**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.19 (December 31, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto RESIDENT RAPMASTER: Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: From the Mailbag File 3: Telecoms Ripping off BBSs? File 4: Michigan Bell vs BBSs File 5: Clarification of Gail Thackeray's Comment on Modem Licensing File 6: a.k.a. freedom of expression File 7: Z-modem Virus Alert ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #2.19: File 1 of 7: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: December 31, 1990 ++++++++++ In this file: 1. NEW FTP SITE 2. RESOURCE CORRECTIONS 3. LEN ROSE UPDATE ++++++++++ +++++++++++ New FTP Site +++++++++++ A second FTP archive has been set up at the University of Chicago, to help distribute the load. It'll be an exact shadow of the ftp.cs.widener.edu site. The info you'll need is: ftp to chsun1.uchicago.edu [128.135.12.60] login as anonymous send your email address as the password the stuff's in pub/cud The Mail-server is also up and runing. People need to send mail to: archive-server@chsun1.uchicago.edu with the word "help" on a line by itself in the body of the letter. This will send them the help file for the email server. Also, adding the word "index" on a line by itself will send the general Index for all files on the email server (includes other things besides the CuD archives). Basically, the sections are broken down to the various directories contained in ^^/pub/cud on the ftp archives. So if someone wanted to get specific index by a section, they would put the phrase: index cud on a line by itself and get the cud index file. Since there are quite a few large files contained in the archives, the arc-master will have to personally make special requests to split the files up and make them available to whoever asks (the email and ftp servers are linked together to save space). This puts more delay for email requesters but it's probably the best way to go for the time being. +++++++++++++++++ Resource Corrections +++++++++++++++++ The cost of TAP has increased a bit. They are now $2 for single issues or $10 for ten. NIA's correct address is: elisem@nuchat.sccsi.com +++++++++++++ Len Rose Update +++++++++++++ Len Rose's trial in Baltimore remains scheduled for January 28 in the Federal District Court before judge J. Frederick Motz. Len's public defender has been replaced with Jane Macht, described by those who know her as highly competent and responsive. Len faces a five-count indictment alleging "crimes" under 18 USC s1030(a)(6), 18 USC s2314, and 18 USC s2, which, as written, charge him with interstate transportation of AT&T source code and with transfering a "trojan horse login program." The indictment also links Len to the Legion of Doom, which it describes in a highly prejudicial narrative. Previous issues of CuD have provided in-depth details of the case, including a copy of the indictment. A large (1650 line) file with complete background is available from the CuD ftp sites. ******************************************************************** >> END OF THIS FILE << *************************************************************************** From: Various Subject: From the Mailbag Date: December 31, 1990 ******************************************************************** *** CuD #2.19: File 2 of 7: From the Mailbag *** ******************************************************************** From: Wes Morgan Subject: security checks from outside (In CuD 2.18) Date: Fri, 28 Dec 90 10:12:09 EST >From: gnu@TOAD.COM >Subject: Re: "strangers probing for security flaws" -- another view > >Suppose there was a free program, available in source code and scrutinized >by wizards all over the net, that you could run to test your security. If >you had the time, you might run it and fix up the things it found. If you >didn't have the time, those things would probably go unfixed. There are several packages available for UNIX sites. Two that come to mind are: - The suite of programs included in "UNIX System Security", by Kochan and Wood (published by Hayden Books). These programs will audit your system for such things as world-writable home directories, world-writable .profiles, and the like. They will also track down any setuid/setgid files outside of regular sys- tem directories. I've seen this package on several archive sites, but I don't know if it's legal to distribute them. If someone can contact Kochan, Wood, or Hayden Books, and check on this, I'll gladly get them into the CuD archive. - COPS, written by Dan Farmer of CERT. This package is EXCELLENT. The best feature of COPS is an expert system that pseudo-exploits any holes it finds. It uses /etc/passwd and /etc/group to learn what the users are capable of. It then looks for a way to assume the identity of a particular user. It then checks /etc/group to see what it can access as the new uid. The chain continues until it either becomes root or runs into a dead end. The output looks something like this: write /usr2/admin/morgan/.profile become morgan group staff write /bin become bin write /etc become root DO ANYTHING This is a SUPERIOR package for UNIX sites. It's available from cert.sei.cmu.edu. Both of these can be run via