Computer Underground Digest Volume 1, Issue #1.18 (June 25, 1990)

---
Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.18 (June 25, 1990) ** **************************************************************************** MODERATORS: Jim Thomas (Sole moderator: Gordon Meyer on vacation) REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- protections. -------------------------------------------------------------------- File 1: Moderators' Comments File 2: From the Mailbag (3 items) File 3: Title 18 USC {Section} 1343 and comments (Mike Godwin) File 4: Have Federal Prosecutors gone too far? (Jim Thomas) File 5: FBI response to Rep. Don Edwards query of BBS Spying -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.18 / File 1 of 5 *** *************************************************************** MISC. ITEMS: --CUD and USENET: Chip Rosenthal is investigating the possiblity of setting up a group gateway into USENET for a newsgroup called alt.cud to stimulate debate and dialogue of issues. If all goes as planned, it will happen very soon. We will keep people posted. --SUBSCRIPTIONS: If you have requested to be added to the mailing list but have not received anything from us, keep trying and include several alternative addresses. Sometimes neither "reply" nor the addresses listed work. CuD is available hardcopy, and we will provide back issues to libraries or other archival sources at no cost. MAIL--We receive considerable mail, but we cannot print it all. We strongly encourage comments to be related to the general issues reflected here, and we will not print flames, insults, or general opinions unless there is some additional (and strong) redeeming value. We *STRONGLY* encourage law enforcement and others to submit comments or articles as a way of stimulating dialogue and understanding. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= *************************************************************** *** CuD, Issue #1.18 / File 2 of 5 / Mailbag (3 items) *** *************************************************************** Date: Fri, 22 Jun 90 9:31:10 EDT From: Wes Morgan To: TK0JUT2%NIU.BITNET@UICVM.UIC.EDU Subject: Re: C-u-D, #1.17 Stephen Tihor writes: > >I am interested in ideas with low $ and personnel costs and which will avoid >triggering more vandalism or even unguided explorations. How about *guided* exploration? I would assume that a university with NYU's level of resources has PCs capable of running UNIX. Why not run a series of "Intro to UNIX" and "Intro to C" courses using UNIX PCs? Encourage exploration; after all, there's not much damage to be done with an isolated PC......and the accounts can stick around for months. >=========================================================================== mis@seiden.com(Mark Seiden) writes, in his commentary on the LoD case: >presumably there a precise legal definition of "traffic"? BKEHOE@widener also expressed concern about this issue later in this Digest. This comment applies to both articles. The use of "traffic" in this case has serious implications on ALL computer networks. Consider BITNET; if a user at TECMTYVM sends stolen information to UKCC, are the 12 intermediary site on the path implied accessories? I don't even want to *think* about the uucp network, where it can require passage through 15 or 20 sites to reach some nodes. Consider the frightening ease with which both BITNET and UNIX mail can be forged. Consider the CP TRANSFER command; a little reading should make its potential clear. The potential for monitoring network traffic is also large. The simple command "sm cmd ohstvma q psuvm q" will allow me to see the destination of every file travelling that link, one of BITNET's busiest. A number of products (LANalyzer, Sniffer) allow their users the ability to track, capture, and decode packets travelling on almost *any* network. It's a simple matter to track usage of any network; how soon before we see official "Sniffer Stations", driven by AI routines, watching and ana- lyzing our network usage constantly? >Are you still able/willing to make the entire archives available to, say, >counsel needing access for trial preparation? how about to someone who >will be testifying before Congress (who are holding hearings in mid-July on >this subject)? A related question: If a public document (i.e., PHRACK) is used as evidence in a closed trial, does that restrict distribution on ALL copies of that PUBLIC document? This seems somewhat akin to intro-ducing the Louisville Courier-Journal as evidence, expecting all the libraries to hastily pull the appropriate issues from the shelves. Are there any attorneys on this list who would offer an opinion in this matter? BKEHOE@widener writes, in his comments on the Neidorf indictment: > >2) Counts 3 and 4 were about as vague as anything I've read. From my >interpretation, the counts are charging them with conspiring to perform the >E911 "theft" via email. Does that then mean that if I were to write to >someone with a scheme to break into a system somewhere, that I could be >held accountable for my plans? Is the discussion of performing an illegal >act of and in itself illegal? Sure, if that break-in actually happens. You'd be liable under that wonderful "conspiracy" clause. If the fellow with whom you discussed the scheme subsequently discussed it with another individual, who actually committed the crime, you could certainly be tracked down and charged as a co-conspirator . This is the sort of