**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.07 (October 15, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. It is assumed that non-personal mail to the moderators may be reprinted, unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: Re: IBM mainframe trojan repost File 3: CPSR Annual Meeting (Oct. 20-21, 1990) File 4: Electronic Frontier Foundation Hires Staff Counsel File 5: 13th Annual National Computer Security Conference (Part 1) File 6: 13th Annual National Computer Security Conference (Part 2) File 7: Summary of COMPUTER ETHICS (book) File 8: Introduction to TOXIC SHOCK ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #2.07, File 1 of 8: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: October 15, 1990 ++++++++++++++++++ Miscellaneous comments ++++++++++++++++++ 1. MAIL: A few people have received up to TEN copies of a single issue. We have no idea why. On occasion, we send out duplicates if the mailer indicates a net-block. Copies go out about 8-10 at a time, and if one batch is returned, which happens most often on weekends, we repeat the addresses in that batch individually, so it may happen that some people receive a duplicate (we have no way of knowing which address caused the failure, so we re-send all in that batch). However, there is no reason that we, or our postmaster, can determine that would cause multiple copies to be received. 2. Most recipients on the mailing list will notice that the "TO" header line is not to their address, but to "tk0jut1." Some people have asked how (and why) we do this. We simply use the BCC (blind carbon copy) command. For those asking what kind of system we use, it's an IBM Amdahl, wylbur on the front end, and, yes, we do wish we had Unix. 3. CENSORSHIP: The article on censorship will be in issue 2.08 along with an excellent article by Jim Warren on "Political Activity and Computers." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Wes Morgan Subject: Re: IBM mainframe trojan repost Date: Mon, 8 Oct 90 10:44:54 EDT ******************************************************************** *** CuD #2.07: File 2 of 8: From the Mailbag *** ******************************************************************** Re: "And a Merry Christmas to All?" > >An almost identical version of the IBM Christmas virus that infected >thousands of computers on IBM's internal mail in December 1987 has >reportedly been posted on the Bitnet network. In reality, the CHRISTMA EXEC was reposted to *Usenet*, not Bitnet. While some Bitnet sites are part of the Usenet, they are by no means one network. In addition, the original CHRISTMA EXEC incident involved the entire Bitnet, not just IBM's internal mail system. By the way, it would have been far more accurate to refer to CHRISTMA EXEC as a trojan, rather than a virus........ >The virus puts a tree and >seasonal greeting message on the screen of infected computers and is known >to replicate wildly, shutting down computers. Its method of replication is to send copies of itself to every entry in the user's NAMES files; Unix users can think of NAMES as an alias file. It does NOT infect entire systems; it only acts on the virtual machine of the user who executes it. >No word of any infections, >however. Bitnet connects computers at more than 200 universities as well >as to the Earn network in Europe, the entry point of the original virus. I don't think we'll see much more of this one. It was posted to a low-volume newsgroup on Usenet. A reader of that newsgroup would also require access to a BITNET site in order to implement the trojan. Note that the file MUST be sent via SENDFILE; the headers placed on electronic mail render it useless unless someone strips off the headers and executes it. >IBM was forced to shut down its 350,000-terminal network for nearly three >days to get rid of the virus. True enough; I strongly suspect that most RSCS handlers now look for and eliminate any files named CHRISTMA EXEC........8) A word of warning: IBM users should be extremely cautious of *ANY* EXEC that simply appears in their reader. I have heard reports of several variations on this theme; anyone with a good knowledge of CP and CMS can imagine some nasty possibilities. +++++++ The opinions expressed above are not those of UKECC unless so noted. Wes Morgan % %rutgers,rayssd,uunet%!ukma!ukecc!morgan University of Kentucky % or morgan@engr.uky.edu Engineering Computing Center % or morgan%engr.uky.edu@UKCC.BITNET ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: General Posting Subject: CPSR Annual Meeting (Oct. 20-21, 1990) Date: Oct. 13, 1990 ******************************************************************** *** CuD #2.07: File 3 of 8: CPSR Annual Meeting, Oct. 20-21 *** ******************************************************************** 1990 Annual Meeting of Computer Professionals for Social Responsibility October 20, 21, 1990 Stanford University and Palo Alto, California. The general public is invited. For more information, please call the CPSR National Office at (415) 322-3778. The CPSR Annual Meeting is a substantive, two-day conference addressing critical issues facing society because of the impact of information technology. The meeting will feature well-known speakers on subjects such as civil liberties in electronic communication, using computers for democratic oversight of government, women