cron. I've been running them for several months now, with excellent results. >Sites all over the Internet *are* being probed by people who want to do >them harm. We know this as a fact. I would prefer if we had some >volunteer "cop on the beat"s who would walk by periodically and rattle the >door to make sure it's locked. I have no problems with this at all, *as long as* I know about it in advance. With the advent of sophisticated security tools such as those probably used by the group in Italy, it is awfully easy to claim "cop on the beat" status after being discovered. There was sufficient concern about the Italians for CERT to issue a Security Advisory about their activities. I'm not trying to make any allegations against the folks in Italy; as far as I know, they are exactly what they claim to be. In the future, however, I'm going to be EXTREMELY wary of people coming in "out of nowhere" claiming to be "remote security checkers". An ounce of paranoia, you know........ Wes Morgan ******************************* From: Thomas Neudecker Subject: Re: Cu Digest, #2.18 Date: Fri, 28 Dec 90 22:56:16 -0500 (EST) In a recent CuDigest it was argued copyright protection of user interface code should be eliminated. The author wrote in part: >While source code should generally be protected, there are times when it >may be more profitable to a company to release either the source code or >important information pertaining to it. A prime example is IBM and Apple. >Apple chose to keep their operating system under close wraps. IBM, in their >usual wisdom, chose to let some of it fly. This caused the market to be >flooded with "clone" PC's. Given a choice, most people bought PC's or >PC-compatibles. In fact IBM does not own DOS, ask Mr. Gates at Micro Soft he _sells_ licenses to the clones and sues those who try to steal his code (so does AT&T/U*ix) Bye the way the first series IBM-PCs came with PC-DOS and CP/M. IBM wanted Gates to write CP/M for the new machine but he said it was *owned* by Gary Kildall of Digital Research but he try to write something else just as good. IBM covered all of the bases and licensed both. Regarding Apple; the ][+ I bought came with copyrighted O/S in ROM. And a version of BASIC licensed from Micro Soft. (my 1979 version came with a complete listing of the code for the ROM). For the LISA and the Macintosh Apple licensed concepts from PARC for the GUI. They then licensed parts of their developments to Micro Soft for use in Windows. For more background on these I suggest a good book on the history of the personal computer written by Paul Freiberger and Michael Swain. It is "Fire in the Valley" ISBN# 0-88134-121-5. ***************************************** From: netcom!onymouse@APPLE.COM(John Debert) Subject: Encryption dangers in Seizures Date: Sat, 29 Dec 90 11:20 PST With all the concern about government seizure of someone's computer equipment for the purported intention of looking for some kind of criminal activity, encryption is being seriously considered in order to protect confidential information from Big Brother's prying eyes. There are various ways, of course, to encrypt files but one particularly comes to mind as being at least as much hazard as protection. The use of the "one-time" method of encryption has been considered the best way to keep information from those not entitled to it but it seems to me a two-edged sword, if you will, that can cause harm to whomever uses such a method to keep the government out of their business. The one time method uses a unique random key of equal length to the data to be encrypted which is then XOR'ed with the data to produce the encrypted result. Without the original key, the plaintext is not recoverable. Or is it? Now, suppose that someone has used this method to encrypt files on his/her system and then suppose that Big Brother comes waltzing in with a seizure warrant, taking the system along with all the files but does not take the code keys with them. Knowing Big Brother, he will really be determined to find evidence of a crime and is not necessarily beneath (or above) fudging just a bit to get that evidence. What's to keep him from fabricating such evidence by creating code keys that produce precisely the results that they want-evidence of a crime? Would it not be a relatively simple procedure to create false evidence by creating a new key using the encrypted files and a plaintext file that says what they want it to? Using that new key, they could, in court, decrypt the files and produce the desired result, however false it may be. How can one defend oneself against such a thing? By producing the original keys? Whom do you think a court would believe in such a case? One should have little trouble seeing the risks posed by encryption. jd / onymouse@netcom.UUCP netcom!onymouse@apple.com ******************************** From: Andy Jacobson Subject: Hackers as a software development tool Date: Wed, 02 Jan 91 03:49 PST I received one of those packs of postcards you get with comp. subscription magazines (Communications Week) that had an unbelievable claim in one of the ads. I quote from the advertisement, but I in no way promote, recommend, or endorse this. "GET DEFENSIVE! YOU CAN'S SEE THEM BUT YOU KNOW THEY'RE THERE. Hackers pose an invisible but serious threat to your information system. Let LeeMah DataCom protect your data with the only data security system proven impenetrable by over 10,000 hackers in LeeMah Hacker Challenges I and II. For more information on how to secure your dial-up networks send this card or call, today!" (Phone number and address deleted.) So it seems they're claiming that 10,000 hackers (assuming there are that many!) have hacked their system and failed. Somehow I doubt it. Maybe they got 10,000 attempts by a team of dedicated hackers, (perhaps employees?) but has anyone out there heard of the LeeMah Hacker Challenges I and II? ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: "Michael H. Riddle" Subject: Telecoms Ripping off BBSs? Date: Thu, 27 Dec 90 05:59:11 cst ******************************************************************** *** CuD #2.19: File 3 of 7: Telecoms Ripping off BBSs? *** ******************************************************************** %Moderators' note: A number of states have already begun charging BBSs with business rates. In some states, this may be a nuisance but not prohibitive. In Illinois, for example, our own base rate in DeKalb of $24.02 would increase to $34 were we to run a BBS. In other states (see following file), the charges could be prohibitive if multi-line charges required deposits and other fees. A representative from GTE in Indiana indicated that they had no formal means of enforcing the charges other than to investigate if they received reports of an unregistered BBS operating in their jurisdiction. We have heard of no hobbyist in the U.S. paying for a business line to run a non-commercial BBS, but the implications, if the practice is allowed to spread unchecked, are serious. Enforced charges could be the end of the local or regional Bulletin Board as they currently exist. The issue, according to the Indiana spokesperson, is alleged to be one of fairness and equity in billing. Why, they, ask, should someone whose phone is in constant use pay the same as somebody who uses their phone only a fraction of the time? Our response is that there is little, if any, added expense to telecom operations whether a phone is used for 20 minutes or 20 hours during a given day. Further, the user is already paying an added charge simply for the receipt of calls. If one adds in toll charges for the hundreds of thousands of those who call long distance, BBSs generate considerable revenue for telecom companies. Classifying BBSs as business lines and increasing the charges strikes us as unabashed greed. Why not *REDUCE* the rates for BBS lines, which only receive calls and generate considerable revenue in long distance charges? This is not a trivial concern. Telephone rates, like all utilities, tend to rise. The policies identified in the following two files should motivate all of us to become involved by 1) Writing letters to local telecom companies 2) Writing to elected officials 3) Introducing these campaigns in local and regional elections 4) Writing to state utililty commissions 5) Attending and participating in hearings ************************************************ --- original post on alt.cosuard as reposted on comp.dcom.telecom--- The following cross-posted information is extracted from alt.cosuard. Can anyone in Indiana or a closely neighboring state provide any details on this? >From: BILL BLOMGREN - Sysop: St. Pete Programmers Exchange RIME: PETEX Well ... thought I would pass this tidbit of bad news along ... GTE Indiana prevailed against the BBS systems there ... ALL BBS's in GTE's area there are now at BUSINESS RATES. Which means $50 per month base rates, plus MUCH higher long distance charges. Indiana Bell ... has filed the same tariff with the PUC (Public Utilities Commission) there, making it state wide. Needless to say, GTE has a history of going after the little guy, so you can expect it here in the REAL near future! I expect it nation- wide in the near future. In Indiana, they decided that THE PHONE COMPANY can decide that your residence is a business, and charge high rates to all service incoming. Unfortunately, the courts agreed with them. Ain't Monopolies Nice??? ----- Not a nice situation huh? We didn't need a precedent to be set like this ... now this paves the way for other companies to follow suit. It'll be interesting to watch the nodelist to see if the nets in Indiana (201 in Lafayette, 227 in South Bend, 230 in the Gary Area, 231 in Indy, 236 in Ft. Wayne/NE IN and 2230 in Terre Haute and 11/15 in Evansville) start shrinking. Paul UUCP: crash!pro-lep!shiva ARPA: crash!pro-lep!shiva@nosc.mil INET: shiva@pro-lep.cts.com --- End of Cross Posting --- <<<< insert standard disclaimer here >>>> riddle@hoss.unl.edu | University of Nebraska postmaster%inns@iugate.unomaha.edu | College of Law mike.riddle@f27.n285.z1.fidonet.org | Lincoln, Nebraska, USA ---- my own responses to comments in the Omaha Sysops echo ---- In a message to M. RIDDLE, JACK WINSLADE writes as of 25-DEC-90 14:30:26 >Since you are the closest to being a real lawyer of any of us, and since >you were the one who 'broke' the story to Tel_Dig, would you be willing to >give an educated opinion on specifically