AOH :: P47-08.TXT

The #hack FAQ (Part 4)



                              ==Phrack Magazine==

                 Volume Six, Issue Forty-Seven, File 8 of 22


05. What are some gopher sites of interest to hackers?

  ba.com                  (Bell Atlantic)
  csrc.ncsl.nist.gov      (NIST Security Gopher)
  gopher.acm.org          (SIGSAC (Security, Audit & Control))
  gopher.cpsr.org         (Computer Professionals for Social Responsibility)
  gopher.cs.uwm.edu
  gopher.eff.org          (Electonic Frontier Foundation)
  gw.PacBell.com          (Pacific Bell)
  iitf.doc.gov            (NITA -- IITF)
  oss.net                 (Open Source Solutions)
  spy.org                 (Computer Systems Consulting)
  wiretap.spies.com       (Wiretap)


06. What are some World wide Web (WWW) sites of interest to hackers?

  http://alumni.caltech.edu/~dank/isdn/           (ISDN)
  http://aset.rsoc.rockwell.com                   (NASA/MOD AIS Security)
  http://aset.rsoc.rockwell.com/exhibit.html      (Tech. for Info Sec)
  http://att.net/dir800                           (800 directory)
  http://ausg.dartmouth.edu/security.html         (Security)
  http://cs.purdue.edu/coast/coast.html           (Coast)
  http://csrc.ncsl.nist.gov                       (NIST)
  http://dhp.com/~pluvius
  http://dfw.net/~aleph1                          (Eubercrackers)
  http://draco.centerline.com:8080/~franl/crypto.html (Crypto)
  http://everest.cs.ucdavis.edu/Security.html     (Security)
  http://everest.cs.ucdavis.edu/slides/slides.html(Security Lab Slides)
  http://ezinfo.ethz.ch/ETH/D-REOK/fsk/fsk_homepage.html  (CSSCR)
  http://first.org                                (FIRST)
  http://ftp.tamu.edu/~abr8030/security.html      (Security)
  http://hightop.nrl.navy.mil/potpourri.html      (Security)
  http://hightop.nrl.navy.mil/rainbow.html        (Rainbow Books)
  http://ice-www.larc.nasa.gov/ICE/papers/hacker-crackdown.html (Sterling)
  http://ice-www.larc.nasa.gov/ICE/papers/nis-requirements.html (ICE NIS)
  http://info.bellcore.com/BETSI/betsi.html       (Betsi)
  http://infosec.nosc.mil/infosec.html            (SPAWAR INFOSEC)
  http://l0pht.com                                (The l0pht)
  http://l0pht.com/~oblivion/IIRG.html            (Phantasy Magazine)
  http://mindlink.jolt.com                        (The Secrets of LockPicking)
  http://mls.saic.com                             (SAIC MLS)
  http://naic.nasa.gov/fbi/FBI_homepage.html      (FBI Homepage)
  http://nasirc.hq.nasa.gov                       (NASA ASIRC)
  http://ophie.hughes.american.edu/~ophie
  http://ripco.com:8080/~glr/glr.html             (Full Disclosure)
  http://spy.org                                  (CSC)
  http://tansu.com.au/Info/security.html          (Comp and Net Security)
  http://the-tech.mit.edu                         (LaMacchia case info)
  http://wintermute.itd.nrl.navy.mil/5544.html    (Network Security)
  http://www.aads.net                             (Ameritech)
  http://www.alw.nih.gov/WWW/security.html        (Unix Security)
  http://www.artcom.de/CCC                        (CCC Homepage)
  http://www.aspentec.com/~frzmtdb/fun/hacker.html
  http://www.aus.xanadu.com:70/1/EFA              (EFF Australia)
  http://www.ba.com                               (Bell Atlantic)
  http://www.beckman.uiuc.edu/groups/biss/VirtualLibrary/xsecurity.html(X-Win)
  http://www.bell.com                             (MFJ Task Force)
  http://www.bellcore.com/SECURITY/security.html  (Bellcore Security Products)
  http://www.brad.ac.uk/~nasmith/index.html
  http://www.bst.bls.com                          (BellSouth)
  http://www.c3.lanl.gov/~mcn                     (Lanl)
  http://www.cert.dfn.de/                         (German First Team)
  http://www.commerce.net/information/standards/drafts/shttp.txt (HyperText)
  http://www.contrib.andrew.cmu.edu:8001/usr/dscw/home.html
  http://www.cpsr.org/home                        (CPSR)
  http://www.cs.tufts.edu/~mcable/cypher/alerts/alerts.html (Cypherpunk)
  http://www.cs.tufts.edu/~mcable/HackerCrackdown (Hacker Crackdown)
  http://www.cs.umd.edu/~lgas
  http://www.cs.cmu.edu:8001/afs/cs.cmu.edu/user/bsy/www/sec.html (Security)
  http://www.csd.harris.com/secure_info.html      (Harris)
  http://www.csl.sri.com                          (SRI Computer Science Lab)
  http://www.cybercafe.org/cybercafe/pubtel/pubdir.html (CyberCafe)
  http://www.datafellows.fi                       (Data Fellows)
  http://www.delmarva.com/raptor/raptor.html      (Raptor Network Isolator)
  http://www.demon.co.uk/kbridge                  (KarlBridge)
  http://www.digicash.com/ecash/ecash-home.html   (Digital Cash)
  http://www.digital.com/info/key-secure-index.html(Digital Secure Systems)
  http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html(Bugtraq)
  http://www.eecs.nwu.edu/~jmyers/ids/index.html  (Intrusion Detection Systems)
  http://www.eff.org/papers.html                  (EFF)
  http://www.engin.umich.edu/~jgotts/boxes.html   (Box info)
  http://www.engin.umich.edu/~jgotts/hack-faq.html(This document)
  http://www.engin.umich.edu/~jgotts/underground.html
  http://www.ensta.fr/internet/unix/sys_admin     (System administration)
  http://www.etext.org/Zines/                     (Zines)
  http://www.fc.net/defcon                        (DefCon)
  http://www.fc.net/phrack.html                   (Phrack Magazine)
  http://www.first.org/first/                     (FIRST)
  http://www.greatcircle.com                      (Great Circle Associates)
  http://www.hpcc.gov/blue94/section.4.6.html     (NSA)
  http://www.ic.gov                               (The CIA)
  http://www.lerc.nasa.gov/Unix_Team/Dist_Computing_Security.html (Security)
  http://www.lysator.liu.se:7500/terror/thb_title.html (Terrorists Handbook)
  http://www.lysator.liu.se:7500/mit-guide/mit-guide.html (Lockpicking Guide)
  http://www.net23.com                            (Max Headroom)
  http://www.nist.gov                             (NIST)
  http://www.pacbell.com                          (Pacific Bell)
  http://www.paranoia.com/mthreat                 (ToneLoc)
  http://www.pegasus.esprit.ec.org/people/arne/pgp.html (PGP)
  http://www.phantom.com/~king                    (Taran King)
  http://www.quadralay.com/www/Crypt/Crypt.html   (Quadralay Cryptography)
  http://www.qualcomm.com/cdma/wireless.html      (Qualcomm CDMA)
  http://www.research.att.com                     (AT&T)
  http://ripco.com:8080/~glr/glr.html             (Full Disclosure)
  http://www.rsa.com                              (RSA Data Security)
  http://www.satelnet.org/~ccappuc
  http://www.service.com/cm/uswest/usw1.html      (USWest)
  http://www.shore.net/~oz/welcome.html           (Hack TV)
  http://www.spy.org                              (Computer Systems Consulting)
  http://www.sri.com                              (SRI)
  http://www.tansu.com.au/Info/security.html      (Security Reference Index)
  http://www.tis.com                              (Trusted Information Systems)
  http://www.tri.sbc.com                          (Southwestern Bell)
  http://www.uci.agh.edu.pl/pub/security          (Security)
  http://www.umcc.umich.edu/~doug/virus-faq.html  (Virus)
  http://www.usfca.edu/crackdown/crack.html       (Hacker Crackdown)
  http://www.wam.umd.edu/~ankh/Public/devil_does_unix
  http://www.wiltel.com                           (Wiltel)
  http://www.winternet.com/~carolann/dreams.html
  http://www.wired.com                            (Wired Magazine)


