home *** CD-ROM | disk | FTP | other *** search
- Computer underground Digest Sun Apr 4 1993 Volume 5 : Issue 25
- ISSN 1004-042X
-
- Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
- Archivist: Brendan Kehoe
- Shadow-Archivists: Dan Carosone / Paul Southworth
- Ralph Sims / Jyrki Kuoppala
- Ian Dickinson
- Copp Editor: Etaoin Shrdlu, Senior
-
- CONTENTS, #5.25 (Apr 4 1993)
- File 1--CPSR Wins SSN Privacy Case
- File 2--Re: Debating the Virus contest - 1 (#5.23)
- File 3--Re: Debating the Virus contest - 2 (#5.23)
- File 4--Re: Debating the Virus contest - 3 (#5.23)
- File 5--USPS Freedom of Information Act Requests
- File 6--Collecting Cu Files (From "LOD")
- File 7--CU in the news
- File 8--Comments on SJG Decision (GRID News)
-
- Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
- available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The
- editors may be contacted by voice (815-753-6430), fax (815-753-6302)
- or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
- 60115.
-
- Issues of CuD can also be found in the Usenet comp.society.cu-digest
- news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
- LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
- libraries and in the VIRUS/SECURITY library; from America Online in
- the PC Telecom forum under "computing newsletters;"
- On Delphi in the General Discussion database of the Internet SIG;
- on the PC-EXEC BBS at (414) 789-4210;
- in Europe from the ComNet in Luxembourg BBS (++352) 466893;
-
- ANONYMOUS FTP SITES:
- UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
- uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
- halcyon.com( 202.135.191.2) in /pub/mirror/cud
- AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
- EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
- ftp.warwick.ac.uk in pub/cud (United Kingdom)
-
- Back issues also may be obtained through mailservers at:
- mailserv@batpad.lgb.ca.us or server@blackwlf.mese.com
-
- COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
- information among computerists and to the presentation and debate of
- diverse views. CuD material may be reprinted for non-profit as long
- as the source is cited. Some authors do copyright their material, and
- they should be contacted for reprint permission. It is assumed that
- non-personal mail to the moderators may be reprinted unless otherwise
- specified. Readers are encouraged to submit reasoned articles
- relating to computer culture and communication. Articles are
- preferred to short responses. Please avoid quoting previous posts
- unless absolutely necessary.
-
- DISCLAIMER: The views represented herein do not necessarily represent
- the views of the moderators. Digest contributors assume all
- responsibility for ensuring that articles submitted do not
- violate copyright protections.
-
- ----------------------------------------------------------------------
-
- Date: Fri, 26 Mar 1993 17:03:43 EST
- From: Marc Rotenberg <Marc_Rotenberg@WASHOFC.CPSR.ORG>
- Subject: File 1--CPSR Wins SSN Privacy Case
-
- CPSR Wins SSN Privacy Case
-
- PRESS RELEASE
-
- March 26, 1993
-
- "FEDERAL APPEALS COURT UPHOLDS PRIVACY:
- USE OF SOCIAL SECURITY NUMBER LIMITED
- - - - -
- CPSR Expresses Support for Decision"
-
- A federal court of appeals has ruled that Virginia's divulgence of the
- Social Security numbers of registered voters violates the
- Constitution. The Court said that Virginia's registration scheme
- places an "intolerable burden" on the right to vote.
-
- The result comes nearly two years after Marc Greidinger, a
- resident of Falmouth, Virginia, first tried to register to vote. Mr.
- Greidinger said that he found it nearly impossible to obtain a
- driver's license, open accounts with local utilities or even rent a
- video without encountering demands for his Social Security number.
-
- Mr. Greidinger told the New York Times this week that when the
- State of Virginia refused to register him as a voter unless he
- provided his Social Security number he decided to take action. He
- brought suit against the state, and argued that Virginia should stop
- publishing the Social Security numbers of voters.
-
- This week a federal appeals court in Richmond, Virginia ruled
- that the state's practice constituted "a profound invasion of privacy"
- and emphasized the "egregiousness of the harm" that could result from
- dissemination of an individual's SSN.
-
- Computer Professionals for Social Responsibility (CPSR), a
- national membership organization of professionals in the computing
- field, joined with Mr. Greidinger in the effort to change the Virginia
- system. CPSR, which had testified before the U.S. Congress and the
- state legislature in Virginia about growing problems with the misuse
- of the SSN, provided both technical and legal support to Mr.
