Computer underground Digest Sun 11 July, 1999 Volume 11 : Issue 32
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Curryg Editor: Etaion Shrdlu, III
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #11.32 (Sun, 11 July, 1999)
File 1--"LATEST" CuDs (typo correction)
File 2--More Mischief on the Net! Hackers Netcast Phone Calls
File 3--(EPIC)[5] Proposed DoubleClick/Abacus Merger Raises Privacy Concerns
File 4--cDc ANNOUNCES BACK ORIFICE 2000
File 5--Study: Computer Virus Costs to Business Surge
File 6--FBI on offensive in 'cyber war,' raiding hackers' homes
File 7--SANS NewsBites Vol. 1 Num. 15
File 8--Cu Digest Header Info (unchanged since 10 Jan, 1999)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
TO UNSUB OR CHANGE ADDRESS, SEE ADMINISTRAVIA IN CONCLUDING FILE
---------------------------------------------------------------------
Date: Sun, 11 Jul 99 23:33 CDT
From: Cu Digest
Subject: File 1--"LATEST" CuDs (typo correction)
In a recent issue, we announced that we would experiment with
putting the latest cuds in a "latest" file so users could
more easily obtain the lastest CuD. As many readers noted,
there was a typo that slipped by us. We also changed what
was originally intended as a text file to an html file.
The latest CuD can be obtained at:
http://www.soci.niu.edu/~cudigest/latest.html
------------------------------
From: editor@TELECOM-DIGEST.ORG
Date: Fri, 25 Jun 1999 22:35:04 -0400 (EDT)
Subject: File 2--More Mischief on the Net! Hackers Netcast Phone Calls
Source - TELECOM Digest Fri, 25 Jun 99 Volume 19 : Issue 169
((MODERATORS' NOTE: For those not familiar with Pat Townson's
TELECOM DIGEST, it's an exceptional resource. From the header
of TcD:
"TELECOM Digest is an electronic journal devoted mostly but
not exclusively to telecommunications topics. It is
circulated anywhere there is email, in addition to various
telecom forums on a variety of public service systems and
networks including Compuserve and America On Line. It is also
gatewayed to Usenet where it appears as the moderated
newsgroup 'comp.dcom.telecom'. Subscriptions are available to
qualified organizations and individual readers. Write and tell
us how you qualify:
* ptownson@massis.lcs.mit.edu * ======" ))
==================
Date - Fri, 25 Jun 1999 14:15:30 PDT
>From - Mike Pollock
Subject - More Mischief on the Net! Hackers Netcast Phone Calls
W I R E D N E W S
Private Lives Laid Bare on Net
by James Glave
Voices drift through the ether, over cell phones, from somewhere in
Vancouver, British Columbia.
In a heavy working-class Canadian accent, a man says good morning to
his girlfriend, who is half asleep. She asks him if there's any coffee
left.
Neither is aware that a hacker known only as DwC is capturing their
words with a Bearcat BC200XLT scanner, and netcasting their intimate
chat live onto the Internet with Shoutcast, a streaming MP3 service.
"I think it is an intrusion," said David Jones, director of Electronic
Frontier Canada, a group that seeks to preserve free expression in the
digital age.
Because the man and his girlfriend are using older cellular phones
that transmit over radio frequencies without encryption, the conversation
can be easily intercepted. Normally such calls can only be heard by
someone using a modified scanner, but DwC has taken their conversations
to a wider audience all over the world.
"[The callers] are using out-of-date technology [and the hacker is]
broadcasting it like a radio program," said Jones. "But it is not a
radio program. It is a private conversation."
And that could land the anonymous netcaster in jail.
Section 184 of The Criminal Code of Canada states that anyone found
guilty of intercepting cellular phone calls "maliciously or for gain"
can be sentenced to a maximum of five years in prison.
Jones said that while Section 183 says that calls made on analog cell
phones, or via "radio-based telephone communication" are not
considered a "private communication," DwC may still be violating the
law under Section 184 by using the intercepted conversations maliciously.
Neither the Vancouver Police Department nor the Royal Canadian Mounted
Police could be reached for comment. British Columbia has an Office of
the Information and Privacy Commissioner, but that department only
oversees the privacy of public bodies, and not individuals.
