Computer underground Digest Sun May 3, 1998 Volume 10 : Issue 28 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Field Agent Extraordinaire: David Smith Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #10.28 (Sun, May 3, 1998) File 1--Critical information about the "Church" of Scientology File 2--Re: How to tag PhotoCopiers (CuD 10.25) File 3--REVIEW: "Overdrive: Bill Gates and the Race to Control Cyberspac File 4--Library Internet Filters Held to High Free Speech Test File 5--Islands in the Clickstream. Humanity Morphing. May 2, 1998 File 6--Re: Cu Digest, #10.25, Wed 22 Apr 98 File 7--RE: Cu Digest, #10.25, Wed 22 Apr 98 File 8--Re: technical solutions to spam problem File 9--India's INSAT hacked File 10--Cu Digest Header Info (unchanged since 25 Apr, 1998) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Tue, 28 Apr 1998 16:37:52 -0600 From: toy.boat@MAILEXCITE.COM Subject: File 1--Critical information about the "Church" of Scientology Check out these sites for more critical information on Scientology: Watch the Xemu Cartoon: http://www.xs4all.nl/~xemu/xemurams/ Visit Xemu's Home Page: http://www.xs4all.nl/~xemu/index2.html Also the incomparable Operation Clambake: http://www.xenu.net/ The TRUE story of Hubbard: http://www.primenet.com/~lippard/bfm/ Hubbard's "No Christ": http://www.xs4all.nl/~xemu/rams/Nochrist.ram The famous Xenu flyer: http://www.xs4all.nl/~xemu/flyers/Xemu.html FACTnet http://www.factnet.org LermaNet http://www.lermanet.com American Family Foundation http://www.csj.org ------------------------------ Date: Mon, 27 Apr 1998 22:46:53 +0200 (MET DST) From: Ulrich Mayring Subject: File 2--Re: How to tag PhotoCopiers (CuD 10.25) In cu-digest 10.25 someone wondered how the tagging of, for example, color copiers could be done unobstrusively. The way Canon does it is that they print a serial number in a very light yellow on the page. This is invisible to the human eye, but can be read with special scanners. ------------------------------ Date: Tue, 21 Apr 1998 15:42:35 -0800 From: "Rob Slade" Subject: File 3--REVIEW: "Overdrive: Bill Gates and the Race to Control Cyberspac BKOVRDRV.RVW 980220 "Overdrive: Bill Gates and the Race to Control Cyberspace", James Wallace, 1997, 0-471-18041-6, U$24.95/C$34.95/UK#16.99 %A James Wallace %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1997 %G 0-471-18041-6 %I Wiley %O U$24.95/C$34.95/UK#16.99 416-236-4433 lwhiting@jwiley.com %P 307 p. %T "Overdrive: Bill Gates and the Race to Control Cyberspace" Although it occasionally refers to earlier episodes, the book concentrates on Gates, and Microsoft, from 1992 (where "Hard Drive", [cf. BKHRDDRV.RVW] left off) until 1996. Since this period of the company's existence was marked by lawsuits and investigations by the US Federal Trade Commission and Justice Department, it is very timely as a backgrounder to the current legal woes at Microsoft. The book covers a lot of ground, moving from topic to topic in a logically connected style that makes the reading flow easily. The stories are very personal, in that they trace friendships and enmity across companies, products, people, and events. A number of the stories are a kind of trivia filler, developed in a paragraph and never heard from again. There are also some journalistic discoveries about the world's richest man. It makes for an interesting read, although sometimes the reader gets caught in an analysis of whether this item is important or not. Most of the time the text is quite authoritative, faltering mostly when the author is probably being most careful, such as when there are conflicting accounts of the involvement of a given individual in a given incident. Wallace's work is well-researched and witty, but not always technically informed. The Internet is half of the subject of the book, and yet Wallace seems unaware of the explosive growth the Internet enjoyed even before the availability of the World Wide Web. Also, Tim Berners-Lee did not just invent HTML (HyperText Markup Language): arguably his larger contribution was the HTTP (HyperText Transfer Protocol) specification which governs the interaction between Web browsers and clients, allowing HTML to function. Once again, this lack of accuracy in detail will raise flags in the technical reader as to the veracity of other parts of the account. Those who know something of the history of personal computers, however, will find sufficiently faithful retailing of other occurrences to restore trust. copyright Robert M. Slade, 1998 BKOVRDRV.RVW 980220 ------------------------------ Date: Thu, 23 Apr 1998 17:16:07 -0400 From: "EPIC-News List" Subject: File 4--Library Internet Filters Held to High Free Speech Test Source: EPIC Volume 5.05 April 23, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ *** 1998 EPIC Cryptography and Privacy Conference *** http://www.epic.org/events/crypto98/ ======================================================================= [3] Library Internet Filters Held to High Free Speech Test ======================================================================= In