Computer underground Digest Wed Mar 10 1999 Volume 11 : Issue 16

Computer underground Digest    Wed 10 March, 1999   Volume 11 : Issue 16
                           ISSN  1004-042X

       Editor: Jim Thomas (
       News Editor: Gordon Meyer (
       Archivist: Brendan Kehoe
       Commie Radiator:   Etaion Shrdlu, Mssr.
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage:

CONTENTS, #11.16 (Wed, 10 Mar, 1999)

File 1--How to UNSUB from CuD
File 2--Islands in the Clickstream. Two Ways of Looking at a Network.
File 3--Cracking Tools Get Smarter (Telecom Digest Reprint)
File 4--EPIC Alert 6.04 - Intel ID Plan & upcoming legislation
File 5--"Hackers" Hack British Satellite?? Nah---
File 6--eBay Says It Is Under Investigation by U.S. (Excerpt)
File 7--1999 Privacy Intl Big Brother Awards USA Nominations
File 8--Y2K Watch
File 9--Microsoft Admits TO Hidden Software Code
File 10--Journalist Sentenced for Child Porn
File 11--Cu Digest Header Info (unchanged since 10 Jan, 1999)


Date: Wed, 10 Mar 99 17:15 CST
From: Cu Digest 
Subject: File 1--How to UNSUB from CuD

About once every few weeks, CuD editors receive demands from a
reader to be removed immediately, "or else!"

Readers sub themselves to an automated mailing list run as a
courtesy by a long-time reader. Subs are not done manually.

Because CuD editors do not run the list, have nothing to do with
the list, or otherwise sub or unsub people, there's nothing we
can do other than provide the unsubbing information.

To UNSUB, send the message:    UNSUB CU-DIGEST


TO CHANGE AN ADDRESS, unsub from CuD and then Resub.



Date: Thu, 04 Mar 1999 16:06:18 -0600
From: Richard Thieme 
Subject: File 2--Islands in the Clickstream. Two Ways of Looking at a Network.
    February 27, 1999

Islands in the Clickstream:
Two Ways of Looking at a Network

There are more than two, of course, but let's start with two.

A computer network can look like a collection of stand-alone machines, just
as humans in community can look like a collection of individuals benefiting
from economies of scale. It all depends on the POV from which you describe
the system, whether you notice the individual or the network. Without the
individual, nothing happens, but without the network, nothing persists. The
network organizes and stores information so it lasts a little longer than
the span of our short lives.

In all high-level systems, from religious systems to business systems,
symbols are stored and transmitted. Some are preserved through rituals,
some through records or narratives, some through one-on-one teaching. We
preserve them so they can be there like fruit ripening on trees so we can
eat them when we're hungry. Symbol systems are like complex intertwining
stairways in an Escher etching. Even symbols that have become stale or flat
through habitual use are time bombs that can suddenly explode and shock us
with visions of possibility beyond anything we had imagined.

Religious systems do not collect people who are virtuous or good. Religious
systems collect individual people who need a training program to become
more fully human beings.

Seen as individuals, we always start with self-interest. I learned growing
up in Chicago that we're all in it for ourselves. No other presupposition
seemed to work. The most exalted moral position dissolved when someone's ox
was gored. I learned that no one has the high moral ground, that we all
enter the arena of life, as Saul Alinksy said, with blood on our hands.

But who, as the caterpillar said to Alice, are we? Who is "us?"

I was talking with Steve Straus, a personal performance coach
( at a workshop sponsored by the National Speakers
Association. It was one of those hallway conversations that are the real
reason we go to those meetings. We were talking about "giving it away," as
this newsletter is sent to anyone who wants it. But we were talking about
more than turning a commodity into a loss leader. We were talking about how
things work.

"It reminds me of the saying," I said, "give and it will be given to you.
The more you participate or contribute, the more you experience a feedback
loop of incredible value."

