Computer underground Digest Sun Oct 17 1993 Volume 5 : Issue 81 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Eidtor: Etaoin Shrdlu, III CONTENTS, #5.81 (Oct 17 1993) File 1--Another BBS/Bombing Connection (Ill.) File 2--BBS "Porn" Bust in Oklahoma - Another LE Misstep? File 3--A Few Biblio Items (Paulsen, Encryption, & P. Zimmerman) File 4--Fourth Annual HOHOCON File 5--"Hacker" Documentary Proposed File 6--CuNews File 7--Student Pugwash Conference File 8--Response to CuD 5.80 - Itar article Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud ftp.eff.org (192.88.144.4) in /pub/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Thu, 14 Oct 1993 21:18:43 CDT From: CuD Moderators Subject: File 1--Another BBS/Bombing Connection (Ill.) Another incident of an alleged BBS/bombing connection has occurred, this time in Cook County (Illinois). WILLIAM PRESECKY, "6 Youth's Hobby was Bombs, Police Say," (Chicago Tribute, 8 October, 1993: Section 2,pp1, 4) summarizes six 15 and 16 year-old highschool students' escapades in blowing up over 70 mailboxes in Lyons Township, Ill., in Cook County near Chicago. The story begins: Armed with potentially deadly materials and some computer-generated know-how, six west suburban teenagers allegedly formed the nucleus of a bomb-making club broken up by authorities this week. .... At least two of the suspected teens could be charged as adults, pending a review of the juvenile petitions next week by the Cook County state's attorney's office, authorities said. .... "These are A and students, honor roll students. They come from well-to-do families," but appear to have no other activities to keep themselves busy, according to ((a police spokesperson)). As many as 10 more teenagers from the same area are suspected of being involved in the manufacture and detonation of assorted homemade bombs that police said may have damaged or destroyed as many as 70 mailboxes in the west and southwest suburbs over the past several months, according to ((a police spokesperson)). .... A search of two of the teens' homes yielded a large cache of bomb-making material, including pipes, chemicals, black powder and detonating devices as well as eight to 10 partially made bombs. Also found were several ready-to-use bombs that were rendered harmless by members of the Cook County Bomb Squad and sent for analysis to the federal ATF's laboratory in Maryland. Also confiscated from one of the homes were three computer didks containing recorded information that, despite its disclaimers, ((the police spokesperson)) said could be used to create an assortment of mayhem, with titles such as "22 Ways to Kill a Human Being With your Bare Hands." The disks contained information on advanced bomb-making technology, including the use of remote-control and time delay detonation, ((the spokesperson)said. Whether the teens accused of making and using the bombs actually used the computer-generated information to manfacture the devices isn't certain. .... "It's a frightening thing that kids have this kind ov access, that anyone with access to this kind of material would be this irresponsible," said Burr Ridge Police Chief Herbert Timm. Chicago's Channel 2 tv, a CBS affiliate, also covered the story on it's evening news. "The SHOCKING part of it is where they learned" the information, intoned the story (original emphasis). In a substantial (by news standards) segment, Channel 2 reporters interviewed what appeared to be a computer store owner who claimed that most BBS sysops are "kids from 8 to 14" and that there are even a few adults who run BBSes. The reporters informed the audience that most "hackers" are under 14, and that there are "thousands of BBSes in the Chicago area and elsewhere." Although the intent to inform parents of their responsibility in monitoring juveniles and instilling a social ethic is laudable, the factual errors and superficial hyperbole are not. ------------------------------ Date: Thu, 14 Oct 1993 18:22:21 CDT From: CuD Moderators Subject: File 2--BBS "Porn" Bust in Oklahoma - Another LE Misstep? ((MODERATORS' NOTE: A number of posters forwarded the following, apparently originally posted on Usenet, to us. We have edited the stories down to conform to "fair use." ++++ >From The Dialy Oklahoman Newspaper, September 27, 1993, Page 1: COMPUTER PORN CASE TRIGGERS LEGAL QUESTIONS By David Zizzo, Staff Writer Is talking to Anthony Davis hazardous to your health? In a manner of speaking, that's what numerous people with computers and modems apparently have been worrying about