💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud0719.txt captured on 2022-06-12 at 10:57:42.
-=-=-=-=-=-=-
Computer underground Digest Wed Mar 8, 1995 Volume 7 : Issue 19
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Semi-retiring Shadow Archivist: Stanton McCandlish
Correspondent Extra-ordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Monster Editor: Loch Nesshrdlu
CONTENTS, #7.19 (Wed, Mar 8, 1995)
File 1--Re: Cu Digest, #7.18
File 2--Acm-IIT Computers Seized by Ill. Institute of Tech (fwd)
File 3--Cu in the news
File 4--Role-playing adventure BBS starting New game
File 5--"You all support child porn" and other rubbish
File 6--Alert #1: Fifth Conference on Computers, Freedom and Privacy
File 7--CMC Magazine March Issue
File 8--TIME WARNER ELECTRONIC PUBLISHING
File 9--Cu Digest Header Info (unchanged since 26 Feb, 1995)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
----------------------------------------------------------------------
Date: Tue, 07 Mar 1995 22:54:34 -0500
From: spaf@CS.PURDUE.EDU(Gene Spafford)
Subject: File 1--Re: Cu Digest, #7.18
Re: the review of "Virus Creation Labs" and the excerpt by George
Smith.
I gather from the tone of the excerpt and the review that Mr. Smith
has lumped together all kinds of PCs and therefore likewise all
developers? If so, it is both a technical and a social error, at the
least.
For instance, Macintosh systems are PCs, in the true sense that they
are personal computers. They also have less than 2 dozen viruses
written for them, ever. The Mac anti-virus community cooperates,
quiety and without publicity. The world's only successful prosecution
of computer virus writers was brought about by the Mac anti-virus
community. And there have been two very complete and wonderful FREE
programs that deal with Mac viruses: Disinfectant and Gatekeeper.
Even the competing commercial vendors praise them and sometimes help
their authors.
Thus, in the Mac virus arena at least, we have not seen any evidence
of a "...bizarre Pirandellian world of inflated egos, malicious
territorialism, questionable ethics, and avarice, about equally
divided between the moral entrepreneurs amongst virus fighters and
their nemesis, the virus writers." There is no "phalleocentric
anti-virus community" (thank heavens!).
In fact, outside of the IBM MS-DOS arena, I would question if the view
described exists elsewhere. I have not heard anything resembling
these same descriptions applied to those working with viruses in
Atari, Amiga, or (almost non-existant) Unix environments. From my
perspective, which reaches back to where I think I was principal
author of the second or third book written on viruses (not counting
Cohen's dissertation as a book), even the MS-DOS community was not
always as described. A few greedy and self-serving people changed the
field for the vendors, and a few destructive virus authors changed it
for everyone else. Even so, there are some people in the MS-DOS
anti-virus field who are not malicious, territorial, or avaricious.
Ken van Wyk, Vesselin Bontchev, David Ferbrache, and Fridrick Skulason
all come to mind without much effort as good examples of community
spirit and cooperative effort. There have been, and are, others.
I don't doubt that Mr. Smith's view is entertaining and informative.
I hope that it is more balanced and fair, however, in its presentation
than I might imagine from the review and the excerpt. The attitudes
and behaviors discussed could more likely be blamed on repeated
exposure to MS-DOS than to viruses or personal computers, especially
when we look at the record of behavior of others. It would be a pity
if the book presents a local phenomenon as the global picture.
------------------------------
Date: Tue, 7 Mar 1995 12:13:20 -0600
From: jthomas@SUN.SOCI.NIU.EDU(Jim Thomas)
Subject: File 2--Acm-IIT Computers Seized by Ill. Institute of Tech (fwd)
ACM-IIT COMPUTERS SEIZED BY ILLINOIS INSTITUTE OF TECHNOLOGY
_________________________________________________________________
ACM - The First Society in Computing
"AND LET IT BE KNOWN THROUGHOUT THE WORLD WHAT WAS DONE THIS DAY..."
DATELINE TUESDAY JANUARY 17, 1995
Today sometime before noon today, the Illinois Institute of Technology
seized the computer systems of the Association for Computing Machinery
student chapter at IIT.
700 Student and Faculty users are not happy. And are now without their
Email and other private files. The locations of the ACM-IIT systems is
currently unknown, and the security of the system and the accounts on
it is highly questionable, as it was quite literally riped out of the
wall. ( a piece of the modem was found lying on the table ).
The reasons given by IIT where that members of ACM-IIT are suspected
of hacking into the computer of another IIT student group, and pulling
several pranks.
The memo sent to the Dean of Students details the hacking attempt, but
no evidence points to ACM-IIT's systems or to any of their users, but
the memo does make several unbacked accusations. And at this time, we
can see no reason ACM-IIT would even be tied to the events. However
because ACM-IIT members are suspect, the systems where unlawfully
seized by IIT.
