ENCYCLOPEDIA OF COMPUTER SECURITY.
GROMOV V.I. VASILIEV G.A.
«ENCYCLOPEDIA OF COMPUTER SECURITY»
(collection)
Contents.
1. PROTECTING COMPUTERS FROM
UNAUTHORIZED ACCESS TO INFORMATION
1.1. Special software
for protecting PC information
1.2. Tools using password identification
2. USING CRYPTOGRAPHY
2.1. Pretty good privacy (PGP)
2.1.1. PGP vulnerabilities
2.1.2. PGP Internet resources
2.2. Encrypting information in images and sound
2.3. Encryption using archivers
2.4. Password protection of MS Office documents
2.5. Data protection using NDEC
2.6. Data protection using «Cobra»
2.7. Protecting floppy disks using DiskHide
2.8. Protecting hard drives using BestCrypt
2.9. Protecting hard drives with seNTry 2020
2.10. Protecting hard drives with SafeHouse
2.11. Protecting data with Kremlin
2.12. Protecting your PC with hardware
2.13. Cryptography and politics
2.14. Conclusions
3. CREATING ARCHIVES
4. PROTECTION AGAINST COMPUTER VIRUSES
4.1. Actions to take if infected with a virus
4.2. Prevention against infection with a virus
5. SAVING INFORMATION ON A MAGNETIC MEDIA
5.1. Carrying out preventive maintenance
5.2. Actions at the first signs of disk damage
5.3. Operation and maintenance of disks
6. SPECIAL MEANS OF PC PROTECTION
7. PROTECTING YOUR PC FROM FAILURES
7.1. Protection from hardware failures
7.2. Protection from software failures
8. WHAT DOES YOUR COMPUTER REMEMBER?!
9. PROTECTION FROM HARMFUL COMPUTER FACTORS
10. SAFETY WHEN WORKING WITH BBS AND FTN NETWORKS
10.1. Interesting BBS
10.2. Interesting Fido network conferences
11. INTERNET SECURITY
11.1. CHOOSING A PROVIDER
11.2. VIA WWW WITHOUT A TRACE
11.3. VIA FTP WITHOUT A TRACE
11.4. E-MAIL SECURITY
11.5. ANONYMITY ON IRC
11.6. ICQ SECURITY
11.7. PROTECTION FROM NUKE ATTACK
11.8. INTERNET FRAUD
11.9. SECURE CONVERSATION
11.10. ANONYMITY IN USENETThe materials offered in this section of the book are devoted to the issues of
computer security (including security on the Internet).
This manual is designed for an advanced reader.
11.11. INTERESTING INTERNET RESOURCES
=========================================================================
The materials offered in this section of the book are devoted to issues of
computer security (including Internet security).
This manual is designed for an advanced reader. If you
are not yet a very experienced user of a personal computer (PC), then
we recommend starting its study with such books as, for example,
Figurnov's wonderful book: «User Work with IBM PC».
1. PROTECTING COMPUTERS FROM
UNAUTHORIZED ACCESS TO INFORMATION
The specifics of protecting personal computers (PCs) are determined by
the specifics of their use. As a rule, a PC is used by a limited
number of users. PCs can operate both in stand-alone mode and
as part of local networks (connected to other PCs) and can be
connected to a remote PC or local network using a modem over a
telephone line.
The standard nature of the architectural principles of construction, equipment and
software of personal computers, the high mobility
of software and a number of other features determine
the relatively easy access of a professional to information located in
a PC. If a personal computer is used by a group of users, then
it may be necessary to restrict access to information
various consumers.
Unauthorized access (UA) to PC information will be defined as
unplanned familiarization, processing, copying, use
of various viruses, including those that destroy software products, as well as
modification or destruction of information in violation of established
access control rules. In protecting PC information from UAA, three main areas can be
distinguished:
— the first is aimed at preventing an intruder from accessing the computing
environment and is based on special technical means of identifying the
user;
— the second is related to protecting the computing environment and is based on
creating special software for information protection;
— the third direction is related to the use of special means
of protecting PC information from unauthorized access.
1.1. Special software
for protecting PC information
To protect personal computers, various
software methods are used, which significantly expand the possibilities for ensuring the security of stored information. Among the standard
personal computer security tools, the most widespread
are:
— tools for protecting computing resources that use password
identification and restrict access by unauthorized
users;
— application of various encryption methods that do not depend on the
context of the information;
— means of protection against copying of commercial software
products;
— protection against computer viruses and creation of archives.
1.2. Means using password identification
In the simplest case, you can use hardware
means of setting a password for starting the PC operating system using the settings in CMOS Setup. When starting the PC, on the monitor screen
a message appears (depending on the type of BIOS you have installed)
of the following type: Press «DEL» if you want to run Setup or Press «Ctrl»»Alt»»Esc»
if you want to run Setup (for some types of BIOS).
Press the «DEL» key or («Ctrl»+»Alt»-«Esc») and the CMOS Setup menu
will appear on the screen. Select the Password Checking Option,
enter the password, save the new Setup settings («F10», «Y») and
restart your PC. Now, before each computer startup, a message will appear on the monitor screen
asking you to enter a password.
Unfortunately, using such password identification is not
reliable. It is enough to enter the universal password
(AWARD_SW) or disconnect the battery located on the
motherboard, and the computer will «forget» all CMOS Setup settings.
Protecting the built-in hard disk drive
is one of the main tasks of protecting a PC from outside intrusion.
There are several types of software tools that can solve
protection problems: protection from any access to the hard drive; protection of the
drive from writing/reading; control over access to the drive; means of removing
the remains of secret information.
Protection of the built-in hard drive is usually carried out by
using special passwords to identify the user (so
(called password authentication). In this case, access to the hard
disk can be obtained by entering the correct password when loading the
operating system. Otherwise, the system will not boot, and when trying to boot from a floppy disk, the hard
disk becomes «invisible» to the user. The effect of protecting the hard
disk in the system is achieved by modifying the boot sector of the disk, from which information about the disk structure is removed. Such protection is very
effective, and it reliably protects the hard drive from the average
user.
2. USING CRYPTOGRAPHY
The ability to use personal computers in local
networks (when paired with other PCs) or the use of «modems» for
exchanging information over telephone wires places more stringent
requirements on software for protecting PC information.
PC users in various organizations all
use PCs to exchange information.more widely use e-mail, which without additional means of protection can become the property of third parties. The most reliable protection
from unauthorized access to transmitted information and
PC software products is the use of various encryption methods (cryptographic methods of information protection).
Cryptographic methods of information protection are special
methods of encryption, coding or other transformation of information, into
as a result of which its content becomes inaccessible without
presenting the cryptogram key and reverse transformation.
The cryptographic method of protection is certainly the most reliable method of
protection, since the information itself is protected, and not
access to it (for example, an encrypted file cannot be read even if the media is stolen). This method of protection is implemented in the form of
programs or software packages that expand the capabilities of the standard
operating system. Protection at the operating system level, most often, must be supplemented by protection tools at the level of database management systems, which allow for the implementation of complex access control procedures. Currently, there is no generally accepted classification of cryptographic methods of information protection. However, when each character of the transmitted message is transformed (encrypted) (symmetric method of information closure), it is possible to conditionally
distinguish four main groups:
— substitution — the symbols of the encrypted text are replaced by symbols
of the same or another alphabet in accordance with a predetermined
rule;
— permutation — the symbols of the encrypted text are rearranged according to
a certain rule within a given block of the transmitted text;
— analytical transformation — the encrypted text is transformed according to
a certain analytical rule;
— combined transformation — the original text is encrypted with two
or more encryption methods.
There are a large number of software products for encrypting
information, differing in their degree of reliability. Below we will consider the most reliable, time-tested programs.
2.1. Pretty good privacy (PGP)
A very strong means of cryptographic protection. The strength of PGP is not
that no one knows how to crack it except by brute
attack» (this is not a strength, but a condition for the existence of a good encryption program), but in a superbly thought-out and extremely powerful mechanism for key processing, speed, convenience and wide distribution.
There are dozens of encryption algorithms no less powerful than the one used in PGP, but its popularity and free
distribution have made PGP the de facto standard for electronic
correspondence throughout the world.
Conventional cryptography (with one key for encryption and
decryption) assumed that the parties to a correspondence had
to first exchange a secret key, or password if you will, using some secret channel (a hollow, a personal meeting, etc.), in order to begin exchanging encrypted messages.
It turns out to be a vicious circle: to transmit a secret key, you need
a secret channel. To create a secret channel, you need a key.
Developed by Philip Zimmermann, PGP is a two-key system, public and secret. This means that you can tell the world about your public key, and users of the program can send you encrypted messages that no one but you can decrypt. You decrypt them using your second, secret key, which is kept secret. You can place your public key on a Web page, or send it to someone.his email to his friend. Your correspondent will encrypt
the message using your public key and send it to you.
Only you will be able to read it using the private key. Even
the sender himself will not be able to decrypt the message addressed to you,
although he himself wrote it 5 minutes ago. And the best part. Today,
even the most powerful computers in the CIA take centuries to decrypt
a message encrypted with PGP!
PGP is widely available on the Internet. Due to U.S. restrictions on the export of cryptographic products, U.S. residents and non-residents must use separate locations to download the program.
Not long ago, a new freeware version of PGP 6.0i for Windows 95/NT (the i after the version means international) was released. It can be
downloaded from the Internet.
The export of PGP from the United States in 1991, the distribution of the program around the world, the prosecution of the author, legal
tricks recently used to legally export to Europe
version 5.5 in printed form, and other PGP-related moments
are quite an interesting story. Read about it on
the official site in Norway or in Russian on the excellent site of Maxim
Otstavnov in the Russian PGP Album.
There you will find answers to all PGP-related questions.
2.1.1. PGP vulnerabilities
No data protection system is invulnerable. PGP can be
bypassed in a variety of ways. When protecting data, you must ask yourself
the question: is the information you are trying to protect more
valuable to an attacker than the cost of the attack? The answer to this question
will lead you to protect against cheap attacks and not
worry about the possibility of a more expensive attack.
The following discussion applies broadly not only to PGP but to many other encryption systems and their vulnerabilities.
Compromised Password and Private Key
Probably the simplest attack is if you write down
somewhere the password that protects your private key. If
someone gets it and then gains access to the file containing your
private key, they will be able to read encrypted
messages addressed to you and digitally sign your name.
Here are some tips for protecting your password:
1. Don't use obvious phrases that are easy to guess,
for example, the names of your children or spouse.
2. Use spaces and combinations of numbers, symbols, and
letters in your password. If your password is a single word, it is very easy
to guess it by forcing the computer to try all the words in a dictionary. This
is why a phrase is much better as a password than a word. A more
sophisticated attacker can force his computer to try a dictionary of famous quotes.
3. Be creative. Come up with a phrase that is easy
remember, but difficult to guess: such a phrase can be made up of
meaningless expressions or very rare literary quotations.
4. Use the longest possible passwords — the longer the password,
the harder it is to guess.
5. When generating keys, ALWAYS choose the maximum key size.
In the DOS version, when asked about the key size, answer: 2048 (instead of
choosing the three options offered). In the Windows version, choose a key
of 4096 or more.
Forgery of public keys
The most vulnerable point is the possibility of forgery of public keys.
This is probably the most serious weak point of any public-key cryptosystem, in particular because most beginners are not able to immediately detect such forgery. Why this
is important and what measures should be taken against it are described in detail
above, in the section «How to protect public keys from forgery».
In short: When you use someone else's public key,
make sure it has not been tampered with. The integrity of someone else's
new public key should only be trusted if it was received
directly from its owner or signed by someone you trust. Make sure that the public keys on your
keyring cannot be tampered with. Maintain physical control of both your public
keyring and your private key, and store them if possible.
on your personal computer, not on a remote shared
system. Keep a backup of both links.
Incompletely Deleted Files
Another potential security issue is the way
most operating systems delete files. When you
encrypt a file and then delete the original plaintext file,
the operating system does not physically erase the data. It simply marks
the corresponding disk blocks as free, thereby allowing
that space to be reused. This is like throwing unwanted secret documents into the trash
instead of shredding them. The disk blocks still
contain the original secret data you wanted to erase, and will only
be occupied by new data over time. If an attacker reads
those data blocks shortly after they are marked as free, he
will be able to restore your original text.
This can also happen by accident: if some failure
destroys or damages other files, a recovery program will be launched to restore them, and it will also restore some
of the previously deleted files. It may happen that among the latter
there will be your confidential files, which you intended
to destroy without a trace, but they may catch the eye of someone who
recovers a damaged disk. Even when you create your original
message using a text editor or Word processor,
the program may leave behind a lot of intermediate temporary files
simply because that's how it works. These temporary files are usually
deleted by the editor when you close it, but fragments of your secret
text remain somewhere on the disk.
The only way to prevent plaintext recovery
is to somehow ensure that the space occupied by
deleted files. If you are not sure that all the disk blocks occupied by deleted files will be used soon, you must take
active steps to overwrite the space occupied by the original plaintext
and temporary files created by the Word processor. This can be done
using any utility that can overwrite
all unused disk blocks. Such capabilities include, for example,
many cryptosystems have (Kremli, BestCrypt — see below).
Viruses and bookmarks
Another attack could be carried out using a specially designed computer virus or worm that infects PGP
or the operating system. Such a hypothetical virus could intercept a password, private key, or decrypted message, and
then secretly store them in a file or transmit them over the network to its
creator. The virus could also modify PGP so that
it stopped properly checking signatures. Such an attack
would be cheaper than a cryptanalytic one.
Protection against such attacks falls under the category of general measures
of protection against virus infections. There are a number of commercially available
antivirus programs with good capabilities, as well as a set of
hygienic procedures, following which significantly reduces the risk
of virus infection. General questions of measures to combat viruses and worms
are beyond the scope of this document. PGP does not contain any virus protection, and its use assumes that your personal
computer is a trusted environment. If such a virus or
worm does appear, hopefully word of it will reach everyone's
ears.
Another similar attack is to create a clever
imitation of PGP that looks exactly the same in operation, but does something different
than it is supposed to. For example, it might bypass verification
signatures, making it possible to accept counterfeit key certificates.
You should try to obtain your copy of PGP directly from
PGP, Inc.
It is also possible to check if PGP has been tampered with using
digital signatures. You can use another known
intact version of PGP to verify the digital signatures on the binaries of the suspect version. This will not help if the
virus itself is infected.operating system, or if the original version of PGP has been modified
in such a way as to destroy its ability to verify signatures.
Such verification also assumes that you have a trustworthy
copy of the public key that can be used to verify signatures on PGP executables.
Swap Files (Virtual Memory)
PGP was originally developed for MS-DOS, a fairly primitive
operating system by today's standards. With its
porting to other, more complex operating systems, such as MS
Windows or MacOS, created another vulnerability. It is due to the fact that these more sophisticated operating systems use a
technology called «virtual memory».
Virtual memory allows you to run huge programs on your
computer that are larger in size than the amount of semiconductor memory chips installed on the
machine. This is convenient, because with
Since graphical interfaces have become the norm, programs take up more and more space, and users tend to run several large applications at the same time. The operating system stores pieces of software that are not currently being used on the hard disk. This means that the operating system can write some data that you think is stored only in RAM to the disk without your knowledge.For example, data such as keys, passwords, decrypted messages.
PGP does not leave this kind of secret data in memory longer than
necessary, but there is still a chance that the operating
system will have time to flush it to disk.
Data is written to disk in a special temporary area known
as a swap file. As the data is needed, it
is read back into memory. Thus, at any given moment
Only a portion of your programs and data resides in physical memory. All
this paging work is invisible to the user, who
only hears the clicking sound of the disk drive. MS Windows pages chunks of
memory, called pages, using the LRU
(least recently used) replacement algorithm. This means that the
most recently accessed pages are flushed to disk first. This approach means that in most cases
the risk of sensitive data being flushed to disk is
negligibly small, since PGP does not leave it in memory for long. But we
cannot make any guarantees.
This swap file can be accessed by anyone who
has physical access to your computer. If this problem bothers you,
you may be able to solve it by installing special software
that erases the data in the swap file (for example, the excellent
program Kremlin 2.21 — it can be downloaded from many servers, including the network . Another
possible remedy is to disable the virtual memory mechanism in the
operating system. Both MS Windows and MacOS allow you to do this.
Disabling virtual memory means that you will need more
physically installed RAM chips in order for everything to fit into it.
Violation of physical security
A breach of physical access could allow an outsider to
steal your source code files or typed messages.
A serious adversary could accomplish this through
robbery, trash picking, provoking an unreasonable search and
seizure, blackmail, or infiltration of your staff.
The use of some of these methods is particularly suitable against
amateur political organizations that rely primarily on unpaid volunteers.
Don't be lulled into a false sense of security just because
you have cryptography. Cryptography only protects
data while it is encrypted, and cannot prevent
a breach of physical security, which could compromise
the original text, written, or
audio information.
This type of attack is cheaper than a cryptanalytic attack on PGP.
Radio Attack
Another type of attack that can be attempted by a well-equipped adversary is to remotely intercept the EM emissions and interference (abbreviated as EMEI) emitted by your computer. This is an expensive and often labor-intensive attack, but is also probably cheaper than cryptanalysis. A suitably equipped van could park outside your office and intercept keystrokes and
messages displayed on your monitor. This will compromise all your
passwords, messages, etc. Such an attack can be prevented by
properly shielding all computer equipment and
network cables so that they do not emit radiation. The
technology for such shielding is known as Tempest and is used by
a number of government agencies and defense
organizations. There are equipment suppliers that sell Tempest.
In addition, you can use special «white noise» generators to protect against PEMIN, for example: GBSh-1, Salut, Pelena, Grom, etc. They can be purchased at many Moscow firms selling special equipment (see APPENDIX).
Protection against fake signature dates
A somewhat less obvious weakness of PGP is the possibility
that a dishonest user will create an electronic signature on a
message or key certificate, supplied with a fake date. If you
If you use PGP occasionally, you can skip this section and
not get bogged down in the complexities of public-key cryptography protocols.
There is nothing to stop a dishonest user from changing the system date and time on their computer and creating a certificate for their public
key or signature that contains a different date. They can make it appear
that they signed something earlier or later than they did
actually did, or that his key pair was created earlier or later. Various legal or financial
benefits may flow from this, for example by creating some excuse that allows him to
deny his signature later.
We believe that the problem of a false date on an electronic signature
is no more serious than the problem of a false date next to a
signature in pen. No one cares that anyone can put
any date next to their signature on the contract. Sometimes an «incorrect»
date next to a signature does not suggest any fraud:
perhaps it indicates the time from which the signatory recognizes the
document, or the time from which he wants his signature to come into
effect.
In situations where the issue of trust that the signature was made
at a specific time is critical, people can simply
ask a notary to witness the moment of signature and
certified it with his seal. Similarly, when using a digital
signature to verify the date of signature of a document, you can ask a trusted
third party to certify that signature with theirs. No exotic or overly formal
protocol is required for this. Witness signatures have long been used as legal
evidence that a document was signed at a certain time.
A trusted authorized certifier or notary
can create trustworthy signatures with a known correct date.
This approach does not require a centralized certification. Perhaps any trusted intermediary or
disinterested party could perform this
role, just as ordinary
notaries operate today. When a notary certifies the signature of another
person with his or her signature, he or she creates a certified certificate of another certified
certificate, which can serve as evidence of the signature made
by hand. The notary can maintain his own registry, adding to it
individual certificates with digital signatures (without copying the signed
documents themselves). This registry can be made publicly available. The date
on the notary's signature must be trusted, and it can
be more convincing evidence and legally more
significant than the date on the signature being certified.
Future versions of PGP will likely provide
the ability to easily manage notarized signature certificates
with trustworthy dates.
Data leakage in multi-user systems
PGP was designed for use on a personal computer
under the physical control of only one user. If you
run PGP at home on your own PC, your encrypted files
are safe until someone breaks into your house, steals
computer and does not force you to reveal your password to it (or guess the password if it is too simple).
PGP is not designed to protect the original public data on a
compromised system. Nor can it prevent attackers from using sophisticated methods to gain access to your private
key while it is in use. You should simply be aware of these
dangers when using PGP in a multi-user environment and modify your
settings accordingly.expectations and your behavior. Perhaps your circumstances are such that
you should consider using PGP only on an isolated, single-user machine under your
direct physical control.
Analyzing Activity
Even if an attacker can't read the contents of your
encrypted correspondence, he can at least extract some useful information by observing where it comes from and where it goes
messages, noting their size and the time of day they were sent. This
is similar to an attacker being able to look at your long-distance
phone bill to see who you called, when, and how long you talked, even if the content of the
phone calls remains unknown to him. This is called activity
analysis. Solving this problem requires the introduction of special
communication protocols designed to increase resistance
analysis of the activity in your communications environment. This may
require the use of a number of cryptographic techniques.
Cryptanalysis
Perhaps someone with supercomputer resources
(such as a government intelligence service) will launch an expensive and monstrous cryptanalytic attack. They may
be able to break your RSA key using new classified knowledge in
factorization. But civilian scientists
have been attacking the algorithm intensively and unsuccessfully since 1978.
Perhaps the government has some secret method
of breaking the regular IDEA cipher used in PGP. This is a cryptographer's worst
nightmare. But there are no absolute guarantees of security in the
practical application of cryptography.
Still, cautious optimism seems justified. The developers
of the IDEA algorithm are some of the strongest cryptographers in Europe. IDEA
has been extensively tested for security and peer-reviewed by the world's best civilian cryptographers. In terms of resistance
to differential cryptanalysis, it is probably better than
DES.