since late July. That's when Oklahoma City police raided Davis' software publishing firm and confiscated his sophisticated commercial computer bulletin board system. Authorities allege Davis was selling pornographic computerized materials on CD-ROM and through files downloaded over phone lines. Names of everyone who signed onto Davis' bulletin board service, those who downloaded or uploaded graphic files depicting sexual acts and those who didn't are in the hands of investigators. ..... The Davis bust sent a chill throughout the national computer community, said Jack Rickard, editor and publisher of Boardwatch magazine, a bulletin board newsletter published in Littleton, Colo. "It's causing chaos," he said. Rickard said Oklahoma City is being viewed "a little bit like clown city" in computer circles, since the explicit material Davis offered can be purchased in nearly every computer magazine and is carried by numerous bulletin boards. "This is off the shelf," he said. "It's considered pretty mundane stuff." ..... The bust will test Oklahoma laws on "community standards" regarding pornography, said Mike Godwin, attorney for the Electronic Frontier Foundation. The Washington, D.C., advocacy group is funded by donors that include large software companies. "When you talk about community standards, who's the real community?" Godwin wonders. "Is it the city or ... the community of people on-line?" Holmes, a former Cleveland County prosecutor, calls Oklahoma's pornography law "an extremely broad statute." "I'm not sure it wouldn't include Playboy or Penthouse type publications," he said. ..... Critics also say police over reached in grabbing Davis' entire system, shutting down his pay-for-play computer service, because of four CDs. Prosecutors are seeking forfeiture of the system, which includes a 13 gigabyte memory unit and 10 high speed modems. "They don't have to seize it any more than they have to seize the building when they confiscate a bookstore," said Godwin of the Electronic Frontier Foundation. ================================================ >From Boardwatch Magazine / September, 1993. Under the byline of Lance Rose:"BBS BURNINGS" in the Legally Online column, p. 62 ================================================ OKLAHOMA BBS RAIDED ON PORNOGRAPHY CHARGES The legal assault on bulletin boards continues this month with a raid by Oklahoma City Police Department Vice Division on Tony Davis's OKLAHOMA INFORMATION EXCHANGE BBS and his associated Mid-America Digital Publishing Company. About 4:00 PM on July 20, four officers of the Oklahoma City Police Department arrived at the offices of Mid-America Digital Publishing with a search warrant for "pornographic CD-ROMs." Davis was arrested on suspicion of the sale and distribution of pornographic CD-ROM disks. Of the 2000 CD ROM disks available on site, they confiscated about 50 disks, and an estimated $75,000 worth of equipment Davis runs his 10-line OKLAHOMA INFORMATION EXCHANGE BBS on. The equipment including two computers with gigabyte hard drives, two Pioneer 6-disk drives, four single CD ROM drives, 10 High Speed Hayes modems, Novell network software and associated hardware, etc. Apparently, an undercover agent had contacted Mid-America Digital Publishing on two occasions and purchased CD-ROM disks containing adult material from the company. At the raid, Davis cooperated with the police showing them whatever they wanted to see, and even removing four disks from CD-ROMS on the BBS machine and showing them to the police. Curiously, these were standard off-the-shelf CD ROM collections NOT published by Davis, including "Busty Babes", "For Adults Only #2," "For Adults Only #3", and "Storm II". More curiously, the police themselves put the disks BACK into the BBS in order to video tape callers accessing the files on the disks. ...... Despite Davis' notification, none of the specific procedures required by federal law (Privacy Protection Act) when serving search warrants on publishers was followed, and no acknowledgement or even apparent cognizance of the Electronic Communications Privacy Act made when notified of the electronic mail for some 2000 BBS users available on the system. OKLAHOMA INFORMATION EXCHANGE carries some 750 FidoNet conferences, an additional 750 Usenet Newsgroups, and offers callers private FidoNet mail and Internet mail and actually hubs mail for other bulletin board systems as well. ...... All possible charges relate to Oklahoma State statutes against obscenity. Located in the heart of the Bible Belt, this could be