💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud1010.txt captured on 2022-06-12 at 11:07:33.
-=-=-=-=-=-=-
Computer underground Digest Sun Feb 8, 1998 Volume 10 : Issue 10
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #10.10 (Sun, Feb 8, 1998)
File 1--fwd: CYBERsitter caught mail-bombing critics
File 2--The letter to Milbourn/Cybersitter
File 3--Write a Complaint, Get a Mailbomb (Wired excerpt)
File 4--Islands in the Clickstream - January 24, 1998
File 5--"Secure Computing: Threats and Safeguards", Rita C. Summers
File 6--At least someone has a sense of humor......
File 7--Cu Digest Header Info (unchanged since 7 May, 1997)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Sat, 07 Feb 1998 00:50:21 -0600 (CST)
From: Bennett Haselton <bennett@peacefire.org>
Subject: File 1--fwd: CYBERsitter caught mail-bombing critics
CYBERsitter has been caught in the act of mail-bombing someone who
wrote a letter to Brian Milburn, the CEO of CYBERsitter,
complaining about their product. Spefically, a lady names Sarah
Salls sent the following letter to Brian Milburn at
bmilburn@solidoak.com:
http://peacefire.org/archives/SOS.letters/asherah.2.bm.2.4.98.txt
She was writing to CYBERsitter regarding their harassment of
Peacefire and their blocking of anti-censorship sites, which is
described in more detail at:
http://www.peacefire.org/censorware/CYBERsitter/
CYBERsitter replied by flooding her account with over 446 junk
messages. While the attack was in progress, Ms. Salls had her
ISP's postmaster monitor the incoming attack and shut it off.
Naturally, her ISP, Valinet.com, kept copies of the mail logs for
that day and has passed them on as evidence to their lawyers. A
complaint was also forwarded to MCI's security department, which
handles network abuse and illegal denial-of-service attacks that
are perpetrated by their customers, which include lower-end
network users like CYBERsitter:
http://peacefire.org/archives/SOS.letters/valinet.2.mci.2.5.98.txt
C-Net's NEWS.com picked up on the story and interviewed Sarah
Salls, her ISP, me, and Brian Milburn from Solid Oak Software.
Their story is at:
http://www.news.com/News/Item/0,4,18937,00.html
(Note that the C-Net article compares the act of mail flooding
with conventional spam, and says that a bill is being considered
in Congress that would outlaw what CYBERsitter did. This is not
quite true; flooding a person's account with 500 junk messages is
a denial-of-service attack, which is already illegal, and it
usually gets you in a lot more trouble than spamming would.)
Far from denying the accusations, Brian Milburn gave C-Net the
following quote: "Certain people aren't going to get the hint.
Maybe if they get the email 500 times, they'll get it through
their heads... If they send it to my private email account,
they're going to get what they get." No kidding, Brian!
-Bennett
bennett@peacefire.org (615) 421 6284 http://www.peacefire.org
------------------------------
Date: Sun, 8 Feb 1998 15:34:49 -0600
From: jthomas@VENUS.SOCI.NIU.EDU(Jim Thomas)
Subject: File 2--The letter to Milbourn/Cybersitter
((MODERATORS' NOTE: Here is the letter that precipitated the
alleged Spam from Cybersitter and the account of the poster who
sent it. When CuD attempted to contact Milbourn/Cybersitter about
a year ago to obtain information on a story circulating the net,
we received emphatic demands that we never contact him. The
demands were veiled in threats of repercussions should we try, so
others can contact Cybersitter for themselves to confirm or refute
the latest allegations)).
==================
Source - http://www.thewitches.com/censor/
In surfing the Peacefire website, I came across information relating
to Cybersitter's policies. I decided to download the software, and see
how it worked for myself. Everything the Peacefire site had pointed
out about Cybersitter was true. Before downloading the software and
installing it, however, I visited the sites that were on the blocked
list. I couldn't find anything on these sites that would fit
Cybersitter's criteria for blocking.
While I was on the Peacefire site, I also read through correspondence
between Cybersitter's C.E.O. and various people. In numerous letters,
representatives of Cybersitter bashed Peacefire for its involvement
with the issues surrounding their software, citing that the software
was designed for use by parents and that the "kids" at Peacefire had
no right to even be involved in this issue.
Those letters compelled me to write my own letter, after all, I AM a
parent. Here is a copy of the letter I wrote to the C.E.O. of Solid
Oak Software, Brian Milburn.
Mr.Milburn,
You have stated over and over again that your
software is for use by parents. And that individuals other than
parents, should not be involving themselves in the fight against your
just above legal censoring techniques.