Furthermore, even if this algorithm has some hitherto unnoticed
weaknesses, the danger is greatly reduced by
the fact that PGP compresses the plaintext before encryption. Cost
the computation required to crack it will likely be greater than the value of any message.
If your circumstances warrant
the assumption that you could be subject to such a monstrous
attack, you may want to consider consulting a data security consultant to develop a tailored approach
to your extreme requirements.
In general, without strong cryptographic protection of your data from an
adversary, it will take virtually no effort to intercept your
messages, and he may do so on a daily basis, especially if they are transmitted over a modem or by email. If you use PGP and take reasonable precautions, it will take a lot more effort and money for an attacker to violate your privacy. If you protect yourself from basic attacks and feel that your privacy is not going to be invaded by a determined and powerful
huge resources of the enemy, you will probably be protected by PGP. PGP
gives you Nearly Complete Privacy.
2.1.2. PGP Internet Resources
There is a huge amount of PGP
related information available on the Internet. Some good catalogs of it are located on the pages:
— PGP, Inc. (pgp);
— PGP.net (pgp.net);
— international PGP server (pgpi);
— PGP user conference (pgp.rivertown.net);
— «PGP Russian Album» (geocities/SoHo/Studios/1059/).
2.2. Encryption of information in images and sound
This class of products, called steganographic, allows
hiding text messages in .bmp, .gif, .wav files and is intended
for those cases when the user does not want anyone
to have the impression that he is using cryptography.
An example of such a program is S-tools:
ftp://ftp.kiae.su/pub/windows/crypto/s-tools4.zip
The program is very easy to use. Externally, the graphic file
remains practically unchanged, only the color shades change here and there.
The sound file also does not undergo any noticeable changes. For greater
safety, you should use images unknown to the general public, the changes in which will not be noticeable at first
glance, as well as images with a large number of halftones and
shades. Using the painting Dance by Matisse is a bad idea, because everything
know what it looks like, and, in addition, it contains large areas
of the same color.
The program can use several different encryption algorithms
at the user's choice, including a fairly strong 3DES algorithm.
2.3. Encryption using archivers
Arj, Rar, WinZip and similar archivers allow you to create
password-protected archives. This method of protection is significantly weaker
than those described above. Cryptography experts claim that in the methods
encryption used in archivers contain «holes» that allow
an archive to be cracked not only by guessing the password, but also in other ways. So
you should not use this encryption method.
2.4. Password protection of MS Office documents
Never use this method! Hacking is so easy that
the manufacturer of a commercial package for recovering passwords forgotten by
unlucky users included empty cycles in the program so that
slow down its work to create the impression of the complexity of the task. The manufacturer of the non-commercial package:
http://geocities/SiliconValley/Vista/6001/pwdremover.zip
did not include empty cycles in the program, so the hack takes
less than a second. MS Word 6.0 and 7.0, MS Excel 5.0
and 7.0 documents are hacked, and created both by the English version of the product and
several national ones, including Russian.
2.5. Data protection using the NDEC program
NDEC is a simple and at the same time extremely reliable program, in which original algorithms of multi-stage
polymorphic coding using two keys were applied. This means that, for example, the same file encrypted with the same key,
will each time have a new, different view in all bytes.
NDEC users must enter TWO passwords when encrypting/decrypting data. The length of each password cannot be more than 256
characters.
section 1 of file ndec < uuencode 1.0 by FRIENDS Software >
filetime 614831580
begin 644 ndec
M4+AU'[HN!3O$<WF+Q»U»`R7P_XOXN :$`OHX!_/.EB]BQ!-/KC-D#V5,SVU/+
MD`$»3F]N($1E8V]D:6YG($5M86EL($- R>7!T;W(@=F5R<VEO;B`Q+C`@0F5T
M82`M(#0N,2`J*BHJ3F]T(&5N;W5G:»!M96UO<GDD(«`@(«`@(«`@ («`@N«)
MNF8!S2′-(/V+^$]/OLX»`_*+RM’IZ7A_=&1K« :V5NA«ZS*0K96R$.L[
MK96R$.LK96R$.M!K96R$.MCK96R$.MDK96R$.MEK96R$.MFK96R$'((I-‘M
M2G3T<_@SR3/;T>U*=+_1T]’M2G2^T=.%VW07T>U*=+G1TX#[!G(+T>U*=02M
ME; (0T=,NBH;`8#Y»G0Z,]N#^0)T)M’M2G27<A_1[4ITEM’3T>U*=)71T]’M
M2G24T=.`^P)S’BZ*ORL!K(K85HOW*_/SI%[KB*P»R(#5`#S_=;SK,]’M2G4$
MK96R$-‘3@/L(<M+1[4IU!*V5LA#1TX#[%W+»T>U*=02ME;(0T=.!X]` AM_K
MM%@&NRX)4S/;BN+TXOKB_.+^L#«(*!`4««««&! P@)`0(«`,$!08`
M«««««<(«0H+#`T*0#X!*$,I2&E-04XN`8`!=F5R> ;2!S:6UP;&4@8X)4
M»W!T;W(6/««0!.;VXM1&5C;V1I;F< @1<`)+6UA:6P@0R(H=&VR»BD@.C@D
M(#$`D»XP($)E=&$@+2`T#0H%%%L2.3DW+3(P`2`*5$UI5&]S;V9T.H& $-G!A
M<F%T,BP@06P»BDM2:6=H=’,’97,J!4A+9#I4:&F_4G- 59B@BE)X=`YN82MU
MBL0C(!1L>6)N;W0N8!R5<W1R:6)U5IE0.T5GI5`01B»=(%M0H%1);&EP(% K5
M;4″AF+=N;ETB»D99E36F&V4%LV`A8V5N<]KTJB!D`TZ>;J(4;W1H!'<!+JB$
M<VAO =W1(8WDN8[*K»`U(«2AJFF%CB7=I)ZM2*F$Z*’)*5CIW170A!55]:A`
M<& )*22=G+»X$=H(46215<PYE.NFU4″`:;$66.2UE>-*69:HJ/@P3/E6*.N2H
M8R(@5)0X&D89($]U`2<(6W!A<W,Q70@R.^]=22M)^P(2@(.=$EDM11*6V$D
M %R0M;V5SH0)D?`HE$RX9!R131’5!%==Y(‘!H<BXE,4@».B1/;O,@;154%^$ M
M)`_/)R@.?1MQ#D50%<4@^BSH*%@$2F%G826]5#H&88!W,16Y’4YF9@@%] V%4
MHRT&`)&Y_P`SP»XJ!3+@`L3@!/;81^+TPQ(«!2K@95(R$M02Y$!451[D01`(
M)`$`’_X`,N3-%CP-=`.JXO4`9#+`JKI_!.@V`,-7.`$`#O.J7/W%8OWK8O0
MN7T4@`»M*D+0_LHRP@K`=02″`E[2R*K2#=;0Y@(«/`JUO;>XN##M`G -(<.L
M/»«H’3[3L,87(&/’IW`B3?H)!D0`»L@6@!=`M.& #187;1L’:^YKPU5N»#)K;F]W
M,VUM2$!J.@!M`&]H_`’!_QLT@W$P $`90$J`C(«*C(`N«]S2&+V`»AP[0
M,GK];1`3`GAM#%/@7NBB`,`’H»?N^@`»L$P`*»[IY`NC[^ KC_3!OH^!(`
M^JP,+J)^!#Q%=`D1«`=`6Z;@3KX.C@^K^»!%?HZQ0`^NC6″L,$Z. +Z6NB:
M_P`2<QU2NA4#Z+[Z7DET»T`!Z,’ZBM»T`D?K+H;`Z@$ZZJC!#XL>O ]RV«(
MHP8%@’S_#70]Z);Z@P)*-K(!4Z=^E]7%!16Z%4^7^C]^ 70(8*,)+OX&/P,H
M;.AN*$5H»`8D>23H@*%’0D)Z:$`S!,’Z!L$BAD%Z!7ZNB]Z1/I25″ +S’H`^
ML*F2JQRK$C(%5!XDW_F+SX’I»:H»#+XMG/.F7W04%`BZD!3^NNZ, ^*E%_E5
MBP!R)@@D)NC%^6_HO_E6[OF:^9Q6&K)D5MP>)(E64GH(*]4!@%4P=XUZ[WH
M3J2@E#1%=$*Z4A>H3$)2«:B!A`)N0$`BQX%L`2U>_ZZ=0RY«0!H`UN_@O`
M=!90BCH=P»4@A<0%`845?Y8/0+*’W39ZT^Z8#QF!BA»8/GH`_DA70$5,VE
M=/5E3BI,NE)8Z»4″41W?[U’%403>;%$A`?X41@#Z_2T)^<T@»E!1OSXNBB8(
M»3/;»@`’A]4N`»4N]ATN*`4N!4`P`P`%TLSVW#+@1T-0@24″ ;(N+<6>L`.=4R
M+29]-$(R!5.!-!#KRX»!O[2YU0V/$(E%%`_,L0 ]XM=9,L»^!50V.1!14*Q1
MNS2$4J,)P6@’!OXJEE84+L-«=<`5=>S»UC^P#P#:0B4+«+869=APV[J% 3@*
B..L#J5<XGQ`0GY/GGP»?T@V?#0U`P86-«,)0F<#0:?_P
`
end
sum -r/size 33185/2491 section (from «begin» to «end»)
sum -r/size 51962/1789 entire input file
2.6. Data protection with the help of the program «Cobra»
«Cobra» is a program that even foreign experts
speak of as the most advanced and scientifically based cryptosystem.
Seminars and scientific conferences are held annually, where hundreds of respected mathematicians from all over the world discuss the prospects of «Cobra» and the original algorithm developed by Russian programmers. So «Cobra» is probably the best option, but it costs money. For information, call in St. Petersburg: (812)-234-0415, 245-3743,
234-9094, 245-3693.
2.7. Protecting floppy disks using the DiskHide program
DiskHide is a program that allows you to make any floppy disk
(after you have written information to it) is absolutely empty. It is unlikely that
for example, customs or your boss will be smart enough to view
the contents of an empty diskette using DiskEditor.
section 1 of file dh.zip < uuencode 1.0 by FRIENDS Software >
filetime 614831580
begin 644 dh.zip
M4$L#!!0««(«`(?!OBTQ*(Z`4«#H&«`,««1$ E32TA)1$4N15A%79-[
M4%-W%L=_]^;>/`GAD6A]WYAP>20$0M!`B#%@@@P2&@&A^&«!>211)(`1B$D
MC6#K5<«V5*WMB`A%@=@6’%0TJXN/];%8LEB’+>WJ5-?!LG5QJ19!R0*=SFC/
M& #8217;Y_O]_SFG-?Y_Q^FHTR@«(D,%:R./9!@`,`(#&/»DSXN4;M»88TZ2MP31Y
MVPKU6PTZ3!PI%D>$8_%&2ZN0KTA=`66:]B)B<.CL)0RDZDP!,P»G@SSIV&
M>K,`»D`,&0:FA:$8F*P;F`I=`.HN:__#4@&7]10:_&6V^?H?5& 0/W<?BS9
M8,;R](:R@NV8+D]G,%KXK_</ISJNB$C?[^G^FR/6-@Q/&’ Q-WW$^2DXEI
MP8A@J.Y:W?!XZZNZ’RGD2P»2O’`V]OJ`T;`&9V.7SVC4’*/GJ)AC]AQSYI@[
M2R. C,Z*OW?U+HOF9Z;GDIF1XUO:Y!V?EK^[!FF’S_%E[T3UHFR(;&3.^#)GM
M<P^*]M7G0 [:7=+-9,NQX»9M#9NL^,_)FY<CO%QR>DS:;%.PB2/:=ZD<ZMPW
ME$[)AB?’,=;IK)&[6548W#;^7SC;??R.T/[X/:^Z.N3OB&[3L@]Y2]OXD8
M= 5SQ(0;K^IQ*LV^»^;>#SD,XM.2GE_8^#VOTB9-T96;N3N+!E),TE.K4S@SL
M1EE8HBX00P0(�8.7& ;;!&`Z@OZ^-3*%2H-F7@()0<E_;’+FB,[P8H(_A^-.
M3RV#Z[ZHN<V_&`?7`_4-^YUG/0RZ»V*=I4,`.<M@B.Y%QIN@+O@)Q8MU%»I
MCJ%N9$$-&’FVSW>YY!G,%Q:!`*H2+*ZFB)=967A’X[9]:G3JP4_»[:(@P5[
MO06U,8RF»WZ[5IQUT)»»S672`B52L%&ZR88T/&-9:-T,=3M*N0#8P*?F’6O,
M]»U.S01:_I@=H>!Z<RX[XJ_>D5KZSCFS?);S)7#.UCG[KIB5TF[-)=(U&`K
MQ<I !$$[:>[MS%_I%.E0FS>4RF,#7H##VK!#&AN[$Z**XC2E,D]@MHDOXX<
M9*+_9%Q& NG<7E2EO07_@<:/=CK%[__XN,_L1F=3″H»_E=:;V:Y#%%G%Q+J
M@TNE=K[7U,TFAQ»B^?5$`U$*?&%Q)-Q$J>’DT/=`Q>1%F6G/60(6&# 8217;RK*G89=
M]-5`^[%PXB:]FO;@`H[=7YW[TGM/M(5BSB3S/8M)»WC7T#UZ:_=0I4QVC< V
MS5>H;+R[0D-88]WH>2′)N0IM0G+#%Z9R+;:’J%P/17/_3J/[GCU4+(!?9V5
MV^PBD8#Y:’]K[:VFI%%/-XG4ZSK.()=»](S[L/J$EWJ)ZX*?FBF;!N<!2)% ?
M#;’G4^81UXD?QMJ6MO_CZ)!/XN*'»`P’7HV^.>6D@Y<+$=T»QVOL` !1P375Y
MC^_8,X%WY6)DMN*$84-+4X’XN_)D6@#XDI&H@8LWI:!U:C)._`%*<E?< ^»+
MZT@Y%-*3(F,YD6CP!!7!O[9)X*Z4″9^B2^(#0H»X7$;DQ’=5D-Q08F!JUP?
MKI#)5T7+?(LJ@):U4U1=6,(/3BZKWF:U-2_+YD4)»_-*ET?&O&#*%,+ZS@<U
M*;UX:T<SVF:[2CKZ]*>.$VUMH2W»7]*UH4Y89’A$6Q]40R/PA>+%;:4M/RJ
M?%6NOH0?HE6KPN0KN)HEX<N/]<Z’%-^&3;@2@4*I*31FE_/R371_BZ4ZOZ22
M&:*DEX=GDQ.P» ;-[RX^<:0Z,#ON(‘<TWXJABYTNO,T[MA+’PE<1K%5T:IJ’AX
M]W,V+E/@$6S2″,+YU65OPL»Y-1UKA$<«8B)$-,F]:51;-P»5@O#` ’+C)7F
M]LUH8«DML&108*LG*7/)T)65^EWQ53L4.WT(Y6@LW*PF*3<6=-R2&DMR0
M4YSWLM5%.1U<2V:K. !UH?*6YOBUHMVR@@K*$+.L;7O1SY^SPZ+X;&V5<K<X
M7Q]8G%WXY=^YY;X;UPCC3B7J#»%% %0SF?T]8BHNVME1WS!,8DRJAO’ED]%!%
M.GN$N??P`J8&L»`!+R`QU,%;LS]^_#4$L#!!0««(«`( ?!ON151$N04`
M`*4,«`,««1$E32TA)1$4N5%A4G59-;Q-7%-TC1]NNZB» ;Y`RQT78A9`*
MA»)5E`7;EE@T*B4HB6CIJLJ*!55;J=M*+_S//,O.<][0]H%_T/V& #187;22?)
M_(6>.YX/.V»0L)1HQK[OW*]SSWU7KU#QV=A]]F)OY_$W!S2W<8VV’FS05GM[
MY^FCW>^HN ;:VZ-#ZDR=TGPWVZ7Y[O[WWO+WM7+U2`]S>V?_VSLYVFYK.@D._
MA+83BB`0Y/H9!2+R=&BEITF;@0T #<:PU&?RH(T_%8CB%=$A&>3:V83JDR$]&
M(AL2216=`<VHUH7L?*5H7YHH#&(?5M!&MKC`XT^?I8!+I`J[TUB+JBKR-A
MC.VQZ]HW(5I-Y [$-X»;*1@K!*J)DJ$]#971&48%VH@=(0ABM`G(!A/A&`JX1
M%<76/_ /RI[X-;$=<Q`U»?N*UHD»=X)62J*].C`V2`BVRPU`8.+@@BD7/I`[]
M`2RR1_]ED<E4’&7X004-&O’7D0CPWPA?CQ»=47UKLABYO)4I49Y>E1>9=I-
MI5`Q’A/Y843< ;:BEN#A5′<O’8<:5*]«’RKK6E’%J7@FB-KBCS;YSZ*^`Q’
MB$(1%37A+Q0LM<^5EN2&24</RTS’36SDCI$+&A&J6.,,OI»VFQ^CO@I5E/I>
M4D3N@`BQ& #8217;1%@@*M8T/1=3GH%`>;&6ACV3#!2#3[0IX2B/CK3+4*LF9B
M@R&QHYRJ;HA-5Q0#/HKQVO»W5G>E=3EZV5<C$8.*6E4]E2H4>`8C32BZ:%*
M42R,*T+T»KV-<V]Q7D1FHD,O@]R<Q^2<#QPKOV0OJN0:T35BI,:>BY$J1ZU!
M^9B(#)P) `0J»!(ALH(]UF*#;XTPJOM6YJEY>V2`_U[4EQ:P99^U?’&$6ZMQE
MZC)Y^@EG5*!Y-C1* (E[R1″QVT’;BP+*M.-G*!#SB/WY9^],O<$_SZJ;4M!
M+26UQH!Y1S;.&<U<1″81690A!S@C]&_3/+F(5BF&C=L,DT0$K»]V]M45?
M;!»M/[C^`’8%JH@*PKHY8.D2=J(VV<E-SDK»II60(=DND)QX$ZP6>DO,2X
MP((4<3<S,/KBI)V2#RY*/L»`#`S*]’TB$<Q%ZF4V?K)I»; .^OR:UP’)E.S(
M2U>?:SKTJJ2F»#[1’T/D:$BQ55<0%NBBN8YYP3>.I;=VC=[%3WQN887Q?&
M!1J»!T< TL)»V3#%YK&^*!J+GT^V[7]Z[<_?VIK/Y<-.AGP6=>ZQ_I+LY»S7T
M [N9DZ/_^[&?/VN0-V^O,VHN-9NM!=K:W7^T^SWMM1[]/G>BZ]^W’FZ.[],
M7^_^0,V%&_1F$J0XLI&GH.A1WJ./1[F’6UL3@CKF?Y&6C67&MYY1HMS;>6
MY]=6ID$F-R11Z9LSF_MD @?_$R`_/W1-?EKLK2;3P_:>[2]M_.34_:!_PR
MMTZ[>W3KVE0+#GEL)=C-+(8ZQ7F+H0LDI7*YSX1Q,2& #8243;,#J3U:1Y4P`Q5S!`-
MDI5>(H.>%Y!(&YVI<:)»D16Z2[KB($3′:@0S^L0%»9+P992M6=P!G1?=EK+
MGS:*Y!97%N[A&87G+//7VKAUR;CIM+9F&B^^WWBU-6F]’YC?JV-EQV`U[:,
M -!-X9=JVZ2PMS8YB]?W&^?N[.?%9;77PXEF;YIJ.XZQ>XD;)@,CF'(EBF5R<
M0MV(CK&`DUPU0!>I00ZL?<U<JO8Q>FX[I?I7=.$[1:&Q6$GB%.@R8E4$]]»O
M !BV-KPJKXSL;&,(+`_>&+O2W%*&Q!J=DL0Z@7U.W3X2#/<.T<:9X<#BI^H#
M.CE+SB6K8R&.E3;J*5$LT»Y+XR5MA»M%*%F^R5B750_5Y>O,/.Z9(]ZFGO»J
MT>) K0NHFI[B5YC<E[.»790(9’24N!GARD8FI#?&3KSS<BMV0?K.>]:W$QM!#
MH?WJ?6*WI+ !*1ULE$*([_F*/K#FDA[BEE.@,89.49ZYA;652R;%[9%X5/[
M_U!+`0(4`!0««(«`(?!OBTQ*(Z`4«#H&«`,«&# 171;««««(«««`
M«!$25-+2$E$12Y% 6$502P$»%«4««»«`»‘P;[D541+D%«& #187;E#«`#«`
M««««`»««`2!@«1$E32TA)1$4N5%A44$L%!@««`»«(`=««/4+
$«««
`
end
sum -r/size 16086/4433 section (from «begin» to «end»)
sum -r/size 28110/3199 entire input file2.8. Protecting hard drives with software BestCrypt
The problem of protecting data on PC hard drives is, perhaps,
the most pressing in the field of information security.
The BestCrypt program, in our opinion, is the best (of the available
free on the Internet) program for creating encrypted logical
disks. There are versions for Dos, Win 3.XX, Windows 95/98, Windows NT. On
such disks it is advisable to store not only all secret information
but also other encryption programs (including PGP with all secret
keys).
The program offers three encryption algorithms of your choice (DES,
GOST, BlowFish) — we recommend choosing proven algorithms — GOST
or BlowFish.
