899 lines
40 KiB
Plaintext
899 lines
40 KiB
Plaintext
|
|
|||
|
|
|||
|
Computer underground Digest Sun Aug 9, 1992 Volume 4 : Issue 35
|
|||
|
|
|||
|
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
|
|||
|
Copy Editor: Etaion Shrdlu, III
|
|||
|
Archivist: Brendan Kehoe
|
|||
|
Shadow-Archivist: Dan Carosone
|
|||
|
|
|||
|
CONTENTS, #4.35 (Aug 9, 1992)
|
|||
|
File 1--Pack your bags -- Cud's moving!
|
|||
|
File 2--What's a "CuD?"
|
|||
|
File 3--Re: Another View of Bellcore vs. 2600
|
|||
|
File 4--Re: SURVEY: Is Big Brother Watching You?
|
|||
|
File 5--BellSouth Shareholders Note
|
|||
|
File 6--'Pirate' is PC?
|
|||
|
File 7--"Piracy:" Overstated? (Chic Tribune summary)
|
|||
|
File 8--'Zine Watch - 2600 and Boardwatch
|
|||
|
File 9--*NO MORE CHICAGO TRIBUNE ARTICLES*
|
|||
|
|
|||
|
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
|
|||
|
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
|
|||
|
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
|
|||
|
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
|
|||
|
Issues of CuD can also be found in the Usenet comp.society.cu-digest
|
|||
|
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
|
|||
|
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
|
|||
|
libraries; from America Online in the PC Telecom forum under
|
|||
|
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
|
|||
|
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
|
|||
|
European distributor: ComNet in Luxembourg BBS (++352) 466893.
|
|||
|
|
|||
|
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
|
|||
|
information among computerists and to the presentation and debate of
|
|||
|
diverse views. CuD material may be reprinted as long as the source
|
|||
|
is cited. Some authors do copyright their material, and they should
|
|||
|
be contacted for reprint permission. It is assumed that non-personal
|
|||
|
mail to the moderators may be reprinted unless otherwise specified.
|
|||
|
Readers are encouraged to submit reasoned articles relating to
|
|||
|
computer culture and communication. Articles are preferred to short
|
|||
|
responses. Please avoid quoting previous posts unless absolutely
|
|||
|
necessary.
|
|||
|
|
|||
|
DISCLAIMER: The views represented herein do not necessarily represent
|
|||
|
the views of the moderators. Digest contributors assume all
|
|||
|
responsibility for ensuring that articles submitted do not
|
|||
|
violate copyright protections.
|
|||
|
|
|||
|
----------------------------------------------------------------------
|
|||
|
|
|||
|
Date: Sat, 8 Aug 1992 02:47:19 -0500 (CDT)
|
|||
|
From: chip@CHINACAT.UNICOM.COM(Chip Rosenthal)
|
|||
|
Subject: File 1--Pack your bags -- Cud's moving!
|
|||
|
|
|||
|
Those who receive CuD via Usenet probably know the news by now: the
|
|||
|
%comp.society.cu-digest' vote is over and the newsgroup has been
|
|||
|
approved. This is good news -- even to the non-Usenet readers.
|
|||
|
Moving CuD out of the anarchistic %alt' hierarchy and into the
|
|||
|
mainstream %comp' distribution potentially brings a lot of new readers
|
|||
|
into the fray. (It also somehow gives an added air of legitimacy to
|
|||
|
the CuD.)
|
|||
|
|
|||
|
A summary of the voting results appears towards the end of this
|
|||
|
message. There will be another week or two for the voting results to
|
|||
|
be reviewed before comp.society.cu-digest is actually created.
|
|||
|
|
|||
|
If you are a Usenet reader who could not receive the CuD via
|
|||
|
alt.society.cu-digest, I urge you to drop your mailing list
|
|||
|
subscription once comp.society.cu-digest is operational. Yes, you
|
|||
|
will receive your CuD in the handy, easy-to-read Usenet format,
|
|||
|
without a single word edited, modified, or expunged! By switching
|
|||
|
over to Usenet you will save wear and tear on both our network
|
|||
|
bandwidth and our esteemed editors.
|
|||
|
|
|||
|
If you are a Usenet administrator -- or know somebody who is a Usenet
|
|||
|
administrator or aspire to someday become a Usenet administrator :-)
|
|||
|
please note the following:
|
|||
|
|
|||
|
* The name of the new newsgroup will be %comp.society.cu-digest'.
|
|||
|
|
|||
|
* The newsgroup will be moderated, and the address for submissions
|
|||
|
will be the CuD editors at <tk0jut2@mvs.cso.niu.edu>.
|
|||
|
|
|||
|
* If you maintain a %mailpaths' file, please ensure you update it
|
|||
|
properly.
|
|||
|
|
|||
|
* Once the new newsgroup is operational, the CuD will be cross-posted
|
|||
|
into both %comp.society.cu-digest' and %alt.society.cu-digest'
|
|||
|
for a period of approximately one month. This will give Usenet
|
|||
|
administrators and CuD readers a chance to switch over.
|
|||
|
|
|||
|
* After that one month period, the %alt.society.cu-digest' newsgroup
|
|||
|
will be decommissioned.
|
|||
|
|
|||
|
* Please do NOT alias the old name to the new name. The proposed
|
|||
|
changeover strategy should alleviate any such need.
|
|||
|
|
|||
|
Thanks to all who participated in the vote. If you have any questions
|
|||
|
or concerns about the newsgroup vote or the Usenet gateway, feel free
|
|||
|
to drop me a line.
|
|||
|
|
|||
|
Here are the final voting results:
|
|||
|
|
|||
|
PROPOSAL: comp.society.cu-digest
|
|||
|
|
|||
|
CHARTER: The Computer Underground Digest (moderated)
|
|||
|
|
|||
|
SUMMARY: This newsgroup will be used to distribute the Computer
|
|||
|
Underground Digest. The CuD is an open forum for
|
|||
|
issues relating to the phenomena of computer cracking.