I, myself am a parent. I have two children who love to surf the
Internet, and while I seek to protect them from inappropriate
material, I certainly would not want someone else making the
decisions on what my children should or should not view for me.
Which is exactly what your software does. It does not allow the
parents to make the choices about what their children access, that
list is already predefined within the software and to top it all off,
you encrypt the list so that the parents cannot even view it. This I
find completely preposterous. That would be like the video clerk
telling me I could only rent G rated movies, because I have children
under the age of thirteen in my household. Therefore, I am not
entitled to rent a PG-13 movie or above. The PG stands for parental
guidance. Which means, that if I determine that my child is mature
enough to view the movie, he may. It does not mean that anyone under
the age of thirteen is banned from seeing it.
In essence, this is what you have done with your software. You have
taken the "parental guidance" out of it. A parent is not allowed to
determine which sites on your list are or are not appropriate as they
are not allowed to view the list that your software operates from.
I, for one, am not opposed to my children learning about diversity,
yet you have blocked The National Organization for Women, who's key
issues include Racial and Ethnic Diversity as well as issues
concerning Violence Against Women, which unfortunately in their
younger days my children had to deal with firsthand. If it were not
for Organizations like N.O.W. many women would not be able to find
the resources the need to escape abusive relationships, thus allowing
the children to suffer further.
You have also banned The Human Awareness Institute which teaches
individuals to prosper in healthier, happier, more emotionally
balanced relationships. This is something I WANT my children to
learn. After all, what is the alternative? For them to learn to
wither in unhealthy, unhappy, emotionally leeching, abusive
relationships?
We live in an area that is extremely diverse and has a large gay
population. Although, some homophobia still exists in the community,
it is starting to be dispelled by the amount of information available
in cyberspace about the gay/lesbian community. Not so if you are
using CYBERsitter however. I think that based upon the
extraordinarily large number of gay/lesbian sites that you have
banned, we can see where the main homophobia exists. (Looked in a
mirror lately, Mr. Millburn?)
Until recently, you had also blocked a large number of wiccan/pagan
sites as well because they obviously did not subscribe to your own
Christian values not because they were in violation in any way of
your list of criteria for blocked sites. By doing this, if I were
using your software, you would have infringed upon my right as a
parent to teach my children about their religion, as I would not have
been able to access many valuable wiccan/pagan sites.
I truly think that you need to re-evaluate your motives in
distributing this product. If the product is not based upon your own
agendas but merely to help parents in protecting their children, then
you need to revamp your product so that it allows parents to decide
what is appropriate for the children. By decoding your banned lists
and making your product more "parent-friendly".
It is not groups like Peacefire that are causing you to lose revenue.
It is your own product. Organizations like Peacefire and many other
individuals and organizations are merely bringing attention to faults
which already exist within your product. Faults that the consumer
would discover for themselves once they purchased it. If I were you,
I would take the complaints you get to heart and use them to make
your product better, rather than trying to shut down every single
site that airs a complaint about your company's software.
I, for one fully intend to make it known how your software operates. I
have many friends on many domains who are willing to help me inform
consumers about your product. If you feel it necessary to track us
down, and block each and every one of us, then I wish you luck in
your endeavors. But it might make it necessary to add the word
CYBERsitter to your list of banned words, and just what would that do
to your business?
Sincerely,
( My name witheld here, I did include it in the original letter along
with my title and e-mail address)
I sent that first letter to the CEO's e-mail address, which is posted
publicly on Solid Oak's Website (that address bmilburn@solidoak.com )
Well, that letter was returned to me along with a message stating that
it was unwanted e-mail to a private e-mail address. So, I decided that
perhaps the CEO wanted his privacy, even though he had posted his
e-mail address on Solid Oak's website for the world to see. Or that he
might have been offended by the header of my message, which read
TheWitches.Com. I could understand that. I sent the message again,
this time using my Z-Bear account and addressing the message to
support@solidoak.com . The same thing happened again. My letter was
returned with a message stating that it was unwanted e-mail sent to a
private e-mail address. Okay, so perhaps they didn't want me
cluttering up their support mailbox (which again was publicly
displayed on their website) with feedback. That was the solution!!!
Feedback!! I sent the message again, this time using the
feed.back@solidoak.com Yet again, the message was returned to me
with the same message: unwanted e-mail to a private e-mail address.
