A I A C A T: 06/23/13

Sunday, 23 June 2013

All about FTP must read

Well, since many of us have always wondered this, here it is. Long and drawn out. Also, before attempting this, realize one thing; You will have to give up your time, effort, bandwidth, and security to have a quality ftp server.

That being said, here it goes. First of all, find out if your IP (Internet Protocol) is static (not changing) or dynamic (changes everytime you log on). To do this, first consider the fact if you have a dial up modem. If you do, chances are about 999 999 out of 1 000 000 that your IP is dynamic. To make it static, just go to a place like h*tp://www.myftp.org/ to register for a static ip address.

You'll then need to get your IP. This can be done by doing this:

Going to Start -> Run -> winipcfg or www.ask.com and asking 'What is my IP?'

After doing so, you'll need to download an FTP server client. Personally, I'd recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and the norm of the ftp world.
You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm

First, you'll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you'll have to go into 'Setup -> General'. From here, type in your port # (default is 21). I recommend something unique, or something a bit larger (ex: 3069). If you want to, check the number of max users (this sets the amount of simultaneous maximum users on your server at once performing actions - The more on at once, the slower the connection and vice versa).

The below options are then chooseable:
-Launch with windows
-Activate FTP Server on Start-up
-Put into tray on startup
-Allow multiple instances
-Show "Loading..." status at startup
-Scan drive(s) at startup
-Confirm exit

You can do what you want with these, as they are pretty self explanatory. The scan drive feature is nice, as is the 2nd and the last option. From here, click the 'options' text on the left column.

To protect your server, you should check 'login check' and 'password check', 'Show relative path (a must!)', and any other options you feel you'll need. After doing so, click the 'advanced' text in the left column. You should then leave the buffer size on the default (unless of course you know what you're doing ), and then allow the type of ftp you want.

Uploading and downloading is usually good, but it's up to you if you want to allow uploads and/or downloads. For the server priority, that will determine how much conventional memory will be used and how much 'effort' will go into making your server run smoothly.

Anti-hammering is also good, as it prevents people from slowing down your speed. From here, click 'Log Options' from the left column. If you would like to see and record every single command and clutter up your screen, leave the defaults.

But, if you would like to see what is going on with the lowest possible space taken, click 'Screen' in the top column. You should then check off 'Log successful logins', and all of the options in the client directry, except 'Log directory changes'. After doing so, click 'Ok' in the bottom left corner.

You will then have to go into 'Setup -> User Accounts' (or ctrl & u). From here, you should click on the right most column, and right click. Choose 'Add', and choose the username(s) you would like people to have access to.

After giving a name (ex: themoonlanding), you will have to give them a set password in the bottom column (ex: wasfaked). For the 'Home IP' directory, (if you registered with a static server, check 'All IP Homes'. If your IP is static by default, choose your IP from the list. You will then have to right click in the very center column, and choose 'Add'.

From here, you will have to set the directory you want the people to have access to. After choosing the directory, I suggest you choose the options 'Read', 'List', and 'Subdirs', unless of course you know what you're doing . After doing so, make an 'upload' folder in the directory, and choose to 'add' this folder seperately to the center column. Choose 'write', 'append', 'make', 'list', and 'subdirs'. This will allow them to upload only to specific folders (your upload folder).

Now click on 'Miscellaneous' from the left column. Choose 'enable account', your time-out (how long it takes for people to remain idle before you automatically kick them off), the maximum number of users for this name, the maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any other things at the bottom you'd like to have. Now click 'Ok'.
**Requested**

From this main menu, click the little boxing glove icon in the top corner, and right click and unchoose the hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click the lightning bolt, and your server is now up and running.

Post your ftp info, like this:

213.10.93.141 (or something else, such as: 'f*p://example.getmyip.com')

User: *** (The username of the client)

Pass: *** (The password)

Port: *** (The port number you chose)

So make a FTP and join the FTP section

Listing The Contents Of A Ftp:

Listing the content of a FTP is very simple.
You will need FTP Content Maker, which can be downloaded from here:
ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip

1. Put in the IP of the server. Do not put "ftp://" or a "/" because it will not work if you do so.
2. Put in the port. If the port is the default number, 21, you do not have to enter it.
3. Put in the username and password in the appropriate fields. If the login is anonymous, you do not have to enter it.
4. If you want to list a specific directory of the FTP, place it in the directory field. Otherwise, do not enter anything in the directory field.
5. Click "Take the List!"
6. After the list has been taken, click the UBB output tab, and copy and paste to wherever you want it.

If FTP Content Maker is not working, it is probably because the server does not utilize Serv-U Software.

If you get this error message:
StatusCode = 550
LastResponse was : 'Unable to open local file test-ftp'
Error = 550 (Unable to open local file test-ftp)
Error = Unable to open local file test-ftp = 550
Close and restart FTP Content Maker, then try again.

error messages:

110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
421 Too many users logged to the same account
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.

Active FTP vs. Passive FTP, a Definitive Explanation

Introduction

One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.

This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...

The Basics

FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.

Active FTP

In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.

From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)
FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)

In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.

The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.

Active FTP Example

Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Passive FTP

In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.

From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)
FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)

In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.

While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.

The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.

With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.

Passive FTP Example

Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Summary

The following chart should help admins remember how each FTP mode works:

Active FTP :
command : client >1024 -> server 21
data : client >1024 <- server 20

Passive FTP :
command : client >1024 -> server 21
data : client >1024 -> server >1024

A quick summary of the pros and cons of active vs. passive FTP is also in order:

Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

Accessing the bindery files directly

1. Introduction

This document describes a command for accessing the NetWare 3.x bindery files directly, bypassing the NetWare network API calls.

It can be used for fast bindery access, bulk user management, bypassingsecurity restrictions, investigating problems etc.

It is quite possible to destroy the bindery completely, or to reveal information which could be used by hackers to obtain passwords. Users are assumed to have a basic grasp of good procedures for security and
backup.

2. Command syntax

The basic format of the command is bindery [options] bindery-spec action action ...

2.1 Specifying a bindery

A bindery specification takes the form path/.extension

E.g. SYS:SYSTEM/.SYS. The path defaults to the current directory. The extension defaults to .OLD.

Alternatively an 'active' bindery can be specified:

SERVER server

The bindery will be closed if necessary.

2.2 Actions on the bindery

INFO print info about the bindery
SCHEMA checks the bindery against the schema in BINDERY.SCH
DUMP obj dump all information for the specified object(s)
OBJ list all object records
PROP list all property records
VAL list all value records
VALDATA list all value records, with data
EXPORT export the bindery to a text file; see below
IMPORT import the bindery from a text file
ETC export user password information, suitable for input to the

password-cracking program described below

The following actions apply only if a bindery has been specified by the SERVER parameter:

CLOSE close the bindery, i.e. make it available for direct access; users attempting to access the bindery via NetWare API calls will receive an error

OPEN open the bindery, which causes the server to reload it and may take some time for large binderies

COPY directory copy the bindery files into a directory elsewhere

3. Export/import

The bindery can be exported to and imported from a text file. This can
be used for various purposes:

- problem diagnosis and repair

- creation of large binderies given a set of user information

- compaction of binderies

- merging binderies or moving users between binderies while
preserving their passwords

To see the format of the export file, try exporting a small bindery.