|
|||
|
It has been in publication since 1990, and is widely
|
|||
|
distributed in a number of electronic forms. The CuD
|
|||
|
has been distributed via alt.society.cu-digest. The
|
|||
|
alt.society.cu-digest newsgroup will be decommissioned
|
|||
|
once the new newsgroup is stable.
|
|||
|
|
|||
|
|
|||
|
=== OFFICIAL VOTE TALLY ===
|
|||
|
|
|||
|
Total Votes Cast: 263
|
|||
|
Valid Votes Cast: 260
|
|||
|
|
|||
|
Ambiguous Votes: 3 (excluded from count)
|
|||
|
Yes Votes: 247 (95.00% of valid votes)
|
|||
|
No Votes: 13 (5.00% of valid votes)
|
|||
|
|
|||
|
Yes-No Margin: 234
|
|||
|
|
|||
|
Percentage Test: pass (is yes/valid >= 66.67%?)
|
|||
|
Margin Test: pass (is yes-no >= 100?)
|
|||
|
|
|||
|
VOTE RESULT: PASS (do both tests pass?)
|
|||
|
|
|||
|
|
|||
|
=== TOP TEN VOTING DOMAINS ===
|
|||
|
|
|||
|
6 ac.uk
|
|||
|
5 umd.edu
|
|||
|
5 orst.edu
|
|||
|
4 syr.edu
|
|||
|
4 mit.edu
|
|||
|
4 il.us
|
|||
|
4 eff.org
|
|||
|
4 cmu.edu
|
|||
|
3 upenn.edu
|
|||
|
3 uio.no
|
|||
|
|
|||
|
|
|||
|
=== DISTRIBUTION OF VOTES RECEIVED ===
|
|||
|
|
|||
|
7/13 9 *****
|
|||
|
7/14 86 ****************************************
|
|||
|
7/15 29 **************
|
|||
|
7/16 10 *****
|
|||
|
7/17 6 ***
|
|||
|
7/18 5 ***
|
|||
|
7/19 5 ***
|
|||
|
7/20 8 ****
|
|||
|
7/21 23 ***********
|
|||
|
7/22 17 ********
|
|||
|
7/23 5 ***
|
|||
|
7/24 3 **
|
|||
|
7/25 3 **
|
|||
|
7/26 0 *
|
|||
|
7/27 1 *
|
|||
|
7/28 6 ***
|
|||
|
7/29 18 *********
|
|||
|
7/30 10 *****
|
|||
|
7/31 8 ****
|
|||
|
8/01 2 *
|
|||
|
8/02 5 ***
|
|||
|
8/03 2 *
|
|||
|
8/04 2 *
|
|||
|
|
|||
|
|
|||
|
--
|
|||
|
Chip Rosenthal 512-482-8260 | Let the wayward children play. Let the wicked
|
|||
|
Unicom Systems Development | have their day. Let the chips fall where they
|
|||
|
<chip@chinacat.Unicom.COM> | may. I'm going to Disneyland. -Timbuk 3
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: Sat, 8 Aug 1992 09:23:01 (CDT)
|
|||
|
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
|
|||
|
Subject: File 2--What's a "CuD?"
|
|||
|
|
|||
|
With the change to comp.society.cu-digest, we assume that
|
|||
|
newcomers may not know what a "CuD' is. This seems like a good time to
|
|||
|
respond to the FAQs (for newbies, "frequently asked questions"). We've
|
|||
|
ignored some of the irrelevant ones (like "why doesn't Thomas cut his
|
|||
|
ponytail" --he did, sort of), and "Yo, d00dz, got any good codez?"
|
|||
|
(sigh). If we've missed any serious questions, let us know and we'll
|
|||
|
try again.
|
|||
|
|
|||
|
WHAT IS CuD?
|
|||
|
|
|||
|
Cu-Digest, or CuD, is a weekly on-line electronic journal/news forum.
|
|||
|
CuD began at the suggestion and encouragement of Pat Townson
|
|||
|
(moderator of Telecomm Digest) in March 1990. The federal indictments
|
|||
|
of Craig Neidorf (in the "PHRACK case" in Chicago) and Len Rose (in
|
|||
|
Baltimore) generated more posts than Pat could manage, and the nature
|
|||
|
of posts exceeded his Digest's Usenet charter. Jim Thomas and Gordon
|
|||
|
Meyer volunteered to collect the surplus posts, and Pat helped get it
|
|||
|
started. It was originally conceived as an interim forum that would
|
|||
|
quietly depart after a few months. Volume 1, in fact, was originally
|
|||
|
intended as the first and final volume in August '92, but a week later
|
|||
|
Volume 2 appeared because of the continuous material. As of this
|
|||
|
writing, CuD is publishing Volume 4.
|
|||
|
Each issue is about 40 K.
|
|||
|
|
|||
|
WHAT IS THE GOAL OF CuD?
|
|||
|
|
|||
|
The broad goal of CuD is to provide a forum for discussion and debate
|
|||
|
of the computer telecommunications culture. This culture especially
|
|||
|
includes, but is not limited to, the unique world of BBSes, Internet,
|
|||
|
and public access systems. We focus especially on alternative gropus
|
|||
|
that exist outside of the conventional net community. We try to focus
|
|||
|
on a broad range of issues that include news, debates of legal,
|
|||
|
ethical, and technical issues, and scholarly research of relevance to
|
|||
|
a broad audience of professionals and lay persons. Other than
|
|||
|
providing a context for an article if necessary, the moderators *do
|
|||
|
not* add commentary of agreement or disagreement. We see our role as
|
|||
|
one of facilitating debate, although we will do take part in
|
|||
|
discussions in separate articles.
|
|||
|
|
|||
|
WHO EDITS CUD?
