Title: Stealing the Network: The Complete Series Collector's Edition
Authors: Johnny Long, Ryan Russell, Timothy Mullen (among many others not acknowledged on the cover)
Publisher: Syngress Publishing
Release Date: May 18th, 2009
ISBN: 978-1597492997

I have just finished a marathon session of reading “Stealing the Network: The Complete Series Collector’s Edition” and I have a very conditional review of it:  It’s a must-have if you don’t already own the previous editions of these guilty pleasures.  If you are already a fan, however, prepare to be let-down by the compilation.

The stories of the Stealing the Network series entertain in the same way that “war stories” from fellow hackers and security professionals often keeps a more intimate audience’s interest: by mixing intriguing situations with juicy technical detail that can serve as a useful take-away.  No one will accuse these books of containing fine literature, but that’s not really the point.  The stories are well written enough to keep you wanting to know what will happen next, while the technical information is as accurate as you’re likely to see in fiction.  Segments involving hacking are written and illustrated with enough attention to detail and length to serve as introductory educational tutorials for the topics (including web application hacking, reverse engineering, and wireless security).  Most of these scenarios are believable as parts of larger-scale operations.

The first book of the series consists of independent short-stories based around characters of the authors’ creation.  The other three books in the compilation tell an over-arching story of a larger “operation”, which involves many characters and their independent stories.  The second book, “How to Own a Continent”, is probably my favorite, along with the first (“How to Own a Box”), for keeping things simple, technical, and focusing on the individual stories.  The third book, “How to Own an Identity” suffers from having worse editing then the rest of the series, and may lose some readers’ interest.  The fourth book (“How to Own a Shadow”) reads a lot better, and wraps the overall story up well, however it focuses only on a relative handful of the series’ characters.

As a compilation, this Collector’s Edition leaves much to be desired.  While the original description for this edition described the books contained within as being “author-annotated”, this is not the case.  The individual books are reproduced exactly as they were in their original editions, with no additional commentary from the authors, and with all the same problems as the originals.  For example, screenshots in the first chapter of the first book are the same illegible black squares that were in the original edition of the book published 7 years ago.  The annotations along with other features described in the original description (emails, photographs) that would provide a lot of interesting background material, would have made this compilation a must-buy.

The extra content that you are receiving is a brief new forward by Jeff Moss, and a “Final Chapter” by Ryan Russell.  The new chapter is about 20 pages long, and gives the story-line a proper ending.  I won’t ruin anything about it, but I will say that I enjoyed it.  Syngress has promised in the description of the book to make this content available separately in electronic form in six months.

The included DVD is described on the back-cover copy as being “full” of behind-the-scenes stories.  In reality, you will only find 20 minutes of interviews with a few of the authors.  I enjoyed these interviews, however, much like the print companion, I felt like more should have been done.  Also beware that there are problems with the audio on the DVD.  When played on my MacBook, there was noticeable crackling/popping in the audio of the DVD.  The same noise was present, but less noticeable when played through a stand-alone DVD player through a television.

To summarize, I like the books, and find them as entertaining as I did when they were originally published, and I like the new hardcover binding.  I do think that it is unfortunate that the “Stealing the Network: The Complete Series Collector’s Edition” does not meet its potential to be more than the sum of its parts.  There seems to have been intent at some point to add value to the set, but it wound up simply being a rough concatenation of the individual books.

If you haven’t read these books, then I very much recommend picking up this set.  It’s 1,000 pages of interesting stories and technical material.  If you already have the previous editions of the Stealing the Network Series, however, you might find it hard to justify paying for them again.

You probably already know this, but Johnny Long is a really great guy. He’s donating the proceeds of this book to the AOET:

AOET is an independent, indigenous non-governmental organization with the prime mandate of providing an education (formal and/or vocational) to desperately poor, neglected and forgotten orphans whose parents have died of AIDS. AOET assists children with AIDS and widows that have lost their spouses to AIDS and most of them HIV+themselves.

In addition to being an excellent cause, this is also a great way for an author to make a reviewer feel bad about saying anything negative about a book . Luckily it’s a very entertaining read, a must buy for its target audience, and definitely something to consider for others. If you do wind up buying the book, buy it through Johnny’s refferal link, so that the maximum amount possible makes its way through to the AOET. If you wind up not buying the book because of this review, please consider donating or assisting the AOET directly.

This was a fun book to read. If you’re in a position where you have to worry about physical security, it will certainly open your eyes up to some of the threats. Most of the book is made up of stories of real-world situations and observations by Johnny Long, and they definitely entertain and inform. If it gets you to thinking about how people access your facilities physically, how attackers can gather information over the phone, and how your employees should protect themselves while
traveling, then the book is well worth its cover price.

If you are a penetration tester looking to expand your ability to attack physical security, there may be times when you’re left hanging and wanting more. Johnny occasionally (and intentionally) stops short of giving all the details needed for someone to do bad things. If you’re thinking adversarially, you’ll likely have to follow up on the information in “No Tech Hacking” with some supplemental reading and research. Where it lacks in detail, it does make up for in getting you into the right mindset to perform good reconnaissance and in-person ops.

If you’ve already read Johnny’s other book, “Google Hacking For Penetration Testers”, you may be disappointed to find out that 74 of “No Tech Hacking”‘s 280 pages are reprinted from the former book’s chapter, “Google Hacking Showcase”. This chapter also focuses more on screenshots and examples of dangerous things that have been found using search engines, rather than techniques for finding these things in your own organization. The author even admits that it’s not really no-tech, and while the material is interesting, it seemed a little out-of-place.

