateur radio are better utilized, a risk of losing them to other organizations will remain. Currently, there are six classes of amateur radio liscenses: Novice, Technician, Technician Plus, General, Advanced, and Amateur Extra. These will be streamlined into Class A, B, C, and D. Technicians, who don't have to know morse code, will drop class to D. Novices, Tech Plus, and General will be merged together to form Class C. Advanced will be Class B, and Amateur Extra makes up Class A. The ARRL wanted to make sure that people who already held licenses wouldn't lose their privileges. The Class D test is just a written exam. No morse code, yay! The Class C test has a written part, and 5wpm code. Class C is the entryway to HF privileges. The class B test is a more difficult written test, and 12wpm code. The Class A test is a difficult written exam. The current Novice bands are being reassigned, allowing Classes C, B, and A to receive an increase in phone subbands. A current breakdown of the bands and use can be found here: http://www.arrl.org/field/regulations/bandplan.html The US Amateur Radio Frequency Allocations can be found here: http://www.arrl.org/field/regulations/allocate.html#power "It has become more and more difficult in recent years to justify retaining and defending our spectrum from commercial interests who make some very good arguments as to why they should be allowed to use our spectrum for endeavors that will generate jobs, used advanced telecommunications techniques and put the spectrum to use for commercial purposes, not just for hobby purposes," said ARRL president Rod Stafford (W6ROD) in a letter to the radio community. Ham radio operators use their frequencies for a variety of purposes: casual conversation, contests, experimentation, disaster preparedness, public service, education, and personal achievement. Many acquire vast technical knowledge to expand the distance they are able to communicate. When there's an earthquake, fire, parade, or air show, ham radio operators are on the scene, directing traffic and providing alternate communication methods. These are volunteers who have devoted part of their life to a form of communication that's lasted over 70 years. Enter the stream of ham radio, and put your knowledge to the test by mixing new technology with the old. The FCC is making it easy for anyone to get a ham liscense.. a little electronics and basic ham radio etiquette and you're set. ARRL's Proposal: http://www.arrl.org/news/restructuring/proposal.html FCC's Viewpoint: WT Docket No. 98-143 http://www.arrl.org/news/restructuring/98-143/nprm.html Common Questions and Answers About Ham Radio: Where can I learn more about Ham Radio? http://www.arrl.org/hamradio.html has basic info on ham radio. Also, there is a yearly event called Field Day that you may consider attending. Clubs get points for each radio contact confirmed, and also for showing off their setup to visitors. Usually visitors are taught how to use the radios, and participate in the contest. What's wpm? Words Per Minute, i.e. morse code. Morse code is not needed for a Class D liscense. Where I can take classes for my liscense? Most cities have a ham club. Track yours down, and see if they have a class. Most do. Who does the testing? VECs.. Volunteer Exam Coordinators. There will be 3 VECs at the test. Currently (pre-restructuring), a General can test those lower than him, and up through Amateur Extra.. Amateur Extras can test people into Amateur Extra. For more information, call the ARRL/VEC at 860-594-0300. Where can I get a good ham radio? Try newsgroups. alt.radio.swap is a good start. Post the model you are looking for. I recommend a handheld 2M to start off with. Radio Shack also sells basic ham radios. What's packet radio? With packet radio, you send "packets" of data through radio waves. It can be satelite info, raw data, mail, or messages. It maxes out at 9600 bps. Can we talk to aliens with ham radio? No, but you can talk to astronauts through a special program called SAREX. (Space Amateur Radio Experiment) http://www.gsfc.nasa.gov/sarex/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The DaemonLinux Project by Saint skullY the Dazed (skully@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What's this, you ask? Another Linux project that's probably pointless to anything the average person wants to do? Nope. Unlike the majority of Linux projects, this is one that people should pay attention to, and support. Not because it does something that will immediately be recognizable to most people, but because it gives people a new choice. History ------- In the mid 80's, if you wanted to run a Unix-type operating system, you had to get it from a company such as AT&T. There were no free operating systems at the time. That's why Richard Stallman formed the FSF: to have an operating system that was truly free. Free not only in the sense that you don't have to pay for it, but also free in the sense that along with the program you get the source code. This would allow people to truly own their software, and be able to make changes to it. The FSF's goal was to write a complete operating system based on Unix. This is what's commonly known as GNU (GNU's not Unix). So they set about to write all the standard Unix utilities, (ls, cp, libc, etc.) with the intent of creating a whole operating system. About 5 years after they started this project, they were nearing completion of all the commands, but still had not started on a kernel for this operating system. This was about the time that Linus started on Linux. He originally wrote it just for himself, but someone convinced him to GPL it and contribute it to the FSF. Hence Linux as we know it was born. Flash forward to 1999. Linux is growing exponentially and achieving world- wide popularity. Unfortunately for the FSF, everyone attributes this to Linus, who in actuality contributed less then 10% of the total code in the base OS (don't get me wrong, Linus is a very good guy, and without his kernel Linux as we know it would not exist). The FSF, who contributed the majority of the code needed to boot a minimal system was getting less then they felt they deserved. So they started encouraging (some would say demanded) people to call it GNU/Linux, to give the FSF credit where credit is due. However, at this point in the game, trying to change how millions of people say Linux is tantamount to having people call Disneyland "Eiserville." It's nearly impossible. That's where the DaemonLinux project comes in. Overview -------- The DaemonLinux project was started to replace the GNU utils normally used in Linux with their BSD counterparts. This is to give people an alternative to GNU, and to say, "Hey look, there's a Linux distro that doesn't use GNU code, so therefore Linux is not `GNU/Linux.'" At least, that's what the founders of the project started it for. Personally, I like the idea of the project because I've always preferred BSD utils to GNU utils, but the Linux kernel progresses so much faster then any of the BSD kernels do. Other people working on the project have their own reasons for doing it. But whatever someone's reason for working on the project, it's a good project and one everyone should take note of. What Needs to be Done, and How to Help -------------------------------------- The DaemonLinux project is still in its infancy stage. Work has just begun. Rob Braun (bbraun@sparcy.synack.net) has gotten a bare install finished, and says he will be uploading it somewhere in the next couple days. There's a web page at http://synack.net/daemonlinux/ and a mailing list for discussion of the project. Information for the mailing list is on the web page. You can help with this project in any way you know how. If you know how to code/debug, you can grab the OpenBSD 2.4 source tree and help port what hasn't been ported yet. If you don't know how to code, but still want to help, people are needed for documentation, testing, and other miscellaneous things. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Iridium System by Spee (spee@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Hi and stuff. I'm going to talk about the Iridium System, which is a product of Iridium World Communications, Ltd., based in Bermuda. Included in this article will be details about the Iridium System, information on the technology which makes it work, and information about different devices that work on this system. The Iridium System is a global wireless network, run by 66 satellites and other land based wireless equipment that lets people communicate with telephones and pagers throughout the entire world, no roaming, no out of service areas, just being able to keep in touch 24 hours a day, 7 days a week, wherever you are. Satellites ---------- 66 satellites in the Iridium System provide customers with the first-ever low Earth Orbiting system for wireless phone service. These satellites are close enough to the earth to be able to get signals from handheld devices, such as PDA like the Newton and Palm Pilot, and the signals they receive move overhead and not on cells, like current cellular phones do. Iridium Phones -------------- The phones that are used on the Iridium System communicate directly through the Iridium network. The phones can be used as traditional cellular phones where cellular service is available, or as satellite phones, using the satellite system described above. This provides convenience for people who live in areas where traditional cellular phone service is available. Iridium Pagers -------------- The pagers that are used on the system can, just like some pagers on the market today, receive alphanumeric messages, not anything that special. But, the fact that it can receive messages worldwide, and that it has an international character set, can be of help to businessmen and other individuals who must communicate in many different languages. The batteries in these pagers last about a month. There are many different types of services offered on the Iridium System. Here's the breakdown: * Iridium World Satellite Service This service gives you a direct satellite link for all communications, outgoing and incoming, in poorly covered areas, remote areas, regardless of local equipment. * Iridium World Roaming Service This service lets you roam across multiple wireless protocols, letting you have one phone number for all calls made everywhere on earth, easier for everyone who needs to reach you to remember. * Iridium World Page Service Pretty much self-explanatory, worldwide alphanumeric paging. * Iridium World Calling Card Again, pretty much self-explanatory, lets you make phone calls billed to your Iridium account, pretty much like any other calling card. Frequencies ----------- The Iridium System uses a combination of Frequency Division Multiple Access and Time Division Multiple Access (FDMA/TDMA) signals which work very efficiently in a limited spectrum. The L-Band (1616-1626.5 MHz) is the link that the satellite and Iridium subscriber communicate in, and the Ka-Band (19.4-19.6 GHz downlink, 29.1-29.3 GHz uplink) is the link between the satellite and the earth terminals and gateways. Above, I've given general descriptions about the pagers and phones that are used on the Iridium System. Now I will go into specific pagers and phones that you can use. * Kyocera Multi-Mode Telephone This phone has dual satellite/cellular capability, and it also sports a satellite attachment unit, which weighs about 400g, and with it attached, you have about 100 minutes talk time. In cellular mode, it supports 9600 bps data transfers, with the satellite mode on, it supports 2400 bps data transfers. * Kyocera Satellite-Only Telephone This one is pretty much self-explanatory, this pocket sized phone works only on the Iridium World Satellite Service. It has the same satellite talk time as the Multi-Mode phone, about 100 minutes, has 2400 bps data transfers, and has a 24 hour standby. * Motorola Telephone Motorola makes a phone for use on the Iridium System, which weighs less than .5 kg, and is a cellular/satellite phone, like the Kyocera Multi-Mode Telephone. It switches between different local cell networks by inserting radio cassettes, each with their own different standards. To access the Iridium System, it has a Subscriber Identity Module (SIM) card. This is for security, and prevents anyone from using your phone without proper authorization; it also includes other such personalized telephone features. The Iridium System is a very technologically advanced way of communicating, and some of the technology introduced in it may be used in communication systems of the future. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Hackers and the Government by Gwonk (gwonk@diversion.com) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "All children know it's wrong to break into a neighbor's house or read your best friend's diary. Unfortunately, fewer realize that it's wrong to break into their neighbor's computers and snoop through their computer files." The above quote was attributed to Janet Reno during a press conference in which she talked about the Cybercitizen Partnership, which was formed to deal with promoting "cyberspace ethics" and will help law enforcement track down hackers and crackers alike. The full story from the AP had some of the most outrageous quotes in it, old lawmakers trying to understand computers and the Internet. "We cannot allow cyberspace to become the Wild West of the information age." "A decade ago, cybercrime and cyberterrorism didn't really exist outside of Hollywood movies. Today, they are very real threats." Both quotes attributed to Janet Reno. Are these people just silly? Hollywood invented "cybercrime and cyberterrorism?" Seems to me that Hollywood just capitalized on the activities of other people as usual. Wasn't "War Games" written in 1983? It would be pretty difficult to just pull a concept of cyberterrorism out of the air. What is cyberterrorism, anyway? I think when these people sit down to write their legal definitions, they are going to get really confused. This initiative of the government seems to me to be much like the war on drugs. Private businesses and federal agencies will be working hand in hand to try and catch the evil hackers at their nefarious deeds. It will also create a list of computer security experts and resources so that "law enforcement will know where to turn." Just like when the war on drugs began, they are going after the end user, the little guy. Basically, the initiative will be the almighty anti-tigerteam, investigating denial of service attacks and ICMP floods. If these businesses that the government are talking about care about security at all, these are about the only things that will harm them anyway. So, all you script kiddies out there better put all of your DoS attacks away, or the FBI is going to be banging down your door. There is one positive aspect about this, though. Chances are quite good that if you are 13 years old, and the FBI comes to your house because you just DoS'ed Microsoft's routers successfully, chances are you aren't going to ever do that again. Nor would you touch a computer for a few years. All it takes is one run-in with law enforcement, and the crackers-hackers who have not made it very far knowledge-wise will never do anything on the edge of illegal again. If they succeed in what they are trying to accomplish, they might just get the number of people that are interested in hacking to drop dramatically. Deputy Defense Secretary John Hamre was quoted as saying "This Pearl Harbor's going to be different, It's not going to be against Navy ships sitting in a Navy shipyard; it's going to be against commercial infrastructure, and we don't control that. And there's been little progress on that." Although I have to laugh again at the attempt of finding something that cracking-hacking can be related to, I suppose he had a point. But before we get to the actual point, let's take apart that statement for a moment. He is relating computer crime to "Perl Harbor?" Hold on a second. Didn't people die in Perl Harbor? I don't think some person is going to jump off of a building because some hacker read through his diary. I guess this would also be the first time that anyone from the government would actually say aloud that they don't have control of commercial infrastructure, because for as much as we wouldn't want to admit it, they do. Maybe he meant, "We don't have control of the programs and the operating systems that these companies are using to formulate their commercial infrastructure." Because of course, that is the truth. Once this initiative goes through, chances are they are going to setup a web-site. And depending on what firewalls they have up for it, and what OS they are using, my guess is that they aren't going to have to go very far to find their hackers. All they would have to do, theoretically, is look through their own log files with a pen and a piece of paper. But they would have to do it on a daily basis, because sometime, from somewhere, a cracker would get in. And suddenly their webpage would look like; 3y3 h4t3 3v3ry th1nG y0u 4r3 D0iNG t0 Th3 sc3n3!!! The reason for this wouldn't be the OS or the firewalls they are running, it's because they didn't spend any time on security. For all of you government people out there, try doing something that works. Write something called the Cybersecurity Partnership, where government agencies keep up on the most current "exploits and DoS attacks" and maybe even write their own. Then possibly you could talk to companies about them getting hacked, and post your own most current exploits found, and not reveal any source for it. Microsoft wouldn't respond to the hacking community, maybe they would respond to the government. Maybe security of the systems should be the most important thing, because as long as their are computers, there will be crackers and hackers. The more secure all systems become the sooner there wouldn't be any crackers at all. Contrary to government belief, you don't notice the hackers, you notice the crackers. It would soon be thousands of hackers hacking thousands of systems every day. And the crackers would be forced into breaking into their next door neighbor's house, and reading their best friend's diary, because they obviously don't have a sense of ethics in the first place. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Freedom of Speech and the Internet by SlapAyoda (vader@geekbox.net) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "We hold these truths to be self-evident, that all men are created equal; that they are endowed by their Creator with certain inalienable rights; that among these, are life, liberty, and the pursuit of happiness." -- The Declaration of Independence "When people talk of the freedom of writing, speaking or thinking I cannot choose but laugh. No such thing ever existed. No such thing now exists; but I hope it will exist. But it must be hundreds of years after you and I shall write and speak no more." -- John Adams There is an apparent problem in the world today, and it's one that is not often enough addressed. The United States of America has extended its power to a dangerous degree. With the US's current world economic, military, and political dominance, a potentially heinous situation has arisen. History has proven that with power comes corruption, and there is no reason to believe this is not true in the present. Be it the ancient Romans or Greeks, or the modern Chinese, there are many examples that substantiate the claims of greed and corruption associated with politics. In the case of the United States, both US citizens and people residing in other countries have reason to worry. Due to the US's unwritten "Police of the world" policy, it is probable that foreigners will feel the United States' wrath. Also, the government's domain of influence has increased with the acceptance of its international aid. The irony lies in this: America was formed as a rebellion against an over-powerful government, by anti-federalists, and has slowly developed into a government that is more powerful than the one it broke free from. The difference is that America hides its power. Behind the mask of "democracy", a "government for the people", raw power corrodes the delicate machinery of justice. The jaded actions of politicians and the government in whole are obviously influenced by the prospect of gaining power. America even claims that its leaders are chosen by the people, but this is not true. The fact, which most people seem to be unaware of, is that the President of the United States is chosen entirely by Congress. This is not an irate political criticism or bullshit conspiracy theory, this is fact. The popular vote is a mere game, for a few months after the votes are tallied, an electoral college assembles in their state capitals to choose the President. The idea behind it is this: representatives are expected to choose the candidate the citizens of their state have chosen, but they ARE NOT required to. Basically, this means that in actuality, the leader of the United States government is chosen by the government itself. This sphere of influence, of course, extends into the fields of telecommunications and computing. In 1998, a bill called WIPO (The World Intellectual Property Organization) was passed by the Senate and House of Representatives. WIPO is a bill that makes it illegal to reverse-engineer any software, even if you own it, without the expressed permission of the manufacturer. This kind of control is ridiculous. The government is mandating the way you make use of software that you personally own. The idea behind this is that it will eliminate the threat of malicious software manipulation: pirating and exploiting. This, however is an outright false assumption, because without a means of detection, the people who pirate and exploit software will go away unscathed. Those who have made a job for themselves as security consultants and the such, will no longer have a job. Vel0city has written a more in-depth article about WIPO, see System Failure issue 13. In 1996, an act was passed that would and still does create more controversy on the internet than any bill to this date. The Telecommunications Decency Act, a bill that would make it legal for the government to regulate the content of the internet if it found it to be obscene, was protested by many. This bill gave the government the power to fine the offender, imprison him, or both. One of the problems with the bill is that it does not clearly enough describe which material is to be deemed "offense". However, clearly defined or not, the whole concept of the bill goes against the entire idea of "free speech" and "free press" that America believes so strongly in. Could you imagine going to the library to find pages ripped out of the books, and, upon inquiry, finding that the authors of the books are now in a federal prison? This is obviously an affront to the entire nation, and internet users abroad as well. The whole scenario is very congruous to the setting of George Orwell's book, "1984". Which brings us to our next topic... George Orwell, political essayist of the 1930's and 40's, bestowed upon us a work of utter greatness just before his untimely death. A