|
|||
|
|
|||
|
Gordon Meyer and Jim Thomas publish CuD from Northern Illinois
|
|||
|
University. Gordon Meyer's MA thesis, "The Social Organization of the
|
|||
|
Computer Underground", was the first systematic attempt to place the
|
|||
|
social world of "phreaks, hackers, and pirates" in a context that
|
|||
|
looked at the culture, rather than the "deviance", of alternative uses
|
|||
|
of computer use. Gordon is currently a system engineer with a large
|
|||
|
national firm in the Chicago area. Jim Thomas, a professor of
|
|||
|
sociology/criminology at Northern Illinois University, is a prison
|
|||
|
researcher and qualitative methodologist. Gordon lured him into the
|
|||
|
"underground" world 1987, and he has since become interested in the
|
|||
|
legal and cultural issues of computer use.
|
|||
|
|
|||
|
WHY THE LABEL *UNDERGROUND*?
|
|||
|
|
|||
|
For some, the term underground connotes malice and a dark side of human
|
|||
|
activity. For others, including the CuD editors, it denotes
|
|||
|
alternative or unconventional activity. Like the "underground," or
|
|||
|
"alternative" press of the counterculture of the 1960s, the "computer
|
|||
|
underground" refers to types of behavior or characteristics of a
|
|||
|
subculture that are unique, cohesively identifiable, possessing norms,
|
|||
|
roles, and social expectations that define participants, and are
|
|||
|
considered socially marginal by the dominant culture. Like the term
|
|||
|
"hacker," there were originally no negative connotations associated
|
|||
|
with "underground" when the term was first used. The name "Computer
|
|||
|
underground Digest" was suggested with a bit of irony prior to the
|
|||
|
first issue (how, after all, can a conventional digest that is
|
|||
|
publicly accessible be "underground?"), and the name stayed. Early
|
|||
|
discussions to change the name seemed impractical once the "CuD"
|
|||
|
monogram was established, and the name stands.
|
|||
|
|
|||
|
IS CuD "PRO-HACKER?"
|
|||
|
|
|||
|
The term "hacker" has been grossly distorted by the media and law
|
|||
|
enforcement personnel, who use it synonymously with "computer
|
|||
|
intruders." CuD editors have repeatedly stated their own opposition to
|
|||
|
all forms of predatory and malicious behavior, including malicious
|
|||
|
computer intrusion. We accept Bob Bickford's definition of a "hacker"
|
|||
|
as someone who derives joy from discovering ways to exceed
|
|||
|
limitations. Hackers, in the original sense, referred to explorers who
|
|||
|
solved problems and exceeded conventional limits through trial and
|
|||
|
error in situations in which there were no formal guidelines or
|
|||
|
previous models from which to draw. In this sense, CuD is quite
|
|||
|
"pro-hacker," and we prefer the term "cracker" for malicious
|
|||
|
practitioners of the hacking craft. Exploration is good, predation is
|
|||
|
not. However, CuD encourages articles from all perspectives and
|
|||
|
attempts to provide a forum for reasoned discussion on all sides of
|
|||
|
an issue. CuD is against predatory behavior by any group, whether
|
|||
|
computer enthusiasts or those who oppose them. CuD is for civil
|
|||
|
liberties and for civilizing the electronic frontier by securing
|
|||
|
rights assumed in other social realms and by advocating protection
|
|||
|
from all forms of abuse.
|
|||
|
|
|||
|
Like rock 'n Roll and Richard Nixon, the computer underground culture
|
|||
|
has not, and will not likely soon, go away. It has become an
|
|||
|
entrenched part of computer culture. CuD attempts to document the
|
|||
|
computer culture and ease the transition as the culture moves toward
|
|||
|
the mainstream with articles that bridge the cultural gaps as
|
|||
|
telecomputing becomes an increasingly important part of daily life.
|
|||
|
The political, legal, economic, and social impact of changes in the
|
|||
|
new technology is poorly covered elsewhere. We see our goal as
|
|||
|
addressing the impact of these changes and providing alternative
|
|||
|
interpretations to events.
|
|||
|
|
|||
|
WHAT KINDS OF THINGS DOES CuD PUBLISH?
|
|||
|
|
|||
|
We encourage submissions on a broad range of topics, from articulate
|
|||
|
short responses and longer opinion pieces to book reviews, summaries
|
|||
|
of research, and academic papers. We especially encourage:
|
|||
|
|
|||
|
1. Reasoned and thoughtful debates about economic, ethical, legal, and
|
|||
|
other issues related to the computer underground.
|
|||
|
|
|||
|
2. Verbatim printed newspaper or magazine articles containing relevant
|
|||
|
stories. If you send a transcription of an article, be sure it
|
|||
|
contains the source *and* the page numbers so references can be
|
|||
|
checked. Also be sure that no copyright protections are infringed.
|
|||
|
|
|||
|
3. Public domain legal documents (affidavits, indictments, court
|
|||
|
records) that pertain to relevant topics.
|
|||
|
|
|||
|
4. General discussion of news, problems, or other issues that
|
|||
|
contributors feel should be aired.
|
|||
|
|
|||
|
5. Unpublished academic papers, "think pieces," or research results
|
|||
|
are strongly encouraged. These would presumably be long, and we would
|
|||
|
limit the size to about 800 lines (or 40 K). Longer articles
|
|||
|
appropriate for distribution would be sent as a single file and
|
|||
|
so-marked in the header.
|
|||
|
|
|||
|
6. Book reviews that address the social implications of computer
|
|||
|
technology.
|
|||
|
|
|||
|
7. Bibliographies (especially annotated), transcripts of relevant
|
|||
|
radio or television programs (it is the poster's responsibility to
|
|||
|
assure that copyrights are not violated), and announcements and
|
|||
|
reports of relevant conferences and conference papers are strongly
|
|||
|
encouraged.
|
|||
|
|
|||
|
8. Announcements for conferences, meetings, and other events as well
|
|||
|
as summaries after they've occured.
|
|||
|
|
|||
|
9. Suggestions for improvement, general comments or criticisms of CuD,
|
|||
|
and ideas for articles are especially helpful.
|
|||
|
|
|||
|
Although we encourage debate, we stress that ad hominem attacks or
|
|||
|
personal squabbles will not be printed. Although we encourage
|
|||
|
different opinion, we suggest that these be well-reasoned and
|
|||
|
substantiated with facts, citations, or other "evidence" that would
|
|||
|
bolster claims. Although CuD is a Usenet group, it does not, except
|
|||
|
in the rarest of cases, print post-response-counterresponse in the
|
|||
|
style common among most other groups.
