DEATH BY ELECTRONICS ISSUE 6, VOLUME I RELEASED ON 09/01/1995 DISCLAIMER: We at DBE, take no responsability for your actions due to this magazine. We are simply using the freedom of speech, and the freedom of the press. We do not encourage you to do anything that we demonstrate in this magazine. This magazine is for educational and recreational purposes only. QUICK INTRODUCTION: DBE is dedicated to writing articles related to technology. The magazine will now be released bi-montly. It is just too much work with 3 active members to put out a decent mag every month. As always, anyone is welcome to apply to the group or to simply contribute an article. Contributors will have their name mentioned at the end of the magazine. In the future, we hope to be able to produce a more practical magazine. This new version of DBE will be more dedicated towards the area code of 613. It will include such things as interviews with local hackers, interesting phone numbers to try out, opinions from various hackers about the developpment of the HPACV scene, etc. In the end, we hope to be able to satisfy a greater audience. TABLE OF CONTENTS: (1) Mortal Kombat [No Fear] (2) In The News... [vD] (3) Modem Standards [No Fear] (4) Comming Soon... [No Fear] (5) Red Box [No Fear] (6) CISC vs RISC [No Fear] (7) All the Viruses you want [No Fear] (8) 613 HPACV Scene [Source Unknown] [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] MORTAL KOMBAT - No Fear [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] I know that this magazine deals mostly with the PC aspect of things, and I most certainly do not want this magazine to become the next Video Game Monthly. But the first goal of this magazine is to inform, on different aspect of electronics, so here is the lowdown on the latest game machines. Before, if you wanted to get a video game system you had to settle for either SEGA or NINTENDO. Well now there is the 3DO (which is mighty good), the ATARI Jaguar and yes.. the SONY PlayStation. You read this right! SONY, the same people who brought you the Walkman and Trinitron TVs are jumping into the $5 billion U.S. video game market. So here is some info on the latest systems that are either on the market or soon will be out in a store near you. SONY's PlayStation, due in September 1995, is a 32-bit chip with double speed CD-ROM and will have a list price of approx. $299 U.S. It also comes with Mortal Kombat III as the packaged game. According to SONY, their system "EATS NINTENDO FOR LUNCH-THEN THROWS UP!" NINTENDO's Ultra 64 is due out in April 1996, and will boast super fast and smooth animation thanks to a 64-bit RISC chip built by Silicon Graphics. Games will be store in a high capacity cartridge format which eliminates the waiting time for loading the games off CDs. With a reported list price of only $250 U.S. and packaged with Killer Instinct, it is the best deal so far. And NINTENDO has managed to get games developed for the Ultra 64 to be played (with lots of down-tuning) on the SNES (such as Donkey Kong Country) SEGA's Saturn, priced at $399 U.S., is a 32-bit system with a double speed CD-ROM and comes packaged with Virtual Fighter. Both SONY and SEGA have been following 3DO's lead with a 32-bit and double speed CD-ROM as the configuration. This configuration allows sufficient capacity to store VHS-quality video images and CD-quality sound. But 3DO will soon be leaving the 32-bit group with an upcoming 64-bit system (still under development). ATARI's Jaguar which sells for only 150$ would seem to be the best deal of the bunch, but ATARI has been having problems attracting top-flight games developers. The video game system market could be dying with all the new PC's equipped with CD-ROMs and sound cards entering people's homes. Because $400 is mighty expensive for a game system that will only last approx. 3 years. You can get a great hi-fi Stereo VCR or other audio/video components for the same price, and they will not become obsolete in 3 years (like all PCs). But if I were to pick one, it would be the 3DO. I'll have to see how the Ultra 64 stands up once it comes out. [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] MITNICK IN THE NEWS - vD [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] vD: Due to lack of time and anything to write about, I compiled this group of articles and postings. They all talk about the recent Mitnick saga. Emmanuel Goldsteins postings to alt.2600 are included to help down play the media blitz. Article [1/4] Slippery cybervandal caught in his own electronic web ----------------------------------------------------- (c) Copyright the News & Observer Publishing Co. How a computer sleuth traced a digital trail New York Times RALEIGH, N.C. (9:05 p.m.) -- After a search of more than two years, a team of FBI agents early Wednesday morning captured a 31-year-old computer expert accused of a long crime spree that includes the theft of thousands of data files and at least 20,000 credit card numbers from computer systems around the nation. The arrest of Kevin D. Mitnick, one of the most wanted computer criminals, followed a 24-hour stakeout of a Raleigh apartment building here. A convicted computer felon on the run from federal law enforcement officials since November 1992, Mitnick has used his sophisticated skills over the years to worm his way into many of the nation's telephone and cellular telephone networks and vandalize government, corporate and university computer systems. Most recently, he had become a suspect in a rash of break-ins on the global Internet computer network. "He was clearly the most wanted computer hacker in the world," said Kent Walker, an assistant U.S. attorney in San