_______________________________________________________________________ _______________________________________________________________________ THE SYNDICATE REPORT Information Transmittal No. 21 (Part 1 of 2) Released March 2, 1989 Featuring: Editor's Note "PCP Hacking Statistics" AT&T Works on Making Unix Less Vulnerable MCI Mail Rates and Info Change AT&T Bellcore & Tiniest Semiconductors Ever Common Unix Passwords Briefs notes from The Report Vocabulary Tonic by The Sensei Editor Syndicate Report Magazine _______________________________________________________________________ _______________________________________________________________________ EXPOSITION: TSR Once again, The Report accepts outside sources. Anybody can write/provide information to The Syndicate Report. Articles/Information may be provided through RADIO WAVES Bulletin Board System 612-471-0060. Any info such as Busts, Phreaking, Hacking, Data / Telecommunications, and new developments on any the previous mentioned specialties will be: accepted, labeled, and given full actual credit to the article/info provider(s), or writer(s). -- ** All articles have been presented by me unless shown at the end of the article as the information provider(s), or writer(s). ** _______________________________________________________________________ _______________________________________________________________________ EDITOR'S NOTE: TSR " PC PURSUIT HACKING STATISTICS " PCP password hackers are welcome tools for virtually all types of users: Phreaks, Pirates, Terrorists, system Hackers, etc. PCP has become the perfect way to dial long distance with low error ratios, flexibility with ID codes/passwords used on other networks and most importantly, safety. Telenet is because of the huge number of calls that are handled every day by the big networks, keeping track of where every call and connection is made from is financially impractical. It is also very easy to disguise your location using the network, which makes dial LD even more secure. As time and technology interface, code abusing slowly becomes past-time reminiscence for busted hackers. In response, PCP becomes the only resource for paranoid hackers, alike. Along these lines of paranoia, the need for PCP password hackers increases. After all the years that PCP has existed, I've only seen 5 PCP password hackers. And of the 5 hackers, 3 of these devices were totally useless for obvious reasons, upon execution... Some of the obvious problems indicated : No online modem configuring. Incomplete documention & Technical Information. These apply to the anti-user friendly hacks. Inaccurate response detecting positive completion of passwords. Ineffective random variable password generating. ...and with all beta programs -- minor bugs. With this in mind, I'd like to add some PCP Statistics. PCP ID's and Passwords are not easy to get. Format area: PCP12345 and ABCD6789. The first thing a hacker considers when using a hacker is, what? PCP ID to use. Most are between 10,000 and 40,000. I have never seen an ID over 40,000. PCP doesn't disclose annual PCP profits, nor the number of subscribers they currently have. Although the number by many hackers is approximated around 5,000 to 6,000. Keep in mind that businesses use PCP accounts too, in case your criticizing that you've never seen 5,500 subscribing hackers. Therefore, the change of gaining a valid ID are significantly good. Of course, the PCP IDs do not bug hackers. The complexed password scheme is the brain parasite. First there is the 4 random letters, then the 4 random numbers - joined. In essence, what a hacker is dealing with is 2 passwords beyond 1. The LETTERS, and the NUMBERS must match up - not the entire string as a whole since the letters stop after 4, then take on an entire new syntax. I've seen some passwords that had numbers in the letter positions, and vise verse for the letters. Majority however stay in the above listed format. If interested in a PC Pursuit password hacker, consider using Phry Code Pro., by The Exciter / 612. Latest version can be found on RADIO WAVES. ;The Sensei / Editor TSR _______________________________________________________________________ _______________________________________________________________________ AT&T WORKS ON MAKING UNIX LESS VULNERABLE: TSR (iw 2\11) Enhanced security features are being developed for Unix System V.4.1. AT&T's vice president stated. His keynotes to the Usenix Tech. Conference in California insisted that open, multivendor networks are not centrally more susceptible to security violations than proprietary systems. Security is on the mind of every Unix user, particularly when Unix-based systems are to be used for mission-critical and strategic applications, like running a high end workstation. The new version, on Unix, will achieve the National Security Agency's B2 level of security, and will actually also have some features of the B3 level as well. Powerful security tools exist in the current version of Unix V, but have often gone unused by administrators because of a lack of quality documentation and training. AT&T will also be adding surreal security features to System V.4.1., the first revision of the sill unreleased system V.4.0. Procrastination seems to be top priority for many software vendors - just look at Lotus. Well, Unix won't be very welcome for the Hacking Community, and