home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
CRYPT20.ZIP
/
CRPTLT.R20
next >
Wrap
Text File
|
1993-11-24
|
72KB
|
1,618 lines
CRYPT NEWSLETTER 20
-=Nov-Dec 1993=-
Editor & Publisher: Urnst Kouch
Tech Editor: Kohntark; Bureau Chief/Media Critic: Mr. Badger
CRYPT INFOSYSTEMS BBS: 818-683-0854
INTERNET: ukouch@delphi.com
------------------------------------
IN THIS ISSUE: The Virtual Unemployment Boom: The Bund
Plays On & Your "Virtual Boss". . . Mr. Badger embarrasses
himself with "The Joy of CyberSex" . . . the story on
"Network Security Secrets" . . . CAJR (Computer Assisted
Journalism Review) by Badger . . . KohnTark's News-Bites:
untruth in advertising & dial a military simulation . . .
Jim Lipshultz comments on corporate efforts to control virus
programming through legislation . . . Manipulating volatile
CMOS data with the K-CMOS virus . . . Firefly: an aggressively
anti-anti-virus virus with a visual marker . . . much more.
THE VIRTUAL UNEMPLOYMENT BOOM: BAD CRAZINESS ON THE ROAD
TO THE GREAT FREE-LANCE SOCIETY
The electronic sweatshop is here to stay. Having crept upon
us sometime around 1988, it now extends everywhere,
much to the gut-clenching dismay of journeyman American
computer programmers and techno-help who are now sharing a
national harvest of sour, rotting fruit from the burgeoning
"virtual workplace" they helped start.
Ironically, according to a late November issue of The Los
Angeles Times, they're being thrown out of work by an army
of cheap free-lancers descending from the former Iron
Curtain republics. The Crypt Newsletter has already noted
that Communist programmers from the eastern
Soviet states and Bulgaria were - according to anti-virus
software developers - so mad at a world which had passed them
by, they bent themselves to the incredible task of incinerating
the West's personal computers with an Old Testament-like
plague of computer viruses.
Although no solid statistical evidence existed to support
this wild story, it was repeated often enough in popular science,
news and computing magazines that it took on the patina
of truth.
The reality has been different. With Communism gone, the
same alleged disgruntled programmers have flooded into
Southern California, providing a cheap, malleable
pool of disorganized techno-labor.
The programmers, residing in the US as "guests" are thought
to number about 150,000 as compared to 1.5 million American
software programmers. The foreign nationals, unlike their
American counterparts, will work for minimum wage and some
California software developers like Sun Microsystems, which
hired 50 Muscovites, and Borland International which used
Hungarians to overhaul its ailing Quattro Pro package,
have been quick to employ them.
This has accelerated the trend toward the "virtual corporation"
or completely free-lance society in which the only real employees
of businesses are at the very top; where all other workers are
reduced to catch-as-catch-can service vendors, with the bottom
line bidding established by developing nation wage scales,
wage scales incompatible with what most Americans feel constitutes
an acceptable standard of living. In California, programmers
are merely the most recent citizens to be thrown to the jaws of
a developing free-lance community. Apparel, construction and
manufacturing workers have been there for some time already,
where they've been displaced by corporations which employ only
immigrants. This has fostered a blame-the-aliens mentality,
a mindset which blinds many to the real driving force, the idea
of a totally free-lance work force. That this would trash
any spirit of community or the fabric of regular American
society is not in the equation. Surprisingly, it has not been
a matter for significant debate in the mainstream media.
Perhaps the only data worth considering comes from the following
table, reproduced by the Times and generated by one Casper Jones,
a "Boston-based productivity consultant."
The cost of computer code per relative cost/unit:
Poland $155.00
Hungary $175.00
Mexico $200.00
United States $1,000.00 (an approximately five-fold increase
over Hungarian and Mexican code)
Management decisions become easy when the exhaust of human
existence is reduced to the banality of three-digit numbers.
In 1988, journalist Barbara Garson's "The Electronic
Sweatshop" predicted 1993.
Garson interviewed managers and decision-makers. One told
her computer programmers were mere process workers -
interchangeable, easily replaced, reducible to mechanized cogs,
only they hadn't yet realized it.
According to Edward Youlden, management consultant and author
of "The Decline and Fall of the American Programmer," it's
essentially a bed we made, and now it's time to lay in it.
American-designed software is kind of crappy and full of
bugs. "It's like the 1950's and 1960's, when we took it for
granted autos would have defects," Youlden told The Times.
In the conclusion of "The Electronic Sweatshop," Garson draws
powerful comparison between the first industrial revolution
and the creation of the automechanical, virtual workplace now
being installed by US industry. "It was a horrible hundred
years, justified in the name of progress," writes Garson.
". . . At this point, in the history of white collar automation,
we can still discern some of the irrational, antihuman choices
being made. A few years from now it will be difficult to see
that there might have been other ways . . ."
The current reduction of employees to free-lance, or at best,
temporary tools shows a profound, unconscious contempt for
the social contract on the part of American upper management.
Finally, the electronic sweatshop, or virtual workplace,
is arranged, according to Garson, "on the assumption that
most people are lazy, stupid or hostile."
THE VIRTUAL UNEMPLOYMENT BOOM II: FLOYD KEMSKE'S "THE
VIRTUAL BOSS"
Into the sucking void of the virtual workplace steps one of
the best pieces of speculative fiction published
this year, Floyd Kemske's "The Virtual Boss" (Catbird
Press, $19.95).
Kemske, who must sleep with his library of Franz Kafka
novels (the alert will note the author's initials, "FK"),
has created a near future where Barbara Garson's "The
Electronic Sweatshop" is taken to its logical conclusion.
It could easily be America in two years.
D. F. Jones is the head of Information Accuracy, Inc.,
a cryptic consulting and analysis firm in Boston. Jones
has turned over the firm to complete supervision by
an artificial intelligence software construct. All workers
report through terminals to the software. The software
hectors them electronically, following employees into homes
through computerized TV's and the average pc; it even
interrupts the harried while they peck at bank ATM's on
breaks. One idiot savant, D. F. Jones's son, lurches about
the building with a hand-held scanner, vacuuming all loose
paperwork into the computer. Workers cower and either try
to commit everything to memory or construct elaborate plans
to avoid the scanner man. Petty notes wind up in the
computer's memory, used to bully workers into frightened
submission with the ultimate threat: "You'll lose your job."
[Aside: Those who enjoy their humor twisted and
sardonic may recall D. F. Jones was the author of "Colossus:
The Forbin Project," that sci-fi novel which presupposed
mankind's affairs being completely supervised by military
supercomputer. Forbin, who installed Colossus, like
"The Virtual Boss's" D. F. Jones, was writ as a social misfit,
incapable of even keeping his wife's interest. Colossus, like
D. F. Jones's company system in "Virtual Boss," metamorphoses
into its instigator's father confessor.]
Jones has put the system in place, not because he knows anything
about technology or computers per se, but because he hates
dealing with people, period. The distrust springs from a series
of disastrous jobs where Jones himself worked for inhuman
creeps, or was a complete management failure.
An early telemarketing job puts Jones under a pig martinet named
Bernard who rants, "Go down your list and call each one. Ask
him if he needs assistance in grabbing his ass with both hands.