what, when, and how much the >Indiana decision will affect us here in Omaha. See the previous response to Joan for what news there is. >I'm sure that this will result in Yet Another round of 'The Sky Is >Falling' messages in every sysops' conference just as soon as it hits >Arfnews, etc. and enters the distortion-prone person-to-person-to-person >chain of communication. The only thing faster than the speed of light is the manner is which disinformation about BBS law propagates across the net. >Is this decision effective immediately, or will a higher court (or >something else) intervene ?? How might this affect the situation in >Nebraska (where Clink is about to buy the farm) and in the other states >such as Texas ?? Since the limited information we have suggests this is a PUC decision, it is still appealable to the courts. If appealed, it will probably not go into effect until final judgment. It's direct effect would only be in Indiana. The Nebraska PUC might not care a great deal what Indiana did, or it might give them some value as "persuasive precedent." The arguments GTE used might have some value. They might not. It all depends on how the Indiana statutes are worded. My guess is the fight is over "what is a business for the purpose of telephone rates?", which will in turn include "why do businesses pay higher rates than residences?" The answer to the second is generally "because they use the phone more." The answer to the first has usually been "some kind of organization that either makes a profit or has formal nonprofit status." We all know that successful BBSes use telephone resources more than a residence, perhaps more than many businesses. That supports GTEs position. The fact that they are hobby operations is what complicates the picture, and the PUC reaction is difficult to predict. >Comments, suggestions ?? Keep calm and wait for a better report on what happened. >Good (??) Day! JSW G'Day back to you, mate! MHR --- end of quoted messages --- ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Ed Hopper Subject: Michigan Bell vs BBSs Date: Mon, 31 Dec 90 23:49:03 CST Organization: Ed Hopper's BBS - Houston, Texas 713-997-7575 ******************************************************************** *** CuD #2.19: File 4 of 7: Michigan Bell vs. BBSs *** ******************************************************************** From: TELECOM Digest Tue, 1 Jan 91 03:46:40 CST Volume 11 : Issue 1 (Note: I am sending this on behalf of Bruce Wilson.) From the FACTS BBS in Flint, Michigan, by way of the Vehicle City BBS in Davison, Michigan: On January 15, 1991, an administrative hearing will be held before the Michigan Public Service Commission to discuss a complaint filed against Michigan Bell Telephone Company. Early this year, a private bulletin board in Grosse Point, called the Variety and Spice BBS, was ordered to pay an increased charge for phone service because it was discovered he was accepting donations for use of his BBS. This BBS ran on an IBM, and supports sixteen separate lines. Although a portion of the BBS was open to the public, most of the BBS (including an "adult file" area, were restricted to those who sent a donation to the BBS. The money collected didn't even come close to the actual cost of running such a BBS. Michigan Bell claims that placing any condition on the use of a BBS constitutes a business, and that the sysop must pay a business rate for his phone line, plus pay a $100 deposit for EACH LINE in use. This means the Variety and Spice sysop would have to pay a $1600 deposit, plus about $50 additional each month if he wanted to continue his BBS. The sysop refused to pay this fee, so Michigan Bell disconnect his lines. The sysop filed a complaint with the MPSC. Until this case was heard, he decided to re-install the phone lines (at a considerable cost to himself). If Michigan Bell wins this case, they will require every BBS sysop to pay business rates for each of their lines, if it is determined that the BBS is accepting fees or donations. The Variety and Spice sysop claims that MBT considers requiring users to upload files or post messages (ie upload/download ratios) the same as a donation, and will require the sysop to upgrade his line to a business line whether money was exchanged or not. However, in an interview I did in March, I talked to the chief spokesman of MBT, who claimed that this was not the case. Only if money is accepted will MBT demand the sysop pay business rate. The important thing here is that AT THIS TIME, these are the rules that MBT believes is in the tariff. If Variety and Spice loses this case, it is conceivable that MBT can request further restrictions to be placed. At this hearing, the public will be allowed to voice their opinions and comments. This applies to both sysops and users. If MBT wins this case it can cause serious restrictions to be place on BBS's, and will set a precedence for other phone companies around the country to follow. Your help is urgently needed!! Please try to attend this hearing. It will be held at the Public Service Building, 6545 Merchant Way, Lansing, Michigan. The date is January 15. I do not have the exact time but I assume this hearing will last most of the day. You do not have