IIT has no legal right to seize ACM-IIT's systems, nor anyone else, as
they contain private accounts, files, and Email.
Such rights are protected under the Electronic Communications Privacy
Act (ECPA), which extended most of the protections of the federal
Wiretap Act ("Title III") to electronic mail.
Precidence was established in the case Secret Service vs. Steve
Jackson Games decided March 12, 1993 in favor of SJG (1) (2)
Needless to say, ACM-IIT members are not too happy about all of this.
And the other 700 people don't seem happy either.
_________________________________________________________________
DATELINE WEDNESDAY JANUARY 18, 1995
* Members realize that along with Troll, which is physicaly
considered IIT's property even tho it was purchased with student
funds, property of ACM-IIT members was also seized includind a
network card, SIMM modules, and the modem that was broken by IIT
during the seizure.
* ACM recieves writen copy of allegations and supposed proof that
ACM systems where used in the attempt. However the evidence
clearly shows that other IIT owned systems where used and NOT
ACM-IIT's systems.
* Electronic Frontier Foundation is called and informed of the
situation, and begins investigating the situation.
* ACM-IIT hears that the computer system is in the process of being
searched by IIT staff, and ACM-IIT members now consider the
system compromised. Still no evidence showing ACM-IIT
involvement.
* Word continues to spread amung the IIT community, many more
students and faculty are outraged about the seizure of their
accounts and files.
* Continued stress to students due to the lack of access to their
Email, addressbooks, and other files. Email is now being lost in
mass due to the ACM-IIT systems removal, much of which is
considered critical by many people.
* ACM-IIT members miss the ACM Chicago Chapter meeting due to the
fact that all the info concerning time/location was stored on the
seized systems.
More info on previous legal cases involving seizure of systems and the
data they contain.
_________________________________________________________________
DATELINE THURSDAY JANUARY 19, 1995
Everyone waits for the Dean of Students hearing friday morning...
_________________________________________________________________
DATELINE FRIDAY JANUARY 20, 1995
* IIT agrees to put ACM-IIT's computer back online "late next week"
provided ACM-IIT is on it's own subnet, and IIT gets root access
to the machine, and can take the machines offline at anytime.
* ACM-IIT meets in an emergency meeting, and unanimously votes that
the terms are completely unreasonable and that ACM-IIT cannot
continue to operate machines on the internet under IIT's
conditions and maintain services and security.
+ ACM-IIT mobalizes to aquire donatated or private machines to
provide services on, so that hopefully at least some legal
rights will have to be respected by IIT.
+ Calls will be made Monday to INTERNIC to hopefully expedite
ACM-IIT's applications mailed in several weeks ago for IP
space and the domain name acm-iit.org
+ Searching begins for a site with a T1 line or better to host
ACM-IIT's systems, since IIT will not assure that ACM-IIT
will have access to the net at all times, and wants student
groups off of IIT's backbone. This means several services
cannot be offered by ACM-IIT, but at least most can.
* On the matter of the disciplinary action without any proof, the
Dean of Students makes the statement "This isn't a court of law,
we don't need proof." Several students including the acused start
looking at other schools, looking for someplace they will be
allowed to make a difference.
_________________________________________________________________
DATELINE MONDAY JANUARY 23, 1995
Various people and organizations now helping ACM-IIT with the
situation, but it has yet to resolve itself. Several additional
courses of action are proposed as ACM-IIT seeks to get back online
ASAP.
_________________________________________________________________
DATELINE TUESDAY JANUARY 24, 1995
At the Student Leadership Committee meeting, the issue is brought up
and a subcommittee is formed to investigate the actions taken buy the
Dean of Students office and IIT.
_________________________________________________________________
DATELINE FRIDAY JANUARY 27, 1995
After another Meeting with the Dean of Students, ACM members are
finally allowed to take back the privately owned property in the
machine, and also are allowed to take the hard drive. ACM-IIT now has
possesion of all the data/files/Email on the system. Plans to get
ACM-IIT back onto the internet ASAP with the help of Ripco
Communications, Inc. a local Internet Provider are made.
_________________________________________________________________
DATELINE SATURDAY/SUNDAY JANUARY 28-29, 1995
ACM-IIT members attempt to gather the needed PC hardware to restore
services. Corporate donations are sought, and many friends are called.
_________________________________________________________________
DATELINE JANUARY 30TH - FEBRUARY 9TH, 1995
* On February 1st IIT agreed to allow users files and Email to be
placed back online for users to download, however ACM-IIT will not
be allowed to administrate systems directly attached to IIT
networks.
* Due to problems coordinating with IIT staff, ACM-IIT systems are
still offline, but will hopefully be online somewhere relatively
soon.
