Computer underground Digest Sun Aug 27, 1995 Volume 7 : Issue 70 ISSN 1004-042X Editors: J

Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

Computer underground Digest Sun Aug 27, 1995 Volume 7 : Issue 70 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson CONTENTS, #7.70 (Sun, Aug 27, 1995) File 1--Church of Scientology Sues Washington Post File 2--Comments on Beverly LaHaye Live File 3--Security Mailing Lists File 4--Cu Digest Header Info (unchanged since 19 Apr, 1995) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 28 Aug 1995 11:13:43 CDT From: CuD Moderators Subject: File 1--Church of Scientology Sues Washington Post ((MODERATORS' NOTE: The Church of Scientology has recently been accused of intimidating critics, cancelling posts, engaging in "litigation terrorism," and other alleged actions designed to silence critics. Discussion of these issues proliferates on Usenet's alt.religion.scientology. Links to homepages providing additional details of allegations against CoS can be found on CuD's homepage ( Careful readers will note that the wording of the following release is less objective than the style makes it seem)) Date--22 Aug 1995 14:26:09 -0700 (Andrew Milne) Subject--WASHINGTON POST SUED FOR VIOLATING SCIENTOLOGY COPYRIGHTS ============================================================= August 22, 1995 NEWS RELEASE CONTACT: LEISA GOODMAN OR EARLE COOLEY (202) 667-6404 WASHINGTON POST SUED FOR VIOLATING SCIENTOLOGY COPYRIGHTS Subject--WASHINGTON POST SUED FOR VIOLATING SCIENTOLOGY COPYRIGHTS Date: 22 Aug 1995 14:26:09 -0700 August 22, 1995 NEWS RELEASE CONTACT: LEISA GOODMAN OR EARLE COOLEY (202) 667-6404 WASHINGTON POST SUED FOR VIOLATING SCIENTOLOGY COPYRIGHTS The Washington Post and two of its reporters were sued today in the U.S. District Court for the Eastern District of Virginia by the Religious Technology Center (RTC), holders of the intellectual property rights of the Scientology religion. According to the lawsuit, the Washington Post and its writers have engaged in "extensive, intentional copyright infringement and trade secrets misappropriattion, targeting confidential Scientology scriptures belonging to RTC." Judge Leonie Brinkema of the U.S. District Court in Alexandria, due to the urgent nature of the matter, scheduled an August 25 hearing on the temporary restraining order and impoundment application to get the Washington Post to turn over the misappropriated documents. The lawsuit is an amendment of a complaint that was filed on August 11 against an Arlington man, Arnaldo Lerma, and his Internet access provider Digital Gateway Systems, for copyright and trade secrets infringement. According to Boston lawyer Earle C. Cooley, who represents Religious Technology Center, the newspaper and their two reporters, Richard Leiby and Marc Fisher, were added to the lawsuit because they engaged in their own direct infringements of plaintiff's copyright interests and misappropriation of plaintiff's trade secrets, while at the same time aiding, supporting, encouraging, and facilitating blatant acts of infringement and misappropriation by Lerma. The day after the lawsuit was filed, on August 12, a search and seizure order by Judge Brinkema was carried out at Lerma's home by Federal Marshals and computer software, hardware and documents were confiscated. Church lawyers report that they were able to establish that Lerma lied because, contrary to his assertions that computer discs had been purged of any stolen materials, their electronic experts have already found 63 copyright items among the seized material. The new lawsuit reveals that Lerma sent the protected materials to Leiby when he was put on notice by the Church to stop violating its copyright and trade secret rights. The Church now charges that this was done in an attempt to obstruct justice by concealing the stolen copies from lawful seizure. The suit claims the existence of evidence which shows that Richard Leiby choreographed and instigated Lerma's illegal conduct for his own campaign of harassment against the Scientology religion. According to the lawsuit, Leiby's campaign dates back more than 15 years. Church spokeswoman Leisa Goodman said "The Washington Post and Mr. Leiby violated fundamental journalistic integrity by conspiring with lawless elements on the Internet to harm the religion of Scientology." Once the Church became aware that its materials were in the possession of Richard Leiby, it demanded their immediate return. Leiby and the Washington Post handed the stolen copies over to RTC's lawyers last week on August 15. However, "the return of the materials, a seeming display of good faith, was an utter ruse", the complaint states. "At the same time that the materials were being returned to the Church in Washington, Leiby, Fisher and the Post were getting copies of the same stolen records from the clerk's file in LA where litigation was pending regarding the sealing of such materials. A Post reporter