myself. The features/improvements include: Access methodology beef up Maintenance of Data Integrity The denial of service Hacker/Intruder/Terrorist containments ...and the execution of the "superuser" status. About the "superuser" chop. This is the most popular status, especially for hackers, and AT&T takes it out. It did more good than bad in the long run. In its place will be a finer distinction in status. There will be a status of "superuser" that is only used for mounting the systems. That user will not be able to access other "superuser" privileges. Control of the front end of system access - password security - will be enhanced by the use of "shadow" password files. The files containing the password (etc/passwd) have been far to easy to access. So, restricted access to files, along with a form of activity audit, which will be used in System V.4.1. Actually, the greater sense within the system, including user and group IDs, aging information, and a command and log-in audit. Editor's suggestions: Keeping systems resources in locked rooms/shells, to prevent shaking of the shielding of shells/rooms, which can reveal information to external devices. AT&T should also use a dedicated printing resource to each high level of security - a printer on each label page? Well, that would code a lot of money, but LD services do it all the time, along with personal supervision. Then theres Fiber-Optics, and the security advantage there. As printed in THE SYNDICATE REPORT #20 (part 2), where an article explains the procedures in Tapping Fiber Optic cables. Then again, it's hard to break into a FO cable without bringing the system down, with a nice alarm response. :::::::::::: Information written by The Sensei (TSR Editor) ::::::::::: _______________________________________________________________________ _______________________________________________________________________ MCI MAIL RATES AND INFO CHANGE: TSR (u.t 2\15) Beginning early February 1989 MCI Mail will LOWER the cost of Instant Messages and domestic Fax Dispatch. In addition, we will offer FREE 800 Access, FREE Advanced Service and FREE Shared Lists. MCI's new retail prices are as follows: :: Instant Messages :: 0-500 Characters $ .45 501-2500 Characters $ .75 2501-7500 Characters $1.00 Each Additional 7500 Characters $1.00 :: Domestic Fax Dispatch :: First Half Page $ .50 Each Additional Half Page $ .30 :: Access :: 800 Access No Charge U.S. tymnet Access $ .25/ Per Minute International tymnet Access $ .30/ Per Minute :: MCI Mail's new 800 numbers will be :: Access Speed 800 Telephone Number 300, 1200 bps...........................800-234-MAIL 2400 bps............................... 800-456-MAIL Lotus Express & Desktop Express.........800-825-1515 (up to 2400 bps) _______________________________________________________________________ _______________________________________________________________________ AT&T BELLCORE & TINIEST SEMICONDUCTORS EVER: TSR (b.w 2\27) As the transistors on computer chips steadily shrivel away toward nothingness, scientists are faced with a task much like figuring out how many atoms can dance on the head of a pin. Researchers as AT&T Bell Laboratories are closing in. They have devised a method of producing the tiniest semiconductor crystals ever: clusters containing as few as 100 atoms. They are so far too tiny to 'print' with even the wispiest microcircuit. Still, they may have practical applications. That's because a young polymer chemist, has developed a way to keep the clusters from combining into larger clumps, as they otherwise would do. He grows each microcrystal inside a minuscule water droplet a thousand times smaller than the diameter of a human hair, then replaces the water with organic molecules. "It's like putting the cluster in a little plastic bad," he says. The clusters can be 'tuned' for specific jobs because they absorb different wavelengths of light as they decrease in size. So they could be used for optical switches in future "optoelectronic" chips. _______________________________________________________________________ _______________________________________________________________________ COMMON UNIX PASSWORDS: TSR (p.p 2\21) The subsequent list of words are a list of commonly used passwords, use on Unix computer systems. The list also contains syntax from the illustrious UNIX Internet Worm on November, 1988. Combine them into a favorable Unix Hacker. _____________________________________________________________ :::::::::::::::::::::::::::: Unix Passwords ::::::::::::::::::::::::::: _____________________________________________________________ aaa daniel jester rascal academia danny johnny really ada dave joseph rebecca adrian deb joshua remote aerobics debbie judith rick airplane deborah juggle reagan albany december julia robot albatross desperate kathleen robotics albert develop kermit rolex alex diet kernel ronald alexander digital knight rosebud algebra discovery lambda rosemary alias disney larry roses alpha dog lazarus ruben alphabet drought lee rules ama duncan leroy ruth amy easy lewis sal analog eatme light saxon anchor edges lisa scheme andy erenity angerine scott arrow elizabeth maggot sex arthur ellen magic shark asshole emerald malcolm sharon athena engine mark shit atmosphere engineer markus shiva bacchus enterprise marty shuttle badass enzyme marvin simon bailey euclid master simple