in the computing profession, and how the public learns about computers through the popular media. Speakers will include: John Perry Barlow, "Civilizing Cyberspace: Computers, Civil Liberties and Freedom." John Perry Barlow, a self-described "techno-crank," has been a Wyoming cattle rancher, a Republican Party official, and a lyricist with the Grateful Dead. He writes articles on computers for MicroTimes and The Whole Earth Review, and he co-founded the Electronic Frontier Foundation with Mitch Kapor. David Burnham, "Turning the Tables: Computer Oversight for Citizens." David Burnham, a former investigative reporter for The New York Times, is author of The Rise of the Computer State (1980) and A Law Unto Itself (1990), an inside look at the Internal Revenue Service. Burnham also works with the Transactional Records Access Clearinghouse at Syracuse University, which examines computerized records of Federal enforcement agencies. Panel discussion: "Women in Computing: Where We Are, Where We Want to Be, and How to Get There." Shari Lawrence Pfleeger, Chair, ACM Committee on Women and Minorities Donna Lehnoff, Women's Legal Defense Fund Barbara Simons, National Secretary, Association for Computing Machinery Dr. Sheila Humphreys, Department of Computer Science, UC Berkeley Moderated by Dr. Anita Borg, DEC Western Research Laboratory Panel discussion: "The Media and 'Mythinformation': How and What Does the Public Learn About Computers?" Bob Abel Multi-media expert, Synapse Technologies Michael Rogers General editor, Newsweek magazine Dr. Rudy Rucker, Science fiction author Brenda Laurel Consultant, interactive entertainment Moderated by Paul Saffo, Institute for the Future James Fallows will be the speaker at the banquet Saturday evening. "The Cold War is Over: Who Won?" The Sunday, October 21, program of the CPSR Annual Meeting will feature workshops on issues such as computing and civil liberties, education, workplace issues, computers and the environment, and other subjects, most self-organized by meeting participants. There will also be a workshop on "Organizing for Change in the 90s." For more information, please call the CPSR National Office at (415) 322-3778. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Mike Godwin Subject: Electronic Frontier Foundation Hires Staff Counsel Date: 9 Oct 90 14:12:02 GMT ******************************************************************** *** CuD #2.07: File 4 of 8: EFF Hires Staff Counsel *** ******************************************************************** This posting is meant to serve two purposes: a) formally announcing that I have been hired as staff counsel by the Electronic Frontier Foundation, for whom I will investigate cases that the EFF may be interested in, and for whom I will be coordinating EFF's legal strategy, and b) letting readers of this newsgroup know how to contact EFF about computer-related incidents and cases that raise civil-liberties issues in which you think the organization should be interested. To let EFF know about an interesting or troubling incident or case, you can send information to my address (mnemonic@well.sf.ca.us) or to EFF's general address (eff@well.sf.ca.us). The first address will probably get a slightly faster response, but either is fine. The U.S. Mail address is the following: Mike Godwin c/o Electronic Frontier Foundation 155 Second Street Cambridge, MA 02141. I can be reached by phone at 617-864-0665. Mike Godwin, (617) 864-0665 mnemonic@well.sf.ca.us Electronic Frontier Foundation ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: Thu, 08 Oct 90 12:01:45 CDT From: Gordon Meyer (CuD Co-moderator) Subject: 13th Annual National Computer Security Conference (Part 1) ******************************************************************** *** CuD #2.07: File 5 of 8: NCSC Conference (part 1) *** ******************************************************************** 13th Annual National Computer Security Conference October 1-4, 1990 Omni Shoreham Hotel Washington, D.C. Reported by Gordon Meyer Dr. Dorothy Denning's presentation, "Concerning Hackers Who Break Into Computer Systems", was part of the 'ethics' session held the afternoon of Oct 3rd. Denning's presentation consisted mainly of data, in the form of quotation and observations, taken from her recent interviews with approximately ten self-identified computer hackers. While her paper offers some suggestions on how the computer security community could assimilate some of the information hackers have available, her presentation instead focused on several thematic concerns she found to be prevalent in the computer underground. This was a wise tactical decision on her part, as her argument that hackers can be of some use to computer security professionals is not only somewhat unique, but must be considered only after the anti-hacker stereotypes have been methodically shattered. Trying to accomplish this in a 20 minute verbal presentation would be unrealistic. However, it should be pointed out that each of the conference attenders did receive the full text of Denning's paper (in fact, all the papers presented at all the sessions) in the two-volume proceedings book for the conference. The data presented at the session highlighted the CU's concern for ethical and legal issues related to information security. A large number of the quotes were taken