persuaded the clerk's office to take the documents away from a Church employee who had checked out the file, to make copies for the Post," the complaint continues. The Church reacted with an emergency motion to the judge on the case in Los Angeles, who immediately ordered the entire case file sealed on August 15, when he was told that the Washington Post had obtained a copy of the copyrighted and trade secret materials. According to the lawsuit, the Church immediately demanded the materials back and also put the post on notice "that its actions could not remotely be deemed news gathering, but rather constituted wholesale copying of a large amount of copyrighted trade secret information in an attempt to sanitize the illicit acquisition of infringing documents which Leiby and the Post concealed on Lerma's behalf." Church spokeswoman Goodman discounted the notion that any free speech or fair-use issues were involved. "Violators of copyright and trade secret laws traditionally try to hide behind free speech or fair-use claims. The Church is a strong proponent of free speech and fair-use. It publishes its own investigative magazine and cherishes the First Amendment. However, free speech or fair-use does not mean free theft and no one, the Washington Post included, has the right to cloak themselves in the First Amendment to break the law." Despite repeated warnings from Church lawyers, last Saturday the Washington Post published a lengthy article by Marc Fisher, which included quotes from the copyrighted, trade secret materials. "Prior to publication of the article, the defendants were placed on notice that their actions would constitute a violation of plaintiff's rights," said Goodman. "The Post made a serious mistake," RTC's lawyer Earle C. Cooley contends, "in allowing themselves to be manipulated by a few maliciously motivated dissidents who want to use the Post to forward their religious hate campaign. The courts take these matters very seriously. The law is clear: If you are going to violate copyrights, you will have to answer for it in court. This applies to the Washington Post just as much as to anyone else." With this lawsuit, Religious Technology Center is asking the court to order the return of its documents by the Washington Post and grant a permanent injunction against the Post and the individual violators of its rights. It also seeks statutory damages and punitive damages. ------------------------------ Date: Fri, 25 Aug 1995 18:48:49 -0400 From: timk@CYBERCOM.NET(Tim King) Subject: File 2--Comments on Beverly LaHaye Live Not too long ago, there was posted a transcript of a particular Beverly LaHaye Live, a syndicated christian radio program. And as a conservative christian, I'd like to say, for the record, that the episode can be summed up in one word: "sensationalism." This sensationalism manifests itself thoughout in factual innaccuracies and ommissions, in misused emotionally-loaded language, and in a decidely lopsided approach. In the way of inaccuracies, Pat Truman, several times, fails to stress the legal difference between indecency and obscenity. He says that the Internet is "a highway, literally, from your computer to _every other computer in the world_." He says that if your computer isn't connected to the Internet, "your neighbor's computer probably is, your school computer is," making Net connections appear almost as common as telephones. He says that the Thomases of Amateur Action BBS were convicted of "putting pornography on the Internet," even though the Internet never came into their case. But the single pervasive element throughout was alarmism. The gist of the entire show can be interpreted: "The porn-meisters are coming. Everybody panic and lock your young ones in a closet." This, in my opinion, is simply not true. Beverly LaHaye opens by saying, "And thanks to the Information Superhighway, pornography could be invading your home without you even knowing it. The challenge for parents today is finding ways to keep their children from being exposed to these vulgar influences." I would re-word this: "The open environment of the Internet allows adult material, as well as non-adult material, to be freely circulated. Parents who want to place limits on what their children can access may find it a challenge." Phrased thusly, I would agree with the sentiment. It may be factually true that "pornography could be invading your home without you even knowing it." But the path of least resistence is still education rather than legislation. I must further disagree with the implication that the ignorance of parents is the fault of "the Information Superhighway." Is it not true that, no matter what controls are in place, it is the responsibility of parents to monitor their childrens' development? Moreover, I don't think that pornography is the only issue. The concern, broadly speaking, is that children will get ahold of adult material. But is it not the responsibility -- and the