4. Password cracking

Passwords are not stored in clear in the bindery. What is stored is a 16-byte value computed via a one-way function from the user's object id and the password. Given the object id and password it is possible to
generate a candidate password which can be compared against that in the bindery.

The ETC option of the BINDERY command produces a file containing the required information, in a format superficially similar to /etc/passwd on Unix:

userid:pw-hash:object-id:pw-len:name::

e.g.

ttidy:32d8998e098a05830f809b809ea02137:D0000001:8:Terry Tidy

This can then be input into bindery cracking programs. Separating the functions in this way allows various forms of parallelism:

- the password file can be split into smaller chunks

- the same password file can be worked on by several cracking
programs each with different dictionaries or algorithms

- cracking programs can be run on faster machines

A cracking program BINCRACK is provided which takes such a file as input. It has command syntax:

bincrack [/verify] [/numsub] pw-file dict-file

/verify lists the passwords that are being tried. /numsub tries substituting numbers for letters, e.g. "1D10T". This takes a lot longer as all possible combinations are tried. pw-file is an exported bindery password file. dict-file is a simple word list.

Versions are available for MS-DOS and for Solaris 1 and Solaris 2 SPARC systems.

Suitable wordlists can be found at

ftp://ftp.ox.ac.uk/pub/wordlists/

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A Web Standards Checklist, How to make a proper website

A web standards checklist

The term web standards can mean different things to different people. For some, it is 'table-free sites', for others it is 'using valid code'. However, web standards are much broader than that. A site built to web standards should adhere to standards (HTML, XHTML, XML, CSS, XSLT, DOM, MathML, SVG etc) and pursue best practices (valid code, accessible code, semantically correct code, user-friendly URLs etc).

In other words, a site built to web standards should ideally be lean, clean, CSS-based, accessible, usable and search engine friendly.

About the checklist

This is not an uber-checklist. There are probably many items that could be added. More importantly, it should not be seen as a list of items that must be addressed on every site that you develop. It is simply a guide that can be used:

* to show the breadth of web standards
* as a handy tool for developers during the production phase of websites
* as an aid for developers who are interested in moving towards web standards

The checklist

1.Quality of code

1. Does the site use a correct Doctype?
2. Does the site use a Character set?
3. Does the site use Valid (X)HTML?
4. Does the site use Valid CSS?
5. Does the site use any CSS hacks?
6. Does the site use unnecessary classes or ids?
7. Is the code well structured?
8. Does the site have any broken links?
9. How does the site perform in terms of speed/page size?
10. Does the site have JavaScript errors?

2. Degree of separation between content and presentation

1. Does the site use CSS for all presentation aspects (fonts, colour, padding, borders etc)?
2. Are all decorative images in the CSS, or do they appear in the (X)HTML?

3. Accessibility for users

1. Are "alt" attributes used for all descriptive images?
2. Does the site use relative units rather than absolute units for text size?
3. Do any aspects of the layout break if font size is increased?
4. Does the site use visible skip menus?
5. Does the site use accessible forms?
6. Does the site use accessible tables?
7. Is there sufficient colour brightness/contrasts?
8. Is colour alone used for critical information?
9. Is there delayed responsiveness for dropdown menus (for users with reduced motor skills)?
10. Are all links descriptive (for blind users)?

4. Accessibility for devices

1. Does the site work acceptably across modern and older browsers?
2. Is the content accessible with CSS switched off or not supported?
3. Is the content accessible with images switched off or not supported?
4. Does the site work in text browsers such as Lynx?
5. Does the site work well when printed?
6. Does the site work well in Hand Held devices?
7. Does the site include detailed metadata?
8. Does the site work well in a range of browser window sizes?

5. Basic Usability

1. Is there a clear visual hierarchy?
2. Are heading levels easy to distinguish?
3. Does the site have easy to understand navigation?
4. Does the site use consistent navigation?
5. Are links underlined?
6. Does the site use consistent and appropriate language?
7. Do you have a sitemap page and contact page? Are they easy to find?
8. For large sites, is there a search tool?
9. Is there a link to the home page on every page in the site?
10. Are visited links clearly defined with a unique colour?

6. Site management

1. Does the site have a meaningful and helpful 404 error page that works from any depth in the site?
2. Does the site use friendly URLs?
3. Do your URLs work without "www"?
4. Does the site have a favicon?

1. Quality of code

1.1 Does the site use a correct Doctype?
A doctype (short for 'document type declaration') informs the validator which version of (X)HTML you're using, and must appear at the very top of every web page. Doctypes are a key component of compliant web pages: your markup and CSS won't validate without them.
CODE
http://www.alistapart.com/articles/doctype/

More:
CODE
http://www.w3.org/QA/2002/04/valid-dtd-list.html

CODE
http://css.maxdesign.com.au/listamatic/about-boxmodel.htm

CODE
http://gutfeldt.ch/matthias/articles/doctypeswitch.html

1.2 Does the site use a Character set?
If a user agent (eg. a browser) is unable to detect the character encoding used in a Web document, the user may be presented with unreadable text. This information is particularly important for those maintaining and extending a multilingual site, but declaring the character encoding of the document is important for anyone producing XHTML/HTML or CSS.
CODE
http://www.w3.org/International/tutorials/tutorial-char-enc/

More:
CODE
http://www.w3.org/International/O-charset.html

1.3 Does the site use Valid (X)HTML?
Valid code will render faster than code with errors. Valid code will render better than invalid code. Browsers are becoming more standards compliant, and it is becoming increasingly necessary to write valid and standards compliant HTML.
CODE
http://www.maxdesign.com.au/presentation/sit2003/06.htm

More:
CODE
http://validator.w3.org/

1.4 Does the site use Valid CSS?
You need to make sure that there aren't any errors in either your HTML or your CSS, since mistakes in either place can result in botched document appearance.
CODE
http://www.meyerweb.com/eric/articles/webrev/199904.html

More:
CODE
http://jigsaw.w3.org/css-validator/

1.5 Does the site use any CSS hacks?
Basically, hacks come down to personal choice, the amount of knowledge you have of workarounds, the specific design you are trying to achieve.
CODE
http://www.mail-archive.com/wsg@webstandardsgroup.org/msg05823.html

More:
CODE
http://css-discuss.incutio.com/?page=CssHack

CODE
http://css-discuss.incutio.com/?page=ToHackOrNotToHack

CODE
http://centricle.com/ref/css/filters/

1.6 Does the site use unnecessary classes or ids?
I've noticed that developers learning new skills often end up with good CSS but poor XHTML. Specifically, the HTML code tends to be full of unnecessary divs and ids. This results in fairly meaningless HTML and bloated style sheets.
CODE
http://www.clagnut.com/blog/228/

1.7 Is the code well structured?
Semantically correct markup uses html elements for their given purpose. Well structured HTML has semantic meaning for a wide range of user agents (browsers without style sheets, text browsers, PDAs, search engines etc.)
CODE
http://www.maxdesign.com.au/presentation/benefits/index04.htm

More:
CODE
http://www.w3.org/2003/12/semantic-extractor.html

1.8 Does the site have any broken links?
Broken links can frustrate users and potentially drive customers away. Broken links can also keep search engines from properly indexing your site.

