Computer underground Digest Sun Dec 4, 1994 Volume 6 : Issue 102 ISSN 1004-042X Editors: J
Computer underground Digest Sun Dec 4, 1994 Volume 6 : Issue 102
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Retiring Shadow Archivist: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Fruit-loop editor: Carnegie Melon
CONTENTS, #6.102 (Sun, Dec 4, 1994)
File 1--Amateur Action BBS Sysops Sentenced in Memphis (reprint)
File 2--Re: EFF & Aerosmith Rock the Net - Update - Where/When/How
File 3--Re: CPSR Discounted Members ("Why I'm not a Member")
File 4--Correction on SlipKnot Info
File 5--"Hacker Learns Intelligence Secrets" (Risks Reprint)
File 6--"Computer Sleuths" nab 15-year old
File 7--"Tekroids" episode of Tekwar and the perception of viri
File 8--CALL for PAPERS: Communities in Cyberspace
File 9--Cu Digest Header Information (unchanged since 25 Nov 1994)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
Date: Sat, 5 Dec 1995 18:34:51 CST
Subject: File 1--Amateur Action BBS Sysops Sentenced in Memphis (reprint)
((MODERATORS' NOTE: For more details on the Amateur Action BBS case,
including discussion of why the case seems a gross abuse of law by
Federal prosecutors, see CuDs 6.09, 6.33, 6.35, 6.37, 6.43, 6.53,
6.55, 6.56, 6.67 and 6.69)).
Source: Chicago Tribune, Dec. 3, 1994 (p. 16)
(Associated Press): A California couple drew sentences of at least 2
1/2 years in prison Friday for sending pornographic images via
computer in a case that raised questions about how to apply obscenity
law in cyberspace.
The prosecution of Robert Thomas and his wife, Carleen, was the
first obscenity case in which operators of a computer bulletin board
were charged in the place where the material was received, rather than
where it originated. The Thomases were found guilty in July of
transmitting obscenity via interstate telephone lines. A postal
inspector testified that he joined the bulletin board under a fake
name and received the images in his computer in Memphis.
((Robert Thomas was sentenced to 37 (sic) months in prison, and
Carleen received 30 months. Under federal sentencing rules, both
must serve the full terms))
((Judge Julia Gibbons said that the government can seize the
couple's computers used to run AABBS. Thomas Nolan, the Thomases'
lawyer, indicated that there will be an appeal))
Nolan said one of his appeal arguments would focus on the U.S.
Supreme Court's 1973 ruling that defines obscenity by local community
standards. Critics of the government's case say that with the advent
of computer networks, which have no boundaries, the meaning of "local
community" is debatable.
((The couple argued at the trial that they were prosecuted in
Memphis because it was a conservative city and increased the
chances of a conviction))
Date: 2 Dec 1994 19:17:41 -0500
From: email@example.com (Stanton McCandlish)
Subject: File 2--Re: EFF & Aerosmith Rock the Net - Update - Where/When/How
UPDATED: Fixed some errors in CIS information - new number, removed "300
member seating limit" error, corrected EFF forum name (go effsig, not go
EFF Presents the Aerosmith World Tour of Cyberspace!
You can meet and talk with Steven Tyler and other members of Aerosmith,
live online, from Dec. 4 through Dec. 7, 1994, at Prodigy, CompuServe,
America On-Line, or any of a number of Internet sites. To participate in this
first-time-ever event, log in to one of these online services, and proceed
to the appropriate forum or virtual auditorium. If you've never done this
before, you should contact the Customer Support department of the service
you wish to use. For the help with the Internet event, contact your local
Note: This information will be periodically updated as necessary. You may
wish to send another message to firstname.lastname@example.org to get up-to-date
information the day before or the day of the event.
WARNING: You are strongly advised to connect with the online service you
wish to use the day before the event, and become familar with the system.
Even experienced users should arrive for the event at least 10-15 minutes
early. If you have trouble getting through to customer support reps to
become a new member of an online service, visit your local software store.
Most such stores provide signup packages for all of these online services.