|
|||
|
|
|||
|
HOW CAN I PUBLISH IN CUD?
|
|||
|
|
|||
|
To submit an article, simply send it to the editors at
|
|||
|
tk0jut2@mvs.cso.niu.edu. If you receive CuD on Usenet, you can reply
|
|||
|
(using the F or f commands) and your response will come directly to
|
|||
|
the editors and will not be distributed across the nets. If you do not
|
|||
|
have an article, but know of people who do, encourage them to send
|
|||
|
their work along. Although CuD is a forum for opposing points of view,
|
|||
|
we do prefer that articles a) be written in English, b) make sense,
|
|||
|
and c) are not out-dated.
|
|||
|
|
|||
|
Submissions should be formatted at 70 characters per line and should
|
|||
|
include a blank space separating individual paragraphs. Submissions
|
|||
|
may be edited for spelling and format, but no other changes are ever
|
|||
|
intentionally made without permission. Sigs are also removed to save
|
|||
|
bandwidth.
|
|||
|
|
|||
|
WHO READS CuD?
|
|||
|
|
|||
|
As a conservative estimate, CuD reaches about 30,000 to 35,000 readers
|
|||
|
each issue. According to monthly Usenet statistics, CuD averaged
|
|||
|
about 23,000 readers a month on alt.society.cu-digest. We estimate
|
|||
|
another 3,000 from the mailing list and feeds into various systems.
|
|||
|
BBS readership, judging from non-scientific sysop feedback,
|
|||
|
constitutes at least another 5,000, and public access systems
|
|||
|
(Peacenet, America Online, GEnie, CompuServe) constitutes the rest of
|
|||
|
domestic readership. Our figures do not include substantial European,
|
|||
|
Australian, or ftp distribution.
|
|||
|
|
|||
|
Judging from a survey we took in 1990 and from the feedback we receive
|
|||
|
from readers, CuD readers cut across occupational, ideological, and
|
|||
|
age lines. The overwhelming majority (about 80 percent) of the
|
|||
|
readership is college graduates About half is computer professionals
|
|||
|
or in related fields. The remaining half is distributed among a
|
|||
|
variety of professions (attorneys, journalists, academicians, law
|
|||
|
enforcement, students) and territory (the mailing list includes every
|
|||
|
continent except Asia and all west European countries).
|
|||
|
|
|||
|
HOW DO I RECEIVE CuD?
|
|||
|
|
|||
|
If you're reading this, you've already received it, and most likely
|
|||
|
you can just keep doing whatever you did to get it. If you aren't sure
|
|||
|
what you did, you can do any of the following:
|
|||
|
|
|||
|
CuD is *FREE*. It costs nothing. The editors make no profit, we take
|
|||
|
no money, we accept no gifts (but we drink Jack Daniels and lots of
|
|||
|
it, should you run into us in a pub). To receive CuD, you can access
|
|||
|
it from many BBSes and most public access systems. Or, if you have
|
|||
|
Usenet access, you can obtain it by subscribing through your local
|
|||
|
system to comp.society.cu-digest.
|
|||
|
|
|||
|
If you do not have Usenet access, you can be placed on a mailing list
|
|||
|
by dropping a short note to: tk0jut2@mvs.cso.niu.edu with the subject
|
|||
|
header: SUB CuD and a message that says:
|
|||
|
SUB CuD my name my.full.internet@address
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: Sun, 2 Aug 92 23:43 PDT
|
|||
|
From: john@ZYGOT.ATI.COM(John Higdon)
|
|||
|
Subject: File 3--Re: Another View of Bellcore vs. 2600
|
|||
|
|
|||
|
In Digest #4.34, Thomas Klotzbach gives a reasoned and rational view
|
|||
|
of the responsibility of a free press as it relates to the computer
|
|||
|
underground and specifically to the matter of recent publications by
|
|||
|
2600 of Bellcore material. I could agree with every point except for
|
|||
|
the fact that Mr. Klotzbach makes an invalid assumption upon which
|
|||
|
hangs the balance of his piece. His assertion (and I assume his
|
|||
|
belief) is that Bellcore has conducted its business in good faith and
|
|||
|
corrected "holes" and shortcomings in a timely manner.
|
|||
|
|
|||
|
Nothing could be further from the truth. Since the days of "The Bell
|
|||
|
System", AT&T and the Bell Operating Companies have been grossly
|
|||
|
negligent in the matter of security. It would be my guess that the
|
|||
|
term, "Security Through Obscurity", originated with Ma Bell. Rather
|
|||
|
than create systems that used password security or handshaking
|
|||
|
protocols, "the phone company" merely relied on the (mistaken) idea
|
|||
|
that the public was too removed from the technical workings of the
|
|||
|
nationwide telephone network to be a "threat" to the billing or
|
|||
|
privacy integrity of the system as a hole.
|
|||
|
|
|||
|
The classic example is the use of inband signaling which provided
|
|||
|
hundreds, if not thousands of enthusiasts (for want of a better
|
|||
|
euphemism) the ability to travel around the world on Ma Bell's dime.
|
|||
|
These people could literally control the network because of a serious,
|
|||
|
inherent flaw built into the system. The band-aid fixes were too
|
|||
|
little, too late and network security was severely compromised until
|
|||
|
the inband signaling was replaced with CCIS and its progeny.
|
|||
|
|
|||
|
The Busy Verify Trunk and No. Test Trunk holes, which are the focus of
|
|||
|
the 2600 fracas, are just a portion of dozens of similar such
|
|||
|
vulnerabilities in our national telephone network. Those of us who are
|
|||
|
intimately familiar (for legitimate reasons) with this network have
|
|||
|
known about these things for a long, long time. I, for one, would like
|
|||
|
to see them plugged. If the 2600 article manages to get one of them
|
|||
|
out of the way, more power to it.
