Black Crawling Systems Archive Release 1.0

home *** CD-ROM | disk | FTP | other *** search

/ Black Crawling Systems Archive Release 1.0 / Black Crawling Systems Archive Release 1.0 (L0pht Heavy Industries, Inc.)(1997).ISO / iirg / phan04.20 < prev next >

Wrap

Text File | 1994-12-27 | 123KB | 2,631 lines

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = = - WELCOME TO THE TWENTIETH ISSUE OF - = = - -=>PHANTASY<=- - = = - A PUBLICATION AND NEWSLETTER OF - = = - THE - = INTERNATIONAL = - INFORMATION - = RETRIEVAL = - GUILD - = = - Hacking,Phreaking,Anarchy,Survivalism,Commentary - = = -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Volume Number Four,Issue Number Twenty Dated 12/03/93 Editor is Mercenary : mercenar@works.UUCP Article Submissions: The Mercenary/IIRG 862 Farmington Avenue Suite 306 Bristol,Ct 06010 IIRG World Headquarters BBS: The Rune Stone 14.4K HST Courier All H/P/A, 3000+ Files (203)-832-8441 NUP: Conspiracy Table of Discontents: [1] Ionizer Saga Ends Reprinted from Computer Underground Digest #5.88 [2] IIRG Response to Elansky Sentencing [3] Individual Responses To Elansky Sentencing Taken From "Rune Stone BBS" [4] Ionizer Legal Fund (Please donate what you can afford) [5] Implementing OPerational SECurity (OPSEC) in your Group By: Mercenary/IIRG [6] Voice Mail Security Notes By: Mercenary/IIRG [7] PumpCon II Busted (Or We Told You So) By: Mercenary/IIRG [8] PHANTASY TIDBITS: News and Views of Interest 1. Cantwell Can't See Use For Clipper Chip Curbs 2. Bells Ring In the New Year 3. Another Connecticut BBS Raided in Operation Longarm [9] Phantasy Magazine U.K. News Compiled By: Phantasm [10] Upcoming Conferences and Conventions 1. DEF CON ][ Initial Announcement 2. 17TH National Computer Security Conference 3. Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness 4. VSI'94 - Presented by the Virus Security Institute 5. European Symposium on Research in Computer Security 6. The Fourth Annual HoHoCon [11] Listing of IIRG Distribution Sites [12] Listing of PHANTASY Distribution Sites -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- OFFICIAL DISCLAIMER... All information in PHANTASY is from USER contributed material The Publishers and Editors of PHANTASY and THE IIRG disclaim any liability from any damages of any type that the reader or user of such information contained within this newsletter may encounter from the use of said information. All files are brought to you for entertainment purposes only! We also assume all information infringes no copyrights and hereby disclaim any liability. PHANTASY is (C) 1990 by The IIRG IIRG and INTERNATIONAL INFORMATION RETRIEVAL GUILD is (C) 1982 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [1]: Ionizer Saga Ends Reprinted from Computer Underground Digest #5.88 Date: Sun, 21 Nov 1993 14:12:31 EST From: Sue D'Onym <sdo@anon.omous.com> Subject: File 1--Michael Elansky ("Ionizer") Sentenced / Saga ends ((MODERATORS' NOTE: The Elansky case has ended. Michael Elansky was sentenced to 28 months in prison, which--with "good time" and credit for time served--should make him eligible for release under Connecticut law in about 10 months. The charges relating to First Amendment issues that bothered many of us were not pursued by the prosecution, perhaps in part because of the incisive and accurate reporting by John Moran of the Hartford Courant. Moran's work established him as one of the rare media reporters whose knowledge of computers and related issues gives them considerable credibility. Thanks to the Connecticut readers who sent over the edited story)). SOURCE: Hartford Courant (Nov. 20, 1993) By: John M. Moran, Courant Staff Writer Michael Elansky's volatile mixture of computers and pyrotechnics backfired Friday when a Superior Court judge sentenced him to 28 months in prison. Judge Thomas P. Miano said Elansky, a 21-year-old West Hartford resident, remains dangerous because he still hasn't curbed his impulse to dabble in explosives. "You've got to accept responsibility for what you do, it's that simple," Miano said. Elansky has been jailed at Hartford Correctional Center since August on charges of illegally maintaining bomb-making instructions on his computer bulletin board. At the time, he also was facing other charges, including conspiracy to commit burglary and two counts of violating his probation. Bail was set at $500,000, which Elansky could not meet. ((The article explains that Elansky pled guilty in October, agreeing to terms that included no more than three years in prison, and that prosecution and defense attorneys have spend the last few weeks debating the final sentence)). In recent weeks, friends and family testified that Elansky was interested in odd topics, but that he was not dangerous or destructive. Prosecution witnesses, however, painted a far different picture of a man they said repeatedly broke the law while experimenting with explosives. In reaching his decision, Miano said he was troubled by evidence that Elansky had lied to police, to the court, to his parents and to others. But Miano also was disturbed at the prospect of sending to prison someone who had the potential to straighten out his life. "I can candidly say... that I have agonized more over this matter than any other matter that I can remember," the judge said. ((The article explains that the judge decided on imprisonment and long probation as necessary for Elansky to "change his ways.")) On both probation violations, Elansky was sentenced to 28 months in prison and probation for five years. Conditions of his probation include the following: * A ban on Elansky allowing anyone under 18 years old to use his computer bulletin board, which was known as "The Ware House." * A ban on Elansky, whose computer nickname is the "Ionizer," placing pyrotechnic information or another other harmful information on his bulletin board. * A requirement that a probation officer have complete freedom to search Elansky's computer system to ensure the requirements have not been violated. * Evaluation by a mental health counselor. * 100 hours of community service for each year on probation. Throughout the sentencing, a pale and thin Elansky stood silently at the defense table. His father, David Elansky, and grandmother, Debra Elansky, sat behind him in the courtroom. "I know you're not happy with it," Miano told Elansky after the sentence was pronounced. "I know you expected to walk out with your parents. No more." The conspiracy to commit burglary charges and the charges relating to bomb-making instructions on the computer bulletin board were not pursued. Elansky will almost certainly get credit for the 3 1/2 months he's already served in jail. In addition, he will be able to apply for parole after he has served half of the prison term. was surprised and disappointed by the sentencing. "It's not going to make him a better person by keeping him in jail," he said. Brown, the defense attorney, said he had asked for a lesser sentence, but respected the judge's treatment of the case. "It was obvious to me that the judge certainly spent a great deal of time on this case, which is all a defendant can really ask for," he said. ((The article concludes by summarizing the disappointment that the parents and defense attorney expressed)). -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [2]: IIRG Response to Elansky Sentencing IIRG RESPONSE TO ELANSKY SENTENCING The sentencing of Michael Elansky to 28 months in prison makes us wonder who will be the next victim of our judicial system. Although we may not agree with Judge Miano's ruling on the alleged probation violations, we can understand the ruling resulted mainly due to Miano's lack of knowledge in the field of telecommunications. The initial charges that were the reason for Mike's arrest were dropped. Given this, we wonder just how he violated his probation. It makes no sense to us, nor to the many people we've consulted. Our main concerns now are the terms of Mike's probation: 1. A ban preventing anyone under 18 years of age to use Elansky's computer bulletin board, The Ware House. This is an interesting idea. How does the Judge propose that Mike enforce this? If a simple statement of age at logon is expected to be enough, then this ruling is essentially unenforceable. A 13 year old child can simply logon as a 35 year old adult. On the other hand, if the Judge expects mail in registrations with a photo-copy of a driver's license from his users, this would defeat the purpose of running the board in the first place, which is to promote free exchange of information and ideas between users under the freedom which anonymity provides. Unfortunately, many systems have been forced to adopt this policy. 2. A ban on Elansky (Ionizer) placing pyrotechnic information or any other "harmful" information on his bulletin board. It would be difficult to cite a more blatant example of First Amendment infringement than the above. "Harmful" is an utterly subjective term entirely open to interpretation. Harmful to whom or to what? And just who would be charged with determining whether or not a particular piece of information is "harmful"? In addition, according to mandate one, there would be no users under the age of 18. Aren't adults entitled to freedom from government censorship, or is this becoming another Red China? Where's the EFF when you need them? 3. A requirement that a probation officer have complete freedom to search Elansky's computer system to ensure the requirements have not been violated. Does this mean Mike must grant sysop access to a probation officer? We personally know of no sysop that would like an untrained, computer illiterate individual rummaging through his BBS. "Big Brother" conspiracy freaks will love this one. We only hope that in future cases, courts will become more educated as to the inner workings of the BBS community. If the current trend continues, we can only see a gross violation of personal privacy in the future. Will the proposed "Information Super-Highway" become a super speed-trap?? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [3]: Individual Responses To Elansky Sentencing Taken From "Rune Stone BBS" ------------------------------------------------------------------------------ Comments From: Beast What in the hell do they define as a "harmful info file"?. I mean if you can find the books these files are taken from in some libraries; how can the judge say he can't have them on the bbs?. Where was this guys lawyer? ----------------------------------------------------------------------------- Comments From: Shades It will be a tough job to get more H/P/A oriented BBS's into Connecticut now.. (203), another state that actively attacks the Constitution.. a state that makes the great EFF quote so fuckin true: BILL OF RIGHTS -- VOID WHERE PROHIBITED BY LAW. ------------------------------------------------------------------------------ Comments From: Nemesis Poor Ionizer. Rather sad actually. I already submitted my personal free speech document so this is sort of just repetitive. The shrinking amount of privacy and personal freedoms we have scares me. We don't live in a democracy...we live in a hipocracy where so called "freedoms" can be stripped from us by those who are supposed to protect them. It'll be a cold day in hell before I let my BBS go down for these little bureaucratic schmucks that think they can stomp all over the first little black lines which our country supposedly is founded on. I hope we can trash these little politicians that think they can get away with blatant 1st amendment violations. I'll see you in hell. ------------------------------------------------------------------------------ Comments From: Mr Shadow This is pure BS, I really don't see how they can do this to Him. I have talked to Mike on a few occasions (I was planing on going to a Rave with him), and we talked about how going totally by the book he was safe. He had help of friends and Supporters of Free Speech everywhere, And still he gets wrongly convicted? Now I bet if the media had bothered to cover the story then he would be free and be making money talking about freedom of expression but since he Isn't a stupid cartoon (Beavis and Butthead) or the biggest pop star (Michael Jackson) then I guess you can't get on the news. All I can say is this is an outrage. TO THE REVOLUTION! And we all must write Congress,and The White House, to do whatever is needed to get these laws changed and fixed..... Mr Shadow ------------------------------------------------------------------------------ Comments From: The Harbinger Of Death First, I must say that I am extremely dismayed to learn of the terms of this sentencing. Michael Elansky's actions in operating a computer bulletin board system do not justify sentencing him to a prison term. Any previous problems with the law as regards to explosives manufacturing or any other crime Elansky allegedly committed should have had no bearing on this case. In this nation, we are supposed to be innocent until proven guilty, and given a fair trial by an impartial judge and jury. Clearly, a trial cannot be fair when one of the prime arguments against the defendant is his past record. Actions must be judged on their own basis, in their own context, without regard for any other criminal proceedings pending against the defendant. Sadly, these seem- ingly obvious points have been missed entirely by the "Superior" Court in which Elansky was tried and convicted, as well as by the counsel for the def- ense. While we can perhaps accept (although not condone) the system's mis- treatment of this case, the failure of the defense attorney to bring into play the highly relevant constitutional issues surrounding this case cannot be excused. It is not, and should not, be illegal to disseminate information of any kind. The fact that there may or may not be laws against dissemination of recipes for explosives is irrelevant; a government which enacts such laws is in itself in violation of the laws of morality and decency. I have just one question about this case: what happened to the EFF? Early reports indic- ated that Elansky's lawyer and/or family was in touch with the EFF, yet it appears that their support never materialized. If I am mistaken about their lack of involvement, please, someone correct me. Now, I'd like to address another issue: > * A ban on Elansky allowing anyone under 18 years old to use > his computer bulletin board, which was known as "The Ware > House." This is blatantly unconstitutional and wrong. The court has neither the right nor rightful authority to restrict the access of minors to any source of information, regardless of the legal status of the source. If anyone can access it, then minors have the right to as well, provided they have obtained the consent of their parent or guardian. This is a serious abridgement of the rights of anyone under the age of 18. Another relevant point is that this would make it virtually impossible for Elansky to operate a BBS, if he is required to enforce this proviso. This, no doubt, was the court's intent in imposing this restriction. And what about states/nations where 18 is not the legal age of consent? If the court's intent was to "protect" minors from "dangerous information," then why did they choose to word it this way? This is another reason why I believe the intent of the court to be sinister. Well, that's enough out of me for now. -The Harbinger of Death ------------------------------------------------------------------------------ Comments From: Moonshadow This is Total Bullshit. 