- Greidinger. CPSR also worked with Paul Wolfson of the Public Citizen
- Litigation Group, who argued the case for Mr. Greidinger.
-
- In an amicus brief filed with the court, CPSR noted the
- long-standing interest of the computing profession in the design of
- safe information systems and the particular concerns about the misuse
- of the SSN. The CPSR brief traced the history of the SSN provisions
- in the 1974 Privacy Act. The brief also described how the widespread
- use of SSNs had led to a proliferation of banking and credit crime and
- how SSNs were used to fraudulently obtain credit records and federal
- benefits.
-
- CPSR argued that the privacy risk created by Virginia's
- collection and disclosure of Social Security numbers was unnecessary
- and that other procedures could address the State's concerns about
- records management.
-
- This week the court of appeals ruled that the state of
- Virginia must discontinue the publication of the Social Security
- numbers of registered voters. The
- court noted that when Congress passed the Privacy Act of 1974 to
- restrict the use of the Social Security number, the misuse of the SSN
- was "one of the most serious manifestations of privacy concerns in the
- Nation."
-
- The Court then said that since 1974, concerns about SSN
- confidentiality have "become significantly more compelling. For
- example, armed with one's SSN, an unscrupulous individual could obtain
- a person's welfare benefits, or Social Security benefits, order new
- checks at a new address, obtain credit cards, or even obtain the
- person's paycheck."
-
- The Court said that Virginia's voter registration scheme would
- "compel a would-be voter in Virginia to consent to the possibility of
- a profound invasion of privacy when exercising the fundamental right
- to vote."
-
- The Court held that Virginia must either stop collecting the
- SSN or stop publicly disclosing it.
-
- Marc Rotenberg, director of the CPSR Washington office said,
- "We are extremely pleased with the Court's decision. It is a
- remarkable case, and a real tribute to Marc Greidinger's efforts.
- Still, there are many concerns remaining about the misuse of the
- Social Security number. We would like to see public and private
- organizations find other forms of identification for their computing
- systems. As the federal court made clear, there are real risks in the
- misuse of the Social Security number."
-
- Mr. Rotenberg also said that he hoped the White House task
- force currently studying plans for a national health care claims
- payment system would develop an identification scheme that did not
- rely on the Social Security Number. "The privacy concerns with
- medical records are particularly acute. It would be a serious design
- error to use the SSN," said Mr. Rotenberg.
-
- Cable News Network (CNN) will run a special segment on the
- Social Security number and the significance of the Greidinger case on
- Sunday evening, March 28, 1993. The Court's opinion is available from
- the CPSR Internet Library via Gopher/ftp/WAIS. The file name is
- "cpsr/ssn/greidinger_opinion.txt". The CPSR amicus brief is available
- as "cpsr/ssn/greidinger_brief.txt".
-
- CPSR is a national membership organization, based in Palo
- Alto, California. CPSR conducts many activities to protect privacy
- and civil liberties. Membership is open to the public and support is
- welcome. For more information about CPSR, please contact, CPSR, P.O.
- Box 717, Palo Alto, CA 94302, call 415/322-3778 or email
- cpsr@csli.stanford.edu.
-
- ------------------------------
-
- Date: Mon, 29 Mar 1993 13:29:18 -0500 (CST)
- From: THe ADvocate <anon@unix.ville.geo>
- Subject: File 2--Re: Debating the Virus contest - 1 (#5.23)
-
- In CuD #5.23, roy%burnflag.ati.com@HARVUNXW.BITNET(Roy) writes:
-
- > Let's just say I decided to have a bomb making contest. This is for
- > the purely scientific purpose of studying how bombs work, and allowing
- > people to study different ways to defuse bombs. I am going to award
- > some cash to the winner and publish the plans for making the bomb in
- > my soon-to-be-released book called "The Little Black Book of Bomb
- > Making Techniques".
-
- This man has obviously never heard of the Anarchists cookbook.
- The poor Mans James Bond or even Army Pub NN-XX Unconventional Munitions.
- All available at a bookstore near you:-)
-
- > So, the book gets published and sells lots of copies. Mark Ludwig
- > arrives home one day to find that his place of residence has been
- > destroyed by a huge bomb. It just so happens that the type of bomb
- > used is the same award winning explosive device as I published in my
- > book.
