The Taco Bell Syndicate Presents TTTTTTTTTTTTTTTTTTTTTTTTT BBBBBBBBBBBBBBB TTT BB BBB TTT BB BBB TTT BB BBB TTT BB BBB TTT BB BBB TTT BB BBB TTT BBBBBBBBBBBBBB TTT BB BBB TTT BB BBB TTT BB BBB TTT aco BB BBB TTT BB BBB ell TTT BBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCC CC CC CC CC CC CC CC CC ore CC CCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCC /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- **************************** * Issue: 1 * * May, 1993 * **************************** CONTENTS: Introduction......................................... Shredder Caller ID areas...................................... Keith Cathode Operation Sundevil: What was it?..................... Shredder Our Friends, the Concord Journal..................... Keith Cathode The Trusty Rad Shack Red Box (old, but relevant)..... Shredder Scannage............................................. Keith Cathode Fake Feds call Temple of Stan........................ Shredder USENIX UNIX Security Symposium Announcement.......... Shredder Interesting Addresses, etc. ......................... TBS News from the World of Telecom....................... TBS Releases, Past and Future............................ Shredder /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Introduction by Shredder Right now, you're probably wondering, "Who the hell is TBS? And what the hell is THIS?" THIS is Taco Bell Core, the monthly online magazine/newsletter thingy of TBS. Where we put out information/interesting things written by us and anyone else who wants to send us something. Stuff we've written, found, leeched off the Internet. TBS is the Taco Bell Syndicate. A group of people who believe in the power of computers and freedom of information. We believe in sharing knowledge freely with everyone. Anyways. Enough introductory stuff. This issue was pretty easy to throw together from stuff we all had lying around. But we can't do the next one without some outside stuff. We take all submissions dealing with computers, security, freedom of information, the government policies on the above, telecommunications, etc. Just send it to tbs@tacobel.UUCP and if we like it, we'll print it. If you'd like to be put on the TBS mailing list and receive this every month, send your internet address to postmaster@tacobel.UUCP. Whee. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Areas in Massachusetts where Caller ID is available by Keith Cathode This is a list of communities that currently support CID. This text was originally supposed to be released by Death, but he's too lazy. I suppose that I should give him some credit as well. Death and Keith Cathode of the Taco/BELL Syndicate. There I said it. BFD. -------------------------------------------------------------------------------- [508] Beverly........524.621.922.927 Danvers........750.762.774.777 Essex..........768 Gloucester.....281.282.283 Hamilton.......468 Magnolia.......525 Manchester.....525.526 Middleton......750.762.774.777 Peabody........530.531.532.977 Rockport.......546 Salem..........740.741.744.745 Wenham.........468 W.Peabody......535 [617] Braintree......356.380.843.848.849 Canton.........575.821.828 Cohasset.......383 Dedham.........320.326.329.461.462 Hingham........740.749 Holbrook.......767.961.763.986 Hull...........925 Lynn...........581.592.593.594.595.596.598.599 Lynnfield......334 Marblehead.....631.639 Mattapan.......296.298 Milton.........296.298.696.698 Nahant.........581 Norwood........255.551.762.769 Quincy.........328.376.471.472.479.770.773.774.756.847.984.985 Randolph.......767.961.963.986 Saugus.........231.233 Scituate.......544.545 Stoneham.......279.438 Swampscott.....581.592.593.594.595.598.599 Wakefield......224.245.246 Westwood.......255.320.326.329.461.462.551.762.769 Weymouth.......331.335.337.340 One last point before I cut the shit; this is very tedious, and dyslexic errors are your own tough luck. Cheers. Stay free and all that stuff. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Operation Sundevil: What was it? by Shredder Operation SunDevil, a legendary event in computer history. But what was it and what were the results of it? On May 9, 1990, the U.S. Attorney's in Phoenix, Arizona released to the press an announcement of a crackdown on "illegal computer hacking activities". The official name for this action was "Operation SunDevil", named after the mascot of Arizona State University, where this case started. Twenty seven search warrants were used on May 8, 1990, resulting in four arrests, with 150 Secret Service Agents carrying out the operation. Operation SunDevil was an effort to arrest several hackers to posting stolen credit card codes and telephone calling card codes. The targets for this crackdown had been