28 months in jail for THAT! What happened with probation? Didn't catch that part, but it stills seems crazy and out of wack. We could tell that the judge has some serious rash on his dick. ----------------------------------------------------------------------------- Comments From: Metalhead 1. Judge Thomas P. Miano has sentenced Mike (Ionizer) to 28 months in Prison. ??? Puh-leze! What did his lawyer do...sit there the whole trial? 2. His BBS must not carry any Anarchy or harmful Information files. Then the idiots had better shut down ALL the public libraries in the country. 3. Evaluation by a Mental Health counselor? THIS is the best one...whose gonna evaluate the judge? 4. GOD, Its great to live in a Free and Democratic Country?? Here? We living in the same country? ME->Yeah....Right.... ME->Mercenary - Totally Disgusted Metal - aboveness... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [4]: The Ionizer Legal Fund ////// ////// /////// //////// // // // // // // // /////// // //// // // // // // // ////// * ////// * // // * ///////// * The International Information Retrieval Guild's Ionizer Legal Fund As many of you may already be aware, Ionizer, an IIRG Site Sysop, was arrested by the West Hartford, Connecticut Police Department. Even though Mike has been sentenced to 28 months in prison, he has still amassed a quite substantial legal bill. We would ask Phantasy readers to donate whatever they can afford to alleviate the financial burden from his family. All funds collected will be used to pay for Mike's legal bill and no other purpose. Mike's legal fees have amassed to over $15,000 Dollars and we know his family needs all the help they can get. Send Whatever you can to: The Ionizer Legal Fund C/O David Elansky 25 Maiden Lane West Hartford,Connecticut 06117 Make Checks or Money Orders Payable to Michael Elansky (Ionizer) This way we are assured all money goes directly to his legal fund. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [5]: Implementing OPerational SECurity (OPSEC) in your Group By Mercenary/IIRG The ability of a Hacking group to gather and collect information is crucial to its survival. In many instances, if proper Operational Security (OPSEC) had been practiced, it would have saved many individuals from lengthy jail terms or embarrassing investigations. Many classic examples exist of hacking groups getting careless and getting caught for what could have been easily avoided situations. The following is a true story, and a perfect example of what we mean: In early August of 1992 the IIRG was provided with a newsletter of a large company's computer security division. In this newsletter appeared a story on someone's attempts to break into the company's PBX (Private Branch Exchange) telephone system. It appears that the company regularly received a computer tape of callers to its 800 telephone number from its service provider. During the previous month, the company had detected over 7000 attempts from New York City to break into the PBX. The newsletter continues on to describe how the company notified its service provider of the caller's numbers and how they learned that these four individuals were already under surveillance by the Secret Service and how the company's complaint would be added to the list of charges already being compiled against them. As we can see from the story above, had this group of individuals had an effective OPSEC network in place they would have learned of the investigation building against them and the fact that this company was wise to their activities. We can only assume that these individuals had no OPSEC at all, or if they did, it was not properly implemented. They made many mistakes common to groups who do not practice OPSEC and this article will hopefully get you or you group to start practicing some. To start proper OPSEC we would advise you to have your group operate in specialized "Cells". Each cell should have a specialty and operate only in those areas that its been assigned to. Cell members should only operate and affiliate with members of their own cell. In this way you will not compromise the security of your other cells. A good way for a computer group to break down into cells would be to assign specialties in the following manner: 1. Information Cell - responsible for all information analysis and dissemination. Responsibilities should include distribution of vital information to other cells. 2. Operations Cell - the workhorse of your organization, it functions to supply the information cell and to carry out operations designated by the command cell. 3. Command Cell - responsible for decisions regarding operations and all cells answer to them. This is a very basic break-down and can be expanded by your organization to fit your specific needs. Each cell should have a designated leader, and only this leader should know how to contact the command cell. Once you have broken down your group into its appropriate cells, you will need to secure communications between them. This can be accomplished in many ways utilizing off the board programs and off the shelf hardware. Since we assume about 50% of your communications will be conducted through electronic mail (E-mail) on bulletin boards or via networks, your group will need some way to encrypt its e-mail. The most common of these programs is PGP (Pretty Good Privacy), a public key encryption system. This is a good program and requires very little know-how to get up and running. The only drawbacks to this program are that everyone is using it and its author is currently being harassed by the government. Another lesser known program is VINCRYPT which is more popular on the "underground" circuit then PGP and offers a wide variety of encryption methods to its users. This program will require you to use a pre-arranged cipher method which I will explain shortly. Choosing between these two programs is mainly a personal choice, but we would advise using VINCRYPT for truly secure interaction between your cells. Now that you know how to secure your e-mail, you will want to secure your complete files and programs that may be distributed between site boards and cell members. Most inexperienced users will start protecting their files by using the (Scramble with Password Option) -s , in PKZIP. We would strongly urge you to stop this practice if it's what you're using now and switch to one of the methods we will discuss shortly. Files protected with PKZIP are easily crackable and many "Brute Force" Zip hackers are in circulation. The process of cracking a scrambled zip file may take some time, but it can be eventually hacked by anyone with a machine to dedicate to the task. Another reason to stop this practice is that even though the file may be password protected, a person can see the zip files contents by using the -v switch. Only use PKZIP if there's no other option available or the files are really not that important. (This does however make for good disinformation. By releasing an encrypted ZIP file with bogus info in its contents, your rivals will be kept busy for hours) There are many good encryption methods on the boards already and we would urge you to use one of the following. They are much more secure and will hide the contents of all your files. VINCRYPT - Besides protecting E-mail, it does a great job on other files MUTATi0N - A very good encryption Program by Prof. Falken SECURECRYPT - Another good choice. This one by Doc Dissector These are all about equal in their ease of use and security. Remember, the weakest link in any of the above mentioned security methods is your choice of keyword/password. The FBI and Secret Service both use Brute Force hacking methods on encrypted files and use extensive English language dictionary libraries to attempt to crack encrypted files. As we've stated before, the only thing that can possibly defeat your files' and messages' encryption method is your choice of password or keyword as the case may be. We'd suggest mapping out several months worth of password assignments for each individual cell of your organization. The passwords should be assigned in a manner that will insure they follow no sequential order. What follows is an example of a 10 day password assignment for a 10-digit password DAY 1 - tYoQ1&6!(n DAY 2 - 7&#gW5h%pO DAY 3 - =8BxS$@2F2 DAY 4 - ?wX*372Hl9 DAY 5 - B6$(JR1Le0 DAY 6 - ;2u<"e8F91 DAY 7 - K@$,kF36s3 DAY 8 - T%dTO6$ViR DAY 9 - +47%!kzJ59 DAY 10 - #1bAq$15aY The basic premise would be to assign each password to a day of the month. Members of the cell would assign the password to the date of the file. If DAY 1's password was assigned to the first of June 1993, any file transmitted from the cell with the date 01-JUN-93 would be encrypted with that password. If multiple files are sent, make sure to assign new dates to the files and use the corresponding password. (NEVER USE THE SAME PASSWORD FOR MULTIPLE FILES!!) Be original. The table above is only shown as an example. Use the extended ALT characters available to you, use the maximum password length available, and never use the same password again. The FBI and Secret Service expect you to use simple English word passwords and they count on your security ignorance. Password file lists should be assigned to members in an encrypted file. Never print out the list or even write down a password. As a file needs to be encrypted, de-encrypt the master list, memorize the password needed, and then re-encrypt the master list. Be sure to use a program that does not leave a chance of unerasing the temporary file. If a member is caught or detained, immediately change all password assignments and re-encrypt any files in transit. Security should become a daily part of your life like going to the bathroom. Only your own ignorance will get you into hot water. Many lessons in file protection can be learned from watching previous incidents. When the Secret Service searched Steve Jackson Games confiscated computer systems, they employed Norton Utilities. They simply used Norton Utilities to search the hard drives for keywords. If you properly encrypt your system, this technique is rendered useless. OK, your group is well organized and your communications and file distribution is secure, what next? Your information cell should obtain a mail-drop. Never use a Post Office Box. They may be cheaper, but they are much easier for individuals to investigate. Preferably your group should obtain a mail drop that will identify you only as a number. Most of these agencies can be pre-paid for months in advance and will not ask questions when you pay for 1 full year. This may cost your group between $100 to $200 dollars, but hell, whoever said security was cheap? Your information cell should then obtain subscriptions to all the common computer security or trade papers, and also obtain information from manufacturers of security devices. Remember, knowledge is power and in the coming information age, those with the knowledge will be in power. We would suggest obtaining subscriptions to such trade papers as "Info Security News" and the "MIS catalog" for starters. From there you can obtain further information on other trade papers, seminars, and security manufacturers. Have your information cell scan newspapers, magazines, and the net. Do your cell members have relatives that work for large companies? Utilize their knowledge and perhaps ask them if they have any company newsletters you could look at. People love to discuss themselves and their work and like it when young people "take an interest". Getting