Now, here are some of the presuppositions of my statement: that there is
something to give, that I have it, that I have, that I am an "I" and "I"
can own whatever it is that is given away. As if what we give when we
contribute to others is a "thing" we can possess.

That's the way the world looks when we think "we" are collections of
individuals, bounded by parameters, when what we see when we look into a
mirror is an edge, a boundary, a separateness.

"It's deeper than that," Steve said.

I don't remember his exact words, because as soon as I grasped what he
meant, my construction of reality dissolved into something else. But
although he used only a few words, I think he meant something like this:

When we participate in something larger than ourselves, we experience a
more complex truth about ourselves ... that the network really is the
computer, that humans are cells in a single body. That as Marvin Minsky
said, a person alone like a desktop computer unplugged from the network is
nearly useless, a brain in a bottle. A person who isn't connected to how
information and power flows in the network is like an abandoned infant
raised by wolves in a cave, unable to speak the dialect of the tribe.

Power in a network is not exercised by dominating or controlling. Power in
a network is exercised by contributing and participating.

So this is about more than managers morphing into coaches or organizational
structures flattening into branches on tall fractal trees. It's as if we
are staring at our image in that mirror, when suddenly the doorways of
perception are cleansed, and instead of seeing a hard-edge shape created by
eyes and minds designed to delimit a mass against a background, we see that
we are energy and information exchanged in a self-similar system. Our edges
blur, we see that the center is everywhere, the merely local focus of
everything that exists. We see that the monitor through which you read
these words is the stem of the leaf that you are on a single tree.

When we know this and live out of that knowledge, we become so integrated
with the flow of all things that we experience ourselves as part of it. We
are transformed then into what we always were. The desire to align
ourselves with what we know in those moments is not virtue, it is merely
self-interest, the only way we can be our real selves.

When we lose ourselves, we do find ourselves, we discover a deeper identity
as a dimension of something inexplicable, an "it" we can never master,
although we can master our willingness to be part of "it." Then feedback
loops load energy into the system until it ramps up into something entirely
else and transforms.

Networks manage packets of meaning. But the boundaries of those packets are
hackable, made up of arbitrary meanings themselves, meanings that flow.

So this is not about religion. Even religion is not about religion. True,
religions will evolve in cyberspace that are interactive, modular, and
fluid, but the essence of those digital religious systems will be what it
always was: to find appropriate forms for symbol-manipulating systems with
which we symbol-manipulating sentient beings can interact, so that when we
least expect it, the meaning of those symbols can ignite in our lives.

I think that's what Steve Straus meant when he said, "It's more than that."
But I'll never know. To grasp the meaning of those moments is to squeeze a
handful of water that drips away in the effort to keep it. As we, ourselves
like bright drops of water, slip into an ocean beyond our capacity to fathom.


Islands in the Clickstream is a weekly column written by
Richard Thieme exploring social and cultural dimensions
of computer technology. Comments are welcome.

Feel free to pass along columns for personal use, retaining this
signature file. If interested in (1) publishing columns
online or in print, (2) giving a free subscription as a gift, or
(3) distributing Islands to employees or over a network,
email for details.

To subscribe to Islands in the Clickstream, send email to with the words "subscribe islands" in the
body of the message. To unsubscribe, email with "unsubscribe
islands" in the body of the message.

Richard Thieme is a professional speaker, consultant, and writer
focused on the impact of computer technology on individuals and

Islands in the Clickstream (c) Richard Thieme, 1999. All rights reserved.