Francisco who helped coordinate the investigation. "He allegedly had access to corporate trade secrets worth billions of dollars. He was a very big threat." But federal officials say Mitnick's confidence in his hacking skills may have been his undoing. On Christmas Day, he broke into the home computer of a computer security expert, Tsutomu Shimomura, a researcher at the federally financed San Diego Supercomputer Center. Shimomura then made a crusade of tracking down the intruder, an obsession that led to Wednesday's arrest. It was Shimomura, working from a monitoring post in San Jose, Calif., who determined last Saturday that Mitnick was operating through a computer modem connected to a cellular telephone somewhere near Raleigh, N.C. Sunday morning, Shimomura flew to Raleigh, where he helped telephone company technicians and federal investigators use cellular-frequency scanners to home in on Mitnick. Mitnick was arrested at 2 o'clock Wednesday morning in his apartment in the Duraleigh Hills neighborhood of northwest Raleigh, after FBI agents used their scanners to determine that Mitnick, in keeping with his nocturnal habits, had connected once again to the Internet. Shimomura was present Wednesday at Mitnick's pre-arraignment hearing at the federal courthouse in Raleigh. At the end of the hearing, Mitnick, who now has shoulder-length brown hair and was wearing a black sweat suit and handcuffs, turned to Shimomura, whom he had never met face to face. "Hello, Tsutomu," Mitnick said. "I respect your skills." Shimomura, who is 30 and also has shoulder-length hair, nodded solemnly. Mitnick, already wanted in California for a federal parole violation, was charged Wednesday with two federal crimes. The first, illegal use of a telephone access device, is punishable by up to 15 years in prison and a $250,000 fine. The second charge, computer fraud, carries potential penalties of 20 years in prison and a $250,000 fine. Federal prosecutors said they were considering additional charges related to Mitnick's reported Internet spree. Federal officials say Mitnick's motives have always been murky. He was recently found to have stashed thousands of credit card numbers on computers in the San Francisco Bay area -- including the card numbers of some of the best-known millionaires in Silicon Valley. But there is no evidence yet that Mitnick had attempted to use those credit card accounts. Indeed, frequently ignoring the possibility of straightforward financial gain from the information he has stolen, Mitnick has often seemed more concerned with proving that his technical skills are better than those whose job it is to protect the computer networks he has attacked. Federal officials say the arrest of Mitnick does not necessarily solve all the recent Internet crimes, because his trail of electronic mail has indicated that he may have accomplices. One of them is an unknown computer operator, thought to be in Israel, with whom Mitnick has corresponded electronically and boasted of his Internet exploits, investigators said. Still, the capture of Mitnick gives the FBI custody of a notoriously persistent and elusive computer break-in expert. Raised in the San Fernando Valley near Los Angeles by his mother, Mitnick has been in and out of trouble with the law since 1981. It was then, as a 17-year-old, that he was placed on probation for stealing computer manuals from a Pacific Bell telephone switching center in Los Angeles. Those who know Mitnick paint a picture of a man obsessed with the power inherent in controlling the nation's computer and telephone networks. The recent break-ins he is accused of conducting include forays into computer systems at Apple Computer Inc. and Motorola Inc. and attacks on commercial services that provide computer users with access to the Internet, including the Well in Sausalito, Calif., Netcom in San Jose, Calif., and the Colorado Supernet, in Boulder, Colo. To make it difficult for investigators to determine where the attacks were coming from, Mitnick is said to have used his computer and modem to manipulate a local telephone company switch in Raleigh to disguise his whereabouts. In recent weeks, as an elite team of computer security experts tightened an invisible electronic net around the fugitive, Mitnick continued to taunt his pursuers, apparently unaware of how close they were to capturing him. About 10 days ago, for example, someone whom investigators believe to have been Mitnick left a voice-mail message for Shimomura, a Japanese citizen. The message reprimanded Shimomura for converting the intruder's earlier voice-mail messages into computer audio files and making them available on the Internet. "Ah Tsutomu, my learned disciple," the taunting voice said. "I see that you put my voice on the Net. I'm very disappointed, my son." But the continued attempts at one-upmanship simply gave the pursuers more electronic evidence. "He was a challenge for law enforcement, but in the end he was caught by his own obsession," said Kathleen Cunningham, a deputy marshal for the U.S. Marshals Service who has pursued Mitnick for several years. Mitnick first came to national attention in 1982 when, as a teen-age prank, he used a computer and a modem to break into a North American Air Defense Command computer. He subsequently gained temporary control of three central offices of telephone companies in New York City and all the phone switching centers in California. This gave him the ability to listen in on calls and pull pranks like reprogramming the home phone of someone he did not like so that each time the phone was picked up, a recording asked for a deposit of a coin. But the break-ins escalated beyond sophomoric