Computer underground Digest Wed Oct 26, 1994 Volume 6 : Issue 93 ISSN 1004-042X Editors: J

Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

Computer underground Digest Wed Oct 26, 1994 Volume 6 : Issue 93 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Mini-biscuit editor: Guy Demau Passant CONTENTS, #6.93 (Wed, Oct 26, 1994) File 1--Government Gopher Sites File 2--(fwd) South African Consitution and computer privacy (fwd) File 3--The Online Future (Review) File 4--OTA Report on Information Security and Privacy released File 5--Cu Digest Header Information (unchanged since 23 Oct 1994) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. ---------------------------------------------------------------------- Date: Wed, 26 Oct 1994 19:32:43 CDT From: CuD Moderators Subject: File 1--Government Gopher Sites ((MODERATORS' NOTE: We're periodically asked for the location of good gopher sites for government and other information. Here is a list of major government gopher sites. University gopher sites can sometimes be discovered just by typing gopher.(university.address). For example, gopher gopher is a hit-and-miss approach, but with a few minutes experimentation, you'll likely come across some fascinating archives. The header from the following post was eaten when it arrived. Thanks to the poster for sending over the following list of government gopher sites. We should also add a few of our own favorites: The American Civil Liberties Union Univ. of Minnesota gopher (the gopher of all gophers) Internet Spies/WIRETAP - crammed full of books and texts And, we can't forget our own NIU sociology gopher, just constructed and growing-- At the opening menu, move to Academic depts / Liberal Arts / Sociology and check out the CRIMINOLOGY area. It's still under construction, so if you see something that's not there that would be helpful, let us know. It also hosts the Society for the Study of Symbolic Interaction gopher site)). NIU Sociology gopher ============================ NAME AND HOST name=extension service, usda name=u.s. dept agriculture food and nutrition information center name=national trade data bank name=u.s. dept transportation name=u.s. dept agriculture extension service name=national center for research on evaluation, standards name=library of congress marvel information system name=protein data bank - brookhaven national lab name=u.s. dept agriculture national agricultural library plant genome name=u.s. dept agriculture ars grin national genetic resources program name=federal info exchange (fedix) name=lanl physics information service name=nasa goddard space flight center name=nasa network application and information center (naic) name=national institute of standards and technology (nist) name=national institutes of health (nih) name=national science foundation (stis) name=oak ridge national laboratory esd gopher name=national institute of allergy and infectious disease (niaid) name=national institute of mental health (nimh) gopher name=national science foundation center for biological timing name=national cancer institute name=los alamos national laboratory name=lanl advanced computing laboratory name=lanl nonlinear science information service name=u.s. military academy gopher name=national center for atmospheric research (ncar) gopher name=national center for biotechnology information (ncbi) gopher name=nasa langley research center name=nasa shuttle small payloads information name=askeric - (educational resources information center) name=national center for supercomputing applications name=u.s. geological survey (usgs) name=nasa center for aerospace information name=nasa lewis research center (lerc) name=u.s. geological survey atlantic marine geology name=aves: bird related information name=nist computer security name=naval research laboratory name=naval research laboratory central computing facility name=nasa high energy astrophysics science archive research center name=u.s. national information service for earthquake engineering name=lternet (long-term ecological research network) name=u.s. dept energy office of nuclear safety name=national library of medicine name=lanl gopher gateway name=lanl t-2 nuclear information service gopher name=u.s. dept education name=u.s. dept energy name=national coordination office for high performance computing and communications name=environment, safety & health (usde) gopher name=u.s. dept energy environment, safety & health gopher name=naval ocean system center (nrad) gopher name=u.s. environmental protection agency great lakes national program office gopher name=environmental protection agency great lakes national program office gopher name=u.s. environmental protection agency futures group name=environmental protection agency futures group name=u.s. navy naval ocean system center nrad gopher name=national institute of environmental health sciences (niehs) gopher name=arkansas-red river forecast center (noaa) name=national geophysical data center (noaa) name=nasa office of life and microgravity sciences and applications name=noaa environmental services gopher name= federal government information (via library of congress) name=comprehensive epidemiological data resource (cedr) gopher name=lawrence berkeley laboratory (lbl) name=national oceanographic data center (nodc) gopher name=esnet information services gopher name=cyfernet usda children youth family education research network name=americans communicating electronically name=u.s. dept agriculture children youth family education research network name=oak ridge national laboratory center for computational sciences name=nasa k-12 