Computer underground Digest Sun Aug 15 1993 Volume 5 : Issue 61 ISSN 1004-042X Editors: Ji

Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

Computer underground Digest Sun Aug 15 1993 Volume 5 : Issue 61 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copie Editor: Etaoin Shrdlu, Senior CONTENTS, #5.61 (Aug 15 1993) File 1--ERRATA in CuD #5.60 File 2--EFF Job Opening for ONLINE ACTIVIST File 3--NSA Seeks Delay in Clipper File 4--CPSR and the Nat'l Info Infrastructure File 5--Call for Papers IFIP SEC'94 Caribbean File 6--UPDATE #21-AB1624: *ACTION ALERT*: END-GAME APPROACHING File 7--Illinois BBS Sysop Busted for "porn-to-minors" File 8--In response to E-fingerprinting in Calif File 9--Re--NIRVANAnet (A View from Brazil) File 10--Public Domain Internet Information for Teachers File 11--Gory details about texsun (breakin) (fwd) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: UNITED STATES: ( in /pub/cud ( in /pub/CuD/cud in /pub/mirror/cud ( in /pub/eff/cud AUSTRALIA: ( in /pub/text/CuD. EUROPE: in pub/doc/cud. (Finland) in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sat, 14 Aug 1993 22:51:01 CDT From: CuD Moderators Subject: File 1--ERRATA in CuD #5.60 Ooops---In thanking our NIU folk in CuD 5.60, we misspelled the name of the Director of our Academic Computing Service. Michael Prais, not "Preis." Sorry 'bout that, Michael. We also indicated that WYLBUR was our operating system. Neil Rickert gently corrected us: Actually WYLBUR is not an operating system at all. It is just a multi-user interactive text editor which runs under the operating system MVS-XA. The computer center is finally taking the plunge and getting a Unix system for those university users who need Unix. We've been pushing them in this direction. I don't yet know what the arrangements and policies will be for this system. ------------------------------ From: Shari Steele Date: Thu, 5 Aug 1993 17:04:14 -0400 Subject: File 2--EFF Job Opening for ONLINE ACTIVIST The Electronic Frontier Foundation (EFF), a nonprofit organization dedicated to protecting civil liberties for users of newly emerging technologies, is looking to hire an Online Activist. The Online Activist will actively participate in and organize EFF's sites on CompuServe, America Online, GEnie, Usenet and the WELL and will distribute feedback from the various networks to EFF staff and board through regular online summaries. This person will provide leadership to groups of members and will possibly set up and maintain an EFF BBS. The Online Activist will help to maintain EFF's ftp library. This person will train new EFF staff members on online communications. S/he will collect and solicit articles for, write articles for, edit and assemble our biweekly electronic newsletter, EFFector Online. The Online Activist will work with the System Administrator to distribute and post EFFector Online and other EFF electronic publications and to maintain a database of form answers for commonly asked questions, along with the Membership Coordinator. This person must be willing to work out of EFF's offices in Washington, DC. The Electronic Frontier Foundation offers a competitive salary with excellent benefits. For immediate consideration, please forward a resume, along with a cover letter describing your online experience and reason for applying for this job by August 23, 1993, to: Online Activist Search Electronic Frontier Foundation 1001 G Street, NW Suite 950 East Washington, DC 20001 fax (202) 393-5509 e-mail (ASCII only, please) ------------------------------ Date: Wed, 11 Aug 1993 16:05:14 EST From: David Sobel Subject: File 3--NSA Seeks Delay in Clipper NSA Seeks Delay in Clipper Case The National Security Agency (NSA) has asked a federal court for a one-year delay in a lawsuit challenging the secrecy of the government's "Clipper Chip" encryption proposal. The suit was filed by Computer Professionals for Social Responsibility (CPSR) on May 28 and seeks the disclosure of all information concerning the controversial plan. In an affidavit submitted to the United States District Court for the District of Columbia on August 9, NSA Director of Policy Michael A. Smith states that NSA's search for records responsive to [CPSR's] request is under way, but is not yet complete. Because the Clipper Chip program is a significant one involving the participation of organizations in four of NSA's five Directorates and the Director's staff, the volume of responsive documents is likely to be quite large. Moreover, because the Clipper Chip program is highly complex and technical and is, in substantial part, classified for national security purposes, the review process cannot be accomplished quickly. CPSR called for the disclosure of all relevant information and full public debate on the proposal on April 16, the day it was announced. While NSA has insisted from the outset that the "Skipjack" encryption algorithm, which underlies the Clipper proposal, must remain secret, the Smith affidavit contains the first suggestion that