Chaos Digest Dimanche 11 Juillet 1993 Volume 1 : Numero 72 ISSN 1244-4901 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.72 (11 Juillet 1993) File 1--Telephoner partout gratuitement avec Northern Telecom (PBX) File 2--L'ordinateur fait une erreur de 42 millions de FF (actualite) File 3--ThoughtCrime, le board le plus "virus" des USA (BBS) File 4--Schema d'un indicateur d'occupation telephonique (technique) File 5--3e edition du "Dir. of Electronic Publications" (presse) File 6--Critique de "Computer Virus Crisis", Fites/Johnston/Kratz (critique) Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost by sending a message to: linux-activists-request@niksula.hut.fi with a mail header or first line containing the following informations: X-Mn-Admin: join CHAOS_DIGEST The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex, France. He is a member of the EICAR and EFF (#1299) groups. Issues of ChaosD can also be found from the ComNet in Luxembourg BBS (+352) 466893. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP: * kragar.eff.org [192.88.144.4] in /pub/cud/chaos * uglymouse.css.itd.umich.edu [141.211.182.53] in /pub/CuD/chaos * halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos * ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest * cs.ubc.ca [137.82.8.5] in /mirror3/EFF/cud/chaos * ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos * nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos * orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: 27 May 93 03:59:59 GMT From: jbcondat@attmail.com (Jean-Bernard Condat ) Subject: File 1--Telephoner partout gratuitement avec Northern Telecom (PBX) Repost from: telecom13.356.5@eecs.nwu.edu In France, I note that Northern Telecom continues an uncredible progression in the number of PBXs installed. NT will be present on the MATRA logo since some months. Some people have asked me how to prevent a phreaking process that will be described: (1) Go to a public phone in the street; never use your own private phone; (2) Dial a "numero vert" (equivalent of the 800 phone number) that go on a NT' PBX and wait for the vocal message of the Meridian Mail system. You can found this "numero vert" on all ads in newspaper for the greatest PBX: SNCF (train), VITTEL (water), Canal+ (TV), BARCLAYS (bank), EuroDisney (games), Microsoft (softwares), etc. Note that this phone call will be gratis! (3) As soon as you have the vocal message, dial "0" then "*" for having the automatic dial service; (4) Dial "0" and your asked phone number ended by "#"... some seconds after you have your communication! How can I suppress this un-credible fonction of Meridian Mail? [Moderator's Note: The answer probably lies in the voicemail part of the connection rather than the PBX itself. Somewhere in the mailbox system is a box whose disposition is to connect to an outside line. You need to disable that box, or at least get it disassociated from the '0*' access, which so many people seem to know about. PAT] +++++ Date: Fri May 28 23:24:35 -0500 1993 From: Joe.Bergstein@p501.f544.n109.z1.fidonet.org (Joe Bergstein ) * Reply to message in "COMP.DCOM.TELECOM" You have encountered a known problem with NT Meridian Mail. I am a telecommunications consultant. Last year, a client of mine, lost over USD$20,000 to fraud from this same problem. Unfortunately, until this past year, NT systems were shipped with default parameters which allowed this to happen. You must contact NT or the company that provides maintenance for the PBX and Meridian Mail to have programming changes made immediately. I don't remember all the changes, but they should have bulletins which state the required changes. The most critical is one to prevent trunk to trunk calls: that is, a call comes in on one trunk via Meridian Mail, and then goes out another trunk based on the scenario which you mentioned in your message. Changing these parameters will prevent this from occuring. In the U.S. these Northern Telecom Meridian systems were notorious for being the object of hacker and phone phreaking attacks which cost businesses millions of dollars. Please feel free to contact me if you need more information. Good luck! Joe Bergstein 301.593.6350 301.681.3227 FAX +++++ Date: Sun Jun 6 21:19:36 EDT 1993 From: fmckeown@rosedale.org Regarding your issue of Meridian Mail using the 0 key and then entering a extension number followed by the # sign i read in the Internet, do you know what release of Meridian Mail you experience this ability on? Have you ever received a answer from Northern about this item? On a different subject do you know if there are any discussions groups on the Internet or Compuserve dealing with Northern Telecom, and/or Voice Mail/Processing? +++++ Date: Mon, 31 May 1993 08:54:42 -0400 From: vances@xenitec.on.ca (Vance Shipley ) Organization: Xenitec Consulting, Kitchener, Ontario, CANADA Repost from: telecom13.369.3@eecs.nwu.edu [...] Meridian Mail has not had any blocking for transferred numbers installed in these cases. It is a simple matter to restrict the numbers which can be dialed after you dial the zero (which requests transfer service). The Meridian Mail system does not (or did not, I think they changed) come with any restrictions as a default. The installers should ensure that any trunk access codes are restricted. Many PBX vendors have been sued for not having given this proper attention. +++++ Date: Mon Jun 28 22:26:00 -0400 1993 From: lester.hiraki@canrem.com (Lester Hiraki ) I spoke to you on the phone a few days ago; you asked if I could send you a reply via email. Basically, the administrator of the Meridian Mail system should choose voice security options and set the permission and restriction codes appropriately. The details of this should be covered in the documentation that came with the system. If you are having trouble, you should call you local ETAS (Emergency Technical Assistance Service) support. If you can give me more information about the specifics, I can try to obtain more info. Do you have a Meridian Mail system yourself? Who would be asking you these questions? lester.hiraki@canrem.uucp [ChaosD: dans sa reunion du 10 Juin dernier, le groupe de travail no. 5 de la FSUA (Association Francaise des Utilisateurs de SL1) notait laconi- quement dans le compte-rendu "Tentative de fraude sur la messagerie vocale: ce probleme est resolu par des verrouillages des messageries a la mise en service"...] ------------------------------ Date: Tue, 29 Jun 1993 05:34:07 GMT From: infoparc@teaser.email.com (InfoParc Assistance ) Subject: File 2--L'ordinateur fait une erreur de 42 millions de FF (actualite) Copyright: Le Journal du Dimanche, 13 Juin 1993 L'ordinateur a fait des heureux Philippe Jechoux, Vesoul UN INCIDENT informatique a permis aux 22.000 ayants droit de la Caisse d'allocations familiales de Vesoul de toucher deux fois, a quelques jours d'intervalle, leur pension pour le meme mois de prestation. Un couac qui a provoque de multiples problemes, d'abord pour la Caisse departementale, qui a soudain decouvert un trou de 42 millions de francs dans son budget mensuel. Mais aussi pour les allocataires. Si ces heureux beneficiaires ne se sont pas alarmes outre mesure de ce double paiement miraculeux, la Caisse departementale a en effet entrepris de recouvrer le trop percu. Et aujourd'hui, l'heure des comptes a sonne pour une bonne partie des usagers qui se sont empresses de depenser les sommes indument encaissees le 24 mai. Toutes les banques de la Haute-Saone assurent toutefois qu'elles deront preuve de clemence envers les titulaires de comptes subitement passes dans le rouge. "Nous avons recu des instructions pour observer une certaine bienveillance en matiere de suspension ou de rejet d'operations consecutif a cet incident", souligne-t-on a la Banque de France de Haute-Saone. Quant a la cause de la bavure, elle reste officiellement inexpliquee. Mais il s'agirait d'une anomalie de fonctionnement intervenue dans les services charges de gerer les multiples operations de transfert de fonds entre l'administration et les usagers: une disquette renfermant un million d'operations precodees se serait perdue... [ChaosD: Ni M. Roland Vivien, Directeur de la CAF de Vesoul, ni M. l'Adminis- trateur General de la CNAF a Paris n'ont repondu a nos courriers. Cette erreur porterait en fait sur plus d'un million de transactions entre la Banque de France et le GSTI (Groupement des Services de Transactions Interbancaires)]. ------------------------------ Date: Wed Jun 30 09:50:06 EDT 1993 From: foobar@bronze.lcs.mit.edu (Jason Farnon ) Subject: File 3--ThoughtCrime, le board le plus "virus" des USA (BBS) Hello, Jason Farnon here. I picked up chaos digest from eff.org and found it of some intrest. Anyways, I have put up an h/p board in boston (617) -599- 7154 called ThoughtCrime. All kinds of textfiles on the underground 2000+ (and i'm just up) and I also have almost 600 (or was it 550) viruses offline I have to put online plus 113 files from the computer virus catalog. My board has not been up a long time, But I noticed that you don't have a definate chaos distribution site in america for people who cannot access the net. i am proposing my board. Give it a call. I could get more press, and am very intrested in viruses. There are some people around here who are very knowlegable in them. Also my board is part of the cDc K-C0W Force. Anyways, get back to me. thanks for you consideration. (give the board a call) Jason Farnon... [ChaosD: J'ai essaye de me connecter depuis Lyon sans la moindre reussite. Voici la banniere que j'obtiens: +++++ ThoughtCrime pppppppppppp Front ----x----x----x----x----x----x----x (1) - enter remote system (2) - subscribe (3) - disconnect ----x----x----x----x----x----x----x input/> +++++ ThoughtCrime's