From: "Carolyn Meinel" Date: Mon Jun 12, 2000 11:03 pm Subject: Happy Hacker Mac Digest THE HAPPY mHACKER Volume one, Number Two - June 2000 *********************************** *================**---------------* *========*======**------*---------* *========*=====**-------*---------* *========*====**--------*---------* *============**-------------------* *===========**--------------------* *===========*********-------------* *=================**--------------* *================**---------------* *===============**----------------* *=====***=======**-------***------* *========****************---------* *===============**----------------* *================**---------------* *********************************** :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: - A WORD OF WELCOME - --------- Belated, but it's out. Various server problems, transitional trouble, and time restrictions joined forces to stop the publishing of Issue 2 of HAPPY mHACKER. In the end, we made it. Things should be more regular from now on. We're still slim and thin, mostly reprinted stuff and links. We hope you will mail us cool stuff to fatten the beast in the future. Unlike other eZines, I feel it would be unfair to resort to 'fillers' and attach more value to the form than to the content so I only put stuff that I enjoyed reading myself. Good or bad - You decide. By the way: Since this publication is most likely monitored and indexed by certain institutions, any contribution will remain anonymous. Not even an alias will be included. The body will be kept, but the email itself will be 8-pass burnt ASAP. Other anonymizing steps taken at your end will also increase confidentiality security. See ya, Pat St-Arnaud :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: - MAILBAG - --------- I was sent this humorous piece. Non-tech, but I figured I should share it anyhow: STEP PROGRAM OF RECOVERY FOR NETWORK ADDICTS 1) I will have a cup of coffee in the morning and read my newspaper like I used to, before the Web. 2) I will eat breakfast with a knife and fork and not with one hand typing. 3) I will get dressed before noon. 4) I will make an attempt to clean the house, wash clothes, and plan dinner before even thinking of the Web. 5) I will sit down and write a letter to those unfortunate few friends and family that are Web-deprived. 6) I will call someone on the phone who I cannot contact via the Web. 7) I will read a book...if I still remember how. 8) I will listen to those around me and their needs and stop telling them to turn the TV down so I can hear the music on the Web. 9) I will not be tempted during TV commercials to check for email. 10) I will try and get out of the house at least once a week, if it is necessary or not. 11) I will remember that my bank is not forgiving if I forget to balance my checkbook because I was too busy on the Web. 12)Last, but not least, I will remember that I must go to bed sometime ... and the Web will always be there tomorrow! :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: - MUSTERED MEDIA - --------- Just one site this month, but what a site! Read this FAS reprint of: STRATEGIC ASSESSMENT: THE INTERNET Prepared by Mr. Charles Swett Assistant for Strategic Assessment Office of the Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict (Policy Planning) "FAS Intro: The following paper reviews the actual and potential impact of the Internet on domestic and foreign politics and international conflict, from the point of view of a U.S. Department of Defense analyst. It is presented here by the Project on Government Secrecy of the Federation of American Scientists." Excerpts: "By monitoring public message traffic and alternative news sources from around the world, early warning of impending significant developments could be developed, in advance of more traditional means of indications and warning."[...] "The Internet is a potentially lucrative source of intelligence useful to DoD."[...] "It is likely that routine monitoring of messages originating in other countries would help provide strategic warning of developing security threats that would be of concern to the United States." "The Internet can also serve counterintelligence purposes. For example, a message posted recently in an Internet discussion group for left-wing political activists repeated for their benefit an Associated Press article about an upcoming U.S. Army Special Operations Command training exercise directed at the (empty) St. Moritz Hotel in Miami Beach." If it became widely known that DoD were monitoring Internet traffic for intelligence or counterintelligence purposes, individuals with personal agendas or political purposes in mind, or who enjoy playing pranks, would deliberately enter false or misleading messages. Our analysis function would need to account for this. " Read the whole thing and much more at: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: - HAXOR - --------- There are many port lists around, but most of them forsake Mac-specific ports. Here a list of some of them: 111 REMOTE PROCEDURE CALL (RPC) [JAVA] 311 APPLESHARE WEB ADMINISTRATION ASIP [ASIP 6.1] 384 ARNS TUNNELING 387 AURP TUNNELING 389 LDAP DIRECTORY 407 TIMBUKTU 5.2 or later 497 RETROSPECT UDP [Client Seek] 510 FIRSTCLASS SERVER 548 AFP AppleShare 554 RTSP QUICKTIME SERVER [Also uses UDP 6970] 591 FILEMAKER PRO WEB [alternate to 80] 626 IMAP Administration [ASIP 6] 660 ASIP REMOTE ADMIN [ASIP 6.3 and up] 666 NOW CONTACT SERVER [ note that it violates port assignment] 687 ASIP SHARED U&G PORT 1080 WEBSTAR ADMIN [Port number plus 1000] 1417 TIMBUKTU: CONTROL (pre-5.2) [Login is UDP 407] 1418 TIMBUKTU: OBSERVE (pre-5.2) [Login is UDP 407] 1419 TIMBUKTU: SEND FILES (pre-5.2) [Login is UDP 407] 1420 TIMBUKTU: EXCHANGE (pre-5.2) [Login is UDP 407] 1443 WEBSTAR/SSL ADMINISTRATION 3031 AE PROGRAM LINKING for Mac OS 9/later 4000 NOW PUBLIC EVENT SERVER 4199 EIMS ADMINISTRATION 4347 LANSURVEYOR RESPONDERS [Also uses UDP) 5003 FILEMAKER PRO [Direct access, not Web] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: - SCHAX'S ENCYCLOPEDIA - --------- CHAPTER ONE - THE APPLICATION OF MEMETICS Of interest to those tracking memetics and propaganda. "...unless we're all part of the same dream. Only I do hope it's my dream, and not the Red King's! I don't like belonging to another person's dream..." --The character of Alice in Lewis Carroll's "Through the Looking Glass" Face it, reality is a consensual hallucination. The only reason why you know something is the color 'red' is because somebody else told you so. And how did they know? Because someone told them. To make reality even more complex, you really don't have any true perception of reality, you only perceive your perceptions. If you haven't had to stop reading and think about this for at least five minutes (and how do you know how long a minute is?), then you just don't get the point. What is the point? That your knowledge, behavior, and all those other fuzzy concepts are learned from what other people tell you and from mimicking role models. No matter how original you think you may be, no matter how much life experience you have collected on your own, it all still rests on the foundations that you borrowed, willy nilly, from others. Now for a little secret--the part of your brain that does this, without much help from you I might add, and even when you don't want it to happen, is still at it, is still borrowing whole hog from the world around you . How else would you stay current in language, dress, social customs, and all that jazz? Here's another secret (notice how you perk up when you think you are going to be let in on a secret?); there are people out there who understand how it works a little better than you do (does that make you nervous?), and actually do something about it. Don't you think it's time you caught up with the rest of us (isn't it reassuring to be part of a group?) and found out how to do it too? Welcome to the wonderful world of memetic engineering, the applied science of making friends think what you want them to think, and influencing enemies. Some might apply such a set of techniques to the commercial use of selling things, while others will see deeper and think of how to influence public opinion. This document is intended for that deeper thinker (and you do like to think of yourself as one of those, don't you?), and outlines the basic mechanisms for treating other peoples' minds as if they were your playground, and their own private Idaho. RULE 1 - FIX YOUR TARGET AND THE COMMUNICATION CHANNEL THAT REACHES THEM. Knowing whom you want targeted is not as easy as it sounds. Given that you have clearly framed what your objective is, you have to decide on an approach--do you want many 'believers' quickly but only for a short term, or do you need a fewer number but for a longer term ? What action or reaction is desired from these people? Can it realistically be met in the short or medium term? Or does it require a long term 'paradigm shift' to accomplish? Why will they do this? Can you make them think that they have a good motive? Once you have all this figured out, you can sketch up a rough character profile and research exactly how such individuals get their 'input.' After all, if you control a person's surroundings or input, you essentially control the person. RULE 2 - PRETEST POSSIBLE REACTIONS. This is the fine tuning stage. Locate a potential target and take a test run to see what really happens when you start pushing their buttons. Take the feedback to heart and do any reengineering of the target, message, and channel you need to. Pretest again. Keep this up until you have it right. RULE 3 - BE FLEXIBLE, AND RUN THE OPERATION IN PLACE. It helps to be 'in country' when doing this sort of thing. If you fit , even partially, the profile for the target, and you are immersed in