-
- Kinda like the peoples whose homes get blown up by White supremacists
- or clinics bombed by anti-abortion fanatics?
-
- > Surely, Mr. Ludwig would not hold me responsible for the destruction
- > of his home caused by someone who decided to implement the plans I
- > presented purely for "scientific research purposes".
-
- Too date, no case has been carried against a publisher for this
- kind of material. Soldier of fortune magazine was struck in a
- case for libel regarding publishing an ad for Murder for Hire
- services. I am not sure of the status of the case.
-
- > Roy Batchelor / Burn This Flag BBS / San Jose, CA / 408-363-9766 /
-
- Apparently mr Batchelor is not aware of the first amendment of this
- country. Publishing of ideas, is encouraged, even when they can lead to
- harmful activities. After all the founding fathers were
- publishing materials on how to overturn an empire and slaughter
- Government soldiers.
-
- Todays revolutionary is often times tomorrows government leader. Look
- at Begin in Israel or Mandela in South Africa. Our own government
- gets plenty cozy with numerous Armed revolutionaries.
-
- If something is a crime, the justice system will cope. And if it
- can't why am I paying taxes? Men like mr Batchelor would like to
- destroy the first amendment on the basis of protecting society.
-
- Drugs are a serious problem. Mnay of them are easily synthesized.
- Would you prohibit publication of books that show how to synthesize
- organic molecules because someone might make some drugs that some
- addict may get hooked on and later burglarize your home looking for
- cash?
-
- Solid police work and solid education are the methods of a civilized
- society. Not puritanical methods.
-
- THe ADvocate.
-
- ------------------------------
-
- Date: Mon, 29 Mar 93 11:15:00 PST
- From: erikn@BOA.MITRON.TEK.COM(Erik Nilsson)
- Subject: File 3--Re: Debating the Virus contest - 2 (#5.23)
-
- Roy Batchelor Writes:
-
- > Surely, Mr. Ludwig would not hold me responsible for the
- > destruction of his home caused by someone who decided to implement
- > the plans I presented purely for "scientific research purposes".
-
- And Mr. Ludwig would be right. In fact, there are lots of Little
- Black Books of Bomb Making Techniques in existence, and a News
- conference (Alt.rec.fireworks) that could also fairly be named
- Alt.rec.explosives.manufacture or Alt.rec.bombs. Yes, people do blow
- things up for the fun of it, and it turns out that we live in some
- facsimile of a free society where you can say and think a pretty wide
- range of things, and even do a pretty wide range of things, without
- much more than applying for a permit without drooling on yourself.
-
- If I write a book on gravity, and someone tries to drop a piano on
- you, do you think you have a case for some reason?
-
- For me, the analogy with viri is imperfect, because I can't imagine
- why someone would waste their time writing one. Of course, people
- could fairly wonder why I get several dozen of my friends together at
- least once a year to burn, detonate, and obliterate objects of varying
- artistic value.
-
- In any case, I consider credit databases, CNID, and the FBI wiretap
- proposal far more dangerous to my way of life than computer viri.
-
- Oh yes, here's a simple bomb:
-
- 1. Apply for an explosives handling permit from your state Fire
- Marshall. Tell them you have a few stumps that you need to get rid
- of.
-
- 2. Take the permit and your driver's license to your local farm supply
- store, and buy the following:
- - Explosive of your choice. Dynamite has a quaint charm, but the
- plastic stuff is better.
- - A blasting cap.
- - A firing kit.
- - Several pounds of concrete anchors.
- - A roll of duct tape.
-
- 3. If it isn't obvious what to do from here, you shouldn't be making
- bombs.
-
- 4. Modern explosives are probably a lot more powerful than you think.
- Start with small amounts, a LONG WAYS away from where you are.
- Wear ear and eye protection. Be careful, etc, etc.
-
- A friendly warning: this is not a good way to make a bomb that is
- really going to upset anyone, since commercial explosives are widely
- reputed to have impurities imbedded in them for tracing.
-
-
- Here's the infamous "Dry Ice Bomb," this version off of
- Alt.Rec.Fireworks (posted by Eric Donaldson):
-
- - dry ice
- - water
- - container
- - a cap that fits tightly on the container
-
- - Mix in an open environment.
- - [apply the cap & run like hell (always "like hell" on
- principle, you never "run laconically" from an imminent
- explosion)]
- - Wait somewhere btw 1-30 minutes.
- - and do not go near unless you want to risk your life.
