Issue 9 Volume 2 * * * T H E A B U S E R * * * Contents: Disclaimer..... Letter From The Editor..... CAFBL News..... Crashing A Renegade BBS by Kamui..... Underground News..... Social Engineering Bell Atlantic by Swallow..... Qwik Trix..... The Underground Art Of Encryption by Key Master..... Too Many Snoops by Spooky..... DISCLAIMER: I nor any other person involved with the writing, programming, or distributing of THE ABUSER take no responsibility for the person(s) that read or obtain this magazine. The information in this magazine is SOLELY for informational purposes only and anything described in this magazine SHOULD NOT be attempted, since some material is ILLEGAL. Furthermore, I nor any other person involved with THE ABUSER DO NOT guarantee all or any information published in this magazine to be one-hundred percent true and/or effective. LETTER FROM THE EDITOR: Well we are just about back on track now. CAFBL had a little stir up but we have put that all behind us and are trying to get back on schedule because, as you probably know, we are behind once again. Hopefully all the rumors that have been going around about me have been put to rest. I have heard a lot of strange stories going around. I hope people don't believe everything they hear. CAFBL NEWS: Before I do anything else I would like to thank Black Francis and his BBS, Goat Blowers Anonymous, for becoming the unofficial WHQ for CAFBL until we find one. Everyone seemed to flock to his BBS to communicate because it is the best BBS in the 215/Philadelphia area. Thanx again! We had another little scare inside of CAFBL. Spiff had said for some time that he was no longer going to be a CAFBL member. Well, with everyone saying that THE ABUSER just wouldn't be the same without him, he has decided to stay. Rush 2 has left CAFBL. Differences in opinion with other members within the group have caused him to leave. With the leaving of Rush 2 we thought it appropriate to have some other members join in his place. Treason and ViRUS are now part of CAFBL. They are both writers. You may have seen some of Treasons work in a mag called BTR. We would like to welcome both Treason and ViRUS into CAFBL. Look for some work from them soon. CAFBL will be making a few changes in the months to come. By issue number 10 I hope to be a tightly nit group. Some contact was lost with members when THC went down, but most members have found a way to communicate. We now officially have a WHQ. It's Kamui's BBS, Pyshcotic Reflections. CRASHING A RENEGADE BBS BY KAMUI: _intro_ While i think Renegade is the best BBS software out there, there are still lots of bugs. Most of these bugs that i have found have to do with MCI Code Support. Cott Lang is pretty stupid to allow MCI access all over the board... Anyway, i will show you an example of how to crash a RG board with MCI codes. _the^juicy^stuff_ Logon as a Newuser and put your handle as "HA%UN". Then fill out any info you want for the other questions. Now after you answer all the questions and enter your new password, it will go to the NEWINFO.MNU which on most boards will display an ansi file that shows your stats just in case you typed in the wrong thing. Now when Renegade displays your Handle it will scroll HaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHa HaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHa HaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHaHa all over the screen. You probably know why by now, but i will explain anyway. It's because after renegade displays "Ha" for your handle, it will then display the MCI Code for Handle and will be in an infinite loop. The SysOp can't just hang up on you, he must Reboot the computer completely (and if you're lucky, maybe he'll get some lost clusters). Now you can do this same method with any of the other questions. They all have MCI codes of their own. And remember to do this late at night or early in the morning when the sysop isn't around so he doesn't know how you did it. He will see from the sysop logs that there was a newuser logon, but since you didn't actually save the information, it won't write what handle you entered in. He might put in an NUP after a while, buy hey, it's gets a little old after entering it on the same board all the time... * Now how the fuck do i prevent lamers from doing this to _MY_ board? That's simple. Just edit the ansi that you have for the NEWINFO.MNU that displays the person's info and take out all the MCIs. Just write the options to change the info, but don't show the info that they wrote in. That ansi should be the only place it displays the person's handle in the new user process, unless you give the user access to your board right