to testify, but it would really be helpful if you can attend as a show of support. The MPSC does not think the Michigan public even cares about BBS's. But we can certainly jar their thinking if we can pack the room with sysops and users! For more information, please contact Jerry Cross at 313-736-4544 (voice) or 313-736-3920 (bbs). You can also contact the sysop of the Variety & Spice BBS at 313-885-8377. Please! We need your support. Notes from Ed Hopper: In our case against Southwestern Bell, the same cockeyed logic was applied. For a brief period, Southwestern Bell also maintained that the requirement of file uploads was, in and of itself, cause for them to declare a BBS to be a business because it required something "of value" for access. We were able to force Southwestern Bell to see things in a more moderate tone. Recently, I had the opportunity to testify before the Texas PUC regarding the Texas BBS case. In that testimony, I stated that the telcos draw all sorts of extreme scenarios in which the provision of residential service to BBS systems is against the public good. Their argument goes: "If we allow them to have residential service, it will upset the equations and raise the cost of telecommunications services to everyone." However, there is not a BBS on every block, or even one in every subdivision, and no rational observer would ever expect that to be the case. There is, however, cause for most rational observers to believe that the increased cost of business service, including it's increased burden in the area of deposits and installation charges, could cause the closing of many BBS outlets. This, truly, would not be in the public good. Ed Hopper President The Coalition of Sysops and Users Against Rate Discrimination BBS: 713-997-7575 ehopper@attmail.com ehopper@ehpcb.wlk.com **************************** [%Telecom Digest% Moderator's Note: The problem of course is that the telephone company only has two basic rates: a rate for residence/personal communications and a rate for all else, which they term 'business phones'. Where Ed's counter-argument fails is that while there are not BBS's on every block, neither are there churches and charities on every block -- yet they pay full business rates, as do social service hotline, information and referral services. Are BBS information providers to be treated differently than dial-a-prayer lines which run on business phones, or the proverbial "Battered Women's Shelter outgoing phone line where the calls can't be traced" which also pays business rates? Here are some questions you may wish to give response to: Should there be a third rate category made available, covering charitable and religious organizations? Should this third rate category be available to all not-for-profit phone services such as BBS lines and social service referral numbers or hotlines? If BBS operators who charge money got such a rate, should Compuserve or GEnie also be allowed to use the same rate? Should telco be the one to audit the revenues and decide which computer sites should be treated as 'business' and which should be 'charitable organization'? Is it the fault of telco if the BBS operator does not charge enough money to make a profit? Where is the line to be drawn? Answers? PAT] ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: well!jwarren@APPLE.COM(Jim Warren) Subject: Clarification of Gail Thackeray's Comment on Modem Licensing Date: Sun, 30 Dec 90 12:59:54 pst ******************************************************************** *** CuD #2.19: File 5 of 7: Gail Thackeray Clarification *** ******************************************************************** GAIL THACKERAY RE LICENSING MODEMS & RESTRICTING MODEM USE On 12/21, as a postscript on e-mail to Gail Thackeray, I asked: +++++++++++++++++++++++++ Been meanin' to check this *rumor* for months (I rarely trust what I haven't checked, personally): Have you said that modems should be licensed and their use restricted? (It's been widely quoted/paraphrased and is a common [mis?]perception of your views.) If you ever said it, do you now hold that view? I'm not challenging it; just tryin' to verify or refute a provocative rumor. +++++++++++++++++++++++++ To which, Gail responded: +++++++++++++++++++++++++ Date: Sat, 22 Dec 90 10:04:05 pst From: gailt (Gail Thackeray) To: jwarren No, I never said so -- when talking about the lack of parental supervision of computer use for beginning youngsters, I have pointed out that in other instances involving driving, guns, etc. we recognize that kids don't have good judgment and we insist on training, supervision, licensing, etc. to minimize the risk to the rest of society. I have specifically said that I DON'T want to see licensing of modems, or FCC regulation, etc. -- but that if we look at historic parallels involving new technology (driving, airplanes, etc.) when society grows annoyed/concerned enough with abuses, damage, risk to others, "entry requirements" such as licensing have been imposed. I have recommended that to avoid such a trend in electronic technology, we should put a lot of effort into developing "rules of the road" that we all agree on and abide by & teach youngsters -- or the back- lash may cause formal regulation (just think about the regulations controlling ham radio, etc. -- and the potential for similar rules is quite real, computer-wise.) Regulation usually comes about as a reaction to complaints of enough people to attract the interest of legislators. We are rapidly approaching that "critical mass" stage with computer communications, and if we don't want to see licensing of BBS's, we need to do whatever will curb the abuses (interference with other people's rights). I have recommended that parents check into what their kids are doing with their modems, set rules, ans if need be, "ground" their kids just as they do for other kinds of rules- violations, like being reckless with the family car.... -------------------------------------------- This prompted my 12/24 comments and request: -------------------------------------------- & mail gailt Subject: licensing etc. Gail, This is important: If you have not yet posted exactly those comments, in detail, regarding licensing and regulation of modem users, I *urge* you to post them immediately and completely to the eff Conference, and explicitly add a note encouraging their widespread duplication (without editing, of course) across the nets. You are more than welcome to preface it with a comment that I urged you to post the comments (if that has any value :-). I absolutely agree with your observations and think we have *much* to fear from overzealous legislators/regulators responding to the miniscule minority who are abusive of our tremendously productive cooperative anarchy. ... ------------------ I also urged her to send it to jthomas for the Computer Underground Digest and emmanuel for 2600, and sent mail to both of them urging them to publish it, if Gail sent it, saying, in part: ------------------ Her explanation of what she had and had not said related to such matters was both reasonable and **illustrated a very real threat** (from legislators and regulators; *not* from Gail T) against all of us. Her comments were very realistic; her prognosis highly likely, if we cannot exercise adequate discipline within our ranks. I have urged her to post her comments on the WELL, and forward them to Cud and 2600 for publication (and release them for general posting around the nets). --------------------------------------------------------------- I hope you will help do so, because we now have her permission: --------------------------------------------------------------- From gailt Mon Dec 24 19:51:53 1990 Date: Mon, 24 Dec 90 19:51:51 pst From: gailt (Gail Thackeray) To: jwarren Subject: Re: licensing etc. Willing, but ignorant: so how do I DO that? I thought whatever was sent in E-mail went into the cosmic winds.... is there a way I can retrieve what I sent you, & post it? Can you retireve & upload it? I'm (definitely) still stumblin' around here, and help would be great/grate/fully accepted.... & Date: Mon, 24 Dec 90 19:55:02 pst From: gailt (Gail Thackeray) To: emmanuel, jthomas, jwarren Subject: Re: Thacvkeray and licensing By the by -- feel free to use it -- I just don't know (after scanning% the manual -- how to retrieve what I sent Jim, and publish it out of e-mail. ... ************** For those who don't know of Ms. Thackeray, she is an Assistant State Attorney General for the State of Arizona, active in pursuing computer crime, and controversial for some of her public statements and/or statements that.some press *allege* she said. In some cases, she may have been as misleadingly quoted-out-of-context -- or flat-out abusively misquoted -- as has been the case with some reports about Mitch Kapor, John Perry Barlow and the Electronic Frontier Foundation. --Jim Warren [permission herewith granted to circulate this-in-full] ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: balkan!dogface!bei@CS.UTEXAS.EDU(Bob Izenberg) Subject: a.k.a. freedom of expression Date: Tue, 18 Dec 90 08:21:26 CST ******************************************************************** *** CuD #2.19: File 6 of 7: a.k.a. Freedom of Expression *** ******************************************************************** I read this in issue 2.16 of the Computer Underground Digest: [ quoted text follows ] IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION UNITED STATES OF AMERICA : : CRIMINAL ACTION v. : : NO. 1:90-CR-31 : ADAM E. GRANT, a/k/a The : Urvile, and a/k/a Necron 99, : FRANKLIN E. DARDEN, JR., a/k/a : The Leftist, and : ROBERT J. RIGGS, a/k/a : The Prophet : GOVERNMENT'S SENTENCING MEMORANDUM AND S.G. SS 5K1.1 MOTION [ quoted text ends ] The assumption here, that an alias employed in computer communications is the same as an alias used to avoid identification or prosecution, doesn't reflect an awareness of the context within which such communications exist. The very nature of some computer operating systems demands some form of alias from their users. Management policy also affects how you can identify yourself to a computer, and to anyone who interacts with you through that computer. Look at some of the monikers that were assigned to me to allow me to use various computer systems: Izenberg_Bob (pretty straightforward) bei 76615,1413 BIZENBERG 3935gbt root ;-) Some of those account names identify me personally with me the computer