Leaderboard


Popular Content

Showing content with the highest reputation since 07/06/2009 in all areas

  1. 6 points
    Here's the complete collection of recordings I grabbed of the Odessa 1AESS switch before the cutover. The recordings were made during late may, with the last batch (A-D recordings) made on June 2, 2017 -- days before the cutover. The most interesting recordings I found during the calls to the switch: 1AESS-A.wav - Highest quality recording/best example I have of what a normal call to the 1AESS intercept sounded like. Allows you to hear the background SIT-tone noise before recordings. 1AESS-D.wav - Highest quality recording/best example I have of what a normal call to the 1AESS supervision test sounded like. 1AESS-3.wav - Bizarre because the switch cut to busy after intercept, instead of cutting over to reorder like normal. 1AESS-11.wav - Bizarre because the call, without ring, goes to the 1AESS intercept recording for one cycle, then stops for 20 seconds, and returns the Hillsboro 4ESS '121-T!' recording. 1AESS-14.wav - Bizarre because the call, rings once, goes silent for 30 seconds, then returns the Hillsboro 4ESS '121-T!' recording. 1AESS-15.wav - Bizarre because the call, rings once, goes silent for 40 seconds, then returns a reorder. More descriptions on the other calls are available on the 1A_desc.txt file on the dropbox drive. https://www.dropbox.com/sh/xca3wwskn1mzwzt/AABJMpTS0XDL9NQQgiz4LVI4a?dl=0 Enjoy.
  2. 6 points
    Hi all, Been busy for a while and was distracted by other facets of life. Signed in today was reading some of the posts to see if anything major or interesting has happened and not much has changed as I expected (no offence). So it seems no harm there in being temporarily gone. Now as I was reading some of the posts and a reply to my "Everything is Assumed" thread I noticed I had been down rep to -6 so I checked the Binary Revolution forum index page where it has a list of where you were down repped and which it was in like each thread over a long past with no replies as to why...I in some ways don't care but was wondering has another spam bot got lose or some dumb-ass, or did I make a thread that offended some community and they say it and one of them joined and down repped me for that. Anyway I was also wondering if this had happened to anyone else as well. Thanks in advance for any replies.
  3. 5 points
    After reading your comment #4 I also got really annoyed. I agree with Berzerk on this. Correct me if I am wrong, but it seems you don't know the difference between petty theft and hacking. Here is what I consider the difference: HACKING - Taking a computer, and figuring out a way to bypass the password. Disseminating the contents of the drive to find the owner's name, address, and pictures of them to identify them. Being nice and installing programs to help them find their PC if they lose it again. VNC - (to view the system) An SSH server - (to help retrieve their files) An IP beacon - (To say when the PC is online and what the IP address is) [*]Returning the laptop to the owner. [*]Occasionally checking in on the PC to make sure the system is ok, and they didn't lose it again. (What a good citizen!!!) PETTY THEFT - Not using google to find a simple kiddie script. Being an idiot and telling everyone you are committing a crime.
  4. 4 points
    There's another number to that; 3438. If you're hitting a route that gives you g.729 (sorta ruins that catchy song), it's not a bad idea to try both a few times. Interestingly, the transcoding seems to come on after the C5 chirps; those (and sometimes some Australian sounding ring) are always clear as day. So now when I found this - I actually think I found it with radio_phreak, but when I did, I was about as excited as you can expect. But something wasn't quite right. If you do a RESPORG lookup on 3438/7, it comes back as using the MCI/0222 network. If you call the number directly terminating to the Malaysian destination (you'll find it with a bit of searching) over MCI though, it's end to end SS7. After trying a bunch of carriers with no success, the theory we wound up with is that they were re-originating via a third party country; likely Australia, to shave a few cents off termination charges. Interestingly, when you hop on a conference on that access number, it'll allow you the option to contact customer service for the company, which is based out of Denver. The route you get is _definitely_ not C5. For whatever it's worth, there was another number until semi-recently; 3439 that routed a little differently. Usually it was more likely to get a transcoded route, or other weird things - one route had 450 hertz ringback before the call went offhook quite a lot . But anyway, for whatever it's worth, during Hurricane Sandy it gave you an error recording from a Santera OCX. If I remember right, the other numbers worked fine though. One thing I've noticed is during that song they play for hold music, sometimes it likes to disconnect you in weird ways. The hold music in question passes some notes a few times that definitely sound like 2400 hertz, so I wonder if that has anything to do with it (maybe we should pay attention to the supervision status), or if it's just an apathetic operator hanging up on you. Incidentally, when the call tears down with 2600, you'll hear this curious reorder tone from the international gateway that sorta fades in and out. Based on this, I wonder if it's a type 1 EWSD: https://pastebin.com/q1dvEcVw . So this isn't exactly C5, but a while ago, I found some Axtel DMS logs on Scribd. No, seriously. You can see from there they have quite a few R2 trunks provisioned for end users: 142785363-switch-a.pdf . We were playing with this on the bridge a few months ago - something I sorta want to get into again at some point; a few people seemed pretty excited about it. There's one particular number, +52-818-114-1500 (on the AX2P42 trunk group; labeled STA_CATARINA_CALL_CENTER_PBX_R2. If you look at page 224, you'll see the trunk group type configuration for this and many others; there's a bunch of R2 trunks with generic labels) that will send a backwards 4 in MFC (780 + 1140 hertz)to the switch - indicating a network error when it messes up. Which it occasionally does. Dunno how or if these can be seized, but it seemed worth mentioning. Speaking of which, I don't have the number for this; I had the bright idea of putting it on the speed dial for a calling card and then letting it expire, but Russia has some sort of strange signaling - perhaps another R2 variant floating about in their network. This particular call I remember being to Siberia: weirdmfs.flac . A lot of their switches use whatever this is. It enables them to send vacant number conditions and such over their signaling network. All I do here besides try and hit some DTMF is whistle 2600 twice; once to seize the trunk, and another time to make the switch get all angry. The tones you hear are the standard R1 frequency set, but obviously an R1 trunk never barks MFs back at you. EDIT: Crap, I forgot about the Cuba stuff. From what I understand, Havana if no other place has a reasonably modern network of Alcatel gear. As for the fixed GSM terminals, there's some older documents on Cuban telecom infrastructure lying around. All of them seem to point towards the Cuban fixed network being very over capacity. That could have something to do with that particular addition. As for Paraguay, radio_phreak mentioned to me a while back a particular set of numbers that would route to C5 trunks over some carriers. I believe it was +595-528-222-xxx. Back to the C5 stuff though, does anybody know where we can find a protocol spec document for it? That'll probably help us with some of the oddities we've found on some of these trunk groups. Another EDIT: http://www.itu.int/rec/T-REC-Q.140-Q.180/en Holy shit, another EDIT: http://www.binrev.com/forums/index.php?/topic/47028-portugal/#comment-364799 portugal_c5.flac One (hopefully) last thing - for anybody looking for international credit, I've found http://www.call2.com to be pretty good for the most part. Most of their routes look to be resold MCI, the rates are reasonable, and it tends to be decent quality. It is a callback service though, so it can be a little clunky for a large number of calls like in a scan. DMS-10 loops can be a good way to make this a little less painful. I feel kinda gross giving out a plug like that, but given the relative obscurity of the service and the content of the thread, it seems appropriate.