when they apply. Then you're fucked... It is pretty annoying for the users, but it's the only thing to do, and is worth it when you wake up at noon and find that your computer was scrolling "Cafbl Rules" all over the screen since 5 in the morning. Another method to keep your board from being crashed is the TRASHCAN.TXT file. This is an option for Renegade that Cott Lang didn't write in the Doc files. You see, if you make a file called TRASHCAN.TXT and put it in the Renegade MISC directory, then you can specify what user names you don't want. This is also helpful to find out if someone tried this method of crashing on your board, because it will write the following in the Sysop.Log if a name on the list was entered - * New User Logon Unacceptable Name: HA%UN You can't just write "%" in this file, because it only checks that the whole Handle isn't blacklisted. (maybe cott _did_ make it for blacklisting, but didn't want warez pups to know about it). You can plainly see when you hex edit the RENEGADE.OVR file that under the question "Enter your New Handle", it says TRASHCAN.TXT. UNDERGROUND NEWS: Man Charged With Phone Scheme It was a report of a suspected drug deal in the 7-11 parking lot that brought Haverford police to the scene. What they found instead - two men pouring over a chapter in The Whole Spy Catalog called, "How to Locate and Tap Any Telephone" - was a lot more interesting. From that discovery last week, police and federal authorities have developed an investigation into high-tech fraud. One of the two men, Edward Elliott Cummings, 33, has been arrested and charged with two counts each of unlawful use of a computer and possession of devices for theft of telecommunications. In the Villanova room where Cummings had been staying, police said, they found evidence of a "large-scale operation" in which Cummings allegedly had been "cloning" cellular phone numbers and converting speed dialers into "red boxes" that can make free calls from pay phones. When the police encountered Cummings at the 7-11 on Eagle Road, he was preparing to sell one of those speed dialers and the crystals that are used to convert them, police alleged. The second man, who was not arrested, had traveled from Florida to buy the device, according to a police affidavit. Two days later, after speaking with a Secret Service agent about the legality of the devices, Haverford police arrested Cummings. They said they found him repairing a personal computer in a home on the 100 block of North Concord Road in Marple Township. When they searched him, police said, they found a modified speed dialer in his wallet, which led to the second set of charges. The secret service is still working with Haverford officers on the investigation, but Cummings has not been charged on the federal level, agent-in-charge Ernie Kun said yesterday. Cummings is being held in Delaware County Prison on $100,000 bail. While searching the room where Cummings stayed in a home on Panorama Road in Villanova Thursday, police said they seized several hundred speed dialers, computer software, cellular phones, and thousands of computer chips and crystals. They also found books describing computer crimes and hacking, as well as literature related to bomb-making, said Haverford Police Sgt. John Walsh. Cummings apparently moved to Villanova after a falling-out with a landlord in Broomall. The former landlord, Charles Rappa of Broomall, said he found eight to 10 sticks of dynamite in the house after Cummings moved out in October. He also found various "how-to" books. "I got a whole pile of them that he left here [such as] How to Kill Somebody With Poison, How to Get Around the Credit Card System," Rappa, who is a Realtor in Glenolden, said yesterday. "'Two Christmases ago, he was boasting that he could tap into TWA and get a free ticket. I said, 'What do you mean?' So he went up to his computer and he was able to access TWA." With that, Cummings was off to pick up his ticket to Morocco from Philadelphia International Airport - and Rappa did not see him for the next two weeks, he said. "For a man who didn't work, he lived pretty good," Rappa said. "When he came to live here five years ago, he worked for a computer company, and they let him go. He said he was going to just freelance. He was going to buy himself a computer." Rappa said Cummings often locked himself in his room for long periods. Computer Hacker Gets Prison Term Los Angeles - A computer hacker who admitted rigging radio call-in contests to win luxury automobiles, Hawaiian vacations and thousands in cash was sentenced yesterday to 51 months in prison. Kevin Lee Poulsen was also ordered by U.S. District Judge Manuel Real to pay $58,000 in restitution and serve three years supervised probation upon his release. Prosecutors called the sentence the harshest ever given a computer hacker. Poulsen, 29, faces additional charges of stealing classified Air Force communications. Bomb Made From Info From Internet Cape Girardeau, Mo. - A bomb found in a teen-ager's bedroom was made with information gathered from the Internet, police said yesterday. The boy's father found the bomb and brought it to police headquarters in this southeast Missouri town Wensday. "It was a fairly sophisticated device, constructed of gun powder and gasoline with Styrofoam melted into the gasoline," said Police Chief Howard Boyd. "It formed a napalm-like substance that will stick to you and burn." The case was still under investigation and the boy had not been charged, Boyd said Monday. He declined to release the youth's name or exact age. Bell Atlantic Nears Video Washington(AP) - Bell Atlantic Corp. cleared a crucial regulatory hurdle Friday in its plans to become a cable television provider. The Philadelphia-based company said it received a waiver from a consent decree that broke up AT&T in 1984 that will allow it to transmit video and other signals across local telephone boundaries. U.S. District Judge Harold Greene, who administers the decree, granted the waiver. Cell Phone Venture Bell Atlantic Corporation (BYSE:BEL) and NYNEX Corporation (NYSE:NYN) recently announced plans to combine their cellular operations, creating a new national wireless company that will operate in seven of the top 20 cellular markets, with a total population of 55 million. The combining of the cellular companies is scheduled to be completed this quarter. Thomas A. Bartlett has been named president of the Northeast regional territory for the Bell Atlantic Mobile and NYNEX Mobile joint venture. Recently, ACS Enterprises Inc., of Bensalem, providers of Popvision wireless cable TV, merged with CAI Wireless Systems Inc. It was reported at the time that Bell and NYNEX will develop technology for the wireless cable systems owned by CAI. Alan Sonnenberg, chairman and CEO of ACS, said an important ACS and CAI was the capital provided by Bell Atlantic Corp. and NYNEX Corp. The money will be used to fund the cash portion of payment to ACS shareholder and other CAU acquisitions. SOCIAL ENGINEERING BELL ATLANTIC BY SWALLOW: Introduction - This article lists important Bell Atlantic number, and tells you how to talk to them to get any information you want. If you learn to social engineer well enough, you can get anything you need on the phone company with my list below. Before you call work out an identity - have the following information ready: - you are calling from repair, station number xx (any number works from about 10-40, even though the repair stations are not separated like this - it sounds very realistic to stupid operators when you say "station 22 repair"). - the location of your office. Pick out a town near you where Bell Atlantic has an office with trucks parked out back. Example: Bryn Mawr, PA is what I usually use. So if they ask "who am I speaking to?", you say "This is Mark Abene at station 29 repair in Bryn Mawr." For best results, do not use the names Mark Abene, Emmaneul Goldstein, or anything starting with Bernie. Basic Rules - * if you ever get put in a tight spot, blame your supervisor, and work it out to a mutual agreement. THEM: sorry sir, I'm not allowed to give you that information-who is this anyway? You should know better than to ask for that... ME: duh... my supervisor gave me this number and told me to call. THEM: okay - don't let it happen again! * it's more casual as you may think. relax a bit - when talking, don't be afraid to make conversation, and small talk (how are you, etc.). * do NOT abuse these numbers. Some of them are very easy to get information from! If you abuse the numbers, then they will boost security! * if they ask a question and you don't know the answer, blame your supervisor again, and work it out to mutual agreement, swearing to call back. THEM: what is the ID code to get that information? ME: duh... my supervisor gave me this number and told me to call. I'd better check with him and call you back. THEM: duh, okay. * rehearse what you want to say, and make sure your goal is clear - do you know what it is you are calling for? * do NOT sound like a (for lack of a better term) dork. Sound like a real repairmen might. If you haven't gone through puberty yet, have somebody who has make the call for you. * yet again: use your supervisor as your security. Most of the operators on these numbers are not too bright. If they get their supervisors though, they'll figure it