back to communications, "always assume your phone line is insecure". With the ever present threat of "The New World Order", you may never know who may be listening. To utilize the phone properly, never do anything pertaining to your "activities" on your home phone. Use pay phones for your communications with other cell members. Map out the local area around your home and note all pay-phone telephone locations and numbers on your map. Check to see if the phone can receive incoming calls. If it can, its useful for this purpose. Assign each pay phone a code-name or number and make sure the other members of your cell know these phones and locations. Only do this for members of your cell that require voice-to-voice contact. Remember, everything is on a need to know basis. You may then utilize these phones for contacting each other. Here is an example of what we mean: Phone ALPHA - Next to 7-11 - (666)222-1111 Phone BETA - Next to Package Store - (666)222-2222 Phone COKE - Inside Phil's Cafe - (666)-222-3333 Say I need to speak voice to CELL MEMBER SIX on December 1ST. I would leave him an encrypted e-mail message with the following information. He would have already been given a list of the phones code names and numbers: SIX CALL ALPHA DEC ONE 8 PM He would then know to call me at (666)-222-1111 on December 1ST at 8 PM. In an emergency situation you may need to contact cell members or your command cell at home. If this ever occurs we would suggest your group use the following technique. Arrange a Collect Call Code with your members ahead of time by giving certain situations names of individuals. Here is an example of how this would work: NAME SITUATION --------------------------------------------------------------------------- Bill Thompson I've been detained, destroy current codes Tom Peters Please contact me voice, Urgent! Fred Johnson Mission Completed To utilize this code you would dial the operator and place a collect call to your cell member or command cell using the appropriate name for the situation. The operator would then ask the member or cell if they would accept a collect call from this individual. Do not accept the call. In this way you save yourself the cost of the call and have received your message. This is a good way to pass urgent messages between members and save your group money as well. Like always, all names and situations should never be written down and should be kept encrypted on your system. If you really feel the need to discuss activities on your home phone then utilize a Substitution Cipher to discuss them. Assign code words for each activity your group may be involved in. I would suggest using an area you are well versed in, but any hobby could be used. Here is my example: CODE WORD TOPIC ---------------------------------------- HUNTING HACKING DEER VAX RACCOON IBM SYSTEM SPOOKED TRIED DEFAULTS RAN SECURITY WOODS SYSTEM OPERATOR EXAMPLE CODE PHRASE: "I went hunting last night and saw a deer and a couple of raccoons. The deer was spooked and ran into the woods." DECIPHERED CODE PHRASE: "I was hacking last night and came across a VAX and 2 IBM Systems. I tried the default passwords on the VAX, but I think the system's security notified the system operator" This is just a simple example and a real Substitution Cipher can contain thousands of words. The only limitation is how long you want to spend creating it. If an outside party is listening to your conversation, it will sound like a nice discussion of a hobby. Do not use the same cipher for a prolonged period of time. Or just create 3 or 4 at once and then switch amongst them. Once again I'd remind you to keep the Substitution Cipher encrypted on your system and NOT to print it out. The last area I'd like to discuss is Physical Security. I know that many of you out there practice almost no Physical Security. If you leave files wide open and notes everywhere, you only have yourself to blame. We're also sure that your fellow group members will be quite upset also. It is the responsibility of the command cell to make sure all cell leaders get their members to install proper physical security. Lets review some of your Physical Security options that are available : A. BIOS Password Protection Feature If your using this, you'll only keep your family members off your system. All that's needed to bypass this is disconnecting the CMOS battery and draining the CMOS capacitor. [See Section C on screw types] B. PC-LOCK and similar style programs. Even though this stops individuals from accessing the C drive by booting from a bootable floppy. This is easily bypassed by booting from the floppy and utilizing Norton's Diskedit program. By renaming the CONFIG.SYS and AUTOEXEC.BAT to something else it will bypass the password entry. Diskedit will not recognize the C drive as a logical disk but it can access the drive as a physical disk. C. Password Security Boards There are several styles of these cards available. Most of the cards that are available to the computer community at large are useless. They are easily bypassed by removing the card from the system. This can be made a more complicated undertaking by using security head screws. The IIRG would suggest that all your cells obtain security head screws for their systems regardless of what style password protection your group may use. Stay away from simple screw styles such as Allen Hex or Torx. The two best styles we'd suggest using are Tri-Wing or Scrulox. Of course these can be drilled out, or the individual trying to get into your system may have the proper tool. But why make life any easier? D. Encrypted Partitions Probably the best method that's affordable to the "Hacker on a Budget". Just pick your program carefully and do not use any encryption method that utilizes DES. There are many good programs available on the boards that you may pick and review. Rumors have circulated for years that the NSA has a backdoor into DES. Another rumor that's circulated is an Israeli Mathematician has cracked DES also. E. Keyboard Locks Standard keyboard locks are useless and even most hackers have a master set. Replacing your keyboard lock with an after market electronic key-lock isn't a bad idea. Just make sure you also install your Tri-wing or Scrulox security head screws when you replace it. Otherwise bypassing it is a simple matter of removing the lock wires. This will not stop anyone with any real lock-picking ability but will stop casual snoops. Many computer vendors sell an after market external keyboard lock that combines with our next topic, Adhesive Lock Kits. This unit's lock is so easy to pick that it's not even worth mentioning. F. Adhesive Lock Kits These kits are useless to the hacker, one pair of bolt cutters and you can kiss the cable good-bye. The Sesame combination lock provided with these kits is a joke. Be sure to replace it if you do use Lock Kits. If you use any padlock with a serial number, be sure to remove the number with a file or Dremel tool and have all cell members do likewise. G. Disk Drive Locks Disk drive locks come in two styles. 1. Insertable drive locks are inserted into the floppy drive and then locked. These are easily picked and many vendors such as Inmac sell master keys. 2. Adhesive drive locks attach to the drive edge with a high impact glue. When the key is turned a tab blocks access to the disk door. these are also easily pickable. Or the tab may be cut off with a Dremel tool. Of these two types the insertable is the more secure. If your cell members use these locks, remember to remove the serial numbers. H. Outside Monitoring Security Agencies Do any members of your cell own a business or have a home security system? You may use an outside monitoring security agency or home alarm system and you feel secure that your home or business is guarded 24 hours a day. WRONG!! You are quite vulnerable to the hacker or investigator with a little security system knowledge and a sense of adventure. Most homes still use a wall mounted or wall flush mount key-pad entry system. Since most of the systems out there are older units, Investigators have devised many quick access methods which will still work today. From the time of tripping an entry alarm, the investigator has roughly 30 seconds to code into the entry keypad. He will have already done a preliminary check of your home or business and located your key-pad and which model it is. He will most likely have contacted the manufacturer and obtained all service manuals and owner manuals for your particular model and have read them completely or will already have had them in his library. To bypass an older key-pad entry unit, all someone will most likely need is the following easily obtainable tools or their equivalents, 1. Utility Knife (With Sturdy Blade) 2. Rechargeable Cordless Screwdriver (With Regular and Philips Head Bits) STEP 1: The investigator will bypass the key-pad by first popping off the plastic cover or faceplate of your unit. This is usually held on by four plastic release tabs. He will remove the cover by inserting the utility knife's blade between the base and cover and will quickly pop the seal. Occasionally there will be two screws holding the cover to the base. The investigator will unscrew these with the proper bit and pull off your cover. STEP 2: The investigator will identify your 4 Digit entry code. Most older units use 4 rows of jumpers for the code. These will look like this when he has removed your unit's faceplate. 1 o o o o o o o o 2 o o o o o--o o o 3 o o o o o o o o 4 o o o o o o o o 5 o--o o o o o o o 6 o o o o o o o o 7 o o o--o o o o o 8 o o o o o o o o 9 o o o o o o o--o 0 o o o o o o o o In our above example, the entry code would be 5729 and as you can see, this system is extremely easy to figure out. And that's all there is to it. As a matter of fact, some security companies label the pins exactly as we have in our example above. STEP 3: He will then figure out the Two-Digit Identifier Every authorized user of your security system is given their own two digit personal identifier, and this is about the only thing that could stop a would be snoop from gaining entry past your over-priced security system. Luckily for the snoop at large, and unluckily for you, the security companies are very lapse in this matter and continue to use the same old outdated identifiers for certain personnel. Since the two digit code can only be from 00 to 99, here are the usual security assignments used as defaults: 00 - NOT USED - ALARM RESET/TEST CODE 75 - Used if Company Has Outside Cleaning Service 90 thru 99 - Used for Temporary People or Visitors The security company almost never uses 10,20,30,40,50,60,70, or 80 This gives the investigator an early advantage in figuring out a valid identifier to bypass your system. He will have researched if you use an outside cleaning company or if your business uses temporary people The investigator may pose as an individual looking for employment, or may contact local Temp Companies and find out if you use their services. The options to the investigator are left only to his own skills. Newer digital keypads are immune to this method, however, there are currently several good books out on bypassing the digital system. We'd suggest if you have this type of system that you purchase the book and fortify your system's weaknesses. If you are being investigated by Law Enforcement, your security system is useless. The security company will grant them free access with a warrant and they are not obligated to inform you. There are many more physical security devices your group can employ. The above list is just a guideline to show you the strengths and faults of different methods. Your command cell should implement whatever hardware security they feel is needed. All cell members should recognize the fact that security is of the utmost importance. Notebooks and written materials should be placed in locked fire-safes when not in use. All written materials should be kept at a minimum. All back-up files should be kept encrypted on floppy disks. If you have a tape back-up, Bernoulli Box, or optical disk, so much the better. The back-ups can then be kept in your fire safe or locked file-cabinet. If you purchase a standard file cabinet, replace the locks with better quality tumblers or install security hinges with padlocks. (Remember to remove those serial numbers!) This article is not a complete security guide. But it should get your group started on Operational Security (OPSEC). -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [6] Voice Mail Security Notes By: Mercenary/IIRG VOICE MAIL SECURITY NOTES The IIRG has recently received numerous requests from individuals who either own small businesses with Voice Mail systems or have them for their computer club or group. Security begins with your users. Voice Mail Systems have the security features to make your mailboxes secure. Make use of them. Voice Mail Systems are a challenge for "hackers", which we define as technically sophisticated people who single-mindedly devote time, energy and expertise to penetrating systems for the sheer technical challenge of it. True "hackers" should not be confused with "crackers", which we define as semi-intelligent juvenile delinquents out for personal gain or mischief. Hackers are usually not a problem. They will attempt to access your system, and if successful, will usually leave unnoticed. Crackers however will usually do things like sending unpleasant messages to other users, change user passwords, or use your system for illegal activities. Please remember, your user's passwords are the heart of your Voice Mail system. 