Tell him we've got well-educated and highly-credentialed
ass-grabbers who will come to his fucking institution and show
him how to do it. Tell him that some of them are even capable
of remaining sober for the occasion and many of them have never
been in jail. Got that?"
Jones stumbles into the top position at Information
Accuracy and proceeds to alienate or dismiss every one of the
current employees except for Linda, a brainlessly chattering
systems programmer. Jones and Linda get it on, which encourages
Linda to suggest installing the management software. Jones
digs the idea, strongly believing that employees not pressed
into atomized, isolated labor exist only to slow
the rush to profit. Linda, of course, is dismissed
by the software after it no longer needs her tweaking.
Symbolically, she gets canned after the system backs
itself up successfully onto an old, creaky tape drive. By
then the programmer is suffering brain-clamping panic
seizures at the prospect of having to grapple with the want
ads, this world's lowest ring of Hell.
"The Virtual Boss" is a pearl of great price, humorous and
absorbing but black as sack cloth. And it portrays software
and computers as they are: The "Virtual Boss" does not talk,
it is not multimedia; there are no virtual reality Wehrmacht
helmets, no mirror shades, no shimmering holograms, no cyborg
brain sockets which spring from "the matrix" - just
the subliminal hum of the monitor, the empty blinking of the
cursor, the exploding shadow box and implacable artificial
intelligence of software, throttling the spirit until
it liquifies into thin, characterless gruel.
APPENDIX: SOME FINAL NOTES FOR YOUR VIRTUAL UNEMPLOYMENT
BOOM CLIPBOARD
>>Philips Electronics in Dordrecht, Netherlands, recently
announced it would move equipment and jobs to Hungary,
taking advantage of lower wages in eastern Europe. Forty
of a staff of 300 at the Dordrecht factory would be canned by
the move. The factory manufactures drive motors for
video recorders, CD players and computers.
>>IBM Deutschland announced in November it would
eliminate 9,500 jobs by 1995, more than one third of
its current work force. Worldwide, IBM has stated it will
cut at least 85,000.
IN THE READING ROOM: "THE JOY OF CYBERSEX" AND
MR. BADGER - TOWARD A NEW CAD (Computer Assisted
Degradation) PARADIGM
Mr. Badger has just returned from an extended trip to
Wyoming. As the lamas of eastern lore, I have ascended
the snowy peaks and meditated upon the nature of truth
while subjecting the body to a rigid denial of fleshy
desires.
I descend from the mountains kinder of disposition and
purer of heart. So, of course, this review is about smut.
Cybersmut, precisely: a review of a book about "cybersex."
But, paradoxically, much of the book, called "The Joy of
CyberSex," is spent explaining how "cybersex" doesn't
really exist. Have I lost you yet? Thought so. Let me
start anew. But pay attention, because I'm only going to
explain it once.
"The Joy of CyberSex" is published by Brady. Subtitled as
"The Underground Guide to Electronic Erotica," it features
the kind of pithy cover blurbs which beg for a Crypt
Newsletter review.
"Disk Inside! Erotic fun and games with 'Strip Poker Three'
and 'Jigsaw Pinups!'"
"Reviews of the 'steamiest' software and adult CD-ROMs,"
"Keyhole views into the backrooms of more than 30 online
bulletin boards," "Computers and Sex? That's right - you
no longer need a warm-blooded partner to attain the heights
of sexual pleasure and fantasy. In fact, these days all
you need is some RAM, a few quick strokes on your keyboard,
and a good color monitor. With 'The Joy of CyberSex,' computer
terms such as 'hard drive,' 'interfacing,' and 'spreadsheets'
will take on totally new and provocative meanings. You'll
discover the new wild and steamy world of digital erotica -
how to tune in and get turned on! From the relatively
tame online services, to the frontiers of the sexually
bizarre and explicitly interactive, you'll find your
every desire satisfied."
Astute readers will have already divined everything they need
to know about this book. Are you an astute reader? Sharpen
your #2 pencils then, class, because mixed with
the various points I feel compelled to make, there is
another Crypt Newsletter pop quiz in store.
Now, by the spirits of Babbage, Boole, and von Neumann, how
long must we suffer with atrocious syntax in computer
related books? Does the acquaintance with binary
numbers somehow destroy the brain cells that store vital
details of English grammar? Is a book that sells for
$24.95 not worth proofreading?
So, in Question #1: Which of the following does NOT
appear in the first ten pages of "The Joy of CyberSex?"
a. "A computer with a modem that just sits there,
stupid and silent, waiting for you to call up a
telecommunications program."
b. "Take a picture from a from your own collection,
scan it, and then it's on your disk."
c. "Either way, to avoid racking up excessive on-line
charges mulling over file options, it's a smart idea to
first the text file that catalogs and describes
the various files."
Answer: C -- it appears on page thirteen. I admit, it was
a trick question.
Next: Why, oh why, do writers keep coming up with such ludicrous
techno-jargon?
Even more vexing: Why do the authors create ridiculous words
for things that don't exist? Has the Dr. Seuss library become
required reading in classes on writing about technology?
Question #2: Which of the following terms is NOT used in
"The Joy of CyberSex?"
a. Teledildonics
b. Neuromimetic Sexual Experience
c. Cyberlex
d. CAM -- Computer Assisted Masturbation
Answer: D -- Another trick question! I made it up!
"Masturbation," however, is almost unused in
the book; I could find it only three times, courtesy
of Nick, founder of NixPix, an adult BBS, in interview with
him. It's odd the authors of "CyberSex" don't refer
to masturbation more. How curious that they speak of
dirty talk via telephone and modem as "Cybersex."
Imagery, by CD-ROM, .GIF, etc. - are all "Cybersex."
But not masturbation.
Sorry to be old-fashioned, mates, but the Oxford English
Dictionary calls this "masturbation." Let me offer a
guideline for those still lost:
Look down. Is it your hand? If so, it's "masturbation."
As for "teledildonics," I already know that it has been used
by WELL icons like Howard Rheingold. It's STILL ridiculous, a
close second to "Cyberlex," this book's way of providing
"Quickie definitions of on-line communications terms."
Stupid me. I thought these things were called glossaries.
Which brings us to our next question. How did the authors
manage to make erotica sound so nerdy?
Question #3: Which of the following quotes is NOT found
in "The Joy of CyberSex?"
a. "Hooking the modem up is pretty easy - see the
modem manual. It will will tell you to plug the
modem inside the computer or to some jack on its
back (things are getting frisky already!)."
b. "Computers have wonderful little openings, and so
do you and I. And a truly arousing experience on
our friendly machines often requires something slipping
in and out . . . You also need to 'turn on' the
machine before it'll do anything nice. The analogy
between the roles of software telling the computer what
it will be, and what it will be able to do, to that
of sperm carrying its own DNA messages is also obvious.
So too is the analogy between the computer's operating
system at one receiving end, and a woman's egg at the
other."
c. "If you're looking for some discreet companions
into poker and good fellowship, then check out Kami
and her pals in "Strip Poker Three."
"It looks somewhat cruder (technically speaking) than
the strip poker in the 'Fox Pack,' but it gets down
to bare essentials a whole lot faster. Here's to good
times, Ace."
d. "Liquor in the front, poker in the rear."
Answer: D. The first three are in the book. The
"Joy of CyberSex" has more gayly arch
nudge-nudge-wink-wink paragraphs than I could stand
to quote.
"CyberSex" also exhibits such mutually contradictory
approaches that multiple personalities would be an
advantage in reading it.
