WWIVNEWS Volume 1, Issue 4 April 1991 Table of Contents ~~~~~~~~~~~~~~~~~ WWIVNews Intro Contest Submissions..............................Various Stop the Hack Attack...........................Bethnal the Black 2@5465 FidoNet from a WWIVnet Perspective..................East Bay Ray 1@9964 The Pending File.........................................WWIVNEWS Staff The Editor's Corner.................................East Bay Ray 1@9964 Acknowledgements.........................................WWIVNEWS Staff ======================================================================= WWIVNews Intro Contest Submissions Xavier 1@9409 ------------- /\ /\ \W\ /\ /W/ \W\/W/\ /W/ \W / \/W/ \/ \/ /\ /\ \W\ /\ /W/ \W\/W/\ /W/ \W / \/W/ ___________ \/ \/ [IIIIIIIIII] /I/ /I/ /I/ /\ /\ ___ /I/____ \V\ /V/ [IIIIIIIIII] \V\ /V/ \V\/V/ \V / \/ NEWS! Agent Steel 1@6556 ------------------ _________ __ __ _____ / / __ __ / / __ __ __ __ __ ____ ______________________ _____ / / / / / / / / / / / / / / / // / ____ ______________________ _____ / /_/ /_/ / / /_/ /_/ / / / / // / ____ ______________________ /_________/ /_________/ /_/ \___/ ____ ______________________ ___________________________________________________________________ ___________________________________ __________ _____________ ___________________ ____ / __ \ ______ / __ __ ______ ___________________ ____ / / / / / ____/ / / / / / / /___ / _____ ___________________ ____ / / / / / /___ / /_/ /_/ /_____/ / _____ ___________________ ____ /_/ /_/ /_____/ /_________/_______/ _____ Bro John 1@4701 --------------- ------===* \ / \ / : \ / *===--------- ------=====: \/\/ \/\/ _:_ \/ :=====--------- ------=======: __ __ :=======--------- -------=========: :\ : :__ \ / :_ :=========--------- -------===========: : \: :__ \/\/ __: :===========--------- -------=========: :=========--------- ------=======: Volume: Issue: :=======--------- ------=====*_ (Date) _*=====--------- ======================================================================= Stop the Hack Attack by Bethnal the Black 2@5465 A recent rash of WWIV Hacking in the Montreal area has shown me that there are too many SysOps who are not taking the right precautions to make their systems safe and secure. Simple things, like backups, seem foreign to most SysOps, but this is the first line of defense against a crash, hacked or otherwise. Regular backups need not be a time consuming activity. Once the initial system backup has been done, incremental backups of the disk may take as little as 10 minutes. Backing up to disk may not be the most enjoyable task, but it isn't life threatening either. It may save you quite a bit of time and trouble later. Once you have the backup situation covered, you can start doing things that will ensure that you will never have to use those disks. The first step is to protect yourself from yourself! Ever accidentally erase a file? Not too difficult to do, really, but quite easy to prevent. DOS has provided a command called ATTRIB that allows you to set the Read-Only flag on any DOS file. Start with COMMAND.COM, AUTOEXEC.BAT, CONFIG.SYS, BBS.COM, BBS.EXE and anything else that you can think of. If these files are set as Read-Only they cannot be deleted accidentally or clobbered by some vicious hacker. Protecting COMMAND.COM also has the added benefit of stopping a large number of virii from infecting your system. If we look specifically at the most recent Hack making the rounds (the PKUNZIP extraction hack), we can use a feature of the INIT.EXE program. Simply restrict all Uploads to SysOp and check everything that comes into your board before making it available for download (and, therefore, Extractable-to-TEMP). This is not always easy, especially if you get a lot of uploads, but it is the best way to insure safety from this particular hack. Another good stopper for this one is Wayne Bell's UNZIP program. Better yet, just remove the extract option all together, has anyone ever used it? I think it is also important to remember one of the basic rules of computer security: change your passwords (your's and the System's) regularly. This practice applies to all your users and should be enforced for your high access accounts. Also, don't give your system password to anybody that you don't know (or can't kill), and, even then, only if ABSOLUTELY necessary. If you never log onto your BBS remotely, make your password totally random, so that even you wouldn't know it. Voice validation is another way of ensuring that your users act responsibly (you have their phone number and they know it). It doesn't have to be a 20 minute conversation, either. Just a quick chat to let him know what the BBS is all about and what you expect from him, as a user. It gives the user the feeling of being wanted, and it gives you the chance to size him up and decide if he is someone who needs to be watched, or maybe even restricted. I realize that you have probably heard most of this stuff before, and some of you probably know more ways to protect your BBS from damage, but for the rest of you, I hope this has given you some insight into how you can protect that investment of time and effort that we all call "The Board". I invite, and appreciate, your comments. ======================================================================= FidoNet from a WWIVnet Perspective East Bay Ray 1@9964 The popularity of being a FidoNet gate to WWIVnet is growing rapidly these days. Just check out a //NET listing and see how many node numbers are in the @600-@699 range. However, many sysops are confused when they first plunge into FidoNet, because the two networks are indeed vastly different. In this article I will address some of the major differences between FidoNet and WWIVnet, from a fundamental point of view. It would take at least a book to do the same from a software point of view. First of all, you are not dealing with a single type of BBS software. You are not even dealing with a single type of operating system, or computer. There are FidoNet systems being run on DEC Rainbows, Ataris, Apples, as well as PCs running (other than MS-DOS) OS/2, UNIX, and PC-MOS. You must realize this, because unlike WWIVnet, everybody doesn't run the same software, and most people will have different problems than you will. Some FidoNet software is