the same 'signal saturation' they are, you have a better probability of creating an effective meme. You also have the chance to make changes or course corrections on the fly if you have to. Call this ' sticking with what you know.' RULE 4 - KNOW YOUR CONTEXT. Know as much as possible about the general culture and subculture you targeting. You have to have everything down--vocabulary, syntax, timing, triggers, etc. to do this right. Be a cultural anthropologist . Look at those around you as if you were from Mars, not them. Question your assumptions. RULE 5 - CAREFULLY PICK THE TONE YOUR MESSAGE WILL TAKE. You can pitch your message in a variety of ways positive, prophylactic , and negative. Positive memes are ego building messages for the recipient. Prophylactic memes simply prevent spread or infection by others. Negative memes are the easiest to craft and have accepted, since they exploit mistakes and faults that are either really there or at least perceived as being there. RULE 6 - DECIDE ON THE DURATION AND DEGREE OF REPETITION OF YOUR MESSAGE. Pavlov had some things wrong, but he also had some things right, such as "Re-enforce often!" It also helps to have a good amount of variation with the reinforcement, so that the message doesn't get ignored (if you hear the same thing too many times in just the same way, you learn to tune it out). RULE 7 - USE EXISTING CHANNELS TO MOVE YOUR MESSAGE. Don't get fancy, and don't try to move a meme across a newly established channel. Be careful with the new medium of the Internet ( or Usenet)--people there are paranoid, scared, and skeptical in general, but that can be turned to your advantage if you understand that. Also, the Net acts as a 'community memory' - check out the beast known as the FAQ (Frequently Asked Questions) which are kept current and accurate by an informal collective that knows the topic (two good examples are the cryptography FAQ and the exercise FAQs). Careful with your facts, and be subtle with your spin. RULE 8 - CAREFULLY CONSTRUCT YOUR CONTENT. A meme must be based on a solid intellectual, emotional, and economic model of the target population. It should aim at personalities, not issues. The 'mimicry' mechanism in people is susceptible because we are used to adopting patterns from other people. Issues just hit the intellectual gestalt and get processed, thus they have lower contagion; the only way issues can make it is if they imply a changed self image of the target subject, or are linked to an image of a person that the target can imagine themselves as. RULE 9 - DO NOT CREATE NEW ISSUES, BUT EXPLOIT EXISTING ONES. It is easier to hijack an already 'in progress' meme and apply some spin control, reinterpretation, shift in perception, and a colorful dash of revisionism. RULE 10 - AGGREGATE YOUR APPROACH. Build toward your true purpose over time; start memes out as being totally reliable to establish trust in the source. This 'collateral confirmation' gives credibility, and allows you to progress the future memes to approximate the target mind set. Be certain that the paradigm created by the meme fits into the existing climate, mind set, and general opinion, otherwise it has a low potential to spread and infect. RULE 11 - DON'T MAKE IT SEEM LIKE AN ATTEMPT TO INFLUENCE THEM. The hard sell turns people off; back off and let them come to you. You catch more people through letting them into the group reluctantly than you do by having 'press gangs' roving the countryside. People dislike the power trip of having to do things. RULE 12 - KEEP IT SIMPLE AND EMOTIONAL. Frame the message to take advantage of releasers and gestalts; evoke emotions, since emotions are less susceptible to analysis, particularly in Western cultures. RULE 13 - DON'T INTERFERE (AND BENEFIT IF POSSIBLE) WITH MASLOW'S HIERARCHY OF NEEDS. These are the basics physical fulfillment, food, warmth, sleep, safety. They are also not so basic positive self-image, esteem in the eyes of their peers, love, belonging, respect. RULE 14- EVOKE A GROUP IDENTIFICATION. Pushing the buttons of your target's innate superiority, the shared suffering they have with the group, how they are the 'chosen' people goes a long way to reducing the maintenance necessary to keep members 'enrolled.' PROPAGANDA AND MEMETICS How do these two concepts differ? Propaganda creates a mind set that will accept or be neutral towards actions undertaken by the generating source. Memetics create an active mind set that encourages participation (action, reaction, proselytizing) and perpetuation of the intent of the generating source. It depends on whether you want people to be sedate or pro-active. CONCLUSIONS There are a number of people selling things, and I don't just mean those infomercials. Some people are selling religions, others are selling pop psychotherapy, politicians sell themselves, sometimes . Some concepts could benefit from the tactics, similar to memetic