  5. 4 points
    0800 890 595 is now a (quite rare) example of the equipment engaged tone. I haven't done much looking for interesting switching/signalling since the early 2000s. It's got more difficult now because most people and businesses in poor countries have jumped straight to GSM (+successors). Back then, it would (as radio_phreak notes) be much more productive to look in the provincial towns and cities of poor countries than in their main cities. My preferred method was to look online for hotels or businesses in those backwater areas, ideally finding their fax numbers, and call those. Much prefer bothering a fax machine than disturbing a person. Now-a-days you need to do this armed with the country's dialling plan (wikipedia usually has these) - and most of the numbers you find will be mobiles. Re Cuba, I can't reach the supposed second dialtone for the US base via +53 99. The state telco is marketing the "fija alternativa" service - ie a GSM-based fixed service - suggesting aged and interesting POTS equipment exists. Calling from here, it's evident that their international gateway is something not outrageously ancient, because it promptly returns an appropriate SS7 code for incorrect prefixes - eg +53 41 000000 returns the usual SIT+"the number you have dialled has not been recognised" from my local exchange. +53 xx 300000 returns a Cuban intercept - in Spanish then English - after about 5 seconds of delay, where XX is any of the 2-digit areacodes listed at https://en.wikipedia.org/wiki/Telephone_numbers_in_Cuba. Sadly no signalling sounds are evident during the delays - I think I've tried all of them. I had a quick look for hotels in Panama and all the phone numbers I found were +507 6xxx xxxxx - ie mobiles. However, again, I'm hopeful that downstream of the international gateway is something elderly and interesting. +507 900 0000 sometimes gives an intercept - Spanish only - mentioning C&W Panama, again with a significant post-dial delay. +507 800 0000 gives my local telco's equipment engaged tone. +507 811 1111 was answered by a human +507 700 0000 is a different Spanish intercept, with a longer post-dial delay. +507 600 0000 or 500 0000 give my local telco's SIT+number not recognised intercept. +507 400 0000 is the same intercept-after-delay as 900 0000. +507 300 0000 is yet another Spanish intercept, with delay. +507 200 0000 has a very long delay then something times out any my local telco plays SIT+"sorry, there is a fault". +507 210 0000 has a long delay then the 900 0000 intercept +507 220 0000 rings, again after a delay, and is answered by some sort of automated service - in Spanish. No signalling sounds or evident, for me, in any of the above :-(
  6. 4 points
    So I just logged into binrev using this: it automatically generates, stores, and types passwords and looks like a usb-keyboard to your computer. That's a at89c5131 dev-board, this mcu is pretty much an 8051 with usb hardware. I'm probably going to keep touching up the code a little before I start printing boards.
  7. 3 points
    If you dial extension 8411-8414 it will make the automated voice say "Lane ""1-4"" Most pharmacies dont have more than two lanes. So if youre there waiting for a script, dial ext 8413 to hear the voice on the loudspeaker say "lane 3" and watch the employees confusion. its hilarious.
  8. 3 points
    Long time lurker.... registered recently..... first post... I know this thread is a bit old, figured I could be of some assistance here: Auto-scanned the 630713XXXX exchange (Took about ~15 hours), then did some manual checking: Number Auto-Scan Result Manual Scan, Comments 6307130025 VOICE Voicemail 6307130027 VOICE Subscriber 6307130107 VOICE Voicemail 6307130138 VOICE Voicemail (Nokia) 6307130460 VOICE UMTS Operations Support Group (Nokia -- "Please try again in 15 minutes") 6307130484 VOICE "We're sorry, but the blackout period for the transtition of the 401k record keeper is in effect on January 6th, please call back on January 7th." Repeats, then hangs up. 6307130563 VOICE Subscriber 6307130760 VOICE "Thank you for calling the Nokia workplace resources call center." 6307130869 VOICE Voicemail 6307130990 VOICE Voicemail Access Number, with working directory. 6307130996 VOICE Voicemail Access Number, with working directory. 6307131006 VOICE Subscriber 6307131229 VOICE Subscriber 6307131265 VOICE "Sorry, this automated attendant number is not available at the moment, goodbye." 6307131292 VOICE Subscriber 6307131304 VOICE "The called extension is busy" >> Voicemail 6307131329 VOICE Subscriber 6307131335 VOICE Ring >> Reorder 6307131553 VOICE Voicemail 6307131984 FAX Fax tones 6307132349 FAX Fax tones 6307133200 VOICE Voicemail Access Number, with working directory. 6307133678 FAX Possibly a modem. 6307134150 VOICE Subscriber 6307134389 VOICE Subscriber 6307134433 VOICE Voicemail 6307134484 VOICE Subscriber 6307134633 VOICE Voicemail 6307134967 VOICE Voicemail 6307135012 VOICE Voicemail 6307135163 VOICE Voicemail (reads back extension number) 6307135305 FAX Possibly a modem. 6307135353 VOICE Voicemail 6307135400 VOICE Voicemail 6307136056 FAX Fax tones 6307136081 FAX Fax tones 6307136082 FAX Fax tones 6307136091 VOICE Possibly an elevator?? Buzzing/Static on line. Hangs up with #. 6307136153 VOICE Another elevator phone? Hangs up with # again. 6307137073 VOICE Subscriber 6307137163 VOICE Voicemail 6307137180 VOICE Voicemail 6307137339 VOICE Subscriber 6307138416 VOICE Subscriber 6307138507 VOICE Voicemail 6307138668 VOICE Voicemail 6307138761 VOICE Voicemail 6307139039 VOICE Voicemail 6307139328 VOICE Voicemail 6307139379 VOICE Subscriber 6307139650 VOICE Voicemail 6307139764 VOICE Voicemail 6307139885 VOICE Subscriber 6307139988 VOICE Voicemail If there's any interest I can run a scan on 630979XXXX.