1. System Operators should immediately change the initial system password upon establishing your system. Never use pre-set defaults. 2. Passwords should be a minimum length of 6 characters, but most truly secure systems use passwords up to 24 characters. 3. Passwords should contain no personal or obvious associations with the user. (Do NOT allow users to use: telephone extensions, their name, birthdays, or social security number, etc.) 4. Have your users change passwords frequently. Every 30 days is our personal recommendation. 5. Lock out user mailboxes after 3 unsuccessful password attempts. By following the precautions we've listed above, you will minimize the risk of unauthorized access to your Voice Mail System. But please remember, security is your responsibility to enforce. One lapse can cost your group or business months of work. Take the time to ensure your security, you'll be glad you did in the long run. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [7]: PumpCon II Busted (Or We Told You So) By: Mercenary/IIRG In Phantasy Issue 19, St. Anarchy warned our readers of the known plans by Philadelphia Police to monitor the upcoming "PumpCon II". Well it appears that some hapless individuals didn't heed our warning and paid the price. Here's the details that were relayed to us. 1. Apparently someone took it upon themselves to sell payphones for 75 bucks (brand new in the box) to some of the conference attendees. It then seems that one of the phone buyers decided to take his new found phone up to the PumpCon conference room and show it off. On the way back to his friend's car with the phone, the police arrested him. The Police then searched the car and found a small quantity of pot, arrested the car's owner, and had the car impounded. 2. The police then paid a visit to the PumpCon conference room and started questioning the attendees. Apparently Ixom Codex took exception to this, and began yelling at the chief of police over the telephone. The police chief told him that maybe he would like to come downtown and go over his complaints. It seems Ixom decided this would not be necessary. 3. The following morning, the Pennsylvania State Police Computer Crime Division was seen going into the conference room and removing evidence. Apparently they had been staking out the conference from the room next door and had listened in on everything said. Rumor has it they also have "PumpCon II - The Video" among their souvenirs. You Can Lead A Horse To Water, But You Can't Make Him Drink... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [8]: PHANTASY TIDBITS: News and Views of Interest Cantwell Can't See Use For Clipper Chip Curbs While the Clinton administration and the National Security Agency are trying to impose the new,tougher Clipper "trapdoor" communications security chip on the industry, one congresswomen wants to liberalize the use of commercial data-encryption devices. The administration's proposal would bar exports of any encrypted data gear, including computers, except those equipped with the proposed Clipper chip, which allows U.S. law enforcement agencies, under court order, to unlock the code for wire tapping. But Rep Maria Cantwell, D-Wash., disagrees. The bill she just introduced would significantly relax export curbs on commercial encryption products where the security codes are widely available on the open market. Cantwell said it makes no sense to bar computer exports using encryption algorithms that are widely disseminated via electronic information services, such as Internet. -J.R (Electronic Buyers' News) ---------------------------------------------------------------------------- Bells Ring In The New Year Two congressional adversaries on the issue of lifting restrictions on regional Bell operating companys -- Rep. Jack Brooks, D-Texas and Rep. Edward J. Markey, D-Mass. -- have struck a compromise to jointly sponsor a bill that would remove many of the RBOC shackles. The proposed legislation would allow local telephone companies to enter the long-distance market, and would also lift prohibitions against those companies manufacturing equipment. -J.R (Electronic Buyers' News) ---------------------------------------------------------------------------- Another Connecticut BBS Raided in Operation Longarm On Thursday November 11th the "Sanctuary BBS" in Bristol Connecticut was raided by the US Customs Service. The raid was part of the Customs Service's "Operation Longarm", an ongoing investigation into child pornography GIFS. The Sanctuary BBS which was at (203)-589-1570, was operated by Stephen E. Rioux at 25 Lawndale Avenue in Bristol. Apparently US Customs Agents and Postal Inspectors were involved in the raid and the BBS is now in the hands of Federal Authorities. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [9]: Phantasy Magazine U.K. News Compiled By: Phantasm %&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^% P H A N T A S Y M A G A Z I N E U. K. N E W S [Issue 1] September-October-November 1993 Transcribed and Compiled by PHANTASM [+44] UnAuThOrIsEd AcCeSs Uk +44(0)636-708063 Online 10.00pm-7.00am GMT Britains largest computer underground bulletin board system Established 1990 2,ooo+ h/p/a/c/v files online uabbs@works.uucp %&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^%&^% The Daily Mirror, September 23rd, 1993 "Secrets of computer porn kids" COMPUTER smart children are keying in to kinky sex films - without parents having a clue what is going on behind bedroom doors. More than 750 disks have been siezed by police investigating a playground trade in porn. The tapes, showing graphic pictures of sex acts, have been changing hands for as little as 10 pounds at schools in the Luton and Dunstable area. Vice squad detectives trying to trace the source of the porn have uncovered a huge market among computer buffs. And many youngsters who switch on to sex instead of homework can easily fool parents who do not understand computers. ---------------------------------------------------------------------------- The Daily Mirror, September 28th, 1993 "Bank Kid on 30 million pound theft bid charge" By Don Mackay and Ramsay Smith A YOUNG bank worker has been charged with trying to steal more than 30 million pounds from NatWest. Jeffrey Lennon, 22, is accused of being part of a plot to salt away the cash in a Swiss bank account. He is said to have programmed his computer to make a payment of 70 million Swiss francs to an account in Lugano. Police believe he used the secret computer password of an unsuspecting colleague to send it. The money reached Switzerland - but the bank there called NatWest to check the payment. NatWest held an internal investigation, then alerted police. The money was recovered from Switzerland. Lennon of Forest Gate, East London, was arrested at his Pentonville Road office and charged with conspiracy to steal. He was bailed to appear in court next month. Police are now trying to trace the man in whose name the Swiss account was opened. ---------------------------------------------------------------------------- The Daily Mirror, September 28th, 1993 "Student counterfeiter faces jail" ALASTAIR Johnson, 23, an Exeter University student, faces jail in Japan for counterfeiting bank notes. Police say he used a colour copying machine to make the notes. ---------------------------------------------------------------------------- The Daily Mirror, October 13th, 1993 "Shares in virtual reality become a reality" BECOMING a millionaire is a virtual reality for games boss Jon Waldern. His firm, Virtuality - the world's biggest maker of virtual reality arcade games - will be valued at more than 44 million pounds in a share flotation next Tuesday. Jon's 11 per cent stake will be worth a cool 5 million pounds. The firm is set to rival Japanese games giant, Nintendo, as new technology is available to develop a smaller version which can be played at home. ---------------------------------------------------------------------------- The Daily Telegraph, October 16th, 1993 "Minature spy camera to catch phone box thieves" By Neil Darbyshire Crime Correspondent TINY microchip cameras are to be installed in public telephone kiosks by British Telecom to try to stem theft and vandalism, which cost the company 19 million pounds last year. Measuring only a quarter of an inch square, it is activated by a sensor when anyone tries to tamper with a payphone cash box and takes four photographs of the thief at one second intervals. Images are converted into an electronic pulse and transmitted instantaneously by modem to a 24-hour central monitoring station in Manchester, where they can be viewed on a screen. Once operators are satisfied that a theft or vandalism is in progress, they can hit a button to alert the nearest police station. Preliminary trials in south Wales have shown good results and a further pilot scheme is to begin soon at 50 test payphone sites in the Thames Valley. In addition to the minature "TVX" cameras, some kiosks will also be fitted with microphones, enabling operators at the monitoring station to hear, as well as see incidents. One benefit of the system is that it should eliminate false alarms and make sure police are not called out unnecessarily. Mr Roy Carter, spokesman for Modern Security Systems, which developed the system, said the camera's hidden location in the kiosk would vary and would be virtually undetectable to the thief or vandal. "The chip is so small that it can be completely concealed and needs only a hole of about an eight of an inch to view through." BT Payphones are also testing a range of other kiosk alarm systems, all activated by vibration sensors. One shouts a recorded message to vandals, warning them that the police are on their way. ---------------------------------------------------------------------------- The Daily Telegraph, October 18th, 1993 "New credit card fraud combat system" A FINGERPRINT system that could be used to combat credit card fraud has been developed by EDS. It uses neural network technology to help match prints and is said to have a false rejection rate "close to zero". ---------------------------------------------------------------------------- The Daily Telegraph, October 18th, 1993 "Virtual Real Estate" VIRTUAL reality technology from Division is being used to show prospective purchasers houses that have not yet been built at a planned housing development in Holland. ---------------------------------------------------------------------------- The Daily Telegraph, October 18th, 1993 "Sex with electronic effects" A LONDON club will host Britain's first celebration of "cyber" culture next month, when the worlds of art, music, fashion and technology will be represented. Visitors to the two-day "cyberfestival" on November 12-14 will be able to take part in special effects workshops, play electronic games, see the latest in computer art and try out "cybersex" - which requires only one person and a room-full of electronics. "Cyberspace" was originally coined to describe the electronic world inhabited by computer hackers - cyberpunks - popularised in the novels of science fiction writer William Gibson. The "cyber" tag is now being adopted to describe futuristic music, film and fashion. Brian Davis, a promoter of the event, described it as "the first total cyber festival". It will include "18 robots wandering around - one 20 feet tall - bands playing futuristic material and a cyber fashion show", he said. ---------------------------------------------------------------------------- The Daily Telegraph, October 18th, 1993 "Cable outcry after BT gets video go-ahead" By Roland Gribben THE Government and the cable television industry were on a collision course yesterday over British Telecom's new found freedom to launch a video-on-demand service through its telephone cables. Cable television companies are ready to mount a legal challenge to the move by the Independent Television Commission to relax current restrictions on the company. Richard Woollam, director general of the Cable Television Association, called on the Government to review policy and said the freedom given to BT would upset investor confidence in the cable industry. He claimed at the opening of the European Cable Communication '93 exhibition in London that the move cut across the Government's 1991 review which said BT would be barred from offering entertainment services for 10 years. Cable companies are banking on video services providing a considerable boost to their business. Patrick McLoughlin, trade and technology minister, who opened the event, said he would listen to representations from cable companies, but did not hold out much hope of intervening to overturn the decision. He said that while cable would eventually serve two-thirds of the country, a third would remain uncovered and would not be covered by video-on-demand services. The commission consulted the Trade and Industry Department and the office of Telecommunications, the BT regulatory body, before ruling that BT would not need a special licence to offer a video service. BT has already been involved in trial demonstrations and is in discussion with a number of companies about offering a service that would allow telephone subscribers to select videos and pay for watching them. ---------------------------------------------------------------------------- The Daily Telegraph, October 18th, 1993 "Virtual Reality dating service in London" A VIRTUAL reality dating service called