Aerosmith, one of America's premier rock bands, has long supported freedom of
expression and other civil liberties, and has become increasingly
concerned with censorship in cyberspace. Aerosmith is teaming up with the
Electronic Frontier Foundation to host a series of online appearances to
benefit the Foundation and help spread awareness of civil liberties issues
in the online world. The historic Internet event, linking multiple Internet
'MOO' services for the first time and providing the world's largest
virtual realtime conference in history, is being coordinated by SenseMedia,
sponsors of ChibaMOO, and many volunteer MOO programmers and admins.
Additional sponsors and helpers include many staffers at CompuServe,
Prodigy, and America Online, as well as Giant Merchandising, _Wired_
magazine, Apple, MusicLand, Electronic Frontiers Australia, and the EMI,
Columbia and Geffen recording & media companies.
When, Where and How to "get there"
Sun., Dec. 4, 1994
7pm-8pm (EST) in the CompuServe Auditorium
How to get there: call your local CompuServe access number, and after login,
enter "go aerosmith", either at the commandline, or by choosing the "go" menu
option if you are using a graphical CompuServe program. This will take you
to the Aerosmith menu, from which you can branch to the EFF forum, become
a member of EFF, order limited edition t-shirts, go to the Recording
Industry forum, or proceed directly to the Aerosmith event in
the Auditorium. If you visit one of these areas, you need to do "go
aerosmith" again to get back to this menu. To get copies of your
autographed Aerosmith graphic, visit the RI file library ("go record"),
and to download exclusive Aerosmith sound files see the EFF file library
You must be a CompuServe member to attend.
Contact CompuServe Customer Support at 1-800-524-3388 (ask for Representative
Mon., Dec. 5, 1994
10pm-11pm (EST) in the Prodigy Chat Area
How to get there: on the day of the show, just select the Aerosmith frontpage
item. Before the day of the show, do a "Jump chat" (via the "J" button on
your Prodigy program's toolbar at the bottom of the screen), to get more info
on the event and visit the forum. You must be a Prodigy member to attend.
If you are new at this:
Login to Prodigy. Do Jump (with the J button) Plus. In the Plus service
household member access, give yourself and any other of your household user
IDs access to plus services. Log out. Log back in (to make the changes
take effect.) Now Jump Chat. Since this is your first visit to the Chat
forum, you have to select access control, give yourself and any other IDs
you control (if you wish) access to the Chat forum. Then pick "Change
Nickname" from the Chat menu. Pick a chat nickname. After this it would
be a good idea to pick the new "Set-up Options" button that will appear on
the Chat menu, pick your choices, then (again from the Chat menu) pick
"About Chat" and read this help text. It is strongly advised that you do
all of this, and test out the chat function the day *before* the event, so
you are not caught up in this configuration process just before (or, worse
yet, during) the event itself. If you are not the account holder (i.e. if
your login ID does not end with "a"), then you will have to have the
account holder configure this stuff for you. Once configuration is
complete, you can proceed to the Aerosmith event by selecting the Chat menu's
"Begin Chat" button, and then choosing the "General" area from the "Select
an Area" list that will appear. "General" is where Aerosmith will be
To order special limited edition Aerosmith/EFF t-shirts do a Jump (J button)
to "Musicworks!" To become a member of EFF (and to take advantage of a 1/2
price offer on the t-shirts when you join EFF!), send email queries to
Prodigy ID dnae43a (email@example.com or firstname.lastname@example.org via internet
email). If you'd like to order a shirt, or join EFF, right now, see the
end of this document for a form!
To get your autographed Aerosmith graphic, just click on it as it appears
to download it.
Contact Prodigy Customer Support at 1-800-776-3449.
America Online (AOL)
Tue., Dec. 6, 1994
8:15pm-9pm (EST) in the AOL Coliseum Auditorium
You must be an AOL member to attend. To participate, login, and enter
Keyword: EFF (via the "Keyword" menu option). This takes you to the EFF
forum. Here, you can get information on becoming a member of EFF and
getting a limited edition Aerosmith/EFF t-shirt. From this forum, you can
also go right to the Aersmith event in the AOL Coliseum. You can also
participate in our online message forums, download files (including
autographed band photos and Aerosmith sound samples, as well as EFF
To get your autographed Aerosmith graphic and exclusive Aerosmith sound files,
you can download them from the EFF file libaries (Keyword: EFF).
