Computer underground Digest Sun July 4 1993 Volume 5 : Issue 49 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Editor: Etaoin Shrdlu, Seniur CONTENTS, #5.49 (July 4 1993) File 1--*GEnie* Roundtable transcript of VIRUS/SECURITY File 2--CPSR Workplace Privacy Test File 3--JOB OPENING AT EFF File 4--CuDs on BBSes: "Other Side of Infinity" Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: 11 Jun 93 21:01:22 EDT From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 1--*GEnie* Roundtable transcript of VIRUS/SECURITY The following is a transcript from the VIRUS/SECURITY RoundTable on GEnie. Note that "ga" in the text stands for "go ahead" and signals that the current speaker has finished their thought. This transcript is reprinted with permission. Real Time Conference in the Virus/Security RoundTable on GEnie with Ken Citarella, Assistant District Attorney, Deputy Bureau Chief of the Frauds Bureau for Westchester County, New York. Sysop: Ross Greenberg. Assistant sysops: Mitch Wagner and Sarah Collier. June 2, 1993, 9:00 PM EDT. -----# Participants #----- <[ken] GUEST-3> <[ross] GREENBER> <[Mitch] MITCHWAGNER> <[AmigaNut] JABBA> <[Cy TROic] F.GLYNN> <[Chuck] C.LEPAGE> <[Dennis] D.MCCAULEY1> <[Ron] R.RITCH> <[Joe] J.HOLLIDAY6> <[Dennis] D.MCCAULEY1> <[Janet] J.ATTARD> -----# Room 1 #----- Welcome, Ken! We're glad to have you here. ga <[Mitch] MITCHWAGNER> Hi, Ken. Could you give a brief rundown of your experience? ga <[ken] GUEST-3> OK. Hi everyone. Let me introduce myself. I am an Asst DA in Westchester County, NY (just north of NYC). I do fraud cases, with a speciality in tech crimes. Whatever you would like to talk about is ok with me. I have been a prosecutor for 12 years, and helped write the NY computer crime laws. What kinds of tech crimes, Ken? ga <[ken] GUEST-3> I do telephone fraud and computer crimes, ranging from intrusions to theft of developmental software. ga Theft of developmental software? ga <[ken] GUEST-3> Yes, I have had two investigations in which it was alleged that person A stole software developed by person B. B claimed it was worth zillions. ga <[AmigaNut] JABBA> Ken, any comments/opinion on the controversial "Clipper Chip" proposal? <[ken] GUEST-3> Well, we are a bit out of my league, but I share many of the concerns that have appeared in the media: why the secret development? why no public debate over adoption, etc. ga <[AmigaNut] JABBA> How about your view of the necessity of such a thing for law enforcement? <[ken] GUEST-3> If I may be so bold, I think what you and others are really asking is if the need to tap any and all communications is a necessary skill for LE. That is a societal balancing act. What LE can do helps it fight crime. It also raises the spectre of abuse. And that can be scary. ga <[ross] GREENBER> LE = Law Enforcement More on Jabba's question, how often would you say you might have need of a phone tap on a scrambled phone? ga <[ken] GUEST-3> Not to be flippant, but whenever the bad guys use a scrambled phone. Actually, there are relatively few crimes for which taps are allowed, and the number varies state by state. There is no hard data yet on how often bad guys use scrambled phones. The real threat is from their use of cellular clones which makes tapping them as impossible as a scrambled phone does. ga Well, say, in your career, how many times have you had to do it? ga <[ken] GUEST-3> Never. ga <[Chuck] C.LEPAGE> Ken, have you ever handled any cases of harassment/obscene messaging on public BBs, or through e-mail? Do you ever have to deal with "stalker" cases? ga <[ken] GUEST-3> I have recently had a case like that brought to my attention. Frankly, it is not a fact pattern that I am inclined to do much with. I view it more as a matter internal to the bbs. I am more interested if the perp used a stolen credit card to get the bbs account. Now that's a real crime. ga Follow-up, Chuck? <[Cy TROic] F.GLYNN> Ken, what kind d of "intrusion" cases have you done? ga <[ken] GUEST-3> The most notable one is the outgrowth of the infamous (grin) Pumpcon police action. I cannot go into too much detail because charges are still pending. But, I have one person under indictment for breaking into a business computer and installing three user-ids into the PASSWD file. Two were superusers. He is charged with felony computer tampering and forgery. ga <[ross] GREENBER> Why only TWO superuser ids? (You might oughta define superuser.) <[ken] GUEST-3> One was set up as a regular id. ***(Prefer omission of rest of this answer; or if you must proceed as edited)***Want to know why? Ask the . ga <[ross] GREENBER> (A superuser can do anything they like to a system, without exception.) <[ken] GUEST-3> Superuser means the computer thought he was god. ga This is the case I know as the Marriott Hotel