In addition to creating encrypted disks (and the entire service associated with them), the program allows you to completely encrypt floppy disks at the physical level, which is very convenient for transmitting classified information. You can download this wonderful program from the server of the developer, the Finnish company Jetico: http://jetico.sci.fi Here is the serial number required to register the free version of the program: User name: Sonixx Organization: [AnThraX] Serial number: BC-35D1-EAA6-027F
2.9. Protecting hard drives with seNTry 2020
In our opinion, seNTry 2020 (version 2.04) is one of the best programs for creating encrypted logical drives under Windows NT. It is advisable to store not only all secret information on such drives, but also other encryption programs (including PGP with all secret keys).
You can download this wonderful program from the developer's server:
http://softwinter
And here is the key generator required to register the program:
section 1 of file sentry < uuencode 1.0 by FRIENDS Software >
filetime 619930778
begin 644 sentry
MZ(«M`FZY0′-(;I*`K0*S2&T»;HY`LTA,»Y`@»^3`*_=`:K JZRK04$#77X
MOG0&9KK62G*SZ»8`9H’R17[!*F:)%G0&Z(8`9H’R17[!*F:)%G0&Z'<`ND<»
MM`G-(</9O?2K&:+VF;!Z@AF@>/_««,MAG9C,4G70″«#BY&;WTL/]OW`&
MNO`N0@`9@^WPF;1Z’,&9C4@@[CMXO-FJTIYY_S#4,’H».@!`%A@4,#H!.@& ;
M`%CH`@!APR0/!#`.G(«!`=2BM»T`LTA6L.^=`:Y`@»MAN#HR_] 2LB»T`LTA
M6N+PPPT*<V5.5′)Y(#(P,C`@=C(N,#0@:V5Y9V5N97)A=&]R +B`H8RD@,3DY
M.»!!:R!+;W)T(%M33U,@9W)O=7!=#0H-«D5N=&5R(‘EO=7(@ ;F%M93H@)`T*
14V5R:6%L(&ES.B`D#0HD’@`
`
end
sum -r /size 34466/486 section (from «begin» to «end»)
sum -r/size 2375/332 entire input file
2.10. Protecting hard drives with SafeHouse
Another program for creating encrypted logical drives.
There are versions for Dos, Win 3.XX, Windows 95/98, Windows NT. On such
disks it is advisable to store not only all secret information but also
other encryption programs (including PGP with all secret keys).
The international version is weak (40/56 bit key), and the American
quite decent. From their site http://pcdynamics/SafeHouse/on the
Internet they ask not to copy it to non-US residents. But only ask.
You can download it without problems. The password for installation is — us.checkpoint
2.11. Data protection with the Kremlin program
The Kremlin program is a logical addition
to the BestCrypt program. It allows you to encrypt files and e-mail
using many algorithms, of your choice (IDEA, 3DES, CAST, etc.). But
its main advantage is the ability (at specified intervals
of time, or, for example, every time the computer is turned off)
to UNRECOVERABLY erase all history files, log files, temporary files
Internet, as well as all those files that you specify. In addition, you can
specify UNRECOVERABLY zeroing of information on free space
of the hard drive and in the virtual memory file (swap file) of Windows.
The program is available for downloading from many free servers,
including:
http://shareware
http://download
Here is the serial number required to register the free
version of the program (tested on version 2.21): 4040053298
2.12. Protecting your PC with hardware
The purpose of this device is to delete information when an attempt is made
to remove the drive, when the computer is stolen, when entering the computer (server) service area, or when a certain button is pressed.
In fact, this device is an analogue of
paper-shredding machine.
The principle of operation of this device is to format the drive.
It is known that at the beginning of each drive there are tables
of sections, tables of file allocation, directories — therefore the destruction
of information begins with them and even after several seconds
of operation of this device, information remains on the drive that is
very difficult to recover. If the device works for several
minutes, then all information will be destroyed. After the first cycle of destruction, the second one begins and so on (until the autonomous
power source is discharged), so the information cannot be restored even by residual magnetization. A similar erasure method is available in the
WipeFile and WipeDisk utilities, but to run them, the computer must be turned on, and many operating systems do not provide direct access to the disk and, accordingly, these utilities may not work.
This method of destroying information may seem
«barbaric», but if you organize the work correctly (backup
every day, keeping a full log of work for the day, etc.), then the erased information can be restored with minimal loss of
time (the disk does not suffer).
To identify the administrator who has access to the protected
computers (computer), electronic keys with a code length of 48
are used.bit. The short time allotted for presenting this key — 10
seconds — completely eliminates the possibility of its selection. The sensors, when triggered, the information is destroyed, are selected by the users themselves. The most commonly used are limit switches (opening a computer, opening a room, panic button), a telephone bell (pager), and sensors triggered by a change in volume.
The device is a block mounted in a 3.5″
compartmentdrive and has an autonomous power supply. The device is connected to the break
of the IDE cable and does not require the installation of any drivers. This device
can be installed in any computer that has IDE drives.
Installation and a one-year warranty are provided.
Detailed information about the shredder can be obtained by phone in
St. Petersburg: (812)-259-5018 at AOZT «BYTE». The method of destruction
of information used does not damage the drive and does not contradict
legislation (like any paper-shredding machine).
E-mail: byte@infoservice.spb.ru
2.13. Cryptography and politics
The largest experts in the field of information security today
openly declare: the US government, like any other, including
Russia, by adopting laws on mandatory information protection in
state and private commercial firms, is in fact trying
to gain access to confidential information about its citizens. What
is going on?
Big Brother with an American Accent
Any Western company that wants to expand its business into
third-country markets sooner or later faces restrictions on the
export of certain technologies that have dual uses or are simply
too good for underdeveloped countries.
But if the company agrees to abide by certain rules of the game,
such exports will be allowed. The main condition is the classification of all
accompanying documentation. Secrecy is achieved using
special computer programs called cryptographic.
Special government services ensure that companies do not skimp on purchasing such software and constantly
use it in their work. Press statements and public
instructions emphasize the latest achievements in cryptography,
algorithms and programs certified by government services.
We are assured every day that it is these programs that guarantee
100% protection against any unauthorized access. And
on the contrary, it is said that programs created in private or
state-independent enterprises can be «hacked» even by a child.
This is an exaggeration, which in practice leads to a big lie.
The desire of state secret services to introduce their own rules
for encrypting private and commercial data only means the desire
of Big Brother to find out about them. There are two approaches to this, and both of them
are actively used in practice.
«One hundred percent protection»
Saddam Hussein, completely bullied by Western countries, suffered a defeat long before the Gulf War. The Mirage aircraft at his disposal were supplied by the French. The insidious frogmen
assured the buyer that the electronics of these aircraft had one hundred percent
protection from unauthorized access. However, when it came to
war, this protection was broken immediately — by a single code signal,
sent bypassing the cunning system. The on-board systems of the aircraft were
switched off, and the dictator was left without aviation.
A similar «back door» to the supposedly protected system exists in ANY
GOVERNMENT-CERTIFIED PROGRAM, but it is not customary to
spread this information out loud.
US Senate Bill S266 of 1991 openly requires that
American cryptographic equipment contain traps,
known only to the NSA — the National Security Agency. In 1992, the FBI proposed a law to Congress to make it easier to eavesdrop on
telephone conversations, but it was defeated. Then in 1993, the White House began a
campaign to approve the CLIPPER cryptographic chip as a government standard for use in
classified telephones, faxes, and email. However,
the developers, AT&T, do not hide the fact that the government has
the key to the «back door» into the system, regardless of the complexity of the password assigned by the naive user.
«Public guarantees»
The second approach to cheating potential clients is based on a system of so-called public keys, only the full set of which can allow the owner to decrypt any message in the
system.
The user only reads his own messages, but if it comes down to it
to serious and legitimate reasons (such as a court decision or the interests of
national security), it is worth, say, ten respected
citizens to whom parts of the master key have been distributed, as the secret will become
clear.
This approach has been rightly criticized by most
experts. According to Allen Shiffman, chief engineer of Terisa Systems, California, the technology «third party key» not only
will not be used abroad, but is generally
is another move by the U.S. government to keep encryption technology at bay. «Would Ford have used Toyota's security
system if the Japanese government had the keys?» asks Jim Bidzos, president
of the respected RSA Data Security Corporation.
Among corporate users seeking assurances that sensitive data will not be intercepted, even the
ability to trustthe government is completely excluded. And this is in America, where the secret services
regularly receive hefty slaps in the face for the slightest attempts to penetrate into
the private affairs of a citizen. Who in Russia will trust a government
that has never been frank with its citizens?!
Why does FAPSI need such big ears
The Federal Agency for Government Communications and Information of Russia
is a structure similar to the American NSA. But since it works in
Russia, to satisfy its professional curiosity
uses simpler methods. For example, discrediting security systems,
the developers of which deliberately exclude the possibility of «back
entrances», as well as all programs in the development of which FAPSI did not
participate.
The fact is that now in many cities of the country FAPSI has created
certain scientific and technical centers engaged in the implementation of their own
security systems. These developments immediately receive the necessary
promotion to the market quality certificates issued, of course, by
FAPSI. And independent competitors are fighting hard — FAPSI refuses
to license someone else's products, no matter how good they are. In addition,
the latter — reliability, as you already understood, — is traditionally an unnecessary
quality for Big Brother of any nationality.
Since its creation and to this day, FAPSI has launched a grandiose
propaganda campaign against such firms. Here is an example of information,
published in many media outlets.
«On encryption tools that do not guarantee protection. According to information available to the FAPSI licensing and certification department, a number of Russian firms —
developing and manufacturing information security tools have received
certificates for the encryption tools they have developed, bypassing the existing
system…
…FAPSI warns potential users that these
certificates cannot certify the compliance of the specified products
requirements for encryption tools in force in Russia and
guarantee the security of the information processed with their help».
Among the programs mentioned is the —Cobra» system, a program that even foreign experts speak of as the most advanced and
scientifically sound cryptosystem. Seminars and
scientific conferences are held annually, where hundreds of respected mathematicians from all over the world
discuss the prospects of «Cobra» and the original algorithm developed by Russian programmers.
A little earlier, an article appeared in «Moskovsky Komsomolets», the authors of which literally stated the following: «FAPSI will crack the ciphers created by commercial
structures during a lunch break».
2.14. Conclusions
Now let's draw conclusions from everything we've read:
1. When planning information security measures
it is advisable to use an integrated approach:
— a device for protection against PEMIN (for example, GBSh-1, Salut, Pelena, or Grom) must be installed next to your computer;
— all important information (including programs for encrypting
email such as PGP) must be stored on an encrypted disk
(hard disk partition) created, for example, using the program
BestCrypt or, even better, — «Cobra»;
— install the Kremlin 2.21 program and configure it so that each time you exit Windows it resets: free space on all disks, the contents of virtual memory (swap file), all history files, log files, etc.;
— all your correspondence (E-Mail) must be encrypted using the PGP program (we recommend versions 2.6.3ia — for DOS and 6.0i for
Windows). Encrypt absolutely all correspondence, you can't give Big Brother a reason to relax;
— periodically (once a month or once a quarter) change all passwords completely;
— when transmitting classified information via removable media (for example, via floppy disks), it is advisable to mask it, for example, using the DiskHide program;
— for reliable file encryption, use the following programs: NDEC,
«Cobra», Kremlin, PGP.
2. When choosing a password, follow these recommendations:
— do not use obvious phrases that are easy to guess,
for example, the names of your children or spouse;
— use spaces and combinations of numbers, symbols, and
letters in your password. If your password is a single word, it is very easy to
guess it by forcing the computer to try all the words in a dictionary. This
is why a phrase is much better as a password than a word. A more
sophisticated attacker can force his computer to try a dictionary of famous quotes;
— be creative. Think of a phrase that is easy
to remember but difficult to guess: such a phrase can be made up of
meaningless expressions or very rare literary quotes;
— use the longest passwords possible — the longer the password,
the harder it is to guess.
3. Never protect classified information using
archivers and the protection offered by MS Office.
4. Never use cryptosystems certified
FAPSI, NSA, etc., ALL of them have so-called «back doors» and are easily hacked by both these services and hackers.
5. For greater reliability, it sometimes makes sense to use not one, but several encryption systems (for example, encrypt E-Mail
first with NDEC and then with PGP).
6. Always exercise physical control over the information carriers. It is best if they are always with you (for example, a box of diskettes in a briefcase).
7. Remember that even reliable cryptosystems (like PGP) may develop «backdoors» under pressure from the government and special services, so it makes sense to use well-known and proven versions. 8. Use the best cryptographic tools yourself and actively promote them among your friends and acquaintances. Let encryption become an integral part of your life. With this lifestyle, you will contribute to the just cause of fighting
all sorts of special services (ANS, FSB, FAPSI, etc.) protecting the interests of the criminal oligarchic regime, and not your interests!
3. CREATING ARCHIVES
When using personal computers, for a variety of reasons, damage or loss of information on magnetic disks is possible. This
can occur due to physical damage to the magnetic disk, incorrect
adjustment or accidental destruction of files, destruction of information
computer virus, etc. In order to reduce losses in such
situations, you should have archive copies of the files you are using and
systematically update copies of the files that are being changed. To store archives
of data, you can use external storage devices with large
capacity, which make it possible to easily copy a hard drive
(for example, magneto-optics, streamers, «Arvid», etc.)
To copy files, you can, of course, use the following
tools:
— standard commands Copy, Xcopy, Diskcopy;
— software tools PCtools, Norton Commander, Windows;
— continuous copying programs Backup and Restore.
However, in this case, archive copies take up as much space as
the original files, and many diskettes may be required to copy the necessary files.
It is more convenient to use specially
developed file archiving programs that compress information to create archive copies.
When archiving, the degree of compression of files depends greatly on their format.
Some data formats (graphics, Page Maker, etc.) have
packed varieties, and compression is performed by the program that creates the
original file, but the best archivers are able to compress them as well. A completely different picture is observed when archiving text files,
PostScript files and the like (text files are usually compressed by
50-70%, and programs by 20-30%).
The most popular archivers are ARJ, LHA, RAR and PKZIP (it has a
separate unpacker PKUNZIP).
Most of these programs do not need to be specially purchased, since
they are offered as shareware or
free distribution (Freeware). Special «shells» (the so-called PackerShells),
such as SHEZ or GUS, which independently determine
can be of great help in archiving
programs (since each user has a favorite archiver),
such ascompressed file and help to unpack it (the so-called
unzipping process); similar tools are available in modern
general-purpose shells (Norton Commander, DOS Navigator, etc.).
Such shells usually only manage existing
general-purpose archiving programs. The RAR archiver has
its own built-in shell.
The principle of operation of archivers is based on searching the file for «redundant»
information and then encoding it to obtain a minimum
volume. The most well-known method of archiving files is to compress
sequences of identical characters. For example, inside your file
there are sequences of bytes that are often repeated. Instead
of storing each byte, the number of repeating
characters and their position are recorded. For clarity, let's give the following example.
The file being packed takes up 15 bytes and consists of the following
character sequences:
BBBBLLLLLAAAAA
In hexadecimal
42 42 42 42 42 4C 4C 4C 4C 4C 41 41 41 41
The archiver can represent this file as (hexadecimal):
01 05 42 06 05 4C OA 05 41
These sequences can be interpreted as follows:
from the first position the B character is repeated 5 times, from the sixth position 5 times
the L character is repeated and from position 11 the A character is repeated 5 times.
Agree, this is a very simple demonstration of the archiving algorithm.
It is obvious that storing the file in its latest form requires only
9 bytes — 6 bytes less.
The described method is a simple and very effective way
of compressing files. However, it does not provide much space savings if
the text being processed contains a small number of sequences
of repeating characters. A more sophisticated data compression method,
used in one form or another by almost every archiver, is
the so-called optimal prefix code, and in particular the Huffman algorithm, or variable-length character encoding. Variable-length code
allows the most frequently occurring characters and
phrases to be written with just a few bits, while rare characters and
phrases will be written with longer bit strings. For example,
by analyzing any English text, one can establish that the letter E
occurs much more often than Z, while X and Q are among the least
encountered. Thus, using a special
correspondence table, it is possible to encode each letter E with a smaller number of bits,
using a longer code for rarer letters, whereas in conventional
encodings any character corresponds to a bit sequence
of a fixed length (usually a multiple of a byte).
Popular archivers ARJ, PAK, LHARC, PKZIP work on the basis of
the Lempel-Ziv algorithm. These archivers are classified as adaptive
dictionary encoders, in which text strings are replaced
by pointers to identical strings that occur earlier in the text.
For example, all the words in this book can be represented as page numbers and line numbers of a certain dictionary. The most important distinguishing
feature of this algorithm is the use of grammatical analysis
of the previous text with its decomposition into phrases that
are written into the dictionary. Pointers allow you to make references to any
phrase in a window of a set size preceding the current phrase.
This size determines the boundaries of the search for a match; increasing it
increases the packing density, but reduces the speed of the program.
If a match is found, the current phrase is replaced by a pointer to its
previous occurrence.
Archiving programs not only save space on
archive disks, but also combine groups of shared
files into a single archive file, which significantly simplifies the maintenance of archives. The main functions of archivers include:
— archiving specified files or the entire current directory;
— extracting individual or all files from an archive to the current
directory (or to the specified directory);
— viewing the contents of an archive file (composition, properties
of packed files, their directory structure, etc.);
— checking the integrity of archives;
— restoring damaged archives;
— maintaining multi-volume archives;
— outputting files from the archive to the screen or to print.
All archiving programs, as a rule, are provided with detailed
comments, so their use does not cause any particular difficulties.
In addition, archiving programs can provide
additional functions for protecting information in the archive file using a
password, which is used as the key for the data encryption algorithm in the
archive.
4. PROTECTION AGAINST COMPUTER VIRUSES
A computer virus is a specially written small program that can «attach» itself to other
programs (i.e. «infect» them), and also perform various
unwanted actions on the computer. A program that contains a virus is called «infected». When such a program
starts working, the virus usually gains control first.
A virus finds and «infects» other programs or performs some
harmful functions: corrupts files or the file allocation table on the disk,
«clogs up» the RAM, changes the addressing of requests to external
devices, etc. Moreover, infected programs can be transferred to another computer using floppy disks or a local network.
Currently, more than twenty thousand viruses are known. They are conventionally
divided into classes according to the following characteristics.
By habitat:
— network, spreading over a computer network;
— file, embedded in an executable file;
— boot, embedded in the boot sector of a hard drive
or floppy disk.
By infection method:
— resident, loaded into the PC memory;
— non-resident, not infecting the PC memory and remaining active
for a limited time.
By capabilities:
— harmless, not affecting the operation of the PC;
— non-hazardous, the impact of which is limited to a decrease in free
disk memory and graphic sound and other effects;
— dangerous, which can lead to serious failures in the PC;
— very dangerous, which can lead to the loss of programs,
destruction of data, erase information in system memory areas and
even premature failure of peripheral devices.
This classification, naturally, does not include all
possible viruses; in each category there are variants that are not named due to their exoticism, for example, CMOS viruses or virus-like structures that «live» in the Microsoft Word environment. In addition, there are a number of programs that do not have all the properties of viruses, but can pose a serious danger (Trojan horses, etc.)
To protect against and combat viruses, special antivirus programs are used, which can be divided into several types:
— detector programs allow you to detect files infected
with a virus. The detector's operation is based on searching for a section of code that
belongs to a particular known virus. Unfortunately,
detectors do not guarantee detection of «fresh» viruses, although
some of them have special tools for this. The most
famous detectors are ViruScan, NetScan. In our country,
the Aidstest detector is used;
— Doctor programs (or phages) «cure» infected programs or disks by destroying the body of the virus. In some cases, your information
may be lost, since some viruses distort the environment so much that its original state cannot be restored.
Widely known doctor programs are Clean-Up, M-Disk and the
already mentioned Aidstest;
— Auditor programs first remember information about the state
programs and system areas of disks, and then compare their
state with the original. If any discrepancies are detected, a message is displayed
to the user. The operation of these programs is based on checking the integrity
(immutability) of files by calculating the checksum and comparing it
with the reference calculated during the first launch of the auditor; it is also possible
to use checksums included in the program files
by manufacturers. Viruses can be created, and do occur, that do not
changing the checksum during infection, calculated in the traditional way — by summing up all the bytes of the file, however, it is practically impossible to mask the modification of the file if the calculation is carried out according to an arbitrary, previously unknown scheme (for example, even bytes are additionally multiplied by 2), and it is completely impossible when using two (or more) differently calculated sums;
«Doctors-auditors» — these are programs that combine the properties of
auditors and phages that are able to detect changes in files and
system areas of disks and, if necessary, in the case of pathological
changes, can automatically return the file to its original state;
— filter programs are resident in the RAM
of the computer, intercept those calls to the operating system that
can be used by viruses to reproduce and cause harm, and
report them to the user. Filter programs monitor actions,
characteristic of the virus behavior, such as:
— updating program files;
— writing to the hard disk at a physical address (direct writing);
— formatting the disk;
— resident placement of programs in RAM.
Having detected an attempt to perform one of these actions,
the filter program provides a description of the situation and requires confirmation from the user. The user can allow the operation if it
produces a «useful» program, or cancel if the source of this
action is unclear. Common filter programs
include FluShot Plus, Anti4Us, Floserum, Disk Monitor. This
is a fairly reliable method of protection, but it creates significant inconveniences
for the user.
Some antivirus functions are built into modern BIOS versions.
The antivirus software products released, and there are a lot of them,
as a rule, combine the main functions of a detector-doctor-auditor.
It should be noted that antivirus programs are constantly updated, at least once a month, and are able to protect computers from viruses known to the program at the moment.
First of all, it should be emphasized that only the user can protect the computer from viruses. Only the correct and
timely use of antivirus software can guarantee it
from infection or ensure minimal damage if infection does occur.
happened. It is necessary to properly organize work on the PC and avoid
uncontrolled copying of programs from other computers, first of all, this concerns entertainment programs and computer games.
