would enhance and protect the democratic potential of new computer
communications technology. From the beginning, the EFF determined to
become an organization that would combine technical, legal, and public
policy expertise, and would apply these skills to the myriad issues
and concerns that arise whenever a new communications medium is born.

Memberships are $20.00 per year for students, $40.00 per year for
regular members, and $100.00 per year for organizations.

The Electronic Frontier Foundation, Inc.
1001 G Street, NW
Suite 950 East
Washington, D.C. 20001
(202)544 9237
(202)547 5481 FAX
Internet: eff@eff.org


Free Software Foundation (FSF) and GNU
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Free Software Foundation is dedicated to eliminating restrictions
on people's right to use, copy, modify, and redistribute computer
programs. We promote the development and use of free software in all
areas using computers. Specifically, we are putting together a
complete, integrated software system named "GNU" ("GNU's Not Unix",
pronounced "guh-new") that will be upwardly compatible with Unix.
Most parts of this system are already being used and distributed.

The word "free" in our name refers to freedom, not price. You may or
may not pay money to get GNU software, but regardless you have two
specific freedoms once you get it: first, the freedom to copy a
program and give it away to your friends and co-workers; and second,
the freedom to change a program as you wish, by having full access to
source code. You can study the source and learn how such programs are
written. You may then be able to port it, improve it, and share your
changes with others. If you redistribute GNU software you may charge
a distribution fee or give it away, so long as you include the source
code and the GPL (GNU General Public License).

Free Software Foundation, Inc. Telephone: +1-617-876-3296
673 Massachusetts Avenue Fax: +1-617-492-9057
Cambridge, MA 02139-3309 USA Fax (in Japan): 0031-13-2473 (KDD)
Electronic mail: gnu@prep.ai.mit.edu 0066-3382-0158 (IDC)

GNU is to be a complete integrated computational environment:
everything you need to work with a computer, either as a programmer or
as a person in an office or home. The core is an operating system,
which consists of a central program called a kernel that runs the
other programs on the computer, and a large number of ancillary
programs for handling files, etc. The Free Software Foundation is
developing an advanced kernel called the Hurd.

A complete system has tools for programmers, such as compilers and
debuggers. It also has editors, sketchpads, calendars, calculators,
spreadsheets, databases, electronic mail readers, and Internet
navigators. The FSF already distributes most of the programs used in
an operating system, all the tools regularly used by programmers, and
much more.


The League for Programming Freedom (LPF)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The League for Programming Freedom is an organization of people who
oppose the attempt to monopolize common user interfaces through "look
and feel" copyright lawsuits. Some of us are programmers, who worry
that such monopolies will obstruct our work. Some of us are users,
who want new computer systems to be compatible with the interfaces we
know. Some are founders of hardware or software companies, such as
Richard P. Gabriel. Some of us are professors or researchers,
including John McCarthy, Marvin Minsky, Guy L. Steele, Jr., Robert S.
Boyer and Patrick Winston.

"Look and feel" lawsuits aim to create a new class of government-
enforced monopolies broader in scope than ever before. Such a system
of user-interface copyright would impose gratuitous incompatibility,
reduce competition, and stifle innovation.

We in the League hope to prevent these problems by preventing
user-interface copyright. The League is NOT opposed to copyright law
as it was understood until 1986 -- copyright on particular programs.
Our aim is to stop changes in the copyright system which would take
away programmers' traditional freedom to write new programs compatible
with existing programs and practices.

Annual dues for individual members are $42 for employed professionals,
$10.50 for students, and $21 for others. We appreciate activists, but
members who cannot contribute their time are also welcome.

To contact the League, phone (617) 243-4091, send Internet mail to the
address league@prep.ai.mit.edu, or write to:

League for Programming Freedom
1 Kendall Square #143
P.O. Box 9171
Cambridge, MA 02139 USA