Contact AOL Customer Support at 1-800-827-6364
Wed., Dec. 7, 1994
This final event will be held simultaneously at a number of linked interactive
online services called "MOOs". No membership or fees are required for
attendance, but you must have a full (telnet-capable) Internet connection,
which may involve fees from an Internet service provider. For information on
finding Internet access in your area, contact the Internet Network
Information Center at +1-619-455-4600 (fax: +1-619-455-4640,
To reach one the MOOs, use a telnet client to log in to the MOO service, with
a user ID of "aerosmith" (without the "quotes"). You'll be prompted for
information such as an email address (at which you'll receive a band photo
and other information) after you log in and are shown to the auditorium.
The band photo will be emailed to you, to view later (or in another window).
Door prize information will also be emailed to the winners.
MOO services hosting the event ([name] - [telnet address] [port] - [notes])
BayMOO - telnet baymoo.sfsu.edu 9999 - San Francisco Bay Area, California
ChibaMOO: The Sprawl - sprawl.sensemedia.net 7777 - Santa Cruz, California
ChibaMOO: The World - world.sensemedia.net 1234 - Seattle, Washington
ChibaMOO: Hyper - hyper.sensemedia.net 7777 - Sapporo, Japan
ChibaMOO: Snow - snow.sensemedia.net 1234 - Australia
dreaMOO - fiinix.metronet.com 8888 - Irving, Texas
Metaverse - metaverse.io.com 7777 - Austin, Texas
Many other MOOs will be participating. Send Internet email to
email@example.com nearer the day of the event for an updated list of
participating MOO hosts. You can also attend the even via World Wide Web
client software (such as Mosaic, Lynx, Netscape, Cello, etc.) A list of
supporting Web hosts will also be added to the list that will be available
from firstname.lastname@example.org closer to the show date. Telnet users can also
benefit from specialized MOO client software available at various FTP file
archives if not already available on your host system. To get further
updates on participating MOOs as they are added, use the 'finger' command
to finger email@example.com.
To connect to a MOO via telnet, do "telnet [address] [port]". Example:
telnet world.sensemedia.net 7777
Non-commandline telnet programs will probably simply prompt you for a site
and port number.
To connect directly to a MOO via a WWW client, such as Mosaic, Netscape,
Win/Mac Web, Lynx, or Cello, use the URL: "telnet://[site]:[port]". Example:
Non-commandline WWW browsers usually just prompt you for a URL.
Graphical WWW participation, and email participation (for those without
telnet capabilities) may also be possible. Send another message to
firstname.lastname@example.org closer to the event time for more information, which
will be added to this document when available.
*Please contact your Internet system administrators* or customer service
representatives for assistance with attending the MOO events! That's what
they're there for! If all else fails seek help on the following Usenet
newsgroups (via a newsreader such as nn, rn, trn, tin or nuntius), as
appropriate: alt.mud.moo, comp.infosystems.www.users, and/or
news.newusers.questions - many more knowlegeable users will be happy to
help you there.
For more information on the Electronic Frontier Foundation, send any
message to email@example.com.
Aerosmith - Wendy Laister, +1 213 655 4140 (US), +44 385 300069 (Europe)
EFF - Shari Steele , 202-347-5400, fax: 202-393-5509
Orignal Press Release
Aerosmith & EFF Rock the Net
Aerosmith Press Release
America's premier rock band, Aerosmith, today announced details of a unique
global event which will take the band across the information technology
frontiers into new realms of Cyberspace.
In what will be the first event of its kind, Aerosmith's history-
making "Cyberspace Tour," scheduled to take place over four days (December
4 to 7 inclusive), will allow fans from all over the world to "speak"
directly to the band via the four leading information service providers:
CompuServe, Prodigy, America Online and the Internet.
Never before has a band utilized four online services in this way, and
never before have so many people been brought together at one time for an
interactive gathering of this kind.