pranks. For months in 1988, Mitnick secretly read the electronic mail of computer security officials at MCI Communications and Digital Equipment Corp., learning how their computers and phone equipment were protected. Officials at Digital later accused him of causing $4 million in damage to computer operations at the company and stealing $1 million of software. He was convicted in July 1989 and sentenced to a year in a low-security federal prison in Lompoc, Calif. One of his lawyers convinced the court that Mitnick had an addiction to computers. In July 1989, after his release from prison, he was placed in a treatment program for compulsive disorders, the Beit T'Shuvah center in Los Angeles. During his six months there, he was prohibited from touching a computer or modem. That restriction was a condition of his probation when he was released in mid-1990, and it was for reportedly violating this condition that federal officials were pursuing him when he dropped out of sight in November 1992. In September 1993, the California Department of Motor Vehicles also issued a warrant for his arrest. The warrant stated that Mitnick had wiretapped calls from FBI agents. He then used law-enforcement access codes obtained by eavesdropping on the agents to illegally gain access the drivers' license data base in California. Federal law enforcement officials believe that Mitnick has conducted a long string of computer and phone telephone network break-ins during more than two years on the run. And they say his ability to remain at large until now illustrates the new challenges that law enforcement officials face in apprehending criminals who can cloak themselves behind a curtain of forged electronic data. Article [2/4] How a computer sleuth traced a digital trail ________________________________________________________________________ __ (c) Copyright the News & Observer Publishing Co. New York Times RALEIGH, N.C. (8.59 p.m.) -- It takes a computer hacker to catch one. And if, as federal authorities contend, 31-year-old computer outlaw Kevin D. Mitnick is the person behind a recent spree of break-ins to dozens of corporate, university and personal computers on the global Internet, his bigg s mistake was raising the inte est nd ire f Tsutomu Shimomura. Shimomura, who is 30, is a computational physicist with a reputation as a brilliant cyber-sleuth in the tightly knit community of programmers and engineers who defend the country's computer networks. And it was Shimomura who raised the alarm in the Internet world after someone used sophisticated hacking techniques on Christmas Day to remotely break into the computers he keeps in his beach cottage near San Diego and steal thousands of his data files. Almost from the moment Shimomura discovered the intrusion, he made it his business to use his own considerable hacking skills to aid the FBI's inquiry into the crime spree. He set up stealth monitoring posts, and each night over the last few weeks, Shimomura used software of his own devising to track the intruder, who was prowling around the Internet. The activity usually began around mid-afternoon, Eastern time, broke off in the early evening, then resumed shortly after midnight and continued through dawn. 's monitoring efforts enabled investigators to watch as the intruder commandeered telephone company switching centers, stole computer files from Motorola, Apple Computer and other companies, and copied 20,000 credit-card account numbers from a commercial computer network used by some of the computer world's wealthiest and technically savviest people. And it was Shimomura who concluded last Saturday that the intruder was probably Mitnick, whose whereabouts had been unknown since November 1992, and that he was operating from a cellular telephone network in Raleigh, N.C. Sunday morning, Shimomura took a flight from San Jose to Raleigh-Durham International Airport. By 3 a.m. Monday, he had helped local telephone company technicians and federal investigators use cellular-frequency scanners to pinpoint Mitnick's location: a 12-unit apartment building in the northwest Raleigh suburb of Duraleigh Hills. Over the next 48 hours, as the FBI sent in a surveillance team from Quantico, Va., obtained warrants and prepared for an arrest, cellular telephone technicians from Sprint Corp. monitored the electronic activities of the man they believed to be Mitnick. 4 The story of the investigation, particularly, Shimomura's role, is a tale of digital detective work in the ethereal world known as cyberspace. Article [3/4] A COMPUTER SLEUTH BECOMES A VICTIM On Christmas Day, Tsutomu Shimomura was in San Francisco, preparing to make the four-hour drive to the Sierra Nevadas, where he spends most of each winter as a volunteer on the cross-country ski patrol near Lake Tahoe. But the next day, before he could leave for the mountains, he received an alarming telephone call from his colleagues at the San Diego Supercomputer Center, the federally funded research center that employs him. Someone had broken into his home computer, which was 5 connected to the center's computer network. Shimomura returned to his beach cottage near San Diego, in Solana Beach, Calif., where he found that hundreds of software programs and files had been taken electronically from his powerful work station. This was no random ransacking: the information would be useful to anyone interested in breaching the security of computer networks or cellular phone systems. Taunting messages for Shimomura were also left in a computer-altered voice on the Supercomputer Center's voice-mail system. Almost immediately, Shimomura made two decisions. He was going to track down the intruders. And Lake Tahoe would have to wait awhile this year. The Christmas attack exploited a flaw in the Internet's design by fooling a target computer into believing that a message was coming from a trusted source. 