I can imagine a meeting at Brady where everybody had
a little input:
Editor: This is hot. We can capitalize on sex, the
oldest motivating factor of all. And on the information
highway, one of the biggest news stories of the year.
Lawyer: We can't get too explicit, though. We don't
want to risk publishing anything that could be
considered pornography by local community standards.
Author: People _want_ to hear about the underground
BBS's and we can say a lot about the available graphics.
Publisher: But we can't risk being held up by Pat
Robertson on the 700 Club. We do need to keep the
readers interest, though.
In the end, everybody got what they wanted in "CyberSex,"
except the reader, who is stuck with the type of humor
normally not seen outside of comic book conventions.
Mentioning comic book conventions brings me to the
"Hot Disk!" What kind of segue is that, you ask?
Comic books and computer disks are the only two
items in the world that, having no intrinsic worth,
become valuable when placed in plastic or mylar sleeves.
Which brings us to our fourth and final test
question:
Question #4: The Joy of CyberSex Fantasy Disk:
a. Contains a couple of crippled computer
programs.
b. Tries to sell you mail-order copies of the
real programs.
c. Is all of the above, AND so boring that it
is now accepted anesthesia in most major
hospitals.
Answer: C. Two programs are included: Strip Poker Three
and Jigsaw Pinups. Strip Poker Three can only be
described in Artworx Software's own words:
"There are three opponents to play against. Switch
the opponent display at any time by clicking the mouse
on the smaller opponent to swap opponents. Point
and click the mouse (left button) to select bet options,
bet amounts and cards to discard.
"The demo ends when each opponent loses three articles of
clothing.
"The retail version, of course, goes much further.
Since this is just a demo, once a computer opponent loses
an article of clothing, all you get to see is the smaller
window image; the main image remains the same."
What does the "retail version" cost? Again, in their
own words:
"We are making a special half-price offer to purchasers
of CYBERSEX: purchase STRIP POKER PROFESSIONAL at the
regular $49.95 and you can purchase any DATA DISK,
JIGSAW PINUPS or CENTERFOLD SQUARES for HALF PRICE!!!
"Each DATA DISK for STRIP POKER PROFESSIONAL has two new
opponents. There are six DATA DISKs. The retail price
for each DATA DISK is $24.95. You can purchase any or
all six DATA DISKs for just $12.50 each!!!"
Let's see here: Seventy-five dollars ($74.50 off
the retail price!) will buy pictures of 12 women. An
additional fifty dollars will buy the program
to see the pictures. Then the purchaser will then have
to play a silly-assed game of poker as these pictures
slowly become more and more revealing. And for
some reason readers of "The Joy of Cybersex" will
want to do this instead of just going to the newsstand
and buying twenty to twenty-five Playboys/Penthouses
(normal price $4.95, special issues $5.95) for the
same amount of money.
If, somehow, these quotes and facts haven't seemed funny
to you, JIGSAW PINUPS may be for you. On sale to
"Joy of Cybersex" readers for only $15.00 (regular
price $29.95), it lets you assemble pictures and
". . . each pinup has a number of HOT SPOTS, which
elicit a response (kiss, giggle, etc.) . . . when a
piece is placed containing one, the sound is made, and
when the puzzle is complete, pinup makes a comment.
You may touch the HOT SPOTS for responses or click
RIGHT mouse button to have pinup repeat comment."
Again, for consumer purposes, $15.00 will buy the
next three year's worth of Sports Illustrated's swimsuit
issue.
"The Joy of CyberSex" had a number of contributors, and
one of them saved this book from being a total waste.
Part three of "CyberSex," entitled "Mama Told Me Not to
Come: Over the Lines and Across the Boards" was
written by Nancy Tamosaitis. As a review of
twenty-eight "adult" boards, I had expected
a rehash of BBS ads. Tamosaitis did much better by
not only choosing a wide range of systems to review
but by also capturing the feel and tone of each with
deft choices in republished electronic mail posts from
the systems profiled.
This section was larger than all the other chapters
combined, and it deserved more room. Providing breadth
and depth without gilding the lily is something of
an abandoned art in American journalism. To see it
practiced is a pleasure.
The rest of the chapters included an overview of
computer usage, reviews of CD-ROM videos, CD-ROM picture
collections, computer games, computer magazines
and virtual reality. By the end of the book, where
there are reviews of hardcopy magazines such as Wired,
Mondo 2000, and Future Sex, one gets the feeling that
somebody was really reaching for filler. This
is probably due to the writers having so little to examine.
CD-ROM videos, for instance, are fighting a poor scan
rate that makes their movies appear clunky.
And CD-ROM picture collections are not sufficiently
different or superior to old fashioned porno magazines.
Interactive computer games still leave much to be desired
as emulations of sex, much less as a substitute for it.
In fact, to say they emulate sex at all is specious.
Regular Crypt readers already know that virtual reality
can barely imitate a walk around the kitchen, much less
offer a simulacrum that can match the body's ability
to feel heat, pressure, and texture. All in all,
"The Joy of CyberSex" turns out to be content that
can't live up to the hype.
Rather obvious, though, don't you think?
BOOKS RECEIVED:
>>"On the Cutting Edge of Technology" multiple authors, Sams
Publishing; $22.95
A collection of articles on "gee-whiz" technology. If it's
a buzz word, "Cutting Edge" has a chapter on it: fractals,
fuzzy logic, morphing, artificial life, and so on. Ask
your local library to get it as a good basic introduction.
Better yet, buy it and donate it to your local high school.
>>"Morphing Magic" by Scott Anderson, Sams Publishing; $29.95.
>>"The Magic of Image Processing" by Mike Morrison, Sams
Publishing, $39.95.
Both authors contributed to "On the Cutting Edge of Technology."
As the titles indicate, Anderson's book concentrates on
morphing and Morrison's covers a wider range of image
manipulation.
"Morphing Magic" includes source code for C programmers wishing
to experiment. It also packs a fair amount of
math needed to understand this, so if the world of
Cartesian coordinates sends you into apoplectic seizures,
forwarned is forarmed. The accompanying disk includes simple
morphing software, the author's own movie player and some images
to toy with.
"The Magic of Image Processing" takes a more relaxed, less
technical approach: Crypt readers can take a clue from the
diskettes, which contain only programs that work inside
Windows.
------------------------------------------------------------
"NETWORK SECURITY SECRETS" BENEFITS FROM PUBLIC ACCESS
INFORMATION ON THE DEPARTMENT OF TREASURY'S 'UNDERGROUND'
SECURITY BULLETIN BOARD SYSTEM
"Network Security Secrets," by David Stang, Ph.D., and
Sylvia Moon, (IDG Books, $49.95) is the first mainstream
publication which benefits directly from the accumulated
data on Kim Clancy's Dept. of Treasury bulletin board
system (AIS), gagged earlier this year.
Those unfamiliar with the case only need to know a bulletin
board supervised by the Department of Treasury contained
unadulterated hacker files which were given to callers
interested in the material. Other computer security workers
and anti-virus developers mounted a smear campaign which
landed in the pages of The Washington Post, causing the
system to withdraw the information. The original argument
had been that it was information which would most benefit
security managers unable to find the material elsewhere.
The publication of "Network Security Secrets," proves
the argument a valid one, although it tries hard to deny
it.