The book is written and formatted very informally, with plenty of photographs reproduced in-line with the text that describes and makes reference to them. For the most part, the photos are well-printed and it’s easy to see the point, although a handful might leave you squinting. Sometimes it feels like the book has been written as a transcription of notes from Johnny’s conference presentations on the topic, but the style of the book suits the content well.

To summarize, “No Tech Hacking” has a few flaws and might be a little rough around the edges, but it strikes an excellent balance between entertainment and information. I highly recommend it if you’re interested in an overview of threats to physical security. I’d also recommend it as a gift to someone who needs their eyes opened about these threats. A technical background isn’t necessary to follow most of the book. For those looking to add skills to their penetration testing toolbelt, my recommendation is weaker, but it is definitely worth looking at to see if it’s new material for you. It’s probably worth it just for the excellent stories and anecdotes .

If you’re wanting more of an idea about the book, here’s a video from last year’s Defcon, where Johnny Long presented on the topic. If you enjoy it, then it’s a pretty safe bet you’ll get a kick out of the book:

Once again, I have my hands on the newest issue of 2600 magazine, and I’m writing an article-by-article review. As usual, there are some interesting articles, some laughable articles, and some articles that are just plain bad. I hope you enjoy the review, and maybe it’ll inspire you to pick up a copy of the magazine and see how much entertainment you can get out of it .

The More Things Change…

In the introductory article, Emmanuel Goldstein reflects on 2600′s upcoming 25th year of publication. He makes some observations about how dramatically things have changed in computing and society, which are mostly right on. One interesting comment that he makes, that I’m not sure if I agree with, is that if 2600 started publication in 2008, rather than 1984, it would have likely resulted in them being branded as potential terrorists. I don’t believe 2600′s age has much bearing on how it’s percieved by the world, or to put it more directly: If someone wanted to call them terrorists, I don’t think they’d let 25 years of publication stand in their way.

Power Trip

I always love to discuss the disclaimers used in 2600 articles, and here we have a great example of the “anti-disclaimer”, complete with political commentary comparing the current administration with the Gambino crime syndicate. The purpose of OSIN’s article is to detect and record “secret warrantless searches” by using networkable cameras and wireless access points to set up monitoring for you while you’re away. This includes some information on how to use UPS’s to maintain power, in case your intruders cut power, and storing results locally, in case your network link is also taken down.

I’m not sure that it’ll do you much good, if you’re in a situation where you might be “searched” by the government, however the same principles would apply well to other kinds of intruders as well. This article might be of some interest if you’re setting up some home security, and you’re looking for ideas.

Building Your Own Networks

Casandro presents a summary of how one can create their own networks that span ethernet, wireless, and existing networks by using VPN tunnels. It’s difficult to cover a topic like this in only two pages, so while it serves as a good source of inspiration and ideas for someone new to this, it is by no means going to be the only thing they need to read to get started. Casandro does provide some scripts that should make things a little easier, and even invites people to contact him to tunnel into his own small network. Hopefully he won’t regret that .

Pirates of the Internet

This article starts off with black_death stating that his motivation for writing an article on piracy is because the one he read in 2600 in the Summer 2004 issue was so bad. The irony of this, is that this article is pretty awful too. While claiming to be “an active member in the warez community”, all he is able to accurately describe is the bottom-tier of the warez scene: p2p, torrent sites, rapidshare links, and warez forums. He does manage to plug his own warez forum, however: “kronikfilez.com”.

Telecom Informer

The Prophet’s short and informative articles on different aspects of telephone systems are always something that I know I’ll enjoy reading. This time, he presents a basic overview of the 911 system, and what happens when a 911 call is made. He includes some discussion of difficulties that 911 systems have with VoIP, wireless, and spoofed ANI. It’s well written, and easily understood even if you’re like me and you’re not an expert on phone systems.

Darknets

WillPC discusses the concept of darknets in a way that make them seem an awful lot like VPNs, but then goes on to link the Freenet Project and WASTE, which intend to develop private anonymous networks. While the purpose is stated as being to “swap information freely”, it’s pretty obvious through the rest of the article that the focus is on piracy.

Scanning The Skies

I used to really love exploring the different feeds available on analog C-Band satellite back in the early to mid-nineties. In this article, GutBomb gives some coverage to the sort of equipment you need to be able to tune into digital satellite feeds, and I have to admit that if I had a place to put a dish (currently living in an apartment), I’d be all for tinkering around with it. This article is well written and interesting, especially if it’s your first exposure to experimenting with satellite broadcasts.

Essential Security Tools

Gr@ve_Rose gives us the “where”, “what”, “when”, and “how” of a handful of useful network tools: nmap, amap, tcptraceroute, grass.pl, netcat, and ike-scan. amap is a little strange of a choice, as nmap currently has protocol/version probing with the “-sV” option, and I’m not sure what grass.pl (which the author of the article wrote) is able to do that netcat can’t. There’s an error in editing at the end of page 18, where it titles the next tool as being hping and gives a link to it, and the beginning of page 19, where it continues as a description of tcptraceroute. This is unfortunate, as hping would have been a great tool to cover here.

Decoding Experts-Exchange.com

Apparently experts-exchange.com used to encode answers to problems in ROT13, and Phatbot (with the excellent email address “chunkylover37@gmail.com”) demonstrates how to decode the text. There’s an editorial note that the trick no longer works due to changes in Experts-Exchange, so there’s not a lot of point left in this article. At least it’s short .