Bust, right? Thanks, Ross. ga <[ken] GUEST-3> Right. ga What about theft of phone service? Is it just mostly kids cutting corners? ga <[ken] GUEST-3> That's how it starts. Unfortunately, it is a multi-billion dollar business that has caused at least one street murder in NYC in a battle over control of phone booths. ga A murder?! ga <[ken] GUEST-3> Yeah, the dead man tried to run his own call sell operation. That means he used stolen access codes and sold calls to people in the street. Ten bucks for 20 minutes, anywhere in the world. His competitor wanted to control all the illegal street phone use in the neighborhood. It seems they could not reach an amicable settlement. ga This is a pretty big business? ga <[ken] GUEST-3> Estimates run from 1 to 6 billion dollars annually in lost revenue. ga Ouch! The Mafia? ga <[ken] GUEST-3> If you mean the good ole La Cosa Nostra, I do not know. If you mean organized crime: Yes! ga ***(Prefer omission of next q&a or use edited version)*** <[Chuck] C.LEPAGE> My gosh! How do you become a "super-user"? (Especially here on GEnie.) How could you ever convince a system to let you do ANYTHING you wanted, as if you were the sysop? ga <[ken] GUEST-3> The accessed the PASSWD file in an edit mode, and simply typed in the superuser ids. ga ***** <[ross] GREENBER> Follow-up, Chuck? <[Chuck] C.LEPAGE> Thanks. Is the average BB that easy to break into/tamper with? <[ken] GUEST-3> This was not a bbs, but the business computer of a retail store chain. It was very easy to break in to. They had not removed any default passwords from the initial login sequences. ga <[ross] GREENBER> Another, Chuck? Good grief! <[ross] GREENBER> Cy's up now. Go ahead, Cy <[Cy TROic] F.GLYNN> Ken, have you run into any cases involving Storm Shadow (Morty Rosenfield) or Phiber Obtik (Mark Abene). If so, what are your view of the cases? ga <[ken] GUEST-3> I have heard of these gentlemen, and met Phiber once. But no allegations against them have been made to me. ga <[ross] GREENBER> Follow up, Cy? <[Cy TROic] F.GLYNN> As a follow up to your last comment, Ken... What is your view about systems not getting rid of their defaults or lowering their security. Shouldn't they be held responsible for the "attacks" against them? ga <[ken] GUEST-3> NO! The law permits people to be sloppy, lazy, even stupid. None of that excuses an unauthorized break-in. You can leave your car with the door open, the key in the ignition, and the motor running, and no one can use it w/o your permission. Why should a computer be different?. ga <[ross] GREENBER> Another, Cy? <[Cy TROic] F.GLYNN> But, if you park your car in a bad section of the city, and even w/out "THECLUB" in better parts, you are asking for trouble. GA <[ken] GUEST-3> I am not saying that sloppy security is bright, and it is certainly true that LE looks askance at undue stupidity, but those are practical questions .. of how you treat a case, and separate from the question of whether the intrusion was ok under the law. ga <[ross] GREENBER> Done, Cy? <[Cy TROic] F.GLYNN> Yes. Thanks. :) GA! <[ross] GREENBER> Dennis, You're on! LE-to-LE! <[Dennis] D.MCCAULEY1> Ken, what's your assessment of the hacker threat these days? Is it mischief or is it a true concern to society? ga <[ken] GUEST-3> Sounding like a true lawyer, it is both! (g) Most teenage hacking is mischief, just like most other teenage misconduct. However, I know teenagers who are in the racket of stealing credit profiles from TRW-type companies and selling them to organized crime for illicit use. ga <[ross] GREENBER> Another, Dennis? <[Dennis] D.MCCAULEY1> Well, I meant public concern in the sense of starting World War III and that kind of thing. Like Kevin Mitnick was said to be able to do. ga <[ken] GUEST-3> No, that is pure media-hype BS! ga <[ross] GREENBER> Done, Dennis? (I take it you LIKED Wargames?) <[Dennis] D.MCCAULEY1> Well, I also wanted to ask Ken about porn on BBS's. ga <[ross] GREENBER> Go for it, then! <[ken] GUEST-3> Do you mean my favorite type ? ga <[Dennis] D.MCCAULEY1> OK Ken - what about garden-variety dirty pix on BBS? Seems to generate a lot of bad PR for the BBS world, but most don't carry more than your average video store. Not kiddie porn, of course, that's clearly illegal. ga <[ken] GUEST-3> The only problem has to do with the kids: can they get at it? or are they in it? Re the first issue, MOM and DAD are the best cops there are. Re the second, that's just about the most depraved bahavior there is. ga <[ross] GREENBER> Mitch, you're FINALLY up. <[Mitch] MITCHWAGNER> Okay, my question is whether computer crime really is a big business. All the stuff we read about seems to be penny-ante. Credit-card fraud for a couple of thousand of dollars at most. Is anyone making big money off of computer crime? This is something of a