|
|||
|
|
|||
|
But the policy of "The Bell System" and now Bellcore and the RBOCs
|
|||
|
seems to be to do nothing about any such problems and wait for some
|
|||
|
phreak to get caught with a hand in the cookie jar. After all, why
|
|||
|
bother to fix something if it is not a problem (yet)? It can become a
|
|||
|
problem (or an embarrassment) in one of two ways. A publication such as
|
|||
|
2600 can publicize the vulnerability situation; or someone can be
|
|||
|
caught taking advantage of it. In either case, Bellcore swings into
|
|||
|
action. For the former, threats of civil action for the publication of
|
|||
|
"proprietary" data does the trick. In the latter case, it simply hauls
|
|||
|
the perpetrator into court and garners as much publicity as possible.
|
|||
|
This has the dual purpose of intimidating others who may follow suit,
|
|||
|
and it obscures the fact that the whole problem was caused by
|
|||
|
Bellcore's own negligence.
|
|||
|
|
|||
|
It has been my experience in cases brought against accused phreaks
|
|||
|
that the prosecutors have not a clue what constitutes sensitive
|
|||
|
material. Bellcore exploits this to the hilt when it uses the long
|
|||
|
arm of the law in lieu of properly imbedded security features. Just
|
|||
|
ask Craig Neidorf. In all fairness, that particular incident involved
|
|||
|
an RBOC trying to fry Craig for something Bellcore was readily selling
|
|||
|
over the counter. And Bellcore is certainly not the only entity in
|
|||
|
the nation, or perhaps the world, that gives security less than prime
|
|||
|
consideration, just "hoping" that whatever is slapped together will be
|
|||
|
good enough. But just because a practice may be widespread does not
|
|||
|
make it legitimate.
|
|||
|
|
|||
|
The press has the right, nay the responsibility, to put these issues
|
|||
|
before the public eye. We as a society have long since progressed
|
|||
|
beyond the notion that there are just some things about which people
|
|||
|
should not know, care, or ask. Security through obscurity no longer
|
|||
|
can work in an enlightened society. A system or network is not safe if
|
|||
|
the only thing keeping people out is the fact that a trivial entry
|
|||
|
procedure is not widely known. Unfortunately, much of the nation's
|
|||
|
telephone network can still be thusly described. If the only way to
|
|||
|
get these holes plugged is to publicize them and literally force
|
|||
|
Bellcore and the RBOCs to do their duty, then so be it. If prestigious
|
|||
|
organizations such as Bellcore suffer a little embarrassment along the
|
|||
|
way, just consider that the market force at work.
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: Tue, 04 Aug 92 07:25:55 -0400
|
|||
|
From: (Lorrayne Schaefer) <lorrayne@SMILEY.MITRE.ORG>
|
|||
|
Subject: File 4--Re: SURVEY: Is Big Brother Watching You?
|
|||
|
|
|||
|
((MODERATORS' NOTE: As previous posts in CuD demonstrate, computer
|
|||
|
privacy in the workplace has become an important issue in the past
|
|||
|
year. Lorrayne Schaefer has been active in collecting data to enable a
|
|||
|
specific assessment of the types of policies currently in place in the
|
|||
|
public and private sectors. CuD will summarize the results of her
|
|||
|
findings when completed.))
|
|||
|
|
|||
|
The purpose of this survey is to collect data for a presentation that
|
|||
|
I will give at this year's National Computer Security Conference in
|
|||
|
October. I would like to thank you for taking the time to fill out
|
|||
|
this survey. If you have any questions, you can call me at
|
|||
|
703-883-5301 or send me email at lorrayne@smiley.mitre.org. Please
|
|||
|
send your completed survey to:
|
|||
|
|
|||
|
Lorrayne Schaefer
|
|||
|
The MITRE Corporation
|
|||
|
M/S Z213
|
|||
|
7525 Colshire Drive
|
|||
|
McLean, VA 22102
|
|||
|
lorrayne@smiley.mitre.org
|
|||
|
|
|||
|
This survey has been posted on some newsgroups a few months ago. This
|
|||
|
survey has also been distributed to various conferences over the past
|
|||
|
few months. All results will be in the form of statistical
|
|||
|
information and keywords. All participants will remain anonymous.
|
|||
|
|
|||
|
If you have responded to this survey, I give you my thanks. I cannot
|
|||
|
get a realistic enough picture without those who have spent some time
|
|||
|
answering these questions. For those who are responding to this
|
|||
|
survey now, thank you.
|
|||
|
|
|||
|
SURVEY: MONITORING IN THE WORKPLACE
|
|||
|
|
|||
|
1. What is your title?
|
|||
|
|
|||
|
|
|||
|
2. What type of work does your organization do?
|
|||
|
|
|||
|
|
|||
|
3. Does your organization currently monitor computer activity? (Yes/No)
|
|||
|
|
|||
|
|
|||
|
a. If yes, what type of monitoring does your company do (e.g.,
|
|||
|
electronic mail, bulletin boards, telephone, system activity, network
|
|||
|
activity)?
|
|||
|
|
|||
|
|
|||
|
b. Why does your company choose to monitor these things and how
|
|||
|
is it done?
|
|||
|
|
|||
|
|
|||
|
4. If you are considering (or are currently) using a monitoring
|
|||
|
tool, what exactly would you monitor? How would you protect this
|
|||
|
information?
|
|||
|
|
|||
|
|
|||
|
5. Are you for or against monitoring? Why/why not? Think in
|
|||
|
terms of whether it is ethical or unethical ("ethical" meaning
|
|||
|
that it is right and "unethical" meaning it is wrong) for an
|
|||
|
employer to monitor an employee's computer usage. In your
|
|||
|
response, consider that the employee is allowed by the company to use
|
|||
|
the computer and the company currently monitors computer activity.
|
|||
|
|
|||
|
|
|||
|
6. If your company monitors employees, is it clearly defined in
|
|||
|
your company policy?
|
|||
|
|
|||
|
|
|||
|
7. In your opinion, does the employee have rights in terms of
|
|||
|
being monitored?
|
|||
|
|
|||
|
|
|||
|
8. In your opinion, does the company have rights to protect its
|
|||
|
assets by using a form of monitoring tool?