the entire federal program is classified "in substantial part." In the interest of obtaining timely judicial review of the agency's broad classification claim, CPSR intends to oppose NSA's request for delay in the court proceedings. In another case involving government cryptography policy, CPSR has challenged NSA's classification of information concerning the development of the Digital Signature Standard (DSS). The court is currently considering the issue and a decision is expected soon. CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail . David L. Sobel CPSR Legal Counsel ------------------------------ Date: Tue, 10 Aug 1993 09:43:40 PDT From: Nikki Draper Subject: File 4--CPSR and the Nat'l Info Infrastructure COMPUTER PROFESSIONALS ADD SOCIAL CONSCIENCE TO NATIONAL NETWORK DEBATE Palo Alto, Calif., August 6, 1993 -- At a recent meeting in Washington D.C., board members from Computer Professionals for Social Responsibility (CPSR) were challenged by top level telecommunications policy experts to craft a public interest vision of the National Information Infrastructure (NII). The experts at the roundtable discussion included Mike Nelson from the President's Office of Science and Technology, Vint Cerf from the Internet Society, Jamie Love from the Taxpayer's Assets Project, Ken Kay from Computer Systems Policy Project, and Laura Breeden from FARnet. "We were excited to discover that CPSR is in a position to play a key role in shaping NII policy," said CPSR Board President, Eric Roberts. "The commercial sector is already in the thick of the debate, but there has been little coordinated response from the noncommercial constituencies. After talking about the issues and CPSR's role, the Board committed to meeting this challenge." So far, the debate about the NII has centered around fiber versus ISDN, cable companies versus telephone companies, research versus commercialization, and so on. These are real questions with important implications. However, CPSR believes that a better starting point is a set of guiding principles as the context for all these more detailed questions about "architecture," technical standards, and prime contractor. Before arguing over bits and bytes, it is crucial to clarify the vision and values that underlie a major endeavor like the NII. As individuals in the computing profession, CPSR's membership knows that new technologies bring enormous social change. CPSR's goal is to help shape this change in an informed manner. Key issues discussed in the paper will include: o ensuring that the design remains both open and flexible so that it can evolve with changing technology. o ensuring that all citizens have affordable network access and the training necessary to use these resources. o ensuring that risks of network failure and the concomitant social costs are carefully considered in the NII design. o protecting privacy and First Amendment principles in electronic communication. o guaranteeing that the public sector, and particularly schools and libraries, have access to public data at a reasonable cost. o seeking ways in which the network can strengthen democratic participation and community development at all levels. o ensuring that the network continues to be a medium for experimentation and non commercial sharing of resources, where individual citizens are producers as well as consumers. o extending the vision of an information infrastructure beyond its current focus of a national network, to include a global perspective. The national membership of CPSR brings a unique perspective to the overall conception of the NII. Throughout CPSR's history, the organization has worked to encourage public discussion of decisions involving the use of computers in systems critical to society and to challenge the assumption that technology alone can solve political and social problems. This past year, CPSR's staff, national and chapter leadership have worked on privacy guidelines for the National Research and Education Network (NREN), conducted a successful conference on participatory design, created local community networks, organized on-line discussion groups on intellectual property, and much more. To ensure that its position paper is broadly representative, CPSR will work in concert with other public interest groups concerned about the NII, such as the newly established coalition in Washington D.C., the Telecommunications Policy Roundtable. CPSR chapters are will be conducting a broad based public campaign to reach out beyond the technical experts and producers -- to people who will be affected by the NII even if they never directly log on. CPSR will begin distributing its completed paper to policy makers on October 16th at its annual meeting in Seattle, Washington. The meeting will bring together local, regional and national decision makers to take a critical look at the NII. Founded in 1981, CPSR is a national, non-profit, public interest organization of computer scientists and other professionals concerned with the impact of computer