follow-up to Dennis's question. -ga- <[ken] GUEST-3> I am not aware of any big capers that I do not personally handle unless they get some publicity. The biggest bucks have been stolen as far as I know, not through intrusions, but by using the computer as the burglar tool or record keeper for the crime. In those types of cases, tens of millions have been stolen. ga <[ross] GREENBER> Follow-up, Mitch? <[Mitch] MITCHWAGNER> How did that work? ga <[ken] GUEST-3> Take your pick. Making up phony insurance policies to lure investors into the Equity Funding swindle about 15 years ago was the first biggie. There is also the story that VW Corp in Germany got ripped off for many millions due a computer-directed fund transfer. But I cannot vouch for that. ga <[ross] GREENBER> Done, Mitch? <[Mitch] MITCHWAGNER> Yup. <[ross] GREENBER> Jabba, the AmigaNut, is up. <[AmigaNut] JABBA> Ken, when you participated in drafting the computer crime statutes, was there any significant opposition to the legislation? [ga] <[ken] GUEST-3> Not to the idea of it, but there was a lot of fighting about how they should be structured. The big problem was whether teenage curiosity was to be outlawed or not. ga <[ross] GREENBER> Follow-up, Jabba? <[AmigaNut] JABBA> Teenage curiosity? ga <[ken] GUEST-3> Yeah, "hackers" breaking in just to look. The answer was that it is illegal, but we trust the discretion of LE to know when to prosecute or not, just like in other crimes. ga <[ross] GREENBER> Another, Jabba? <[AmigaNut] JABBA> Ah. Does the statute contain confiscation provisions? ga <[ken] GUEST-3> No, not specifically. But if a computer is used to commit a crime, it goes under the general idea that the bad guy must forfeit the tools of his crime. ga <[ross] GREENBER> Does this fit under RICO? <[AmigaNut] JABBA> OK. Thanks. <[ken] GUEST-3> No. RICO is a federal statute that would not apply to a single person committing intrusions. ga <[ross] GREENBER> Thanks. Mike, you're up! Jabba just touched on this, but as a follow-up... Do you feel that there are adequate computer crime laws on the books? If not, is this because of a lack of understanding among legislators of how serious computer crime can be? ga <[ken] GUEST-3> The laws in NY are okay, but could be tighter. For example, there is no specific provision outlawing the unauthorized insertion of a virus, and to prove unauthorized use, LE has to show that the defendant was warned to stay out of the system! The problem is the ignorance of the legislature. ga <[ross] GREENBER> Mike, another question for Ken? Is a computer criminal prosecuted under the laws of the state he/she lives in, or where the computer is located? ga <[ken] GUEST-3> Can be either or both. Just like shooting someone across a state line. You can prosecute for murder in either state. We can assert jurisdiction where the actor was or where the penetrated computer was. ga <[ross] GREENBER> Follow-up on that, Mike? Do you think a strong national computer crime law would be a good idea? ga <[ken] GUEST-3> Sure, why not? But more important are well trained cops and prosecutors at all levels, especially the states. I hate to see the feds take over the field. They tend to treat everything as a national emergency. ga Thanks Ken, Ross! <[ross] GREENBER> Thanks for the questions, Mike. Cy's up! <[Cy TROic] F.GLYNN> Ken, what do you think of cases where a user on a BIG system (national), knows the system to a large extent. The user tells the Sysops of the systems of bugs and problems he has found. Do you think this user deserves thanks, or at least recognition or his finding? <[ken] GUEST-3> Is he an authorized user? ga <[Cy TROic] F.GLYNN> In my opinion, this kind of "hacker" is a asset. To other people, such as those on a system, he is a hacker. The user is authorized -- it is a public system. ga <[ken] GUEST-3> If he is authorized and does not exceed his authorization, then thank him. If he in not authorized or exceeds the level, that's like thanking the burglar for pointing out your loose window. ga <[ross] GREENBER> Cy, another? <[Cy TROic] F.GLYNN> Nope. Thanks! <[ross] GREENBER> Okey doke. Chuck, you're on stage! <[Chuck] C.LEPAGE> Ken, do you know if other countries have national computer crime laws? How do other nations deal with computer crime? Especially European nations. ga <[ken] GUEST-3> Most European nations, at least western, do have them. I do not know the details, however.ga <[ross] GREENBER> I know that the UK has VERY strong laws against Computer Misuse! Chuck, another? <[Chuck] C.LEPAGE> Do you know of any international statutes concerning computer crimes? ga <[ken] GUEST-3> I have not heard of any international provisions of any sort. ga <[ross] GREENBER> Chuck, another question for Ken? <[Chuck] C.LEPAGE> That's all for