novel, entitled "1984", which is entirely like none other. It is the story of the future, (1984, a distant future to someone writing in the 1940's), and it tells of a government that has developed complete control over its citizens. At the top of the government's hierarchy is "Big Brother", a omnipotent ruler that may or may not exist, depending on the reader's interpretation. The government deploys the use of mind control, thought reading, and torture to acquire the desired behavior of its citizens. A dark and foreboding novel, many regard it as a warning of what is to come. The connection between 1984 and the current state of America today is obvious. Although the extent is not as extreme as Orwell envisioned, the wheels are in motion and the condition is worsening. The extent of America's control is more present now than ever. Today, some rather clever people make references to "Big Brother is watching" or the such, and this is possibly true more than one would think. The FBI has always been known to monitor telephone calls and place "bugs" in the homes of suspects. Though some media, such as movies like "Enemy of the State", take this to an unrealistic extreme, the government does monitor people. There are currently various commendable efforts at promoting freedom in telecommunications and computing. The Electronic Frontier Foundation (www.eff.org), for example, is probably the largest and most productive of these organizations. The EFF has an extremely large base of supporters and is the fourth most linked to site on the internet. That's impressive. However, let us analyze what they have actually accomplished. Has the government stopped passing laws that prohibit and restrict the actions of responsible computer and telephony users? No. In fact, just recently two major bills were passed in The House of Representatives: The Wireless Privacy Enhancement Act, which is awaiting decision in the Senate, and WIPO, which was passed by the Senate and signed by the President. Has the government made even an attempt at repealing the current laws that restrict free speech on the internet? Not at all. This is not to say I don't support the efforts being made. I just believe them to be relatively ineffective. The internet isn't the only medium used to attempt to regulate the power of the United States. Nor is the present the only time in which this regulation has been valued. In fact, the entire founding of this nation was based firmly on the idea of regulated power. In the writing of the constitution, Madison, Adams, Franklin, and Jefferson made sure to include a series of "checks and balances" to keep the government's power separated, thus ensuring no one politician would have substantial control. This is a great thing, and it actually works, except for one minor detail. It seems that the majority of the politicians today have little knowledge about technology, and they all seem to share a special misguidance in regards to "hacking" and "hackers". Their attitudes seem to be often "let's take away this so they can't do harm" or "let's make this illegal so that they can't do this" without regard to the consequences it will have on law-abiding citizens. This is unfortunate, but I doubt it will change. "So, what is the solution to this great problem we face?", you ask. Well, it's not as simple as I'd like it to be. As explained earlier, peaceful protest and work the likes of the EFF does not have the desired effect. Even less effective, however, are acts of terrorism or violent protest. Too often I've seen on the news some poor fool who has taken the initiative to go and harm others or others property in an attempt at getting his side of the story heard. It is not "cool" to make explosives and take out a mailbox because you read about it in your "mad anarchy warez". It is stupid and immature to break things because you don't like how the government works. I personally am not pleased with the current workings of our government, and I take no part in such activities. "Now, I'm confused. You mean there isn't a solution?". Actually, there is one. First off, don't bother contacting your State Representatives or Senators. They don't care. Also, don't react with violence, this will only make your arguments less credible and get you into trouble. Instead, you should protest peacefully when possible (with the small chance of it having effect). Write about how you feel and get it published. If it doesn't work, you can still take comfort in the fact that you made an attempt. The most important thing to do is to be prepared for the worst. Await and embrace the changes the government will confront you with. There will always be opposition to your ideology, and you may as well be prepared for what ever awaits you. Please, feel free to e-mail me your thoughts, whether or not you agree with mine. I'd be pleased to hear your opinions. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Definitive Guide to PC Security Systems by Syphon Siege and Phett (pcsecsys@email.com) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- CONTENTS -------- I. Introduction II. Built-in OS security features III. The importance of a Travel Disk IV. Reviews of security systems V. Conclusion VI. Acknowledgments VII. Contacting the authors VIII. Final Thoughts I. INTRODUCTION In the media today, the most common computer crime stories are about the break-ins using telephone lines. Whether the crime was premeditated or come upon purely by chance, the outline remains the same: Bored teenager, looking for a medium on which to apply his or her skills and knowledge of computers, comes across a corporation or government computer on the Internet or allowing call-in access for employees, and with a little work, breaks into it. The result is always the same, Just looking, No harm done, and the intruder is let off with a slap on the wrist (though in recent years, this has changed CONSIDERABLY). The computer crimes that the media doesn't cover are most often the ones having to do with personal computers. These PC's are often inaccessible by any other means than physical, either by stand-alone, or on a small, private network. These computers are the responsibility of the lessor, who often allows the machines to be used by customers and patrons, in environments such as schools, universities, public libraries, museums, and record-keeping establishments. The lessors are occasionally concerned about allowing open access to these computers, but the chance to flaunt their ability to stay current with the latest technology far outweighs the possibility of destruction. That is when the abuse begins. It might be a wantonly immature and destructive act, such as deleting the config.sys or formatting the hard drive. It might be an amusing and easily reversible act, such as changing the screen saver text from "Welcome to the Buffalo Public Library" to "Help! I'm trapped inside the computer!". Correctable or not, it is still abuse. The provider is then forced to reevaluate its stand on public usage of the computers. There are two solutions to this imbroglio: to disallow usage of the computers altogether, or to devise a solution that would allow sanctioned utilization while keeping the workstation free from inappropriate activities. Thus, with no alternative in mind, the lessor turns to a security system. That is where this paper comes in. Several issues raised by administrators during their search for a suitable security system are the reliability and flexibility of the program. This paper will attempt to point out, for the benefit of hackers and administrators alike, the various strengths and weaknesses of a fair number of security systems on the market. The text will also cover basic security features of personal computer operating systems, focusing on the built-in and pre- installed tools of each. The format of each entry in the review will be as follows: 1) Security system name and version 2) Operating system 3) Manufacturer of security system 4) Contact information for manufacturer 5) Pricing information 6) Defining features of the the system 7) Description of the security implemented 8) Strengths of the security system 9) Weaknesses of the security system 10) Summary The entries will be in alphabetical order, with a full line of equal signs(=) denoting the end of one entry and the beginning of another. Security systems with the same name but differing operating systems will be reviewed as two separate entries. The latest version of each security system will be reviewed, but any largely significant flaws in previous versions will be listed in the Weaknesses portion of the entry. This paper is accurate as of 1/1/99. NOTE ABOUT THE EDITORIAL POSITION OF THIS PAPER: The position of this paper is from a hacker's perspective. The authors are hackers, those individuals who intrude on computers and computer networks for amusement and for the purpose of staying current with the latest software and vulnerabilities. In writing this paper, the authors have attempted to evaluate the integrity of these programs in a professional and business-like sense. In doing so, it is our hope that this paper helps hackers and administrators alike to forward stronger, more secure personal computers, while expressing the notion that information should not be restricted in any way, shape, or form. II. BUILT-IN OS SECURITY FEATURES -- MS-DOS and PC-DOS Almost everyone who has ever used a computer knows of DOS. However, a recent survey shows that only 36 percent of the computer-using population knows how to use DOS proficiently. This paper assumes a basic working knowledge of DOS and its various methods of working with files. Although DOS was originally engineered to be a stand-alone operating system with one concurrent user, several procedures have been created in order to provide slightly tighter security. One procedure is the file attributes. In DOS, a file can have any or all of these attributes: A -- the archive attribute. Used mainly for reference and delimiter for the XCOPY command. R -- the read-only attribute. Files with this attribute set cannot be written to or moved until the permission is removed. H -- the hidden attribute. Files with this attribute set do not show up in normal DIR commands. You must type DIR/AH to show all the hidden files in a directory. S -- the system file attribute. When operating systems are first installed, most files needed for the basic operation of that OS are often tagged with the system attribute, as to prevent moving or alteration. These attributes are set by the DOS command ATTRIB. The format is as follows (assuming C:\> is the prompt): C:\> ATTRIB +A +R +H +S filename(s) The +A toggles the archive attribute on the file, as the +R toggles the read-only attribute, and so on. To remove attributes, the format is as follows: C:\> ATTRIB -A -R -H -S filename(s) Up to four available attributes may be added or removed at one time. The file attributes were not meant to prevent any misuse, only to deter it. Any serious attempts at security require a separate program. However, another simple way to deter misuse is to name files with the ALT-255 character. This character is blank, so it will appear that the file has no name. To do this, you must hold the ALT key while typing 255. You may do this multiple times, but you must remember how many blank characters you typed in, or you won't be able to access the file! Ultimately, we have found that the file attributes in DOS are more of an annoyance than an obstacle. The simple fact remains is that DOS was not engineered for security. DOS does have a provision to prevent a user from cold booting by hitting Shift, F5, or F8 at