ThiemeWorks on the Web:

ThiemeWorks  P. O. Box 17737  Milwaukee WI 53217-0737  414.351.2321


Date: Fri, 5 Mar 1999 14:13:44 -0500 (EST)
Subject: File 3--Cracking Tools Get Smarter (Telecom Digest Reprint)

Source: TELECOM Digest     Fri, 5 Mar 99   Volume 19 : Issue 29

((MODERATORS' NOTE:  For those not familiar with Pat Townson's
TELECOM DIGEST, it's an exceptional resource.  From the header
of TcD:
   "TELECOM Digest is an electronic journal devoted mostly but
   not exclusively to telecommunications topics.  It is
   circulated anywhere there is email, in addition to various
   telecom forums on a variety of public service systems and
   networks including Compuserve and America On Line. It is also
   gatewayed to Usenet where it appears as the moderated
   newsgroup 'comp.dcom.telecom'. Subscriptions are available to
   qualified organizations and individual readers. Write and tell
   us how you qualify:
                    * * ======"  ))

Date--Thu, 4 Mar 1999 23:44:47 -0500
From--Monty Solomon 
Subject--Cracking Tools Get Smarter

Cracking Tools Get Smarter
by Chris Oakes
3:00 a.m.  3.Mar.99.PST

The cracker's screwdriver has become more of a Swiss Army knife, his
F-16 more of a stealth bomber.

With awe and alarm, security analysts have observed the capabilities
of Nmap, a network-scanning program that crackers are now using to
plot increasingly cunning attacks.

"Just before Christmas, we detected a new [network] scanning pattern
we'd never seen before," said John Green, a security expert on the
"Shadow" intrusion-detection team at the US Navy's Naval Surface Warfare
Center. "Other sites have seen the same activity. The problem was, no
one knew what was causing it."

Green made the remarks Tuesday in an online briefing hosted by the SANS
Institute, a nonprofit network-security research and education
organization. The group held the briefing to alert network
administrators of the alarming increase in the strategies of network

The culprit software prowling outside the doors of networks
participating in the study is Nmap, an existing software utility used
by administrators to analyze networks. In the hands of intruders,
security analysts discovered, Nmap is a potent tool for sniffing out
holes and network services that are ripe for attack.

The analysts didn't look for actual damage that was carried out.
Instead, they silently watched as various networks were scanned by
untraceable Nmap users.

"The intelligence that can be garnered using Nmap is extensive," Green
said. "Everything that the wily hacker needs to know about your system
is there."

Rather than feel in the dark to penetrate network "ports" at random,
Nmap allows intruders to perform much more precise assaults. The
implications are a bit unnerving for the network community. The tool
makes planning network intrusions more effective, while simultaneously
bringing this sophistication to a wider audience of crackers.

"It takes a lot of the brute force out of hacking," said Green. "It
allows [intruders] to map hosts and target systems that might be

And that should result in a higher success rate for attempted

"I think we're going to see more coordinated attacks. You can slowly
map an entire network, while not setting off your detection system,"
said software developer H. D. Moore, who debriefed network analysts at
the conference.

But Moore is part of the solution. He authored Nlog, software that
automatically logs activity at a network's ports and parlays it to a
database. Weekly checks of the database enable the user to tell if
someone is performing an Nmap analysis.

Nlog serves as a companion tool to Nmap. Just like intruders,
administrators can use Nmap to detect their own network weaknesses,
then plug the holes.

Prevention is the only defense, Green and Moore said. There is no
other known way to combat an Nmap-planned network attack.

"Right now it's basically a suffer-along scenario," Green said. But,
at least, Nmap lets administrators "know what the hackers know about

Copyright 1994-99 Wired Digital Inc. All rights reserved.


Date: Thu, 4 Mar 1999 16:13:44 -0500
From: "EPIC-News List" 
Subject: File 4--EPIC Alert 6.04 - Intel ID Plan & upcoming legislation

Source:   Volume 6.04	                          March 4, 1999

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

[1] Intel ID Plan Under Fire: Competitors Critical, Advocates Protest

Even in the face of continued public opposition and government
investigations, Intel announced plans to move forward with the
controversial Processor Serial Number at the Intel Developers Forum
last week. According to ZDNN, Michael Glancy, general manager of
Intel's platform security division, told developers to expect the chip
ID in all the company's products soon including Internet appliances and
portable devices based on Intel's StrongARM processor. Intel is also
working with several Australian content providers on developing web
sites that can only be accessed if the user releases the PSN.