CyberSpace is being set up by a London-based computer programmer. Participants fill in a standard questionnaire about themselves and a potential partner, and the information is used to create computer characters that interact in a program in which the more compatible naturally group together. The participants whose computer characters got on well will then be invited to meet. Data on the meetings will be fed back into the computer to develop rules on compatible personalities. Mr Peter Small, who is developing the service, said he hoped to launch it next month. ---------------------------------------------------------------------------- The Daily Telegraph, October 19th, 1993 "Making a virtue out of reality" TODAY it is the real thing for Virtuality. The company which specialises in "virtual reality" entertainment systems makes its market debut this morning, having raced to success in six years. The man in the cockpit is 33-year-old academic Jon Waldern. He invented the world's first virtual reality work-station in 1984 while doing a research scholarship. Spotting the rapid growth of the video games market, he set up his own business in 1987, selling specialist VR systems. The products are now sold to more than 20 countries, and it is the world leader in its market. Turnover of the Leicester-based company jumped more than 200 per cent last year, to 5.25 million pounds. Profits were 214,000 pounds. The placing today is expected to value Virtuality at 44 million pounds and Waldern has a 10 per cent stake. Founder: Jon Waldern Qualifications: PhD Employs: 70 Started with: 10,000 pounds Now Worth: 5 million pounds ---------------------------------------------------------------------------- Newsbytes, October 20th, 1993 "Cellnet Says Mobile Phone Use Growing" Based on information supplied by Cellnet, there is still a fast growing interest in mobile phones. Sales are increasing and, Cellnet claims, the network's growth is higher than ever before in the history of the cellular phone industry. In September of this year, around 37,500 people decided to subscribe to Cellnet. The total number of connections to Cellnet was 63,000 during the third quarter of 1993. Cellnet claims that these figures show an increasing demand for mobile phones. Despite the fact that Cellnet has been lagging behind its main competitor, Vodafone, in recent years, the company claims that it is clawing back its market share. Cellnet now claims it has more than 776,000 subscribers on its network -- an increase of more than 200,000 on those on-line a year ago. .More.. Cellnet says it has achieved this remarkable increase in subscribers by offering a strategy that combines business sense with care for customers. Recently, the company has cut prices on all its tariff and introduced a new phone tariff for London. Despite this surge in sales, Cellnet maintains it is not resting on its laurels. The company has just announced the largest marketing campaign in its history to back its services, and forecasts that it will continue to outstrip Vodafone in the number of subscribers it signs up over the next year. (Sylvia Dennis/19931020/Press & Public Contact: Cellnet, +44-753-504814) ---------------------------------------------------------------------------- The Daily Mirror, October 30th, 1993 "Tune into videos... by phone" VIEWERS will soon be able to call up a video from BBC's massive library - by phone. The Beeb is already involved in tests with British Telecom. The pay-as-you-view technology is still being developed in the United States, but BT is starting trials next year in Essex. Selected households will be offered a cheaper version of cable TV. If the technology works, the BBC could earn considerable income from its library of films and series. ---------------------------------------------------------------------------- The Sunday Mirror, October 31st, 1993 "Rivals dip BT profits below 1 billion pound mark" By Mike Edwards RIVAL phone firms may have forced down British Telecom's profits to below the 1 billion pound level. But that means the privatised company is still making between 60 and 70 pounds a SECOND. BT's half-year profit figures, to be announced on Thursday, are expected to highlight the effects of fierce competition. Tougher price controls and the recession have also taken the shine off BT's balance sheet. A formula limiting BT price increases to inflation minus 7.5 percent, introduced in August, is estimated to have whipped out up to 500 million pounds profit. On top of that is the cost of sackings - 30,000 staff are due to be axed by the end of next year. BT has also lost two government contracts to arch-rival Mercury. One is to manage the Government's long distance communications network, the other is with the National Health Service. Now BT hopes to make money from cable television. Trials begin in Essex next year, where 60 homes will be able to select video programmes through their phone lines. The scheme will be extended to 25,000 more homes before being introduced nationally. BT expects to make up to 600 million pounds from the service by the year 2000. ---------------------------------------------------------------------------- The Daily Mirror, November 2nd, 1993 "Phone prices slashed" BRITISH Telecom is cutting the price of a three minute phone call from 25p to 10p from December the 4th. A weekend 10 minute call will drop from 79p to 39p. The move follows rival Mercury's offer of free calls for mobile phones. ---------------------------------------------------------------------------- Unauthorised Access BBS, November 4th, 1993 "British Telecom test Call Return/Caller ID" British Telecom are about to test Call Return among 40,000 phone subscribers in Perth. Call return simply tells subscribers the number of their last caller and whether the phone was answered or not. It works by entering a code on the telephone which activates an automatic voice at the exchange giving details of the last number. A second code will automatically get the exchange to ring the number back. BT plans to introduce Call Return nationwide in 1994, together with Caller Display, which is basically the same as Caller ID in the United States. ---------------------------------------------------------------------------- Computer Weekly, November 4th, 1993 "Ex-Oracle man found with fingers in till" An ex-Oracle developer who now works for a rival firm, is facing charges from his former employer after he was caught stealing Oracle products and trade secrets. Wilson Brumiller left Oracle in June 1993 to work at Sybase subsidiary Gain Technology. He was arrested at Oracle's US headquarters on September 24 after arousing the suspicions of an Oracle employee. The employee followed Brumiller to the staff coffee room where he was caught trying to hide a disk drive. The Oracle employee recognised Brumiller as being the man who had earlier been seen on the premises shortly before a PC was reported missing. A search of Brumiller's home uncovered PCs, disk drives, memory boards, software and other Oracle property. Oracle design documents, marketing plans and source code for Oracle Toolkit were also found. A similar product is said to be under development by Sybase. The disk drive with which Brumiller was caught contained a full installation of Oracle database products for the Sun Sparc, said an Oracle spokeswoman. Oracle has obtained a preliminary injunction preventing Brumiller from selling or using any Oracle confidential information in the future. Sybase and Gain have also been served with subpoenas demanding information about use of Oracle code or information taken by Brumiller. Brumiller's office at Gain Technology has been searched, but no Oracle products or data were found, said Oracle. ---------------------------------------------------------------------------- Newsbytes, November 4th, 1993 "Cleveland Police Use RAM Mobile Data" The Cleveland police force claims that it has dramatically reduced its response times by implementing wireless data communication technology from RAM Mobile Data and S-Com Computer Systems Engineers. According to the police, the mobile data system allows for much faster turnarounds of requests for assistance from members of the public than the original voice system. The radio signals also cannot be "listened in" by crooks, which Cleveland police say means that catching criminals in the act is now a much more likely occurrence. The system is currently being used by a fifth of the police force's vehicles, with plans in place to extend the technology to the entire fleet in the near future. The system works by transmitting information on the nature and location of the incident from the police force's command and control center to terminals located in police vehicles. As an incident is reported, so the operator at the control center keys the information into the command and control computer system and then assigns it to an officer by touching a button. The data is then transmitted over the RAM network to the terminal in the car, where messages can be acknowledged by the officers concerned with a few key depressions. Using this method of communication means that the control center is able to keep much closer tabs on what jobs are being handled by whom. "Speed of response is absolutely vital in police work and can often make the difference between catching the perpetrators at the scene of the crime and being moments late," explained Andy Lombard, head of information technology (IT) with the Cleveland police force. "Not only is this technology faster, its security features also mean that there is no chance of messages being intercepted, increasing the element of surprise." .More.. John Jarvis, CEO with RAM Mobile Data said that he is very pleased that such a high profile customer has endorsed the RAM network. "In addition to any benefits of this system, it is also a building block for a number of other applications. The next step is to add on an automatic vehicle location (AVL) system enabling operators to track the exact location of each vehicle at all times," he said. According to Jarvis, the next stage will be to link into centralized information systems, giving access to databases such as the Police National Computer, the Electoral Register and the Driver and Vehicle Licensing Center. "This could bring enormous benefits to policemen on the move, such as the ability to check the validity of driving licenses in a matter of seconds," he said. ---------------------------------------------------------------------------- The Daily Telegraph, November 11th, 1993 "Computer virus hits Sizewell B nuclear power station" A computer virus called Yankee has infected computers used for administration at the Sizewell B nuclear power station in Suffolk, Nuclear Electric said yesterday. The virus was discovered when a computer on the network played Yankee Doodle Dandy. It has not affected the primary protection system. ---------------------------------------------------------------------------- Computer Weekly, November 11th, 1993 "Yankie virus hits Sizewell" By Tony Collins A VIRUS called "Yankee" has infected computer systems at the Sizewell B power station in Suffolk. One man has been dismissed for introducing unauthorised software into the site, and the Government's Nuclear Installations Inspectorate (NII) has been alerted. However, Sizewell's operator, Nuclear Electric, said the virus has been eliminated and has not infected the plant's crucial primary protection systems (PPS) or associated equipment. But the incident has concerned the Health and Safety Executive, the NII's umbrella organisation. It is investigating the adequacy of safeguards adopted by Nuclear Electric to prevent the PPS or other safety systems being corrupted by unauthorised code such as a virus. This week an NII spokesman said Nuclear Electric has recently submitted evidence that safeguards are adequate. However, he said. Nuclear Electric's safety case is still being studied. The incident came to light after a prominent local campaigner against Sizewell received an anonymous telephone call about the virus. He wrote to the Health and Safety Executive which replied that it was "aware of the incident". "It is highly unlikely that any unauthorised code would remain undetected," said the Executive's letter. "On the system [PPS] itself the code is held in read-only memories and therefore during normal execution is not modifiable." But the letter added, "System access will be needed for maintenance purposes, and it is therefore particularly important to be assured that none of the associated equipment malfunctions due to the presence of unauthorised code." Sizewell B is the first power station in the world to rely heavily on computer systems for its PPS, which shuts down the reactor in an emergency. The power station is due to open next year. On the same site a separate nuclear reactor has been generating electricity for many years. This week Nuclear Electric confirmed that a virus had infected office systems and was spotted when a computer on the network played Yankee Doodle Dandy - the signature of the "Yankee" virus, which has been circulating on bulletin boards for more than a year. The virus attaches itself to .com and .exe files. It can be activated either when the PC's time-clock reaches Spm or when control-alt-delete are pressed in succession to re-boot a machine. Richard Ford, editor of Virus Bulletin newsletter, said Yankee, believed to have originated in Bulgaria, does not corrupt data but can take time and money to eliminate. He