bootup, though. To enable this, the command "SWITCHES= /N" must be inserted as the first line in the CONFIG.SYS. A user will not be able to interrupt the loading of the CONFIG.SYS. This option has been included in every Microsoft operating system since. -- Microsoft Windows and Windows for Workgroups 3.x Ahhh, Windows. The ease of a GUI and the security you demand, all in one package? Nope. Not even close. Although significantly more graphical and user-friendly than its text-based counterpart (a downfall in the opinion of these authors), Windows has several built-in restrictions that can be invoked to partially secure the workstation. These restrictions are set for the Windows shell Program Manager. The shell Windows uses when it starts up is set in the system.ini file in the Windows directory in the [boot] section of the file. The current shell name is after the "shell=" near the top of the file. The default is "progman.exe" (Program Manager), but you can set this to anything you want, such as File Manager (winfile.exe). The only restrictions, however, are for Program Manager. That in itself is a security hazard, anyone who knows the name of another Windows shell (that is unsecured) can gain full access to the system. Keep a close eye on your system.ini, admins. The Program Manager restrictions are set in progman.ini, and may be typed manually. Just create a new section at the end of the file. They are as follows: [Restrictions] EditLevel=4 NoClose=1 NoFileMenu=1 NoRun=1 NoSaveSettings=1 EditLevel=4 means that any user cannot delete, change, move, or view any program groups' properties. In Level 3 the user can view the group properties. With 2, the user can move the group. With 1, the user can change the group properties. NoClose=1 means that any user cannot exit Program Manager. NoFileMenu=1 means the entire File menu in Program Manager will not be visible. NoRun=1 means the Run command from the File menu will not be visible. NoSaveSettings=1 means that no Program Manager settings will not be saved, no matter what changes are made. Of course, the progman.ini IS in plaintext, and Windows does not protect this file in ANY way, so the Windows 3.x restrictions are a rather poor choice. --Microsoft Windows 95 The "true" 32-bit operating system from Microsoft has already been adopted as the de-facto standard operating system on most newly-shipped computers. This is primarily because of its ease of use and cheery help messages. Windows 95 has a number of built-in restrictions that are accessed through the registry, and may be modified with registry-editing tools (Regedit and Poledit). Some of the restrictive options include: Hiding all icons on the desktop, Removing the Run command from the Start menu, specifying which programs are able to run, as well as many others. A number of the security systems reviewed in this paper use the built-in restrictions as their implementation of security. A user could then employ Regedit or Poledit to disable the security set forth, thus disabling the system. These security options are weak, as you will observe. The more intelligent security systems have their own seperately-coded module, that doesn't employ the built-in restrictions. These are often the security systems that succeed. However, the module only works if it is loaded correctly, and the methods of loading programs on startup in Windows 95 leaves much to be desired. The three main ways a security system can be loaded in Windows 95 are: through the traditional CONFIG.SYS and AUTOEXEC.BAT, through the Startup program group, and through the registry. The CONFIG.SYS and AUTOEXEC.BAT are fairly given, as is the Startup group, but the registry requires a bit of explaining. Windows looks at a series of keys in the registry before it loads Explorer. These keys specify what programs are to be loaded at startup. The names of these keys are Run, RunOnce, RunServices, and RunServicesOnce. The difference between the Runs and the RunServices are that the RunServices load before the network login, and the Runs load after logon. These keys can be accessed in various locations in regedit, or in a graphical interface with poledit. A user could simply remove the keys that load the security system and then reboot Windows. Another significant flaw in Windows 95's security is the Ctrl-Esc flaw. This glitch would allow a user to access the program TASKMAN.EXE, the windows task manager, before EXPLORER.EXE loads. Before the Start Menu or Desktop items appear, hold Control and hit Escape, this will bring up task manager, which in theory would enable a user to run programs before Explorer loads. Also, If the option BootSafe=0 is not present in the MSDOS.SYS, a user could power off the machine while Windows is loading, thus bringing up a message on boot that would allow the user to boot into safe mode. Since safe mode does not process the startup files or registry, a user could then modify these settings and reboot, having the computer under his control. A NOTE ON BIOS AND SECURITY: A major flaw in almost every security system on the market today is the fact that they are unable to protect the floppy drive at bootup. The administrator must set the boot sequence from A: to C: in BIOS manually, a task that many neglect to do. Once we determined that a security system was present on the computer, this would be the first, but NOT the only, method we would try to bypass it with. III. THE IMPORTANCE OF A TRAVEL DISK The importance of a travel disk cannot be understated. A travel disk is basically a disk with various utilities on it that aid in the removal or nullification of PC security. Our respective travel disks have programs that clear CMOS settings, modify registry restrictions, along with many others. The contents of our personal travel disks will now be examined: 95SSCRK.EXE: Windows 95 screen saver password cracker. One of the best we know. ADMIN.ADM: Template file for Poledit. AM.EXE: AMI BIOS cracker. Always useful. AW.COM: Award BIOS cracker. See above. BOSERVE.EXE: The infamous and ever-versatile Back Orifice. DEBUG.EXE: Useful for invalidating CMOS on older machines. DELETE.EXE: Marks a file for deletion, then overwrites it with null bytes to ensure it cannot be recovered. DLLMAN32.EXE: Hands down, the best keystroke recorder for Windows. Written by our friend Luna. F.EXE: Fdisk, renamed for quicker typing. You'd be surprised how many "secure" logons can be defeated with a simple MBR wipe of "fdisk /mbr". NTFSDOS.EXE: The infamous utility that allows users to view the "secure" NT file system. NTFSHLP.VXD: Long filename helper utility for above. P.EXE: Poledit, renamed for quicker typing purposes. One of the most intregal tools in defeating PC security. PKUNZIP.EXE and PKZIP.EXE: Useful for viewing the contents of zip files and compressing files needed to be copied. PWLVIEW.EXE: Displays the contents of password lists. (Dial-Up passwords, shared resources) QPRO200.DLL: Needed by DLLMAN32. STRINGS.EXE: Needed by 95SSCRK. SYS.COM: To restore MBR + system files, and thus, hard drive functionality after a "fdisk /mbr". XCMOS.EXE: One of the best CMOS-clearing programs written. All of these programs can be found on the Internet. Along with these programs, the travel disk should also contain the necessary files for a boot disk (COMMAND.COM, IO.SYS, etc.) With this collection of tools and a good knowledge of PC's, anyone has the capability of removing virtually any security system on the market today. However, we know first-hand that store owners and salesmen do not appreciate disks being put into their floor model computers, so if the need arises to test this paper's methods on one of these machines, please be nonchalant about it. IV. REVIEWS OF SECURITY SYSTEMS NOTE: This paper was written with the idea that the administrator wanted users to have access to the PC's, but not enough to cause any significant and/or irreversible damage. ============================================================================= 1) Security System Name and Version: Cooler 1.0 2) Operating System: Windows 95 3) Manufacturer of Security System: Fortres Grand Corporation 4) Contact Information: Internet: http://www.fortres.com 5) Pricing Information: $20.00 for educational single, $25.00 for commerical single. 6) Defining Features of the System: an icon of a cooler in the tray. 7) Description of Security Implemented: The program uses a self- contained executable to implement the security. With Cooler, the administrator may restrict specific actions in virtually any Windows program. 8) Strengths of the Security System: Technically, there is nothing wrong with Cooler. It was coded quite well. It can be very broad or very specific in its restrictions. The configuration is done through a straightforward, easy to understand GUI interface. 9) Weaknesses of the Security System: The one major fault of Cooler (and many other systems, as you will see) is in the way it is loaded. Since Cooler cannot protect access to the registry, anyone can go in (either with regedit or poledit) and simply delete the key that runs Cooler on startup. 10) Summary: Cooler on its own is a rather weak, yet innovative security system. Paired with its sister program, Fortres 101, however, it could make a very deadly combination, giving administrators precise control over the user's actions. ============================================================================= 1) Security System Name and Version: Crowd Control 1.0 2) Operating System: Windows 95 3) Manufacturer of Security System: Sahalie Software, L.L.C. 4) Contact Information: Internet: http://www.cyber-dyne.com/~sahalie , email: sahalie@cyber-dyne.com 5) Pricing Information: $29.95 for one registered copy 6) Defining Features of the System: an icon showing three people in the tray. 7) Description of Security Implemented: As was discussed in the previous section, the built-in Windows 95 restrictions are the core of this security system. The program uses a cheerful, pleasant interface to allow pre-configured users access while disabling context menus such as Run, Find, and Settings from the Start Menu. It also allows to hide drives in My Computer and Windows Explorer, and to disable access to the DOS prompt. 8) Strengths of the Security System: The interface is very user- friendly, providing for few administrator errors. 9) Weaknesses of the Security System: The entire system is based on the Windows 95 restrictions. It does not protect the boot sequence, and is loaded through the registry after logon (leaving it prey to the Ctrl-Esc flaw). If the administrator does not set all the allowed Windows applications in the Programs tab, anyone can throw a disk with Poledit in the drive and it's over. 10) Summary: Generally, any security program that uses the built-in restrictions of the operating system is flawed, if not just because of the ease of reversibility. This program certainly reinforces that idea. Everything this program does you can do manually, for free. But we wouldn't even bother. ============================================================================= 1) Security System Name and Version: FoolProof For Windows 3.x v3.0 2) Operating System: DOS/Windows 3.x 3) Manufacturer of Security System: SmartStuff Software 4) Contact Information: Internet: http://www.smartstuff.com 5) Pricing Information: $47 for one copy. 6) Defining Features of the System: A small padlock in the upper left hand corner of Program Manager. 7) Description of Security Implemented: A DOS driver is used to enact security. A Windows GUI administration interface is provided. The system has options to restrict program execution, file saving, and the use of "dangerous" DOS commands. 