More:
CODE
http://validator.w3.org/checklink

1.9 How does the site perform in terms of speed/page size?
Don't make me wait... That's the message users give us in survey after survey. Even broadband users can suffer the slow-loading blues.
CODE
http://www.websiteoptimization.com/speed/

1.10 Does the site have JavaScript errors?
Internet Explore for Windows allows you to turn on a debugger that will pop up a new window and let you know there are javascript errors on your site. This is available under 'Internet Options' on the Advanced tab. Uncheck 'Disable script debugging'.

2. Degree of separation between content and presentation

2.1 Does the site use CSS for all presentation aspects (fonts, colour, padding, borders etc)?
Use style sheets to control layout and presentation.
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-style-sheets

2.2 Are all decorative images in the CSS, or do they appear in the (X)HTML?
The aim for web developers is to remove all presentation from the html code, leaving it clean and semantically correct.
CODE
http://www.maxdesign.com.au/presentation/benefits/index07.htm

3. Accessibility for users

3.1 Are "alt" attributes used for all descriptive images?
Provide a text equivalent for every non-text element
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-text-equivalent

3.2 Does the site use relative units rather than absolute units for text size?
Use relative rather than absolute units in markup language attribute values and style sheet property values'.
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-relative-units

More:
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-relative-units

CODE
http://www.clagnut.com/blog/348/

3.3 Do any aspects of the layout break if font size is increased?
Try this simple test. Look at your website in a browser that supports easy incrementation of font size. Now increase your browser's font size. And again. And again... Look at your site. Does the page layout still hold together? It is dangerous for developers to assume that everyone browses using default font sizes.

3.4 Does the site use visible skip menus?
A method shall be provided that permits users to skip repetitive navigation links.
CODE
http://www.section508.gov/index.cfm?FuseAction=Content&ID=12

Group related links, identify the group (for user agents), and, until user agents do so, provide a way to bypass the group.
CODE
http://www.w3.org/TR/WCAG10-TECHS/#tech-group-links

...blind visitors are not the only ones inconvenienced by too many links in a navigation area. Recall that a mobility-impaired person with poor adaptive technology might be stuck tabbing through that morass.
CODE
http://joeclark.org/book/sashay/serialization/Chapter08.html#h4-2020

More:
CODE
http://www.niehs.nih.gov/websmith/508/o.htm

3.5 Does the site use accessible forms?
Forms aren't the easiest of things to use for people with disabilities. Navigating around a page with written content is one thing, hopping between form fields and inputting information is another.
CODE
http://www.htmldog.com/guides/htmladvanced/forms/

More:
CODE
http://www.webstandards.org/learn/tutorials/accessible-forms/01-accessible-forms.html

CODE
http://www.accessify.com/tools-and-wizards/accessible-form-builder.asp

CODE
http://accessify.com/tutorials/better-accessible-forms.asp

3.6 Does the site use accessible tables?
For data tables, identify row and column headers... For data tables that have two or more logical levels of row or column headers, use markup to associate data cells and header cells.
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-table-headers

More:
CODE
http://www.bcc.ctc.edu/webpublishing/ada/resources/tables.asp

CODE
http://www.accessify.com/tools-and-wizards/accessible-table-builder_step1.asp

CODE
http://www.webaim.org/techniques/tables/

3.7 Is there sufficient colour brightness/contrasts?
Ensure that foreground and background colour combinations provide sufficient contrast when viewed by someone having colour deficits.
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-colour-contrast

More:
CODE
http://www.juicystudio.com/services/colourcontrast.asp

3.8 Is colour alone used for critical information?
Ensure that all information conveyed with colour is also available without colour, for example from context or markup.
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-colour-convey

There are basically three types of colour deficiency; Deuteranope (a form of red/green colour deficit), Protanope (another form of red/green colour deficit) and Tritanope (a blue/yellow deficit- very rare).

More:
CODE
http://colourfilter.wickline.org/

CODE
http://www.toledo-bend.com/colourblind/Ishihara.html

CODE
http://www.vischeck.com/vischeck/vischeckURL.php

3.9 Is there delayed responsiveness for dropdown menus?
Users with reduced motor skills may find dropdown menus hard to use if responsiveness is set too fast.

3.10 Are all links descriptive?
Link text should be meaningful enough to make sense when read out of context - either on its own or as part of a sequence of links. Link text should also be terse.
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-meaningful-links

4. Accessibility for devices.

4.1 Does the site work acceptably across modern and older browsers?

Before starting to build a CSS-based layout, you should decide which browsers to support and to what level you intend to support them.
CODE
http://www.maxdesign.com.au/presentation/process/index_step01.cfm

4.2 Is the content accessible with CSS switched off or not supported?
Some people may visit your site with either a browser that does not support CSS or a browser with CSS switched off. In content is structured well, this will not be an issue.

4.3 Is the content accessible with images switched off or not supported?
Some people browse websites with images switched off - especially people on very slow connections. Content should still be accessible for these people.

4.4 Does the site work in text browsers such as Lynx?
This is like a combination of images and CSS switched off. A text-based browser will rely on well structured content to provide meaning.

More:
CODE
http://www.delorie.com/web/lynxview

4.5 Does the site work well when printed?
You can take any (X)HTML document and simply style it for print, without having to touch the markup.
CODE
http://www.alistapart.com/articles/goingtoprint/

More:
CODE
http://www.d.umn.edu/itss/support/Training/Online/webdesign/css.html#print

4.6 Does the site work well in Hand Held devices?
This is a hard one to deal with until hand held devices consistently support their correct media type. However, some layouts work better in current hand-held devices. The importance of supporting hand held devices will depend on target audiences.

4.7 Does the site include detailed metadata?
Metadata is machine understandable information for the web
CODE
http://www.w3.org/Metadata/

Metadata is structured information that is created specifically to describe another resource. In other words, metadata is 'data about data'.

4.8 Does the site work well in a range of browser window sizes?
It is a common assumption amongst developers that average screen sizes are increasing. Some developers assume that the average screen size is now 1024px wide. But what about users with smaller screens and users with hand held devices? Are they part of your target audience and are they being disadvantaged?

5. Basic Usability

5.1 Is there a clear visual hierarchy?
Organise and prioritise the contents of a page by using size, prominence and content relationships.
CODE
http://www.great-web-design-tips.com/web-site-design/165.html

5.2 Are heading levels easy to distinguish?
Use header elements to convey document structure and use them according to specification.
CODE
http://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-logical-headings

5.3 Is the site's navigation easy to understand?
Your navigation system should give your visitor a clue as to what page of the site they are currently on and where they can go next.
CODE
http://www.1stsitefree.com/design_nav.htm

5.4 Is the site's navigation consistent?
If each page on your site has a consistent style of presentation, visitors will find it easier to navigate between pages and find information
CODE
http://www.juicystudio.com/tutorial/accessibility/navigation.asp

5.5 Does the site use consistent and appropriate language?
The use of clear and simple language promotes effective communication. Trying to come across as articulate can be as difficult to read as poorly written grammar, especially if the language used isn't the visitor's primary language.
CODE
http://www.juicystudio.com/tutorial/accessibility/clear.asp

5.6 Does the site have a sitemap page and contact page? Are they easy to find?
Most site maps fail to convey multiple levels of the site's information architecture. In usability tests, users often overlook site maps or can't find them. Complexity is also a problem: a map should be a map, not a navigational challenge of its own.
CODE
http://www.useit.com/alertbox/20020106.html

5.7 For large sites, is there a search tool?
While search tools are not needed on smaller sites, and some people will not ever use them, site-specific search tools allow users a choice of navigation options.