4.1. Actions in case of infection by a virus
If your computer is infected with a virus (or if you suspect that it is
infected), you must perform the following operations.
1. Turn off the computer so that the virus does not continue to perform its destructive
functions.
2. Boot the computer from a «reference» (system)
diskette (on which the executable files of the operating system and
detector programs are recorded) and run antivirus programs to detect and destroy the virus. Using a «reference»
diskette is necessary, since when loading the operating system from
the hard disk, some viruses can move to RAM from the boot module. In this case, the system diskette must be
protected from writing, using a switch located on its
case (for 3.5″ diskettes) or a sticker (for 5.25″ diskettes).
3. Next, you should sequentially disable all logical drives
of the hard drive. If some files on a logical drive cannot be
restored and they are not destroyed, then it is necessary to copy the undamaged files
to another logical drive, and then re-create this drive
format. Then restore all files on this logical disk
by reverse copying and using archive copies.
4.2. Prevention against virus infection
Prevention mainly consists of the following.
Checking information coming from outside (floppy disk, local network,
Internet, etc.) using detector programs or
auditor programs. For this, it is advisable to use programs
that check not the length of the file, but calculate its checksum,
since many viruses do not change the length of infected files, and it is practically impossible
to change a file so that its checksum remains the same.
If the programs you brought are recorded on a diskette in an archived
form, you should extract the files from the archive and check them immediately, only
after that the files can be put into operation.
A very simple and reliable check for resident viruses
is to track changes in the computer's memory card, for example,
for the past day. For these purposes, you can use special
programs that are entered into the autoexec.bat command file,
executed during the initial boot of MS DOS. A very good choice
here can be the ADinf program, which can read information from
disks without using DOS services, so that no «invisible» virus
can deceive it. This significantly reduces the scanning time,
since it is necessary to scan only newly appeared or changed
files.
* * *
Of the currently available antiviruses, we recommend:
foreign — Norton Antivirus (http://symantec);
domestic — Adinf, Adext, Doctor Web. If you want to purchase
them, here are the coordinates:
Antivirus Department of JSC «DialogNauka», Moscow
tel. (095) 135-6253, 137-0150, tel./fax 938-2970
BBS (095) 938-2856 (28800/V.34)
FidoNet: 2:5020/69
E-mail: antivir@dials.ru
WWW-server: http://dials.ru, http://dials.ccas.ru
5. SAVING INFORMATION ON MAGNETIC MEDIA
Information on a hard drive can be destroyed not only
as a result of a computer virus or the malicious intent of your
ill-wisher, but also as a result of physical and logical defects.
In addition, troubles can also arise due to your own
carelessness — in the event of erroneous disk formatting or deletion
of files.
To save data on a disk, you must:
— regular preventive maintenance;
— timely response to the first signs of damage;
— compliance with the rules for handling the disk;
— systematic backup.
5.1. Carrying out preventive maintenance
Regularly check your disk for bad sectors.
To detect them, you can use the Disk Doctor utility from the
Norton Utilities suite.
Note that the Calibrate utility included there can sometimes
make a defective cluster on the disk normal again.
If there is enough space on your hard disk, it is advisable to run the Erase Protection utility from the
autoexec.bat file (DOS), which
places deleted files in a specially allocated area on the disk,
from where they can be retrieved if necessary. Other
operating systems have similar tools.
It should be remembered that the only 100% reliable way
protect your information from any destructive accidents is
a clear, strictly observed backup system.
Many years of experience of both individuals and large enterprises around the
world shows that with a competent approach (several «generations»
copies for each of a number of time intervals — month, week, day,
half a day) you will not lose more than one working day on recovery
lost information; if the latest copies of the archive
contain already damaged files, you have the opportunity to return to
earlier ones. With the advent of affordable CDROM media, maintaining archives
has become easier, since it is necessary to store only target files and
a small number of programs, while the bulk of software
is easily restored from laser discs or proprietary
distributions (it is worth recalling, however, that there are known cases
detection of viruses in both). There is an accessible
possibility to rewrite long-term storage information onto a laser
disk, thereby protecting it from almost all troubles.
5.2. Actions at the first signs of disk damage
The most typical symptoms preceding the occurrence
of serious defects on the disk — are the following:
— lack of access to a separate file or the appearance of extraneous characters in text
files;
— slowdown in the drive;
— a sound resembling a pump snorting when writing or reading information;
— instability of the DOS boot process.
If any of the above symptoms appear, first of all,
copy the most important information (which is still
accessible) to floppy disks. Then try to restore the partitioning using the Calibrate
utility — for the hard disk and Disk Tools — for floppy disks. Both of these utilities are included
into Norton Utilities. Regardless of the results of the repartitioning,
complete the recovery process by processing the disk with the Norton Disk
Doctor utility.
In many cases, the described actions are sufficient to
restore the disk's functionality. However, sometimes it is impossible to correct
defects automatically. In this case, special
methods are used, the description of which is beyond the scope of this book.
To study this issue, you should refer to specialized
literature.
5.3. Operation and Maintenance of Drives
Hard drives usually do not require maintenance. The drives
are located in a hermetically sealed case. You should never think about cleaning the hard drive from dust — even if there are dust particles inside it, its service life is still quite long.
Disassembling the hard drive with a high probability (99.99%) leads to its
failure!
To ensure trouble-free operation of the hard drive, try
refrain from smoking near the PC. Floppy disks are especially susceptible. Particles of smoke and resin
settling on their surface form a layer comparable to the
thickness of the magnetic coating, and the data becomes unreadable.
Unlike a hard disk, floppy disk drives require regular
cleaning, since dust, tobacco smoke, etc. get into the hole intended for installing floppy disks. Primary cleaning can be done
using special vacuum cleaners through small cracks. Do not use
powerful units, since the vacuum cleaner's prey may be the
recording/reading head or other small mechanical parts located
inside the drive. If you take on the matter in such a zealous manner,
this preventive measure will only lead to the need
to purchase a new drive!
Dust deposits on the
recording/reading head lead to significant problems. As a result, messages like «Can’t
appear on the screen.read disc in drive A:» and others.
However, before you decide that a defective or dirty
drive is to blame, check the floppy disks you are using. Floppy disks that are read without problems
on other drives should be read on yours as well. In this
way, you can immediately determine whether the drive is really to blame.
Cleaning the working heads should be entrusted to specialists, and if the
warranty period for the drives has not yet expired, then to the manufacturers or
suppliers.
If you absolutely want to clean the working heads
yourself, it is better to use special cleaning
diskettes.
In conclusion, a few more tips on handling diskettes.
— Along with the recommendations that are on the envelope of each
diskette, you should store the diskettes in a closed box, which provides
the following advantages: you will find the necessary data faster if you do not
search for diskettes in different corners; you protect the diskettes from
mechanical and magnetic influences from outside, you provide a certain degree of protection and security for the diskettes and the data stored on them.
— Remove diskettes from the drive only when the LED indicator
is off.
— Store 5.25″ diskettes in their protective sleeve.
— Label diskettes only by pressing lightly. Do not press
on the protective case or bend the diskette.
— Never touch the unprotected area of the diskette with your fingers.
— Do not store floppy disks in places with very low or high
temperatures.
— Never place floppy disks near sources of
electromagnetic fields (speakers, TV, etc.). You
should remember that data lost due to exposure to
electromagnetic fields is usually not recoverable, although
in principle it is possible. When transporting floppy disks, wrap them in
foil; otherwise, three or four trips on a trolleybus or tram
could prove fatal to your data.
— When moving important data, don't be lazy about writing it to
a floppy disk twice, in different directories, so that you don't have to make
tedious trips due to a failure in one of a hundred files.
— After writing the data to a floppy disk, make sure it is readable
with a command like «A: COPY *.* NUL».
6. SPECIAL PC PROTECTION TOOLS
The passage of electrical signals through PC circuits and connecting
cables is accompanied by the occurrence of side electromagnetic
radiation in the environment. The spread of side electromagnetic
radiation beyond the controlled territory
creates the preconditions for information leakage, since it
can be intercepted using special technical control means. In
a personal computer, the main sources of electromagnetic
radiation are the input and output devices together with their
adapters (monitor, printer, keyboard, printing device, etc.), as well as the central processor. Information leakage in a PC
is facilitated by the use of short rectangular video pulses and
high-frequency switching signals. Research shows that
the radiation of the video signal of the monitor is quite powerful,
broadband and covers the range of meter and decimeter waves.
To reduce the level of side electromagnetic radiation
use special means of information protection: shielding,
filtering, grounding, electromagnetic noise, as well as means
of weakening the levels of unwanted electromagnetic radiation and interference
using various resistive and absorbing matched loads.
A special PC check consists of checking the fulfillment
of established requirements for information protection, as well as identifying and
analyzing sources — channels of information leakage and developing
proposals for their closure. Special checks are usually carried out by organizations (institutions) that are the leading ones for the protection of
information in ministries (departments) that develop and
manufacture information control equipment. The following potential and real channels of
information leakage should be subject to technical
control in a PC:
— side electromagnetic radiation in the frequency range from 10 Hz
to 1000 MHz;
— signal interference in power supply circuits, grounding, in communication
lines;
— dangerous signals generated by electroacoustic
transformations that can occur in special information
monitoring equipment. These signals must be monitored in the frequency
range from 300 Hz to 3.4 kHz;
— information leakage channels generated as a result of the impact
of high-frequency electromagnetic fields on various wires,
located indoors, which can act as a receiving
antenna. In this case, the test is carried out in the frequency range from 20
kHz to 1000 MHz.
When monitoring the protection of PC information, specially
developed test programs are used, as well as special equipment
for monitoring the radiation level, which determine the operating mode of the PC,
providing, together with other technical means, a hidden
operating mode for various intelligence means.
* * *
The most serious equipment is provided to those persons who seek to gain unauthorized access to computer data banks. For this, special equipment with digital processing is needed. The most reliable
implementation can be achieved by direct connection to the computer network. This is only possible if the
computers in the building are united into a common local network.
Information can be retrieved for subsequent processing by registering
radiation of the computer and its periphery, as well as computer lines. During the operation of the computer, signals are induced in the power supply network, registering which, after appropriate processing, it is possible to obtain complete or partial information about the processes occurring in the computer memory and its periphery. For remote retrieval of information due to the side radiation of the computer and its periphery, highly sensitive broadband receivers are used with subsequent digital processing of the receivedinformation. Conduct a small experiment: turn on your computer and
reconfigure the radio receiver in the VHF range. Almost the entire
range will be filled with interference from the working computer and, if your
IBM-compatible or any other computer without appropriate protection,
no one can guarantee that it is not being monitored. Systems for retrieving
computer information are incredibly complex and require special
analog and digital processing equipment using computers and
certain software.
For protection, you can use special «white
noise» generators to protect against PEMIN, for example: GBSh-1, Salut, Pelena, Grom, etc.
They can be purchased at many Moscow firms selling special equipment
(see APPENDIX).
7. PROTECTING YOUR PC FROM FAILURES
Sometimes various software and hardware failures in a computer cause
more harm than computer viruses. Here are the most general recommendations for
their prevention.
7.1. Protection against hardware failures
— if finances allow, always purchase and use
uninterruptible power supplies (UPS), preferably from APC (model Back or
Smart). If finances do not allow, then at least install a simple Pilot;
— never purchase (and if you have one — then refuse to
use) the so-called Cache controllers (especially from Tekram);
— never buy (and if you have one, then refuse to use) the so-called BackPack (a hard drive that works via a parallel port) — an extremely unreliable device;
— ground your computer. A good ground can be, for example, the metal reinforcement of the house (but not the batteries);
— never trust repairs (assembly, disassembly, connection of additional devices, upgrades) to unqualified persons;
— buy a computer and components only from reliable and proven companies. You can learn more about this, for example, in the Fido conference — PVT.EXCH.BLACK.LOG. I will give just a few examples of companies where you should NOT buy computers: Vist, Formosa, R&K,
Partiya, Land (Tok International), Al Tech. Good companies: NT, Moskovsky Negotiant, Klondike, Compulink.
7.2. Protection from software failures
— use reliable operating systems. In our opinion
the best choice is — Microsoft Windows NT 4.0 (5.0).
The Windows 95 operating system is very unstable and contains many
bugs;
— never use the disk caching program
smartdrv.exe — always remove it from the config.sys and autoexec.bat files,
as well as other software (this also applies to hardware cache controllers
) disk caching programs (Norton Speed Drive, Rocket and
etc.). As a rule, most hard drive failures occur precisely because of them;
— never use Norton Utilites for Windows 95 (if you
still use this operating system);
— do not use the Direct Access function in the Dos Navigator program,
sometimes it works very incorrectly;
— and finally, the most important thing — perform periodic backups (archiving) of all important
data. Moreover, it is desirable
have at least two copies (different dates) of your important data —
remember a miser pays twice or even thrice! DO NOT FORGET ABOUT ENCRYPTING
IMPORTANT DATA!
8. WHAT DOES YOUR COMPUTER REMEMBER?!
Let's consider another aspect of our security. These are the bad
functions of many programs: keeping log files, protocols, remembering everything
you did, etc.
Protection from Microsoft programs
Microsoft programs have an unusually exclusive
the number of all sorts of «backdoors», «hatchways», «bugs», etc. Here
are just a few examples:
— Microsoft Outlook Express 4.0 — all the letters you've ever sent, received or deleted, it still stores in its
database. Therefore, we recommend periodically deleting (preferably using unrecoverable
methods, for example, using the Kremlin 2.1 program) these files. They
are located in the directories:
WindowsAplicationMicrosoftOutlook ExpressMail — mail —
here you need to delete all files with the IDX and MBX extensions.
WindowsAplicationMicrosoftOutlook ExpressNews — news —
here you need to delete all files with the NCH extensions.
— Microsoft Internet Explorer 4.0 — in the directories:
WindowsCookies — stores Cookies files (it is better to periodically delete them
using the Kremlin 2.1 program).
WindowsTemporary Internet Files — stores the places where you have been
to the Internet (it is better to periodically delete them using the Kremlin
2.1 program).
— Microsoft Windows 95 — in the directories:
WindowsHistory — stores all history files (it is better
to periodically delete them using the Kremlin 2.1 program).
Windowsname.pwl — in these files, Windows stores names, phone numbers
and passwords for connecting to the Internet, all of them are easily (using
special programs) decrypted…
WindowsProfilesname — where name is the user name, stores
profiles and all settings for specific users (this is also true for Windows NT, by the way
)
AplicationMicrosoftOutlook ExpressMail — mail
AplicationMicrosoftOutlook ExpressNews — news
AplicationMicrosoftAddress Book — address book
Cookies — Cookies files
Favorites — Internet bookmark files
History — Windows history files
user.dat — user parameters
user.da0 — backup
This is only a small part of the possible examples, most other
programs (modem, fax, FTP clients, browsers, etc.) keep
log files (where and when you were, what you did), caches, etc. — CHECK
AND TRACK THIS, BE VIGILANT! And delete them with the
program Kremlin 2.1.
On the issue of CMOS SETUP
Here is another clear example of loopholes for special services.
Any computer has the ability to set a password for entry. But few
who knows that specially for the special services (BIOS developers) universal passwords were created
that open the entrance to any computer.
Here are some examples:
— AWARD BIOS: AWARD_SW, lkwpeter, Wodj, aPAf, j262, Sxyz, ZJAAADC
— AMI BIOS: AMI, SER, Ctrl+Alt+Del+Ins (hold during loading,
sometimes just INS)
Naturally, you need to enter the password in accordance with the register
of the letters.
Programs that authorize in Online
Recently, programs have begun to appear more and more often that
check their legality via the Internet (or rather, when you
are on the Internet, they are checked unnoticed, and then delight you
with a message that — supposedly this is an illegal copy — a clear example
of Bullet Proof FTP). But that's not all, there is an opinion that such
programs, such as the Windows operating system, are capable of somehow
monitoring everything that happens on the computer (either themselves or by
team from the Internet) and send all the data to their
developers. There was a scandal recently when one well-known FTP client
sent all the entered names and passwords to its developers. So
be careful!
Keyboard loggers
These are programs that provide the ability to record what you
type on someone else's computer, the owner of that computer, or, if
you look at it from the other side, your right to see what was going on
on your computer while you were out of the office.
Both are done by the same method: everything that is typed on the
keyboard is entered into a text file by a special program. So, the text you type on a computer in a business center or Internet cafe
can easily become the property of the owner of such a computer. Technically,
such an operation is performed by a class of programs called keyboard
loggers. They exist for different operating systems, can
automatically load when turned on, and disguise themselves as resident
antiviruses or anything else useful.
The best of the programs tested by the authors, Hook Dump 2.5
(http://geocities/SiliconValley/Vista/6001/hookdump.zip, for
Win 3.1 and Win 95), written by Ilya Osipov
(http://halyava.ru/ilya/), can be automatically loaded when
the computer is turned on, without revealing its presence in any way.
The text typed on the keyboard, the names of the programs in which it was typed
text, and even a hidden password in Dial-Up Networking, which was not
typed at all — everything is written to a file located in any directory
and under any name. The program has many settings that allow
you to determine the desired configuration.
9. PROTECTION FROM HARMFUL COMPUTER FACTORS
Our current life is unthinkable without a PC, but when working with it
it is necessary to take into account a number of recommendations that will help maintain your
health.
1. The optimal distance between the screen and the working PC should
be about 50 cm.
2. It is best to use new
color LCD monitors as a PC monitor.
3. The ideal (from a health safety point of view)
computer is a «Notebook» type.
4. If you use a regular CRT monitor, then it is
mandatory to use a protective screen of class —
full protection. We recommend: Russian Shield (Gold or Platinum).
5. The top of the screen should be approximately at the level of the horizontal
line drawn from the eyes to the screen.
6. During work, the position of the hands should be
horizontal, the forearms should be extended at the elbows at an angle of 90
degrees, the back should be straight. The hands should have support on the table.
7. During normal work, the head should not be tilted too much
so as not to cause headaches and neck pain.
8. The keyboard should be located no closer than 10 cm from the edge of the table.
When working with the keyboard for a long time, it is undesirable for your hands and
forearms to rest on the corner of the table.
9. It is desirable for the computer to be grounded.
10. When working with a PC for a long time, timely rest and
warm-up are important.
11. When working with a monitor, you should not sit «like a post»,
you need to periodically change your position, move your shoulders, blink
your eyes or close them for a few seconds. You need to breathe freely.
After 30-45 minutes of intensive work, a break and gymnastics are advisable, including for the eyes.
12. After 10 minutes of work, it is useful to look away from the screen for 5-10 seconds.
13. You should limit the time spent intensively working with a PC; no more than 4
hours per day.
14. Workstations with a PC should be installed in a certain way
relative to light openings:
Door
цњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњ<њњњњњњњњњњњњњњњњњ>њњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњ—
‹ Allowed Recommended ‹
‹ ‹ ‹ Table ‹ ‹ Table ‹ ‹
‹ Іњњњњњ њњњњ— ‹Іњњњњњ—Іњњњњњ—‹ ‹Іњњњњњ—Іњњњњњ—‹ Іњњњњњњњњ— ‹
‹ ‹ Armchair ‹ ‹‹Kla- ‹‹ ‹‹ ‹‹ ‹‹ Kla-‹‹ ‹Armchair ‹ ‹
‹ ‹line њњ> ‹ ‹‹via- ‹‹VDT ‹‹ ‹‹VDT ‹‹ via-‹‹ ‹<њњ line‹ ‹
‹ ‹ vzora ‹ ‹‹tura ‹‹ ‹‹ ‹‹ ‹‹ ‹‹ tour‹‹ ‹vzora ‹ ‹
‹ њњњњњњњњњњњњ± ‹њњњњњ±њњњњњ±‹ ‹њњњњњ±њњњњњ±‹ њњњњњњњњњњ± ‹
‹ њњњњњњњњњњњњњњњњ± њњњњњњњњњњњњњњњњ± ‹
‹ Window Window Window ‹
њњњњњњњњњњњњ<њњњњњњњњњњњ>њњњњ<њњњњњњњњњњњ>њњњњњњ<њњњњњњњ њњњ>њњњњњњњњњњњ±
— The layout of workstations with PCs must take into account the distances
between work desks with video monitors (in the direction of the rear
of the surface of one video monitor and the screen of another video monitor),
which must be at least 2.0 m, and the distance between the side
surfaces of video monitors is not less than 1.2 m.
— The design of the desktop should ensure optimal
placement of the equipment used on the work surface, taking into account its quantity and design features (size of the VDT and PC, keyboard, music stand, etc.), the nature of the work performed. In this case, it is allowed to use work tables of various designs that meet modern ergonomic requirements.
— The design of the work chair (armchair) must ensure
maintaining a rational working posture when working on the VDT and PC,
allow changing the posture in order to reduce static muscle tension
neck, shoulder and back to prevent fatigue.
— The work chair (armchair) should be lift-and-swivel and
adjustable in height and angles of the seat and backrest, as well as
the distance of the backrest from the front edge of the seat, while the adjustment
of each parameter should be independent, easy to implement and
have a secure fixation.
— The surface of the seat, backrest and other elements of the chair (armchair)
should be semi-soft, with a non-slip, non-electrifying and
breathable coating, ensuring easy cleaning from
dirt.
10. SAFETY WHEN WORKING WITH BBS AND FTN NETWORKS
In this chapter, we will consider the basic recommendations that are advisable
to use for your safety when registering and working with
BBS and FTN networks.
BBS is a hardware and software complex that provides access to programs and information using a
modem and the necessary software.