6 By masquerading as a familiar computer, an attacker can gain access to protected computer resources and seize control of an otherwise well-defended system. In this case, the attack had been started from a commandeered computer at Loyola University of Chicago. Though the vandal was deft enough to gain control of Shimomura's computers, he, she or they had made a clumsy error. One of Shimomura's machines routinely mailed a copy of several record-keeping files to a safe computer elsewhere on the network -- a fact that the intruder did not notice. That led to an automatic warning to employees of the San Diego Supercomputer Center that an attack was under way. This allowed the center's staff to throw the burglar off the system, and it later allowed Shimomura to reconstruct the attack. In computer-security circles, Shimomura is a respected voice. Over the years, software security tools that he has designed have made him a valuable consultant not only to corporations, but also to the FBI, the Air Force and the National Security Agency. 7 WATCHING AN ATTACK FROM A BACK ROOM The first significant break in the case came on Jan. 28, after Bruce Koball, a computer programmer in Berkeley, Calif., read a newspaper account detailing the attack on Shimomura's computer. The day before, Koball had received a puzzling message from the managers of a commercial on-line service called the Well, in Sausalito. Koball is an organizer for a public-policy group called Computers, Freedom and Privacy, and the Well officials told him that the group's directory of network files was taking up millions of bytes of storage space, far more than the group was authorized to use. That struck him as odd, because the group had made only minimal use of the Well. But as he checked the group's directory on the Well, he 8 quickly realized that someone had broken in and filled it with Shimomuru's stolen files. Well officials eventually called in Shimomura, who recruited a colleague from the Supercomputer Center, Andrew Gross, and an independent computer consultant, Julia Menapace. Hidden in a back room at the Well's headquarters in an office building near the Sausalito waterfront, the three experts set up a temporary headquarters, attaching three laptop computers to the Well's internal computer network. Once Shimomura had established his monitoring system, the team had an immediate advantage: it could watch the intruder unnoticed. Though the identity of the attacker or attackers was unknown, within days a profile emerged that seemed increasingly to fit a well-known computer outlaw: Kevin D. Mitnick, who had been convicted in 1989 of stealing software from Digital Equipment Corp. 9 Among the programs found at the Well and at stashes elsewhere on the Internet was the software that controls the operations of cellular telephones made by Motorola, NEC, Nokia, Novatel, Oki, Qualcomm and other manufacturers. That would be consistent with the kind of information of interest to Mitnick, who had first made his reputation by hacking into telephone networks. And the burglar operated with Mitnick's trademark derring-do. One night, as the investigators watched electronically, the intruder broke into the computer designed to protect Motorola Corp.'s internal network from outside attack. But one brazen act helped investigators. Shimomura's team, aided by Mark Seiden, an expert in computer fire walls, discovered that someone had obtained a copy of the credit-card numbers for 20,000 members of Netcom Communications Inc., a service based in San Jose that provides Internet access. To get a closer look, the team moved its operation last Thursday to Netcom's network operation center in San Jose. The intruder. To let its customers connect their computer modems to its network with only a local telephone call, Netcom provides dozens of computer dial-in lines in cities across the country. Hacking into the long-distance network, the intruder was connecting a computer to various dial-in sites to elude detection. Still, every time the intruder would connect to the Netcom system, Shimomura was able to capture the computer keystrokes. Late last week, FBI surveillance agents in Los Angeles were almost certain that the intruder was operating somewhere in Colorado. Yet calls were also coming into the system from Minneapolis and Raleigh. The big break me late last Saturday night , as Shimomura and Gross, red-eyed from a 36-hour monitoring session, were eating pizza. Subpoenas issued by Kent Walker, the U.S. assistant attorney general in San Francisco, had begun to yield results from telephone company calling records. 1 And now came data from Walker showing that telephone calls had been placed to Netcom's dial-in phone bank in Raleigh through a cellular telephone modem. The calls were moving through a local switching office operated by GTE Corp. But GTE's records showed that the calls had looped through a nearby cellular phone switch operated by Sprint. Because of someone's clever manipulation of the network software, the GTE switch thought that the call had come from the Sprint switch, and the Sprint switch thought that the call had come from GTE. Neither company had a record identifying the cellular phone. When Shimomura called the number in Raleigh, he could hear it looping around endlessly with a "clunk, clunk" sound. He called a Sprint technician in Raleigh and spent five hours comparing Sprint's calling records with the Netcom log-ins. It was nearly dawn in San Jose when they determined that the cellular phone calls were being placed from near the Raleigh-Durham International Airport. 