Are you Interested in Generating Some Extra Cash?


MAP10: INTERNET SECURITY

     "Cyberspace, in its present condition, has a lot in common
      with the 19th Century West. It is vast, unmapped, culturally
      and legally ambiguous, verbally terse (unless you happen to
      be a court stenographer), hard to get around in, and up for
      grabs. Large institutions already claim to own the place,
      but most of the actual natives are solitary and independent,
      sometimes to the point of sociopathy. It is, of course, a
      perfect breeding ground for both outlaws and new ideas about
      liberty." -- John Perry Barlow, Crime and Puzzlement

I would love to tell you that the Internet is a safe place and that there is no reason for you to protect your password. Unfortunately, there are a LOT of people out there who would LOVE to break into your account and "use your account as a base for operations (1)."

How prevalent is this? According to Mike Godwin, Chief Legal Counsel for the Electronic Frontier Foundation, it's "fairly common." (1)

The main defense against people who want to break into your account -- a.k.a. "crackers" -- is your password. Keep your password secure, and you should never have anything to worry about. Give your password to others, or write your password down and put it near your computer, and ... well, you get the picture.

There are some KEY points you need to remember to protect yourself and your account:

  1. NEVER give your password to *ANYONE* (1). The whole purpose of having a password in the first place is to ensure that *NO ONE* other than you can use your account.
  2. NEVER write your password down, and especially never write your password anywhere near your computer.
  3. NEVER let anyone look over your shoulder while you enter your password. "Shoulder Surfing" is the most common way that accounts are hacked.
  4. NEVER e-mail your password to anyone.
  5. DO change your password on a regular basis (1). There is no better way to thwart a would-be cracker than to change your password as often as possible. Your local Internet service provider will be able to tell you your system's recommendation on how often you should change your password, but a good rule of thumb is to change it at least every three months.
  6. DON'T pick a password that is found in the dictionary (1). When you set your password, it is encrypted and stored into a file. It is really easy for a "cracker" to find your password by encrypting every word in the dictionary, and then looking for a match between the words in his encrypted dictionary and your encrypted password. If he finds a match, he has your password and can start using your account at will.
  7. DON'T use passwords that are foreign words. The hacker can get a foreign dictionary, and ...
  8. NEVER use your userid as your password. This is the easiest password to crack.
  9. DON'T choose a password that relates to you personally (2) or that can easily be tied to you. Some good examples of BAD passwords are: your name, your relatives' names, nicknames, birthdates, license plate numbers, social security numbers (US), work ID numbers, and telephone numbers.
  10. DO use a password that is at least eight characters long and that has a mix of letters and numbers. The minimum length of a password should be four to six characters long.
  11. NEVER use the same password on other systems or accounts.
  12. ALWAYS be especially careful when you telnet or rlogin to access another computer over the Net. When you telnet or rlogin, your system sends your password in plain text over the Net. Some crackers have planted programs on Internet gateways for the purpose of finding and stealing these passwords. If you have to telnet frequently, change your password just as frequently. If you only telnet occasionally, say, for business trips, set up a new password (or even a new account) just for the trip. When you return, change that password (or close out that account).

The best passwords -- the ones that are the easiest for you to remember, and the ones that are the hardest for crackers to crack -- are passwords that are like those fake words you used to create when you would cram for a test. For example, to remember that "the Law of Demand is the inverse relationship between price and quantity demanded," I created the word TLODITIRBP&QD. NO ONE could hack that as a password. Best of all, its EASY to remember (well, its easy for an economist to remember).

Here are a couple of other good passwords:

   Sentence                                Possible password

   In 1976 I moved to Tulsa, Oklahoma      I76IMTTO
   The conference lost 12,000 dollars      TCL12KD
   U of A Crimson Tide Football is #1      UACTFI#1

Sentences are EASY to remember, and they make passwords that are nearly impossible to break (and please do NOT use these sample passwords as your own).

Do NOT use well known abbreviations (for example: wysiwyg), and do NOT use keyboard patterns (for example: qwerty) as your password.

If you notice weird things happening with your account:

  1. Change your password IMMEDIATELY!
  2. Tell your local Internet service provider about it.

It is very common for someone whose account has been hacked to dismiss the signs that the account has been hacked as technical problems with the system. However, when one account is hacked, it very often puts the whole system at risk.

Finally, there is one last thing that I want to say before I close: I feel that "hacking" and "cracking" so violates the spirit of the Internet that I will do everything in my power to help put the overgrown babies who engage in such activities where they belong -- behind bars. Until that time comes, however, I'm going to change my password as often as possible. MAP11: TELNET (PART ONE)

     "Thanks to the interstate highway system, it is now possible
      to travel across the country from coast to coast without
      seeing anything." -- Charles Kuralt, On the Road

We are about to enter a new section of this workshop. For the past week, we have talked about communicating on a one-to-one basis (e-mail) and on a one-to-many basis (LISTSERV and Usenet).