the first court ruling on the use of Internet filtering software in libraries, a federal judge on April 7 rejected a motion to dismiss a lawsuit challenging the use of filters in public libraries in Loudoun County, Virginia. In a 36-page decision, U.S. District Judge Leonie M. Brinkema held that "the Library Board may not adopt and enforce content-based restrictions on access to protected Internet speech" unless it meets the highest level of constitutional scrutiny. Noting that public libraries are places of "freewheeling and independent inquiry," the court quoted extensively from Reno v. ACLU, the landmark Supreme Court decision on Internet free speech, and emphasized that the Court "analogized the Internet to a 'vast library including millions of readily available and indexed publications,' the content of which 'is as diverse as human thought.'" The Loudoun County decision comes as Congress is considering the Internet School Filtering Act, a bill that would require all public libraries and schools that receive federal funds for Internet access to install filtering and blocking software. The bill (S. 1619) has been approved by the Senate Commerce Committee and could reach the Senate floor as early as mid-May. Efforts are underway to revise the bill to provide for Internet education programs and acceptable use policies as more effective (and constitutional) alternatives to mandatory filtering. Information on Internet filtering, including the text of the Loudoun County decision, is available at the Internet Free Expression Alliance website: http://www.ifea.net ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ------------------------------ Date: Sat, 02 May 1998 12:58:43 -0500 From: Richard Thieme Subject: File 5--Islands in the Clickstream. Humanity Morphing. May 2, 1998 Islands in the Clickstream: Humanity Morphing A funny thing happened on the way to the grave: It disappeared. But first, as they say, a word from our sponsor. The primitive brain that has helped us survive does not easily release its grip. As much as we like to think that we live in the outer domain of our brains, we snap back into the reptile stem whenever we think we're threatened. Then we react to things that look or sound like other things as if they ARE those other things. I guess looking silly when you run from a car backfiring is better than dying the one time in a hundred the bang is really a gunshot. After a threat, it takes most brains a few hours to get back up to "flow" level and lose themselves again in the pleasures of creativity and selflessness. Reality has a way of interfering with our higher pursuits, and the brain thinks it knows which things to put first. Labeling or categorizing is one of those things. Labeling must have great survival value, must save time and energy, must not cost us much in the long run. After years of confronting black-and-white thinking, now I feel it's often a waste of time to suggest a more subtle interpretation. I used to think education would change all that, but sometimes I think education just makes our prejudices more subtle. The experience of living in the digital world will probably not percolate soon to that deeper reptilian brain that has, after all, our best interests at heart, even when we disagree with its conclusions. Life in the digital world is interactive, fluid, modular. When I first used the word "morph" in speeches, I asked who knew what it meant. A few hands went up, then more and more. Now most folks seem to know that images can change from one thing into another. But they change through stages, and that's important. As a metaphor of how individuals and organizations adapt to changing conditions, it's critical to know that we move from phase to phase, not all at once. Grandmother does not turn willy-nilly into a wolf. Grandmother turns into a gray grandmother, than a gray hairy grandmother, then a gray hairy grandmother with fearsome teeth, then a wolf. A young man from an evangelical Christian seminary asked to interview me for a project. His task was to talk to "others" so he knew how they thought. He had logged a Unitarian, a rabbi, and a Jew-for-Jesus when he came to me. He was genuinely interested in how I had morphed through careers and different religions. "What should I call you?" he said. "What are you now?" "I guess, as the Buddhists say, I am 'not this, not that.' I'm in process. I like to think of myself as open to possibilities." His pen halted on the pad and his consternation showed. Without a label, what was he to do? And what are we to do with reality itself, particularly when our interaction with the digital world (we are embedded in our time, after all, our historical context is the matrix of meanings with which we must wrestle) teaches us that life is fluid, interactive, and modular, and that ultimately there is only the light of our monitors momentarily illuminating pixels that we gestalt into symbols that seem so real? A friend recently criticized evolution, which for all its flaws as a Theory of Everything still seems to have some