The conversations are private, but mundane -- DwC's digital sieve
catches the tedium of everyday life. One person gripes about why his
insurance won't cover stolen scuba gear. A man on his way to work
chats with his sleepy girlfriend. Then there's restaurant reservations,
drug deals, someone complaining about her bowel obstruction.
Some are intimate, others are disturbing.
"He was having financial problems and he hung himself in his garage
yesterday," said one voice.
"How old was he?"
"Fortyish."
While the chatter runs in the background, a group of streaming MP3
enthusiasts listens in on an Internet Relay Chat channel.
The cyber peanut gallery at times creates a bizarre interplay between
reality and the group of technically sophisticated voyeurs. As a woman
on a technical support cell call coaches a friend on how to plug in
her keyboard, the voyeurs in the channel chime in with their own
smart-aleck advice. Only they can hear it.
One young audiophile said he couldn't resist the voyeuristic thrill.
"I think he's trying to prove that we can't be ignorant to the people
listening to the scanners," said the chatter, who described himself as
an 18-year-old high school student from Toronto.
"It's like it's in the air: You can't stop the waves from going
through your body; why not listen to it?"
For David Jones, the answer is to junk analog cell phones in favor of
more secure digital PCS phones.
"We should all have digital cell phones that have strong crypto. It
wouldn't matter if we are broadcasting encrypted voice because it
would be indecipherable.
"Strong crypto keeps out the cops, it keeps out the reporters, and it
keeps out this punk in Vancouver who is getting his jollies."
------- Related Story ---------
Cell-Phone Calls Streamed on Net
by Chris Oakes
You can hear almost anything on the Internet these days -- maybe even
your own phone conversations.
America Online said Thursday morning that it was investigating
Internet broadcasts of private cell-phone conversations captured with
private scanner hardware and streamed out over the Net through its
Shoutcast service.
Shoutcast lets anyone with an Internet connection deliver any one of
dozens of audio feeds of their choice. Basement netcasters the world
over use MP3-encoded audio streams to channel home-brewed broadcasts
to users of MP3 playback software in real time.
"If you listen for a while, you'll hear credit card numbers, phone
numbers, addresses, and all kinds of information I'm sure the people
on the cell phones don't want the entire Internet to know," said
Thomas Edwards, founder of webcasting company The Sync.
"The legal implications are significant."
Edwards said he's heard what sound like both wireless phone and
cell-phone conversations. The cell-phone conversations are typically
interrupted every two minutes as cellular providers change a call's
radio frequency, he said.
The conversations could be heard on the Shoutcast home page at
Nullsoft, the company hosting the service, as recently as Wednesday
night. But Thursday morning, no feeds with titles indicating a
cell-phone conversation were listed.
Nullsoft parent company America Online said the company was made aware
of the issue only Thursday morning and began investigating.
"We want to act responsibly and swiftly so when information comes to
our attention that a user has posted information that could be
unlawful, we're going to review it, and if necessary, remove it," said
AOL spokeswoman Tricia Primrose.
As of Thursday morning, the company had not yet removed any feeds from
the Shoutcast site. A system monitor running on the Shoutcast site at
the same time detected 2,357 people listening to 569 active servers.
Telecommunications law generally removes Internet service providers
from liability for information sent through a service's network. Legal
cases have also established the provider as a conduit, or common
carrier. End users, and not the network provider, are liable for
illegal or libelous information.
Edwards said he checks into Shoutcast every two weeks and had only
just begun to notice the cell-phone conversations. He says it may be
that most of the feeds show up late at night.
In policy and disclaimer material on the Shoutcast site, Nullsoft
takes a hands-off stance on content fed through its site.
"Nullsoft, Inc. is not responsible for the content of what is
broadcast below. Nullsoft, Inc. believes in the First Amendment to the
US Constitution and will not review or censure any broadcast. Nullsoft,
Inc. maintains no responsibility for the content of any broadcast."
Nullsoft also publishes WinAmp, the popular MP3 player for listening
to Shoutcast and MP3-based music files.
------------------------------
Date: Wed, 30 Jun 1999 16:16:22 -0400
From: "EPIC-News List" epic-news@epic.org
Subject: File 3--(EPIC)[5] Proposed DoubleClick/Abacus Merger Raises Privacy Concerns
Source - Volume 6.10 June 30, 1999
http://www.epic.org
[5] Proposed DoubleClick/Abacus Merger Raises Privacy Concerns
Privacy groups have raised concerns over the potential violation of
international privacy protection laws involved in the proposed merger
Internet advertiser DoubleClick and market research firm Abacus
Direct. When the two firms merge, the DoubleClick database containing
data on Internet usage habits will be cross-referenced with the Abacus
Direct database containing real names and addresses, as well as
detailed information on customer buying habits. The proposed deal has
been trumpeted as the key to targeting niche markets more effectively,
but the synthesizing of information could create a super-database of
personal information without consumers' previous consent.