2 By 1 a.m. Monday, Shimomura was riding around Raleigh with a second Sprint technician, who drove his own car so as not to attract attention. From the passenger seat, Shimomura held a cellular-frequency direction-finding antenna and watched a signal-strength meter display its readings on a laptop computer screen. Within 30 minutes the two had narrowed the site to the Players Court apartment complex in Duraleigh Hills, three miles from the airport. At that point, it was time for law-enforcement officials to take over. At 10 p.m. Monday, an FBI surveillance team arrived from Quantico, Va. In order to obtain a search warrant it was necessary to determine a precise apartment address. And although Shimomura had found the apartment complex, pinning down the apartment was difficult because the cellular signals were creating a radio echo from an adjacent building. The FBI team set off with its own gear, driven by the Sprint technician, who this time was using his family van. 3 On Tuesday evening, the agents had an address -- Apartment 202 -- and at 8:30 p.m. a federal judge in Raleigh issued the warrant from his home. At 2 a.m. Wednesday, while a cold rain fell in Raleigh, FBI agents knocked on the door of Apartment 202. It took Mitnick more than five minutes to open it. When he did, he said he was on the phone with his lawyer. But when an agent took the receiver, the line went dead. Article [4/4] From: emmanuel@well.sf.ca.us (Emmanuel Goldstein) Newsgroups: alt.2600 Subject: Mitnick Saga - what the media is missing OK, this is literally the first moment I've had since this morning to post anything. To start with, some of you seem to think it's foolish of me to admit talking to Kevin while he was a fugitive. I don't agree. For one thing, it's rather difficult to speak about somebody if you've never been in touch with them and right now there aren't a whole lot of people speaking out about Kevin except to condemn him. So I really have no choice. I never conspired with him on anything; he needed a friend to talk to and that's the role I played. If that makes me a criminal, then so be it. I suppose my soul can be partially salvaged by the good possibility that the tap and trace on my line was a great help in tracking him down. It's sheer speculation but we both knew the risks. Let's move on to the more concrete issues. The first I heard of Kevin's fugitive status was at last year's CFP conference in Chicago when the FBI arrested the "wrong" Kevin Mitnick. Too bad this little story didn't make it into the Times piece - a really good summation appeared in a Peter Lewis story last March, also in the Times. According to this morning's story by Markoff, he's been on the run for "more than two years" (November 1992) or "several" years as reported later. This isn't all that important but I find it rather odd that nobody seemed to even know he was on the run until last year - this is something I could be entirely wrong about though. I'll continue to look into it. In reading the opening paragraph of this morning's story, Mitnick is described as a "computer expert accused of a long crime spree that includes the theft of thousands of data files and at least 20,000 credit card numbers from computer systems around the nation". It sounds really bad from this description. Even I got the impression Kevin was doing some bigtime credit fraud from *that* description. Let's look a little closer.... First off, the phrase "theft of thousands of data files" to the average person connotates someone *taking away* specific and valuable items as part of an elaborate plot. That's what it suggested to me until I asked myself, "OK, what is this *really* saying?" To me, it sounds like he copied someone's hard drive. Same exact thing, totally different connotation. Now I'm not justifying this kind of thing. Let's just put it into perspective. What was actually done? With a one line command, I can "steal" thousands of data files too - any of us can. I want to know what specifically we're talking about. Now with regards to the credit card numbers, this is woefully misleading. As far as I can see, the only computer system we're talking about here is netcom, not "computer systems around the nation". Netcom is currently saying that this is something that happened recently and it never happened before. This is false. As is common knowledge in the hacker world, netcom's credit file was compromised last summer and bits of it were displayed over irc. We reported this in the autumn issue of 2600. Unlike the Well, Netcom is not up front about its security problems and they have had massive security problems, absolutely massive. So they're not saying Mitnick had anything to do with the release of the credit file over the summer because they're denying that it ever happened over the summer. It's very obvious that this wasn't Mitnick anyway since it doesn't really fit in with his style to post things on irc. So I agree with netcom on this - Mitnick didn't access their credit file over the summer. Now, did he access it last month as they are now claiming? If this was even possible, then the world needs to know that netcom thinks so little of its users' privacy that it *continues* to store such sensitive information *online* even after it became well known that there was a problem. Of course, it's also possible that Mitnick merely accessed a copy of the file left over from last summer. That wouldn't even involve accessing netcom and isn't illegal in itself. That covers the first paragraph. There is much more that's disturbing here. Fifth paragraph: "On Christmas Day, he