right -- of each child's parents to judge, as they see fit, what is or is not suitable for their kids? I would recommend consideration of some simple, common-sense steps. Take an interest in the email conversations your child has with others. Do you take an interest in your child's friends? Take an interest in his Internet aquaintances, too. Make sure your child understands a few rules: Don't tell anyone on the Internet your address, telephone number, or age. Don't agree to meet, in person, anyone you meet, electronically, on the Internet. And make sure to tell Mom or Dad if anyone says anything you're not comfortable with via email. And don't talk to, take candy from, or get into a car with a stranger. I would also suggest parents take a look at and . One suggestion Mr. Truman presents, which sounds like a good one to me, is to put the computer in the kitchen, in the den, or in the living room, where everybody can see it. Surely this will make a child think twice about actively seeking off-limits materials, and it will provide a way for the child's parents to keep an eye on him. Of course, Mr. Truman, true to form, can't leave well enough alone. He also suggests keeping the computer away from phone lines, "because this is all transacted by plugging your computer into a phone line. And every computer is equipped with that..." Even if the computer has a modem and it is plugged into the phone line, the child would have to (1) obtain and (2) install appropriate software and (3) learn how to use it. Additionally, he must (4) obtain an Internet account. It is unfathomable that a child could covertly connect to the Internet, not having previously been given all of what is needed to accomplish the task. I'm not trying to underestimate the concern this may still be for some parents, but these facts would probably have put some parents' minds at ease, had Mr. Truman cared to point them out. Pat Truman correctly points out the future for pornography is over the Internet. The future for civilization in general is over the Internet. Although I share his conviction concerning technology, however, I don't share his alarm. It is not surprising to me that extant materials and practices are being adapted to the Internet. The presence of pornography on the Internet is no more surpising than that of library card catalogs, gift baskets, and record shops. But Mr. Truman says, "I was shocked. I've been in the worst pornography shops in Manhattan, downtown New York, on investigations, and anything I saw there was available on the Internet... It's hard to believe that people would record sexual acts and put them on the Internet..." I don't know why he was shocked. Did he actually think that the Internet was a moral safe-haven, sheltered from humanity? Is he really _that_ naive? Is it really that hard to believe, knowing that people record sexual acts and put them on paper and video, that they would do the same over the Internet? I find Mr. Truman's reaction difficult to accept. Maybe he was disgusted, but not shocked. Nevertheless, far be it from me to try to second-guess his thoughts. If he says he was shocked... Well... He points to "a problem that is very much related to pornography, it's these obscene conversations that you can have - worldwide conversations, you can talk to someone... and have a _terrible_ conversation. There are no age limits. And, uh, it's all..." Uh, yeah. Uh... He never specifies to which "obscene conversations" he's referring. Nonetheless, how do "_terrible_" -- ~shiver~ -- "worldwide conversations" differentiate the Internet from the telephone? And if I want to talk dirty with my wife -- or with anyone else -- what does that have to do with pornography? For the concerns about children, see my comments above. Ms. LaHaye is concerned that the kids will "go over to Johnny's house to spend the afternoon, and Johnny's got a computer and knows how to enter all this, and here these two boys _play_ with this kind of _porn_!" And the same hypothetical Johnny probably has a Hustler magazine under his mattress. Now, my parents took care to be informed concerning my friends. They wanted to know where I was, what I was doing, and with whom I was doing it. Any parent who doesn't take the same care in raising their children has, at least partially, himself to blame for their friends' influence. Mr. Truman says, "You can buy software as a parent that will block this material... So these access providers now say, ... go buy something for 50 bucks... And my position is, ... _you_ provide the software..." This is a most naive view. Does Mr. Truman honestly think that, even if service providers were forced to provide blocking software, users would not be charged? I can just see the $50 installation fees, even for those user's that could rather go without. He says, "I had a high school librarian in Seattle, Washington call me the other day because she [used] the Internet Yellow Pages [to find the] US