Every few months or so, I find myself reading the new issue of 2600, The Hacker Quarterly. It’s not a great magazine, or even a good one sometimes, but even if there are no useful articles or projects to tinker with in it, I always get enough laughs out of it to make it worth picking up. This time, I’ve decided to write an article-by-article review of the issue, to give you an idea of what usually shows up in 2600.
Emmanuel discusses the changing landscape of hacker culture. I’ve often made a similar point to his: The hacking “scene” used to be about gaining access to systems and networks for the purposes of experimenting and learning about things that would have normally been inaccessible. Nowadays, with cheap computers, free operating systems, and widespread internet access, it’s hard to justify unlawful intrusion. Now, don’t think for a minute that this sort of logic stops the authors of the more ridiculously malicious articles and letters that you’ll see in 2600. More on those in a bit.
2600 will publish anything. This is part of the spirit of the magazine, giving everyone a voice, however it puts the burden of separating what’s good and what’s bad onto the reader. Unfortunately, the reader is not always a good judge of this, especially if they’re new to a topic.
- “Users are dumb, all of them. If they weren’t dumb, they’d have written the app themselves, so assume they’re dumb.”
- “…we may be able to get some secrets out by putting some weird stuff in (technical name here is SQL Injection).”
The Shifty Person’s Guide to Owning Tire Kingdom
This is probably one of the most unapologetically malicious articles I’ve ever seen published in 2600. This one doesn’t even start with the “don’t really do this” disclaimer that these articles usually have. The author demonstrates pretty intimate knowledge of Tire Kingdom’s configuration, indicating that he either works there, or worse, has actually pulled this stunt.
The process of “Owning Tire Kingdom” seems to be a week-long epic adventure. It’ll also require a lot of nerve from people who want to follow along, as it involves a lot of personal contact, social engineering, and sitting at the actual terminals in the store. If successful, there’s the collateral damage of taking an entire store in the chain offline for some time. There’s also a prison sentence in it for you, especially if they’ve fallen for this before and see some of your tricks coming. Even if they haven’t seen it before, most of what you’d be doing is pretty suspicious.
None of it is really that useful or applicable to anything else, so it’s hard to imagine a good reason for publishing it. It would be funny to see some kids getting caught trying to duplicate the author’s efforts, though.
- “…then grab a phone and walk it around a corner for some privacy.”
Enhancing Nortel IP Phones with Open Source Software
Ariel Saia comes through with one of the good articles in this issue. He uses DD-WRT with OpenVPN to use an IP phone at home as an extension of his office phone system. It’s short, simple, and well written. It’s probably nothing new for VOIP-heads, but for the rest of us it’s pretty good
This is a regular segment written by “The Prophet”, a telecommunications insider that typically relates some fun knowledge to the reader. This time, it’s about SMS Short Code numbers and the scams that typically revolve around them, with some historical perspective presented of 900-number and long-distance carrier scams. It’s a very fun read.
Kousu writes a pretty good article on reversing the obfuscation that SourceCop applies to PHP code. It’s neat, easy to follow, and very similar to some of the deobfuscation articles on the Internet Storm Center’s blog. He has a unusually strong hatred for obfuscation, calling it “nauseating” and “as evil as ASCII can get”, but it’s a good introduction to the topic if you’re interested, and should be easy to follow along with if you get your hands on something obfuscated with SourceCop.
This is also the first appearance of the typical 2600 writer’s ineffective disclaimer in this issue. This time it’s “Boilerplate: I don’t officially condone any of these activities, of course. Use your own judgment.”
Getting 2600 The Safe Way
Alright, after a few good articles, it’s back to some lulz! “daColombian” is super-paranoid about buying 2600, and is even afraid to check the website for new issues, lest his network admin finds it in the logs or whatever. So his trick is to use his personal web site to display the cover image to him, so he can tell when the new one is out. He presents a small ASP page that does this (and grabs the latest Dilbert comic!), but there’s a flaw in his plan: the image is hotlinked straight from 2600.com. If the network admin actually monitored his web access, he’d notice the 2600.com traffic anyway.