out. So - if you have confused an operator, and he/she wants to go get their supervisor, make a graceful exit, using your supervisor as an excuse. Stupid "not-quite-a-hack" hacks - Free local calls with redbox: Call the operator and tell her your coins are going in, but they're not doing anything - you're still not connected. The operator will dial the number for you, and will actually accept the red box tones as real money. Free LEGAL! calls: Call up repair (611) - flaming mad: "I'm trying to call this number, and I keep on getting reorder tone, and the phone ate my quarter, and the operator tried and it still didn't work! What's wrong with it!?!" Sometimes repair will put you through for free on the account of all your troubles. Fun Numbers - News line - 1.800.647.6397 This is the number that Bell Atlantic employees call everyday to hear a recording of Bell Atlantic news events. Usually boring, but sometimes they talk about fraud, and other naughty things. ANI - 958, 958-xxxx, 958-4100 ANI is automatic number identification. When you call this number, it will read your number back to you. This is good for finding out what number you are calling from if you are beige boxing, etc. In most of Bell Atlantic, it has something to do with 958. In the suburbs of Philly, it's 958-4100, in Philly and in south Jersey, the number is just 958. Try 958, 958-4100, and 958-???? where you live and see what happens. NOC (Network Operations Center, pronounce KNOCK) - The NOC is basically God. They have a lot of information, and they just wait for repairmen to call up and ask for it. So... try calling up and asking for the ESS switch in your exchange. Try calling up and finding out what they have. I have not had much experience with them yet. 703.205.4200 - NOC in Virginia. Try to bullshit them in to getting you the NOC in your own area if it's not listed here. This one appears to be the headquarters, or at least more important than the others - there are more people working there, and they have more information. 610.251.2600 - NOC for area code 610, southeastern PA, suburbs of Philadelphia. 215.451.2200 - NOC for area code 215, Philadelphia. If they tell you that they don't cover the area you are looking for, simply ask them for the number of the NOC that covers the NPA-xxx exchange. LAC (Line Assignment Center, pronounced ell-ay-cee) - 1.800.310.9898 Note: this is for the Philadelphia (215/610) area only. If you are in Philadelphia, and they tell you they do not handle that area, a) ask for the LAC that does, or ask to get transferred to "control". Tell control what you need, and for what area. This is like 555-1212 on steroids. They have the phone number of EVERYBODY who has phone service. Even companies and unlisted phones. The only exception to this is the NSA. The LAC does not have the phone number for the NSA, but after all, there is No Such Agency. Right, anyway: call up the LAC and say "Hi... I need the phone number for a customer at <<>>" There should be no problem. You can also get the cable pair from them by replacing the words "phone number" with "cable pair". Pretty clever, If you are really good and clever, you can use this number to get a CNA for a number you have, but this takes work - they are not supposed to give it out, though they have access to it very easily. QWIK TRIX: HOW TO MAKE SOMEONE'S FONE A REOUTER: (Ultra Call Forwarding) by Dark Phiber [Bell Atlantic Systems] In issue 7 I told you about the Ultra Call Forwarding (UCF) service. Well since that time I had been caught doing it and they have changed their security around. You now need to know the social security number of the line you wish to add the UCF service to. For most of you that is no problem at all. For the ones that can't get social security numbers as easily you need to social engineer a little more. I have found they won't ask you as many questions if you ask them more questions and sound sincere and get them to trust you. Another thing not mentioned in the first article about UCF was the TelCo's capability to track every number that the UCF line is forwarded to. They have printouts of when the line is activated for UCF and when it is deactivated for UCF. Dates and times are also included. THE UNDERGROUND ART OF ENCRYPTION BY KEY MASTER: [Formerly released in CSoft Magazine] How I see things, there has been one constant in human society since the very first day that we placed a footprint in the sand. That constant is of security. The security of information. The secret location of our cave which houses the badly needed food for the coming winter. The plans to a deadly bomb which could destroy our planet if obtained by the wrong people. What should