technology on society. With offices in Palo Alto, California, and Washington D.C., CPSR works to dispel popular myths about technological systems and to encourage the use of computer technology to improve the quality of life. For more information on CPSR's position paper , contact Todd Newman, CPSR board member, at 415-390-1614 . For more information about CPSR, contact Nikki Draper, Communications Director, at 415-322-3778 or ------------------------------ Date: Thu, 12 Aug 1993 01:43 +0100 From: fortrie@CIPHER.NL Subject: File 5--Call for Papers IFIP SEC'94 Caribbean Call for Papers IFIP SEC'94 - updated information August 1993 Technical Committee 11 - Security and Protection in Information Processing Systems - of the UNESCO affiliated INTERNATIONAL FEDERATION FOR INFORMATION PROCESSING - IFIP, announces: Its TENTH INTERNATIONAL INFORMATION SECURITY CONFERENCE, IFIP SEC'94 TO BE HELD IN THE NETHERLANDS ANTILLES (CARIBBEAN), FROM MAY 23 THROUGH MAY 27, 1994. Organized by Technical Committee 11 of IFIP, in close cooperation with the Special Interest Group on Information Security of the Dutch Computer Society and hosted by the Caribbean Computer Society, the TENTH International Information Security Conference IFIP SEC'94 will be devoted to advances in data, computer and communications security management, planning and control. The conference will encompass developments in both theory and practise, envisioning a broad perspective of the future of information security. The event will be lead by its main theme "Dynamic Views on Information Security in Progress". Papers are invited and may be practical, conceptual, theoretical, tutorial or descriptive in nature, addressing any issue, aspect or topic of information security. Submitted papers will be refereed, and those presented at the conference, will be included in the formal conference proceedings. Submissions must not have been previously published and must be the original work of the author(s). Both the conference and the five tutorial expert workshops are open for refereed presentations. The purpose of IFIP SEC'94 is to provide the most comprehensive international forum and platform, sharing experiences and interchanging ideas, research results, development activities and applications amongst academics, practitioners, manufacturers and other professionals, directly or indirectly involved with information security. The conference is intended for computer security researchers, security managers, advisors, consultants, accountants, lawyers, edp auditors, IT, administration and system managers from government, industry and the academia, as well as individuals interested and/or involved in information security and protection. IFIP SEC'94 will consist of a FIVE DAY - FIVE PARALLEL STREAM - enhanced conference, including a cluster of SIX FULL DAY expert tutorial workshops. In total over 120 presentations will be held. During the event the second Kristian Beckman award will be presented. The conference will address virtually all aspects of computer and communications security, ranging from viruses to cryptology, legislation to military trusted systems, safety critical systems to network security, etc. The six expert tutorial workshops, each a full day, will cover the following issues: Tutorial A: Medical Information Security Tutorial B: Information Security in Developing Nations Tutorial C: Modern Cryptology Tutorial D: IT Security Evaluation Criteria Tutorial E: Information Security in the Banking and Financial Industry Tutorial F: Security of Open/Distributed Systems Each of the tutorials will be chaired by a most senior and internationally respected expert. The formal proceedings will be published by Elsevier North Holland Publishers, including all presentations, accepted papers, key-note talks, and invited speeches. The Venue for IFIP SEC'94 is the ITC World Trade Center Convention Facility at Piscadera Bay, Willemstad, Curacao, Netherlands Antilles. A unique social program, including formal banquet, giant 'all you can eat' beach BBQ, island Carnival night, and much more will take care of leisure and relax time. A vast partners program is available, ranging from island hopping, boating, snorkeling and diving to trips to Bonaire, St. Maarten, and Caracas. A special explorers trip up the Venezuela jungle and the Orinoco River is also available. For families a full service kindergarten can take care of youngsters. The conference will be held in the English language. Spanish translation for Latin American delegates will be available. Special arrangements with a wide range of hotels and apartments complexes in all rate categories have been made to accommodate the delegates and accompanying guests. (*) The host organizer has made special exclusive arrangements with KLM Royal Dutch Airlines and ALM Antillean Airlines for worldwide promotional fares in both business and tourist class. (**) (*)(**) Our own IFIP TC11 inhouse TRAVEL DESK will serve from any city on the globe. All authors of papers submitted