07. What are some IRC channels of interest to hackers?

  #2600
  #cellular
  #hack
  #phreak
  #linux
  #realhack
  #root
  #unix
  #warez


08. What are some BBS's of interest to hackers?

  Rune Stone              (203)832-8441
  Hacker's Haven          (303)343-4053
  Independent Nation      (315)656-4179
  Ut0PiA                  (315)656-5135
  underworld_1994.com     (514)683-1894
  Digital Fallout         (516)378-6640
  Alliance Communications (612)251-8596
  Maas-Neotek             (617)855-2923
  Apocalypse 2000         (708)676-9855
  K0dE Ab0dE              (713)579-2276
  fARM R0Ad 666           (713)855-0261
  

09. What are some books of interest to hackers?

General Computer Security
~~~~~~~~~~~~~~~~~~~~~~~~~
  Computer Security Basics
  Author: Deborah Russell and G.T. Gengemi Sr.
  Publisher: O'Reilly & Associates, Inc.
  Copyright Date: 1991
  ISBN: 0-937175-71-4

        This is an excellent book.  It gives a broad overview of
        computer security without sacrificing detail.  A must read for
        the beginning security expert.

  Computer Security Management
  Author: Karen Forcht
  Publisher: Boyd and Fraser
  Copyright Date: 1994
  ISBN: 0-87835-881-1

  Information Systems Security
  Author: Philip Fites and Martin Kratz
  Publisher: Van Nostrad Reinhold
  Copyright Date: 1993
  ISBN: 0-442-00180-0

  Computer Related Risks
  Author: Peter G. Neumann
  Publisher: Addison-Wesley
  Copyright Date: 1995
  ISBN: 0-201-55805-X

  Computer Security Management
  Author: Karen Forcht
  Publisher: boyd & fraser publishing company
  Copyright Date: 1994
  ISBN: 0-87835-881-1

  The Stephen Cobb Complete Book of PC and LAN Security
  Author: Stephen Cobb
  Publisher: Windcrest Books
  Copyright Date: 1992
  ISBN: 0-8306-9280-0 (hardback) 0-8306-3280-8 (paperback)

  Security in Computing
  Author: Charles P. Pfleeger
  Publisher: Prentice Hall
  Copyright Date: 1989
  ISBN: 0-13-798943-1.

  Building a Secure Computer System
  Author: Morrie Gasser
  Publisher: Van Nostrand Reinhold Co., New York.
  Copyright Date:
  ISBN: 0-442-23022-2

  Modern Methods for Computer Security
  Author: Lance Hoffman
  Publisher: Prentice Hall
  Copyright Date: 1977
  ISBN:

  Windows NT 3.5 Guidelines for Security, Audit and Control
  Author:
  Publisher: Microsoft Press
  Copyright Date:
  ISBN: 1-55615-814-9


Unix System Security
~~~~~~~~~~~~~~~~~~~~
  Practical Unix Security
  Author: Simson Garfinkel and Gene Spafford
  Publisher: O'Reilly & Associates, Inc.
  Copyright Date: 1991
  ISBN: 0-937175-72-2

        Finally someone with a very firm grasp of Unix system security
        gets down to writing a book on the subject.  Buy this book.
        Read this book.