Government, Executive Branch, Clinton Cabinet. You dial that in, you get obscene work, after obscene work, after obscene work." Huh? Is this supposed to be some sort of a dumb political joke? But the one that took the cake, the most moving of all -- so moving, in fact, that I thought I would heave -- is the following sequence: "But the reason I criticized the Exon bill... is that he would give immunity from prosecution from the major pornography _profiteers_... The person who put [the porn] on the Internet didn't charge for it. But _Netcom_, or America OnLine, or these others, _will_ charge you... Some people spend hundreds and hundreds of dollars viewing it, and some of those people are children... the pornographer profiteers today are the people who give you access to the Internet... And they know that material's there, they know that's why thousands and thousands of people subscribe every month to their services, that is in order to get pornography. So the pornography profiteers today are the access providers, like Netcom, CompuServe, etc." Hundreds and hundreds of dollars? I think you need a new ISP. And some children spend this much? Don't their parents wonder about the bill? Thousands and thousands of people? Name six. And, by the way, since you have all of these nifty statistics at your fingertips, what percentage of all Internet users does that "thousands and thousands" represent? I most strongly contest the labelling of Internet service providers as "pornography profiteers." This is a most inaccurate description when applied to practially all, if not all, ISPs. There can be no excuse for the utterance of such ignorant and careless hogwash. ISPs charge for Internet access, not for pornography. From their perspective, if you choose to access pornography, that's your business. I don't know of any ISPs that don't charge the same rate regardless of whether one accesses Penthouse magazine or The Christian Coalition's Home Page. You guys, take a step back and stop making a mockery out of issues we -- christians, U.S. citizens, and conservatives -- hold dear. ------------------------------ Date: Thu, 24 Aug 1995 18:36:51 +1494730 (PDT) From: Christopher Klaus Subject: File 3--Security Mailing Lists This was put together to hopefully promote greater awareness of the security lists that already exist. Most security mailing lists have been only announced once and it was only word of mouth that it would acquire new members. This list should hopefully make the membership grow for each mailing list. If you know of any mailing lists that have been skipped, please e-mail with the info. The newest updates for this will be on This web site also contains info for the following security issues: Vendor security contacts Security Patches What to do if you are compromised Set up Anon ftp securely Sniffers attacks and solutions Security Mailing Lists The following FAQ is a comprehensive list of security mailing lists. These security mailing lists are important tools to network administrators, network security officers, security consultants, and anyone who needs to keep abreast of the most current security information available. General Security Lists * 8lgm (Eight Little Green Men) * Academic-Firewalls * Best of Security * Bugtraq * Computer Privacy Digest (CPD) * Computer Underground Digest (CuD) * Cypherpunks * Cypherpunks-Announce * Firewalls * Intruder Detection Systems * Phrack * PRIVACY Forum * Risks * Sneakers * Virus * Virus Alert Security Products * Tiger * TIS Firewallk Toolkit Vendors and Organizations * CERT * CIAC * HP * Sun ------------------------------------------------------------------------------- 8lgm (Eight Little Green Men) To join, send e-mail to and, in the text of your message (not the subject line), write: subscribe 8lgm-list Group of hackers that periodically post exploit scripts for various Unix bugs. ------------------------------------------------------------------------------- Academic Firewalls To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE Academic-Firewalls This is an unmoderated list maintained by Texas A&M University. Its purpose is to promote the discussion and use of firewalls and other security tools in an academic environment. It is complementary to the Firewalls list maintained by Brent Chapman (send subscription requests to Majordomo@GreatCircle.COM) which deals primarily with firewall issues in a commercial environment. Academic environments have different political structures, ethical issues, expectations of privacy and expectations of access. Many documented incidents of cracker intrusions have either originated at or passed through academic institutions. The security at most universities is notoriously lax or even in some cases completely absent. Most institutions don't use firewalls because they either don't care about their institution's security, they feel firewalls are not appropriate or practical, or they don't know the extent to which they are under