- “I live in a very small town where everyone knows everyone’s business and I can only imagine the uproar that the arrival of 2600 would cause.”
Fun at the Airport
Evil Wrangler presents a number of ways that terrorists could get past TSA checkpoints at an unnamed major airport, most of which would result your immediate arrest once you’re spotted on security cameras. Some of the scenarios are pretty ridiculous too. I’m not sure why terrorists would want to lob explosives into the secured area from the mezzanine, when they could get the same people while they’re waiting in line outside of it. He spots security cameras hooked up to wireless routers and assumes that they’d be hijack-able over X10 (if he’s got his terminology correct with “router”, it implies that these things are talking 802.11).
Basically, if you’re not Bruce Schneier, there’s a decent chance you don’t know what the threats and risks really are when you’re talking about airport security.
I don’t really know a lot about XFire. It apparently keeps track of how long you’re playing specific PC games and publishes this data online. Why? I’m not sure. I don’t want anyone knowing how much time I’m wasting personally . Akurei was disappointed with the fact that XFire doesn’t log the amount of time he spends in the development suites for NeverWinter Nights 1 and 2, so he figured out a way to modify XFire’s ini file to trick it into logging those processes as well.
This is another recurring feature, written by a different author each issue. This time it’s written by Mitch Altman, who developed a device, TV-B-Gone. TV-B-Gone is a keychain device that bursts out infrared codes for turning off many different models of televisions. It seems like a very passive-aggressive approach to imposing your dislike of TV on others. Personally, I like watching Hell’s Kitchen each week, and don’t mind dropping an hour or two here and there on entertainment.
This article really isn’t about that, though. It’s a well-written story of how he got to where he is, and I enjoyed it.
- “Wiring the basement for sound with the homemade stereos I built was important for listening to Pink Floyd’s Dark Side of the Moon really loud, way high on pot (from the homemade electronic bong I made), meditating on fixing myself so that other people might actually want me around. That brings me to what really saved my life. Pot.”
I wonder how long that lasted, with Blackhat and Defcon in the area this past week and weekend .
Folks really ought to take more credit for their accomplishments. Here we have a nice, short writeup of how to gather historical/hidden information from websites using archive.org’s Wayback Machine. The author, however, uses the pseudonym “ilikenwf”. Is NWF a wrestling thing?
At the end of the article, he gives a link to his forums, on his personal website, so he’s not trying to keep his name out of the public eye or whatever. While I can understand Mr. Felony not wanting to take credit for the Tire Kingdom article, it’s strange to see all of the non-sociopath articles that are written under pseudonyms. I guess it’s an old school BBS kind of thing.
Hacking Answers by Gateway
“Franz Kafka” used to work as a phone-jockey for Gateway and reveals how to get help from them for troubles with pirated software. The trick is: Lie about it! According to Kafka, this same groundbreaking technique also works for getting Gateway’s help with disabling BIOS and Windows passwords.
If you can’t use pirated software without having to call someone else up for support, perhaps you should spring for a legitimate copy. 2600 gives out free subscriptions for articles like this!
- “I have parted ways because my colleagues have a different mentality about hacking than I.” Apparently, so do I.
“Opinions” (compared with the cold hard facts in the rest of the magazine ) is probably better described as a “Letters to the Editor” section. It’s huge, and one gets the impression that, much like the articles, almost every single coherent letter is printed. This is usually my favorite part of the magazine, since you have a good blend of crazies, people calling out the authors of articles on their mistakes, and paranoia. Here’s a rundown on what you will find in this month’s issue:
- Seven letters about the printing and binding of the issues. The text is too small, the ink rubs off on my fingers, I liked the staples better, etc. etc.