  Firewalls and Internet Security
  Author: William Cheswick and Steven Bellovin
  Publisher: Addison Wesley
  Copyright Date: 1994
  ISBN: 0-201-63357-4

  Unix System Security
  Author: Rik Farrow
  Publisher: Addison Wesley
  Copyright Date: 1991
  ISBN: 0-201-57030-0

  Unix Security: A Practical Tutorial
  Author: N. Derek Arnold
  Publisher: McGraw Hill
  Copyright Date: 1993
  ISBN: 0-07-002560-6

  Unix System Security: A Guide for Users and Systems Administrators
  Author: David A. Curry
  Publisher: Addison-Wesley
  Copyright Date: 1992
  ISBN: 0-201-56327-4

  Unix System Security
  Author: Patrick H. Wood and Stephen G. Kochan
  Publisher: Hayden Books
  Copyright Date: 1985
  ISBN: 0-672-48494-3

  Unix Security for the Organization
  Author: Richard Bryant
  Publisher: Sams
  Copyright Date: 1994
  ISBN: 0-672-30571-2


Network Security
~~~~~~~~~~~~~~~~
  Network Security Secrets
  Author: David J. Stang and Sylvia Moon
  Publisher: IDG Books
  Copyright Date: 1993
  ISBN: 1-56884-021-7

        Not a total waste of paper, but definitely not worth the
        $49.95 purchase price.  The book is a rehash of previously
        published information.  The only secret we learn from reading
        the book is that Sylvia Moon is a younger woman madly in love
        with the older David Stang.

  Complete Lan Security and Control
  Author: Peter Davis
  Publisher: Windcrest / McGraw Hill
  Copyright Date: 1994
  ISBN: 0-8306-4548-9 and 0-8306-4549-7

  Network Security
  Author: Steven Shaffer and Alan Simon
  Publisher: AP Professional
  Copyright Date: 1994
  ISBN: 0-12-638010-4


Cryptography
~~~~~~~~~~~~
  Applied Cryptography: Protocols, Algorithms, and Source Code in C
  Author: Bruce Schneier
  Publisher: John Wiley & Sons
  Copyright Date: 1994
  ISBN: 0-471-59756-2

        Bruce Schneier's book replaces all other texts on
        cryptography.  If you are interested in cryptography, this is
        a must read.  This may be the first and last book on
        cryptography you may ever need to buy.

  Cryptography and Data Security
  Author: Dorothy Denning
  Publisher: Addison-Wesley Publishing Co.
  Copyright Date: 1982
  ISBN: 0-201-10150-5

  Protect Your Privacy: A Guide for PGP Users
  Author: William Stallings
  Publisher: Prentice-Hall
  Copyright Date: 1994
  ISBN: 0-13-185596-4


Programmed Threats
~~~~~~~~~~~~~~~~~~
  The Little Black Book of Computer Viruses
  Author: Mark Ludwig
  Publisher: American Eagle Publications
  Copyright Date: 1990
  ISBN: 0-929408-02-0

        The original, and still the best, book on computer viruses.
        No media hype here, just good clean technical information.

  Computer Viruses, Artificial Life and Evolution
  Author: Mark Ludwig
  Publisher: American Eagle Publications
  Copyright Date: 1993
  ISBN: 0-929408-07-1

  Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other
        Threats to Your System
  Author: John McAfee and Colin Haynes
  Publisher: St. Martin's Press
  Copyright Date: 1989
  ISBN: 0-312-03064-9 and 0-312-02889-X

  The Virus Creation Labs: A Journey Into the Underground
  Author: George Smith
  Publisher: American Eagle Publications
  Copyright Date: 1994
  ISBN:


Telephony
~~~~~~~~~
  Engineering and Operations in the Bell System
  Author: R.F. Rey
  Publisher: Bell Telephont Laboratories
  Copyright Date: 1983
  ISBN: 0-932764-04-5

        Although hopelessly out of date, this book remains *THE* book
        on telephony.  This book is 100% Bell, and is loved by phreaks
        the world over.

  Telephony: Today and Tomorrow
  Author: Dimitris N. Chorafas
  Publisher: Prentice-Hall
  Copyright Date: 1984
  ISBN: 0-13-902700-9

  The Telecommunications Fact Book and Illustrated Dictionary
  Author: Ahmed S. Khan
  Publisher: Delmar Publishers, Inc.
  Copyright Date: 1992
  ISBN: 0-8273-4615-8

        I find this dictionary to be an excellent reference book on
        telephony, and I recommend it to anyone with serious
        intentions in the field.

  Tandy/Radio Shack Cellular Hardware
  Author: Judas Gerard and Damien Thorn
  Publisher: Phoenix Rising Communications
  Copyright Date: 1994
  ISBN:

  The Phone Book
  Author: Carl Oppendahl
  Publisher: Consumer Reports
  Copyright Date:
  ISBN: 0-89043-364-x

        Listing of every cellular ID in the us, plus roaming ports,
        and info numbers for each carrier.

  Principles of Caller I.D.
  Author:
  Publisher: International MicroPower Corp.
  Copyright Date:
  ISBN:


Hacking History and Culture
~~~~~~~~~~~~~~~~~~~~~~~~~~~
  The Hacker Crackdown: Law and Disorder on the Electronic Frontier
  Author: Bruce Sterling
  Publisher: Bantam Books
  Copyright Date: 1982
  ISBN: 0-553-56370-X

        Bruce Sterling has recently released the book FREE to the net.
        The book is much easier to read in print form, and the
        paperback is only $5.99.  Either way you read it, you will be
        glad you did.  Mr. Sterling is an excellent science fiction
        author and has brought his talent with words to bear on the
        hacking culture.  A very enjoyable reading experience.

  Cyberpunk
  Author: Katie Hafner and John Markoff
  Publisher: Simon and Schuster
  Copyright Date: 1991
  ISBN: 0-671-77879-X

  The Cuckoo's Egg
  Author: Cliff Stoll
  Publisher: Simon and Schuster
  Copyright Date: 1989
  ISBN: 0-671-72688-9

  Hackers: Heroes of the Computer Revolution
  Author: Steven Levy
  Publisher: Doubleday
  Copyright Date: 1984
  ISBN: 0-440-13495-6


Unclassified
~~~~~~~~~~~~
  The Hacker's Handbook
  Author: Hugo Cornwall
  Publisher: E. Arthur Brown Company
  Copyright Date:
  ISBN: 0-912579-06-4

  Secrets of a Super Hacker
  Author: The Knightmare
  Publisher: Loompanics
  Copyright Date: 1994
  ISBN: 1-55950-106-5

        The Knightmare is no super hacker.  There is little or no real
        information in this book.  The Knightmare gives useful advice
        like telling you not to dress up before going trashing.
        The Knightmare's best hack is fooling Loompanics into
        publishing this garbage.