from Denning's interview with Frank Drake (publisher of the defunct W.O.R.M. magazine), and focused, in part, on the ethics of large corporate data bases on individuals, and the NSA's role in providing standards for data encryption. Denning also utilized some quotes from PHRACK Inc (specifically the infamous 'Phoenix Project' announcement) and a quote concerning the recent spate of CU busts as reported in a past issue of CuD. Other excerpts were taken from The Mentor's Guide to Hacking, and various other statements from her interviews with unidentified hackers. The overall thrust of all of this was to show that hackers can be concerned with information technology ethics, their own actions while on a system, and the future of information technology and the CU in general. Denning's presentation appeared to be well received by the audience. By presenting the actual words of the subjects, rather than summarizing her findings, the CU was brought to life in a way that most likely many of the attenders had never seen before. (Each quote, by the way, was shown on an overhead projector and dramatically read by Dorothy's husband, Peter Denning.) The audience reactions during the presentations where quite interesting to observe. Outward displays of hostility, disbelief, and amusement were common, usually in reaction to statements of freedom, power, and tales of busts respectively. After Denning's presentation there was time for a few questions and audience comments. One comment was from a West German attender and concerned the Chaos Club. He told of Cliff Stoll's hacker adversary and how "three disks of VMS information was sold to the KGB" despite denials that such a thing had been done. His conclusion, emphatically stated, was that "you can't believe what hackers tell you, you can't trust them!". This comment received an enthusiastic burst of applause from the crowd. The panel session, "Hackers: Who Are They?", was held Thursday morning. The session was moderated by Denning, and consisted of the following panelists: Katie Hafner, author. Currently writing a book on Mitnick, Pengo, and Morris. Frank Drake, former publisher of W.O.R.M. magazine. Emmanuel Goldstein, publisher of 2600 magazine. Craig Neidorf, former co-publisher of PHRACK Inc. Sheldon Zenner, defense attorney in the Neidorf/Phrack case. Gordon Meyer, co-moderator of Computer Underground Digest. Denning opened the session by stating that although her initial intentions were to bring actual hackers in for the session, criticisms that doing so would be giving "aid and comfort to the enemy" convinced her that the next best thing, utilizing people who were closely associated with the CU, would be more prudent. This theme, aggrandizing computer criminals, would surface two or three more times during the session. Denning started the session off by presenting each panelist with one or two questions to answer. These questions served to introduce both the speaker and various aspects of the computer underground. Her first question was to Hafner, and addressed the concern that by writing about hackers, impressionable young readers might be attracted to the "fame and glory" of the enterprise. Hafner's answer essentially focused on the hardship and emotional/financial loss each of her subjects had suffered as a result of their activities. Hardly a glorified or attractive picture of hacking. Other introductory questions dealt with Zenner's summary of the Neidorf/Phrack case, Frank Drake defined "cyberpunk" and his motives in founding W.O.R.M. magazine, Goldstein discussed 2600 magazine, Neidorf on PHRACK Inc, and Meyer on CuD and defining the computer underground. A number of themes emerged from the questions that were asked by the conference attenders: First Amendment rights, and the publication of stolen information. Morality of publishing information that could be used to break the law. Possible implications of hacking into a system that would threaten the life and/or safety of others. (such as a hospital computer) The obligation of companies to secure their own systems, and possible legal complications that could arise if they fail to do so. The perception that corporations overstate the financial impact of CU activity. How much does it really cost you for a hacker to "steal" 3 seconds of CPU time? Possible use of CU members or skills by organized crime. Ways in which companies or organizations could provide a means for CU members to provide information on security holes, without risking reprisal. There were many more questions and comments, but unfortunately the session was not recorded. Perhaps what was even more interesting than the comments and answers themselves was the emotional reaction of the audience. Of the approximately 1600 people that registered for the conference around 250 attended this session. Scheduled to run about an hour and half, it lasted nearly two hours with a number of questions still remaining to be asked. Audience attention and participation was high, but couldn't be described as very "friendly" at times. Subjects that seemed especially "hot" included the financial impact of hacking, and the ease of reading and utilizing information found in personal email. The session went quite well, with many ideas and views being exchanged on both sides. There was a feeling that some good ideas and concepts had surfaced, and