  9. 3 points
    So all credit goes to Ramsaso; he pointed this out on the bridge last night. If you have a T-Mobile phone, try calling 712-451-0011. You should get a recording saying they now charge 1 cent a minute to call it, even if you're on their unlimited plan.
  10. 3 points
    https://en.wikipedia.org/wiki/Debian
  11. 3 points
    I got this bag phone last month and was playing around with it to see if there was some tiny chance that it could connect to any network. As I suspected, there aren't any crumbling remains of AMPS networks anywhere near me. An interesting feature about this phone is there's an "Aux Out" which apparently was for sending faxes. Can't imagine lugging all of that around and plugging everything into the 12v jack in your car...
  12. 3 points
    This is just a beginning to get people started. Feel free to add onto more if you wish. The 'Threads' links you will see are from threads from these forums where the topic has been discussed before. I wrote this a few months ago so there may even be more threads about them if you search around. This list was made from numerous threads about the same topics; to stop the bitching from the Department of Redundancy Department. 1. How do I use exploits? ::Discussions - 1. ::Programs for assistance - Nmap and Nessus. ::Reference material - Security Focus, and Irongeek. 2. How do I get the admin password for Windows XP? ::Discussions - 1. ::Programs for assistance - Login recovery, and John the Ripper. ::Reference material - Password Recovery, Irongeek.com, and many others. I would suggest reading the discussion thread. 3. How do I hack a website? ::Discussions - 1 , 2, 3. 4. How do I get around web filtering like Websense? ::Discussions - 1, 2, 3. ::Programs for assistance - It is probally easier to use a proxy to get around web filtering software. ::Reference material - Babelfish, Proxy Blind, and Proxify. 5. What are proxies and how do they work? ::Discussions - 1, 2. ::Programs for assistance - There are tons of proxy server lists out there. Suggest doing a Google search for "Proxy", "Proxies", "Proxy Server", etc. ::Reference material - Wiki Proxy Info. 6. Where can I find more Hacker media like HackTV or BRR? For general Hacker Media information check out the Forums. ::Reference material - Hackermedia, Infonomicon, Old Skool Phreak, WhiteSword TV, Packet Sniffers, Hak5. 7. What are some good books to read that will teach me about hacking? This all depends on what you are interested in learning. ::Reference material - Cryptography, Programming, Networking, and Social Engineering. 8. Where can I find a meeting to attend, and what if no one is in my area? If no one is in your area then start up your own meeting, and let others know about it! ::Reference material - Bin Rev meetings - BRR listeners map, DefCon groups, 2600 meetings, and also search for a LUG (Linux User Group) in your area. 9. What Linux distro is the best? ::Discussions - 1. ::Reference material - Rundown on different distros, a test that may help you decide which is best for you, and you may also want to check out more distros' for yourself. 10. How do I learn how to hack? ::Discussions - 1, 2. 11. I want to program, where should I start? ::Discussions - 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22. C Book, Tutorial, Windows Compiler, *nix Compiler, *nix Compiler How-To. Python Website, Book, Tutorial, Compiler, Compiler How-To.
  13. 3 points
    Hey Samo! Good to hear from you again. Sorry to give you a wall of text here, there's really no concise way to explain this. In short, if you want to explore a long distance tandem, your best bet is to use a PIC code. There's a very simple trick that lets you push any destination you want directly into the tandem. We'll use Worldcom as an example, since it works from basically anywhere in the United States. Ready? Dial 101-0555. That's it; no zero, nothing. What you get next is a dialtone straight from the tandem. In the case of the ex-Worldcom tandems, it's not quite as fun as it could be; it wants an authorization code a-la 950 calling card. Here's an example of what you might find - http://thoughtphreak..._800223110.flac That's from a DMS (500, I think) owned by Integra, one of the local CLECs. Most long distance tandems (AT&T's aside - we'll get into that in a bit) don't like terminating toll-free calls, so you'll end up getting weird messages that you'll never be able to hear normally unless your switch loses it's mind. What's so great about this is you're completely free from the dialing restrictions of a normal end office. Want to dial an NXX starting with 1 or 0? A code starting with #? *? There's nothing standing in your way. Sprint in particular stuck a speed dial function on their tandem for some weird reason in the #xx range. #99+anything seems to be it's own little exception - it'll wait for a very large amount of digits before eventually giving you a generic CBCAE recording. This might indicate they're hiding something else here. There's one downside to this technique; if you're not subscribed to a carrier, they won't always let you play with the tandem. ex-MCI (0222) and Sprint are a couple good examples of this, but Sprint will give you a cool message as a consolation prize. Depending on your area, you might have better luck too. For example, the Qwest long distance network has a combination of DMS-250 and Sonus switches. Sonus isn't fond of letting people have fun on the phone, so you'll just get a generic error recording. If you encounter Global Crossing's Sonus switches, you won't even get a custom recording, you'll get the Sonus stock one. It's worth a laugh if you ever hear it. It's under three seconds, and was clearly made last minute by an engineer. Speaking of Global Crossing, like MCI/0222, they have a number of Alcatel DEX switches floating around. Dialing 101-0444 will just get you an error, though. The solution? 950-1044! What dialplan they're using is absolutely beyond me, though, so you're on your own there. There's suggestions - like 800-223-1104 (but only without a 1) going to an invalid code recording that suggest it might be for calling card use, but most things I can think to try just go to a CBCAD. And then we come to AT&T's 0288 network. I'll level with you, this is something I haven't figured out at all. Whenever I've been fortunate to get a dialtone back, it's always been from one of their 5ESS toll tandems. If there's such thing as a pushy phone switch, this is it. It'll let you know right away if it thinks you're doing something wrong. And putting a 1 in front of your destination number is wrong. I haven't had time or an opportunity to just sit down and investigate this, but what I do know is it's unique from a lot of other switches. For one, it'll terminate toll-free calls, but only on specific carriers. I believe just AT&T and Global Crossing toll-frees. Sometimes, it gets a little weirder - like, if you dial 800-244-1111, you'll get a recording from a McLeodUSA DMS. What this means I'm not sure exactly, but my guess is since the 5E toll tandems are responsible for lending a hand in connecting toll-frees, they'll store translations