for the referee process will enjoy special benefits. Authors of papers accepted by the International Referee Committee will enjoy extra benefits. If sufficient proof (written) is provided, students of colleges, universities and science institutes within the academic community, may opt for student enrollment. These include special airfares, apartment accommodations, discounted participation, all in a one packet prepaid price. (Authors' benefits will not be affected) ************************** INSTRUCTIONS FOR AUTHORS ************************** Five copies of the EXTENDED ABSTRACT, consisting of no more than 25 double spaced typewritten pages, including diagrams and illustrations, of approximately 5000 words, must be received by the Program Committee no later than November 15th, 1993. We regret that electronically transmitted papers, papers on diskettes, papers transmitted by fax and handwritten papers are not accepted. Each paper must have a title page, which includes the title of the paper, full names of all author(s) and their title(s), complete address(es), including affiliation(s), employer(s), telephone/fax number(s) and email address(es). To facilitate the blind refereeing process the author(s)' particulars should only appear on the separate title page. The language of the conference papers is English. The first page of the manuscript should include the title, a keyword list and a 50 word introduction. The last page of the manuscript should include the reference work (if any). Authors are invited to express their interest in participating in the contest, providing the Program Committee with the subject or issue that the authors intend to address (e.g. crypto, viruses, legal, privacy, design, access control, etc.) This should be done preferably by email to < TC11@CIPHER.NL >, or alternately sending a faxmessage to +31 43 619449 (Program Committee IFIP SEC'94) The extended abstracts must be received by the Program Committee on or before November 15th, 1993. Notification of acceptance will be mailed to contestants on or before December 31, 1993. This notification will hold particular detailed instructions for the presentation and the preparation of camera ready manuscripts of the full paper. Camera ready manuscripts must be ready and received by the Program Committee on or before February 28, 1994. If you want to submit a paper, or you want particular information on the event, including participation, please write to: IFIP SEC'94 Secretariat Postoffice Box 1555 6201 BN MAASTRICHT THE NETHERLANDS - EUROPE or fax to: IFIP SEC'94 Secretariat: +31 43 619449 (Netherlands) or email to: < TC11@CIPHER.NL > *************************************************************** Special request to all electronic mail readers: Please forward this Call for Papers to all networks and listservices that you have access to, or otherwise know of. **************************************************************** Sincerely IFIP TC 11 Secretariat Call for Papers - updated information August 1993 ------------------------------ Date: Mon, 9 Aug 1993 16:49:06 -0700 From: Jim Warren Subject: File 6--UPDATE #21-AB1624: *ACTION ALERT*: END-GAME APPROACHING *** PLEASE WRITE, NOW!*** PLEASE, DON'T STOP NOW! Assembly Bill 1624, mandating online public access to public legislative information via the public networks (i.e., the Internet and all the nets connected to it - including wherever you are receiving this msg), will either pass the Legislature by Sept. 10th, or will die - and we have to re-fight the whole battle, year after year. LETTERS & FAXES ARE *NEEDED*!. THEY *WILL* DETERMINE THE OUTCOME. REMAINING 1993 LEGISLATION SCHEDULE Jul 16th, the Legislature went into remission - uh, recess. Aug 16th, the Legislature reconvenes to diddle remaining 1993 business. Sep 10th, the Legislature quits working in Sacramento for the year. Oct 10th, the Governor must veto legislatively-approved bills he opposes. On AUGUST 18TH, the Senate Rules Committee run by Sen. Dave Roberti (D-Van Nuys area) will hear AB1624. If Roberti doesn't like it, he can and will kill it. If Roberti passes it, it will almost-certainly pass the Senate. Then we need for the Assembly to "concur in amendments" and the Governor to not veto it. Address letters/faxes to "State Capitol, Sacremanto CA 95814." AS SOON AS POSSIBLE, send a one-page letter supporting AB1624 to the Senate Rules Committee - who have seen essentially *no* support for it: Sen. David Roberti, Chair, Room 400; fax/916-323-7224; voice/916-445-8390. and to the other four members (tiny, *powerful* committee!): Sen. Ruben Ayala (D-Chino area), Room 5108; f/916-445-0128; v/916-445-6868. Sen. Robert Beverly (R-Long Bch), Room 5082; f/not avail.; v/916-445-6447. Sen. William Craven (R-Oceanside), Room 3070; f/not avail.; v/916-445-3731. Sen. Nick Petris (D-Alameda), Room 5080; fax/916-327-1997; v/916-445-6577. Important: Please send COPIES of ALL letters to the AB1624 author: Hon. Debra Bowen, Room 3126; voice/916-445-8528; fax/916-327-2201. CAN EMAIL