user easily, some not at all. Is it accurate to say that I'm Bob Izenberg, a.k.a. one of the above account names? Sure, between you and me, outside of a court of law. In the context of that court of law, that a.k.a. is an accusation in itself. If we strip the implication from those three letters that the party of the leftmost part is calling themselves the party of the rightmost part to avoid getting nabbed with the goods, what's left? I am known by another name when I use a computer? Where's the surprise in that? Maybe I'm Bob the person a.k.a. Bob the user ID. For another slant on this, let's borrow from my days covering town meetings. I might also be Bob, trading as Bob the user ID, as in: Bob Izenberg, t/a Bob's Bar and Grill. There's no criminal intent there, not in the kinda bar I run. In using a computer communications medium, particularly an informal one like a BBS, the name you choose can set the tone for the aspect of your personality that you're going to present (or exaggerate.) Are radio announcers using their "air names" to avoid the law? How about people with CB handles? Movie actors and crew members? Fashion designers? Society contains enough instances of people who, for creative reasons, choose another name by which they're known to the public. I certainly hope that somebody mentions that Len Rose calling himself Terminus (which springs from his correct perception of himself as somebody who kept the wheels of comunication between legitimate users of AT&T's products moving, or from the Foundation series by author Isaac Asimov) is fair use of a pseudonym, well in line with community standards set by his peers. Whenever somebody uses a.k.a., correct them! Bob Izenberg (512) 346 7019 [ ] cs.utexas.edu!%kvue,balkan%!dogface!bei ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Bob Mahoney (Sysop, PC-Exec) Subject: Z-modem Virus Alert Date: December 5, 1990 ******************************************************************** *** CuD #2.19: File 7 of 7: Z-Modem Virus Alert *** ******************************************************************** %The following was downloaded from Bob Mahoney's BBS% * * * * * W A R N I N G ! ! ! * * * * * On December 3rd, 1990 a group called RABID National Development Corp. released hacked version of Chuck Foresburg's DSZ Z-Modem Protocol dated 12-03-90. This is really the 11-19-90 version with the dates edited and a virus added to the program. *** THIS VIRUS IS DESTRUCTIVE!!! *** I obtained the virused version early this week and worked quickly to provide this program to you. The information I provide here may not be all there is t know about the virus, but it is sufficient to determine that the virus is not what you want to have. RABID Virus Information Preliminary testing has revealed these facts about the virus: * The virus is not memory resident. * The virus infects .COM files only, including COMMAND.COM. (There was one report that it infected and .EXE file and several text files but this could not be confirmed or duplicated.) * Infected files increase in size by 5,302 bytes. * The virus infects other .COM files at execution time. * The virus will activate on 12-25-90 (Christmas) or any date thereafter. * When activated the boot sector, FATs and root directory will be overwritten with garbage. Recovery is impossible unless you use a program such as PcTools Mirror to make backup copies of the system areas. As far as programming goes the virus is poorly written, but it does accomplish what it was designed to do. The actual virus code is about 1,300 bytes with a 4,000 byte ansi screen that is supposed to be displayed upon activation. I sa "supposed to" because on every test I performed the screen displayed as a bunc of video garbage. This occurs when loading the screen data starting at the wrong location. The virus has been passed along to John McAfee and he will have a fix in his next release. However, this release is not due until February and that is too late for those infected already. The information has also been passed along t Chuck Foresburg and he is aware of the situation. VirusFix Instructions The operation of VirusFix is simple. To scan entire disk(s), just specify the disk(s) you wish to scan. Examples: VIRUSFIX C: VIRUSFIX C: D: VIRUSFIX A: To scan a single directory, specify the directory to scan. Examples: VirusFix will notify you if the RABID virus is found and ask if you wish to remove the virus. Every file that I infected and removed the virus from has worked properly so VirusFix should work with most files. If you remove a viru from a file and it doesn't work, delete the file and replace it with and uninfected copy. If you suspect a file other that .COM files is infected, use text search program and search for the string "RABID" in the suspect file. If you have questions or comments about VirusFix or need help with removing a virus from a file I can be reached through the following sources: CompuServe - User ID: 76645,3446 Home Phone - (313) 937-xxxx ******************************************************************** ------------------------------ **END OF CuD #2.19** -> END OF VOLUME 2 -- VOLUME 3 BEGINS NEXT ISSUE <- ********************************************************************