for those toll-frees. If it happens to have one - outdated or not, it'll just use that instead of doing an SMS-800 dip. Also of note on the AT&T tandems is the 600 NPA. Instead of just intercepting it like any invalid NPA, it'll pass this onto the 4ESS. This might indicate AT&T stashed something in there. As for your question - is SS7 relevant to phreaks? Absolutely. The very core practice of phreaking - introducing unorthodox input into the phone network - is fair game to everything, in or out of the speech channel. In the past, we've proved ISDN cause codes can trigger calls to take a different route, and it's been demonstrated that originating a ghost call (in short, an ANI fail on steroids - a call originated with no field other than the destination number) can be enough trouble that phone companies would probably scratch their heads as to whom they should send the bill to. It's understandable that figuring these things out is a challenge, but if anything, that should be a motivator. We're phone phreaks, we've got the resourcefulness to identify a piece of telco hardware by nothing more than vague sounds, and have fun in the process. This should be a reminder that there's always more to explore, and always another limit to break.
  14. 3 points
    It's a mindset. You hack to learn, you don't learn to hack.
  15. 3 points
    That sounds like a lot of work! Can I just send you my bank account numbers and social and have you help me out?
  16. 3 points
    Not to stir shit up, but I certainly agree that this forum shouldn't be a place where fake accounts come along and post allegations which result in people being terminated from their employment. If "unlucky" was indeed the victim of a violation of his privacy by an employee of trapcall/spoofcard then he should have contacted them. Also, if Lucky was fired without any evidence of a particular account being accessed by an employee, then he worked for a piece of shit company. If I were a mod, i would have deleted this thread because even if the allegations were true, there was not a shred of evidence provided, and I do not believe that this is a place for such things. perhaps if "unlucky" simply voiced a concern over the privacy expectations when dealing with a particular service, but he didn't - he made an accusation directed at one man, without anything to back it up. That being said, it's probably all true. ...seriously.
  17. 3 points
    Stop paying for tv service Look into "FTA" or "FTA Receivers" Etc. Just read up on the "Free to Air broadcasts" You just buy a receiver, point your satellite at the orbiting satellite and you can get over 1,000 channels Free.
  18. 3 points
    SCO doesn't own UNIX, at least not yet. The actual "ownership" and copyright to UNIX is a very complicated issue. All this court decision did was "reverse material aspects" of the earlier verdict from 2007 that found Novell to be the rightful copyright owner. Now there's going to be yet another trial case to determine whether SCO does in fact own the copyright. I don't think anybody seriously gives a shit about System V UNIX, UnixWare or any of SCO's other crappy, outdated products. But a company like SCO, which has been in bankruptcy for over 2 years, has virtually no market share and appears to exist these days only for the purpose of suing other companies, might well gain legal ownership of the original System V UNIX code. In other words: they might gain a legal "leg to stand on" and cause more trouble for OSS creators and vendors. For years, SCO has been bitching that Linux infringes on a copyright for the original UNIX code that it assumes it holds. They have sued companies like IBM and Novell which produce Linux-based software and distribute Linux as an OEM OS. They have disseminated propaganda to Linux users, accusing them of copyright infringement and alleging they could be liable for damages simply by running Linux. They have sued their own (former) customers who switched from using their products to using Linux. SCO is also known to have received financial backing from other, far more powerful interests whose goal is to ruin the open source software movement by any means possible. At this point, SCO clearly has nothing to lose, and Microsoft doesn't have to dirty their hands or risk hurting their own public image by attacking open source developers in court. Microsoft can just sit back and bash the OSS movement in the press, allege IP infringements, negotiate cross-licensing agreements and provide financial support to companies like SCO to file anti-OSS suits. This may not be a potent threat to the very existence of Linux, but it could definitely harm Linux in the business market and lead to some very bad precedents regarding OSS and software copyright/patents in general. BTW, I'm not the one who voted down your post. It's an interesting bit of news on a case I haven't really followed in awhile. Thanks for posting it.
  19. 3 points
    The above is the 'offical' Postal Regulation for an IBI or Information Based Indicia. All this information is contained in the 2-D barcode to the upper left of a piece of metered mail. Look at some of your junk mail and it will be very clear what I mean. It's that box that looks like Lattera's avatar. The column that says barcode are all of the data items in that 2-D barcode that I'm talking about and the Human Readable is what you can decipher when you look at it...date, time, etc. The information is digitally signed so that when the Post Office reads the mail it can be fairly certain that it came from a particular licensed meter. What's crazy is that the meter internally communicates with 'itself' using an asymetric key system...public/private. That is the meter contains a postal security device which is tamper resistant (of course resistance is a relative term) that sends out commands to create and sign the indicia with all the signals being encrypted. Think of it like an HTTPS setup for internal communications or more appropriately like each command being digitally signed. Digital signatures use the public/private key system so this is closer to what is happening. The whole postage meter industry is so wacky. What I mean is that to actually attack the meter directly is incredibly hard but not impossible;however, there are far easier ways to 'hack' a meter. The meter itself and access thereof is fairly easy due to primitive security. If you have physical control of a meter and a system that can interface with it you can do pretty much whatever you want. But not to be too much of a worry wort...printing postage is printing money; stamps are a legal form of tender so if you play games with this stuff the penalties are insanely harsh because of that. I know some smartass is saying to himself, "Oh then I can use it to buy my groceries?" Not exactly...unclaimed stamps can and must be refunded by the post office. If you show up with a stamp that is legally yours or if you can 'somehow' prove that that is a stamp of yours the post office refunds the amount on the stamp. Of course it isn't an immediate refund. You can't just show up with a meter label for a hundred bucks and walk away with a c-note.