-
- I'd like to emphasize this last point. It's a good idea to have some
- sort of firearm handy to trigger the thing if it fails to go off by
- itself, so you don't spend all afternoon throwing rocks at it (you can
- NOT just leave it for someone to find.). I personally would not do
- this with a glass container, 2 liter plastic bottles work just fine.
- Dry ice bombs are pretty safe, unless you have a short attention span.
-
- Do not handle dry ice with your bare hands.
-
- You might want to check local laws before making one of these, as they
- are major illegal in some places.
-
- For more info, try Alt.Rec.Fireworks, Protechnic Guild International
- (18021 Baseline Avenue, Jordan, MN 55352), or American Fireworks News
- (Star Route Box 30, Dingmans Ferry, PA 18328).
-
- Here's an older list of pyro BBSs:
-
- Name Phone Number Location
- Evergreen Micro (206)452-2012 Port Angles, WA
- Exchange of Byte(206)692-7301 Silverdale, WA
- Jimby BBS (206)698-1044 Brownsville, WA
- West Coast Pyro (209)661-5355 Madera, CA
- Sundial (509)545-1789 Pasco, WA
- Spokane Data (509)747-5199 Spokane, WA
- The Hideaway (509)586-0104 Kennewick, WA
- Strikezone (509)586-6803 Kennewick, WA
- FOG-Line (515)964-7937 Des Moines, IA
- Empire BBS (516)325-0827 Eastport, NY
- VAXCat (603)424-0923 Merrimack, NH
- Babble Board (603)267-5921 Belmont, NH
- Nuke-Zone (603)474-8915 Seabrook, NH
- jBBS (619)221-0311 San Diego, CA
- Starhelm (619)479-3006 San Diego, CA
-
- Maybe somebody has a newer list, I'm not sure how many of these are
- still up. I fergit who I got most of this info from, but thanks
- anyway.
-
- I hope this helps.
-
- ------------------------------
-
- Date: Mon, 29 Mar 1993 18:12:35 -0500
- From: Mike McNally <mcnally@EECS.UMICH.EDU>
- Subject: File 4--Re: Debating the Virus contest - 3 (#5.23)
-
- In article <1993Mar28.222658.9625@chinacat.unicom.com> "Roy Batchelor" writes:
-
- >This note is in reference to the current issue of CuD and the all the
- >discussion of Mark Ludwigs' virus writing contest.
- >
- [...]
- >
- >So, the book gets published and sells lots of copies. Mark Ludwig
- >arrives home one day to find that his place of residence has been
- >destroyed by a huge bomb. It just so happens that the type of bomb
- >used is the same award winning explosive device as I published in my
- >book.
- >
- >Surely, Mr. Ludwig would not hold me responsible for the destruction
- >of his home caused by someone who decided to implement the plans I
- >presented purely for "scientific research purposes".
-
- Though I'm sure you meant this sarcastically, I'll take it at face
- value. In such a situation *I* wouldn't blame you, I'd blame the
- person responsible for setting the bomb. If you were run over by a
- drunk driver, who would you blame? Henry Ford? Jack Daniels? Mobil
- Oil, for selling the driver the gas the car needed to run?
-
- The responsibility for such an action belongs completely to the
- person who initiates the action, not the thousands of people involved
- in making the whole situation possible. Why not blame the authors of
- MS-DOS for writing an OS that's such an easy host for viruses?
-
- ------------------------------
-
- Date: Fri, 2 Apr 93 21:28:37 MST
- From: mrosen@NYX.CS.DU.EDU(Michael Rosen)
- Subject: File 5--USPS Freedom of Information Act Requests
-
- In issue #42 of Phrack there was an article about the USPS' practice
- of selling change of address information without consumer consent. I
- sent the supplied form letter and carbon copied my congressman and
- senators. Today I received a reply from the USPS Records Office.
-
- April 1, 1993
-
- Dear Mr. Rosen:
-
- This concerns your recent Privacy Act request for accountings of
- disclosure of mail forwarding information you have provided to
- the Postal Service.
-
- Disclosure of your forwarding address might have been made to
- individual requesters by post offices or to subscribers to the
- National Change of Address File (NCOA) by an NCOA licensee. The
- NCOA is a consolidated file of all forwarding information
- provided by postal customers and stored on automated media.
- Listholders may subscribe to NCOA to obtain the new addresses of
- individuals for whom they already have in their possession the
- old address.