added, "It is lucky the virus was Yankee and not one that causes more serious problems." Staff carrying portable PCs are now subject to spot checks and can be dismissed if they do not run the machines through virus checkers. ---------------------------------------------------------------------------- The Sunday Express, November 14th, 1993 "Mercury's little marvel" By Lucy Reese One-2-One mobile phones sell out CABLE and Wireless's new mobile telephone service, Mercury One-2-One, is proving a runaway success. After just two months since launch, demand is so great that retailers are running out of stock. Cable and Wireless chairman Lord Young of Graffham said on Friday: "We've been totally swamped. My own daughters want the telephones but I can't get my hands on any." Ironically, it was only a week ago that lack of demand finally forced Hutchinson Telecom to withdraw its rival Rabbit mobile phone system after an investment of more than 100 million pounds. The One-2-One campaign targeted individuals new to mobile phones rather than professionals and companies. For a fee of 12.50 a month, customers get free off-peak local calls to those in the London area - soon spreading to the rest of the country - and provides a viable alternative to British Telecom for domestic users. The phones themselves are made by Motorola and Siemens and cost either 250.00 pounds or 300.00 pounds. "The whole thing has taken off much faster than they expected," says Charles Dunstan, managing director of the Car- Phone Warehouse. "They're effectively sold out. If you want to buy one, you'll be put on a back order system. "I've never seen anything like it. In the first three days after the launch we had over 5,000 calls. "Mercury One-2-One now represents about 40 per cent of all our sales." A spokesman for Dixons confirmed that One-2-One phones are practically sold out. Mercury spokesman Alan Thompson admitted that there is a shortage at the moment. "We've sold out because the response has been so strong," he said. "Demand has been far greater than we expected. It has really caught the public's attention." EXCESS He stressed that both Motorola and Siemens are rushing to make as many phones as they can. "We're doing what we can to get them in for Christmas. This is the best-selling new product we've ever had." So why didn't Cable and Wireless make enough phones? Said Mr Thompson: "We spoke to major retailers like Dixons, Ganada and PC World and ordered a number that was slightly in excess of what they suggested. "Demand has outstripped these estimates. Perhaps we were a bit too conservative. Distributors have been doubling and quadrupling their orders. ---------------------------------------------------------------------------- The Daily Mirror, November 25th, 1993 "ATM cashpoint pays 20 pound notes as tens" A BANK lost thousands yesterday when its cashpoint paid out 20 pound notes instead of tenners. Anyone who cashed in will be traced through PIN numbers and asked to refund the money. Staff at the NatWest in Queen Street, Cardiff loaded the machine wrongly - and cost the bank 40,000 pounds. ---------------------------------------------------------------------------- Unauthorised Access BBS, November 28th, 1993 "2600 hacker meetings in London" Hackers, phone phreaks, techno-anarchists, cyberpunks, etc. The second UK 2600 meeting is planned for FRIDAY the 3rd of DECEMBER, 1993. (and on the first Friday of each month thereafter). All those interested in attending will be required to meet once again at the Trocadero shopping centre, which is a one minute walk from the Picadilly Circus underground station. The meeting point is actually inside the shopping centre, next to the virtual reality machines located on the bottom floor. Anyone interested in taking part should assemble next to these machines between 7.00pm and 7.30pm. Those who attend will then travel by tube train to a 'mystery' location for some serious computer underground discussion, info trading, gossip, etc. For more information, phone Damian on +44(0)71-262-3042 or contact Phantasm via Unauthorised Access BBS, +44(0)636-708063, Online 10.00pm-7.00am. ---------------------------------------------------------------------------- Send all article contributions to 'uabbs@works.uucp or upload to UABBS. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [10]: Upcoming Conferences and Conventions ------------------------------------------------------------------------------- READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE ]]]]]]]]]]]]]]]]]] ]]] ]] ] ]] DEF CON ][ Initial Announcement ]]]]]]]^^^^]]]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement ]]]]]]^^^^^^]]]]] ] ] ] DEF CON ][ Initial Announcement ]]]]]^^^^^^^^]]]]] ]] ] DEF CON ][ Initial Announcement ]]]]^^^^^^^^^^]]] ] ]]]]]]]] ] DEF CON ][ Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]]]] ] DEF CON ][ Initial Announcement ]]^^^^^^^^^^^^^^]]]]]] ]] ] DEF CON ][ Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]] DEF CON ][ Initial Announcement ]]]]^^^^^^^^^^]]]]]]]] ] ]] DEF CON ][ Initial Announcement ]]]]]^^^^^^^^]]]]]]] ]]] ]] ] DEF CON ][ Initial Announcement ]]]]]]^^^^^^]]]]]]] ] ] ] DEF CON ][ Initial Announcement ]]]]]]]^^^^]]]]]]]]]]] ]] ] ] DEF CON ][ Initial Announcement ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] ] DEF CON ][ Initial Announcement READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE WTF is this? This is the initial announcement and invitation to DEF CON ][, a convention for the "underground" elements of the computer culture. We try to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies, Virii coders, programmers, crackers, Cyberpunk Wannabees, Civil Liberties Groups, CypherPunks, Futurists, etc.. WHO: You know who you are, you shady characters. WHAT: A convention for you to meet, party, and listen to some speeches that you would normally never hear. WHEN: July 22, 23, 24 - 1994 WHERE: Las Vegas, Nevada @ The Sahara Hotel So you heard about DEF CON I, and want to hit part ][? You heard about the parties, the info discussed, the bizarre atmosphere of Las Vegas and want to check it out in person? Load up your laptop muffy, we're heading to Vegas! Here is what Three out of Three people said about last years convention: "DEF CON I, last week in Las Vegas, was both the strangest and the best computer event I have attended in years." -- Robert X. Cringely, Info World "Toto, I don't think we're at COMDEX anymore." -- Coderipper, Gray Areas "Soon we were at the hotel going through the spoils: fax sheets, catalogs, bits of torn paper, a few McDonald's Dino-Meals and lots of coffee grounds. The documents disappeared in seconds." -- Gillian Newson, New Media Magazine DESCRIPTION: Last year we held DEF CON I, which went over great, and this year we are planning on being bigger and better. We have expanded the number of speakers to included midnight tech talks and additional speaking on Sunday. We attempt to bring the underground into contact with "legitimate" speakers. Sure it's great to meet and party with fellow hackers, but besides that we try to provide information and speakers in a forum that can't be found at other conferences. WHAT'S NEW THIS YEAR: This year will be much larger and more organized than last year. We have a much larger meeting area, and have better name recognition. Because of this we will have more speakers on broader topics, we plan on having a slip connection with multiple terminals and an IRC connection provided by cyberspace.com. We are trying to arrange a VR demo of some sort. Dr. Ludwig will present this years virus creation award. There will be door prizes, and as usual a bigger and better "Spot The Fed" contest. We'll try to get an interesting video or two for people to watch. If you have any cool footage you want shown, email me with more information. WHO IS SPEAKING: We are still lining up speakers, but we have several people who have expressed interest in speaking, including Dr. Mark Ludwig (Little Black Book Of Computer Viruses), Phillip Zimmerman (PGP), Loyd Blankenship (Steve Jackson Games), Ken Phillips (Meta Information), and Jackal (Radio) to name a few. We are still contacting various groups and individuals, and don't want to say anything until we are as sure as we can be. If you think you are interested in speaking on a self selected topic, please contact me. As the speaking list is completed there will be another announcement letting people know who is expected to talk, and on what topic. WHERE THIS THING IS: It's in Las Vegas, the town that never sleeps. Really. There are no clocks anywhere in an attempt to lull you into believing the day never ends. Talk about virtual reality, this place fits the bill with no clunky hardware. If you have a buzz you may never know the difference. It will be at the Sahara Hotel. Intel as follows: The Sahara Hotel 1.800.634.6078 Room Rates: Single/Double $55, Suite $120 (Usually $200) + 8% tax Transportation: Shuttles from the airport for cheap NOTES: Please make it clear you are registering for the DEF CON ][ convention to get the room rates. Our convention space price is based on how many people register. Register under a false name if it makes you feel better, 'cuz the more that register the better for my pocket book. No one under 21 can rent a room by themselves, so get your buddy who is 21 to rent for you and crash out. Don't let the hotel people get their hands on your baggage, or there is a mandatory $3 group baggage fee. Vegas has killer unions. COST: Cost is whatever you pay for a hotel room split however many ways, plus $15 if you preregister, or $30 at the door. This gets you a nifty 24 bit color name tag (We're gonna make it niftier this year) and your foot in the door. There are fast food places all over, and there is alcohol all over the place, the trick is to get it during a happy hour for maximum cheapness. FOR MORE INFORMATION: For InterNet users, there is a DEF CON anonymous ftp site at cyberspace.com in /pub/defcon. There are digitized pictures, digitized speeches and text files with the latest up to date info available. For email users, you can email dtangent@defcon.org for more information. For Snail Mail send to DEF CON, 2702 E. Madison Street, Seattle, WA, 99207 For Voice Mail and maybe a human, 0-700-TANGENT on an AT&T phone. A DEF CON Mailing list is maintained, and the latest announcements are mailed automatically to you. If you wish to be added to the list just send email to dtangent@defcon.org. We also maintain a chat mailing list where people can talk to one another and plan rides, talk, whatever. If you request to be on this list your email address will be shown to everyone, just so you are aware. STUFF TO SPEND YOUR MONEY ON: > Tapes of last years speakers (four 90 minute tapes) are available for $20 > DEF CON I tee-shirts (white, large only) with large color logo on the front, and on the back the Fourth Amendment, past and present. This is shirt v 1.1 with no type-o's. These are $20, and sweatshirts are $25. > Pre-Register for next year in advance for $15 and save half. > Make all checks/money orders/etc. out to DEF CON, and mail to the address above. If you have any confidential info to send, use this PGP key to encrypt: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCrAiyI6OcAAAEE8Mh1YApQOOfCZ8YGQ9BxrRNMbK8rP8xpFCm4W7S6Nqu4Uhpo dLfIfb/kEWDyLreM6ers4eEP6odZALTRvFdsoBGeAx0LUrbFhImxqtRsejMufWNf uZ9PtGD1yEtxwqh4CxxC8glNA9AFXBpjgAZ7eFvtOREYjYO6TH9sOdZSa8ahW7YQ hXatVxhlQqve99fY2J83D5z35rGddDV5azd9AAUTtCZUaGUgRGFyayBUYW5nZW50 IDxkdGFuZ2VudEBkZWZjb24ub3JnPg== =ko7s -----END PGP PUBLIC KEY BLOCK----- I'm sure I am forgetting a bunch of stuff that will be fixed in future announcements. This file serves as the initial announcement so you can make your plans accordingly. - The Dark Tangent ------------------------------------------------------------------------------- CALL FOR PAPERS & PANELS - 17TH NATIONAL COMPUTER SECURITY CONFERENCE October 11-14, 1994 --- Baltimore, Maryland Co-Sponsors: National Institute of Standards & Technology National Computer Security Center The National Computer Security Conference attendees represent a broad range of information security interests spanning government, industry, commercial, and academic communities. Papers and panel discussions typically cover: - research & development for secure products and systems; - implementation and accreditation of secure systems; - administration & operation of secure systems; - evaluation of products and systems against trust criteria; - international harmonization of security criteria & evaluations; - promotion of computer security: education, awareness and training; - social and legal issues related to computer security. We invite the submission of papers and proposals for panels in any of the above areas and on other topics related to the confidentiality, integrity, and availability of data and resources in information systems. Papers will be selected through an anonymous review process and will be published in the conference proceedings. Panels will be selected by the Program Committee, and panel members will be expected to provide written statements for inclusion in the proceedings. BY 1 MARCH 1994: eight (8) copies of your paper or panel proposal should ARRIVE at the following address: National Computer Security Conference ATTN: NCS Conference Secretary, APS XI National Computer Security Center Fort George G. Meade, MD. 20755-6000 By 1 June, 1994: Authors and panel chairs selected to participate in the conference will be notified and advised when final papers and panel statements are due. PREPARATION OF CONFERENCE SUBMISSIONS: Cover sheet: Type of submission (paper, panel, tutorial) Title or Topic Abstract (not to exceed 250 words) Author(s) Organizational Affiliation(s) Phone numbers (voice and fax if available) Internet address if available Point of contact if more than one author SUBMISSIONS RELATED TO WORK UNDER U.S. GOVERNMENT SPONSORSHIP MUST ALSO INCLUDE THE FOLLOWING: Program Sponsor or Procuring Element Contract Number (if applicable) Government Publication Release Authority Paper preparation: 10-page maximum incl. figures & references; title, abstract, & keywords on first page; no more than 12 char./inch & 6 lines/inch; one-inch margins all around. BECAUSE THE REVIEW PROCESS WILL BE ANONYMOUS, NAMES AND AFFILIATIONS OF AUTHORS SHOULD APPEAR ONLY ON THE SEPARATE COVER SHEET CLASSIFIED MATERIAL OR TOPICS SHOULD NOT BE SUBMITTED RELEASE FOR PUBLICATION & COPYRIGHT: It is the responsibility of the authors to obtain government or corporate releases for publication. Written releases will be required for all papers to be published. Papers developed as part of official U.S. government duties may not be subject to copyright. Papers that are subject to copyright must be accompanied by written assignment to the NCS Conference Committee or written authorization for publication and release at the Committee's discretion. PANEL PROPOSALS: Panels should be geared to a maximum of ninety minutes long, including time for prepared remarks and audience interaction. 