Proceeds from the connect time charges and the sale of limited edition
"Aerosmith Cyberspace Tour" T-shirts (specially designed in support of the
event by graphic artists at Wired Magazine and manufactured by Giant
Merchandising) will benefit the Electronic Frontier Foundation (EFF) -- a
civil liberties organization dedicated to advancing free speech on the
networks. In addition, Aerosmith has secured substantial cash donations
for the Foundation from Geffen Records, EMI Music Publishing and Columbia
Founded in July 1990, over the past four years, the EFF has sponsored
litigation and legislation to protect the privacy rights of computer users,
to ensure that electronic publishers are treated equally under the law and
to guarantee that all speech, no matter how controversial, has a forum
where it can be heard. As committed supporters of both the First and
Fourth Amendments, Aerosmith hopes to focus worldwide attention on these
important issues through the instigation of this event.
In addition to the opportunity to converse directly with each of the
band members, those participating will stand to win an exciting array of
Aerosmith prizes, ranging from the band's latest, collectible Columbia
release, "Box of Fire", and Geffen's "Big Ones" Aerosmith compilation album
and home video, to their first interactive CD-ROM game, "Virtual Guitar:
Quest for Fame, Featuring Aerosmith" and the CD-ROM-based music video
puzzle game: "Vid Grid."
Kicking off on Sunday, Dec. 4, at 7 p.m. (EST) Aerosmith will first
join users of CompuServe, the world's largest commercial online service,
for an hour-long interchange. The following night, at 10 p.m. (EST), they
will link up with Prodigy devotees for an hour, before surfing over to
America Online on Tuesday, Dec. 6, between 8:15 p.m. and 9 p.m. (EST). For
their final appearance (10 p.m. EST Dec. 7), the band will log on to a
linked collection of live electronic gathering places, called MOOs,
accessible through the Internet. This last stop on the tour will see an
unprecedented number of users accessing the system -- making this a
ground-breaking excursion along the information highway.
For two of the online events, the band will be set up backstage, with
Macintosh Powerbooks courtesy of Apple Computers, prior to their shows at
the Palace of Auburn Hills in Detroit (Dec. 4) and the United Center in
Chicago (Dec. 6). For the other two nights, utilizing the same equipment,
they will take time out of their hectic schedules, to link up with their
fans en route between gigs.
Anyone with a computer, a modem and access to one of the four online
services (which are immediately available from any computer store or
through any of the commercial services' 800 numbers) will be able to dial
in and participate in this exciting tour of Cyberspace.
For directions to these online 'gigs' users should contact either the
Electronic Frontier Foundation at 202-347-5400 (voice) or firstname.lastname@example.org
(internet e-mail). Alternatively, details will be available on each of the
participating online services.
Date: Thu, 01 Dec 1994 14:42:44 -0600
Subject: File 3--Re: CPSR Discounted Members ("Why I'm not a Member")
In CuD 6.101 article 5, someone presumably from the CPSR summed up in four
reasonably short sentences why I'm not a member of the CPSR.
> 1. It is important for citizens to become involved in the development
> of the "Information Superhighway" to ensure that it addresses
> educational and other critical needs.
What educational and other critical needs are going to be met by citizen
involvement? I maintain that they would be better met by letting the
individual school boards decide how much of their budget should go to
buying computers and computer networking, and then letting them buy said
hardware and services from whomever they want. So I support citizen
involvement in school board budget meetings ... but somehow, I don't think
that's what the CPSR means. Or does the CPSR send representatives to all
umpty thousand school boards in this country?
No, the only way for a group like CPSR to have its "citizen involvement"
affect everybody is for more federal intervention in education ... which I
> 2. Privacy considerations might be overlooked in the next-generation
> computing systems if organizations like CPSR aren't especially
First of all, no organization has done as much for privacy in computer
systems, current or next generation, as the RSA team and Phil Zimmerman.
And they didn't need the CPSR to do it.