serious. A penalty of up to $5000 and 5 years in prison per infraction is possible. If you count each file on a CD-ROM as an infraction, Mr. Davis could in theory be facing over a 100,000 years in jail and nearly a $100 million in fines - another contrast between technological reality and our legal system. From what we understand, in Oklahoma, it is technically illegal to actually BE naked at any time when not actually getting wet somehow, and some legal theorists posit that HBO and Showtime cable television channels are actually infractions under the state laws as written. ((MODERATORS' NOTE: BOARDWATCH Magazine, chalked full of information and news, can be obtained for $36/year (12 issues) from: Boardwatch Magazine / 8500 W. Bowles Ave. / Suite 210 / Littleton, CO 80123)). ------------------------------ Date: Sun, 17 Oct 1993 17:22:11 CDT From: CuD Moderators Subject: File 3--A Few Biblio Items (Paulsen, Encryption, & P. Zimmerman) --JULIAN DIBBELL'S "Code Warriors: Battling for the Keys to Privacy in the Info Age," (The Village Voice, 28 July, 1993: pp 33-37) summarizes the debates in encryption and privacy. It includes snippets from John Gilmore, Tim May, and Eric Hughes, and cleanly and concisely explains in simple (but not simplistic) lay terms the nature of the debates underlying Clipper, Moby Crypto, and other issues in the encryption wars. --ERIC DEXHEIMER, in Denver Westord (Vol.17, #6, 29 Sept '93), "Secrets gend: The Government wants to Breakhim,but Boulder's Prince of Privacy remains Cryptic" summarizes the issues in the Phil Zimmerman/PGP encryption controversy. The story inludes an indepth analysis and a strong profile of Zimmerman (in CuD archives). --JONATHAN LITTMAN, "The Last Hacker," in Los Angeles Times Magazine (p 18), 12 September, '93, focuses on Kevin Poulsen and his recent legal problems. While not unsympathetic to Paulsen, the story concludes: Born in a time when hacking was an innocent rite of boyhood, when laws were as unclear as the boundaries of the Arpanet, Kevin Poulsen had outlived his era. ------------------------------ Date: Tue, 12 Oct 93 2:46:47 CDT From: Drunkfux Subject: File 4--Fourth Annual HOHOCON [Official Announcement / Call For Participation - October 11, 1993] (Distribute Freely) dFx, Phrack Magazine and cDc - Cult Of The Dead Cow proudly present : The Fourth Annual H O H O C O N "Cliff Stoll My K0DEZ!@$#!" Who: All Hackers, Journalists, Security Personnel, Federal Agents, Lawyers, Authors, Cypherpunks, Virtual Realists, Modem Geeks, Telco Employees, and Other Interested Parties. Where: Austin North Hilton & Towers and Super 8 Motel 6000 Middle Fiskville Road Austin, Texas 78752 U.S.A. Hilton : (800) 347-0330 / (512) 451-5757 Super 8: (800) 800-8000 / (512) 467-8163 When: Friday December 17 through Sunday December 19, 1993 What is HoHoCon? ---------------- HoHoCon is the largest annual gathering of those in, related to, or wishing to know more about the computer underground. Attendees generally include some of the most notable members of the "hacking" and "telecom" community, journalists, authors, security professionals, lawyers, and a host of others. Previous speakers include John Draper (Cap'n Crunch), Ray Kaplan, Chris Goggans (Erik Bloodaxe), Bruce Sterling, and many more. The conference is also one of the very few that is completely open to the public and we encourage anyone who is interested to attend. Hotel Information ----------------- The Austin North Hilton recently split its complex into two separate hotels; the Hilton and the newly added Super 8. HoHoCon guests have the choice of staying in either hotel. Group rates are as followed : Super 8: Single - $46.50, Double - $49.50, Triple - $52.50, Quad - $55.50 Hilton : Single - $69.00, Double - $79.00, Triple - $89.00, Quad - $99.00 Once again, the hotel has set aside a block of rooms for the conference and we recommend making your reservations as early as possible to guarantee a room within the block, if not to just guarantee a room period. Rooms for the handicapped are available upon request. To make your reservations, call the the number listed above that corresponds with where you are and where you want to stay and make sure you tell them you are with the HoHoCon conference or else you'll end up throwing more money away. The hotel accepts American Express, Visa, Master Card, Discover, Diner's Club, and Carte Blanche credit cards. Check-in is 3:00 p.m. and check-out is 12:00 noon. Earlier check-in is available if there are unoccupied rooms available. Please note that in order