8) Strengths of the Security System: Once the computer has booted, the system is in place securely. The administration GUI has a variety of options for different security configurations. 9) Weaknesses of the Security System: The administration GUI is at times very difficult to understand, as the options are very vague and non-descript. The main flaw in FoolProof is, once again, how it is loaded. If a user were to interrupt the execution of the AUTOEXEC.BAT, he would then have full access to the computer. FoolProof for Windows 3.x has no provision to stop interruption of the AUTOEXEC.BAT, and as a result, a user could remove the line which loads the FoolProof TSR and reboot, having complete control over the system. 10) Summary: Bottom line, FoolProof simply does not accomplish what it proports to do. It can be defeated with, literally, "the oldest trick in the book," and should not even receive a passing glance when choosing a PC security system. ============================================================================== 1) Security System Name and Version: FoolProof For Windows 95/98 3.7 2) Operating System: Windows 95/98 3) Manufacturer of Security System: SmartStuff Software 4) Contact Information: Internet: http://www.smartstuff.com 5) Pricing Information: $99 for one copy. 6) Defining Features of the System: Under normal operation, a little padlock is resident in the tray. However, if the administrator enables the options to obfuscate the presence of FoolProof, there are few apparent features displayed. 7) Description of Security Implemented: FoolProof is loaded in three different locations. One is through the CONFIG.SYS, which is the "Security System Driver." We believe that this driver is loaded only to give the appearance of security being implemented. That way a user would infer that this was the only way that FoolProof was being loaded, and would concentrate all their efforts on modifying the CONFIG.SYS, which cannot be modified while FoolProof is active. Another way is through one of the RunServices, which loads the FoolProof Sweep option, which clears all files saved in unauthorized locations. FoolProof itself is finally loaded as a service through the registry by the driver FPVXD.VXD. The location in the registry where this driver resides is: \\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\FoolProof As for the security itself, it uses mainly Windows restrictions, along with some well known DOS boot protection methods. 8) Strengths of the Security System: The Switch! This might be one of the most innovative novelties we've seen in years! The system itself is considerably less than innovative, using simple Windows and DOS restrictions to enforce security. FoolProof is unobtrusive, however, as it doesn't conflict with programs on the hard drive. 9) Weaknesses of the Security System: Where should we start? As with other, more versatile, less expensive security systems, the problem once again is how the program is loaded. Deceive, conviegle, and obfuscate is fast becoming SmartStuff's corporate motto. A prime example of this is the false "Security System Driver" that is loaded in the CONFIG.SYS, which in reality does nothing. Another demonstration of weakness in FoolProof is the masking options. Apparently, SmartStuff is too scared that if a user discovers what security system is being used, he might find a way to remove their precious FoolProof. The Keylock feature is pathetic, entailing only commands that can be entered manually. The Bootlock feature is even worse, allowing a user to run programs from a floppy, and even disabling the feature itself with a simple "SYS C:". FoolProof itself can be disabled with frightening speed. If a user were to hit CRTL-ALT-DEL as soon as the wallpaper appears, then double click outside of the Close Program dialog box, Task Manager would open, allowing unrestricted access to the computer. From that point, a user could eliminate the means by which FoolProof loads (CONFIG.SYS, various locations in the registry), and restart Windows, with FoolProof not loading and being completely useless. A more unethical user could also remove FoolProof, in a number of more destructive ways. These ways can include: deleting the C:\SSS directory, where FoolProof program resides, as well as deleting system files or even formatting the hard drive. Hmmm. And how much did you pay for that? 10) Summary: While FoolProof has been labeled by SmartStuff as, "THE cross-platform security solution," we have found that the only question is a solution to is the phrase, "What is the most foolish way to waste a hundred dollars?" This pathetic excuse for a security system is ridiculously ineffective, as it relays almost entirely on the built in restrictions of Windows. A custom dialog box here and there poorly provides the illusion that FoolProof itself is providing the restrictions, but the sad truth of the matter is this pitiful software can be removed with the most basic of methods. SmartStuff Software itself is so anal about their trial software, that our recent telephone conversations nearly reached the point of insanity. Prospective programmers take note: This is what *NOT* to do when writing a security system. "Security Solution ?" No, good readers, the only solution FoolProof provides is that of its own demise. ============================================================================= 1) Security System Name and Version: Fortres 101 for Windows 3.x Version 2.51d 2) Operating System: Windows 3.x 3) Manufacturer of Security System: Fortres Grand Corporation 4) Contact Information: Internet: http://www.fortres.com 5) Pricing Information: $49 for one educational copy, $59 for one commercial copy. 6) Defining Features of the System: Funny sounding bleeps when the computer boots. The Fortres Grand Corp. logo flashes in the lower right hand corner of the screen when Program Manager loads. 7) Description of Security Implemented: Fortres 101 uses its own restrictions to enforce security by a TSR loaded in the AUTOEXEC.BAT (FGSA.EXE). The configuration screen is very intuitive, and the options are very thorough. 8) Strengths of the Security System: Once Fortres is active, Program Manager cannot be exited, minimized, or moved. The Run command can be restricted, Program groups cannot be modified, and the files necessary to load Fortres are protected. 9) Weaknesses of the Security System: Other than the obvious boot from floppy, Fortres 101 has a little difficulty dealing with the CHGAT.EXE utility. This program is installed with Fortres, and is intended to be used to remove write- protected files on the hard drive when upgrading. If a user were to run CHGAT -R, despite Fortres' restrictions, all write-protected files on the drive would be reset. A common way to get access to a "command prompt" is through programs like Microsoft Word. Click Help, then About, then System Info. This opens Microsoft System Information, a handy program that allows you to execute programs. Surprisingly, most administrators look right over this. 10) Summary: Fortres 101 for Windows 3.x has few vulnerabilities, mostly because of the functionality of the operating system. ============================================================================= 1) Security System Name and Version: Fortres 101 3.0 for Windows 95 2) Operating System: Windows 95 3) Manufacturer of Security System: Fortres Grand Corporation 4) Contact Information: Internet: http://www.fortres.com 5) Pricing Information: $49 for one educational copy, $59 for one commercial copy. 6) Defining Features of the System: Funny sounding bleeps when the computer boots. The Fortres Grand Corp. logo flashes in the lower right hand corner of the screen when Explorer loads. 7) Description of Security Implemented: Fortres 101 uses its own restrictions to enforce security by a TSR loaded in the AUTOEXEC.BAT (FGSA.EXE). The configuration screen is very intuitive, and the options are very thorough. 8) Strengths of the Security System: Fortres 101 is by far one of the most versatile and solid systems on the market today. The system can be configured to be compatible with any Windows program on the computer. The settings can be imported and exported to provide for easy replication on a group of machines. 9) Weaknesses of the Security System: As with almost any security system, if the administrator misconfigures Fortres, a user could easily disable the security. Also, a programming flaw: If a user were to attempt to overwrite a protected file (such as AUTOEXEC.BAT), then initiate the shut down procedure, Windows would produce an error that it cannot shut down while the Save As dialog box was open. After a user confirmed this message, and attempted to save this file again, the system would accept the change. A similar procedure works when attempting to delete other files (FORTRES.EXE). A system administrator could disable this option, but the process may still be used by running Fortres' own shut down executable, FGCLO.EXE. This executable is included in every Fortres installation, and is located in the C:\FORTRES.101 directory (by default). 10) Summary: Fortres 101 is one of the most commonly used security systems. Despite a few glaring flaws, Fortres still out performs their competitors by far. ============================================================================= 1) Security System Name and Version: Full Armor Zero Administration (FAZAM) 3.7 2) Operating System: Windows 95 3) Manufacturer of Security System: Micah Development 4) Contact Information: Internet: http://www.micah.com 5) Pricing Information: $300 for a three-user minimum license. 6) Defining Features of the System: A little red shield that sits in the tray. 7) Description of Security Implemented: A self-contained executable that loads through the registry after the network logon. The program employs both Windows restrictions and its own security measures. It allows a user to access many of the functions of Windows, but does not give a user permission to modify settings. It can restrict what programs can run on drives A: to Z: . It displays an error message whenever a user tries to perform a forbidden action. 8) Strengths of the Security System: The system is very reliable, and crashes infrequently. The restrictions, if set up properly, can significantly deter the destructive actions of a user. The Configurator interface is user-friendly and straightforward. Most importantly, registry-editing tools (REGEDIT and POLEDIT) can be disabled. 9) Weaknesses of the Security System: The Full Armor loader (ARMPROT.EXE) is loaded through the registry after Windows has initialized, leaving it prey to the Ctrl-Esc flaw. A user could easily hit Ctrl-Esc immediately after the Windows screen has appeared, hit Alt-F, then run a program from a floppy to edit the registry. As long as the program was initialized before Full Armor has completely loaded, the program will finish running, Full Armor will load, and the desktop will appear. (hint: POLEDIT!) Also, if the administrator did not disable the Ctrl-Alt-Del function, a user could employ that method to kill the program immediately and completely. 