attack from the Internet. At Texas A&M University we have been using a combination of a flexible packet filter, intrusion detection tools, and Unix security audit utilities for almost two years. We have found that simple firewalls combined with other tools are feasible in an academic environment. Hopefully the discussion on this list will begin to raise the awareness of other institutions also. ------------------------------------------------------------------------------- Best of Security To join, send e-mail to with the following in the body of the message: subscribe best-of-security REASONS FOR INCEPTION In order to compile the average security administrator it was found that the compiler had to parse a foreboding number of exceptionally noisy and semantically-content-free data sets. This led to exceptionally high load averages and a dramatic increase in core entropy. Further, the number, names and locations of this data appears to change on an almost daily basis; requiring tedious version control on the part of the mental maintainer. Best-of-Security is at present an un-moderated list. That may sound strange given our stated purpose of massive entropy reduction; but because best often equates with "vital" and the moderator doesn't have an MDA habit it is important that material sent to this list be delivered to its subscribers' in as minimal period of time as is (in)humanly possible. If you find *any* information from *any* source (including other mailinglists, newsgroups, conference notes, papers, etc) that fits into one of the acceptable categories described at the end of this document then you should *immediately* send it to "". Do not try and predict whether or not someone else will send the item in question to the list in the immediate future. Unless your on a time-delayed mail vector such as polled uucp or the item has already appeared on best-of-security, mail the info to the list! Even if it is a widely deployed peice of information such as a CERT advisory the proceeding argument still applies. If the information hasn't appeared on this list yet, then SEND IT. It is far better to run the risk of minor duplication in exchange for having the information out where it is needed than act conservatively about occasional doubling up on content. ------------------------------------------------------------------------------- Bugtraq To join, send e-mail to LISTSERV@NETSPACE.ORG and, in the text of your message (not the subject line), write: SUBSCRIBE BUGTRAQ This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vunerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: * Information on Unix related security holes/backdoors (past and present) * Exploit programs, scripts or detailed processes about the above * Patches, workarounds, fixes * Announcements, advisories or warnings * Ideas, future plans or current works dealing with Unix security * Information material regarding vendor contacts and procedures * Individual experiences in dealing with above vendors or security organizations * Incident advisories or informational reporting ------------------------------------------------------------------------------- Computer Privacy Digest To join, send e-mail to and, in the text of your message (not the subject line), write: subscribe cpd The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. ------------------------------------------------------------------------------- Computer Underground Digest To join, send e-mail to LISTSERV@VMD.CSO.UIUC.EDU and, in the text of your message (not the subject line), write: SUB CUDIGEST CuD is available as a Usenet newsgroup: Covers many issues of the computer underground. ------------------------------------------------------------------------------- Cypherpunks To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE cypherpunks The cypherpunks list is a forum for discussing personal defenses for privacy in the digital domain. It is a high volume mailing list. ------------------------------------------------------------------------------- Cypherpunks Announce To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE cypherpunks-announce There is an announcements list which is moderated and has low volume. Announcements for physical cypherpunks meetings, new software and important developments will be posted there. ------------------------------------------------------------------------------- Firewalls To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE firewalls Useful information regarding firewalls and how to implement them for security. This list is for discussions of Internet "firewall" security systems and related issues. It is an outgrowth of the Firewalls BOF session at the Third UNIX Security Symposium in Baltimore on September 15, 1992. ------------------------------------------------------------------------------- Intrusion Detection Systems To join, send e-mail to with the following in the body of the message: subscribe ids The list