now. <[ross] GREENBER> Thanks, Chuck. Sarah? You're up! Backing up to computer porn, if someone handed you a case where a kid (say 19) with a local BBS had a closed directory for x-rated files, but a couple of x-rated files were found in an open directory, what would you do? ga <[ken] GUEST-3> Didn't this just happen somewhere near Cleveland?... I think so, but I don't remember the name. <[ken] GUEST-3> If the availability of the porn was accidental, then so what, IMHO. ga How would the kid prove it was accidental? ga <[ken] GUEST-3> By showing the protections he normally has in place. ga Ah, I see. Thanks. ga <[ross] GREENBER> Ken: if a person unknowingly spreads a virus, are they criminally negligent? <[ken] GUEST-3> No, not if they do so knowingly. That's intentional.ga Sorry, I misread your question.... If they did so unknowingly, they they are not guilty of anything. Even criminal negligence requires a grossly sloppy and negligent behavior. Simple not knowing cannot convict you of anything. ga <[ross] GREENBER> Sarah advises me that cops like to get up early and go to bed early. This being Ken's first RTC (but hopefully not his last), let's wrap up. Any last questions? <[ross] GREENBER> Okey doke. Last question for the evening. Chuck, you have the honors! <[Chuck] C.LEPAGE Would you prosecute someone who spread a harmless virus, one that simply flashed a message at a given time, or would you just "slap his wrist"? I mean, would you NOT slap his wrist. <[ken] GUEST-3> If the virus is harmless, but it did intrude without any authorization, then some low level LE attention is warranted. How low level would depend on the details of the behavior and the extent of the spread. ga <[ross] GREENBER> Chuck, last question? <[Chuck] C.LEPAGE> That's it. Thank you, Ken. Ken, thanks so much for coming. This has been a really informative RTC. Can we ask you again some other time? <[ken] GUEST-3> Sure, be delighted. ga Then we'll say good night and let you get some sleep. :) <[ross] GREENBER> Ken, my thanks, too. I have a feeling that only about 10% of the questions people wanted to ask got asked. So you'll be back sooner than you thought! <[ken] GUEST-3> OK, good night to all, and thanks for the opportunity to RTC with you. I think this sort of dialogue is VIP. ga <[ross] GREENBER> Good night, Ken! 'Night, Ken. :) <[ross] GREENBER> And, for those in the audience and for the question-askers: thanks for being here and for asking the questions! | | This listing was generated by LRTC Version 1.00 | (C)opyright by Hartmut W. Malzahn, 1991. All rights reserved. ------------------------------ Date: Fri, 2 Jul 1993 16:00:05 EST From: Dave Banisar Subject: File 2--CPSR Workplace Privacy Test CPSR Workplace Privacy Testimony ===================================================== Prepared Testimony and Statement for the Record of Marc Rotenberg, Director, CPSR Washington office, Adjunct Professor, Georgetown University Law Center on H.R. 1900, The Privacy for Consumers and Workers Act Before The Subcommittee on Labor-Management Relations, Committee on Education and Labor, U.S. House of Representatives June 30, 1993 Mr. Chairman, members of the Subcommittee, thank for the opportunity to testify today on H.R. 1900, the Privacy for Consumers and Workers Act. My name is Marc Rotenberg and I am the director of the CPSR Washington office and an adjunct professor at Georgetown University Law Center where I teach a course on information privacy law. Speaking on behalf of CPSR, we strongly endorse the Privacy for Consumers and Workers Act. The measure will establish important safeguards for workers and consumers in the United States. We believe that H.R. 1900 is particularly important as our country becomes more dependent on computerized information systems and the risk of privacy abuse increases. CPSR has a special interest in workplace privacy. For almost a decade we have advocated for the design of computer systems that better serve the needs of employees in the workplace. We do not view this particular goal as a trade-off between labor and management. It is our belief that computer systems and information policies that are designed so as to value employees will lead to a more productive work environment and ultimately more successful companies and organizations. As Charles Hecksher of the Harvard Business School has said good managers have no use for secret monitoring. Equally important is the need to ensure that certain fundamental rights of employees are safeguarded. The protection of personal privacy in the information age may be as crucial for American workers as the protection of safety was in the age of machines. Organizations that fail to develop appropriate workplace privacy policies leave employees at risk of abuse, embarrassment, and harassment. The concern about workplace