Description ThoughtCrime is a little board I put up in Boston (617 AC) not too many moons ago. I was asked to speak about it a little since it will be distributing the Chaos archives to the members of the community in the United States who do not have access to the internet. ThoughtCrime is a place where the underground community of Boston (and the rest of the world) is welcome to meet and thrive. There are no rules. Well maybe just one. That warez fever should not be aloud to take control of the board. That isn't so hard to follow. I am hoping to have active discussion on the internet, hacking, and telephony in general. Most of the files are the generic ones you can get off the net, but there is some good stuff. This is by no means a complete list, as I have so much more to put up. h/p binary virus/trojan/bomb (500+ but not much compared to other boards) source (C Source for unix programs) phrack uXu cDc ati nia eff cud chaos virus-l digest 1988 virus-l digest 1989 virus-l digest 1990 virus-l digest 1991 virus-l digest 1992 virus-l digest 1993 computer virus catalog 1.2 worldview syndicate reports various publications toxic custard workshops durex blender corporation m00se droppings scans hacking phreaking carding anarchy drugs papers/news networks internet word lists law images misc We are also part of the Cult of the Dead Cow Global Domination Factory Direct Outlet. Although my system is loaded with files, I hope for the system's emphasis not to be on the transfer section. But if you're looking for fed gifs, we got them! Perfect size for pin ups in all sorts of handy places. Oh and please, please don't take it seriously. You're liable to get hurt. ThoughtCrime 617.599.7154 cDc K-C0W Force Chaos Digest "What a long, strange trip its been." ------------------------------ Date: Tue May 25 12:26:00 EDT 1993 From: SJS132@PSUVM.PSU.EDU ("Wish-Bringer (Steve Shimatzki)" ) Subject: File 4--Schema d'un indicateur d'occupation telephonique (technique) Well, I saw that a few people wanted to BUY a indicator for their extentions to show when it was busy ... BUT ... for those that would rather build one, and save the dough, then here are the plans. *Note* : I'm not responsible if you hook it up wrong ... I did it, and it works fine. Also, I origanally go it out of a magazine, which I have long lost... but it was published. I don't have an address to write to, to ask for permission to post it here. If you don't like it, buy the magazine. I at least did have the name of the author, and do give him full credit. Anything I left out??? Oh yeah, there is one place that almost looks like two lines shoud be connected ... DONT. It is actually overlapping (ie, a jumper) and could cause problems. That's why, if two lines are connected, I use 'o' indicate a connection. Well, thats it ... enjoy, and watch out when stripping those phone wires... you can get a nasty jolt if you do it with your TEETH! (like me!) Phone Line "Busy" indicator Taken out of Modern Electronics November. 1988 Written by: Robert M. Harkey (I only wrote it up, and condensed it.) This little circuit is VERY nice to have, especially if you use a MODEM on a multi-Extention line. It is small enough to be built on a small circuit board, and then added to the phones on the extension (PUT IT INSIDE THEM! Its neater and better for the reliability of the circuit. Compared to if you had the wires hanging out where they can be ripped out of the phone by a cat or small child.) Here's the Circuit: Note: o is for where a connection |-----------+ has been made... R4 /c |R5 _____/\/\/\___|b <-Q2 /\/\/\ | \e | R1 /b | --- o-----/\/\/\/\----o-----|c <-Q1 | Led1 | \e | | to R3 | |----------------|-----------o phone /\/\/\/\ | | | | | R2 | | | o----/\/\/\/\-----o------------------------o----|:|:|--+ B1 What does all that mean? Well, here is a list of parts... R1,R2 : 2.2M ohm Resistors R3 : 330K Resistor R4 : 33K Resistor R5 : 220 ohm Resistor Q1 : NPN Transitor#> 2N3906 Q2 : NPN Transitor#> 2N3904 B1 : 3V external battery supply (2x AA batteries) Led1 : General purpose Light emitting diode All can be found at Radio Shack... For Beginners: One particular thing to note: On Q1 and Q2, When I drew them above, it was hard. So I labeled each with their corresponding E - C - B... What is ECB?? It stands For Emitter, Collector, Base. I hope I did them right, Its been a while, and I wasn't sure, but basically, if you get the right transistor number you don't have to worry, just put it in the circuit with the E being the little ARROW coming off of the picture on the back of the Transistor pack. Good Luck... FYI +--- I don't know about in France, I have no experience hacking away at French phones, so I don't know if the same voltages and such would apply. Also, I got mine from a Electronics Magazine, so if you printed it, you would have to get permission from the Magazine itself, I do believe that the