SotMesc
~~~~~~~
Founded in 1989, SotMesc is dedicated to preserving the integrity and
cohesion of the computing society. By promoting computer education,
liberties and efficiency, we believe we can secure freedoms for all
computer users while retaining privacy.

SotMesc maintains the CSP Internet mailing list, the SotMesc
Scholarship Fund, and the SotMesc Newsletter.

The SotMESC is financed partly by membership fees, and donations, but
mostly by selling hacking, cracking, phreaking, electronics, internet,
and virus information and programs on disk and bound paper media.

SotMesc memberships are $20 to students and $40 to regular members.

SotMESC
P.O. Box 573
Long Beach, MS 39560


Computer Emergency Response Team (CERT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CERT is the Computer Emergency Response Team that was formed by the
Defense Advanced Research Projects Agency (DARPA) in November 1988 in
response to the needs exhibited during the Internet worm incident.
The CERT charter is to work with the Internet community to facilitate
its response to computer security events involving Internet hosts, to
take proactive steps to raise the community's awareness of computer
security issues, and to conduct research targeted at improving the
security of existing systems.

CERT products and services include 24-hour technical assistance for
responding to computer security incidents, product vulnerability
assistance, technical documents, and seminars. In addition, the team
maintains a number of mailing lists (including one for CERT
advisories) and provides an anonymous FTP server: cert.org
(192.88.209.5), where security-related documents, past CERT
advisories, and tools are archived.

CERT contact information:

U.S. mail address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
U.S.A.

Internet E-mail address
cert@cert.org

Telephone number
(412)268-7090 (24-hour hotline)
CERT Coordination Center personnel answer
7:30 a.m.- 6:00 p.m. EST(GMT-5)/EDT(GMT-4), on call for
emergencies during other hours.

FAX number
(412)268-6989


    15. What are some radio programs of interest to hackers?




Off The Hook New York 99.5 FM Tue 8pm EST
Full Disclosure Live Short Wave WWCR 5065 khz Sun 8pm EST
Full Disclosure Live Oil City, PA WOYL AM-1340 Sun 8pm EST
Full Disclosure Live Satellite Telstar 302 (T2), Ch 21, 5.8 Sun 8pm EST


    16. What are other FAQ's of interest to hackers?



Frequently Asked Questions "Hacking Novell Netware"
Author: Simple Nomad <sn@spyder.org>
ftp: jumper.mcc.ac.uk /pub/security/netware/faq.zip
ftp: ftp.fastlane.net /pub/nomad/nw/faq.zip
ftp: ftp.best.com /pub/almcepud/hacks/faq.zip
http://resudox.net/bio/mainpage.html
http://www.hookup.net/~apayne/nwhack.html

The PGP Attack FAQ
Author: Route [daemon9@netcom.com / route@infonexus.com]
ftp: infonexus.com /pub/Philes/Cryptography/PGPattackFAQ.txt.gz

Mac Hack FAQ: Defeating Security
Author: AX1P (an149689@anon.penet.fi)

Frequently Asked Questions About Red Boxing
Author: Mr. Sandman (an132432@anon.penet.fi)

VMS FAQ (Frequently Ask Questions)
Author: The Beaver (beaver@upperdck.blkbox.com)

Anonymous FTP FAQ
Author: Christopher Klaus <cklaus@iss.net> of Internet Security Systems, Inc.
ftp: ftp.iss.net /pub/faq/anonftp

Compromise FAQ: What if your Machines are Compromised by an Intruder
Author: Christopher Klaus <cklaus@iss.net> of Internet Security Systems, Inc.
ftp: ftp.iss.net /pub/faq/compromise

Security Patches FAQ
Author: Christopher Klaus <cklaus@iss.net> of Internet Security Systems, Inc.
ftp: ftp.iss.net /pub/faq/patch

Sniffer FAQ
Author: Christopher Klaus <cklaus@iss.net> of Internet Security Systems, Inc.
ftp: ftp.iss.net /pub/faq/sniff

Vendor Security Contacts: Reporting Vulnerabilities and Obtaining New Patches
Author: Christopher Klaus <cklaus@iss.net> of Internet Security Systems, Inc.
ftp: ftp.iss.net /pub/faq/vendor

Cryptography FAQ
Author: The Crypt Cabal
ftp: rtfm.mit.edu /pub/usenet-by-group/sci.crypt/

Firewalls FAQ
Author: Marcus J. Ranum (mjr@ss1.lightspeed.net)
ftp: rtfm.mit.edu /pub/usenet-by-group/comp.security.misc/

Buying a Used Scanner Radio
Author: parnass@att.com (Bob Parnass, AJ9S)
ftp: rtfm.mit.edu /pub/usenet-by-group/rec.radio.scanner/

How to Find Scanner Frequencies
Author: parnass@att.com (Bob Parnass, AJ9S)
ftp: rtfm.mit.edu /pub/usenet-by-group/rec.radio.scanner/

Introduction to Scanning
Author: parnass@att.com (Bob Parnass, AJ9S)
ftp: rtfm.mit.edu /pub/usenet-by-group/rec.radio.scanner/

Low Power Broadcasting FAQ
Author: Rick Harrison.
ftp: rtfm.mit.edu /pub/usenet-by-group/alt.radio.pirate/

RSA Cryptography Today FAQ
Author: Paul Fahn
ftp: rtfm.mit.edu /pub/usenet-by-group/sci.crypt/

VIRUS-L comp.virus Frequently Asked Questions (FAQ)
Author: Kenneth R. van Wyk <krvw@cert.org>
ftp: rtfm.mit.edu /pub/usenet-by-group/comp.virus/

Where to get the latest PGP (Pretty Good Privacy) FAQ
Author: mpj@csn.net (Michael Johnson)
ftp: rtfm.mit.edu /pub/usenet-by-group/alt.security.pgp/

alt.locksmithing answers to Frequently Asked Questions (FAQ)
Author: spike@indra.com (Joe Ilacqua)
ftp: rtfm.mit.edu /pub/usenet-by-group/alt.locksmithing/

comp.os.netware.security FAQ
Author: Fauzan Mirza <F.U.Mirza@sheffield.ac.uk>
ftp: rtfm.mit.edu /pub/usenet-by-group/comp.os.netware.security/

rec.pyrotechnics FAQ
Author: zoz@cs.adelaide.edu.au (Hans Josef Wagemueller)
ftp: rtfm.mit.edu /pub/usenet-by-group/rec.pyrotechnics/


