Computer underground Digest Sun Dec 4, 1994 Volume 6 : Issue 102 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Fruit-loop editor: Carnegie Melon CONTENTS, #6.102 (Sun, Dec 4, 1994) File 1--Amateur Action BBS Sysops Sentenced in Memphis (reprint) File 2--Re: EFF & Aerosmith Rock the Net - Update - Where/When/How File 3--Re: CPSR Discounted Members ("Why I'm not a Member") File 4--Correction on SlipKnot Info File 5--"Hacker Learns Intelligence Secrets" (Risks Reprint) File 6--"Computer Sleuths" nab 15-year old File 7--"Tekroids" episode of Tekwar and the perception of viri File 8--CALL for PAPERS: Communities in Cyberspace File 9--Cu Digest Header Information (unchanged since 25 Nov 1994) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. ---------------------------------------------------------------------- Date: Sat, 5 Dec 1995 18:34:51 CST From: Anonymous Subject: File 1--Amateur Action BBS Sysops Sentenced in Memphis (reprint) ((MODERATORS' NOTE: For more details on the Amateur Action BBS case, including discussion of why the case seems a gross abuse of law by Federal prosecutors, see CuDs 6.09, 6.33, 6.35, 6.37, 6.43, 6.53, 6.55, 6.56, 6.67 and 6.69)). Source: Chicago Tribune, Dec. 3, 1994 (p. 16) (Associated Press): A California couple drew sentences of at least 2 1/2 years in prison Friday for sending pornographic images via computer in a case that raised questions about how to apply obscenity law in cyberspace. The prosecution of Robert Thomas and his wife, Carleen, was the first obscenity case in which operators of a computer bulletin board were charged in the place where the material was received, rather than where it originated. The Thomases were found guilty in July of transmitting obscenity via interstate telephone lines. A postal inspector testified that he joined the bulletin board under a fake name and received the images in his computer in Memphis. ((Robert Thomas was sentenced to 37 (sic) months in prison, and Carleen received 30 months. Under federal sentencing rules, both must serve the full terms)) ((Judge Julia Gibbons said that the government can seize the couple's computers used to run AABBS. Thomas Nolan, the Thomases' lawyer, indicated that there will be an appeal)) Nolan said one of his appeal arguments would focus on the U.S. Supreme Court's 1973 ruling that defines obscenity by local community standards. Critics of the government's case say that with the advent of computer networks, which have no boundaries, the meaning of "local community" is debatable. ((The couple argued at the trial that they were prosecuted in Memphis because it was a conservative city and increased the chances of a conviction)) ------------------------------ Date: 2 Dec 1994 19:17:41 -0500 From: mech@eff.org (Stanton McCandlish) Subject: File 2--Re: EFF & Aerosmith Rock the Net - Update - Where/When/How UPDATED: Fixed some errors in CIS information - new number, removed "300 member seating limit" error, corrected EFF forum name (go effsig, not go eff), etc. EFF Presents the Aerosmith World Tour of Cyberspace! ==================================================== You can meet and talk with Steven Tyler and other members of Aerosmith, live online, from Dec. 4 through Dec. 7, 1994, at Prodigy, CompuServe, America On-Line, or any of a number of Internet sites. To participate in this first-time-ever event, log in to one of these online services, and proceed to the appropriate forum or virtual auditorium. If you've never done this before, you should contact the Customer Support department of the service you wish to use. For the help with the Internet event, contact your local system administrators. Note: This information will be periodically updated as necessary. You may wish to send another message to aerosmith@eff.org to get up-to-date information the day before or the day of the event. WARNING: You are strongly advised to connect with the online service you wish to use the day before the event, and become familar with the system. Even experienced users should arrive for the event at least 10-15 minutes early. If you have trouble getting through to customer support reps to become a new member of an online service, visit your local software store. Most such stores provide signup packages for all of these online services. Aerosmith, one of America's premier rock bands, has long supported freedom of expression and other civil liberties, and has become increasingly concerned with censorship in cyberspace. Aerosmith is teaming up with the Electronic Frontier Foundation to host a series of online appearances to benefit the Foundation and help spread awareness of civil liberties issues in the online world. The historic Internet event, linking multiple