EPIC, along with other privacy advocates, issued an open letter to
Abacus Direct shareholders on June 29, asking them to derail the one
billion dollar merger. The groups urged shareholders to consider
whether the companies understood the privacy implications of the
proposed merger, or whether they had considered international laws
that could restrict their data trades.
Specifically, the letter cites the European Union privacy directive,
which bars data transfers from EU countries to third parties it
believes don't adequately protect personal data or fail to obtain
proper consent before sharing it. The letter also raised the
possibility of legal action in Europe. The location of Abacus'
subsidiary in Teddington, England leaves an opening for the
challenging the merger under the EU data directive, arguing that the
U.K. arm of the company shouldn't be able to exchange data with
companies in the DoubleClick network -- as well as Abacus's US
locations -- that don't comply with the EU directive. Consumer
advocates are also drafting a petition to the Federal Trade Commission
questioning the merger.
More information on the DoubleClick/Abacus merger, including the text
of the privacy groups' open letter, is available at:
http://www.junkbusters.com/doubleclick.html
=======================================================================
[7] Report Notes Benefits of Internet Anonymity
=======================================================================
The American Association for the Advancement of Science has released a
report titled "Anonymous Communication Policies for the Internet."
The report grows out of a conference on anonymity sponsored by AAAS in
November 1997. The paper acknowledges that anonymous communication
can be misused, but concludes that the benefits from its positive uses
far outweigh the risks.
The conference participants conducted a benefit/burden analysis of
online anonymity in attempting to formulate a policy on the issue. In
the end, they devised four principles: 1) that anonymous communication
online is morally neutral; 2) that anonymous communication should be
regarded as a strong human right (and a constitutional right in the
United States); 3) that online communities should be allowed to set
their own policies regarding the use of anonymous communication; and
4) that individuals should be informed about the extent to which their
identities are disclosed offline.
Finally, it was suggested that abuses of online anonymity should not
be tolerated and that those posting defamatory messages must be
responsible for any harm associated with them. The conference members
also took a stance against key-escrow encryption and liability for
operators of anonymous remailers. They also stressed the importance
of education and public awareness and the possible development of
codes of conduct.
The full text of the AAAS report is available at:
http://www.slis.indiana.edu/TIS/abstracts/ab15-2/teich.html
=======================================================================
Subscription Information
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. A Web-based form is available for subscribing or
unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
------------------------------
Date: 4 Jul 1999 05:00:45 -0000
From: editor@CULTDEADCOW.COM
Subject: File 4--cDc ANNOUNCES BACK ORIFICE 2000
FOR IMMEDIATE RELEASE
Press Contact:
The Deth Vegetable
cDc Minister of Propaganda
veggie@cultdeadcow.com
BACK ORIFICE 2000, THE ONLY WAY TO CONTROL A MICROSOFT NETWORK
[July 2nd, San Francisco] The CULT OF THE DEAD COW (cDc) will debut its
latest remote network administration tool called Back Orifice 2000 on
July 10th at Defcon VII in Las Vegas. This program is the most powerful
application of its kind and puts the administrator solidly in control of
any Microsoft network.
Back Orifice 2000 is a best-of-breed network administration tool,
granting sysadmins access to every Windows machine on their network.
Using Back Orifice 2000, network administrators can perform typical
desktop support duties without ever leaving their desk.
Some notable features include:
* Windows NT support (as well as Windows 95 and 98)
* an open plugin architecture to allow for 3rd party add-ons
* strong cryptography to ensure secure network administration
* open source, available under the GNU Public License
"It's a totally professional tool. Essentially it sews together
Microsoft networks in ways that were never possible before," says Mike
Bloom, Chief Technical Officer for Gomi Media, Toronto. "BO2K is a
control freak's dream and the strong crypto feature gives the
legitimate administrator a level of confidence that just didn't exist
before. It's one kickass app".