An Introduction to Beige Boxing

From the talk about red boxing, Palm Pilots, and harassing AT&T operators, this article by Erik Paulsen has the distinct feel of an article that’s been waiting 12 years or more for publication. Even back in the day, I never understood how soldering alligator clips to a phone required so much discussion. This is one of those times where it’s obvious that 2600 will publish anything that gets sent in, and might even hang on to it for a decade or so.

Hacking the Sandisk U3

Nothing you can’t find here. There are also much more advanced payloads that folks on the hak5 forums have written based off the findings that I posted here. This article by Mercereau demonstrates another obvious point about 2600: A lot of the research is not as original as it is presented to be and sources are rarely cited.

Exploring AT&T’s Wireless Account Security

This article by satevia discusses the access to customer information that AT&T customer service representatives have, and how that information might be social-engineered out of them with minimal knowledge about the account in question (it seems that a phone number and billing address is usually enough). The author claims to have worked for Cingular before the name-change, and it looks like that this is true, judging from his knowledge of how the call centers operate. There’s nothing hugely unexpected here, but it’s a good read, especially if you’re an AT&T customer, like myself.

Hacker Perspective

Every issue of 2600 has a “Hacker Perspective” article, where a well-known hacker is asked to write on a topic personal to their development as a hacker. This issue’s author is Rop Gonggrijp, who is unfamiliar to me, but seems to be very involved in the European scene, and a regular on the Off the Hook radio show. More importantly, he seems like a really great guy, and discusses his involvement in getting insecure voting machines taken out of The Netherlands’ elections without having to go too heavily into the politics of the situation. I really enjoyed reading this article.

(More) Fun With Novell

Cronicl3 gives us absolutely the worst article so far. This is your typical school-hacking article, except that it’s so comically bad that it manages to go the entire page without mentioning anything related to Novell.

PayPal Hurts

Estragon hits the nail on the head here with PayPal. They’re not a bank, and have their own rules and regulations that favor themselves above any other party in a transaction. When charges are reversed in a PayPal transaction, not only is the transaction fee lost, a reversal fee is also assessed against the recipient. There is very little protection for PayPal users who are not selling tangible goods. Estragon believes that this could be leveraged as a sort of attack against charities or political candidates that take paypal donations, and he’s probably right.

Facebook Applications Revealed

I have been curious about the security implications of the new-ish Facebook application API, and stderr does a good job of giving some examples of problems with current Facebook applications. The vulnerabilities presented in the three apps stderr covers are simple and not of much consequence, however the article is well written, and would serve as a good starting point to anyone interested in looking at simple problems of web security in general.

Declarations

The “letters to the editor” section is always worth reading for laughs and drama. A few gems from this issue:

• More binding drama, with the past issue falling apart in readers’ hands.
• A guy who wants to write an article about travelling forwards in time with a modified space shuttle.
• A guy talking about how you can mess with pacemakers with magnets and handheld programmers.
• A very indignant response to the hilarious “Hacking 2600 Magazine Authors”, which remains as one of my favorite 2600 articles that I’ve reviewed here. Agent Smith really hit a raw nerve with some people, apparently.
• Goldstein defending why he published the “Target: For Credit Card Fraud” article that I gave a particularly bad review of last time.
• “Please stop all subscriptions addressed to the facility listed above. This is a state hospital for civilly committed sexually psychopathic personalities and sexually dangerous persons…” LOL

Hacking Windows Media

Alt229′s article on removing the DRM from WMV files really made me happy that I don’t often have to deal with DRM. It seems like such a pain to have to install a fresh copy of XP and a specific version of Windows Media Player that can be attached to with a debugger. He provides all the tools necessary, and discusses a bit on how to use them, though, so if you’re caught having to deal with a restricted WMV, you might be able to do something about it after reading this article.

The Noo World

I always read the entirety of every article that I review for these posts, but I just couldn’t do it with this one by Agent5. I skimmed it, and I just can’t get myself excited about a writeup on various mind/mood/attention modifying drugs. I really hope that no one takes this article to heart and starts experimenting with these kinds of drugs without medical supervision.

Forensics Fear

This one’s probably the funniest article in the issue, because the author “Anonyous Chi-Town Hacker” makes a conscious effort to not mention the name of the company he works for, and the product in question, when it is obvious from the text that it is Guidance Software’s Encase Enterprise Edition. If you’re reading this review, go ahead and open that link in another window so they can get plenty of hits from this as a referral URL, because this guy is just begging for the “Hacking 2600 Magazine Authors” treatment. Basically, the software allows an organization to take remote forensic images and perform remote investigations on their computers. Neat stuff.

Transmissions

Dragorn talks about various issues with privacy related to browsing, searching, and using various web sites. There isn’t much new here, and it’s kind of boring .

Cracked Security at the Clarion Hotel

This is probably the first 2600 article that I’ve read where the author (in this case, Gauss VanSant) completely fails at accomplishing anything productive regarding wireless networks, and yet just randomly stumbles across something that someone else has hacked. Apparently, an XP machine in the hotel’s computer lab had been infected with a variety of keystroke loggers and remote access trojans. Not much to see here.

Building Your Own Safe, Secure SMTP Proxy

In this article, sail0r gives us a way around your organization’s limits on connecting to external SMTP servers. Whether or not you should be doing this is another question. The solution presented is to have a python script act as a local SMTP server, scp the messages externally, then send them from there, however it seems like an easier solution might be to simply tunnel the protocol over SSH.