  The Day The Phones Stopped
  Author: Leonard Lee
  Publisher: Primus / Donald I Fine, Inc.
  Copyright Date: 1992
  ISBN: 1-55611-286-6

        Total garbage.  Paranoid delusions of a lunatic.  Less factual
        data that an average issue of the Enquirer.

  Information Warfare
  Author: Winn Swartau
  Publisher: Thunder Mountain Press
  Copyright Date: 1994
  ISBN: 1-56025-080-1

  An Illustrated Guide to the Techniques and Equipment of Electronic Warfare
  Author: Doug Richardson
  Publisher: Salamander Press
  Copyright Date:
  ISBN: 0-668-06497-8


10. What are some videos of interest to hackers?

  'Unauthorized Access' by Annaliza Savage
  $25 on VH S format in 38-min
  Savage Productions
  1803 Mission St., #406
  Santa Cruz, CA 95060


11. What are some mailing lists of interest to hackers?

  Academic Firewalls
  Reflector Address:
  Registration Address: Send a message to majordomo@greatcircle.com
                        containing the line "subscribe firewalls user@host"

  Bugtraq
  Reflector Address:    bugtraq@fc.net
  Registration Address: bugtraq-request@fc.net

  Cert Tools
  Reflector Address:    cert-tools@cert.org
  Registration Address: cert-tools-request@cert.org

  Computers and Society
  Reflector Address:    Comp-Soc@limbo.intuitive.com
  Registration Address: taylor@limbo.intuitive.com

  Coordinated Feasibility Effort to Unravel State Data
  Reflector Address:    ldc-sw@cpsr.org
  Registration Address:

  CPSR Announcement List
  Reflector Address:    cpsr-announce@cpsr.org
  Registration Address:

  CPSR - Intellectual Property
  Reflector Address:    cpsr-int-prop@cpsr.org
  Registration Address:

  CPSR - Internet Library
  Reflector Address:    cpsr-library@cpsr.org
  Registration Address:

  DefCon Announcement List
  Reflector Address:
  Registration Address: Send a message to majordomo@fc.net containing
                        the line "subscribe dc-announce"

  DefCon Chat List
  Reflector Address:
  Registration Address: Send a message to majordomo@fc.net containing
                        the line "subscribe dc-stuff"

  IDS (Intruder Detection Systems)
  Reflector Address:
  Registration Address: Send a message to majordomo@wyrm.cc.uow.edu.au
                        containing the line "subscribe ids"

  Macintosh Security
  Reflector Address:    mac-security@eclectic.com
  Registration Address: mac-security-request@eclectic.com

  NeXT Managers
  Reflector Address:
  Registration Address: next-managers-request@stolaf.edu

  Phiber-Scream
  Reflector Address:
  Registration Address: Send a message to listserv@netcom.com
                        containing the line "subscribe phiber-scream user@host"

  phruwt-l (Macintosh H/P)
  Reflector Address:
  Registration Address: Send a message to filbert@netcom.com
                        with the subject "phruwt-l"

  rfc931-users
  Reflector Address:    rfc931-users@kramden.acf.nyu.edu
  Registration Address: brnstnd@nyu.edu

  RSA Users
  Reflector Address:    rsaref-users@rsa.com
  Registration Address: rsaref-users-request@rsa.com


12. What are some print magazines of interest to hackers?

2600 - The Hacker Quarterly
~~~~~~~~~~~~~~~~~~~~~~~~~~~
E-mail address: 2600@well.sf.ca.us

Subscription Address: 2600 Subscription Dept
                      PO Box 752
                      Middle Island, NY  11953-0752

Letters and article submission address: 2600 Editorial Dept
                                        PO Box 99
                                        Middle Island, NY  11953-0099

Subscriptions: United States: $21/yr individual, $50 corporate.
               Overseas: $30/yr individual, $65 corporate.


Gray Areas
~~~~~~~~~~
Gray Areas examines gray areas of law and morality and subject matter
which is illegal, immoral and/oe controversial. Gray Areas explores
why hackers hack and puts hacking into a sociological framework of
deviant behavior.

E-Mail Address: grayarea@well.sf.ca.us
E-Mail Address: grayarea@netaxs.com

U.S. Mail Address: Gray Areas
                   PO Box 808
                   Broomall, PA 19008

Subscriptions: $26.00 4 issues first class
               $34.00 4 issues foreign (shipped air mail)


Wired
~~~~~
Subscription Address: subscriptions@wired.com
                  or: Wired
                      PO Box 191826
                      San Francisco, CA 94119-9866

Letters and article submission address: guidelines@wired.com
                                    or: Wired
                                        544 Second Street
                                        San Francisco, CA 94107-1427

Subscriptions: $39/yr (US) $64/yr (Canada/Mexico) $79/yr (Overseas)


Nuts & Volts
~~~~~~~~~~~~
T& L Publications
430 Princeland Court
Corona, CA 91719
(800)783-4624 (Voice) (Subscription Only Order Line)
(909)371-8497 (Voice)
(909)371-3052 (Fax)
CIS: 74262,3664


13. What are some e-zines of interest to hackers?

CoTNo: Communications of The New Order    ftp.etext.org  /pub/Zines/CoTNo
Empire Times                              ftp.etext.org  /pub/Zines/Emptimes
Phrack                                    ftp.fc.net     /pub/phrack


14. What are some organizations of interest to hackers?

Computer Professionals for Social Responsibility (CPSR)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CPSR empowers computer professionals and computer users to advocate
for the responsible use of information technology and empowers all who
use computer technology to participate in the public debate.   As
technical experts, CPSR members provide the public and policymakers
with realistic assessments of the power, promise, and limitations of
computer technology.  As an organization of concerned citizens, CPSR
directs public attention to critical choices concerning the
applications of computing and how those choices affect society.