Back Orifice 2000 evolved from Back Orifice (the name itself a pun on
the "Back Office" server suite from Microsoft), released by the cDc at
last year's Defcon.
Back Orifice 2000 was written by cDc code monster Dildog with input
from Sir Dystic, the originator of Back Orifice.
According to Dildog, "When it comes to administering Windows networks,
the most problematic thing has always been the lack of powerful remote
control. Unix administrators have enjoyed remote logins for decades, and
with the dawn of tools like Secure Shell (SSH), Unix systems can be
securely administered from anywhere in the world. Windows needed it
too."
"Now that we've enhanced the Windows administration experience, we hope
that Microsoft will do its best to ensure that its operating systems
are robust enough to handle the control we've given to them," added
Dildog.
If last year's release of Back Orifice is any indicator, Back Orifice 2000
will be a huge success. The first generation app caused quite a stir with
the hacking community and the press. The Cult of the Dead Cow's webmaster
reported a whopping 300,000 downloads from the primary and mirror sites,
and predicts that Back Orifice 2000 will move briskly into the Microsoft
networking environment.
That's good news for network administrators but not the best news for
Microsoft. Sysadmins will have at their disposal a professional
open-source application, free of charge. Unfortunately for Microsoft,
Back Orifice 2000 could bring pressure on the software leviathan to
finally implement a security model in their Windows operating system.
Failure to do so would leave customers vulnerable to malicious attacks
from crackers using tools that exploit Windows' breezy defenses.
Back Orifice 2000 will be available for download free of charge from
http://www.bo2k.com/ after July 10th, 1999.
.........................................................................
The CULT OF THE DEAD COW (cDc) is the most influential group of hackers
in the world. Formed in 1984, the cDc has published the longest running
e-zine on the Internet, traded opinions with large software companies,
and entered numerous dance competitions. We could go on, but who's got
the time?
For more background information, journalists are invited to check out
our Medialist at http://www.cultdeadcow.com/news/medialist.htm.
Cheerio.
"Microsoft", "Windows", "Back Office", "Sysadmin", "Desk", and "Leviathan"
are all trademarks of the Microsoft Corporation. Blah blah blah, give it
a rest already.
"cDc. It's alla'bout style, jackass."
------------------------------
Date: Sun, 20 Jun 1999 12:52:25 EDT
From: Cudigest@aol.com
Subject: File 5--Study: Computer Virus Costs to Business Surge
Study: Computer Virus Costs to Business Surge
'Hackers Don't Like To Be Outdone, and Most Companies Are Underfunding Their
Security Efforts'
Reuters
NEW YORK (June 1p) - Computer virus and ''worm'' attacks on
information systems have caused businesses to lose a total of
$7.6 billion in the first half of 1999 as a result of disabled
computers, a research firm said Friday
The cost of viruses and worms -- computer bugs spread by e-mail
that can cause system shutdowns -- was about five times larger in
the first six months of 1999 than businesses suffered during all
of last year, said Computer Economics Inc.
The most recent study was based on 185 companies representing
900,000 international users, while the 1998 survey used slightly
different methodology, researcher Michael Erbschloe said.
''The numbers probably came out low,'' he said. ''It is a
conservative number in that not everyone tracks cost, and most
companies tend to undercount and underreport.''
He said the $7.6 billion figure represented lost productivity and
repair costs reported by the company. The 1998 figure of about
$1.5 billion also included ''intrusions'' to corporate systems,
in addition to general virus attacks. Erbschloe said this year's
high profile attacks by the ExploreZip worm, which erased
computer files and caused the shutdown of some corporate e-mail
systems, and the Melissa virus, which spread quickly but did not
destroy data, would only draw more attacks.
''Hackers don't like to be outdone,'' he said. ''And most
companies are underfunding their security efforts.''
------------------------------
Date: Tue, 15 Jun 1999 08:39:25 -0800
From: Jim Galasyn
Subject: File 6--FBI on offensive in 'cyber war,' raiding hackers' homes
FBI on offensive in 'cyber war,' raiding hackers' homes
June 18, 1999
Web posted at: 10:42 p.m. EDT (0242 GMT)
WASHINGTON (CNN) -- The FBI has raided at least 18 homes over the
past month in response to computer hackers who have vowed to
vandalize every federal government Web site.
"I would definitely rather be sitting at a computer right now,"
said a 19-year-old who cofounded a hacker group called Global
Hell, or "gH". The shelves and sockets in his apartment are now
bare following an FBI raid.