- Crypto-nut dthorn responds to all of the people who are criticizing his “Algorithmic Encryption Without Math” article and algorithm. He honestly believes that if you read his work you’ll find “things Bruce Schneier doesn’t want you to know.”
- Two letters in response to a previous sociopath-of-the-month article on stealing library books. Maybe once you’ve cracked that, you can start stealing candy from blind kids.
- Apparently, “Cliff”, who wrote the awful article on “Discovering Vulns” this month, wrote an article on bump keys, because there’s a letter here from a locksmith who’s disappointed with that article as well. “Cliff makes up a lot of terms”… sounds familiar.
- Letters from people who have hacked their way past content filters at school. Back to studying, you kids
VoIP Cellphones: The Call of the Future
Toni-Sama presents a short summary of the different technologies being used to implement Voice over IP calling for cellphones. It is informative if you’re interested in that sort of thing, but there’s nothing too technical here. Mostly just a list of what acronym-laden services each provider is or will be offering.
Pandora Hack – Get Free MP3s
SickCodeMonkey describes a way to download MP3′s that are streamed to you by an internet radio station. I haven’t tried it out, but it seems like a lot of trouble to go through for one song at a time. I believe I remember the guys at the Hak5 forums having a more automated solution for this. Personally, I’d recommend archive.org’s live music archive, which has more great music than you could ever listen to, without having to worry about the RIAA sending your ISP letters.
Adventures in Behavioral Linguistics
Neuro-linguistic Programming. Marxc2001 certainly seems to think he knows what it’s all about and describes it fairly well. Personally, I think that confidence and planning are more critical to the success of good social engineering attempts, but if subscribing to the tenets of NLP helps someone with their confidence, more power to them. Personally, most of my exposure to NLP has been from the sort of people who are wishing really hard to have “Jedi mind tricks” in real life.
“Dragorn” gives some pretty good advice for improving your operational security in situations where you should be more paranoid. He advises you to run potentially vulnerable software (such as your web browser) as another user that has no access to your private data, which is a pretty good idea (although may not be convenient for you). He also advocates the use of whole-disk/partition encryption, which I agree with, so long as you understand that once the password is entered and the disk is mounted, it’s wide open to whatever processes are running.
An ISP Story
Another phone-jockey (for an ISP this time), relates a story about trying to help someone who is continuously having their account compromised by unspecified MSN exploits. He couldn’t do much, and neither could the people he telephoned at the attacker’s ISP. Service providers simply can’t afford to hire the sort of security experts/technicians that would be required to investigate all incidents like this. Efforts should be placed on locking down the victim’s setup, and prevent future incidents.
Hacking Whipple Hill with XSS
“Azohko” presents a cross-site scripting vulnerability in some school schedule management software by Whipple Hill. This isn’t anything different from the usual XSS you would see on full-disclosure every day, although at least the vendor was notified and they attempted to fix it (badly).
Haunting the MS Mansion
I wasn’t aware of it, but apparently the Norton Ghost 9 bootable CD is based on Windows XP. “Passdown” describes how useful this can be when doing (very simple) recovery of Windows systems, especially those using NTFS. It seems like a pretty decent alternative, if you can’t convince a Linux LiveCD to do what you want.
Reading ebooks on an iPod
“DBTC” covers a few different options for converting long text files into multiple linked “Notes” for viewing on an iPod. This works, but from personal experience, I’d have to say it’s not a very pleasant way to read something. The limitations of the notes system to 4,000 characters or so per file, and the small screen are a bit too much for me.
Java Reverse Engineering
I was really looking forward to reading this article, when I looked at the Table of Contents. Unfortunately, other than telling you to use a Java decompiler, there’s not much real reverse engineering going on here. “quel” spends a couple of short paragraphs on the actual reversing process, and he winds up being more cryptic than the decompiled code itself. The majority of the article is spent on printing the source code to a key generator for Zend Studio, the application being reversed. This article is probably of more use to people who want to pirate Zend Studio than it is to those who are actually interested in reverse engineering Java applications.