-
- For disclosures made by post offices, we are in the process of
- querying the Washington, DC postmaster for any accountings.
-
- For disclosures made from the NCOA system, we will begin querying
- NCOA licensees all of which keep logs identifying the particular
- subscribers to whom they have given NCOA information. This
- accounting will not identify with certainty the subscribers who
- have in fact received your new address, but will give you a list
- of all subscribers receiving NCOA service for the relevant time
- period and thus might have received your address.
-
- Because a large number of requests like yours are being received,
- there will be a delay in responding. Requests are being
- processed in order of receipt and you will be sent the
- accountings as soon as possible. Your patience is appreciated.
-
- ------------------------------
-
- Date: Tue, 30 Mar 93 22:39:29 EST
- From: lodcom@MINDVOX.PHANTOM.COM(LOD Communications)
- Subject: File 6--Collecting Cu Files (From "LOD")
-
- Thank you for requesting information about the Hack/Phreak
- Underground BBS Message Base Files. The first Price Listing of
- completed message base Files will be sent to you via email in early to
- mid April 1993. Until then, the following background information
- should provide you with a better picture of this undertaking.
-
- A significant portion of now retired computer underground
- participants (hackers and phone phreaks) have expressed an interest in
- seeing all of those old messages they posted on various underground
- hacker bulletin boards during their respective 'careers'. This is
- especially the case for those who never downloaded the messages; sold,
- gave away, or chucked their disks; and those who were visited by law
- enforcement officials who TOOK EVERYTHING including that suspicious
- looking toaster 8-/. In addition to this crowd, those who have come to
- the 'scene' relatively recently are keenly interested in what their
- 'forefathers' talked about and what computer systems and networks they
- were into. This interest, and the growing curiosity of corporations,
- security professionals, and the general public to know what all those
- 'hacker kids' were REALLY up to (starting World War III of course!) is
- the reasoning behind this undertaking.
-
- Basically, LOD Communications is creating a Historical Library of
- the dark portion of Cyberspace. Throughout history physical objects
- have been preserved for posterity for the benefit of the next
- generation of humans. Cyberspace however, isn't very physical; data
- contained on floppy diskettes has a finite lifetime as does the
- technology to retrieve that data. Most of the underground systems
- operated at a time when TRS80's, VIC-20's, Commodore 64's, and
- Apple //'s were state of the art. Today, it's difficult to find
- anyone who has one of these machines in operating condition not to
- mention the brain cells left to recall how to operate them. :(
-
- The aim of the project is to acquire as much information as
- possible which was contained on the underground hack/phreak bulletin
- boards that were in operation during a decade long period dating from
- the beginnings (1979, 80 - MOM: Modem Over Manhattan and 8BBS) to the
- legendary OSUNY, Plovernet, Legion of Doom!, Metal Shop, etc. up
- through the Phoenix Project circa 1989. Currently messages from over
- 40 different BBS's have been dug up although very few message bases
- are 100% complete. Not having a complete 'set' does not diminish their
- value however.
-
- As happens with most projects, the effort and monetary investment
- turned out to be substantially more than originally anticipated.
- Literally hundreds of man-hours have been spent copying dusty apple ][
- disks, transferring them to IBM (or typing in hard copy versions when
- electronic versions were unavailable), organizing the over one
- thousand individual files according to what BBS the messages were
- originally posted on, and splicing the files together. Also, after
- consulting with the appropriate civil liberties organizations and
- actual legal counsel, a very slight editing of the messages restricted
- to long distance access codes, phone numbers, and computer passwords
- had to be made to ensure that there is nothing illegal contained
- within the messages. Every effort was made to keep the messages in
- their pristine condition: 40 columns, ALL CAPS, spelling errors,
- inaccuracies of various kinds, and ALL.
-
- In order to at least break even, a dollar value has been attached
- to each set of message bases. The dollar values were determined based
- on the following conglomeration: the number of years ago the BBS
- operated, its popularity and message content, whether the BBS or
- portions thereof were deemed 'Elite' (and therefore restricted access
- to but a small number of users), and the total number of messages
- compiled. The prices were kept as low as possible and range from $1.00
- to $9.00 for each Copyrighted (c) 1993 by LOD Communications, H/P BBS
- message base set. Most sets include [in addition to the messages
- themselves]: a historical background and description of the BBS, any
- tutorials aka "G-Philes" that were online as well as downloaded
- userlists if available. Due to the economics involved in diskettes,
- snail mail costs, and filling orders, a minimum order of $20.00 is
- required. Corporations and Government agencies must order the complete
- set and pay a moderately higher rate. The files will be available in
- IBM (5.25 or 3.5 inch), Amiga, and Apple MacIntosh formats and orders
- are expected to arrive at the requestors' physical mail box in 2-4
- weeks upon receipt of the order. Paper versions can be ordered but
- cost double (many messages are of 40 column format and therefore
- wastes lots of paper) and take twice the time to deliver.