In keeping with the political correctness of the times
(read _hypocrisy_), the book fails to directly cite the
material gathered from the Dept. of Treasury system
while reprinting portions of it essentially verbatim.
Of course, this makes "Network Security Secrets" a very
interesting read.
One of Stang's central points in "Security Secrets" is that
good security stems from bringing necessary information
to the workers employed where the rubber meets the road.
This practice, he writes, is often opposed to management
interested only in imposing a rigid heirarchical structure
on the workplace. The workers who will have to deal with
security problems such as intrusion from desk-top
dial-ups, password and access control plus the occasional
virus aren't thought to be trustworthy enough to be
brought into the information loop.
"Network Security Secrets" says this is bad and it's correct.
Consequently, where does quality information come from; where
is it gathered?
In the chapter "Bulletin Boards and Security" under "Looking
at the Dark Side," Stang published a screen display taken from
the Department of Treasury, of which he says, "We doubt
the agency was aware of this part of its board," which
presumes quite a bit, incorrectly, I might add.
In any case, "This part of the board" lists the hacking
files culled from PHRACK and other underground journals
and BBS's. The data addresses viruses, telephonic and network
security concerns. "Manly Hacking" is one such entry.
Written by "Shit-Kicking Jim," it was only found on Clancy's
sytem prior to publication in a later issue of PHRACK.
"Network Security Secrets" also reprints an underground
document gained from AIS called "Hacking Novell Local
Area Networks" and marks it with one of those happy
little icons computer books are seeded with to satisfy
readers whose reading comprehension is deemed not much
beyond "First Grade Coloring Book Exercises."
The icon is a treasure chest marked "Secret: This icon
points to information which gives some special insight
into network security."
The book also republishes material on network hacking
programs NETCRACK and GETIT, a resident password and
keystroke leech, all gained from AIS.
So that answers the question: Yes, information written
by the computer underground is valuable, worthy of
exposure in a $50 mainstream computer volume.
By the same token, Stang writes, "This is a sensitive
subject, and some may argue the information may land into
the wrong hands. We'll argue that it's already in the
wrong hands and the 'good guys' need to know what
they're up against." And that's the same argument Treasury
used to defend AIS, a system Stang labels from "the Dark
Side." What a poor sport!
Stang and Moon wrestle on and off with the idea of
information access throughout the book, coming down
more in favor of those who weirdly think that by publishing
such information, you somehow endorse it.
They mention book publishers who specialize in so-called
fringe subjects as lock-picking and personal revenge.
"No, we won't give you their address!" they write.
In the same paragraph "Network Security" mentions
"Make 'Em Pay," one paperback devoted to practical jokes
and payback techniques. Published by Lyle Stuart, I
found "Make 'Em Pay" in the humor section of Crown
Books, the largest generic bookstore chain in
California. So much for the stone reality of access
control, a reality which corporate management appears to
work hard to ignore.
Despite these major idiosyncracies, "Network Security
Secrets" is still a better than average book on the
subject. Stang works hard to avoid jargon, failing
only when he hands off to someone else in a chapter on
encryption: ". . . the DES was promulgated by NIST to
provide a system that protects the confidentiality
and integrity of the federal government's sensitive
unclassified computer information. FIPS PUB 46 is
based on work at IBM and has been approved as the
American National Standard X3.92-1981/R1987."
Sadly, it appears there will never be a shortage of
computer writers who specialize in jargo-hackese.
"Network Security Secrets" also sports a slight,
dry sense of humor. On bulletin boards, Stang writes
"Does the software include the use of a SYSOP-editable
trashcan file of caller names that are immediately
ejected ('hacker,' 'crap,' 'John Dvorak," and so
on)?" I had to laugh at that one.
At $50, even with two diskettes, "Network Security" isn't
cheap. But it does give you your money's worth as
a reasonably detailed overview of PC network security.
[Addendum: Stang, who represents Norman Data Defense
Systems, was the man the Secret Service called when its
networks were contaminated with the Satan Bug virus.]
---------------------------------------------------------
MR. BADGER ON CAJR: COMPUTER ASSISTED JOURNALISM
REVIEW (pronounced "caj-ur," accent on the first
syllable)
As readers of the last issue may recall, I had
rather harsh comments for two of this nation's
"differently-abled" minorities: journalists and
trekies. That was good, because they're scum.
But the mysterious and invisible powers that administer
the steel-toed boots of retribution to all tellers
of truth have cast their eyes upon the lowly Mr. Badger.
Caught digging holes where no badger has dug before,
I find myself reviewing not one, but TWO articles
from separate journalism magazines. But more
pyschologically troubling, honesty forces me to review
an entire book filled with characters from
"Star Trek: The Next Generation."
The first piece was printed in the November/December issue
of the Columbia Journalism Review. Written by Katherine
Fulton and entitled "Future Tense: The Anxious Journey of a
Technophobe," this article is a miniature Horatio
Alger story of one journalist's rise from technophobe
to technophile.
It's fairly easy to empathize with a seasoned editor -
ten years experience - who suddenly tries to grasp the
significance of computer technology while
at Harvard. I think most readers would enjoy this tale
because Fulton exhibits two classic traits of a hacker:
A willingness to get in over one's head, and a desire to
figure out whether the "authorities" are full of crap.
Her three-point advice to fellow journalists ought
to be embossed on computer monitors across the country:
- Put your feet up [a reading list]
- Get paid to learn
- Explore
Fulton recommends "Wired" magazine [ . . . pause,
while we wait for the local authorities to talk Urnst into
relinquishing the clawhammer he's brandishing crazily],
but she's a beginner and just hasn't had the opportunity
to read the Crypt Newletter. Mr. Badger will grade on
a curve and give the article a solid A+ [once Urnst
puts that gun metal claw tool down].
For those interested, there is also an article on
"Newsweek InterActive," a CD-ROM version of Newsweek.
Bah!
The November AJR features a piece called "Small Paper, Big
Project." It's written by Christopher Feola, "technological
guru" for The Waterbury Republican-American, a mid-sized
daily in Connecticut.
Normally, Mr. Badger gives a heavy penalty stroke to
"technological gurus" that have their picture taken with
an unopened Microsoft Windows box in the foreground.
But anybody who has convinced a newspaper publisher to
pay for two thousand dollar laptops for staff reporters
deserves no small measure of respect. (It has been rumored
that newspaper publishers originally invented copper wire
by pinching pennies so hard they had to find something
new to do with the deformed coins, now extruded to
gossamer length.)
[Note bene: Yes, Crypt readers, the above is true. In 1823,
the NPAA applied for a patent on the "wire editor" but
was turned down by the US Patent Office on the grounds that
it's impossible to patent people. "Wire editor"
eventually came to have a different meaning altogether:
the person in charge of making sense of the nonsense that
comes in on the "information highway."]
Examples of Feola's good sense and advice
abound. To whit:
"Look around your newsroom. Somewhere there is a computer.
That's the one you need to get started. There are lots of
great reasons for this: You should start with basic
software, most of which runs on just about any machine you
can find; and you're a lot more likely to get management to
pop for new equipment once you've started showing what you
can do with it.
" . . . there are always three more things you need before
you start doing computer-assisted journalism: a faster
computer, a bigger disk drive to store your data and better
software . . . Get on with it.
"In the end, readers just don't care if you do a story on
a multi-millon dollar Cray or a $3.98 calculator - as long
as it's interesting."