Zero-Knowledge Intrusion

S. Pidgorny hits us with a pretty interesting, and mostly theory, article on how to evade IDS when launching an attack on an organization. He has good suggestions, mostly revolving around passive sniffing, connecting to the network only in ways that legitimate clients connect, and only generating traffic that legitimate clients would generate. It’s a good methodology for performing an attack, if that level of care is required. Similar in spirit to the “Tactical Exploitation” talk from the 2007′s Blackhat USA

Booting Many Compressed Environments on a Laptop

Scotty Fitzgerald has a pretty neat idea here. If you don’t have enough room on your hard drive for as many operating systems as you want to run, and you don’t mind a bit of overhead in time switching between operating systems, you can rig up a system where you compress images of different operating systems and restore them to your “working” partition whenever you wish to use them, using dd and gzip. Changes can be saved by compressing the partition back down into the saved image. Pretty clever.

Avoid Web Filtering with SSH Tunneling: Encrypted Circumvention

Tessian reminds us that it just isn’t an issue of 2600 without having yet another article on how to tunnel traffic over SSH. A fitting end to this issue.

For the summer issue of 2600, I decided to write an article-by-article review of the magazine, which you can read here. It turned out to be one of the more popular posts I’ve made, and it was fun to write. With this in mind, I’ve decided to do it again, with the Autumn issue that was released several days ago. One thing I can say about 2600 is that there’s a lot of content in each issue, so this is a long post :

Politics

In this issue’s introductory article, Emmanuel responds to one of the most common criticisms of 2600: that the magazine focuses too much on politics and runs light on technical content. You’ve probably heard this criticism before, from me, or someone else you know. Emmanuel defends the 2600 approach by stating that they will not prevent people from expressing their opinions, that these opinions are important to the hacker community, and they make the magazine what it is today. I can understand this, however I do think that the liberal slant the magazine often takes can alienate more conservative readers, or readers, like myself, that prefer to be presented the facts and form opinions for themselves.

I can’t deny, however, that it is what makes 2600 the magazine that it is.

VoIP Security: Shit or Get off the POTS

This article serves as a decent summary of the risks of implementing VoIP in an organization. Reid demonstrates some pretty good structure for his article, by having a separate section and summary for each risk. He recommends various tools, and it seems like it’s a good article for someone getting started in VoIP security.

Getting More Out of Your College Linux System

Silent Strider brings us the first article of this issue that really illustrates some reasons many people criticize 2600. We have a perfect combination of common 2600 themes: school hacking, a perception of being “better” than normal users with regard to policy, and advice that is so tinted by the writer’s experiences with one system that it’s of limited use to anything else. The article begins with some paranoia about trojans and keeping an eye on who else is logged onto the system, then moves into describing ways to avoid quotas and needlessly waste RAM by setting mplayer’s cache size too high.

The article can be summed up with one quote: “Remember, you are not an average user. Limits do not apply to you.”. I would recommend hanging onto this article so that you can present it to your school’s IT staff when they round you up for being a nuisance on school-provided computers. They may not realize that you are so above-average.

Social Engineering and Pretexts

This article, by Poacher, is in stark contrast with the one before it. Rather than showing you all of the stereotypical elements of a 2600 article, you get to see something you don’t see often in 2600 articles: an author that is in a position to know a lot about what he’s writing. Poacher describes his career, from being a store detective, to a private investigator, and gives a lot of great anecdotal advice and stories about social engineering along the way. He approaches the subject in a very realistic way, and I personally enjoyed reading it.

Telecom Informer

Another guy who is in a position to know what he’s writing about, The Prophet returns in this issue, like every other issue, with a well-written telecommunications article. While it’s not exactly insider-knowledge this time around, his discussion of the history and purposes of PBX systems and their significance to phone phreaks is entertaining. If you’re new to the topic, you’re sure to learn a bit.

Language Nonspecific: Back to Fundamentals

The most important message to take away form kn1ghtl0rd’s article is that once you have learned how to write code in one language, it’s much easier to pick up other languages. On this, his main premise, I agree. I do, however, disagree with many of the points and statements used to support it.

I do not feel like there’s the sort of animosity or “divided front” between .NET programmers and the rest of the world, outside of people arguing on the Internet. The examples, while basic, discuss concepts that are not going to be understood by the target audience: people who are deciding on a first language. Some statements, such as “Every data type, whether they are integers or strings or Boolean, are all classes.” don’t apply to all languages in the way he’s implying. Others, like “a computer program ends up being the same thing after compiling, no matter what language you are using.”, are just plain wrong.

It’s an article with a good idea, but put together more as a rant than actually illustrating the ease one can go from one language to another.

Front Door Hacking: Redux

Darkarchives continues where an article written by Cliff leaves off. Yes, the same Cliff that brought you the “Discovering Vulns” in the last issue. Yes, the same article that a locksmith poked at disapprovingly in the last issue’s letters to the editor.

If you don’t already know about “bump keys”, this article isn’t going to be of much help, other than a pixelated and unlabeled drawing of one. There is some discussion of a “minimal movement” method, but the majority of the rest of the article is a warning to not bump an in-use lock (you’ll screw it up), what to hit it with (a screwdriver), and a recommendation on what lock brand to try it on (Kwikset).

If you absolutely needed another article on bump keys, then I suppose this is alright. It doesn’t seem to further the art or illustrate anything new, though.

A Penny For Your Laptop

Atom Smasher demonstrates a very simple vulnerability in the Kensington Micro-Saver Notebook Lock. Apparently it can be unlocked very simply, quickly, and without destroying the lock or computer by using a coin to add tension, and spinning the dials until they stick. I don’t have the lock, so I am not able to verify that it works, but the article is clearly written, informative, and he even suggests a solution to the problem.