2 page maximum. Include chair and proposed panelists or organizations to be represented on first page. Include summary of topic, issues, and/or questions to be addressed by the panel and viewpoints that proposed panelists would bring to the discussion. FOR MORE INFORMATION ON SUBMISSIONS, PLEASE CALL 410-850-0272 OR SEND INTERNET MESSAGES TO: NCS_Conference at DOCKMASTER.NCSC.MIL. For other information about the conference, call 301-975-2775. ------------------------------------------------------------------------------- ******* REQUEST FOR PARTICIPATION ******* Invitational Workshop on Information Technology (IT) Assurance and Trustworthiness March 21-23, 1994 Williamsburg, Virginia Sponsored by: Aerospace Computer Security Associates Co-sponsored by National Computer Systems Laboratory, National Institute of Standards and Technology The purpose of this workshop is to provide input into the development of policy guidance on determining the type and level of assurance appropriate in a given environment. Much of the existing guidance is rooted in the Yellow books, which are based on computer and communications architectures of a prior decade. Technological changes such as local area networks, the worldwide Internet, policy-enforcing applications, and public key cryptography, mandate a review and revision of policy guidance on assurance and trustworthiness. This invitational workshop is intended to identify the crucial issues and to make recommendations. The audience for the results includes those who deal with information having sensitivity with respect to national security, privacy, commercial value, integrity, and availability. Potential participants will submit a paper expressing a technical or policy position. These position papers will be used to identify working sessions and to help identify specific participants who should be invited. The submission of the papers and all communication surrounding this workshop will be handled primarily through electronic means. [...] If you are interested in submitting a paper or just want additional information, please contact Marshall Abrams, abrams@mitre.org. ------------------------------------------------------------------------------- CONFERENCE ANNOUNCEMENT VSI '94 Philadelphia, Pennsylvania - USA March 29-30, 1994 Presented by the Virus Security Institute "A Different Kind of Information Security Conference" VSI '94 -- two intense days of interactive collaboration focused on the development of a working information security model appropriate to both the management and technical challenges of the mid-90s. Security is not a book of rules; it is an organic and dynamic process. This principle will be expanded through an aggressive combination of speakers, scenarios and solutions. VSI '94 is not a hit-or-miss conference. The program is carefully structured to provide not only state-of-the-art information but practical techniques that "push the envelope". DAY ONE: In the morning, industry experts will present a limited number of papers dealing with state-of-the-art considerations divided into three areas: scientific, technical, and managerial. This will provide a primer for what is to follow. In the afternoon, participants will restructure a traditional organization to reflect the information security needs of the mid-90s. The Management Track will address requirements for executives, financial and legal considerations, operating parameters, policies and procedures, re-engineering, communications requirements and a five-year plan. The Technical Track will explore tools and techniques currently available, define requirements and techniques to preserve vital information that may come under attack from any quarter, automation of support functions, necessary networking and risk assessment. Industry experts in each field will be present to make suggestions and offer examples. The afternoon will be divided into segments for each of the tracks with a focus provided for each. If the participants fail to reach a consensus within the segment's allotted time, the legacy baseline will be used on the next day. Further planning is encouraged in the bar and at the reception. DAY TWO: Each of the elements of the restructured model will be examined and challenged, both by speakers and participants. Management will be given legal, financial, and stockholder concerns to address. Technical will defend against attack scenarios ranging from viruses to terrorists to incendiary cows & leaking tunnels. PLENARY: A recap of the proceedings analyzing strengths and weaknesses of the model as developed, challenged, and improved. PAPERS: We solicit papers/speakers focusing on the subjects of fiendish attacks, brilliant solutions, organizational indifference, and prognostication. The focus will be on salvation from the Networks (both interpretations apply). SITE: The entire conference floor of the Philadelphia Airport Hilton has been reserved for VSI '94. Rooms for Birds-of-a-Feather meetings may be reserved in advance, subject to availability. Facilities will be available for larger, lengthy formal meetings on Monday, March 28. The hotel is designed to facilitate "H" (hall) track sessions. Room Rates: $72/night, single or double. Contact the Hilton (302)792-2700 The Hilton provides a complimentary continental breakfast to all hotel guests. TRAVEL: Philadelphia International Airport (transportation from airport provided by the Hilton) is served by most major airlines. Drive time from either Washington, DC or New York is approximately 2 hours. AMTRAK serves Philadelphia's 30th Street Station (local train available every half hour to airport for Hilton pickup). Discounted airfares are available from Sand Lake Travel (800)535-1116 / (407)352-2808 / FAX (407)352-2908 AMENITIES & AMUSEMENTS: Philadelphia is rich in attractions, from the Liberty Bell to the Franklin Institute to the Art Museum to the bustling 9th Street Market. Excellent shopping in both Philadelphia and tax-free Delaware. Nearby is the famous Brandywine Valley, home of Winterthur, Longwood Gardens and Andrew Wyeth. A full activities packet will be available to all registrants. INFORMATION: For more information, E-Mail or Fax: EMAIL: VSI94_info@dockmaster.ncsc.mil (case sensitive) FAX: (302)764-6186 (include E-Mail address, please) Honorary/Convening Chairman - Dr. Harold Joseph Highland, FICS Conference Chair: Pamela Kane Program Chair: Padgett Peterson PSKane@dockmaster.ncsc.mil Padgett@tccslr.dnet.mmc.com Founding Members and Directors of the Virus Security Institute Vesselin Bontchev Dr. Klaus Brunnstein Dr. William Caelli Jon David Christoph Fischer Ross Greenberg Dr. Harold Joseph Highland, FICS Pamela Kane A. Padgett Peterson, P.E. Yisrael Radai Fridrik Skulason Dr. Alan Solomon ::::: Yves Deswarte - LAAS-CNRS & INRIA - 31077 Toulouse (France) ::::: :::: E-mail:deswarte@laas.fr - Tel:+33/61336288 - Fax:+33/61336411 :::: ------------------------------------------------------------------------------- European Symposium on Research in Computer Security Brighton, United Kingdom, November 7th-9th, 1994 ESORICS-94 (European Symposium on Research in Computer Security) is organised by The IMA in cooperation with AFCET (creator), BCS Security Special Interest Group, and CERT-ONERA. AIM AND TOPICS: The aim of this symposium is to further the progress of research in computer security by bringing together researchers in this area, by promoting the exchange of ideas with system developers and by encouraging links with researchers in areas related to computer security, information theory and artificial intelligence. Papers are solicited in the following areas: - Theoretical Foundations of Security- security models and specifications, contribution of formal logic and information theory, formal development techniques - Secure Computer Systems- operating system security, network security, security management, virus and worms, contribution of artificial intelligence, contribution of new architectures and new technologies - Security in Data and Knowledge Bases- - Security in other Applications- transaction systems, process control, real time, distributed applications - Cryptography Applications- authentication, key management, signature - Security Verification and Evaluation- formal methods, measure and evaluation of risks, measure and evaluation of security, criteria, protocol verification - Software Development Environments for Security- - Operation of Secure Systems- management, intrusion detection - Security versus other requirements Security and costs, performances, dependability, safety, reliability,... All application fields are welcome (medical, industrial, financial, copyright,...) as long as the proposals remain in the scope of research in computer security. This list is not exhaustive. Research papers, position papers and panel proposals will be welcomed. Papers should be submitted by March 24th,1994 to: Gerard Eizenberg CERT-ONERA ESORICS 94 2, avenue E. Belin B.P. 4025 31055 Toulouse Cedex France The texts must be submitted in English. Papers should be limited to 6000 words, full page figures being counted as 300 words. Each paper must include a short abstract and a list of keywords indicating subject classification. Notification of acceptance will be sent by June 24th, 1994, and camera-ready copies will be due on September 1st, 1994. Panel proposals should include title, proposed chair, tentative panelists, a 2 or 3 paragraphs description of the subject, format of the presentation, and rationale for the panel. For further information and/or copy of the advance program when available, send E-mail to Dieter Gollmann at the next address: dieter@dcs.rhbnc.ac.uk or write to: Pamela Irving Conference Officer The Institute of Mathematics and Its Applications 16 Nelson Street Southend-on-Sea ESSEX SS1 1EF United Kingdom IMPORTANT DATES: Submission deadline: March 25th, 1994 Acceptance notification: June 24th, 1994 Camera-ready copy due: September 1st, 1994 GENERAL CHAIR: Roger Needham (University of Cambridge, United Kingdom) PROGRAM COMMITTEE CHAIR: Gerard Eizenberg (CERT-ONERA, France) VICE-CHAIR: Elisa Bertino (Universita di Milano, Italy) Bruno d'Ausbourg (CERT-ONERA, France) Thomas Beth (Universitaet Karlsruhe, Germany) Joachim Biskup (Universitaet Hildesheim, Germany) Peter Bottomley (DRA, United Kingdom) Yves Deswarte (LAAS-CNRS & INRIA, France) Klaus Dittrich (Universitaet Zuerich, Switzerland) Simon Foley (University College, Ireland) Dieter Gollmann (University of London, United Kingdom) Franz-Peter Heider (GEI, Germany) Jeremy Jacob (University of York, United Kingdom) Sushil Jajodia (George Mason University, USA) Helmut Kurth (IABG, Germany) Teresa Lunt (SRI, USA) Giancarlo Martella (Universita di Milano, Italy) Catherine Meadows (NRL, USA) Jonathan Millen (MITRE, USA) Emilio Montolivo (Fondazione Ugo Bordoni, Italy) Roger Needham (University of Cambridge, United Kingdom) Andreas Pfitzmann (Technische Universitaet Dresden, Germany) Jean-Jacques Quisquater (UCL, Belgium) Einar Snekkenes (NDRE, Norway) ORGANISING COMMITTEE Dieter Gollmann (University of London, United Kingdom) Pamela Irving (IMA, United Kingdom) ------------------------------------------------------------------------------ dFx, Phrack Magazine and cDc - Cult Of The Dead Cow proudly present : The Fourth Annual H O H O C O N "Cliff Stoll My K0DEZ!