even commercial! Second, there are several different pieces of networking software available. You don't just have one author and one set of programs to use, you have a diverse number of choices. The software is mainly divided up into two categories: mailers and messaging software. A mailer, also called a front-end, is a program that you run that connects you with other FidoNet systems. With this mailer you can dial out and send FidoNet packets and files to other FidoNet systems, and receive them as well. These mailers are also the driving force behind FREQing, or "File REQuesting". Sysops that have heard of Snarf have an idea of what this is. A mailer can call another mailer, and request a file. It can also call that system and request a file. All this is done in the same program. The second major portion of FidoNet software is the messaging software. These programs are the ones that unARC or unZIP the packets received from the mailers, and put them into message directories. Surprised? Yes, FidoNet got wise a long time ago and started sending compressed mail between systems. Most FidoNet-compatible BBS systems can directly read the messages output by the messaging software. WWIV sysop, however, must take an extra step to get the FidoNet mail to their boards. This program is called NetSEX, and it will be explained in detail a little bit later in this article. The third major difference between FidoNet and WWIVnet is that mail is not as structured in FidoNet. If you want to, and the other guy is not too excessively annoyed, you can connect to anyone you want to pretty much. This practice isn't very smart, but it is a possibility. Another, more realistic example is if you really want to get a piece of mail to someone across the country, then you can simply "Crash Mail" him. This is a practice where, after you write the letter, you call his system directly and send him your letter. It really speeds things up sometimes. Before I go any further, I wish to introduce some new terms. These are basically synonyms, but FidoNet terms nevertheless. The first is netmail, which e-mail, or net e-mail in WWIVnet. In FidoNet, some regions have routed netmail, where you can send a piece of netmail to any place in the country, and it will go the longer, but cheaper route (much like WWIVnet). In other regions, netmail must go directly to the destination system, or it goes not at all. The second term is echomail. Echomail is synonymous with a WWIVnet post. However, echomail "conferences" (net subs) are vastly different than WWIVnet ones. FidoNet echomail conferences are, by WWIVnet standards, free-for-alls. Although there are appointed moderators, these moderators have little knowledge of who is picking up their conference, and have little control over who it goes to. Another FidoNet concept that cannot be used currently in WWIVnet is message threading, or reply-chaining. This technique employed by most BBS systems to some degree allows all the posts relating to the same topic to be read at the same time, regardless of when they were posted. This makes reading messages infinitely easier on the reader. NODELIST. This file is a huge file that contains a listing of all the FidoNet systems currently in the network, yet it IS NOT distributed on any basis, regular or irregular. Since it is close to a megabyte (around 9500 systems in FidoNet so far), it would be highly impractical to send this file out. Those poor 300 (yes, there are a couple) and 1200 baud systems would spent their entire weeks just downloading the NODELIST. Instead, weekly NODEDIFFs are distributed in compressed format (ARC, ZIP, LZH, etc.). A NODEDIFF file contains the difference between last weeks NODELIST and this week's. That is about all I can think of at the present time. Besides NetSEX (the utility required to interface WWIV and FidoNet, available as NETS100.ZIP), I have pretty much left FidoNet software untouched. Hopefully in some future issues some of the people in WWIVnet who know more about FidoNet software will write some reviews. Heavy 7, Benny Hill, Pierre Tremblay, Darkster, Otto (grin)... ======================================================================= The Pending File (Tips, Tricks, and News) by WWIVNEWS Staff Wayne Bell, due to the recent upsurge of hack paranoia, has released a PKUNZIP front end called UNZIP. This program scans all the files in a ZIP before extraction, and if there is a suspicious file present, it will bar extraction from that ZIP completely. It looks for directory denotations ("\" and "/"), PKZIP and PKUNZIP, UNZIP, and a couple other strings. Black Dragon 1@2380 has released a new version of his Network Editor (NETEDIT). Here are the release notes from the v1.28 READ.ME file: The search command now allows more than just a BBS name match. This command has been expanded to search similiarly to WWIV v4.07's //UEDIT search command. In addition, for the registered version, the network may now analyze around any temporarily disabled node. The analyze routine was fixed with respect to CALLOUT.NET entries which were listed as receive only. Lastly, some menus were redone. -I- have released a Windows 3.0 PIF and icon (along with a short doc file detailing running WWIV and Windows) as WW4WNDWS.ZIP. I am sorry to say, however, that Wayne -hates- Windows with a passion, so I doubt there is much hope of a Windows-aware WWIV anytime. ======================================================================= The Editor's Corner by East Bay Ray 1@9964 Hello again, cowboys, cowgirls, and cowneuters. This is another fun-filled issue of WWIVNews. This month's editor's corner is devoted to begging. I am begging for some submissions. Even human interest stories are OK, as long as the relate to WWIV or the BBS industry somehow. For example, if you consider your dog or cat as a co-sysop, write it up! If you have an opinion on the "I've fallen and I can't get up!" commercial, and it relates to WWIV, write it up! We need some submissions! ======================================================================= Acknowledgements WWIV (c) 1988 by Wayne Bell. All other products mentioned are either registered trademarks or copyrighted by their respectives manufacturers. ======================================================================= The End