    17. Where can I purchase a magnetic stripe encoder/decoder?



CPU Advance
PO Box 2434
Harwood Station
Littleton, MA 01460
(508)624-4819 (Fax)

Omron Electronics, Inc.
One East Commerce Drive
Schaumburg, IL 60173
(800)556-6766 (Voice)
(708)843-7787 (Fax)

Security Photo Corporation
1051 Commonwealth Avenue
Boston, MA 02215
(800)533-1162 (Voice)
(617)783-3200 (Voice)
(617)783-1966 (Voice)

Timeline Inc,
23605 Telo Avenue
Torrence, CA 90505
(800)872-8878 (Voice)
(800)223-9977 (Voice)

Alltronics
2300 Zanker Road
San Jose CA 95131
(408) 943-9774 Voice
(408) 943-9776 Fax
(408) 943-0622 BBS
Part Number: 92U067

Atalla Corp
San Jose, CA
(408) 435-8850


    18. What are the rainbow books and how can I get them?



Orange Book
DoD 5200.28-STD
Department of Defense Trusted Computer System Evaluation Criteria

Green Book
CSC-STD-002-85
Department of Defense Password Management Guideline

Yellow Book
CSC-STD-003-85
Computer Security Requirements -- Guidance for Applying the Department
of Defense Trusted Computer System Evaluation Criteria in Specific
Environments

Yellow Book
CSC-STD-004-85
Technical Rationale Behind CSC-STD-003-85: Computer Security
Requirements. Guidance for Applying the Department of Defense Trusted
Computer System Evaluation Criteria in Specific Environments.

Tan Book
NCSC-TG-001
A Guide to Understanding Audit in Trusted Systems

Bright Blue Book
NCSC-TG-002
Trusted Product Evaluation - A Guide for Vendors

Neon Orange Book
NCSC-TG-003
A Guide to Understanding Discretionary Access Control in Trusted
Systems

Teal Green Book
NCSC-TG-004
Glossary of Computer Security Terms

Red Book
NCSC-TG-005
Trusted Network Interpretation of the Trusted Computer System
Evaluation Criteria

Orange Book
NCSC-TG-006
A Guide to Understanding Configuration Management in Trusted Systems

Burgundy Book
NCSC-TG-007
A Guide to Understanding Design Documentation in Trusted Systems

Dark Lavender Book
NCSC-TG-008
A Guide to Understanding Trusted Distribution in Trusted Systems

Venice Blue Book
NCSC-TG-009
Computer Security Subsystem Interpretation of the Trusted Computer
System Evaluation Criteria

Aqua Book
NCSC-TG-010
A Guide to Understanding Security Modeling in Trusted Systems

Dark Red Book
NCSC-TG-011
Trusted Network Interpretation Environments Guideline -- Guidance for
Applying the Trusted Network Interpretation

Pink Book
NCSC-TG-013
Rating Maintenance Phase -- Program Document

Purple Book
NCSC-TG-014
Guidelines for Formal Verification Systems

Brown Book
NCSC-TG-015
A Guide to Understanding Trusted Facility Management

Yellow-Green Book
NCSC-TG-016
Guidelines for Writing Trusted Facility Manuals

Light Blue
NCSC-TG-017
A Guide to Understanding Identification and Authentication in Trusted
Systems

Light Blue Book
NCSC-TG-018
A Guide to Understanding Object Reuse in Trusted Systems

Blue Book
NCSC-TG-019
Trusted Product Evaluation Questionnaire

Gray Book
NCSC-TG-020A
Trusted Unix Working Group (TRUSIX) Rationale for Selecting
Access Control List Features for the Unix System

Lavender Book
NCSC-TG-021
Trusted Data Base Management System Interpretation of the Trusted
Computer System Evaluation Criteria

Yellow Book
NCSC-TG-022
A Guide to Understanding Trusted Recovery in Trusted Systems

Bright Orange Book
NCSC-TG-023
A Guide to Understandng Security Testing and Test Documentation in
Trusted Systems

Purple Book
NCSC-TG-024 (Volume 1/4)
A Guide to Procurement of Trusted Systems: An Introduction to
Procurement Initiators on Computer Security Requirements

Purple Book
NCSC-TG-024 (Volume 2/4)
A Guide to Procurement of Trusted Systems: Language for RFP
Specifications and Statements of Work - An Aid to Procurement
Initiators

Purple Book
NCSC-TG-024 (Volume 3/4)
A Guide to Procurement of Trusted Systems: Computer Security Contract
Data Requirements List and Data Item Description Tutorial

+Purple Book
+NCSC-TG-024 (Volume 4/4)
+A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder's
+Proposal Document - An Aid to Procurement Initiators and Contractors

Green Book
NCSC-TG-025
A Guide to Understanding Data Remanence in Automated Information
Systems

Hot Peach Book
NCSC-TG-026
A Guide to Writing the Security Features User's Guide for Trusted Systems

Turquiose Book
NCSC-TG-027
A Guide to Understanding Information System Security Officer
Responsibilities for Automated Information Systems

Violet Book
NCSC-TG-028
Assessing Controlled Access Protection

Blue Book
NCSC-TG-029
Introduction to Certification and Accreditation

Light Pink Book
NCSC-TG-030
A Guide to Understanding Covert Channel Analysis of Trusted Systems

C1 Technical Report-001
Computer Viruses: Prevention, Detection, and Treatment

*C Technical Report 79-91
*Integrity in Automated Information Systems

*C Technical Report 39-92
*The Design and Evaluation of INFOSEC systems: The Computer Security
*Contributions to the Composition Discussion

NTISSAM COMPUSEC/1-87
Advisory Memorandum on Office Automation Security Guideline

--

You can get your own free copy of any or all of the books by writing
or calling:

INFOSEC Awareness Division
ATTN: X711/IAOC
Fort George G. Meade, MD 20755-6000

Barbara Keller
(410) 766-8729

If you ask to be put on the mailing list, you'll get a copy of each new
book as it comes out (typically a couple a year).

[* == I have not personally seen this book]
[+ == I have not personally seen this book, and I believe it may not]
[ be available]




    * Section E: 2600 *