Since when is a feedback address private? I copied and pasted the
message right into an e-mail on their website, using the address
located just below where it states, "We welcome your feedback"
I returned to the Peacefire website and noticed something I had missed
before. A section stating not to include the word Peacefire in any
e-mail sent to Solid Oak, as they were screening the message bodies
for this and if it was discovered the message would be rejected. I
went back into my e-mail and took out all mention of Peacefire. Again,
I sent the message to feed.back@solidoak.com. Rejected. Again.
Well now that Solid Oak has been contacted, I can now tell the rest of
the story about what happened. Here is a copy of the fourth e-mail I
received from Solid Oak Software:
-----Original Message-----
From: Technical Support <support@solidoak.com>
To: postmaster@zbear.com <postmaster@zbear.com>
Date: Thursday, February 05, 1998 10:54 AM
Subject--Unwanted e-mail [Re:]
Fourth request.
We have asked for your assistance regarding repeated unwanted e-mail
from
this account. You have seen fit however to ignore our requests. Since
you
will not do anything, we will.
So, I had to wonder, what were they going to do? Report me to my ISP?
They had already done that and my ISP responded to them that they
didn't feel there was anything innappropriate about my e-mail.
Approximately five minutes later, when my Outlook Express
automatically logged on to check my mail, I found out. I couldn't
believe my eyes. Hundreds of e-mails were being downloaded into my
account. Solid Oak was mailbombing me! I immediately called my ISP and
got one of the heads on the phone. I explained what was happening. He
logged into my account and was witness to the mailbombing. He
immediately took steps to shut off Solid Oaks mail to my account as
well as to the rest of Valinet, my ISP. 300+ messages had already
downloaded into my account by the time he stopped it with another 500+
remaining on the server. He was livid and so was I. What right did
they have to do this. Especially since I had simply written a letter
to give feedback on their product. This is not the kind of behavior
one would expect from a company that states it is in business to help
parents. I am a parent and this company attacked me and my ISP by
mailbombing me. The person at my ISP is also a parent, his children
and mine attend school together. And up until yesterday, my ISP was
distributing Cybersitter as their filtering software. Solid Oak
actually attacked a business that was selling their product! They
certainly didn't teach me that in business school. That is a
completely new tactic.
I guess the only feedback they want is positive feedback. Anything
negative or contrary will be rejected apparently and the person who
gives the negative feedback will be childishly attacked. I would
encourage you to write to Solid Oak Software to express your opinions
about both their software and their business practices but I would
warn you to do so at your own risk. They don't appear to take
criticism well.
If you would like more information on the filtering processes of
Cybersitter or any of the other major filtering software, or if you
would like to find out what you can do to help fight internet
censorship, please visit the Peacefire website.
Bright Blessings,
<name deleted - CuD>
------------------------------
Date: Sat, 7 Feb 1998 21:32:06 -0600
From: jthomas3@SUN.SOCI.NIU.EDU(Jim Thomas)
Subject: File 3--Write a Complaint, Get a Mailbomb (Wired excerpt)
Source - lynx http://www.wired.com/news/news/politics/story/10141.html
Wired News has been nominated for a Webby Award. You can vote for it
at http://www.webbies.com/.
Write a Complaint, Get a Mailbomb
Janelle Brown
7:05pm 6.Feb.98.PST
Solid Oak, the maker of Cybersitter Web filtering software, is under
fire from a woman who says the company launched an email attack
against her after she sent the firm a critical letter. A company
spokesman offered a semi-denial of the accusation.
Sarah Salls, a Web designer and mother of two, sent an email to Solid
Oak on Wednesday that accused the company of carrying out censorship
in its filtering software.
After the email was rejected by four Solid Oak email accounts
(including support, feedback, and the CEO's personal account), Salls
says, she was mailbombed on Thursday. Her account received over 800
emails from support@solidoak.com, quoting her letter with the subject
line "re: your crap" and a message "Do not send us any more e-mail!"
Solid Oak denied Salls' allegation. But not flatly.
"We know absolutely nothing about this - I can't imagine that this
would happen," spokesman Marc Kanter said Friday.
He conceded, however, that something might have happened - by
accident. He said the company has a new automatic response email
filtering system that Solid Oak is beta-testing and that it "could
have made a mistake."
<snip>
------------------------------
Date: Mon, 26 Jan 1998 13:00:26
From: Richard Thieme <rthieme@thiemeworks.com>
Subject: File 4--Islands in the Clickstream - January 24, 1998
Islands in the Clickstream:
Why the Soft Stuff is Hard
I am currently consulting with a large diverse organization about
technology and communication. Listening to the people on the
front lines, I discovered once again that the collective wisdom
of the work force is immense, but building structures to enable
that wisdom to flow freely isn't easy.