Internet 'MOO' services for the first time and providing the world's largest virtual realtime conference in history, is being coordinated by SenseMedia, sponsors of ChibaMOO, and many volunteer MOO programmers and admins. Additional sponsors and helpers include many staffers at CompuServe, Prodigy, and America Online, as well as Giant Merchandising, _Wired_ magazine, Apple, MusicLand, Electronic Frontiers Australia, and the EMI, Columbia and Geffen recording & media companies. When, Where and How to "get there" ================================== CompuServe (CIS) ---------------- Sun., Dec. 4, 1994 7pm-8pm (EST) in the CompuServe Auditorium How to get there: call your local CompuServe access number, and after login, enter "go aerosmith", either at the commandline, or by choosing the "go" menu option if you are using a graphical CompuServe program. This will take you to the Aerosmith menu, from which you can branch to the EFF forum, become a member of EFF, order limited edition t-shirts, go to the Recording Industry forum, or proceed directly to the Aerosmith event in the Auditorium. If you visit one of these areas, you need to do "go aerosmith" again to get back to this menu. To get copies of your autographed Aerosmith graphic, visit the RI file library ("go record"), and to download exclusive Aerosmith sound files see the EFF file library ("go effsig"). You must be a CompuServe member to attend. Contact CompuServe Customer Support at 1-800-524-3388 (ask for Representative # 548) Prodigy ------- Mon., Dec. 5, 1994 10pm-11pm (EST) in the Prodigy Chat Area How to get there: on the day of the show, just select the Aerosmith frontpage item. Before the day of the show, do a "Jump chat" (via the "J" button on your Prodigy program's toolbar at the bottom of the screen), to get more info on the event and visit the forum. You must be a Prodigy member to attend. If you are new at this: Login to Prodigy. Do Jump (with the J button) Plus. In the Plus service household member access, give yourself and any other of your household user IDs access to plus services. Log out. Log back in (to make the changes take effect.) Now Jump Chat. Since this is your first visit to the Chat forum, you have to select access control, give yourself and any other IDs you control (if you wish) access to the Chat forum. Then pick "Change Nickname" from the Chat menu. Pick a chat nickname. After this it would be a good idea to pick the new "Set-up Options" button that will appear on the Chat menu, pick your choices, then (again from the Chat menu) pick "About Chat" and read this help text. It is strongly advised that you do all of this, and test out the chat function the day *before* the event, so you are not caught up in this configuration process just before (or, worse yet, during) the event itself. If you are not the account holder (i.e. if your login ID does not end with "a"), then you will have to have the account holder configure this stuff for you. Once configuration is complete, you can proceed to the Aerosmith event by selecting the Chat menu's "Begin Chat" button, and then choosing the "General" area from the "Select an Area" list that will appear. "General" is where Aerosmith will be appearing. To order special limited edition Aerosmith/EFF t-shirts do a Jump (J button) to "Musicworks!" To become a member of EFF (and to take advantage of a 1/2 price offer on the t-shirts when you join EFF!), send email queries to Prodigy ID dnae43a (dnae43a@prodigy.com or membership@eff.org via internet email). If you'd like to order a shirt, or join EFF, right now, see the end of this document for a form! To get your autographed Aerosmith graphic, just click on it as it appears to download it. Contact Prodigy Customer Support at 1-800-776-3449. America Online (AOL) -------------------- Tue., Dec. 6, 1994 8:15pm-9pm (EST) in the AOL Coliseum Auditorium You must be an AOL member to attend. To participate, login, and enter Keyword: EFF (via the "Keyword" menu option). This takes you to the EFF forum. Here, you can get information on becoming a member of EFF and getting a limited edition Aerosmith/EFF t-shirt. From this forum, you can also go right to the Aersmith event in the AOL Coliseum. You can also participate in our online message forums, download files (including autographed band photos and Aerosmith sound samples, as well as EFF information files.) To get your autographed Aerosmith graphic and exclusive Aerosmith sound files, you can download them from the EFF file libaries (Keyword: EFF). Contact AOL Customer Support at 1-800-827-6364 Internet -------- Wed., Dec. 7, 1994 10pm-11pm (EST) This final event will be held simultaneously at a number of linked interactive online services called "MOOs". No membership or fees are required for attendance, but you must have a full (telnet-capable) Internet connection, which may involve fees from an Internet service provider. For information on finding Internet access in your area, contact the Internet Network Information Center at +1-619-455-4600 (fax: +1-619-455-4640, email: refdesk@is.internic.net). To reach one the MOOs, use a telnet client to log in to the MOO service, with a user ID of "aerosmith" (without the "quotes"). You'll be prompted for information such as an email address (at which you'll receive a band photo and other information) after you log in and are shown to the auditorium. The band photo will be emailed to you, to view later (or in another window). Door prize information will also be emailed to the winners. MOO services hosting the event ([name] - [telnet address] [port] - [notes]) BayMOO - telnet baymoo.sfsu.edu 9999 - San Francisco Bay Area, California ChibaMOO: The Sprawl - sprawl.sensemedia.net 7777 - Santa Cruz, California ChibaMOO: The World - world.sensemedia.net 1234 - Seattle, Washington ChibaMOO: Hyper - hyper.sensemedia.net 7777 - Sapporo, Japan ChibaMOO: Snow - snow.sensemedia.net 1234 - Australia dreaMOO - fiinix.metronet.com 8888 - Irving, Texas Metaverse - metaverse.io.com 7777 - Austin, Texas Many other MOOs will be participating. Send Internet email to aerosmith@eff.org nearer the day of the event for an updated list of participating MOO hosts. You can also attend the even via World Wide Web client software (such as Mosaic, Lynx, Netscape, Cello, etc.) A list of supporting Web hosts will also be added to the list that will be available from aerosmith@eff.org closer to the show date. Telnet users can also benefit from specialized MOO client software available at various FTP file archives if not already available on your host system. To get further updates on participating MOOs as they are added, use the 'finger' command to finger aerosmith@sensemedia.net. To connect to a MOO via telnet, do "telnet [address] [port]". Example: telnet world.sensemedia.net 7777 Non-commandline telnet programs will probably simply prompt you for a site and port number. To connect directly to a MOO via a WWW client, such as Mosaic, Netscape, Win/Mac Web, Lynx, or Cello, use the URL: "telnet://[site]:[port]". Example: lynx telnet://metaverse.io.com:7777 Non-commandline WWW browsers usually just prompt you for a URL. Graphical WWW participation, and email participation (for those without telnet capabilities) may also be possible. Send another message to aerosmith@eff.org closer to the event time for more information, which will be added to this document when available. *Please contact your Internet system administrators* or customer service representatives for assistance with attending the MOO events! That's what they're there for! If all else fails seek help on the following Usenet newsgroups (via a newsreader such as nn, rn, trn, tin or nuntius), as appropriate: alt.mud.moo, comp.infosystems.www.users, and/or news.newusers.questions - many more knowlegeable users will be happy to help you there. Contact Info ============ For more information on the Electronic Frontier Foundation, send any message to info@eff.org. Press contacts: Aerosmith - Wendy Laister, +1 213 655 4140 (US), +44 385 300069 (Europe) EFF - Shari Steele , 202-347-5400, fax: 202-393-5509 Orignal Press Release ===================== Aerosmith & EFF Rock the Net ---------------------------- Aerosmith Press Release America's premier rock band, Aerosmith, today announced details of a unique global event which will take the band across the information technology frontiers into new realms of Cyberspace. In what will be the first event of its kind, Aerosmith's history- making "Cyberspace Tour," scheduled to take place over four days (December 4 to 7 inclusive), will allow fans from all over the world to "speak" directly to the band via the four leading information service providers: CompuServe, Prodigy, America Online and the Internet. Never before has a band utilized four online services in this way, and never before have so many people been brought together at one time for an interactive gathering of this kind. Proceeds from the connect time charges and the sale of limited edition "Aerosmith Cyberspace Tour" T-shirts (specially designed in support of the event by graphic artists at Wired Magazine and manufactured by Giant Merchandising) will benefit the Electronic Frontier Foundation (EFF) -- a civil liberties organization dedicated to advancing free speech on the networks. In addition, Aerosmith has secured substantial cash donations for the Foundation from Geffen Records, EMI Music Publishing and Columbia Records. Founded