useful insights. A creationist, she spoke about species as if they were real things, rather than categories we invented. Taxonomy is an addiction, like the classification of knowledge itself. We need a map, but we know the map is not the territory. We know the territory intuitively by the immediacy with which it presses against us as we walk, alive and responsive and aware. Hard to maintain our moorings, when everything is going through the looking-glass. Intellectual property, a category invented in the past few hundred years, is as blurred as a headline in the rain. The "protean" self celebrated by some and described ruefully by others is morphing along: we can choose careers and grow into others, we can choose partners and grow into others, we can choose identities and grow into others, and even our illusory self can watch with amusement or anxiety as it creates and discovers various personae as vehicles for being in the world. Hemingway disdained adjectives because they diluted the aesthetic experience he intended to create. These days, we might be more in tune with Jorge Luis Borges who wrote about a culture that used verbs and adverbs to describe its perceptual world. Everything moved, nothing stayed slotted, and the world was a blur of temporary states. It is not news that this is how it is, but it is news that we can't withdraw easily as we did in the past into a consensus that the fixed and rigid categories of our minds, from religion to science to metaphysics, are "real." They're a way our primitive brains need to know, a modality good for survival. Oversimplification gets our feet (and our mouths) moving fast when there's danger or perceived danger, but we use the word "flow" to denote that most highly prized state in which we lose ourselves and all illusory attachments to which that self is anchored. The energies of love, creativity and generosity flow outward into a world that accepts our contribution without comment, other than the reflexive joy we feel at knowing that our contribution and participation is a privilege and a gift. In a network or web, we exercise power by contributing and participating. Life, whatever it may be, looks in these digital days more like a network or web than anything else. There, in that web, we allow ourselves to be woven into something we don't have to know or control. And even the grave, as I said when I started, vanishes into thin air whenever we flow in that direction. ********************************************************************** Islands in the Clickstream is a weekly column written by Richard Thieme exploring social and cultural dimensions of computer technology. Comments are welcome. Feel free to pass along columns for personal use, retaining this signature file. If interested in (1) publishing columns online or in print, (2) giving a free subscription as a gift, or (3) distributing Islands to employees or over a network, email for details. To subscribe to Islands in the Clickstream, send email to rthieme@thiemeworks.com with the words "subscribe islands" in the body of the message. To unsubscribe, email with "unsubscribe islands" in the body of the message. Richard Thieme is a professional speaker, consultant, and writer focused on the impact of computer technology on individuals and organizations. Islands in the Clickstream (c) Richard Thieme, 1998. All rights reserved. ThiemeWorks on the Web: http://www.thiemeworks.com ThiemeWorks P. O. Box 17737 Milwaukee WI 53217-0737 414.351.2321 ------------------------------ From: "Leandro Asnaghi-Nicastro" Date: Mon, 27 Apr 1998 23:03:11 +0000 Subject: File 6--Re: Cu Digest, #10.25, Wed 22 Apr 98 On This Day, in the Year of Our Lord 26 Apr 98 at 17:09, thus spoke cu-digest@weber.ucsd.edu : Date--Mon, 20 Apr 1998 10:47:04 -0500 From--Neil Rickert Subject--Re--proposal of technical solutions to spam problem > The alternative would be like having a "big brother" or "post > office nanny" machine attached to your mailbox, which > automatically shreds mail if it does not begin with "Dear > person" and end with "Yours sincerely." We don't need such a > machine. Automated rejection of email on the basis of header > information is *evil*. What is needed is some sort of > authentication information, including an estimation of the > degree of trust to be placed in the purported origin of the > message. This information should be transported in the > envelope (separate from the message content and headers), so > that it can be dynamically updated as the mail is tranferred > between machines. I'm not sure about this spam problem really being a problem. I don't mean to sound as if I live in a different world, however spam for us has ceased to be a problem. Take for example my zine. We publish our e-mail address just about everywhere a spammer (or those automated programs that collect addresses) would look: usenet and webpages. Yet we receive no spam at all. The system is simple, and apparentely it blocks 99% of all spam. First of all the program checks if the domain name is valid. If the e-mail is sent by