selected through a detailed two year investigation. Forty two computer systems were seized by the US secret service, and about twenty five of them were actually running bulletin boards. During 1990, the Phoenix branch of the Secret Service had close to 300 BBS's that were under observation, and all of them had been either called by Secret Service agents or by informers, who passed logs of their sessions on to the Secret Service. The four people who were arrested were: "Tony the Trashman" in Tucson, AZ on May 9th, "Dr. Ripco", sysop of the Ripco BBS, was also arrested, on illegal firearms possessions however. Also arrested were "Electra", in PA, and an unnamed male juvenile hacker in PA. Along with the forty or so computers taken, the Secret Service also took approximately 23,000 disks, and unknown quantities of printed material, computer printouts, magazines, notebooks, diaries, non-fiction books on hacking, and anything else that caught the Feds' eye. The Secret Service claimed in a press conference on May 9, 1990, that the primary purpose of Operation SunDevil was to send a message to the hacking community, that they could not hide behind the "relative anonymity of their computer terminals.", and that the Feds could and would bust them. They said that this bust "should convey a message to any computer enthusiast whose interests exceed the ethical use of computers." But who is to decide what are the so-called "ethical uses" of computers? The outcome of Operation SunDevil was a let down for the Feds. They had sent their "message", but only one indictment was served as a result of the arrests. Prosecutors involved in the case say chances are "extremely high" that all charges will be dropped. In the end, this two year, expensive operation resulted in not much of a real prize for the Feds, and shows that even if you do get arrested, the Feds don't really have much of a case against you, even if they do take all your stuff. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Our Friends, the Concord Journal by Keith Cathode This comes from the wonderful Concord Journal. CALLS TRACED TO COMPUTER HACKERS By Shannon Strybel A two month spate of constant hang-up calls has been linked to a group of school-age computer hackers, according to Concord Police LT. Leonard Wetherbee. Wetherbee says that a group of computer aficionados, ranging from elementary school children to high schoolers, are probably responsible for a great majority of hang-up calls received by residents throughout town. So far three teens have been identified, but in their ongoing investigation police suspect a much larger group of students is involved.Because they are juveniles, police cannot legally reveal their names. The lieutenant says the station has been flooded with reports from residents saying they've received calls at all hours, and at regular intervals since December. "What these kids are trying to do is to find other computer systems and see if they can break into them. They think it's a great challenge." The kids set up their computer telephone modem to automatically dial hundreds of phone numbers until it finds another computer system. They put in a series of numbers, say from 369-000 through 369-1000, and the computer dials each number," explained Wetherbee. "As soon as a human voice picks up, it hangs up because it is not a computer." Wetherbee says he has received reports from companies in Concord who 's computer systems have been breached, but because the investigation is on going, he declined to state which companies. According to the lieutenant, many companies have systems which notify them through a print out when there has been an attempted or a successful break into their computers Inspector Paul Malone says he has identified three of he alleged computer hackers by tracing who owned the computer technology and expertise to try to break into computer systems. "I have spoken with the three, who are in high school, and explained that what they are trying to do is wrong and has serious ramifications punishable by law." says Macone "I told them that they are right on the edge. Iis as if they are walking around a building and trying to break in." Anyone charged with making annoying phone calls, a misdemeanor, can receive a fine of up to $500 an up to 90 days in jail. Police say someone who breaches a computer system can be charged with a variety of misdemeanors and felonies, from malicious destruction to larceny, depending on information gleaned and how that information is used. The inspector says he is not sure how many juveniles are involved, but he suspects they range in age from elementary school students to th high school level. In addition he says the numbers could have been given out to any number of other