is a forum for discussions on topics related to development of intrusion detection systems. Possible topics include: * techniques used to detect intruders in computer systems and computer networks * audit collection/filtering * subject profiling * knowledge based expert systems * fuzzy logic systems * neural networks * methods used by intruders (known intrusion scenarios) * cert advisories * scripts and tools used by hackers * computer system policies * universal intrusion detection system ------------------------------------------------------------------------------- Phrack To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE Phrack Phrack is a Hacker Magazine which deals with phreaking and hacking. ------------------------------------------------------------------------------- PRIVACY Forum To join, send e-mail to and, in the text of your message (not the subject line), write: information privacy The PRIVACY Forum is run by Lauren Weinstein. He manages it as a rather selectively moderated digest, somewhat akin to RISKS; it spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). ------------------------------------------------------------------------------- Risks To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE Risks is a digest that describes many of the technological risks that happen in today's environment. ------------------------------------------------------------------------------- Sneakers To join, send e-mail to majordomo@CS.YALE.EDU and, in the text of your message (not the subject line), write: SUBSCRIBE Sneakers The Sneakers mailing list is for discussion of LEGAL evaluations and experiments in testing various Internet "firewalls" and other TCP/IP network security products. * Vendors are welcome to post challenges to the Internet network security community * Internet users are welcome to post anecdotal experiences regarding (legally) testing the defenses of firewall and security products. * "Above board" organized and/or loosely organized wide area tiger teams (WATTs) can share information, report on their progress or eventual success here. There is a WWW page with instructions on un/subscribing as well as posting, and where notices and pointers to resources (especially if I set up an archive of this list) may be put up from time to time: ------------------------------------------------------------------------------- Virus To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE virus-l your-name It is an electronic mail discussion forum for sharing information and ideas about computer viruses, which is also distributed via the Usenet Netnews as comp.virus. Discussions should include (but not necessarily be limited to): current events (virus sightings), virus prevention (practical and theoretical), and virus related questions/answers. The list is moderated and digested. That means that any message coming in gets sent to me, the editor. I read through the messages and make sure that they adhere to the guidelines of the list (see below) and add them to the next digest. Weekly logs of digests are kept by the LISTSERV (see below for details on how to get them). For those interested in statistics, VIRUS-L is now up to about 2400 direct subscribers. Of those, approximately 10% are local redistribution accounts with an unknown number of readers. In addition, approximately 30,000-40,000 readers read comp.virus on the USENET. ------------------------------------------------------------------------------- Virus Alert To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE valert-l your-name What is VALERT-L? It is an electronic mail discussion forum for sharing urgent virus warnings among other computer users. Postings to VALERT-L are strictly limited to warnings about viruses (e.g., "We here at University/Company X just got hit by virus Y - what should we do?"). Followups to messages on VALERT-L should be done either by private e-mail or to VIRUS-L, a moderated, digested, virus discussion forum also available on this LISTSERV, LISTSERV@LEHIGH.EDU. Note that any message sent to VALERT-L will be cross-posted in the next VIRUS-L digest. To preserve the timely nature of such warnings and announcements, the list is moderated on demand (see posting instructions below for more information). What VALERT-L is *not*? A place to to anything other than announce virus infections or warn people about particular computer viruses (symptoms, type of machine which is vulnerable, etc.). ------------------------------------------------------------------------------- Security Products ------------------------------------------------------------------------------- Tiger To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE tiger Discussion list for the UNIX security audit tool TIGER This is the TIGER users mailling list. It is for: 1. Update announcements 2. Reporting bugs in TIGER. 3. Discussing new features for TIGER. 4. Discussing use of TIGER. 