for the hotel to hold a room past 6:00 p.m. on the date of arrival, the individual reservation must be secured by a deposit or guaranteed with one of the credit cards listed above. Also, any cancellations of guaranteed reservations must be made prior to 6:00 p.m. on the date of arrival. You will be responsible for full payment of any guaranteed reservations which are not cancelled by this time. The hotel provides transportation to and from the airport and will give you full information when you make your reservations. Directions ---------- For those of you who will be driving to the conference, the following is a list of directions provided by the hotel (so, if they're wrong, don't blame me): Dallas : Take IH 35 south to exit 238-B, the Houston exit. At the first stop light, turn right on to 2222. Turn off of 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. San Antonio : Take IH 35 north to exit 238-B, the Houston exit. At the second stop light, turn left onto 2222. Turn off 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Houston (on 290) : Take 290 west into Austin. Exit off of 290 at the IH35 exit (do not get on 35). Stay on the access road heading west, you will pass two stop lights. Turn off the access road onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Houston (on 71) : Take 71 west into Austin. Exit onto 183 north. Take 183 north to 290 west. Take 290 west to the IH 35 exit. Exit off of 290 at the IH 35 exit (do not get on 35). Stay on the access road heading west, you will pass two stop lights. Turn off the access road onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel in on the left. Airport : Exit the airport parking lot and turn right onto Manor Road. Take Manor Road to Airport Boulevard and turn right. Take Airport Boulevard to IH 35 north. Take IH 35 to exit 238-B. At the second stop light, turn left onto 2222. Turn off of 2222 onto Clayton Lane (by the Greyhound Station). At the stop sign, turn right onto Middle Fiskville, the hotel is on the left. Call the hotel if these directions aren't complete enough or if you need additional information. Conference Details __________________ HoHoCon will last 3 days, with the actual conference being held on Saturday, December 18 starting at 11:00 a.m. and continuing until 5 p.m. or earlier depending on the number of speakers. Although a few speakers have confirmed their attendance, we are still in the planning stages and will wait until the next update to release a speaking schedule. We welcome any speaker or topic recommendations you might have (except for, say, "Why I Luv Baked Potatoes On A Stik!"), or, if you would like to speak yourself, please contact us as soon as possible and let us know who you are, who you represent (if anyone), the topic you wish to speak on, a rough estimate of how long you will need, and whether or not you will be needing any audio-visual aids. We would like to have people bring interesting items and videos again this year. If you have anything you think people would enjoy having the chance to see, please let us know ahead of time, and tell us if you will need any help getting it to the conference. If all else fails, just bring it to the con and give it to us when you arrive. Any organization or individual that wants to bring flyers to distribute during the conference may do so. You may also send your flyers to us ahead of time if you can not make it to the conference and we will distribute them for you. Left over flyers are included with information packets and orders that we send out, so if you want to send extras, go ahead. Cost ---- Unlike smaller, less informative conferences, we do not ask you to shell out hundreds of dollars just to get in the door, nor do we take your money and then make you sleep in a tent. We are maintaining the motto of "give $5 if you can", but due to the incredibly high conference room rate this year, we may step up to "$5 minimum required donation" or "give us $5 or we'll smash your head in". Five dollars is an outrageously low price compared to the suit infested industry conferences or even the new "Cons are k00l and trendy, I gotta do one too!" conferences that are charging up to $50 for admission alone. To encourage people to donate, we will once again be having our wonderless "Raffle For The Elite" during the conference. We will issue a prize list in a future update, but we can guarantee that this year there will be a lot more (and better) prizes than last year, including a full system (and, no, it's not a c64 or 286). Anyone who wishes to