5.8 Is there a link to the home page on every page in the site?
Some users like to go back to a site's home page after navigating to content within a site. The home page becomes a base camp for these users, allowing them to regroup before exploring new content.

5.9 Are links underlined?
To maximise the perceived affordance of clickability, colour and underline the link text. Users shouldn't have to guess or scrub the page to find out where they can click.
CODE
http://www.useit.com/alertbox/20040510.html

5.10 Are visited links clearly defined?
Most important, knowing which pages they've already visited frees users from unintentionally revisiting the same pages over and over again.
CODE
http://www.useit.com/alertbox/20040503.html

6. Site management

6.1 Does the site have a meaningful and helpful 404 error page that works from any depth in the site?
You've requested a page - either by typing a URL directly into the address bar or clicking on an out-of-date link and you've found yourself in the middle of cyberspace nowhere. A user-friendly website will give you a helping hand while many others will simply do nothing, relying on the browser's built-in ability to explain what the problem is.
CODE
http://www.alistapart.com/articles/perfect404/

6.2 Does the site use friendly URLs?
Most search engines (with a few exceptions - namely Google) will not index any pages that have a question mark or other character (like an ampersand or equals sign) in the URL... what good is a site if no one can find it?
CODE
http://www.sitepoint.com/article/search-engine-friendly-urls

One of the worst elements of the web from a user interface standpoint is the URL. However, if they're short, logical, and self-correcting, URLs can be acceptably usable
CODE
http://www.merges.net/theory/20010305.html

More:
CODE
http://www.sitepoint.com/article/search-engine-friendly-urls

CODE
http://www.websitegoodies.com/article/32

CODE
http://www.merges.net/theory/20010305.html

6.3 Does the site's URL work without "www"?
While this is not critical, and in some cases is not even possible, it is always good to give people the choice of both options. If a user types your domain name without the www and gets no site, this could disadvantage both the user and you.

6.4 Does the site have a favicon?
A Favicon is a multi-resolution image included on nearly all professionally developed sites. The Favicon allows the webmaster to further promote their site, and to create a more customized appearance within a visitor's browser.
CODE
http://www.favicon.com/

Favicons are definitely not critical. However, if they are not present, they can cause 404 errors in your logs (site statistics). Browsers like IE will request them from the server when a site is bookmarked. If a favicon isn't available, a 404 error may be generated. Therefore, having a favicon could cut down on favicon specific 404 errors. The same is true of a 'robots.txt' file.

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A very small tut for RealMedia

You may find this helpful if you donwload hundreds of short episodes in rm format like me and tired of double-click to open next files.

Very easy. Use notepad to open a new file, type this inside:
file://link to file1
file://link to file2
(type as many as you want)
Close file. Rename it to FileName.rm

Then you`re done!!!!

Ex:
I put my playlist file here: C:\Movies\7VNR
And the movie files are in C:\Movies\7VNR\DragonBall

Then inside my playlist file I`ll have something like this:

file://DragonBall/db134.rm
file://DragonBall/db135.rm
file://DragonBall/db136.rm
file://DragonBall/db137.rm
file://DragonBall/db138.rm

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A Small Guide to Hacking HOTMAIL

HOTMAIL HACKING INFO.

I_1_I - Brute force hacking

a. Use telnet to connect to port 110 (Hotmail´s pop-server)
b. Type USER and then the victim´s username
c. Type PASS and then the guess a password
d. Repeat that until U have found the correct password. !.
This is called brute force hacking and requires patience. It´s better than trying to guess the victims password on hotmail homepage only because it´s faster. ____

I_2_I - The Best way

a. Get the username of the victim (It usually stands in the adress-field )
b. Then type " www.hotmail.com/cgi-bin/start/victimsusername "
c. U´re in! !. This hack only work if U are on the same network or computer as the victim and if he don´t log out. ____

I_3_I - The old way

a. Go to http://www.hotmail/proxy.html
b. Now type the victims username. (press login)
c. Look at the source code.
d. On the fifth row U should find "action=someadress"
e. Copy that adress and paste it into the adress-field
f. You are in... !. As you can see it´s a long procedure and the victim have plenty of time to log out. ____

I_4_I - Another...

a. Go to hotmail´s homepage
b. Copy the source code.
c. Make a new html file with the same code but change method=post to method=enter
d. "view" the page
e. Change the adress to www.hotmail.com/ (don´t press enter!)
f. Make the victim type in his username and password
g. Look in the adress-field. There you´ll see ...&password:something... !.

This is the way I use, because it lets you know the password. (If he exits the browser U can see the password in the History folder!)

READ! Hotmail´s sysops have changed the "system" so that the victim may log out even if U are inside his/her account. So don´t waste U´r time!

---

So you want to get some hotmail passwords? This is pretty easy to do once you have got the hang of it. If you are a beginner, I wouldn't make this your first attempt at hacking. When you need to do is use a port surfer and surf over to port 80. While there, you have to try and mail the user that you want the password from. It is best to mail them using the words "We" and "Here at Hotmail..." Most suckers fall for this and end up giving out their password. There is another way to also, you can get an anon mailer, and forge the addres as staff@hotmail.com. But you have to change the reply address to go to a different addres like user@host.com. The person that you are trying to get the pass from MUST respond to that letter for the mail to be forwarded to you. Have text like "Please reply to this letter with the subject "PASSWORD" and underneith please include your user name and password. If you have trouble Loging in withing the next few days, this is only because we are updating our mail servers but no need to worry, your mail will still be there. Even though the server may be down for an hour. From the staff at Hotmail, Thank You."

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A Short HACKER SPEAK Glossary

A Short 'HACKERSPEAK' Glossary - A reference to a few of the terms used by many computer hackers. - (Researched and compiled by members of the Hollywood User Group) -

arg - (argh) noun. An argument, in the mathematical sense.

automagically - adverb. Automatically, but in a way which, for some reason (for example, because it's too complicated or too trivial) the speaker doesn't feel like explaining.

bells and whistles - n. Unnecessary (but often convenient, useful, good-looking, or amusing) features of a program or other object. Added to a bare-bones, working program.

bit - n. 1) A unit of information obtained by asking a question (e.g. - 'I need a few bits about Punter protocol') 2) A mental flag; reminder that something should be done eventually.

buffer - verb. The act of saving or setting aside something to be done later. (e.g. - 'I'm going to buffer that and go eat now').

bug - n. A problem or mistake; unwanted property or side effect. Usually of a program, but can refer to a person. Can be very simple or very complicated. Antonym: FEATURE.

bum - v. To improve something by rearranging or removing its parts. Most often done to a program to increase speed or save memory space, usually at the expense of clarity.

buzz - v. Of a program, to run without visible progress or certainty of finishing. Resembles CATATONIA except that a buzzing loop may eventually end.

canonical - (ki NAHN i kil) adjective. Standard, usual or ordinary way of doing something.

catatonia - n. A condition in which something is supposed to happen, but nothing does. (e.g. - Nothing you type will appear on the screen. It's catatonic. Often means a CRASH has occured.)

crash - 1) n. Sudden, drastic failure. Usually refers to a complete computer system or program. 2) v. To fail suddenly or cause to fail. 3) v. Of people, to go to sleep.

creeping featurism - n. Tendency for anything complicated to become even more so because people keep saying, 'Hey, it would be terrific if the program had this feature, and could do this, and...' The result is a patchwork program, confusing to read, with a lot of 'neat' features.