-
- These Files will hopefully provide those who were not part of the
- underground experience to learn what it was all about instead of
- relying on those often slanted (negatively) accounts found in the
- press. How much did the hackers and phone phreaks who used these
- bulletin boards know and how did they find it out? Did they have the
- capability to shut down phone service of Area Code proportions, could
- they ruin someone's credit, could they 'move satellites in the
- heavens', could they monitor packet switching network conversations?
- The answers lay within the messages which were painstakingly collected
- and are currently being organized into Files. Your patience is
- appreciated.
-
- LOD Communications: Leaders in Engineering, Social and Otherwise
-
- Email: lodcom@mindvox.phantom.com
- Voice Mail: 512-448-5098
- Snail Mail: LOD Communications
- 603 W. 13th
- Suite 1A-278
- Austin, Texas 78701
-
- ------------------------------
-
- Date: 28 Mar 93 15:37:16 EST
- From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
- Subject: File 7--CU in the news
-
- Virus Advert Censored
- =====================
- The British Advertising Standards Authority has asked Total Control
- Ltd (U.K.) to stop running a particular ad for the VIS Anti Virus
- Utilities package. The ad appeared in a March 1992 edition of PC
- Week. ((Moderators' note: yes, 1992)
-
- The ad features two diskettes lying on pillows next to each other
- in bed. The headline read ''Before you put it in...make sure you
- know where it's been!''. The Authority found this to be offensive.
- (Infosecurity News. March/April 1993. Page 8)
-
- Tiger Team Penetrate IRS Computers
- ===================================
- A so-called ''Tiger Team'' of internal security agents has successfully
- penetrated two IRS computers, and were active in the system for seven
- days without being detected, according to a Knight-Ridder report.
-
- Agents posed as IRS employees ((not too difficult, considering they
- were! just kidding. - Moderators')) and entered facilities at Memphis,
- Tenn. and Ogden, Utah locations. Once inside they installed programs
- to steal passwords by capturing keystrokes. Later they used the
- stolen passwords to infiltrate the systems.
- (Infosecurity News. March/April 1993. Page 8)
-
- Computer Sabotage By Employees
- ==============================
- The March 8, 1993 issue of Information Week has a lengthy excerpt from
- _Sabotage In The American Workplace_. (Pressure Drop Press, San
- Francisco) Although the book has anecdotes from all types of workers,
- the Information Week extracts focus on those involving the use of
- computers.
- The following five stories are featured:
- - A programmer who planted a logic bomb.
- - A technician who undermined sales efforts.
- - A technical writer who works on outside projects during
- throughout the day.
- - A system designer who resolves problems by erasing data.
- - A stockbroker who generates random buy/sell transactions
- to see how the market will react.
-
- For more information see "Sabotage: They're Mad, They're Bad, They
- Just Don't Care. Workers Tell How They Use Computers to Strike
- Back". Pages 34-48
-
- Price Waterhouse's Hackers For Hire
- ===================================
- The Big Six accounting firm of Price Waterhouse is offering clients
- a "Security Penetration Study" in which former hackers and computer
- security experts will assess a systems security by attempting to
- break into it. Other services, such as employee awareness programs,
- are also offered.
- (Information Week. March 15, 1993. Page 8)
-
- PC's and Households
- ===================
- A Software Publishers Association (SPA) survey of 672 US households
- found that college graduates were twice as likely to have personal
- computers as non-graduates. Of the homes that had PC's, 56% boasted
- a household income in excess of $50,000. The survey also found that
- 75% of home computers are MS-DOS based, with more than half of those
- being 386 or 486 machines. Respondents also admitted that 40% of
- their entertainment software had been copied from friends, work, or
- school.