in July 1990, over the past four years, the EFF has sponsored litigation and legislation to protect the privacy rights of computer users, to ensure that electronic publishers are treated equally under the law and to guarantee that all speech, no matter how controversial, has a forum where it can be heard. As committed supporters of both the First and Fourth Amendments, Aerosmith hopes to focus worldwide attention on these important issues through the instigation of this event. In addition to the opportunity to converse directly with each of the band members, those participating will stand to win an exciting array of Aerosmith prizes, ranging from the band's latest, collectible Columbia release, "Box of Fire", and Geffen's "Big Ones" Aerosmith compilation album and home video, to their first interactive CD-ROM game, "Virtual Guitar: Quest for Fame, Featuring Aerosmith" and the CD-ROM-based music video puzzle game: "Vid Grid." Kicking off on Sunday, Dec. 4, at 7 p.m. (EST) Aerosmith will first join users of CompuServe, the world's largest commercial online service, for an hour-long interchange. The following night, at 10 p.m. (EST), they will link up with Prodigy devotees for an hour, before surfing over to America Online on Tuesday, Dec. 6, between 8:15 p.m. and 9 p.m. (EST). For their final appearance (10 p.m. EST Dec. 7), the band will log on to a linked collection of live electronic gathering places, called MOOs, accessible through the Internet. This last stop on the tour will see an unprecedented number of users accessing the system -- making this a ground-breaking excursion along the information highway. For two of the online events, the band will be set up backstage, with Macintosh Powerbooks courtesy of Apple Computers, prior to their shows at the Palace of Auburn Hills in Detroit (Dec. 4) and the United Center in Chicago (Dec. 6). For the other two nights, utilizing the same equipment, they will take time out of their hectic schedules, to link up with their fans en route between gigs. Anyone with a computer, a modem and access to one of the four online services (which are immediately available from any computer store or through any of the commercial services' 800 numbers) will be able to dial in and participate in this exciting tour of Cyberspace. For directions to these online 'gigs' users should contact either the Electronic Frontier Foundation at 202-347-5400 (voice) or aerosmith@eff.org (internet e-mail). Alternatively, details will be available on each of the participating online services. ------------------------------ From: /G=Brad/S=Hicks/OU1=0205465@MHS-MC.ATTMAIL.COM Date: Thu, 01 Dec 1994 14:42:44 -0600 Subject: File 3--Re: CPSR Discounted Members ("Why I'm not a Member") In CuD 6.101 article 5, someone presumably from the CPSR summed up in four reasonably short sentences why I'm not a member of the CPSR. > 1. It is important for citizens to become involved in the development > of the "Information Superhighway" to ensure that it addresses > educational and other critical needs. What educational and other critical needs are going to be met by citizen involvement? I maintain that they would be better met by letting the individual school boards decide how much of their budget should go to buying computers and computer networking, and then letting them buy said hardware and services from whomever they want. So I support citizen involvement in school board budget meetings ... but somehow, I don't think that's what the CPSR means. Or does the CPSR send representatives to all umpty thousand school boards in this country? No, the only way for a group like CPSR to have its "citizen involvement" affect everybody is for more federal intervention in education ... which I oppose, vehemently. > 2. Privacy considerations might be overlooked in the next-generation > computing systems if organizations like CPSR aren't especially > vigilant. First of all, no organization has done as much for privacy in computer systems, current or next generation, as the RSA team and Phil Zimmerman. And they didn't need the CPSR to do it. But there are privacy concerns related to database use and abuse that public key cryptography doesn't help with ... much ... yet, anyway. (When public key based electronic money makes it possible but not automatic for purchases and finances to be completely private, we'll find out how much people are willing to pay or give up to have that freedom.) In that battle, the CPSR is just one of many voices, and maybe not the most useful one. So if you want to say that all of the groups involved in advancing privacy are "organizations like CPSR," then I'll grudgingly acknowledge part of #2. But in fact, I don't think those other