privacy is widely felt in the computer profession. This month MacWorld magazine, a leading publication in the computer industry, released a special report on workplace privacy. The report, based on a survey of 301 companies in the United States and authored by noted science writer Charles Piller, made clear the need for a strong federal policy. Among the key findings of the MacWorld survey: > More than 21 percent of those polled said that they had "engaged in searches of employee computer files, voice mail, electronic mail, or other networking communications." > "Monitoring work flow" is the most frequently cited reason for electronic searches. > In two out of three cases, employees are not warned about electronic searches. > Only one third of the companies surveyed have a written policy on privacy What is also interesting about the MacWorld survey is the high level of concern expressed by top corporate managers about electronic monitoring. More than a half of those polled said that electronic monitoring was either "never acceptable" or "usually or always counterproductive." Less than five percent believed that electronic monitoring was a good tool to routinely verify honesty. These numbers suggest that managers would support a sensible privacy law. Indeed, they are consistent with other privacy polls conducted by Professor Alan Westin for the Lou Harris organization which show that managers are well aware of privacy concerns and may, with a little prodding, agree to sensible policies. What would such a policy look like? The MacWorld report also includes a model privacy policy that is based on several U.S. and international privacy codes. Here are the key elements: > Employees should know what electronic surveillance tools are used, and how management will use the data gathered. > Management should minimize electronic monitoring as much as possible. Continuous monitoring should not be permitted. > Data should only be used for clearly defined, work-related purposes. > Management should not engage in secret monitoring unless there is credible evidence of criminal activity or serious wrongdoing. > Data gathered through monitoring should not be the sole factor in employee evaluations. > Personal information gathered by employers should not be disclosed to any third parties, except to comply with legal requirements. > Employees or prospective employees should not be asked to waive privacy rights. > Managers who violate these privacy principles should be subject to discipline or termination. Many of these provisions are contained in H.R. 1900, the Privacy for Consumers and Workers Act. Clearly, the policies and the bill itself are not intended to prohibit monitoring, nor to prevent employers from protecting their business interests. What the bill will do is help establish a clear framework that ensures employees are properly notified of monitoring practices, that personal information is not misused, and that monitoring capability is not abused. It is a straightforward, sensible approach that does not so much balance rights as it clarifies interests and ensures that both employers and employees will respect appropriate limitations on monitoring capability. The need to move quickly to establish a framework for workplace privacy protection is clear. Privacy problems will become more acute in the years ahead as new monitoring schemes are developed and new forms of personal data are collected. As Professor Gary Marx has made clear, there is little that can be imagined in the monitoring realm that can not be achieved. Already, some members of the computer profession are wearing "active badges" that provide full-time geographical monitoring. Properly used, these devices help employees use new tools in the hi-tech workplace. Improperly used, such devices could track the physical movements of an employee throughout the day, almost like a blip on a radar screen. Computers are certainly powerful tools. We believe that they can be used to improve productivity and increase job satisfaction. But this requires that appropriate policies be developed to address employee concerns and that laws be passed, when necessary, to ensure that computer abuse does not occur. This concludes my testimony. I would be pleased to answer your questions. ------------------------------ Date: Wed, 30 Jun 1993 13:44:52 -0500 From: lbreit@EFF.ORG(Lisa Breit) Subject: File 3--JOB OPENING AT EFF Position Announcement SYSTEMS ADMINISTRATOR Electronic Frontier Foundation The Electronic Frontier Foundation is a nonprofit public interest organization located in Washington, D.C. We are looking for a skilled Systems Administrator experienced with management of Unix-based Internet hosts, Macintosh LAN management, business applications, and user support. This is a key technical and