make@money.fast, the DNS will look the name up and obviously it will not resolve. The mail is rejected. Also, many places have domains especially designed to send spam, and these are simply banned. Yes, there are disadvantages to this system: first of all, we cannot get harrasing e-mails from someone who particularly hated us and used a fake address. The domain will not solve, we will not get the e-mail. Also, but I am not sure about this since we haven't received any complains about not replying to an e-mail, if a DNS server is down that can prove the validity of the site or no IP update has yet been performed and a valid DNS server does not resolve, that mail might get rejected as well. Of course, one could use both an anonymous re-mailer with a domain that resolves or use a real domain (like yourfriend@aol.com). We haven't gotten any of these (yet) but so far the outcome has been quite successful. Lastly, before I get chewed by some computer competent people, please forgive me. I know very little about computers and how they work in general, so I most likely said something that makes no sense (technically speaking). My apologies if that's the case. It seems however, that this system we have adopted works wonders. In over a year and a half of service with the zine, we have never received one single piece of spam, while our mailboxes are always full of reader's comments.. Thank you for your time and for the great service you provide with CuD. ------------------------------ Date: Tue, 28 Apr 1998 11:21:01 +1000 (GMT) From: Norman Widders Subject: File 7--RE: Cu Digest, #10.25, Wed 22 Apr 98 On Sun, 26 Apr 98 17:09 CDT Cu Digest (tk0jut2@mvs.cso.niu.edu) wrote: The IETF and current work have produced ESMTP which _is_ an extension of SMTP. It already has authentication. Its called Authenticated-SMTP and requires a valid username and password to be able to send email (if enabled) > If Vladimir wants to criticize, he should get to the heart of the > matter, which is the SMTP protocol. This protocol requires no > sender > authentication (other than a simple syntax check), and could not > easily be extended to prevent spam. Authenticated-SMTP means no more spam, no more faking email, once vendors begin implementing it and it sees widespread deployment. Netscape Messaging and Microsoft Exchange already support it, and a few months ago I informed the folks at sendmail.org about it also. ------------------------------ Date: Wed, 29 Apr 98 21:40:20 -0700 From: "Vladimir Z. Nuri" Subject: File 8--Re: technical solutions to spam problem Editor: In CuD #10.25, Neil Rickert responds to my post, "technical solutions to the spam problem" in #10.24. He writes that I have "misdiagnosed the problem" in referring to SendMail. I had a feeling the SendMail section would be the most controversial in the long essay. A reasonable disclaimer might have read, "none of this should be taken as criticism of SendMail, only as observations on its nature". Of course this would likely still not evade any "hard feelings" by anyone who has ever worked on it. SendMail represents perhaps many tens of thousands of man-hours of development time, and reflects this enormous labor in both depth of functionality and complexity. The nature of SendMail deserves virtually an entire essay. It comprises a very large and crucial part of Internet infrastructure. Yet it has been developed with the help of many volunteers. It seems paradoxical that something so valuable would have this degree of informality. Contrast it with say, a browser like Netscape, in which (at least for a time) there was enormous economic incentive to make it state-of-the-art. Or, consider internet routers. Such a powerful incentive and demand does not appear to be associated with SendMail, as evidenced by a rather gradual rate of new releases. Wired ran some recent headlines online in which it was announced that Eric Allman, chief maintainer of SendMail, had added some anti-spam features. So Rickert seems perhaps unaware of the fact that Allman sees SendMail as a legitimate place for anti-spam components in his denial that "it has very little to do with spam". Perhaps its design does not intentionally create spam, but spam is a clear consequence. Also, it is the obvious loci for any serious spam solutions. At the end of the essay I refer to qmail, being developed by D.Bernstein. (www.qmail.org). qmail has obviously been developed to make up for some of the weaknesses of Sendmail in performance and internal structure. That SendMail has weaknesses, or perhaps even (gasp) deficiencies, is not a novel observation on my part. It is certainly not an indictment of the maintainers. Many other rants on the subject can be found in the book, "The Unix Haters Handbook". The point of the "technical proposal" is not to attribute blame to some specific aspect of the Internet as responsible for spam. As the essay notes, it is a very nonlocal problem that resists local attempts at solving it. The essay proposes that it is not so much poor design that has led to it, but more like a lack of