  20. 3 points
    Ohm, you obviously get off on policing binrev. Seriously, I've seen you crush countless topics with your sense of superior morality. The only thing that impresses me about you is that you always find some way to condescend. You've got a real talent.
  21. 3 points
    Clearly the best was Windows 95. Don't you miss 3 reboots a day? As for XP, it was received pretty badly at first. Pre-SP1, XP was quite buggy. Also, for the time it was resource heavy, so a lot of people complained they couldn't run it on their current machines. I always got a chuckle when people bashed Vista, yet praised XP which had similar problems at the start. Of course people were willing to bite the bullet since the alternative was Windows 98 (or for the enlightened few, Windows 2000). Now, you have XP which works and is stable, so you can sit back and poo Vista all you want. I've also had no problems with Vista. If you have a fast enough machine, there's just not much to complain about. It works, what more do you want? As long as you're listing future OSs, why not list Ubuntu 9.10?
  22. 3 points
    Great link. Who wants to mirror this and stick up a torrent?
  23. 2 points
    Some recordings came to me from a source that I trust of phone calls from Russia and around the Baltic area in general, taken 2 or so months ago and in a few of the recordings you'll sometimes hear tones before people answer the phone. I'll put a compilation together soon-ish and upload here for people to hear. The audio can be tinny in places, nothing I can do about that unfortunately.
  24. 2 points
    I just googled that and guess what: https://int3.cc/products/usbcondoms haha It doesn't say in the description that it prevents your phone from frying, but logically that's the first device to fry...
  25. 2 points
    So i called my local payphone (818) 506-9335 with my dial up modem and Interestingly enough it handshakes and everything. I had my terminal encoding set to IBM-850 and I got this: TC!*8185069335*93180*DD4322*2027*016*1504257225303*90245* I know that payphones have a remote management mode, and I'm thinking that this might be it. Anyone have any ideas?
  26. 2 points
    Sure! I had to go through this myself, only without the benefit of an account on the translations card to work with. Depending on what software release you have (if you're trying to install a C-LAN card, I assume it's a fairly late release. I don't think it'll work with anything below release 7) you have a few different options here. 1) The easiest is to just boot the system with no translations card installed. Once you've got it running, log into it with the username inads and the password indspw. Go ahead and insert the memory card into the reader. Or just skip all this crap and if you have something that accepts linear flash (ATA flash for the later systems) PCMCIA cards, just stick it in that. Anyway, assuming you're doing the Definity method, type 'upload translation'. Or maybe it's download; I think they made it to be upload from the Definity instead of to the terminal emulator. On one, it'll copy the flash card's contents into RAM and say "Prepare to receive file". Use xmodem to receive the file, and you'll have a copy of the passwords (albeit XORed or something; it's not anything particularly sophisticated. I don't know the algorithm, but I can give you as many plaintexts as you want if you need them. It doesn't seem to be anything standard, but it looks like Base64 at first glance) from the switch. 2) If you have a release 6 or lower processor, you can boot with no translations card again, and overwrite the bytes for the init (superuser; the one that lets you activate any feature you feel like having) password with the ones of a password you know (there's no RAM protection; the rva command should let you do this. I'll attach a ramdump of the pam process to this post). For added shits and giggles, there's even a byte you can change to make a password expire. In some situations, that might be the only way you have to change it. I dunno a lot about the way the header works, but in release 6 and 8, there's a byte that indicates what type of account the username is - or maybe it's an account ID. By default, It's 0x00 for init, 0x01 for inads, 0x02 for craft, and I think the rest are in descending order of account privileges. It might be possible to have two init or inads accounts. However, if the init account is set to prompt for an ASG login (which in release 8/+, it is by default), it'll try and give you a challenge/response for the init account. If you do have a release 8/+ translations card, one thing I've found you can do is change the account ID for the init account to 0x01 (so it doesn't prompt for an ASG challenge/response), write the password to one you know, and then write it back to 0x00 when you're logged in. Though you'll get slightly higher privileges than the inads account, it seems to know what you're doing, and disables the option to change purchased features. Or activate the switch to begin with >.< . For release 8/+, I think there's really only one course of action that can be done at the moment; log in as inads (or init with the above method; the only difference is under inads, it'll try to hide this, but it'll still accept it) and type 'go debugger local'. The switch has a lot of nice things in here, including a simple disassembler. If you speak R3000 assembly, you can probably figure out why/how the switch knows you've been screwing around with the accounts. Judging by how it complains about my *cough* modded release 6 card, I assume the init password is derived from something specific to the software version, and newer releases, knowing that, will complain if you've changed it. If you decide to take this route, lemme know. There's a bit more detail I can go into about the debugger and general Oryx/Pecos operation. 3) You can boot it with no translations card, and upload a fully unlocked release 6 translations backup I made to your card. On newer releases, this'll still work, but you'll be relegated to release 6 features, and it won't let you save; the newer processor releases seem to know something is up, and will claim the card is corrupted. Normally I'd just upload it, but there's some stuff I'd rather not have public on the translations backup I made. Lemme know if you want it. pam.bin pam_r8.bin
  27. 2 points
    2098886960 Identifies itself as the lab. Seems pretty cool. Check it out. burntkid
  28. 2 points
    T-Mobile? That doesn't make too much sense, T-Mobile (and its predecessors VoiceStream and Omnipoint) never operated analog networks. Matter of fact, neither did Sprint. T-Mo and Sprint were all digital from their inceptions. my first cell phone was an omnipoint "flip" phone... the flip was just a small plastic piece that covered the numbers when flipped closed... around 1996 or so....