interest overwhelmed the digest people at the time and in an effert to help everone out, I my have put a disclaimer at the start of the article about it being published WITHOUT their consent. If you would like information as to the Magazine I got it and such, or would like me to PhotoCopy you the article, just send me a SELF-ADDRESSED-AND- STAMPED-ENVELOPE, and I will send it out to you. Please include the proper postage to get it from the States to you, in France. +---------------- + ---------------------------------- + ------------------- + |Steven Shimatzki-| InterNet : SJS132@PSUVM.PSU.EDU | I'm Batty for Bats | |Rd# 1 Box 20-A | -or- : SJS132@FERT1.FE.PSU.EDU +---------------------+ |Dunbar, Pa 15431 | Cavers Need Friends Too! | NSS: 36421 | +---------------- + -----------------------------------+-------------------- + ------------------------------ Date: Wed May 26 07:56:56 EDT 1993 From: ann@cni.org (Ann Okerson ) Subject: File 5--3e edition du "Dir. of Electronic Publications" (presse) Responding to the library and academic communities' increasing use of and interest in the burgeoning number of electronic publications, the Association of Research Libraries is publishing the third edition of the hard-copy Directory of Electronic Journals, Newsletters, and Scholarly Discussion Lists. With the extraordinary expansion of microcomputers and linked networks as vehicles for scholarly exchange, the problem of how and where to find various academic forums grows continuously. Although many journals, newsletters, and scholarly lists may be accessed free of charge through Bitnet, Internet, and affiliated academic networks, it is not always a simple chore to find what is available. The new edition of the Directory is a compilation of entries for 1152 scholarly lists and 240 electronic journals, newsletters, and related titles such as newsletter-digests -- an increase in size of close to 60% since the second edition of March 1992 and nearly 2.5 times the size of the first edition of July 1991. The directory provides specific instructions for electronic access to each publication. The objective is to assist the user in finding relevant publications and connecting to them quickly, even if he or she is not completely versed in the full range of user-access systems. Author/compiler of the journals and newsletters section is Michael Strangelove of the University of Ottawa. Diane Kovacs of the Kent State University Libraries, continues to lead the KSU team -- nine individuals who collaboratively created the third edition's scholarly discussion lists and interest groups section. The ARL directory is derived from network-accessible files maintained by Strangelove and Kovacs. The directory points to these files as the authoritative sources. The third edition is produced in 8.5 x 11 paperbound format. Scholarly lists are grouped by broad subject areas, and journals and newsletters are in alphabetical order. In a new enhancement, a substantial index of keywords, titles, and institutional affiliations is provided. As in the previous two years, front matter of value to electronic serial readers is included. Again, a scholarly article on networked scholarly publications leads (James J. O'Donnell, University of Pennsylvania with aprovocative view of "St. Augustine to NREN"), followed by bibliographies commissioned from David Robison, University of California at Berkeley Libraries and an editor of the e-journal Current Cites, on electronic publishing; and Michael Strangelove on electronic networking. Finally, a widely felt need is addressed by inclusion of the standard format for citation of electronic serials, bulletin boards, and electronic mail. This was prepared by the National Library of Medicine and is now accepted for use among many scholars and scientists wishing to make adequate reference of networked information. The Association of Research Libraries is a not-for-profit organization representing 119 research libraries in the United States and Canada. Its mission is to identify and influence forces affecting the future of research libraries in the process of scholarly communication. ARL programs and services promote equitable access to, and effective use of recorded knowledge in support of teaching, research, scholarship, and community service. These programs include annual statistical publications, federal relations and information policy, and enhancing access to scholarly information resources through telecommunications, collection development, preservation, and bibliographic control. The Office of Scientific and Academic Publishing works to identify and influence the forces affecting the production, dissemination, and use of scholarly and scientific information. DIRECTORY OF ELECTRONIC JOURNALS, NEWSLETTERS, AND ACADEMIC DISCUSSION LISTS (ISSN: 1057-1337), Third Edition, April 1993 To order, contact: +------------------ Gloria Haws Publications Manager Association of Research Libraries 21 Dupont Circle, Suite 800 Washington, DC 20036 Voice: 202-296-2296 Fax: 202-872-0884 E-mail: osap@cni.org ALL ORDERS MUST BE PREPAID in US DOLLARS. Price per copy: $42 US plus postage, shipping, and handling: $ 5.00 USA, $ 8.00 CANADA, $12.00 EUROPE (air mail), $15.00 OTHERS (air mail). Note Bene +--------- 1. Some copies of the 1992 edition are available for sale at a reduced price. 