imagination so far. SendMail is unarguably one aspect of an environment that is highly conducive to spam. I was on an anti-spam mailing list, and the finger pointing seems even more shrill than in most places in the computer industry in which vendor A accuses vendor B, and vice versa ad nauseaum. Rickert states that the SMTP protocol "cannot easily be extended to prevent spam" via sender authentication. In fact, it is a tautology that no part of the internet can easily be extended. The standards are all in place, the software is already written! Even with the modernity of the Internet, there are already huge legacy systems in place. The essay seeks to make proposals that break this gridlock and stalemate. It is a matter of semantics and imagination where they are perceived to be applied: SendMail, SMTP, etc. It can be thought of as a new SMTP proposal, a new SendMail proposal, or neither. Politically, I'm not interested in how it is implemented, and neither, presumably, would the average user. That's what so maddening about the spam problem-- it's nobody's responsibility or jurisdiction in particular to fix it. We have a chicken-and-egg problem with many new internet standards. People will not write the software without the standards, but often the standards cannot be described without software models. Spam solutions seem to fall into this category particularly. Software to clean up spam would be something akin to a janitor's job-- highly necessary, but few would care to be involved. And this is not even to mention the often minimal economic incentives to create the software. I tend to agree with Rickert's description of the internet as starting out with tighter, trusted core of machines that were more carefully guarded. Rickert proposes a new "central core of trustworthy machines", calling it "the best solution". Actually within the SRN (self regulated network) proposal there is much reference to creating virtual networks of trusted machines based on the SRN protocols. But it doesn't insist on a "master core"-- it considers that any number of different cores might evolve with varying degrees of self-regulation by members. Generally, I would disagree with Rickert that a single central core is palatable or even possible. Mr. Rickert melodramatically sets up a hollow straw man in suggesting that a sendmail that could reject email based on header information would inevitably lead to a "big brother" or "post office nanny" type system. The essay clearly suggested that this header information could contain authentication controls, precisely in a manner similar to what Rickert himself proposes. The essay also mentioned digital cash being contained in a header. Whether the information is traded "out of band" within the protocol or within the message is a somewhat insignificant design consideration. The hard part is setting up the overall protocol, system, and infrastructure. "Automated rejection of email on the basis of header information is *evil*" quoth Mr. Rickert. A rather dogmatic pronouncement. The idea of the essay was that the header information could contain authentication information. I agree with what Mr. Rickert seems to be trying to say, that any arbitrary rejection of email based on elements that are easily forged would obviously be disastrous. What are the odds that SRN type systems will evolve in the future? I am both optimistic and pessimistic. As the essay notes, to a large degree they already exist in informal mechanisms and procedures now being practiced in cyberspace as we know it. Whether they can be elegantly embodied or that anyone cares to do so are huge hurdles. I think that spam will over time increasingly threaten the current viability and practicality of internet email without any new measures. ------------------------------ Date: Tue, 28 Apr 1998 11:06:30 -0700 From: Jeremy Lassen Subject: File 9--India's INSAT hacked Space Age Publishing's India correspondent B. R. Rao reports that "hackers" have succeeded in stealing transponder time on board India's domestic communications satellite, INSAT. The Network Ops. Control Center(NOCC)of India's Dept. of Telecommunications is "...in the process of identifying the culprits". The director of NOCC confirms that a reward has been offered to anyone who can provide information that helps identify the culprits. Reports indicate the NOCC is aware that "...anybody in possession of the technical details of INSAT and its frequency ranges can at regular intervals tap into its transponders and transmit data free across the globe." I know this is rather vague, but I hadn't read about this anywhere else, and thought that the CUD's readers might find it interesting. Anybody need some transponders time? :) ------------------------------ Date: Thu, 25 Apr 1998 22:51:01 CST From: CuD Moderators Subject: File 10--Cu Digest Header Info (unchanged since 25 Apr, 1998) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) CuD is readily accessible from the Net: UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #10.28 ************************************