That's great advice from a mainstream journalist. Amazing.
What will be next, righteous televangelists? Honest
politicians? Efficient government?
The only thing wrong is AJR's editors letting Feola get away
with fool-speak like "computer-assisted journalism," which
I've noticed sneakily sneaking into other publications.
What? Doing your stories on the dumb terminal linked to the
editorial mainframe isn't "computer-assisted journalism"?
Filing from remote through the Tandy in 1989 (early Radio
Shack portable with modem for you simpletons) wasn't "CAJ"?
Using Telenet/Tymnet services to get at the VU/TEXT data
retrieval system wasn't computer-assisted? Were the Keebler
elves doing all of it? May a computer virus eat your
lead-in.
What "computer-assisted journalism" really
means is this: Reporters and editors are finally
hammering their skills into line with reality.
End of rant, we now resume regular transmission.
Last, and least, is the book "20th Century Computers
and How They Worked: The Official Starfleet History of
Computers" (Alpha Books), written by Jennifer Flynn.
It is touted as the textbook for use at "Starfleet Academy."
The "research" was done by "Lt. Commander Data, Operations
Manager, U.S.S. Enterprise." So you get the idea:
a presentation similar to a Time-Life book on how computers
work laced with "Star Trek: TNG" ambience.
Readers will not be shocked to hear that Mr. Badger wants
to bring back the inflatable punching bag (you know, the kind
with a bean bag at the bottom that little kids used to hit
so they could watch it bounce back). New versions are to carry
the image of Gene Roddenberry and be placed in all
pre-school and kindergarten centers. There we will instill
in impressionable young minds the one true foundation of
western civilization: Don't give nerds an excuse to
congregate OR the right to assemble.
Readers _will_ be shocked and amused, however, by the fact
Mr. Badger actually enjoyed "20th Century Computers." Oh,
it's full of Star Trek quotes, Star Trek pictures, more Star
Trek quotes, Star Trek diagrams, more Star Trek quotes, and
even finishes with an appendix of Star Trek "technical
notes."
Regrettably, it's filled with Star Trek humor, too.
"One major disadvantage to using dot-matrix printers was
the noise they made . . . A colleague of mine who runs a
museum showed me one of these early printer devices . . . and
after hearing it work, I must say it's a wonder that human
hearing ever survived the twentieth century.
--Dr. Kate Pulaski, M.D., Starfleet Medical"
Ha. Ha. Ha.
Wry references like it litter the book. My personal
favorite was in miniscule print by a diagram of how a CD-ROM
worked:
"Pursuant to Starfleet T.K.O. #1363K05/1
Approved for Publication Stardate 46588.24
Declassified Information"
Intentional or not, I enjoyed seeing that disclaimer by
numerous items like monitors and processor boards. I guess
the editors are cynical enough to realize the National
Security Agency will still be playing a role in "security"
matters in the far future.
Yes, "20th Century Computers" is geeky and I am shamed.
But the actual computer instruction was comparable to
the "Intro to Computers" class Mr. Badger was force-fed
at the local technical college. And the production
values were better, too. And no, I will not speak about
this again. Ever.
--------------------------------------------------------------
OF INTEREST: IRON JOE BOB BRIGGS, A HACKER?
Really bored? Then grab a copy of the just out in paperback
"Iron Joe Bob" by drive-in movie raconteur Joe Bob Briggs
(Atlantic Monthly, $12.00).
Joe Bob is a man's man with the answer to why the Western World
is run by wimps. Think of him as a modern day Spengler,
only you don't get all the dense prose and phil-O-ZAW-fi-GULL
neologisms. That's right! This is just the book for those
who like a daily draught of Arkansas polio weed.
In "Iron Joe Bob," Joe Bob timetables the national erosion
of privacy:
"1973: All men are entitled to all information about their
government.
1976: All men are entitled to all information about their
government and their politicians and anybody running for
office.
1980: All men are entitled to know everything about anybody
who's running for office, in office or just a big shot.
1984: All men are entitled to know everything about anybody
who's rich.
1987: All men are entitled to know everything about anybody
who's a movie star or athlete or anything else where it seems
like they're getting way too much money for whatever feeble
thing it is that they do.
1991: All men are entitled to know everything about everybody."
Man, it really makes sense when it's written like that.
Joe Bob also knows why plastic pen pocket-protecter packing
programmers like Bill Gates can't be trusted, too.
"The guy who scores 1500 on his SATs. These people are
psychopaths. They've spent seventeen thousand hours
at a computer terminal by the age of twelve, and they will
never have any social skills until at least the age of
fifty-five, when they're on their fourth wife. They're
the kind of people who insult everyone around them - not
because they're trying to but because they're not paying
attention. They're so proud of their minds, they have no
hearts. They're great for talking about black holes -
because they are black holes.
"We tried these guys . . . They worked at Los Alamos
during the war. We're still trying to clean up after
'em."
Ha! Urnst Kouch says "Iron Joe Bob" is hot because if
you know what I'm talking about, and I THINK YOU DO,
it has everything you want to read, including: nekkid
ladies, lezzie fu, beer and a whisky fu, hooker fu,
liberal bashin' fu and conservative stompin' fu. Five
stars. Check it out.
SHE'S A MUST TO AVOID:
In what must be the most fatuous use of computers this
month, TIME - the glossy newsmagazine for Philistines
and zero-brain tallywhackers, employed morphing software
to blend 40 anonymously perfect models into "The New
Face of America." Although astonishing to the editors,
"The New Face of America" looked suspiciously like any
of the 40 or so anonymously perfect models now preferred
by MTV, women's fashion magazines and the stinko
cologne/perfume ads which making reading publications
controlled by the aristocracy such a drag.
With the sunny, self-congratulatory tone which is de facto
style for the magazine, editor James R. Gaines wrote,
"As onlookers watched the image of our new Eve begin to
appear on the computer screen, several staff members promptly
fell in love. Said one: 'It really breaks my heart she
doesn't exist." We sympathize with our lovelorn colleagues,
but even technology has its limits. This is a love that
must forever remain unrequited." [Violins swell in background.]
Crypt Newsletters recommends lovelorn readers impress TIME
editors with the limits of postal technology, perhaps by
remitting a small wax-sealed parcel of dried, pressed roadkill
as a unique token of unrequited appreciation.
--------------------------------------------------------------
NEWS-BITES
by K$hntark
SOFTWARE UPGRADES: UNTRUTH IN ADVERTISING, PEACE IS WAR,
2 + 2 = 3, ETC.
A couple of months ago, Central Point Software sent to all of
its registered customers a full color upgrade brochure that
included PCTOOLS v8.0a for DOS, PCTOOLS for Windows V1.0,
Central Point Antivirus (CPAV) V2.0 and others.
What caught my eye about the new CPAV 2.0 were these claims:
"Central Point Antivirus is the only product that
uses an expert system to detect new viruses. . ." and
"The analyze feature is quite extraordinary . . . it is one
of the best pieces of software I have ever seen," credited
to Simon Shepherd, of the United Kingdom Computer Virus
Certification Center." [One wonders what the organization
actually does, certify computer viruses? For what?]
Fair enough.
But I was curious. How could something like CPAV 1.4,
the first program to use - and I am not making this up,
an "Idiot-System" - suddenly develop into something
that claims to be the only software to use an expert system?