Meanwhile, other chip manufacturers have declined to adopt the PSN.
Wired News reported that Brian Halla, CEO of National Semiconductor was
also dismissive of the PSN, "We personally think security belongs in
your wallet. It's personal, not a CPU-centric thing. It doesn't make
any sense to have an ID in information appliances." Advanced Micro
Designs (AMD), the major competitor of Intel has also not introduced a

Privacy groups wrote to the heads of socially responsible mutual funds
on February 26 asking that they divest Intel from their portfolios. Amy
Domini, president of the Domini Social Equity Fund, issued a prepared
statement: "We take the situation very seriously. Privacy on the
Internet is more than simply an issue of personal choice. Without
privacy our every political view, personal interest, contact of an old
friend or checking on the weather becomes trackable for uses ranging
from selling soap to monitoring segments of the population
 We have
begun our evaluation, and will include communication with Intel and
will make a decision once it is complete."

Meanwhile, a European Union recommendation, adopted in late February
and announced by EU Internal Market Commission Mario Monti indicates
that EU privacy officials will be looking more closely at Internet-
based identity schemes. The recommendation cites problems with Web
browsers and programming technologies, as well as 'cookies.'

More information on the PSN controversy is available at:

[7] EPIC Bill-Track: New Bills in Congress

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in
the 106th Congress

* Approved *

H.R. 438. Wireless Communications and Public Safety Act of 1999.
Mandates location information for cellular phones for 911. Limits use
of information. Sponsor Rep Shimkus, John (R-IL). Referred to the House
Committee on Commerce on 2/2/99. Subcommittee Hearings Held on 2/3/99.
Ordered to be Reported (Amended) by Voice Vote on 2/11/99. Measure
passed House, roll call #24 (415-2) on 2/24/99.

H.R. 514. Wireless Privacy Enhancement Act of 1999. Prohibits
interception of wireless communications, scanners. Sponsor Rep Wilson,
Heather. Referred to the Committee on Commerce. Referred to the House
Committee on Commerce on 2/2/99. Subcommittee Hearings Held on 2/3/99.
Ordered to be Reported (Amended) by Voice Vote on 2/11/99. Measure
passed House, roll call #28 (403-3) on 2/25/99.

* New House Bills *

H.R. 850. Security And Freedom through Encryption (SAFE) Act. Relaxes
export controls on encryption, prohibits mandatory key escrow, creates
criminal penalty for using crypto in a crime. Sponsor  Rep Goodlatte,
Bob (R-VA) 204 co-sponsors. Referred to the Committee on the Judiciary,
and in addition to the Committee on International Relations.

H.R. 852. Freedom to E-File Act. require the Department of Agriculture
to establish an electronic filing and retrieval system to enable the
public to file all required paperwork electronically with the
Department and to have access to public information on farm programs,
quarterly trade, economic, and production reports, and other similar
information. Sponsor  Rep LaHood, Ray. Referred to the House Committee
on Agriculture.

H.R. 896. Childrens' Internet Protection Act. Require the installation
and use by schools and libraries of a technology for filtering or
blocking material on the Internet on computers with Internet access to
be eligible to receive or retain universal service assistance. Sponsor
Rep Franks, Bob (R-NJ). Referred to the House Committee on Commerce.

* New Senate Bills *

S. 411. Clone Pager Authorization Act of 1999. Expands legal authority
to authorize broader use of clone pagers. Sponsor Sen DeWine, Michael
(R-OH). Referred to the Committee on Judiciary.