Global Hell was the name splashed on the official Web site of the
White House after it was hacked in May.
((snip))
The FBI says it pursues hacker cases to discourage kids from
turning to more serious computer crimes.
"We've had lots of cases where the same techniques were used to
steal credit card information where the hackers can then go and
use the credit cards to purchase goods," said FBI agent Michael
Vatis.
Hacking into Web sites is a felony that carries a maximum
punishment of five years in jail and a $250,000 fine.
Science Correspondent Ann Kellan contributed to this report.
------------------------------
Date: Wed, 7 Jul 1999 23:22:12 -0600 (MDT)
From: The SANS Institute
Subject: File 7--SANS NewsBites Vol. 1 Num. 15
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 1, Number 15 July 7, 1999
Editorial Team:
Kathy Bradford, Bill Murray, Alan Paller, Howard Schmidt, Eugene Schultz
*************************************************************************
6 July 1999: SETI Website Suffers ALF Attack
5 July 1999: Federal CIOs Revamp Approach to Security
2 July 1999: ACLU Cites the Commerce Clause in Michigan Case
2 July 1999: Reading the Fine Print: Yahoo Inadvertently Threatens Content
Copyright
2 July 1999: Tech Exports Loosened
2 July 1999: Network Solutions Attacked
2 July 1999: Crackers Take Aim at Domain Name Sites
2 July 1999: Y2K Ready for Clinton's Nod
2 July 1999: Asian Microsoft Software Susceptible to "July Killer" Virus
1 July 1999: PacketStorm Shut Down Amid Fear of Libel Suit
1 July 1999: Cracker Bill Resurrected
1 July 1999: UK Businessman's American Websites Subject to UK Jurisdiction
30 June 1999: New Australian Law Requires ISPs to Remove Objectionable Content
30 June 1999: PC Tracking Program Will Help Recover Stolen Machines
29 June 1999: Security Breach Attempted at the Defense Department
29 June 1999: OMB Wants to Know About Security
29 June 1999: GO Network Jumps on Privacy Bandwagon
29 June 1999: DIRT
29 June 1999: Home Shopping Network to Launch Voice Recognition System
29 June 1999: Email Exposed?
29 June 1999: UK Businesses Say No to PKI in its Present State
29 June 1999: Privacy Groups Protest Abacus-DoubleClick Merger
29 June 1999: More Government Computer Attacks
28 June 1999: GSA Wants New Tools
*************************************************************************
SANS NEWS: Securing Linux Step-by-Step Outline Ready for Review
Securing Linux: Step-by-Step outline ready for review. If you have
substantial experience securing Linux computers, and would be
willing to participate in a new consensus research project over
the next three weeks, send email with the subject "Secure Linux" to
. An autoresponder will instantly send you the
draft outline.
*************************************************************************
6 July 1999: SETI Website Suffers ALF Attack
The extraterrestrial search website SETI@home has been hacked, according
to the BBC. The British news organization reported the project, which
uses participants' home computers to process data from radio telescopes
scanning for signs of alien life, had its home page altered for about
five hours Sunday to contain just the word "wanted" and a picture of TV
sitcom alien ALF. http://www.techweb.com/wire/story/TWB19990706S0001
5 July 1999: Federal CIOs Revamp Approach to Security
The CIO Council will shift its focus from viruses, firewalls, and crackers
to security, critical infrastructure, and privacy issues.
http://www.fcw.com/pubs/fcw/1999/0705/fcw-newsy2kside-7-5-99.html
2 July 1999: ACLU Cites the Commerce Clause in Michigan Case
In a challenge to a new Michigan law making it a crime to knowingly
transmit harmful material to minors, the ACLU is relying on the commerce
clause of the Constitution. Under this clause, states cannot pass laws
regulating things that take place entirely outside their borders, and
they cannot pass laws, which place undue burden on interstate commerce.
The ACLU has used similar arguments successfully in New York and New
Mexico.
http://www.nytimes.com/library/tech/99/07/cyber/cyberlaw/02law.html
2 July 1999: Reading the Fine Print: Yahoo Inadvertently Threatens Content
Copyright
The fine print in the terms of service agreement Yahoo posted to GeoCities
(a web page hosting service) members last week seemed to indicate that
Yahoo held the copyright for all their site content. Angry members
emailed Yahoo. The company issued a clarifying statement saying it
never intended to usurp content copyright. Other web page hosting
services have similar clauses in their terms of service agreements.