VIA ME, IF YA CAN'T FIND TIME FOR SNAIL-MAIL If you don't have time to send snail-mail, you can email your message via Write it exactly as you would snail-mail, but be SURE TO INCLUDE your name, address and phone #s for legislators' independent verification. Upon receipt by email, I will print and/or fax the entire message to Bowen and to the legislator(s) to whom you address it. (Please allow for that delay.) LEGI-TECH'S OLDER BROTHER DONE GOOD! The McClatchy organization is the owner of Legi-Tech, one of the two largest online distributors of California legislative information. They are also owner of a number of newspapers - their flagship being the powerful Sacramento Bee. On Jul 26th, the Bee ran an editorial *strongly* supportive of AB1624 - laudable, principled action by The Bee, McClatchy, and presumably by Legi-Tech in the face of a difficult trade-off between the public's interests versus their business interests. Applause! Applause! CALIFORNIA LEGISPEAK: "AUTHOR" VS. "SPONSOR" VS. "SUPPORTER" In California legislative circles: A bill's AUTHOR is a legislator who introduced the bill. A bill's SPONSOR(S) is a person or organization, if any, that requested that the bill be introduced by the bill's author. A bill's SUPPORTER(S) is a person or organization that is officially listed as being in favor of the bill, usually including its sponsor(s), if any. All bills have one or more authors. Some bills do NOT have sponsors. AB1624's author was Assembly Member Debra Bowen. It had no sponsors, but has a growing number of supporters. PROGRAMMERS: SAMPLE LEGISLATIVE DATA-FILES ALSO AVAILABLE AT CPSR.ORG AB1624 Update #19 detailed a set of sample data-files for review and test-programming, available from Tim Pozar's KUMR.LNS.COM by anonymous ftp. As of Jul 22nd, those Legislative Data Center sample files were/are also online at in /ftp/cpsr/states/california/ab1624/sample_data for binary ftp access. For questions about accessing them there, contact: Al Whaley +1-415 322-5411(Tel), -6481 (Fax) Sunnyside Computing, Inc., PO Box 60, Palo Alto, CA 94302 We have a voice. Use it or loose it. ------------------------------ Date: Fri, 6 Aug 93 09:28:12 CDT From: anonymous@name.deleted Subject: File 7--Illinois BBS Sysop Busted for "porn-to-minors" "Kids, Computers, and Porn: For Many, Adult Material just a Keystroke away" Chicago Tribune, 6 Aug, 1993, p. 1, 16 By Susan Kuczka Steven's mother described her 12-year old son as a "computer nerd," and she believed he spent all his time engaged in good, clean digital fun. ....... What she didn't know was that her son also was using his computer to watch hard-core pornography delivered to his northwest suburban home by modem from a computer bulletin board service. ....... The discovery led to the arrest of a Des Plaines bulletin board operator in the first prosecution of its kind in state history. ....... Nancy Clausen, spokeswoman for the National Coalition Against Pornography, said, "Kids are getting this all the time, but it's hard for parents to know it's happening because it's easy for a child to hide. You think your kid's a computer genius when he's spending hours at a computer, but when he has a modem, he has access to a different world, and kids are very curious." There is nothing illegal about distributing most forms of pornography to adults. Transmission of pornographic materials to a minor--whether in print or by computer--is a crime, though. But the computer pornography industry is so new that law enforcement authorities are only now beginning to investigate it as more and more bulletin board services begin to operate throughout the country. I fail to see this as a "Big Brother" issue. After all, isn't > the goal of social services in a majority of the cases to provide > assistance temporarily? Once the assistance is no longer needed, the > recipient is no longer tracked. Government and law enforcement agencies have shown a dismal track record in the area of civil liberties of late. I have a very hard time believing, even for a minute, that this vast amount of personal information will be discarded. Furthermore, once some kind of 'evidence of benefit' can be wrested from the selective interpretation of the program's operational record, pressure will be brought to expand the system to more and more areas. I've seen mention in this very forum that L.A. intends to expand to GA and Food Stamp recipients. California now has a magnetic stripe on their drivers' licenses. Will that soon contain your e-fingerprint, as well? Don't you agree that this is perhaps a bit too much information to be collecting on anyone? Or perhaps you don't see any reason to stop with fingerprints. Coded transponders carrying a unique identification number could easily be implanted, say, at the base of the right thumb. That would be even harder to spoof than e-fingerprints. So why not have all AFDC recipients implanted with serial numbers? Hey, we could even make that number tie in to your credit card numbers, so you'd be safe from