By matching unimpeachable technical information with policy
development savvy, CPSR uses minimum dollars to have maximum impact
and encourages broad public participation in the shaping of technology
policy.

Every project we undertake is based on five principles:

*  We foster and support public discussion of and public
   responsibility for decisions involving the use of computers in
   systems critical to society.

*  We work to dispel popular myths about the infallibility of
   technological systems.

*  We challenge the assumption that technology alone can solve
   political and social problems.

*  We critically examine social and technical issues within the
   computer profession, nationally and internationally.

*  We encourage the use of computer technology to improve the quality
   of life.

CPSR Membership Categories
  75  REGULAR MEMBER
  50  Basic member
 200  Supporting member
 500  Sponsoring member
1000  Lifetime member
  20  Student/low income member
  50  Foreign subscriber
  50  Library/institutional subscriber

CPSR National Office
P.O. Box 717
Palo Alto, CA  94301
415-322-3778
415-322-3798 (FAX)
E-mail: cpsr@csli.stanford.edu


Electronic Frontier Foundation (EFF)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Electronic Frontier Foundation (EFF) is dedicated to the pursuit
of policies and activities that will advance freedom and openness in
computer-based communications. It is a member-supported, nonprofit
group that grew from the conviction that a new public interest
organization was needed in the information age; that this organization
would enhance and protect the democratic potential of new computer
communications technology. From the beginning, the EFF determined to
become an organization that would combine technical, legal, and public
policy expertise, and would apply these skills to the myriad issues
and concerns that arise whenever a new communications medium is born.

Memberships are $20.00 per year for students, $40.00 per year for
regular members, and $100.00 per year for organizations.

The Electronic Frontier Foundation, Inc.
666 Pennsylvania Avenue S.E., Suite 303
Washington, D.C.  20003
+1 202 544 9237
+1 202 547 5481 FAX
Internet: eff@eff.org


Free Software Foundation (FSF)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


GNU
~~~


The League for Programming Freedom (LPF)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The League for Programming Freedom is an organization of people who
oppose the attempt to monopolize common user interfaces through "look
and feel" copyright lawsuits.  Some of us are programmers, who worry
that such monopolies will obstruct our work.  Some of us are users,
who want new computer systems to be compatible with the interfaces we
know.  Some are founders of hardware or software companies, such as
Richard P. Gabriel. Some of us are professors or researchers,
including John McCarthy, Marvin Minsky, Guy L. Steele, Jr., Robert S.
Boyer and Patrick Winston.

"Look and feel" lawsuits aim to create a new class of government-
enforced monopolies broader in scope than ever before.  Such a system
of user-interface copyright would impose gratuitous incompatibility,
reduce competition, and stifle innovation.

We in the League hope to prevent these problems by preventing
user-interface copyright.  The League is NOT opposed to copyright law
as it was understood until 1986 -- copyright on particular programs.
Our aim is to stop changes in the copyright system which would take
away programmers' traditional freedom to write new programs compatible
with existing programs and practices.

Annual dues for individual members are $42 for employed professionals,
$10.50 for students, and $21 for others.  We appreciate activists, but
members who cannot contribute their time are also welcome.

To contact the League, phone (617) 243-4091, send Internet mail to the
address league@prep.ai.mit.edu, or write to:

League for Programming Freedom
1 Kendall Square #143
P.O. Box 9171
Cambridge, MA 02139 USA


SotMesc
~~~~~~~
Founded in 1989, SotMesc is dedicated to preserving the integrity and
cohesion of the computing society.  By promoting computer education,
liberties and efficiency, we believe we can secure freedoms for all
computer users while retaining privacy.

SotMesc maintains the CSP Internet mailing list, the SotMesc
Scholarship Fund, and the SotMesc Newsletter.

The SotMESC is financed partly by membership fees, and donations, but
mostly by selling hacking, cracking, phreaking, electronics, internet,
and virus information and programs on disk and bound paper media.

SotMesc memberships are $20 to students and $40 to regular members.

SotMESC
P.O. Box 573
Long Beach, MS  39560


Computer Emergency Response Team (CERT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CERT is the Computer Emergency Response Team that was formed by the
Defense Advanced Research Projects Agency (DARPA) in November 1988 in
response to the needs exhibited during the Internet worm incident.
The CERT charter is to work with the Internet community to facilitate
its response to computer security events involving Internet hosts, to
take proactive steps to raise the community's awareness of computer
security issues, and to conduct research targeted at improving the
security of existing systems.

CERT products and services include 24-hour technical assistance for
responding to computer security incidents, product vulnerability
assistance, technical documents, and seminars.  In addition, the team
maintains a number of mailing lists (including one for CERT
advisories) and provides an anonymous FTP server:  cert.org
(192.88.209.5), where security-related documents, past CERT
advisories, and tools are archived.

CERT contact information:

U.S. mail address
  CERT Coordination Center
  Software Engineering Institute
  Carnegie Mellon University
  Pittsburgh, PA 15213-3890
  U.S.A.

Internet E-mail address
  cert@cert.org

Telephone number
  (412)268-7090 (24-hour hotline)
  CERT Coordination Center personnel answer
  7:30 a.m.- 6:00 p.m. EST(GMT-5)/EDT(GMT-4), on call for
  emergencies during other hours.