groups are much like CPSR. > 3. I am concerned that the "Information Superhighway" might become an > "Information Supertollway" - a shopping mall rather than a public > commons. I'm concerned about first amendment rights in cyberspace! Couldn't happen. If the government handed the Internet over to Prodigy tomorrow, and they raised the rates through the roof, and then said that nobody could be a content provider without investing millions of dollars in it, that would kill the Internet as we know it. No doubt about it. And by the end of the month, FidoNet and/or WWIVnet and/or OneNet would have ten thousand more nodes, spreading costs as best as they can and highly motivated to keep those costs low. By the end of the year, the same people who run Freenets now would have figured some way to fund IP protocol links between them, and there'd be another Internet that ran along an open-content, low- and spread-cost model. Yes, even if it was illegal: there was FidoNet in France at a time when Minitel was guaranteed a legal monopoly on electronic mail; what more would we see in America? How would they stop it, declare a "War on Private Networks"? Require random testing of phone lines? If the last ten years have taught us anything, it's that "the Net" seeks out low cost, low censorship, high bandwidth, high reliability network links (in roughly that order of priority, I think) as naturally and automatically as water seeks its lowest level. No act of government or business can repeal that economic law; I hope Vint Cerf has explained this to his new employers. And having been a sysop, I must admit that I cringe whenever I hear users talking about their First Amendment rights. What they usually mean is guaranteeing their "right" to say whatever they want =at my expense=. If I run a system and you don't like the way I kill messages, then buy your networking from somebody whose policies you =do= like. (That's why I still have a grudge against Prodigy.) > 4. I would like to help support Computer Professionals for Social > Responsibility and help support the development of democratic > and responsible technology. Democratic technology? We're going to give PCs the vote? Or are we going to vote on whether or not I get to buy another 8 megabytes of RAM for my PowerMac at home? Is that what they mean by responsible technology? Responsible to whom, and for what? Given CPSR's history, I think that they mean democratic and responsible to mean that the following issues will be decided by a vote of the people: who gets computers, how much they'll pay for them, what those computers and the networks they connect to will look like, and what they'll be able to be used for. Sorry, count me out. If given a chance, the majority will vote for computers to be given to them, for free, with the expense passed on to middle class taxpayers and debt owed by the next generation. Big corporations will "influence" Congress to make those computers look like whatever the heck they're manufacturing this year. (Programming language standards always lag behind the market, because every vendor gets a veto and therefore the standard is watered down until every vendor in the market meets it. Who's going to let a standard pass, unless their products already meet it?) And liberal groups like CPSR will campaign to keep them from being used to make a profit. Make the design of computers "democractic and responsible" and some liberal will start a petition campaign saying that RISC chips are unfair to people who are still using 286s. Why should manufacturers be able to impose upgrade costs on these folks without their vote? Not to mention all the lost jobs at Intel because people are buying Motorola chips. It's un-American; let's pass a law. From now on, all computers will have 286 chips. That's fair to everyone. (It's also the death of progress and innovation. Some country that doesn't impose "democratic and responsible" restrictions on its inventors and manufacturers will eat our lunch within two years, and we'll be another backwater Third World basket case country. Countries like that always have two-tier societies; huge numbers of poor serfs, and a dictatorial elite that own and run everything. If I were just a little more paranoid, I'd suspect that this was the =real= agenda of CPSR: they might think think that the world would be "fairer" and tidier if a highly-educated elite told everybody else what to do and they did it or else, no troublesome middle class to build their own alternatives.) Make the use of computer networks "democratic and responsible" and prudes will vote to shut down the entire alt.sex hierarchy. Christians will vote to shut down alt.pagan and other groups. And the people who threw