But there are privacy concerns related to database use and abuse that
public key cryptography doesn't help with ... much ... yet, anyway. (When
public key based electronic money makes it possible but not automatic for
purchases and finances to be completely private, we'll find out how much
people are willing to pay or give up to have that freedom.) In that
battle, the CPSR is just one of many voices, and maybe not the most useful
one. So if you want to say that all of the groups involved in advancing
privacy are "organizations like CPSR," then I'll grudgingly acknowledge
part of #2. But in fact, I don't think those other groups are much like
> 3. I am concerned that the "Information Superhighway" might become an
> "Information Supertollway" - a shopping mall rather than a public
> commons. I'm concerned about first amendment rights in cyberspace!
Couldn't happen. If the government handed the Internet over to Prodigy
tomorrow, and they raised the rates through the roof, and then said that
nobody could be a content provider without investing millions of dollars
in it, that would kill the Internet as we know it. No doubt about it.
And by the end of the month, FidoNet and/or WWIVnet and/or OneNet would
have ten thousand more nodes, spreading costs as best as they can and
highly motivated to keep those costs low. By the end of the year, the
same people who run Freenets now would have figured some way to fund IP
protocol links between them, and there'd be another Internet that ran
along an open-content, low- and spread-cost model. Yes, even if it was
illegal: there was FidoNet in France at a time when Minitel was guaranteed
a legal monopoly on electronic mail; what more would we see in America?
How would they stop it, declare a "War on Private Networks"? Require
random testing of phone lines?
If the last ten years have taught us anything, it's that "the Net" seeks
out low cost, low censorship, high bandwidth, high reliability network
links (in roughly that order of priority, I think) as naturally and
automatically as water seeks its lowest level. No act of government or
business can repeal that economic law; I hope Vint Cerf has explained this
to his new employers.
And having been a sysop, I must admit that I cringe whenever I hear users
talking about their First Amendment rights. What they usually mean is
guaranteeing their "right" to say whatever they want =at my expense=. If
I run a system and you don't like the way I kill messages, then buy your
networking from somebody whose policies you =do= like. (That's why I
still have a grudge against Prodigy.)
> 4. I would like to help support Computer Professionals for Social
> Responsibility and help support the development of democratic
> and responsible technology.
Democratic technology? We're going to give PCs the vote? Or are we going
to vote on whether or not I get to buy another 8 megabytes of RAM for my
PowerMac at home? Is that what they mean by responsible technology?
Responsible to whom, and for what?
Given CPSR's history, I think that they mean democratic and responsible to
mean that the following issues will be decided by a vote of the people:
who gets computers, how much they'll pay for them, what those computers
and the networks they connect to will look like, and what they'll be able
to be used for.
Sorry, count me out. If given a chance, the majority will vote for
computers to be given to them, for free, with the expense passed on to
middle class taxpayers and debt owed by the next generation. Big
corporations will "influence" Congress to make those computers look like
whatever the heck they're manufacturing this year. (Programming language
standards always lag behind the market, because every vendor gets a veto
and therefore the standard is watered down until every vendor in the
market meets it. Who's going to let a standard pass, unless their
products already meet it?) And liberal groups like CPSR will campaign to
keep them from being used to make a profit.
Make the design of computers "democractic and responsible" and some
liberal will start a petition campaign saying that RISC chips are unfair
to people who are still using 286s. Why should manufacturers be able to
impose upgrade costs on these folks without their vote? Not to mention
all the lost jobs at Intel because people are buying Motorola chips. It's
un-American; let's pass a law. From now on, all computers will have 286
chips. That's fair to everyone.
(It's also the death of progress and innovation. Some country that
doesn't impose "democratic and responsible" restrictions on its inventors
and manufacturers will eat our lunch within two years, and we'll be
another backwater Third World basket case country. Countries like that
always have two-tier societies; huge numbers of poor serfs, and a
dictatorial elite that own and run everything. If I were just a little
more paranoid, I'd suspect that this was the =real= agenda of CPSR: they
might think think that the world would be "fairer" and tidier if a
highly-educated elite told everybody else what to do and they did it or
else, no troublesome middle class to build their own alternatives.)
Make the use of computer networks "democratic and responsible" and prudes
will vote to shut down the entire alt.sex hierarchy. Christians will vote
to shut down alt.pagan and other groups. And the people who threw out
almost every liberal incumbent last month will vote to shut down the CPSR
listserv. I won't agree with any of them ... but I will sympathize with
the last one, and figure that they =almost= deserve it for having made
technology "democratic and responsible."