10) Summary: All together, this security program just doesn't accomplish the task of implementing security. It was written to fill in the cracks of previous versions, and as a result, failed to provide its sole purpose for existence. ============================================================================= 1) Security System Name and Version: Full Control 1.5b 2) Operating System: Windows 95/98 3) Manufacturer of Security System: Bardon Data Systems 4) Contact Information: Internet: http://www.bardon.com 5) Pricing Information: $49.95 for a registered copy. 6) Defining Features of the System: A little eye appears in the tray. 7) Description of Security Implemented: Full Control is loaded through the registry, in HKEY_CURRENT_USER, HKEY_USER, and HKEY_LOCAL_MACHINE Runs. By default, it locks users out of My Computer, Network Neighborhood, and Control Panel. Another option is a feature called rollback. Rollback essentially copies unmodified versions of Windows system files (WIN.INI, SYSTEM.INI, CONFIG.SYS) to their original state. These files can be copied from any location on the hard drive or over a network. 8) Strengths of the Security System: The Rollback feature is useful in certain situations, to deter accidental or intentional damage. The system restores SYSTEM.DAT and USER.DAT on every boot, ensuring that Full Control loads every time Windows does. 9) Weaknesses of the Security System: For one, if a user tries to run Regedit, the window appears, but is immediately followed by a Full Control dialog box asking for the password. Since the Full Control dialog box is not spawned by Regedit, it is a completely different application. So if a user were to click anywhere outside the dialog box, Regedit would still be fully useable. This in itself does not allow a user to disable Full Control, as the registry is restored every time the computer boots. Defeating the Rollback function is a ridiculously easy task. If the "Copy-From" directory is on the hard drive, a user could simply modify those files, and when Windows restarts, the new settings will be in place. If the "Copy-From" directory is on a network drive, a user could remove the network cable from the computer when Windows boots, and modify the files already on the hard drive. You can't copy files over a network if the network doesn't exist! But the most glaring and personally amusing flaw in Full Control lies in the WIN.INI. When an administrator registers Full Control, the registration information is stored in the WIN.INI. If a user were to comment out or delete this information, then restart Windows, a helpful dialog box will magically appear, displaying a useful bit of information: the password. Since the registration information is gone, Full Control assumes it is still a shareware version. Since the shareware version's whole purpose is to elicit orders for the full version, it displays the password in hope that the user would purchase the full version in order to effectively secure a computer. 10) Summary: The name Full Control is rather misleading, for many of the restrictions used are not able to be configured by an administrator. That coupled with the laughable fact that the system can be disabled with two keystrokes and two switches of the power make Full Control an unlikely choice for anyone serious about PC security. ============================================================================= 1) Security System Name and Version: PC Security 3.1 2) Operating System: Windows 3.x 3) Manufacturer of Security System: Tropical Software 4) Contact Information: Internet: http://www.tropsoft.com 5) Pricing Information: $34.95 for a registered copy. 6) Defining Features of the System: A small blinking red light that runs as a minimized program. 7) Description of Security Implemented: The system uses built-in restrictions of Program Manager and its own security module to provide security. This module is loaded through the WIN.INI. 8) Strengths of the Security System: PC Security 3.1 can prevent users from accessing virtually all items (groups, icons) on the Program Manager desktop. Another strength is the System Lock feature, which basically a screen saver which requires a password to gain access to Program Manager. 9) Weaknesses of the Security System: For one, the system doesn't prevent the user from exiting to DOS. Once in DOS, the user has full access to the computer. The program also doesn't provide for boot protection, floppy or boot keys. Those weaknesses in themselves are a reason not to use it, but the program itself is not even written correctly. If a file is set as "locked" in PC Security, a user can still access and modify the file. 10) Summary: This program is based towards users who would like minor levels of security. Anyone looking for anything stronger should look elsewhere. ============================================================================== 1) Security System Name and Version: PC Security 95 2) Operating System: Windows 95 3) Manufacturer of Security System: Tropical Software 4) Contact Information: Internet: http://www.tropsoft.com 5) Pricing Information: $34.95 for a registered copy. 6) Defining Features of the System: A small blinking red light that sits in the tray. 7) Description of Security Implemented: It uses basic Windows restrictions along with a system locking interface to lock the computer. 8) Strengths of the Security System: To this date we don't know exactly how PC Security loads. There is a program in the registry, SDAEMON.EXE, that PC Security installs, but even if this is removed, the program still operates. The Shortcut Locking features works quite well, as it sets the executable that the shortcut points to as "in use by another program." 9) Weaknesses of the Security System: PC Security's methods of blocking users actions are rather weak. It relies entirely on the built-in restrictions of Windows, and, that known, does not prevent programs being run from a floppy. With Poledit, a user could nullify the effect of this system, then boot into DOS mode, and remove the PC Security directory. 10) Summary: See previous entry, as the Windows 95 version is little different. ============================================================================== 1) Security System Name and Version: PrivateEXE 2.0a 2) Operating System: Windows 95 3) Manufacturer of Security System: MidStream, Inc. 4) Contact Information: Internet: http://www.midstream.com 5) Pricing Information: $29.95 for a registered copy. 6) Defining Features of the System: A protected executable asks for a password before it will run, and displays "Protected by PrivateEXE. 7) Description of Security Implemented: The program is not memory- resident, it simply modifies the executable the user wants to protect to contain a password. Then it creates a copy of the original executable for "backup purposes", and names the backup with the name of the original, with "_ORIGINAL" prepended. 8) Strengths of the Security System: The password that protects the executable is coded inside the file, so that anyone who tries to view it only sees gibberish. 9) Weaknesses of the Security System: We are still unsure of why this program makes an unprotected backup of the original exe file. Anyone can just delete the protected program and rename the backup to the original name. 10) Summary: This system might be effective if it didn't make a copy of the executable, or if you remove the backup manually, otherwise save your money for something else. ============================================================================= 1) Security System Name and Version: SecurIT 16 3.77 2) Operating System: Windows 3.x 3) Manufacturer of Security System: Internet Software Solutions Ltd. 4) Contact Information: support@issol.co.uk 5) Pricing Information: $29.95 US dollars for one registered copy. 6) Defining Features of the System: The existence of a directory called C:\SECURIT (by default). 7) Description of Security Implemented: The system uses its own program to lock, encrypt, or "shred" files on the computer. Also, the device driver SHARE.EXE is needed by the system to help enforce security. 8) Strengths of the Security System: The Shred Option works well, as it overwrites the file with NULL bytes before deleting it. 9) Weaknesses of the Security System: For some reason, the system needs to be loaded to ensure that locked files stay locked, and if a user were to exit to DOS or remove the line from the WIN.INI, the system would be disabled. 10) Summary: SecurIT is geared towards locking out and encrypting certain files, and not towards providing full system security. ============================================================================== 1) Security System Name and Version: SecurIT 32 3.76 2) Operating System: Windows 95 3) Manufacturer of Security System: Internet Software Solutions Ltd. 4) Contact Information: support@issol.co.uk 5) Pricing Information: $29.95 US dollars for one registered copy. 6) Defining Features of the System: The existence of a directory called C:\Program Files\Securi32 (by default). 7) Description of Security Implemented: The system uses its own self-contained executable to lock, encrypt, or shred files. 8) Strengths of the Security System: SecurIT locks files well in Windows. 9) Weaknesses of the Security System: The system needs to have Windows loaded in order to work. That says it all. 10) Summary: See above. ============================================================================== 1) Security System Name and Version: StopLight 95 PRO 3.20 2) Operating System: DOS/Windows 3.x/Windows 95 3) Manufacturer of Security System: Safetynet Co. 4) Contact Information: Internet: http://www.safetynet.com 5) Pricing Information: $129.95 for a single workstation. 6) Defining Features of the System: The full-screen logon sequence during boot, and the red-white yin-yang icon in the tray. 7) Description of Security Implemented: StopLight loads the logon driver at the end of the processing of the CONFIG.SYS. Now, assuming an administrator wants users to have access to the computers, the user would have his own login and password. The system blocks attempts to access Regedit and Poledit, and modification of system files. 8) Strengths of the Security System: It's very good. The security is probably one of the strongest around. Most methods for defeating PC security do not work on StopLight. 9) Weaknesses of the Security System: The only weakness that we discovered is that the system doesn't prevent booting from floppies. 10) Summary: StopLight is a solid security system, with only minor flaws. It is one of the few programs in this paper that we would pay for. ============================================================================== 1) Security System Name and Version: StormWindows 2) Operating System: Windows 95 3) Manufacturer of Security System: Cetus Software 4) Contact Information: FwCetus@aol.com 5) Pricing Information: $25.00 for a single registered copy. 6) Defining Features of the System: A window icon with a lightning bolt through it on the Start menu. 7) Description of Security Implemented: This program uses Windows restrictions as well as its own methods. The most notable feature is the ability to lock out Regedit and Poledit, even if the executable has been renamed. 8) Strengths of the Security System: Registry editing tools cannot be run at all. The GUI is fairly straightforward. 9) Weaknesses of the Security System: The major weakness is that it can be uninstalled while still running. 10) Summary: Overall, this program isn't up to par with others in its genre. ============================================================================== 1) Security System Name and Version: WinShield 2.15 2) Operating System: Windows 95 3) Manufacturer of Security System: Citadel Technology 4) Contact Information: Internet: http://www.citadel.com 5) Pricing Information: $69.95 for a registered copy. 6) Defining Features of the System: A little keychain-shield that sits in the tray. 7) Description of Security Implemented: WinShield uses Windows restrictions as well as its own self-contained executable to implement security. WinShield is loaded through the registry before and after Windows logon. 