broke into the home computer of a computer security expert, Tsutomu Shimomura, a researcher at the federally financed San Diego Supercomputer Center." Correct me if I'm wrong, but shouldn't the word "allegedly" be in there someplace? None of this has been proven and I wouldn't be surprised if it never was. That is a very inflammatory and potentially libelous thing to put on the front page of the Times. Now let's take a look at the technique used to find Mitnick. "Mr. Shimomura had flown on Sunday morning to Raleigh, where he helped telephone company technicians and Federal investigators use cellular-frequency scanners to home in on Mr. Mitnick." Does this mean they were monitoring cellular calls? How exactly was this done so that other cellular calls were not also monitored? What are the legalities involved? These are very important questions that go beyond the Mitnick case, none of which was addressed in the article. I should point out that a criminal case in Holland a few years back was thrown out when it was proven that there was no way to have obtained the evidence (monitoring cellular calls) without invading the privacy of others. The article finally admits 14 paragraphs in that there is no evidence to suggest that Mitnick was engaged in credit card fraud (an allegation strongly hinted at in the lead sentence) and that he "seemed more concerned with proving that his technical skills are better than those whose job it is to protect the computer networks he has attacked". This leads me to ask the same question I've been asking ever since I found out he was on the run: what exactly is he being accused of doing in the first place? Violating probation is the only concrete thing I hear - everything else is nebulous or unsubstantiated with any real facts. Wiretapping the FBI? How exactly does someone do this? And how do you trace it to somebody who has no fixed location? Where are the witnesses? Where is the blood? We deserve to know some real facts here, not just speculation of the sort to indicate that "probably Mr. Mitnick" is responsible. On February 2, 1995, I was advised by Gross a computer at The Well (an internet provider), San Francisco, California, was compromised. GROSS reported that the machine compromised at the Well was well.well.com (aka well.sf.ca.us). The account used to gain access is called "dono." The logged session contained many ftp transfers (ftp being a program for moving files form [sic] one machine to another in either direction) to the account "dono." The intruder had previously eliminated any other traces of activity that would have similar logs. In the home directory of the account "dono," there are several files of an unusual nature. "Wietse" is a file of personal E-mail from DAN FARMER to WIETSE VENEMA (two well known authorities in computer security). The file "0108.gz" is a compressed file that contains copies of credit card numbers from the Internet provider Netcom. The files "newoki.tar.Z" and "okitsu.tar.Z" match files found at Loyola University by Tom Reynolds that were confirmed to have been copied from Tsutomu Shimomura's machine ariel.sdsc.edu. The remaining files contain tools for breaking into computers (obtaining root access, e.g. full access to the machine and all user data), tools for hiding the intruder's tracks, electronic mail from several sources, and source code which has not been identified yet. Gross advised that the majority of activity in the "dono" account originated from the machine teal.csn.org which belongs to the Colorado Supernet (CSN) (an Internet provider). The session documented on January 31, 1995, shows that the person using the "dono" account had knowledge of the files taken from Shimomura's machine and in one case the person in question renames one of the files to a more memorable name. Gross provided a copy of one full session from teal.csn.org wherein the person logs in and uses the "newgrp" command which has been replaced with a hacker version of newgrp that allows root access (Superuser). The "zap2" program is then run to delete the corresponding accounting records in the log files. The intruder then goes to the "nascom" directory, looks at the files, renames one of the files (indicating prior knowledge of their existence), and then users [sic] the "last" command to make sure the accounting log files are clean. Gross also provided a detailed listing of the files in the nascom directory. The files are copies of the originals taken form [sic] Tsutomu Shimomura's machine ariel.sdsc.edu on December 25-26, 1994. The files also match the copies found at Loyola University. What I'm after, and what I think most of us ultimately want, is a straight answer as to just who has had their privacy violated and how. Right now every user on both The Well and Netcom seems to believe they were Mitnick's personal target and Mitnick is the one word answer for any and all problems we've experienced within the last couple of months. I can understand the frustration and anger but we have to put it into perspective. No one person could have done anywhere near what Mitnick is being accused of. And for him to have succeeded at all, mistakes had to have been made by people who really should have known better. Tsutomu Shimomura is getting a lot of praise and I don't doubt that he deserves it. But he made a big mistake in thinking his files were secure and, as a security expert, the mistake counts double, imho. But this kind of thing is commonplace on the net and part of the growing pains we'll be experiencing for some time to come. If the overall net mood were that of straightforwardness rather than culpability, we might not be seeing scenarios like this playing