nren gopher name=national agricultural library genome gopher name=eric clearinghouse on assessment and evaluation name=u.s. dept commerce economic conversion information exchange name=u.s. dept commerce economics and statistics administration name=national center for education statistics name=u.s. dept agriculture economics and statistics name=u.s. environmental protection agency name=environmental protection agency name=national library of medicine toxnet gopher name=nasa minority university space interdisciplinary network name=stis (science and technology information system-nsf) name=national toxicology program (ntp) niehs-nih name=u.s. dept commerce information infrastructure task force name=co-operative human linkage center (chlc) gopher name=smithsonian institution natural history gopher name= politics and government name=voice of america (radio) name=federal register - sample access name=u.s. senate gopher name=u.s. bureau of mines gopher name=legi-slate gopher service (via umn)/ name=nasa laboratory for terrestrial physics gopher name=noaa national oceanographic data center (nodc) gopher name=noaa national geophysical data center (ngdc) name=u.s. bureau of the census gopher name=eric clearinghouse for science, math, environmental (osu) name=\peg, a peripatetic, eclectic gopher name=u.s. house of representatives gopher name=information infrastructure task force (doc) gopher name=federal communications commission gopher name=defense technical information center public gopher name=national archives gopher name=nasa center for computational sciences name=u.s. agency for international development gopher name=graingenes (usda) gopher name=federal reserve board (via name=federal networking council advisory committee name=federal deposit insurance corporation gopher (via name=national telecommunication and information administration (ntis) gopher name=national institute of standards and technology gopher name=securities and exchange commission "edgar" gopher name=u.s. securities and exchange commission "edgar" gopher name=u.s. patent and trademark office information (via name=public broadcasting service (pbs) gopher name=u.s. dept justice gopher name=fedworld (ntis) - 100+ electronic government bulletin boards name=ntis fedworld - 100+ electronic government bulletin boards name=national renewable energy laboratory name=catalog of federal domestic assistance name=social security administration name=national center for toxicological research name=national heart, lung, and blood institute (nhlbi) gopher name=noaa online data and information systems name=eric clearinghouses (via syracuse) name=internic: internet network information center gopher name=nasa information sources telnet (compiled by msu) name=nasa space mechanisms information gopher name=financenet (national performance review) name=u.s. dept health and human services name=u.s. consumer product safety commission gopher name=consumer product safety commission gopher name=defense nuclear facilities safety board name=national agricultural library name=small business administration name=nasa marshall space flight center spacelink name=national information infrastructure task force name=u.s. dept agriculture aphis gopher name=u.s. dept housing and urban development ------------------------------ Date: Mon, 24 Oct 1994 22:58:17 -0500 (CDT) From: David Smith Subject: File 2--(fwd) South African Consitution and computer privacy (fwd) Saw this posted elsewhere, just passing along this lawyers request for information. David Smith | | ---------- Forwarded message ---------- Date--Mon, 24 Oct 1994 17:18:52 GMT South Africa has a new Bill of Rights which guarantees the right to privacy and protects all persons against unreasonable and unjustified search and seizure of their personal property or the violation of private communications. I am currently involved in research into the impact of this constitutional right on computer law. In particular, I am looking at whether a state agency can obtain a list of files from a person's account which they suspect contains illegal material such as pirated software or pornography (illegal in South Africa). Does the state agency need to obtain a search warrant or the user's permission before searching his/her account even if their suspicion is a reasonable one? The crisp legal issue is this: Does the seizure of computer files or a list of those files out of an individual's account, without a warrant or without the user's permission, violate the constitutional right to procedural due process and the right to privacy? I would like references to reported judgements on this issue, especially cases that have dealt with this on a constitutional law basis. If possible, it would be most useful if I could be e-mailed actual copies of the judgements. Reported decisions from any jurisdiction would be useful. Thank you in advance. Mr Ron Paschke Department of Procedural and Clinical Law University of Natal Durban South Africa email: ------------------------------ Date: Mon, 24 Oct 1994 19:38:49 -0700 From: dbatterson@ATTMAIL.COM(David Batterson) Subject: File 3--The Online Future (Review) Some Brief Glimpses at the Online Future by David Batterson Prognosticating the future is always a tricky business. The predictions that turn out to be correct usually are matched by the number of wrong guesses. [Remember the infamous prediction that by the 1980s we would all be flying around in helicopters instead of driving cars? Or that we would have huge wall-hung flat TVs by now?] However, some computer industry people are still willing to stick their necks out and offer their