S. 466. American Financial Institutions Privacy Act of 1999. Prohibits
implementation of "Know your Customer" rules unless approved by Act of
Congress, requires study on privacy issues. Sponsor Jeffords, James
(R-VT). Referred to the Committee on Banking, Housing, and Urban

[8] Upcoming Conferences and Events

Access to Information: Strategies and Solutions. March 16, 1998.
Arlington, VA. Sponsored by the Freedom Forum and American Library

CYBERSPACE 1999: Crime, Criminal Justice and the Internet. March 29 &
30, 1999. York, UK. Sponsored by the British and Irish Legal Education
Technology Association (BILETA).

"Computers, Freedom and Privacy: The Global Internet," April 6-8, 1999.
Washington, DC. Sponsored by ACM. Early registration deadline: March
15. Online registration:

Encryption Controls Workshop. May 13, 1999. Raleigh, NC. Sponsored by
the U.S. Dep't of Commerce. Contact: (202) 482-6031

Cryptography & International Protection of Human Rights  (CIPHR'99).
August 9-13, 1999. Lake Balaton, Hungary. Contact:


Date:    Mon, 08 Mar 99 15:02 CST
From:    Cu Digest (
Subject: File 5--"Hackers" Hack British Satellite?? Nah---

The Chicago Tribune (1 March, 1999 p. 10) reported ia story from
the Sunday Business newspaper that "hackers" took control of "one
of Britain's military communications satellites and issued
blackmail threats."

        "The paper, quoting security sources, said the intruders
    altered the course of one of Britai's four satellites, which
    are used by defense planners and military sources around the

        The sources said the satellite's course was changed just
    over two weeks ago. The hackers then issued a blackmail
    threat, demanding money to stop interfering with the

A Tribune follow-up story (4 March, 1999 p. 7) reported that
Britain's Defense Ministry dismissed the story as untrue:

         "There is no basis to the story whatsoever," said a
    Defense Ministry spokesman. "It's not true."


Date: Sun, 7 Mar 1999 11:34:21 -0600 (CST)
From: Computer underground Digest 
Subject: File 6--eBay Says It Is Under Investigation by U.S. (Excerpt)

eBay Says It Is Under Investigation by U.S.
Associate Press: Tuesday, March 2, 1999


  The online auction site eBay, which has already gained the
attention of New York City consumer affairs officials, has said
that it is under federal investigation for "possible illegal

  On Monday, a spokesman for the Palo Alto, Calif., company
refused to offer details on the company's terse release about the
inquiry, which was issued on Friday.

  The eBay release said the company was "fully cooperating with
the inquiry." The spokesman, Kevin Pursglove, said on Monday that
he could not say if it would be a "day, a week, a month, a year,
or six years" until more information could be released on the

   Two weeks ago, eBay announced that it would ban the sale of
firearms on the site, effective this coming Friday. That move
came in response to a report that weapon sales, governed in the
offline world by a complex set of rules which differ from state
to state, were impossible to monitor in the geographically
boundless online community.

  Another online auction site, Auction Universe, said it had not
been contacted by federal authorities. The site is a division of
Classified Ventures, which is jointly owned by The New York Times
and seven other newspaper groups. In an interview on Monday,
Larry Schwartz, president and general manager of Auction
Universe, drew parallels between newspaper classifieds and online


Date: Sun, 7 Mar 1999 16:56:37 -0500
From: Privacy International 
Subject: File 7--1999 Privacy Intl Big Brother Awards USA Nominations

                  ********* CALL FOR NOMINATIONS *********


On April 6, 1999, the human rights group Privacy International will
present the first annual US "Big Brother" awards to the government and
private sector organizations which have done the most to invade personal
privacy in the United States.

The awards will be bestowed at an event during the 9th Computers, Freedom
and Privacy Conference in the Ballroom of the Omni Shoreham Hotel in
Washington, DC. "Big Brother" awards will be presented to the government
agencies, companies, individuals and initiatives which have done most to
invade personal privacy. A "lifetime achievement" award will also
be presented.

The judging panel, consisting of lawyers, academics, consultants,
journalists and civil liberties activists, are inviting nominations from
members of the public.