8) Strengths of the Security System: The administration GUI is well-written and easy to use. The options that can be configured are plentiful, ranging from explorer controls to DOS restrictions. If a user manages to run Poledit, the file WSHOOKS.DLL will produce an error when a user tries to view the programs loaded on startup, thus preventing removal of the the system. 9) Weaknesses of the Security System: The program has no provisions to stop interruption of the boot sequence, so the user is free to start the system in safe mode and disable security. But the one main flaw of WinShield is this: it can be uninstalled while it is running. A user could open APPWIZ.CPL, located in the directory C:\WINDOWS\SYSTEM\, by right-clicking on it in any dialog box (Open, Save As), and selecting "Open with Control Panel." WinShield provides no restrictions on this action whatsoever. 10) Summary: WinShield is a poorly written program, and this is reflected in this very review. It should not even receive a second thought when choosing a security system. ============================================================================= 1) Security System Name and Version: WinU 4.1 2) Operating System: Windows 95 3) Manufacturer of Security System: Bardon Data Systems 4) Contact Information: Internet: http://www.bardon.com 5) Pricing Information: $49.95 for a registered copy. 6) Defining Features of the System: Quite literally, it is the system. WinU is a menu-based replacement for the standard Windows shell, Explorer.exe. 7) Description of Security Implemented: When Windows loads, WinU is loaded as the shell. A menu appears with a series of icons representing the programs that can be run. The administrator can add or remove any of these programs at will. 8) Strengths of the Security System: When WinU is active, security is fairly strong. The system cannot be exited, it restricts everything except programs the administrator has laid out. 9) Weaknesses of the Security System: If a user were to interrupt loading of Windows, say, by turning off the power, the computer, on its next boot would automatically give the option to boot into Safe Mode. At this point a user could remove WinU in a number of ways. The link to start WinU could be removed in the Startup folder, the Shell variable in the SYSTEM.INI could be changed back to Explorer.exe, thus rendering WinU ineffective. If a user desired to learn the password, the registration information could be commented out in the WIN.INI. As with its sister program, Full Control, WinU displays the password on the next load of Windows. 10) Summary: WinU has been highly praised for its impenetrable security. We can't understand why. ============================================================================= V. CONCLUSION Our journey through the land of lame security programs has made us much more aware of the increasing lack of quality of the systems being offered. It is very difficult to choose a clear "winner," for all security systems have flaws, as this paper has demonstrated. However, based on the current information, if asked, we would have to recommend either Fortres 101 or StopLight. Both are quality, well written programs that have been on the market for some time. While both have their flaws, their strong points outnumber their weaknesses. VI. ACKNOWLEDGEMENTS Wow, do we have a lot of people to thank. Here goes: Thanks to LuNiTiC, for getting Nick started with security systems in the first place by tossing him a disk with Full Armor on it. Thanks go to Visual Coat, for being Nick's constant competitor, and getting his ass going when he lagged behind. Thanks go to ECC, who got Sean going with security systems, by demonstrating their total lack of knowledge on the subject. Thanks go to Rick Jeannerte and the Buffalo Sabres for keeping us sane while racking our brains for solutions. Thanks definitely have to go to the caffiene gods, for keeping us up during the wee hours. Thanks also go to RATM, NIN, and Ozzy for keeping us supplied with fiery energy when we were down. Thanks go to the backup QB for Jacksonville, who swears very loudly and obscenely. Too many thanks to specify: Uzi, Nate, Trilobyte, Michelle, Agent-X, Chrome, Ice Blue, Freestyle, Luna, Saccharin, Outcast, Circuit Phreak, HiTimes, and the rest of the Buffalo 2600 crew. VII. CONTACTING THE AUTHORS The authors can be contacted at their joint email account of: pcsecsys@email.com . We welcome any and all comments and criticism. System Administrators: Please keep the vugarity to a minimum. VIII. FINAL THOUGHTS While we have pretty much have undermined a few companies' demises by exposing flaws in their prized programs, they will correct these weaknesses. It may take a while, but they will try to impove. But we'll always be there. Oh, it's true, we can't keep anything to ourselves. But then, we get the chance to make you guys look like complete asses. Seeya around. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- RDF Primer by Secret Squirrel (ssq@secretsquirrel.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There seems to be more interest in locating radio transmitters, and with that in mind I am writing this article to help people understand just what is going on. This article assumes that you have little or no knowledge about Radio Direction Finding (RDF), so it will keep to fairly basic principles. There are a few reasons why people want to locate a transmitter. Police want to know the direction of a criminal using a cell phone, or a 'bumper beeper' which is used to track a vehicle. Amateur radio operators often schedule 'fox hunts' where you have to locate a transmitter (this is more popular in Europe, but its gaining popularity in the US). There may be some interference caused by a radio transmitter, and you may want to know where it is, so that you can stop/reduce the interference. Whatever the reason, it is a fun hobby, doesn't require a license or a lot of equipment to get started, and who knows you may actually learn something about radio while hunting. THE GEAR -------- You will need a little bit of gear, although more serious hunters may want to get some better gear, but this is a good place to start, and should be sufficient for most people. There are a few different methods of antenna systems that you can use. While I wont go into some of the more expensive and complicated systems in this article, the systems here are used by many people and are quite good for most uses. I will be putting up different antenna designs at http://www.secretsquirrel.org over the next few weeks, so that you can make them yourself, and experiment (which is fun and one of the most important things, play around you may learn something that isn't in here) The basic gear that you need is a radio receiver, and an antenna. To increase the quality of the hunt, you may want to have a local map (one with topographic information may also help). The radio should have a signal strength meter so that you can tell when your antenna is pointing the right direction. An attenuator is a good idea for when you get closer to the signal. For larger hunts, you may want a super sensitive antenna array for the car, and a smaller hand held system for when you are close and have to walk around to actually find the transmitter. ANTENNAS -------- The first antenna category want to discuss is a directional antenna. There are a few types of directional antennas that are easy to build. The most common one is a parabolic antenna. This is the common 'dish' that you see in many movies, and what is used by DSS and other satellite TV systems. The parabolic antenna doesn't have to be circular, although that is the most common, it doesn't work as well if you are looking for transmitters because the area that it 'sees' is so small. With a parabolic antenna you have to aim it at the transmitter, and it doesn't hear what isn't directly pointed at (so if you are a little off you don't get any signal). A similar antenna is the parabolic plane antenna, and it overcomes this disadvantage. The parabolic plane antenna is much like it sounds. Take a flat surface and bend it so that its curved on one side, see pplane.jpg. This antenna can 'see' more RF on the flat sides than a circular parabolic antenna. This allows it to scan a little better. If you rotate the antenna so that the flat sides are on the top/bottom the antenna is good for scanning the horizon looking for a transmitter where the elevation may not be known. Another directional antenna is the canister antenna. This antenna is more or less a coffee can with only one end removed and a little antenna stuck in one end. With this type of antenna, you point the opening of the antenna around, and when the opening the facing the transmitter you have the highest signal strength. This is a very easy antenna to make, and can be made out of items that most everyone has in their house already. Another type of directional antenna is the yagi. These are ideal for handheld usage (at higher frequencies) as well as for mounting on a car, however they can get quite large. The yagi antenna is basically several elements that are parallel to each other with a support bar that is perpendicular to those elements. Another type of antenna is the quad. The quad antenna is similar in appearance to a yagi, but it has some advantages at 2M (150 MHz) which is where most amateur hunts are. For the same length antenna a quad has about 2dB gain more than a yagi. The quad isn't as affected by the metal in a car, which means that it can be mounted closer, helping to avoid trees :) The antenna is shorter when configured for vertical polarization. Polarization refers to the way the radio energy is transmitted. It can either be horizontal or vertical. If the transmitting antenna is straight up then its vertical, if its parallel to the ground its horizontal. Because its somewhat important to match the polarization, especially with weak signals, between the transmitting and receiving antennas, you may have to rotate your antenna to match. This is why cell phones don't work as well when they are flat on a table, and work best when the antenna is straight up and down. The quad antenna is an antenna that has typically 4 squares. Each square is parallel to the others. They are spaced and mounted into a frame that looks like a yagi. Quads are very easy to build, but they are somewhat big, so don't plan on using a quad while walking around :) Aside from directional antennas there are some better systems out there that are accurate, and require less manipulating (with a directional antenna you must rotate it around to find the transmitter). The Doppler antenna is a fairly good antenna but doesn't lend itself well towards being handheld. This is the type that police cars use to track LoJack (stolen vehicle tracking system). This antenna system doesn't work well if the polarization is different. Doppler antenna systems almost always have horizontal polarization. Doppler systems work on the principle that the receive frequency will differ from the transmit frequency based on the relative velocity between the transmitter and receiver. This is the same reason that a train or car appears to have an increased pitch when approaching you, and a decreasing pitch when its going away from you. The noise is actually the same, but it appears to be different. The shift in frequency is directly related the the relative velocity between the transmitter and receiver. Radio waves travel at the speed of light, about 186,000 miles/sec. If there is a transmitter transmitting at 145MHz, and you were to move towards