perhaps both sides had learned something about the other. There was, however, a definite adversarial feeling in the air. The panelists did, for the most part, manage to keep from being cast as apologists for the CU and were straight forward with their views and opinions. Goldstein and Drake in particular served to "ease over" a couple of tough questions with the application of appropriate humor. (eg: Hey, if it wasn't for hackers some of you wouldn't have a job!) Denning should be congratulated and thanked for her efforts to bring some dialogue between the CU and security professionals. This session should be an example of the mutual benefit such meetings can bring about. If the further efforts in this direction are made, rather than worrying about the politics and appearances of meeting with hackers, perhaps some moderation can be brought to both sides of the issue. Hyperbole and hysteria are hardly productive for either group, and only by shattering stereotypes and finding common ground will any resolution be possible. Let's hope that future meetings of the profession will allow for further discussions of this type. Postscript: It was great to meet the many CuD readers that came up and introduced themselves after the session. Thanks for your comments and kind words. Also, welcome to the new CuD subscribers that were picked up as a result of this conference. Additional comments and observations regarding any aspect of the conference are most welcome from any CuD reader, send them in! ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: Thu, 11 Oct 90 22:04:28 CDT From: "Craig M. Neidorf" Subject: 13th Annual National Computer Security Conference (Part 2) ******************************************************************** *** CuD #2.07: File 6 of 8: NCSC Conference (part 2) *** ******************************************************************** 13th Annual National Computer Security Conference October 1-4, 1990 Omni Shoreham Hotel Washington, D.C. A "Knight Lightning" Perspective by Craig M. Neidorf Dr. Dorothy Denning first hinted at inviting me to take part on her panel "Hackers: Who Are They?" in May 1990 when we first came into contact while preparing for my trial. At the time I did not feel that it was a very good idea since no one knew what would happen to me over the next few months. At the conclusion of my trial I agreed to participate and surprisingly, my attorney, Sheldon Zenner (of Katten, Muchin, & Zavis), accepted an invitation to speak as well. A few weeks later there was some dissension to the idea of having me appear at the conference from some professionals in the field of computer security. They felt that my presence at such a conference undermined what they stood for and would be observed by computer "hackers" as a reward of sorts for my notoriety in the hacker community. Fortunately Dr. Denning stuck to her personal values and did not exclude me from speaking. Unlike Gordon Meyer, I was unable to attend Dr. Denning's presentation "Concerning Hackers Who Break Into Computer Systems" and the ethics sessions, although I was informed upon my arrival of the intense interest from the conference participants and the reactions to my now very well known article announcing the "Phoenix Project." Not wishing to miss any more class than absolutely necessary, I arrived in Washington D.C. late in the day on Wednesday, October 4th. By some bizarre coincidence I ended up on the same flight with Sheldon Zenner. I had attended similar conventions before such as the Zeta Beta Tau National Convention in Baltimore the previous year, but there was something different about this one. I suppose considering what I have been through it was only natural for me to be a little uneasy when surrounded by computer security professionals, but oddly enough this feeling soon passed as I began to encounter friends both old and new. Zenner and I met up with Dorothy and Peter Denning and soon after I met Terry Gross, an attorney hired by the Electronic Frontier Foundation who had helped with my case in reference to the First Amendment issues. Emmanuel Goldstein, editor of 2600 Magazine and probably the chief person responsible for spreading the news and concern about my indictment last Spring, and Frank Drake, editor of W.O.R.M. showed up. I had met Drake once before. Finally I ran into Gordon Meyer. So for a while we all exchanged stories about different events surrounding our lives and how things had changed over the years only to be interrupted once by a odd gentleman from Germany who inquired if we were members of the Chaos Computer Club. At the banquet that evening, I was introduced to Peter Neumann (who among many other things is the moderator of the Internet Digest known as "RISKS") and Marc Rotenberg (Computer Professionals for Social Responsibility). Because of the great interest in the ethics sessions and comments I had heard from people who had attended, I felt a strange irony come into play. I've hosted and attended numerous "hacker" conventions over the years, the most notable being "SummerCon". At these conventions one of the main time consuming activities has always been to play detective and attempt to solve the mystery of which one of the guests or other people at the hotel were there to spy on us (whether they were government agents or some other form of security personnel). So where at SummerCon the youthful hackers were all racing around looking for the "feds," at the NCSC I wondered if the security professionals were reacting in an inverse capacity... Who Are The Hackers? Despite this attitude or maybe because of it, I and the other panelists, wore our nametags proudly with a feeling of excitement surrounding us. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - October 4, 1990 Dorothy Denning had gathered the speakers for an early morning brunch and I finally got a chance to meet Katie Hafner in person. The panelists discussed some possibilities of discussion questions to start off the presentation and before I knew it, it was time to meet the public. As we gathered in the front of the conference room, I was dismayed to find that the people in charge of the setting up the nameboards (that would sit in front of each panelist) had attended the Cook school of spelling and labeled me as "Neirdorf." Zenner thought this was hysterical. Luckily they were able to correct the error before we began. Hackers: Who Are They? Dr. Denning started the presentation by briefly introducing each panelist and asking them a couple of questions. Katie Hafner disputed the notion that her work has caused a glorification of hacking because of the severe hardships the people she interviewed had to endure. I found myself sympathizing with her as I knew what it was like to be in their positions. Many people commented later that her defense of Mitnick seemed a little insincere as he had indeed committed some serious acts. Not knowing all of the details surrounding Mitnick's case and not relying on the general newsmedia as a basis for opinion I withheld any sort of judgment. Emmanuel Goldstein and Frank Drake appeared to take on the mantle of being the spokespersons for the hackers, although I'm unsure if they would agree with this characterization. Drake's main point of view dealt with the idea that young hackers seek to be able to use resources that they are otherwise excluded from. He claimed to once have been a system intruder, but now that he is in college and has ample computing resources available to him, he no longer sees a need to "hack." Goldstein on the other hand sought to justify hacking as being beneficial to society because the hackers are finding security holes and alerting security to fix these problems before something catastrophic occurs. Gordon Meyer tried to explain the hacker mind-set and how the average hackers does not see using corporate resources as having a real financial burden to today's companies. Some people misunderstood his remarks to be speaking from a factual position and took offense, stating that the costs are great indeed. He also explained the differences between Phrack and the Computer Underground Digest. Most notable is that CuD does not print tutorials about computer systems. Sheldon Zenner focused on the freedom of the speech and press issues. He also spoke about technical details of the U.S. v. Neidorf case and the court rulings that resulted from it. One major point of interest was his quite reasonable belief that the courts will soon be holding companies financially liable for damages that may occur because of illegal intrusion into their systems. This was not to suggest that a criminal defense strategy could be that a company did not do enough to keep an intruder out, but instead that the company could be held civilly liable by outside parties. Zenner and Denning alike discussed the nature of Phrack's articles. They found that the articles appearing in Phrack contained the same types of material found publicly in other computer and security magazines, but with one significant difference. The tone of the articles. An article named "How to Hack Unix" in Phrack usually contained very similar information to an article you might see in Communications of the ACM only to be named "Securing Unix Systems." But the differences were more extreme than just the titles. Some articles in Phrack seemed to suggest exploiting security holes while the Communications of the ACM concentrated more on fixing the problem. The information in both articles would be comparable, but the audiences reading and writing these articles were often very different. I explained the concept and operation of Phrack and wandered into a discussion about lack of privacy concerning electronic mail on the Internet from government officials, system managers, and possibly even by hackers. I went on to remark that the security professionals were missing the point and the problem. The college and high-school students while perhaps doing some exploration and causing some slight disturbances are not the place to be focusing their efforts. The real danger comes from career criminals and company insiders who know the systems very well from being a part of it. These people are the source of computer crime in this country and are the ones who need to be dealt with. Catching a teenage hacker may be an easier task, but ultimately will change nothing. To this point I agreed that a hacker gaining entry and exposing holes on computer systems may be a service to some degree, but unlike Goldstein, I could not maintain that such activity should bring prosecutorial immunity to the hacker. This is a matter of discretion for security personnel and prosecutors to take into consideration. I