FTN networks (e.g. Fido) are amateur computer networks
designed for exchanging e-mail messages.
So, our recommendations:
1. CHECK THE ABSENCE OF CALLER ID. Before calling a BBS or FTN,
make sure (e.g. by calling from a cell phone, from a
Panasonic-type phone, from a payphone, or from a phone that
is guaranteed not to be detected by the Caller ID system) that on this node
there is no Caller ID system. If the BBS list (or advertisement) indicates the type of
modem: Russian Courier, Zyxell or IDC — then you can not call there,
with a probability of 99% they use Caller ID. Caller ID reveals itself
with a characteristic click and a sound signal, usually after the first
beep (i.e. it picks up the phone and then there are beeps issued by the Caller ID itself, and usually different in tone from the first beep).
If Caller ID is there, but you still need to remain anonymous, then
use AntiAON, AntiAON functions are present in almost
all telephones with Caller ID (for example, in RUS or Phone Master).
Or buy (there are plenty of them at the radio market in Mitino) the AntiAON attachment, it
will come in handy more than once! It is better to turn on the AntiAON function almost immediately
after dialing the number and hold it for some time, experiment
and the skill will come to you. If Caller ID cannot identify the number, then after
picking up the handset, Caller ID will hear characteristic tone signals (about 9
pieces).
2. USE FICTITIOUS DATA WHEN REGISTRATION. You should never register under your real name, because you don’t know who
might get your data and what they might be used for.
Take any telephone database, for example KOTIK or its Online
version: http://xland.ru:8088/tel_win/owa/tel.form and enter any
surname you made up. You shouldn’t enter trivial surnames, like —
Ivanov, Petrov, Smirnov, Andreev, Alekseev, etc. It’s better to use something not
quite ordinary, well, the first thing that comes to mind: Levashov, Dubinin, Avdotin, Sadovsky, etc. Next, write down anyone from the list that was given (write down the initials, address and phone number).
10.1. Interesting BBS
Below is a list of the most interesting (in our opinion)
Moscow BBS:
Іњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњ—
‹ BBS name ‹ Phone ‹ Opening hours ‹
‹ ‹ ‹on weekdays on weekends ‹
њњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњ њњњњњњњњњЊ
‹ Anarhia BBS ‹095-948-6250‹ 06:00-14:00 ‹ <<< ‹
‹ DGN LTD BBS (AON) ‹095-582-4922‹ 24h ‹ 24h ‹
‹ Fantom BBS ‹095-907-0382‹ 24h ‹ 24h ‹
‹ Gnosis Occultus BBS ( AON) ‹095-916-4042‹ 22:30-07:00 ‹ <<< ‹
‹ Hack’s Station BBS Line#1 ‹095-430-4530‹ 22:30-08:00 ‹ <<< ‹
‹ Hack’s Station BBS Line#3 ‹095-437-0960‹ 01:00-09:00 ‹ <<< ‹
‹ Hacker's Stone BBS ‹095-344-1227‹ 00:00-12:00 ‹ <<< ‹
‹ InfoScience BBS line 2AON‹095-923-0871‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 4AON‹095-923-2003‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 5AON ‹095-229-7622‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 6AON‹095-229-3985‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 8AON‹095-913-9944‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 9AON‹095-913-9945‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 12AON‹095-742-144 0‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 13AON‹095-742-1441‹ 24h ‹ 24h ‹
‹ InfoScience BBS line 14AON‹095-742-1443‹ 24h ‹ 24h ‹
‹ MSAAB BBS ‹095- 270-0237‹ 24h ‹ 24h ‹
‹ MAKET (AON) ‹095-263-1129‹ 24h ‹ 24h ‹
‹ Orl. Corp ‹095-152-9044‹ 23:00-07:00 ‹ 24h ‹
‹ Some Old Bullshit BBS(AON)‹095-236-3424‹ 00:00-07:30 ‹ <<< ; ‹
‹ SoftLand BBS ‹095-932-9053‹ 24h ‹ 24h ‹
‹ Shadow Gluck BBS SG#1(AON)‹095-452-4103‹ 24h ‹ 24h ‹
‹ The Videoman station ‹095-432-0257‹ 23:00-08:00 ‹ <<< ‹
њњњњњњњњњњњњњњњњњњњњњњњњњњњњњњњ™њњњњњњњњњњњњњ™њњњњњњњњњњњњњњњњњњњњњ±
Notes:
Caller ID — presence of Caller ID at the station.
24h — the station operates 24 hours a day.
<<— The station operates the same as on weekdays (see the
weekdays column).
10.2. Interesting conferences on the Fido network
Below is a list of the most interesting (in our opinion)
Fido conferences:
Mo.Advice — answers to any questions
Mo.Books.Wanted — search and sale of books
Mo.Talk — Moscow conversations
Mo.SoftExchange — search for programs
Mo.Wanted — search for everything else
N5020.Point — search for point vacancies in Moscow Fido
Ru.Aon — about AONs
Ru.Anti.Ats — about the fight against ATS
Ru.Army — how to dodge the army
Ru.Internet — questions about the Internet
Ru.Internet.Chainik — similarly, but for dummies
Ru.Internet.WWW — announcements of new WWW sites
Ru.Phreaks — phreaking, hacking cell phones, cards, etc.
Ru.Crypt — cryptography
Ru.Security — security
Su.Chainik — questions about FTN technology
Su.Chainik.Faq — FAQ
Su.Chainik.General — general questions
Ru.Hacker — about hackers and for hackers
Su.Hardw.chainik — questions about hardware
Su.Hardw.phones — about phones
Su.General — a little bit of everything
Su.Spy — spy echo
Su.Virus — computer viruses
Su.Pol — politics
Su.Pol.Theory — politics (theory)
Survival.Guide — survival and security
XSu.Cellular — cell phones
11. INTERNET SECURITY
11.1. CHOOSING A PROVIDER
Choosing a provider — this is the starting point from which your
journey into the fascinating world of the Internet begins.
When choosing, you need to take into account the fact that almost all
providers require identification of your identity (full name, passport
data, etc.).
How to overcome this and other problems, read below.
1. CHECK THE ABSENCE OF CALLER ID. If you want to maintain your
privacy when working with the Internet, then first of all you need to
make sure that the provider does not have caller ID equipment. To do this,
test calls are made to working (specifically working and not
test lines — their phone numbers must be found out in advance from the provider
or from other sources) telephone lines, for example, from a cell phone, from a clone phone like Panasonic, from a payphone, or from a
phone that is guaranteed not to be detected by the Caller ID system. Caller ID
makes itself known with a characteristic click and sound signal, usually
after the first beep (i.e. it picks up the phone and then there are beeps
issued by the Caller ID itself, and usually different in tone from
the first beep).
If there is Caller ID, but you still need to remain anonymous, then
use AntiAON, AntiAON functions are present in almost
all telephones with Caller ID (for example, in Rus or in Phone Master).
Or buy (there are plenty of them at the radio market in Mitino) the AntiAON prefix, it
will come in handy more than once! It is better to turn on the AntiAON function almost immediately
after dialing the number and hold it for some time, experiment
and the skill will come to you. If Caller ID cannot identify the number, then you, after
When you pick up the receiver, you hear characteristic tone signals (about 9
pieces).
It is well known that all
providers using Zyxell modems (for example, Deol) have AON equipment, as well as all
providers making payments on credit (MTU-Inform, GOT, etc.).
2. USE FICTITIOUS DATA WHEN REGISTRATION. You should never
register under your real name, because it is unknown who
may get your data and what they may be used for.
Take any telephone database, for example KOTIK or its Online
version: http://xland.ru:8088/tel_win/owa/tel.form and enter any
last name you made up. You shouldn't enter trivial last names, like —
Ivanov, Petrov, Smirnov, Andreev, Alekseev, etc. It's better to enter something not
quite ordinary, well, the first thing that comes to mind: Levashov, Dubinin,
Avdotin, Sadovsky, etc. Then write down anyone from the list
(write down the initials, address and phone number). And on top of everything, you need
make up fake passport data, like series, number, who issued it, when.
By the way, using the OZOM database, you can determine the affiliation of a specific street to a specific
police department — for even greater authenticity.
Now all you have to do is make some kind of ID with your
photo and fictitious data. To be convincing, you need to get a
stamp (from friends, or make one — any stamp in Moscow costs about
$50) — better yet, a government-issued one. An ID can, for example,
say that you are: a student, a security guard, a prosecutor's office employee, an employee of
FAPSI (FSB, Ministry of Internal Affairs), or just any employee of any company.
Then you go to the provider's office (it's better in the morning — people are
kinder in the morning) and say that you want to register (become their client) and
when it comes to the passport (sometimes it is enough to just enter the passport
data without showing it) say that they did not take it (like no one and
said on the phone that you need a passport) — BUT you remember your
passport details (fictitious, of course!) by heart — this will most likely
pass (since there are few clients these days, and everyone wants money). For
persuasiveness, you can show your ID (also when entering
some offices where they require a passport — it can be very useful to you).
If you want there to be no evidence at all, you can also make
a facsimile of a fictitious signature and put it on the contract (invisibly, of course).
If it doesn't work, then leave with an offended look and threaten: like
I will never set foot in your rotten office again.
3. USE PROVEN PROVIDERS. The trick with left
passport data can work best in small offices, and in
large companies like Demos and Relcom it is even better not to bother (unless
of course you have a well-made student card or
passport).
Below is a list of more or less stable Moscow
providers that will help you make the best choice.
4. USE TEST INPUTS. Some providers (for example
Corbina), if you call them and ask to check the quality of the connection
they will give you a phone number where you can do this. As a rule, the time
of work on the test line is 15-60 minutes, which is quite enough
to carry out some promotions.
Here are some examples:
Provider «CARAVAN»
tel. 332-4486, fax 129-3500
a. Serial phone 332-4768 (8 lines).
b. Individual phones:
332-4122, 332-4123, 332-4124, 332-4125, 332-4126, 332-4127,
332-4274, 332-4264, 332-4255, 332-4252, 332-4246,
332-4454, 332-4469, 332-4472, 332-4793.
c. 129-1744, 129-3254, 129-3290.
d. Serial phone 931-67-88 (11 lines).
Direct phones for the series:
931-6001, 931-6009, 931-6100, 931-6133, 931-6136, 931-6144, 931-6145,
931-6540, 931-6541, 931-6542, 931-6788.
e. Individual telephones: 939-1475, 939-3084, 939-5213, 939-4270,
939-3275, 939-5118, 939-2635, 939-5237, 939-5236.
You can use the channel for free from 4 am to 10 am
daily. By telephones that begin with 332. Login: free,
Password: caravan. If they don’t let you in, it means that all the free
modem inputs are already occupied.
Provider «SITEK». You can get free
E-Mail from this provider!
At windoms.sitek.net
Tel : 742-9420(21)
963-3101
964-1301
964-1091
995-1090
DNS : (I) 195.212.225.2
(II) 195.212.225.162
Login : sitek
Password : sitek
5. USE ADVERTISING ACCESS. Some providers (for example
Russia Online) offer (or attach to the purchased modem,
computer, etc.) a software package, documentation and a certain number of hours
of free work on the Internet (usually 5-10 hours). Use
this, not forgetting the general safety rules described by us.
Other providers (for example, SITEK) simply sell a sealed
envelope containing a name, password, and a certain number of
hours of Internet use. This is probably the safest option, where you
do not expose your data in any way. Such envelopes can be
purchased, for example, at the radio market in Mitino or at SITEK itself.
6. USE THE «LEFT» DNS. In order to hide your
IP address, or rather not even hide it, but use the IP address of another
provider, you need to set the DNS
of another provider (for example, Demos) in the connection setup parameters.
For example, here is the DNS of the Demos provider:
Primary 194.87.0.8
Secondary 194.87.0.9
And here is the DNS of the Glasnet provider:
Primary 195.218.218.38
Secondary 195.218.218.37
7. MOSCOW INTERNET PROVIDERS. Below is a list
of the most famous Moscow providers.
Name: JSC Relcom
Postal address: 123098, Moscow, st. Marshal Vasilevsky,
d. 1, bldg. 1.
Phone/fax: 196-07-20. 196-08-20, 196-08-23/196-32-95
E-mail: support@relcom.ru
Home page: http://relcom.ru
Service:
http://relcom.ru:80/Relcom-Moscow/OfficialDocs/Pricelist/
Name: «Demos+ Company»
Postal address: 113035, Moscow, Ovchinnikovskaya nab., 6/1
Phone/fax: 956-60-80, 956-62-33/956-50-42
E-mail: info@demos.su
Home page: http://demos.su
Service: http://demos.su/eng/price-e.htm
Name: «Got»
Postal address:
Phone: 921-36-01, 923-21-27
Modem phones: 925-3503, 925-3507, 925-7165, 924-5847, 923-8741,
925-1994
E-mail:
Home page: http://got.mmtel.ru
Service:
Name: «Corbina Telecom»
Postal address: Ryazansky pr., 30/15
Phone: 755-5648
E-mail: sales@corbina.ru
Home page: http://corbina.ru
Service:
Name: InComa
Postal address: 125252, Moscow, ul. Kyusinena, 21B, office
60.
Phone/fax: 198-73-81/913-25-12
E-mail: info@incomma
Home page: http://fastnet.ru
Service: http://fastnet.ru/bnet/bnet.html
Name: JSC «Techno Center Plus»
Postal address: 115395, Moscow, ul. Yunosti, 13, bldg. 2.
Phone/fax: 374-76-63, 965-10-10, 465-90-25/374-00-02
E-mail: info@techno.ru
Home page: http://techno.ru
Service: http://techno.ru/koi/netgroup/netprice.html
Name: OJSC «Moscow International and Long-Distance Telephone»
Postal address: 119895, Moscow, Zubovskaya square, bldg. 3.
and st. Arbat, 46
Phone/Fax: 241-6232, 246-02-43, 338-00-11, 241-84-81
/246-41-53, 241-71-01
E-mail: commt@db.mmtel.msk.su
Home page: http://mmtel.msk.su
Service: http://mmtel.msk.su/koi8/mmtel/tarmmtel.html
Name: SP «SOVAM TELEPORT» (Russia Online)
Postal address: 111250, Moscow, Krasnokazarmennaya st., bldg.
12.
Phone/Fax: 258-41-75/258-41-69
E-mail: sale@online.ru
Home page: http://online.ru
Service: http://koi.online.ru/rservices/rinvite.xhtml
Name: TOO «Elvis+»
Postal address: 103460, Moscow, Zelenograd, Central
prospect, 11.
Phone/Fax: 536-95-51, 531-46-33/531-24-03
E-mail: www@elvis.ru
Home page: http://elvis.ru
Service: http://elvis.ru/BBS/price.html
Name: JSC «ROSPRIIT»
Postal address: 103375, Moscow, Tverskaya st., bld. 7.
Phone/Fax: 201-68-90/923-23-44
E-mail: sales@sovmail.rosprint.ru
Home page: http://rosprint.ru
Service:
Name: Space Research Institute RAI
Postal address: Moscow, Profsoyuznaya st., bld. 84/32.
Phone/Fax: 913-30-41/913-30-40
E-mail: info@space.ru
Home page: http://space.ru
Service: http://space.ru/english/spacenet/plist.html
Name: SELF Joint Stock Company
Postal address: 103617, Moscow, Zelenograd, bldg. 1412.
Phone/fax: 530-26-00/530-34-44
E-mail: Support@CompNet.RU
Home page: http://compnet.ru
Service: http://compnet.ru/news-bin/news/compnet.prices
Name: JSC «Orgland»
Postal address: 103527, Moscow, Zelenograd, bldg. 833.
Phone/fax: 532-10-40, 532-00-06, 532-56-33/532-90-90
E-mail: admin@orgland.zgrad.su
Home page: http://orgland.ru
Service: http://orgland.ru/orgland/orgprice.html
Name: Company «Elvis-Telecom»
Postal address: 125190, Moscow, PO Box 211 .
Phone/fax: 152-97-00/152-46-61
E-mail: pau@telekom.ru
Home page: http://telekom.ru
Service: http://telekom.ru/rus/rprice.html
Name: LMS Corporation
Postal address: 115573, Moscow, PO Box 211.
Telephone/fax : 323-90-76, 324-44-40/323-90-24
E-mail: info@express.ru
Home page: http://express.ru
Service:
Name: Financial Telecommunications Community
Postal address: 117806, Moscow, Profsoyuznaya st., 65.
Phone/fax: 334-89-71, 913-30-76, 334-37-96, 330-56-85 /
330-37-96
E-mail: sales@sft.fact400.ru
Home page: http://sft.fact400.ru
Service: http://sft.fact400.ru/down/sft_ip.zip
Name: 2KOM Company
Postal address: 117342, Moscow, st. Bytlerova, 17B.
Phone/fax: 330-80-74, 330-45-47/330-45-56
E-mail: adm@mail2com.ru
Home page: http://com2com.ru
Service: http://com2com.ru/koi8/support/intlet1.html
Name: Rinet
Postal address: Moscow, 1-y Khvostov per., bldg. 11a.
Phone/fax: 238-39-22
E-mail: info@rinet.ru
Home page: http://rinet.ru
Service: http://rinet.ru/price/price.html
Name: «Zenon N.S.P»
Postal address: Moscow, 1-ya ulitsa Yamskogo polya, bldg. 19.
Phone/fax: 251-57-02, 250-46-29
E-mail: www@aha.ru
Home page: http://aha.ru
Service: http://sunny.aha.ru/users/prices.htm
Name: ZAO «Garant-Park»
Postal address: 119899, Moscow, Vorobyovy Gory, MSU,
Yauchny Park
Phone/Fax: 932-91-50, 932-91-51/932-91-50
E-mail: info@park.ru
Home page: http://park.ru
Service: http://park.ru/INFO/info?k+net/price
Name: Association of Computer Network Users «Glasnet»
Postal address: 103009, Moscow, Gazetny per., 9, building 2.
Phone/fax: 222-09-90/229-00-43
E-mail: support@glasnet.ru
Home page: http://glasnet.ru
Service: http://glasnet.ru/brochure/rusprice.html
Name: Company «NetState Communications»
Postal address: Moscow, st. Tverskaya, 5/6, entrance 4.
Phone/fax: 292-73-17/292-76-35
E-mail: info@goldnet.ru
Home page: http://wwwnet.ru/
Service:
Name: Company «CENTRONET»
Postal address: 12342 4, Moscow, Volokolamskoye sh., 112
Phone/fax: 491-85-76/491-30-66
E-mail: eugenie@astro.ru
Home page: http://astro.ru/
Service: http://astro.ru/docum2.htm
Name: JSC «IS GEIEZIS»
Postal address: 127276, Moscow, st. Botanicheskaya, 14
Phone/Fax: 903-94-94, 903-94-82/903-94-25
E-mail: root@genesis.msk.ru
Home page:
Service: BBS 401-41-74 (file genesis.exe)
Name: Online Resource Center
Postal address: Moscow, Leninsky pr., 32/a
Phone/fax: 938-29-83/938-29-81
E-mail: admin@orc.ru
Home page: http://orc.ru/
Service: http://orc.ru/price/pricerus.html
Name: ZAO «RFK»
Postal address: 107076, Moscow, Preobrazhenskaya sq., bldg. 6/68,
str. 3
Phone/fax: 964-03-73, 964-03-91/964-25-19
E-mail: support@transit.ru
Home page: http://transit.ru
Service: http://transit.ru/koi8/priceip.htm
Name: Company «CITYLINE»
Postal address: 119034, Moscow, Korobeynikov per., 1/2,
building 6.
Phone/Fax: 245-88-68/245-88-77
E-mail: webmaster@cityline.ru
Home page: http://cityline.ru
Service: http://cityline.ru:8083/prices.html
Name: «Data Express Corp.» (Deol)
Postal address: 117279, Moscow, st. Ostrovityanova, 37a.
Phone/fax: 932-72-01, 932-76-01/932-74-10
E-mail: sysop@deol.ru
Home page: http://koi8.deol.ru
Service: http://koi8.deol.ru/service/instr.htm
Name: QuasiWest Ltd.
Postal address: 119899, Moscow, Vorobyovy Gory, Iachny
MSU park, bldg. 7.
Phone/Fax: 247-62-08/932-91-04
E-mail: info@netclub.ru
Home page: http://netclub.ru
Service: http://koi.netclub.ru/Russian/netprice.html
Name: «MASTAK-IIFO» (Sitek)
Postal address: 111020, Moscow, P.O. Box 100. (Storozhevaya St., bldg.
23).
Telephone/fax: 964-12-01/964-11-83
360-6909, 334-4406
E-mail: postmaster@sitek.net
Home page: http://sitek.ru
Service:
http://koi.sitek.ru/sitek_inform/price/serviseprices.html
Name: JSC «Ropnet»
Postal address: 103084, Moscow, Myasnitskaya st., 47.