|
|||
|
|
|||
|
|
|||
|
9. If you are being monitored, do you take offense? Managers:
|
|||
|
How do you handle situations in which the employee takes offense at
|
|||
|
being monitored?
|
|||
|
|
|||
|
|
|||
|
10. What measures does your company use to prevent misuse of
|
|||
|
monitoring in the workplace?
|
|||
|
|
|||
|
|
|||
|
11. If an employee is caught abusing the monitoring tool, what would
|
|||
|
happen to that individual? If your company is not using any form of
|
|||
|
monitoring, what do you think should happen to an individual who
|
|||
|
abused the tool?
|
|||
|
|
|||
|
|
|||
|
12. Is it unethical to monitor electronic mail to determine if the
|
|||
|
employee is not abusing this company resource (e.g., suppose the
|
|||
|
employee sends personal notes via a network to others that are not
|
|||
|
work related)? Why or why not?
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: Mon, 3 Aug 92 21:03:26 PDT
|
|||
|
From: Anonymous@CUP.PORTAL.COM
|
|||
|
Subject: File 5--BellSouth Shareholders Note
|
|||
|
|
|||
|
((Thought you might be interested in the following text from the
|
|||
|
BellSouth shareholder report. -ANON-))
|
|||
|
|
|||
|
Urgent Appeal To BellSouth Shareholders
|
|||
|
|
|||
|
The range of consumer choices, along with the future growth
|
|||
|
opportunities of BellSouth and the other Bell holding
|
|||
|
companies, would be sharply limited by H. R. 5096 - the
|
|||
|
"Brooks bill." This legislation is being pushed through
|
|||
|
Congress by giant media corporations as a means of keeping
|
|||
|
competition out of their lines of business.
|
|||
|
|
|||
|
PLEASE WRITE YOUR REPRESENTATIVE TODAY, EXPRESSING YOUR
|
|||
|
OPPOSITION TO H. R. 5096.
|
|||
|
|
|||
|
KEY POINTS TO MAKE WITH YOUR REPRESENTATIVE:
|
|||
|
|
|||
|
The Brooks bill must be stopped because it would:
|
|||
|
1. deny consumers access to a rich array of information services
|
|||
|
2. hurt domestic employment and
|
|||
|
3. stifle competition.
|
|||
|
|
|||
|
To obtain the name of your representative, call the U. S.
|
|||
|
Capitol at 202-224-3121. Mail your letter to your
|
|||
|
representative at U. S. House of Representatives,
|
|||
|
Washington, DC 20515.
|
|||
|
|
|||
|
For more about the Brooks bill, see pages 1 and 7 of this
|
|||
|
newsletter, and/or mail the enclosed card. You may also call
|
|||
|
1-800-522-2355, ext. 44.
|
|||
|
|
|||
|
Thank you for helping BellSouth preserve its right to
|
|||
|
compete.
|
|||
|
|
|||
|
Dear Shareholders:
|
|||
|
|
|||
|
We had a strong second quarter. Earnings increased 26
|
|||
|
percent, driven by growth in both our telephone and cellular
|
|||
|
businesses, and by continued cost control.
|
|||
|
|
|||
|
But the good quarterly results were clouded by a
|
|||
|
discriminatory bill that is moving through the U.S. House of
|
|||
|
Representatives this summer. And we need your help to defeat
|
|||
|
it.
|
|||
|
|
|||
|
BILL WOULD HURT CONSUMERS
|
|||
|
|
|||
|
H.R. 5096, also known as the "Brooks bill," would
|
|||
|
effectively legislate BellSouth and the other Bell holding
|
|||
|
companies (BHCs) out of promising areas of growth in the
|
|||
|
industry we know best. It would do this by enacting into law
|
|||
|
three of the line of business restrictions imposed by the
|
|||
|
courts at divestiture - including information services,
|
|||
|
which the courts already have allowed us to enter.
|
|||
|
|
|||
|
The bill is bad for customers, shareholders and employees.
|
|||
|
Customers would be deprived of many new services that could
|
|||
|
improve their quality of life. In fact, because BellSouth
|
|||
|
already has information services in operation, our customers
|
|||
|
stand to have the door slammed in their faces when it comes
|
|||
|
to enhancing and expanding existing services.
|
|||
|
|
|||
|
The Brooks bill would hurt shareholders, primarily because
|
|||
|
it severely limits our ability to increase the uses - and,
|
|||
|
therefore, the value - of the sophisticated network your
|
|||
|
capital has helped build.
|
|||
|
|
|||
|
LET CONGRESS KNOW WHERE YOU STAND
|
|||
|
|
|||
|
What can you do? Write or call your Representative in the
|
|||
|
U.S. House. Tell him or her that you. as someone with a
|
|||
|
substantial stake in BellSouth. oppose H.R. 5096 because the
|
|||
|
bill is anti-jobs, anti-consumer and anti-competitive.
|
|||
|
|
|||
|
I know many of you already have written to Congress because
|
|||
|
you sent me copies of your letters. But this issue is so
|
|||
|
critical to you, our owners. that I am asking you to write
|
|||
|
again.
|
|||
|
|
|||
|
You can affect what Congress does. and you can take action
|
|||
|
to protect your investment in BellSouth. Please add your
|
|||
|
voice to that of the Communications Workers of America (CWA)
|
|||
|
and hundreds of other groups who oppose the Brooks bill.
|
|||
|
Write your Representative now. and if you would also like to
|
|||
|
receive a briefing package on this legislation, please
|
|||
|
return the enclosed postcard. or call 1-800-522-2355, ext.
|
|||
|
44.
|
|||
|
|
|||
|
BellSouth and the CWA aren't afraid to compete for the
|
|||
|
customer's business.and we shouldn't be denied the
|
|||
|
opportunity to do so.
|
|||
|
|
|||
|
=======================================================================
|
|||
|
|
|||
|
Positioning BellSouth for the Future
|
|||
|
|
|||
|
Excerpts from Chairman John Clendenin's remarks at the annual
|
|||
|
shareholder's meeting in April.