("Democracy is based on the assumption that the marjority know what they
want, and deserve to get it good and hard." Will Rogers, wasn't it?)
Look, I'm not a knee-jerk Randroid but Ayn Rand described groups like the
CPSR quite well in _Atlas Shrugged_. They are what she calls "users."
Users are people who think that because of their needs that they're
entitled to the efforts of my mind, the fruits of my labor, the contents
of my wallet. And I will oppose this collectivist philosophy at every
opportunity until I die, and I hope that at least some of my words will go
on fighting it long after I die.
J. Brad Hicks Internet: mc!Brad_Hicks@mhs.attmail.com
X.400: c=US admd=ATTMail prmd=MasterCard sn=Hicks gn=Brad
Date: Thu, 1 Dec 1994 16:03:32 -0500
From: felixk@PANIX.COM(Felix Kramer)
Subject: File 4--Correction on SlipKnot Info
((MODERATORS' NOTE: In the last few months, we've received a number
of info-updates on SlipKnot. In 6.99, we accidentally printed
an earlier post rather than the most recent update. Thanks to
Felix Kramer for pointing out the goof)).
I notice that Computer Underground #6.99 reprinted our October 28 e-mail
message to journalists announcing SlipKnot beta 0.53. While we appreciate
your providing information, this was still a private beta, not intended for
public distribution. (And unfortunately, your mail went out November 23 --
the day after we released 1.0 after going through betas 0.54-0.56)
We would greatly appreciate your running a notice as soon as practical,
urging users to switch to the released version.
Please let me know what issue # the correction will appear. Thanks in
Here's are the key points of a message:
It is very important that beta users switch to the officially released
SlipKnot 1.0 version as soon as possible. Version 0.53 (described in
Computer Underground #6.99) was a beta version with some subtle and some
not-so subtle bugs. MicroMind cannot support and attempt to fix the
problems in this early version.
To get the new version, *do not* use the upgrade process described in the
documentation. First remove your \SLIPKNOT directory and *all* of its
subdirectories. Then perform a new install.
Check at your service provider first to see if it's available locally. If
not, it's downloadable from the following anonymous FTP sites (approx. 1.2
oak.oakland.edu has numerous mirror sites, so if you have any trouble
getting it directly from there, please try the mirror sites.
One mirror site is:
In the U.K. try:
After downloading, please read the READ.ME file for Windows installation
To get the latest information about SlipKnot, send a blank e-mail message to:
Point your WWW browser (lynx is fine) to
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Felix Kramer/Kramer Communications
NYC-based electronic publishing & journalism
Online promotion & marketing
e-mail: email@example.com or firstname.lastname@example.org
voice: 212/866-4864 fax: 212/866-5527
Date: Thu Dec 1 10:05:07 PST 1994
From: fosterj@OHSU.EDU(John Foster)
Subject: File 5--"Hacker Learns Intelligence Secrets" (Risks Reprint)
FYI. Excerpt from RISKS DIGEST 16.58, 26 Nov 1994.
Date--Thu, 24 Nov 94 09:09:38 GMT
Subject--Hacker learns intelligence secrets
The London "Independent" newspaper of 24-Nov-94 leads with a story
that a "hacker" gained access to a sensitive database of
telecommunications information at British Telecommunications (BT), the
UK's largest (and ex-state owned) carrier. The story was also carried
by all the major television and radio news programmes.
Tim Kelsey, author of the Independent story, reveals that details such
as telephone numbers and addresses for secret installations of the
Ministry of Defence, MI5 (the British intelligence agency responsible
for the UK) and MI6 (like MI5, but handles non-UK affairs).
"Thousands of pages of highly confidential BT records were sent across
the Internet to a young Scottish journalist, Steve Fleming, in July".
Mr Fleming received the information after making a news posting asking
for information on BT and hacking. The informant remained anonymous
details of how this was achieved are not given.
The hacker also gave details to Mr Fleming about how he too could
access the information. He applied through an employment agency for a
short-term contract at BT as a database designer, clearly stating on
his CV that he was a freelance journalist. He got the job, and was
able to gain access to the information because passwords were just
left lying around the office.
