Review: 2600, The Hacker Quarterly, Winter 2007-2008

Once again, I have my hands on the newest issue of 2600 magazine, and I’m writing an article-by-article review. As usual, there are some interesting articles, some laughable articles, and some articles that are just plain bad. I hope you enjoy the review, and maybe it’ll inspire you to pick up a copy of the magazine and see how much entertainment you can get out of it ;).

The More Things Change…

In the introductory article, Emmanuel Goldstein reflects on 2600′s upcoming 25th year of publication. He makes some observations about how dramatically things have changed in computing and society, which are mostly right on. One interesting comment that he makes, that I’m not sure if I agree with, is that if 2600 started publication in 2008, rather than 1984, it would have likely resulted in them being branded as potential terrorists. I don’t believe 2600′s age has much bearing on how it’s percieved by the world, or to put it more directly: If someone wanted to call them terrorists, I don’t think they’d let 25 years of publication stand in their way.

Power Trip

I always love to discuss the disclaimers used in 2600 articles, and here we have a great example of the “anti-disclaimer”, complete with political commentary comparing the current administration with the Gambino crime syndicate. The purpose of OSIN’s article is to detect and record “secret warrantless searches” by using networkable cameras and wireless access points to set up monitoring for you while you’re away. This includes some information on how to use UPS’s to maintain power, in case your intruders cut power, and storing results locally, in case your network link is also taken down.

I’m not sure that it’ll do you much good, if you’re in a situation where you might be “searched” by the government, however the same principles would apply well to other kinds of intruders as well. This article might be of some interest if you’re setting up some home security, and you’re looking for ideas.

Building Your Own Networks

Casandro presents a summary of how one can create their own networks that span ethernet, wireless, and existing networks by using VPN tunnels. It’s difficult to cover a topic like this in only two pages, so while it serves as a good source of inspiration and ideas for someone new to this, it is by no means going to be the only thing they need to read to get started. Casandro does provide some scripts that should make things a little easier, and even invites people to contact him to tunnel into his own small network. Hopefully he won’t regret that :) .

Pirates of the Internet

This article starts off with black_death stating that his motivation for writing an article on piracy is because the one he read in 2600 in the Summer 2004 issue was so bad. The irony of this, is that this article is pretty awful too. While claiming to be “an active member in the warez community”, all he is able to accurately describe is the bottom-tier of the warez scene: p2p, torrent sites, rapidshare links, and warez forums. He does manage to plug his own warez forum, however: “kronikfilez.com”.

Telecom Informer

The Prophet’s short and informative articles on different aspects of telephone systems are always something that I know I’ll enjoy reading. This time, he presents a basic overview of the 911 system, and what happens when a 911 call is made. He includes some discussion of difficulties that 911 systems have with VoIP, wireless, and spoofed ANI. It’s well written, and easily understood even if you’re like me and you’re not an expert on phone systems.

Darknets

WillPC discusses the concept of darknets in a way that make them seem an awful lot like VPNs, but then goes on to link the Freenet Project and WASTE, which intend to develop private anonymous networks. While the purpose is stated as being to “swap information freely”, it’s pretty obvious through the rest of the article that the focus is on piracy.

Scanning The Skies

I used to really love exploring the different feeds available on analog C-Band satellite back in the early to mid-nineties. In this article, GutBomb gives some coverage to the sort of equipment you need to be able to tune into digital satellite feeds, and I have to admit that if I had a place to put a dish (currently living in an apartment), I’d be all for tinkering around with it. This article is well written and interesting, especially if it’s your first exposure to experimenting with satellite broadcasts.

Essential Security Tools

Gr@ve_Rose gives us the “where”, “what”, “when”, and “how” of a handful of useful network tools: nmap, amap, tcptraceroute, grass.pl, netcat, and ike-scan. amap is a little strange of a choice, as nmap currently has protocol/version probing with the “-sV” option, and I’m not sure what grass.pl (which the author of the article wrote) is able to do that netcat can’t. There’s an error in editing at the end of page 18, where it titles the next tool as being hping and gives a link to it, and the beginning of page 19, where it continues as a description of tcptraceroute. This is unfortunate, as hping would have been a great tool to cover here.

Decoding Experts-Exchange.com

Apparently experts-exchange.com used to encode answers to problems in ROT13, and Phatbot (with the excellent email address “chunkylover37@gmail.com”) demonstrates how to decode the text. There’s an editorial note that the trick no longer works due to changes in Experts-Exchange, so there’s not a lot of point left in this article. At least it’s short :).

An Introduction to Beige Boxing

From the talk about red boxing, Palm Pilots, and harassing AT&T operators, this article by Erik Paulsen has the distinct feel of an article that’s been waiting 12 years or more for publication. Even back in the day, I never understood how soldering alligator clips to a phone required so much discussion. This is one of those times where it’s obvious that 2600 will publish anything that gets sent in, and might even hang on to it for a decade or so.

Hacking the Sandisk U3

Nothing you can’t find here. There are also much more advanced payloads that folks on the hak5 forums have written based off the findings that I posted here. This article by Mercereau demonstrates another obvious point about 2600: A lot of the research is not as original as it is presented to be and sources are rarely cited.

Exploring AT&T’s Wireless Account Security

This article by satevia discusses the access to customer information that AT&T customer service representatives have, and how that information might be social-engineered out of them with minimal knowledge about the account in question (it seems that a phone number and billing address is usually enough). The author claims to have worked for Cingular before the name-change, and it looks like that this is true, judging from his knowledge of how the call centers operate. There’s nothing hugely unexpected here, but it’s a good read, especially if you’re an AT&T customer, like myself.