Today, I'm going to show you how to log in to other computers around the world and take full advantage of the public programs and services that these other computers offer.

There is some bad news, though. Some of you, especially a good number of you with "level one" Internet access, do not have access to TELNET. If this is true for you, please accept my apologies. I promise to make it up to you next week when I show you File Transfer Protocol -- and besides, you can always take today's lesson and tomorrow's lesson and bug your local Internet provider into offering TELNET (you can also save this lesson for the day that you do have TELNET access).

With TELNET, the commands that you type on your keyboard are sent from your terminal to your local Internet service provider, and then from your provider to the remote computer that you have accessed. Unlike the LISTSERV commands that you sent last week that took CENTURIES to process (okay, a *slight* exaggeration), TELNET commands (usually) travel so fast that you can't even tell that you are using a remote computer.

So what can you do with this ability to log into remote computers? If your local Internet provider allows it, it is possible for you to TELNET into your account from another city and check your e-mail while you are on vacation or away on business. You can also TELNET into huge databases to do research, or even TELNET into libraries around the world to check if they have a certain book that you are looking for. TELNET also offers an easy entry into the world of Gophers and the World Wide Web for those people who may not otherwise have access to these tools.

Last Tuesday (in MAP04: E-MAIL), I showed you that an Internet address for a user looked something like: user@address. Well, since we are no longer interested in the person -- we want to access the computer, not the person -- we can throw away both the "user" and the "@" part. All we care about now is the stuff *after* the @.

TELNET addresses look something like this:

     seabass.st.usm.edu        cybernet.cse.fau.edu
     bbhost.hq.eso.org         fedworld.gov
     128.118.36.5              192.160.13.1

Gee ... that's easy. Also notice that TELNET addresses can be in domain name format (i.e. seabass.st.usm.edu) or in IP address format (i.e. 120.118.36.5). (Note: both the domain name system and the IP address system were discussed in MAP04: E-MAIL).

You may also see TELNET addresses with numbers stuck on the END of them. Those numbers are "port" numbers. Port numbers don't have anything to do with hardware ports on the computer; instead they are (sort of) a way for you to tell the remote computer which program or server you want it to pull up. A TELNET address with a port number allows you not only to access a remote computer, but to also pull up a specific program or server on that remote computer (BTW, the standard port number is port 23):

     seabass.st.usm.edu 23     cybernet.cse.fau.edu 2010
     bbhost.hq.eso.org 6969    fedworld.gov 4242
     128.118.36.5 23           192.160.13.1 66

We seem to have the addresses down pat. Now for the fun stuff!

There are seven steps to a successful TELNET session. These steps are all based on simple common sense, and I will explain them all in a minute. But first, here are the seven steps:

  1. Start-up the TELNET program
  2. Give the TELNET program an address to connect to (BTW, some really nifty TELNET packages allow you to combine steps 1 and 2 into one simple step!)
  3. Make a note of what the "escape character" is
  4. Log in to the remote computer
  5. Set the "terminal emulation"
  6. Play around on the remote computer
  7. Quit

Now let's talk about each of these steps. There are a lot of different TELNET software programs around, but each of these programs operate on the same basic principles. (BTW, my explanation may be a little "mainframe-y" but you will soon discover that you can easily translate my explanation so that you can use TELNET in Windows or on a Macintosh).

Starting the TELNET program is easy. All most of you have to do is type the word TELNET on your command line, and the program will start right up. If you are using Windows or a Macintosh (or an equivalent), double-click on the TELNET icon.

The second step is to give the TELNET program the address of the computer that you want to access. This is where the programs start to differ. Some programs will automatically ask you to enter the address of the remote host, but most won't. If your program does not automatically ask you for the address, you need to type

          open (site address) (port number)

on the command line. For example, to get TELNET access to YALEINFO.YALE.EDU 7000, you would type OPEN YALEINFO.YALE.EDU 7000. (If you are using Windows or a Mac, the OPEN command may be located on a pull-down menu). If you don't include the port number, TELNET will automatically assume that you want to connect to port 23.

Remember when I said that some nifty TELNET programs allow you start-up the TELNET program and access the address all in one easy step? Instead of doing the two steps I just went over, you may be able to just type

          telnet (site address) (port number)

on the command line (for example: TELNET YALEINFO.YALE.EDU 7000).