* ACM-IIT submitted a proposal to IIT to allow ACM-IIT back online
to run their systems if a firewall could be acquired, but has
still not heard back from IIT officials.
* ACM-IIT members continue to attempt to gather enough PC hardware
to leave IIT's network for another site where the systems will be
secure.
_________________________________________________________________
DATELINE FEBRUARY 15TH, 1995
* The ACM-IIT system is placed back online for users to download
their files pending a permanent solution to the problem.
* However the system is again rendered inaccessable when the
nameserver entries are rechanged, and some IIT machine is told to
respond as if it where ACM's system and refuse connections.
_________________________________________________________________
This document would be on the ACM-IIT Web site, but we don't have one
anymore.
So now it lives at http://xtreme.acc.iit.edu:4242/~bebeada/ and is
mirrored at http://rci.ripco.com:8080/~bebeada/ACM.html
------------------------------
Date: 07 Mar 95 17:59:53 EST
From: Gordon Meyer <72307.1502@compuserve.com>
Subject: File 3--Cu in the news
Harris-steria?
=========
A recently-spotted ad for an Internet firewall begins with the
ominious proclimation that "Every 20 seconds, a network is
infiltrated. Vital files are sabotaged. Corporate secrets, financial
data and sensitive customer information are stolen, and all traces of
the intrusion are erased. The futures of companies which took years to
build are terminated in a few short seconds".
Every 20 seconds? That amounts to 4320 companies having their futures
"terminated" every 24 hours (we all know hackers never sleep). In
February alone that would be over 108,000 companies, assuming that
most hackers took Valentine's Day off. Yearly calculations are left
as an exercise for the reader.
===============================================================
The Software Publishers Association (SPA) reports that of the calls
they received on their "piracy hot line", they took action against 447
organizations in the U.S. That's 23% fewer actions then in 1993. The
SPA "actions" include 197 audits aned lawsuits, netting $2.7 million
in penalties. (Datamation. March 1, 1995. pg 26)
------------------------------
Date: Sun, 26 Feb 95 02:53:04 +0200
From: RMthawanji@UNIMA.WN.APC.ORG
Subject: File 4--Role-playing adventure BBS starting New game
For about six months I've been running a role-playing adventure on
my BBS the message areas. I got a lot of response and all the people
playing had a pretty good time. I've decided to open the next
adventure to ANYONE with an E-mail account for no charge. The games
ruling systems will be Warhammer Fantasy Role-Play based, with some small
variation into other role playing systems. Its ideal for all modem-literate
Games workshop junkies!!
_Anyone_ intrested in joining the game should mail me at:
Email: Rmthawanji@unima.wn.apc.org
Fido: 5:7231/1.113 (FIDO)
Please include somwhere in the body of your message, your most frequently
used email address and your age. Also, as a matter of intrest, please
include any other role playing systems you've played & details.
I am also looking for a server to run this via Email off (ie. a listserv
of some sort). I'm not familiar with the basics of running something off
a list server, but I'm pretty sure I'll be able to get to grips with it
pretty quickly. If there's anyone willing to explain how use a listserver
to run the adventure off, and show me one to use, please do contact me..
I'm also looking for someone to post this in all relevant USENET news
groups - if you find the time to do so, just let me know once its posted.
The first adventure will start as soon as I get 10 players ready to go.
Players joining after the adventure has began should Email me as normal,
and I will reply and brief them on the on going adventure, give them
their characters & start them up as soon as possible. The second adventure
will begin when there are 15 players, who've opted for it ,ready to go.
Yes as you've noticed, I'm running TWO adventures, from the brief
descriptions below please decide NOW, which you want to join and
state that somewhere in your Email.
<1> - The Tower Of Despair - Delve into another dimension of danger &
excitement as a terrible evil unfolds
across the empire!
<2> - The Legions Undead - Bretonnia, a kingdom previously of great
beauty & tranquility. Now the dead all
across the land groan and writhe in their
tombs as peril befalls the land ...
From the list below, select a career class for your character and include
that in your email.
1) Warrior
2) Rogue
3) Ranger
4) Academic (cleric, druids etc.)
- these are only the basic choices the rest is determined randomly -
Once I've generated your character, I'll send a copy to you to keep
and modify between each turn. You'll then be required to send
a short and un-exaggerated piece on your characters background and
description matching your characters stats.
To play the adventure you'll need a map, I'll place a GIF map on an
FTP site and inform all users who've joined the adventure. Eventually,
once the adventure is complete, I'll compile it into a story and put
it on a couple of FTP sites & BBSes for others to see.
If you use PGP, please send your Public key along with your Email.