|
|||
|
|
|||
|
"1991 was an extraordinary year in terms of positioning BellSouth for
|
|||
|
the future. What we're seeing is the natural evolution of a totally
|
|||
|
flexible new generation of telecommunications technology, and the
|
|||
|
freeing of people from the communication umbilical cord that has tied
|
|||
|
them to the office or the home."
|
|||
|
|
|||
|
"It's our conviction that the ability to combine wireless and wireline
|
|||
|
skills - often in partnership with others - will serve our customers,
|
|||
|
and hence our owners best."
|
|||
|
|
|||
|
"We're looking at our core telephone network in new ways, including
|
|||
|
the philosophy of how we use it. We aim to grow our business by making
|
|||
|
our core telephone intelligent network attractive for other
|
|||
|
information providers to use. We're looking at ways to deliver more
|
|||
|
services in joint efforts with others."
|
|||
|
|
|||
|
"RAM Mobile Data puts us on the forefront of another promising market
|
|||
|
- wireless data transmission. Ultimately, this new technology's growth
|
|||
|
is expected to parallel the explosive growth of cellular. There are an
|
|||
|
estimated 10 million potential mobile data users in the U. S. alone."
|
|||
|
|
|||
|
"We are on the leading edge of technology, and we are absolutely
|
|||
|
committed to staying there. Overseas and here in the U. S. we're
|
|||
|
setting the pace in developing all the technical and other skills it
|
|||
|
takes to give customers whatever it takes to communicate, whenever and
|
|||
|
wherever they want to."
|
|||
|
|
|||
|
"As competitors take local exchange business from us, we have to
|
|||
|
regain the freedom to get into other areas. Keeping our freedom to
|
|||
|
provide sophisticated information services, such as distance learning,
|
|||
|
is our top priority.
|
|||
|
|
|||
|
Eventually, these will be very important markets for us. But some
|
|||
|
powerful interests, particularly some big media companies that own
|
|||
|
newspapers and cable TV operations don't want us in information
|
|||
|
services, and they're lobbying Congress to take away the freedom we've
|
|||
|
gained from the courts.
|
|||
|
|
|||
|
If they have their way, BellSouth will be kept away from a big portion
|
|||
|
of the growing telecommunications pie in this exploding Age of
|
|||
|
Information."
|
|||
|
|
|||
|
"I've got a request: Write your U. S. Representative and your U. S.
|
|||
|
Senators. Let them know that BellSouth, the other Bell holding
|
|||
|
companies and America's consumers, shouldn't be denied information
|
|||
|
services to protect the financial interests of those big media
|
|||
|
companies. Tell them you oppose H. R. 5096, called the Brooks bill."
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: 28 Jul 92 16:54:14 EDT
|
|||
|
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
|
|||
|
Subject: File 6--'Pirate' is PC?
|
|||
|
|
|||
|
"Texas and the Pirates"
|
|||
|
|
|||
|
With all the publicity computer pirates have been getting lately -
|
|||
|
what with teenagers nonchalantly tapping into credit-card databases
|
|||
|
from their bedrooms and bands of foreign technophiles looking for
|
|||
|
vulnerable spots in computer networks that require high-level
|
|||
|
clearance to access - security firms are going all out to market
|
|||
|
their expertise to the nervous masses.
|
|||
|
|
|||
|
% info about the June Computer Security Institute conference deleted.%
|
|||
|
|
|||
|
The two-day conference includes seminars on topics such as "Securing
|
|||
|
the Simple Network Management Protocol" and "Protecting Against LAN
|
|||
|
Viruses." To the astute security observer, however, the title of
|
|||
|
one session - "Hackers and Your Network" - would certainly cause
|
|||
|
a gasp. As all politically correct technophiles know, hackers are
|
|||
|
legitimate computer enthusiasts; "computer pirates," by contrast,
|
|||
|
are those involved in technothievery.
|
|||
|
|
|||
|
Excerpted from the June 1, 1992 issue of
|
|||
|
INFORMATION WEEK, who should know better.
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: Sun, 9 Aug 1992 10:05:58 (CDT)
|
|||
|
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
|
|||
|
Subject: File 7--"Piracy:" Overstated? (Chic Tribune summary)
|
|||
|
|
|||
|
Summary from:
|
|||
|
"Yes, Piracy's Illegal, But not the Scourge it's Cracked up to be"
|
|||
|
Chicago Tribune, August 9, 1992 (Section 7, p. 7)
|
|||
|
By T.R. Reid and Brit Hume
|
|||
|
|
|||
|
Sunday Tribune computer columnists Reid and Hume challenged what they
|
|||
|
call one of the software industry's "periodic public relations
|
|||
|
campaigns to get people to believe it's being robbed blind by software
|
|||
|
pirates." They poked a bit of fun at a New York Time's front page
|
|||
|
story dramatizing the "scourge," noting that the industry's claim that
|
|||
|
pirates steal up to half of the annual total sales of $5.7 billion is
|
|||
|
"almost certainly rot.
|
|||
|
|
|||
|
The $2.4 billion estimate of purloined software apparently comes from
|
|||
|
a figure given out by the SPA (Software Publisher's Association) in
|
|||
|
1990. The SPA has increased this figure dramatically in 1992 (see next
|
|||
|
issue of CuD). As Reid and Hume correctly comment, "there is simply no
|
|||
|
way the software industry can estimate accurately how many illegal
|
|||
|
copies there are, and even if it could, it couldn't possibly determine
|
|||
|
how many of them represent lost sales."
|
|||
|
|
|||
|
Reid and Hume continue, making several points that pirates would agree
|
|||
|
with:
|
|||
|
|
|||
|
1. If you use a program, you should pay for it. Reid and Hume are a
|
|||
|
bit more adamant in their claim that that it's *not* ok to pirate
|
|||
|
software (a point on which pirates take exception). But, there is
|
|||
|
strong consensus among "elite" pirates that, as Reid and Hume argue,
|
|||
|
"it's particularly dishonest to use a stolen program for commercial
|
|||
|
purposes." Elite pirates might phrase it a bit differently:
|
|||
|
"Bootleggers are scum."
