home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
cud1
/
cud118b.txt
< prev
next >
Wrap
Text File
|
1992-09-26
|
14KB
|
274 lines
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.18 (June 25, 1990) **
****************************************************************************
MODERATORS: Jim Thomas (Sole moderator: Gordon Meyer on vacation)
REPLY TO: TK0JUT2@NIU.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
***************************************************************
*** CuD, Issue #1.18 / File 2 of 5 / Mailbag (3 items) ***
***************************************************************
Date: Fri, 22 Jun 90 9:31:10 EDT
From: Wes Morgan <morgan@engr.uky.edu>
To: TK0JUT2%NIU.BITNET@UICVM.UIC.EDU
Subject: Re: C-u-D, #1.17
Stephen Tihor <TIHOR@NYUACF> writes:
>
>I am interested in ideas with low $ and personnel costs and which will avoid
>triggering more vandalism or even unguided explorations.
How about *guided* exploration? I would assume that a university with
NYU's level of resources has PCs capable of running UNIX. Why not run
a series of "Intro to UNIX" and "Intro to C" courses using UNIX PCs?
Encourage exploration; after all, there's not much damage to be done with
an isolated PC......and the accounts can stick around for months.
>===========================================================================
mis@seiden.com(Mark Seiden) writes, in his commentary on the LoD case:
>presumably there a precise legal definition of "traffic"?
BKEHOE@widener also expressed concern about this issue later in this
Digest. This comment applies to both articles.
The use <and misuse> of "traffic" in this case has serious implications
on ALL computer networks. Consider BITNET; if a user at TECMTYVM sends
stolen <or misappropriated> information to UKCC, are the 12 intermediary
site on the path implied accessories? I don't even want to *think* about
the uucp network, where it can require passage through 15 or 20 sites to
reach some nodes. Consider the frightening ease with which both BITNET
and UNIX mail <and list postings> can be forged. Consider the CP TRANSFER
command; a little reading should make its potential clear.
The potential for monitoring network traffic is also large. The simple
command "sm <rscs-agent> cmd ohstvma q psuvm q" will allow me to see the
destination of every file travelling that link, one of BITNET's busiest.
A number of products (LANalyzer, Sniffer) allow their users the ability
to track, capture, and decode packets travelling on almost *any* network.
It's a simple matter to track usage of any network; how soon before we
see official "Sniffer Stations", driven by AI routines, watching and ana-
lyzing our network usage constantly?
>Are you still able/willing to make the entire archives available to, say,
>counsel needing access for trial preparation? how about to someone who
>will be testifying before Congress (who are holding hearings in mid-July on
>this subject)?
A related question: If a public document (i.e., PHRACK) is used as
evidence in a closed trial, does that restrict distribution on ALL copies
of that PUBLIC document? This seems somewhat akin to intro-ducing the
Louisville Courier-Journal as evidence, expecting all the libraries to
hastily pull the appropriate issues from the shelves. Are there any
attorneys on this list who would offer an opinion in this matter?
BKEHOE@widener writes, in his comments on the Neidorf indictment:
>
>2) Counts 3 and 4 were about as vague as anything I've read. From my
>interpretation, the counts are charging them with conspiring to perform the
>E911 "theft" via email. Does that then mean that if I were to write to
>someone with a scheme to break into a system somewhere, that I could be
>held accountable for my plans? Is the discussion of performing an illegal
>act of and in itself illegal?
Sure, if that break-in actually happens. You'd be liable under that
wonderful "conspiracy" clause. If the fellow with whom you discussed the
scheme subsequently discussed it with another individual, who actually
committed the crime, you could certainly be tracked down and charged as a
co-conspirator <or accessory>. This is the sort of thing that makes me
wary when users ask for explanations of telnet/cu/ftp/et cetera.... I just
point them at the manuals, so they can't attribute *ANYTHING* to me.
>4) Finally, I must wonder how many more charges may be pulled up between
>now and the time of the trial, if that gem about transmitting Phrack 22 was
>so suddenly included. Will every Phrack be dug through for any "possibly"
>illegal information?
Certainly! You know that those lists of bbs numbers imply that Neidorf
connected to EACH AND EVERY ONE of them, dispensing his ILLEGAL information!
<Emphasis added for the SS attorney who will be spouting this rubbish as
he introduces past issues of PHRACK as evidence........yeesh>
>If I were to write up a file based on the
>information in Dave Curry's Unix Security paper, using language that
>"incites devious activity" (a.k.a. encourages people to go searching for
>holes in every available Unix system they can find), can I be held
>accountable for providing that information?
Well, how about this situation? I'm the de facto "security guru" for my
site. Should I attempt break-ins of machines under my domain? Am I vio-
lating the law? Am I liable, even though I have no malicious intent?
Needless to say, I have stopped all such activity until these points are
ironed out.
>Well, that's enough for now...I'm interested in hearing other peoples'
>opinions on all of this. I'm sure I'm not the only one out here who gets
>mildly PO'd each time I hear about a new result of Operation Sun Devil (and
>the associated fever).
Well, I wonder if anyone's planning a "Introduction to Modern Computing"
course for the judiciary. I still don't understand how people such as
Neidorf, Riggs, and Rose can be tried by a "jury of their peers". I'd
like to see the records of the _voir dire_ (jury selection) process. How
many of the prospective jurors do you think will be able to truly under-
stand the concepts involved? Would you care to explain password security
to a <no offense intended> 2nd grade teacher or bus driver? I mean no
slight to these people, but their presence on a jury in a computer case
is like asking me to serve on a jury for a case involving particle physics!