administrative role in a rapidly growing organization with national visibility. EFF recently moved its headquarters from Massachusetts to Washington. The Systems Administrator's initial responsibilities will include relocating EFF's servers and setting up a tech center in the DC office. The Systems Administrator reports to the Business Manager, and interfaces on a regular basis with program and support staff, members, subcontractors, collaborators, and the Board of Directors. The current EFF Sun cluster includes a pair of SparcStation 2 workstations, and a SparcStation ELC workstation, with 3.0+ Gb. storage, Exabyte 8200 (8mm) tape backup, and a CDROM drive. There is also a Telebit Netblazer doing double duty as a router (56kb to PSInet) and a terminal server with Telebit modems. Most of EFF's projects are electronically mediated. Eff.org is the primary host for the core staff and volunteers of EFF for whom electronic mail is a "mission critical" function. The Systems Administrator Position The Electronic Frontier Foundation is seeking a hands-on, multi-talented Systems Administrator. In the coming year EFF will be expanding its internal system functions and providing more Internet-based services to individuals who are frequent Net users. We are looking for an individual with an outstanding technical background, good communication skills, a user service orientation, and a commitment to the Electronic Frontier Foundations's mission. The Systems Administrator's job responsibilities include: System Administration o Eff.org is the Foundation's Internet access point. Support and maintain all hardware, software, and net traffic related to eff.org, including a cluster of Sun workstations, associated communications equipment, and key systems including SMTP, ftp archive, Gopher, and WAIS site. o EFF LAN: Manage a 15 station Appletalk LAN (may be expanded). o Voice Telephone System: Manage and maintain a 50 port PBX. o System Maintenance: Ensure regular servicing, upgrading and maintenance of all hardware and communications systems; maintain data security and virus protections; perform regular backups. o Record Keeping and Documentation: Maintain logs, inventories, reports, and any other records or paperwork required for management, insurance, administration, etc.; regularly draft and update documentation for internal systems and procedures. Application Support and Training o Support EFF's internal systems for MIS, communication, publications, and other functions, including hardware and software selection, purchase, installation and upgrade, troubleshooting, problem solving, and answering users' questions. o Train staff and others as designated on a wide variety of applications used at EFF, including Microsoft Word, Excel, Filemaker Pro, Pagemaker, Internet-based utilities and other online services. Program Support o Work with policy, communications, and administrative staff to conduct online political organizing, fundraising, and education efforts. o Assist in development of database applications to support EFF membership and fundraising. o Support communications and membership staff by monitoring EFF's email and EFF hosted on-line newsgroups and discussion groups. o Provide technical advise and expertise necessary to comprehend or formulate policy issues. Qualifications: This is a key position requiring a completely dependable individual who is able to be keep the trains running on time for day to day operations while completing special projects and a variety new development projects. S/he occasionally may be required to do some weekend work, and will wear a beeper. Ideal candidates will enjoy the challenge of a high demand job and the unpredictability of an interrupt-driven environment: We are seeking: Substantial experience in Unix systems administration, including mastery of sendmail, DNS, and other Internet functions. Ability to write shell scripts using Unix tools such as perl and awk. Background in C programming an ability to customize, install and debug C programs. Extensive Macintosh support including System 7.x, and networking both with LocalTalk an dEthernet, plus MacTCP. Hardware experience a plus. Minimum 3 years experience in systems administration, including hardware and software purchase, setup and maintenance, record keeping, security, etc. Good communication skills, and a helpful, instructive approach to supporting users; Ability to work independently on multiple projects and as part of a team. Ability to write clear and simple documentation, keep records and maintain an organized, orderly environment; Interest in EFF's mission a definite plus; B.S. or other technical degree in Computer Science, Electrical Engineering, MIS, or related field. Will consider experience in lieu of education. Compensation: Salary $28,000-$32,000 