out almost every liberal incumbent last month will vote to shut down the CPSR listserv. I won't agree with any of them ... but I will sympathize with the last one, and figure that they =almost= deserve it for having made technology "democratic and responsible." ("Democracy is based on the assumption that the marjority know what they want, and deserve to get it good and hard." Will Rogers, wasn't it?) Look, I'm not a knee-jerk Randroid but Ayn Rand described groups like the CPSR quite well in _Atlas Shrugged_. They are what she calls "users." Users are people who think that because of their needs that they're entitled to the efforts of my mind, the fruits of my labor, the contents of my wallet. And I will oppose this collectivist philosophy at every opportunity until I die, and I hope that at least some of my words will go on fighting it long after I die. J. Brad Hicks Internet: mc!Brad_Hicks@mhs.attmail.com X.400: c=US admd=ATTMail prmd=MasterCard sn=Hicks gn=Brad ------------------------------ Date: Thu, 1 Dec 1994 16:03:32 -0500 From: felixk@PANIX.COM(Felix Kramer) Subject: File 4--Correction on SlipKnot Info ((MODERATORS' NOTE: In the last few months, we've received a number of info-updates on SlipKnot. In 6.99, we accidentally printed an earlier post rather than the most recent update. Thanks to Felix Kramer for pointing out the goof)). I notice that Computer Underground #6.99 reprinted our October 28 e-mail message to journalists announcing SlipKnot beta 0.53. While we appreciate your providing information, this was still a private beta, not intended for public distribution. (And unfortunately, your mail went out November 23 -- the day after we released 1.0 after going through betas 0.54-0.56) We would greatly appreciate your running a notice as soon as practical, urging users to switch to the released version. Please let me know what issue # the correction will appear. Thanks in advance--Felix Kramer Here's are the key points of a message: It is very important that beta users switch to the officially released SlipKnot 1.0 version as soon as possible. Version 0.53 (described in Computer Underground #6.99) was a beta version with some subtle and some not-so subtle bugs. MicroMind cannot support and attempt to fix the problems in this early version. To get the new version, *do not* use the upgrade process described in the documentation. First remove your \SLIPKNOT directory and *all* of its subdirectories. Then perform a new install. Check at your service provider first to see if it's available locally. If not, it's downloadable from the following anonymous FTP sites (approx. 1.2 MB): ftp://oak.oakland.edu/SimTel/win3/internet/slnot100.zip or from: ftp://ftp.netcom.com/pub/pbrooks/slipknot/slnot100.zip oak.oakland.edu has numerous mirror sites, so if you have any trouble getting it directly from there, please try the mirror sites. One mirror site is: ftp.uoknor.edu/mirrors/SimTel/win3/internet/slnot100.zip In the U.K. try: src.doc.ic.ac.uk/computing/systems/ibmpc/simtel-win3/internet/slnot100.zip After downloading, please read the READ.ME file for Windows installation instructions. To get the latest information about SlipKnot, send a blank e-mail message to: slipknot@micromind.com or Point your WWW browser (lynx is fine) to http://www.interport.net/slipknot/slipknot.html * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Felix Kramer/Kramer Communications NYC-based electronic publishing & journalism Online promotion & marketing e-mail: felixk@panix.com or felixkramr@aol.com voice: 212/866-4864 fax: 212/866-5527 ------------------------------ Date: Thu Dec 1 10:05:07 PST 1994 From: fosterj@OHSU.EDU(John Foster) Subject: File 5--"Hacker Learns Intelligence Secrets" (Risks Reprint) FYI. Excerpt from RISKS DIGEST 16.58, 26 Nov 1994. Date--Thu, 24 Nov 94 09:09:38 GMT From--Mathew Lodge Subject--Hacker learns intelligence secrets The London "Independent" newspaper of 24-Nov-94 leads with a story that a "hacker" gained access to a sensitive database of telecommunications information at British Telecommunications (BT), the UK's largest (and ex-state owned) carrier. The story was also carried by all the major television and radio news programmes. Tim Kelsey, author of the Independent story, reveals that details such as telephone numbers and addresses for secret installations of the Ministry of Defence, MI5 (the British intelligence agency responsible for the UK) and MI6 (like MI5, but handles non-UK affairs). "Thousands of pages of highly confidential BT records were sent across the Internet to a young Scottish journalist, Steve Fleming, in July". Mr Fleming received the information after making a news posting asking for information on BT and