Awards will also be given to individuals and organizations that have made
an outstanding contribution to the protection of privacy.

The event will be the first of its kind in the United States. Privacy
International previously held a ceremony in the United Kingdom in October
1998. Awards were given in the UK to the NSA's spybase in northern
England, the Department of Trade and Industry's Key Escrow plan, the
township of Newham for its camera system with facial recognition,
Harlequin Corp for its WatCall software system to track phone calls, and
to Procurement Services International for exporting surveillance
equipment to such military regimes as Indonesia and Nigeria.

Privacy International (PI) was formed in 1990 as a non-government
watchdog on surveillance and privacy invasion. The organization has
campaigned throughout the world on dozens of issues ranging from identity
cards and encryption policy, to workplace surveillance and military
intelligence. PI's membership includes IT specialists, lawyers, judges
and journalists from forty countries. More information on PI can be
found at:

The awards page can be found at:

Nominations can be made directly from this site.

More information on CFP 99 can be located at:


Date: Fri, 5 Mar 1999 09:08:53 -0600
From: Frosty  
Subject: File 8--Y2K Watch

     We've put up a site to watch other Internet sites and networks
     as the year 2000 rolls around.  Connect anytime from the end
     of December 1999 to the beginning of January 2000 and find out
     which sites have dropped off the face of the Earth due to the
     Y2K issue.

     This is an interactive site and new sites are added as they get
     submitted.  If you feel your site is a good representation of
     your country then feel free to set yourself up to join.  We also
     accept mirror sites in each time zone.


Date: Mon, 8 Mar 1999 18:27:50 EST
Subject: File 9--Microsoft Admits TO Hidden Software Code


>From Chicago Tribune News Services.

   Microsoft Corp., whose software runs most of the world's
personal computers, admitted Sunday that its latest version of
Windows generates a unique serial number that partly is planted
within electronic documents and could be used to trace the
authors' identities.
   In a disclosure with enormous privacy implications, Microsoft
also said it is investigating whether it is collecting the serial
numbers from customers even if they explicitly indicate they
didn't want them disclosed.
   A programmer, Richard M. Smith of Brookline, Mass., noticed
last week that documents Smith created using Microsoft's popular
Word and Excel programs in tandem with the Windows 98 operating
system included within their hidden software code a number unique
to his computer.
   The 32-digit Windows number also appears in a log of
information transmitted to Microsoft when customers register
their copies of Windows 98, even if they say they don't want
details about their computers sent to the company.


Date: Mon, 8 Mar 1999 18:24:45 EST
Subject: File 10--Journalist Sentenced for Child Porn

Journalist Sentenced for Child Porn

.c The Associated Press
March 8, 1999


GREENBELT, Md. (AP) -- A journalist got 18 months in prison
Monday for distributing child pornography online, despite his
claim that he was doing research for a story on child molesters.

Larry Matthews, a National Public Radio producer who said he was
working on a free-lance magazine article, had pleaded guilty.

``I believe Mr. Matthews crossed the line,'' said U.S. District
Judge Alexander Williams Jr. ``I also believe that it was

Matthews is the first journalist prosecuted for accessing child
porn, according to the Reporters Committee for Freedom of the

Even before sentencing, Matthews' lawyers said they will appeal.


Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators 
Subject: File 11--Cu Digest Header Info (unchanged since 10 Jan, 1999)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup:

Or, to subscribe, send post with this in the "Subject:: line:

Send the message to:


The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
(NOTE: The address you unsub must correspond to your From: line)

CuD is readily accessible from the Net:
  UNITED STATES: ( in /pub/CuD/CuD
    Web-accessible from:
         ( in /pub/Publications/CuD/
         in /doc/EFF/Publications/CuD/
  EUROPE: in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.


End of Computer Underground Digest #11.16

<--">Return to the Cu Digest homepage

Page maintained by: Jim Thomas -