we know? What shouldn't we know? In this information age, security of information is becoming an obvious issue. Did you know that the United States government is RESTRICTING certain forms of encryption from being used by the public? I wrote this article for anyone who is interested. It explains the basics of "Encryption", which is the intentional alteration of data in any medium (to "encrypt") to be indecipherable to anyone except those who have the scheme to "decipher" the data back to its original form. Sounds easy, doesn't it? :) This article is divided by topics in the field of Encryption, and, where appropriate, there are FYI's (For Your Information) to help explain terms you might not understand. ==FYI== "Code" and "Cipher" ? A "Code" involves the use of code words, symbols, or groups of numbers to replace words or phrases. For example, many police forces use "10-4" for Acknowledge, "10-9" for Repeat Message, "10-98" for Prison/Jail Break, etc. A "Cipher" is something TOTALLY DIFFERENT. A "Cipher" works with the elements of a message. For example, the letter "k" in the group of characters "jklm". ==FYI== "Clear; Key; Cipher" ? Three (3) main terms used in encryption. In the example of a message being encrypted, the "Clear" (also called "Plain") represents the message BEFORE encryption. The "Cipher" is what the message looks like AFTER encryption. And the "Key" is sometimes used to calculate the Cipher. Substitution ~~~~~~~~~~~~ Substitution, as the name implies, involves substituting one thing with another. "Simple Substitution": Simple Substitution is a cipher with a single cipher character replacing each clear character. The most common way to get a simple substitution table is to start with a key word (which must NOT have repeating characters in it). Let's use the word "CODER" as our key. Clear : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Cipher: C O D E R A B F G H I J K L M N P Q S T U V W X Y Z After that, the left-over letters are placed in order. However, if we were to do only that, many clear characters and cipher characters will actually remain the same! To avoid that, we first rewrite the cipher alphabet under the key word: C O D E R A B F G H I J K L M N P Q S T U V W X Y Z Now, starting with the leftmost column, we rewrite a revised cipher alphabet: Clear : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Cipher: C A I N U Z O B J P V D F K Q W E G L S X R H M T Y That's more like it. Now each character has a DIFFERENT character to substitute itself with. Let's encrypt "KEY MASTER" using the above "Simple Substitution" table: Clear: K E Y M A S T E R Cipher: V U T F C L S U G There are many variants of Simple Substitution for the computer. The three most common involve using the logical XOR operator, adding and subtracting ordinal values, and digit-swapping. ALL of these methods are different forms of SUBSTITUTION. "Polyalphabetic Substitution": Polyalphabetic substitution involves MULTIPLE ALPHABETS and usually has a variable key. An example of a Polyalphabetic Substitution cipher is the "AutoKey Cipher". On top of using a variable key, the AutoKey Cipher uses a NON-REPETATIVE key. It creates a non-repetitive key by creating the key, based upon the data being encrypted, as it encrypts. Let's start with a typical polyalphabet table: a b c d e f g h i j k l m n o p q r s t u v w x y z ^ a A B C D E F G H I J K L M N O P Q R S T U V W X Y Z b Z A B C D E F G H I J K L M N O P Q R S T U V W X Y c Y Z A B C D E F G H I J K L M N O P Q R S T U V W X d X Y Z A B C D E F G H I J K L M N O P Q R S T U V W e W X Y Z A B C D E F G H I J K L M N O P Q R S T U V f V W X Y Z A B C D E F G H I J K L M N O P Q R S T U g U V W X Y Z A B C D E F G H I J K L M N O P Q R S T h T U V W X Y Z A B C D E F G H I J K L M N O P Q R S i S T U V W X Y Z A B C D E F G H I J K L M N O P Q R j R S T U V W X Y Z A B C D E F G H I J K L M N O P Q k Q R S T U V W X Y Z A B C D E F G H I J K L M N O P l P Q R S T U V W X Y Z A B C D E F G H I J K L M N O m O P Q R S T U V W X Y Z A B C D E F G H I J K L M N n N O P Q R S T U V W X Y Z A B C D E F G H I J K L M o M N O P Q R S T U V W X Y Z A B C D E F G H I J K L p L M N O P Q R S T U V W X Y Z A B C D E F G H I J K q K L M N O P Q R S T U V W X Y Z A B C D E F G H I J r J K L M N O P Q R S T U V W X Y Z A B C D E F G H I s I J K L M N O P Q R S T U V W X Y Z A B C D E F G H t H I J K L M N O P Q R S T U V W X Y Z A B C D E F G u G H I J K L M N O P Q R S T U V W X Y Z A B C D E F v F G H I J K L M N O P Q R S T U V W X Y Z A B C D E w E F G H I J K L M N O P Q R S T U V W X Y Z A B C D x D E F G H I J K L M N O P Q R S T U V W X Y Z A B C y C D E F G H I J K L M N O P