donate worthwhile items to the raffle, please let us know ahead of time, or if it's a last minute acquirement, just bring it to the conference. Miscellaneous Notes ------------------- To save myself some time by mailing responses to a lot of the same questions I expect to get, I'll answer a few of them here. Although I have not talked to him myself yet, Steve Ryan has told me that Bruce Sterling will indeed be in attendance and may say a few words. As far as I know, there will not be any visitors from any other planets at the conference. Scot Chasin is still on Earth and will be making an appearance. Video cameras will *not* be allowed inside the conference room without prior consent due to previous agreements made with speakers who do not wish for certain parts of their speech to be rebroadcast. Still cameras and Etch-A-Sketch's are fine and tape recorders are too easily hidden for us to be able to control. Videos and T-Shirts from last year's conference are still available, and will also be on hand during the conference. We do not handle the LoD World Tour shirts, but I can tell you that that the old ones are gone and a *new* LoD shirt will be unveiled at the conference. The HoHoCon shirts are $15 plus $3 shipping ($4.00 for two shirts). At this time, they only come in extra large. We may add additional sizes if there is a demand for them. The front of the shirt has the following in a white strip across the chest: I LOVE FEDS (Where LOVE = a red heart, very similar to the I LOVE NY logo) And this on the back: dFx & cDc Present HOHOCON '92 December 18-20 Allen Park Inn Houston, Texas There is another version of the shirt available with the following: I LOVE WAREZ The video includes footage from all three days, is six hours long and costs $18 plus $3 shipping ($4.00 if purchasing another item also). Please note that if you are purchasing multiple items, you only need to pay one shipping charge of $4.00, not a charge for each item. If you wish to send an order in now, make all checks or money orders payable to O.I.S., include your phone number and mail it to the street address listed below. Allow a few weeks for arrival. There will be new HoHoCon '93 shirts available at the conference and a video of the festivities will be out early next year. Correspondence -------------- If anyone requires any additional information, needs to ask any questions, wants to RSVP, wants to order anything, or would like to be added to the mailing list to receive the HoHoCon updates, you may mail us at: hohocon@cypher.com drunkfux@cypher.com cDc@cypher.com drunkfux@crimelab.com dfx@nuchat.sccsi.com drunkfux@5285 (WWIV Net) or via sluggo mail at: HoHoCon 1310 Tulane, Box 2 Houston, Texas 77008-4106 We also have a VMB which includes all the conference information and is probably the fastest way to get updated reports. The number is: 713-867-9544 You can download any of the conference announcements and related materials by calling Metalland Southwest at 713-468-5802, which is the official HoHoCon BBS. The board is up 24 hours a day and all baud rates are supported. Those of you with net access can ftp to cypher.com and find all the HoHoCon information available in /pub/hohocon. The .gifs from previous cons are *not* currently online. Conference information and updates will most likely also be found in most computer underground related publications and mailing lists, including CuD, CSP, Mondo 2000, 2600, Phrack, TUC, phn0rd, cypherpunks, etc. They should also appear in a number of newsgroups including comp.dcom.telecom, alt.security, comp.org.eff.talk, and sci.crypt. We completely encourage people to use, reprint, and distribute any information in this file. Same stupid ending statement from last year to make us look good ---------------------------------------------------------------- HoHoCon '93 will be a priceless learning experience for professionals and gives journalists a chance to gather information and ideas direct from the source. It is also one of the very few times when all the members of the computer underground can come together for a realistic purpose. We urge people not to miss out on an event of this caliber, which doesn't happen very often. If you've ever wanted to meet some of the most famous people from the hacking community, this may be your one and only chance. Don't wait to read about it in all the magazines and then wish you had been there, make your plans to attend now! Be a part of what we hope to be our largest and greatest conference ever. ------------------------------ Date: Mon, 27 