crock - n. Said of a program that works, but in an extremely awkward or cumbersome manner.

crunch - v. To process, usually in a time-consuming, complex way. Example: Performing large, repetitive numerical computations is called 'number crunching'. 2) v. To reduce the size of a file (often in a complicated way) to save space.

dec'ed out - (decked out) adj. Stoned, drunk (and possibly trying to program, regardless). Uncomplimentary. Derives from the 65-- series ML opcode DECrement, i.e.: decrease a value.

elegant - adj. Said of a piece of code that does the RIGHT THING in a way beautiful to look at.

feature - n. An extra property or behaviour added to a program that already does the job. May or may not be useful, necessary or convenient.

fencepost error - n. A mathematical 'off-by-one' error. Most often found in programs that must count loops (it will count one time too many, or too few). Term comes from the problem: 'If you build a fence 100 feet long with posts 10 feet apart, how many posts fo you need?' Example: Suppose you want to process an array of items x thru y. How many are there? The correct answer is x-y+1 (not x-y, which would be off by one).

flavor - n. variety, kind, type. (flavorful - adj. Aesthetically pleasing).

flush - v. To scratch, delete or destroy something. Often something superfluous or useless.

fudge - v. Perform in an incomplete, but marginally acceptable way. 'I fudged it, so it works.'

GC - (jee see) 1) v. To clean up, throw away useless things. 2) To forget. GC is an abreviation of the term 'Garbage Collection', the common method of freeing up memory space.

glitch - n. Sudden interruption in electrical service, common sense, or program function. Usually happens only when you pray that it doesn't.

grovel - v. To work interminably, examine minutely or in extreme detail.

gun - v. To forcibly terminate a program. 'It was a boring display, so I gunned it.'

hack - n. An appropriate application of ingenuity. It could be a quick-and-dirty bug fix, or a time-consuming and elegant work of art. A clever technique.

hack value - n. The motivation for expending effort and time toward a seemingly pointless goal, the point being the resulting hack.

hack attack - n. Period of greatly increased hacking activity. Not to be confused with a Mac-Attack.

hacker - n. 1) One who greatly enjoys learning the details of a computer system and how to stretch their capabilities (as opposed to REAL USERS who learn only the minimum amount necessary). 2) One who programs enthusiastically, rather than just theorizing about it. 3) One capable of appreciating HACK VALUE. 4) An expert of any kind 5) A malicious or inquisitive meddler (in the case of a 'system hacker' or a 'password hacker').

inc it up - (also 'incing') v. Specifically related to studying, reading, or learning ML. Derives from the 65-- series ML instruction INCrement a value; i.e. increase it.

jock - n. Programmer characterized by the large, cumbersome, brute-force programs he/she writes. The programs may work, but slowly, inelegantly, or in an ugly way.

kludge - (kloog) 1) n. Clever programming trick, most often to fix a bug. Efficient, but maybe unclear. 2) v. To insert a kludge into a program (to fix a bug or add a feature).

magic - adj. Something as yet unexplained or too complex to imagine.

M&M's - n. Mental and Midget; i.e. Mental Midget. Uncomplimentary term applied most often to 'system hackers' who intrude for disruptive or destructive purposes (like to crash BBS's).

misfeature - n. A FEATURE that eventually turns out to be more trouble than it was worth, possibly because it is inadequate for a new user or situation that has evolved. Misfeatures are different from bugs or side-effects in that they are often more basic to the program design and, at one time, were carefully planned.

moby - 1) adj. Immense, complex, or impressive. 2) n. Total size of a computers address space.

mode - n. A general state. Examples: DAY MODE - state a person is in when s/he is working days and sleeping nights.

mumble - interjection. Said when the correct response is too complicated to put into words or has not been thought out. Can indicate a reluctance to enter a long discussion.

mumblage - n. The subject matter of one's mumbling. Replaces 'all that stuff'.

nop around (or nopping) - v. Hanging out; not doing much; not programming. Derives from the 65-- series ML instruction code 'NOP' (No OPeration).

obie (or o.b.) - n. Derives from a pun with the word 'OverByte'. Usually relates to a ML routine that doesn't work because of some small mistake, possibly an incorrect addressing mode or even a typing error. Most often one or two bytes wrong.

patch - 1) n. Piece of code intended as a quick-and-dirty remedy to a BUG or MISFEATURE. 2) v. To fix something temporarily; insert a patch into a piece of code; make the main program machine-specific.

punt - v. To give up; decide not to do.

rave - v. 1) To persist in discussing something. 2) To speak authoritatively about that which one knows very little. 3) To proselytize.

real user - n. A commercial user; a non-hacker who uses computer applications only.

Real World, The - n. 1) Places where programs have only business applications. 2) Institutions such as IBM. 3) The location of non-programmers and non-programming activity. The first two definitions are uncomplimentary; the third is not.

Right Thing, The - n. that which is obviously the appropriate thing to use, do, say, etc.

rude - (rood or roo-day) adj. Programs badly written or functionally poor.

sacred - adj. Reserved for the exclusive use of something. Usually refers to memory location or register that shouldn't be used because what is stored there must not change.

slurp - v. To read a large data file into memory before using or processing data.

smart - adj. Said of a program (or something) that does THE RIGHT THING.

SMOP - n. An acronym for a 'Small Matter Of Programming'. A piece of code that would not at all be hard to write, but would take a very long time because of its size. Not worth the trouble.

snail mail - n. Mail sent via Post Office, rather than electronically.

software rot - n. Hypothetical disease that causes working programs to stop working when unused for a period of time.

tense - adj. Of programs, very clever and efficient. A tense programmer produces tense code.

vanilla - adj. Standard, usual, or ordinary FLAVOR.

zero - v. 1) To set a bit or variable to zero. 2) To erase, or discard all data from.

zorch - v. 1) To move quickly. 2) Influences. 3) Energy or ability.

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A List Of Government BBS Numbers

FEDERAL GOVERNMENT BULLETIN BOARD SYSTEMS (Last Updated: 8/23/94)

OPM BBSs:
~~~~~~~~
MAINSTREET............. (202) 606-4800
Fed Pers & Job Info from
OPM's Agencywide BBS

Federal Jobline......... (818) 575-6521
Fed Pers & Job Info from
OPM's Western Region BBS

Fed Job Opp Board (FJOB) (912) 757-3100
Fed Pers & Job Info from
OPM's Macon, GA Service Ctr

FEDJOBS................. (215) 580-2216
Fed Pers & Job Info from
OPM's Philadelphia Region BBS

PayPerNet#1 ............ (202) 606-2675
Fed. Pay & Per. Mgmt Info
from OPM (Line #1)

PayPerNet#2 ............ (202) 606-1876
Fed. Pay & Per. Mgmt Info
from OPM (Line #2)

WASNET ................. (202) 606-1113
OPM Wash Area Serv Ctr BBS;
phone first: 202-606-1848

OTHER FEDERAL BBSs:
~~~~~~~~~~~~~~~~~~
AGRICULTURE DEPT
Agriculture Library 301-504-6510/301-504-5496
Biological Impact Assessment 703-231-3858/800-624-2723
Commercial Information Delivery Service (Must subscribe first: 202-720-5505)
Economic Research Service 800-821-6229
Human Nutrition Information Service 301-436-5078
IndiaNET (USDA & EPA) 605-393-0468