The RIAA’s War on Terror

Glider’s article reads like an extended mix of a Slashdot story comment, telling someone how they should do business. If RIAA moves slow, it’s because they’ve figured out that they’re making penty of money moving the way they are. This article has the bonus of comparing RIAA tactics to those of the current administration’s War on Terror. Never mind how accurate that comparison may or may not be, it will certainly strike a chord with 2600 readers that follow the politics of the magazine.

I’d personally rather see an article focused less on telling the RIAA what to do, and more on telling people how they can shift their support towards artists that don’t fall under the RIAA. Empower people to make a choice.

Free Files from Flash

Dieseldragon does a pretty good job of demonstrating how easy it usually is to rip media files that Flash-based players on the web use. It’s a little sparse on details, and he gets a little confused about the .flv format, but it’s not hard to follow, it’s an easy trick, and it’s hard to cram much into a short article. This article is a good demonstration of the usual 2600 flip-flop disclaimer. Let’s follow along, with some commentary:

• “Please don’t steal copyrighted works.”
  • Ok. Fair enough.
• “If you like to download music, please consider this method…”
  • Wait, but…
• “(And buy the CD for copyright/royalty purposes of course!)…”
  • Oh. Of course! Wait… if you buy the CD, you could just rip your own mp3 copy of a much higher quality (a lot of flash is dirty 64kbps mono)
• “F-you to Apple iTunes for ripping artists off much worsethan bedroom pirates and ‘those hackers’ ever did!”
  • iTunes has a lot of catching up to do to be on part with pirates. I’m not sure how that’s supposed to work anyway. I don’t see how you can be ripped off much worse than having your stuff downloaded with no compensation at all.

Target: For Credit Card Fraud

“Anonymous”, a former employee of Target, discloses a whole host of problems with the stores’ networks. The author claims that the Target wireless network is only protected by WEP, and that everything on that network has very obvious passwords with very open access to anything. He asks the reader not to do anything malicious with this, but not before giving a road map to the credit card transaction data stored on the registers. He even provides a batch file for gathering the payment data from the logs.

You know who else is likely to be sifting through logs right about now? Target admins.

How to Get More From Your Sugar-Mama

There are a lot of short, one-page articles this issue. In this one, gLoBuS reveals how to cheat Virgin Mobile’s ad-supported free minutes program, as well as how to send free text messages through one of Virgin’s web interfaces. Not the most altruistic or educational articles, but at least he’s not stealing credit card numbers like the previous author.

Owning UTStarcom F1000

Wifi VoIP phones are really cool. I don’t own one, but I might get one to play around with one day. ZiLg0 does a good job of giving an overview of how to unlock this specific model, and presents some references to more information. I had no idea you could buy these VoIP phones locked into specific providers, but it’s nice that there’s instructions like this for opening them up.

Hacker Perspective: You

This issue, instead of having an article written by a well-known hacker, Emmanuel sent out surveys to all of the subscribers of 2600, in order to try to demonstrate what the readership is like. The results are interesting. Several statistics about the responses are discussed, followed by the write-in comments of many responders taking up the rest of the article. It seems that there are just as many people who feel the magazine should be less technical and focus more on politics as those who feel the opposite way.

It really only represents the 15% of subscribers who could be bothered to fill it out and pay postage to send it back, but it’s an enjoyable read.

Hacking 2600 Magazine Authors

This is absolutely my favorite article in this issue. Agent Smith is a security guy at a company that was the focus of an article in a previous issue. In that issue, an author that Smith refers to as Neo revealed a vulnerability in Smith’s company, without first disclosing those vulnerabilities to the company in question. Smith gets the feeling that the article was written by an employee of the company and proceeds to investigate and find out who it is, through some clever investigative googling. It resulted in a firing and a visit by the feds for the original article’s author.

This had me laughing hard. It’s a perfect example of how bad operational security on the part of the bad guys often makes an investigator’s life pretty easy. I also enjoyed it, because at least I know now that I’m not the only guy who googles up 2600 authors just to see if they’re as anonymous as they think they are (most aren’t).

Designing a Hacker Challenge

Remember the scene in “Hackers”, where Crash Override and Acid Burn are trying to figure out who’s the best, and so the rest of the gang sets up a points-based challenge? Glutton is reliving that moment for us, with a hacker challenge he has designed to help you and your crew find out who is the best, and who dies like the rest. I can hear The Prodigy’s “Voodoo People” right now.

This is an unintentionally hilarious read, not to be missed. Be warned that it might land you in jail if you actually attempt some of the tasks. The author does state that you should not break laws for personal gain, or if you have a wife and/or kids dependent on you. Remember “Glutton”, because he’ll pop up later in the issue.

Hacking an Election

Dagfari, a former employee of Elections Manitoba, gives a good description of how provincial elections work in Canada. This is something I know nothing about, being in the southeastern US, so I thought it was interesting. There’s a little discussion of the technology involved, but the hack itself is not technical. Instead, it involves having corrupt people in charge of enumerating (registering) voters in each area. I’m not sure how feasible the attack is, but it’s well written.

How to Cheat Goog411

PhreakerD7 demonstrates how to make free calls using Google’s free 411 service (1-800-GOOG411). Google’s 411 service will connect you to businesses that it locates for you for free, and anyone who has a Google account can create a business listing. Therefore, free calls can be made through Google’s 411 by creating and modifying a business listing, and searching for it with the 1-800 number. It’s a clever trick, and the article is definitely of interest to anyone into phreaking.