2. A diskette version will be available. Contact us for price and details. 3. Special prices for orders of 5 copies or more and Special prices for the 119 libraries which are members of the Association of Research Libraries are available. Please contact us for these. ------------------------------ Date: Fri Jul 9 13:07:00 -0600 1993 From: roberts@decus.arc.ab.ca ("Rob Slade, DECrypt Editor, VARUG NLC rep ) Subject: File 6--Critique de "Computer Virus Crisis", Fites/Johnston/Kratz Copyright: Robert M. Slade, 1993 Van Nostrand Reinhold c/o Nelson Canada 1120 Birchmont Road Scarborough, Ontario M1K 5G4 416-752-9100 fax: 416-752-9646 The Computer Virus Crisis, 2nd edition, 1992; Fites, Johnston, Kratz ISBN 0-442-00649-7 For its professional appearance and impressive credentials, this work is an unfortunately sloppy and undisciplined approach to the problem. The looseness of the book starts with the definition of a virus: it really doesn't have one. There is a section of the introduction entitled "What is a computer virus", but, having stated that they prefer the Cohen or Adelman definitions (without quoting them), quoting the Podell/Abrams definition, and meandering around the related terms such as worms and trojans, no definition is ever finalized. The book tends to read in a schizoid fashion. It often contradicts itself, again starting the with definition, where a "buggy" program which submitted jobs to the queue too frequently is first used as an example of a virus, and then is said to contradict the definition of a virus. Page ten gets points for stating that downloaded software is probably safe; page sixty loses them all again by stating that "bulletin boards present the greatest exposure to computer viruses"; and the very next sentence on page sixty states that bulletin boards are less risky than other means of obtaining software. Page 62 mentions the rumour that a virus was spread via email, dismisses CHRISTMA and the Internet Worm as non-viral, and then pooh-poohs the concept. A mainframe, and corporate, bias is quite evident in the work. Mainframe professionals are said to know what viral programs are, and to be "ethical". (The more corporate of the computer and data processing associations are also given credit for the lack of mainframe viri.) However, this bias seems to preclude an accurate knowledge of personal and microcomputers. DOS (obviously referring to MS-DOS) is said to have "completely overwhelmed CP/M is the late 1970's" in spite of the fact that the PC wasn't marketed until 1981. Apple Corporation is credited with the invention of the "GUI" (and the Mac Toolbox is credited with the success of Mac viri, in spite of the fact that the Toolbox is primarily concerned with the user interface). A number of myths are presented as fact. The recommended procedure for virus cleanup is a low-level format of the disk. "Physical damage" is listed as one fo the symptoms of a virus. A very odd list of non-viral computer attacks contains the "salami scam" (siphon off fractions of a penny) urban legend. As with the Feudo book, almost half of the pages in this work are a reprint of the Hoffman Summary List (in this case "dated" January, 1991, but "copyright" 1990). Graphics are used to take up additional space: a number of the figures are used several times over, without ever really adding anything to the understanding of the subject under discussion at the time. It is very hard to find anything to recommend in this book. At best, the naive reader will be confused by the meandering nature of the text and the self- contradictions contained in it. For every positive statement (such as the fact that computer retail and repair shops are a source fo infections), there is nonsense such as the statement that when you discover the identity of the author of malicious software, you have a legal basis for action. (As a counter example, the AIDS trojan is thoroughly covered in this book, and we have recently learned that Popp's case was dismissed in Britain, although he was found guilty, in absentia, in Italy.) +++++++++++++++ ______________________ Vancouver ROBERTS@decus.ca | | /\ | | swiped Institute for Robert_Slade@sfu.ca | | __ | | __ | | from Research into rslade@cue.bc.ca | | \ \ / / | | Mike User p1@CyberStore.ca | | /________\ | | Church Security Canada V7K 2G6 |____|_____][_____|____| @sfu.ca ------------------------------ End of Chaos Digest #1.72 ************************************