  29. 2 points
    Point of Interconnect. I think the basic idea is like if you have a switch that serves a large number of ratecenters, you'll need a trunk group from it to the tandem switch serving it. So let's say for example you've got a switch in Washington DC or wherever, but you want to plug in a bunch of channel banks and give dialtone to random people in the Blue Ridge mountains. You can totally run some cable down there and do it, but the problem is, your switch homes off the intra-LATA tandem in DC as it should. To accomadate the local calling area of everyone you're going to serve, you also need to get some trunks to the intra-LATA tandem in, say, Culpeper, and establish an exchange for them to be reached on/to reach the other local exchanges. When you're doing that, you're not allocating it to the switch, but to a point of interconnect between you and the Culpeper tandem, and the CLLI code will reflect that. Because regulatory regimes are stupid, you can't legally (to my knowledge) give free local calls from your DC subscribers to the Culpeper area even though you have trunks to it from your switch; they have to use a long distance provider to dial that. Coin and operator calls are a little more of a grey area. I know from Portland, they have trunks from TOPS to the Salem tandem, and you'd hit that trunk group making ACTS calls. I dunno what those trunks were considered legally, but you could theoretically set up an automatic operator IVR to get around that restriction. That's how I understand it anyway. Can someone who has more of a clue about this chime in?
  30. 2 points
    Once you are in a call, they can decode TTY-text, so they should be able to also decode DTMF. That is correct - it is fake. That is correct, too. Between you punching in the number and the phone dialing, a lot can actually happen: For example the phone making a modem-connection to the NCC to get the rate, etc. You can programm the phones to do pretty much every thing you want... Besides 0, almost all N11-numbers for (except 911) are just "aliases" to local phone numbers... And sometimes, they even alias local phone numbers (think of 411 -> 555-1212 -> XXX-555-1212 to treat every "request for information"-call at the same point of contact).
  31. 2 points
    Just the usual scanning routine. My guess would be it's in one of those 00xx ranges. 818-907-0037 gave me one of the recordings on your switch, but that range (and the rest, sadly) seem to be crowded with a lot of people. If you just want to go all out and scan the hell out of it, I'd either do a search for the numbers as you're scanning or do it during business hours when people are working again to avoid them. Do you get that AIS we talked about when you make dialing errors or call out of region toll-free numbers and stuff? I'm not sure what's up with that prefix, but it'd be cool to establish that you're actually being served by the DMS-10 first . EDIT: I don't know a whole lot about DMS-10s, but there's one in the Evan Doorbell Permanent Signal tape. Some of them seem to have a weird sounding offhook tone.
  32. 2 points
    If you want to get the absolute lowest price for telephone service, you want "metered service" or "message rate service". This is not offered in all areas, and it might not be what you really want. In my area, it cannot be ordered (and is not offered) online, it must be ordered over the phone, and it comes out to about $14 after taxes. Essentially, that price only gives you a dial tone, and you are charged for every local call you make. Think of it like a pay phone. In my area, most local calls are also timed on message rate service, so you don't pay per-call, you pay for the amount of time you talk in 3 or 5 minute increments. If you make a lot of calls, the cost can get out of hand quickly. However, if you only make a few calls per month, or call lots of numbers that don't answer, it might be a good option. Metered service is sometimes available with or without an allowance. In my area, the service without an allowance is cheapest, but if you pay $3 extra, you get an allowence of about $5. It can save you money if you make more than $3 of calls. It makes sense if you want a line primarily to receive calls, but you really need to do the math to make sure it's a good option for placing lots of calls. Just to repeat, phone pricing is controlled by each state and as a result, pricing is not consistent nationwide. In my state, prices vary city-to-city, so the only way to find out what's available is to call the phone company and ask them. In PA, they are legally obligated to tell you all of your options starting with the lowest, but they tend to do so only if you say something like "please tell me the pricing options for telephone service starting with the cheapest". If money isn't an object, just get the bundle!
  33. 2 points
    How about sticking to cash? Or even better, Gold and silver.
  34. 2 points
    Full Pdf: http://cryptome.org/isp-spy/mci-spy.pdf
  35. 2 points
    http://www.google.ca/search?sourceid=chrome&ie=UTF-8&q=smarten57%40hotmail.com From a post he made on another forum he called himself "leo" This looks like it might be his live journal: http://smarten57.livejournal.com/ (i base this assumption on the fact that hes trying to sell "gold" coins) Possible Ebay (both smarten57s appear to be from china) http://myworld.ebay.com/smarten57/ Possible info from live journal: Birthdate: 05-30 Location: haerbin, China Listed ICQ number: 274-894-888 ICQ lookup gives me this: http://www.icq.com/people/274894888/ Name: liu qingyuan, from haerbin, China (Liu sounds like Leo) With this info I can now use pipl http://pipl.com/search/?FirstName=liu&LastName=qingyuan&City=haerbin&State=&Country=CN&CategoryID=2&Interface=1 http://www.facebook.com/people/Liu-Qingyuan/748231341 Possibly him? Possible twitter account: http://twitter.com/#!/MaRtinLAuQingyu (no tweets) The ICQ number he provides in his post points to this ICQ profile : http://www.icq.com/people/606777527/ In his profile he calls himself 刘 丰志 and hes using a stock photo of some actor i've never heard of (determined this through tineye search) 刘 丰志 translates to Zhi Feng Liu This is Zhi Feng Liu: his resume: http://www.cs.toronto.edu/~zliu/resume_zhifeng.doc'>http://www.cs.toronto.edu/~zliu/resume_zhifeng.doc webpage from when he studied in toronto ontario: http://www.cs.toronto.edu/~zliu/ for a guy who's got a degree in comp sci he does a really shitty job at making a webpage. http://cn.linkedin.com/in/zhifengliu This may be him, it might not. Im going to guess that it is him.