Sep 93 21:36:59 -0700 From: annaliza@netcom.com (Annaliza T. Orquamada) Subject: File 5--"Hacker" Documentary Proposed ((MODERATORS' NOTE: Annaliza Orquamada, a film-school graduate from London, intends to challenge conventional media myths about "hackers" in a proposed documentary. Below, we print a summary of her project. We will post a substantial version in about a week. From our conversations and e-mail interaction with her, we find her a highly informed and competent observer and a refreshing change from most conventional media folk)). UNAUTHORIZED ACCESS ONLY Computers are becoming an integral part of our everyday existence. They are used to store a multitude of information, from credit reports and bank withdrawals to personal letters and highly sensitive military documents. So how secure are our computer systems? The computer hacker is an expert at infiltrating secured systems, such as those at AT&T, TRW, NASA and the DMV. Most computer systems that have a telephone connection have been under siege at one time or another, many without their owner's knowledge. The really good hackers can re-route the telephone system, obtain highly sensitive coporate and government documents, download individuals credit reports, make free phone calls globally, read private electronic mail and corporate bulletins and get away without ever leaving a trace. So who are these hackers? Just exactly WHAT do they DO, and WHY do they do it? Are they really a threat? What do they do with the information they obtain? Are hackers simply playing an intellectual game of chess or are hackers using technology to effectively take control of corporate and government systems that have previously appeared omnipotent? Our group is in the course of filming "Unauthorized Access", a documentary that will demystify the hype and propaganda surrounding the computer hacker. We will expose the truths of this sub-culture focusing on the hackers themselves. This will be a view from inside the global underground. We intend to shoot in the United States, Holland and Germany. This documentary will be of the highest broadcast quality and is intended for international television, festival and theatrical distribution. We are currently looking for additional financial backers interested in this project. For more information about "Unauthorized Access" or if you are intrested in providing any information or support, please contact annaliza@netcom.com. ------------------------------ From: grmeyer@GENIE.GEIS.COM Date: Sun, 10 Oct 93 22:32:00 BST Subject: File 6--CuNews Extortion at AT&T ================= Two men, one a former computer support services employee at AT&T, have pleaded guilty to conspiring to extort one million dollars from the company. The US Attorney in Newark, NJ reports that Lou Pacich and Richard Vignevic sent AT&T a tape-recorded message claiming sensitive information about commercial accounts was being leaked to competitors. The two offered to plug the leak in exchange for the money. To bolster the claim they sent copies of account information on 4,000 AT&T commercial customers. The information has been obtained, w/out authorization, from AT&T computer systems. Each man faces 20 years and $250,000 in fines. (Information Week. Sept 20, 1993 pg8) Piracy Around the Globe ======================= The Oct 1993 issue of Technology Training reports on software piracy in various countries. In Cuba, there is a National Software Interchange Center where all types of software is available to any Cuban at no charge. The estimated piracy rate in China and South Korea is about 90%. Italy checks in at 80%. (Information Week. Sept 20, 1993 pg62) How do I love thee... ===================== In "Hard Drives" (Los Angeles Times Magazine, Sept 12, 1993 pg26) author James Fallows says that we value computers for the ways they increase our efficiency and productivity. But we love them for the way they undermine productivity (games, BBSing, etc) and satisfy our craving for new possessions. Computers play on one of our basic needs, the compulsion to figure something out and make it work. (Information Week. Sept 20, 1993 pg62) IW Security Survey Results ========================== Information Week magazine and Ernst and Young conducted an extensive security survey and found, to their surprise, that a _minority_ of organizations polled considered security to be an important issue. They also found that one in four companies had last money over last two years due to security breaches in their networks. Most organizations don't even have full