Category Archives: BBS

M1PQ

Grade school (and junior high, and high school, and college) would have been easier if I could remember all the “facts” I read in text books, or that my teachers told me. But, most of them left my mind moments after they entered. Yet, somehow I can remember…

POKE 113,0:EXEC 40999

I also remember things like:

POKE 65495,0

And even…

FOR A=0 TO 255:POKE 140,0:EXEC 43345:NEXT

Those Radio Shack Color Computer BASIC commands seem to be forever stored in my long term memory. Even some 6809 assembly remained after decades of non-use:

START LDX #1024
LOOP INC ,X+
CMPX #1535
BNE LOOP
BRA START

Why do I still remember this!?

Another thing that is etched in to my memory is M1PQ.

In my junior high school English class (around 1981-1982) I met a boy named Jimmy. Jimmy was my gateway in to home computers, Hitchhiker’s Guide to the Galaxy, phone phreaking and much more. I believe he also introduced me to bulletin board systems.

Neither of us had a home computer (as we called them back then) yet, but we’d visit the local Radio Shack (so long ago, it not only existed, but has a space in the name separating the words). Using a TRS-80 Model III and their 300 baud modem, we’d dial in to local Houston, Texas BBSes. Radio Shack is also where I learned to program BASIC. I recall using a book Jimmy had, and writing programs out on paper, then going in on Saturday to type them in and see if they worked. (Back then, Radio Shacks and most everything else was closed on Sunday in Texas due to “Blue Laws,” whatever they were.)

Apple NET-WORKS

At the time, few “home computers” existed. The IBM-PC, if it existed at all, would have been brand new and not generally known by non-business customers. If a school had a “computer room” it would have been most likely populated with Apple 2 machines or TRS-80s. (Though one of my schools had some Commodore PETs.)

Most of the bulletin board systems I dialed in to ran on Apple 2s using software called NET-WORKS. Here is the Wikipedia entry:

https://en.wikipedia.org/wiki/Net-Works_II

The BBS Documentary website has a disk image of it:

http://software.bbsdocumentary.com/APPLE/II/NETWORKS/

And as I wrote up this article, I even found a website about this BBS, including some documentation!

https://www.callapple.org/documentation/networksii-bbs/

In those early days, many BBSes did not have the concept of “username” and “password.” Some just used a password! I guess we were more honest back then, since if you registered and tried a password someone else already had, the BBS would just say “that password is already taken.” Security? What’s that?

Some systems used a username and password, similar to today, but you didn’t even get to choose your password. They used a user number encoded in to a randomly generated password. Apple 2 Net-Works (and, I believe, BBS Express for the Atari 8-bits) did that. For example, if you were user 42, your randomly assigned password might be “A42BC”. I have never seen the source, but it appeared to just chose three random letters and stuck the user number after the first letter. I recall my BBS Express password was a similar format, but “A42BCD” with an extra character.

But Apple Net-Works had a flaw. When you first ran the software to configure it, it would assign a password for the SysOp (system operator) who would be in control of the BBS. It would generate the password M1PQ. SysOps who did not realize this would be using a password that hackers would most certainly try as their first guess.

I don’t know where I learned about this, but probably on some hacker or phreaker BBS … which was probably running the Net-Works software ;-)

At the time, I thought this was some kind of secret backdoor built in to the software, but today I expect it may have been caused by the non randomness of random.

See also: my article on the RND command in Color BASIC.

If you powered up an Apple 2 fresh, and printed ten random numbers between 1-100, I expect you’d get the same series of numbers each time you powered up and did that. (Any Apple 2 users here who can confirm?)

You get these same random numbers every time you power up the CoCo.

If Apple BASIC worked like that, then perhaps it was just code not taking any steps to seed the random number generator so each time it ran from a fresh power up, it would generate the same sequences of “random” numbers.

Either way, M1PQ was a well-known SysOp password for the NET-WORKS BBS software.

You can see I have even referenced it here on this site:

The 1983 Radio Shack Color Computer BBS package is back… This time on Arduino!

The reason I mention this is convoluted. Yesterday I received a letter from Change Healthcare, which I had never heard of. It was informing me of a data breach that happened this past February 2024. I was affected, and could sign up for free credit monitoring.

I had never heard of this company, and suspected this to be a scam. What a clever way to get folks to give out their personal information — “hey, sign up to free credit monitoring. Just give us your social security number, date of birth, and account numbers to monitor.” Yeah, right.

But some searching led to many news articles about the data breach, including one on my insurance provider’s website. Apparently they used Change Healthcare and thus, this alert was legit.

I decided to sign up for the credit monitoring. During that process, I saw that the site had some tools you could use. One was a password verifier. I typed in “monkey123” (a famous password of modern times) and it said it was medium strength. Well, that password verifier sucks, I thought. But then I noticed it explained this password was in leaks and should not be used.

Interesting. Instead of just telling you the quality of your password, it could tell you if that particular password has been found in a data breach.

So naturally, I had to type in M1PQ:

M1PQ – The Apple Net-Works BBS default password.

Somewhere, out there, someone actually used M1PQ – the most infamous default password from the early 1980s BBS scene – on the internet, somewhere, and it got leaked.

So, kids, don’t use M1PQ. It wasn’t a good password in 1984, and it is not a good password in 2024.

Yet, it’s one password I have never forgotten.