  36. 2 points
    I could write lots on this, but Ive just posted some notes I made on reading it the first time. I don't care about the layout and readability, all that is just window dressing to pretty it up, Im interested in the meat of the contents. I think it misses the big elephant in the closet that causes the whole issue of security to arise and be such a shock in the first place. Computers are NOT a black box system. They are a framework which lets you hang what modules you like off them to do various tasks. Modules == software programs. Thats the reason users end up shocked at their first virus, because they missed this after treating them as a switch on and go consumer device. The car and toilet analogies dont work for me either, to change the oil in a car needs some prior understanding of the car, the quantity of oil, the grade of oil, what quality of oil to use, the frequency of changing it, in fact a whole bunch of factors which understanding the need for, bootstraps into a understanding of the car as a system. To change the oil in a car with abstraction, would be to take it to the garage and pay them to do so. The oil still gets changed, but you dont have to know anything that way apart from how to pay for it. People are reading your paper because they want to learn about how to change their computer/network's oil and some of its inner workings, not just take it a garage. "First and foremost, one needs to accept that their information is fundamentally safe, but that doesn’t mean they don’t need to worry. " Its not fundamentally safe. Otherwise they wouldnt need to worry would they? We could all go and procreate with stunning playgirl models instead of reading your paper. In fact, its fundementally unsafe, and we must just take our best measures to mitigate our exposure to the risk. the basics of network security :- "Vulnerability assessment is the very first," The very first step is to want to understand and secure it. Vulnerability assessment is how you quantify how secure it is according to some metrics once youve taken that decision. Its a small but important distinction. It puts the first step about securing a network as wanting and caring enough about a networked system to want to secure it. And we're in the caring for things business in a way. Layer 2 The Data Link Layer: Local layer 2 attacks, at the moment are common and more disturbingly, mind numbingly simple. Theyre only mind numbingly simple because script kiddies are using someone elses abstraction without understanding it therefore without the tool its horribly complex so you rely on the tool to deal with all that. Having to rely on a tool that I dont understand how works isnt simple, its complex to me. Im trusting it knows best... You could say "there are automated tools to perform this which do not rely on the attacker having a deep understanding of the attack vector or what is being done." , it'd be more accurate. Even a tool used like that is is not mind numbingly simple, not to 99% of the computer using populace, some of which your hoping to catch with this tutorial in some way. A analogy here would be that you do not have to understand how a gun works to kill someone with it. The script kiddies dont understand the gun/tool but the end results are still devistating. Also I think your fine china udp analogy doesnt work , I thought about it a bit and I'd go with something like "udp is like shouting your message to someone and *hoping* they hear in the manner of a newspaper seller, and tcp is the same, except the seller waits for each person to shout back to say they received and understand what was shouted. If you have a LOT of data which it doesnt matter if a little gets lost on the way (streamed music for eg), the udp is more efficient because you dont have to wait for everyone to shout back they got it." First and foremost, one needs to start thinking of their network as something tangible, something that can be stolen, because make no doubt about it, if it's too vulnerable, it can, and more than likely will be compromised. :- To help you flesh out this bit , the something that can be stolen is the DATA contained therein and the computational resources. Your stopping people stealing your information to use it on their own systems to their gain, or stopping them stealing your network to co-opt it into a scheme under their own control, be it to attack other networks directly, to join a botnet or spam etc. You think the above is bad, you want to see it when I get my red pen out on something I dont like. The intent and effort your putting in is great, I hope the above comments help you think about the contents and concepts your trying to outline.
  37. 2 points
    ... *if*, and it's a big if, this is a case of an intel analyst suddenly going moronic. It's more likely he was led to believe he was a protected journalistic source, even if Lamo has Asburger's and has managed to compartmentalize and rationalize he "technically" wasn't acting as the journalist. Take how Lamo was quoted by BBC today, and try to think about the implications dispassionately. I personally and without the "full story" think this is a pretty telling quote right here, and I read it thus ... I'd be interested to see if anyone can show a reasonable alternate reading. "I was never going to write the story. I made that clear. I did say I was working closely with a journalist so maybe he was led on, but tough cookies. Poulsen and I decided privately that it's a breach of ethics if I wrote the story since the source was getting outed once they gave details". Until today, I'd tended to not bother with this story thinking it was simply a loudmouth who couldn't help but brag. Reading the BBC piece today, that quote by Lamo is *waaaaaaaay* to telling for me to think that's a certainty in good conscience any longer. I think the analyst was duped into thinking he was dealing as a protected press source. Lamo keeps his conscience clean by "technically" being the source himself, not the journalist. His quote alludes he truly believes he's the source in this story. It's bizarre.
  38. 2 points
    No, sir, filer isn't me. He's a friend of mine, but not me. I don't have a problem with you as a person. I'm not taken to long replies, and I have no interest in trying to educate people online. I have better things to do with my time. Packetized voice certainly has some benefits. For example, flexible use of bandwidth. By not reserving unused bandwidth for possible voice calls, it can be used for more data traffic. (This isn't impossible in TDM-based networks; there's been a standard protocol for dynamically reusing unused voice channels on T1s for data.) The merits of TDM in my mind are also fairly clear. TDM (in the traditional sense of 64 kilobit voice circuits) guarantees a consistent delivery delay for the voice samples. VoIP, unless properly engineered, doesn't guarantee timely delivery, or for that matter delivery at all. Because the receiving end of a TDM connection doesn't have to de-jitter the voice stream, it can deliver the audio with a lower end-to-end delay. I'd be glad to discuss this with you offline; feel free to call me at 206-569-5478. See that is the kind of post that I appreciate. As to the VoIP issues check out what I said to ThoughPhreaker regarding his friends problems with dial-up over VoIP...I went over the engineering that you described. I still think you are filer but, if not, the fact that you are close friends means essentially the same thing for this conversation nor is it of any consequence. Anyway, the phone number thing is a little weird. I don't know what to make of it. I'm definitely not going to call you directly as that is what this forum is for...I'm a nice guy but if people want to discount me or make me out to be an ass I'm prepared to give it right back and I know my shit so flaming or, as I like to say, "Ohming" won't work on me. This has been one of the more interesting posts that I have had on this board. If you guy(s) have any 'inside' info on this proposal don't forget to share with the rest of us.