time security staffs. CuD encourages you to refer to "Tempting Fate", pgs42-52, October 4, 1993 for complete details. P&G Consultant Indicted ======================= A Procter & Gamble consultant, Matthew Daughtery, has been charged with three felony counts for using P&G computers to access a company bulletin board without authorization. The BBS is identified as "Regulatory and Clinical Development Network". Ohio prosecutors have not said what information Daughtery could have obtained from the system. (Information Week. pg8. Oct 4, 1993) Consumer Privacy Survey ======================= A Harris poll, sponsored by the non-profit Center for Social and Legal Research (Washington, DC), found that 53% OF American adults are very concerned about threats to their privacy from corporations. This is a substantial increase over results in previous years. Respondents were most concerned about financial services and health industries (72%), with mail-order consumer goods businesses rating 48%. For complete results refer to the Privacy & American Business newsletter. For more summary information refer to Information Week, pg58, Oct 4, 1993. Internet Access in NJ ===================== New Jersey Bell and Bellcore are sponsoring a two-year experiment to allow people free access to the Internet in three dozen public libraries in the Garden State. Anyone with a modem can also tap into portions of the Internet from home by calling the project's dial-up at (201) 989-5999. Plans are in the works to have fiber-optic cable installed in every home and business throughout NJ by 2010. Officials will monitor this experiment to see how pedestrians interact with the worldwide network and hope the project will become a model for the nation. (Communications of the ACM, pg11, Oct 1993. Reprinted with permission) Sex and Violence Nipper Chip ============================ For as little as $5 parents may soon be able to implement a computer chip in televisions to monitor programs their children watch. With the growing concern over TV sex and violence comes the debate whether "lock out" technologies are the solution. Under pressure from Congress, networks and stations may eventually be forced to rate shows -- "V" for violence, "N" for nudity, for instance -- and broadcast a code along with the show which could then be read by the "V-chip" installed in the set or cable box. The same technology is already used for broadcasting closed captioned information for the hearing impaired and will be used to transmit and display information such as the title and time remaining of shows in progress. Broadcasters and program producers are no fans of this idea, arguing the technology will take away viewers and frighten advertisers. (Communications of the ACM, pg12, Oct 1993. Reprinted with permission) Nightline on Security/Privacy? ============================== According to James Daly ("Security Watch") the folks at NBC's Nightline have been talking to folks in the computer security industry over the past few weeks. A show on security/privacy can't be far behind. Keep an eye out for it. (Computerworld, pg56, Oct 4, 1993.) ------------------------------ Date: Fri, 15 Oct 1993 01:45:35 EDT From: Nikki Draper Subject: File 7--Student Pugwash Conference ANNOUNCING: Student Pugwash USA's Eight International Conference "SCIENCE AND TECHNOLOGY FOR THE 21ST CENTURY MEETING THE NEEDS OF THE GLOBAL COMMUNITY" JOIN: 100 talented students from over 25 countries to meet with accomplished professionals from science, government, industry, non-governmental organizations, and academe for a week-long educational forum to explore the impacts of technology on society and world affairs. TOPICS: * Resource Stewardship for Environmental Sustainability * Preventive Diplomacy and Conflict Resolution for a Secure Future * The Social Costs and Medical Benefits of Human Genetic Information * Overcoming Barriers to Health Care Education and Delivery * Designing the Future--From Corporations to Communities * Communications and Information Technologies ELIGIBILITY: ALL students (undergraduate, graduate and professional) from any and all disciplines. Student Pugwash USA encourages participation that represents a diversity of race, age, gender, sexual orientation, and national origin. APPLICATION INFORMATION:Participants will be chosen through a competitive, merit-based application process based, in part, upon applicants' submission of a brief 'issue paper' on one of the topics listed above. For an application or additional information, please CONTACT: Nicky Short