AIR FORCE DEPT

Air Force Small Business BBS 800-821-6229 (type SIGNUP)
Small Computer Support Center 406-731-2503
ULANA BBS (AF Engrg Installation) 405-736-0928
ULANA II (AF Engrg Installation) 405-741-0824

Competition Advocate (AF Space Command) (Call voice first: 719-554-5325)

Standard Systems Center    205-416-5651
Hill AFB     801-774-6509

Argonne National Laboratory     708-252-8241

ARMY DEPT
Integration & Analysis Center (IMA)    703-285-6400/6401
Automated Specification Criteria (Corps 916-557-7997/800-445-8644
of Engrs)
Data Distribution System (Engrg &    703-355-2185
Housing Supp Ctr)
Morale, Welfare, and Recreation (MDW)     202-475-7543
Software Engrg Support BBS (Army Sfw Ctr) 703-285-9637

Bureau of Mines (Minerals production) 202-501-0373

Bureau of Prisons 202-514-6102

CENSUS BUREAU
Census BEA Electronic Forum    301-763-7554
Census Personnel BBS    301-763-4574

COAST GUARD
Coast Guard Online Magazine & News 202-267-4644
Global Positioning System BBS     703-866-3894/703-313-5910

COMMERCE DEPT
Radio Frequency Mgmt Issues (NTIA) 202-482-1199
Economic BBS     202-482-3870
Planning & Budget BBS 202-482-1423

Customs Service    703-440-6155

DC Government    202-727-6668

DEFENSE DEPT
ADA Information Clearinghouse 703-614-0215
Export License I 703-697-6109
DISA Acquisition Clearinghouse 618-256-9200
DISA Info Technology Acquisition 618-744-8787
DOD IGNet 703-604-5768

Defense Logistics Agency DASC-ZE BBS 703-274-5863

Defense Mapping Agency NAVINFONET BBS 301-227-4424
(Marine advisories)

Defense Technology Security Admin ELISA I 703-697-6109
(Export license status)

EDUCATION DEPT
Educational Research & Improvement 202-219-2011
National Education BBS 800-222-4922/202-219-1511

ENERGY DEPT
Megawatts 202-586-0739
Civilian Radioactive Waste Mgmt Infolink (Call voice first:
800-225-6972)
Energy Information Admin BA BBS 202-586-2557
Office of Fossil Energy FE Telenews 202-586-6496
Office of Minority Economic Impact 800-543-2325/202-586-1561

ENVIRONMENTAL PROTECTION AGENCY (EPA)
EPA Region 4 404-347-1767
EPA Region 10 206-553-2241
Alternative Treatment Tech Info 301-670-3813/3808
Center (ATTIC)
Wetlands, Oceans, & Watersheds 301-589-0205
Pesticide Information Network 703-305-5919
Pollution Prevention BBS 800-658-8815/703-506-1025
Research & Development BBS 513-569-7610/800-258-9605
Technology Transfer Network 919-541-1447/919-541-5742
Cleanup Information 301-589-8366
Solid Waste Management 800-544-1936
EPA/NOAA Gulfline 800-235-4662/601-688-2677
Ocean & Coastal Protection 202-260-8482
Division CoastNet
Online Library System (OLS) 919-549-0700 (2400)
(NOTE: 7-E-1 HALF Duplex) 919-549-0720 (9600)
Office of Air Quality Planning 919-541-1325
Center for Exposure Assessment Modeling 706-546-3402

Export-Import Bank - EXIMBANK BBS 202-566-4699

FEDERAL AVIATION ADMINISTRATION
Air Traffic Operations Service 202-267-5331
Air Transport Division 202-267-5231
FAA Airports 202-267-5205
FAA Headquarters BBS 202-267-5697
Navigation & Landing 202-267-6547
Office of Environment & Energy 202-267-9647
FAA Safety Exchange 800-426-3814
Orlando Flight Service District 407-648-6309
Office Pilot Examiner 405-684-4530/405-954-4530
Portland Master Minimum Equipment 207-780-3297
List

FEDERAL COMMUNICATIONS COMMISSION
FCC State Link 202-632-1361
FCC Public Access Link 301-725-1072

FEDERAL EMERGENCY MANAGEMENT AGENCY
Hazardous Materials 708-972-3275
State/Local Emergency Management 202-646-2887

Federal Energy Regulatory Commission:
Issuance Posting System 202-208-1397

Federal Highway Administration FEEBS 202-366-3764

Federal Information Exchange FEDIX 800-232-4879

FEDERAL RESERVE BANK
Dallas: Federal Reserve Economic Data 214-922-5199
Minneapolis: Electronic Database 612-340-2489
St. Louis: Federal Reserve Economic Data 314-621-1824

FEDERAL SUPPLY SERVICE
Automated Product Listing Service 703-305-6570
Multiuse File For Interagency News 202-205-3890

Food & Drug Administration 301-443-7496

Government Accounting Office GAO WATCHDOG 202-371-2455

GEOLOGICAL SURVEY
Quick Epicenter Determination 800-358-2663
Geological Survey BBS/CD-ROM Info 703-648-4168

Government Printing Office
FEDERAL BULLETIN BOARD 202-512-1387

GPS Global Positioning 703-866-3890

GENERAL SERVICES ADMINISTRATION
Cooperative Administrative Support 202-653-7516
Program
Consumer Information Center 202-208-7679
GSA Schedule 202-501-7254
Office of IRM OFIRM BBS 202-208-7484

HEALTH & HUMAN SERVICES DEPT
Administration for Children & Families 202-401-5800
National Institute on Alcohol Abuse 202-289-4112
Office of the Asst Secretary of Health 202-690-5423
Social Security Administration 410-965-1133
(Annual Wage Reporting BBS)
Social Security Administration 410-966-5051

Housing & Urban Development Dept 202-708-3563

INTERIOR DEPT
Fish & Wildlife Service 303-226-9365
Geological Survey 703-648-4168
Indian Health Service 401-443-9517
Office of Environmental Affairs 202-208-7119
Offshore Statistics & Information 703-787-1225

INTERNAL REVENUE SERVICE
ISM Support Information System 202-219-9977
Statistics of Income 202-874-9574
Martinsburg Info Reporting Project 304-263-2749

JUSTICE DEPT
Criminal Justice Reference Service 301-738-8895
SEARCH-BBS 916-392-4640

LABOR DEPT
Labor News 202-219-4784
Office of Public Affairs 202-523-4784

LIBRARY OF CONGRESS
News Service 202-707-3854
Automated Library Information 202-707-4888

Maritime Admin/Market Promotion 202-366-8505

NAPO/AIDS Info & Reports 202-690-5423

NATIONAL AERONAUTICS & SPACE ADMIN
Marshall Space Flight Ctr NASA SPACELINK 205-895-0028
NASA JSC Houston 713-483-5817
NASA JPL 818-354-1333

National Archives FREND (Fed. Register 202-275-0920
Electronic News Delivery)

NATIONAL INSTITUTE OF STANDARDS & TECHNOLOGY
Center for Fire Research 301-990-2272
Computer Security 301-948-5140/5717
Data Management Information 301-948-2059/2048
North American ISDN Users Forum 301-869-7281

National Institutes of Health
PC BULL 301-480-8400
NIH Information Center 301-480-5144