BT is still going through a major staff restructuring programme, and
as a result has a large number of temporary (contract) staff. These
staff need passwords to the system to legitimately carry out their
jobs, but because of the constant flow of people, the passwords are
often written down.
Mr. Fleming learned, among other things,
* The location of MI6's training centre ("spy school"), located in
a non-descript building next to a pub in south London
* Information about the bunker in Wiltshire where the Government
would go in the event of nuclear war
* Details of telephone installations at Buckingham Palace and 10
Downing Street [the Prime Minister's home], including
personal lines to John and Norma Major.
The system itself, the "Customer Services System", was designed and
implemented by an American company, Cincinnati Bell. It is supposed to
have internal mechanisms to prevent hacking (!)
So, what are the risks (briefly!)
1) Allowing temporary staff passwords that allow almost any
data to be retrieved. It sounds as if the security
levels of the database were either non-existent,
2) Keeping sensitive information in the same database
as non-sensitive information.
3) The age-old chestnut of the uses of passwords.
A BT spokesman, speaking on the "Today" programme on BBC Radio 4
confirmed that a "top level" investigation had been launched, but
refused to confirm or deny that the hack had taken place.
Mathew Lodge, Software Engineer, Schlumberger Technologies, Ferndown,
Dorset, UK, BH21 7PP email@example.com (+44) (0)202
[The *Independent* items are in their entirety (28K) in
RISKS-16.58BT, courtesy of Brian Randell. PGN]
Date: Wed, 30 Nov 1994 21:18:44 EDT
Subject: File 6--"Computer Sleuths" nab 15-year old
(Excerpts from Chicago Tribune: 28 Nov, 1994: p. 6)
COMPUTER SLEUTHS FIND HACKER WHO PLAYED HAVOC
(Minneapolis): University of Minnesota computer sleuths tracked a
suburban Minneapolis teenager for about six weeks-watching him
illegally use their passwords to gain access to more than 10 computer
networks from Detroit to Moscow-before police confiscated his computer
They monitored the 15-year-old as he bragged electronically to
other computer hackers about his escapades. That included forcing the
Greater Detroit Free-Net to shut down for a week after he penetrated
its security in an attempt to use the system without anyone knowing.
But the university computer techs knew. What's more, they say, the boy
brazenly told other hackers, as the techs electronically eavesdropped,
that he knew that they knew-and thought it was funny.
((The article explains that the youth didn't care that he was being
watched and seemed to invite apprehension. The youth lives with his
mother, but was in the hospital when police confiscated his modem and
computer equipment. He could face felony charges))
"He wiped out a lot of critical files," said Paul Raine, president
of the Detroit Free-Net, an eight-month-old community information
exchange that charges no fees to its users.
The system was shut down Nov. 9 so volunteers could rebuild it and
tighten security. Raine said he has contacted the FBI about possible
federal charges because the youth used telecommunications equipment to
reach across state lines.
((The youth reportedly had problems at home and skipped school while
using the computer))
He said the Apple Valley youth had obtained passwords, possibly
from electronic bulletin boards or by using commercially available
Grewe said the boy appeared to fit the typical hacker profile: a
15- to 20-year-old male, many of whom have low self-esteem.
Date: Sat, 03 Dec 1994 19:23:08 EST
From: "Rob Slade, Social Convener to the Net"
Subject: File 7--"Tekroids" episode of Tekwar and the perception of viri
Bill Shatner has been reading "Snow Crash" (cf BKSNCRSH.RVW)!
In tonight's episode of Tekwar, we find that police detectives, and
the hero's ex-wife, have been felled by a nasty virus. A *computer*
virus. Call the Weekly World News.
Shatner is *much* more ambitious than Stephenson. The "Snow Crash"
virus, in graphical representation, looked pretty much as you'd
expect--snow! The Tekwar virus looks like a young lady. (When she
starts to open her blouse, you get just a hint of circuitry and bright
light. Hubba, hubba!)