fraud. Make it your ATM card number, and you'd be safe from the shoulder surfers at the ATM. And I'm sure you wouldn't mind the occasional doorknob noting the exact time of your passage. After all, you're an honest man with nothing to hide, so it doesn't matter that someone could effortlessly track your every move. You see, once this trend gets started, it will grow to envelop us all. Don't know about you, but I don't want that transponder. And I'd rather not be e-fingerprinted, either. ------------------------------ Date: Wed, 11 Aug 93 18:27:00 -0300 From: luiz.marques@BBS816.MANDIC.ONSP.BR(Luiz Marques) Subject: File 9--Re--NIRVANAnet (A View from Brazil) Dear CUD, I'd like to thank you for your wonderful journal,and tell you that it's enjoyed even in Brazil. Reading the Time article on CuD 5.59,I couldn't help but laugh after reading the following: >One bulletin board, Burn This Flag, requires callers to fill out an >application before gaining access to an adults-only section that >contains files describing "bizarre sexual behavior." But in a written >message, Burn This Flag's system operator, known as "Zardoz," >acknowledges there is no foolproof way to ensure all users of the >adult section are at least 18. Does paper adults magazines have any way to "unsure that all users" of it will be at least 18?To the best of my knowledge, this magazines are sold openly without directly checking ages(this "checking" stops at appearance analysis).And that does not consider what will happen to the magazine AFTER it's sold... About this kind of assault on BBS reputation,I'd like to say that it's probably international.Recently,here in Brazil,one of the biggest newspapers of the country published a article with wild remarks like these: "BBS are little stores which sell pirated programs" "There are 120 pirate BBSs in Sao Paulo"(there aren't even 120 BBS in Sao Paulo!!!) These remarks are totally absurd,and most BBS around here are completely legal(there is a small amount of "underground BBS"here too),and hurt the BBS community as a whole. And the effect of such remarks are much worse here,since the computer community (and BBSs) are greatly underdeveloped (taking the USA as a standard). ------------------------------ Date: Wed, 11 Aug 1993 05:26:41 -0500 From: CuD moderators Subject: File 10--Public Domain Internet Information for Teachers From--"" "B.R. Samizdat Express" PLEASE COPY THIS DISK -- UPDATE 8/1/93 The B&R Samizdat Express PO Box 161 West Roxbury, MA 02132 (Reminder -- We're the folks who are making public-domain Internet information available on disk, primarily for teachers who have no access or limited access to the Internet. We encourage you to make as many copies of these texts as you need to share with your colleagues and students. If you would like to receive a list of our current offerings, please send us email requesting it. If you didn't see our initial message, where we explain what we're doing and why, and who we are, just let us know and we'll send you a copy of that as well.) It's been a busy week: 1) All our offerings are now available for Macintosh as well as IBM PCs. 2) The United Nations Department of Public Information has given its support to Global Education Motivators (GEM) in our joint project to make on-line U.N. information available in our PLEASE COPY THIS DISK format. 3) Your suggestions and requests pointed us to the Educational Resources Information Center (ERIC) as a possible source for a whole series of disks about teaching techniques and educational issues, as well as lesson plans. 4) One of you let us know the importance of books on disks for the blind, many of whom have equipment which can "read" such material aloud to them. 5) We've added six new disks. 6) We've learned that in the summer, with people away, obtaining permissions from sources can take a while. 7) We've been delighted by the enthusiastic response we received. 8) We learned that there simply isn't enough time in the day to personally respond to everyone. (Please accept our apologies, and our thanks for your helpful suggestions.) We'd appreciate your help in finding sources of information to meet the particular needs of people who have responded to us. We are looking for public-domain on-line sources for: 1) Chaucer, 2) current information on Africa, and 3) history c. 1850 of importation into the U.S. of castorbean plants (source of the toxin Ricin, which is possibly linked to Lou Gehrig's disease) and its use in fertilizer. The information resources available on the Internet and from the United Nations are immense. We need to target our efforts to provide maximum benefit. For now, we're basing our decisions on the assumption that some of you would like to use these like textbooks (having students make their own copies), that others would like to assemble your own anthologies, and that still others are interested in government reference tools to encourage students to become informed and active citizens. Please let us know as specifically as you can what