Im sure alot of you are familar with 2600 Hacker Quarterly, anyone a part of the groups?

[whisper]

I met Emmanuel Goldstein once. That's it. Oh, I buy almost every issue (cash of course ).

[/whisper]

hehe right on rob, i dont know anything about it either.

2600?!? Oh, like the old Atari's...
Nah, don't know nuthin about them thought the tone of your message is a bit touchy.

> 2600?!? Oh, like the old Atari's...

Not quite. In the early days, a 2600hz tone would allow you to get free phone calls (called phreaking). This was one of the first major building blocks of the hacker "culture".

http://www.navyrelics.com/tribute/phonephreaking.html

2600?!? Oh, like the old Atari's...
Nah, don't know nuthin about them thought the tone of your message is a bit touchy

Erm, I suspect the Atari reference was a joke...

Semi-unrelated... I get a newsletter from Wired in my email, and there was a story yesterday about the NSA and SELinux. Pretty disturbing. Here is the link...

http://www.wired.com/news/linux/0,1411,53004,00.html

Stahi

What is disturbing about it ?

I used to frequent the Vancouver meetings. They degraded somewhat so I havn't attended for a while. I have heard they a decent again now.

Several years ago, I hung out with several people who were regular attendees at 2600 meetings held in St. Louis, Missouri . I honestly have no idea if they even still hold regular meetings here or not. One buddy of mine says he went to a 2600 meeting last year, and won't ever go back. Something about another attendee trying repeatedly to turn him in to authorities for pirated software; simply because he mentioned he could probably get ahold of a copy of a program for someone else there.

I get the idea 2600 meetings have become a haven for "wanna-bes" who feel like they're in the techno-elite by attending, and party-crashers thinking they can do their part to get some big hacker put in jail by attending, and then ratting on people.

ya ive started to go to a few on the SF meetings, geeks :-P not that im not one, but they are a differnt breed.

ya ive started to go to a few on the SF meetings, geeks :-P not that im not one, but they are a differnt breed.

I attended one meeting of the Manchester 2600 because it was right next to work and I think I stayed for all of 30 mins. The meeting seemed to be full of conspiracy theorists. I made the mistake of saying I worked for the BBC and one guy went off on one about the BBC keeping records of people without television licences like it's some horrendous Big Brother thing.
The main topic of interest was chipping and cloning mobiles. Other than that it was a mind numbing experience of endless conversations about CCTV cameras and opening up BT boxes on the street trying to unlock the secrets of the phone network.
I won't say any more as I don't want to offend any 'powerful' people and find a horses head in my bed in the morning!

Well um let's see... the fact that they are writing security software. I would bet you big big money that there are more backdoors in that thing than you could imagine. I don't have anything to hide per se, but I don't think using software that is perported to be secure (against everyone except the NSA) is something I will plan on doing anytime soon. You know that it is watered down if it was all that secure, you would have to affirm that you are a US citizen similar to the PGP download on MIT's server. PGP fell under the juridiction of ATF and was considered a munition. I have heard rumors that terrorists have been using it. If this NSA thing was as good as PGP they wouldn't allow free distribution from their OWN website.

Just my opinion...
StaHi

The vancouver meetings had a real wannabe problem a couple years back which is why I stopped attending. A friend of mine swang by for the last one thou and said it has come back to normal.

They were good meets before. There are quite a number of talented people in vancouver. That and we would all go down to a local pub after the meet which worked out quite nicely.

Can someone explain the point of hacking a phone? Is 35 cents for call really that expensive? Or is it just the neato factor of it? I guess tapping into the president's phone line would be kind of neat.

there reslly no point, its kidna fun thou my friend and i got into cisco's lines here in town and forwarded them to the AFC building. pointless yet, but it sure was a rush..

"Hacking" is fun. When I got caller ID, Bell Atlantic gave me a box with a 25 caller memory. Some guy wrote an article in 2600 that told you how to make that exact box hold 99 calls. Mind you, this was as simple as cutting a trace on the PCB. Those Bell b^stards give you something capable of 99 call memory, but cripple it to 25. WTF is with that? The phone company deserves everything they get.

That said, I am not a hacker/cracker. I am just a loser that reads 2600 for personal entertainment and gratification.

Aw, heck... are you serious, or are you trolling?

the fact that t[the NSA] are writing security software. I would bet you big big money that there are more backdoors in that thing than you could imagine.