Oh, come now, Rob. Don't be a spoil sport. They can make programs
that look like text, can't they? So why can't they make programs that
look like pictures? Well, it is true that I have copies of the BOO
programs, which are utilities for converting binary files into a
format that was only printable characters. I understand that there is
an MS-DOS program, called COMt, which turns COM files into
*executable* forms, using only printable characters. (Padgett
Peterson was so taken with the idea that he wrote his Christmas card
program using only printable characters.) The "text" programs,
however, don't exactly look like a letter from Mom--they look like
strings of garbage. Paradoxically, graphics images (realistic
graphics, that is) give you even *less* leeway, since the human eye is
*very* good at picking up anomalies.
The Tekwar virus is recovered from an imperfectly erased copy of the
graphic. Under extrapolative recreation, the virus is virulent enough
that just looking at it will fry your computer. (Try *that* with your
average copy of Stoned. "Lossy" compression wins again!) (By the
way, in *that* picture, the young lady has her shirt *on*.)
If you look at the virus, it renders you unconscious. Fair enough:
flashing lights can stimulate epileptic seizures. However, thereafter
the virus slowly causes *physical* degradation of your nervous system.
Oh, please. What's the nerve equivalent of JMP?
Stay tuned *next* week, when Bill Shatner uses the I-word. (Pay close
attention when he announces the virus is loose.)
copyright Robert M. Slade, 1994 TVTEKWAR.RVW 941201
DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
Author "Robert Slade's Guide to Computer Viruses" (contact: 1-800-SPRINGER)
From: smithm@NICCO.SSCNET.UCLA.EDU(Marc Smith)
Subject: File 8--CALL for PAPERS: Communities in Cyberspace
Date: Thu, 1 Dec 1994 10:49:13 -0800 (PST)
CALL FOR CONTRIBUTORS
VOLUME ON COMMUNITIES IN CYBERSPACE
A volume entitled _COMMUNITIES IN CYBERSPACE_ is being prepared
for publication by the University of California Press. We are
looking for papers that examine the subject of online interaction
and community. Papers should focus on existing examples of
online interaction, with particular attention to the collective
organization of groups, the emergence of community, and the
issues, conflicts, and problems that go along with those
A partial list of suggested topics is included below:
The dynamics of online interaction
Comparisons of online interaction with other forms of
Identity, anonymity, cryptography
The presentation of self
Sex and gender dynamics in online groups
Power in online communities
Synchronous versus asynchronous interaction
Systems of exchange in online groups
Scarcity, value, and markets in online communities
Informal social control
Group solidarity in online communities
Cooperation and conflict in virtual communities
Crime and deviance
Governance in online groups
Culture and ritual
Constructing an online community
Community protest/collective action based on online groups
To be considered for inclusion in this volume, prospective
authors should submit the following:
1) A 300-500 word abstract describing the substantive focus,
methodology, and conclusions of research to be reported in
the proposed paper
2) A brief biographical statement (or curriculum vita)
indicating previous research and/or relevant experience in
Submissions should be sent via mail, e-mail or fax no latter than
February 1st, 1995 to the volume editors at the address below:
Peter Kollock and Marc Smith
UCLA Department of Sociology
405 Hilgard Ave.
Los Angeles, California 90024-1551
Fax: (310) 206-9838
Invited authors will be provided with guidelines for the
preparation of the paper. The tentative deadline for receipt of
the final manuscripts will be June 1st, 1995, with an anticipated
publication date in the first half of 1996.
Date: Thu, 23 Oct 1994 22:51:01 CDT
From: CuD Moderators
Subject: File 9--Cu Digest Header Information (unchanged since 25 Nov 1994)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send a one-line message: SUB CUDIGEST your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
In BELGIUM: Virtual Access BBS: +126.96.36.199.77 (ringdown)
UNITED STATES: etext.archive.umich.edu (188.8.131.52) in /pub/CuD/
ftp.eff.org (184.108.40.206) in /pub/Publications/CuD/
aql.gatech.edu (220.127.116.11) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD
The most recent issues of CuD can be obtained from the NIU
Sociology gopher at:
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
End of Computer Underground Digest #6.102
E-Mail Fredric L. Rice / The Skeptic Tank