that transmitter at about 4550MPH, it would appear that the transmitter was transmitting at +1kHz, if you were travelling away from the transmitter at the same velocity, it would appear that the transmitter was transmitting at -1kHz. This is because 4550MPH is about .00068% the speed of light, and 1kHz is about .00068% the frequency 145MHz. A real Doppler system will have an antenna that moves around in a circle, since this is impractical to do at any speed that would be beneficial, we use multiple antennas positioned in a circle, and rapidly switch between them. Police cars use 4 antennas (so it looks like a square) for LoJack, but any number of antennas can be used with a minimum of 3. The fewer antennas you use the more inaccurate your system will be. If you look at many police cars now, especially in larger metropolitan areas, you will see 4 antennas at the rear of the car, those are the ones used for LoJack. Let's assume for a moment that we have a single antenna that is spinning in a circle. As the antenna approaches the signal source the voltage from the discriminator will be positive. As it moves away from the signal, it will be negative. It will form a nice neat sine wave. By monitoring this signal, and knowing which antenna is active at that point in time, we can tell direction of the transmitter. In our pseudo Doppler system, where we have multiple antennas arranged in a circle, as we switch from one antenna to the next, going around in a circle, we give the illusion that we are moving that antenna. This forms something that is close to a sine wave. For a sample illustration of the differences between a real Doppler system and the one that we are going to use, see doppler.jpg. Now that you have an antenna you are set. Or are you? What would happen if you were close to the transmitter? Would your signal strength meter vary? Odds are it would be very difficult to locate the transmitter without another simple little device. An attenuator. OTHER GEAR ---------- Attenuators can be very helpful when you are close to a transmitter. When the signal is strong, it will appear to be coming from every direction. What an attenuator does is block some of the signal so that only a portion goes through. This makes it easier to find the transmitter when you are close to it. A good idea is to have a variable attenuator, so that you can add attenuation as you get closer, making it easier to track both weaker and more powerful transmitters. A sniffer is a small handheld radio device. This typically isn't as sensitive as the big array that you may have on your car, but it works perfectly for those times that you have to go on foot, or are really close to the transmitter (most rules state that you have to touch the transmitter). Sniffers are only good when there is weak or absent modulation you may need a yagi or other directional antenna if there is strong modulation. If the signal is hard to detect you may want to tune slightly off frequency or add in an attenuator, or perhaps both. Another trick, which is commonly used with yagis is to goto the 3rd harmonic. The 3rd harmonic is 3*the frequency. If the frequency you are looking for is 145.45 then the 3rd harmonic is 436.35. Both frequencies are in the amateur band, so finding receivers for them wont be a problem. This also means that you will be able to buy a 440 yagi off the shelf for just a little money (but it really is fun to build stuff yourself :) If you tune to the 3rd harmonic of the transmitter, you will typically only be able to hear the transmitter when you are close. If you have a yagi on your radio you should be able to more quickly locate the transmitter. TECHNIQUE --------- Now that you know some of the gear to get, you need to know how to use it. The best hunter with the worst gear can often do better than the worst hunter with the best gear. Technique is everything. Here are some pointers to help you out. Don't track down the transmitter by going directly to the strongest signal, goto a hilltop and triangulate If you cant hear the 3rd harmonic of the fox, it isn't there its further away Don't rush into where you think the transmitter is, if you are getting close keep taking reading, you may find that you need to turn around later. Don't pay much attention to other hunters, or where people have hidden transmitters in the past. The other hunters may try to fool you into looking for the transmitter where it isn't, or they may not have any idea what they are doing. Also, people typically wont hide transmitters in the same place twice (or even the same type of place). With rectangular streets one of the faster methods of finding the transmitter is the stairstep method. Lets say that the signal is on your left. Drive down the street until the signal is at 270 degrees (straight left).. Turn left and drive until the signal is either directly right or left (90/270 degrees).. Turn towards the signal, repeating this until you are there. Watch out for multipath. Multipath is when you appear to have multiple received signals from different locations. This is typically caused by the signal bouncing off of objects, such as hills, buildings, power lines, metal fences, or even airplanes. Here are some ways to help prevent multipath, ensuring a more accurate signal. MULTIPATH --------- Your RDF gear will not tell you the direction of the transmitter, instead it will tell you the direction of the received signal. If that signal bounces off an object, then you will have an inaccurate reading. Anything that stands between you and the transmitter, or is close enough to the signal path to cause reflection or distortion, can make the DF unit misread the direction of the transmitter. TO HIGHER GROUND ---------------- If you are next to a hill on your left, and the signal appears to be coming directly from the left, you know that the signal cant come through the hill, if the transmitter is on your left, you will either lose the signal, or its arriving at your antenna via reflection. There is a large power line or a high metal fence. The metal picks up and re-radiates the signal. Your DF equipment continues to point to the lines or fence. You are in a canyon, the signal bounces between the sides of the canyon. Your gear may tell you that the signal is directly in front or behind you, regardless of the real direction of the transmitter You are on top of a hill, but there are other hills and the transmitter is low and obscured, the best signal path may be via a bounce from one of the other high hills, making it look like the transmitter is in that direction when it may not be. If the signal goes down as you move along, while moving towards a hill, it typically means that either the transmitter switched power/antennas or the signal is behind the hill. If the signal jumps up suddenly that indicates that the transmitter either increased power/switched antennas or you came out of a shielding terrain feature, such as a hill or building. The solution to these problems is typically to get to higher ground. In some cases it may take multiple readings from multiple high points. If you are in a hilly terrain, then you will want to find a high hill, or tall building. Getting up high may not be that easy, due to time, or other factors. If you cannot get up high, take readings of the transmitter often, and try to anticipate reflections. You can also see if the signal fades in a direction it used to be which could indicate that its behind that hill. DISTANCE GUESSING ----------------- This technique is typically only accurate for line of sight signals of the same polarization. You can take guesses as to the distance of a transmitter based on signal strength. If there isn't a lot of hills, or tall buildings, this is more difficult to do, however if you are in a residential area, or a desert, or some other area that is fairly clear, the signal is affected by the inverse square law. This means that every time the distance from the transmitter is doubled the far field signal power drops to one quarter, everything else being equal. This makes the voltage at the receiver input terminals drop to one half. There are field strength meters available that will tell you the relative strength of the signal that you are monitoring. Some radio devices have these built in, most cell phones have a debug mode that will tell you the signal (in a real number, not just the S-meter) the signal strength of the cell tower that you are currently talking to.. You can get similar devices for other radios. The receiver input voltage increases as a function of relative distance from the starting point. when the strength is twice that of the starting point (6dB greater), you have gone halfway, all other factors being equal. When it is twice the half way reading, you have gone halfway between the halfway point and the transmitter, or 3/4 the distance. As you get closer you may find that your signal strength meter is all the way on. How do you tell if you are getting closer or not? Additionally most S-Meters are more inaccurate at the edges (all on/all off). To cure this, you can use an attenuator. If you notice that your S-meter is all the way on, you may want to add some attenuation. In our above example, if you are at the 3/4 point, and you add 6dB of attenuation, you will see that your S-meter will read the same as it did at the halfway point. If you add 12dB attenuation, it will read the same as it did at the starting point. There is another method using geometry that will help you to guess how close you are. However this method doesn't work well if there is multipath. Using the principles of a right triangle, you can determine the distance of the transmitter by taking a sample of the signal at both 45 and 90 degrees. C |\ | \ | \ d| \f | \ | \ ------- B e A A,B,C are angles d,e,f are sides We know that the total of all 3 angles in a triangle is 180 degrees. We know that the angle at point B is 90 degrees. We know that the angle at A is 45 degrees. This means that angle C must also be 45 degrees (180-(45+90)). If C is the same angle as A then this is an isosceles triangle, therefore lines AB and BC are equal. The distance between the 45 degree reading and the 90 degree reading puts us that distance away from the transmitter (at the 90 degree point). If we took the 90 degree reading first, rather than drive back to the 90 degree point, we can figure the hypotenuse based on the Pythagorean Theorem, which states that in a right triangle, the square of the sides that form the 90 degree angle added together equals the square of the hypotenuse (the longest side, the one that doesn't intersect to form a 90 degree angle. In our example (d*d)+(e*e)=(f*f) (the square character doesn't display everywhere).. We can solve quickly for f since we know that e=d, and we know what e is. IN CLOSING ---------- Now that you know the basics of the gear, how to use it, and some pitfalls that you may encounter the rest is upto you. Go out and make some antennas, start simple.. Figure out where known transmitters are. If you don't have a radio but do have a cell phone, make an antenna that you can plug into the external antenna jack of the cell phone and track down some cell towers (you can usually see them quite a way off so it makes it easier).. Be careful when making antennas though, if they are poorly made, it can ruin a transmitter. I will be putting up antenna designs on my web page in the future (should start appearing there in the next few weeks). The url is: http://www.secretsquirrel.org/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=-=[ Rape the System Failure ]=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-