~~~~~~~~~~~~~~~

    01. What is alt.2600?



Alt.2600 is a Usenet newsgroup for discussion of material relating to
2600 Magazine, the hacker quarterly. It is NOT for the Atari 2600
game machine. Len@netsys.com created the group on Emmanuel
Goldstein's recommendation. Emmanuel is the editor/publisher of 2600
Magazine. Following the barrage of postings about the Atari machine to
alt.2600, an alt.atari.2600 was created to divert all of the atari
traffic from alt.2600. Atari 2600 people are advised to hie over to
rec.games.video.classic.


    02. What does "2600" mean?



2600Hz was a tone that was used by early phone phreaks (or
phreakers) in the 80's, and some currently. If the tone was sent down the
line at the proper time, one could get away with all sorts of fun stuff.

A note from Emmanuel Goldstein:

"The Atari 2600 has NOTHING to do with blue boxes or telephones
or the 2600 hertz tone. The 2600 hertz tone was simply the first
step towards exploring the network. If you were successful at
getting a toll call to drop, then billing would stop at that
point but there would be billing for the number already dialed
up until the point of seizure. 800 numbers and long distance
information were both free in the past and records of who called
what were either non-existent or very obscure with regards to
these numbers. This, naturally, made them more popular than
numbers that showed up on a bill, even if it was only for
a minute. Today, many 800 numbers go overseas, which provides
a quick and free way into another country's phone system
which may be more open for exploration."


    03. Are there on-line versions of 2600 available?



No.


    04. I can't find 2600 at any bookstores. What can I do?



Subscribe. Or, let 2600 know via the subscription address that you
think 2600 should be in the bookstore. Be sure to include the
bookstores name and address.