@$#!" Who: All Hackers, Journalists, Security Personnel, Federal Agents, Lawyers, Authors, Cypherpunks, Virtual Realists, Modem Geeks, Telco Employees, and Other Interested Parties. Where: Austin North Hilton & Towers and Super 8 Motel 6000 Middle Fiskville Road Austin, Texas 78752 U.S.A. Hilton : (800) 347-0330 / (512) 451-5757 Super 8: (800) 800-8000 / (512) 467-8163 When: Friday December 17 through Sunday December 19, 1993 What is HoHoCon? ---------------- HoHoCon is the largest annual gathering of those in, related to, or wishing to know more about the computer underground. Attendees generally include some of the most notable members of the "hacking" and "telecom" community, journalists, authors, security professionals, lawyers, and a host of others. Previous speakers include John Draper (Cap'n Crunch), Ray Kaplan, Chris Goggans (Erik Bloodaxe), Bruce Sterling, and many more. The conference is also one of the very few that is completely open to the public and we encourage anyone who is interested to attend. Hotel Information ----------------- The Austin North Hilton recently split its complex into two separate hotels; the Hilton and the newly added Super 8. HoHoCon guests have the choice of staying in either hotel. Group rates are as followed : Super 8: Single - $46.50, Double - $49.50, Triple - $52.50, Quad - $55.50 Hilton : Single - $69.00, Double - $79.00, Triple - $89.00, Quad - $99.00 Once again, the hotel has set aside a block of rooms for the conference and we recommend making your reservations as early as possible to guarantee a room within the block, if not to just guarantee a room period. Rooms for the handicapped are available upon request. To make your reservations, call the number listed above that corresponds with where you are and where you want to stay and make sure you tell them you are with the HoHoCon conference or else you'll end up throwing more money away. The hotel accepts American Express, Visa, Master Card, Discover, Diner's Club, and Carte Blanche credit cards. Check-in is 3:00 p.m. and check-out is 12:00 noon. Earlier check-in is available if there are unoccupied rooms available. Please note that in order for the hotel to hold a room past 6:00 p.m. on the date of arrival, the individual reservation must be secured by a deposit or guaranteed with one of the credit cards listed above. Also, any cancellations of guaranteed reservations must be made prior to 6:00 p.m. on the date of arrival. You will be responsible for full payment of any guaranteed reservations which are not cancelled by this time. The hotel provides transportation to and from the airport and will give you full information when you make your reservations. Directions ---------- For those of you who will be driving to the conference, the following is a list of directions provided by the hotel (so, if they're wrong, don't blame me): Dallas : Take IH 35 south to exit 238-B, the Houston exit. At the first stop light, turn right on to 2222. Turn off of 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. San Antonio : Take IH 35 north to exit 238-B, the Houston exit. At the second stop light, turn left onto 2222. Turn off 2222 onto Clayton Lane (by the Greyhoud Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Houston (on 290) : Take 290 west into Austin. Exit off of 290 at the IH35 exit (do not get on 35). Stay on the access road heading west, you will pass two stop lights. Turn off the access road onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Houston (on 71) : Take 71 west into Austin. Exit onto 183 north. Take 183 north to 290 west. Take 290 west to the IH 35 exit. Exit off of 290 at the IH 35 exit (do not get on 35). Stay on the access road heading west, you will pass two stop lights. Turn off the access road onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel in on the left. Airport : Exit the airport parking lot and turn right onto Manor Road. Take Manor Road to Airport Boulevard and turn right. Take Airport Boulevard to IH 35 north. Take IH 35 to exit 238-B. At the second stop light, turn left onto 2222. Turn off of 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Call the hotel if these directions aren't complete enough or if you need additional information. Conference Details __________________ HoHoCon will last 3 days, with the actual conference being held on Saturday, December 18 starting at 11:00 a.m. and continuing until 5 p.m. or earlier depending on the number of speakers. Although a few speakers have confirmed their attendance, we are still in the planning stages and will wait until the next update to release a speaking schedule. We welcome any speaker or topic recommendations you might have (except for, say, "Why I Luv Baked Potatos On A Stik!"), or, if you would like to speak yourself, please contact us as soon as possible and let us know who you are, who you represent (if anyone), the topic you wish to speak on, a rough estimate of how long you will need, and whether or not you will be needing any audio-visual aids. We would like to have people bring interesting items and videos again this year. If you have anything you think people would enjoy having the chance to see, please let us know ahead of time, and tell us if you will need any help getting it to the conference. If all else fails, just bring it to the con and give it to us when you arrive. Any organization or individual that wants to bring flyers to distribute during the conference may do so. You may also send your flyers to us ahead of time if you can not make it to the conference and we will distribute them for you. Left over flyers are included with information packets and orders that we send out, so if you want to send extras, go ahead. Cost ---- Unlike smaller, less informative conferences, we do not ask you to shell out hundreds of dollars just to get in the door, nor do we take your money and then make you sleep in a tent. We are maintaining the motto of "give $5 if you can", but due to the incredibly high conference room rate this year, we may step up to "$5 minimum required donation" or "give us $5 or we'll smash your head in". Five dollars is an outrageously low price compared to the suit infested industry conferences or even the new "Cons are k00l and trendy, I gotta do one too!" conferences that are charging up to $50 for admission alone. To encourage people to donate, we will once again be having our wonderless "Raffle For The Elite" during the conference. We will issue a prize list in a future update, but we can guarantee that this year there will be a lot more (and better) prizes than last year, including a full system (and, no, it's not a c64 or 286). Anyone who wishes to donate worthwhile items to the raffle, please let us know ahead of time, or if it's a last minute acquirement, just bring it to the conference. Miscellaneous Notes ------------------- To save myself some time by mailing responses to a lot of the same questions I expect to get, I'll answer a few of them here. Although I have not talked to him myself yet, Steve Ryan has told me that Bruce Sterling will indeed be in attendance and may say a few words. As far as I know, there will not be any visitors from any other planets at the conference. Scot Chasin is still on Earth and will be making an appearance. Video cameras will *not* be allowed inside the conference room without prior consent due to previous agreements made with speakers who do not wish for certain parts of their speech to be rebroadcast. Still cameras and Etch-A-Sketch's are fine and tape recorders are too easily hidden for us to be able to control. Videos and T-Shirts from last year's conference are still available, and will also be on hand during the conference. We do not handle the LoD World Tour shirts, but I can tell you that the old ones are gone and a *new* LoD shirt will be unveiled at the conference. The HoHoCon shirts are $15 plus $3 shipping ($4.00 for two shirts). At this time, they only come in extra large. We may add additional sizes if there is a demand for them. The front of the shirt has the following in a white strip across the chest: I LOVE FEDS (Where LOVE = a red heart, very similar to the I LOVE NY logo) And this on the back: dFx & cDc Present HOHOCON '92 December 18-20 Allen Park Inn Houston, Texas There is another version of the shirt available with the following: I LOVE WAREZ The video includes footage from all three days, is six hours long and costs $18 plus $3 shipping ($4.00 if purchasing another item also). Please note that if you are purchasing multiple items, you only need to pay one shipping charge of $4.00, not a charge for each item. If you wish to send an order in now, make all checks or money orders payable to O.I.S., include your phone number and mail it to the street address listed below. Allow a few weeks for arrival. There will be new HoHoCon '93 shirts available at the conference and a video of the festivities will be out early next year. Correspondence -------------- If anyone requires any additional information, needs to ask any questions, wants to RSVP, wants to order anything, or would like to be added to the mailing list to receive the HoHoCon updates, you may mail us at: hohocon@cypher.com drunkfux@cypher.com cDc@cypher.com drunkfux@crimelab.com dfx@nuchat.sccsi.com drunkfux@5285 (WWIV Net) or via sluggo mail at: HoHoCon 1310 Tulane, Box 2 Houston, Texas 77008-4106 We also have a VMB which includes all the conference information and is probably the fastest way to get updated reports. The number is: 713-867-9544 You can download any of the conference announcements and related materials by calling Metalland Southwest at 713-468-5802, which is the official HoHoCon BBS. The board is up 24 hours a day and all baud rates are supported. Those of you with net access can ftp to cypher.com and find all the HoHoCon information available in /pub/hohocon. The .gifs from previous cons are *not* currently online. Conference information and updates will most likely also be found in most computer underground related publications and mailing lists, including CuD, CSP, Mondo 2000, 2600, Phrack, TUC, phn0rd, cypherpunks, etc. They should also appear in a number of newsgroups including comp.dcom.telecom, alt.security, comp.org.eff.talk, and sci.crypt. We completely encourage people to use, reprint, and distribute any information in this file. Same stupid ending statement from last year to make us look good ---------------------------------------------------------------- HoHoCon '93 will be a priceless learning experience for professionals and gives journalists a chance to gather information and ideas direct from the source. It is also one of the very few times when all the members of the computer underground can come together for a realistic purpose. We urge people not to miss out on an event of this caliber, which doesn't happen very often. If you've ever wanted to meet some of the most famous people from the hacking community, this may be your one and only chance. Don't wait to read about it in all the magazines and then wish you had been there, make your plans to attend now! Be a part of what we hope to be our largest and greatest conference ever. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [11]: IIRG Distribution Sites (or Gateways to Oblivion) ////// ////// /////// //////// // // // // // // // /////// // //// // // // // // // ////// * ////// * // // * ///////// IIRG World HQ: The Rune Stone BBS 14.4k HST Phantasy's Home Board Complete IIRG Archives 4000+ Files (203)-832-8441 NUP: Conspiracy IIRG Distribution Site 1: BluePhishen' BBS Fidonet 1:2603/406 IIRG Distribution Site Sysop: Global Death (212)-924-9627 IIRG Distribution Site 2: Deadcity Sysop: RoughNeck Australia Criminal Intent HQ +61-3-417-2060 IIRG Distribution Site 3: Alliance BBS (612)-251-8596 (Originally ASU Underground in Tempe AZ) 355+ mb H/P/A/UFO and others on CD-ROM IIRG Distro Site IIRG Distribution Site 4: The WareHouse (203)-TMP-DOWN Currently Incarcerated Sysop: Ionizer IIRG Distribution Site 5: Hollow Tree Productions Sysop: Phantasm TWA Distro IIRG Phantasy Distro Extreme*Net (313)-EXE-TREME IIRG Distribution Site 6: The Web (203)869-0938 9600 - 16.8k HST/DS SysOp: Spyder Man <Adrenalin> spyder%admiral.uucp@yale.edu Egghead <ACiD> ACiD CT Outpost Adrenalin Member Board Psychosis Eastern HQ Paradigm Courier HQ VGANSi Dist. Site IIRG Distribution Site CCiNet / ToXiCNet / InterPooL IIRG Distribution Site 7: Unauthorised Access Uk Online 10.00pm-7.00am GMT +44-(0)636-708063 3oo/12oo/24oo/96oo/14.4k HST Established 1990 British Underground Guild WHQ SysOp: Phantasm IIRG Distribution Site 8: Liquid Euphoria Phalcon/Skism Sysop: Hawkmoon (914)-PRI-VATE IIRG Distribution Site 9: The Black Lodge LodgeNet Member Site Sysop: The Brit (5o8)-PRI-VATE IIRG Distribution Site 11: Kaotic Attractor Sysop: Mr Wyzard (5o8)-PRI-VATE -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [12]: Phantasy Distribution Sites Phantasy's Distribution Site's are continually growing,we apologize if you called a board and didn't find the Mag. Network Distribution Sites will have the Issues first, we suggest calling one of them if a problem does arise. 1. Lightning Systems (414) 363-4282 200 Million Bytes OnLine USRobotics Dual Standard HST/V.32bis 2400 thru 14.4k v.32bis/HST 2. The Works BBS Waffle Net v1.65 [617]/861-8976 3/12/24/96/14400b 7dy/24hr N,8,1 Lexington, MA 200 Megabytes of Storage 99.44% pure textfiles Remote cDc Node (Very remote) 3. Abiogenesis, 3/12/24/96/14400 Practical Peripherals 14400FXSA Fidonet 1:280/310. Phone (816)734-4732 4. Uncensored Communications Cybertek Magazine SIG (914)-761-6877 5. The Computer Laboratory Underground 'puternet Phone: +1.515.232.7631 No warez, No codez, No ratios, No hassles. Phantasy Distro Site Phantasy is also available on these systems, Ripco II BBS The Hell Pit Cybernetic Violence (312)-528-5020 (708)-459-7267 (514)-PRI-VATE -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PHANTASY(C) IIRG 1991,1992,1993 May Odin Guide Your Way! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- May You Be Feasting and Drinking in Valhalla For a Full Night Before the Christian God Knows You're Dead -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-