(Note that both Frisk Software's F-Prot and Thunderbyte's TBAV
use the mouthful, "rule-based heuristic analysis," which
currently passes for "expert systems" INSIDE the industry.) I
guess Americans have a better marketing sense than these
Icelanders and Dutchmen. And a taste for carefully chosen
dissembling that sells product.
When I compared prices between CPAV V2.0 ($29.95) and
PCTOOLS V8.0a ($49.95) and considered that the PCTOOLS
advertisement mentions "Included are the same backup and
AntiVirus Utilities we sell separately . . ." I decided to
purchase PCTOOLS V8.0a.
After a quick delivery, I tore open the package and
tried the version of CPAV included in PCTOOLS on my set of
anti-heuristic viruses. Strangely, I could not find the
famous "analyze" feature; nor could I find anything in the
documentation about the hyped "expert system."
I noticed, too, that when the program was run, either on
command line mode or on the menu system, the version
of the program was unseen, except when you pull
down the "about" choice from the main screen.
I found that the version of CPAV that comes with PCTOOLS 8.0a
is version 1.4 and NOT the one advertised in the brochure
(version 2.0). This is sold separately.
The trick is simple, the purpose clear: When the average
user sees the ad they will purchase PCTOOLS thinking they
are getting the latest version of the utilities sold
separately.
When the difference in versions is noticed, if
ever, it might be too late to return the product
and it will be time to purchase the newer, separate
version of CPAV out of fear since "Every month, over 100
NEW viruses threaten to destroy your data," according to
Central Point Software. (We wondered where those 100 NEW
destructive viruses are coming from, since the
virus-programming groups now seem to be writing politically
correct "good" viruses . . . Imagine! Politically correct
viruses! Another reason to damn the neo-intellectual
shoeshine boys and girls of US academia! But that's a story
for another day. Anyway, I guess 100 Jerusalem
variants count as "NEW.") Unfortunately, none of the original
investment in Central Point software is preserved.
This spells: More cash money to Central Point Software and,
clever marketing trick, read S-C-A-M, to the customers.
Irate users that might have fallen into the trap of
deceptive advertising, are greeted with the following from
Central Point Customer Service telephone representatives: "I am
sorry, but to get CPAV 2.0, you must purchase it
separately."
When an explanation is asked as to why this was not stated
anywhere in the upgrade brochure/advertisement the following
number was given in order to "Register a complaint":
503-690-8088.
After calling this number (No 800 number to register
a complaint?) I didn't received any rationalization, or
even an explanation!
As this article went to press, I received yet another
advertising brochure from Central Point Software selling
PC Tools Pro, which NOW contains Central Point
Anti-virus 2.0
Conclusion: From now on, I will be upgrading this software via
a local pirate system.
Central Point has inadvertantly given idiot potency to
the following phrase, popular among software thieves: Copy
that floppy! Please do not report me to the Business Software
Association, dear reader.
DIAL A MILITARY SIMULATION
The US Army is making details of its computer models and
simulations available to anyone with a modem and an IBM
compatible computer, Bloomberg Business News reported.
The Models and Simulations Army Integrated Catalog, or
MOSAIC, provides "a central comprehensive catalog of existing
Army models and simulations," the Army says. Downloading
information from MOSAIC is free.
"They can get information from our combat, medical,
training, or educational models, or on almost anything the
Army models," said MOSAIC administrator Wanda Wharton. None
of this information is classified. MOSAIC can be accessed
with a 2400-baud modem by dialing (703) 607-3528 or with a
9600-baud device at (703) 607-3529.
Source: NEWSDAY, Thursday November 4, 1993.
--------------------------------------------------------
A READER CHAMPIONS THE FEDERAL GOVERNMENT,
INDEPENDENT VIRUS RESEARCHERS AND THE 1ST AMENDMENT
On June 28th (Vol.7, Issue 16, P.26) of this year, Federal
Computer Week published an article by John Stein Monroe
entitled "McAfee Champions Virus Protection". I must take
exception to many of the statements ascribed to Mr. McAfee.
In the interview, Mr. McAfee asserts that:
"...the government is less willing than any other user group
in the country to openly address its computer virus problem."
I cannot help but ask the following: How does it serve
Anti-Virus Product Developers (AVPDs) to know the approximate
number of microcomputer virus incidents affecting the
federal government over the past year? Would the information
be used to scare the public into thinking that they are
doomed to some kind of virus-related catastrophe if they do
not buy anti-virus software? I have to wonder if AVPD
figureheads like Mr. McAfee are really crying out, like
Henny-Penny, "THE SKY IS FALLING!" in hope of boosting
sales.
Next, Mr. McAfee states that:
"By keeping mum, the government is making it difficult to
contain the problem . . . Vendors and researchers who could
help address the problems can't fight what they can't see.
If the government doesn't open up and cooperate with the
anti-virus community, knowledge of the viruses never reaches
the research community. Before we can get our hands around
the problem, [government agencies] must be open about the
scale of the problem."
This argument is incredibly weak! Surely we are not so
ignorant as to believe the last sentence in the quote? As I
see it, Mr. McAfee is trying to say that if the federal
government collectively gave accurate information on all
virus infections, he and other vendors could then stop virus
infections by using the statistical data collected
(excuse me while I break away from the keyboard for a good
long laugh!). What he really means is that this information
would be used to promote his product so sales and stock
prices would increase (simple Econ 101). Isn't that what
good marketing and being in business is all about?
Other statements made in the interview illustrate an opinion
I've held for quite a while: That there really is no BIG
virus epidemic, contrary to what the public has been led to
believe.
"Part of the struggle in the industry is convincing computer
users that the problems exist," said McAfee. "Virus awareness
has grown in stages . . . we have turned the corner a number
of times."
The first turn, said McAfee, was in 1989, when the national
press picked up the story of a virus expected to hit users
nationwide.
But the virus, Datacrime, "did not amount to much of
anything, which put off the press for some time."
The next turn came in February 1992, when several
computer vendors shipped products infected with the
so-called Michelangelo virus . . ."
At this point, Federal Communications Week failed to report
that nothing significant happened then either! It must be
hard to convince computer users they have a virus problem
when major infections are rare. Of course, it doesn't help
that the AVPDs themselves have been guilty of crying
"Wolf!" a few times too many.
Two years ago analysts in the antivirus field were
predicting a geometric explosion of viruses, with over
30,000 new variants forcast by the mid-1990s. Actual numbers
have shown this to be erroneous. As for the Michelangelo
virus, it's my understanding that Mr. McAfee himself was the
source of the statement that 5 million machines would be
infected by that virus in the USA alone . . .
It cannot be denied, however, that some companies have been
seriously affected by computer viruses. On National Computer
Virus Awareness Day, Federal Communications Week stated that
Rockwell International and Nydex Corporation came forward to
tell of their woes of infections in the hundreds. My
questions to these companies would be:
o Do you back-up your data?
o Do you have security or anti-virus software installed
on your computers?
o Are your employees allowed to use software from home
on their PCs at work?
o Is all software installed on your microcomputers
registered?
o Most important, have you instituted a security
training program for your employees?
What I am saying is that SLOPPY computer practices will
sometimes net you a virus. A computer virus poses a
negligible threat if the user possesses the fundamentals
of common sense, ethics, and basic knowledge of computer
operations.