|
|||
|
|
|||
|
2. Sharing software can enhance sales. Reid and Hume argue that those
|
|||
|
who obtain an unpurchased copy of software that they like and use may
|
|||
|
find updates, instructions, and on-line help well worth the purchase.
|
|||
|
They also note that the shareware concept, based on free distribution
|
|||
|
of programs, has thrived and has made programmers quite successful.
|
|||
|
(See the September, '92, issue of Boardwatch Magazine, for a story on
|
|||
|
software industry awards).
|
|||
|
|
|||
|
|
|||
|
3. They, as do most elite pirates, strongly condemn the practice of
|
|||
|
copying an authorized program in a business and sharing it around to
|
|||
|
avoid the site license fees.
|
|||
|
|
|||
|
4. The pre-purchase use of software is "not such a bad thing" because
|
|||
|
it can help sales. It also provides users a chance to compare the most
|
|||
|
expensive programs, such as word processors, databases, spread sheets,
|
|||
|
and graphics programs, all of which are major expenditures for most
|
|||
|
users. It makes no sense to spend $480 to purchase dBase when Foxbase
|
|||
|
may be more suited to one's needs.
|
|||
|
|
|||
|
The columnists fall short of advocating responsible piracy, and they
|
|||
|
make it clear that they oppose unauthorized copying for profit or
|
|||
|
"free use" simply to avoid paying for a product that will be used.
|
|||
|
But it is refreshing to see the mainstream press begin to challenge
|
|||
|
the claims, and hopefully eventually the practices, of the SPA and
|
|||
|
others who associate "piracy" with "theft" and would rather
|
|||
|
criminalize the practice rather than take a more prudent approach to
|
|||
|
creative software sharing.
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: Sat, 8 Aug 1992 19:41:09 (CDT)
|
|||
|
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
|
|||
|
Subject: File 8--'Zine Watch - 2600 and Boardwatch
|
|||
|
|
|||
|
2600: The Hacker Quarterly--The Summer, '92 (Vol 9, #2) issue is out
|
|||
|
and includes articles on defeating *69 (automatic return call), a
|
|||
|
summary of the recent MOD indictments and a critique of its media
|
|||
|
coverage, Bellcore's plans for caller ID, a demon dialer review, and
|
|||
|
much more. Perhaps the best piece is by an anonymous government
|
|||
|
official who, while not in any way justifying or glorifying "hacking,"
|
|||
|
makes a strong case that if security and law enforcement personal would
|
|||
|
attempt to understand, rather than demonize, their "enemy," they would
|
|||
|
be far better at their jobs and reduce some of the tensions that exist
|
|||
|
between the two communities.
|
|||
|
|
|||
|
Information on 2600 can be obtained at 2600@well.sf.ca.us
|
|||
|
|
|||
|
Boardwatch: It gets slicker and better each issue. It's moving from
|
|||
|
simply "very good" to "dynamite!" At $36 for 12 issues, it's a bargain
|
|||
|
for serious modemers. The September issue includes the usual
|
|||
|
"Tele-bits" and "Internet News" features, along with the BBS numbers,
|
|||
|
ads that are actually fun to read, and a summary of the SIA Industry
|
|||
|
Awards for best software in the past year. In our view, attorney
|
|||
|
Lance Rose's monthly contributions alone are worth the price. Rose, a
|
|||
|
specialist in copyright law and author of SYSLAW (a guide to legal
|
|||
|
issues affecting sysops), focuses this month on the rumor that
|
|||
|
Apogee's game, Wolfenstien, is illegal because it may violate German
|
|||
|
law by including images of swastikas and other Nazi symbols, which
|
|||
|
some feel may violate a German statute that prohibits the perpetuation
|
|||
|
of their Nazi past. Rose addresses this in the broader context of
|
|||
|
censorship and sysop legal liabilities. He also notes that the rumor
|
|||
|
may have greatly enhanced the game's sales.
|
|||
|
Information on Boardwatch can be obtained from:
|
|||
|
jrickard@teal.csn.org
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
Date: Sun, 9 Aug 1992 11:51:31 (CDT)
|
|||
|
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
|
|||
|
Subject: File 9--*NO MORE CHICAGO TRIBUNE ARTICLES*
|
|||
|
|
|||
|
Even though we require posters to assure they have copyright
|
|||
|
permission for reposts they submit, this is not always done. We rely
|
|||
|
on posters, because we have no reasonable way of checking permissions.
|
|||
|
In the past year, we have received a disproportionate number of
|
|||
|
Chicago Tribune articles, so we called Joe Leonard, associate editor
|
|||
|
of operations in charge of granting copyright permission, to be sure
|
|||
|
electronic reprinting of Tribune articles was kosher. His three word
|
|||
|
response: "IT IS NOT!"
|
|||
|
|
|||
|
Leonard indicated that the Tribune has contracts with services for
|
|||
|
electronic copying services, and allowing others to electronically
|
|||
|
reprint Tribune articles would be a violation of their contract. He
|
|||
|
contended that he perceives himself as in the information business,
|
|||
|
not the newspaper business, and he will under no conditions give
|
|||
|
permission to reproduce a Tribune article electronically, because it
|
|||
|
puts him at risk with other information service providers. He
|
|||
|
indicated, however, that permission for hardcopy reproduction is more
|
|||
|
flexible. CuD will *NOT* accept reproductions from the Chicago
|
|||
|
Tribune. If there is any doubt about the copyright of a news story,
|
|||
|
the best rule of thumb is to err on the side of caution and summarize
|
|||
|
it, quoting only enough material that falls on the safe side of "fair
|
|||
|
use." When submitting a reproduced article (whether summarized or
|
|||
|
intact), be sure to include the entire reference (source, date, page,
|
|||
|
author).
|
|||
|
|
|||
|
------------------------------
|
|||
|
|
|||
|
End of Computer Underground Digest #4.35
|
|||
|
************************************
|
|||
|
|
|||
|
|