out in this fashion. Personally, when I heard about the spoofing, it was confirmation to me that the net is not secure, period. No longer any doubt or question - we've still got a ways to go. In a strange sense, confirmation of that was reassuring. At least we all knew what time it was. How Kevin was treated in the past has shaped who he is today. Locking someone in solitary confinement and making them into an international "dark side" figure in the media and in books will have an effect and it won't always be the one you desire. Had there not been so much hype attached to this case, it's likely Kevin wouldn't have felt the need to go underground for such a long period. Those of you who want so desperately to see him punished should take comfort in the fact that he had few peaceful moments during this long escapade - life on the run is life in hell. Try it sometime. [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] MODEM STANDARDS - No Fear [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] First there was 2400 modems with V.22bis. Then came the v.32 bis, the V.42bis, and now there is V.34 (previously called V.fast)? What does this all mean? Well, these codes indicate what kind of speeds your modem can achieve, and what functions it can do: error correction, compression, etc... But what it comes down to is this: V.34bis is new and it is better because it has a variety of sampling rates, larger bandwidth and coding schemes chosen on-the-fly. And most important, it departs from the old V.22bis architecture. The V.34bis is quite special. Not only does it indicate that the modem can run at 28.8kbps (It's kilobits per second folks, not kilobytes like some of you think.) But the V.34bis also means that the modem supports DSVD (Digital Simultaneous Voice and Data). Yes that means that both data and voice can be shared simultaneously on a single dial-up connection. For the techies out there, the way it works is that data is chopped and multiplexed into packets, like ATM (Asychronous Transfer Mode). This will give rise to simple forms of videoconferencing. Modems no longer are little cards or boxex that you plug in/to your computer. More and more often, modems are packaged with other interesting functions: fax, caller ID, etc... Because modems are nothing more than programmable devices, it is relatively easy to add new functions. Some manufacteres have added full-duplex speaker-phone capability. Ugrading from a fax/modem to a full-duplex speaker-phone requires less than $10 in parts. Some may wonder, how long it will take before the the telephone it self will be integrated in the modems. With old modems, there were two engines on board: the DSP and a micro- controller to handle Hayes protocol and interface. But with faster processors (Pentiums, PowerPC, MIPS, Alpha etc...) in todays PC, the use of micro-controllers are becoming redundant. The CPU will be the engine that performs modem controller functions. Therefore, the multitasking abilities of the CPU could be employed. It will be possible to send data, voice and MIDI files at the same time over a standard phone line. But soon developpers will hit a wall. There will come a time where standard phone lines and switches simply cannot yield faster transfers. What will happen then? Is the next logical step fiber-optics into the homes, or a cheaper alternative: using cable TV? [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] COMING SOON: INTEL'S P6 - No Fear [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] If you are bitchin' and whinnin' about the slugish performance of your latest Pentium 100MHz PC, have no fear, the P6 is soon to be hear! Yes you heard me right. If you know the right people with the right connections, then you might just be lucky enough to get your hands on a brand new P6 humming away at a cool 133MHZ by the end of summer. But the problem is that the first P6s will be installed into high-end servers. Thus if you don't have the need for such beasts, you'll have to wait until Christmas or early spring. The P6 processor packs 5.5 million transitors into a package smaller than that of the high-end 3.3 million transitors Pentium. The new chip uses a design called: dynamic execution, which is similar to what RISC chips do. This design helps the system anticipate the next execution, which dramatically speeds up the process. Benchmark tests have already shown that a 133MHz P6 is twice as fast as a 100MHz Pentium machine. Intel is already shipping a 120MHz version of the Pentium and a 133Mhz, and 150MHz version is in the making. If you still need more power, then ou better set your eyes on some 64-bit Silicon Graphics or Hewlett Packard workstations. Then your flyin'. [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] RED BOX - No Fear [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] Any of you want to make a red box? Well here is hint that I picked up on the net. Skip along to your friendly neighborhood Radio Shack, don't forget to hum along the way. Locate the Radio Shack 30 memory pocket dialer and find a 6.55MHZ crystal. Some say that it should be 6.55xxxMHz, while others say that it is closer to 6.49xxxMHz. Well once you got the crystal, open up the pocket dialer and replace the current crystal with the new one you bought. Set the memory to dial ***** and... there is your dialer. Give it a try. If it doesn't work, don't dispare, it makes a great gift for grandma and grandpa. [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] CISC VS RISC - No Fear [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] Which one is better? In the past couple of years, RISC processors have evolved at an incredible speed. The processors