Yammering

The letters to the editor are always very entertaining. It’s mostly people just like the article authors, only all pretenses of writing an article have been dropped. This month we have, among others:

• A long rant about a husband checking up on his unfaithful wife
• A recommendation for an anonymous email site that I might write a bit about in another post
• Jason Scott, the hoarder of all text files and BBS nostalgia, calls out Glutton (“Hacker Challenge” guy) for writing a crap article on the bad shape the text-file scene is. The icing on the cake is that, in turn, Emmanuel lays into Jason for insulting the magazine and its writers. No telling what he’d think about my reviews.
• A letter calling out Cliff for his article on bump keys, making this two issues in a row, followed by a letter from Cliff defending himself, with the atom bomb of counter-criticism, in essence: “Why don’t you write something?”.
• A guy who pulled an FBI GPS tracker off his own bumper

Hacking the Buffalo Air Station Wireless Router

Wireless routers have default username/passwords! I doubt you’re very surprised by this. You can pretty much skip this one by Donoli.

The Thrill of Custom Caller ID Capabilities

This article, by krt, is supposed to present some of the things that are possible, if you have Caller ID spoofing set up. Unfortunately, it’s difficult to read and lacks any amount of detail. I’m pretty sure this is the sort of article people in the write-in survey were talking about when they complained about technical jargon.

Securing Your Traffic

Every couple of issues, there’s an article on how to tunnel all of your traffic through SSH, written by someone (b1tl0ck, this time) who wanted to access the internet from work without being filtered or spied on by the IT staff. This one’s not bad, although it’s lacking in detail. Network admins, set up some rules to detect outbound SSH on weird ports to look for people doing this .

Transmissions

Dragorn discusses, briefly, the ethical implications of using open wireless access points, and then goes into the legal aspects of it. He cites several real cases and quotes from the laws that apply. There’s even a references section at the end! It’s not heavy-handed or slanted, and as such, is well worth reading.

Hacking the Nintendo WiFi USB Connector

I really enjoyed this article too. MS3FGX is very clear on how to modify drivers and software for this device to unlock its use as a general purpose USB WiFi device and access point. It reads well, the instructions are easy to follow, and the screenshots are very clear. I’m impressed to see that it can be used as a packet source for Kismet, and once there’s solid support for Master mode in Linux, I may pick up one.

Fun With International Internet Cafes

Route tells us a story of how he disabled the timer on an Internet cafe computer by removing it from the startup entries and rebooting. The software for this cafe was so bad that if you ran out of time in the middle of something, it would lock you out, and whoever logged in next would resume your interrupted session. No big surprise that there were so many problems with security, although that would depend on how well the systems were monitored physically (apparently not very well). The story is entertaining, but I’d imagine it would be of little use unless you run a system like this.

The Trouble With Library Records

Barrett Brown presents a bit of history behind INNOPAC, a popular library management system, which was interesting. I wasn’t very surprised by the vulnerability disclosed (employee logins over telnet), although maybe it would be interesting to someone who hasn’t had first-hand experience with similar systems. At least it’s easy to mitigate for the people who implement and administer INNOPAC systems. A bit of googling reveals that Barrett is the first and only author in this issue to actually use his real name other than an alias, which is very cool.

The Life and Death of an American Help Desk Agent

Geospart’s article is more of a rant than anything, however it’s a well-written rant. I would recommend anyone that’s interested in going into tech support give it a read. He gives a good summary of the different tiers of support, and does name names for a couple of the different companies he has worked for. Support has its own culture, will never be fair, and will always be about making money with as few resources as possible.

Every few months or so, I find myself reading the new issue of 2600, The Hacker Quarterly. It’s not a great magazine, or even a good one sometimes, but even if there are no useful articles or projects to tinker with in it, I always get enough laughs out of it to make it worth picking up. This time, I’ve decided to write an article-by-article review of the issue, to give you an idea of what usually shows up in 2600.

Remaining Relevant

Emmanuel discusses the changing landscape of hacker culture. I’ve often made a similar point to his: The hacking “scene” used to be about gaining access to systems and networks for the purposes of experimenting and learning about things that would have normally been inaccessible. Nowadays, with cheap computers, free operating systems, and widespread internet access, it’s hard to justify unlawful intrusion. Now, don’t think for a minute that this sort of logic stops the authors of the more ridiculously malicious articles and letters that you’ll see in 2600. More on those in a bit.

Discovering Vulns

2600 will publish anything. This is part of the spirit of the magazine, giving everyone a voice, however it puts the burden of separating what’s good and what’s bad onto the reader. Unfortunately, the reader is not always a good judge of this, especially if they’re new to a topic.

This article is written by “Cliff”, and is very poorly researched and written. He jumps back and forth between the perspective of discovering vulnerabilities and writing secure software, and he has a fascination with causing applications to use up CPU time. He refers to this as a form of exploitation as “Starve of Oxygen” and “Slow to Craw”. These join the ranks of many other terms and phrases he simply invents. He demonstrates a clear lack of understanding when it comes to SQL injection, and pretty much every other topic he covers. There is some evidence that he’s experimented with web apps (mentioning Tamperdata when talking about Javascript validation), but not much beyond that. He qualifies his lack of detail upfront by stating that he’s covering “methodology” instead of “script-kiddie examples”, but do not be fooled into thinking that this is anywhere close to the methodology a real vulnerability researcher uses. It’s more likely a grab at getting the free subscription by having an article published

Fun quotes:

• “Users are dumb, all of them. If they weren’t dumb, they’d have written the app themselves, so assume they’re dumb.”
• “…we may be able to get some secrets out by putting some weird stuff in (technical name here is SQL Injection).”