depending on experience Full benefits include health insurance, disability, life insurance, pension, vacation. How to apply: This position is located in Washington DC. Deadline for applications is July 6. To apply, send a resume and cover letter by US mail to our recruiter in Massachusetts: Electronic Frontier Foundation Systems Administrator Position 238 Main Street Cambridge, MA 02142 Attn: Lisa Breit by email (ASCII only please): lbreit@eff.org About the Electronic Frontier Foundation (EFF) The Electronic Frontier Foundation was founded in July, 1990 to ensure freedom of expression in digital media, with a particular emphasis on applying the principles embodied in the Constitution and the Bill of Rights to computer-based communication. EFF has rapidly evolved into one of the leading organizations that individuals, corporations, the media, and government turn to when considering questions involving new communications technology. EFF's mission is to foster the opportunities of digital communication for individuals and communities in a free and open society. The Foundation: o Shapes the national policy debate on how the communications infrastructure will develop, and how electronic communications will be regulated; o Facilitates discussion and organizes action around technology policy issues of interest to a wide range of groups and individuals, such as digital privacy and cryptography, the future of the Internet; etc. and o Seeks and undertakes cases to defend the civil liberties of individuals and organizations using computers and communication technology, and provides informal legal services to net users; o Engages in outreach and educational activities within the community of electronic network users as well as among law enforcement officials, policy makers, corporations and others. EFF also creates forums, publications and information resources, available in print and on a number of electronic networks, to raise awareness of political, legal, social and cultural issues that result from the widespread use of electronic communication. Over the next few years, EFF will continue its work in the civil liberties, policy, and public education arenas, while sponsoring research projects and events that explore the nature of communities in Cyberspace, and support their evolution here and abroad. In the next two years, EFF expects to broaden its presence on a range of electronic networks, expand its membership; experiment with organizing and fundraising campaigns conducted on electronic networks; add new members to its Board; and improve its communication program encompassing media relations, public speaking engagements for staff and Board members, the development of a number of online forums, and regular production of electronic and printed publications. EFF currently has 7 full time professional staff and two support staff. The staff size is expected to double over the next year to accommodate the anticipated growth of EFF's programs and operations. EFF receives funding from a variety of sources, including corporations, individual donors, and other foundations. EFF also receives membership fees from several hundred individual and corporate members, which entitles them to publications and online access to discussions and seminars on the Internet. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Lisa A. Breit o c/o EFF o 238 Main Street, Cambridge, MA 02142 Mailing address: 29 Beechwood Road, Waltham, MA 02154 617-894-5415 phone o email: lbreit@eff.org ------------------------------ Date: Tue, 29 Jun 1993 22:15:17 -0400 (EDT) From: KAMAKIZE@DELPHI.COM Subject: File 4--CuDs on BBSes: "Other Side of Infinity" ((MODERATORS' NOTE: About one-third of CuD readers obtain CuD from local BBSes. We receive a few calls or letters each week from readers wondering if there are BBSes in their area that carry CuD, but we haven't kept formal list of boards that maintain up-to-date archives. There are so many, we can't maintain systematic records. But, we'll periodically publish a list of BBSes around the world that do. If your board does, let us know. Send a summary of the board and other information (in a brief paragraph or two) and every few months we will list them. Here's another board that maintains complete CuD files)). BBS Name : The Other Side Of Reality BBS Phone: 703-366-4620 Hours: 24 All Cuds online and available on release date, and many EFF files available on first call. BBS is FREE. Run on WWIV BBS Software with a 14.4K modem Networked With WWIV-link,Icenet,Insanity CD-Rom Online with approx 10,000+ files online for D/l on first call located in Roanoke,Virginia We also carry many Occult text Files, along with Computer related Files ------------------------------ End of Computer Underground Digest #5.49 ************************************