Yahoo purchased GeoCities in January of this year.
http://www.mercurycenter.com/cgi-bin/edtools/printpage/printpage.pl
http://www.mercurycenter.com/svtech/news/breaking/internet/docs/607068l.htm#
2 July 1999: Tech Exports Loosened
President Clinton significantly eased technology export restrictions
last week. Though Congress has six months to review the decision, most
changes are immediately effective. Computers may be freely shipped to
close US allies, while other countries have had the ceiling on Mtops
(millions of theoretical operations per second) raised from 10,000 to
20,000 before an export license is required. A third group of countries,
considered "proliferation risks", will see the limits raised to 6,500
Mtops for military use and 12,000 for civilian use.
http://www.nytimes.com/library/tech/99/07/biztech/articles/02export.html
2 July 1999: Network Solutions Attacked
Network Solutions suffered a redirect attack last week, preventing people
from accessing its sites, sending them instead to the sites of other
entities involved in the domain name game.
http://www.wired.com/news/print_version/technology/story/20567.html?wnpg=all
2 July 1999: Crackers Take Aim at Domain Name Sites
Crackers attempted to tamper with Internet directory service databases
at ICANN and Network Solutions. ICANN said that while its servers
appeared untainted, it planned on stepping up protection.
http://www.internetwk.com/story/INW19990702S0008
2 July 1999: Y2K Ready for Clinton's Nod
Both the House and the Senate have passed the Y2K bill and many are
confident that President Clinton will sign it into law, albeit with
reservations.
http://www.nytimes.com/library/tech/99/07/biztech/articles/02y2k.html
2 July 1999: Asian Microsoft Software Susceptible to "July Killer" Virus
Asian versions of Windows and Word 97 are the target of a virus that
can wipe out a user's hard drive.
http://www.news.com/News/Item/0,4,38719,00.html
1 July 1999: PacketStorm Shut Down Amid Fear of Libel Suit
The PacketStorm Security site was shut down by Harvard University, the
site's host, after AntiOnline founder John Vranesevich complained to
the University. Ken Williams, PacketStorm's webmaster, says he has lost
a great deal of his schoolwork because the plug was pulled on his site.
http://www.zdnet.com/zdnn/stories/news/0,4586,2287456,00.html
http://www.antionline.com/archives/editorials/packetstorm.html
http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-07-01&msg
=m3yah0x6ye.fsf@soma.andreas.org
1 July 1999: Cracker Bill Resurrected
The House Committee on Science has plans to reintroduce a failed bill
that would strengthen government computer security. The bill would
cover a fairly broad range of tactics including establishing computer
security undergraduate and graduate fellowships, requiring the Computer
System Security and Privacy Advisory Board to make formal recommendations
regarding security, and reviewing PKI issues.
http://www.newsbytes.com/pubNews/132832.html
http://www.news.com/News/Item/0,4,38672,00.html
1 July 1999: UK Businessman's American Websites Subject to UK Jurisdiction
A British judge ruled last week that the content of American pornographic
websites run by a UK businessman come under the jurisdiction of British
courts because the material used on the sites was created in the UK and
was downloaded by police in the UK.
http://news.bbc.co.uk/low/english/sci/tech/newsid_382000/382152.stm
30 June 1999: New Australian Law Requires ISPs to Remove Objectionable Content
The Australian government passed a law requiring ISPs to remove
objectionable content or be fined as much as $18,000(US). Under the
new law, ISPs also must block overseas sites containing offensive content.
Many Australians are dismayed over the passage of the law, not only
because they feel free speech has taken a blow, but because they feel
it may undermine Australia's economy.
http://www.nytimes.com/library/tech/99/07/cyber/articles/01australia.html
30 June 1999: PC Tracking Program Will Help Recover Stolen Machines
A new program will allow users to register their computer and software
serial numbers so that if a machine is stolen, it will send a tracking
beacon when it goes online.
http://www.antionline.com/cgi-bin/News?type=antionline&date=06-28-1999&story=pho
ne.news
29 June 1999: Security Breach Attempted at the Defense Department
An employee of the Defense Threat Reduction Agency is being investigated
for attempting to access a coworker's computer system without
authorization. The individual was denied access to the system.