information would be most useful for you and your colleagues to have on disk. Please send your suggestions as well as your requests to be added to our distribution list to: ------------------------------ Date: Fri, 6 Aug 1993 22:16:59 -0500 (CDT) From: vswr!bobi@SPSGATE.SPS.MOT.COM(Bob Izenberg) Subject: File 11--Gory details about texsun (breakin) (fwd) # Date--Fri, 6 Aug 93 11:55:45 CDT # From--William.Reeder@adhara.Central.Sun.COM (William Reeder) (Sun Central Area Network Support) # Subject--Gory details about texsun # Eric Schnoebelen ( writes: # > What I heard was that texsun got cracked, so SUN changed # > policies to require call back on all connections. This means that # > SUN/texsun has to originate all calls. I recently converted the UUCP # > link between convex and texsun to route mail via smtp, to get "around" # > this problem.. # > # > Personal thought? texsun is now out of the news providing # > business. And quite likely out of the general UUCP providing business. # > Perhaps its time for another connectivity meeting. (just what _I_ need, # > another meeting!) # I think I can speak authoritatively about what happened to texsun :-( # Actually, we have no evidence that anyone broke in through any of the # modems in Sun's Dallas office (hosts texsun or dallas). What did # happen was that one or more people (most likely more) broke in via # modem to a number of Sun sites around the world (must've had a good # calling card). We think that the initial entries were due to the most # brain-dead of actions on our part: the intruders called us on the phone # and asked for accounts, and we provided them. The callers would # identify themselves as Sun employees on vacation near the local Sun # office (visiting parents or such) and say that they wanted to login to # read their email. They were able to provide enough credible # information to convince over-worked and under-brained part-time # sys-admins to create the accounts. Any one of you who reads USENET # news can probably gather enough such information from headers and # signatures (name, title, personal workstation, office phone number, # etc.) to make the same claims. # Anyway, once they were in we were totally compromised. We hadn't done # much to keep up with security patches. And we had lots of machines # with "+" in /etc/hosts.equiv. And lots of quickly crackable passwords # on accounts (and NIS accessible password files). In other words, no # internal security. The intruders almost instantly had bunches of other # accounts to use, and seemed able to find other modem numbers (can you # say, "directory assistance"? I thought you could.) # The next question is, did they damage anything? Yes. At the very # least they stole source code, which is a valuable product. They also # deleted stuff, but I don't know what, and may have modified some # things. They also crashed machines or in other ways denied service to # legitimate users. All of those things are illegal, and damaging. We # are doing our best to track the intruders, but it is very difficult, as # any of you who have tracked intruders knows. # What we can do is secure our network. That is why we are removing # modems from all sales offices and setting up a small number of regional # modem pools for employee dialup access (with three different and # non-crackable passwords and dialback). # I have spent the better part of the last week rebuilding texsun from # the ground up and doing everything possible to secure it (all security # patches applied, many services disabled, nothing trusted, security # monitoring programs running, dialback software installed, etc.). I # have finally convinced my management that there is no security risk in # restoring the UUCP accounts for a short time, allowing our connections # to make other arrangements and smoothly move over. The reason it is # only temporary is that management doesn't want my UUCP modems to be the # proverbial camel sticking its nose under the tent. They are very # serious about strictly limiting the number of entry points into the # company. # So there you have it. Another one bites the dust. I'm sorry to have # to pull out of the regional UUCP community, but I can understand Sun's # needs to maintain a secure environment. While I agree that a properly # configured machine running UUCP is not a security risk, Sun's employees # have repeatedly demonstrated that they will not always properly # configure machines or employ proper security procedures when creating # accounts. The only way for Sun to maintain security is to strictly # limit access, and that is what we are now doing. I have enjoyed being # able to provide what I hope has been a useful service to the community, # and will miss being a participant. I will show up to this Month's # lunch-bunch meeting in case anyone wants to verbally abuse Sun through # me. # # -- Wills ------------------------------ End of Computer Underground Digest #5.61 ************************************


E-Mail Fredric L. Rice / The Skeptic Tank