The Shifty Person’s Guide to Owning Tire Kingdom

This is probably one of the most unapologetically malicious articles I’ve ever seen published in 2600. This one doesn’t even start with the “don’t really do this” disclaimer that these articles usually have. The author demonstrates pretty intimate knowledge of Tire Kingdom’s configuration, indicating that he either works there, or worse, has actually pulled this stunt.

The process of “Owning Tire Kingdom” seems to be a week-long epic adventure. It’ll also require a lot of nerve from people who want to follow along, as it involves a lot of personal contact, social engineering, and sitting at the actual terminals in the store. If successful, there’s the collateral damage of taking an entire store in the chain offline for some time. There’s also a prison sentence in it for you, especially if they’ve fallen for this before and see some of your tricks coming. Even if they haven’t seen it before, most of what you’d be doing is pretty suspicious.

None of it is really that useful or applicable to anything else, so it’s hard to imagine a good reason for publishing it. It would be funny to see some kids getting caught trying to duplicate the author’s efforts, though.

Fun quote:

• “…then grab a phone and walk it around a corner for some privacy.”

Enhancing Nortel IP Phones with Open Source Software

Ariel Saia comes through with one of the good articles in this issue. He uses DD-WRT with OpenVPN to use an IP phone at home as an extension of his office phone system. It’s short, simple, and well written. It’s probably nothing new for VOIP-heads, but for the rest of us it’s pretty good

Telecom Informer

This is a regular segment written by “The Prophet”, a telecommunications insider that typically relates some fun knowledge to the reader. This time, it’s about SMS Short Code numbers and the scams that typically revolve around them, with some historical perspective presented of 900-number and long-distance carrier scams. It’s a very fun read.

Deobfuscation

Kousu writes a pretty good article on reversing the obfuscation that SourceCop applies to PHP code. It’s neat, easy to follow, and very similar to some of the deobfuscation articles on the Internet Storm Center’s blog. He has a unusually strong hatred for obfuscation, calling it “nauseating” and “as evil as ASCII can get”, but it’s a good introduction to the topic if you’re interested, and should be easy to follow along with if you get your hands on something obfuscated with SourceCop.

This is also the first appearance of the typical 2600 writer’s ineffective disclaimer in this issue. This time it’s “Boilerplate: I don’t officially condone any of these activities, of course. Use your own judgment.”

Getting 2600 The Safe Way

Alright, after a few good articles, it’s back to some lulz! “daColombian” is super-paranoid about buying 2600, and is even afraid to check the website for new issues, lest his network admin finds it in the logs or whatever. So his trick is to use his personal web site to display the cover image to him, so he can tell when the new one is out. He presents a small ASP page that does this (and grabs the latest Dilbert comic!), but there’s a flaw in his plan: the image is hotlinked straight from 2600.com. If the network admin actually monitored his web access, he’d notice the 2600.com traffic anyway.

Fun Quotes:

• “I live in a very small town where everyone knows everyone’s business and I can only imagine the uproar that the arrival of 2600 would cause.”

Fun at the Airport

Evil Wrangler presents a number of ways that terrorists could get past TSA checkpoints at an unnamed major airport, most of which would result your immediate arrest once you’re spotted on security cameras. Some of the scenarios are pretty ridiculous too. I’m not sure why terrorists would want to lob explosives into the secured area from the mezzanine, when they could get the same people while they’re waiting in line outside of it. He spots security cameras hooked up to wireless routers and assumes that they’d be hijack-able over X10 (if he’s got his terminology correct with “router”, it implies that these things are talking 802.11).

Basically, if you’re not Bruce Schneier, there’s a decent chance you don’t know what the threats and risks really are when you’re talking about airport security.

Hacking Xfire

I don’t really know a lot about XFire. It apparently keeps track of how long you’re playing specific PC games and publishes this data online. Why? I’m not sure. I don’t want anyone knowing how much time I’m wasting personally . Akurei was disappointed with the fact that XFire doesn’t log the amount of time he spends in the development suites for NeverWinter Nights 1 and 2, so he figured out a way to modify XFire’s ini file to trick it into logging those processes as well.

Hacker Perspective

This is another recurring feature, written by a different author each issue. This time it’s written by Mitch Altman, who developed a device, TV-B-Gone. TV-B-Gone is a keychain device that bursts out infrared codes for turning off many different models of televisions. It seems like a very passive-aggressive approach to imposing your dislike of TV on others. Personally, I like watching Hell’s Kitchen each week, and don’t mind dropping an hour or two here and there on entertainment.

This article really isn’t about that, though. It’s a well-written story of how he got to where he is, and I enjoyed it.

Fun Quote:

• “Wiring the basement for sound with the homemade stereos I built was important for listening to Pink Floyd’s Dark Side of the Moon really loud, way high on pot (from the homemade electronic bong I made), meditating on fixing myself so that other people might actually want me around. That brings me to what really saved my life. Pot.”

Valuepoint

“Sidge.2″ and “Bimmerfan” disclose some serious flaws in the Valuepoint wireless network service offered by many hotels. The entire administrative interface seems to be wide open to anyone who punches in the right URLs, which can be found in the JavaScript source of the pages on the gateway. The authors do a good job of explaining what’s wrong, and even disclose the name of the hotel in Vegas where they found the problem.

I wonder how long that lasted, with Blackhat and Defcon in the area this past week and weekend .