FAX number
  (412)268-6989


15. Where can I purchase a magnetic stripe encoder/decoder?

CPU Advance
PO Box 2434
Harwood Station
Littleton, MA  01460
(508)624-4819 (Fax)

Omron Electronics, Inc.
One East Commerce Drive
Schaumburg, IL  60173
(800)556-6766 (Voice)
(708)843-7787 (Fax)

Security Photo Corporation
1051 Commonwealth Avenue
Boston, MA 02215
(800)533-1162 (Voice)
(617)783-3200 (Voice)
(617)783-1966 (Voice)

Timeline Inc,
23605 Telo Avenue
Torrence, CA 90505
(800)872-8878 (Voice)
(800)223-9977 (Voice)

Alltronics
2300 Zanker Road
San Jose CA 95131
(408) 943-9774 Voice
(408) 943-9776 Fax
(408) 943-0622 BBS
Part Number: 92U067

Atalla Corp
San Jose, CA
(408) 435-8850


16. What are the rainbow books and how can I get them?

Orange Book
DoD 5200.28-STD
Department of Defense Trusted Computer System Evaluation Criteria

Green Book
CSC-STD-002-85
Department of Defense Password Management Guideline

Yellow Book
CSC-STD-003-85
Computer Security Requirements -- Guidance for Applying the Department
of Defense Trusted Computer System Evaluation Criteria in Specific
Environments

Yellow Book
CSC-STD-004-85
Technical Rationale Behind CSC-STD-003-85: Computer Security
Requirements.  Guidance for Applying the Department of Defense Trusted
Computer System Evaluation Criteria in Specific Environments.

Tan Book
NCSC-TG-001
A Guide to Understanding Audit in Trusted Systems

Bright Blue Book
NCSC-TG-002
Trusted Product Evaluation - A Guide for Vendors

Neon Orange Book
NCSC-TG-003
A Guide to Understanding Discretionary Access Control in Trusted
Systems

Teal Green Book
NCSC-TG-004
Glossary of Computer Security Terms

Red Book
NCSC-TG-005
Trusted Network Interpretation of the Trusted Computer System
Evaluation Criteria

Orange Book
NCSC-TG-006
A Guide to Understanding Configuration Management in Trusted Systems

Burgundy Book
NCSC-TG-007
A Guide to Understanding Design Documentation in Trusted Systems

Dark Lavender Book
NCSC-TG-008
A Guide to Understanding Trusted Distribution in Trusted Systems

Venice Blue Book
NCSC-TG-009
Computer Security Subsystem Interpretation of the Trusted Computer
System Evaluation Criteria

Aqua Book
NCSC-TG-010
A Guide to Understanding Security Modeling in Trusted Systems

Dark Red Book
NCSC-TG-011
Trusted Network Interpretation Environments Guideline -- Guidance for
Applying the Trusted Network Interpretation

Pink Book
NCSC-TG-013
Rating Maintenance Phase -- Program Document

Purple Book
NCSC-TG-014
Guidelines for Formal Verification Systems

Brown Book
NCSC-TG-015
A Guide to Understanding Trusted Facility Management

Yellow-Green Book
NCSC-TG-016
Guidelines for Writing Trusted Facility Manuals

Light Blue
NCSC-TG-017
A Guide to Understanding Identification and Authentication in Trusted
Systems

Light Blue Book
NCSC-TG-018
A Guide to Understanding Object Reuse in Trusted Systems

Blue Book
NCSC-TG-019
Trusted Product Evaluation Questionnaire

Gray Book
NCSC-TG-020A
Trusted Unix Working Group (TRUSIX) Rationale for Selecting
Access Control List Features for the Unix System

Lavender Book
NCSC-TG-021
Trusted Data Base Management System Interpretation of the Trusted
Computer System Evaluation Criteria

Yellow Book
NCSC-TG-022
A Guide to Understanding Trusted Recovery in Trusted Systems

Bright Orange Book
NCSC-TG-023
A Guide to Understandng Security Testing and Test Documentation in
Trusted Systems

Purple Book
NCSC-TG-024  (Volume 1/4)
A Guide to Procurement of Trusted Systems: An Introduction to
Procurement Initiators on Computer Security Requirements

Purple Book
NCSC-TG-024 (Volume 2/4)
A Guide to Procurement of Trusted Systems: Language for RFP
Specifications and Statements of Work - An Aid to Procurement
Initiators

Purple Book
NCSC-TG-024  (Volume 3/4)
A Guide to Procurement of Trusted Systems: Computer Security Contract
Data Requirements List and Data Item Description Tutorial

+Purple Book
+NCSC-TG-024  (Volume 4/4)
+A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder's
+Proposal Document - An Aid to Procurement Initiators and Contractors

Green Book
NCSC-TG-025
A Guide to Understanding Data Remanence in Automated Information
Systems

Hot Peach Book
NCSC-TG-026
A Guide to Writing the Security Features User's Guide for Trusted Systems

Turquiose Book
NCSC-TG-027
A Guide to Understanding Information System Security Officer
Responsibilities for Automated Information Systems

Violet Book
NCSC-TG-028
Assessing Controlled Access Protection

Blue Book
NCSC-TG-029
Introduction to Certification and Accreditation

Light Pink Book
NCSC-TG-030
A Guide to Understanding Covert Channel Analysis of Trusted Systems

C1 Technical Report-001
Computer Viruses: Prevention, Detection, and Treatment

*C Technical Report 79-91
*Integrity in Automated Information Systems

*C Technical Report 39-92
*The Design and Evaluation of INFOSEC systems: The Computer Security
*Contributions to the Composition Discussion

NTISSAM COMPUSEC/1-87
Advisory Memorandum on Office Automation Security Guideline

--

You can get your own free copy of any or all of the books by writing
or calling:

       INFOSEC Awareness Division
       ATTN: X711/IAOC
       Fort George G. Meade, MD  20755-6000

       Barbara Keller
       (410) 766-8729

If you ask to be put on the mailing list, you'll get a copy of each new
book as it comes out (typically a couple a year).