hope they do. To a large degree I was rather silent on stage. Perhaps because I was cut off more than once or maybe even a little stagefright, but largely because many of the questions posed by the audience were wrong on their face for me to answer. I was not going to stand and defend hacking for its own sake nor was I there to explain the activities of every hacker in existence. So I let Goldstein and Drake handle questions geared to be answered by a system intruder and I primarily only spoke out concerning the First Amendment and Phrack distribution. In one instance a man upset both by Drake's comments about how the hackers just want to use resources they can't get elsewhere and by Goldstein's presentation of the Operation Sun-Devil raids and the attack on "Zod" in New York spoke up and accused us of being viciously one sided. He said that none of us (and he singled me out specifically) look to be age 14 (he said he could believe I was 18) and that "our" statement that its ok for hackers to gain access to systems simply because they lacked the resources elsewhere meant it was ok for kids to steal money to buy drugs. I responded by asking him if he was suggesting that if these "kids" were rich and did not steal the money, it would be ok to purchase drugs? I was sure that it was just a bad analogy so I changed the topic afterwards. He was right to a certain extent, all of the hackers are not age 14 or even in highschool or college, but is this really all that important of a distinction? The activities of the Secret Service agents and other law enforcement officials in Operation Sun-Devil and other investigations have been overwhelming and very careless. True this is just their standard way of doing business and they may not have even singled out the hackers as a group to focus excess zeal, but recognizing that the hackers are in a worst case scenario "white-collar offenders," shouldn't they alter their technique? Something that might be important to make clear is that in truth my indictment and the indictments on members of the Legion of Doom in Atlanta had absolutely nothing to do with Operation Sun-Devil despite the general media creation. Another interesting point that was brought out at the convention was that there was so much activity and the Secret Service kept so busy in the state of Arizona (possibly by some state official) concerning the hacker "problem" that perhaps this is the reason the government did not catch on to the great Savings & Loan multi-Billion dollar loss. One gentleman spoke about his son being in a hospital where all his treatments were being run by computer. He added that a system intruder might quite by accident disrupt the system inadvertently endangering his son's life. Isn't this bad? Obviously yes it is bad, but what was worse is that a critical hospital computer system would be hooked up to a phoneline anyway. The main reason for treatment in a hospital is so that the doctors are *there* to monitor and assist patients. Could you imagine a doctor dialing in from home with a modem to make his rounds? There was some discussion about an editor's responsibility to inform corporations if a hacker were to drop off material that he/she had breached their security. I was not entirely in opposition to the idea, but the way I would propose to do it was probably in the pages of a news article. This may seem a little roundabout, but when you stop and consider all of the private security consultants out there, they do not run around providing information to corporations for free. They charge enormous fees for their services. There are some organizations that do perform services for free (CERT comes to mind), but that is the reason they were established and they receive funding from the government which allows them to be more generous. It is my belief that if a hacker were to give me some tips about security holes and I in turn reported this information to a potential victim corporation, the corporation would be more concerned with how and from whom I got the information than with fixing the problem. One of the government's expert witnesses from U.S. v. Neidorf attended this session and he prodded Zenner and I with questions about the First Amendment that were not made clear from the trial. Zenner did an excellent job of clarifying the issues and presenting the truth where this Bellcore employee sought to show us in a poor light. During the commentary on the First Amendment, Hafner, Zenner, and I discussed a July 22, 1988 article containing a Pacific Bell telephone document copied by a hacker and sent to John Markoff that appeared on the front page of the New York Times. A member of the audience said that this was ok, but the Phrack article containing the E911 material was not because Phrack was only sent to hackers. Zenner went on to explain that this was far from true since private security, government employees, legal scholars, reporters, and telecom security personnel all received Phrack without discrimination. There really is a lot that both the hackers and security professionals have to learn about each other. It began to get late and we were forced to end our session. I guess what surprised me the most were all of the people that stayed behind to speak with us. There were representatives from NASA, U.S. Sprint, Ford Aerospace, the Department of Defense, a