Phone/fax: 207-75-56/207-32-01
E-mail: root@ropnet.ru
Home page: http://ropnet.ru/
Service: http://ropnet.ru/koi/internet/inter_pr.html
Name: TOO GAMMA
Postal address:
Phone/fax: 939-39-07/938-21-36
E-mail: mailto:postmaster@gamma.ru
Home page: http://gamma.ru
Service: http://gamma.ru/cgi-bin/prices/koi?rates=comm :
http://gamma.ru/cgi-bin/prices/koi?rates=noncomm
Name: TERRA RUTHENIA
Postal address:
Phone/fax: 924-20-28 /
E-mail: mailto:info@ru
Home page: http://ru/
Service: http://ru/services.koi.html
Name: Data Force
Postal address: 3-y Samotechny pereulok, 11
Phone: 288-9340
E-mail: info@dataforce.net
Home page: http://dataforce.net/
Service:
Name: Global One
Postal address: Tverskaya st., 7
Phone: 201-9285
E-mail:
Home page: http://global-one.ru/
Service:
Name: NetPass
Postal address: Sadovnicheskaya st., 76, building 2
Phone: 961-2460
E-mail: sales@netpass.ru
Home page: http://netpass.ru/
Service:
Name: Plug Communication
Postal address: Merzlyakovsky per., 3-1-1
Phone: 795-0955
E-mail: info@plugcom.ru
Home page: http://plugcom.ru/
Service:
Name: GoldNet
Postal address: Tverskaya st. , 5/6, entrance ј4
Phone: 292-7317
E-mail: mailbox@goldnet.ru
Home page: http://goldnet.ru/
Service:
Name: Infotel
Postal address: Presnensky Val, 19, office 911
Phone: 252-0701, 252-1212
E-mail: info@infotel.ru
Home page: http://infotel.ru/
Service:
Name: Commbelga
Postal address: Mytnaya st., 3, entrance 2, 14th floor
Phone: 931-9950
E-mail: sales@co.ru
Home page: http://co.ru/
Service:
Name: Comstar
Postal address: 3-ya Tverskaya Yamskaya, 39/5
Phone: 956-0000
E-mail: request@comstar.ru
Home page: http://comstar.ru/
Service:
Name: Megabit7
Postal address: VVC (VDNKh)
Phone: 234-5065
E-mail: support@megabit7.ru
Home page: http://megabit7.ru/
Service:
Name: Microdin
Postal address: Novozavodskaya st., 18
Phone: 145-9755, 145-9380
E-mail: office@microdin.ru
Home page: http://microdin.ru/
Service:
Name: MTU-Inform
Postal address: Smolenskaya-Sennaya pl., 27-29, p. 2
Phone: 258-7878
E-mail: info@mtu.ru
Home page: http://mtu.ru/
Service:
Name: Redline
Postal address: Tsvetnoy Bulvar, 30, room 517
Phone: 200-2475, 291-6132
E-mail: redline@redline.ru
Home page: http://redline.ru/
Service:
Name: FT-Center
Postal address: Pokrovsky Boulevard, 3
Phone: 208-3300, 917-5232
E-mail: info@ftcenter.ru
Home page: http://ftcenter.ru/
Service:
Name: Central Telegraph
Postal address: Tverskaya St., 7, entrance 4
Phone: 201-6884, 201-9262
E-mail: spu@m400.ctel.msk.ru
Home page: http://ctel.msk.ru/
Service:
Name: Elcatel
Postal address: st. Butlerova, 15, office 150
Phone: 424-1811
E-mail: info@elkatel.ru
Home page: http://elkatel.ru/
Service:
11.2. ON THE WWW WITHOUT A TRACE
When surfing the Internet, we don’t often think about the fact that
we leave traces of our visits every time we visit
a site. Perhaps, we wouldn’t have to worry about this if
the amount of information that site owners can potentially
obtain about us wasn’t so great. Standard log files, clever
scripts and other tricks of curious owners can find out a lot about you: the type of computer and operating system, the country of residence, the name and address of the provider, and often even the email address and your name. There are many reasons why a user might not want to leave traces of their presence. This includes the reluctance to disclose their email address to avoid becoming a victim of spam, and the need to get information from a site that varies the answer independing on the country from which the request is sent. Or, for example, you
often visit your competitors' Web site, and want to do it
anonymously.
In addition, there are such nasty things as cookies, and more and more security holes are being discovered in
MSIE… In general, shouldn't we send someone else on a journey through the WWW? The idea is sober, and
quite easy to implement, and in several ways.
Method 1: Anonymizer
Anonymizer
allows you to do this kind of anonymous surfing. Go to their website (http://anonymizer or
http://iproxy), type in the URL you want, and off you go! When you follow a
link on a page you're viewing with
Anonymizer, you're taken to the next page again through
Anonymizer, so the process is automated and you don't have to type in a new URL
again. There were good times when Anonymizer would go
specified address immediately, but now for those who use this
service for free, there is a 30-second waiting period. In addition,
Anonymizer allowed the use of both HTTP and FTP resources.
Now, only registered users can use FTP.
When using this service, it is not you
who leaves a trace in the log files, but Anonymizer, which eliminates the possibility of collecting all the information
described above. No cookies reach you.
Some sites, for example (for example, Hotmail), are inaccessible through it,
which is obviously explained by the desire of their owners to monitor
visitors. The anonymizer also does not work with secure nodes
using the SSL protocol.
The anonymizer has two more pleasant features. Firstly,
some WWW sites are inaccessible from one place, but accessible from
another. Secondly, some sites give you information depending on
where your request comes from.
Method 2: Proxy
You can also anonymize your web browsing using a proxy
server. A proxy server essentially works like an Anonymizer, i.e.
it «takes» the document from the site, not you. True, there are some
important differences, namely:
— the proxy does not rid you of cookies (get rid of them yourself,
make the cookies.txt file read-only or disable (Disable All Cookies,
Disable the use of Cookies) their use in Internet Explorer
4.0 and all that!);
— the proxy server works with both HTTP and FTP, which makes it possible
to anonymize visits not only to Web sites, but also to FTP
archives;
— The IP address of your native proxy server, i.e. the one
provided by your provider, still reflects the name of your
domain or, at least, its approximate geographic location.
The last point leads us to the following conclusion: if you are very
it is important to remain anonymous when working with a website, or when
reading and sending mail using a browser (i.e. the type of service
offered by Hotmail), use someone else's proxy server, not your own.
Most proxy servers restrict access based on the IP
address from which the request is made. In other words, if you
use the Demos provider, then the Glasnet proxy server simply will not let you in. But fortunately, you can always find a «good»
on the Interneta proxy whose owners either openly declare its availability to everyone (for example this one), or a proxy that for one reason or another does not limit access to its domain, which is not known to the general public, for example:
noc.uncu.edu.ar:8080
proxy.co.rmit.edu.au:8080
conan.gocis.bg:8080
proxy.intermedia.cl:8080
webcache.ms.mff.cuni.cz:8080
proxye1-atm.maine.rr:8080
infosun-fd.rus.uni-stuttgart.de:8080
linux.softec.es:8080
nivel.ttaol.fi:8080
proxy.galactica.it:8080
go.jo:8080
zip-translator.dna.affrc. go.jp:30001
cvs2.kyunghee.ac.kr:8080
magicall2.dacom.co.kr:8080
proxy1.jaring.my:3128
mpls.cache. mr.net:3128
w3cache.us.edu.pl:8080
sunsite.icm.edu.pl:8080
proxy.qatar.net.qa:8080
bill. ostrabo.uddevalla.se:8080
proxy1.turnet.net.tr:8080
proxy2.turnet.net.tr:8080
episd.elpaso.k12.tx.us:8080
proxy.telekom.yu:8080
proxy.cybergate.co.zw:8080
svc.logan.k12.ut.us:8001
archmate.tw:3128
anonymizer:8080
http://proxy.emirates.net.ae/proxy.pac (AUTOCONFIG)
An updated list of anonymous Proxy servers can always be found at
http://lightspeed.de/irc4all/eindex.htm.
To configure the browser in Netscape Navigator, go to
Options=>Network Preferences=>Proxies=>Manual Proxy
Configuration=>View and enter the specified values. In MS Internet
Explorer is similar. Having done this simple operation, you will be able
to surf the net, leaving a trace, for example, as a Bulgarian or
American user, but… there is one very important point here.
Not all proxy servers are completely anonymous.
Some of them allow the administrator of the site you are visiting
using a proxy, if desired, to determine the IP address from which
the proxy is accessed, i.e. your real IP address.
Check your proxy for its complete or partial
anonymity:
http://tamos/bin/proxy.cgi
If you get the message Proxy server is detected! — your proxy
has a «hole», and you will be provided with information about your real IP
address, as well as about the IP address of the proxy server that you
are using. If the message says Proxy server is not detected —
everything is fine! It is recommended to do this periodically (at least once a month)
check the proxies you work with for anonymity.
Finally, a few more thoughts regarding the use of
proxy servers. Working through a remote proxy reduces
the speed of data transfer and latency. In addition, the author does NOT
recommend using the proxy addresses listed above, since
if all readers start using them, then very soon the pleasure
will end and access to them will be closed (if it hasn't already been closed). Find
your own proxy, it's not difficult. The author found these addresses in 5 minutes. In
Altavista, type in keywords, something like
proxy+server+configuration+Netscape, and you'll get a list of pages where
providers tell their users how to configure their browsers
to work with proxies. Try everything in a row, on the fifth or seventh time you
will be lucky — the proxy will agree to work with you.
Method 3: Erase the cache
Most WWW clients save all the places on the Internet where you have been in a special directory (cache). For your safety, it is advisable to periodically (say, every day or once a week) erase the contents of the cache (it is better to use non-recoverable methods of erasing information, for example, using the Kremlin 2.21 program). In Internet Explorer 4.0 (the best WWW client in our opinion), it is located in the directory: WindowsTemporary Internet Files
Specially for the paranoid
But different anonymizers can be built into chains! Of course,
you can't use a proxy server to contact another proxy server so that
it can go to a site for you, but you can use a proxy to contact
the Anonymizer. And you can also use the Anonymizer again to
the Anonymizer itself… Wow, the abundance of combinations is breathtaking.
Imagine!
CREATING WWW SITES
WWW sites, or more simply users' home pages, can
created for different purposes. Some, for example, will want to post a photo
of their beloved girl, while others (like us) will use
them for the purpose of propaganda and distribution of useful materials (including
for information warfare campaigns).
But in order to avoid trouble from those in power (or simply —
from your provider), it is advisable to adhere to some
recommendations listed below.
1. CHOOSE ONLY THE BEST
Today, the following free services are of interest for creating your own sites:
http://weekend.ru (ftp://ftp.weekend.ru) — Domestic
node, gives 10 MB of free space, update via FTP, an existing
E-Mail address is required.
http://bar.ru (ftp://ftp.bar.ru) — Domestic node, gives
10 MB of free space, update via FTP, an existing
E-Mail address is required.
http://geocities (ftp://ftp.geocities) — gives 6 MB
free space, update via WWW or FTP, requires
a valid E-Mail address. This is probably the most reliable and popular
node. But it is not so easy to get an address here, because you have to spend hours
wandering through different directories in search of the treasured word vacant.
Recently, in one of the Usenet newsgroups, we learned a way to bypass
this limitation. So, all that is required of you is to download
this URL (in one line, of course):
http://geocities/cgi-bin/homestead/new_app?hood=Athens/Academy
&addr=2470
Then the system will ask you to register, and at the end it will say
that this address (2470) is taken and in exchange it will offer a bunch of
other free ones to choose from, that's all. Moreover, to get to the desired
place — hood and addr can be whatever you like!
http://xoom (ftp://ftp.xoom) — give 5 MB of free
space, update via FTP, an existing E-Mail address is required.
http://tripod (ftp://ftp.tripod) — give 5 MB
free space, FTP update, existing
E-Mail address is required.
2. DUPLICATE YOUR SITES
This is especially true for those who are going to distribute
materials that contradict the laws of those in power. That is, it is best
to create several (2-5) of your pages with the same content, but
on different servers. Then it will be harder to shut you down. Remember that
hacker sites usually live no more than a week. But again, already
having a website, it won't be a big deal to put it somewhere else.
3. USE FREE E-MAIL
On almost all sites, when registering your website
you must have an existing E-Mail address. Therefore, you should stock up on a dozen or two different addresses from different free
providers (for example, in USA.NET and (or) Hotmail) in advance. Here you should
take into account the recommendations that we gave in the section YOUR SECOND ADDRESS.
4. WHEN REGISTRATION, ENTER ONLY FICTITIOUS DATA
In all systems, in order to get a free place
you need to enter a lot of data about yourself (full name, gender, age,
country, address, hobbies, etc.). However, it must be said that REALLY no one
most likely checks this data, we always entered the most ridiculous
data and everything passed. BUT it is best to make up some last name
(better of course not Ivanov and Petrov and say Nikolsky, Levashov or
something else) and use telephone databases like KOTIK, or their Online
version to find out the missing data:
http://xland.ru:8088/tel_win/owa/tel.form
Choose any Levashov (or whoever else) and feel free to enter
his data during registration. Moreover, it is not necessary to indicate that you
are from Russia, you can indicate that you are, for example, John Smith from the States or from
Albania… We recommend using new
names, addresses, countries, etc. with each new registration.
5. USE AN ANONYMOUS PROXY SERVER OR ANONYMIZER
It is advisable to always adhere to this recommendation, even during
normal work with the Internet. For more details, see above.
6. USE AN ANONYMOUS PROXY SERVER WHEN WORKING WITH FTP
When loading (updating) your site via FTP, you must also
use an anonymous proxy server. As a rule, in the FTP client settings, it must be set to the so-called Passive mode.
7. DISABLE THE USE OF COOKIES
It is advisable to always adhere to this recommendation, even during
normal work with the Internet. For more details, see above.
8. REGISTER WITH SEARCH ENGINES
There are two
surefire ways to let other people know about your site. First: you need to periodically advertise
your site in one or
several Usenet (FidoNet) conferences (for example, in the FIDO7.RU.INTERNET.WWW conference). Second:
you need to register your site with well-known search engines,
as a rule, the required registration item is called Add URL
(add URL, add resource, etc.). When registering, you may
either be asked only for the URL and the system will index it itself in
a few days, or also for the resource name, owner, subject, etc. In any case, it is advisable
to provide fictitious data about the resource owner, obtained, for example, from telephone databases such as KOTIK,
or you can use the Online version of this database:
http://xland.ru:8088/tel_win/owa/tel.form
Examples of search engines and resource directories worthy of attention:
http://search.ru/- Search engine for Russian resources
Internet.
http://- Russian search engine (and resource directory) RAMBLER.
http://stars.ru — Resource directory Internet Constellation. When registering, they require the name and phone number of the resource owner, but since no one will check it, it is enough to use any one obtained from
systems like KOTIK.
http://ru — Russia on the Net Resource Catalog.
http://altavista.digital — one of the most popular
bourgeois search engines. When registering, only the URL is required.
http://infoseek — a popular bourgeois search engine.
When registering, you must send your URL by E-Mail.
Instead of notifying each search engine manually, it would not hurt to register your site using a free service
submissions. Try Submit It
http://submit-it/, AddURL http://addurl/or 123
Add-It http://123add-it/.
9. TIPS FOR CREATING HOME PAGES
1. No more than five items at each level! The number of variations
at each level of the catalog should not exceed five. If there are more, group the items and create subcatalogs.
2. No more than three levels! Each piece of information should be
accessible with three mouse clicks.
3. No more than 30K! The size of each loaded page should not
exceed 30K. If your page requires a long load,
warn visitors about it. Avoid large images and
applets, otherwise they will lose patience and go to another site.
4. Don't inflate the color palette! You should refrain from
extensive use of color in text documents. Each
additional color increases the file size. Start with a few
colors and add new ones only when necessary.
5. Make images smooth! Use the anti-aliasing
function to make your images attractive and reduce file size.
6. Keep it simple! Avoid colorful, multi-element background
images: they make your pages very difficult to read. If you
need to follow a certain style, significantly reduce the contrast and increase the brightness.
7. Don't use too many fonts! Using huge
the number of fonts makes it difficult to read your pages, and also
creates the impression of your unprofessionalism.
8. Stick to a standard size! Compose large
images from smaller ones. Several small images load
much faster than one large one.
9. Don't guess! If your page is still under development, don't emphasize it. Type of road sign Under
Construction has become boring for everyone. If you are introducing something new, just
add it — no flat jokes.
10. Give us thumbnails! If you are placing a catalog
of images on your site, use thumbnails instead of text descriptions. They
load quickly and carry more information than words.
11. Use tags! To speed up page loading, use
HEIGHT, WIDTH and ALT tags in images.
12. Use MS Front Page 98! It is better to
create your sitejust use the most popular and intuitive editor —
Microsoft Front Page 98. Remember — when you make a link (hyperlink)
from one page to another (or to any file), then all that
should be in this link is the name of the page or file (for example
name.htm) and the structure that Front Page sets, such as
file://path_to_file/name.htm must be removed, otherwise nothing will
work.
13. Remember about names! Remember that index.htm INDEX.HTM Index.htm
different files from the point of view of the UNIX operating system (which is used by most free
services). Therefore, to avoid confusion when creating
sites, we recommend that you stick to lowercase names for all site files (index.htm).
11.3. WITHOUT A TRACE BY FTP
When surfing the Internet, we often don’t think about the fact that we leave
traces of our visits every time we visit an ftp
site. Standard log files of curious owners can find out about
you a lot, and first of all your IP address, which is equivalent to, for example, having found out your phone number.
There are several ways to protect yourself from such attacks.
Method 1: Proxy
You can anonymize your surfing the web using a proxy
server. A proxy server essentially works like an Anonymizer, i.e.
it «picks up» the document from the site, not you.
Most proxy servers restrict access based on IP
address from which the request comes. In other words, if you
use the Demos provider, then the Glasnet proxy server simply won’t let you in. But fortunately, you can always find a “good”
proxy on the Internet, the owners of which either openly declare its availability to everyone (for example, this one), or a proxy that for one reason or another
does not limit access to its domain only, which is not known to the general
public, for example:
noc.uncu.edu.ar:8080
proxy.co.rmit.edu.au:8080
conan.gocis.bg:8080
proxy.intermedia.cl:8080
webcache.ms.mff.cuni.cz:8080
/> proxye1-atm.maine.rr:8080
infosun-fd.rus.uni-stuttgart.de:8080
linux.softec.es:8080
nivel.ttaol.fi:8080
proxy.galactica.it:8080
go.jo:8080
zip-translator.dna.affrc.go.jp:30001
cvs2.kyunghee.ac.kr:8080
magicall2.dacom.co.kr:8080
proxy1.jaring.my:3128
mpls.cache.mr.net:3128
w3cache.us.edu.pl:8080
sunsite.icm.edu.pl:8080
proxy.qatar.net.qa:8080
bill.ostrabo.uddevalla.se:8080
proxy1.turnet.net.tr:8080
proxy2.turnet.net.tr:8080
episd.elpaso.k12.tx.us:8080
proxy.telekom.yu:8080
proxy.cybergate.co.zw:8080
svc.logan.k12.ut.us:8001
archmate.tw:3128
anonymizer:8080
http://proxy.emirates.net.ae/proxy.pac (AUTOCONFIG)
An updated list of anonymous Proxy servers can always be found at
http://lightspeed.de/irc4all/eindex.htm.
To set up FTP clients, the proxy server must usually be set to passive mode. After completing this simple operation, you will be able to surf the web, leaving a trace as a Bulgarian or American
user, but… there is one very important point here.
Not all proxy servers are completely anonymous.
Some of them allow the administrator of the site you are visiting
using a proxy, if desired, to determine the IP address from which
a proxy is being contacted, i.e. your real IP address.
Check your proxy for its complete or partial
anonymity:
http://tamos/bin/proxy.cgi
If you receive the message Proxy server is detected! — your proxy
has a «hole», and you will be provided with information about your real IP
address, as well as about the IP address of the proxy server that you
are using. If the message says Proxy server is not detected —
everything is fine! It is recommended to periodically (at least once a month)
check the proxies you work with for anonymity.
In conclusion, a few more thoughts regarding the use of
proxy servers. Working through a remote proxy reduces
the speed of data transfer and waiting time. In addition, the author does NOT
recommend using the proxy addresses listed above, since
if all readers start using them, then very soon the pleasure
will end and access to them will be closed (if it hasn't already been closed). Find
your proxy yourself, it's not difficult. The author found these addresses in 5 minutes. In
Altavista, type in keywords, something like
proxy+server+configuration+Netscape, and you will get a list of pages where
providers tell their users how to configure their browsers
to work with proxies. Try everything in a row, on the fifth or seventh time you
will be lucky — the proxy will agree to work with you.
Method 2: Clear the cache
Most FTP clients save all the places on the Internet you've been to in a special directory (and sometimes they save unencrypted
names and passwords).
For your own security, it's a good idea to periodically (say
every day or once a week) clear the cache. For example
in Bullet Proof FTP (the best program in our opinion, you can download it
from http://bpftp) it's located in the directory: Cache.
It is better to perform non-recoverable erasure, for example, using the Kremlin 2.21 program.
11.4. E-MAIL SECURITY
E-mail, as well as regular mail, is an important
attribute of our security, a tool for exchanging private
information. But it immediately ceases to be such if three important
conditions are violated. First: the text of the message is available only to the sender and the addressee. Second: confidence that the received
the letter belongs to the person whose signature is on this letter.
Third: the ability to send a letter, remaining, if necessary, anonymous. Discussion of the first question is beyond the scope of
this article, since it relates to the field of civil cryptography,
which requires a separate discussion. We will consider the last two
questions.
But first, we offer you an article by Leonid Konik
«FSB to Keep an Eye on Email» so that you can see for yourself
real need to protect their security:
«Following the cellular and paging operators of St. Petersburg, the FSB agencies have also reached companies providing access services to
computer networks (providers).
Companies are required to provide special services with the ability to monitor
any transmitted data, in particular — messages sent by
e-mail. Just as in the case of cellular and paging
firms (see «DP» N 43/96), providers are obliged to create such
capabilities at their own expense and provide the Federal Security Service
with the appropriate equipment for intercepting information. This equipment
(remote control panel) is sent directly to the FSB bodies, therefore
any control on the part of the companies is impossible.