[* == I have not personally seen this book]
[+ == I have not personally seen this book, and I believe it may not]
[     be available]




Section D: 2600
~~~~~~~~~~~~~~~

01. What is alt.2600?

Alt.2600 is a Usenet newsgroup for discussion of material relating to
2600 Magazine, the hacker quarterly.   It is NOT for the Atari 2600
game machine.  Len@netsys.com created the group on Emmanuel
Goldstein's recommendation.  Emmanuel is the editor/publisher of 2600
Magazine. Following the barrage of postings about the Atari machine to
alt.2600, an alt.atari.2600 was created to divert all of the atari
traffic from alt.2600.  Atari 2600 people are advised to hie over to
rec.games.video.classic.


02. What does "2600" mean?

	2600Hz was a tone that was used by early phone phreaks (or
phreakers) in the 80's, and some currently.  If the tone was sent down the
line at the proper time, one could get away with all sorts of fun stuff.  

A note from Emmanuel Goldstein:
	
"The Atari 2600 has NOTHING to do with blue boxes or telephones
or the 2600 hertz tone.  The 2600 hertz tone was simply the first
step towards exploring the network.  If you were successful at 
getting a toll call to drop, then billing would stop at that
point but there would be billing for the number already dialed
up until the point of seizure.  800 numbers and long distance
information were both free in the past and records of who called
what were either non-existent or very obscure with regards to
these numbers.  This, naturally, made them more popular than
numbers that showed up on a bill, even if it was only for
a minute.  Today, many 800 numbers go overseas, which provides
a quick and free way into another country's phone system
which may be more open for exploration."


03. Are there on-line versions of 2600 available?

	No.


04. I can't find 2600 at any bookstores.  What can I do?

Subscribe.  Or, let 2600 know via the subscription address that you
think 2600 should be in the bookstore.  Be sure to include the
bookstores name and address.


05. Why does 2600 cost more to subscribe to than to buy at a newsstand?

A note from Emmanuel Goldstein:

  We've been selling 2600 at the same newsstand price ($4) since 1988
  and we hope to keep it at that price for as long as we can get away
  with it. At the same time, $21 is about the right price to cover
  subscriber costs, including postage and record keeping, etc. People
  who subscribe don't have to worry about finding an issue someplace,
  they tend to get issues several weeks before the newsstands get
  them, and they can take out free ads in the 2600 Marketplace.

  This is not uncommon in the publishing industry.  The NY Times, for
  example, costs $156.50 at the newsstands, and $234.75 delivered to your
  door.


Section E: Phrack Magazine
~~~~~~~~~~~~~~~~~~~~~~~~~~

01. What Is Phrack Magazine?

    Phrack Magazine is one of the longest running electronic-based publications
    in the world.  Originally founded in 1985 by Knight Lightning and Taran
    King, it has survived several incarnations of editors and still remains
    true to its underground roots.  Since its inception, Phrack has been
    providing the hacker community with information on operating systems,
    networking technologies and telephony, as well as relaying human interest
    features of interest to the international computer underground.

    During its lifetime, Phrack has always been at the center of controversy.
    Since the magazine has always been openly available, it presented law
    enforcement officials with what they percieved to be a direct link into
    the secret society of computer hackers.  Not truly understnding either
    the the spirit of the magazine or the community for which it was written,
     Federal Agents and Prosecutors began to target Phrack Magazine and those
    affiliated with it.

    "The Hacker Crackdown" by Bruce Sterling relays the details surrounding
    some of these events.

    Phrack Magazine is now in its 10th year of publication, and is registered
    with the Library of Congress as ISSN 1068-1035, and is protected by
    US Copyright Law.

02. How can I reach Phrack Magazine?

    You can reach Phrack by email at:  phrack@well.com, phrack@fc.net or
    phrackmag@aol.com.  These addresses are listed in order of
    preference.  Only AOL users should email the phrackmag@aol.com.

    Phrack can be reached by the postal service at:

    Phrack Magazine
    603 W. 13th #1A-278
    Austin, TX 78701

03. Who Publishes Phrack?

   Phrack Magazine is published by Chris Goggans, aka Erik Bloodaxe.  It is
   hobbled together, touched up, spell checked and compressed on an overworked
   486-66.  It is then ftp'ed over to a BSDI UNIX machine where it is sent to
   the masses.

04. How Often Does Phrack Go Out?

    Phrack goes out roughly quarterly.  It is often sent out later than every
    three months due to other more demanding obligations faced by its editor.
    The regularity of Phrack is really based upon the amount of information
    sent in.  Phrack depends solely upon submissions to get published at all.

05. How Do I Subscribe?

    To subscribe to Phrack magazine, merely email phrack@well.com and ask to
    be placed on the mailing list.

    Any encrypted subscriptions requests will be ignored.

    Phrack will not accept subscription requests from any anonymous remailers or
    from sites in the fidonet domain.  The anonymous remailers consistently
    bounce our mailings causing a big headache, so we won't use them.  The
    fidonet domain administrators have asked us not to mail Phrack to fido users,
    because of the huge load it places on their outgoing spools (costing them a
    lot of money to send).

06. Why Don't I Get Any Response When I E-mail Phrack?

    Because of the high volume of mail sent to the Phrack email address,
    not everyone gets a response.  All subscription requests are saved and
    added to the master list, but there is no automatic reply.  All other
    messages are responded to as they are read, with the exception of PGP'd
    messages.  All PGP'd email is stored for later decryption, and is almost
    never responded to, unless it is incredibly urgent.

07. Does Phrack Cost Money?

    Phrack Magazine charges a registration fee of $100.00 per user for any
    professional use of the magazine and the information contained therein.
    Information regarding this registration fee is contained at the beginning
    of every issue of Phrack.