hacking. The informant remained anonymous -- details of how this was achieved are not given. The hacker also gave details to Mr Fleming about how he too could access the information. He applied through an employment agency for a short-term contract at BT as a database designer, clearly stating on his CV that he was a freelance journalist. He got the job, and was able to gain access to the information because passwords were just left lying around the office. BT is still going through a major staff restructuring programme, and as a result has a large number of temporary (contract) staff. These staff need passwords to the system to legitimately carry out their jobs, but because of the constant flow of people, the passwords are often written down. Mr. Fleming learned, among other things, * The location of MI6's training centre ("spy school"), located in a non-descript building next to a pub in south London * Information about the bunker in Wiltshire where the Government would go in the event of nuclear war * Details of telephone installations at Buckingham Palace and 10 Downing Street [the Prime Minister's home], including personal lines to John and Norma Major. The system itself, the "Customer Services System", was designed and implemented by an American company, Cincinnati Bell. It is supposed to have internal mechanisms to prevent hacking (!) So, what are the risks (briefly!) 1) Allowing temporary staff passwords that allow almost any data to be retrieved. It sounds as if the security levels of the database were either non-existent, or compromised. 2) Keeping sensitive information in the same database as non-sensitive information. 3) The age-old chestnut of the uses of passwords. A BT spokesman, speaking on the "Today" programme on BBC Radio 4 confirmed that a "top level" investigation had been launched, but refused to confirm or deny that the hack had taken place. Mathew Lodge, Software Engineer, Schlumberger Technologies, Ferndown, Dorset, UK, BH21 7PP lodge@ferndown.ate.slb.com (+44) (0)202 893535 x404 [The *Independent* items are in their entirety (28K) in RISKS-16.58BT, courtesy of Brian Randell. PGN] ------------------------------ Date: Wed, 30 Nov 1994 21:18:44 EDT From: Anonymous Subject: File 6--"Computer Sleuths" nab 15-year old (Excerpts from Chicago Tribune: 28 Nov, 1994: p. 6) COMPUTER SLEUTHS FIND HACKER WHO PLAYED HAVOC (Minneapolis): University of Minnesota computer sleuths tracked a suburban Minneapolis teenager for about six weeks-watching him illegally use their passwords to gain access to more than 10 computer networks from Detroit to Moscow-before police confiscated his computer last week. They monitored the 15-year-old as he bragged electronically to other computer hackers about his escapades. That included forcing the Greater Detroit Free-Net to shut down for a week after he penetrated its security in an attempt to use the system without anyone knowing. But the university computer techs knew. What's more, they say, the boy brazenly told other hackers, as the techs electronically eavesdropped, that he knew that they knew-and thought it was funny. ((The article explains that the youth didn't care that he was being watched and seemed to invite apprehension. The youth lives with his mother, but was in the hospital when police confiscated his modem and computer equipment. He could face felony charges)) "He wiped out a lot of critical files," said Paul Raine, president of the Detroit Free-Net, an eight-month-old community information exchange that charges no fees to its users. The system was shut down Nov. 9 so volunteers could rebuild it and tighten security. Raine said he has contacted the FBI about possible federal charges because the youth used telecommunications equipment to reach across state lines. ((The youth reportedly had problems at home and skipped school while using the computer)) He said the Apple Valley youth had obtained passwords, possibly from electronic bulletin boards or by using commercially available decoding programs. Grewe said the boy appeared to fit the typical hacker profile: a 15- to 20-year-old male, many of whom have low self-esteem. ------------------------------ Date: Sat, 03 Dec 1994 19:23:08 EST From: "Rob Slade, Social Convener to the Net" Subject: File 7--"Tekroids" episode of Tekwar and the perception of viri TVTEKWAR.RVW 941201 Bill Shatner has been reading "Snow Crash" (cf BKSNCRSH.RVW)! In tonight's episode of Tekwar, we find that police detectives, and the hero's ex-wife, have been felled by a nasty virus. A *computer* virus. Call the Weekly World News. Shatner is *much* more ambitious than Stephenson. The "Snow Crash" virus, in graphical representation, looked pretty much as you'd expect--snow! The