Every introduction of new technology in the organization created
problems. The "efficiency" of voice mail left people dangling.
They didn't know if messages had been heard, action was being
taken, or what. Email has solved some of those problems, but
created others. You get a response, one said, but people often
hide behind email, staying out of reach. They use words to duck
for cover, not communicate.
My mantra -- "Mutuality - Feedback - Accountability" -- holds
true here too. Unless all three are maintained, an organization
skews in predictable ways. Technology creates mutuality and
feedback only if the leader holds people accountable to how it's
used.
This particular business spent lots of money on hardware, less on
software, and almost nothing on training people to use email
effectively -- not how to use email programs, but how to use
words in a high-context medium.
When we need to communicate, we can walk down a hallway and speak
face-to-face, or pick up a telephone, or send email. Each medium
creates a different context. When building a virtual group, it
works best to have plenty of face-time up front, then use email
to sustain -- not replace -- those relationships.
Something that works when said face-to-face can feel like a
boxing-glove coming out of a closet when an email pops up on the
monitor and delivers the same words.
Computer networks are only half the solution. Computer networks
are fused to people networks. We humans beings animate the
network, making it alive. Otherwise it's a monster that over-
controls us. How we manage, not the computer network, but the
integrated human-computer system determines how knowledge is
leveraged in an enterprise.
Because "soft skills" are harder to teach and supervise than
tasks, we often spend more time buying chips and switches or
choosing software programs than wrestling with the real struggles
of the folks on the front lines.
We can use emoticons like smiley faces all we want -- adding
:-) or '-) or :-0 -- but emoticons don't convey subtleties or
innuendoes. Besides, different cultures use them differently.
The best carrier of meaning in the digital world is text. Using
speech -- including virtual speech -- and text effectively is
seldom taught. Yet "soft skills" are more important than ever in
a work place that relies more and more on computer technology.
The CEO of a large utility company told me he used to spend 85%
of his time on the generation and distribution of power, only 15%
on process issues. Now, he said, those percentages are reversed.
He agreed that 85% of the effectiveness of anyone at any job is
the "soft stuff" -- attitude, working well with others,
communication.
That CEO is not a touchy-feely kind of guy who can't wait to get
to the office to get his hugs. He's a left-brain executive more
comfortable with power grids than personnel. But managing people
during times of change requires that we pay attention to how
human beings link to one another, how energy and information
moves through the human as well as the electronic system. That
determines the real distribution of power.
The latest books addressing this issue call it management of
intellectual capital. When so many books on a single subject show
up on best-seller lists, it's best to treat the event as a
symptom rather than a solution. The symptoms show up for good
reasons, signalling a real need, but seldom provide the whole
answer.
Re-engineering, for example. Re-engineering was invented (duh!)
by engineers. They understood systems as if they were mechanical
and taught a process that restructured businesses through brute
force, a process better suited for rearranging marbles in boxes
than human beings in cubicles. In a recent interview in the Wall
Street Journal, Michael Hammer, one of the original re-
engineering gurus, acknowledged that he added two days to his
three-day seminar because he had not anticipated difficulty with
people. When asked what to do with people who could not adapt
easily to change. he had always replied, "Shoot them." He is
learning that the people are the system, and the coupling of
networked people and networked computers creates a single beast.
Ignoring how that hybrid learns, grows, and produces value
wreaked havoc in organizations that thought they were taking the
easy way out.
The recent emphasis on the proper use of intellectual capital is
one antidote to the excesses of re-engineering, a way to say that
knowledge and wisdom have to be managed, not ignored.
Of course, good leaders always knew that the engine of any
enterprise is the people who make it up, how they have learned to
work together, how they train and sustain one another -- in
short, the culture of the organization. They know too that how a
culture works is not always measurable. Their intuitive
understanding of creativity is a butterfly that can't be caught
with a calibrated net. So beware of books that reduce complex
human processes to simple grids.
Any integration of human beings and their technologies requires
that humans learn how to those technologies effectively to
minimize friction, generate and sustain energy, and keep tacking
back and forth across a straight line to our goal or vision. That
journey is a long-distance run, not a sprint, and a long-distance
run requires a different kind of training and a different kind of
discipline.
There are plenty of smart people in the work place, but sometimes
we need perspective rather than a quick fix. Perspective, Alan
Kay said, is worth 50 points of IQ. Wisdom may be scarcer than
intelligence, but it's nuclear fuel that burns clean and burns a
lot longer.