thoughts on the elusive future. Their opinions are their own, and do not necessarily represent the views of their employers. Jack Murphy, president of Practical Peripherals, thinks that being wired is definitely the wave of the future: "The hottest news in computing today is online communications, and there's no end in sight to the impact this will have on virtually every segment of the American public." Ironically, Murphy's remarks were faxed to me, not e-mailed. Leslie Schroeder, a high-tech public relations consultant in Silicon Valley, agrees that the future is electronic mail, but sees a personal touch: "E-mail is reincarnating the age of letter writing. We're keeping in touch the way the Victorians did, building a personal community connected by a constant stream of letters sharing news and gossip. E-mail is reviving the 'letter' as a forum for wit, style, and personality, as well as serving as an invaluable business tool." Tom Almy, a software engineer with Tektronix in Wilsonville, OR, offered his thoughts on what we can expect soon. "PDAs will be as widespread as TVs by 2000. With larger, color screens, long battery life, excellent text recognition, voice and cellular phone capabilities, these units will replace personal planners, telephones, fax machines, and video games." What about prices/storage capacity? "Desktop computing will advance in an evolutionary fashion--more memory and speed as prices drop. Floppy drives and disks will vanish, replaced by writable CDs. Will semiconductor memories replace hard disks?--yes, probably for portable applications." Almy added that "the Information Superhighway will take two paths due to widely-differing visions "one being an information sharing network like the current Internet--(and available to homes using ISDN technology from the phone company--and the other being information provider and home shopping services over cable TV." Charles Jennings, co-founder of the Oregon Multimedia Alliance and author of the "Pluggers" syndicated newspaper comic, offered this bit of insight: "My thoughts about the future of computing are pretty simple. Someday soon, online computing will be the sea we all swim in, and when that happens, it will be the fish--the colorful, complex organisms we are beginning to call 'content'--that matter most." Jennings said his group has high hopes for the future too: "to shorten the implementation period for online, interactive multimedia products and services. Open access to online pathways is a key principle of our organization, as is support for educational and other socially beneficial uses of multimedia technology." Obviously, we can all expect faster and more powerful computers in the future. And while Intel's Pentium chips are getting the lion's share of the CPU business, there are other companies that trying to "chip" away at that. An example is International Meta Systems (IMS) of Torrance, Calif. IMS created the 3250 60Mhz RISC microprocessor with hardware-assisted emulation technology. This lets the 3250 emulate 486 PCs, as well as Motorola's 68040 chip. IMS chips also incorporate special algorithms for speech recognition, image processing and telecommunications functions. IMS President George W. Smith said "I think that speech is the key that will unlock the potential applications for the hand-held computer and communications market." As for this reporter's thoughts on future computer products, I predict a new, not-yet-invented technology will result in high-resolution, laser-quality printers that don't require toner to perform their hard-copy magic. And look for a cheap "Dick Tracy" combo wrist-TV/fax/pager/e-mail device before the year 2000. More personal predictions: within 10 years, cheap and powerful basic personal computers will cost about $100 list price. In 20 years, a typical "home computer" will surpass today's most powerful Cray (and similar) computers in processing power, memory and storage capacity. And all monitors will be super-high-resolution flat-screen type, with images as sharp as a printed color, glossy magazine page. Finally, sometime in the near future--thanks to massive computerization of automobile traffic control--safety on the roads will match the airline safety of today, with relatively few car accidents and deaths per year. It's going to be very exciting, because as Al Jolson said: "you ain't seen nothin' yet." ------------------------------ Date: Tue, 27 Sep 1994 13:54:43 CDT From: (Dexter, Martha Dir.,Info/Pub) Subject: File 4--OTA Report on Information Security and Privacy released September 23, 1994 *********************************************************** INFORMATION SECURITY AND PRIVACY IN NETWORK ENVIRONMENTS *********************************************************** [The Office of Technology Assessment report "Information Security and Privacy in Network Environments" is now available. The report was released on September 23, 1994. Ordering information and details about electronic access are at the end of this message.] As electronic transactions and records become central to everything from commerce and tax records to health care, new concerns arise for the security and privacy of networked information. These concerns, if not properly resolved, threaten to limit networking's full potential in terms of participation and usefulness, says the congressional Office of Technology Assessment (OTA) in a report released today. Some 20 to 30 million people worldwide can exchange messages over the Internet. Every day U.S. banks transfer about $1 trillion among themselves, and New York markets trade an average of $2 trillion