I found the next comments by John McAfee in Monroe's piece
to be self-serving and misleading; as inflammatory as if they
had been made by some two-bit demagogue:
"But the greatest concern is the virus writer community
itself, where the social incentive to write viruses far
outweighs any legal disincentive . . . Individuals have
collected into virus writing groups, with names such as
Nuke, Schism [sic] and Terminator, and have set up
electronic bulletin boards for disseminating their
programs. These people can get access to such boards only
when they have earned the right by successfully infecting
a network."
How absurd! I sign-on to about two dozen virus BBS's across
the USA, some of which are maintained by virus-writing groups
while others belong to independent virus researchers. Not
once have I been asked to do anything illegal to get full
access on these boards! I have also noticed that if anyone
posts a message advocating illegal activities, the board
sysop first warns the individual to "cease and desist," then
terminates that person's access if he/she persists in posting
such messages. Individuals who post messages boasting of
infecting PCs and networks, as Mr. McAfee avers, are considered
"lame" and undesirable vandals.
When it comes to disseminating viruses, anti-virus product
developers are no slouches themselves. If writing a program
that replicates is made illegal, then most, if not all, of the
anti-virus industry should be arrested for distributing viruses
among themselves and to the public. They could start
by arresting John McAfee for sending me over a hundred
viruses in January of 1991 (I have all correspondence and
original floppy disks sent by McAfee Associates, if they wish
me to produce proof.) And how about the international
trafficking of viruses? At the National Computer Security
Association's Anti-virus Product Developer's conference
in 1990, I witnessed Alan Solomon of S&S International,
a British anti-virus company, hand out floppies which
allegedly contained the latest European viruses to
the "Good Old Boys Anti-Virus Group," as he and his
colleagues joked and laughed like children in a candy store.
Moving on, Mr. McAfee's next comments are only statements of
the obvious:
"But under current legislation, such operations are perfectly
legal."
Like it or not, writing viruses is protected under our
first amendment! I hope the ACLU will test it in court if
the vendors do succeed in getting some computer illiterate
Congressman to pass a law.
"The only crime is to introduce a virus on a system by
subterfuge."
Of course, it is and _should_ be a crime. And yes, how true,
when someone commits a crime it IS illegal.
"Imagine if it were legal to steal an automobile."
What does stealing a car have to do with viruses? We are
agreed that car theft and purposely infiltrating a virus
into a system are both illegal. As much as I loath analogy
in debate, since John McAfee has introduced this example
I shall extend it. As a car owner, you protect your vehicle
by installing safeguards to deter the thief. Similarly,
you protect your PC from viruses by following a few simple,
common sense tactics, including the use of an anti-virus
product. In fact, those who own or use a microcomputer
should be following these procedures as a matter of course,
simply because there are so many other hazards which can
harm the data stored on a PC. It seems that instead of an
intelligent, articulate discussion of the issues, McAfee
prefers to resort to cheap emotional pleas in order to
elicit a Pavlovian response from the reader. I have not seen
these tactics rivaled since the movie "The Trial of Billy
Jack"!
"According to McAfee, society needs to tackle the problem
with appropriate legislation. 'Until we address it nothing
we do from a technical stand point is going to have a great
long-term effect.'"
So far, virus protection vendors have done a reasonably good
job of keeping up with the proliferation of viruses, McAfee
said, but unless legal action is taken, "the anti-virus
community will be overwhelmed."
I would like to direct John McAfee's attention to an article
called "VIRUS MYTHS," written by Mr. Viktor Meyer-Schornberger
of Ikarus Software, which appeared in the International
Computer Security Association's March 1992 Virus News and
Reviews journal.
The article references European analysts who extrapolated
over 30,000 new viruses by the mid-1990s. It then goes on to
state that the facts do not support such a conclusion. If
"minuscule and insignificant variations among viruses are
disregarded", the number drops to about 750.
This number included viruses which have never been found in
the "real" world, are used for research purposes, or are
extinct. Mr. Meyer-Schornberger estimates that of these 750
viruses, 10 percent pose a significant risk, 50 percent a very
slight risk, and the remaining 40 percent, no risk at all "to
the average computer user".
The article also refutes the myths of a worldwide virus
pandemic, virus invisibility (stealth viruses), and an
impending virus "Armageddon," which seems to be the thrust
of Mr. McAfee's remarks.
John McAfee does his best to sound the alarm about the virus
threat, yet he fails to do his homework. A study performed
by the Jinbu Corporation in 1993, on threats to computer
systems, illustrates my point. In the Jinbu study,
losses attributable to computer viruses added roughly to 2
percent of the whole. The most notable part of the study
showed that 50 percent of all losses were, and still are,
attributed to user error. Based on John McAfee's
reasoning, should we not then enact laws against human
stupidity?
The last statement in Monroe's article is priceless:
"McAfee said he believes that laws will get through only
when the problem is so severe that someone in a sensitive
government agency, such as the Justice Department, has a
virus problem of near-catastrophic proportions . . . 'At that
point, I think we will see some legislation,' he said."
After such irresponsible statements by John McAfee, the
Justice Department should discontinue its site license for
his anti-virus software, which Justice has had for the past
several years! Is McAfee hoping and praying for a catastrophe
to happen to the Justice Department? Has he no faith in
his own product's ability to stop viruses? The scope of any
law passed as a knee-jerk reaction to the viral destruction
of data at any major institution would be suspect, and
comparable to the edict which unjustly interned
Japanese-Americans at the outset of World War II.
Whether or not the federal government advertises virus
infections will not materially affect the number of virus
incidents one way or another. In fact, the federal government
is heading towards as compliance with whjat is known as a
C2 level of security. C2 in and of itself resolves the virus
problem! ALL VIRUSES ARE HARMLESS IN A FULLY IMPLEMENTED C2
ENVIRONMENT! A C2 operating system will not release security
controls to any software program. System resources such as
memory are released back to the operating system upon
logging off of any user on the system or network. A user
introducing unauthorized software - or viruses - into the
system should not even be able to execute the software, let
alone write to the file server, without going through the
system administrator. The bottom line is: The demand
for anti-virus products will wane as systems become
C2 compliant!
I find it repugnant that vendors want to control the
public's behavior and freedoms when they cannot agree to a
code of ethics among themselves.
Education and moral behavior, not legislation, are the
answer to eradicating viruses. The anti-virus vendors
should stick to research and development, programming and
product enhancement - that's their field of expertise.
They should stay out of the legislative arena and leave
our Constitution alone.
I value my freedoms highly; I hope others value theirs
equally.
--James F. Lipshultz, Esquire
Special thanks to Frank Tirado for assistance in preparation
of this article.
*********************
[James F. Lipshultz has served on the editorial
staff of the computer security magazine, Virus News and
Reviews.]
-----------------------------------------------------------
TECHNICAL STUFF IN THIS ISSUE:
Crypt Newsletter 20 kicks off with editor KohnTark's K-CMOS
virus, a program designed to show you how viruses can
manipulate the data in CMOS RAM.
There are few examples of such viruses; the EXEbug is
probably the most widely recognized, a boot sector infecting
program which uses CMOS data manipulation to make its
removal from an infected hard disk a task for the trivial
user.
While most anti-virus programs have tools which save and restore
CMOS data, few protect it from change. Viruses, or
any software, can manipulate this data with impunity.