    05. Why does 2600 cost more to subscribe to than to buy at a newsstand?



A note from Emmanuel Goldstein:

We've been selling 2600 at the same newsstand price ($4) since 1988
and we hope to keep it at that price for as long as we can get away
with it. At the same time, $21 is about the right price to cover
subscriber costs, including postage and record keeping, etc. People
who subscribe don't have to worry about finding an issue someplace,
they tend to get issues several weeks before the newsstands get
them, and they can take out free ads in the 2600 Marketplace.

This is not uncommon in the publishing industry. The NY Times, for
example, costs $156.50 at the newsstands, and $234.75 delivered to your
door.




    * Section F: Miscellaneous *


~~~~~~~~~~~~~~~~~~~~~~~~

    01. What does XXX stand for?



TLA Three Letter Acronym

ACL Access Control List
PIN Personal Identification Number
TCB Trusted Computing Base

ALRU Automatic Line Record Update
AN Associated Number
ARSB Automated Repair Service Bureau
ATH Abbreviated Trouble History
BOC Bell Operating Company
BOR Basic Output Report
BOSS Business Office Servicing System
CA Cable
COE Central Office Equipment
COSMOS Computer System for Main Frame Operations
CMC Construction Maintenance Center
CNID Calling Number IDentification
CO Central Office
COCOT Customer Owned Coin Operated Telephone
CRSAB Centralized Repair Service Answering Bureau
DID Direct Inbound Dialing
DDD Direct Distance Dialing
ECC Enter Cable Change
LD Long Distance
LMOS Loop Maintenance Operations System
MLT Mechanized Loop Testing
NPA Numbering Plan Area
PBX Private Branch Exchange
POTS Plain Old Telephone Service
RBOC Regional Bell Operating Company
RSB Repair Service Bureau
SS Special Service
TAS Telephone Answering Service
TH Trouble History
TREAT Trouble Report Evaluation and Analysis Tool

LOD Legion of Doom
HFC Hell Fire Club
TNO The New Order

ACiD Ansi Creators in Demand
CCi Cybercrime International
FLT Fairlight
iCE Insane Creators Enterprise
iNC International Network of Crackers
NTA The Nocturnal Trading Alliance
PDX Paradox
PE Public Enemy
PSY Psychose
QTX Quartex
RZR Razor (1911)
S!P Supr!se Productions
TDT The Dream Team
THG The Humble Guys
THP The Hill People
TRSI Tristar Red Sector Inc.
UUDW Union of United Death Workers


    02. How do I determine if I have a valid credit card number?



Credit cards use the Luhn Check Digit Algorithm. The main purpose of
this algorithm is to catch data entry errors, but it does double duty
here as a weak security tool.

For a card with an even number of digits, double every odd numbered
digit and subtract 9 if the product is greater than 9. Add up all the
even digits as well as the doubled-odd digits, and the result must be
a multiple of 10 or it's not a valid card. If the card has an odd
number of digits, perform the same addition doubling the even numbered
digits instead.


    03. What is the layout of data on magnetic stripe cards?



A standard card may have any of three tracks, or a combination of these
tracks.

Track 1 was the first track standardized. It was developed by the
International Air Transportation Association (IATA) and is still
reserved for their use. It is 210bpi with room for 79 characters. It
includes the primary account number (up to 18 digits) and the name (up
to 26 alphanumeric characters).

Track 2 was developed by the American Bankers Association (ABA) for
on-line financial transactions. It is 75bpi with room for 40 numeric
characters. It includes the account number (up to 19 digits).

Track 3 is also used for financial transactions. The difference is its
read/write ability. It is 210bpi with room for 107 numeric digits. It
includes an enciphered PIN, country code, currency units, amount
authorized, subsidiary account information and other restrictions.

For more information, read the ANSI/ISO 7811/1-5 standard. This
document is available from the American Bankers Association.


    04. What are the ethics of hacking?



An excerpt from: Hackers: Heroes of the Computer Revolution
by Steven Levy

Access to computers -- and anything which might teach you
something about the way the world works -- should be unlimited
and total. Always yield to the Hands-On imperative.

All information should be free.

Mistrust Authority. Promote Decentralization.

Hackers should be judged by their hacking, not bogus criteria
such as degrees, age, race, or position.

You can create art and beauty on a computer.

Computers can change your life for the better.


    05. Where can I get a copy of the alt.2600/#hack FAQ?



Get it on FTP at:
rahul.net /pub/lps/sysadmin/
rtfm.mit.edu /pub/usenet-by-group/alt.2600
clark.net /pub/jcase/

Get it on the World Wide Web at:
http://www.engin.umich.edu/~jgotts/underground/hack-faq.html

Get it on my BBS:
Hacker's Haven (303)343-4053

EOT