5. Discussing anything else about TIGER. What is TIGER? TIGER is a set of shell scripts, C code and configuration files which are used to perform a security audit on UNIX systems. The goals for TIGER are to make it very robust and easy to use. TIGER was originally developed for checking hosts at Texas A&M University following a break in in the Fall of 1992. The latest version of TIGER is always available from the directory In addition, updated digital signature files for new platforms and new security patches will be maintained in the directory: ------------------------------------------------------------------------------- TIS Firewall Toolkit To join, send e-mail to and, in the text of your message (not the subject line), write: SUBSCRIBE Discussion list for the TIS firewall toolkit ------------------------------------------------------------------------------- Vendors and Organizations ------------------------------------------------------------------------------- CERT (Computer Emergency Response Team) Advisory mailing list. To join, send e-mail to and, in the text of your message (not the subject line), write: I want to be on your mailing list. Past advisories and other information related to computer security are available for anonymous FTP from ( ------------------------------------------------------------------------------- The CIAC (Computer Incident Advisory Capability) of DoE CIAC has several self-subscribing mailing lists for electronic publications: 1. CIAC-BULLETIN for Advisories, highest priority - time critical information and Bulletins, important computer security information; 2. CIAC-NOTES for Notes, a collection of computer security articles; 3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI) software updates, new features, distribution and availability; 4. SPI-NOTES, for discussion of problems and solutions regarding the use of SPI products. To join, send e-mail to and, in the text of your message (not the subject line), write any of the following examples: subscribe ciac-bulletin LastName, FirstName PhoneNumber subscribe ciac-notes LastName, FirstName PhoneNumber subscribe spi-announce LastName, FirstName PhoneNumber subscribe spi-notes LastName, FirstName PhoneNumber e.g., subscribe ciac-notes O'Hara, Scarlett 404-555-1212 You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help. ------------------------------------------------------------------------------- HP, Hewlett Packard To join, send e-mail to and, in the text of your message (not the subject line), write: subscribe security_info The latest digest of new HP Security Bulletins will be distributed directly to your mailbox on a routine basis. ------------------------------------------------------------------------------- Sun Security Alert To join, send e-mail to and, in the subject of your message write: SUBSCRIBE CWS your-email-addr The message body should contain affiliation and contact information. ------------------------------------------------------------------------------- Copyright This paper is Copyright (c) 1995 by Christopher Klaus of Internet Security Systems, Inc. Permission is hereby granted to give away free copies electronically. You may distribute, transfer, or spread this paper electronically. You may not pretend that you wrote it. This copyright notice must be maintained in any copy made. If you wish to reprint the whole or any part of this paper in any other medium excluding electronic medium, please ask the author for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. Address of Author Please send suggestions, updates, and comments to: Christopher Klaus of Internet Security Systems, Inc. Internet Security Systems, Inc. Internet Security Systems, Inc, located in Atlanta, Ga., specializes in the developement of security scanning software tools. Its flagship product, Internet Scanner, is software that learns an organization's network and probes every device on that network for security holes. It is the most comprehensive "attack simulator" available, checking for over 100 security vulnerabilities. -- Christopher William Klaus Voice: (770)441-2531. Fax: (770)441-2431 Internet Security Systems, Inc. "Internet Scanner lets you find 2000 Miller Court West, Norcross, GA 30071 your network security holes Web: Email: before the hackers do." ------------------------------ Date: Sun, 19 Apr 1995 22:51:01 CDT From: CuD Moderators Subject: File 4--Cu Digest Header Info (unchanged since 19 Apr, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CUDIGEST Send it to LISTSERV@VMD.CSO.UIUC.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/ In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: ( in /pub/CuD/ ( in /pub/Publications/CuD/ ( in /pub/eff/cud/ in /src/wuarchive/doc/EFF/Publications/CuD/ in /doc/EFF/Publications/CuD/ EUROPE: in pub/doc/cud/ (Finland) in pub/cud/ (United Kingdom) JAPAN: The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #7.70 ************************************


E-Mail Fredric L. Rice / The Skeptic Tank