computer hackers in the Greater Boston area. "There are clubs of these hackers who meet regularly throughout the state and exchange modem numbers so they can practice. Because of the information we have, we believe there is as unknown larger group with the concord numbers." Maura Roberts, who teaches a computer workshop as Concord Carlisle High School, says hacking is a challenge for many students. "Kids today start it [learning how to use computers] so young and they are more sophisticated in their approach to computers because they have no fear. It becomes a challenge to find out what else they can do with it." Roberts speculates younger children probably do not realize trying to break into other systems is wrong, but look at it as a game. "For older kids, part of the challenge may be that it is wrong." /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Red Box Planzz (d00d, they're s0 3l!t3) by Shredder That's a joke, by the way. Red boxes are extremely easy to build and use following the below procedure. They work by duplicating the tones coins make when they are deposited into a payphone. Be aware it is extremely easy to foil red-boxers by placing a "notch filter" into the phone which blocks out red-box tones. Basically, when the telco works on a phone, they place a notch filter into it. Boxing is a dying art. Pretty much everyone has a red box, but just so those of you who don't stop asking, here they are. Instructions are given on how to make both a red box, and a combo box, which lets you still use the tone dialer to make DTMF (touchtone) tones. Parts List: ---------- Thin insulated wire (if you want to make a combo box) DPDT Switch (if you want to make a combo box) Timing Crystal (somewhere close to 6.490 mHz. The tried and tested value is 6.5536 mHz. Radio Shack will special order 6.5536 crystals for you for a PRICE. Also, you can buy 6.500 mHz crystals from DigiKey (800-344-4539) for $1.73 (Part number: X415) 33-Memory Toner Dialer Available in most Radio Shacks. Make sure you get the MEMORY one. Model number: 43-141 Instructions ------------ 1. Take your tone dialer and turn it over so the speaker is on top. Take off the battery compartment cover and remove the 4 screws. 2. Remove the back cover of the tone dialer, being careful not to break the wires that connect the circuitry to the speaker. 3. Look at the circuitry, you will see a small grey cylinder marked 3.579. This is the original tone dialer crystal. Desolder this. If you are just making a red box, solder the two leads of the 6.5X crystal to the contacts where the 3.579 crystal was. For a combo box, skip to 5. 4. Close the tone dialer and replace the screws. Voila. 5. A combo box is slightly more complicated, but not much. Instead of soldering the 6.5X crystal directly to the contacts, solder each of the two leads to one set of poles on the DPDT switch, but NOT the middle. Solder the original 3.579 tone dialer crystal to the other set of poles, again NOT the middle. Solder a piece of wire to each of the middle poles. The completed switch should look something like this: ----- | | (Each || has two poles) =================== | | =================== || || || || || || 3.579 two 6.5X crystal crystal wires 6. Now connect the two wires to each of the terminals where the 3.579 crystal was originally connected. Glue/tape/whatever the switch (and crystals if you want) to the outside of the tone dialer with epoxy. You may be able to fit the crystals inside the dialer case. It also helps to thread the wires through the holes in the back of the tone dialer. Close it up and voila. Using the Red Box ------------------ On the combo box, the switch switches between crystals. If you can't figure it out from your wiring, the 6.5X crystal makes the higher pitched tones. (duh.) Place 5 *'s in P1 (or any other memory location). Using the 6.5 X crystal, that simulates the tones a quarter makes when it's dropped in the phone. There you go. Red boxing local calls requires a little more work, you can't just beep the tones. You need to start it off with a real coin, or go through an access number. (10ATT has been mentioned in this respect) Whoopee. Now you too have a red box, just like everyone else. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Scannage by Keith Cathode 1800 328 66xx ------------- A5- After Hours RT- Resident Type (Subject to random answer) AED Auto Extension Dialing ANSM Answering Machine ASYS Answerig System (ie Spirit, VoiceCall) 01 VMB A5 08 A5-AED/VMB 09 RT-ANSM 15 Carrier : Prime Net 16 A5-AMSM : Land O' Lakes 20 ANSM 23 A5-ANSM : Stock Quotes 25 PBX 28 VMB : AT&T 40 A5-ANSM 45 A5-ANSM 46 RT-ANSM : Tax Help 50 A5-ANSM 52 VMB 55 ASYS : Credit Union 57 VMB : Audix 60 ASYS 62 ANSM : Ministry 63 A5-ANSM 67 A5-ANSM 68 ASYS : Uniglobe 77 A5-ANSM 80 A5-ANSM : Cytol 84 RT-ANSM/AED 86 Outdial +9 87 ASYS 89 Disconnect 90 VMB +* 96 Carrier : Rocky Mountain Support BBS 300-2400 N81 97 VMB 1800 366 10xx ------------- 01 Phone Mail 09 Phone Mail 10 A5-ANSM 14 PBX 20 VMB +# 24 CARRIER : H.S. 28 A5-ANSM 30 VMB :Express Messaging 45 Sprint 46 Sprint 47 Sprint 48 Telecheck 49 VMB 52 Fax Carrier 54 Telecheck 58 VMB 60 PBX 71 PBX/VMB 72 Sprint 78 Sprint 81 ANSM/AED 84 ANSM/AED :Tech Store - Offer catalog 87 Carrier(HS): E71 , N81 , 071 Did not work. 96 VMB/AED :Sprint. Sales & Info 97 RT-ANSM/AE 1800 877 38xx ------------- 03 VMB 16 Voice Answering Service 34 Fax 36 ANSM 37 VMB 39 VMB :7dig Boxes 55 VMB : Express Messaging 56 VMB : Meridian 65 Fax 71 PBX 77 Fax 79 Fax 81 VMB :Audix 85 VMB :+1 = Credit Card Center 86 VMB 88 ASYS :+3 = Data Communications Center 97 VMB 1800 456 00xx [Brought to us by The Henchman of Social Chaos] ------------- 00 PBX 05 VMB 09 VMB 12 VMB 14 Fax 25 Carrier 36 Bank 47 VMB : Aspen + * 50 Carrier 54 Carrier 9997 = Test tone /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Fake Feds call the Temple of Stan by Shredder (In case you don't know, The Temple of Stan is my BBS, see the end of this file for the number, etc.) It all began on Saturday, April 18th. It was around 9:00 and I'd just got up, and went downstairs to check my email and read the new messages on the Temple. Just my luck, someone had just logged in. It was a new user, and as usual, I watched to see what they would do. I was surprised and also a little shocked when they logged in and left me some feedback, an exact copy of which follows: To: system Subject: Law and order From: daniel (Daniel T. Edmunds) Comments: New User. Be nice. Or not. Message-ID: Date: Sat, 17 Apr 93 09:08:33 EDT Organization: The Temple of Stan - TBS World HQ - Concord, Mass, USA This is federal officer Daniel T Edmunds. Your BBS has been reported as spreading information about Phone fraud, Credit card fraud, computer breaking and entering, and many other crimes. Rather than seize your system, I am merely requesting that you cease all such activity forthwith. We have a user on line currently who will verify this for us. If this does not occur within 7 days, we will take full legal action. We realize that you are probably engaged in what you consider to be "fun". This is not fun. This is against the law. Failure to comply may result in your arrest, confiscation of your hardware and any related software, and if needed the arrest of any and all users deemed to be participating in such activities. Officer Daniel T. Edmunds. Hm. Quite. They also left a phone number. So, the first thing I did was to call up ATDT and leave a message their asking what the hell to do. A few hours later, Magic Man wrote back, he had talked to Count Zero, and they thought it was probably a fake. They suggested trying the number he left. Then, i dialed up my Internet account, and mailed a message to the EFF about what had happened. Interestingly enough, they still haven't responded. I also received mail from Rogue Agent, giving me the names of two other people to contact, if my fears turned out to be valid. I called the number he left, it gave a tone and then hung up. I called New England Telephone and got them to call it. "Nope, it's not a personal telephone number". Sounded like a test number to me, but they wouldn't tell me if it was or not. Next day. Sunday. I call the FBI in Boston. The easiest way to tell if this guy is a fake or not, I thought, is to ask the FBI. So, the Boston FBI tell me there's no Daniel T. Edmunds in the Boston Office, and to try FBI Headquarters. So, I call FBI Headquarters, they tell me there's no FBI agent anywhere with that name, that impersonating a Federal Agent is a Federal offence, and to call the Boston Feds back. So, I do, they tell me to call back the next day (Monday) and talk to the fraud squad. Monday. I talk to the fraud squad, they take all the details and tell me they'll call me back. Thursday, April 22nd. The Feds called at 9:00 AM, waking me up. The guy who called, Ed Clarke, seems quite nice, actually. He tells me there is DEFINITELY no FBI agent under that name, but that they're not going to start some huge investigation. I agree, it's kind of a little thing, especially with the whole Waco thing. But, he adds, the normal procedure is to track down the person and warn them face to face that it's illegal. Which would have the desired effect for me, to warn them that they can't fuck with my board like that. So, it's left that if he ever gets in contact with me again, to call them, and that they're putting his name in their files, in case he pops up again. So, if someone using the name Daniel T. Edmunds calls your board and tries something like this, mail shredder@tacobel.UUCP and let me know. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- UNIX Security Conference leeched off the Internet by Shredder 4th USENIX UNIX SECURITY SYMPOSIUM October 4-7, 1993 Santa Clara Marriott Hotel Santa Clara, California Sponsored by the USENIX Association In cooperation with: The Computer Emergency Response Team (CERT) and the ACM SIGSAC The goal of this symposium is to bring together security practitioners, system administrators, system programmers, and others with an interest in computer security as it relates to networks and the UNIX operating system. This will be a three and one-half day, single-track symposium. The symposium will consist of tutorials, refereed and invited technical presentations, and panel sessions. The first day will be devoted to tutorial presentations, followed by two and one-half days of technical sessions. There will also be two evenings available for Birds-of-a-Feather sessions and Work-in-Progress sessions. TUTORIALS October 4, 1993 This one-day tutorial program will feature two tutorials, designed to address the needs of both management and technical attendees. The tutorials will supply overviews of various security mechanisms and policies. Each will provide specifics to the system and site administrator for implementing numerous local and network security precautions, firewalls, and monitoring systems. TECHNICAL SESSIONS October 5-7, 1993 In addition to refereed paper presentations, the program will include invited talks and panel sessions. The program committee invites you to submit proposals, ideas, or suggestions for these presentations Papers that have been formally reviewed and accepted will be presented during the symposium and published in the symposium proceedings. Symposium proceedings will be distributed free to technical sessions attendees during the symposium and after will be available for purchase from the USENIX Association. SYMPOSIUM TOPICS Papers are being solicited in areas including but not limited to: o User/system authentication o File system security o Network security o Security and system management o Security-enhanced versions of the UNIX operating system o Security tools o Network intrusions (including case studies and intrusion detection efforts) o Security on high-bandwidth networks DATES FOR REFEREED PAPER SUBMISSIONS Extended abstracts due: June 4, 1993 Program Committee decisions made: June 30, 1993 Camera-ready final papers due: August 15, 1993 REFEREED PAPER SUBMISSIONS: Send ASCII or Postscript submissions to: ches@research.att.com Send hard copy submissions to the program chair: Bill Cheswick AT&T Bell Laboratories Room 2c416 600 Mountain Ave. Murray Hill, NJ 07974 PROGRAM COMMITTEE Bill Cheswick, AT&T Bell Laboratories, Program Chair Steve Bellovin, AT&T Bell Laboratories Matt Bishop, Dartmouth College Ed DeHart, CERT, Carnegie Mellon University Jim Ellis, CERT, Carnegie Mellon University Marcus Ranum, Trusted Information Systems FOR REGISTRATION INFORMATION Materials containing all details of the symposium program, symposium registration fees and forms, and hotel discount and reservation information will be mailed beginning July 1993. If you wish to receive registration materials, please contact: USENIX Conference Office 22672 Lambert Street, Suite 613 El Toro, CA 92630 USA (714) 588-8649; FAX: (714) 588-9706 E-mail: conference@usenix.org USENIX The UNIX and Advanced Computing Systems Professional and Technical Association Bill Cheswick, program chair, has announced that Robert Morris Sr. will be the key note speaker at this year's Usenix Security Symposium. Mr. Morris has been involved with computer security since the early days of UNIX. The program committee would like to remind those interested in submitting papers that there is less than two months to do so. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Interesting Things, People, Places by TBS (Oh no, ANOTHER list of addresses) 2600 Magazine - 2600@well.sf.ca.us - (516) 751-2600 (answering machine) - (516) 751-2608 (Fax) The Electronic Frontier Foundation (EFF) - Mail to: eff@eff.org - Anonymous FTP to: ftp.eff.org Woo. All the Phracks, cDc's, etc. to leech from AT&T Hacker Group - 1-800-521-8235 - Investigate toll fraud, PBX abuse, code abuse, etc. - Obviously, this is ANI'd. Do us all a favour and don't call it from home. Coin Test (Works in MA) - 0-959-1230 - Good way to check if your s00per-3l!t3 red b0x is working Digi-Key - 1-800-344-4539 - Electronics supplies, crystals The SPA Piracy Hotline - 1-800-388-7478 - Why not turn in your least favourite WareZzz d00d? (If you have a slightly skewed sense of justice) Enjoy. Whee. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Telecom News by TBS The following press release was taken from Computer Underground Digest 5.28. THE WHITE HOUSE Office of the Press Secretary For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique 2 "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: -- the privacy of our citizens, including the need to employ voice or data encryption for business purposes; -- the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; -- the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and -- the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. 3 The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all Americans' right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. - - --------------------------------- QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S TELECOMMUNICATIONS INITIATIVE Q: Does this approach expand the authority of government agencies to listen in on phone conversations? A: No. "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system. Q: Who will run the key-escrow data banks? A: The two key-escrow data banks will be run by two independent entities. At this point, the Department of Justice and the Administration have yet to determine which agencies will oversee the key-escrow data banks. Q: How strong is the security in the device? How can I be sure how strong the security is? A: This system is more secure than many other voice encryption systems readily available today. While the algorithm will remain classified to protect the security of the key escrow system, we are willing to invite an independent panel of cryptography experts to evaluate the algorithm to assure all potential users that there are no unrecognized vulnerabilities. Q: Whose decision was it to propose this product? A: The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. This approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. Q: Who was consulted? The Congress? Industry? A: We have on-going discussions with Congress and industry on encryption issues, and expect those discussions to intensify as we carry out our review of encryption policy. We have briefed members of Congress and industry leaders on the decisions related to this initiative. Q: Will the government provide the hardware to manufacturers? A: The government designed and developed the key access encryption microcircuits, but it is not providing the microcircuits to product manufacturers. Product manufacturers can acquire the microcircuits from the chip manufacturer that produces them. Q: Who provides the "Clipper Chip"? A: Mykotronx programs it at their facility in Torrance, California, and will sell the chip to encryption device manufacturers. The programming function could be licensed to other vendors in the future. Q: How do I buy one of these encryption devices? A: We expect several manufacturers to consider incorporating the "Clipper Chip" into their devices. Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. The key escrow mechanism will provide Americans with an encryption product that is more secure, more convenient, and less expensive than others readily available today, but it is just one piece of what must be the comprehensive approach to encryption technology, which the Administration is developing. The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." There is a false "tension" created in the assessment that this issue is an "either-or" proposition. Rather, both concerns can be, and in fact are, harmoniously balanced through a reasoned, balanced approach such as is proposed with the "Clipper Chip" and similar encryption techniques. Q: What does this decision indicate about how the Clinton Administration's policy toward encryption will differ from that of the Bush Administration? A: It indicates that we understand the importance of encryption technology in telecommunications and computing and are committed to working with industry and public-interest groups to find innovative ways to protect Americans' privacy, help businesses to compete, and ensure that law enforcement agencies have the tools they need to fight crime and terrorism. Q: Will the devices be exportable? Will other devices that use the government hardware? A: Voice encryption devices are subject to export control requirements. Case-by-case review for each export is required to ensure appropriate use of these devices. The same is true for other encryption devices. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. With this in mind, we expect export licenses will be granted on a case-by-case basis for U.S. companies seeking to use these devices to secure their own communications abroad. We plan to review the possibility of permitting wider exportability of these products. ----------------------------------------------------------------------------- (Taken from alt.security) Texas A&M Network Security Package Overview BETA Release 1.0 -- 4/16/93 Dave Safford Doug Schales Dave Hess DESCRIPTION: Last August, Texas A&M University UNIX computers came under extensive attack from a coordinated group of internet crackers. This package of security tools represents the results of over seven months of development and testing of the software we have been using to protect our estimated twelve thousand internet connected devices. This package includes three coordinated sets of tools: "drawbridge", an exceptionally powerful bridging filter package; "tiger", a set of convenient yet thorough machine checking programs; and "netlog", a set of intrusion detection network monitoring programs. While these programs have undergone extensive testing and modification in use here, we consider this to be a beta test release, as they have not had external review, and the documentation is still very preliminary. KEY FEATURES: For full technical details on the products, see their individual README's, but here are some highlights to wet your appetite: DRAWBRIDGE: - inexpensive (pc with SMC/WD 8013 cards) - high level filter language and compiler - powerful filtering parameters - DES authenticated remote filter management - O(1) table lookup processing for full ethernet bandwidth processing, even with dense class B net filter specifications. TIGER: - checks key binaries against cryptographic checksums from original distribution files - checks for critical security patches - checks for known intrusion signatures - checks all critical configuration files - will run on most UNIX systems, and has tailored components for SunOS, Next, SVR4, Unicos. NETLOG: - efficiently logs all tcp/udp establishment attempts - powerful query tool for analyzing connection logs - "intelligent" intrusion detection program AVAILABILITY: This package is available via anonymous ftp in sc.tamu.edu:pub/security/TAMU Note that there are some distribution limitations, such as the inability to export (outside the US) the DES libraries used in drawbridge; see the respective tool readme's for details of any restrictions. CONTACT: Comments and questions are most welcome. Please address them to: drawbridge@sc.tamu.edu ----------------------------------------------------------------------------- The world awaits the new HP Palmtop. The 100-LX. Should be out in 2-3 more weeks. Features include: 80 X 25 screen, 1 PCMCIA v2.0 slot, DOS 5.0 in ROM, all the stuff from the 95LX, plus links to Lotus cc:Mail wireless mail. 1 MB RAM standard. Whoopee. Get this and a pocket modem and it's pretty much a hacker/phreaker's best friend. Lists for $750, but will probably be offered for less, as the 95LX was. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Releases, Past and Future. by Shredder Here's what we got so far: TBS0001.TXT A Moron's Guide to DECServers ........ Keith Cathode TBS0002.TXT The Merlin System..................... Keith Cathode TBS0003.TXT Caller ID Areas (in this issue, also). Keith Cathode Upcoming releases: Well, i'm working on a beginner's guide to UNIX and the Internet, to be releases some time far in the future. Who knows what the rest of TBS have planned? Not I. We're looking for text file submission as well as articles for this. So. Send us stuff. See the end of the file for how to submit schtuff. /\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- The Taco/Bell Syndicate are: Keith Cathode Death Shredder R0dman Bubble Sorter Squeek The Inquisitor Han Solo All submissions/comments/flames/etc., are welcome. Please send to tbs@tacobel.UUCP Hey! Want to be on the TBS Mailing List? Send mail to postmaster@tacobel.UUCP, giving your internet address, and you will receive TBCore mailed to you each month. Woo-ee. Taco Bell Core, and other TBS Releases can also be obtained by Anonymous FTP. FTP to ftp.ai.mit.edu, look in the directory /pub/tbs. Woo. Why not try: The Pulsating Temple of Stan (508)371-9849 1200-14.4K Internet mail/USENET News cDc Global Domination Direct Factory Outlet Current home of the Taco Bell Syndicate Cheers to: Everyone in TBS, cDc, whose files inspired the creation of this, MIT, for the use of their FTP Server, 2600 Magazine, just for being 2600, the people who go to 2600 meetings in Boston,, the Committee to Destroy the Universe. and all the callers to the Temple of Stan. Magic Man, Count Zero, and Rogue Agent for all their advice and help. A big FUCK YOU to: Skippy, and Shannon Strybel ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Remember Where You Saw This Phile First ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ[=] ARRESTED DEVELOPMENT +31.77.547477 The Netherlands [=]ÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