in securities. Nearly all of these transactions pass over information networks. The report "Information Security and Privacy in Network Environments" focuses on safeguarding unclassified information in networks, not on the security or survivability of networks themselves, or on the reliability of network services to ensure information access. Appropriate safeguards must account for--and anticipate-- technical, institutional, and social changes that increasingly shift responsibility for safeguarding information to the end users, says OTA. The laws currently governing commercial transactions, data privacy, and intellectual property were largely developed for a time when telegraphs, typewriters, and mimeographs were the commonly used office technologies and business was conducted with paper documents sent by mail. Technologies and business practices have dramatically changed, but the law has been slower to adapt, says OTA. Information safeguards, especially those based on cryptography, are achieving new prominence. OTA emphasizes that decisions about cryptography policy will affect the everyday lives of most Americans because cryptography will help ensure the confidentiality and integrity of health records and tax returns, speed the way to electronic commerce, and manage copyrighted material in electronic form. Congress has a vital role in formulating national cryptography policy, says OTA, and more generally in safeguarding electronic information and commercial transactions and protecting personal privacy in a networked society. A field of applied mathematics/computer science, cryptography is the technique of concealing the contents of a message by a code or a cipher. The message is unintelligible without special knowledge of some secret (closely held) information, the key that "unlocks" the encrypted text and reveals the original text. Key management is fundamental to security. It includes generation of the encryption key or keys, as well as their storage, distribution, cataloging, and eventual destruction. The federal government still has the most expertise in cryptography, says OTA. As a developer, user, and regulator of safeguard technologies, the federal government faces a fundamental tension between two important policy objectives: fostering the development and widespread use of cost- effective safeguards; and--through use of federal standards and export controls--controlling the proliferation of commercial safeguard technologies that can impair U.S. signals-intelligence and law-enforcement capabilities. The concern is reflected in the ongoing debates over key- escrow encryption and the government's Escrowed Encryption Standard (EES). The Clinton Administration announced the "escrowed-encryption" initiative, often called the "Clipper chip," in 1993. This type of encryption is intended to allow easy decryption by law enforcement when the equivalent of a wiretap has been authorized. The Department of Commerce issued the EES, developed by the National Security Agency (NSA), as a federal information processing standard for encrypting unclassified information in February 1994. The initiative in general and the EES in particular have seen intense public criticism and concern, OTA reports. The controversy and unpopularity stem in large part from privacy concerns and the fact that government-designated "escrow agents" will hold the users' cryptographic keys. Congress has asked the National Research Council (NRC) to conduct a major study, expected to be available in 1996, which would support a broad review of cryptography. OTA presents several options for congressional consideration in the course of such a review. Because the timing of the NRC review is out of phase with the government's implementation of key-escrow encryption, one option would be to place a hold on further deployment of key-escrow encryption, pending a congressional policy review. An important outcome of a broad review of national cryptography policy, says OTA, would be the development of more open processes to determine how cryptography will be deployed throughout society, including the development of infrastructures to support electronic commerce and network use of copyrighted materials. More openness would build trust and confidence in government operations and leadership and allow for public consensus-building. OTA examines and offers policy options for congressional consideration in three areas: 1) cryptography policy, including federal information processing standards and export controls; 2) guidance on safeguarding unclassified information in federal agencies; and 3) legal issues and information security, including electronic commerce, privacy, and intellectual property. Requesters for the report are the Senate Committee on Governmental Affairs and the House Subcommittee on Telecommunications and Finance. OTA is a nonpartisan analytical agency that serves the U.S. Congress. Its purpose is to aid Congress with the complex and often highly technical issues that increasingly affect our society. *************************** * CONGRESSIONAL COMMENT * *************************** Senator John Glenn (D-OH) Chairman, Senate Committee on Governmental Affairs: "In the new electronic age, we are relying more and more on information technology to streamline government, educate our children, make health care more accessible and affordable, and make our businesses more productive and competitive. This rush to embrace a new age of technology must not, however, obscure our ongoing responsibility to protect important information and maintain the personal privacy of citizens. "Because