08. How Can I Submit Articles?

    Articles are both wanted and needed.  Phrack only exists if people write
    for it.  There is no regular writing staff, there is only the editor, who
    cannot write the entire thing himself.

    Articles can be sent to Phrack via email or snailmail (on paper or
    IBM-compatible diskette).  Articles should be in ASCII text format.  Do
    not include any clever graphics or ANSI art.  You can use Phrack's PGP key
    to encrypt articles, but send the files in the ASCII armor format.

    Please try to avoid sending files as MIME-compliant mail attachments.

09. What Is Phrack's PGP Key?

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: 2.6

    mQCNAizMHvgAAAEEAJuIW5snS6e567/34+nkSA9cn2BHFIJLfBm3m0EYHFLB0wEP
    Y/CIJ5NfcP00R+7AteFgFIhu9NrKNJtrq0ZMAOmiqUWkSzSRLpwecFso8QvBB+yk
    Dk9BF57GftqM5zesJHqO9hjUlVlnRqYFT49vcMFTvT7krR9Gj6R4oxgb1CldAAUR
    tBRwaHJhY2tAd2VsbC5zZi5jYS51cw==
    =evjv
    -----END PGP PUBLIC KEY BLOCK-----

10. Where Can I Get Back Issues?

   Back issues of Phrack are found on many bulletin boards around the globe.
   The only OFFICIAL Phrack Magazine distribution site is our ftp archive
   at ftp.fc.net in /pub/phrack.  There are NO official distribution sites
   other than this one, nor will there ever be.  We don't want to play
   favorites and let one particular BBS call itself an "official" site while
   another isn't.  Therefore, there will be no "official" sites except those
   archived by Phrack itself.

   You can also get back issues on the World Wide Web by connecting to:
   http://www.fc.net/phrack.html

   This URL allows users to view issues online, or pull them down for
   later viewing.

   Any users without net access can send diskettes and postage to the
   Phrack Postal Address given above, and request back issues to be
   sent via the postal system.

Section F: Miscellaneous
~~~~~~~~~~~~~~~~~~~~~~~~

01. What does XXX stand for?

TLA     Three Letter Acronym

ACL     Access Control List
PIN     Personal Identification Number
TCB     Trusted Computing Base

ALRU    Automatic Line Record Update
AN      Associated Number
ARSB    Automated Repair Service Bureau
ATH     Abbreviated Trouble History
BOC     Bell Operating Company
BOR     Basic Output Report
BOSS    Business Office Servicing System
CA      Cable
COE     Central Office Equipment
COSMOS  Computer System for Main Frame Operations
CMC     Construction Maintenance Center
CNID    Calling Number IDentification
CO      Central Office
COCOT   Customer Owned Coin Operated Telephone
CRSAB   Centralized Repair Service Answering Bureau
DDD     Direct Distance Dialing
ECC     Enter Cable Change
LD      Long Distance
LMOS    Loop Maintenance Operations System
MLT     Mechanized Loop Testing
NPA     Numbering Plan Area
POTS    Plain Old Telephone Service
RBOC    Regional Bell Operating Company
RSB     Repair Service Bureau
SS      Special Service
TAS     Telephone Answering Service
TH      Trouble History
TREAT   Trouble Report Evaluation and Analysis Tool

LOD     Legion of Doom
HFC     Hell Fire Club
TNO     The New Order

ACiD    Ansi Creators in Demand
CCi     Cybercrime International
FLT     Fairlight
iCE     Insane Creators Enterprise
iNC     International Network of Crackers
NTA     The Nocturnal Trading Alliance
PDX     Paradox
PE      Public Enemy
PSY     Psychose
QTX     Quartex
RZR     Razor (1911)
S!P     Supr!se Productions
TDT     The Dream Team
THG     The Humble Guys
THP     The Hill People
TRSI    Tristar Red Sector Inc.
UUDW    Union of United Death Workers


02. How do I determine if I have a valid credit card number?

Credit cards use the Luhn Check Digit Algorithm.  The main purpose of
this algorithm is to catch data entry errors, but it does double duty
here as a weak security tool.

For a card with an even number of digits, double every odd numbered
digit and subtract 9 if the product is greater than 9.  Add up all the
even digits as well as the doubled-odd digits, and the result must be
a multiple of 10 or it's not a valid card.  If the card has an odd
number of digits, perform the same addition doubling the even numbered
digits instead.


03. What bank issued this credit card?

1033    Manufacturers Hanover Trust
1035    Citibank
1263    Chemical Bank
1665    Chase Manhattan
4024    Bank of America
4128    Citicorp
4209    New Era Bank
4302    HHBC
4310    Imperial Savings
4313    MBNA
4317    California Federal
5282    Wells Fargo
5424    Citibank
5410    Wells Fargo
5432    Bank of New York
6017    MBNA


04. What are the ethics of hacking?

An excerpt from: Hackers: Heroes of the Computer Revolution
                          by Steven Levy

        Access to computers -- and anything which might teach you
        something about the way the world works -- should be unlimited
        and total. Always yield to the Hands-On imperative.

        All information should be free.

        Mistrust Authority.  Promote Decentralization.

        Hackers should be judged by their hacking, not bogus criteria
        such as degrees, age, race, or position.

        You can create art and beauty on a computer.

        Computers can change your life for the better.


04. Where can I get a copy of the alt.2600/#hack FAQ?

Get it on FTP at:
rahul.net      /pub/lps
rtfm.mit.edu   /pub/usenet-by-group/alt.2600
ftp.clark.net  /pub/jcase

Get it on the World Wide Web at:
http://dfw.net/~aleph1
http://www.engin.umich.edu/~jgotts/hack-faq.html
http://www.phantom.com/~king

Get it from these BBS's:
Hacker's Haven (303)343-4053





EOT

AOH Site layout & design copyright © 2006 AOH