- {Moderators' Note: We'd speculate that much more than 40% of business
- software used at home is copied from others.}
- (Information Week. March 15, 1993. Page 66)
-
- AT&T Collects from Jiffy Lube
- =============================
- A US District Judge in Maryland has ruled that the automobile service
- company Jiffy Lube is responsible for fifty thousand dollars in
- unauthorized phone calls placed on its 800-number. Jiffy Lube had
- argued that it shouldn't be held liable for calls it did not authorize
- nor place, but the judge found that AT&T's tarrifs specify that
- customers are responsible for all calls.
- (Information Week. March 22, 1993. Page ??)
-
- Piracy Down, Jobs Still Lost
- ============================
- Windows Magazine (March 1993, pg 32) reports that although the SPA
- says business software piracy fell by 41% in 1992, it still represents
- a $1.2 Billion loss to the industry. That money is great than the
- cumulative revenue of 81 of the top 100 independent software developers.
- The SPA also estimates that stolen software cost 60,000 jobs in the
- industry.
-
- ------------------------------
-
- Date: Tue, 30 Mar 93 08:53 EST
- From: "Michael E. Marotta" <MERCURY@LCC.EDU>
- Subject: File 8--Comments on SJG Decision (GRID News)
-
- GRID News. March 30, 1993.
- ISSN 1054-9315. vol 4 nu 2.
- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- (74 lines) Reflections of an Author and Publisher
- on Judge Sam Sparks' Decision
- by Michael E. Marotta mercury@well.sf.ca.us
-
- Grid News was launched in 1989. While Jolnet and PHRACK were
- being busted, I was a participant in the White House Conference on
- Library and Information Services. As a result of that bust, I
- applied for and received the ISSN designator from the Library of
- Congress. I wanted it perfectly clear that Grid News is a
- publication. (After its first volume, I obtained an ISSN for
- HERMES, a cybercast periodical for economic topics.)
-
- What disturbs me about Judge Sparks's ruling are these words:
-
- In any event, the Court declines to find from a
- preponderance of the evidence that on March 1, 1990,
- Agent Foley or any other employee or agent of the United
- States had reason to believe that property seized would
- be the work product materials of a person believed to
- have a purpose to disseminate to the public a newspaper,
- book, broadcast or other similar form of public
- communication.
-
- Foley and Kluepfel were recognized by the court to be experts in
- computers. Yet, the court did not expect them to recognize a BBS
- as a "form of public communication." This is disturbing. Earlier
- this week, I received a file from Bitnic about the "Clinton-Gore
- Initiative." That we can link everyone in America to the same
- fiberoptic network and not have "public communication" is beyond
- reason.
-
- I wrote a book about codes and ciphers (available from Loompanics,
- P. O. Box 1197, Port Townsend, WA 98368. $13.95 w/s&h). This
- week, I have the proceedings from Crypto 85 and Crypto 86 and I
- enjoyed reading Adleman's attack on Shamir's quadratics. However,
- these guys should be warned that merely attempting to break
- someone else's cipher is suspect in the eyes of the law.
-
- Judge Sparks said: "Kluepfel had legitimate concerns, both about
- the 911 document stolen from Bell South and the possibility of a
- decryption system which could utilize passwords in rapid fashion
- and could result in intrusions of computer systems, including those
- of the Bell System." And later, he ruled: "If the Secret Service,
- in the performance of executing Court order, had only obtained and
- taken the 911 document or alleged decryption materials,
- application of the definitions of "documentary materials" and
- "work product materials" would logically result in no violation of
- the statute under the circumstances of this case."
-
- It seems that merely attempting decryption can make you the target
- of a Secret Service bust. Someone better warn the SETI folks and
- maybe Dr. Lilly ... (:-)
-
- The darkest shadow is cast by these words from the conclusion of
- the ruling: "It may well be, as the Government Defendants contend,
- these statutes relied upon by the Plaintiffs should not apply to
- the facts of this case, as these holdings may result in the
- government having great difficulties in obtaining information or
- computer documents representing illegal activities. But this Court
- cannot amend or rewrite the statutes involved. The Secret Service
- must go to the Congress for relief. Until that time, this Court
- recommends better education, investigation and strict compliance
- with the statutes as written."
-
- I suggest that the Secret Service and the telcos will in fact
- devote their resources to lobbying Congress for tougher laws and
- will not spend much effort on education within their ranks.
- Caveat computor.
-
- ------------------------------
-
- End of Computer Underground Digest #5.25
- ************************************
-
-