we need policies and practices to match the reality of this new age, I joined with Senator Roth in asking the Office of Technology Assessment (OTA) to study security and privacy issues in the network environment. I am very happy to say that OTA's report provides an excellent summary of these issues. More importantly, OTA spells out clear steps that Congress and the Executive Branch should consider if we are to develop policies and practices equal to the task of providing security and privacy protections in an increasingly networked world. "The Senate Committee on Governmental Affairs, which I chair has already rung warning bells in this area. Our oversight of agency operations has uncovered threats to security and privacy as diverse as foreigners hacking into Department of Defense computers and IRS employees browsing through computerized taxpayer records. We must recognize that new technologies, particularly the development of computer networks, are leapfrogging security and privacy controls designed for a simpler time. Policies and practices for managing paper file cabinets simply are no match for the instantaneous world-wide flow of data through computer networks. "Addressing the needs of this new world demands that we find fair balancing points among often competing imperatives for personal privacy, law enforcement, national security, governmental efficiency, and economic competitiveness. OTA's very insightful report highlights the need for the development of new security and privacy controls, which should be done openly, with thorough debate and public accountability. Therefore, in the next Congress, this Committee will continue its oversight of agency operations and will pursue legislation to ensure that government agencies handle data from citizens and businesses responsibly, and that government employees entrusted with maintaining security are held accountable for breaches or misuse of their responsibilities. "I commend the Office of Technology Assessment for its timely and very insightful contribution to the development of policies and practices that can match the realities of the emerging electronic information age." Senator William V. Roth, Jr. (R-DE), Ranking Republican, Senate Committee on Governmental Affairs: "Since 1988, computer network security breaches have grown dramatically, increasing 50% per year on the Internet --today's information highway. The ability of the government to protect Americans' most private information is at stake. For example, the Internal Revenue Service is among those agencies who rely increasingly on computer networks for such things as filing tax returns. Anyone who pays federal taxes has to wonder who might be browsing through their personal financial data. "We need to recognize the potential danger and act accordingly. Last year, I asked the Office of Technology Assessment to look at such problems and recommend changes. Its report highlights how today's government institutions are poorly structured to deal with information security. Moreover, the report underscores the fact that much more work must be done. I intend to pursue hearings on the report and amendments to the Computer Security Act." *********************************************************** HOW TO OBTAIN THIS REPORT *********************************************************** ORDERING INFORMATION: For copies of the 252-page report "Information Security and Privacy in Network Environments" for congressional use, please call (202) 224-9241. Copies for noncongressional use are available from the Superintendent of Documents for $16.00 each. To order, call (202) 512-0132 (GPO's main bookstore) or (202) 512-1800 and indicate stock number 052-003-01387-8. Or you can send your check or your VISA or MasterCard number and expiration date to Superintendent of Documents, P.O. Box 371954, Pittsburgh, PA 15250-7974 , [FAX (202) 512-2250]. Federal Express service is available for an additional $8.50 per order. For free 8-page summaries, please call (202) 224-8996 or e-mail ELECTRONIC ACCESS: The full report is available electronically. To download via ftp from OTA, use the following procedures: ftp to ( Login as anonymous. Password is your e-mail address. The files are located in /pub/ and the file names and sizes are: 01README.TXT (3K) 02ORDER.INFO.TXT (4K) FOREWORD.TXT (3K) ADVISORY.PANEL.TXT (3K) STAFF.TXT (1K) TOC.TXT (2K) CH1.TXT (93K) CH2.TXT (169) CH3.TXT (172K) CH4.TXT (299K) APPC.TXT (36K) APPD.TXT (3K) APPE.TXT (4K) Appendix A--Congressional Letters of Request and Appendix B--Computer Security Act and Related Documents--are not available electronically. *********************************************************** Martha Dexter Director, Information Management Office of Technology Assessment (202) 228-6233 ------------------------------ Date: Thu, 23 Oct 1994 22:51:01 CDT From: CuD Moderators Subject: File 5--Cu Digest Header Information (unchanged since 23 Oct 1994) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 In BELGIUM: Virtual Access BBS: + (ringdown) UNITED STATES: ( in /pub/CuD/ ( in /pub/Publications/CuD/ ( in /pub/eff/cud/ in /src/wuarchive/doc/EFF/Publications/CuD/ in /pub/wuarchive/doc/EFF/Publications/CuD/ in /doc/EFF/Publications/CuD/ EUROPE: in pub/doc/cud/ (Finland) in pub/cud/ (United Kingdom) JAPAN: /mirror/ The most recent issues of CuD can be obtained from the NIU Sociology gopher at: (navigate to the "acad depts;" "liberal arts;" "sociology" menus, and it'll be in CuDs. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #6.93 ************************************


E-Mail Fredric L. Rice / The Skeptic Tank