Because K-CMOS unhooks your mounted hard disks in the CMOS,
it is imperative you read the accompanying documentation
CAREFULLY and THOROUGHLY before trying out the program. If
you haven't done already done so, now would be a good time to
familiarize with the CMOS BIOS setup program which can be
called by hitting the <Del> key on computer power up. Bring
up this set up and take a look at the values stored in the CMOS,
page through the menus - maybe even write down your setup
so in case something ever does derange it by accident,
you have at least a vague idea of where to start. Only
after you feel comfortable changing this data from
the setup screens should you begin to experiment with
K-CMOS. It's an interesting learning tool, but it isn't
for the dilettante.
Also included are the FIREFLY viruses, aggressively anti-
anti-virus viruses which glue together features from the
LokJaw, YB-X and Proto-T viruses. Firefly, by Nikademus,
also ties a visual marker to the timer tick interrupt,
causing a slow cycle through the keyboard NumLock,
CapsLock and ScrollLock light emitting diodes. The effect
is a twinkling on your keyboard when the virus is in
memory and infecting files, making Firefly easy to find
and rather inconceivable that it would escape on a system.
Firefly is encrypted and also incorporates the anti-heuristic
code demonstrated in Crypt Newsletter 18. Firefly
will behave badly if a number of anti-virus programs are
executed when it is in memory by deleting them on load.
This comprises a minor "expert system" in the virus, in
effect giving it some comprehensive recognition of common
anti-virus software and how to deal with it if used in
a trivial manner. The net effect for a user is either to
learn to scan for viruses from write-protected diskette,
ensure that the machine is always booted clean and is thus
free virus control, or to rename all anti-virus software
from default installations.
[Thanks to Nikademus for the Firefly contribution to
this issue.]
Remember, even outside of CMOS data corruption, the included
viruses can append themselves to your executable files,
perhaps beyond your ability to remove them. Back up your
data first and don't work with them if you have no idea
what you're doing (unless you enjoy annoying mishaps
on your PC).
Also included in this issue are Black Wolf's Picture
Encoding Utilities, a set of public domain programs
designed to let you embed messages, data or code in a picture
file of limited format. The utility of Picture Encode is for
that situation on the network where uuencoded or encrypted
data raises a stink, but does not alleviate the need for
some measure of privacy or secure transmission. Picture
Encode allows you to try your hand at embedding data
of any nature in an innocuous picture file of your choice.
The accompanying documentation in README explains how to
use Picture Encode. Picture Encode's source code is
included so that you may inspect the programs at your
convenience.
The newsletter thanks Black Wolf for Picture Encode.
------------------------------------------------------------
FINDING/OBTAINING/LOVING THE CRYPT NEWSLETTER:
----The Crypt Newsletter is also available in a slightly
abridged format from the Compuserve and Delphi on-line
services. On Compuserve, the newsletter is stored in
the journalism forum's "Papers/Magazines" and "Future
Media" on-line libraries (GO JFORUM). And it is stocked
on Cyber Forum in the "Literary" library (GO CYBERFORUM).
On Delphi, the newsletter can be retrieved from the Writers
and Internet General Database special interest groups.
----A complete set of 20 back issues of The Crypt Newsletter
along with special editor's notes can be obtained on diskette
by sending $30 cash, check or m.o. to:
George Smith
1454 East Orange Grove, 7
Pasadena, CA 91104
Remember to include a good mailing address with any
correspondence.
----Want to ensure the Crypt Newsletter remains a good read?
SHOW YOUR SUPPORT. Send $10 for six issues, or a box of
diskettes to the Crypt Newsletter address above. You'll
also receive an automatic account with full access
on the Crypt InfoSystems BBS! Urnst Kouch will laugh
at your jokes, even if they're not funny! Quite a deal.
----CryptNet - the Crypt Newsletter's exclusive mini-echo
is now up and running. Bouncing around in Southern
California, CryptNet has fresh news and comical gossip
about the latest issues of interest to alert Crypt
readers. Call Crypt InfoSystems to see it (818.683.0854).
----Hypertext readers of the latest issues of the newsletter
are also availabe directly from Crypt InfoSystems.
--------------------------------------------------------------
*CAVEAT EMPTOR*
What is the Crypt Newsletter? The Crypt Newsletter is an
electronic document which delivers deft satire, savage
criticism, feature news, media analyses, book reviews
and more on topics of interest to the editor and the
computing public. The Crypt Newsletter also reviews anti-virus
and security software and republishes digested news of note to
users of such. The Crypt Newsletter ALSO supplies analysis
and complete source code to many computer viruses made expressly
for the newsletter. Source codes and DEBUG scripts of these
viruses can corrupt - quickly and irreversibly -
the data on an IBM-compatible microcomputer - particularly when
handled imperfectly. Ownership of The Crypt Newsletter can damage
your reputation, making you unpopular in heavily institutionalized
settings, rigid bureaucracy or environments where unsophisticated,
self-important computer user groups cohabit.
Files included in this issue:
CRPTLT.R20 - this electronic document
K-CMOS.ASM - source code to K-CMOS virus
K-CMOS.SCR - DEBUG scriptfile for K-CMOS sample
FIREFLY.TXT - source code to FIREFLY virus
FIREFLY.SCR - scriptfile for FIREFLY sample
README - READ ME file for Black Wolf's picture
encode utilities
ENCODE.* - source code and executable to Black
Wolf's Picture Encoding Utilities
DECODE.* - source code and executable to Black
Wolf's PictEnc
PUTSCR.* - source code and executable to PictEnc
utilities
MESSAGES.* - illustrative examples of PictEnc
NEWMESS.DAT - illustrative examples of PictEnc
To assemble programs in the newsletter directly from scriptfiles,
copy the MS-DOS program DEBUG.EXE to your work directory and
type:
DEBUG <*.scr
where *.scr is the scriptfile of interest included in this issue.
-------------------------------------------------------------------
So you like the newsletter? Maybe you want more? Maybe you
want to meet the avuncular Urnst Kouch in person! You can
access him at ukouch@delphi.com, as well as at Crypt InfoSystems:
818-683-0854/14.4.
Other fine BBS's which stock the newsletter are:
CRYPT INFOSYSTEMS 1-818-683-0854
MICRO INFORMATION SYSTEMS SERVICES 1-805-251-0564
THE HELL PIT [NUP: BRIMSTONE] 1-708-459-7267
MONDO GORDO! 1-615-791-8050
CITY OF ILLUSIONS 1-818-447-2667
THE VINE/CHICAGO INST. FOR VIRUS RESEARCH 1-708-863-5285
OKLAHOMA INSTITUTE FOR VIRUS RESEARCH 1-405-634-4866
DRAGON'S DEN 1-215-882-1415
RIPCO ][ 1-312-528-5020
AIS 1-304-480-6083
CYBERNETIC VIOLENCE 1-514-426-9194
THE OTHER SIDE 1-512-618-0154
DARK COFFIN 1-215-966-3576
DIGITAL DECAY 1-714-871-2057
THE COMPLETE SOLUTION 1-707-459-9058
XANTH 1-905-826-0622
KGB 1-714-772-7039
THE BLACK FOREST (midnight to 8 am) 1-817-369-6489
Please note, BBS's tend to come and go with some regularity, results
for you may vary.
*********************************************************************
Editorial content within the Crypt Newsletter is (c)opyrighted by
Urnst Kouch and Crypt InfoSystems News Services, Inc. 1993, unless
otherwise noted. Republishing it without prior consent is graceless
and corrupt. Ask first.
*********************************************************************