NATIONAL OCEANIC & ATMOSPHERIC ADMIN
Space Environment Lab 303-497-5000
Marine Data Computer 301-713-4573
Environmental Services Data Directory 205-606-4666
NOAA Library 303-497-5848
National Geo Data Center 303-497-7319

NATIONAL SCIENCE FOUNDATION
Fed. R&D, Tech Labor Market Stats 202-634-1764
Science & Technology Information 202-357-0359
System

National Tech. Info. Service (NTIS)

FEDWorld 703-321-8970/8020

National Tele. & Info Admin 202-482-1199

National Weather Service 301-899-0827

NAVY DEPT
IRM College Recruitment BBS 804-445-2104/804-843-4093
Online Automated System 804-445-1627
ADA Technical Support BBS 804-444-7841
Naval Reserve Force BBS 504-254-7776
JAGNet 703-325-0748
CINCLANTFLT BBS 804-445-1146
COMNAVSURFPAC/COMNAVAIRPAC 619-556-0135/0136
COMSUBLANT 804-445-8657
Defense Energy Information System (DEIS) 805-982-5300/805-984-0686
NAS Pax River (MilECHO MetroLink) 301-826-4805
Fleet Imaging BBS 804-433-2534
General Purpose Electronic Test Equipment 301-862-8048
(GPETE)
Naval Aviation Maintenance Office, 301-826-3626
Pax River
Naval Air Warfare Center, Indianapolis 317-351-4992
Naval Energy BBS 805-985-5062
Naval Justice School 401-841-3990
Pacific Missile Test Center 805-989-8722
SIMA, Portsmouth, VA 804-396-0158

Office of Government Ethics 202-523-1186

OFFICE OF PERSONNEL MANAGEMENT
OPM Mainstreet............. 202 606-4800
Fed Personnel Issues,
Policy, & Job Info from
OPM's Agencywide/Nationwide BBS
Federal Jobline......... 818 575-6521

Fed Pers & Job Info from
OPM's Western Region BBS
Fed Job Opp Board (FJOB) 912 757-3100
Fed Pers & Job Info from
OPM's Macon, GA Service Ctr
FEDJOBS................. 215 580-2216
Fed Pers & Job Info from
OPM's Philadelphia Region BBS
PayPerNet ............ 202 606-2675/1876
Fed. Pay & Per. Mgmt Info
from OPM
WASNET ................. 202 606-1113
OPM Wash Area Serv Ctr BBS;
phone first: 202-606-1848

SMALL BUSINESS ADMINISTRATION
SBA DC Metro 202-401-9600
SBA National 800-697-INFO
SBA Internal 202-205-6269

STATE DEPT
Automated License Status System 703-875-7350
Consular Affairs 202-647-9225
Passport Info/Travel Alerts 202-647-9225
PerManNet 703-715-9806

TREASURY DEPT/Financial Management Service
Inventory Rates 202-287-0767
Federal Bond Approvals 202-287-1295/202-874-7214

U.S. CONGRESS
Federal Whistleblower BBS 202-225-5527

U.S. COURTS
1st Circuit Court of Appeals 617-223-4640
4th Circuit Court of Appeals 804-771-8084
5th Circuit Court of Appeals 504-589-6850
6th Circuit Court of Appeals 513-684-2842
7th Circuit Court of Appeals 312-435-5560
8th Circuit Court of Appeals 314-539-3576
9th Circuit Court of Appeals 415-744-9022
U.S. District Court E Pennsylvania 215-597-0646

DEPARTMENT OF VETERANS AFFAIRS
American Veterans Network 410-761-3406
United States Veterans BBS 612-588-7563

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A Guide to the Easiest Hacking

Most FTP servers have the directory /pub which stores all the 'public' information for you to download. But along side /pub you will probably find other directorys such as /bin and /etc its the /etc directory which is important. In this directory there is normally a file called passwd. .

This looks something like this :- root:7GHgfHgfhG:1127:20:Superuser jgibson:7fOsTXF2pA1W2:1128:20:Jim Gibson,,,,,,,:/usr/people/jgibson:/bin/csh tvr:EUyd5XAAtv2dA:1129:20:Tovar:/usr/people/tvr:/bin/csh mcn:t3e.QVzvUC1T.:1130:20:Greatbear,,,,,,,:/usr/people/mcn:/bin/csh mouse:EUyd5XAAtv2dA:1131:20:Melissa P.:/usr/people/mouse:/bin/csh

This is where all the user names and passwords are kept. For example, root is the superuser and the rest are normal users on the site. The bit after the word root or mcn such as in this example (EUyd5XAAtv2dA) is the password BUT it is encrypted. So you use a password cracker....which you can d/l from numerous sites which I will give some URL's to at the end of this document.

With these password crackers you will be asked to supply a passwd. file which you download from the \etc directory of the FTP server and a dictionary file which the crackers progam will go through and try to see if it can make any match. And as many people use simple passwords you can use a 'normal' dictionary file. But when ppl REALLY don't want you to break their machines they set their passwords to things such as GHTiCk45 which Random Word Generator will create (eventually ).

Which is where programs such as Random Word Generator come in. ( Sorry just pluging my software ) BTW the bad news is that new sites NORMALLY have password files which look like this :- root:x:0:1:0000-Admin(0000):/:/sbin/sh The x signifies shadowed - you can't use a cracker to crack it because there's nothing there to crack, its hidden somewhere else that you can't get to. x is also represented as a * or sometimes a . Ones like the top example are known as un-shadowed password files normally found at places with .org domain or .net and prehaps even .edu sites. (Also cough .nasa.gov cough sites). If you want a normal dictionary file i recommend you go to http://www.globalkos.org and download kOS Krack which has a 3 MEG dictionary file. Then run a .passwd cracking program such as jack the ripper or hades or killer crack ( I recommend ) against the .passwd file and dictionary file. Depending upon the amount of passwords in the .passwd file, the size of the dictionary file and the speed of the processor it could be a lengthy process. Eventually once you have cracked a password you need a basic knowledge of unix.

I have included the necassary commands to upload a different index.html file to a server :- Connect to a server through ftp prefably going through a few shells to hide your host and login using the hacked account at the Login: Password: part. Then once connected type dir or list If there's a directory called public_html@ or something similar change directory using the Simple dos cd command ( cd public_html )

Then type binary to set the mode to binary transfer ( so you can send images if necassary ) Then type put index.html or whatever the index file is called. It will then ask which transfer you wish to use, Z-Modem is the best. Select the file at your end you wish to upload and send it. Thats it ! If you have root delete any log files too. Please note that this process varys machine to machine.

To change the password file for the account ( very mean ) login in through telnet and simply type passwd at the prompt and set the password for the account to anything you wish. Thats it....if ya don't understand it read it about 10x

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A Guide to Internet Security: Becoming an Uebercracker and Becoming an UeberAdmin to stop Uebercrackers.

This is a paper will be broken into two parts, one showing 15 easy steps to becoming a uebercracker and the next part showing how to become a ueberadmin and how to stop a uebercracker. A uebercracker is a term phrased by Dan Farmer to refer to some elite (cr/h)acker that is practically impossible to keep out of the networks. Here's the steps to becoming a uebercracker.

Step 1. Relax and remain calm. Remember YOU are a Uebercracker.

Step 2. If you know a little Unix, you are way ahead of the crowd and skip past step 3.