Internet Archaeology

Folks really ought to take more credit for their accomplishments. Here we have a nice, short writeup of how to gather historical/hidden information from websites using archive.org’s Wayback Machine. The author, however, uses the pseudonym “ilikenwf”. Is NWF a wrestling thing?

At the end of the article, he gives a link to his forums, on his personal website, so he’s not trying to keep his name out of the public eye or whatever. While I can understand Mr. Felony not wanting to take credit for the Tire Kingdom article, it’s strange to see all of the non-sociopath articles that are written under pseudonyms. I guess it’s an old school BBS kind of thing.

Hacking Answers by Gateway

“Franz Kafka” used to work as a phone-jockey for Gateway and reveals how to get help from them for troubles with pirated software. The trick is: Lie about it! According to Kafka, this same groundbreaking technique also works for getting Gateway’s help with disabling BIOS and Windows passwords.

If you can’t use pirated software without having to call someone else up for support, perhaps you should spring for a legitimate copy. 2600 gives out free subscriptions for articles like this!

Fun quote:

• “I have parted ways because my colleagues have a different mentality about hacking than I.” Apparently, so do I.

Opinions

“Opinions” (compared with the cold hard facts in the rest of the magazine ) is probably better described as a “Letters to the Editor” section. It’s huge, and one gets the impression that, much like the articles, almost every single coherent letter is printed. This is usually my favorite part of the magazine, since you have a good blend of crazies, people calling out the authors of articles on their mistakes, and paranoia. Here’s a rundown on what you will find in this month’s issue:

• Seven letters about the printing and binding of the issues. The text is too small, the ink rubs off on my fingers, I liked the staples better, etc. etc.
• Crypto-nut dthorn responds to all of the people who are criticizing his “Algorithmic Encryption Without Math” article and algorithm. He honestly believes that if you read his work you’ll find “things Bruce Schneier doesn’t want you to know.”
• Two letters in response to a previous sociopath-of-the-month article on stealing library books. Maybe once you’ve cracked that, you can start stealing candy from blind kids.
• Apparently, “Cliff”, who wrote the awful article on “Discovering Vulns” this month, wrote an article on bump keys, because there’s a letter here from a locksmith who’s disappointed with that article as well. “Cliff makes up a lot of terms”… sounds familiar.
• Letters from people who have hacked their way past content filters at school. Back to studying, you kids

VoIP Cellphones: The Call of the Future

Toni-Sama presents a short summary of the different technologies being used to implement Voice over IP calling for cellphones. It is informative if you’re interested in that sort of thing, but there’s nothing too technical here. Mostly just a list of what acronym-laden services each provider is or will be offering.

Pandora Hack – Get Free MP3s

SickCodeMonkey describes a way to download MP3′s that are streamed to you by an internet radio station. I haven’t tried it out, but it seems like a lot of trouble to go through for one song at a time. I believe I remember the guys at the Hak5 forums having a more automated solution for this. Personally, I’d recommend archive.org’s live music archive, which has more great music than you could ever listen to, without having to worry about the RIAA sending your ISP letters.

Adventures in Behavioral Linguistics

Neuro-linguistic Programming. Marxc2001 certainly seems to think he knows what it’s all about and describes it fairly well. Personally, I think that confidence and planning are more critical to the success of good social engineering attempts, but if subscribing to the tenets of NLP helps someone with their confidence, more power to them. Personally, most of my exposure to NLP has been from the sort of people who are wishing really hard to have “Jedi mind tricks” in real life.

Transmissions

“Dragorn” gives some pretty good advice for improving your operational security in situations where you should be more paranoid. He advises you to run potentially vulnerable software (such as your web browser) as another user that has no access to your private data, which is a pretty good idea (although may not be convenient for you). He also advocates the use of whole-disk/partition encryption, which I agree with, so long as you understand that once the password is entered and the disk is mounted, it’s wide open to whatever processes are running.

An ISP Story

Another phone-jockey (for an ISP this time), relates a story about trying to help someone who is continuously having their account compromised by unspecified MSN exploits. He couldn’t do much, and neither could the people he telephoned at the attacker’s ISP. Service providers simply can’t afford to hire the sort of security experts/technicians that would be required to investigate all incidents like this. Efforts should be placed on locking down the victim’s setup, and prevent future incidents.

Hacking Whipple Hill with XSS

“Azohko” presents a cross-site scripting vulnerability in some school schedule management software by Whipple Hill. This isn’t anything different from the usual XSS you would see on full-disclosure every day, although at least the vendor was notified and they attempted to fix it (badly).

Haunting the MS Mansion

I wasn’t aware of it, but apparently the Norton Ghost 9 bootable CD is based on Windows XP. “Passdown” describes how useful this can be when doing (very simple) recovery of Windows systems, especially those using NTFS. It seems like a pretty decent alternative, if you can’t convince a Linux LiveCD to do what you want.

Reading ebooks on an iPod

“DBTC” covers a few different options for converting long text files into multiple linked “Notes” for viewing on an iPod. This works, but from personal experience, I’d have to say it’s not a very pleasant way to read something. The limitations of the notes system to 4,000 characters or so per file, and the small screen are a bit too much for me.

Java Reverse Engineering

I was really looking forward to reading this article, when I looked at the Table of Contents. Unfortunately, other than telling you to use a Java decompiler, there’s not much real reverse engineering going on here. “quel” spends a couple of short paragraphs on the actual reversing process, and he winds up being more cryptic than the decompiled code itself. The majority of the article is spent on printing the source code to a key generator for Zend Studio, the application being reversed. This article is probably of more use to people who want to pirate Zend Studio than it is to those who are actually interested in reverse engineering Java applications.