Hacker Perspective

Every issue of 2600 has a “Hacker Perspective” article, where a well-known hacker is asked to write on a topic personal to their development as a hacker. This issue’s author is Rop Gonggrijp, who is unfamiliar to me, but seems to be very involved in the European scene, and a regular on the Off the Hook radio show. More importantly, he seems like a really great guy, and discusses his involvement in getting insecure voting machines taken out of The Netherlands’ elections without having to go too heavily into the politics of the situation. I really enjoyed reading this article.

(More) Fun With Novell

Cronicl3 gives us absolutely the worst article so far. This is your typical school-hacking article, except that it’s so comically bad that it manages to go the entire page without mentioning anything related to Novell.

PayPal Hurts

Estragon hits the nail on the head here with PayPal. They’re not a bank, and have their own rules and regulations that favor themselves above any other party in a transaction. When charges are reversed in a PayPal transaction, not only is the transaction fee lost, a reversal fee is also assessed against the recipient. There is very little protection for PayPal users who are not selling tangible goods. Estragon believes that this could be leveraged as a sort of attack against charities or political candidates that take paypal donations, and he’s probably right.

Facebook Applications Revealed

I have been curious about the security implications of the new-ish Facebook application API, and stderr does a good job of giving some examples of problems with current Facebook applications. The vulnerabilities presented in the three apps stderr covers are simple and not of much consequence, however the article is well written, and would serve as a good starting point to anyone interested in looking at simple problems of web security in general.

Declarations

The “letters to the editor” section is always worth reading for laughs and drama. A few gems from this issue:

• More binding drama, with the past issue falling apart in readers’ hands.
• A guy who wants to write an article about travelling forwards in time with a modified space shuttle.
• A guy talking about how you can mess with pacemakers with magnets and handheld programmers.
• A very indignant response to the hilarious “Hacking 2600 Magazine Authors”, which remains as one of my favorite 2600 articles that I’ve reviewed here. Agent Smith really hit a raw nerve with some people, apparently.
• Goldstein defending why he published the “Target: For Credit Card Fraud” article that I gave a particularly bad review of last time.
• “Please stop all subscriptions addressed to the facility listed above. This is a state hospital for civilly committed sexually psychopathic personalities and sexually dangerous persons…” LOL

Hacking Windows Media

Alt229′s article on removing the DRM from WMV files really made me happy that I don’t often have to deal with DRM. It seems like such a pain to have to install a fresh copy of XP and a specific version of Windows Media Player that can be attached to with a debugger. He provides all the tools necessary, and discusses a bit on how to use them, though, so if you’re caught having to deal with a restricted WMV, you might be able to do something about it after reading this article.

The Noo World

I always read the entirety of every article that I review for these posts, but I just couldn’t do it with this one by Agent5. I skimmed it, and I just can’t get myself excited about a writeup on various mind/mood/attention modifying drugs. I really hope that no one takes this article to heart and starts experimenting with these kinds of drugs without medical supervision.

Forensics Fear

This one’s probably the funniest article in the issue, because the author “Anonyous Chi-Town Hacker” makes a conscious effort to not mention the name of the company he works for, and the product in question, when it is obvious from the text that it is Guidance Software’s Encase Enterprise Edition. If you’re reading this review, go ahead and open that link in another window so they can get plenty of hits from this as a referral URL, because this guy is just begging for the “Hacking 2600 Magazine Authors” treatment. Basically, the software allows an organization to take remote forensic images and perform remote investigations on their computers. Neat stuff.

Transmissions

Dragorn talks about various issues with privacy related to browsing, searching, and using various web sites. There isn’t much new here, and it’s kind of boring :(.

Cracked Security at the Clarion Hotel

This is probably the first 2600 article that I’ve read where the author (in this case, Gauss VanSant) completely fails at accomplishing anything productive regarding wireless networks, and yet just randomly stumbles across something that someone else has hacked. Apparently, an XP machine in the hotel’s computer lab had been infected with a variety of keystroke loggers and remote access trojans. Not much to see here.

Building Your Own Safe, Secure SMTP Proxy

In this article, sail0r gives us a way around your organization’s limits on connecting to external SMTP servers. Whether or not you should be doing this is another question. The solution presented is to have a python script act as a local SMTP server, scp the messages externally, then send them from there, however it seems like an easier solution might be to simply tunnel the protocol over SSH.

Zero-Knowledge Intrusion

S. Pidgorny hits us with a pretty interesting, and mostly theory, article on how to evade IDS when launching an attack on an organization. He has good suggestions, mostly revolving around passive sniffing, connecting to the network only in ways that legitimate clients connect, and only generating traffic that legitimate clients would generate. It’s a good methodology for performing an attack, if that level of care is required. Similar in spirit to the “Tactical Exploitation” talk from the 2007′s Blackhat USA

Booting Many Compressed Environments on a Laptop

Scotty Fitzgerald has a pretty neat idea here. If you don’t have enough room on your hard drive for as many operating systems as you want to run, and you don’t mind a bit of overhead in time switching between operating systems, you can rig up a system where you compress images of different operating systems and restore them to your “working” partition whenever you wish to use them, using dd and gzip. Changes can be saved by compressing the partition back down into the saved image. Pretty clever.

Avoid Web Filtering with SSH Tunneling: Encrypted Circumvention

Tessian reminds us that it just isn’t an issue of 2600 without having yet another article on how to tunnel traffic over SSH. A fitting end to this issue.