After you have told TELNET which computer you want it to access, and right before you gain access to the remote computer's login screen, you will see something like this:

     telnet YALEINFO.YALE.EDU 7000
     Trying 130.132.21.53 Port 7000 ...
     Connected to YALEINFO.YALE.EDU
     Escape character is ...

This tells you that your TELNET program is trying to access the YALEINFO.YALE.EDU 7000 address, gives the IP address for YALEINFO (remember those from MAP04?), tells you when you are connected, and gives you the escape character. REMEMBER THE ESCAPE CHARACTER! You are going to need it in a second :)

The next step is to log in to the remote computer. Everyone should know how to log in to a computer by now ;) === a winking smiley

If you are accessing a public site, the "login" -- the "password" that you need to access the remote computer -- will probably be publicly known. For example, tomorrow I will send you a list of several dozen TELNET sites, including their addresses and logins. Some public sites even TELL you what the login is when you TELNET to them! Heck, some TELNET sites are wide open and do not require a login or password at all!!

The fifth step is to set the terminal emulation. All this means is that you are going to tell the remote site how data should be shown on your screen. The most common terminal emulation setting is VT100, which is the standard for terminal-based communications.

If you do not have a VT100 terminal, or a terminal that can pretend its a VT100 terminal. you may have to set your terminal emulation to either your correct terminal type or, if you do not know your your correct terminal type, to a "dumb" terminal emulation.

Fortunately, some TELNET sites automatically take care setting the terminal emulation for you, so you don't even have to worry about it.

If you end up with a screen full of gibberish, chances are you did not use the correct terminal emulation setting. Your best bet if this happens is to disconnect from the site and try again.

I think you can figure out the sixth step -- play around on the remote computer -- all by yourself :)

The final step is to quit. Some sites are nice and tell you how to do this, but most expect you to figure out how to quit on your own. That is where the escape character comes in!

Remember that once you access the remote computer, every keystroke of yours will be carried out not on your computer but on the remote computer! Typing the escape character (usually the control key and the right bracket key pressed at the same time) temporarily interrupts your TELNET session and puts you into the TELNET command mode.

Once you are in the command mode, you can use a couple of commands:

     CLOSE       Closes your TELNET connection to the remote computer
                 and either returns you to the command mode (if you
                 started in the command mode) or quits TELNET.
     QUIT        Quits the TELNET program; if you are connected to
                 a remote computer, QUIT will disconnect you from
                 the remote computer and then quit TELNET.
     SET ECHO    If you can't see what you are typing, or if you
                 type and see double, this command should take
                 care of the problem
     (ENTER)     (or (RETURN)) Pressing the enter or return key
                 will take you out of TELNET command mode and
                 return you to your TELNET session.
     OPEN        Opens a connection to a remote computer

So, if you are in the middle of a TELNET session and you decide to quit, you would type the escape character to enter the TELNET command mode, and then type the word QUIT.

One last thing and I will let you go: regular TELNET does not work if you are trying to TELNET to an IBM 3270 mainframe computer. You'll have to use TN3270 instead. It works just like TELNET, only the keys on your keyboard may change a little (IBM uses something called map3270 to lay out the keys, and IBM uses a lot of function keys).

MAP12: TELNET (PART 2)

      "All work and no play makes Jack a dull boy" -- anon

There are *many* incredible Internet books on the market today. The following listings were copied, with the permission of the publisher, from "The Internet Yellow Pages" written by Harley Hahn and Rick Stout (and published by Osborne McGraw-Hill).

Hahn and Stout's "The Internet Yellow Pages" has over four hundred pages of listings for various e-mail, LISTSERV, Internet mailing list, Usenet, telnet, FTP, Gopher, and finger sites around the world. I went through "The Internet Yellow Pages" and randomly picked forty-one interesting telnet sites.

Before I turn you loose on the Internet, there are a few things I want to say:

  1. The listings give the site's address, and the password required. For example, if the listing said
                      Address:  squirrel.com
                      Password: patrick
    
    you would simply telnet to squirrel.com, and use the password "patrick" :)
  2. If a site does not let you in, its probably because that site is having some problems. If this happens, just pick another site.
  3. Please remember that your local Internet service provider only handles the *local* part of your service. It would be pretty foolish to call your local Internet service provider and complain about a problem that you are having with a *distant* computer :)
  4. Remember the Roadmap code: YOU CAN NOT BREAK THE INTERNET!! The Internet was built to survive a direct nuclear attack ... it can take ANYTHING you do to it. If the Internet can survive me, it can survive you. ;)
  5. If everything falls apart on you, EXIT TELNET AND TRY AGAIN!
  6. PLEASE PLEASE PLEASE PLEASE PLEASE DO *NOT* WRITE TO ME WITH YOUR QUESTIONS OR COMMENTS! My e-mail is now up to 500 letters a day :(