Q R S T U V W X Y Z A B z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A ^ ^ Here we have 26 DIFFERENT, possible alphabets to use. The principle of the AutoKey Cipher is that the cipher character determines the cipher used for the next character. However, there must be an initial key to start the process going. Let's use "J" as the initial key, for example. Now let's encrypt "KEY MASTER" using the AutoKey Cipher with the above polyalphabet table: Clear: K E Y M A S T E R Cipher: Z V X L L T A W F We started with "J" as the initial key. We go along the top row and find the "J" column. Then we go down until we find the letter to be encrypted. Then we go over to the left and find out the cipher letter. I put the ^ symbol under the letters to follow for the first character to encrypt, the "K". Also notice that this method totally stomps on a frequency count because, in the above example, two totally different letters represent the letter "E". ==FYI== "Frequency Count" ? A "Frequency Count" is one of the tools used to break encryption schemes. For example, the characters E, T, A, O, N, I, S, R, & H make up more than 70 percent of the average text; the characters T, O, A, W, B, C, D, S, H, F, M, R, I, & Y are the initial letter of most words; the characters E, T, D, S, N, R, & Y are the final letter of most words. These and tons of other facts about the English language help code breakers determine a text message. Transposition ~~~~~~~~~~~~~ Transposition, UNLIKE substitution, involves SWITCHING one thing with another by methodically mixing up the characters to make the message unreadable. Let's encrypt "KEY_MASTER" using the simple "Rail Fence Cipher". First we write the message in some form of a rectangle or square, then rewrite the message arranging the letters in diagonals. Clear: K E Y _ M A S T E R K E Y _ M A S T E R Cipher: M _ R Y E E T K S A Super Encipherment ~~~~~~~~~~~~~~~~~~ Up to this point, we have been dealing with PRIMARY concepts of encryption. "Primary", meaning you encrypt something with one encryption method and that's it. Welcome to what is called "Super Encipherment". It involves encrypting something that is ALREADY encrypted! Probably the best and safest way to do this is to mix a Substitution Cipher with a Transposition Cipher. Before you attempt this, I want to tell you that TRUE Super Encipherment means NOT "canceling out" the primary system of encryption!!! ==FYI== "Canceling Out" ? ANALOGY: 1 + 2 = 3. The answer is 3. For our purposes, 3 makes 1 and 2 meaningless. 1 + x = 1 + x. The answer, in this second case, is the question. There are NO COMMON TERMS to simplify, as in the first problem. When one encryption method "cancels out" another, that means there are common terms between the two methods--which would actually equate to ONE encryption method. When that happens, Super Encipherment does NOT exist with that particular scheme. EXAMPLE: A double XOR. Let's encrypt the number 4 with two XOR keys. 4 XOR 75 = 79. 79 XOR 77 = 2. Ok, we just DOUBLE XOR'd a byte with TWO SEPARATE KEYS! WOW! Sounds great, huh? These two methods "cancel" each other. Watch: 4 XOR 6 = 2. As you can see, XORing a byte with 75 and 77 is the same as XORing the same byte with 6. Compression ~~~~~~~~~~~ Believe it or not, "Compression" can be a form of encryption. Compression means that the encrypted version is SMALLER than the decrypted version. Common computer utilities made by various people that can compress data include PKZIP, ARJ, LHA, and STACKER. Getting into this will blow the scope of this article, so I will just say it exists. Random Numbers ~~~~~~~~~~~~~~ A side note about "random numbers": should you ever find the need to have a "random number", keep in mind that it is NOT POSSIBLE. True randomness does not exist as far as we know. We can't simply sit down and write numbers that come into our heads. We'll be unconsciously including patterns. Computer number generators use very complex equations to put together a string of numbers that don't repeat quickly and which have very subtle patterns. It's only logical to see that any generating system which depends on an equation, however complex, will leave its pattern in the numbers. The closest one can get to true randomness is from a statistical table of some sort, such as from WORLD ALMANAC and stock and bond price listings in the financial pages of the newspaper. That's about it for this article, I hope you've learned something about encryption! If you want to contact me, I can be reached via Internet, or at SPIRAL AbYSS, my BBS, at 215-968-1574. INTERNET: kmaster@delphi.com TOO MANY SNOOPS BY SPOOKY: The capture of our beloved leader Dark Phiber *coughNOTcough* ;) got me thinking about how few of us tkae any security precautions against feds, parents, and other snoops. I mean that h/p shit on yer puter can probably get you into alot of trouble, especially if the feds find it. So I thought that i would address this issue with my next article, and here it is! (Note: I am currently running DOS version 5.0 so some of these tricks may not work if you are running anything else. ;P) %Software Barriers% 1.Password protect the BIOS- I kniow most of the newer puters will let you do this, although mine won't =( This is especially good because that way you can't boot from A: and bypass it. 2.Install a 3rd party pasword system- In case you can't lock your BIOS you shoulf definately fo this. Just be sure to put the call to the password system in the 1st or 2nd lines of your autoexec.bat so that you can't control-c out of it. There are plenty of these programs out there for free. One place to look is at the CERT faculty on the net. Maybe when I learn to program I'll make a password system and release it for cafbl. Look for it in the future.... 3.Hide your secret files- here's how i did it.... a.make a directory to store the files in (in an inconspicious place, like off of C:\DOS) b.hide the directory with attrib c.in your config.sys file, add the following lines: install doskey doskey keystrokes=macros doskey dir /a=fool.bat dosket dir /a:h=dir *What this does is makes it so that when a snoop types dir* * /a * *to list your hidden files and directories, it'll run * *fool.bat * *instead. And when they type dir /a:h it will just run * *plain dir * d.then hide config.sys and make it read-only e.next make a batch file called fool.bat(or whatever, be sure it's same as what you told doskey to call however) that will 1st clear the path, then call fooledu.bat. Put this file in your path and hide. f.now make another batch file htat will echo the same thing that dir /a shows when there are no hidden files. Make one for every directory, making sure to change the "Directory of . . ." line accordingly. At tyhe end of the file, add a line that will restore the path. *The whole purpose of clearing the path is so that you run* *the * *fooledu.bat in the directory that you are in at that * *time, not * *the one in the path. Not very fancy, but it works. * g.then rename attrib.exe and then hide it so they can't just hit attrib and list all of your hidden files that way. 4.Destroy the evidence- Ok, your sitting there hacking NASA when all of the sudden you hear a knock at the door them your mom calling you saying that some federal agents would like to talk to you. Uh-oh! What do you do? Format the drive? No, that takes too long, erares all data including legit stuff, and can be undone. Well I have a better solution. Here's what you do. Make a batch file containing something like this: cls echo installing sharware, hold . . . kill c:\dos\hack*.* >nul rd c:\dos\hack >nul kill c:\stuff\warezz\*.* >nul rd c:\stuff\warezz >nul md c:\shareware copy c:\dos\game.com c:\shareware >nul echo instillation complete! delete %0 >nul Note:KILL is one of those programs that overwrites the program with ones and zeros, making recovery impossible.(for extra security) GAME.COM is just a batch file converted to a com that echos 'runtime error at 4410:001B' that way if the spam asks you what you are doing you can say that you are installing a shareware game and run the com(previously hidden in c:\dos or wherever) which should convince him you are telling the truth. btw-the DELETE %0 at the end of the batch file just deltes the batch file, totally destroying the evidence. %Hardware Barrier% 1.Destroying your backups- In case you get raided by the feds/cops/telco, you will most likely want to have a way to quickly destroy you backup copies of any h/p stuff you have on disk. Well the method that i have ready to use is pretty simple. Just take some wire, wrap it around your box that you store your disks in, then connect one side of the wire to a 9 volt battery's negative side, and the other to a SPST switch which then in turn is connected to the positive side of the battery completing a simple electromagnet. When/if the feds ever come, flick the switch on and your disks will be scrambled. If you wanna be fancy, you can install a battery holder. Also, you can drill a hole in your desk and mount it there. *NOTE:I have no method of destorying the data on the HD * *physically, but i imagine that if you have the * *electromagnet close enough when you turn it on it would * *affect it, maybe even scramble all of the data but right * *now i don't have a HD to test this theory out on. But i'll* *get back to you's on it when i find out. *