Looking forward to a pretty mad adventure ... the whole thing will
be pretty informal so tag along, it should be good (famous last
words. )
------------------------------
Date: Sat, 4 Mar 1995 22:25:58 +1000
From: Rhys Weatherley <rhys@FIT.QUT.EDU.AU>
Subject: File 5--"You all support child porn" and other rubbish
Frankly, I'm getting a little sick of views such as the following, which
seem to crop up with regularity in the free speech vs censorship debate:
> If you want it to be legal for people to use email, or web pages, or
> improvised FidoNets or whatever to send around JPGs of perverts raping
> 6 year olds, or detailed descriptions of rape/murder/torture fantasies
> with people's real names for the victims, or GIFs of people having sex
> involving excrement, carving knives, and/or animals ... well, then say
> so!
Brad Hicks was the author of that little gem, but there are many more
like it all the Net over.
Very few free speech supporters, myself included, want that kind of
crap distributed on the Internet or anywhere. Most of it takes an
actual physical crime to produce the information. It is therefore not
free speech by any stretch of the imagination. It is a crime, and
should be punished to the full extent of the law.
However, by raising these little gems, Brad and those like him do the
anti-Net-censorship movement a great disservice. Those are extreme
examples which are easily dealt with by after-the-fact complaints and
clean-up mechanisms, handing the perpetrators off to the cops at the
earliest opportunity. Before the fact scanning is not required, yet
S.314 certainly seems to require it.
It is all the other things, which are NOT extreme, which the free speech
advocates want people to be able to say and do without reprisal. Whilst
some of the non-extreme things may not be in the best of taste, they do not
involve physical crimes to make the information. Heavy handed control and
scanning is not required to deal with this. Personal choice, parental
supervision, kill files, and the unsubscribe function are plenty good
enough. Yet S.314 still seems to require scanning.
Raising the extreme examples twists the debate and paints the supporters
of free speech as criminals, and only serves to frighten those people who
do not understand the true implication of a monitored and scanned
society: "we may get rid of what most ordinary people don't like, but
what else will we get rid of in the process?".
I recently spent an interesting afternoon attending a panel on censorship
given by 4 Australian authors. The first 3 said a lot of very good
things about anti-censorship. The last, a very staunch Australian feminist,
gets up and says "I support free speech. However defamation is not free
speech." So far so good (more or less). Then she says "Pornography is
defamation against women. Therefore pornography is not free speech and
we should ban it, especially on the Internet". She was seeking to
redefine what she didn't like as something else so that she could ban it.
And this is a free speech supporter!
Interestingly, she trotted out all of the extreme examples (child porn,
degrading sex scenes, etc, etc, etc) to justify her case, snowing the
audience into thinking that all of it is like that. My efforts, and those
of a couple of others in the audience didn't really help to dissuade her.
Probably because we were men. :-( I left feeling that the rest of the
audience (mostly women) had bought her line, because they didn't realise
that she was using extremes to justify her case.
The danger that I see in S.314, and proposals currently before the Australian
Federal Government, is that they seek to blame first, ask questions later.
Yes, the word "knowingly" is in there, but how is that going to help the
Internet-on-a-shoestring provider pay their legal costs to point the finger
at their users? Will they go bankrupt trying to prove their aren't liable,
or will they get fined or go to jail because they are financial nobodies?
Make no mistake about it: the big Internet providers will be protected.
No one will bother hauling them into court. But the little providers will
get it in the neck because they are easy targets. Is this how we want
the future of law enforcement to operate? Targeting the weak because the
police can get away with it?
Eventually laws may be needed to deal with the extreme examples. But this
can only happen after we clear up the liability question. When police make
it a matter of policy of targetting users first, and only targetting
providers when evidence of conspiracy comes to light, then we can start
to have some sanity in laws about the net. Until then, S.314 and its ilk
are very dangerous things to have on the law books.
So, please cut the crap about the extreme examples. It isn't helping.
It merely diverts attention away from the real issues that free speech
advocates are trying to raise. Most of us do NOT consider the extremes
free speech. Stop trying to claim that we do.
Cheers,
Rhys Weatherley, President of BrisNet, an Internet service provider in
Brisbane, Australia. Also the head of the Australian Computer Society
and Electronic Frontiers Australia task force on "Freedom in Cyberspace".
E-mail rhys@brisnet.org.au for details.
P.S. I have a lot of respect for the feminist movement and the quest for
equality. My intention was not to debate the merits of the feminist
movement but merely to point out that some people are using extremes
to sidetrack the censorship debate because of personal distaste for
certain things. In the long run, this is a diversion, not a solution.
------------------------------
Date: Wed, 1 Mar 1995 03:22:05 -0800
From: ceh@LELAND.STANFORD.EDU(Carey Heckman)
Subject: File 6--Alert #1: Fifth Conference on Computers, Freedom and Privacy