Representatives of provider companies unanimously speak of
a «return to the old days» and regretfully state that from now on
will not be able to declare the confidentiality of data transfer.
It is destined to be so
Unlike cellular and paging companies, providers have not yet received directives from the Ministry of Communications. But, according to the general directors of the
companies, Alexander Grigoriev (Duks) and Sergey Fedorov (Neva
Link), «plainclothes people» have already visited their offices.
In fact, the licenses of providers have always included the phrase:
«The network must meet operational and technical requirements for
ensuring and conducting operational-search activities in accordance with the Law «On operational-search activities (ORD) in the
Russian Federation». However, in reality, no one has yet required compliance with this
clause.
Currently, Gossvyaznadzor — the agency that controls the activities of
communications companies — is reissuing licenses for providers. The
condition for reissuing a license is strict compliance with all of its clauses, in
including the implementation of control equipment.
Some companies have already fulfilled all the requirements of the license. They
made improvements to the software used, and also
provided the FSB agencies with a remote control in the form of a computer. Formally
the computers are not given irrevocably, but for «temporary use».
The companies hope that they will be compensated for at least part of the costs.
Day and night service
General Director of the company «Peterlink» Anatoly Listvinsky
noticed that many providers in St. Petersburg use the Relcom network communication channels. Therefore, it would be simpler and cheaper not to bother each
provider with the problems of search activities, but to jointly connect one remote control directly to the St. Petersburg Relcom node on
Mars Field.
Technical specialists from computer companies say that only e-mail (in off-line mode) can be intercepted. In order
in order to «catch» a message sent over the Internet in direct access mode (on-line), it is necessary to constantly monitor it: no one can predict at what point in time the person of interest to the special services will send a message. Constant monitoring requires the mobilization of enormous forces, and it also contradicts the Law on operative search activities. It states that the conduct of operational search activities affecting the secrets of correspondence, telegraph
protected by lawmessages, telephone and other conversations, is permitted only to collect
information about persons preparing, committing or having committed
serious crimes, and only with the sanction of the prosecutor or in the presence of a
court decision.
Alex — Yustasu
In addition to the laws of the Russian Federation «On operational search activities» and «On communications», not a single order of the Ministry of Communications or the FSB on the organization of work
to ensure operational search activities on communications networks was published in the open press. Between
however, the Constitution of the Russian Federation (Article 15, Section 3) states: “Any regulatory
legal acts affecting the rights, freedoms and obligations of a person and
citizen cannot be applied unless they are officially published
for general information.”
In the current situation, providers have three options
for action: refuse business, try to defend their rights (at least
for compensation of expenses) or submit. Almost everyone prefers
the third way. Providers are confident that the news of special services access to
e-mail will not scare off customers. «Unlike subscribers of
cellular and paging companies, our customers are unlikely to transmit
any secrets. Computer networks are “just a means of communication,”
— they responsibly declare.»
Now let’s move from theory to practice.
1. RECEIVING E-Mail
Sometimes a user faces a situation in which he would like
to identify the real author of the message you received. For example, you
received a message from your wife, in which she writes that she is leaving for
another man. You can either breathe a sigh of relief, drink a glass or two in joy, and go with your friends to the country to celebrate this
event, or try to figure out whether this is a joke from your
friends.
Your smart friends could easily change the From field in the sent
message, putting there instead of their return address well
your wife's address known to you, for example masha@flash.net. How this
is done can be read below, in the section «SENDING E-MAIL». So
the task before us comes down to the following: does
the specified sender's address correspond to the address from which the message was actually
sent.
So, each electronic message contains a header,
which is service information about the date the message was sent, the name of the mail program, the IP address of the machine from which
a message was sent, etc. Most mail programs do not display this information by default, but it can always be viewed by either opening the file containing the incoming mail with any text editor, or using the mail program's function that allows you to view service headers, which is usually called Show all headers. What do we see? This is what:
Received: by geocities (8.8.5/8.8.5) with ESMTP id JAA16952
for ; Tue, 18 Nov 1997 09:37:40 -0800 (PST)
Received: from masha.flash.net (really [209.30.69.99])
by endeavor.flash.net (8.8.7/8.8.5) with SMTP id LAA20454
for ; Tue, 18 Nov 1997 11:37:38 -0600 (CST)
Message-ID: <3471D27E.69A9@flash.net>
Date: Tue, 18 Nov 1997 11:38:07 — 0600
From: masha@flash.net
X-Mailer: Mozilla 3.02 (Win95; U)
MIME-Version: 1.0
To: petya@geocities
Subject : I don’t love you any more, you *&$%# !!!!
Yes, a lot of things. Without going into technical details, in general terms: the Received headers tell you about the path the message took as it traveled
across the network. The hostnames (geocities,
endeavor.flash.net) indicate that the message most likely
came to you in geocities from your wife's domain flash.net. If
the hostnames have nothing to do with flash.net (for example,
mailrelay.tiac.net), this is a reason to question the authenticity of the message. But
the most important line for us is the last of the lines starting with
the word Received:
Received: from masha.flash.net (really [209.30.69.99])
It reflects the machine name (masha.flash.net) and the unique IP address
from which the message was sent. We see that the domain (flash.net)
corresponds to your wife's address. However, your smart friends could
also forge the masha.flash.net line (in Windows 95 this is done via
Control Panel=>Network=>TCP/IP Properties=>DNS Configuration, specifying
masha and flash.net in the Host and Domain fields respectively), therefore it is important for
us to determine the name corresponding to this IP address:
209.30.69.99.
To determine the name corresponding to the digital address, you can
use one of the available programs, for example WS Ping32
(http://glasnet.ru/glasweb/rus/wsping32.zip), or better CyberKit
(http://chip.de/Software/cyber.zip). Having entered the digital address, we
we issue the NS LookUp (Name Server Lookup) command and look at the
result obtained. If the name is determined, then everything is simple: if you
received something like ppp303.flash.net or p28-dialup.flash.net,
then the message was sent by your wife (or someone who has an account in
Flashnet, but here you are already powerless to find out anything). If something
is very far from flash.net — she most likely did not send it.
There are situations when the address is not determined. Do not despair:
use the TraceRoute function from the same program. This function
will help to trace the path from your machine to the specified IP address. This
address (it will be the last in the list of nodes through which the signal passed
from your computer to the computer with the specified IP address) will not
be determined again, but the last of the nodes determined by name will still
indicate the approximate geographic location of the sender's computer.
An even simpler and more elegant way to determine the country and even
the name of the provider or network is to use this address:
http://tamos/bin/dns.cgi
So, you got something like Brasilian Global Network. Has your
wife been to Brazil lately? No??? Well then, she never left you
. You were tricked. Be careful!
2. SENDING E-Mail
Note that sometimes quite respectable citizens want
to keep their identity secret when expressing their opinion, say
the author of a website promoting fascism, or President Lukashenko.
The issues of acquiring a second (anonymous) e-mail address are
covered in a separate chapter YOUR SECOND ADDRESS.
Remailer A remailer is a computer that receives a message and
forwards it to the address specified by the sender. During the
forwarding process, all headers containing information about the
sender are destroyed, so that the final recipient is deprived of any
the ability to find out who the author of the message is. There are many remailers on the web,
some of them allow you to specify a fictitious sender address,
but most of them directly indicate in the header that the message is anonymous. You
can use a remailer by sending a message to
remailer@replay, specifying Subject: remailer-help. You will receive a file with
detailed instructions on sending anonymous messages. An even
easier way is to go to:
http://replay/remailer/
There is a remailer there that allows you to send messages directly from
On this same site you can also use a chain of
remailers, so that your message will pass through several
computers, each of which will carefully destroy all the headers
of the previous one, although the author does not recommend doing this. Firstly,
one remailer is quite enough (if you are not paranoid), secondly,
the message can get lost and not reach the recipient, thirdly, it
may take a very long time. Example of a received message:
Date: Mon, 31 Mar 1997 12:33:23 +0200 (MET DST)
Subject: The rest is silence:
To: petya@glasnet.ru
From: nobody@REPLAY (Anonymous)
Organization: Replay and Company UnLimited
X-URL: http://replay/remailer/
X-001: Replay may or may not approve of the content of this posting
X-002: Report misuse of this automated service to abuse@replay
Identify the real sender of the message using
remailer is theoretically possible, but very difficult. Almost impossible.
Only scoundrels from the FSB, FAPSI, CIA and the like are capable of this, they will have to stock up on a court decision for the remailer to open
the required information to them. And if you used a chain of remailers, then
they will have to bypass all the remailers in the chain. But if you also
used an anonymous proxy server and (or) an anonymizer when sending via the WWW interface, then the chance of finding you becomes
much less (and don't forget to disable the use of
cookies).
So, it's April Fools' Day. You're dying to tell your friend
on behalf of his ISP that his account has been closed for non-payment
(message with his ISP's return address). The following methods
are good for pranks, but not very suitable if you want to remain
truly anonymous. The options are:
Using your email program. The easiest: put
in your mail program in the Return Address field any address, and if
the recipient of the letter does not study its header, then he will remain in
confidence that he received a message from the person whose address is indicated
in the From field. Very simple and very unreliable.
Using a special program — an anonymizer. There are several such
programs, try, for example, AnonyMail
(ftp://ftp.tordata.se/www/hokum/amail10.zip). You fill in the From,
fieldsTo, Subject (this is self-explanatory), and the Host field, in which you must specify the host name through which the mail will be sent. Since the SMTP message sending protocol does not require any sender authorization in the vast majority of cases, you can safely use almost any host name, preferably the same as the recipient of your mail. This will make it difficult for an inexperienced user to determine the authenticity of the message. For example, if you want tosend a letter to kiska@frontier.net, specify frontier.net in the Host
field. Try sending the message to yourself first. Disadvantages: Your machine's IP address will still be reflected in the
header. In addition, the To field in the received message will most likely turn into Apparently-To. However, few people will pay attention to this.
So choose the method that suits you! All
of the above methods work quite correctly with Russian
encodings. Since the de facto standard for sending messages
between different computers is KOI8-R, I recommend using
this encoding when sending messages. Then your message will most likely
be correctly recoded by the recipient's mail computer.
3. YOUR SECOND ADDRESS
The problem of protecting your privacy on the network poses before us
the question of having a second (third… tenth) e-mail address.
It is good to have it where your mail will not be read, and in the domain,
whose geographic affiliation is «neutral». In general, all the same
requirements as for a second passport and citizenship. Such an address
will protect you from attempts to establish your identity, will give you the opportunity
to provide different addresses to different correspondents depending on their
status, will eliminate the need to notify all your correspondents
of your new address if you change your provider or move to
another country.
There are quite a few services that allow you to get a
second email address for free. According to the method of sending and receiving mail, these
services are divided into 3 main types.
Type 1. Example: http://europe. Services of this type give the
user the ability to forward correspondence received at a new address
to the address specified by the user. Thus, you
must already have some address, since «directly» (with
using the POP3 protocol) mail cannot be retrieved. Sending mail
is carried out directly through the host of this service (SMTP protocol).
There is, however, a 60-day period during which you can
use a mailbox (POP3), after the expiration of the period — for
money. You choose your userid yourself, as well as a domain from
several (free) or many (paid) suggested names,
for example: iname, writeme, girls, boys etc. After
following simple instructions, you become the owner of a new address, say
ohhhhhhh@girls. When filling out the form, you indicate your
country (for example, Albania), name (well, there are few options here, everyone writes Ivan
Petrov or Petr Ivanov), and the address to which all incoming
correspondence should be sent. This address can be easily changed later,
this will be necessary when you change your provider or move to live in
the Principality of Liechtenstein. That's it! Disadvantage: your real address
is known to the service employees.
Type 2. Services of this type allow the user to both
send mail directly and receive it (POP3 and SMTP), so
you do not need a primary address, or you will only need it once, when
opening an account. For these purposes, you can use your
friend's address or a Hotmail address (see below). Example:
http://geocities or http://netaddress (the latter
has even more extensive capabilities, allowing in addition to POP3 and SMTP
read and send mail from a browser window, which allows this
service to be classified as Type 3 as well. The technology for opening an account is roughly the same.
Advantage: your real primary address is unknown, the only
«trace» you leave is your IP address, from which you read and send mail. The services also provide the ability to redirect
mail to your primary address, if you so desire. In addition,
practically only service administrators will be able to read your mail, and
not your Moscow provider or FAPSI with the FSB, although theoretically this
is also possible.
Type 3. A fundamentally different type of service. Reading and sending mail
occurs not using your favorite mail program, but
directly in your browser window. Example: http://hotmail.
Forwarding to your primary address is impossible. Advantages: you can
read mail from any place where there is access to the WWW, be it another
country or an Internet cafe in Yuzhnoye Butovo, plus again the difficulties
spy on your mail. Disadvantage: it is not very convenient to work with
Attachments, you can send only one at a time, and only with
Netscape Navigator 2.0 and higher or Internet Explorer 4.0
and higher. Not at all difficult, but how convenient! It is also worth noting:
http://mailcity — which allows you to create an unlimited
number of copies and blind copies of addresses, this program is based on the Web —
a dream come true for those who send out mass mailings. And
finally, one more important consideration regarding privacy. When
sending mail via any of these services, the message header contains
the IP address from which the message was sent. Even Hotmail does this. But
if when sending a message using the first
two types of mail services, it is impossible to hide your real IP address (this is due to the
very principle of operation of the SMTP protocol), then when using the mail service
the third type, i.e. when sending mail from a browser window, there is still a loophole
that allows us to say that a mailing address
of the third type can be made almost completely anonymous,
it is enough to use one of the methods of anonymizing your
travels on the network. Want to know how? Read the section WWW WITHOUT
TRACES. Another way to send mail completely anonymously remains
using remailers (see above).
4. USER IDENTIFICATION BY E-MAIL
Yes, indeed, why establish a person's identity using a known
email address? Why do they install an automatic caller
identification (ANI) on a phone? Why is there a database in which you can determine a person's name and address using a
phone number? There are many reasons, ranging from pure entertainment (who doesn't want to play Pinkerton?) to
the desire to find out who it is with the address someone@oxford.edu that congratulates you
on your birthday every year and declares their love. In addition, describing
methods of such information search, the author would like to show the reader
how vulnerable (or invulnerable) his privacy is on the network.
We will immediately note that the methods of identifying a person by a known
e-mail address are very diverse, and none of them guarantees success. The inverse problem is solved quite trivially:
a set of e-mail directories (Four11, WhoWhere etc.) allow you to find
a person's address by name (if, of course, he himself wanted it). We
Let's consider a non-trivial task.
Finger
Using the WS Ping32
program (http://glasnet.ru/glasweb/rus/wsping32.zip), or better yet, CyberKit
(http://chip.de/Software/cyber.zip), you will be able to point your index finger at any email address and
ask «Who is this?». Sometimes they can answer you. So, we set
the address (invented by the author) someone@oxford.edu, we get:
Login name:someone In real life: John McCartney
Directory:/usr/someone Shell: /usr/bin/csch
Last login Fri Aug18, 1995 on ttyv3 from dialup.oxford.edu
No mail
No plan
OK, someone@oxfrord.edu belongs to John McCartney. The job is done,
although very often you will get no result, or a line
like this:
Forwarding service denied
or:
Seems like you won’t get what you are looking for;)
The same can be done without downloading the specified programs
(although they are very useful and will come in handy more than once), and by going to this
address in the WWW, where the Web interface is located, allowing you to get the
same result (http://web.lm/sfw.html).
It should be noted that running Finger using the
host name (in this case, oxford.edu) may not bring any
result, while using a modified
(alternate) host name will. How to find out
alternate hostname? Use CyberKit, NS LookUp function.
Enter the name oxford.edu and look at the result.
It may contain alternate hostnames, called aliases, like
panda.oxford.edu. Try someone@panda.oxford.edu, it might
work.
Sometimes the information in response to a finger request can only be given
to a user from the same domain as the address
you want to identify. The solution is simple: find
user from the domain you are looking for in Internet Relay Chat (see the chapter
on IRC), and ask him to make a finger request. The client program for
IRC contains the finger function, so the person you are addressing does not need any special software.
Searching the WWW
Very simple: type the address in http://altavista.digital and
click Find! Chances are that you will either find the home page
of the user you are looking for, or a mention of him on other pages. There
it could well be the name of the address holder, or even a photo, if you're lucky.
Search Usenet
If the person with the address you're looking for has sent a message to a Usenet group, you can find him by address. To do this, you can
use AltaVista (http://altavista.digital), which
allows you to search all recently sent Usenet
messages. Fill in the search field with the address you're looking for right here (before
address, you must write from:. After clicking the Find button, a new window will open with the search results.
A more preferable option is to search in the DejaNews system (http://dejanews), because if the desired address is not found among recent messages, the system offers to search for it among old ones. The search can also be done directly from this page (from:
is not necessary to write, just the address).
Search in E-mail Directories
Services that allow you to find a person's email address by their
name, are widely represented on the Internet. Meanwhile, these same services can sometimes be used to perform the opposite task. By visiting any of the pages:
http://four11
http://yahoo/search/people
http://bigbook
http://bigfoot
http://bigyellow
http://infospace
http://abii/lookupusa/adp/peopsrch.htm
http://looksmart
http://switchboard
http://whowhere
http://dubna.ru/eros/(search Russian resources)
You don't have to specify the person's name, but only the domain of the address you're looking for. If there aren't many users whose addresses belong to the domain you're looking for, the system will list all of these people in response to your request, but usually no more than a hundred, and without specifying the part of the address that's before the @ sign. To find out the entire address, you'll have to follow the link for each name, which will take a lot of time if there are a lot of addresses. If there are more than a hundred people with this domain, the search will be
method loses its meaning. In other words, you won’t find a person from @aol or @netcom this way.
5. SPAM PROTECTION
For many Internet users, spam (sending all kinds of
advertising and junk to your mailbox) has become a real disaster.
The main recommendations for spam protection are as follows:
— write letters to Usenet conferences exclusively from left
(free) addresses, because it is the letters to Usenet conferences
are the main «exposure» for spammers. And if there is a lot of spam,
then such an address can be thrown away, as they say, and in a couple of minutes you can make
another similar one;
— install some kind of E-mail filter program. There are
a great many such programs — they are all available on such
free servers as http://shareware and
http://download.
6. OPTIMAL CHOICE OF MAIL CLIENT
In our opinion, the optimal choice is Microsoft Outlook
Express 98 or The Bat 1.043 and higher.
But, it must be said, Outlook Express has one unpleasant
feature (apparently also one of the «back doors» made for
special services) — it stores (even when the letters have already been deleted) all the letters
that you have received, deleted or sent (although naturally you
do not notice this). Therefore, we periodically recommend deleting (preferably
using non-recoverable methods, for example, using the Kremlin 2.1 program)
these files. They are located in the directories:
WindowsAplicationMicrosoftOutlook ExpressMail — mail —
here you need to delete all files with the IDX and MBX extensions.
WindowsAplicationMicrosoftOutlook ExpressNews — news —
here you need to delete all files with the NCH extensions.
11.5. ANONYMITY ON IRC
Well, who doesn’t know about IRC, this is a brilliant invention that allows
with the help of the mIRC client program (and even better pIRCH), installed on
your computer, chat in real time and share files with
anyone on the Internet! IRC is so popular that many people
spend more time on IRC than they do browsing the Internet. And since for
many people it is a part of life, you should also think about your safety
in this virtual life.
You are game
You can face various dangers when working in IRC for
the following reasons:
1. The possibility of listening to what you say to another
person in a one-on-one conversation. It's pretty simple here: if you
believe that the matter being discussed is confidential, don't use
channel communication, even if there's no one else on it except you and your interlocutor. Don't use the /msg command or the query window, which is the same
thing. All information goes through the IRC server and can technically
be recorded. Instead, use DCC (Direct Client to
Client). This way, the information will be transmitted to your interlocutor
directly, bypassing the server, from which you can even disconnect after establishing a connection via DCC. In principle, this information can also be decrypted on any of the nodes through which the connection between you and your interlocutor is established, but this is difficult. If you want to be sure of the complete privacy of your conversation, use the methods described in the chapter Secure Conversation. 2. Collecting information about which channels you are on, with the subsequent identification of your personality.So, first. If you want to be anonymous, do not enter your real email address in the corresponding field in Setup. Second,
become «invisible». This feature allows you to remain undetected when someone who does not know the exact
spelling of your nickname tries to find you on IRC by your domain name or
userid (the part of your email that comes before the @ sign) using the
/who or /names command. (see below). This is done with the /mode $me
command.+i, which can be conveniently included in the list of commands
automatically executed upon connection (mIRC Options=>Perform). In
the latest versions of mIRC 5.**, you just need to check the
Invisible Mode box in the Setup dialog box. Third, do not give your
address to people in IRC whose integrity you are not sure of. Or,
at least, give your alternative address. That's probably all
you can do. Fourth, disable all possible idents in your
IRC clients. Now let's consider what and how other people in IRC can find out about you (or you about them).
You are a hunter
I will stipulate that we will proceed from the assumption that it is very difficult to forge a domain name or IP address of a user in IRC, and the vast majority of people do not do this, although such methods exist.
Two methods come to mind: IP spoofing and using a special proxy server capable of supporting the IRC protocol.
The technique called IP spoofing is quite difficult to use. Hacker sites offer Windows 95 users with Winsock 2.0 and higher several programs for such tricks.