Student Pugwash USA 1638 R Street NW, Suite 32 Washington, D.C., 20009 phone:(202) 328-6555 email:uspugwash@igc.org PRELIMINARY APPLICATION DEADLINE: December 15, 1993 ------------------------------ Date: Thu, 14 Oct 93 04:55:32 PDT From: Fredrick B. Cohen Subject: File 8--Response to CuD 5.80 - Itar article ((MODERATORS' NOTE: The following post was originally less than 25 percent substance, the remainder cascading citations and headers. At the poster's request, we edited out the superfluous citing while leaving the poster's comments intact. We remind readers that CuD is *not* a Usenet discussion group in which cascades are accepted)). ++++ In CuD 5.80, bjones@WEBER.UCSD.EDU(Bruce Jones) writes: > Please note that the posting site for Mr. Cohen's message is > the Science Applications International Corporation, a La Jolla > California based think tank that has deep ties to the U.S. Gov't and > does lots of work for the DoD. Given his ties to the DoD, it comes > as small surprise that he was able to get export permission for his > RSA cryptosystem. Wrongo - This application was made by ASP, my company (then) in Pittsburgh, PA and with no government contracts whatsoever. This is a typical assumptive response from someone who doesn't understand that poor people like me get access to computers by the grace of others. Perhaps you think I was previously a professor at Duquesne University, and before that an employee of the NSA, and before that an employee of wherever my previous mail account came from. This kind of response from someone who appears from his mailing address to be from a person at a major university who is almost certainly getting government grants is certainly the pot calling the kettle black. > Why should a software manufacturer or a private citizen have to ask > permission in the first place, from the DoD (operating under the > guise of the Dept of Commerce) to export software that uses > encryption algorithms freely available in the country to which the > product is being exported? Interesting question, and one that I have asked, but then why should I need any permission from the government for anything? Perhaps I shouldn't, but the fact is, they have the power, and if you work within the structure, you may find that it is not as oppressive as you thought. > >IBM has been exporting DES for quite a few years according to sources > >I have in EC who have seen IBM chips with DES on them in EC computers. > >I believe they simply asked for permission and got it. > Again, it's likely quite simple for someone who does business with > the DoD and the U.S. Gov't to get permission to export. The point is that even ASP, a tiny company with no government ties got permission by simply following the rules. Should IBM be treated unfairly? > >I applaud the EFF for helping defend people in this area, but maybe if > >they tried to work within the law in the first place, they would have > >found it was easier to obey the law than break it. > > Serious charges without foundation. Whom within the EFF has been > accused of breaking the law? Try reading more closely. The EFF is defending those who may have broken the law. Sorry if I mixed my pronouns, I am a human being. > >Maybe if they apply now, they will end up with a no-case (assuming > >they get permission). > > A dodge of the issue, which is not about whether or not one can get > permission to do something specific, but whether or not the > government has a right to require permission in the first place. The government certainly has the right to require it, but perhaps it won't have that right as a result of the PGP case. The issue is that if they didn't want to go to federal court, why were they trying to play it so close to the edge? If I walk up to you and swing a baseball bat within a few inches of your head, are you going to ignore me because I didn't hit you? > One of the founding tenets of the Unites States of America is the > idea that its citizens may do whatever they like, so long as their > chosen activity is not proscribed by law and doesn't violate the > rights of their neighbors. The opposite is ostensibly true for > the government, which may only do what has been permitted it under > the law. We live in a society where those distinctions apparently > collapsed some time ago. Where does the constitution say this? I agree that I would prefer it that way, but I don't think there is any basis in law for your statement. ------------------------------ End of Computer Underground Digest #581 ************************************