Tekwar virus looks like a young lady. (When she starts to open her blouse, you get just a hint of circuitry and bright light. Hubba, hubba!) Oh, come now, Rob. Don't be a spoil sport. They can make programs that look like text, can't they? So why can't they make programs that look like pictures? Well, it is true that I have copies of the BOO programs, which are utilities for converting binary files into a format that was only printable characters. I understand that there is an MS-DOS program, called COMt, which turns COM files into *executable* forms, using only printable characters. (Padgett Peterson was so taken with the idea that he wrote his Christmas card program using only printable characters.) The "text" programs, however, don't exactly look like a letter from Mom--they look like strings of garbage. Paradoxically, graphics images (realistic graphics, that is) give you even *less* leeway, since the human eye is *very* good at picking up anomalies. The Tekwar virus is recovered from an imperfectly erased copy of the graphic. Under extrapolative recreation, the virus is virulent enough that just looking at it will fry your computer. (Try *that* with your average copy of Stoned. "Lossy" compression wins again!) (By the way, in *that* picture, the young lady has her shirt *on*.) If you look at the virus, it renders you unconscious. Fair enough: flashing lights can stimulate epileptic seizures. However, thereafter the virus slowly causes *physical* degradation of your nervous system. Oh, please. What's the nerve equivalent of JMP? Stay tuned *next* week, when Bill Shatner uses the I-word. (Pay close attention when he announces the virus is loose.) copyright Robert M. Slade, 1994 TVTEKWAR.RVW 941201 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (contact: 1-800-SPRINGER) ------------------------------ ------------------------------ From: smithm@NICCO.SSCNET.UCLA.EDU(Marc Smith) Subject: File 8--CALL for PAPERS: Communities in Cyberspace Date: Thu, 1 Dec 1994 10:49:13 -0800 (PST) CALL FOR CONTRIBUTORS VOLUME ON COMMUNITIES IN CYBERSPACE A volume entitled _COMMUNITIES IN CYBERSPACE_ is being prepared for publication by the University of California Press. We are looking for papers that examine the subject of online interaction and community. Papers should focus on existing examples of online interaction, with particular attention to the collective organization of groups, the emergence of community, and the issues, conflicts, and problems that go along with those developments. A partial list of suggested topics is included below: Social Interaction: =================== The dynamics of online interaction Comparisons of online interaction with other forms of interaction Identity, anonymity, cryptography The presentation of self Sex and gender dynamics in online groups Power in online communities Synchronous versus asynchronous interaction Social Organization: ==================== Systems of exchange in online groups Scarcity, value, and markets in online communities Informal social control Group solidarity in online communities Cooperation and conflict in virtual communities Crime and deviance Governance in online groups Culture and ritual Constructing an online community Community protest/collective action based on online groups To be considered for inclusion in this volume, prospective authors should submit the following: 1) A 300-500 word abstract describing the substantive focus, methodology, and conclusions of research to be reported in the proposed paper 2) A brief biographical statement (or curriculum vita) indicating previous research and/or relevant experience in this area Submissions should be sent via mail, e-mail or fax no latter than February 1st, 1995 to the volume editors at the address below: Peter Kollock and Marc Smith UCLA Department of Sociology 405 Hilgard Ave. Los Angeles, California 90024-1551 USA E-mail: kollock@soc.sscnet.ucla.edu smithm@nicco.sscnet.ucla.edu Fax: (310) 206-9838 Invited authors will be provided with guidelines for the preparation of the paper. The tentative deadline for receipt of the final manuscripts will be June 1st, 1995, with an anticipated publication date in the first half of 1996. ------------------------------ Date: Thu, 23 Oct 1994 22:51:01 CDT From: CuD Moderators Subject: File 9--Cu Digest Header Information (unchanged since 25 Nov 1994) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 In BELGIUM: Virtual Access BBS: +32.69.45.51.77 (ringdown) UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the NIU Sociology gopher at: URL: gopher://corn.cso.niu.edu:70/00/acad_dept/col_of_las/dept_soci COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #6.102 ************************************