United States Army Lt. Colonel who all thanked us for coming to speak. It was a truly unique experience in that a year ago I would have presumed these people to be fighting against me and now it seems that they are reasonable, decent people, with an interest in trying to learn and help end the problems. I also met Mrs. Gail Meyer for the first time in person as well. I was swamped with people asking me how they could get Phrack and for the most part I referred them to Gordon Meyer and CuD (and the CuD ftp). Just before we went to lunch I met Donn Parker and Art Brodsky, an editor from Communications Daily. So many interesting people to speak with and so little time. I spent a couple hours at the National Gallery of Art with Emmanuel Goldstein, flew back to St. Louis, and returned to school. It was definitely an enLightening experience. ++++++++++++++++++++++++++++++ A very special thank you goes to Dorothy Denning, a dear friend who made it possible for me to attend the conference. :Craig M. Neidorf a/k/a Knight Lightning C483307 @ UMCVMB.MISSOURI.EDU C483307 @ UMCVMB.BITNET ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ Date: Thu, 08 Oct 90 12:02:51 CDT From: Gordon Meyer (CuD Co-moderator) Subject: Summary of COMPUTER ETHICS (book) ******************************************************************** *** CuD #2.07: File 7 of 8: Summary of "Computer Ethics" (book) *** ******************************************************************** Here's a recently published book that will be of interest to CuD readers. This summary has been taken, verbatim, from the flaps of the dust jacket. _Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing_ Forester, Tom and Perry Morrison 1990. The MIT Press. Cambridge, Massachusetts. ISBN 0-262-06131-7 (hardcover) Price paid: $19.95 193 pages, with index _Computer Ethics_ exposes the dangers of letting society rely too heavily on computers.. Written by two insiders, it provides balanced and authoritative coverage of such topics as software unreliability, computer crime, software theft, hacking, viruses, unmanageable complexity, invasions of privacy, "artificial intelligence," and degraded work. The authors describe these problem areas with fascinating, often dramatic examples of computer abuse and misuse, augmented by extensive notes and references, role-playing exercises, and hypothetical situations. There are suggestions for further discussion at the end of each chapter. Forester and Morrison argue that it is the nature of computer systems to be unreliable, insecure, and unpredictable, and that society must face the consequences. _Computer Ethics_ is an outgrowth of the authors' work with computer science student, focusing on the ethical dilemmas these students will confront as professionals. About the authors: Tom Forester teaches in the School of Computing and Information Technology at Griffith University in Queensland, Australia, and is author or editor of six books on technology and society. Perry Morrison is Lecturer in Computing at the University of New England, New South Wales, Australia. Table of Contents: Preface and Acknowledgements 1 Introduction: Our Computerized Society Some problems created for Society by Computers - Ethical Dilemmas for computer professionals and users 2 Computer Crime The rise of the high-tech heist - Is reported crime the tip of an iceberg? - Targets of the computer criminal - Who are the computer Criminals? - Improving computer security - Suggestions for further discussion 3 Software Theft The growth of software piracy - Revenge of the nerds? - Intellectual property rights and the law - Software piracy and industry progress - Busting the pirates - Suggestions for further discussion 4 Hacking and Viruses What is hacking? - Why do hackers 'hack'? - Hackers: criminals or modern-day robin hoods? - Some 'great' hacks - Worms, trojan horses and time bombs - The virus invasion - Ethical issues - Suggestions for further discussion 5 Unreliable Computers Most information systems are failures - Some great software disasters - Warranties and disclaimers - Why are complex systems so unreliable? - What are computer scientists doing about it? - Suggestions for further discussion 6 The Invasion of Privacy Database disasters - Privacy legislation - Big brother is watching you - The surveillance society - Just when you thought no one was listening - Computers and elections - Suggestions for further discussion 7 AI and Expert Systems What is AI? - What is intelligence? - Expert systems - Legal problems - Newer developments - Ethical issues: is AI a proper goal? - Conclusion: the limits of hype - Suggestions for further discussion 8 Computerizing the workplace Computers and employment - Computers and the quality of worklife: 'De-skilling' - Productivity and People: stress, monitoring, de- personalization, fatigue and boredom - Health and safety issues: VDT's and the RSI debate - Suggestions for further discussion Appendix Autonomous Systems: the case of 'Star Wars' Index ---- CuD would welcome a review and/or summary of this book. If any CuD-ites are interested, please send one in! Terra Primum! ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Deleted Subject: Introduction to TOXIC SHOCK Date: Wed, 10 Oct 90 20:49:32 EDT ******************************************************************** *** CuD #2.07: File 8 of 8: Introduction to TOXIC SHOCK *** ******************************************************************** %We have been asked by various readers for information on Toxic Shock, so we asked the group to provide an introduction/summary, which they did (moderators)%. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ !*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!*@&#^$%#^@&!* . .:::::. .::::::::. ...:::::::::.. :::::::::::: ..:::::::::::::::::.. ::::: :::: .::: ::::::: :::. :::::. : :: ::::: :: :::::::. : ::: : :::::::::. ::: :::::::: ::: ::::: ::::: : :::: ::::: oxic :::......:::: hock .:::::::. ::::::::::: ::::::::::: ::::::::: by Bloody Afterbirth !@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@*&#$^%!@ By request, I present you with some info about Toxic Shock... Our main purpose in existence is to piss someone off. Originally, we did this (quite well, I like to think) by being disgustingly explicit, both sexually and violently. We did parodies of the B-I-B-L-E , made fun of nouns (people, places, things!), and basically tried to be as raunchy as we could, with or without a serious message. We slowly began to change... Our stories became less explicit, sometimes, and became more dramatic, with unusual endings and some form of meaning/message/moral behind them. We began to mix our utter bullshit with things of a more serious nature, though only the message behind what we did may have seemed serious. We were still being raunchy, but we were doing it to get a point across, then. Our movement away from the original stories was agonizingly slow and we regressed several times along the way... I wanted the group to become a force (hopefully) for change... I wanted to educate people about things, to try to open their eyes about certain issues in society and life... Eventually, the others began to see it my way... It was about that time that we first excerpted from magazines and pamphlets... We began to get pissed off about environmental issues, social issues, political issues, etc.. Our files and those things that we excerpted began to reflect this. About that time I wrote a story called The Final Conflict which, on the surface, was the final battle between My Lord Fetus and that weak spined fool of a deity we call Coathanger... As I pointed out in the file, it was designed to present my views on drugs, abortion, sex, etc., and to make people think about these issues for themselves. That was, I like to think, the herald of a new age for Toxic Shock. We began excerpting more and more, from HIGH TIMES, Omni, GreenPeace literature, etc.. What we were reading pissed us off, what we saw on the news pissed us off... And the fact that noone was doing anything about those things pissed us off. So, we tried our best to get this information to the people, and hopefully to make someone, somewhere, angry enough to help us fight the corruption in our government and society, and the morally WRONG policies set by our government. That is where we were, and that is where we are now. We embrace the Underground, for it is our home. What we have called the Underground includes the Hacker Society that has been rapidly declining since around 1985, and the Drug Culture. This makes us look bad, nasty, and evil, and we really don't care much... Because the people we want to reach out to are open minded enough to listen to what we have to say, and are able to weigh the information in their heads and make up their own minds about things like drug legalization, terrorist attacks such as Operation Sun Devil, and other such issues. We continue to excerpt from magazines, take things that we find floating along the networks, and basically try to get in your face with the Other Viewpoint to all of the propaganda that the government and big pressure groups feed those Television Addicts. The citizens of the United States do not seem to realize, do not seem to care, that the name of the country will soon be changed to United Police State of America... We try to help people see that this is happening, that the Rights to Free Speech, Thought, and Action, which are supposedly Inalienable, are being systematically stripped from all the people... Unfortunately, this has proven to be difficult because, as of right now, we have only three members...Even by the most lenient of measures, the most we have ever had at one time has been six... Admittedly, we've done over one hundred files with three people alone, but we could really use some help in our effort to Educate... Soooooo...For the future...Ideally, we will help prevent the situation in America, the Home of the Slave, from getting any worse, and help to speed up the radical reforms and changes that are necessary in the ideals, morals, attitudes and policies of the people of this country...and the world... (c)October 1990 Bloody Afterbirth/Toxic Shock .....Reproduce at will, with no modifications to the text..... Toxic Shock are not affiliated with CuD (not YET!), so if you are wanting to contact one of us, please don't bother the moderators. Bloody Afterbirth can be found on Lunatic Labs and Ripco, or if you prefer to use USENET or Internet, shoot something to this guy, he'll pass it on... sixhub!kk4fs!lynched -or- lynched@kkf4s.uucp You can also call the Centre Of Eternity at 615.552.5747 (12/24) The Sop can get you in touch with one of us eventually...