http://dailynews.yahoo.com/headlines/ap/washington/story.html?s=v/ap/19990629/pl
/defense_investigation_2.html
29 June 1999: OMB Wants to Know About Security
The Office of Management and Budget (OMB) wants federal agencies to
review and report on their computer security practices and policies
within 90 days.
http://www.fcw.com/pubs/fcw/1999/0628/web-letter-6-29-99.html
29 June 1999: GO Network Jumps on Privacy Bandwagon
The Go Network and its member sites (including Disney.com, ABC.com, and
ESPN.com) have joined the growing ranks of companies that won't advertise
on or accept advertising from sites that don't post clear privacy
policies. http://www.news.com/News/Item/0,4,38525,00.html
29 June 1999: DIRT
A program known as DIRT (Data Interception by Remote Transmission),
available only to the government and law enforcement agencies, enables
investigators to monitor and gain control of online PCs that use Windows.
The trick is to get the suspects to unwittingly download the necessary
Trojan horse program, which, when installed, records the user's keystrokes
and sends logs of activity back to investigators. Although agencies
must have a wiretap search warrant before they can use this technology,
privacy advocates say that the surveillance oversteps the boundaries of
monitoring communications and violates the Fourth Amendment.
http://www.pcworld.com/shared/printable_articles/0,1440,11614,00.html
29 June 1999: Home Shopping Network to Launch Voice Recognition System
Frequent customers of the Home Shopping Network will soon be recognized
by their voices and won't have to use passwords or PINs (Personal
Identification Numbers). The system should be quite secure, as tape
recording alters its "acoustic characteristics."
http://www.wired.com/news/print_version/technology/story/20460.html?wnpg=all
29 June 1999: Email Exposed?
A security hole which has since been patched may have allowed crackers
access to the private email of MailStart and MailStart Plus users.
http://www.wired.com/news/print_version/technology/story/20481.html?wnpg=all
29 June 1999: UK Businesses Say No to PKI in its Present State
UK businesses feel that PKI would work only if all entities use the same
protocol, as standards differ from one vendor to the next.
http://www.techweb.com/wire/story/TWB19990629S0014
29 June 1999: Privacy Groups Protest Abacus-DoubleClick Merger
Abacus shareholders received a letter from consumer advocates asking
for their help in halting the company's merger with DoubleClick. Privacy
advocates say that the merger would create an enormous database of
consumer activity and preferences without the consumer's consent. They
also fear that creating the database without consumer consent flies in
the face of the EU privacy directive and could impede commerce with the
European Union. Customers will probably not be asked for permission to
be included in the database, but they may opt out if they like.
http://www.news.com/News/Item/0,4,38526,00.html
29 June 1999: More Government Computer Attacks
NASA and NOAA (National Oceanic and Atmospheric Administration) were
among the latest government sites to be attacked. The home page of
NOAA's Storm Prediction Site was defaced, but officials took down the
entire site as a precaution. The Army is investigating the attack it
suffered in late June, and affirms that no sensitive information was
exposed. NOAA:
http://www.zdnet.com/filters/printerfriendly/0,6061,2286161-2,00.html
Army: http://www.news.com/News/Item/0,4,38537,00.html
28 June 1999: GSA Wants New Tools
The General Services Administration (GSA) asked industry for new tools
to aid in intrusion detection. The GSA is especially interested in
systems that can detect intrusions as they occur. The GSA would like
to have a government intrusion detection system in place by the end of
2000.
http://www.fcw.com/pubs/fcw/1999/0628/fcw-newsintrusion-6-28-99.html
== End ==
Please feel free to share this with interested parties. For a free
subscription, e-mail with the subject: Subscribe
NewsBites
Email with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add other
digests, or with any other comments.
------------------------------
Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators
Subject: File 8--Cu Digest Header Info (unchanged since 10 Jan, 1999)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send post with this in the "Subject:: line:
SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu
DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.
The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)
The mailing list is automated, so no human lies at the other end.
CuD is readily accessible from the Net:
UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
Web-accessible from: http://www.etext.org/CuD/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/
Readers wishing to auto-set their browsers to receive the
latest issue of CuD can point to:
http://www.soci.niu.edu/~cudigest/latest.html
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
------------------------------
End of Computer Underground Digest #11.32
************************************
<--">Return to the Cu Digest homepage
Page maintained by: Jim Thomas - cudigest@sun.soci.niu.edu