tactics, that are used in those obnoxious infomercials; maybe it is the removal from the abstract to the concrete that makes it so more effective. No longer will you hear "It is better for the environment," "a united Ireland," or "democracy is good for you," but there will be a well-crafted meme showing you a person, someone you can identify with, someone you wouldn't mind being, enjoying the benefits of what before seemed like empty slogans. It certainly beats using the techniques to make people want 'buns of steel.' By Michael Wilson [5514706@m...] The Nemesis Group Copyright 1993. All rights reserved. May be freely distributed as long as this notice and authorship byline are intact. [Next Issue: Hardware, Software, Wetware: Operational Objectives of Information Warfare, by Michael Wilson] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: - LEGION SPEAKS - --------- LEGION is far from being the most fame-seeking white-hat around. He is, in fact, one of the most shadowy, slippery guys I know. Case in point: He called me to do this interview, and when I tried to call back the number showing on my call display to clarify some points, it turned out to be a Pizza parlor! It is said that most of the time, actually almost every time, he uses a different account, ISP, pseudonym to be online. Oh yeah - Of course, he called me on my UNLISTED number... For all intents and purposes, LEGION is nothing but a figment of my imagination, a waking dream (nightmare?) I might have made him up - LEGION does not exist. Or does he? This is an excerpt of a phone interview (or a sleep-deprivation induced hallucination.) Please be aware that his language may be crude at times, but I refrained from censoring the expletives. (Carolyn's note: But I censored them a little bit.) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: HMH: How did your ever get interested in computer hacking? L: Ok - Let me make one thing clear - I AM NOT A HACKER [loud]. I'm sick and tired of all the recent media garbage I hear every day. These script-reading clueless media fools get a real hard-on using words like TROJAN, DoS, HACKER. They have NO idea... They just think it's cool to use the words. HMH: Let me rephrase that - how did you get started? L: As I said I don't hack. I browse the net, do my security job, read the news. Once in a while, I encounter a possible security hole - I test it, and report it to the site managers if it proves vulnerable. I don't ask to be paid for that. I don't vandalize or steal data. Most of the time the companies are grateful - funny thing is, sometime they get REALLY resentful, too! Some companies lend me they new their new audit tools, I get hacker exploits online, and match them up. See who beats whom. I do it on Mac because very few people do. You got some 2600 guys who came up with cool all-in-one Mac exploit tools, such as MacPork, they're really good. So I try to find out if the security product designers are better... I need a life! That's my hobby! [Laughter] How I got started? Peeking and poking on a VIC 20! [Laughter] MHM: What do you think of all the attention so-called "hackers" have been receiving in the media lately? L: It really p***es me off: The law is coming down hard on youth (and not so young, too) worldwide for entering into a system, changing a web page, stealing some email. Right - that's not cool, if you can't do the time, don't do the crime. But these guys are getting CRUCIFIED, man! The penalty is in no way related to the severity of the crime anymore, and all of this because some terminally naive or criminally self-serving politicians are jumping on the Big Internet Fear bandwagon - it makes good copy, get your quotable newsbit in the media. And the hackers - what? A bunch of geeks with nose piercing and blue hair, ponytails and T-shirts: nobody in the establishment will take their defense. At least that's how the suits talk about computer people among themselves. Easy targets... Scapegoats... BULLS***! [Loud] Meanwhile, some nice, clean-cut suburban perfect husband with 1.5 kid is driving a Mercedes bankrolled by money raised online with 400 web- sites showing pictures of 19 years-old being sodomized by their uncles. That's ok - the company is listed on the exchange, it makes tons of money, even mutual funds managers are buying into it! What kind of f***up social message is that! HMH: What would you suggest people do to increase security online? L: Hmm... Decriminalize hacking, as long as you don't mess up anything. Fines would do it - prison terms are way out of proportion with most of what the kids do. Send virus, Trojan writers and pornographers to jail forever and throw away the key. On a third offense, SPAMmers would be denies net access for life... [NOISY BACKGROUND] Look - Sorry man but I really got to goŠ HMH: Thanks for the conversation... L: [DEAD PHONE LINE] ---------------------------------------------------------------------