1. Search for users by domain, name, and userid. A fairly powerful
means of searching for any known piece of information about a
user (or group of users) is the /who command,
about which for some reason there is not a word in the mIRC Help file. Strangely,
true. When we make a request for a user using the /whois command, we usually
get text like this:
ShowTime ~mouse@ml1_12.linknet.net * May flower
ShowTime on #ircbar #newbies
ShowTime using Oslo-R.NO.EU.Undernet.org [194.143.8.106] Scandinavia
Online AS
End of /WHOIS list.
The /who command allows you to specify a mask to search for users by
any part of their domain name, userid, or name (what's in the Real
field).Name). Let's say we're looking for people from the global.de domain. The syntax is:
/who *global.de*
Or we're looking for all users from Singapore:
/who *.sg*
Or we've already talked to Mr. ShowTime and want to find him
again:
/who *mouse*, or
/who *flower*
They can find you too, if you don't use the
/mode $me +i command, as described above.
2. Determining an email address. This is a fairly difficult task,
but sometimes doable. Let's start with a «brute-force» attack. The /ctcp ShowTime command
userinfo (or, more simply, via the menu) will show us the e-mail address
specified by the user himself. Since few people give out their
real address, there is little hope for a truthful answer. If the domain
of the received address matches the one following the @ sign in the answer
received to the /whois request, then the probability that the address
is truthful increases.
The next opportunity is to use the information contained in
response to the /whois request. It is extremely difficult to forge a domain name, so
we know for sure that the ShowTime user is from the linknet.net domain.
This is the first step. Often, instead of a literal string after the @ sign, there is a
digital IP address, which for one reason or another was not determined when the
user connected to the server. You can try to determine it
using the /DNS ShowTime command. If the result is obtained, then we move on to the
next paragraph. If not, then we will try another method.
Using the WS Ping32
program (http://glasnet.ru/glasweb/rus/wsping32.zip), or CyberKit
(http://chip.de/Software/cyber.zip), we will make a TraceRoute
indicating the digital address. The program will trace the path from your IP
address to the desired IP belonging to ShowTime. The last of the
addresses determined by name will most likely indicate the domain name
of the user.
Let's move on. We have either a full name corresponding to the IP
the address of the user named ShowTime (ml1_12.linknet.net), or, in
the worst case, only the domain name (linknet.net). In the first case, we
can try, using the finger command (either in one of
the two above-mentioned programs, or directly in mIRC, where there is a
Finger button right on the Tool Bar’e), to determine all current users from
the linknet.net domain. To do this, we finger the addresses @linknet.net
(we do not specify the userid). If we are lucky, we will get
something like this:
Trying linknet.net
Attempting to finger @linknet.net
[linknet.net]
Login Name TTY When Where
root 0000-Admin console Fri 16:27
henroam John Brown pts/1 Tue 10:57 pckh68.linknet.net
pailead Jack White pts/2 Tue 11:03 ml4_17.linknet.net
oneguy Michael Lee pts/3 Tue 11: 08 ml1_12.linknet.net
sirlead6 Joan Jackson pts/4 Tue 11:05 ml4_16.linknet.net
End of finger session
Here is our ml1_12, belongs to oneguy @linknet.net. Note that
sometimes the information in response to a finger request can only be given to a
user from the same domain as the address you want to identify. The solution is simple: find a user from the
domain you are looking for (/who *linknet.net*), and ask him to make a finger
request.
In both cases, there is another option. If
the «hunter» knows the real name or surname of the user you are looking for,
you can send a figer request in the form name@domain or lastname@domain.
For example, finger on John@some.net can give us a list of all
users named John with their login’s.
That's probably all the tools the
«hunter» has known to the author. And having found out your e-mail address, the «hunter» can also find out
your real name. How? Read in the section USER IDENTIFICATION
BY E-MAIL.
11.6. ICQ SECURITY
ICQ — otherwise Internet pager — has become for many an indispensable
means of prompt communication with friends, colleagues and simply
interesting people. But the ICQ technology is such (if you do not take
appropriate measures) that you can easily be identified (your IP address can be found out). There are several recommendations for protection against this:
— when registering in the ICQ system, under no circumstances indicate
your real E-Mail, address, name, etc. (all data must be fictitious);
— do not forget to set the mandatory authorization mode (your
consent) when other network users try to add your UIN
(personal number in the ICQ network) to their address book;
— disable the display of your IP address and
other identifiers in the ICQ settings. Otherwise, — there are quite a lot of
jokers on the network who can, for example, launch a Nuke Attack on you;
— never use any additional utilities and
Russifiers for ICQ, all of them, as a rule, contain «Trojans»;
— if possible (if you succeed), configure ICQ to work
through an anonymous proxy server.
11.7. PROTECTION FROM NUKE ATTACK
On the Internet you can find many programs for the so-called Nuke Attack,
Winnuke, Land Attack, etc. — most of these programs carry out
an attack on the specified IP address (most often using port 139), which, as a rule, causes the attacked computer to freeze. The essence itself
the possibility of these attacks is related to the features of the TCP/IP protocol — we will not
delve into these details, but will only briefly dwell on the methods of
protection:
— If you use the Windows operating system (95, 98 or
NT), then all you need to do is periodically look at:
http://microsoft
and download fresh updates for your operating systems
that eliminate such problems;
— There are also many free programs that protect against
such attacks. You can search for them on free software servers.
We recommend NukeNabber 2.9, you can download it from:
http://download
This program will allow you to protect yourself from common attacks
on 95 and NT via the Internet. It listens to up to 50 ports that are most
attacked and gives you enough information to track down the
attacker. Including methods to calculate the nickname,
used by an attacker in IRC.
11.8. INTERNET FRAUD
To protect yourself from Internet fraud, we can give the following
recommendations:
— never make purchases over the Internet, especially using
credit cards (this is a favorite delicacy for
many hackers);
— never enter any real data about yourself
anywhere (full name, address, E-Mail, etc.) — all data must be fictitious!
11.9. PROTECTED CONVERSATION
While there are dozens of software products
that allow you to encrypt files and messages sent via e-mail, there are still very few tools for protecting online conversations. No matter which of the well-known text-based chat programs
we use, our conversation can become an object for curious
ears. I don’t mean that the provider or any other
it is not so easy for an interested organization to read what we type
on the keyboard during a conversation on IRC or ICQ, but if they are
really interested in listening to our conversations, they will do so. Plain
text (and any standard chat is plain text) can be
extracted from IP packets using special equipment and/or
software (sniffers).
Method 1: Conversation in text mode
The authors tried to find programs for secure
conversations on-line, and found only one product. It's called Secure
Communicator (http://idirect/secure/).
Secure Communicator allows you to encrypt online conversations and
files transferred from one user to another. To start a conversation
you need to know the IP address of the interlocutor or use the on-line directory
service, similar to that in Netscape CoolTalk, MS NetMeeting
or IPhone, but it never works. But that's a problem
small for skillful hands (brains), you can always first meet on
IRC or ICQ, find out the IP address and agree on a password, and then go to
Secure Communicator, which allows you to chat like in mIRC.
The bad news is that the evaluation copy, which is exactly
what you can download from the network, allows you to talk, but does
not allow you to encrypt the conversation. But here, for the first and last time, I
will give the serial number: 5aaDa7aa6a for registering the program.
Method 2: Internet telephony
Telephone conversations and e-mail exchanges are increasingly vulnerable to eavesdropping. Virtually any unencrypted electronic communication can be intercepted. PGPfone protects telephone conversations over the Internet and telephone lines using the strongest cryptographic
technologies available. In addition, by using the Internet as a medium for
voice communication, you can significantly reduce your
costs forcompared to using a regular telephone connection.
PGPfone Features
PGPfone allows you to «talk into your ear» on the phone, even if that
ear is located thousands of miles away.
PGPfone (Pretty Good Privacy Phone) is a software product
that turns your personal computer or laptop into a secure
phone. In order to provide the ability to conduct secure
telephone conversations in real time (over telephone lines and
Internet channels) it uses audio compression technology and strong cryptographic protocols. The sound of your voice, received through the microphone, PGPfone successively: digitizes, compresses, encrypts and sends it to the person on the other end of the line who also
uses PGPfone. All cryptographic protocols and the compression protocol
are selected dynamically and transparently for the user, providing him with a natural interface, similar to a regular phone. To select a key
encryption uses public key cryptography protocols, so
there is no need for a secure channel for key exchange in advance.
All you need to run PGPfone is:
a really secure modem that supports a transfer rate of
at least 14.4 Kbps over the V.32bis protocol (28.8 Kbps over the V.34 protocol is recommended); an IBM PC-compatible computer with a processor of at least 66 MHz 486 (Pentium is recommended), a sound card, and
speakers or headphones, running Windows 95 or NT, or an Apple(r) Macintosh(tm) with a 25MHz 68LC040 or later processor (PowerPC recommended) running System 7.1 or later with Thread Manager 2.0.1, ThreadsLib 2.1.2, and Sound Manager
3.0 installed (all of which are available from Apple's FTP server) — PGPfone
is not guaranteed to work on a 68030 Mac, but may work in some situations;
also, it will not run on all 68040s, depending on whether the appropriate sound hardware is installed.
For those interested in the technology: PGPfone does not require
a prior secure channel to exchange cryptographic keys. The parties exchange keys using the Diffie-Hellman key exchange protocol, which prevents anyone intercepting the conversation from obtaining any useful
information, while still allowing the parties to exchange information.
to form a shared key that is used to encrypt and decrypt the speech stream.
PGPfone version 1.0 uses a biometric signature (your voice) to authenticate the key exchange, triple-DES, CAST, or Blowfish algorithms to encrypt the speech stream, and the GSM algorithm to compress speech. (from: Philip R. Zimmermann. PGPfone Owner's
Manual Version 1.0, 1996, pp.6-7) PGPfone 1.0 for Macintosh and Windows
95/NT is distributed free of charge. There is also a commercial version
PGPfone 2.0 (for Macintosh only and available «legally» only
to American and Canadian customers).
New features of PGPfone 2.0
Choice of speech stream compression technology (GSM, GSM Lite and ADPCM)
with the ability to dynamically change it without breaking the connection. This allows
to achieve optimal sound quality.
Possibility of secure file exchange.
Phonebook.
System requirements:
MacOs 7.5 or later, PowerPC Macintosh; or 68040 Macintosh with a clock speed of at least 33Mhz (for better sound quality, a faster processor is recommended);
microphone and headphones instead of speakers — in full-duplex mode, this
avoids interference from an acoustic short circuit;
Note for Russian users of PGPfone 1.0
1. PGPfone is initially configured for tone dialing; switching to
pulse dialing, used by most Russian telephone
stations, is not provided by options and is not described in the documentation. To
switch to pulse dialing, simply enter the Latin letter «p»
before the number in the dialing field, as shown in the figure.
2. With a full-duplex connection, in order to avoid auto-excitation
of the audio frequency amplifier, the documentation recommends using
headphones rather than speakers. Good results can also be obtained,
by connecting a telephone handset to the board's audio connectors. Some
newer sound cards, designed to meet the requirements of
computer telephony, implement a self-excitation damping function.
3. Since PGPfone disables the modem's hardware error correction to work with the real-time
data stream, the program is very demanding on the quality of the modem. For some clones, the quality and even
the very possibility of establishing a connection using PGPfone do not
depend onnot only from the chipset, but also from the batch, and even from the specific unit.
Where can I get PGPfone?
Version 1.0 for Windows 95/NT (requires mfc40.dll and msvcrt40.dll)
ftp.ifi.uio.no (Norway)
web.mit.edu (USA — not for export!)
Version 1.0 for Mac OS
ftp.ifi.uio.no (Norway)
web.mit.edu (USA — not for export!)
http://pgpi/pgpfone/(For international users).
Version 2.0 for Mac OS
http://pgp (USA — not for export!)
11.10. ANONYMITY ON USENET
Most people who use Usenet know how important it is
to hide their identity. First, as soon as you post any message
to any newsgroup, your mailbox rapidly
begins to fill up with junk mail, i.e., all sorts of garbage telling
how to get rich in a month, stop hair loss, and other similar
crap. Second, your publicly expressed views can cause
a wave of responses, not only within the newsgroup, but also
directly to the author of the message, which is not always desirable.
Thirdly, your friends, colleagues, or employer may come across
your message, and they may not like it. In short,
there can be many reasons, but the conclusion is one: it is not at all a bad thing to know how
to remain anonymous on Usenet. Below is a brief description of the methods
that can be used for this purpose. The first two methods give
you can use an alternative email address, but you will still receive replies to your Usenet messages (as well as junk mail), but your real identity will remain hidden.
The third method gives complete anonymity: no mail at all. So
choose the one that suits you best.
Method ј1
Using a commercial service to post messages to newsgroups
. Costs money, but is easy to use. Addresses:
http://nymserver and http://mailanon (the latter
service offers a seven-day free trial).
Method ј2
Getting a free email address (such as Hotmail or
NetAddress), which is essentially the same as getting a «dummy» address,
since you don't have to give your real name, and
using the DejaNews free posting service
(http://postnews.dejanews/post.xp). This method is a little more complicated than
first. No one knows who you are, but to hide where you are,
you should use a proxy server, otherwise your IP address will
reveal your geographic location. You can read about using proxy
servers in the chapter WWW WITHOUT A TRACE SOFTWARE. Another disadvantage
of this method is the FROM field in the sent message, since it will
contain some name, albeit fictitious, for example «John
Johnson».
Method ј3
Using a mail-to-news gateway in combination with anonymous
remailer. A mail-to-news gateway allows users to post
messages to newsgroups using email rather than a
local news server. But if you use this service «head-on»,
your name and return address will appear in the message, because
mail-to-news gateways do not anonymize them. In order to achieve
complete anonymity, you should use a combination of anonymous
remailer and mail-to-news gateway, i.e. send a message to
mail-to-news gateway from the site of such a remailer. It's simple:
go to such a site (http://replay/remailer/), then to
the page that allows you to send messages (you can use
an SSL-protected form), type your message, and fill in the TO: field
according to the following scheme:
To send a message, for example, to the alt.test group, the address should
be like this:
m2n-YYYYMMDD-alt.test@alpha.jpunix
where YYYYMMDD is the current date (year, month, day).
To send a message to several groups, separate their names
with the «+» sign. For example, to send a message to alt.test and
misc.test on September 11, 1997, the address is:
m2n-19970911-alt.test+misc.test@alpha.jpunix
That's it. Your message will look like this:
Date: Thu, 11 Sep 1997 11:09:02 +0200 (MET DST)
Message-ID: <199709111009.MAA29412@basement.replay>
Subject: Just testing
From: nobody@REPLAY (Anonymous)
Organization: Replay and Company UnLimited
X-001: Replay may or may not approve the content of this posting
X-002: Report misuse of this automated service to
X-URL: http://replay/remailer/
Mail-To-News-Contact: postmaster@alpha.jpunix
Newsgroups: alt.test, misc.test
This is only a test
As you can easily see, not the slightest trace of the sender! One should not
forget about one more important point. Mail-to-news gateways appear
and disappear. Alpha.jpunix works today, but it may disappear
tomorrow. But don't be sad, fresh information about such services can
always be found here: http://sabotage.org/~don/mail2news.html. And don't
forget to try how everything works before sending something
important!
Method ј4
Praise to the creators of DDT.DEMOS.SU, fido7.ru, gateways, etc.!
Now it has long been possible to post to FIDO using any news viewer, and
not e-mail, through gateways, writing commands manually!
You post in fido7.testing (better on the news server ddt.demos.su),
then you get a response with the rules and register. All — but not all!
There is such a thing, called Moderator, which nullifies
all the efforts of the above-praised.
In FIDO, the rules — like in school during the stagnation era!!! They have not heard of freedom of speech
(the traffic is big — it hasn't gotten through yet). You are sitting online,
you have no time to rummage around in search of all sorts of policies, counter
online$/second is spinning, or you are a business person, you have no time
to understand off-topics and other invented nonsense. Fidoshniki-they
can — they do not pay money for FIDO.
In addition, many echoes (ru.hacker) are completely closed to the
Internet. Post what is intended for them in another (open)
group — and run into a disconnection!
So, you made a mistake and sent a message to fido7.mo.job in
fido7.mo.job.talk , you were disconnected, you exhausted your supply of mailboxes,
or tired of registering after each message (also costs $/sec),
it's useless to argue with stupid stubborn Moderators. What to do?
It's simple to the point of banality: On ddt.demos.su read any group
(echo in FIDO), look at the return Internet addresses in the headers. They
have definitely registered. Next, configure the parameters of the news server
ddt.demos.su, for MS OExpress:
Name: Comoderator.of.Ru.Internet*
Organization: «FIDO Destroy Ltd.»
Mail: caught@internet.address
Return address: your.real@address.for.reply
That's it!!! Post until it's disabled! Then look for another address, and
no more registration!
Unfair? And is it not fair to disable «for some reason»?
We should try posting under the addresses of the Co-Moderators (Should it work,
or not?) — let them disable them! — It's fairer, and certainly more useful than
filling them with MailBombs. And from a legal point of view, the FIDO network is not
commercial….
Free News Servers
In some cases (for example, if your provider has a «weak» or
heavily loaded news server) it is advisable to use
the so-called free (not requiring a password to log in) news servers, the list
of which we provide below:
news.infotecs.ru (posting to Fido is allowed)
ddt.demos.su
ddt.dol.ru
news.corvis.ru
news.enet.ru
news.portal.ru
news.caravan.ru
news2com.ru
news.maxnet.ru
newstel.ru
news.solaris.ru
news.leivo.ru
news.info.tsu.ru
On the date issue
A small but important note — if you send letters to
any Usenet conference — check that the system time and date
on your computer are correct. Otherwise, it will be destroyed along the way as a letter from the past or from the future.
11.11. INTERESTING INTERNET RESOURCES
1. INFORMATION AND REFERENCE RESOURCES
http://xland.ru:8088/tel_win/owa/tel.form
A database of telephone numbers and addresses of individuals in Moscow, similar to the well-known KOTIK database.
http://fox.tt.ee/cheese.htm
A server dedicated to various free Internet resources,
such as: free space on the WWW, free E-MAIL, free software and
much more.
http://fox.tt.ee/
Lists of CIS mass media (Newspapers, magazines, radio,
television), Internet and E-Mail addresses are provided.
2. SEARCH SERVERS
http://medialingua.ru/www/wwwsearc.htm
The Sledopyt search server allows you to search taking into account
Russian morphology (as well as the ability to translate a word into
English) using leading search engines: AltaVista,
Yahho, Infoseek, Lycos, etc.
http://tela.dux.ru/win/index.html
A search engine for Russian Internet resources.
http://search.interrussia/index.win.html
Search engine for Russian Internet resources.
http://search.ru/
Search engine for Russian Internet resources.
http://comptek.ru/alta.html
Russian morphological add-on to the AltaVista search engine.
http://
Russian RAMBLER search engine
http://medialingua.ru/www/wwwsearc.htm
Russian Sledopyt search engine
http://comptek.ru/alta.html
Russian morphological add-on to AltaVista
http://altavista.digital
AltaVista search engine
http://dubna.ru/eros/
Search for people on the Internet by E-MAIL
http://dejanews/
Search in newsgroups
3.1. SEARCH SERVERS (by Software) Search
servers that allow you to find any program on the Internet.
http://softseek/
http://cooltool/
http://slaughterhouse/
http://mediabuilder/
http://davecentral/
http://ftpsearch.ntnu.no/
If you know the name of the file (or at least part of the name) then
You can use this search server (search is performed in FTP
Internet resources).
3. CRACKS AND CRYPTOGRAPHY
Servers dedicated to searching for cracks, hacking programs,
cryptography, etc.
http://astalavista.box.sk/
http://t50/
http://2600/
http://filefactory/
http://avault/
http://ssl.stu.neva.ru/psw/crack.html
http://security.lgg.ru/
http://ted.org/~hmaster
http://chat.ru/~bonez/
http://neworder.box.sk
http://l0pht/index.html
http://leader.ru/cgi-bin/go?secure
http://tamos/privacy/ru/index.html
http://werwolf.de/
http://ntshop.net/
http://geocities/SoHo/Studios/1059/pgp-ru.html
http://halyava.ru/aaalexey/CryptFAQ.html
http://wwwwin.wplus.net/~kvn/index.htm
http://spymarket/
http://halyava.ru/aaalexey/CryptLinks.html
Q: What are some interesting hacker WWWs?
A: Here are a few:
ilf.net (Information Liberation League)
hackerscatalog (no comments)
hackzone.ru (no comments)
radiophone.dhp (hacking cell phones, pagers, etc.).
eurosat (everything about hacking satellite TV programs).
l0pht (a lot)
Q: What freaky WWW can you recommend?
A:
radiophone.dhp — cell phones, pagers
semionoff — a little about A-Key
4. ELECTRONIC LIBRARIES
You can find a huge amount of literature on the listed servers
in electronic form. The topics are very diverse, from works
of classics and science fiction to culinary recipes
http://kulichki./moshkow/
Maxim Moshkov's Library (the largest to date)
http://dali.orgland.ru/tcd/
Igor Zagumenov's Library
http://nmsf.sscc.ru/authors.asp
Dmitry Tribis's Library
http://geocities/Athens/Academy/9997/
Soviet Electronic Library named after V.I. Lenin
http://kulichki./sf/
Library of Science Fiction
http://delfin.ru/biblio/bibliot.htm
Library of Dolphin
http://spmu.runnet.ru/camelot/
Library of Camelot
http://fantasy.ru/
Library of Science Fiction
http://referats.cor bina.ru/
Moscow collection of abstracts
5. SOFTWARE
New software available for download periodically appears on these servers:
http://fosi.da.ru
http://webtownd.da.ru
http://freesoft.ru
http://download.ru
http://download
http://shareware