  39. 2 points
    As everyone has already heard, Google Chrome OS or Chromium OS source code was released a couple weeks ago. There have already been a few attempts at compiling it and getting it to work on devices. If anyone wants to try out Chromium OS safely and see what's up, you can use VirtualBox. 1.)Download and Install VirtualBox. 2.)Download the compiled Chromium OS in virtual hard drive format. [you can get this off torrents or PM me...I'm not going to get into another pissing war over TPB. The link is legal and the package is legal but out of respect for the board I'm not going to post the link.] 3.)Creat a new VM and during the hard drive set-up select the pre-existing hard drive option and select the downloaded Chromium OS. 4.)Create a bogus Gmail account...your real one, if you have it, will work too. 5.)Log into Chromium OS and hack away! It is very slow running even on my Quad Core...but this isn't even a beta...this is a hack beta:) I took some snapshots of what you would see: Notes: pretty typical. As you can see or actually maybe not, it will autofill @gmail after you enter in a user name. From a security perspective, since Google is making you live in the 'cloud' physical security is now virtually moot as my wireshark run picked up my username in the clear. Although my password was hashed this is not sufficient if people are going be exposed to an attack everytime they open up and use their Chromium OS device. Notes: Here is a screen shot of a failed certificate. This was caused, I think, by my computer having two gmail accounts inadvertantly opened at one time. Although it doesn't lock you out of the OS and hence your device (crazy legal reasons naturally) it does lock you out of Google's 'cloud.' You can still surf the web and access the device through the OS but this is naturally a reduced experience from Google's perspective. Notes: Here is the 'desktop.' Looks very familiar. Notes: Built in apps...all are web based, even the calculator. Notes: The good stuff.
  40. 2 points
    i would probably just stop messing with the schools network. as even if you were running linux/bsd/osx or w.e. they could still tell you are using a torrent as it totally saturates the network, they will still be able to trace the traffic to your router/ your computer if you are directly hooked up, even if your running linux/bsd or w.e. they can still trace all the traffic to your computer, they all broadcast the mac when your on a network. i guess turn off wireless and just hookup ethernet so they cant sniff your mac through the air when you connect to your router and change the mac addy of the router like everyday but yeah that will only work for some amount of time till they get pissed and start search peoples stuff for the rogue router thats raping their network.
  41. 2 points
    then post lynx/links and throw out a speech like a representative idk
  42. 2 points
    Just wanted to add that 78hrs isn't bad for a brute-force attack. What is the key-space you have it set at? He might not be able to answer you as that post was written two years before you joined, and his last login was one year before you joined.
  43. 2 points
    This one i keep close to my heart <3333333333333 I swear i could listen to that song anytime to calm me down... http://www.youtube.com/watch?v=95j-Vr7sZec You guys ever hear that one? I have a nice AAC version that was online on their site (before it became a 404) if anyone wants it. ~Trev
  44. 2 points
    Yeah, they showed us how insecure hacker websites are, but didn't we already know this? Producing content to fill the forums is more important then securing the forums. You beat me to it. These guys are run of the mill hackers with excellent showmanship. How can I make that claim? They exploited common vulnerabilities, using common tools and techniques. It was evident that their brains were required occasionally, and I'm sure it was refreshing after all that routine hacking they bragged about. The choice of targets? High profile hacking- or security-oriented sites that focused more on content than their site security. Bragging about these sites is like saying you can shoot fish in a bucket... with a machine gun! Of course, these sites do get lots of press, so whatever happens to them gets noticed. In the end, Zero for Owned resembles a Richard Nixon publicity stunt more than a Kevin Mitnick exploit story. Does anyone else think Zero was named after its contribution to IT security? To Zero for Owned: You've Just Been Powned!
  45. 2 points
    That's why I always walk backwards down the street, it confuses the hell out of them. By the time I get to where I'm going I've already been there.
  46. 2 points
    Lots of old books (copyright expired) about analog electronics, amateur radio, telephones, etc.: Technical Books Online
  47. 2 points
    Why though? Being a nuisance and preventing communication can be just as useful of a tool for "cyber-warfare" as more 'tactical strikes' with a much lower technical barrier. Also, exploits can be patched (in a perfect world, they would be patched) and then lose their value to the attacker, but a DDoS can be a right bitch to deal with. I guess that is what makes you a dangerous free thinker.... It just seems like a government like N.K., if they wanted to could possibly do better... crippling some major infastructure or what-not. I've not researched it much, so my opinion is coming from what Mitnick stated about the attacks - something to the effect it was more teenage in nature than government. Looking at the attack, something was obviously compromised though, in order to get a botnet that large.
  48. 2 points
    Why though? Being a nuisance and preventing communication can be just as useful of a tool for "cyber-warfare" as more 'tactical strikes' with a much lower technical barrier. Also, exploits can be patched (in a perfect world, they would be patched) and then lose their value to the attacker, but a DDoS can be a right bitch to deal with. In my opinion (and really only there), this is the most likely option. Leaving aside "the crackpot conspiracy theories", there is irrefutable evidence that the US government has, at least, planned false-flag activities in the past to get the public support behind policies it is trying to enact. Now, take this with a grain of salt as I see no real evidence to support this, but it seems as likely as most of the other theories being tossed around.
  49. 2 points
    Yup. I heard he announced at some security conf in Singapore, and will be explaining it in very technical terms at Blackhat. It will be about fuzzing mobile operating systems for vulnerabilities like that.
  50. 2 points
    I don't know why people in this community still use these fraudulent terms, but file-sharing is not piracy, and it certainly isn't stealing. If a friend gives me an old book or cd or dvd, is that stealing? Obviously not. Those who continue to use these terms are defending companies who rip you off, and rip off the artist. Anyway, we live in a new world and if you stick to the old ways, you're a dinosaur. File sharing will never stop. If everyone just faced this economic reality, then progress can be made. To continue arguing over the morality of it is fucking stupid. Everyone has different morals. If one were a communist, they would have a different moral stance on this than an anarchist, or someone who thinks they believe in capitalism but actually just likes to get ripped off. The old business model is dead. Make a new one or die with it.