banana evelyn maurice singer bandit extension merlin single banks fairway mets smile bass felicia michael smiles batman fender michelle smooch beauty fermat mike smother beaver finite minimum snatch beethoven flower minsky snoopy beloved foolproof mogul soap benz football moose socrates beowulf format mozart spit berkeley forsythe nancy spring berlin fourier napoleon subway beta fred network success beverly friend newton summer bumbling george osiris tape cardinal gertrude outlaw target carmen gibson oxford taylor carolina ginger pacific telephone caroline gnu painless temptation castle golf pam tiger cat golfer paper toggle celtics gorgeous password tomato change graham pat toyota charles gryphon patricia trivial charming guest penguin unhappy charon guitar pete unicorn chester hacker peter unknown cigar harmony philip urchin classic harold phoenix utility coffee harvey pierre vicky coke heinlein pizza virginia collins hello plover warren comrade help polynomial water computer herbert praise weenie condo honey prelude whatnot condom horse prince whitney cookie imperial protect will cooper include pumpkin william create ingres puppet willie creation innocuous rabbit winston _____________________________________________________________ Paean : The Merc V.4.1. passwd!locator Shooting Shark Gfiles : Unix hacker The Mentor LOD/H : Pheonix Project 512-441-3088 TSR Dedicated Field users ::::::::::::::::::: Information provided Multiformly :::::::::::::::::: _______________________________________________________________________ _______________________________________________________________________ ::::::::::::::::::::::SYNDICATE REPORT BRIEF NOTES::::::::::::::::::::: // Bell 900 Battles // AT&T, MCI and US Sprint are arming themselves for a new round of competition in interactive 900-call services, according to TSR sources. AT&T has been hoping for FCC approval of its interactive 900 tariff. MCI has been testing and plans to offer a 900 service next month. And US Sprint plans to begin customer testing of its service in April '89. :::::::::::: Information provided by MPhone / 203 ::::::::::: _____________________________________________________________ // NSA Chooses Its Security // The National Security Agency has chosen the AT&T security code algorithm called Code Excited Linear Predicted. NSA will propose the algorithm be adopted as a government-wide standard. Production is shared by AT&T, Motorola and GE RCA. The algorithm is a 4,800 bits-per-second coder that checks speech patterns. _______________________________________________________________________ _______________________________________________________________________ ::::::::::::::::::::::::: TSR Vocabulary Tonic :::::::::::::::::::::::: What "Vocab. Tonic" is, is a list of acronyms and definitions to help education the ignorant hacker. With an extensive vocabulary, there is virtually nothing one can't learn. Study on... DS - Digital Switch. A switch in which connections are established by operations on digital signals without conversion to analog. DSX - A digital cross connect field which can be utilized for DS1 (Digital Switch), DS2 or DS3 level cross connections at a digital level RPOA - Registered Private Op. Agencies (ID of online system). SCC - (or SCCS), Switch Control Center. SCC has overall responsibility for the administration and maintenance of BOC Central Offices. Responsibilities include installation and maintenance Control Office for FG B, C, and D. SCC also handles specific trouble reports. TAMS - System where NUIs are checked by a central database when you try to connect to an address, on GTE Telenet. TD - Terminating Direction. The use of Access Service for the completion of a call from an IC (Interexchange Carrier) location to an end user. _______________________________________________________________________ _______________________________________________________________________ :::::::::::::::::::::::: TSR "Quote of the Month" ::::::::::::::::::::: "They [Hackers] have this need to find the answer." To subscribe to the 2600 Magazine send 15$ to: 2600 Magazine P.O. BOX 752 Middle Island N.Y. 11953 Corley, Editor 2600 Magazine _______________________________________________________________________ _______________________________________________________________________ TSR will accept additional sponsor/support Systems. If you have a certain interest in the Report, and wish to provide support to TSR -- Leave your BBS number -- and any other information on RADIO WAVES Bulletin Board Systems. _______________________________________________________________________ _______________________________________________________________________ Pheonix Proj. LODH :: 512-441-3088 ----- Lunatic Labs :: 415-278-7421 At Login: Any UNIX Default PW P/H System HackersDen 2600 #5 :: 612-522-3959 ----- Hack Shack @ :: 214-422-4307 P/H-Files BBS Login: Any UNIX Default Pass RADIO WAVES System :: 612-471-0060 - Syndicate Report Support BBS - _______________________________________________________________________ _______________________________________________________________________ This concludes this Transmittal No. 21 (Part 1 of 2) Released March 2nd, 1989 by The Sensei Editor of The Syndicate Report _______________________________________________________________________ _______________________________________________________________________