I rather doubt that. There are two scenarios that could happen -- the NSA is writing the secure linux for themselves and other government departments, and/or they're writing it for public distribution. If it's the first, and not meant for public distro, then you can bet your sugar coated butt cheeks that they're not going to put any backdoors into it, but who cares if they do anyway? If it's the second, then they are required to publish the source code according to the GPL license (on a side note, you can only get the source code from the website -- no binaries are distributed that I'm aware of). Now their distro is completely free to be examined for backdoors. Also, consider who would want to use a secure distro -- security freaks, other governments, conspiracy nuts, etc. These are the types who wouldn't blindly accept that the NSA's distro is perfectly secure, and would go over the source with a fine tooth comb anyway, if only to expose an NSA backdoor -- think of how embarasing such a revelation would be for the US government. Furthermore, the SELinux project is open to participation by anyone, not just the NSA employees that started the project.

Now look at the state of current distros -- most of them, in their install from the box state, are horribly insecure. Either you can already make such a distro secure on your own, in which case you won't need the NSA version anyway, or you kludge together something that still leaves holes, or you don't have a clue about security and you leave your box gaping wide for any script kiddie that runs across your IP address. If one of the last two are the case, the NSA can still break into your box, SELinux or not, and have no need for backdoors. So then suppose you say -- oh, here's this NSA secured linux, I'll install that instead. Even if the NSA does have backdoors, you've stopped the casual hacker from rooting your box, so you're still miles better off than you were before.

if it was all that secure, you would have to affirm that you are a US citizen

Oops. I just clicked Yes, even though I'm not. And really, if you carried your backdoor theory to its logical conclusion, the NSA would encourage people in other countries to use it so they can spy on everyone.

PGP fell under the juridiction of ATF and was considered a munition.

Yes, it was considered a munition. It wasn't just PGP though, but the export of all strong crypto algorithms asd implementations that was illegal. That's no longer the case. After 9/11, there was talk of putting strong crypto back on the munitions list, but I believe that was quietly dropped when they figured out closing the barn door after the horse has left isn't going to do a world of good. Compound that with the fact that strong crypto is available freely from any number of sources who don't give rat's puckered sphincter about the US munitions export laws, and you can see that it was a pretty futile and unenforceable law anyway.

I have heard rumors that terrorists have been using [PGP].

Rumours? I'd expect them to use it -- they'd be fools not to use some crypto method. I know I sure as heck would if I were involved in that sort of activity. If you're looking for unstubstantiated rumour about what the terrorists do, try the steganography theorist camp next door -- that one's at least an interesting rumour.

Cheers,

Edit: oh, wait... there are binaries of SELinux available on sourceforge along with the source.

Is 35 cents for call really that expensive?

No, but the daily 4 hour long long-distance calls to the other side of the world are. I know of more than one person who've had $1000+ phone bills in a month -- none of them hackers, none of them calling pay-per-yank type services...

Or is it just the neato factor of it?

That too. And the bit about putting one over on the Big Corporation gives sem people a thrill, too. Then there's the ego trip that gets some people -- you say I can't, I say I can and will or die trying.

Now look at the state of current distros -- most of them, in their install from the box state, are horribly insecure.

I realize that you're talking about Linux here, and you're right, but just to drop names, I thought I'd point out OpenBSD. Definitely not a Linux, but likely one of the most well secured Unices out there, including commercial ones. You probably already know about it, but there may be others who might not who might be interested.

OWL linux is pretty hardcore also.

And there is Gentoo (no services by default). It is quite nice. You build the entire system from source so installing takes a while but it is quite brisk when you are done.

I realize that you're talking about Linux here, and you're right, but just to drop names, I thought I'd point out OpenBSD. Definitely not a Linux, but likely one of the most well secured Unices out there, including commercial ones.

Yeah, I had forgotten about the BSDs when I posted. I had considered using OpenBSD for my firewall machine, but decided to go with the homogeneous network to save me time and trouble.

I was on TV with John Drake, the UK correspondent for 2600... this was back in '87 though. Oh, and I had a mask on and my voice dubbed too. Hacking VAXes, if you must know.

Ahh, misspent youth & all that

Hugo

Ahh, misspent youth & all that

Ah yes, but I'd say that misspent youth worked out pretty well, no?

Can't really complain, no

Hugo

This is strictly my opinion, but I'm not fond of pederasts. *Ahem*. And thats what Emmanuel Goldstien (Eric Corley) is.

eewwww!