Step 3. You may want to buy Unix manual or book to let you know what ls,cd,cat does.

Step 4. Read Usenet for the following groups: alt.irc, alt.security, comp.security.unix. Subscribe to Phrack@well.sf.ca.us to get a background in uebercracker culture.

Step 5. Ask on alt.irc how to get and compile the latest IRC client and connect to IRC.

Step 6. Once on IRC, join the #hack channel. (Whew, you are half-way there!)

Step 7. Now, sit on #hack and send messages to everyone in the channel saying "Hi, Whats up?". Be obnoxious to anyone else that joins and asks questions like "Why cant I join #warez?"

Step 8. (Important Step) Send private messages to everyone asking for new bugs or holes. Here's a good pointer, look around your system for binary programs suid root (look in Unix manual from step 3 if confused). After finding a suid root binary, (ie. su, chfn, syslog), tell people you have a new bug in that program and you wrote a script for it. If they ask how it works, tell them they are "layme". Remember, YOU are a UeberCracker. Ask them to trade for their get-root scripts.

Step 9. Make them send you some scripts before you send some garbage file (ie. a big core file). Tell them it is encrypted or it was messed up and you need to upload your script again.

Step 10. Spend a week grabbing all the scripts you can. (Dont forget to be obnoxious on #hack otherwise people will look down on you and not give you anything.)

Step 11. Hopefully you will now have atleast one or two scripts that get you root on most Unixes. Grab root on your local machines, read your admin's mail, or even other user's mail, even rm log files and whatever temps you. (look in Unix manual from step 3 if confused).

Step 12. A good test for true uebercrackerness is to be able to fake mail. Ask other uebercrackers how to fake mail (because they have had to pass the same test). Email your admin how "layme" he is and how you got root and how you erased his files, and have it appear coming from satan@evil.com.

Step 13. Now, to pass into supreme eliteness of uebercrackerness, you brag about your exploits on #hack to everyone. (Make up stuff, Remember, YOU are a uebercracker.)

Step 14. Wait a few months and have all your notes, etc ready in your room for when the FBI, Secret Service, and other law enforcement agencies confinscate your equipment. Call eff.org to complain how you were innocent and how you accidently gotten someone else's account and only looked because you were curious. (Whatever else that may help, throw at them.)

Step 15. Now for the true final supreme eliteness of all uebercrackers, you go back to #hack and brag about how you were busted. YOU are finally a true Uebercracker. Now the next part of the paper is top secret. Please only pass to trusted administrators and friends and even some trusted mailing lists, Usenet groups, etc. (Make sure no one who is NOT in the inner circle of security gets this.) This is broken down on How to Become an UeberAdmin (otherwise know as a security expert) and How to stop

Uebercrackers.

Step 1. Read Unix manual ( a good idea for admins ).

Step 2. Very Important. chmod 700 rdist; chmod 644 /etc/utmp. Install sendmail 8.6.4. You have probably stopped 60 percent of all Uebercrackers now. Rdist scripts is among the favorites for getting root by uebercrackers.

Step 3. Okay, maybe you want to actually secure your machine from the elite Uebercrackers who can break into any site on Internet.

Step 4. Set up your firewall to block rpc/nfs/ip-forwarding/src routing packets. (This only applies to advanced admins who have control of the router, but this will stop 90% of all uebercrackers from attempting your site.)

Step 5. Apply all CERT and vendor patches to all of your machines. You have just now killed 95% of all uebercrackers. Step 6. Run a good password cracker to find open accounts and close them. Run tripwire after making sure your binaries are untouched. Run tcp_wrapper to find if a uebercracker is knocking on your machines. Run ISS to make sure that all your machines are reasonably secure as far as remote configuration (ie. your NFS exports and anon FTP site.)

Step 7. If you have done all of the following, you will have stopped 99% of all uebercrackers. Congrads! (Remember, You are the admin.) Step 8. Now there is one percent of uebercrackers that have gained knowledge from reading some security expert's mail (probably gained access to his mail via NFS exports or the guest account. You know how it is, like the mechanic that always has a broken car, or the plumber that has the broken sink, the security expert usually has an open machine.)

Step 9. Here is the hard part is to try to convince these security experts that they are not so above the average citizen and that by now giving out their unknown (except for the uebercrackers) security bugs, it would be a service to Internet. They do not have to post it on Usenet, but share among many other trusted people and hopefully fixes will come about and new pressure will be applied to vendors to come out with patches.

Step 10. If you have gained the confidence of enough security experts, you will know be a looked upto as an elite security administrator that is able to stop most uebercrackers. The final true test for being a ueberadmin is to compile a IRC client, go onto #hack and log all the bragging and help catch the uebercrackers. If a uebercracker does get into your system, and he has used a new method you have never seen, you can probably tell your other security admins and get half of the replies like - "That bug been known for years, there just isn't any patches for it yet. Here's my fix." and the other half of the replies will be like - "Wow. That is very impressive. You have just moved up a big notch in my security circle." VERY IMPORTANT HERE: If you see anyone in Usenet's security newsgroups mention anything about that security hole, Flame him for discussing it since it could bring down Internet and all Uebercrackers will now have it and the million other reasons to keep everything secret about security.

Well, this paper has shown the finer details of security on Internet. It has shown both sides of the coin. Three points I would like to make that would probably clean up most of the security problems on Internet are as the following:

1. Vendors need to make security a little higher than zero in priority.

If most vendors shipped their Unixes already secure with most known bugs that have been floating around since the Internet Worm (6 years ago) fixed and patched, then most uebercrackers would be stuck as new machines get added to Internet. (I believe Uebercracker is german for "lame copy-cat that can get root with 3 year old bugs.") An interesting note is that if you probably check the mail alias for "security@vendor.com", you will find it points to /dev/null. Maybe with enough mail, it will overfill/dev/null. (Look in manual if confused.)

2. Security experts giving up the attitude that they are above the normal Internet user and try to give out information that could lead to pressure by other admins to vendors to come out with fixes and patches. Most security experts probably don't realize how far their information has already spread.

3. And probably one of the more important points is just following the steps I have outlined for Stopping a Uebercracker.

Resources for Security:

Many security advisories are available from anonymous ftp cert.org. Ask archie to find tcp_wrapper, security programs. For more information about ISS (Internet Security Scanner), email erjaytrivedi@yahoo.com

Acknowledgements:

Thanks to the crew on IRC, Dan Farmer, Wietse Venema, Alec Muffet, Scott Miles, Scott Yelich, and Henri De Valois.

Copyright:

This paper is Copyright 1993, 1994. Please distribute to only trusted people. If you modify, alter, disassemble, reassemble, re-engineer or have any suggestions or comments, please send them to:erjaytrivedi@yahoo.com

By Trivedi Jay (B E Electrical Engineer )

email : erjaytrivedi@yahoo.com

A I A C A T

Pages

Most Latest and Profitable Website for Earning Money from Internet by ppc & Earn min 200 $-5000 $/M

Sunday, 23 June 2013

All about FTP must read

Accessing the bindery files directly

A Web Standards Checklist, How to make a proper website

A very small tut for RealMedia

A Small Guide to Hacking HOTMAIL

A Short HACKER SPEAK Glossary

A List Of Government BBS Numbers

A Guide to the Easiest Hacking

A Guide to Internet Security: Becoming an Uebercracker and Becoming an UeberAdmin to stop Uebercrackers.