in the latest lightning fast PCs are often RISC processors by either Motorola, MIPS, HP or Digital. But the X86 CISC architecture is still very strong. But could the Pentium be one of the last? One of the biggest advantages of RISC is performance. RISC processors tend to run twice as fast as the equivalent CISC processor. Many of then can do more than one operation per cycle, while most CISC require more than one cycle to perform an operation. Remember, just because your CPU runs at 90MHz does not mean that it can do 90 mips (Million Instructions Per Second). The 90MHz means that the internal clock ticks 90 million times a second, but it may take 2 or 3 ticks before an instruction is executed. This is the main reason why audio/visual, FX, games applications tend to run better on RISC chips. The Sega Saturn and the soon to be released Nintendo 64-bit system (with the help from Silicon Graphics) all contain super fast 64-bit RISC chips. Never the less, CISC does have certain advantages over RISC. The most important is interrupt handling. In most CISC's the interrupt handling in microcoded into the circuitry, while many RISC need software to handle the job. And since software handling is slower than hardware, if the interrupts are not handles within a certain delay of time, the system will fail to operate properly. The entire pipeline must be flushed and refilled, thus it must load more instructions. But some RISC chips are starting to handle interrupts through microcode such as the 500-series PowerPC. Another problem is that RISC systems tend to need 20-30% more memory than their CISC counterpart. But the cache size on the chip is rather large, which helps keep I/O smooth at speed in excess of 200MHz. In the future, RISC chips will become more and more common, even Intel is replacing its dying X86 chips (expect the P6 to have strong RISC tendencies). What will be the processor to beat the RISC? The MPP (Massively Paralleled Processors) where each processor is small but has its own memory and I/O controller. And when a couple hundred of them are each doing a different operation, you can quickly execute large instructions since it's chopped into smaller bits fro each processor [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] ALL THE VIRUSES YOU WANT - No Fear [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] Some of you like viruses while others are terrified of them. Well for all you virus lovers out there, a company by the name of AMERICAN EAGLE PUBLICATIONS is offering about 5000 of them on a CD-ROM titled "The Collection: Outlaws of the Wild West" for a cool $100. And yes, all 5000 of them do work, but only on IBM PCs and compatibles. The CD is also packed with 12MB of source codes and disassembles, mutation engines and virus creation laboratory, as well as 70MB of newsletters. And to be on the safe side of things, the CD also comes packed with tons of antivirus software as well as lots of information on the viruses. Well what can I say, it was only a matter of time before someone decided to collect and sell them. Enjoy. [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->]- [<->] 613 HPACV SCENE - Source Unknown [<->][<->][<->][<->][<->][<->][<->][<->][<->][<->] Most people out there in the HPACV scene neglect much of what it is exactly to be a true HPACVer. The other day, as I was skimming through the message bases of a board, I saw a few messages saying "Anarchy is better the Phreaking" or "Hacking sucks. Phreaking is the way to go." This just dosent make sense to me. You shouldn't neglect every aspect out of HPACV. What I mean by this is that you should be familiar with every section of the HPACV scene, and if you like one better then the rest, specialize yourself in that domain, but dont put the others down. The best phreaker in the world would look very stupid if he was trying to break into a telco box, but couldnt get in because he never read "How to pick locks" anarchy text files. And the best hacker humiliate himself, if he wasent able to properly use a virus. Anyways, all Im saying is that Im sick of seeing "Phreaking is the best" messages being posted in the bases. Its like a video game. When you see a character who has 80% at Strength, Stamina, Speed, Intelligence and Wisdom, you pick him over the guy who has 100% at Strength and 65% at everything else. Same thing goes for HPACV. Id rather be somebody who has 80% in every aspect of HPACV then somebody who has 100% at phreaking and only 65% at the rest. My point is, every domain in HPACV has its own values. You should try to acquire as much experience as you can with them all. Learn as much as you can. Knowledge is power. The more you know, the more methods you have at your disposal to effectively fuck somebody over. If you only want to phreak, thats fine with me, but you should at least learn the basics of the other domains. <[END OF MAGAZINE]> NEXT ISSUE: DBE issue 7 will be HEAVILY HPACV oriented. If you didnt enjoy this issue because you feel that it didnt contain enough HPACV related material, keep a close look for DBE_MAG7.ZIP which should be comming out either on October 1st or November 1st. "Some martial arts are very popular, real crowd pleasers, because they look good, have smooth techniques. But beware. They are like a wine that has been watered. A diluted wine is not a real wine, not a good wine, hardly the genuine article. Some martial arts don't look so good, but you know that they have a kick, a tang, a genuine taste. They are like olives. The taste may be strong and bitter-sweet. The flavor lasts. You cultivate a taste for them. No one ever developed a taste for diluted wine." - Bruce Lee, Tao of Jeet Kune Do