For that matter, will the defense attorney have a chance to object to the
definitions given various terms by the prosecutors in open court? Hardly.
Wes Morgan
--
The opinions expressed above are not those of UKECC unless so noted.
Wes Morgan % %rutgers,rayssd,uunet%!ukma!ukecc!morgan
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Date: Fri, 22 Jun 90 16:22:22 EDT
From: josephl@wb3ffv.ampr.org
To: tk0jut2
->->->->->->->->->
A NETWORKER'S JOURNAL
->->->->->->->->->->->
Vol. 5 June 22, 1990 No. 42
ALAN BECHTOLD PLANS MODEM USERS ASSOCIATION
Alan Bechtold, president of BBS Press Service, has launched a new
non-profit organization called the Modem User's Association of America that
he says will be active in cases in which phone companies propose rates that
affect telecomputerists. MUAA intends to be a clearing house for
information of interest to users and operators of computer bulletin board
systems. It also hopes to link local and regional modem user groups into a
nationwide network and set up a lobbying effort in Washington to push for
legislation favorable to modem users.
Bechtold says that so far the greater interest has come from people in
states currently affected by changes in phone company rates, including
Indiana and Texas.
The group's legal and lobbying support for the first year is being offered
by a Washington, D.C., group, Bechtold said. For more information about the
group, you may call 913/478-9239.
--------------------------------------------------------------------
UNCLE SAM OFFERS SECURITY GUIDES
Computer security guides, mandated by the Computer Security Act of 1987,
are being distributed by the National Institute of Standards and
Technology. They address viruses, data integrity and general system
security. The guides are available from the Government Printing Office or
directly from the NIST Computer Security Board. To check it out, make a
modem call to 301/948-5717.
Three of the guides cover security questions posed by executives, managers
and users, while the fourth is intended to assist federal agencies in
developing security training programs.
U.S. SUPREME COURT PREPARES TO BEGIN ELECTRONIC TRANSCRIPTIONS
Starting next month, the U.S. Supreme Court's decisions and supporting
options will be electronically transmitted to computer networks operated by
12 court-approved organizations as part of its new "Project Hermes," a
2-year experiment.
Writing in CompuServe's Online Today electronic publication this week,
James Moran notes that of the organizations directly receiving the Court
transmissions, one is a non-commercial, non-profit, consortium made up of
Case Western Reserve University, EDUCOM, and the National Public
Telecomputing Network. EDUCOM later will transmit the opinions to Internet
and BITNET for general distribution, as well as to NPTN which will
distribute copies to affiliated community computer systems.
Says Moran, "When the Supreme Court is ready to release an opinion, a
computer at the Supreme Court Building in Washington will simultaneously
open 12 telephone lines and transmit copies to the 12 primary information
distributors. Subsequently, the distributors will make the Court's
decisions available to other interested parties."
For more information, send your name, organization or firm, address, city,
state, and zip, to Project Hermes, CWRU Community Telecomputing Lab, 319
Wickenden Building, Cleveland, OH 44106.
* * *
A NETWORKER'S JOURNAL is a weekly feature by Charles Bowen%ment
--------------------------------------------------------------------
To: tk0jut2
Subject: Re: Update: Alcor Life Extension Email Litigation
Date: Sat, 23-Jun-90 12:08:07 PDT
Update on the progress in the Alcor/email case as of June, 1990:
by H. Keith Henson
A suit under section 2707 of U.S.C. title 18 (the Electronic Communications
Privacy Act) against a number of individuals in the Riverside, California
Coroner's office, the District Attorney's office, and the Riverside police
department was filed Jan. 11, 1990, one day short of the statutory limit.
There were fifteen plaintiffs out of roughly fifty people who had email on
the Alcor system. For those of you who are not familiar with the case, the
coroner removed a number of computers from Alcor in connection with an
investigation into the cryonic suspension of Dora Kent in December, 1987.
The defendants moved in March for a dismissal of the case, arguing that 1)
the warrant for the computer was enough to take any email found within it,
and 2) that even if the defendants had made "technical" errors in
confiscating the email, they should be protected because they acted in
"good faith."
Our lawyer opposed the motion, arguing that the warrant originally used was
itself defective, even for taking the computers. This is something Alcor
had never done, because (I think) people can only object to a warrant after
charges have been filed, and for all the accusations the coroner and DA
made in the press (which included murder, drugs, theft, and building code
violations), no charges have been filed in this case in the last two and a
half years.
The federal judge assigned to the case denied the motion after hearing oral
arguments in May. Based on the comments of the judge from the bench, it
seems that he agrees that the plaintiffs have a case, namely that taking
email requires a warrant for the email, or the persons doing so will face
at least civil liability.
So far the legal bill stands at over $10,000. Suggestions as to
organizations or individuals who might be interested in helping foot the
bills would be welcome. (Donations would be returnable if we won the case
and the county has to pay our legal bills as required in section 2707.)
The text of the legal filings (40k, three files) have been posted to CuD.
If you can't get CuD, they are available by email from
hkhenson@cup.portal.com
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+ END THIS FILE +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+