thing that makes me wary when users ask for explanations of telnet/cu/ftp/et cetera.... I just point them at the manuals, so they can't attribute *ANYTHING* to me. >4) Finally, I must wonder how many more charges may be pulled up between >now and the time of the trial, if that gem about transmitting Phrack 22 was >so suddenly included. Will every Phrack be dug through for any "possibly" >illegal information? Certainly! You know that those lists of bbs numbers imply that Neidorf connected to EACH AND EVERY ONE of them, dispensing his ILLEGAL information! >If I were to write up a file based on the >information in Dave Curry's Unix Security paper, using language that >"incites devious activity" (a.k.a. encourages people to go searching for >holes in every available Unix system they can find), can I be held >accountable for providing that information? Well, how about this situation? I'm the de facto "security guru" for my site. Should I attempt break-ins of machines under my domain? Am I vio- lating the law? Am I liable, even though I have no malicious intent? Needless to say, I have stopped all such activity until these points are ironed out. >Well, that's enough for now...I'm interested in hearing other peoples' >opinions on all of this. I'm sure I'm not the only one out here who gets >mildly PO'd each time I hear about a new result of Operation Sun Devil (and >the associated fever). Well, I wonder if anyone's planning a "Introduction to Modern Computing" course for the judiciary. I still don't understand how people such as Neidorf, Riggs, and Rose can be tried by a "jury of their peers". I'd like to see the records of the _voir dire_ (jury selection) process. How many of the prospective jurors do you think will be able to truly under- stand the concepts involved? Would you care to explain password security to a 2nd grade teacher or bus driver? I mean no slight to these people, but their presence on a jury in a computer case is like asking me to serve on a jury for a case involving particle physics! For that matter, will the defense attorney have a chance to object to the definitions given various terms by the prosecutors in open court? Hardly. Wes Morgan -- The opinions expressed above are not those of UKECC unless so noted. Wes Morgan \ {rutgers,rayssd,uunet}!ukma!ukecc!morgan +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Date: Fri, 22 Jun 90 16:22:22 EDT From: josephl@wb3ffv.ampr.org To: tk0jut2 ->->->->->->->->-> A NETWORKER'S JOURNAL ->->->->->->->->->->-> Vol. 5 June 22, 1990 No. 42 ALAN BECHTOLD PLANS MODEM USERS ASSOCIATION Alan Bechtold, president of BBS Press Service, has launched a new non-profit organization called the Modem User's Association of America that he says will be active in cases in which phone companies propose rates that affect telecomputerists. MUAA intends to be a clearing house for information of interest to users and operators of computer bulletin board systems. It also hopes to link local and regional modem user groups into a nationwide network and set up a lobbying effort in Washington to push for legislation favorable to modem users. Bechtold says that so far the greater interest has come from people in states currently affected by changes in phone company rates, including Indiana and Texas. The group's legal and lobbying support for the first year is being offered by a Washington, D.C., group, Bechtold said. For more information about the group, you may call 913/478-9239. -------------------------------------------------------------------- UNCLE SAM OFFERS SECURITY GUIDES Computer security guides, mandated by the Computer Security Act of 1987, are being distributed by the National Institute of Standards and Technology. They address viruses, data integrity and general system security. The guides are available from the Government Printing Office or directly from the NIST Computer Security Board. To check it out, make a modem call to 301/948-5717. Three of the guides cover security questions posed by executives, managers and users, while the fourth is intended to assist federal agencies in developing security training programs. U.S. SUPREME COURT PREPARES TO BEGIN ELECTRONIC TRANSCRIPTIONS Starting next month, the U.S. Supreme Court's decisions and supporting options will be electronically transmitted to computer networks operated by 12 court-approved organizations as part of its new "Project Hermes," a 2-year experiment. Writing in CompuServe's Online Today electronic publication this week, James Moran notes that of the organizations directly receiving the Court transmissions, one is a non-commercial, non-profit, consortium made up of Case Western Reserve University, EDUCOM, and the National Public Telecomputing Network. EDUCOM later will transmit the opinions to Internet and BITNET for general distribution, as well as to NPTN which will distribute copies to affiliated community computer systems. Says Moran, "When the Supreme Court is ready to release an opinion, a computer at the Supreme Court Building in Washington will simultaneously open 12 telephone lines and transmit copies to the 12 primary information distributors. Subsequently, the distributors will make the Court's decisions available to other interested parties." For more information, send your name, organization or firm, address, city, state, and zip, to Project Hermes, CWRU Community Telecomputing Lab, 319 Wickenden Building, Cleveland, OH 44106. * * *

---

E-Mail Fredric L. Rice / The Skeptic Tank